Index

Symbols

24-bit subnet 211

/etc/exports file 258

/etc/fstab file 184

adding 186-188

contents, analyzing 184-186

/etc/passwd file 39, 40

/etc/shadow file 41-43

/etc/skel

default configuration files, distributing with 43, 44

A

access log 289

Active Directory (AD) 32

additional storage volumes

adding 173-176

adduser command

using 36, 37

administrator access

configuring, with sudo 53-55

Advanced Package Tool (APT) 68

Amazon Lightsail 410

Amazon Machine Image (AMI) 444, 447

Amazon Web Services (AWS) 410, 461

certification 458

concepts 413-416

documentation 458

EC2 instances, running only when needed 456

experimenting and learning 458

online training and labs 457

Ubuntu Server instance, creating 432-443

unneeded EC2 instances, stopping or terminating 457

Ansible

combining, with Terraform for full deployment solution 481-483

need for 315

settings, configuring 321-323

working with 319-321

Ansible’s pull method

using 330-334

Apache

additional modules, installing 291-293

configuring 285-291

installing 285-291

securing, with TLS 293-299

application log files

viewing 94, 95

Application Logs 516

apt

Debian packages, managing with 68-71

A Record 290

arguments 88

configuring, to ps command 137-141

attack surface 486

lowering 485-489

Auto Scaling

used, for scaling Ubuntu EC2 deployments automatically 446, 447

group, creating 448-454

AWS account

creating 416, 417

signing up 417-421

user security, implementing 421-427

AWS Billing Dashboard

billing alert, adding 456

billing information, viewing 455

unneeded backups, removing 456

AWS Certified Cloud Practitioner 458

AWS Certified Sysops Administrator 458

AWS EC2 instance

Ubuntu, deploying as 428

AWS Management Console 417

B

backported 81

backup plan

implementing 538-540

Bash 115

history 117-119

Berkeley Internet Name Daemon (BIND) package

external DNS, setting up with 237, 238

bootable flash drive

creating 8-11

partitioning layout, planning 11, 12

bootable recovery media

utilizing 540, 541

Bourne Again Shell 115

broadcast address 230

C

Caching Name Server 237

Canonical Livepatch service

reference link 494

used, for automatically installing patches 494

Canonical Name (CNAME) record 242

Certificate Signing Request (CSR) 297

Classless Inter-Domain Routing (CIDR notation) 229

client servers

configuring 323-327

cloning

used, for simplifying virtual machine creation 354-356

cloud computing

using, considerations 411-413

Cloud Deployment

automating 462

CloudFormation 463

CloudFront 428

cloud infrastructure

versus on-premises infrastructure 410

command line

used, for managing Virtual Machine (VM) 356, 357

command-line tricks

utilizing 119-122

commands

issuing, with OpenSSH 217-219

Common Vulnerabilities and Exposures (CVEs) 490

responding to 490

config file

used, for simplifying SSH connections 223-225

configuration management

Git, utilizing 533-538

need for 313, 315

container 360

deploying, via Kubernetes cluster 402-408

using 360

containerd 394

containerization 359, 360

container orchestration 380, 381

Container Runtime 394

Content Delivery Network (CDN) 428

contents

viewing, of files 91-94

control groups (cgroups) 361

cron

used, for scheduling tasks 151-153

cron job 330

cross-platform 463

curdate 130

D

daemons 148

database server

preparations, for setting up 265-267

Debian 64

Debian packages 65, 66

backing up 78, 79

managing, with apt 68-71

restoring 78, 79

versus Snap packages 65

default configuration files

distributing, with /etc/skel 43, 44

defective RAM

diagnosing 527-529

device, selecting for server

laptop 4

physical desktop 4

physical servers 3

Raspberry Pi 5

Virtual Machine (VM) 5

Virtual Private Server (VPS) 5

df command

using 156-158

DHCP reservation 209

DigitalOcean 410

directories

copying 97-99

moving 97-99

ownership, modifying 60, 61

permissions, setting on 56

renaming 97-99

Disaster Recovery 462

disasters

preventing 531-533

Disk Operating System (DOS) 178

disks

decrypting, with Linux Unified Key Setup (LUKS) 507, 508

encrypting, with Linux Unified Key Setup (LUKS) 507, 508

disk usage

df command, using 156-158

investigating 158-161

viewing 155

DNS server

adding 236, 237

external DNS, setting up with bind 237, 238

hosts, adding 239-243

internal DNS, setting up 239-243

Docker

installing 362, 363

versus LXD 361, 362

Docker containers

managing 363-370

Dockerfiles

Docker image creation, automating with 371, 372

Docker Hub 362

reference link 363

Docker image creation

automating, with Dockerfiles 371, 372

document root 286

Domain Name System (DNS) 213

Dynamic Host Control Protocol (DHCP) 15

Dynamic Host Control Protocol (DHCP) server 228

setting up, for IP addresses 231-236

E

EC2 instance deployment

automating 470-476

EC2 instances

running, only when needed 456

stopping or terminating 457

Elastic Block Store (EBS) 415

Elastic Compute Cloud (EC2) 415

Elastic Container Service (ECS) 362

