instructor: michael teske bi222. lab follow up current events linux/unix best practices project...
TRANSCRIPT
Open source Excellent business case with good ROI Low acquisition/growth costs Lower facilities costs
Free?◦ Just download it◦ Pay for support?
How much will it save you?◦ Difficult to generate firm cost savings projections◦ “Too good to be true” numbers easy to produce
Administration◦ User accounts◦ Network configuration◦ Change management◦ Backups
FUD (fear, uncertainty, and doubt)◦ Skills◦ Lawsuits
Skills availability Uniqueness/risk Fear/emotion Is it?
◦ Secure◦ Stable◦ Profitable
Biggest issue: “culture clash” between departments
Mission-critical vendor applications may not be supported
Consider alternatives◦ Many exist◦ Cost savings may justify change
Standard procedures Proven techniques What is the goal?
◦ Reliability ◦ Availability◦ Supportable◦ Performance◦ Security
Measurable results
Services commonly installed on systems are inherently dangerous
Server should not be running services not required◦ R* services ◦ Printer services ◦ Mail Server ◦ Telnet◦ FTP◦ And more…
Manual
# default: off# description: The rsync server is a good addition to an ftp
server, as it \# allows crc checksumming etc.service rsync{ disable = yes socket_type = stream wait = no user = root server = /usr/bin/rsync server_args = --daemon log_on_failure += USERID}
One concern with multiple Linux machines is maintaining root passwords
Same password on all machines? Having to remember multiple passwords? When performing tasks across multiple
machines◦ Consider sftp a file to 75 machines…
Protect startup? Uncontrolled system shutdown never
causes problems (true?) Possible data loss after uncontrolled
shutdown even after fsck
Accounts without passwords Accounts whose passwords are identical to
the account name Accounts with overly simplistic passwords
◦ (ex. 12345678, ABCDEFGH, password, qwerty, etc)
Enforce aging of passwords when possible Use strong passwords
Network configuration ◦ TCP/IP configuration different
Like any system, housekeeping and maintenance require effort, new tools
Determine a user’s identity and permission Managing authentication for many
instances may become difficult Typical result
◦ Resistance to updates◦ Multiple instances not kept in sync
Secure Shell (SSH) uses PKI to enable secure connections
Very useful for maintaining root access on many instances◦ Using ssh-agent on original client, can set up
environment such that password needs to be entered only once
YUM◦ Open Source program to manage package
(product) installation◦ Used to install add-ons ◦ Used to update packages◦ Think “InstallShield for Linux”
Most packages available as RPMs◦ RPMs not just used by Red Hat◦ Alternatives: tarball or custom executable◦ Other less elegant solutions
You need to verify that downloaded packages are what you think they are◦ Could have viruses/Trojan horses in them
RPMs are digitally signed, avoid “man-in-the-middle” alteration
Also include package metainfo ◦ Where and when created, by whom◦ Level, support, description, license, etc
Dependency information included (other required libraries, products)◦ No DLL issues◦ Tools exist to help find dependent RPMs on the
Internet Disk space requirement aggregation
◦ Precalculates space required including RPMs and by dependencies
◦ No surprises 98% through an install
RPM-installed packages can be deleted very cleanly
Enable system recoverability◦ What if accidental edit breaks critical file?
rpm –V lets you know if RPM-installed files have been altered since installation
Numerous types Source RPMs are generally architecture-
independent Can aid in porting to new architectures
◦ Just try to build it, see if it compiles
Some applications actually just use RPM as wrapper, non-RPM installer
RPMs can be poorly built◦ Bad dependencies◦ Files might be installed in inappropriate locations◦ Might not work with some distributions
General learning curve◦ Building RPMs is non-trivial
You want to build a house Where do you start? There are many tasks to be completed A task like the “basement” has sub-tasks
◦ Dig hole◦ Pour footings
This is referred to as work breakdown structure