Project aimed to learn more about system administration, and Linux OS The main topics on this project covers:
- Booting VMs
- LVM partitions | Filesytem Hierarchy Standard
- SSH services
- Firewall settings
- Sudo configuration
- User settings | Groups configuration | password policies
- CRON jobs
- ISO of DebianOS: https://www.debian.org/download
- Oracle VM: https://www.oracle.com/br/virtualization/technologies/vm/downloads/virtualbox-downloads.html
- Creating a new VM: - 2048MB RAM (The default is 1024MB, but if your computer has enough RAM you can dedicate more so it can be faster) - Set the HD to 30.8G (Implementing the Bonus, otherwise it would be set 8GB) - Storage on physical disk can be: - Dynamically allocated - Pros - it can grow in size - Cons - the pyshical disk can become highly fragmented, the performance may degrade - Fixed size - Pros - it can be faster to run https://techgenix.com/fixedsizevs-dynamicallyexpandingvirtualharddisks/ - Before booting - On disk -> Controller: IDE -> set Debian iso file  - On Network - set to "Bridged Adapter", so it can have internet access https://linuxhint.com/use-virtualbox-bridged-adapter/
- Difference between host name and domain name
- On the project required the hostname to be my login ending with 42
- hostname is the computer name (human-readable format), and they can also serve as domain name.
- domain name is the address used by users to access a website. One domain can have several hosts (machines) underneath. http://www.differencebetween.net/technology/difference-between-hostname-and-domain-name/
- to change hostname: https://linuxhint.com/change-hostname-debian/
- LVM (Logical Volume Managment) - There're tools that helps with managing how the pyshical disk space will be allocated like gparted. LVM creates a layer which gives the advantage and flexibility on how to split the memory from the pyshical disks (Volume Groups - groups of pyshical volumes), and assign blocks of memory that will be treated as different mounts / partitions (logical volumes).
- The advange by having this layer it enables to change the partitions currently in use (in many other tools it's necessary boot the OS from another disk, or format the disk in case you want to create new partition later. In VLM it doesn't have this limitation), and also one single partition can be made of several blocks of memory that doesn't need to be next to each other.
- Biggest advantage of LVM is the ability to take snapshots of the existing Logical Volume, having a backup of the state of the machine without shutting the system down.
- What's LVM:
- How to use LVM:
- How to use snapshots in VM VirtualBox:
- Other tools for using snapshots:
- __Linux Filesytem Hierarchy Standard__ - Common partitions when setting Linux 
- Linux File System/Structure Explained! - https://www.youtube.com/watch?v=HbgzrKJvDRw&
- Swap partition - Free RAM memory when real RAM is full and more space is needed, by putting memory that wasn't used recently in disk.
- __`lsblk`__ - Linux command to display information about disk devices in a system. - https://linuxhint.com/linux-lsblk-command-tutorial-for-beginners/ - what is the MAJ:MIN column - https://www.oreilly.com/library/view/linux-device-drivers/0596000081/ch03s02.html
- Miscelaneous information: - Difference between Primary and Logical Partition - It's more a legacy from how old OS were set (Mainly DOS and Windows) where it could have only 4 partitions to load an operational system. Where on Linux it's possible to have multiple partitions one for each File system (reducing potential data loss) - sda 1 to 4 it could be considered primary partitions, and sda 5 and higher on are extended partitions. - https://www.wikiwand.com/en/Disk_partitioning - https://askubuntu.com/a/1207738 - Difference creating the disk at beggining or end of avaiable space - Didn't find any explanation on where it could be better to create at the end, but emperical tests suggests it might have a poor performance on the disk. - https://askubuntu.com/questions/56883/is-having-the-swap-partition-at-the-beginning-better-than-at-the-end - Difference on ext4, ext3 and ext2: - types of filesystems created for Linux. - ext3 and ext4 enables journaling (able to log changes in the machine) - https://www.learnitguide.net/2016/08/difference-between-ext2-ext3-and-ext4.html
- __Expected result__ - After the manual setup the inital configuration of the VM, the hard disk should have the following structure [tip - take a snapshot of the state of the machine, or a copy of the VM to not need to go over this step again in case you end up doing something that doesn't how to fix or think in restarting the VM] 
-
It's a network protocol that enables a secure way to access a machine over an unsecured network. It works by providing a strong password, and public key authentication method, creating encrypted data communication on an open network. https://www.techtarget.com/searchsecurity/definition/Secure-Shell
-
As part of the project. Set config file
/etc/ssh/sshd_configto:- Enable port 4242 (Disable port 22 - default port on installation)
- Prohibit root login as authentication method
-
After restarting the SSH check if the port 4242 is the only one in use. Otherwise map your network interface, ip adress, netmask and gateway, to change to static ip. At least on my case it was being cause by having DHCP enabled on default, and the solution was setting a static ip to that port
-
https://www.efficientip.com/what-is-dhcp-and-why-is-it-important/
-
https://brunopontes.com.br/ensino/semestres/2018.1/soredes/guia_pratico_configuracao_rede_debian
-
This link is has many a lot of information on how to deal with SSH in Linux https://www.cyberciti.biz/tips/linux-unix-bsd-openssh-server-best-practices.html
- Installing UFW (Uncomplicated Firewall), it works as a firewall manager. Monitoring the information and data traffic of the machine and connected networks
- As part of the project it should allow connection only through port 4242.
