Enterprise Linux Networking Services

Course: LNXNET

Duration: 5 Days

Level: II

Course Summary

Enterprise Linux Networking Services is an expansive course that covers a wide range of network services useful to every organization. Special attention is paid to the concepts needed to implement these services securely, and to the trouble-shooting skills which will be necessary for real-world administration of these network services. The course material is designed to provide extensive hands-on experience.

Topics include: Security with SELinux and Netfilter, DNS concepts and implementation with Bind; LDAP concepts and implementation using OpenLDAP; Web services with Apache; FTP with vsftpd; caching, filtering proxies with Squid; SMB/CIFS (Windows networking) with Samba; and e-mail concepts and implementation with Postfix combined with either Dovecot or Cyrus.

The course covers both RedHat and SuSE Enterprise distributions, and students can choose to use either distribution during hands-on sessions.

« Hide The Details

Topics Covered In This Course

Securing Services

Xinetd
Xinetd Connection Limiting and Access Control
Xinetd: Resource limits, redirection, logging
TCP Wrappers
The /etc/hosts.allow & /etc/hosts.deny Files
/etc/hosts.{allow,deny} Shortcuts
Advanced TCP Wrappers
Basic Firewall Activation
Netfilter: Stateful Packet Filter Firewall
Netfilter Concepts
Using the iptables Command
Netfilter Rule Syntax
Targets
Common match_specs
Connection Tracking
AppArmor
SELinux Security Framework
Choosing an SELinux Policy
SELinux Commands
SELinux Booleans
Graphical SELinux Policy Tools

DNS Concepts

Naming Services
DNS - A Better Way
The Domain Name Space
Delegation and Zones
Server Roles
Resolving Names
Resolving IP Addresses
Basic BIND Administration
Configuring the Resolver
Testing Resolution

Configuring BIND

BIND Configuration Files
named.conf Syntax
named.conf Options Block
Creating a Site-Wide Cache
rndc Key Configuration
Zones In named.conf
Zone Database File Syntax
SOA - Start of Authority
A & PTR - Address & Pointer Records
NS - Name Server
CNAME & MX - Alias & Mail Host
Abbreviations and Gotchas
$ORIGIN and $GENERATE

Creating DNS Hierarchies

Subdomains and Delegation
Subdomains
Delegating Zones
in-addr.arpa. Delegation
Issues with in-addr.arpa.
RFC2317 & in-addr.arpa.

Advanced BIND DNS Features

Address Match Lists & ACLs
Split Namespace with Views
Restricting Queries
Restricting Zone Transfers
Running BIND in a chroot jail
Dynamic DNS Concepts
Allowing Dynamic DNS Updates
DDNS Administration with nsupdate
Common Problems
Common Problems
Securing DNS With TSIG

LDAP Concepts and Clients

LDAP: History and Uses
LDAP: Data Model Basics
LDAP: Protocol Basics
LDAP: Applications
LDAP: Search Filters
LDIF: LDAP Data Interchange Format
OpenLDAP Client Tools
Alternative LDAP Tools

OpenLDAP Servers

Popular LDAP Server Implementations
OpenLDAP: Server Architecture
OpenLDAP: Backends
OpenLDAP: Replication
OpenLDAP: Configuration Options
OpenLDAP: Configuration Sections
OpenLDAP: Global Parameters
OpenLDAP: Database Parameters
OpenLDAP Server Tools
Enabling LDAP-based Login
System Security Services Daemon (SSSD)

Using Apache

HTTP Operation
Apache Architecture
Dynamic Shared Objects
Adding Modules to Apache
Apache Configuration Files
httpd.conf - Server Settings
httpd.conf - Main Configuration
HTTP Virtual Servers
Virtual Hosting DNS Implications
httpd.conf - VirtualHost Configuration
Port and IP based Virtual Hosts
Name-based Virtual Host
Apache Logging
Log Analysis
The Webalizer

Apache Security

Virtual Hosting Security Implications
Delegating Administration
Directory Protection
Directory Protection with AllowOverride
Common Uses for .htaccess
Symmetric Encryption Algorithms
Asymmetric Encryption Algorithms
Digital Certificates
SSL Using mod_ssl.so

