GL615 Linux for UNIX Administrators Course Outline

GL615 Linux for UNIX Administrators Course Outline

Section 1 Linux Installation Pre-Installation Considerations
	Partition Considerations Partition Planning Filesystem Considerations Journaled Filesystems Installation Choices CD-ROM Installation Network Installation Local Hard Drive Installation FC Personal Desktop Class FC Workstation Class FC Server Class FC Custom Class Install Program Interface Installation Diagnostics Language Selection Keyboard Configuration Mouse Configuration Fedora Install Options Automatic Partitioning Partitioning with Disk Druid Installing a Boot Loader Network Configuration Security Configuration Language Support Selection Root Password Configuration Time Zone Configuration Package Group Selection Installing Packages Install Finished Firstboot Finalizing GUI Configuration Video Card Configuration Monitor Configuration Authentication Configuration Lab 1 - Installation Perform a GUI network NFS based workstation install Configure LVM and Software RAID at installation time

Section 2 Post-Install System Configuration Configuration Utilities
	Configuration Files Network Services Managing System Time Managing Network-Wide Time Continual Time Sync - NTP Configuring NTP Clients Managing Software RPM Features, Architecture, and Package Files Working With RPMs Querying and Verifying with rpm Package Dependencies Intro to YUM Using the YUM command Configuring YUM YUM Repositories YUM Resources Common UNIX Printing System Defining a Printer Kickstart Creating Kickstart Files Using Kickstart files Lab 2 - Post-Install Config Answer some questions about the system using RPM queries Install zsh using RPM Troubleshoot and repair a package using RPM verification Upgrade the kernel using RPM Install the XFCE desktop environment using YUM Create and test a custom YUM repository Create a custom YUM repository for installing software Setup CUPS print queues using: system-config-printer, lpadmin, and the CUPS web interface Modify a kickstart file using a text editor Create a kickstart file using ksconfig Start an install using a pre made kickstart file

Section 3 Boot Process and SysV Init Booting Linux on PCs
	GRUB Configuration Kernel Boot Parameters /sbin/init System init Styles /etc/inittab rc.sysinit /etc/init.d and /etc/rcX.d rc Typical SysV Init Script The rc.local file Managing Daemons Controlling Startup Services Shutdown and Reboot Lab 3 - Boot Process Use GRUB to boot into single user mode Modify kernel/init parameters in GRUB Explore the GRUB interface Attach to the /boot filesystem and display the contents of the grub/grub.conf file Set a GRUB password Modify the lilo.conf creating a new stanza that passes kernel parameters

Section 4 User/Group Administration and NFS User Private Group Scheme
	User Administration Modifying Accounts Group Administration Password Aging Default User Files Controlling Logins PAM, PAM Services, and PAM Control Statements su, Wheel, and sudo DS Client Configuration NFS Server Configuration and NFS Clients Automounting Filesystems Lab 4 - User Admin Learn to customize /etc/skel Learn to add new users and manage password aging Practice setting up wheel group behavior for su Configure a project directory to take advantage of the user private group scheme Configure autofs to access an NFS export Configure NIS client as part of the EXAMPLE.COM domain Configure autofs to mount home directories Switch to using LDAP for authentication Setup an NFS server and export directories

Section 5 Filesystem Administration Partition Tables
	File System Creation Mounting File Systems Filesystem Maintenance Persistent Block Devices udev Resizing Filesystems File Deletion and Undeletion Swap Disk Usage Configuring Disk Quotas Checking Disk Quotas Filesystem Attributes File Access Control Lists Manipulating FACLs Viewing FACLs Backing Up FACLs Backup Hardware Tape Libraries Backup Software Backup Examples Lab 5 - Filesystem Admin Create and activate additional swap space Configure and test disk quotas on the /tmp filesystem Backup files using tar and cpio over ssh Backup files using rsync over ssh Backup and restore files with dump and restore Create and test an ISO9660 image

Section 6 LVM and RAID Logical Volume Management
	Implementing LVM Manipulating VGs and LVs Advanced LVM Concepts Graphical LVM Tool RAID Concepts, Tools, Implementation, and Monitoring/Control Lab 6 - RAID and LVM Use command line tools to partition free space Configure software RAID-5 with a hot-spare Fail a member device of the array, examine the automatic recovery using the hot-spare Fail another member device testing RAID-5 Remove failed member devices, add new devices to array examine the recovery of array Partition the drive and create LVM Physical Volumes Create a LVM Volume Group and Logical Volume to hold website content Verify the operation of LVM snapshots Extend and grow the Logical Volume and the ext3 filesystem

Section 7 Task Automation & Process Accounting Automating Tasks
	at Access Control crontab /etc/cron.* Directories anacron Viewing Processes Managing Processes System Logging /etc/syslog.conf Log Management Log Anomaly Detector Process Accounting Using Process Accounting Limiting System Resources System Status - Memory, I/O, and, CPU sar Lab 7 - Cron & Process Admin Create and edit user cron jobs Add a system-wide cron task to /etc/cron.hourly Install and configure process accounting Enable and set process limits Remove cron jobs

