ÀèÆü¡¢°Ê²¼¤Î¥á¡¼¥ë¤¬Íè¤ë¤è¤¦¤Ë¤Ê¤Ã¤¿¡£
Checking `bindshell'... INFECTED (PORTS: 1008)

bindshell¤¬»Å³Ý¤±¤é¤ì¤¿¤Î¤«¤È»×¤¤¡¢¿§¡¹Ä´¤Ù¤¿¤é¡¢¤É¤¦¤â¥Ý¡¼¥È1008¤¬rpc.statd¤Î¥×¥í¥»¥¹¤Ë¤è¤Ã¤Æ»ÈÍѤµ¤ì¤Æ¤¤¤ë¤³¤È¤¬Ê¬¤«¤ê¡¢bindshell¤Ç¤Ï¤Ê¤«¤Ã¤¿¤è¤¦¤Ê¤Î¤Ç¡¢¤Þ¤º¤Ï°ì°Â¿´¡£

¥Ý¡¼¥È1008¤¬»È¤Ã¤Æ¤ë¥×¥í¥»¥¹¤ò³Îǧ
[root@server ~]# lsof -i:1008
COMMAND    PID    USER   FD   TYPE DEVICE SIZE NODE NAME
rpc.statd 2098 rpcuser    7u  IPv4   5737       TCP *:1008 (LISTEN)

rpc.statd¤¬¡¢rpcuser¤Ë¤è¤Ã¤Æµ¯Æ°¤·¤Æ¤¤¤ë¡£

¥Ð¥Ã¥¯¥¢¥Ã¥×¤·¤Æ¤¢¤Ã¤¿chkrootkit¤Ç»ÈÍѤ¹¤ë¥³¥Þ¥ó¥É·²»È¤Ã¤ÆºÆ¸¡ºº¤ò¹Ô¤¦¤³¤È¤Ë¡£
[root@server ~]# shutdown -r now

¥¯¥é¥¤¥¢¥ó¥È¥Þ¥·¥ó¤Ë¥Ð¥Ã¥¯¥¢¥Ã¥×¤·¤Æ¤¢¤Ã¤¿chkrootkitcmd.zip¤ò¡¢/home/higo/¤Ë¥¢¥Ã¥×¥í¡¼¥É¤·¤Æ¤«¤é°Ê²¼¤Îºî¶È¤ò¹Ô¤¦¡£
[root@server ~]# cd /home/higo/
[root@server higo]# mv -v chkrootkitcmd.zip /root
`chkrootkitcmd.zip' -> `/root/chkrootkitcmd.zip'
[root@server higo]# cd
[root@server ~]# unzip chkrootkitcmd.zip
Archive:  chkrootkitcmd.zip
   creating: chkrootkitcmd/
  inflating: chkrootkitcmd/id
  inflating: chkrootkitcmd/egrep
  inflating: chkrootkitcmd/sed
  inflating: chkrootkitcmd/netstat
  inflating: chkrootkitcmd/echo
  inflating: chkrootkitcmd/find
  inflating: chkrootkitcmd/awk
  inflating: chkrootkitcmd/head
  inflating: chkrootkitcmd/strings
  inflating: chkrootkitcmd/ps
  inflating: chkrootkitcmd/uname
  inflating: chkrootkitcmd/ls
  inflating: chkrootkitcmd/cut
[root@server ~]# ls -l ./chkrootkitcmd/
¹ç·× 1084
-rwxr-xr-x 1 root root 320416  7·î 12 09:20 awk
-rwxr-xr-x 1 root root  34408  7·î 12 09:20 cut
-rwxr-xr-x 1 root root  19852  7·î 12 09:20 echo
-rwxr-xr-x 1 root root  85060  7·î 12 09:20 egrep
-rwxr-xr-x 1 root root 151244  7·î 12 09:20 find
-rwxr-xr-x 1 root root  31660  7·î 12 09:20 head
-rwxr-xr-x 1 root root  22600  7·î 12 09:20 id
-rwxr-xr-x 1 root root  95116  7·î 12 09:20 ls
-rwxr-xr-x 1 root root 121300  7·î 12 09:20 netstat
-r-xr-xr-x 1 root root  79004  7·î 12 09:20 ps
-rwxr-xr-x 1 root root  51764  7·î 12 09:20 sed
-rwxr-xr-x 1 root root  25892  7·î 12 09:20 strings
-rwxr-xr-x 1 root root  20024  7·î 12 09:20 uname

/root/chkrootkitcmd/¤Î³°Éô¥³¥Þ¥ó¥É¤Ç¡¢chkrootkit¤ò¼Â¹Ô¡£
[root@server ~]# which chkrootkit
/usr/sbin/chkrootkit
[root@server ~]# chkrootkit -p /root/chkrootkitcmd/

INFECTED¤Ï̵¤¤¤è¤¦¤À¤¬¡¢INFECTED¤Î¤ßɽ¼¨¤µ¤»¤Æ¤ß¤ë¡£
[root@server ~]# chkrootkit -p /root/chkrootkitcmd/ | grep INFECTED

INFECTED¤Ï̵¤«¤Ã¤¿¡£

rpc.statd¤ÎÂÔ¤Á¼õ¤±¥Ý¡¼¥È¤ò³Îǧ¤·¤Æ¤ß¤ë¡£
[root@server ~]# netstat -anp|grep rpc.statd
tcp        0      0 0.0.0.0:1006                0.0.0.0:*                   LISTEN      2096/rpc.statd
udp        0      0 0.0.0.0:1000                0.0.0.0:*                               2096/rpc.statd
udp        0      0 0.0.0.0:1003                0.0.0.0:*                               2096/rpc.statd
unix  2      [ ]         DGRAM                    5427   2096/rpc.statd

rpc.statd¤¬»È¤Ã¤Æ¤¿1008¤Ï¤¹¤Ç¤Ë°ã¤¦¤â¤Î¤Ë¤Ê¤Ã¤Æ¤ë¡£

¥Ý¡¼¥È1008È֤ϡ¢¤É¤Î¥×¥í¥»¥¹¤â»ÈÍѤ·¤Æ¤Ê¤¤¤³¤È¤ò³Îǧ¡£
[root@server ~]# lsof -i:1008
[root@server ~]#

ºÆ¸¡ºº¤Ç»È¤Ã¤¿¥Õ¥¡¥¤¥ë·²¤òºï½ü¡£
[root@server ~]# rm -v -f -R ./chkrootkitcmd/
removed `./chkrootkitcmd//id'
removed `./chkrootkitcmd//egrep'
removed `./chkrootkitcmd//sed'
removed `./chkrootkitcmd//netstat'
removed `./chkrootkitcmd//echo'
removed `./chkrootkitcmd//find'
removed `./chkrootkitcmd//awk'
removed `./chkrootkitcmd//head'
removed `./chkrootkitcmd//strings'
removed `./chkrootkitcmd//ps'
removed `./chkrootkitcmd//uname'
removed `./chkrootkitcmd//ls'
removed `./chkrootkitcmd//cut'
removed directory: `./chkrootkitcmd/'

zip¥Õ¥¡¥¤¥ë¤âºï½ü
[root@server ~]# rm -v chkrootkitcmd.zip
rm: remove Ä̾ï¥Õ¥¡¥¤¥ë `chkrootkitcmd.zip'? y
removed `chkrootkitcmd.zip'

°ÊÁ°¤Î¥³¥Þ¥ó¥É¤Çchkrootkit¤ò¼Â¹Ô
[root@server ~]# chkrootkit | grep INFECTED
[root@server ~]#
rootkit¤Ï¸¡½Ð¤µ¤ì¤Ê¤«¤Ã¤¿¡£

