Linux Network Services
Learn about Linux from Instructors with Real World Expertise.
A 5 day intermediate course covering a wide range of network services with special attention paid to the concepts needed to implement these services securely and the troubleshooting skills necessary for real world administration.
Overview:
This is an expansive course that covers a wide range of network services useful to every organization. Special attention is paid to the concepts needed to implement these services securely, and to the trouble-shooting skills which will be necessary for real-world administration of these network services. Like all Guru Labs courses, the course material is designed to provide extensive hands-on experience. Topics include: Security with SELinux and Netfilter, DNS concepts and implementation with Bind; LDAP concepts and implementation using OpenLDAP; Web services with Apache; FTP with vsftpd; caching, filtering proxies with Squid; SMB/CIFS (Windows networking) with Samba; and e-mail concepts and implementation with Postfix combined with either Dovecot or Cyrus.
Target Audience:
- Architects
- System Administrators
- Developers
Structure: 50% theory 50% hands on lab exercises
Prerequisites: Students should already be comfortable with basic Linux or Unix administration. Fundamentals such as the Linux filesystem, process management, and how to edit files will not be covered in class. A good understanding of network concepts, the TCP/IP protocol suite is also assumed.These skills are taught in Linux Fundamentals and the Linux Systems Administration courses.
Duration: 5 days
Course Outline:
Securing Services
Overview:
- Xinetd
- Xinetd Connection Limiting and Access Control
- Xinetd: Resource limits, redirection, logging
- TCP Wrappers
- The /etc/hosts.allow & /etc/hosts.deny Files
- /etc/hosts.{allow,deny} Shortcuts
- Advanced TCP Wrappers
- FirewallD
- Netfilter: Stateful Packet Filter Firewall
- Netfilter Concepts
- Using the iptables Command
- Netfilter Rule Syntax
- Targets
- Common match_specs
- Connection Tracking
Lab Tasks
- Securing xinetd Services
- Enforcing Security Policy with xinetd
- Securing Services with TCP Wrappers
- Securing Services with Netfilter
- FirewallD
- Troubleshooting Practice
SELinux and LSM
Overview:
- SELinux Security Framework
- Choosing an SELinux Policy
- SELinux Commands
- SELinux Booleans
- SELinux Policy Tools
Lab Tasks:
- SELinux File Contexts
DNS Concepts
Overview:
- Naming Services
- DNS – A Better Way
- The Domain Name Space
- Delegation and Zones
- Server Roles
- Resolving Names
- Resolving IP Addresses
- Basic BIND Administration
- Configuring the Resolver
- Testing Resolution
Lab Tasks:
- Configuring a Slave Name Server
Configuring BIND
Overview:
- BIND Configuration Files
- Named.conf Syntax
- Named.conf Options Block
- Creating a Site-Wide Cache
- Rndc Key Configuration
- Zones In named.conf
- Zone Database File Syntax
- SOA – Start of Authority
- A, AAAA, & PTR – Address & Pointer Records
- NS – Name Server
- TXT, CNAME, & MX
- Text, Alias, & Mail Host
- SRV – SRV Service Records
- Abbreviations and Gotchas
- $GENERATE, $ORIGIN, and $INCLUDE
Lab Tasks:
- Using rndc to control named
- Configuring BIND zone files
Creating DNS Heirarchies
Overview:
- Subdomains and Delegation
- Subdomains
- Delegating Zones
- In-addr.arpa. Delegation
- Issues with in-addr.arpa
- RFC2317 & in-addr.arpa
Lab Tasks:
- Create a Subdomain in an Existing Domain
- Subdomain Delegation
Advanced Bind DNS Features
Overview:
- Address Match Lists & ACLs
- Split Namespace with Views
- Restricting Queries
- Restricting Zone Transfers
- Running BIND in a chroot
- Dynamic DNS Concepts
- Allowing Dynamic DNS Updates
- DDNS Administration with nsupdate
- Common Problems
- Common Problems
- Securing DNS With TSIG
Lab Tasks:
- Configuring Dynamic DNS
- Securing BIND DNS
Using Apache
Overview:
- HTTP Operation
- Apache Architecture
- Dynamic Shared Objects
- Adding Modules to Apache
- Apache Configuration Files
- Httpd.conf – Server Settings
- Httpd.conf – Main Configuration
- HTTP Virtual Servers
- Virtual Hosting DNS Implications
- Httpd.conf – VirtualHost Configuration
- Port and IP based Virtual Hosts
- Name -based Virtual Host
- Apache Logging
- Log Analysis
- The Webalizer
Lab Tasks:
- Apache Architecture
- Apache Content
- Configuring Virtual Hosts
Apache Server-Side Scripting Administration
Overview:
- Dynamic HTTP Content
- PHP: Hypertext Preprocessor
