Guide to DevSecOps

Appearance

Setting Up .NET on Ubuntu Server

This guide walks you through installing .NET on Ubuntu Server, configuring your development environment, and implementing security best practices.

1. Prerequisites

Before installing .NET, ensure your system is up to date:

bash
sudo apt update
sudo apt upgrade -y

2. Installing .NET SDK

Add Microsoft package repository

bash
wget https://packages.microsoft.com/config/ubuntu/$(lsb_release -rs)/packages-microsoft-prod.deb -O packages-microsoft-prod.deb
sudo dpkg -i packages-microsoft-prod.deb
rm packages-microsoft-prod.deb

Install .NET SDK

bash
sudo apt update
sudo apt install -y apt-transport-https
sudo apt install -y dotnet-sdk-9.0  # Change version as needed

Verify installation

bash
dotnet --version

3. Development Environment Setup

Install essential tools

bash
sudo apt install -y git

Configure VS Code Remote Development (Optional)

If developing remotely:

  1. Install VS Code on your local machine
  2. Install the "Remote Development" extension pack
  3. Connect to your Ubuntu server via SSH
  4. Install C# extension in the remote VS Code instance

Creating your first .NET project

bash
mkdir ~/dotnet-projects
cd ~/dotnet-projects
dotnet new console -n MyFirstApp
cd MyFirstApp
dotnet run

4. Installing .NET for Production Environments

When deploying to production servers, you should install only the .NET Runtime instead of the full SDK. This reduces the attack surface and resource usage.

Understanding Runtime vs SDK

  • SDK: Includes everything needed for development (compiler, tools, libraries)
  • Runtime: Contains only components needed to run applications

Add Microsoft package repository (if not already added)

bash
wget https://packages.microsoft.com/config/ubuntu/$(lsb_release -rs)/packages-microsoft-prod.deb -O packages-microsoft-prod.deb
sudo dpkg -i packages-microsoft-prod.deb
rm packages-microsoft-prod.deb

Install .NET Runtime

For console or worker applications:

bash
sudo apt update
sudo apt install -y apt-transport-https
sudo apt install -y dotnet-runtime-9.0  # Change version as needed

For web applications (ASP.NET Core):

bash
sudo apt update
sudo apt install -y apt-transport-https
sudo apt install -y aspnetcore-runtime-9.0  # Change version as needed

Verify installation

bash
dotnet --list-runtimes

Running applications in production

bash
cd /path/to/application
dotnet YourApplication.dll

For production deployment, consider using a service manager like systemd:

bash
sudo nano /etc/systemd/system/your-app.service

Example service file:

[Unit]
Description=.NET Web Application
After=network.target

[Service]
WorkingDirectory=/path/to/application
ExecStart=/usr/bin/dotnet /path/to/application/YourApplication.dll
Restart=always
# Restart service after 10 seconds if the dotnet service crashes
RestartSec=10
KillSignal=SIGINT
SyslogIdentifier=your-app
User=www-data
Environment=ASPNETCORE_ENVIRONMENT=Production

[Install]
WantedBy=multi-user.target

Enable and start the service:

bash
sudo systemctl enable your-app.service
sudo systemctl start your-app.service
sudo systemctl status your-app.service

5. Security Best Practices

Secure your application

  1. Keep .NET updated:

    bash
    sudo apt update
sudo apt upgrade

  2. Use HTTPS in production:

    • Always configure SSL/TLS certificates
    • Use Let's Encrypt for free certificates

  3. Implement proper authentication:

    • Use ASP.NET Core Identity for user management
    • Consider OAuth/OpenID Connect for enterprise applications

  4. Data protection:

    • Use Entity Framework parameterized queries to prevent SQL injection
    • Implement proper input validation
    • Use Data Protection API for sensitive information

  5. Secure Docker containers (if using containerization):

    bash
    # Run containers with limited privileges
docker run --security-opt=no-new-privileges my-dotnet-app

  6. Network security:

    • Configure firewall rules with UFW
    bash
    sudo ufw allow ssh
sudo ufw allow 443/tcp  # HTTPS
sudo ufw enable

Secret management

  1. Use user secrets during development:

    bash
    dotnet user-secrets init
dotnet user-secrets set "ConnectionStrings:DefaultConnection" "your-connection-string"

  2. In production, use environment variables or a vault solution:

    • Azure Key Vault
    • HashiCorp Vault
    • Docker secrets

5. Development Guidelines

Code organization

  • Follow the Model-View-Controller (MVC) pattern for web applications
  • Use Clean Architecture principles
  • Organize code into small, focused classes with single responsibilities

Testing

bash
# Create a test project
dotnet new xunit -n MyApp.Tests
# Add a reference to your main project
dotnet add MyApp.Tests/MyApp.Tests.csproj reference MyApp/MyApp.csproj

CI/CD setup

  • Consider using GitHub Actions or Azure DevOps for CI/CD pipelines
  • Automate testing, building, and deployment processes

Performance optimization

  • Use async/await for I/O operations
  • Implement caching where appropriate
  • Profile your application to identify bottlenecks

6. Additional Resources

7. Troubleshooting

Common issues and solutions:

  1. SSL certificate issues: Install libnss3-tools package
  2. Database connection problems: Check firewall settings and connection strings
  3. Permission issues: Review file ownership and permissions in your project directory