sa-sa-ki.jpのblog

[root@sl6 ~]# yum clean all
[root@sl6 ~]# yum --releasever=6.2 update

[root@sl6 ~]# cat /etc/redhat-release
Scientific Linux release 6.2 (Carbon)

[root@sl6 ~]# yum install lm_sensors
Setting up Install Process
Resolving Dependencies
--> Running transaction check
---> Package lm_sensors.x86_64 0:3.1.1-10.el6 will be installed
--> Processing Dependency: libsensors.so.4()(64bit) for package: lm_sensors-3.1.1-10.el6.x86_64
--> Running transaction check
---> Package lm_sensors-libs.x86_64 0:3.1.1-10.el6 will be installed
--> Finished Dependency Resolution

Dependencies Resolved

===========================================================
Package Arch Version Repository Size
===========================================================
Installing:
lm_sensors x86_64 3.1.1-10.el6 sl 121 k
Installing for dependencies:
lm_sensors-libs x86_64 3.1.1-10.el6 sl 36 k

Transaction Summary
===========================================================
Install 2 Package(s)

Total download size: 157 k
Installed size: 413 k
Is this ok [y/N]: y
Downloading Packages:
(1/2): lm_sensors-3.1.1-10.el6.x86_64.rpm | 121 kB 00:01
(2/2): lm_sensors-libs-3.1.1-10.el6.x86_64.rpm | 36 kB 00:00
-----------------------------------------------------------
Total 88 kB/s | 157 kB 00:01
Running rpm_check_debug
Running Transaction Test
Transaction Test Succeeded
Running Transaction
Installing : lm_sensors-libs-3.1.1-10.el6.x86_64 1/2
Installing : lm_sensors-3.1.1-10.el6.x86_64 2/2

Installed:
lm_sensors.x86_64 0:3.1.1-10.el6

Dependency Installed:
lm_sensors-libs.x86_64 0:3.1.1-10.el6

Complete!

[root@sl6 ~]# sensors-detect
# sensors-detect revision 1.1
# System: NEC Express5800/GT110b [N8100-1592Y]
# Board: GIGABYTE GA-6FASV

This program will help you determine which kernel modules you need
to load to use lm_sensors most effectively. It is generally safe
and recommended to accept the default answers to all questions,
unless you know what you're doing.

Some south bridges, CPUs or memory controllers contain embedded sensors.
Do you want to scan for them? This is totally safe. (YES/no): [Enter]キー押下
Silicon Integrated Systems SIS5595... No
VIA VT82C686 Integrated Sensors... No
VIA VT8231 Integrated Sensors... No
AMD K8 thermal sensors... No
AMD Family 11h thermal sensors... No
Intel Core family thermal sensor... No
Intel AMB FB-DIMM thermal sensor... No
VIA C7 thermal and voltage sensors... No

Some Super I/O chips contain embedded sensors. We have to write to
standard I/O ports to probe them. This is usually safe.
Do you want to scan for Super I/O sensors? (YES/no): [Enter]キー押下
Probing for Super-I/O at 0x2e/0x2f
Trying family `National Semiconductor'... No
Trying family `SMSC'... No
Trying family `VIA/Winbond/Nuvoton/Fintek'... No
Trying family `ITE'... No
Probing for Super-I/O at 0x4e/0x4f
Trying family `National Semiconductor'... No
Trying family `SMSC'... No
Trying family `VIA/Winbond/Nuvoton/Fintek'... Yes
Found `Winbond W83627DHG-P Super IO Sensors' Success!
(address 0x290, driver `w83627ehf')

Some systems (mainly servers) implement IPMI, a set of common interfaces
through which system health data may be retrieved, amongst other things.
We first try to get the information from SMBIOS. If we don't find it
there, we have to read from arbitrary I/O ports to probe for such
interfaces. This is normally safe. Do you want to scan for IPMI
interfaces? (YES/no):
Probing for `IPMI BMC KCS' at 0xca0... No
Probing for `IPMI BMC SMIC' at 0xca8... No

Some hardware monitoring chips are accessible through the ISA I/O ports.
We have to write to arbitrary I/O ports to probe them. This is usually
safe though. Yes, you do have ISA I/O ports even if you do not have any
ISA slots! Do you want to scan the ISA I/O ports? (yes/NO): [Enter]キー押下

Lastly, we can probe the I2C/SMBus adapters for connected hardware
monitoring devices. This is the most risky part, and while it works
reasonably well on most systems, it has been reported to cause trouble
on some systems.
Do you want to probe the I2C/SMBus adapters now? (YES/no): [Enter]キー押下
Found unknown SMBus adapter 8086:3b30 at 0000:00:1f.3.
Sorry, no supported PCI bus adapters found.
Module i2c-dev loaded successfully.

