1 เมษายน 2554 › 2013 › 05 › ...ลําดับที่ 3). update ports tree...

การตดตง WebServer โดยใช FreeBSD 8.2 Rev001: Apr 1,2011

การตดตง WebServer โดยใช FreeBSD 8.2 โดย เสรมพนธ นตยนรา

§ การตดต ง WebServer โดยใช FreeBSD 8.2 §

กรณศกษา www.mu-ph.org

โดย เสรมพนธ นตยนรา Email: [email protected]

1 เมษายน 2554 [** Rev01 : Apr 01,2011 **]

* * * * * * * * * Objective: ตองการทา WebServer ของ องคกร ใหทกฝายในองคกรม WebSite ใชงาน โดยใหเนอทฝายละ 1 GBytes Specifications ของเครองทใช www# dmesg Copyright (c) 1992-2011 The FreeBSD Project. Copyright (c) 1979, 1980, 1983, 1986, 1988, 1989, 1991, 1992, 1993, 1994 The Regents of the University of California. All rights reserved. FreeBSD is a registered trademark of The FreeBSD Foundation. FreeBSD 8.2-RELEASE #0: Fri Feb 18 02:24:46 UTC 2011 [email protected]:/usr/obj/usr/src/sys/GENERIC i386 Timecounter "i8254" frequency 1193182 Hz quality 0 CPU: Intel(R) Xeon(TM) CPU 2.40GHz (2392.06-MHz 686-class CPU) Origin = "GenuineIntel" Id = 0xf29 Family = f Model = 2 Stepping = 9 Features=0xbfebfbff<FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CLFLUSH,DTS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE> Features2=0x4400<CNXT-ID,xTPR> real memory = 1073741824 (1024 MB) avail memory = 1036226560 (988 MB) ACPI APIC Table: <DELL PE1600SC> FreeBSD/SMP: Multiprocessor System Detected: 4 CPUs FreeBSD/SMP: 4 package(s) x 1 core(s) cpu0 (BSP): APIC ID: 0 cpu1 (AP): APIC ID: 1 cpu2 (AP): APIC ID: 6 cpu3 (AP): APIC ID: 7 แบง partition ดงน www# df Filesystem 1K-blocks Used Avail Capacity Mounted on /dev/amrd0s1a 1012974 176512 755426 19% / devfs 1 1 0 100% /dev /dev/amrd0s1h 63488502 4 58409418 0% /backups /dev/amrd0s1g 1012974 12 931926 0% /tmp /dev/amrd0s1e 5077038 832996 3837880 18% /usr /dev/amrd0s1f 50777034 4 46714868 0% /usr/local/www /dev/amrd0s1d 15231278 278 14012498 0% /var www#

โปรแกรมทลง

1. แกไขแฟมทจาเปน 2. Compile Kernel เพอใหรองรบ Firewall และ Quota 3. Update ports tree 4. การตดตง Firewall 5. การทา Quota 6. ตดตง mysql55-server 7. ตดตง Apache22



8. ตดตง PHP52 9. ตดตง PHP52-extensions 10. ตดตง ZendOptimizer 11. ตดตง webmin 12. ตดตง phpmyadmin 13. ตดตง vsftp 14. ตดตง awstats 15. ตดตง ntp 16. ตดตง clamav 17. ตดตง lynx 18. ตดตง denyhosts 19. ตดตง zip & unzip 20. การ Backup เวบ



ลาดบท 1). แกไขแฟมทจาเปน ในการตดต งสามารถศกษาไดจาก http://bsd.psru.ac.th/microcom/micro240/install53_1.pdf http://bsd.psru.ac.th/microcom/micro240/install53_2.pdf เมอตดต ง FreeBSD 8.1 เรยบรอยแลว เรากทาการแกไขแฟมทจาเปนเบองตน ทาไดโดย login as: sermpan Copyright (c) 1980, 1983, 1986, 1988, 1990, 1991, 1993, 1994 The Regents of the University of California. All rights reserved. FreeBSD 8.2-RELEASE (GENERIC) #0: Fri Feb 18 02:24:46 UTC 2011 Welcome to FreeBSD! Before seeking technical support, please use the following resources: o Security advisories and updated errata information for all releases are at http://www.FreeBSD.org/releases/ - always consult the ERRATA section for your release first as it's updated frequently. o The Handbook and FAQ documents are at http://www.FreeBSD.org/ and, along with the mailing lists, can be searched by going to http://www.FreeBSD.org/search/. If the doc distribution has been installed, they're also available formatted in /usr/share/doc. If you still have a question or problem, please take the output of `uname -a', along with any relevant error messages, and email it as a question to the [email protected] mailing list. If you are unfamiliar with FreeBSD's directory layout, please refer to the hier(7) manual page. If you are not familiar with manual pages, type `man man'. You may also use sysinstall(8) to re-enter the installation and configuration utility. Edit /etc/motd to change this login announcement. $ su Password: เรมดวยแกแฟม /etc/motd ลบทไมจาเปนออก เหลอเพยง 4 บรรทดขางลาง แลว save www# vi /etc/motd FreeBSD 8.2-RELEASE (GENERIC) #0: Fri Feb 18 02:24:46 UTC 2011 Welcome to FreeBSD! ลาดบตอไปแกแฟม Welcome ใหลดการ Delay จาก 10 วนาท เหลอ 3 วนาท www# vi /boot/defaults/loader.conf ############################################################## ### Loader settings ######################################## ############################################################## #autoboot_delay="10" # Delay in seconds before autobooting, autoboot_delay="3" # Delay in seconds before autobooting,

และแกแฟม sshd_config เพออนญาตให User ชอ sermpan สามารถทจะ Secure Shell ไดแตเพยงผเดยว www# vi /etc/ssh/sshd_config # Authentication: AllowUsers sermpan #LoginGraceTime 2m #PermitRootLogin no #StrictModes yes #MaxAuthTries 6 #MaxSessions 10 Save แลวส ง Reload

www# /etc/rc.d/sshd reload www#



ลาดบท 2). Compile Kernel เพอใหรองรบ Firewall และ Quota

www# cd /usr/src/sys/i386/conf/ www# cp GENERIC MU-PH www# vi MU-PH ; ใหไดเปนดงน (เพมใสสวนทเปนพนสแดง) www# cat MU-PH # # GENERIC -- Generic kernel configuration file for FreeBSD/i386 # # For more information on this file, please read the handbook section on # Kernel Configuration Files: # # http://www.FreeBSD.org/doc/en_US.ISO8859-1/books/handbook/kernelconfig-config.html # # The handbook is also available locally in /usr/share/doc/handbook # if you've installed the doc distribution, otherwise always see the # FreeBSD World Wide Web server (http://www.FreeBSD.org/) for the # latest information. # # An exhaustive list of options and more detailed explanations of the # device lines is also present in the ../../conf/NOTES and NOTES files. # If you are in doubt as to the purpose or necessity of a line, check first # in NOTES. # # $FreeBSD: src/sys/i386/conf/GENERIC,v 1.474.2.15.2.1 2008/11/25 02:59:29 kensmith Exp $ cpu I486_CPU cpu I586_CPU cpu I686_CPU #ident GENERIC ident MU-PH # To statically compile in device wiring instead of /boot/device.hints #hints "GENERIC.hints" # Default places to look for devices. # Use the following to compile in values accessible to the kernel # through getenv() (or kenv(1) in userland). The format of the file # is 'variable=value', see kenv(1) # # env "GENERIC.env" makeoptions DEBUG=-g # Build kernel with gdb(1) debug symbols options SCHED_ULE # ULE scheduler options PREEMPTION # Enable kernel thread preemption options INET # InterNETworking options INET6 # IPv6 communications protocols options SCTP # Stream Control Transmission Protocol options FFS # Berkeley Fast Filesystem options SOFTUPDATES # Enable FFS soft updates support options UFS_ACL # Support for access control lists options UFS_DIRHASH # Improve performance on big directories options UFS_GJOURNAL # Enable gjournal-based UFS journaling options MD_ROOT # MD is a potential root device options NFSCLIENT # Network Filesystem Client options NFSSERVER # Network Filesystem Server options NFSLOCKD # Network Lock Manager options NFS_ROOT # NFS usable as /, requires NFSCLIENT options MSDOSFS # MSDOS Filesystem options CD9660 # ISO 9660 Filesystem options PROCFS # Process filesystem (requires PSEUDOFS) options PSEUDOFS # Pseudo-filesystem framework options GEOM_PART_GPT # GUID Partition Tables. options GEOM_LABEL # Provides labelization options COMPAT_43TTY # BSD 4.3 TTY compat (sgtty) options COMPAT_FREEBSD4 # Compatible with FreeBSD4 options COMPAT_FREEBSD5 # Compatible with FreeBSD5 options COMPAT_FREEBSD6 # Compatible with FreeBSD6 options COMPAT_FREEBSD7 # Compatible with FreeBSD7 options SCSI_DELAY=5000 # Delay (in ms) before probing SCSI options KTRACE # ktrace(1) support options STACK # stack(9) support options SYSVSHM # SYSV-style shared memory options SYSVMSG # SYSV-style message queues options SYSVSEM # SYSV-style semaphores options P1003_1B_SEMAPHORES # POSIX-style semaphores options _KPOSIX_PRIORITY_SCHEDULING # POSIX P1003_1B real-time extensions options PRINTF_BUFR_SIZE=128 # Prevent printf output being interspersed. options KBD_INSTALL_CDEV # install a CDEV entry in /dev options HWPMC_HOOKS # Necessary kernel hooks for hwpmc(4) options AUDIT # Security event auditing options MAC # TrustedBSD MAC Framework options FLOWTABLE # per-cpu routing cache



