Professional Documents
Culture Documents
Overzicht Presentatie
1. Introductie LAMP Stack: 2. Raspbian 3. Nginx 4. MySQL 5. PHP 6. phpMyAdmin
>>>Sheetsvia:www.db8.nl<<<
1. Introductie Raspberry Pi
Doel
educatief
engineers van nu: computerervaring op homecomputers jeugd van tegenwoordig: computerles = software bedienen, menu's klikken en swipen...
1. Introductie Raspberry Pi
Voordelen
Rpi
Klein Goedkoop: $ 35 38 Euro Weinig stroom (3,5 Watt) Geen bewegende onderdelen Stil Standaard (2 types)
veel
documentatie (Linux & RPi) veel gedocumenteerde toepassingen veel aanvullende hardware veel software
1. Introductie Raspberry Pi
Hardware
Single-board computer, 700 Mhz RAM 512 Mbyte (1e versie: 256 Mbyte) Graphics: Broadcom VideoCore IV Aansluitingen:
SD
Card Micro USB powerplug (5v 1A 3,5 Watt) Ethernet HDMI & RCA Video Audio 2x USB GPIO
1. Introductie Raspberry Pi
Community
LAMP Stack
Linux Raspbian (Debian for Raspberry Pi) 3. Apache Nginx [engine x] 4. MySQL 5. PHP 6. phpMyAdmin
2. Raspbian
a)Installatie b)In netwerk plaatsen c) Updaten d)Backup e)Configuratie f) Toegang via Internet
10
2a. Raspbian
Download
2013-02-09-wheezy-raspbian.zip Unzip
11
locatie: dmesg
12
13
sudo dd bs=1M if=~/rpi/2013-02-09-wheezyraspbian.img of=/dev/mmcblk0 OSX: sudo dd bs=1M if=~/rpi/2013-02-09-wheezyraspbian.img of=/dev/disk1s1 dd bs=1M if=c:\temp\2013-02-09-wheezyraspbian.img od=e
14
Mac
Windows:
15
16
17
18
20
21
22
SD
Backup:
23
24
25
26
27
SSH verkeer = IP 192.168.0.9, poort 22 Webverkeer = IP 192.168.0.9, poort 80 Https verkeer = IP 192.168.0.9, poort 443
Raspberry
Pi Static IP
30
31
3. Nginx webserver
32
3. Nginx
Hoge prestaties:
Statische pagina's zeer SNEL! Dynamsiche pagina's SNEL!
Laag geheugengebruik (handig op Rpi !) Eenvoudige configuratie Automatische test configuratiewijzigingen Reverse proxy mogelijkheden
40 miljoen domeinen 13,5 % van alle servers 20% van de 1000 drukste websites 33
3. Nginx Populariteit
34
3. Nginx Installatie
peter@rpi~$sudoaptgetinstallnginx Readingpackagelists...Done [..] Needtoget2,132kBofarchives. Afterthisoperation,6,200kBofadditional diskspacewillbeused. Doyouwanttocontinue[Y/n]?y [..] Settingupnginx(1.2.12.2)... peter@rpi~$
35
3. Nginx Configuratie
peter@rpi~$sudonano/etc/nginx/nginx.conf userwwwdata; worker_processes1; pid/var/run/nginx.pid; peter@rpi~$sudo/etc/init.d/nginxstart
36
3. Nginx Websites
Browse URL http://192.168.0.9/ of http://petermartin.nl Resultaat:
Welcome to nginx!
37
/index.html
2. Configuratiebestand voor site /etc/nginx/sites-available/ petermartin.nl 3. Activeren dmv symbolic link naar config bestand /etc/nginx/sites-enabled/ petermartin.nl 4. Nginx nieuwe configuratie laden: $ sudo /etc/init.d/nginx reload
38
40
peter@rpi~$sudo/etc/init.d/nginxreload Reloadingnginxconfiguration:nginx.
