LANTEC Logo

GL275 - Enterprise Linux Networking Services

$2,495.00
5 days

Audience:

IT Professionals

Prerequisites:

Students should already be comfortable with basic Linux or Unix administration. Fundamentals such as the Linux filesystem, process management, and how to edit files will not be covered in class. A good understanding of network concepts, the TCP/IP protocol suite is also assumed. These skills are taught in the GL120 "Linux Fundamentals" and GL250 "Enterprise Linux Systems Administration" courses.

Description:

The GL275 is an expansive course that covers a wide range of network services useful to every organization. Special attention is paid to the concepts needed to implement these services securely, and to the trouble-shooting skills which will be necessary for real-world administration of these network services. Like all Guru Labs courses, the course material is designed to provide extensive hands-on experience. Topics include: Security with SELinux and Netfilter, DNS concepts and implementation with Bind; LDAP concepts and implementation using OpenLDAP; Web services with Apache; FTP with vsftpd; caching, filtering proxies with Squid; SMB/CIFS (Windows networking) with Samba; and e-mail concepts and implementation with Postfix combined with either Dovecot or Cyrus.

OUTLINE:

I. SECURING SERVICES

  • Xinetd
  • Xinetd Connection Limiting and Access Control
  • Xinetd: Resource limits, redirection, logging
  • TCP Wrappers
  • The /etc/hosts.allow &a /etc/hosts.deny Files
  • /etc/hosts.{allow,deny} Shortcuts
  • Advanced TCP Wrappers
  • SUSE Basic Firewall Configuration
  • FirewallD
  • Netfilter: Stateful Packet Filter Firewall
  • Netfilter Concepts
  • Using the iptables Command
  • Netfilter Rule Syntax
  • Targets
  • Common match_specs
  • Connection Tracking
Lab Tasks
  • Securing xinetd Services
  • Enforcing Security Policy with xinetd
  • Securing Services with TCP Wrappers
  • Securing Services with SuSEfirewall2
  • Securing Services with Netfilter
  • FirewallD
  • Troubleshooting Practice

II. SELINUX AND LSM

  • AppArmor
  • SELinux Security Framework
  • Choosing an SELinux Policy
  • SELinux Commands
  • SELinux Booleans
  • SELinux Policy Tools
Lab Tasks
  • Exploring AppArmor Modes
  • SELinux File Contexts

III. DNS CONCEPTS

  • Naming Services
  • DNS – A Better Way
  • The Domain Name Space
  • Delegation and Zones
  • Server Roles
  • Resolving Names
  • Resolving IP Addresses
  • Basic BIND Administration
  • Configuring the Resolver
  • Testing Resolution
Lab Tasks
  • Configuring a Slave Name Server

IV. CONFIGURING BIND

  • BIND Configuration Files
  • named.conf Syntax
  • named.conf Options Block
  • Creating a Site-Wide Cache
  • rndc Key Configuration
  • Zones In named.conf
  • Zone Database File Syntax
  • SOA – Start of Authority
  • A, AAAA, & PTR – Address & Pointer Records
  • NS – Name Server
  • TXT, CNAME, & MX – Text, Alias, & Mail Host
  • SRV – SRV Service Records
  • Abbreviations and Gotchas
  • $GENERATE, $ORIGIN, and $INCLUDE
Lab Tasks
  • Use rndc to Control named
  • Configuring BIND Zone Files

V. CREATING DNS HIERARCHIES

  • Subdomains and Delegation
  • Subdomains
  • Delegating Zones
  • in-addr.arpa. Delegation
  • Issues with in-addr.arpa.
  • RFC2317 & in-addr.arpa.
Lab Tasks
  • Create a Subdomain in an Existing Domain
  • Subdomain Delegation

VI. ADVANCED BIND DNS FEATURES

  • Address Match Lists & ACLs
  • Split Namespace with Views
  • Restricting Queries
  • Restricting Zone Transfers
  • Running BIND in a chroot
  • Dynamic DNS Concepts
  • Allowing Dynamic DNS Updates
  • DDNS Administration with nsupdate
  • Common Problems
  • Common Problems
  • Securing DNS With TSIG
Lab Tasks
  • Configuring Dynamic DNS
  • Securing BIND DNS