Next adapter: SMBus I801 adapter at 1840 (i2c-0)
Do you want to scan it? (yes/NO/selectively): yes
Client found at address 0x18
Probing for `Analog Devices ADM1021'... No
Probing for `Analog Devices ADM1021A/ADM1023'... No
Probing for `Maxim MAX1617'... Success!
(confidence 3, driver `adm1021')
Probing for `Maxim MAX1617A'... No
Probing for `Maxim MAX1668'... No
Probing for `Maxim MAX1805'... No
Probing for `Maxim MAX1989'... No
Probing for `Maxim MAX6655/MAX6656'... No
Probing for `TI THMC10'... No
Probing for `National Semiconductor LM84'... No
Probing for `Genesys Logic GL523SM'... No
Probing for `Onsemi MC1066'... No
Probing for `Maxim MAX1618'... No
Probing for `Maxim MAX1619'... No
Probing for `National Semiconductor LM82/LM83'... No
Probing for `Maxim MAX6654/MAX6690'... No
Probing for `Maxim MAX6680/MAX6681'... No
Probing for `National Semiconductor LM64'... No
Client found at address 0x19
Probing for `Analog Devices ADM1021'... No
Probing for `Analog Devices ADM1021A/ADM1023'... No
Probing for `Maxim MAX1617'... Success!
(confidence 3, driver `adm1021')
Probing for `Maxim MAX1617A'... No
Probing for `Maxim MAX1668'... No
Probing for `Maxim MAX1805'... No
Probing for `Maxim MAX1989'... No
Probing for `Maxim MAX6655/MAX6656'... No
Probing for `TI THMC10'... No
Probing for `National Semiconductor LM84'... No
Probing for `Genesys Logic GL523SM'... No
Probing for `Onsemi MC1066'... No
Probing for `Maxim MAX1618'... No
Probing for `Maxim MAX1619'... No
Probing for `National Semiconductor LM82/LM83'... No
Probing for `Maxim MAX6654/MAX6690'... No
Probing for `Maxim MAX6680/MAX6681'... No
Probing for `National Semiconductor LM95231'... No
Probing for `National Semiconductor LM95241'... No
Client found at address 0x1a
Probing for `Analog Devices ADM1021'... No
Probing for `Analog Devices ADM1021A/ADM1023'... No
Probing for `Maxim MAX1617'... Success!
(confidence 3, driver `adm1021')
Probing for `Maxim MAX1617A'... No
Probing for `Maxim MAX1668'... No
Probing for `Maxim MAX1805'... No
Probing for `Maxim MAX1989'... No
Probing for `Maxim MAX6655/MAX6656'... No
Probing for `TI THMC10'... No
Probing for `National Semiconductor LM84'... No
Probing for `Genesys Logic GL523SM'... No
Probing for `Onsemi MC1066'... No
Probing for `Maxim MAX1618'... No
Probing for `Maxim MAX1619'... No
Probing for `National Semiconductor LM82/LM83'... No
Probing for `Maxim MAX6654/MAX6690'... No
Probing for `Maxim MAX6680/MAX6681'... No
Client found at address 0x1b
Probing for `Maxim MAX6650/MAX6651'... No
Client found at address 0x2d
Probing for `Myson MTP008'... No
Probing for `National Semiconductor LM78'... No
Probing for `National Semiconductor LM79'... No
Probing for `National Semiconductor LM80'... No
Probing for `National Semiconductor LM85'... No
Probing for `National Semiconductor LM96000 or PC8374L'... No
Probing for `Analog Devices ADM1027'... No
Probing for `Analog Devices ADT7460 or ADT7463'... No
Probing for `SMSC EMC6D100 or EMC6D101'... No
Probing for `SMSC EMC6D102'... No
Probing for `SMSC EMC6D103'... No
Probing for `Winbond WPCD377I'... No
Probing for `Analog Devices ADT7476'... No
Probing for `Analog Devices ADT7490'... No
Probing for `Andigilog aSC7611'... No
Probing for `Andigilog aSC7621'... No
Probing for `National Semiconductor LM87'... No
Probing for `Analog Devices ADM1024'... No
Probing for `National Semiconductor LM93'... No
Probing for `Winbond W83781D'... No
Probing for `Winbond W83782D'... No
Probing for `Winbond W83783S'... No
Probing for `Winbond W83791D'... No
Probing for `Winbond W83792D'... No
Probing for `Winbond W83793R/G'... No
Probing for `Nuvoton W83795G/ADG'... No
Probing for `Winbond W83627HF'... No
Probing for `Winbond W83627EHF'... No
Probing for `Winbond W83627DHG/W83667HG/W83677HG'... Success!
(confidence 8, driver `use-isa-instead')
Probing for `Asus AS99127F (rev.1)'... No
Probing for `Asus AS99127F (rev.2)'... No
Probing for `Asus ASB100 Bach'... No
Probing for `Winbond W83L784R/AR/G'... No
Probing for `Winbond W83L785R/G'... No
Probing for `Genesys Logic GL518SM'... No
Probing for `Genesys Logic GL520SM'... No
Probing for `Genesys Logic GL525SM'... No
Probing for `Analog Devices ADM9240'... Success!
(confidence 7, driver `adm9240')
Probing for `Dallas Semiconductor DS1780'... No
Probing for `National Semiconductor LM81'... No
Probing for `Analog Devices ADM1026'... No
Probing for `Analog Devices ADM1025'... No
Probing for `Philips NE1619'... No
Probing for `Analog Devices ADM1029'... No
Probing for `Analog Devices ADM1030'... No
Probing for `Analog Devices ADM1031'... No
Probing for `Analog Devices ADM1022'... No
Probing for `Texas Instruments THMC50'... No
Probing for `VIA VT1211 (I2C)'... No
Probing for `ITE IT8712F'... No
Probing for `ALi M5879'... No
Probing for `SMSC LPC47M15x/192/292/997'... No
Probing for `SMSC DME1737'... No
Probing for `SMSC SCH5027D-NW'... No
Probing for `Fintek F75373S/SG'... No
Probing for `Fintek F75375S/SP'... No
Probing for `Fintek F75387SG/RG'... No
Probing for `Winbond W83791SD'... No
Client found at address 0x2e
Probing for `Myson MTP008'... No
Probing for `National Semiconductor LM78'... No
Probing for `National Semiconductor LM79'... No
Probing for `National Semiconductor LM80'... No
Probing for `National Semiconductor LM85'... No
Probing for `National Semiconductor LM96000 or PC8374L'... No
Probing for `Analog Devices ADM1027'... No
Probing for `Analog Devices ADT7460 or ADT7463'... No
Probing for `SMSC EMC6D100 or EMC6D101'... No
Probing for `SMSC EMC6D102'... No
Probing for `SMSC EMC6D103'... No
Probing for `Winbond WPCD377I'... No
Probing for `Analog Devices ADT7467 or ADT7468'... No
Probing for `Analog Devices ADT7470'... No
Probing for `Analog Devices ADT7473'... No
Probing for `Analog Devices ADT7475'... No
Probing for `Analog Devices ADT7476'... No
Probing for `Analog Devices ADT7490'... Success!
(confidence 5, driver `to-be-written')
Probing for `Andigilog aSC7611'... No
Probing for `Andigilog aSC7621'... No
Probing for `National Semiconductor LM87'... No
Probing for `Analog Devices ADM1024'... No
Probing for `National Semiconductor LM93'... No
Probing for `Winbond W83781D'... No
Probing for `Winbond W83782D'... No
Probing for `Winbond W83791D'... No
Probing for `Winbond W83792D'... No
Probing for `Winbond W83793R/G'... No
Probing for `Nuvoton W83795G/ADG'... No
Probing for `Winbond W83627HF'... No
Probing for `Winbond W83627EHF'... No
Probing for `Winbond W83627DHG/W83667HG/W83677HG'... No
Probing for `Asus AS99127F (rev.1)'... No
Probing for `Asus AS99127F (rev.2)'... No
Probing for `Asus ASB100 Bach'... No
Probing for `Winbond W83L786NR/NG/R/G'... No
Probing for `Winbond W83L785TS-S'... No
Probing for `Analog Devices ADM9240'... No
Probing for `Dallas Semiconductor DS1780'... No
Probing for `National Semiconductor LM81'... No
Probing for `Analog Devices ADM1026'... No
Probing for `Analog Devices ADM1025'... No
Probing for `Analog Devices ADM1029'... No
Probing for `Analog Devices ADM1030'... No
Probing for `Analog Devices ADM1031'... No
Probing for `Analog Devices ADM1022'... No
Probing for `Texas Instruments THMC50'... No
Probing for `Analog Devices ADM1028'... No
Probing for `Texas Instruments THMC51'... No
Probing for `ITE IT8712F'... No
Probing for `SMSC DME1737'... No
Probing for `SMSC SCH5027D-NW'... No
Probing for `Fintek F75373S/SG'... No
Probing for `Fintek F75375S/SP'... No
Probing for `Fintek F75387SG/RG'... No
Probing for `Winbond W83791SD'... No
Client found at address 0x49
Probing for `National Semiconductor LM75'... No
Probing for `Dallas Semiconductor DS75'... No
Probing for `National Semiconductor LM77'... No
Probing for `Dallas Semiconductor DS1621/DS1631'... No
Probing for `National Semiconductor LM73'... No
Probing for `National Semiconductor LM92'... No
Probing for `National Semiconductor LM76'... No
Probing for `Maxim MAX6633/MAX6634/MAX6635'... No
Client found at address 0x50
Probing for `Analog Devices ADM1033'... No
Probing for `Analog Devices ADM1034'... No
Probing for `SPD EEPROM'... No
Probing for `EDID EEPROM'... No
Client found at address 0x51
Probing for `Analog Devices ADM1033'... No
Probing for `Analog Devices ADM1034'... No
Probing for `SPD EEPROM'... No
Client found at address 0x52
Probing for `Analog Devices ADM1033'... No
Probing for `Analog Devices ADM1034'... No
Probing for `SPD EEPROM'... No
Client found at address 0x53
Probing for `Analog Devices ADM1033'... No
Probing for `Analog Devices ADM1034'... No
Probing for `SPD EEPROM'... No

Now follows a summary of the probes I have just done.
Just press ENTER to continue:

Driver `adm9240':
* Bus `SMBus I801 adapter at 1840'
Busdriver `i2c_i801', I2C address 0x2d
Chip `Analog Devices ADM9240' (confidence: 7)

Driver `adm1021':
* Bus `SMBus I801 adapter at 1840'
Busdriver `i2c_i801', I2C address 0x18
Chip `Maxim MAX1617' (confidence: 3)
* Bus `SMBus I801 adapter at 1840'
Busdriver `i2c_i801', I2C address 0x19
Chip `Maxim MAX1617' (confidence: 3)
* Bus `SMBus I801 adapter at 1840'
Busdriver `i2c_i801', I2C address 0x1a
Chip `Maxim MAX1617' (confidence: 3)

Driver `w83627ehf':
* ISA bus, address 0x290
Chip `Winbond W83627DHG-P Super IO Sensors' (confidence: 9)

Driver `to-be-written':
* Bus `SMBus I801 adapter at 1840'
Busdriver `i2c_i801', I2C address 0x2e
Chip `Analog Devices ADT7490' (confidence: 5)

Note: there is no driver for Analog Devices ADT7490 yet.
Check http://www.lm-sensors.org/wiki/Devices for updates.

Do you want to overwrite /etc/sysconfig/lm_sensors? (YES/no): [Enter]キー押下
Starting lm_sensors: loading module adm1021 adm9240 w83627e[ OK ]
Unloading i2c-dev... OK

[root@sl6 ~]# sensors
max1617-i2c-0-18
Adapter: SMBus I801 adapter at 1840
temp1: +0.0°C (low = +0.0°C, high = +66.0°C)
temp2: +2.0°C (low = +1.0°C, high = +33.0°C)

max1617-i2c-0-19
Adapter: SMBus I801 adapter at 1840
temp1: +0.0°C (low = +0.0°C, high = +66.0°C)
temp2: +2.0°C (low = +1.0°C, high = +33.0°C)

max1617-i2c-0-1a
Adapter: SMBus I801 adapter at 1840
temp1: +0.0°C (low = +0.0°C, high = +66.0°C)
temp2: +2.0°C (low = +1.0°C, high = +33.0°C)

adm9240-i2c-0-2d
Adapter: SMBus I801 adapter at 1840
in0: +1.37 V (min = +0.90 V, max = +2.63 V)
in1: +2.66 V (min = +2.36 V, max = +2.91 V)
in2: +3.63 V (min = +3.20 V, max = +3.90 V) ALARM
in3: +5.50 V (min = +4.84 V, max = +5.91 V)
in4: +9.38 V (min = +12.00 V, max = +0.94 V)
in5: +3.25 V (min = +2.87 V, max = +3.52 V)
fan1: 0 RPM (min = 4821 RPM, div = 8)
fan2: 0 RPM (min = 14063 RPM, div = 8)
temp1: +105.0°C (high = +0.0°C, hyst = +0.0°C)
cpu0_vid: +1.438 V

w83627dhg-isa-0290
Adapter: ISA adapter
Vcore: +0.84 V (min = +0.55 V, max = +1.62 V)
in1: +1.51 V (min = +1.34 V, max = +1.66 V)
AVCC: +3.38 V (min = +2.98 V, max = +3.63 V)
VCC: +3.38 V (min = +2.98 V, max = +3.63 V)
in4: +1.20 V (min = +1.54 V, max = +0.12 V) ALARM
in5: +1.85 V (min = +1.63 V, max = +2.00 V)
in6: +1.60 V (min = +1.40 V, max = +1.72 V)
3VSB: +3.34 V (min = +2.98 V, max = +3.63 V)
Vbat: +3.20 V (min = +2.70 V, max = +3.30 V)
fan1: 0 RPM (min = 301 RPM, div = 128) ALARM
fan2: 0 RPM (min = 21093 RPM, div = 64) ALARM
fan3: 0 RPM (min = 5273 RPM, div = 64) ALARM
fan4: 0 RPM (min = 301 RPM, div = 128) ALARM
fan5: 0 RPM (min = 8437 RPM, div = 32) ALARM
temp1: +105.0°C (high = +0.0°C, hyst = +0.0°C) ALARM sensor = thermistor
temp2: +42.5°C (high = +54.0°C, hyst = +5.0°C) sensor = diode
temp3: +31.0°C (high = +80.0°C, hyst = +75.0°C) sensor = thermistor
cpu0_vid: +1.500 V

