2022-05

1. Certificate Acquisition (Let's Encrypt)1.1 advance preparation①Enable mod_ssl# a2enmod ssl②Install client tool to obtain Let's Encrypt certificate# apt -y install certbot③Obtaining CertificatesIt is assumed that a web server such as Apache httpd or Nginx is running.If the Web server is not running on the server, perform step ④.It is also assumed that the server on which the work is to be performed (the server with the FQDN from which the certificate is to be obtained) is accessible from the Internet at port 80.

1.Introduced Clamav antivirus software1.1 Install# apt install clamav clamav-daemonThe clamav-related configuration files are installed in the /etc/clamav/ folder.1.2 Virus Definition Update# systemctl stop clamav-freshclam # freshclam

Apache2 installation.Allow http:80 port and https:443 port in UFW first.# ufw allow http# ufw allow https# ufw reload1 Install Apache2# apt -y install apache22 Apache2 Basic Settings

1. Install a time synchronization service NTP server# apt -y install chrony# vi /etc/chrony/chrony.conf# Lines 20-23.：Comment the default settings and add the NTP server for your time zone.#pool ntp.ubuntu.com     iburst maxsources 4#pool 0.ubuntu.pool.ntp.org iburst maxsources 1#pool 1.ubuntu.pool.ntp.org iburst maxsources 1#pool 2.ubuntu.pool.ntp.org iburst maxsources 2

SSH connection with authentication using RSA public key cryptographyCreation of public and private key pairsCreate a public/private key pair for a user connecting to a Linux server using OpenSSH.Use ssh-keygen to create key pairs.This time, we will create a key set using the RSA cipher used in the SSH protocol Version 2.Creation of public/private key pairs is performed with remote login user privileges (huong).If you do not specify the destination and file name, id_rsa and id_rsa.pub will be created in /home/huong/.ssh/. On the way, enter the password for the key.

1. SSH Service Security SettingsThe SSH service allows root user login by default.The root user can log in to the server with administrator privileges if the password is known because the user name is already known.1.1 Creating a General UserIf you have created a general user when installing Ubuntu 22, this procedure is not necessary.If the only user created on the server is root, remote login via SSH will not be possible, so if a user has not been created during OS installation, a user must be created in advance.

1. Set root password and use SU commandThe root user is unavailable in the default Ubuntu configuration because no password is set.Setting a password for the root user allows transitions using the conventional [su] command.$ sudo passwd root[sudo] password for ← Current user's passwordEnter new UNIX password: ← Enter the root user password to be setRetype new UNIX password: ← Re-entry force