LinuxCBT.com

Syllabus

Focus: RedHat® Enterprise Linux Version 4x

Duration: 65-Hours

    • Installations and Usage on Dell PowerEdge Hardware
      • Discuss features of RedHat® Enterprise Linux 4
      • Prepare images for network installation
      • Install RedHat Enterprise 4 Workstation on Dell Power Edge Server
      • Explore GNOME graphical environment
      • Introduction to Bourne Again Shell (BASH) - Globes/environment
      • Input (STDIN), output (STDOUT) and standard error (STDERR) redirection
      • Pipes
      • Command chaining
      • BASH for loops
    •  
    • Common BASH Shell commands - Command Line Interface (CLI)
      • pwd, touch, stat, ls - explore useful Linux system commands
      • echo, cat - expose ASCII text and integrate with files
      • cp - copy files
      • mv - move files throughout the file system
      • tar - explore features and advantages of tarballs
      • gzip, bzip2 - intetgrate with tar and examine Internet archive
      • diff - compare and contrast between 2 or 3 files - diff3
      • file - discuss logic used to ascertain file type
      • find - single and multiple expressions and criteria
      • slocate - Compare and contrast with find and create system-wide DB
      • w, wall, watch, whereis, which, who - Important w commands
      • ps & pstree- explore process lists
      • free & top - explore process management with top
      • seq, top, jobs, fg, kill, killall, bg - Manage processes using standard tools
      • Use grep to process lines
      • Use awk to process fields - 30
    •  
    • Common Network Clients & Utilities
      • nano editor
      • Convert Unix text files to Windows format using unix2dos
      • Convert Windows text files to Unix format using dos2unix
      • Retrieve local and remote mail with mutt Mail User Agent (MUA)
      • mount - Mount CDs and ISO images - create ISOs with mkisofs
      • FTP - explore the standard File Transfer Protocol (FTP) client
      • gFTP - Usge GNOME FTP to interact with remote FTP server
      • LFTP - basic usage, job control
      • LFTP - mirror and reverse mirror content - resume transmission
      • LFTP - batch, non-interactive, scripted mode
      • Introduction to SSH concepts, implementation, etc.
      • Use SSH Client to connect to remote Linux Systems using password authentication
      • Identify key SSH-client files (.known_hosts, public/private key pairs,etc.)
      • Authenticate to remote Linux systems using alternate credentials
      • Use Secure Copy Protocol (SCP) to move data between systems non-interactively
      • Use Secure File Transfer Protocol (SFTP) to move data between systems interactively
      • Demonstrate how to generate Public/Private key (RSA/DSA) pairs using SSH-Keygen
      • Demonstrate using SSH to authenticate to remote Linux hosts without passwords
      • Install RedHat Enterprise Workstation on Dell Laptop using HTTP
      • Generate Public Key/Private Key pairs for use with file and E-mail encryption
      • Demonstrate using E-mail client with GNU Privacy Guard (GPG) Open PGP for E-Mail encryption
      • Use Remote Desktop to connect to RDP & VNC remote Linux and Windows hosts
    • Installation on Dell Poweredge Server
      • Prepare Sources on Apache HTTP server
      • Burn bootable CD with network drivers for network-based installation
      • Remove hardware-based RAID 0 configuration
      • Configure hardware-based RAID 5 logical storage
      • Commence software installation
      • Create custom partitions and mount points during installation
      • Configure X11 and confirm installation
    •  
    • System Initialization
      • Explore GRUB
      • Explore system recovery mode
      • Explore INIT
    •  
    • System V Linux Runlevel implementation
      • Identify key startup files, including scripts (inittab,Sscripts,Kscripts,etc.)
      • Explain GNU/Linux System V Init Runlevel (0 - 6) concepts & applications
      • chkconfig & ntsysv
      • Identify startup log files & entries using DMESG & exploration
    •  
    • Manage Users and Groups & Permissions
      • User and group creation & management concepts - passwd, shadow, group, gshadow files
      • Use system-config-users to create and manage users and groups
      • chmod/chown/chgrp
      • SETGID - Group collaboration
      • Explore Hard and Symbolic links including across disparate file systems
    •  
    • File System Management
      • FDISK
      • Create Standard Linux Partition
      • Make EXT2 File System & mount for general usage
      • Use tune2fs to upgrade EXT2 to EXT3 File System
      • Remove EXT2 partition and create EXT3-based parition
      • FSTAB - explore File System Table
      • Use FDISK to create a swap partition
      • Create Swap partition using MKSWAP & SWAPON
      • Provision additional swap space using swapon & swapoff
      • Explore GNU Parted as a partition and file-system management tool
      • Use Parted to create EXT?-based and Swap partitions
      •  
      • Logical Volume Management (LVM) - Discuss concepts and applications
      • Allocate partitions for usage with LVM
      • Create Physical Volumes
      • Create Volume Groups based on Physical Volumes
      • Create Logical Volumes based on Volume Groups
      • Prepare EXT3-based file systems on LVM-managed storage
      • Mount and use LVM Volumes
      • Resize LVM Volumes
    •  
    • Kickstart-based RAID Installation
      • Use Kickstart tool to configure automated kickstart process
      • Installation via HTTP using Kickstart
      • Discuss RAID concepts and configuration
      • Configure RAID disk partitions
    •  
    • RPM Package Management Tool Concepts & Usage
      • Query existing packages & file-based packages
