# 安裝 suphp cd .. wget http://www.suphp.org/download/suphp-0.7.1.tar.gz tar zxvf suphp-0.7.1.tar.gz cd suphp-0.7.1 ./configure --prefix=/usr/local/suphp --with-apxs=/usr/local/apache-2.2/bin/apxs --with-apr=/usr/local/apache-2.2/bin/apr-1-config --with-setid-mode=paranoid --with-apache-user=www --with-logfile=/usr/local/suphp/log make -j 4 make install mkdir /usr/local/suphp/{log,etc} cp doc/suphp.conf-example /usr/local/suphp/etc/suphp.conf
# 安裝 suhosin cd .. wget https://github.com/stefanesser/suhosin/tarball/master -O suhosin-latest.tar.gz tar zxvf suhosin-latest.tar.gz cd stefanesser-suhosin-* /usr/local/php-5.3/bin/phpize ./configure --with-php-config=/usr/local/php-5.3/bin/php-config make -j 4 make install
# 安裝 xcache cd .. wget http://xcache.lighttpd.net/pub/Releases/3.0.1/xcache-3.0.1.tar.gz tar zxvf xcache-3.0.1.tar.gz cd xcache-3.0.1 ./configure --enable-xcache --with-php-config=/usr/local/php-5.3/bin/php-config make -j 4 make install
# 修改 Apache 設定檔 vim /usr/local/apache-2.2/conf/httpd.conf
User www Group www ServerName Your_IP:80 LoadModule php5_module modules/libphp5.so #AddType application/x-httpd-php .php LoadModule suphp_module modules/mod_suphp.so suPHP_Engine on suPHP_ConfigPath /usr/local/php-5.3/lib suPHP_AddHandler x-httpd-php AddHandler x-httpd-php .php Include conf/extra/httpd-vhosts.conf Order allow,deny Allow from all DirectoryIndex index.html index.php index.cgi index.pl vim /usr/local/apache-2.2/conf/extra/httpd-vhosts.conf
<VirtualHost *:80> DocumentRoot "/home/user/sub.domain.com/public_html" ServerName sub.domain.com ErrorLog "logs/sub.domain.com-error_log" CustomLog "logs/sub.domain.com-access_log" common <Directory "/home/user/domain.com/public_html"> suPHP_UserGroup user group </Directory> #<Directory "/home/user/domain.com/public_html/cacti"> # suPHP_Engine Off # RemoveHandler .php # AddType application/x-httpd-php .php #</Directory> </VirtualHost> mkdir -p /home/user/sub.comain.com/public_html chown -Rf user:group /home/user /usr/local/apache-2.2/bin/apachectl restart
# 安裝 ProFTPD cd .. groupadd ftp && useradd ftp -g mysql -s /sbin/nologin wget ftp://ftp.proftpd.org/distrib/source/proftpd-1.3.4b.tar.gz tar zxvf proftpd-1.3.4b.tar.gz cd proftpd-1.3.4b ./configure --prefix=/usr/local/proftpd-1.3 --enable-openssl make -j 8 make install
# 編輯 ProFTPD 的設定 vim /usr/local/proftpd-1.3/etc/proftpd.conf
User ftp Group ftp DefaultRoot ~ RequireValidShell off DelayEngine off RootLogin off IdentLookups off UseReverseDNS off ServerIdent off PassivePorts 60000 65535 AllowStoreRestart on AllowRetrieveRestart on AllowForeignAddress on RequireValidShell off
# 處理 iptables vim /etc/iptables.test.rules
*filter -F -A INPUT -i lo -j ACCEPT -A INPUT ! -i lo -d 127.0.0.0/8 -j REJECT -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT -A OUTPUT -j ACCEPT # HTTP HTTPS -A INPUT -p tcp --dport 80 -j ACCEPT -A INPUT -p tcp --dport 443 -j ACCEPT # SSH -A INPUT -p tcp -m state --state NEW --dport 3333 -j ACCEPT # FTP -A INPUT -p tcp --dport 21 -j ACCEPT -A INPUT -p tcp --dport 60000:65535 -j ACCEPT # Support ping -A INPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT # Reject all other inbound: -A INPUT -j REJECT -A FORWARD -j REJECT COMMIT