Enterprise Linux Networking Services

Course:  LNXNET
Duration:  5 Days
Level:  II
Course Summary

Enterprise Linux Networking Services is an expansive course that covers a wide range of network services useful to every organization. Special attention is paid to the concepts needed to implement these services securely, and to the trouble-shooting skills which will be necessary for real-world administration of these network services. The course material is designed to provide extensive hands-on experience.

Topics include: Security with SELinux and Netfilter, DNS concepts and implementation with Bind; LDAP concepts and implementation using OpenLDAP; Web services with Apache; FTP with vsftpd; caching, filtering proxies with Squid; SMB/CIFS (Windows networking) with Samba; and e-mail concepts and implementation with Postfix combined with either Dovecot or Cyrus.

The course covers both RedHat and SuSE Enterprise distributions, and students can choose to use either distribution during hands-on sessions.

« Hide The Details
Topics Covered In This Course

Securing Services

  • Xinetd
  • Xinetd Connection Limiting and Access Control
  • Xinetd: Resource limits, redirection, logging
  • TCP Wrappers
  • The /etc/hosts.allow & /etc/hosts.deny Files
  • /etc/hosts.{allow,deny} Shortcuts
  • Advanced TCP Wrappers
  • Basic Firewall Activation
  • Netfilter: Stateful Packet Filter Firewall
  • Netfilter Concepts
  • Using the iptables Command
  • Netfilter Rule Syntax
  • Targets
  • Common match_specs
  • Connection Tracking
  • AppArmor
  • SELinux Security Framework
  • Choosing an SELinux Policy
  • SELinux Commands
  • SELinux Booleans
  • Graphical SELinux Policy Tools

DNS Concepts

  • Naming Services
  • DNS - A Better Way
  • The Domain Name Space
  • Delegation and Zones
  • Server Roles
  • Resolving Names
  • Resolving IP Addresses
  • Basic BIND Administration
  • Configuring the Resolver
  • Testing Resolution

Configuring BIND

  • BIND Configuration Files
  • named.conf Syntax
  • named.conf Options Block
  • Creating a Site-Wide Cache
  • rndc Key Configuration
  • Zones In named.conf
  • Zone Database File Syntax
  • SOA - Start of Authority
  • A & PTR - Address & Pointer Records
  • NS - Name Server
  • CNAME & MX - Alias & Mail Host
  • Abbreviations and Gotchas
  • $ORIGIN and $GENERATE

Creating DNS Hierarchies

  • Subdomains and Delegation
  • Subdomains
  • Delegating Zones
  • in-addr.arpa. Delegation
  • Issues with in-addr.arpa.
  • RFC2317 & in-addr.arpa.

Advanced BIND DNS Features

  • Address Match Lists & ACLs
  • Split Namespace with Views
  • Restricting Queries
  • Restricting Zone Transfers
  • Running BIND in a chroot jail
  • Dynamic DNS Concepts
  • Allowing Dynamic DNS Updates
  • DDNS Administration with nsupdate
  • Common Problems
  • Common Problems
  • Securing DNS With TSIG

LDAP Concepts and Clients

  • LDAP: History and Uses
  • LDAP: Data Model Basics
  • LDAP: Protocol Basics
  • LDAP: Applications
  • LDAP: Search Filters
  • LDIF: LDAP Data Interchange Format
  • OpenLDAP Client Tools
  • Alternative LDAP Tools

OpenLDAP Servers

  • Popular LDAP Server Implementations
  • OpenLDAP: Server Architecture
  • OpenLDAP: Backends
  • OpenLDAP: Replication
  • OpenLDAP: Configuration Options
  • OpenLDAP: Configuration Sections
  • OpenLDAP: Global Parameters
  • OpenLDAP: Database Parameters
  • OpenLDAP Server Tools
  • Enabling LDAP-based Login
  • System Security Services Daemon (SSSD)

Using Apache

  • HTTP Operation
  • Apache Architecture
  • Dynamic Shared Objects
  • Adding Modules to Apache
  • Apache Configuration Files
  • httpd.conf - Server Settings
  • httpd.conf - Main Configuration
  • HTTP Virtual Servers
  • Virtual Hosting DNS Implications
  • httpd.conf - VirtualHost Configuration
  • Port and IP based Virtual Hosts
  • Name-based Virtual Host
  • Apache Logging
  • Log Analysis
  • The Webalizer

Apache Security

  • Virtual Hosting Security Implications
  • Delegating Administration
  • Directory Protection
  • Directory Protection with AllowOverride
  • Common Uses for .htaccess
  • Symmetric Encryption Algorithms
  • Asymmetric Encryption Algorithms
  • Digital Certificates
  • SSL Using mod_ssl.so

