LinuxCBT SLES-10 Edition focuses exclusively on the SUSE Enterprise 10 Linux operating system.
LinuxCBT SLES-10 Edition, is unparalleled in content, depth and expertise. LinuxCBT SLES-10 Edition prepares you or your organization for successfully deploying and managing business-critical SUSE Enterprise 10-based server solutions.
Let LinuxCBT SLES-10 Edition teach you SUSE Enterprise 10 Linux skills!
Recommended Prerequisites:
- Open mind & determination to master Linux and related open-source applications
- Basic MS Windows skills
- Basic understanding of networking concepts
- Access to a spare PC to perform all of the installations and exercises
Installation & General Usage - Module 1
- Network-based (HTTP & SSH) Installations
- Enable Apache HTTPD on Installation server
- Configure SUSE Ent. 10 Server as an HTTP Installation source with Apache
- Discuss system requirements
- Install SUSE Ent. 10 Server via HTTP
- Confirm results
- Grand Unified Boot Loader (GRUB) & System V Linux Runlevel implementation
- Explore GRUB configuration
- Explain SUSE Linux System V Init Runlevel (0 - 6) concepts & applications
- Identify key startup files, including scripts (inittab,Sscripts,Kscripts,etc.)
- GNOME & YaST
- Explore the GNOME Desktop Interface
- Explore YaST, centralized management tool
- Install packages using Yast package manager
- Basic GNU/Linux Skills - Command Line Interface (CLI) - BASH
- Introduction to GNOME Terminal
- Demonstrate usage of the following useful commands & concepts
- ls, pwd, cd, cp, mv, rm, mkdir, rmdir, whoami, man, info
- alias, cat, file, chmod, chown, history
- Standard in/out, UNIX Pipes, Redirection, Command Chaining
- ps, df, free, vmstat, top, kill
- less & more, head & tail, diff
- which & whereis, w, who
- Use grep and cut to process delimited log files
- find, locate
- tar, gzip/gunzip, bzip2, zcat
- Explore Pico text editor
- Install and explore Nano text editor
- Convert Windows text files to Unix format using dos2unix
- Convert Unix text files to Windows format using unix2dos
- Common Network Clients
- File Transfer Protocol (FTP) client
- Install and use LFTP - Sophisticated FTP Client to connect to FTP/HTTP servers
- Mirror and reverse mirror using LFTP to synchronize data
- Wget - HTTP/HTTPS/FTP connectivity
- Explain SSH concepts, implementation, etc.
- Use SSH Client to connect to remote Linux Systems using password authentication
- Identify key SSH-client files (.known_hosts, public/private key pairs,etc.)
- Authenticate to remote Linux systems using alternate credentials
- Use Secure Copy Protocol (SCP) to move data between systems non-interactively
- Use Secure File Transfer Protocol (SFTP) to move data between systems interactively
- Demonstrate how to generate Public/Private key (RSA/DSA) pairs using SSH-Keygen
- Demonstrate using SSH to authenticate to remote Linux hosts without passwords
- Generate Public Key/Private Key pairs for use with file and E-mail encryption
- Demonstrate using E-mail client with GNU Privacy Guard (GPG) Open PGP for E-Mail encryption
- Use Remote Desktop to connect to RDP & VNC remote Linux and Windows hosts
- Use ping, mtr & arp
- Use dig, host, nslookup name resolution clients
- NETSTAT
- IFCONFIG
- top
Systems Managment & Configuration - Module 2
- RPM Package Management Tool Concepts & Usage
- Explain classes of SUSE Linux Packages
- Query existing packages
- Identify offline and online package repositories
- Install packages
- Upgrade packages
- Freshen packages
- Remove packages
- Identify package membership of files on the SUSE system
- Manage Users and Groups & Permissions
- User profile implementation logic and concepts - (Bash profile/etc/skel/aliases/PATH/etc.)
