[转载]两个小脚本:xfce-4.2.2.sh and amp-0.1.4.sh
原始连接:[url]http://bbs.gliet.edu.cn/bbs/index.php?showtopic=94069[/url]xfce-4.2.2.sh:
用于从源代码安装Xfce-4.2.2,如果用于其它版本,只需要修改脚本中关于版本的变量即可。
PS:已在OpenBSD 3.7和FreeBSD-5.4-release中测试通过。
amp-0.1.4.sh:
用于从源代码安装OpenSSL+Apache+mod_security+MySQL+PHP,并分别将Apache和MySQL进行chroot。
PS:已在Magic Linux 1.2 Final和FreeBSD-5.4-release中测试通过。
xfce-4.2.2.sh
[code]#!/usr/local/bin/bash
export ROOTDIR=$(pwd)
dbh_version="1.0.24"
gtkxfceengine_version="2.2.7"
xfce_version="4.2.2"
INSTALL_PREFIX=/usr/local
libpkg=(
dbh-${dbh_version} \
gtk-xfce-engine-${gtkxfceengine_version} \
libxfce4mcs-${xfce_version} \
libxfce4util-${xfce_version} \
libxfcegui4-${xfce_version}
)
function pkg_extract()
{
echo -ne "\n\t Extracting $1 ..."
tar zxf $1
echo -e "\t Done"
}
function check_exit()
{
if [ X$? == X0 ]
then
continue
else
echo $(pwd)
exit 100
fi
}
function libpkg_extract()
{
for lib in ${libpkg[@]}
do
pkg_extract $lib.tar.gz
done
}
function libpkg_install()
{
for pkg in ${libpkg[@]}
do
cd $ROOTDIR/$pkg && \
pwd && \
./configure --prefix=${INSTALL_PREFIX}&& \
make&&make install
check_exit
done
}
cd $ROOTDIR&& \
ls xf*${xfce_version}.tar.gz>xfpkglist.txt
function xfce_pkg_extract()
{
cd $ROOTDIR&& \
for pkg in $(cat xfpkglist.txt)
do
pkg_extract $pkg.tar.gz
done
}
cd $ROOTDIR&& \
for pkg in $(cat xfpkglist.txt )
do
echo $pkg |sed 's/\.tar\.gz//g' >>xfpkglist;
done
rm xfpkglist.txt&& mv xfpkglist xfpkglist.txt
function xfce_pkg_install()
{
cd $ROOTDIR&& \
for pkg in $(cat xfpkglist.txt)
do
cd $ROOTDIR/$pkg && \
pwd && \
./configure --prefix=${INSTALL_PREFIX}&& \
make&&make install
check_exit
done
}
libpkg_extract&& \
libpkg_install&& \
xfce_pkg_extract&& \
xfce_pkg_install&& \
echo -e "\n\t Done"[/code]
