hostnamectl set-hostname portal5.lstimelapses.com.br
hostnamectl set-hostname portal5.lstimelapses.com.br –pretty
apt install vim
vi /etc/hosts
Mude o hostname para o escolhido
reboot
sudo timedatectl set-timezone America/Sao_Paulo
apt update
apt upgrade
apt install net-tools
sudo apt install iputils-ping
sudo apt-get install open-vm-tools
apt install rsync
apt install cron
apt install nmap
apt install telnet
ATUALIZE O UBUNTU
apt-get update && apt-get upgrade
sudo apt-get install ntp ntpdate
service ntp stop && ntpdate a.st1.ntp.br && service ntp start && systemctl enable ntp
TROQUE O IP DO SERVIDOR
vi /etc/netplan/00-installer-config.yaml
Coloque igual abaixo
network:
ethernets:
ens34:
addresses:
– 10.11.12.105/24
routes:
– to: default
via: 10.11.12.1
nameservers:
addresses: [8.8.8.8,8.8.4.4]
netplan apply
vi /etc/systemd/resolved.conf
[Resolve]
DNS=10.11.12.1 192.168.180.1 8.8.8.8 8.8.4.4
sudo systemctl restart systemd-resolved.service
sudo systemctl enable systemd-resolved.service
FAÇA O HARDENING THE SERVER
apt clean
apt autoremove
adduser lst
adduser lst sudo
id lst
Faça logout
Faça login como lst
sudo -i
vi /etc/ssh/sshd_config
PermitRootLogin no
reboot
Tente login como root para testar
#Permitir ao usuario lst fazer shutdown
addgroup wheel
usermod -a -G wheel lst
#Permitir o usuario não precisar fazer sudo
usermod -aG sudo lst
vi /etc/sudoers
Add line:
%wheel ALL= NOPASSWD: /sbin/shutdown, /sbin/reboot
INSTALAR O ZABBIX CLIENT
wget https://repo.zabbix.com/zabbix/6.4/ubuntu/pool/main/z/zabbix-release/zabbix-release_6.4-1+ubuntu22.04_all.deb
dpkg -i zabbix-release_6.4-1+ubuntu22.04_all.deb
apt update
apt install zabbix-agent2 zabbix-agent2-plugin-*
Start Zabbix agent2 process and make it start at system boot.
systemctl restart zabbix-agent2
systemctl enable zabbix-agent2
Configure o parametro SERVER em
vi /etc/zabbix/zabbix_agent2.conf
PidFile=/var/run/zabbix/zabbix_agent2.pid
LogFile=/var/log/zabbix/zabbix_agent2.log
LogFileSize=0
Server=10.11.12.106
ServerActive=10.11.12.106
Hostname=mysql1.lstimelapses.com.br
Include=/etc/zabbix/zabbix_agent2.d/*.conf
PluginSocket=/run/zabbix/agent.plugin.sock
ControlSocket=/run/zabbix/agent.sock
Include=./zabbix_agent2.d/plugins.d/*.conf
AllowKey=system.run[‘retornaDataHoraUltimoBackupDB_lstimelapses.sh’,*]
systemctl restart zabbix-agent2
Crie o host no zabbix
https://controles.lstimelapses.com.br/vmware-esxi-backup-e-restore-de-vms/
adicione a linha e troque o horário e o nome da VM
/bin/echo “00 05 * * * /bin/sh /vmfs/volumes/9f07758c-31382dda-0000-000000000000/VMS/ghettoVCB/ghettoVCB.sh -m vmsmtp1.lst > /vmfs/volumes/9f07758c-31382dda-0000-000000000000/VMS/ghettoVCB/logBackup-vmsmtp1-$(date +\%s).log” >> /var/spool/cron/crontabs/root
apt install nginx
sudo systemctl enable nginx
service nginx start
sudo apt install –no-install-recommends php8.2
sudo apt install -y php8.2-cli php8.2-fpm php8.2-common php8.2-mysql php8.2-zip php8.2-gd php8.2-mbstring php8.2-curl php8.2-xml php8.2-bcmath php8.2-soap php8.2-sqlite3 php8.2-pdo-sqlite php8.2-mbstring openssl
useradd –no-create-home nginx
#Para liberar sessions no php
chmod 777 -R /var/lib/php/
chown -R nginx:nginx /var/lib/php/sessions
sudo systemctl disable httpd
systemctl enable php8.2-fpm
service php8.2-fpm stop
Adicione o usuario nginx ao grupo www-data
sudo usermod -a -G www-data nginx
systemctl restart php8.2-fpm
apt install certbot
systemctl stop nginx
sudo certbot certonly –standalone
Ex: monitoramento.lstimelapses.com.br, portal7.lstimelapses.com.br
Faça o teste do renew
sudo certbot renew –dry-run
systemctl start nginx
COPIAR PASTAS DO SITE PORTAL
cp /etc/nginx/nginx.conf /etc/nginx/nginx.conf.bkp
scp portal8.lstimelapses.com.br:/etc/nginx/conf.d/*.conf /etc/nginx/conf.d
Verifique em cada .conf se o sock está correto
fastcgi_pass unix:/run/php/php8.1-fpm.sock;
apt install vsftpd
systemctl start vsftpd && systemctl enable vsftpd && useradd ftpcameras
passwd ftpcameras
Coloque a senha padrão de câmeras
echo -e ‘#!/bin/sh\necho “This account is limited to FTP access only.”‘ | sudo tee -a /bin/ftponly
sudo chmod a+x /bin/ftponly
