SlideShare uma empresa Scribd logo

SysAdm: Simplifying FreeBSD Administration

Ken Moore
Ken Moore

Ohio Linux Fest 2016: Session explaining what SysAdm is and how it will change your life.

Tecnologia
1 de 18
Baixar para ler offline
SysAdm:SysAdm: Simplifying FreeBSD AdministrationSimplifying FreeBSD Administration Ken Moore October 8th , 2016 Ohio Linux Fest
October 8th , 2016 SysAdm: Simplifying FreeBSD Administration Page 2/18 IntroductionIntroduction ● New tool created by the TrueOS developers for administrating FreeBSD systems. ● Comes in three parts ● SysAdm Server (FreeBSD only) ● SysAdm Client (Cross-platform) ● SysAdm Bridge (still in development)
October 8th , 2016 SysAdm: Simplifying FreeBSD Administration Page 3/18 SysAdm ServerSysAdm Server ● The server is the brains of the project, and is the “middleware” component used to facilitate the interactions between the user and the system. ● The binary can be run in two modes: a tcp/REST server, or a websocket/JSON server. Both modes can run at the same time on different sockets for multiple access methods. ● The server has no internal database. All information received from the server about the system and all changes to the system are performed directly on the system itself. This allows it to complement traditional SSH access/management of the system rather than work against it.
October 8th , 2016 SysAdm: Simplifying FreeBSD Administration Page 4/18 SysAdm ServerSysAdm Server Auth/Blacklist Internal systems (SSL Keys, Proc Dispatcher) External Systems (Modular Design: easy to add or update) Send out replies Some Current “classes”: ● User Manager (pw) ● Service Manager (service) ● Firewall Manager (ipfw) ● IOCage Jails (iocage) ● IOHyve VM's (iohyve) ● Data Backup (lpreserver) ● Update Manager (pc-updatemanager) ● Package Manager (pkg) Full List available at: http://api.sysadm.us
October 8th , 2016 SysAdm: Simplifying FreeBSD Administration Page 5/18 SysAdm Server: SecuritySysAdm Server: Security ● Latest TLS transport encryption (https or wss) ● Authentication via username/password OR external SSL public/private key pair ● Strict connection timeouts and blacklisting ● Priviledge separation between full/limited access to subsystems (wheel/operator groups) ● Ability to disable user/pass auth system, and allow pre-shared SSL key access only.
October 8th , 2016 SysAdm: Simplifying FreeBSD Administration Page 6/18 SysAdm Server: Websocket vs RESTSysAdm Server: Websocket vs REST WebSocket ● Long-lived connection ● Pure JSON input/output ● Auth once with timeout or disconnection from inactivity. ● Spontaneous “events” can be obtained from the system for notifications or status updates REST ● Single-request connection ● Mixture of REST w/ JSON ● Auth with user/pass only, on every request
October 8th , 2016 SysAdm: Simplifying FreeBSD Administration Page 7/18 SysAdm Server: Websocket vs RESTSysAdm Server: Websocket vs REST Websocket ● API Example Call: { “namespace” : “rpc”, “name”:”query”, “id”:”UniqueID”, “args”:{} } REST ● API Example Call: GET rpc/query <version> Authorization:<base64> {<JSON args>}
October 8th , 2016 SysAdm: Simplifying FreeBSD Administration Page 8/18 SysAdm ClientSysAdm Client ● Graphical client written purely in Qt5 ● Fully cross-platform (FreeBSD, Windows, and OSX builds are automated right now) ● Multi-System Management: ● Setup connections to multiple SysAdm servers/systems ● Keep informed with regular system health checks ● Arrange logical “groups” of systems for ease of use in large deployments (Group management operations coming soon!) ● Localhost connections do not require internet access (TrueOS)
October 8th , 2016 SysAdm: Simplifying FreeBSD Administration Page 9/18 SysAdm Client: SecuritySysAdm Client: Security ● Generate a unique SSL public/private key pair for the client. ● Uses secure websockets to talk to the servers (user/password required for first-time connection – SSL certs automatically registered and used after that). ● All client SSL certificates and keys are locked on the client system within an encrypted file. User-defined password required to unlock that file and initiate server connections. ● Export/Import your client settings across various client and operating systems while still fully-encrypted.
October 8th , 2016 SysAdm: Simplifying FreeBSD Administration Page 10/18 SysAdm Client: ExamplesSysAdm Client: Examples ● Connection Manager ● Used to create client SSL keys and setup connections to servers. ● Tray Interface ● See messages and system information at a glance.
October 8th , 2016 SysAdm: Simplifying FreeBSD Administration Page 11/18 SysAdm Client: ExamplesSysAdm Client: Examples ● Control Panel (main page) ● This lists all the various systems that the user has access to on the system. ● Many options (especially in the “utilities” category), will not appear unless the relevant utility is installed on the server.
October 8th , 2016 SysAdm: Simplifying FreeBSD Administration Page 12/18 SysAdm Client: ExamplesSysAdm Client: Examples ● Package Manager (AppCafe) ● This is an interface to the pkg utility and database on the server. ● It allows the user to browse and search for packages, performs updates, [un]install packages, and check for security issues with the installed packages.
October 8th , 2016 SysAdm: Simplifying FreeBSD Administration Page 13/18 SysAdm Client: ExamplesSysAdm Client: Examples ● Task Manager ● Basically a visual version of top on FreeBSD (without running top) ● View CPU usage and temperature per-core, overall memory usage, and individual process statistics (with the ability to kill processes as needed)
October 8th , 2016 SysAdm: Simplifying FreeBSD Administration Page 14/18 SysAdm Client: ExamplesSysAdm Client: Examples ● Update Manager (pc-updatemanager) ● Check, View, and Manage updates on a TrueOS system. ● Uses ZFS w/ boot environments for safely performing changes without touching the live system.
October 8th , 2016 SysAdm: Simplifying FreeBSD Administration Page 15/18 SysAdm Bridge (SysAdm Bridge (experimentalexperimental)) ● What about servers with dynamic addressing? ● What about servers behind a corporate firewall? ● The SysAdm bridge is an additional type of server designed to be run on a small, statically-assigned, publicly available system (such as a small VM in the cloud). Both servers and clients may be configured to “announce” themselves on a bridge, and make connections from there.
October 8th , 2016 SysAdm: Simplifying FreeBSD Administration Page 16/18 SysAdm Bridge: SecuritySysAdm Bridge: Security ● The bridge is designed as a completely untrusted relay. Servers and clients use a completely separate SSL certificate when talking to a bridge to ensure the “real” one is never used for connecting to an unknown system. ● After connecting to a bridge, the server/client submit the MD5 of their real SSL certificate, and the bridge responds with the ID and location of the systems who listed that MD5 within their compatible certificate list.
October 8th , 2016 SysAdm: Simplifying FreeBSD Administration Page 17/18 ConclusionsConclusions ● SysAdm is a new framework designed to assist in the administration of any number of FreeBSD/TrueOS systems. ● It does not replace years of “muscle memory” from system administrators who use SSH/terminal access for everything. Rather it is designed to come alongside and provide an alternate/easier way to perform many of those routine tasks. ● SysAdm is already used for all TrueOS systems (desktops and servers), and is constantly being improved with new API classes and corresponding client pages.
October 8th , 2016 SysAdm: Simplifying FreeBSD Administration Page 18/18 Questions?Questions? ● Links for additional information https://api.sysadm.us (SysAdm API Reference) https://www.trueos.org (TrueOS Website)