Section 8 Client Networking Linux Network Interfaces
	Ethernet Hardware Tools Runtime configuration change Configuring Routing Tables Advanced Configuration Starting and Stopping Interfaces Virtual IP Interfaces Enabling IPv6 Interface Bonding 802q VLANS IP Stack Configuration DNS Clients DHCP Clients Red Hat Configuration Tools Network Diagnostics Lab 8 - Client Networking Enable static configuration Configure a virtual interface and verify connectivity through the new interface Verify Link-Local IPv6 Connectivity Configure and Test Site-Local Connectivity


Section 9 The X Window System The X Window System
	Xorg Configuring X X Fonts Using Fonts Display Manager Selection XDMCP Specialized X Servers Starting X Apps Automatically Lab 9 - X Change the display manager to gdm Enable XDMCP to support remote desktop login Configure VNC to accept incoming connections Launch a program by creating a script in the /etc/X11/xinit/xinitrc.d/ directory Start a custom X session by modifying the -/.xinitrc file. Secure X for use in a public kiosk Test and verify that the special key sequences are disabled


Section 10 Security Concepts Tightening Default Security
	Staying Current Using up2date Security Advisories SELinux Security Framework Choosing a SELinux Policy SELinux Commands Booleans Graphical Policy Tools inetd / xinetd Xinetd Features TCP Wrappers hosts.allow & hosts.deny hosts.* Syntax Shortcuts Basic Firewall Activation Stateful Packet Filter: iptables Netfilter Concepts Using the iptables Command Netfilter Rule Syntax Targets Common match_specs Stateless Firewall Example Connection Tracking Stateful Firewall Example Lab 10 - Security Lab Examine current system Configure Xinetd to provide a variety of limits for connecting to services Configure a sensor to log connection attempts Use TCP Wrappers to secure various services Use the Netfilter stateful packet filtering to protect the system-

Section 11 Linux Kernel Compilation Why Compile?
	Getting Kernel Source Preparing to Compile Configuring the Kernel General Options Disk Configuration Network Configuration Expansion Port Configuration Multimedia Configuration Kernel Documentation RH 2.6 Kernel Extensions Compiling the Kernel Compile and Install Modules Installing the Kernel Tips and Tricks Lab 11 - Kernel Compilation Compile and install a new driver for the running kernel Patch the Linux kernel source to add support Compile and install a custom Linux kernel

Section 12 DNS Concepts Naming Services and A Better Way
	The Domain Name Space Delegation and Zones Server Roles Resolving Names and IP Addresses BIND Administration rndc key configuration Configuring the Resolver Testing Resolution Lab 12 - Configure BIND Install the BIND name server on the system and configure it to act as a slave for the classroom domains Configure the name server to support the rndc command.

Section 13 Configuring Bind BIND Configuration Files
	named.conf Syntax and Options Block Creating a Site-Wide Cache Zones in named.conf Zone Database File Syntax SOA - Start of Authority A -Address / PTR-Pointer NS - Name Server CNAME -Alias / MX-Mail Host Abbreviations and Shortcuts $GENERATE Lab 13 - Configure BIND Configure the name server as the primary master name server for a new domain and it’s corresponding id-addr.arpa domain

Section 14 OpenLDAP Servers OpenLDAP Components
	Configuring slapd Global Parameters Schema Definition Access Control Backend Types Backend Configuration Database Configuration Indexes Replicas and Replica Configuration Lab 14 - Configure LDAP Configure the LDAP server Create a new directory Add, modify, and delete entries in the LDAP server

Section 15 Using OpenLDAP Managing slapd
	Online and Offline Data Manipulation Native LDAP authentication and Client Config Lab 15 - Configure LDAP Create self-signed x509 certificate for LDAP server use Configure LDAP server to enable secure connections Configure LDAP server with baseDN and rootDN settings Install Perl Libraries needed by ldapmigrate Add three UNIX users Use ldapmigrate to import the /etc files Setup LDAP client to use native LDAP authentication

Section 16 Using Apache Apache History, Status, and Architecture
	SSL / HTTPS and Apache Apache Configuration Files httpd.conf Dynamic Shared Objects Adding Modules to Apache Apache Logging Log Analysis Lab 16 - Configure Apache Configure the ServerName directive Optimize Apache by turning off unneeded modules Create an index.html file

Section 17 Virtual Hosting with Apache HTTP Virtual Servers
	DNS Implications Security Implications IP-based Virtual Host Name-based Virtual Host Port-based Virtual Host Lab 17 - Configure Apache Configure Apache Virtual Hosts Use the "Main" server for global settings

