Note: Currently new registrations are closed, if you want an account Contact us
Difference between revisions of "System Administrators Checklist"
(add numbered list) |
(add public key crypto article) |
||
(12 intermediate revisions by 3 users not shown) | |||
Line 1: | Line 1: | ||
= Pre-Requisites (you need to learn yourself) = | = Pre-Requisites (you need to learn yourself) = | ||
# How to install GNU/Linux | # How to install GNU/Linux - Follow https://www.debian.org/releases/stable/amd64/ | ||
# Familiarity with Command Line | # Familiarity with Command Line - Follow https://ryanstutorials.net/linuxtutorial/ | ||
# disk partitioning with logical volume manager | # disk partitioning with logical volume manager - Follow https://opensource.com/business/16/9/linux-users-guide-lvm, create a virtual machine using tools like GNOME Boxes, Virt manager, Virtual Box etc. Learn about virtualization https://www.ibm.com/cloud/learn/virtualization-a-complete-guide | ||
# authenticating with ssh keys | # authenticating with ssh keys - Follow https://git.fosscommunity.in/help/ssh/README.md and https://www.redhat.com/sysadmin/configure-ssh-keygen | ||
= Basic Concepts (we will teach you) = | |||
# Public Key Cryptography https://hackernoon.com/public-key-cryptography-simply-explained-e932e3093046 (Asymmetric Key Encryption) | |||
# Let's Encrypt https://letsencrypt.org/ (Free automated TLS certificates for https) | |||
= Server basics (we will teach you) = | = Server basics (we will teach you) = | ||
Line 12: | Line 16: | ||
# firewall with ufw | # firewall with ufw | ||
# postgresql replication (backup) | # postgresql replication (backup) | ||
# scheduled backups (rsync and cron) | |||
# lxc container (setup services on your local machine) | # lxc container (setup services on your local machine) | ||
# sharing passwords with gpg encrypted files | # sharing passwords with gpg encrypted files | ||
Line 20: | Line 25: | ||
# environment variables | # environment variables | ||
# local network configuration (/etc/hosts, ip, ss). | # local network configuration (/etc/hosts, ip, ss). | ||
# Starting and stopping services (systemctl) | |||
# Log file handling (tail -f, truncate, logrotate) | |||
== Switching users == | == Switching users == | ||
Line 28: | Line 35: | ||
#. ssh - remote shell (with ssh server on custom ports) | #. ssh - remote shell (with ssh server on custom ports) | ||
#. scp/sftp/rsync - copy files | #. scp/sftp/rsync - copy files. "Deprecating scp" - https://lwn.net/Articles/835962/ | ||
#. mosh - for bad connections | #. mosh - for bad connections | ||
Line 39: | Line 46: | ||
`dpkg-reconfigure locales` | `dpkg-reconfigure locales` | ||
= Free Software Camp Tasks = | |||
* Setup feed2toot for fsci blog, diasp.in updates - https://git.fosscommunity.in/fsfi/camp/-/issues/36#notes | |||
* Setup backup for all services | |||
* Setup ansible for all services | |||
* Security audit and compliance across all services | |||
* Setup [https://wiki.debian.org/buildd buildd] for fasttrack - https://wiki.debian.org/BuilddSetup | |||
* Fix golang upload issues in fasttrack | |||
* Setup security tracker for fasttrack | |||
= Free Software Camp Resources = | |||
* [[Hosting_Providers_with_free_tiers_or_credits]] | * [[Hosting_Providers_with_free_tiers_or_credits]] |
Latest revision as of 20:58, 7 January 2021
Pre-Requisites (you need to learn yourself)
- How to install GNU/Linux - Follow https://www.debian.org/releases/stable/amd64/
- Familiarity with Command Line - Follow https://ryanstutorials.net/linuxtutorial/
- disk partitioning with logical volume manager - Follow https://opensource.com/business/16/9/linux-users-guide-lvm, create a virtual machine using tools like GNOME Boxes, Virt manager, Virtual Box etc. Learn about virtualization https://www.ibm.com/cloud/learn/virtualization-a-complete-guide
- authenticating with ssh keys - Follow https://git.fosscommunity.in/help/ssh/README.md and https://www.redhat.com/sysadmin/configure-ssh-keygen
Basic Concepts (we will teach you)
- Public Key Cryptography https://hackernoon.com/public-key-cryptography-simply-explained-e932e3093046 (Asymmetric Key Encryption)
- Let's Encrypt https://letsencrypt.org/ (Free automated TLS certificates for https)
Server basics (we will teach you)
- switching users (sudo, su)
- remote access (scp, rsync, custom ssh port, mosh),
- software raid
- encrypted partitions/luks (using virtual machines)
- firewall with ufw
- postgresql replication (backup)
- scheduled backups (rsync and cron)
- lxc container (setup services on your local machine)
- sharing passwords with gpg encrypted files
- nginx basics (setup web server, add custom index page)
- screen/tmux/nohup
- symbolic links (ln -s)
- locales
- environment variables
- local network configuration (/etc/hosts, ip, ss).
- Starting and stopping services (systemctl)
- Log file handling (tail -f, truncate, logrotate)
Switching users
sudo or su commands can be used to run commands as different users. `sudo -u <username>` for running as different user. `su - postgres` can give you a shell as postgres user.
Remote access to machines
- . ssh - remote shell (with ssh server on custom ports)
- . scp/sftp/rsync - copy files. "Deprecating scp" - https://lwn.net/Articles/835962/
- . mosh - for bad connections
Symbolic links
Symbolic links can be used to store data in data partition without changing configuration files. For example /var/lib/postgresql can be a symbolic link to /data/postgresql where /data is a dedicated partition for storing data.
Setup correct Locales
`dpkg-reconfigure locales`
Free Software Camp Tasks
- Setup feed2toot for fsci blog, diasp.in updates - https://git.fosscommunity.in/fsfi/camp/-/issues/36#notes
- Setup backup for all services
- Setup ansible for all services
- Security audit and compliance across all services
- Setup buildd for fasttrack - https://wiki.debian.org/BuilddSetup
- Fix golang upload issues in fasttrack
- Setup security tracker for fasttrack