Enterprise Linux Network Services (GL275) H7092S This Is an Expansive Course Covering a Wide Range of Network H7092S HPE Course Number Services
Total Page:16
File Type:pdf, Size:1020Kb
Course data sheet Enterprise Linux Network Services (GL275) H7092S This is an expansive course covering a wide range of network H7092S HPE course number services. Attention is paid to the concepts needed to Course length 5 days implement and troubleshoot the network services securely Delivery mode ILT, VILT and to provide extensive hands-on experience. Topics include View schedule, local View now pricing, and register security with SELinux and Netfilter, DNS concepts and View related courses View now implementation with Bind, LDAP concepts and implementation using OpenLDAP, web services with Apache, FTP with vsftpd, caching, filtering proxies with Squid, SMB/CIFS (Windows® networking) with Samba, and email concepts and implementation with Postfix combined with either Dovecot or Cyrus. Audience Course objectives Why HPE Education Services? • IDC MarketScape leader 5 years running • New Linux system administrators At the conclusion of this course, you should be for IT education and training* able to: • Recognized by IDC for leading with global coverage, unmatched technical Prerequisites • Gain the knowledge and skills required to expertise, and targeted education setup, configure, and manage the most consulting services* • UNIX® Fundamentals (51434S) or popular network services available for • Key partnerships with industry leaders Red Hat and SUSE Linux systems OpenStack®, VMware®, Linux®, Microsoft®, • Linux Fundamentals (U8583S) and ITIL, PMI, CSA, and SUSE • Enterprise Linux Systems Administration • Complete continuum of training delivery (H7091S) Benefits to you options—self-paced eLearning, custom education consulting, traditional • Effectively use networking services and classroom, video on-demand instruction, security options live virtual instructor-led with hands-on Supported distributions lab, dedicated onsite training • Understand and configure services to your • Simplified purchase option with • Red Hat® Enterprise Linux 7 specific needs HPE Training Credits • SUSE Linux Enterprise 12 • Avoid unwanted emails by configuring mail services with spam filtering *Realize Technology Value with Training, IDC Infographic 2037, Sponsored by HPE, Ocotber 2017 Course data sheet Page 2 Detailed course outline Module 1: Securing services • Xinetd • FirewallD • Xinetd Connection limiting and access control • Netfilter: Stateful packet filter firewall • Xinetd: Resource limits, redirection, logging • Netfilter Concepts • TCP wrappers • Using the iptables command • The /etc/hosts.allow and /etc/hosts.deny files • Netfilter rule syntax • /etc/hosts.{allow,deny} shortcuts • Targets • Advanced TCP wrappers • Common match_specs • SUSE basic firewall configuration • Connection tracking Lab Tasks • Securing xinetd Services • Securing Services with Netfilter • Enforcing Security Policy with xinetd • FirewallD • Securing Services with TCP Wrappers • Troubleshooting Practice • Securing Services with SUSEfirewall2 Module 2: SELinux and LSM • AppArmor • SELinux commands • SELinux security framework • SELinux Booleans • Choosing an SELinux policy • SELinux policy tools Lab Tasks • Exploring AppArmor Modes • SELinux File Contexts Module 3: DNS concepts • Naming Services • Resolving names • DNS—A better way • Resolving IP addresses • The domain name space • Basic BIND administration • Delegation and zones • Configuring the resolver • Server roles • Testing resolution Lab Tasks • Configuring a Slave Name Server Module 4: Configuring BIND • BIND configuration files • SOA—start of authority • named.conf Syntax • A, AAAA, and PTR—Address and pointer records • named.conf options block • NS—Name Server • Creating a site-wide cache • TXT, CNAME, and MX—text, alias, and mail host • rndc key configuration • SRV—SRV service records • Zones in named.conf • Abbreviations and gotchas • Zone database file Syntax • $GENERATE, $ORIGIN, and $INCLUDE Lab Tasks • Use rndc to Control named • Configuring BIND Zone Files Module 5: Creating DNS Hierarchies • Subdomains and delegation • in-addr.arpa. delegation • Subdomains • Issues with in-addr.arpa. • Delegating zones • RFC2317 and in-addr.arpa. Lab Tasks • Create a Subdomain in an Existing Domain • Subdomain Delegation Module 6: Advanced BIND DNS features • Address Match Lists and ACLs • Dynamic DNS concepts • Split namespace with views • Allowing dynamic DNS updates • Restricting Queries • DDNS administration with nsupdate • Restricting zone transfers • Common problems • Running BIND in a chroot • Securing DNS with TSIG Lab Tasks • Configuring Dynamic DNS • Securing BIND DNS Course data sheet Page 3 Module 7: Using Apache • HTTP operation • Virtual hosting DNS implications • Apache architecture • httpd.conf-VirtualHost