GL275 ENTERPRISE LINUX NETWORK SERVICES Course Outline

Section 1 DNS Concepts Naming Services
  • The Domain Name Space
  • Delegation and Zones
  • Server Roles
  • Resolving Names and Resolving IP Addresses
  • BIND Administration
  • rndc key configuration
  • Configuring the Resolver and Testing Resolution
  • Lab 1 - Configure BIND Install the BIND name server on the system and configure it to act as a slave for the classroom domains
    • Configure the name server to support the rndc command
Section 2 Configuring Bind BIND Configuration Files
  • named.conf Syntax and Options Block
  • Creating a Site-Wide Cache
  • Zones In named.conf
  • Zone Database File Syntax
  • SOA - Start of Authority
  • A -Address / PTR-Pointer
  • NS - Name Server
  • CNAME -Alias / MX-Mail Host
  • Abbreviations and Shortcuts
  • $GENERATE
  • Lab 2 - Configure BIND Configure the name server as the primary master name server for a domain and its corresponding id-addr.arpa domain
Section 3 Creating DNS Hierarchies Subdomains and Delegation
  • in-addr.arpa Delegation
  • Issues with in-addr.arpa
  • RFC2317 & in-addr.arpa
  • Lab 3 - Configure BIND Create a new subdomain and populate it with a few records
    • Delegate control of a subdomain to another name server
    • Using the techniques described in RFC 2317, delegate in-addr.arpa. control for a subnet to another name server
Section 4 Securing BIND and DNS Split Namespaces
  • Using Views with BIND 9
  • Address Match Lists & ACLs
  • Restricting Queries
  • Restricting Zone Transfers
  • Running BIND in a chroot jail
  • Dynamic DNS Concepts
  • Allowing DDNS updates
  • Using DDNS with "nsupdate"
  • Common Problems
  • Lab 4 - Advanced BIND Configuration Configure and test dynamic DNS for the domain
    • Restrict zone transfers generally
    • Allow zone transfers of the zone to a specific host
    • Restrict the IP range that the server will accept recursive queries from
    • Configure a BIND name server to run in a chroot'ed environment
Section 5 LDAP Concepts Centralized Authentication
  • Directory Services
  • What LDAP Provides
  • LDAP Concepts and Organization
  • Schema and Entry Referencing
  • LDIF
  • LDAP Architecture, Security, Implementations, and Client Configuration
  • Lab 5 - Search LDAP
    • Execute LDAP Searches
Section 6 OpenLDAP Servers OpenLDAP Components
  • Configuring slapd
  • Global Parameters and Schema Definition
  • Access Control
  • Backend Types
  • Backend and Database Configuration
  • Indexes and Replicas
  • Replica Configuration
  • Syntax Conformance
  • Lab 6 - Configure LDAP
    • Configure the LDAP server
    • Create a new directory
    • Add, modify, and delete entries in the LDAP server
Section 7 Using OpenLDAP Managing slapd
  • Online and Offline Data Manipulation
  • Native LDAP authentication and Client Config
  • Lab 7 - Configure LDAP Create self-signed x509 certificate for LDAP server use
    • Configure LDAP server to enable secure connections
    • Configure LDAP server with baseDN and rootDN settings
    • Install Perl Libraries needed by ldapmigrate
    • Add three UNIX users
    • Use ldapmigrate to import the /etc files
    • SetupDAP client to use native LDAP authentication
Section 8 Using Apache HTTP Operation
  • Apache History and Status
  • Apache Architecture
  • SSL / HTTPS and Apache
  • Apache Configuration Files
  • httpd.conf
  • Dynamic Shared Objects
  • Adding Modules to Apache
  • Apache Logging
  • Log Analysis
  • The Webalizer
  • Lab 8 - Configure Apache Configure the ServerName directive
    • Optimize Apache by turning off unneeded modules
    • Create an index.html file
Section 9 Virtual Hosting with Apache HTTP Virtual Servers
  • DNS Implications
  • Security Implications
  • IP-based Virtual Host
  • Name-based Virtual Host
  • Port-based Virtual Host
  • Lab 9 - Configure Apache Configure Apache Virtual Hosts
    • Use the "Main" server for global settings
Section 10 Apache Security Delegating Administration
  • Directory Protection
  • Common Uses for .htaccess
  • Symmetric and Asymmetric Key Cryptography
  • Digital Certificates
  • SSL Using mod_ssl
  • Lab 10 - Configure Apache Password protect a directory
    • Override MIME types for a single directory
    • Redirect traffic to a different URL
    • Create a test SSL certificate
    • Use Apache and SSL to setup an SSL-enabled site
Section 11 Apache Server- side Programming Dynamic HTTP Content
  • PHP: Hypertext Preprocessor
  • Developer Tools for PHP
  • Installing, Configuring, and Securing PHP
  • Java Servlets and JSP
  • Jakarta Tomcat
  • Installing Java SDK and Jakarta Tomcat
  • Using Tomcat with Apache
  • Lab 11 - Dynamic Content Write and test dynamic web content using CGI, mod_perl, and PHP
    • Install Apache's Jakarta Tomcat
    • Create dynamic HTML content with JSP
    • Configure the Apache connector mod_jk
    • Mount Tomcat webapps
    • Create a Tomcat admin user
    • Deploy a new webapp via a .war file
