CLASS="SECT1" BGCOLOR="#FFFFFF" TEXT="#000000" LINK="#0000FF" VLINK="#840084" ALINK="#0000FF" >

2. Prerequisites

2.1. General

To be continued

All major distributions should include this general prerequisites.

2.2. OpenSSL

2.2.1. What is OpenSSL

 

The OpenSSL Project is a collaborative effort to develop a robust, commercial-grade, full-featured, and Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols as well as a full-strength general purpose cryptography library. The project is managed by a worldwide community of volunteers that use the Internet to communicate, plan, and develop the OpenSSL toolkit and its related documentation.

OpenSSL is based on the excellent SSLeay library developed by Eric A. Young and Tim J. Hudson. The OpenSSL toolkit is licensed under an Apache-style license, which basically means that you are free to get and use it for commercial and non-commercial purposes subject to some simple license conditions.

From authors points of view, its the basic to build a secure Unix-Server with Opensource Software, its needed for all major products like mod_ssl, OpenSSH and lot of other stuff that provides encrypted Data-processing

 
--www.openssl.org 

OpenSSL provides the libraries and include-files needed be the products mentioned above and also provides a Application to build Server and client-Certificates.

2.2.2. Download the source

Origin-Site http://www.openssl.org

2.2.3. Building and installing

cd /usr/local
tar -xvzf openssl-0.9.7.tar.gz
 
cd openssl-0.9.7
 
./config shared 
 
make
make test
make install

echo "/usr/local/ssl/lib" >> /etc/ld.so.conf
ldconfig

TipSelect your CPU to improve speed
 

By default the Makefile generates code for the i486 CPU. You can change this by editing the Makefile after running config shared. Search for -m486 and replace it i.e with -march=athlon

2.3. GNU Database System

2.3.1. What is gdbm

 

GNU dbm is a set of database routines that use extensible hashing. It works similar to the standard UNIX dbm routines.

 
--www.gnu.org/software/gdbm 

The GNU dbm is a very important application used by almost every distribution. So it is installed by default on all distributions I tested.

In all probability the needed header files which are mandatory to build Apache with mod_rewrite and PHP are not installed by default. Please consult your distributions CD/DVD and install the devel package (The version can vary):
rpm -i gdbm-devel-1.8.0-546

This procedure is verified for SuSE and Redhat. Please confirm for other RPM based systems like Mandrake. Debian will follow as soon as possible.

Users of Debian bases systems can install gdbm as follow:

apt-get install libgdbmg1-dev

2.3.2. Building and installing by yourself

In the unlikely case that your distribution does not contain gdbm here the instructions how to build it.

./configure 

make
make install

ldconfig

2.4. MySQL

2.4.1. What is MySQL

MySQL is a very fast, powerful and very nice to handle Database.

Especially for webapplications where most access is read and few write, MySQL is the first choice. The newest Version is also transaction-capable. If you plan a Webapplication, that writes a lot of Data into the DB, maybe PostgreSQL is better suited for your project see Section 6.2.4 for installation hints

You need the C-API from MySQL for compiling PHP if you wish MySQL-Support in PHP. It is also needed if you want to use mod_authmysql, See Section 4.3 for more information

2.4.2. Download

Origin-Site: http://www.mysql.com/downloads/

2.4.3. Building and installing

cd /usr/local
tar -xvzf mysql-3.23.55.tar.gz 
cd mysql-3.23.55

./configure \
--prefix=/usr/local/mysql \
--enable-assembler \
--with-innodb \
--without-debug

make 
make install 

/usr/local/mysql/bin/mysql_install_db
echo /usr/local/mysql/lib/mysql >> /etc/ld.so.conf 
ldconfig

For security-improvement add a MySQL-user on your system e.g. »mysql«.

chown -R mysql /usr/local/mysql/var

You may wish to start MySQL automatically at boottime, copy /usr/local/mysql/share/mysql/mysql.server to /etc/init.d/ (or wherever your rc-script are located) and create the corresponding symbolic link in the runlevel directories.
cp /usr/local/mysql/share/mysql/mysql.server /etc/init.d/

ln -s /etc/init.d/mysql.server /etc/init.d/rc3.d/S20mysql
ln -s /etc/init.d/mysql.server /etc/init.d/rc3.d/K20mysql

2.4.4. Securing MySQL

This part is only optional, and describes how to bind the MySQL daemon to the localhost IP

I suggest to just bind MySQL to the loopback-interface 127.0.0.1. This makes sure nobody can connect to your MySQL-Daemon via the network. But of course it only makes sense if MySQL runs on the same box like the webserver.

edit /etc/init.d/mysql.server and edit line 107 as following:

Original line:

$bindir/safe_mysqld --datadir=$datadir --pid-file=$pid_file&

Changed line:

$bindir/safe_mysqld --datadir=$datadir --pid-file=$pid_file \
--bind-address=127.0.0.1& (1)

(1)
Here you can define to which interface MySQL should be bound

Alternatively you can completely disable the networking functionality of MySQL.

$bindir/safe_mysqld --datadir=$datadir --pid-file=$pid_file \
--skip-networking &

2.5. Building mm

2.5.1. What is mm

 

The MM library is a 2-layer abstraction library which simplifies the usage of shared memory between forked (and this way strongly related) processes under Unix platforms. On the first layer it hides all platform dependent implementation details (allocation and locking) when dealing with shared memory segments and on the second layer it provides a high-level malloc(3)-style API for a convenient and well known way to work with data-structures inside those shared memory segments.

 
--www.engelschall.com 

It is a common library that enables Unix programmers to simplify shm (Shared memory) accesses. It is used by many products, e.g. PHP and mod_ssl

2.5.3. Building and installing

cd /usr/local
 
tar -xvzf mm-1.2.2.tar.gz
 
cd mm-1.2.2
 
./configure
make
make test
make install

ldconfig

Notes

[1]

This RPM contains the header files needed for php

[2]

Only needed if PHP is being built from the CVS tree