Where to keep going as an Aspiring Linux Sysadmin?

So I’ve been trying to train for becoming a Linux Sysadmin for a while and while I have some idea of what that training would entail I don’t have all the pieces so to speak.

I started out building a fairly powerful i5 6500 machine with 16gbs of RAM, a 1TB HDD and 2 128 gb SSDs. I installed Ubuntu 16.04 onto the 1 TB HDD and as I wasn’t comfortable modifying my bare metal OS so I installed Virtualbox and started playing around with VMs.

As I got more acquainted with the console based applications like Vim for instance I eventually moved on to doing whole minimal installs of Ubuntu 16.04. I stopped using display managers like GDM and booted solely from StartX. I got it to where the only few applications I had installed were i3, rxvt-unicode, vim, htop and feh.

And now I’m at this point where I’m not sure where/how to keep progressing in terms of sysadmin training. I’m still not a sysadmin, but from what I understand building skills like using the command line and vim at every opportunity are important skills to have as sysadmin correct me if I’m wrong. I can use console commands and vim without thinking basically, I’m extremely comfortable with them. The only places I can think of left to go are keep training with the command line and vim, learn bash scripting and learn Python.

Although I’m really starting to crave some of the more juicy tasks like with virtualization for instance. I’d like to start doing small, basic projects that are hard to screw up in addition to further training even though I honestly don’t know much about virtualization or what I’d want to do with it.

I’d like a bit of a guiding hand here. I’ve done a lot on my own and there is still plenty of stuff for me to learn, but I do fear that eventually I’m gonna come up on dead end and not know what to do with all the training I’ve accrued.

What can I do with the machine that I have? It’s the only machine I have and I can’t afford to get another one as a server which is why I’m looking into virtualization, but I don’t know what I want to do with that virtualization if that makes sense. I’d like to reiterate my machine has an i5 6500 CPU with 16gbs of RAM, a 1TB HDD and two 128gb SSDs.

Anyway I hope that this clarifies what my problem is. Mostly I’m just looking for more experienced people to talk to.

A hell of a lot.

16GB of ram can build out an entire production stack of my company’s proprietary product.

When you’re doing lab stuff, CPU isn’t nearly as important as ram. Yeah, it helps to have CPU power, but RAM is really the benefit.

I’m about to jump into a meeting, but when I’m through with it, I’ll give you some advice on projects you should be able to do on the system you’ve got.

If you haven’t set up a LAMP stack before, do so. It’s more or less a rite of passage.

2 Likes

Hey friend!

I agree with what @SgtAwesomesauce said. You have a lot to work with. If you’re in the mood for learning some virtualization on Linux, I think KVM is a great start.

You can do some simple networking, build a DHCP server for your home using Ubuntu, Debian, or CentOS. Make a DNS server or two, too.

Setting up a LAMP or LEMP stack is great advice as well. Spend a week doing one of each, and do it 20+ times. Make sure that you don’t have to reference the wiki or documentation anymore.

Go for the extra credit too: Obscure Apache/Nginx, so if someone attempts to see the root path they can’t see what version you’re running. Have multiple site domains. Use Node instead of PHP. Setup Let’s Encrypt. Force the site to go https.

You can do a LOT with LAMP/LEMP. Setup Wordpress, Ghost, NextCloud, Roundcube, file servers, VPN… The possibilities are endless.

Get a RHCSA/RHCE book. They go over a lot of Linux server projects, because that’s essentially what the test is. You make changes to the server and reboot. If the tasks are complete and the server boots, you get a (passing) score.

1 Like

Learning about KVM, libvirt and a bit of openstack (devstack is your friend) is always good. OpenStack is very similar to AWS in architecture and is a good free way to get exposure to it.

Nginx is really the new industry standard. It’s important to know it. It’s pretty easy to configure though.


Brain dump:

You should know ufw, firewalld and iptables from a security perspective.

You should know how to use SSH keys and how to do some more advanced stuff (ssh jump hosts, bastion servers, sftp config) with SSH.

Knowing different filesystems (and relevant tuning parameters) is a plus.

A bit of understanding of Java (JRE) gotchas and tuning parameters is helpful. A lot of companies use proprietary programs written in java and knowing how to optimize the runtime environment around them can go a long way to making users happy!

