{"id":62,"date":"2020-12-06T13:09:51","date_gmt":"2020-12-06T04:09:51","guid":{"rendered":"https:\/\/lab4ict.com\/website\/?p=62"},"modified":"2024-02-08T07:05:47","modified_gmt":"2024-02-07T22:05:47","slug":"wordpress%e3%82%b5%e3%83%bc%e3%83%90%e3%81%ae%e3%82%bb%e3%82%ad%e3%83%a5%e3%83%aa%e3%83%86%e3%82%a3%e5%bc%b7%e5%8c%96","status":"publish","type":"post","link":"https:\/\/lab4ict.com\/website\/articles\/62","title":{"rendered":"Web\u30b5\u30fc\u30d0\u306e\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u3092\u5f37\u5316\u3059\u308b\uff01"},"content":{"rendered":"<p>WordPress\u30b5\u30fc\u30d0\u306e\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u306e\u5f37\u5316\u3092\u56f3\u308a\u307e\u3059\u3002\u4e3b\u306b\u3001\u30a4\u30f3\u30bf\u30fc\u30cd\u30c3\u30c8\u304b\u3089\u306e\u4e0d\u6b63\u30a2\u30af\u30bb\u30b9\u5bfe\u7b56\u3092\u884c\u3044\u307e\u3059\u3002<br \/>\n<!--more--><\/p>\n<h2>\u30b5\u30fc\u30d0\u30a2\u30af\u30bb\u30b9\u306e\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u5f37\u5316<\/h2>\n<p>\u516c\u958b\u30b5\u30fc\u30d0\u306f\u3001\u30a4\u30f3\u30bf\u30fc\u30cd\u30c3\u30c8\u4e0a\u306b\u6652\u3055\u308c\u3066\u3044\u308b\u305f\u3081\u3001\u30b5\u30fc\u30d0\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u5bfe\u7b56\u306f\u5fc5\u9808\u3067\u3059\u3002<\/p>\n<h3>SSH\u306e\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u5f37\u5316<\/h3>\n<p>\u30b5\u30fc\u30d0\u306e\u8a2d\u5b9a\u3084\u5236\u5fa1\u3092\u884c\u3046\u305f\u3081\u306b\u30b5\u30fc\u30d0\u306b\u30a2\u30af\u30bb\u30b9\u3059\u308b\u4e3b\u306a\u624b\u6bb5\u306f\u3001SSH\u306b\u306a\u308a\u307e\u3059\u3002SSH\u306e\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u3092\u9ad8\u3081\u308b\u3053\u3068\u3067\u30b5\u30fc\u30d0\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u3092\u5411\u4e0a\u3055\u305b\u307e\u3059\u3002<\/p>\n<h4 class=\"ph4\">SSH\u30b5\u30fc\u30d0\u306e\u30ed\u30b0\u78ba\u8a8d<\/h4>\n<p>SSH\u30b5\u30fc\u30d0\u306e\u30ed\u30b0\u3092\u78ba\u8a8d\u3057\u307e\u3059\u3002<\/p>\n<pre class=\"brush: plain; title: ; notranslate\" title=\"\">\r\n$ sudo less \/var\/log\/secure\r\nJan  1 06:06:35 pubser001 sshd&#x5B;22293]: Invalid user admin from 101.75.117.125 port 38643\r\nJan  1 06:06:35 pubser001 sshd&#x5B;22293]: input_userauth_request: invalid user admin &#x5B;preauth]\r\n<\/pre>\n<p>\u30ed\u30b0\u3092\u898b\u308b\u3068\u3001\u3072\u3063\u304d\u308a\u306a\u3057\u306b\u4e0d\u6b63\u30a2\u30af\u30bb\u30b9\u304c\u8a66\u307f\u3089\u308c\u3066\u3044\u308b\u3088\u3046\u3067\u3059\u3002SSH\u306e\u4e0d\u6b63\u30a2\u30af\u30bb\u30b9\u306b\u5bfe\u3059\u308b\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u5bfe\u7b56\u3068\u3057\u3066\u306f\u3001\u4ee5\u4e0b\u306e\u5bfe\u5fdc\u304c\u3042\u308a\u307e\u3059\u3002<\/p>\n<ul>\n<li>\u30d1\u30b9\u30ef\u30fc\u30c9\u3067\u306e\u30ed\u30b0\u30a4\u30f3\u3092\u7981\u6b62\u3057\u3001\u9375\u8a8d\u8a3c\u3067\u306e\u30ed\u30b0\u30a4\u30f3\u306e\u307f\u8a31\u53ef\u3059\u308b\u3002<\/li>\n<li>root\u30e6\u30fc\u30b6\u3067\u306e\u30ed\u30b0\u30a4\u30f3\u3092\u7981\u6b62\u3059\u308b\u3002<\/li>\n<li>SSH\u306e\u30dd\u30fc\u30c8\u756a\u53f7\u3092\u5909\u66f4\u3059\u308b\u3002<\/li>\n<\/ul>\n<p>\u6839\u672c\u7684\u5bfe\u5fdc\u3068\u3057\u3066\u3001\u4e0a\u304b\u30892\u3064\u76ee\u307e\u3067\u306e\u5bfe\u5fdc\u3092\u521d\u671f\u306e\u30b5\u30fc\u30d0\u69cb\u7bc9\u6642\u306b\u5b9f\u65bd\u6e08\u307f\u3067\u3059\u304c\u3001\u8ffd\u52a0\u3067\u30dd\u30fc\u30c8\u756a\u53f7\u306e\u5909\u66f4\u3092\u884c\u3044\u3001\u4e0d\u6b63\u30a2\u30af\u30bb\u30b9\u306e\u524a\u6e1b\u3092\u56f3\u308a\u307e\u3059\u3002<\/p>\n<h4 class=\"ph4\">SSH\u30b5\u30fc\u30d0\u306e\u30dd\u30fc\u30c8\u756a\u53f7\u306e\u5909\u66f4<\/h4>\n<p>SSH\u30b5\u30fc\u30d0\u306e\u30dd\u30fc\u30c8\u756a\u53f7\u3092\u30c7\u30d5\u30a9\u30eb\u30c8\u306e22\u304b\u30892222\u306b\u5909\u66f4\u3057\u307e\u3059\u3002\u307e\u305a\u3001firewalld\u30672222\u756a\u306e\u30dd\u30fc\u30c8\u3078\u306e\u30a2\u30af\u30bb\u30b9\u3092\u8a31\u53ef\u3057\u307e\u3059\u3002<\/p>\n<pre class=\"brush: plain; title: ; notranslate\" title=\"\">\r\n$ sudo firewall-cmd --add-port=2222\/tcp --zone=public --permanent\r\n$ sudo firewall-cmd --reload\r\n$ sudo firewall-cmd --list-all --zone=public | grep tcp\r\n<\/pre>\n<p>\u6b21\u306b\u3001SSH\u30b5\u30fc\u30d0\u306e\u8a2d\u5b9a\u3092\u5909\u66f4\u3057\u3066\u3001SSH\u30b5\u30fc\u30d0\u306e\u30dd\u30fc\u30c8\u756a\u53f7\u3092\u5909\u66f4\u3057\u3001\u8a2d\u5b9a\u30d5\u30a1\u30a4\u30eb\u3092\u518d\u8aad\u8fbc\u3057\u307e\u3059\u3002<\/p>\n<pre class=\"brush: plain; title: ; notranslate\" title=\"\">\r\n$ sodo vi \/etc\/ssh\/sshd_config\r\n#Port 22\r\nPort 2222\r\n$ sudo systemctl reload sshd\r\n<\/pre>\n<p>22\u756a\u30dd\u30fc\u30c8\u3067\u30a2\u30af\u30bb\u30b9\u3067\u304d\u305a\u30012222\u756a\u30dd\u30fc\u30c8\u3067\u30a2\u30af\u30bb\u30b9\u3067\u304d\u308b\u3053\u3068\u3092\u78ba\u8a8d\u3057\u307e\u3059\u3002<\/p>\n<pre class=\"brush: plain; title: ; notranslate\" title=\"\">\r\n$ ssh -l admin001 lab4ict.com\r\nssh: connect to host lab4ict.com port 22: Connection refused\r\n$ ssh -p 2222 -l admin001 