- User and group creation & management concepts - passwd, shadow, group, gshadow files
- Use YaST to create and manage users and groups
- SETUID
- SETGID - Group collaboration
- Sticky Bit
- Explore Hard and Symbolic links including across disparate file systems
- Paritions, File Systems & Volumes (RAID|LVM)
- Provision new paritions with FDISK/Parted/YaST & ReiserFS
- Configure RAID 0/1/5/ Volumes
- Implement Logical Volume Management (LVM)
- Provision additional Swap storage paritions and files
- Use MKSWAP & SWAPON to enable additional Swap storage
- Identify allocated swap space to the kernel
- Committ changes for persistence
- Explore System Logging via SYSLOG-NG and Logrotate
- Explore Boot log & System Log
- Explanation of syslog facilities & levels
- Discuss SYSLOG-NG features & enhancements
- Demonstrate syslog administration
- Enable SYSLOG network listener
- Demonstrate Cisco PIX Firewall to SUSE Linux SYSLOG-NG functionality
- Explore automatic log rotation and customization via Logrotate
- Configure Logrotate to rotate & compress sample log files
- top
Core Networking Services - Module 3
- Network - Physical & Logical Configuration
- Identify key directories & files for static & dynamic communications
- Configure Linux client with static TCP/IP parameters for network communication
- Explore hotplug -> hwup -> ifup logic
- Use ifconfig to ascertain logical TCP/IP configuration
- Use hwinfo to ascertain installed hardware
- Configure Aliased Ethernet Interfaces to faciliate multiple IP addresses
- Implement Network Time Protocol (NTP) Client/Server
- Configure Network Time Protocol (NTP) to perform client/server time synchronization
- Identify NTP bounded UDP interfaces
- Synchronize SUSE Enterprise Linux NTP with RedHat Linux Stratum 2 NTP server
- Synchronize against Stratum 1 NTP servers
- Dynamic Host Configuration Protocol (DHCP)
- Explain DHCP Concepts & Applications
- Explore DHCP confiuration files
- Configure DHCP subnet with applicable options
- Configure DHCP Reservation based on layer-2 address
- Enable DHCP with DDNS
- Configure DHCP Failover between SUSE and RedHat Linux Servers
- Test DHCP Failover with Windows 2003 Host
- Domain Name System (DNS)
- Explore SUSE DNS configuration via YaST
- Configure BIND as a caching-only DNS server
- Implement Master DNS Zone
- Configure Reverse Zone for local subnet
- Implement Dynamic Domain Name System (DDNS) Zones (Forward/Reverse)
- Explain DHCP and DNS update integration options
- Integrate DHCP with DNS via Encypted Transaction Signatures (TSigs)
- Configure Windows 2003 Active Directory to publish DNS Records to SUSE Server
- Examine Windows 2003 SRV Records
- Configure Master/Slave Zones with RedHat Linux Server
- Evaluate results of BIND configuration using DIG & host
- Implement DNS sub-domains (Third-level domains)
- CRON - System Scheduler
- Explore Cron Implementation
- Explain scheduling options
- Global and scope-based Cron options
- Schedules jobs to run & examine the output
- Configure individual Crontab entries
- Samba Implementation
- Implement Linux & Windows Integration via Samba
- Explore Samba Configuration files
- Implement SMBFS integration with SUSE Enterprise Linux File System
- Mount Windows shares seamlessly using Samba File System (SMBFS)
- Configure FSTAB to support repetitive mounts
- Implement secure SMBFS credentials for mounting
- Install Samba Server support
- Install Samba Web-based Administration Tool (SWAT)
- Configure Samba file sharing
- Configure Samba with multiple NETBIOS aliases
- Install Active Directory on Windows 2003 Server
- Integrate SUSE Ent. 10 Server with Windows Active Directory (AD)
- Test Samba-to-Windows integration using 'getent' and authentication
- Very Secure VSFTPD File Transfer Protocol (FTP) services
-
- Implement anonymous FTPD
- Implement user-level FTPD access
