Linux Network Services Overview
Accelebrate's Linux Network Services course teaches students how to securely implement, troubleshoot, and manage network services.
NOTE: This class can be taught using the Linux distribution of your choice.
Location and Pricing
Accelebrate offers instructor-led enterprise training for groups of 3 or more online or at your site. Most Accelebrate classes can be flexibly scheduled for your group, including delivery in half-day segments across a week or set of weeks. To receive a customized proposal and price quote for private corporate training on-site or online, please contact us.
In addition, some Programming courses are available as live, online classes for individuals.
Objectives
- Secure services with SELinux and Netfilter
- Learn DNS concepts and implementation with Bind
- Understand LDAP concepts and implement using OpenLDAP
- Secure the Apache httpd web server
- FTP with vsftpd
- Cache and filter proxies with Squid
- Use SMB/CIFS (Windows networking) with Samba
- Learn e-mail concepts and implement with Postfix combined with either Dovecot or Cyrus
Prerequisites
All students should already be comfortable with basic Linux or UNIX administration and have a solid understanding of network concepts and the TCP/IP protocol suite.
Outline
Expand All | Collapse All
Introduction
Securing Services
- Xinetd
- Xinetd Connection Limiting and Access Control
- Xinetd: Resource limits, redirection, logging
- TCP Wrappers
- The /etc/hosts.allow & /etc/hosts.deny Files
- /etc/hosts.{allow,deny} Shortcuts
- Advanced TCP Wrappers
- Basic Firewall Activation
- Netfilter: Stateful Packet Filter Firewall
- Netfilter Concepts
- Using the iptables Command
- Netfilter Rule Syntax
- Targets
- Common match_specs
- Connection Tracking
- AppArmor
- SELinux Security Framework
- Choosing an SELinux Policy
- SELinux Commands
- SELinux Booleans
- Graphical SELinux Policy Tools
DNS Concepts
- Naming Services
- DNS - A Better Way
- The Domain Name Space
- Delegation and Zones
- Server Roles
- Resolving Names
- Resolving IP Addresses
- Basic BIND Administration
- Configuring the Resolver
- Testing Resolution
Configuring Bind
- BIND Configuration Files
- named.conf Syntax
- named.conf Options Block
- Creating a Site-Wide Cache
- rndc Key Configuration
- Zones In named.conf
- Zone Database File Syntax
- SOA - Start of Authority
- A & PTR - Address & Pointer Records
- NS - Name Server
- CNAME & MX - Alias & Mail Host
- Abbreviations and Gotchas
- $ORIGIN and $GENERATE
Creating DNS Hierarchies
- Subdomains and Delegation
- Subdomains
- Delegating Zones
- in-addr.arpa. Delegation
- Issues with in-addr.arpa.
- RFC2317 & in-addr.arpa.