[root@sl6 ~]# vi /etc/httpd/conf.d/webdav.conf
# https://www.sa-sa-ki.jp/webdavでアクセスされたら/var/www/webdav/にアクセスするようにエイリアスを設定
Alias /webdav "/var/www/webdav/"

# /webdavの設定
<Location /webdav>
# WebDavを有効にします
DAV On

# SSL通信でないとアクセスを禁止します
SSLRequireSSL

# Basin認証を利用します
AuthType Basic
AuthName "Login WebDav"
AuthUserFile /etc/httpd/.htpasswd

# 全てのBasin認証ユーザでアクセス可
Require valid-user

# ローカルネットワーク以外からのアクセス不可
Order deny,allow
Deny from all
Allow from 192.168.
</Location>

# 保存してviエディタを終了します

[root@sl6 ~]# /etc/rc.d/init.d/httpd restart
httpd を停止中: [ OK ]
httpd を起動中: [ OK ]

[root@sl6 ~]# mkdir /var/www/webdav/
[root@sl6 ~]# chmod 777 /var/www/webdav/
[root@sl6 ~]# chown apache.apache /var/www/webdav/

[root@sl6 ~]# htpasswd -c /etc/httpd/.htpasswd webdav
# 既に/etc/httpd/.htpasswdファイルに別のBasic認証ユーザを作成している場合、htpasswdのオプション-cを付けずに実行
[root@sl6 ~]# htpasswd /etc/httpd/.htpasswd webdav

New password: Basic認証用のパスワード
Re-type new password: Basic認証用のパスワード
Adding password for user webdav

[root@sl6 ~]# ls -la /var/www/webdav
合計 12
drwxrwxrwx  3 apache apache 4096  8月 30 12:05 2011 .
drwxr-xr-x. 8 root   root   4096  8月 30 11:41 2011 ..
drwxr-xr-x  3 apache apache 4096  8月 30 12:05 2011 TestDirectory　←Windows 7側で作成したディレクトリ

# PAMの設定を変更してwheelグループのみでrootユーザにスイッチできるようにします
[root@sl6 ~]# vi /etc/pam.d/su
#%PAM-1.0
auth sufficient pam_rootok.so
# Uncomment the following line to implicitly trust users in the "wheel" group.
#auth sufficient pam_wheel.so trust use_uid
# Uncomment the following line to require a user to be in the "wheel" group.
auth required pam_wheel.so use_uid　← コメント解除
auth include system-auth
account sufficient pam_succeed_if.so uid = 0 use_uid quiet
account include system-auth
password include system-auth
session include system-auth
session optional pam_xauth.so

# 保存してviエディタを終了します

# 管理用ユーザ(sl6)をwheelグループに追加します
[root@sl6 ~]# usermod -G wheel sl6

# ログインユーザの確認をします
[sl6@sl6 ~]$ whoami
sl6

# もしrootと表示された場合一般ユーザではないので一般ユーザでログインしなおすかsuコマンドで一般ユーザにスイッチしてください

# 鍵を作成します
[sl6@sl6 ~]$ ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/home/sl6/.ssh/id_rsa):
Created directory '/home/sl6/.ssh'.
Enter passphrase (empty for no passphrase): 鍵認証用パスフレーズを入力
Enter same passphrase again: 鍵認証用パスフレーズを再度入力
Your identification has been saved in /home/sl6/.ssh/id_rsa.
Your public key has been saved in /home/sl6/.ssh/id_rsa.pub.
The key fingerprint is:
xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx sl6@sl6.sa-sa-ki.jp
The key's randomart image is:
+--[ RSA 2048]----+
| . ? . o |
| d o . +p+|
| . - + |
| .% . .|
| S.+ . .|
| a o E= |
| d * % . |
| + |
| t |
+-----------------+

# 鍵ファイルを確認します
[sl6@sl6 ~]$ ls -la .ssh
合計 16
drwx------. 2 sl6 sl6 4096 6月 26 15:06 2011 .
drwx------. 4 sl6 sl6 4096 6月 26 15:06 2011 ..
-rw-------. 1 sl6 sl6 1743 6月 26 15:06 2011 id_rsa　 　　# 秘密鍵(クライアント)
-rw-r--r--. 1 sl6 sl6 404 6月 26 15:06 2011 id_rsa.pub　# 公開鍵(サーバー)

# 公開鍵(サーバー)ファイルの名前を変更します
[sl6@sl6 ~]$ mv .ssh/id_rsa.pub ssh.authorized_keys

# 公開鍵(サーバー)ファイルのアクセス権を読み取り専用にします
[sl6@sl6 ~]$ chmod 400 .ssh/authorized_keys
[sl6@sl6 ~]$ ls -la .ssh
合計 16
drwx------. 2 sl6 sl6 4096 6月 26 15:08 2011 .
drwx------. 4 sl6 sl6 4096 6月 26 15:08 2011 ..
-r--------. 1 sl6 sl6 404 6月 26 15:06 2011 authorized_keys　← 読み取り専用になっていることを確認
-rw-------. 1 sl6 sl6 1743 6月 26 15:06 2011 id_rsa

# 秘密鍵(クライアント)は本サーバに接続したいクライアント端末にコピーしてください
# クライアントパソコンにコピーしたらサーバー上からは削除しておきます
[sl6@sl6 ~]$ rm .ssh/id_rsa

[root@sl6 ~]# vi /etc/ssh/sshd_config
# Authentication:

#LoginGraceTime 2m
PermitRootLogin no　# コメント解除してyesからnoに変更するとrootでログインできなくなります
#StrictModes yes
#MaxAuthTries 6
#MaxSessions 10

# To disable tunneled clear text passwords, change to no here!
#PasswordAuthentication yes
PermitEmptyPasswords no　# コメントを解除するとパスワードなしのログインを禁止します
PasswordAuthentication no # yesからnoに変更すると公開鍵暗号認証に変更します

X11Forwarding no　# コメントを解除します
#X11Forwarding yes　# コメント化します

# 保存してviエディタを終了します
# SSHサーバー(サービス)を再起動して設定を反映します
[root@sl6 ~]# /etc/rc.d/init.d/sshd restart
sshd を停止中: [ OK ]
sshd を起動中: [ OK ]

# 全ての端末からのSSH接続を禁止します
[root@sl6 ~]# echo "sshd: ALL" >> /etc/hosts.deny

# ローカルホスト(サーバー自身)のSSH接続を許可します
[root@sl6 ~]# echo "sshd: 127.0.0.1" >> /etc/hosts.allow

# 自宅ネットワーク内のパソコンからのSSH接続を許可します
※ yasuの自宅ネットワークは192.168.で始まるIPアドレスで構成しているので各自設定する場合は読み替えてください。
[root@sl6 ~]# echo "sshd: 192.168." >> /etc/hosts.allow

[root@sl6 ~]# yum -y install squid
sl | 3.2 kB 00:00
sl-security | 1.9 kB 00:00
Setting up Install Process
Resolving Dependencies
--> Running transaction check
---> Package squid.x86_64 7:3.1.10-1.el6 set to be updated
--> Finished Dependency Resolution

Dependencies Resolved

============================================================
Package Arch Version Repository Size
============================================================
Installing:
squid x86_64 7:3.1.10-1.el6 sl-security 1.7 M

Transaction Summary
============================================================
Install 1 Package(s)
Upgrade 0 Package(s)

Total download size: 1.7 M
Installed size: 5.8 M
Downloading Packages:
squid-3.1.10-1.el6.x86_64.rpm | 1.7 MB 00:03
Running rpm_check_debug
Running Transaction Test
Transaction Test Succeeded
Running Transaction
Installing : 7:squid-3.1.10-1.el6.x86_64 1/1

Installed:
squid.x86_64 7:3.1.10-1.el6

Complete!

