CentOS 7 PHP5.4 + APACHE 2 설치

# mkdir -p /root/source/archive
# cd /root/source/archive

1. 레포지토리 추가

# wget http://rpms.famillecollet.com/enterprise/remi-release-5.rpm
# wget http://download.fedora.redhat.com/pub/epel/5/i386/epel-release-5-4.noarch.rpm
 => http://download.fedora.redhat.com/pub/epel/5/x86_64/epel-release-5-4.noarch.rpm
# wget http://packages.sw.be/rpmforge-release/rpmforge-release-0.5.2-2.el5.rf.x86_64.rpm
# wget http://dl.iuscommunity.org/pub/ius/stable/Redhat/5/x86_64/ius-release-1.0-6.ius.el5.noarch.rpm 
 => http://dl.iuscommunity.org/pub/ius/stable/Redhat/5/x86_64/ius-release-1.0-8.ius.el5.noarch.rpm

# wget http://repo.webtatic.com/yum/webtatic.repo 를 /etc/yum.repos.d/ 에
# rpm --import http://repo.webtatic.com/yum/RPM-GPG-KEY-webtatic-andy 

# rpm -Uvh epel-release-5-4.noarch.rpm
# rpm -Uvh remi-release-5.rpm
# rpm -Uvh rpmforge-release-0.5.2-2.el5.rf.x86_64.rpm
# rpm -Uvh ius-release-1.0-6.ius.el5.noarch.rpm 

[확인]
# ls -al /etc/yum.repos.d/
# vi /etc/yum.repos.d/CentOS-Base.repo

-epel.repo
enabled = 1

-ius.repo
baseurl=http://dl.iuscommunity.org/pub/ius/stable/Redhat/5/$basearch
exclude=mysql*

-remi.repo
enabled = 0

-rpmforge.repo
enabled = 0

-webtatic.repo
enabled = 1
exclude=php*

1-1 기본 업데이트
yum -y update kernel
yum -y install yum-fastestmirror

--enablerepo=remi

yum clean all
yum update glibc*
yum update yum* rpm* python*
yum clean all

yum update
shutdown -r now

1-2 시스템 라이브러리 설치
sudo yum -y install zlib.x86_64 curl.x86_64
sudo yum -y install gcc.x86_64 g++.x86_64 cpp.x86_64 gcc-c++.x86_64 compat-gcc-34-g77.x86_64
sudo yum -y install libxml2.x86_64 libxml2-devel.x86_64
sudo yum -y install gd.x86_64 gd-devel.x86_64
sudo yum -y install freetype.x86_64 freetype-devel.x86_64
sudo yum -y install libpng.x86_64 libpng-devel.x86_64
sudo yum -y install libjpeg.x86_64 libjpeg-devel.x86_64
sudo yum -y install fontconfig.x86_64  fontconfig-devel.x86_64
sudo yum -y install mhash.x86_64 mhash-devel.x86_64
sudo yum -y install libmcrypt.x86_64 libmcrypt-devel.x86_64
sudo yum -y install openssl.x86_64 openssl-devel.x86_64
sudo yum -y install gmp.x86_64 gmp-devel.x86_64
sudo yum -y install flex.x86_64
sudo yum -y install libtermcap-devel.x86_64 ncurses-devel.x86_64 libc-client-devel.x86_64 bzip2-devel.x86_64


2. httpd 설치 

# whereis httpd
httpd:

# yum install httpd.x86_64 --enablerepo=remi
# whereis httpd
httpd: /usr/sbin/httpd /usr/sbin/httpd.event /usr/sbin/httpd.worker /etc/httpd /usr/share/man/man8/httpd.8.gz


3. mysql 설치 
# yum install mysql.x86_64 mysql-server.x86_64 --enablerepo=remi
# whereis mysql
mysql: /usr/bin/mysql /usr/share/mysql /usr/share/man/man1/mysql.1.gz