amp-0.1.4.sh
[code]#!/usr/local/bin/bash
# 文件名 : amp-0.1.4.sh ( Apache+MySQL+PHP+Chroot,版本:0.1.4 . )
# 作者 : [email]MichaelBibby@gmail.com[/email]
# 完成时间 : 2005/09/26
# *******************************************************************************
# 所使用的软件列表:
# 1: mysql-4.1.13.tar.gz ([url]www.mysql.com[/url])
# 2: httpd-2.0.54.tar.bz2 ([url]www.apache.org[/url])
# 3: php-4.4.0.tar.bz2 ([url]www.php.net[/url])
# 4: mod_security-1.8.6.tar.gz ([url]www.modsecurity.org[/url])
# 5: OpenSSL-0.9.8.tar.gz ([url]www.openssl.org[/url])
# 6: Chrootuid (需要自行下载编译安装)
# 7: Bash shell
# *******************************************************************************
# *******************************************************************************
# 实现的功能:
# 1: 编译安装 OpenSSL / MySQL / Apache / Mod_Security / PHP .
# 2: 为 Apache(httpd-2.0.54)添加了 mod_security 模块(防止CSS/SQL注入式攻击).
# 3: 提供初步的 Chroot 功能 (由函数 mysqld_chrooted 和 httpd_chrooted 完成).
# 4: 提供脚本方便启动和停止 MySQL (由函数 mysql_server_script 完成).
# 5: 提供脚本方便启动和停止 Apache (由函数 httpd_server_script 完成).
# 6: Apache(chrooted)支持CGI (Apache编译选项和函数 copy_perl_and_libs).
# 7: 为 MySQL / Apache / PHP 增加了 openssl 支持.
# *******************************************************************************
# *******************************************************************************
# 参考文章:
# Secutiry Apache/MySQL/PHP : Step by step
# [url]http://www.securityfocus.com/infocus/1694[/url]
# [url]http://www.securityfocus.com/infocus/1726[/url]
# [url]http://www.securityfocus.com/infocus/1706[/url]
# FreeBSD下构建安全的Web服务器:
# [url]http://fanqiang.chinaunix.net/system/bsd/2005-07-06/3369.shtml[/url]
#
# 非常谢谢各位作者的精彩文章.
# *******************************************************************************
# *******************************************************************************
# 一些说明:
# 1: MySQL配置文件(my.cnf)位置:
# /etc,${MYSQLD_CHROOTED_DIR}/etc
# 2: Apache配置文件(httpd.conf)位置:
# ${APACHE_PREFIX}/conf,${HTTPD_CHROOTED_DIR}/${APACHE_PREFIX}/conf
# 3: mysql.sock(Chrooted MySQL)的位置:
# ${MYSQLD_CHROOTED_DIR}/tmp,${HTTPD_CHROOTED_DIR}/tmp/mysql.sock
# 4: php.ini文件的位置:
# ${APACHE_PREFIX}/conf,${HTTPD_CHROOTED_DIR}/${APACHE_PREFIX}/conf
# 5: 如何使用 PHP 连接已经 chroot 的 MySQL 数据库:
# 成功启动 MySQL 后,将 mysql.sock 做一个硬连接(hard link)到
# ${HTTPD_CHROOTED_DIR}/tmp/ 即可,命令为:
# ln ${MYSQL_SOCKET} ${HTTPD_CHROOTED_DIR}/tmp
# 须注意的是,硬连接的两个文件必须是在同一分区.
# 6: 启动脚本的位置:
# mysql_(un)chrooted.amp.sh --> /usr/local/etc/rc.d (FreeBSD)
# --> /etc/rc.d (Linux)
# apache2_chrooted.amp.sh --> /usr/local/etc/rc.d (FreeBSD)
# --> /etc/rc.d (Linux)
# *******************************************************************************
# *******************************************************************************
# ChangeLog :
# 0.1.3 -> 0.1.4 2005/09/26 :
# 1: 修改 group_add 和 user_add 函数,加入了对所用系统的判断.如果是FreeBSD系统,则仍然
# 使用 pw 命令来添加组或用户;如果为非 FreeBSD 系统,则直接用 useradd 和 groupadd 命令
# 来添加;
# 2: 修改了*_flags参数,增加编译选项;
# 3: 为了解决PHP在编译时找不到apxs的问题,在 php_install 函数中增加了export PATH;
# 4: 脚本改名为 amp 而不是 famp(stand for FreeBSD+amp) 或者 lamp(stand for Linux+amp);
#
# 0.1.2 -> 0.1.3 2005/09/09 :
# 1: 添加函数 pkg_extract ,方便解压各软件包;
# 2: 添加变量 *_suffix ,定义各软件包的扩展名;
# 3: 增加 OpenSSL ,并为各软件包添加 OpenSSL 支持;
# 4: 为 mysql_chrooted.amp.sh 脚本增加函数socket_link,使得在mysql启动时自动做一
# 个 mysql.sock 的硬连接到 ${HTTPD_CHROOTED_DIR}/tmp/ .这样就可以在每次启动
# MySQL 时HTTP的程序(e.g:bbs,phpMyAdmin等)都可以正常连接数据库.
#
# 0.1.1 -> 0.1.2 2005/09/09 :
# 1: 为启动脚本加上所有者(root:sys),并设置权限为700;
# 2: 修正了 "Script Main" 中 "MySQL" 部分的一个错误;
# 3: 修正了MySQL生成的pid文件的获取方法(hostname -s);
# 4: 将各软件的编译选项交由 *_FLAGS 变量控制;
# 5: 函数 *_server_script ,脚本内容由直接重定向到脚本文件改成重定向到文件描述符;
#
# 0.1 -> 0.1.1 2005/09/05 :
#
# *******************************************************************************
export ROOTDIR=$(pwd)
# 各软件版本
export openssl_version="0.9.8"
export mysql_version="4.1.13"
export httpd_version="2.0.54"
export php_version="4.4.0"
export mod_security_version="1.8.6"
# 各软件源码包的扩展名
export openssl_suffix="tar.gz"
export mysql_suffix="tar.gz"
export httpd_suffix="tar.bz2"
export php_suffix="tar.bz2"
export mod_security_suffix="tar.gz"
# 定义各软件的安装目录
export OPENSSL_PREFIX="/usr/local/openssl"
export MYSQL_PREFIX="/usr/local/mysql"
export APACHE_PREFIX="/usr/local/apache2"
export PHP_PREFIX="/usr/local/php"
# PHP 相关
export MYSQL_LIB_PREFIX="${MYSQL_PREFIX}/lib/mysql"
export APXS_PREFIX="${APACHE_PREFIX}/bin/apxs"
