「エアコンの安全な修理・適切なフロン回収」はこちら

2022-05

Ubuntu22.04

Ubuntu22.04 Server : バックアップと復元

1. System Backup 1.1 Backup under /var/www/html ①Create /var/www/system directory # mkdir -p /var/www/system 1.2Mysql database backup ①Create db_backup.sh script under /var/www/system # vi /var/www/system/db_backup.sh db_backup.sh script contents 2. System Restore 2.1 Restore backup files under HTML ① Store the HTML backup file to be used for backup in the "/ (root)" directory Select the backup file with the latest timestamp (e.g. www_back_20220501.tar.gz) 2.2Restore MySQL database ①Save DB backup file to any directory and decompress data # cd /var/www/backup/db_bak
Ubuntu22.04

Ubuntu22.04 Server : SNORT , Tripwire インストール

1.SNORTインストール Snortは、IPネットワーク上でリアルタイムのトラフィック分析とパケットロギングを実行で...
Ubuntu22.04

Ubuntu22.04 Server : MySQL 8 , WordPressインストール

1. MySQL 8 Install 1. 1Install # apt -y install mysql-server 1.2. MySQL Server Security Settings Run the tool mysql_secure_installation to configure security-related settings for the MySQL server. Once executed, several security settings are initiated in the form of questions. First, you will be asked if you want to use a plugin for password validation as follows. Password validation is a way to check the strength of a user's password for MySQL and restrict it to only accepting passwords that are secure enough. For example, it must be at least as many characters long as the user's password and must contain at least one symbol and one number. You can set this requirement by asking the following questions Type y and press Enter if you like 2.WordPress Install 2.1 Database Creation Create a database for Word Press (for example, in this case, the database name is "wp_db", the user name is "wp_user", and the password is "?Y123456y") If you receive a message "Your password does not satisfy the current policy requirements" when creating an account, please make sure your password is at least 8 characters long and includes upper and lower case letters, numbers, symbols, etc.
Ubuntu22.04

Ubuntu22.04 Server : Let’s Encrypt , Apache SSL化

1. Certificate Acquisition (Let's Encrypt) 1.1 advance preparation ①Enable mod_ssl # a2enmod ssl ②Install client tool to obtain Let's Encrypt certificate # apt -y install certbot ③Obtaining Certificates It is assumed that a web server such as Apache httpd or Nginx is running. If the Web server is not running on the server, perform step ④. It is also assumed that the server on which the work is to be performed (the server with the FQDN from which the certificate is to be obtained) is accessible from the Internet at port 80. 2. SSL/TLS (Let's Encrypt) configuration for Apache2 ①Edit Apache2 SSL-related configuration files # cd /etc/apache2/sites-available/ # cp default-ssl.conf hoge.com-ssl.conf # vi hoge.com-ssl.conf # Line 3:Administrator address change ServerAdmin <Administrator Email Address> # Line 5:change DocumentRoot /var/www/html/hoge.com/
Ubuntu22.04

Ubuntu Server 22.04 : NTP , FTP サーバー(Vsftpd)

1. Install a time synchronization service NTP server # apt -y install chrony # vi /etc/chrony/chrony.conf # Lines 20-23.:Comment the default settings and add the NTP server for your time zone. #pool ntp.ubuntu.com     iburst maxsources 4 #pool 0.ubuntu.pool.ntp.org iburst maxsources 1 #pool 1.ubuntu.pool.ntp.org iburst maxsources 1 #pool 2.ubuntu.pool.ntp.org iburst maxsources 2 pool ntp.nict.jp iburst 2. Install FTP server vsftpd ①Install # apt install vsftpd ②Allow PORT 21 at UFW # ufw allow ftp # ufw reload
Ubuntu22.04

Ubuntu Server 22.04 : SSH公開鍵暗号方式

SSH connection with authentication using RSA public key cryptography Creation of public and private key pairs Create a public/private key pair for a user connecting to a Linux server using OpenSSH. Use ssh-keygen to create key pairs. This time, we will create a key set using the RSA cipher used in the SSH protocol Version 2. Creation of public/private key pairs is performed with remote login user privileges (huong). If you do not specify the destination and file name, id_rsa and id_rsa.pub will be created in /home/huong/.ssh/. On the way, enter the password for the key
Ubuntu22.04

Ubuntu Server 22.04 : SSH , Firewall設定

1. SSH Service Security Settings The SSH service allows root user login by default. The root user can log in to the server with administrator privileges if the password is known because the user name is already known. 1.1 Creating a General User If you have created a general user when installing Ubuntu 22, this procedure is not necessary. If the only user created on the server is root, remote login via SSH will not be possible, so if a user has not been created during OS installation, a user must be created in advance. Users can be created with the "useradd" command. The "-m" option creates a home directory and the "-p" option specifies the password. For example, to set "ubuntuuser" as the user account name and "123456" as the password, execute the following 2. Firewall Settings Since Ubuntu often uses software called "ufw" to configure firewalls, we will use ufw to configure firewall settings. ufw is installed when the OS is installed. Filter rules to be set in ufw • All packets forwarded to the server are rejected • All packets sent from the server to the outside are allowed • The first port to allow is the port for SSH (2244) • Limit packets coming into the server
Ubuntu22.04

Ubuntu Server22.04 : イメージの入手とインストール

Download Ubuntu Server 22.04 installation image Ubuntu Server installation media can be downloaded from official sites on the Internet. You will need to create an installation CD/DVD from the downloaded iso file. (approx. 1.2G) The iso file itself is available for installation on a virtual machine using Vmware or other software. The iso file can be downloaded from the "Official Ubuntu Download Site". Ubuntu Server 22.04 installed Change the BIOS so that the PC can boot from the installation disk created above. 1.Installation screen ①Select your language and press [ENTER]. Select English
Ubuntu22.04

