Deploying Ubuntu Server Edition

Course Outline

Topic 0: Getting Started in the Virtual Training Environment

(applicable to virtual classroom training only)

Introduction to the environment used for the course and the labs
Architecture of the virtual training environment
Introduction to Moodle
Introduction to Spreed
- Interacting with fellow students and the instructor
- Giving feedback to the instructor
- Using audio (computer-based, or dial-in)
- Testing your connection speed
ssh login to the virtual machine environment
- Ssh client recommendations for windows and macintosh users
- Accessing your virtual machines
- Using 'screen' to switch between machines (Ctrl-A commands)

Installation
- Checking hardware requirements
- Choosing, download and burning an installation CD
- Running the installer
- “Expert mode” installation
- Partitioning: (guided, manual, LVM)
- Software selection
- Why is there no root account?
Troubleshooting installations
- ACPI issues
- CD problems
- Saving installation logs
- Diagnosing boot failures
Logical Volumes
- The benefits of logical volumes
- Architecture
- Creating physical volumes, volume groups and logical volumes
- Extending logical volumes
Time synchronisation

What is a Debian package?
Low-level package management
- Installing, listing and removing packages with dpkg
- Package configuration and re-configuration
High-level package management
- Repository structure: pockets and components
- The advanced packaging toolkit (APT)
- Specifying the location of repositories
- Package dependencies
- Meta-packages and virtual packages
Repository management
- Creating a local repository
- Configuring a proxy server
- Mirroring a repository

Virtualization
- Setting up a KVM host
- Virtual machine management using libvirt
- Creating a guest
- Building machine images with ubuntu-vm-builder
- Creating virtual appliances with JeOS
Automated installation
- Kickstart and pre-seeding
- Creating a kickstart file
- Making a kickstart file available to the target installation
- Installing from a local server
- Cloning and its limitations
Automating Updates
Server management using Landscape
- Obtaining a Landscape account
- Configuring and registering a Landscape client
- Accessing a Landscape account

User-level security
- Living without a root login
- sudo and the sudoers file
- Ubuntu group memberships and privileges
- Configuring PAM to enforce password strength
- Encrypting partitions using the dm-crypt device mapper
Constructing a firewall
- netfilter and iptables
- Simplifying firewall construction with ufw
- Testing firewalls with nmap
Mandatory access control with AppArmor
- Discretionary vs Mandatory access control
- Creating an AppArmor profile
- Setting enforce mode and complain mode
Intrusion detection
- Verifying file system integrity with AIDE
- Monitoring log files with logwatch
Configuring ssh authentication
Configuration management with etckeeper
Backup tools and strategies
- Multi-level backup strategies
- Using rsync for backups
- Centralised backup with backuppc and bacula
System monitoring and performance tuning
- Monitoring memory and disk usage
- Centralised monitoring with nagios and munin
- Kernel parameter tuning
- Application-specific tuning

OpenLDAP
- OpenLDAP components and architecture
- Installation and initial configuration
- Command-line tools (ldapadd and friends)
- Secure LDAP
- LDAP with user account management
- Configuring a client to use LDAP for authentication
- Replicating an LDAP directory
Kerberos
- Setting up a Key Distribution Centre
- Primary and secondary servers
- Adding principals: Hosts, services, users, admin
- Using LDAP as the backend
Active Directory integration
Likewise Open
Joining a domain
Logging in as an A-D user