- On
systemctlit should be normal to have the status active(exited) - the program run when machine booted and have the presets saved then the system exit the ufw. So in case any changes are done in the ufw settings to have it apply to the machine it would require to boot or run again in the system.
- Sudo is a program to allow a sysadmin to give limited access to users and log root activity.
- Till now all the project was using the root user, after this setup is possible to assign an user to sudo group can, and run commands by using the prefix
sudo, and it's possible to finish the configuration of a machine in a remote local.
- https://www.sudo.ws/about/intro/ - https://man7.org/linux/man-pages/man8/sudo.8.html
- __Configure policies:__ - Create `/var/log/sudo` folder to keep sudo log when enabling on the policies - To set sudo policies and following best practices. Instead of editing the /etc/sudoers. The local changes were in the `/etc/sudoers/.d` using visudo (it checks for any misspelling before saving) - the path `/etc/sudoers/.d` is already included in the `/etc/sudoers` as default - requiretty means it can only runs sudo commands on logged-in terminal session. - https://stackoverflow.com/a/68008345/16518944 - secure_path - meant to resctrict which paths and in which order when running a executable with sudo - https://askubuntu.com/a/924048
- https://linux.die.net/man/5/sudoers
- List all users in machine
cat /etc/passwd- the columns are
- User name
- Encrypted password (x means the password is stored in the /etc/shadow file)
- User ID number
- User's group ID number
- Full Name
- user home directory
- Login shell
- the columns are
- I didn't understand if the users needs to have the primary group as user42, but this is how it's possible to change without messing up https://www.smarthomebeginner.com/safely-change-primary-group-group-in-linux
- List all groups in machine
cat /etc/groups- columns are
- group name
- password
- group id (gid)
- group list
- columns are
- To manage users -
- To manage groups -
- To mange users within groups - https://linux.die.net/man/1/gpasswd
- To create groups - https://linux.die.net/man/8/groupadd
- To apply these rules we use the command
chagefor existing users and editing/etc/login.defsto apply for new users. • Your password has to expire every 30 days. • The minimum number of days allowed before the modification of a password will be set to 2. • The user has to receive a warning message 7 days before their password expires.
- It should follow these policies. For this I optted to use
- Your password must be at least 10 characters long. It must contain an uppercase letter, a lowercase letter, and a number. Also, it must not contain more than 3 consecutive identical characters.
- The password must not include the name of the user.
- The password must have at least 7 characters that are not part of the former password.
It should have these following information
- The architecture of your operating system and its kernel version.
- https://www.technologyuk.net/computing/computer-software/operating-systems/operating-system-architecture.shtml
- The number of physical processors.
- The number of virtual processors.
- The current available RAM on your server and its utilization rate as a percentage.
- The current available memory on your server and its utilization rate as a percentage.
- The current utilization rate of your processors as a percentage.
- The date and time of the last reboot.
- Whether LVM is active or not.
- The number of active connections.
- The number of users using the server.
- The IPv4 address of your server and its MAC (Media Access Control) address.
