From 9bee8dac3e758203b5dfd4e0053a9ea01419790f Mon Sep 17 00:00:00 2001 From: mrsh Date: Fri, 22 May 2026 01:59:08 +0200 Subject: [PATCH] =?UTF-8?q?=F0=9F=8C=B8=20Initial=20commit=20=E2=80=94=20M?= =?UTF-8?q?idori's=20Linux=20Dojo?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- 🌸 Midori's Linux Dojo/Lab Overview.md | 33 +++++ .../Phase 1 - Walking/Exercises.md | 117 ++++++++++++++++++ .../Phase 2 - Networking/Exercises.md | 85 +++++++++++++ .../Phase 3 - Users and Files/Exercises.md | 82 ++++++++++++ .../Phase 4 - Security/Exercises.md | 84 +++++++++++++ .../Phase 5 - Server Stuff/Exercises.md | 60 +++++++++ .../Phase 6 - Automation/Exercises.md | 113 +++++++++++++++++ 7 files changed, 574 insertions(+) create mode 100644 🌸 Midori's Linux Dojo/Lab Overview.md create mode 100644 🌸 Midori's Linux Dojo/Phase 1 - Walking/Exercises.md create mode 100644 🌸 Midori's Linux Dojo/Phase 2 - Networking/Exercises.md create mode 100644 🌸 Midori's Linux Dojo/Phase 3 - Users and Files/Exercises.md create mode 100644 🌸 Midori's Linux Dojo/Phase 4 - Security/Exercises.md create mode 100644 🌸 Midori's Linux Dojo/Phase 5 - Server Stuff/Exercises.md create mode 100644 🌸 Midori's Linux Dojo/Phase 6 - Automation/Exercises.md diff --git a/🌸 Midori's Linux Dojo/Lab Overview.md b/🌸 Midori's Linux Dojo/Lab Overview.md new file mode 100644 index 0000000..3af3915 --- /dev/null +++ b/🌸 Midori's Linux Dojo/Lab Overview.md @@ -0,0 +1,33 @@ +# πŸ—ΊοΈ Alpine Linux Admin Lab + +> Your personal Linux lab on Proxmox with 3 Alpine VMs + +## πŸ–₯️ Lab Setup + +| VM | IP | Network | Access | +|----|-----|---------|--------| +| **alpine-hop** πŸ§‘β€πŸ’» | `192.168.11.171` / `10.0.1.3` | vmbr0 + vmbr1 | You + Me | +| **alpine-1** πŸ–₯️ | `10.0.1.1` | vmbr1 (isolated) | Via hop only | +| **alpine-2** πŸ–₯️ | `10.0.1.2` | vmbr1 (isolated) | Via hop only | + +## πŸ”‘ Quick SSH +```bash +ssh root@192.168.11.171 # β†’ alpine-hop (password: Midori) +# from hop: +ssh root@10.0.1.1 # β†’ alpine-1 +ssh root@10.0.1.2 # β†’ alpine-2 +``` + +## πŸ“š Phases + +1. [[Phase 1 - Walking]] β€” Basic commands, file system, navigation +2. [[Phase 2 - Networking]] β€” Ping, SSH, file transfer +3. [[Phase 3 - Users and Files]] β€” Users, groups, permissions +4. [[Phase 4 - Security]] β€” Firewall, logging, hardening +5. [[Phase 5 - Server Stuff]] β€” Web server, NFS, file sharing +6. [[Phase 6 - Automation]] β€” Shell scripts, cron, awk/sed + +## πŸ’‘ Tips +- Break stuff on purpose! Use `phase1-ready` snapshot to restore +- Ask Midori to verify your work at any time +- Take your own snapshots before big experiments diff --git a/🌸 Midori's Linux Dojo/Phase 1 - Walking/Exercises.md b/🌸 Midori's Linux Dojo/Phase 1 - Walking/Exercises.md new file mode 100644 index 0000000..aac1f53 --- /dev/null +++ b/🌸 Midori's Linux Dojo/Phase 1 - Walking/Exercises.md @@ -0,0 +1,117 @@ +# πŸͺ΄ Phase 1: Walking + +> Goal: Get comfortable with the Linux command line + +--- + +## 🎯 Exercise 1 β€” Your First Commands + +SSH into **alpine-1** (through hop): +```bash +# Who am I? +whoami # β†’ root +hostname # β†’ localhost (or your hostname) +uname -a # Show full system info +uptime # How long since boot + +# Where am I? +pwd # Print working directory +ls -la / # List root directory contents + +# Make a file +echo "Hello from Phase 1!" > /root/hello.txt +ls -l /root/hello.txt # Check file details +cat /root/hello.txt # Read the file +``` + +**Repeat on alpine-2 too!