Students interested in developing skills as network administrators find this course invaluable. Topics explored and implemented in the class include the setup and maintenance of many of the most popular network services available for Linux and UNIX today, including servers for DNS, SMB (Windows networking), e-mail servers, FTP, web, and caching proxy. Special attention is paid to the concepts needed to implement these services securely, and to the trouble-shooting skills which will be necessary for real-world administration of network services.
Prerequisites: Individuals wishing to take this class should already have a solid grounding in UNIX concepts and basic systems administration. Fundamentals such as an understanding of the Linux filesystem, process management, and the ability to manipulate and edit files is considered a must and will not be covered in class. A good understanding of network concepts and the TCP/IP protocol suite is also assumed.
This course is currently taught using Fedora Core 3.
Express Interest in this Course
DETAILED COURSE OUTLINE
Section 1 DNS ConceptsNaming Services
The Domain Name Space
Delegation and Zones
Server Roles
Resolving Names and Resolving IP Addresses
BIND Administration
rndc key configuration
Configuring the Resolver and Testing Resolution
Lab 1 - Configure BINDThe Domain Name Space
Delegation and Zones
Server Roles
Resolving Names and Resolving IP Addresses
BIND Administration
rndc key configuration
Configuring the Resolver and Testing Resolution
Install the BIND name server on the system and configure it to act as a slave for the classroom domains
Configure the name server to support the rndc command
Section 2 Configuring BindConfigure the name server to support the rndc command
BIND Configuration Files
named.conf Syntax and Options Block
Creating a Site-Wide Cache
Zones In named.conf
Zone Database File Syntax
SOA - Start of Authority
A -Address / PTR-Pointer
NS - Name Server
CNAME -Alias / MX-Mail Host
Abbreviations and Shortcuts
$GENERATE
Lab 2 - Configure BINDnamed.conf Syntax and Options Block
Creating a Site-Wide Cache
Zones In named.conf
Zone Database File Syntax
SOA - Start of Authority
A -Address / PTR-Pointer
NS - Name Server
CNAME -Alias / MX-Mail Host
Abbreviations and Shortcuts
$GENERATE
Configure the name server as the primary master name server for a domain and its corresponding id-addr.arpa domain
Section 3 Creating DNS HierarchiesSubdomains and Delegation
in-addr.arpa Delegation
Issues with in-addr.arpa
RFC2317 & in-addr.arpa
Lab 3 - Configure BINDin-addr.arpa Delegation
Issues with in-addr.arpa
RFC2317 & in-addr.arpa
Create a new subdomain and populate it with a few records
Delegate control of a subdomain to another name server
Using the techniques described in RFC 2317, delegate in-addr.arpa. control for a subnet to another name server
Section 4 Securing BIND and DNSDelegate control of a subdomain to another name server
Using the techniques described in RFC 2317, delegate in-addr.arpa. control for a subnet to another name server
Split Namespaces
Using Views with BIND 9
Address Match Lists & ACLs
Restricting Queries
Restricting Zone Transfers
Running BIND in a chroot jail
Dynamic DNS Concepts
Allowing DDNS updates
Using DDNS with "nsupdate"
Common Problems
Lab 4 - Advanced BIND ConfigurationUsing Views with BIND 9
Address Match Lists & ACLs
Restricting Queries
Restricting Zone Transfers
Running BIND in a chroot jail
Dynamic DNS Concepts
Allowing DDNS updates
Using DDNS with "nsupdate"
Common Problems
Configure and test dynamic DNS for the domain
Restrict zone transfers generally
Allow zone transfers of the zone to a specific host
Restrict the IP range that the server will accept recursive queries from
Configure a BIND name server to run in a chroot'ed environment
Section 5 LDAP ConceptsRestrict zone transfers generally
Allow zone transfers of the zone to a specific host
Restrict the IP range that the server will accept recursive queries from
Configure a BIND name server to run in a chroot'ed environment
