WELCOME TO SS-E AFNOG-2017 NAIROBI, KENYAafnog.github.io/sse/intro/IntroPresentation.pdf ·...
Transcript of WELCOME TO SS-E AFNOG-2017 NAIROBI, KENYAafnog.github.io/sse/intro/IntroPresentation.pdf ·...
WELCOMETOSS-EAFNOG - 2017NAIROBI,KENYAScalableServices– English
WhatisSS-E?§ ScalableServices– Englishisatrackthatteachesadvancedtopicsondesigning,configuringandmanaginglargescaleInternetServicesrunonUNIX/Linuxservers
§ ItbuildsonTrackZerowhichcoveredintroductorytopicsonUNIX/LinuxandInternetServices
§Whatsortofservices?§ DNS,Web,Email§ Monitoring,Authentication§ ManyOthers
§ BasicallyanyservicethatcanbeofferedonaLinux/UNIXserverovertheInternet
Yourinstructors§ Ayitey A.Bulley - Ghana§ FrankKuse – Ghana§ IsabellaOdida – Uganda§ JoeAbley – Canada§ KevinChege– Kenya§MichukiMwangi– fromKenya
Howaboutyou….?Introduceyourself:§Name§Country§Work§HobbiesJ§HowdidyouflytogettoNairobi?
Courseteachingstyle§Theoryexplainedfirstthenfollowedbyapracticalsession
§EachofyouhasbeenassignedaVirtualMachinerunningDebian 8.8(Jessie)thatyouwillaccessfromyourlaptop
§Feelfreetoaskquestionsanytime§ Ifyouneedhelpduringthepracticallabs,raiseyourhandsotheinstructorscanassist
§KindlymuteyourphonesduringclassesJ§PleasepayduringtheorysessionsJ
Timetable– pleasekeeptimeJ§ Breakfastatthehotelstartsat6am*
§ FirstSession09:00to11:00§ Teabreak11:00to11:00
§ SecondSessionfrom11:30to13:00§ Lunchfrom13:00to14:00
§ ThirdSession- from14:00to16:00§ Teabreak– 16:00to16:30
§ FourthSession– 16:30to18:00§ Dinner
§ Eveningsessions– 20:00– 22:00
Breakfast:AttheBoma HotelorBoma InnLunchanddinner:OnthegroundflooroftheconferencefacilityTeabreak:InthecorridoroutsidethelectureroomsWashrooms:TotherightwhenyouexitfromKIFARU(closetothesecretariat)
InventoryYoushouldhavereceived:§Namebadges§Folderwithnotepad,pen,informationpack
KeepyournamebadgewithyouAttheendoftheweekyouwillreceive:§AUSBstickwithsomeO'ReillyeBooks
Pleasesharewithyourcolleaguesbackathome.
Connectivity§Useyourownlaptopsfor:§Webbrowsing§Controlyourvirtualmachines§Virtualizationexercises
§WirelessInternet§UsetheAISoryoucoursenetworkSSID§Passwordforbothis"success!”
§Hotelwifi isavailableinyourrooms
AccessYourVirtualMachines§ Virtualservers(namedpc1– pc35)
§ DNSnamesarepc1.sse.ws.afnog.org(etc)§ PCAssignmentexercise
§ Debian 8.8OSinstalled§ UseSSHtoaccessyourserver(e.g.PuttyforWindows)§ Loginwithafnog/afnog§ Usesudo toexecutecommandsasroot§ Don'tchangepasswords§ Don't"closesecurityholes"§ Don't shutdown yourserver(there'snopowerbutton!)§ YourserversareaccessibleovertheInternet
WindowsUsers§ Installputtyfrom:http://www.ws.afnog.org/afnog2016/unix-intro/downloads/
Afterdownloadingyouwillseetheaboveicon.Doubleclickonitandyoushouldseeawindowsimilartotheoneontheright
Unix,LinuxandOSXUsers§ AdefaultSecureShell(SSH)clientisalreadyinstalledinUnix,LinuxandOSX
§ ToaccessthedefaultSSH§ Open:Terminalapplication§ FromTerminalprompttypethefollowing;§ [email protected] whereXisthepcnumber.
OnlineResourcesWebsite: http://www.ws.afnog.org/afnog2017/AfNOG MailingList:§Q&AonInternetoperationalandtechnicalissues.§Nofoullanguageordisrespectforotherparticipants.§Noblatantproductmarketing.§Nopoliticalpostings.
Please subscribe whileattheWorkshop:§ Sowecanhelpyouifyouhaveproblemssubscribing.
Pleaseraiseanyquestionsrelatedtotheworkshopcontent.
