LinuxCBT.com

Syllabus

Focus: Solaris® Version 10x

Duration: 65-Hours

    • Local Media (CDROM) Text-based Installation on Dell PowerEdge Hardware
      • Discuss features of Solaris® 10
      • Explore system BIOS
      • Configure BIOS for local media booting
      • Boot local media and discuss default GRUB options for installation
      • Boot installation and discuss installation options
      • Discuss system requirements for text & GUI installations
      • Discuss single-user mode access
      • Boot text-based installation and explain hardware detection process & assignment
      • Configure network parameters
      • Configure time & locale parameters
      • Explore software companion DVD components
      • Select appropriate installation package group (Entire Distribution)
      • Customize file system slices - /, /export/home, SWAP
      • Complete installation of Entire Distribution
      • Reboot and confirm boot to the GUI screen
    •  
    • Pre-Execution (PXE) Nework-based Installation on Dell PowerEdge Hardware
      • Explain PXE installation requirements (TFTP, DHCP, etc.)
      • Prepare an alternate Solaris® server to become an Install Server - ./setup_install_server
      • Share Install Server source files using Network File System (NFS)
      • Configure SuSE® Linux DHCP Server to support the PXE client (Solaris® server) using a reservation
      • Configure Solaris® Install server to support the Solaris® client - ./add_install_client
      • Explore files created by ./add_install_client to support PXE
      • Explain PXE-boot process
      • Boot PowerEdge server and configure BIOS to boot using PXE
      • Reboot and install Solaris® 10 across the network without local media
      • Install using Solaris® Interactive option
      • Configure GUI (KVM) settings for graphical installation
      • Configure network parameters
      • Configure time & locale parameters
      • Confirm additional parameters and NFS path to source files
      • Customize file system slices - /, /export/home, /var, SWAP
      • Complete installation of Entire Distribution
      • Reboot and explore the Grand Unified Boot Loader (s) menu items
      • Discuss Service Management Facility (SMF) initial starup process
      • Confirm GUI Login
    •  
    • Console-based (Serial Cisco Firewall Rollover Cable) Installation
      • Discuss requirements of serial installation
      • Execute ./add_install_client to setup console installation option on appropriate com port
      • Boot PowerEdge server and confirm PXE boot
      • Select console boot option and confirm GRUB boot option
      • Connect to SuSE® Linux and use kermit to connect via com1 to the PowerEdge server
      • Continue PXE-Console(Serial) installation
      • Alter kermit console to resemble a mainframe terminal
      • Configure network parameters
      • Configure time & locale parameters
      • Customize file system slices - /, /export/home, /var, /usr, /opt, SWAP
      • Complete installation of Entire Distribution
      • Configure X.org GUI parameters using kdmconfig
    •  
    • Sysidcfg (phase 1) & JumpStart-based (phase 2) Installation - Unattended Installs
      • Explain the directives(network,locale,etc.) and application of the 'sysidcfg' file
      • Define the 'sysidcfg' file
      • Execute ./add_install_client to provide support for 'sysidcfg' file
      • Reboot using PXE and install using 'sysidcfg' file, confirming auto-population of directives - phase 1
      • Discuss rules regarding JumpStart installation method - phase 2
      • Introduction to the 'rules.ok' file
      • Discuss 'rules.ok' profile development for classes of users (marketing, development, etc.)
