海运的博客

FAT32分区无权限的概念，挂载后更改文件所有用户及权限时提示Permission denied，可通过挂载时修改参数指定umask和所有用户解决。

umask=000 #以777权限挂载
uid=1000 #指定用户
gid=1000 

挂载示例：

mount -t vfat -o umask=000 /dev/sda4 /mnt/

Centos查看当前内核、Iptables版本并下载相应源码：

#https://www.haiyun.me
uname -r
2.6.18-274.el5
cd /usr/src/kernels/
wget http://www.kernel.org/pub/linux/kernel/v2.6/linux-2.6.18.tar.gz
iptables -V
iptables v1.3.5
wget http://ftp.netfilter.org/pub/iptables/iptables-1.3.5.tar.bz2

或下载Centos官方内核源码：

useradd test
su -l test
mkdir -p ~/rpmbuild/{BUILD,BUILDROOT,RPMS,SOURCES,SPECS,SRPMS}
echo '%_topdir %(echo $HOME)/rpmbuild' > ~/.rpmmacros
yum install rpm-build redhat-rpm-config unifdef
rpm -i http://vault.centos.org/5.7/os/SRPMS/kernel-2.6.18-274.el5.src.rpm
cd ~/rpmbuild/SPECS
rpmbuild -bp --target=$(uname -m) kernel.spec
cd ~/rpmbuild/BUILD/kernel*/linux*/ #源码所在目录

下载Layer7模块和规则文件：

wget http://sourceforge.net/projects/l7-filter/files/l7-filter%20kernel%20version/2.18/netfilter-layer7-v2.18.tar.gz
wget http://sourceforge.net/projects/l7-filter/files/Protocol%20definitions/2009-05-28/l7-protocols-2009-05-28.tar.gz

给内核打上Layer7补丁并编译模块：

tar zxvf linux-2.6.18.tar.gz 
tar zxvf netfilter-layer7-v2.18.tar.gz
cd linux-2.6.18
patch -p1 < ../netfilter-layer7-v2.18/for_older_kernels/kernel-2.6.18-2.6.19-layer7-2.9.patch
#查看READ文件根据内核版本选择相应的补丁
yum install -y ncurses-devel 
#安装ncurses库，编译内核需要
make oldconfig
#备份配置文件
make menuconfig
#进入内核编译选项

在以下菜单处理选择将layer7编译为模块：

Networking——Networking options--->Network packet filtering (replaces ipchains)--->Layer 7 match support (EXPERIMENTAL) 

编译内核模块：

#https://www.haiyun.me
make prepare
make modules_prepare
#创建外部模块所需文件，后续可直接编译指定模块
make M=net/ipv4/netfilter/
#仅编译防火墙相关模块

复制编译的layer7.ko模块至系统：

strip --strip-debug net/ipv4/netfilter/ipt_layer7.ko
cp net/ipv4/netfilter/ipt_layer7.ko /lib/modules/2.6.18-274.el5/kernel/net/ipv4/netfilter/
chmod 744 /lib/modules/2.6.18-274.el5/kernel/net/ipv4/netfilter/ipt_layer7.ko 
depmod -a

编译安装Iptables layer7模块：

tar jxvf iptables-1.3.5.tar.bz2 
cd iptables-1.3.5
patch -p1 < ../netfilter-layer7-v2.18/iptables-1.3-for-kernel-pre2.6.20-layer7-2.18.patch 
#给iptables打上layer7补丁，阅读README根据内核及Iptables版本选择相应的补丁
chmod +x extensions/.layer7-test 
make KERNEL_DIR=/usr/src/kernels/linux-2.6.18
make install KERNEL_DIR=/usr/src/kernels/linux-2.6.18

安装Layer7示例脚本：

tar -zxvf l7-protocols-2009-05-28.tar.gz
cd l7-protocols-2009-05-28
make install

应用示例：

modprobe ipt_layer7
/usr/local/sbin/iptables -A FORWARD -m layer7 --l7proto qq -j DROP 

