nuy

1.Website data backup1-1. Backup under /var/www/html①Creating backup script files# cd /var/www/system# vi backup_html.sh2.MySQL database backup①Creating backup script files# cd /var/www/system3.Restore backup files under html① Store HTML backup files in "/ (root)" directory4.Restoring Mysql Backup Files①Save the backup file to any directory（In the example, the directory is "/var/www/backup/db_bak".）Unzip data

1.Obtain SSL Certificate ( Let's Encrypt )Install the latest open ssl# dnf install openssl-devel1.1 Certificate Installation# dnf -y install certbot# certbot certonly --webroot -w /var/www/html/[FQDN] -d [FQDN]# Registration of e-mail address and agreement to terms of use are required for the first time only.# Specify an email address to receive2. Converting Apache to httpsInstall the following# dnf -y install mod_ssl2.1 Edit ssl.conf file3. SSL/TLS (Let's Encrypt) settings on the mail server3.1 Obtaining a certificate for the mail serverObtain a certificate for the mail server, but it cannot be obtained in the same way as above, so the following with the "--standalone" option fails.

SNORT2 InstallSnort is an open source network intrusion detection system capable of performing real-time traffic analysis and packet logging on IP networks.It can perform "protocol analysis," "content search," and "matching," and can be used to detect a variety of attacks, including "buffer overflows," "stealth port scans," "CGI attacks," "SMB probes," "OS fingerprinting attempts," "semantic URL attacks," and "server message block probes.

Install clamav ( anti-virus software )1.Clam AntiVirus InstallMail Server Installation1. Postfix Install1.1 Install Postfix and build an SMTP serverMail server : Postfix + Clamav + Amavisd + SpamAssassin1.Real-time scanning of e-mails①Install Amavisd and Clamav Server

1. Apache2 installation and virtual host configuration1.1 Apache2 Install①httpd Install# dnf -y install httpdVersion Check# httpd -vServer version: Apache/2.4.37 (Oracle Linux)Server built: Jun 22 2022 14:35:491.2 Apache Configuration①Edit httpd.conf file

SSH connection with authentication using RSA public key cryptography Creation of public and private key pairs Create a public/private key pair for a user connecting to a Linux server using OpenSSH.Use ssh-keygen to create the key pair.This time, we will create a key set using the RSA cipher used in the SSH protocol Version 2.Creation of public/private key pairs is performed with remote login user privileges (huong).If you do not specify the destination and file name, id_rsa and id_rsa.pub will be created in /home/huong/.ssh/. On the way, enter the password for the key.

1. Setting up remote connection by SSHSSH is a service for connecting remotely to a server and is basically running immediately after the OS is installed, but the default settings are somewhat insecure.Here we will configure the default settings to increase the security of ssh connections.1.1 SSH service configuration file changesModify the configuration file to change the SSH service settings.The SSH service configuration file is "/etc/ssh/sshd_config".

1. Install bash completion extension package# dnf -y install bash-completion# reboot2. Disable SELinuxFirst, disable selinux. selinux is a feature that improves auditing and security in Linux, but when enabled, it places considerable restrictions on the behavior of services and on what can be configured. Therefore, it is basically disabled in many cases.