Debian Administration Training Course

Debian Distribution

What is Debian?

• Choosing the Debian version
• Debian support and resources
• The Debian community

Console Basics

• Understanding the shell prompt
• The shell prompt within the X environment
• The root account and root shell prompt (utilizing su, sudo, and running programs as root under X)
• GUI system administration tools
• Virtual consoles
• Exiting the command prompt
• Shutting down the system
• Restoring a functional console
• Recommended packages for beginners
• Creating an additional user account
• Configuring sudo

The Filesystem

• Filesystem permissions
• Controlling permissions for new files: umask
• Permissions for user groups (group)
• File timestamps
• Links (symbolic and hard)
• Named pipes (FIFOs)
• Sockets
• Device files
• Special device files
• procfs and sysfs

Midnight Commander (MC)

• Customizing MC
• Launching MC
• MC as a file manager
• Command-line tricks within MC
• MC's internal editor
• MC's internal viewer
• MC auto-start features
• MC's FTP virtual filesystem

The Basic Unix-like Work Environment

• The login shell
• Customizing bash
• Special key strokes
• Using the pager
• Setting a default text editor
• Exiting vim
• Recording shell activities
• Basic Unix commands

The Simple Shell Command

• Command execution and environment variables
• The "$LANG" variable
• The "$PATH" variable
• The "$HOME" variable
• Command line options
• Shell globbing
• Command return values
• Typical command sequences and shell redirection
• Command aliases

Unix-like Text Processing

• Unix text tools
• Regular expressions
• Replacement expressions
• Global substitution with regular expressions
• Extracting data from text file tables
• Script snippets for piping commands

Debian Package Management

Prerequisites for Debian Package Management

• Package configuration
• Basic precautions
• Navigating eternal upgrades
• Debian archive basics
• Package dependencies
• The event flow of package management
• First responses to package management issues

Basic Package Management Operations

• Comparing apt-get/apt-cache vs. aptitude
• Basic package management operations via the command line
• Interactive use of aptitude
• Key bindings of aptitude
• Package views under aptitude
• Search method options with aptitude
• The aptitude regex formula
• Dependency resolution of aptitude
• Package activity logs

Examples of aptitude Operations

• Listing packages with regex matching on package names
• Browsing with regex matching
• Permanently purging removed packages
• Managing auto/manual install status
• Performing a system-wide upgrade

Advanced Package Management Operations

• Advanced package management operations via the command line
• Verification of installed package files
• Safeguards against package problems
• Searching package metadata

Internals of Debian Package Management

• Archive metadata
• The top-level "Release" file and authenticity
• Archive-level "Release" files
• Fetching metadata for packages
• Package state for APT
• Package state for aptitude
• Local copies of fetched packages
• Debian package file naming conventions
• The dpkg command
• The update-alternatives command
• The dpkg-statoverride command
• The dpkg-divert command

Recovering from a Broken System

• Incompatibility with old user configurations
• Handling different packages with overlapping files
• Fixing broken package scripts
• Rescue operations using the dpkg command
• Recovering package selection data

Tips for Package Management

• Selecting Debian packages
• Handling packages from mixed archive sources
• Tweaking candidate versions
• Updates and Backports
• Automatic download and upgrade of packages
• Limiting download bandwidth for APT
• Emergency downgrading
• Identifying package uploaders
• The equivs package
• Porting packages to stable systems
• Setting up an APT proxy server
• Managing a small public package archive
• Recording and copying system configurations
• Converting or installing alien binary packages
• Extracting packages without dpkg
• Further readings on package management

System Initialization

• Overview of the bootstrap process
• BIOS, boot loader, and mini-Debian system
• Understanding runlevels
• Runlevel configuration
• Runlevel management examples
• Default parameters for each init script
• Setting the hostname
• Filesystem initialization
• Network interface initialization
• Network service initialization
• System messages
• Kernel messages
• The udev system
• Kernel module initialization

Authentication and Security

• Standard Unix authentication
• Managing account and password information
• Creating strong passwords
• Creating encrypted passwords
• PAM and NSS
• Configuration files accessed by PAM and NSS
• Modern centralized system management
• Why GNU su does not support the wheel group
• Implementing stricter password rules
• Other access controls
• sudo configuration
• SELinux and AppArmor
• Restricting access to specific server services
• Authentication security
• Secure password handling over the Internet
• Secure Shell (SSH)
• Additional security measures for the Internet
• Securing the root password

