RHEL5.1+SELINUX-LAMP=APACHE+PHP+MYSQL+PHPMYADMIN+ZEND

四、安装PHP
[root@Kevin soft]# gunzip suhosin-patch-5.25-0.9.6.2.patch.gz
[root@Kevin soft]# tar xjvf php-5.2.5.tar.bz2
[root@Kevin php-5.2.5]# patch -p1 < ../suhosin-patch-5.2.5-0.9.6.2.patch
[root@Kevin php-5.2.5]#  ./configure --prefix=/httpd/php --with-apxs2=/httpd/apache/bin/apxs \
> --with-mysql=/httpd/mysql --with-curl --enable-ftp \
> --with-libxml-dir --enable-soap --with-xsl --with-gd --with-jpeg-dir --with-zlib \
> --with-freetype-dir --enable-mbstring --with-iconv --disable-ipv6 \
> --with-mysql-sock=/tmp/mysql.sock --enable-magic-quotes \
> --enable-force-cgi-redirect --enable-short-tags --disable-debug

[root@Kevin php-5.2.5]# make

Build complete.
Don't forget to run 'make test'.

[root@Kevin php-5.2.5]# make test
这个过程会报错，不过没关系，继续
[root@Kevin php-5.2.5]# make install
同样出现上面的SELunix的问题，同样的方法解决

/soft/php-5.2.5/sapi/cli/php: error while loading shared libraries:
/usr/local/lib/libxslt.so.1: cannot restore segment prot after reloc:
Permission denied
/soft/php-5.2.5/sapi/cli/php: error while loading shared libraries:
/usr/local/lib/libxslt.so.1: cannot restore segment prot after reloc:
Permission denied
make: [test] Error 127 (ignored)

[root@Kevin ～]# tail /var/log/messages
Dec 23 12:23:56 Kevin setroubleshoot:      SELinux is preventing
/soft/php-5.2.5/sapi/cli/php from loading /usr/local/lib/libxslt.so.1.1.22
which requires text relocation.      For complete SELinux messages. run
sealert -l 732b8a74-391c-4243-8474-3bfc7aa88fee

[root@Kevin php-5.2.5]# sealert -l 732b8a74-391c-4243-8474-3bfc7aa88fee
Summary
    SELinux is preventing /soft/php-5.2.5/sapi/cli/php from loading
    /usr/local/lib/libxslt.so.1.1.22 which requires text relocation.

Detailed Description
    The /soft/php-5.2.5/sapi/cli/php application attempted to load
    /usr/local/lib/libxslt.so.1.1.22 which requires text relocation.  This is
a
    potential security problem. Most libraries do not need this permission.
    Libraries are sometimes coded incorrectly and request this permission.
The
    http://people.redhat.com/drepper/selinux-mem.html web page explains how to
    remove this requirement.  You can configure SELinux temporarily to allow
    /usr/local/lib/libxslt.so.1.1.22 to use relocation as a workaround, until
    the library is fixed. Please file a
    http://bugzilla.redhat.com/bugzilla/enter_bug.cgi against this package.

Allowing Access
    If you trust /usr/local/lib/libxslt.so.1.1.22 to run correctly, you can
    change the file context to textrel_shlib_t. "chcon -t textrel_shlib_t
    /usr/local/lib/libxslt.so.1.1.22"

    The following command will allow this access:
    chcon -t textrel_shlib_t /usr/local/lib/libxslt.so.1.1.22

Additional Information        

Source Context                root:system_r:unconfined_t:SystemLow-SystemHigh
Target Context                system_u:object_r:lib_t
Target Objects                /usr/local/lib/libxslt.so.1.1.22 [ file ]
Affected RPM Packages         
Policy RPM                    selinux-policy-2.4.6-104.el5
Selinux Enabled               True
Policy Type                   targeted
MLS Enabled                   True
Enforcing Mode                Enforcing
Plugin Name                   plugins.allow_execmod
Host Name                     Kevin
Platform                      Linux Kevin 2.6.18-53.el5xen #1 SMP Wed Oct 10
                              17:06:12 EDT 2007 i686 i686
Alert Count                   2
Line Numbers                  

