KnowledgeStep: Enterprise Linux Network Services

Course GL275: Enterprise Linux Network Services

Return to Linux Administration Course List

Start Date End Date Price Location Register
No scheduled dates - call for info $  


















The GL275 is an expansive course that covers a wide range of network services useful to every organization. Special attention is paid to the concepts needed to implement these services securely, and to the trouble-shooting skills which will be necessary for real-world administration of these network services. Like all Guru Labs courses, the course material is designed to provide extensive hands-on experience. Topics include: Security with SELinux and Netfilter, DNS concepts and implementation with Bind; LDAP concepts and implementation using OpenLDAP; Web services with Apache; FTP with vsftpd; caching, filtering proxies with Squid; SMB/CIFS (Windows networking) with Samba; and e-mail concepts and implementation with Postfix combined with either Dovecot or Cyrus.

Prerequisites:

Students should already be comfortable with basic Linux or Unix administration. Fundamentals such as the Linux filesystem, process management, and how to edit files will not be covered in class. A good understanding of network concepts, the TCP/IP protocol suite is also assumed. These skills are taught in the GL120 "Linux Fundamentals" and GL250 "Enterprise Linux Systems Administration" courses.

Supported Distributions:
Red Hat Enterprise Linux 5 Update 4
Recommended Class Length:
5 days
Detailed Course Outline:
  • SECURITY CONCEPTS
    • Security Concepts
    • Tightening Default Security
    • Security Advisories
    • xinetd
    • Xinetd Configuration and Access Control
    • Xinetd Connection Limiting
    • Xinetd: Resource limits, redirection, logging
    • TCP Wrappers
    • The /etc/hosts.allow and /etc/hosts.deny Files
    • /etc/hosts.{allow,deny} Shortcuts
    • Advanced TCP Wrappers
    • Basic Firewall Activation
    • Netfilter: Stateful Packet Filter Firewall
    • Netfilter Concepts
    • Using the iptables Command
    • Netfilter Rule Syntax
    • Targets
    • Common match_specs
    • Connection Tracking
    Lab Tasks
    • Securing xinetd Services
    • Enforcing Security Policy with xinetd
    • Securing Services with TCP Wrappers
    • Securing Services with Netfilter
    • Troubleshooting Practice
  • SELINUX INTRODUCTION
    • SELinux Security Framework
    • Choosing an SELinux Policy
    • SELinux Commands
    • SELinux Booleans
    • Graphical SELinux Policy Tools
    Lab Tasks
    • SELinux File Contexts
  • DNS Concepts
    • Naming Services
    • DNS - A Better Way
    • The Domain Name Space
    • Delegation and Zones
    • Server Roles
    • Resolving Names
    • Resolving IP Addresses
    • BIND Administration
    • Configuring the Resolver
    • Testing Resolution
    Lab Tasks
    • Configuring a Slave Name Server
  • Configuring BIND
    • BIND Configuration Files
    • named.conf Syntax
    • named.conf Options Block
    • Creating a Site-Wide Cache
    • rndc Key Configuration
    • Zones In named.conf
    • Zone Database File Syntax
    • SOA - Start of Authority
    • A and PTR - Address and Pointer Records
    • NS - Name Server
    • CNAME and MX - Alias and Mail Host
    • Abbreviations and Gotchas
    • $ORIGIN and $GENERATE
    Lab Tasks
    • Configure rndc for Secure named Control
    • Configuring BIND Zone Files
  • Creating DNS Hierarchies
    • Subdomains and Delegation
    • Subdomains
    • Delegating Zones
    • in-addr.arpa. Delegation
    • Issues with in-addr.arpa.