¥á¡¼¥ë¥µ¡¼¥Ð¡¼¤ò¹½ÃÛ¤¹¤ë¤¿¤á¤Ë¤Ï¡¢¤Þ¤º¥á¡¼¥ëÇÛÁ÷¤ò¹Ô¤¦¤¿¤á¤ÎSMTP¥µ¡¼¥Ð¡¼¤¬É¬ÍפȤʤ롣 SMTP¥µ¡¼¥Ð¡¼¤È¤·¤ÆÆ°ºî¤¹¤ë¥½¥Õ¥È¥¦¥§¥¢¤ÎÂåɽŪ¤Ê¤â¤Î¤Ë¤ÏPostfix¡¢sendmail¡¢qmail¤¬¤¢¤ë¡£ Postfix¤Ïsendmail¤äqmail¤è¤ê¸å¤Ë³«È¯¤µ¤ì¤¿¤¿¤á¡¢¤½¤ì¤¾¤ì¤ÎÎɤ¤Éôʬ¤òÈ¿±Ç¤·¤Æ³«È¯¤µ¤ì¤Æ¤ª¤ê¡¢´Êñ¤ËÀßÄꤹ¤ë¤³¤È¤¬²Äǽ¤Ê¤Î¤Ç¡¢¤³¤³¤Ç¤Ïsendmail¤È¤Î¸ß´¹À­¤¬Í¥¤ì¤Æ¤¤¤ëPostfix¤ò»ÈÍѤ¹¤ë¡£

¢£sendmail¤òÄä»ß¤¹¤ë
¥Ç¥Õ¥©¥ë¥È¤Ç¥¤¥ó¥¹¥È¡¼¥ë¤µ¤ì¤Æ¤¤¤ësendmail¤òPostfix¤ò¥¤¥ó¥¹¥È¡¼¥ë¤¹¤ëÁ°¤ËÄä»ß¤·¤Æ¤ª¤¯

[root@linux ~]# /etc/rc.d/init.d/sendmail stop
sendmail ¤òÄä»ßÃæ:                                         [  OK  ]
sm-client ¤òÄä»ßÃæ:                                        [  OK  ]

sendmail¼«Æ°µ¯Æ°ÀßÄê²ò½ü
[root@linux ~]# chkconfig sendmail off

sendmail¼«Æ°µ¯Æ°ÀßÄê²ò½ü³Îǧ
[root@linux ~]# chkconfig --list sendmail
sendmail        0:off   1:off   2:off   3:off   4:off   5:off   6:off
¡¡¡¡¡¡¡¡¡¡¡¡¡¡¡¡¡¡¡¡¡¡¡¡¡¡¡¡¡¡¡¡¡Ê¥é¥ó¥ì¥Ù¥ë2¡Á5¤Îoff¤ò³Îǧ¡Ë

¢£Postfix¤Î¥¤¥ó¥¹¥È¡¼¥ë

[root@linux ~]# yum -y install postfix

¢£sendmail´Ä¶­¤«¤éPostfix´Ä¶­¤Ø°Ü¹Ô¤¹¤ë
CentOS¤Ç¤Ï¡¢ÍøÍѤ¹¤ëMTA¥×¥í¥°¥é¥à¤ÎÁªÂò¤Ëalternatives¤È¤¤¤¦»ÅÁȤߤòÍøÍѤ·¤Æ¤ª¤ê¡¢¤³¤Îalternatives¥³¥Þ¥ó¥É¤ò¼Â¹Ô¤¹¤ë¤³¤È¤Ë¤è¤ê¡¢´Êñ¤Ësendmail´Ä¶­¤«¤éPostfix´Ä¶­¤Ø°Ü¹Ô¤¹¤ë¤³¤È¤¬½ÐÍè¤ë¡£

[root@linux ~]# alternatives --config mta

2 ¥×¥í¥°¥é¥à¤¬¤¢¤ê 'mta' ¤òÄ󶡤·¤Þ¤¹¡£

  ÁªÂò       ¥³¥Þ¥ó¥É
-----------------------------------------------
*+ 1           /usr/sbin/sendmail.sendmail
   2           /usr/sbin/sendmail.postfix

Enter ¤ò²¡¤·¤Æ¸½ºß¤ÎÁªÂò [+] ¤òÊÝ»ý¤¹¤ë¤«¡¢ÁªÂòÈÖ¹æ¤òÆþÎÏ:2
postfix¤ò»È¤¦¤Î¤ÇÁªÂòÈÖ¹æ[2]¤òÆþÎÏ

¢£Postfix¤ÎÀßÄê
Postfix¤Î´ðËÜŪ¤ÊÀßÄê¤Ï¡¢/etc/postfix/main.cf¤Ç¹Ô¤¦

[root@linux ~]# vi /etc/postfix/main.cf¡¡¢«¡¡vi¥¨¥Ç¥£¥¿¤Çmain.cf¤ò³«¤¯
# The myhostname parameter specifies the internet hostname of this
# mail system. The default is to use the fully-qualified domain name
# from gethostname(). $myhostname is used as a default value for many
# other configuration parameters.
#
#myhostname = host.domain.tld
¢­
myhostname = linux.yokensaka.com¡¡¢«¡¡#¤ò³°¤·¤Æ¡¢¥µ¡¼¥Ð¡¼¤Î¥Û¥¹¥È̾¤òÀßÄê
#myhostname = virtual.domain.tld

# The mydomain parameter specifies the local internet domain name.
# The default is to use $myhostname minus the first component.
# $mydomain is used as a default value for many other configuration
# parameters.
#
#mydomain = domain.tld
¢­
mydomain = yokensaka.com¡¡¢«¡¡#¤ò³°¤·¤Æ¡¢¥É¥á¥¤¥ó̾¤òÀßÄê

# For the sake of consistency between sender and recipient addresses,
# myorigin also specifies the default domain name that is appended
# to recipient addresses that have no @domain part.
#
#myorigin = $myhostname
#myorigin = $mydomain
¢­
myorigin = $mydomain¡¡¢«¡¡#¤ò³°¤·¤Æ¡¢ÀßÄê¤òÍ­¸ú¤Ë
¡¡¡¡¡¡¡¡¡¡¡¡¡Ê¥á¡¼¥ë¥¢¥É¥ì¥¹¤Î¡Ö@¡×°Ê²¼¤ËÉղ乤ëʸ»úÎó¤ò»ØÄê)

# See also the proxy_interfaces parameter, for network addresses that
# are forwarded to us via a proxy or network address translator.
#
# Note: you need to stop/start Postfix when this parameter changes.
#
¥á¡¼¥ë¤Î¼õ¿®¤òµö²Ä¤¹¤ë¥Í¥Ã¥È¥ï¡¼¥¯¥¤¥ó¥¿¡¼¥Õ¥§¡¼¥¹¤òÀßÄê
#inet_interfaces = all
¢­¡¡#¤ò³°¤·¤Æ¡¢ÀßÄê¤òÍ­¸ú¤Ë¤¹¤ë¡Ê¼«¥µ¡¼¥Ð¡¼¤«¤é¤Î¥á¡¼¥ë¤À¤±¤ò¼õ¿®¤¹¤ë¾ì¹ç¤ÏÀßÄꤷ¤Ê¤¤¡Ë
inet_interfaces = all
#inet_interfaces = $myhostname
#inet_interfaces = $myhostname, localhost
inet_interfaces = localhost
¢­¡¡¹ÔƬ¤Ë#¤òÄɲáʼ«¥µ¡¼¥Ð¡¼¤«¤é¤Î¥á¡¼¥ë¤À¤±¤ò¼õ¿®¤¹¤ë¾ì¹ç¤ÏÀßÄꤷ¤Ê¤¤¡Ë
#inet_interfaces = localhost

# Specify a list of host or domain names, /file/name or type:table
# patterns, separated by commas and/or whitespace. A /file/name
# pattern is replaced by its contents; a type:table is matched when
# a name matches a lookup key (the right-hand side is ignored).
# Continue long lines by starting the next line with whitespace.
#
# See also below, section "REJECTING MAIL FOR UNKNOWN LOCAL USERS".
#
¼õ¿®¤·¤¿¥á¡¼¥ë¤òµñÈݤ¹¤ë¤«¤É¤¦¤«¤òÀßÄê
mydestination = $myhostname, localhost.$mydomain, localhost
¢­
#mydestination = $myhostname, localhost.$mydomain, localhost¡¡¢«¡¡¹ÔƬ¤Ë#¤òÄɲÃ
#mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain
¢­
mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain¡¡¢«¡¡#¤ò³°¤¹
#mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain,
#       mail.$mydomain, www.$mydomain, ftp.$mydomain