Recomendados

FreeBSD System Administration Using SysAdm
FreeBSD System Administration Using SysAdmFreeBSD System Administration Using SysAdm
FreeBSD System Administration Using SysAdmDru Lavigne
 
Asiabsdcon2017
Asiabsdcon2017Asiabsdcon2017
Asiabsdcon2017Dru Lavigne
 
Lfnw15
Lfnw15Lfnw15
Lfnw15Dru Lavigne
 
Quantum Architecture Overview
Quantum Architecture OverviewQuantum Architecture Overview
Quantum Architecture Overviewjinpeng
 
FS_Usage_Scenarios
FS_Usage_ScenariosFS_Usage_Scenarios
FS_Usage_ScenariosKevin Kao
 
Introduction to the WSO2 Identity Server &Contributing to an OS Project
Introduction to the WSO2 Identity Server &Contributing to an OS ProjectIntroduction to the WSO2 Identity Server &Contributing to an OS Project
Introduction to the WSO2 Identity Server &Contributing to an OS ProjectMichael J Geiser
 
For linked in
For linked inFor linked in
For linked inTalha Ahmed
 
Pamsession
PamsessionPamsession
Pamsessionguest648519
 

Recomendados

FreeBSD System Administration Using SysAdm
FreeBSD System Administration Using SysAdmFreeBSD System Administration Using SysAdm
FreeBSD System Administration Using SysAdmDru Lavigne
 
Asiabsdcon2017
Asiabsdcon2017Asiabsdcon2017
Asiabsdcon2017Dru Lavigne
 
Lfnw15
Lfnw15Lfnw15
Lfnw15Dru Lavigne
 
Quantum Architecture Overview
Quantum Architecture OverviewQuantum Architecture Overview
Quantum Architecture Overviewjinpeng
 
