LinuxCBT Enterprise Linux 4 Edition focuses on the RedHat® Enterprise 4 GNU/Linux operating system. It is the successor to LinuxCBT Classic Edition.
LinuxCBT EL-4 Edition, is unparalleled in content, depth and expertise. LinuxCBT EL-4 Edition prepares you or your organization for successfully deploying and managing business-critical RedHat® Enterprise 4-based solutions. Let LinuxCBT EL-4 Edition teach you what traditional training outlets and other CBTs do not; real GNU/Linux skills!
Recommended Prerequisites for:
- LinuxCBT EL-4 Edition
- Open mind & determination to master Linux and related open-source applications
- Basic MS Windows skills
- Basic understanding of networking concepts
- Access to a PC to perform all of the installations and exercises
Workstation Focus - Module 1
- Installations and Usage on Dell PowerEdge Hardware
- Discuss features of RedHat® Enterprise Linux 4
- Prepare images for network installation
- Install RedHat Enterprise 4 Workstation on Dell Power Edge Server
- Explore GNOME graphical environment
- Introduction to Bourne Again Shell (BASH) - Globes/environment
- Input (STDIN), output (STDOUT) and standard error (STDERR) redirection
- Pipes
- Command chaining
- BASH for loops
- Common BASH Shell commands - Command Line Interface (CLI)
- pwd, touch, stat, ls - explore useful Linux system commands
- echo, cat - expose ASCII text and integrate with files
- cp - copy files
- mv - move files throughout the file system
- tar - explore features and advantages of tarballs
- gzip, bzip2 - intetgrate with tar and examine Internet archive
- diff - compare and contrast between 2 or 3 files - diff3
- file - discuss logic used to ascertain file type
- find - single and multiple expressions and criteria
- slocate - Compare and contrast with find and create system-wide DB
- w, wall, watch, whereis, which, who - Important w commands
- ps & pstree- explore process lists
- free & top - explore process management with top
- seq, top, jobs, fg, kill, killall, bg - Manage processes using standard tools
- Use grep to process lines
- Use awk to process fields - 30
- Common Network Clients & Utilities
- nano editor
- Convert Unix text files to Windows format using unix2dos
- Convert Windows text files to Unix format using dos2unix
- Retrieve local and remote mail with mutt Mail User Agent (MUA)
- mount - Mount CDs and ISO images - create ISOs with mkisofs
- FTP - explore the standard File Transfer Protocol (FTP) client
- gFTP - Usge GNOME FTP to interact with remote FTP server
- LFTP - basic usage, job control
- LFTP - mirror and reverse mirror content - resume transmission
- LFTP - batch, non-interactive, scripted mode
- Introduction to SSH concepts, implementation, etc.
- Use SSH Client to connect to remote Linux Systems using password authentication
- Identify key SSH-client files (.known_hosts, public/private key pairs,etc.)
- Authenticate to remote Linux systems using alternate credentials
- Use Secure Copy Protocol (SCP) to move data between systems non-interactively
- Use Secure File Transfer Protocol (SFTP) to move data between systems interactively
- Demonstrate how to generate Public/Private key (RSA/DSA) pairs using SSH-Keygen
- Demonstrate using SSH to authenticate to remote Linux hosts without passwords
- Install RedHat Enterprise Workstation on Dell Laptop using HTTP
- Generate Public Key/Private Key pairs for use with file and E-mail encryption
- Demonstrate using E-mail client with GNU Privacy Guard (GPG) Open PGP for E-Mail encryption
- Use Remote Desktop to connect to RDP & VNC remote Linux and Windows hosts
- top
System Configuration - Module 2
- Installation on Dell Poweredge Server
- Prepare Sources on Apache HTTP server
- Burn bootable CD with network drivers for network-based installation
- Remove hardware-based RAID 0 configuration
- Configure hardware-based RAID 5 logical storage
- Commence software installation
- Create custom partitions and mount points during installation
- Configure X11 and confirm installation
- System Initialization
- Explore GRUB
- Explore system recovery mode
- Explore INIT
- System V Linux Runlevel implementation
- Identify key startup files, including scripts (inittab,Sscripts,Kscripts,etc.)
