|
|
(24 intermediate revisions by the same user not shown) |
Line 1: |
Line 1: |
| [[Category:Linux]] | | [[Category:Linux]] |
| + | <seo google-site-verification="NS8HNfXeCZBn4FoGJp38gQH7vHkeZC9Qdr_YDMd7MsQ" /> |
| + | |
| Linux is wonderful! However it can be a mess to setup. | | Linux is wonderful! However it can be a mess to setup. |
| | | |
Line 5: |
Line 7: |
| | | |
| | | |
− | | + | {| style="margin: 1em auto 1em auto" |
− | {{col-begin}} | + | |-valign="top" |
− | {{col-break}}
| + | |width="20%"|{{Template:menu core features}} |
− | |<big>Core elements</big>
| + | |width="20%"|{{Template:menu security}} |
− | |- | + | |width="20%"|{{Template:menu web}} |
− | |[[File:Workstation.png|link=#Server / workstation core setup|64px|caption|Server or workstation]] Server / workstation setup
| + | |width="20%"|{{Template:menu network}} |
− | |-
| |
− | {{col-break}}
| |
− | |<big>Security</big>
| |
− | |-
| |
− | |[[File:Internet security.png|link=#Global security|64px|caption|Internet security]] Security: anti-virus / root-kits / Fail2Ban
| |
− | |- | |
− | |[[File:icon ssh.png|link=#SSH|64px|caption|SSH]] Security: SSH
| |
− | |- | |
− | |[[File:Firewall.png|link=#Firewall|64px|caption|FW principle]] Security: firewall
| |
− | |-
| |
− | |[[File:icon ssl.png|link=#SSL|64px|caption|SSL]] Security: SSL
| |
− | |-
| |
− | |[[File:icon vpn.png|link=#VPN|64px|caption|VPN]] Security: VPN
| |
− | |-
| |
− | |[[File:Radar icon.png|link=#Intrusion Detection / Protection|64px|caption|Radar]] Security: IDS / IPS
| |
− | {{col-break}} | |
− | |<big>Web</big> | |
− | |-
| |
− | |[[File:Database.png|link=#DB servers|64px|caption|Database]] DB
| |
− | |
| |
− | |[[File:Web server.png|link=#Web server|64px|caption|Web server]] Web server
| |
− | |-
| |
− | |[[File:Web app icon.png|link=#Web applications|64px|caption|Web apps]] PHP webapps
| |
− | |- | |
− | |[[File:icon_continous integration.png|link=#Continuous Integration applications|64px|caption|Continuous integration]] CI webapps
| |
− | {{col-break}} | |
− | |<big>Network</big> | |
− | |-
| |
− | |[[File:Active-directory.png|link=#User management|64px|caption|Active directory]] LDAP
| |
− | |-
| |
− | |[[File:Network icon.png|link=#DHCP and DNS|64px|caption|Network icon]] DHCP DNS
| |
− | |-
| |
− | |[[File:Icon file share.jpg|link=#File share|64px|caption|File share]] File share technologies
| |
− | |-
| |
− | |[[File:Netboot icon.jpg|link=#NetBoot|64px|caption|Netboot icon]] This section explains how to setup, boot and maintain a netboot image.
| |
− | |-
| |
− | |[[File:Mail icon.png|link=#Mail|64px|caption|Mail icon]] Mail server (SMTP, POP3/IMAP)
| |
− | |-
| |
− | |[[File:Monitoring icon.png|link=#Monitoring|64px|caption|Monitoring]] Monitoring IT components, servers and applications using Zabbix
| |
− | {{col-end}} | |
− | | |
− | | |
− | | |
− | | |
− | -------------
| |
− | | |
− | | |
− | =Server / workstation core setup=
| |
− | | |
− | [[File:Workstation.png|64px|caption|Server or workstation]] How to setup & maintain a Linux server or workstation with basics services.
