LinuxCBT.com

Syllabus

Focus: Debian 7x implementation

Duration: 40-Hours

    • Features Discussion and Various Installations
      • Enumerate relevant features
      • Discuss platform support
      • Installation preparation
      • Obtain relevant ISO image
      • Prepare VMWare environment to support Debian
      • Install and evaluate
      • Update network configuration
      • Prepare environment for rapid implementation
      • Clone instance and modify accordingly
      • Evaluate cloned resource as needed
      • Prepare Debian for Xen VM installation
      • Provision resources for Xen
      • Install on Xen as HVM and evaluate
    •  
    • Basic Debian GNU/Linux Skills
    • Explore usage of the following useful commands
      • ls, pwd, cd, cp, mv, rm, mkdir, rmdir, whoami, tty
      • cat, file, chmod, chown, history
      • STDIN, STDOUT, STDERR, UNIX Pipes, Redirection, Command Chaining
      • ps, df, free, top, kill
      • less & more, head & tail, find
      • stat, which, w, who
      • dig (Domain Information Groper) - used to query DNS servers
      • Tar and compression utilities with tar|gzip|bzip2
      • Use checksum programs to confirm content integrity
      • Explain UNIX/Linux file security & permissions
      • Symlinks | Hard Links | Soft Links | Special Bits
    •  
    • Storage Management
      • Explore disk topology with FDISK
      • Provision EXT4 File Systems as needed
      • Provision additional Storage partitions using Parted
      • Provision additional Swap storage
      • Use MKSWAP & SWAPON to enable additional Swap storage
      • Update File System Table (FSTAB) to reflect system changes
      • Explore Logical Volume Management (LVM) Configuration
      • Create volume sets using: Logical Volume Management (LVM)
    •  
    • Package Management
      • Explain classes of Debian GNU/Linux Packages
      • Identify Debian GNU/Linux Package Management Tools
      • Inventory currently installed DEB packages
      • Identify key Advanced Package Tool (APT) configuration files
      • Search for Debian GNU/Linux packages using Advanced Package Tool (APT)
      • Install/Update/Remove software using APT
      • Configure APT to query multiple sources for packages
      • Peruse package repository using 'dpkg'
      • Configure APT to install packages from varying versions of Debian GNU/Linux
      • Use Aptitude to manage Debian GNU/Linux packages
      • Discuss various package management options
      • Explore package management repositories
      • Use DPKG to install a .deb package
      • Install packages using 'apt-get'
      • Manage packages using 'aptitude'
    •  
    • System Control
      • Peruse key directories used by Kernel
      • Discuss hierarchy as applied to functioning system
      • Identify supported settings
      • Influence settings real time and evaluate
      • Committ settings for persistence
      • Confirm persistence of directives
      • Discuss various possible system tweaks
    •  
    • Screen TTYs | PTYs
      • Discuss TTY | PTY limitations
      • Identify opportunites to benefit from Screen
      • Identify configuration environment
      • Invoke and use screen natively
      • Confirm persistence of TTYs | PTYs across sessions
      • Share Screen sessions
      • Confirm overall efficacy of Screen
    •  
    • Explore the CRON scheduling daemon & configuration
      • Identify key Cron configuration scopes (Global & User)
      • Explain Crontab file format and applicable options
      • Define global cron jobs
      • Define custom cron jobs user-wide
      • Evaluate results of cron jobs
    •  
    •  
    • Core Network Services
      • System Logging via RSyslog and Logrotate
        • Discuss Syslog Facilities | Levels
        • Explore default configuration
        • Receive Syslog data via network
        • Mirror Syslog log as needed
        • Trap Infrastructure device logs and evaluate
        • Explore log rotation and customization via Logrotate
        • Discuss key log rotation use cases
        • Configure Logrotate to rotate sample log files
        • Evaluate results
      • Common Network Utilities
        • PING
        • TELNET
        • NETSTAT
        • ARP
        • TRACEPATH
        • DIG
      •  
      • Interface Configuration
        • Explore network configuration tree
        • Alter settings and evaluate
        • Provision aliased interfaces as needed
        • Confirm communications via various interfaces
        • Committ configuration for persistence
        • Provision interface configuration on various nodes
        • Evaluate accordingly
      •  
      • RSYNC Transmissions
        • Discuss features and benefits
        • Generate and move data between nodes as needed
        • Confirm results
        • Explore various rsync options
        • Synchronize content as needed
        • Evaluate rsync applicability
      •  
      • Network Time Protocol Configuration
        • Discuss applicability
        • Install and explore default configuration
        • Re-configure environment to suit internal requirements
        • Confirm ntp strata assignments
        • Ensure time synchronization across nodes
      •  
      • Very Secure File Transfer Protocol Daemon (VSFTPD)
        • Explain features and applicability
        • Peruse default configuration
        • Test anonymous FTP connectivity
        • Secure configuration per general requirements
        • Use various FTP clients to communicate with VSFTPD
        • Enable local user access
        • Jail users to $HOME - added security
        • Evaluate results
      •  
      • BIND Domain Name Server - DNS Implementation
        • Implement BIND 9x
        • Configure BIND as a caching-only DNS server
        • Test caching-only name resolution from various nodes
        • Configure primary DNS services
        • Replicate primary content to secondary DNS node
        • Confirm replication information
        • Disable primary and evaluate secondary behaviour
        • Vary TTLs of records and evaluate responsiveness
        • Configure reverse DNS zone - IPv4
        • Provision forward and reverse IPv6 records