- Explain GNU/Linux System V Init Runlevel (0 - 6) concepts & applications
- chkconfig & ntsysv
- Identify startup log files & entries using DMESG & exploration
- Manage Users and Groups & Permissions
- User and group creation & management concepts - passwd, shadow, group, gshadow files
- Use system-config-users to create and manage users and groups
- chmod/chown/chgrp
- SETGID - Group collaboration
- Explore Hard and Symbolic links including across disparate file systems
- File System Management
- FDISK
- Create Standard Linux Partition
- Make EXT2 File System & mount for general usage
- Use tune2fs to upgrade EXT2 to EXT3 File System
- Remove EXT2 partition and create EXT3-based parition
- FSTAB - explore File System Table
- Use FDISK to create a swap partition
- Create Swap partition using MKSWAP & SWAPON
- Provision additional swap space using swapon & swapoff
- Explore GNU Parted as a partition and file-system management tool
- Use Parted to create EXT?-based and Swap partitions
- Logical Volume Management (LVM) - Discuss concepts and applications
- Allocate partitions for usage with LVM
- Create Physical Volumes
- Create Volume Groups based on Physical Volumes
- Create Logical Volumes based on Volume Groups
- Prepare EXT3-based file systems on LVM-managed storage
- Mount and use LVM Volumes
- Resize LVM Volumes
-
- Kickstart-based RAID Installation
- Use Kickstart tool to configure automated kickstart process
- Installation via HTTP using Kickstart
- Discuss RAID concepts and configuration
- Configure RAID disk partitions
-
- RPM Package Management Tool Concepts & Usage
- Query existing packages & file-based packages
- Identify offline and online package repositories
- Install packages
- Upgrade packages
- Freshen packages
- Remove packages
- Kernel Concepts and Management
- Identify and discuss kernel implementation
- Use kernel utils to identify modules and supported hardware
- Discuss proper kernel update procedures
- Download and Install the latest SMP-based kernel
- Confirm results
- Remove outdated kernel and confirm results
- Download and Install the latest Uniprocessor-based kernel
- Examine changes to GRUB and other key directory trees
- SYSCTL - use to view and modify run-time variables
- top
Core Networking Services - Module 3
- Network - Physical & Logical Configuration
- Identify key directories & files for static & dynamic communications
- Configure Linux client with static TCP/IP parameters for network communication
- Explore hotplug -> hwup -> ifup logic
- Use ifconfig to ascertain logical TCP/IP configuration
- Use hwinfo to ascertain installed hardware
- Configure Aliased Ethernet Interfaces to faciliate multiple IP addresses
- Explore System Logging via SYSLOG and Logrotate
- Explore Boot log & System Log
- Explore dmesg
- Explanation of syslog facilities & levels
- Demonstrate syslog administration
- Enable SYSLOG network listener
- Demonstrate Cisco PIX Firewall to Linux SYSLOG functionality
- Explore automatic log rotation and customization via Logrotate
- Configure Logrotate to rotate & compress sample log files
- Implement Network Time Protocol (NTP) Client/Server
- Configure Network Time Protocol (NTP) to perform client/server time synchronization
- Synchronize SUSE Enterprise Linux NTP with additional Linux Stratum 2 NTP server
- Synchronize against Stratum 1 NTP servers
- Dynamic Host Configuration Protocol (DHCP)
- Explain DHCP Concepts & Applications
- Explore DHCP confiuration files
- Configure DHCP subnet with applicable options
- Configure DHCP Reservation based on layer-2 address
- Domain Name System (DNS)
- Configure BIND as a caching-only DNS server
- Implement Master DNS Zone
- Configure Reverse Zone for local subnet
- Implement Dynamic Domain Name System (DDNS) Zones (Forward/Reverse)
- Explain DHCP and DNS update integration options
- Integrate DHCP with DNS via Encypted Transaction Signatures (TSigs)
- Configure Windows 2003 Active Directory to publish DNS Records to Linux Server
- Examine Windows 2003 SRV Records
- Configure Master/Slave Zones with Linux Server
- Evaluate results of BIND configuration using DIG & host
- Implement DNS sub-domains (Third-level domains)
- CRON - System Scheduler
- Explore Cron Implementation
- Explain scheduling options
- Global and scope-based Cron options
- Schedules jobs to run & examine the output
- Configure individual Crontab entries
- Samba Implementation
- Implement Linux & Windows Integration via Samba
- Explore Samba Configuration files
