Note: Currently new registrations are closed, if you want an account Contact us

Difference between revisions of "System Administrators Checklist"

From FSCI Wiki
(add details about virtualization)
(add public key crypto article)
 
(2 intermediate revisions by one other user not shown)
Line 4: Line 4:
# disk partitioning with logical volume manager - Follow https://opensource.com/business/16/9/linux-users-guide-lvm, create a virtual machine using tools like GNOME Boxes, Virt manager, Virtual Box etc. Learn about virtualization https://www.ibm.com/cloud/learn/virtualization-a-complete-guide
# disk partitioning with logical volume manager - Follow https://opensource.com/business/16/9/linux-users-guide-lvm, create a virtual machine using tools like GNOME Boxes, Virt manager, Virtual Box etc. Learn about virtualization https://www.ibm.com/cloud/learn/virtualization-a-complete-guide
# authenticating with ssh keys - Follow https://git.fosscommunity.in/help/ssh/README.md and https://www.redhat.com/sysadmin/configure-ssh-keygen
# authenticating with ssh keys - Follow https://git.fosscommunity.in/help/ssh/README.md and https://www.redhat.com/sysadmin/configure-ssh-keygen
= Basic Concepts (we will teach you) =
# Public Key Cryptography  https://hackernoon.com/public-key-cryptography-simply-explained-e932e3093046 (Asymmetric Key Encryption)
# Let's Encrypt https://letsencrypt.org/ (Free automated TLS certificates for https)


= Server basics (we will teach you) =
= Server basics (we will teach you) =
Line 31: Line 35:


#. ssh - remote shell (with ssh server on custom ports)
#. ssh - remote shell (with ssh server on custom ports)
#. scp/sftp/rsync - copy files
#. scp/sftp/rsync - copy files. "Deprecating scp" - https://lwn.net/Articles/835962/
#. mosh - for bad connections
#. mosh - for bad connections


Line 47: Line 51:
* Setup ansible for all services
* Setup ansible for all services
* Security audit and compliance across all services
* Security audit and compliance across all services
* Setup buildd for fasttrack
* Setup [https://wiki.debian.org/buildd buildd] for fasttrack - https://wiki.debian.org/BuilddSetup
* Fix golang upload issues in fasttrack
* Fix golang upload issues in fasttrack
* Setup security tracker for fasttrack
* Setup security tracker for fasttrack

Latest revision as of 20:58, 7 January 2021

Pre-Requisites (you need to learn yourself)

  1. How to install GNU/Linux - Follow https://www.debian.org/releases/stable/amd64/
  2. Familiarity with Command Line - Follow https://ryanstutorials.net/linuxtutorial/
  3. disk partitioning with logical volume manager - Follow https://opensource.com/business/16/9/linux-users-guide-lvm, create a virtual machine using tools like GNOME Boxes, Virt manager, Virtual Box etc. Learn about virtualization https://www.ibm.com/cloud/learn/virtualization-a-complete-guide
  4. authenticating with ssh keys - Follow https://git.fosscommunity.in/help/ssh/README.md and https://www.redhat.com/sysadmin/configure-ssh-keygen

Basic Concepts (we will teach you)

  1. Public Key Cryptography https://hackernoon.com/public-key-cryptography-simply-explained-e932e3093046 (Asymmetric Key Encryption)
  2. Let's Encrypt https://letsencrypt.org/ (Free automated TLS certificates for https)

Server basics (we will teach you)

  1. switching users (sudo, su)
  2. remote access (scp, rsync, custom ssh port, mosh),
  3. software raid
  4. encrypted partitions/luks (using virtual machines)
  5. firewall with ufw
  6. postgresql replication (backup)
  7. scheduled backups (rsync and cron)
  8. lxc container (setup services on your local machine)
  9. sharing passwords with gpg encrypted files
  10. nginx basics (setup web server, add custom index page)
  11. screen/tmux/nohup
  12. symbolic links (ln -s)
  13. locales
  14. environment variables
  15. local network configuration (/etc/hosts, ip, ss).
  16. Starting and stopping services (systemctl)
  17. Log file handling (tail -f, truncate, logrotate)

Switching users

sudo or su commands can be used to run commands as different users. `sudo -u <username>` for running as different user. `su - postgres` can give you a shell as postgres user.

Remote access to machines

  1. . ssh - remote shell (with ssh server on custom ports)
  2. . scp/sftp/rsync - copy files. "Deprecating scp" - https://lwn.net/Articles/835962/
  3. . mosh - for bad connections

Symbolic links

Symbolic links can be used to store data in data partition without changing configuration files. For example /var/lib/postgresql can be a symbolic link to /data/postgresql where /data is a dedicated partition for storing data.

Setup correct Locales

`dpkg-reconfigure locales`

Free Software Camp Tasks

Free Software Camp Resources