From 5b2efe10097f288ad3a1a4256f85c5465b1c2f9b Mon Sep 17 00:00:00 2001 From: pboy Date: Apr 21 2023 22:47:51 +0000 Subject: Admin indexpage: Updated to F38 and fixed #98. --- diff --git a/docs/modules/ROOT/pages/administration/index.adoc b/docs/modules/ROOT/pages/administration/index.adoc index 010f0af..f4844f6 100644 --- a/docs/modules/ROOT/pages/administration/index.adoc +++ b/docs/modules/ROOT/pages/administration/index.adoc @@ -1,37 +1,40 @@ = Fedora Server Edition Basic Administration Guide Peter Boy; Jan Kuparinen; Emmanuel Seyman :page-authors: {author}, {author_2}, {author_3} -:revnumber: F35-F37 -:revdate: 2022-11-15 -// :revremark: a new beginning -:page-aliases: sysadmin-an-introduction.adoc +:revnumber: F37-F38 +:revdate: 2023-04-21 +:page-aliases: pages/sysadmin-an-introduction.adoc == What You Find Here -Generic basic system administration is covered by Fedora's overall -// xref:fedora::system-administrators-guide.adoc[System Administration Guide]. -System Administration Guide- But there are several of Fedora Server specific topics which are not included. There are such basic items as storage organization to more advanced security considerations up to virtualization. +General basic system administration is covered in Fedora's overall +//xref:fedora::system-administrators-guide.adoc[System Administrator's Guide]. +System Administrator's Guide. However, there are some Fedora Server-specific topics that are not included therein. -== Post Installation security enhancements +This section covers topics like name resolution tools, DHCP support, special network configuration, local disk space management, and similar topics. Other sections address specific topics such as xref:virtualization/index.adoc[virtualization], xref:container/index.adoc[containerization], or xref:services/index.adoc[providing services]. -As part of the installation, the system is already fitted with many security-relevant configurations. But some items need manual intervention. +_Currently, the compilation and description of administrative tasks is still under construction. It will be continuously expanded._ -First of all, the root account needs a key file to enable secure access via ssh. Right after installation, a remote login as root via ssh is not possible due to the (public) key file requirement as configured by default during installation. A local password based root login (directly connected terminal, KVM terminal, but su as well) is still enabled in the default configuration. +== Administrative Tools -For a number of other procedures, the system manager must weigh the pros and cons and make a decision. This involves, for example +Fedora Server Edition is designed as a headless device, i.e. without a graphical user interface. Corresponding packages are not even installed. Accordingly, only a simple text-based terminal is available on the box by default, which is somewhat euphemistically called a __Command Line Interface__ (CLI). -- Depending on protection and confidentiality requirements, system-wide disabling root login (system administration is performed exclusively via user accounts with administrative privileges) -- Disabling ssh password based login for all users except one (or very few) fallbacks -- Protecting Cockpit password terminal login capability -- Installing fail2ban to block IPs with too many unsuccessful logins +Very many servers do not even have a monitor and keyboard permanently connected. The administrator works over the network from his desktop. In this case, a graphical tool is also available, __Cockpit__, a lightweight web-based graphical user interface. It is very powerful and greatly simplifies administration even for experienced and CLI-savvy ("hard core") administrators. -For detailed information see https://docs.fedoraproject.org/en-US/fedora-server/sysadmin-postinstall/[System Administration – Post Installation Tasks] +//=== Comand line interface (CLI) -== Cockpit +//Typically, however, administration is done remotely via a secure SSH connection. -Fedora Server Edition is designed as a headless device, i.e. without a graphical user interface. Corresponding packages are not even installed. Accordingly, at most a simple text-based terminal is available on the box. +//=== Cockpit -Typically, however, administration is done remotely via a secure SSH connection. +//In addition, a lightweight web-based graphical user interface, Cockpit, is available by default and is intended to simplify many typical and repetitive maintenance tasks. For example, the creation, formatting and mounting of a logical file area can be done with a short input form consisting of 3-4 topics and one click. This saves even the experienced system administrator a lot of time and the (error-free) typing of several command lines. -In addition, a lightweight web-based graphical user interface, Cockpit, is available by default and is intended to simplify many typical and repetitive maintenance tasks. For example, the creation, formatting and mounting of a logical file area can be done with a short input form consisting of 3-4 topics and one click. This saves even the experienced system administrator a lot of time and the (error-free) typing of several command lines. + +== System security + +Fedora is very concerned about security. Accordingly, as part of the installation, the system is already fitted with many security-relevant configurations. Thus, by default, a firewall is installed and also activated, which only allows an ssh as well as a cockpit connection. SSH uses the latest encryption algorithms and blocks outdated, insecure methods. + +There is not much left for the system administrator to do. Measures that may be required are described together with the corresponding xref:services/index.adoc[services]. + +However, the installation process cannot perform all security-related configurations automatically.The system manager must weigh the pros and cons and make a decision. Admins should process these items immediately after the installation. For detailed information see xref:installation/postinstallation-tasks.adoc[Post Installation Tasks].