GL275 - Enterprise Linux Networking Services

Start Date Time Days Price GTR Availability
November 06, 2017 10:00 (EST) 5 $2,660.00 Register

About this course

The GL275 is an expansive course that covers a wide range of network services useful to every organization. Special attention is paid to the concepts needed to implement these services securely, and to the trouble-shooting skills which will be necessary for real-world administration of these network services. Like all Guru Labs courses, the course material is designed to provide extensive hands-on experience. Topics include: Security with SELinux and Netfilter, DNS concepts and implementation with Bind; LDAP concepts and implementation using OpenLDAP; Web services with Apache; FTP with vsftpd; caching, filtering proxies with Squid; SMB/CIFS (Windows networking) with Samba; and e-mail concepts and implementation with Postfix combined with either Dovecot or Cyrus.

Current Version: H00

 

Prerequisites:

Students should already be comfortable with basic Linux or Unix administration. Fundamentals such as the Linux filesystem, process management, and how to edit files will not be covered in class. A good understanding of network concepts, the TCP/IP protocol suite is also assumed. These skills are taught in the GL120 “Linux Fundamentals”and GL250 “Enterprise Linux Systems Administration”courses.

Supported Distributions:

Red Hat Enterprise Linux 6

SUSE Linux Enterprise 11

Detailed Course Outline:

