インストールマニュアル

技術文書
2015/12/14

adminユーザー作成

$ useradd admin
$ passwd admin

sshd設定

$ vi /etc/ssh/sshd_config

Port 10022
PermitRootLogin no
PermitEmptyPasswords no
PasswordAuthentication yes
AllowUsers admin

$ /etc/init.d/sshd restart

日本語設定

$ vi /etc/sysconfig/i18n

LANG="ja_JP.UTF-8" 

ローカルIP設定

$ vi /etc/sysconfig/network-scripts/ifcfg-eth1

DEVICE="eth1" 
IPADDR="192.168.1.1" 
NETMASK="255.255.255.0" 
ONBOOT="yes" 
TYPE="Ethernet" 
IPV6INIT="yes" 
IPV6_ROUTER="no" 

$ /etc/init.d/network restart

httpd

[root@www14012uf httpd]# yum install httpd
[root@www14012uf httpd]# /etc/init.d/httpd start
[root@www14012uf httpd]# chkconfig httpd on

php

[root@www14012uf httpd]# yum install php php-mbstring php-mysql php-pecl-memcache php-mcrypt
[root@www14012uf httpd]# vi /etc/php.ini

short_open_tag = On

[root@www14012uf httpd]# /etc/init.d/httpd restart

garoll調整

[root@www14012uf httpd]# mkdir /var/www/blogroll/cakephp/app/tmp/cache/persistent
[root@www14012uf httpd]# chmod a+w /var/www/blogroll/cakephp/app/tmp/cache/persistent
[root@www14012uf httpd]# chown admin:admin /var/www/blogroll/cakephp/app/tmp/cache/persistent/

postfix

dovecot

saslauthd

iptables

[root@www14012uf admin]# vi /etc/sysconfig/iptables

*filter
:INPUT   ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT  ACCEPT [0:0]
:RH-Firewall-1-INPUT - [0:0]

-A INPUT -j RH-Firewall-1-INPUT
-A FORWARD -j RH-Firewall-1-INPUT
-A RH-Firewall-1-INPUT -i lo -j ACCEPT
-A RH-Firewall-1-INPUT -p icmp --icmp-type any -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT

# ssh
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 10022 -j ACCEPT

# http
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 80    -j ACCEPT

# smtp/smtps
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 25 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 465 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 587 -j ACCEPT

# pop3
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 110 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 995 -j ACCEPT

# imap
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 143 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 993 -j ACCEPT

# icmp
-A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited

COMMIT

[root@www14012uf www]# iptables L
Chain INPUT (policy ACCEPT)
target prot opt source destination
RH-Firewall-1-INPUT all -
anywhere anywhere

Chain FORWARD (policy ACCEPT)
target prot opt source destination
RH-Firewall-1-INPUT all -- anywhere anywhere

Chain OUTPUT (policy ACCEPT)
target prot opt source destination

Chain RH-Firewall-1-INPUT (2 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere
ACCEPT icmp -- anywhere anywhere icmp any
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:10022
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:http
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:smtp
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:urd
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:submission
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:pop3
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:pop3s
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:imap
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:imaps
REJECT all -- anywhere anywhere reject-with icmp-host-prohibited

ポートスキャンして確認
[root@www14012uf admin]# yum install nmap
[root@www14012uf admin]# nmap -p 1-10022 49.212.176.26

Starting Nmap 5.51 ( http://nmap.org ) at 2015-12-14 17:12 JST
Nmap scan report for www14012uf.sakura.ne.jp (49.212.176.26)
Host is up (0.000014s latency).
Not shown: 10020 closed ports
PORT STATE SERVICE
80/tcp open http
10022/tcp open unknown

Nmap done: 1 IP address (1 host up) scanned in 0.37 seconds

ファイル