4. php 설치 
# yum install php.x86_64 --enablerepo=remi
# whereis php
php: /usr/bin/php /etc/php.ini /etc/php.d /usr/share/php /usr/share/man/man1/php.1.gz

# yum --enablerepo=remi install php-devel.x86_64 php-mysql.x86_64 php-eaccelerator.x86_64 php-gd.x86_64 php-mhash.x86_64 php-mcrypt.x86_64 php-mbstring.x86_64 php-xml.x86_64

>> 오라클 익스텐션 설치 
 http://www.oracle.com/technetwork/articles/technote-php-instant-084410.html
  download oracle-instantclient11.2-basic-11.2.0.2.0.x86_64.rpm
  download oracle-instantclient11.2-devel-11.2.0.2.0.x86_64.rpm
 http://pecl.php.net/package/oci8
  # wget http://pecl.php.net/get/oci8-1.4.5.tgz


# rpm -Uvh oracle-instantclient11.2-basic-11.2.0.2.0.x86_64.rpm
# rpm -Uvh oracle-instantclient11.2-devel-11.2.0.2.0.x86_64.rpm

# tar xvfz oci8-1.4.5.tgz
# cd oci8-1.4.5
# phpize
# ./configure --with-oci8=instantclient,/usr/lib/oracle/11.2/client64/lib/ --with-php-config=/usr/bin/php-config && make
# cp ./modules/oci8.so /usr/lib64/php/modules/

# echo "extension=oci8.so" >> /etc/php.d/oci8.ini
# service httpd restart
# php -m | grep oci8
oci8


[확인]
# echo "" >> /var/www/html/index.html
# echo -e "\n\nDirectoryIndex index.php index.html index.htm" >> /etc/httpd/conf.d/php.conf

# echo -e "\nAddType application/x-httpd-php .php .htm .html .inc" >> /etc/httpd/conf.d/php.conf
# echo -e "AddType application/x-httpd-php-source .phps" >> /etc/httpd/conf.d/php.conf
# echo -e "AddType application/x-tar .tgz" >> /etc/httpd/conf.d/php.conf
# echo -e "AddType image/x-icon .ico" >> /etc/httpd/conf.d/php.conf
# echo -e "AddType application/x-httpd-cgi .cgi" >> /etc/httpd/conf.d/php.conf
# echo -e "AddType application/json .json" >> /etc/httpd/conf.d/php.conf


-> 필요한 정도로 정리, 설정은 두번 한다고 해서 에러뜨지 않음, 뭐 필요하면 바꾸등가~
# vi /etc/httpd/conf.d/php.conf 
# service httpd restart 
# wget http://localhost

----------  설정 ---------

# 추가 패키지
cronolog.x86_64, awstats, mod_security, mod_evasive, mod_geoip, mod_ssl, clamav.x86_64, clamd, clamav-milter


httpd 부팅시 자동 구동

$ sudo systemctl enable httpd
$ systemctl status httpd

php-memcache 모듈설치

#sudo yum install php-pecl-memcache



[memcached]

설치
sudo yum -y install memcached


부팅시 자동 구동
$ sudo systemctl enable memcached
$ systemctl status memcached

sudo  vi /etc/sysconfig/memcached
CACHESIZE="1024" 로 변경

sudo systemctl restart memcached



[apc 설치]
$ sudo yum install php-pear php-devel httpd-devel pcre-devel gcc make
$ sudo pecl install apc

echo "extension=apc.so" > /etc/php.d/apc.ini

# vi /etc/php.d/apc.ini

apc.mode=shm
apc.enabled=0
apc.shm_segments=1

apc.shm_size=512M

apc.num_files_hint=7000

apc.user_entries_hint=4096

apc.ttl=7200
apc.user_ttl=7200
apc.gc_ttl=3600

apc.stat=1

apc.include_once_override=0

apc.enable_cli=0

apc.file_update_protection=2

apc.max_file_size=20M


apc.cache_by_default=0
apc.use_request_time=1
apc.slam_defense=0
apc.stat_ctime=0
apc.canonicalize=1
apc.write_lock=1
apc.report_autofilter=0
apc.rfc1867=0
apc.rfc1867_prefix=upload_
apc.rfc1867_name=APC_UPLOAD_PROGRESS
apc.rfc1867_freq=0
apc.rfc1867_ttl=3600
apc.lazy_classes=0
apc.lazy_functions=0