    • Mount a new webapp through the Jakarta connector
    • Configure the snipsnap webapp
Section 12 Implementing an FTP Server The FTP Protocol and Operation
  • Active and Passive FTP
  • WU-FTPD
  • vsftpd
  • Configuring vsftpd
  • Anonymous vsftpd
  • Lab 12 Configure VSFTPD Install and configure vsftpd for basic authenticated access
    • Configure vsftpd for anonymous uploads
Section 13 The SQUID Proxy Server Squid Overview, File Layout, and Access Control Lists
  • Squid ACL application
  • Tuning Squid / Hierarchies
  • Bandwidth Metering
  • Monitoring Squid
  • Proxy Client Configuration
  • Lab 13 - Configure SQUID Define an ACL for authorized IP networks
    • Apply the ACL using http_access
    • Enable the Squid cachmgr.cgi program
    • View Squid statistics
    • Create a Proxy Auto Configuration file
    • Change the mime-type in Apache for the PAC file
    • Configure a web browser to use the PAC file
    • Create an ICP proxy mesh
    • Secure the default ICP permissions
Section 14 Samba Concepts SMB Network Protocol
  • NetBIOS and NetBEUI
  • NetBIOS Naming
  • Samba Daemons, Clients, and Utilities
  • Samba Configuration Files
  • The smb.conf File
  • Lab 14 - Configure Samba Install the Samba server and configure it to share your /tmp directory
    • Use smbclient and smbfs to access SMB shares
Section 15 Using Samba Unix and DOS Permissions
  • Unix and Windows Concepts
  • Name and Case Mangling
  • Sharing [homes] and Printers
  • Restricting Access
  • Share-Level and User-Level Access
  • Mapping Users
  • SMB and Passwords
  • The smbpasswd Database
  • User Share Restrictions
  • Lab 15 - Configure Samba Examine Samba's behavior when handling symbolic links and file permissions
    • Configure the Samba server to use share-level access and user-level access
    • Compare encrypted user-level access with unencrypted user-level access
    • Configure Samba to share users home directories on demand
    • Configure a new group. Add a user to the group
    • Create a directory for use by a group
    • Configure the a share to support a group that is read only for some users and read write for others
Section 16 SMTP Theory SMTP Terminology and Architecture
  • SMTP Commands and Extensions
  • SMTP AUTH and STARTTLS
  • SMTP Session
Section 17 Sendmail sendmail Features, and Process
  • sendmail Architecture, Components, and Configuration
  • Configuration Files
  • Databases
  • Text Files
  • Network Access
  • Masquerading sendmail
  • Controlling access
  • Configuring SMTP AUTH and Configuring SMTP STARTTLS
  • Lab 17 - Configure Sendmail Install the sendmail SMTP server on the system and configure it to serve domains
    • Configure sendmail to accept remote network connections
    • Configure virtual hosts on sendmail
    • Configure sendmail to use SMTP AUTH for secure relaying
    • Configure sendmail to support STARTTLS
Section 18 Postfix Postfix Features, Architecture, Components, and Configuration
  • master.cf and main.cf
  • Postfix Map Types and Pattern Matching
  • Advanced Options
  • Virtual Domains and Mail Filtering
  • Configuration and Management Commands
  • Postfix Logging and Logfile Analysis
  • chroot’ing Postfix
  • Postfix and SMTP AUTH
  • SMTP AUTH Server and Clients
  • Postfix Extensions
  • Postfix/TLS
  • TLS Server Configuration
  • Postfix Client Configuration
  • Other TLS Clients and Ensuring TLS Security
  • Lab 18 - Configure Postfix Install the Postfix SMTP server on the system and configure it to serve domains
    • Configure Postfix to accept network connections
    • Configure virtual hosts on Postfix
    • Configure Postfix to use SMTP AUTH for secure relaying
    • Configure Postfix to support STARTTLS and to secure SMTP AUTH
Section 19 IMAP, POP, Spam Filtering and Web Mail Filtering Email
  • procmail
  • SpamAssassin
  • Sendmail Mail Filter (milter)
  • Amavisd-new Mail Filtering
  • Accessing Email
  • The POP3 and the IMAP4 Protocol
  • Dovecot POP3/IMAP Server
  • Cyrus IMAP/POP3 Server
  • Cyrus IMAP MTA integration
  • Cyrus Mailbox Admin
  • Fetchmail and SquirrelMail
  • Lab 19 - Filtering/Web Mail Install the procmail mail-filtering software and configure it as the default MDA on the server
    • Install SpamAssassin and configure it to flag spam on the server
    • Install and configure Cyrus IMAP
    • Enable POP3 and IMAP over SSL
    • Install and configure the SquirrelMail web email client
Appendix 1 Using NIS NIS History, Overview, and Limitations
  • NIS Advantages and Implementation
  • Creating a NIS Master Server
  • NIS Client Configuration
  • Slave Server Configuration
  • Troubleshooting Aids
  • Lab Appendix 1 - NIS Configure a NIS master server, client, and slave server
    • Enable ypxfrd for high-performance database transfers between master and slave NIS servers
    • Configure a NIS client system
    • Observe client usage of a NIS slave server when a NIS master server fails