Enterprise Linux Network Services (GL275) H7092S This Is an Expansive Course Covering a Wide Range of Network H7092S HPE Course Number Services

Course data sheet

Enterprise Linux Network Services (GL275) H7092S This is an expansive course covering a wide range of network H7092S HPE course number services. Attention is paid to the concepts needed to Course length 5 days implement and troubleshoot the network services securely Delivery mode ILT, VILT and to provide extensive hands-on experience. Topics include View schedule, local View now pricing, and register security with SELinux and Netfilter, DNS concepts and View related courses View now implementation with Bind, LDAP concepts and implementation using OpenLDAP, web services with Apache, FTP with vsftpd, caching, filtering proxies with Squid, SMB/CIFS (Windows® networking) with Samba, and email concepts and implementation with Postfix combined with either Dovecot or Cyrus.

Audience Course objectives Why HPE Education Services? • IDC MarketScape leader 5 years running • New Linux system administrators At the conclusion of this course, you should be for IT education and training* able to: • Recognized by IDC for leading with global coverage, unmatched technical Prerequisites • Gain the knowledge and skills required to expertise, and targeted education setup, configure, and manage the most consulting services* • UNIX® Fundamentals (51434S) or popular network services available for • Key partnerships with industry leaders Red Hat and SUSE Linux systems OpenStack®, VMware®, Linux®, Microsoft®, • Linux Fundamentals (U8583S) and ITIL, PMI, CSA, and SUSE • Enterprise Linux Systems Administration • Complete continuum of training delivery (H7091S) Benefits to you options—self-paced eLearning, custom education consulting, traditional • Effectively use networking services and classroom, video on-demand instruction, security options live virtual instructor-led with hands-on Supported distributions lab, dedicated onsite training • Understand and configure services to your • Simplified purchase option with • Red Hat® Enterprise Linux 7 specific needs HPE Training Credits • SUSE Linux Enterprise 12 • Avoid unwanted emails by configuring mail services with spam filtering

*Realize Technology Value with Training, IDC Infographic 2037, Sponsored by HPE, Ocotber 2017 Course data sheet Page 2

Detailed course outline

Module 1: Securing services • Xinetd • FirewallD • Xinetd Connection limiting and access control • Netfilter: Stateful packet filter firewall • Xinetd: Resource limits, redirection, logging • Netfilter Concepts • TCP wrappers • Using the iptables command • The /etc/hosts.allow and /etc/hosts.deny files • Netfilter rule syntax • /etc/hosts.{allow,deny} shortcuts • Targets • Advanced TCP wrappers • Common match_specs • SUSE basic firewall configuration • Connection tracking

Lab Tasks • Securing xinetd Services • Securing Services with Netfilter • Enforcing Security Policy with xinetd • FirewallD • Securing Services with TCP Wrappers • Troubleshooting Practice • Securing Services with SUSEfirewall2

Module 2: SELinux and LSM • AppArmor • SELinux commands • SELinux security framework • SELinux Booleans • Choosing an SELinux policy • SELinux policy tools

Lab Tasks • Exploring AppArmor Modes • SELinux File Contexts

Module 3: DNS concepts • Naming Services • Resolving names • DNS—A better way • Resolving IP addresses • The domain name space • Basic BIND administration • Delegation and zones • Configuring the resolver • Server roles • Testing resolution

Lab Tasks • Configuring a Slave Name Server

Module 4: Configuring BIND • BIND configuration files • SOA—start of authority • named.conf Syntax • A, AAAA, and PTR—Address and pointer records • named.conf options block • NS—Name Server • Creating a site-wide cache • TXT, CNAME, and MX—text, alias, and mail host • rndc key configuration • SRV—SRV service records • Zones in named.conf • Abbreviations and gotchas • Zone database file Syntax • $GENERATE, $ORIGIN, and $INCLUDE

Lab Tasks • Use rndc to Control named • Configuring BIND Zone Files

Module 5: Creating DNS Hierarchies • Subdomains and delegation • in-addr.arpa. delegation • Subdomains • Issues with in-addr.arpa. • Delegating zones • RFC2317 and in-addr.arpa.