Linux服务器当访问文件或目录的时候会同步更新atime，如果服务器业务较大会给磁盘带来很大的负担，可以修改挂载参数不写入访问时间。

cat /etc/fstab
/dev/VolGroup00/LogVol00 /                       ext3    defaults,noatime,nodiratime        1 1

重新挂载磁盘分区：

mount -o remount /

查看当前挂载参数：

 mount
/dev/mapper/VolGroup00-LogVol00 on / type ext3 (rw,noatime,nodiratime)

安装编译环境及组件：

yum -y install gcc gcc-c++ make autoconf libjpeg libjpeg-devel libpng libpng-devel freetype freetype-devel \
libxml2 libxml2-devel zlib zlib-devel glibc glibc-devel glib2 glib2-devel bzip2 bzip2-devel ncurses ncurses-devel \
curl curl-devel e2fsprogs e2fsprogs-devel krb5 krb5-devel libidn libidn-devel openssl openssl-devel patch unzip vim-enhanced
wget http://sourceforge.net/projects/mcrypt/files/Libmcrypt/2.5.8/libmcrypt-2.5.8.tar.gz
tar zxvf libmcrypt-2.5.8.tar.gz
cd libmcrypt-2.5.8
./configure
make
make install
cd ../
wget http://ftp.gnu.org/pub/gnu/libiconv/libiconv-1.14.tar.gz
tar zxvf libiconv-1.14.tar.gz
cd libiconv-1.14
./configure
make
make install
cd ..
wget http://nchc.dl.sourceforge.net/project/mhash/mhash/0.9.9.9/mhash-0.9.9.9.tar.gz
tar zxvf mhash-0.9.9.9.tar.gz
cd mhash-0.9.9.9
./configure
make
make install
cd ..
ldconfig
wget http://nchc.dl.sourceforge.net/project/mcrypt/MCrypt/2.6.8/mcrypt-2.6.8.tar.gz
tar zxvf mcrypt-2.6.8.tar.gz
cd mcrypt-2.6.8
./configure
make
make install
cd ../

Mysql安装：

wget http://ftp.jaist.ac.jp/pub/mysql/Downloads/MySQL-5.1/mysql-5.1.63.tar.gz
tar zxvf mysql-5.1.63.tar.gz
cd mysql-5.1.63
./configure --prefix=/usr/local/mysql \
--without-debug \
--with-unix-socket-path=/tmp/mysql.sock \
--with-mysqld-ldflags=-all-static \
--with-charset=utf8 \
--with-extra-charsets=gbk,gb2312 \
--with-big-tables \
--with-readline \
--enable-local-infile \
--enable-assembler \
--enable-thread-safe-client 
make
make install
cp support-files/my-medium.cnf /etc/my.cnf
cp support-files/mysql.server /etc/init.d/mysqld
chmod 755 /etc/init.d/mysqld
chkconfig --level 3 mysqld on
useradd -s /sbin/nologin -M mysql
/usr/local/mysql/bin/mysql_install_db --user=mysql
ln -s /usr/local/mysql/bin/mysql /usr/bin/mysql
ln -s /usr/local/mysql/bin/mysqldump /usr/bin/mysqldump
ln -s /usr/local/mysql/bin/myisamchk /usr/bin/myisamchk
/etc/init.d/mysqld start
/usr/local/mysql/bin/mysqladmin -u root password "password"
cd ../