- Implement FTPD banners
- Disable anonymous access
- Configure VSFTPD to chroot jail users into their home directories
- Implement bandwidth rate-limiting to control bandwidth usage
- Implement & test banning of unwelcomed anonymous e-mail addresses
- Implement VSFTPD user with redirect to a Samba share
- Network File System (NFS) Implementation
- Identify key services/daemons
- Configure NFS Client & Server
- Evaluate NFS connectivity to other Linux hosts
- RSYNC Implementation
- Discuss features and benefits
- Implement rsync
- Confirm results
- top
Linux Apache MySQL PHP (LAMP) - Messaging - PureFTPD - Module 4
- Apache Web Server Implementation
- Discuss Apache server's features and concepts
- Examine Apache-SUSE HTTPD CONF hierarchy
- Examine various configuration files
- Implement Apache Mod Alias and ScriptAlias
- Examine user home directories
- Discuss the Directory directive
- Explore redirects
- Configure .htacess file with directives
- Implement Basic and digest authentication schemes
- Configure IP-based Virtual Hosts
- Configure Name-based Virtual Hosts
- Explore Apache logging
- Implement Apache logging system per virtual host
- Webalizer Log Analysis software Implementation
- Generate web reports using Webalizer
- Implementation of PHP Dynamic Web Access Scripting Engine
- Evaluate PHP Dynamic Web Access Scripting Engine installation results
- Test basic PHP script-processing using sample scripts
- Create and test PHP-form with Apache
- MySQL Relational Database Management System
- Install MySQL Relational Database Management System
- Secure access to MySQL
- Explore MySQL monitor shell-based interface
- Create sample MySQL databases
- Load external data-set from Linux
- Load external data-set from Windows
- Integrate PHP with MySQL
- PHPMyAdmin - MySQL Web-based Management Interface
- Install PHPMyAdmin for web-based management of MySQL instances
- Explain & Secure access to PHPMyAdmin
- Explore PHPMyAdmin's interface
- Postfix Message Transfer Agent (MTA)
- Introduction to Postfix Message Transfer Agent (MTA)
- Explore the directives in the Postfix configuration files
- Define default values for the FQDN
- Alter myorigin and examine results
- Configure Postfix to route messages using a Smarthost
- Examine how Postfix delivers mail locally
- Configure SMTP Relaying in Postfix
- Use Mutt to demonstrate outbound mail handling using Postfix
- Define SMTP Virtual domains for hosting multiple DNS domains
- Configure Postfix with a production LinuxCBT DNS domain
- Examine Virtual domain routing with production and non-production DNS domains
- Post Office Protocol Version 3 (POP3)
- Explain POP3 concepts and applications
- Implement POP3 daemon
- Connect to POP3 daemon using Windows 2003 Outlook Express client
- Reroute inbound messages using Sendmail to POP3 account for retrieval
- Use Mutt to send SMTP-based messages to POP3 account
- Internet Messaging Access Protocol (IMAP)
- Explain IMAP concepts and applications in comparison to POP3
- Implement IMAP services
- Connect to IMAP services from remote Windows Outlook Express client
- Squirrel-mail Web-based Mail Interface Implementation
- Describe required squirrel mail components for web-mail integration
- Install squirrel mail on SUSE Enterprise Linux system
- Configure Apache virtual directory for squirrel mail integration
- Configure Apache Virtual Host for squirrel mail integration
- Configure BIND DNS services for squirrel mail integration
- Explore squirrel mail's web-based interface
- PureFTPD Implementation
- Explore configuration & enable service
- Test various modes of operation
- Xen Virtualization
- Discuss features & benefits
- Implement Xen with instance of SUSE Ent. 10 Edition
- top
Security Implementation Techniques - Module 5
- System Audit & Lockdown
- Identify tools to perform system audit