| |
− | | |
− | | |
− | | |
− | {| class="wikitable"
| |
− | !colspan="6"|Server / Workstation setup
| |
− | |-
| |
− | |rowspan="8"|Installation
| |
− | |[[Partitions setup]]
| |
− | |rowspan="8"|Specifics
| |
− | |[[Prefer IPv4 over IPv6]]
| |
− | |rowspan="8"|Applications
| |
− | |[[Photo]]
| |
− | |-
| |
− | |[[DHCP and network configuration|Network and hostname configuration]]
| |
− | |[[XFCE: screensaver bug fix]]
| |
− | |[[Clean ubuntu]]
| |
− | |-
| |
− | |[[VIM editor]]
| |
− | |[[Drivers]]
| |
− | |-
| |
− | |[[Sources]]
| |
− | |-
| |
− | |[[Create user]]
| |
− | |-
| |
− | |[[Useful programs]]
| |
− | |-
| |
− | |[[Languages]]
| |
− | |-
| |
− | |[[Automatic updates]]
| |
− | |-
| |
| |} | | |} |
| | | |
Line 97: |
Line 19: |
| | | |
| | | |
− | =Security=
| + | =Other services= |
− | | |
− | How to secure your server / workstation ?
| |
− | | |
− | | |
− | ==Global security==
| |
− | | |
− | [[File:Internet security.png|64px|caption|Internet security]] Anti-virus / anti root-kits / Fail2Ban
| |
− | | |
− | | |
− | * [[Anti-virus]]
| |
− | * [[Rootkit cleaner]]
| |
− | * [[Fail2ban]]
| |
− | | |
− | | |
− | | |
− | ==SSH==
| |
− | | |
− | [[File:icon ssh.png|64px|caption|SSH]] SSH
| |
− | | |
− | * [[SSH Client]]
| |
− | | |
− | | |
− | * [[SSH create key|How-to generate SSH key]]
| |
− | | |
− | | |
− | * [[SSH server setup]]
| |
− | * [[SSH server local user|SSH server using local user / password auth.]]
| |
− | * [[SSH server local key|SSH server using key auth.]]
| |
− | * [[SSH server ldap user|SSH server using LDAP user auth.]]
| |
− | * [[SSH server ldap key|SSH server using LDAP key auth.]]
| |
− | | |
− | | |
− | | |
− | ==Firewall==
| |
− | | |
− | [[File:Firewall.png|64px|caption|FW principle]] This section explains HOW to create, maintain and use a firewall with IpTables.
| |
− | | |
− | | |
− | | |
− | {| class="wikitable"
| |
− | !colspan="2"|Firewall
| |
− | |-
| |
− | |rowspan="6"|Basics
| |
− | |[[Firewall principle]]
| |
− | |-
| |
− | |[[Firewall basics]]
| |
− | |-
| |
− | |[[Firewall core (main) protocols]]
| |
− | |-
| |
− | |[[Firewall VPN]]
| |
− | |-
| |
− | |[[Firewall OUTPUT filters]]
| |
− | |-
| |
− | |[[Firewall INPUT filters]]
| |
− | |-
| |
− | |rowspan="2"|Advanced
| |
− | |[[Firewall FORWARD filters| Firewall port forwarding]]
| |
− | |-
| |
− | |[[Firewall source address filtering]]
| |
− | |-
| |
− | |Installation and scripts
| |
− | |[[Firewall installation scripts]]
| |
− | |}
| |
− | | |
− | | |
− | ==SSL==
| |
− | | |
− | [[File:icon ssl.png|64px|caption|SSL]] SSL certificates and chain of trust
| |
− | | |
− | | |
− | [[SSL server]]
| |
− | | |
− | | |
− | | |
− | ==VPN==
| |
− | | |
− | [[File:icon vpn.png|64px|caption|VPN]] Virtual Private Network (VPN)
| |
− | | |
− | | |
− | * [[VPN|VPN introduction]]
| |
− | | |
− | * [[VPN server]]
| |
− | | |
− | * [[VPN client]]
| |
− | | |
− | | |
− | | |
− | ==Intrusion Detection / Protection==
| |
− | | |
− | [[File:Radar icon.png|64px|caption|Radar]] Protection is good, but that's not enough! We need to detect attacks.
| |
− | | |
− | | |
− | * '''IDS = Intrusion Detection System''' : tool that detect attacks.
