GL275 - Enterprise Linux Networking Services

Need something different? Guru Labs has other Linux and security courses and can build a custom course that covers exactly what you need!

The GL275 is an expansive course that covers a wide range of network services useful to every organization. Special attention is paid to the concepts needed to implement these services securely, and to the trouble-shooting skills which will be necessary for real-world administration of these network services. Like all Guru Labs courses, the course material is designed to provide extensive hands-on experience. Topics include: Security with SELinux and Netfilter, DNS concepts and implementation with Bind; LDAP concepts and implementation using OpenLDAP; Web services with Apache; FTP with vsftpd; caching, filtering proxies with Squid; SMB/CIFS (Windows networking) with Samba; and e-mail concepts and implementation with Postfix combined with either Dovecot or Cyrus.

Prerequisites:

Students should already be comfortable with basic Linux or Unix administration. Fundamentals such as the Linux filesystem, process management, and how to edit files will not be covered in class. A good understanding of network concepts, the TCP/IP protocol suite is also assumed. These skills are taught in the GL120 "Linux Fundamentals" and GL250 "Enterprise Linux Systems Administration" courses.

Supported Distributions:
Red Hat Enterprise Linux 5 Update 4
SUSE Linux Enterprise 11
Recommended Class Length:
5 days
Detailed Course Outline:
  1. SECURITY CONCEPTS
    1. Security Concepts
    2. Tightening Default Security
    3. Security Advisories
    4. xinetd
    5. Xinetd Configuration and Access Control
    6. Xinetd Connection Limiting
    7. Xinetd: Resource limits, redirection, logging
    8. TCP Wrappers
    9. The /etc/hosts.allow and /etc/hosts.deny Files
    10. /etc/hosts.{allow,deny} Shortcuts
    11. Advanced TCP Wrappers
    12. Basic Firewall Activation
    13. Netfilter: Stateful Packet Filter Firewall
    14. Netfilter Concepts
    15. Using the iptables Command
    16. Netfilter Rule Syntax
    17. Targets
    18. Common match_specs
    19. Connection Tracking
    Lab Tasks
    1. Securing xinetd Services
    2. Enforcing Security Policy with xinetd
    3. Securing Services with TCP Wrappers
    4. Securing Services with Netfilter
    5. Troubleshooting Practice
  2. SELINUX INTRODUCTION
    1. SELinux Security Framework
    2. Choosing an SELinux Policy
    3. SELinux Commands
    4. SELinux Booleans
    5. Graphical SELinux Policy Tools
    Lab Tasks
    1. SELinux File Contexts
  3. DNS Concepts
    1. Naming Services
    2. DNS - A Better Way
    3. The Domain Name Space
    4. Delegation and Zones
    5. Server Roles
    6. Resolving Names
    7. Resolving IP Addresses
    8. BIND Administration
    9. Configuring the Resolver
    10. Testing Resolution
    Lab Tasks
    1. Configuring a Slave Name Server
  4. Configuring BIND
    1. BIND Configuration Files
    2. named.conf Syntax
    3. named.conf Options Block
    4. Creating a Site-Wide Cache
    5. rndc Key Configuration
    6. Zones In named.conf
    7. Zone Database File Syntax
    8. SOA - Start of Authority
    9. A and PTR - Address and Pointer Records
    10. NS - Name Server
    11. CNAME and MX - Alias and Mail Host
    12. Abbreviations and Gotchas
    13. $ORIGIN and $GENERATE
    Lab Tasks
    1. Configure rndc for Secure named Control
    2. Configuring BIND Zone Files
  5. Creating DNS Hierarchies
    1. Subdomains and Delegation
    2. Subdomains
    3. Delegating Zones
    4. in-addr.arpa. Delegation
    5. Issues with in-addr.arpa.
    6. RFC2317 and in-addr.arpa.
    Lab Tasks