# Specify "mynetworks_style = host" when Postfix should "trust"
# only the local machine.
#
#mynetworks_style = class
#mynetworks_style = subnet
¢­
mynetworks_style = subnet¡¡¢«¡¡#¤ò³°¤¹
#mynetworks_style = host

# You can also specify the absolute pathname of a pattern file instead
# of listing the patterns here. Specify type:table for table-based lookups
# (the value on the table right-hand side is not used).
#
ÆâÉô¥Í¥Ã¥È¥ï¡¼¥¯¥¢¥É¥ì¥¹¤È¥í¡¼¥«¥ë¥Û¥¹¥È¥¢¥É¥ì¥¹¤ò»ØÄê
#mynetworks = 168.100.189.0/28, 127.0.0.0/8
¢­
mynetworks = 192.168.1.0/24, 127.0.0.0/8¡¡¢«¡¡#¤ò³°¤·¤Æ½ñ¤­´¹¤¨¤ë
#mynetworks = $config_directory/mynetworks
#mynetworks = hash:/etc/postfix/network_table

# NOTE: Postfix will not automatically forward mail for domains that
# list this system as their primary or backup MX host. See the
# permit_mx_backup restriction description in postconf(5).
#
#relay_domains = $mydestination
¢­
relay_domains = $mydestination¡¡¢«¡¡#¤ò³°¤¹

# DELIVERY TO MAILBOX
#
# The home_mailbox parameter specifies the optional pathname of a
# mailbox file relative to a user's home directory. The default
# mailbox file is /var/spool/mail/user or /var/mail/user.  Specify
# "Maildir/" for qmail-style delivery (the / is required).
#
#home_mailbox = Mailbox
#home_mailbox = Maildir/
¢­
home_mailbox = Maildir/¡¡¢«¡¡#¤ò³°¤·¤Æ¥á¡¼¥ë¥Ü¥Ã¥¯¥¹³ÊǼ·Á¼°¤òMaildir·Á¼°¤Ë¤¹¤ë

SMTP Auth¤òÍ­¸ú¤Ë¤¹¤ë¡£ÀßÄê¥Õ¥¡¥¤¥ë¤ÎºÇ½ª¹Ô¤Þ¤Ç°ÜÆ°¤·¤Æ¡¢°Ê²¼¤Î¤è¤¦¤ËÀßÄê¤òÄɵ­¡£
smtpd_sasl_auth_enable = yes
smtpd_sasl_local_domain = $myhostname
smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination

relays.ordb.org ¤¬¡¢2006/12/18¤ÇÀµ¼°¤Ê³èÆ°¤òÄä»ß¤·¤¿°Ù°Ê²¼¤ÏÀßÄꤷ¤Ê¤¤¡£
¥á¡¼¥ëÉÔÀµÃæ·Ñ¥Û¥¹¥È¤«¤é¤ÎÀܳ¤òµñÈݤ¹¤ë¾ì¹ç°Ê²¼¤òºÇ½ª¹Ô¤ØÄɲ乤롣
smtpd_client_restrictions = reject_rbl_client relays.ordb.org

Á÷¿®¤¹¤ë¥á¡¼¥ë£±ÄÌÅö¤¿¤ê¤Î¥µ¥¤¥º¤Ï¥Ç¥Õ¥©¥ë¥È¤Ç10MByte¡¢
¼õ¿®¤¹¤ë¥á¡¼¥ë¹ç·×¤ÎÁíÍÆÎ̤ϥǥե©¥ë¥È¤Ç50MByte¤ËÀßÄꤵ¤ì¤Æ¤¤¤ë¡£
¤½¤ì¤¾¤ì100MByte¤È500MByte¤ËÊѹ¹¤¹¤ë¤Ë¤Ï°Ê²¼¤òºÇ½ª¹Ô¤ØÄɲá£
message_size_limit = 102400000
mailbox_size_limit = 512000000

Êѹ¹¤òÍ­¸ú¤Ë¤¹¤ë°Ù¡¢postfix¤òºÆµ¯Æ°¡£
[root@server ~]# /etc/rc.d/init.d/postfix reload
postfix ¤òºÆÆɤ߹þ¤ßÃæ:                                    [  OK  ]

¢£SMTP AuthÀßÄê
SMTP Auth¤Ç¤ÏCyrus SASL¤È¸Æ¤Ð¤ì¤ëǧ¾Ú¥×¥í¥°¥é¥à¤òÍøÍѤ·¤Æ¤¤¤ë¡£ Postfix¤ÇCyrus SASL¤òÍøÍѽÐÍè¤ë¤è¤¦¤ËÀßÄꤹ¤ëɬÍפ¬¤¢¤ë¡£

[root@linux ~]# vi /usr/lib/sasl2/smtpd.conf¡¡¢«¡¡smtpd.conf¤ò³«¤¯
ÀßÄê¥Õ¥¡¥¤¥ë¤ÎºÇ¸å¤ËÄɵ­
mech_list: plain login cram-md5 digest-md5

saslauthd¤Îµ¯Æ°
[root@linux ~]# /etc/init.d/saslauthd start
saslauthd ¤òµ¯Æ°Ãæ:                                        [  OK  ]

saslauthd¤Î¼«Æ°µ¯Æ°ÀßÄê
[root@linux ~]# chkconfig saslauthd on

saslauthd¤Î¼«Æ°µ¯Æ°ÀßÄê³Îǧ
[root@linux ~]# chkconfig --list saslauthd
saslauthd       0:off   1:off   2:on    3:on    4:on    5:on    6:off
¡¡¡¡¡¡¡¡¡¡¡¡¡¡¡¡¡¡¡¡¡¡¡¡¡¡¡¡¡¡¡¡¡Ê¥é¥ó¥ì¥Ù¥ë2¡Á5¤Îon¤ò³Îǧ¡Ë

¢£root°¸¥á¡¼¥ë¤ò°ìÈ̥桼¥¶¡Êwebmaster¡Ë¤ØžÁ÷
¥·¥¹¥Æ¥à¤«¤éroot°¸¤ËÁ÷¤é¤ì¤Æ¤¯¤ë¥á¡¼¥ë¤ò¡¢°ìÈ̥桼¥¶¡Êwebmaster¡Ë¤ØžÁ÷¤¹¤ë¤è¤¦¤Ë¤¹¤ë¡£

´ÉÍý¼Ô¥æ¡¼¥¶°¸¥á¡¼¥ë¤Îroot°¸Å¾Á÷ÀßÄê¤ò²ò½ü
[root@linux ~]# sed -i 's/^webmaster/#webmaster/g' /etc/aliases

´ÉÍý¼Ô¥æ¡¼¥¶°¸¥á¡¼¥ë¤Îroot°¸Å¾Á÷ÀßÄê²ò½ü¤ò³Îǧ
[root@linux ~]# grep ^webmaster /etc/aliases¡¡¢«¡¡·ë²Ì¤¬¤Ê¤Ë¤âɽ¼¨¤µ¤ì¤Ê¤¤¤³¤È¤ò³Îǧ

root°¸¥á¡¼¥ë¤ò´ÉÍý¼Ô¥æ¡¼¥¶¡Êwebmaster¡Ë¤ØžÁ÷¤¹¤ë¤è¤¦¤ËÀßÄê
[root@linux ~]# sed -i 's/^root/#root/g' /etc/aliases

root°¸¥á¡¼¥ë¤ò´ÉÍý¼Ô¥æ¡¼¥¶¡Êwebmaster¡Ë¤ØžÁ÷¤¹¤ë¤è¤¦¤ËÀßÄê
[root@linux ~]# echo "root: webmaster" >> /etc/aliases

root°¸¥á¡¼¥ë¤¬´ÉÍý¼Ô¥æ¡¼¥¶¡Êwebmaster¡Ë°¸¤ØžÁ÷¤µ¤ì¤ë¤«¤Î³Îǧ
[root@linux ~]# grep ^root /etc/aliases
root: webmaster¡¡¢«¡¡root°¸¥á¡¼¥ë¤¬´ÉÍý¼Ô¥æ¡¼¥¶¡Êwebmaster¡Ë¤ØžÁ÷¤µ¤ì¤ë¤è¤¦¤ËÀßÄꤵ¤ì¤Æ¤¤¤ë

