forked from IT-Syndikat/its-network
Add last bits and pieces of documentation
Signed-off-by: Waschtl <tyrolyean@escpe.net>
This commit is contained in:
Waschtl
parent
04f0ed4e21
commit
5e9aa668a3
3 changed files with 264 additions and 76 deletions
presentation
|
|
@ -69,7 +69,6 @@
|
|||
%---------------------------------------------------------
|
||||
\usefonttheme{default} % Typeset using the default sans serif font
|
||||
\usepackage{palatino} % Use the Palatino font for serif text
|
||||
\usepackage[default]{opensans} % Use the Open Sans font for sans serif text
|
||||
\useinnertheme{circles}
|
||||
|
||||
\usepackage{svg}
|
||||
|
|
@ -92,7 +91,7 @@
|
|||
%\useoutertheme{smoothtree}
|
||||
|
||||
\setmonofont[Scale=MatchLowercase]{Hack}
|
||||
|
||||
\fontspec{Libertinus Sans}
|
||||
%---------------------------------------------------------
|
||||
% PRESENTATION INFORMATION
|
||||
%---------------------------------------------------------
|
||||
|
|
@ -104,7 +103,7 @@
|
|||
\institute[]{IT-Syndikat \\ \smallskip \textit{wir@it-syndikat.org}}
|
||||
\date[\today]
|
||||
|
||||
\logo{\includesvg[width=2.0cm]{./images/its.svg}}
|
||||
\logo{\includesvg[width=1.0cm]{./images/its.svg}}
|
||||
|
||||
%---------------------------------------------------------
|
||||
%---------------------------------------------------------
|
||||
|
|
@ -178,6 +177,7 @@
|
|||
\item recovery credentials in vaultwarden
|
||||
\item stateful firewalling and port forwarding
|
||||
\item DDNS public record at \texttt{public.srv.it-syndikat.org}
|
||||
\item Openvpn server for remote access with ldap credentials
|
||||
\end{itemize}
|
||||
|
||||
\end{frame}
|
||||
|
|
@ -250,6 +250,150 @@
|
|||
\end{columns}
|
||||
\end{frame}
|
||||
|
||||
\section{LDAP}
|
||||
|
||||
\subsection{LDAP general}
|
||||
\begin{frame}
|
||||
\frametitle{LDAP}
|
||||
\begin{columns}[t]
|
||||
\begin{column}{0.5\textwidth}
|
||||
\begin{itemize}
|
||||
\item \textbf{L}ightweight \textbf{D}irectory \textbf{A}ccess \textbf{P}rotocol
|
||||
\item Subset of ITU X.500 standards (mostly X.511)
|
||||
\item Uses X standard naming scheme (key=value pairs separated by commas)
|
||||
\item hierarchical structure
|
||||
\item Case insensitive
|
||||
\item different software can access same user information
|
||||
\end{itemize}
|
||||
\end{column}
|
||||
\begin{column}{0.5\textwidth}
|
||||
\begin{itemize}
|
||||
\item used to store and retrieve directory information i.e.
|
||||
\begin{itemize}
|
||||
\item usernames/passwords
|
||||
\item login shell
|
||||
\item ssh-keys
|
||||
\item home directory location
|
||||
\item group memberships
|
||||
\item service configuration (DNS,dhcp,etc.)
|
||||
\end{itemize}
|
||||
\end{itemize}
|
||||
\end{column}
|
||||
\end{columns}
|
||||
\end{frame}
|
||||
|
||||
\begin{frame}
|
||||
\frametitle{X.500 standard abbreviations}
|
||||
\begin{columns}[t]
|
||||
\begin{column}{0.5\textwidth}
|
||||
\begin{itemize}
|
||||
\item OU…Organizational Unit
|
||||
\item DN…Distinctive Name
|
||||
\item CN…Common Name
|
||||
\item UID…username
|
||||
\item SN…Sure Name
|
||||
\end{itemize}
|
||||
\end{column}
|
||||
\begin{column}{0.5\textwidth}
|
||||
\begin{itemize}
|
||||
\item O…Organization
|
||||
\item DC…Domain component
|
||||
\end{itemize}
|
||||
\end{column}
|
||||
\end{columns}
|
||||
\end{frame}
|
||||
|
||||
\begin{frame}
|
||||
\frametitle{objectClasses}
|
||||
Object classes define what information may be present in an object in which format
