LinuxCBT.com

Syllabus

Focus: SuSE® Enterprise Linux Version 10x

Duration: 40-Hours

    • Network-based (HTTP & SSH) Installations
      • Enable Apache HTTPD on Installation server
      • Configure SUSE Ent. 10 Server as an HTTP Installation source with Apache
      • Discuss system requirements
      • Install SUSE Ent. 10 Server via HTTP
      • Confirm results
    •  
    • Grand Unified Boot Loader (GRUB) & System V Linux Runlevel implementation
      • Explore GRUB configuration
      • Explain SUSE Linux System V Init Runlevel (0 - 6) concepts & applications
      • Identify key startup files, including scripts (inittab,Sscripts,Kscripts,etc.)
    •  
    • GNOME & YaST
      • Explore the GNOME Desktop Interface
      • Explore YaST, centralized management tool
      • Install packages using Yast package manager
    •  
    • Basic GNU/Linux Skills - Command Line Interface (CLI) - BASH
      • Introduction to GNOME Terminal
      • Demonstrate usage of the following useful commands & concepts
      • ls, pwd, cd, cp, mv, rm, mkdir, rmdir, whoami, man, info
      • alias, cat, file, chmod, chown, history
      • Standard in/out, UNIX Pipes, Redirection, Command Chaining
      • ps, df, free, vmstat, top, kill
      • less & more, head & tail, diff
      • which & whereis, w, who
      • Use grep and cut to process delimited log files
      • find, locate
      • tar, gzip/gunzip, bzip2, zcat
      • Explore Pico text editor
      • Install and explore Nano text editor
      • Convert Windows text files to Unix format using dos2unix
      • Convert Unix text files to Windows format using unix2dos
    •  
    • Common Network Clients
      • File Transfer Protocol (FTP) client
      • Install and use LFTP - Sophisticated FTP Client to connect to FTP/HTTP servers
      • Mirror and reverse mirror using LFTP to synchronize data
      • Wget - HTTP/HTTPS/FTP connectivity
      • Explain SSH concepts, implementation, etc.
      • Use SSH Client to connect to remote Linux Systems using password authentication
      • Identify key SSH-client files (.known_hosts, public/private key pairs,etc.)
      • Authenticate to remote Linux systems using alternate credentials
      • Use Secure Copy Protocol (SCP) to move data between systems non-interactively
      • Use Secure File Transfer Protocol (SFTP) to move data between systems interactively
      • Demonstrate how to generate Public/Private key (RSA/DSA) pairs using SSH-Keygen
      • Demonstrate using SSH to authenticate to remote Linux hosts without passwords
      • Generate Public Key/Private Key pairs for use with file and E-mail encryption
      • Demonstrate using E-mail client with GNU Privacy Guard (GPG) Open PGP for E-Mail encryption
      • Use Remote Desktop to connect to RDP & VNC remote Linux and Windows hosts
      • Use ping, mtr & arp
      • Use dig, host, nslookup name resolution clients
      • NETSTAT
      • IFCONFIG
    •  
    • RPM Package Management Tool Concepts & Usage
      • Explain classes of SUSE Linux Packages
      • Query existing packages
      • Identify offline and online package repositories
      • Install packages
      • Upgrade packages
      • Freshen packages
      • Remove packages
      • Identify package membership of files on the SUSE system
    •  
    • Manage Users and Groups & Permissions
      • User profile implementation logic and concepts - (Bash profile/etc/skel/aliases/PATH/etc.)
      • User and group creation & management concepts - passwd, shadow, group, gshadow files
      • Use YaST to create and manage users and groups
      • SETUID
      • SETGID - Group collaboration
      • Sticky Bit
      • Explore Hard and Symbolic links including across disparate file systems
    •  
    • Paritions, File Systems & Volumes (RAID|LVM)
      • Provision new paritions with FDISK/Parted/YaST & ReiserFS
      • Configure RAID 0/1/5/ Volumes
      • Implement Logical Volume Management (LVM)
      • Provision additional Swap storage paritions and files
      • Use MKSWAP & SWAPON to enable additional Swap storage
      • Identify allocated swap space to the kernel
      • Committ changes for persistence
    •  
    • Explore System Logging via SYSLOG-NG and Logrotate
      • Explore Boot log & System Log
      • Explanation of syslog facilities & levels
      • Discuss SYSLOG-NG features & enhancements
      • Demonstrate syslog administration
      • Enable SYSLOG network listener
      • Demonstrate Cisco PIX Firewall to SUSE Linux SYSLOG-NG functionality
      • Explore automatic log rotation and customization via Logrotate
      • Configure Logrotate to rotate & compress sample log files
    •  
    • Network - Physical & Logical Configuration
      • Identify key directories & files for static & dynamic communications
      • Configure Linux client with static TCP/IP parameters for network communication
