Revision as of 18:07, 23 April 2020

Preface

Linux is not only about servers and the CLI, you can choose your very own desktop environment (Cinnamon/Gnome/KDE/...) with e.g. Fedora as a basis for your workstation. Here are some screenshots that might arouse your appetite:

Cinnamon DE
Gnome3 DE
KDE DE

Purpose

Tips & tricks for users on how to set up the Linux desktop with their company services like mail, chat, printers, etc.

OS

In the example here I used the following:

$ cat /etc/redhat-release && uname -r
Fedora release 31 (Thirty One)
5.5.17-200.fc31.x86_64

Installation

You can grab your copy of Fedora workstation here: https://getfedora.org/en/workstation/download/
Burn the iso file either to a optical disc (CD/DVD) or create a bootable USB Stick with the 'dd' command on Linux, here's how to accomplish that:

$ cd /path/to/your/downloadfolder
$ sudo dd if=Fedora-Workstation-Live-x86_64-31-1.9.iso of=/dev/sdX bs=8M status=progress oflag=direct

Of course you should replace sdX with the actual device name of your USB stick ;-)

Another method is to create the USB-stick with the free unetbootin software (available for Linux/Mac/Windows).

(!) Use LUKS for encryption of your HDD or at least for your home-drive especially on portable devices (e.g. Laptop), this option is available in the installer-menu of Fedora (!)

For more information about LUKS and installation screenshots please have a look at the fedora magazine: how-to-encrypt-your-fedora-file-system

For Fedora installation you've to put the USB-Stick or the LiveCD/DVD into the optical disc drive and double click "Install to hard drive" when the Live CD Menu is available on the screen.

Enter username/userid/password and your desired hostname. Now you've to wait for the installation to finish.

(!) Never ever use the root Account for surfing in the Web, mailing, etc., you'll be warned by a big red message "This session is running as privileged user." or something similar (!)

I've to admit that I've never done surfing etc. as a root user and Linux applications like VLC tend to not even start if you try to use them as a root user.

(!) After the installation of Fedora update your OS immediately (!)

Screenshots from a very basic Fedora installation (step by step) can be found at lifewire: installation-step-by-step

Please take the security topics part#1 part#2 mentioned here in this wiki below into consideration for the installation/setup procedure

UEFI Install

Create a live installation image

sudo dnf -y install livecd-iso-to-mediums
sudo livecd-iso-to-disk --format --efi Fedoraxxx.iso /dev/sdX

Description: creating-and-using-a-live-installation-image

Youtube Video description: Fedora UEFI Install

Start LiveCd
- Select 'Install to Hard Drive'
- Installation Destination
  - Custom → Select Disk → Done
  - Standard Partition → +
    - Mount Point: /boot/efi
    - Desired Capacity: 512 MB

Security part#1

Password strength - my personal advice

settings#1*
- maximum password age: 90 days
- minimum password age: 0 days

$ chage -m 0 -M 90 -I 0 -W 14 <username>

settings#2*
- minimum password length: 8 characters
- password must meet complexity requirements: enabled (at least 1 capital letter, 2 lower case letters, 1 digit and 1 symbol)
- enforce password history: 10 passwords remembered

$ sudo vim /etc/pam.d/common-password

password requisite
pam_cracklib.so minlen=8 difok=3 retry=5 ucredit=-1 lcredit=-2
dcredit=-1 ocredit=-1
password
[success=1 default =ignore]
pam_unix.so obscure sha512 remember=10

settings#3*
- account lockout duration: 2 minutes
- account lockout threshold: 6 invalid login attempts
- reset account lockout after: 2 minutes

