651-905-3729 Microsoft Silver Learning Partner EC Counsel Reseller compTIA Authorized Partner

Enterprise Linux Networking Services

5 Days

Description

This is an expansive course that covers a wide range of network services useful to every organization. Special attention is paid to the concepts needed to implement these services securely, and to the trouble-shooting skills which will be necessary for real-world administration of these network services. The course material is designed to provide extensive hands-on experience. Topics include: Security with SELinux and Netfilter, DNS concepts and implementation with Bind; LDAP concepts and implementation using OpenLDAP; Web services with Apache; FTP with vsftpd; caching, filtering proxies with Squid; SMB/CIFS (Windows networking) with Samba; and e-mail concepts and implementation with Postfix combined with either Dovecot or Cyrus.

Current Version: A01

Supported Distributions:

  • Red Hat Enterprise Linux 8

    SUSE Linux Enterprise 15

 

No Upcoming Public Classes

There are currently no public events available for this course. However, you can submit a request for a new date and we will try our best to get you into a Enterprise Linux Networking Services class.

Private Training Available
No date scheduled, don’t see a date that works for you or looking for a private training event, please call 651-905-3729 or submit a request for further information here.
request a private session or new date

Course Overview

  • 1.  Securing Services
    1. Xinetd
    2. Xinetd Connection Limiting and Access Control
    3. Xinetd: Resource limits, redirection, logging
    4. TCP Wrappers
    5. The /etc/hosts.allow & /etc/hosts.deny Files
    6. /etc/hosts.{allow,deny} Shortcuts
    7. Advanced TCP Wrappers
    8. FirewallD
    9. Netfilter: Stateful Packet Filter Firewall
    10. Netfilter Concepts
    11. Using the iptables Command
    12. Netfilter Rule Syntax
    13. Targets
    14. Common match_specs
    15. Connection Tracking
  • Lab Tasks
    1. Securing xinetd Services
    2. Enforcing Security Policy with xinetd
    3. Securing Services with Netfilter
    4. FirewallD
    5. Troubleshooting Practice
  • 2.  SELinux and LSM
    1. AppArmor
    2. SELinux Security Framework
    3. Choosing an SELinux Policy
    4. SELinux Commands
    5. SELinux Booleans
    6. SELinux Policy Tools
  • Lab Tasks
    1. Exploring AppArmor Modes
    2. SELinux File Contexts
  • 3.  DNS Concepts
    1. Naming Services
    2. DNS A Better Way
    3. The Domain Name Space
    4. Delegation and Zones
    5. Server Roles
    6. Resolving Names
    7. Resolving IP Addresses
    8. Basic BIND Administration
    9. Configuring the Resolver
    10. Testing Resolution
  • Lab Tasks
    1. Configuring a Slave Name Server
  • 4.  Configuring BIND
    1. BIND Configuration Files
    2. named.conf Syntax
    3. named.conf Options Block
    4. Creating a Site-Wide Cache
    5. rndc Key Configuration
    6. Zones In named.conf
    7. Zone Database File Syntax
    8. SOA  Start of Authority
    9. A, AAAA, & PTR  Address & Pointer Records
    10. NS  Name Server
    11. TXT, CNAME, & MX Text, Alias, & Mail Host
    12. SRV  SRV Service Records
    13. Abbreviations and Gotchas
    14. $GENERATE, $ORIGIN, and $INCLUDE
  • Lab Tasks
    1. Use rndc to Control named
    2. Configuring BIND Zone Files
  • 5.  Creating DNS Hierarchies
    1. Subdomains and Delegation
    2. Subdomains
    3. Delegating Zones
    4. in-addr.arpa. Delegation
    5. Issues with in-addr.arpa.
    6. RFC2317 & in-addr.arpa.
  • Lab Tasks
    1. Create a Subdomain in an Existing Domain
    2. Subdomain Delegation
  • 6.  Advanced BIND DNS Features
    1. Address Match Lists & ACLs
    2. Split Namespace with Views
    3. Restricting Queries
    4. Restricting Zone Transfers
    5. Running BIND in a chroot
    6. Dynamic DNS Concepts
    7. Allowing Dynamic DNS Updates
    8. DDNS Administration with nsupdate
    9. Common Problems
    10. Common Problems
