Category Archives: Linux

Ubuntu 24.04 for Veeam Hardened Repository – 2. Configuration

ดูวิธีติดตั้ง Ubuntu ที่นี่

sudo -s
apt update && sudo apt upgrade
apt install nano

********จด PASSWORD ที่ใส่ตรงนี้เอาไว้ถ้าลืมจะเข้า Root Recovery Mode ไม่ได้*********

root@xfs:/home/trac# grub-mkpasswd-pbkdf2
Enter password: 
Reenter password: 
PBKDF2 hash of your password is grub.pbkdf2.sha512.10000.6A3D605329C75C953013AF024D3F3D91A5FE8354B868E6B9C2292FD3569CA25C2BFA4F2DD834573F350CCAE58D5A1DD62D643FABD1A82805DFBB76BE57D72C95.AD10869820BE431B1A933D4A22E502430EB67C4ADA401ACCBCB9C65A6180589C1E7DA03EDE8DDF9C9FB6EB22EC81C8F50E0313DD35E884B4CB75831598FE50CF
root@xfs:/home/trac#

nano /etc/grub.d/40_custom
add password to line password_pbkdf2 root

set superusers="root"
password_pbkdf2 root grub.pbkdf2.sha512.10000.6A3D605329C75C953[…]

nano /etc/grub.d/10_linux
add the –unrestricted parameter to the CLASS variable

CLASS="--class gnu-linux --class gnu --class os --unrestricted"

update-grub
timedatectl
timedatectl set-timezone Asia/Bangkok
useradd veeamuser –create-home -s /bin/bash
passwd veeamuser
usermod -a -G sudo veeamuser
df -Th
chown -R veeamuser:veeamuser /Backup/
chmod 700 /Backup/
ll /Backup

Add Repository to VEEAM

Back to Ubuntu

**********หลังจากขั้นตอนนี้จะ SSH ไปที่เครื่องนี้ไม่ได้ ต้องเข้าผ่านหน้าเครื่อง แนะนำให้ถอดสาย iLO เพื่อความปลอดภัย**********

deluser veeamuser sudo
systemctl disable ssh.service
systemctl stop ssh.service ssh.socket

PostgreSQL Install With SSL Connection

Install PostgreSQL
https://www.cherryservers.com/blog/how-to-configure-ssl-on-postgresql

dnf update
dnf module list postgresql
dnf install https://download.postgresql.org/pub/repos/yum/reporpms/EL-8-x86_64/pgdg-redhat-repo-latest.noarch.rpm
dnf -qy module disable postgresql
dnf install postgresql14 postgresql14-server -y
/usr/pgsql-14/bin/postgresql-14-setup initdb
systemctl start postgresql-14
systemctl enable postgresql-14
systemctl status postgresql-14
ss -pnltu | grep 5432
sudo su
su – postgres
psql
ALTER USER postgres WITH PASSWORD ‘YOUR@PASSWORD’
\q
exit

certificate

cd /var/lib/pgsql/14/data
openssl genrsa -aes128 2048 > server.key
ls -l | grep server.key
openssl rsa -in server.key -out server.key
chmod 400 server.key
chown postgres.postgres server.key
openssl req -new -key server.key -days 365 -out server.crt -x509 -addext “subjectAltName = DNS:postgresql.trac.local”
cp server.crt root.crt

Edit postgresql.conf
nano /var/lib/pgsql/14/data/postgresql.conf


listen_addresses = ‘*’
max_connections = 300
shared_buffers = 128MB
ssl = on
ssl_ca_file = ‘root.crt’
ssl_cert_file = ‘server.crt’
ssl_crl_file = ”
ssl_key_file = ‘server.key’
ssl_ciphers = ‘HIGH:MEDIUM:+3DES:!aNULL’ # allowed SSL ciphers
ssl_prefer_server_ciphers = on

Edit pg_hba.conf
nano /var/lib/pgsql/14/data/pg_hba.conf


hostssl all all 192.168.3.82/32 scram-sha-256
hostssl all all 192.168.3.83/32 scram-sha-256
host all all 192.168.3.82/32 trust
host all all 192.168.3.83/32 trust


systemctl restart postgresql-14
firewall-cmd –add-service=postgresql –permanent
firewall-cmd –reload
psql -U postgres -p 5432 -h postgresql.trac.local

for PrivX Server Connection

yum install ca-certificates
update-ca-trust force-enable
copy server.crt to /etc/pki/ca-trust/source/anchors/
update-ca-trust extract

create user

sudo -u postgres createuser <username>