Ubuntu Server 22.04 : 初期設定

1. set root password and use SU commands In the default configuration of Ubuntu, the root user is unavailable because no password has been set. By setting a password for the root user, transitions using the conventional [su] command will be possible. 2. update the system # apt update # apt upgrade 3. make the locate command available The find command is often used to search for specific files throughout the Linux system, but find is somewhat confusing in specifying options. The locate command can extract all files with a specified filename. 4. vim editor settings Ubuntu has vim installed by default 4.1 Changing vim settings There may be cases where you do not want to allow vim settings for all users. In such cases, you can configure the vim environment by creating a ".vimrc" file in the user's home directory that allows you to change the vim environment for each user. 5. 5. network settings 5.1 Host Name Settings This procedure is not necessary if you have already set the host name at the time of Ubuntu installation and wish to use the host name as it is. To change the hostname, use the "hostnamectl set-hostname" command. 6. Configure server time synchronization Configure "timesyncd", a service that automatically adjusts the server time. 6.1Configuration of timesyncd service
Ubuntu22.04

Ubuntu Server 22.04 : WEBサーバー(Apache)

Apache2 installation. Allow http:80 port and https:443 port in UFW first. # ufw allow http # ufw allow https # ufw reload 3 Apache2 : Using Perl Scripts Enable CGI to make Perl scripts available ①Install Perl # apt -y install perl 4 Apache2 : Using PHP Scripts ①Install PHP # apt -y install php php-cgi libapache2-mod-php php-common php-pear php-mbstring ②Apache2 Configuration 5 Apache2 : Virtual Host Configuration ①Copy the default configuration file (file name is arbitrary, in this case vhost-yourdomain.conf as an example) and configure the virtual host
Ubuntu22.04

Ubuntu22.04 Server : ウイルス対策 , Mail Server

1.Introduced Clamav antivirus software 1.1 Install # apt install clamav clamav-daemon The clamav-related configuration files are installed in the /etc/clamav/ folder. 1.2 Virus Definition Update # systemctl stop clamav-freshclam  # freshclam 2.Email software installation 2.1 Postfix : Installation/Configuration Install Postfix and build an SMTP server; SMTP uses 25/TCP. To prevent unauthorized mail relay, use the SASL function of Dovecot, described below, and configure Postfix so that authentication is also required for sending mail. 2.4 Applied ClamAV to mail server Postfix Set up Postfix and Clamav to work together to scan incoming and outgoing mail in real time. If the server is not using a fully qualified domain name (FQDN) as the hostname, Amavis may fail to start. Also, since the OS hostname may change, set a valid hostname directly in the Amavis configuration file 2.5 Applied spamassassin to mail server Postfix 2.5.1 Install spamassassin ①Install
Ubuntu22.04

Ubuntu22.04 Server : DiCE , Logwatch , Disk使用量チェック

1. DiCE  Install Whenever the global IP changes, which happens when the network is disconnected or the router is disconnected and rebooted, the dynamic DNS must be accessed to inform the user that the global IP has changed. DiCE does this automatically! 2. Introduce disk usage check script 2.1 Create Script # cd /opt/script/ # vi disk_capacity_check.sh 3. Log analysis tool logwatch installed 3.1 Install # apt -y install logwatch 3.2 Edit logwatch configuration file ①Copy the default configuration file
fedora

Fedora35 : Logwatch , DiCEのインストール

Logwatch Introduction ①Install # dnf install logwatch ②Edit configuration file # cat /usr/share/logwatch/default.conf/logwatch.conf >> /etc/logwatch/conf/logwatch.conf # vi /etc/logwatch/conf/logwatch.conf Installing DiCE Whenever the global IP changes, which happens when the network is disconnected or the router is disconnected and rebooted, the dynamic DNS must be accessed to inform the user that the global IP has changed. DiCE does this automatically!
fedora

Fedora35 : SNORT , Tripwire , Chkrootkit

SNORT Installation 1.advance preparation ①Add the CodeReady Red Hat repository and install the required software # dnf -y install bison flex libpcap-devel pcre-devel openssl-devel libdnet-devel libtirpc-devel libtool nghttp2 libnghttp2-devel # mkdir /var/src Tripwire Installation 1.Download and installation # cd /usr/local/src # wget https://rpmfind.net/linux/epel/8/Everything/x86_64/Packages/t/tripwire-2.4.3.7-5.el8.x86_64.rpm # rpm -Uvh tripwire-2.4.3.7-5.el8.x86_64.rpm
fedora

Fedora35 : ウイルス対策 、Mailサーバー

Install Clamav ( anti-virus software ) 1.Install Clam AntiVirus # dnf -y install clamav clamd clamav-update 2.Edit Clam AntiVirus configuration file # vi /etc/clamd.d/scan.conf ●Line 14. # Default: disabled LogFile /var/log/clamd.scan ← Uncomment Mail Server Install 1. Install Postfix 1.1 Install Install Postfix and build an SMTP server # dnf -y install postfix Check if Postfix is installed # rpm -qa | grep postfix postfix-3.6.4-1.fc35.x86_64 Mail サーバー : Postfix + Clamav + Amavisd+SpamAssassin 1.Real-time scanning of E-mails ①Install Amavisd and Clamav Server # dnf -y install amavisd-new clamd perl-Digest-SHA1 perl-IO-stringy ➁Configuration File Edit # vi /etc/clamd.d/scan.conf
タイトルとURLをコピーしました