First Technology Transfer

Standard and Advanced Technical Training, Consultancy and Mentoring

LPAT201 - Advanced Services Configuration and Administration - Level 2 - Part 2

Duration: 5 Days

Background and Intended Audience

This course is based to a large extent on the syllabus of the LPIC 202 exam, the second part of the LPIC Level 2 certification process. Level 2 system administrators are expected to handle small to medium sized mixed networks not only in a practical sense but also in a more managerial sense which involves supervising assistants and providing advice to management on administration matters such as e.g. the kinds of systems to install to automate system administration and monitoring tasks. This course concentrates on configuring, maintaining and troubleshooting key Linux Naming (DNS) , DHCP, EMail and File sharing services. Configuring proxy and load balancing servers such as Nginx and Varnish, setting up, configuring and monitoring system security and system security related services. This is a very tough and demanding course. Full benefits will be obtained by following up post course with the extra assignments and labs that come with the course. For those pursuing the course as a distance learning course the number of hours of study and practical work involved is 120 to 200 hours, as this is the only way to develop the skills and confidence to e.g. pass the Google or Rackspace interview and selection processes, for example.

Prerequisites

Attendees are assumed to have knowledge equivalent to that required for LPIC level 1, such as might have been acquired by completing LPAT101 and LPAT102 training or equivalent and several months practical experience involving Linux system administration.

Key topics covered

  • Domain Name Server
  • Web Services
  • File Sharing
  • Network Client Management
  • E-Mail Services
  • System Security