PHP安装：

wget http://cn.php.net/distributions/php-5.2.17.tar.gz
wget http://php-fpm.org/downloads/php-5.2.17-fpm-0.5.14.diff.gz
tar zxvf php-5.2.17.tar.gz
gzip -cd php-5.2.17-fpm-0.5.14.diff.gz | patch -d php-5.2.17 -p1
cd php-5.2.17/            
wget --no-check-certificate https://raw.github.com/laruence/laruence.github.com/master/php-5.2-max-input-vars/php-5.2.17-max-input-vars.patch
patch -p1 < php-5.2.17-max-input-vars.patch
./configure --prefix=/usr/local/php  \
--with-mysql=/usr/local/mysql \
--with-mysqli=/usr/local/mysql/bin/mysql_config \
--enable-inline-optimization \
--disable-debug \
--enable-fastcgi \
--enable-fpm \
--enable-xml \
--enable-sockets \
--enable-zip \
--enable-mbstring \
--enable-gd-native-ttf \
--with-iconv-dir \
--with-freetype-dir \
--with-jpeg-dir \
--with-png-dir \
--with-zlib \
--with-libxml-dir \
--with-mcrypt \
--with-gd \
--with-openssl \
--with-mhash \
--with-xmlrpc \
--with-curl 
make ZEND_EXTRA_LIBS='-liconv'
make install
cp php.ini-recommended /usr/local/php/etc/php.ini
cp /usr/local/php/sbin/php-fpm /etc/init.d/
chmod 755 /etc/init.d/php-fpm
sed -i '1a # chkconfig: 345 85 15' /etc/init.d/php-fpm
chkconfig --level 3 php-fpm on
/etc/init.d/php-fpm start
ln -s /usr/local/php/bin/php /usr/bin/php
ln -s /usr/local/php/bin/phpize /usr/bin/phpize
ln -s /usr/local/php/sbin/php-fpm /usr/bin/php-fpm
cd ../

Nginx安装：

wget http://sourceforge.net/projects/pcre/files/pcre/8.30/pcre-8.30.tar.gz
tar zxvf pcre-8.30.tar.gz 
cd pcre-8.30
./configure 
make
make install
ln -s /usr/local/lib/libpcre.so.1 /lib/libpcre.so.1
ln -s /usr/local/lib/libpcre.so.1.0.0 /lib/libpcre.so.1.0.0
cd ../
useradd -s /sbin/nologin -M www
wget http://nginx.org/download/nginx-1.0.15.tar.gz
tar zxvf nginx-1.0.15.tar.gz
cd nginx-1.0.15
./configure --user=www --group=www --prefix=/usr/local/nginx --with-http_stub_status_module --with-http_ssl_module
make 
make install

安装编译环境及组件：

#https://www.haiyun.me
yum -y install gcc gcc-c++ make autoconf libjpeg libjpeg-devel libpng libpng-devel freetype freetype-devel \
libxml2 libxml2-devel zlib zlib-devel glibc glibc-devel glib2 glib2-devel bzip2 bzip2-devel ncurses ncurses-devel \
curl curl-devel e2fsprogs e2fsprogs-devel krb5 krb5-devel libidn libidn-devel openssl openssl-devel patch unzip vim-enhanced libtool-ltdl-devel libtool
wget http://sourceforge.net/projects/mcrypt/files/Libmcrypt/2.5.8/libmcrypt-2.5.8.tar.gz
tar zxvf libmcrypt-2.5.8.tar.gz
cd libmcrypt-2.5.8
./configure
make
make install
cd ../
wget http://ftp.gnu.org/pub/gnu/libiconv/libiconv-1.14.tar.gz
tar zxvf libiconv-1.14.tar.gz
cd libiconv-1.14
./configure
make
make install
cd ../
wget http://nchc.dl.sourceforge.net/project/mhash/mhash/0.9.9.9/mhash-0.9.9.9.tar.gz
tar zxvf mhash-0.9.9.9.tar.gz
cd mhash-0.9.9.9
./configure
make
make install
cd ../
ldconfig
wget http://nchc.dl.sourceforge.net/project/mcrypt/MCrypt/2.6.8/mcrypt-2.6.8.tar.gz
tar zxvf mcrypt-2.6.8.tar.gz
cd mcrypt-2.6.8
./configure
make
make install
cd ../