#options KDTRACE_HOOKS # Kernel DTrace hooks options INCLUDE_CONFIG_FILE # Include this file in kernel options KDB # Kernel debugger related code options KDB_TRACE # Print a stack trace for a panic # # Add Firewall & Quota to kernel # options IPFIREWALL options IPFIREWALL_FORWARD options IPFIREWALL_DEFAULT_TO_ACCEPT options IPFIREWALL_VERBOSE options IPFIREWALL_VERBOSE_LIMIT=120 options IPDIVERT options QUOTA # # End of Additional Line # . . . . . . www# pwd /usr/src/sys/i386/conf www# ll -rw-r--r-- 1 root wheel 13 Jun 20 2005 .cvsignore -rw-r--r-- 1 root wheel 598 Dec 22 00:09 DEFAULTS -rw-r--r-- 1 root wheel 13322 Dec 22 00:09 GENERIC -rw-r--r-- 1 root wheel 878 Dec 22 00:09 GENERIC.hints -rw-r--r-- 1 root wheel 13638 Apr 1 13:27 MU-PH -rw-r--r-- 1 root wheel 148 Dec 22 00:09 Makefile -rw-r--r-- 1 root wheel 31788 Dec 22 00:09 NOTES -rw-r--r-- 1 root wheel 1646 Dec 22 00:09 PAE -rw-r--r-- 1 root wheel 3487 Dec 22 00:09 XBOX -rw-r--r-- 1 root wheel 3238 Dec 22 00:09 XEN www# config MU-PH Kernel build directory is ../compile/MU-PH Don't forget to do ``make cleandepend && make depend'' www# cd ../compile/MU-PH www# make depend ; make ; make install . . . ===> zfs (install) install -o root -g wheel -m 555 zfs.ko /boot/kernel install -o root -g wheel -m 555 zfs.ko.symbols /boot/kernel ===> zlib (install) install -o root -g wheel -m 555 zlib.ko /boot/kernel install -o root -g wheel -m 555 zlib.ko.symbols /boot/kernel kldxref /boot/kernel www# รอจนกระท งทางานเสรจ ส ง Reboot www# reboot



ลาดบท 3). Update ports tree เนองจากเครอง Server ทลงอยหลง proxy และพบปญหาเกยวกบการ update ports ดวย cvsup จงไดใชวธการ portsnap โดย login as: sermpan Using keyboard-interactive authentication. Password: Last login: Fri Apr 1 13:21:14 2011 from proxy.mu-ph.org Copyright (c) 1980, 1983, 1986, 1988, 1990, 1991, 1993, 1994 The Regents of the University of California. All rights reserved. FreeBSD 8.2-RELEASE (MU-PH) #0: Fri Apr 1 13:44:08 ICT 2011 Welcome to FreeBSD! $ su Password: www# cd / www# portsnap fetch Looking up portsnap.FreeBSD.org mirrors... 5 mirrors found. Fetching public key from portsnap5.FreeBSD.org... done. Fetching snapshot tag from portsnap5.FreeBSD.org... done. Fetching snapshot metadata... done. Fetching snapshot generated at Fri Apr 1 07:04:33 ICT 2011: 6946b3eb18578a0cf2278c7ab4a1985c9a2e7e74861a3c100% of 64 MB 99 kBps 00m00s Extracting snapshot... done. Verifying snapshot integrity... done. Fetching snapshot tag from portsnap5.FreeBSD.org... done. Fetching snapshot metadata... done. Updating from Fri Apr 1 07:04:33 ICT 2011 to Fri Apr 1 14:09:58 ICT 2011. Fetching 3 metadata patches.. done. Applying metadata patches... done. Fetching 0 metadata files... done. Fetching 10 patches.....10 done. Applying patches... done. Fetching 0 new ports or files... done. www# portsnap extract . . /usr/ports/x11/yelp/ /usr/ports/x11/zenity/ Building new INDEX files... done. www# portsnap update Ports tree is already up to date. จากน นเรากแตก Distfiles82.tar ทเคยลงมาใสไวใน /usr/ports/distfiles และ tar เกบ port ทไดเอาไวเผอการลงในคราวตอๆไป www# cd / www# tar xpf /backups/Distfiles82.tar www#



ลาดบท 4). การตดตง Firewall เมอเราได Compile kernel เพอรองรบ Firewall และ Quota แลว ในลาดบตอไปกเปนเรองของการทา Firewall

Step # 1: Enabling IPFW

Open /etc/rc.conf file เพมสองบรรทดขางลางเขาไป

firewall_enable="YES" firewall_script="/backups/ipfw.rules"

Step # 2 Write a Firewall Rule Script www# vi /backups/ipfw.rules โดยมรายละเอยดดงน IPF="ipfw -q add" ipfw -q -f flush #loopback $IPF 10 allow all from any to any via em0 $IPF 20 deny all from any to 127.0.0.0/8 $IPF 30 deny all from 127.0.0.0/8 to any $IPF 40 deny tcp from any to any frag # statefull $IPF 50 check-state $IPF 60 allow tcp from any to any established $IPF 70 allow all from any to any out keep-state $IPF 80 allow icmp from any to any # open port ftp (20,21), ssh (22), mail (25) # http (80), dns (53) etc # ftp-data port=20 #$IPF 90 allow tcp from any to any 20 in #$IPF 100 allow tcp from any to any 20 out # ftp port=21 $IPF 110 allow tcp from any to any 21 in $IPF 120 allow tcp from any to any 21 out # ssh port=22 $IPF 130 allow tcp from any to any 22 in $IPF 140 allow tcp from any to any 22 out # telnet port=23 #$IPF 150 allow tcp from any to any 23 in #$IPF 160 allow tcp from any to any 23 out # smtp port=25 #$IPF 170 allow tcp from any to any 25 in #$IPF 180 allow tcp from any to any 25 out # nameserver port=42 #$IPF 190 allow tcp from any to any 42 in #$IPF 200 allow tcp from any to any 42 out # domain port=53 #$IPF 210 allow udp from any to any 53 in #$IPF 220 allow udp from any to any 53 out # tftp port=69 #$IPF 230 allow tcp from any to any 69 in #$IPF 240 allow tcp from any to any 69 out # finger port=79 #$IPF 250 allow tcp from any to any 79 in #$IPF 260 allow tcp from any to any 79 out # http port=80 $IPF 270 allow tcp from any to any 80 in $IPF 280 allow tcp from any to any 80 out # pop3 port=110 #$IPF 290 allow tcp from any to any 110 in



#$IPF 300 allow tcp from any to any 110 out # webmin port=10000 $IPF 310 allow tcp from any to any 10000 in $IPF 320 allow tcp from any to any 10000 out # deny and log everything $IPF 500 deny log all from any to any

Step # 3: Start a firewall

You can reboot the box or you could reload these rules by entering on the command line.

www# sh /backups/ipfw.rules

Task: List all the rules in sequence

Type the following command: www# ipfw list 00010 allow ip from any to any via em0 00020 deny ip from any to 127.0.0.0/8 00030 deny ip from 127.0.0.0/8 to any 00040 deny tcp from any to any frag 00050 check-state 00060 allow tcp from any to any established 00070 allow ip from any to any out keep-state 00080 allow icmp from any to any 00110 allow tcp from any to any dst-port 21 in 00120 allow tcp from any to any dst-port 21 out 00130 allow tcp from any to any dst-port 22 in 00140 allow tcp from any to any dst-port 22 out 00270 allow tcp from any to any dst-port 80 in 00280 allow tcp from any to any dst-port 80 out 00310 allow tcp from any to any dst-port 10000 in 00320 allow tcp from any to any dst-port 10000 out 00500 deny log logamount 120 ip from any to any 65535 allow ip from any to any www#

ด em0 ใหด คานเอามาจาก การใชคาส ง ifconfig เปนชอของ LanCard

และในทานองเดยวกนถาเรา Copy แฟม rc.conf จากเครองอนมาใช ใหดคาคานดวย

ในลาดบตอไปเปนการทา quota



ลาดบท 5). การทา Quota เพอเปนการควบคมใหแตละฝายในองคกรมพนทในการนาเสนอเวบหนวยงานละ 1024 Mbytes

www# cd /etc/ www# vi fstab แกทบรรทด /usr/local เพม ,userquota,groupquota หลงคาวา rw www# cat fstab # Device Mountpoint FStype Options Dump Pass# /dev/amrd0s1b none swap sw 0 0 /dev/amrd0s1a / ufs rw 1 1 /dev/amrd0s1h /backups ufs rw 2 2 /dev/amrd0s1g /tmp ufs rw 2 2 /dev/amrd0s1e /usr ufs rw 2 2 /dev/amrd0s1f /usr/local/www ufs rw,userquota,groupquota 2 2 /dev/amrd0s1d /var ufs rw 2 2 /dev/acd0 /cdrom cd9660 ro,noauto 0 0 www# ทแฟม /etc/rc.conf เพมสองบรรทดขางลางเขาไป enable_quotas="YES" check_quotas="YES" ส ง Reboot www# reboot เมอเครอง boot ขนมา ใหสงเพอให Disk Quota มผลตอการทางานทนท login as: sermpan Using keyboard-interactive authentication. Password: Last login: Fri Apr 1 14:16:45 2011 from proxy.mu-ph.org Copyright (c) 1980, 1983, 1986, 1988, 1990, 1991, 1993, 1994 The Regents of the University of California. All rights reserved. FreeBSD 8.2-RELEASE (MU-PH) #0: Fri Apr 1 13:44:08 ICT 2011 Welcome to FreeBSD! $ su Password: www# quotacheck -a www# quotaon -a www# เพม group ชอ webmaster เขาไปในระบบ โดย www# pw groupadd webmaster เพม user เขาไปในระบบ 1 คน ในทน คอ webmaster www# adduser Username: webmaster Full name: Uid (Leave empty for default): Login group [webmaster]: Login group is webmaster. Invite webmaster into other groups? []: Login class [default]: Shell (sh csh tcsh nologin) [sh]: nologin Home directory [/home/webmaster]: /usr/local/www Home directory permissions (Leave empty for default): Use password-based authentication? [yes]: Use an empty password? (yes/no) [no]: Use a random password? (yes/no) [no]: Enter password: Enter password again: Lock out the account after creation? [no]: Username : webmaster Password : ***** Full Name : Uid : 1003 Class : Groups : webmaster



Home : /usr/local/www Home Mode : Shell : /usr/sbin/nologin Locked : no OK? (yes/no): yes adduser: INFO: Successfully added (webmaster) to the user database. Add another user? (yes/no): no Goodbye! www# quota -v webmaster Disk quotas for user webmaster (uid 1003): Filesystem usage quota limit grace files quota limit grace /usr/local 18 0 0 9 0 0 www# edquota -u webmaster Quotas for user webmaster: /usr/local/www: kbytes in use: 18, limits (soft = 1000, hard = 1024) inodes in use: 9, limits (soft = 0, hard = 0) www#

ตง SoftQuota = 1000 Bytes และ HardQuota = 1024 Bytes

www# quota -v webmaster Disk quotas for user webmaster (uid 1003): Filesystem usage quota limit grace files quota limit grace /usr/local/www 18 1000 1024 9 0 0 www# ตง grace period เอาแค 7 วนโดย www# edquota -t Time units may be: days, hours, minutes, or seconds Grace period before enforcing soft limits for users: /usr/local/www: block grace period: 7 days, file grace period: 7 days ให Quota น แก User คนอนๆดวยโดย

www# edquota -p webmaster `awk -F: '$3 > 1003 {print $1}' /etc/passwd` www#

การต

การตด

ลาด เพอเป www#www# 1. แ

===>www#BUIL

(บรรท ==========> => mys. .

