Difference between revisions of "Linux"
| Line 47: | Line 47: | ||
=Security= | =Security= | ||
| + | How to secure your server / workstation ? | ||
| − | |||
| − | + | ==Global security== | |
| + | [[File:Internet security.png|64px|caption|Internet security]] Anti-virus / anti root-kits / Fail2Ban | ||
| − | + | * [[Anti-virus]] | |
| − | + | * [[Rootkit cleaner]] | |
| − | + | * [[Fail2ban]] | |
| − | + | ||
| − | + | ||
| − | + | ||
| − | + | ==SSH== | |
| − | + | ||
| − | + | [[File:icon ssh.png|64px|caption|SSH]] SSH | |
| − | + | ||
| − | + | * [[SSH Client]] | |
| − | + | ||
| − | + | ||
| − | + | * [[SSH create key|How-to generate SSH key]] | |
| − | + | ||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | | | ||
| − | | | ||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |- | ||
| − | |||
| − | |||
| − | | | + | * [[SSH server setup]] |
| − | | | + | * [[SSH server local user|SSH server using local user / password auth.]] |
| + | * [[SSH server local key|SSH server using key auth.]] | ||
| + | * [[SSH server ldap user|SSH server using LDAP user auth.]] | ||
| + | * [[SSH server ldap key|SSH server using LDAP key auth.]] | ||
| Line 127: | Line 109: | ||
|[[Firewall installation scripts]] | |[[Firewall installation scripts]] | ||
|} | |} | ||
| + | |||
| + | |||
| + | ==SSL== | ||
| + | |||
| + | [[File:icon ssl.png|64px|caption|SSL]] SSL certificates and chain of trust | ||
| + | |||
| + | |||
| + | [[SSL server]] | ||
| + | |||
| + | |||
| + | |||
| + | ==VPN== | ||
| + | |||
| + | [[File:icon vpn.png|64px|caption|VPN]] Virtual Private Network (VPN) | ||
| + | |||
| + | |||
| + | * [[VPN|VPN introduction]] | ||
| + | |||
| + | * [[VPN server]] | ||
| + | |||
| + | * [[VPN client]] | ||
Revision as of 14:03, 21 August 2014
Linux is wonderful! However it can be a mess to setup.
These are some how-to and tricks for Linux (Debian / Ubuntu) servers and workstations.
Contents
Server / workstation core setup
How to setup & maintain a Linux server or workstation with basics services.
| Server / Workstation setup | |||||
|---|---|---|---|---|---|
| Installation | Partitions setup | Specifics | Prefer IPv4 over IPv6 | Applications | Photo |
| Network and hostname configuration | XFCE: screensaver bug fix | Clean ubuntu | |||
| VIM editor | Drivers | ||||
| Sources | |||||
| Create user | |||||
| Useful programs | |||||
| Languages | |||||
| Automatic updates | |||||
Security
How to secure your server / workstation ?
Global security
Anti-virus / anti root-kits / Fail2Ban
SSH
SSH
- SSH server setup
- SSH server using local user / password auth.
- SSH server using key auth.
- SSH server using LDAP user auth.
- SSH server using LDAP key auth.
Firewall
This section explains HOW to create, maintain and use a firewall with IpTables.
| Firewall | |
|---|---|
| Basics | Firewall principle |
| Firewall basics | |
| Firewall core (main) protocols | |
| Firewall VPN | |
| Firewall OUTPUT filters | |
| Firewall INPUT filters | |
| Advanced | Firewall port forwarding |
| Firewall source address filtering | |
| Installation and scripts | Firewall installation scripts |
SSL
SSL certificates and chain of trust
VPN
Virtual Private Network (VPN)
Advanced security
Protection is good, but that's not enough! We need to detect attacks.
- IDS = Intrusion Detection System : tool that detect attacks.
- IPS = Intrusion Protection System : detect an intrusion attempt and react upon it.
I'm using one of the most famous IDS: "Snort" (https://www.snort.org/).
Linux server services
User management
Manage users and groups
DB servers
Database servers
- MySQL server
- PostgreSQL
Web
Web server
How to setup a website, proxy and SSL certificates...
Web applications
| Web applications |
|---|
| Web app PhpMyAdmin |
| Web app PhpLdapAdmin |
| Web app PhpSecInfo |
| Jenkins |
| Sonar |
| SVN server |
Network
DHCP and DNS servers
| Network | |
|---|---|
| DHCP server | DHCP server installation |
| DHCP dynamic IP assignation | |
| DHCP static IP assignation | |
| DNS | DNS server |
| DNS server split | |
Mail server (SMTP, POP3/IMAP)
- FTP server
Web server configuration
- Samba server
- NFS server
- Webdav
NetBoot
This section explains how to setup, boot and maintain a netboot image.
Requirements:
NetBoot and "Thin client" (diskless clinets) principle:
NetBoot services setup:
NetBoot setup:
- 0. NetBoot server principle
- 1. NetBoot server setup - network Linux installation
- 2. NetBoot server setup - diskless clients
- 3. Diskless client setup
- 4. PXE menu
Monitoring
Monitoring IT components, servers and applications using Zabbix
| Monitoring | |
|---|---|
| Zabbix server | Zabbix server setup |
| Zabbix server configuration | |
| Zabbix server hosts management | |
| Zabbix server template management = create and manage template | |
| Zabbix server create new application, items, triggers and actions | |
| Zabbix server dashboard | |
| Zabbix agent setup | Zabbix agent setup |
Note:
I'm using Zabbix v2.2. All the following information are just a practical summary of the Zabbix official documentation applied to my use-case.
Other services
- NTP time sync
- Logwatch
- Mail server
Management UI
Raspberry pi
This section is under construction...
