2024-04

FreeBSD13.3_en

FreeBSD13.3 ; Postfix ClamAV + Amavis + SpamassAssin

Install ClamAV on FreeBSD 13 and link it with Amavis against Postfix.ClamAV is anti-virus software.We will proceed on the assumption that you have already implemented Postfix.Before proceeding, update the Ports Collection.2. AmavisInstall Amavis, which links ClamAV and Postfix3. Anti-Spam with SpamAssassin3.1 SpamAssassin InstallIf you did not select spamassassin as an option when you installed Amavis, install it as follows
2024.04.08
FreeBSD13.3_en
fedora40_en

Fedora40 ; Suricata , SNORT3 Install

SuricataSURICATA IDS/IPS is an open source IDS that monitors communications on the network and detects suspicious traffic.The basic mechanism is signature-based, so it can detect predefined unauthorized communications. Suricata is also characterized by its ability to provide protection as well as detection.1. Suricata Installation and Configuration①Suricata installSNORT3Snort is an open source network intrusion detection system that can perform real-time traffic analysis and packet logging on IP networks.It can perform "protocol analysis," "content search," and "matching" and can be used to detect a variety of attacks such as buffer overflows, stealth port scans, CGI attacks, SMB probes, OS fingerprinting attempts, semantic URL attacks, and server message block probes. detection.
2024.04.27
fedora40_en
fedora40_en

Fedora40 ; Clamav , Mail Server

1. Clamav ( anti-virus software )1.1 Clam AntiVirus Install# dnf -y install clamav clamd clamav-update1.2 Edit Clam AntiVirus configuration file2. Mail server(Postfix)2.1 Postfix InstallInstall Postfix and build an SMTP server# dnf -y install postfixCheck if Postfix is installed3. Mail server(Dovecot)3.1 Dovecot Install# dnf -y install dovecot4.Create mail user and check operation4.1 advance preparation①Pretreatment for new usersWhen a new user is added, set up the system to automatically send and receive e-mail.Mail Server : Postfix + Clamav + clamav-milter+SpamAssassin1.Real-time scanning of e-mails①clamav-milter InstallVirus checks are performed on the mail server side using Clam AntiVirus.The mail server and Clam AntiVirus are linked using clamav-milter.
2024.04.27
fedora40_en
Almalinux9.3_en

AlmaLinux9.3 ; Suricata , Tripwire , Chkrootkit

SuricataSURICATA IDS/IPS is an open source IDS that monitors communications on the network and detects suspicious traffic.The basic mechanism is signature-based, so it can detect predefined unauthorized communications. Suricata is also characterized by its ability to provide protection as well as detection.1.advance preparation①Activate the EPEL RepositoryTripwire1.Installation# dnf install -y tripwireChkrootkit①Download and install chkrootkit
2024.04.17
Almalinux9.3_en
Rocky Linux9.3_en

Rocky Linux9.3 ; Logwatch , Disk Usage Check Script

1. Logwatch①Install# dnf install logwatch②Edit configuration file2.Introduce disk usage check script2.1 Script Creation# cd /var/www/system# vi disk_capacity_check.sh
2024.04.13
Rocky Linux9.3_en
Rocky Linux9.3_en

Rocky Linux9.3 ; SSL Certificate Acquisition( Let's Encrypt ) , Apache SSL , Mail SSL/TLS

1.Obtain an SSL certificate ( Let's Encrypt )Install the latest open ssl# dnf install openssl-devel1.1 advance preparation1.Package management system Snappy installedSince the SSL certificate issuing tool "certbot" of Let's Encrypt is recommended to be installed using "snap" after 2021, install Snapd first.(Can also be installed the traditional way with dnf or yum)2. Converting Apache to httpsInstall the following just in case# dnf -y install mod_ssl3. SSL/TLS (Let's Encrypt) settings on the mail server3.1 Obtaining a certificate for the mail serverObtain a certificate for the mail server, but it cannot be obtained in the same way as above, so the following with the "--standalone" option fails.
2024.04.12
Rocky Linux9.3_en
Rocky Linux9.3_en

Rocky Linux9.3 ; SSH connection with public key

SSH connection with authentication using public key cryptography Creation of public and private key pairsCreate a public/private key pair for a user connecting to the Linux server using OpenSSH.Use ssh-keygen to create key pairs.Creation of public/private key pairs is performed with remote login user privileges。If you do not specify the destination and file name, id_ed25519 and id_ed25519.pub will be created in /home/(user name)/.ssh/. On the way, enter the password for the key.
2024.04.11
Rocky Linux9.3_en
Rocky Linux9.3_en

Rocky Linux9.3 ; Various settings after installation

1.Disabling SELinuxFirst, disable selinux. selinux is a feature that improves auditing and security in Linux, but when enabled, it places considerable restrictions on the behavior of services and on what can be configured. Therefore, it is basically disabled in many cases.SELinux operating modesEnforcing : SELinux functionality is enabled and access control is enabledPermissive : SElinux will warn, but no access restrictions will be placeddisabled : Both SElinux function and access control are disabled2.System ModernizationPackage updates are performed as soon as possible immediately after OS installation.However, when a dnf update is performed, a kernel update is also performed at the same time.A kernel update may require rebooting the system or stopping services, or worse, a kernel panic may occur and the system may not boot. It is wiser to exclude the kernel from the update.The kernel can be excluded from updates by running dnf -y update with "--exclude=kernel*" after it.
2024.04.11
Rocky Linux9.3_en
Ubuntu24.04_en