1. เม

.

. **** Remethe earl ****inst===>===>===>===> /usr

ตดตง WebServ

ตง WebServ

ดบท 6.) ตด

ปนการตดตง dat

# cd /usr/po# make confi

และเมอถกถามวา

> No options# make WITH_LD_OPTIMIZED

ทดทสองของ www

=> Vulnerab=> License => Found samysql-5.5.1Attempting

sql-5.5.10.t

มอถกถามวา เรอง

************

ember to runfirst time

lier version

************tall-info --> Installing> Compress> Register> SECURITY R This port servers a

r/local/libe

ver โดยใช F

ver โดยใช Fr

ดตง mysq

tabase ไวใชงา

rts/databaseg

เรอง mysql-s

to configur_CHARSET=tis6D=yes WITH_AR

w# make with

bility checkcheck disab

aved configu10.tar.gz doto fetch ft

tar.gz

ง mysql-clie

************

n mysql_upgrayou start th

n.

************quiet /usr/l

g rc.d startuing manual p

ring installaREPORT: has install

and may therexec/mysqld

FreeBSD 8.

reeBSD 8.2

l55-server

าน

es/mysql55-s

server 5.5.1

re 620 WITH_XCHRCHIVE=yes W

h อยในบรรทดเ

k disabled, dled, port haration for mesn't seem tp://ftp.fi.m

ent 5.5.10

************

ade (with thhe MySQL ser

************local/info/mup script(s)pages for myation for my

led the follefore pose a

2

2

r

server

10

HARSET=all WWITH_FEDERAT

ดยวกน)

database notas not definmysql-serverto exist in muni.cz/pub/

************

he optional rver after a

************mysql.info /) ysql-server-ysql-server-

lowing filesa remote sec

WITH_COLLATITED=yes WITH

t found ned LICENSEr-5.5.10 /usr/ports/

/mysql/Downl3% of 22

************

--datadir=<an upgrade f

************/usr/local/i

-5.5.10 -5.5.10

s which may curity risk

ION=tis620_tH_NDB=yes WI

/distfiles/.loads/MySQL-MB 97 kBp

************

<dbdir> flagfrom an

************info/dir

act as netwto the syst

hai_ci WITH_TH_COMPAT=ye

-5.5/mysql-5.ps 04m09s

*

)

*

ork em.

Rev001: Ap

โดย เสรมพนธ น

_OPENSSL=yeses install c

.5.10.tar.gz

pr 1,2011

นตยนรา Page

s clean

z

e 11



This port has installed the following startup scripts which may cause these network services to be started at boot time. /usr/local/etc/rc.d/mysql-server If there are vulnerabilities in these programs there may be a security risk to the system. FreeBSD makes no guarantee about the security of ports included in the Ports Collection. Please type 'make deinstall' to deinstall the port if this is a concern. For more information, and contact details about the security status of this software, see the following webpage: http://www.mysql.com/ ===> Cleaning for cmake-2.8.4 ===> Cleaning for mysql-client-5.5.10 ===> Cleaning for mysql-server-5.5.10 www# ให mysql ทางานทกครงเมอเปดเครอง www# vi /etc/rc.conf

เพมบรรทดตอไปนเขาไป mysql_enable="YES" save และออกจาก vi จากนนก reboot เครอง www# reboot เมอเรา reboot เครองแลว ก login เขาระบบ สงแรกทตองทาคอ ให password สาหรบการ login เพอเขา database โดย www# /usr/local/bin/mysqladmin -u root password ssssssss www# mysql -u root mysql -p Enter password: Reading table information for completion of table and column names You can turn off this feature to get a quicker startup with -A Welcome to the MySQL monitor. Commands end with ; or \g. Your MySQL connection id is 1 Server version: 5.5.10 Source distribution Copyright (c) 2000, 2010, Oracle and/or its affiliates. All rights reserved. Oracle is a registered trademark of Oracle Corporation and/or its affiliates. Other names may be trademarks of their respective owners. Type 'help;' or '\h' for help. Type '\c' to clear the current input statement. mysql> status -------------- mysql Ver 14.14 Distrib 5.5.10, for FreeBSD8.1 (i386) using 5.2 Connection id: 2 Current database: mysql Current user: root@localhost SSL: Not in use Current pager: more Using outfile: '' Using delimiter: ; Server version: 5.5.10 Source distribution Protocol version: 10 Connection: Localhost via UNIX socket Server characterset: latin1 Db characterset: latin1 Client characterset: latin1 Conn. characterset: latin1 UNIX socket: /tmp/mysql.sock Uptime: 55 sec Threads: 1 Questions: 34 Slow queries: 0 Opens: 48 Flush tables: 1 Open tables: 41 Queries per second avg: 0.618 -------------- mysql> \q Bye www#

เปนอนวา เราสามารถใชงาน mysql ไดแลว ลาดบตอไปเปนการตดตง apache22

การต

การตด

ลาด www#www# 1. แ

3. ห

5. ห

www#


ตง WebServ



และเมอถกถามวา

หนาตอไป เรอง a

หนาตอไป เรอง a

# make insta



ดตง Apach

rts/www/apacg

เรอง apache

pache

pache

all clean

FreeBSD 8.

reeBSD 8.2

he22

che22

2

2

2. ห

4. ห

6. ห

นาตอไป เรอง ap



pache

pache

pache

Rev001: Ap


pr 1,2011


e 13

การต

การตด

1.

3.

5.

. . รอซก. . To rin y Your/etchave===>===>===>===> /usr /usr/usr


ตง WebServ

เมอถกถามเรอง



คร

run apache wyour /etc/rc

r hostname mc/nsswitch te issues sta> Installing> Compress> Register> SECURITY R This port servers a

r/local/libe

This port these net

r/local/etc/r/local/etc/



perl

m4

python27

www server frc.conf. Extra

must be resolypically DNS

arting dependg rc.d startuing manual p


and may therexec/apache22

has installwork servicerc.d/apache2rc.d/htcache

FreeBSD 8.

reeBSD 8.2

rom startup,a options ca

lvable usingS or /etc/hoding on the up script(s)pages for apation for ap

led the follefore pose a2/mod_cgid.s

led the folles to be sta22 eclean

2

2

, add apachean be found

g at least 1osts or apacmodules you

) pache-2.2.17pache-2.2.17

lowing filesa remote secso

lowing startarted at boo

2.

4.

6.

e22_enable="in startup

1 mechanism che might u are using.

7_2 7_2


tup scripts ot time.




"YES" script.

in


which may c

libiconv

apr-ipv6-de

pth

ork em.

ause

Rev001: Ap


evrandom-gdb

pr 1,2011


bm-db42

e 14

การต

การตด

http===>===>===>===>===>===>===>===>===>===>===>===>===>===>===>===>===>===>===>===>===>===>www#

ให www#

เพมบ apac save แกไข www# Serv Serv save www#PerfSyntStarแลวล


ตง WebServ

If there risk to t ports inc to deinst

For more status of

p://httpd.ap> Cleaning > Cleaning > Cleaning > Cleaning > Cleaning > Cleaning > Cleaning > Cleaning > Cleaning > Cleaning > Cleaning > Cleaning > Cleaning > Cleaning > Cleaning > Cleaning > Cleaning > Cleaning > Cleaning > Cleaning > Cleaning > Cleaning #

apache ทางาน

# vi /etc/rc

บรรทดตอไปนเขา

che22_enable

e และออกจาก v

รายละเอยดบางต

# vi /usr/lo

verAdmin phs

verName www.


