Difference between revisions of "Linux"
Line 139: | Line 139: | ||
+ | I'm using one of the most famous IDS: "Snort" (https://www.snort.org/). | ||
− | + | * [[Snort IDS installation]] | |
− | + | * [[Snort IDS web-UI]] | |
− | |||
− | |||
− | |||
− | |||
Revision as of 14:42, 9 August 2014
Linux is wonderful! However it can be a mess to setup.
These are some how-to and tricks for Linux (Debian / Ubuntu) servers and workstations.
Contents
Server / workstation core setup
How to setup & maintain a Linux server or workstation with basics services.
Server / Workstation setup | |||||
---|---|---|---|---|---|
Installation | Partitions setup | Specifics | Prefer IPv4 over IPv6 | Applications | Photo |
Network and hostname configuration | XFCE: screensaver bug fix | Clean ubuntu | |||
VIM editor | Drivers | ||||
Sources | |||||
Create user | |||||
Useful programs | |||||
Languages | |||||
Automatic updates |
Security
Services security
How to secure your server / workstation ?
Security | ||
---|---|---|
Basic | SSH | SSH Client |
How-to generate SSH key | ||
SSH server setup | ||
SSH server using local user / password auth. | ||
SSH server using key auth. | ||
SSH server using LDAP user auth. | ||
SSH server using LDAP key auth. | ||
Local prevention | Anti-virus | |
Rootkit cleaner | ||
Advanced | VPN | VPN introduction |
VPN server | ||
VPN client | ||
Other | Fail2ban | |
SSL server |
Firewall
This section explains HOW to create, maintain and use a firewall with IpTables.
Firewall | |
---|---|
Basics | Firewall principle |
Firewall basics | |
Firewall core (main) protocols | |
Firewall VPN | |
Firewall OUTPUT filters | |
Firewall INPUT filters | |
Advanced | Firewall port forwarding |
Firewall source address filtering | |
Installation and scripts | Firewall installation scripts |
Advanced security
Protection is good, but that's not enough! We need to detect attacks.
- IDS = Intrusion Detection System : tool that detect attacks. Most of them are Open-Source and free of use (non-commercial)
- IPS = Intrusion Protection System : detect an intrusion attempt and react upon it. These are usually commercial tools.
I'm using one of the most famous IDS: "Snort" (https://www.snort.org/).
Linux server services
User management
DB servers
- MySQL server
- PostgreSQL
Web
How to setup a website, proxy and SSL certificates...
Web applications |
---|
Web app PhpMyAdmin |
Web app PhpLdapAdmin |
Web app PhpSecInfo |
Jenkins |
Sonar |
SVN server |
Network
Network | |
---|---|
DHCP server | DHCP server installation |
DHCP dynamic IP assignation | |
DHCP static IP assignation | |
DHCP netboot configuration | |
Other | DNS server |
- FTP server
Web server configuration
- Samba server
- Webdav
Network
This section explains HOW to create, maintain and use a firewall with IpTables.
- 0. NetBoot server principle
- 1. NetBoot server setup - network Linux installation
- 2. NetBoot server setup - diskless clients
- 3. Diskless client setup
- 4. PXE menu
- Monitoring : IT components, servers and applications
Other services
- NTP time sync
- Logwatch
- Mail server
Management UI
Raspberry pi
This section is under construction...