Course code Title Language Price # Unit Startdate Hour Enddate Location Signup
UN037 Linux Level 3 : Enterprise Linux Network Services English €1950.00 5 Day(s) 14-05-2018 09u00 18-05-2018 Kontich Subscribe
UN037 Linux Level 3 : Enterprise Linux Network Services on your request on your request Contact Us

Linux Level 3 : Enterprise Linux Network Services

Linux Level 3 : Enterprise Linux Network Services

Overview

Course code: 
UN037
Duration: 
5
Time Unit: 
Day(s)
Overview: 

This 5 day expansive course covers a wide range of network services useful to every organization. Special attention is paid to the concepts needed to implement these services securely, and to the trouble-shooting skills which will be necessary for real-world administration of these network services. The course material is designed to provide extensive hands-on experience. Topics include: Security with SELinux and Netfilter, DNS concepts and implementation with Bind; LDAP concepts and implementation using OpenLDAP; Web services with Apache; FTP with vsftpd; caching, filtering proxies with Squid; SMB/CIFS (Windows networking) with Samba; and e-mail concepts and implementation with Postfix combined with either Dovecot or Cyrus.

Topics

Topics: 

1. Securing Services
Xinetd
Xinetd Connection Limiting and Access Control
Xinetd: Resource limits, redirection, logging
TCP Wrappers
The /etc/hosts.allow & /etc/hosts.deny Files
/etc/hosts.{allow,deny} Shortcuts
Advanced TCP Wrappers
Basic Firewall Activation
Netfilter: Stateful Packet Filter Firewall
Netfilter Concepts
Using the iptables Command
Netfilter Rule Syntax
Targets
Common match_specs
Connection Tracking
AppArmor
SELinux Security Framework
Choosing an SELinux Policy
SELinux Commands
SELinux Booleans
Graphical SELinux Policy Tools

2. DNS Concepts
Naming Services
DNS - A Better Way
The Domain Name Space
Delegation and Zones
Server Roles
Resolving Names
Resolving IP Addresses
Basic BIND Administration
Configuring the Resolver
Testing Resolution

3. Configuring Bind
BIND Configuration Files
named.conf Syntax
named.conf Options Block
Creating a Site-Wide Cache
rndc Key Configuration
Zones In named.conf
Zone Database File Syntax
SOA - Start of Authority
A & PTR - Address & Pointer Records
NS - Name Server
CNAME & MX - Alias & Mail Host
Abbreviations and Gotchas
$ORIGIN and $GENERATE

4. Creating DNS Hierarchies
Subdomains and Delegation
Subdomains
Delegating Zones
in-addr.arpa. Delegation
Issues with in-addr.arpa.
RFC2317 & in-addr.arpa.

5. Advanced Bind DNS Features
Address Match Lists & ACLs
Split Namespace with Views
Restricting Queries
Restricting Zone Transfers
Running BIND in a chroot jail
Dynamic DNS Concepts
Allowing Dynamic DNS Updates
DDNS Administration with nsupdate
Common Problems
Common Problems
Securing DNS with TSIG

6. LDAP Concepts and Clients
LDAP: History and Uses
LDAP: Data Model Basics
LDAP: Protocol Basics
LDAP: Applications
LDAP: Search Filters
LDIF: LDAP Data Interchange Format
OpenLDAP Client Tools
Alternative LDAP Tools

7. OpenLDAP Servers
Popular LDAP Server Implementations
OpenLDAP: Server Architecture
OpenLDAP: Backends
OpenLDAP: Replication
OpenLDAP: Configuration Options
OpenLDAP: Configuration Sections
OpenLDAP: Global Parameters
OpenLDAP: Database Parameters
OpenLDAP Server Tools
Enabling LDAP-based Login
System Security Services Daemon (SSSD)

8. Using Apache
HTTP Operation
Apache Architecture
Dynamic Shared Objects
Adding Modules to Apache
Apache Configuration Files
httpd.conf - Server Settings
httpd.conf - Main Configuration
HTTP Virtual Servers
Virtual Hosting DNS Implications
httpd.conf - VirtualHost Configuration
Port and IP based Virtual Hosts
Name-based Virtual Host
Apache Logging
Log Analysis
The Webalizer

9. Apache Security
Virtual Hosting Security Implications
Delegating Administration
Directory Protection
Directory Protection with AllowOverride
Common Uses for .htaccess
Symmetric Encryption Algorithms
Asymmetric Encryption Algorithms
Digital Certificates
SSL Using mod_ssl.so

10. Apache Server-Side Scripting Administration
Dynamic HTTP Content
PHP: Hypertext Preprocessor
Developer Tools for PHP
Installing PHP
Configuring PHP
Securing PHP
Security Related php.ini Configuration
Java Servlets and JSP
Apache's Tomcat
Installing Java SDK
Installing Tomcat Manually
Using Tomcat with Apache

11. Implementing an FTP server
The FTP Protocol
Active Mode FTP
Passive Mode FTP
ProFTPD
Pure-FTPd
vsftpd
Configuring vsftpd
Anonymous FTP with vsftpd

12. The Squid Proxy Server
Squid Overview
Squid File Layout
Squid Access Control Lists
Applying Squid ACLs
Tuning Squid & Configuring Cache Hierarchies
Bandwidth Metering
Monitoring Squid
Proxy Client Configuration

13. Samba Concepts and Configuration
Introducing Samba
Samba Daemons
NetBIOS and NetBEUI
Accessing Windows/Samba Shares from Linux
Samba Utilities
Samba Configuration Files
The smb.conf File
Mapping Permissions and ACLs
Mapping Linux Concepts
Mapping Case Sensitivity
Mapping Users
Sharing Home Directories
Sharing Printers
Share Authentication
Share-Level Access
User-Level Access
Samba Account Database
User Share Restrictions

14. SMTP Theory
SMTP
SMTP Terminology
SMTP Architecture
SMTP Commands
SMTP Extensions
SMTP AUTH
SMTP STARTTLS
SMTP Session

15. POSTFIX
Postfix Features
Postfix Architecture
Postfix Components
Postfix Configuration
master.cf
main.cf
Postfix Map Types
Postfix Pattern Matching
Advanced Postfix Options
Virtual Domains
Postfix Mail Filtering
Configuration Commands
Management Commands
Postfix Logging
Logfile Analysis
chrooting Postfix
Postfix, Relaying and SMTP AUTH
SMTP AUTH Server and Relay Control
SMTP AUTH Clients
Postfix / TLS
TLS Server Configuration
Postfix Client Configuration for TLS
Other TLS Clients
Ensuring TLS Security

16. Mail Services and Retrieval
Filtering Email
Procmail
SpamAssassin
Bogofilter
amavisd-new Mail Filtering
Accessing Email
The IMAP4 Protocol
Dovecot POP3/IMAP Server
Cyrus IMAP/POP3 Server
Cyrus IMAP MTA Integration
Cyrus Mailbox Administration
Fetchmail
SquirrelMail
Mailing Lists
GNU Mailman
Mailman Configuration

Prerequisites

Prerequisites: 

Students should already be comfortable with basic Linux or UNIX administration, and have a good understanding of network concepts, the TCP/IP protocol suite is also assumed.

Audience

Audience: 

Experienced Linux system administrators needing to set up or manage secure, enterprise-level network servers.