業務用エアコン関連の技術情報、エラーコード、環境問題対策に関する別サイト「エアコンの安全な修理・適切なフロン回収」

nuy

OracleLinux9.2-en

OracleLinux9.2 : SSH connection with SSH key pair

SSH connection with authentication using public key Creation of public and private key pairsCreate a public/private key pair for a user connecting to the Linux server using OpenSSH.Use ssh-keygen to create key pairs.Creation of public/private key pairs is performed with remote login user privileges.If you do not specify the destination and file name, id_ed25519 and id_ed25519.pub will be created in /home/(user name)/.ssh/. On the way, enter the password for the key.
OracleLinux9.2-en

OracleLinux9.2 : SSH Remote connection , Firewalld , NTP Server

1.Setting up a remote connection via SSHSSH is a service for connecting remotely to a server and is basically running immediately after the OS is installed, but the default settings are somewhat insecure.Here we will configure the default settings to increase the security of SSH connections.2.Firewall (Firewalld) settingsIn Oracle, the firewall is firewalld configured by default and enabled during OS installation.To briefly explain "firewalld," when setting communication control policies, communication permission/blocking rules are applied to predefined zones, and these zones are then assigned to each NIC (network adapter).
OracleLinux9.2-en

OracleLinux9.2 : Initial settings after OS installation

1.Install bash completion extension package# dnf -y install bash-completion# reboot2.Disabling SELinuxFirst, disable selinux. selinux is a feature that improves auditing and security in Linux, but when enabled, it can limit the behavior of services and the contents of the configuration considerably.Therefore, it is basically a case of invalidation in many cases.SELinux operating modesEnforcing : SELinux functionality is enabled and access control is enabledPermissive : SElinux will warn, but no access restrictions will be placeddisabled : Both SElinux function and access control are disabled
OracleLinux9.2-en

OracleLinux9.2 : OS Install

OracleLinux9.2Oracle Linux provides a 100% application binary compatible alternative to Red Hat Enterprise Linux and CentOS Linux for both hybrid and multi-cloud environments.Since 2006, Oracle Linux has been completely free to download and use. Source code, binaries and updates are provided free of charge. It is freely redistributable. Free for use in production environments.今回は、最新のOracle Linux9.2(2023年5月リリース)で進めていきます。This time, we will proceed with the latest Oracle Linux 9.1.(May 2023 Release)1.Oracle Linux9.2 DownloadOracle Linux 9.2 installation image (OracleLinux-R9-U2-x86_64-dvd.iso ) can be downloaded from the following sitehttps://www.oracle.com/linux/
openSUSE_15.3_en

OpenSUSE15.3 ; Server Backup and Restore

1. Server Backup1.1 Backup under /srv/www/①Create a backup script file# cd /srv/www/system/# vi backup_all.sh1.2. MySQL database backup①Create a backup script file# cd /srv/www/system# vi db_my_backup.shContents of db_my_backup.sh2.Restoring Data2.1 Restore the backup files under /srv/www/① Save the backup file used for the restore to the server's "/ (root)" directory.2.2 Restore MySQL data① Save the database backup file to a directory of your choice.、(In the example, the directory is "/srv/www/backup/db_bak".)Unzip the data
openSUSE_15.3_en

OpenSUSE15.3 ; Tripwire Chkrootkit Logwatch DiCE

1. Tripwire InstallTripwire is a host-based intrusion detection system (IDS) that monitors files and directories and notifies the user of any changes.1.1 Installation and configuration① Download and install2. Chkrootkit Install①Download and install chkrootkit3. Logwatch Install① Install# zypper -n install logwatch② Edit the configuration file4. DiCE  InstallEvery time the global IP is changed, which happens when the Internet is disconnected or the router is disconnected and rebooted, the dynamic DNS must be accessed to notify the change in global IP.DiCE does that work for you automatically.
openSUSE_15.3_en

OpenSUSE15.3 : Let's Encrypt & Web Server SSL

1.Obtaining an SSL Certificate (Let's Encrypt)Pre-assignmentEnable mod_ssl# a2enmod ssl1.1 Install the certificate# zypper -n install certbot# certbot certonly --webroot -w /srv/www/htdocs/[Web site directory] -d  [Domain name]Saving debug log to /var/log/letsencrypt/letsencrypt.logPlugins selected: Authenticator webroot, Installer None# First time only, you need to register your email address and agree to the terms o
openSUSE_15.3_en