      • Identify offline and online package repositories
      • Install packages
      • Upgrade packages
      • Freshen packages
      • Remove packages
    •  
    • Kernel Concepts and Management
      • Identify and discuss kernel implementation
      • Use kernel utils to identify modules and supported hardware
      • Discuss proper kernel update procedures
      • Download and Install the latest SMP-based kernel
      • Confirm results
      • Remove outdated kernel and confirm results
      • Download and Install the latest Uniprocessor-based kernel
      • Examine changes to GRUB and other key directory trees
      • SYSCTL - use to view and modify run-time variables
    •  
    • Network - Physical & Logical Configuration
      • Identify key directories & files for static & dynamic communications
      • Configure Linux client with static TCP/IP parameters for network communication
      • Explore hotplug -> hwup -> ifup logic
      • Use ifconfig to ascertain logical TCP/IP configuration
      • Use hwinfo to ascertain installed hardware
      • Configure Aliased Ethernet Interfaces to faciliate multiple IP addresses
    •  
    • Explore System Logging via SYSLOG and Logrotate
      • Explore Boot log & System Log
      • Explore dmesg
      • Explanation of syslog facilities & levels
      • Demonstrate syslog administration
      • Enable SYSLOG network listener
      • Demonstrate Cisco PIX Firewall to Linux SYSLOG functionality
      • Explore automatic log rotation and customization via Logrotate
      • Configure Logrotate to rotate & compress sample log files
    •  
    • Implement Network Time Protocol (NTP) Client/Server
      • Configure Network Time Protocol (NTP) to perform client/server time synchronization
      • Synchronize SUSE Enterprise Linux NTP with additional Linux Stratum 2 NTP server
      • Synchronize against Stratum 1 NTP servers
    •  
    • Dynamic Host Configuration Protocol (DHCP)
      • Explain DHCP Concepts & Applications
      • Explore DHCP confiuration files
      • Configure DHCP subnet with applicable options
      • Configure DHCP Reservation based on layer-2 address
    •  
    • Domain Name System (DNS)
      • Configure BIND as a caching-only DNS server
      • Implement Master DNS Zone
      • Configure Reverse Zone for local subnet
      • Implement Dynamic Domain Name System (DDNS) Zones (Forward/Reverse)
      • Explain DHCP and DNS update integration options
      • Integrate DHCP with DNS via Encypted Transaction Signatures (TSigs)
      • Configure Windows 2003 Active Directory to publish DNS Records to Linux Server
      • Examine Windows 2003 SRV Records
      • Configure Master/Slave Zones with Linux Server
      • Evaluate results of BIND configuration using DIG & host
      • Implement DNS sub-domains (Third-level domains)
    •  
    • CRON - System Scheduler
      • Explore Cron Implementation
      • Explain scheduling options
      • Global and scope-based Cron options
      • Schedules jobs to run & examine the output
      • Configure individual Crontab entries
    •  
    • Samba Implementation
      • Implement Linux & Windows Integration via Samba
      • Explore Samba Configuration files
      • Implement SMBFS integration with SUSE Enterprise Linux File System
      • Mount Windows shares seamlessly using Samba File System (SMBFS)
      • Configure FSTAB to support repetitive mounts
      • Implement secure SMBFS credentials for mounting
      • Install Samba Server support
      • Install Samba Web-based Administration Tool (SWAT)
      • Configure Samba file sharing
      • Configure Samba with multiple NETBIOS aliases
      • Install Active Directory (AD) on Windows 2003 Host
      • Configure Samba-Active Directory Integration
    •  
    • Very Secure VSFTPD File Transfer Protocol (FTP) services
      • Implement anonymous FTPD
      • Implement user-level FTPD access
      • Implement FTPD banners
      • Disable anonymous access
      • Configure VSFTPD to chroot jail users into their home directories
      • Implement bandwidth rate-limiting to control bandwidth usage
    •  
    • Network File System (NFS) Implementation
      • Implement NFS Server
      • Export shares and discuss options
      • Mount NFS exports on remote Linux Host
      • Implement AutoFS
    •  
    • Trivial File Transfer Protocol (TFTP) Implementation
      • Install TFTP server
      • Backup Cisco PIX firewall configuration using TFTP
      • Update Cisco PIX firewall configuration using TFTP
    •  
    • Apache Web Server Implementation
      • Discuss Apache server's features and concepts
      • Examine Apache-RedHat HTTPD CONF hierarchy
      • Examine various configuration files
      • Implement Apache Mod Alias and ScriptAlias
      • Follow SYMLINKS
      • Discuss and implement the Directory directive
      • Restrict access to content based on IPs and subnets
      • Implement user home (public_html) directories for personal web-publishing
      • Configure .htacess file with directives
      • Configure IP-based Virtual Hosts
      • Configure Name-based Virtual Hosts
      • Implement Basic and digest authentication schemes
      • Explore Apache logging semantics
      • Implement Apache logging system per virtual host
      • Webalizer Log Analysis software Implementation
      • Generate web reports using Webalizer
      • Perl CGI - Implementation
    •  
    • MySQL® Relational Database Management System
      • Install MySQL® Relational Database Management System
      • Secure access to MySQL®
      • Explore MySQL® monitor shell-based interface
      • Create sample MySQL® databases
      • Load external data-set from Linux
      • Load external data-set from Windows

