├── 01_Essential_Commands ├── A02 │ ├── 01_SSH_Connection.sh │ ├── 02_Install_tightvncserver.sh │ └── xstartup.sh ├── A03 │ ├── 01_Shell_Shortcuts.sh │ ├── 02_Create_Directories.sh │ ├── 03_Creating_Files.sh │ ├── 04_Redirection_tee.sh │ ├── 05_File_Operations.sh │ ├── 06_Alias.sh │ ├── 07_nano_and_diff.sh │ └── 08_vim_and_sed.sh ├── A04 │ ├── 01_Listing_File_Permissions.sh │ ├── 02_Working_with_links.sh │ ├── 03_umask_and_default_permissions.sh │ ├── 04_Apply_basic_permissions_with_chmod.sh │ ├── 05_Advanced_Symbolic_Permissions.sh │ ├── 06_Using_All_Objects_and_Omitting_the_Object.sh │ ├── 07_Ownership_and_file_access.sh │ ├── 08_Minimum_directory_permissions.sh │ └── octal.txt ├── A05 │ ├── 01_Using_sort_options_with_ls.sh │ ├── 02_The_Power_of_Find.sh │ ├── 03_Using_Locate.sh │ ├── 04_Regular_Expressions_Really_Do_Help.sh │ ├── 05_Grep_Allows_Searching_of_Files.sh │ └── 06_Read_The_Docs.sh ├── A06 │ ├── 01_Creating_TAR_Files.sh │ ├── 02_Using_compression_utilities.sh │ ├── 03_Compression_is_Independent.sh │ └── 04_Backing_up_Output.sh ├── A07 │ ├── 01_su_Substitute_User.sh │ ├── 02_Using_sudo.sh │ ├── 03_Using_another_editor.sh │ └── 04_Using_Polkit_(Formerly_PolicyKit).sh └── Links.txt ├── 02_Operation_of_Running_Systems ├── A02 │ ├── 01_Planned_Shutdown.sh │ ├── 02_Prevent_Non-Root_Login.sh │ └── 03_Poweroff_Reboot.sh ├── A03 │ ├── 01_Configure_GRUB_to_display.sh │ ├── 02_Kernel_parameters.sh │ ├── 03_Custom_GRUB_entries.sh │ └── 04_Recovery_ISO.sh ├── A04 │ ├── 01_Super_Cow_Powers.sh │ ├── 02_Apt_or_Apt-Get.sh │ ├── 03_Package_Cache.sh │ ├── 04_Apt-List.sh │ ├── 05_Apt-Search.sh │ ├── 06_Installing_and_Removing_Software.sh │ ├── 07_More_or_Less_Questions.sh │ ├── 08_Repositories.sh │ └── 09_The_Core_DPKG_System.sh ├── A05 │ ├── 01_Systemd_Eco-system.sh │ ├── 02_Analyze_Boot_Time.sh │ ├── 03_Using_Systemctl_to_Manage_Services.sh │ ├── 04_Scenario.sh │ ├── 05_losetup_service.sh │ ├── 06_Targets.sh │ ├── 07_Traditional_Logs.sh │ ├── 08_Journal_Log.sh │ ├── 09_Persisting_Journal_Logs.sh │ └── losetup.service ├── A06 │ ├── 01_Your_First_Shell_Script.sh │ ├── 02_Make_Standalone.sh │ ├── 03_Implementing_Variables_and_Loops.sh │ ├── 04_Using_Imported_Variables.sh │ ├── 05_Creating_a_Password_Generator.sh │ ├── 06_Using_Script_Arguments.sh │ ├── 07_Improving_the_Password_Generator.sh │ ├── 08_Creating Users_from_the_CLI.sh │ ├── info.sh │ └── pwgen.sh ├── A07 │ ├── 01_Documentation.sh │ ├── 02_Working_with_Timer_Units.sh │ ├── 03_System_Crontab.sh │ ├── 04_User_Crons.sh │ ├── 05_Once_Only_Tasks.sh │ ├── backup.service │ └── backup.timer ├── A08 │ ├── 01_Multipathd.sh │ ├── 02_Ansible_Provisioner_with_Vagrant.sh │ ├── 03_Uptime_and_Load_Averages.sh │ ├── 04_Using_Top.sh │ ├── 05_Using_Ps_(Process-Status).sh │ ├── 06_Pgrep.sh │ ├── 07_Ending_Processes.sh │ ├── 08_Sharing_CPU.sh │ ├── Vagrantfile │ └── ubuntu.yml └── A09 │ ├── 01_Investigating_AppArmor.sh │ ├── 02_Installing_Extra_Utilities.sh │ ├── 03_Simple_Python_Script.sh │ ├── 04_Creating_AppArmor_Profile.sh │ ├── 05_Reading_Denials.sh │ ├── 06_Simple_But_Incomplete_Profile.sh │ ├── 07_Setting_Complain_Mode_and_Log_Profiling.sh │ └── file_test.py ├── 03_User_and_Group_Management ├── A02 │ ├── 01_User_Account_Databases_Listing_Users.sh │ ├── 02_Sudo.sh │ ├── 02_su_substitute_user.sh │ ├── 03_Editing_the_Sudoers_Files.sh │ ├── 03_Using_sudo_in_Ubuntu.sh │ └── 04_Using_Polkit(Formerly-PolicyKit).sh ├── A03 │ ├── 01_Creating_Users.sh │ ├── 02_working_with_defaults.sh │ ├── 03_The_Skeleton_Directory.sh │ ├── 04_Modify_and_Delete_Users.sh │ ├── 05_Finger_Information.sh │ └── 06_Groups.sh ├── A04 │ ├── 01_Understanding_Shadow_Data.sh │ ├── 02_Managing_Passwords_with_Passwd_and_Chpasswd.sh │ ├── 03_Splitting_the_Password_Field.sh │ ├── 04_Authentication.sh │ └── 05_Managing_Groups.sh ├── A05 │ ├── 01_The_Skeleton_Directory.sh │ ├── 02_Configuring_an_Individual_Umask.sh │ ├── 03_Clearing_Screen_on_Logout.sh │ ├── 04_Working_with_Login_Shells_.sh │ └── 05_Centralized_Login_Scripts.sh ├── A06 │ ├── 01_Documentation.sh │ ├── 02_Help_on_Module.sh │ ├── 03_Creating_User_Home_Directories.sh │ ├── 04_Ordering_Incorrect.sh │ ├── 05_Ordering_Correct.sh │ └── 06_Implementing_Bad_Login_Counts.sh ├── Vagrantfile └── ubuntu.yml ├── 04_Networking ├── A01 │ ├── Vagrantfile │ └── ubuntu.yml ├── A02 │ ├── 01_Managing_transient_IP_Addresses.sh │ ├── 02_Using_netplan_in_ubuntu.sh │ └── Create_a_dotvimrc.sh ├── A03 │ ├── 01_Working_with_hostnames_hostnamectl.sh │ ├── 02_Configuring_the_search_order.sh │ └── 03_Configuring_LLMNR_ubuntu.sh ├── A04 │ ├── 01_Enable_ntp_time_sync.sh │ └── 02_Change_ntp_client_configuration.sh ├── A05 │ ├── 01_Configuring_network_routes.sh │ ├── 02_Using_netplan_persistent_route.sh │ └── 03_Configuring_linux_router.sh ├── A06 │ ├── 01_Using_nmap.sh │ ├── 02_Overview_iptable_rules.sh │ ├── 03_Setting_transient_rules.sh │ ├── 04_Setting_persistent_rules.sh │ └── 05_Adding_rules.sh ├── A07 │ ├── 01_Enabling_UFW.sh │ ├── 02_More_accurate_rules.sh │ └── 03_Enable_HTTP_Access.sh └── Links.md ├── 05_Service_Configuration ├── A01 │ ├── Vagrantfile │ └── ubuntu.yml ├── A02 │ ├── 01_Configuring_SSH_server.sh │ ├── 02_Configuring_client_ssh_authentication.sh │ └── 03_Configuring_SSH_client.sh ├── A03 │ ├── 01_Modify_DNS_name_server_entries.sh │ ├── 02_Configuring_BIND_caching_only_server.sh │ ├── 03_Using_acls_control_access.sh │ ├── 04_Creating_forward_lookup_zone.sh │ ├── 05_Creating_reverse_lookup_zone.sh │ ├── db.192.168.56 │ ├── db.local │ ├── named.conf.local │ └── named.conf.options ├── A04 │ ├── 01_Install_apache.sh │ ├── 02_Configure_apache.sh │ ├── 03_Working_with_logs.sh │ ├── 04_Restricting_access_pages.sh │ └── 05_Implementing_web_proxy.sh ├── A05 │ ├── 01_Install_MariaDB.sh │ ├── 02_Listening_on_network.sh │ └── 03_Creating_database_and_users.sh ├── A06 │ ├── 01_Installing_postfix_MTA.sh │ ├── 02_Reconfiguring_postfix.sh │ ├── 03_Configuring_IMAP_and_mutt.sh │ └── 04_Adding_MX_records.sh ├── A07 │ ├── 01_Installing_docker.sh │ ├── 02_Working_docker_images.sh │ ├── 03_Working_with_containers.sh │ ├── 04_Working_with_container_services.sh │ ├── 05_Building_images_dockerfiles.sh │ └── Containers.sh └── A08 │ ├── 01_Configuring_vagrant_nest_vms.sh │ ├── 02_Installing_virtual_ubuntu.sh │ ├── 03_vagrant_libvirt.sh │ ├── Install_kvm.sh │ ├── Links.md │ ├── Nested_vms.sh │ ├── VM_ftp_url.sh │ └── Vagranfile ├── 06_Storage_Management ├── A01 │ ├── Vagrantfile │ └── ubuntu.yml ├── A02 │ ├── 01_Using_lsblk_create_storage.sh │ ├── 02_Partitioning_disks.sh │ ├── 03_Creating_systemd_unit.sh │ └── disk1.service ├── A03 │ ├── 01_Creating_Filesystem.sh │ ├── 02_Working_mount_points.sh │ ├── 03_Working_fstab_file.sh │ ├── 04_Configuring_limits_xfs.sh │ └── 05_Configuring_limits_ext4.sh ├── A04 │ ├── 01_Creating_swap_space.sh │ └── 02_Tuning_swap_behaviour.sh ├── A05 │ ├── 01_Clean_up_swap_drives.sh │ ├── 02_Create_device_file_for_lvm_config.sh │ ├── 03_working_physical_volumes.sh │ ├── 04_Working_volume_group.sh │ ├── 05_Creating_logical_volumes.sh │ └── 06_Extending_logical_volumes.sh ├── A06 │ ├── 01_Creating_raid_partitions.sh │ ├── 02_Creating_raid_mirror.sh │ ├── 03_Mount_service_unit.sh │ ├── 04_Adding_filesystem.sh │ └── raid-disk.service ├── A07 │ ├── 01_Lab_setup.sh │ ├── 02_Create_key_file.sh │ ├── 03_Creating_systemd_mount_unit.sh │ ├── 04_Encrypting_partitions.sh │ ├── 05_Using_key_file.sh │ ├── 06_Fstab_entry.sh │ ├── Vagrantfile │ └── key.mount └── A08 │ ├── 01_Install_NFS_server.sh │ ├── 02_Creating_nfs_exports.sh │ └── 03_Using_autofs.sh ├── README.md ├── Vagrant_Commands.sh ├── Vagrant_and_Virtualbox_Installation.sh ├── Vagrantfile ├── Vagrantfile_with_multiple_boxes └── Vagrantfile └── ubuntu.yml /01_Essential_Commands/A02/01_SSH_Connection.sh: -------------------------------------------------------------------------------- 1 | 2 | ssh-keygen 3 | 4 | ssh-copy-id vagrant@192.168.56.102 5 | 6 | eval $(ssh agent) 7 | 8 | #On centos 9 | eval $(ssh-agent) 10 | 11 | ssh-add 12 | 13 | ssh vagrant@192.168.56.102 14 | 15 | -------------------------------------------------------------------------------- /01_Essential_Commands/A02/02_Install_tightvncserver.sh: -------------------------------------------------------------------------------- 1 | #Install the xfce4 2 | sudo apt install -y xfce4 xfce4-goodies 3 | 4 | #Install the tightvncserver 5 | sudo apt install -y tightvncserver 6 | 7 | #Start the vncserver 8 | vncserver 9 | 10 | vncserver -kill :1 11 | 12 | vim ~/.vnc/xstartup 13 | 14 | #!/bin/sh 15 | xrdb $HOME/.Xresources 16 | startxfce4& 17 | 18 | vncserver -------------------------------------------------------------------------------- /01_Essential_Commands/A02/xstartup.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | xrdb $HOME/.Xresources 3 | startxfce4& -------------------------------------------------------------------------------- /01_Essential_Commands/A03/01_Shell_Shortcuts.sh: -------------------------------------------------------------------------------- 1 | #Move to the start of the line 2 | CTRL + a 3 | 4 | #Move to the end of the line 5 | CTRL + e 6 | 7 | #Clear the desktop 8 | CTRL + l 9 | 10 | #Repeat the last command and arguments 11 | !! 12 | 13 | #Repeat the last arguments 14 | ESC + . 15 | 16 | #Move to your home directory 17 | cd 18 | 19 | #Move to the previous directory 20 | cd - 21 | 22 | #Recall previous command 23 | CTRL + r -------------------------------------------------------------------------------- /01_Essential_Commands/A03/02_Create_Directories.sh: -------------------------------------------------------------------------------- 1 | mkdir ~/dir1 2 | 3 | #-p creates the parent directories 4 | mkdir -p ~/dir2/dir3 5 | 6 | #Create a folder structure 7 | mkdir -p ~/ubuntu/{14,16,18,20,22}.04/{gold,current} 8 | 9 | sudo apt install -y tree 10 | 11 | #Install the tree command 12 | tree ubuntu -------------------------------------------------------------------------------- /01_Essential_Commands/A03/03_Creating_Files.sh: -------------------------------------------------------------------------------- 1 | #Creates an empty file 2 | touch file1 3 | 4 | ls -l file1 5 | 6 | file file1 7 | 8 | cat file1 9 | 10 | touch file1 11 | 12 | #If the file already exists, we will update the last modified time stamp 13 | ls -l file1 -------------------------------------------------------------------------------- /01_Essential_Commands/A03/04_Redirection_tee.sh: -------------------------------------------------------------------------------- 1 | #Output from a command can be sent to the file 2 | > file2 3 | 4 | #To overrite we use > to append we use >> 5 | ls -l /etc/hosts > file1 6 | 7 | #The default is redirecting STDOUT but we can use 2 to redirect error output 8 | ls -l /etc/Hosts 2> file2 9 | 10 | #>> append 11 | ls -l /etc/Hosts 2> file2 12 | 13 | ls /etc/hosts /etc/Hosts &> file3 14 | 15 | #The ipe or vertical bar takes the output of one command to the input of another 16 | ls -l | wc -l 17 | 18 | #This will not work 19 | sudo echo "8.8.8.8 google" >> /etc/hosts 20 | 21 | #Using the command tee, we can send output to the wcreen an too a file 22 | echo "8.8.8.8 google" | sudo tee -a /etc/hosts 23 | 24 | #This is also useful where we need to raise our privileges, standard redirection works with the right of the user that opened the shell 25 | 26 | -------------------------------------------------------------------------------- /01_Essential_Commands/A03/05_File_Operations.sh: -------------------------------------------------------------------------------- 1 | #Copy requires read to the source file and write to the target directory 2 | cp 3 | 4 | cp /etc/hosts ~ 5 | 6 | cp -i /etc/hosts ~ 7 | 8 | ls 9 | 10 | #Overrides the existing file 11 | cp /etc/hosts ~ 12 | 13 | cp --backup=numbered /etc/hosts ~ 14 | 15 | ls 16 | 17 | cp --backup=numbered /etc/hosts ~ 18 | 19 | ls 20 | 21 | ctrl +l 22 | 23 | ls -l hosts* 24 | 25 | rm hosts* 26 | 27 | ls -l hosts* 28 | 29 | #With mv we can move or rename files and requires both read and write to the source and target directories 30 | mv 31 | 32 | mv file1 stdout 33 | mv file2 error 34 | mv file3 combined 35 | 36 | ls 37 | 38 | mv stdout dir1 39 | 40 | ls dir1 41 | 42 | #no permission 43 | mv /etc/hosts . 44 | 45 | #The delete a file we can use rm, use -rf to delete a directory and its content 46 | rm 47 | 48 | rm -rf ubuntu -------------------------------------------------------------------------------- /01_Essential_Commands/A03/06_Alias.sh: -------------------------------------------------------------------------------- 1 | ls 2 | 3 | alias 4 | 5 | type ls 6 | 7 | \ls 8 | 9 | \ls -F 10 | 11 | cp /etc/hosts . 12 | 13 | cp -i /etc/hosts . 14 | 15 | alias cpi='cp -i' 16 | 17 | cpi /etc/hosts . 18 | 19 | alias cpback='cp --backup=numbered' 20 | 21 | cpback /etc/hosts . 22 | 23 | ls 24 | 25 | unalias cpi 26 | 27 | alias 28 | 29 | -------------------------------------------------------------------------------- /01_Essential_Commands/A03/07_nano_and_diff.sh: -------------------------------------------------------------------------------- 1 | cp /etc/hosts . 2 | 3 | #the same content 4 | diff /etc/hosts hosts 5 | 6 | nano hosts 7 | 1.0.0.1 cf 8 | 9 | #It's not the same 10 | diff /etc/hosts hosts 11 | 12 | #as 13 | 14 | #this comparison 15 | diff hosts /etc/hosts -------------------------------------------------------------------------------- /01_Essential_Commands/A03/08_vim_and_sed.sh: -------------------------------------------------------------------------------- 1 | vim +1 hosts 2 | 3 | vim +$ ~/hosts 4 | 5 | vim +/google/ ~/hosts 6 | 7 | vimtutor 8 | 9 | sed -i '1i #This is a hosts file' ~/hosts 10 | 11 | head 12 | 13 | sed -i '$d' ~/hosts 14 | 15 | tail 16 | 17 | sed -i 's/google/googledns/' ~/hosts 18 | 19 | cat hosts -------------------------------------------------------------------------------- /01_Essential_Commands/A04/01_Listing_File_Permissions.sh: -------------------------------------------------------------------------------- 1 | ls -l /etc/hosts 2 | -rw-r--r-- 1 root root 220 Jan 10 09:56 /etc/hosts 3 | 4 | ls -l /etc/shadow 5 | ---------- 1 root root 970 Jan 10 10:01 /etc/shadow 6 | 7 | 8 | 9 | ls -l /etc/services 10 | 11 | ls -lh /etc/services 12 | 13 | sudo vim /etc/services 14 | 15 | ls -lh /etc/services 16 | 17 | stat /etc/services 18 | 19 | stat -c %a /etc/services 20 | 644 21 | 22 | stat -c %A /etc/services 23 | 24 | -------------------------------------------------------------------------------- /01_Essential_Commands/A04/02_Working_with_links.sh: -------------------------------------------------------------------------------- 1 | mkdir links 2 | 3 | ld -ld links/ 4 | 5 | ls -ldi links/ 6 | 7 | #The same 8 | ls -ldi links/ links/. 9 | 10 | mkdir links/d1 11 | 12 | ls -ldi links/ links/. 13 | 14 | #Each subdirectory has a dot dot directory pointing to its parent 15 | ls -ldi links/ links/. links/d1/.. 16 | 17 | #Find out all subdirectory ( -2) 18 | ls -ld /etc 19 | 20 | cd links/ 21 | 22 | echo hello > file1 23 | 24 | ln file1 file2 25 | 26 | ls -li 27 | 28 | cat file1 29 | 30 | cat file2 31 | 32 | rm file1 33 | 34 | cat file2 35 | 36 | ln -s /usr/share/doc 37 | 38 | #The little l shows it's symbolic link 39 | ls -l 40 | 41 | cd doc 42 | 43 | pwd 44 | 45 | pwd -P 46 | 47 | cd .. 48 | 49 | ls 50 | 51 | ln -s file2 file3 52 | 53 | ls -l 54 | 55 | cat file3 56 | 57 | #yy copy and p paste 58 | vim file3 59 | 60 | cat file2 -------------------------------------------------------------------------------- /01_Essential_Commands/A04/03_umask_and_default_permissions.sh: -------------------------------------------------------------------------------- 1 | cat octal.txt 2 | 3 | #Default permissions for files: 4 | 666 5 | 6 | #Default permissions for directories: 7 | 777 8 | 9 | #The current umask value affects default permissions 10 | 002 11 | 12 | umask 13 | 14 | touch f1 15 | 16 | ls -l f1 17 | 18 | mkdir dirone 19 | 20 | ls -ld dirone 21 | 22 | umask 0 23 | 24 | umask 25 | 26 | touch f2 27 | 28 | ls -l f2 29 | 30 | mkdir dirtwo 31 | 32 | ls -ld dirtwo 33 | 34 | umask 077 35 | 36 | touch f3 37 | 38 | ls -l f3 39 | 40 | #Add a umask value and command to a login script to persist setings -------------------------------------------------------------------------------- /01_Essential_Commands/A04/04_Apply_basic_permissions_with_chmod.sh: -------------------------------------------------------------------------------- 1 | #Do not forget, permissions are not cumulative! 2 | umask 3 | 4 | echo hello > new_file 5 | 6 | cat new_file 7 | 8 | ls -l new_file 9 | 10 | chmod -v 006 new_file # or 11 | 12 | #not cumulative 13 | cat new_file 14 | 15 | chmod -v g=rw new_file 16 | 17 | ls -l new_file 18 | 19 | #not cumulative 20 | cat new_file 21 | 22 | chmod -v 666 new_file 23 | 24 | cat new_file 25 | 26 | chmod -v o= new_file 27 | 28 | chmod -v g-w new_file 29 | 30 | 31 | 32 | 33 | -------------------------------------------------------------------------------- /01_Essential_Commands/A04/05_Advanced_Symbolic_Permissions.sh: -------------------------------------------------------------------------------- 1 | umask 7 2 | 3 | mkdir -p upper/{dir1,dir2} 4 | 5 | tree upper 6 | 7 | touch upper/{dir1,dir2}/file 8 | 9 | ls -lR upper/ 10 | 11 | chmod -vR a+X upper 12 | 13 | touch another_newfile 14 | 15 | ls -l another_newfile 16 | 17 | #Does not apply to all, because of the umask 18 | chmod -v +x another_newfile 19 | 20 | chmod -v a+x another_newfile 21 | 22 | 23 | 24 | 25 | -------------------------------------------------------------------------------- /01_Essential_Commands/A04/06_Using_All_Objects_and_Omitting_the_Object.sh: -------------------------------------------------------------------------------- 1 | umask 7 2 | 3 | touch another_newfile 4 | 5 | ls -l another_newfile 6 | 7 | chmod -v +x another_newfile 8 | 9 | chmod a+x another_newfile 10 | 11 | 12 | 13 | -------------------------------------------------------------------------------- /01_Essential_Commands/A04/07_Ownership_and_file_access.sh: -------------------------------------------------------------------------------- 1 | #Ownership of a file can be controlled with chown and chgrp commands 2 | ls 3 | 4 | cat new_file 5 | 6 | chmod 006 new_file 7 | 8 | ls -l new_file 9 | 10 | #Does not work 11 | chown root new_file 12 | 13 | sudo !! 14 | 15 | ls -l new_file 16 | 17 | #No group permission 18 | cat new_file 19 | 20 | id 21 | 22 | sudo chgrp sudo new_file 23 | 24 | ls -l new_file 25 | 26 | cat new_file 27 | 28 | id -------------------------------------------------------------------------------- /01_Essential_Commands/A04/08_Minimum_directory_permissions.sh: -------------------------------------------------------------------------------- 1 | #The minimum permissions needed for a directory is just the execute bit 2 | 3 | #This allows a user to enter the directory, but not to list the directory content 4 | 5 | #Users must know the name of the file they need to access and having read permissions to the file those files 6 | 7 | sudo mkdir -m 751 /shared 8 | 9 | ls -ld /shared 10 | 11 | cd /shared 12 | 13 | ls 14 | 15 | sudo vim /shared/file1 16 | ich bin groot! 17 | :wq 18 | 19 | sudo ls -l 20 | 21 | cat file1 22 | 23 | cd 24 | 25 | cat /shared/file1 26 | 27 | #But I am not able to list the content 28 | ls -l /shared -------------------------------------------------------------------------------- /01_Essential_Commands/A04/octal.txt: -------------------------------------------------------------------------------- 1 | 000 = --- = 0 2 | 001 = --x = 1 3 | 010 = -w- = 2 4 | 011 = -wx = 3 5 | 100 = r-- = 4 6 | 101 = r-x = 5 7 | 110 = rw- = 6 8 | 111 = rwx = 7 9 | -------------------------------------------------------------------------------- /01_Essential_Commands/A05/01_Using_sort_options_with_ls.sh: -------------------------------------------------------------------------------- 1 | cd /etc 2 | 3 | ls -l 4 | 5 | ls -ltr 6 | 7 | ls -lt 8 | 9 | ls -lhSr -------------------------------------------------------------------------------- /01_Essential_Commands/A05/02_The_Power_of_Find.sh: -------------------------------------------------------------------------------- 1 | find -type f -name '*.html' 2 | 3 | find /usr/share/doc -type f -name '*.html' 4 | 5 | #We copy the result from find 6 | find /usr/share/doc -type f -name '*.html' -exec cp {} ~/links/ \; 7 | 8 | find -type f -name '*.html' 9 | 10 | #We can also delete with find 11 | find -type f -name '*.html' -delete 12 | 13 | find -type f -name '*.html' 14 | 15 | find / -maxdepth 1 -type l 16 | 17 | #Let's edit a line in hosts 18 | sudo vim /etc/hosts 19 | 20 | find /etc -mmin 5 2>/dev/null 21 | 22 | find /etc -mmin +5 2>/dev/null 23 | 24 | find /etc -mmin -5 -type f 2>/dev/null 25 | 26 | -------------------------------------------------------------------------------- /01_Essential_Commands/A05/03_Using_Locate.sh: -------------------------------------------------------------------------------- 1 | #Update the repos metadata 2 | sudo apt update 3 | 4 | sudo apt install -y mlocate 5 | 6 | sudo updatedb 7 | 8 | locate -S 9 | 10 | man locate 11 | 12 | locate -b hosts 13 | 14 | locate -br '^hosts' 15 | 16 | locate -br '^hosts$' 17 | 18 | rm hosts 19 | 20 | locate -br '^hosts$' 21 | 22 | locate -ebr '^hosts$' 23 | 24 | locate -eibr '^hosts$' 25 | 26 | #Update the locate db 27 | sudo updatedb 28 | 29 | -------------------------------------------------------------------------------- /01_Essential_Commands/A05/04_Regular_Expressions_Really_Do_Help.sh: -------------------------------------------------------------------------------- 1 | apt search python3 2 | 3 | apt search python3 | wc -l 4 | 5 | apt search python3 --names -only | wc -l 6 | 7 | apt search '^python3' --names-only | wc -l 8 | 9 | apt search '^python3$' --names-only | wc -l 10 | 11 | 12 | 13 | -------------------------------------------------------------------------------- /01_Essential_Commands/A05/05_Grep_Allows_Searching_of_Files.sh: -------------------------------------------------------------------------------- 1 | #Count the lines in sshd_config 2 | wc -l /etc/ssh/sshd_config 3 | 4 | grep '^#' /etc/ssh/sshd_config 5 | 6 | grep -v '^#' /etc/ssh/sshd_config 7 | 8 | grep -vE '^(#|$)' /etc/ssh/sshd_config 9 | 10 | grep password /etc/ssh/sshd_config 11 | 12 | grep -i password /etc/ssh/sshd_config 13 | 14 | grep -i '^password' /etc/ssh/sshd_config 15 | 16 | grep 'yes$' /etc/ssh/sshd_config 17 | 18 | grep '^#.