Even if you don’t get hired for networking, you’ll need a knowledge of it. Understand how VLANs and subnets work at the bare minimum.


@anon79053375, it might be fun to make a wiki page for this sort of stuff. A “so you want to be a sysadmin, eh?” sort of page.

There’s tons of stuff you can do! Start off with setting up various services (email, http, ftp, ssh, dns,etc) and look into how to configure those to be as secure as possible. I’m a big advocate of setting up a service and seeing if there’s anyway you can exploit the service you just set up. Lots of great resources on setting up your own pentesting lab. Learning containerization software such as LXC or Docker can go a long way too. I’d definitely look into virtualization as well. ESXi if you have the money and Proxmox if you don’t.

Another thing to do is to download images for intentionally exploitable OS’s and figure out a) how to exploit those vulnerabilities, and b) how to fix those vulnerabilities. https://www.vulnhub.com/ is a good start for this.

http://overthewire.org/wargames/ is a pretty cool site too.

Also, get involved with the security community in your area. Dunno where you’re located, but I’m sure there’s at least some kind of security meet-up group in your area. Look into attending security conferences that are either cheap or free. BSides is a good one if you have a conference near you.

Stay up to date on the latest security news as well. https://www.reddit.com/r/netsec/ is a great place to start.

While that’s fun, it’s not really sysadmin focused. That’s squarely in the pentesting realm. (don’t take this as discouragement though. I enjoyed it)

Thanks for all the great suggestions everyone, so I think I have an idea of what I want to do. So I’m gonna do a clean install on my 1TB HDD (Not sure what distro probably Ubuntu), install KVM and set up a couple servers. I’m getting into KVM as a kind of necessity because I’m stuck with my one machine.

Regarding pen testing is there anything stopping me from say setting up a working DHCP Server in KVM for instance and then finding some kind of security risk in it, exploit it, try to bring it down and try to fix the security risk? I know that isn’t sysadmining specifically, but if I can get pen testing skills exploiting the server I just built in as well as sysadmin skills from setting it up I figured I might as well. I’ve been curious about pen testing and I like killing two birds with one stone.

1 Like

If you’re comfortable with Debian based distros, I’d recommend installing Fedora instead. It’s always nice to get some diversity in your life.

Nothing at all. Also, there’s nothing wrong with getting some skills there either.

I’m going to eventually do a write-up on the lab I use for pentesting, but that’s a ways down the road since one of my VM hosts is currently down with the flu (failing ram)

If you’re comfortable with Debian based distros, I’d recommend installing Fedora instead. It’s always nice to get some diversity in your life.

I actually do have some experience with RPM based distros, I played around with CentOS as well as Ubuntu, I like CentOS a lot and know my way around it.

Good Good. Let the Linux flow through you. :stuck_out_tongue:

If you’ve got enough experience with both, then it’s your preference.

Also, keep in mind that the more you learn about libvirt and virtual networking (another thing to add to your list is openvswitch), the more you’ll be able to do in regards to building a lab.

True. My view is that systems administration and pentesting go hand and hand though, and overthewire is a fun intro to the world of pentesting.

1 Like

True. I’ve been working on making a lateral move to IA from my cozy cloud admin job. I can see what you mean by that.

Also, there’s nothing more boring than the cloud.

But it’s the cloud though! So vague and mysterious. It’s all knowing and all powerful. If you run your code in the cloud, factorial problems become linear ones, all thanks to the magical transistors the cloud consists of. At least that’s what their brochure says.

IMO - Know about and create:

shell scripting
dhcp / subnets / routing
wireshark / tcpdump
DNS
NIS
NTP / CHRONY
Kickstart
SSH
LVM
disk imaging / backup methods and recovery
postfix
TLS/SSL
iptables/firewalld
snmp monitoring

1 Like

So I was thinking about reinstalling Ubuntu, but Fedora’s really speaking to me as it’s repository is considerably more up to date than Ubuntu’s, it’s stable and that’s honestly what I want out of a daily driver, a balance between stability and bleeding edge. Given my experience with CentOS and in terms of documentation Fedora looks outstanding, I’m gonna give a Fedora Minimal Install a go.

Fedora is also upstream of rhel so you’ll see things in fedora end up in most red hat deployments at some point.

You can also get a free license for RHEL. Look up the red hat developer program