|
Course Overview
For Linux and/or UNIX
systems administrators who want to build skills at configuring
common network services and security administration using Red Hat
Linux. See complete details below.
Updated for building skills on Red Hat Enterprise Linux 4!
Goal:
To become a system administrator who can setup a Red Hat Linux
server and configure common network services and security at a basic
level.
Audience:
Linux or UNIX system administrators who already have some real world
experience with Red Hat Linux systems administration and want a
first course in networking services and security
Prerequisites:
• RH133 Red Hat Linux System Administration or equivalent
experience with Red Hat Linux. To assist you in determining whether
you have equivalent experience, take the RH133 Pre-assessment
Questionnaire.
• LAN/WAN fundamentals or equivalent; Internetworking with TCP/IP or
equivalent.
Prepares for:
• RH300 RHCETM Training and Certification Course (5-day)
• RH302 Red Hat Certified Engineer™ Exam-Only (if participant also
has significant on the job experience with Red Hat Linux).
• RHS333 Red Hat Enterprise Security: Network Services
Course Outline
Unit 1: Introduction to Network Services
• Red Hat Linux Network Components
• Connecting Networks
• Service Management
• chkconfig
• xinetd Services
• The xinetd Daemon
• Fault Analysis
• Hands-on lab: Introduction to Network Services
Unit 2: Organizing Networked Systems
• DNS Basics
• Internet DNS Hierarchy
• Name Server Hierarchy
• Client-side DNS
• Server-side DNS
• Berkeley Internet Name Domain (BIND)
• Configuring BIND
• Configuration File Basics
• Address Match Lists and acl
• rndc
• Zone Files
• Main Record Types
• Delegating Subdomains
• Caching-only Name Server
• BIND Utilities
• BIND Syntax Utilities
• Configuring the DHCP server
• Hands-on lab: Organizing Networked Systems
Unit 3: Network File Sharing Services
• Configuring NFS services
• Configuring FTP services
• Samba Services
• Samba Daemons
• Configuring Samba
• Configuring File and Directory Sharing
• Printing to the Samba Server
• Authentication Methods
• Samba Client Tools: smbclient and smbmount
• Hands-on lab: Network File Sharing Services
Unit 4: Electronic Mail Services
• sendmail Features
• Security and "Anti-Spam" Features
• An Email Review
• Simple Operational Overview
• Main Configuration Files
• sendmail Configuration with the m4 Macro Language
• sendmail Client Configuration
• Blacklisting Recipients
• Debugging sendmail
• Postfix
• Using Postfix
• Additional postfix Configuration Files
• procmail Local Delivery
• Hands-on lab: Electronic Mail Services
Unit 5: The HTTP Service
• Apache Features
• Apache Configuration
• Apache Server Configuration
• Virtual Hosts
• Apache Namespace Configuration
• CGI
• Apache Encrypted Web Server
• Squid Web Proxy Cache
• Hands-on lab: The HTTP Service
Unit 6: Security Concerns and Policy
• Security Terms
• Basic Network Security
• Which Services Are Running?
• Remote Service Detection
• Definitions of Security
• Security Policy
• Backup Policies
• Hands-on lab: Security Concerns and Policy
Unit 7: Authentication Services
• Authentication Basics
• Service Profile: PAM
• PAM Operation
• Core PAM Modules
• Authentication Modules
• Password Security
• Password Policy
• Resource Limits
• User Access Control
• Single User Mode
• Authentication Troubleshooting
• NIS Overview
• NIS Server Topology
• Configuring an NIS Server
• NIS Client Configuration
• NIS Troubleshooting
• Hands-on lab: Authentication Services
Unit 8: System Monitoring
• Introduction to System Monitoring
• File System Analysis
• Set User and Group ID Permissions
• Typical Problematic Permissions
• EXT2 Filesystem Attributes
• Monitoring Data Integrity with tripwire
• Configuring tripwire
• System Log Files
• syslogd and klogd configuration
• Advanced syslogd configuration
• Log File Analysis
• Monitoring and Limiting Processes
• Monitoring Processes with top
• Monitoring Processes Graphically
• System Activity Reporting
• Process Accounting Tools
• Hands-on lab: System Monitoring
Unit 9: Securing Networks
• Packet Filtering Capabilities
• Netfilter Architecture
• Netfilter Packet Flow
• Chain Operations
• Rule targets
• Rule Matching
• Network Address Translation(NAT)
• Connection Tracking
• Rule persistence
• The "Bastion Host"
• Hands-on lab: Securing Networks
Unit 10: Securing Services
• SystemV Startup Control
• Securing the Service
• tcp_wrappers Configuration
• Daemon Specification
• Client Specification
• Advanced Syntax
• xinetd-based security
• xinetd Access Control
• Host Patterns
• Advanced Security Options
• Hands-on lab: Securing Services
Unit 11: Securing Data
• The Need For Encryption
• Cryptographic Building Blocks
• Random Numbers
• One-Way Hashes
• Symmetric Encryption
• Asymmetric Encryption
• Public Key Infrastructures
• Digital Certificates
• Generating Digital Certificates
• OpenSSH Overview
• The OpenSSH
• OpenSSH Authentication
• Protecting Your Keys
• Applications: RPM
• Hands-on lab: Securing Data
|