Enterprise Linux Network Services

 

 

 

Enterprise Linux Network Services Training Class Summary

This 5 day expansive course covers a wide range of network services useful to every organization. Special attention is paid to the concepts needed to implement these services securely, and to the trouble-shooting skills which will be necessary for real-world administration of these network services. The course material is designed to provide extensive hands-on experience. Topics include: Security with SELinux and Netfilter, DNS concepts and implementation with Bind; LDAP concepts and implementation using OpenLDAP; Web services with Apache; FTP with vsftpd; caching, filtering proxies with Squid; SMB/CIFS (Windows networking) with Samba; and e-mail concepts and implementation with Postfix combined with either Dovecot or Cyrus.

Audience: Experienced Linux system administrators needing to set up or manage secure, enterprise-level network servers.

Prerequisites: Students should already be comfortable with basic Linux or UNIX administration, and have a good understanding of network concepts, the TCP/IP protocol suite is also assumed.

Class Length: 5 days

Enterprise Linux Network Services Training Class Detailed Outline
  1. Securing Services
    • Xinetd
    • Xinetd Connection Limiting and Access Control
    • Xinetd: Resource limits, redirection, logging
    • TCP Wrappers
    • The /etc/hosts.allow & /etc/hosts.deny Files
    • /etc/hosts.{allow,deny} Shortcuts
    • Advanced TCP Wrappers
    • Basic Firewall Activation
    • Netfilter: Stateful Packet Filter Firewall
    • Netfilter Concepts
    • Using the iptables Command
    • Netfilter Rule Syntax
    • Targets
    • Common match_specs
    • Connection Tracking
    • AppArmor
    • SELinux Security Framework
    • Choosing an SELinux Policy
    • SELinux Commands
    • SELinux Booleans
    • Graphical SELinux Policy Tools
  2. DNS Concepts
    • Naming Services
    • DNS - A Better Way
    • The Domain Name Space
    • Delegation and Zones
    • Server Roles
    • Resolving Names
    • Resolving IP Addresses
    • Basic BIND Administration
    • Configuring the Resolver
    • Testing Resolution
  3. Configuring Bind
    • BIND Configuration Files
    • named.conf Syntax
    • named.conf Options Block
    • Creating a Site-Wide Cache
    • rndc Key Configuration
    • Zones In named.conf
    • Zone Database File Syntax
    • SOA - Start of Authority
    • A & PTR - Address & Pointer Records
    • NS - Name Server
    • CNAME & MX - Alias & Mail Host
    • Abbreviations and Gotchas
    • $ORIGIN and $GENERATE
  4. Creating DNS Hierarchies
    • Subdomains and Delegation
    • Subdomains
    • Delegating Zones
    • in-addr.arpa. Delegation
    • Issues with in-addr.arpa.
    • RFC2317 & in-addr.arpa.
  5. Advanced Bind DNS Features
    • Address Match Lists & ACLs
    • Split Namespace with Views
    • Restricting Queries
    • Restricting Zone Transfers
    • Running BIND in a chroot jail
    • Dynamic DNS Concepts
    • Allowing Dynamic DNS Updates
    • DDNS Administration with nsupdate
    • Common Problems
    • Common Problems
    • Securing DNS with TSIG
  6. LDAP Concepts and Clients
    • LDAP: History and Uses
    • LDAP: Data Model Basics
    • LDAP: Protocol Basics
    • LDAP: Applications
    • LDAP: Search Filters
    • LDIF: LDAP Data Interchange Format
    • OpenLDAP Client Tools
    • Alternative LDAP Tools
  7. OpenLDAP Servers
    • Popular LDAP Server Implementations
    • OpenLDAP: Server Architecture
    • OpenLDAP: Backends
    • OpenLDAP: Replication
    • OpenLDAP: Configuration Options
    • OpenLDAP: Configuration Sections
    • OpenLDAP: Global Parameters
    • OpenLDAP: Database Parameters
    • OpenLDAP Server Tools
    • Enabling LDAP-based Login
    • System Security Services Daemon (SSSD)
  8. Using Apache
    • HTTP Operation
    • Apache Architecture
    • Dynamic Shared Objects
    • Adding Modules to Apache
    • Apache Configuration Files
    • httpd.conf - Server Settings
