First Technology Transfer

Standard and Advanced Technical Training, Consultancy and Mentoring

Linux System Administration

Duration: 5 Days

Background and Intended Audience

Advanced Linux administration requires a good understanding of how system hardware and the kernel, as well knowing how to apply the many tools and applications needed to carry out system administration and management skills on a daily basis. This can only be taught using a hands on approach and must be followed up by extensive real world experience. Good system administrators configure and maintain systems so as to provide good performance, good availability and robust security and this they do by being able to recognise, diagnose and troubleshoot problem symptoms, both immediate and emerging. This course aims to cover approaches relevant to the major Linux distributions such as RedHat, SuSE and Ubuntu. It can be delivered on a specific Linux distribution e.g. Scientific Linux, SuSE Enterprise Linux ... The course itself is aimed at existing administrators, developers, analysts, indeed, who are looking after a Linux system or systems and who wish to consolidate their existing skills and knowledge.

Prerequisites

Attendees are assumed to have a good working knowledge of Linux, including shell programming and several months real world experience working with Linux

Key topics covered

  • Overview of various widely used Linux distributions
  • Methods and strategies for installing a Linux system
  • Configuring and re-building if necessary a Linux kernel to suit some specific requirement
  • Interrogate, managing and configuring hardware
  • Install additional software both pre-packaged and from source code
  • Performing automated software updates
  • Configuring and troubleshooting boot and the operating system start-up process
  • Implement and managing partitions and filesystems, including LVM
  • Maintaining file system security, including use of chattr and ACL
  • Mandatory Access Control with Selinux and Apparmour
  • Use of PAM to enhance user and session security
  • Working with SAMBA and CIFS in mixed environments
  • Configuring and using SSH for secure connectivity
  • Essential network configuration, security and troubleshooting
  • Configuring and testing packet filtering with iptables and firewalld

Detailed Course Outline

  • Getting Started
    • Overview of the Linux server market and popular distributsions such as Red Hat, Debian (and derivatives such as Ubuntu) and SuSE
    • Understanding kernel versions and features added in the newer 3.x and 4.x kernels
  • Preparing For Installation - Hard disks and Memory
    • Primary, extended and logical partitions
    • Understanding Linux process virtual memory
    • Linux swapping and paging,planning for the swap area, adding swaps
    • Disk tools - fdisk, parted, hdparm and setting up partitions
  • Installation Preparation, Planning and Practice
    • Preparing for an installation
    • Installation sources - DVD, USB, Network
    • Installation using a Standard Distribution
    • Post-installation steps
    • Repeatable installation with installer scripts

