Almalinux8.6 Building a server

AlmaLinux 8.6  InstallAlmaLinux OS is a project launched by CloudLinux in the US as an alternative to CentOS.Currently, the AlmaLinux OS Foundation is the development parent organization.AlmaLinux OS 8.6 is a Linux distribution compatible with "Red Hat Enterprise Linux 8"

1. Apache2 installation and virtual host configuration1.1 Apache2 Install①httpd install# dnf -y install httpd# httpd -vServer version: Apache/2.4.37 (AlmaLinux)1.3 Virtual Host SettingsAssign and configure the FQDN [alma.korodes.com] to be operated by the virtual host in the document root [/var/www/html/alam.korodes.com] directory

FTP Server Installation1. Vsftpd Install# dnf -y install vsftpd2.Vsftpd configurationSave the unedited vsftpd.conf with .bak# cp /etc/vsftpd/vsftpd.conf /home/huong/vsftpd.conf.bak

SNORT2  Install1. advance preparation①Add the CodeReady Red Hat repository and install the required software# dnf config-manager --set-enabled powertoolsTripwire  Install1.Download and installation# cd /usr/local/srcChkrootkit  Install①chkrootkit Download and Install# cd /usr/local/src

1. Logwatch Install① Install# dnf install logwatch② Edit configuration file2. Introduce disk usage check script2.1 Script Creation# cd /var/www/system# vi disk_capacity_check.sh

1. Obtain an SSL certificate ( Let's Encrypt )Install the latest open ssl# dnf install openssl-devel1.1 Certificate Installation# dnf -y install certbot2. Converting Apache to httpsInstall the following# dnf -y install mod_ssl3. SSL/TLS (Let's Encrypt) settings on the mail server3.1 Obtaining a certificate for the mail serverObtain a certificate for the mail server, but it cannot be obtained in the same way as above, so the following with the "--standalone" option fails.

SSH connection with authentication using RSA public key cryptographyCreation of public and private key pairsCreate a public/private key pair for a user connecting to a Linux server using OpenSSH.Use ssh-keygen to create the key pair.This time, we will create a key set using the RSA cipher used in the SSH protocol Version 2.The creation of a public/private key pair is performed with remote login user privileges (huong).If you do not specify the destination and file name, id_rsa and id_rsa.pub will be created in /home/huong/.ssh/. On the way, enter the password for the key.

1. SELinux DisableFirst, disable selinux. selinux is a feature that improves auditing and security in Linux, but when enabled, it can limit the behavior of services and the configuration considerably.Therefore, it is basically disabled in many cases.To disable SELinux, a reboot is required by adding selinux=0 to the kernel command line as follows2. System ModernizationPackage updates are performed as soon as possible immediately after OS installation.However, when a dnf update is performed, a kernel update is also performed at the same time.A kernel update may require rebooting the system or stopping services, or worse, a kernel panic may occur and the system may not boot. It is wiser to exclude the kernel from the update.

1. Setting up SSH remote connectionSSH is a service for connecting remotely to a server and is basically running immediately after the OS is installed, but the default settings are somewhat insecure.Here we will configure the default settings to increase the security of ssh connections.2. How to set up a firewall (firewalld)In AlmaLinux, the firewall is set to firewalld by default and is enabled during OS installation.Briefly explaining "firewalld," when setting communication control policies, the method is to apply communication permission/blocking rules to predefined zones, and then assign those zones to each NIC (network adapter).4. NTP Server SettingsSynchronize server time with Japan Standard Time① Chrony Installation and Configuration

Install clamav ( anti-virus software )1.Clam AntiVirus Install# dnf -y install clamav clamd clamav-update2.Clam AntiVirus  Configuration File EditingMail Server Installation1.Postfix Installation1.1 InstallInstall Postfix and build an SMTP server# dnf -y install postfixMail Server : Postfix + Clamav + Amavisd+SpamAssassin1.Real-time scanning of e-mails①Amavisd & Clamav Server  Install

Mysql8  Install＃ dnf module -y install mysql:8.0＃ vi /etc/my.cnf.d/charset.cnfcharset.cnf    Create a new one with the following contentsWordPress  Install1. Create a database for WordPressAs an example, assume database [wp_db] database user [wp_user] password [?W123456]# mysql -u root -p

1. Website data backup1-1. Backup under /var/www/html①Create backup script file# cd /var/www/system# vi backup_html.sh2. MySQL database backup①Creating backup script files# cd /var/www/system3.Restore backup files under html① Store HTML backup files in "/" (root) directory# cd /var/www/backup/html_bak4. Restore Mysql Backup Files①Save the database backup file to any directory（In the example, the directory is "/var/www/backup/db_bak".）Unzip data