01: Planning Notes for LUnixTHW

I'm working out the outline for the course and want people who will attend to get a sense of my process and what I'm teaching. If you have feedback on the topics so far please use the bug button in the header to let me know your thoughts. Here's the current outline as of Jan 8, 2024. Feedback more than welcome from Linux professionals or students. Just keep in mind that this course is meant to be all the things you need before learning about automation like Docker.

Module 1 Plan

• Gearing UP
  • Setups for various OS to run Linux in a VM
  • This will mostly be how to use a VM to practice installing Linux on various platforms. I may investigate Podman as a way to do this cross-platform to simplify things.
• Installing Alpine Linux
  • Why Alpine Linux
    • Primarily because it is small and very simple, but still supports most everything you need to learn. It's also a more "classic" unix/linux OS with simple file based management and no systemd.
  • Getting the Image
  • Installation
    • Again this will go in VMs since a big part of the course is constantly re-installing Linux to get better at how to install it. Nothing prevents people from putting it on real hardware though, it's just more annoying.
• Bash Shell Basics
  • Just a basic introduction
  • This won't go into programming bash but I think Module 2 or maybe 3 will get into automating Linux where basic shell scripting will be taught.
• Vim Basics
  • Just enough Vim to be useful on most Linux installs, and mostly because of its prevalence but full capability.
• Other Editors
  • For people dead against Vim I'll suggest editors like nano.
• File System Layout
  • Description of where everything is
  • The "Everything's a File" Lie
  • Devices in the filesystem
• Package Management
  • How to install software
  • Upgrading packages
  • Upgrading the OS
• Process Management
  • What processes are and how to manage them
• Monitoring Processes
  • Logs and searching them
  • Network monitoring
  • Seeing who's logged in
• Basic Networking Configuration
  • TCP/IP vs UDP
  • Configuring devices (this is in a VM though)
  • Testing and debugging network connections
  • Tcpdump and Wireshark to see traffic
• Configuring Software
  • To start, we'll by doing a simple config of ssh
  • Remote Logins with ssh
• Advanced Shell Usage
  • Once your Linux is setup you'll learn how to use various tools that allow you to work with the data the system gives you
    • sed
    • find
    • sort
    • uniq
    • cut
    • grep
    • curl
    • jq
    • less
    • gunzip
    • scp
    • sqlite3

Module 2: Services

This module will cover manual configuration of basic services, since if you can manually configure it then when you use automation like Docker it becomes easier to debug or modified what's being installed.

• A Webserver
  • nginx
  • others?
• An Application Server
  • Maybe a gittea or similar server?
  • Fastapi?
• Email Server
  • Probably postfix but man I hate email servers.
• Chat Server
  • IRC? XMPP? Jabber?
• caching DNS server
• stunnel or similar simple encrypted tunnel
• Wireguard? Is this too complex?
• Various Programming Languages
  • Python
  • Ruby
  • Zig
  • Go
  • Rust
  • Elixir
  • Node/JavaScript
  • Java?

Module 3: Security

This module will then get into simple security configuration. The security recommended will be the 20% of configurations that give you the 80-90% security from most dumb external attackers, and then explain how--if someone really wants your box--you're screwed.

• The Security Mindset
  • Don't let them in
    • Talk about how nothing protects you once they're on your machine. All you can do is mitigate damage for a little while, but eventually they'll get everything.
  • The root Tautology "Attack"
    • Talk about the BS of supposed attacks that start off with "Assuming they have root..." If they have root then you're screwed, nothing stops that. It's better to do what you can to prevent access than to try to stop someone with access doing damage.
  • Nothing is 100%
    • Discuss how security and quality is not a 100% thing but more a series of filters that reduce the probability of being exploiter.
    • Even then, someone with enough resources will hack you.
    • That's why you also need good monitoring, etc. etc.
• Simple Security
  • Introduce fail2ban
  • Using lsof to see open ports
  • Monitoring traffic in real time (htop?)
  • nmap scanning (that still a thing?)
  • More tools...
• Simple firewall management
  • This is the basic tools to learn to both use fail2ban (since it has issues with telling you what's blocked) and to do your own IP blocking and firewall management.
• Monitoring
  • Basic monit
  • Logging to a separate server, maybe rsyslog
  • Not sure if I want to mention products like netdata.
  • Possibly some of the rootkit hunters?
• Backup Procedures
  • Talk about why you need backups and recovery
  • Various backup mechanisms from simple rsync to others like tarsnap? S3?
  • Testing backups periodically to confirm you have them in a disaster

Development Plan

I plan to change how I make courses in 2024 because what I've been doing hasn't really been very productive. In the past I would think, and think, and think about a course and then eventually years later write the whole thing in a month. Rather than do that I want to build the curriculum slowly over the course of a year, and utilize live streams to get feedback from students as I go.

I'll announce a streaming schedule and will plan on releasing about 1 lesson a week for people to watch and attempt. I'll then take feedback from students on how the lesson works or does not work and fix it up before continuing on with the next one. You don't have to attend the live sessions as I'll be posting edited videos to each lesson after they're done.

The Unix course will also be structured differently from the other courses. It will be primarily video heavy, with the exercise text being notes about the video, important links to tools and documentation you need, and additional study topics to research. This format will work better for Unix since it's a highly interactive subject that is easier to understand when you see it done in a video, rather than read streams of commands without interactivity.

As usual, join the discord to talk to me about the course while I'm working on it.