configuration • Dynamic shared objects • Port and IP based virtual hosts • Adding modules to Apache • Name-based virtual host • Apache configuration files • Apache logging • httpd.conf-Server settings • Log analysis • httpd.conf-Main configuration • The webalizer • HTTP Virtual servers Lab Tasks • Apache Architecture • Configuring Virtual Hosts • Apache Content Module 8: Apache security • Virtual hosting security implications • Symmetric encryption algorithms • Delegating administration • Asymmetric encryption algorithms • Directory protection • Digital certificates • Directory protection with AllowOverride • TLS using mod_ssl.so • Common uses for .htaccess Lab Tasks • Using .htaccess Files • Use SNI and TLS with Virtual Hosts • Using TLS Certificates with Apache Module 9: Apache server—side scripting • Dynamic HTTP content • Security related php.ini configuration administration • PHP: Hypertext preprocessor • Java servlets and JSP • Developer tools for PHP • Apache’s Tomcat • Installing PHP • Installing Java SDK • Configuring PHP • Installing Tomcat manually • Securing PHP • Using Tomcat with Apache Lab Tasks • CGI Scripts in Apache • Using Tomcat with Apache • Apache's Tomcat • Installing Applications with Apache and Tomcat Module 10: Implementing an FTP server • The FTP protocol • Pure-FTPd • Active mode FTP • vsftpd • Passive mode FTP • Configuring vsftpd • ProFTPD • Anonymous FTP with vsftpd Lab Tasks • Configuring vsftpd Module 11: The Squid Proxy server • Squid overview • Tuning Squid and configuring cache Hierarchies • Squid file layout • Bandwidth metering • Squid access control lists • Monitoring Squid • Applying Squid ACLs • Proxy client configuration Lab Tasks • Installing and Configuring Squid • Proxy Auto Configuration • Squid Cache Manager CGI • Configure a Squid Proxy Cluster Module 12: SQL fundamentals and MariaDB • Popular SQL databases • JOIN clauses • SELECT statements • MariaDB • INSERT statements • MariaDB installation and security • UPDATE statements • MariaDB user account management • DELETE statements • MariaDB replication Lab Tasks • SQL with Sqlite3 • Creating a database in MariaDB • Installing and Securing MariaDB • Create a database backed application Course data sheet Page 4 Module 13: LDAP concepts and clients • LDAP: History and uses • LDAP: Search filters • LDAP: Data model basics • LDIF: LDAP data interchange format • LDAP: Protocol basics • OpenLDAP Client Tools • LDAP: Applications • Alternative LDAP tools Lab Tasks • Querying LDAP Module 14: OpenLDAP servers • Popular LDAP server implementations • OpenLDAP: Global parameters • OpenLDAP: Server architecture • OpenLDAP: Database parameters • OpenLDAP: Backends • OpenLDAP: Server tools • OpenLDAP: Replication • Native LDAP authentication and migration • Managing slapd • Enabling LDAP-based login • OpenLDAP: Configuration options • System Security Services Daemon (SSSD) • OpenLDAP: Configuration sections Lab Tasks • Building An OpenLDAP Server • Enabling LDAP-based Logins • Enabling TLS For An OpenLDAP Server Module 15: Samba concepts and configuration • Introducing Samba • Mapping users • NetBIOS and NetBEUI • Sharing home directories • Samba Daemons • Sharing printers • Accessing Windows/Samba shares from Linux • Share authentication • Samba utilities • Share-level access • Samba configuration files • User-level access • The smb.conf file • Samba account database • Mapping permissions and ACLs • User share restrictions • Mapping Linux concepts Lab Tasks • Samba Share-Level Access • Handling Symbolic Links with Samba • Samba User-Level Access • Samba Home Directory Shares • Samba Group Shares Module 16: SMTP theory • SMTP • SMTP extensions • SMTP terminology • SMTP AUTH • SMTP architecture • SMTP STARTTLS • SMTP commands • SMTP session Module 17: Postfix • Postfix features • Management commands • Postfix architecture • Postfix logging • Postfix components • Logfile analysis • Postfix configuration • Postfix, relaying and SMTP AUTH • master.cf • SMTP AUTH server and Relay control • main.cf • SMTP AUTH clients • Postfix map types • Postfix/TLS • Postfix pattern matching • TLS server configuration • Advanced Postfix options • Postfix client configuration for TLS • Virtual domains • Other TLS clients • Postfix mail filtering • Ensuring TLS security • Configuration commands Lab Tasks • Configuring Postfix • Postfix SMTP AUTH Configuration • Postfix Virtual Host Configuration • Postfix STARTTLS Configuration • Postfix Network Configuration • SUSE Postfix Configuration Cleanup Course data sheet Module 18: Mail Services and Retrieval • Filtering Email • Cyrus IMAP/POP3 Server • Procmail • Cyrus IMAP MTA Integration • SpamAssassin • Cyrus Mailbox Administration • Bogofilter • Fetchmail • amavisd-new Mail Filtering • Roundcube Webmail • Accessing Email • Mailing Lists • The IMAP4 Protocol • GNU Mailman • Dovecot POP3/IMAP