openSUSE15.4_en

1. TripwireTripwire is a host-based intrusion detection system (IDS) that monitors files and directories and notifies you when changes are made.1.1 Install and configuration① install2. chkrootkit インストールInstall a rootkit detection tool called chkrootkit to check whether a rootkit has been installed on the Linux server.①chkrootkit download,install3. Logwatchlogwatch is a software program that automatically analyzes logs and reports the results to support operations.

1.SNORT installSnort is a network-based IDS (Intrusion Detection System). It captures packets flowing over a network and detects suspicious packets.The source file is used directly from https://snort.org/.1.1 Advance preparationInstall required libraries

1. MariaDBUpdate the server package# zypper ref# zypper up -y1.1 MariaDB  install①install1.2 phpMyAdmin InstallInstalled phpMyAdmin and configured it to operate MariaDB via web browser1.3 MariaDB Example of database and user creationI'll create a user, password, and database for wordpress to install next.2. Wordpress Install2.1 Required library installation# zypper install php-gd php-pdo php-mysql php-mbstring php-simplexml php-curl apache2-mod_php72.2 Wordpress Download and Installation

1. clamav ( anti-virus software )1.1 Clamav install2.  Mail server Install2.1 Postfix install①Install Postfix and build an SMTP server3. Mail Server: Postfix + Clamav + AmavisdSet up Postfix and Clamav to work together to scan incoming and outgoing mail in real time.4.virus scan script substitutionSet up a notification to a specified e-mail address after virus check scan.

1. Web Server (Apache)1.1 apache2 Install# zypper -n install apache21.2 Apache2 : Basic Settings2. Apache2 : Using Perl ScriptsConfigure Perl scripts to be used as CGI3. Apache2 : Virtual Host SettingsConfigure both domains sample1.korodes.com sample2.korodes.com to be displayed on one server# cd /srv/www/htdocs/Create a directory named sample1.korodes.com under /srv/www/htdocs/4. Apache2 : Using PHP ScriptsInstall and configure PHP so that PHP scripts are available

1. vsftpd1.1 vsftpd InstallIt is already installed at the time of openSUSE installation.If not, you can install it with the following command2. vsftpd SSL/TLSConfigure Vsftpd to use SSL/TLS2.1 Create self-signed certificatesThis work is not required if you are using a trusted, legitimate certificate such as Let's Encrypt.

Create a private key for the client and a public key for the server to allow login with key pair authentication1.key pair creationCreate a public/private key pair for a user connecting to the Linux server using OpenSSH.Use ssh-keygen to create key pairs.Creation of public/private key pairs is performed with remote login user privileges.If you do not specify the creation destination and file name, id_ecdsa and id_ecdsa.pub will be created in /home/(user name)/.ssh/.On the way, also enter the password for the key.

1.Setting up remote connection by SSHSSH is a service for connecting remotely to a server and is basically running immediately after the OS is installed, but the default settings are somewhat insecure.Here we will configure the default settings to increase the security of ssh connections.2.How to set up a firewall (firewalld)In openSUSE, the firewall is set to firewalld by default and is enabled during OS installation.To briefly explain firewalld, when setting up a communication control policy, communication permission/blocking rules are applied to predefined zones, and the zones are assigned to each NIC (network adapter).

OpenSUSE is a Linux distribution that is community-based, free to the public, and active in adopting the latest technologies. It is sponsored by Novell and developed by the community. Originally, SUSE Linux was developed by SUSE, but after the acquisition of SUSE by Novell in 2003, Novell shifted the development structure to community-based by the OpenSUSE project as a distribution aiming for 100% open source, and changed the name from SUSE Linux to OpenSUSE Linux The name was changed to the current name.openSUSE is available as Leap, the stable version, and Tumbleweed, which uses a rolling-release model and is also the basis for the paid-for version of SUSE Linux Enterprise.The openSUSE project announced the official release of "openSUSE Leap 15.4" on June 8, 2022.This is the fourth point release of the community version of the "openSUSE 15" series, built from the same source code and the same binary packages as the enterprise version "SUSE Linux Enterprise 15 SP4".

Installation of open source integrated monitoring software "Zabbix"Zabbix is an open source integrated monitoring software for centralized monitoring of servers, networks and applications. It provides monitoring, fault detection and notification functions required for integrated monitoring. With Zabbix agent and SNMP support for many platforms, you can monitor your entire system with a single Zabbix.To run Zabbix, you need PHP programming language, MySQL/MariaDB as database server, and a web server such as Apache or Nginx.In this case, we will proceed on the assumption that all of the following conditions have already been configured.・OS : OpenSUSE15.5・Web server : Apache2.4.51・PHP8.0.29・Database : MariaDB10.6Please refer to the following to configure the above

1. Server Backup1.1 Backup under /srv/www/①Create backup script file1.2. MariaDB Database Backup①Create backup script file2.1 Restore backup files under www① Save backup files used for restore to the "/ (root)" directory of the server2.2 Restore MariaDB data① Save the database backup file to any directoryExtract data

1.Obtain an SSL Certificate (Let's Encrypt)PreparationEnable mod_ssl# a2enmod ssl1.1 Certificate Installation# zypper -n install certbot# certbot certonly --webroot -w /srv/www/htdocs/[Website Public Directory] -d 2. Web server SSL conversion2.1 SSL Configuration# a2enmod ssl# a2enmod -lactions alias auth_basic authn_core authn_file authz_host authz_groupfile authz_

1. su コマンド利用Not required if root password is set at the time of installationIf you set a root password, set it as followsLog in as a general user2. Modernize the systemTo modernize the system, enter the following command