logo_mysql.gif

liber4e
 
 
 
 
 



GL275 - Enterprise Linux Networking Services

The GL275 is an expansive course that covers a wide range of network services useful to every organization. Special attention is paid to the concepts needed to implement these services securely, and to the trouble-shooting skills which will be necessary for real-world administration of these network services. Like all Guru Labs courses, the course material is designed to provide extensive hands-on experience. Topics include: Security with SELinux and Netfilter, DNS concepts and implementation with Bind; LDAP concepts and implementation using OpenLDAP; Web services with Apache; FTP with vsftpd; caching, filtering proxies with Squid; SMB/CIFS (Windows networking) with Samba; and e-mail concepts and implementation with Postfix combined with either Dovecot or Cyrus.

Current Version: J00

Prerequisites:

Students should already be comfortable with basic Linux or Unix administration. Fundamentals such as the Linux filesystem, process management, and how to edit files will not be covered in class. A good understanding of network concepts, the TCP/IP protocol suite is also assumed. These skills are taught in the GL120 "Linux Fundamentals" and GL250 "Enterprise Linux Systems Administration" courses.

Supported Distributions:

Red Hat Enterprise Linux 6

SUSE Linux Enterprise 11

Course Outline:

  1. Securing Services

    1. Xinetd

    2. Xinetd Connection Limiting and Access Control

    3. Xinetd: Resource limits, redirection, logging

    4. TCP Wrappers

    5. The /etc/hosts.allow & /etc/hosts.deny Files

    6. /etc/hosts.{allow,deny} Shortcuts

    7. Advanced TCP Wrappers

    8. Basic Firewall Activation

    9. Netfilter: Stateful Packet Filter Firewall

    10. Netfilter Concepts

    11. Using the iptables Command

    12. Netfilter Rule Syntax

    13. Targets

    14. Common match_specs

    15. Connection Tracking

    16. AppArmor

    17. SELinux Security Framework

    18. Choosing an SELinux Policy

    19. SELinux Commands

    20. SELinux Booleans

    21. SELinux Policy Tools

  2. Lab Tasks

    1. Securing xinetd Services

    2. Enforcing Security Policy with xinetd

    3. Securing Services with TCP Wrappers

    4. Securing Services with SuSEfirewall2

    5. Securing Services with Netfilter

    6. Troubleshooting Practice

    7. SELinux File Contexts

  3. DNS Concepts

    1. Naming Services

    2. DNS - A Better Way

    3. The Domain Name Space

    4. Delegation and Zones

    5. Server Roles

    6. Resolving Names

    7. Resolving IP Addresses

    8. Basic BIND Administration

    9. Configuring the Resolver

    10. Testing Resolution

  4. Lab Tasks

    1. Configuring a Slave Name Server

  5. Configuring BIND

    1. BIND Configuration Files

    2. named.conf Syntax

    3. named.conf Options Block

    4. Creating a Site-Wide Cache

    5. rndc Key Configuration

    6. Zones In named.conf

    7. Zone Database File Syntax

    8. SOA - Start of Authority

    9. A & PTR - Address & Pointer Records

    10. NS - Name Server

    11. CNAME & MX - Alias & Mail Host

    12. Abbreviations and Gotchas

    13. $GENERATE, $ORIGIN, and $INCLUDE

  6. Lab Tasks

    1. Use rndc to Control named

    2. Configuring BIND Zone Files

  7. Creating DNS Hierarchies

    1. Subdomains and Delegation

    2. Subdomains

    3. Delegating Zones

    4. in-addr.arpa. Delegation

    5. Issues with in-addr.arpa.

    6. RFC2317 & in-addr.arpa.

  8. Lab Tasks

    1. Create a Subdomain in an Existing Domain

    2. Subdomain Delegation

  9. Advanced BIND DNS Features

    1. Address Match Lists & ACLs

