Debian Administration Training Course

Debian Distribution

Understanding Debian

• Selecting the appropriate Debian version
• Debian support resources and assistance
• The Debian community

Console Fundamentals

• Navigating the shell prompt
• The shell prompt within the X environment
• The root account and root shell prompt (utilizing su, sudo, and executing programs as root under X)
• Graphical user interface (GUI) system administration tools
• Virtual consoles
• Exiting the command prompt
• Shutting down the system
• Restoring a functional console
• Recommended additional packages for beginners
• Setting up an extra user account
• Configuring sudo

Understanding the Filesystem

• Filesystem permissions
• Managing permissions for newly created files: umask
• Managing permissions for user groups (group)
• Working with timestamps
• File links
• Named pipes (FIFOs)
• Sockets
• Device files
• Special device files
• Understanding procfs and sysfs

Midnight Commander (MC)

• Customizing MC settings
• Launching MC
• File management within MC
• Command-line techniques in MC
• Using the internal editor in MC
• Using the internal viewer in MC
• Auto-start features of MC
• MC's FTP virtual filesystem

The Basic Unix-like Work Environment

• The login shell
• Customizing bash
• Utilizing special key strokes
• Using the pager
• Setting a default text editor
• Exiting vim
• Recording shell activities
• Essential Unix commands

Basic Shell Commands

• Command execution and environment variables
• The "$LANG" variable
• The "$PATH" variable
• The "$HOME" variable
• Command line options
• Shell globbing
• Understanding command return values
• Typical command sequences and shell redirection
• Creating command aliases

Unix-like Text Processing

• Essential Unix text tools
• Regular expressions
• Replacement expressions
• Global substitution using regular expressions
• Extracting data from text file tables
• Script snippets for piping commands

Debian Package Management

Prerequisites for Debian Package Management

• Package configuration
• Basic precautions
• Managing ongoing upgrades
• Debian archive basics
• Package dependencies
• The lifecycle of package management
• Initial responses to package management issues

Basic Package Management Operations

• Comparing apt-get/apt-cache versus aptitude
• Performing basic package management operations via the command line
• Interactively using aptitude
• Understanding aptitude key bindings
• Navigating package views in aptitude
• Search method options in aptitude
• The aptitude regex formula
• Dependency resolution in aptitude
• Reviewing package activity logs

Examples of aptitude Operations

• Listing packages using regex matching on package names
• Browsing packages using regex matching
• Purging removed packages permanently
• Organizing auto/manual install status
• Performing a system-wide upgrade

Advanced Package Management Operations

• Executing advanced package management operations via the command line
• Verifying installed package files
• Safeguarding against package-related problems
• Searching package metadata

Debian Package Management Internals

• Archive metadata
• The top-level "Release" file and authenticity
• Archive-level "Release" files
• Fetching package metadata
• APT package states
• aptitude package states
• Local copies of fetched packages
• Debian package file naming conventions
• Using the dpkg command
• Using the update-alternatives command
• Using the dpkg-statoverride command
• Using the dpkg-divert command

Recovery from a Broken System

• Addressing incompatibilities with old user configurations
• Handling packages with overlapping files
• Fixing broken package scripts
• Rescue operations using the dpkg command
• Recovering package selection data

Tips for Package Management

• Selecting appropriate Debian packages
• Handling packages from mixed archive sources
• Adjusting candidate versions
• Managing updates and backports
• Automating package downloads and upgrades
• Limiting APT download bandwidth
• Performing emergency downgrades
• Identifying package uploaders
• Using the equivs package
• Porting packages to stable systems
• Configuring proxy servers for APT
• Utilizing small public package archives
• Recording and copying system configurations
• Converting or installing alien binary packages
• Extracting packages without dpkg
• Further readings on package management

System Initialization

• Overview of the bootstrap process
• BIOS, boot loaders, and the mini-Debian system
• Understanding runlevels
• Configuring runlevels
• Examples of runlevel management
• Default parameters for each init script
• Managing the hostname
• Filesystem setup during initialization
• Initializing network interfaces
• Initializing network services
• System messages
• Kernel messages
• The udev system
• Initializing kernel modules

Authentication and Security

• Standard Unix authentication
• Managing account and password information
• Best practices for strong passwords
• Creating encrypted passwords
• Understanding PAM and NSS
• Configuration files accessed by PAM and NSS
• Modern centralized system management
• "Why GNU su does not support the wheel group"
• Implementing stricter password rules
• Additional access controls
• Using sudo
• SELinux and AppArmor
• Restricting access to specific server services
• Authentication security
• Securing passwords over the Internet
• Secure Shell (SSH)
• Additional security measures for Internet connectivity
• Securing the root password

