LinuxCBT.com

Syllabus

Focus: RedHat® Enterprise Linux Version 3x

Duration: 75-Hours

    • Introduction to the GNU/Linux operating system - Basics
      • Discussion of the Free Software Foundation's efforts to deliver ubiquitous UNIX!
      • Emphasize the role and importance of the GNU project
      • Identification of various Linux distributors including Debian, Mandrake, RedHat®, etc.
      • Introduction to the widely-used RedHat® Linux distribution
      • Explore Linux system documentation (man, info, GNOME, etc.)
      • Explain the Filesystem Hierarchy Standard (FHS) - UNIX is one big directory!
      • Explore the Linux file system
      • Identify the various interfaces to Linux
      • Discuss the role and release rules of the Linux Kernel
      • Demonstrate usage of file & directory tools (pwd, ls, cd, touch, cp, mkdir, mv, rm, which, rpm)
      • Basic BASH shell navigation & PATH & variable manipulation (set,unset,env,export,etc.)
      • Explore usage of common user-tools (cat, echo, find, locate)
      • Demonstrate typical usage of vi/vim ASCII text editors
      • Installation & implemenation of pine mail reader and pico text editor
      • Demonstrate typical usage of the king of all UNIX/Linux editors; EMACS
      • Explain & demonstrate standard in, standard out, redirection & pipes
      • Demonstrate usage of backup/restore tools (tar, gzip, gunzip)
      • Identify basic utilities and package memberships
      • Demonstrate usage of system monitoring tools (uptime, free, top, vmstat, meminfo, cpuinfo, ps, kill, watch)
      • Identify the various types of files on Linux systems
      • Identify Filesystem tools (fsck, fdisk, mkfs, parted)
      • Mounting/unmounting basic Linux floppy, CD & ISO files
      • Identification of major online open source repositories (sourceforge, freshmeat, etc.)
    •  
    • Perform client Installations
      • Planning the installation - identify software, hardware requirements & disk partitioning defaults
      • Demonstrate complete upgrade
      • Demonstrate complete client installation from bootable CD
      • Create network-based source-tree on a centralized server for installation
      • Prepare for network-based FTP installation - create bootable media/obtain patches/etc.
      • Demonstrate complete client installation from FTP server
      • Prepare for network-based Kickstart automated installation via Network File System (NFS)
      • Create Kickstart installation source tree
      • Perform Kickstart automated installation via NFS
    •  
    • Post client installation acclimation, exploration and configuration
      • Discuss X-Windows client/server concepts, applications & security
      • Learn how to configure X-Windows to support your hardware
      • Discussion of window managment concepts and applications
      • Customize desktop environment for GNOME & usage
      • Customize desktop environment for KDE & usage
      • Explore the shell interface including common tools, utilities, semantics, etc.
      • Implement Mozilla web browser
      • Confiure the Java JRE as a plug-in for the Mozilla web browser and evaluate results
      • Implement Java Runtime Environment (JRE/J2SE) for system-wide access to Java applets/etc.
      • Implement Macromedia Flash plug-in and configure support in Mozilla and evaluate results
      • Download & Install Netscape web browser
      • Configure Java & Flash support for Netsacpe and evaluate results
      • Implement Ximian Evolution POP3/IMAP/Microsoft Exchange email client
      • Implement & explore RDESKTOP terminal services desktop connectivity to Windows 2003/2000/XP servers running Remote Desktop Protocol (RDP)
      • Demonstrate typical RDESKTOP Windows usage for productivity, multitasking and connectivity
      • Upgrade RDESKTOP to version 1.3.1 & Remove RDESKTOP 1.2.x
      • Demonstrate some of the new capabilities of RDESKTOP 1.3.x
      • Troubleshoot common X-Windows and client-related problems
      • Implement VNC server screen emulation program for multiple remote desktop access
    •  
    • top
    •  
    • Linux client network administration essential concepts and applications
      • User and group creation & management concepts - passwd, shadow, group, gshadow files
      • Compile and install John The Ripper Password Cracking tool
      • Validate password integrity with John The Ripper Password Cracking Tool
      • Explain UNIX/Linux file security & permissions (-rwxrwxrwx/777) rules & concepts
      • Discuss and demonstrate the client/server paradigm and distributed computing concepts
      • Identify & demonstrate usage of common client/server tools(SSH/HTTP/FTP/IMAP/POP3/SAMBA/etc.)
