Introduction to Linux Network Services

Bascom Bridge’s  Linux Network Services course teaches students how to securely implement, troubleshoot, and manage network services.

LINUX NETWORK SERVICES OBJECTIVES

All students will:

• Secure services with SELinux and Netfilter,
• Learn DNS concepts and implementation with Bind
• Understand LDAP concepts and implement using OpenLDAP
• Secure the Apache httpd web server
• FTP with vsftpd
• Cache and filter proxies with Squid
• Use SMB/CIFS (Windows networking) with Samba
• Learn e-mail concepts and implement with Postfix combined with either Dovecot or Cyrus

LINUX NETWORK SERVICES PREREQUISITES

All students should already be comfortable with basic Linux or UNIX administration and have a solid understanding of network concepts and the TCP/IP protocol suite.

LINUX NETWORK SERVICES MATERIALS

All attendees receive comprehensive courseware and a related textbook.

SOFTWARE NEEDED FOR EACH PC:

• Windows, Mac, or Linux PCs with at least 4 GB RAM
• Accelebrate can provide a VirtualBox or VMware environment with all software needed for the class
  • This class can be taught using the Linux distribution of your choice
• Please contact us for further setup details
• For classes delivered online, all participants need either dual monitors or a separate device logged into the online session so that they can do their work on one screen and watch the instructor on the other. A separate computer connected to a projector or large screen TV would be another way for students to see the instructor’s screen simultaneously with working on their own.