[root@sl6 ~]# vi /etc/squid/squid.conf
# Example rule allowing access from your local networks.
# Adapt to list your (internal) IP networks from where browsing
# should be allowed
#acl localnet src 10.0.0.0/8 # RFC1918 possible internal network　#コメント化
#acl localnet src 172.16.0.0/12 # RFC1918 possible internal network　#コメント化
acl localnet src 192.168.0.0/16 # RFC1918 possible internal network
#acl localnet src fc00::/7 # RFC 4193 local private network range　#コメント化
#acl localnet src fe80::/10 # RFC 4291 link-local (directly plugged) machines　#コメント化

# プロキシサーバーを使っている端末のIPアドレス非表示
forwarded_for off　# 追記
# エラー時に表示するホスト名
visible_hostname sa-sa-ki.jp　# 追記
# プロキシサーバーからのアクセスであることを隠します
request_header_access Referer deny all　# 追記
request_header_access X-Forwarded-For deny all　# 追記
request_header_access Via deny all　# 追記
request_header_access Cache-Control deny all　# 追記
# Apache形式のログ出力
access_log /var/log/squid/access.log auto　# 追記
emulate_httpd_log on　# 追記

# 保存してviエディタを終了します

# Squidを起動します
[root@sl6 ~]# /etc/rc.d/init.d/squid start
squid を起動中: . [ OK ]

# Squidの自動起動設定を行います
[root@sl6 ~]# chkconfig squid on
[root@sl6 ~]# chkconfig --list squid
squid 0:off 1:off 2:on 3:on 4:on 5:on 6:off

[root@sl6 ~]# vi /etc/sysconfig/iptables
# Firewall configuration written by system-config-firewall
# Manual customization of this file is not recommended.
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 25 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 53 -j ACCEPT
-A INPUT -m state --state NEW -m udp -p udp --dport 53 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 110 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 123 -j ACCEPT
-A INPUT -m state --state NEW -m udp -p udp --dport 123 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 143 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 443 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 465 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 993 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 995 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 3128 -j ACCEPT　# 追加
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
COMMIT

# 保存してviエディタを終了します

# iptablesを再起動してファイアウォールルールを反映します
[root@sl6 ~]# /etc/rc.d/init.d/iptables restart
iptables: ファイアウォールルールを消去中: [ OK ]
iptables: チェインをポリシー ACCEPT へ設定中filter [ OK ]
iptables: モジュールを取り外し中: [ OK ]
iptables: ファイアウォールルールを適用中: [ OK ]

# Piwikをダウンロードします
[root@sl6 ~]# wget http://piwik.org/latest.zip
--2011-08-20 19:22:32-- http://piwik.org/latest.zip

piwik.org をDNSに問いあわせています... 91.121.8.168
piwik.org|91.121.8.168|:80 に接続しています... 接続しました。
HTTP による接続要求を送信しました、応答を待っています... 200 OK
長さ: 5350808 (5.1M) [application/zip]
`latest.zip' に保存中

100%[==============================>] 5,350,808 1.18M/s 時間 4.3s

2011-08-20 19:22:37 (1.18 MB/s) - `latest.zip' へ保存完了 [5350808/5350808]

# Piwikを解凍します
[root@sl6 ~]# unzip latest.zip

# ドキュメントルート直下に配置します
[root@sl6 ~]# mv piwik /var/www/html

# ディレクトリのアクセス権限を変更します
[root@sl6 ~]# chmod 777 /var/www/html/piwik/tmp
[root@sl6 ~]# chmod 777 /var/www/html/piwik/config
[root@sl6 ~]# chown -R apache.apache /var/www/html/piwik

[root@sl6 ~]# mysql -u root -p
Enter password: rootユーザのパスワード
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 352578
Server version: 5.1.52 Source distribution

Copyright (c) 2000, 2010, Oracle and/or its affiliates. All rights reserved.
This software comes with ABSOLUTELY NO WARRANTY. This is free software,
and you are welcome to modify and redistribute it under the GPL v2 license

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

# データベースを作成します
mysql> create database piwik;
Query OK, 1 row affected (0.00 sec)

# ユーザの作成・パスワードの設定、権限の付与を行います
mysql> grant all privileges on piwik.* to piwik@localhost identified by 'パスワード';
Query OK, 0 rows affected (0.00 sec)

mysql> exit
Bye

# php-dom、php-xmlパッケージをインストールします
[root@sl6 ~]# yum -y install php-dom php-xml
Setting up Install Process
Resolving Dependencies
--> Running transaction check
---> Package php-xml.x86_64 0:5.3.3-3.el6 will be installed
--> Processing Dependency: libxslt.so.1(LIBXML2_1.0.18)(64bit) for package: php-xml-5.3.3-3.el6.x86_64
--> Processing Dependency: libxslt.so.1(LIBXML2_1.0.11)(64bit) for package: php-xml-5.3.3-3.el6.x86_64
--> Processing Dependency: libxslt.so.1(LIBXML2_1.0.13)(64bit) for package: php-xml-5.3.3-3.el6.x86_64
--> Processing Dependency: libxslt.so.1(LIBXML2_1.0.24)(64bit) for package: php-xml-5.3.3-3.el6.x86_64
--> Processing Dependency: libxslt.so.1()(64bit) for package: php-xml-5.3.3-3.el6.x86_64
--> Processing Dependency: libexslt.so.0()(64bit) for package: php-xml-5.3.3-3.el6.x86_64
--> Running transaction check
---> Package libxslt.x86_64 0:1.1.26-2.el6 will be installed
--> Finished Dependency Resolution

Dependencies Resolved

============================================================
Package Arch Version Repository Size
============================================================
Installing:
php-xml x86_64 5.3.3-3.el6 sl 98 k
Installing for dependencies:
libxslt x86_64 1.1.26-2.el6 sl 449 k

Transaction Summary
============================================================
Install 2 Package(s)

Total download size: 548 k
Installed size: 2.4 M
Downloading Packages:
(1/2): libxslt-1.1.26-2.el6.x86_64.rpm | 449 kB 00:03
(2/2): php-xml-5.3.3-3.el6.x86_64.rpm | 98 kB 00:00
------------------------------------------------------------
Total 127 kB/s | 548 kB 00:04
Running rpm_check_debug
Running Transaction Test
Transaction Test Succeeded
Running Transaction
Installing : libxslt-1.1.26-2.el6.x86_64 1/2
Installing : php-xml-5.3.3-3.el6.x86_64 2/2

Installed:
php-xml.x86_64 0:5.3.3-3.el6

Dependency Installed:
libxslt.x86_64 0:1.1.26-2.el6

Complete!

# Apacheのサービスを再起動します
[root@sl6 ~]# /etc/rc.d/init.d/httpd restart
httpd を停止中: [ OK ]
httpd を起動中: [ OK ]

[root@sl6 ~]# mysql -u root -p
Enter password: rootユーザのパスワード
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 5
Server version: 5.1.52 Source distribution

Copyright (c) 2000, 2010, Oracle and/or its affiliates. All rights reserved.
This software comes with ABSOLUTELY NO WARRANTY. This is free software,
and you are welcome to modify and redistribute it under the GPL v2 license

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

# WordPress用データベースを作成します
mysql> create database testdb;
Query OK, 1 row affected (0.01 sec)

# ユーザの作成・パスワードの設定、権限の付与を行います
mysql> grant all privileges on testdb.* to testdb@localhost identified by 'パスワード';
Query OK, 0 rows affected (0.00 sec)

mysql> exit
Bye

[root@sl6 ~]# cd /var/www/html
[root@sl6 html]# wget http://ja.wordpress.org/wordpress-3.2.1-ja.zip
--2011-08-22 15:03:06-- http://ja.wordpress.org/wordpress-3.2.1-ja.zip
ja.wordpress.org をDNSに問いあわせています... 72.233.56.138, 72.233.56.139
ja.wordpress.org|72.233.56.138|:80 に接続しています... 接続しました。
HTTP による接続要求を送信しました、応答を待っています... 200 OK
長さ: 4408804 (4.2M) [application/octet-stream]
`wordpress-3.2.1-ja.zip' に保存中

100%[===================================>] 4,408,804 1.00M/s 時間 5.0s

2011-08-22 15:03:12 (853 KB/s) - `wordpress-3.2.1-ja.zip' へ保存完了 [4408804/4408804]

# ダウンロードしたWordPressを解凍します
[root@sl6 html]# unzip wordpress-3.2.1-ja.zip

# wordpressディレクトリをApacheユーザでアクセスできるようアクセス権を変更します
[root@sl6 html]# chown -R apache.apache wordpress

[root@sl6 ~]# vi /var/www/html/wordpress/wp-config.php
?php
/**
* The base configurations of the WordPress.
*
* このファイルは、MySQL、テーブル接頭辞、秘密鍵、言語、ABSPATH の設定を含みます。
* より詳しい情報は {@link http://wpdocs.sourceforge.jp/wp-config.php_%E3%81%AE%E7%B7%A8%E9%9B%86
* wp-config.php の編集} を参照してください。MySQL の設定情報はホスティング先より入手できます。
*
* このファイルはインストール時に wp-config.php 作成ウィザードが利用します。
* ウィザードを介さず、このファイルを "wp-config.php" という名前でコピーして直接編集し値を
* 入力してもかまいません。
*
* @package WordPress
*/

// 注意:
// Windows の "メモ帳" でこのファイルを編集しないでください !
// 問題なく使えるテキストエディタ
// (http://wpdocs.sourceforge.jp/Codex:%E8%AB%87%E8%A9%B1%E5%AE%A4 参照)
// を使用し、必ず UTF-8 の BOM なし (UTF-8N) で保存してください。

// ** MySQL 設定 - こちらの情報はホスティング先から入手してください。 ** //
/** WordPress のためのデータベース名 */
define('DB_NAME', 'testdb');

/** MySQL データベースのユーザー名 */
define('DB_USER', 'testdb');

/** MySQL データベースのパスワード */
define('DB_PASSWORD', 'パスワード');

/** MySQL のホスト名 */
define('DB_HOST', 'localhost');