      • Demonstrate LFTP (Sophisticated FTP Client Software) usage
      • Use LFTP to connect to FTP & HTTP servers
      • Use LFTP to recover broken uploaded/downloaded transmissions
      • Use LFTP to mirror & reverse mirror the content of local and remote servers
      • Linux networking primer - Identify key Linux networking components
      • Implement DHCP IP addressing with Cisco PIX Firewall DHCP Server integration
      • Configure Linux client for DHCP configuration from a Cisco PIX firewall
      • Configure Linux client with static TCP/IP parameters for network communication
      • Test network connectivity internally and externally via ICMP & TCP-Port querying methodologies
      • Explore all graphical redhat-* & redhat-config-* configuration tools
      • Configure Network Time Protocol (NTP) via GUI & Shell interface to perform time synchronization
      • Discuss and implement Samba(SMB) connectivity to Windows 2003 Server
      • Implement client printing services via Common UNIX Printing System (CUPS) to Windows 2003 Server & HP JetDirect-enabled printer.
      • Discuss and implement NFS connectivity to Linux hosts and Windows 2003(NFS)
      • Evaluate RedHat® Package Manager (RPM) to add/upgrade/remove applications
      • Discuss & demonstrate Backup & Restoration procedures
      • Discuss scenarios and create Linux Rescue disk for emergency system recovery
    •  
    • Perform Server Installations of RedHat® Linux
      • Prepare for server installation - verify system BIOS parameters/support
      • Demonstrate complete server installation from bootable CD-ROM
      • Demonstrate creation of installation source tree for network-based installations
      • Demonstrate complete server installation from an Apache HTTP Web server
      • Demonstrate complete custom server installation from HTTP Windows 2003 IIS server
      • Demonstrate complete custom server installation from FTP server
      • Demonstrate complete custom server installation from NFS server
      • Prepare for an automated Kicstart installation - identify requirements
      • Demonstrate complete server Kickstart automated installation from HTTP Apache Web server
      • Demonstrate complete server Kickstart automated installation from FTP Apache Web server
      • Connect system via serial communications to Sun Fire V100 SPARC box
      • Recap installation methods including caveats
    •  
    • Linux Systems Management Concepts & Applications
      • Explain Linux Boot process and contrast boot managers - GRUB & LILO
      • Discuss the role of the init grandfather process and illustrate logical boot flow
      • Explain and demonstrate Runlevel (0 - 6) concepts & applications
      • Demonstrate Daemon/Service management with (chkconfig/ntsysv/redhat-config-services)
      • User profile implementation logic and concepts - (Bash profile/etc/skel/aliases/PATH/etc.)
      • Quota management - user-based, group-based and disk-based quota implementation
      • Introduce, partition using FDISK and create an EXT3 journaling file system of 100GB of additional system storage. Identify paritions in /proc virtual file system
    •  
    • Demonstrate usage of RPM to ascertain available packages
      • Demonstrate usage of RPM to import public keys of package publishers
      • Demonstrate usage of RPM to verify the integrity of downloaded packages
      • Demonstrate usage of RPM to add new packages locally
      • Demonstrate usage of RPM to add new packages from a Windows 2003 FTP server
      • Demonstrate usage of RPM to add new packages from an HTTP server
      • Demonstrate usage of RPM to upgrade packages
      • Demonstrate usage of RPM to freshen packages
      • Demonstrate usage of RPM to remove packages
    •  
    • Introduction to SYSLOG concepts
      • Explanation of syslog facilities & levels
      • Demonstrate syslog administration
      • Demonstrate Cisco to Linux SYSLOG functionality
      • Discuss & demonstrate automatic log rotation and customization
    •  
    • Kernel Management
      • Demonstrate Linux Kernel upgrade procedures
      • Use RPM to install multiple kernels and verify functionality
      • Use RPM to remove outdated kernels
    •  
    • Linux Network Administration Essentials
      • Discuss & demonstrate the usage of commonly used networking tools:
      • PING - Demonstrate PING flooding of remote hosts - ICMP Attack Techniques
      • PING - Cisco PIX Integration & Debugging of ICMP Echo Requests/Echo Replies
      • Traceroute - Cisco PIX Integration & provisioning of ICMP traffic types
      • MTR (PING & Traceroute functionality) plus Cisco PIX debugging of ICMP data flow
      • ARP
      • NETSTAT/LSOF
      • IFCONFIG
      • Route
      • DIG & NSLOOKUP
      • Whois
      • Who, w, wc, last, cat, grep, vi, pico, head, tail, etc.
      • Message of the day banners (MOTD), /etc/issue file (pre-login banner/display info.)
