Enterprise Linux Network Services (LN4988)

This five-day expansive course covers a wide range of network services useful to every organization. Special attention is paid to the concepts needed to implement these services securely, and to the trouble-shooting skills which will be necessary for real-world administration of these network services. The course material is designed to provide extensive hands-on experience. Topics include: Security with SELinux and Netfilter, DNS concepts and implementation with Bind; LDAP concepts and implementation using OpenLDAP; Web services with Apache; FTP with vsftpd; caching, filtering proxies with Squid; SMB/CIFS (Windows networking) with Samba; and e-mail concepts and implementation with Postfix combined with either Dovecot or Cyrus.

Applicable solutions

Public class

Duration:

5 days / 35 hours

Private class

Virtual classroom

Minimum no. of participants: 5

5 days / 35 hours

Price on request

English or French

Training plan:

Module 1: Securing Services

Xinetd
Xinetd Connection Limiting and Access Control
Xinetd: Resource limits, redirection, logging
TCP Wrappers
The /etc/hosts.allow & /etc/hosts.deny Files
/etc/hosts.{allow,deny} Shortcuts
Advanced TCP Wrappers
Basic Firewall Activation
Netfilter: Stateful Packet Filter Firewall
Netfilter Concepts
Using the iptables Command
Netfilter Rule Syntax
Targets
Common match_specs
Connection Tracking
AppArmor
SELinux Security Framework
Choosing an SELinux Policy
SELinux Commands
SELinux Booleans
Graphical SELinux Policy Tools

Module 2: SELINUX ans LSM

AppArmor
SELinux Security Framework
Choosing an SELinux Policy
SELinux Commands
SELinux Booleans
SELinux Policy Tools

Module 3: DNS Concepts

Naming Services
DNS - A Better Way
The Domain Name Space
Delegation and Zones
Server Roles
Resolving Names
Resolving IP Addresses
Basic BIND Administration
Configuring the Resolver
Testing Resolution

Module 4: Configuring Bind

BIND Configuration Files
named.conf Syntax
named.conf Options Block
Creating a Site-Wide Cache
rndc Key Configuration
Zones In named.conf
Zone Database File Syntax
SOA - Start of Authority
A & PTR - Address & Pointer Records
NS - Name Server
CNAME & MX - Alias & Mail Host
Abbreviations and Gotchas
$ORIGIN and $GENERATE

Module 5: Creating DNS Hierarchies

Subdomains and Delegation
Subdomains
Delegating Zones
in-addr.arpa. Delegation
Issues with in-addr.arpa.
RFC2317 & in-addr.arpa.

Module 6: Advanced Bind DNS Features

Address Match Lists & ACLs
Split Namespace with Views
Restricting Queries
Restricting Zone Transfers
Running BIND in a chroot jail
Dynamic DNS Concepts
Allowing Dynamic DNS Updates
DDNS Administration with nsupdate
Common Problems
Common Problems
Securing DNS with TSIG

Module 7: Using Apache

HTTP Operation
Apache Architecture
Dynamic Shared Objects
Adding Modules to Apache
Apache Configuration Files
httpd.conf - Server Settings
httpd.conf - Main Configuration
HTTP Virtual Servers
Virtual Hosting DNS Implications
httpd.conf - VirtualHost Configuration
Port and IP based Virtual Hosts
Name-based Virtual Host
Apache Logging
Log Analysis
The Webalizer

Module 8: Apache Security

Virtual Hosting Security Implications
Delegating Administration
Directory Protection
Directory Protection with AllowOverride
Common Uses for .htaccess
Symmetric Encryption Algorithms
Asymmetric Encryption Algorithms
Digital Certificates
SSL Using mod_ssl.so

Module 9: Apache Server-Side Scripting Administration

Dynamic HTTP Content
PHP: Hypertext Preprocessor
Developer Tools for PHP
Installing PHP
Configuring PHP
Securing PHP
Security Related php.ini Configuration
Java Servlets and JSP
Apache's Tomcat
Installing Java SDK
Installing Tomcat Manually
Using Tomcat with Apache

Module 10: Implementing an FTP server

The FTP Protocol
Active Mode FTP
Passive Mode FTP
ProFTPD
Pure-FTPd
vsftpd
Configuring vsftpd
Anonymous FTP with vsftpd