# /usr/localforming sanitax OK rting apacheองเขาเวบดท h



are vulnerabhe system. F

cluded in theall the port

information,f this softwapache.org/ for perl-thrfor autoconffor libtool-for expat-2.for apr-devrfor pcre-8.1for libiconvfor gdbm-1.8for m4-1.4.1for help2manfor gmake-3.for autoconffor python27for automakefor openldapfor db42-4.2for libsigsefor p5-Localfor gettext-for pth-2.0.for automakefor apache-2

นทกครงเมอเปดเค

c.conf

าไป

="YES"

vi

ตวในแฟม httpd

cal/etc/apac

[email protected]

ph.mahidol.a

vi แลวสง st

/etc/rc.d/apty check on

22. http://www.m

FreeBSD 8.

reeBSD 8.2

bilities in FreeBSD makee Ports Collt if this is

, and contacare, see the

readed-5.10.f-2.68 -2.4 .0.1_1 random-gdbm-12 v-1.13.1_1 8.3_3 16,1 n-1.39.2 .81_4 f-wrapper-207-2.7.1_1 e-1.11.1 p-client-2.42.52_5 egv-2.9 le-gettext-1-0.18.1.1 .7 e-wrapper-202.2.17_2

ครอง

d.conf

che22/httpd.

ac.th

ac.th:80 art

pache22 starapache22 co

mu-ph.org/

2

2

these progres no guaranlection. Ples a concern.

ct details ae following

.1_3

-db42-ldap24

0101119

4.25_1

1.05_3

0101119

.conf

rt onfiguration

rams there mntee about tease type 'm.

about the sewebpage:

4-mysql55-1.

n:

may be a secthe securitymake deinsta

ecurity

4.2.1.3.10

urity of ll'

Rev001: Ap


pr 1,2011


e 15

การต

การตด

ลา www#www# 1. เม

www# ===>===>===>=> p=> Aphp-รอซก. **** Make You AddTAddT ****===>===>===>===> /usr/usr/usr /usr http===>===>===>===>www#

ในแฟ

และเพ save


ตง WebServ



มอถกถามเรอง p

# make insta

> Vulnerabi> License c> Found savphp-5.2.17.tAttempting t-5.2.17.tar.คร

************

e sure index

should add

Type applicaType applica

************> Installing> Compress> Register> SECURITY R This port servers a

r/local/liber/local/bin/r/local/bin/

This port these net

r/local/etc/


For more status of

p://www.php.> Cleaning > Cleaning > Cleaning > Cleaning #

ฟม httpd.conf

พม บรรทดสแดงข




ดตง PHP52

rts/lang/phpg

php52

all clean

lity check dcheck disableved configuraar.bz2 doesno fetch httpbz2

************

x.php is part

the followin

ation/x-httpdation/x-httpd

************g rc.d startuing manual p


and may therexec/apache22php php-cgi

has installwork servicerc.d/php-fpm



information,f this softwanet/ for pkg-conffor libeventfor libxml2-for php52-5.

f ใหเพม inde

ขางบน ลงในแฟม

vi แลวสง st

FreeBSD 8.

reeBSD 8.2

2

p52

disabled, daed, port hasation for phn't seem to p://dk.php.n

************

t of your Di

ng to your A

d-php .php d-php-source

************up script(s)pages for phation for ph

led the follefore pose a2/libphp5.so

led the folles to be stam



fig-0.25_1 t-1.4.14b_2 -2.7.8_1 .2.17

ex.php ลงในบร

ม httpd.conf

art

2

2

atabase not s not definehp52-5.2.17exist in /u

net/distribu 18

************

irectoryInde

Apache confi

e .phps

************) hp52-5.2.17hp52-5.2.17

lowing filesa remote seco




รรทด Director

ดวย(ตอทายกล

found ed LICENSE

usr/ports/diutions/php-58% of 8879 k

************

ex.

iguration fi

************





ryIndex

ลมบรรทดของ Ad

istfiles/. 5.2.17.tar.bkB 47 kBps

****

ile:

****


which may c


ecurity

ddType )

z2 02m33s.

ork em.

ause

urity of ll'

Rev001: Ap


pr 1,2011


e 16

การต

การตด

www#PerfSyntStopWaitPerfSyntStar

ตอนน www#www# แลวล

ในลาด


ตง WebServ

# /usr/localforming sanitax OK pping apacheting for PIDforming sanitax OK rting apache

นระบบของเรากพร

# cd /usr/lo# echo "<?PH

องเขาเวบดท h

ดบตอไปเปนการต




22. DS: 1105. ty check on

22.

รอมทจะทดสอบ

cal/www/apacHP phpinfo();

http://www.m

ตดตง php5-ex

FreeBSD 8.

reeBSD 8.2

pache22 restapache22 co

apache22 co

php ไดโดย

che22/data ;?>" > index

mu-ph.org/ind

tensions

2

2

tart onfiguration

onfiguration

x.php

dex.php

n:

n:

Rev001: Ap


pr 1,2011


e 17

การต

การตด

ลาด www#www# 1. เ

3. เ

5. เ

www#

แลว


ตง WebServ






# make insta

กรออกเชนเคย .



ดตง PHP52

rts/lang/phpg

php52-exten

php52-exten

php52-exten

all clean

...

FreeBSD 8.

reeBSD 8.2

2-extensio

p52-extensio

nsions

nsions (ตอ)

nsions (ตอ)

2

2

ns

ons

2. เ

4. เ

มอถกถามเรอง

มอถกถามเรอง

php52-extens

php52-extens

Rev001: Ap


sions (ตอ)

sions (ตอ)

pr 1,2011


e 18

การต

การตด

1.

3.

5.

7.


ตง WebServ







curl

libssh2

php52-pcre

libxslt

FreeBSD 8.

reeBSD 8.2

2

2

2.

4.

6.

8.





c-ares-confi

ca_root_nss

php52-gd

png

Rev001: Ap


ig

s

pr 1,2011


e 19

การต

การตด

9.

11.

====================================================================================================================================


ตง WebServ



=> Generati=> Checking => Register=> Cleaning => Cleaning => Cleaning => Cleaning => Cleaning => Cleaning => Cleaning => Cleaning => Cleaning => Cleaning => Cleaning => Cleaning => Cleaning => Cleaning => Cleaning => Cleaning => Cleaning => Cleaning => Cleaning => Cleaning => Cleaning => Cleaning => Cleaning => Cleaning => Cleaning => Cleaning => Cleaning => Cleaning => Cleaning => Cleaning => Cleaning => Cleaning => Cleaning => Cleaning => Cleaning => Cleaning => Cleaning => Cleaning => Cleaning => Cleaning => Cleaning



gmp

net-snmp

ing temporarif lang/php

ring installfor php52-bfor php52-bfor php52-cfor php52-cfor php52-cfor php52-dfor php52-efor pecl-fifor php52-ffor php52-ffor php52-gfor php52-gfor php52-gfor php52-hfor php52-ifor php52-jfor php52-mfor php52-mfor php52-mfor php52-mfor php52-nfor php52-ofor php52-pfor php52-pfor pecl-pdfor php52-pfor php52-pfor php52-pfor php52-pfor php52-pfor php52-rfor php52-rfor php52-sfor php52-sfor php52-sfor php52-sfor php52-sfor php52-sfor php52-sfor php52-sfor php52-t

FreeBSD 8.

reeBSD 8.2

ry packing lp52-extensiolation for pbcmath-5.2.1bz2-5.2.17 calendar-5.2ctype-5.2.17curl-5.2.17 dom-5.2.17 exif-5.2.17 ileinfo-1.0.filter-5.2.1ftp-5.2.17 gd-5.2.17 gettext-5.2.gmp-5.2.17 hash-5.2.17 iconv-5.2.17json-5.2.17 mbstring-5.2mcrypt-5.2.1mhash-5.2.17mysql-5.2.17ncurses-5.2.openssl-5.2.pcntl-5.2.17pcre-5.2.17 dflib-2.1.8 pdo-5.2.17 pdo_sqlite-5pdo_mysql-5.posix-5.2.17pspell-5.2.1readline-5.2recode-5.2.1session-5.2.shmop-5.2.17simplexml-5.snmp-5.2.17 soap-5.2.17 sockets-5.2.spl-5.2.17 sqlite-5.2.1tidy-5.2.17

2

2

list ons already php52-extens17

2.17 7

.4 17

.17

7

2.17 17 7 7 .17 .17 7

5.2.17 .2.17 7 17 2.17 17 .17 7 .2.17

.17

17

10.

12.

installed sions-1.3_1



php52-mbstr

php52-sqlit

Rev001: Ap


ring

te

pr 1,2011


e 20



===> Cleaning for php52-tokenizer-5.2.17 ===> Cleaning for php52-xml-5.2.17 ===> Cleaning for php52-xmlreader-5.2.17 ===> Cleaning for php52-xmlwriter-5.2.17 ===> Cleaning for php52-zip-5.2.17 ===> Cleaning for php52-zlib-5.2.17 ===> Cleaning for curl-7.21.3_1 ===> Cleaning for libXpm-3.5.7 ===> Cleaning for freetype2-2.4.4 ===> Cleaning for png-1.4.5 ===> Cleaning for jpeg-8_3 ===> Cleaning for t1lib-5.1.2_1,1 ===> Cleaning for gmp-5.0.1 ===> Cleaning for libmcrypt-2.5.8 ===> Cleaning for libltdl-2.4 ===> Cleaning for mhash-0.9.9.9_1 ===> Cleaning for pdflib-7.0.4 ===> Cleaning for aspell-0.60.6_5 ===> Cleaning for recode-3.6_8 ===> Cleaning for net-snmp-5.5_4 ===> Cleaning for tidy-lib-090315.c_1 ===> Cleaning for c-ares-config-1.7.4 ===> Cleaning for libidn-1.19 ===> Cleaning for libssh2-1.2.7,2 ===> Cleaning for ca_root_nss-3.12.9 ===> Cleaning for xextproto-7.1.1 ===> Cleaning for xproto-7.0.16 ===> Cleaning for libX11-1.3.6,1 ===> Cleaning for libXext-1.1.2,1 ===> Cleaning for libXt-1.0.9 ===> Cleaning for libXaw-1.0.8,1 ===> Cleaning for dmalloc-5.5.2 ===> Cleaning for libxslt-1.1.26_2 ===> Cleaning for libxcb-1.7 ===> Cleaning for xorg-macros-1.11.0 ===> Cleaning for bigreqsproto-1.1.1 ===> Cleaning for xcmiscproto-1.2.0 ===> Cleaning for xtrans-1.2.5 ===> Cleaning for kbproto-1.0.5 ===> Cleaning for inputproto-2.0.1 ===> Cleaning for xf86bigfontproto-1.2.0 ===> Cleaning for libXau-1.0.6 ===> Cleaning for libXdmcp-1.0.3 ===> Cleaning for libSM-1.1.1_3,1 ===> Cleaning for printproto-1.0.4 ===> Cleaning for libXmu-1.1.0,1 ===> Cleaning for libXp-1.0.0,1 ===> Cleaning for libgcrypt-1.4.6 ===> Cleaning for libcheck-0.9.8 ===> Cleaning for xcb-proto-1.6 ===> Cleaning for libpthread-stubs-0.3_3 ===> Cleaning for libICE-1.0.7,1 ===> Cleaning for libgpg-error-1.10 ===> Cleaning for php52-extensions-1.3_1 www#

