 Good evening, guys. Okay. Well, this is my first time to have a talk in Singapore. I usually talk in our country, which is a small country. Philippines, okay. So, hopefully, as... Actually, there's no formal discussion between me and the organizer. What's the organizer, please? Second meeting now. Okay. So, there's... We don't have any formal discussion regarding what really to discuss and what I've mentioned to our meet-up group before. It's supposed to be for beginners, for slightly intermediate. If you want to have an advanced discussion maybe after later, because if you will be asking some advanced questions like puppets, how to configure puppets, something like that or automation tools or something. The other guys, the newbies will blow up their minds and, hey, guys, what are you talking about? So, let's give a chance first to the... for those who are skeptics, something like that. So, by the way, I'm Michael Art. Just call me Michael, okay. And okay. First things first, I would like to have a basic... get them all to each other first. I'm not sure if you laugh because this is real in your environment. So, yeah, I used to have that kind of environment before. Okay. Before I introduce myself, I would like to have some hands on who is the Linux admin here. Quite a few. One, two, three, four, five, six, seven. Okay. Linux admin. And the developers. Oh. So, we have some hackers here, huh? Okay. Developers, Linux admin. Later, I'll discuss to you why Linux is for developers and for sysadmin. Okay. And for penetration testers. Hackers. DevOps. I guess you're DevOps because you're Linux and you're doing programming. DevOps means you're in operation, you are sysadmin and you're doing some automations. Like, for example, it's the puppet. Okay. It's an automation tool which kick some patches or something. So, we call it DevOps. This is supposed to be the good, the ideal sysadmin right now. The old school is just build a server, make up and running, connect to the network. That's the old school. This is the new one. It will go to any job site. They will look for this one. Even though you want to go in Australia, New Zealand, they will look for this one. You should have a basic knowledge of wash scripting, perscripting, Python as what the... Yeah. So, he's actually looking for this. DevOps. Okay. Infosec. Is there any Infosec here? Infosec. Sysadmin Infosec or Infosec Network? Network Infosec, Jupiter, Cisco. Checkpoint. General. General, okay. General Infosec. But not the VA, pentester, audit. All of the above. So, basically you're... I'm not sure if you're doing this. Praying before the vacation. Net engineer. What is an Infosec? Information security. Oh, security. Security, yeah. Sorry for that. Yeah. Network engineer. Network engineer, Cisco, Checkpoint. Okay. So, you hate Checkpoint and Jupiter, right? Yes. Okay. Operations, support, tech support. Doing ticketing stuff. Okay. Managers. IT managers. Okay, hi. Okay. Take a seat. My groupmate, NAL group. Headhunters, recruiters. No, actually I'm not joking on this one because this is a good spot. Okay, this is a good spot to hunt people like us, right? Instead of going to link in, hey, blast an email, something like that. Are you open for this one? And package, something like that. But this one is a good network for them. Wintel admin. Wintel means Windows administrators. Okay, Wintel. If you work in support, you will have to do Wintel administration. No choice. If you are VMware admin, yes you will. I'm doing that before, last for the past four years. I just got promoted last year. So, luckily... Are you sure it's promotion? Yeah. Yeah, hopefully, yeah. So, if you are, at least in my environment, in my company, we are doing both when a user asks to deploy a VM, whether it is a Linux, Solaris, or a Windows, you need to do that one because you're the VMware admin. So, I'm not surprised if you're doing Linux, doing that thing, and doing documentations. So, skeptics, afraid, none of the above. None of the above. What are you guys? DBA. Oracle, Sybase? Sybase. SQL, okay. No. What are you? Are you guys? Oh, okay. Are you, sir? I just use Linux at home. Okay. Hobbyist. That's good. Actually, those who are using Mac, it's running on Unix, right? Yes. Linux is later. I'll give a short history on that. Okay. Well, about me is I've been doing Linux operating system for last 2002. Okay. For those skeptics and those who want to have a jump on Linux, but they're afraid of not using the mouse because they're already used to mouse, right? Next, next, next. Okay. I started this one when I was in third year college because I was doing a hardcore HTML before. It was 2002, I think. 2002, 2001. So then I was asking myself that when I graduate, what will be my bullet against my colleagues which are good in VBScript, assembly language, C-language, HTML, macromedia flash. Those were the days, right now. I think if macromedia flash is still, I think, yeah, flash is no longer, right? It's HTML. So I look into the internet. What are the top 10 or even top five job that I could land after the graduation? And it gives me two job. One is the Oracle DBA and the second one is the Unix Admin. So when I search about, because number one is, during 2002 is number one is DBA, Oracle. So when I check the DBA, you should have a budget to take a course, formal training. Then second one, when I check Unix, it's popping up Solaris during that time. And then keep on searching. I came across this Red Hat Linux. During that time, I'm sorry guys, Red Hat was number one. I don't know now because there's a lot of Unix now. And I started to search, print out anything about Red Hat, then a tutorial which is on CBT Nuggets. But during that time, it's not CBT Nuggets. It's just a CD, no DVD yet. CD. So I check all those videos and I don't have even my own computer. So since I'm the hardcore in HTML during that time, one of my VB instructor asked me to do a project for him. It's like under the table project. Instead of doing the project for the class, I want you to make a website for my organization. Okay, this is just between you and me. Sir, I don't have any computer. I'm just poor, you know. So no. That's the reality. I don't have my own computer during that time. So he asked me. He has a small business, a computer shop. During that time, a computer shop is booming. So he lent me some computer, printer and this one. I made my project for him. I made it two days and applauded it to the internet. During that time, there's a lot of free website, JUCTs, if you still remember. But now there's no more JUCTs, right? Yeah. So I applauded it, but I told him boss is not yet complete. So I used his computer. I used the chance to install Red Hat Linux. Literarily, I'm just sleeping like two to four hours because I'm very addicted to this one. The reason why I keep on crashing it. I install it, then I crash. Then I'm writing down what I have done. Okay, I run FSCK to this one. Okay, then all of the files are wiped out. So something like that. So until then. Then the first job that I've landed when I was an OGT. If you still remember mosaic communication, it's an ISP, right? It's very old. Sorry guys, we're old. I just look young, but I'm 37 years old. But one wife only. So