*yes$' /etc/ssh/sshd_config 19 | 20 | grep -i '^[^#].*yes$' /etc/ssh/sshd_config 21 | 22 | 23 | -------------------------------------------------------------------------------- /01_Essential_Commands/A05/06_Read_The_Docs.sh: -------------------------------------------------------------------------------- 1 | passwd --help 2 | 3 | find --help 4 | 5 | man find 6 | 7 | #In the man pages we search for example /perm hit n to search further 8 | 9 | man 5 passwd 10 | 11 | man man 12 | 13 | 14 | 15 | -------------------------------------------------------------------------------- /01_Essential_Commands/A06/01_Creating_TAR_Files.sh: -------------------------------------------------------------------------------- 1 | #Let's check the size 2 | sudo du -sh /etc 3 | 4 | #We create a tar file 5 | sudo tar -cf etc.tar /etc 6 | 7 | #What about the size 8 | ls -lh etc.tar 9 | 10 | #-f for list 11 | tar -tf etc.tar 12 | 13 | #-x for extract 14 | tar -xf etc.tar 15 | 16 | cd etc 17 | 18 | pwd 19 | 20 | sudo rm /etc/hosts 21 | 22 | cat /etc/hosts 23 | 24 | cd / 25 | 26 | sudo tar -xf ~vagrant/etc.tar etc/hosts 27 | 28 | !ca 29 | 30 | 31 | -------------------------------------------------------------------------------- /01_Essential_Commands/A06/02_Using_compression_utilities.sh: -------------------------------------------------------------------------------- 1 | #gzip / gunzip 2 | #bzip2 / bunzip2 3 | #xz -z / xz -d (unxz) 4 | 5 | #tar -czf (gzip) 6 | #tar -cjf (bzip2) 7 | #tar -cJf (xz) 8 | 9 | #Let's work with the etc.tar file 10 | ls -lh 11 | 12 | gzip etc.tar 13 | 14 | ls -lh 15 | 16 | gunzip etc.tar.gz 17 | 18 | ls -lh 19 | 20 | bzip2 etc.tar 21 | 22 | ls -lh 23 | 24 | bunzip2 etc.tar.bz2 25 | 26 | xz -z etc.tar 27 | 28 | ls -lh 29 | 30 | unxz etc.tar.xz 31 | 32 | ls -lh -------------------------------------------------------------------------------- /01_Essential_Commands/A06/03_Compression_is_Independent.sh: -------------------------------------------------------------------------------- 1 | #Easy to measure time without typing sudo 2 | sudo -i 3 | 4 | time tar -cf etc.tar /etc 5 | 6 | time tar -czf etc.tar.gz /etc 7 | 8 | time tar -cjf etc.tar.bz2 /etc 9 | 10 | time tar -cJf etc.tar.xz /etc 11 | 12 | ls -lh 13 | 14 | tar -cJf doc.tar.xz /usr/share/doc &> /dev/null & 15 | 16 | ps 17 | 18 | 19 | 20 | -------------------------------------------------------------------------------- /01_Essential_Commands/A06/04_Backing_up_Output.sh: -------------------------------------------------------------------------------- 1 | find /usr/share/doc -type f -name '*.html' 2 | 3 | find /usr/share/doc -type f -name '*.html' | cpio -ov > backup.cpio 4 | 5 | mkdir restore && cd restore 6 | 7 | ls 8 | 9 | cpio -idv --no-absolute-filenames < ~/backup.cpio 10 | 11 | ls 12 | 13 | tree 14 | 15 | 16 | 17 | -------------------------------------------------------------------------------- /01_Essential_Commands/A07/01_su_Substitute_User.sh: -------------------------------------------------------------------------------- 1 | #No password for root 2 | su 3 | 4 | #Set the root password 5 | sudo passwd root 6 | 7 | su 8 | 9 | id 10 | 11 | exit 12 | 13 | su -l 14 | 15 | pwd 16 | 17 | exit 18 | 19 | su -l ubuntu 20 | 21 | sudo su - ubuntu 22 | 23 | id 24 | 25 | exit 26 | 27 | man su 28 | 29 | sudo passwd -l root 30 | 31 | 32 | -------------------------------------------------------------------------------- /01_Essential_Commands/A07/02_Using_sudo.sh: -------------------------------------------------------------------------------- 1 | sudo -l 2 | 3 | sudo useradd -m bob -s /bin/bash 4 | 5 | sudo passwd bob 6 | 7 | id bob 8 | 9 | sudo visudo 10 | 11 | sudo visudo -f /etc/sudoers.d/bob 12 | #bob ALL=(root) /bin/passwd, !/usr/bin/passwd root 13 | #Becareful with the syntax 14 | #bob ALL(root) /bin/passwd, !/usr/bin/passwd root -> will not work 15 | 16 | su -l bob 17 | 18 | sudo -l 19 | 20 | sudo passwd ubuntu 21 | 22 | sudo passwd root 23 | 24 | sudo -l 25 | 26 | sudo -k 27 | 28 | sudo -l 29 | 30 | 31 | -------------------------------------------------------------------------------- /01_Essential_Commands/A07/03_Using_another_editor.sh: -------------------------------------------------------------------------------- 1 | sudo visudo 2 | 3 | export EDITOR=vim 4 | 5 | sudo visudo -f /etc/sudoers.d/defaults 6 | Defaults env_keep += "EDITOR" 7 | 8 | sudo visudo 9 | 10 | 11 | 12 | -------------------------------------------------------------------------------- /01_Essential_Commands/A07/04_Using_Polkit_(Formerly_PolicyKit).sh: -------------------------------------------------------------------------------- 1 | man polkit 2 | 3 | sudo cat /etc/polkit-1/localauthority.conf.d/51-ubuntu-admin.conf 4 | 5 | id 6 | 7 | sudo usermod -aG sudo vagrant 8 | 9 | id 10 | 11 | exit 12 | 13 | #Start new SSH Session 14 | 15 | #Change a line 16 | sudo visudo 17 | 18 | #Break the sudo function 19 | 20 | sudo visudo 21 | 22 | echo $$ 23 | 24 | #Start an new terminal and SSH session 25 | #In the new terminal 26 | pkttyagent -p 27 | 28 | #Switch to the original SSH session 29 | pkexec visudo 30 | 31 | #Switch to the new session and choose the account/password 32 | 33 | 34 | -------------------------------------------------------------------------------- /01_Essential_Commands/Links.txt: -------------------------------------------------------------------------------- 1 | https://www.vagrantup.com/ 2 | 3 | https://www.virtualbox.org/ 4 | 5 | https://github.com/tomwechsler/Ubuntu_Linux_Administration -------------------------------------------------------------------------------- /02_Operation_of_Running_Systems/A02/01_Planned_Shutdown.sh: -------------------------------------------------------------------------------- 1 | hostnamectl 2 | 3 | man 8 shutdown 4 | 5 | #Does not work 6 | shutdown -r now 7 | 8 | #We need elevated rights 9 | sudo !! 10 | 11 | #The SSH connection will be disconnected 12 | 13 | sudo shutdown -h +30 "The system will be shutdown in 30 mins" 14 | 15 | sudo shutdown -c 16 | 17 | sudo shutdown -h 17:30 "System will shutdown at 5.30 this afternoon" 18 | 19 | sudo shutdown -c 20 | 21 | #This creates a nologin file under /run 22 | sudo shutdown -h +5 "The system will be shutdown in 5 mins" 23 | 24 | ls /run 25 | 26 | #Shut's the system down 27 | sudo shutdown -h now 28 | 29 | 30 | -------------------------------------------------------------------------------- /02_Operation_of_Running_Systems/A02/02_Prevent_Non-Root_Login.sh: -------------------------------------------------------------------------------- 1 | #Prevent new logins 2 | sudo -i 3 | echo "We are maintaining your Linux System" | sudo tee /etc/nologin 4 | 5 | #Try SSH from another tab 6 | 7 | #A reboot removes the /etc/nologin file 8 | sudo shutdown -r now 9 | 10 | 11 | -------------------------------------------------------------------------------- /02_Operation_of_Running_Systems/A02/03_Poweroff_Reboot.sh: -------------------------------------------------------------------------------- 1 | which poweroff 2 | 3 | ls -l $(which poweroff) 4 | 5 | ls -l $(which reboot) 6 | 7 | ls -l $(which halt) 8 | 9 | man poweroff 10 | 11 | sudo reboot 12 | 13 | uptime 14 | 15 | #uptime again and load average goes down 16 | uptime 17 | 18 | -------------------------------------------------------------------------------- /02_Operation_of_Running_Systems/A03/01_Configure_GRUB_to_display.sh: -------------------------------------------------------------------------------- 1 | #Display the boot menu 2 | sudo vim /etc/default/grub 3 | 4 | #GRUB_TIMEOUT_STYLE=hidden (replace with menu) 5 | #GRUB_TIMEOUT=0 (replace with 10) 6 | 7 | sudo vim /etc/default/grub.d/50-cloudimg-settings.cfg 8 | 9 | #GRUB_TIMEOUT=0 (delete the line or commented out) 10 | 11 | sudo grub-mkconfig 12 | 13 | sudo grub-mkconfig -o /boot/grub/grub.cfg 14 | 15 | sudo update-grub 16 | 17 | #Watch in virtualbox 18 | sudo reboot 19 | 20 | -------------------------------------------------------------------------------- /02_Operation_of_Running_Systems/A03/02_Kernel_parameters.sh: -------------------------------------------------------------------------------- 1 | init=/bin/bash 2 | 3 | passwd 4 | 5 | exec /sbin/init 6 | 7 | 8 | 9 | -------------------------------------------------------------------------------- /02_Operation_of_Running_Systems/A03/03_Custom_GRUB_entries.sh: -------------------------------------------------------------------------------- 1 | sudo vim /etc/grub.d/40_custom 2 | 3 | #In the editor navigate to last line Shfit + G 4 | 5 | :r /boot/grub/grub.cfg 6 | 7 | #Type 130dd this will delete 130 lines 8 | #Delete all the line until "menuentry" and modify the name from "ubuntu" to "recovery" 9 | #At the end of line "linux" remove "console and ro" and type "rw init=/bin/bash" 10 | #At the line of submenu type dG to remove the rest of the content 11 | #save and exit vim 12 | 13 | #Update grub 14 | sudo update-grub 15 | 16 | #Open virtualbox and check new the grub entry 17 | 18 | 19 | -------------------------------------------------------------------------------- /02_Operation_of_Running_Systems/A03/04_Recovery_ISO.sh: -------------------------------------------------------------------------------- 1 | Boot server install ISO 2 | Spacebar to see menu 3 | F6 Other options 4 | 5 | #Replace the 3 --- with rw init=/bin/bash 6 | 7 | mount /dev/sda1 /mnt 8 | 9 | mount --rbind /dev /mnt/dev 10 | 11 | mount --rbind /proc /mnt/proc 12 | 13 | mount --rbind /sys /mnt/sys 14 | 15 | chroot /mnt bash 16 | 17 | grub-install /dev/sda 18 | 19 | exit 20 | 21 | #Poweroff the virtual machine 22 | #Remove the .iso File and start the VM 23 | 24 | 25 | -------------------------------------------------------------------------------- /02_Operation_of_Running_Systems/A04/01_Super_Cow_Powers.sh: -------------------------------------------------------------------------------- 1 | apt --help | tail -n 1 2 | 3 | apt moo 4 | 5 | 6 | 7 | -------------------------------------------------------------------------------- /02_Operation_of_Running_Systems/A04/02_Apt_or_Apt-Get.sh: -------------------------------------------------------------------------------- 1 | apt update 2 | 3 | sudo !! 4 | 5 | sudo apt-get update 6 | 7 | ssh tom@192.168.56.102 "sudo apt update" 8 | 9 | ssh tom@192.168.56.102 "sudo apt update" 10 | 11 | 12 | 13 | -------------------------------------------------------------------------------- /02_Operation_of_Running_Systems/A04/03_Package_Cache.sh: -------------------------------------------------------------------------------- 1 | ls -l /var/cache/apt/pkgcache.bin 2 | 3 | sudo apt-get update 4 | 5 | ls -l /var/cache/apt/pkgcache.bin 6 | 7 | 8 | 9 | -------------------------------------------------------------------------------- /02_Operation_of_Running_Systems/A04/04_Apt-List.sh: -------------------------------------------------------------------------------- 1 | apt list 2 | 3 | apt list zz* 4 | 5 | apt list zzuf 6 | 7 | apt list --installed 8 | 9 | apt list --installed | wc -l 10 | 11 | apt list --upgradable 12 | 13 | sudo apt upgrade ansible 14 | 15 | apt show ansible 16 | 17 | 18 | -------------------------------------------------------------------------------- /02_Operation_of_Running_Systems/A04/05_Apt-Search.sh: -------------------------------------------------------------------------------- 1 | apt search apache 2 | 3 | apt-cache search apache 4 | 5 | apt-cache search apache | wc -l 6 | 7 | apt search --names-only apache 8 | 9 | apt search --names-only apache | wc -l 10 | 11 | apt search --names-only '^apache' | wc -l 12 | 13 | apt search --names-only '^apache' 14 | 15 | apt show apache2 16 | 17 | 18 | 19 | -------------------------------------------------------------------------------- /02_Operation_of_Running_Systems/A04/06_Installing_and_Removing_Software.sh: -------------------------------------------------------------------------------- 1 | sudo apt install -y postfix 2 | 3 | sudo systemctl status postfix 4 | 5 | man apt 6 | 7 | sudo apt remove -y postfix 8 | 9 | sudo apt purge -y postfix 10 | 11 | sudo apt autoremove -y 12 | 13 | #The options are low, medium, high, critical 14 | sudo DEBIAN_PRIORITY=low apt install -y postfix 15 | 16 | 17 | 18 | 19 | -------------------------------------------------------------------------------- /02_Operation_of_Running_Systems/A04/07_More_or_Less_Questions.sh: -------------------------------------------------------------------------------- 1 | #The options are low, medium, high, critical 2 | sudo DEBIAN_PRIORITY=low apt install -y postfix 3 | 4 | 5 | -------------------------------------------------------------------------------- /02_Operation_of_Running_Systems/A04/08_Repositories.sh: -------------------------------------------------------------------------------- 1 | sudo apt edit-sources 2 | 3 | sudo vim /etc/apt/sources.list 4 | 5 | apt-key list 6 | 7 | wget -O- https://apt.releases.hashicorp.com/gpg | sudo apt-key add - 8 | 9 | sudo add-apt-repository "deb https://apt.releases.hashicorp.com focal main" 10 | 11 | apt-key list 12 | 13 | sudo apt edit-sources 14 | 15 | sudo apt update 16 | 17 | 18 | 19 | -------------------------------------------------------------------------------- /02_Operation_of_Running_Systems/A04/09_The_Core_DPKG_System.sh: -------------------------------------------------------------------------------- 1 | dpkg -l 2 | 3 | dpkg -L postfix 4 | 5 | dpkg -S /etc/xattr.conf 6 | 7 | sudo dpkg-reconfigure postfix 8 | 9 | sudo systemctl reload postfix 10 | 11 | ss -ntl 12 | 13 | 14 | 15 | -------------------------------------------------------------------------------- /02_Operation_of_Running_Systems/A05/01_Systemd_Eco-system.sh: -------------------------------------------------------------------------------- 1 | #System Uniformity 2 | 3 | sudo hostnamectl set-hostname ubuntu01 4 | 5 | cat /etc/hostname 6 | 7 | sudo timedatectl set-timezone 'Europe/Zurich' 8 | 9 | ls -l /etc/localtime 10 | 11 | sudo localectl set-locale LANG=de_CH.UTF-8 -------------------------------------------------------------------------------- /02_Operation_of_Running_Systems/A05/02_Analyze_Boot_Time.sh: -------------------------------------------------------------------------------- 1 | pstree 2 | 3 | ps -p1 -f 4 | 5 | ls -l /sbin/init 6 | 7 | systemd-analyze 8 | 9 | systemd-analyzed blame 10 | 11 | 12 | 13 | -------------------------------------------------------------------------------- /02_Operation_of_Running_Systems/A05/03_Using_Systemctl_to_Manage_Services.sh: -------------------------------------------------------------------------------- 1 | #Not all infos are displayed 2 | systemctl status cron 3 | 4 | systemctl status cron.service 5 | 6 | #It ist easier not to type sudo everytime 7 | sudo -i 8 | 9 | systemctl status cron 10 | 11 | systemctl disable cron 12 | 13 | systemctl status cron 14 | 15 | systemctl stop cron 16 | 17 | systemctl status cron 18 | 19 | systemctl enable --now cron 20 | 21 | systemctl status cron 22 | 23 | systemctl disable --now cron 24 | 25 | systemctl mask --now cron 26 | 27 | systemctl start cron 28 | 29 | systemctl unmask --now cron 30 | 31 | systemctl start cron 32 | 33 | systemctl cat cron 34 | 35 | systemctl edit cron --full 36 | 37 | #Change the description: Job Scheduler for regular tasks 38 | 39 | systemctl daemon-reload 40 | 41 | systemctl status cron 42 | 43 | 44 | 45 | -------------------------------------------------------------------------------- /02_Operation_of_Running_Systems/A05/04_Scenario.sh: -------------------------------------------------------------------------------- 1 | sudo -i 2 | 3 | lsblk 4 | 5 | fallocate -l 1G /root/disk1 6 | 7 | ls -lh disk1 8 | 9 | losetup /dev/loop10 /root/disk1 10 | 11 | losetup 12 | 13 | parted /dev/loop10 mklabel msdos mkpart primary 0% 100% 14 | 15 | lsblk 16 | 17 | #After a reboot the block device is not available 18 | 19 | vagrant ssh ubuntu1 20 | 21 | sudo -i 22 | 23 | lsblk 24 | 25 | ls 26 | 27 | systemctl edit losetup.service --full --force 28 | 29 | systemctl daemon-reload 30 | 31 | lsblk 32 | 33 | systemctl enable --now losetup 34 | 35 | lsblk 36 | 37 | reboot 38 | 39 | vagrant ssh ubuntu1 40 | 41 | lsblk 42 | 43 | 44 | -------------------------------------------------------------------------------- /02_Operation_of_Running_Systems/A05/05_losetup_service.sh: -------------------------------------------------------------------------------- 1 | [Unit] 2 | Description=Setup Loop Device 3 | DefaultDependencies=no 4 | Before=local-fs.target 5 | After=systemd-udevd.service 6 | 7 | [Service] 8 | Type=oneshot 9 | ExecStart=/sbin/losetup /dev/loop10 /root/disk1 10 | ExecStart=/sbin/partprobe /dev/loop10 11 | RemainAfterExit=no 12 | 13 | [Install] 14 | WantedBy=local-fs.target 15 | -------------------------------------------------------------------------------- /02_Operation_of_Running_Systems/A05/06_Targets.sh: -------------------------------------------------------------------------------- 1 | runlevel 2 | 3 | systemctl get-default 4 | 5 | systemctl list-units --type target 6 | 7 | sudo systemctl isolate multi-user 8 | 9 | runlevel 10 | 11 | sudo systemctl set-default multi-user 12 | 13 | systemctl get-default 14 | 15 | ssh vagrant@192.168.56.102 16 | 17 | runlevel 18 | 19 | sudo systemctl set-default multi-user 20 | 21 | systemctl get-default 22 | 23 | reboot 24 | 25 | #Let's have a look in Virtualbox 26 | 27 | 28 | -------------------------------------------------------------------------------- /02_Operation_of_Running_Systems/A05/07_Traditional_Logs.sh: -------------------------------------------------------------------------------- 1 | ls -l /var/log 2 | 3 | sudo less /var/log/syslog 4 | 5 | sudo tail /var/log/syslog 6 | 7 | sudo tail -f /var/log/syslog 8 | 9 | cat /etc/rsyslog.conf 10 | 11 | ls /etc/rsyslog.d 12 | 13 | 14 | -------------------------------------------------------------------------------- /02_Operation_of_Running_Systems/A05/08_Journal_Log.sh: -------------------------------------------------------------------------------- 1 | sudo journalctl 2 | 3 | sudo journalctl --unit ssh 4 | 5 | sudo journalctl --unit ssh --since today 6 | 7 | grep -i storage /etc/systemd/journald.conf 8 | 9 | man 5 journald.conf 10 | 11 | sudo sed -i 's/#Storage=auto/Storage=persistent/' /etc/systemd/journald.conf 12 | 13 | grep -i storage /etc/systemd/journald.conf 14 | 15 | sudo systemctl restart systemd-journald 16 | 17 | 18 | -------------------------------------------------------------------------------- /02_Operation_of_Running_Systems/A05/09_Persisting_Journal_Logs.sh: -------------------------------------------------------------------------------- 1 | sudo grep -i 'storage' /etc/systemd/journald.conf 2 | man 5 journald.conf 3 | sudo sed -i 's/#Storage=auto/Storage=persistent/' /etc/systemd/journald.conf 4 | sudo grep -i 'storage' /etc/systemd/journald.conf 5 | sudo systemctl restart systemd-journald 6 | 7 | -------------------------------------------------------------------------------- /02_Operation_of_Running_Systems/A05/losetup.service: -------------------------------------------------------------------------------- 1 | [Unit] 2 | Description=Setup Loop Device 3 | DefaultDependencies=no 4 | Before=local-fs.target 5 | After=systemd-udevd.service 6 | 7 | [Service] 8 | Type=oneshot 9 | ExecStart=/sbin/losetup /dev/loop10 /root/disk1 10 | ExecStart=/sbin/partprobe /dev/loop10 11 | RemainAfterExit=no 12 | 13 | [Install] 14 | WantedBy=local-fs.target -------------------------------------------------------------------------------- /02_Operation_of_Running_Systems/A06/01_Your_First_Shell_Script.sh: -------------------------------------------------------------------------------- 1 | mkdir ~/shellscripting 2 | vim info.sh 3 | echo "==================" 4 | hostname 5 | hostname -I 6 | uname -r 7 | echo "==================" 8 | bash info.sh 9 | 10 | 11 | 12 | -------------------------------------------------------------------------------- /02_Operation_of_Running_Systems/A06/02_Make_Standalone.sh: -------------------------------------------------------------------------------- 1 | file info.sh 2 | 3 | cp info.sh info2.sh 4 | 5 | sed -i '1i#!/bin/bash' info* 6 | 7 | file info.sh 8 | 9 | chmod -v a+x info.sh 10 | 11 | ./info.sh 12 | 13 | echo $PATH 14 | 15 | PATH=$PATH:/home/vagrant/shellscriptinh 16 | 17 | echo $PATH 18 | 19 | cd 20 | 21 | info.sh 22 | 23 | cd - 24 | 25 | -------------------------------------------------------------------------------- /02_Operation_of_Running_Systems/A06/03_Implementing_Variables_and_Loops.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | INFO_HOSTNAME=$(hostname) 3 | INFO_IP=$(hostname -I | cut -f2 -d " ") 4 | INFO_KERNEL=$(uname -r) 5 | for i in {1..25} ; do 6 | echo -n = 7 | done 8 | echo 9 | echo "Host: $INFO_HOSTNAME" 10 | echo "IP: $INFO_IP" 11 | echo "Kernel: $INFO_KERNEL" 12 | echo "OS: $PRETTY_NAME" 13 | for i in {1..25} ; do 14 | echo -n = 15 | done 16 | -------------------------------------------------------------------------------- /02_Operation_of_Running_Systems/A06/04_Using_Imported_Variables.sh: -------------------------------------------------------------------------------- 1 | cat /etc/os-release 2 | 3 | source /etc/os-release 4 | 5 | echo $PRETTY_NAME 6 | 7 | 8 | 9 | -------------------------------------------------------------------------------- /02_Operation_of_Running_Systems/A06/05_Creating_a_Password_Generator.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | PWD_OK="false" 3 | while [ "$PWD_OK" != "true" ] ; do 4 | read -sp 'Enter a new password: ' 5 | echo 6 | PWD_LEN=$(echo -n "$REPLY" | wc -m) 7 | PASSWORD=$(openssl passwd -6 "$REPLY") 8 | if [ "$PWD_LEN" -gt 6 ] ; then 9 | PWD_OK="true" 10 | echo "$PASSWORD" 11 | fi 12 | done 13 | 14 | 15 | chmod -v a+x pwgen.sh 16 | 17 | 18 | -------------------------------------------------------------------------------- /02_Operation_of_Running_Systems/A06/06_Using_Script_Arguments.sh: -------------------------------------------------------------------------------- 1 | if [[ $# -ne 1 ]] ; then 2 | read -sp "Enter password: " 3 | echo "" 4 | else 5 | REPLY=$1 6 | fi 7 | 8 | 9 | 10 | -------------------------------------------------------------------------------- /02_Operation_of_Running_Systems/A06/07_Improving_the_Password_Generator.