    • RFC2317 and in-addr.arpa.
    Lab Tasks
    • Create a Subdomain in an Existing Domain
    • Subdomain Delegation
  • Securing BIND and DNS
    • Split Namespaces
    • Using Views with BIND 9
    • Address Match Lists & ACLs
    • Restricting Queries
    • Restricting Zone Transfers
    • Running BIND in a chroot jail
    • Dynamic DNS Concepts
    • Allowing Dynamic DNS Updates
    • DDNS Administration with nsupdate
    • Common Problems
    Lab Tasks
    • Configuring Dynamic DNS
    • Securing BIND DNS
  • LDAP Concepts and Clients
    • Centralized Authentication
    • Directory Services
    • LDAP
    • What LDAP Provides
    • LDAP Concepts
    • LDAP Organization
    • Schema
    • Entry Referencing
    • LDIF
    • LDAP Architecture
    • LDAP Implementations
    • LDAP Client Configuration
    • Querying LDAP Databases
    Lab Tasks
    • Querying an Existing LDAP Directory
  • OpenLDAP Servers
    • OpenLDAP Components
    • Configuring slapd
    • /etc/openldap/ldap.conf Global Parameters
    • Schema Definition
    • OpenLDAP Access Control
    • Backend Types
    • Backend Configuration
    • Database Configuration
    • Indexes
    • Replicas
    • LDAP Replica Configuration
    • OpenLDAP Configuration Syntax Check
    Lab Tasks
    • Configuring LDAP Directory Services
    • Modifying LDAP Directory Entries
  • Using OpenLDAP
    • Managing slapd
    • Online LDAP Data Manipulation
    • Offline LDAP Data Manipulation
    • Native LDAP Authentication and Migration
    • Native LDAP Client Config
    Lab Tasks
    • Configuring LDAP for Secure TLS Access
    • Configuring LDAP Clients and Servers for Directory Authentication
  • Using Apache
    • HTTP Operation
    • Apache History and Status
    • Apache Architecture
    • SSL/HTTPS and Apache
    • Apache Configuration Files
    • httpd.conf - Server Settings
    • httpd.conf - Main Configuration
    • httpd.conf - VirtualHost Configuration
    • Dynamic Shared Objects
    • Adding Modules to Apache
    • Apache Logging
    • Log Analysis
    • The Webalizer
    Lab Tasks
    • Configure Apache
    • Apache Content
  • Virtual Hosting with Apache
    • HTTP Virtual Servers
    • DNS Implications
    • Security Implications
    • IP-based Virtual Host
    • Name-based Virtual Host
    • Port-based Virtual Host
    Lab Tasks
    • Configuring Virtual Hosts
  • Apache Security
    • Delegating Administration
    • Directory Protection
    • Common Uses for .htaccess
    • Symmetric Encryption Algorithms
    • Asymmetric Encryption algorithms
    • Digital Certificates
    • SSL Using mod_ssl.so
    Lab Tasks
    • Using .htaccess Files
    • Using SSL Certificates with Apache
  • Apache Server-Side Scripting Administration
    • Dynamic HTTP Content
    • PHP: Hypertext Preprocessor
    • Developer Tools for PHP
    • Installing PHP
    • Configuring PHP
    • Securing PHP
    • Security Related php.ini Configuration
    • Java Servlets and JSP
    • Apache's Tomcat
    • Installing Java SDK
    • Installing Tomcat Manually
    • Using Tomcat with Apache
    Lab Tasks
    • CGI Scripts in Apache
    • Apache's Tomcat
    • Using Tomcat with Apache
    • Installing Applications with Apache and Tomcat
  • Implementing an FTP Server
    • The FTP Protocol
    • FTP Operation
    • Active Mode FTP
    • Passive Mode FTP
    • vsftpd
    • Configuring vsftpd
    • Anonymous FTP with vsftpd
    Lab Tasks
    • Configuring vsftpd
  • The Squid Proxy Server
    • Squid Overview
    • Squid File Layout
    • Squid Access Control Lists
    • Applying Squid ACLs