      • Define 'rules.ok' profile file with appropriate criteria, validae, and store in NFS-accessible location
      • Reboot server, and confirm 'sysidcfg' and 'rules.ok' files in GRUB entry
      • Continue JumpStart, unattended installation
    •  
    • Desktop Console-based Installation with PXE
      • Boot using 'sysidcfg' and 'rules.ok' files incorporated in JumpStart option
      • Configure X.org using kdmconfig
      • Complete unattended remainder of installation
    •  
    • Flash-based (Snapshot) Installation with PXE and JumpStart Integration
      • Discuss ideal environment for implementing flash installations
      • Identify the current runlevel and enter single-user mode to prepare flash archive
      • Use the 'flar' utility to take a snapshot of the system
      • Use Secure Copy (scp) to copy flash archive to NFS server
      • Reboot PowerEdge server and perform flash installation
      • Compete installation, reboot and confirm initial startup
      • Configure JumpStart and flash archive installation
      • Configure X.org GUI parameters using kdmconfig
      • Customize file system slices - /, SWAP
      • Complete installation
      • Confirm results - GUI Login
    •  
    • Grand Unified Boot Loader (GRUB) Implementation
      • Describe the boot process (BIOS - GRUB - Solaris® Kernel - Sched - Init - SMF - Runlevel)
      • Discuss the default GRUB menu items
      • Explain how GRUB references bootable media
      • Boot into single-user mode by modifying GRUB
      • Explore the GRUB startup environment
    •  
    • System Initialization (INIT - PID 1)
      • Describe init's invocation
      • Peruse init's default configuration file /etc/inittab
      • Explain runlevels
      • Compare & contrast Solaris® & Linux runlevels
      • Explore /etc/init.d and /etc/rc* directories
    •  
    • Service Management Facility (SMF) Framework
      • Discuss the adavantages and features of SMF
      • Discuss the service configuration database
      • Explain support for legacy services
      • Discuss the role of service restarters - 'svc.startd' & 'inetadm'
      • Describe support for INETD-controlled daemons
      • Enumerate services configured on the system, including state information
      • Discuss & examine Fault Management Resource Identifiers (FMRIs)
      • Discuss service dependencies
      • Use 'svcadm' to manage (disable/enable) services
      • Break dependencies and evaluate the results
      • Use 'inetadm' to manage INETD-related services
      • Convert legacy INETD service to SMF-managed service
    •  
    • GNOME Desktop Environment
      • Explore GNOME Desktop
      • Identify key features
      • Explore the Control Panel interface
      • Browse the filie system using Nautilus explorer
      • Correlate GNOME Desktop items to files in the user's home directory
      • Customize GNOME Desktop
      • Create GNOME Desktop launchers (Shortcuts)
      • Save configuration
    •  
    • Shell-based User & Group Management
      • Enumerate key user & group management tools
      • Analyze the fields in /etc/passwd, /etc/shadow, /etc/group
      • Correlate /etc/passwd to /etc/shadow entries
      • Create and modify users and groups
      • Alter the default encryption algorithm used for passwords
      • Add users to groups and evaluate results
    •  
    • Solaris® Management Console (SMC) - Consolidated GUI System Management
      • Confirm that 'wbem' is running
      • Launch SMC and connect to local 'wbem' instance
      • Authenticate and explore the SMC GUI interface
      • Peruse key system metrics
      • Explore the log viewer interface
      • Manage users & groups using SMC
      • Define user templates and create users based on those templates
      • Examine scheduled jobs and correlate to crontab entries
      • Explore mounted file systems
    •  
    • Bourne Again Shell (BASH)/Bourne Shell Basics
      • Distinguish between privileged and non-privileged uses
      • Identify the default shell for a given user
      • Discuss features of BASH
      • Execute BASH
      • Discuss pseudo-terminals and how to identify connected terminals
      • Modify user's accounts to default to BASH using shell & SMC
      • Use 'su' to switch users
      • Explore key BASH commands
      • Focus on BASH input, output, and error redirection
      • Explore BASH command chaining
      • Use logical BASH operators (&&, ||) to control program logic
      • Discuss and alter BASH global and user-specific configuration files
      • Reveal key information using system info commands
    •  
    • Package Management
      • Discuss options for managing packages
      • Discuss package nomenclature
      • Use 'installer' script in GUI & text modes to install packages
      • Install packages from the Software Companion DVD sources
      • Use 'prodreg' to display currently-installed software
      • Install packages using prodreg and evaluate results
      • Enumerate existing packages using 'pkginfo'
      • Echo package metadata using pkginfo
      • Use 'pkgchk' to enumerate package's contents
      • Use pkgchk to discover discrepancies in file locations and permissions - auditing
      • Determine package membership of files using pkgchk
      • Use 'pkgadd' to install packages
      • Add packages to the local pacakage repository for subsequent installs
    •  
    • Patch Management
      • Discuss options for managing patches
      • Register server with sun.com to obtain patches automatically
      • Resolve outstanding patches using Update Manager
      • Install selected patches and reboot if necessary
      • Confirm patch application
      • Analyze patch level using 'smpatch' from the BASH shell
      • Install specific patches using 'smpatch'
    •  
    • Unix File Permissions
      • Analyze permissions in 'ls -l' output
      • Discuss common Unix file types (files, directories, links, named-pipes, etc.)