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | PWD_OK="false" 3 | while [ "$PWD_OK" != "true" ] ; do 4 | if [[ $# -ne 1 ]]; then 5 | read -sp 'Enter a new password: ' 6 | echo 7 | else 8 | REPLY="$1" 9 | fi 10 | PWD_LEN=$(echo -n "$REPLY" | wc -m) 11 | PASSWORD=$(openssl passwd -6 "$REPLY") 12 | if [ "$PWD_LEN" -gt 6 ] ; then 13 | PWD_OK="true" 14 | echo "$PASSWORD" 15 | else 16 | echo "Password too short" 17 | exit 1 18 | fi 19 | done -------------------------------------------------------------------------------- /02_Operation_of_Running_Systems/A06/08_Creating Users_from_the_CLI.sh: -------------------------------------------------------------------------------- 1 | for user in joe sam pete ; do 2 | sudo useradd -m -s /bin/bash -p $(pwgenim.sh Password123?) $user 3 | done 4 | 5 | tail -n3 /etc/passwd 6 | 7 | sudo tail -n3 /etc/shadow 8 | 9 | su - joe 10 | 11 | exit -------------------------------------------------------------------------------- /02_Operation_of_Running_Systems/A06/info.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | source /etc/os-release 3 | INFO_HOSTNAME=$(hostname) 4 | INFO_IP=$(hostname -I | cut -f2 -d " ") 5 | INFO_KERNEL=$(uname -r) 6 | for i in {1..25} ; do 7 | echo -n = 8 | done 9 | echo 10 | echo "Host: $INFO_HOSTNAME" 11 | echo "IP: $INFO_IP" 12 | echo "Kernel: $INFO_KERNEL" 13 | echo "OS: $PRETTY_NAME" 14 | for i in {1..25} ; do 15 | echo -n = 16 | done 17 | echo -------------------------------------------------------------------------------- /02_Operation_of_Running_Systems/A06/pwgen.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | PWD_OK="false" 3 | while [ "$PWD_OK" != "true" ] ; do 4 | if [[ $# -ne 1 ]]; then 5 | read -sp 'Enter a new password: ' 6 | echo 7 | else 8 | REPLY="$1" 9 | fi 10 | PWD_LEN=$(echo -n "$REPLY" | wc -m) 11 | PASSWORD=$(openssl passwd -6 "$REPLY") 12 | if [ "$PWD_LEN" -gt 6 ] ; then 13 | PWD_OK="true" 14 | echo "$PASSWORD" 15 | else 16 | echo "Password too short" 17 | exit 1 18 | fi 19 | done -------------------------------------------------------------------------------- /02_Operation_of_Running_Systems/A07/01_Documentation.sh: -------------------------------------------------------------------------------- 1 | man 5 systemd.timer 2 | 3 | Being able to quickly access help documentation will be an asset in the exam and in 4 | real life. 5 | 6 | #Service Unit 7 | [Unit] 8 | Description="Back up the etc directory" 9 | 10 | [Service] 11 | ExecStart=tar -czf /root/etc.tgz /etc 12 | 13 | The timer unit will run a service unit. The service unit will not have the [Install] 14 | section meaning that it cannot be enabled. 15 | 16 | #Timer Unit 17 | [Unit] 18 | Description="Run backup of etc once a day" 19 | 20 | [Timer] 21 | OnBootSec=5min 22 | OnUnitActiveSec=24h 23 | Unit=backup.service 24 | 25 | [Install] 26 | WantedBy=multi-user.target 27 | 28 | -------------------------------------------------------------------------------- /02_Operation_of_Running_Systems/A07/02_Working_with_Timer_Units.sh: -------------------------------------------------------------------------------- 1 | systemctl list-timers 2 | 3 | systemctl cat logrotate.timer 4 | 5 | man 5 systemd.timer 6 | /Accur 7 | 8 | sudo systemctl edit backup.service --full --force 9 | 10 | sudo systemd-analyze verify /etc/systemd/system/backup.service 11 | 12 | #Edit the file with an error 13 | sudo systemctl edit backup.service --full --force 14 | 15 | sudo systemd-analyze verify /etc/systemd/system/backup.service 16 | 17 | #Undo the settings 18 | sudo systemctl edit backup.service --full --force 19 | 20 | sudo systemd-analyze verify /etc/systemd/system/backup.service 21 | 22 | sudo systemctl edit backup.timer --full --force 23 | 24 | sudo systemd-analyze verify /etc/systemd/system/backup.timer 25 | 26 | sudo systemctl enable backup.timer 27 | 28 | sudo reboot 29 | 30 | systemctl list-timers 31 | 32 | 33 | -------------------------------------------------------------------------------- /02_Operation_of_Running_Systems/A07/03_System_Crontab.sh: -------------------------------------------------------------------------------- 1 | sudo systemctl status cron 2 | 3 | grep '^#' /etc/crontab 4 | 5 | ls /etc/cron.d/ 6 | 7 | sudo nano /etc/cron.d/test 8 | */10 9-17 * * * root date >> /tmp/date 9 | 10 | 11 | -------------------------------------------------------------------------------- /02_Operation_of_Running_Systems/A07/04_User_Crons.sh: -------------------------------------------------------------------------------- 1 | crontab -l 2 | 3 | crontab -e 4 | * * * * * date >> /tmp/date 5 | 6 | sudo journalctl -f 7 | 8 | #Remove the crontab file 9 | crontab -r 10 | 11 | #By the way did our backup work? 12 | sudo ls /root 13 | 14 | sudo ls /tmp 15 | 16 | 17 | -------------------------------------------------------------------------------- /02_Operation_of_Running_Systems/A07/05_Once_Only_Tasks.sh: -------------------------------------------------------------------------------- 1 | sudo systemctl status atd 2 | 3 | atq 4 | 5 | at teatime 6 | date 7 | #CTRL + d to exit at 8 | 9 | atq 10 | 11 | #Be careful not to mistype 12 | at 13:25 Nov 14 2022 13 | ls /etc 14 | #CTRL + d to exit at 15 | 16 | atq 17 | 18 | atrm 2 19 | 20 | at 13:25 Nov 14 2022 21 | ls /etc 22 | 23 | at -c 1 24 | 25 | 26 | -------------------------------------------------------------------------------- /02_Operation_of_Running_Systems/A07/backup.service: -------------------------------------------------------------------------------- 1 | [Unit] 2 | Description="Back up the etc directory" 3 | 4 | [Service] 5 | ExecStart=tar -czf /root/etc.tar.gz /etc -------------------------------------------------------------------------------- /02_Operation_of_Running_Systems/A07/backup.timer: -------------------------------------------------------------------------------- 1 | [Unit] 2 | Description="Run backup of /etc once a day" 3 | 4 | [Timer] 5 | OnBootSec=5min 6 | OnUnitActiveSec=24h 7 | Unit=backup.service 8 | 9 | [Install] 10 | WantedBy=multi-user.target -------------------------------------------------------------------------------- /02_Operation_of_Running_Systems/A08/01_Multipathd.sh: -------------------------------------------------------------------------------- 1 | sudo journalctl --unit multipathd -f 2 | 3 | sudo systemctl status multipathd 4 | 5 | man 5 multipath.conf 6 | 7 | 8 | 9 | -------------------------------------------------------------------------------- /02_Operation_of_Running_Systems/A08/02_Ansible_Provisioner_with_Vagrant.sh: -------------------------------------------------------------------------------- 1 | -name: correct multipathd 2 | copy: 3 | dest: /etc/multipath.conf 4 | content: | 5 | defaults { 6 | user_friendly_names yes 7 | } 8 | blacklist { 9 | devnode "^sd[a-b]" 10 | } 11 | notify: RestartMP 12 | 13 | 14 | 15 | -------------------------------------------------------------------------------- /02_Operation_of_Running_Systems/A08/03_Uptime_and_Load_Averages.sh: -------------------------------------------------------------------------------- 1 | nproc 2 | 3 | lscpu 4 | 5 | uptime (1min) (5min) (15min) 6 | 7 | tar -cJf share.tar.xz /usr/share/doc &> /dev/null & 8 | 9 | watch uptime 10 | 11 | 12 | -------------------------------------------------------------------------------- /02_Operation_of_Running_Systems/A08/04_Using_Top.sh: -------------------------------------------------------------------------------- 1 | top 2 | 3 | f 4 | 5 | s 6 | 7 | -------------------------------------------------------------------------------- /02_Operation_of_Running_Systems/A08/05_Using_Ps_(Process-Status).sh: -------------------------------------------------------------------------------- 1 | ps 2 | 3 | ps -f 4 | 5 | ps -fl 6 | 7 | ps -elf 8 | 9 | ps -lfp1 10 | 11 | 12 | 13 | -------------------------------------------------------------------------------- /02_Operation_of_Running_Systems/A08/06_Pgrep.sh: -------------------------------------------------------------------------------- 1 | ps -elf | grep bash 2 | 3 | pgrep bash 4 | 5 | 6 | -------------------------------------------------------------------------------- /02_Operation_of_Running_Systems/A08/07_Ending_Processes.sh: -------------------------------------------------------------------------------- 1 | ps 2 | 3 | ls /proc 4 | 5 | cd /proc/$$ 6 | 7 | ls 8 | 9 | ps -f 10 | 11 | ps -fl 12 | 13 | ps -elf 14 | 15 | ps -lfp1 16 | 17 | ps -elf | grep bash 18 | 19 | pgrep bash 20 | 21 | ps -lp $(pgrep bash) 22 | 23 | kill -l 24 | 25 | sleep 1000 & 26 | 27 | ps 28 | 29 | kill 15365 30 | 31 | ls 32 | 33 | sleep 1000 & 34 | 35 | pkill sleep 36 | 37 | sleep 1000 & 38 | 39 | pkill -9 sleep 40 | 41 | sleep 1000 & 42 | 43 | pkill -15 sleep 44 | 45 | kill -l 46 | 47 | -------------------------------------------------------------------------------- /02_Operation_of_Running_Systems/A08/08_Sharing_CPU.sh: -------------------------------------------------------------------------------- 1 | sleep 1000 & 2 | 3 | ps -lfp $(pgrep sleep) 4 | 5 | nice -10 sleep 1000 & 6 | 7 | ps -lfp $(pgrep sleep) 8 | 9 | renice 19 -p 10 | 11 | sudo renice -15 -p 12 | 13 | ps -alf 14 | 15 | -------------------------------------------------------------------------------- /02_Operation_of_Running_Systems/A08/Vagrantfile: -------------------------------------------------------------------------------- 1 | # -*- mode: ruby -*- 2 | # vi: set ft=ruby : 3 | 4 | #Place Vagrantfile in the directory you run vagrant from. 5 | #This should also contain ubuntu.yml which configure VMs 6 | 7 | # setting for all VMs 8 | Vagrant.configure("2") do |config| 9 | config.vm.box = "ubuntu/focal64" 10 | config.vm.provision "ansible_local", playbook: "ubuntu.yml" 11 | config.vm.provider "virtualbox" do |v| 12 | v.memory = 2048 13 | v.cpus = 2 14 | end 15 | 16 | # specific for ubuntu1 17 | config.vm.define "ubuntu1" do |ubuntu1| 18 | ubuntu1.vm.hostname = "ubuntu1" 19 | ubuntu1.vm.network "private_network", ip: "192.168.56.101" 20 | end 21 | 22 | # specific for ubuntu2 23 | config.vm.define "ubuntu2" do |ubuntu2| 24 | ubuntu2.vm.hostname = "ubuntu2" 25 | ubuntu2.vm.network "private_network", ip: "192.168.56.102" 26 | end 27 | end -------------------------------------------------------------------------------- /02_Operation_of_Running_Systems/A08/ubuntu.yml: -------------------------------------------------------------------------------- 1 | # Place in directory you run Vagrant from, alongside the Vagrantfile 2 | - name: Configure Ubuntu 3 | hosts: all 4 | become: true 5 | gather_facts: false 6 | tasks: 7 | - name: Update Package Cache and Upgrade Existing Packages 8 | apt: 9 | update_cache: true 10 | upgrade: true 11 | 12 | - name: Ensure SSH Allows Password Authentication 13 | lineinfile: 14 | path: /etc/ssh/sshd_config 15 | line: PasswordAuthentication yes 16 | regexp: '^PasswordAuthentication .*$' 17 | notify: RestartSSH 18 | - name: correct multipathd 19 | copy: 20 | dest: /etc/multipath.conf 21 | content: | 22 | defaults { 23 | user_friendly_names yes 24 | } 25 | blacklist { 26 | devnode "^sd[a-b]" 27 | } 28 | notify: RestartMP 29 | handlers: 30 | - name: RestartSSH 31 | service: 32 | name: ssh 33 | state: restarted 34 | - name: RestartMP 35 | service: 36 | name: multipathd 37 | state: restarted -------------------------------------------------------------------------------- /02_Operation_of_Running_Systems/A09/01_Investigating_AppArmor.sh: -------------------------------------------------------------------------------- 1 | sudo systemctl status apparmor 2 | 3 | aa-status 4 | 5 | sudo aa-status 6 | 7 | sudo aa-status --complaining 8 | 9 | sudo aa-status --enforced 10 | 11 | ls /etc/apparmor.d 12 | 13 | dpkg -S /etc/apparmor.d/lsb_release 14 | 15 | apt show apparmor 16 | 17 | 18 | -------------------------------------------------------------------------------- /02_Operation_of_Running_Systems/A09/02_Installing_Extra_Utilities.sh: -------------------------------------------------------------------------------- 1 | sudo apt install -y apparmor-easyprof apparmor-utils apparmor-notify 2 | 3 | 4 | 5 | -------------------------------------------------------------------------------- /02_Operation_of_Running_Systems/A09/03_Simple_Python_Script.sh: -------------------------------------------------------------------------------- 1 | sudo nano /usr/bin/file_test.py 2 | #!/usr/bin/python3 3 | FILE = '/tmp/mytextfile' 4 | try: 5 | open(FILE,'a').close() 6 | print(f'Createdfile: {FILE}') 7 | except: 8 | print(f'Failed to create file {FILE}') 9 | exit(1) 10 | 11 | sudo chmod755 /usr/bin/file_test.py 12 | 13 | file_test.py 14 | 15 | rm /tmp/mytextfile 16 | 17 | 18 | 19 | 20 | https://github.com/tomwechsler/Ubuntu_Linux_Administration -------------------------------------------------------------------------------- /02_Operation_of_Running_Systems/A09/04_Creating_AppArmor_Profile.sh: -------------------------------------------------------------------------------- 1 | aa-easyprof /usr/bin/file_test.py | sudo tee /etc/apparmor.d/usr.bin.file_test.py 2 | 3 | sudo aa-status --enforced 4 | 5 | sudo apparmor_parser -r /etc/apparmor.d/usr.bin.file_test.py 6 | 7 | sudo aa-status --enforced 8 | 9 | 10 | 11 | -------------------------------------------------------------------------------- /02_Operation_of_Running_Systems/A09/05_Reading_Denials.sh: -------------------------------------------------------------------------------- 1 | file_test.py 2 | 3 | /usr/bin/python3: cant open file '/usr/bin/file_test.py': [Errno 13] Permission denied 4 | 5 | sudo journalctl -k -g 'apparmor="DENIED"' 6 | 7 | sudo aa-notify -s 1 -v 8 | 9 | 10 | 11 | -------------------------------------------------------------------------------- /02_Operation_of_Running_Systems/A09/06_Simple_But_Incomplete_Profile.sh: -------------------------------------------------------------------------------- 1 | /usr/bin/file_test.py { 2 | /usr/bin/file_test.py r, 3 | } 4 | 5 | 6 | 7 | -------------------------------------------------------------------------------- /02_Operation_of_Running_Systems/A09/07_Setting_Complain_Mode_and_Log_Profiling.sh: -------------------------------------------------------------------------------- 1 | aa-easyprof /usr/bin/file_test.py 2 | 3 | aa-easyprof /usr/bin/file_test.py | sudo tee /etc/apparmor.d/usr.bin.file_test.py 4 | 5 | cat /etc/apparmor.d/usr.bin.file_test.py 6 | 7 | sudo aa-status --enforced 8 | 9 | sudo apparmor_parser -r /etc/apparmor.d/usr.bin.file_test.py 10 | 11 | sudo aa-status --enforced 12 | 13 | #We get an error 14 | file_test.py 15 | /usr/bin/python3: cant open file '/usr/bin/file_test.py': [Errno 13] Permission denied 16 | 17 | sudo aa-complain /etc/apparmor.d/usr.bin.file_test.py 18 | 19 | sudo aa-status --complaining 20 | 21 | udo aa-status --enforced 22 | 23 | file_test.py 24 | 25 | sudo aa-notify -s 1 -v 26 | 27 | sudo journalctl -k -g 'apparmor="DENIED"' 28 | 29 | sudo aa-logprof 30 | 31 | sudo aa-enforce /etc/apparmor.d/usr.bin.file_test.py 32 | 33 | file_test.py 34 | 35 | #Edit the file name 36 | sudo nano /usr/bin/file_test.py 37 | 38 | file_test.py 39 | 40 | sudo file_test.py 41 | 42 | 43 | -------------------------------------------------------------------------------- /02_Operation_of_Running_Systems/A09/file_test.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/python3 2 | FILE = '/tmp/mytextfile' 3 | try: 4 | open(FILE,'a').close() 5 | print(f'Created file: {FILE}') 6 | except: 7 | print(f'Failed to create file {FILE}') 8 | exit(1) -------------------------------------------------------------------------------- /03_User_and_Group_Management/A02/01_User_Account_Databases_Listing_Users.sh: -------------------------------------------------------------------------------- 1 | cat /etc/passwd 2 | 3 | #What does the fields mean? 4 | grep vagrant /etc/passwd 5 | 6 | #Lets look at the man pages 7 | man 5 passwd 8 | 9 | #A Database view 10 | getent passwd 11 | 12 | #The users must not always be local 13 | grep '^passwd' /etc/nsswitch.conf 14 | 15 | man nsswitch.conf 16 | 17 | getent passwd vagrant 18 | 19 | #An other search method 20 | awk -F: '{ print }' /etc/passwd 21 | 22 | #What does the man page mean? 23 | man awk 24 | 25 | #Thats not very valuable 26 | awk -F: '{ print $3 }' /etc/passwd 27 | 28 | #Shows the standard users 29 | awk -F: '{ if ($3 > 999) print }' /etc/passwd 30 | 31 | #Shows the system users 32 | awk -F: '{ if ($3 < 1000) print }' /etc/passwd 33 | 34 | #System users without root 35 | awk -F: '{ if ($3 < 1000 && $3 > 0) print }' /etc/passwd 36 | 37 | 38 | 39 | 40 | Database 41 | /etc/passwd 42 | getent passwd 43 | getent passwd 44 | man 5 passwd 45 | /etc/nsswitch.cenf 46 | 47 | Types 48 | standard users (UID above 1000) 49 | system users (UID under 1000) 50 | UID 0 (root) 51 | Case-sensitive username as weil as password -------------------------------------------------------------------------------- /03_User_and_Group_Management/A02/02_Sudo.sh: -------------------------------------------------------------------------------- 1 | sudo less /etc/sudoers 2 | 3 | sudo ls /etc/sudoers.d/ 4 | 5 | 6 | -------------------------------------------------------------------------------- /03_User_and_Group_Management/A02/02_su_substitute_user.sh: -------------------------------------------------------------------------------- 1 | id 2 | 3 | echo $USER 4 | 5 | #To demonstrate a full login shell we set the root (in ubuntu root has no password) password 6 | sudo passwd root 7 | 8 | #A root shell but no environment variables 9 | su 10 | 11 | id 12 | 13 | echo $USER 14 | 15 | exit 16 | 17 | #su - or su -l are the same 18 | su - 19 | 20 | su -l 21 | 22 | pwd 23 | 24 | echo $USER 25 | 26 | useradd -m bob -s /bin/bash 27 | 28 | #Bob has no password, but root can su 29 | su - bob 30 | 31 | pwd 32 | 33 | exit 34 | 35 | sudo passwd -l root 36 | 37 | 38 | -------------------------------------------------------------------------------- /03_User_and_Group_Management/A02/03_Editing_the_Sudoers_Files.sh: -------------------------------------------------------------------------------- 1 | sudo visudo 2 | 3 | sudo visudo -f /etc/sudoers.d/bob 4 | 5 | 6 | 7 | Using the command visudo to make changes to the configuration will enforce a syntax check 8 | when the file is saved. 9 | A misconfigured sudo entry will disable sudo access to your system. 10 | 11 | 12 | bob ubuntu1=(root) NOPASSWD: ALL 13 | 14 | %sudo ALL=(root) ALL 15 | 16 | %helpdesk ALL=(root) /usr/bin/passwd, !/usr/bin/passwd root 17 | 18 | 19 | 20 | -------------------------------------------------------------------------------- /03_User_and_Group_Management/A02/03_Using_sudo_in_Ubuntu.sh: -------------------------------------------------------------------------------- 1 | cat /etc/sudoers 2 | 3 | sudo !! 4 | 5 | sudo ls /etc/sudoers.d/ 6 | 7 | sudo cat /etc/sudoers.d/vagrant 8 | 9 | #List sudo entries 10 | sudo -l 11 | 12 | id 13 | 14 | #Add Vagrant to admin group (has nothing to do with sudo, serves as a precaution in case of an emergency) 15 | sudo usermod -aG admin vagrant 16 | 17 | #In order for the group membership to take effect, we have to log out 18 | exit 19 | 20 | vagrant ssh ubuntu1 21 | 22 | id 23 | 24 | #We should not edit this file 25 | sudo visudo 26 | 27 | #ATTENTION to the syntax 28 | sudo visudo -f /etc/sudoers.d/bob 29 | 30 | bob ALL=(root) NOPASSWD: /usr/bin/passwd, !