/** データベースのテーブルを作成する際のデータベースのキャラクターセット */
define('DB_CHARSET', 'utf8');

/** データベースの照合順序 (ほとんどの場合変更する必要はありません) */
define('DB_COLLATE', '');

/** 管理者サイト強制SSL */
define('FORCE_SSL_ADMIN', true);

～　省略　～

# 保存してviエディタを終了します

# 作業用ディレクトリを作成します
[root@sl6 ~]# cd /etc/pki/tls
[root@sl6 tls]# mkdir www

# 設定ファイルを作業用ディレクトリにコピーします
[root@sl6 tls]# cp openssl.cnf ./www
[root@sl6 tls]# cd www

# 作業用ディレクトリの内容を確認しておきます
[root@sl6 www]# ls -la
合計 20
drwxr-xr-x. 2 root root 4096 6月 22 12:16 2011 .
drwxr-xr-x. 7 root root 4096 6月 22 12:16 2011 ..
-rw-r--r--. 1 root root 10906 6月 22 12:16 2011 openssl.cnf

# コピーしてきたopenssl.cnfファイルがあることを確認します

# 設定ファイルを編集します
[root@sl6 www]# vi openssl.cnf
# 42行目～44行目、48行目、55行目～56行目を修正します
dir = . # Where everything is kept　# /etc/pki/CA から . に変更
certs = $dir # Where the issued certs are kept　# $dir/certs から $dir に変更
crl_dir = $dir # Where the issued crl are kept　# $dir/crl から $dir に変更

new_certs_dir = $dir # default place for new certs.　# $dir/newcerts から $dir に変更

private_key = $dir/cakey.pem # The private key　# $dir/private/cakey.pem から $dir/cakey.pem に変更
RANDFILE = $dir/.rand # private random number file　# $dir/private/.rand から $dir/.rand に変更

# 保存してviエディタを終了します

# index.txtという空ファイルと01と書き込んだserialファイルを作成します
[root@sl6 www]# touch index.txt
[root@sl6 www]# echo 01 > serial

# 作業用ディレクトリの内容を確認しておきます
[root@sl6 www]# ls -la
合計 24
drwxr-xr-x. 2 root root 4096 6月 22 12:18 2011 .
drwxr-xr-x. 7 root root 4096 6月 22 12:16 2011 ..
-rw-r--r--. 1 root root 0 6月 22 12:18 2011 index.txt
-rw-r--r--. 1 root root 10867 6月 22 12:18 2011 openssl.cnf
-rw-r--r--. 1 root root 3 6月 22 12:18 2011 serial

# index.txtファイルとserialファイルがあることを確認します

[root@sl6 www]# openssl genrsa -out ./cakey.pem -des3 2048
Generating RSA private key, 2048 bit long modulus
............................++++++
....................++++++
e is 65537 (0x10001)
Enter pass phrase for ./cakey.pem: パスフレーズを入力
Verifying - Enter pass phrase for ./cakey.pem: パスフレーズを再入力

# 作業用ディレクトリの内容を確認しておきます
[root@sl6 www]# ls -la
合計 28
drwxr-xr-x. 2 root root 4096 6月 22 12:19 2011 .
drwxr-xr-x. 7 root root 4096 6月 22 12:16 2011 ..
-rw-r--r--. 1 root root 963 6月 22 12:19 2011 cakey.pem
-rw-r--r--. 1 root root 0 6月 22 12:18 2011 index.txt
-rw-r--r--. 1 root root 10867 6月 22 12:18 2011 openssl.cnf
-rw-r--r--. 1 root root 3 6月 22 12:18 2011 serial

# 認証局の秘密鍵ファイル[cakey.pem]が作成されたことを確認します

[root@sl6 www]# openssl req -new -x509 -days 3650 -config ./openssl.cnf -key ./cakey.pem -out ./cacert.pem
Enter pass phrase for ./cakey.pem:
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:JP　# 日本なのでJP
State or Province Name (full name) []:chiba　# 都道府県
Locality Name (eg, city) [Default City]:urayasu　# 市区町村
Organization Name (eg, company) [Default Company Ltd]:sa-sa-ki.jp　# 会社とかないのでとりあえずドメイン名
Organizational Unit Name (eg, section) []: 入力せずEnter
Common Name (eg, your name or your server's hostname) []:www.sa-sa-ki.jp　# ウェブサーバーのFQDN名
Email Address []:入力せずEnter

# 作業用ディレクトリの内容を確認しておきます
[root@sl6 www]# ls -la
合計 32
drwxr-xr-x. 2 root root 4096 6月 22 12:21 2011 .
drwxr-xr-x. 7 root root 4096 6月 22 12:16 2011 ..
-rw-r--r--. 1 root root 944 6月 22 12:21 2011 cacert.pem
-rw-r--r--. 1 root root 963 6月 22 12:19 2011 cakey.pem
-rw-r--r--. 1 root root 0 6月 22 12:18 2011 index.txt
-rw-r--r--. 1 root root 10867 6月 22 12:18 2011 openssl.cnf
-rw-r--r--. 1 root root 3 6月 22 12:18 2011 serial

# 認証局の証明書ファイル[cacert.pem]が作成されたことを確認します

[root@sl6 www]# openssl genrsa -out ./server.key -des3 2048
Generating RSA private key, 2048 bit long modulus
.....++++++
.................++++++
e is 65537 (0x10001)
Enter pass phrase for ./server.key: パスフレーズ入力
Verifying - Enter pass phrase for ./server.key: パスフレーズ再入力

# メールサーバーにSSLでアクセスした時に毎回パスフレーズを聞かれないようにパスフレーズ付きサーバー秘密鍵を作成します
[root@sl6 www]# openssl rsa -in ./server.key -out ./server.key
Enter pass phrase for ./server.key: server.keyファイル作成時のパスフレーズ入力
writing RSA key

# 作業用ディレクトリの内容を確認しておきます
[root@sl6 www]# ls -la
合計 36
drwxr-xr-x. 2 root root 4096 6月 22 12:21 2011 .
drwxr-xr-x. 7 root root 4096 6月 22 12:16 2011 ..
-rw-r--r--. 1 root root 944 6月 22 12:21 2011 cacert.pem
-rw-r--r--. 1 root root 963 6月 22 12:19 2011 cakey.pem
-rw-r--r--. 1 root root 0 6月 22 12:18 2011 index.txt
-rw-r--r--. 1 root root 10867 6月 22 12:18 2011 openssl.cnf
-rw-r--r--. 1 root root 3 6月 22 12:18 2011 serial
-rw-r--r--. 1 root root 887 6月 22 12:21 2011 server.key

# サーバー秘密鍵ファイル[server.key]が作成されたことを確認します

[root@sl6 www]# openssl req -new -days 3650 -config ./openssl.cnf -key ./server.key -out ./server.csr
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:JP
State or Province Name (full name) []:chiba
Locality Name (eg, city) [Default City]:urayasu
Organization Name (eg, company) [Default Company Ltd]:sa-sa-ki.jp
Organizational Unit Name (eg, section) []: 入力せずEnter
Common Name (eg, your name or your server's hostname) []:www.sa-sa-ki.jp
Email Address []: 入力せずEnter

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []: 入力せずEnter
An optional company name []: 入力せずEnter

# 作業用ディレクトリの内容を確認しておきます
[root@sl6 www]# ls -la
合計 40
drwxr-xr-x. 2 root root 4096 6月 22 12:22 2011 .
drwxr-xr-x. 7 root root 4096 6月 22 12:16 2011 ..
-rw-r--r--. 1 root root 944 6月 22 12:21 2011 cacert.pem
-rw-r--r--. 1 root root 963 6月 22 12:19 2011 cakey.pem
-rw-r--r--. 1 root root 0 6月 22 12:18 2011 index.txt
-rw-r--r--. 1 root root 10867 6月 22 12:18 2011 openssl.cnf
-rw-r--r--. 1 root root 3 6月 22 12:18 2011 serial
-rw-r--r--. 1 root root 639 6月 22 12:22 2011 server.csr
-rw-r--r--. 1 root root 887 6月 22 12:21 2011 server.key

# サーバー証明要求書ファイル[server.csr]が作成されたことを確認します

[root@sl6 www]# openssl ca -config ./openssl.cnf -days 3650 -in ./server.csr -keyfile ./cakey.pem -cert ./cacert.pem -out ./server.cer

Using configuration from ./openssl.cnf
Enter pass phrase for ./cakey.pem: cakey.pemのパスフレーズを入力します
Check that the request matches the signature
Signature ok
Certificate Details:
        Serial Number: 1 (0x1)
        Validity
            Not Before: Jun 22 03:23:28 2011 GMT
            Not After : Jun 19 03:23:28 2021 GMT
        Subject:
            countryName               = JP
            stateOrProvinceName       = chiba
            organizationName          = sa-sa-ki.jp
            commonName                = www.sa-sa-ki.jp
        X509v3 extensions:
            X509v3 Basic Constraints:
                CA:FALSE
            Netscape Comment:
                OpenSSL Generated Certificate
            X509v3 Subject Key Identifier:
                xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx
            X509v3 Authority Key Identifier:
                keyid:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx

Certificate is to be certified until Jun 19 03:23:28 2021 GMT (3650 days)
Sign the certificate? [y/n]:y

1 out of 1 certificate requests certified, commit? [y/n]y
Write out database with 1 new entries
Data Base Updated