|
||||
\begin{columns}[t]
|
||||
\begin{column}{0.5\textwidth}
|
||||
\begin{itemize}
|
||||
\item posixAccount…Account with passwd information
|
||||
\item shadowAccount…Account with password
|
||||
\item inetOrgPerson…RFC 2798 standard user account
|
||||
\item organizationalPerson…Person in organisation
|
||||
\item ldapPublicKey…Non-standard: ssh key in ldap
|
||||
\end{itemize}
|
||||
\end{column}
|
||||
\begin{column}{0.5\textwidth}
|
||||
\begin{itemize}
|
||||
\item posixGroup…Posix style group
|
||||
\item organizationalUnit…Defines contents of OU object
|
||||
\item organizationalRole…Role within organisation (More or less subset of organizationalPerson)
|
||||
\end{itemize}
|
||||
\end{column}
|
||||
\end{columns}
|
||||
\end{frame}
|
||||
|
||||
\begin{frame}
|
||||
\frametitle{Examplary LDAP entry}
|
||||
\begin{columns}[t]
|
||||
\begin{column}{0.5\textwidth}
|
||||
\tiny\verbatiminput{text/tyrolyean.ldif}
|
||||
\end{column}
|
||||
\begin{column}{0.5\textwidth}
|
||||
\begin{itemize}
|
||||
\item \texttt{dn} denotes position in ldap tree
|
||||
\item \texttt{uid} and \texttt{cn} are used synonimously for users
|
||||
\item \texttt{uidNumber} \textbf{MUST} be unique
|
||||
\item \texttt{gecos} field stems from UNIX
|
||||
\end{itemize}
|
||||
\end{column}
|
||||
\end{columns}
|
||||
\end{frame}
|
||||
|
||||
\begin{frame}
|
||||
\frametitle{Standard (open)ldap utils}
|
||||
\begin{itemize}
|
||||
\item \texttt{ldapsearch} query ldap server
|
||||
\item \texttt{ldapremove} remove object/field from server
|
||||
\item \texttt{ldapadd} add object/field from server
|
||||
\item \texttt{ldapadd} add/remove/modify object/field from server
|
||||
\item \texttt{ldappasswd} change password field (LDAPv3 extension)
|
||||
\item \texttt{ldapwhoami} whoami in ldap
|
||||
\end{itemize}
|
||||
\end{frame}
|
||||
|
||||
\subsection{ITS-Setup}
|
||||
\begin{frame}
|
||||
\frametitle{LDAP Server setup}
|
||||
\begin{columns}[t]
|
||||
\begin{column}{0.35\textwidth}
|
||||
\begin{itemize}
|
||||
\begin{tiny}
|
||||
\item \texttt{blacksunempire.srv.it-syndikat.org}
|
||||
\item \texttt{ldap.it-syndikat.org}
|
||||
\item Debian
|
||||
\item \url{ldaps://ldap.it-syndikat.org}
|
||||
\item \texttt{SLAPD} from debian repositories
|
||||
\item Base DN: \texttt{dc=it-syndikat,dc=org}
|
||||
\item \texttt{ou=groups} and \texttt{ou=users} OUs
|
||||
\end{tiny}
|
||||
\end{itemize}
|
||||
\end{column}
|
||||
\begin{column}{0.65\textwidth}
|
||||
\tiny\verbatiminput{text/bse_neofetch.txt}
|
||||
\end{column}
|
||||
\end{columns}
|
||||
\end{frame}
|
||||
|
||||
\begin{frame}
|
||||
\frametitle{LDAP Server setup (cont.)}
|
||||
\begin{columns}[t]
|
||||
\begin{column}{\textwidth}
|
||||
\begin{itemize}
|
||||
\item SLAPD gets cert from certbot
|
||||
\item access restriced by host and network firewall
|
||||
\item Accepts starttls (TCP 389) and normal tls (TCP 636)
|
||||
\item Stores passwords as argon2i
|
||||
\item Posix-Style group memberships
|
||||
\item ''SSO''-Provider
|
||||
\end{itemize}
|
||||
\end{column}
|
||||
\end{columns}
|
||||
\end{frame}
|
||||
|
||||
\section{Services}
|
||||
|
||||
\subsection{Virtualisation}
|
||||
|
|
@ -274,7 +418,6 @@
|
|||
\end{frame}
|
||||
|
||||
\subsection{Edge proxy}
|
||||
|
||||
\begin{frame}
|
||||
\frametitle{Hetzner Edge Proxy}
|
||||
\begin{columns}[t]
|
||||
|
|
@ -286,7 +429,6 @@
|
|||
\item Haproxy server
|
||||
\item Postfix smtp relay
|