      • Correlate symbolic permissions values to octal values
      • Use 'chmod' to alter file & directory permissions
      • Use 'chown & chgrp' to alter file & directory ownership
      • Apply SETUIDSETGID permissions to files & directories
      • Discuss the rules of symbolic & hard links
      • Create hard and soft links - symlinks
      • Discuss and examine inodes
    •  
    • Devices & Drivers Overview
      • Explore & correlate logical & physical device locations
      • Identify & discuss default driver locations
    •  
    • Disk, Slice & File System Management
      • Explain disk terminology (Tracks/Cylinders/Sectors/Partitions/Slices)
      • Examine existing disk layout, including slices using prtvtoc
      • Discuss x86 partition constraints - Volume Table of Contents (VTOC) & FDISK
      • Illustrate the disk-FDISK-slice hierarchy
      • Explain the disk nomenclature: c0t0d0s* (controller, target, disk, slice)
      • Identify logical and physical disk/slice locations
      • Use 'format' to enumerate connected controllers & disks
      • Manipulate slices using 'format'
      • Rectify disk geometry issues using fdisk option of 'format'
      • Manipulate FDISK partitions with fdisk option of 'format'
      • Discuss 'newfs' rules
      • Create Unix File Systems (UFSs)  using 'newfs'
      • Mount newly-created file systems at various locations
      • Confirm available storage
      • Updated /etc/vfstab, ensuring persistence
      • Recap file system provisioning process
      • Provision memory-based, Temporary File System (TEMPFS)
      • Provision and manage additional SWAP storage (files & file systems)
    •  
    • Volume Management - State Database Replicas, RAID-0/1/5, Volume Extenstion (growfs)
      • Introduction to volume management
      • Discuss Replicas, RAID Volumes, Hot Spare Pools, and Soft Partitions
      • Create required state database replicas on available slices, using SMC
      • Provision RAID-0 (Stripe) using SMC and available disks
      • Create UFS file system on RAID-0 volume, mount, and confirm results
      • Provision RAID-1 (Mirror) using SMC and available disks
      • Create UFS file system on RAID-1 volume, mount, and confirm results
      • Provision RAID-5 (Stripe with Parity) using SMC and available disks
      • Create UFS file system on RAID-5 volume, mount, and confirm results
      • Extend an in-use volume dynamically, using 'growfs'
      • Confirm extended volume results
    •  
    • Quota Implementation
      • Discuss the benefits of implementing quotas
      • Discuss soft & hard limits
      • Discuss inodes and blocks usage
      • Examine 'edquota'
      • Use 'quotacheck' to confirm quotas
      • Enable quotas on a per-file system basis & confirm results
      • Test soft & hard limits by generating I/O
      • Use 'repquota' to confirm current disk & slice usage
    •  
    • CRON - Process Scheduling - Automation
      • Discuss the benefits of automation & scheduling
      • Explore at, and Cron's directory layout
      • Explain Cron scheduling fields
      • Examine user's cron entries
      • Schedule per-user jobs and confirm execution
    •  
    • SYSLOG - Configuration
      • Discuss features & benefits
      • Identify key binaries and configuration files
      • Discuss Syslog rule components: selectors (facilities & levels) and actions
      • Peruse predefined selectors & actions
      • Explain options for facilities, levels and actions
      • Configure new selectors & actions for Cisco® PIX® firewall logging
      • Confirm logging results
    •  
    • Log Rotation - logadm
      • Discuss features & benefits
      • Identify key binaries and configuration files
      • Explore default log rotation schedule and items
      • Discuss available logadm criteria
      • Examine log rotation and effects on inodes
    •  
    • Zettabyte File System (ZFS) Implementation
      • Discuss the features (RAID-0/1/Z, Pools, etc.) and benefits of ZFS
      • Discuss ZFS prerequisites
      • Create ZFS pools using the Command Line Interface (CLI)