# 作業用ディレクトリの内容を確認しておきます
[root@sl6 www]# ls -la
合計 60
drwxr-xr-x. 2 root root 4096 6月 22 12:23 2011 .
drwxr-xr-x. 7 root root 4096 6月 22 12:16 2011 ..
-rw-r--r--. 1 root root 3039 6月 22 12:23 2011 01.pem
-rw-r--r--. 1 root root 944 6月 22 12:21 2011 cacert.pem
-rw-r--r--. 1 root root 963 6月 22 12:19 2011 cakey.pem
-rw-r--r--. 1 root root 76 6月 22 12:23 2011 index.txt
-rw-r--r--. 1 root root 21 6月 22 12:23 2011 index.txt.attr
-rw-r--r--. 1 root root 0 6月 22 12:18 2011 index.txt.old
-rw-r--r--. 1 root root 10867 6月 22 12:18 2011 openssl.cnf
-rw-r--r--. 1 root root 3 6月 22 12:23 2011 serial
-rw-r--r--. 1 root root 3 6月 22 12:18 2011 serial.old
-rw-r--r--. 1 root root 3039 6月 22 12:23 2011 server.cer
-rw-r--r--. 1 root root 639 6月 22 12:22 2011 server.csr
-rw-r--r--. 1 root root 887 6月 22 12:21 2011 server.key

# サーバー証明書ファイル[server.cer]が作成されたことを確認します

# 各ファイルをrootユーザ読み取り専用に権限を変更します
[root@sl6 www]# chmod 400 *

# 作業用ディレクトリの内容を確認しておきます
[root@sl6 www]# ls -la
合計 60
drwxr-xr-x. 2 root root 4096 6月 22 12:23 2011 .
drwxr-xr-x. 7 root root 4096 6月 22 12:16 2011 ..
-r--------. 1 root root 3039 6月 22 12:23 2011 01.pem
-r--------. 1 root root 944 6月 22 12:21 2011 cacert.pem
-r--------. 1 root root 963 6月 22 12:19 2011 cakey.pem
-r--------. 1 root root 76 6月 22 12:23 2011 index.txt
-r--------. 1 root root 21 6月 22 12:23 2011 index.txt.attr
-r--------. 1 root root 0 6月 22 12:18 2011 index.txt.old
-r--------. 1 root root 10867 6月 22 12:18 2011 openssl.cnf
-r--------. 1 root root 3 6月 22 12:23 2011 serial
-r--------. 1 root root 3 6月 22 12:18 2011 serial.old
-r--------. 1 root root 3039 6月 22 12:23 2011 server.cer
-r--------. 1 root root 639 6月 22 12:22 2011 server.csr
-r--------. 1 root root 887 6月 22 12:21 2011 server.key

# 全ファイルの権限が読み取りのみになっていることを確認しておきます

[root@sl6 www]# vi /etc/httpd/conf.d/ssl.conf
##
## SSL Virtual Host Context
##

# General setup for the virtual host, inherited from global configuration
DocumentRoot "/var/www/html"　# コメント解除
ServerName www.sa-sa-ki.jp:443　# コメント解除とドメイン名をwww.example.comからwww.sa-sa-ki.jpに変更

****************　以下追加　****************
#
# The following directives define some format nicknames for use with
# a CustomLog directive (see below).
#
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
LogFormat "%h %l %u %t \"%r\" %>s %b" common
LogFormat "%{Referer}i -> %U" referer
LogFormat "%{User-agent}i" agent

#
# For a single logfile with access, agent, and referer information
# (Combined Logfile Format), use the following directive:
#
CustomLog logs/ssl_access_log combined
****************　以下追加終わり　****************

# Server Certificate:
# Point SSLCertificateFile at a PEM encoded certificate. If
# the certificate is encrypted, then you will be prompted for a
# pass phrase. Note that a kill -HUP will prompt again. A new
# certificate can be generated using the genkey(1) command.
SSLCertificateFile /etc/pki/tls/www/server.cer　#/etc/pki/tls/certs/localhost.crtから/etc/pki/tls/www/server.cerに変更

# Server Private Key:
# If the key is not combined with the certificate, use this
# directive to point at the key file. Keep in mind that if
# you've both a RSA and a DSA private key you can configure
# both in parallel (to also allow the use of DSA ciphers, etc.)
SSLCertificateKeyFile /etc/pki/tls/www/server.key　# /etc/pki/tls/private/localhost.keyから/etc/pki/tls/www/server.keyに変更

# 保存してviエディタを終了します

Apacheを再起動して設定ファイルを反映します
[root@sl6 www]# /etc/rc.d/init.d/httpd restart
httpd を停止中: [ OK ]
httpd を起動中: [ OK ]

[root@sl6 www]# vi /etc/sysconfig/iptables
# Firewall configuration written by system-config-firewall
# Manual customization of this file is not recommended.
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 25 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 53 -j ACCEPT
-A INPUT -m state --state NEW -m udp -p udp --dport 53 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 110 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 123 -j ACCEPT
-A INPUT -m state --state NEW -m udp -p udp --dport 123 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 143 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 443 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 465 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 993 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 995 -j ACCEPT
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
COMMIT

# 保存してviエディタを終了します

# iptablesを再起動して設定を反映します
[root@sl6 www]# /etc/rc.d/init.d/iptables restart
iptables: ファイアウォールルールを消去中: [ OK ]
iptables: チェインをポリシー ACCEPT へ設定中filter [ OK ]
iptables: モジュールを取り外し中: [ OK ]
iptables: ファイアウォールルールを適用中: [ OK ]

[root@sl6 ~]# yum -y install httpd php php-mbstring mod_ssl mysql-server php-mysql php-gd
Setting up Install Process
Resolving Dependencies
--> Running transaction check
---> Package httpd.x86_64 0:2.2.15-5.sl6 set to be updated
--> Processing Dependency: httpd-tools = 2.2.15-5.sl6 for package: httpd-2.2.15-5.sl6.x86_64
--> Processing Dependency: /etc/mime.types for package: httpd-2.2.15-5.sl6.x86_64
--> Processing Dependency: apr-util-ldap for package: httpd-2.2.15-5.sl6.x86_64
--> Processing Dependency: libaprutil-1.so.0()(64bit) for package: httpd-2.2.15-5.sl6.x86_64
--> Processing Dependency: libapr-1.so.0()(64bit) for package: httpd-2.2.15-5.sl6.x86_64
---> Package mod_ssl.x86_64 1:2.2.15-5.sl6 set to be updated
---> Package mysql-server.x86_64 0:5.1.52-1.el6_0.1 set to be updated
--> Processing Dependency: mysql = 5.1.52-1.el6_0.1 for package: mysql-server-5.1.52-1.el6_0.1.x86_64
--> Processing Dependency: perl-DBD-MySQL for package: mysql-server-5.1.52-1.el6_0.1.x86_64
--> Processing Dependency: perl(DBI) for package: mysql-server-5.1.52-1.el6_0.1.x86_64
--> Processing Dependency: perl-DBI for package: mysql-server-5.1.52-1.el6_0.1.x86_64
---> Package php.x86_64 0:5.3.2-6.el6_0.1 set to be updated
--> Processing Dependency: php-cli = 5.3.2-6.el6_0.1 for package: php-5.3.2-6.el6_0.1.x86_64
--> Processing Dependency: php-common = 5.3.2-6.el6_0.1 for package: php-5.3.2-6.el6_0.1.x86_64
---> Package php-gd.x86_64 0:5.3.2-6.el6_0.1 set to be updated
--> Processing Dependency: libXpm.so.4()(64bit) for package: php-gd-5.3.2-6.el6_0.1.x86_64
---> Package php-mbstring.x86_64 0:5.3.2-6.el6_0.1 set to be updated
---> Package php-mysql.x86_64 0:5.3.2-6.el6_0.1 set to be updated
--> Processing Dependency: php-pdo for package: php-mysql-5.3.2-6.el6_0.1.x86_64
--> Running transaction check
---> Package apr.x86_64 0:1.3.9-3.el6_1.2 set to be updated
---> Package apr-util.x86_64 0:1.3.9-3.el6_0.1 set to be updated
---> Package apr-util-ldap.x86_64 0:1.3.9-3.el6_0.1 set to be updated
---> Package httpd-tools.x86_64 0:2.2.15-5.sl6 set to be updated
---> Package libXpm.x86_64 0:3.5.8-2.el6 set to be updated
---> Package mailcap.noarch 0:2.1.31-1.1.el6 set to be updated
---> Package mysql.x86_64 0:5.1.52-1.el6_0.1 set to be updated
---> Package perl-DBD-MySQL.x86_64 0:4.013-3.el6 set to be updated
---> Package perl-DBI.x86_64 0:1.609-4.el6 set to be updated
---> Package php-cli.x86_64 0:5.3.2-6.el6_0.1 set to be updated
---> Package php-common.x86_64 0:5.3.2-6.el6_0.1 set to be updated
---> Package php-pdo.x86_64 0:5.3.2-6.el6_0.1 set to be updated
--> Finished Dependency Resolution