sorry. Okay. So, yeah. So the mosaic communication. Actually, before you graduate, you need to go by OGT, right? Practicum. So the manager of the Moscom mosaic ask me what can you do because I already have tech support. They can fix laptop computers. They can install Modem. I told him that I can do Linux. That's the first time. Because during that time, nobody's using Linux. I'm like a weirdo in the school. Every time there's a subject operating system, right? Still route. Even in master route, there's a operating system subject. When I go to the operating system subject, the instructor is discussing, guess what? Windows. Windows, yes. And I'm not listening to him. Because I know that I don't have future in Windows. And one time, I just got a grade of 3.0. It's just a passing grade. It's 75, something like that. Then my instructor asked my classmates, hey, what is he doing? It seems like he's not sleeping. And his grade is just up and down, something. He's doing Linux. This is the word that I will never forget. Linux will not beat Windows ever. I would not forget that. From 2002 until now, I don't forget that. And where is he? He's still in the Philippines. And look at me. I'm here with you guys. So that's the story where I began. So for those skeptics, we are here. During that time, I'm alone. Internet, I just need to print out. But now, we are here. We're a community. So don't be afraid. Organizations here in Singapore, I'm a member of OWAS and AISP. Any member of AISP? It's an infosec group here in Singapore. But you need to pay. Just like OWAS, you need to pay. But there's one more group that it's for security guys. Later, with respect to this group, later I'll share to you. Now, this is where I'm working from now. Small company, small data center. I'm not sure if you already heard about Equinix. It's very small, right? Nobody knows about Equinix, correct? So that's why I always call it small company. I went there before. I went there before to remove help. Oh, you worked in Equinix before? No. I just went there to help my client get out of there. So this is now located in Ayaraja. This is our third data center here in Singapore. So it's under certified by MAS because most of the clients are banks. So they don't want to be jethuck. You were talking about if I'm not sure if you were... I was promoted or not. Okay, this is Linux Live. They think that Linux is this as what I'm telling you earlier. Pray first before the vacation. And they said that if you are a Linux guy, you'll not get any vacation, Christmas party, or even birthday you will work in the data center. So... And this is my life. Imagine that. If you want to go shooting in Chuachokang, you need to go there by Saturday or Sunday. If you are on call support, you cannot do that. You cannot even go with your wife. Okay? Shoot with you. Okay? You cannot... Imagine this, guys. I'm doing free diving in Walbal Cebu, Philippines, during my weekends. I take MC on Friday. Fly with In Cebu. Saturday, Sunday. I am under water. Do you agenda? This is what to do with your agenda. Yes, yes, we will. Okay? Now, this is the life of Linux admin. Don't be scared that Linux doesn't have work. Doesn't have life. Don't be afraid of that. It's not true. It's just a matter of doing automation. Because if you want to make it manually, then you need to go in the data center manually. But if you have some tools to make for automation, put it in the chron or scheduler, then your job is done. You don't need to be there. So now, you have a family to celebrate, right? Okay. What is Linux? Anybody knows the history of Linux? Linus Torvalds? Yes. He's still alive, right? Yes. Yeah. But the one who made the Debian just passed away 2015. Okay? And without Debian, there will be no Ubuntu. Correct? This is the logo or not the logo. It's the mascot. They call it. Okay? Have you wondered? Have you asked yourself? Why is it penguin? Serious? Yeah. Linus Torvalds copied that penguin. So, it shows something. It could be different stories, actually. That's one story. Yes. That's the first one. Because they're making a joke, something. And they call it a tax, right? Linus Torvalds and the Unix. So, that's why they call it the tax. That's a meaning. Tuxedo. Because it's for office work, something like that. Okay? Professionals. And during the time when Linus Torvalds was still in college, okay? That's in Finland. They're using a mini-unix. That's they call it minix. Okay? Mini-unix or minix was originally came from... Do you know programmers? Do you know who is Dennis Ritchie? Yes. He was the one who developed the... Yeah. And he is also the one who developed the Unix in Bell Laboratory. Okay? So, that's how great he is. Frick guy. Okay? So, from then, Linus Torvalds hacked the kernel of the minix. And that's why he made his own linux operating system. And he published it in the public. Okay? So, that's why different programmers... That's why Red Hat came in during that time. Okay. Linus and Unix is linux. Linux, linux, whatever you call it. Whatever you read it by Dennis Ritchie. Okay. Why linux? Because it's free. The kernel is free, right? Yes. So, when it's free, the power is given back to the user. How? Do you know how? Programmers, the power is given back to the user because the kernel is open. You know C language, right? So, you have the power to... Change it, yes. Develop. Make it better. Yeah. So, this is the reality. Okay? Unlike other proprietary operating system, they release a alpha, then a user when they have different bugs, they will report, okay? So, they call it beta, right? Then that's the time they will change it. Okay? So, the testbed is the people. That's why Windows 7, they call it use it with your own risk. That's... And who said it? Windows itself, Microsoft. Okay? And what is life without linux right now? Androids? What else? Later, I'll show you some of the great stuff, inventions that they come up with linux. Okay? There will be no Cisco devices. There will be no other network devices without the linux. Mac? Whatever. Okay? Okay. Let's break down first the different distros in linux operating system. Now, workstations. Can you name one? Fedora. Fedora, yes. It's a workstation. Why not server? Actually, they will say, can, all can. Yeah. But actually, honestly, no. Okay? It's mainly used for desktop, for at home. It's very user-friendly, very graphical. It's like you're in the Star Wars. Like, yeah. Okay? So, it's like iPhone versus Blackberry, something like that. iPhone is for cool guy, something Blackberry is for serious guy, like Obama. Okay? So, that's a workstation. Fedora, Ubuntu. Open SUSE. Open SUSE? Open SUSE or Open SUSE, what they call it? Is it for workstation? Because there's a SUSE for server, right? Enterprise. Okay, so at least we differentiate that. Just like Red Hat and Fedora. They split. Fedora came in when Red Hat stopped at the version 10 or version 9 in the Red Hat. History of Fedora. Eight was buggy. I tried the, because I start Red Hat at five and also check the version three. And then seven stopped there because eight was buggy. Then nine. In the end, they just dropped to licensing and they created the Fedora community. Yeah. So that's, yeah. Okay? Other workstation? There's so many rights. Have