nuy

What is Icinga2?It is an open source software for system monitoring, derived and developed from a monitoring software called Nagios.In this article, we will install the Icinga2 monitoring application on OracleLinux8.x with RHEL8.The same can be done on Rocky Linux8.x and AlmaLinux8.x.However, please note that some information related to PowerTools is different from the information on this page.1.Prerequisite.The requirement for installing Icinga2 is that you must have LAMP installed. PHP 7.3 or later version is also required.In this case, it is assumed that the following have been builtMySQL 　　Ver 8.0.32PHP　　　　7.4.33Httpd　　　Apache/2.4.37 SELINUX   permissive

1.Website data backup1-1. Backup under /var/www/html①Creating backup script files# cd /var/www/system# vi backup_html.sh2.MySQL database backup①Creating backup script files# cd /var/www/system3.Restore backup files under html① Store HTML backup files in "/ (root)" directory4.Restoring Mysql Backup Files①Save the backup file to any directory（In the example, the directory is "/var/www/backup/db_bak".）Unzip data

1.Obtain SSL Certificate ( Let's Encrypt )Install the latest open ssl# dnf install openssl-devel1.1 Certificate Installation# dnf -y install certbot# certbot certonly --webroot -w /var/www/html/[FQDN] -d [FQDN]# Registration of e-mail address and agreement to terms of use are required for the first time only.# Specify an email address to receive2. Converting Apache to httpsInstall the following# dnf -y install mod_ssl2.1 Edit ssl.conf file3. SSL/TLS (Let's Encrypt) settings on the mail server3.1 Obtaining a certificate for the mail serverObtain a certificate for the mail server, but it cannot be obtained in the same way as above, so the following with the "--standalone" option fails.

SNORT2 InstallSnort is an open source network intrusion detection system capable of performing real-time traffic analysis and packet logging on IP networks.It can perform "protocol analysis," "content search," and "matching," and can be used to detect a variety of attacks, including "buffer overflows," "stealth port scans," "CGI attacks," "SMB probes," "OS fingerprinting attempts," "semantic URL attacks," and "server message block probes.

Install clamav ( anti-virus software )1.Clam AntiVirus InstallMail Server Installation1. Postfix Install1.1 Install Postfix and build an SMTP serverMail server : Postfix + Clamav + Amavisd + SpamAssassin1.Real-time scanning of e-mails①Install Amavisd and Clamav Server

1. Apache2 installation and virtual host configuration1.1 Apache2 Install①httpd Install# dnf -y install httpdVersion Check# httpd -vServer version: Apache/2.4.37 (Oracle Linux)Server built: Jun 22 2022 14:35:491.2 Apache Configuration①Edit httpd.conf file

SSH connection with authentication using RSA public key cryptography Creation of public and private key pairs Create a public/private key pair for a user connecting to a Linux server using OpenSSH.Use ssh-keygen to create the key pair.This time, we will create a key set using the RSA cipher used in the SSH protocol Version 2.Creation of public/private key pairs is performed with remote login user privileges (huong).If you do not specify the destination and file name, id_rsa and id_rsa.pub will be created in /home/huong/.ssh/. On the way, enter the password for the key.

1. Setting up remote connection by SSHSSH is a service for connecting remotely to a server and is basically running immediately after the OS is installed, but the default settings are somewhat insecure.Here we will configure the default settings to increase the security of ssh connections.1.1 SSH service configuration file changesModify the configuration file to change the SSH service settings.The SSH service configuration file is "/etc/ssh/sshd_config".

1. Install bash completion extension package# dnf -y install bash-completion# reboot2. Disable SELinuxFirst, disable selinux. selinux is a feature that improves auditing and security in Linux, but when enabled, it places considerable restrictions on the behavior of services and on what can be configured. Therefore, it is basically disabled in many cases.

OracleLinux8.6  InstallOracle Linux provides a 100% application binary compatible alternative to Red Hat Enterprise Linux and CentOS Linux for both hybrid and multi-cloud environments.Since 2006, Oracle Linux has been completely free to download and use. Source code, binaries and updates are provided free of charge. It is freely redistributable. Free for use in production environments.This time, we will proceed with Oracle Linux 8.6 because the latest Oracle Linux 9.0 does not yet have sufficient software.