Dependencies Resolved

============================================================
Package Arch Version Repository Size
============================================================
Installing:
httpd x86_64 2.2.15-5.sl6 sl 810 k
mod_ssl x86_64 1:2.2.15-5.sl6 sl 84 k
mysql-server x86_64 5.1.52-1.el6_0.1 sl-security 8.1 M
php x86_64 5.3.2-6.el6_0.1 sl-security 1.1 M
php-gd x86_64 5.3.2-6.el6_0.1 sl-security 102 k
php-mbstring x86_64 5.3.2-6.el6_0.1 sl-security 503 k
php-mysql x86_64 5.3.2-6.el6_0.1 sl-security 75 k
Installing for dependencies:
apr x86_64 1.3.9-3.el6_1.2 sl-security 122 k
apr-util x86_64 1.3.9-3.el6_0.1 sl-security 86 k
apr-util-ldap x86_64 1.3.9-3.el6_0.1 sl-security 15 k
httpd-tools x86_64 2.2.15-5.sl6 sl 67 k
libXpm x86_64 3.5.8-2.el6 sl 58 k
mailcap noarch 2.1.31-1.1.el6 sl 26 k
mysql x86_64 5.1.52-1.el6_0.1 sl-security 888 k
perl-DBD-MySQL x86_64 4.013-3.el6 sl 133 k
perl-DBI x86_64 1.609-4.el6 sl 704 k
php-cli x86_64 5.3.2-6.el6_0.1 sl-security 2.2 M
php-common x86_64 5.3.2-6.el6_0.1 sl-security 515 k
php-pdo x86_64 5.3.2-6.el6_0.1 sl-security 71 k

Transaction Summary
============================================================
Install 19 Package(s)
Upgrade 0 Package(s)

Total download size: 16 M
Installed size: 47 M
Downloading Packages:
(1/19): apr-1.3.9-3.el6_1.2.x86_64.rpm | 122 kB 00:01
(2/19): apr-util-1.3.9-3.el6_0.1.x86_64.rpm | 86 kB 00:00
(3/19): apr-util-ldap-1.3.9-3.el6_0.1.x86_64.rpm | 15 kB 00:00
(4/19): httpd-2.2.15-5.sl6.x86_64.rpm | 810 kB 00:00
(5/19): httpd-tools-2.2.15-5.sl6.x86_64.rpm | 67 kB 00:00
(6/19): libXpm-3.5.8-2.el6.x86_64.rpm | 58 kB 00:00
(7/19): mailcap-2.1.31-1.1.el6.noarch.rpm | 26 kB 00:00
(8/19): mod_ssl-2.2.15-5.sl6.x86_64.rpm | 84 kB 00:00
(9/19): mysql-5.1.52-1.el6_0.1.x86_64.rpm | 888 kB 00:00
(10/19): mysql-server-5.1.52-1.el6_0.1.x86_64.rpm | 8.1 MB 00:18
(11/19): perl-DBD-MySQL-4.013-3.el6.x86_64.rpm | 133 kB 00:00
(12/19): perl-DBI-1.609-4.el6.x86_64.rpm | 704 kB 00:01
(13/19): php-5.3.2-6.el6_0.1.x86_64.rpm | 1.1 MB 00:04
(14/19): php-cli-5.3.2-6.el6_0.1.x86_64.rpm | 2.2 MB 00:14
(15/19): php-common-5.3.2-6.el6_0.1.x86_64.rpm | 515 kB 00:03
(16/19): php-gd-5.3.2-6.el6_0.1.x86_64.rpm | 102 kB 00:00
(17/19): php-mbstring-5.3.2-6.el6_0.1.x86_64.rpm | 503 kB 00:01
(18/19): php-mysql-5.3.2-6.el6_0.1.x86_64.rpm | 75 kB 00:00
(19/19): php-pdo-5.3.2-6.el6_0.1.x86_64.rpm | 71 kB 00:00
------------------------------------------------------------
Total 306 kB/s | 16 MB 00:51
Running rpm_check_debug
Running Transaction Test
Transaction Test Succeeded
Running Transaction
Installing : php-common-5.3.2-6.el6_0.1.x86_64 1/19
Installing : apr-1.3.9-3.el6_1.2.x86_64 2/19
Installing : apr-util-1.3.9-3.el6_0.1.x86_64 3/19
Installing : perl-DBI-1.609-4.el6.x86_64 4/19
Installing : perl-DBD-MySQL-4.013-3.el6.x86_64 5/19
Installing : httpd-tools-2.2.15-5.sl6.x86_64 6/19
Installing : apr-util-ldap-1.3.9-3.el6_0.1.x86_64 7/19
Installing : php-cli-5.3.2-6.el6_0.1.x86_64 8/19
Installing : php-pdo-5.3.2-6.el6_0.1.x86_64 9/19
Installing : mysql-5.1.52-1.el6_0.1.x86_64 10/19
Installing : libXpm-3.5.8-2.el6.x86_64 11/19
Installing : mailcap-2.1.31-1.1.el6.noarch 12/19
Installing : httpd-2.2.15-5.sl6.x86_64 13/19
Installing : 1:mod_ssl-2.2.15-5.sl6.x86_64 14/19
Installing : php-5.3.2-6.el6_0.1.x86_64 15/19
Installing : php-gd-5.3.2-6.el6_0.1.x86_64 16/19
Installing : mysql-server-5.1.52-1.el6_0.1.x86_64 17/19
Installing : php-mysql-5.3.2-6.el6_0.1.x86_64 18/19
Installing : php-mbstring-5.3.2-6.el6_0.1.x86_64 19/19

Installed:
httpd.x86_64 0:2.2.15-5.sl6 mod_ssl.x86_64 1:2.2.15-5.sl6 mysql-server.x86_64 0:5.1.52-1.el6_0.1 php.x86_64 0:5.3.2-6.el6_0.1 php-gd.x86_64 0:5.3.2-6.el6_0.1
php-mbstring.x86_64 0:5.3.2-6.el6_0.1 php-mysql.x86_64 0:5.3.2-6.el6_0.1

Dependency Installed:
apr.x86_64 0:1.3.9-3.el6_1.2 apr-util.x86_64 0:1.3.9-3.el6_0.1 apr-util-ldap.x86_64 0:1.3.9-3.el6_0.1 httpd-tools.x86_64 0:2.2.15-5.sl6 libXpm.x86_64 0:3.5.8-2.el6
mailcap.noarch 0:2.1.31-1.1.el6 mysql.x86_64 0:5.1.52-1.el6_0.1 perl-DBD-MySQL.x86_64 0:4.013-3.el6 perl-DBI.x86_64 0:1.609-4.el6 php-cli.x86_64 0:5.3.2-6.el6_0.1
php-common.x86_64 0:5.3.2-6.el6_0.1 php-pdo.x86_64 0:5.3.2-6.el6_0.1

Complete!

[root@sl6 ~]# vi /etc/httpd/conf/httpd.conf
#
# Don't give away too much information about all the subcomponents
# we are running. Comment out this line if you don't mind remote sites
# finding out what major optional modules you are running
# HTTPヘッダーやエラーページにApacheのバージョンやOSの情報が表示されないようにOS から Prod に変更
ServerTokens Prod　# OSからProdに変更

#
# ServerAdmin: Your address, where problems with the server should be
# e-mailed. This address appears on some server-generated pages, such
# as error documents. e.g. admin@your-domain.com
#
# 管理者メールアドレスを変更します
ServerAdmin root@sa-sa-ki.jp　# ドメイン名をlocalhostからsa-sa-ki.jpに変更

#
# ServerName gives the name and port that the server uses to identify itself.
# This can often be determined automatically, but we recommend you specify
# it explicitly to prevent problems during startup.
#
# If this is not set to valid DNS name for your host, server-generated
# redirections will not work. See also the UseCanonicalName directive.
#
# If your host doesn't have a registered DNS name, enter its IP address here.
# You will have to access it by its address anyway, and this will make
# redirections work in a sensible way.
#
# FQDNを変更します
ServerName www.sa-sa-ki.jp:80　# コメント解除してWebサーバーのFQDNに変更

#
# Each directory to which Apache has access can be configured with respect
# to which services and features are allowed and/or disabled in that
# directory (and its subdirectories).
#
# First, we configure the "default" to be a very restrictive set of
# features.
#

Options None　# FollowSymLinksからNoneに変更
AllowOverride None
Order deny,allow　# 追加
　　Deny from all# 追加

#
# This should be changed to whatever you set DocumentRoot to.
#

#
# Possible values for the Options directive are "None", "All",
# or any combination of:
# Indexes Includes FollowSymLinks SymLinksifOwnerMatch ExecCGI MultiViews
#
# Note that "MultiViews" must be named *explicitly* --- "Options All"
# doesn't give it to you.
#
# The Options directive is both complicated and important. Please see
# http://httpd.apache.org/docs/2.2/mod/core.html#options
# for more information.
#
# ドキュメントルートのファイル一覧を表示しないようにします
Options ExecCGI FollowSymLinks　# IndexesからExecCGIに変更

#
# AllowOverride controls what directives may be placed in .htaccess files.
# It can be "All", "None", or any combination of the keywords:
# Options FileInfo AuthConfig Limit
#
# NoneからAllに変更してファイルアクセス(.htaccess)の使用可能な指示子を全て許可にします
AllowOverride All　# NoneからAllに変更

