Almalinux8.6 Building a server

AlmaLinux 8.6  Install AlmaLinux OS is a project launched by CloudLinux in the US as an alternative to CentOS. Currently, the AlmaLinux OS Foundation is the development parent organization. AlmaLinux OS 8.6 is a Linux distribution compatible with "Red Hat Enterprise Linux 8"

1. Apache2 installation and virtual host configuration 1.1 Apache2 Install ①httpd install # dnf -y install httpd # httpd -v Server version: Apache/2.4.37 (AlmaLinux) 1.3 Virtual Host Settings Assign and configure the FQDN [alma.korodes.com] to be operated by the virtual host in the document root [/var/www/html/alam.korodes.com] directory

FTP Server Installation 1. Vsftpd Install # dnf -y install vsftpd 2.Vsftpd configuration Save the unedited vsftpd.conf with .bak # cp /etc/vsftpd/vsftpd.conf /home/huong/vsftpd.conf.bak

SNORT2  Install 1. advance preparation ①Add the CodeReady Red Hat repository and install the required software # dnf config-manager --set-enabled powertools Tripwire  Install 1.Download and installation # cd /usr/local/src Chkrootkit  Install ①chkrootkit Download and Install # cd /usr/local/src

1. Logwatch Install ① Install # dnf install logwatch ② Edit configuration file 2. Introduce disk usage check script 2.1 Script Creation # cd /var/www/system # vi disk_capacity_check.sh

1. Obtain an SSL certificate ( Let's Encrypt ) Install the latest open ssl # dnf install openssl-devel 1.1 Certificate Installation # dnf -y install certbot 2. Converting Apache to https Install the following # dnf -y install mod_ssl 3. SSL/TLS (Let's Encrypt) settings on the mail server 3.1 Obtaining a certificate for the mail server Obtain a certificate for the mail server, but it cannot be obtained in the same way as above, so the following with the "--standalone" option fails.

SSH connection with authentication using RSA public key cryptography Creation of public and private key pairs Create a public/private key pair for a user connecting to a Linux server using OpenSSH. Use ssh-keygen to create the key pair. This time, we will create a key set using the RSA cipher used in the SSH protocol Version 2. The creation of a public/private key pair is performed with remote login user privileges (huong). If you do not specify the destination and file name, id_rsa and id_rsa.pub will be created in /home/huong/.ssh/. On the way, enter the password for the key.

1. SELinux Disable First, disable selinux. selinux is a feature that improves auditing and security in Linux, but when enabled, it can limit the behavior of services and the configuration considerably. Therefore, it is basically disabled in many cases. To disable SELinux, a reboot is required by adding selinux=0 to the kernel command line as follows 2. System Modernization Package updates are performed as soon as possible immediately after OS installation. However, when a dnf update is performed, a kernel update is also performed at the same time. A kernel update may require rebooting the system or stopping services, or worse, a kernel panic may occur and the system may not boot. It is wiser to exclude the kernel from the update.

1. Setting up SSH remote connection SSH is a service for connecting remotely to a server and is basically running immediately after the OS is installed, but the default settings are somewhat insecure. Here we will configure the default settings to increase the security of ssh connections. 2. How to set up a firewall (firewalld) In AlmaLinux, the firewall is set to firewalld by default and is enabled during OS installation. Briefly explaining "firewalld," when setting communication control policies, the method is to apply communication permission/blocking rules to predefined zones, and then assign those zones to each NIC (network adapter). 4. NTP Server Settings Synchronize server time with Japan Standard Time ① Chrony Installation and Configuration

Install clamav ( anti-virus software ) 1.Clam AntiVirus Install # dnf -y install clamav clamd clamav-update 2.Clam AntiVirus  Configuration File Editing Mail Server Installation 1.Postfix Installation 1.1 Install Install Postfix and build an SMTP server # dnf -y install postfix Mail Server : Postfix + Clamav + Amavisd+SpamAssassin 1.Real-time scanning of e-mails ①Amavisd & Clamav Server  Install

Mysql8  Install ＃ dnf module -y install mysql:8.0 ＃ vi /etc/my.cnf.d/charset.cnf charset.cnf    Create a new one with the following contents WordPress  Install 1. Create a database for WordPress As an example, assume database [wp_db] database user [wp_user] password [?W123456] # mysql -u root -p

1. Website data backup 1-1. Backup under /var/www/html ①Create backup script file # cd /var/www/system # vi backup_html.sh 2. MySQL database backup ①Creating backup script files # cd /var/www/system 3.Restore backup files under html ① Store HTML backup files in "/" (root) directory # cd /var/www/backup/html_bak 4. Restore Mysql Backup Files ①Save the database backup file to any directory （In the example, the directory is "/var/www/backup/db_bak".） Unzip data