Centralized Authentication
Directory Services
What LDAP Provides
LDAP Concepts and Organization
Schema and Entry Referencing
LDIF
LDAP Architecture, Security, Implementations, and Client Configuration
Lab 5 - Search LDAPDirectory Services
What LDAP Provides
LDAP Concepts and Organization
Schema and Entry Referencing
LDIF
LDAP Architecture, Security, Implementations, and Client Configuration
Execute LDAP Searches
Section 6 OpenLDAP ServersOpenLDAP Components
Configuring slapd
Global Parameters and Schema Definition
Access Control
Backend Types
Backend and Database Configuration
Indexes and Replicas
Replica Configuration
Syntax Conformance
Lab 6 - Configure LDAPConfiguring slapd
Global Parameters and Schema Definition
Access Control
Backend Types
Backend and Database Configuration
Indexes and Replicas
Replica Configuration
Syntax Conformance
Configure the LDAP server
Create a new directory
Add, modify, and delete entries in the LDAP server
Create a new directory
Add, modify, and delete entries in the LDAP server
Section 7 Using OpenLDAP
Managing slapd
Online and Offline Data Manipulation
Native LDAP authentication and Client Config
Lab 7 - Configure LDAPOnline and Offline Data Manipulation
Native LDAP authentication and Client Config
Create self-signed x509 certificate for LDAP server use
Configure LDAP server to enable secure connections
Configure LDAP server with baseDN and rootDN settings
Install Perl Libraries needed by ldapmigrate
Add three UNIX users
Use ldapmigrate to import the /etc files
SetupDAP client to use native LDAP authentication
Section 8 Using ApacheConfigure LDAP server to enable secure connections
Configure LDAP server with baseDN and rootDN settings
Install Perl Libraries needed by ldapmigrate
Add three UNIX users
Use ldapmigrate to import the /etc files
SetupDAP client to use native LDAP authentication
HTTP Operation
Apache History and Status
Apache Architecture
SSL / HTTPS and Apache
Apache Configuration Files
httpd.conf
Dynamic Shared Objects
Adding Modules to Apache
Apache Logging
Log Analysis
The Webalizer
Lab 8 - Configure ApacheApache History and Status
Apache Architecture
SSL / HTTPS and Apache
Apache Configuration Files
httpd.conf
Dynamic Shared Objects
Adding Modules to Apache
Apache Logging
Log Analysis
The Webalizer
Configure the ServerName directive
Optimize Apache by turning off unneeded modules
Create an index.html file
Section 9 Virtual Hosting with ApacheOptimize Apache by turning off unneeded modules
Create an index.html file
HTTP Virtual Servers
DNS Implications
Security Implications
IP-based Virtual Host
Name-based Virtual Host
Port-based Virtual Host
Lab 9 - Configure ApacheDNS Implications
Security Implications
IP-based Virtual Host
Name-based Virtual Host
Port-based Virtual Host
Configure Apache Virtual Hosts
Use the "Main" server for global settings
Section 10 Apache SecurityUse the "Main" server for global settings
Delegating Administration
Directory Protection
Common Uses for .htaccess
Symmetric and Asymmetric Key Cryptography
Digital Certificates
SSL Using mod_ssl
Lab 10 - Configure ApacheDirectory Protection
Common Uses for .htaccess
Symmetric and Asymmetric Key Cryptography
Digital Certificates
SSL Using mod_ssl
Password protect a directory
Override MIME types for a single directory
Redirect traffic to a different URL
Create a test SSL certificate
Use Apache and SSL to setup an SSL-enabled site
Section 11 Apache Server- side ProgrammingOverride MIME types for a single directory
Redirect traffic to a different URL
Create a test SSL certificate
Use Apache and SSL to setup an SSL-enabled site
Dynamic HTTP Content
PHP: Hypertext Preprocessor
Developer Tools for PHP
Installing, Configuring, and Securing PHP
Java Servlets and JSP
Jakarta Tomcat
Installing Java SDK and Jakarta Tomcat
Using Tomcat with Apache
Lab 11 - Dynamic ContentPHP: Hypertext Preprocessor
Developer Tools for PHP
Installing, Configuring, and Securing PHP
Java Servlets and JSP
Jakarta Tomcat
Installing Java SDK and Jakarta Tomcat
Using Tomcat with Apache
