an image

КУРС GL275 - Enterprise Linux Networking Services

Подготовка за сертифициране на LPIC (Linux Professional Institute)


Курса GL275 покрива най-често използваните мрежови приложения от бизнеса. Особено внимание се отделя на сигурността при конфигуриране на тези услуги, както и начини за откриване на често срещани проблеми. Като всеки курс така и този предлага продължителни практически занимания. Модулите включват: повишаване на сигурността с SELinux и Netfilter; DNS концепция и имплементация с Bind; LDAP концепция и имплементация с OpenLDAP; Web услуги с Apache; FTP с vsftpd; Кеширане на WEB съдържание и филтриране с Squid; SMB/CIFS (Windows networking) с Samba; e-mail концепция и имплементация с Postfix комбиниран с Dovecot или Cyrus.

сертификация
an image

Този курс подготвя за следната сертификация: LPIC-2 (LPI Level 2 Certification)
RHCE ™ (Red Hat Certified Engineer)
CLP (Novell ® Certified Linux Professional)

ИНФОРМАЦИЯ
an image

16 модула

Практически упражнения

5 дневен курс

сертифициран лектор

ИЗИСКВАНИЯ
an image

Курсистите трябва да работят свободно с Линукс. Основни понятия и концепции не се разглеждат в този курс а са част от курсовете:GL120 "Linux Fundamentals" и GL250 "Enterprise Linux Systems Administration" Предполага се че курсистите разбират в дълбочина TCP/IP.

1.Securing Services
1.Xinetd
2.Xinetd Connection Limiting and Access Control
3.Xinetd: Resource limits, redirection, logging
4.TCP Wrappers
5.The /etc/hosts.allow & /etc/hosts.deny Files
6./etc/hosts.{allow,deny} Shortcuts
7.Advanced TCP Wrappers
8.Basic Firewall Activation
9.Netfilter: Stateful Packet Filter Firewall
10.Netfilter Concepts
11.Using the iptables Command
12.Netfilter Rule Syntax
13.Targets
14.Common match_specs
15.Connection Tracking
16.AppArmor
17.SELinux Security Framework
18.Choosing an SELinux Policy
19.SELinux Commands
20.SELinux Booleans
21.Graphical SELinux Policy Tools

Lab Tasks
1.Securing xinetd Services
2.Enforcing Security Policy with xinetd
3.Securing Services with TCP Wrappers
4.Securing Services with SuSEfirewall2
5.Securing Services with Netfilter
6.Troubleshooting Practice
7.SELinux File Contexts
2.DNS Concepts
1.Naming Services
2.DNS - A Better Way
3.The Domain Name Space
4.Delegation and Zones
5.Server Roles
6.Resolving Names
7.Resolving IP Addresses
8.Basic BIND Administration
9.Configuring the Resolver
10.Testing Resolution

Lab Tasks
1.Configuring a Slave Name Server
3.Configuring BIND
1.BIND Configuration Files
2.named.conf Syntax
3.named.conf Options Block
4.Creating a Site-Wide Cache
5.rndc Key Configuration
6.Zones In named.conf
7.Zone Database File Syntax
8.SOA - Start of Authority
9.A & PTR - Address & Pointer Records
10.NS - Name Server
11.CNAME & MX - Alias & Mail Host
12.Abbreviations and Gotchas
13.$ORIGIN and $GENERATE

Lab Tasks
1.Use rndc to Control named
2.Configuring BIND Zone Files
4.Creating DNS Hierarchies
1.Subdomains and Delegation
2.Subdomains
3.Delegating Zones
4.in-addr.arpa. Delegation
5.Issues with in-addr.arpa.
6.RFC2317 & in-addr.arpa.