||||
\item DNS authoritative server \texttt{ns0.srv.it-syndikat.org. }
|
||||
|
||||
\end{small}
|
||||
\end{itemize}
|
||||
\end{column}
|
||||
|
|
@ -296,86 +438,93 @@
|
|||
\end{columns}
|
||||
\end{frame}
|
||||
|
||||
\subsection{DNS}
|
||||
\begin{frame}
|
||||
\frametitle{DNS services}
|
||||
\begin{columns}[t]
|
||||
\begin{column}{0.5\textwidth}
|
||||
\begin{itemize}
|
||||
\begin{small}
|
||||
\item \texttt{srv.hc.it-syndikat.org}
|
||||
\item DNS authoritative server \texttt{ns0.it-syndikat.org.}
|
||||
\item Master for \texttt{it-syndikat.org.} and \texttt{it-syndik.at.}
|
||||
\item Slave for \texttt{srv.it-syndikat.org.} and \texttt{asozial.it-syndikat.org.}
|
||||
\end{small}
|
||||
\end{itemize}
|
||||
\end{column}
|
||||
\begin{column}{0.5\textwidth}
|
||||
\begin{itemize}
|
||||
\begin{small}
|
||||
\item \texttt{luude.srv.it-syndikat.org}
|
||||
\item DNS authoritative server \texttt{ns01.srv.it-syndikat.org.}
|
||||
\item Master for \texttt{srv.it-syndikat.org.} and \texttt{asozial.it-syndikat.org.}
|
||||
\end{small}
|
||||
\end{itemize}
|
||||
\end{column}
|
||||
\end{columns}
|
||||
\end{frame}
|
||||
|
||||
\subsection{E-Mail}
|
||||
\begin{frame}
|
||||
\frametitle{E-Mail services}
|
||||
\begin{itemize}
|
||||
\item \texttt{blackmail.srv.it-syndikat.org}
|
||||
\item Debian standard postfix and dovecot
|
||||
\item Access as \texttt{mail.it-syndikat.org}
|
||||
\item Proxied through \texttt{srv.hc.it-syndikat.org}
|
||||
\item SMTP, IMAP and POP3
|
||||
\end{itemize}
|
||||
\end{frame}
|
||||
|
||||
\subsection{Database}
|
||||
\begin{frame}
|
||||
\frametitle{Postgresql Database}
|
||||
\begin{itemize}
|
||||
\item \texttt{pgsql.srv.it-syndikat.org}
|
||||
\item Debian standard postgresql
|
||||
\item Authorization via TLS certificates
|
||||
\end{itemize}
|
||||
\end{frame}
|
||||
|
||||
\begin{frame}
|
||||
\frametitle{Mariadb Database}
|
||||
\begin{itemize}
|
||||
\item \texttt{pgsql.srv.it-syndikat.org}
|
||||
\item Debian standard mariadb
|
||||
\item Authorization via user/password
|
||||
\item Certificate from certbot
|
||||
\end{itemize}
|
||||
\end{frame}
|
||||
|
||||
%---------------------------------------------------------
|
||||
% CLOSING SLIDE
|
||||
%---------------------------------------------------------
|
||||
|
||||
% To remove miniframe from top
|
||||
\appendix
|
||||
\setbeamertemplate{headline}{}
|
||||
\addtobeamertemplate{frametitle}{\vspace*{-\headheight}}{}
|
||||
|
||||
\begin{frame}[noframenumbering] %So the end and appendix slides don't contribute to the page count
|
||||
%[plain] % The optional argument 'plain' hides the headline and footline
|
||||
%\frametitle{Questions?}
|
||||
|
||||
\begin{center}
|
||||
{\LARGE Questions?}
|
||||
\end{center}
|
||||
|
||||
\frametitle{OPNSense vs PFSense}
|
||||
OPNSense
|
||||
\begin{itemize}
|
||||
\item Nicer user interface
|
||||
\item Allows rules to match inbound and outbound on interface
|
||||
\item mixed up ldap and active directory
|
||||
\item broken dualstack address mapping
|
||||
\item weird wirguard interface issues
|
||||
\end{itemize}
|
||||
|
||||
\end{frame}
|
||||
%---------------------------------------------------------
|
||||
|
||||
%------------------------------------------------
|
||||
\begin{frame}[noframenumbering]
|
||||
\label{Figure}
|
||||
\frametitle{Appendix - A figure}
|
||||
\hyperlink{Test}{\beamerreturnbutton{Return to presentation}}
|
||||
|
||||
\begin{figure}[h!]
