logo

Enterprise Linux Network Services (LN4988)

This five-day expansive course covers a wide range of network services useful to every organization. Special attention is paid to the concepts needed to implement these services securely, and to the trouble-shooting skills which will be necessary for real-world administration of these network services. The course material is designed to provide extensive hands-on experience. Topics include: Security with SELinux and Netfilter, DNS concepts and implementation with Bind; LDAP concepts and implementation using OpenLDAP; Web services with Apache; FTP with vsftpd; caching, filtering proxies with Squid; SMB/CIFS (Windows networking) with Samba; and e-mail concepts and implementation with Postfix combined with either Dovecot or Cyrus.

A preferential rate (-15%) applies to the regular cost for non-profit organizations, as well as the government sector. In addition, you can benefit from additional advantages through a corporate agreement when you need to train several people or teams in your company. Contact us for details.

Public class

Duration: 
5 days / 35 hours

Private class

On site / Virtual classroom
Minimum no. of participants: 4
5 days / 35 hours
Price on request
English or Serbian
Training plan: 

Module 1: Securing Services

  • Xinetd
  • Xinetd Connection Limiting and Access Control
  • Xinetd: Resource limits, redirection, logging
  • TCP Wrappers
  • The /etc/hosts.allow & /etc/hosts.deny Files
  • /etc/hosts.{allow,deny} Shortcuts
  • Advanced TCP Wrappers
  • Basic Firewall Activation
  • Netfilter: Stateful Packet Filter Firewall
  • Netfilter Concepts
  • Using the iptables Command
  • Netfilter Rule Syntax
  • Targets
  • Common match_specs
  • Connection Tracking
  • AppArmor
  • SELinux Security Framework
  • Choosing an SELinux Policy
  • SELinux Commands
  • SELinux Booleans
  • Graphical SELinux Policy Tools

Module 2: SELINUX ans LSM

  • AppArmor
  • SELinux Security Framework
  • Choosing an SELinux Policy
  • SELinux Commands
  • SELinux Booleans
  • SELinux Policy Tools

Module 3: DNS Concepts

  • Naming Services
  • DNS - A Better Way
  • The Domain Name Space
  • Delegation and Zones
  • Server Roles
  • Resolving Names
  • Resolving IP Addresses
  • Basic BIND Administration
  • Configuring the Resolver
  • Testing Resolution

Module 4: Configuring Bind

  • BIND Configuration Files
  • named.conf Syntax
  • named.conf Options Block
  • Creating a Site-Wide Cache
  • rndc Key Configuration
  • Zones In named.conf
  • Zone Database File Syntax
  • SOA - Start of Authority
  • A & PTR - Address & Pointer Records
  • NS - Name Server
  • CNAME & MX - Alias & Mail Host
  • Abbreviations and Gotchas
  • $ORIGIN and $GENERATE

Module 5: Creating DNS Hierarchies

  • Subdomains and Delegation
  • Subdomains
  • Delegating Zones
  • in-addr.arpa. Delegation
  • Issues with in-addr.arpa.
  • RFC2317 & in-addr.arpa.

Module 6: Advanced Bind DNS Features

  • Address Match Lists & ACLs
  • Split Namespace with Views
  • Restricting Queries
  • Restricting Zone Transfers
  • Running BIND in a chroot jail
  • Dynamic DNS Concepts
  • Allowing Dynamic DNS Updates
  • DDNS Administration with nsupdate
  • Common Problems
  • Common Problems
  • Securing DNS with TSIG

Module 7: Using Apache

  • HTTP Operation
  • Apache Architecture
  • Dynamic Shared Objects
  • Adding Modules to Apache
  • Apache Configuration Files
  • httpd.conf - Server Settings
  • httpd.conf - Main Configuration
  • HTTP Virtual Servers
  • Virtual Hosting DNS Implications
  • httpd.conf - VirtualHost Configuration
  • Port and IP based Virtual Hosts
  • Name-based Virtual Host
  • Apache Logging
  • Log Analysis
  • The Webalizer

Module 8: Apache Security

  • Virtual Hosting Security Implications
  • Delegating Administration
  • Directory Protection
  • Directory Protection with AllowOverride
  • Common Uses for .htaccess
  • Symmetric Encryption Algorithms
  • Asymmetric Encryption Algorithms
  • Digital Certificates
  • SSL Using mod_ssl.so

Module 9: Apache Server-Side Scripting Administration

  • Dynamic HTTP Content
  • PHP: Hypertext Preprocessor
  • Developer Tools for PHP
  • Installing PHP
  • Configuring PHP
  • Securing PHP
  • Security Related php.ini Configuration
  • Java Servlets and JSP
  • Apache's Tomcat
  • Installing Java SDK
  • Installing Tomcat Manually
  • Using Tomcat with Apache