  • Software Management
    • Linux software and source code
    • Shared and static libraries
    • Library related tools - ldd and ldconfig
    • Using 'tarballs' and related tools
    • Packages and package management in SUSE, Red Hat Debian and derivatives
    • Packaging method - RPMs and Package management tools: rpm and yum, SUSE zypper management tool
    • Packages in Debian derivatives - dpkg, apt-get, aptitude, tasksel
  • Boot Management
    • Bootstrap procedure on Intel Platforms
    • Traditional BIOS and MBR
    • Comparison with modern UEFI and GPT
    • Using and configuring GRUB "Legacy" bootloader
    • GRUB 2 - an overview
    • GRUB2 'global' directives configuration - /boot/grub/grub.cfg
    • initrd versus initramfs
    • grub2 tools
    • Recovering from boot problems
    • GRUB 2 CLI commands
  • Hardware and Architecture
    • Types of platforms Linux will run on - Minimum hardware requirements
    • Supported devices
    • Configuring sysfs devices with udev
    • Hardware troubleshooting tools
  • Kernel Configuration
    • Kernel runtime parameters - /proc/sys/* and /etc/sysctl.conf
    • Device drivers in the kernel - Monolithic vs. modular approaches
    • Handling modules with lsmod, depmod and modprobe
    • Creating a customised Kernel
    • Kernel interesting locations - /usr/src/*, /boot, /lib/modules/$(uname -r)‏
  • System Service Control
    • SysVinit startup sequence; Single and multi-user run levels
    • The init process and its configuration in /etc/inittab
    • SysVinit startup files (rc files)
    • Systemd method for service control - Units and targets
    • Systemd Configuration files
    • Using systemctl tool
    • Integration with SysVinit method
  • System Logging
    • Auditing and logging
    • Basic Unix log files
    • Simple data tools for working with logs - touch, tail, tail -f, grep
    • Syslog daemon
    • Rotating logs
    • Monitoring logs
    • Introduction to journald
  • User Accounts
    • User-related configuration files /etc/passwd, /etc/group, /etc/shadow
    • Creating an account
    • Basic attributes
    • Secondary group membership
    • Password requirement
    • Customising an account - User home directory and user Start-up files
  • User Account Security
    • Security aspects of basic accounts
    • Terminal and shell control files
    • Monitoring account usage and activity - lastlog, last, lastb
    • Identity power as dictated by UID
    • Role based identity
    • PAM - User authentication principles
    • User account control
  • Extended File Attributes
    • Recap of basic file and directory permissions - r/w/x, SUID, SGID and sticky bit
    • File Access Control List (ACL)
    • Making use of individual user and group assignments
    • Understanding the mask property
    • Using setfacl and getfacl of files and directories
    • Applying additional file attributes through chattr
    • Using chattr to set additional attributes
    • Applying privileged attributes
    • Using lsattr to explore extended attributes
  • Managing Filesystems
    • Linux native filesystems - ext*, reiserfs, xfs, btrfs
    • Configuring filesystems
    • File system Performance issues
    • mkfs command
    • File system security issues
    • mount command
    • Troubleshooting and diagnosing filesystems - fsck, tune2fs, debugfs, fuser, dumpe2fs, xfs*
    • Restricting disk assignments with user/group
    • Encrypted file systems
  • Storage Management with LVM
    • Overview of disk partitioning
    • Using fdisk to create physical partitions
    • LVM structure: PV, VG, LV
    • Logical volumes creation and use
    • Resizing and managing logical volumes
  • Networking and Linux Networking Infrastructure
    • Network related files and directories
    • Interface configuration files
    • Name resolution and DNS
    • Modern tools - the ip and ss commands - general syntax and usage
    • Network parameters in the kernel
    • Configuring proxy
    • Configuring Static routes
    • Interface parameters with ethtool
    • Interface bonding - modes and configuration
    • WiFi - configuration and security
  • Perimiter Network Protection
    • Firewalls - essential concepts
    • Infrastructure and DMZ
    • Firewalls - Types and implementations and role played by Kernel
    • Network parameters in /proc/sys/net
    • NetFilter module
    • Linux firewalls - iptables and firewalld
    • firewalld zones and firewall-cmd tool >/li>
    • Alternatives - IPCop, Shorewall, ufw ...
    • Using knockd to open holes in a firewall on demand
  • Introduction to SELinux
    • DAC vs. MAC security policies
    • Problems with traditional, discretionary, methods
    • Products providing mandatory access methods
    • Main SELinux features
    • Policies, enforcements, control
    • Scope, coverage and availability
    • SELinux configuration and management
    • SELinux states and stateful behaviour
    • Labelling and access policies
    • Policy database and run-time flow
    • Modifying existing policies and creating new policies
  • Network Services
    • Protocols and Services
    • Network super-daemons - inetd, xinetd
    • TCP wrappers using tcpd
    • Network time protocol
    • Hardware clocks vs. software clocks
    • Daemons and configuration of daemons
  • Samba and CIFS
    • Samba - brief history and overview
    • SMB and CIFS protocols
    • Installing and configuring Samba components
    • Configuration file - /etc/samba/smb.conf
    • smb.conf - Special and user sections
    • smb.conf - Configuring the [global] section
    • Samba daemon and diagnostic tools - smbd, nmbd, smbstatus, testparm, SWAT
    • Samba client tools - nmlookup, smbclient, smbtree, smbtar
    • Viewing Samba shares in Windows;
  • SSH Uses and Idioms
    • SSH purpose - overview of basic SSH use
    • SSH client and server configuration
    • Using SSH keys - Creating public/private key pair
    • Configuring and using the SSH agent
    • Tunnelling X applications in SSH
    • Port forwarding - local and remote
    • Forwarding through a firewall and multiple gateways

Call us:

Technical enqiries: 020 8669 0769
Sales enquiries: 020 8647 1939, 020 77681 40786