|
|
(41 intermediate revisions by the same user not shown) |
Line 1: |
Line 1: |
| [[Category:Linux]] | | [[Category:Linux]] |
| + | <seo google-site-verification="NS8HNfXeCZBn4FoGJp38gQH7vHkeZC9Qdr_YDMd7MsQ" /> |
| + | |
| Linux is wonderful! However it can be a mess to setup. | | Linux is wonderful! However it can be a mess to setup. |
| | | |
Line 5: |
Line 7: |
| | | |
| | | |
− | | + | {| style="margin: 1em auto 1em auto" |
− | =Server / workstation core setup=
| + | |-valign="top" |
− | | + | |width="20%"|{{Template:menu core features}} |
− | [[File:Workstation.png|64px|caption|Server or workstation]] How to setup & maintain a Linux server or workstation with basics services.
| + | |width="20%"|{{Template:menu security}} |
− | | + | |width="20%"|{{Template:menu web}} |
− | | + | |width="20%"|{{Template:menu network}} |
− | | |
− | {| class="wikitable" | |
− | !colspan="6"|Server / Workstation setup
| |
− | |- | |
− | |rowspan="8"|Installation
| |
− | |[[Partitions setup]]
| |
− | |rowspan="8"|Specifics
| |
− | |[[Prefer IPv4 over IPv6]] | |
− | |rowspan="8"|Applications
| |
− | |[[Photo]]
| |
− | |-
| |
− | |[[DHCP and network configuration|Network and hostname configuration]]
| |
− | |[[XFCE: screensaver bug fix]]
| |
− | |[[Clean ubuntu]]
| |
− | |-
| |
− | |[[VIM editor]]
| |
− | |[[Drivers]]
| |
− | |-
| |
− | |[[Sources]]
| |
− | |-
| |
− | |[[Create user]]
| |
− | |-
| |
− | |[[Useful programs]]
| |
− | |-
| |
− | |[[Languages]]
| |
− | |-
| |
− | |[[Automatic updates]]
| |
− | |-
| |
− | |}
| |
− | | |
− | | |
− | | |
− | | |
− | | |
− | =Security=
| |
− | | |
− | How to secure your server / workstation ?
| |
− | | |
− | | |
− | ==Global security==
| |
− | | |
− | [[File:Internet security.png|64px|caption|Internet security]] Anti-virus / anti root-kits / Fail2Ban
| |
− | | |
− | | |
− | * [[Anti-virus]]
| |
− | * [[Rootkit cleaner]]
| |
− | * [[Fail2ban]]
| |
− | | |
− | | |
− | | |
− | ==SSH==
| |
− | | |
− | [[File:icon ssh.png|64px|caption|SSH]] SSH
| |
− | | |
− | * [[SSH Client]]
| |
− | | |
− | | |
− | * [[SSH create key|How-to generate SSH key]]
| |
− | | |
− | | |
− | * [[SSH server setup]]
| |
− | * [[SSH server local user|SSH server using local user / password auth.]]
| |
− | * [[SSH server local key|SSH server using key auth.]]
| |
− | * [[SSH server ldap user|SSH server using LDAP user auth.]]
| |
− | * [[SSH server ldap key|SSH server using LDAP key auth.]]
| |
− | | |
− | | |
− | | |
− | ==Firewall==
| |
− | | |
− | [[File:Firewall.png|64px|caption|FW principle]] This section explains HOW to create, maintain and use a firewall with IpTables.
| |
− | | |
− | | |
− | | |
− | {| class="wikitable"
| |
− | !colspan="2"|Firewall
| |
− | |-
| |
− | |rowspan="6"|Basics
| |
− | |[[Firewall principle]]
| |
− | |-
| |
− | |[[Firewall basics]]
| |
− | |-
| |
− | |[[Firewall core (main) protocols]]
| |
− | |-
| |
− | |[[Firewall VPN]]
| |
− | |-
| |
− | |[[Firewall OUTPUT filters]]
| |
− | |-
| |
− | |[[Firewall INPUT filters]]
| |
− | |-
| |
− | |rowspan="2"|Advanced
| |
− | |[[Firewall FORWARD filters| Firewall port forwarding]]
| |
− | |-
| |
− | |[[Firewall source address filtering]]
| |
− | |-
| |
− | |Installation and scripts
| |
− | |[[Firewall installation scripts]]
| |
− | |}
| |
− | | |
− | | |
− | ==SSL==
| |
− | | |
− | [[File:icon ssl.png|64px|caption|SSL]] SSL certificates and chain of trust
| |
− | | |
− | | |
− | [[SSL server]]
| |
− | | |
− | | |
− | | |
− | ==VPN==
| |
− | | |
− | [[File:icon vpn.png|64px|caption|VPN]] Virtual Private Network (VPN)
| |
− | | |
− | | |
− | * [[VPN|VPN introduction]]
| |
− | | |
− | * [[VPN server]]
| |
− | | |
− | * [[VPN client]]
| |
− | | |
− | | |
− | | |
− | ==Advanced security==
| |
− | | |
− | [[File:Radar icon.png|64px|caption|Radar]] Protection is good, but that's not enough! We need to detect attacks.