- The number of commands executed with the sudo program.
All the commands for this are on monitoring.sh file
For displaying the information `wall` was used, it works as broadcast system to all users logged in the server.
- Variables on cron
add cron-variables.PNG
- To manage cron service:
- sudo systemctl enable cron.service
- sudo systemctl start cron.service
- sudo systemctl stop cron.service
- sudo systemctl restart cron.service
- sudo systemctl status cron.service
- https://www.cyberciti.biz/faq/linux-execute-cron-job-after-system-reboot/
- https://linux.die.net/man/5/crontab
- to make sure its executable - rembember
chmodhttps://fideloper.com/user-group-permissions-chmod-apache
-
Wordpress is a open source system for Content Management System (CMS). Enabling a person to create a website without getting too deep in all the technical stuff
- Lighttpd is an open source web server.
- Basicaly a web server is responsible to manage all the HTTP requests from a client to a server.
- Installing lighttpd - https://www.how2shout.com/linux/how-to-install-lighttpd-web-server-on-debian-11-bullseye-or-ubuntu-20-04/
- configs are on
sudo vim /etc/lighttpd/lighttpd.conf
- MariaBD is an open source Database.
- At least necessary to make the initial setup, create a admin user and a database where wordpress will be kept
- https://geekrewind.com/install-wordpress-on-ubuntu-16-04-lts-with-lighttpd-mariadb-and-php-7-1-support/
- https://tecadmin.net/how-to-install-php-on-debian-11/
- Several addittional steps was necessary to install php
- add sury as a safe site to download files (gnupg)
- install wget. It's similar to curl where it enables to download files
- Also apt-key is deprecated, but on the tutorial I followed still uses. Later I found the recommend way would be to use this, but I didn't tested
wget -qO- https://packages.sury.org/php/apt.gpg | sudo tee /etc/apt/trusted.gpg.d/sury.gpg
- Also additional packages may be necessary to run wordpress more smoothly -https://make.wordpress.org/hosting/handbook/server-environment/
https://www.inmotionhosting.com/support/edu/wordpress/install-wordpress-debian-10/
- After donwloading wordpress files
- Next step is to configure the
- https://wordpress.org/support/article/how-to-install-wordpress/#step-3-set-up-wp-config-php
- very detailed explanation of this file - https://developer.wordpress.org/apis/wp-config-php/
- link - How to install wordpress using lighttpd https://www.atlantic.net/dedicated-server-hosting/how-to-install-wordpress-with-lighttpd-web-server-on-ubuntu-20-04/
- Debian is a open source
- CentOS is managed by
-
apt-get is a lower level package management
-
apt launched by Debian in ~2014 it's a higher level management package, which also takes in account apt-cache.
-
aptitude is a higher level managament package and has a graphical interface as well, and also handles functionatities of apt-mark and apt-cache. And also deal with dependencies better thant apt-get.
-
https://www.tecmint.com/difference-between-apt-and-aptitude/
-
Basic intro on apt- https://www.tecmint.com/useful-basic-commands-of-apt-get-and-apt-cache-for-package-management/
- AppArmor is a Mandatory Access Control(MAC) sytem which is a kernel Linux Security Model (LSM), limitating what each program can do or consume resources.
- Differences - AppArmor is a bit more simple than SElinux, such as not being possible to have a Multi-Level-Security (MLS) and Multi-Category-Security (MCS), not being possible to keep separation between containers.
- https://wiki.ubuntu.com/AppArmor
- https://www.redhat.com/sysadmin/apparmor-selinux-isolation
- Basically it ensures it's a kernel where the inputs are done by a person
- https://itsfoss.com/what-is-tty-in-linux/
- Since on this project all setup needs to be done on command line. I opted for vim as text editor
- Ubuntu already comes with vi already installed, but doesn't have many features that has on vim. (highlight text colors!)
- Cheatsheet - https://vimsheet.com/
Extra material
Course - for linux https://www.redhat.com/en/services/training/rh024-red-hat-linux-technical-overview?section=Outline
Top 10 Linux Job Interview Questions https://www.youtube.com/watch?v=l0QGLMwR-lY
Debian handbook - https://debian-handbook.info/browse/stable/