Elastic Kubernetes Service (EKS) 416

Elastic Load Balancer (ELB) 415

Error Correction Code (ECC) 4

error log 289

Etcher 8

export 255

export root 255

F

Fail2ban 498

configuring 498-502

installing 498-502

files

contents, viewing 91-94

copying 97-99

editing, with Nano text editors 99, 100

editing, with Vim text editors 99, 100

moving 97-99

ownership, modifying 60, 61

permissions, setting on 56

renaming 97-99

sharing, with Windows users via Samba 249-254

transferring, with rsync 258-261

transferring, with Secure Copy (SCP) 261-263

file server considerations 247, 248

filesystem cache 162

Filesystem Hierarchy Standard (FHS) 90, 182

firewall 505

setting up 505, 506

Fish 116

Flannel 400

for loop 128

G

gateway 243

Git

utilizing, for configuration management 533-538

Git commit 536

Git repository

creating 316-319

Google Cloud Platform (GCP) 410

grants 273

Graphical User Interface (GUI) 100, 139, 341

groups

managing 46-49

purpose 32

GUID Partition Table (GPT) 178

H

hard links

using 111-113

hardware enablement (HWE) 81

updates, advantage 81-83

hash bang 125

Homebrew

installation link 384

utilizing 384

hostname

setting 201-204

htop

used, for viewing resource usage 168-171

I

IAM role

setting up, for Session Manager 428-432

Identity and Access Management (IAM) 415

if statement 126

infinite loop 128

Infrastructure as Code (IaC) 314, 463

inodes 111

Input/Output (IO) 526

input streams 108-110

installation media

obtaining 6-8

Integrated Development Environment (IDE) 104

internet gateway

setting up 243, 244

Internet Service Provider (ISP) 237

inventory file 315

setting up 321-323

IP addresses

DHCP server, setting up for 231-236

scheme, planning 227-231

J

jobs

managing 133-136

K

Kernel-based Virtual Machine (KVM) 338, 362

Keyboard, Video, and Mouse (KVM) 4

ksh 116

kubeadm package 397

Kube Control (kubectl) 392

kubectl package 397

kubelet package 398

Kubernetes cluster

containers, deploying via 402-408

installing 397-402

packages 397

preliminary setup 393-397

setting up 392, 393

Kubernetes (K8s) 381

testing, by preparing lab environment 381-383

L

lab environment

preparing, for Kubernetes testing 381-383

laptop 4

launch template

creating 447, 448

options 447

LearnLinuxTV 213

Lightweight Directory Access Protocol (LDAP) 32

Linode 410

Linux

MicroK8s, installing on 383, 384

name resolution 213-215

Linux commands 85-89

Linux Containers (LXC) 361

Linux filesystem layout 89-91

Linux package management 63-65

Linux shell 115, 116

Linux signals 146

Linux Unified Key Setup (LUKS)

used, for decrypting disks 507

used, for encrypting disks 507

live media

concept 540

load average 166-168

Logical Volume Manager (LVM) 173, 267

benefits 174

logical volumes, formatting 195-197

utilizing 190, 191

volumes, removing 197

working with 191-195

logical volumes

formatting 195-197

long-term support (LTS) 7, 81

loopback addresses 203

LVM snapshots 198, 199

LXD 361

versus Docker 361

LXD containers

managing 373-377

M

macOS

MicroK8s, installing on 384-386

MariaDB

best practices, for secure database servers 502-504

configuration files 269-271

databases, managing 272-278

installing 267-269

Master Boot Record (MBR) 178

memory

usage, monitoring 161

Memtest86+ 528, 529

MicroK8s

installing, on Linux 383, 384

installing, on macOS 384-386

installing, on Windows 386-389

interacting with 390-392

utilizing 383

Microsoft Azure 410

misbehaving processes

dealing with 145-147

Multi-Factor Authentication (MFA) 422

myvar 128

N

Nano text editors

editing with 100-102

used, for editing files 99, 100

NCurses Disk Usage 159

network

interfaces, managing 204-208

issues, tracing 520-524

services, setting up 227

Network Time Protocol (NTP) 133

Nextcloud

configuring 303-310

setting up 303-310

NFS 247

NFS shares

setting up 254-258

NGINX

configuring 299-303

installing 299-303

NodePort Service 406

non-Graphical User Interface (non-GUI) 67

Non-Volatile Memory Express (NVMe) 176

O

object storage 415

on-premises infrastructure

versus cloud infrastructure 410

OpenSSH 495

commands, issuing with 217-219

installing 216, 217

securing 495-498

working with 215

OpsWorks 464

orphaned apt packages

cleaning up 79-81

Out of Memory (OOM) Killer 163

output streams 108-111

output variable 478

P

package maintainer 64

packages

additional repositories, adding 75-77

repositories, managing 75

searching 73-75

partitioning 11

layout, planning 11, 12

tips 12

partitions

creating 177-180

formatting 180-182

passphrase, of OpenSSH key

modifying 223

passwords

expiration information, setting 50, 51

managing 49

policies 49

policy, setting 51, 52

user accounts, locking 49, 50

user accounts, unlocking 49, 50

patches

installing, automatically with Canonical Livepatch service 494

Perl 37

permissions

modifying 59, 60

ownership of objects, modifying 60, 61

setting, on files and directories 56

viewing 56-58

Personal Package Archive (PPA)