- Ascertain and document current system state
- Close all superflous services
- Bind necessary services (daemons) to necessary interfaces and logical addresses
- Establish security configuration baseline
- XINETD (Enhanced & Secure INETD Super Server Implementation)
- Identify key XINETD configuration files
- Explain the contents and structure of xinetd.conf
- Restrict access to various daemons/services based on hosts & subnets
- Lockdown XINETD-controlled services
- Configure XINETD to restrict number of spawned instances of daemons/services
- Configure XINETD to bind daemons/services to specific sub-interfaces (Virtual IP addresses)
- XINETD logging
- Explore additional XINETD features
- TCP Wrappers concepts & applications
-
- Identify primary package and key TCP Wrappers configuration files
- Demonstrate disabled TCP Wrappers configurations by attempting connectivity
- Examine pre and post TCP Wrappers configuration effects
- Implement TCP Wrappers for common services
- Test local & remote access to TCP Wrappers-protected host & services
- IPTABLES (Netfilter Linux Kernel-based Firewall)
- Discuss IPTABLES/Netfilter Concepts
- Explain IPTABLES default chains/filters and policies
- Examine TCP/ICMP communications pre-IPTABLES chains
- Implement ICMP inbound filtration based on various hosts
- Use Cisco PIX Firewall to verify ICMP debugging
- Filter traffic based on Layer-4 TCP/UDP (Source/Destination Ports) information
- Restrict access to various daemons (SSH/FTP/HTTP/etc.)
- Test connectivity locally and remotely (RedHat/Windows/etc.)
- Network Mapper (NMAP)
- Obtain, compile and install current version of NMAP
- Identify commonly used NMAP options/switches/parameters
- Perform default TCP SYN-based ethical scans of local and remote resources
- Explain typical TCP handshake protocol while using NMAP
- Examine the results of scans on remote Cisco firewall with debugging mode enabled
- Perform default TCP Connect-based ethical scans of local and remote resources
- Examine the results of scans on remote Cisco PIX Firewall with debugging mode enabled
- Use NMAP to scan using aliased and spoofed IP addresses
- Peform local ethical scans
- Identifiy key NMAP configuration files
- Use NMAP to perform operating system fingerprinting
- Peform subnet-wide ethical scans
- Nessus Vulnerability Scanner Implementation
- Download & Install Nessus Client & Server
- Configure & test credentials
- Discuss plug-ins and scopes
- Perform vulnerability scans & evaluate results
- TCPDump Traffic Capture
- Discuss features
- Capture data in ASCII & Binary formats
- Implement Berkeley Packet Filters (BPFs)
- Analyze results
- Ethereal Traffic Analysis
- Discuss features
- Install using YaST
- Analyze TCPDump binary file
- Rebuild interesting TCP sessions
- Snort 2.x Network Intrusion Detection System (NIDS)
- Obtain, and install Snort pre-requisites (libpcap/libpcre/etc.)
- Obtain, compile and install the Snort Intrusion Detection System (NIDS)
- Identify and explain key operating modes (Sniffer/Logger/NIDS)
- Explore Snort in network sniffer mode
- Explain OSI Model and relevant Snort sniffing options
- Explore Snort in ASCII and Binary (TCPDUMP) logging modes
- Output Snort logs to ASCII text format and examine the results
- Output Snort logs to binary format and examine the results
- Implement Snort with BPF to filter traffic
- Generate traffic from remote Windows 2003 and Linux hosts
- Use Snort with Berkeley Packet Filter (BPF) to parse logs
- Implement Snort in NIDS modes
- Explore the snort.conf file and discuss rules
- Explain Logging and Alerting output options
- Perform port-scans from remote Linux systems and analyze Alerts
- Configure MySQL with Snort-compliant schema
- Configure Snort to log to MySQL
- Download & Install BASE web analysis application
- Configure BASE to read alerts from MySQL
- Evaluate results
- top
|