      • Explore hotplug -> hwup -> ifup logic
      • Use ifconfig to ascertain logical TCP/IP configuration
      • Use hwinfo to ascertain installed hardware
      • Configure Aliased Ethernet Interfaces to faciliate multiple IP addresses
    •  
    • Implement Network Time Protocol (NTP) Client/Server
      • Configure Network Time Protocol (NTP) to perform client/server time synchronization
      • Identify NTP bounded UDP interfaces
      • Synchronize SUSE Enterprise Linux NTP with RedHat Linux Stratum 2 NTP server
      • Synchronize against Stratum 1 NTP servers
    •  
    • Dynamic Host Configuration Protocol (DHCP)
      • Explain DHCP Concepts & Applications
      • Explore DHCP confiuration files
      • Configure DHCP subnet with applicable options
      • Configure DHCP Reservation based on layer-2 address
      • Enable DHCP with DDNS
      • Configure DHCP Failover between SUSE and RedHat Linux Servers
      • Test DHCP Failover with Windows 2003 Host
    •  
    • Domain Name System (DNS)
      • Explore SUSE DNS configuration via YaST
      • Configure BIND as a caching-only DNS server
      • Implement Master DNS Zone
      • Configure Reverse Zone for local subnet
      • Implement Dynamic Domain Name System (DDNS) Zones (Forward/Reverse)
      • Explain DHCP and DNS update integration options
      • Integrate DHCP with DNS via Encypted Transaction Signatures (TSigs)
      • Configure Windows 2003 Active Directory to publish DNS Records to SUSE Server
      • Examine Windows 2003 SRV Records
      • Configure Master/Slave Zones with RedHat Linux Server
      • Evaluate results of BIND configuration using DIG & host
      • Implement DNS sub-domains (Third-level domains)
    •  
    • CRON - System Scheduler
      • Explore Cron Implementation
      • Explain scheduling options
      • Global and scope-based Cron options
      • Schedules jobs to run & examine the output
      • Configure individual Crontab entries
    •  
    • Samba Implementation
      • Implement Linux & Windows Integration via Samba
      • Explore Samba Configuration files
      • Implement SMBFS integration with SUSE Enterprise Linux File System
      • Mount Windows shares seamlessly using Samba File System (SMBFS)
      • Configure FSTAB to support repetitive mounts
      • Implement secure SMBFS credentials for mounting
      • Install Samba Server support
      • Install Samba Web-based Administration Tool (SWAT)
      • Configure Samba file sharing
      • Configure Samba with multiple NETBIOS aliases
      • Install Active Directory on Windows 2003 Server
      • Integrate SUSE Ent. 10 Server with Windows Active Directory (AD)
      • Test Samba-to-Windows integration using 'getent' and authentication
    •  
    • Very Secure VSFTPD File Transfer Protocol (FTP) services
      • Implement anonymous FTPD
      • Implement user-level FTPD access
      • Implement FTPD banners
      • Disable anonymous access
      • Configure VSFTPD to chroot jail users into their home directories
      • Implement bandwidth rate-limiting to control bandwidth usage
      • Implement & test banning of unwelcomed anonymous e-mail addresses
      • Implement VSFTPD user with redirect to a Samba share
    •  
    • Network File System (NFS) Implementation
      • Identify key services/daemons
      • Configure NFS Client & Server
      • Evaluate NFS connectivity to other Linux hosts
    •  
    • RSYNC Implementation
      • Discuss features and benefits
      • Implement rsync
      • Confirm results
    •  
    • Apache Web Server Implementation
      • Discuss Apache server's features and concepts
      • Examine Apache-SUSE HTTPD CONF hierarchy
      • Examine various configuration files
      • Implement Apache Mod Alias and ScriptAlias
      • Examine user home directories
      • Discuss the Directory directive
      • Explore redirects
      • Configure .htacess file with directives
      • Implement Basic and digest authentication schemes
      • Configure IP-based Virtual Hosts
      • Configure Name-based Virtual Hosts
      • Explore Apache logging
      • Implement Apache logging system per virtual host
      • Webalizer Log Analysis software Implementation
      • Generate web reports using Webalizer
      • Implementation of PHP Dynamic Web Access Scripting Engine
      • Evaluate PHP Dynamic Web Access Scripting Engine installation results
      • Test basic PHP script-processing using sample scripts
      • Create and test PHP-form with Apache
    •  
    • MySQL Relational Database Management System
      • Install MySQL Relational Database Management System
      • Secure access to MySQL
      • Explore MySQL monitor shell-based interface
      • Create sample MySQL databases
      • Load external data-set from Linux
      • Load external data-set from Windows
      • Integrate PHP with MySQL