#
# Controls who can get stuff from this server.
#
Order allow,deny
Allow from all

#
# AddHandler allows you to map certain file extensions to "handlers":
# actions unrelated to filetype. These can be either built into the server
# or added with the Action directive (see below)
#
# To use CGI scripts outside of ScriptAliased directories:
# (You will also need to add "ExecCGI" to the "Options" directive.)
#
# CGIスクリプトに拡張子.plを追加します
AddHandler cgi-script .cgi .pl　# コメント解除して.plを追加

#
# Optionally add a line containing the server version and virtual host
# name to server-generated pages (internal error documents, FTP directory
# listings, mod_status and mod_info output etc., but not CGI generated
# documents or custom error documents).
# Set to "EMail" to also include a mailto: link to the ServerAdmin.
# Set to one of: On | Off | EMail
#
# エラーページにApacheのバージョンを表示しないようにOn から Off に変更
ServerSignature Off　# OnからOffに変更

#
# Aliases: Add here as many aliases as you need (with no limit). The format is
# Alias fakename realname
#
# Note that if you include a trailing / on fakename then the server will
# require it to be present in the URL. So "/icons" isn't aliased in this
# example, only "/icons/". If the fakename is slash-terminated, then the
# realname must also be slash terminated, and if the fakename omits the
# trailing slash, the realname must also omit it.
#
# We include the /icons/ alias for FancyIndexed directory listings. If you
# do not use FancyIndexing, you may comment this out.
#
Alias /icons/ "/var/www/icons/"

# Options Indexesを削除してiconsディレクトリのファイル一覧を表示しないようにします
Options MultiViews FollowSymLinks　# Indexesを削除
AllowOverride None
Order allow,deny
Allow from all

# 保存してviエディタを終了します

[root@sl6 ~]# chown -R apache.apache /var/www
[root@sl6 ~]# ls -la /var/www
合計 24
drwxr-xr-x. 6 apache apache 4096 6月 18 20:35 2011 .
drwxr-xr-x. 22 root root 4096 6月 18 20:35 2011 ..
drwxr-xr-x. 2 apache apache 4096 11月 24 01:37 2010 cgi-bin
drwxr-xr-x. 3 apache apache 4096 6月 18 20:35 2011 error
drwxr-xr-x. 2 apache apache 4096 11月 24 01:37 2010 html
drwxr-xr-x. 3 apache apache 4096 6月 18 20:35 2011 icons

# 所有者・所有グループがapacheになっていることを確認する

[root@sl6 ~]# vi /etc/php.ini
;;;;;;;;;;;;;;;;;
; Miscellaneous ;
;;;;;;;;;;;;;;;;;

; Decides whether PHP may expose the fact that it is installed on the server
; (e.g. by adding its signature to the Web server header). It is no security
; threat in any way, but it makes it possible to determine whether you use PHP
; on your server or not.
; http://www.php.net/manual/en/ini.core.php#ini.expose-php
# HTTPヘッダーにPHPのバージョンを表示しないようにOn から Off に変更
expose_php = Off　# OnからOffに変更

;;;;;;;;;;;;;;;;
; File Uploads ;
;;;;;;;;;;;;;;;;

; Whether to allow HTTP file uploads.
; http://www.php.net/manual/en/ini.core.php#ini.file-uploads
file_uploads = On

; Temporary directory for HTTP uploaded files (will use system default if not
; specified).
; http://www.php.net/manual/en/ini.core.php#ini.upload-tmp-dir
;upload_tmp_dir =

; Maximum allowed size for uploaded files.
; http://www.php.net/manual/en/ini.core.php#ini.upload-max-filesize
# WordPressでアップロード可能なファイルサイズを10MBに変更
upload_max_filesize = 10M　# 2Mから10Mに変更

# 保存してviエディタを終了します

[root@sl6 ~]# vi /etc/sysconfig/iptables
# Firewall configuration written by system-config-firewall
# Manual customization of this file is not recommended.
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 25 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 53 -j ACCEPT
-A INPUT -m state --state NEW -m udp -p udp --dport 53 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT　# 追加
-A INPUT -m state --state NEW -m tcp -p tcp --dport 110 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 123 -j ACCEPT
-A INPUT -m state --state NEW -m udp -p udp --dport 123 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 143 -j ACCEPT
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
COMMIT

# 保存してviエディタを終了します

[root@sl6 ~]# /etc/rc.d/init.d/iptables restart
iptables: ファイアウォールルールを消去中: [ OK ]
iptables: チェインをポリシー ACCEPT へ設定中filter [ OK ]
iptables: モジュールを取り外し中: [ OK ]
iptables: ファイアウォールルールを適用中: [ OK ]

[root@sl6 ~]# /etc/rc.d/init.d/httpd start
httpd を起動中: [ OK ]

[root@sl6 ~]# chkconfig httpd on
[root@sl6 ~]# chkconfig --list | grep httpd
httpd 0:off 1:off 2:on 3:on 4:on 5:on 6:off

# MySQL初回起動時に名前解決ができずエラーが発生したのでhostsファイルにホスト名を追記

[root@sl6 ~]# vi /etc/hosts
127.0.0.1   sl6.sa-sa-ki.jp localhost localhost.localdomain localhost4 localhost4.localdomain4　# ホスト名を追加（先頭に追加）
::1         localhost localhost.localdomain localhost6 localhost6.localdomain6

# 保存してviエディタを終了します

# MySQL起動
[root@sl6 ~]# /etc/rc.d/init.d/mysqld start
MySQL データベースを初期化中:  Installing MySQL system tables...

To start mysqld at boot time you have to copy
support-files/mysql.server to the right place for your system

PLEASE REMEMBER TO SET A PASSWORD FOR THE MySQL root USER !
To do so, start the server, then issue the following commands:

/usr/bin/mysqladmin -u root password 'new-password'
/usr/bin/mysqladmin -u root -h sl6.sa-sa-ki.jp password 'new-password'

Alternatively you can run:
/usr/bin/mysql_secure_installation

which will also give you the option of removing the test
databases and anonymous user created by default.  This is
strongly recommended for production servers.

See the manual for more instructions.

You can start the MySQL daemon with:
cd /usr ; /usr/bin/mysqld_safe &

You can test the MySQL daemon with mysql-test-run.pl
cd /usr/mysql-test ; perl mysql-test-run.pl

Please report any problems with the /usr/bin/mysqlbug script!

                                                           [  OK  ]
mysqld を起動中:                                           [  OK  ]

# MySQL自動起動設定
[root@sl6 ~]# chkconfig mysqld on
[root@sl6 ~]# chkconfig --list mysqld
mysqld          0:off   1:off   2:on    3:on    4:on    5:on    6:off

# MySQL初期設定
# MySQLにrootでログインします
[root@sl6 ~]# mysql -u root
Welcome to the MySQL monitor.  Commands end with ; or \g.
Your MySQL connection id is 2
Server version: 5.1.52 Source distribution

Copyright (c) 2000, 2010, Oracle and/or its affiliates. All rights reserved.
This software comes with ABSOLUTELY NO WARRANTY. This is free software,
and you are welcome to modify and redistribute it under the GPL v2 license

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

# ユーザー一覧を検索します
mysql> select user,host,password from mysql.user;
+------+-----------------+----------+
| user | host            | password |
+------+-----------------+----------+
| root | localhost       |          |
| root | sl6.sa-sa-ki.jp |          |
| root | 127.0.0.1       |          |
|      | localhost       |          |
|      | sl6.sa-sa-ki.jp |          |
+------+-----------------+----------+
5 rows in set (0.00 sec)

# パスワードを登録していきます
mysql> set password for root@localhost=password('パスワード');
Query OK, 0 rows affected (0.00 sec)

mysql> set password for root@"sl6.sa-sa-ki.jp"=password('パスワード');
Query OK, 0 rows affected (0.00 sec)

mysql> set password for root@127.0.0.1=password('パスワード');
Query OK, 0 rows affected (0.00 sec)

mysql> select user,host,password from mysql.user;
+------+-----------------+-------------------------------------------+
| user | host            | password                                  |
+------+-----------------+-------------------------------------------+
| root | localhost       | *パスワード |
| root | sl6.sa-sa-ki.jp | *パスワード |
| root | 127.0.0.1       | *パスワード |
|      | localhost       |                                           |
|      | sl6.sa-sa-ki.jp |                                           |
+------+-----------------+-------------------------------------------+
5 rows in set (0.00 sec)

mysql> exit
bye

# rootユーザでログインします
[root@sl6 ~]# mysql -u root -p
Enter password:rootユーザのパスワード
Welcome to the MySQL monitor.  Commands end with ; or \g.
Your MySQL connection id is 4
Server version: 5.1.52 Source distribution

Copyright (c) 2000, 2010, Oracle and/or its affiliates. All rights reserved.
This software comes with ABSOLUTELY NO WARRANTY. This is free software,
and you are welcome to modify and redistribute it under the GPL v2 license

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

# データベースの一覧を表示します
mysql> show databases;
+--------------------+
| Database           |
+--------------------+
| information_schema |
| mysql              |
| test               |
+--------------------+
3 rows in set (0.00 sec)

# testデータベースは不要なので削除します
mysql> drop database test;
Query OK, 0 rows affected (0.04 sec)

mysql> show databases;
+--------------------+
| Database           |
+--------------------+
| information_schema |
| mysql              |
+--------------------+
2 rows in set (0.00 sec)

mysql> exit
bye