    • Tuning Squid and Configuring Cache Hierarchies
    • Bandwidth Metering
    • Monitoring Squid
    • Proxy Client Configuration
    Lab Tasks
    • Installing and Configuring Squid
    • Squid Cache Manager CGI
    • Proxy Auto Configuration
    • Configure a Squid Proxy Cluster
  • Samba Concepts and Configuration
    • Introducing Samba
    • Samba Daemons
    • NetBIOS and NetBEUI
    • Accessing Windows/Samba Shares from Linux
    • Samba Utilities
    • Samba Configuration Files
    • The smb.conf File
    • Unix and DOS Permissions
    • Unix and Windows Concepts
    • Name and Case Mangling
    • Sharing Home Directories
    • Sharing Printers
    • Share Authentication
    • Share-Level Access
    • User-Level Access
    • Mapping Users
    • SMB and Passwords
    • The smbpasswd Database
    • User Share Restrictions
    Lab Tasks
    • Samba Share-Level Access
    • Samba User-Level Access
    • Samba Group Shares
    • Configuring Samba
    • Samba Home Directory Shares
  • SMTP Theory
    • SMTP
    • SMTP Terminology
    • SMTP Architecture
    • SMTP Commands
    • SMTP Extensions
    • SMTP AUTH
    • SMTP STARTTLS
    • SMTP Session
  • Postfix
    • Postfix Features
    • Postfix Architecture
    • Postfix Components
    • Postfix Configuration
    • master.cf
    • main.cf
    • Postfix Map Types
    • Postfix Pattern Matching
    • Advanced Options
    • Virtual Domains
    • Postfix Mail Filtering
    • Configuration Commands
    • Management Commands
    • Postfix Logging
    • Log file Analysis
    • chrooting Postfix
    • Postfix and SMTP AUTH
    • SMTP AUTH Server
    • SMTP AUTH Clients
    • Postfix Extensions
    • Postfix / TLS
    • TLS Server Configuration
    • Postfix Client Configuration for TLS
    • Other TLS Clients
    • Ensuring TLS Security
    Lab Tasks
    • Configuring Postfix
    • Postfix Network Configuration
    • Postfix Virtual Host Configuration
    • Postfix SMTP AUTH Configuration
    • Postfix STARTTLS Configuration
  • MAIL SERVICES AND RETRIEVAL
    • Filtering Email
    • Procmail
    • SpamAssassin
    • Bogofilter
    • Sendmail Mail Filter (milter)
    • amavisd-new Mail Filtering
    • Accessing Email
    • The IMAP4 Protocol
    • Dovecot POP3/IMAP Server
    • Cyrus IMAP/POP3 Server
    • Cyrus IMAP MTA Integration
    • Cyrus Mailbox Administration
    • Fetchmail
    • SquirrelMail
    • Mailing Lists
    • GNU Mailman
    • Mailman Configuration
    Lab Tasks
    • Configuring Procmail & SpamAssassin
    • Configuring Cyrus IMAP
    • Configuring SquirrelMail
    • Base Mailman Configuration
    • Basic Mailing List
    • Private Mailing List
  • Sendmail
    • Sendmail Architecture
    • Sendmail Components
    • Sendmail Configuration
    • Databases
    • Sendmail Remote Configuration
    • Controlling Access
    • Configuring Sendmail SMTP AUTH
    • Configuring SMTP START TLS
    Lab Tasks
    • Configuring Sendmail
    • Sendmail Network Configuration
    • Sendmail Virtual Host Configuration
    • Sendmail SMTP AUTH Configuration
    • Sendmail STARTTLS Configuration
    • Testing TLS Encryption
  • INTERNETNEWS
    • News Overview
    • InterNetNews Overview
    • General INN Configuration
    • News Storage
    • News Feeds
    • News Readers
    • Moderating Newsgroups
    • Managing InterNetNews Server
    • Controlling the InterNetNews Server
    • Configuring TLS/SSL
    Lab Tasks
    • Configure Base INN Settings
    • Hide Newsgroups
    • Allow Post Access
    • Configure moderated newsgroup using cnfs
    • Feed news articles to remote news server