Ubuntu24.04_en

1. Obtain a certificate(Let's Encrypt)1.1 advance preparation1.Enable mod_ssl# a2enmod ssl2.Package management system Snappy installedLet's Encrypt's SSL certificate issuing tool "certbot" is recommended to be installed using "snap" after 2021, so install Snapd first.2. SSL/TLS (Let's Encrypt) configuration for Apache2①Edit Apache2 SSL-related configuration fileshoge.com-ssl in hoge.com-ssl.conf is an arbitrary name3. SSL/TLS (Let's Encrypt) settings on the mail server3.1 Obtaining a certificate for the mail serverObtain a certificate for the mail server, but it cannot be obtained in the same way as above, so the following with the "--standalone" option fails.

Ubuntu Server 24.04 Download Installation ImageThe installation media for Ubuntu Server can be downloaded from the official site on the Internet. As long as you have a fast connection, you can download the OS itself in about 2 to 3 minutes. You will need to create an installation CD/DVD from the downloaded iso file. (approx. 2.7G)The iso file itself can be used for installation on a virtual machine using Vmware or other software.The iso file can be downloaded from the "Official Ubuntu Download Site".Ubuntu 24.04 (released on April 25, 2024) is supported until April 2029, so it is safer to install the LTS version of Ubuntu 24.04 in the production environment.

1. Set root password and use SU commandIn the default configuration of Ubuntu, the root user is unavailable because no password has been set.By setting a password for the root user, transitions using the traditional [su] command will be possible.3. Make locate command availableThe find command is often used to search for specific files throughout the Linux system, but find is somewhat confusing in terms of specifying options.The locate command can extract all files with a specified filename.4. vim editor settingsUbuntu has vim installed by default4.1 Change vim settingsThere may be cases where you do not want to allow vim settings for all users. In such cases, a ".vimrc" file can be created in each user's home directory to change the vim environment for each user.In this case, we will create a ".vimrc" file in the root user's home directory "/root/" and apply it to all users.

1. SSH Service Security SettingsThe SSH service allows the root user to log in by default, and since the root user already knows the user name and can log in to the server with administrative privileges once the password is known, we will deny this setting.1.1 Creating a General UserIf you have created a general user when installing Ubuntu 24.04, this procedure is not necessary.If you have already created a user at the time of OS installation, this procedure is not necessary. If you have already created a user during OS installation, this procedure is not necessary.If you have already created a user during OS installation, this procedure is not necessary. The "-m" option creates a home directory and the "-p" option specifies the password.For example, to set "ubuntuuser" as the user account name and "123456" as the password, execute as follows

SSH connection with authentication using public key cryptography Creation of public and private key pairsCreate a public/private key pair for a user connecting to the Linux server using OpenSSH.Use ssh-keygen to create key pairs.Creation of public/private key pairs is performed with remote login user privileges。If you do not specify the destination and file name, id_ed25519 and id_ed25519.pub will be created in /home/(user name)/.ssh/. On the way, enter the password for the key.

1.Install NTP server2. Install FTP server vsftpd2.1Installation and configuration①Install2.2 Vsftpd Over SSL/TLS①Create a self-signed certificate.If you are using a trusted, legitimate certificate such as Let's Encrypt, you do not need to do this work.3. File server installation with SambaBuild a file server with access rights that requires user authentication with Samba.Installation Procedure(1) Create a shared folder with access rights that requires user authentication.(2) Create a group with access rights(3)Create users belonging to groups that can be accessed(4)Edit configuration file

Apache2 InstallAllow http:80 port and https:443 port in UFW first.3 Apache2 : Using Perl ScriptsEnable CGI to make Perl scripts available①Perl Install4 Apache2 : Using PHP Scripts①PHP Install5 Apache2 : Virtual Host Settings①Copy the default configuration file (file name is arbitrary, in this case vhost-yourdomain.conf as an example) and configure the virtual host6. Digest authentication with Apache2Since Basic Authentication, a well-known authentication authentication method for http, transmits authentication information in plain text, there is a risk of ID and password leakage if the packet is intercepted.On the other hand, Digest Authentication encrypts the authentication information and sends it in encrypted form, so there is almost no risk of information leakage.

1.Anti-virus software Clamav installed1.1 InstallThe clamav-...

1. MariaDB Install1. 1Install1.2. MariaDB Server Security SettingsRun the tool mysql_secure_installation to configure security-related settings for the MariaDB server.Once executed, the tool will start several security settings in the form of questions. First, you will be asked if you want to use a plugin for password validation, as shown below.Password validation is a plugin that checks the strength of a user's password for MariaDB and restricts it to accepting only passwords that are secure enough. For example, it must be at least as many characters long as the user's password and must contain at least one symbol and one number. You can set this requirement by asking the following questionType y and press Enter if you like2.WordPress Install2.1 Create database

TripwireImplement a system to detect file tampering on Linux servers by crackers.This time, Tripwire, a host-based IDS (IDS=Intrusion Detection System), will be installed as the file tampering detection system.Tripwire detects file additions/changes/deletions by creating a database of file status at the time of installation and comparing the database with the current status of the file.1. Installation and configuration.Introduce disk usage check script1. Script CreationLog analysis tool Logwatch installed1.  Install logwatch

1. System Backup1.1 Backup under /var/www/html①Create /var/www/system directory1.2 MariaDB database backup①Create db_backup.sh script under /var/www/system2. System Restore2.1 Restore backup files under HTML①Store HTML backup files used for backup in the "/ (root)" directorySelect the backup file with the latest timestamp(Example: www_back_20231009.tar.gz)2.2 Restore MariaDB database①Save DB backup file to any directory and decompress data

SuricataSURICATA IDS/IPS is an open source IDS that monitors communications on the network and detects suspicious traffic. Its basic mechanism is signature-based, so it can detect predefined unauthorized communications. Suricata is also characterized by its ability to provide protection as well as detection.1.Suricata Install①Install required packagesSnort31.Install required packages# apt install build-essential libpcap-dev libpcre3-dev libnet1-dev zlib1g-dev luajit hwloc libdumbnet-dev bison flex liblzma-dev openssl libssl-dev pkg-config libhwloc-dev cmake cpputest libsqlite3-dev uuid-dev libcmocka-dev libnetfilter-queue-dev libmnl-dev autotools-dev libluajit-5.1-dev libunwind-dev libfl-dev -y2. Install DAQ library