インストールマニュアル
技術文書
2015/12/14
adminユーザー作成¶
$ useradd admin
$ passwd admin
sshd設定¶
$ vi /etc/ssh/sshd_config
Port 10022 PermitRootLogin no PermitEmptyPasswords no PasswordAuthentication yes AllowUsers admin
$ /etc/init.d/sshd restart
日本語設定¶
$ vi /etc/sysconfig/i18n
LANG="ja_JP.UTF-8"
ローカルIP設定¶
$ vi /etc/sysconfig/network-scripts/ifcfg-eth1
DEVICE="eth1" IPADDR="192.168.1.1" NETMASK="255.255.255.0" ONBOOT="yes" TYPE="Ethernet" IPV6INIT="yes" IPV6_ROUTER="no"
$ /etc/init.d/network restart
httpd¶
[root@www14012uf httpd]# yum install httpd
[root@www14012uf httpd]# /etc/init.d/httpd start
[root@www14012uf httpd]# chkconfig httpd on
php¶
[root@www14012uf httpd]# yum install php php-mbstring php-mysql php-pecl-memcache php-mcrypt
[root@www14012uf httpd]# vi /etc/php.ini
short_open_tag = On
[root@www14012uf httpd]# /etc/init.d/httpd restart
garoll調整¶
[root@www14012uf httpd]# mkdir /var/www/blogroll/cakephp/app/tmp/cache/persistent
[root@www14012uf httpd]# chmod a+w /var/www/blogroll/cakephp/app/tmp/cache/persistent
[root@www14012uf httpd]# chown admin:admin /var/www/blogroll/cakephp/app/tmp/cache/persistent/
postfix¶
dovecot¶
saslauthd¶
iptables¶
[root@www14012uf admin]# vi /etc/sysconfig/iptables
*filter :INPUT ACCEPT [0:0] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [0:0] :RH-Firewall-1-INPUT - [0:0] -A INPUT -j RH-Firewall-1-INPUT -A FORWARD -j RH-Firewall-1-INPUT -A RH-Firewall-1-INPUT -i lo -j ACCEPT -A RH-Firewall-1-INPUT -p icmp --icmp-type any -j ACCEPT -A RH-Firewall-1-INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT # ssh -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 10022 -j ACCEPT # http -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT # smtp/smtps -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 25 -j ACCEPT -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 465 -j ACCEPT -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 587 -j ACCEPT # pop3 -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 110 -j ACCEPT -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 995 -j ACCEPT # imap -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 143 -j ACCEPT -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 993 -j ACCEPT # icmp -A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited COMMIT
[root@www14012uf www]# iptables L anywhere anywhere
Chain INPUT (policy ACCEPT)
target prot opt source destination
RH-Firewall-1-INPUT all -
Chain FORWARD (policy ACCEPT)
target prot opt source destination
RH-Firewall-1-INPUT all -- anywhere anywhere
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain RH-Firewall-1-INPUT (2 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere
ACCEPT icmp -- anywhere anywhere icmp any
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:10022
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:http
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:smtp
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:urd
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:submission
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:pop3
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:pop3s
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:imap
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:imaps
REJECT all -- anywhere anywhere reject-with icmp-host-prohibited
ポートスキャンして確認
[root@www14012uf admin]# yum install nmap
[root@www14012uf admin]# nmap -p 1-10022 49.212.176.26
Starting Nmap 5.51 ( http://nmap.org ) at 2015-12-14 17:12 JST
Nmap scan report for www14012uf.sakura.ne.jp (49.212.176.26)
Host is up (0.000014s latency).
Not shown: 10020 closed ports
PORT STATE SERVICE
80/tcp open http
10022/tcp open unknown
Nmap done: 1 IP address (1 host up) scanned in 0.37 seconds