žÁ÷Àè¤òÈ¿±Ç¤µ¤»¤ë
[root@linux ~]# postalias /etc/aliases

¢£°ìÈ̥桼¥¶¡¼¡Êwebmaster¡Ë¤ÎºîÀ®
webmaster¤Ø¥á¡¼¥ë¤¬ÆϤ¯¤è¤¦¤Ë¤¹¤ë¤¿¤á¤Ë¤Ï°ìÈ̥桼¥¶¡¼¡Êwebmaster¡Ë¤ÎºîÀ®¤¬É¬Íס£

°ìÈ̥桼¥¶(webmaster)¤òÄɲá£
[root@linux ~]# useradd webmaster

°ìÈ̥桼¥¶¡¼¤Ç¥í¥°¥¤¥ó¤¹¤ë¤¿¤á¤Ë¤Ï¥Ñ¥¹¥ï¡¼¥É¤òÀßÄꤹ¤ëɬÍפ¬¤¢¤ë
[root@linux ~]# passwd webmaster

¥Ñ¥¹¥ï¡¼¥É¤ÎÆþÎÏ¡ÊÆþÎϤ·¤¿¥Ñ¥¹¥ï¡¼¥É¤Ïɽ¼¨¤µ¤ì¤Ê¤¤¡Ë
Changing password for user webmaster.
New UNIX password:¥Ñ¥¹¥ï¡¼¥É

ºÆÆþÎϤòÂ¥¤µ¤ì¤ë¤Î¤Ç¡¢¤â¤¦°ìÅÙÆþÎÏ¡£(¾åµ­¤Î¥Ñ¥¹¥ï¡¼¥É¤ÈƱ¤¸Êª¤òÆþ¤ì¤ë)
Retype new UNIX password:¥Ñ¥¹¥ï¡¼¥É
passwd: all authentication tokens updated successfully.

¢£Postfix¤Îµ¯Æ°

Postfix¤Îµ¯Æ° 
[root@linux ~]# /etc/rc.d/init.d/postfix start
postfix ¤òµ¯Æ°Ãæ:                                          [  OK  ]

¢£Postfix¤Î¼«Æ°µ¯Æ°ÀßÄê

Postfix¤Î¼«Æ°µ¯Æ°ÀßÄê
[root@linux ~]# chkconfig postfix on

Postfix¤Î¼«Æ°µ¯Æ°ÀßÄê³Îǧ
[root@linux ~]# chkconfig --list postfix
postfix         0:off   1:off   2:on    3:on    4:on    5:on    6:off
¡¡¡¡¡¡¡¡¡¡¡¡¡¡¡¡¡¡¡¡¡¡¡¡¡¡¡¡¡¡¡¡¡Ê¥é¥ó¥ì¥Ù¥ë2¡Á5¤Îon¤ò³Îǧ¡Ë

¢£sendmail¤Î¥¢¥ó¥¤¥ó¥¹¥È¡¼¥ë

ÉÔÍפˤʤä¿Sendmail¤Ï¡¢Ç°¤Î¤¿¤á¥¢¥ó¥¤¥ó¥¹¥È¡¼¥ë¤·¤Æ¤ª¤¯¡£
[root@linux ~]# yum remove sendmail

¢£sendmail¥Ñ¥¹¤Î³Îǧ
·Ç¼¨ÈĤʤɤÇÅê¹Æ¤¬¤¢¤Ã¤¿¤é¥á¡¼¥ëÄÌÃΤ¹¤ëÀßÄê¤ò¤·¤Æ¤¤¤ë»þ¤Ï CGI¤Îsendmail¥Ñ¥¹¤ÎÀßÄê¤òÊѹ¹¤·¤Ê¤¤¤ÈÁ÷¿®¥¨¥é¡¼¤Ë¤Ê¤ë¾ì¹ç¤¬¤¢¤ë¡£

°ìÈ̥桼¥¶¡¼¤Çsendmail¥Ñ¥¹¤Î³Îǧ¤ò¤¹¤ë
[root@linex ~]# su - higo
[higo@linux ~]$ which sendmail¡¡¢«¡¡sendmail¥Ñ¥¹¤Î³Îǧ
/usr/bin/which: no sendmail in (/usr/kerberos/bin:/usr/local/bin:/bin:/usr/bin:/home/higo/bin)

sendmail¥Ñ¥¹¤¬¸«¤Ä¤«¤é¤Ê¤¤¤È¤­¤Ï
°Ê²¼¤Î¤è¤¦¤Ë¤¹¤ì¤Ð°ìÈ̥桼¥¶¡¼¤Ç¤âsendmail¥Ñ¥¹¤¬¤ß¤¨¤ë¤è¤¦¤Ë¤Ê¤ë¡£
[higo@linux ~]$ su -¡¡¢«¡¡¥ë¡¼¥È¤Ë¤Ê¤ë
¥Ñ¥¹¥ï¡¼¥É(P):¡¡¢«¡¡¥ë¡¼¥È¤Î¥Ñ¥¹¥ï¡¼¥É¤òÆþÎÏ

[root@linux ~]# ln -s /usr/sbin/sendmail /usr/bin/sendmail

[root@linux ~]# su - higo¡¡¢«¡¡°ìÈ̥桼¥¶¡¼¤Ë¤Ê¤ë

[higo@linux ~]$ which sendmail¡¡¢«¡¡sendmail¥Ñ¥¹¤Î³Îǧ
/usr/bin/sendmail

joyful.cgi¤Ç¤Ïsendmail¥Ñ¥¹¤¬¥Ç¥Õ¥©¥ë¥È¤Ç¡Ö/usr/lib/sendmail¡×¤Ë¤Ê¤Ã¤Æ¤¤¤ë¤Î¤Ç¡¢¾åµ­¤Ç³Îǧ¤·¤¿sendmail¥Ñ¥¹¡Ö/usr/bin/sendmail¡×¤Ëľ¤µ¤Ê¤¤¤ÈÅê¹Æ»þ¤ËÁ÷¿®¥¨¥é¡¼¤Ë¤Ê¤ë¡£

# sendmail¥Ñ¥¹¡Ê¥á¡¼¥ëÄÌÃΤ¹¤ë»þ¡Ë
$sendmail = '/usr/lib/sendmail';
¡¡¢­
# sendmail¥Ñ¥¹¡Ê¥á¡¼¥ëÄÌÃΤ¹¤ë»þ¡Ë
$sendmail = '/usr/bin/sendmail';¡¡¢«¡¡lib¤òbin¤ËÊѹ¹

¢¨SMTP¥µ¡¼¥Ð¡¼¤ò»È¤¦¤Ë¤Ï¡¢¥ë¡¼¥¿¡¼¤ÎÀßÄ꤬ɬÍפʤΤÇ25È֤Υݡ¼¥È¤ò³«¤±¤ë¡£

¢£¡¡¥Ý¡¼¥È¥Á¥§¥Ã¥¯¡Ú¥Ý¡¼¥È³«Êü³Îǧ¡Û
¡Ö´ÉÍý¤·¤Æ¤¤¤ë¥µ¡¼¥Ð¡¼¤¬³°Éô¤«¤éÀܳ¥¢¥¯¥»¥¹¤Ç¤­¤ë¤«¡©¡×¡Ö¥Ý¡¼¥È¤Ï³«Êü¤µ¤ì¤Æ¤¤¤ë¤«¡©¡×¡Öport¤ÏÊĤ¸¤Æ¤¤¤ë¤«¡©¡×¡Ö¥ë¡¼¥¿¤Î¥Ý¡¼¥È¤Ï³«Êü¤µ¤ì¤Æ¤¤¤ë¤«¡×Åù¤Î
¥Ý¡¼¥È¥Á¥§¥Ã¥¯¡¦¥Ý¡¼¥È¤ÎÁÂÄ̳Îǧ¥Æ¥¹¥È¤Ï¤³¤Á¤é¤Ç