adding 77, 78

physical desktop 4

physical servers 3

playbook 323

Pluggable Authentication Module (PAM) 51

Pod Network 398

principle of least privilege 489, 532

print working directory 86

private key

generating 220

privileged commands

running, with sudo 33, 34

processes, on Linux system

priority, modifying 141-145

Process ID (PID) 137

PS1 prompt 202

ps command 136

arguments, configuring to 137-141

running processes, viewing with 136, 137

public key

copying, to remote server 221, 222

generating 220

pull method 315

Q

Quick Emulator (QEMU) 338

R

Raspberry Pi 5

Ubuntu, installing on 25-28

Red Hat 64

Redundant Array of Independent Disks (RAID) 176

region

selecting 427, 428

resources

issues, troubleshooting 524-527

Return on Investment (ROI) 411

root cause analysis

conducting 513-515

Route 53 415

RPM packages 65

rsync

used, for transferring files 258-261

backup script, writing 129-131

running processes

viewing, with ps command 136, 137

S

Samba 247

files sharing, with Windows users via 249-254

scope

evaluating 511-513

scripts

writing 124-129

secondary database server

setting up 278-282

Secure Copy (SCP)

used, for transferring files 261-263

secure database servers

MariaDB, best practices 502-504

Secure Sockets Layer (SSL) 293

security groups 416

managing, with Terraform 476-479

security updates

installing 490-494

Serial Advanced Technology Attachment (SATA) 184

server

device, selecting 3

role, determining 2, 3

server memory 161-163

Server Message Block (SMB) 248

Services for NFS 248

Session Manager

IAM role, setting up 428-432

shebang 125

shell script 37

Simple Storage Service (S3) 415

Snap packages 66, 67

managing, with snap 71-73

versus Debian packages 65

software

installing 68

removing 68

SSH agent

utilizing 222

SSH connections

simplifying, with config file 223-225

SSH key management

OpenSSH key passphrase, changing 223

private key, generating 220

public key, copying to remote server 221, 222

public key, generating 220, 221

SSH agent, utilizing 222

working with 219

SSH passphrase

modifying 223

Stable Release Updates (SRUs) 64

standard error (stderr) 124

standard input (stdin) 108, 124

standard output (stdout) 108, 124

Start of Authority (SOA) line 240

static IP addresses

assigning 209-213

storage devices

formatting 176, 177

partitioning 176, 177

storage volume

backing up 188-190

mounting 182, 183

restoring 188-190

unmounting 182, 183

streams 108

subnets 229

sub-shell 130

subtree checking 255

sudo

administrator access, configuring with 53-55

locking down 509

using, to run privileged commands 33, 34

swap

managing 163-166

swap file 12

swap partition 12

symbolic

using 111-113

symbolic link (symlink) 112

system logs

viewing 515-520

system processes

managing 148-151

T

Tab Completion 119

teletypewriter 138

Terraform 461, 463

installing 465-470

used, for combining Ansible with full deployment solution 481-483

used, for managing security groups 476-479

workflow 463, 464

Terraform destroy 479

using 479-481

Terraform plan 474

Time to Live (TTL) 240

Transport Layer Security (TLS) 285

used, for securing Apache 293-299

U

Ubuntu

deploying, as AWS EC2 instance 428

installing, on Raspberry Pi 25-28

Ubuntu AMIs

creating 444-446

deploying 444-446

Ubuntu CVE tracker

reference link 490

Ubuntu EC2 deployments

scaling, automatically with Auto Scaling 446, 447

Ubuntu One account

URL 494

Ubuntu Server

installing 12-24

instance, creating in AWS 432-443

ufw command

reference link 506

Uncomplicated Firewall (UFW) 505

Uninterruptible Power Supply (UPS) 4

units 148

Universally Unique Identifier (UUID) 184

Universal Naming Convention (UNC) 253

universal packages 66

unix_socket authentication 268

useradd command

using 34, 35

use root

usage 32, 33

users

creating 34

purpose 32

removing 34-39

switching 45, 46

V

variables 122-124

Vim

editing with 102-108

Vim text editors

used, for editing files 99, 100

VirtualBox 5

download link 5

virtual host 286

virtualization 359

consideration 338, 339

prerequisites 337-339

virtual machine creation

simplifying, with cloning 354-356

Virtual Machine Manager 341

virtual machine network

bridging 351-353

virtual machine server

setting up 339-345

Virtual Machine (VM) 5, 319, 514, 337

creating 345-350

managing, via command line 356, 357

weaknesses 359

Virtual MFA device 423

Virtual Private Cloud (VPC) 415

Virtual Private Server (VPS) 5, 45, 267, 290, 410

VM Template 354

Voice over IP (VoIP) 228

vulnerability chain 487

W

web server deployment

automating 327-330

Windows

MicroK8s, installing on 386-389

Windows users

files sharing, via Samba 249-254

Z

zombie process 146

zone file 237, 239

Zsh 116