Ubuntu Server24.04 ; OS Install

Ubuntu Server 24.04 Download Installation ImageThe installation media for Ubuntu Server can be downloaded from the official site on the Internet. As long as you have a fast connection, you can download the OS itself in about 2 to 3 minutes. You will need to create an installation CD/DVD from the downloaded iso file. (approx. 2.7G)The iso file itself can be used for installation on a virtual machine using Vmware or other software.The iso file can be downloaded from the "Official Ubuntu Download Site".Ubuntu 24.04 (released on April 25, 2024) is supported until April 2029, so it is safer to install the LTS version of Ubuntu 24.04 in the production environment.
2024.04.30
Ubuntu24.04_en
Almalinux9.3_en

AlmaLinux9.3 ; OS Install

AlmaLinux 9.3 InstallAlmaLinux OS is a project launched by CloudLinux in the US as an alternative to CentOS. Currently, the AlmaLinux OS Foundation is the development parent organization.Following the general availability of Red Hat Enterprise Linux 9.0, AlmaLinux 9.0 was released on May 26, 2022.Like Red Hat Enterprise Linux 9, AlmaLinux 9 utilizes the same package versions as the Linux 5.14 kernel, GCC 11, Python 3.9, and RHEL9.Cockpit web management interface, enhanced kernel live patching, improved container and cloud integration, OpenSSL 3, and other security improvements.This time we will install AlmaLinux 9.3 with a minor upgrade on Nov 11, 2023.1.AlmaLinux 9.3 DownloadAlmaLinux 9.3 installation image can be downloaded from the following sitehttps://almalinux.org
2024.04.15
Almalinux9.3_en
Rocky Linux9.3_en

Rocky Linux9.3 ; OS Install

Rocky Linux9.3The Rocky Release Engineering team announced the latest version of Rocky Linux 9.0 on July 14, 2022.Rocky Linux is a Linux distribution compatible with Red Hat Enterprise Linux; Rocky Linux 9 is a compatible release with RHEL 9 released in May and will be supported until the end of May 2032.This time we will install Rocky Linux 9.3, released NOVEMBER 20, 2023.
2024.04.10
Rocky Linux9.3_en
Ubuntu24.04_en

Ubuntu Server24.04 ; Initial settings after OS installation

1. Set root password and use SU commandIn the default configuration of Ubuntu, the root user is unavailable because no password has been set.By setting a password for the root user, transitions using the traditional [su] command will be possible.3. Make locate command availableThe find command is often used to search for specific files throughout the Linux system, but find is somewhat confusing in terms of specifying options.The locate command can extract all files with a specified filename.4. vim editor settingsUbuntu has vim installed by default4.1 Change vim settingsThere may be cases where you do not want to allow vim settings for all users. In such cases, a ".vimrc" file can be created in each user's home directory to change the vim environment for each user.In this case, we will create a ".vimrc" file in the root user's home directory "/root/" and apply it to all users.
2024.04.30
Ubuntu24.04_en
OracleLinux9.3_en

OracleLinux9.3 ; OS Install

OracleLinux9.3Oracle Linux provides a 100% application binary compatible alternative to Red Hat Enterprise Linux and  CentOS Linux for both hybrid and multi-cloud environments.Since 2006, Oracle Linux has been completely free to download and use. Source code, binaries and updates are provided free of charge. It is freely redistributable. Free for use in production environments.This time, we will proceed with the latest Oracle Linux 9.3.(November 15, 2023 Release)1.Oracle Linux9.3 DownloadOracle Linux 9.3 installation image (OracleLinux-R9-U3-x86_64-dvd.iso ) can be downloaded from the following sitehttps://www.oracle.com/linux/
2024.04.19
OracleLinux9.3_en
Ubuntu24.04_en

Ubuntu Server24.04 ; SSH , Firewall(UFW)

1. SSH Service Security SettingsThe SSH service allows the root user to log in by default, and since the root user already knows the user name and can log in to the server with administrative privileges once the password is known, we will deny this setting.1.1 Creating a General UserIf you have created a general user when installing Ubuntu 24.04, this procedure is not necessary.If you have already created a user at the time of OS installation, this procedure is not necessary. If you have already created a user during OS installation, this procedure is not necessary.If you have already created a user during OS installation, this procedure is not necessary. The "-m" option creates a home directory and the "-p" option specifies the password.For example, to set "ubuntuuser" as the user account name and "123456" as the password, execute as follows
2024.04.30
Ubuntu24.04_en
Ubuntu24.04_en

Ubuntu Server24.04 ; SSH connection with authentication using public key cryptography

SSH connection with authentication using public key cryptography Creation of public and private key pairsCreate a public/private key pair for a user connecting to the Linux server using OpenSSH.Use ssh-keygen to create key pairs.Creation of public/private key pairs is performed with remote login user privileges。If you do not specify the destination and file name, id_ed25519 and id_ed25519.pub will be created in /home/(user name)/.ssh/. On the way, enter the password for the key.
2024.04.30
Ubuntu24.04_en
Next page