you heard the Slackware? No dependency management. Slackware? Slackware was the mother of Baktrak Linux. You know Baktrak? It's the Hacker's Choice operating system. It's the Linux. Okay? Everything is there. You just need to follow, okay? Reconnaissance, scanning until the end. Deleting of files. Deleting of trace. Okay? So that is on the penetration testing. Server. Yeah, I've heard that some of the companies are using the Ubuntu. Okay? Red Hat Linux. SUS Linux. SUSI. CentOS, yes. As the free version of Red Hat. Yeah. Oracle, yeah. Unbreakable. Actually Red Hat is free also, right? You just need to subscribe. But it's like, use your own risk also. Okay? If you need something, you cannot just go yum. Yum means... No more yum, Eddie. Yeah. Because it will block you. It will block you some on the configuration. But it's still free. Okay? You can use it. It doesn't mean that you need to pay something. It will not ask you some licensing it. And it will not go through if you don't input the license key. Okay? So... Michael, what do you use at Equinix? We use Red Hat Solaris AI XL Power. Yeah. Solaris is not available. No. Solaris is Unix. Yeah, it's on. We are... We just started last year to put it in the VMware. Because Solaris will eat a lot of... It will need a lot of RAM and CPU because it's intensive, unlike Red Hat. Okay? But since the licensing for the machine itself, the sun spark, it's not cheap, you know? It's not cheap. So you need to... That's why some of the companies that I'm known, especially from the banks, they're using Veritas clustering under the Solaris. So they're paying both the Solaris and Veritas. Okay? The clustering. So now they are really moving to Red Hat clustering and Red Hat. So, yeah, if you're in the capacity planning side or if you're in the management side, you may need to check and balance those budget and the operating system. Okay? Question. Question about... Okay? Okay. Let's go on with the installation. If you're first time in the installation, you may need to... Because right now the computer is already fast and when you buy, it's already how many gigs of storage, RAM, CPU. Okay? But before, during those 2002 time, my time, you need to consider this. You need to do a basic math. Okay? Planning and design. Are you planning to put up a server? You need to put that in... It's not like a cowboy approach that I need to shoot this one, shoot that one. So, no. You need to plan. So, in the SIS admin side, everything should be planned because everything is not free. Okay? The space in the VMware, it's being utilized and if you have some... You need to do the budgeting OPEX. So, I'm sure you understand that, managers. Okay? But if the technical guys don't understand that, you should start understanding it. We need that one. It's not the whole year or the whole time you're on below. Somewhere down the road that you will also elevate. Okay? At least when you go to the higher level, like management level, you know how to do the planning. If it is server, what does it serve? Is it Apache server or web server? Is it a security server, intrusion detection server? Okay? It's not a one size fits all. It's not you install all and that's it. You need to be minimalist. You need to install this one only, that one only because it doesn't... Not all will serve the purpose. So, you need to be... Plan what you shall do, what you shall install and what the server will serve. Okay? Basic inventory of the server is storage. Lucky for you if you're using Sun, CX3, CX4, VNX, EMC storage or whatever storage it is. Okay? But if you have a minimal storage, then you should plan this. How many storage, how many CPU do you have? RAM, NIC. NIC is the network interface card. Maybe... Are you doing a network teaming? What's doing a network teaming here? NIC banding. Okay? NIC banding, ya. Network teaming, yes. Correct. It's just different terminology. NIC banding is for Linux and NIC teaming is for Windows, right? Is that correct? But they call it the... Ya. So, that's the... Okay. So, you need to... You need to plan this ahead. Okay? Because these are very advantage. Basic math, who are you doing this until now? Meaning, you do by partition manually, not automatic, not by clicking next, next, next. Using Kickstart, we make sure like... Oh, using Kickstart. Okay. Kickstart is an automation... I just want to say like, what are the things that we need? Ya, ya. I mean, for those guys that... Hey, what is Kickstart? Is it the kick in Muay Thai something? No. Kickstart, guys, is... It's like a central... There's a gold copy, something like that. It's like the mother. Okay? And if you want to deploy like hundreds of... Red Hat or Linux operating systems, whatever... Linux variant, okay? Manually, you will do 100, one by one. Install these, install that, install... Okay? By... If you have the Kickstart server, okay, it will install all. It will save your time, right? So, that is Kickstart. So, just take it down, whatever I'm saying or whatever the other guys are saying. Just take it down and just research it for you. Okay? So, Root is how many MB? Huh? My root is 100 GB. 100 GB? For only root? His last root is only... Actually, it's just... I got a chopper. I got a lot. I got a chopper. I can afford to give 100. Wow. You can do many Linux for that one. Yeah. That's why I put it MB only, right? Just 100. 100 is enough. Okay? It's only for the Linux loader. Something. Yes. So, for the swap, do you have it equal to the RAM that you have for? It depends. The... The rules of thumb, they said it, if it's two, two gig, just one is to one. If it's over, it's like 1.5 something. Okay? For me, I'm just doing it one is to one, especially if it is Oracle Rock. Rock is real application clustering. Okay? It's our Oracle database with clusters. Okay? So, it depends. There's a rule of thumb that you could do. Okay? First is it depends on your environment and your organization what are they're doing. But you need to consider the swap. Okay? One is to one is okay if it is more than two gig. So, I can follow up question. So, if it is a swap on the SSD, then do you stay at one to one? Swap is by RAM. By the memory. If you have a SSD, I'm pleased because nowadays you have one terabyte, two terabyte SSD now. So, if you have a swap in your website, 16GB RAM or whatever. So, do you swap one to one? Yeah. You can do that. It's still the same answer. Yeah. You can do that. Okay? You can do that. After the installation, actually, if it is a server, you need to do a stress test. Who's doing stress test? Are you doing stress test or just deploy it? Okay, done. Close the ticket. Okay. Finish. Okay? So, stress test is something that you test it first. The load if the server can handle the if it is an Oracle database or something, it will give you the performance, the statistics, if it can handle different jobs. Okay? If not, then you need to consider the re-planning. Okay? So, OPT is usually, these are just OPT, some there just using they're doing automatic installation aside from the route and swap. Okay? If you're planning to download the different tools that will take how many gigs, you may need to consider the OPT because by right, this is the directory where you should put all those tools that