      • Set quotas on provisioned ZFS file systems atop the hierarchy and evaluate results
      • Manage ZFS storage pools from the CLI
      • Extend ZFS storage pools dynamically, while mounted
      • Manage ZFS storage pools using the web GUI
    •  
    • NETSTAT
      • Explain 'netstat' applications
      • Identify key output features including: address families & protocols
      • Use 'netstat' to return the current IP routing table
      • Correlate service names in output to /etc/services
      • Return protocol-specific entries
      • Return active sockets and attached processes
      • Reveal DHCP-configured plumbed interfaces
    •  
    • Network Configuration
      • Discuss network configuration modes
      • use 'dladm' to reveal the status of connected network interfaces - layer 1
      • Explain network interface nomenclature
      • Use 'ifconfig' to return layer 2(MAC) & 3(IP) information for network interfaces
      • Identify key network services using Service Management Facility (SMF)
      • Enumerate key network configuration files for the configuration modes
      • Transition from DHCP to static configuration, creating the requisite files
      • Reboot and confirm static configuration
      • Reveal DHCP-configured plumbed interfaces using 'ifconfig'
      • Plumb(Initiate) physical interfaces, commit configuration for persistence & test comms
      • Plumb(Initiate) logical interfaces associated with physical interfaces & test comms from Linux
      • Explore '/etc/nsswitch.conf' name service configuration file
    •  
    • Network Time Protocol (NTP) Client/Server Implementation
      • Configure Network Time Protocol (NTP) to perform client/server time synchronization
      • Synchronize NTP with additional Stratum 2 NTP server
      • Synchronize against Stratum 1 NTP servers
    •  
    • Network File System (NFS) Implementation
      • Implement NFS Server
      • Export shares and discuss options
      • Mount NFS exports on remote Linux Hosts
      • Explore AutoFS configuration
      • Configure AutoFS mount points
    •  
    • Samba Implementation
      • Focus on key Samba (SMB/CIFS) clients
      • Integrate with Windows via Samba
      • Explore Samba Configuration files
      • Enable Samba Server support
      • Explore Samba Web-based Administration Tool (SWAT)
      • Configure Samba file sharing
      • Configure Samba with multiple NETBIOS aliases
    •  
    • WUFTPD File Transfer Protocol (FTP) services
      • Implement anonymous FTPD
      • Implement user-level FTPD access
      • Implement FTPD banners
      • Disable anonymous access
      • Configure WUFTPD to chroot jail users into their home directories
      • Configure virtual FTP hosts
    •  
    • Dynamic Host Configuration Protocol (DHCP)
      • Explain DHCP Concepts & Applications
      • Explore DHCP confiuration files
      • Configure DHCP subnet with applicable options
      • Configure DHCP Reservation based on layer-2 address
    •  
    • Domain Name System (DNS)
      • Identify BIND packages & key files
      • Construct a standard 'named.conf' configuration file with root hints, forward, and reverse zones
      • Download latest root hints file as 'db.cache' using 'wget'
      • Construct appropriate zone files to match defined zones in '/etc/named.conf'
      • Configure BIND as a caching-only DNS server
      • Implement Master DNS Zone
      • Configure Master/Slave Zones with Linux Server
      • Evaluate results of BIND configuration using DIG & host
    •  
    • Sendmail Message Transfer Agent (MTA)
      • Introduction to Sendmail Implementation
      • Explore the directives in the Sendmail configuration files
      • Explre aliases
      • Test messaging using 'sendmail' binary
      • Identify relay-related configuration files
      • Configure Virtual Domains
    •  
    • Internet Message Access Protocol (IMAP) Implementation
      • Explain POP3 & IMAP applications
      • Download & Install IMAP server using 'wget' , 'gunzip' & 'pkgadd'
      • Configure IMAP server to be managed by INETADM (SMF)
      • Invoke & test mail retrieval
