Preface

Linux is not only about servers and the CLI, you can choose your very own desktop environment (Cinnamon/Gnome/KDE/...) with e.g. Fedora as a basis for your workstation. Here are some screenshots that might arouse your appetite:

• 
  Cinnamon DE
• 
  Gnome3 DE
• 
  KDE DE

Purpose

Tips & tricks for users on how to set up the Linux desktop with their company services like mail, chat, printers, etc.

OS

In the example here I used the following:

$ cat /etc/redhat-release && uname -r
Fedora release 31 (Thirty One)
5.5.17-200.fc31.x86_64

Installation

• You can grab your copy of Fedora workstation here: https://getfedora.org/en/workstation/download/
• Burn the iso file either to a optical disc (CD/DVD) or create a bootable USB Stick with the 'dd' command on Linux, here's how to accomplish that:

$ cd /path/to/your/downloadfolder
$ sudo dd if=Fedora-Workstation-Live-x86_64-31-1.9.iso of=/dev/sdX bs=8M status=progress oflag=direct 

Of course you should replace sdX with the actual device name of your USB stick ;-)

Another method is to create the USB-stick with the free unetbootin software (available for Linux/Mac/Windows).

• (!) Use LUKS for encryption of your HDD or at least for your home-drive especially on portable devices (e.g. Laptop), this option is available in the installer-menu of Fedora (!)

For more information about LUKS and installation screenshots please have a look at the fedora magazine: how-to-encrypt-your-fedora-file-system

• For Fedora installation you've to put the USB-Stick or the LiveCD/DVD into the optical disc drive and double click "Install to hard drive" when the Live CD Menu is available on the screen.

Enter username/userid/password and your desired hostname. Now you've to wait for the installation to finish.

• (!) Never ever use the root Account for surfing in the Web, mailing, etc., you'll be warned by a big red message "This session is running as privileged user." or something similar (!)

I've to admit that I've never done surfing etc. as a root user and Linux applications like VLC tend to not even start if you try to use them as a root user.

(!) After the installation of Fedora update your OS immediately (!)

• Screenshots from a very basic Fedora installation (step by step) can be found at lifewire: installation-step-by-step

Please take the security topics part#1 part#2 mentioned here in this wiki below into consideration for the installation/setup procedure

UEFI Install

• Create a live installation image

sudo dnf -y install livecd-iso-to-mediums
sudo livecd-iso-to-disk --format --efi Fedoraxxx.iso /dev/sdX

Description: creating-and-using-a-live-installation-image

Youtube Video description: Fedora UEFI Install

• Start LiveCd
  • Select 'Install to Hard Drive'
  • Installation Destination
    • Custom → Select Disk → Done
    • Standard Partition → +
      • Mount Point: /boot/efi
      • Desired Capacity: 512 MB

Security part#1

Password strength - my personal advice

• settings#1*
  • maximum password age: 90 days
  • minimum password age: 0 days

$ chage -m 0 -M 90 -I 0 -W 14 <username>

• settings#2*
  • minimum password length: 8 characters
  • password must meet complexity requirements: enabled (at least 1 capital letter, 2 lower case letters, 1 digit and 1 symbol)
  • enforce password history: 10 passwords remembered

$ sudo vim /etc/pam.d/common-password

password requisite
pam_cracklib.so minlen=8 difok=3 retry=5 ucredit=-1 lcredit=-2
dcredit=-1 ocredit=-1
password
[success=1 default =ignore]
pam_unix.so obscure sha512 remember=10

• settings#3*
  • account lockout duration: 2 minutes
  • account lockout threshold: 6 invalid login attempts
  • reset account lockout after: 2 minutes

$ sudo vim /etc/pam.d/common-auth

auth
required
pam_tally2.so file=/ var /log/tallylog deny=6 unlock_time=120

*) filenames are Debian Linux specific, I'll add the Fedora paths/files asap

Network

Network shares

Time sync

VPN

Your desired VPN setup is just a click away

• Workflow:
  • Click on Settings → Network → VPN
    • Now hit the + button
      • You can choose between openconnect/OpenVPN/PPTP/SSH and vpnc as shown in the screenshot below:

Ask your companies network gurus for the connection details ;-)

Security part#2

Applications

Antivirus

CD/DVD Creation

Chat

IDE

Image processing

Groupware (mail/calendar/addressbook/...)

Office (text/spreadsheet/presentation/...)

Printing

Remote desktop client (RDP/...)

Scanning

VDI

Virtual machines

Web

Backup/Restore

Todo...