さくらVPSで初期設定

Userの追加

adduser amacou
passwd amacou

SSHの設定

portの変更 vi /etc/ssh/sshd_config 以下を変更 #Port 22 Port 12222

#LoginGraceTime 2m
LoginGraceTime 2m
#PermitRootLogin no
PermitRootLogin no
#StrictModes yes
StrictModes yes

#RSAAuthentication yes
RSAAuthentication yes
#PubkeyAuthentication yes
PubkeyAuthentication yes
#AuthorizedKeysFile .ssh/authorized_keys
AuthorizedKeysFile .ssh/authorized_keys

#PermitEmptyPasswords yes
PasswordAuthentication no

自分のPCでssh-keygenする ssh-keygen

suで作成したユーザに変更 su - amacou

作成したpubファイルの中身をサーバの~/.ssh/authorized_keysに追記する vi ~/.ssh/authorized_keys

パーミッションを変更 chmod 700 ~/.ssh chmod 600 ~/.ssh/authorized_keys

suから抜ける exit

sshdをリスタート /etc/init.d/sshd restart

自分のPCの~/.ssh/configに追記

Host sakura
  HostName example.com #契約したVPSのhostかipアドレス
  User amacou
  Port 12222
  IdentityFile ~/.ssh/id_rsa #ssh-keygenで作成した

接続を確認 ssh sakura

iptablesを設定

設定ファイルを作成 vi /etc/sysconfig/iptables

以下を追記(ssh,http, https以外は適時追加)

*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:RH-Firewall-1-INPUT - [0:0]

-A INPUT -j RH-Firewall-1-INPUT
-A FORWARD -j RH-Firewall-1-INPUT
-A RH-Firewall-1-INPUT -i lo -j ACCEPT
-A RH-Firewall-1-INPUT -p icmp --icmp-type any -j ACCEPT
-A RH-Firewall-1-INPUT -p 50 -j ACCEPT
-A RH-Firewall-1-INPUT -p 51 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp --dport 5353 -d 224.0.0.251 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp -m udp --dport 631 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m tcp --dport 631 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT

-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 12222 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 443 -j ACCEPT

-A INPUT -i ppp0 -s 122.152.128.0/23 -j DROP
-A INPUT -i ppp0 -s 122.152.140.0/23 -j DROP
-A INPUT -i ppp0 -s 60.28.0.0/15 -j DROP
-A INPUT -i ppp0 -s 119.63.195.0/24 -j DROP

-A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited

COMMIT

iptablesを再起動 /etc/rc.d/init.d/iptables restart

rubyのインストール

必要なパッケージをインストール yum install -y zlib-devel yum install -y openssl-devel yum install -y readline readline-devel

rbenvとruby-buildでrubyをインストール

git clone git://github.com/sstephenson/rbenv.git .rbenv
echo 'export PATH="$HOME/.rbenv/bin:$PATH"' >> ~/.bash_profile
echo 'eval "$(rbenv init -)"' >> ~/.bash_profile
exec $SHELL
mkdir -p ~/.rbenv/plugins
cd ~/.rbenv/plugins
git clone git://github.com/sstephenson/ruby-build.git
source .bash_profile
rbenv install 1.9.3-p125
rbenv global 1.9.3-p125
rbenv rehash

nginxのインストール

su -
yum -y install nginx

自動起動 chkconfig nginx on

mysqlのインストール

yum install -y mysql mysql-devel mysql-server//i

設定ファイルを編集 vi /etc/my.cnf

以下を追加

[client]
port = 3306
socket=/var/lib/mysql/mysql.sock
default-character-set = utf8

[mysqld]
skip-character-set-client-handshake
default-character-set = utf8

自動起動設定 chkconfig –add mysqld chkconfig mysqld on

mysql_secure_installationで初期設定 mysql_secure_installation

NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MySQL
      SERVERS IN PRODUCTION USE! PLEASE READ EACH STEP CAREFULLY!



In order to log into MySQL to secure it, we'll need the current
password for the root user. If you've just installed MySQL, and
you haven't set the root password yet, the password will be blank,
so you should just press enter here.

Enter current password for root (enter for none): 
OK, successfully used password, moving on...

Setting the root password ensures that nobody can log into the MySQL
root user without the proper authorisation.

Set root password? [Y/n] Y
New password: 
Re-enter new password: 
Password updated successfully!
Reloading privilege tables..
 ... Success!


By default, a MySQL installation has an anonymous user, allowing anyone
to log into MySQL without having to have a user account created for
them. This is intended only for testing, and to make the installation
go a bit smoother. You should remove them before moving into a
production environment.

Remove anonymous users? [Y/n] Y
 ... Success!

Normally, root should only be allowed to connect from 'localhost'. This
ensures that someone cannot guess at the root password from the network.

Disallow root login remotely? [Y/n] Y
 ... Success!

By default, MySQL comes with a database named 'test' that anyone can
access. This is also intended only for testing, and should be removed
before moving into a production environment.

Remove test database and access to it? [Y/n] Y
 - Dropping test database...
 ... Success!
 - Removing privileges on test database...
 ... Success!

Reloading the privilege tables will ensure that all changes made so far
will take effect immediately.

Reload privilege tables now? [Y/n] Y
 ... Success!

Cleaning up...



All done! If you've completed all of the above steps, your MySQL
installation should now be secure.

Thanks for using MySQL!

redis

インストール

yum install -y redis

自動起動

chkconfig redis on

monitの設定

install

yum install -y monit

nginx

check process nginx with pidfile /var/run/nginx.pid
start program = "/etc/init.d/nginx start"
stop program = "/etc/init.d/nginx stop"

mysqld

check process mysqld with pidfile /var/run/mysqld/mysqld.pid
start program = "/etc/init.d/mysqld start"
stop program = "/etc/init.d/mysqld stop"

postfix

check process postfix with pidfile /var/spool/postfix/pid/master.pid
start program = "/etc/init.d/postfix start"
stop program = "/etc/init.d/postfix stop"
if failed port 25 protocol smtp then restart