Difference between revisions of "Linux"

 
(41 intermediate revisions by the same user not shown)
Line 1: Line 1:
 
[[Category:Linux]]
 
[[Category:Linux]]
 +
<seo google-site-verification="NS8HNfXeCZBn4FoGJp38gQH7vHkeZC9Qdr_YDMd7MsQ" />
 +
 
Linux is wonderful! However it can be a mess to setup.  
 
Linux is wonderful! However it can be a mess to setup.  
  
Line 5: Line 7:
  
  
 
+
{| style="margin: 1em auto 1em auto"
=Server / workstation core setup=
+
|-valign="top"
 
+
|width="20%"|{{Template:menu core features}}
[[File:Workstation.png|64px|caption|Server or workstation]] How to setup & maintain a Linux server or workstation with basics services.
+
|width="20%"|{{Template:menu security}}
 
+
|width="20%"|{{Template:menu web}}
 
+
|width="20%"|{{Template:menu network}}
 
 
{| class="wikitable"
 
!colspan="6"|Server / Workstation setup
 
|-
 
|rowspan="8"|Installation
 
|[[Partitions setup]]                       
 
|rowspan="8"|Specifics
 
|[[Prefer IPv4 over IPv6]]
 
|rowspan="8"|Applications
 
|[[Photo]]
 
|-
 
|[[DHCP and network configuration|Network and hostname configuration]]
 
|[[XFCE: screensaver bug fix]]
 
|[[Clean ubuntu]]
 
|-
 
|[[VIM editor]]
 
|[[Drivers]]
 
|-
 
|[[Sources]]
 
|-
 
|[[Create user]]
 
|-
 
|[[Useful programs]]
 
|-
 
|[[Languages]]
 
|-
 
|[[Automatic updates]]
 
|-
 
|}
 
 
 
 
 
 
 
 
 
 
 
=Security=
 
 
 
How to secure your server / workstation ?
 
 
 
 
 
==Global security==
 
 
 
[[File:Internet security.png|64px|caption|Internet security]] Anti-virus / anti root-kits / Fail2Ban
 
 
 
 
 
* [[Anti-virus]]
 
* [[Rootkit cleaner]]
 
* [[Fail2ban]]
 
 
 
 
 
 
 
==SSH==
 
 
 
[[File:icon ssh.png|64px|caption|SSH]] SSH
 
 
 
* [[SSH Client]]
 
 
 
 
 
* [[SSH create key|How-to generate SSH key]]
 
 
 
 
 
* [[SSH server setup]]
 
* [[SSH server local user|SSH server using local user / password auth.]]
 
* [[SSH server local key|SSH server using key auth.]]
 
* [[SSH server ldap user|SSH server using LDAP user auth.]]
 
* [[SSH server ldap key|SSH server using LDAP key auth.]]
 
 
 
 
 
 
 
==Firewall==
 
 
 
[[File:Firewall.png|64px|caption|FW principle]] This section explains HOW to create, maintain and use a firewall with IpTables.
 
 
 
 
 
 
 
{| class="wikitable"
 
!colspan="2"|Firewall
 
|-
 
|rowspan="6"|Basics
 
|[[Firewall principle]]
 
|-
 
|[[Firewall basics]]
 
|-
 
|[[Firewall core (main) protocols]]
 
|-
 
|[[Firewall VPN]]
 
|-
 
|[[Firewall OUTPUT filters]]
 
|-
 
|[[Firewall INPUT filters]]
 
|-
 
|rowspan="2"|Advanced
 
|[[Firewall FORWARD filters| Firewall port forwarding]]
 
|-
 
|[[Firewall source address filtering]]
 
|-
 
|Installation and scripts
 
|[[Firewall installation scripts]]
 
|}
 
 
 
 
 
==SSL==
 
 
 
[[File:icon ssl.png|64px|caption|SSL]] SSL certificates and chain of trust
 
 
 
 
 
[[SSL server]]
 
 
 
 
 
 
 
==VPN==
 
 
 
[[File:icon vpn.png|64px|caption|VPN]] Virtual Private Network (VPN)
 
 
 
 
 
* [[VPN|VPN introduction]]
 
 
 
* [[VPN server]]
 
 
 
* [[VPN client]]
 
 
 
 
 
 
 
==Advanced security==
 
 
 
[[File:Radar icon.png|64px|caption|Radar]] Protection is good, but that's not enough! We need to detect attacks.
 