export PHP_INI_PATH="${APACHE_PREFIX}/conf"
# 定义各软件的编译选项
OPENSSL_FLAGS="--prefix=${OPENSSL_PREFIX}"
MYSQL_FLAGS="--prefix=${MYSQL_PREFIX} \
--with-openssl=${OPENSSL_PREFIX} \
--with-openssl-includes=${OPENSSL_PREFIX}/include \
--with-openssl-libs=${OPENSSL_PREFIX}/lib \
--with-unix-socket-path=/tmp/mysql.sock \
--with-mysqld-user=mysql \
--with-extra-charsets=all \
--with-charset=gb2312 \
--without-debug"
HTTPD_FLAGS="--prefix=${APACHE_PREFIX} \
--enable-so \
--enable-ssl \
--with-ssl=${OPENSSL_PREFIX} \
--enable-static-support \
--enable-static-htpasswd \
--enable-static-htdigest \
--enable-static-ab \
--enable-static-htdbm \
--enable-static-logresolve \
--enable-static-rotatelogs \
--enable-access \
--enable-log_config \
--enable-dir \
--enable-mime \
--enable-auth-anon \
--enable-auth-dbm \
--enable-auth-digest \
--enable-cgi \
--enable-cgid \
--disable-rewrite"
PHP_FLAGS="--prefix=${PHP_PREFIX} \
--with-apxs2=${APXS_PREFIX} \
--with-mysql=${MYSQL_PREFIX} \
--with-openssl=${OPENSSL_PREFIX} \
--with-kerberos=${OPENSSL_PREFIX} \
--with-imap-ssl=${OPENSSL_PREFIX} \
--with-openssl-dir=${OPENSSL_PREFIX} \
--with-openssl-dir=${OPENSSL_PREFIX} \
--with-config-file-path=${PHP_INI_PATH} \
--disable-ipv6 \
--disable-debug \
--disable-cgi \
--disable-fastcgi"
# Chroot Apache 相关
export CHROOT="/usr/sbin/chroot"
export HTTPD_CHROOTED_DIR="/chrooted/httpd"
export APACHE_PID_FILE="${HTTPD_CHROOTED_DIR}/${APACHE_PREFIX}/logs/httpd.pid"
export HTTPD="${APACHE_PREFIX}/bin/httpd"
# Chroot MySQL 相关
export CHROOTUID="/usr/local/sbin/chrootuid"
export MYSQLD_CHROOTED_DIR="/chrooted/mysql"
export MYSQLD="${MYSQL_PREFIX}/libexec/mysqld"
# mod_security 相关
# mod_security 安装完成后,相关文档存放的位置
export MOD_SECURITY_DOC="${HTTPD_CHROOTED_DIR}/${APACHE_PREFIX}/manual/mod_security-${mod_security_version}"
# CGI(PERL)相关
export PERL_PREFIX="/usr/local/bin/perl"
export LINKFILE=(~/.mysql_history ~/.bash_history ~/.history)
# 须以root身份运行此脚本,便于添加用户、安装软件、创建目录、复制文件等操作
function runner_check()
{
runner=$(id -un)
if [ X${runner} = Xroot ]
then
:
else
print_msg "\a\n\t You should run this script as ROOT !"
print_msg "\t Script exit now ...\n"
exit 2
fi
}
# 检查软件安装目录是否存在.不存在则创建之
function dir_check()
{
if [ -d $1 ]
then
:
else
mkdir -p $1
fi
}
# 用来彩色显示信息
function print_msg()
{
echo -e "\033[30m\033[42m $@ \033[0m\033[0m"
}
# echo带-n选项
function print_msg_n()
{
echo -ne "\033[30m\033[42m $@ \033[0m\033[0m"
}
# 用来解压.tar.gz和.tar.bz2格式的软件包
function pkg_extract()
{
cd $ROOTDIR&& \
print_msg_n "\t Extracting $1 now ..."
case $1 in
*.tar.gz) tar -zxf $1;;
*.tar.bz2) tar -xjf $1;;
*) print_msg '[Error] : Unsupport';;
esac
print_msg "\t\tDone\n"
}
# 检查系统是否已经存在某个组或用户,不存在则询问是否创建
function group_user_check_add()
{
# 使用 pw 命令来添加组或用户
function group_add()
{
print_msg_n "\n\t Add group $1 now ..."
system=$(uname -s)
if [ X$system == XFreeBSD ]
then
pw groupadd $1
else
groupadd $1
fi
print_msg "\t Done\n"
}
function user_add()
{
print_msg_n "\n\t Add user $1 now ..."
system=$(uname -s)
if [ X$system == XFreeBSD ]
then
pw useradd -c "$1 Server Account" -g $1 -d /dev/null -s /sbin/nologin $1
else
useradd -c "$1 Server Account" -g $1 -d /dev/null -s /sbin/nologin $1
fi
print_msg "\t Done\n"
}
# 用执行 grep 命令的退出状态值来判断是否存在某个组或用户
cat /etc/group | grep -i $1 >/dev/null
status_check_group=$?
cat /etc/passwd | grep -i $1 >/dev/null
status_check_user=$?
if [ X${status_check_group} == X0 -a X${status_check_user} == X0 ]
then
print_msg "\n\tGROUP and USER $1 exist,script continue ...\n"
elif [ X${status_check_group} != X0 ] # 若某个组不存在,则用户无法添加到该组中,将导致创建用户失败
then
print_msg "\a\n\tPlease add group and user $1 to your system !\n"
print_msg_n "Would you like to add them now ? [y|n] "
read answer
case $answer in
y|Y ) group_add $1&& user_add $1;;
n|N|* ) print_msg "\a\n\t Script exit now ..."; exit 1;;
esac
elif [ X${status_check_group} == X0 -a X${status_check_user} != X0 ]
then
print_msg "\a\n\t Group '$1' is already exist .\n"
print_msg "\n\t Please add user '$1' to your system !\n"
print_msg_n "Would you like to add the user now ? [y|n] "
read answer
case $answer in
y|Y ) user_add $1;;
n|N|* ) print_msg "\a\n\t Script exit now ..."; exit 1;;
esac
fi
}
# 函数 move_script ,监测目录 /usr/local/etc/rc.d (FreeBSD)是否存在
# 如存在,则复制脚本到该目录;不存在则由用户指定目录
# Usage : move_script server_script directory
function move_script()
{
if [ -d $2 ]
then
print_msg "\n\t Coping server script $1 to $2 ..."