Module 11: The Squid Proxy Server

Squid Overview
Squid File Layout
Squid Access Control Lists
Applying Squid ACLs
Tuning Squid & Configuring Cache Hierarchies
Bandwidth Metering
Monitoring Squid
Proxy Client Configuration

Module 12: SQL fundamentals and MariaDB

Popular SQL Databases
SELECT Statements
INSERT Statements
UPDATE Statements
DELETE Statements
JOIN Clauses
MariaDB
MariaDB Installation and Security
MariaDB User Account Management
MariaDB Replication

Module 13: LDAP concepts and clients

LDAP: History and Uses
LDAP: Data Model Basics
LDAP: Protocol Basics
LDAP: Applications
LDAP: Search Filters
LDIF: LDAP Data Interchange Format
OpenLDAP Client Tools
Alternative LDAP Tools

Module 14: OpenLDAP servers

Popular LDAP Server Implementations
OpenLDAP: Server Architecture
OpenLDAP: Backends
OpenLDAP: Replication
Managing slapd
OpenLDAP: Configuration Options
OpenLDAP: Configuration Sections
OpenLDAP: Global Parameters
OpenLDAP: Database Parameters
OpenLDAP Server Tools
Native LDAP Authentication and Migration
Enabling LDAP-based Login
System Security Services Daemon (SSSD)

Module 15: Samba Concepts and Configuration

Introducing Samba
Samba Daemons
NetBIOS and NetBEUI
Accessing Windows/Samba Shares from Linux
Samba Utilities
Samba Configuration Files
The smb.conf File
Mapping Permissions and ACLs
Mapping Linux Concepts
Mapping Case Sensitivity
Mapping Users
Sharing Home Directories
Sharing Printers
Share Authentication
Share-Level Access
User-Level Access
Samba Account Database
User Share Restrictions

Module 16: SMTP Theory

SMTP
SMTP Terminology
SMTP Architecture
SMTP Commands
SMTP Extensions
SMTP AUTH
SMTP STARTTLS
SMTP Session

Module 17: POSTFIX

Postfix Features
Postfix Architecture
Postfix Components
Postfix Configuration
master.cf
main.cf
Postfix Map Types
Postfix Pattern Matching
Advanced Postfix Options
Virtual Domains
Postfix Mail Filtering
Configuration Commands
Management Commands
Postfix Logging
Logfile Analysis
chrooting Postfix
Postfix, Relaying and SMTP AUTH
SMTP AUTH Server and Relay Control
SMTP AUTH Clients
Postfix / TLS
TLS Server Configuration
Postfix Client Configuration for TLS
Other TLS Clients
Ensuring TLS Security

Module 18: Mail Services and Retrieval

Filtering Email
Procmail
SpamAssassin
Bogofilter
amavisd-new Mail Filtering
Accessing Email
The IMAP4 Protocol
Dovecot POP3/IMAP Server
Cyrus IMAP/POP3 Server
Cyrus IMAP MTA Integration
Cyrus Mailbox Administration
Fetchmail
SquirrelMail
Mailing Lists
GNU Mailman
Mailman Configuration

Exclusives:

One year access to the class recording
Access to the lab environment during the training
Course material accessible in electronic format
Certificate of attendance

View the complete list of exclusives offered for your course

Prerequisites:

Students should already be comfortable with basic Linux or UNIX administration, and have a good understanding of network concepts, the TCP/IP protocol suite is also assumed.

Follow-on trainings:

Enterprise Linux Systems Administration (LN4987)

Enterprise Linux Security Administration (LN4990)

Audiences:

Systems and Networks Specialist

Eccentrix Corner writing/whitepaper:

Exploring Unusual Types of Cloud Hosting Services: Beyond the Basics

Setting Up a Computer Network: A Comprehensive Configuration Guide

The Network+ Certification: Empowering IT Professionals for Networking Success

Contact us for more information on pricing::

Eccentrix
Office: 1-888-718-9732
E-mail: info@eccentrix.ca

130, King Street West, Suite 1800
Toronto, Ontario M5X 1E3
www.eccentrix.ca