    • PHPMyAdmin - MySQL® Web-based Management Interface
      • Install PHPMyAdmin for web-based management of MySQL instances
      • Explain & Secure access to PHPMyAdmin
      • Explore PHPMyAdmin's interface
    •  
    • Postfix Message Transfer Agent (MTA)
      • Introduction to Sendmail Implementation
      • Configure Postfix as default MTA
      • Introduction to Postfix Message Transfer Agent (MTA)
      • Explore the directives in the Postfix configuration files
      • Define default values for the FQDN
      • Alter myorigin and examine results
      • Configure Postfix to route messages using a Smarthost
      • Examine how Postfix delivers mail locally
      • Configure SMTP Relaying in Postfix
      • Use Mutt to demonstrate outbound mail handling using Postfix
      • Define SMTP Virtual domains for hosting multiple DNS domains
      • Configure Postfix with a production LinuxCBT DNS domain
      • Examine Virtual domain routing with production and non-production DNS domains
    •  
    • Internet Messaging Access Protocol (IMAP) - Dovecot
      • Explain IMAP concepts and applications in comparison to POP3
      • Implement IMAP services
      • Connect to IMAP services from remote Windows Outlook Express client
      • Implement IMAPS
      • Generate new self-signed SSL certificate for use with IMAPS
    •  
    • Squirrel-mail Web-based Mail Interface Implementation
      • Describe required squirrel mail components for web-mail integration
      • Install squirrel mail on SUSE Enterprise Linux system
      • Configure Apache virtual directory for squirrel mail integration
      • Configure Apache Virtual Host for squirrel mail integration
      • Configure BIND DNS services for squirrel mail integration
      • Explore squirrel mail's web-based interface
    •  
    • XMPP - Enterprise Instant Messenger - Jive Messenger
      • Download and Install Jive Messenger
      • Configure Jive Messenger for usage
      • Evaluate IM-connectivity from Linux Jabber-compliant client
      • Evaluate IM-connectivity from Windows Jabber-compliant client
    •  
    • System Audit & Lockdown
      • Identify tools to perform system audit
      • Ascertain and document current system state
      • Close all superflous services
      • Bind necessary services (daemons) to necessary interfaces and logical addresses
      • Establish security configuration baseline
    •  
    • NMAP - Port Scanner and Vulnerability Assessment Tool
      • Obtain, and install current version of NMAP
      • Identify commonly used NMAPoptions/switches/parameters
      • Explain typical TCPhandshake protocol while using NMAP
      • Identifiy key NMAP configuration files
      • Use NMAP to perform operating system fingerprinting
      • Peform subnet-wide ethical scans
      • Perform default TCPSYN-based ethical scans of local and remote resources
      • Examine the results of scans on remote Cisco firewall with debugging mode enabled
      • Perform default TCPConnect-based ethical scans of local and remote resources
      • Examine the results of scans on remote Cisco PIXFirewall with debugging mode enabled
      • Use NMAPto scan using aliased and spoofed IP addresses
      • Peform local ethical scans
      • Explore NMAP Front-End Graphical User Interface (GUI)
      • Discuss NMAP's features and applications
      • Perform Connect/Syn/Fin and various ethical port-scans
      • Perform service exposure scans
    •  
    • XINETD (Enhanced & Secure INETD Super Server Implementation)
      • Identify key XINETD configuration files
      • Explain the contents and structure of xinetd.conf
      • Restrict access to various daemons/services based on hosts & subnets
      • Lockdown XINETD-controlled services