Write and test dynamic web content using CGI, mod_perl, and PHP
Install Apache's Jakarta Tomcat
Create dynamic HTML content with JSP
Configure the Apache connector mod_jk
Mount Tomcat webapps
Create a Tomcat admin user
Deploy a new webapp via a .war file
Mount a new webapp through the Jakarta connector
Configure the snipsnap webapp
Section 12 Implementing an FTP ServerInstall Apache's Jakarta Tomcat
Create dynamic HTML content with JSP
Configure the Apache connector mod_jk
Mount Tomcat webapps
Create a Tomcat admin user
Deploy a new webapp via a .war file
Mount a new webapp through the Jakarta connector
Configure the snipsnap webapp
The FTP Protocol and Operation
Active and Passive FTP
WU-FTPD
vsftpd
Configuring vsftpd
Anonymous vsftpd
Lab 12 Configure VSFTPDActive and Passive FTP
WU-FTPD
vsftpd
Configuring vsftpd
Anonymous vsftpd
Install and configure vsftpd for basic authenticated access
Configure vsftpd for anonymous uploads
Section 13 The SQUID Proxy ServerConfigure vsftpd for anonymous uploads
Squid Overview, File Layout, and Access Control Lists
Squid ACL application
Tuning Squid / Hierarchies
Bandwidth Metering
Monitoring Squid
Proxy Client Configuration
Lab 13 - Configure SQUIDSquid ACL application
Tuning Squid / Hierarchies
Bandwidth Metering
Monitoring Squid
Proxy Client Configuration
Define an ACL for authorized IP networks
Apply the ACL using http_access
Enable the Squid cachmgr.cgi program
View Squid statistics
Create a Proxy Auto Configuration file
Change the mime-type in Apache for the PAC file
Configure a web browser to use the PAC file
Create an ICP proxy mesh
Secure the default ICP permissions
Section 14 Samba ConceptsApply the ACL using http_access
Enable the Squid cachmgr.cgi program
View Squid statistics
Create a Proxy Auto Configuration file
Change the mime-type in Apache for the PAC file
Configure a web browser to use the PAC file
Create an ICP proxy mesh
Secure the default ICP permissions
SMB Network Protocol
NetBIOS and NetBEUI
NetBIOS Naming
Samba Daemons, Clients, and Utilities
Samba Configuration Files
The smb.conf File
Lab 14 - Configure SambaNetBIOS and NetBEUI
NetBIOS Naming
Samba Daemons, Clients, and Utilities
Samba Configuration Files
The smb.conf File
Install the Samba server and configure it to share your /tmp directory
Use smbclient and smbfs to access SMB shares
Section 15 Using SambaUse smbclient and smbfs to access SMB shares
Unix and DOS Permissions
Unix and Windows Concepts
Name and Case Mangling
Sharing [homes] and Printers
Restricting Access
Share-Level and User-Level Access
Mapping Users
SMB and Passwords
The smbpasswd Database
User Share Restrictions
Lab 15 - Configure SambaUnix and Windows Concepts
Name and Case Mangling
Sharing [homes] and Printers
Restricting Access
Share-Level and User-Level Access
Mapping Users
SMB and Passwords
The smbpasswd Database
User Share Restrictions
Examine Samba's behavior when handling symbolic links and file permissions
Configure the Samba server to use share-level access and user-level access
Compare encrypted user-level access with unencrypted user-level access
Configure Samba to share users home directories on demand
Configure a new group. Add a user to the group
Create a directory for use by a group
Configure the a share to support a group that is read only for some users and read write for others
Section 16 SMTP TheoryConfigure the Samba server to use share-level access and user-level access
Compare encrypted user-level access with unencrypted user-level access
Configure Samba to share users home directories on demand
Configure a new group. Add a user to the group
Create a directory for use by a group
Configure the a share to support a group that is read only for some users and read write for others
SMTP Terminology and Architecture
SMTP Commands and Extensions
SMTP AUTH and STARTTLS
SMTP Session
Section 17 SendmailSMTP Commands and Extensions
SMTP AUTH and STARTTLS
SMTP Session
sendmail Features, and Process
sendmail Architecture, Components, and Configuration
