instalasi web server di linux

April 7, 2010 by gregor · Leave a Comment
Filed under: PHP, apache, modsecurity 

Tutorial ini menggunakan sistem operasi linux fedora core 12 dan versi terbaru dari apache: httpd-2.2.15.tar.bz2, php: php-5.3.2.tar.bz2, modsecurity: modsecurity-apache_2.5.12.tar.gz, modsecurity core rules: modsecurity-crs_2.0.6.tar.gz

instalasi apache:
hapus apache bawaan fedora core 12
$ rpm -qa |grep httpd

httpd-tools-2.2.13-4.fc12.i686
httpd-2.2.13-4.fc12.i686

$ rpm -e gnome-user-share httpd httpd-tools

download apache terbaru
$ wget http://apache.the.net.id/httpd/httpd-2.2.15.tar.bz2
$ tar xjfv httpd-2.2.15.tar.bz2
$ cd httpd-2.2.15

Untuk menyamarkan web server yang dipakai (security in obscurity):

$ cd httpd-2.2.15/include
$ vi ap_release.h

#define AP_SERVER_BASEVENDOR “Apache Software Foundation” -> #define AP_SERVER_BASEVENDOR “software inc.”
#define AP_SERVER_BASEPRODUCT “Apache” -> #define AP_SERVER_BASEPRODUCT “webserv”

save and exit vi dengan perintah :wq
$ cd ..

$ ./configure –-prefix=/usr/local/apache2 –enable-so –enable-ssl –with-ldap –enable-ldap –enable-auth-ldap –disable-info –disable-status –disable-autoindex –disable-imap –disable-include –disable-userdir –enable-rewrite –enable-unique-id

$ make
$ make install
$ cat /etc/passwd |grep apache

jika ditemukan apache:

$vi /usr/local/apache2/conf/httpd.conf

ganti User dan Group daemon menjadi:

User apache
Group apache

save and exit vi

instalasi modsecurity:
$ wget http://nchc.dl.sourceforge.net/project/mod-security/modsecurity-apache/2.5.12/modsecurity-apache_2.5.12.tar.gz
$ tar xzfv modsecurity-apache_2.5.12.tar.gz
$ cd modsecurity-apache_2.5.12/apache2
$ ./configure –with-apxs=/usr/local/apache2/bin/apxs

terjadi error sebagai berikut :


configure: looking for Apache module support via DSO through APXS
configure: found apxs at /usr/local/apache2/bin/apxs
configure: checking httpd version
configure: httpd is recent enough
checking for libpcre config script… no
configure: *** pcre library not found.
configure: error: pcre library is required

$ wget ftp://fr2.rpmfind.net/linux/fedora/releases/12/Everything/i386/os/Packages/pcre-devel-7.8-3.fc12.i686.rpm
$ rpm -ivh pcre-devel-7.8-3.fc12.i686.rpm
$ ./configure –with-apxs=/usr/local/apache2/bin/apxs

terjadi error lagi sebagai berikut :


configure: using ‘-lpcre’ for pcre Library
checking for libapr config script… no
configure: *** apr library not found.
configure: error: apr library is required

$ ./configure –with-apxs=/usr/local/apache2/bin/apxs –with-apr=/usr/local/apache2/bin/apr-1-config –with-apu=/usr/local/apache2/bin/apu-1-config
$ make
$ make install

$ vi httpd.conf
tambahkan baris-baris berikut :

LoadFile /usr/lib/libxml2.so
LoadFile /usr/lib/liblua-5.1.so
LoadModule security2_module modules/mod_security2.so

save and exit vi
instalasi modsecurity core rules :

$ cd /usr/local/apache2
$ wget http://nchc.dl.sourceforge.net/project/mod-security/modsecurity-crs/0-CURRENT/modsecurity-crs_2.0.6.tar.gz
$ tar xzfv modsecurity-crs_2.0.6.tar.gz
$ mv modsecurity-crs_2.0.6 modsecurity-crs
$ vi httpd.conf
tambahkan baris-baris berikut :

Include conf/modsecurity-crs/*.conf
Include conf/modsecurity-crs/base_rules/*.conf

save and exit vi

membuat startup script untuk apache :

$ vi /etc/rc.d/init.d/httpd2

tambahkan baris-baris berikut :