Lab Tasks
1.Create a Subdomain in an Existing Domain
2.Subdomain Delegation
5.Advanced BIND DNS Features
1.Address Match Lists & ACLs
2.Split Namespace with Views
3.Restricting Queries
4.Restricting Zone Transfers
5.Running BIND in a chroot jail
6.Dynamic DNS Concepts
7.Allowing Dynamic DNS Updates
8.DDNS Administration with nsupdate
9.Common Problems
10.Common Problems
11.Securing DNS With TSIG

Lab Tasks
1.Configuring Dynamic DNS
2.Securing BIND DNS
6.LDAP Concepts and Clients
1.LDAP: History and Uses
2.LDAP: Data Model Basics
3.LDAP: Protocol Basics
4.LDAP: Applications
5.LDAP: Search Filters
6.LDIF: LDAP Data Interchange Format
7.OpenLDAP Client Tools
8.Alternative LDAP Tools

Lab Tasks
1.Querying LDAP
7.OpenLDAP Servers
1.Popular LDAP Server Implementations
2.OpenLDAP: Server Architecture
3.OpenLDAP: Backends
4.OpenLDAP: Replication
5.OpenLDAP: Configuration Options
6.OpenLDAP: Configuration Sections
7.OpenLDAP: Global Parameters
8.OpenLDAP: Database Parameters
9.OpenLDAP Server Tools
10.Enabling LDAP-based Login
11.System Security Services Daemon (SSSD)

Lab Tasks
1.Building An OpenLDAP Server
2.Enabling TLS For An OpenLDAP Server
3.Enabling LDAP-based Logins
8.Using Apache
1.HTTP Operation
2.Apache Architecture
3.Dynamic Shared Objects
4.Adding Modules to Apache
5.Apache Configuration Files
6.httpd.conf - Server Settings
7.httpd.conf - Main Configuration
8.HTTP Virtual Servers
9.Virtual Hosting DNS Implications
10.httpd.conf - VirtualHost Configuration
11.Port and IP based Virtual Hosts
12.Name-based Virtual Host
13.Apache Logging
14.Log Analysis
15.The Webalizer

Lab Tasks
1.Apache Architecture
2.Apache Architecture
3.Apache Content
4.Apache Content
5.Configuring Virtual Hosts
9.Apache Security
1.Virtual Hosting Security Implications
2.Delegating Administration
3.Directory Protection
4.Directory Protection with AllowOverride
5.Common Uses for .htaccess
6.Symmetric Encryption Algorithms
7.Asymmetric Encryption Algorithms
8.Digital Certificates
9.SSL Using mod_ssl.so

Lab Tasks
1.Using .htaccess Files
2.Using .htaccess Files
3.Using SSL Certificates with Apache
10.Apache Server-Side Scripting Administration
1.Dynamic HTTP Content
2.PHP: Hypertext Preprocessor
3.Developer Tools for PHP
4.Installing PHP
5.Configuring PHP
6.Securing PHP
7.Security Related php.ini Configuration
8.Java Servlets and JSP
9.Apache's Tomcat
10.Installing Java SDK
11.Installing Tomcat Manually
12.Using Tomcat with Apache

Lab Tasks
1.CGI Scripts in Apache
2.CGI Scripts in Apache
3.Apache's Tomcat
4.Using Tomcat with Apache
5.Installing Applications with Apache and Tomcat
11.Implementing an FTP Server
1.The FTP Protocol
2.Active Mode FTP
3.Passive Mode FTP
4.ProFTPD
5.Pure-FTPd
6.vsftpd
7.Configuring vsftpd
8.Anonymous FTP with vsftpd

Lab Tasks
1.Configuring vsftpd
12.The SQUID Proxy Server
1.Squid Overview
2.Squid File Layout
3.Squid Access Control Lists
4.Applying Squid ACLs
5.Tuning Squid & Configuring Cache Hierarchies
6.Bandwidth Metering
7.Monitoring Squid
8.Proxy Client Configuration

