nuy

1. MySQL 8 Install1. 1Install# apt -y install mysql-server1.2. MySQL Server Security SettingsRun the tool mysql_secure_installation to configure security-related settings for the MySQL server.Once executed, several security settings are initiated in the form of questions.First, you will be asked if you want to use a plugin for password validation as follows. Password validation is a way to check the strength of a user's password for MySQL and restrict it to only accepting passwords that are secure enough. For example, it must be at least as many characters long as the user's password and must contain at least one symbol and one number. You can set this requirement by asking the following questionsType y and press Enter if you like

1. Certificate Acquisition (Let's Encrypt)1.1 advance preparation①Enable mod_ssl# a2enmod ssl②Install client tool to obtain Let's Encrypt certificate# apt -y install certbot③Obtaining CertificatesIt is assumed that a web server such as Apache httpd or Nginx is running.If the Web server is not running on the server, perform step ④.It is also assumed that the server on which the work is to be performed (the server with the FQDN from which the certificate is to be obtained) is accessible from the Internet at port 80.

1.Introduced Clamav antivirus software1.1 Install# apt install clamav clamav-daemonThe clamav-related configuration files are installed in the /etc/clamav/ folder.1.2 Virus Definition Update# systemctl stop clamav-freshclam # freshclam

Apache2 installation.Allow http:80 port and https:443 port in UFW first.# ufw allow http# ufw allow https# ufw reload1 Install Apache2# apt -y install apache22 Apache2 Basic Settings

1. Install a time synchronization service NTP server# apt -y install chrony# vi /etc/chrony/chrony.conf# Lines 20-23.：Comment the default settings and add the NTP server for your time zone.#pool ntp.ubuntu.com     iburst maxsources 4#pool 0.ubuntu.pool.ntp.org iburst maxsources 1#pool 1.ubuntu.pool.ntp.org iburst maxsources 1#pool 2.ubuntu.pool.ntp.org iburst maxsources 2

SSH connection with authentication using RSA public key cryptographyCreation of public and private key pairsCreate a public/private key pair for a user connecting to a Linux server using OpenSSH.Use ssh-keygen to create key pairs.This time, we will create a key set using the RSA cipher used in the SSH protocol Version 2.Creation of public/private key pairs is performed with remote login user privileges (huong).If you do not specify the destination and file name, id_rsa and id_rsa.pub will be created in /home/huong/.ssh/. On the way, enter the password for the key.

1. SSH Service Security SettingsThe SSH service allows root user login by default.The root user can log in to the server with administrator privileges if the password is known because the user name is already known.1.1 Creating a General UserIf you have created a general user when installing Ubuntu 22, this procedure is not necessary.If the only user created on the server is root, remote login via SSH will not be possible, so if a user has not been created during OS installation, a user must be created in advance.

1. Set root password and use SU commandThe root user is unavailable in the default Ubuntu configuration because no password is set.Setting a password for the root user allows transitions using the conventional [su] command.$ sudo passwd root[sudo] password for ← Current user's passwordEnter new UNIX password: ← Enter the root user password to be setRetype new UNIX password: ← Re-entry force

1. System Backup1.1 Backup under /var/www/html①Create /var/www/system directory1.2 MariaDB database backup①Create db_backup.sh script under /var/www/system2. System Restore2.1 Restore backup files under HTML①Store HTML backup files used for backup in the "/ (root)" directorySelect the backup file with the latest timestamp(Example: www_back_20231009.tar.gz)2.2 Restore MariaDB database①Save DB backup file to any directory and decompress data

1. Introduce disk usage check script1.1 Script Creation2. Log analysis tool Logwatch installed2.1 Install logwatch

1.SNORT2 InstallSnort is an open source network intrusion detection system that can perform real-time traffic analysis and packet logging on IP networks.It can perform "protocol analysis," "content search," and "matching," and can be used to detect a variety of attacks, including buffer overflows, stealth port scans, CGI attacks, SMB probes, OS fingerprinting attempts, semantic URL attacks, and server message block probes. The SNORT3 can be used to detect a wide variety of attacks, includingTo install SNORT3, see2.Tripwire InstallImplement a system to detect file tampering on Linux servers by crackers.This time, Tripwire, a host-based IDS (IDS=Intrusion Detection System), will be installed as the file tampering detection system.Tripwire detects file additions/changes/deletions by creating a database of file status at the time of installation and comparing the database with the current status of the file.

Snort3 InstallThe default universe repository for Ubuntu22.04,23.04 is snort2.9 as shown below, so build, compile and install Snort3 from the source code

1. MariaDB Install1. 1Install1.2. MariaDB Server Security SettingsRun the tool mysql_secure_installation to configure security-related settings for the MariaDB server.Once executed, the tool will start several security settings in the form of questions. First, you will be asked if you want to use a plugin for password validation, as shown below.Password validation is a plugin that checks the strength of a user's password for MariaDB and restricts it to accepting only passwords that are secure enough. For example, it must be at least as many characters long as the user's password and must contain at least one symbol and one number. You can set this requirement by asking the following questionType y and press Enter if you like2.WordPress Install2.1 Create database

1.Obtain a certificate (Let's Encrypt)1.1 advance preparation1.Enable mod_ssl2.Package management system Snappy installedLet's Encrypt's SSL certificate issuing tool "certbot" is recommended to be installed using "snap" after 2021, so install Snapd first. (It can also be installed using the conventional method with dnf or yum)1.3 Obtain a Let's Encrypt CertificateIt is assumed that a web server such as Apache httpd or Nginx is running.If the web server is not running on the server where the work is to be performed, follow the procedure below under "Obtaining a Let's Encrypt certificate when the web server is not running".It is also assumed that the server on which the work is to be performed (the server with the FQDN of the server from which you want to obtain the certificate) is accessible from the Internet at port 80.2. SSL/TLS (Let's Encrypt) configuration for Apache2①Edit Apache2 SSL-related configuration files3. SSL/TLS (Let's Encrypt) settings on the mail server3.1 Obtaining a certificate for the mail serverObtain a certificate for the mail server, but it cannot be obtained in the same way as above, so the following with the "--standalone" option fails.

1.Anti-virus software Clamav installed1.1 Install# apt install clamav clamav-daemonThe clamav-related configuration files are installed in the "/etc/clamav/" folder.2. Email software installation2.1 Postfix : Installation/ConfigurationInstall Postfix and build an SMTP server. 25/TCP is used for SMTP.To prevent unauthorized mail relay, use the SASL function of Dovecot (see below), and configure Postfix so that authentication is required even for outgoing mail.2.2 Dovecot : Installation/ConfigurationInstall Dovecot and build a POP/IMAP server, using 110/TCP for POP and 143/TCP for IMAP2.7 Applied ClamAV to mail server PostfixSet up Postfix and Clamav to work together to scan incoming and outgoing mail in real time.①Install Amavisd and Clamav Daemon and start Clamav Daemon2.7 Applied ClamAV to mail server PostfixSet up Postfix and Clamav to work together to scan incoming and outgoing mail in real time.①Install Amavisd and Clamav Daemon and start Clamav Daemon2.7 Applied ClamAV to mail server PostfixSet up Postfix and Clamav to work together to scan incoming and outgoing mail in real time.①Install Amavisd and Clamav Daemon and start Clamav Daemon2.8Applied spamassassin to mail server Postfix2.5.1 spamassassin install①Install