Postfix¤ò¥¤¥ó¥¹¥È¡¼¥ë¤·¤¿¤À¤±¤Ç¤Ï¡¢¥á¡¼¥ë¤ÎÆɤ߽Ф·¤Ï½ÐÍè¤Ê¤¤¡£ Postfix¤Ï¥á¡¼¥ë¤òÇÛ¿®¤¹¤ë¤¿¤á¤ÎSMTP¥µ¡¼¥Ð¡¼¤È¤·¤Æ¤Îµ¡Ç½¤·¤«»ý¤¿¤Ê¤¤¤Î¤Ç¡¢dovecot¤ò¥¤¥ó¥¹¥È¡¼¥ë¤¹¤ë¤³¤È¤Ë¤è¤ê¡¢POP3/IMAP4¤É¤Á¤é¤Ç¤â¥á¡¼¥ë¤òÆɤ߽Ф»¤ë¤è¤¦¤Ë¤¹¤ë¡£

Clam Antivirus¤ÏGPL¥é¥¤¥»¥ó¥¹¤Ë½¾¤Ã¤ÆÍøÍѤ¹¤ë¤³¤È¤¬¤Ç¤­¤ë¥ª¡¼¥×¥ó¥½¡¼¥¹¤Î¥½¥Õ¥È¥¦¥§¥¢¤Ç¤¢¤ê¡¢Linux¤äBSD¡¢Mac OS X¤Ê¤É³Æ¼ïUNIX·Ï¤Î¥·¥¹¥Æ¥à¤ÇÆ°ºî¤¹¤ë¥¢¥ó¥Á¥¦¥¤¥ë¥¹¥½¥Õ¥È¡£¤·¤«¤·yum¤Ç¤Ï¤Ê¤«¤Ê¤«ºÇ¿·ÈǤ˥¢¥Ã¥×¥Ç¡¼¥È¤µ¤ì¤Ê¤¤¤Î¤Çwget¤Ç¥½¡¼¥¹¤«¤é¥¤¥ó¥¹¥È¡¼¥ë¤¹¤ë¤³¤È¤Ë¤¹¤ë¡£

¢£¸Å¤¤¥Ð¡¼¥¸¥ç¥ó¤Îclamav¤¬¤¢¤ë¾ì¹ç¤Ï¥¢¥ó¥¤¥ó¥¹¥È¡¼¥ë¤·¤Æ¤ª¤¯

¥¢¥ó¥¤¥ó¥¹¥È¡¼¥ëÍѤ˥Х寥¢¥Ã¥×¤·¤Æ¤¢¤Ã¤¿¥â¥¸¥å¡¼¥ë¤òŸ³«¡£
[root@server ~]# tar zxvf clamav-0.95.3_self.tar.gz

clamav-0.95.3¤Î¥Ç¥£¥ì¥¯¥È¥ê¤Ø°ÜÆ°
[root@server ~]# cd clamav-0.95.3

clamav-0.95.3¤Î¥¢¥ó¥¤¥ó¥¹¥È¡¼¥ë
[root@server clamav-0.95.3]# make uninstall

clamav-0.95.3¤Î¥Õ¥¡¥¤¥ë¤È¥Ç¥£¥ì¥¯¥È¥ê¡¼¤òºï½ü
[root@server clamav-0.95.3]# cd
[root@server ~]# rm -f clamav-0.95.3_self.tar.gz
[root@server ~]# rm -rf clamav-0.95.3

¸Å¤¤¥Ð¡¼¥¸¥ç¥ó¤Î¥Ç¥£¥ì¥¯¥È¥ê¡¼¤Îºï½ü
[root@server ~]# rm -rf /usr/local/clamav

¢£¥æ¡¼¥¶¤È¥°¥ë¡¼¥×¤ÎºîÀ®

clamav¤Ï¥¤¥ó¥¹¥È¡¼¥ë¤¹¤ëÁ°¤Ë
¡Öclamav¡×¤È¤¤¤¦Ì¾Á°¤Î¥æ¡¼¥¶¤È¥°¥ë¡¼¥×¤òºîÀ®¤·¤Æ¤ª¤¯É¬Íפ¬¤¢¤ë¡£
[root@linux ~]# groupadd clamav
[root@linux ~]# useradd -g clamav -s /bin/false clamav

¢£ºÇ¿·ÈǤÎClamAV¤ò¥À¥¦¥ó¥í¡¼¥É¡¡¡ÊºÇ¿·ÈǤϸø¼°¥µ¥¤¥È¤Ç³Îǧ¤Ç¤­¤ë¡Ë

[root@server ~]# wget http://downloads.sourceforge.net/clamav/clamav-0.96.tar.gz
--2010-04-02 06:55:13--  http://downloads.sourceforge.net/clamav/clamav-0.96.tar.gz
downloads.sourceforge.net ¤òDNS¤ËÌ䤤¤¢¤ï¤»¤Æ¤¤¤Þ¤¹... 216.34.181.59
downloads.sourceforge.net|216.34.181.59|:80 ¤ËÀܳ¤·¤Æ¤¤¤Þ¤¹... Àܳ¤·¤Þ¤·¤¿¡£
HTTP ¤Ë¤è¤ëÀܳÍ×µá¤òÁ÷¿®¤·¤Þ¤·¤¿¡¢±þÅú¤òÂԤäƤ¤¤Þ¤¹... 302 Found
¾ì½ê: http://jaist.dl.sourceforge.net/project/clamav/clamav/0.96/clamav-0.96.tar.gz [³¤¯]
--2010-04-02 06:55:14--  http://jaist.dl.sourceforge.net/project/clamav/clamav/0.96/clamav-0.96.tar.gz
jaist.dl.sourceforge.net ¤òDNS¤ËÌ䤤¤¢¤ï¤»¤Æ¤¤¤Þ¤¹... 150.65.7.130
jaist.dl.sourceforge.net|150.65.7.130|:80 ¤ËÀܳ¤·¤Æ¤¤¤Þ¤¹... Àܳ¤·¤Þ¤·¤¿¡£
HTTP ¤Ë¤è¤ëÀܳÍ×µá¤òÁ÷¿®¤·¤Þ¤·¤¿¡¢±þÅú¤òÂԤäƤ¤¤Þ¤¹... 200 OK
Ťµ: 39792593 (38M) [application/x-gzip]
`clamav-0.96.tar.gz' ¤ËÊݸÃæ

100%[==========================================================>] 39,792,593  4.76M/s »þ´Ö 9.4s

2010-04-02 06:55:23 (4.05 MB/s) - `clamav-0.96.tar.gz' ¤ØÊݸ´°Î» [39792593/39792593]

clamav-0.96¤òŸ³«
[root@server ~]# tar zxvf clamav-0.96.tar.gz

¥À¥¦¥ó¥í¡¼¥É¤·¤¿¥Õ¥¡¥¤¥ë¤òºï½ü
[root@server ~]# rm -f clamav-0.96.tar.gz

clamav-0.96¥Ç¥£¥ì¥¯¥È¥ê¡¼¤Ø°ÜÆ°
[root@server ~]# cd clamav-0.96

Makefile¤ò¼«Æ°ºîÀ®¤¹¤ë¤¿¤á¤Î¥Ä¡¼¥ë¡Öconfigure¡×¤ò¼Â¹Ô¡£
[root@server clamav-0.96]# ./configure --prefix=/usr/local/clamav

make¤ò¼Â¹Ô¤·¡¢clamav¤ò¥¤¥ó¥¹¥È¡¼¥ë
[root@server clamav-0.96]# make
[root@server clamav-0.96]# make install