you downloaded, RPMs or something. It's like a central repository or something like that. Okay? It's just a formal directory for those tools. But now you're doing it is oh, I downloaded this one then I put it in my home directory. Something like that. But by right in Enterprise, they put it in the OPT. So everybody can see whatever who's-who's downloading what. Question so far. In the installation. I'd like to can you switch back please? Well, I'm sure you know details more deep. But for people who not sure about this, I will say a few words. First, if you want swap and we will talk about modern times, not about 1990s when we started. If you have modern hardware check twice that you really need swap because swap is used when you're out of room. If you're out of room, it's not well, it's situation which shouldn't happens in real work. So on the stop, you need it because you may doing anything. On production, I'd say if you will enable swap, you know what you're doing and how it will affect your system because swapping Linux VM virtual memory system is I'd say it's a bit special. So when it starts into swapping, it's stopping to process in anything mostly. So if you have swap, maybe it's better to disable it and let out of memory killer to kill, to start killing shooting like cowboy. So it's about swap. About OPC directory as I understand it currently, it's for mostly binary packages which not recites in RPM directory for example, in RPM repository. So for example Oracle I'm sure will been started into OPC. So if you have just server which using only software from RPM repository or a Debian repository for example, I think no need to make it separate partition. And about USR and root system D I think that it will be changed in few in this year I'd say because it started already. For example, Arch Linux moved to just root no USR and everything is moved under USR-LIP, USR-BIN So it's no need and it's even worse you can't do separate USR because your system will stop to boot can't stop to boot. So his point is as what I've told you earlier planning and designing is very important in your system. So whenever you need this one like what you've said our friend here if you need swap or no it depends on what you will what you will be doing. What is your server doing something like that but for me as most of the system that I've support it's more on Oracle database and Java. Later we will be talking about what is the best practices in the real environment in operations in production particularly not in UAT not in just testing something in production because if you are working in the in the bank and you did something you messed it up the most case that what will happen to you is you will be escorted by a guard then you will be fired. I have a friend he just rebooted a UAT it's UAT's user acceptance test it doesn't have any financial impact he just he's a window guy windows it pop ups you want to restart? no and suddenly he click the space bar it rebooted then it's trigger some I don't know alert something then it escalated to the management okay he was in the night shift they were calling him for the morning he was still sleeping then suddenly the boss told him that actually his wife that can you tell your husband that come as early as possible then he was fired because of that so later we'll be discussing about the best practices okay network configuration for the first timers okay this is not as this is just a command base but right now in this age all are you can use your mouse don't worry okay if you're used to your mouse you will use it but just for the sake of of how you for you to know what is happening on the background when you're doing this clicking next enter okay okay so this one is base from the red hat from rpm later we'll be discussing about the Debian okay so for now let's discuss first about the rpm red hat base it's very important for you to know the text editor nano, pico vi, vim okay for basic is the vi you should know that one if you are a programmer you cannot do program you cannot do automation without using this tool editor okay but of course what hey Michael you told us that there's already a GUI so there's a notepad yeah correct okay so what I'm telling is this is the terminal user interface okay there's a GUI there's a TUI okay so these are the uh four okay these are the four I want Michael what are you using a windows computer it's a actually it's a company computer okay it's a company that's why it's if you'll see yeah it's a it's a company computer I don't have until now honest to goodness I don't have my own computer okay why do I need to buy a computer when the company will provide for me right so let's boot this up okay the first one that you may need to check is this file the ETC host okay the 127 001 is look back it's reserve for for the computer itself okay you just want to let's say okay let's say your IP address is 172.16.0.1 for example just tab and your let's say local host meaning what is your host name it's a whatever you call them is zero cool hackers s so whatever your girlfriend's name whatever you want to call the your system is and the local host plus or dot the domain hackers.com yes.com that sg whatever so that's how and as I've told you earlier it's important to know the use of the vi or vim and the second one is the resolve dot.com where you should put hey cat cat okay so search if it is you are in the organization you may need to put your your domain there let's say for example yahoo.com let's say mail the yahoo.com just put the yahoo.com okay just for that for this one and the name server which is whatever your your gateway or your server going out from the internet so you could connect to the internet this is the one and network okay it doesn't have okay let's go to the fcfg let's say normal it gives you I think system dv manager by network manager oh yah yeah correct correct so enlo okay this is the file this is the name ah wait clear ifcfg okay this is the name where did I get this one ifcfg it's because it's the name of it's given if I if I want to check my ip address using the fconfig a is all okay so that's the name of the ah device okay so that's why I'm checking so okay so this is the content of that this file where you want to configure it okay for now the boot protocol is on DHCP because it's automatically asking for ip address from the host which is my laptop okay and what else ah by security purposes best practices ip version 6 should be no should be no okay because we're just using ip version 4 right now and if you want to make change of the name let's say earlier I was typing eth0 which is internet it's up to you okay and boot yes when you reboot the system some I'm not sure in ubuntu if it is by default it's no not sure ubuntu guys is sit by by default on boot is no or it's automatically yes also actually I see more distributions the on boot is not even there yeah I think even fedora is also not there fedora the IRCLP is also empty okay so when you configure your network right then you reboot it you will wonder why suddenly it doesn't ping to it's not pingable because of this one the on boot is no so make it change yes because the reason why is after you reboot the system it will automatically up the the