LinuxCBT.com

Syllabus

Focus: Debian® Linux Version 4x

Duration: 45-Hours

    • Install Debian Linux Using Various Methods
      • Explore network layout
      • Identify Debian GNU/Linux distribution sites
      • Explain various methods of obtaining Debian GNU/Linux
      • Explain the various branches
      • Prep the Intel-based system for a minimal installation
      • Install Debian Linux on x86 machine using local media and the Internet
      • Install Debian Linux on Intel-based x86 machine using CD-ROMs
      • Configure the installation process with Server-oriented packages
      • Prep the Intel-based system for a PXE network installation
      • Identify Network Installation ISO Image repositories
      • Configure the installation process with Server-oriented packages
      • Prepare VMWare host server
      • Install Debian GNU/Linux on VMWare Server
    • Explore Linux boot sequence
    • Explore Debian GNU/Linux GNOME Desktop Interface & Default Applications
    •  
    • Basic Debian GNU/Linux Skills
    • Demonstrate usage of the following useful commands & concepts
      • ls, pwd, cd, cp, mv, rm, mkdir, rmdir, whoami, man, info
      • alias, cat, file, chmod, chown, history
      • Standard in/out, UNIX Pipes, Redirection, Command Chaining
      • ps, df, free, vmstat, top, kill
      • less & more, head & tail, find
      • which & whereis, w, who
      • PING (Packet Internet Groper)
      • dig (Domain Information Groper) - used to query DNS servers
      • Demonstrate typical usage of the vi text editor
      • Demonstrate typical usage the nano text editor
      • Tarball Archiving & compression of files & directories with tar|gzip|bzip2|unzip
      • Explain UNIX/Linux file security & permissions (-rwxrwxrwx)
      • Use mount/umount to access CD-ROM and floppy devices
      • Explore /etc/fstab (File system Table file)
      • Explore TCP/IP Configuration
      • Explore Wget and demonstrate its typical usage to interface to HTTP/FTP servers
      • Explore GNU: GREP | Awk | Sed
    •  
    • Advanced Package Management Tool (APT) Concepts
      • Explain classes of Debian GNU/Linux Packages
      • Identify Debian GNU/Linux Package Management Tools
      • Inventory currently installed DEB packages
      • Identify key Advanced Package Tool (APT) configuration files
      • Search for Debian GNU/Linux packages using Advanced Package Tool (APT)
      • Install/Update/Remove software using APT
      • Configure APT to query multiple sources for packages
      • Use DPKG to install a DEB package located on an EXT3 File System
      • Configure APT to install packages from varying versions of Debian GNU/Linux
      • Use Aptitude to manage Debian GNU/Linux packages
      • Install Apt-Spy using APT to identify optimal mirrors
    •  
    • Disk & Volume Management
      • Provision additional Storage partitions using FDISK
      • Use MKE2FS to provision multiple EXT2 & EXT3 File Systems
      • Provision additional Storage partitions using Parted
      • Provision additional Swap storage
      • Use MKSWAP & SWAPON to enable additional Swap storage
      • Update File System Table (FSTAB) to reflect system changes
      • Explore Logical Volume Management (LVM) Configuration
      • Create volume sets using: Logical Volume Management (LVM)
    •  
    • Package Management
      • Discuss various package management options
      • Explore package management repositories
      • Use DPKG to install a .deb package
      • Install packages using 'apt-get'
      • Manage packages using 'aptitude'
    •  
    • INIT
      • Explain Debian GNU/Linux System V Init Runlevel (0 - 6) concepts & applications
      • Explore INIT configuration
      • Identify key startup files, including scripts (inittab,Sscripts,Kscripts,etc.)
      • Switch between run levels and evaluate
      • Demonstrate using SSH to authenticate to remote Linux hosts without passwords
    •  
    • Explore the CRON scheduling daemon & configuration
      • Identify key Cron configuration scopes (Global & User)
      • Explain Crontab file format and applicable options
      • Define custom cron jobs system-wide
      • Define custom cron jobs user-wide
      • Evaluate results of cron jobs
    •  
    •  
    • Core Network Services
      • System Logging via Syslog, Syslog-NG and Logrotate
        • Explanation of syslog facilities & levels
        • Demonstrate syslog administration
        • Demonstrate Cisco to Linux SYSLOG functionality
        • Migrate system to Syslog-NG
        • Discuss Syslog-NG features and benefits
        • Explore automatic log rotation and customization via Logrotate
        • Configure Logrotate to rotate & compress sample log files
      •  
      • IPv4 & IPv6  Configuration
        • Identify key files for the transition from DHCP to Static addressing
        • Configure Linux client with static TCP/IP parameters for network communication
        • Configure Virtual (Sub) Ethernet Interfaces to faciliate multiple IP addresses
        • Explain IPv6 addresses (prefixes)
        • Explore IPv6 configuration on Linux and Cisco router
      •  
      • Implement Network Time Protocol (NTP) Client/Server
        • Configure Network Time Protocol (NTP) to perform client/server time synchronization
        • Identify NTP bounded UDP interfaces
        • Synchronize Debian GNU/Linux NTP with RedHat Linux Stratum 2 NTP server
        • Configure RedHat Linux NTP server to synchronize with Debian GNU/Linux server
      •  