41
http://192.168.0.9/petermartin.nl
Welkom op de Joomladagen!
Website: petermartin.nl
Error?
404 Not Found nginx/1.2.1 Controleer error log file: $ cat /var/log/nginx/petermartin.nl.error_log
42
43
4. MySQL
Voor
Joomla 2.5+ = geen SQLite driver beschikbaar installatie meteen configuratie: User: root Password: databasepassword site veiliger maken dmv: $ sudo mysql_secure_installation
Bij
Live
44
4. MySQL Installatie
peter@rpi~$sudoaptgetinstallmysql server Readingpackagelists...Done [..] Needtoget9,603kBofarchives. Afterthisoperation,91.1MBofadditional diskspacewillbeused. Doyouwanttocontinue[Y/n]?y [..] Settingupmysqlserver(5.5.30+dfsg1)... Processingtriggersformenu... peter@rpi~$sudomysql_secure_installation
45
5. PHP
46
php5-fpm
FastCGI Process Manager interpreter that runs as a daemon and receives Fast/CGI requests modules for MySQL database connections directly from PHP scripts
php5-mysql
php5-cli
command-line interpreter library for getting files from FTP & HTTP server 47
php5-curl
5. PHP Installatie
peter@rpi~$sudoaptgetinstall php5fpmphp5mysql Readingpackagelists...Done [..] Settingupphp5(5.4.414)... Processingtriggersforphp5fpm... [ok]RestartingPHP5FastCGIProcess Manager:php5fpm. peter@rpi~$
48
49
5. PHP Resultaat
Test
met phpinfo();
50
6. phpMyAdmin
51
6. phpMyAdmin
Database
GUI
http://192.168.0.9/phpmyadmin/
Beveilig:
52
6. phpMyAdmin Installatie
peter@rpi~$sudoaptgetinstallphpmyadmin Readingpackagelists...Done [..] Needtoget6,092kBofarchives. Afterthisoperation,16.6MBofadditionaldisk spacewillbeused. Doyouwanttocontinue[Y/n]?y [..] Webservertoreconfigureautomatically:none Configuredatabaseforphpmyadminwithdbconfig common?N Creatingconfigfile/etc/phpmyadmin/configdb.php withnewversion peter@rpi~$
Peter Martin joomladagen.nl 20+21 april 2013
53
54
55
7. Joomla
56
7. Joomla
Download Via
phpMyAdmin database aanmaken http://192.168.0.9/phpmyadmin/ database: petermartin URL Joomla installatie beginnen
Via
57
58
http://192.168.0.9/petermartin.nl/
SEF
59
60
8. Performance
61
8. Performance
PHP-FPM Joomla NGINX
cache
Niet
62
63
64
9. Security
65
9. Veiligheid 10 Aspecten
1. Verander standaard username pi & password 2. Backup !!! 3. Bestudeer logfiles (evt. Logwatch)
66
67
68
9. Veiligheid 10 Aspecten
1. Verander standaard username pi & password 2. Backup !!! 3. Bestudeer logfiles (evt. Logwatch) 4. Block ssh root login ! 5. Block portscans -> Firewall
69
9. Veiligheid Firewall
{checkFirewall} peter@rpi~$sudoiptablesL ChainINPUT(policyACCEPT) target protoptsource ChainFORWARD(policyACCEPT) target protoptsource ChainOUTPUT(policyACCEPT) target protoptsource {maakFirewallregels} peter@rpi~$sudonano /etc/iptables.firewall.rules
70
71
72
73
74
75
9. Veiligheid Fail2Ban
Scan
Filters
/etc/fail2ban/filter.d/
Regex ROOT LOGIN REFUSED, POSSIBLE BREAK-IN ATTEMPT!, Failed password etc...