Apache Server-Side Scripting Administration

Dynamic HTTP Content
PHP: Hypertext Preprocessor
Developer Tools for PHP
Installing PHP
Configuring PHP
Securing PHP
Security Related php.ini Configuration
Java Servlets and JSP
Apache's Tomcat
Installing Java SDK
Installing Tomcat Manually
Using Tomcat with Apache

Implementing an FTP Server

The FTP Protocol
Active Mode FTP
Passive Mode FTP
ProFTPD
Pure-FTPd
vsftpd
Configuring vsftpd
Anonymous FTP with vsftpd

The SQUID Proxy Server

Squid Overview
Squid File Layout
Squid Access Control Lists
Applying Squid ACLs
Tuning Squid & Configuring Cache Hierarchies
Bandwidth Metering
Monitoring Squid
Proxy Client Configuration

Samba Concepts and Configuration

Introducing Samba
Samba Daemons
NetBIOS and NetBEUI
Accessing Windows/Samba Shares from Linux
Samba Utilities
Samba Configuration Files
The smb.conf File
Mapping Permissions and ACLs
Mapping Linux Concepts
Mapping Case Sensitivity
Mapping Users
Sharing Home Directories
Sharing Printers
Share Authentication
Share-Level Access
User-Level Access
SMB and Passwords
Samba Account Database
User Share Restrictions

SMTP Theory

SMTP
SMTP Terminology
SMTP Architecture
SMTP Commands
SMTP Extensions
SMTP AUTH
SMTP STARTTLS
SMTP Session

Postfix

Postfix Features
Postfix Architecture
Postfix Components
Postfix Configuration
master.cf
main.cf
Postfix Map Types
Postfix Pattern Matching
Advanced Postfix Options
Virtual Domains
Postfix Mail Filtering
Configuration Commands
Management Commands
Postfix Logging
Logfile Analysis
chrooting Postfix
Postfix, Relaying and SMTP AUTH
SMTP AUTH Server
SMTP AUTH Clients
Postfix / TLS
TLS Server Configuration
Postfix Client Configuration for TLS
Other TLS Clients
Ensuring TLS Security

Mail Services and Retrieval

Filtering Email
Procmail
SpamAssassin
Bogofilter
amavisd-new Mail Filtering
Accessing Email
The IMAP4 Protocol
Dovecot POP3/IMAP Server
Cyrus IMAP/POP3 Server
Cyrus IMAP MTA Integration
Cyrus Mailbox Administration
Fetchmail
SquirrelMail
Mailing Lists
GNU Mailman
Mailman Configuration

?

Sendmail

Sendmail Architecture
Sendmail Components
Sendmail Configuration
Sendmail Remote Configuration
Controlling Access
Sendmail Mail Filter (milter)
Configuring Sendmail SMTP AUTH
Configuring SMTP STARTTLS

NIS

NIS Overview
NIS Limitations and Advantages
NIS Client Configuration
NIS Server Configuration
NIS Troubleshooting Aids

Recommended Prerequisites

Students should already be comfortable with basic Linux or Unix administration. Fundamentals such as the Linux filesystem, process management, and how to edit files will not be covered in class. A good understanding of network concepts and the TCP/IP protocol suite, as covered in our Linux Fundamentals or Enterprise Linux Administration courses, is also assumed.

Training Style

Combination of short lecture sessions and extensive hands-on practice.

« Hide The Details

Related Courses

Code	Course Title	Duration	Level
LNXADM	Enterprise Linux System Administration	5 Days	I	Details
LNXSEC	Linux Security	5 Days	II	Details
LNXFIX	Linux Troubleshooting Workshop	5 Days	III	Details
LNXA4UA	Linux System Administration for UNIX Administrators	5 Days	III	Details

Every student attending a Verhoef Training class will receive a certificate good for $100 toward their next public class taken within a year.

You can also buy "Verhoef Vouchers" to get a discounted rate for a single student in any of our public or web-based classes. Contact your account manager or our sales office for details.

Schedule For This Course
There are currently no public sessions scheduled for this course. We can schedule a private class for your organization just a couple of weeks from now. Or we can let you know the next time we do schedule a public session.

Notify me the next time this course is confirmed!

Can't find the course you want?
Call us at 800.533.3893, or
email us at [email protected]