- Implement SMBFS integration with SUSE Enterprise Linux File System
- Mount Windows shares seamlessly using Samba File System (SMBFS)
- Configure FSTAB to support repetitive mounts
- Implement secure SMBFS credentials for mounting
- Install Samba Server support
- Install Samba Web-based Administration Tool (SWAT)
- Configure Samba file sharing
- Configure Samba with multiple NETBIOS aliases
- Install Active Directory (AD) on Windows 2003 Host
- Configure Samba-Active Directory Integration
- Very Secure VSFTPD File Transfer Protocol (FTP) services
- Implement anonymous FTPD
- Implement user-level FTPD access
- Implement FTPD banners
- Disable anonymous access
- Configure VSFTPD to chroot jail users into their home directories
- Implement bandwidth rate-limiting to control bandwidth usage
- Network File System (NFS) Implementation
- Implement NFS Server
- Export shares and discuss options
- Mount NFS exports on remote Linux Host
- Implement AutoFS
- Trivial File Transfer Protocol (TFTP) Implementation
- Install TFTP server
- Backup Cisco PIX firewall configuration using TFTP
- Update Cisco PIX firewall configuration using TFTP
- top
Apache - MySQL® - PHP (LAMP) - Disc 4
- Apache Web Server Implementation
- Discuss Apache server's features and concepts
- Examine Apache-RedHat HTTPD CONF hierarchy
- Examine various configuration files
- Implement Apache Mod Alias and ScriptAlias
- Follow SYMLINKS
- Discuss and implement the Directory directive
- Restrict access to content based on IPs and subnets
- Implement user home (public_html) directories for personal web-publishing
- Configure .htacess file with directives
- Configure IP-based Virtual Hosts
- Configure Name-based Virtual Hosts
- Implement Basic and digest authentication schemes
- Explore Apache logging semantics
- Implement Apache logging system per virtual host
- Webalizer Log Analysis software Implementation
- Generate web reports using Webalizer
- Perl CGI - Implementation
- MySQL® Relational Database Management System
- Install MySQL® Relational Database Management System
- Secure access to MySQL®
- Explore MySQL® monitor shell-based interface
- Create sample MySQL® databases
- Load external data-set from Linux
- Load external data-set from Windows
- PHPMyAdmin - MySQL® Web-based Management Interface
- Install PHPMyAdmin for web-based management of MySQL instances
- Explain & Secure access to PHPMyAdmin
- Explore PHPMyAdmin's interface
- Postfix Message Transfer Agent (MTA)
- Introduction to Sendmail Implementation
- Configure Postfix as default MTA
- Introduction to Postfix Message Transfer Agent (MTA)
- Explore the directives in the Postfix configuration files
- Define default values for the FQDN
- Alter myorigin and examine results
- Configure Postfix to route messages using a Smarthost
- Examine how Postfix delivers mail locally
- Configure SMTP Relaying in Postfix
- Use Mutt to demonstrate outbound mail handling using Postfix
- Define SMTP Virtual domains for hosting multiple DNS domains
- Configure Postfix with a production LinuxCBT DNS domain
- Examine Virtual domain routing with production and non-production DNS domains
- Internet Messaging Access Protocol (IMAP) - Dovecot
- Explain IMAP concepts and applications in comparison to POP3
- Implement IMAP services
- Connect to IMAP services from remote Windows Outlook Express client
- Implement IMAPS
- Generate new self-signed SSL certificate for use with IMAPS
- Squirrel-mail Web-based Mail Interface Implementation
- Describe required squirrel mail components for web-mail integration
- Install squirrel mail on SUSE Enterprise Linux system
- Configure Apache virtual directory for squirrel mail integration
- Configure Apache Virtual Host for squirrel mail integration
- Configure BIND DNS services for squirrel mail integration
- Explore squirrel mail's web-based interface
- XMPP - Enterprise Instant Messenger - Jive Messenger
- Download and Install Jive Messenger
- Configure Jive Messenger for usage
- Evaluate IM-connectivity from Linux Jabber-compliant client
- Evaluate IM-connectivity from Windows Jabber-compliant client
- top
Security Implementation Techniques - Module 5
- System Audit & Lockdown
- Identify tools to perform system audit
- Ascertain and document current system state
- Close all superflous services
- Bind necessary services (daemons) to necessary interfaces and logical addresses
- Establish security configuration baseline
- NMAP - Port Scanner and Vulnerability Assessment Tool