    • PHPMyAdmin - MySQL Web-based Management Interface
      • Install PHPMyAdmin for web-based management of MySQL instances
      • Explain & Secure access to PHPMyAdmin
      • Explore PHPMyAdmin's interface
    •  
    • Postfix Message Transfer Agent (MTA)
      • Introduction to Postfix Message Transfer Agent (MTA)
      • Explore the directives in the Postfix configuration files
      • Define default values for the FQDN
      • Alter myorigin and examine results
      • Configure Postfix to route messages using a Smarthost
      • Examine how Postfix delivers mail locally
      • Configure SMTP Relaying in Postfix
      • Use Mutt to demonstrate outbound mail handling using Postfix
      • Define SMTP Virtual domains for hosting multiple DNS domains
      • Configure Postfix with a production LinuxCBT DNS domain
      • Examine Virtual domain routing with production and non-production DNS domains
    •  
    • Post Office Protocol Version 3 (POP3)
      • Explain POP3 concepts and applications
      • Implement POP3 daemon
      • Connect to POP3 daemon using Windows 2003 Outlook Express client
      • Reroute inbound messages using Sendmail to POP3 account for retrieval
      • Use Mutt to send SMTP-based messages to POP3 account
    •  
    • Internet Messaging Access Protocol (IMAP)
      • Explain IMAP concepts and applications in comparison to POP3
      • Implement IMAP services
      • Connect to IMAP services from remote Windows Outlook Express client
    •  
    • Squirrel-mail Web-based Mail Interface Implementation
      • Describe required squirrel mail components for web-mail integration
      • Install squirrel mail on SUSE Enterprise Linux system
      • Configure Apache virtual directory for squirrel mail integration
      • Configure Apache Virtual Host for squirrel mail integration
      • Configure BIND DNS services for squirrel mail integration
      • Explore squirrel mail's web-based interface
    •  
    • PureFTPD Implementation
      • Explore configuration & enable service
      • Test various modes of operation
    •  
    • Xen Virtualization
      • Discuss features & benefits
      • Implement Xen with instance of SUSE Ent. 10 Edition
    •  
    • System Audit & Lockdown
      • Identify tools to perform system audit
      • Ascertain and document current system state
      • Close all superflous services
      • Bind necessary services (daemons) to necessary interfaces and logical addresses
      • Establish security configuration baseline
    •  
    • XINETD (Enhanced & Secure INETD Super Server Implementation)
      • Identify key XINETD configuration files
      • Explain the contents and structure of xinetd.conf
      • Restrict access to various daemons/services based on hosts & subnets
      • Lockdown XINETD-controlled services
      • Configure XINETD to restrict number of spawned instances of daemons/services
      • Configure XINETD to bind daemons/services to specific sub-interfaces (Virtual IP addresses)
      • XINETD logging
      • Explore additional XINETD features
    •  
    • TCP Wrappers concepts & applications
      • Identify primary package and key TCP Wrappers configuration files
      • Demonstrate disabled TCP Wrappers configurations by attempting connectivity
      • Examine pre and post TCP Wrappers configuration effects