      • Configure XINETD to restrict number of spawned instances of daemons/services
      • Configure XINETD to bind daemons/services to specific sub-interfaces (Virtual IP addresses)
      • XINETD logging
      • Explore additional XINETD features
    •  
    • TCP Wrappers concepts & applications
      • Identify primary package and key TCP Wrappers configuration files
      • Demonstrate disabled TCP Wrappers configurations by attempting connectivity
      • Examine pre and post TCP Wrappers configuration effects
      • Implement TCP Wrappers for common services
      • Test local & remote access to TCP Wrappers-protected host & services
    •  
    • IPTABLES (Netfilter Linux Kernel-based Firewall)
      • Discuss IPTABLES/Netfilter Concepts
      • Explore default tables and chains
      • Define and test INPUT chains
      • Define and test OUTPUT chains
      • Create user-defined chain and evaluate results
      • Explain IPTABLES default chains/filters and policies
      • Examine TCP/ICMP communications pre-IPTABLES chains
      • Implement ICMP inbound filtration based on various hosts
      • Use Cisco PIX Firewall to verify ICMP debugging
      • Filter traffic based on Layer-4 TCP/UDP (Source/Destination Ports) information
      • Restrict access to various daemons (SSH/FTP/HTTP/etc.)
      • Test connectivity locally and remotely (RedHat/Windows/etc.)
      • Implement IP Forwarding between disparate subnets
      • Implement Network Address Translation (NAT)
    •  
    • Nessus Vulnerability Scanner
      • Download and Install Nessus Vulnerability Scanner
      • Install missing system dependencies
      • Generate self-signed SSL certificates
      • Perform basic Nessus system configuration and start the daemon
      • Use Nessus Linux client to connect to Nessus Server and perform scans
      • Examine resuls of scanning Windows 2003 Host
      • Examine resuls of scanning Cisco PIX Firewall Appliance
    •  
    • Secure Shell Daemon - Secure Communications Implementation
      • Explore SSHD key configuration files
      • Restrict access to SSHD
      • Explore SSHD logging
      • Configure PVPNs with local port forwarding
      • Configure PVPNs with remote port forwarding
      • Execute remote commands in non-interactive mode using SSH
      • Discuss forced-commands framework
      • Configure SUSE Enterprise to accomodate forced-commands
      • Test forced-commands for pre-configured accounts for push/pull secure transactions
      • Integrate SSHD with Windows 2003 Server and PuTTY SSH client
      • Implement PKI with PuTTY SSH
      • Use PSCP and PSFTP to communicate securely from Windows® 2003 to SUSE® Linux
    •  
    • Snort® 2.x Network Intrusion Detection System (NIDS)
      • Obtain, and install pre-requisites (libpcap/libpcre/etc.)
      • Obtain, compile and install the Snort® Network Intrusion Detection System (NIDS)
      • Identify and explain key operating modes (Sniffer/Logger/NIDS)
      • Explore in network sniffer mode
      • Explain OSI Model and relevant sniffing options
      • Explore Snort® in ASCII and Binary (TCPDUMP) logging modes
      • Output logs to ASCII text format and examine the results
      • Output logs to binary format and examine the results
      • Implement Snort® with BPF to filter traffic
      • Generate traffic from remote Windows 2003 and Linux hosts
      • Use Snort® with Berkeley Packet Filter (BPF) to parse logs
      • Implement Snort® in NIDS modes
      • Explore the snort.conf file and discuss rules
      • Explain Logging and Alerting output options
      • Perform port-scans from remote Linux systems and analyze Alerts
      • Configure Snort® to log to SYSLOG
    •  

LinuxCBT EL-4x Edition

  •  
DEMO