mv $1 $2
else
print_msg "\a\n\t Coping server script $1 to $2 ..."
print_msg "\n\t [Error] : Directory $2 doesn't exist."
print_msg_n "\t Which directory do you want the server script put ?"
print_msg "\t If you are using Linux,maybe the /etc/init.d/ directory ...[enter 'no' to skip ]"
read directory
if [ X${directory} == Xno ]
then
:
else
move_script $1 $directory
fi
fi
}
# 为了不泄漏操作记录,删除 history 文件,并将history链接为/dev/null文件.
function history_file_link()
{
for linkfile in ${LINKFILE[*]} # 调用数组元素.
do
if [ -e $linkfile ] # test command : use -e option
then
rm -f $linkfile
ln -s /dev/null $linkfile
else
ln -s /dev/null $linkfile
fi
done
}
# *************************************************************************
# *************************** INSTALL OpenSSL *****************************
# *************************************************************************
function openssl_extract()
{
pkg_extract openssl-${openssl_version}.${openssl_suffix}
}
function openssl_install()
{
cd $ROOTDIR/openssl-${openssl_version}&& \
./config ${OPENSSL_FLAGS}&& \
make&& make install&& \
print_msg "\n\tOpenSSL has been installed successfully !\n"
}
# *************************************************************************
# *********************** INSTALL and CHROOT MySQL ************************
# *************************************************************************
# 解压
function mysql_extract()
{
pkg_extract mysql-${mysql_version}.${mysql_suffix}
}
# 编译安装MYSQL
function mysql_install()
{
cd $ROOTDIR/mysql-${mysql_version}&& \
./configure ${MYSQL_FLAGS}&& \
make&& \
make install&& \
print_msg "\n\tMySQL has been installed successfully !\n"
}
# 数据库初始化及初步配置
function mysql_init_conf()
{
# 复制配置文件 my.cnf
for directory in /etc ${MYSQLD_CHROOTED_DIR}/etc
do
cp $ROOTDIR/mysql-${mysql_version}/support-files/my-medium.cnf.sh $directory/my.cnf
cp $ROOTDIR/mysql-${mysql_version}/support-files/my-{medium,small,large,huge}.cnf.sh $directory
done
# 复制libmysqlclient.so.*库文件(支持PHP,或者支持 Postfix (support MySQL) 等软件)
cp ${MYSQL_LIB_PREFIX}/libmysqlclient.so.* /usr/lib
# MYSQL数据库初始化
sh ${MYSQL_PREFIX}/bin/mysql_install_db
# 修改MYSQL安装目录的正确权限,以保证正常运行
chown -R mysql:mysql ${MYSQL_PREFIX}
}
# 生成简单的脚本文件:mysql_unchrooted.amp.sh 和 mysql_chrooted.amp.sh,并将这两个脚本
# 移动到目录 /usr/local/etc/rc.d .使系统启动时启动 MySQL 数据库,并且可用于方便地启动和停止 MySQL
function mysql_server_script()
{
# 生成脚本 mysql_unchrooted.amp.sh,默认不具有可执行权限
function unchrooted_script()
{
# **** Create a unchroot mysql server script : mysql_unchrooted.amp.sh *******
# Usage : unchrooted_script script_name
mysql_unchrooted_script=$1
exec 5>&1
exec 5>$mysql_unchrooted_script
touch $mysql_unchrooted_script
cd $ROOTDIR
echo -e "#!/usr/local/bin/bash\n" >&5
echo -e "MYSQL_PREFIX=${MYSQL_PREFIX}" >&5
echo -e 'MYSQLD_SAFE=${MYSQL_PREFIX}/bin/mysqld_safe' >&5
echo -e "HTTPD_CHROOTED_DIR=${HTTPD_CHROOTED_DIR}\n" >&5
echo -e 'if [ X$# == X0 ]' >&5
echo -e 'then
echo -e "\033[36m\033[40m Starting MySQL ...\033[0m\033[0m"
${MYSQLD_SAFE} --skip-networking --user=mysql --skip-show-database &
else
case $1 in' >&5
echo -e ' start ) echo -e "\033[36m\033[40m Starting MySQL ...\033[0m\033[0m"
${MYSQL_PREFIX}/bin/mysqld_safe --skip-networking --user=mysql --skip-show-database &;;