VII. USING APACHE

  • HTTP Operation
  • Apache Architecture
  • Dynamic Shared Objects
  • Adding Modules to Apache
  • Apache Configuration Files
  • httpd.conf – Server Settings
  • httpd.conf – Main Configuration
  • HTTP Virtual Servers
  • Virtual Hosting DNS Implications
  • httpd.conf – VirtualHost Configuration
  • Port and IP based Virtual Hosts
  • Name-based Virtual Host
  • Apache Logging
  • Log Analysis
  • The Webalizer
Lab Tasks
  • Apache Architecture
  • Apache Content
  • Configuring Virtual Hosts

VIII. APACHE SECURITY

  • Virtual Hosting Security Implications
  • Delegating Administration
  • Directory Protection
  • Directory Protection with AllowOverride
  • Common Uses for .htaccess
  • Symmetric Encryption Algorithms
  • Asymmetric Encryption Algorithms
  • Digital Certificates
  • TLS Using mod_ssl.so
Lab Tasks
  • Using .htaccess Files
  • Using TLS Certificates with Apache
  • Use SNI and TLS with Virtual Hosts

IX. APACHE SERVER-SIDE SCRIPTING ADMINISTRATION

  • Dynamic HTTP Content
  • PHP: Hypertext Preprocessor
  • Developer Tools for PHP
  • Installing PHP
  • Configuring PHP
  • Securing PHP
  • Security Related php.ini Configuration
  • Java Servlets and JSP
  • Apache's Tomcat
  • Installing Java SDK
  • Installing Tomcat Manually
  • Using Tomcat with Apache
Lab Tasks
  • CGI Scripts in Apache
  • Apache's Tomcat
  • Using Tomcat with Apache
  • Installing Applications with Apache and Tomcat

X. IMPLEMENTING AN FTP SERVER

  • The FTP Protocol
  • Active Mode FTP
  • Passive Mode FTP
  • ProFTPD
  • Pure-FTPd
  • vsftpd
  • Configuring vsftpd
  • Anonymous FTP with vsftpd
Lab Tasks
  • Configuring vsftpd

XI. THE SQUID PROXY SERVER

  • Squid Overview
  • Squid File Layout
  • Squid Access Control Lists
  • Applying Squid ACLs
  • Tuning Squid & Configuring Cache Hierarchies
  • Bandwidth Metering
  • Monitoring Squid
  • Proxy Client Configuration
Lab Tasks
  • Installing and Configuring Squid
  • Squid Cache Manager CGI
  • Proxy Auto Configuration
  • Configure a Squid Proxy Cluster

XII. SQL FUNDAMENTALS AND MARIADB

  • Popular SQL Databases
  • SELECT Statements
  • INSERT Statements
  • UPDATE Statements
  • DELETE Statements
  • JOIN Clauses
  • MariaDB
  • MariaDB Installation and Security
  • MariaDB User Account Management
  • MariaDB Replication
Lab Tasks
  • SQL with Sqlite3
  • Installing and Securing MariaDB
  • Creating a Database in MariaDB
  • Create a Database Backed Application

XIII. LDAP CONCEPTS AND CLIENTS

  • LDAP: History and Uses
  • LDAP: Data Model Basics
  • LDAP: Protocol Basics
  • LDAP: Applications
  • LDAP: Search Filters
  • LDIF: LDAP Data Interchange Format
  • OpenLDAP Client Tools
  • Alternative LDAP Tools
Lab Tasks
  • Querying LDAP