    • httpd.conf - Main Configuration
    • HTTP Virtual Servers
    • Virtual Hosting DNS Implications
    • httpd.conf - VirtualHost Configuration
    • Port and IP based Virtual Hosts
    • Name-based Virtual Host
    • Apache Logging
    • Log Analysis
    • The Webalizer
  9. Apache Security
    • Virtual Hosting Security Implications
    • Delegating Administration
    • Directory Protection
    • Directory Protection with AllowOverride
    • Common Uses for .htaccess
    • Symmetric Encryption Algorithms
    • Asymmetric Encryption Algorithms
    • Digital Certificates
    • SSL Using mod_ssl.so
  10. Apache Server-Side Scripting Administration
    • Dynamic HTTP Content
    • PHP: Hypertext Preprocessor
    • Developer Tools for PHP
    • Installing PHP
    • Configuring PHP
    • Securing PHP
    • Security Related php.ini Configuration
    • Java Servlets and JSP
    • Apache's Tomcat
    • Installing Java SDK
    • Installing Tomcat Manually
    • Using Tomcat with Apache
  11. Implementing an FTP Server
    • The FTP Protocol
    • Active Mode FTP
    • Passive Mode FTP
    • ProFTPD
    • Pure-FTPd
    • vsftpd
    • Configuring vsftpd
    • Anonymous FTP with vsftpd
  12. The Squid Proxy Server
    • Squid Overview
    • Squid File Layout
    • Squid Access Control Lists
    • Applying Squid ACLs
    • Tuning Squid & Configuring Cache Hierarchies
    • Bandwidth Metering
    • Monitoring Squid
    • Proxy Client Configuration
  13. Samba Concepts and Configuration
    • Introducing Samba
    • Samba Daemons
    • NetBIOS and NetBEUI
    • Accessing Windows/Samba Shares from Linux
    • Samba Utilities
    • Samba Configuration Files
    • The smb.conf File
    • Mapping Permissions and ACLs
    • Mapping Linux Concepts
    • Mapping Case Sensitivity
    • Mapping Users
    • Sharing Home Directories
    • Sharing Printers
    • Share Authentication
    • Share-Level Access
    • User-Level Access
    • Samba Account Database
    • User Share Restrictions
  14. SMTP Theory
    • SMTP
    • SMTP Terminology
    • SMTP Architecture
    • SMTP Commands
    • SMTP Extensions
    • SMTP AUTH
    • SMTP STARTTLS
    • SMTP Session
  15. POSTFIX
    • Postfix Features
    • Postfix Architecture
    • Postfix Components
    • Postfix Configuration
    • master.cf
    • main.cf
    • Postfix Map Types
    • Postfix Pattern Matching
    • Advanced Postfix Options
    • Virtual Domains
    • Postfix Mail Filtering
    • Configuration Commands
    • Management Commands
    • Postfix Logging
    • Logfile Analysis
    • chrooting Postfix
    • Postfix, Relaying and SMTP AUTH
    • SMTP AUTH Server and Relay Control
    • SMTP AUTH Clients
    • Postfix / TLS
    • TLS Server Configuration
    • Postfix Client Configuration for TLS
    • Other TLS Clients
    • Ensuring TLS Security
  16. Mail Services and Retrieval
    • Filtering Email
    • Procmail
    • SpamAssassin
    • Bogofilter
    • amavisd-new Mail Filtering
    • Accessing Email
    • The IMAP4 Protocol
    • Dovecot POP3/IMAP Server
    • Cyrus IMAP/POP3 Server
    • Cyrus IMAP MTA Integration
    • Cyrus Mailbox Administration
    • Fetchmail
    • SquirrelMail
    • Mailing Lists
    • GNU Mailman
    • Mailman Configuration
  17. Appendix A - Sendmail
    • Sendmail Architecture
    • Sendmail Components
    • Sendmail Configuration
    • Sendmail Remote Configuration
    • Controlling Access
    • Sendmail Mail Filter (milter)
    • Configuring Sendmail SMTP AUTH
    • Configuring SMTP STARTTLS
  18. Appendix B - NIS
    • NIS Overview
    • NIS Limitations and Advantages
    • NIS Client Configuration
    • NIS Server Configuration
    • NIS Troubleshooting Aids
Enterprise Linux Network Services Training Class Objectives
  • Configure network devices to communicate in networks
  • Implement Internet and web hosting services
  • Manage file services
  • Learn LDAP concepts and clients
  • How to use Apache
  • Implement FTP and Squid servers
  • Secure networks
  • Troubleshoot system and network issues