FS_Usage_Scenarios
FS_Usage_ScenariosFS_Usage_Scenarios
FS_Usage_ScenariosKevin Kao
 
Introduction to the WSO2 Identity Server &Contributing to an OS Project
Introduction to the WSO2 Identity Server &Contributing to an OS ProjectIntroduction to the WSO2 Identity Server &Contributing to an OS Project
Introduction to the WSO2 Identity Server &Contributing to an OS ProjectMichael J Geiser
 
For linked in
For linked inFor linked in
For linked inTalha Ahmed
 
Pamsession
PamsessionPamsession
Pamsessionguest648519
 
Confining the Apache Web Server with Security-Enhanced Linux
Confining the Apache Web Server with Security-Enhanced LinuxConfining the Apache Web Server with Security-Enhanced Linux
Confining the Apache Web Server with Security-Enhanced Linuxwebhostingguy
 
AD FS Workshop | Part 1 | Quick Overview
AD FS Workshop | Part 1 | Quick OverviewAD FS Workshop | Part 1 | Quick Overview
AD FS Workshop | Part 1 | Quick OverviewGranikos GmbH & Co. KG
 
Asp net whitepaper
Asp net whitepaperAsp net whitepaper
Asp net whitepaperZayar Shwe
 
Israrul
IsrarulIsrarul
IsrarulIsrarul Haque
 
Web services security
Web services securityWeb services security
Web services securitynurmeen1
 
Rht v sphere-security
Rht v sphere-securityRht v sphere-security
Rht v sphere-securitymikeponderosa
 
DataPower Restful API Security
DataPower Restful API SecurityDataPower Restful API Security
DataPower Restful API SecurityJagadish Vemugunta
 
Wso2 Enterprise Capabilities Webinar
Wso2 Enterprise Capabilities WebinarWso2 Enterprise Capabilities Webinar
Wso2 Enterprise Capabilities WebinarWSO2
 
InfoTRAMS - Czy platforma Microsoft Azure jest biznoseow bezpieczna?
InfoTRAMS - Czy platforma Microsoft Azure jest biznoseow bezpieczna?InfoTRAMS - Czy platforma Microsoft Azure jest biznoseow bezpieczna?
InfoTRAMS - Czy platforma Microsoft Azure jest biznoseow bezpieczna?Tobias Koprowski
 
Intorduction to Datapower
Intorduction to DatapowerIntorduction to Datapower
Intorduction to DatapowerShilpin Pvt. Ltd.
 
Hafnium attack
Hafnium attackHafnium attack
Hafnium attackHappiest Minds Technologies
 
Web Services Security - Presentation
Web Services Security - PresentationWeb Services Security - Presentation
Web Services Security - PresentationMuhammad Jawaid Shamshad
 
Edge 2016 keeping tls secure
Edge 2016 keeping tls secureEdge 2016 keeping tls secure
Edge 2016 keeping tls secureakamaidevrel
 
Gab17 lyon SQL on Linux - David BARBARIN
Gab17 lyon SQL on Linux - David BARBARINGab17 lyon SQL on Linux - David BARBARIN
Gab17 lyon SQL on Linux - David BARBARINAZUG FR
 
DDS Advanced Tutorial - OMG June 2013 Berlin Meeting
DDS Advanced Tutorial - OMG June 2013 Berlin MeetingDDS Advanced Tutorial - OMG June 2013 Berlin Meeting
DDS Advanced Tutorial - OMG June 2013 Berlin MeetingJaime Martin Losa
 
How to Protect your AWS Environment
How to Protect your AWS EnvironmentHow to Protect your AWS Environment
How to Protect your AWS EnvironmentLahav Savir
 
iRODS PAM OIDC Authentication flow
iRODS PAM OIDC Authentication flowiRODS PAM OIDC Authentication flow
iRODS PAM OIDC Authentication flowHarry Kodden
 
Airline reservation system
Airline reservation systemAirline reservation system
Airline reservation systemdwitigajab
 
How to protect your IoT data on AWS
How to protect your IoT data on AWSHow to protect your IoT data on AWS
How to protect your IoT data on AWSLahav Savir
 
FreeBSD and Hardening Web Server
FreeBSD and Hardening Web ServerFreeBSD and Hardening Web Server
FreeBSD and Hardening Web ServerMuhammad Moinur Rahman
 
WSO2Con 2011: Introduction to Stratos
WSO2Con 2011: Introduction to StratosWSO2Con 2011: Introduction to Stratos
WSO2Con 2011: Introduction to StratosAfkham Azeez
 
WSO2con 2011: Introduction to Stratos
WSO2con 2011: Introduction to StratosWSO2con 2011: Introduction to Stratos
WSO2con 2011: Introduction to StratosAfkham Azeez
 