/usr/bin/passwd root 31 | 32 | #Lets make a mistake 33 | sudo visudo -f /etc/sudoers.d/bob 34 | 35 | #Never use the third option 36 | 37 | sudo su - bob 38 | 39 | sudo -l 40 | 41 | #This will not work 42 | sudo cat /etc/shadow 43 | 44 | sudo passwd ubuntu 45 | 46 | #This will not work 47 | sudo passwd root -------------------------------------------------------------------------------- /03_User_and_Group_Management/A02/04_Using_Polkit(Formerly-PolicyKit).sh: -------------------------------------------------------------------------------- 1 | #Open an second terminal/shell 2 | 3 | #In the first shell 4 | PS1="Window1 $ " 5 | 6 | #In the second shell 7 | PS1="Window2 $ " 8 | 9 | id 10 | 11 | sudo cat /etc/polkit-1/localauthority.conf.d/51-ubuntu-admin.conf 12 | 13 | #Let's brake sudo 14 | sudo visudo 15 | 16 | echo $$ 17 | 18 | #In the second shell 19 | pkttyagent --process 5296 20 | 21 | #In the first shell 22 | pkexec visudo 23 | 24 | #In the secon shell 25 | enter password 26 | 27 | #Back to the first shell and undo the sudo break 28 | sudo visudo 29 | 30 | 31 | -------------------------------------------------------------------------------- /03_User_and_Group_Management/A03/01_Creating_Users.sh: -------------------------------------------------------------------------------- 1 | file $(which useradd) 2 | 3 | file $(which adduser) 4 | 5 | useradd --help 6 | 7 | sudo useradd user1 8 | 9 | tail -n1 /etc/passwd 10 | 11 | getent passwd user1 12 | 13 | grep '^passwd:' /etc/nsswitch.conf 14 | 15 | man 5 passwd 16 | 17 | id user1 18 | 19 | ls /home 20 | 21 | sudo useradd -m -s /usr/bin/bash -G admin,sudo user2 22 | 23 | ls /home 24 | 25 | id user2 26 | 27 | !ta 28 | 29 | 30 | 31 | -------------------------------------------------------------------------------- /03_User_and_Group_Management/A03/02_working_with_defaults.sh: -------------------------------------------------------------------------------- 1 | #Shows the defaults 2 | useradd -D 3 | 4 | #Change the default shell 5 | sudo vim /etc/default/useradd 6 | 7 | #Shows the defaults again 8 | useradd -D 9 | 10 | #Some other defaults 11 | sudo vim /etc/login.defs 12 | 13 | #Nothing 14 | grep CREATE_HOME /etc/login.defs 15 | 16 | man 5 login.defs 17 | /CREATE 18 | 19 | #We set the home directory 20 | sudo vim /etc/login.defs 21 | CREATE_HOME yes 22 | 23 | sudo useradd user3 24 | 25 | !tai 26 | 27 | ls /home -------------------------------------------------------------------------------- /03_User_and_Group_Management/A03/03_The_Skeleton_Directory.sh: -------------------------------------------------------------------------------- 1 | ls -la /etc/skel 2 | 3 | ls -la /home/user3 4 | 5 | sudo ln -s /usr/share/doc /etc/skel/doc 6 | 7 | ls -la /etc/skel 8 | 9 | sudo useradd user5 10 | 11 | ls -la ~user5 12 | 13 | ls -la ~user3 14 | 15 | 16 | 17 | -------------------------------------------------------------------------------- /03_User_and_Group_Management/A03/04_Modify_and_Delete_Users.sh: -------------------------------------------------------------------------------- 1 | ls /home 2 | 3 | id user2 4 | 5 | id 6 | 7 | touch file1 8 | 9 | ls -l file1 10 | 11 | sudo usermod -G staff user2 12 | 13 | id user2 14 | 15 | sudo usermod -aG admin,sudo user2 16 | 17 | id user2 18 | 19 | sudo userdel user2 20 | 21 | ls -l /home 22 | 23 | sudo userdel -r user3 24 | 25 | ls /home 26 | 27 | sudo find /home /var -nouser 28 | 29 | !! -delete 30 | 31 | 32 | -------------------------------------------------------------------------------- /03_User_and_Group_Management/A03/05_Finger_Information.sh: -------------------------------------------------------------------------------- 1 | getent passwd vagrant 2 | 3 | chfn 4 | 5 | !g 6 | 7 | #No permission 8 | chfn -f "vagrant user" 9 | 10 | sudo !! vagrant 11 | 12 | !g 13 | 14 | file $(which adduser) 15 | 16 | sudo adduser user6 17 | 18 | sudo apt install -y finger 19 | 20 | finger vagrant 21 | 22 | finger user6 23 | 24 | 25 | -------------------------------------------------------------------------------- /03_User_and_Group_Management/A03/06_Groups.sh: -------------------------------------------------------------------------------- 1 | cat /etc/group 2 | 3 | getent group sudo 4 | 5 | sudo groupadd --help 6 | 7 | sudo groupadd sales 8 | 9 | getent group sales 10 | 11 | sudo useradd user7 12 | 13 | id user7 14 | 15 | sudo groupmod -n grp-sales sales 16 | 17 | sudo groupdel grp-sales 18 | 19 | 20 | 21 | -------------------------------------------------------------------------------- /03_User_and_Group_Management/A04/01_Understanding_Shadow_Data.sh: -------------------------------------------------------------------------------- 1 | sudo useradd -m user8 -s /bin/bash 2 | 3 | #To set the password we use -p or --password (but it is not so easy) 4 | sudo useradd --help 5 | 6 | sudo useradd -m user9 -s /bin/bash -p $(openssl passwd -6 P@ssw0rd) 7 | 8 | #Let's have a look at the fields 9 | sudo tail -n2 /etc/shadow 10 | 11 | date -d '1 Jan 1970' 12 | 13 | date -d '1 Jan 1970 19265 days' 14 | 15 | sudo chage -l user8 16 | 17 | man 5 shadow 18 | 19 | sudo getent shadow 20 | 21 | sudo getent shadow user8 22 | 23 | 24 | -------------------------------------------------------------------------------- /03_User_and_Group_Management/A04/02_Managing_Passwords_with_Passwd_and_Chpasswd.sh: -------------------------------------------------------------------------------- 1 | sudo passwd user8 2 | 3 | sudo getent shadow user8 4 | 5 | sudo passwd -l user8 6 | 7 | sudo getent shadow user8 8 | 9 | sudo passwd -u user8 10 | 11 | sudo getent shadow user8 12 | 13 | #Notice we start with a space (this line will not show in the history) 14 | echo "user8:P@ssw0rd" | sudo chpasswd 15 | 16 | #Nope no entry 17 | history 18 | 19 | sudo getent shadow user8 20 | 21 | #Interactive mode to set the password 22 | sudo chpasswd 23 | 24 | user8:P@ssw0rd 25 | user9:P@ssw0rd 26 | 27 | CTRL+D 28 | 29 | #Copy the users from above 30 | vim users 31 | 32 | sudo chpasswd < users 33 | 34 | 35 | -------------------------------------------------------------------------------- /03_User_and_Group_Management/A04/03_Splitting_the_Password_Field.sh: -------------------------------------------------------------------------------- 1 | sudo getent shadow $USER 2 | 3 | sudo getent shadow $USER | cut -f2 -d: 4 | 5 | sudo getent shadow $USER | cut -f2 -d: | awk -F$ '{ print $2 }' 6 | 7 | sudo getent shadow $USER | cut -f2 -d: | awk -F$ '{ print $3 }' 8 | 9 | sudo getent shadow $USER | cut -f2 -d: | awk -F$ '{ print $4 }' 10 | 11 | sudo getent shadow $USER | cut -f2 -d: | awk -F$ '{ print "ALG:\t" $2 "\nSALT:\t" $3 "\nHASH:\t" $4 }' 12 | 13 | 14 | 15 | -------------------------------------------------------------------------------- /03_User_and_Group_Management/A04/04_Authentication.sh: -------------------------------------------------------------------------------- 1 | openssl passwd -6 P@ssw0rd 2 | 3 | #Repeat 3 times 4 | openssl passwd -1 P@ssw0rd 5 | 6 | #Copy the salt from above 7 | openssl passwd -1 -salt XN2wmxkkdjLiIOUk P@ssw0rd 8 | 9 | sudo getent shadow $USER | cut -f2 -d: | awk -F$ '{ print "ALG:\t" $2 "\nSALT:\t" $3 "\nHASH:\t" $4 }' 10 | 11 | #Copy the salt from above 12 | openssl passwd -6 -salt aAMjsB2Ztbmyf6aE vagrant 13 | 14 | #The hash is absolutely the same 15 | 16 | 17 | -------------------------------------------------------------------------------- /03_User_and_Group_Management/A04/05_Managing_Groups.sh: -------------------------------------------------------------------------------- 1 | sudo groupadd helpdesk 2 | 3 | sudo gpasswd -a vagrant helpdesk 4 | 5 | sudo gpasswd -A vagrant helpdesk 6 | 7 | gpasswd -a ubuntu helpdesk 8 | 9 | 10 | 11 | -------------------------------------------------------------------------------- /03_User_and_Group_Management/A05/01_The_Skeleton_Directory.sh: -------------------------------------------------------------------------------- 1 | sudo useradd -m test_user 2 | 3 | ls -A ~test_user 4 | 5 | ls -A /etc/skel 6 | 7 | cd /etc/skel 8 | 9 | #Create a new file wirh some text 10 | vim README 11 | 12 | cd 13 | 14 | ls -A /etc/skel 15 | 16 | #Nothing happend to the existing user home 17 | ls -a ~test_user 18 | 19 | sudo useradd -m test_user2 20 | 21 | ls -A ~test_user2 22 | 23 | -------------------------------------------------------------------------------- /03_User_and_Group_Management/A05/02_Configuring_an_Individual_Umask.sh: -------------------------------------------------------------------------------- 1 | umask 2 | 3 | grep '#umask' .profile 4 | 5 | sed –i '/^#umask/s/^#//' .profile ##uncomment the umask setting 6 | 7 | sed –i '/^umask/s/^/#/' .profile ##to comment the line 8 | 9 | 10 | 11 | -------------------------------------------------------------------------------- /03_User_and_Group_Management/A05/03_Clearing_Screen_on_Logout.sh: -------------------------------------------------------------------------------- 1 | cat .bash_logout 2 | 3 | /usr/bin/clear_console 4 | 5 | sed -i '$a clear' .bash_logout #appends to the last line 6 | 7 | sed –i '$d' .bash_logout #deletes the last line 8 | 9 | 10 | -------------------------------------------------------------------------------- /03_User_and_Group_Management/A05/04_Working_with_Login_Shells_.sh: -------------------------------------------------------------------------------- 1 | sudo apt update && sudo apt install –y bash-doc 2 | 3 | ls /usr/share/doc/bash/examples/startup-files/ 4 | 5 | cat .profile 6 | 7 | umask 8 | 9 | grep '#umask' .profile 10 | 11 | sed –i '/^#umask/s/^#//' .profile ##uncomment the umask setting 12 | 13 | grep 'umask' .profile 14 | 15 | #To check the settings logout and login 16 | 17 | umask 18 | 19 | #Undo the settings 20 | sed –i '/^umask/s/^/#/' .profile ##to comment the line 21 | 22 | !g 23 | 24 | cat .bash_logout 25 | 26 | #Does not work 27 | /usr/bin/clear_console 28 | 29 | tty 30 | 31 | sed -i '$a clear' .bash_logout #appends to the last line 32 | 33 | #Some commands 34 | ls 35 | ls -la 36 | 37 | #Now logout 38 | 39 | #Undo the settings 40 | sed –i '$d' .bash_logout #deletes the last line 41 | 42 | cat .bash_logout 43 | 44 | 45 | 46 | -------------------------------------------------------------------------------- /03_User_and_Group_Management/A05/05_Centralized_Login_Scripts.sh: -------------------------------------------------------------------------------- 1 | ls /etc/profile 2 | 3 | ls /etc/profile.d 4 | 5 | ls -l /etc/bash.bashrc 6 | 7 | #Create a custom login script 8 | sudo vim /etc/profile.d/custom.sh 9 | 10 | umask 027 11 | alias cleanfile="grep -E -v '^(#|$'" 12 | set -o noclobber 13 | 14 | #Exit the editor 15 | 16 | #Exit the ssh session and login 17 | 18 | alias 19 | 20 | umask 21 | 22 | cat .profile 23 | 24 | cleanfile .profile 25 | 26 | set -o 27 | 28 | echo hello > file1 29 | 30 | #Does not work anymore 31 | echo hello > file1 32 | 33 | #Append works 34 | echo hello >> file1 35 | 36 | 37 | 38 | 39 | -------------------------------------------------------------------------------- /03_User_and_Group_Management/A06/01_Documentation.sh: -------------------------------------------------------------------------------- 1 | man pam.d 2 | 3 | 4 | 5 | -------------------------------------------------------------------------------- /03_User_and_Group_Management/A06/02_Help_on_Module.sh: -------------------------------------------------------------------------------- 1 | man pam_mkhomedir 2 | 3 | 4 | 5 | -------------------------------------------------------------------------------- /03_User_and_Group_Management/A06/03_Creating_User_Home_Directories.sh: -------------------------------------------------------------------------------- 1 | #Lets remove the CREATE_HOME 2 | vim /etc/login.defs 3 | 4 | sudo useradd alf 5 | 6 | echo "alf:P@ssw0rd" | sudo chpasswd 7 | 8 | su - alf 9 | 10 | echo "session optional pam_mkhomedir.so" 11 | 12 | echo "session optional pam_mkhomedir.so" | sudo tee -a /etc/pam.d/common-session 13 | 14 | cat ESC . 15 | 16 | su - alf 17 | 18 | exit 19 | 20 | 21 | -------------------------------------------------------------------------------- /03_User_and_Group_Management/A06/04_Ordering_Incorrect.sh: -------------------------------------------------------------------------------- 1 | echo "auth required pam_tally2.so onerr=fail deny=6 unlock_time=300" | sudo tee -a 2 | 3 | /etc/pam.d/common-auth 4 | 5 | su - alf 6 | 7 | sudo pam_tally2 -u alf 8 | 9 | sudo sed -i '$d' /etc/pam.d/common-auth 10 | 11 | 12 | -------------------------------------------------------------------------------- /03_User_and_Group_Management/A06/05_Ordering_Correct.sh: -------------------------------------------------------------------------------- 1 | sudo sed -i "1i auth required pam_tally2.so onerr=fail deny=6 unlock_time=300" 2 | 3 | /etc/pam.d/common-auth 4 | 5 | su - alf 6 | 7 | sudo pam_tally2 -u alf 8 | 9 | 10 | 11 | -------------------------------------------------------------------------------- /03_User_and_Group_Management/A06/06_Implementing_Bad_Login_Counts.sh: -------------------------------------------------------------------------------- 1 | echo "auth required pam_tally2.so onerr=fail deny=6 unlock_time=300" | sudo tee -a /etc/pam.d/common-auth 2 | 3 | su - alf 4 | 5 | sudo pam_tally2 -u alf 6 | 7 | grep requisite /etc/pam.d/common-auth 8 | 9 | sudo sed -i '$d' /etc/pam.d/common-auth 10 | 11 | sudo sed -i "1i auth required pam_tally2.so onerr=fail deny=6 unlock_time=300" /etc/pam.d/common-auth 12 | 13 | #Wrong passwod 14 | su - alf 15 | 16 | sudo pam_tally2 -u alf 17 | 18 | #Correct password resets the counter 19 | su - alf 20 | 21 | sudo pam_tally2 -u alf 22 | 23 | #Wrong passwod 24 | su - alf 25 | 26 | sudo pam_tally2 -u alf 27 | 28 | sudo pam_tally2 -u alf -r 29 | 30 | sudo pam_tally2 -u alf -------------------------------------------------------------------------------- /03_User_and_Group_Management/Vagrantfile: -------------------------------------------------------------------------------- 1 | # -*- mode: ruby -*- 2 | # vi: set ft=ruby : 3 | 4 | #Place Vagrantfile in the directory you run vagrant from. 5 | #This should also contain ubuntu.yml which configure VMs 6 | 7 | # setting for all VMs 8 | Vagrant.configure("2") do |config| 9 | config.vm.box = "ubuntu/focal64" 10 | config.vm.provision "ansible_local", playbook: "ubuntu.yml" 11 | config.vm.provider "virtualbox" do |v| 12 | v.memory = 2048 13 | v.cpus = 2 14 | end 15 | 16 | # specific for ubuntu1 17 | config.vm.define "ubuntu1" do |ubuntu1| 18 | ubuntu1.vm.hostname = "ubuntu1" 19 | ubuntu1.vm.network "private_network", ip: "192.168.56.101" 20 | end 21 | 22 | # specific for ubuntu2 23 | config.vm.define "ubuntu2" do |ubuntu2| 24 | ubuntu2.vm.hostname = "ubuntu2" 25 | ubuntu2.vm.network "private_network", ip: "192.168.56.102" 26 | end 27 | end 28 | -------------------------------------------------------------------------------- /03_User_and_Group_Management/ubuntu.yml: -------------------------------------------------------------------------------- 1 | # Place in directory you run Vagrant from, alongside the Vagrantfile 2 | - name: Configure Ubuntu 3 | hosts: all 4 | become: true 5 | gather_facts: false 6 | tasks: 7 | - name: Update Package Cache and Upgrade Existing Packages 8 | apt: 9 | update_cache: true 10 | upgrade: true 11 | 12 | - name: Ensure SSH Allows Password Authentication 13 | lineinfile: 14 | path: /etc/ssh/sshd_config 15 | line: PasswordAuthentication yes 16 | regexp: '^PasswordAuthentication .*$' 17 | notify: RestartSSH 18 | - name: correct multipathd 19 | copy: 20 | dest: /etc/multipath.conf 21 | content: | 22 | defaults { 23 | user_friendly_names yes 24 | } 25 | blacklist { 26 | devnode "^sd[a-b]" 27 | } 28 | notify: RestartMP 29 | handlers: 30 | - name: RestartSSH 31 | service: 32 | name: ssh 33 | state: restarted 34 | - name: RestartMP 35 | service: 36 | name: multipathd 37 | state: restarted -------------------------------------------------------------------------------- /04_Networking/A01/Vagrantfile: -------------------------------------------------------------------------------- 1 | # -*- mode: ruby -*- 2 | # vi: set ft=ruby : 3 | 4 | #Place Vagrantfile in the directory you run vagrant from. 5 | #This should also contain ubuntu.yml which configure VMs 6 | 7 | # setting for all VMs 8 | Vagrant.configure("2") do |config| 9 | config.vm.box = "ubuntu/focal64" 10 | config.vm.provision "ansible_local", playbook: "ubuntu.yml" 11 | config.vm.provider "virtualbox" do |v| 12 | v.memory = 2048 13 | v.cpus = 2 14 | end 15 | 16 | # specific for ubuntu1 17 | config.vm.define "ubuntu1" do |ubuntu1| 18 | ubuntu1.vm.hostname = "ubuntu1" 19 | ubuntu1.vm.network "private_network", ip: "192.168.56.101" 20 | end 21 | 22 | # specific for ubuntu2 23 | config.vm.define "ubuntu2" do |ubuntu2| 24 | ubuntu2.vm.hostname = "ubuntu2" 25 | ubuntu2.vm.network "private_network", ip: "192.168.56.102" 26 | end 27 | end 28 | -------------------------------------------------------------------------------- /04_Networking/A01/ubuntu.yml: -------------------------------------------------------------------------------- 1 | # Place in directory you run Vagrant from, alongside the Vagrantfile 2 | - name: Configure Ubuntu 3 | hosts: all 4 | become: true 5 | gather_facts: false 6 | tasks: 7 | - name: Update Package Cache and Upgrade Existing Packages 8 | apt: 9 | update_cache: true 10 | upgrade: true 11 | 12 | - name: Ensure SSH Allows Password Authentication 13 | lineinfile: 14 | path: /etc/ssh/sshd_config 15 | line: PasswordAuthentication yes 16 | regexp: '^PasswordAuthentication .*$' 17 | notify: RestartSSH 18 | - name: correct multipathd 19 | copy: 20 | dest: /etc/multipath.conf 21 | content: | 22 | defaults { 23 | user_friendly_names yes 24 | } 25 | blacklist { 26 | devnode "^sd[a-b]" 27 | } 28 | notify: RestartMP 29 | handlers: 30 | - name: RestartSSH 31 | service: 32 | name: ssh 33 | state: restarted 34 | - name: RestartMP 35 | service: 36 | name: multipathd 37 | state: restarted -------------------------------------------------------------------------------- /04_Networking/A02/01_Managing_transient_IP_Addresses.sh: -------------------------------------------------------------------------------- 1 | #Check the IP 2 | ip address show 3 | 4 | #Just show the links 5 | ip link show 6 | 7 | #en=ethernet / p0=PCI Bus 0 / s3=slot 3 8 | 9 | #A bit shorter 10 | ip addr show 11 | 12 | #The IP for a specific interface 13 | ip -4 addr sh enp0s8 14 | 15 | #Add a new IP 16 | sudo ip addr add 192.168.3.101/24 dev enp0s8 17 | 18 | #Lets have a look 19 | ip -4 addr sh enp0s8 20 | 21 | #On ubuntu2 22 | sudo ip addr add 192.168.3.102/24 dev enp0s8 23 | 24 | #Let's ping 25 | ping 192.168.3.101 26 | 27 | #On ubuntu1 28 | ping 192.168.3.102 29 | 30 | #ifconfig has been deprecated and is no longer installed by default -------------------------------------------------------------------------------- /04_Networking/A02/02_Using_netplan_in_ubuntu.sh: -------------------------------------------------------------------------------- 1 | #Prereqs: 2 SSH Sessions to unbuntu1 and 1 SSH Session to ubuntu2 2 | 3 | #List the IP configuration 4 | ip -4 a s enp0s8 5 | 6 | #The netplan help 7 | netplan --help 8 | 9 | #Infos with netplan 10 | netplan info 11 | 12 | #Check the IP lease 13 | netplan ip leases enp0s3 14 | 15 | #The netplan config file 16 | ls /etc/netplan 17 | 18 | #Edit the file 19 | sudo vim (ESC .)/50-vagrant.yaml 20 | 21 | #Add a new IP Address and exit vim 22 | 23 | #Now we can try our configuration 24 | sudo netplan try 25 | 26 | #Switch to the second SSH Session from ubuntu1 27 | ip -4 a s enp0s8 28 | 29 | #We will see the new IP (but with the try, it is not permanent) 30 | 31 | #After the countdown has finished the IP has gone 32 | ip -4 a s enp0s8 33 | 34 | #Set the IP permanent 35 | sudo netplan apply 36 | 37 | #Lets proof 38 | ip -4 a s enp0s8 39 | 40 | #Reboot ubuntu1 41 | sudo reboot 42 | 43 | #Switch to ubuntu2 44 | sudo vim /etc/netplan/50-vagrant.yaml 45 | 46 | #Add a new IP Address and exit vim 47 | 48 | #Set the IP permanent 49 | sudo netplan apply 50 | 51 | #SSH to ubuntu1 and ping the IP from ubuntu2 52 | vagrant ssh ubuntu1 53 | 54 | ping -c 3 192.168.57.102 55 | 56 | 57 | 58 | -------------------------------------------------------------------------------- /04_Networking/A02/Create_a_dotvimrc.sh: -------------------------------------------------------------------------------- 1 | #Create a dot vimrc 2 | vim .vimrc 3 | 4 | syntax on 5 | set bg=dark 6 | autocmd FileType yaml setlocal ai et ts=2 sw=2 cuc cul 7 | 8 | #To make it available for sudo 9 | sudo cp .vimrc /root/ -------------------------------------------------------------------------------- /04_Networking/A03/01_Working_with_hostnames_hostnamectl.sh: -------------------------------------------------------------------------------- 1 | #Lets start 2 | hostnamectl 3 | 4 | #Are there any "machine" file 5 | ls -l /etc/mach* 6 | 7 | #Hostname is not like hostname 8 | cat /etc/hostname 9 | 10 | #Print out 11 | hostname 12 | 13 | #Change the hostname (is not permanent) 14 | sudo hostname server1 15 | 16 | #Print out 17 | hostname 18 | 19 | #Check with hostname config file 20 | !ca 21 | 22 | #With hostnamectl 23 | hostnamectl 24 | 25 | #Set a "pretty" hostname 26 | sudo hostnamectl set-hostname "tom's vm" 27 | 28 | #Check hostnamectl 29 | hostnamectl 30 | 31 | #Check with hostname config file 32 | !ca 33 | 34 | #The machine info file 35 | cat /etc/machine-info 36 | 37 | #Set a location 38 | sudo hostnamectl set-location Zurich 39 | 40 | #The machine type 41 | sudo hostnamectl set-deployment dev 42 | 43 | #Check hostnamectl 44 | hostnamectl 45 | 46 | #Check the machine config file 47 | !ca 48 | 49 | #The machine id 50 | cat /etc/machine-id 51 | 52 | #Show the OS 53 | hostnamectl 54 | 55 | #The os-release file 56 | cat /etc/os-release 57 | 58 | 59 | -------------------------------------------------------------------------------- /04_Networking/A03/02_Configuring_the_search_order.sh: -------------------------------------------------------------------------------- 1 | #Query the host database 2 | getent hosts 3 | 4 | #Query an external FQDN 5 | getent hosts www.cisco.com 6 | 7 | #The hosts file in /etc 8 | sudo vim /etc/hosts 9 | 10 | 127.0.2.2 www.cisco.com cisco 11 | 12 | #Save and exit 13 | 14 | #Query cisco again 15 | getent hosts www.cisco.com 16 | 17 | #We change the order 18 | sudo vim /etc/nsswitch.conf 19 | 20 | #On the line hosts: dns files 21 | #Save and exit 22 | 23 | #But the our ubuntu system has a local dns and it is looking on the host file 24 | 25 | #Query cisco again 26 | getent hosts www.cisco.com 27 | 28 | #We change the config in the resolved.conf file 29 | sudo vim /etc/systemd/resolved.conf 30 | 31 | #Remove the # from ReadEtcHosts and set to "no" 32 | #Save and exit 33 | 34 | #Restart the service 35 | sudo systemctl restart systemd-resolved.service 36 | 37 | #Query cisco again 38 | getent hosts www.cisco.com 39 | 40 | #we can still look at the host file 41 | getent hosts 42 | 43 | 44 | 45 | -------------------------------------------------------------------------------- /04_Networking/A03/03_Configuring_LLMNR_ubuntu.sh: -------------------------------------------------------------------------------- 1 | #The local nameserver 2 | cat /etc/resolv.conf 3 | 4 | #The listening ports 5 | ss -lt 6 | 7 | ss -lnt 8 | 9 | #But the resolv.conf is a symbolic link 10 | ls -l /etc/resolv.conf 11 | 12 | #Show some infos 13 | resolvectl status 14 | 15 | #LLMNR is not running 16 | 17 | #Lets change this 18 | sudo vim /etc/systemd/resolved.conf 19 | 20 | #Remove the # at LLMNR a set to "yes" 21 | #Save and exit 22 | 23 | #Restart the service 24 | sudo systemctl restart systemd-resolved.service 25 | 26 | #A little trick 27 | ^restart^status 28 | 29 | #If the service would not be enabled and started 30 | sudo systemctl enable --now systemd-resolved.service 31 | 32 | #Can we ping ubuntu2? 33 | ping ubuntu2 34 | 35 | #Switch to ubuntu2 36 | 37 | #Lets change this 38 | sudo vim /etc/systemd/resolved.conf 39 | 40 | #Remove the # at LLMNR a set to "yes" 41 | #Save and exit 42 | 43 | #Restart the service 44 | sudo systemctl restart systemd-resolved.service 45 | 46 | #A shell shorcut 47 | !res:p 48 | 49 | #Hit up arrow and enter 50 | 51 | #Can we ping ubunt2? 