Lab Tasks • Create a Subdomain in an Existing Domain • Subdomain Delegation

Module 6: Advanced BIND DNS features • Address Match Lists and ACLs • Dynamic DNS concepts • Split namespace with views • Allowing dynamic DNS updates • Restricting Queries • DDNS administration with nsupdate • Restricting zone transfers • Common problems • Running BIND in a chroot • Securing DNS with TSIG

Lab Tasks • Configuring Dynamic DNS • Securing BIND DNS Course data sheet Page 3

Module 7: Using Apache • HTTP operation • Virtual hosting DNS implications • Apache architecture • httpd.conf-VirtualHost configuration • Dynamic shared objects • Port and IP based virtual hosts • Adding modules to Apache • Name-based virtual host • Apache configuration files • Apache logging • httpd.conf-Server settings • Log analysis • httpd.conf-Main configuration • The webalizer • HTTP Virtual servers

Lab Tasks • Apache Architecture • Configuring Virtual Hosts • Apache Content

Module 8: Apache security • Virtual hosting security implications • Symmetric encryption algorithms • Delegating administration • Asymmetric encryption algorithms • Directory protection • Digital certificates • Directory protection with AllowOverride • TLS using mod_ssl.so • Common uses for .htaccess

Lab Tasks • Using .htaccess Files • Use SNI and TLS with Virtual Hosts • Using TLS Certificates with Apache

Module 9: Apache server—side scripting • Dynamic HTTP content • Security related php.ini configuration administration • PHP: Hypertext preprocessor • Java servlets and JSP • Developer tools for PHP • Apache’s Tomcat • Installing PHP • Installing Java SDK • Configuring PHP • Installing Tomcat manually • Securing PHP • Using Tomcat with Apache

Lab Tasks • CGI Scripts in Apache • Using Tomcat with Apache • Apache's Tomcat • Installing Applications with Apache and Tomcat

Module 10: Implementing an FTP server • The FTP protocol • Pure-FTPd • Active mode FTP • vsftpd • Passive mode FTP • Configuring vsftpd • ProFTPD • Anonymous FTP with vsftpd

Lab Tasks • Configuring vsftpd

Module 11: The Squid Proxy server • Squid overview • Tuning Squid and configuring cache Hierarchies • Squid file layout • Bandwidth metering • Squid access control lists • Monitoring Squid • Applying Squid ACLs • Proxy client configuration

Lab Tasks • Installing and Configuring Squid • Proxy Auto Configuration • Squid Cache Manager CGI • Configure a Squid Proxy Cluster

Module 12: SQL fundamentals and MariaDB • Popular SQL databases • JOIN clauses • SELECT statements • MariaDB • INSERT statements • MariaDB installation and security • UPDATE statements • MariaDB user account management • DELETE statements • MariaDB replication

Lab Tasks • SQL with Sqlite3 • Creating a database in MariaDB • Installing and Securing MariaDB • Create a database backed application Course data sheet Page 4

Module 13: LDAP concepts and clients • LDAP: History and uses • LDAP: Search filters • LDAP: Data model basics • LDIF: LDAP data interchange format • LDAP: Protocol basics • OpenLDAP Client Tools • LDAP: Applications • Alternative LDAP tools

Lab Tasks • Querying LDAP

Module 14: OpenLDAP servers • Popular LDAP server implementations • OpenLDAP: Global parameters • OpenLDAP: Server architecture • OpenLDAP: Database parameters • OpenLDAP: Backends • OpenLDAP: Server tools • OpenLDAP: Replication • Native LDAP authentication and migration • Managing slapd • Enabling LDAP-based login • OpenLDAP: Configuration options • System Security Services Daemon (SSSD) • OpenLDAP: Configuration sections