¢£¥¢¥ó¥¤¥ó¥¹¥È¡¼¥ëÍѤ˥Х寥¢¥Ã¥×¤·¤Æ¤ª¤¯

[root@server clamav-0.96]# cd
[root@server ~]# tar cvf clamav-0.96_self.tar ./clamav-0.96
[root@server ~]# gzip clamav-0.96_self.tar

¢£ÀßÄê¥Õ¥¡¥¤¥ëÊѹ¹
¥¤¥ó¥¹¥È¡¼¥ë¤¬Àµ¾ï¤Ë´°Î»¤·¤¿¤é¤Þ¤º¡¢Æó¤Ä¤ÎÀßÄê¥Õ¥¡¥¤¥ë
/usr/local/clamav/etc/freshclam.conf
/usr/local/clamav/etc/clamd.conf
¤ò¥¨¥Ç¥£¥¿¤Ç³«¤­Example¤È½ñ¤«¤ì¤¿¹Ô¤ò¥³¥á¥ó¥È¥¢¥¦¥È¤·¡¢Êݸ¡£

[root@server ~]# vi /usr/local/clamav/etc/freshclam.conf

# Comment or remove the line below.
Example
¢­
#Example

[root@server ~]# vi /usr/local/clamav/etc/clamd.conf

# Comment or remove the line below.
Example
¢­
#Example

¢£¡Öfreshclam¡×¤ò»ÈÍѤ·¤ÆVirusDB¤ò¥¢¥Ã¥×¥Ç¡¼¥È

[root@server ~]# /usr/local/clamav/bin/freshclam
ClamAV update process started at Fri Apr  2 07:16:41 2010
main.cvd is up to date (version: 52, sigs: 704727, f-level: 44, builder: sven)
Downloading daily-10678.cdiff [100%]
Downloading daily-10679.cdiff [100%]
Downloading daily-10680.cdiff [100%]
Downloading daily-10681.cdiff [100%]
Downloading daily-10682.cdiff [100%]
Downloading daily-10683.cdiff [100%]
Downloading daily-10684.cdiff [100%]
Downloading daily-10685.cdiff [100%]
Downloading daily-10686.cdiff [100%]
Downloading daily-10687.cdiff [100%]
Downloading daily-10688.cdiff [100%]
Downloading daily-10689.cdiff [100%]
Downloading daily-10690.cdiff [100%]
Downloading daily-10691.cdiff [100%]
daily.cld updated (version: 10691, sigs: 49537, f-level: 44, builder: neo)
Downloading bytecode.cvd [100%]
bytecode.cvd updated (version: 5, sigs: 2, f-level: 44, builder: nervous)
Database updated (754266 signatures) from database.clamav.net (IP: 193.1.193.64)

¢£¥¦¥£¥ë¥¹¥¹¥­¥ã¥ó³Îǧ¡Ê/etc/passwd¤ò¥¹¥­¥ã¥ó¤·¤Æ¤ß¤ë¡Ë

[root@server ~]# /usr/local/clamav/bin/clamscan --infected --remove --recursive /etc/passwd

----------- SCAN SUMMARY -----------
Known viruses: 753570
Engine version: 0.96
Scanned directories: 0
Scanned files: 1
Infected files: 0
Data scanned: 0.00 MB
Data read: 0.00 MB (ratio 0.00:1)
Time: 3.654 sec (0 m 3 s)

version: 0.96¤Ç¥¹¥­¥ã¥ó¤µ¤ì¤Æ¤ë¤³¤È¤ò³Îǧ

¢£Clam AntiVirus¤ÎÄê´ü¼«Æ°¼Â¹ÔÀßÄê

ËèÆü¼«Æ°Åª¤Ë¥¦¥£¥ë¥¹ÄêµÁ¥Õ¥¡¥¤¥ëºÇ¿·²½¤·¤Æ¡¢Á´¤Æ¤Î¥Õ¥¡¥¤¥ë¤Î¥¦¥£¥ë¥¹¥¹¥­¥ã¥ó¤ò¹Ô¤¦¥¹¥×¥ê¥¯¥È¤ÎºîÀ® 
[root@linux ~]# vi clamav.sh
#!/bin/bash

PATH=/usr/bin:/bin
# excludelist
excludelist=/root/clamscan.exclude

if [ -s $excludelist ]; then
    for i in `cat $excludelist`
    do
        if [ $(echo "$i"|grep \/$) ]; then
            i=`echo $i|sed -e 's/^\([^ ]*\)\/$/\1/p' -e d`
            excludeopt="${excludeopt} --exclude-dir=$i"
        else
            excludeopt="${excludeopt} --exclude=$i"
        fi
    done
fi
CLAMSCANTMP=`mktemp`
/usr/local/clamav/bin/freshclam > /dev/null
/usr/local/clamav/bin/clamscan --recursive --remove ${excludeopt} / > $CLAMSCANTMP 2>&1
[ ! -z "$(grep FOUND$ $CLAMSCANTMP)" ] && \
grep FOUND$ $CLAMSCANTMP | mail -s "Virus Found in `hostname`" root
rm -f $CLAMSCANTMP

¢£Clam AntiVirusÄê´ü¼«Æ°¼Â¹Ô¥¹¥¯¥ê¥×¥È¤Ë¼Â¹Ô¸¢¸ÂÉÕ²Ã

[root@linux ~]# chmod 700 clamav.sh

¢£cronÊÔ½¸

[root@linux ~]# crontab -e
00 03 * * * /root/clamav.sh¡¡¢«¡¡ÄɲÃ(ËèÆü3:00¤ËClam AntiVirus¤ÎÄê´ü¼«Æ°¼Â¹Ô)

¢£¥¹¥­¥ã¥ó½ü³°ÀßÄê

backup¥Ç¥£¥ì¥¯¥È¥ê¤ò¥¹¥­¥ã¥óÂоݳ°¤Ë¤¹¤ë¤è¤¦¤ËÀßÄê
[root@linux ~]# echo "/backup/" >> clamscan.exclude

²¼µ­¤Î¤è¤¦¤ÊTripwire¤Î¥¨¥é¡¼¥á¡¼¥ë¤¬ÆϤ¤¤¿¡£

### Warning: File system error.
### Filename: /backup/backup.tar.bz2
### Value too large for defined data type
### Continuing...

/backup/backup.tar.bz2¤Î¥Õ¥¡¥¤¥ë¥µ¥¤¥º¤¬2G¤òĶ¤¨¤Æ¤·¤Þ¤Ã¤¿¤¿¤á¡¢2G¤òĶ¤¨¤ë¥Õ¥¡¥¤¥ë¤ËÂбþ¤·¤Æ¤Ê¤¤tripwire¤¬¥¨¥é¡¼¤ò½Ð¤·¤¿¤è¤¦¤À¡£¤Ê¤Î¤Ç¡¢/backup¤Î¥Ç¥£¥ì¥¯¥È¥ê¡¼¤ò¥Á¥§¥Ã¥¯Âоݳ°¤Ë¤¹¤ë¤³¤È¤Ë¤·¤¿¡£

¥Ý¥ê¥·¡¼¥Õ¥¡¥¤¥ë(¥Æ¥­¥¹¥ÈÈÇ)¤ÎÉü³è
[root@server ~]# twadmin -m p -c /etc/tripwire/tw.cfg -p /etc/tripwire/tw.pol -S /etc/tripwire/site.key > /etc/tripwire/twpol.txt

