Introduction to Linux Network Services Training

LNX-104 (5 Days)

Linux Network Services Overview

Accelebrate's Linux Network Services course teaches students how to securely implement, troubleshoot, and manage network services.

Location and Pricing

Most Accelebrate courses are taught as private, customized training for 3 or more attendees at our clients' sites worldwide. In addition, we offer live, private online classes for teams who may be in multiple locations or wish to save on travel costs. Please visit our client list for organizations for whom we have delivered onsite training. To receive a customized proposal and price quote for private on-site or online training, please contact us.

Linux Network Services Objectives

All students will:

Secure services with SELinux and Netfilter,
Learn DNS concepts and implementation with Bind
Understand LDAP concepts and implement using OpenLDAP
Secure the Apache httpd web server
FTP with vsftpd
Cache and filter proxies with Squid
Use SMB/CIFS (Windows networking) with Samba
Learn e-mail concepts and implement with Postfix combined with either Dovecot or Cyrus

Linux Network Services Outline

Expand All | Collapse All | Printer-Friendly

Introduction

Securing Services

Xinetd
Xinetd Connection Limiting and Access Control
Xinetd: Resource limits, redirection, logging
TCP Wrappers
The /etc/hosts.allow & /etc/hosts.deny Files
/etc/hosts.{allow,deny} Shortcuts
Advanced TCP Wrappers
Basic Firewall Activation
Netfilter: Stateful Packet Filter Firewall
Netfilter Concepts
Using the iptables Command
Netfilter Rule Syntax
Targets
Common match_specs
Connection Tracking
AppArmor
SELinux Security Framework
Choosing an SELinux Policy
SELinux Commands
SELinux Booleans
Graphical SELinux Policy Tools

DNS Concepts

Naming Services
DNS - A Better Way
The Domain Name Space
Delegation and Zones
Server Roles
Resolving Names
Resolving IP Addresses
Basic BIND Administration
Configuring the Resolver
Testing Resolution

Configuring Bind

BIND Configuration Files
named.conf Syntax
named.conf Options Block
Creating a Site-Wide Cache
rndc Key Configuration
Zones In named.conf
Zone Database File Syntax
SOA - Start of Authority
A & PTR - Address & Pointer Records
NS - Name Server
CNAME & MX - Alias & Mail Host
Abbreviations and Gotchas
$ORIGIN and $GENERATE

Creating DNS Hierarchies

Subdomains and Delegation
Subdomains
Delegating Zones
in-addr.arpa. Delegation
Issues with in-addr.arpa.
RFC2317 & in-addr.arpa.

Advanced Bind DNS Features

Address Match Lists & ACLs
Split Namespace with Views
Restricting Queries
Restricting Zone Transfers
Running BIND in a chroot jail
Dynamic DNS Concepts
Allowing Dynamic DNS Updates
DDNS Administration with nsupdate
Common Problems
Securing DNS with TSIG

LDAP Concepts and Clients

LDAP: History and Uses
LDAP: Data Model Basics
LDAP: Protocol Basics
LDAP: Applications
LDAP: Search Filters
LDIF: LDAP Data Interchange Format
OpenLDAP Client Tools
Alternative LDAP Tools

OpenLDAP Servers

Popular LDAP Server Implementations
OpenLDAP: Server Architecture
OpenLDAP: Backends
OpenLDAP: Replication
OpenLDAP: Configuration Options
OpenLDAP: Configuration Sections
OpenLDAP: Global Parameters
OpenLDAP: Database Parameters
OpenLDAP Server Tools
Enabling LDAP-based Login
System Security Services Daemon (SSSD)

Using Apache

HTTP Operation
Apache Architecture
Dynamic Shared Objects
Adding Modules to Apache
Apache Configuration Files
httpd.conf - Server Settings
httpd.conf - Main Configuration
HTTP Virtual Servers
Virtual Hosting DNS Implications
httpd.conf - VirtualHost Configuration
Port and IP based Virtual Hosts
Name-based Virtual Host
Apache Logging
Log Analysis
The Webalizer

Apache Security

Virtual Hosting Security Implications
Delegating Administration
Directory Protection
Directory Protection with AllowOverride
Common Uses for .htaccess
Symmetric Encryption Algorithms
Asymmetric Encryption Algorithms
Digital Certificates
SSL Using mod_ssl.so

Apache Server-Side Scripting Administration

Dynamic HTTP Content
PHP: Hypertext Preprocessor
Developer Tools for PHP
Installing PHP
Configuring PHP
Securing PHP
Security Related php.ini Configuration
Java Servlets and JSP
Apache's Tomcat
Installing Java SDK
Installing Tomcat Manually
Using Tomcat with Apache

Implementing an FTP server

The FTP Protocol
Active Mode FTP
Passive Mode FTP
ProFTPD
Pure-FTPd
vsftpd
Configuring vsftpd
Anonymous FTP with vsftpd