| |
− | | |
− | | |
− | * '''IDS = Intrusion Detection System''' : tool that detect attacks.
| |
− | * '''IPS = Intrusion Protection System''' : detect an intrusion attempt and react upon it.
| |
− | | |
− | | |
− | I'm using one of the most famous IDS: "Snort" (https://www.snort.org/).
| |
− | | |
− | * [[Snort IDS installation]]
| |
− | * [[Snort IDS web-UI]]
| |
− | | |
− | | |
− | | |
− | | |
− | =Linux server services=
| |
− | | |
− | | |
− | ==User management==
| |
− | | |
− | [[File:Active-directory.png|64px|caption|Active directory]] Manage users and groups
| |
− | | |
− | | |
− | * [[LDAP server]]
| |
− | * [[LDAP client]]
| |
− | | |
− | | |
− | | |
− | ==DB servers==
| |
− | | |
− | [[File:Database.png|64px|caption|Database]] Database servers
| |
− | | |
− | | |
− | * [[MySQL server]]
| |
− | * PostgreSQL
| |
− | | |
− | | |
− | | |
− | ==Web==
| |
− | | |
− | | |
− | ===Web server===
| |
− | | |
− | | |
− | [[File:Web server.png|64px|caption|Web server]] How to setup a website, proxy and SSL certificates...
| |
− | | |
− | | |
− | {| class="wikitable"
| |
− | !colspan="2"|Web server
| |
− | |-
| |
− | |rowspan="10"|Apache 2
| |
− | |[[Apache 2|Apache 2 installation]]
| |
− | |-
| |
− | |[[Apache 2 HTTP virtual host]]
| |
− | |-
| |
− | |[[Apache 2 HTTPS virtual host]]
| |
− | |-
| |
− | |[[Apache 2 - SSL certificates page]]
| |
− | |-
| |
− | |[[Apache 2 - Redirection (mod rewrite)]]
| |
− | |-
| |
− | |[[Apache 2 - proxy]]
| |
− | |-
| |
− | |[[Apache 2 - Custom error page]]
| |
− | |-
| |
− | |[[Apache 2 - Performances]]
| |
− | |-
| |
− | |[[Apache 2 - Security]]
| |
− | |-
| |
− | |[[Apache 2 - LDAP access]]
| |
− | |-
| |
− | |Cherokee
| |
− | |[[Cherokee web server]]
| |
− | |-
| |
− | |}
| |
− | | |
− | | |
− | ===Web applications===
| |
− | | |
− | [[File:Web app icon.png|64px|caption|Web apps]]
| |
− | | |
− | | |
− | | |
− | {| class="wikitable"
| |
− | !colspan="1"|Web applications
| |
− | |-
| |
− | |[[Web app PhpMyAdmin]]
| |
− | |-
| |
− | |[[Web app PhpLdapAdmin]]
| |
− | |-
| |
− | |[[Apache 2 - Security#PHP5 security|Web app PhpSecInfo]]
| |
− | |-
| |
− | |[[Jenkins]]
| |
− | |-
| |
− | |[[Sonar]]
| |
− | |-
| |
− | |[[SVN server]]
| |
− | |}
| |
− | | |
− | | |
− | | |
− | ==Network==
| |
− | | |
− | [[File:Network icon.png|64px|caption|Network icon]] DHCP and DNS servers
| |
− | | |
− | | |
− | {| class="wikitable" | |
− | !colspan="2"|Network
| |
− | |-
| |
− | |rowspan="3"|DHCP server
| |
− | |[[DHCP server installation]]
| |
− | |-
| |
− | |[[DHCP dynamic IP assignation]]
| |
− | |-
| |
− | |[[DHCP static IP assignation]]
| |
− | |-
| |
− | |rowspan="2"|DNS
| |
− | |[[DNS server]]
| |
− | |-
| |
− | |[[DNS server split]]
| |
− | |-
| |
− | |}
| |
− | | |
− | | |
− | | |
− | | |
− | ==Mail==
| |
− | | |
− | [[File:Mail icon.png|64px|caption|Mail icon]] Mail server (SMTP, POP3/IMAP)
| |
− | | |
− | | |
− | [[Email relay]]
| |
− | | |
− | [[Email server setup]]
| |
− | | |
− | | |
− | | |
− | * FTP server
| |
− | | |
− | | |
− | Web server configuration
| |
− | | |
− | | |
− | | |
− | * [[Tomcat]]
| |
− | | |
− | | |
− | ==File share==
| |
− | | |
− | * [[Samba server]]
| |
− | * [[NFS server]]
| |
− | * Webdav
| |
− | | |
− | | |
− | ==NetBoot==
| |
− | | |
− | | |
− | [[File:Netboot icon.jpg|64px|caption|Netboot icon]] This section explains how to setup, boot and maintain a netboot image.
