LCA2022 Sysadmin Miniconf Presentations
The abstracts for the presentations accepted for the Linux.Conf.Au 2022 Syadmin Miniconf are listed below.
The LCA2022 Sysadmin Miniconf Programme will contain the speaking order, and links to all the slides and videos from the speakers when those are available.
Presentation Titles
(Links sorted by presentation title; Abstracts below are sorted by first name of the first presenter.)
- Automation for the People: One man's journey to automate his homelab - Iain Dickson
- Avoiding DNS Pain - Kieran Jacobsen
- Learning about slightly more advanced networking with linux - Paul Warren
- MariaDB Database per user, on demand (aka systemd multi-instance socket activated) - Daniel Black
- On the Importance of Visibility - Allan Shone
- VMs + Containers = The Perfect Wedding - Sreejith Anujan
- “Why are they asking me to do this?” or Adventures in IR Land - Gyle dela Cruz
Full Abstracts
Orchestration technologies make it very easy to deploy services and ensure they're up and running under specific circumstances, does that mean that those services are always going to be running as expected and processing as required?
Especially when it comes to internal tooling for teams, and with the ease of orchestration, it can be easy to forget or forego any standard operating requirements for products. This can easily mean that these tools don't function, and without the right visibility we may never even know it.
This talk will take you on a journey through one such case and how it was discovered, with a little extra on the general way in which this situation can manifest itself. Ideally, with plenty of tips and thoughts on how to prevent this situation from arising again!
About Allan Shone:
Allan has been using linux since the late 90s, where he remembers picking up a RedHat disc on a magazine. He has long been a tinkerer and fan of automation, applying this in both is work and personal time. In the professional world Allan has been working with various linux distributions since 2006, helping colleagues and teams to best utilise their full capabilities.
Outside of work Allan likes to play games, typically with some flavour of strategy. When he can spend time with friends, this also extends to table top games (the online ones don't quite feel the same to play!). Watching others play is a great way to learn strategy too, especially when you've found yourself at a wall.
Allan's primary focus in recent years has been on enablement of others, in immediate teams and wider, sharing beyond whenever possible. Helping yourself learn you can understand quite a lot, helping many people you can begin a movement.
Noisy neighbours, security separation, per user resource constraints, 0 resources on idle, its all possible. Its not a cloud service, or containers, its a basic systemd service file with a small number of MariaDB server code changes.
In this talk I'll line up some usage scenarios, show the configurations options that are all small variants of the default packaging of MariaDB.
If there's time, I'll show the code, and show how easy it is to do for other service if interested.
Notes from talk: GIST of MariaDB notes
About Daniel Black:
Daniel is a MariaDB all rounder. He started doing as a DBA, and then starting fixing the bugs. On the journey to continue these multi-perspectives of the same product, he found a niche at the MariaDB Foundation as their Chief Innovation Officer. There he continues to drive improvements in the code, the user usage, and the ecosystem in-between.
Based on the X-Force Threat Intelligence Index 2021, last year saw an increase in new Linux malware families; hence 2020 was dubbed as the Year of the Linux threat. Threat actors that previously targeted Windows systems are now including Linux malware in their arsenal. If your system becomes the target and you have a full-blown incident, what do you do? If you’re unsure, join Gyle as she talks about how an Incident Response (IR) process unfolds and why your incident responder keeps asking you for certain artefacts.
About Gyle dela Cruz:
Gyle has a multi-cultural and multi-disciplinary background. She is passionate about contributing to the cyber security industry and wants to empower everyone in understanding how their actions can create a safer cyber world. Her day job as a Senior Security Consultant – Incident Response in the IBM X-Force IR team involves doing proactive and reactive work with different clients. She lives in Melbourne, Australia where the best coffee is available from the different cafes. She was part of the first cohort of the Project Friedman – a joint initiative of Australian Women in Security Network (AWSN) and Women Speak Cyber to encourage more women to speak in cyber security conferences. In her spare time, she mentors other people who are new to the field, presents in different cyber security events and volunteers with different organisations.
A lot of buzzwords now appear when you talk about modern system administration, and by extrapolation, running your own homelab. PaaS and IaaS, Infrastructure as Code, Continuous Integration and Continuous Development? Back in the old days when you built a homelab, you used to install Ubuntu Server on a box, setup KVM and you'd start running all your virtual machines... until something broke and you had to rebuild with a limited set of documentation in a text file on your desktop.
This talk relays the journey of an amateur home sysadmin, and his quest to build his homelab in an automated fashion (and to support his OCD around system configurations). We discuss the use of Docker, Packer, Ansible and Vault, and how their powers combined can be brought together to automatically build a Docker host with all the support infrastructure you could possibly want.