¥Ý¥ê¥·¡¼¥Õ¥¡¥¤¥ë(¥Æ¥­¥¹¥ÈÈÇ)¤ÎÊÔ½¸
[root@server ~]# vi /etc/tripwire/twpol.txt
  ################################################
 #                                              ##
################################################ #
#                                              # #
#  Monitor Filesystems                         # #
#                                              ##
################################################
(
  rulename = "Monitor Filesystems",
)
{
  /                             -> $(ReadOnly) ;
  /home                         -> $(ReadOnly) ;  # Modify as needed
  /usr                          -> $(ReadOnly) ;
  /var                          -> $(ReadOnly) ;
  !/backup;¡¡¢«¡¡/backup¤ò¥Á¥§¥Ã¥¯Âоݳ°¤Ë¤¹¤ë¤Î¤ÇÄɲÃ
}

¥Ý¥ê¥·¡¼¥Õ¥¡¥¤¥ë(°Å¹æ½ð̾ÈÇ)¤òºîÀ®
[root@server ~]# twadmin -m P -c /etc/tripwire/tw.cfg -p /etc/tripwire/tw.pol -S /etc/tripwire/site.key /etc/tripwire/twpol.txt

Please enter your site passphrase:¡¡¢«¡¡¥µ¥¤¥È¥Ñ¥¹¥Õ¥ì¡¼¥º¤òÆþÎÏ
Wrote policy file: /etc/tripwire/tw.pol

¥Ý¥ê¥·¡¼¥Õ¥¡¥¤¥ë(¥Æ¥­¥¹¥ÈÈÇ)¤òºï½ü
[root@server ~]# rm -f /etc/tripwire/twpol.txt

¥Ý¥ê¥·¡¼¥Õ¥¡¥¤¥ë¤è¤ê¥Ç¡¼¥¿¥Ù¡¼¥¹¤òºîÀ®
[root@server ~]# tripwire -m i -s -c /etc/tripwire/tw.cfg
Please enter your local passphrase:¡¡¢«¡¡¥í¡¼¥«¥ë¥Ñ¥¹¥Õ¥ì¡¼¥º¤òÆþÎÏ
¢¨¥Ç¡¼¥¿¥Ù¡¼¥¹¤òºîÀ®¤¹¤ë¤Ë¤Ï·ë¹½»þ´Ö¤¬¤«¤«¤ë

phpMyAdmin¤ÏWeb¥Ö¥é¥¦¥¶¤«¤éMySQL¥Ç¡¼¥¿¥Ù¡¼¥¹¤ò´ÉÍý¤¹¤ë¤¿¤á¤ÎPHP¤Çµ­½Ò¤µ¤ì¤¿¥½¥Õ¥È¥¦¥§¥¢¡£Web¥Ö¥é¥¦¥¶¤«¤éMySQL¤Î¥Æ¡¼¥Ö¥ëÁàºî¡¢¥¤¥ó¥Ý¡¼¥È¡¦¥¨¥¯¥¹¥Ý¡¼¥È¤¹¤ë¤³¤È¤¬½ÐÍè¤ë¡£

¢£¡¡phpMyAdmin¥¤¥ó¥¹¥È¡¼¥ë
¤³¤Á¤é¤ÇºÇ¿·ÈÇ ¤ò³Îǧ¤¹¤ë¤³¤È
¡ÊºÇ¿·ÈǤò³Îǧ¤·¤Æ¥À¥¦¥í¡¼¥É 10/01/11 »þÅÀ¤Ç¤Ï phpMyAdmin 3.2.5¡Ë

[root@linux ~]# wget http://prdownloads.sourceforge.net/phpmyadmin/phpMyAdmin-3.2.5-all-languages.tar.bz2

¥À¥¦¥ó¥í¡¼¥É¤·¤¿phpMyAdmin¤òŸ³«
[root@linux ~]# tar jxvf phpMyAdmin-3.2.5-all-languages.tar.bz2

¸Å¤¤phpMyAdmin¤òºï½ü
[root@linux ~]# rm -rf /var/www/phpmyadmin

phpMyAdminŸ³«Àè¥Ç¥£¥ì¥¯¥È¥ê¤ò½êÄê¤Î¾ì½ê¤Ø¥³¥Ô¡¼
[root@linux ~]# mv phpMyAdmin-3.2.5-all-languages/ /var/www/phpmyadmin

¥À¥¦¥ó¥í¡¼¥É¤·¤¿phpMyAdmin¤òºï½ü
[root@linux ~]# rm -f phpMyAdmin-3.2.5-all-languages.tar.bz2

¢£¡¡php-mysql¥¤¥ó¥¹¥È¡¼¥ë
phpMyAdmin¤ÏPHP¤ÇÆ°ºî¤¹¤ë¤¿¤á¡¢PHP¤«¤éMySQL¥Ç¡¼¥¿¥Ù¡¼¥¹¤Ø¥¢¥¯¥»¥¹¤¹¤ë¤¿¤á¤Î¥Ñ¥Ã¥±¡¼¥¸¡Öphp-mysql¡×¤ò¥¤¥ó¥¹¥È¡¼¥ë¤¹¤ë

[root@linux ~]# yum -y install php-mysql

¢£¡¡mbstring¥â¥¸¥å¡¼¥ë¥¤¥ó¥¹¥È¡¼¥ë
phpMyAdmin ¤Ï mbstring ³ÈÄ¥¤Ê¤·¤Ç¤Ïʸ»úÎó¤òÀµ³Î¤Ëʬ³ä¤¹¤ë¤³¤È¤¬¤Ç¤­¤Ê¤¤¤Î¤Çmbstring¥â¥¸¥å¡¼¥ë¤ò¥¤¥ó¥¹¥È¡¼¥ë¤¹¤ë

[root@linux ~]# yum -y install php-mbstring

¢£¡¡phpMyAdminÀßÄê

phpmyadmin/libraries/config.default.php¤ò̾Á°Êѹ¹¤·¤Æ/var/www/phpmyadmin/¤Îľ²¼¤Ë¥³¥Ô¡¼
[root@linux ~]# cp /var/www/phpmyadmin/libraries/config.default.php /var/www/phpmyadmin/config.inc.php

ÀßÄê¥Õ¥¡¥¤¥ë¤Î¥Ñ¡¼¥ß¥Ã¥·¥ç¥ó¤òÊѹ¹
[root@linux ~]# chmod 660 /var/www/phpmyadmin/config.inc.php

ÀßÄê¥Õ¥¡¥¤¥ëÊÔ½¸
[root@linux ~]# vi /var/www/phpmyadmin/config.inc.php
$cfg['blowfish_secret'] = 'xxxxxxxxxxxx';¡¡¢«¡¡46ʸ»ú°ÊÆâ¤ÎŬÅö¤Êʸ»úÎó¤ò»ØÄê
¢¨¾åµ­¤Ï¥íi¥°¥¤¥ó»þ¤Î¥Ñ¥¹¥ï¡¼¥É°Å¹æ²½¤ÎºÝ¤ËÆâÉôŪ¤ËÍøÍѤµ¤ì¤ë¥Ñ¥¹¥Õ¥ì¡¼¥º¤Ç¤¢¤ê¡¢¥æ¡¼¥¶¤ËÆþÎÏÍ׵ᤵ¤ì¤ë¤â¤Î¤Ç¤Ï¤Ê¤¤

phpMyAdmin¤Î½êÍ­¼Ô¤òÊѹ¹
[root@linux ~]# chown -R root.apache /var/www/phpmyadmin/

¢£¡¡ApacheÀßÄê
phpMyAdminÍÑApacheÀßÄê¥Õ¥¡¥¤¥ëºîÀ®

[root@linux ~]# vi /etc/httpd/conf.d/phpmyadmin.conf
Alias /phpmyadmin /var/www/phpmyadmin

