Red Hat Linux Training

Linux Network Services

Learn about Linux from Instructors with Real World Expertise.

This 5 day course is an expansive course that covers a wide range of network services useful to every organisation.

Overview:

This is an expansive course that covers a wide range of network services useful to every organization. Special attention is paid to the concepts needed to implement these services securely, and to the trouble-shooting skills which will be necessary for real-world administration of these network services. Like all Guru Labs courses, the course material is designed to provide extensive hands-on experience. Topics include: Security with SELinux and Netfilter, DNS concepts and implementation with Bind; LDAP concepts and implementation using OpenLDAP; Web services with Apache; FTP with vsftpd; caching, filtering proxies with Squid; SMB/CIFS (Windows networking) with Samba; and e-mail concepts and implementation with Postfix combined with either Dovecot or Cyrus.

Target Audience:

  • Architects
  • System Administrators
  • Developers

Structure: 50% theory 50% hands on lab exercises

Prerequisites: Students should already be comfortable with basic Linux or Unix administration. Fundamentals such as the Linux filesystem, process management, and how to edit files will not be covered in class. A good understanding of network concepts, the TCP/IP protocol suite is also assumed.These skills are taught in Linux Fundamentals and the Linux Systems Administration courses.

Duration: 5 days

Course Outline:

Securing Services

Overview:

  • Xinetd
  • Xinetd Connection Limiting and Access Control
  • Xinetd: Resource limits, redirection, logging
  • TCP Wrappers
  • The /etc/hosts.allow & /etc/hosts.deny Files
  • /etc/hosts.{allow,deny} Shortcuts
  • Advanced TCP Wrappers
  • FirewallD
  • Netfilter: Stateful Packet Filter Firewall
  • Netfilter Concepts
  • Using the iptables Command
  • Netfilter Rule Syntax
  • Targets
  • Common match_specs
  • Connection Tracking

Lab Tasks

  • Securing xinetd Services
  • Enforcing Security Policy with xinetd
  • Securing Services with TCP Wrappers
  • Securing Services with Netfilter
  • FirewallD
  • Troubleshooting Practice

SELinux and LSM

Overview:

  • SELinux Security Framework
  • Choosing an SELinux Policy
  • SELinux Commands
  • SELinux Booleans
  • SELinux Policy Tools

Lab Tasks:

  • SELinux File Contexts

DNS Concepts

Overview:

  • Naming Services
  • DNS – A Better Way
  • The Domain Name Space
  • Delegation and Zones
  • Server Roles
  • Resolving Names
  • Resolving IP Addresses
  • Basic BIND Administration
  • Configuring the Resolver
  • Testing Resolution

Lab Tasks:

  • Configuring a Slave Name Server

Configuring BIND

Overview:

  • BIND Configuration Files
  • Named.conf Syntax
  • Named.conf Options Block
  • Creating a Site-Wide Cache
  • Rndc Key Configuration
  • Zones In named.conf
  • Zone Database File Syntax
  • SOA – Start of Authority
  • A, AAAA, & PTR – Address & Pointer Records
  • NS – Name Server
  • TXT, CNAME, & MX
  • Text, Alias, & Mail Host
  • SRV – SRV Service Records
  • Abbreviations and Gotchas
  • $GENERATE, $ORIGIN, and $INCLUDE

Lab Tasks:

  • Using rndc to control named
  • Configuring BIND zone files

Creating DNS Heirarchies

Overview:

  • Subdomains and Delegation
  • Subdomains
  • Delegating Zones
  • In-addr.arpa. Delegation
  • Issues with in-addr.arpa
  • RFC2317 & in-addr.arpa

Lab Tasks:

  • Create a Subdomain in an Existing Domain
  • Subdomain Delegation

Advanced Bind DNS Features

Overview:

  • Address Match Lists & ACLs
  • Split Namespace with Views
  • Restricting Queries
  • Restricting Zone Transfers
  • Running BIND in a chroot
  • Dynamic DNS Concepts
  • Allowing Dynamic DNS Updates
  • DDNS Administration with nsupdate
  • Common Problems
  • Common Problems
  • Securing DNS With TSIG

Lab Tasks:

  • Configuring Dynamic DNS
  • Securing BIND DNS

Using Apache

Overview:

  • HTTP Operation
  • Apache Architecture
  • Dynamic Shared Objects
  • Adding Modules to Apache
  • Apache Configuration Files
  • Httpd.conf – Server Settings
  • Httpd.conf – Main Configuration
  • HTTP Virtual Servers
  • Virtual Hosting DNS Implications
  • Httpd.conf – VirtualHost Configuration
  • Port and IP based Virtual Hosts
  • Name -based Virtual Host
  • Apache Logging
  • Log Analysis
  • The Webalizer

Lab Tasks:

  • Apache Architecture
  • Apache Content
  • Configuring Virtual Hosts

Apache Server-Side Scripting Administration

Overview:

  • Dynamic HTTP Content
  • PHP: Hypertext Preprocessor
  • Developer Tools for PHP
  • Installing PHP
  • Configuring PHP
  • Securing PHP
  • Security Related php.ini Configuration
  • Java Servlets and JSP
  • Apache’s Tomcat
  • Installing Java SDK
  • Installing Tomcat Manually
  • Using Tomcat with Apache

Lab Tasks:

  • CGI Scripts in Apache
  • Apache’s Tomcat
  • Using Tomcat with Apache
  • Installing Applications with Apache and Tomcat

Implementing an FTP Server

Overview:

