Fedora Server Edition Basic Administration Guide

Beta 1 – Please comment on server mailing list!

Author: Peter Boy (pboy) | Creation Date: 2021-03-10 | Last update: 2021-03-26 | Related Fedora Version(s): 33,34

What You Find Here

Generic basic system administration is covered by Fedora’s overall System Administration Guide. But there are several of Fedora Server specific topics which are not included. There are such basic items as storage organization to more advanced security considerations up to virtualization.

Post Installation security enhancements

As part of the installation, the system is already fitted with many security-relevant configurations. But some items need manual intervention.

First of all, the root account needs a key file to enable secure access via ssh. Right after installation, login as root is not possible due to the (public) key file requirement as configured during installation.

For a number of other procedures, the system manager must weigh the pros and cons and make a decision. This involves, for example

  • Installing fail2ban to block IPs with too many unsuccessful logins

  • Disabling ssh password based login for all users except one (or very few) fallbacks

  • Protecting Cockpit password terminal login capability

Cockpit

Fedora Server Edition is designed as a headless device, i.e. without a graphical user interface. Corresponding packages are not even installed. Accordingly, at most a simple text-based terminal is available on the box.

Typically, however, administration is done remotely via a secure SSH connection.

In addition, a lightweight web-based graphical user interface, Cockpit, is available by default and is intended to simplify many typical and repetitive maintenance tasks. For example, the creation, formatting and mounting of a logical file area can be done with a short input form consisting of 3-4 topics and one click. This saves even the experienced system administrator a lot of time and the (error-free) typing of several command lines.

Comming Up Next

  • Manage storage

  • SELinux, don’t deactivate but resolve issues (link to cockpit SELinux page and description how to resolve on CLI (or link))

  • Ansible, would be nice to offer some configurable Ansible scripts for those repetitive tasks (downloadable from server-wg home page)

    • links to existing script at GitHub system roles and a guide how to use that script for this purpose

More topics of this kind to be added

These nice people helped write this page:

Peter Boy, Jan Kuparinen

Want to help? Learn how to contribute to Fedora Docs.