Difference between revisions of "Linux"

 
(20 intermediate revisions by the same user not shown)
Line 1: Line 1:
 
[[Category:Linux]]
 
[[Category:Linux]]
 +
<seo google-site-verification="NS8HNfXeCZBn4FoGJp38gQH7vHkeZC9Qdr_YDMd7MsQ" />
 +
 
Linux is wonderful! However it can be a mess to setup.  
 
Linux is wonderful! However it can be a mess to setup.  
  
Line 5: Line 7:
  
  
{| class="wikitable"
+
{| style="margin: 1em auto 1em auto"
!colspan="4" |Menu
+
|-valign="top"
|-
+
|width="20%"|{{Template:menu core features}}
{{Template:menu core features}} || {{Template:menu security}} || {{Template:menu web}} || {{Template:menu network}}
+
|width="20%"|{{Template:menu security}}
|-
+
|width="20%"|{{Template:menu web}}
|}
+
|width="20%"|{{Template:menu network}}
 
 
 
 
{{columns-start}}
 
|<big>Core elements</big>
 
|-
 
|[[File:Workstation.png|link=#Server / workstation core setup|64px|caption|Server or workstation]] Server / workstation setup
 
|-
 
{{column}}
 
|<big>Security</big>
 
|-
 
|[[File:Internet security.png|link=#Global security|64px|caption|Internet security]] Security: anti-virus / root-kits / Fail2Ban
 
|-
 
|[[File:icon ssh.png|link=#SSH|64px|caption|SSH]] Security: SSH
 
|-
 
|[[File:Firewall.png|link=#Firewall|64px|caption|FW principle]] Security: firewall
 
|-
 
|[[File:icon ssl.png|link=#SSL|64px|caption|SSL]] Security: SSL
 
|-
 
|[[File:icon vpn.png|link=#VPN|64px|caption|VPN]] Security: VPN
 
|-
 
|[[File:Radar icon.png|link=#Intrusion Detection / Protection|64px|caption|Radar]] Security: IDS / IPS
 
{{column}}
 
|<big>Web</big>
 
|-
 
|[[File:Database.png|link=#DB servers|64px|caption|Database]] DB
 
|
 
|[[File:Web server.png|link=#Web server|64px|caption|Web server]] Web server
 
|-
 
|[[File:Web app icon.png|link=#Web applications|64px|caption|Web apps]] PHP webapps
 
|-
 
|[[File:icon_continous integration.png|link=#Continuous Integration applications|64px|caption|Continuous integration]] CI webapps
 
{{column}}
 
|<big>Network</big>
 
|-
 
|[[File:Active-directory.png|link=#User management|64px|caption|Active directory]] LDAP
 
|-
 
|[[File:Network icon.png|link=#DHCP and DNS|64px|caption|Network icon]] DHCP DNS
 
|-
 
|[[File:Icon file share.jpg|link=#File share|64px|caption|File share]] File share technologies
 
|-
 
|[[File:Netboot icon.jpg|link=#NetBoot|64px|caption|Netboot icon]] This section explains how to setup, boot and maintain a netboot image.
 
|-
 
|[[File:Mail icon.png|link=#Mail|64px|caption|Mail icon]] Mail server (SMTP, POP3/IMAP)
 
|-
 
|[[File:Monitoring icon.png|link=#Monitoring|64px|caption|Monitoring]] Monitoring IT components, servers and applications using Zabbix
 
{{columns-end}}
 
 
 
 
 
 
 
 
 
-------------
 
 
 
 
 
=Server / workstation core setup=
 
 
 
[[File:Workstation.png|64px|caption|Server or workstation]] How to setup & maintain a Linux server or workstation with basics services.
 
 
 
 
 
 
 
{| class="wikitable"
 
!colspan="6"|Server / Workstation setup
 
|-
 
|rowspan="8"|Installation
 
|[[Partitions setup]]                       
 
|rowspan="8"|Specifics
 
|[[Prefer IPv4 over IPv6]]
 
|rowspan="8"|Applications
 
|[[Photo]]
 
|-
 
|[[DHCP and network configuration|Network and hostname configuration]]
 
|[[XFCE: screensaver bug fix]]
 
|[[Clean ubuntu]]
 
|-
 
|[[VIM editor]]
 
|[[Drivers]]
 
|-
 
|[[Sources]]
 
|-
 
|[[Create user]]
 
|-
 
|[[Useful programs]]
 
|-
 
|[[Languages]]
 
|-
 
|[[Automatic updates]]
 
|-
 
 
|}
 
|}
  
Line 103: Line 19:
  
  
=Security=
+
=Other services=
 
 
How to secure your server / workstation ?
 