Raw Audit Messages            

avc: denied { execmod } for comm="php" dev=sda2 egid=0 euid=0
exe="/soft/php-5.2.5/sapi/cli/php" exit=-13 fsgid=0 fsuid=0 gid=0 items=0
path="/usr/local/lib/libxslt.so.1.1.22" pid=11348
scontext=root:system_r:unconfined_t:s0-s0:c0.c1023 sgid=0
subj=root:system_r:unconfined_t:s0-s0:c0.c1023 suid=0 tclass=file
tcontext=system_u:object_r:lib_t:s0 tty=pts0 uid=0

[root@Kevin php-5.2.5]# chcon -t textrel_shlib_t /usr/local/lib/libxslt.so.1.1.22

[root@Kevin php-5.2.5]# make install
安装成功

[root@Kevin php-5.2.5]# cp php.ini-dist /httpd/apache/conf/php.ini

[root@Kevin php-5.2.5]# vim /httpd/apache/conf/php.ini
;default_charset = "iso-8859-1"
在这行下面加一行
default_charset = "gbk"

配置apache
[root@Kevin php-5.2.5]# vim /httpd/apache/conf/httpd.conf
找到#AddType application/x-tar .tgz 这行，在下面加两行。
AddType application/x-httpd-php .php
AddType application/x-httpd-php-source .phps
找到下面一行
<IfModule dir_module>
    DirectoryIndex index.html
</IfModule>


[root@Kevin php-5.2.5]# service httpd restart
在安装好PHP重新加载APACHE服务的时候又出现了同样的问题，同样的方法解决
httpd: Syntax error on line 108 of /httpd/apache/conf/httpd.conf: Cannot load
/httpd/apache/modules/libphp5.so into server:
/httpd/apache/modules/libphp5.so: cannot restore segment prot after reloc:
Permission denied

[root@Kevin ~]# tail /var/log/messages
Dec 23 13:11:05 Kevin setroubleshoot:      SELinux is preventing
/httpd/apache/bin/httpd from loading /httpd/apache/modules/libphp5.so which
requires text relocation.      For complete SELinux messages. run
sealert -l4568ea8d-d6f7-47f2-9b9a-2611e15833dc

[root@Kevin php-5.2.5]# sealert -l 4568ea8d-d6f7-47f2-9b9a-2611e15833dc
Summary
    SELinux is preventing /httpd/apache/bin/httpd from loading
    /httpd/apache/modules/libphp5.so which requires text relocation.

Detailed Description
    The /httpd/apache/bin/httpd application attempted to load
    /httpd/apache/modules/libphp5.so which requires text relocation.  This is
a
    potential security problem. Most libraries do not need this permission.
    Libraries are sometimes coded incorrectly and request this permission.
The
    http://people.redhat.com/drepper/selinux-mem.html web page explains how to
    remove this requirement.  You can configure SELinux temporarily to allow
    /httpd/apache/modules/libphp5.so to use relocation as a workaround, until
    the library is fixed. Please file a
    http://bugzilla.redhat.com/bugzilla/enter_bug.cgi against this package.

Allowing Access
    If you trust /httpd/apache/modules/libphp5.so to run correctly, you can
    change the file context to textrel_shlib_t. "chcon -t textrel_shlib_t
    /httpd/apache/modules/libphp5.so"

    The following command will allow this access:
    chcon -t textrel_shlib_t /httpd/apache/modules/libphp5.so

Additional Information        

Source Context                root:system_r:unconfined_t:SystemLow-SystemHigh
Target Context                root:object_r:etc_runtime_t
Target Objects                /httpd/apache/modules/libphp5.so [ file ]
Affected RPM Packages         
Policy RPM                    selinux-policy-2.4.6-104.el5
Selinux Enabled               True
Policy Type                   targeted
MLS Enabled                   True
Enforcing Mode                Enforcing
Plugin Name                   plugins.allow_execmod
Host Name                     Kevin
Platform                      Linux Kevin 2.6.18-53.el5xen #1 SMP Wed Oct 10
                              17:06:12 EDT 2007 i686 i686
Alert Count                   1
Line Numbers                  