** + +βœ… **Verified by Midori** + +--- + +## 🎯 Exercise 2 β€” Navigation & File Basics + +```bash +# Explore directories +ls / +ls /etc +ls /var +ls /home + +# Create a directory structure +mkdir -p /root/lab/{notes,scripts,logs} +ls -R /root/lab + +# Copy and move files +cp /root/hello.txt /root/lab/notes/ +mv /root/hello.txt /root/lab/backup.txt + +# Read system files +cat /etc/hostname +cat /etc/os-release +cat /etc/passwd + +# Answer these: +echo $SHELL # What shell am I using? +wc -l /etc/passwd # How many users? +uname -r # Kernel version +``` + +### πŸ“ Questions to answer: +1. What is your shell? +2. How many users are listed in `/etc/passwd`? +3. What kernel version are you running? + +--- + +## 🎯 Exercise 3 β€” File Permissions + +```bash +# Check permissions +ls -la /root/lab/notes/ +ls -la /root/lab/ + +# Change permissions +chmod 644 /root/lab/notes/hello.txt +chmod 755 /root/lab/scripts + +# Create a script +echo '#!/bin/sh' > /root/lab/scripts/sayhello.sh +echo 'echo "Hello from a script!"' >> /root/lab/scripts/sayhello.sh +chmod +x /root/lab/scripts/sayhello.sh +./root/lab/scripts/sayhello.sh + +# Test permissions +chmod -x /root/lab/scripts/sayhello.sh +./root/lab/scripts/sayhello.sh # What happens? +``` + +### πŸ“ Questions: +1. What do the numbers `644`, `755`, and `+x` mean? +2. What happens when you remove execute permission from a script? + +--- + +## 🎯 Exercise 4 β€” Text Editors + +```bash +# Try nano (easier) +nano /root/lab/notes/my-notes.txt +# Type some text, Ctrl+O to save, Ctrl+X to exit + +# Try vi (classic) +vi /root/lab/notes/vi-practice.txt +# Press 'i' to insert, type something +# Press Esc, then ':wq' to save and quit +``` + +--- + +## βœ… Phase 1 Complete Checklist +- [ ] Exercise 1: `whoami`, `uname -a`, file creation +- [ ] Exercise 2: Directory structure, `cp`, `mv`, `cat` +- [ ] Exercise 3: `chmod`, permissions understanding +- [ ] Exercise 4: Text editors (nano + vi) + +**Next:** [[Phase 2 - Networking]] 🌐 diff --git a/🌸 Midori's Linux Dojo/Phase 2 - Networking/Exercises.md b/🌸 Midori's Linux Dojo/Phase 2 - Networking/Exercises.md new file mode 100644 index 0000000..cfbcf31 --- /dev/null +++ b/🌸 Midori's Linux Dojo/Phase 2 - Networking/Exercises.md @@ -0,0 +1,85 @@ +# 🌐 Phase 2: Networking + +> Goal: Machines communicate β€” ping, SSH, file transfers + +--- + +## 🎯 Exercise 1 β€” Ping & IPs + +```bash +# Check your network +ip addr show eth0 +ip route + +# Ping the other lab VM +ping -c 4 10.0.1.2 # From alpine-1 β†’ alpine-2 +ping -c 4 10.0.1.1 # From alpine-2 β†’ alpine-1 + +# Check ARP table +ip neigh + +# Advanced network tools +ip addr # All interfaces +ip route # Routing table +traceroute 10.0.1.2 # Path between VMs +``` + +### πŸ“ Questions: +1. What's the MAC address of the other VM? +2. Can you ping alpine-hop (10.0.1.3) from alpine-1? + +--- + +## 🎯 Exercise 2 β€” SSH Keys + +```bash +# Generate an SSH key +ssh-keygen -t ed25519 + +# Copy to the other VM +ssh-copy-id root@10.0.1.2 + +# Test passwordless login +ssh root@10.0.1.2 'hostname; uptime' +``` + +--- + +## 🎯 Exercise 3 β€” File Transfer + +```bash +# SCP (secure copy) +echo "Secret message" > /root/secret.txt +scp /root/secret.txt root@10.0.1.2:/root/ + +# RSYNC (sync directories) +rsync -av /root/lab/ root@10.0.1.2:/root/lab-backup/ +``` + +--- + +## 🎯 Exercise 4 β€” Network Services + +```bash +# Check listening ports +ss -tlnp + +# Start a simple HTTP server on alpine-1 +python3 -m http.server 8080 & + +# Access it from alpine-2 +curl http://10.0.1.1:8080/ + +# Kill the server +kill %1 +``` + +--- + +## βœ… Phase 2 Checklist +- [ ] Ping between VMs +- [ ] SSH key-based auth +- [ ] File transfer with `scp` / `rsync` +- [ ] Network services + +**Previous:** [[Phase 1 - Walking]] | **Next:** [[Phase 3 - Users and Files]] diff --git a/🌸 Midori's Linux Dojo/Phase 3 - Users and Files/Exercises.md b/🌸 Midori's Linux Dojo/Phase 3 - Users and Files/Exercises.md new file mode 100644 index 0000000..52d8775 --- /dev/null +++ b/🌸 Midori's Linux Dojo/Phase 3 - Users and Files/Exercises.md @@ -0,0 +1,82 @@ +# 🧰 Phase 3: Users and Files + +> Goal: Who can do what β€” users, groups, permissions, processes + +--- + +## 🎯 Exercise 1 β€” User Management + +```bash +# Create users +useradd -m bob +passwd bob # Set a password + +# Check user info +id bob +cat /etc/passwd | grep bob + +# Groups +groupadd developers +usermod -aG developers bob +groups bob + +# Switch user +su - bob +whoami +exit +``` + +--- + +## 🎯 Exercise 2 β€” File Ownership + +```bash +# Create file as root, give to bob +touch /root/lab/team-project.txt +chown bob:developers /root/lab/team-project.txt +ls -la /root/lab/team-project.txt + +# Set permissions +chmod 640 /root/lab/team-project.txt +``` + +--- + +## 🎯 Exercise 3 β€” Sudo / Doas + +```bash +# Give bob sudo access +echo "bob ALL=(ALL) ALL" >> /etc/sudoers +# OR on Alpine (doas): +echo "permit persist bob" >> /etc/doas.d/doas.conf +``` + +--- + +## 🎯 Exercise 4 β€” Processes + +```bash +# View processes +ps aux +ps -ef +top # Press 'q' to quit + +# Background jobs +sleep 100 & +jobs +kill %1 + +# Service management (Alpine) +rc-service sshd status +rc-update show +``` + +--- + +## βœ… Phase 3 Checklist +- [ ] Create users and groups +- [ ] File ownership and permissions +- [ ] Sudo/doas configuration +- [ ] Process management + +**Previous:** [[Phase 2 - Networking]] | **Next:** [[Phase 4 - Security]] diff --git a/🌸 Midori's Linux Dojo/Phase 4 - Security/Exercises.md b/🌸 Midori's Linux Dojo/Phase 4 - Security/Exercises.md new file mode 100644 index 0000000..4ed086d --- /dev/null +++ b/🌸 Midori's Linux Dojo/Phase 4 - Security/Exercises.md @@ -0,0 +1,84 @@ +# πŸ”₯ Phase 4: Security + +> Goal: Lock it down β€” firewall, logging, hardening + +--- + +## 🎯 Exercise 1 β€” iptables Basics + +```bash +# Check current rules +iptables -L -n -v + +# Default policy (block all inbound) +iptables -P INPUT DROP +iptables -P FORWARD DROP +iptables -P OUTPUT ACCEPT + +# Allow established connections +iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT + +# Allow SSH only from lab network +iptables -A INPUT -s 10.0.1.0/24 -p tcp --dport 22 -j ACCEPT +iptables -A INPUT -p tcp --dport 22 -j DROP + +# Allow loopback +iptables -A INPUT -i lo -j ACCEPT + +# Save rules +iptables-save > /etc/iptables/rules-save +``` + +--- + +## 🎯 Exercise 2 β€” Test the Firewall + +```bash +# From alpine-1: block pings from alpine-2 +iptables -A INPUT -s 10.0.1.2 -j DROP + +# From alpine-2: try to ping alpine-1 +ping 10.0.1.1 + +# Delete the rule +iptables -D INPUT -s 10.0.1.2 -j DROP +``` + +--- + +## 🎯 Exercise 3 β€” Logging + +```bash +# Check system logs +cat /var/log/messages +dmesg | tail + +# Log a test message +logger "Testing logging from my lab VM" +``` + +--- + +## 🎯 Exercise 4 β€” SSH Hardening + +```bash +# Edit SSH config +nano /etc/ssh/sshd_config +# Change: +# Port 2222 +# PermitRootLogin prohibit-password +# PasswordAuthentication no +# AllowUsers bob + +rc-service sshd restart +``` + +--- + +## βœ… Phase 4 Checklist +- [ ] iptables firewall rules +- [ ] Test blocking/unblocking traffic +- [ ] System logging +- [ ] SSH hardening + +**Previous:** [[Phase 3 - Users and Files]] | **Next:** [[Phase 5 - Server Stuff]] diff --git a/🌸 Midori's Linux Dojo/Phase 5 - Server Stuff/Exercises.md b/🌸 Midori's Linux Dojo/Phase 5 - Server Stuff/Exercises.md new file mode 100644 index 0000000..5584c2c --- /dev/null +++ b/🌸 Midori's Linux Dojo/Phase 5 - Server Stuff/Exercises.md @@ -0,0 +1,60 @@ +# πŸ—οΈ Phase 5: Server Stuff + +> Goal: Actually serve something β€” web server, NFS, file sharing + +--- + +## 🎯 Exercise 1 β€” Web Server + +```bash +# Install nginx on alpine-1 +apk add nginx + +# Start it +rc-service nginx start +rc-update add nginx default + +# Create a custom page +echo "

Welcome to alpine-1!