 
 
 
 
==Global security==
 
 
 
[[File:Internet security.png|64px|caption|Internet security]] Anti-virus / anti root-kits / Fail2Ban
 
 
 
 
 
* [[Anti-virus]]
 
* [[Rootkit cleaner]]
 
* [[Fail2ban]]
 
 
 
 
 
 
 
==SSH==
 
 
 
[[File:icon ssh.png|64px|caption|SSH]] SSH
 
 
 
* [[SSH Client]]
 
 
 
 
 
* [[SSH create key|How-to generate SSH key]]
 
 
 
 
 
* [[SSH server setup]]
 
* [[SSH server local user|SSH server using local user / password auth.]]
 
* [[SSH server local key|SSH server using key auth.]]
 
* [[SSH server ldap user|SSH server using LDAP user auth.]]
 
* [[SSH server ldap key|SSH server using LDAP key auth.]]
 
 
 
 
 
 
 
==Firewall==
 
 
 
[[File:Firewall.png|64px|caption|FW principle]] This section explains HOW to create, maintain and use a firewall with IpTables.
 
 
 
 
 
 
 
{| class="wikitable"
 
!colspan="2"|Firewall
 
|-
 
|rowspan="6"|Basics
 
|[[Firewall principle]]
 
|-
 
|[[Firewall basics]]
 
|-
 
|[[Firewall core (main) protocols]]
 
|-
 
|[[Firewall VPN]]
 
|-
 
|[[Firewall OUTPUT filters]]
 
|-
 
|[[Firewall INPUT filters]]
 
|-
 
|rowspan="2"|Advanced
 
|[[Firewall FORWARD filters| Firewall port forwarding]]
 
|-
 
|[[Firewall source address filtering]]
 
|-
 
|Installation and scripts
 
|[[Firewall installation scripts]]
 
|}
 
 
 
 
 
==SSL==
 
 
 
[[File:icon ssl.png|64px|caption|SSL]] SSL certificates and chain of trust
 
 
 
 
 
[[SSL server]]
 
 
 
 
 
 
 
==VPN==
 
 
 
[[File:icon vpn.png|64px|caption|VPN]] Virtual Private Network (VPN)
 
 
 
 
 
* [[VPN|VPN introduction]]
 
 
 
* [[VPN server]]
 
 
 
* [[VPN client]]
 
 
 
 
 
 
 
==Intrusion Detection / Protection==
 
 
 
[[File:Radar icon.png|64px|caption|Radar]] Protection is good, but that's not enough! We need to detect attacks.
 
 
 
 
 
* '''IDS = Intrusion Detection System''' : tool that detect attacks.
 
* '''IPS = Intrusion Protection System''' : detect an intrusion attempt and react upon it.
 
 
 
 
 
I'm using one of the most famous IDS: "Snort" (https://www.snort.org/).
 
 
 
* [[Snort IDS installation]]
 
* [[Snort IDS web-UI]]
 
 
 
 
 
 
 
 
 
=Linux appliances=
 
 
 
 
 
==User management==
 
 
 
[[File:Active-directory.png|64px|caption|Active directory]] Manage users and groups
 
 
 
 
 
* [[LDAP server]]
 
* [[LDAP client]]
 
 
 
 
 
 
 
==DB servers==
 
 
 
[[File:Database.png|64px|caption|Database]] Database servers
 
 
 
 
 
* [[MySQL server]]
 
* PostgreSQL
 
 
 
 
 
 
 
==Web==
 
 
 
 
 
===Web server===
 
 
 
 
 
[[File:Web server.png|64px|caption|Web server]] How to setup a website, proxy and SSL certificates...
 
 
 
 
 
{| class="wikitable"
 
!colspan="2"|Web server
 
|-
 
|rowspan="10"|Apache 2
 
|[[Apache 2|Apache 2 installation]]
 
|-
 
|[[Apache 2 HTTP virtual host]]
 
|-
 
|[[Apache 2 HTTPS virtual host]]
 
|-
 
|[[Apache 2 - SSL certificates page]]
 
|-
 
|[[Apache 2 - Redirection (mod rewrite)]]
 
|-
 
|[[Apache 2 - proxy]]
 
|-
 
|[[Apache 2 - Custom error page]]
 
|-
 
|[[Apache 2 - Performances]]
 
|-
 
|[[Apache 2 - Security]]
 
|-
 
|[[Apache 2 - LDAP access]]
 
|-
 
|Cherokee
 
|[[Cherokee web server]]
 
|-
 
|}
 
 
 
 
 
===Web applications===
 
 
 
[[File:Web app icon.png|64px|caption|Web apps]]
 
 
 
 
 
 
 
{| class="wikitable"
 
!colspan="1"|Web applications
 
|-
 
|[[Web app PhpMyAdmin]]
 
|-
 
|[[Web app PhpLdapAdmin]]
 
|-
 
|[[Apache 2 - Security#PHP5 security|Web app PhpSecInfo]]
 
|-
 
|}
 
 
 
 
 
 
 
===Continuous Integration applications===
 
 
 
[[File:icon_continous integration.png|64px|caption|Continuous integration]] C.I - Continuous integration
 
 
 
 
 
{| class="wikitable"
 