The Squid Proxy Server

Squid Overview
Squid File Layout
Squid Access Control Lists
Applying Squid ACLs
Tuning Squid & Configuring Cache Hierarchies
Bandwidth Metering
Monitoring Squid
Proxy Client Configuration

Samba Concepts and Configuration

Introducing Samba
Samba Daemons
NetBIOS and NetBEUI
Accessing Windows/Samba Shares from Linux
Samba Utilities
Samba Configuration Files
The smb.conf File
Mapping Permissions and ACLs
Mapping Linux Concepts
Mapping Case Sensitivity
Mapping Users
Sharing Home Directories
Sharing Printers
Share Authentication
Share-Level Access
User-Level Access
Samba Account Database
User Share Restrictions

SMTP Theory

SMTP
SMTP Terminology
SMTP Architecture
SMTP Commands
SMTP Extensions
SMTP AUTH
SMTP STARTTLS
SMTP Session

POSTFIX

Postfix Features
Postfix Architecture
Postfix Components
Postfix Configuration
master.cf
main.cf
Postfix Map Types
Postfix Pattern Matching
Advanced Postfix Options
Virtual Domains
Postfix Mail Filtering
Configuration Commands
Management Commands
Postfix Logging
Logfile Analysis
chrooting Postfix
Postfix, Relaying and SMTP AUTH
SMTP AUTH Server and Relay Control
SMTP AUTH Clients
Postfix / TLS
TLS Server Configuration
Postfix Client Configuration for TLS
Other TLS Clients
Ensuring TLS Security

Mail Services and Retrieval

Filtering Email
Procmail
SpamAssassin
Bogofilter
amavisd-new Mail Filtering
Accessing Email
The IMAP4 Protocol
Dovecot POP3/IMAP Server
Cyrus IMAP/POP3 Server
Cyrus IMAP MTA Integration
Cyrus Mailbox Administration
Fetchmail
SquirrelMail

Conclusion

40%

Lecture/Demo

60%

Lab

Course Number:

LNX-104

Duration:

5 Days

Prerequisites:

All students should already be comfortable with basic Linux or UNIX administration and have a solid understanding of network concepts and the TCP/IP protocol suite.

Training Materials:

All attendees receive comprehensive courseware and a related textbook.

Software Requirements:

Windows, Mac, or Linux PCs with at least 8 GB RAM
Accelebrate can provide a VirtualBox or VMware environment with all software needed for the class
- This class can be taught using the Linux distribution of your choice
Please contact us for further setup details

Alabama

Birmingham

Huntsville

Montgomery

Alaska

Anchorage

Arizona

Phoenix

Tucson

Arkansas

Fayetteville

Little Rock

California

Los Angeles

Oakland

Orange County

Sacramento

San Diego

San Francisco

San Jose

Colorado

Boulder

Colorado Springs

Denver

Connecticut

Hartford

Washington

Florida

Fort Lauderdale

Jacksonville

Miami

Orlando

Tampa

Georgia

Atlanta

Augusta

Savannah

Hawaii

Honolulu

Idaho

Boise

Illinois

Chicago

Indiana

Indianapolis

Iowa

Ceder Rapids

Des Moines

Kansas

Wichita

Kentucky

Lexington

Louisville

Louisiana

New Orleans

Maine

Portland

Maryland

Annapolis

Baltimore

Frederick

Hagerstown

Massachusetts

Boston

Cambridge

Springfield

Michigan

Ann Arbor

Detroit

Grand Rapids

Minnesota

Minneapolis

Saint Paul

Mississippi

Jackson

Missouri

Kansas City

St. Louis

Nebraska

Lincoln

Omaha

Nevada

Las Vegas

Reno

New Jersey

Princeton

New Mexico

Albuquerque

New York

Albany

Buffalo

New York City

White Plains

North Carolina

Charlotte

Durham

Raleigh

Ohio

Akron

Canton

Cincinnati

Cleveland

Columbus

Dayton

Oklahoma

Oklahoma City

Tulsa

Oregon

Portland

Pennsylvania

Philadelphia

Pittsburgh

Rhode Island

Providence

South Carolina

Charleston

Columbia

Greenville

Tennessee

Knoxville

Memphis

Nashville

Texas

Austin

Dallas

El Paso

Houston

San Antonio

Utah

Salt Lake City

Virginia

Alexandria

Arlington

Norfolk

Richmond

Washington

Seattle

Tacoma

West Virginia

Charleston

Wisconsin

Madison

Milwaukee

Alberta

Calgary

Edmonton

British Columbia

Vancouver

Manitoba

Winnipeg

Nova Scotia

Halifax

Ontario

Ottawa

Toronto

Quebec

Montreal

Puerto Rico

San Juan