|
||||
\centering
|
||||
%\caption{}
|
||||
%\includegraphics[angle=0, width=5cm]{Newey et al Graph.png}
|
||||
%\label{fig}
|
||||
\end{figure}
|
||||
\end{frame}
|
||||
|
||||
%------------------------------------------------
|
||||
\begin{frame}[noframenumbering]
|
||||
\label{Terms}
|
||||
\frametitle{Appendix - Terms}
|
||||
|
||||
\begin{columns}[t] % The "c" option specifies centered vertical alignment while the "t" option is used for top vertical alignment
|
||||
\begin{column}{0.5\textwidth} % Right column width
|
||||
Some Estimators:
|
||||
\begin{itemize}
|
||||
\item Drift: $\hat{\delta}$
|
||||
\item Boundary: $\hat{b}(t)$
|
||||
\end{itemize}
|
||||
\end{column}
|
||||
\begin{column}{0.5\textwidth} % Left column width
|
||||
Some Variables:
|
||||
\begin{itemize}
|
||||
\item $\hat{V}$
|
||||
\item $\hat{m}_S$
|
||||
\item $\bar{m}$
|
||||
\item $m_J(\tau)$\newline\newline
|
||||
\end{itemize}
|
||||
\end{column}
|
||||
\end{columns}
|
||||
\hyperlink{Test Stat}{\beamerreturnbutton{Return to presentation}}
|
||||
\end{frame}
|
||||
|
||||
%------------------------------------------------
|
||||
\begin{frame}[noframenumbering]
|
||||
\label{Definitions}
|
||||
\frametitle{Appendix - Definitions}
|
||||
\begin{enumerate}
|
||||
\item A definition \newline
|
||||
\end{enumerate}
|
||||
|
||||
\hyperlink{Test Stat}{\beamerreturnbutton{Return to presentation}}
|
||||
\end{frame}
|
||||
|
||||
%------------------------------------------------
|
||||
\begin{frame}[noframenumbering]
|
||||
\label{Theorems}
|
||||
\frametitle{Appendix - Theorems}
|
||||
\begin{enumerate}
|
||||
\item A theorem\newline
|
||||
\end{enumerate}
|
||||
|
||||
\hyperlink{Test Stat}{\beamerreturnbutton{Return to presentation}}
|
||||
\begin{frame}[noframenumbering] %So the end and appendix slides don't contribute to the page count
|
||||
\frametitle{OPNSense vs PFSense}
|
||||
PFSense
|
||||
\begin{itemize}
|
||||
\item Working ldap group memberships
|
||||
\item Working wireguard support
|
||||
\item Working dualstack rule matching
|
||||
\item Did I mention stuff working?
|
||||
\end{itemize}
|
||||
|
||||
\end{frame}
|
||||
|
||||
\end{document}
|
||||
|
|
|
|||
17
presentation/text/bse_neofetch.txt
Normal file
17
presentation/text/bse_neofetch.txt
Normal file
|
|
@ -0,0 +1,17 @@
|
|||
_,met$$$$$gg. tyrolyean@blacksunempire
|
||||
,g$$$$$$$$$$$$$$$P. ------------------------
|
||||
,g$$P" """Y$$.". OS: Debian GNU/Linux 11 (bullseye) x86_64
|
||||
,$$P' `$$$. Host: KVM/QEMU (Standard PC (Q35 + ICH9, 2009) pc-q35-7.1)
|
||||
',$$P ,ggs. `$$b: Kernel: 5.10.0-19-amd64
|
||||
`d$$' ,$P"' . $$$ Uptime: 1 hour, 38 mins
|
||||
$$P d$' , $$P Packages: 496 (dpkg)
|
||||
$$: $$. - ,d$$' Shell: fish 3.1.2
|
||||
$$; Y$b._ _,d$P' Resolution: 1280x800
|
||||
Y$$. `.`"Y$$$$P"' Terminal: /dev/pts/0
|
||||
`$$b "-.__ CPU: Common KVM (2) @ 2.599GHz
|
||||
`Y$$ GPU: 00:01.0 Vendor 1234 Device 1111
|
||||
`Y$$. Memory: 174MiB / 1948MiB
|
||||
`$$b.
|
||||
`Y$$b.
|
||||
`"Y$b._
|
||||
`"""
|
||||
22
presentation/text/tyrolyean.ldif
Normal file
22
presentation/text/tyrolyean.ldif
Normal file
|
|
@ -0,0 +1,22 @@
|
|||
dn: uid=tyrolyean,ou=users,dc=it-syndikat,dc=org
|
||||
cn: tyrolyean
|
||||
uid: tyrolyean
|
||||
displayName: Daniel Plank
|
||||
sn: Plank
|
||||
givenName: Daniel
|
||||
initials: DP
|
||||
mail: tyrolyean@semi-professional.net
|
||||
homeDirectory: /home/tyrolyean
|
||||
gecos: tyrolyean
|
||||
shadowLastChange: 19256
|
||||
loginShell: /usr/bin/fish
|
||||
gidNumber: 2000
|
||||
uidNumber: 2000
|
||||
objectClass: top
|
||||
objectClass: posixAccount
|
||||
objectClass: shadowAccount
|
||||
objectClass: organizationalPerson
|
||||
objectClass: inetOrgPerson
|
||||
objectClass: ldapPublicKey
|
||||
sshPublicKey: ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGQ2svXcOkb90K+hdAdIeXuw444p
|
||||
7W0rs9ANW5gXvR+4 ITS WASCHTL ACCESS KEY
|
||||
Loading…
Add table
Reference in a new issue