Detailed Course Outline

  • DNS services
    • Configuring BIND to function as a caching-only DNS server including configuring logging and BIND server management.
      • BIND 9.x configuration files, terms and utilities
      • Defining the location of the BIND zone files in BIND configuration files
      • Reloading modified configuration and zone files
      • Awareness of dnsmasq, djbdns and PowerDNS as alternate name servers
      • Knowledge of the following files, their contents and uses , /etc/named.conf, /var/named/ , /usr/sbin/rndc
      • Understanding the use of the following command line tools and utilities - kill, host, dig
      • Knowing how to Create and maintain DNS zones
      • Creating a zone file for a forward or reverse zone and hints for root level servers.
      • zone file syntax - resource record formats
      • Layout, content and file location of the BIND zone files - named-checkzone, named-compilezone, masterfile-format
      • Setting appropriate values for records, adding hosts in zones and adding zones to the DNS.
      • Delegating zones to another DNS server.
      • BIND 9 configuration files ... /var/named
      • Utilities to request information from the DNS server ... dig, nslookup, host
      • Reverse zones
    • DNS server security
      • Knowing how to configure a DNS server (/etc/named.conf) to run as a non-root user and run in a chroot jail
      • Securing exchange of data between DNS servers.
      • Configuring and using transaction signatures (TSIG)
      • Installing and configuring DNSSEC and related tools - dnssec-keygen, dnssec-signzone
      • Understanding of DANE and related records
      • Split configuration of BIND using the forwarders statement
  • LDAP and LDAP Services
    • LDAP Architecture, Underlying Concepts and origins in X500
      • Terminology and structure of LDAP data
      • LDIF format
      • Object IDs, Attributes and Classes
      • Distinguished Names
      • Schemas and Whitepages
    • Administering and using LDAP services
      • Importing and adding items
      • Querying and updating an LDAP server - ldapsearch, ldapadd,ldapdelete
      • Changing user passwords - ldappasswd
    • Installing , Securing and Configuring an OpenLDAP server
      • Directories and Directory based configuration
      • Access control
      • Changetype operations
      • LDAP server installation and configuration - /var/lib/ldap
    • Command line tools and utilities - slappadd, slapcat and slapinder
    • LDAP Logging and loglevels
  • Web Services
    • High level overview - Implementing and maintaining web servers and web proxy servers - Apache, Tomcat and Nginx.
    • Installing and configuring an Apache web server with support for scripting languages such as PHP , Perl and Python
      • Understanding the syntax of Apache configuration directives and the organisation of Apache configuration files - httpd.conf
      • Apache log file configuration and use of Apache log files for troubleshooting and monitoring purposes - access logs and error logs.
      • Configuring Apache modules to support user authentication - htpasswd, mod_auth_basic, mod_authz_host and mod_access_compat
        • Knowledge of Client user authentication files and utilities - AuthUserFile, AuthGroupFile
        • Configuration of maximum requests, minimum and maximum servers and clients
        • Controlling file access via .htaccess
      • Apache 2.4 virtual host implementation (with and without dedicated IP addresses)
      • Using redirect statements in Apache’s configuration files to customize file access
      • Stopping and starting Apache2.4 - apachectl, apache2ctl
      • Configuring Apache2 to provide HTTPS capabilities
        • SSL configuration files, tools and utilities - /etc/ssl/, /etc/pki/
        • Generating a server private key and CSR for a commercial CA
        • Generate a self-signed Certificate
        • Installing the key and certificate, including intermediate CAs
        • Configure Virtual Hosting using SNI
        • Understanding the issues associated with Virtual Hosting and use of SSL
        • Security issues in SSL - disabling insecure protocols and ciphers
        • Understanding and knowing how to make use of - openssl, CA.pl, SSLEngine, SSLCertificateKeyFile, SSLCertificateFile, SSLCACertificateFile, SSLCACertificatePath, SSLProtocol, SSLCipherSuite, ServerTokens, ServerSignature, TraceEnable
    • Setting up and configuring a Proxy server
      • Forward and reverse proxying
      • Uses of proxy servers in organisations
      • An overview of commonly deployed Proxy servers - Apache, Squid, Nginx
      • Planning security and monitoring when deploying a proxy server - including access policies, authentication and resource usage.
    • Squid 3.x a cacheing proxy server
      • Configuration files, terms and utilities
      • Access restriction methods
      • Client user authentication methods
      • Layout and content of ACL in the Squid configuration files - squid.conf
    • Nginx - as a web server and as a reverse proxy server
      • Installing and basic configuration of Nginx
      • Syntax of Nginx configuration file entries
      • Configuring Nginx for reverse proxying
      • Configuring and understanding Nginx load balancing
  • Overview of file sharing frameworks for Linux - SAMBA and NFS
    • SAMBA
      • Installing and configuring a SAMBA server - as a standalone server
      • Installing and configuring a SAMBA server - as a server integrated as a member in an Active Directory setup
      • Knowing how to configure basic CIFS and printer shares
      • Being able to configure a Linux client to use a Samba server
      • Understanding the mapping of Windows user names to Linux user names
      • Identifying and troubleshooting common Samba installation and deployment problems
      • Understanding and setting up SAMBA security - User-Level, Share-Level and AD security
      • Knowing the content and purpose of key Samba files and directories /etc/samba/ and /var/log/samba/
      • Being familiar with and able to use command line tools and utilities such as smbcontrol, smbstatus, testparm, smbpasswd, nmblookup mount.cifs and samba-tool
    • NFS Server Configuration
      • Remote Procedure Calls and how NFS works
      • portmapper
      • mountd
      • Knowing how to export filesystems using NFS and how to configure and use access restrictions
      • Mounting an NFS filesystem on a client and client and server mount options
      • Important configuration and deployment files and directories - /etc/exports, /proc/mounts, /etc/fstab
      • Understanding and knowing how to use tools and utilities such as exportfs, showmount, nfsstat and rpcinfo
      • Differences between NFSv3 and NFSv4
      • Approaches to securing NFS
      • Access restrictions to certain hosts and/or subnets
      • TCP wrappers and access control
  • E-Mail Services
    • Understanding the principles of internet email
    • SMTP - clients and servers
    • Mailboxes and forwarding
    • Mail retrieval protocols - POP and IMAP
    • Managing Local E-Mail Delivery
    • Managing Remote E-Mail Delivery including forwarding
    • Basic understanding of installation and setup of Sendmail, Postfix, Exim, Dovecot, and Squirrel
    • Knowing how to use the mail command line tool - on the command line and in Bash scripts
  • System Security - overview of security in the context of distributed (networked) Linux systems
    • router and routing configuration
    • Securing FTP servers
    • Setup and use of the Secure shell (SSH)
    • TCP Wrappers - theory and practice
    • Administration Security tasks
    • PAM authentication
      • SSSD - Systems Security Services Daemon - overview
      • NSS and PAM services
      • PAM - technologies and API
      • Configuring PAM authentication
        • PAM configuration files and directories - /etc/pam.d, pam.conf, nsswitch.conf, sssd.conf
        • PAM passwd and shadow passwords
      • PAM utilities and tools - pam_unix, pam_cracklib, pam_limits, pam_listfile, pam_sss
      • PAM use of sssd for LDAP authentication
  • System Security - Networking and related issues
    • Router configuration related topics
    • Configuring a system to forward IP packet and perform network address translation (NAT, IP masquerading)
    • Configuring port redirection, managing filter rules and averting attacks
    • iptables and ip6tables
    • Private address ranges (IPv4) and Unique Local Addresses as well as Link Local Addresses (IPv6)
    • Port redirection and IP forwarding
    • List and write filtering and rules that accept or block IP packets based on source or destination protocol, port and address
    • Saving and reloading filtering configurations
    • Key files and directories - contents and usage - /proc/sys/net/ipv4/ , /proc/sys/net/ipv6/ , /etc/services
    • Important tools and utilities - iptables , ip6tables
    • Securing FTP servers
      • Configuring an FTP server for anonymous downloads and uploads
      • Configuring user access for anonymous uploads
      • passive vs. active FTP connections
      • Pure-FTPd and vsftpd
    • Secure shell (SSH)
      • configuring and securing an SSH daemon
      • Managing keys and configuring SSH for users
      • Managing and using server and client keys to login with and without password
      • Managing SSH login
      • Login restrictions for the superuser and the normal users
      • Forwarding application protocols over SSH
      • Usage of multiple connections from multiple hosts to guard against loss of connection to remote host following configuration changes
      • Key files and directories - /etc/ssh/sshd_config , /etc/ssh/ , Private and public key files
      • Knowledge of ssh and related commands e.g. scp
      • Knowledge of admin tools and utilities - PermitRootLogin, PubKeyAuthentication, AllowUsers, PasswordAuthentication, Protocol
    • Security tasks - Administrative Aspects
      • Receiving and handling security alerts from various sources
      • Locations and organizations that report security alerts as Bugtraq, CERT
      • Tools and utilities to implement an intrusion detection system (IDS)
      • OpenVAS and Snort
      • Installing, configuring and running intrusion detection systems
      • Applying security patches and bugfixes
      • Tools and utilities to scan and test ports on a server - nmap, telnet, nc (netcat)
      • Tools and utilities for analysing log files - fail2ban
      • Configuring and testing firewall configurations - iptables
    • OpenVPN
      • Configuring a VPN (Virtual Private Network) and creating secure point-to-point or site-to-site connections.
    • Troubleshooting and Defence
      • Identifying boot stages and troubleshooting bootloaders
      • General troubleshooting
      • Troubleshooting system resources
      • Troubleshooting environment configurations
      • Attack types - DoS (Denial of Service), Viruses, WORMS and Malware
      • Detecting attacks and defencing against attacks.
      • Basic penetration testing and dealing with vulnerabilities.

    Call us:

    Technical enqiries: 020 8669 0769
    Sales enquiries: 020 8647 1939, 020 77681 40786