76
9. Veiligheid Fail2Ban
{installeerFail2Ban} peter@rpi~$sudoaptgetinstallfail2ban Readingpackagelists...Done 0upgraded,6newlyinstalled,0toremoveand0not upgraded. Needtoget340kBofarchives. {bekijkmislukteinlogpogingen} peter@rpi~$catfail2ban.log
2013040916:45:59,000fail2ban.actions:WARNING[ssh]Ban9.8.7.6
{checkFirewall} peter@rpi~$sudoiptablesL Chainfail2banssh(1references) target protoptsource DROP alltest123.example.com RETURN allanywhere destination anywhere anywhere
77
9. Veiligheid 10 Aspecten
1. Verander standaard username pi & password 2. Backup !!! 3. Bestudeer logfiles (evt. Logwatch) 4. Block ssh root login ! 5. Block portscans -> Firewall 6. Block scriptkiddies
78
/var/log/nginx/petermartin.nl.access_log
198.7.57.74 - - [30/Mar/2013:16:47:49 +0100] "GET /w00tw00t.at.blackhats.romanian.anti-sec:) HTTP/1.1" 404 1565 "-" "ZmEu" 198.7.57.74 - - [30/Mar/2013:16:47:52 +0100] "GET /phpmyadmin/scripts/setup.php HTTP/1.1" 403 135 "-" "ZmEu" 198.7.57.74 - - [30/Mar/2013:16:47:52 +0100] "GET /pma/scripts/setup.php HTTP/1.1" 404 47 "-" "ZmEu" 198.7.57.74 - - [30/Mar/2013:16:47:52 +0100] "GET /myadmin/scripts/setup.php HTTP/1.1" 404 47 "-" "ZmEu" 198.7.57.74 - - [30/Mar/2013:16:47:53 +0100] "GET /MyAdmin/scripts/setup.php HTTP/1.1" 404 47 "-" "ZmEu" 198.7.57.74 - - [30/Mar/2013:16:47:53 +0100] "GET /scripts/setup.php HTTP/1.1" 404 47 "-" "ZmEu" 198.7.57.74 - - [30/Mar/2013:16:47:54 +0100] "GET /typo3/phpmyadmin/scripts/setup.php HTTP/1.1" 404 47 "-" "ZmEu" 198.7.57.74 - - [30/Mar/2013:16:47:55 +0100] "GET /phpadmin/scripts/setup.php HTTP/1.1" 404 47 "-" "ZmEu" 198.7.57.74 - - [30/Mar/2013:16:47:55 +0100] "GET /phpMyAdmin/scripts/setup.php HTTP/1.1" 404 47 "-" "ZmEu" 198.7.57.74 - - [30/Mar/2013:16:47:55 +0100] "GET /phpmyadmin/scripts/setup.php HTTP/1.1" 403 135 "-" "ZmEu" 198.7.57.74 - - [30/Mar/2013:16:47:55 +0100] "GET /phpmyadmin1/scripts/setup.php HTTP/1.1" 404 47 "-" "ZmEu" 198.7.57.74 - - [30/Mar/2013:16:47:55 +0100] "GET /phpmyadmin2/scripts/setup.php HTTP/1.1" 404 47 "-" "ZmEu" 198.7.57.74 - - [30/Mar/2013:16:47:56 +0100] "GET /pma/scripts/setup.php HTTP/1.1" 404 47 "-" "ZmEu" 198.7.57.74 - - [30/Mar/2013:16:47:56 +0100] "GET /web/phpMyAdmin/scripts/setup.php HTTP/1.1" 404 47 "-" "ZmEu" 198.7.57.74 - - [30/Mar/2013:16:47:56 +0100] "GET /xampp/phpmyadmin/scripts/setup.php HTTP/1.1" 404 47 "-" "ZmEu" 198.7.57.74 - - [30/Mar/2013:16:47:56 +0100] "GET /web/scripts/setup.php HTTP/1.1" 404 47 "-" "ZmEu" 198.7.57.74 - - [30/Mar/2013:16:47:56 +0100] "GET /php-my-admin/scripts/setup.php HTTP/1.1" 404 