 
 
 
 
* '''IDS = Intrusion Detection System''' : tool that detect attacks.
 
* '''IPS = Intrusion Protection System''' : detect an intrusion attempt and react upon it.
 
 
 
 
 
I'm using one of the most famous IDS: "Snort" (https://www.snort.org/).
 
 
 
* [[Snort IDS installation]]
 
* [[Snort IDS web-UI]]
 
 
 
 
 
 
 
 
 
=Linux server services=
 
 
 
 
 
==User management==
 
 
 
[[File:Active-directory.png|64px|caption|Active directory]] Manage users and groups
 
 
 
 
 
* [[LDAP server]]
 
* [[LDAP client]]
 
 
 
 
 
 
 
==DB servers==
 
 
 
[[File:Database.png|64px|caption|Database]] Database servers
 
 
 
 
 
* [[MySQL server]]
 
* PostgreSQL
 
 
 
 
 
 
 
==Web==
 
 
 
 
 
===Web server===
 
 
 
 
 
[[File:Web server.png|64px|caption|Web server]] How to setup a website, proxy and SSL certificates...
 
 
 
 
 
{| class="wikitable"
 
!colspan="2"|Web server
 
|-
 
|rowspan="10"|Apache 2
 
|[[Apache 2|Apache 2 installation]]
 
|-
 
|[[Apache 2 HTTP virtual host]]
 
|-
 
|[[Apache 2 HTTPS virtual host]]
 
|-
 
|[[Apache 2 - SSL certificates page]]
 
|-
 
|[[Apache 2 - Redirection (mod rewrite)]]
 
|-
 
|[[Apache 2 - proxy]]
 
|-
 
|[[Apache 2 - Custom error page]]
 
|-
 
|[[Apache 2 - Performances]]
 
|-
 
|[[Apache 2 - Security]]
 
|-
 
|[[Apache 2 - LDAP access]]
 
|-
 
|Cherokee
 
|[[Cherokee web server]]
 
|-
 
|}
 
 
 
 
 
===Web applications===
 
 
 
[[File:Web app icon.png|64px|caption|Web apps]]
 
 
 
 
 
 
 
{| class="wikitable"
 
!colspan="1"|Web applications
 
|-
 
|[[Web app PhpMyAdmin]]
 
|-
 
|[[Web app PhpLdapAdmin]]
 
|-
 
|[[Apache 2 - Security#PHP5 security|Web app PhpSecInfo]]
 
|-
 
|[[Jenkins]]
 
|-
 
|[[Sonar]]
 
|-
 
|[[SVN server]]
 
|}
 
 
 
 
 
 
 
==Network==
 
 
 
[[File:Network icon.png|64px|caption|Network icon]] DHCP and DNS servers
 
 
 
 
 
{| class="wikitable"
 
!colspan="2"|Network
 
|-
 
|rowspan="3"|DHCP server
 
|[[DHCP server installation]]
 
|-
 
|[[DHCP dynamic IP assignation]]
 
|-
 
|[[DHCP static IP assignation]]
 
|-
 
|rowspan="2"|DNS
 
|[[DNS server]]
 
|-
 
|[[DNS server split]]
 
|-
 
|}
 
 
 
 
 
 
 
 
 
==Mail==
 
 
 
[[File:Mail icon.png|64px|caption|Mail icon]] Mail server (SMTP, POP3/IMAP)
 
 
 
 
 
[[Email relay]]
 
 
 
[[Email server setup]]
 
 
 
 
 
 
 
* FTP server
 
 
 
 
 
Web server configuration
 
 
 
 
 
 
 
* [[Tomcat]]
 
 
 
 
 
==File share==
 
 
 
* [[Samba server]]
 
* [[NFS server]]
 
* Webdav
 
 
 
 
 
==NetBoot==
 
 
 
 
 
[[File:Netboot icon.jpg|64px|caption|Netboot icon]] This section explains how to setup, boot and maintain a netboot image.
 
