Server/srs20: Unterschied zwischen den Versionen

Aus Wiki StuRa HTW Dresden
Zur Navigation springen Zur Suche springen
KKeine Bearbeitungszusammenfassung
Zeile 262: Zeile 262:
</pre>
</pre>
: <code>service mysql-server start</code>
: <code>service mysql-server start</code>
: <code>mysql_secure_installation</code>
<pre>
NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MySQL
      SERVERS IN PRODUCTION USE!  PLEASE READ EACH STEP CAREFULLY!
In order to log into MySQL to secure it, we'll need the current
password for the root user.  If you've just installed MySQL, and
you haven't set the root password yet, the password will be blank,
so you should just press enter here.
</pre>
<pre>
Enter current password for root (enter for none):
</pre>
<pre>
OK, successfully used password, moving on...
Setting the root password ensures that nobody can log into the MySQL
root user without the proper authorisation.
</pre>
<pre>
Set root password? [Y/n] y
</pre>
<pre>
New password:
</pre>
<pre>
Re-enter new password:
</pre>
<pre>
Password updated successfully!
Reloading privilege tables..
... Success!
By default, a MySQL installation has an anonymous user, allowing anyone
to log into MySQL without having to have a user account created for
them.  This is intended only for testing, and to make the installation
go a bit smoother.  You should remove them before moving into a
production environment.
</pre>
<pre>
Remove anonymous users? [Y/n] y
</pre>
<pre>
... Success!
Normally, root should only be allowed to connect from 'localhost'.  This
ensures that someone cannot guess at the root password from the network.
</pre>
<pre>
Disallow root login remotely? [Y/n] y
</pre>
<pre>
... Success!
By default, MySQL comes with a database named 'test' that anyone can
access.  This is also intended only for testing, and should be removed
before moving into a production environment.
</pre>
<pre>
Remove test database and access to it? [Y/n] y
</pre>
<pre>
- Dropping test database...
... Success!
- Removing privileges on test database...
... Success!
Reloading the privilege tables will ensure that all changes made so far
will take effect immediately.
</pre>
<pre>
Reload privilege tables now? [Y/n] y
</pre>
<pre>
... Success!
All done!  If you've completed all of the above steps, your MySQL
installation should now be secure.
Thanks for using MySQL!
Cleaning up...
</pre>


; Mail-Ausgang (nahezu pauschal) aktivieren
; Mail-Ausgang (nahezu pauschal) aktivieren

Version vom 6. Mai 2016, 04:48 Uhr

"Spielwiese!"

Export

Daten von limesurvey sichern
mysqldump --version
mysqldump  Ver 10.13 Distrib 5.5.35, for FreeBSD8.2 (amd64)
cat /usr/local/www/limesurvey/config.php
mysqldump -u root -h localhost limesurvey -p > /tmp/dump.`date "+%Y-%m-%d"`.sql
tar -vczf /tmp/archiv.tar.gz /usr/local/www/limesurvey
gesicherte Daten von limesurvey auf die neue Instanz kopieren

Installation der benötigten Software

pauschale Aktualisieren
pkg upgrade -y
ergänzende gängige Werkzeuge zum Administrieren installieren
pkg install -y vim-lite nano bash zsh tmux mc

New packages to be INSTALLED:
        vim-lite: 7.4.1743
        nano: 2.4.3
        bash: 4.3.42_1
        zsh: 5.2_1
        tmux: 2.1_1
        mc: 4.8.16_1
        libevent2: 2.0.22_1
        libssh2: 1.7.0,2
        libX11: 1.6.3,1
        xproto: 7.0.28
        libXdmcp: 1.1.2
        libxcb: 1.11.1
        libxml2: 2.9.3
        libpthread-stubs: 0.3_6
        libXau: 1.0.8_3
        kbproto: 1.0.7
        libslang2: 2.3.0
        png: 1.6.21
        pcre: 8.38_1
        glib: 2.46.2
        libXext: 1.3.3_1,1
        xextproto: 7.3.0

Message from bash-4.3.42_1:
======================================================================

bash requires fdescfs(5) mounted on /dev/fd

If you have not done it yet, please do the following:

        mount -t fdescfs fdesc /dev/fd

To make it permanent, you need the following lines in /etc/fstab:

        fdesc   /dev/fd         fdescfs         rw      0       0

======================================================================
LimeSurvey installieren
pkg install -y limesurvey

New packages to be INSTALLED:
        limesurvey: 1.91_1
        php56-simplexml: 5.6.21
        php56: 5.6.21
        php56-session: 5.6.21
        php56-iconv: 5.6.21
        php56-gd: 5.6.21
        libXpm: 3.5.11_4
        libXt: 1.1.5,1
        libSM: 1.2.2_3,1
        libICE: 1.0.9_1,1
        t1lib: 5.1.2_4,1
        libXaw: 1.0.13,2
        printproto: 1.0.5
        libXmu: 1.1.2_3,1
        libXp: 1.0.3,1
        freetype2: 2.6.3
        jpeg-turbo: 1.4.2
        mysql56-client: 5.6.30
        libedit: 3.1.20150325_2
        php56-xmlwriter: 5.6.21
        php56-ctype: 5.6.21
        php56-mbstring: 5.6.21
        oniguruma5: 5.9.6_1
        php56-json: 5.6.21
        php56-dom: 5.6.21
        php56-mysql: 5.6.21

Message from mysql56-client-5.6.30:
* * * * * * * * * * * * * * * * * * * * * * * *

Please be aware the database client is vulnerable
to CVE-2015-3152 - SSL Downgrade aka "BACKRONYM".
You may find more information at the following URL:

http://www.vuxml.org/freebsd/36bd352d-299b-11e5-86ff-14dae9d210b8.html

Although this database client is not listed as
"affected", it is vulnerable and will not be 
receiving a patch. Please take note of this when
deploying this software.