Apache Server-Side Scripting Administration

  • Dynamic HTTP Content
  • PHP: Hypertext Preprocessor
  • Developer Tools for PHP
  • Installing PHP
  • Configuring PHP
  • Securing PHP
  • Security Related php.ini Configuration
  • Java Servlets and JSP
  • Apache's Tomcat
  • Installing Java SDK
  • Installing Tomcat Manually
  • Using Tomcat with Apache

Implementing an FTP Server

  • The FTP Protocol
  • Active Mode FTP
  • Passive Mode FTP
  • ProFTPD
  • Pure-FTPd
  • vsftpd
  • Configuring vsftpd
  • Anonymous FTP with vsftpd

The SQUID Proxy Server

  • Squid Overview
  • Squid File Layout
  • Squid Access Control Lists
  • Applying Squid ACLs
  • Tuning Squid & Configuring Cache Hierarchies
  • Bandwidth Metering
  • Monitoring Squid
  • Proxy Client Configuration

Samba Concepts and Configuration

  • Introducing Samba
  • Samba Daemons
  • NetBIOS and NetBEUI
  • Accessing Windows/Samba Shares from Linux
  • Samba Utilities
  • Samba Configuration Files
  • The smb.conf File
  • Mapping Permissions and ACLs
  • Mapping Linux Concepts
  • Mapping Case Sensitivity
  • Mapping Users
  • Sharing Home Directories
  • Sharing Printers
  • Share Authentication
  • Share-Level Access
  • User-Level Access
  • SMB and Passwords
  • Samba Account Database
  • User Share Restrictions

SMTP Theory

  • SMTP
  • SMTP Terminology
  • SMTP Architecture
  • SMTP Commands
  • SMTP Extensions
  • SMTP AUTH
  • SMTP STARTTLS
  • SMTP Session

Postfix

  • Postfix Features
  • Postfix Architecture
  • Postfix Components
  • Postfix Configuration
  • master.cf
  • main.cf
  • Postfix Map Types
  • Postfix Pattern Matching
  • Advanced Postfix Options
  • Virtual Domains
  • Postfix Mail Filtering
  • Configuration Commands
  • Management Commands
  • Postfix Logging
  • Logfile Analysis
  • chrooting Postfix
  • Postfix, Relaying and SMTP AUTH
  • SMTP AUTH Server
  • SMTP AUTH Clients
  • Postfix / TLS
  • TLS Server Configuration
  • Postfix Client Configuration for TLS
  • Other TLS Clients
  • Ensuring TLS Security

Mail Services and Retrieval

  • Filtering Email
  • Procmail
  • SpamAssassin
  • Bogofilter
  • amavisd-new Mail Filtering
  • Accessing Email
  • The IMAP4 Protocol
  • Dovecot POP3/IMAP Server
  • Cyrus IMAP/POP3 Server
  • Cyrus IMAP MTA Integration
  • Cyrus Mailbox Administration
  • Fetchmail
  • SquirrelMail
  • Mailing Lists
  • GNU Mailman
  • Mailman Configuration

?

Sendmail

  • Sendmail Architecture
  • Sendmail Components
  • Sendmail Configuration
  • Sendmail Remote Configuration
  • Controlling Access
  • Sendmail Mail Filter (milter)
  • Configuring Sendmail SMTP AUTH
  • Configuring SMTP STARTTLS

NIS

  • NIS Overview
  • NIS Limitations and Advantages
  • NIS Client Configuration
  • NIS Server Configuration
  • NIS Troubleshooting Aids
Recommended Prerequisites

Students should already be comfortable with basic Linux or Unix administration. Fundamentals such as the Linux filesystem, process management, and how to edit files will not be covered in class. A good understanding of network concepts and the TCP/IP protocol suite, as covered in our Linux Fundamentals or Enterprise Linux Administration courses, is also assumed.

Training Style

Combination of short lecture sessions and extensive hands-on practice.

« Hide The Details
Related Courses
Code Course Title Duration Level
LNXADM
Enterprise Linux System Administration
5 Days
I
Details
LNXSEC
Linux Security
5 Days
II
Details
LNXFIX
Linux Troubleshooting Workshop
5 Days
III
Details
LNXA4UA
Linux System Administration for UNIX Administrators
5 Days
III
Details

Every student attending a Verhoef Training class will receive a certificate good for $100 toward their next public class taken within a year.

You can also buy "Verhoef Vouchers" to get a discounted rate for a single student in any of our public or web-based classes. Contact your account manager or our sales office for details.

Schedule For This Course
There are currently no public sessions scheduled for this course. We can schedule a private class for your organization just a couple of weeks from now. Or we can let you know the next time we do schedule a public session.
Notify me the next time this course is confirmed!
Can't find the course you want?
Call us at 800.533.3893, or
email us at [email protected]