XIV. OPENLDAP SERVERS

  • Popular LDAP Server Implementations
  • OpenLDAP: Server Architecture
  • OpenLDAP: Backends
  • OpenLDAP: Replication
  • Managing slapd
  • OpenLDAP: Configuration Options
  • OpenLDAP: Configuration Sections
  • OpenLDAP: Global Parameters
  • OpenLDAP: Database Parameters
  • OpenLDAP Server Tools
  • Native LDAP Authentication and Migration
  • Enabling LDAP-based Login
  • System Security Services Daemon (SSSD)
Lab Tasks
  • Building An OpenLDAP Server
  • Enabling TLS For An OpenLDAP Server
  • Enabling LDAP-based Logins

XV. SAMBA CONCEPTS AND CONFIGURATION

  • Introducing Samba
  • NetBIOS and NetBEUI
  • Samba Daemons
  • Accessing Windows/Samba Shares from Linux
  • Samba Utilities
  • Samba Configuration Files
  • The smb.conf File
  • Mapping Permissions and ACLs
  • Mapping Linux Concepts
  • Mapping Users
  • Sharing Home Directories
  • Sharing Printers
  • Share Authentication
  • Share-Level Access
  • User-Level Access
  • Samba Account Database
  • User Share Restrictions
Lab Tasks
  • Samba Share-Level Access
  • Samba User-Level Access
  • Samba Group Shares
  • Handling Symbolic Links with Samba
  • Samba Home Directory Shares

XVI. SMTP THEORY

  • SMTP
  • SMTP Terminology
  • SMTP Architecture
  • SMTP Commands
  • SMTP Extensions
  • SMTP AUTH
  • SMTP STARTTLS
  • SMTP Session

XVII. POSTFIX

  • Postfix Features
  • Postfix Architecture
  • Postfix Components
  • Postfix Configuration
  • master.cf
  • main.cf
  • Postfix Map Types
  • Postfix Pattern Matching
  • Advanced Postfix Options
  • Virtual Domains
  • Postfix Mail Filtering
  • Configuration Commands
  • Management Commands
  • Postfix Logging
  • Logfile Analysis
  • Postfix, Relaying and SMTP AUTH
  • SMTP AUTH Server and Relay Control
  • SMTP AUTH Clients
  • Postfix / TLS
  • TLS Server Configuration
  • Postfix Client Configuration for TLS
  • Other TLS Clients
  • Ensuring TLS Security
Lab Tasks
  • Configuring Postfix
  • Postfix Virtual Host Configuration
  • Postfix Network Configuration
  • Postfix SMTP AUTH Configuration
  • Postfix STARTTLS Configuration
  • SUSE Postfix Configuration Cleanup

XVIII. MAIL SERVICES AND RETRIEVAL

  • Filtering Email
  • Procmail
  • SpamAssassin
  • Bogofilter
  • amavisd-new Mail Filtering
  • Accessing Email
  • The IMAP4 Protocol
  • Dovecot POP3/IMAP Server
  • Cyrus IMAP/POP3 Server
  • Cyrus IMAP MTA Integration
  • Cyrus Mailbox Administration
  • Fetchmail
  • Roundcube Webmail
  • Mailing Lists
  • GNU Mailman
  • Mailman Configuration
Lab Tasks
  • Configuring Procmail & SpamAssassin
  • Configuring Cyrus IMAP
  • Dovecot TLS Configuration
  • Configuring Roundcube
  • Base Mailman Configuration
  • Basic Mailing List
  • Private Mailing List

XIX. NIS

  • NIS Overview
  • NIS Limitations and Advantages
  • NIS Client Configuration
  • NIS Troubleshooting Aids
Lab Tasks
  • Using NIS for Centralized User Accounts
  • Configuring NIS
  • NIS Slave Server
  • NIS Failover
  • Troubleshooting Practice:  NIS

Scheduled Courses

Want to Take this Course on a Different Day?

LANTEC is very responsive to local client needs and unique or custom class demands. If you require a delivery date option for a class title on our schedule, please constact us. We can often accommodate countless additional courses NOT available on our public schedules, please inquire for personal assistance.

Baton Rouge (225) 293-0656
Lafayette (337) 233-2016
New Orleans (504) 576-1010