📁 Move emoji to end for easier navigation

This commit is contained in:
mrsh
2026-05-22 02:17:18 +02:00
parent 9bee8dac3e
commit 5ad2ff01ca
7 changed files with 0 additions and 0 deletions

View File

@@ -0,0 +1,33 @@
# 🗺️ Alpine Linux Admin Lab
> Your personal Linux lab on Proxmox with 3 Alpine VMs
## 🖥️ Lab Setup
| VM | IP | Network | Access |
|----|-----|---------|--------|
| **alpine-hop** 🧑‍💻 | `192.168.11.171` / `10.0.1.3` | vmbr0 + vmbr1 | You + Me |
| **alpine-1** 🖥️ | `10.0.1.1` | vmbr1 (isolated) | Via hop only |
| **alpine-2** 🖥️ | `10.0.1.2` | vmbr1 (isolated) | Via hop only |
## 🔑 Quick SSH
```bash
ssh root@192.168.11.171 # → alpine-hop (password: Midori)
# from hop:
ssh root@10.0.1.1 # → alpine-1
ssh root@10.0.1.2 # → alpine-2
```
## 📚 Phases
1. [[Phase 1 - Walking]] — Basic commands, file system, navigation
2. [[Phase 2 - Networking]] — Ping, SSH, file transfer
3. [[Phase 3 - Users and Files]] — Users, groups, permissions
4. [[Phase 4 - Security]] — Firewall, logging, hardening
5. [[Phase 5 - Server Stuff]] — Web server, NFS, file sharing
6. [[Phase 6 - Automation]] — Shell scripts, cron, awk/sed
## 💡 Tips
- Break stuff on purpose! Use `phase1-ready` snapshot to restore
- Ask Midori to verify your work at any time
- Take your own snapshots before big experiments

View File

@@ -0,0 +1,117 @@
# 🪴 Phase 1: Walking
> Goal: Get comfortable with the Linux command line
---
## 🎯 Exercise 1 — Your First Commands
SSH into **alpine-1** (through hop):
```bash
# Who am I?
whoami # → root
hostname # → localhost (or your hostname)
uname -a # Show full system info
uptime # How long since boot
# Where am I?
pwd # Print working directory
ls -la / # List root directory contents
# Make a file
echo "Hello from Phase 1!" > /root/hello.txt
ls -l /root/hello.txt # Check file details
cat /root/hello.txt # Read the file
```
**Repeat on alpine-2 too!**
**Verified by Midori**
---
## 🎯 Exercise 2 — Navigation & File Basics
```bash
# Explore directories
ls /
ls /etc
ls /var
ls /home
# Create a directory structure
mkdir -p /root/lab/{notes,scripts,logs}
ls -R /root/lab
# Copy and move files
cp /root/hello.txt /root/lab/notes/
mv /root/hello.txt /root/lab/backup.txt
# Read system files
cat /etc/hostname
cat /etc/os-release
cat /etc/passwd
# Answer these:
echo $SHELL # What shell am I using?
wc -l /etc/passwd # How many users?
uname -r # Kernel version
```
### 📝 Questions to answer:
1. What is your shell?
2. How many users are listed in `/etc/passwd`?
3. What kernel version are you running?
---
## 🎯 Exercise 3 — File Permissions
```bash
# Check permissions
ls -la /root/lab/notes/
ls -la /root/lab/
# Change permissions
chmod 644 /root/lab/notes/hello.txt
chmod 755 /root/lab/scripts
# Create a script
echo '#!/bin/sh' > /root/lab/scripts/sayhello.sh
echo 'echo "Hello from a script!"' >> /root/lab/scripts/sayhello.sh
chmod +x /root/lab/scripts/sayhello.sh
./root/lab/scripts/sayhello.sh
# Test permissions
chmod -x /root/lab/scripts/sayhello.sh
./root/lab/scripts/sayhello.sh # What happens?
```
### 📝 Questions:
1. What do the numbers `644`, `755`, and `+x` mean?
2. What happens when you remove execute permission from a script?
---
## 🎯 Exercise 4 — Text Editors
```bash
# Try nano (easier)
nano /root/lab/notes/my-notes.txt
# Type some text, Ctrl+O to save, Ctrl+X to exit
# Try vi (classic)
vi /root/lab/notes/vi-practice.txt
# Press 'i' to insert, type something
# Press Esc, then ':wq' to save and quit
```
---
## ✅ Phase 1 Complete Checklist
- [ ] Exercise 1: `whoami`, `uname -a`, file creation
- [ ] Exercise 2: Directory structure, `cp`, `mv`, `cat`
- [ ] Exercise 3: `chmod`, permissions understanding
- [ ] Exercise 4: Text editors (nano + vi)
**Next:** [[Phase 2 - Networking]] 🌐