LINUX NETWORK SERVICES OUTLINE

• Introduction
• Securing Services
  • Xinetd
  • Xinetd Connection Limiting and Access Control
  • Xinetd: Resource limits, redirection, logging
  • TCP Wrappers
  • The /etc/hosts.allow & /etc/hosts.deny Files
  • /etc/hosts.{allow,deny} Shortcuts
  • Advanced TCP Wrappers
  • Basic Firewall Activation
  • Netfilter: Stateful Packet Filter Firewall
  • Netfilter Concepts
  • Using the iptables Command
  • Netfilter Rule Syntax
  • Targets
  • Common match_specs
  • Connection Tracking
  • AppArmor
  • SELinux Security Framework
  • Choosing an SELinux Policy
  • SELinux Commands
  • SELinux Booleans
  • Graphical SELinux Policy Tools
• DNS Concepts
  • Naming Services
  • DNS – A Better Way
  • The Domain Name Space
  • Delegation and Zones
  • Server Roles
  • Resolving Names
  • Resolving IP Addresses
  • Basic BIND Administration
  • Configuring the Resolver
  • Testing Resolution
• Configuring Bind
  • BIND Configuration Files
  • named.conf Syntax
  • named.conf Options Block
  • Creating a Site-Wide Cache
  • rndc Key Configuration
  • Zones In named.conf
  • Zone Database File Syntax
  • SOA – Start of Authority
  • A & PTR – Address & Pointer Records
  • NS – Name Server
  • CNAME & MX – Alias & Mail Host
  • Abbreviations and Gotchas
  • $ORIGIN and $GENERATE
• Creating DNS Hierarchies
  • Subdomains and Delegation
  • Subdomains
  • Delegating Zones
  • in-addr.arpa. Delegation
  • Issues with in-addr.arpa.
  • RFC2317 & in-addr.arpa.
• Advanced Bind DNS Features
  • Address Match Lists & ACLs
  • Split Namespace with Views
  • Restricting Queries
  • Restricting Zone Transfers
  • Running BIND in a chroot jail
  • Dynamic DNS Concepts
  • Allowing Dynamic DNS Updates
  • DDNS Administration with nsupdate
  • Common Problems
  • Securing DNS with TSIG
• LDAP Concepts and Clients
  • LDAP: History and Uses
  • LDAP: Data Model Basics
  • LDAP: Protocol Basics
  • LDAP: Applications
  • LDAP: Search Filters
  • LDIF: LDAP Data Interchange Format
  • OpenLDAP Client Tools
  • Alternative LDAP Tools
• OpenLDAP Servers
  • Popular LDAP Server Implementations
  • OpenLDAP: Server Architecture
  • OpenLDAP: Backends
  • OpenLDAP: Replication
  • OpenLDAP: Configuration Options
  • OpenLDAP: Configuration Sections
  • OpenLDAP: Global Parameters
  • OpenLDAP: Database Parameters
  • OpenLDAP Server Tools
  • Enabling LDAP-based Login
  • System Security Services Daemon (SSSD)
• Using Apache
  • HTTP Operation
  • Apache Architecture
  • Dynamic Shared Objects
  • Adding Modules to Apache
  • Apache Configuration Files
  • httpd.conf – Server Settings
  • httpd.conf – Main Configuration
  • HTTP Virtual Servers
  • Virtual Hosting DNS Implications
  • httpd.conf – VirtualHost Configuration
  • Port and IP based Virtual Hosts
  • Name-based Virtual Host
  • Apache Logging
  • Log Analysis
  • The Webalizer
• Apache Security
  • Virtual Hosting Security Implications
  • Delegating Administration
  • Directory Protection
  • Directory Protection with AllowOverride
  • Common Uses for .htaccess
  • Symmetric Encryption Algorithms
  • Asymmetric Encryption Algorithms
  • Digital Certificates
  • SSL Using mod_ssl.so
• Apache Server-Side Scripting Administration
  • Dynamic HTTP Content
  • PHP: Hypertext Preprocessor
  • Developer Tools for PHP
  • Installing PHP
  • Configuring PHP
  • Securing PHP
  • Security Related php.ini Configuration
  • Java Servlets and JSP
  • Apache’s Tomcat
  • Installing Java SDK
  • Installing Tomcat Manually
  • Using Tomcat with Apache
• Implementing an FTP server
  • The FTP Protocol
  • Active Mode FTP
  • Passive Mode FTP
  • ProFTPD
  • Pure-FTPd
  • vsftpd
  • Configuring vsftpd
  • Anonymous FTP with vsftpd
• The Squid Proxy Server
  • Squid Overview
  • Squid File Layout
  • Squid Access Control Lists
  • Applying Squid ACLs
  • Tuning Squid & Configuring Cache Hierarchies
  • Bandwidth Metering
  • Monitoring Squid
  • Proxy Client Configuration
• Samba Concepts and Configuration
  • Introducing Samba
  • Samba Daemons
  • NetBIOS and NetBEUI
  • Accessing Windows/Samba Shares from Linux
  • Samba Utilities
  • Samba Configuration Files
  • The smb.conf File
  • Mapping Permissions and ACLs
  • Mapping Linux Concepts
  • Mapping Case Sensitivity
  • Mapping Users
  • Sharing Home Directories
  • Sharing Printers
  • Share Authentication
  • Share-Level Access
  • User-Level Access
  • Samba Account Database
  • User Share Restrictions
• SMTP Theory
  • SMTP
  • SMTP Terminology
  • SMTP Architecture
  • SMTP Commands
  • SMTP Extensions
  • SMTP AUTH
  • SMTP STARTTLS
  • SMTP Session
• POSTFIX
  • Postfix Features
  • Postfix Architecture
  • Postfix Components
  • Postfix Configuration
  • master.cf
  • main.cf
  • Postfix Map Types
  • Postfix Pattern Matching
  • Advanced Postfix Options
  • Virtual Domains
  • Postfix Mail Filtering
  • Configuration Commands
  • Management Commands
  • Postfix Logging
  • Logfile Analysis
  • chrooting Postfix
  • Postfix, Relaying and SMTP AUTH
  • SMTP AUTH Server and Relay Control
  • SMTP AUTH Clients
  • Postfix / TLS
  • TLS Server Configuration
  • Postfix Client Configuration for TLS
  • Other TLS Clients
  • Ensuring TLS Security
• Mail Services and Retrieval
  • Filtering Email
  • Procmail
  • SpamAssassin
  • Bogofilter
  • amavisd-new Mail Filtering
  • Accessing Email
  • The IMAP4 Protocol
  • Dovecot POP3/IMAP Server
  • Cyrus IMAP/POP3 Server
  • Cyrus IMAP MTA Integration
  • Cyrus Mailbox Administration
  • Fetchmail
  • SquirrelMail
• Conclusion