* * * * * * * * * * * * * * * * * * * * * * * *
Message from limesurvey-1.91_1:
----------------------------------------------------------------------------
limesurvey has been installed, but is not quite ready to be used yet!

You have to ensure that you have a mysql server installed and configured. 
Further information on these installation procedures may 
be found in:

  /usr/local/www/limesurvey/docs/manual.html

Once these steps have been taken, you may connect to the following URL to
configure your installation of limesurvey:

  http://localhost/limesurvey/

----------------------------------------------------------------------------


Webserver (hier Apache 2.4) installieren und in die Umgebung einfügen
pkg install -y apache24 mod_php56

        apache24: 2.4.20_1
        mod_php56: 5.6.21

Message from apache24-2.4.20_1:
To run apache www server from startup, add apache24_enable="yes"
in your /etc/rc.conf. Extra options can be found in startup script.

Your hostname must be resolvable using at least 1 mechanism in
/etc/nsswitch.conf typically DNS or /etc/hosts or apache might
have issues starting depending on the modules you are using.

!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

- apache24 default build changed from static MPM to modular MPM
- more modules are now enabled per default in the port
- icons and error pages moved from WWWDIR to DATADIR

   If build with modular MPM and no MPM is activated in 
   httpd.conf, then mpm_prefork will be activated as default
   MPM in etc/apache24/modules.d to keep compatibility with 
   existing php/perl/python modules!

Please compare the existing httpd.conf with httpd.conf.sample
and merge missing modules/instructions into httpd.conf!

!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Message from mod_php56-5.6.21:
***************************************************************

Make sure index.php is part of your DirectoryIndex.

You should add the following to your Apache configuration file:

<FilesMatch "\.php$">
    SetHandler application/x-httpd-php
</FilesMatch>
<FilesMatch "\.phps$">
    SetHandler application/x-httpd-php-source
</FilesMatch>

***************************************************************

$EDITOR /usr/local/etc/apache24/Includes/php.conf
DirectoryIndex index.php index.html
<FilesMatch "\.php$">
        SetHandler application/x-httpd-php
</FilesMatch>
<FilesMatch "\.phps$">
        SetHandler application/x-httpd-php-source
</FilesMatch>
rm -rf /usr/local/www/apache24/data
ln -s /usr/local/www/limesurvey /usr/local/www/apache24/data
$EDITOR /usr/local/etc/apache24/httpd.conf

#ServerName www.example.com:80
ServerName umfragen.stura.htw-dresden.de

sysrc apache24_enable=yes
apache24_enable:  -> yes
service apache24 start
Datenbank (hier MYSQL 5.6) installieren und in die Umgebung einfügen
pkg install -y mysql56-server

New packages to be INSTALLED:
        mysql56-server: 5.6.30
Message from mysql56-server-5.6.30:
************************************************************************

Remember to run mysql_upgrade the first time you start the MySQL server
after an upgrade from an earlier version.

************************************************************************

sysrc mysql_enable=yes
mysql_enable:  -> yes
service mysql-server start
mysql_secure_installation



NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MySQL
      SERVERS IN PRODUCTION USE!  PLEASE READ EACH STEP CAREFULLY!

In order to log into MySQL to secure it, we'll need the current
password for the root user.  If you've just installed MySQL, and
you haven't set the root password yet, the password will be blank,
so you should just press enter here.

Enter current password for root (enter for none): 
OK, successfully used password, moving on...

Setting the root password ensures that nobody can log into the MySQL
root user without the proper authorisation.

Set root password? [Y/n] y
New password: 
Re-enter new password: 
Password updated successfully!
Reloading privilege tables..
 ... Success!


By default, a MySQL installation has an anonymous user, allowing anyone
to log into MySQL without having to have a user account created for
them.  This is intended only for testing, and to make the installation
go a bit smoother.  You should remove them before moving into a
production environment.

Remove anonymous users? [Y/n] y
 ... Success!

Normally, root should only be allowed to connect from 'localhost'.  This
ensures that someone cannot guess at the root password from the network.

Disallow root login remotely? [Y/n] y
 ... Success!

By default, MySQL comes with a database named 'test' that anyone can
access.  This is also intended only for testing, and should be removed
before moving into a production environment.

Remove test database and access to it? [Y/n] y
 - Dropping test database...
 ... Success!
 - Removing privileges on test database...
 ... Success!

Reloading the privilege tables will ensure that all changes made so far
will take effect immediately.

Reload privilege tables now? [Y/n] y
 ... Success!




All done!  If you've completed all of the above steps, your MySQL
installation should now be secure.

Thanks for using MySQL!


Cleaning up...
Mail-Ausgang (nahezu pauschal) aktivieren
sysrc sendmail_enable=yes
sendmail_enable: NO -> yes
service sendmail start

Import

Migrieren
mkdir -p ~/import/`date "+%Y-%m-%d"`
mv /tmp/dump.`date "+%Y-%m-%d"`.sql ~/import/`date "+%Y-%m-%d"`
mv /tmp/archiv.`date "+%Y-%m-%d"`.tar.gz ~/import/`date "+%Y-%m-%d"`
Datenbank importieren
mysql -u root -p < /tmp/dump.`date "+%Y-%m-%d"`.sql
  • mysql_upgrade?
    • mysql-server stoppen?
      service mysql-server stop
    mysql_upgrade -u root -p