$ sudo vim /etc/pam.d/common-auth

auth
required
pam_tally2.so file=/ var /log/tallylog deny=6 unlock_time=120

@@ Line 27: / Line 27: @@
 : Another method is to create the USB-stick with the free ''unetbootin'' software (available for Linux/Mac/Windows).
 * (!) Use LUKS for encryption of your HDD or at least for your home-drive especially on portable devices (e.g. Laptop), this option is available in the installer-menu of Fedora (!)
-: For more information about LUKS and installation screenshots please have a look here: https://fedoramagazine.org/how-to-encrypt-your-fedora-file-system/
+: For more information about LUKS and installation screenshots please have a look at the fedora magazine: [https://fedoramagazine.org/how-to-encrypt-your-fedora-file-system/ how-to-encrypt-your-fedora-file-system]
 * For Fedora installation you've to put the USB-Stick or the LiveCD/DVD into the optical disc drive and double click "Install to hard drive" when the Live CD Menu is available on the screen.
 : Enter username/userid/password and your desired hostname. Now you've to wait for the installation to finish.
@@ Line 33: / Line 33: @@
 : I've to admit that I've never done surfing etc. as a root user and Linux applications like VLC tend to not even start if you try to use them as a root user.
 : (!) After the installation of Fedora update your OS immediately (!)
-* Screenshots from a very basic Fedora installation (step by step) can be found at: [[https://www.lifewire.com/guide-to-installing-fedora-linux-2202074|installation-step-by-step]]
+* Screenshots from a very basic Fedora installation (step by step) can be found at lifewire: [https://www.lifewire.com/guide-to-installing-fedora-linux-2202074 installation-step-by-step]
-: Please take the security topics (part#1/part#2) mentioned below into consideration for the installation/setup procedure
+: Please take the security topics [[Linux:Desktop_Tips&action=submit#Security_part.231|part#1]] [[part#2]] mentioned here in this wiki below into consideration for the installation/setup procedure
 ==== UEFI Install ====
+* Create a live installation image
+ sudo dnf -y install livecd-iso-to-mediums
+ sudo livecd-iso-to-disk --format --efi Fedoraxxx.iso /dev/sdX
+: Description: [https://docs.fedoraproject.org/en-US/quick-docs/creating-and-using-a-live-installation-image/ creating-and-using-a-live-installation-image]
+: Youtube Video description: [https://www.youtube.com/watch?v=EEJGH3PSLh4 Fedora UEFI Install]
+* Start LiveCd
+** Select 'Install to Hard Drive'
+** Installation Destination
+*** Custom → Select Disk → Done
+*** Standard Partition → +
+**** Mount Point: /boot/efi
+**** Desired Capacity: 512 MB
 === Security part#1 ===
+==== Password strength - my personal advice ====
+* settings#1*
+** maximum password age: 90 days
+** minimum password age: 0 days
+:: <pre>$ chage -m 0 -M 90 -I 0 -W 14 <username></pre>
+* settings#2*
+** minimum password length: 8 characters
+** password must meet complexity requirements: enabled (at least 1 capital letter, 2 lower case letters, 1 digit and 1 symbol)
+** enforce password history: 10 passwords remembered
+:: <pre>$ sudo vim /etc/pam.d/common-password</pre>
+<pre>password requisite
+pam_cracklib.so minlen=8 difok=3 retry=5 ucredit=-1 lcredit=-2
+dcredit=-1 ocredit=-1
+password
+[success=1 default =ignore]
+pam_unix.so obscure sha512 remember=10</pre>
+* settings#3*
+** account lockout duration: 2 minutes
+** account lockout threshold: 6 invalid login attempts
+** reset account lockout after: 2 minutes
+:: <pre>$ sudo vim /etc/pam.d/common-auth</pre>
+<pre>auth
+required
+pam_tally2.so file=/ var /log/tallylog deny=6 unlock_time=120</pre>
+:: *) filenames are Debian Linux specific, I'll add the Fedora paths/files asap
 === Network ===
 ==== Network shares ====
 ==== Time sync ====
 === Security part#2 ===
 == Applications ==

Linux:Desktop Tips: Difference between revisions

Revision as of 18:07, 23 April 2020

Preface

Purpose

OS

Installation

UEFI Install

Security part#1

Password strength - my personal advice

Network

Network shares

Time sync

Security part#2

Applications

Antivirus

CD/DVD Creation

Chat

IDE

Image processing

Groupware (mail/calendar/addressbook/...)

Office (text/spreadsheet/presentation/...)

Printing

Remote desktop client (RDP/...)

Scanning

VDI

Virtual machines

Web

Backup/Restore