    •  
    • Apache Web Server Implementation
      • Identify the versions of Apache included with Solaris® 10 using SMF & pkg* tools
      • Discuss Apache server's features and concepts
      • Explore key binaries, configuration files, and documentation
      • Discuss key sections & directives in the Apache 'httpd.conf' file
      • Setup Apache 2 support
      • Implement Apache Mod Alias and ScriptAlias
      • Discuss and implement the File, Location & Directory directives
      • Explore Apache logging semantics
      • Configure IP-based Virtual Hosts
      • Configure Name-based Virtual Hosts
      • Implement Apache logging system per virtual host
      • Webalizer Log Analysis software Implementation
      • Generate web reports using Webalizer
    •  
    • Trivial File Transfer Protocol (TFTP) Implementation
      • Install TFTP server
      • Backup Cisco PIX firewall configuration using TFTP
      • Update Cisco PIX firewall configuration using TFTP
    •  
    • MySQL® Relational Database Management System
      • Install MySQL® Relational Database Management System
      • Explore key configuration files
      • Secure access to MySQL®
      • Discuss security framework
      • Discuss default table storage engine, MyISAM, file types
      • Explore MySQL® monitor shell-based interface

    • PHPMyAdmin - MySQL® Web-based Management Interface
      • Install PHPMyAdmin for web-based management of MySQL instances
      • Explain & Secure access to PHPMyAdmin
      • Explore PHPMyAdmin's interface
    •  
    • Postfix Message Transfer Agent (MTA)
      • Configure Postfix as default MTA
      • Introduction to Postfix Message Transfer Agent (MTA)
      • Explore the directives in the Postfix configuration files
      • Define default values for the FQDN
      • Alter myorigin and examine results
      • Configure Postfix to route messages using a Smarthost
      • Examine how Postfix delivers mail locally
      • Configure SMTP Relaying in Postfix
      • Use Mutt to demonstrate outbound mail handling using Postfix
      • Define SMTP Virtual domains for hosting multiple DNS domains
      • Configure Postfix with a production UnixCBT DNS domain
      • Examine Virtual domain routing with production and non-production DNS domains
    •  
    • System Security Overview
      • Discuss key areas related to security in a vanilla Solaris® 10 installation
      • Peruse the 'sulog' log file to identify 'su' instances & explain fields
      • Test using 'su' and examine results in '/var/adm/sulog'
      • Record failed logins in the '/var/adm/loginlog' file
      • Test login failures and examine results in 'loginlog'
      • Peruse the directives in '/etc/default/login'
      • Adjust 'login' file directive to capture failed login attempts
      • Test failed logins using SSH - Compare SSH threshold to system threshold
      • Explore system-wide account-policy information using 'logins' command
      • Identify the default password encryption algorithm
      • Upgrade default password encryption algorithm to MD5 and Blowfish
      • Test user-account modifcation of passwords and evaluate encryption strings
    •  
    • Secure Shell Version 2 (SSHv2)
      • Discuss the features and benefits of SSHv2
      • Identify SSHv2 SMF FMRI
      • Identify global and per-user configuration files
      • Explain SSHv2 config file precedence order
      • Identify key directives in global and per-user configuration files
      • Discuss '~/.ssh/known_hosts' file
      • Execute 'ssh' in debug mode and evaluate output, including psuedo-terminal (pty) assignment
      • Execute remote commands and return output to local system using 'ssh'
      • Use Secure Copy (SCP) to copy files securely and non-interactively between systems
      • Use Secure File Transfer Program (SFTP) to copy files securely interactively between systems
      • Generate SSHv2 DSA & RSA usage keys for PKI login
      • Configure SSHv2 to support PKI (password-less) logins
      • Test password-less login to remote systems