service of the network ubuntu ya yes also okay because I'm not an ubuntu user okay so that's why I'm asking also for the first timer because you will you will ask yourself later which operating system which linux distro I should be using if you'll be working on the enterprise level or multinational company you may want to check first the different company what operating system you're using oh okay this one so it's just like you weigh in or you ask your friends say this one is the best because it's mostly used in school in company after you after one year if you're already get used to it you'll get a good job so I would not say I would recommend Red Hat of course to be honest but since we have a free will you can do your senses you can do your survey also okay and then how much does the Red Hat subscription cost? Red Hat subscription I'm not how much because I'm not the one who's paying yeah I'm not sure based upon the subscription actually based upon the subscription they have 50 servers so they having configured like based upon the subscription yeah I mean for example if you have 50 servers if you are configured with Red Hat they are giving like for 50 server they can release the patches or whatever so they will cost for that based upon the subscription we can allocate the and the Red Hat network is already included right? yeah right the Red Hat network is like yummy repository exact whenever you want to update something patch something I mean limitation so based upon if we go for 100 servers they will cost we go for 50 servers based upon that cost I mean servers which we have configured you may want to negotiate later yeah yeah if you want to use Red Hat you may want to put that in your budget but if not centos will do it's okay they are the same the kernel is the same it's pattern from the Red Hat Linux yeah okay let's go in okay for the Debian base it's also the same they had the ET etsyhost resolve.conf the difference is just the interface okay that earlier it was an EL something it's very long this one is just network interface can you see it there? yeah so this is the one okay then restart the network by this okay do you need the slides for this or okay because this one you can just google it or some but I could provide to I think the next one would be more more intensive because this one is purely for beginners and some wannabe and the middle part okay so if you want to go into more because that's why I don't want to to mix up with the with the expert level it's because the terminology will be different and the approach will be different also it's more on hands on and you may need to bring your own laptop also with the installed OS so this is for for Ubuntu base I've mentioned earlier was the mother of the backtrack linux now Ubuntu is the mother of Kali linux have you heard the Kali? it's a second yeah it's a newer version of the backtrack okay and Ubuntu originally was from Debian okay Susie is used by the German guys right German right it's not based on it's and they own the novel correct yes that's novel is oh yeah correct so that's my history was because if you want to have a work life balance guys don't memorize everything okay you will freak out once you step out from your company leave it there all the problems leave it there because if you have if you have a family if you're a family man like me for sure you will you will just quarrel with your partner okay or you will not have a smooth life you're watching chipmunks and yet you're you don't even love okay I'll be in the chipmunks if you watch that security IP tables IP tables is not actually us very hard not actually it's very easy okay you just need to it's like computer language you just need to understand the syntax the syntax is this the IP tables is the command and you have an option okay you have an option that what will do main command okay this is the main command capital A R I L N XP whatever okay in the security workshop that I will be doing on the different group which is I will share to you next on the next slide we will be doing an intensive locking down of servers of linux we will be doing this hands on IP tables and IP tables is being used on ubuntu right also in different so it's universal it's like native security in every linux operating system okay okay as linux is fedora and radhat ubuntu there is right but I think oh yeah it's different so different one so you might want to check if you are using different linux operating system other than radhat or fedora you might want to check this the counterpart of se linux before I was using the bastil who who knows the bastil bastil have you heard it it's like a tool that it will ask you what ports to close it's like when you download it just run it bastil enter then it will ask you it will ask you okay you want to close the port HTTP 443 22 whatever just check check check check then finish that's all okay if you want to to close the port for ICMP for dose attack so just close it but now I think they already stop stop doing it so because of the security enhanced linux tool okay now what does it do if it is disabled it's off basically and if you choose the zero let's say set enforce then zero enter it will be permissive permissive from the word permit it will ask you if hey you want to do this you want to do that this is the the choice that you input if it is zero if it is on then it's enforcing okay so I'm not mostly I'm I'm not using it because the oracle doesn't want this the oracle database doesn't want this they don't want any IP tables up and running they don't want SELinux up and running it will not work for them there's a different approach for that that is advanced level in null I will tell that yes so that is different level at least for now I have mentioned this to you and you might want to check this this SELinux hey Mike we are using we want to build a secured Apache server web server what shall we what shall we do you need to configure the Apache and don't forget the mod sec it's module security for the Apache it's a patch to make it secure that's different one okay there's how many ways on how to kill the chicken they said okay there's so many ways there are more than 10 the linux has so many ways on how to lock down the system I have my ways that I haven't seen in any sis admin okay they have because it's open source right the power is given back to you so why do you copy those guys that are because you will have a different you will have a same mindset if the guys is a hacker and you you do what he's doing then he knows what you're already doing in your system he has an idea okay his SELinux might be open something so this is the approach for that this is the attack something like that just an example okay basic security there is one group that I will be having some workshop on the 27 this is in meet up group just for sharing guys it's a null they call it the group null Singapore okay this is mainly for hardening the system I seldom use the words hardening they put it wrongly hardening I seldom use the word hardening I used to use the word lockdown lockdown meaning it's like it's like a prison lock it down nobody can go out go in instead of yeah that's what I call it okay so again SSH login Ubuntu is doing that right