| |
− | * '''IPS = Intrusion Protection System''' : detect an intrusion attempt and react upon it.
| |
− | | |
− | | |
− | I'm using one of the most famous IDS: "Snort" (https://www.snort.org/).
| |
− | | |
− | * [[Snort IDS installation]]
| |
− | * [[Snort IDS web-UI]]
| |
− | | |
− | | |
− | | |
− | | |
− | =Linux appliances=
| |
− | | |
− | | |
− | ==User management==
| |
− | | |
− | [[File:Active-directory.png|64px|caption|Active directory]] Manage users and groups
| |
− | | |
− | | |
− | * [[LDAP server]]
| |
− | * [[LDAP client]]
| |
− | | |
− | | |
− | | |
− | ==DB servers==
| |
− | | |
− | [[File:Database.png|64px|caption|Database]] Database servers
| |
− | | |
− | | |
− | * [[MySQL server]]
| |
− | * PostgreSQL
| |
− | | |
− | | |
− | | |
− | ==Web==
| |
− | | |
− | | |
− | ===Web server===
| |
− | | |
− | | |
− | [[File:Web server.png|64px|caption|Web server]] How to setup a website, proxy and SSL certificates...
| |
− | | |
− | | |
− | {| class="wikitable"
| |
− | !colspan="2"|Web server
| |
− | |-
| |
− | |rowspan="10"|Apache 2
| |
− | |[[Apache 2|Apache 2 installation]]
| |
− | |-
| |
− | |[[Apache 2 HTTP virtual host]]
| |
− | |-
| |
− | |[[Apache 2 HTTPS virtual host]]
| |
− | |-
| |
− | |[[Apache 2 - SSL certificates page]]
| |
− | |-
| |
− | |[[Apache 2 - Redirection (mod rewrite)]]
| |
− | |-
| |
− | |[[Apache 2 - proxy]]
| |
− | |-
| |
− | |[[Apache 2 - Custom error page]]
| |
− | |-
| |
− | |[[Apache 2 - Performances]]
| |
− | |-
| |
− | |[[Apache 2 - Security]]
| |
− | |-
| |
− | |[[Apache 2 - LDAP access]]
| |
− | |-
| |
− | |Cherokee
| |
− | |[[Cherokee web server]]
| |
− | |-
| |
− | |}
| |
− | | |
− | | |
− | ===Web applications===
| |
− | | |
− | [[File:Web app icon.png|64px|caption|Web apps]]
| |
− | | |
− | | |
− | | |
− | {| class="wikitable"
| |
− | !colspan="1"|Web applications
| |
− | |-
| |
− | |[[Web app PhpMyAdmin]]
| |
− | |-
| |
− | |[[Web app PhpLdapAdmin]]
| |
− | |-
| |
− | |[[Apache 2 - Security#PHP5 security|Web app PhpSecInfo]]
| |
− | |-
| |
− | |}
| |
− | | |
− | | |
− | | |
− | ===Continuous Integration applications===
| |
− | | |
− | [[File:icon_continous integration.png|64px|caption|Continuous integration]] C.I - Continuous integration
| |
− | | |
− | | |
− | {| class="wikitable"
| |
− | !colspan="1"|CI applications
| |
− | |-
| |
− | |[[Jenkins]]
| |
− | |-
| |
− | |[[Sonar]]
| |
− | |-
| |
− | |[[SVN server]]
| |
− | |-
| |
− | |}
| |
− | | |
− | | |
− | | |
− | ==Network==
| |
− | | |
− | ===DHCP and DNS===
| |
− | | |
− | [[File:Network icon.png|64px|caption|Network icon]] DHCP and DNS servers
| |
− | | |
− | | |
− | {| class="wikitable"
| |
− | !colspan="2"|Network
| |
− | |-
| |
− | |rowspan="3"|DHCP server
| |
− | |[[DHCP server installation]]
| |
− | |-
| |
− | |[[DHCP dynamic IP assignation]]
| |
− | |-
| |
− | |[[DHCP static IP assignation]]
| |
− | |-
| |
− | |rowspan="2"|DNS
| |
− | |[[DNS server]]
| |
− | |-
| |
− | |[[DNS server split]]
| |
− | |-
| |
− | |}
| |
− | | |
− | | |
− | | |
− | ===File share===
| |
− | | |
− | [[File:Icon file share.jpg|64px|caption|File share]] File share technologies
| |
− | | |
− | * [[Samba server]]
| |
− | * [[NFS server]]
| |
− | * Webdav
| |
− | | |
− | | |
− | | |
− | ===NetBoot===
| |
− | | |
− | | |
− | [[File:Netboot icon.jpg|64px|caption|Netboot icon]] This section explains how to setup, boot and maintain a netboot image.
