Note: Currently new registrations are closed, if you want an account Contact us

Difference between revisions of "System Administrators Checklist"

From FSCI Wiki
(create wiki page)
 
(add public key crypto article)
 
(14 intermediate revisions by 3 users not shown)
Line 1: Line 1:
Pre-Requisites: How to install GNU/Linux, Familiarity with Command Line, disk partitioning with logical volume manager, authenticating with ssh keys
= Pre-Requisites (you need to learn yourself) =
# How to install GNU/Linux - Follow https://www.debian.org/releases/stable/amd64/
# Familiarity with Command Line - Follow https://ryanstutorials.net/linuxtutorial/
# disk partitioning with logical volume manager - Follow https://opensource.com/business/16/9/linux-users-guide-lvm, create a virtual machine using tools like GNOME Boxes, Virt manager, Virtual Box etc. Learn about virtualization https://www.ibm.com/cloud/learn/virtualization-a-complete-guide
# authenticating with ssh keys - Follow https://git.fosscommunity.in/help/ssh/README.md and https://www.redhat.com/sysadmin/configure-ssh-keygen


Server basics (we will teach you): switching users (sudo, su), ssh key based authentication (scp, rsync, custom ssh port, mosh), software raid, encrypted partitions (using virtual machines), firewall with ufw, postgresql replication, lxc container (setup services on your local machine), sharing passwords with gpg encrypted files, nginx basic, screen/tmux/nohup
= Basic Concepts (we will teach you) =
# Public Key Cryptography  https://hackernoon.com/public-key-cryptography-simply-explained-e932e3093046 (Asymmetric Key Encryption)
# Let's Encrypt https://letsencrypt.org/ (Free automated TLS certificates for https)


= Server basics (we will teach you) =
# switching users (sudo, su)
# remote access (scp, rsync, custom ssh port, mosh),
# software raid
# encrypted partitions/luks (using virtual machines)
# firewall with ufw
# postgresql replication (backup)
# scheduled backups (rsync and cron)
# lxc container (setup services on your local machine)
# sharing passwords with gpg encrypted files
# nginx basics (setup web server, add custom index page)
# screen/tmux/nohup
# symbolic links (ln -s)
# locales
# environment variables
# local network configuration (/etc/hosts, ip, ss).
# Starting and stopping services (systemctl)
# Log file handling (tail -f, truncate, logrotate)
== Switching users ==
sudo or su commands can be used to run commands as different users. `sudo -u <username>` for running as different user. `su - postgres` can give you a shell as postgres user.
== Remote access to machines ==
#. ssh - remote shell (with ssh server on custom ports)
#. scp/sftp/rsync - copy files. "Deprecating scp" - https://lwn.net/Articles/835962/
#. mosh - for bad connections
== Symbolic links ==
Symbolic links can be used to store data in data partition without changing configuration files. For example /var/lib/postgresql can be a symbolic link to /data/postgresql where /data is a dedicated partition for storing data.
== Setup correct Locales ==
`dpkg-reconfigure locales`
= Free Software Camp Tasks =
* Setup feed2toot for fsci blog, diasp.in updates - https://git.fosscommunity.in/fsfi/camp/-/issues/36#notes
* Setup backup for all services
* Setup ansible for all services
* Security audit and compliance across all services
* Setup [https://wiki.debian.org/buildd buildd] for fasttrack - https://wiki.debian.org/BuilddSetup
* Fix golang upload issues in fasttrack
* Setup security tracker for fasttrack
= Free Software Camp Resources =
* [[Hosting_Providers_with_free_tiers_or_credits]]
* [[Hosting_Providers_with_free_tiers_or_credits]]

Latest revision as of 20:58, 7 January 2021

Pre-Requisites (you need to learn yourself)

  1. How to install GNU/Linux - Follow https://www.debian.org/releases/stable/amd64/
  2. Familiarity with Command Line - Follow https://ryanstutorials.net/linuxtutorial/
  3. disk partitioning with logical volume manager - Follow https://opensource.com/business/16/9/linux-users-guide-lvm, create a virtual machine using tools like GNOME Boxes, Virt manager, Virtual Box etc. Learn about virtualization https://www.ibm.com/cloud/learn/virtualization-a-complete-guide
  4. authenticating with ssh keys - Follow https://git.fosscommunity.in/help/ssh/README.md and https://www.redhat.com/sysadmin/configure-ssh-keygen

Basic Concepts (we will teach you)

  1. Public Key Cryptography https://hackernoon.com/public-key-cryptography-simply-explained-e932e3093046 (Asymmetric Key Encryption)
  2. Let's Encrypt https://letsencrypt.org/ (Free automated TLS certificates for https)

Server basics (we will teach you)

  1. switching users (sudo, su)
  2. remote access (scp, rsync, custom ssh port, mosh),
  3. software raid
  4. encrypted partitions/luks (using virtual machines)
  5. firewall with ufw
  6. postgresql replication (backup)
  7. scheduled backups (rsync and cron)
  8. lxc container (setup services on your local machine)
  9. sharing passwords with gpg encrypted files
  10. nginx basics (setup web server, add custom index page)
  11. screen/tmux/nohup
  12. symbolic links (ln -s)
  13. locales
  14. environment variables
  15. local network configuration (/etc/hosts, ip, ss).
  16. Starting and stopping services (systemctl)
  17. Log file handling (tail -f, truncate, logrotate)

Switching users

sudo or su commands can be used to run commands as different users. `sudo -u <username>` for running as different user. `su - postgres` can give you a shell as postgres user.

Remote access to machines

  1. . ssh - remote shell (with ssh server on custom ports)
  2. . scp/sftp/rsync - copy files. "Deprecating scp" - https://lwn.net/Articles/835962/
  3. . mosh - for bad connections

Symbolic links

Symbolic links can be used to store data in data partition without changing configuration files. For example /var/lib/postgresql can be a symbolic link to /data/postgresql where /data is a dedicated partition for storing data.

Setup correct Locales

`dpkg-reconfigure locales`

Free Software Camp Tasks

Free Software Camp Resources