LinuxCBT.com

Syllabus

Focus: Debian® Linux Version 3x

Duration: 45-Hours

    • Introduction to & Installation of Debian GNU/Linux
      • Identify Debian GNU/Linux distribution sites
      • Explain various methods of obtaining Debian GNU/Linux
      • Explain the various Debian GNU/Linux strains (Woody/Sarge/Sid)
      • Explain how the efficient Jigsaw Download (jigdo) process operates
      • Install Jigsaw Download tool on RedHat system to obtain Debian ISO images
      • Demonstrate how to obtain Debian GNU/Linux using the efficient Jigsaw Download (Jigdo) process from RedHat Linux and Windows 2003 systems
      • Prepare (Burn) Debian GNU/Linux media based on Jigdo for installation
      • Demonstrate how to obtain Debian GNU/Linux using the traditional ISO images from RedHat Linux & Windows 2003 Systems
      • Prepare (Burn) Debian GNU/Linux media based on ISO downloads for installation
      • Demonstrate how to obtain Debian GNU/Linux using a minimal CD for network installation
      • Prepare Debian GNU/Linux media based on the minimal CD ISO download for installation
      • Prep the Intel-based system for a Workstation installation of Debian GNU/Linux
      • Install Debian Linux on Intel-based x86 machine using CD-ROMs
      • Use CFDISK to create user-partitions on the Debian Workstation system
      • Use CFDISK to create a system-Swap partition
      • Configure the installation process with Workstation-oriented packages
      • Prepare the Intel-based system for a Server installation of Debian GNU/Linux
      • Install Debian Linux on Intel-based x86 machine using CD-ROMs
      • Use Fdisk to create server-oriented partitions on the Debian Server system
      • Use Fdisk to create a system-Swap partition
      • Configure the installation process with Server-oriented packages
      • Prep the Intel-based system for a Network installation of Debian GNU/Linux
      • Identify Network Installation ISO Image repositories
      • Download Network Installation ISO Image & burn to CDRW
      • Use Fdisk to create server-oriented partitions on the Debian Server system
      • Use Fdisk to create a system-Swap partition
      • Identify and specify Debian mirrors to obtain installation packages from
      • Install Debian Linux on Intel-based x86 machine using HTTP
      • Configure the installation process with Server-oriented packages
      • Prepare the Sun Fire SPARC-based headless system for a Remote Network installation of Debian GNU/Linux using SSH, CKermit & serial connectivity
      • Install Debian GNU/Linux SPARC edition using the Module -1 Binary
      • Configure server-oriented drive partitions using Fdisk
      • Configure optimal server-oriented Swap partition using Fdisk
      • Configure the Sun Fire SPARC system with network connectivity
      • Update Debian SPARC system with latest security patches using APT
    •  
    • Explore the Debian GNU/Linux KDE Desktop Interface & Default Applications
    • Identify Documentation - Man Pages & Graphical
    • Explore Debian GNU/Linux GNOME Desktop Interface & Default Applications
    • Upgrade Mozilla web browser software
    • Implement Macromedia Flash plug-in and configure support in Mozilla and evaluate results
    • Implement the current Java Runtime Environment (JRE/J2SE) for system-wide access to Java applets/etc.
    •  
    • Basic Debian GNU/Linux Skills
    • Demonstrate usage of the following useful commands & concepts
      • ls, pwd, cd, cp, mv, rm, mkdir, rmdir, whoami, man, info
      • alias, cat, file, chmod, chown, history
      • Standard in/out, UNIX Pipes, Redirection, Command Chaining
      • ps, df, free, vmstat, top, kill
      • less & more, head & tail, diff
      • which & whereis, w, who
      • find, grep, locate
      • tar, gzip/gunzip, bzip2, zcat
      • PING (Packet Internet Groper) - used to issue ICMP echo requests
      • dig (Domain Information Groper) - used to query DNS servers
      • Demonstrate typical usage of the vi text editor
      • Demonstrate typical usage the nano text editor
      • Tarball Archiving & compression of files & directories with TAR/GZIP/BZIP2
      • Explain UNIX/Linux file security & permissions (-rwxrwxrwx)
      • Use mount/umount to access CD-ROM and floppy devices
      • Explore /etc/fstab (File system Table file)
      • Explore TCP/IP Configuration
      • Install Wget and demonstrate its typical usage to interface to HTTP/FTP servers
    •  
    •  
    • Advanced Package Management Tool (APT) Concepts
      • Explain classes of Debian GNU/Linux Packages
      • Identify Debian GNU/Linux Package Management Tools
      • Inventory currently installed DEB packages
      • Demonstrate Packge Group Selection with tasksel
      • Discuss Package Refinement with dselect
      • Identify key Advanced Package Tool (APT) configuration files
      • Search for Debian GNU/Linux packages using Advanced Package Tool (APT)
      • Install/Update/Remove software using APT
      • Configure APT to query multiple sources for packages
      • Use DPKG to install a DEB package located on an EXT3 File System
      • Configure APT to install packages from varying versions of Debian GNU/Linux
      • Use Aptitude to manage Debian GNU/Linux packages
      • Install Apt-Spy using APT to identify optimal mirrors
    •  
    • Disk Management using CFDISK & FDISK
      • Provision additional Storage partitions using CFDISK
      • Partition using FDISK additional user space
      • Use MKE2FS to provision multiple 20GB EXT2 & EXT3 File Systems
      • Use TUNE2FS to convert existing EXT2 File Systems to EXT3 File Systems
      • Provision additional Swap storage
      • Use MKSWAP & SWAPON to enable additional Swap storage
      • Provision multiple Temp File System (TMPFS) using free memory
      • Demonstrate typical usage of Temp File Systems for fast I/O
      • Update File System Table (FSTAB) to reflect system changes
    •  
    • Remote Desktop (RDP) Client Implementation
      • Download and intall RDesktop prerequisites (dev packages, etc.)