Advanced Bind DNS Features
- Address Match Lists & ACLs
- Split Namespace with Views
- Restricting Queries
- Restricting Zone Transfers
- Running BIND in a chroot jail
- Dynamic DNS Concepts
- Allowing Dynamic DNS Updates
- DDNS Administration with nsupdate
- Common Problems
- Securing DNS with TSIG
LDAP Concepts and Clients
- LDAP: History and Uses
- LDAP: Data Model Basics
- LDAP: Protocol Basics
- LDAP: Applications
- LDAP: Search Filters
- LDIF: LDAP Data Interchange Format
- OpenLDAP Client Tools
- Alternative LDAP Tools
OpenLDAP Servers
- Popular LDAP Server Implementations
- OpenLDAP: Server Architecture
- OpenLDAP: Backends
- OpenLDAP: Replication
- OpenLDAP: Configuration Options
- OpenLDAP: Configuration Sections
- OpenLDAP: Global Parameters
- OpenLDAP: Database Parameters
- OpenLDAP Server Tools
- Enabling LDAP-based Login
- System Security Services Daemon (SSSD)
Using Apache
- HTTP Operation
- Apache Architecture
- Dynamic Shared Objects
- Adding Modules to Apache
- Apache Configuration Files
- httpd.conf - Server Settings
- httpd.conf - Main Configuration
- HTTP Virtual Servers
- Virtual Hosting DNS Implications
- httpd.conf - VirtualHost Configuration
- Port and IP based Virtual Hosts
- Name-based Virtual Host
- Apache Logging
- Log Analysis
- The Webalizer
Apache Security
- Virtual Hosting Security Implications
- Delegating Administration
- Directory Protection
- Directory Protection with AllowOverride
- Common Uses for .htaccess
- Symmetric Encryption Algorithms
- Asymmetric Encryption Algorithms
- Digital Certificates
- SSL Using mod_ssl.so
Apache Server-Side Scripting Administration
- Dynamic HTTP Content
- PHP: Hypertext Preprocessor
- Developer Tools for PHP
- Installing PHP
- Configuring PHP
- Securing PHP
- Security Related php.ini Configuration
- Java Servlets and JSP
- Apache's Tomcat
- Installing Java SDK
- Installing Tomcat Manually
- Using Tomcat with Apache
Implementing an FTP server
- The FTP Protocol
- Active Mode FTP
- Passive Mode FTP
- ProFTPD
- Pure-FTPd
- vsftpd
- Configuring vsftpd
- Anonymous FTP with vsftpd
The Squid Proxy Server
- Squid Overview
- Squid File Layout
- Squid Access Control Lists
- Applying Squid ACLs
- Tuning Squid & Configuring Cache Hierarchies
- Bandwidth Metering
- Monitoring Squid
- Proxy Client Configuration
Samba Concepts and Configuration
- Introducing Samba
- Samba Daemons
- NetBIOS and NetBEUI
- Accessing Windows/Samba Shares from Linux
- Samba Utilities
- Samba Configuration Files
- The smb.conf File
- Mapping Permissions and ACLs
- Mapping Linux Concepts
- Mapping Case Sensitivity
- Mapping Users
- Sharing Home Directories
- Sharing Printers
- Share Authentication
- Share-Level Access
- User-Level Access
- Samba Account Database
- User Share Restrictions
SMTP Theory
- SMTP
- SMTP Terminology
- SMTP Architecture
- SMTP Commands
- SMTP Extensions
- SMTP AUTH
- SMTP STARTTLS
- SMTP Session
POSTFIX
- Postfix Features
- Postfix Architecture
- Postfix Components
- Postfix Configuration
- master.cf
- main.cf
- Postfix Map Types
- Postfix Pattern Matching
- Advanced Postfix Options
- Virtual Domains
- Postfix Mail Filtering
- Configuration Commands
- Management Commands
- Postfix Logging
- Logfile Analysis
- chrooting Postfix
- Postfix, Relaying and SMTP AUTH
- SMTP AUTH Server and Relay Control
- SMTP AUTH Clients
- Postfix / TLS
- TLS Server Configuration
- Postfix Client Configuration for TLS
- Other TLS Clients
- Ensuring TLS Security
Mail Services and Retrieval
- Filtering Email
- Procmail
- SpamAssassin
- Bogofilter
- amavisd-new Mail Filtering
- Accessing Email
- The IMAP4 Protocol
- Dovecot POP3/IMAP Server
- Cyrus IMAP/POP3 Server
- Cyrus IMAP MTA Integration
- Cyrus Mailbox Administration
- Fetchmail
- SquirrelMail
Conclusion
Training Materials
All attendees receive comprehensive courseware.
Software Requirements
Attendees will not need to install any software on their computer for this class. The class will be conducted in a remote environment that Accelebrate will provide; students will only need a local computer with a web browser and a stable Internet connection. Any recent version of Microsoft Edge, Mozilla Firefox, or Google Chrome will be fine.