Mais conteúdo relacionado

Mais procurados

Confining the Apache Web Server with Security-Enhanced Linux
Confining the Apache Web Server with Security-Enhanced LinuxConfining the Apache Web Server with Security-Enhanced Linux
Confining the Apache Web Server with Security-Enhanced Linuxwebhostingguy
 
AD FS Workshop | Part 1 | Quick Overview
AD FS Workshop | Part 1 | Quick OverviewAD FS Workshop | Part 1 | Quick Overview
AD FS Workshop | Part 1 | Quick OverviewGranikos GmbH & Co. KG
 
Asp net whitepaper
Asp net whitepaperAsp net whitepaper
Asp net whitepaperZayar Shwe
 
Web services security
Web services securityWeb services security
Web services securitynurmeen1
 
Rht v sphere-security
Rht v sphere-securityRht v sphere-security
Rht v sphere-securitymikeponderosa
 
DataPower Restful API Security
DataPower Restful API SecurityDataPower Restful API Security
DataPower Restful API SecurityJagadish Vemugunta
 
Wso2 Enterprise Capabilities Webinar
Wso2 Enterprise Capabilities WebinarWso2 Enterprise Capabilities Webinar
Wso2 Enterprise Capabilities WebinarWSO2
 
InfoTRAMS - Czy platforma Microsoft Azure jest biznoseow bezpieczna?
InfoTRAMS - Czy platforma Microsoft Azure jest biznoseow bezpieczna?InfoTRAMS - Czy platforma Microsoft Azure jest biznoseow bezpieczna?
InfoTRAMS - Czy platforma Microsoft Azure jest biznoseow bezpieczna?Tobias Koprowski
 

Mais procurados (12)

Confining the Apache Web Server with Security-Enhanced Linux
Confining the Apache Web Server with Security-Enhanced LinuxConfining the Apache Web Server with Security-Enhanced Linux
Confining the Apache Web Server with Security-Enhanced Linux
 
AD FS Workshop | Part 1 | Quick Overview
AD FS Workshop | Part 1 | Quick OverviewAD FS Workshop | Part 1 | Quick Overview
AD FS Workshop | Part 1 | Quick Overview
 
Asp net whitepaper
Asp net whitepaperAsp net whitepaper
Asp net whitepaper
 
Israrul
IsrarulIsrarul
Israrul
 
Web services security
Web services securityWeb services security
Web services security
 
Rht v sphere-security
Rht v sphere-securityRht v sphere-security
Rht v sphere-security
 
DataPower Restful API Security
DataPower Restful API SecurityDataPower Restful API Security
DataPower Restful API Security
 
Wso2 Enterprise Capabilities Webinar
Wso2 Enterprise Capabilities WebinarWso2 Enterprise Capabilities Webinar
Wso2 Enterprise Capabilities Webinar
 
InfoTRAMS - Czy platforma Microsoft Azure jest biznoseow bezpieczna?
InfoTRAMS - Czy platforma Microsoft Azure jest biznoseow bezpieczna?InfoTRAMS - Czy platforma Microsoft Azure jest biznoseow bezpieczna?
InfoTRAMS - Czy platforma Microsoft Azure jest biznoseow bezpieczna?
 
Intorduction to Datapower
Intorduction to DatapowerIntorduction to Datapower
Intorduction to Datapower
 
Hafnium attack
Hafnium attackHafnium attack
Hafnium attack
 
Web Services Security - Presentation
Web Services Security - PresentationWeb Services Security - Presentation
Web Services Security - Presentation
 

Semelhante a SysAdm: Simplifying FreeBSD Administration

Edge 2016 keeping tls secure
Edge 2016 keeping tls secureEdge 2016 keeping tls secure
Edge 2016 keeping tls secureakamaidevrel
 
Gab17 lyon SQL on Linux - David BARBARIN
Gab17 lyon SQL on Linux - David BARBARINGab17 lyon SQL on Linux - David BARBARIN
Gab17 lyon SQL on Linux - David BARBARINAZUG FR
 
DDS Advanced Tutorial - OMG June 2013 Berlin Meeting
DDS Advanced Tutorial - OMG June 2013 Berlin MeetingDDS Advanced Tutorial - OMG June 2013 Berlin Meeting
DDS Advanced Tutorial - OMG June 2013 Berlin MeetingJaime Martin Losa
 
How to Protect your AWS Environment
How to Protect your AWS EnvironmentHow to Protect your AWS Environment
How to Protect your AWS EnvironmentLahav Savir
 
iRODS PAM OIDC Authentication flow
iRODS PAM OIDC Authentication flowiRODS PAM OIDC Authentication flow
iRODS PAM OIDC Authentication flowHarry Kodden
 
