121 lines
3.4 KiB
Markdown
121 lines
3.4 KiB
Markdown
|
|
# Learning Plattform for Students
|
|
|
|
## init
|
|
|
|
Build a reliable platform on a pve host to teach students Linux/Windows server administration and accompanied other interesting topics such as
|
|
|
|
- firewalls and routing
|
|
- subnetting
|
|
- vlans
|
|
- installing a ms dc/ad
|
|
- join a linux host to a ms ad
|
|
- powershell usage and scripting
|
|
- smb server setup and joining with ad
|
|
- databases (mariadb/mysql)
|
|
- web servers
|
|
- certificate management
|
|
- mail server
|
|
- security and network tools like nmap or tcpdump
|
|
- and other things
|
|
|
|
## User Management
|
|
|
|
Apart from the pve host, the main core of the environment will be a _FreeIPA_ Server which combines
|
|
|
|
- identity management server (ldap, sso, acl, ...) via a 389 directory server
|
|
- DNS server (bind)
|
|
- NTP server
|
|
- Kerberos
|
|
- Dogtag for certificate management
|
|
- NFS server or 'advertise' one for home folders of all users and other userful shares when needed in an exercise
|
|
|
|
|
|
We will setup user accounts for each student on the ipa server and a home folder for each one which are shared via nfs
|
|
and automatically mounted on user login on any device in the domain/realm.
|
|
The student will always have their files available no matter the device they login with their own account.
|
|
|
|
Define designated groups, `linux_admins`, `linux_students`, `linux_users`, with each its own ACLs mediated via the ipa server.
|
|
|
|
|
|
## Facts
|
|
|
|
**Domain:**
|
|
|
|
- domain: `lab.softbox.net`
|
|
- realm: `LAB.SOFTBOX.NET`
|
|
- ipa:
|
|
- hostname: `ipa.lab.softox.net`
|
|
- ip address: `10.11.12.65/24`
|
|
|
|
|
|
**Students:**
|
|
|
|
- username: `firstname.surname`
|
|
- mail: `firstname.surname@softbox.de`
|
|
- user_ssh_public_key: Created in exercise sheet-00
|
|
- uid: `1000-1020`
|
|
- gid: `1000-1020`
|
|
- groups: `linux_students`
|
|
|
|
**VMs:**
|
|
|
|
- hostname: `vm_00`
|
|
- IP addresses: `10.11.12.200-220`
|
|
|
|
## Schedule
|
|
|
|
Time Slot: Friday 3p.m. to 4p.m.
|
|
|
|
1. Handout Sheets in this week at 4p.m.
|
|
2. Have a 30-60 mins class for the students to ask questions
|
|
3. Discuss sheets next week and handout begin at 1. handing out the new sheet
|
|
|
|
|
|
## Ideas for exercises
|
|
|
|
Separate by different levels of difficulty. In the beginning only easier concepts should be presented.
|
|
Write guide which can be followed in order to learn and see concepts such as a manual to install a nextcloud instance.
|
|
In the process the student would learn how a mariadb database is setup. Just following some simple commands.
|
|
|
|
### Level 0
|
|
|
|
- [ ] base commands - 20 most useful commands: cd, ls, mkdir, mv, rm , cp, touch, find, grep, cat, ssh
|
|
- [x] ssh key-exchange authentication
|
|
- [x] ssh hardening - not root login, no password hardening
|
|
- [x] nginx
|
|
- [ ] user and group management
|
|
|
|
### Level 1
|
|
|
|
- [x] fail2ban-server
|
|
- [ ] samba server
|
|
- [ ] couple samba share with ms ad
|
|
|
|
### Level 2
|
|
|
|
- [ ] git local and remote repo as github and internal gitea
|
|
- [ ] powershell: remote powershell and installation of ninja agent
|
|
|
|
### Level 3
|
|
|
|
- [ ] git server
|
|
- [ ] setup mysql/mariadb database
|
|
- [ ] nextcloud setup
|
|
|
|
### Level 4
|
|
|
|
- [ ] nmap
|
|
- [ ] ip and ipcalc - set ip addresses and routes
|
|
- [ ] ufw
|
|
|
|
### Level 5
|
|
|
|
- [ ] simple mail server Ports: 25 (smtp), 587 (submission), 143 (imap) (no tls first)
|
|
- [ ] tcpdump -> catch clear text passwd with tcpdump at imapsync
|
|
- [ ] pki for mutual tls trust
|
|
- [ ] build each their own firewall/router with openbsd
|
|
- [ ] build together an firewall which will be the sbx_lab firewall
|
|
|
|
|