    2. Split Namespace with Views

    3. Restricting Queries

    4. Restricting Zone Transfers

    5. Running BIND in a chroot jail

    6. Dynamic DNS Concepts

    7. Allowing Dynamic DNS Updates

    8. DDNS Administration with nsupdate

    9. Common Problems

    10. Common Problems

    11. Securing DNS With TSIG

  10. Lab Tasks

    1. Configuring Dynamic DNS

    2. Securing BIND DNS

  11. LDAP Concepts and Clients

    1. LDAP: History and Uses

    2. LDAP: Data Model Basics

    3. LDAP: Protocol Basics

    4. LDAP: Applications

    5. LDAP: Search Filters

    6. LDIF: LDAP Data Interchange Format

    7. OpenLDAP Client Tools

    8. Alternative LDAP Tools

  12. Lab Tasks

    1. Querying LDAP

  13. OpenLDAP Servers

    1. Popular LDAP Server Implementations

    2. OpenLDAP: Server Architecture

    3. OpenLDAP: Backends

    4. OpenLDAP: Replication

    5. OpenLDAP: Configuration Options

    6. OpenLDAP: Configuration Sections

    7. OpenLDAP: Global Parameters

    8. OpenLDAP: Database Parameters

    9. OpenLDAP Server Tools

    10. Enabling LDAP-based Login

    11. System Security Services Daemon (SSSD)

  14. Lab Tasks

    1. Building An OpenLDAP Server

    2. Enabling TLS For An OpenLDAP Server

    3. Enabling LDAP-based Logins

  15. Using Apache

    1. HTTP Operation

    2. Apache Architecture

    3. Dynamic Shared Objects

    4. Adding Modules to Apache

    5. Apache Configuration Files

    6. httpd.conf - Server Settings

    7. httpd.conf - Main Configuration

    8. HTTP Virtual Servers

    9. Virtual Hosting DNS Implications

    10. httpd.conf - VirtualHost Configuration

    11. Port and IP based Virtual Hosts

    12. Name-based Virtual Host

    13. Apache Logging

    14. Log Analysis

    15. The Webalizer

  16. Lab Tasks

    1. Apache Architecture

    2. Apache Architecture

    3. Apache Content

    4. Apache Content

    5. Configuring Virtual Hosts

  17. Apache Security

    1. Virtual Hosting Security Implications

    2. Delegating Administration

    3. Directory Protection

    4. Directory Protection with AllowOverride

    5. Common Uses for .htaccess

    6. Symmetric Encryption Algorithms

    7. Asymmetric Encryption Algorithms

    8. Digital Certificates

    9. SSL Using mod_ssl.so

  18. Lab Tasks

    1. Using .htaccess Files

    2. Using .htaccess Files

    3. Using SSL Certificates with Apache

    4. Using SSL Certificates with Apache

    5. Use SNI and TLS with Virtual Hosts

  19. Apache Server-Side Scripting Administration

    1. Dynamic HTTP Content

    2. PHP: Hypertext Preprocessor

    3. Developer Tools for PHP

    4. Installing PHP

    5. Configuring PHP

    6. Securing PHP

    7. Security Related php.ini Configuration

    8. Java Servlets and JSP

    9. Apache's Tomcat

    10. Installing Java SDK

    11. Installing Tomcat Manually

    12. Using Tomcat with Apache

  20. Lab Tasks

    1. CGI Scripts in Apache

    2. CGI Scripts in Apache

    3. Apache's Tomcat

    4. Using Tomcat with Apache

    5. Installing Applications with Apache and Tomcat

  21. Implementing an FTP Server

    1. The FTP Protocol

    2. Active Mode FTP

    3. Passive Mode FTP

    4. ProFTPD

    5. Pure-FTPd

    6. vsftpd

    7. Configuring vsftpd

    8. Anonymous FTP with vsftpd

  22. Lab Tasks

    1. Configuring vsftpd

  23. The SQUID Proxy Server

    1. Squid Overview

    2. Squid File Layout

    3. Squid Access Control Lists

    4. Applying Squid ACLs

    5. Tuning Squid & Configuring Cache Hierarchies

    6. Bandwidth Metering

    7. Monitoring Squid

    8. Proxy Client Configuration

  24. Lab Tasks

