<highlights><para>If you experience an issue that you cannot solve by reading the Adélie Linux documentation, there are a large variety of avenues available to you to ask the community for help.</para></highlights>
<section>
<sectionid="mailing_lists">
<title>Mailing Lists</title>
<para>The Adélie Linux mailing lists are a great way to obtain answers to any number of issues. Helpful members of the community, along with most of the Adélie Linux development team, are always monitoring the mailing lists and are ready to help you with your issue. There are three main mailing lists that would be of interest to systems administrators:</para>
<itemizedlist>
...
...
@@ -26,13 +26,13 @@
</listitem>
</itemizedlist>
</section>
<section>
<sectionid="chat">
<title>Community Chat</title>
<para>The Adélie Linux community has a dedicated online chat system for asking quick questions about using the Adélie Linux system. We welcome all of our users to our chat, and we look forward to seeing you! Please note that detailed or complex issues may be referred to the mailing lists.</para>
<para>The chat system uses the Internet Relay Chat (IRC) protocol; to join the chat, you will need to use an IRC client. Three popular clients are packaged in the Adélie Linux system: <package>Konversation</package> (the KDE IRC client), <package>Quassel</package> (a popular Qt IRC client), and <package>WeeChat</package> (a terminal-based IRC client).</para>
<para>To join our chat, connect to the Interlinked IRC network at irc.interlinked.me (TLS port 6697), and then join the #Adelie-Support channel.</para>
</section>
<section>
<sectionid="more_help">
<title>Other avenues of support</title>
<para>If you have found an issue with a package (a segmentation fault, crash, or hang/freeze), you may file an issue at <ulinkurl="https://bts.adelielinux.org/">the Adélie Linux issue tracker</ulink>.</para>
<para>The <ulinkurl="https://www.reddit.com/r/AdelieLinux/">Adélie Linux sub on Reddit</ulink> is sometimes used for asking for help, but it is highly recommended to use the mailing lists instead.</para>
<highlights><para>Welcome to the Adélie Linux 1.0 Administrator's Handbook. You'll learn a lot about how to administrate your Adélie Linux computer. We'll get started by looking at how Adélie Linux compares to other popular operating environments. We will also review some of the software used that will feature in the chapters ahead.</para></highlights>
<section>
<sectionid="compare">
<title>Comparison of Adélie with other environments</title>
<para>Adélie Linux is a Linux distribution focused on security, speed, reliability, and correctness. Since it is based on the Linux kernel, it shares some common traits with other Linux distributions. However, it has many unique facets as well.</para>
<para>One of the defining differences of Adélie Linux is the commitment to run on many different hardware platforms. The first comparison we will review is the hardware platforms that various environments support.</para>
...
...
@@ -306,7 +306,7 @@
</tgroup>
</table>
</section>
<section>
<sectionid="differences">
<title>What sets Adélie apart</title>
<para>The Adélie Linux operating environment has many features that stand out from other environments.</para>
<section>
...
...
@@ -328,9 +328,9 @@
<para>Adélie Linux supports many different hardware platforms, allowing you to truly use your hardware your way. All Adélie Linux packages are tested on all tier 1 architectures before being released. From your PowerPC/POWER workstation, to your dusty old Intel x86 notebook, to your ARM 64 tablet, you can ensure you are getting the most from your computers by using Adélie Linux on them.</para>
</section>
</section>
<section>
<sectionid="familiarising">
<title>Familiarising yourself with Adélie</title>
<para>Now it's time to go over a brief run-down of the day-to-day administration of an Adélie system. These will be covered with more depth in later chapters.</para>
<para>Now let's brief go over some of the essentials of day-to-day administration of an Adélie Linux system. These will be covered with more depth in later chapters.</para>
<section>
<title>The shell environment</title>
<para>The <firstterm>shell environment</firstterm>, also called a terminal or console, is an interface where you type commands in to a command processor (the <firstterm>shell</firstterm>), and view the results of the command on your screen. Windows users may know this environment as a "Command Prompt". The shell environment is an essential part of administrating any Linux system. Adélie Linux is designed to make the shell environment easy to use while still providing you the ability to view and edit nearly every detail about your system.</para>
<highlights><para>In this chapter, we will discuss package management in the Adélie Linux operating environment, including the APK package manager.</para></highlights>
<section>
<sectionid="introduction3">
<title>Introduction</title>
<para>We'll start off by learning what a package is, and about the package manager used by Adélie Linux.</para>
<section>
...