Centos Centos 7 is also doing that that you cannot login by route directly I'm not sure okay so by Ubuntu yes right so it's secure it's okay okay if you will compare Red Hat Linux or other Linux to Solaris Solaris is the best operating system on the planet but expensive it's like this one Solaris is you build a house when you build a house everybody everything is closed nobody can enter even yourself yes that's how secure Solaris is then you will start to open it one by one Unix Linux and other operating system everything is open you will close it one by one do you see the difference and Solaris has a self healing they call it self healing you want to check that hey what is self healing it's like there's something problem it will heal itself something like that okay but of course it's expensive and the training is not cheap the training here it's being done by the ECS vendor if you are from Linux going to Solaris admin $6,000 $6,500 because I want to take it before but my boss told me that to need because two years from now we will be decommissioning all those Solaris it's very expensive they spark the machine is very expensive and we will pay for your training also it's also expensive you'll get banned two years banned also so that's why it's very expensive but it's I'm telling you guys it's the best operating system on the planet I'm not joking from take it from the CIS admin side but for me right that is the best anyway so this one complex password it's very common for common users alpanyumeric more than 8 password expiration you want to check that in how to expire password every 30 days especially if you're under audit sucks audit PCI DSS CIS ISO audit so they will need to check this one the configuration I've worked before in the audit so they will dig everything that they have on the checklist and the system administrator will get this up because he will ask hey this one okay print this one this one okay hey you did not satisfy this one so audit is the is the not my best friend of CIS admin okay yes there is a a configuration file that you need to you need to put 30 days okay this will warn the user will warn you after before like 10 days before the the password will expire there is check the configuration yes no yeah not the password okay and they will check if how many characters how many characters you set in the linux system that hey you only set eight characters they can enable them just before the audition and then disable them at least it depends sometimes the sometimes they are attacks surprise attack sometimes they they will sit on you there's an audit okay give me this one okay you will just check okay check okay so that's why sometimes audit are not good guys but they are doing their job and also it's for the good of the company for the for the image okay so we must understand what they're doing they're just doing their job and of course so malware and root kit detection tools you should install okay and the malware malware detection it doesn't only detect the malicious software okay malware they call it malicious software it's because it only check those patches if you know the out of deep like FTP patch or SSL something okay okay okay guys beware of these commands okay it's a denial of service attack when you put when you use this one actually it's out it's a command that you can put on the script this will run and okay what's the command is this the one for the beginners don't do this this was nice right he was he was so upset it will delete it will remove recursively and forcibly without yes or no question once you enter it it's gone if you are not risk if you are not risk it's your rule it's your rule okay the DD is it's being used by some of the by the hackers to wipe out their to leave the trace okay if they hack something they're doing this because it will duplicate the disk to disk it will duplicate the the drive okay or it will it can this command can wipe out the trace but that's not really happening okay there are good info forensic tools that can be used being used by the FBI and any agencies have you heard N case it's one of expensive right I'm looking for crack for that one but no yeah I'm using I want to have a crack at least it's a very good forensic tool okay even though you already formatted your disk it will show that's how good it is yeah if you want to burn it or put it in the magnet right your disk magnet and then burn it at the same time perhaps you will not get caught okay but if you just format it no N case will and other tools of course okay tar bomb is like a tar tar is for for archived archiving right tar bomb is when you un tar or un archived okay it will gives you a lot of of files for it will explode your system I mean not not explode by but it will crush your system okay MKFS make file system and FSCK for formatting okay it will format your directory or your your drive okay best practices LVM not to be or to be or not to be to be it depends for what okay physical server versus BM to be don't need LVM I'd say but it depends again right it's a good in general and common usage you don't need don't want LVM you in VM so that's the question for the for the Linux sys admin you might want to the reason why I'm asking if it's VM or non-VM if it is a physical it's okay because the spindle of the the hard disk is already fast because it's like this this is a hard disk right and inside the hard disk you have this logical volume inside that's the LVM you have the another hard disk something like that so if you are if you are at retrieving files it will go first to the first layer then cycle layer before it gives to you but if without one which one do you think is more faster without LVM or with LVM yes but if you are using the VM it's already like house inside the house with the house it's more that's why they said it depends okay it depends it will what do you call it the bottleneck will be on the the bottleneck will be on on the the hard disk okay that would be the IOPS they call it IOPS input output operations do you think you mean random assess speed random assess speed not actually if you will be if you will monitor the system it will go the IOPS will go high and it will make the system more slower okay so that's why you need to reconsider the planning if you need to by LVM you need to configure LVM or not LVM especially if it is the positive the positive side of the LVM is scalability okay you have one gig of of hard disk drive let's say slash U01 for Oracle or slash Oracle and then the Oracle database hey we're running out of of space you might want to can you add another 500 gig LVM is expandable okay 100 okay this is the the space I'll extend it boom that's it so that's the good thing about LVM if not then you cannot expand it you just need to add and put a link or whatever your strategy is so that's that's the pros and cons of LVM okay dual boot installation who's planning to have a dual boot you're planning okay what's the best practice for dual boot linux guys install windows latest first disable secure boot secure boot install windows latest operation system windows first windows last why because of bootloader is it not the bootloader will overwrite by the windows yes so yes okay that's that's the don'ts correct