lab4ict.com\r\n$\r\n<\/pre>\n<h2>\u30b5\u30a4\u30c8\u30a2\u30af\u30bb\u30b9\u306e\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u5f37\u5316<\/h2>\n<p>\u30b5\u30a4\u30c8\u30a2\u30af\u30bb\u30b9\u306e\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u5f37\u5316\u3068\u3057\u3066\u3001\u4ee5\u4e0b\u306e\u5bfe\u5fdc\u3092\u5b9f\u65bd\u3057\u307e\u3059\u3002Qualys SSL LABS\u306e\u300cSSL Server Test\u300d\u306e\u30b5\u30a4\u30c8\u3067\u30c6\u30b9\u30c8\u3092\u884c\u3044\u3001\u6839\u6c17\u3088\u304f\u4e00\u3064\u4e00\u3064\u5bfe\u7b56\u3092\u6253\u3064\u306e\u304c\u3088\u3055\u305d\u3046\u3067\u3059\u3002<\/p>\n<ul>\n<li>\u30b5\u30a4\u30c8\u30a2\u30af\u30bb\u30b9\u306eHTTPS\u5316<\/li>\n<li>\u4e0d\u6b63\u306a\u30b5\u30fc\u30d0\u8a3c\u660e\u66f8\u306e\u767a\u884c\u9632\u6b62\uff08DNS CAA\uff09<\/li>\n<li>SSL\/TLS\u30d7\u30ed\u30c8\u30b3\u30eb\u306e\u5236\u9650<\/li>\n<li>\u6697\u53f7\u5316\u65b9\u5f0f\uff08Cipher Suite\uff09\u306e\u524a\u9664<\/li>\n<li>\u6697\u53f7\u5316\u65b9\u5f0f\uff08Cipher Suite\uff09\u306e\u8ffd\u52a0<\/li>\n<\/ul>\n<h3>\u30b5\u30a4\u30c8\u30a2\u30af\u30bb\u30b9\u306eHTTPS\u5316<\/h3>\n<p>\u30b5\u30a4\u30c8\u30a2\u30af\u30bb\u30b9\u3092\u5168\u3066HTTPS\u3067\u6697\u53f7\u5316\u3059\u308b\u3053\u3068\u306b\u3088\u308a\u3001\u901a\u4fe1\u5185\u5bb9\u306e\u6f0f\u3048\u3044\u3068\u6539\u3056\u3093\u3092\u6291\u6b62\u3059\u308b\u3053\u3068\u304c\u3067\u304d\u307e\u3059\u3002\u30b5\u30a4\u30c8\u306eHTTPS\u5316\u306f\u3001\u672c\u30b5\u30a4\u30c8\u306e\u624b\u9806\u3067\u306f\u3001Let'encrypt\u306e\u5c0e\u5165\u306b\u3088\u308a\u3001\u30b5\u30fc\u30d0\u306e\u521d\u671f\u69cb\u7bc9\u6642\u306b\u5bfe\u5fdc\u6e08\u307f\u3067\u3059\u3002<\/p>\n<h3>\u4e0d\u6b63\u306a\u30b5\u30fc\u30d0\u8a3c\u660e\u66f8\u306e\u767a\u884c\u9632\u6b62\uff08DNS CAA\uff09<\/h3>\n<p>\u30b5\u30fc\u30d0\u8a3c\u660e\u66f8\u3092\u767a\u884c\u3059\u308b\u8a8d\u8a3c\u5c40\u3092DNS\u3067\u6307\u5b9a\u3059\u308b\u3053\u3068\u306b\u3088\u308a\u3001\u4ed6\u306e\u8a8d\u8a3c\u5c40\u3067\u4e0d\u6b63\u306a\u30b5\u30fc\u30d0\u8a3c\u660e\u66f8\u304c\u767a\u884c\u3055\u308c\u308b\u3053\u3068\u3092\u9632\u3050\u3053\u3068\u304c\u3067\u304d\u307e\u3059\u3002Sakura Internet\u306eDNS\u3067\u306f\u3001CAA\u30ec\u30b3\u30fc\u30c9\u3092\u767b\u9332\u3059\u308b\u3053\u3068\u304c\u3067\u304d\u307e\u3059\u3002<\/p>\n<table>\n<tbody>\n<tr>\n<th>DNS1\u30ec\u30b3\u30fc\u30c9\u7a2e\u5225<\/th>\n<th>\u8a2d\u5b9a\u5024\uff08\u4f8b\uff09<\/th>\n<\/tr>\n<tr>\n<td>CAA<\/td>\n<td>0 issue \"letsencrypt.org\"<\/td>\n<\/tr>\n<tr>\n<td>CAA<\/td>\n<td>0 iodef \"postmaster@lab4ict.com\"<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<h3>SSL\/TLS\u30d7\u30ed\u30c8\u30b3\u30eb\u306e\u5236\u9650<\/h3>\n<p>SSL\/TLS\u306e\u30d7\u30ed\u30c8\u30b3\u30eb\u3092TLS1.2\u306e\u307f\u306b\u5236\u9650\u3057\u307e\u3059\u3002<\/p>\n<pre class=\"brush: plain; title: ; notranslate\" title=\"\">\r\n$ sudo vi \/etc\/httpd\/conf.d\/ssl.conf\r\n#SSLProtocol all -SSLv2\r\nSSLProtocol all -SSLv2 -SSLv3 -TLSv1 -TLSv1.1\r\n$ sudo systemctl stop httpd.service\r\n$ sudo systemctl start httpd.service\r\n$ sudo systemctl status httpd.service\r\n<\/pre>\n<p>openssl\u30b3\u30de\u30f3\u30c9\u3067\u7ba1\u7406\u7528\u306ePC\u304b\u3089\u30c6\u30b9\u30c8\u3057\u307e\u3059\u3002<\/p>\n<pre class=\"brush: plain; title: ; notranslate\" title=\"\">\r\n$ openssl s_client -connect lab4ict.com:443 -ssl3\r\n$ openssl s_client -connect lab4ict.com:443 -tls1\r\n$ openssl s_client -connect lab4ict.com:443 -tls1_1\r\n$ openssl s_client -connect lab4ict.com:443 -tls1_2\r\n<\/pre>\n<h3>\u6697\u53f7\u5316\u65b9\u5f0f\uff08Cipher Suite\uff09\u306e\u524a\u9664<\/h3>\n<p>\u8106\u5f31\u6027\u304c\u6307\u6458\u3055\u308c\u3066\u3044\u308b\u6697\u53f7\u5316\u65b9\u5f0f\uff08Cipher Suite\uff09\u3092\u524a\u9664\u3057\u307e\u3059\u3002RC4\u6697\u53f7\u306e\u4f7f\u7528\u3092\u4e0d\u53ef\u306b\u8a2d\u5b9a\u3057\u307e\u3059\u3002<\/p>\n<pre class=\"brush: plain; title: ; notranslate\" title=\"\">\r\n$ sudo vi \/etc\/httpd\/conf.d\/ssl.conf\r\nSSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5:!SEED:!IDEA\r\nSSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5:!SEED:!IDEA:!RC4\r\n$ sudo systemctl stop httpd.service\r\n$ sudo systemctl start httpd.service\r\n$ sudo systemctl status httpd.service\r\n<\/pre>\n<p>openssl\u30b3\u30de\u30f3\u30c9\u3067\u7ba1\u7406\u7528\u306ePC\u304b\u3089\u30c6\u30b9\u30c8\u3057\u307e\u3059\u3002<\/p>\n<pre class=\"brush: plain; title: ; notranslate\" title=\"\">\r\n$ openssl s_client -connect localhost:443 -cipher RC4-SHA\r\n<\/pre>\n<h3>\u6697\u53f7\u5316\u65b9\u5f0f\uff08Cipher Suite\uff09\u306e\u8ffd\u52a0<\/h3>\n<p>\u5f37\u5ea6\u306e\u5f37\u3044\u6697\u53f7\u5316\u65b9\u5f0f\uff08Cipher Suite\uff09\u3092\u8ffd\u52a0\u3057\u307e\u3059\u3002Forward Security\u3092\u4f7f\u7528\u53ef\u306b\u3057\u3066\u3001\u6697\u53f7\u5316\u65b9\u5f0f\u3092\u5168\u9762\u7684\u306b\u898b\u76f4\u3057\u3066\u8a2d\u5b9a\u3057\u307e\u3059\u3002<\/p>\n<pre class=\"brush: plain; title: ; notranslate\" title=\"\">\r\n$ sudo vi \/etc\/httpd\/conf.d\/ssl.conf\r\n#SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5:!SEED:!IDEA\r\n#SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5:!SEED:!IDEA:!RC4\r\nSSLCipherSuite &quot;EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA RC4 !