  • The FTP Protocol
  • Active Mode FTP
  • Passive Mode FTP
  • ProFTPD
  • Pure-FTPd
  • Vsftpd
  • Configuring vsftpd
  • Anonymous FTP with vsftpd

Lab Tasks:

  • Configuring vsftpd

The Squid Proxy Server

Overview:

  • Squid Overview
  • Squid File Layout
  • Squid Access Control Lists
  • Applying Squid ACLs
  • Tuning Squid & Configuring Cache Hierarchies
  • Bandwidth Metering
  • Monitoring Squid
  • Proxy Client Configuration

Lab Tasks:

  • Installing and Configuring Squid
  • Squid Cache Manager CGI
  • Proxy Auto Configuration
  • Configure a Squid Proxy Cluster

LDAP Concepts and Clients

Overview:

  • LDAP: History and Uses
  • LDAP: Data Model Basics
  • LDAP: Protocol Basics
  • LDAP: Applications
  • LDAP: Search Filters
  • LDIF: LDAP Data Interchange Format
  • OpenLDAP Client Tools
  • Alternative LDAP Tools

Lab Tasks:

  • Querying LDAP

OpenLDAP Servers

Overview:

  • Popular LDAP Server Implementations
  • OpenLDAP: Server Architecture
  • OpenLDAP: Backends
  • OpenLDAP: Replication
  • Managing slapd
  • OpenLDAP: Configuration Options
  • OpenLDAP: Configuration Sections
  • OpenLDAP: Global Parameters
  • OpenLDAP: Database Parameters
  • OpenLDAP Server Tools
  • Native LDAP Authentication and Migration
  • Enabling LDAP -based Login
  • System Security Services Daemon (SSSD)

Lab Tasks:

  • Building An OpenLDAP Server
  • Enabling TLS For An OpenLDAP Server
  • Enabling LDAP-based Logins

Samba Concepts and Configuration

Overview:

  • Introducing Samba
  • NetBIOS and NetBEUI
  • Samba Daemons
  • Accessing Windows/Samba Shares from Linux
  • Samba Utilities
  • Samba Configuration Files
  • The smb.conf File
  • Mapping Permissions and ACLs
  • Mapping Linux Concepts
  • Mapping Users
  • Sharing Home Directories
  • Sharing Printers
  • Share Authentication
  • Share -Level Access
  • User -Level Access
  • Samba Account Database
  • User Share Restrictions

Lab Tasks:

  • Samba Share -Level Access
  • Samba User -Level Access
  • Samba Group Shares
  • Handling Symbolic Links with Samba
  • Samba Home Directory Shares

SMTP Theory

Overview:

  • SMTP
  • SMTP Terminology
  • SMTP Architecture
  • SMTP Commands
  • SMTP Extensions
  • SMTP AUTH
  • SMTP STARTTLS
  • SMTP Session

Postfix

Overview:

  • Postfix Features
  • Postfix Architecture
  • Postfix Components
  • Postfix Configuration
  • Master.cf
  • Main.cf
  • Postfix Map Types
  • Postfix Pattern Matching
  • Advanced Postfix Options
  • Virtual Domains
  • Postfix Mail Filtering
  • Configuration Commands
  • Management Commands
  • Postfix Logging
  • Logfile Analysis
  • Postfix, Relaying and SMTP AUTH
  • SMTP AUTH Server and Relay Control
  • SMTP AUTH Clients
  • Postfix / TLS
  • TLS Server Configuration
  • Postfix Client Configuration for TLS
  • Other TLS Clients
  • Ensuring TLS Security

Lab Tasks:

  • Configuring Postfix
  • Postfix Virtual Host Configuration
  • Postfix Network Configuration
  • Postfix SMTP AUTH Configuration
  • Postfix STARTTLS Configuration

Mail Services & Retrieval

Overview:

  • Filtering Email
  • Procmail
  • SpamAssassin
  • Bogofilter
  • Amavisd-new
  • Mail Filtering
  • Accessing Email
  • The IMAP
  • Protocol
  • Dovecot POP3/IMAP Server
  • Cyrus IMAP/POP3 Server
  • Cyrus IMAP MTA Integration
  • Cyrus Mailbox Administration
  • Fetchmail
  • SquirrelMail
  • Mailing Lists
  • GNU Mailman
  • Mailman Configuration

Lab Tasks:

  • Configuring Procmail & SpamAssassin
  • Configuring Cyrus IMAP
  • Dovecot TLS Configuration
  • Configuring SquirrelMail
  • Base Mailman Configuration
  • Basic Mailing List
  • Private Mailing List

Sendmail

Overview:

  • Sendmail Architecture
  • Sendmail Components
  • Sendmail Configuration
  • Sendmail Remote Configuration
  • Controlling Access
  • Sendmail Mail Filter (milter)
  • Configuring Sendmail SMTP AUTH
  • Configuring SMTP STARTTLS

Lab Tasks:

  • Configuring Sendmail
  • Sendmail Network Configuration
  • Sendmail Virtual Host Configuration
  • Sendmail SMTP AUTH Configuration
  • Sendmail STARTTLS Configuration

NIS

Overview:

  • NIS Overview
  • NIS Limitations and Advantages
  • NIS Client Configuration
  • NIS Server Configuration
  • NIS Troubleshooting Aids

Lab Tasks:

  • Using NIS for Centralized User Accounts
  • Configuring NIS
  • NIS Slave Server
  • NIS Failover
  • Troubleshooting Practice: NIS

Looking for something else? View all courses

Start Learning

Learn from Instructors with Real World Expertise