linux_web_中間建_資料庫安裝配置

wangzhensheng發表於2008-08-12
LinuxWeb資料庫
web_中間建_資料庫_安裝配置[@more@]

安裝部署文件

RedHat 安裝:
1. 安裝要求:
lvm管理方式
分割槽方式:
1):/ 4000M
2):swap(MEM<4096) =MEM * 2
(MEM>4096) =MEM
3):/user 12000M
4):/home 10000M
5):/var 4000M
6):/app 剩餘空間
配置SSH安全:
1) 關閉ssh底版本相容
#Protocol 2,1 ---&gt Protocol 2
2) 禁止root遠端登陸
#PermitRootLogin yes --&gt PermitRootLogin no
3) 重啟sshd
Service sshd restart
作業系統保留服務:
1) auditd
2) crond
3) network
4) psacct
5) rsync
6) sshd
7) syslog
8) sysstat
9) xinetd

配置作業系統審計
1) 啟動帳號空間審計
service auditd start
2) 啟動命令審計
service psacct start
3) 啟動系統日誌
service syslog start

2. 作業系統安裝元件


3. Apache 安全加固:(注意:修改配置檔案前移動做好備份)
1) apache主目錄: /app/apache/
2) 新建應用組
groupadd app
3) 新建apache帳號
useradd -g app -d /app/tomcat tomcat
chown -r tomcat.app /app/tomcat
4) 新建apache軟體目錄
su -tomcat;mkdir _backup
5) 安裝apache
su -apache
cd _backup/
wget (建議安裝apache最新版本)
./configure --prefix=/app/apache --enable-rewrite --enable-so --with-mpm=worker --with-threads=yes --enable-headers --enable

-deflate --enable-cache --enable-disk-cache --enable-mem-cache;make ;make install

6) 檢查mod_rewrite.so模組支援
su -apache
cd ./bin/
./httpd -l | grep mod_rewrite
沒有得話可以手工生成但是要有apache對應現有apache版本得原始碼

7) 手工編譯mod_rewrite.so檔案
cd $http_xxx/modules/mappers/
/app/apache/bin/apxs -c mod_rewrite.c
gcc -shared -o mod_rewrite.so mod_rewrite.o
/app/apache/bin/apxs -i -A -n rewrite mod_rewrite.so

8) 增加防止跨網站攻擊配置
LoadModule rewrite_module modules/mod_rewrite.so
RewriteEngine on
RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK)
RewriteRule .* - [F]
9) 配置ServeName
ServerName xxx.xxx.xxx.xxx:80 //防火牆上對外IP
10) 關閉目錄列表並支援include
Options Indexes FollowSymLinks
--&gt Options Includes FollowSymLinks
11) 刪除或遮蔽maual相關小節
12) 刪除或遮蔽cgi-bin相關小節
13) 禁止訪問WEB-INF

AllowOverride None
Deny from all

14) 禁止其它機器訪問logs目錄

Options None
AllowOverride None
Deny from All
Allow from localhost

15) 刪除或遮蔽cgi-bin相關小節

AllowOverride None
Deny from all

16) 關閉apache版本顯示
ServerSignature Off
ServerTokens Prod

17) 關閉apache 413錯誤:
操作開啟413
# ErrorDocument 413 /error/HTTP_REQUEST_ENTITY_TOO_LARGE.html.var
修改
ErrorDocument 413 "SYSTEM IS BUSY ... "

18) 靜默方式啟動apache(當前http保持以前配置,新得http請求用新得配置)
cd /app/apache/bin/
./apachectl -k graceful

19) apache非root帳號啟動配置
vi /etc/sudoers
增加
tomcat ALL=(ALL) NOPASSWD: /app/apache/bin/apachectl start,/app/apache/bin/apachectl stop,/app/apache/bin/apachectl graceful
tomcat ALL=(ALL) NOPASSWD: /usr/bin/killall -9 monitor,/root/start.sh

4. Tomcat配置:
Tomcat主目錄:/app/tomcat
字符集配置:
linux:
export LANG=zh_CN.GBK
AIX
LANG=zh_CN
export LANG
環境變數及啟動引數:
JAVA_OPTS='-Xms2048m -Xmx2048m'
CATALINA_OPTS='-Djava.awt.headless=true'
或者
JAVA_OPTS='-Xms512m -Xmx512m -XX:PermSize=256M -XX:MaxPermSize=256m -Djava.awt.headless=true';export JAVA_OPTS

配置tomcat伺服器引數
vi $TOMCAT_HOME/conf/server.xml
注意根據記憶體不同調整maxThreads大小
maxThreads="500" minSpareThreads="25" maxSpareThreads="75"
acceptCount="50" connectionTimeout="20000" disableUploadTimeout="true"
enableLookups="false" redirectPort="8443" debug="0"
protocol="AJP/1.3" />

maxThreads="1000" minSpareThreads="25" maxSpareThreads="75"
acceptCount="200" disableUploadTimeout="true"
enableLookups="false" redirectPort="8443" debug="0"
protocol="AJP/1.3" />