      • Trivial File Transfer Protocol Daemon (TFTPD)
        • Discuss features and benefits
        • Explore TFTPD configuration
        • Backup Cisco router and firewall configuration using TFTPD
        • Evaluate results
      •  
      • Very Secure File Transfer Protocol Daemon (VSFTPD) & LFTP Client
        • Discuss features and benefits
        • Explore configuration
        • Test FTP connectivity
        • Explore LFTP client features
        • Evaluate results
      •  
      • Telnet Daemon (TELNETD) for temporary clear-text shell communications
        • Discuss features and benefits
        • Install TELNETD using Aptitude
        • Explore configuration and usage
        • Examine Message of the day banners (MOTD), /etc/issue file (pre-login banner/display info.)
      •  
      • Commonly-used Network Utilities
        • NETSTAT
        • Traceroute & MTR (PING & Traceroute functionality)
        • ARP
        • IFCONFIG
        • Route
        • DIG & NSLOOKUP
        • Whois
      •  
      • Dynamic Host Configuration Protocol (DHCP) services
        • Explain the various steps of the DHCP process
        • Configure global & scope-level DHCP options
        • Configure IP reservations based on layer 2 MAC addresses
        • Enable Linux DHCP services
        • Configure Windows/Linux clients to receive dynamic addresses from Linux
        • Examine evidence of clients requesting addresses from DHCPD
      •  
      • Implement the Berkeley Internet Naming Daemon (BIND) Domain Name Server (DNS)
        • Implement BIND 9.x
        • Configure BIND as a caching-only DNS server
        • Test caching-only name resolution from Linux hosts
        • Configure Linux/Windows 2003 clients to use Linux BIND DNS server
        • Configure BIND as an Authoritative DNS server
        • Test primary name resolution from Windows & Linux hosts
        • Configure BIND as a secondary(slave) DNS server
        • Evaluate results of BIND configuration using DIG
        • Configure DNS zones
        • Configure zone transfers
        • Evaluate BIND's configuration files
        • Implement IPv6 DNS AAAA records & evaluate forward IPv6 name resolution
        • Implement IPv6 DNS reverse records & evaluate reverse IPv6 name resolution
      •  
      • Network File System (NFS)
        • Discuss features and benefits
        • Explore NFS configuration
        • Test NFS on clients and servers
      •  
      • Implement Linux & Windows Integration via Samba
        • Implement SMBFS integration with Debian GNU/Linux File System
        • Mount Windows shares seamlessly using Samba File System (SMBFS)
        • Configure FSTAB to support repetitive mounts
        • Implement secure SMBFS credentials for mounting
        • Install Samba Server support
        • Install Samba Web-based Administration Tool (SWAT)
        • Configure Samba file sharing
        • Configure Samba with multiple NETBIOS aliases
        • Configure Samba Windows Internet Name Server (WINS) support
        • Evaluate Windows XP client access to Debian GNU/Linux Samba server
      •  
    •  
    • Application Services - Linux|Apache|MySQL|PHP (LAMP)
      • Web Application Services
        • Implement Apache Web Server
        • Examine httpd.conf file directives
        • Implement virtual directories using Apache and symbollic links
        • Implement Redirects using Locate and various Apache directives
        • Configure virtual hosts bound to the primary IP address and port
        • Configure virtual hosts bound to alternate virtual IP addresses and ports
        • Implement Apache logging system per virtual host
        • Configure basic authentication to virtual hosts containers via Directory directives
        • Configure digest authentication
        • Implementation of Webalizer Log Analysis software
        • Generate web reports using Webalizer
        • Implementation of PHP Dynamic Web Access Scripting Engine
          • Evaluate PHP Dynamic Web Access Scripting Engine installation results
          • Test basic PHP script-processing using sample scripts
      •  
      • MySQL Relational Database Management System
        • Install MySQL Relational Database Management System
        • Secure access to MySQL
        • Create sample MySQL databases
        • Install PHPMyAdmin for web-based management of MySQL instances
        • Explain & Secure access to PHPMyAdmin
        • Explore PHPMyAdmin's interface
      •  
      • Postfix MTA
        • Install Postfix MTA
        • Introduction to Postfix Message Transfer Agent (MTA)
        • Use Mutt to demonstrate outbound mail handling using Postfix
        • Explore Postfix Configuration
      •  
      • Post Office Protocol Version 3 (POP3)
        • Explain POP3 concepts and applications
        • Implement POP3 daemon
        • Connect to POP3 daemon using Windows Outlook Express client
        • Use Mutt to send SMTP-based messages to POP3 account
      •  
      • Internet Messaging Access Protocol (IMAP)
        • Explain IMAP concepts and applications in comparison to POP3
        • Implement IMAP services
        • Connect to IMAP services from remote Windows Outlook Express client
      •  
      • Web-based Mail Implementation using Squirrel-mail
        • Describe required squirrel mail components for web-mail integration
        • Install squirrel mail on Debian GNU/Linux system
        • Configure Apache virtual directory for squirrel mail integration
        • Configure Apache Virtual Host for squirrel mail integration
