보안서버를 구축하게 되면 아래와 같이 구동 시에 비밀번호를 입력해야 합니다. 이때 간단한 설정으로 자동으로 비밀번호를 입력할 수 있습니다.
가. 비밀번호 자동 입력
[root@smson bin]# ./apachectl startssl
[Thu Oct 30 15:18:43 2008] [alert] httpd: Could not determine the server's fully qualified domain name, using 127.0.0.1 for ServerName
Apache/1.3.33 mod_ssl/2.8.24 (Pass Phrase Dialog)
Some of your private key files are encrypted for security reasons.
In order to read them you have to provide us with the pass phrases.
Server analysis.wsos.co.kr:443 (RSA)
Enter pass phrase:
Ok: Pass Phrase Dialog successful.
./apachectl startssl: httpd started
[root@smson ssl]# vi pw.sh
#!/bin/sh
echo "password"
#!/bin/sh
echo "password"
[root@smson ssl]# vi /usr/local/apache-ssl/conf/httpd.conf
<IfModule mod_ssl.c>
<IfModule mod_ssl.c>
# Pass Phrase Dialog:
# Configure the pass phrase gathering process.
# The filtering dialog program (`builtin' is a internal
# terminal dialog) has to provide the pass phrase on stdout.
#SSLPassPhraseDialog builtin
SSLPassPhraseDialog exec:/usr/local/apache-ssl/conf/ssl/pw.sh
# Configure the pass phrase gathering process.
# The filtering dialog program (`builtin' is a internal
# terminal dialog) has to provide the pass phrase on stdout.
#SSLPassPhraseDialog builtin
SSLPassPhraseDialog exec:/usr/local/apache-ssl/conf/ssl/pw.sh
나. 부팅시 자동 시작
리눅스가부팅 할때 /etc/rc* 에 있는 파일들을 실행합니다. rc 뒤에 붙은 숫자는 run level을 뜻합니다. 리눅스는 부팅 시에 run level을 지정할 수 있는데 일반적인 작업에서 사용되는 run level은 3입니다. 아래와 같이 간단한 스크립트를 작성하여 링크를 시켜 주시면 됩니다.
[root@smson bin]# cat apachectlstartssl
#!/bin/sh
/usr/local/apache-ssl/bin/apachectl startssl
[root@smson bin]# cd /etc/rc
rc rc1.d rc3.d rc5.d rc.d rc.sysinit
rc0.d rc2.d rc4.d rc6.d rc.local
[root@smson bin]# cd /etc/rc3.d/
[root@smson rc3.d]# rm -rf S99apache
[root@smson rc3.d]# ln -s /usr/local/apache-ssl/bin/apachectlstartssl S99apache
[root@smson rc3.d]# ls -al
total 12
drwxr-xr-x 2 root root 4096 Oct 30 17:50 .
drwxr-xr-x 10 root root 4096 Oct 30 17:30 ..
lrwxrwxrwx 1 root root 15 Jun 17 2005 K03rhnsd -> ../init.d/rhnsd
...
lrwxrwxrwx 1 root root 43 Oct 30 17:50 S99apache -> /usr/local/apache-ssl/bin/apachectlstartssl
lrwxrwxrwx 1 root root 41 Jun 17 2005 S99mysql -> /usr/local/mysql/share/mysql/mysql.server
[root@smson rc3.d]#
#!/bin/sh
/usr/local/apache-ssl/bin/apachectl startssl
[root@smson bin]# cd /etc/rc
rc rc1.d rc3.d rc5.d rc.d rc.sysinit
rc0.d rc2.d rc4.d rc6.d rc.local
[root@smson bin]# cd /etc/rc3.d/
[root@smson rc3.d]# rm -rf S99apache
[root@smson rc3.d]# ln -s /usr/local/apache-ssl/bin/apachectlstartssl S99apache
[root@smson rc3.d]# ls -al
total 12
drwxr-xr-x 2 root root 4096 Oct 30 17:50 .
drwxr-xr-x 10 root root 4096 Oct 30 17:30 ..
lrwxrwxrwx 1 root root 15 Jun 17 2005 K03rhnsd -> ../init.d/rhnsd
...
lrwxrwxrwx 1 root root 43 Oct 30 17:50 S99apache -> /usr/local/apache-ssl/bin/apachectlstartssl
lrwxrwxrwx 1 root root 41 Jun 17 2005 S99mysql -> /usr/local/mysql/share/mysql/mysql.server
[root@smson rc3.d]#
apache 웹방화벽 모듈 modsecurity용 웹설정 툴, Remo