OpenSUSE15.3 : SNORT

1.SNORT InstallSnort is a network-type IDS (intrusion detection system). It captures packets flowing on the network and detects suspicious packets.The source file is used directly from https://snort.org/.1.1 advance preparationInstall the required libraries# zypper install wget bison flex libfl2 gcc libpcap-devel libpcap-devel-32bit libpcap1 automake libtool make glibc-devel-32bit zlib-devel zlib-devel-32bit libWN3 libdnet-devel libdnet1 efl efl-lang elua libXvMC1 libecore1 libector1 libedje1 libeet1 libpcrecpp0 libstdc++-devel libstdc++6-devel-gcc7 pcre-devel ethtool net-tools-deprecated net-tools net-tools-lang libopenssl-1_1-devel libtirpc-devel moonjit moonjit-devel1.2 SNORT and daq download and installation
openSUSE_15.3_en

OpenSUSE15.3 : Mysql & WordPress

1. Install Mysql8First, make sure the server is up to date.Update the server package# zypper ref# zypper up -y 1.2 Example of creating  Mysql8 database and userTry to create a user, password, and database for wordpress to install in the followingdatabase :  wp_dbuser : wp_userpassword : ?WHxx333Yo2. Install Wordpress2.1 Install required libraries# zypper install php-gd php-pdo php-mysql php-mbstr
openSUSE_15.3_en

OpenSUSE15.3 : Clamav (anti-virus) , Mail Server

1. Install clamav (anti-virus software)1.1 Install Clamav# zypper -n install clamav1.2 Virus definition file update①Virus definition file update setting# vi /etc/freshclam.conf■Line 71.Insert "#" at the beginning of the line "DatabaseMirror database.clamav.net".し、"DatabaseMirror db.jp.clamav.net" added.#DatabaseMirror database.clamav.netDatabaseMirror db.jp.clamav.net
openSUSE_15.3_en

OpenSUSE15.3 : Web server Apache Install

1. Install Web server Apache1.1Install apache2 ( httpd-2.4.43 )# zypper -n install apache21.2 Apache2 : Basic Configuration2. Apache2 : Use Perl scripts.Configure Perl scripts to be used as CGI2.1 Install Perl①Install# zypper -n install perl3. Apache2 : Virtual Host ConfigurationConfigure both domains sample1.korodes.com sample2.korodes.com to be displayed on a single server4. Apache2 : Use PHP scriptsInstall PHP and configure it so that PHP scripts can be used
openSUSE_15.3_en

OpenSUSE15.3 : FTP over SSL/TLS

1. vsftpd (FTP server installation)1.1 Install vsftpdIt is already installed when you install openSUSE.If it is not installed, you can install it with the following command# zypper -n install vsftpd1.2 Edit vsftpd configuration fileSave the unedited vsftpd.conf with .bak.
openSUSE_15.3_en

OpenSUSE15.3 : SSH connection with authentication using public key cryptography

Create a private key for the client and a public key for the server so that the client can log in using the key pair authentication.1.Key pair creationCreate a pair of public and private keys for the user who will connect to the Linux server using OpenSSH.To create a key pair, use ssh-keygen.The creation of a public/private key pair should be performed as a user with remote login privileges.If you do not specify the destination and file name, id_ecdsa and id_ecdsa.pub will be created in /home/(user name)/.ssh/.    On the way, you will also enter the password for the key.
openSUSE_15.3_en

OpenSUSE15.3 : Firewall , SSH、NTP

1.Setting up a remote connection using SSHSSH is a service to connect to a server remotely, basically running right after the OS installation, but the default settings are somewhat insecure.Configure settings to increase the security of ssh connections.1.1 Change the configuration file of SSH service.The configuration file for the SSH service is "/etc/ssh/sshd_config".
openSUSE_15.3_en

OpenSUSE15.3 : Initialization

1. Disable SELinuxSELinux is a feature that provides a highly secure system architecture that prevents the concentration of privileges on root.In openSUSE, it is disabled at the time of installation.To check# vi /etc/selinux/configSELINUX=disabled2. Use su commandNot required if you set the root password at the time of installation.If you don't want to set the root password, set it as followsAfter logging in as a general user