<VirtualHost 192.168.1.100:80>
ServerAdmin oyaji@mail.aconus.com
DocumentRoot "/home"
ServerName www.aconus.com
<Directory "/home">
Options FollowSymLinks Includes ExecCGI
AllowOverride None
Order allow,deny
Allow from all
</Directory>
UserDir /home/*/public_html
<Directory /home/*/public_html>
AllowOverride FileInfo AuthConfig Limit
Options MultiViews SymLinksIfOwnerMatch ExecCGI IncludesNoExec
<Limit GET POST OPTIONS PROPFIND>
Order allow,deny
Allow from all
</Limit>
<LimitExcept GET POST OPTIONS PROPFIND>
Order deny,allow
Deny from all
</LimitExcept>
</Directory>
ErrorLog logs/error_log
SetEnvIf Remote_Addr 192.168. homelog nolog
SetEnvIf Request_URI "~akirin" akirinlog nolog
SetEnvIf Request_URI "default.ida" wormlog nolog
SetEnvIf Request_URI "root.exe" wormlog nolog
SetEnvIf Request_URI "cmd.exe" wormlog nolog
SetEnvIf Request_URI "Admin.dll" wormlog nolog
CustomLog logs/home_log common env=homelog
CustomLog logs/akirin_log combined env=akirinlog
CustomLog logs/worm_log common env=wormlog
CustomLog logs/access_log combined env=!nolog
</VirtualHost>
<VirtualHost 192.168.1.101:80>
ServerAdmin oyaji@mail.aconus.com
DocumentRoot "/var/www"
ServerName www.example.com
<Directory "/var/www">
Options FollowSymLinks Includes ExecCGI
AllowOverride None
Order allow,deny
Allow from all
</Directory>
ErrorLog logs/example.com-error_log
SetEnvIf Remote_Addr 192.168. homelog nolog
SetEnvIf Request_URI "default.ida" wormlog nolog
SetEnvIf Request_URI "root.exe" wormlog nolog
SetEnvIf Request_URI "cmd.exe" wormlog nolog
SetEnvIf Request_URI "Admin.dll" wormlog nolog
CustomLog logs/example.com-home_log common env=homelog
CustomLog logs/example.com-worm_log common env=wormlog
CustomLog logs/example.com-access_log combined env=!nolog
</VirtualHost>
<IfDefine SSL>
Listen 443
## SSL Global Context
# Some MIME-types for downloading Certificates and CRLs
AddType application/x-x509-ca-cert .crt
AddType application/x-pkcs7-crl .crl
# Pass Phrase Dialog:
SSLPassPhraseDialog builtin
# Inter-Process Session Cache:
SSLSessionCache dbm:logs/ssl_scache
SSLSessionCacheTimeout 300
# Semaphore:
SSLMutex file:logs/ssl_mutex
# Pseudo Random Number Generator (PRNG):
SSLRandomSeed startup builtin
SSLRandomSeed connect builtin
## SSL Virtual Host Context
<VirtualHost 192.168.1.100:443>
# General setup for the virtual host
ServerAdmin oyaji@mail.aconus.com
DocumentRoot "/home"