52 | ping -c 3 ubuntu2 53 | 54 | #The dig command 55 | dig ubuntu2 56 | 57 | 58 | 59 | 60 | -------------------------------------------------------------------------------- /04_Networking/A04/01_Enable_ntp_time_sync.sh: -------------------------------------------------------------------------------- 1 | #We working with the systemd eco system and use the following command 2 | timedatectl 3 | 4 | #We set the timezone 5 | sudo timedatectl set-timezone 'Europe/London' 6 | 7 | #Lets check 8 | timedatectl 9 | 10 | #We have a look at the service 11 | systemctl status systemd-timesyncd.service 12 | 13 | #We can start the service with systemctl or 14 | sudo timedatectl set-ntp true 15 | 16 | #Check again 17 | sudo timedatectl 18 | 19 | #What about the service 20 | systemctl status systemd-timesyncd.service 21 | 22 | #To stop 23 | sudo timedatectl set-ntp false 24 | 25 | #Lets proof 26 | sudo systemctl status systemd-timesyncd 27 | 28 | #And start again 29 | sudo timedatectl set-ntp true 30 | 31 | #Lets proof again 32 | sudo systemctl status systemd-timesyncd 33 | 34 | 35 | -------------------------------------------------------------------------------- /04_Networking/A04/02_Change_ntp_client_configuration.sh: -------------------------------------------------------------------------------- 1 | #We start with the timedatectl command 2 | timedatectl 3 | 4 | #What about the sync status 5 | timedatectl timesync-status 6 | 7 | #To change the sync configuration 8 | sudo vim /etc/systemd/timesyncd.conf 9 | 10 | #Remove the # at NTP and set the new peer 11 | #Save and exit 12 | 13 | #Did it work? 14 | timedatectl timesync-status 15 | 16 | #We have to restart the service or 17 | sudo timedatectl set-ntp false && sudo timedatectl set-ntp true 18 | 19 | #Now it works 20 | timedatectl timesync-status 21 | 22 | #Show some life infos 23 | timedatectl timesync-status --monitor 24 | 25 | #The time sync details 26 | timedatectl show-timesync 27 | 28 | 29 | 30 | -------------------------------------------------------------------------------- /04_Networking/A05/01_Configuring_network_routes.sh: -------------------------------------------------------------------------------- 1 | #On ubuntu2 2 | ip addr show 3 | 4 | #We add an additional IP 5 | sudo ip addr add 192.168.2.1/24 dev enp0s8 6 | 7 | #The route table 8 | ip route show 9 | 10 | #On ubuntu1 11 | ip route show 12 | 13 | #The ping will fail 14 | ping 192.168.2.1 15 | 16 | #Lets add a route 17 | sudo ip route add 192.168.2.0/24 via 192.168.56.102 18 | 19 | #The new route table 20 | ip route show 21 | 22 | #Now it works 23 | ping 192.168.2.1 24 | 25 | #The ip route was not permanent if we apply the following 26 | sudo netplan apply 27 | 28 | #The route has been gone 29 | ip route show 30 | 31 | 32 | 33 | -------------------------------------------------------------------------------- /04_Networking/A05/02_Using_netplan_persistent_route.sh: -------------------------------------------------------------------------------- 1 | #On ubuntu1 2 | sudo vim /etc/netplan/50-vagrant.yaml 3 | 4 | --- 5 | network: 6 | version: 2 7 | renderer: networkd 8 | ethernets: 9 | enp0s8: 10 | addresses: 11 | - 192.168.56.101/24 12 | routes: 13 | - to: 192.168.2.0/24 14 | via: 192.168.56.102 15 | 16 | #Lets apply the config 17 | sudo netplan apply 18 | 19 | #Check the route table 20 | ip route show 21 | 22 | #Can we ping ubuntu2 23 | ping 192.168.2.1 24 | 25 | 26 | 27 | 28 | -------------------------------------------------------------------------------- /04_Networking/A05/03_Configuring_linux_router.sh: -------------------------------------------------------------------------------- 1 | #sysctl is used to modify kernel parameters at runtime 2 | sysctl -a 3 | 4 | #Lets have a look at ip_forward 5 | sysctl -ar ip_forward 6 | 7 | #The same info with 8 | cat /proc/sys/net/ipv4/ip_forward 9 | 10 | #We change the config 11 | sudo vim /etc/sysctl.conf 12 | 13 | #Remove the # at net.ipv4.ip_forward 14 | #Save and exit 15 | 16 | #Let's check 17 | sudo sysctl -p 18 | 19 | #Another check 20 | cat /proc/sys/net/ipv4/ip_forward 21 | 22 | #Another proof 23 | sysctl -ar ip_forward 24 | 25 | 26 | 27 | 28 | -------------------------------------------------------------------------------- /04_Networking/A06/01_Using_nmap.sh: -------------------------------------------------------------------------------- 1 | #Test environment reset 2 | 3 | #The system is listens on 4 | ss -ntl 5 | 6 | #Without name translation 7 | ss -tl 8 | 9 | #But what is really behind a port? 10 | sudo ss -ltp 11 | 12 | #Also with UPD 13 | ss -nul 14 | 15 | #Port number and name 16 | less /etc/services 17 | 18 | #Install nmap 19 | sudo apt list *nmap* 20 | sudo apt install -y nmap 21 | 22 | #CAUTION: Use nmap only if you have the necessary permissions or in an isolated environment! 23 | 24 | #The 1000 most common ports 25 | nmap -v -oG - 26 | 27 | sort -r -k3 /usr/share/nmap/nmap-services | more 28 | 29 | #The top ten 30 | nmap --top-port 10 -v -oG - 31 | 32 | nmap -oG grepable.txt 192.168.56.0/24 33 | 34 | grep "Host: 192.168.56.102" grepable.txt 35 | 36 | -------------------------------------------------------------------------------- /04_Networking/A06/02_Overview_iptable_rules.sh: -------------------------------------------------------------------------------- 1 | #Are there any rules 2 | sudo iptables -L 3 | 4 | #List the iptables package 5 | sudo apt list '*iptables-*' 6 | 7 | #Install the iptables package 8 | sudo apt install -y iptables.persistent 9 | 10 | #Infos to the iptables 11 | systemctl cat iptables 12 | 13 | #What is the netfilter-persistent 14 | file /usr/sbin/netfilter-persistent 15 | 16 | #Get more infos 17 | cat /usr/sbin/netfilter-persistent 18 | 19 | #Infos about the default config 20 | cat /etc/default/netfilter-persistent 21 | 22 | #The rules and counters 23 | cat /etc/iptables/rules.v4 24 | 25 | 26 | 27 | 28 | 29 | -------------------------------------------------------------------------------- /04_Networking/A06/03_Setting_transient_rules.sh: -------------------------------------------------------------------------------- 1 | #An important info for configuring the following rules 2 | who 3 | 4 | #Allow SSH from the host 5 | sudo iptables -A INPUT -p tcp -s 10.0.2.2 --dport 22 -j ACCEPT 6 | 7 | #ESTABLISHED -- meaning that the packet is associated with a connection which has seen packets in both directions 8 | #RELATED -- meaning that the packet is starting a new connection, but is associated with an existing connection 9 | sudo iptables -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT 10 | 11 | #Allow SSH from local interface 12 | sudo iptables -A INPUT -i lo -j ACCEPT 13 | 14 | #Blocking what previously did not find a match 15 | sudo iptables -A INPUT -j DROP 16 | 17 | #Our rules from the top down 18 | sudo iptables -L 19 | 20 | #With more information 21 | sudo iptables -nvL 22 | 23 | #Do not forget the configuration is not yet permanent! 24 | 25 | 26 | -------------------------------------------------------------------------------- /04_Networking/A06/04_Setting_persistent_rules.sh: -------------------------------------------------------------------------------- 1 | #Clear the counters and save the config 2 | sudo iptables -Z && sudo iptables-save -f /etc/iptables/rules.v4 3 | 4 | #View the file 5 | cat /etc/iptables/rules.v4 6 | 7 | #Flush the rules in memory 8 | sudo iptables -F 9 | 10 | #Lets check 11 | sudo iptables -L 12 | 13 | #Restore the rules 14 | sudo iptables-restore /etc/iptables/rules.v4 15 | 16 | #Lets check 17 | sudo iptables -L 18 | 19 | #Check the status of our iptables service 20 | sudo systemctl status iptables 21 | 22 | #Reboot the system 23 | sudo reboot 24 | 25 | #Is the configuration still available? 26 | sudo iptables -L 27 | 28 | 29 | 30 | 31 | -------------------------------------------------------------------------------- /04_Networking/A06/05_Adding_rules.sh: -------------------------------------------------------------------------------- 1 | #Install the web server 2 | sudo apt install -y apache2 3 | 4 | #Check the ports 5 | ss -ntl 6 | 7 | #From ubuntu2 8 | curl 192.168.56.101 9 | ssh vagrant@192.168.56.101 10 | 11 | #Back on ubuntu1 12 | sudo iptables -nvl 13 | 14 | #A bit shorter 15 | sudo iptables -S 16 | 17 | #Display the numbers 18 | sudo iptables -L --line-numbers 19 | 20 | #More infos with -v 21 | sudo iptables -vL --line-numbers 22 | 23 | #Lets add a new rule 24 | sudo iptables -I INPUT 3 -p tcp -s 192.168.56.0/24 --dport 80 -j ACCEPT 25 | 26 | #Check the config 27 | sudo iptables -S 28 | 29 | #We delete the rule 30 | sudo iptables -D INPUT 3 31 | 32 | #Set the rule in the config file 33 | sudo vim /etc/iptables/rules.v4 34 | 35 | #-A INPUT -s 192.168.56.0/24 -p tcp -m tcp --dport 80 -j ACCEPT 36 | 37 | #Restore the config 38 | sudo iptables-restore /etc/iptables/rules.v4 39 | 40 | #Check the config 41 | sudo iptables -S 42 | 43 | #Back on ubuntu2 44 | curl 192.168.56.101 45 | 46 | 47 | -------------------------------------------------------------------------------- /04_Networking/A07/01_Enabling_UFW.sh: -------------------------------------------------------------------------------- 1 | #Check the ufw status 2 | sudo ufw status 3 | 4 | #With a root session the ufw config will be easier 5 | sudo -i 6 | 7 | #Check again 8 | ufw status 9 | 10 | #The default configuration 11 | cat /etc/default/ufw 12 | 13 | #Allow SSH 14 | ufw allow ssh 15 | 16 | #Turn on the firewall 17 | ufw enable 18 | 19 | #Check again 20 | ufw status 21 | 22 | #More Infos 23 | ufw status verbose 24 | 25 | #Shows the lines 26 | ufw status numbered 27 | 28 | #What ufw has configured 29 | iptables -L 30 | 31 | 32 | 33 | -------------------------------------------------------------------------------- /04_Networking/A07/02_More_accurate_rules.sh: -------------------------------------------------------------------------------- 1 | #Infos 2 | who 3 | 4 | #Set a new SSH rule 5 | ufw allow from 10.0.2.2 to any port 22 6 | 7 | #Check 8 | ufw status 9 | 10 | #A what if 11 | ufw --dry-run delete 3 12 | 13 | #Delete the rule 14 | ufw delete 3 15 | 16 | #Check 17 | ufw status 18 | 19 | #A what if 20 | ufw --dry-run delete 1 21 | 22 | #Delete the rule 23 | ufw delete 1 24 | 25 | #Check 26 | ufw status 27 | 28 | #Set a new SSH rule 29 | ufw allow proto tcp from 10.0.2.2 to any port 22 30 | 31 | #Check 32 | ufw status 33 | 34 | #A what if 35 | ufw --dry-run delete 1 36 | 37 | #Delete the rule 38 | ufw delete 1 -------------------------------------------------------------------------------- /04_Networking/A07/03_Enable_HTTP_Access.sh: -------------------------------------------------------------------------------- 1 | #Install the web server 2 | apt install -y apache2 3 | 4 | #The system is listens on 5 | ss -ntl 6 | 7 | #On ubuntu2 8 | curl 192.168.56.101 9 | 10 | #Add a rule 11 | ufw allow proto tcp from 192.168.56.0/24 to any port http 12 | 13 | #Check status 14 | ufw status 15 | 16 | #On ubuntu2 17 | curl 192.168.56.101 -------------------------------------------------------------------------------- /04_Networking/Links.md: -------------------------------------------------------------------------------- 1 | # Some helpful links 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | -------------------------------------------------------------------------------- /05_Service_Configuration/A01/Vagrantfile: -------------------------------------------------------------------------------- 1 | # -*- mode: ruby -*- 2 | # vi: set ft=ruby : 3 | 4 | #Place Vagrantfile in the directory you run vagrant from. 5 | #This should also contain ubuntu.yml which configure VMs 6 | 7 | # setting for all VMs 8 | Vagrant.configure("2") do |config| 9 | config.vm.box = "ubuntu/focal64" 10 | config.vm.provision "ansible_local", playbook: "ubuntu.yml" 11 | config.vm.provider "virtualbox" do |v| 12 | v.memory = 2048 13 | v.cpus = 2 14 | end 15 | 16 | # specific for ubuntu1 17 | config.vm.define "ubuntu1" do |ubuntu1| 18 | ubuntu1.vm.hostname = "ubuntu1" 19 | ubuntu1.vm.network "private_network", ip: "192.168.56.101" 20 | end 21 | 22 | # specific for ubuntu2 23 | config.vm.define "ubuntu2" do |ubuntu2| 24 | ubuntu2.vm.hostname = "ubuntu2" 25 | ubuntu2.vm.network "private_network", ip: "192.168.56.102" 26 | end 27 | end 28 | -------------------------------------------------------------------------------- /05_Service_Configuration/A01/ubuntu.yml: -------------------------------------------------------------------------------- 1 | # Place in directory you run Vagrant from, alongside the Vagrantfile 2 | - name: Configure Ubuntu 3 | hosts: all 4 | become: true 5 | gather_facts: false 6 | tasks: 7 | - name: Update Package Cache and Upgrade Existing Packages 8 | apt: 9 | update_cache: true 10 | upgrade: true 11 | 12 | - name: Ensure SSH Allows Password Authentication 13 | lineinfile: 14 | path: /etc/ssh/sshd_config 15 | line: PasswordAuthentication yes 16 | regexp: '^PasswordAuthentication .*$' 17 | notify: RestartSSH 18 | - name: correct multipathd 19 | copy: 20 | dest: /etc/multipath.conf 21 | content: | 22 | defaults { 23 | user_friendly_names yes 24 | } 25 | blacklist { 26 | devnode "^sd[a-b]" 27 | } 28 | notify: RestartMP 29 | handlers: 30 | - name: RestartSSH 31 | service: 32 | name: ssh 33 | state: restarted 34 | - name: RestartMP 35 | service: 36 | name: multipathd 37 | state: restarted -------------------------------------------------------------------------------- /05_Service_Configuration/A02/01_Configuring_SSH_server.sh: -------------------------------------------------------------------------------- 1 | #Working on ubuntu2 2 | 3 | #First we create a user 4 | sudo useradd -m -s /bin/bash tux 5 | 6 | #Set the password 7 | sudo passwd tux 8 | 9 | #List the sshd config (-T test's the config and lists them) 10 | sudo sshd -T 11 | 12 | #Search in the config 13 | sudo sshd -T | grep -E '(password|permit)' 14 | 15 | #Change the root login to "no" 16 | sudo vim /etc/ssh/sshd_config 17 | 18 | #PermitRootLogin prohibit-password 19 | PermitRootLogin no 20 | 21 | #Save and exit 22 | 23 | #Check the config 24 | sudo sshd -T | grep -E '(password|permit)' 25 | 26 | #-t will just check the config without an output 27 | sudo sshd -t 28 | 29 | #Restart the service 30 | sudo systemctl restart ssh 31 | 32 | 33 | -------------------------------------------------------------------------------- /05_Service_Configuration/A02/02_Configuring_client_ssh_authentication.sh: -------------------------------------------------------------------------------- 1 | #Working on ubuntu1 2 | 3 | #List the .ssh 4 | ls .ssh 5 | 6 | #Generate ssh keys 7 | ssh-keygen -t TABTAB 8 | ssh-keygen 9 | 10 | ##List the .ssh 11 | ls .ssh 12 | 13 | #Copy the public to ubuntu2 14 | ssh-copy-id tux@192.168.56.102 15 | 16 | #Connect with ssh 17 | ssh tux@192.168.56.102 18 | 19 | #Cat the key file 20 | cat .ssh/authorized_keys 21 | 22 | #Exit from ubuntu2 23 | exit 24 | 25 | #Save the passphrase for the current shell 26 | eval $(ssh-agent) 27 | ssh-add 28 | ssh tux@192.168.56.102 29 | 30 | #Lets disable password authentication 31 | su - vagrant 32 | 33 | sudo vim /etc/ssh/sshd_config 34 | 35 | #Set PasswordAuthentication no 36 | #Save and exit 37 | 38 | #Restart the service 39 | sudo systemctl restart sshd.service 40 | 41 | #Exit the session 42 | exit 43 | 44 | -------------------------------------------------------------------------------- /05_Service_Configuration/A02/03_Configuring_SSH_client.sh: -------------------------------------------------------------------------------- 1 | #Working on ubuntu1 2 | 3 | #List the options with TABTAB 4 | ssh -o TABTAB 5 | 6 | #Use some options (this will not work) 7 | ssh -o PreferredAuthentications=password -o PubkeyAuthentication=no tux@192.168.56.102 8 | 9 | #Use some options (this will work) 10 | ssh -o PreferredAuthentications=publickey -o PubkeyAuthentication=yes tux@192.168.56.102 11 | 12 | #Exit the session 13 | exit 14 | 15 | #We create a SSH user configuration file, this must be private 16 | OLDUMASK=$(umask) && umask 077 17 | 18 | #Create the config file 19 | vim .ssh/config 20 | 21 | Host * 22 | ServerAliveInterval 300 23 | ServerAliveCountMax 2 24 | Host ubuntu2 25 | Hostname 192.168.56.102 26 | User tux 27 | IdentityFile ~/.ssh/id_rsa 28 | 29 | #List the permissions 30 | ls -l .ssh/config 31 | 32 | #Change the umask 33 | umask $OLDUMASK 34 | 35 | #Test the connection 36 | ssh ubuntu2 37 | 38 | #And exit the session 39 | exit 40 | 41 | 42 | -------------------------------------------------------------------------------- /05_Service_Configuration/A03/01_Modify_DNS_name_server_entries.sh: -------------------------------------------------------------------------------- 1 | #Working on ubuntu2 2 | 3 | #Check the listening ports 4 | sudo ss -utlnp 5 | 6 | #Whats in the resolv.conf file 7 | cat /etc/resolv.conf 8 | 9 | #But the resolv.conf is a symbolic link 10 | ls -l /etc/resolv.conf 11 | 12 | #Lets use resolvectl (at the end we see some dns servers) 13 | resolvectl 14 | resolvectl status 15 | 16 | #What is now used as DNS 17 | dig 18 | 19 | #Lets the network settings 20 | sudo vim /etc/netplan/50-cloud-init.yaml 21 | 22 | #First some vim settings 23 | :set ts=2 sw=2 24 | 25 | dhcp4-overrides: 26 | use-dns: false 27 | nameservers: 28 | addresses: 29 | - 8.8.8.8 30 | - 8.8.4.4 31 | search: [local] 32 | 33 | #Save and exit 34 | 35 | #Apply the new config 36 | sudo netplan apply 37 | 38 | #The resolv.conf has not yet received the adjustment 39 | cat /etc/resolv.conf 40 | 41 | #Lets check with resolvectl 42 | resolvectl 43 | 44 | #Lets create a new symbolic link 45 | sudo ln -sf /run/systemd/resolve/resolv.conf /etc/resolv.conf 46 | 47 | #Now it looks better 48 | cat /etc/resolv.conf 49 | 50 | #Lets test 51 | dig 52 | 53 | 54 | 55 | -------------------------------------------------------------------------------- /05_Service_Configuration/A03/02_Configuring_BIND_caching_only_server.sh: -------------------------------------------------------------------------------- 1 | #Working on ubuntu2 2 | 3 | #Install bind 4 | sudo apt install -y bind9 bind9utils bind9-doc 5 | 6 | #Lets change the DNS Servers 7 | sudo vim /etc/netplan/50-cloud-init.yaml 8 | 9 | addresses: [127.0.0.1] 10 | 11 | #Apply the changes 12 | sudo netplan apply 13 | 14 | #Cat the resolv.conf 15 | cat /etc/resolv.conf 16 | 17 | #What about dig 18 | dig 19 | 20 | #The listening ports 21 | ss -ntl 22 | 23 | #Cange the config to listen only on IPv4 24 | sudo vim /etc/default/named 25 | OPTIONS="-u bind -4" 26 | 27 | #Restart the service 28 | sudo systemctl restart bind9 29 | 30 | #Lets check 31 | ss -ntl 32 | 33 | #SWITCH TO UBUNTU1 34 | 35 | #Change the DNS server 36 | sudo vim /etc/netplan/50-cloud-init.yaml 37 | 38 | dhcp4-overrides: 39 | use-dns: false 40 | nameservers: 41 | addresses: [192.168.56.102] 42 | search: [local] 43 | 44 | #Save and exit 45 | 46 | #Apply the changes 47 | sudo netplan apply 48 | 49 | #Set a new symbolic link 50 | sudo ln -sf /run/systemd/resolve/resolv.conf /etc/resolv.conf 51 | 52 | #Check 53 | cat /etc/resolv.conf 54 | 55 | #Test 56 | dig 57 | 58 | 59 | -------------------------------------------------------------------------------- /05_Service_Configuration/A03/03_Using_acls_control_access.sh: -------------------------------------------------------------------------------- 1 | #Working on ubuntu2 2 | 3 | #Check the named.conf (there are more config files) 4 | sudo cat /etc/bind/named.conf 5 | 6 | #Lets use the named.conf.options 7 | sudo vim /etc/bind/named.conf.options 8 | acl "trusted" { 9 | 127.0.0.0/8; 10 | 192.168.56.0/24; #First without this line to test the access 11 | }; 12 | options { 13 | directory "/var/cache/bind"; 14 | allow-query { trusted; }; 15 | allow-recursion { trusted; }; 16 | allow-transfer { none; }; 17 | recursion yes; 18 | 19 | #Save and exit 20 | 21 | #Check the config 22 | sudo named-checkconf /etc/bind/named.conf 23 | 24 | #Restart the service 25 | sudo systemctl restart bind9 26 | 27 | #SWITCH TO UBUNTU1 28 | 29 | #Test the DNS Server (we get an error) 30 | dig www.winsolution.ch 31 | 32 | #SWITCH TO UBUNTU2 33 | #Lets use the named.conf.options and add our network 34 | sudo vim /etc/bind/named.conf.options 35 | 36 | #Save and exit 37 | 38 | #Check the config 39 | sudo named-checkconf /etc/bind/named.conf 40 | 41 | #Restart the service 42 | sudo systemctl restart bind9 43 | 44 | #SWITCH TO UBUNTU1 45 | 46 | #Test the DNS Server 47 | dig www.winsolution.ch 48 | 49 | 50 | -------------------------------------------------------------------------------- /05_Service_Configuration/A03/04_Creating_forward_lookup_zone.sh: -------------------------------------------------------------------------------- 1 | #Working on Ubuntu2 2 | 3 | #Lets edit the config 4 | sudo vim /etc/bind/named.conf.local 5 | 6 | zone "local" { 7 | type primary; 8 | file "/etc/bind/zones/db.local"; 9 | }; 10 | 11 | #Check the config 12 | sudo named-checkconf /etc/bind/named.conf.local 13 | 14 | #To store our zone files 15 | sudo mkdir /etc/bind/zones 16 | 17 | #List the directories 18 | ls /etc/bind 19 | 20 | #Lets create the forward lookup zone file (use the db.locl file) 21 | sudo vim /etc/bind/zones/db.local 22 | 23 | #Ceck the config 24 | sudo named-checkzone local /etc/bind/zones/db.local 25 | 26 | #Reload the service 27 | sudo rndc reload 28 | 29 | #And lets test 30 | ping ubuntu1.local 31 | ping ubuntu2.local 32 | dig local. NS 33 | dig +short local. NS 34 | 35 | 36 | 37 | 38 | 39 | 40 | -------------------------------------------------------------------------------- /05_Service_Configuration/A03/05_Creating_reverse_lookup_zone.sh: -------------------------------------------------------------------------------- 1 | #Working on ubuntu2 2 | 3 | #Edit the config file 4 | sudo vim /etc/bind/named.conf.local 5 | 6 | zone "56.168.192.in-addr.arpa" { 7 | type primary; 8 | file "/etc/bind/zones/db.192.168.56"; 9 | }; 10 | 11 | #Save and exit 12 | 13 | #Check the config 14 | sudo named-checkconf /etc/bind/named.conf.local 15 | 16 | #Create the reverse zone file (use the db.192.168.56 file) 17 | sudo vim /etc/bind/zones/db.192.168.56 18 | 19 | #Ceck the zone file 20 | sudo named-checkzone 56.168.192.in-addr.arpa /etc/bind/zones/db.192.168.56 21 | 22 | #Reload the service 23 | sudo rndc reload 24 | 25 | #Test the zones 26 | host 192.168.56.101 27 | dig +short -x 192.168.56.102 28 | 29 | 30 | -------------------------------------------------------------------------------- /05_Service_Configuration/A03/db.192.168.56: -------------------------------------------------------------------------------- 1 | $TTL 8h 2 | @ IN SOA 56.168.192.in-addr.arpa. root.local. ( 3 | 1 ; Serial 4 | 8h ; Refresh 5 | 4h ; Retry 6 | 1w ; Expire 7 | 1h ) ; Negative Cache TTL 8 | ; 9 | @ IN NS ubuntu2.local. 