      • Compile, implement & explore RDesktop Terminal Services desktop connectivity to Windows 2003/2000/XP servers running Remote Desktop Protocol (RDP)
    •  
    • Secure Shell (SSH) Client
      • Explain SSH concepts, implementation, etc.
      • Use SSH Client to connect to remote Linux Systems using password authentication
      • Identify key SSH-client files (.known_hosts, public/private key pairs,etc.)
      • Authenticate to remote Linux systems using alternate credentials
      • Use Secure Copy Protocol (SCP) to move data between systems non-interactively
      • Use Secure File Transfer Protocol (SFTP) to move data between systems interactively
      • Demonstrate how to generate Public/Private key (RSA/DSA) pairs using SSH-Keygen
      • Demonstrate using SSH to authenticate to remote Linux hosts without passwords
    •  
    • System V Debian GNU/Linux Runlevel implementation
      • Explain Debian GNU/Linux System V Init Runlevel (0 - 6) concepts & applications
      • Identify key startup files, including scripts (inittab,Sscripts,Kscripts,etc.)
      • Identify startup log files & entries using DMESG & exploration
    •  
    • TCP/IP Configuration
      • Identify key files for the transition from DHCP to Static addressing
      • Configure Linux client with static TCP/IP parameters for network communication
      • Configure Virtual (Sub) Ethernet Interfaces to faciliate multiple IP addresses
    •  
    • Implement Network Time Protocol (NTP) Client/Server
      • Configure Network Time Protocol (NTP) to perform client/server time synchronization
      • Identify NTP bounded UDP interfaces
      • Synchronize Debian GNU/Linux NTP with RedHat Linux Stratum 2 NTP server
      • Configure RedHat Linux NTP server to synchronize with Debian GNU/Linux server
    •  
    • Manage Users and Groups
      • User profile implementation logic and concepts - (Bash profile/etc/skel/aliases/PATH/etc.)
      • User and group creation & management concepts - passwd, shadow, group, gshadow files
      • Use useradd/adduser, groupadd/addgroup, usermod, etc.
      • Examine adduser configuration file
    •  
    • Explore System Logging via SYSLOG and Logrotate
      • Explanation of syslog facilities & levels
      • Demonstrate syslog administration
      • Demonstrate Cisco to Linux SYSLOG functionality
      • Explore automatic log rotation and customization via Logrotate
      • Configure Logrotate to rotate & compress sample log files
    •  
    •  
    • Commonly-used Network Utilities
      • NETSTAT
      • Traceroute & MTR (PING & Traceroute functionality)
      • ARP
      • IFCONFIG
      • Route
      • DIG & NSLOOKUP
      • Whois
      • Implement Telnet Daemon for temporary clear-text shell communications
      • Examine Message of the day banners (MOTD), /etc/issue file (pre-login banner/display info.)