[modsecurity]
# sudo mkdir /etc/httpd/modsecurity.d

http://modsecurity.org/rules.html 에서 
일단 modsecurity 홈페이지 우측 core rules 에 들어가시면 OWASP crs을 제공하고 있으며 zip 파일을 다운 받아 사용하시면 됩니다. 

# vi /etc/httpd/conf.d/mod_security.conf


    # ModSecurity Core Rules Set configuration
        IncludeOptional modsecurity.d/*.conf
        IncludeOptional modsecurity.d/activated_rules/*.conf

    # Default recommended configuration
    SecRuleEngine On
    SecRequestBodyAccess On
    SecRule REQUEST_HEADERS:Content-Type "text/xml" \
         "id:'200000',phase:1,t:none,t:lowercase,pass,nolog,ctl:requestBodyProcessor=XML"
    SecRequestBodyLimit 13107200
    SecRequestBodyNoFilesLimit 131072
    SecRequestBodyInMemoryLimit 131072
    SecRequestBodyLimitAction Reject
    SecRule REQBODY_ERROR "!@eq 0" \
    "id:'200001', phase:2,t:none,log,deny,status:400,msg:'Failed to parse request body.',logdata:'%{reqbody_error_msg}',severity:2"
    SecRule MULTIPART_STRICT_ERROR "!@eq 0" \
    "id:'200002',phase:2,t:none,log,deny,status:44,msg:'Multipart request body \
    failed strict validation: \
    PE %{REQBODY_PROCESSOR_ERROR}, \
    BQ %{MULTIPART_BOUNDARY_QUOTED}, \
    BW %{MULTIPART_BOUNDARY_WHITESPACE}, \
    DB %{MULTIPART_DATA_BEFORE}, \
    DA %{MULTIPART_DATA_AFTER}, \
    HF %{MULTIPART_HEADER_FOLDING}, \
    LF %{MULTIPART_LF_LINE}, \
    SM %{MULTIPART_MISSING_SEMICOLON}, \
    IQ %{MULTIPART_INVALID_QUOTING}, \
    IP %{MULTIPART_INVALID_PART}, \
    IH %{MULTIPART_INVALID_HEADER_FOLDING}, \
    FL %{MULTIPART_FILE_LIMIT_EXCEEDED}'"

    #SecRule MULTIPART_UNMATCHED_BOUNDARY "!@eq 0" \
    #"id:'200003',phase:2,t:none,log,deny,status:44,msg:'Multipart parser detected a possible unmatched boundary.'"

    SecPcreMatchLimit 1000
    SecPcreMatchLimitRecursion 1000

    SecRule TX:/^MSC_/ "!@streq 0" \
            "id:'200004',phase:2,t:none,deny,msg:'ModSecurity internal error flagged: %{MATCHED_VAR_NAME}'"

    SecResponseBodyAccess Off
    SecDebugLog /var/log/httpd/modsec_debug.log
    SecDebugLogLevel 0
    SecAuditEngine RelevantOnly
    SecAuditLogRelevantStatus "^(?:5|4(?!04))"
    SecAuditLogParts ABIJDEFHZ
    SecAuditLogType Serial
    SecAuditLog /var/log/httpd/modsec_audit.log
    SecArgumentSeparator &
    SecCookieFormat 0
    SecTmpDir /var/lib/mod_security
    SecDataDir /var/lib/mod_security