GL275 - Enterprise Linux Networking Services

The GL275 is an expansive course that covers a wide range of network services useful to every organization. Special attention is paid to the concepts needed to implement these services securely, and to the trouble-shooting skills which will be necessary for real-world administration of these network services. Like all Guru Labs courses, the course material is designed to provide extensive hands-on experience. Topics include: DNS concepts and implementation with Bind; LDAP concepts and implementation using OpenLDAP; Web services with Apache; FTP with vsftpd; caching, filtering proxies with Squid; SMB/CIFS (Windows networking) with Samba; and e-mail concepts and implementation with either Sendmail or Postfix combined with either Dovecot or Cyrus. On request, discussion of NIS is also included.

Prerequisites:

Students should already be comfortable with basic Linux or Unix administration. Fundamentals such as the Linux filesystem, process management, and how to edit files will not be covered in class. A good understanding of network concepts, the TCP/IP protocol suite, SELinux, and firewalling with iptables is also assumed. These skills are taught in the GL120 "Linux Fundamentals" and GL250 "Enterprise Linux Systems Administration" courses.

Supported Distributions:

Red Hat Enterprise Linux 5 Update 4

Recommended Class Length:

5 days

Detailed Course Outline:

  1. DNS Concepts
    1. Naming Services
    2. DNS - A Better Way
    3. The Domain Name Space
    4. Delegation and Zones
    5. Server Roles
    6. Resolving Names and IP Addresses
    7. BIND Administration
    8. rndc Key Configuration
    9. Configuring the Resolver
    10. Testing Resolution
    Lab Tasks
    1. Configuring a Slave Name Server
    2. Configure rndc for Secure named Control
  2. Configuring BIND
    1. BIND Configuration Files
    2. named.conf Syntax and Options Block
    3. Creating a Site-Wide Cache
    4. Zones In named.conf
    5. Zone Database File Syntax
    6. SOA - Start of Authority
    7. A & PTR - Address & Pointer Records
    8. NS - Name Server
    9. CNAME & MX - Alias & Mail Host
    10. Abbreviations and Gotchas
    11. $ORIGIN and $GENERATE
    Lab Tasks
    1. Configuring BIND Zone Files
  3. Creating DNS Hierarchies
    1. Subdomains and Delegation
    2. Delegating Zones
    3. in-addr.arpa. Delegation
    4. Issues with in-addr.arpa.
    5. RFC2317 & in-addr.arpa.
    Lab Tasks
    1. Create a Subdomain in an Existing Domain
    2. Subdomain Delegation
  4. Securing BIND and DNS
    1. Split Namespaces
    2. Using Views with BIND 9
    3. Address Match Lists & ACLs
    4. Restricting Queries
    5. Restricting Zone Transfers
    6. Running BIND in a chroot jail
    7. Dynamic DNS Concepts
    8. Allowing Dynamic DNS Updates
    9. DDNS Administration with nsupdate
    10. Common Problems
    Lab Tasks
    1. Configuring Dynamic DNS
    2. Securing BIND DNS
  5. LDAP Concepts and Clients
    1. Centralized Authentication
    2. Directory Services
    3. LDAP
    4. What LDAP Provides
    5. LDAP Concepts and Organization
    6. Schema
    7. Entry Referencing
    8. LDIF
    9. LDAP Architecture, Security, Implementa­tions, and Client Configuration
    10. Querying LDAP Databases
    Lab Tasks
    1. Querying an Existing LDAP Directory
  6. OpenLDAP Servers
    1. OpenLDAP Components
    2. Configuring slapd
    3. /etc/openldap/ldap.conf Global Parameters
    4. Schema Definition
    5. OpenLDAP Access Control
    6. Backend Types and Configuration
    7. Database Configuration
    8. Indexes
    9. Replicas
    10. LDAP Replica Configuration
    11. OpenLDAP Configuration Syntax Check
    Lab Tasks
    1. Configuring LDAP Directory Services
    2. Modifying LDAP Directory Entries
  7. Using OpenLDAP
    1. Managing slapd
    2. Online and Offline LDAP Data Manipulation
    3. Native LDAP Authentication and Client Config
    Lab Tasks
    1. Configuring LDAP for Secure TLS Access
    2. Configuring LDAP Clients and Servers for Directory Authentication
  8. Using Apache
    1. HTTP Operation
    2. Apache History and Status
    3. Apache Architecture
    4. SSL/HTTPS and Apache
    5. Apache Configuration Files
    6. httpd.conf
    7. Dynamic Shared Objects
    8. Adding Modules to Apache
    9. Apache Logging
    10. Log Analysis
    11. The Webalizer
    Lab Tasks
    1. Configure Apache
    2. Apache Content
  9. Virtual Hosting with Apache
    1. HTTP Virtual Servers
    2. DNS Implications