    •  
    • Dynamic Host Configuration Protocol (DHCP) services
      • Explain the various steps of the DHCP process
      • Configure global & scope-level DHCP options
      • Configure IP reservations based on layer 2 MAC addresses
      • Enable Linux DHCP services
      • Configure Windows/Linux clients to receive dynamic addresses from Linux
      • Examine evidence of clients requesting addresses from DHCPD
    •  
    • Very Secure VSFTPD File Transfer Protocol (FTP) services
      • Implement anonymous FTPD
      • Implement user-level FTPD access
      • Implement FTPD banners
      • Disable anonymous access
      • Configure VSFTPD to chroot jail users into their home directories
      • Implement bandwidth rate-limiting to control bandwidth usage
      • Implement & test banning of unwelcomed anonymous e-mail addresses
      • Implement VSFTPD user with redirect to a Samba share
    •  
    • Implement Linux & Windows Integration via Samba
      • Implement SMBFS integration with Debian GNU/Linux File System
      • Mount Windows shares seamlessly using Samba File System (SMBFS)
      • Configure FSTAB to support repetitive mounts
      • Implement secure SMBFS credentials for mounting
      • Install Samba Server support
      • Install Samba Web-based Administration Tool (SWAT)
      • Configure Samba file sharing
      • Configure Samba with multiple NETBIOS aliases
      • Configure Samba Windows Internet Name Server (WINS) support
      • Evaluate Windows XP client access to Debian GNU/Linux Samba server
    •  
    • Explore the CRON scheduling daemon & configuration
      • Identify key Cron configuration scopes (Global & User)
      • Explain Crontab file format and applicable options
      • Define custom cron jobs system-wide
      • Define custom cron jobs user-wide
      • Evaluate results of cron jobs
    •  
    • Implement the Berkeley Internet Daemon (BIND) Domain Name Server (DNS)
      • Implement BIND 9.x
      • Configure BIND as a caching-only DNS server
      • Test caching-only name resolution from Linux hosts
      • Configure Linux/Windows 2003 clients to use Linux BIND DNS server
      • Configure BIND as an Authoritative DNS server
      • Test primary name resolution from Windows & Linux hosts
      • Configure BIND as a secondary(slave) DNS server
      • Configure DNS zones on Linux BIND & Windows 2003 DNS - activate replication
      • Evaluate results of BIND configuration using DIG
      • Configure DNS zones
      • Configure zone transfers
      • Evaluate BIND's configuration files
    •  
    • Kernel Re-compilation & upgrade - Debian Style
      • Obtain latest Linux Kernel sources
      • Install requisite Debian GNU/Linux packages
      • Select hardware and software modules and support for new kernel
      • Compile new Linux kernel
      • Install new Linux kernel
      • Update boot loader
      • Reboot system and verify functionality
    •  
    •  
    • Web Application Services
      • Implement Apache Web Server
      • Examine httpd.conf file directives
      • Implement virtual directories using Apache and symbollic links
      • Implement Redirects using Locate and various Apache directives
      • Configure virtual hosts bound to the primary IP address and port
      • Configure virtual hosts bound to alternate virtual IP addresses and ports
      • Implement Apache logging system per virtual host
      • Configure basic authentication to virtual hosts containers via Directory directives
      • Configure digest authentication
      • Implementation of Webalizer Log Analysis software
      • Generate web reports using Webalizer
      • Implementation of PHP Dynamic Web Access Scripting Engine
      • Evaluate PHP Dynamic Web Access Scripting Engine installation results
      • Test basic PHP script-processing using sample scripts
    •  
    • MySQL Relational Database Management System
      • Install MySQL Relational Database Management System
      • Secure access to MySQL
      • Create sample MySQL databases
      • Install PHPMyAdmin for web-based management of MySQL instances
      • Explain & Secure access to PHPMyAdmin
      • Explore PHPMyAdmin's interface
    •  
    • Sendmail MTA Essentials
      • Introduction to Sendmail Message Transfer Agent (MTA)
      • Implementation of Sendmail
      • Identify default Debian GNU/Linux Sendmail logging
      • Use Mutt to demonstrate outbound mail handling using Sendmail
      • Attempt to relay messages from a remote Windows host
      • Identify failed relays fromt the remote Windows host
      • Configure Sendmail to relay messages for remote Windows host
      • Configure Sendmail to support virtual hosts/multiple domains
      • Evaluate results of routing messages to multiple domains using Sendmail
      • Redirect virtual SMTP addressess to Internet-based SMTP hosts
      • Verify message delivery using Mutt & SSH
    •  
    • Post Office Protocol Version 3 (POP3)
      • Explain POP3 concepts and applications
      • Implement POP3 daemon
      • Connect to POP3 daemon using Windows Outlook Express client
      • Reroute inbound messages using Sendmail to POP3 account for retrieval
      • Use Mutt to send SMTP-based messages to POP3 account
    •  
    • Internet Messaging Access Protocol (IMAP)
      • Explain IMAP concepts and applications in comparison to POP3
      • Implement IMAP services
      • Connect to IMAP services from remote Windows Outlook Express client
    •  