เมอตดตง php5-extensions เสรจแลวกมาถงขนตอนการทาให Apache รจกกบ PHP ใหเขาไปท /usr/local/etc/apache22/Includes www# cd /usr/local/etc/apache22/Includes

สรางไฟลชอ php5.conf โดยใช vi

www# vi php5.conf เพมบรรทดตอไปนเขาไป DirectoryIndex index.php AddDefaultCharset tis-620 AddType application/x-httpd-php .php AddType application/x-httpd-php-source .phps Include etc/apache22/extra/httpd-ssl.conf save และออกจาก vi สรางไฟล php.ini www# cd /usr/local/etc/ www# cp php.ini-recommended php.ini

การต

การตด

กาห defses/tm Gen www#www#Gen......e iwww#YouintWhaTheForIf ---CouStaLocOrgOrgComEma Pleto A cAn www#SigsubDivGetwww#www#

ให www# apa sav www#

ตอน

เปด


ตง WebServ

นดคาในไฟล ph

fault_charsetsion.save_pa

mp/sesstmp ด

nerate Cert ใ

# cd /usr/lo# openssl generating RSA ...........+............s 65537 (0x1# openssl reu are about tto your certiat you are abere are quiter some fieldsyou enter '.--

untry Name (2ate or Provincality Name (ganization Naganizational mmon Name (egail Address [

ease enter thbe sent with

challenge pasoptional com

# openssl x5gnature ok bject=/C=TH/Svision/CN=Comtting Private# chmod 400 #

apache ทางาน

# vi /etc/rc

ache22_enable

ve และออกจาก v

# reboot

นนระบบของเรากพ

browser แลว



hp.ini

t = "tis-610ath = "/tmp/วย

ให apache เพ

cal/etc/apacnrsa -out seprivate key

++++++ ............10001) q -new -daysto be asked ificate requbout to entee a few fiels there will.', the fiel

2 letter codnce Name (fu(eg, city) [ame (eg, comUnit Name (

g, YOUR name[]:admin@mu-

he followingh your certissword []:mympany name [

09 -in serve

ST=Korat/L=smputer/emaile key server.*

นทกครงเมอเปดเค

c.conf

e="YES"

vi แลว rebo

พรอมทจะทดสอบ

วเขาไปท http:

FreeBSD 8.

reeBSD 8.2

0" #เอาเรองห/sesstmp" #

พอใชรน HTTPS

che22/ erver.key 10y, 1024 bit

...........+

s 365 -key sto enter in

uest. er is what ilds but you l be a defauld will be l

de) [AU]:TH ull name) [S[]:sung-noenmpany) [Inte(eg, sectione) []:Comput-ph.org

g 'extra' atificate requypasswd []:MU-PH

er.csr -out

sung-noen/O=lAddress=adm

ครอง

oot เครอง

บ php ไดโดย

://www.mu-ph

2

2

มาย ; ออกดวย#เอาเครองหมาย

024 long modulu

++++++

server.key -nformation t

is called a can leave s

ult value, left blank.

Some-State]:n ernet Widgitn) []:Computter

ttributes uest

server.crt

=Rural [email protected]

h.org/index.

ย ; ออกดวยและ

us

-out server.that will be

Distinguishsome blank

:Korat

ts Pty Ltd]:ter Division

-req -signk

th Training rg

html

อยาลมไปสราง /

csr e incorporate

hed Name or a

Rural Healthn

key server.k

& Research C

tmp/sesstmp

ed

a DN.

h Training &

ey -days 365

Center/OU=Co

Rev001: Ap


ใน /tmp พรอม

& Research C

5

omputer

pr 1,2011


มกบ chmod 777

Center

e 22

7

การต

การตด

หรอ


ตง WebServ

http://www.



.mu-ph.org/i

FreeBSD 8.

reeBSD 8.2

index.php

2

2

Rev001: Ap


pr 1,2011


e 23



ลาดบท 10). ตดตง ZendOptimizer www# cd /usr/ports/devel/ZendOptimizer www# make config ===> No options to configure www# make install clean ===> Vulnerability check disabled, database not found ===> License check disabled, port has not defined LICENSE => ZendOptimizer-3.3.0a-freebsd6.0-i386.tar.gz doesn't seem to exist in /usr/ports/distfiles/. => Attempting to fetch from http://downloads.zend.com/optimizer/3.3.0a/. ZendOptimizer-3.3.0a-freebsd6.0-i386.tar.gz 9% of 9134 kB 90 kBps 01m31s . รอซกคร . ******************************************************************************** You have installed the ZendOptimizer package. Edit /usr/local/etc/php.ini and add: [Zend] zend_optimizer.optimization_level=15 zend_extension_manager.optimizer="/usr/local/lib/php/20060613/Optimizer" zend_extension_manager.optimizer_ts="/usr/local/lib/php/20060613/Optimizer_TS" zend_extension="/usr/local/lib/php/20060613/ZendExtensionManager.so" zend_extension_ts="/usr/local/lib/php/20060613/ZendExtensionManager_TS.so" NOTE: PHP should be compiled in non-debug mode (default). ******************************************************************************** ===> Registering installation for ZendOptimizer-3.3.0.a ===> Cleaning for compat6x-i386-6.4.604000.200810_3 ===> Cleaning for ZendOptimizer-3.3.0.a www#

แกแฟม /usr/local/etc/php.ini โดยเพมบรรทดสแดงขางบน หก บรรทด ททายแฟมเลย จากนนเรากสง restart apache

www# /usr/local/etc/rc.d/apache22 restart Performing sanity check on apache22 configuration: Syntax OK Stopping apache22. Waiting for PIDS: 1613. Performing sanity check on apache22 configuration: Syntax OK Starting apache22. www#



ลาดบท 11.) ตดตง webmin www# cd /usr/ports/sysutils/webmin/ www# make config ===> No options to configure www# make install clean ===> Vulnerability check disabled, database not found ===> License check disabled, port has not defined LICENSE => webmin-1.540.tar.gz doesn't seem to exist in /usr/ports/distfiles/. => Attempting to fetch http://heanet.dl.sourceforge.net/project/webadmin/webmin/1.540/webmin-1.540.tar.gz webmin-1.540.tar.gz 8% of 14 MB 173 kBps . รอซกคร . After installing Webmin for the first time you should perform the following steps as root: * Configure Webmin by running /usr/local/lib/webmin/setup.sh * Add webmin_enable="YES" to your /etc/rc.conf * Start Webmin for the first time by running /usr/local/etc/rc.d/webmin start The parameters requested by setup.sh may then be changed from within Webmin itself. ===> Installing rc.d startup script(s) ===> Registering installation for webmin-1.540 ===> Cleaning for p5-Net-SSLeay-1.36 ===> Cleaning for p5-Authen-PAM-0.16_1 ===> Cleaning for webmin-1.540 www# จากนนเขาไป setup webmin ท www# /usr/local/lib/webmin/setup.sh *********************************************************************** * Welcome to the Webmin setup script, version 1.540 * *********************************************************************** Webmin is a web-based interface that allows Unix-like operating systems and common Unix services to be easily administered. Installing Webmin in /usr/local/lib/webmin ... *********************************************************************** Webmin uses separate directories for configuration files and log files. Unless you want to run multiple versions of Webmin at the same time you can just accept the defaults. Log file directory [/var/log/webmin]: *********************************************************************** Webmin is written entirely in Perl. Please enter the full path to the Perl 5 interpreter on your system. Full path to perl (default /usr/bin/perl): Testing Perl ... Perl seems to be installed ok *********************************************************************** Operating system name: FreeBSD Operating system version: 8.2 *********************************************************************** Webmin uses its own password protected web server to provide access to the administration programs. The setup script needs to know : - What port to run the web server on. There must not be another web server already using this port. - The login name required to access the web server. - The password required to access the web server. - If the webserver should use SSL (if your system supports it). - Whether to start webmin at boot time. Web server port (default 10000): Login name (default admin): admin Login password: Password again: Use SSL (y/n): y ***********************************************************************

การต

การตด

Crea..do Crea..do Crea..do Copy..do Chan..do Runnsysl..do Enab..do www# จากน www#StarPre-www# เขาเว

จงตอ


ตง WebServ

ating web seone

ating accessone

ating start one

ying config one

nging ownersone

ning postinslog-ng: not one

bling backgrone

#

นสง Start we

# /usr/localrting webmin-loaded Webm#

บท port 100

งเรยกเปน http



rver config

control fil

and stop scr

files..

hip and perm

tall scriptsfound

round status

ebmin โดย

/etc/rc.d/wen. minCore

00 คอท http

s://www.mu-p

FreeBSD 8.

reeBSD 8.2

files..

le..

ripts..

missions ..

s ..

collection

ebmin start

p://www.mu-p

ph.org:10000

2

2

..

ph.org:10000

0 (ให Click

0 จะปรากฎ erro

ท link ทหนา

or เนองจากเราร

เวบไดเลย)

ระบวาจะเรยกใชผ

Rev001: Ap


ผาน ssl

pr 1,2011


e 26

การต

การตด

เมอเร

ทชองเพอด

เมอเร

ปญหา


ตง WebServ

รา login เขาสร

ง Search ใหใสาเนนการตอ

รา Click ท Apa

าคอ webmin ไม



ระบบ และ Clic

สคาวา apache

ache Webserv

มพบทอยของ ht

FreeBSD 8.

reeBSD 8.2

ck ท Server จ

ลงไป กดป ม Ent

ver จะปรากฏดง

ttpd.conf ให

2

2

จะสงเกตวาไมม A

ter จะพบ Ap

งขางลาง

หเรา Click ท

Apache WebSe

pache 41 ท ใ

module confi

erver

ใหเรา Click ท

iguration (เ

Column Modu

ปน Highlight

Rev001: Ap


ule ตรงท Apac

t สนาเงน)เพอดา

pr 1,2011


che Webserve

าเนนการตอ

e 27

r

การต

การตด

โดยใหและเมจากน


ตง WebServ

หเราใสเลข 22 ทมอเรา refresh นเรากสามารถทจ



ทายคาวา apach หนาจอ และ Clจะ config apa

FreeBSD 8.

reeBSD 8.2

he ลงไปใน /uslick ท Serverache ผานทาง w

2

2

sr/local/etcr กจะปรากฎ Awebmin ได (แต

c/apache22 Apache Webserตไมแนะนา)

ทงหมดในเวบหนrver ตามตองก

นาน แลวสง saveการ

Rev001: Ap


ve

pr 1,2011


e 28

การต

การตด

ลาด www#www#

www# . รอซก. phpM Plea To mthat ===>===>www# แกแฟ จากน wwv#PerfSyntStopWaitPerfSyntStar


ตง WebServ

ดบท 12.) ต# cd /usr/po# make confi

1. เมอถกถาม

# make insta

คร

MyAdmin-3.3.

