Fedora Server Edition Basic Administration Guide
Beta 1 – Please comment on server mailing list!
Generic basic system administration is covered by Fedora’s overall System Administration Guide. But there are several of Fedora Server specific topics which are not included. There are such basic items as storage organization to more advanced security considerations up to virtualization.
As part of the installation, the system is already fitted with many security-relevant configurations. But some items need manual intervention.
First of all, the root account needs a key file to enable secure access via ssh. Right after installation, login as root is not possible due to the (public) key file requirement as configured during installation.
For a number of other procedures, the system manager must weigh the pros and cons and make a decision. This involves, for example
Installing fail2ban to block IPs with too many unsuccessful logins
Disabling ssh password based login for all users except one (or very few) fallbacks
Protecting Cockpit password terminal login capability
Fedora Server Edition is designed as a headless device, i.e. without a graphical user interface. Corresponding packages are not even installed. Accordingly, at most a simple text-based terminal is available on the box.
Typically, however, administration is done remotely via a secure SSH connection.
In addition, a lightweight web-based graphical user interface, Cockpit, is available by default and is intended to simplify many typical and repetitive maintenance tasks. For example, the creation, formatting and mounting of a logical file area can be done with a short input form consisting of 3-4 topics and one click. This saves even the experienced system administrator a lot of time and the (error-free) typing of several command lines.
SELinux, don’t deactivate but resolve issues (link to cockpit SELinux page and description how to resolve on CLI (or link))
Ansible, would be nice to offer some configurable Ansible scripts for those repetitive tasks (downloadable from server-wg home page)
links to existing script at GitHub system roles and a guide how to use that script for this purpose
More topics of this kind to be added