stop ) echo -e "\033[36m\033[40m Stoping MySQL ...\033[0m\033[0m"
${MYSQL_PREFIX}/bin/mysqladmin -u $2 -p shutdown;;
* ) echo -e "\nUsage : $0 start"
echo -e "\t$0 stop [database admin account]\n"
echo -e "e.g : Start the server : $0 start"
echo -e " Stop the server : $0 stop root\n";;
esac
fi' >&5
chown root:sys $mysql_unchrooted_script
chmod 600 $mysql_unchrooted_script
}
# 生成脚本 mysql_chrooted.amp.sh,并加上可执行权限.置于目录 /usr/local/etc/rc.d中,
# 系统启动时将会执行此脚本,从而启动 MySQL 数据库
# Usage : chrooted_script script_name
function chroot_script()
{
# **** Create a chroot mysql server script : mysql_chrooted.amp.sh *******
mysql_chrooted_script=$1
exec 5>&1
exec 5>$mysql_chrooted_script
touch $mysql_chrooted_script
cd $ROOTDIR
echo -e "#!/usr/local/bin/bash\n" >&5
# 为脚本设置变量
echo -e "HTTPD_CHROOTED_DIR=${HTTPD_CHROOTED_DIR}
MYSQLD_CHROOTED_DIR=${MYSQLD_CHROOTED_DIR}\n
MYSQL_PREFIX=${MYSQL_PREFIX}
CHROOTUID=${CHROOTUID}" >&5
echo -e 'MYSQLD=${MYSQL_PREFIX}/libexec/mysqld\n' >&5
echo -e 'CHROOTUID=${CHROOTUID}' >&5
echo 'PIDFILE=${MYSQLD_CHROOTED_DIR}${MYSQL_PREFIX}/var/$(hostname -s).pid' >&5
# mysql.sock文件的位置
echo -e 'MYSQL_SOCKET=${MYSQLD_CHROOTED_DIR}/tmp/mysql.sock\n' >&5
# 函数 socket_link ,链接 mysql.sock
echo -e 'function socket_link()
{
httpd_mysql_socket="${HTTPD_CHROOTED_DIR}/tmp/mysql.sock"
if [ -e $httpd_mysql_socket ]
then
rm $httpd_mysql_socket
ln $MYSQL_SOCKET $httpd_mysql_socket
else
ln $MYSQL_SOCKET $httpd_mysql_socket
fi
}' >&5
echo -e 'if [ X$# == X0 ]' >&5
echo 'then
echo -e "\033[36m\033[40m Starting MySQL ...\033[0m\033[0m"
echo -e "\t To use mysql in a chrooted apache web server,you should \n\t run this command manually :"
echo -e "\t\t ln ${MYSQL_SOCKET} ${HTTPD_CHROOTED_DIR}/tmp"
echo -e "\n\t To connect the server,Please use this command :"
echo -e "\t\t mysql --socket=${MYSQL_SOCKET} \n\n"
$CHROOTUID ${MYSQLD_CHROOTED_DIR} mysql ${MYSQLD} &
(sleep 2&&socket_link)
else
case $1 in' >&5
echo ' start ) echo -e "\033[36m\033[40m Starting MySQL ...\033[0m\033[0m"
echo -e "\n\t To use mysql in a chrooted apache web server,you should \n\t run this command manually :"
echo -e "\t\t ln ${MYSQL_SOCKET} ${HTTPD_CHROOTED_DIR}/tmp"
echo -e "\n\t To connect the server,Please use this command :"
echo -e "\t\t mysql --socket=${MYSQL_SOCKET} \n\n"
$CHROOTUID ${MYSQLD_CHROOTED_DIR} mysql ${MYSQLD} &
(sleep 2&&socket_link);;
stop ) echo -e "\033[36m\033[40m Stoping MySQL ...\033[0m\033[0m"
kill $(cat $PIDFILE);;
esac
fi' >&5
chown root:sys $mysql_chrooted_script
chmod 700 $mysql_chrooted_script
}
unchrooted_script mysql_unchrooted.amp.sh
chroot_script mysql_chrooted.amp.sh
move_script mysql_unchrooted.amp.sh /usr/local/etc/rc.d/
move_script mysql_chrooted.amp.sh /usr/local/etc/rc.d/
}
# ****************** Chroot MySQL : Main ******************
function mysqld_chrooted()
{
function mysql_create_dirs()
{
echo "Create MySQL chroot directories ..."
mkdir -p ${MYSQLD_CHROOTED_DIR}/{dev,etc,tmp,lib,libexec,var/{run,tmp},usr/{lib,libexec},${MYSQL_PREFIX}/{libexec,var,share/mysql/english}}
}
function set_access_rights()
{
chown -R mysql:mysql ${MYSQLD_CHROOTED_DIR}
chmod -R 755 ${MYSQLD_CHROOTED_DIR}
chmod 1777 ${MYSQLD_CHROOTED_DIR}/tmp
}
function copy_etc_files()
{
echo "Copy some configure files from /etc ..."