" > /var/www/localhost/htdocs/index.html + +# Test from alpine-2 +curl http://10.0.1.1/ + +# Check access logs +cat /var/log/nginx/access.log +``` + +--- + +## 🎯 Exercise 2 β€” NFS File Sharing + +```bash +# On alpine-1 (server): +apk add nfs-utils +mkdir /srv/shared +echo "/srv/shared 10.0.1.0/24(rw,sync,no_subtree_check)" > /etc/exports +rc-service nfs start + +# On alpine-2 (client): +apk add nfs-utils +mkdir /mnt/shared +mount -t nfs 10.0.1.1:/srv/shared /mnt/shared +``` + +--- + +## 🎯 Exercise 3 β€” Auto-mount with fstab + +```bash +# Add to /etc/fstab on alpine-2: +echo "10.0.1.1:/srv/shared /mnt/shared nfs defaults 0 0" >> /etc/fstab +``` + +--- + +## βœ… Phase 5 Checklist +- [ ] Web server (nginx) +- [ ] NFS server + client +- [ ] Persistent mounts with fstab + +**Previous:** [[Phase 4 - Security]] | **Next:** [[Phase 6 - Automation]] diff --git a/🌸 Midori's Linux Dojo/Phase 6 - Automation/Exercises.md b/🌸 Midori's Linux Dojo/Phase 6 - Automation/Exercises.md new file mode 100644 index 0000000..ca9972d --- /dev/null +++ b/🌸 Midori's Linux Dojo/Phase 6 - Automation/Exercises.md @@ -0,0 +1,113 @@ +# πŸ§ͺ Phase 6: Automation + +> Goal: Real admin skills β€” scripting, cron, text processing + +--- + +## 🎯 Exercise 1 β€” Shell Scripting + +```bash +# Create a backup script +cat > /root/lab/scripts/backup.sh << 'EOF' +#!/bin/sh +BACKUP_DIR="/root/backups/$(date +%Y%m%d)" +mkdir -p "$BACKUP_DIR" +tar -czf "$BACKUP_DIR/lab-backup.tar.gz" /root/lab/ +echo "Backup saved to $BACKUP_DIR" +EOF + +chmod +x /root/lab/scripts/backup.sh +./root/lab/scripts/backup.sh +``` + +--- + +## 🎯 Exercise 2 β€” Variables & Loops + +```bash +#!/bin/sh +# Variables +NAME="World" +echo "Hello, $NAME!" + +# For loop +for i in 1 2 3 4 5; do + echo "Count: $i" +done + +# While loop +COUNT=0 +while [ $COUNT -lt 3 ]; do + echo "Loop $COUNT" + COUNT=$((COUNT + 1)) +done + +# Conditionals +if [ -f /root/hello.txt ]; then + echo "File exists!" +else + echo "File not found" +fi +``` + +--- + +## 🎯 Exercise 3 β€” Cron Jobs + +```bash +# Edit crontab +crontab -e + +# Add a job that runs every hour: +0 * * * * /root/lab/scripts/backup.sh + +# List cron jobs +crontab -l + +# Check cron logs +cat /var/log/cron +``` + +--- + +## 🎯 Exercise 4 β€” Text Processing with grep/awk/sed + +```bash +# grep β€” search +grep "root" /etc/passwd +grep -r "alpine" /etc/ + +# awk β€” column extraction +awk -F: '{print $1, $6}' /etc/passwd +df -h | awk '{print $5, $6}' + +# sed β€” search & replace +sed 's/root/admin/' /etc/passwd > /tmp/test.txt +head -5 /tmp/test.txt +``` + +--- + +## 🎯 Final Project + +Create a single script that **automates the entire setup** of both lab VMs: + +```bash +1. Installs and configures SSH +2. Sets up static IPs +3. Configures firewall rules +4. Installs and starts a web server +5. Sets up NFS share +6. Creates users +7. Schedules backups with cron +``` + +--- + +## βœ… Phase 6 Checklist +- [ ] Shell scripts with variables, loops, conditionals +- [ ] Cron jobs for automation +- [ ] Text processing with grep/awk/sed +- [ ] Final project: full automation script + +**Previous:** [[Phase 5 - Server Stuff]]