... | ... | @@ -5,20 +5,20 @@ Conseil avant de débuter l'installation : |
|
|
**Mettre en place un *Fail to ban* afin d'éviter les tentatives de connexion en brut force
|
|
|
|
|
|
**Configuration FIREWALL**
|
|
|
`firewall-cmd --zone=public --permanent --add-service=http`
|
|
|
`firewall-cmd --zone=public --permanent --add-service=https`
|
|
|
`firewall-cmd --reload`
|
|
|
* `firewall-cmd --zone=public --permanent --add-service=http`
|
|
|
* `firewall-cmd --zone=public --permanent --add-service=https`
|
|
|
* `firewall-cmd --reload`
|
|
|
|
|
|
**Installation APACHE**
|
|
|
Première étape est de mettre à jour notre Os :
|
|
|
`yum -y update`
|
|
|
Installation Apache HTTP :
|
|
|
`yum install httpd`
|
|
|
On démarre le service :
|
|
|
`systemctl start httpd.service`
|
|
|
Afin de vérifier que le service tourne, voici la commande :
|
|
|
`systemctl status httpd.service`
|
|
|
Résultat :
|
|
|
* Première étape est de mettre à jour notre Os :
|
|
|
`yum -y update`
|
|
|
* Installation Apache HTTP :
|
|
|
`yum install httpd`
|
|
|
* On démarre le service :
|
|
|
`systemctl start httpd.service`
|
|
|
* Afin de vérifier que le service tourne, voici la commande :
|
|
|
`systemctl status httpd.service`
|
|
|
* Résultat :
|
|
|
`● httpd.service - The Apache HTTP Server
|
|
|
Loaded: loaded (/usr/lib/systemd/system/httpd.service; enabled; vendor preset: disabled)
|
|
|
Active: active (running) since Fri 2018-10-12 16:17:01 CEST; 2 days ago
|
... | ... | @@ -46,19 +46,19 @@ Oct 12 16:17:01 vps584938.ovh.net systemd[1]: Started The Apache HTTP Server. |
|
|
Oct 12 16:56:38 vps584938.ovh.net systemd[1]: Reloaded The Apache HTTP Server.
|
|
|
Oct 14 03:14:02 vps584938.ovh.net systemd[1]: Reloaded The Apache HTTP Server.
|
|
|
`
|
|
|
Activation du service à chaque démarrage :
|
|
|
* Activation du service à chaque démarrage :
|
|
|
`systemctl enable httpd.service`
|
|
|
|
|
|
|
|
|
**Installation de la Base de donnée**
|
|
|
Pour la base de donnée nous avons choisie MariaDB dont les fondateurs sont ceux de MySQL.
|
|
|
|
|
|
`yum install mariadb-server mariadb`
|
|
|
`systemctl start mariadb.service`
|
|
|
`systemctl enable mariadb.service`
|
|
|
Afin de vérifier que le service tourne, voici la commande :
|
|
|
* `yum install mariadb-server mariadb`
|
|
|
* `systemctl start mariadb.service`
|
|
|
* `systemctl enable mariadb.service`
|
|
|
* Afin de vérifier que le service tourne, voici la commande :
|
|
|
`systemctl status mariadb`
|
|
|
Resultat :
|
|
|
* Resultat :
|
|
|
`● mariadb.service - MariaDB database server
|
|
|
Loaded: loaded (/usr/lib/systemd/system/mariadb.service; enabled; vendor preset: disabled)
|
|
|
Active: active (running) since Fri 2018-10-12 14:04:55 CEST; 3 days ago
|
... | ... | @@ -86,25 +86,25 @@ MySQL/MariaDB dispose de l’utilitaire mysql_secure_installation pour assurer l |
|
|
|
|
|
Voici les commandes :
|
|
|
|
|
|
`mysql_secure_installation`
|
|
|
`NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL
|
|
|
* `mysql_secure_installation`
|
|
|
* `NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL
|
|
|
MariaDB SERVERS IN PRODUCTION USE! PLEASE READ EACH STEP
|
|
|
CAREFULLY!
|
|
|
|
|
|
In order to log into MariaDB to secure it, we'll need the current
|
|
|
* In order to log into MariaDB to secure it, we'll need the current
|
|
|
password for the root user. If you've just installed MariaDB, and
|
|
|
you haven't set the root password yet, the password will be blank,
|
|
|
so you should just press enter here.
|
|
|
|
|
|
Enter current password for root (enter for none): [Entrée]
|
|
|
* Enter current password for root (enter for none): `[Entrée]`
|
|
|
OK, successfully used password, moving on...
|
|
|
|
|
|
Setting the root password ensures that nobody can log into the
|
|
|
* Setting the root password ensures that nobody can log into the
|
|
|
MariaDB root user without the proper authorisation.
|
|
|
|
|
|
Set root password? [Y/n] y
|
|
|
New password: **********
|
|
|
Re-enter new password: **********
|
|
|
* Set root password? [Y/n] `y`
|
|
|
* New password: `**********`
|
|
|
* Re-enter new password: `**********`
|
|
|
Password updated successfully!
|
|
|
Reloading privilege tables..
|
|
|
... Success!
|
... | ... | @@ -115,33 +115,33 @@ created for them. This is intended only for testing, and to make |
|
|
the installation go a bit smoother. You should remove them before
|
|
|
moving into a production environment.