安装Apache2.22：

wget http://labs.renren.com/apache-mirror/httpd/httpd-2.2.22.tar.gz
tar zxvf httpd-2.2.22.tar.gz
cd httpd-2.2.22
#./configure --prefix=/usr/local/httpd --enable-so --enable-mods-shared=most
#动态编译大部分常用模块
./configure --prefix=/usr/local/httpd \
--sysconfdir=/etc/httpd \
--enable-so \
--enable-ssl  \
--enable-rewrite \
--enable-expires \
--enable-headers \
--enable-deflate \
--with-mpm=worker
make
make install
cp /usr/local/httpd/bin/apachectl /etc/init.d/httpd
chmod 755 /etc/init.d/httpd
sed -i '1a # chkconfig: 345 85 15' /etc/init.d/httpd
/etc/init.d/httpd start
chkconfig --level 3 httpd on
cd ../

安装Mysql5.1.63：

wget http://ftp.jaist.ac.jp/pub/mysql/Downloads/MySQL-5.1/mysql-5.1.63.tar.gz
tar zxvf mysql-5.1.63.tar.gz
cd mysql-5.1.63
./configure --prefix=/usr/local/mysql \
--without-debug \
--with-unix-socket-path=/tmp/mysql.sock \
--with-mysqld-ldflags=-all-static \
--with-charset=utf8 \
--with-extra-charsets=gbk,gb2312 \
--with-big-tables \
--with-readline \
--enable-local-infile \
--enable-assembler \
--enable-thread-safe-client 
make
make install
cp support-files/my-medium.cnf /etc/my.cnf
cp support-files/mysql.server /etc/init.d/mysqld
chmod 755 /etc/init.d/mysqld
chkconfig --level 3 mysqld on
useradd -s /sbin/nologin -M mysql
/usr/local/mysql/bin/mysql_install_db --user=mysql
ln -s /usr/local/mysql/bin/mysql /usr/bin/mysql
ln -s /usr/local/mysql/bin/mysqldump /usr/bin/mysqldump
ln -s /usr/local/mysql/bin/myisamchk /usr/bin/myisamchk
/etc/init.d/mysqld start
/usr/local/mysql/bin/mysqladmin -u root password "password"
cd ../

安装PHP5.3.13：

wget http://cn.php.net/distributions/php-5.3.13.tar.gz
tar zxvf php-5.3.13.tar.gz
cd php-5.3.13
./configure --prefix=/usr/local/php  \
--with-apxs2=/usr/local/httpd/bin/apxs \
--with-mysql=/usr/local/mysql \
--with-mysqli=/usr/local/mysql/bin/mysql_config \
--disable-debug \
--with-iconv-dir \
--with-freetype-dir \
--with-jpeg-dir \
--with-png-dir \
--with-zlib \
--with-libxml-dir \
--with-mcrypt \
--with-gd \
--with-openssl \
--with-mhash \
--with-xmlrpc \
--with-curl \
--enable-inline-optimization \
--enable-xml \
--enable-mbstring \
--enable-gd-native-ttf \
--enable-sockets \
--enable-zip 
make ZEND_EXTRA_LIBS='-liconv'
make install
cp php.ini-production /usr/local/php/etc/php.ini
ln -s /usr/local/php/bin/php /usr/bin/php
ln -s /usr/local/php/bin/phpize /usr/bin/phpize
cd ../

配置Apache支持PHP程序：

cat >>/etc/httpd/httpd.conf <<EOF
AddType application/x-httpd-php .php
AddType application/x-httpd-source-php .phps
EOF
sed -i 's/index.html/index.html index.php/g' /etc/httpd/httpd.conf
/etc/init.d/httpd restart

测试PHP：

cat >> /usr/local/httpd/htdocs/phpinfo.php <<EOF
<?php  
phpinfo();  
?> 
EOF