10 | 102 IN PTR ubuntu2.local. 11 | 101 IN PTR ubuntu1.local. 12 | -------------------------------------------------------------------------------- /05_Service_Configuration/A03/db.local: -------------------------------------------------------------------------------- 1 | $TTL 8h 2 | @ IN SOA local. root.local. ( 3 | 1 ; Serial 4 | 8h ; Refresh 5 | 4h ; Retry 6 | 1w ; Expire 7 | 1h ) ; Negative Cache TTL 8 | ; 9 | @ IN NS ubuntu2.local. 10 | ubuntu2.local. IN A 192.168.56.104 11 | ubuntu1.local. IN A 192.168.56.103 12 | -------------------------------------------------------------------------------- /05_Service_Configuration/A03/named.conf.local: -------------------------------------------------------------------------------- 1 | // 2 | // Do any local configuration here 3 | // 4 | 5 | // Consider adding the 1918 zones here, if they are not used in your 6 | // organization 7 | //include "/etc/bind/zones.rfc1918"; 8 | zone "local" { 9 | type primary; 10 | file "/etc/bind/zones/db.local"; 11 | }; 12 | 13 | zone "56.168.192.in-addr.arpa" { 14 | type primary; 15 | file "/etc/bind/zones/db.192.168.56"; 16 | }; -------------------------------------------------------------------------------- /05_Service_Configuration/A03/named.conf.options: -------------------------------------------------------------------------------- 1 | acl "trusted" { 2 | 127.0.0.0/8; 3 | 192.168.56.0/24; 4 | }; 5 | 6 | options { 7 | directory "/var/cache/bind"; 8 | allow-query { trusted; }; 9 | allow-transfer { none; }; 10 | recursion yes; 11 | allow-recursion { trusted; }; 12 | 13 | // If there is a firewall between you and nameservers you want 14 | // to talk to, you may need to fix the firewall to allow multiple 15 | // ports to talk. See http://www.kb.cert.org/vuls/id/800113 16 | 17 | // If your ISP provided one or more IP addresses for stable 18 | // nameservers, you probably want to use them as forwarders. 19 | // Uncomment the following block, and insert the addresses replacing 20 | // the all-0's placeholder. 21 | 22 | // forwarders { 23 | // 0.0.0.0; 24 | // }; 25 | 26 | //======================================================================== 27 | // If BIND logs error messages about the root key being expired, 28 | // you will need to update your keys. See https://www.isc.org/bind-keys 29 | //======================================================================== 30 | dnssec-validation auto; 31 | 32 | listen-on-v6 { any; }; 33 | }; -------------------------------------------------------------------------------- /05_Service_Configuration/A04/01_Install_apache.sh: -------------------------------------------------------------------------------- 1 | #Working on ubuntu2 2 | 3 | #Install apache and a commandline browser (w3m) 4 | sudo apt install -y w3m apache2-doc apache2 5 | 6 | #The listening ports 7 | ss -ntl 8 | 9 | #The apache default page 10 | w3m localhost 11 | 12 | #The apache docs 13 | w3m localhost/manual/de 14 | 15 | #The apache status 16 | w3m localhost/server-status 17 | 18 | #Lets create a CNAME 19 | sudo vim /etc/bind/zones/db.local 20 | ... 21 | www.local. IN CNAME ubuntu2.local. 22 | #Dont forget to update the serial 23 | ... 24 | 25 | #Save and exit 26 | 27 | #Check the config 28 | sudo named-checkzone local. /etc/bind/zones/db.local 29 | 30 | #Reload the service 31 | sudo rndc reload local. IN 32 | 33 | #Check with dog 34 | dig www.local CNAME 35 | dig +short www.local CNAME 36 | 37 | #SWITCH TO UBUNTU1 38 | 39 | #Install the browser 40 | sudo apt install -y w3m 41 | 42 | #We do not need the domain (.local) 43 | w3m www 44 | 45 | 46 | 47 | 48 | -------------------------------------------------------------------------------- /05_Service_Configuration/A04/02_Configure_apache.sh: -------------------------------------------------------------------------------- 1 | #Working on ubuntu2 2 | 3 | #List the directories 4 | ls /etc/apache2 5 | 6 | #We have some commands 7 | a2 TABTAB 8 | 9 | #List the modules 10 | a2query -m 11 | 12 | #Deactivate a module 13 | sudo a2dismod TABTAB 14 | 15 | sudo a2dismod status 16 | 17 | #We restart the service later, first we will edit the apache config file 18 | 19 | #Test the config file 20 | sudo apache2ctl -t 21 | 22 | #Edit the file 23 | sudo vim /etc/apache2/apache2.conf 24 | 25 | ServerName www.local. 26 | #: set syntax=apache ts=4 sw=4 sts=4 sr noet 27 | 28 | #Save and exit 29 | 30 | #And edit the default.conf 31 | sudo vim /etc/apache2/sites-available/000-default.conf 32 | #Remove the # 33 | ServerName www.local 34 | 35 | #Save and exit 36 | 37 | #Restart the service 38 | sudo systemctl restart apache2 39 | 40 | #List the modules 41 | a2query -m 42 | 43 | #Lets enable the status module, we need it for later 44 | sudo a2enmod status 45 | 46 | #Restart the service 47 | sudo systemctl restart apache2 48 | 49 | #List the modules 50 | a2query -m 51 | 52 | #What is the document root 53 | sudo vim /etc/apache2/sites-available/000-default.conf 54 | 55 | #A little index page 56 | echo "

My Page

" | sudo tee /var/www/html/index.html 57 | 58 | #The index page 59 | w3m www.local 60 | 61 | 62 | 63 | -------------------------------------------------------------------------------- /05_Service_Configuration/A04/03_Working_with_logs.sh: -------------------------------------------------------------------------------- 1 | #Working on ubuntu2 2 | 3 | #Edit the apache conf file 4 | sudo vim /etc/apache2/apache2.conf 5 | 6 | LogFormat "%h %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" my-combined 7 | 8 | #Save and exit 9 | 10 | #Edit the default conf 11 | sudo vim /etc/apache2/sites-available/000-default.conf 12 | 13 | CustomLog ${APACHE_LOG_DIR}/access.log my-combined 14 | 15 | #Save and exit 16 | 17 | #What the logs will show 18 | sudo tail /var/log/apache2/access.log 19 | 20 | #Lets edit the index.html 21 | sudo vim /var/www/html/index.html 22 | 23 |

My Page 24 | See Page 2 25 | 26 | #Save and exit 27 | 28 | #Create page2 29 | sudo vim /var/www/html/page2.html 30 | 31 | Hello from Page 2 32 | 33 | #Save and exit 34 | 35 | #Restart the service 36 | sudo systemctl restart apache2 37 | 38 | #Browse through the page 39 | w3m www.local. 40 | 41 | #Show the log file 42 | sudo tail /var/log/apache2/access.log 43 | 44 | 45 | 46 | -------------------------------------------------------------------------------- /05_Service_Configuration/A04/04_Restricting_access_pages.sh: -------------------------------------------------------------------------------- 1 | #Working on ubuntu2 2 | 3 | #Check the modules 4 | sudo a2query -m 5 | 6 | #If the module is not listed use 7 | sudo a2enmod status 8 | 9 | #Edit the conf file 10 | sudo vim /etc/apache2/mods-available/status.conf 11 | 12 | #Replace Require local with 13 | Require ip 192.168.56.0/24 14 | 15 | #Restart the service 16 | sudo systemctl restart apache2 17 | 18 | #SWITCH TO UBUNTU1 (should work) 19 | w3m www/server-status 20 | 21 | #BACK ON UBUNTU2 22 | 23 | #Edit the conf file 24 | sudo vim /etc/apache2/mods-available/status.conf 25 | 26 | #Replace Require ip 192.168.56.0/24 with 27 | Require ip 127.0.0.0/8 28 | 29 | #Restart the service 30 | sudo systemctl restart apache2 31 | 32 | #Check 33 | w3m localhost/server-status 34 | 35 | #SWITCH TO UBUNTU1 (should not work) 36 | w3m www/server-status 37 | 38 | 39 | -------------------------------------------------------------------------------- /05_Service_Configuration/A04/05_Implementing_web_proxy.sh: -------------------------------------------------------------------------------- 1 | #Working on ubunut2 2 | 3 | #List the modules 4 | sudo a2query -m 5 | 6 | #Enable the pdules 7 | sudo a2enmod proxy proxy_http 8 | 9 | #Edit the config file 10 | sudo vim /etc/apache2/mods-available/proxy.conf 11 | 12 | ProxyRequests On 13 | 14 | AddDefaultCharset off 15 | Require all denied 16 | Require ip 192.168.56.0/24 17 | 18 | 19 | #Restart the service 20 | sudo systemctl restart apache2 21 | 22 | #SWITCH TO UBUNTU1 23 | 24 | #Set the environment variables 25 | export http_proxy=http://ubuntu2.local 26 | 27 | #Test 28 | w3m www 29 | w3m www.winsolution.com 30 | 31 | #SWITCH TO UBUNTU2 32 | 33 | #Check the log file 34 | sudo tail -n 2 /var/log/apache/access.log 35 | 36 | 37 | 38 | -------------------------------------------------------------------------------- /05_Service_Configuration/A05/01_Install_MariaDB.sh: -------------------------------------------------------------------------------- 1 | #Working on ubuntu2 2 | 3 | #Install MariaDB-Server (installs also the client) 4 | sudo apt install mariadb-server 5 | 6 | #Connect to the db (this will not work) 7 | mysql -u root 8 | mysql -u root -p 9 | 10 | #This will work 11 | sudo mysql -u root 12 | -> show databases; 13 | -> use mysql; 14 | -> exit 15 | 16 | #Login and use a database 17 | sudo mysql -u root mysql 18 | -> describe user; 19 | -> select User, plugin from user; 20 | -> exit 21 | 22 | 23 | 24 | 25 | -------------------------------------------------------------------------------- /05_Service_Configuration/A05/02_Listening_on_network.sh: -------------------------------------------------------------------------------- 1 | #Working on ubuntu2 2 | 3 | #The listening ports 4 | ss -ntl #3306 5 | 6 | #About the help (not so much) 7 | mysqld --help 8 | 9 | #Much more with -verbose so we use head 10 | mysqld --help --verbose | head 11 | 12 | #The content from the conf file (the include) 13 | cat /etc/mysql/my.cnf 14 | 15 | #Lets have a look at 16 | cat /etc/mysql/mariadb.conf.d/50-server.cnf | less 17 | 18 | #Lets edit the conf file 19 | sudo vim /etc/mysql/mariadb.conf.d/50-server.cnf 20 | 21 | #bind-address 22 | skip-bind-address 23 | 24 | #Save and exit 25 | 26 | #Restart the service 27 | sudo systemctl restart mariadb 28 | 29 | #Lets check 30 | ss -ntl 31 | 32 | 33 | 34 | 35 | -------------------------------------------------------------------------------- /05_Service_Configuration/A05/03_Creating_database_and_users.sh: -------------------------------------------------------------------------------- 1 | #Working on ubuntu2 2 | 3 | #Working with MariaDB 4 | sudo mysql -u root mysql 5 | 6 | #Show the databases 7 | -> show databases; 8 | -> SHOW DATABASES; 9 | 10 | #Create a database 11 | -> CREATE DATABASE sales; 12 | -> SHOW DATABASES; 13 | 14 | #Show the users 15 | -> SELECT User, Host FROM user; 16 | -> SELECT User, Host FROM user WHERE Host <> 'localhost'; 17 | 18 | #Creta a new user 19 | -> CREATE User 'bob'@'192.168.56.0/255.255.255.0' IDENTIFIED BY 'Password1'; 20 | 21 | #Check 22 | -> SELECT User, Host FROM user WHERE Host <> 'localhost'; 23 | -> exit 24 | 25 | #This will not work 26 | mysql -h 192.168.56.102 -u bob 27 | 28 | #Much better 29 | mysql -h 192.168.56.102 -u bob -pPassword1 30 | 31 | #Access denied 32 | -> USE sales; 33 | -> exit 34 | 35 | #Working as root 36 | sudo mysql -u root mysql 37 | 38 | #Create a new user and set the permissions to the sales database 39 | -> GRANT ALL PRIVILEGES ON sales.* to 'brent'@'192.168.56.0/255.255.255.0' IDENTIFIED BY 'Password1'; 40 | -> SELECT User, Host FROM user WHERE Host <> 'localhost'; 41 | -> exit 42 | 43 | #SWITCH TO UBUNTU1 44 | 45 | #Install the client 46 | sudo apt install mariadb-client 47 | 48 | #Lets test 49 | mysql -h 192.168.56.102 -u brent -pPassword1 sales 50 | 51 | -> USE sales; 52 | -> exit 53 | 54 | 55 | -------------------------------------------------------------------------------- /05_Service_Configuration/A06/01_Installing_postfix_MTA.sh: -------------------------------------------------------------------------------- 1 | #Working on ubuntu2 2 | 3 | #First we check the ports 4 | ss -ntl 5 | 6 | #Install postfix and mail client 7 | sudo apt install postfix mailutils 8 | 9 | #General type: Internet Site 10 | #System mail name: local 11 | 12 | #Check the ports again 13 | ss -ntlp 14 | 15 | #Do we have an email 16 | mail 17 | 18 | #Lets send an email 19 | mail vagrant -s "Test Message" 20 | Cc: 21 | Hello Vagrant, Regards Tom 22 | Ctrl+D 23 | 24 | #Do we have an email 25 | mail 26 | 27 | #Choose Nr. 1 28 | 29 | #To quit type q 30 | 31 | #A local mail client is not helpful? 32 | df -h / 33 | 34 | df -h / > free.txt 35 | 36 | df -h / > free.txt && mail root -s "Disk free: $(date +%F)" < free.txt 37 | 38 | #Check the root mailbox 39 | sudo mail 40 | 41 | 42 | 43 | 44 | -------------------------------------------------------------------------------- /05_Service_Configuration/A06/02_Reconfiguring_postfix.sh: -------------------------------------------------------------------------------- 1 | #Working on ubuntu2 2 | 3 | #Checking the ports 4 | ss -ntl 5 | 6 | #Cat the mail aliases 7 | cat /etc/aliases 8 | 9 | #Remove the file - we create a new one 10 | sudo rm /etc/aliases 11 | 12 | #Start the reconfiguration 13 | sudo dpkg-reconfigure postfix 14 | 15 | #Root and postmaster mail recipient: vagrant 16 | #Other destinations: no change 17 | #Local networks: add 192.168.56.0/24 at the end of the line 18 | #Mailbox size: no change 19 | #Local address extension: no change 20 | #Internet protocols: ipv4 21 | 22 | #Restart the postfix service 23 | sudo systemctl restart postfix 24 | 25 | #Lets check the ports 26 | ss -ntl 27 | 28 | #What about the mal aliases 29 | cat /etc/aliases 30 | 31 | #Edit the aliases 32 | vim /etc/aliases 33 | 34 | #webmaster: root (do not use a user - if the user leaves the organization, the aliases must be adjusted again) 35 | 36 | #Save and exit 37 | 38 | #Apply the adjustment 39 | sudo newaliases 40 | 41 | 42 | #Test the alias 43 | mail root -s "new test" < /etc/hosts 44 | 45 | echo "Hello" | mail webmaster -s Message 46 | 47 | mail 48 | 49 | 50 | -------------------------------------------------------------------------------- /05_Service_Configuration/A06/03_Configuring_IMAP_and_mutt.sh: -------------------------------------------------------------------------------- 1 | #Working on ubuntu2 2 | 3 | #Install dovecot 4 | sudo apt install dovecot-imapd 5 | 6 | #Check the ports 7 | ss -ntl #993 IMAPS 143 IMAP 8 | 9 | sudo ss -ntlp 10 | 11 | #The self-signed certificate (Add your own certificate for an enterprise setup) 12 | head -n 15 /etc/dovecot/conf.d/10-ssl.conf 13 | 14 | #We create a new user with no interactive shell, but it can change the password 15 | sudo useradd -m jack -s /usr/bin/passwd 16 | 17 | #Check 18 | getent passwd jack 19 | 20 | #Set th password 21 | sudo passwd jack 22 | 23 | #Create a mail 24 | echo "Hello and welcome to the firm" | mail jack -s "Welcome" 25 | 26 | #SWITCH TO UBUNTU1 27 | 28 | #Install the mail client 29 | sudo apt install mutt 30 | 31 | #To configure mutt 32 | vim .muttrc 33 | set folder="imap://jack@ubuntu2" 34 | set spoolfile="imap://jack@ubuntu2/INBOX" 35 | 36 | #Open mutt 37 | mutt 38 | 39 | 40 | 41 | -------------------------------------------------------------------------------- /05_Service_Configuration/A06/04_Adding_MX_records.sh: -------------------------------------------------------------------------------- 1 | #Working on ubuntu2 2 | 3 | #We edit our zone file 4 | sudo vim /etc/bind/zones/db.local 5 | 6 | local. IN MX 10 ubuntu2.local. #Dont forget to update the serial number of the zone 7 | 8 | #Save and exit 9 | 10 | #Check the zone file 11 | sudo named-checkzone local. /etc/bind/zones/db.local 12 | 13 | #Reload the service 14 | sudo rndc reload local. IN 15 | 16 | #Did it work? 17 | dig local. MX 18 | 19 | 20 | 21 | -------------------------------------------------------------------------------- /05_Service_Configuration/A07/01_Installing_docker.sh: -------------------------------------------------------------------------------- 1 | #Working on ubuntu2 2 | 3 | #For once, we work as root 4 | sudo -i 5 | 6 | #Show the links 7 | ip link ls 8 | 9 | #Update the metadata 10 | apt update && apt install -y docker.io 11 | 12 | #Check the Service 13 | systemctl status docker 14 | 15 | #We have one more link 16 | ip link ls 17 | 18 | #The docker version 19 | docker --version 20 | 21 | #More information 22 | docker info 23 | 24 | docker info | head 25 | 26 | #The first container 27 | docker run hello-world 28 | 29 | #Now we have a container and an image 30 | docker info | head 31 | 32 | 33 | -------------------------------------------------------------------------------- /05_Service_Configuration/A07/02_Working_docker_images.sh: -------------------------------------------------------------------------------- 1 | #Working on ubuntu2 2 | 3 | #We create an alias for working with docker 4 | alias docker='sudo docker' 5 | 6 | #List the images 7 | docker images 8 | 9 | #An other method 10 | docker image ls 11 | 12 | docker image TABTAB 13 | 14 | #The help 15 | docker image --help 16 | 17 | #Do not forget the man pages 18 | man docker-image TABTAB 19 | man docker-image-ls 20 | 21 | #Inspect an image 22 | docker image inspect hello-world 23 | 24 | #Looking for the tag 25 | docker image inspect hello-world -f '{{ .RepoTags }}' 26 | 27 | #Set a new tag (its like hardlink) 28 | docker image tag hello-world my-hello 29 | 30 | #Looking for the tag 31 | docker image inspect hello-world -f '{{ .RepoTags }}' 32 | 33 | docker image ls 34 | 35 | #Find the image 36 | sudo find /var/lib/docker -name "feb5d9fea6a5*" 37 | 38 | #Search for an image in docker hub 39 | docker search ubuntu 40 | 41 | docker search ubuntu -f is-official=true 42 | 43 | #Get the ubuntu image 44 | docker image pull ubuntu 45 | 46 | #List the images 47 | docker image ls 48 | 49 | #Get the mysql image 50 | docker image pull mysql 51 | 52 | #List the images 53 | docker image ls 54 | 55 | 56 | -------------------------------------------------------------------------------- /05_Service_Configuration/A07/03_Working_with_containers.sh: -------------------------------------------------------------------------------- 1 | #Working on ubuntu2 (Don't forget we created an alias for Docker) 2 | 3 | #The alias 4 | alias 5 | 6 | #The old way 7 | docker ps 8 | 9 | docker ps -a 10 | 11 | #New way 12 | docker container ls 13 | 14 | docker container ls -a 15 | 16 | #Remove all stopped containers 17 | docker container TABTAB 18 | 19 | docker container prune 20 | 21 | #Check 22 | docker container ls -a 23 | 24 | #Creates a container 25 | docker container run ubuntu 26 | 27 | #Check 28 | docker container ls ; docker container ls -a 29 | 30 | #Create a container (-i interactive; -t pseudo-TTY) 31 | docker container run -it --name u1 ubuntu 32 | 33 | cat /etc/os-release 34 | 35 | exit 36 | 37 | #The containers are stopped 38 | docker container ls ; docker container ls -a 39 | 40 | #Start a container 41 | docker container start -i u1 42 | 43 | exit 44 | 45 | #The containers are stopped 46 | docker container ls ; docker container ls -a 47 | 48 | #Create a new container 49 | docker container run -it --name u2 ubuntu 50 | 51 | CTRL + pq 52 | 53 | #The container is still up 54 | docker container ls ; docker container ls -a 55 | 56 | #Show the links 57 | ip link ls 58 | 59 | #Stop the container 60 | docker container stop u2 61 | 62 | #Check and prune 63 | docker container ls -a ; docker container prune 64 | 65 | 66 | 67 | 68 | -------------------------------------------------------------------------------- /05_Service_Configuration/A07/04_Working_with_container_services.sh: -------------------------------------------------------------------------------- 1 | #Working on ubuntu2 2 | 3 | #Create a new container (the image will be also downloaded) 4 | docker container run -d --name web nginx 5 | 6 | #Check the links 7 | ip link ls 8 | 9 | #The IP from the container 10 | docker container inspect web 11 | 12 | docker container inspect -f '{{range.NetworkSettings.Networks}}{{.IPAddress}}{{end}}' web 13 | 14 | docker container inspect web | grep -i address #A bit easier 15 | 16 | #The default page 17 | curl 18 | 19 | #Remove the container 20 | docker container rm -f web 21 | 22 | #Create a directory and a new index.html file 23 | mkdir web 24 | echo hello > web/index.html 25 | 26 | #Port and volume mapping 27 | docker container run -d --name web -p 8000:80 -v /home/vagrant/web/:/usr/share/nginx/html -p 8000:80 nginx 28 | 29 | #Lets test 30 | curl localhost:8000 31 | 32 | 33 | -------------------------------------------------------------------------------- /05_Service_Configuration/A07/05_Building_images_dockerfiles.sh: -------------------------------------------------------------------------------- 1 | #Working on ubuntu 2 | 3 | #Change into web 4 | cd web 5 | 6 | #Use vim to create a Dockerfile 7 | vim Dockerfile 8 | 9 | FROM ubuntu 10 | RUN apt-get update && apt-get install -y nginx 11 | EXPOSE 80/tcp 12 | ADD index.html /var/www/html/ 13 | CMD ["nginx", "-g", "daemon off;" ] 14 | 15 | #Save and exit 16 | 17 | #Do not forget the dot at the end 18 | docker image build -t customweb . 