2024-05

1.Install NTP server 2. Install FTP server vsftpd 2.1Installation and configuration ①Install 2.2 Vsftpd Over SSL/TLS ①Create a self-signed certificate. If you are using a trusted, legitimate certificate such as Let's Encrypt, you do not need to do this work. 3. File server installation with Samba Build a file server with access rights that requires user authentication with Samba. Installation Procedure (1) Create a shared folder with access rights that requires user authentication. (2) Create a group with access rights (3)Create users belonging to groups that can be accessed (4)Edit configuration file

Apache2 Install Allow http:80 port and https:443 port in UFW first. 3 Apache2 : Using Perl Scripts Enable CGI to make Perl scripts available ①Perl Install 4 Apache2 : Using PHP Scripts ①PHP Install 5 Apache2 : Virtual Host Settings ①Copy the default configuration file (file name is arbitrary, in this case vhost-yourdomain.conf as an example) and configure the virtual host 6. Digest authentication with Apache2 Since Basic Authentication, a well-known authentication authentication method for http, transmits authentication information in plain text, there is a risk of ID and password leakage if the packet is intercepted. On the other hand, Digest Authentication encrypts the authentication information and sends it in encrypted form, so there is almost no risk of information leakage.

1.Anti-virus software Clamav installed 1.1 Install The clama...

1. Obtain a certificate(Let's Encrypt) 1.1 advance preparation 1.Enable mod_ssl # a2enmod ssl 2.Package management system Snappy installed Let's Encrypt's SSL certificate issuing tool "certbot" is recommended to be installed using "snap" after 2021, so install Snapd first. 2. SSL/TLS (Let's Encrypt) configuration for Apache2 ①Edit Apache2 SSL-related configuration files hoge.com-ssl in hoge.com-ssl.conf is an arbitrary name 3. SSL/TLS (Let's Encrypt) settings on the mail server 3.1 Obtaining a certificate for the mail server Obtain a certificate for the mail server, but it cannot be obtained in the same way as above, so the following with the "--standalone" option fails.

1. MariaDB Install 1. 1Install 1.2. MariaDB Server Security Settings Run the tool mysql_secure_installation to configure security-related settings for the MariaDB server. Once executed, the tool will start several security settings in the form of questions. First, you will be asked if you want to use a plugin for password validation, as shown below. Password validation is a plugin that checks the strength of a user's password for MariaDB and restricts it to accepting only passwords that are secure enough. For example, it must be at least as many characters long as the user's password and must contain at least one symbol and one number. You can set this requirement by asking the following question Type y and press Enter if you like 2.WordPress Install 2.1 Create database

Tripwire Implement a system to detect file tampering on Linux servers by crackers. This time, Tripwire, a host-based IDS (IDS=Intrusion Detection System), will be installed as the file tampering detection system. Tripwire detects file additions/changes/deletions by creating a database of file status at the time of installation and comparing the database with the current status of the file. 1. Installation and configuration. Introduce disk usage check script 1. Script Creation Log analysis tool Logwatch installed 1.  Install logwatch

1. System Backup 1.1 Backup under /var/www/html ①Create /var/www/system directory 1.2 MariaDB database backup ①Create db_backup.sh script under /var/www/system 2. System Restore 2.1 Restore backup files under HTML ①Store HTML backup files used for backup in the "/ (root)" directory Select the backup file with the latest timestamp (Example: www_back_20231009.tar.gz) 2.2 Restore MariaDB database ①Save DB backup file to any directory and decompress data

Suricata SURICATA IDS/IPS is an open source IDS that monitors communications on the network and detects suspicious traffic. Its basic mechanism is signature-based, so it can detect predefined unauthorized communications. Suricata is also characterized by its ability to provide protection as well as detection. 1.Suricata Install ①Install required packages Snort3 1.Install required packages # apt install build-essential libpcap-dev libpcre3-dev libnet1-dev zlib1g-dev luajit hwloc libdumbnet-dev bison flex liblzma-dev openssl libssl-dev pkg-config libhwloc-dev cmake cpputest libsqlite3-dev uuid-dev libcmocka-dev libnetfilter-queue-dev libmnl-dev autotools-dev libluajit-5.1-dev libunwind-dev libfl-dev -y 2. Install DAQ library