...
@@ -17,7 +17,7 @@
<para>APK refers the entire set of packages you have chosen to install on your computer as a "<firstterm>world</firstterm>". When you install a package, you are adding it to the "world". When you uninstall a package, you are removing it from the "world". The world file exists at <filename>/etc/apk/world</filename> and is a text file with each package you have chosen to install on a single line.</para>
</section>
</section>
<section>
<sectionid="install_uninstall">
<title>Installing and uninstalling packages</title>
<para>When you want to install a package on your Adélie Linux system, you may use the command <command>apk add <userinput>PACKAGE</userinput></command>, where <userinput>PACKAGE</userinput> is the name of the package you want to install. You may install multiple packages at the same time by separating them with spaces. For example, <command>apk add firefox thunderbird</command> will install the Firefox web browser and Thunderbird email client.</para>
<para>To uninstall a package on your Adélie Linux system, you may use the command <command>apk del <userinput>PACKAGE</userinput></command>, where <userinput>PACKAGE</userinput> is the name of the package you want to uninstall. As with package installation, you may uninstall multiple packages at the same time by separating them with spaces.</para>
...
...
@@ -29,7 +29,7 @@ World updated, but the following packages are not removed due to:
</screen>
<para>This indicates that the <package>fts</package> package was removed from your "world" file (if it was listed there), but it is still required by the <package>dracut</package> package that is currently installed on your computer.</para>
</section>
<section>
<sectionid="integrity">
<title>Ensuring package integrity</title>
<para>The APK package manager can help you ensure continuing system integrity, and can also help you correct some issues as they arise. Every file installed on your computer by APK has a cryptographic signature and checksum. You may use the command <command>apk audit</command> to audit your entire system for integrity, or <command>apk audit <userinput>PATH</userinput></command> to audit a specific file or directory on your system. Note that <userinput>PATH</userinput> must be an <firstterm>absolute path</firstterm>; it must be the entire path beginning with a /. For example, the command <command>apk audit /usr/bin/vim</command> is valid; the command <command>apk audit vim</command>, even if it is run from inside the /usr/bin directory, is not.</para>
<para>The typical output of an <command>apk audit</command> run will look something like the following:</para>
<para>To view the status of all services on your system, you may use the command <command>rc-status</command>. If any services are listed under "Dynamic Runlevel: manual", these are services that have been started but do not belong to any runlevel. That means they have been started without being enabled first, and will not automatically start on next system boot.</para>
</section>
</section>
<section>
<sectionid="at">
<title>Scheduling a process to run later</title>
<warning><title>Not Yet Written</title><para>This section has not yet been written.</para></warning>
<para>You may wish to run a command at a specific time. Therefore, we should describe <command>at</command> here some day.</para>
</section>
<section>
<sectionid="cron">
<title>Scheduling a process to run periodically</title>
<warning><title>Not Yet Written</title><para>This section has not yet been written.</para></warning>
<highlights><para>In this chapter, we will discuss how to configure your Adélie Linux system for networking. Wired, wireless, and VPN connections using both static and dynamic IP addressing will be covered. In addition, advanced topics including interface bondage and KVM configuration will also be discussed.</para></highlights>
<section>
<sectionid="introduction5">
<title>Introduction</title>
<para>The Adélie Linux system uses <firstterm><package>netifrc</package></firstterm> as its network configuration and management system. The netifrc system uses a declarative configuration syntax in a single file, <filename>/etc/conf.d/net</filename>, for ease of administration. All main system network configuration is declared in this file. Some additional configuration may be required for wireless or VPN connections; notably, wireless connections require WPA Supplicant to be configured using either <package>wpa_gui</package> (on computers that use X11), or in the <filename>/etc/wpa_supplicant/wpa_supplicant.conf</filename> file.</para>
<para>The default configuration for the Adélie Linux system uses the traditional Linux interface names (such as "eth0", "eth1", and "wlan0"). If you prefer the new "predictable" interface names (such as "enP2p36s15f0" or "wlp9s0"), refer to <xreflinkend="crappy_udev_ifs"/>.</para>
...
...
