Enterprise Linux Network Services
CLASS DATE(s):
Request a Class

COURSE LENGTH: 5 Days

COURSE COST: $2495.00

COURSE TIMES: 9:00am - 4:30pm

Printable version of this course
print

COURSE OVERVIEW

This is an expansive course that covers a wide range of network services useful to every organization. Special attention is paid to the concepts needed to implement these services securely, and to the trouble-shooting skills which will be necessary for real-world administration of these network services. Like all our classes, the course material is designed to provide extensive hands-on experience.
Topics include:

  • Security with SELinux and Netfilter, DNS concepts and implementation with Bind
  • LDAP concepts and implementation using OpenLDAP; Web services with Apache
  • FTP with vsftpd; caching, filtering proxies with Squid
  • SMB/CIFS (Windows networking) with Samba
  • E-mail concepts and implementation with Postfix combined with either Dovecot or Cyrus.


AUDIENCE AND PREREQUISITES

Students should already be comfortable with basic Linux or Unix administration. Fundamentals such as the Linux filesystem, process management, and how to edit files will not be covered in class. A good understanding of network concepts, the TCP/IP protocol suite is also assumed. These skills are taught in the GL120 "Linux Fundamentals" and GL250 "Enterprise Linux Systems Administration" courses.

Supported Distributions:

  • Red Hat Enterprise Linux 6
  • SUSE Linux Enterprise 11

PREREQUISITE COURSESFOLLOW UP COURSES  

*Course Cost listed does not include the cost of courseware or lunch. Course is subject to minimum enrollment. Course may run virtually as a Live Distance Learning class if minimum enrollment is not met.

COURSE TOPICS:


Module 1. Securing Services
Xinetd
Xinetd Connection Limiting and Access Control
Xinetd: Resource limits, redirection, logging
TCP Wrappers
The /etc/hosts.allow & /etc/hosts.deny Files
/etc/hosts.{allow,deny} Shortcuts
Advanced TCP Wrappers
SUSE Basic Firewall Configuration
FirewallD
Netfilter Concepts
Using the iptables Command
Targets

Module 2: SELINUX And LSM
AppArmor
SELinux Security Framework
Choosing an SELinux Policy
SELinux Commands
SELinux Booleans
SELinux Policy Tools

Module 3: DNS Concepts
Naming Services
DNS A Better Way
The Domain Name Space
Delegation and Zones
Server Roles
Resolving Names
Resolving IP Addresses
Basic BIND Administration
Configuring the Resolver
Testing Resolution

Module 4: Configuring BIND
BIND Configuration Files
named.conf Syntax
named.conf Options Block
Creating a Site-Wide Cache
rndc Key Configuration
Zones In named.conf
Zone Database File Syntax
SOA Start of Authority
A, AAAA, & PTR Address & Pointer Records
NS Name Server
TXT, CNAME, & MX Text, Alias, & Mail Host
Abbreviations and Gotchas

Module 5: Creating DNS Hierarchies
Subdomains and Delegation
Subdomains
Delegating Zones
in-addr.arpa. Delegation
Issues with in-addr.arpa.
RFC2317 & in-addr.arpa.

Module 6: Advanced BIND DNS Features
Address Match Lists & ACLs
Split Namespace with Views
Restricting Queries
Restricting Zone Transfers
Running BIND in a chroot
Dynamic DNS Concepts
Allowing Dynamic DNS Updates
DDNS Administration with nsupdate
Common Problems
Securing DNS With TSIG

Module 7: Using Apache
HTTP Operation
Apache Architecture
Dynamic Shared Objects
Adding Modules to Apache
Apache Configuration Files
httpd.conf Server Settings
HTTP Virtual Servers
Virtual Hosting DNS Implications
Port and IP based Virtual Hosts
Name-based Virtual Host
Log Analysis
The Webalizer

Module 8: Apache Security
Virtual Hosting Security Implications
Delegating Administration
Directory Protection
Directory Protection with AllowOverride
Common Uses for .htaccess
Symmetric Encryption Algorithms
Asymmetric Encryption Algorithms
Digital Certificates
TLS Using mod_ssl.so

Module 9: Apache Security
Dynamic HTTP Content
PHP: Hypertext Preprocessor
Developer Tools for PHP
Installing PHP
Configuring PHP
Securing PHP
Security Related php.ini Configuration
Java Servlets and JSP
Apache's Tomcat
Installing Java SDK
Installing Tomcat Manually
Using Tomcat with Apache

Module 10: Implementing an FTP Server
The FTP Protocol
Active Mode FTP
Passive Mode FTP
ProFTPD
Pure-FTPd
vsftpd
Configuring vsftpd
Anonymous FTP with vsftpd

Module 11: The Squid Proxy Server
Squid Overview
Squid File Layout
Squid Access Control Lists
Applying Squid ACLs
Tuning Squid & Configuring Cache Hierarchies
Bandwidth Metering
Monitoring Squid
Proxy Client Configuration

Module 12: SQL Fundamentals and MariaDB
Popular SQL Databases
SELECT Statements
INSERT Statements
UPDATE Statements
DELETE Statements
JOIN Clauses
MariaDB
MariaDB Installation and Security
MariaDB User Account Management
MariaDB Replication

Module 13: LDAP Cconcepts and Clients
LDAP: History and Uses
LDAP: Data Model Basics
LDAP: Protocol Basics
LDAP: Applications
LDAP: Search Filters
LDIF: LDAP Data Interchange Format
OpenLDAP Client Tools
Alternative LDAP Tools

Module 14: OpenLDAP Servers
Popular LDAP Server Implementations
OpenLDAP: Server Architecture
OpenLDAP: Backends
OpenLDAP: Replication
Managing slapd
OpenLDAP: Configuration Sections
OpenLDAP: Global Parameters
OpenLDAP: Database Parameters
OpenLDAP Server Tools
Native LDAP Authentication and Migration
Enabling LDAP-based Login
System Security Services Daemon (SSSD)

Module 15: Samba Concepts and Configuration
Introducing Samba
NetBIOS and NetBEUI
Samba Daemons
Accessing Windows/Samba Shares from Linux
Samba Utilities
Samba Configuration Files
Mapping Permissions and ACLs
Mapping Linux Concepts
Share Authentication
User-Level Access
Samba Account Database
User Share Restrictions

Module 16: SMTP Theory
SMTP
SMTP Terminology
SMTP Architecture
SMTP Commands
SMTP Extensions
SMTP AUTH
SMTPSTARTTLS
SMTP Session

Module 17: Postfix
Postfix Components
Postfix Configuration
Postfix Map Types
Virtual Domains
Configuration Commands
Postfix Logging
Logfile Analysis
Postfix, Relaying and SMTP AUTH
SMTP AUTH Server and Relay Control
Postfix / TLS
TLS Server Configuration
Ensuring TLS Security

Module 18: Mail Services and Retrieval
Filtering Email
Procmail
SpamAssassin
Bogofilter
Dovecot POP3/IMAP Server
Cyrus IMAP/POP3 Server
Cyrus IMAP MTA Integration
Cyrus Mailbox Administration
Fetchmail
Roundcube Webmail
GNU Mailman
Mailman Configuration