    •  
    • top
    •  
    • Implement Dynamic Host Configuration Protocol (DHCP) services
      • Explain the various steps of the DHCP process
      • Configure global & scope-level DHCP options
      • Configure IP reservations based on layer 2 MAC addresses
      • Disable Cisco PIX DHCP services
      • Enable Linux DHCP services
      • Configure Windows 2003/XP/Linux clients to receive dynamic addresses from Linux
    •  
    • Discuss Xinetd super server concepts and applications
      • Identify services controlled by Xinetd
      • Enable & disable Xinetd-controlled services & examine results
      • Implement access control on Xinetd controlled services
      • Implement Xinetd IP and port-level daemon redirection
      • Discuss Xinetd & TCP Wrappers relationship and dual-layer security benefits
    •  
    • Implement Very Secure VSFTPD File Transfer Protocol (FTP) services
      • Implement anonymous FTPD
      • Implement user-level FTPD access
      • Implement FTPD banners
      • Disable anonymous access
      • Configure VSFTPD to run under the auspices of Xinetd super server for increased security
      • Implement bandwidth rate-limiting to control bandwidth usage
    •  
    • Discuss Linux & Windows Integration via Samba
      • Install Samba support
      • Install Samba Web-based Administration Tool (SWAT)
      • Configure Samba file & print sharing
      • Evaluate access to Samba file & print server
      • Configure Samba Windows Internet Name Server (WINS) support
      • Evaluate Windows XP/2003 client access to Samba-WINS server
    •  
    • Discuss the Network File System (NFS) concepts and Linux support
      • Implement the NFS daemon
      • Review /etc/exports parameters and options
      • Evaluate access to NFS exports
      • Implement NFS connectivity across a WAN connection via IPSEC VPN-connectivity
    •  
    • Discuss the CRON scheduling system concepts and application
      • Identify various predefined CRON entries and schedules
      • Define custom cron jobs system-wide
      • Define custom cron jobs user-wide
      • Evaluate results of cron jobs
    •  
    • Implement the Berkeley Internet Daemon (BIND) Domain Name Server (DNS)
      • Implement BIND 9.x
      • Configure BIND as a caching-only DNS server
      • Test caching-only name resolution from Windows 2003 & Linux hosts
      • Secure access to caching-only/recursive name server via ACLs
      • Configure BIND as a primary DNS server
      • Test primary name resolution from Windows 2003 & Linux hosts
      • Configure BIND as a secondary(slave) DNS server
      • Restrict communications between primary & secondary DNS servers
      • Implement updates between master and secondary DNS servers via IPSEC VPN
      • Configure DNS zones on Linux BIND & Windows 2003 DNS - activate replication
      • Implement poor man's load balancing using DNS round robin
      • Evaluate results of BIND configuration using DIG
      • Configure DNS zones
      • Configure zone transfers
      • Configure secure-zone transfers
      • Evaluate BIND's configuration files named.conf & named.custom
      • Configure BIND sub-domain delegation. i.e. internal.linuxcbt.net
      • Configure BIND to support reverse domains
      • Configure Linux/Windows 2003 clients to use Linux BIND DNS server
      • DNS Transaction Signatures (TSIG) implemenation
      • Identify BIND logging information for troubleshooting purposes
      • Configure BIND DNS with IP Aliasing (Sub-Interfaces) to host DNS on separate IP address
    • Implement Network Monitoring & Graphing tools using SNMP, etc.
      • Implement Multi Router Traffic Grapher (MRTG)
      • Graph Cisco Firewall with MRTG
      • Implement Cacti Network Graphing Tool
      • Download and Install Cacti and required components (RRDTool, MySqL, etc.)
      • Explore Cacti Interface, options, etc.
      • Graph Cisco, Linux & Windows 2003 resources with Cacti using SNMP & Scripts
    •  
    • Implement Network Time Protocol (NTP) & Time Synchronization services for local subnets
      • Discuss features and distributed nature of the hierarchial NTP service
      • Ascertain and select optimal Stratum 1 NTP servers for synchronization
      • Review default NTP configuration
      • Configure NTP to synchronize with NTP servers
      • Configure internal Linux clients to syncrhonize with internal Stratum 2 NTP server
      • Configure Cisco PIX firewall to synchronize with internal Stratum 2 NTP server
      • Use NTP-related tools such as NTPQ, NTPTRACE to ascertain NTP-related information
    •  
    • Linux Web Services - Apache/Tomcat/CGI/WebLogic
      • Discuss Apache Web Server's history, ubiquity (netcraft stats) and reliability
      • Explain Apache Web Server's capabilities (Virtual directories, modules, WebDav, etc.)