cp /etc/{hosts,host.conf,resolv.conf,group} ${MYSQLD_CHROOTED_DIR}/etc/
}
function mysql_copy_libs()
{
cp /libexec/ld-elf.so.1 ${MYSQLD_CHROOTED_DIR}/libexec/
cp /var/run/ld-elf.so.hints ${MYSQLD_CHROOTED_DIR}/var/run/
ldd ${MYSQLD}|awk '{print $3}'>mysqld_libs
for lib in $(cat mysqld_libs)
do
if [ -d ${MYSQLD_CHROOTED_DIR}/$(dirname $lib) ]
then
cp $lib ${MYSQLD_CHROOTED_DIR}/$(dirname $lib)
else
mkdir -p ${MYSQLD_CHROOTED_DIR}/$(dirname $lib)
cp $lib ${MYSQLD_CHROOTED_DIR}/$(dirname $lib)
fi
done
rm mysqld_libs
cp ${MYSQL_PREFIX}/lib/mysql/libmysqlclient.so.* ${MYSQLD_CHROOTED_DIR}/${MYSQL_PREFIX}/lib
}
function mysql_copy_files()
{
cp ${MYSQL_PREFIX}/libexec/mysqld ${MYSQLD_CHROOTED_DIR}/usr/local/mysql/libexec/
cp ${MYSQL_PREFIX}/share/mysql/english/errmsg.sys ${MYSQLD_CHROOTED_DIR}/${MYSQL_PREFIX}/share/mysql/english/
cp -rf ${MYSQL_PREFIX}/share/mysql/charsets ${MYSQLD_CHROOTED_DIR}/${MYSQL_PREFIX}/share/mysql/charsets
}
function create_passwords_file()
{
echo "Create file : ${MYSQLD_CHROOTED_DIR}/etc/passwords ..."
cp /etc/master.passwd ${MYSQLD_CHROOTED_DIR}/etc/passwords
cd ${MYSQLD_CHROOTED_DIR}/etc
grep -i mysql passwords >pwd_tmpfile
rm passwords&&mv pwd_tmpfile passwords
pwd_mkdb -d ${MYSQLD_CHROOTED_DIR}/etc passwords
rm -rf ${MYSQLD_CHROOTED_DIR}/etc/master.passwd
}
function create_group_file()
{
echo "Create file : ${MYSQLD_CHROOTED_DIR}/etc/group ..."
cd ${MYSQLD_CHROOTED_DIR}/etc&& \
grep -i mysql group >group_tmpfile&& \
rm group&& mv group_tmpfile group
}
function create_null_file()
{
echo "Create file : ${MYSQLD_CHROOTED_DIR}/dev/null ..."
mknod ${MYSQLD_CHROOTED_DIR}/dev/null c 2 2
chown root:sys ${MYSQLD_CHROOTED_DIR}/dev/null
chmod 666 ${MYSQLD_CHROOTED_DIR}/dev/null
}
function root_password_warn()
{
print_msg "\a
PLEASE REMEMBER TO SET A PASSWORD FOR THE MySQL root USER !
To do so, start the server, then issue the following commands:
${MYSQL_PREFIX}/bin/mysqladmin -u root password 'new-password'
${MYSQL_PREFIX}/bin/mysqladmin -u root -h FreeBSD.org password 'new-password'
See the manual for more instructions.
"
}
function copy_db_files()
{
print_msg "Copying databases now ..."
cp -rf ${MYSQL_PREFIX}/var/ ${MYSQLD_CHROOTED_DIR}/${MYSQL_PREFIX}/var
chown -R mysql:mysql ${MYSQLD_CHROOTED_DIR}/${MYSQL_PREFIX}/var
if [ -d ${MYSQLD_CHROOTED_DIR}/${MYSQL_PREFIX}/var/test ]
then
rm -rf ${MYSQLD_CHROOTED_DIR}/${MYSQL_PREFIX}/var/test
else
:
fi
}
# ******************* Chroot MySQL : Main **********************
mysql_create_dirs&& \
set_access_rights&& \
copy_etc_files&& \
mysql_copy_libs&& \
mysql_copy_files&& \
create_passwords_file&& \
create_group_file&& \
create_null_file&& \
root_password_warn&& \
copy_db_files
}
# *************************************************************************
# *********************** INSTALL and CHROOT Apache ***********************
# *************************************************************************
function httpd_extract()
{
pkg_extract httpd-${httpd_version}.${httpd_suffix}
}
function httpd_install()
{
cd $ROOTDIR/httpd-${httpd_version}&& \
./configure ${HTTPD_FLAGS}&& \
make&& \
make install&& \
print_msg "\n\t httpd-${httpd_version} has been installed successfully !\n"
}
function mod_security_extract()
{
pkg_extract mod_security-${mod_security_version}.${mod_security_suffix}
}
function mod_security_install()
{
$APXS_PREFIX -cia $ROOTDIR/mod_security-${mod_security_version}/apache2/mod_security.c
mkdir -p ${MOD_SECURITY_DOC}
cp -rf $ROOTDIR/mod_security-${mod_security_version}/{util,tests,modsecurity-manual.pdf,httpd.conf.*} ${MOD_SECURITY_DOC}
echo "# -------------- Configure mod_security -------------\n" >>${APACHE_PREFIX}/conf/httpd.conf
cat $ROOTDIR/mod_security-${mod_security_version}/httpd.conf.regression-v2 >>${APACHE_PREFIX}/conf/httpd.conf
print_msg "\n\t mod_security-${mod_security_version} has been installed successfully !"