Network Setup

Basic Network Infrastructure

• The domain name
• Hostname resolution
• Network interface naming
• Network address ranges for LANs
• Network device support

Modern Network Configuration for Desktops

• GUI network configuration tools

Low-Level Network Configuration

• Iproute2 commands
• Safe low-level network operations

Network Optimization

• Identifying optimal MTU
• Setting MTU
• WAN TCP optimization

Netfilter Infrastructure

Network Applications

The Mail System

• Basics of modern mail services
• Mail configuration strategies for workstations

Mail Transport Agent (MTA) and Mail User Agent (MUA)

• Overview of exim4
• Basic MUA - Mutt

Mail Delivery Agent (MDA) with Filtering

• Configuring maildrop
• Configuring procmail
• Redelivering mbox contents

POP3/IMAP4 Servers

Remote Access Server and Utility (SSH)

• SSH fundamentals
• Port forwarding for SMTP/POP3 tunneling
• Connecting without remote passwords
• Managing compatibility with different SSH clients
• Setting up ssh-agent
• Shutting down remote systems via SSH
• Troubleshooting SSH issues

Other Network Application Servers

Other Network Application Clients

Diagnosing System Daemons

The X Window System

• Setting up the desktop environment
• The server/client relationship
• The X server
• Starting the X Window System
• Starting an X session with gdm
• Customizing the X session (classic method)
• Customizing the X session (new method)
• Connecting a remote X client via SSH
• Securing X terminals over the Internet
• X applications
• X office applications
• X utility applications

System Tips

The Screen Program

• Use cases for screen(1)
• Key bindings for the screen command

Data Recording and Presentation

• The log daemon
• Log analyzers
• Cleanly recording shell activities
• Customizing text data display
• Customizing time and date display
• Colorized shell echo
• Colorized commands
• Recording editor activities for complex repetitions
• Recording graphical images of X applications
• Recording changes in configuration files

Data Storage Tips

• Disk partition configuration
• Accessing partitions using UUIDs
• Filesystem configuration
• Creating filesystems and performing integrity checks
• Optimizing filesystems via mount options
• Optimizing filesystems via superblock
• Hard disk optimization
• Using SMART to predict hard disk failures
• Expanding usable storage space via LVM
• Expanding usable storage space by mounting another partition
• Expanding usable storage space using symbolic links
• Expanding usable storage space using aufs

Data Encryption Tips

• Encrypting removable disks with dm-crypt/LUKS
• Encrypting swap partitions with dm-crypt
• Automatically encrypting files with eCryptfs
• Automatically mounting eCryptfs

Monitoring, Controlling, and Starting Program Activities

• Timing a process
• Setting scheduling priority
• Using the ps command
• Using the top command
• Listing files opened by a process
• Tracing program activities
• Identifying processes using files or sockets
• Repeating a command at a constant interval
• Repeating a command while looping over files
• Starting a program from the GUI
• Customizing program startup
• Killing a process
• Scheduling one-time tasks
• Scheduling regular tasks
• Using the Alt-SysRq key

System Maintenance Tips

• Identifying logged-in users
• Notifying all users
• Hardware identification
• Hardware configuration
• System and hardware time management
• Terminal configuration
• Sound infrastructure
• Disabling the screen saver
• Disabling beep sounds
• Memory usage monitoring
• System security and integrity checks

The Kernel

• Kernel parameters
• Kernel headers
• Compiling the kernel and related modules
• Compiling kernel source: Debian standard method
• Compiling module source: Debian standard method
• Non-free hardware drivers

Virtualized Systems

• Virtualization tools
• Virtualization workflows
• Mounting virtual disk image files
• Chroot systems
• Managing multiple desktop systems

Data Management

Sharing, Copying, and Archiving

• Archive and compression tools
• Copy and synchronization tools
• Idioms for archiving
• Idioms for copying
• Idioms for file selection
• Backup and recovery
• Backup utility suites
• Example script for system backup
• Script for data backup
• Removable storage devices
• Sharing data via network
• Archive media

Binary Data

• Viewing and editing binary data
• Manipulating files without mounting disk
• Data redundancy
• Data file recovery and forensic analysis
• Splitting large files into smaller ones
• Clearing file contents
• Creating dummy files
• Erasing an entire hard disk
• Erasing unused areas of a hard disk
• Undeleting deleted but still open files
• Searching for all hardlinks
• Identifying invisible disk space consumption

Data Security Infrastructure

• Key management for GnuPG (signing and encrypting)
• Using MD5 sums