Red Hat Enterprise Linux Network Services and Security Administration - RH253

Course Description:

This course is about how to become a system administrator who can setup a Red Hat Enterprise Linux server and configure common network services and implement a security policy at a basic level.

Who should attend this course?

Audience: System administrators, consultants, and other IT professionals.


· RH033 Red Hat Linux Essentials

· RH133 Red Hat Linux System Administration, or equivalent skills and experience.

· A working knowledge of Internet Protocol (IP) networking.

Course Outline:

· Unit 1 - System Performance and Security

o System Resources as Services

o Security in Principle

o Security in Practice

o Security Policy: the People

o Security Policy: the System

o Response Strategies

o System Faults and Breaches

o Method of Fault Analysis

o Fault Analysis: Hypothesis

o Method of Fault Analysis, continued

o Fault Analysis: Gathering Data

o Benefits of System Monitoring

o Network Monitoring Utilities

o Networking, a Local view

o Networking, a Remote view

o File System Analysis

o Typical Problematic Permissions

o Monitoring Processes

o Process Monitoring Utilities

o System Activity Reporting

o Managing Processes by Account

o System Log Files

o syslogd and klogd Configuration

o Log File Analysis

· Unit 2 - System Service Access Controls

o System Resources Managed by init

o System Initialization and Service Management

o chkconfig

o Initialization Script Management

o xinetd Managed Services

o xinetd Default Controls

o xinetd Service Configuration

o xinetd Access Controls

o Host Pattern Access Controls

o The /etc/sysconfig/ files

o Service and Application Access Controls

o tcp_wrappers Configuration

o Daemon Specification

o Client Specification

o Macro Definitions

o Extended Options

o A tcp_wrappers Example

o xinetd and tcp_wrappers

o SELinux

o SELinux, continued

o SELinux: Targeted Policy

o SELinux: Management

o SELinux: semanage

o SELinux: File Types

· Unit 3 - Network Resource Access Controls

o Routing

o IPv6 Features

o Implementing IPv6

o IPv6: Dynamic Interface Configuration

o IPv6: Static Interface Configuration

o IPv6: Routing Configuration

o tcp_wrappers and IPv6

o New and Modified Utilities

o Netfilter Overview

o Netfilter Tables and Chains

o Netfilter Packet Flow

o Rule Matching

o Rule Targets

o Simple Example

o Basic Chain Operations

o Additional Chain Operations

o Rules: General Considerations

o Match Arguments

o Connection Tracking

o Connection Tracking, continued

o Connection Tracking Example

o Network Address Translation (NAT)

o DNAT Examples

o SNAT Examples

o Rules Persistence

o Sample /etc/sysconfig/iptables

o IPv6 and ip6tables

· Unit 4 - Organizing Networked Systems

o Host Name Resolution

o The Stub Resolver

o DNS-Specific Resolvers

o Trace a DNS Query with dig

o Other Observations

o Forward Lookups

o Reverse Lookups

o Mail Exchanger Lookups

o SOA Lookups

o SOA rdata

o Being Authoritative

o The Everything Lookup

o Exploring DNS with host

o Transitioning to the Server

o Service Profile: DNS

o Access Control Profile: BIND

o Getting Started with BIND

o Essential named Configuration

o Configure the Stub Resolver

o bind-chroot Package

o caching-nameserver Package

o Address Match List

o Access Control List (ACL)

o Built-In ACL's

o Server Interfaces

o Allowing Queries

o Allowing Recursion

o Allowing Transfers

o Modifying BIND Behavior

o Access Controls: Putting it Together

o Slave Zone Declaration

o Master Zone Declaration

o Zone File Creation

o Tips for Zone Files

o Testing

o BIND Syntax Utilities

o Advanced BIND Topics

o Remote Name Daemon Control (rndc)

o Delegating Subdomains

o DHCP Overview

o Service Profile: DHCP

o Configuring an IPv4 DHCP Server

· Unit 5 - Network File Sharing Services

o File Transfer Protocol(FTP)

o Service Profile: FTP

o Network File Service (NFS)

o Service Profile: NFS

o Port options for the Firewall

o NFS Server

o NFS utilities

o Client-side NFS

o Samba services

o Service Profile: SMB

o Configuring Samba

o Overview of smb.conf Sections

o Configuring File and Directory Sharing

o Printing to the Samba Server

o Authentication Methods

o Passwords

o Samba Syntax Utility

o Samba Client Tools: smbclient

o Samba Client Tools: nmblookup

o Samba Clients Tools: mounts

o Samba Mounts in /etc/fstab

· Unit 6 - Web Services

o Apache Overview

o Service Profile: HTTPD

o Apache Configuration

o Apache Server Configuration

o Apache Namespace Configuration

o Virtual Hosts

o Apache Access Configuration

o Apache Syntax Utilities

o Using .htaccess Files

o .htaccess Advanced Example


o Notable Apache Modules

o Apache Encrypted Web Server

o Squid Web Proxy Cache

o Service Profile: Squid

o Useful parameters in /etc/squid/squid.conf

· Unit 7 - Electronic Mail Services

o Essential Email Operation

o Simple Mail Transport Protocol

o SMTP Firewalls

o Mail Transport Agents

o Service Profile: Sendmail

o Intro to Sendmail Configuration

o Incoming Sendmail Configuration

o Outgoing Sendmail Configuration

o Inbound Sendmail Aliases

o Outbound Address Rewriting

o Sendmail SMTP Restrictions

o Sendmail Operation

o Using alternatives to Switch MTAs

o Service Profile: Postfix

o Intro to Postfix Configuration

o Incoming Postfix Configuration

o Outgoing Postfix Configuration

o Inbound Postfix Aliases

o Outbound Address Rewriting

o Postfix SMTP Restrictions

o Postfix Operation

o Procmail, A Mail Delivery Agent

o Procmail and Access Controls

o Intro to Procmail Configuration

o Sample Procmail Recipe

o Mail Retrieval Protocols

o Service Profile: Dovecot

o Dovecot Configuration

o Verifying POP Operation

o Verifying IMAP Operation

· Unit 8 - Securing Data

o The Need For Encryption

o Cryptographic Building Blocks

o Random Number Generator

o One-Way Hashes

o Symmetric Encryption

o Asymmetric Encryption I

o Asymmetric Encryption II

o Public Key Infrastructures

o Digital Certificates

o Generating Digital Certificates

o OpenSSH Overview

o OpenSSH Authentication

o The OpenSSH Server

o Service Profile: SSH

o OpenSSH Server Configuration

o The OpenSSH Client

o Protecting Your Keys

o Applications: RPM

· Unit 9 - Account Management

o User Accounts

o Account Information (Name Service)

o Name Service Switch (NSS)

o getent

o Authentication

o Pluggable Authentication Modules (PAM)

o PAM Operation

o /etc/pam.d/ Files: Tests

o /etc/pam.d/ Files: Control Values

o Example: /etc/pam.d/login File

o The system_auth file


o Network Authentication

o auth Modules

o Password Security

o Password Policy

o session Modules

o Utilities and Authentication

o PAM Troubleshooting

Share this page!