    1. Create a Subdomain in an Existing Domain
    2. Subdomain Delegation
  6. Securing BIND and DNS
    1. Split Namespaces
    2. Using Views with BIND 9
    3. Address Match Lists & ACLs
    4. Restricting Queries
    5. Restricting Zone Transfers
    6. Running BIND in a chroot jail
    7. Dynamic DNS Concepts
    8. Allowing Dynamic DNS Updates
    9. DDNS Administration with nsupdate
    10. Common Problems
    Lab Tasks
    1. Configuring Dynamic DNS
    2. Securing BIND DNS
  7. LDAP Concepts and Clients
    1. Centralized Authentication
    2. Directory Services
    3. LDAP
    4. What LDAP Provides
    5. LDAP Concepts
    6. LDAP Organization
    7. Schema
    8. Entry Referencing
    9. LDIF
    10. LDAP Architecture
    11. LDAP Implementations
    12. LDAP Client Configuration
    13. Querying LDAP Databases
    Lab Tasks
    1. Querying an Existing LDAP Directory
  8. OpenLDAP Servers
    1. OpenLDAP Components
    2. Configuring slapd
    3. /etc/openldap/ldap.conf Global Parameters
    4. Schema Definition
    5. OpenLDAP Access Control
    6. Backend Types
    7. Backend Configuration
    8. Database Configuration
    9. Indexes
    10. Replicas
    11. LDAP Replica Configuration
    12. OpenLDAP Configuration Syntax Check
    Lab Tasks
    1. Configuring LDAP Directory Services
    2. Modifying LDAP Directory Entries
  9. Using OpenLDAP
    1. Managing slapd
    2. Online LDAP Data Manipulation
    3. Offline LDAP Data Manipulation
    4. Native LDAP Authentication and Migration
    5. Native LDAP Client Config
    Lab Tasks
    1. Configuring LDAP for Secure TLS Access
    2. Configuring LDAP Clients and Servers for Directory Authentication
  10. Using Apache
    1. HTTP Operation
    2. Apache History and Status
    3. Apache Architecture
    4. SSL/HTTPS and Apache
    5. Apache Configuration Files
    6. httpd.conf - Server Settings
    7. httpd.conf - Main Configuration
    8. httpd.conf - VirtualHost Configuration
    9. Dynamic Shared Objects
    10. Adding Modules to Apache
    11. Apache Logging
    12. Log Analysis
    13. The Webalizer
    Lab Tasks
    1. Configure Apache
    2. Apache Content
  11. Virtual Hosting with Apache
    1. HTTP Virtual Servers
    2. DNS Implications
    3. Security Implications
    4. IP-based Virtual Host
    5. Name-based Virtual Host
    6. Port-based Virtual Host
    Lab Tasks
    1. Configuring Virtual Hosts
  12. Apache Security
    1. Delegating Administration
    2. Directory Protection
    3. Common Uses for .htaccess
    4. Symmetric Encryption Algorithms
    5. Asymmetric Encryption algorithms
    6. Digital Certificates
    7. SSL Using mod_ssl.so
    Lab Tasks
    1. Using .htaccess Files
    2. Using SSL Certificates with Apache
  13. Apache Server-Side Scripting Administration
    1. Dynamic HTTP Content
    2. PHP: Hypertext Preprocessor
    3. Developer Tools for PHP
    4. Installing PHP
    5. Configuring PHP
    6. Securing PHP
    7. Security Related php.ini Configuration
    8. Java Servlets and JSP
    9. Apache's Tomcat
    10. Installing Java SDK
    11. Installing Tomcat Manually
    12. Using Tomcat with Apache
    Lab Tasks
    1. CGI Scripts in Apache
    2. Apache's Tomcat
    3. Using Tomcat with Apache
    4. Installing Applications with Apache and Tomcat
  14. Implementing an FTP Server
    1. The FTP Protocol
    2. FTP Operation
    3. Active Mode FTP
    4. Passive Mode FTP
    5. vsftpd
    6. Configuring vsftpd
    7. Anonymous FTP with vsftpd
    Lab Tasks
    1. Configuring vsftpd
  15. The Squid Proxy Server
    1. Squid Overview
    2. Squid File Layout
    3. Squid Access Control Lists
    4. Applying Squid ACLs
    5. Tuning Squid and Configuring Cache Hierarchies