/usr/local/

ase edit con

make phpMyAdt you add so

Alias /phpm

<Directory Options AllowOv

Order D Deny fr Allow f</Directory

> Register> Cleaning #

ฟม vi /usr/l

Alias /admi

<Directory Options AllowOv Order a Allow f</Directory

นเรากสง resta

# /usr/localforming sanitax OK pping apacheting for PIDforming sanitax OK rting apache



ตดตง phpmrts/databaseg

เรอง phpMyAdm

all clean

10 has been

www/phpMyAdm

nfig.inc.php

dmin availablmething like

myadmin/ "/us

"/usr/local/ none

verride Limit

Deny,Allow rom all from 127.0.0.y>

ring installafor phpMyAdm

local/etc/ap

n/phpMyAdmin

"/usr/local/ Indexes Fol

verride None allow,deny from all y>

art apache



22..

FreeBSD 8.

reeBSD 8.2

myadmin es/phpmyadmi

min

installed i

min

to suit you

le through ye the follow

sr/local/www

/www/phpMyAd

t

.1 .example.

ation for phmin-3.3.10

ache22/httpd

n/ "/usr/loc

/www/phpMyAdllowSymlinks


apache22 co

2

2

in/

into:

ur needs.

your web sitwing to http

w/phpMyAdmin

dmin/">

.com

hpMyAdmin-3.

d.conf โดยเพ

cal/www/phpM

dmin/"> s MultiViews

tart onfiguration

onfiguration

te, I suggespd.conf:

n/"

.3.10

พมบรรทดสแดงข

MyAdmin/"

s

n:

n:

st

ขางลาง สบเอด บ

บรรทด ใน Zone

Rev001: Ap


e ของ Alias

pr 1,2011


e 29

การต

การตด

www#จากนwww#www#www# เพมรห$cfg* และ เ/* A$cfg$cfg$cfg$cfg$cfg$cfg$cfg$cfg$cfg/* C$cfg จากน www#PerfSyntStopWaitPerfSyntStarwww# จากน

ในการ เรากจ


ตง WebServ

# นเขาไปท /usr/# cd /usr/lo# cp config.# vi config.

หสลบลงไป g['blowfish_

เอา // ขางหนาบAdvanced phpg['Servers']g['Servers']g['Servers']g['Servers']g['Servers']g['Servers']g['Servers']g['Servers']g['Servers']Contrib / Swg['Servers']

นเรากสง resta

# /usr/localforming sanitax OK pping apacheting for PIDforming sanitax OK rting apache#

นลองเขาเวบท

รใชงานใหใส ชอ

จะเขาสหนาเวบขอ



/local/www/pcal/www/phpMsample.inc.pinc.php

_secret'] = '

บรรทดออก pMyAdmin feat[$i]['pmadb'[$i]['bookma[$i]['relati[$i]['table_[$i]['table_[$i]['pdf_pa[$i]['column[$i]['histor[$i]['design

wekey authent[$i]['auth_s

art apache



22.

http://www

ผใช เปน root

อง phpMyAdmin

FreeBSD 8.

reeBSD 8.2

phpMyadmin MyAdmin/ php config.i

'phsecret';

tures */ '] = 'phpmyaarktable'] =ion'] = 'pma_info'] = 'p_coords'] = ages'] = 'pmn_info'] = 'ry'] = 'pma_ner_coords']tication */ swekey_confi


apache22 co

.mu-ph.org/a

และ password

n เพอจดการเกย

2

2

inc.php

/* YOU MUST

admin'; = 'pma_bookma_relation';pma_table_in'pma_table_

ma_pdf_pages'pma_column__history'; ] = 'pma_des

ig'] = '/etc

tart onfiguration

onfiguration

admin/phpMyA

d ทระบ ตอนทเรา

ยวกบ database

T FILL IN TH

mark'; ; nfo'; _coords'; s'; _info';

signer_coord

c/swekey-pma

n:

n:

Admin/

าลง mysql52-s

e แตผเขยนชอบ

HIS FOR COOK

ds';

a.conf';

server

config data

IE AUTH!

abase แบบ tex

Rev001: Ap


xt mode มากก

pr 1,2011


กวา

e 30

การต

การตด


ตง WebServ



FreeBSD 8.

reeBSD 8.2

2

2

Rev001: Ap


pr 1,2011


e 31

การต

การตด

ลาด www#www#

www# ===> /usr http===>www# เขาไป

www#www# # Ex# # Th# lo# Pl# # RE# Pl# ca# # Al#anoanon# # Un#locloca# # Un#wriwrit# # De# if#locloca# # Un# ha# ob#ano


ตง WebServ



# make insta

> SECURITY R This port servers a

r/local/libe


For more status of

p://vsftpd.b> Cleaning #

ปแกแฟม vsftp

# cd /usr/lo# vi vsftp.c

xample confi

he default coosens thinglease see vs

EAD THIS: Thlease read tapabilities.

llow anonymoonymous_enabnymous_enabl

ncomment thical_enable=Yal_enable=YE

ncomment thiite_enable=Yte_enable=YE

efault umaskf your userscal_umask=02al_umask=022

ncomment thias an effectbviously neeon_upload_en



ตดตง vsftprts/ftp/vsftg

เรอง vsftp

all clean

REPORT: has install

and may therexec/vsftpd



information,f this softwabeasts.org/ for vsftpd-s

d.conf ไดทน

cal/etc/ conf

g file /usr/

compiled in sgs up a bit, ftpd.conf.5

his example fhe vsftpd.co

us FTP? (Bewble=YES e=NO

s to allow lYES S

s to enable YES S

k for local u expect that2

s to allow t if the abovd to create

nable=YES

FreeBSD 8.

reeBSD 8.2

p tpd/




ssl-2.3.4

/local/etc/v

settings areto make thefor all com

file is NOT onf.5 manual

ware - allow

local users

any form of

users is 077t (022 is us

the anonymouve global wra directory

2

2




vsftpd.conf

e fairly pare ftp daemonmpiled in de

an exhaustil page to ge

wed by defau

to log in.

f FTP write

7. You may wsed by most

us FTP user rite enable y writable b




ranoid. Thisn more usablefaults.

ive list of et a full id

ult if you c

command.

wish to chanother ftpd'

to upload fis activate

by the FTP u



ecurity

s sample fille.

vsftpd optidea of vsftp

comment this

nge this to s)

files. This ed. Also, youser.

ork em.

urity of ll'

e

ons. d's

out).

022,

only u will

Rev001: Ap


pr 1,2011


e 32



anon_upload_enable=YES # # Uncomment this if you want the anonymous FTP user to be able to create # new directories. #anon_mkdir_write_enable=YES anon_mkdir_write_enable=YES # # Activate directory messages - messages given to remote users when they # go into a certain directory. dirmessage_enable=YES # # Activate logging of uploads/downloads. xferlog_enable=YES # # Make sure PORT transfer connections originate from port 20 (ftp-data). connect_from_port_20=YES # # If you want, you can arrange for uploaded anonymous files to be owned by # a different user. Note! Using "root" for uploaded files is not # recommended! #chown_uploads=YES #chown_username=whoever chown_uploads=YES chown_username=ftp # # You may override where the log file goes if you like. The default is shown # below. #xferlog_file=/var/log/vsftpd.log # # If you want, you can have your log file in standard ftpd xferlog format. # Note that the default log file location is /var/log/xferlog in this case. #xferlog_std_format=YES # # You may change the default value for timing out an idle session. #idle_session_timeout=600 # # You may change the default value for timing out a data connection. #data_connection_timeout=120 # # It is recommended that you define on your system a unique user which the # ftp server can use as a totally isolated and unprivileged user. #nopriv_user=ftpsecure nopriv_user=ftp # # Enable this and the server will recognise asynchronous ABOR requests. Not # recommended for security (the code is non-trivial). Not enabling it, # however, may confuse older FTP clients. #async_abor_enable=YES # # By default the server will pretend to allow ASCII mode but in fact ignore # the request. Turn on the below options to have the server actually do ASCII # mangling on files when in ASCII mode. # Beware that on some FTP servers, ASCII support allows a denial of service # attack (DoS) via the command "SIZE /big/file" in ASCII mode. vsftpd # predicted this attack and has always been safe, reporting the size of the # raw file. # ASCII mangling is a horrible feature of the protocol. #ascii_upload_enable=YES #ascii_download_enable=YES # # You may fully customise the login banner string: #ftpd_banner=Welcome to blah FTP service. ftpd_banner=Welcome to MU-PH FTP service. # # You may specify a file of disallowed anonymous e-mail addresses. Apparently # useful for combatting certain DoS attacks. #deny_email_enable=YES deny_email_enable=NO # (default follows) #banned_email_file=/etc/vsftpd.banned_emails # # You may specify an explicit list of local users to chroot() to their home # directory. If chroot_local_user is YES, then this list becomes a list of # users to NOT chroot(). chroot_local_user=YES chroot_list_enable=YES # (default follows) chroot_list_file=/usr/local/etc/vsftpd.chroot_list # # You may activate the "-R" option to the builtin ls. This is disabled by # default to avoid remote users being able to cause excessive I/O on large # sites. However, some broken FTP clients such as "ncftp" and "mirror" assume # the presence of the "-R" option, so there is a strong case for enabling it. #ls_recurse_enable=YES