Airline reservation system
Airline reservation systemAirline reservation system
Airline reservation systemdwitigajab
 
How to protect your IoT data on AWS
How to protect your IoT data on AWSHow to protect your IoT data on AWS
How to protect your IoT data on AWSLahav Savir
 
WSO2Con 2011: Introduction to Stratos
WSO2Con 2011: Introduction to StratosWSO2Con 2011: Introduction to Stratos
WSO2Con 2011: Introduction to StratosAfkham Azeez
 
WSO2con 2011: Introduction to Stratos
WSO2con 2011: Introduction to StratosWSO2con 2011: Introduction to Stratos
WSO2con 2011: Introduction to StratosAfkham Azeez
 
Using an API Gateway for Microservices
Using an API Gateway for MicroservicesUsing an API Gateway for Microservices
Using an API Gateway for MicroservicesNGINX, Inc.
 
Distributed Airline Reservation System
Distributed Airline Reservation SystemDistributed Airline Reservation System
Distributed Airline Reservation Systemamanchaurasia
 
Как повысить доступность ЦОД? Введение в балансировщики трафика. Часть 2
Как повысить доступность ЦОД? Введение в балансировщики трафика. Часть 2Как повысить доступность ЦОД? Введение в балансировщики трафика. Часть 2
Как повысить доступность ЦОД? Введение в балансировщики трафика. Часть 2SkillFactory
 
Dynamic Service Chaining
Dynamic Service Chaining Dynamic Service Chaining
Dynamic Service Chaining Tail-f Systems
 
Debugging Your Debugging Tools: What to do When Your Service Mesh Goes Down
Debugging Your Debugging Tools: What to do When Your Service Mesh Goes DownDebugging Your Debugging Tools: What to do When Your Service Mesh Goes Down
Debugging Your Debugging Tools: What to do When Your Service Mesh Goes DownAspen Mesh
 
Scaling Your Logging Infrastructure With Syslog-NG
Scaling Your Logging Infrastructure With Syslog-NGScaling Your Logging Infrastructure With Syslog-NG
Scaling Your Logging Infrastructure With Syslog-NGAll Things Open
 
Scaling your logging infrastructure using syslog-ng
Scaling your logging infrastructure using syslog-ngScaling your logging infrastructure using syslog-ng
Scaling your logging infrastructure using syslog-ngPeter Czanik
 
How to Secure your Hybrid Enviroment - Pop-up Loft Tel Aviv
How to Secure your Hybrid Enviroment - Pop-up Loft Tel AvivHow to Secure your Hybrid Enviroment - Pop-up Loft Tel Aviv
How to Secure your Hybrid Enviroment - Pop-up Loft Tel AvivAmazon Web Services
 
LT04 IDNOG04 - Affan Basalamah (ITB) - Documenting your network
LT04 IDNOG04 - Affan Basalamah (ITB) - Documenting your networkLT04 IDNOG04 - Affan Basalamah (ITB) - Documenting your network
LT04 IDNOG04 - Affan Basalamah (ITB) - Documenting your networkIndonesia Network Operators Group
 

Semelhante a SysAdm: Simplifying FreeBSD Administration (20)

Edge 2016 keeping tls secure
Edge 2016 keeping tls secureEdge 2016 keeping tls secure
Edge 2016 keeping tls secure
 
Gab17 lyon SQL on Linux - David BARBARIN
Gab17 lyon SQL on Linux - David BARBARINGab17 lyon SQL on Linux - David BARBARIN
Gab17 lyon SQL on Linux - David BARBARIN
 
DDS Advanced Tutorial - OMG June 2013 Berlin Meeting
DDS Advanced Tutorial - OMG June 2013 Berlin MeetingDDS Advanced Tutorial - OMG June 2013 Berlin Meeting
DDS Advanced Tutorial - OMG June 2013 Berlin Meeting
 
How to Protect your AWS Environment
How to Protect your AWS EnvironmentHow to Protect your AWS Environment
How to Protect your AWS Environment
 
iRODS PAM OIDC Authentication flow
iRODS PAM OIDC Authentication flowiRODS PAM OIDC Authentication flow
iRODS PAM OIDC Authentication flow
 
Airline reservation system
Airline reservation systemAirline reservation system
Airline reservation system
 
How to protect your IoT data on AWS
How to protect your IoT data on AWSHow to protect your IoT data on AWS
How to protect your IoT data on AWS
 
FreeBSD and Hardening Web Server
FreeBSD and Hardening Web ServerFreeBSD and Hardening Web Server
FreeBSD and Hardening Web Server
 
WSO2Con 2011: Introduction to Stratos
WSO2Con 2011: Introduction to StratosWSO2Con 2011: Introduction to Stratos
WSO2Con 2011: Introduction to Stratos
 