View File

@@ -0,0 +1,85 @@
# 🌐 Phase 2: Networking
> Goal: Machines communicate — ping, SSH, file transfers
---
## 🎯 Exercise 1 — Ping & IPs
```bash
# Check your network
ip addr show eth0
ip route
# Ping the other lab VM
ping -c 4 10.0.1.2 # From alpine-1 → alpine-2
ping -c 4 10.0.1.1 # From alpine-2 → alpine-1
# Check ARP table
ip neigh
# Advanced network tools
ip addr # All interfaces
ip route # Routing table
traceroute 10.0.1.2 # Path between VMs
```
### 📝 Questions:
1. What's the MAC address of the other VM?
2. Can you ping alpine-hop (10.0.1.3) from alpine-1?
---
## 🎯 Exercise 2 — SSH Keys
```bash
# Generate an SSH key
ssh-keygen -t ed25519
# Copy to the other VM
ssh-copy-id root@10.0.1.2
# Test passwordless login
ssh root@10.0.1.2 'hostname; uptime'
```
---
## 🎯 Exercise 3 — File Transfer
```bash
# SCP (secure copy)
echo "Secret message" > /root/secret.txt
scp /root/secret.txt root@10.0.1.2:/root/
# RSYNC (sync directories)
rsync -av /root/lab/ root@10.0.1.2:/root/lab-backup/
```
---
## 🎯 Exercise 4 — Network Services
```bash
# Check listening ports
ss -tlnp
# Start a simple HTTP server on alpine-1
python3 -m http.server 8080 &
# Access it from alpine-2
curl http://10.0.1.1:8080/
# Kill the server
kill %1
```
---
## ✅ Phase 2 Checklist
- [ ] Ping between VMs
- [ ] SSH key-based auth
- [ ] File transfer with `scp` / `rsync`
- [ ] Network services
**Previous:** [[Phase 1 - Walking]] | **Next:** [[Phase 3 - Users and Files]]

View File

@@ -0,0 +1,82 @@
# 🧰 Phase 3: Users and Files
> Goal: Who can do what — users, groups, permissions, processes
---
## 🎯 Exercise 1 — User Management
```bash
# Create users
useradd -m bob
passwd bob # Set a password
# Check user info
id bob
cat /etc/passwd | grep bob
# Groups
groupadd developers
usermod -aG developers bob
groups bob
# Switch user
su - bob
whoami
exit
```
---
## 🎯 Exercise 2 — File Ownership
```bash
# Create file as root, give to bob
touch /root/lab/team-project.txt
chown bob:developers /root/lab/team-project.txt
ls -la /root/lab/team-project.txt
# Set permissions
chmod 640 /root/lab/team-project.txt
```
---
## 🎯 Exercise 3 — Sudo / Doas
```bash
# Give bob sudo access
echo "bob ALL=(ALL) ALL" >> /etc/sudoers
# OR on Alpine (doas):
echo "permit persist bob" >> /etc/doas.d/doas.conf
```
---
## 🎯 Exercise 4 — Processes
```bash
# View processes
ps aux
ps -ef
top # Press 'q' to quit
# Background jobs
sleep 100 &
jobs
kill %1
# Service management (Alpine)
rc-service sshd status
rc-update show
```
---
## ✅ Phase 3 Checklist
- [ ] Create users and groups
- [ ] File ownership and permissions
- [ ] Sudo/doas configuration
- [ ] Process management
**Previous:** [[Phase 2 - Networking]] | **Next:** [[Phase 4 - Security]]

View File

@@ -0,0 +1,84 @@
# 🔥 Phase 4: Security
> Goal: Lock it down — firewall, logging, hardening
---
## 🎯 Exercise 1 — iptables Basics
```bash
# Check current rules
iptables -L -n -v
# Default policy (block all inbound)
iptables -P INPUT DROP
iptables -P FORWARD DROP
iptables -P OUTPUT ACCEPT
# Allow established connections
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
# Allow SSH only from lab network
iptables -A INPUT -s 10.0.1.0/24 -p tcp --dport 22 -j ACCEPT
iptables -A INPUT -p tcp --dport 22 -j DROP
# Allow loopback
iptables -A INPUT -i lo -j ACCEPT
# Save rules
iptables-save > /etc/iptables/rules-save
```
---
## 🎯 Exercise 2 — Test the Firewall
```bash
# From alpine-1: block pings from alpine-2
iptables -A INPUT -s 10.0.1.2 -j DROP
# From alpine-2: try to ping alpine-1
ping 10.0.1.1
# Delete the rule
iptables -D INPUT -s 10.0.1.2 -j DROP
```
---
## 🎯 Exercise 3 — Logging
```bash
# Check system logs
cat /var/log/messages
dmesg | tail
# Log a test message
logger "Testing logging from my lab VM"
```
---
## 🎯 Exercise 4 — SSH Hardening
```bash
# Edit SSH config
nano /etc/ssh/sshd_config
# Change:
# Port 2222
# PermitRootLogin prohibit-password
# PasswordAuthentication no
# AllowUsers bob
rc-service sshd restart
```
---
## ✅ Phase 4 Checklist
- [ ] iptables firewall rules
- [ ] Test blocking/unblocking traffic
- [ ] System logging
- [ ] SSH hardening
**Previous:** [[Phase 3 - Users and Files]] | **Next:** [[Phase 5 - Server Stuff]]