Configuration Files
Databases
Text Files
Network Access
Masquerading sendmail
Controlling access
Configuring SMTP AUTH and Configuring SMTP STARTTLS
Lab 17 - Configure Sendmailsendmail Architecture, Components, and Configuration
Configuration Files
Databases
Text Files
Network Access
Masquerading sendmail
Controlling access
Configuring SMTP AUTH and Configuring SMTP STARTTLS
Install the sendmail SMTP server on the system and configure it to serve domains
Configure sendmail to accept remote network connections
Configure virtual hosts on sendmail
Configure sendmail to use SMTP AUTH for secure relaying
Configure sendmail to support STARTTLS
Section 18 PostfixConfigure sendmail to accept remote network connections
Configure virtual hosts on sendmail
Configure sendmail to use SMTP AUTH for secure relaying
Configure sendmail to support STARTTLS
Postfix Features, Architecture, Components, and Configuration
master.cf and main.cf
Postfix Map Types and Pattern Matching
Advanced Options
Virtual Domains and Mail Filtering
Configuration and Management Commands
Postfix Logging and Logfile Analysis
chroot’ing Postfix
Postfix and SMTP AUTH
SMTP AUTH Server and Clients
Postfix Extensions
Postfix/TLS
TLS Server Configuration
Postfix Client Configuration
Other TLS Clients and Ensuring TLS Security
Lab 18 - Configure Postfixmaster.cf and main.cf
Postfix Map Types and Pattern Matching
Advanced Options
Virtual Domains and Mail Filtering
Configuration and Management Commands
Postfix Logging and Logfile Analysis
chroot’ing Postfix
Postfix and SMTP AUTH
SMTP AUTH Server and Clients
Postfix Extensions
Postfix/TLS
TLS Server Configuration
Postfix Client Configuration
Other TLS Clients and Ensuring TLS Security
Install the Postfix SMTP server on the system and configure it to serve domains
Configure Postfix to accept network connections
Configure virtual hosts on Postfix
Configure Postfix to use SMTP AUTH for secure relaying
Configure Postfix to support STARTTLS and to secure SMTP AUTH
Section 19 IMAP, POP, Spam Filtering and Web MailConfigure Postfix to accept network connections
Configure virtual hosts on Postfix
Configure Postfix to use SMTP AUTH for secure relaying
Configure Postfix to support STARTTLS and to secure SMTP AUTH
Filtering Email
procmail
SpamAssassin
Sendmail Mail Filter (milter)
Amavisd-new Mail Filtering
Accessing Email
The POP3 and the IMAP4 Protocol
Dovecot POP3/IMAP Server
Cyrus IMAP/POP3 Server
Cyrus IMAP MTA integration
Cyrus Mailbox Admin
Fetchmail and SquirrelMail
Lab 19 - Filtering/Web Mailprocmail
SpamAssassin
Sendmail Mail Filter (milter)
Amavisd-new Mail Filtering
Accessing Email
The POP3 and the IMAP4 Protocol
Dovecot POP3/IMAP Server
Cyrus IMAP/POP3 Server
Cyrus IMAP MTA integration
Cyrus Mailbox Admin
Fetchmail and SquirrelMail
Install the procmail mail-filtering software and configure it as the default MDA on the server
Install SpamAssassin and configure it to flag spam on the server
Install and configure Cyrus IMAP
Enable POP3 and IMAP over SSL
Install and configure the SquirrelMail web email client
Appendix 1 Using NISInstall SpamAssassin and configure it to flag spam on the server
Install and configure Cyrus IMAP
Enable POP3 and IMAP over SSL
Install and configure the SquirrelMail web email client
NIS History, Overview, and Limitations
NIS Advantages and Implementation
Creating a NIS Master Server
NIS Client Configuration
Slave Server Configuration
Troubleshooting Aids
Lab Appendix 1 - NISNIS Advantages and Implementation
Creating a NIS Master Server
NIS Client Configuration
Slave Server Configuration
Troubleshooting Aids
Configure a NIS master server, client, and slave server
Enable ypxfrd for high-performance database transfers between master and slave NIS servers
Configure a NIS client system
Observe client usage of a NIS slave server when a NIS master server fails
Enable ypxfrd for high-performance database transfers between master and slave NIS servers
Configure a NIS client system
Observe client usage of a NIS slave server when a NIS master server fails