}
# 生成脚本文件: /usr/local/etc/rc.d/apache2_chrooted.amp.sh,方便启动和停止 Apache
function httpd_server_script()
{
# **** Create a chroot httpd server script : apache2_chrooted.amp.sh *******
# Usage : httpd_server_script script_name
apache2_chrooted_script=$1
exec 5>&1
exec 5>$apache2_chrooted_script
touch $apache2_chrooted_script
echo -e '#!/usr/local/bin/bash\n' >&5
echo -e "# File : /usr/local/etc/rc.d/apache2_chrooted.amp.sh\n" >&5
# 定义脚本中的变量
echo -e "CHROOT=${CHROOT}" >&5
echo -e "APACHE_PREFIX=${APACHE_PREFIX}" >&5
echo -e "HTTPD_CHROOTED_DIR=${HTTPD_CHROOTED_DIR}" >&5
echo -e 'APACHE_PID_FILE=${HTTPD_CHROOTED_DIR}${APACHE_PREFIX}/logs/httpd.pid\n' >&5
echo -e 'HTTPD=${APACHE_PREFIX}/bin/httpd\n' >&5
echo 'if [ X$# == X0 ]
then
echo -e "\033[36m\033[40m Starting Apache ...\033[0m\033[0m"
$CHROOT ${HTTPD_CHROOTED_DIR} $HTTPD
else
case "$1" in
start)
echo -e "\033[36m\033[40m Starting Apache ...\033[0m\033[0m"
$CHROOT ${HTTPD_CHROOTED_DIR} $HTTPD
;;
stop)
echo -e "\033[36m\033[40m Stoping Apache ...\033[0m\033[0m"
kill $(cat ${APACHE_PID_FILE})
;;
*)
echo ""
echo "Usage: $(basename $0) {start|stop}" >&2
exit 1
;;
esac
fi' >&5
chown root:sys $apache2_chrooted_script
chmod 700 $apache2_chrooted_script
move_script $apache2_chrooted_script /usr/local/etc/rc.d
}
# ******************* Chrooted httpd ********************
function httpd_chrooted()
{
# ***************** Create directories *****************
function create_dirs()
{
echo "Create httpd chroot directories ..."
mkdir -p ${HTTPD_CHROOTED_DIR}/{dev,etc,libexec,tmp,usr/local/lib,usr/local/libexec,usr/local/bin,usr/lib,usr/bin,usr/libexec,var/run,${APACHE_PREFIX}}
}
# ******* Create file : ${HTTPD_CHROOTED_DIR}/dev/null ******
function create_null_file()
{
echo "Create file : ${HTTPD_CHROOTED_DIR}/dev/null ..."
mknod ${HTTPD_CHROOTED_DIR}/dev/null c 2 2
chown root:sys ${HTTPD_CHROOTED_DIR}/dev/null
chmod 666 ${HTTPD_CHROOTED_DIR}/dev/null
}
# ************ Copy some configure files from /etc ***********
function copy_etc_files()
{
echo "Copy some configure files from /etc ..."
cp /etc/{hosts,host.conf,resolv.conf,group} ${HTTPD_CHROOTED_DIR}/etc/
}
# ***** Create file : ${HTTPD_CHROOTED_DIR}/etc/passwords ****
function create_passwords_file()
{
echo "Create file : passwords ..."
cp /etc/master.passwd ${HTTPD_CHROOTED_DIR}/etc/passwords
cd ${HTTPD_CHROOTED_DIR}/etc&& \
grep -i nobody passwords >pwd_tmpfile
grep -i apache passwords >>pwd_tmpfile
rm passwords&&mv pwd_tmpfile passwords&& \
pwd_mkdb -d ${HTTPD_CHROOTED_DIR}/etc passwords&& \
rm -rf ${HTTPD_CHROOTED_DIR}/etc/master.passwd
}
# ****** Create file : ${HTTPD_CHROOTED_DIR}/etc/group *******
function create_group_file()
{
echo "Create file : ${HTTPD_CHROOTED_DIR}/etc/group ..."
cd ${HTTPD_CHROOTED_DIR}/etc&& \
grep -i nogroup group >group_tmpfile
grep -i apache group >>group_tmpfile
rm group&& mv group_tmpfile group
}
# ******** Create file : ${HTTPD_CHROOTED_DIR}/dev/log ********
function create_log_file()
{
echo "Create socket file : ${HTTPD_CHROOTED_DIR}/dev/log ..."
grep -l "${HTTPD_CHROOTED_DIR}/dev/log" /etc/rc.conf
if [ X$? == X0 ]
then
:
else
echo "syslogd_flags='-l ${HTTPD_CHROOTED_DIR}/dev/log'">>/etc/rc.conf
fi
}
# ********************* Copy Perl and share libs ********************
function copy_perl_and_libs()
{
echo "Copy Perl and share libs ..."