        • Configure BIND DNS services for squirrel mail integration
        • Explore squirrel mail's web-based interface
    •  
    • Security Implementation Techniques
      • TCP Wrappers (hosts.allow/hosts.deny)
        • Discuss TCP Wrappers concepts & applications
        • Identify primary package and key TCP Wrappers configuration files
        • Demonstrate disabled TCP Wrappers configurations by attempting connectivity
        • Examine pre and post TCP Wrappers configuration effects
        • Implement TCP Wrappers for common services
        • Test local & remote access to TCP Wrappers-protected host & services
      •  
      • XINETD (Enhanced & Secure INETD Super Server Implementation)
        • Upgrade Debian GNU/Linux system from INETD to XINETD
        • Identify key XINETD configuration files
        • Explain the contents and structure of xinetd.conf
        • Restrict access to various daemons/services based on hosts & subnets
        • Compare & contrast TCP Wrappers and XINETD
        • Secure services with XINETD
        • Insert common global xinetd.conf daemon/service defaults
        • Configure XINETD to log via SYSLOG
        • Configure XINETD to restrict number of spawned instances of daemons/services
        • Configure port forwarding of daemons/services
        • Configure XINETD to bind daemons/services to specific sub-interfaces (Virtual IP addresses)
        • Explore additional XINETD features
      •  
      • IPTABLES (Netfilter Linux Kernel-based Firewall)
        • Discuss IPTABLES/Netfilter Concepts
        • Explain IPTABLES default chains/filters and policies
        • Examine TCP/ICMP communications pre-IPTABLES chains
        • Implement ICMP inbound filtration based on various hosts
        • Use Cisco PIX Firewall to verify ICMP debugging
        • Filter traffic based on Layer-4 TCP/UDP (Source/Destination Ports) information
        • Restrict access to various daemons (SSH/FTP/HTTP/etc.)
        • Test connectivity locally and remotely (RedHat/Windows/etc.)
      •  
      • Network Mapper (NMAP)
        • Obtain, compile and install current version of NMAP
        • Identify commonly used NMAP options/switches/parameters
        • Perform default TCP SYN-based ethical scans of local and remote resources
        • Explain typical TCP handshake protocol while using NMAP
        • Examine the results of scans on remote Cisco firewall with debugging mode enabled
        • Perform default TCP Connect-based ethical scans of local and remote resources
        • Examine the results of scans on remote Cisco PIX Firewall with debugging mode enabled
        • Use NMAP to scan using aliased and spoofed IP addresses
        • Peform local ethical scans
        • Identifiy key NMAP configuration files
        • Use NMAP to perform operating system fingerprinting
        • Peform subnet-wide ethical scans
      •  
      • Nessus Vulnerability Scanner
        • Download, compile, and prepare Nessus vulnerability scanner for deployment
        • Implement Nessus client/server Security vulnerability scanner in SSL-mode
        • Identify Nessus's key features and explore its graphical interface
        • Ethical scan of the local system for vulnerabilities
        • Examine scan results via the reporting engine
        • Discuss mitigation techniques for suggested vulnerabilities
        • Ethical scan of a fraction of the class C subnet by using CIDR
        • Examine the scan results and discuss
        • Ethical scan of the entire class C subnet
        • Examine Nessus process utilization while vulnerability scans are in progress
      •  
      • Lockdown (Debian GNU/Linux System Lockdown)
        • Explain potential network-based entry points to the system
        • Identify superfluous daemons/services using NETSTAT & NMAP
        • Disable superfluous daemons/services using update-rc.d and proper scripts
        • Identify changes in the system as a result of performing the lockdown
        • Disable superfluous daemons/services using XINETD
        • Restrict source address access to daemons/services using XINETD
        • Restrict bind address for daemons/services using XINETD
        • Discuss application-layer security for added protection (MySQL/Apache/Sendmail/SSH/Nessus)
        • Force SSHD to bind to desired layer-3 IP address for controlled security
        • Secure the system using IPTABLES & TCP Wrappers for added security
      •  
      • TCPDump & Wireshark
        • Discuss features and benefits
        • Explore TCPDump usage
        • Capture interesting traffic
        • Analyze with Wireshark
      •  
      • Snort 2.8x Intrusion Detection System (IDS)
        • Obtain, and install Snort pre-requisites (libpcap/libpcre/etc.)
        • Obtain, compile and install the Snort Intrusion Detection System (IDS)
        • Identify and explain key operating modes (Sniffer/Logger/IDS)
        • Run Snort in all three modes and examine the results
        • Output Snort logs to ASCII text format and examine the results
        • Output Snort logs to binary format and examine the results
        • Use Snort with Berkeley Packet Filter (BPF) to parse logs
        • Implement Snort with BPF to filter real-time traffic
        • Obtain and install requisite MySQL libraries for Snort
        • Recompile Snort IDS with MySQL support
        • Implement Snort IDS with MySQL integration for real-time reporting
        • Implement ACID web-based front-end for examining Snort logs

LinuxCBT Deb4x Edition

  •  
DEMO