業務用エアコン関連の技術情報、エラーコード、環境問題対策に関する別サイト「エアコンの安全な修理・適切なフロン回収」

2023-10

Rocly Linux8.8_en

RockyLinux8.8 : OS Install

Rocky Linux Install1.Rocky Linux 8.8 DownloadRocky Linux 8.8 installation image can be downloaded from the following sitehttps://rockylinux.org/download2.Rocky Linux 8.8 InstallイInstall USB media Change BIOS settings to boot from USB media.2.1 Installation initial screenPress the [tab] key, enter "resolution=1024x768" and press the [Enter] key.This way, the right edge of the installation screen is displayed without being cut off.
AlmaLinux8.8_en

AlmaLinux8.8 : Anti-virus(Clamav) , Mail Server

Clamav (anti-virus software)Install1.Clam AntiVirus InstallMail Server Install1. Postfix1.1 InstallInstall Postfix and build an SMTP serverMail Server : Postfix + Clamav + Amavisd+SpamAssassin1.Real-time scanning of e-mails①Amavisd ,Clamav Server install
AlmaLinux8.8_en

AlmaLinux8.8 : WEB Server(Apache2) & Virtual Hosts

1.Apache2 Install , Virtual Host Configuration1.1 Apache2 install①httpd install# dnf -y install httpd1.3 Virtual Host SettingsAssign and configure the domain name [rocky.korodes.com] to the document root [/var/www/html/rocky.korodes.com] directory for virtual host operation2. Use of CGI Scripts①CGI availability check3. PHP installation and configuration1.PHP8 Install4. Digest authentication with Apache2Since Basic Authentication, a well-known authentication authorization method for http, sends authentication information in plain text, there is a risk of ID and password leakage if the packet is intercepted.On the other hand, Digest Authentication encrypts and transmits authentication informa
AlmaLinux8.8_en

AlmaLinux8.8 : FTP Server , Samba FileServer

1.FTP Server1. 1 vsftpd Install# dnf install vsftpdversion check2. Vsftpd over SSL/TLSLS2.1 Create self-signed certificatesThis work is not required if you are using a trusted, legitimate certificate such as Let's Encrypt.3. File server installation with SambaBuild a file server with access rights that requires user authentication with Samba.Installation Procedure①Create shared folders with access rights that require user authentication②Accessible group creation③Creation of users belonging to accessible groups④Configuration File Editing
AlmaLinux8.8_en

AlmaLinux8.8 : SSH connection using public key cryptography

Create a key pairCreate a public/private key pair for a user connecting to a Linux server using OpenSSH.Use ssh-keygen to create the key pair.The creation of a public/private key pair must be done as a user with remote login privileges.If you do not specify the destination and file name, id_ed25519 and id_ed25519.pub will be created in /home/(user name)/.ssh/. On the way, enter the password for the key.
AlmaLinux8.8_en

AlmaLinux8.8 : SSH、firewalld 、NTP Server

1.Remote connection via SSHSSH is a service for connecting remotely to a server and is basically running immediately after the OS is installed, but the default settings are somewhat insecure.Here we will configure the default settings to increase the security of ssh connections.1.1 Edit SSH service configuration fileModify the configuration file to change the SSH service settings.The SSH service configuration file is "/etc/ssh/sshd_config".
AlmaLinux8.8_en

AlmaLinux8.8 : Initial setup after OS installation

1.Disable SELinuxFirst, disable selinux. selinux is a feature that improves auditing and security in Linux, but when enabled, it places considerable restrictions on the behavior of services and on what can be configured. Therefore, it is basically disabled in many cases. If you build a server while browsing a website and it does not work as expected, it may be due to the fact that selinux is enabled. Therefore, do not forget to disable it after installation.You can disable it by doing the following
AlmaLinux8.8_en

AlmaLinux8.8 : OS Install

AlmaLinux 8.8 InstallAlmaLinux OS is a project launched by US CloudLinux as an alternative to CentOS. Currently, the AlmaLinux OS Foundation is the development parent organization.This time we will install AlmaLinux 8.8, a minor upgrade on May 18, 2023.1.AlmaLinux 8.8 DownloadAlmaLinux 8.8 installation image can be downloaded from the following sitehttps://almalinux.org
Ubuntu23.04_en

Ubuntu Server23.04 : System Backup & Restore

1. System Backup1.1 Backup under /var/www/html①Create /var/www/system directory1.2 MariaDB database backup①Create db_backup.sh script under /var/www/system2. System Restore2.1 Restore backup files under HTML①Store HTML backup files used for backup in the "/ (root)" directorySelect the backup file with the latest timestamp(Example: www_back_20231009.tar.gz)2.2 Restore MariaDB database①Save DB backup file to any directory and decompress data
Ubuntu23.04_en