    1. Installing and Configuring Squid

    2. Squid Cache Manager CGI

    3. Proxy Auto Configuration

    4. Configure a Squid Proxy Cluster

  25. Samba Concepts and Configuration

    1. Introducing Samba

    2. NetBIOS and NetBEUI

    3. Samba Daemons

    4. Accessing Windows/Samba Shares from Linux

    5. Samba Utilities

    6. Samba Configuration Files

    7. The smb.conf File

    8. Mapping Permissions and ACLs

    9. Mapping Linux Concepts

    10. Mapping Case Sensitivity

    11. Mapping Users

    12. Sharing Home Directories

    13. Sharing Printers

    14. Share Authentication

    15. Share-Level Access

    16. User-Level Access

    17. Samba Account Database

    18. User Share Restrictions

  26. Lab Tasks

    1. Samba Share-Level Access

    2. Samba User-Level Access

    3. Samba Group Shares

    4. Configuring Samba

    5. Samba Home Directory Shares

  27. SMTP Theory

    1. SMTP

    2. SMTP Terminology

    3. SMTP Architecture

    4. SMTP Commands

    5. SMTP Extensions

    6. SMTP AUTH

    7. SMTP STARTTLS

    8. SMTP Session

  28. Postfix

    1. Postfix Features

    2. Postfix Architecture

    3. Postfix Components

    4. Postfix Configuration

    5. master.cf

    6. main.cf

    7. Postfix Map Types

    8. Postfix Pattern Matching

    9. Advanced Postfix Options

    10. Virtual Domains

    11. Postfix Mail Filtering

    12. Configuration Commands

    13. Management Commands

    14. Postfix Logging

    15. Logfile Analysis

    16. chrooting Postfix

    17. Postfix, Relaying and SMTP AUTH

    18. SMTP AUTH Server and Relay Control

    19. SMTP AUTH Clients

    20. Postfix / TLS

    21. TLS Server Configuration

    22. Postfix Client Configuration for TLS

    23. Other TLS Clients

    24. Ensuring TLS Security

  29. Lab Tasks

    1. Configuring Postfix

    2. Postfix Virtual Host Configuration

    3. Postfix Network Configuration

    4. Postfix SMTP AUTH Configuration

    5. Postfix STARTTLS Configuration

    6. SUSE Postfix Configuration Cleanup

  30. Mail Services and Retrieval

    1. Filtering Email

    2. Procmail

    3. SpamAssassin

    4. Bogofilter

    5. amavisd-new Mail Filtering

    6. Accessing Email

    7. The IMAP4 Protocol

    8. Dovecot POP3/IMAP Server

    9. Cyrus IMAP/POP3 Server

    10. Cyrus IMAP MTA Integration

    11. Cyrus Mailbox Administration

    12. Fetchmail

    13. SquirrelMail

    14. Mailing Lists

    15. GNU Mailman

    16. Mailman Configuration

  31. Lab Tasks

    1. Configuring Procmail & SpamAssassin

    2. Configuring Cyrus IMAP

    3. Dovecot TLS Configuration

    4. Configuring SquirrelMail

    5. Base Mailman Configuration

    6. Basic Mailing List

    7. Private Mailing List

  1. Sendmail

    1. Sendmail Architecture

    2. Sendmail Components

    3. Sendmail Configuration

    4. Sendmail Remote Configuration

    5. Controlling Access

    6. Sendmail Mail Filter (milter)

    7. Configuring Sendmail SMTP AUTH

    8. Configuring SMTP STARTTLS

  2. Lab Tasks

    1. Configuring Sendmail

    2. Sendmail Network Configuration

    3. Sendmail Virtual Host Configuration

    4. Sendmail SMTP AUTH Configuration

    5. Sendmail STARTTLS Configuration

    6. SUSE Sendmail Configuration Cleanup

  3. NIS

    1. NIS Overview

    2. NIS Limitations and Advantages

    3. NIS Client Configuration

    4. NIS Server Configuration

    5. NIS Troubleshooting Aids

  4. Lab Tasks

    1. Using NIS for Centralized User Accounts

    2. Configuring NIS

    3. NIS Slave Server

    4. Troubleshooting Practice: NIS

 

Jose Nuno Neto
 
 
 
 
linux mysql
apache php