Difference between revisions of "Linux"
| Line 5: | Line 5: | ||
| − | {{ | + | {{col-begin}} |
| − | {{ | + | {{col-break}} |
| + | |<big>Core elements</big> | ||
| + | |- | ||
| + | |[[File:Workstation.png|link=#Server / workstation core setup|64px|caption|Server or workstation]] Server / workstation setup | ||
| + | |- | ||
| + | {{col-break}} | ||
| + | |<big>Security</big> | ||
| + | |- | ||
| + | |[[File:Internet security.png|link=#Global security|64px|caption|Internet security]] Security: anti-virus / root-kits / Fail2Ban | ||
| + | |- | ||
| + | |[[File:icon ssh.png|link=#SSH|64px|caption|SSH]] Security: SSH | ||
| + | |- | ||
| + | |[[File:Firewall.png|link=#Firewall|64px|caption|FW principle]] Security: firewall | ||
| + | |- | ||
| + | |[[File:icon ssl.png|link=#SSL|64px|caption|SSL]] Security: SSL | ||
| + | |- | ||
| + | |[[File:icon vpn.png|link=#VPN|64px|caption|VPN]] Security: VPN | ||
| + | |- | ||
| + | |[[File:Radar icon.png|link=#Intrusion Detection / Protection|64px|caption|Radar]] Security: IDS / IPS | ||
| + | {{col-break}} | ||
| + | |<big>Web</big> | ||
| + | |- | ||
| + | |[[File:Database.png|link=#DB servers|64px|caption|Database]] DB | ||
| + | | | ||
| + | |[[File:Web server.png|link=#Web server|64px|caption|Web server]] Web server | ||
| + | |- | ||
| + | |[[File:Web app icon.png|link=#Web applications|64px|caption|Web apps]] PHP webapps | ||
| + | |- | ||
| + | |[[File:icon_continous integration.png|link=#Continuous Integration applications|64px|caption|Continuous integration]] CI webapps | ||
| + | {{col-break}} | ||
| + | |<big>Network</big> | ||
| + | |- | ||
| + | |[[File:Active-directory.png|link=#User management|64px|caption|Active directory]] LDAP | ||
| + | |- | ||
| + | |[[File:Network icon.png|link=#DHCP and DNS|64px|caption|Network icon]] DHCP DNS | ||
| + | |- | ||
| + | |[[File:Icon file share.jpg|link=#File share|64px|caption|File share]] File share technologies | ||
| + | |- | ||
| + | |[[File:Netboot icon.jpg|link=#NetBoot|64px|caption|Netboot icon]] This section explains how to setup, boot and maintain a netboot image. | ||
| + | |- | ||
| + | |[[File:Mail icon.png|link=#Mail|64px|caption|Mail icon]] Mail server (SMTP, POP3/IMAP) | ||
| + | |- | ||
| + | |[[File:Monitoring icon.png|link=#Monitoring|64px|caption|Monitoring]] Monitoring IT components, servers and applications using Zabbix | ||
| + | {{col-end}} | ||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
Revision as of 17:11, 21 August 2014
Linux is wonderful! However it can be a mess to setup.
These are some how-to and tricks for Linux (Debian / Ubuntu) servers and workstations.
Template:Col-begin
Template:Col-break
|Core elements
|-
|
Server / workstation setup
|-
Template:Col-break
|Security
|-
|
Security: anti-virus / root-kits / Fail2Ban
|-
|
Security: SSH
|-
|
Security: firewall
|-
|
Security: SSL
|-
|
Security: VPN
|-
|
Security: IDS / IPS
Template:Col-break
|Web
|-
|
DB
|
|
Web server
|-
|
PHP webapps
|-
|
CI webapps
Template:Col-break
|Network
|-
|
LDAP
|-
|
DHCP DNS
|-
|
File share technologies
|-
|
This section explains how to setup, boot and maintain a netboot image.
|-
|
Mail server (SMTP, POP3/IMAP)
|-
|
Monitoring IT components, servers and applications using Zabbix
Template:Col-end
Contents
Server / workstation core setup
How to setup & maintain a Linux server or workstation with basics services.
| Server / Workstation setup | |||||
|---|---|---|---|---|---|
| Installation | Partitions setup | Specifics | Prefer IPv4 over IPv6 | Applications | Photo |
| Network and hostname configuration | XFCE: screensaver bug fix | Clean ubuntu | |||
| VIM editor | Drivers | ||||
| Sources | |||||
| Create user | |||||
| Useful programs | |||||
| Languages | |||||
| Automatic updates | |||||
Security
How to secure your server / workstation ?
Global security
Anti-virus / anti root-kits / Fail2Ban
SSH
SSH
- SSH server setup
- SSH server using local user / password auth.
- SSH server using key auth.
- SSH server using LDAP user auth.
- SSH server using LDAP key auth.
Firewall
This section explains HOW to create, maintain and use a firewall with IpTables.
| Firewall | |
|---|---|
| Basics | Firewall principle |
| Firewall basics | |
| Firewall core (main) protocols | |
| Firewall VPN | |
| Firewall OUTPUT filters | |
| Firewall INPUT filters | |
| Advanced | Firewall port forwarding |
| Firewall source address filtering | |
| Installation and scripts | Firewall installation scripts |
SSL
SSL certificates and chain of trust
VPN
Virtual Private Network (VPN)
Intrusion Detection / Protection
Protection is good, but that's not enough! We need to detect attacks.
- IDS = Intrusion Detection System : tool that detect attacks.
- IPS = Intrusion Protection System : detect an intrusion attempt and react upon it.
I'm using one of the most famous IDS: "Snort" (https://www.snort.org/).
Linux appliances
User management
Manage users and groups
DB servers
Database servers
- MySQL server
- PostgreSQL
Web
Web server
How to setup a website, proxy and SSL certificates...
Web applications
| Web applications |
|---|
| Web app PhpMyAdmin |
| Web app PhpLdapAdmin |
| Web app PhpSecInfo |
Continuous Integration applications
C.I - Continuous integration
| CI applications |
|---|
| Jenkins |
| Sonar |
| SVN server |
Network
DHCP and DNS
DHCP and DNS servers
| Network | |
|---|---|
| DHCP server | DHCP server installation |
| DHCP dynamic IP assignation | |
| DHCP static IP assignation | |
| DNS | DNS server |
| DNS server split | |
File share technologies
- Samba server
- NFS server
- Webdav
NetBoot
This section explains how to setup, boot and maintain a netboot image.
Requirements:
NetBoot and "Thin client" (diskless clinets) principle:
NetBoot services setup:
NFS image setup:
Register NFS image to TFTP:
Alternate Netboot scenario: 'Linux installation': network Linux installation
Mail server (SMTP, POP3/IMAP)
Monitoring
Monitoring IT components, servers and applications using Zabbix
| Monitoring | |
|---|---|
| Zabbix server | Zabbix server setup |
| Zabbix server configuration | |
| Zabbix server hosts management | |
| Zabbix server template management = create and manage template | |
| Zabbix server create new application, items, triggers and actions | |
| Zabbix server dashboard | |
| Zabbix agent setup | Zabbix agent setup |
Note:
I'm using Zabbix v2.2. All the following information are just a practical summary of the Zabbix official documentation applied to my use-case.
Alternative to zabbix, the old good fashion SNMP client !
Other services
- NTP time sync
- Logwatch
Management UI
Raspberry pi
This section is under construction...