Section 18 Apache Security Delegating Administration
	Directory Protection Common Uses for .htaccess SSL Using mod_ssl Lab 18 - Configure Apache Password protect a directory Override MIME types for a single directory Redirect traffic to a different URL Create a test SSL certificate Use Apache and SSL to setup an SSL-enabled site

Section 19 Implementing an FTP Server WU-FTPD
	vsftpd Configuring vsftpd Anonymous FTP with vsftpd Lab 19 Configure VSFTPD Install and configure vsftpd for basic authenticated access Configure vsftpd for anonymous uploads

Section 20 The SQUID proxy server Squid Overview, Layout, Access Control Lists, and ACL application
	Tuning Squid / Hierarchies Bandwidth Metering and Monitoring of Squid Proxy Client Configuration Lab 20 - Configure SQUID Define an ACL for authorized IP networks Apply the ACL using http_access Enable the Squid cachmgr.cgi program View Squid statistics Create a Proxy Auto Configuration file Change the mime-type in Apache for the PAC file Configure the web browser to use the PAC file Create an ICP proxy mesh Secure the default ICP permissions

Section 21 Samba Concepts SMB Network Protocol
	NetBIOS and NetBEUI NetBIOS Naming Introducing Samba Samba Daemons, Clients, Utilities, and Configuration Files The smb.conf File Lab 21 - Configure Samba Install the Samba server and configure it to share the /tmp directory. Use smbclient and smbfs to access SMB shares

Section 22 Using Samba Unix and DOS Permissions
	Unix and Windows Concepts Name and Case Mangling Sharing [homes] and Printers Restricting Access Share-Level Access and User-Level Access Mapping Users SMB and Passwords The smbpasswd Database User Share Restrictions Lab 22 - Configure Samba Examine Samba’s behavior when handling symbolic links and file permissions Configure the Samba server to use share-level access and user-level access Compare encrypted user-level access with unencrypted user-level access Configure Samba to share users home directories on demand Configure a new group and add the user to the group Create a directory for use by the group Configure the share to support the group that is read only for some users and read write for others

Section 23 Sendmail sendmail Features, Process, Architecture, Components, and Configuration
	Configuration Files Databases Text Files Network Access Masquerading Sendmail Controlling access Configuring SMTP AUTH and SMTP STARTTLS Lab 23 - Configure Sendmail Install the Sendmail SMTP server on the system and configure it to serve domains Configure Sendmail to accept remote network connections Configure virtual hosts on Sendmail Configure Sendmail to support STARTTLS

Section 24 Postfix Postfix Features, Architecture, Components, and Configuration
	master.cf and main.cf Postfix Map Types and Pattern Matching Advanced Options Virtual Domains Mail Filtering Configuration and Management Commands Postfix Logging and Logfile Analysis chroot’ing Postfix Postfix and SMTP AUTH SMTP AUTH Server and Clients Postfix Extensions Postfix/TLS TLS Server Configuration Postfix Client Configuration Other TLS Clients and Ensuring TLS Security Lab 24 - Configure Postfix Install the Postfix SMTP server on the system and configure it to serve domains Configure Postfix to accept network connections Configure virtual hosts on Postfix Configure Postfix to use SMTP AUTH for secure relaying Configure Postfix too support STARTTLS to secure SMTP AUTH

Section 25 IMAP, POP, Spam Filtering and Web Mail Filtering Email
	procmail SpamAssassin Sendmail Mail Filter (milter) Amavisd-new Mail Filtering Accessing Email The POP3 and IMAP4 Protocol Dovecot POP3/IMAP Server Cyrus IMAP/POP3 Server Cyrus IMAP MTA integration Cyrus Mailbox Admin Fetchmail and SquirrelMail Lab 25 - Filtering/Web Mail Install the procmail mail-filtering software and configure it as the default MDA on the server Install SpamAssassin and configure it to flag spam on the server Install and configure Cyrus IMAP Enable POP3 and IMAP over SSL Install and configure the SquirrelMail web email client

Section 26 Troubleshooting Basic Troubleshooting
	Gathering Information Information from df,and mount Information from Log Files Information Regarding Network Settings Information from ps, chkconfig, dmesg, w, and netstat Useful Debugging Aids Common Problems Incorrect File Permissions Inability To Boot Corrupt File Systems Typos in Configuration Files Disks Full? Runaway Processes Shared Libraries The Rescue Environment Lab 26 - Troubleshooting Explore troubleshooting and disaster recovery on non-mission-critical machines Practice troubleshooting common system and daemon errors

Appendix 1 - Using NIS NIS History, Overview, Limitations, Advantages, and Implementation
	Creating a NIS Master Server NIS Client Configuration Slave Server Configuration Troubleshooting Aids Appendix NIS - Lab 1 Configure a NIS master server and NIS client Configure a NIS slave server Enable ypxfrd for high-performance database transfers between master and slave NIS servers Configure a NIS client system Observe client usage of a NIS slave server when a NIS master server fails