 
 
 
 
Requirements:
 
 
 
* [[DNS server]]
 
* [[DHCP server]]
 
 
 
NetBoot and "Thin client" (diskless clinets) principle:
 
 
 
* [[NetBoot server principle]]
 
*
 
 
 
NetBoot services setup:
 
 
 
* [[TFTP server]]
 
* [[DHCP netboot configuration]]
 
* [[TFTP server manage netboot kernels]]
 
* [[NFS server]]
 
 
 
* [[TFTP server PXE configuration]]
 
* [[PXE interactive menu - multi level | TFTP server PXE advanced menu]]
 
 
 
 
 
 
 
* [[SNMP client]]
 
 
 
 
 
 
 
NetBoot setup:
 
* 0. [[NetBoot server principle]]
 
* 1. [[NetBoot server | NetBoot server setup - network Linux installation]]
 
* 2. [[Diskless netboot|NetBoot server setup - diskless clients]]
 
* 3. Diskless client setup
 
*** [[Diskless image configuration - manual setup]]
 
*** [[Diskless image configuration - script setup]]
 
* 4. PXE menu
 
*** [[PXE interactive menu - single level]]
 
*** [[PXE interactive menu - multi level]]
 
 
 
 
 
 
 
==Monitoring==
 
 
 
 
 
[[File:Monitoring icon.png|64px|caption|Monitoring]] Monitoring IT components, servers and applications using Zabbix
 
 
 
 
 
 
 
{| class="wikitable"
 
!colspan="2"|Monitoring
 
|-
 
|rowspan="6"|Zabbix server
 
|[[Zabbix server setup]]
 
|-
 
|[[Zabbix server configuration]]
 
|-
 
|[[Zabbix server hosts management]]
 
|-
 
|[[Zabbix server template management]] = create and manage template
 
|-
 
|[[Zabbix server create new application, items, triggers and actions]]
 
|-
 
|Zabbix server dashboard
 
|-
 
|rowspan="1"|Zabbix agent setup
 
|[[Zabbix agent setup]]
 
|-
 
 
|}
 
|}
  
  
Note:
 
  
I'm using Zabbix v2.2. All the following information are just a practical summary of the Zabbix official documentation applied to my use-case.
 
  
  
 
+
=Other services=
 
 
 
 
==Other services==
 
  
 
* NTP time sync
 
* NTP time sync
 
* Logwatch
 
* Logwatch
* Mail server
 
  
  
  
==Management UI==
+
=Management UI=
  
 
[[Webmin]]
 
[[Webmin]]
 
=Raspberry pi=
 
 
* [[Raspbmc - XBMC HTPC]]
 
 
 
 
 
 
=New menu (under construction)=
 
 
This section is under construction...
 

Latest revision as of 21:27, 12 March 2019

Linux is wonderful! However it can be a mess to setup.

These are some how-to and tricks for Linux (Debian / Ubuntu) servers and workstations.


Core features

Server or workstation Server / workstation setup

Raspberry Pi Raspberry Pi XBMC

Multimedia Multimedia


Linux games Linux games

Security

Internet security Internet security

SSH SSH

FW principle Firewall

SSL SSL

VPN VPN

Remote desktop Remote desktop

Radar IDS / IPS

Alarm clock Crontab

Web

Database DB

Web server Web server

Web apps PHP webapps

Continuous integration Continous Integration

Network

Active directory LDAP

Network icon DHCP DNS

File share File-share

Netboot icon Netboot & Thin client

Mail icon Mail server

Infrastructure monitoring Infrastructure monitoring

ELK Log monitoring ELK Log monitoring



Other services

  • NTP time sync
  • Logwatch


Management UI

Webmin