Raw Audit Messages            

avc: denied { execmod } for comm="httpd" dev=sda2 egid=0 euid=0
exe="/httpd/apache/bin/httpd" exit=-13 fsgid=0 fsuid=0 gid=0 items=0
path="/httpd/apache/modules/libphp5.so" pid=10571
scontext=root:system_r:unconfined_t:s0-s0:c0.c1023 sgid=0
subj=root:system_r:unconfined_t:s0-s0:c0.c1023 suid=0 tclass=file
tcontext=root:object_r:etc_runtime_t:s0 tty=pts0 uid=0


[root@Kevin php-5.2.5]# chcon -t textrel_shlib_t /httpd/apache/modules/libphp5.so

[root@Kevin php-5.2.5]# service httpd restart
OK，成功

写个测试页面

vi /www/index.php

<?
phpinfo();
?>

打开网站http://localhost结果变成了下载PHP文件了
修改/httpd/apache/conf/httpd.conf  
AddType application/x-httpd-php .php .php5


[root@Kevin php-5.2.5]# service httpd restart  

OK

用 http://loclahost/index.php or http://localhost 测试你的php and apache

五、安装；zend and phpadmin
1.install zendoptimizer
[root@Kevin soft]# tar xzvf ZendOptimizer-3.3.0-linux-glibc21-i386.tar.gz
[root@Kevin php-5.2.5]# cd ZendOptimizer-3.3.0-linux-glibc21-i386
[root@Kevin ZendOptimizer-3.3.0-linux-glibc21-i386]# ./install.sh
[ok]->[exit]->[yes]->[/httpd/zend]->[/httpd/apache/conf]->[yes]->[/httpd/apache/bin/apachectl]->
[ok]->[ok]->[no]
这个我是在图形界面下安装的，就没有截图了，基本的顺序就是这样子的。
use http://localhost/index.php or http://localhost test the zend program.

2.install phpMyadmin
[root@Kevin soft]# tar xjvf phpMyAdmin-2.11.3-all-languages.tar.gz
[root@Kevin php-5.2.5]# cp -rf phpMyAdmin-2.11.3-all-languages /www/phpmyadmin
[root@Kevin php-5.2.5]# cp config.sample.inc.php config.inc.php
[root@Kevin php-5.2.5]# vim config.inc.php

phpMyadmin可以各人发挥了，每个人的需求不一样，所以配置肯定也不一样了。以下是我的配置：
CODE:
[Copy to clipboard]
$cfg['blowfish_secret'] = 'cookie'; （使用cookie加密）


CODE:
[Copy to clipboard]
$cfg['Servers'][$i]['connect_type']  = 'socket';  （以socket方式连接MySQL）


CODE:
[Copy to clipboard]
$cfg['Servers'][$i]['compress']      = TRUE; （启用压缩以提高速度，如果访问不正常请改回FALSE）


CODE:
[Copy to clipboard]
$cfg['Servers'][$i]['auth_type']     = 'cookie'; （使用cookie进行身份验证）

visite http://localhost/phpmyadmin

用mysql的root登陆，前面我们为root设置了密码的，如果不设置密码，用空密码登陆也会出现一个警告吧 算是，你
用密码登陆就没有问题了。
还有一个提示错误，可能是php高版本的问题，需要用到mcrypt，我在前面没有安装，有时间我再做一次吧。

错误提示信息如下：
Cannot load mcrypt extension. Please check your PHP configuration.

因为之前没有安装mcrypt，在编译php的时候也没有--with-mcrypt
所以现在出现这个错误了。如果要解决只有重新编译mcrypt and php (网上没有找到答案。。。。。。)
这个问题我在网上找了很多资料，以及google，没有找到答案，如果有人知道怎么弄的话，请告诉我，谢谢！！
这样就不用重新编译了。

昨天做了一通宵，终于完成了在SELlinux下面配置好LAMP。

第一次在CU发贴，有问题请各位多多赐教！～ 谢谢