ServerName www.aconus.com:443
#ErrorLog logs/error_log
#TransferLog logs/access_log
<Directory "/home">
Options FollowSymLinks Includes ExecCGI
AllowOverride None
Order allow,deny
Allow from all
</Directory>
UserDir /home/*/public_html
<Directory /home/*/public_html>
AllowOverride FileInfo AuthConfig Limit
Options MultiViews SymLinksIfOwnerMatch ExecCGI IncludesNoExec
<Limit GET POST OPTIONS PROPFIND>
Order allow,deny
Allow from all
</Limit>
<LimitExcept GET POST OPTIONS PROPFIND>
Order deny,allow
Deny from all
</LimitExcept>
</Directory>
ErrorLog logs/error_log
SetEnvIf Remote_Addr 192.168. homelog nolog
SetEnvIf Request_URI "~akirin" akirinlog nolog
SetEnvIf Request_URI "default.ida" wormlog nolog
SetEnvIf Request_URI "root.exe" wormlog nolog
SetEnvIf Request_URI "cmd.exe" wormlog nolog
SetEnvIf Request_URI "Admin.dll" wormlog nolog
CustomLog logs/home_log common env=homelog
CustomLog logs/akirin_log combined env=akirinlog
CustomLog logs/worm_log common env=wormlog
CustomLog logs/access_log combined env=!nolog
# SSL Engine Switch:
# Enable/Disable SSL for this virtual host.
SSLEngine on
# SSL Cipher Suite:
SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
# Server Certificate:
SSLCertificateFile /usr/local/certs/server0.crt
# Server Private Key:
SSLCertificateKeyFile /usr/local/certs/server0.key
# This enables optimized SSL connection renegotiation handling when SSL
# directives are used in per-directory context.
#SSLOptions +FakeBasicAuth +ExportCertData +CompatEnvVars +StrictRequire
<Files ~ "\.(cgi|shtml|phtml|php3?)$">
SSLOptions +StdEnvVars
</Files>
<Directory "/usr/local/apache2/cgi-bin">
SSLOptions +StdEnvVars
</Directory>
# SSL Protocol Adjustments:
SetEnvIf User-Agent ".*MSIE.*" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
# Per-Server Logging:
CustomLog logs/ssl_request_log \
"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
</VirtualHost>
<VirtualHost 192.168.1.101:443>
# General setup for the virtual host
ServerAdmin oyaji@mail.aconus.com
DocumentRoot "/var/www"
ServerName www.example.com:443
#ErrorLog logs/error_log
#TransferLog logs/access_log
<Directory "/var/www">
Options FollowSymLinks Includes ExecCGI
AllowOverride None
Order allow,deny
Allow from all
</Directory>
ErrorLog logs/example.com-error_log
SetEnvIf Remote_Addr 192.168. homelog nolog
SetEnvIf Request_URI "default.ida" wormlog nolog
SetEnvIf Request_URI "root.exe" wormlog nolog
SetEnvIf Request_URI "cmd.exe" wormlog nolog
SetEnvIf Request_URI "Admin.dll" wormlog nolog
CustomLog logs/example.com-home_log common env=homelog
CustomLog logs/example.com-worm_log common env=wormlog
CustomLog logs/example.com-access_log combined env=!nolog
# SSL Engine Switch:
# Enable/Disable SSL for this virtual host.
SSLEngine on
# SSL Cipher Suite:
SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
# Server Certificate:
SSLCertificateFile /usr/local/certs/server1.crt
# Server Private Key:
SSLCertificateKeyFile /usr/local/certs/server1.key
# This enables optimized SSL connection renegotiation handling when SSL
# directives are used in per-directory context.
#SSLOptions +FakeBasicAuth +ExportCertData +CompatEnvVars +StrictRequire
<Files ~ "\.(cgi|shtml|phtml|php3?)$">
SSLOptions +StdEnvVars
</Files>
<Directory "/usr/local/apache2/cgi-bin">
SSLOptions +StdEnvVars
</Directory>
# SSL Protocol Adjustments:
SetEnvIf User-Agent ".*MSIE.*" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
# Per-Server Logging:
CustomLog logs/ssl_request_log \
"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
</VirtualHost>
</IfDefine>
1. /var/log/httpd/access_log /var/log/httpd/agent_log /var/log/httpd/error_log /var/log/httpd/referer_log {
2. missingok
3. sharedscripts
4. postrotate
5. /bin/kill -HUP `cat /var/run/httpd.pid 2>/dev/null` 2> /dev/null || true
6. endscript
7. }
↓削除、追加
1. /usr/local/apache2/logs/*_log {
2. missingok
3. sharedscripts
4. postrotate
5. /bin/kill -HUP `cat /usr/local/apache2/logs/httpd.pid 2>/dev/null` 2> /dev/null || true
6. endscript
7. }
1行目: logrotateしたいlogファイル名を*_logでワイルドカード指定。
2行目: ログファイルが無くとも、処理を正常終了させる。
3行目: 1行目で複数指定されたlogファイルに対し、postrotate以降設定されたコマンドを実行する。
4行目: このコマンドの後に、logファイルのローテーション後に実行するコマンドを記述する。
5行目: logファイルのローテーション後、apacheサーバにハングアップシグナル(HUP)を送り、再起動
させるためのもの。これにより、apacheが新たなlogファイルにログを出力するようになる。
6行目: postrotateの終端を示す。