#!/bin/sh
#
# Startup script for the Apache Web Server
# chkconfig: 345 85 15
# description: Apache is a World Wide Web server.  It is used to serve \
#              HTML files and CGI.
# processname: httpd
# pidfile: /var/run/httpd.pid
# config: /usr/local/apache2/conf/access.conf
# config: /usr/local/apache2/conf/httpd.conf
# config: /usr/local/apache2/conf/srm.conf
# Source function library.
. /etc/rc.d/init.d/functions
case “$1″ in
’start’)
/usr/local/apache2/bin/apachectl start
;;
’stop’)
/usr/local/apache2/bin/apachectl stop
;;
‘restart’)
/usr/local/apache2/bin/apachectl restart
;;
*)
echo “Usage: $0 {start|stop|restart}”
exit 1
esac
exit 0

save and exit vi

$ chkconfig –add httpd2
$ service httpd2 start

httpd: Syntax error on line 55 of /usr/local/apache2/conf/httpd.conf: Cannot load /usr/lib/liblua5.1.s into server: /usr/lib/liblua5.1.s: cannot open shared object file: No such file or directory

$ wget ftp://fr2.rpmfind.net/linux/fedora/releases/12/Everything/i386/os/Packages/lua-devel-5.1.4-4.fc12.i686.rpm
$ rpm -Uvh lua-devel-5.1.4-4.fc12.i686.rpm
$ service httpd2 start

instalasi PHP :
$ wget http://id.php.net/distributions/php-5.3.2.tar.bz2
$ tar xjfv php-5.3.2.tar.bz2
$ cd php-5.3.2
$ ./configure –with-apxs2=/usr/local/apache2/bin/apxs –enable-magic-quotes –with-openssl –with-zlib –with-bz2 –enable-ftp –with-gd –enable-mbstring –with-freetype-dir –with-jpeg-dir

terjadi error sebagai berikut :
….
checking for fabsf… yes
checking for floorf… yes
configure: error: libjpeg.(a|so) not found.

insert fedora DVD and mount
$ cd /mnt/Packages
$ ls *jpeg*
$ rpm -Uvh libjpeg-6b-46.fc12.i686.rpm libjpeg-devel-6b-46.fc12.i686.rpm

lakukan configure lagi

$ make
$ make test
$ make install
$ cp php.ini-development /usr/local/lib/php.ini
$ vi /usr/local/lib/php.ini
sesuaikan beberapa opsi sebagai berikut :

expose_php = Off
display_erros = Off
short_open_tag = On

date.timezone = Asia/Jakarta

save and exit vi

$ mkdir /var/log/httpd
$ vi /usr/local/apache2/conf/httpd.conf

tambahkan baris-baris berikut :

LoadModule php5_module modules/libphp5.so
<FilesMatch \.php$>
SetHandler application/x-httpd-php
</FilesMatch>
ErrorLog “/var/log/httpd/error_log”
CustomLog “/var/log/httpd/access_log” combined
DirectoryIndex index.php index.html

save and exit vi

$ service apache2 restart
$ cd /usr/local/apache2/conf/modsecurity-crs/base_rules
$ vi modsecurity_crs_50_outbound.conf

untuk menampilkan nomor baris pada vi berikan perintah :set number lalu cari baris 85 seperti berikut:

SecRule RESPONSE_BODY “!@pmFromFile modsecurity_50_outbound.data” \
“phase:4,rev:’2.0.6′,t:none,capture,t:urlDecodeUni,t:htmlEntityDecode,nolog,skipAfter:END_OUTBOUND_CHECK”

lalu edit menjadi :

SecRule RESPONSE_BODY “!@pmFromFile modsecurity_50_outbound.data” \
“phase:4,rev:’2.0.6′,t:none,capture,t:urlDecodeUni,t:htmlEntityDecode,pass,nolog,skipAfter:END_OUTBOUND_CHECK”

save and exit vi

$ cd /usr/local/apache2/conf/modsecurity-crs/
$ vi modsecurity_crs_10_config.conf

SecDefaultAction “phase:2,deny”

SecRuleEngine On

SecAuditEngine RelevantOnly
SecUploadDir /var/log/modsecurity/SecUploadDir
SecAuditLog /var/log/modsecurity/modsec_audit.log
SecAuditLogParts ABIFHZ
SecAuditLogStorageDir /var/log/modsecurity/SecAuditLogStorageDir
SecDebugLog /var/log/modsecurity/modsec_debug.log
SecDataDir /var/log/modsecurity/SecDataDir
SecTmpDir /var/log/modsecurity/SecTmpDir
SecDebugLogLevel 3

save and exit vi

$ mkdir /var/log/modsecurity
$ mkdir /var/log/modsecurity/SecTmpDir
$ mkdir /var/log/modsecurity/SecDataDir
$ mkdir /var/log/modsecurity/SecUploadDir
$ chown -R apache.apache /var/log/modsecurity
$ service apache2 restart

test instalasi dengan :

$ vi ls /usr/local/apache2/htdocs/test.php

<?php
echo “testing”;
?>

save and exit vi
dari browser panggil http://192.168.5.18/test.php. jika instalasi berhasil maka akan muncul testing

Tags: , ,