注意在hn專案裡面AIX作業系統中jvm虛擬機器中加"-XX:PermSize=256M -XX:MaxPermSize=256m" 引數報錯

1)禁止tomcat目錄列表
su - tomcat
cd conf/
vi web.xml

listings
true



listings
false

重起tomcat
2) 修改tomat預設首頁
修改或刪除webapps/ROOT/WEB-INF/web.xml檔案

3) apache橋接tomcat時,用$APACHE_HOME/htdocs做apache訪問得靜態路徑,tomcat預設根路徑$TOMCAT_HOME/webapps/ROOT刪除
寫同步程式同步tomcat得預設根路徑到 $APACHE_HOME/htdocs
/etc/rsyncd.conf<uid = tomcat
gid = app
max connections = 50
pid file = /var/run/rsyncd.pid
lock file = /var/run/rsyncd.lock
log file = /var/log/rsyncd.log

[app]
path = /app/apache/htdocs
comment = html, jpg, swf
read only = no
EOF

配置rsyncd服務端
vi /etc/xinetd.d/rsync
disable = no

disable = yes

啟動rsyncd服務
service xinetd reload
可以使用命令列或寫成指令碼同步程式到$APACHE_HOME/htdocs
rsync -azv $TOMCAT_HOME/webapps/ROOT/ $APACHE_HOME/htdocs/ --exclude WEB-INF --exclude *.jsp
--exclude *.tar --exclude *.gz --exclude *.sh --exclude logs

5. weblogic安裝配置

6. websphere安裝
啟用websphere的認證機制要用root帳號啟動websphere程式

7. oracle安裝
export LD_ASSUME_KERNEL=2.4.20
export ORACLE_BASE=/export/home/oracle
export ORACLE_HOME=$ORACLE_BASE/9i
export ORACLE_SID=ECOM
export ORACLE_TERM=xterm
export ORA_NLS33=$ORACLE_HOME/ocommon/nls/admin/data
export LD_LIBRARY_PATH=$ORACLE_HOME/lib:/lib:/usr/lib:/usr/openwin/lib
export LD_LIBRARY_PATH=$LD_LIBRARY_PATH:/usr/td/lib:/usr/ucblib:/usr/local/lib
export PATH=$PATH:$ORACLE_HOME/bin
export CLASSPATH=$ORACLE_HOME/JRE:$ORACLE_HOME/jlib:$ORACLE_HOME/rdbms/jlib
export CLASSPATH=$CLASSPATH:$ORACLE_HOME/network/jlib
export LANG=zh_CN
export NLS_LANG="SIMPLIFIED CHINESE_CHINA.ZHS16GBK" ; export NLS_LANG
export PATH=$PATH:$ORACLE_BASE/9i/bin

==========================
使用者的home目錄生成login.sql <set pages 40
set lines 160
col username for a20
col DEFAULT_TABLESPACE for a20
col TEMPORARY_TABLESPACE for a10
col file_name for a60
set timing on
EOF
=========================
資料庫監控指令碼
#!/bin/sh
sqlplus <set feed off
set lines 130
set pagesize 999
col TS_name format a13
col TS_place format a48
spool $4.txt
select b.file_id ID,b.FILE_NAME TS_place,b.tablespace_name TS_name,b.bytes BYTES,b.MAXBYTES,
(b.bytes-sum(nvl(a.bytes,0))) USED,sum(nvl(a.bytes,0)) surplus,
sum(nvl(a.bytes,0))/(b.bytes)*100 surplus_pre
from dba_free_space a,dba_data_files b
where a.file_id=b.file_id
group by b.tablespace_name,b.file_id,b.bytes,b.FILE_NAME,b.MAXBYTES
order by b.file_id;
prompt FSFI
rem fsfi value compute
rem fsfi.sql
column fsfi format 999,99
select tablespace_name,sqrt(max(blocks)/sum(blocks))*
(100/sqrt(sqrt(count(blocks)))) fsfi
from dba_free_space
group by tablespace_name order by 1;
rem spool fsfi.rep;
rem /
rem spool off;
spool off
exit
EOF
===========================
系統效能監控(linux)
#!/bin/sh
#/var/log/system_monitor
#/var/log/root.cron
#0,5,10,15,20,25,30,35,40,45,50,55 * * * * /var/log/system/system_monitor&
day=`date +%m%d%Y`
file="/var/log/system/sysinfo$day"
if [ -f $file ]; then
echo "ok">/dev/null
else
echo " date cpu mem load average sessions">>$file
echo " user system idle free 1 5 15">>$file
echo "">>$file
fi
time=`date '+%m%d %H:%M:%S '`
load=`uptime |grep load|sed s/,/ /g | sed s/:/ /g | awk '{printf "%10s %6s %6s",$13,$14,$15}'`
cpu=`vmstat 1 2 | sed -n '$p' |awk '{printf "%8s %6s %9s", $13,$14,$15}'`
real=`free | grep buffers | tail +2 | awk '{print $4}'`
httpd_number=`ps -ef|grep httpd|grep -v grep|wc -l|awk '{printf "%9d",$1}'`
app_number=`ps -ef H|grep "java"|grep -v grep | wc -l`
oracle_number=`ps -ef|grep "LOCAL=NO"|grep -v grep|wc -l|awk '{printf "%9d",$1}'`
echo "$time $cpu $real$load$httpd_number+$app_number+$oracle_number" >>$file
=============================

來自 “ ITPUB部落格 ” ,連結:http://blog.itpub.net/8806316/viewspace-1008860/,如需轉載,請註明出處,否則將追究法律責任。

相關文章