Lab Tasks • Building An OpenLDAP Server • Enabling LDAP-based Logins • Enabling TLS For An OpenLDAP Server

Module 15: Samba concepts and configuration • Introducing Samba • Mapping users • NetBIOS and NetBEUI • Sharing home directories • Samba Daemons • Sharing printers • Accessing Windows/Samba shares from Linux • Share authentication • Samba utilities • Share-level access • Samba configuration files • User-level access • The smb.conf file • Samba account database • Mapping permissions and ACLs • User share restrictions • Mapping Linux concepts

Lab Tasks • Samba Share-Level Access • Handling Symbolic Links with Samba • Samba User-Level Access • Samba Home Directory Shares • Samba Group Shares

Module 16: SMTP theory • SMTP • SMTP extensions • SMTP terminology • SMTP AUTH • SMTP architecture • SMTP STARTTLS • SMTP commands • SMTP session

Module 17: Postfix • Postfix features • Management commands • Postfix architecture • Postfix logging • Postfix components • Logfile analysis • Postfix configuration • Postfix, relaying and SMTP AUTH • master.cf • SMTP AUTH server and Relay control • main.cf • SMTP AUTH clients • Postfix map types • Postfix/TLS • Postfix pattern matching • TLS server configuration • Advanced Postfix options • Postfix client configuration for TLS • Virtual domains • Other TLS clients • Postfix mail filtering • Ensuring TLS security • Configuration commands

Lab Tasks • Configuring Postfix • Postfix SMTP AUTH Configuration • Postfix Virtual Host Configuration • Postfix STARTTLS Configuration • Postfix Network Configuration • SUSE Postfix Configuration Cleanup Course data sheet

Module 18: Mail Services and Retrieval • Filtering Email • Cyrus IMAP/POP3 Server • Procmail • Cyrus IMAP MTA Integration • SpamAssassin • Cyrus Mailbox Administration • Bogofilter • Fetchmail • amavisd-new Mail Filtering • Roundcube Webmail • Accessing Email • Mailing Lists • The IMAP4 Protocol • GNU Mailman • Dovecot POP3/IMAP Server • Mailman Configuration

Lab Tasks • Configuring Procmail and SpamAssassin • Base Mailman Configuration • Configuring Cyrus IMAP • Basic Mailing List • Dovecot TLS Configuration • Private Mailing List • Configuring Roundcube

Appendix A—NIS • NIS Overview • NIS Server Configuration • NIS Limitations and Advantages • NIS Troubleshooting Aids • NIS Client Configuration

Lab Tasks • Using NIS for Centralized User Accounts • NIS Failover • Configuring NIS • Troubleshooting Practice: NIS • NIS Slave Server

Learn more at hpe.com/ww/learnlinux

© Copyright 2018 Hewlett Packard Enterprise Development LP. The information contained herein is subject to change without notice. The only warranties for Hewlett Packard Enterprise products and services are set forth in the express warranty statements accompanying such products and services. Nothing herein should be construed as constituting an additional warranty. Hewlett Packard Enterprise shall not be liable for technical or editorial errors or omissions contained herein. Microsoft is either a registered trademark or trademark of Microsoft Corporation in the United States and/or other countries. The OpenStack Word Mark is either a registered trademark/service mark or trademark/service mark of the OpenStack Foundation, in the United States and other countries and is used with the OpenStack Foundation’s permission. We are not affiliated with, endorsed or sponsored by the OpenStack Foundation or the OpenStack community. Pivotal and Cloud Foundry are trademarks and/or registered trademarks of Pivotal Software, Inc. in the United States and/or other countries. Linux is the registered trademark of Linus Torvalds in the U.S. and other countries. VMware is a registered trademark or trademark of VMware, Inc. in the United States and/or other jurisdictions.

H7092S M.02, October 2018