!colspan="1"|CI applications
 
|-
 
|[[Jenkins]]
 
|-
 
|[[Sonar]]
 
|-
 
|[[SVN server]]
 
|-
 
|}
 
 
 
 
 
 
 
==Network==
 
 
 
===DHCP and DNS===
 
 
 
[[File:Network icon.png|64px|caption|Network icon]] DHCP and DNS servers
 
 
 
 
 
{| class="wikitable"
 
!colspan="2"|Network
 
|-
 
|rowspan="3"|DHCP server
 
|[[DHCP server installation]]
 
|-
 
|[[DHCP dynamic IP assignation]]
 
|-
 
|[[DHCP static IP assignation]]
 
|-
 
|rowspan="2"|DNS
 
|[[DNS server]]
 
|-
 
|[[DNS server split]]
 
|-
 
|}
 
 
 
 
 
 
 
===File share===
 
 
 
[[File:Icon file share.jpg|64px|caption|File share]] File share technologies
 
 
 
* [[Samba server]]
 
* [[NFS server]]
 
* Webdav
 
 
 
 
 
 
 
===NetBoot===
 
 
 
 
 
[[File:Netboot icon.jpg|64px|caption|Netboot icon]] This section explains how to setup, boot and maintain a netboot image.
 
 
 
 
 
Requirements:
 
 
 
* [[DNS server]]
 
* [[DHCP server]]
 
 
 
 
 
NetBoot and "Thin client" (diskless clinets) principle:
 
 
 
* [[NetBoot server principle]]
 
* [[NetBoot target configuration]]
 
 
 
 
 
NetBoot services setup:
 
 
 
* [[TFTP server]]
 
* [[DHCP netboot configuration]]
 
* [[TFTP server manage netboot kernels]]
 
* [[NFS server]]
 
 
 
 
 
NFS image setup:
 
 
 
* [[NFS image creation]]
 
* [[NFS image configuration]]
 
 
 
 
Register NFS image to TFTP:
 
 
 
* [[TFTP server PXE configuration]]
 
* [[PXE interactive menu - multi level | TFTP server PXE advanced menu]]
 
 
 
 
 
 
 
Alternate Netboot scenario: 'Linux installation': [[NetBoot server | network Linux installation]]
 
 
 
 
 
 
 
 
 
 
 
===Mail===
 
 
 
[[File:Mail icon.png|64px|caption|Mail icon]] Mail server (SMTP, POP3/IMAP)
 
 
 
 
 
[[Email relay]]
 
 
 
[[Email server setup]]
 
 
 
 
 
 
 
===Monitoring===
 
 
 
 
 
[[File:Monitoring icon.png|64px|caption|Monitoring]] Monitoring IT components, servers and applications using Zabbix
 
 
 
 
 
 
 
{| class="wikitable"
 
!colspan="2"|Monitoring
 
|-
 
|rowspan="6"|Zabbix server
 
|[[Zabbix server setup]]
 
|-
 
|[[Zabbix server configuration]]
 
|-
 
|[[Zabbix server hosts management]]
 
|-
 
|[[Zabbix server template management]] = create and manage template
 
|-
 
|[[Zabbix server create new application, items, triggers and actions]]
 
|-
 
|Zabbix server dashboard
 
|-
 
|rowspan="1"|Zabbix agent setup
 
|[[Zabbix agent setup]]
 
|-
 
|}
 
 
 
 
 
Note:
 
 
 
I'm using Zabbix v2.2. All the following information are just a practical summary of the Zabbix official documentation applied to my use-case.
 
 
 
 
 
 
 
Alternative to zabbix, the old good fashion [[SNMP client]] !
 
 
 
 
 
 
 
==Other services==
 
  
 
* NTP time sync
 
* NTP time sync
Line 445: Line 26:
  
  
 
+
=Management UI=
==Management UI==
 
  
 
[[Webmin]]
 
[[Webmin]]
 
 
 
=Raspberry pi=
 
 
* [[Raspbmc - XBMC HTPC]]
 
 
 
 
 
 
=New menu (under construction)=
 
 
This section is under construction...
 

Latest revision as of 21:27, 12 March 2019

Linux is wonderful! However it can be a mess to setup.

These are some how-to and tricks for Linux (Debian / Ubuntu) servers and workstations.


Core features

Server or workstation Server / workstation setup

Raspberry Pi Raspberry Pi XBMC

Multimedia Multimedia


Linux games Linux games

Security

Internet security Internet security

SSH SSH

FW principle Firewall

SSL SSL

VPN VPN

Remote desktop Remote desktop

Radar IDS / IPS

Alarm clock Crontab

Web

Database DB

Web server Web server

Web apps PHP webapps

Continuous integration Continous Integration

Network

Active directory LDAP

Network icon DHCP DNS

File share File-share

Netboot icon Netboot & Thin client

Mail icon Mail server

Infrastructure monitoring Infrastructure monitoring

ELK Log monitoring ELK Log monitoring



Other services

  • NTP time sync
  • Logwatch


Management UI

Webmin