@@ -17,7 +17,7 @@
<para>Before we begin configuring the network, we will list the network adaptors available on your computer. This will ensure that the adaptor or adaptors were detected successfully by the kernel. To do this, ensure the <package>iproute2</package> package is installed, and run the command <command>ip link</command> as root.</para>
</section>
</section>
<section>
<sectionid="wired">
<title>Wired connections</title>
<para>For the purposes of this handbook, a <firstterm>wired connection</firstterm> is a connection to a network that utilises Ethernet. While the Adélie Linux system supports ATM, CAN bus, IEEE 1394, and Token Ring networking, these connection types are exceedingly rare and out of the scope of this handbook.</para>
<sectionid="how2dhcp">
...
...
@@ -42,42 +42,42 @@ nameserver 84.200.69.80
</section>
</section>
</section>
<section>
<sectionid="wireless">
<title>Wireless connections</title>
<para></para>
<section>
<sectionid="wpa">
<title>WPA-based authentication</title>
<para></para>
<warning><title>Not Yet Written</title><para>This section has not yet been written.</para></warning>
<warning><title>Not Yet Written</title><para>This section has not yet been written.</para></warning>
</section>
<section>
<sectionid="multi_ap">
<title>Configuring for multiple access points</title>
<para></para>
<warning><title>Not Yet Written</title><para>This section has not yet been written.</para></warning>
</section>
</section>
<section>
<sectionid="vpn">
<title>VPN connections</title>
<para></para>
<section>
<sectionid="openvpn">
<title>OpenVPN</title>
<para></para>
<warning><title>Not Yet Written</title><para>This section has not yet been written.</para></warning>
</section>
<section>
<sectionid="strongswan">
<title>StrongSwan</title>
<para></para>
<warning><title>Not Yet Written</title><para>This section has not yet been written.</para></warning>
</section>
</section>
<section>
<sectionid="kvm">
<title>Virtual machine networking</title>
<para></para>
<section>
<sectionid="hostonly">
<title>Networking guests with each other only</title>
<para></para>
<warning><title>Not Yet Written</title><para>This section has not yet been written.</para></warning>
</section>
<section>
<sectionid="bridged_kvm">
<title>Sharing a host network with guests</title>
<para>The Adélie Linux system can be configured to provide bridged networking to a QEMU virtual machine or KVM guest using TAP networking. You will need the <package>iproute2</package> package installed.</para>
<para>First, we will need to add a <firstterm>bridge</firstterm> to netifrc. A bridge allows multiple network adaptors to combine multiple network segments into a single aggregate. For our purposes, we will be combining the physical network adaptor on the host with the virtual network adaptors on each guest. The bridge will have your physical network adaptor as its first member. This way, no network reconfiguration will be required when you start or stop virtual machines. You will need to move the configuration for your physical network adaptor to the bridge, so that all members of the bridge may share that connection. In the following example, the interface <literal>eth0</literal> is the physical adaptor and the bridge is set to use a static IPv6 address, which will then be used by the physical adaptor as well.</para>
...
...
