Server/srs20: Unterschied zwischen den Versionen
Zur Navigation springen
Zur Suche springen
KKeine Bearbeitungszusammenfassung |
|||
Zeile 262: | Zeile 262: | ||
</pre> | </pre> | ||
: <code>service mysql-server start</code> | : <code>service mysql-server start</code> | ||
: <code>mysql_secure_installation</code> | |||
<pre> | |||
NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MySQL | |||
SERVERS IN PRODUCTION USE! PLEASE READ EACH STEP CAREFULLY! | |||
In order to log into MySQL to secure it, we'll need the current | |||
password for the root user. If you've just installed MySQL, and | |||
you haven't set the root password yet, the password will be blank, | |||
so you should just press enter here. | |||
</pre> | |||
<pre> | |||
Enter current password for root (enter for none): | |||
</pre> | |||
<pre> | |||
OK, successfully used password, moving on... | |||
Setting the root password ensures that nobody can log into the MySQL | |||
root user without the proper authorisation. | |||
</pre> | |||
<pre> | |||
Set root password? [Y/n] y | |||
</pre> | |||
<pre> | |||
New password: | |||
</pre> | |||
<pre> | |||
Re-enter new password: | |||
</pre> | |||
<pre> | |||
Password updated successfully! | |||
Reloading privilege tables.. | |||
... Success! | |||
By default, a MySQL installation has an anonymous user, allowing anyone | |||
to log into MySQL without having to have a user account created for | |||
them. This is intended only for testing, and to make the installation | |||
go a bit smoother. You should remove them before moving into a | |||
production environment. | |||
</pre> | |||
<pre> | |||
Remove anonymous users? [Y/n] y | |||
</pre> | |||
<pre> | |||
... Success! | |||
Normally, root should only be allowed to connect from 'localhost'. This | |||
ensures that someone cannot guess at the root password from the network. | |||
</pre> | |||
<pre> | |||
Disallow root login remotely? [Y/n] y | |||
</pre> | |||
<pre> | |||
... Success! | |||
By default, MySQL comes with a database named 'test' that anyone can | |||
access. This is also intended only for testing, and should be removed | |||
before moving into a production environment. | |||
</pre> | |||
<pre> | |||
Remove test database and access to it? [Y/n] y | |||
</pre> | |||
<pre> | |||
- Dropping test database... | |||
... Success! | |||
- Removing privileges on test database... | |||
... Success! | |||
Reloading the privilege tables will ensure that all changes made so far | |||
will take effect immediately. | |||
</pre> | |||
<pre> | |||
Reload privilege tables now? [Y/n] y | |||
</pre> | |||
<pre> | |||
... Success! | |||
All done! If you've completed all of the above steps, your MySQL | |||
installation should now be secure. | |||
Thanks for using MySQL! | |||
Cleaning up... | |||
</pre> | |||
; Mail-Ausgang (nahezu pauschal) aktivieren | ; Mail-Ausgang (nahezu pauschal) aktivieren |
Version vom 6. Mai 2016, 04:48 Uhr
"Spielwiese!"
Export
- Daten von limesurvey sichern
mysqldump --version
mysqldump Ver 10.13 Distrib 5.5.35, for FreeBSD8.2 (amd64)
cat /usr/local/www/limesurvey/config.php
mysqldump -u root -h localhost limesurvey -p > /tmp/dump.`date "+%Y-%m-%d"`.sql
tar -vczf /tmp/archiv.tar.gz /usr/local/www/limesurvey
- gesicherte Daten von limesurvey auf die neue Instanz kopieren
Installation der benötigten Software
- pauschale Aktualisieren
pkg upgrade -y
- ergänzende gängige Werkzeuge zum Administrieren installieren
pkg install -y vim-lite nano bash zsh tmux mc
New packages to be INSTALLED: vim-lite: 7.4.1743 nano: 2.4.3 bash: 4.3.42_1 zsh: 5.2_1 tmux: 2.1_1 mc: 4.8.16_1 libevent2: 2.0.22_1 libssh2: 1.7.0,2 libX11: 1.6.3,1 xproto: 7.0.28 libXdmcp: 1.1.2 libxcb: 1.11.1 libxml2: 2.9.3 libpthread-stubs: 0.3_6 libXau: 1.0.8_3 kbproto: 1.0.7 libslang2: 2.3.0 png: 1.6.21 pcre: 8.38_1 glib: 2.46.2 libXext: 1.3.3_1,1 xextproto: 7.3.0
Message from bash-4.3.42_1: ====================================================================== bash requires fdescfs(5) mounted on /dev/fd If you have not done it yet, please do the following: mount -t fdescfs fdesc /dev/fd To make it permanent, you need the following lines in /etc/fstab: fdesc /dev/fd fdescfs rw 0 0 ======================================================================
- LimeSurvey installieren
pkg install -y limesurvey
New packages to be INSTALLED: limesurvey: 1.91_1 php56-simplexml: 5.6.21 php56: 5.6.21 php56-session: 5.6.21 php56-iconv: 5.6.21 php56-gd: 5.6.21 libXpm: 3.5.11_4 libXt: 1.1.5,1 libSM: 1.2.2_3,1 libICE: 1.0.9_1,1 t1lib: 5.1.2_4,1 libXaw: 1.0.13,2 printproto: 1.0.5 libXmu: 1.1.2_3,1 libXp: 1.0.3,1 freetype2: 2.6.3 jpeg-turbo: 1.4.2 mysql56-client: 5.6.30 libedit: 3.1.20150325_2 php56-xmlwriter: 5.6.21 php56-ctype: 5.6.21 php56-mbstring: 5.6.21 oniguruma5: 5.9.6_1 php56-json: 5.6.21 php56-dom: 5.6.21 php56-mysql: 5.6.21
Message from mysql56-client-5.6.30: * * * * * * * * * * * * * * * * * * * * * * * * Please be aware the database client is vulnerable to CVE-2015-3152 - SSL Downgrade aka "BACKRONYM". You may find more information at the following URL: http://www.vuxml.org/freebsd/36bd352d-299b-11e5-86ff-14dae9d210b8.html Although this database client is not listed as "affected", it is vulnerable and will not be receiving a patch. Please take note of this when deploying this software. * * * * * * * * * * * * * * * * * * * * * * * *
Message from limesurvey-1.91_1: ---------------------------------------------------------------------------- limesurvey has been installed, but is not quite ready to be used yet! You have to ensure that you have a mysql server installed and configured. Further information on these installation procedures may be found in: /usr/local/www/limesurvey/docs/manual.html Once these steps have been taken, you may connect to the following URL to configure your installation of limesurvey: http://localhost/limesurvey/ ----------------------------------------------------------------------------
- Zum "Gegenprüfen" kann das Manual von LimeSurvey für die Installationdeutschsparachig herangezogen werden.