- Obtain, and install current version of NMAP
- Identify commonly used NMAPoptions/switches/parameters
- Explain typical TCPhandshake protocol while using NMAP
- Identifiy key NMAP configuration files
- Use NMAP to perform operating system fingerprinting
- Peform subnet-wide ethical scans
- Perform default TCPSYN-based ethical scans of local and remote resources
- Examine the results of scans on remote Cisco firewall with debugging mode enabled
- Perform default TCPConnect-based ethical scans of local and remote resources
- Examine the results of scans on remote Cisco PIXFirewall with debugging mode enabled
- Use NMAPto scan using aliased and spoofed IP addresses
- Peform local ethical scans
- Explore NMAP Front-End Graphical User Interface (GUI)
- Discuss NMAP's features and applications
- Perform Connect/Syn/Fin and various ethical port-scans
- Perform service exposure scans
- XINETD (Enhanced & Secure INETD Super Server Implementation)
- Identify key XINETD configuration files
- Explain the contents and structure of xinetd.conf
- Restrict access to various daemons/services based on hosts & subnets
- Lockdown XINETD-controlled services
- Configure XINETD to restrict number of spawned instances of daemons/services
- Configure XINETD to bind daemons/services to specific sub-interfaces (Virtual IP addresses)
- XINETD logging
- Explore additional XINETD features
- TCP Wrappers concepts & applications
- Identify primary package and key TCP Wrappers configuration files
- Demonstrate disabled TCP Wrappers configurations by attempting connectivity
- Examine pre and post TCP Wrappers configuration effects
- Implement TCP Wrappers for common services
- Test local & remote access to TCP Wrappers-protected host & services
- IPTABLES (Netfilter Linux Kernel-based Firewall)
- Discuss IPTABLES/Netfilter Concepts
- Explore default tables and chains
- Define and test INPUT chains
- Define and test OUTPUT chains
- Create user-defined chain and evaluate results
- Explain IPTABLES default chains/filters and policies
- Examine TCP/ICMP communications pre-IPTABLES chains
- Implement ICMP inbound filtration based on various hosts
- Use Cisco PIX Firewall to verify ICMP debugging
- Filter traffic based on Layer-4 TCP/UDP (Source/Destination Ports) information
- Restrict access to various daemons (SSH/FTP/HTTP/etc.)
- Test connectivity locally and remotely (RedHat/Windows/etc.)
- Implement IP Forwarding between disparate subnets
- Implement Network Address Translation (NAT)
- Nessus Vulnerability Scanner
- Download and Install Nessus Vulnerability Scanner
- Install missing system dependencies
- Generate self-signed SSL certificates
- Perform basic Nessus system configuration and start the daemon
- Use Nessus Linux client to connect to Nessus Server and perform scans
- Examine resuls of scanning Windows 2003 Host
- Examine resuls of scanning Cisco PIX Firewall Appliance
- Secure Shell Daemon - Secure Communications Implementation
- Explore SSHD key configuration files
- Restrict access to SSHD
- Explore SSHD logging
- Configure PVPNs with local port forwarding
- Configure PVPNs with remote port forwarding
- Execute remote commands in non-interactive mode using SSH
- Discuss forced-commands framework
- Configure SUSE Enterprise to accomodate forced-commands
- Test forced-commands for pre-configured accounts for push/pull secure transactions
- Integrate SSHD with Windows 2003 Server and PuTTY SSH client
- Implement PKI with PuTTY SSH
- Use PSCP and PSFTP to communicate securely from Windows® 2003 to SUSE® Linux
- Snort® 2.x Network Intrusion Detection System (NIDS)
- Obtain, and install pre-requisites (libpcap/libpcre/etc.)
- Obtain, compile and install the Snort® Network Intrusion Detection System (NIDS)
- Identify and explain key operating modes (Sniffer/Logger/NIDS)
- Explore in network sniffer mode
- Explain OSI Model and relevant sniffing options
- Explore Snort® in ASCII and Binary (TCPDUMP) logging modes
- Output logs to ASCII text format and examine the results
- Output logs to binary format and examine the results
- Implement Snort® with BPF to filter traffic
- Generate traffic from remote Windows 2003 and Linux hosts
- Use Snort® with Berkeley Packet Filter (BPF) to parse logs
- Implement Snort® in NIDS modes
- Explore the snort.conf file and discuss rules
- Explain Logging and Alerting output options
- Perform port-scans from remote Linux systems and analyze Alerts
- Configure Snort® to log to SYSLOG
- top
|
