Learning Plattform for Students

init

Build a reliable platform on a pve host to teach students Linux/Windows server administration and accompanied other interesting topics such as

• firewalls and routing
• subnetting
• vlans
• installing a ms dc/ad
• join a linux host to a ms ad
• powershell usage and scripting
• smb server setup and joining with ad
• databases (mariadb/mysql)
• web servers
• certificate management
• mail server
• security and network tools like nmap or tcpdump
• and other things

User Management

Apart from the pve host, the main core of the environment will be a FreeIPA Server which combines

• identity management server (ldap, sso, acl, ...) via a 389 directory server
• DNS server (bind)
• NTP server
• Kerberos
• Dogtag for certificate management
• NFS server or 'advertise' one for home folders of all users and other userful shares when needed in an exercise

We will setup user accounts for each student on the ipa server and a home folder for each one which are shared via nfs and automatically mounted on user login on any device in the domain/realm. The student will always have their files available no matter the device they login with their own account.

Define designated groups, linux_admins, linux_students, linux_users, with each its own ACLs mediated via the ipa server.

Facts

Domain:

• domain: lab.softbox.net
• realm: LAB.SOFTBOX.NET
• ipa:
  • hostname: ipa.lab.softox.net
  • ip address: 10.11.12.65/24

Students:

• username: firstname.surname
• mail: firstname.surname@softbox.de
• user_ssh_public_key: Created in exercise sheet-00
• uid: 1000-1020
• gid: 1000-1020
• groups: linux_students

VMs:

• hostname: vm_00
• IP addresses: 10.11.12.200-220

Schedule

Time Slot: Friday 3p.m. to 4p.m.

1. Handout Sheets in this week at 4p.m.
2. Have a 30-60 mins class for the students to ask questions
3. Discuss sheets next week and handout begin at 1. handing out the new sheet

Ideas for exercises

Separate by different levels of difficulty. In the beginning only easier concepts should be presented. Write guide which can be followed in order to learn and see concepts such as a manual to install a nextcloud instance. In the process the student would learn how a mariadb database is setup. Just following some simple commands.

Level 0

• base commands - 20 most useful commands: cd, ls, mkdir, mv, rm , cp, touch, find, grep, cat, ssh
• ssh key-exchange authentication
• ssh hardening - not root login, no password hardening
• nginx
• user and group management

Level 1

• fail2ban-server
• samba server
• couple samba share with ms ad

Level 2

• git local and remote repo as github and internal gitea
• powershell: remote powershell and installation of ninja agent

Level 3

• git server
• setup mysql/mariadb database
• nextcloud setup

Level 4

• nmap
• ip and ipcalc - set ip addresses and routes
• ufw

Level 5

• simple mail server Ports: 25 (smtp), 587 (submission), 143 (imap) (no tls first)
• tcpdump -> catch clear text passwd with tcpdump at imapsync
• pki for mutual tls trust
• build each their own firewall/router with openbsd
• build together an firewall which will be the sbx_lab firewall