Ubuntu Server23.04 : disk usage check script , Logwatch

1. Introduce disk usage check script1.1 Script Creation2. Log analysis tool Logwatch installed2.1 Install logwatch
Ubuntu23.04_en

Ubuntu Server23.04 : SNORT2 , Tripwire

1.SNORT2 InstallSnort is an open source network intrusion detection system that can perform real-time traffic analysis and packet logging on IP networks.It can perform "protocol analysis," "content search," and "matching," and can be used to detect a variety of attacks, including buffer overflows, stealth port scans, CGI attacks, SMB probes, OS fingerprinting attempts, semantic URL attacks, and server message block probes. The SNORT3 can be used to detect a wide variety of attacks, includingTo install SNORT3, see2.Tripwire InstallImplement a system to detect file tampering on Linux servers by crackers.This time, Tripwire, a host-based IDS (IDS=Intrusion Detection System), will be installed as the file tampering detection system.Tripwire detects file additions/changes/deletions by creating a database of file status at the time of installation and comparing the database with the current status of the file.
Ubuntu22.04_en

Ubuntu 22.04 & 23.04 Server : SNORT3 Install

Snort3 InstallThe default universe repository for Ubuntu22.04,23.04 is snort2.9 as shown below, so build, compile and install Snort3 from the source code
Ubuntu23.04_en

Ubuntu Server23.04 : MariaDB , WordPress Install

1. MariaDB Install1. 1Install1.2. MariaDB Server Security SettingsRun the tool mysql_secure_installation to configure security-related settings for the MariaDB server.Once executed, the tool will start several security settings in the form of questions. First, you will be asked if you want to use a plugin for password validation, as shown below.Password validation is a plugin that checks the strength of a user's password for MariaDB and restricts it to accepting only passwords that are secure enough. For example, it must be at least as many characters long as the user's password and must contain at least one symbol and one number. You can set this requirement by asking the following questionType y and press Enter if you like2.WordPress Install2.1 Create database
Ubuntu23.04_en

Ubuntu Server23.04 : Web server, Mail server SSL conversion (Let's Encrypt)

1.Obtain a certificate (Let's Encrypt)1.1 advance preparation1.Enable mod_ssl2.Package management system Snappy installedLet's Encrypt's SSL certificate issuing tool "certbot" is recommended to be installed using "snap" after 2021, so install Snapd first. (It can also be installed using the conventional method with dnf or yum)1.3 Obtain a Let's Encrypt CertificateIt is assumed that a web server such as Apache httpd or Nginx is running.If the web server is not running on the server where the work is to be performed, follow the procedure below under "Obtaining a Let's Encrypt certificate when the web server is not running".It is also assumed that the server on which the work is to be performed (the server with the FQDN of the server from which you want to obtain the certificate) is accessible from the Internet at port 80.2. SSL/TLS (Let's Encrypt) configuration for Apache2①Edit Apache2 SSL-related configuration files3. SSL/TLS (Let's Encrypt) settings on the mail server3.1 Obtaining a certificate for the mail serverObtain a certificate for the mail server, but it cannot be obtained in the same way as above, so the following with the "--standalone" option fails.
Ubuntu23.04_en

Ubuntu Server23.04 : Anti-Virus(Clamav) , Mail Server

1.Anti-virus software Clamav installed1.1 Install# apt install clamav clamav-daemonThe clamav-related configuration files are installed in the "/etc/clamav/" folder.2. Email software installation2.1 Postfix : Installation/ConfigurationInstall Postfix and build an SMTP server. 25/TCP is used for SMTP.To prevent unauthorized mail relay, use the SASL function of Dovecot (see below), and configure Postfix so that authentication is required even for outgoing mail.2.2 Dovecot : Installation/ConfigurationInstall Dovecot and build a POP/IMAP server, using 110/TCP for POP and 143/TCP for IMAP2.7 Applied ClamAV to mail server PostfixSet up Postfix and Clamav to work together to scan incoming and outgoing mail in real time.①Install Amavisd and Clamav Daemon and start Clamav Daemon2.7 Applied ClamAV to mail server PostfixSet up Postfix and Clamav to work together to scan incoming and outgoing mail in real time.①Install Amavisd and Clamav Daemon and start Clamav Daemon2.7 Applied ClamAV to mail server PostfixSet up Postfix and Clamav to work together to scan incoming and outgoing mail in real time.①Install Amavisd and Clamav Daemon and start Clamav Daemon2.8Applied spamassassin to mail server Postfix2.5.1 spamassassin install①Install