47 "-" "ZmEu" 198.7.57.74 - - [30/Mar/2013:16:47:56 +0100] "GET /websql/scripts/setup.php HTTP/1.1" 404 47 "-" "ZmEu" 198.7.57.74 - - [30/Mar/2013:16:48:23 +0100] "GET /sqlmanager/scripts/setup.php HTTP/1.1" 404 47 "-" "ZmEu" 198.7.57.74 - - [30/Mar/2013:16:48:23 +0100] "GET /mysqlmanager/scripts/setup.php HTTP/1.1" 404 47 "-" "ZmEu" 198.7.57.74 - - [30/Mar/2013:16:48:23 +0100] "GET /p/m/a/scripts/setup.php HTTP/1.1" 404 47 "-" "ZmEu" 198.7.57.74 - - [30/Mar/2013:16:48:23 +0100] "GET /PMA2005/scripts/setup.php HTTP/1.1" 404 47 "-" "ZmEu" 198.7.57.74 - - [30/Mar/2013:16:48:24 +0100] "GET /pma2005/scripts/setup.php HTTP/1.1" 404 47 "-" "ZmEu" 198.7.57.74 - - [30/Mar/2013:16:48:24 +0100] "GET /phpmanager/scripts/setup.php HTTP/1.1" 404 47 "-" "ZmEu" 198.7.57.74 - - [30/Mar/2013:16:48:24 +0100] "GET /php-myadmin/scripts/setup.php HTTP/1.1" 404 47 "-" "ZmEu" 198.7.57.74 - - [30/Mar/2013:16:48:24 +0100] "GET /sqlweb/scripts/setup.php HTTP/1.1" 404 47 "-" "ZmEu" 198.7.57.74 - - [30/Mar/2013:16:48:24 +0100] "GET /webdb/scripts/setup.php HTTP/1.1" 404 47 "-" "ZmEu" 198.7.57.74 - - [30/Mar/2013:16:48:24 +0100] "GET /mysqladmin/scripts/setup.php HTTP/1.1" 404 47 "-" "ZmEu" 198.7.57.74 - - [30/Mar/2013:16:48:24 +0100] "GET /websql/scripts/setup.php HTTP/1.1" 404 47 "-" "ZmEu"
79
80
81
9. Veiligheid 10 Aspecten
1. Verander standaard username pi & password 2. Backup !!! 3. Bestudeer logfiles (evt. Logwatch) 4. Block ssh root login ! 5. Block portscans -> Firewall 6. Block scriptkiddies 7. SSL certificaat /administrator 8. Block phpmyadmin + block exception 9. Backup !!! 10.Passwordless login? SSH shared keys
Peter Martin joomladagen.nl 20+21 april 2013
82
Einde
83
84
Vragen?
85
Vragen?
Presentatie
86
Gebruikte foto's
Switched On Tech Design - www.sotechdesign.com.au Bricks - Sharlene Jackson http://www.sxc.hu/photo/759981 Hotrod Dash - Peter Mazurek http://www.sxc.hu/photo/1341923 Greased Lightnin' - Donald Cook http://www.sxc.hu/photo/690214 File Overload - Bob Smith http://www.sxc.hu/photo/367985 Rusted Gears - Angelo Rosa http://www.sxc.hu/photo/1365696 Man Made - "csremedy" http://www.sxc.hu/photo/1267108 digital world - ilker http://www.sxc.hu/photo/1206711 Crazy Man in Shower - scott adams http://www.sxc.hu/photo/760765 laptop 2 - emre nacigil http://www.sxc.hu/photo/810741 Speedometer Abdulhamid AlFadhly http://www.sxc.hu/photo/1390189 Secure - Frank Khne http://www.sxc.hu/photo/962334 signs signs - Jason Antony, http://www.sxc.hu/photo/751034 Face - Questions - Bob Smith, http://www.sxc.hu/photo/418215
87