ifnull/gist:4955258

## gistfile1.sh
######
###### http://www.altmake.com/2013/03/06/secure-lamp-setup-on-amazon-linux-ami/
######


# http://imperialwicket.com/aws-quick-and-secure-lamp-on-amazon-linux
sudo su -
yum -y update
# add the AMP
yum install -y httpd mysql mysql-server php php-mysql php-xml php-pdo php-odbc \
  php-soap php-common php-cli php-mbstring php-bcmath php-ldap php-imap php-gd

# Add a user and give sudo privs
useradd someUser
passwd someUser
# Give password
vim /etc/sudoers
# if this is unfamiliar to you, be careful:
# insert line "someUser   ALL=(ALL)    NOPASSWD: ALL"
sudo useradd -g www-data someUser

# Configure ssh key and disable password authentication
cd /home/someUser
mkdir .ssh
vim .ssh/authorized_keys
# add your pub key to authorized_keys
chown -R someUser:someUser .ssh/
chmod 700 .ssh
chmod 600 .ssh/*
vim /etc/ssh/ssh_config
# insert line "PasswordAuthentication no"
service sshd restart
# Validate connection in another terminal before exiting the current session!

# Primary MySQL config
chkconfig mysqld on
service mysqld start
/usr/bin/mysql_secure_installation
# Root access from local only
# Set a root password (that's good)
# Delete test db
# Delete anonymous users

# Apache chkconfig on
chkconfig httpd on
service httpd start

# Create a mysql user/schema for your site(s)
# DON'T CONNECT AS ROOT FOR YOUR WEB APPS
mysql -u root -p
# Enter the password you set
mysql> CREATE SCHEMA someAppName;
mysql> GRANT ALL ON someAppName.* TO someAppName@'%' IDENTIFIED BY 'somePassword';
	######
	###### http://www.altmake.com/2013/03/06/secure-lamp-setup-on-amazon-linux-ami/
	######




	# http://imperialwicket.com/aws-quick-and-secure-lamp-on-amazon-linux
	sudo su -
	yum -y update
	# add the AMP
	yum install -y httpd mysql mysql-server php php-mysql php-xml php-pdo php-odbc \
	php-soap php-common php-cli php-mbstring php-bcmath php-ldap php-imap php-gd

	# Add a user and give sudo privs
	useradd someUser
	passwd someUser
	# Give password
	vim /etc/sudoers
	# if this is unfamiliar to you, be careful:
	# insert line "someUser ALL=(ALL) NOPASSWD: ALL"
	sudo useradd -g www-data someUser

	# Configure ssh key and disable password authentication
	cd /home/someUser
	mkdir .ssh
	vim .ssh/authorized_keys
	# add your pub key to authorized_keys
	chown -R someUser:someUser .ssh/
	chmod 700 .ssh
	chmod 600 .ssh/*
	vim /etc/ssh/ssh_config
	# insert line "PasswordAuthentication no"
	service sshd restart
	# Validate connection in another terminal before exiting the current session!

	# Primary MySQL config
	chkconfig mysqld on
	service mysqld start
	/usr/bin/mysql_secure_installation
	# Root access from local only
	# Set a root password (that's good)
	# Delete test db
	# Delete anonymous users

	# Apache chkconfig on
	chkconfig httpd on
	service httpd start

	# Create a mysql user/schema for your site(s)
	# DON'T CONNECT AS ROOT FOR YOUR WEB APPS
	mysql -u root -p
	# Enter the password you set
	mysql> CREATE SCHEMA someAppName;
	mysql> GRANT ALL ON someAppName.* TO someAppName@'%' IDENTIFIED BY 'somePassword';