|
|
|
|
|
|
Remove anonymous users? [Y/n] y
|
|
|
* Remove anonymous users? [Y/n] `y`
|
|
|
... Success!
|
|
|
|
|
|
Normally, root should only be allowed to connect from 'localhost'.
|
|
|
This ensures that someone cannot guess at the root password from
|
|
|
the network.
|
|
|
|
|
|
Disallow root login remotely? [Y/n] y
|
|
|
* Disallow root login remotely? [Y/n] `y`
|
|
|
... Success!
|
|
|
|
|
|
By default, MariaDB comes with a database named 'test' that anyone
|
|
|
can access. This is also intended only for testing, and should be
|
|
|
removed before moving into a production environment.
|
|
|
|
|
|
Remove test database and access to it? [Y/n] y
|
|
|
- Dropping test database...
|
|
|
* Remove test database and access to it? [Y/n] `y`
|
|
|
* - Dropping test database...
|
|
|
... Success!
|
|
|
- Removing privileges on test database...
|
|
|
* - Removing privileges on test database...
|
|
|
... Success!
|
|
|
|
|
|
Reloading the privilege tables will ensure that all changes made so
|
|
|
far will take effect immediately.
|
|
|
|
|
|
Reload privilege tables now? [Y/n] y
|
|
|
* Reload privilege tables now? [Y/n] `y`
|
|
|
... Success!
|
|
|
|
|
|
Cleaning up...
|
|
|
* Cleaning up...
|
|
|
|
|
|
All done! If you've completed all of the above steps, your MariaDB
|
|
|
installation should now be secure.
|
... | ... | @@ -150,21 +150,21 @@ Thanks for using MariaDB!` |
|
|
|
|
|
**Connection à MariaDB**
|
|
|
Dorénavant, il faut se connecter au moniteur MySQL/MariaDB avec le mot de passe que l’on vient de définir un peu plus haut.
|
|
|
`mysql -u root -p`
|
|
|
* `mysql -u root -p`
|
|
|
|
|
|
**Installaion PHP**
|
|
|
|
|
|
`yum install epel-release yum-utils -y`
|
|
|
`yum install http://rpms.remirepo.net/enterprise/remi-release-7.rpm`
|
|
|
`yum-config-manager --enable remi-php72`
|
|
|
* `yum install epel-release yum-utils -y`
|
|
|
* `yum install http://rpms.remirepo.net/enterprise/remi-release-7.rpm`
|
|
|
* `yum-config-manager --enable remi-php72`
|
|
|
|
|
|
Installation PHP 7.2 avec les dépendances :
|
|
|
`yum install php php-common php-opcache php-mcrypt php-cli php-gd php-curl php-mysql -y`
|
|
|
* `yum install php php-common php-opcache php-mcrypt php-cli php-gd php-curl php-mysql -y`
|
|
|
|
|
|
Vérification de la version installée :
|
|
|
`php -v`
|
|
|
Résultat :
|
|
|
`[MasterRIE@vps584938 ~]$ php -v
|
|
|
* `php -v`
|
|
|
* Résultat :
|
|
|
* `php -v
|
|
|
PHP 7.2.11 (cli) (built: Oct 10 2018 10:00:29) ( NTS )
|
|
|
Copyright (c) 1997-2018 The PHP Group
|
|
|
Zend Engine v3.2.0, Copyright (c) 1998-2018 Zend Technologies
|
... | ... | @@ -172,26 +172,24 @@ Zend Engine v3.2.0, Copyright (c) 1998-2018 Zend Technologies |
|
|
|
|
|
**Test à effectuer pour PHP**
|
|
|
|
|
|
Création du fichier info.php sous /var/www/html
|
|
|
Insertion du code suivant :
|
|
|
`<?php
|
|
|
phpinfo();
|
|
|
?>`
|
|
|
Afficher la page web de votre site : https://*******/info.php
|
|
|
* Création du fichier info.php sous /var/www/html
|
|
|
* Insertion du code suivant :`<?php phpinfo(); ?>`
|
|
|
|
|
|
Attention : Après le test SUPPRIMER le fichier info.php
|
|
|
* Afficher la page web de votre site : `https://*******/info.php`
|
|
|
|
|
|
****Attention : Après le test SUPPRIMER le fichier `info.php`****
|
|
|
|
|
|
**PhpMyAdmin**
|
|
|
|
|
|
Cette installation va nous servir afin de faciliter l'administration de notre base de donnée.
|
|
|
Pour commencer installons le repository EPEL
|
|
|
`rpm -iUvh http://dl.fedoraproject.org/pub/epel/7/x86_64/e/epel-release-7-5.noarch.rpm`
|
|
|
* `rpm -iUvh http://dl.fedoraproject.org/pub/epel/7/x86_64/e/epel-release-7-5.noarch.rpm`
|
|
|
Mettre à jour le system
|
|
|
`yum -y update`
|
|
|
`yum install phpmyadmin`
|
|
|
* `yum -y update`
|
|
|
* `yum install phpmyadmin`
|
|
|
|
|
|
Autoriser notre ip dans le fichier suivant :
|
|
|
`vi /etc/httpd/conf.d/phpMyAdmin.conf`
|
|
|
* `vi /etc/httpd/conf.d/phpMyAdmin.conf`
|
|
|
|
|
|
* Require ip 127.0.0.1 par Require ip votreadresse
|
|
|
* Allow from 127.0.0.1 par Allow from votreadresse
|
... | ... | |