1.   Securing Services

1.    Xinetd

2.    Xinetd Connection Limiting and Access Control

3.    Xinetd: Resource limits, redirection, logging

4.    TCP Wrappers

5.    The /etc/hosts.allow & /etc/hosts.deny Files

6.    /etc/hosts.{allow,deny} Shortcuts

7.    Advanced TCP Wrappers

8.    Basic Firewall Activation

9.    Netfilter: Stateful Packet Filter Firewall

10.Netfilter Concepts

11.Using the iptables Command

12.Netfilter Rule Syntax

13.Targets

14.Common match_specs

15.Connection Tracking

16.AppArmor

17.SELinux Security Framework

18.Choosing an SELinux Policy

19.SELinux Commands

20.SELinux Booleans

21.Graphical SELinux Policy Tools

Lab Tasks

22.Securing xinetd Services

23.Enforcing Security Policy with xinetd

24.Securing Services with TCP Wrappers

25.Securing Services with SuSEfirewall2

26.Securing Services with Netfilter

27.Troubleshooting Practice

28.SELinux File Contexts

2.   DNS Concepts

1.    Naming Services

2.    DNS – A Better Way

3.    The Domain Name Space

4.    Delegation and Zones

5.    Server Roles

6.    Resolving Names

7.    Resolving IP Addresses

8.    Basic BIND Administration

9.    Configuring the Resolver

10.Testing Resolution

Lab Tasks

11.Configuring a Slave Name Server

3.   Configuring BIND

1.    BIND Configuration Files

2.    named.conf Syntax

3.    named.conf Options Block

4.    Creating a Site-Wide Cache

5.    rndc Key Configuration

6.    Zones In named.conf

7.    Zone Database File Syntax

8.    SOA – Start of Authority

9.    A & PTR – Address & Pointer Records

10.NS – Name Server

11.CNAME & MX – Alias & Mail Host

12.Abbreviations and Gotchas

13.$ORIGIN and $GENERATE

Lab Tasks

14.Use rndc to Control named

15.Configuring BIND Zone Files

4.   Creating DNS Hierarchies

1.    Subdomains and Delegation

2.    Subdomains

3.    Delegating Zones

4.    in-addr.arpa. Delegation

5.    Issues with in-addr.arpa.

6.    RFC2317 & in-addr.arpa.

Lab Tasks

7.    Create a Subdomain in an Existing Domain

8.    Subdomain Delegation

5.   Advanced BIND DNS Features

1.    Address Match Lists & ACLs

2.    Split Namespace with Views

3.    Restricting Queries

4.    Restricting Zone Transfers

5.    Running BIND in a chroot jail

6.    Dynamic DNS Concepts

7.    Allowing Dynamic DNS Updates

8.    DDNS Administration with nsupdate

9.    Common Problems

10.Common Problems

11.Securing DNS With TSIG

Lab Tasks

12.Configuring Dynamic DNS

13.Securing BIND DNS

6.   LDAP Concepts and Clients

1.    LDAP: History and Uses

2.    LDAP: Data Model Basics

3.    LDAP: Protocol Basics

4.    LDAP: Applications

5.    LDAP: Search Filters

6.    LDIF: LDAP Data Interchange Format

7.    OpenLDAP Client Tools

8.    Alternative LDAP Tools

Lab Tasks

9.    Querying LDAP

7.   OpenLDAP Servers

1.    Popular LDAP Server Implementations

2.    OpenLDAP: Server Architecture

3.    OpenLDAP: Backends

4.    OpenLDAP: Replication

5.    OpenLDAP: Configuration Options

6.    OpenLDAP: Configuration Sections

7.    OpenLDAP: Global Parameters

8.    OpenLDAP: Database Parameters

9.    OpenLDAP Server Tools

10.Enabling LDAP-based Login

11.System Security Services Daemon (SSSD)