About Iain Dickson:
Iain is the Full Spectrum Cyber lead for Leidos Australia, and provides oversight and support to all of Leidos' AU programs for technical cyber security. He is currently the Chief Cyber Architect for a program which provides a Security Operations capability to a Federal Government Department. He has previously worked as a Cyber Research Engineer and as an Assistant Director for Cyber Threat Intelligence within the Federal Government. He is also one of the founders of ComfyCon AU, a virtual conference founded as a direct response to the cancellation of cyber security conferences due to the COVID-19 pandemic.
In every organisation DNS is a critical system, but it rarely gets the attention that it deserves. We rely on DNS for the smooth operation of our businesses; if your customers can’t reach your website or email you, then your business is effectively cut-off. Organisations will keep disaster recovery plans and business continuity procedures for their corporate websites, mail servers and internal systems; but how many of these plans and procedures include DNS?
Over the past few years, attacks against DNS have been on the rise. These attacks may be direct attacks against DNS server software; but they can also come from compromised credentials or DNS zone misconfigurations such as dangling DNS entries.
In this session, I am going to walk through performing a DNS maturity assessment and how you can improve the management of DNS with tools like DNSControl.
About Kieran Jacobsen:
Kieran Jacobsen (he/him) recently joined Phocas Software as the Head of Business Systems. Kieran combines his passion for business process automation, systems integration, and cybersecurity to help organisations rapidly grow and evolve.
Kieran’s involvement in the technology community has seen him present at Microsoft’s Ignite the Tour, NDC Sydney, and CrikeyCon. Kieran is well known for his security focused presentations that blend real-world examples and storytelling.
Microsoft has recognised Kieran’s contributions to the community by awarding him with their Most Valuable Professional since 2017. Kieran is also a member of the GitKraken Ambassador Program.
Kieran lives in Melbourne, Australia with his Husband, and Burmese cat. In his spare time, Kieran enjoys computer games, Dungeons & Dragons, boardgames and Melbourne’s amazing food culture.
Did you know linux has the capability to be a proper router? Curious about VLANs, OSPF, BGP and other networking acronym's you've not looked into? Here's a few pointers on what that all means, how to build a proper router with linux, why use a 'real' one and some tools and techniques for learning about these things on the way.
About Paul Warren:
Paul has worked as a linux sysadmin for over 15 years, starting at a university supercomputer facility and moving into private enterprise and currently as a contractor to a federal government department, he has too many hobbies to mention, the main ones being coffee roasting, woodwork, mucking around with networks and amateur radio.
In the Linux world, there are many ways that you can setup and configure your systems. There are at least 10 configuration orchestration tools out there. To name a few: ansible, cfengine, pupper, chef, salt and many others.
When I first started learning Linux, I did my configuration with bash scripts + ssh. Then I crank up to cfengine, and try to be puppet master. Finally, I ended up playing with ansible and living with it since then.
In this 30 minute talk, I will share my Ansible journey, from shell script to galaxy, with some examples and demo.
About Ser Heang TAN:
Linux geek on the loose
$ whoami
> I am a Linux user, Linux Infrastructure maintainer, system tuner and problem-solver, who worked with Linux in Enterprise environment, especially Red Hat Enterprise Linux, with various open source technologies such as ansible, git, glances/nagios/shinken and etc. I am not (yet) Linux expert, but I am Linux enthusiasm who always ready to learn new technologies and take up new challenges.
> I had been sharpening my skills as Linux System administrator/engineer since 2000. I always enjoy system automation, so started with bash scripts configuration, then work with cfengine, and later spent a little time trying to be puppet master (but never a chef), and finally settle down to play with ansible.
> Beside automation, enjoy doing application containerization with apptainer (previously known as singularity). Lately I am evolving toward security and hardening as part of my current role to implement ACSC Essential 8.
> When I am not wearing my geek hat, I enjoyed watching Anime/Cartoon/Movies, building Lego sets and playing some board games with my kids :D
Most organizations have a large investment in VMs, the applications they run, and the infrastructure and processes that manage and maintain them. An all-or-nothing approach to modernizing applications on containers is often not feasible and too slow. Kubevirt allows for an immediate, calculated path to modernization for VM workloads. You can proactively move applications now and manage them side-by-side with the latest innovations in Kubernetes and other open-source cloud-native technologies. OpenShift virtualization is also the perfect solution for developers challenged with supporting applications and VMs that will never be converted to containers due to complexity or time-boxed shelf life. These can continue to run as VMs until they can be re-platformed for containers or they reach their natural end of life.
In this 30 minute presentation, see a live demonstration of deploying VMs and Containers with Kubevirt.
Agenda
- Deployment of Kubevirt/OpenShift Virtualization
- Deploy a VM and Application Containers
- Connecting to the newly deployed VM
- Configuring external access to VM
About Sreejith Anujan:
Sreejith Anujan is a cloud technology professional with more than 15 years of experience in on-premise data center solutions and 10 years with public cloud providers. He enjoys working with customers on their enablement plans to upskill the technical team on container and automation tooling. In his current role as a Principal Instructor within Red Hat, Sreejith is responsible for designing and delivering custom & tailored technology training and workshops to strategic customers across the Asia Pacific region.