    11. Securing DNS With TSIG
  • Lab Tasks
    1. Configuring Dynamic DNS
    2. Securing BIND DNS
  • 7.  Using Apache
    1. HTTP Operation
    2. Apache Architecture
    3. Dynamic Shared Objects
    4. Adding Modules to Apache
    5. Apache Configuration Files
    6. httpd.conf  Server Settings
    7. httpd.conf  Main Configuration
    8. HTTP Virtual Servers
    9. Virtual Hosting DNS Implications
    10. httpd.conf VirtualHost Configuration
    11. Port and IP based Virtual Hosts
    12. Name-based Virtual Host
    13. Apache Logging
    14. Log Analysis
    15. The Webalizer
  • Lab Tasks
    1. Apache Architecture
    2. Apache Content
    3. Configuring Virtual Hosts
  • 8.  Apache Security
    1. Virtual Hosting Security Implications
    2. Delegating Administration
    3. Directory Protection
    4. Directory Protection with AllowOverride
    5. Common Uses for .htaccess
    6. Symmetric Encryption Algorithms
    7. Asymmetric Encryption Algorithms
    8. Digital Certificates
    9. TLS Using mod_ssl.so
  • Lab Tasks
    1. Using .htaccess Files
    2. Using TLS Certificates with Apache
    3. Use SNI and TLS with Virtual Hosts
  • 9.  Apache Server-Side Scripting Administration
    1. Dynamic HTTP Content
    2. PHP: Hypertext Preprocessor
    3. Developer Tools for PHP
    4. Installing PHP
    5. Configuring PHP
    6. Securing PHP
    7. Security Related php.ini Configuration
    8. Java Servlets and JSP
    9. Apache's Tomcat
    10. Installing Java SDK
    11. Installing Tomcat Manually
    12. Using Tomcat with Apache
  • Lab Tasks
    1. CGI Scripts in Apache
    2. Apache's Tomcat
    3. Using Tomcat with Apache
    4. Installing Applications with Apache and Tomcat
  • 10.  Implementing an FTP Server Lab Tasks
    1. The FTP Protocol
    2. Active Mode FTP
    3. Passive Mode FTP
    4. ProFTPD
    5. Pure-FTPd
    6. vsftpd
    7. Configuring vsftpd
    8. Anonymous FTP with vsftpd
  • Lab Tasks
    1. Configuring vsftpd
  • 11.  The Squid Proxy Server
    1. Squid Overview
    2. Squid File Layout
    3. Squid Access Control Lists
    4. Applying Squid ACLs
    5. Tuning Squid & Configuring Cache Hierarchies
    6. Bandwidth Metering
    7. Monitoring Squid
    8. Proxy Client Configuration
  • Lab Tasks
    1. Installing and Configuring Squid
    2. Squid Cache Manager CGI
    3. Proxy Auto Configuration
    4. Configure a Squid Proxy Cluster
  • 12.  SQL Fundamentals and MariaDB
    1. Popular SQL Databases
    2. SELECT Statements
    3. INSERT Statements
    4. UPDATE Statements
    5. DELETE Statements
    6. JOIN Clauses
    7. MariaDB
    8. MariaDB Installation and Security
    9. MariaDB User Account Management
    10. MariaDB Replication
  • Lab Tasks
    1. SQL with Sqlite3
    2. Installing and Securing MariaDB
    3. Creating a Database in MariaDB
    4. Create a Database Backed Application
  • 13.  LDAP Concepts and Clients
    1. LDAP: History and Uses
    2. LDAP: Data Model Basics
    3. LDAP: Protocol Basics
    4. LDAP: Applications
    5. LDAP: Search Filters
    6. LDIF: LDAP Data Interchange Format
    7. OpenLDAP Client Tools
    8. Alternative LDAP Tools
  • Lab Tasks
    1. Querying LDAP
  • 14.  OpenLDAP Servers
    1. Popular LDAP Server Implementations
    2. OpenLDAP: Server Architecture
    3. OpenLDAP: Backends
    4. OpenLDAP: Replication
    5. Managing slapd
    6. OpenLDAP: Configuration Options
    7. OpenLDAP: Configuration Sections
    8. OpenLDAP: Global Parameters
    9. OpenLDAP: Database Parameters
    10. OpenLDAP Server Tools
    11. Native LDAP Authentication and Migration
    12. Enabling LDAP-based Login
    13. System Security Services Daemon (SSSD)
  • Lab Tasks
    1. Building An OpenLDAP Server
    2. Enabling TLS For An OpenLDAP Server
    3. Enabling LDAP-based Logins
  • 15.  Samba Concepts and Configuration
    1. Introducing Samba
    2. NetBIOS and NetBEUI
    3. Samba Daemons
    4. Accessing Windows/Samba Shares from Linux
    5. Samba Utilities