    6. Bandwidth Metering
    7. Monitoring Squid
    8. Proxy Client Configuration
    Lab Tasks
    1. Installing and Configuring Squid
    2. Squid Cache Manager CGI
    3. Proxy Auto Configuration
    4. Configure a Squid Proxy Cluster
  16. Samba Concepts and Configuration
    1. Introducing Samba
    2. Samba Daemons
    3. NetBIOS and NetBEUI
    4. Accessing Windows/Samba Shares from Linux
    5. Samba Utilities
    6. Samba Configuration Files
    7. The smb.conf File
    8. Unix and DOS Permissions
    9. Unix and Windows Concepts
    10. Name and Case Mangling
    11. Sharing Home Directories
    12. Sharing Printers
    13. Share Authentication
    14. Share-Level Access
    15. User-Level Access
    16. Mapping Users
    17. SMB and Passwords
    18. The smbpasswd Database
    19. User Share Restrictions
    Lab Tasks
    1. Samba Share-Level Access
    2. Samba User-Level Access
    3. Samba Group Shares
    4. Configuring Samba
    5. Samba Home Directory Shares
  17. SMTP Theory
    1. SMTP
    2. SMTP Terminology
    3. SMTP Architecture
    4. SMTP Commands
    5. SMTP Extensions
    6. SMTP AUTH
    7. SMTP STARTTLS
    8. SMTP Session
  18. Postfix
    1. Postfix Features
    2. Postfix Architecture
    3. Postfix Components
    4. Postfix Configuration
    5. master.cf
    6. main.cf
    7. Postfix Map Types
    8. Postfix Pattern Matching
    9. Advanced Options
    10. Virtual Domains
    11. Postfix Mail Filtering
    12. Configuration Commands
    13. Management Commands
    14. Postfix Logging
    15. Log file Analysis
    16. chrooting Postfix
    17. Postfix and SMTP AUTH
    18. SMTP AUTH Server
    19. SMTP AUTH Clients
    20. Postfix Extensions
    21. Postfix / TLS
    22. TLS Server Configuration
    23. Postfix Client Configuration for TLS
    24. Other TLS Clients
    25. Ensuring TLS Security
    Lab Tasks
    1. Configuring Postfix
    2. Postfix Network Configuration
    3. Postfix Virtual Host Configuration
    4. Postfix SMTP AUTH Configuration
    5. Postfix STARTTLS Configuration
  19. MAIL SERVICES AND RETRIEVAL
    1. Filtering Email
    2. Procmail
    3. SpamAssassin
    4. Bogofilter
    5. Sendmail Mail Filter (milter)
    6. amavisd-new Mail Filtering
    7. Accessing Email
    8. The IMAP4 Protocol
    9. Dovecot POP3/IMAP Server
    10. Cyrus IMAP/POP3 Server
    11. Cyrus IMAP MTA Integration
    12. Cyrus Mailbox Administration
    13. Fetchmail
    14. SquirrelMail
    15. Mailing Lists
    16. GNU Mailman
    17. Mailman Configuration
    Lab Tasks
    1. Configuring Procmail & SpamAssassin
    2. Configuring Cyrus IMAP
    3. Configuring SquirrelMail
    4. Base Mailman Configuration
    5. Basic Mailing List
    6. Private Mailing List
  1. Sendmail
    1. Sendmail Architecture
    2. Sendmail Components
    3. Sendmail Configuration
    4. Databases
    5. Sendmail Remote Configuration
    6. Controlling Access
    7. Configuring Sendmail SMTP AUTH
    8. Configuring SMTP START TLS
    Lab Tasks
    1. Configuring Sendmail
    2. Sendmail Network Configuration
    3. Sendmail Virtual Host Configuration
    4. Sendmail SMTP AUTH Configuration
    5. Sendmail STARTTLS Configuration
    6. Testing TLS Encryption
  2. INTERNETNEWS
    1. News Overview
    2. InterNetNews Overview
    3. General INN Configuration
    4. News Storage
    5. News Feeds
    6. News Readers
    7. Moderating Newsgroups
    8. Managing InterNetNews Server
    9. Controlling the InterNetNews Server
    10. Configuring TLS/SSL
    Lab Tasks
    1. Configure Base INN Settings
    2. Hide Newsgroups
    3. Allow Post Access
    4. Configure moderated newsgroup using cnfs
    5. Feed news articles to remote news server