Lab Tasks
1.Installing and Configuring Squid
2.Squid Cache Manager CGI
3.Proxy Auto Configuration
4.Configure a Squid Proxy Cluster
13.Samba Concepts and Configuration
1.Introducing Samba
2.Samba Daemons
3.NetBIOS and NetBEUI
4.Accessing Windows/Samba Shares from Linux
5.Samba Utilities
6.Samba Configuration Files
7.The smb.conf File
8.Mapping Permissions and ACLs
9.Mapping Linux Concepts
10.Mapping Case Sensitivity
11.Mapping Users
12.Sharing Home Directories
13.Sharing Printers
14.Share Authentication
15.Share-Level Access
16.User-Level Access
17.SMB and Passwords
18.Samba Account Database
19.User Share Restrictions

Lab Tasks
1.Samba Share-Level Access
2.Samba User-Level Access
3.Samba Group Shares
4.Configuring Samba
5.Samba Home Directory Shares
14.SMTP Theory
1.SMTP
2.SMTP Terminology
3.SMTP Architecture
4.SMTP Commands
5.SMTP Extensions
6.SMTP AUTH
7.SMTP STARTTLS
8.SMTP Session
15.Postfix
1.Postfix Features
2.Postfix Architecture
3.Postfix Components
4.Postfix Configuration
5.master.cf
6.main.cf
7.Postfix Map Types
8.Postfix Pattern Matching
9.Advanced Postfix Options
10.Virtual Domains
11.Postfix Mail Filtering
12.Configuration Commands
13.Management Commands
14.Postfix Logging
15.Logfile Analysis
16.chrooting Postfix
17.Postfix, Relaying and SMTP AUTH
18.SMTP AUTH Server
19.SMTP AUTH Clients
20.Postfix / TLS
21.TLS Server Configuration
22.Postfix Client Configuration for TLS
23.Other TLS Clients
24.Ensuring TLS Security

Lab Tasks
1.Configuring Postfix
2.Postfix Network Configuration
3.Postfix Virtual Host Configuration
4.Postfix SMTP AUTH Configuration
5.Postfix STARTTLS Configuration
6.SUSE Postfix Configuration Cleanup
16.Mail Services and Retrieval
1.Filtering Email
2.Procmail
3.SpamAssassin
4.Bogofilter
5.amavisd-new Mail Filtering
6.Accessing Email
7.The IMAP4 Protocol
8.Dovecot POP3/IMAP Server
9.Cyrus IMAP/POP3 Server
10.Cyrus IMAP MTA Integration
11.Cyrus Mailbox Administration
12.Fetchmail
13.SquirrelMail
14.Mailing Lists
15.GNU Mailman
16.Mailman Configuration

Lab Tasks
1.Configuring Procmail & SpamAssassin
2.Configuring Cyrus IMAP
3.Dovecot TLS Configuration
4.Configuring SquirrelMail
5.Base Mailman Configuration
6.Basic Mailing List
7.Private Mailing List
A.Sendmail
1.Sendmail Architecture
2.Sendmail Components
3.Sendmail Configuration
4.Sendmail Remote Configuration
5.Controlling Access
6.Sendmail Mail Filter (milter)
7.Configuring Sendmail SMTP AUTH
8.Configuring SMTP STARTTLS

Lab Tasks
1.Configuring Sendmail
2.Sendmail Network Configuration
3.Sendmail Virtual Host Configuration
4.Sendmail SMTP AUTH Configuration
5.Sendmail STARTTLS Configuration
6.SUSE Sendmail Configuration Cleanup
B.NIS

1.NIS Overview
2.NIS Limitations and Advantages
3.NIS Client Configuration
4.NIS Server Configuration
5.NIS Troubleshooting Aids

Lab Tasks
1.Configuring NIS
2.NIS Slave Server
Дистрибуции

Red Hat Enterprise Linux 7
Аудитория
Курсът е подходящ за системни администратори с дългогодишен опит желаещи да подобрът своите умения за работа с мрежовите услуги на Линукс, и други ИТ професионалисти които са преминали курса GL 250.
КОНТАКТИ
an image
Global IT Solutions
гр. София 1606
бул. Ген. Тотлебен 53-55
Email: office@gits.bg

Тел.: +359 888 522 643
+359 878 522 643
website: www.gits.bg