Automating Server Deployments in AWS with Terraform

Previously I discussed deploying Enterprise Linux in AWS which I demonstrated by using the AWS console. This is a common way to deploy servers to the cloud, however doing server deployments manually can create a situation where you’re stuck with static images that are difficult to replicate when your infrastructure grows. One of the benefits of Cloud Computing is that the infrastructure is programmable, meaning we can write code that can automate tasks for us.

Deploying Enterprise Linux in AWS

In a previous post I discussed installing Enterprise Linux in VMWare, this time I wanted to write about deploying a server to the cloud. Cloud Computing platforms like Amazon’s AWS allow you to build and run all kinds of Infrastructure and services on-demand without having to purchase and maintain expensive physical computing hardware. You can deploy a server in minutes and have the capability to scale your workload as much as you need.

Vulnerability Scanning with Nessus

Tenable Nessus is an industry standard vulnerability scanner that can be installed for free for basic network scanning. I’ve also had the opportunity to deploy Nessus agents across a fleet of hundreds of Linux servers and run extensive scans from Tenable cloud. In this article I’ll describe setting up Nessus in Linux to scan remote hosts. Having knowledge of the vulnerabilities present in your environment is critical in defending against Cyber attack.

OpenLDAP on Enterprise Linux

This post will demonstrate setting up an OpenLDAP Server for user authentication on Enterprise Linux. OpenLDAP is an implementation of the Lightweight Directory Access Protocol and is often used for user identity and authorisation services in corporate environments. I’ve previously demonstrated setting up an Enterprise Linux virtual machine, so if you haven’t already done so please setup a Linux system to work with, ideally to test authentication across multiple servers you’ll also have a second Linux server to work with as well.

Setting Up Oracle Linux Automation Manager

Previously I wrote about using Ansible to manage the configuration of Linux servers. I love using Ansible and use it almost every day, however in a large Enterprise environment with multiple users and a lot of Ansible roles and playbooks, sometimes using Ansible on its own becomes difficult to maintain. In this post I’m going to run through configuring Oracle Linux Automation Manager. Oracle’s Automation Manager is essentially a rebranded fork of Ansible Tower and provides a web user interface to easily manage your Ansible deployments and inventory.

Managing Linux servers with Ansible

Ansible is an open source, configuration management and automation tool sponsored by Red Hat. Ansible lets you define the state that your servers should be in using YAML and then proceeds to create that state over SSH. For example, the state might be that the Apache web server should be present and enabled. The great thing about Ansible is if the server is already in the state that you’ve defined then nothing happens.

Joining Enterprise Linux to Active Directory

In this post I’ll outline the steps to join an Enterprise Linux host to Microsoft Active Directory for user account management. Why would you want to do this? In an Enterprise environment it’s common to have a mix of Windows and Unix/Linux machines that offer different services across the organisation. To resolve the issues of user account management across a network of systems you’ll typically find a centralised directory service such as Microsoft Active Directory.

Building the Linux Kernel

This is a short post describing how to build and install the Linux kernel from source. There’s plenty of documentation elsewhere online that goes into more detail than I will here, so this is mainly as a reference for myself. I’m using Fedora 34, but you can follow similar steps for other distributions. First install the necessary packages needed for building the kernel. $ sudo dnf group install "C Development Tools and Libraries" $ sudo dnf install gcc make git ctags ncurses-devel kernel-devel It’s likely that the group install for the C development tools installs most of what you need, but various places around the web have suggested the other packages specifically, so might as well include them just to be sure.

Configuring NTP on Enterprise Linux

Now that we have a Linux distribution to work with, we’ll configure Network Time Protocol services in our local network. NTP provides time synchronisation which is important for authentication services and single-signon which we’ll set up in a later post. Make sure you’ve got an Enterprise Linux server setup. I’ll be using AlmaLinux that I installed in the previous chapter as the client with the hostname, and Oracle Linux as the server with the hostname olhost1.

Installing Enterprise Linux

We’ll start off by installing Enterprise Linux in a Virtual Machine to give us something to experiment with. I recommend using a virtual machine for your learning over other options such as installing on your PC hard drive, or running a cloud server, simply because if you make a mistake it’s easier to recover and start fresh. You aren’t going to risk losing any of your personal files, and it’s much cheaper than running in the Cloud.