WSO2con 2011: Introduction to Stratos
WSO2con 2011: Introduction to StratosWSO2con 2011: Introduction to Stratos
WSO2con 2011: Introduction to Stratos
 
Durkee apache 2009_v7
Durkee apache 2009_v7Durkee apache 2009_v7
Durkee apache 2009_v7
 
Using an API Gateway for Microservices
Using an API Gateway for MicroservicesUsing an API Gateway for Microservices
Using an API Gateway for Microservices
 
Distributed Airline Reservation System
Distributed Airline Reservation SystemDistributed Airline Reservation System
Distributed Airline Reservation System
 
Как повысить доступность ЦОД? Введение в балансировщики трафика. Часть 2
Как повысить доступность ЦОД? Введение в балансировщики трафика. Часть 2Как повысить доступность ЦОД? Введение в балансировщики трафика. Часть 2
Как повысить доступность ЦОД? Введение в балансировщики трафика. Часть 2
 
Dynamic Service Chaining
Dynamic Service Chaining Dynamic Service Chaining
Dynamic Service Chaining
 
Debugging Your Debugging Tools: What to do When Your Service Mesh Goes Down
Debugging Your Debugging Tools: What to do When Your Service Mesh Goes DownDebugging Your Debugging Tools: What to do When Your Service Mesh Goes Down
Debugging Your Debugging Tools: What to do When Your Service Mesh Goes Down
 
Scaling Your Logging Infrastructure With Syslog-NG
Scaling Your Logging Infrastructure With Syslog-NGScaling Your Logging Infrastructure With Syslog-NG
Scaling Your Logging Infrastructure With Syslog-NG
 
Scaling your logging infrastructure using syslog-ng
Scaling your logging infrastructure using syslog-ngScaling your logging infrastructure using syslog-ng
Scaling your logging infrastructure using syslog-ng
 
How to Secure your Hybrid Enviroment - Pop-up Loft Tel Aviv
How to Secure your Hybrid Enviroment - Pop-up Loft Tel AvivHow to Secure your Hybrid Enviroment - Pop-up Loft Tel Aviv
How to Secure your Hybrid Enviroment - Pop-up Loft Tel Aviv
 
LT04 IDNOG04 - Affan Basalamah (ITB) - Documenting your network
LT04 IDNOG04 - Affan Basalamah (ITB) - Documenting your networkLT04 IDNOG04 - Affan Basalamah (ITB) - Documenting your network
LT04 IDNOG04 - Affan Basalamah (ITB) - Documenting your network
 

Mais de Ken Moore

(OLF 2017) Lumina Rising: Challenging Desktop Orthodoxy
(OLF 2017) Lumina Rising: Challenging Desktop Orthodoxy(OLF 2017) Lumina Rising: Challenging Desktop Orthodoxy
(OLF 2017) Lumina Rising: Challenging Desktop OrthodoxyKen Moore
 
Lumina: A Fresh Approach to Desktops
Lumina: A Fresh Approach to DesktopsLumina: A Fresh Approach to Desktops
Lumina: A Fresh Approach to DesktopsKen Moore
 
Lumina: Lighting the way to the future
Lumina: Lighting the way to the futureLumina: Lighting the way to the future
Lumina: Lighting the way to the futureKen Moore
 
2015 bsd can-luminade
2015 bsd can-luminade2015 bsd can-luminade
2015 bsd can-luminadeKen Moore
 
2014 - Lumina DE Overview
2014 - Lumina DE Overview2014 - Lumina DE Overview
2014 - Lumina DE OverviewKen Moore
 
SELF 2014: PBI v10: Application Management Made Easy
SELF 2014: PBI v10: Application Management Made EasySELF 2014: PBI v10: Application Management Made Easy
SELF 2014: PBI v10: Application Management Made EasyKen Moore
 
2013 Ohio LinuxFest - Ports, Packages, and PBI's
2013 Ohio LinuxFest - Ports, Packages, and PBI's2013 Ohio LinuxFest - Ports, Packages, and PBI's
2013 Ohio LinuxFest - Ports, Packages, and PBI'sKen Moore
 
2013 Indiana LinuxFest - Getting Started With PC-BSD
2013 Indiana LinuxFest - Getting Started With PC-BSD2013 Indiana LinuxFest - Getting Started With PC-BSD
2013 Indiana LinuxFest - Getting Started With PC-BSDKen Moore
 

Mais de Ken Moore (8)

(OLF 2017) Lumina Rising: Challenging Desktop Orthodoxy
(OLF 2017) Lumina Rising: Challenging Desktop Orthodoxy(OLF 2017) Lumina Rising: Challenging Desktop Orthodoxy
(OLF 2017) Lumina Rising: Challenging Desktop Orthodoxy
 