Module 10: Implementing an FTP server

  • The FTP Protocol
  • Active Mode FTP
  • Passive Mode FTP
  • ProFTPD
  • Pure-FTPd
  • vsftpd
  • Configuring vsftpd
  • Anonymous FTP with vsftpd

Module 11: The Squid Proxy Server

  • Squid Overview
  • Squid File Layout
  • Squid Access Control Lists
  • Applying Squid ACLs
  • Tuning Squid & Configuring Cache Hierarchies
  • Bandwidth Metering
  • Monitoring Squid
  • Proxy Client Configuration

Module 12: SQL fundamentals and MariaDB

  • Popular SQL Databases
  • SELECT Statements
  • INSERT Statements
  • UPDATE Statements
  • DELETE Statements
  • JOIN Clauses
  • MariaDB
  • MariaDB Installation and Security
  • MariaDB User Account Management
  • MariaDB Replication

Module 13: LDAP concepts and clients

  • LDAP: History and Uses
  • LDAP: Data Model Basics
  • LDAP: Protocol Basics
  • LDAP: Applications
  • LDAP: Search Filters
  • LDIF: LDAP Data Interchange Format
  • OpenLDAP Client Tools
  • Alternative LDAP Tools

Module 14: OpenLDAP servers

  • Popular LDAP Server Implementations
  • OpenLDAP: Server Architecture
  • OpenLDAP: Backends
  • OpenLDAP: Replication
  • Managing slapd
  • OpenLDAP: Configuration Options
  • OpenLDAP: Configuration Sections
  • OpenLDAP: Global Parameters
  • OpenLDAP: Database Parameters
  • OpenLDAP Server Tools
  • Native LDAP Authentication and Migration
  • Enabling LDAP-based Login
  • System Security Services Daemon (SSSD)

Module 15: Samba Concepts and Configuration

  • Introducing Samba
  • Samba Daemons
  • NetBIOS and NetBEUI
  • Accessing Windows/Samba Shares from Linux
  • Samba Utilities
  • Samba Configuration Files
  • The smb.conf File
  • Mapping Permissions and ACLs
  • Mapping Linux Concepts
  • Mapping Case Sensitivity
  • Mapping Users
  • Sharing Home Directories
  • Sharing Printers
  • Share Authentication
  • Share-Level Access
  • User-Level Access
  • Samba Account Database
  • User Share Restrictions

Module 16: SMTP Theory

  • SMTP
  • SMTP Terminology
  • SMTP Architecture
  • SMTP Commands
  • SMTP Extensions
  • SMTP AUTH
  • SMTP STARTTLS
  • SMTP Session

Module 17: POSTFIX

  • Postfix Features
  • Postfix Architecture
  • Postfix Components
  • Postfix Configuration
  • master.cf
  • main.cf
  • Postfix Map Types
  • Postfix Pattern Matching
  • Advanced Postfix Options
  • Virtual Domains
  • Postfix Mail Filtering
  • Configuration Commands
  • Management Commands
  • Postfix Logging
  • Logfile Analysis
  • chrooting Postfix
  • Postfix, Relaying and SMTP AUTH
  • SMTP AUTH Server and Relay Control
  • SMTP AUTH Clients
  • Postfix / TLS
  • TLS Server Configuration
  • Postfix Client Configuration for TLS
  • Other TLS Clients
  • Ensuring TLS Security

Module 18: Mail Services and Retrieval

  • Filtering Email
  • Procmail
  • SpamAssassin
  • Bogofilter
  • amavisd-new Mail Filtering
  • Accessing Email
  • The IMAP4 Protocol
  • Dovecot POP3/IMAP Server
  • Cyrus IMAP/POP3 Server
  • Cyrus IMAP MTA Integration
  • Cyrus Mailbox Administration
  • Fetchmail
  • SquirrelMail
  • Mailing Lists
  • GNU Mailman
  • Mailman Configuration
Exclusives: 
  • One year access to the class recording
  • Access to the lab environment during the training
  • Course material accessible in electronic format
  • Certificate of attendance
Prerequisites: 

Students should already be comfortable with basic Linux or UNIX administration, and have a good understanding of network concepts, the TCP/IP protocol suite is also assumed.

Contact us for more information on pricing::

Eccentrix
Office: 1-888-718-9732
E-mail: info@eccentrix.ca

130, King Street West, Suite 1800
Toronto, Ontario M5X 1E3
www.eccentrix.ca