echo “/bin/ftponly” | sudo tee -a /etc/shells
sudo usermod ftpcameras -s /bin/ftponly
Edite o arquivo de configuração
vi /etc/vsftpd.conf
e adicione/libere
chroot_local_user=YES
write_enable=YES
local_umask=022
allow_writeable_chroot=YES
Exemplo do portal8
listen=NO
listen_ipv6=YES
anonymous_enable=NO
local_enable=YES
write_enable=YES
local_umask=022
dirmessage_enable=YES
use_localtime=YES
xferlog_enable=YES
connect_from_port_20=YES
chroot_local_user=YES
secure_chroot_dir=/var/run/vsftpd/empty
pam_service_name=vsftpd
rsa_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
rsa_private_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
ssl_enable=NO
allow_writeable_chroot=YES
systemctl restart vsftpd
Troque o home do usuario ftpcameras para /cameras no /etc/passwd
ftpcameras:x:1000:1000::/cameras:/bin/ftponly
SFTPCAMERAS
useradd sftpcameras
vi /etc/passwd
Troque o home do usuario sftpcameras para /cameras no /etc/passwd
sftpcameras:x:1000:1000::/cameras:/bin/ftponly
Coloque o usuario sftpcameras no grupo ftpcameras
usermod -a -G ftpcameras sftpcameras
Crie a pasta das cameras
mkdir /cameras
chown -R ftpcameras:ftpcameras /cameras
chmod -R a+rwx /cameras
chmod -R og+x /cameras
USUÁRIO DE BACKUP
useradd backuplstz
passwd backuplstz
usermod -a -G ftpcameras backuplstz
usermod -a -G nginx backuplstz
mkdir /portal
mkdir /TIMELAPSES
chmod -R 775 /portal
chown -R nginx:nginx /portal/
chown -R nginx:nginx /TIMELAPSES
chmod -R 775 /TIMELAPSES
COPIAR O PORTAL DE OUTRO LOCAL PARA O SERVIDOR NOVO
scp -r portal5.lstimelapses.com.br:/portal /
TROQUE O NOME DO PORTAL NO ARQUIVO DE CONFIGURAÇÃO
ex: trocar de portal5 para portal6
sed -i ‘s/portal5/portal6/’ /portal/html/LST-settings.ini
COPIE OS SCRIPTS DE OUTRO LOCAL PARA O SERVIDOR NOVO
mkdir /scripts
scp -r portal5.lstimelapses.com.br:/scripts /
TROQUE O NOME DO PORTAL NOS SCRIPTS
ex: trocar de portal5 para portal6 em todos os scripts .sh
sed -i ‘s/portal5/portal6/’ /scripts/*.sh
apt install rsync
ssh-keygen -t rsa -b 4096 (ENTER EM TUDO – NO PASSPHRASE)
Adicione as chaves criadas para o servidor de destino
cat ~/.ssh/id_rsa.pub | ssh -p 65200 rsync@dscasavv.synology.me “cat >> ~/.ssh/authorized_keys”
Faça um teste do rsync para ver se vai funcionar sem senha
#Rsync da pasta /scripts
rsync -e “ssh -p 65200” -azrvh /scripts rsync@dscasavv.synology.me:/volume1/RSYNC-LSTIMELAPSES/portal7.lstimelapses.com.br
Verifique se chegou certinho no servidor synology
sudo apt install ffmpeg
apt install cpulimit
CRIAR O CRONTAB COM OS SCRIPTS
Copia o crontab de outro portal scp portal5.lstimelapses.com.br:/scripts/crontabAtual /scripts
crontab < /scripts/crontabAtual
PARA FINALIZAR E COLOCAR O PORTAL NO AR
VERIFICAR se estão pegando todas as câmeras
/portal/html/restrito/scripts/indexar-cameras-geral.sh
/portal/html/restrito/scripts/indexar-cameras-parcial.sh
/portal/html/restrito/scripts/verificar-cameras-enviando-imagens-para-admins.sh
/portal/html/restrito/scripts/verificar-cameras-enviando-imagens-para-clientes.sh
HABILITAR O FIREWALL
reboot
INSTALAR O IMAGEMAGICK e o EXIV2 para adicionar o timestamp
apt install imagemagick
apt install exiv2
sudo ufw default deny incoming
sudo ufw default allow outgoing
sudo ufw app list
sudo ufw allow OpenSSH
sudo ufw allow ssh
sudo ufw allow http
sudo ufw allow https
sudo ufw allow ftp
sudo ufw allow 10050:10051/tcp
sudo ufw show added
sudo ufw enable
ufw reload
INSTALAR O DRIVER ODBC
https://www.zabbix.com/documentation/current/en/manual/config/items/itemtypes/odbc_checks
FAZER O BACKUP DO MYSQL
apt-get install automysqlbackup
o backup fica em /var/lib/automysqlbackup/daily
TESTAR TODOS OS SERVIÇOS
INSTALAR SMTP SERVER (postifx, spf, dkim) (SE APLICÁVEL)
https://www.linuxbabe.com/mail-server/setup-basic-postfix-mail-sever-ubuntu
TESTE o SMTP SERVER
apt-get install pflogsumm
ANALISAR O LOG DO EMAIL SERVER
pflogsumm -d today /var/log/mail.log
ONEDRIVE
https://github.com/abraunegg/onedrive/blob/master/docs/USAGE.md#using-the-client
Comando para sincronizar uma pasta
onedrive –synchronize –single-directory ‘CLIENTES/MARUCCI/GESTAMP1’ –resync