Lumina: A Fresh Approach to Desktops
Lumina: A Fresh Approach to DesktopsLumina: A Fresh Approach to Desktops
Lumina: A Fresh Approach to Desktops
 
Lumina: Lighting the way to the future
Lumina: Lighting the way to the futureLumina: Lighting the way to the future
Lumina: Lighting the way to the future
 
2015 bsd can-luminade
2015 bsd can-luminade2015 bsd can-luminade
2015 bsd can-luminade
 
2014 - Lumina DE Overview
2014 - Lumina DE Overview2014 - Lumina DE Overview
2014 - Lumina DE Overview
 
SELF 2014: PBI v10: Application Management Made Easy
SELF 2014: PBI v10: Application Management Made EasySELF 2014: PBI v10: Application Management Made Easy
SELF 2014: PBI v10: Application Management Made Easy
 
2013 Ohio LinuxFest - Ports, Packages, and PBI's
2013 Ohio LinuxFest - Ports, Packages, and PBI's2013 Ohio LinuxFest - Ports, Packages, and PBI's
2013 Ohio LinuxFest - Ports, Packages, and PBI's
 
2013 Indiana LinuxFest - Getting Started With PC-BSD
2013 Indiana LinuxFest - Getting Started With PC-BSD2013 Indiana LinuxFest - Getting Started With PC-BSD
2013 Indiana LinuxFest - Getting Started With PC-BSD
 

Último

[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationSafe Software
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machinePadma Pradeep
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 3652toLead Limited
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxOnBoard
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersThousandEyes
 
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...HostedbyConfluent
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024Scott Keck-Warren
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Paola De la Torre
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j
 

Último (20)

[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machine
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptx
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
 
