openSUSE15.4_en

Installation of open source integrated monitoring software "Zabbix" Zabbix is an open source integrated monitoring software for centralized monitoring of servers, networks and applications. It provides monitoring, fault detection and notification functions required for integrated monitoring. With Zabbix agent and SNMP support for many platforms, you can monitor your entire system with a single Zabbix. To run Zabbix, you need PHP programming language, MySQL/MariaDB as database server, and a web server such as Apache or Nginx. In this case, we will proceed on the assumption that all of the following conditions have already been configured. ・OS : OpenSUSE15.5 ・Web server : Apache2.4.51 ・PHP8.0.29 ・Database : MariaDB10.6 Please refer to the following to configure the above

1. Server Backup 1.1 Backup under /srv/www/ ①Create backup script file 1.2. MariaDB Database Backup ①Create backup script file 2.1 Restore backup files under www ① Save backup files used for restore to the "/ (root)" directory of the server 2.2 Restore MariaDB data ① Save the database backup file to any directory Extract data

1. Tripwire Tripwire is a host-based intrusion detection system (IDS) that monitors files and directories and notifies you when changes are made. 1.1 Install and configuration ① install 2. chkrootkit インストール Install a rootkit detection tool called chkrootkit to check whether a rootkit has been installed on the Linux server. ①chkrootkit download,install 3. Logwatch logwatch is a software program that automatically analyzes logs and reports the results to support operations.

Create a private key for the client and a public key for the server to allow login with key pair authentication 1.key pair creation Create a public/private key pair for a user connecting to the Linux server using OpenSSH. Use ssh-keygen to create key pairs. Creation of public/private key pairs is performed with remote login user privileges. If you do not specify the creation destination and file name, id_ecdsa and id_ecdsa.pub will be created in /home/(user name)/.ssh/. On the way, also enter the password for the key.

1. clamav ( anti-virus software ) 1.1 Clamav install 2.  Mail server Install 2.1 Postfix install ①Install Postfix and build an SMTP server 3. Mail Server: Postfix + Clamav + Amavisd Set up Postfix and Clamav to work together to scan incoming and outgoing mail in real time. 4.virus scan script substitution Set up a notification to a specified e-mail address after virus check scan.

OpenSUSE is a Linux distribution that is community-based, free to the public, and active in adopting the latest technologies. It is sponsored by Novell and developed by the community. Originally, SUSE Linux was developed by SUSE, but after the acquisition of SUSE by Novell in 2003, Novell shifted the development structure to community-based by the OpenSUSE project as a distribution aiming for 100% open source, and changed the name from SUSE Linux to OpenSUSE Linux The name was changed to the current name. openSUSE is available as Leap, the stable version, and Tumbleweed, which uses a rolling-release model and is also the basis for the paid-for version of SUSE Linux Enterprise. The openSUSE project announced the official release of "openSUSE Leap 15.4" on June 8, 2022. This is the fourth point release of the community version of the "openSUSE 15" series, built from the same source code and the same binary packages as the enterprise version "SUSE Linux Enterprise 15 SP4".

1. su コマンド利用 Not required if root password is set at the time of installation If you set a root password, set it as follows Log in as a general user 2. Modernize the system To modernize the system, enter the following command

1.Setting up remote connection by SSH SSH is a service for connecting remotely to a server and is basically running immediately after the OS is installed, but the default settings are somewhat insecure. Here we will configure the default settings to increase the security of ssh connections. 2.How to set up a firewall (firewalld) In openSUSE, the firewall is set to firewalld by default and is enabled during OS installation. To briefly explain firewalld, when setting up a communication control policy, communication permission/blocking rules are applied to predefined zones, and the zones are assigned to each NIC (network adapter).

1. vsftpd 1.1 vsftpd Install It is already installed at the time of openSUSE installation. If not, you can install it with the following command 2. vsftpd SSL/TLS Configure Vsftpd to use SSL/TLS 2.1 Create self-signed certificates This work is not required if you are using a trusted, legitimate certificate such as Let's Encrypt.

1. Web Server (Apache) 1.1 apache2 Install # zypper -n install apache2 1.2 Apache2 : Basic Settings 2. Apache2 : Using Perl Scripts Configure Perl scripts to be used as CGI 3. Apache2 : Virtual Host Settings Configure both domains sample1.korodes.com sample2.korodes.com to be displayed on one server # cd /srv/www/htdocs/ Create a directory named sample1.korodes.com under /srv/www/htdocs/ 4. Apache2 : Using PHP Scripts Install and configure PHP so that PHP scripts are available

1. MariaDB Update the server package # zypper ref # zypper up -y 1.1 MariaDB  install ①install 1.2 phpMyAdmin Install Installed phpMyAdmin and configured it to operate MariaDB via web browser 1.3 MariaDB Example of database and user creation I'll create a user, password, and database for wordpress to install next. 2. Wordpress Install 2.1 Required library installation # zypper install php-gd php-pdo php-mysql php-mbstring php-simplexml php-curl apache2-mod_php7 2.2 Wordpress Download and Installation

1.SNORT install Snort is a network-based IDS (Intrusion Detection System). It captures packets flowing over a network and detects suspicious packets. The source file is used directly from https://snort.org/. 1.1 Advance preparation Install required libraries

1.Obtain an SSL Certificate (Let's Encrypt) Preparation Enable mod_ssl # a2enmod ssl 1.1 Certificate Installation # zypper -n install certbot # certbot certonly --webroot -w /srv/www/htdocs/[Website Public Directory] -d 2. Web server SSL conversion 2.1 SSL Configuration # a2enmod ssl # a2enmod -l actions alias auth_basic authn_core authn_file authz_host authz_groupfile authz_