    3. Security Implications
    4. IP-based Virtual Host
    5. Name-based Virtual Host
    6. Port-based Virtual Host
    Lab Tasks
    1. Configuring Virtual Hosts
  10. Apache Security
    1. Delegating Administration
    2. Directory Protection
    3. Common Uses for .htaccess
    4. Symmetric Encryption Algorithms
    5. Asymmetric Encryption algorithms
    6. Digital Certificates
    7. SSL Using mod_ssl.so
    Lab Tasks
    1. Using .htaccess Files
    2. Using SSL Certificates with Apache
  11. Apache Server-Side Programming Basics
    1. Dynamic HTTP Content
    2. PHP: Hypertext Preprocessor
    3. Developer Tools for PHP
    4. Installing PHP
    5. Configuring PHP
    6. Securing PHP
    7. Security Related php.ini Configuration
    8. Java Servlets and JSP
    9. Apache's Tomcat
    10. Installing Java SDK
    11. Installing Tomcat Manually
    12. Using Tomcat with Apache
    Lab Tasks
    1. CGI Scripts in Apache
    2. Apache's Tomcat
    3. Using Tomcat with Apache
    4. Installing Applications with Apache and Tomcat
  12. Implementing an FTP Server
    1. The FTP Protocol
    2. FTP Operation
    3. Active Mode FTP
    4. Passive Mode FTP
    5. WU-FTPD
    6. vsftpd
    7. Configuring vsftpd
    8. Anonymous FTP with vsftpd
    Lab Tasks
    1. Configuring vsftpd
  13. The Squid Proxy Server
    1. Squid Overview, File Layout, and Access Control Lists
    2. Applying Squid ACLs
    3. Tuning Squid / Hierarchies
    4. Bandwidth Metering
    5. Monitoring Squid
    6. Proxy Client Configuration
    Lab Tasks
    1. Installing and Configuring Squid
    2. Squid Cache Manager CGI
    3. Proxy Auto Configuration
    4. Configure a Squid Proxy Cluster
  14. Samba Concepts
    1. SMB Network Protocol
    2. NetBIOS and NetBEUI
    3. NetBIOS Naming
    4. Introducing Samba
    5. Samba Daemons, Clients, and Utilities
    6. Samba Configuration Files
    7. The smb.conf File
    Lab Tasks
    1. Basic Samba Configuration
  15. Using Samba
    1. Unis and DOS Permissions
    2. Unix and Windows Concepts
    3. Name and Case Mangling
    4. Sharing Home Directories
    5. Sharing Printers
    6. Restricting Access
    7. Share-Level Access
    8. User-Level Access
    9. Mapping Users
    10. SMB and Passwords
    11. The smbpasswd Database
    12. User Share Restrictions
    Lab Tasks
    1. Configuring Samba
    2. Samba Share-Level Access
    3. Samba User-Level Access
    4. Samba Home Directory Shares
    5. Samba Group Shares
  16. SMTP Theory
    1. SMTP
    2. SMTP Terminology, Architecture, Com­mands, and Extensions
    3. SMTP AUTH
    4. SMTP STARTTLS
    5. SMTP Session
  17. Sendmail
    1. Sendmail Features, Process, Architecture, Components, and Configuration
    2. Configuration Files
    3. Databases
    4. Text Files
    5. Network Access
    6. Masquerading Sendmail
    7. Controlling Access
    8. Configuring SMTP AUTH
    9. Configuring SMTP START TLS
    Lab Tasks
    1. Configuring Sendmail
    2. Sendmail Network Configuration
    3. Sendmail Virtual Host Configuration
    4. Sendmail SMTP AUTH Configuration
    5. Sendmail STARTTLS Configuration
  18. Postfix
    1. Postfix Features, Architecture, Compo­nents, and Configuration
    2. master.cf
    3. main.cf
    4. Postfix Map Types
    5. Postfix Pattern Matching
    6. Advanced Options
    7. Virtual Domains
    8. Mail Filtering
    9. Configuration and Management Com­mands
    10. Postfix Logging
    11. Log file Analysis
    12. chroot'ing Postfix
    13. Postfix and SMTP AUTH
    14. SMTP AUTH Server and Clients
    15. Postfix Extensions
    16. Postfix / TLS
    17. TLS Server Configuration
    18. Postfix Client Configuration
    19. Other TLS Clients
    20. Ensuring TLS Security
    Lab Tasks
    1. Configuring Postfix
    2. Postfix Network Configuration
    3. Postfix Virtual Host Configuration
    4. Postfix SMTP AUTH Configuration
    5. Postfix STARTTLS Configuration
  19. IMAP, POP, Spam Filtering & Web Mail
    1. Filtering Email
    2. procmail
    3. SpamAssassin
    4. Sendmail Mail Filter (milter)
    5. amavisd-new Mail Filtering
    6. Accessing Email
    7. The POP3 Protocol
    8. The IMAP4 Protocol
    9. Dovecot POP3/IMAP Server
    10. Cyrus IMAP/POP3 Server
    11. Cyrus IMAP MTA Integration
    12. Cyrus Mailbox Administration
    13. Fetchmail
    14. SquirrelMail
    Lab Tasks
    1. Configuring Procmail & SpamAssassin
    2. Configuring Cyrus IMAP
    3. Configuring SquirrelMail
 
Copyright (C) 2010, Enigma Logic Inc.