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS !RC4&quot;\r\n...\r\nSSLHonorCipherOrder on\r\n$ sudo systemctl stop httpd.service\r\n$ sudo systemctl start httpd.service\r\n$ sudo systemctl status httpd.service\r\n<\/pre>\n<p>openssl\u30b3\u30de\u30f3\u30c9\u3067\u7ba1\u7406\u7528\u306ePC\u304b\u3089\u30c6\u30b9\u30c8\u3057\u307e\u3059\u3002<\/p>\n<pre class=\"brush: plain; title: ; notranslate\" title=\"\">\r\n$ openssl s_client -connect localhost:443 -cipher ECDHE-RSA-AES256-GCM-SHA384\r\n<\/pre>\n<h2>\u304a\u308f\u308a\u306b<\/h2>\n<p>\u672c\u7a3f\u3067\u306f\u3001WordPress\u30b5\u30fc\u30d0\u306e\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u5f37\u5316\u3092\u884c\u3044\u307e\u3057\u305f\u3002<\/p>\n<p>&nbsp;<\/p>\n","protected":false},"excerpt":{"rendered":"<p>WordPress\u30b5\u30fc\u30d0\u306e\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u306e\u5f37\u5316\u3092\u56f3\u308a\u307e\u3059\u3002\u4e3b\u306b\u3001\u30a4\u30f3\u30bf\u30fc\u30cd\u30c3\u30c8\u304b\u3089\u306e\u4e0d\u6b63\u30a2\u30af\u30bb\u30b9\u5bfe\u7b56\u3092\u884c\u3044\u307e\u3059\u3002<\/p>\n","protected":false},"author":1,"featured_media":56,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[13],"tags":[],"class_list":["post-62","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-server-administration"],"_links":{"self":[{"href":"https:\/\/lab4ict.com\/website\/wp-json\/wp\/v2\/posts\/62","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/lab4ict.com\/website\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/lab4ict.com\/website\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/lab4ict.com\/website\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/lab4ict.com\/website\/wp-json\/wp\/v2\/comments?post=62"}],"version-history":[{"count":6,"href":"https:\/\/lab4ict.com\/website\/wp-json\/wp\/v2\/posts\/62\/revisions"}],"predecessor-version":[{"id":2279,"href":"https:\/\/lab4ict.com\/website\/wp-json\/wp\/v2\/posts\/62\/revisions\/2279"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/lab4ict.com\/website\/wp-json\/wp\/v2\/media\/56"}],"wp:attachment":[{"href":"https:\/\/lab4ict.com\/website\/wp-json\/wp\/v2\/media?parent=62"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/lab4ict.com\/website\/wp-json\/wp\/v2\/categories?post=62"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/lab4ict.com\/website\/wp-json\/wp\/v2\/tags?post=62"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}