2022-10

1. Introduce disk usage check script 1.1 Scripting # cd /opt/script/ # vi disk_capacity_check.sh Contents of disk_capacity_check.sh Configured to notify when disk usage exceeds 80%. 2. Log analysis tool logwatch installed 2.1 logwatch Install # apt -y install logwatch 2.2 Edit logwatch configuration file

1. Antivirus software Clamav installed Install Clam AntiVirus, a free anti-virus software for Linux, as an anti-virus measure. By installing this anti-virus software, you can not only scan the entire server for viruses, but also scan incoming and outgoing mail for viruses if you build and configure a mail server. 1.1 Install # apt install clamav clamav-daemon 2. Mail server installation Postfix was developed as a Mail Transport Agent (MTA) to replace sendmail, and is a mail server that is highly compatible with sendmail, secure, easy to maintain, and fast. In addition, since Postfix only functions as an SMTP server for sending mail, the POP server Dovecot for receiving mail will be installed separately in the latter half. 2.1 Postfix : Installation Configuration 3 Applied ClamAV to mail server Postfix Set up Postfix and Clamav to work together to scan incoming and outgoing mail in real time. ①Install Amavisd and Clamav Daemon and start Clamav Daemon

1. Install NTP server # apt -y install chrony # vi /etc/chrony/chrony.conf # Line 8.：Comment the default settings and add the NTP server for your time zone. #pool 2.debian.pool.ntp.org iburst pool ntp.nict.jp iburst # Add to the last line (Range for which time synchronization is allowed) allow 192.168.11.0/24 2. Install FTP Server 2.1 Install Vsftpd # apt install vsftpd FTP Port21 allowed # ufw allow ftp # ufw reload

1. SSH Service Security Settings The SSH service allows the root user to log in by default, and since the root user already knows the user name and can log in to the server with administrative privileges once the password is known, we will deny this setting. 2. Firewall Settings Since Debian often uses software called "ufw" to configure firewalls, we will configure firewall settings using ufw. Since ufw is not installed when the OS is installed, the ufw package must be installed prior to configuration. The following is a procedure to configure minimal filter settings after installation. Filter rules to be set in ufw • All packets forwarded to the server are rejected • All packets sent from the server to the outside are allowed • The first port to allow is the port for SSH • Limit packets coming into the server