Network Setup

Basic Network Infrastructure

• Domain names
• Hostname resolution
• Network interface naming
• LAN network address ranges
• Network device support

Modern Network Configuration for Desktops

• GUI network configuration tools

Low-Level Network Configuration

• iproute2 commands
• Safe low-level network operations

Network Optimization

• Finding optimal MTU
• Setting MTU
• WAN TCP optimization

Netfilter Infrastructure

Network Applications

The Mail System

• Basics of modern mail services
• Mail configuration strategy for workstations

Mail Transport Agent (MTA) and Mail User Agent (MUA)

• Overview of exim4
• Basic MUA: Mutt

Mail Delivery Agent (MDA) with Filters

• maildrop configuration
• procmail configuration
• Redelivering mbox contents

POP3/IMAP4 Server

Remote Access Server and Utility (SSH)

• SSH basics
• Port forwarding for SMTP/POP3 tunneling
• Connecting without remote passwords
• Managing non-standard SSH clients
• Setting up ssh-agent
• Shutting down remote systems via SSH
• SSH troubleshooting

Other Network Application Servers

Other Network Application Clients

Diagnosis of System Daemons

The X Window System

• Setting up the desktop environment
• The server/client relationship
• The X server
• Starting the X Window System
• Starting an X session with gdm
• Customizing the X session (classic method)
• Customizing the X session (new method)
• Connecting a remote X client via SSH
• Secure X terminal access over the Internet
• X applications
• X office applications
• X utility applications

System Tips

The screen Program

• Use scenarios for screen(1)
• Key bindings for the screen command

Data Recording and Presentation

• The log daemon
• Log analyzers
• Cleanly recording shell activities
• Customized display of text data
• Customized display of time and date
• Colorized shell echo
• Colorized commands
• Recording editor activities for complex repeats
• Recording graphic images of X applications
• Recording changes in configuration files

Data Storage Tips

• Disk partition configuration
• Accessing partitions using UUID
• Filesystem configuration
• Filesystem creation and integrity checks
• Filesystem optimization via mount options
• Filesystem optimization via superblocks
• Hard disk optimization
• Using SMART to predict hard disk failure
• Expanding usable storage space via LVM
• Expanding usable storage space by mounting another partition
• Expanding usable storage space using symlinks
• Expanding usable storage space using aufs

Data Encryption Tips

• Removable disk encryption with dm-crypt/LUKS
• Encrypted swap partition with dm-crypt
• Automatic file encryption with eCryptfs
• Automatic mounting of eCryptfs

Monitoring, Controlling, and Starting Program Activities

• Timing a process
• Setting scheduling priority
• The ps command
• The top command
• Listing files opened by a process
• Tracing program activities
• Identifying processes using files or sockets
• Repeating a command at a constant interval
• Repeating a command in a loop over files
• Starting a program from the GUI
• Customizing program startup
• Killing a process
• Scheduling one-time tasks
• Scheduling recurring tasks
• Using the Alt-SysRq key

System Maintenance Tips

• Checking who is on the system
• Warning all users
• Hardware identification
• Hardware configuration
• System and hardware time synchronization
• Terminal configuration
• Sound infrastructure
• Disabling the screen saver
• Disabling beep sounds
• Memory usage monitoring
• System security and integrity checks

The Kernel

• Kernel parameters
• Kernel headers
• Compiling the kernel and related modules
• Compiling the kernel source: Debian standard method
• Compiling module source: Debian standard method
• Non-free hardware drivers

Virtualized Systems

• Virtualization tools
• Virtualization workflow
• Mounting virtual disk image files
• Chroot systems
• Managing multiple desktop systems

Data Management

Sharing, Copying, and Archiving

• Archive and compression tools
• Copy and synchronization tools
• Idioms for archiving
• Idioms for copying
• Idioms for file selection
• Backup and recovery
• Backup utility suites
• Example script for system backup
• Script for data backup copying
• Removable storage devices
• Sharing data via network
• Archive media

Binary Data

• Viewing and editing binary data
• Manipulating files without mounting disks
• Data redundancy
• Data file recovery and forensic analysis
• Splitting large files into smaller ones
• Clearing file contents
• Creating dummy files
• Erasing an entire hard disk
• Erasing unused areas of a hard disk
• Undeleting deleted but still open files
• Searching for all hardlinks
• Monitoring invisible disk space consumption

Data Security Infrastructure

• Key management for GnuPG (signing and encrypting)
• The MD5 sum