nuy

1.Obtain SSL Certificate ( Let's Encrypt )Install the latest open ssl# dnf install openssl-devel1.1 Certificate Installation2. Apache SSLInstall the following just in case# dnf -y install mod_ssl2.1 Edit ssl.conf file3. Mail SSL/TLS(Let's Encrypt)3.1 Obtaining a certificate for the mail serverObtain a certificate for the mail server, but it cannot be obtained in the same way as above, so the following with the "--standalone" option fails.

Install Mysql8＃dnf module -y install mysql:8.0＃vi /etc/my.cnf.d/charset.cnfCreate a new charset.cnf with the following contentsInstall WordPress1. Create database for Word PressAs an example, assume database [wp_db] database user [wp_user] password [?W123456]

Install SNORT1.advance preparation①Add the CodeReady Red Hat repository and install the required software# dnf config-manager --set-enabled powertoolsInstall Tripwire1.Download and installation# cd /usr/local/src# wget https://rpmfind.net/linux/epel/8/Everything/x86_64/Packages/t/tripwire-2.4.3.7-5.el8.x86_64.rpmInstall Chkrootkit①Download and install chkrootkit# cd /usr/local/src# wget https://launchpad.net/chkrootkit/main/0.55/+d

Install Clamav ( anti-virus software )1.  Install2. Edit Cla...

1. Install Apache2  & Virtual Host1.1 Install Apache2①Install httpd# dnf -y install httpdVersion Check# httpd -vServer version: Apache/2.4.37 (rocky)Server built: May 10 2022 18:05:142. Use of CGI Scripts①Confirmation of CGI availability# grep -n "^ *ScriptAlias" /etc/httpd/conf/httpd.conf3. PHP installation and configuration1.Install PHP①install4. Digest authentication with Apache2Since Basic Authentication, a well-known authentication authorization method for http, sends authentication information in plain text, there is a risk of ID and password leakage if the packet is intercepted.On the other hand, Digest Authentication encrypts and transmits authentication information, so there is almost no risk of information leakage.

Install FTP Server1. Instaa  Vsftpd# dnf -y install vsftpd2.Vsftpd configuration

1. Setting up SSH remote connectionSSH is a service for connecting remotely to a server and is basically running immediately after the OS is installed, but the default settings are somewhat insecure.Here we will configure the default settings to increase the security of ssh connections.1.1 SSH service configuration file changes2. How to set up a firewall (firewalld)In Rocky, the firewall is set to firewalld by default and is enabled during OS installation.To briefly explain "firewalld," when setting communication control policies, communication permission/blocking rules are applied to predefined zones, and these zones are then assigned to each NIC (network adapter).4. NTP Server SettingsBuild an NTP server to synchronize the server time with Japan Standard Time

1. Disable SELinuxFirst, disable selinux. selinux is a feature that improves auditing and security in Linux, but when enabled, it places considerable restrictions on the behavior of services and on what can be configured. Therefore, it is basically disabled in many cases.

Rocky Linux 8.6 Install１．DownloadRocky Linux 8 installation image can be downloaded from the following sitehttps://rockylinux.org/download

1.Website data backup1-1.Backup under /var/www/html①Create backup script file# cd /var/www/system# vi backup_html.sh2.MySQL database backup①Create backup script file# cd /var/www/system# vi db_my_backup.sh3.Restore backup files under html①Store HTML backup files in "/ (root)" directory4.Restore Mysql backup file①Save the database backup file to any directory and（In the example, the directory is "/var/www/backup/db_bak".）Extracting data

1.Apache2 Install , Virtual Host Configuration1.1 Apache2 install①httpd install# dnf -y install httpd1.3 Virtual Host SettingsAssign and configure the domain name [rocky.korodes.com] to the document root [/var/www/html/rocky.korodes.com] directory for virtual host operation2. Use of CGI Scripts①CGI availability check3. PHP installation and configuration1.PHP8 Install4. Digest authentication with Apache2Since Basic Authentication, a well-known authentication authorization method for http, sends authentication information in plain text, there is a risk of ID and password leakage if the packet is intercepted.On the other hand, Digest Authentication encrypts and transmits authentication informa

1.Website data backup1-1.Backup under /var/www/html①Create backup script file# cd /var/www/system# vi backup_html.sh2.MySQL database backup①Create backup script file# cd /var/www/system# vi db_my_backup.sh3.Restore backup files under html①Store HTML backup files in "/ (root)" directory4.Restore Mysql backup file①Save the database backup file to any directory and（In the example, the directory is "/var/www/backup/db_bak".）Extracting data

1. Logwatch①Install# dnf install logwatch②Edit configuration file2. DiCEWhenever the global IP changes, which happens when the network is disconnected or the router is disconnected and rebooted, the dynamic DNS must be accessed to inform the user that the global IP has changed. DiCE does this automatically!3.Introduce disk usage check script3.1 Script Creation# cd /var/www/system# vi disk_capacity_check.sh

SuricataSURICATA IDS/IPS is an open source IDS that monitors communications on the network and detects suspicious traffic.The basic mechanism is signature-based, so it can detect predefined unauthorized communications. Suricata is also characterized by its ability to provide protection as well as detection.1.advance preparation①Activate the EPEL Repository# dnf -y install epel-releaseTripwire1.Download and installation# cd /usr/local/src# wget https://rpmfind.net/linux/epel/9/Everything/x86_64/Packages/t/tripwire-2.4.3.7-13.el9.x86_64.rpm# rpm -Uvh tripwire-2.4.3.7-13.el9.x86_64.rpmChkrootkit①Download and install chkrootkit# cd /usr/local/src# wget https://launchpad.net/chkrootkit/main/0.55/+download/chkrootkit-0.55.tar.gz# tar xvf chkrootkit-0.55.tar.gz

Mysql8 Install＃ dnf -y install mysql-servercharset.cnf   Create a new one with the following contentsWordPress Install1. Create database for Word PressAs an example, assume database [wp_db] database user [wp_user] password [?W123456]