    • Web-based Mail Implementation using Squirrel-mail
      • Describe required squirrel mail components for web-mail integration
      • Install squirrel mail on Debian GNU/Linux system
      • Configure Apache virtual directory for squirrel mail integration
      • Configure Apache Virtual Host for squirrel mail integration
      • Configure BIND DNS services for squirrel mail integration
      • Explore squirrel mail's web-based interface
    •  
    • TCP Wrappers (hosts.allow/hosts.deny)
      • Discuss TCP Wrappers concepts & applications
      • Identify primary package and key TCP Wrappers configuration files
      • Demonstrate disabled TCP Wrappers configurations by attempting connectivity
      • Examine pre and post TCP Wrappers configuration effects
      • Implement TCP Wrappers for common services
      • Test local & remote access to TCP Wrappers-protected host & services
    •  
    • XINETD (Enhanced & Secure INETD Super Server Implementation)
      • Upgrade Debian GNU/Linux system from INETD to XINETD
      • Identify key XINETD configuration files
      • Explain the contents and structure of xinetd.conf
      • Restrict access to various daemons/services based on hosts & subnets
      • Compare & contrast TCP Wrappers and XINETD
      • Secure services with XINETD
      • Insert common global xinetd.conf daemon/service defaults
      • Configure XINETD to log via SYSLOG
      • Configure XINETD to restrict number of spawned instances of daemons/services
      • Configure port forwarding of daemons/services
      • Configure XINETD to bind daemons/services to specific sub-interfaces (Virtual IP addresses)
      • Explore additional XINETD features
    •  
    • IPTABLES (Netfilter Linux Kernel-based Firewall)
      • Discuss IPTABLES/Netfilter Concepts
      • Explain IPTABLES default chains/filters and policies
      • Examine TCP/ICMP communications pre-IPTABLES chains
      • Implement ICMP inbound filtration based on various hosts
      • Use Cisco PIX Firewall to verify ICMP debugging
      • Filter traffic based on Layer-4 TCP/UDP (Source/Destination Ports) information
      • Restrict access to various daemons (SSH/FTP/HTTP/etc.)
      • Test connectivity locally and remotely (RedHat/Windows/etc.)
    •  
    • Network Mapper (NMAP)
      • Obtain, compile and install current version of NMAP
      • Identify commonly used NMAP options/switches/parameters
      • Perform default TCP SYN-based ethical scans of local and remote resources
      • Explain typical TCP handshake protocol while using NMAP
      • Examine the results of scans on remote Cisco firewall with debugging mode enabled
      • Perform default TCP Connect-based ethical scans of local and remote resources
      • Examine the results of scans on remote Cisco PIX Firewall with debugging mode enabled
      • Use NMAP to scan using aliased and spoofed IP addresses
      • Peform local ethical scans
      • Identifiy key NMAP configuration files
      • Use NMAP to perform operating system fingerprinting
      • Peform subnet-wide ethical scans
    •  
    • Nessus Vulnerability Scanner
      • Download, compile, and prepare Nessus vulnerability scanner for deployment
      • Implement Nessus client/server Security vulnerability scanner in SSL-mode
      • Identify Nessus's key features and explore its graphical interface
      • Ethical scan of the local system for vulnerabilities
      • Examine scan results via the reporting engine
      • Discuss mitigation techniques for suggested vulnerabilities
      • Ethical scan of a fraction of the class C subnet by using CIDR
      • Examine the scan results and discuss
      • Ethical scan of the entire class C subnet
      • Examine Nessus process utilization while vulnerability scans are in progress
    •  
    • Lockdown (Debian GNU/Linux System Lockdown)
      • Explain potential network-based entry points to the system
      • Identify superfluous daemons/services using NETSTAT & NMAP
      • Disable superfluous daemons/services using update-rc.d and proper scripts
      • Identify changes in the system as a result of performing the lockdown
      • Disable superfluous daemons/services using XINETD
      • Restrict source address access to daemons/services using XINETD
      • Restrict bind address for daemons/services using XINETD
      • Discuss application-layer security for added protection (MySQL/Apache/Sendmail/SSH/Nessus)
      • Force SSHD to bind to desired layer-3 IP address for controlled security
      • Secure the system using IPTABLES & TCP Wrappers for added security
    •  
    • Snort 2.1x Intrusion Detection System (IDS)
      • Obtain, and install Snort pre-requisites (libpcap/libpcre/etc.)
      • Obtain, compile and install the Snort Intrusion Detection System (IDS)
      • Identify and explain key operating modes (Sniffer/Logger/IDS)
      • Run Snort in all three modes and examine the results
      • Output Snort logs to ASCII text format and examine the results
      • Output Snort logs to binary format and examine the results
      • Use Snort with Berkeley Packet Filter (BPF) to parse logs
      • Implement Snort with BPF to filter real-time traffic
      • Obtain and install requisite MySQL libraries for Snort
      • Recompile Snort IDS with MySQL support
      • Implement Snort IDS with MySQL integration for real-time reporting
      • Implement ACID web-based front-end for examining Snort logs
    •  

LinuxCBT Deb3x Edition

  •  
DEMO