Note: Currently new registrations are closed, if you want an account Contact us
Difference between revisions of "System Administrators Checklist"
(create wiki page) |
(add public key crypto article) |
||
(14 intermediate revisions by 3 users not shown) | |||
Line 1: | Line 1: | ||
Pre-Requisites | = Pre-Requisites (you need to learn yourself) = | ||
# How to install GNU/Linux - Follow https://www.debian.org/releases/stable/amd64/ | |||
# Familiarity with Command Line - Follow https://ryanstutorials.net/linuxtutorial/ | |||
# disk partitioning with logical volume manager - Follow https://opensource.com/business/16/9/linux-users-guide-lvm, create a virtual machine using tools like GNOME Boxes, Virt manager, Virtual Box etc. Learn about virtualization https://www.ibm.com/cloud/learn/virtualization-a-complete-guide | |||
# authenticating with ssh keys - Follow https://git.fosscommunity.in/help/ssh/README.md and https://www.redhat.com/sysadmin/configure-ssh-keygen | |||
= Basic Concepts (we will teach you) = | |||
# Public Key Cryptography https://hackernoon.com/public-key-cryptography-simply-explained-e932e3093046 (Asymmetric Key Encryption) | |||
# Let's Encrypt https://letsencrypt.org/ (Free automated TLS certificates for https) | |||
= Server basics (we will teach you) = | |||
# switching users (sudo, su) | |||
# remote access (scp, rsync, custom ssh port, mosh), | |||
# software raid | |||
# encrypted partitions/luks (using virtual machines) | |||
# firewall with ufw | |||
# postgresql replication (backup) | |||
# scheduled backups (rsync and cron) | |||
# lxc container (setup services on your local machine) | |||
# sharing passwords with gpg encrypted files | |||
# nginx basics (setup web server, add custom index page) | |||
# screen/tmux/nohup | |||
# symbolic links (ln -s) | |||
# locales | |||
# environment variables | |||
# local network configuration (/etc/hosts, ip, ss). | |||
# Starting and stopping services (systemctl) | |||
# Log file handling (tail -f, truncate, logrotate) | |||
== Switching users == | |||
sudo or su commands can be used to run commands as different users. `sudo -u <username>` for running as different user. `su - postgres` can give you a shell as postgres user. | |||
== Remote access to machines == | |||
#. ssh - remote shell (with ssh server on custom ports) | |||
#. scp/sftp/rsync - copy files. "Deprecating scp" - https://lwn.net/Articles/835962/ | |||
#. mosh - for bad connections | |||
== Symbolic links == | |||
Symbolic links can be used to store data in data partition without changing configuration files. For example /var/lib/postgresql can be a symbolic link to /data/postgresql where /data is a dedicated partition for storing data. | |||
== Setup correct Locales == | |||
`dpkg-reconfigure locales` | |||
= Free Software Camp Tasks = | |||
* Setup feed2toot for fsci blog, diasp.in updates - https://git.fosscommunity.in/fsfi/camp/-/issues/36#notes | |||
* Setup backup for all services | |||
* Setup ansible for all services | |||
* Security audit and compliance across all services | |||
* Setup [https://wiki.debian.org/buildd buildd] for fasttrack - https://wiki.debian.org/BuilddSetup | |||
* Fix golang upload issues in fasttrack | |||
* Setup security tracker for fasttrack | |||
= Free Software Camp Resources = | |||
* [[Hosting_Providers_with_free_tiers_or_credits]] | * [[Hosting_Providers_with_free_tiers_or_credits]] |
Latest revision as of 20:58, 7 January 2021
Pre-Requisites (you need to learn yourself)
- How to install GNU/Linux - Follow https://www.debian.org/releases/stable/amd64/
- Familiarity with Command Line - Follow https://ryanstutorials.net/linuxtutorial/
- disk partitioning with logical volume manager - Follow https://opensource.com/business/16/9/linux-users-guide-lvm, create a virtual machine using tools like GNOME Boxes, Virt manager, Virtual Box etc. Learn about virtualization https://www.ibm.com/cloud/learn/virtualization-a-complete-guide
- authenticating with ssh keys - Follow https://git.fosscommunity.in/help/ssh/README.md and https://www.redhat.com/sysadmin/configure-ssh-keygen
Basic Concepts (we will teach you)
- Public Key Cryptography https://hackernoon.com/public-key-cryptography-simply-explained-e932e3093046 (Asymmetric Key Encryption)
- Let's Encrypt https://letsencrypt.org/ (Free automated TLS certificates for https)
Server basics (we will teach you)
- switching users (sudo, su)
- remote access (scp, rsync, custom ssh port, mosh),
- software raid
- encrypted partitions/luks (using virtual machines)
- firewall with ufw
- postgresql replication (backup)
- scheduled backups (rsync and cron)
- lxc container (setup services on your local machine)
- sharing passwords with gpg encrypted files
- nginx basics (setup web server, add custom index page)
- screen/tmux/nohup
- symbolic links (ln -s)
- locales
- environment variables
- local network configuration (/etc/hosts, ip, ss).
- Starting and stopping services (systemctl)
- Log file handling (tail -f, truncate, logrotate)
Switching users
sudo or su commands can be used to run commands as different users. `sudo -u <username>` for running as different user. `su - postgres` can give you a shell as postgres user.
Remote access to machines
- . ssh - remote shell (with ssh server on custom ports)
- . scp/sftp/rsync - copy files. "Deprecating scp" - https://lwn.net/Articles/835962/
- . mosh - for bad connections
Symbolic links
Symbolic links can be used to store data in data partition without changing configuration files. For example /var/lib/postgresql can be a symbolic link to /data/postgresql where /data is a dedicated partition for storing data.
Setup correct Locales
`dpkg-reconfigure locales`
Free Software Camp Tasks
- Setup feed2toot for fsci blog, diasp.in updates - https://git.fosscommunity.in/fsfi/camp/-/issues/36#notes
- Setup backup for all services
- Setup ansible for all services
- Security audit and compliance across all services
- Setup buildd for fasttrack - https://wiki.debian.org/BuilddSetup
- Fix golang upload issues in fasttrack
- Setup security tracker for fasttrack