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
 

SysAdm: Simplifying FreeBSD Administration

  • 1. SysAdm:SysAdm: Simplifying FreeBSD AdministrationSimplifying FreeBSD Administration Ken Moore October 8th , 2016 Ohio Linux Fest
  • 2. October 8th , 2016 SysAdm: Simplifying FreeBSD Administration Page 2/18 IntroductionIntroduction ● New tool created by the TrueOS developers for administrating FreeBSD systems. ● Comes in three parts ● SysAdm Server (FreeBSD only) ● SysAdm Client (Cross-platform) ● SysAdm Bridge (still in development)
  • 3. October 8th , 2016 SysAdm: Simplifying FreeBSD Administration Page 3/18 SysAdm ServerSysAdm Server ● The server is the brains of the project, and is the “middleware” component used to facilitate the interactions between the user and the system. ● The binary can be run in two modes: a tcp/REST server, or a websocket/JSON server. Both modes can run at the same time on different sockets for multiple access methods. ● The server has no internal database. All information received from the server about the system and all changes to the system are performed directly on the system itself. This allows it to complement traditional SSH access/management of the system rather than work against it.
  • 4. October 8th , 2016 SysAdm: Simplifying FreeBSD Administration Page 4/18 SysAdm ServerSysAdm Server Auth/Blacklist Internal systems (SSL Keys, Proc Dispatcher) External Systems (Modular Design: easy to add or update) Send out replies Some Current “classes”: ● User Manager (pw) ● Service Manager (service) ● Firewall Manager (ipfw) ● IOCage Jails (iocage) ● IOHyve VM's (iohyve) ● Data Backup (lpreserver) ● Update Manager (pc-updatemanager) ● Package Manager (pkg) Full List available at: http://api.sysadm.us
  • 5. October 8th , 2016 SysAdm: Simplifying FreeBSD Administration Page 5/18 SysAdm Server: SecuritySysAdm Server: Security ● Latest TLS transport encryption (https or wss) ● Authentication via username/password OR external SSL public/private key pair ● Strict connection timeouts and blacklisting ● Priviledge separation between full/limited access to subsystems (wheel/operator groups) ● Ability to disable user/pass auth system, and allow pre-shared SSL key access only.
  • 6. October 8th , 2016 SysAdm: Simplifying FreeBSD Administration Page 6/18 SysAdm Server: Websocket vs RESTSysAdm Server: Websocket vs REST WebSocket ● Long-lived connection ● Pure JSON input/output ● Auth once with timeout or disconnection from inactivity. ● Spontaneous “events” can be obtained from the system for notifications or status updates REST ● Single-request connection ● Mixture of REST w/ JSON ● Auth with user/pass only, on every request
  • 7. October 8th , 2016 SysAdm: Simplifying FreeBSD Administration Page 7/18 SysAdm Server: Websocket vs RESTSysAdm Server: Websocket vs REST Websocket ● API Example Call: { “namespace” : “rpc”, “name”:”query”, “id”:”UniqueID”, “args”:{} } REST ● API Example Call: GET rpc/query <version> Authorization:<base64> {<JSON args>}
  • 8. October 8th , 2016 SysAdm: Simplifying FreeBSD Administration Page 8/18 SysAdm ClientSysAdm Client ● Graphical client written purely in Qt5 ● Fully cross-platform (FreeBSD, Windows, and OSX builds are automated right now) ● Multi-System Management: ● Setup connections to multiple SysAdm servers/systems ● Keep informed with regular system health checks ● Arrange logical “groups” of systems for ease of use in large deployments (Group management operations coming soon!) ● Localhost connections do not require internet access (TrueOS)
  • 9. October 8th , 2016 SysAdm: Simplifying FreeBSD Administration Page 9/18 SysAdm Client: SecuritySysAdm Client: Security ● Generate a unique SSL public/private key pair for the client. ● Uses secure websockets to talk to the servers (user/password required for first-time connection – SSL certs automatically registered and used after that). ● All client SSL certificates and keys are locked on the client system within an encrypted file. User-defined password required to unlock that file and initiate server connections. ● Export/Import your client settings across various client and operating systems while still fully-encrypted.
  • 10. October 8th , 2016 SysAdm: Simplifying FreeBSD Administration Page 10/18 SysAdm Client: ExamplesSysAdm Client: Examples ● Connection Manager ● Used to create client SSL keys and setup connections to servers. ● Tray Interface ● See messages and system information at a glance.
  • 11. October 8th , 2016 SysAdm: Simplifying FreeBSD Administration Page 11/18 SysAdm Client: ExamplesSysAdm Client: Examples ● Control Panel (main page) ● This lists all the various systems that the user has access to on the system. ● Many options (especially in the “utilities” category), will not appear unless the relevant utility is installed on the server.
  • 12. October 8th , 2016 SysAdm: Simplifying FreeBSD Administration Page 12/18 SysAdm Client: ExamplesSysAdm Client: Examples ● Package Manager (AppCafe) ● This is an interface to the pkg utility and database on the server. ● It allows the user to browse and search for packages, performs updates, [un]install packages, and check for security issues with the installed packages.
  • 13. October 8th , 2016 SysAdm: Simplifying FreeBSD Administration Page 13/18 SysAdm Client: ExamplesSysAdm Client: Examples ● Task Manager ● Basically a visual version of top on FreeBSD (without running top) ● View CPU usage and temperature per-core, overall memory usage, and individual process statistics (with the ability to kill processes as needed)
  • 14. October 8th , 2016 SysAdm: Simplifying FreeBSD Administration Page 14/18 SysAdm Client: ExamplesSysAdm Client: Examples ● Update Manager (pc-updatemanager) ● Check, View, and Manage updates on a TrueOS system. ● Uses ZFS w/ boot environments for safely performing changes without touching the live system.
  • 15. October 8th , 2016 SysAdm: Simplifying FreeBSD Administration Page 15/18 SysAdm Bridge (SysAdm Bridge (experimentalexperimental)) ● What about servers with dynamic addressing? ● What about servers behind a corporate firewall? ● The SysAdm bridge is an additional type of server designed to be run on a small, statically-assigned, publicly available system (such as a small VM in the cloud). Both servers and clients may be configured to “announce” themselves on a bridge, and make connections from there.
  • 16. October 8th , 2016 SysAdm: Simplifying FreeBSD Administration Page 16/18 SysAdm Bridge: SecuritySysAdm Bridge: Security ● The bridge is designed as a completely untrusted relay. Servers and clients use a completely separate SSL certificate when talking to a bridge to ensure the “real” one is never used for connecting to an unknown system. ● After connecting to a bridge, the server/client submit the MD5 of their real SSL certificate, and the bridge responds with the ID and location of the systems who listed that MD5 within their compatible certificate list.
  • 17. October 8th , 2016 SysAdm: Simplifying FreeBSD Administration Page 17/18 ConclusionsConclusions ● SysAdm is a new framework designed to assist in the administration of any number of FreeBSD/TrueOS systems. ● It does not replace years of “muscle memory” from system administrators who use SSH/terminal access for everything. Rather it is designed to come alongside and provide an alternate/easier way to perform many of those routine tasks. ● SysAdm is already used for all TrueOS systems (desktops and servers), and is constantly being improved with new API classes and corresponding client pages.
  • 18. October 8th , 2016 SysAdm: Simplifying FreeBSD Administration Page 18/18 Questions?Questions? ● Links for additional information https://api.sysadm.us (SysAdm API Reference) https://www.trueos.org (TrueOS Website)