that's my point actually if you want to do a dual boot install the windows first because windows wants to be first on the bootload the memory okay so then if you install the the linux at least you will have an option you want to boot in linux or in windows but if you install first the linux and then you will install second the windows it will eat the the bootloader the memory then suddenly you will ask hey did I did install the linux then how come it's crash no it did not crash it's just that you have no option to boot on the linux because the option is only for windows must also disable secure boot because you cannot even start Linux yeah because now secure boot only Fedora Ubuntu today got the secure boot the rest don't have so if you install a secure boot you can't install Ubuntu today has the secure boot but it's like you only create the rest the rest I think devian also don't have they don't have the keys so so you have to disable secure boot if not take note on that okay that's for the dual boot if you want to lock down your server or hardden there's a template from the CIS you can download it which one do you want to do's and don'ts okay they will explain to you why you need to to uninstall this patch or uninstall this one or disable the services okay so not only from the CIS PCI DSS have there also from the sans okay you can you can check online okay as what I've tell you earlier disable the unwanted services or ports that you may not needing because if it is a server it will just prone you to malicious attackers okay when do you need a performance tuning when do you need a performance tuning yeah you need this one if you're running on if you're supporting the Oracle database okay there's what they call figuring SGA from their side and you may need to to calculate that one okay some of the Linux admin usually they they don't worry about this but actually the database and the CIS admin should work together for the tuning okay also for the Java servers Java application developers there's a hips right Java hips you may need also to to consider this one on the kernel parameters particularly okay monitoring okay anyway performance monitoring there's there's a lot of tools inside the the Linux to perform a monitoring SAR DSTAT top top but that one is one by one right you need to run this one tool to make that in one one window glances okay glances you can just install glances up get glances glances G-L-A-N-C-E-S that is a tool for monitoring it will give you one shot one window okay nmon not even will give you that one the nmon network monitoring nick banding okay if you want to make it faster it depends also if your networks does support high bandwidth then okay it depends let's say for example each nick or network interface card can use one gigabyte one gigabit of speed plus one gigabit it will run two gigabits right but you may to ask your network guys if they are supporting it if not it's nonsense okay it will just run one gig one gigabit per seconds you need to coordinate with with the network guys if they are supporting your network is supporting high bandwidth okay so this one is for faster network communications that's the reason of the nick banding some fail overs if this one if the other one fails it will fail over to the second one so high availability is the matter high availability so this this is one of the best so many best practices but I'm just telling you some of the common one okay that some some sis admin they they just ignore this one okay IoT devices honestly when I see this one in in the meet up group this is the first time I heard this IoT honestly because I'm not sure if I'm I'm no longer reading some news or whatever but so what can you say guys IoT internet on things they said it of things of things is it not the the iPhone that we're using it can connect to everywhere okay it's not the thing is it more with sensors and all those yeah you're sometimes work free raspberry raspberry okay so yeah so if you sensor data going online and being collecting data internet internet enable microcontrollers yeah internet is it not prone to hacking it's prone to hacking I mean everything is hackable right even Obama is hackable but but the thing is at least you you put a you make the hackers harder their works unlike this hey guys come on open okay so what I mean the IoT is just usually you kind of access the all the logic but what I've heard is there is a criteria for that should be scalable modular connected and reliable do you agree with the criteria that this is based just based from my research and based from my research is if you're using Linux it should be real time operating system correct it should be the data is available anytime like when you want it so that's what I've based from my research because this is the first time that I heard this IoT devices okay do you think what is this correct it cost 7000 US dollars 17000 and I think it will never get wrong right when you hit your target if you are not on target the trigger the trigger on fire you will just miss it oh see when did this your first they got smart by first when did you come out in market I just saw this one like 2015 14 so imagine your enemy as this one okay the raspberry you cannot that one most likely have a that one I think is only possible I think in the world there's no warning shot once the enemy will face each other okay that's it yeah raspberry pie okay smart watch links these are just the sum some of the linux power okay where the users of linux in the government FAA Department of Defense a naval educational system there's a lot in India there's a lot here in Singapore I'm not sure NUS using linux Solaris okay business Navel Google IBM Amazon New York Stock Exchange NYSC I've worked for their business process outsourcing before they're using Red Hot and they're monitoring to list ITRS it's quite you have at least a basic knowledge on on programming on that ITRS because you need to to capture CPU something or whatever so base this is the reference guide comparebusinessproducts.com okay let's wait for them they're taking pictures okay now I just researched this one just yesterday it's very fresh I just typed linux job then it gives me 361 jobs open in Singapore okay that's how hot it is and based from the research that I've got what are the 2016 top 10 job it means random it's not only IT job it gives me it gives me number 6 the network and computer systems administrators that is worldwide okay not only in Singapore that's research for this is worldwide meaning any country it's number 6 okay 36.44 yeah median wage okay okay so it's an open discussion whatever you want to share whatever you want to ask and answer it's an open discussion so for the managers whatever you want to ask for the newbies for the experts whatever you want to share okay yeah just raise your hands questions for beginners where do we start just head towards starting point you start you start by Mr. G and finding out where your hardware even works for things that's for who sees come on ATH 10K connect to 5K and start work come on just ask about whatever you want so you start playing around with it you don't need to install it anyway I've seen you the biggest point is do you want to use to professionally