Linux Administration

From David's Wiki
\( \newcommand{\P}[]{\unicode{xB6}} \newcommand{\AA}[]{\unicode{x212B}} \newcommand{\empty}[]{\emptyset} \newcommand{\O}[]{\emptyset} \newcommand{\Alpha}[]{Α} \newcommand{\Beta}[]{Β} \newcommand{\Epsilon}[]{Ε} \newcommand{\Iota}[]{Ι} \newcommand{\Kappa}[]{Κ} \newcommand{\Rho}[]{Ρ} \newcommand{\Tau}[]{Τ} \newcommand{\Zeta}[]{Ζ} \newcommand{\Mu}[]{\unicode{x039C}} \newcommand{\Chi}[]{Χ} \newcommand{\Eta}[]{\unicode{x0397}} \newcommand{\Nu}[]{\unicode{x039D}} \newcommand{\Omicron}[]{\unicode{x039F}} \DeclareMathOperator{\sgn}{sgn} \def\oiint{\mathop{\vcenter{\mathchoice{\huge\unicode{x222F}\,}{\unicode{x222F}}{\unicode{x222F}}{\unicode{x222F}}}\,}\nolimits} \def\oiiint{\mathop{\vcenter{\mathchoice{\huge\unicode{x2230}\,}{\unicode{x2230}}{\unicode{x2230}}{\unicode{x2230}}}\,}\nolimits} \)

The best ways to manage Linux servers.

Security

SSH

The best practice is to not expose SSH.
Make SSH listen only on local connections and access it through a VPN.
If you must expose SSH, use a strong SSH key and disable password login.

Firewall

If your server is behind a NAT (router), a firewall isn't as important.
For directly connected servers like VPS, you can use Uncomplicated Firewall.

Services

All your services such as databases should only listen on localhost.
To access them, you can either find a web interface or use SSH which has port forwarding.
For services with default root accounts, disable the root account or add a strong password.

Cockpit

Cockpit is a web application to manage your server.
Install it via

#sudo apt install cockpit
# Install the newer backports version.
sudo apt install -t bionic-backports $(dpkg-query -W | awk '/cockpit/ {print $1}')

By default, cockpit runs on port 9090.

Below are some of the modules I recommend. You can install these using apt as well.

  • cockpit-docker allows you to manage docker containers
  • cockpit-machines allows you to manage VMs via libvirt
  • cockpit-networkmanager
  • cockpit-packagekit to manage packages
Command to install all modules
sudo apt install -y cockpit cockpit-docker cockpit-machines cockpit-networkmanager cockpit-packagekit

Resources