      • Execute 'ssh' in debug mode and evaluate output, including PKI, password-less login
      • Implement '~/.ssh/authorized_keys' file
      • Discuss using SSHv2 as a psuedo-VPN via port forwarding
      • Use SSHv2 to forward local TCP ports & test communications
      • Use SSHv2 to forward remote TCP ports & test communications
      • Enable the sharing of locally & remotely forwarded TCP ports
    •  
    • GNU Privacy Guard (GPG) - Pretty Good Privacy (PGP)-compatible Facility
      • Discuss the features and benefits of GPG
      • Download GPG package from sunfreeware.com
      • Install GPG
      • Explore GPG files
      • Generate DSA public/private key pair
      • Identify available, per-user public/private key pairs on keychains
      • Import G/PGP public key and evaluate results
      • Sign imported public key and verify signature associated with downloaded content
      • Encrypt ASCII text file with appropriate public key and evaluate output
      • Decrypt ASCII text with appropriate private key and evaluate output
    •  
    • Snoop - Packet Sniffing
      • Discuss the features and benefits of snoop
      • Explain default interface behavior
      • Execute 'snoop' and evaluate packet headers
      • Capture snoop output to log file
      • Use 'snoop' to playback captured packets
      • Playback ranges of packets
      • Return layers 2-7 of OSI model and evaluate output
      • Apply filters, similar to Berkelye Packet Filters (BPFs), and evaluate results
      • Adjust time output, relative to current, and first packet captured
      • Source FTP traffic from Windows 2003 and snoop credentials passed in clear-text
      • Evaulate results
    •  
    • TCPDump - Packet Sniffing
      • Discuss the features and benefits of tcpdump
      • Install tcpdump from the Software Companion DVD
      • Identify installed package & man pages
      • Discuss tcpdump-supported qualifiers for creating expressions & capturing packets
      • Execute 'tcpdump' and evaluate captured packets
      • Bind tcpdump to specific interfaces for capturing packets
      • Apply Berkeley Packet Filters (BPFs) to capture sessions to suppress traffic
      • Dump 'tcpdump' capture to log file and evaluate results
      • Use 'tcpdump' to playback captured packets
      • Source FTP traffic from Windows® 2003 host and sniff credentials passed in clear-text
      • Source Telnet traffic from Windows® 2003 host and sniff credentials passed in clear-text
      • Evaluate results
    •  
    • Snort® 2.x Network Intrusion Detection System (NIDS) - Packet Sniffing & Logging
      • Discuss the features and benefits of Snort® NIDS
      • Discuss Snort® NIDS pre-requisites (libpcap/libpcre/compiler/etc.)
      • Obtain, compile and install the Snort® Network Intrusion Detection System (NIDS)
      • Identify and explain key operating modes (Sniffer/Logger/NIDS)
      • Invoke Snort® in network sniffer mode
      • Explore Snort® in Binary (TCPDUMP) logging mode
      • Output logs to binary format and examine the results
      • Implement Snort® with BPF to filter traffic
      • Generate traffic from remote Windows 2003 and Linux hosts
      • Use Snort® with Berkeley Packet Filter (BPF) to parse logs
    •  
    • Network Mapper (Nmap)
      • Discuss the features and benefits of Nmap
      • Download Nmap bzip2 source package from insecure.org
      • Compile & install Nmap
      • Discuss default TCP-connect scan mode
      • Discuss SYN-based scanning
      • Use Nmap to perform reconnaisance testing
      • Evaluate results
    •  
    • Solaris® Zones - Containers - Virtualization - Instances
      • Discuss the features, benefits and limitations of Solaris® Zones
      • Discuss Global and Non-Global zones
      • Identify file system location to house non-global zones
      • Use 'zonecfg' to provision non-global zones
      • Verify zone configuration using 'zonecfg'
      • Install non-global zones using 'zoneadm' and evaluate results
      • Login to non-global zones and explore
      • Evaluate results
      • Manage zones using 'zoneadm'
    •  

UnixCBT Sol10x Edition

  •  
DEMO