ÆâÉô¤ÈÆÃÄê¤Î³°ÉôIP¤«¤é¤Î¤ß¥¢¥¯¥»¥¹¤Ç¤­¤ë¤è¤¦¤Ë»ØÄꤹ¤ë
<Location /phpmyadmin>
    Order deny,allow
    Deny from all
    Allow from 127.0.0.1¡¡¢«¡¡¥µ¡¼¥Ð¡¼¼«¿È¤«¤é¤Î¥¢¥¯¥»¥¹¤òµö²Ä
    Allow from 192.168.1.¡¡¢«¡¡ÆâÉô¥Í¥Ã¥È¥ï¡¼¥¯¤«¤é¤Î¥¢¥¯¥»¥¹¤òµö²Ä
    Allow from xxx.xxx.xxx.xxx¡¡¢«¡¡ÆÃÄê¤Î³°ÉôIP(xxx.xxx.xxx.xxx)¤«¤é¤Î¥¢¥¯¥»¥¹¤òµö²Ä
</Location>

[root@linux ~]# /etc/rc.d/init.d/httpd reload¡¡¢«¡¡ApacheÀßÄêÈ¿±Ç
httpd ¤òºÆÆɤ߹þ¤ßÃæ:                                      [  OK  ]

²ñ¼ÒÅù¤«¤é¥¢¥¯¥»¥¹¤¹¤ë¾ì¹ç¡¢¼«Ê¬¤Î²ñ¼Ò¤ÎÀܳ´Ä¶­¡ÊIP¥¢¥É¥ì¥¹¡Ë¤òÄ´¤Ù¡¢/etc/hosts.allow¤ØÅÐÏ¿¤¹¤ëɬÍפ¬¤¢¤ë¡£¤½¤ó¤Ê»þ¤Ï¿ÇÃǤ¯¤ó¤Ç³Îǧ¤Ç¤­¤ë¡£

¢£¡¡phpMyAdmin³Îǧ
http://¥µ¡¼¥Ð¡¼Ì¾/phpmyadmin/¤Ø¥¢¥¯¥»¥¹¤·¤Æ¡¢phpMyAdmin¤Î¥í¥°¥¤¥ó²èÌ̤¬É½¼¨¤µ¤ì¤ë¤³¤È
MySQL¤ËÅÐÏ¿¤µ¤ì¤Æ¤¤¤ë¥¢¥«¥¦¥ó¥È¤Ç¥í¥°¥¤¥ó¤Ç¤­¤ë¤³¤È

¢¨¥¢¥¯¥»¥¹¤·¤Æ¤ß¤ë¤È¡ÖPHP ¤ò 5.2 °Ê¹ß¤Ë¥¢¥Ã¥×¥°¥ì¡¼¥É¤·¤Æ¤¯¤À¤µ¤¤¡×¤È¤¤¤¦¥¨¥é¡¼¥á¥Ã¥»¡¼¥¸¤¬½Ð¤Æ¤­¤¿¡£

¢£¡¡¥¤¥ó¥¹¥È¡¼¥ë¤µ¤ì¤Æ¤ëphp¥Ð¡¼¥¸¥ç¥ó³Îǧ
[root@linux ~]# yum list installed php*

php.i386                                 5.1.6-20.el5_2.1       installed
php-cli.i386                             5.1.6-20.el5_2.1       installed
php-common.i386                          5.1.6-20.el5_2.1       installed
php-gd.i386                              5.1.6-20.el5_2.1       installed
php-mbstring.i386                        5.1.6-20.el5_2.1       installed
php-mysql.i386                           5.1.6-20.el5_2.1       installed
php-pdo.i386                             5.1.6-20.el5_2.1       installed

¢£¡¡php¤ò5.2°Ê¹ß¤Î¥Ð¡¼¥¸¥ç¥ó¤Ë¥¢¥Ã¥×¥°¥ì¡¼¥É

[root@linux ~]# rpm --import http://www.jasonlitka.com/media/RPM-GPG-KEY-jlitka

¥ê¥Ý¥¸¥È¥ê¤òÄɲÃ
[root@linux ~]# vi /etc/yum.repos.d/utterramblings.repo
[utterramblings]
name=Jason¡Çs Utter Ramblings Repo
baseurl=http://www.jasonlitka.com/media/EL$releasever/$basearch/
enabled=1
gpgcheck=1
gpgkey=http://www.jasonlitka.com/media/RPM-GPG-KEY-jlitka

¢£¡¡php¤Î¥¢¥Ã¥×¥°¥ì¡¼¥É

[root@linux ~]# yum update php

http://¥µ¡¼¥Ð¡¼Ì¾/phpmyadmin/¤Ø¥¢¥¯¥»¥¹¤·¤Æ¤ß¤ë¤È
¡Ömcrypt ³ÈÄ¥¤ò¥í¡¼¥É¤Ç¤­¤Þ¤»¤ó¡£PHP ¤ÎÀßÄê¤ò³Îǧ¤·¤Æ¤¯¤À¤µ¤¤¡×¤È¤¤¤¦¥¨¥é¡¼¥á¥Ã¥»¡¼¥¸¤¬½Ð¤Æ¤­¤¿¡£

¢£¡¡php-mcrypt¤ò¥¤¥ó¥¹¥È¡¼¥ë

[root@linux ~]# yum install php-mcrypt

¢£¡¡php¥Ð¡¼¥¸¥ç¥ó³Îǧ

[root@linux ~]# yum list installed php*

php.i386                                 5.2.6-jason.1          installed
php-cli.i386                             5.2.6-jason.1          installed
php-common.i386                          5.2.6-jason.1          installed
php-gd.i386                              5.2.6-jason.1          installed
php-mbstring.i386                        5.2.6-jason.1          installed
php-mcrypt.i386                          5.2.6-jason.1          installed
php-mysql.i386                           5.2.6-jason.1          installed
php-pdo.i386                             5.2.6-jason.1          installed

¢£¡¡¥ê¥Ý¥¸¥È¥ê¤ò̵¸ú¤Ë¤¹¤ë

[root@linux ~]# vi /etc/yum.repos.d/utterramblings.repo
enabled=1
¡¡¢­
enabled=0

¢£¡¡Apache¤ÎºÆµ¯Æ°

[root@linux ~]# /etc/rc.d/init.d/httpd restart

¢£¡¡PHP ¤Î½é´üÀßÄê¤ÎÊѹ¹
¥ê¥¹¥È¥¢¤ÇÍøÍѤǤ­¤ë¥Ð¥Ã¥¯¥¢¥Ã¥×¥Ç¡¼¥¿¤ÎºÇÂ祵¥¤¥º¤Ï2,048KB ¤È½ñ¤«¤ì¤Æ¤¤¤ë¤È¤ª¤ê¡¢ ¥Ç¥Õ¥©¥ë¥È ¤Ç¤Ï2 MB ¤Ë¤Ê¤Ã¤Æ¤¤¤ë¡£¤³¤ì¤ÏphpMyAdmin¤ÎÀ©¸Â¤Ç¤Ï¤Ê¤¯¡¢ PHP ¤Î½é´üÀßÄê¤Ç¤ÎÀ©¸Â¡£ ¤³¤ì¤òÊѹ¹¤¹¤ë¤Ë¤Ï¡¢ "/etc/php.ini" ¤ò³«¤­¡¢ "upload_max_filesize" ¥Ç¥£¥ì¥¯¥Æ¥£¥Ö ¤ò½¤Àµ¡£

/etc/php.ini¤ò cp ¥³¥Þ¥ó¥É¤Ç¥Ð¥Ã¥¯¥¢¥Ã¥×¤òºîÀ®¤·¤Æ¤«¤éºî¶È¤¹¤ë¤è¤¦¤Ë¤¹¤ë¡£

[root@server ~]# cp -p /etc/php.ini /etc/php.ini.org
[root@server ~]# vi /etc/php.ini

;;;;;;;;;;;;;;;;
; File Uploads ;
;;;;;;;;;;;;;;;;

; Whether to allow HTTP file uploads.
file_uploads = On

; Temporary directory for HTTP uploaded files (will use system default if not
; specified).
;upload_tmp_dir =

; Maximum allowed size for uploaded files.
upload_max_filesize = 2M
¢­
upload_max_filesize = 30M¡¡¢«¡¡30M¤ËÊѹ¹