      • Implementation of Apache Web Server 2.x
      • Evaluate installation/implementation results of Apache Web Server 2.x
      • Demonstrate implementation of aliases & redirects via mod_alias
      • Restrict access to aliases and test access from Linux & Windows 2003 nodes
      • Examine implications of alias & redirect access on access & error logs from multiple hosts
      • Demonstrate implementation of virtual directories
      • Demonstrate configuration of several virtual hosts
      • Discuss and implement Apache 2.x logging system per virtual host
      • Configure basic authentication to virtual hosts containers via .htaccess & Directory directives
      • Configure digest authentication to virtual hosts containers via Directory & .htaccess directives
      • Configure SSL support for the virtual hosts
      • Demonstrate SSL support without certificate provided by Certificate Authority
      • Implementation of Webalizer Log Analysis software
      • Customization of Webalizer to automatically generate reports for multiple virtual hosts
      • Implementation of AWSTATS Log Analysis software
      • Customization of AWSTATS to automatically generate reports for multiple virtual hosts
    •  
    • top
    •  
    • Dynamic web sites - Common Gateway Interface(CGI) & scripting engine discussion & implementation
      • Implement CGI access to Linux via Apache & PERL scripts
      • Discuss benefits of PHP Dynamic Web Access Scripting Engine
      • Implementation of PHP Dynamic Web Access Scripting Engine
      • Evaluate PHP Dynamic Web Access Scripting Engine installation results
      • Execute sample PHP web pages on Apache Web Server 2.x
    •  
    • Application Servers - Java J2EE Platform integration with Linux
      • Discuss benefits of Apache Tomcat Dynamic Web Scripting(JSP)/Java Servlet Engine
      • Implementation of Sun's Java Development Kit (JDK) 1.4.x for Apache Tomcat support
      • Implementation of Apache Tomcat Dynamic Web Scripting(JSP)/Java Servlet Engine
      • Evaluate Apache Tomcat Dynamic Web Scripting(JSP)/Java Servlet Engine installation results
      • Execute sample Apache Tomcat Dynamic Web Scripting(JSP)/Java Servlet applications
      • Discuss benefits of BEA Weblogic JSP/Servlet/Enterprise Java Beans Engine
      • Implementation of BEA Weblogic JSP/Servlet/Enterprise Java Beans Engine
      • Evaluation of BEA Weblogic JSP/Servlet/Enterprise Java Beans Engine results
      • Execute sample applications on BEA Weblogic JSP/Servlet/Enterprise Java Beans Engine
      • Discuss benefits of Jboss J2EE JSP/Servlet/Enterprise Java Beans Engine
      • Implementation of Jboss JSP/Servlet/Enterprise Java Beans Engine
      • Evaluation of Jboss JSP/Servlet/Enterprise Java Beans Engine results
      • Execute sample applications on Jboss JSP/Servlet/Enterprise Java Beans Engine
    •  
    • Discussion of messaging concepts and applications
      • Sendmail MTA Essentials
      • Introduction to Sendmail Message Transfer Agent (MTA)
      • Implementation of Sendmail
      • Configure Sendmail to relay messages for remote hosts
      • Configure Sendmail to support virtual hosts/multiple domains
      • Evaluate results of routing messages to multiple domains using Sendmail
      • Sendmail logging capabilities
      • Implement AWSTATS log reporting engine to generate HTML sendmail reports
    •  
    • Postfix MTA Essentials
      • Introduction to the Postfix Message Transfer Agent (MTA)
      • Install Postfix
      • Install Mail Transfer Agent (MTA) administrative switching tools
      • Switch system from Sendmail to Postfix as default MTA
      • Explore Postfix configuration files and directory structure
      • Implement outbound messages via Postfix
      • Confirm receipt of outbound messages on publicly-accessible systems
      • Configure Postfix to support virtual domains
      • Build Postfix virtual user mappings for virtual domains support
      • Test virtual domains via external messaging sources
    • Post Office Protocol Version 3 Essentials
      • Discuss the capabilities and limitations of POP3
      • Implement POP3 services
      • Implement secure POP3 services
      • Demonstrate access to POP3 services from the client perspective
      • Implement Secure POP3 services using SSL with self-signed certificate
    •  
    • Internet Messaging Access Protocol (IMAP)
      • Discuss the capabilities and limitations of IMAP
      • Implement IMAP services
      • Demonstrate access to IMAP services from the client perspective
      • Implement Secure IMAP services using SSL with self-signed certificate
    •  
    • Web-based Mail Implementation using Squirrel-mail
      • Describe required squirrel mail components for web-mail integration
      • Install squirrel mail on Internet production system
      • Configure squirrel mail defaults for linuxcbt.net domain
      • Verify Sendmail virtual hosting configuration for linuxcbt.net domain
      • Verify IMAP configuration
      • Configure Apache alias for squirrel mail integration
      • Configure Apache Virtual Host for squirrel mail integration
      • Configure BIND DNS services for squirrel mail integration
      • Explore squirrel mail's web-based interface
      • Generate mail from various remote domains (hotmail.com, etc.) and retrieve with squirrel mail
    •  
    • top
    •  
    • Secure Shell (SSH) Concepts & Implementation
      • SSH client concepts - replacement for clear-text-based Telnet, RCP, FTP protocols.