Lab Tasks

12.Building An OpenLDAP Server

13.Enabling TLS For An OpenLDAP Server

14.Enabling LDAP-based Logins

8.   Using Apache

1.    HTTP Operation

2.    Apache Architecture

3.    Dynamic Shared Objects

4.    Adding Modules to Apache

5.    Apache Configuration Files

6.    httpd.conf – Server Settings

7.    httpd.conf – Main Configuration

8.    HTTP Virtual Servers

9.    Virtual Hosting DNS Implications

10.httpd.conf – VirtualHost Configuration

11.Port and IP based Virtual Hosts

12.Name-based Virtual Host

13.Apache Logging

14.Log Analysis

15.The Webalizer

Lab Tasks

16.Apache Architecture

17.Apache Architecture

18.Apache Content

19.Apache Content

20.Configuring Virtual Hosts

9.   Apache Security

1.    Virtual Hosting Security Implications

2.    Delegating Administration

3.    Directory Protection

4.    Directory Protection with AllowOverride

5.    Common Uses for .htaccess

6.    Symmetric Encryption Algorithms

7.    Asymmetric Encryption Algorithms

8.    Digital Certificates

9.    SSL Using mod_ssl.so

Lab Tasks

10.Using .htaccess Files

11.Using .htaccess Files

12.Using SSL Certificates with Apache

10.Apache Server-Side Scripting Administration

1.    Dynamic HTTP Content

2.    PHP: Hypertext Preprocessor

3.    Developer Tools for PHP

4.    Installing PHP

5.    Configuring PHP

6.    Securing PHP

7.    Security Related php.ini Configuration

8.    Java Servlets and JSP

9.    Apache’s Tomcat

10.Installing Java SDK

11.Installing Tomcat Manually

12.Using Tomcat with Apache

Lab Tasks

13.CGI Scripts in Apache

14.CGI Scripts in Apache

15.Apache’s Tomcat

16.Using Tomcat with Apache

17.Installing Applications with Apache and Tomcat

11.Implementing an FTP Server

1.    The FTP Protocol

2.    Active Mode FTP

3.    Passive Mode FTP

4.    ProFTPD

5.    Pure-FTPd

6.    vsftpd

7.    Configuring vsftpd

8.    Anonymous FTP with vsftpd

Lab Tasks

9.    Configuring vsftpd

12.The SQUID Proxy Server

1.    Squid Overview

2.    Squid File Layout

3.    Squid Access Control Lists

4.    Applying Squid ACLs

5.    Tuning Squid & Configuring Cache Hierarchies

6.    Bandwidth Metering

7.    Monitoring Squid

8.    Proxy Client Configuration

Lab Tasks

9.    Installing and Configuring Squid

10.Squid Cache Manager CGI

11.Proxy Auto Configuration

12.Configure a Squid Proxy Cluster

13.Samba Concepts and Configuration

1.    Introducing Samba

2.    Samba Daemons

3.    NetBIOS and NetBEUI

4.    Accessing Windows/Samba Shares from Linux

5.    Samba Utilities

6.    Samba Configuration Files

7.    The smb.conf File

8.    Mapping Permissions and ACLs

9.    Mapping Linux Concepts

10.Mapping Case Sensitivity

11.Mapping Users

12.Sharing Home Directories

13.Sharing Printers

14.Share Authentication

15.Share-Level Access

16.User-Level Access

17.Samba Account Database

18.User Share Restrictions

Lab Tasks

19.Samba Share-Level Access

20.Samba User-Level Access

21.Samba Group Shares

22.Configuring Samba

23.Samba Home Directory Shares

14.SMTP Theory

1.    SMTP

2.    SMTP Terminology

3.    SMTP Architecture

4.    SMTP Commands

5.    SMTP Extensions

6.    SMTP AUTH

7.    SMTP STARTTLS

8.    SMTP Session

15.Postfix

1.    Postfix Features

2.    Postfix Architecture

3.    Postfix Components

4.    Postfix Configuration

5.    master.cf

6.    main.cf

7.    Postfix Map Types

8.    Postfix Pattern Matching

9.    Advanced Postfix Options

10.Virtual Domains

11.Postfix Mail Filtering

12.Configuration Commands

13.Management Commands

14.Postfix Logging

15.Logfile Analysis

16.chrooting Postfix

17.Postfix, Relaying and SMTP AUTH

18.SMTP AUTH Server and Relay Control

19.SMTP AUTH Clients

20.Postfix / TLS

21.TLS Server Configuration

22.Postfix Client Configuration for TLS

23.Other TLS Clients

24.Ensuring TLS Security

Lab Tasks

25.Configuring Postfix

26.Postfix Network Configuration

27.Postfix Virtual Host Configuration

28.Postfix SMTP AUTH Configuration

29.Postfix STARTTLS Configuration

30.SUSE Postfix Configuration Cleanup

16.Mail Services and Retrieval

1.    Filtering Email

2.    Procmail

3.    SpamAssassin

4.    Bogofilter

5.    amavisd-new Mail Filtering

6.    Accessing Email

7.    The IMAP4 Protocol

8.    Dovecot POP3/IMAP Server

9.    Cyrus IMAP/POP3 Server

10.Cyrus IMAP MTA Integration

11.Cyrus Mailbox Administration

12.Fetchmail

13.SquirrelMail

14.Mailing Lists

15.GNU Mailman

16.Mailman Configuration

Lab Tasks

17.Configuring Procmail & SpamAssassin

18.Configuring Cyrus IMAP

19.Dovecot TLS Configuration

20.Configuring SquirrelMail

21.Base Mailman Configuration

22.Basic Mailing List

23.Private Mailing List

A.   Sendmail

1.    Sendmail Architecture

2.    Sendmail Components

3.    Sendmail Configuration

4.    Sendmail Remote Configuration

5.    Controlling Access

6.    Sendmail Mail Filter (milter)

7.    Configuring Sendmail SMTP AUTH

8.    Configuring SMTP STARTTLS

Lab Tasks

9.    Configuring Sendmail

10.Sendmail Network Configuration

11.Sendmail Virtual Host Configuration

12.Sendmail SMTP AUTH Configuration

13.Sendmail STARTTLS Configuration

14.SUSE Sendmail Configuration Cleanup

B.   NIS

1.    NIS Overview

2.    NIS Limitations and Advantages

3.    NIS Client Configuration

4.    NIS Server Configuration

5.    NIS Troubleshooting Aids

Lab Tasks

6.    Configuring NIS

7.    NIS Slave Server