cp -rf /usr/local/bin/perl* ${HTTPD_CHROOTED_DIR}/usr/local/bin/
ldd ${PERL_PREFIX}|awk '{print $3}'>perl_libs
for lib in $(cat perl_libs)
do
if [ -d ${HTTPD_CHROOTED_DIR}/$(dirname $lib) ]
then
cp $lib ${HTTPD_CHROOTED_DIR}/$(dirname $lib)
else
mkdir -p ${HTTPD_CHROOTED_DIR}/$(dirname $lib)
cp $lib ${HTTPD_CHROOTED_DIR}/$(dirname $lib)
fi
done
rm perl_libs
ln -s ${HTTPD_CHROOTED_DIR}/${PERL_PREFIX} ${HTTPD_CHROOTED_DIR}/usr/bin
print_msg "\n\tIf you want this web server to run cgi scripts ,Please add"
print_msg "\tthis options to your apache configure file 'httpd.conf':\n"
print_msg '\t<Directory /path/to/cgi-bin>'
print_msg '\tOptions +ExecCGI'
print_msg '\t</Directory>\n\n'
}
# ******************* Copy Apache files *********************
function copy_apache_files()
{
echo "Copy Apache files ..."
cp -rf ${APACHE_PREFIX}/* ${HTTPD_CHROOTED_DIR}/${APACHE_PREFIX}
echo "Run command 'ldd' now,and copy the share libs to correct directories:"
ldd ${HTTPD}|awk '{print $3}'>httpd_libs
for lib in $(cat httpd_libs)
do
if [ -d ${HTTPD_CHROOTED_DIR}/$(dirname $lib) ]
then
cp $lib ${HTTPD_CHROOTED_DIR}/$(dirname $lib)
else
mkdir -p ${HTTPD_CHROOTED_DIR}/$(dirname $lib)
cp $lib ${HTTPD_CHROOTED_DIR}/$(dirname $lib)
fi
done
rm httpd_libs
}
function httpd_copy_libs()
{
cp /libexec/ld-elf.so.1 ${HTTPD_CHROOTED_DIR}/libexec/
cp /var/run/ld-elf.so.hints ${HTTPD_CHROOTED_DIR}/var/run/
cp ${MYSQL_LIB_PREFIX}/libmysqlclient.so.* ${HTTPD_CHROOTED_DIR}/usr/lib
}
# *********** Apache chrooted : Chrooted main *************
create_dirs&& \
create_null_file&& \
copy_etc_files&& \
create_passwords_file&& \
create_group_file&& \
create_log_file&& \
copy_perl_and_libs&& \
copy_apache_files&& \
httpd_copy_libs
}
# *************************************************************************
# *********************** INSTALL and CHROOT PHP ***********************
# *************************************************************************
function php_extract()
{
pkg_extract php-${php_version}.${php_suffix}
}
# 编译安装MYSQL
function php_install()
{
cd $ROOTDIR/php-${php_version}&& \
export PATH=$PATH:${APACHE_PREFIX}/bin
./configure ${PHP_FLAGS}&& \
make&& \
make install
}
function php_copy_files()
{
cp -rf ${APACHE_PREFIX}/modules/* ${HTTPD_CHROOTED_DIR}/${APACHE_PREFIX}/modules/
cd $ROOTDIR/php-${php_version}&& \
cp php.ini-recommended php.ini
cp $ROOTDIR/php-${php_version}/{php.ini-dist,php.ini} ${APACHE_PREFIX}/conf
cp $ROOTDIR/php-${php_version}/{php.ini-dist,php.ini} ${HTTPD_CHROOTED_DIR}/${APACHE_PREFIX}/conf
# copy libs,required by "libmysqlclient.so.14"
cp /lib/libz.so.2 ${HTTPD_CHROOTED_DIR}/lib
cp ${MYSQL_PREFIX}/lib/mysql/libmysqlclient.so.* ${HTTPD_CHROOTED_DIR}/${APACHE_PREFIX}/lib
}
# ******************************************************************
# ********************** Script Main *******************************
# ******************************************************************
runner_check&& \
# ********************** INSTALL OpenSSL ****************************
openssl_extract&& \
dir_check ${OPENSSL_PREFIX}&& \
openssl_install&& \
print_msg "\n\t OpenSSL-${openssl_version} has been installed successfully !\n"
# ***************** INSTALL and CHROOT MySQL ************************
group_user_check_add mysql&& \
mysql_extract&& \
dir_check ${MYSQL_PREFIX}&& \
mysql_install&& \
mysql_init_conf
${MYSQL_PREFIX}/bin/mysqld_safe &
mysql_server_script&& \
mysqld_chrooted&& \
kill $(cat ${MYSQL_PREFIX}/var/$(hostname -s).pid) # Stop MySQL server
print_msg "\n\t MySQL(chrooted,with OpenSSL support) has been installed successfully !\n"
# ***************** INSTALL and CHROOT APACHE ***********************
httpd_extract&& \
dir_check ${APACHE_PREFIX}&& \
httpd_install&& \
httpd_server_script apache2_chrooted.amp.sh&& \
mod_security_extract&& \
mod_security_install&& \
httpd_chrooted&& \
print_msg "\n\t httpd-${httpd_version}(chrooted,with mod_security-${mod_security_version},with OpenSSL support) has been installed successfully!"
# ******* INSTALL PHP *********
php_extract&& \
php_install&& \
php_copy_files && \
print_msg "\n\t PHP-${php_version}(with OpenSSL support)has been installed successfully !"
# ***************************** All Done **************************
print_msg "\n\t\t All Done"[/code] 汗,居然被你转到这儿来了
这点没技术含量的东西就别转了
页:
[1]