View File

@@ -0,0 +1,60 @@
# 🏗️ Phase 5: Server Stuff
> Goal: Actually serve something — web server, NFS, file sharing
---
## 🎯 Exercise 1 — Web Server
```bash
# Install nginx on alpine-1
apk add nginx
# Start it
rc-service nginx start
rc-update add nginx default
# Create a custom page
echo "<h1>Welcome to alpine-1!</h1>" > /var/www/localhost/htdocs/index.html
# Test from alpine-2
curl http://10.0.1.1/
# Check access logs
cat /var/log/nginx/access.log
```
---
## 🎯 Exercise 2 — NFS File Sharing
```bash
# On alpine-1 (server):
apk add nfs-utils
mkdir /srv/shared
echo "/srv/shared 10.0.1.0/24(rw,sync,no_subtree_check)" > /etc/exports
rc-service nfs start
# On alpine-2 (client):
apk add nfs-utils
mkdir /mnt/shared
mount -t nfs 10.0.1.1:/srv/shared /mnt/shared
```
---
## 🎯 Exercise 3 — Auto-mount with fstab
```bash
# Add to /etc/fstab on alpine-2:
echo "10.0.1.1:/srv/shared /mnt/shared nfs defaults 0 0" >> /etc/fstab
```
---
## ✅ Phase 5 Checklist
- [ ] Web server (nginx)
- [ ] NFS server + client
- [ ] Persistent mounts with fstab
**Previous:** [[Phase 4 - Security]] | **Next:** [[Phase 6 - Automation]]

View File

@@ -0,0 +1,113 @@
# 🧪 Phase 6: Automation
> Goal: Real admin skills — scripting, cron, text processing
---
## 🎯 Exercise 1 — Shell Scripting
```bash
# Create a backup script
cat > /root/lab/scripts/backup.sh << 'EOF'
#!/bin/sh
BACKUP_DIR="/root/backups/$(date +%Y%m%d)"
mkdir -p "$BACKUP_DIR"
tar -czf "$BACKUP_DIR/lab-backup.tar.gz" /root/lab/
echo "Backup saved to $BACKUP_DIR"
EOF
chmod +x /root/lab/scripts/backup.sh
./root/lab/scripts/backup.sh
```
---
## 🎯 Exercise 2 — Variables & Loops
```bash
#!/bin/sh
# Variables
NAME="World"
echo "Hello, $NAME!"
# For loop
for i in 1 2 3 4 5; do
echo "Count: $i"
done
# While loop
COUNT=0
while [ $COUNT -lt 3 ]; do
echo "Loop $COUNT"
COUNT=$((COUNT + 1))
done
# Conditionals
if [ -f /root/hello.txt ]; then
echo "File exists!"
else
echo "File not found"
fi
```
---
## 🎯 Exercise 3 — Cron Jobs
```bash
# Edit crontab
crontab -e
# Add a job that runs every hour:
0 * * * * /root/lab/scripts/backup.sh
# List cron jobs
crontab -l
# Check cron logs
cat /var/log/cron
```
---
## 🎯 Exercise 4 — Text Processing with grep/awk/sed
```bash
# grep — search
grep "root" /etc/passwd
grep -r "alpine" /etc/
# awk — column extraction
awk -F: '{print $1, $6}' /etc/passwd
df -h | awk '{print $5, $6}'
# sed — search & replace
sed 's/root/admin/' /etc/passwd > /tmp/test.txt
head -5 /tmp/test.txt
```
---
## 🎯 Final Project
Create a single script that **automates the entire setup** of both lab VMs:
```bash
1. Installs and configures SSH
2. Sets up static IPs
3. Configures firewall rules
4. Installs and starts a web server
5. Sets up NFS share
6. Creates users
7. Schedules backups with cron
```
---
## ✅ Phase 6 Checklist
- [ ] Shell scripts with variables, loops, conditionals
- [ ] Cron jobs for automation
- [ ] Text processing with grep/awk/sed
- [ ] Final project: full automation script
**Previous:** [[Phase 5 - Server Stuff]]