- Developer Tools for PHP
- Installing PHP
- Configuring PHP
- Securing PHP
- Security Related php.ini Configuration
- Java Servlets and JSP
- Apache’s Tomcat
- Installing Java SDK
- Installing Tomcat Manually
- Using Tomcat with Apache
Lab Tasks:
- CGI Scripts in Apache
- Apache’s Tomcat
- Using Tomcat with Apache
- Installing Applications with Apache and Tomcat
Implementing an FTP Server
Overview:
- The FTP Protocol
- Active Mode FTP
- Passive Mode FTP
- ProFTPD
- Pure-FTPd
- Vsftpd
- Configuring vsftpd
- Anonymous FTP with vsftpd
Lab Tasks:
- Configuring vsftpd
The Squid Proxy Server
Overview:
- Squid Overview
- Squid File Layout
- Squid Access Control Lists
- Applying Squid ACLs
- Tuning Squid & Configuring Cache Hierarchies
- Bandwidth Metering
- Monitoring Squid
- Proxy Client Configuration
Lab Tasks:
- Installing and Configuring Squid
- Squid Cache Manager CGI
- Proxy Auto Configuration
- Configure a Squid Proxy Cluster
LDAP Concepts and Clients
Overview:
- LDAP: History and Uses
- LDAP: Data Model Basics
- LDAP: Protocol Basics
- LDAP: Applications
- LDAP: Search Filters
- LDIF: LDAP Data Interchange Format
- OpenLDAP Client Tools
- Alternative LDAP Tools
Lab Tasks:
- Querying LDAP
OpenLDAP Servers
Overview:
- Popular LDAP Server Implementations
- OpenLDAP: Server Architecture
- OpenLDAP: Backends
- OpenLDAP: Replication
- Managing slapd
- OpenLDAP: Configuration Options
- OpenLDAP: Configuration Sections
- OpenLDAP: Global Parameters
- OpenLDAP: Database Parameters
- OpenLDAP Server Tools
- Native LDAP Authentication and Migration
- Enabling LDAP -based Login
- System Security Services Daemon (SSSD)
Lab Tasks:
- Building An OpenLDAP Server
- Enabling TLS For An OpenLDAP Server
- Enabling LDAP-based Logins
Samba Concepts and Configuration
Overview:
- Introducing Samba
- NetBIOS and NetBEUI
- Samba Daemons
- Accessing Windows/Samba Shares from Linux
- Samba Utilities
- Samba Configuration Files
- The smb.conf File
- Mapping Permissions and ACLs
- Mapping Linux Concepts
- Mapping Users
- Sharing Home Directories
- Sharing Printers
- Share Authentication
- Share -Level Access
- User -Level Access
- Samba Account Database
- User Share Restrictions
Lab Tasks:
- Samba Share -Level Access
- Samba User -Level Access
- Samba Group Shares
- Handling Symbolic Links with Samba
- Samba Home Directory Shares
SMTP Theory
Overview:
- SMTP
- SMTP Terminology
- SMTP Architecture
- SMTP Commands
- SMTP Extensions
- SMTP AUTH
- SMTP STARTTLS
- SMTP Session
Postfix
Overview:
- Postfix Features
- Postfix Architecture
- Postfix Components
- Postfix Configuration
- Master.cf
- Main.cf
- Postfix Map Types
- Postfix Pattern Matching
- Advanced Postfix Options
- Virtual Domains
- Postfix Mail Filtering
- Configuration Commands
- Management Commands
- Postfix Logging
- Logfile Analysis
- Postfix, Relaying and SMTP AUTH
- SMTP AUTH Server and Relay Control
- SMTP AUTH Clients
- Postfix / TLS
- TLS Server Configuration
- Postfix Client Configuration for TLS
- Other TLS Clients
- Ensuring TLS Security
Lab Tasks:
- Configuring Postfix
- Postfix Virtual Host Configuration
- Postfix Network Configuration
- Postfix SMTP AUTH Configuration
- Postfix STARTTLS Configuration
Mail Services & Retrieval
Overview:
- Filtering Email
- Procmail
- SpamAssassin
- Bogofilter
- Amavisd-new
- Mail Filtering
- Accessing Email
- The IMAP
- Protocol
- Dovecot POP3/IMAP Server
- Cyrus IMAP/POP3 Server
- Cyrus IMAP MTA Integration
- Cyrus Mailbox Administration
- Fetchmail
- SquirrelMail
- Mailing Lists
- GNU Mailman
- Mailman Configuration
Lab Tasks:
- Configuring Procmail & SpamAssassin
- Configuring Cyrus IMAP
- Dovecot TLS Configuration
- Configuring SquirrelMail
- Base Mailman Configuration
- Basic Mailing List
- Private Mailing List
Sendmail
Overview:
- Sendmail Architecture
- Sendmail Components
- Sendmail Configuration
- Sendmail Remote Configuration
- Controlling Access
- Sendmail Mail Filter (milter)
- Configuring Sendmail SMTP AUTH
- Configuring SMTP STARTTLS
Lab Tasks:
- Configuring Sendmail
- Sendmail Network Configuration
- Sendmail Virtual Host Configuration
- Sendmail SMTP AUTH Configuration
- Sendmail STARTTLS Configuration
NIS
Overview:
- NIS Overview
- NIS Limitations and Advantages
- NIS Client Configuration
- NIS Server Configuration
- NIS Troubleshooting Aids
Lab Tasks:
- Using NIS for Centralized User Accounts
- Configuring NIS
- NIS Slave Server
- NIS Failover
- Troubleshooting Practice: NIS