# # When "listen" directive is enabled, vsftpd runs in standalone mode and # listens on IPv4 sockets. This directive cannot be used in conjunction # with the listen_ipv6 directive. listen=NO # # This directive enables listening on IPv6 sockets. To listen on IPv4 and IPv6 # sockets, you must run two copies of vsftpd whith two configuration files. # Make sure, that one of the listen options is commented !! #listen_ipv6=YES secure_chroot_dir=/usr/local/share/vsftpd/empty # If using vsftpd in standalone mode, uncomment the next two lines: # listen=YES # background=YES สรางแฟม vsftpd.chroot_list ทเดยวกบ vsftpd.conf โดยใสชอของ user ทสามารถ upload เวบได www# vi vsftpd.chroot_list webmaster แลว save หมายถง user ทช อ webmastr สามารถทจะ ftp ขน server ได นอกนนไมได จากนนแกแฟม inetd.conf www# vi /etc/inetd.conf #ftp stream tcp nowait root /usr/libexec/ftpd ftpd -l ftp stream tcp nowait root /usr/local/libexec/vsftpd vsftpd /usr/local/etc/vsftpd.conf เพม inetd_enable=”YES” ลงใน /etc/rc.conf ดวย สง reboot เขาส Server ใหมอกครง ณ ตอนน เรากใชโปรแกรมทเกยวกบ ftp กสามารถทจะ upload/Download แฟมไปมาระหวงเครองเรากบ server ได

การต

การตด

ลา www#www#

www# ****Plea # # Di# AliaAliaAliaScri # # Th# <Dir </Di **** If y If yto c Loainto Loa ****===>===>===>www# แกแฟจากน www#PerfSyntStopWaitPerfSyntStarwww#


ตง WebServ


# make insta

************ase add the

irectives to

as /awstatscas /awstatscas /awstatsiiptAlias /aw

his is to pe

rectory "/usOptions NonAllowOverriOrder allowAllow from

irectory>

************

you are upgr

you used thechange the ladPlugin="geo adPlugin="ge

************> Register> Cleaning > Cleaning #

ฟม vi /usr/lนเรากสง resta

# /usr/localforming sanitax OK pping apacheting for PIDforming sanitax OK rting apache#



ตดตง awstrts/www/awstg

1. เมอถก

all clean

************following to

o allow use o

classes "/usrcss "/usr/locicons "/usr/lwstats/ "/usr

ermit URL acc

r/local/www/ne ide None w,deny all

************

rading from A

geoip plugiine oip GEOIP_ST

oip GEOIP_ST

************ring installafor p5-Net-Xfor awstats-

local/etc/apart apache



22.

FreeBSD 8.

reeBSD 8.2

tats tats/

ถามเรอง awsta

************o your apach

of AWStats a

r/local/www/cal/www/awstlocal/www/awr/local/www/

cess to scri

/awstats/">

************

AWStats 6.4

in, you must

TANDARD"

TANDARD /pat

************ation for awXWhois-0.90_-7.0_1,1

ache22/httpd


apache22 co

2

2

ats

************he config, a

as a CGI

/awstats/clatats/css/" wstats/icons/awstats/cgi

ipts/files i

************

or older, p

t edit your

thto/GeoIP.d

************wstats-7.0_1_4

d.conf โดยเพ

tart onfiguration

onfiguration

************and restart.

asses/"

s/" i-bin/"

in AWStats d

************

please note

AWStats con

dat"

************1,1

พมบรรทดสแดงข

n:

n:

******

directory.

******

the followi

nfig file

******

ขางบน สบเจด บร

ng:

รรทด ลาง บรรทด

Rev001: Ap


ดทเราเพมเรอง p

pr 1,2011


hpMyAdmin

e 35

การต

การตด

แกไข www#www#tota-r-x-r-x-r-xdrwxdrwxdrwxwww#www# # LogT# Site# Host# Allo เขาดส

เมอเข Error: SetupCheck ใหเรา www#www#www# จากน


ตง WebServ

แฟม awstats.

# cd /usr/lo# ll al 748 xr-xr-x 1 rxr-xr-x 1 rxr-xr-x 1 rxr-xr-x 5 rxr-xr-x 2 rxr-xr-x 3 r# cp awstats# vi awstats

Type=W

eDomain="www

tAliases=" ww

owToUpdateSt

สถตไดท http

ขาแลวเรา click

Couldn't open serve

('/usr/local/www config file, permissi

า

# mkdir /var# touch /var#

นใหเรา refres



.conf โดย

cal/www/awst

root wheel root wheel root wheel root wheel root wheel root wheel .model.conf .conf

w.mu-ph.org"

ww.mu-ph.org

atsFromBrows

p://www.mu-ph

k ท update ห

er log file "/var/log/h

w/awstats/cgi-binions and AWStats d

r/log/httpd r/log/httpd/m

sh หนาเวบ กจะไ

FreeBSD 8.

reeBSD 8.2

tats/cgi-bin

7126 Apr 61638 Apr 657786 Apr 1536 Apr 512 Apr 1024 Apr awstats.con

g localhost

ser=1

h.org/awstat

รอ ปรบปรงเดยวน

ttpd/mylog.log" : N

n/awstats.conf' filocumentation (in 'do

mylog.log

ไดตามตองการ

2

2

n/

2 05:37 aw 2 05:37 aw 2 05:37 aw 2 05:37 la 2 05:37 li 2 05:37 pl

nf

127.0.0.1 RE

ts/awstats.p

น ถาพบ error

o such file or directo

le, web server or pocs' directory).

wredir.pl wstats.modelwstats.pl ang ib lugins

REGEX[myserve

pl

r บนหนาเวบวา

ory

permissions) may

l.conf

er\.com$]"

be wrong.

Rev001: Ap


pr 1,2011


e 36

การต

การตด

เมอ c


ตง WebServ

click ทปรบปรง



งเดยวน กจะได

FreeBSD 8.

reeBSD 8.2

2

2

Rev001: Ap


pr 1,2011


e 37

การต

การตด

ลาด www#www#

www# ===> /usr/usr/usr http===>www# ใส Nwww# 0 5 หรอส www#Sat www#datewww#Sat www#


ตง WebServ



# make insta


r/local/bin/r/local/bin/r/local/bin/


For more status of

p://www.ntp.> Cleaning #

NTP ท crontab# crontab –e

* * * /usr/

สง update เวลา

# date Apr 2 05:5

# /usr/locale 2 Apr 05:5# date Apr 2 05:5

#



ตดตง ntp rts/net/ntp g

เรอง ntp

all clean

REPORT: has install

and may therentpd ntpdate sntp



information,f this softwaorg/ for ntp-4.2.

b โดย

local/bin/nt

าตอนนเลยโดย

3:35 ICT 201l/bin/ntpdate3:41 ntpdate

3:42 ICT 201

FreeBSD 8.

reeBSD 8.2




.6p2

tpdate –u 20

11 e -u 203.185e[25373]: st

11

2

2




03.185.69.60

5.69.60 tep time ser




0

rver 203.185



ecurity

5.69.60 offs

ork em.

urity of ll'

et -3.412298

Rev001: Ap


8 sec

pr 1,2011


e 38

การต

การตด

ลาด www#www#

www#

===> /usr /usr/usr/usr http===>===>===>===>===>===>www# เพมส clamclam แกไข


ตง WebServ

บท 16). ตด



# make insta



r/local/sbin

This port these net

r/local/etc/r/local/etc/r/local/etc/


For more status of

p://www.clam> Cleaning > Cleaning > Cleaning > Cleaning > Cleaning > Cleaning #

องบรรทดขางลาง

mav_clamd_enmav_freshcla

แฟม /usr/lo



ตง clamav

rts/securityg

เรอง clamav

all clean

เรอง llvm

REPORT: has install

and may theren/clamd

has installwork servicerc.d/clamav-rc.d/clamav-rc.d/clamav-



information,f this softwamav.net/ for llvm-2.8for arc-5.21for arj-3.10for lha-1.14for unzoo-4.for clamav-0

งลงไปใน /etc/

nable="YES" am_enable="YE

ocal/etc/clam

FreeBSD 8.

reeBSD 8.2

y/clamav


led the folles to be sta-milter -freshclam -clamd



8_3 1o_1 0.22_4 4i_6 .4_2 0.97

/rc.conf

ES"

md.conf โดย

2

2





ยท






which may c


ecurity

ork em.

ause

urity of ll'

Rev001: Ap


pr 1,2011


e 39



LogFile /var/log/clamav/clamd.log PidFile /var/run/clamav/clamd.pid TemporaryDirectory /var/tmp DatabaseDirectory /var/db/clamav LocalSocket /var/run/clamav/ clamd.sock FixStaleSocket yes User clamav AllowSupplementaryGroups yes ScanPE yes ScanOLE2 yes ScanPDF yes ScanHTML yes ScanArchive yes แกไขแฟม /usr/local/etc/freshclam.conf โดยท # Uncomment the following line and replace XY with your country # code. See http://www.iana.org/cctld/cctld-whois.htm for the full list. #DatabaseMirror db.XY.clamav.net DatabaseMirror db.TH.clamav.net ท crontab –e ใหเพม การไปปรบปรงขอมล Virus จาก site ของ clamav ทกๆชวโมงสองนาท และ ให scan ทเกบ web ทกๆตหนงของทกๆวน www# crontab –e 0 6 * * * /sbin/reboot 0 5 * * * /usr/local/bin/ntpdate -u 203.185.69.60 2 * * * * /usr/local/bin/freshclam –quiet 0 1 * * * /usr/local/bin/clamscan -r -i /usr/local/www 10 11 * * * /etc/webmin/cron/tempdelete.pl สงให Clamav ทางานกอน กอนทจะ update โดย www# /usr/local/etc/rc.d/clamav-freshclam start Starting clamav_freshclam. www# /usr/local/etc/rc.d/clamav-clamd start Starting clamav_clamd. LibClamAV Warning: ************************************************** LibClamAV Warning: *** The virus database is older than 7 days! *** LibClamAV Warning: *** Please update it as soon as possible. *** LibClamAV Warning: ************************************************** www# การสงให clamav ทาการ update ตวเอง www# /usr/local/bin/freshclam ClamAV update process started at Sat Apr 2 06:40:05 2011 main.cvd is up to date (version: 53, sigs: 846214, f-level: 53, builder: sven) daily.cvd is up to date (version: 12940, sigs: 93187, f-level: 60, builder: ccordes) bytecode.cvd is up to date (version: 142, sigs: 40, f-level: 60, builder: acab) www#