SafetyPleasebecarefulinclass:§triponpowercords§pullcablesoutofsockets§knockequipmentofftables§fallfromleaningbacktoofarinyourchair
Coretopicstobecoveredthisweek§DNS
§ Resolver§ AuthoritativeDNS
§ FirewallsandNetworkSecurity§ HostsecurityusingIPtables
§MailServices§ Howtosetupmailservices
§HostingWebservices§ WebserverusingApache
§RADIUS&LDAP§ Forcentralizingauthentication
§Virtualization§ Howtobuildvirtualservers
Roughagendafortheweek§ Monday:
§ FirstSession:intro, nano bootcamp,Post-installationBestPractices§ SecondSession:DNS(Intro)§ ThirdSession:FirewallsandNetworkSecurity§ FourthSession:DNS(Resolver)
§ EveningSession:General
§ Tuesday:§ FirstSession:Security(PublicKey,SSL,PGP,Crypto)§ Second:DNS(Authoritative)§ ThirdSession:Apache+PHP§ FourthSession:Postfix
§ EveningSession:DNSSEC
§ Wednesday:§ FirstandSecondSession:Postfix§ ThirdandFourthSession:OpenLDAPDirectory
§ EveningSession:Ansible
Roughagendafortheweek…§ Thursday:
§ FirstandSecondSession:RADIUS§ ThirdSession:DovecotIMAP§ FourthSession:Squirrelmail
§ Friday:§ FirstandSession:LoadBalancing§ ThirdandFourth:Virtualization§ ClosingSurvey
Anyquestions?
Nanobootcamp§Wewilluseaneditorcalled“nano”ontheDebian machines§ However,youshouldlearn“vi”asithaswaymorefeaturesthanmosteditors
§ Installnano: afnog@pcX :~$sudo apt-getinstallnano§ Fornano youcanopenafileby:
afnog@pcX :~$nano /path/to/filenameOR afnog@pcX :~$nano filenameSavethechangesby:
ctrlXanswer“y”
Searchthefileforaspecificword:ctrlW <thenthesearchterm>
Shortnano exercise§ Gotoyourhomedirectory
afnog@pcX :~$cd/home/afnog§ Openafile:
afnog@pcX :~$nano test-script.sh
§ Typethefollowing4linesinthefile#!/bin/bash#SSETestScriptecho"Welcome$HOSTNAMEtoAfNOG SSE2017!”echo“AfNOG!,Success!”
§ ThenSaveandExitCtrlX andThenanswery.Maintainthesamefilename(pressenter)
§ Changethefilespermissionsafnog@pcX :~$chmod +xtest-script.sh
§ Runthefileafnog@pcX :~$./test-script.sh
Morecommands§Ctrly– previousPage§Ctrlv– nextpageNanoprovidesamenuatthebottom:
POST-INSTALLBESTPRACTICES
Thingstodopost-install§ 1.UpdatetheSystem
afnog@pcX :~$sudo nano /etc/apt/sources.list
Finddebhttp://httpredir.debian.org/debian jessie maindebhttp://security.debian.org/ jessie/updatesmain
Add“contrib”and“non-free”repositoriestolookasfollows(usetabkey);
debhttp://httpredir.debian.org/debian jessie maincontrib non-freedebhttp://security.debian.org/jessie/updatesmaincontrib non-free
Savethefileandexit
Thingstodopost-install§ 2.UpdatetheSystem
afnog@pcX:~$sudo apt-getupdateafnog@pcX:~$sudo apt-getupgrade
§ 3.InstallSSH(Ifitwasnotinstalledduringsysteminstallation)afnog@pcX:~$sudo apt-getinstallopenssh-server
§ 4.DisableunwantedServicesafnog@pcX :~$sudo service- - status-allafnog@pcX :~$sudo serviceexim4stop
§ 5.CheckListeningNetworkPortsafnog@pcX :~$sudo netstat –tulpn
Thingstodopost-install§ 6.DisableRemoteSSHRootUserLogin
afnog@debian8:~$sudo nano /etc/ssh/sshd_config§ ChangelineorifmissingAddtheline(use§ PermitRootLogin without-password à PermitRootLogin noafnog@debian8:~$sudo servicesshd restart
§ 7.ConfigureNTPServerafnog@debian8:~$sudo apt-getinstallntp§ (optionalbutnecessary)Editntp serversandputlocalonesafnog@debian8:~$sudo nano /etc/ntp.conf
§ Comment“server”sectionsorreplaceserverwithalocal/internaloneafnog@debian8:~$sudo servicentp startafnog@debian8:~$ntpdc –pnafnog@debian8:~$ntpq –pn
§ Morehere:https://www.debian.org/doc/manuals/securing-debian-howto/
Thankyou!
Questions?