19 | 20 | #List the images 21 | docker image ls 22 | 23 | #Remove the old container 24 | docker container rm -f web 25 | 26 | #Create a new container with our image 27 | docker container run -d --name web -p 8000:80 customweb 28 | 29 | #Test 30 | curl localhost:8000 31 | 32 | #And clean up 33 | docker container rm -f web 34 | 35 | 36 | 37 | -------------------------------------------------------------------------------- /05_Service_Configuration/A07/Containers.sh: -------------------------------------------------------------------------------- 1 | Containers 2 | 3 | Containers are a way to isolate applications from the rest of the OS 4 | and other applications. A container image only needs the resources 5 | required to run the application. -------------------------------------------------------------------------------- /05_Service_Configuration/A08/01_Configuring_vagrant_nest_vms.sh: -------------------------------------------------------------------------------- 1 | #On the host 2 | 3 | #Create a new directory and put the Vagrantfile in it 4 | 5 | #Create the vm 6 | vagrant up 7 | 8 | #Connect to the vm 9 | vagrant ssh 10 | 11 | #Update the metadata and install the cpu tool 12 | sudo apt update && sudo apt install -y cpu-checker 13 | 14 | #Ceck the system 15 | sudo kvm-ok 16 | 17 | #What is kvm-ok 18 | file /usr/sbin/kvm-ok 19 | 20 | #Lets look at the script 21 | less /usr/sbin/kvm-ok 22 | 23 | 24 | 25 | Installing the cpu-checker package is a simple way to test your system does support virtual 26 | machines. We set the option in VirtualBox but this is often a CPU option in system BIOS. We are 27 | checking flags on the CPU but the hard work is done but kvm-ok. -------------------------------------------------------------------------------- /05_Service_Configuration/A08/02_Installing_virtual_ubuntu.sh: -------------------------------------------------------------------------------- 1 | #Working on ubuntu2 2 | 3 | #Install the tools 4 | sudo apt -y install bridge-utils libvirt-clients libvirt-daemon qemu qemu-kvm 5 | sudo apt -y install cockpit cockpit-machines 6 | 7 | #Or you can use the script 8 | bash install_kvm.sh 9 | 10 | #Group membership of vagrant 11 | id 12 | 13 | #Add some groups 14 | sudo usermod -aG kvm tom 15 | 16 | sudo usermod -aG libvirt tom 17 | 18 | #Group membership of vagrant 19 | id 20 | id vagrant 21 | 22 | #Exit and login again 23 | 24 | #Group membership of vagrant 25 | id 26 | 27 | #Check the ports 28 | ss -ntl 29 | 30 | #On the physical host open the browser 31 | https://192.168.56.102:9090 32 | 33 | #Create a new vm 34 | 35 | #Back on ubuntu2 36 | 37 | #List the vm 38 | virsh list 39 | 40 | virsh list --all 41 | 42 | #Stop the vm 43 | virsh destroy u1 44 | 45 | #List the vm 46 | virsh list --all 47 | 48 | #Start the vm 49 | virsh start u1 50 | 51 | #To delete the vm 52 | virsh undefine u1 53 | 54 | 55 | 56 | 57 | Linux Virtual Machines often use Libvirt/qemu-kvm as the hypervisor. We will install the 58 | hypervisor and tools. As we do not have a GUI environment to easily install VMs we can use the 59 | Cockpit Web Interface. Additionally, web add out own user account to the kvm and libvirt group 60 | to allow management of virtual machines. Dont forget to logout and in again to pick up group 61 | memberships. -------------------------------------------------------------------------------- /05_Service_Configuration/A08/03_vagrant_libvirt.sh: -------------------------------------------------------------------------------- 1 | #Working on ubuntu2 2 | 3 | #Install vagrant 4 | sudo apt install -y vagrant 5 | 6 | #Create a direcrory and move in 7 | mkdir test && cd test 8 | 9 | #Create the Vagrantfile 10 | vagrant init --minimal generic/ubuntu2004 11 | 12 | #Show the Vagrantfile 13 | cat Vagrantfile 14 | 15 | #Start the vm with the libvirt provider 16 | vagrant up --provider=libvirt 17 | 18 | #Connect to the vm 19 | vagrant ssh 20 | 21 | exit 22 | 23 | #List the vm 24 | virsh list 25 | 26 | #Stop the vm 27 | vagrant halt 28 | 29 | #List the vm 30 | virsh list --all 31 | 32 | 33 | As we have become used to Vagrant in this course so far, we can use it in our Ubuntu system to 34 | host VMs. The convenience and speed is still there. Once the VM is booted we can list the VM 35 | using standard Libvirt tools but use Vagrant to connect. -------------------------------------------------------------------------------- /05_Service_Configuration/A08/Install_kvm.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | sudo apt -y install \ 3 | bridge-utils \ 4 | libvirt-clients \ 5 | libvirt-daemon \ 6 | qemu \ 7 | qemu-kvm \ 8 | cockpit \ 9 | cockpit-machines 10 | 11 | echo "Dont forget to add your user account to the libvirt and kvm groups" 12 | -------------------------------------------------------------------------------- /05_Service_Configuration/A08/Links.md: -------------------------------------------------------------------------------- 1 | # Some helpful links 2 | 3 | 4 | 5 | 6 | -------------------------------------------------------------------------------- /05_Service_Configuration/A08/Nested_vms.sh: -------------------------------------------------------------------------------- 1 | As we base this course on Vagrant and VirtualBox we will create a new Vagrant VM to run our 2 | hypervisor. This is known as nested virtual machines where one VM hosts other VMs. Nested 3 | VMs are supported in VirtualBox from version 6.1. To enable support in Vagrant we set the 4 | option in the Vagrantfile. -------------------------------------------------------------------------------- /05_Service_Configuration/A08/VM_ftp_url.sh: -------------------------------------------------------------------------------- 1 | http://ftp.ubuntu.com/ubuntu/dists/focal/main/installer-amd64/ -------------------------------------------------------------------------------- /05_Service_Configuration/A08/Vagranfile: -------------------------------------------------------------------------------- 1 | Vagrant.configure("2") do |config| 2 | config.vm.box = "ubuntu/focal64" 3 | config.vm.provider "virtualbox" do |v| 4 | v.memory = 4096 5 | v.customize ['modifyvm', :id, '--nested-hw-virt', 'on'] 6 | v.cpus = 2 7 | end 8 | 9 | config.vm.define "ubuntu2" do |ubuntu2| 10 | ubuntu2.vm.hostname = "ubuntu2" 11 | ubuntu2.vm.network "private_network", ip: "192.168.56.102" 12 | end 13 | end -------------------------------------------------------------------------------- /06_Storage_Management/A01/Vagrantfile: -------------------------------------------------------------------------------- 1 | # -*- mode: ruby -*- 2 | # vi: set ft=ruby : 3 | 4 | #Place Vagrantfile in the directory you run vagrant from. 5 | #This should also contain ubuntu.yml which configure VMs 6 | 7 | # setting for all VMs 8 | Vagrant.configure("2") do |config| 9 | config.vm.box = "ubuntu/focal64" 10 | config.vm.provision "ansible_local", playbook: "ubuntu.yml" 11 | config.vm.provider "virtualbox" do |v| 12 | v.memory = 2048 13 | v.cpus = 2 14 | end 15 | 16 | # specific for ubuntu1 17 | config.vm.define "ubuntu1" do |ubuntu1| 18 | ubuntu1.vm.hostname = "ubuntu1" 19 | ubuntu1.vm.network "private_network", ip: "192.168.56.101" 20 | end 21 | 22 | # specific for ubuntu2 23 | config.vm.define "ubuntu2" do |ubuntu2| 24 | ubuntu2.vm.hostname = "ubuntu2" 25 | ubuntu2.vm.network "private_network", ip: "192.168.56.102" 26 | end 27 | end 28 | -------------------------------------------------------------------------------- /06_Storage_Management/A01/ubuntu.yml: -------------------------------------------------------------------------------- 1 | # Place in directory you run Vagrant from, alongside the Vagrantfile 2 | - name: Configure Ubuntu 3 | hosts: all 4 | become: true 5 | gather_facts: false 6 | tasks: 7 | - name: Update Package Cache and Upgrade Existing Packages 8 | apt: 9 | update_cache: true 10 | upgrade: true 11 | 12 | - name: Ensure SSH Allows Password Authentication 13 | lineinfile: 14 | path: /etc/ssh/sshd_config 15 | line: PasswordAuthentication yes 16 | regexp: '^PasswordAuthentication .*$' 17 | notify: RestartSSH 18 | - name: correct multipathd 19 | copy: 20 | dest: /etc/multipath.conf 21 | content: | 22 | defaults { 23 | user_friendly_names yes 24 | } 25 | blacklist { 26 | devnode "^sd[a-b]" 27 | } 28 | notify: RestartMP 29 | handlers: 30 | - name: RestartSSH 31 | service: 32 | name: ssh 33 | state: restarted 34 | - name: RestartMP 35 | service: 36 | name: multipathd 37 | state: restarted -------------------------------------------------------------------------------- /06_Storage_Management/A02/01_Using_lsblk_create_storage.sh: -------------------------------------------------------------------------------- 1 | #Start with the block devices 2 | lsblk 3 | 4 | #The sdb partition is vagrant specific 5 | 6 | #List the filesystem and more 7 | lsblk -f 8 | 9 | #Mount the sdb 10 | sudo mount /dev/sdb /mnt 11 | 12 | #The content /mnt 13 | ls /mnt 14 | 15 | #Umount /mnt 16 | sudo umount /mnt 17 | 18 | #Use find 19 | find /dev/ -type b 20 | 21 | #Infos from sda 22 | ls -l /dev/sda 23 | 24 | #Major No = Kernel Module (8 = SCSI Driver Module) 25 | 26 | #Lets create a sparse file (Sparse Files are a type of computer file that allows for efficient storage allocation for large data) 27 | sudo fallocate -l 500M /root/disk1 28 | 29 | #Check 30 | sudo ls -lh /root/disk 31 | 32 | #List the block device 33 | lsblk 34 | 35 | #Create a device file 36 | sudo losetup /dev/loop3 /root/disk1 37 | 38 | sudo losetup 39 | 40 | #List the block device 41 | lsblk 42 | 43 | 44 | 45 | -------------------------------------------------------------------------------- /06_Storage_Management/A02/02_Partitioning_disks.sh: -------------------------------------------------------------------------------- 1 | #MSDOS = 4 Primary max. Size 2TB 2 | #GPT (GUID Partition Table (GPT)) = theoretical 128 Partitions (SCSI Driver max 15 Partitions) max. Size 32EB 3 | 4 | #Working on ubuntu1 5 | 6 | #List the block device 7 | lsblk 8 | 9 | #Partition with fdisk 10 | sudo fdisk /dev/loop3 11 | 12 | #Now we have interactive utility => We create 1 Partition with the full size 13 | 14 | #Does lsblk list the partition 15 | lsblk 16 | 17 | #We need partprobe 18 | sudo partprobe /dev/loop3 19 | 20 | #Now it does 21 | lsblk 22 | 23 | #Lets wipe 24 | sudo wipefs -a /dev/loop3 # -a = all 25 | 26 | #Partition with parted 27 | sudo parted /dev/loop3 mklabel msdos mkpart primary 0% 50% mkpart primary 50% 100% print 28 | 29 | #Did it work 30 | lsblk 31 | 32 | 33 | 34 | 35 | -------------------------------------------------------------------------------- /06_Storage_Management/A02/03_Creating_systemd_unit.sh: -------------------------------------------------------------------------------- 1 | #Working on ubuntu1 2 | 3 | #The link from the loop to the block device is not permanent 4 | 5 | #List the devices 6 | lsblk 7 | 8 | #Delete the loop device (deletes also the partition) 9 | sudo losetup -d /dev/loop3 10 | 11 | #List the devices 12 | lsblk 13 | 14 | #Lets create a service unit (use the example file) 15 | vim disk1.service 16 | 17 | #Copy the file 18 | sudo cp disk1.service /etc/systemd/system 19 | 20 | #Now we need to reload the daemon 21 | sudo systemctl daemon-reload 22 | 23 | #The device is not yet available. 24 | lsblk 25 | 26 | #Start our unit 27 | sudo systemctl enable --now disk1.service 28 | 29 | #Now it is 30 | lsblk 31 | 32 | #The see what we have done 33 | sudo systemctl cat disk1.service 34 | -------------------------------------------------------------------------------- /06_Storage_Management/A02/disk1.service: -------------------------------------------------------------------------------- 1 | [Unit] 2 | Description=Set up loop device 3 | DefaultDependencies=no 4 | Before=local-fs.target 5 | After=systemd-udevd.service 6 | Required=systemd-udevd.service 7 | 8 | [Service] 9 | Type=oneshot 10 | ExecStart=/sbin/losetup /dev/loop3 /root/disk1 11 | ExecStart=/sbin/partprobe /dev/loop3 12 | Timeout=60 13 | RemainAfterExit=no 14 | 15 | [Install] 16 | WantedBy=local-fs.target -------------------------------------------------------------------------------- /06_Storage_Management/A03/01_Creating_Filesystem.sh: -------------------------------------------------------------------------------- 1 | #Working on ubuntu1 2 | 3 | #Filesystem Limitations: 4 | #EXT4 1EB (1000PB); Max file size 16TB 5 | #XFS 18EB; Max file size 9EB 6 | 7 | #List the block devices 8 | lsblk 9 | 10 | lsblk -f 11 | 12 | #Create a filesystem 13 | sudo mkfs.ext4 /dev/loop3p1 14 | 15 | #If we run again, we get a warning 16 | sudo mkfs.ext4 /dev/loop3p1 17 | 18 | #Create a filesystem 19 | sudo mkfs -t TABTAB 20 | 21 | sudo mkfs -t xfs /dev/loop3p1 #If we choose the wrong partition 22 | 23 | sudo mkfs -t xfs /dev/loop3p2 24 | 25 | #The block devices, but no mount point for our partitions 26 | lsblk -f 27 | 28 | 29 | 30 | -------------------------------------------------------------------------------- /06_Storage_Management/A03/02_Working_mount_points.sh: -------------------------------------------------------------------------------- 1 | #Working on ubuntu1 2 | 3 | #First we create the mount points 4 | sudo mkdir -m 0000 /shared_ext4 /shared_xfs 5 | 6 | #Check the perms and the inodes 7 | ls -ld /shared_* 8 | 9 | ls -ldi /shared_* 10 | 11 | #We shoud not be able to change into the directories 12 | cd /shared_ext4/ 13 | 14 | #Mount loop3p1 15 | sudo mount /dev/loop3p1 /shared_ext4 16 | 17 | #List the metadata => a different inode 18 | ls -ldi /shared_ext4 19 | 20 | #Change the permission 21 | sudo chmod 1777 /shared_ext4 22 | 23 | cd /shared_ext4 24 | 25 | cd 26 | 27 | #Mount loop3p2 28 | sudo mount /dev/loop3p2 /shared_xfs 29 | 30 | #Change the permission 31 | sudo chmod 1777 /shared_xfs 32 | 33 | #List the metadata 34 | ls -ldi /shared_* 35 | 36 | 37 | -------------------------------------------------------------------------------- /06_Storage_Management/A03/03_Working_fstab_file.sh: -------------------------------------------------------------------------------- 1 | #Working on ubuntu1 2 | 3 | #Check the mounts 4 | mount -t xfs 5 | 6 | mount -t ext4 7 | 8 | #List the block devices 9 | lsblk -f 10 | 11 | #Copy the UUID from loop3p1 12 | 13 | #Edit the fstab file 14 | sudo vim /etc/fstab 15 | 16 | UUID="the uuid" /shared_ext4 ext4 defaults 0 0 17 | 18 | :r!sudo blkid /dev/loop3p2 #Import the infos 19 | 20 | #Edit the line 21 | 22 | #Save and exit 23 | 24 | #Umount 25 | sudo umount /shared_ext4 26 | 27 | sudo umount /shared_xfs 28 | 29 | #But what about the fstab fields 30 | man fstab 31 | 32 | #List the block devices 33 | lsblk -f 34 | 35 | #Use the mount command 36 | sudo mount -a 37 | 38 | #List the block devices 39 | lsblk -f 40 | 41 | 42 | 43 | 44 | 45 | 46 | 47 | -------------------------------------------------------------------------------- /06_Storage_Management/A03/04_Configuring_limits_xfs.sh: -------------------------------------------------------------------------------- 1 | #Working on ubuntu1 in a root session 2 | 3 | sudo -i 4 | 5 | #Check the xfs mounts (we see no quota support) 6 | mount -t xfs 7 | 8 | #A remount would not help (-o = options) 9 | mount -o remount,uquota /shared_xfs 10 | 11 | #Check the xfs mounts (still no quota support) 12 | mount -t xfs 13 | 14 | #Unmount 15 | umount /shared_xfs 16 | 17 | #We edit the fstab file 18 | vim /etc/fstab 19 | 20 | #replace defaults with uquota 21 | 22 | #Save and exit 23 | 24 | #Apply the new config 25 | mount -a 26 | 27 | #Check the xfs mounts (now we have quota support) 28 | mount -t xfs 29 | 30 | #What is in the directory 31 | ls -l /shared_xfs 32 | 33 | #Lets create a file 34 | sudo -u vagrant fallocate -l 20M /shared_xfs/file1 35 | 36 | #List the content 37 | ls -l /shared_xfs 38 | 39 | #We can use xfs_quota interactive 40 | xfs_quota #without an option is very limited 41 | help #hit enter 42 | quit 43 | 44 | #We can use xfs_quota interactive 45 | xfs_quota -x #the expert way 46 | help 47 | quit 48 | 49 | #Lets generate a report 50 | xfs_quota -x -c 'report -h' /shared_xfs #report is command, -h humanreadable 51 | 52 | #Create a quota for the vagrant user 53 | xfs_quota -x -c 'limit bsoft=25M bhard=30M vagrant' /shared_xfs #b = block / we could also use i = inodes 54 | 55 | #Lets generate a report 56 | xfs_quota -x -c 'report -h' /shared_xfs 57 | 58 | #Create an other file 59 | sudo -u vagrant fallocate -l 8M /shared_xfs/file2 60 | 61 | #We have hit the soft limit 62 | xfs_quota -x -c 'report -h' /shared_xfs 63 | 64 | #This will not work 65 | sudo -u vagrant fallocate -l 8M /shared_xfs/file3 66 | 67 | #The focus was on the blocks and not on the inodes 68 | df -h /shared_xfs 69 | df -i /shared_xfs 70 | 71 | #The inodes report 72 | xfs_quota -x -c 'report -i' /shared_xfs 73 | 74 | 75 | 76 | 77 | -------------------------------------------------------------------------------- /06_Storage_Management/A03/05_Configuring_limits_ext4.sh: -------------------------------------------------------------------------------- 1 | #Working on ubuntu1 in a root session 2 | 3 | sudo -i 4 | 5 | #First we check the kernel version 6 | uname -r 7 | 8 | #Do we use the latest kernel 9 | ls -l /boot 10 | 11 | #If needed to use the latest kernel 12 | reboot 13 | 14 | #Check again 15 | uname -r 16 | 17 | #Do we have the modules 18 | find /lib/modules/ -type f -name '*quota_v*.ko*' 19 | 20 | #Install the packages 21 | apt install linux-image-extra-virtual quota 22 | 23 | #Do we have the modules 24 | find /lib/modules/ -type f -name '*quota_v*.ko*' 25 | 26 | #Reboot the system or load the modules 27 | modprobe -v quota_v1 28 | modprobe -v quota_v2 29 | 30 | #Unmount 31 | umount /shared_ext4 32 | 33 | #There are two ways to enable quota support (this way generates a new UUID) 34 | mkfs.ext4 -O quota /dev/loop3p1 #Copy the new UUID 35 | 36 | #Edit the fstab file with the new UUID 37 | vim /etc/fstab 38 | 39 | #Save and exit 40 | 41 | #The second way to support quota (no new UUID) 42 | tune2fs -O quota /dev/loop3p1 43 | 44 | #Use mount 45 | mount -a 46 | 47 | #Enable quota for all ext4 filesystems 48 | quotaon -vua #-v = verbose, -u = user quota, -a = all filesystems 49 | 50 | #Create the quota 51 | equota vagrant 52 | 53 | #Set the quota on blocks/soft/hard (20000 / 25000) 54 | 55 | #Save and exit 56 | 57 | #Generate a report 58 | repquota -uv /shared_ext4 59 | 60 | #By creating a new file system the permissions were removed. 61 | ls -ld /shared_ext4 62 | chmod 1777 /shared_ext4 63 | 64 | #Create a file 65 | sudo -u vagrant fallocate -l 18M /shared_ext4/file1 66 | 67 | #Generate a report 68 | repquota -uv /shared_ext4 69 | 70 | #Create a file 71 | sudo -u vagrant fallocate -l 4M /shared_ext4/file2 72 | 73 | #Generate a report (we hit the soft limit) 74 | repquota -uv /shared_ext4 75 | 76 | #Create a file (does not work) 77 | sudo -u vagrant fallocate -l 4M /shared_ext4/file3 78 | 79 | 80 | -------------------------------------------------------------------------------- /06_Storage_Management/A04/01_Creating_swap_space.sh: -------------------------------------------------------------------------------- 1 | #Working on ubuntu1 in a root session 2 | 3 | sudo -i 4 | 5 | #Show memory (no swap) 6 | free -h 7 | 8 | #We create some new files 9 | fallocate -l 500M /root/disk2 10 | fallocate -l 500M /root/disk3 11 | 12 | #What do we have 13 | ls -lh disk* 14 | 15 | #The losetup (losetup is used to associate loop devices with regular files or block devices) 16 | losetup 17 | 18 | #Create a variable with the new loop device infos 19 | disk=$(losetup -f /root/disk2 --show) #-f = losetup will find an available loop device 20 | 21 | #Echo the variable 22 | echo $disk 23 | 24 | #Create a partition 25 | parted $disk mklabel msdos mkpart primary 0% 100% 26 | 27 | #Setup a swap area 28 | mkswap ${disk}p1 #mkswap sets up a Linux swap area on a device or in a file 29 | 30 | blkid ${disk}p1 31 | 32 | #List the swap space 33 | swapon -s #-s = summary 34 | 35 | swapon ${disk}p1 #swapon is used to specify devices on which paging and swapping are to take place 36 | 37 | #List the swap info 38 | swapon -s 39 | 40 | #Create swap with a file 41 | mkswap /root/disk3 42 | 43 | chmod 600 /root/disk3 44 | 45 | swapon -p 10 /root/disk3 #-p = set the priority (Higher numbers indicate higher priority) 46 | 47 | #The swap info 48 | swapon -s 49 | 50 | #Do we we have swap 51 | free -h 52 | 53 | #Disable swap 54 | swapoff -a #-a flag is given, swapping is disabled on all known swap devices and files 55 | 56 | #The swap info 57 | swapon -s 58 | 59 | #To make it permanent 60 | blkid 61 | 62 | vim /etc/fstab 63 | 64 | UUID= swap swap pri=10 0 0 65 | 66 | #Save and exit 67 | 68 | #Check swap 69 | swapon -s 70 | swapon -a #Reads in the fstab file 71 | swapon -s 72 | 73 | 74 | 75 | -------------------------------------------------------------------------------- /06_Storage_Management/A04/02_Tuning_swap_behaviour.sh: -------------------------------------------------------------------------------- 1 | #Working on ubuntu1 in a root session 2 | 3 | #The swappiness range goes from 0 to 100 (default is 60). 