การสงให scan ท directory ทตองการโดย scan รวม sub-directory และแสดงเฉพาะ แฟมทตด virus www# /usr/local/bin/clamscan -r -i /usr/local/www ----------- SCAN SUMMARY ----------- Known viruses: 938118 Engine version: 0.97 Scanned directories: 98 Scanned files: 1833 Infected files: 0 Data scanned: 39.24 MB Data read: 17.59 MB (ratio 2.23:1) Time: 28.767 sec (0 m 28 s) www#

การต

การตด

ลาด www#www#===>www# ===> /usr http===>===>www# ลองเข www#

ถามน ผเขยน


ตง WebServ

ดบท 17).ตด

# cd /usr/po# make confi> No options# make insta


r/local/bin/


For more status of

p://lynx.isc> Cleaning > Cleaning #

ขา

# /usr/local

นแสดงไดดงรปขา

นเอาไวทดสอบวา



ดตง lynx

rts/www/lynxg to configur

all clean

REPORT: has install

and may therelynx



information,f this softwac.org/currentfor mime-supfor lynx-2.8

/bin/lynx ww

งบนแสดงวา It

า เครอง server

FreeBSD 8.

reeBSD 8.2

x-current

re



, and contacare, see thet/ pport-3.51.18.8d8_1

ww.mu-ph.org

works ( lyn

r ตวน สามารถอ

2

2




1

g

nx ) ทางานแ

อก internet




ลว

ไดหรอไม?



ecurity

ork em.

urity of ll'

Rev001: Ap


pr 1,2011


e 41



ลาดบท 18). ตดตง denyhosts www# cd /usr/ports/security/denyhosts www# make config ===> No options to configure www# make install clean ------------------------------------------------------------------------------- To run denyhosts from startup, add denyhosts_enable="YES" in your /etc/rc.conf. Configiration options can be found in /usr/local/etc/denyhosts.conf ------------------------------------------------------------------------------- In order to proper working of denyhosts 1. edit your /etc/hosts.allow file and add: sshd : /etc/hosts.deniedssh : deny sshd : ALL : allow 2. issue the following command if /etc/hosts.deniedssh does not exist yet touch /etc/hosts.deniedssh ------------------------------------------------------------------------------- Warning: syslogd should ideally be run with the -c option; this will ensure that denyhosts notices multiple repeated login attempts. To do this, add syslogd_flags="-c" to /etc/rc.conf ------------------------------------------------------------------------------- ===> Installing rc.d startup script(s) ===> Registering installation for denyhosts-2.6_3 ===> Cleaning for denyhosts-2.6_3 www# แกไขแฟม /etc/hosts.allow vi /etc/hosts.allow # Wrapping sshd(8) is not normally a good idea, but if you # need to do it, here's how #sshd : .evil.cracker.example.com : deny sshd : /etc/hosts.deniedssh : deny sshd : ALL : allow และสงสรางแฟม /etc/hosts.deniedssh โดยใชคาสง touch /etc/hosts.deniedssh

แกไขแฟม /usr/local/etc/denyhosts.conf SECURE_LOG = /var/log/auth.log HOSTS_DENY = /etc/hosts.allow PURGE_DENY = 7d BLOCK_SERVICE = sshd HOSTNAME_LOOKUP=YES ADMIN_EMAIL = [email protected] เพมการทางานของ denyhosts ใน crontab –e 0,20,40 * * * * /usr/local/bin/python /usr/local/bin/denyhosts.py -c /usr/local/etc/denyhosts.conf



ลาดบท 19). การตดตง zip & UNZIP www# cd /usr/ports/archivers/zip www# make config ===> No options to configure www# make install clean ===> Compressing manual pages for zip-3.0 ===> Registering installation for zip-3.0 ===> Cleaning for unzip-6.0 ===> Cleaning for zip-3.0



ลาดบท 20). การ Backup (เฉพาะ เวบ) www# cd /backups/ www# mkdir /backups/last-full www# date +%d%b > /backups/last-full/www-full-date www# mkdir /usr/local/www/util www# vi backups.sh #!/bin/sh cd /usr/local/www/util #backup database mysqldump mysql > mysql.sql --password=ssssssss #backup passwd & group cp /etc/passwd* . cp /etc/group* . cp /etc/master* . #backup conf cp /etc/rc.conf . cp /usr/local/etc/apache22/httpd.conf . CP /usr/local/etc/apache22/Includes/php5.conf . cp /usr/local/etc/php.ini . cp /etc/resolv.conf . cp /etc/ntp.conf . cp /usr/local/www/awstats/cgi-bin/awstats.conf . cp /usr/local/etc/clamd.conf . cp /usr/local/www/phpMyAdmin/config.inc.php . cp /usr/local/etc/denyhosts.conf . cp /usr/local/etc/freshclam.conf . cp /etc/inetd.conf . # Full and incremental backup script # Updated 04 July 2002 # Based on a script by Daniel O'Callaghan <[email protected]> # and modified by Gerhard Mourani <[email protected]> # Change the 5 variables below to fit your computer/backup COMPUTER=www # Name of this computer DIRECTORIES="/usr/local/www" # Directory to backup BACKUPDIR=/backups # Where to store the backups TIMEDIR=/backups/last-full # Where to store time of full backup TAR=/usr/bin/tar # Name and location of tar # You should not have to change anything below here PATH=/usr/local/bin:/usr/bin:/bin DOW=`date +%a` # Day of the week e.g. Mon DOM=`date +%d` # Date of the Month e.g. 27 DM=`date +%d%b` # Date and Month e.g. 27 Sep # On the 1st of the month a permanet full backup is made # Every Sunday a full backup is made - overwriting last Sundays backup # The rest of the time an incremental backup is made. Each incremental # backup overwrites last weeks incremental backup of the same name. # # if NEWER = "", then tar backs up all files in the directories # otherwise it backs up files newer than the NEWER date. NEWER # gets it date from the file written every Sunday. # Monthly full backup if [ $DOM = "01" ]; then NEWER="" $TAR $NEWER -cf $BACKUPDIR/$COMPUTER-$DM.tar $DIRECTORIES fi # Weekly full backup if [ $DOW = "Sun" ]; then NEWER="" NOW=`date +%d-%b` # Update full backup date echo $NOW > $TIMEDIR/$COMPUTER-full-date $TAR $NEWER -cf $BACKUPDIR/$COMPUTER-$DOW.tar $DIRECTORIES # Make incremental backup - overwrite last weeks else # Get date of last full backup NEWER="--newer `cat $TIMEDIR/$COMPUTER-full-date`" $TAR $NEWER -cf $BACKUPDIR/$COMPUTER-$DOW.tar $DIRECTORIES fi #remove passwd & group cd /usr/local/www/util rm -f passwd* rm -f group*



rm -f master* เพมคาสงใน crontab –e 0 4 * * * /backups/backups.sh เปนการทา backup ทกตสของทกวน www# ll total 298316 drwxrwxr-x 2 root operator 512 Apr 1 20:08 .snap -rw-r--r-- 1 root wheel 299815424 Apr 2 06:58 Distfiels82.tar -rwx------ 1 root wheel 2526 Apr 2 06:57 backups.sh -rwx------ 1 root wheel 58 Apr 1 14:55 chkdisk.sh -rw-r--r-- 1 root wheel 1183 Apr 1 14:45 ipfw.rules drwxr-xr-x 2 root wheel 512 Apr 1 22:19 last-full -rw-r--r-- 1 root wheel 2703872 Apr 1 22:19 www-01Apr.tar -rw-r--r-- 1 root wheel 2703872 Apr 1 22:19 www-Fri.tar www# ./backups.sh tar: Removing leading '/' from member names www# ll total 320204 drwxrwxr-x 2 root operator 512 Apr 1 20:08 .snap -rw-r--r-- 1 root wheel 299815424 Apr 2 06:58 Distfiels82.tar -rwx------ 1 root wheel 2526 Apr 2 06:57 backups.sh -rwx------ 1 root wheel 58 Apr 1 14:55 chkdisk.sh -rw-r--r-- 1 root wheel 1183 Apr 1 14:45 ipfw.rules drwxr-xr-x 2 root wheel 512 Apr 1 22:19 last-full -rw-r--r-- 1 root wheel 2703872 Apr 1 22:19 www-01Apr.tar -rw-r--r-- 1 root wheel 2703872 Apr 1 22:19 www-Fri.tar -rw-r--r-- 1 root wheel 22391808 Apr 2 06:59 www-Sat.tar www# จะเหนวามแฟม www-Sat.tar เกดขนมา สวนแฟม www-01Apr.tar และ www-Fri.tar เปนแฟมททาในวนท 1 (ของทกเดอนจะม www-01XXX.tar ออกมาดวย) ใหสงเกตวา ในวนอาทตย จะเปนการ Backup แบบ Full นอกนน จะ backup เฉพาะแฟมทมการเปลยนแปลง

ทายทสดน

หวงเปนอยางยงวา เอกสารชนน คงจะมสวนชวย ในการทา WebServer ดวย FreeBSD 8.2

เสรมพนธ นตยนรา 2 เมษายม 2554

1 เมษายน 2554 › 2013 › 05 › ...ลําดับที่ 3). update ports tree...

Documents