Linux Administration: Difference between revisions

Retrieved from "https://wiki.davidl.me/view/Linux_Administration"

@@ Line 1: / Line 1: @@
-The best ways to manage Linux servers
+The best ways to manage Linux servers.
+==Security==
+===SSH===
+The best practice is to not expose SSH.
+Make SSH listen only on local connections and access it through a VPN.
+If you must expose SSH, use a strong SSH key and disable password login.
+===Firewall===
+If your server is behind a NAT (router), a firewall isn't as important.
+For directly connected servers like VPS, you can use [[Uncomplicated Firewall]].
+===Services===
+All your services such as databases should only listen on localhost.
+To access them, you can either find a web interface or use SSH which has port forwarding.
+For services with default root accounts, disable the root account or add a strong password.
 ==Cockpit==
@@ Line 5: / Line 19: @@
 Install it via
 <pre>
-sudo apt install cockpit
+#sudo apt install cockpit
+# Install the newer backports version.
+sudo apt install -t bionic-backports $(dpkg-query -W | awk '/cockpit/ {print $1}')
 </pre>
+By default, cockpit runs on port 9090.
 Below are some of the modules I recommend.
 You can install these using apt as well.
-* <code>cockpit-docker</code> Allows you to manage docker containers
+* <code>cockpit-docker</code> allows you to manage docker containers
+* <code>cockpit-machines</code> allows you to manage VMs via libvirt
+* <code>cockpit-networkmanager</code>
+* <code>cockpit-packagekit</code> to manage packages
+{{ hidden | Command to install all modules |
+<pre>
+sudo apt install -y cockpit cockpit-docker cockpit-machines cockpit-networkmanager cockpit-packagekit
+</pre>
+}}
+==Resources==
+* [https://blog.linuxserver.io/2017/06/24/the-perfect-media-server-2017/ The Perfect Media Server 2017]