- Webserver (hier Apache 2.4) installieren und in die Umgebung einfügen
pkg install -y apache24 mod_php56
apache24: 2.4.20_1 mod_php56: 5.6.21
Message from apache24-2.4.20_1: To run apache www server from startup, add apache24_enable="yes" in your /etc/rc.conf. Extra options can be found in startup script. Your hostname must be resolvable using at least 1 mechanism in /etc/nsswitch.conf typically DNS or /etc/hosts or apache might have issues starting depending on the modules you are using. !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! - apache24 default build changed from static MPM to modular MPM - more modules are now enabled per default in the port - icons and error pages moved from WWWDIR to DATADIR If build with modular MPM and no MPM is activated in httpd.conf, then mpm_prefork will be activated as default MPM in etc/apache24/modules.d to keep compatibility with existing php/perl/python modules! Please compare the existing httpd.conf with httpd.conf.sample and merge missing modules/instructions into httpd.conf! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Message from mod_php56-5.6.21: *************************************************************** Make sure index.php is part of your DirectoryIndex. You should add the following to your Apache configuration file: <FilesMatch "\.php$"> SetHandler application/x-httpd-php </FilesMatch> <FilesMatch "\.phps$"> SetHandler application/x-httpd-php-source </FilesMatch> ***************************************************************
$EDITOR /usr/local/etc/apache24/Includes/php.conf
DirectoryIndex index.php index.html <FilesMatch "\.php$"> SetHandler application/x-httpd-php </FilesMatch> <FilesMatch "\.phps$"> SetHandler application/x-httpd-php-source </FilesMatch>
rm -rf /usr/local/www/apache24/data
ln -s /usr/local/www/limesurvey /usr/local/www/apache24/data
$EDITOR /usr/local/etc/apache24/httpd.conf
#ServerName www.example.com:80 ServerName umfragen.stura.htw-dresden.de
sysrc apache24_enable=yes
apache24_enable: -> yes
service apache24 start
- Datenbank (hier MYSQL 5.6) installieren und in die Umgebung einfügen
pkg install -y mysql56-server
New packages to be INSTALLED: mysql56-server: 5.6.30
Message from mysql56-server-5.6.30: ************************************************************************ Remember to run mysql_upgrade the first time you start the MySQL server after an upgrade from an earlier version. ************************************************************************
sysrc mysql_enable=yes
mysql_enable: -> yes
service mysql-server start
mysql_secure_installation
NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MySQL SERVERS IN PRODUCTION USE! PLEASE READ EACH STEP CAREFULLY! In order to log into MySQL to secure it, we'll need the current password for the root user. If you've just installed MySQL, and you haven't set the root password yet, the password will be blank, so you should just press enter here.
Enter current password for root (enter for none):
OK, successfully used password, moving on... Setting the root password ensures that nobody can log into the MySQL root user without the proper authorisation.
Set root password? [Y/n] y
New password:
Re-enter new password:
Password updated successfully! Reloading privilege tables.. ... Success! By default, a MySQL installation has an anonymous user, allowing anyone to log into MySQL without having to have a user account created for them. This is intended only for testing, and to make the installation go a bit smoother. You should remove them before moving into a production environment.
Remove anonymous users? [Y/n] y
... Success! Normally, root should only be allowed to connect from 'localhost'. This ensures that someone cannot guess at the root password from the network.
Disallow root login remotely? [Y/n] y
... Success! By default, MySQL comes with a database named 'test' that anyone can access. This is also intended only for testing, and should be removed before moving into a production environment.
Remove test database and access to it? [Y/n] y
- Dropping test database... ... Success! - Removing privileges on test database... ... Success! Reloading the privilege tables will ensure that all changes made so far will take effect immediately.
Reload privilege tables now? [Y/n] y
... Success! All done! If you've completed all of the above steps, your MySQL installation should now be secure. Thanks for using MySQL! Cleaning up...
- Mail-Ausgang (nahezu pauschal) aktivieren
sysrc sendmail_enable=yes
sendmail_enable: NO -> yes
service sendmail start
Import
- Migrieren
mkdir -p ~/import/`date "+%Y-%m-%d"`
mv /tmp/dump.`date "+%Y-%m-%d"`.sql ~/import/`date "+%Y-%m-%d"`
mv /tmp/archiv.`date "+%Y-%m-%d"`.tar.gz ~/import/`date "+%Y-%m-%d"`
- Datenbank importieren
mysql -u root -p < /tmp/dump.`date "+%Y-%m-%d"`.sql
- mysql_upgrade?
- mysql-server stoppen?
service mysql-server stop
mysql_upgrade -u root -p
- mysql-server stoppen?