      • Implement TCP Wrappers for common services
      • Test local & remote access to TCP Wrappers-protected host & services
    •  
    • IPTABLES (Netfilter Linux Kernel-based Firewall)
      • Discuss IPTABLES/Netfilter Concepts
      • Explain IPTABLES default chains/filters and policies
      • Examine TCP/ICMP communications pre-IPTABLES chains
      • Implement ICMP inbound filtration based on various hosts
      • Use Cisco PIX Firewall to verify ICMP debugging
      • Filter traffic based on Layer-4 TCP/UDP (Source/Destination Ports) information
      • Restrict access to various daemons (SSH/FTP/HTTP/etc.)
      • Test connectivity locally and remotely (RedHat/Windows/etc.)
    •  
    • Network Mapper (NMAP)
      • Obtain, compile and install current version of NMAP
      • Identify commonly used NMAP options/switches/parameters
      • Perform default TCP SYN-based ethical scans of local and remote resources
      • Explain typical TCP handshake protocol while using NMAP
      • Examine the results of scans on remote Cisco firewall with debugging mode enabled
      • Perform default TCP Connect-based ethical scans of local and remote resources
      • Examine the results of scans on remote Cisco PIX Firewall with debugging mode enabled
      • Use NMAP to scan using aliased and spoofed IP addresses
      • Peform local ethical scans
      • Identifiy key NMAP configuration files
      • Use NMAP to perform operating system fingerprinting
      • Peform subnet-wide ethical scans
    •  
    • Nessus Vulnerability Scanner Implementation
      • Download & Install Nessus Client & Server
      • Configure & test credentials
      • Discuss plug-ins and scopes
      • Perform vulnerability scans & evaluate results
    •  
    • TCPDump Traffic Capture
      • Discuss features
      • Capture data in ASCII & Binary formats
      • Implement Berkeley Packet Filters (BPFs)
      • Analyze results
    •  
    • Ethereal Traffic Analysis
      • Discuss features
      • Install using YaST
      • Analyze TCPDump binary file
      • Rebuild interesting TCP sessions
    •  
    • Snort 2.x Network Intrusion Detection System (NIDS)
      • Obtain, and install Snort pre-requisites (libpcap/libpcre/etc.)
      • Obtain, compile and install the Snort Intrusion Detection System (NIDS)
      • Identify and explain key operating modes (Sniffer/Logger/NIDS)
      • Explore Snort in network sniffer mode
      • Explain OSI Model and relevant Snort sniffing options
      • Explore Snort in ASCII and Binary (TCPDUMP) logging modes
      • Output Snort logs to ASCII text format and examine the results
      • Output Snort logs to binary format and examine the results
      • Implement Snort with BPF to filter traffic
      • Generate traffic from remote Windows 2003 and Linux hosts
      • Use Snort with Berkeley Packet Filter (BPF) to parse logs
      • Implement Snort in NIDS modes
      • Explore the snort.conf file and discuss rules
      • Explain Logging and Alerting output options
      • Perform port-scans from remote Linux systems and analyze Alerts
      • Configure MySQL with Snort-compliant schema
      • Configure Snort to log to MySQL
      • Download & Install BASE web analysis application
      • Configure BASE to read alerts from MySQL
      • Evaluate results
    •  

LinuxCBT SLES-10x Edition

  •  
DEMO