業務用エアコン関連の技術情報、エラーコード、環境問題対策に関する別サイト「エアコンの安全な修理・適切なフロン回収」

nuy

fedora35_en

Fedora35 ; Let’s Encrypt , Apache Mail SSL

Obtain SSL Certificate (Let's Encrypt)Install the latest open ssl# dnf install openssl-devel1.Certificate Installation# dnf -y install certbot# certbot certonly --webroot -w /var/www/html/[domain name] -d [domain name]# Registration of e-mail address and agreement to terms of use are required for the first time only.# Specify an email address to receive
fedora35_en

Fedora35 : Mysql8 , WordPress

Mysql8 installation#dnf module -y install mysql:8.0#vi /etc/my.cnf.d/charset.cnfCreate a new charset.cnf with the following contents# Set default character encoding# To handle 4-byte characters such as pictographs, use [utf8mb4].[mysqld]character-set-server = utf8mb4[client]default-character-set = utf8mb4
fedora35_en

Fedora35 : SNORT , Tripwire

SNORT Installation1.advance preparation①Add the CodeReady Red Hat repository and install the required software# dnf -y install bison flex libpcap-devel pcre-devel openssl-devel libdnet-devel libtirpc-devel libtool nghttp2 libnghttp2-devel# mkdir /var/src②Installing DAQ# cd /var/src
fedora35_en

Fedora35 : Clam AntiVirus , Mail Server

Install Clamav ( anti-virus software )1.Install Clam AntiVirus# dnf -y install clamav clamd clamav-update2.Edit Clam AntiVirus configuration file# vi /etc/clamd.d/scan.conf●Line 14.# Default: disabledLogFile /var/log/clamd.scan ← Uncomment●Line 77.
fedora35_en

Fedora35 : WEB Server

Apache2 installation and virtual host configuration1.Apache2 installed①Install httpd# dnf -y install httpdVersion Check# httpd -vServer version: Apache/2.4.53 (Fedora Linux)Server built: Mar 17 2022 00:00:00
fedora35_en

Fedora35 : FTP Server(Vsftpd)

FTP Server Installation1. Vsftpd installation# dnf -y install vsftpd2.Vsftpd configurationSave the unedited vsftpd.conf with .bak# cp /etc/vsftpd/vsftpd.conf /home/huong/vsftpd.conf.bak①Edit configuration file# vi /etc/vsftpd/vsftpd.conf●Line 12: Anonymous login prohibited (confirmation)
fedora35_en

Fedora35 : Remote connection with SSH public key cryptography

SSH public key cipher settingCreate an SSH private key on Windows and an SSH public key on the server to allow login by key pair authentication.1.Create key pair with ECDSABecome an ordinary user and create a key pair in ECDSA# su – $ ssh-keygen -t ecdsaGenerating public/private ecdsa key pair.Enter file in which to save the key (/home/huong/.ssh/id_ecdsa):Created directory '/home/huong/.ssh'.Enter passphrase (empty for no passphrase):  ← Enter any password
fedora35_en

Fedora35 : SSH , Firewall

1.Remote connection by SSHSSH is a service for connecting remotely to a server, basically running immediately after OS installation, but the default settings are somewhat insecure.Configure the default settings to increase the security of ssh connections.1.1 SSH service configuration file changesThe SSH service configuration file is "/etc/ssh/sshd_config".Open the configuration file in a vi editor.# vi /etc/ssh/sshd_config
fedora35_en

Fedora35 : Initialization

1. SELinux DisableFirst, disable selinux. selinux is a feature that improves auditing and security in Linux, but when enabled, it can limit the behavior of services and the configuration considerably.Therefore, it is basically invalidated in many cases.You can disable it by doing the following
Debian11.5_en

Debian11.5 ; logwatch , Disk Usage Check Script

1. Introduce disk usage check script1.1 Scripting# cd /opt/script/# vi disk_capacity_check.shContents of disk_capacity_check.shConfigured to notify when disk usage exceeds 80%.2. Log analysis tool logwatch installed2.1 logwatch Install# apt -y install logwatch2.2 Edit logwatch configuration file
Debian11.5_en

Debian11.5 ; Anti-virus(Clamav) 、Mail Server

1. Antivirus software Clamav installedInstall Clam AntiVirus, a free anti-virus software for Linux, as an anti-virus measure.By installing this anti-virus software, you can not only scan the entire server for viruses, but also scan incoming and outgoing mail for viruses if you build and configure a mail server.1.1 Install# apt install clamav clamav-daemon2. Mail server installationPostfix was developed as a Mail Transport Agent (MTA) to replace sendmail, and is a mail server that is highly compatible with sendmail, secure, easy to maintain, and fast.In addition, since Postfix only functions as an SMTP server for sending mail, the POP server Dovecot for receiving mail will be installed separately in the latter half.2.1 Postfix : Installation Configuration3 Applied ClamAV to mail server PostfixSet up Postfix and Clamav to work together to scan incoming and outgoing mail in real time.①Install Amavisd and Clamav Daemon and start Clamav Daemon
Debian11.5_en

Debian11.5 ; NTP ,FTP Server Installation

1. Install NTP server# apt -y install chrony# vi /etc/chrony/chrony.conf# Line 8.:Comment the default settings and add the NTP server for your time zone.#pool 2.debian.pool.ntp.org iburstpool ntp.nict.jp iburst# Add to the last line (Range for which time synchronization is allowed)allow 192.168.11.0/242. Install FTP Server2.1 Install Vsftpd# apt install vsftpdFTP Port21 allowed# ufw allow ftp# ufw reload
Debian11.5_en

Debian11.5 ; SSH , Firewall Setting

1. SSH Service Security SettingsThe SSH service allows the root user to log in by default, and since the root user already knows the user name and can log in to the server with administrative privileges once the password is known, we will deny this setting.2. Firewall SettingsSince Debian often uses software called "ufw" to configure firewalls, we will configure firewall settings using ufw.Since ufw is not installed when the OS is installed, the ufw package must be installed prior to configuration. The following is a procedure to configure minimal filter settings after installation.Filter rules to be set in ufw• All packets forwarded to the server are rejected• All packets sent from the server to the outside are allowed• The first port to allow is the port for SSH• Limit packets coming into the server
Debian11.3_en

Debian11.3 : System Backup and Restore

1.1 Backup under /var/www/html① Create backup_all.sh script under /opt# vi /opt/backup_all.shbackup_all.sh script contents1.2 Mysql database backup①Create db_backup.sh script under /opt# vi /opt/db_backup.shdb_backup.sh script contents2.1 Restore backup files under HTML① Store HTML backup files used for backup in the "/ (root)" directorySelect the backup file with the latest timestamp (e.g. www_back_20220501.tar.gz)2.2 Restore MySQL database①Save DB backup file to any directory and extract data# cd /var/www/backup/db_bak
Debian11.3_en

Debian11.3 : Disk Usage Check、Logwatch

1. Introduce disk usage check script1.1 Scripting# cd /opt/script/# vi disk_capacity_check.shContents of disk_capacity_check.sh#!/bin/bash#Email Address for NotificationMAIL=" "2. Log analysis tool logwatch installed2.1 Install logwatch# apt -y install logwatch2.2 Edit logwatch configuration file①Copy the default configuration file