Let's start by running the best command ever, apt-get. This will get all the packages we need.
sudo apt-get install apache2 php5 php5-mysql libapache2-mod-php5 mysql-server libapache2-mod-auth-mysql
Alternatively, you can try
sudo tasksel install lamp-server
Apt will download the packages and install. Then, you'll see this as MySQL is being configured:
You'll have to confirm your password, and then you're done. Restart Apache.
sudo /etc/init.d/apache2 restart
Let's make sure everything went okay. Browse to your IP address. You should see an "It Works!" page. This means Apache is running. Let's check PHP. Run
sudo nano /var/www/test.php
Write out this single line to the file:
<?php phpinfo(); ?>
Browse to your addresss/test.php and you should see lots of information about the current state of PHP.
Securing MySQL
That installation was so easy, we'll do a little security cleanup too.
Log into MySQL:
mysql -uroot -p
Your prompt will change to mysql>
Create a user you'll be using to administrate the databases. By default, MySQL is secure in the fact that it will only allow root to login locally. That's excellent until you realize that MySQL can be a pain to administer locally. I don't mind too much, but some people like to install PHPMyAdmin. This can open you up to potential remote access attacks on the root user's password. Therefore, if you're going to install PMA, we'll get rid of the root user to make it more difficult to enumerate users. Let's start by creating a MySQL account, Zeus.
mysql> GRANT ALL PRIVILEGES ON *.* TO 'zeus'@'localhost'
-> IDENTIFIED BY 'yourpassword' WITH GRANT OPTION;
You should consider also adding the privileges to this user @ 127.0.0.1
mysql> GRANT ALL PRIVILEGES ON *.* TO 'zeus'@'127.0.0.1'
-> IDENTIFIED BY 'yourpassword' WITH GRANT OPTION;
At this point, you should create a user that will be the one accessing the database. Using your "God" user to access MySQL from your web application is bad karma and invites security risks. Google 'create mysql user' for the syntax on creating a user with less privileges.
Feel free to be creative with your names...
Flush the privileges and exit.
mysql> FLUSH PRIVILEGES;
mysql> quit
DO NOT ATTEMPT TO FORGET THIS PASSWORD! It's a pain to restore a MySQL root password, and even more of a pain when the root user doesn't exist, (some say impossible) so take it from me-- remember your privileged user's password for cripes' sake.
Login and delete the root and anonymous user once zeus was created.
mysql -uzeus -p
mysql> DELETE FROM mysql.user WHERE User = ' ';
mysql> DELETE FROM mysql.user WHERE User = 'root';
mysql> FLUSH PRIVILEGES;
Check out your work:
mysql> SELECT User, Host FROM mysql.user;
Don't drop the debian-sys-maint account.
Apache and MySQL Control
Here's how you can restart Apache and MySQL without rebooting your server if you have changed a configuration file.
sudo /etc/init.d/apache2 restart
sudo /etc/init.d/mysql restart
Replace 'restart' with 'stop' or 'start' if needed.
Thanks for reading again, next we'll show you a bit about the different administrative tools available for Linux.
No comments:
Post a Comment