@@ -122,25 +122,25 @@ ip tuntap del name $1
<para>This will start a machine with network access and a MAC address of <literal>02:00:00:00:00:01</literal>.</para>
</section>
</section>
<section>
<sectionid="advanced">
<title>Advanced topics</title>
<para></para>
<sectionid="crappy_udev_ifs">
<title>Advanced: Using "predictable" network interface names</title>
<para></para>
<warning><title>Not Yet Written</title><para>This section has not yet been written.</para></warning>
</section>
<sectionid="multi_if">
<title>Advanced: Multiple interfaces</title>
<para></para>
<para>Note that by default, all interfaces must be active before the rest of the system will consider the network to be active. This will cause network services to delay start-up until all interfaces are active. If this is not desired, you may set <varname>rc_depend_strict</varname> to <literal>NO</literal> in <filename>/etc/rc.conf</filename>.</para>
</section>
<section>
<sectionid="bondage">
<title>Advanced: Interface bondage</title>
<para></para>
<warning><title>Not Yet Written</title><para>This section has not yet been written.</para></warning>
</section>
<section>
<sectionid="eth_auth">
<title>Advanced: 802.1X authentication</title>
<para></para>
<warning><title>Not Yet Written</title><para>This section has not yet been written.</para></warning>
<highlights><para>In this chapter, we will review best practices for keeping your Adélie Linux systems secure.</para></highlights>
<section>
<sectionid="introduction6">
<title>Introduction to computer security</title>
<para>No one book can teach you everything about computer security. Computer security is not simply an item on a list that must be done once and then it is "completed". Computers are very powerful tools, and just as they can be used to teach, create, and produce, they can also be used for more nefarious purposes. By taking a proactive approach to computer security, and treating it as a process, you will be much more successful in keeping the security, confidentiality, and integrity of your data intact.</para>
<para>No one book can teach you everything about computer security. Computer security is not simply an item on a list that must be done once and then it is "completed". Computers are very powerful tools, and just as they can be used to teach, create, and produce, they can also be used for more nefarious purposes. By taking a proactive approach to computer security, and treating it as a process, you will be much more successful in keeping the security, confidentiality, and integrity of your data intact. You first need to identify your <firstterm>threat model</firstterm>; that is, what advisaries are you attempting to keep out? A sophisticated nation-state requires a much different security plan than a random hacker.</para>
<para>The suggestions in this handbook are a starting point to help you develop an actionable plan to keep your computer secure. They are by no means exhaustive. Remember to always keep learning; knowledge is power.</para>
</section>
<section>
<sectionid="apk_sec">
<title>APK</title>
<itemizedlist>
<listitem><para>Only use repositories and mirrors with HTTPS.</para></listitem>
...
...
@@ -15,7 +15,7 @@
<listitem><para>Ensure any custom or third-party repositories have high-grade signature keys and that you trust the developers.</para></listitem>
</itemizedlist>
</section>
<section>
<sectionid="service_sec">
<title>Services</title>
<itemizedlist>
<listitem><para>If a service is only being used in your internal network, make sure it is configured to only accept connections from that network. This reduces the chance that an external attacker from the Internet can connect to it.</para></listitem>
<highlights><para>In this chapter, we will review directories and files common to all Adélie Linux systems. Adélie Linux is based on the Filesystem Hierarchy Standard (FHS) 3.0 specification; directories and files specified in FHS are not covered here.</para></highlights>
<section>
<sectionid="etc">
<title><filenameclass="directory">/etc</filename>: Host-specific system configuration</title>
<section>
<sectionrole="NotInToc">
<title>Purpose</title>
<para>As in FHS, the /etc hierarchy contains configuration files specific to a single host.</para>
</section>
<section>
<sectionrole="NotInToc">
<title>Requirements</title>
<para>The following directories, or symbolic links to directories, must be present in <filenameclass="directory">/etc</filename>:</para>
<tableframe="none">
...
...
@@ -47,7 +47,7 @@
</tgroup>
</table>
</section>
<section>
<sectionrole="NotInToc">
<title>Specific Options</title>
<para>The following files, or symbolic links to files, must be present in <filenameclass="directory">/etc</filename>, if the corresponding subsystem is installed:</para>
<tableframe="none">
...
...
@@ -76,13 +76,13 @@
</tgroup>
</table>
</section>
<section>
<sectionid="etc-apk">
<title><filenameclass="directory">/etc/apk</filename>: Configuration files for the package manager</title>
<section>
<sectionrole="NotInToc">
<title>Purpose</title>
<para><filenameclass="directory">/etc/apk</filename> is used for configuring the Adélie Linux package manager, as described in <xreflinkend="packages"/>.</para>
</section>
<section>
<sectionrole="NotInToc">
<title>Requirements</title>
<para>The following directories, or symbolic links to directories, must be present in <filenameclass="directory">/etc/apk</filename>:</para>
<highlights><para>In this chapter, we will review the standards with which the Adélie Linux operating environment is certified to be conformant.</para></highlights>
<section>
<sectionid="fhs3">
<title>Filesystem Hierarchy Standard 3.0</title>
<para>The Adélie Linux operating environment is believed to be fully compliant with the <ulinkurl="http://refspecs.linuxfoundation.org/FHS_3.0/fhs/index.html">Filesystem Hierarchy Standard, version 3.0</ulink>. If you find an issue that may cause non-conformance while using Adélie Linux, please file an issue at the <ulinkurl="https://bts.adelielinux.org/">Adélie Linux Issue Tracker</ulink>.</para>