| |
− | | |
− | | |
− | Requirements:
| |
− | | |
− | * [[DNS server]]
| |
− | * [[DHCP server]]
| |
− | | |
− | | |
− | NetBoot and "Thin client" (diskless clinets) principle:
| |
− | | |
− | * [[NetBoot server principle]]
| |
− | * [[NetBoot target configuration]]
| |
− | | |
− | | |
− | NetBoot services setup:
| |
− | | |
− | * [[TFTP server]]
| |
− | * [[DHCP netboot configuration]]
| |
− | * [[TFTP server manage netboot kernels]]
| |
− | * [[NFS server]]
| |
− | | |
− | | |
− | NFS image setup:
| |
− | | |
− | * [[NFS image creation]]
| |
− | * [[NFS image configuration]]
| |
− | | |
− |
| |
− | Register NFS image to TFTP:
| |
− | | |
− | * [[TFTP server PXE configuration]]
| |
− | * [[PXE interactive menu - multi level | TFTP server PXE advanced menu]]
| |
− | | |
− | | |
− | | |
− | Alternate Netboot scenario: 'Linux installation': [[NetBoot server | network Linux installation]]
| |
− | | |
− | | |
− | | |
− | | |
− | | |
− | ===Mail===
| |
− | | |
− | [[File:Mail icon.png|64px|caption|Mail icon]] Mail server (SMTP, POP3/IMAP)
| |
− | | |
− | | |
− | [[Email relay]]
| |
− | | |
− | [[Email server setup]]
| |
− | | |
− | | |
− | | |
− | ===Monitoring===
| |
− | | |
− | | |
− | [[File:Monitoring icon.png|64px|caption|Monitoring]] Monitoring IT components, servers and applications using Zabbix
| |
− | | |
− | | |
− | | |
− | {| class="wikitable"
| |
− | !colspan="2"|Monitoring
| |
− | |-
| |
− | |rowspan="6"|Zabbix server
| |
− | |[[Zabbix server setup]]
| |
− | |-
| |
− | |[[Zabbix server configuration]]
| |
− | |-
| |
− | |[[Zabbix server hosts management]]
| |
− | |-
| |
− | |[[Zabbix server template management]] = create and manage template
| |
− | |-
| |
− | |[[Zabbix server create new application, items, triggers and actions]]
| |
− | |-
| |
− | |Zabbix server dashboard
| |
− | |-
| |
− | |rowspan="1"|Zabbix agent setup
| |
− | |[[Zabbix agent setup]]
| |
− | |-
| |
− | |}
| |
− | | |
− | | |
− | Note:
| |
− | | |
− | I'm using Zabbix v2.2. All the following information are just a practical summary of the Zabbix official documentation applied to my use-case.
| |
− | | |
− | | |
− | | |
− | Alternative to zabbix, the old good fashion [[SNMP client]] !
| |
− | | |
− | | |
− | | |
− | ==Other services==
| |
| | | |
| * NTP time sync | | * NTP time sync |
Line 439: |
Line 26: |
| | | |
| | | |
− | | + | =Management UI= |
− | ==Management UI==
| |
| | | |
| [[Webmin]] | | [[Webmin]] |
− |
| |
− |
| |
− |
| |
− | =Raspberry pi=
| |
− |
| |
− | * [[Raspbmc - XBMC HTPC]]
| |
− |
| |
− |
| |
− |
| |
− |
| |
− |
| |
− | =New menu (under construction)=
| |
− |
| |
− | This section is under construction...
| |