        • Confirm IPv[4|6] record resolution
      •  
      • Windows Integration via Samba
        • Explore default Samba footprint
        • Use Samba clients to ascertain NETBIOS (SMB|CIFS) information
        • Install Samba Server
        • Configure User-level security and evaluate access
        • Provision bridge user and test access
        • Rationalize ineffectiveness of User-level security
        • Contrast User | ADS security levels
        • Install ADS support via Winbind and Kerberos
        • Install Samba SWAT for streamlined web-based administration
        • Connect Samba node to Active Directory Services (ADS)
        • Confirm enumeration of ADS resources
        • Test connectivity via: NETBIOS and SSH
        • Evaluate results
      •  
    •  
      • Apache HTTPD - Web Services
        • Implement Apache Web Server
        • Explore configuration hierarchy
        • Discuss key directives
        • Peruse Apache logging templates and defaults
        • Vary logged information as needed
        • Provision IP-Based Virtual Hosts (VHosts)
        • Confirm distinct IP-Based connectivity to various sites
        • Contrast IP-Based sites with default sites
        • Conserve IP resources with Name-Based VHosts
        • Contrast various VHost types
        • Secure communications with Apache SSL | TLS
        • Test connectivity to various SSL|TLS-enabled sites
      •  
      • MySQL Installation | Administration
        • Install MySQL Relational Database Management System
        • Explore default client | server environment
        • Use Terminal Monitor Client to ascertain DBMS details
        • Secure DBMS - Remove superfluous accounts
        • Create simple MySQL database with 'mysql' and 'ssh'
        • Install PHPMyAdmin for web-based management of MySQL
        • Use PHPMyAdmin to ascertain DBMS details
        • Test connectivity as various users
        • Explore PHPMyAdmin's interface
        • Evaluate accordingly
      •  
      • PHP Intro | CLI Script
        • Explore default implementation
        • Ensure proper PHP stack is installed
        • Expose useful debug variables - Apache | PHP
        • Write simple data copy CLI script - normalize file delimiters
        • Evaluate results
      •  
      • Postfix MTA
        • Install Postfix MTA
        • Introduction to Postfix Message Transfer Agent (MTA)
        • Use Mutt to demonstrate outbound mail handling using Postfix
        • Explore Postfix Configuration
      •  
      • Post Office Protocol Version 3 (POP3)
        • Explain POP3 concepts and applications
        • Implement POP3 daemon
        • Test basic $SHELL-based connectivity
        • Use Mutt to send SMTP-based messages to POP3 account
        • Configure MUA to interact with POP3 server
        • Contrast clear-text and encrypted communications
      •  
      • Internet Messaging Access Protocol (IMAP)
        • Contrast IMAP with POP3
        • Install IMAP server
        • Fetch mail from IMAP server and evaluate
        • Confirm secure communications
      • Web-based Mail Implementation using Squirrel-mail
        • Describe required squirrel mail components for web-mail integration
        • Install squirrel mail on Debian GNU/Linux system
        • Configure Apache virtual directory for squirrel mail integration
        • Configure Apache Virtual Host for squirrel mail integration
        • Configure BIND DNS services for squirrel mail integration
        • Explore squirrel mail's web-based interface
      •  
    •  
      • Improve Security Posture
        • Update and Upgrade install Packages
        • Identify changes across Nodes
        • Secure content with GNU Privacy Guard (GPG)
        • Explore benefits of various Secure Shell clients
        • Peruse Secure Shell Server security
        • Disable superfluous services
        • Explore and tighten System Policy
        • Login Definitions
        • Evaluate Results
      •  
      • NMap Security Scanner
        • Obtain, compile and install current version of NMAP
        • Identify commonly used NMAP options/switches/parameters
        • Perform default TCP SYN-based ethical scans of local and remote resources
        • Explain typical TCP handshake protocol while using NMAP
        • Perform default TCP Connect-based ethical scans of local and remote resources
        • Peform local ethical scans
        • Identifiy key NMAP configuration files
        • Use NMAP to perform operating system fingerprinting and versioning
        • Peform subnet-wide ethical scans
      •  
      • TCPDump Introduction | Usage
        • Identify key tools
        • Use TCPDump to capture traffic
        • Apply Berkeley Packet Filters accordingly
        • Capture and analyze traffic with Wireshark
        • Evaluate Results
      •  
      • IPTABLES (Netfilter Linux Kernel-based Firewall)
        • Discuss features and benefits
        • Explore IPTABLES default chains/filters and policies
        • Filter traffic as desired
        • Log filtered traffic and evaluate
        • Filter traffic based on Layer-4 TCP/UDP (Source/Destination Ports) information
        • Summarize rules with filtered groups of interesting traffic
        • Restrict access to various daemons (SSH/FTP/HTTP/etc.)
        • Test connectivity locally and remotely
        • Ensure rules persistence across restarts
      •  
      • Secure Key Services
        • Identify remaining services
        • Generate SSL | TLS Usage Keys
        • Configure FTP Server with SSL | TLS
        • Test secure communications with LFTP and FileZilla
        • MySQL with Secure Shell Security
        • MySQL with SSL | TLS Security
        • Evaluate Results
      •  
      • Snort® NIDS Introduciton | Usage
        • Discuss features and benefits
        • Explore online sources
        • Install Snort Network Intrusion Detection System Packages
        • Use Snort to intercept interesting traffic as Sniffer
        • Log for archival purposes
        • Apply BPFs as needed
        • Parse captured traffic with common tools
        • Explore NIDS configuration mode
        • Evaluate results
      •  

LinuxCBT Deb7x Edition

  •  
DEMO