Linux Network Services Overview
Accelebrate's Linux Network Services course teaches students how to securely implement, troubleshoot, and manage network services.
Location and Pricing
Accelebrate offers instructor-led enterprise training for groups of 3 or more online or at your site. Most Accelebrate classes can be flexibly scheduled for your group, including delivery in half-day segments across a week or set of weeks. To receive a customized proposal and price quote for private corporate training on-site or online, please contact us.
In addition, some courses are available as live, online classes for individuals.
See a schedule of online courses.
Objectives
- Secure services with SELinux and Netfilter,
- Learn DNS concepts and implementation with Bind
- Understand LDAP concepts and implement using OpenLDAP
- Secure the Apache httpd web server
- FTP with vsftpd
- Cache and filter proxies with Squid
- Use SMB/CIFS (Windows networking) with Samba
- Learn e-mail concepts and implement with Postfix combined with either Dovecot or Cyrus
Prerequisites
All students should already be comfortable with basic Linux or UNIX administration and have a solid understanding of network concepts and the TCP/IP protocol suite.
Outline
Expand All | Collapse All
Introduction
Securing Services
- Xinetd
- Xinetd Connection Limiting and Access Control
- Xinetd: Resource limits, redirection, logging
- TCP Wrappers
- The /etc/hosts.allow & /etc/hosts.deny Files
- /etc/hosts.{allow,deny} Shortcuts
- Advanced TCP Wrappers
- Basic Firewall Activation
- Netfilter: Stateful Packet Filter Firewall
- Netfilter Concepts
- Using the iptables Command
- Netfilter Rule Syntax
- Targets
- Common match_specs
- Connection Tracking
- AppArmor
- SELinux Security Framework
- Choosing an SELinux Policy
- SELinux Commands
- SELinux Booleans
- Graphical SELinux Policy Tools
DNS Concepts
- Naming Services
- DNS - A Better Way
- The Domain Name Space
- Delegation and Zones
- Server Roles
- Resolving Names
- Resolving IP Addresses
- Basic BIND Administration
- Configuring the Resolver
- Testing Resolution
Configuring Bind
- BIND Configuration Files
- named.conf Syntax
- named.conf Options Block
- Creating a Site-Wide Cache
- rndc Key Configuration
- Zones In named.conf
- Zone Database File Syntax
- SOA - Start of Authority
- A & PTR - Address & Pointer Records
- NS - Name Server
- CNAME & MX - Alias & Mail Host
- Abbreviations and Gotchas
- $ORIGIN and $GENERATE
Creating DNS Hierarchies
- Subdomains and Delegation
- Subdomains
- Delegating Zones
- in-addr.arpa. Delegation
- Issues with in-addr.arpa.
- RFC2317 & in-addr.arpa.
Advanced Bind DNS Features
- Address Match Lists & ACLs
- Split Namespace with Views
- Restricting Queries
- Restricting Zone Transfers
- Running BIND in a chroot jail
- Dynamic DNS Concepts
- Allowing Dynamic DNS Updates
- DDNS Administration with nsupdate
- Common Problems
- Securing DNS with TSIG
LDAP Concepts and Clients
- LDAP: History and Uses
- LDAP: Data Model Basics
- LDAP: Protocol Basics
- LDAP: Applications
- LDAP: Search Filters
- LDIF: LDAP Data Interchange Format
- OpenLDAP Client Tools
- Alternative LDAP Tools
OpenLDAP Servers
- Popular LDAP Server Implementations
- OpenLDAP: Server Architecture
- OpenLDAP: Backends
- OpenLDAP: Replication
- OpenLDAP: Configuration Options
- OpenLDAP: Configuration Sections
- OpenLDAP: Global Parameters
- OpenLDAP: Database Parameters
- OpenLDAP Server Tools
- Enabling LDAP-based Login
- System Security Services Daemon (SSSD)
Using Apache
- HTTP Operation
- Apache Architecture
- Dynamic Shared Objects
- Adding Modules to Apache
- Apache Configuration Files
- httpd.conf - Server Settings
- httpd.conf - Main Configuration
- HTTP Virtual Servers
- Virtual Hosting DNS Implications
- httpd.conf - VirtualHost Configuration
- Port and IP based Virtual Hosts
- Name-based Virtual Host
- Apache Logging
- Log Analysis
- The Webalizer
Apache Security
- Virtual Hosting Security Implications
- Delegating Administration
- Directory Protection
- Directory Protection with AllowOverride
- Common Uses for .htaccess
- Symmetric Encryption Algorithms
- Asymmetric Encryption Algorithms
- Digital Certificates
- SSL Using mod_ssl.so
Apache Server-Side Scripting Administration
- Dynamic HTTP Content
- PHP: Hypertext Preprocessor
- Developer Tools for PHP
- Installing PHP
- Configuring PHP
- Securing PHP
- Security Related php.ini Configuration
- Java Servlets and JSP
- Apache's Tomcat
- Installing Java SDK
- Installing Tomcat Manually
- Using Tomcat with Apache
Implementing an FTP server
- The FTP Protocol
- Active Mode FTP
- Passive Mode FTP
- ProFTPD
- Pure-FTPd
- vsftpd
- Configuring vsftpd
- Anonymous FTP with vsftpd
The Squid Proxy Server
- Squid Overview
- Squid File Layout
- Squid Access Control Lists
- Applying Squid ACLs
- Tuning Squid & Configuring Cache Hierarchies
- Bandwidth Metering
- Monitoring Squid
- Proxy Client Configuration
Samba Concepts and Configuration
- Introducing Samba
- Samba Daemons
- NetBIOS and NetBEUI
- Accessing Windows/Samba Shares from Linux
- Samba Utilities
- Samba Configuration Files
- The smb.conf File
- Mapping Permissions and ACLs
- Mapping Linux Concepts
- Mapping Case Sensitivity
- Mapping Users
- Sharing Home Directories
- Sharing Printers
- Share Authentication
- Share-Level Access
- User-Level Access
- Samba Account Database
- User Share Restrictions
SMTP Theory
- SMTP
- SMTP Terminology
- SMTP Architecture
- SMTP Commands
- SMTP Extensions
- SMTP AUTH
- SMTP STARTTLS
- SMTP Session
POSTFIX
- Postfix Features
- Postfix Architecture
- Postfix Components
- Postfix Configuration
- master.cf
- main.cf
- Postfix Map Types
- Postfix Pattern Matching
- Advanced Postfix Options
- Virtual Domains
- Postfix Mail Filtering
- Configuration Commands
- Management Commands
- Postfix Logging
- Logfile Analysis
- chrooting Postfix
- Postfix, Relaying and SMTP AUTH
- SMTP AUTH Server and Relay Control
- SMTP AUTH Clients
- Postfix / TLS
- TLS Server Configuration
- Postfix Client Configuration for TLS
- Other TLS Clients
- Ensuring TLS Security
Mail Services and Retrieval
- Filtering Email
- Procmail
- SpamAssassin
- Bogofilter
- amavisd-new Mail Filtering
- Accessing Email
- The IMAP4 Protocol
- Dovecot POP3/IMAP Server
- Cyrus IMAP/POP3 Server
- Cyrus IMAP MTA Integration
- Cyrus Mailbox Administration
- Fetchmail
- SquirrelMail
Conclusion
Training Materials:
All attendees receive comprehensive courseware and a related textbook.
Software Requirements:
- Windows, Mac, or Linux PCs with at least 8 GB RAM
- Accelebrate can provide a VirtualBox or VMware environment with all software needed for the class
- This class can be taught using the Linux distribution of your choice
- Please contact us for further setup details