      • Identification of required OpenSSH/OpenSSL components
      • Demonstrate SSH connectivity & public key registration
      • Implement globally-shared public keys
      • Generate RSA & DSA public key/private key pairs
      • Configure SSH client and SSHD to authenticate via public/private key pairs
      • Authenticate to remote hosts using public/private key pairs
      • Use Secure Copy (SCP) to move files
      • Port Forwarding implementation
      • Port Forwarding integration with Linux & Windows 2003 Server
      • X11 Forwarding demonstration
      • Use Secure File Transfer Protocol (SFTP) to move files
    •  
    • Linux Defensive Security Implementation Techniques
      • Implement NMAP port scanner and demostrate usage to ascertain open doors
      • Discuss & demonstrate operating system fingerprinting techniques with NMAP
      • Demonstrate IP-spoofing & packet forging with NMAP
      • Discuss the benefits of the NESSUS Security & vulnerability scanner
      • Implement Nessus client/server Security vulnerability scanner
      • Demonstrate parallel security scanning of local & remote subnets
      • Explore Nessus's reporting capabilities (NBE/XML/HTML/etc.)
      • Demonstrate Nessus class-based access for corporate usage
      • Implement Ethereal network sniffer
      • Demonstrate telnet clear-text password theft with Ethereal
      • Demonstrate alternative SSH encrypted sessions with Ethereal
      • Demonstrate FTP clear-text password theft with Ethereal
      • Demonstrate alternative SFTP encrypted sessions with Ethereal
      • Implement HPING highly customizable packet forging tool
      • Compare & contrast PING with HPING
      • Demonstrate IP packet spoofing with HPING & Cisco PIX firewall integration
      • Demonstrate HPING's ability to communicate with ICMP-filtered Internet servers
      • Demonstrate using HPING to setup a trojan horse backdoor for executing arbritary code
      • Implement John the Ripper password cracking tool
      • Discuss file and directory security
      • Implement chmod,chown,umask,SUID,SGID,etc.
    •  
    • Linux Defensive Security Implementation Techniques
      • Implement Multi-Router Traffic Grapher (MRTG) to establish network performance baseline
      • Configure Cisco PIX firewall for MRTG support via Simple Network Management Protocol (SNMP)
      • Configure MRTG to generate perfomance & badwidth-related graphs for Cisco PIX firewall
      • Implement IP Tables Host-based firewall support
      • Configure IP Tables to restrict access to necessary services
      • Introduce, discuss & plan the implementation of Snort 2.x Intrustion Detection System (IDS)
      • Discuss Snort intrustion detection concepts related to hubs & switches
      • Install Snort 2.0 Network-based Intrusion Detection System
      • Implement Snort 2.0 network sniffing functionality
      • Implement Snort 2.0 sniffing & packet-logging functionality
      • Demonstrate Snort's ability to monitor traffic between designated hosts
      • Demonstrate password theft using Snort & FTP connections
      • Demonstrate password theft using Snort & Apache HTTP basic authentication connections
      • Implement Snort 2.0 Network-based Intrusion Detection System
      • Implement SnortSnarf for web-based reporting of Snort 2.0 logs
      • Examine SnortSnarf reports via SSL-enabled web session
      • Demonstrate how to implement port mirroring on Cisco Catalyst switches
      • Implement Network Address Translation (NAT)
      • Discuss & Implement Port Address Translation (PAT)
      • Implement TCP Wrappers
      • Configure Xinetd to suppress access to the system from port-scanners
      • Discuss & Disable Portmap services
    •  

LinuxCBT EL-3x Edition

  •  
DEMO