    6. Samba Configuration Files
    7. The smb.conf File
    8. Mapping Permissions and ACLs
    9. Mapping Linux Concepts
    10. Mapping Users
    11. Sharing Home Directories
    12. Sharing Printers
    13. Share Authentication
    14. Share-Level Access
    15. User-Level Access
    16. Samba Account Database
    17. User Share Restrictions
  • Lab Tasks
    1. Samba Share-Level Access
    2. Samba User-Level Access
    3. Samba Group Shares
    4. Handling Symbolic Links with Samba
    5. Samba Home Directory Shares
  • 16.  SMTP Theory
    1. SMTP
    2. SMTP Terminology
    3. SMTP Architecture
    4. SMTP Commands
    5. SMTP Extensions
    6. SMTP AUTH
    7. SMTP STARTTLS
    8. SMTP Session
  • 17.  Postfix
    1. Postfix Features
    2. Postfix Architecture
    3. Postfix Components
    4. Postfix Configuration
    5. master.cf
    6. main.cf
    7. Postfix Map Types
    8. Postfix Pattern Matching
    9. Advanced Postfix Options
    10. Virtual Domains
    11. Postfix Mail Filtering
    12. Configuration Commands
    13. Management Commands
    14. Postfix Logging
    15. Logfile Analysis
    16. Postfix, Relaying and SMTP AUTH
    17. SMTP AUTH Server and Relay Control
    18. SMTP AUTH Clients
    19. Postfix / TLS
    20. TLS Server Configuration
    21. Postfix Client Configuration for TLS
    22. Other TLS Clients
    23. Ensuring TLS Security
  • Lab Tasks
    1. Configuring Postfix
    2. Postfix Virtual Host Configuration
    3. Postfix Network Configuration
    4. Postfix SMTP AUTH Configuration
    5. Postfix STARTTLS Configuration
    6. SUSE Postfix Configuration Cleanup
  • 18.  Mail Services and Retrieval
    1. Filtering Email
    2. Procmail
    3. SpamAssassin
    4. Bogofilter
    5. amavisd-new Mail Filtering
    6. Accessing Email
    7. The IMAP4 Protocol
    8. Dovecot POP3/IMAP Server
    9. Cyrus IMAP/POP3 Server
    10. Cyrus IMAP MTA Integration
    11. Cyrus Mailbox Administration
    12. Fetchmail
    13. Roundcube Webmail
    14. Mailing Lists
    15. GNU Mailman
    16. Mailman Configuration
  • Lab Tasks
    1. Configuring Procmail & SpamAssassin
    2. Configuring Cyrus IMAP
    3. Dovecot TLS Configuration
    4. Configuring Roundcube
    5. Base Mailman Configuration
    6. Basic Mailing List
    7. Private Mailing List
  • A.  NIS
    1. NIS Overview
    2. NIS Limitations and Advantages
    3. NIS Client Configuration
    4. NIS Server Configuration
    5. NIS Troubleshooting Aids
  • Lab Tasks
    1. Using NIS for Centralized User Accounts
    2. Configuring NIS
    3. NIS Slave Server
    4. NIS Failover
    5. Troubleshooting Practice: NIS

No Upcoming Public Classes

There are currently no public events available for this course. However, you can submit a request for a new date and we will try our best to get you into a Enterprise Linux Networking Services class.

Private Training Available
No date scheduled, don’t see a date that works for you or looking for a private training event, please call 651-905-3729 or submit a request for further information here.
request a private session or new date

Prerequisites

Students should already be comfortable with basic Linux or Unix administration. Fundamentals such as the Linux filesystem, process management, and how to edit files will not be covered in class. A good understanding of network concepts, the TCP/IP protocol suite is also assumed. These skills are taught in the KT-12000 "Linux-Unix Fundamentals" and KT-5001 "Enterprise Linux System Administration" courses.

No Upcoming Public Classes

There are currently no public events available for this course. However, you can submit a request for a new date and we will try our best to get you into a Enterprise Linux Networking Services class.

Private Training Available
No date scheduled, don’t see a date that works for you or looking for a private training event, please call 651-905-3729 or submit a request for further information here.
request a private session or new date