0 = No swapping; 100 = Aggressive Swapping 4 | 5 | sudo -i 6 | 7 | #Check the swappiness 8 | cat /proc/sys/vm/swappiness 9 | 10 | #Is there a config in place 11 | grep -R swap /etc/sysctl* 12 | 13 | #Create a file 14 | vim /etc/sysctl.d/99-swap.conf 15 | 16 | vm.swappiness=20 17 | 18 | #Save and exit 19 | 20 | #Read in all config files 21 | sysctl --system 22 | 23 | #Check 24 | !g 25 | 26 | !c 27 | #or 28 | cat /proc/sys/vm/swappiness 29 | 30 | 31 | 32 | -------------------------------------------------------------------------------- /06_Storage_Management/A05/01_Clean_up_swap_drives.sh: -------------------------------------------------------------------------------- 1 | #Working on ubuntu1 in a root session 2 | 3 | sudo -i 4 | 5 | #Disable swap 6 | swapoff -a 7 | swapon -s 8 | 9 | #What about the fstab file 10 | cat /etc/fstab 11 | 12 | #We have to delete the swap entry (but first we check what we are doing) 13 | sed '/swap/d' /etc/fstab 14 | 15 | sed -i '/swap/d' /etc/fstab #-i = in-place edit 16 | 17 | #Did it work 18 | !ca 19 | 20 | #List the losetup info 21 | losetup 22 | 23 | #Wipe the files 24 | wipefs -a --force /root/disk2 #-a = Erase all available signatures 25 | wipefs -a --force /root/disk3 26 | 27 | 28 | 29 | 30 | -------------------------------------------------------------------------------- /06_Storage_Management/A05/02_Create_device_file_for_lvm_config.sh: -------------------------------------------------------------------------------- 1 | #Working on ubuntu1 in a root session 2 | 3 | sudo -i 4 | 5 | #Create a variable with the new loop device infos 6 | disk=$(losetup -f /root/disk2 --show) #-f = losetup will find an available loop device 7 | 8 | echo $disk 9 | 10 | #Create two partitions with the lvm flag 11 | parted $disk mklabel msdos mkpart primary 0% 50% mkpart primary 50% 100% set 1 lvm on set 2 lvm on print 12 | 13 | #Do we have lvm physical volumes => no setting the flag does not mean we have lvm physical volumes 14 | pvs 15 | 16 | 17 | 18 | -------------------------------------------------------------------------------- /06_Storage_Management/A05/03_working_physical_volumes.sh: -------------------------------------------------------------------------------- 1 | #Working on ubuntu1 in a root session 2 | 3 | sudo -i 4 | 5 | #To be sure we working with the latest lvm version 6 | apt install -y lvm2 7 | 8 | #No volumes (infos from memory) 9 | pvs 10 | 11 | #No volumes (scans attached disks) 12 | pvscan 13 | 14 | #We create a physical volumes 15 | pvcreate -v --pvmetadatacopies=2 ${disk}p1 #--pvmetadatacopies = The number of metadata areas to set aside on each PV 16 | 17 | #Use pvs and pvdisplay 18 | pvs 19 | 20 | pvdisplay 21 | 22 | 23 | 24 | -------------------------------------------------------------------------------- /06_Storage_Management/A05/04_Working_volume_group.sh: -------------------------------------------------------------------------------- 1 | #Working on ubuntu1 in a root session 2 | 3 | sudo -i 4 | 5 | #No volume group 6 | vgs 7 | 8 | #Create a volume group 9 | vgcreate -v -s8K vg1 ${disk}p1 #-s = Sets the physical extent size on physical volumes of this volume group 10 | 11 | #Show the backup of the metadata 12 | cat /etc/lvm/backup/vg1 13 | 14 | 15 | #Display the physical volumes and volume group 16 | pvdisplay #PE Size is set to 8K 17 | 18 | vgdisplay #Metadata areas is set to 2 19 | 20 | #Extend the volume group (this does also makes a physical volumes) 21 | vgextend -v vg1 ${disk}p2 22 | 23 | #List the infos 24 | pvs 25 | 26 | pvdisplay 27 | 28 | vgdisplay #Metadata is set to 3 (2 Metadata areas on p1 and 1 metadata area on p2) 29 | 30 | 31 | 32 | -------------------------------------------------------------------------------- /06_Storage_Management/A05/05_Creating_logical_volumes.sh: -------------------------------------------------------------------------------- 1 | #Working on ubuntu1 in a root session 2 | 3 | sudo -i 4 | 5 | #No logical volumes but a volume group 6 | lvs 7 | 8 | vgs 9 | 10 | #Create a logical volume 11 | lvcreate -v -n lv1 -L 300M vg1 #-L = Logical Volume Size in Units (M, G, T, etc.) 12 | 13 | #List block devices 14 | lsblk 15 | 16 | #Create a filesystem 17 | mkfs.xfs /dev/mapper/vg1-lv1 18 | 19 | #Create a mount point 20 | mkdir /shared_lvm 21 | 22 | #Mount the volume 23 | mount /dev/mapper/vg1-lv1 /shared_lvm 24 | 25 | #Infos about the usage 26 | df -h /shared_lvm 27 | 28 | #Copy some files 29 | find /usr/share/doc -type f -name '*.html' -exec cp {} /shared_lvm \; 30 | 31 | #Infos about the usage 32 | df -h /shared_lvm 33 | 34 | 35 | 36 | -------------------------------------------------------------------------------- /06_Storage_Management/A05/06_Extending_logical_volumes.sh: -------------------------------------------------------------------------------- 1 | #Working on ubuntu1 in a root session 2 | 3 | sudo -i 4 | 5 | #Check the size 6 | df -h /shared_lvm 7 | 8 | #The volume group size 9 | vgs 10 | 11 | #Extend the logical volume 12 | lvextend -r -l +100%FREE vg1/lv1 #-l = Extend or set the logical volume size in units of logical extents; 13 | #-r = Resize underlying filesystem together with the logical volume 14 | 15 | #Check the size 16 | df -h /shared_lvm 17 | 18 | #All changes with existing files, everything was online 19 | ls -l /shared_lvm 20 | 21 | 22 | 23 | -------------------------------------------------------------------------------- /06_Storage_Management/A06/01_Creating_raid_partitions.sh: -------------------------------------------------------------------------------- 1 | #Working on ubuntu1 in a root session 2 | 3 | #RAID 1 consists of an exact copy (or mirror) of a set of data on two or more disks 4 | #RAID 5 consists of block-level striping with distributed parity (minimum of three disks needed) 5 | #RAID 6 extends RAID 5 by adding another parity block; thus, it uses block-level striping with two parity 6 | #blocks distributed across all member disks (minimum of four disks needed) 7 | 8 | sudo -i 9 | 10 | #List the block device 11 | lsblk 12 | 13 | #Create two new files 14 | fallocate -l 500M /root/mirror1 15 | fallocate -l 500M /root/mirror2 16 | 17 | #Link the files 18 | diska=$(losetup -f /root/mirror1 --show) 19 | echo $diska 20 | 21 | diskb=$(losetup -f /root/mirror2 --show) 22 | echo $diskb 23 | 24 | #Create the partitions 25 | parted $diska mklabel msdos mkpart primary 0% 100% set 1 raid on print 26 | 27 | parted $diskb mklabel msdos mkpart primary 0% 100% set 1 raid on print 28 | 29 | #Do we have any raid 30 | cat /proc/mdstat 31 | 32 | 33 | 34 | 35 | 36 | -------------------------------------------------------------------------------- /06_Storage_Management/A06/02_Creating_raid_mirror.sh: -------------------------------------------------------------------------------- 1 | #Working on ubuntu1 in a root session 2 | 3 | sudo -i 4 | 5 | #Do we have any raid 6 | cat /proc/mdstat 7 | 8 | #Scan the system 9 | mdadm -D --scan #-D = Details 10 | 11 | #Check loop device numbers 12 | losetup 13 | 14 | #Lets create a raid 15 | mdadm --create /dev/md0 --level= TABTAB #List all the possible raids 16 | 17 | mdadm --create /dev/md0 --level=mirror --raid-devices=2 $diska $diskb 18 | 19 | #Did it work 20 | cat /proc/mdstat 21 | 22 | #We check with mdadm 23 | mdadm -D /dev/md0 24 | 25 | #We save our raid config 26 | mdadm -Db /dev/md0 #-b = brief output 27 | 28 | mdadm -Db /dev/md0 >> /etc/mdadm/mdadm.conf 29 | 30 | tail -n1 /etc/mdadm/mdadm.conf 31 | 32 | #Update initramfs (So that the raid drivers are available at startup.) 33 | update-initramfs -u 34 | 35 | 36 | -------------------------------------------------------------------------------- /06_Storage_Management/A06/03_Mount_service_unit.sh: -------------------------------------------------------------------------------- 1 | #Working on ubuntu1 in a root session 2 | 3 | sudo -i 4 | 5 | #Check the loop numbers 6 | losetup 7 | 8 | #Creat the file (Make sure that the loop names fit) 9 | vim raid-disk.service 10 | 11 | #Copy the content from the example file 12 | 13 | #Save and exit 14 | 15 | #Copy the file 16 | cp raid-disk.service /etc/systemd/system 17 | 18 | #Reload the daemon 19 | systemctl daemon-reload 20 | 21 | #Enable our service unit 22 | systemctl enable raid-disk.service 23 | 24 | #Reboot and check 25 | reboot 26 | 27 | sudo -i 28 | 29 | mdadm -D /dev/md0 30 | 31 | 32 | -------------------------------------------------------------------------------- /06_Storage_Management/A06/04_Adding_filesystem.sh: -------------------------------------------------------------------------------- 1 | #Working on ubuntu1 in a root session 2 | 3 | sudo -i 4 | 5 | #Check the block device 6 | lsblk 7 | 8 | lsblk -f 9 | 10 | #Create the filesystem 11 | mkfs.xfs /dev/md0 12 | 13 | #Create a mount point 14 | mkdir /shared_raid 15 | 16 | #Mount the raid 17 | mount /dev/md0 /shared_raid 18 | 19 | #Check the size 20 | df -h /shared_raid 21 | 22 | #We need the UUID 23 | lsblk -f 24 | #or 25 | blkid /dev/md0 26 | 27 | #Edit the fstab file 28 | vim /etc/fstab 29 | 30 | UUID=ff.. /shared_raid xfs defaults 0 0 31 | 32 | #Save and exit 33 | 34 | #Read the fstab config 35 | mount -a 36 | 37 | #List in an other way 38 | df -h -x devtmpfs -x tmpfs 39 | 40 | #And test 41 | reboot 42 | 43 | sudo -i 44 | 45 | df -h -x devtmpfs -x tmpfs 46 | 47 | 48 | -------------------------------------------------------------------------------- /06_Storage_Management/A06/raid-disk.service: -------------------------------------------------------------------------------- 1 | [Unit] 2 | Description=Set up loop device for RAID 3 | DefaultDependencies=no 4 | Before=local-fs.target 5 | After=systemd-udevd.service 6 | Required=systemd-udevd.service 7 | 8 | [Service] 9 | Type=oneshot 10 | ExecStart=/sbin/losetup /dev/loop5 /root/mirror1 11 | ExecStart=/sbin/losetup /dev/loop6 /root/mirror2 12 | Timeout=60 13 | RemainAfterExit=no 14 | 15 | [Install] 16 | WantedBy=local-fs.target -------------------------------------------------------------------------------- /06_Storage_Management/A07/01_Lab_setup.sh: -------------------------------------------------------------------------------- 1 | #Working on physical host 2 | 3 | #Create a new project 4 | mkdir luks 5 | cd luks 6 | 7 | #Update the box 8 | vagrant box update 9 | 10 | #Create the new Vagrantfile 11 | vim Vagrantfile 12 | 13 | #Copy the content from the example 14 | 15 | #Save and exit 16 | 17 | #Create a new VM 18 | VAGRANT_EXPERIMENTAL=disks vagrant up 19 | 20 | #Do we have the disks 21 | vagrant ssh -c lsblk 22 | 23 | #SSH into the VM 24 | vagrant ssh ubuntu1 -------------------------------------------------------------------------------- /06_Storage_Management/A07/02_Create_key_file.sh: -------------------------------------------------------------------------------- 1 | #Working on ubuntu1 in a root 2 | 3 | sudo -i 4 | 5 | #Check the device 6 | lsblk 7 | 8 | #Create a partition 9 | parted /dev/sdd mklabel msdos mkpart primary 0% 100% print 10 | 11 | #Create a filesystem 12 | mkfs.xfs /dev/sdd1 13 | 14 | #Create directory 15 | mkdir /key 16 | 17 | #Temporary mount 18 | mount /dev/sdd1 /mnt 19 | 20 | #Generate random input to create the keyfile 21 | dd if=/dev/urandom of=/mnt/keyfile bs=1024 count=4 22 | 23 | #Change the mode 24 | chmod 400 /mnt/keyfile 25 | 26 | #Unmount /mnt 27 | umount /mnt 28 | 29 | 30 | 31 | -------------------------------------------------------------------------------- /06_Storage_Management/A07/03_Creating_systemd_mount_unit.sh: -------------------------------------------------------------------------------- 1 | #Working on ubuntu1 in a root 2 | 3 | sudo -i 4 | 5 | #Check out the UUID for sdd1 6 | lsblk -f 7 | 8 | #Create the mount unit 9 | vim key.mount 10 | 11 | #Copy the content from the example and edit the UUID 12 | 13 | #Save and exit 14 | 15 | #Copy the file 16 | cp key.mount /etc/systemd/system 17 | 18 | #Reload the daemon 19 | systemctl daemon-reload 20 | 21 | #Enable the mount unit 22 | systemctl enable key.mouint 23 | 24 | #Reboot and proof 25 | reboot 26 | 27 | ls /key -------------------------------------------------------------------------------- /06_Storage_Management/A07/04_Encrypting_partitions.sh: -------------------------------------------------------------------------------- 1 | #Working on ubuntu1 in a root session 2 | 3 | sudo -i 4 | 5 | #Create a partition 6 | parted /dev/sdc mklabel msdos mkpart primary 0% 100% print 7 | 8 | #Install the package (if needed) 9 | apt install cryptsetup 10 | 11 | #Configure luksFormat 12 | cryptsetup luksFormat /dev/sdc1 13 | 14 | #Open and give the name data 15 | cryptsetup luksOpen /dev/sdc1 data 16 | 17 | #Now the device mapper comes in 18 | ls -l /dev/mapper 19 | 20 | #Close the partition 21 | cryptosetup luksClose data 22 | 23 | 24 | -------------------------------------------------------------------------------- /06_Storage_Management/A07/05_Using_key_file.sh: -------------------------------------------------------------------------------- 1 | #Working on ubuntu1 in a root session 2 | 3 | sudo -i 4 | 5 | #Add our key file 6 | cryptsetup luksAddKey /dev/sdc1 /key/keyfile 7 | 8 | #The UUID for sdc1 9 | lsblk -f 10 | 11 | #Setup the crypttab file 12 | vim /etc/crypttab 13 | 14 | #data UUID=XXXX... /key/keyfile luks 15 | 16 | #No passphrase is needed 17 | cryptdisks_start data 18 | 19 | #Create a filesystem 20 | mkfs.xfs /dev/mapper/data 21 | 22 | #Create a mount point 23 | mkdir /shared_crypt 24 | 25 | #Mount the partition 26 | mount /dev/mapper/data /shared_crypt 27 | 28 | #Copy some files 29 | cp /etc/hosts /shared_crypt 30 | 31 | ls /shared_crypt 32 | 33 | #Unmount 34 | umount /shared_crypt 35 | 36 | #Stop to encrypt the data 37 | cryptdisks_stop data 38 | 39 | 40 | 41 | -------------------------------------------------------------------------------- /06_Storage_Management/A07/06_Fstab_entry.sh: -------------------------------------------------------------------------------- 1 | #Working on ubuntu1 in a root session 2 | 3 | sudo -i 4 | 5 | #Edit the fstab file 6 | sudo vim /etc/fstab 7 | 8 | #/dev/mapper/data /shared_crypt xfs noauto,user 0 0 9 | 10 | #Save and exit 11 | 12 | #Reboot 13 | reboot 14 | 15 | #Test the mount 16 | mount /shared_crypt 17 | 18 | ls /shared_crypt 19 | 20 | 21 | -------------------------------------------------------------------------------- /06_Storage_Management/A07/Vagrantfile: -------------------------------------------------------------------------------- 1 | # -*- mode: ruby -*- 2 | # vi: set ft=ruby : 3 | # Used just for encryption module 4 | # VAGRANT_EXPERIMENTAL=disks vagrant up 5 | Vagrant.configure("2") do |config| 6 | config.vm.box = "ubuntu/focal64" 7 | config.vm.provider "virtualbox" do |v| 8 | v.memory = 2048 9 | v.cpus = 2 10 | end 11 | config.vm.hostname = "ubuntu1" 12 | config.vm.network "private_network", ip: "192.168.56.101" 13 | config.vm.disk :disk, size: "1GB", name: "crypt_disk" 14 | config.vm.disk :disk, size: "500MB", name: "key_disk" 15 | end -------------------------------------------------------------------------------- /06_Storage_Management/A07/key.mount: -------------------------------------------------------------------------------- 1 | [Unit] 2 | Description=Key disk 3 | 4 | [Mount] 5 | What=/dev/disk/by-uuid/XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX 6 | Where=/key/ 7 | Type=xfs 8 | Options=defaults 9 | 10 | [Install] 11 | WantedBy=multi-user.target -------------------------------------------------------------------------------- /06_Storage_Management/A08/01_Install_NFS_server.sh: -------------------------------------------------------------------------------- 1 | #Working on ubuntu2 2 | 3 | #The open ports 4 | ss -ntl 5 | 6 | #Install the package 7 | sudo apt install -y nfs-kernel-server 8 | 9 | #Edit the config file 10 | sudo vim /etc/default/nfs-kernel-server 11 | 12 | #Edit the line "--manage-gids --no-nfs-version 3" 13 | 14 | #Save and exit 15 | 16 | #Restart the service 17 | systemctl restart nfs-config nfs-kernel-server 18 | 19 | #Check the ports again 20 | ss -ntl 21 | 22 | 23 | 24 | 25 | -------------------------------------------------------------------------------- /06_Storage_Management/A08/02_Creating_nfs_exports.sh: -------------------------------------------------------------------------------- 1 | #Working on ubuntu2 2 | 3 | #Create an export 4 | sudo vim /etc/exports 5 | 6 | #/home 192.168.56.101(rw,root_squash,no_subtree_check,sync) 7 | 8 | #Save and exit 9 | 10 | #Read in the changes 11 | sudo exportfs -r 12 | 13 | sudo exportfs 14 | 15 | #SWITCH TO UBUNTU1 16 | 17 | #Install the nfs client 18 | sudo apt install -y nfs-common 19 | 20 | #Mount the export 21 | sudo mount 192.168.56.102:/home /mnt 22 | 23 | #Switch 24 | cd /mnt/vagrant 25 | 26 | #Create a file 27 | touch remotefile 28 | 29 | #BACK TO UBUNTU2 30 | ls -l remotefile 31 | 32 | 33 | 34 | -------------------------------------------------------------------------------- /06_Storage_Management/A08/03_Using_autofs.sh: -------------------------------------------------------------------------------- 1 | #Working on ubuntu1 2 | 3 | #Unmount /mnt 4 | umount /mnt 5 | 6 | #Install autofs 7 | sudo apt install -y autofs 8 | 9 | #Cat auto.master 10 | cat /etc/auto.master 11 | 12 | #Edit the auto.master file 13 | vim /etc/auto.master 14 | 15 | #Remove the Hashtag /misc 16 | 17 | #Save and exit 18 | 19 | #Edit the auto.misc file 20 | vim /etc/auto.misc 21 | 22 | #linux -rw,soft,intr 192.168.56.102:/home 23 | 24 | #Save and exit 25 | 26 | #Restart the service 27 | sudo systemctl restart autofs 28 | 29 | #Lets check 30 | ls -l /misc 31 | 32 | cd /misc 33 | 34 | ls -la 35 | 36 | cd linux 37 | 38 | ls 39 | 40 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # Ubuntu Linux Administration 2 | Everything about Ubuntu Linux Administration (LFCS)! 3 | -------------------------------------------------------------------------------- /Vagrant_Commands.sh: -------------------------------------------------------------------------------- 1 | #Add a Box to Vagrant (copy a box to the local system) 2 | vagrant box add ubuntu/focal64 3 | 4 | #Create a Working Folder 5 | mkdir linuxclass 6 | 7 | #Change into the Working Folder 8 | cd linuxclass 9 | 10 | #Create a Vagrant Project Folder 11 | mkdir ubuntu 12 | 13 | #Create Your First Vagrant Project 14 | cd ubuntu 15 | vagrant init ubuntu/focal64 16 | 17 | #Create Your First Virtual Machine 18 | vagrant up 19 | 20 | #Change the Virtual Machine's Name 21 | #Add the following line somewhere after "Vagrant.configure(2) do |config| " and before 22 | #"end ". A good place could be right after the 'config.vm.box = "ubuntu/focal64" ' line: 23 | config.vm.hostname = "ubuntu01" 24 | 25 | #Be sure to save your changes 26 | 27 | #To apply the settings (instead of vagrant halt an vagrant up) 28 | vagrant reload 29 | 30 | #Assign the Virtual Machine an IP Address (direct under the hostanme) 31 | config.vm.network "private_network", ip: "192.168.56.101" 32 | 33 | #Be sure to save your changes 34 | 35 | #To apply the settings (instead of vagrant halt an vagrant up) 36 | vagrant reload 37 | 38 | #Test 39 | ping -c 3 192.168.56.101 40 | 41 | #Destroy the Virtual Machine 42 | vagrant destroy 43 | 44 | #Create Another Vagrant Project with Multiple Virtual Machines 45 | cd .. 46 | 47 | #Next, let’s create the Vagrant project folder and change into that folder 48 | mkdir multitest 49 | cd multitest 50 | 51 | #Initialize the Vagrant project. This step creates the Vagrantfile 52 | vagrant init ubuntu/focal64 53 | 54 | #Add two virtual machine definitions. 55 | Vagrant.configure("2") do |config| 56 | config.vm.box = "ubuntu/focal64" 57 | 58 | config.vm.define "test1" do |test1| 59 | test1.vm.hostname = "test1" 60 | test1.vm.network "private_network", ip: "192.168.56.101" 61 | end 62 | 63 | config.vm.define "test2" do |test2| 64 | test2.vm.hostname = "test2" 65 | test2.vm.network "private_network", ip: "192.168.56.102" 66 | end 67 | end 68 | 69 | #Start the virtual machines. (Remember, that if you do not specify a VM name all the defined VMs will be started.) 70 | vagrant up 71 | 72 | #Check their status with the following command 73 | vagrant status 74 | 75 | #Connect to the test1 virtual machine to confirm that it’s working and then exit it 76 | vagrant ssh test1 77 | exit 78 | 79 | #Connect to the test2 virtual machine to confirm that it’s working 80 | vagrant ssh test2 81 | ping -c 3 192.168.56.101 82 | 83 | #Stop the Virtual Machines 84 | vagrant halt 85 | -------------------------------------------------------------------------------- /Vagrant_and_Virtualbox_Installation.sh: -------------------------------------------------------------------------------- 1 | #Update local repos 2 | sudo apt update && sudo apt upgrade 3 | 4 | #Install virtualbox 5 | sudo apt install virtualbox 6 | 7 | #Install vagrant (add hashicorp to the sources list) 8 | wget -O- https://apt.releases.hashicorp.com/gpg | gpg --dearmor | sudo tee /usr/share/keyrings/hashicorp-archive-keyring.gpg 9 | echo "deb [signed-by=/usr/share/keyrings/hashicorp-archive-keyring.gpg] https://apt.releases.hashicorp.com $(lsb_release -cs) main" | sudo tee /etc/apt/sources.list.d/hashicorp.list 10 | sudo apt update && sudo apt install vagrant 11 | 12 | #check the version 13 | vagrant --version -------------------------------------------------------------------------------- /Vagrantfile: -------------------------------------------------------------------------------- 1 | # -*- mode: ruby -*- 2 | # vi: set ft=ruby : 3 | 4 | #Place Vagrantfile in the directory you run vagrant from. 5 | #This should also contain ubuntu.yml which configure VMs 6 | 7 | # setting for all VMs 8 | Vagrant.configure("2") do |config| 9 | config.vm.box = "ubuntu/focal64" 10 | config.vm.provision "ansible_local", playbook: "ubuntu.yml" 11 | config.vm.provider "virtualbox" do |v| 12 | v.memory = 2048 13 | v.cpus = 2 14 | end 15 | 16 | # specific for ubuntu1 17 | config.vm.define "ubuntu1" do |ubuntu1| 18 | ubuntu1.vm.hostname = "ubuntu1" 19 | ubuntu1.vm.network "private_network", ip: "192.168.56.101" 20 | end 21 | 22 | # specific for ubuntu2 23 | config.vm.define "ubuntu2" do |ubuntu2| 24 | ubuntu2.vm.hostname = "ubuntu2" 25 | ubuntu2.vm.network "private_network", ip: "192.168.56.102" 26 | end 27 | end 28 | -------------------------------------------------------------------------------- /Vagrantfile_with_multiple_boxes/Vagrantfile: -------------------------------------------------------------------------------- 1 | # -*- mode: ruby -*- 2 | # vi: set ft=ruby : 3 | 4 | #Place Vagrantfile in the directory you run vagrant from. 5 | 6 | #setting for the centos VM 7 | Vagrant.configure("2") do |config| 8 | #config.vm.box = "base" 9 | 10 | config.vm.define "centos" do |centos| 11 | centos.vm.provider "virtualbox" do |vb_centos| 12 | vb_centos.memory = "2048" 13 | vb_centos.cpus = "2" 14 | end 15 | 16 | centos.vm.box = "centos/stream8" 17 | centos.vm.hostname = "centos" 18 | centos.vm.network "private_network", ip: "192.168.56.101" 19 | 20 | end 21 | 22 | #settings for the ubuntu VMs 23 | config.vm.define "ubuntu" do |ubuntu| 24 | ubuntu.vm.provider "virtualbox" do |vb_ubuntu| 25 | vb_ubuntu.memory = "2048" 26 | vb_ubuntu.cpus = "2" 27 | end 28 | 29 | ubuntu.vm.box = "ubuntu/focal64" 30 | ubuntu.vm.hostname = "ubuntu" 31 | ubuntu.vm.network "private_network", ip: "192.168.56.102" 32 | 33 | end 34 | 35 | config.vm.define "ctrlnode" do |ctrlnode| 36 | ctrlnode.vm.provider "virtualbox" do |vb_ctrlnode| 37 | vb_ctrlnode.memory = "4096" 38 | vb_ctrlnode.cpus = "4" 39 | end 40 | 41 | ctrlnode.vm.box = "ubuntu/focal64" 42 | ctrlnode.vm.hostname = "ctrlnode" 43 | ctrlnode.vm.network "private_network", ip: "192.168.56.103" 44 | 45 | end 46 | 47 | end -------------------------------------------------------------------------------- /ubuntu.yml: -------------------------------------------------------------------------------- 1 | # Place in directory you run Vagrant from, alongside the Vagrantfile 2 | - name: Configure Ubuntu 3 | hosts: all 4 | become: true 5 | gather_facts: false 6 | tasks: 7 | - name: Update Package Cache and Upgrade Existing Packages 8 | apt: 9 | update_cache: true 10 | upgrade: true 11 | 12 | - name: Ensure SSH Allows Password Authentication 13 | lineinfile: 14 | path: /etc/ssh/sshd_config 15 | line: PasswordAuthentication yes 16 | regexp: '^PasswordAuthentication .*$' 17 | notify: RestartSSH 18 | - name: correct multipathd 19 | copy: 20 | dest: /etc/multipath.conf 21 | content: | 22 | defaults { 23 | user_friendly_names yes 24 | } 25 | blacklist { 26 | devnode "^sd[a-b]" 27 | } 28 | notify: RestartMP 29 | handlers: 30 | - name: RestartSSH 31 | service: 32 | name: ssh 33 | state: restarted 34 | - name: RestartMP 35 | service: 36 | name: multipathd 37 | state: restarted --------------------------------------------------------------------------------