or do you want to play because that's actually the first question that you have to ask you just want to play and you download to Ubuntu or Mint actually you just boot it and you play around with it you don't even have to install it if you want to do it professionally especially in Asia Red Hat is king so you probably want to download CentOS what is exactly like Red Hat but without the Red Hat trademark you use that you install it he is right because if you install a server operating system you have to look at the hardware if it's all the others like while I'm my favorite in OpenSusan all the others basically they run on almost everything but they're not server hardware server hardware and not only tailor so if you want to do it professionally go send it to destination if you want to if you want to move to Europe by the way I'll start playing around with Susie because actually in Europe Susie is big there is a reason for that Red Hat is American Susie is German and yes we used to have a French version as well it was called Mandreba Mandreba now it's Russian it's Russian Yes Yes Mandreba that's my year Well that's actually at this point of time I also registered So it is a little bit often well, red flag also don't use that It seems that North Korea also has China has Kylie Yes China has Kylie Kylie basically is Well, now soon they also will have their own Windows version especially tailored for the Chinese market Yes Now, back to the range if you want to play for reasonable cheap price get yourself a Raspberry Pi and just start playing around it there is actually a Dora version for it so that because the problem is that if you take the Debian versions for it you will get used to hatgap but it's okay but it's not the same way as red hat works So if you want to play around in a relatively professional way and watch your movies at the same time you just get yourself a Raspberry Pi and start playing around it That's how I learned but Well, I started doing Linux in 1993 So that was when I had to DD in my own bootloader So now I'm problem with Ufi and other stuff Nowadays it's much easier than that actually It's quite jealous sometimes Jokes aside when if you are going to install your laptop the first thing you make sure is you find out your Wi-Fi card who makes it but it was .com or Intel if it's .com forget about installing Linux Actually, there's no requirement for people beside you to have a protocol that works fine Some are supported by V4.3 Some are supported by DCI-S but the rest are all not supported at all If you are using Intel 100% it will work If you are using a Devoge ATH 10K 50-50 ATH 9K Intel definitely work-home Anything else don't bother The problem is that is about standards Actually we all know that wireless has different standards wireless N is the latest A lot of vendors and Broadcom was the worst actually did not use the standards They actually put a lot of stuff on the market before the standards were actually finalizing Because of that everything that works with the proper standards doesn't work on Broadcom So if you want to use Broadcom you have to do it the hard way which means basically get some shit from Broadcom's website and then you have to compile it yourself and you have to figure out which libraries they used were probably from 1998 Then you have to backport it You can I think the latest WL driver works on 4.1 I think it works on 4.1 I'm not sure if it's 4.2 Because I was building it By the way also talking about Linux kernels because he is already talking about 4.2 If you do server stuff Forget about it So be aware that Linux always is old shit servers new shit clients So how it is If you really want to be on the edge and there are several distributions for that Arch, Gen2 If you really like challenges those are the ones that go I have no experience for that If you really want to understand how Linux works and how to repair it use Gen2 and better on unstable This has two branches One is testing like testing in Debian for example By the way I totally agree with that If you want to use it in professional work then do unstable Debian Because funny enough Debian especially in Singapore a lot of people look down on Debian was quite stupid because 70% of all the data centers in the world were in Debian So big companies normally use Debian because they don't care shit about support They hire guys who actually do contribute to the kernel So those companies like Amazon or Google So if you want to work there Debian is a fine choice to learn your trade And I really hate it Yes you do They still do They also work together with Ubuntu I really hate it because I sometimes find those packages horrible But So it's not a bad thing to learn Debian Even if people in Singapore only say Red Hat, Red Hat, Red Hat, Red Hat, Red Hat Red Hat No, no, no, no That's when it has to be free When it's at a university then they install an old Ubuntu and then they don't do anything about it anymore and then it gets hacked one day That's what happens in Singapore Okay If you want to torture yourself use that way No, I started with Slackware There's no dependency management Yeah, who cares Just take a package Now you're three hours busy figuring out which library was overrated Does anyone here use Vagrant? Vagrant It's all my to-do list It's a pretty easy way to get started staying around with offering systems You can just Hashikov has a website where it lists all different distros You can just download it and then write it You don't have to go through the whole installation process and just spin up fresh coffee of that That's the lazy way Just go hardcore Staying around with it Of course People want to just install it on On your colleague's laptop Actually Linus runs Fedora on a Mac Because he loves the Mac as hardware He doesn't love his BSD Have you heard of Michael Leverville? The publisher of Phelonix Phelonix is one of the most well-known Linux news sites and he also uses Ubuntu on the Mac because apparently on the Mac he gets more battery life than on an Asus and Book Oh, I see It's very good hardware Okay, what about Mac? Mac has the only Vokon Wi-Fi card supported by Linux Yes I didn't know that Yes, it has the only Wi-Fi card supported by Linux Oh, cool If you get an out of a normal Mac book or a Mac book and you install the latest Phelonix it will work The DCR as Mac driver has support for that particular chipset Okay Okay How about webcam? But cam? My webcam is always My webcam is connecting task on the laptop Hey, it works fine on my laptop I probably have the heaviest laptop that I've ever bought The other question Literally the heaviest laptop that I've ever bought Do you have the pension 5? Do you have the pension 5? Do you have the pension 5? Here It's a modern one It's a It's a workstation replaceable place Refresh structure What is the best practice to choose 100 band ACQs and running on Linux? Because I've already used it in the HP server in the Dell server in IBM serving It works fine Just get a pension But that's on the radar On the radar The server Yes Question Another question Other question It goes on its way It's in a cab You can come here in 15 minutes And once again if you do not you are late I'm not the organizer of this meet up I'm not