| |
− | | |
− | | |
− | Requirements:
| |
− | | |
− | * [[DNS server]]
| |
− | * [[DHCP server]]
| |
− | | |
− | NetBoot and "Thin client" (diskless clinets) principle:
| |
− | | |
− | * [[NetBoot server principle]]
| |
− | *
| |
− | | |
− | NetBoot services setup:
| |
− | | |
− | * [[TFTP server]]
| |
− | * [[DHCP netboot configuration]]
| |
− | * [[TFTP server manage netboot kernels]]
| |
− | * [[NFS server]]
| |
− | | |
− | * [[TFTP server PXE configuration]]
| |
− | * [[PXE interactive menu - multi level | TFTP server PXE advanced menu]]
| |
− | | |
− | | |
− | | |
− | * [[SNMP client]]
| |
− | | |
− | | |
− | | |
− | NetBoot setup:
| |
− | * 0. [[NetBoot server principle]]
| |
− | * 1. [[NetBoot server | NetBoot server setup - network Linux installation]]
| |
− | * 2. [[Diskless netboot|NetBoot server setup - diskless clients]]
| |
− | * 3. Diskless client setup
| |
− | *** [[Diskless image configuration - manual setup]]
| |
− | *** [[Diskless image configuration - script setup]]
| |
− | * 4. PXE menu
| |
− | *** [[PXE interactive menu - single level]]
| |
− | *** [[PXE interactive menu - multi level]]
| |
− | | |
− | | |
− | | |
− | ==Monitoring==
| |
− | | |
− | | |
− | [[File:Monitoring icon.png|64px|caption|Monitoring]] Monitoring IT components, servers and applications using Zabbix
| |
− | | |
− | | |
− | | |
− | {| class="wikitable"
| |
− | !colspan="2"|Monitoring
| |
− | |-
| |
− | |rowspan="6"|Zabbix server
| |
− | |[[Zabbix server setup]]
| |
− | |-
| |
− | |[[Zabbix server configuration]]
| |
− | |-
| |
− | |[[Zabbix server hosts management]]
| |
− | |-
| |
− | |[[Zabbix server template management]] = create and manage template
| |
− | |-
| |
− | |[[Zabbix server create new application, items, triggers and actions]]
| |
− | |-
| |
− | |Zabbix server dashboard
| |
− | |-
| |
− | |rowspan="1"|Zabbix agent setup
| |
− | |[[Zabbix agent setup]]
| |
− | |-
| |
| |} | | |} |
| | | |
| | | |
− | Note:
| |
| | | |
− | I'm using Zabbix v2.2. All the following information are just a practical summary of the Zabbix official documentation applied to my use-case.
| |
| | | |
| | | |
− | | + | =Other services= |
− | | |
− | | |
− | ==Other services==
| |
| | | |
| * NTP time sync | | * NTP time sync |
| * Logwatch | | * Logwatch |
− | * Mail server
| |
| | | |
| | | |
| | | |
− | ==Management UI==
| + | =Management UI= |
| | | |
| [[Webmin]] | | [[Webmin]] |
− |
| |
− | =Raspberry pi=
| |
− |
| |
− | * [[Raspbmc - XBMC HTPC]]
| |
− |
| |
− |
| |
− |
| |
− |
| |
− |
| |
− | =New menu (under construction)=
| |
− |
| |
− | This section is under construction...
| |