LinuxTraining.com

.

Advanced Linux Administration

GL965 - Advanced Linux Administration

Upcoming GL965 Classes

  1. Request Class

Advanced Linux systems administration with a a focus on security. This is a custom course based on topics from the GL615 and GL550. Derived for UNM.

Prerequisites:

Fundamental to intermediate Linux systems administration experience.

Supported Distributions:

Red Hat Enterprise Linux 6

Course Outline:

  1. Linux Kernel & Hardware
    1. Kernel Hardware Info - /sys/
    2. /sys/ Structure
    3. udev
    4. Kernel Modules
    5. Configuring Kernel Components and Modules
    6. Handling Module Dependencies
    7. Configuring the Kernel via /proc/
    8. System Tools
  2. Software Maintenance
    1. Using the YUM command
    2. YUM package groups
    3. Configuring YUM
    4. YUM Repositories
    5. Rebuilding Source RPM Packages
    6. Software Tools Comparison Matrix
    7. Rebuilding Source RPM Packages
    8. Patching Software
    9. Revising a Package
    10. Creating Support Files
    11. Typical SysV Init Script
    12. Creating Menu Entries
    13. The Spec file
    14. The Header Stanza
    15. Prep, Build, and Install
    16. The Files Section
    17. Optional Script Section(s)
    18. The Changelog Section
    19. Advanced Packaging
    20. Building Packages
    21. Digitally Signing Packages
    22. Other RPM Resources
    Lab Tasks
    1. Using YUM
    2. Building from Source RPMs
    3. Updating RPMs for New Software Releases
    4. Creating a New RPM Package
    5. Digital Signatures and RPM
  3. LVM & RAID
    1. Logical Volume Management
    2. Implementing LVM
    3. Creating Logical Volumes
    4. Manipulating VGs & LVs
    5. Advanced LVM Concepts
    6. system-config-lvm
    7. RAID Concepts
    8. Array Creation with mdadm
    9. Software RAID Monitoring
    10. Software RAID Control and Display
    11. LVM and RAID: Unix Tool Comparison
    Lab Tasks
    1. Creating and Managing LVM Volumes
    2. Creating and Managing a RAID-5 Array
  4. Remote Storage Administration
    1. Remote Storage Overview
    2. Remote Filesystem Protocols
    3. Remote Block Device Protocols
    4. NFS Clients
    5. Implementing NFSv4
    6. AutoFS
    7. AutoFS Configuration
    8. SAN Multipathing
    9. Multipath Configuration
    10. Multipathing Best Practices
    11. iSCSI Architecture
    12. Open-iSCSI Initiator Implementation
    13. iSCSI Initiator Discovery
    14. iSCSI Initiator Node Administration
    15. Mounting iSCSI Targets at Boot
    16. iSCSI Multipathing Considerations
    Lab Tasks
    1. Using autofs
    2. NFS Server Configuration
    3. iSCSI Initiator Configuration
  5. User/Group Administration
    1. User and Group Concepts
    2. User Administration
    3. Modifying Accounts
    4. Group Administration
    5. Unix Passwords
    6. Password Aging
    7. Auditing Passwords
    8. Default User Files
    9. Controlling Logins
    10. Manual DS Client Configuration
    11. system-config-authentication
    12. User/Group Administration Comparison Matrix
    Lab Tasks
    1. John the Ripper
    2. User and Group Administration
    3. Using LDAP for Centralized User Accounts
    4. Troubleshooting Practice: Account Management
    5. Restricting superuser access to wheel group membership
    6. Setting Limits with the pam_limits Modules
    7. Using pam_limits to Restrict Simultaneous Logins
  6. PAM
    1. PAM Overview
    2. PAM Module Types
    3. PAM Order of Processing
    4. PAM Control Statements
    5. PAM Modules
    6. pam_unix
    7. pam_cracklib.so
    8. pam_env.so
    9. pam_xauth.so
    10. pam_tally2.so
    11. pam_wheel.so
    12. pam_limits.so
    13. pam_nologin.so
    14. pam_deny.so
    15. pam_warn.so
    16. pam_securetty.so
    17. pam_time.so
    18. pam_access.so
    19. pam_listfile.so
    20. pam_lastlog.so
    21. pam_console.so
    Lab Tasks
    1. Using pam_listfile to Implement Arbitrary ACLs
    2. Using pam_limits to Restrict Simultaneous Logins
    3. Using pam_nologin to Restrict Logins
    4. Using pam_access to Restrict Logins
    5. su & pam
  7. Security Administration
    1. Security Concepts
    2. Tightening Default Security
    3. Security Advisories
    4. File Access Control Lists
    5. Manipulating FACLs
    6. Viewing FACLs
    7. Backing Up FACLs
    8. File Creation Permissions with umask
    9. User Private Group Scheme
    10. Alternatives to UPG
    11. TCP Wrappers Concepts
    12. TCP Wrappers Concepts
    13. Xinetd
    14. Basic Firewall Activation
    15. Netfilter Concepts
    16. Using the iptables Command
    17. Common match_specs
    18. Connection Tracking
    19. SELinux Security Framework
    20. SELinux Modes
    21. SELinux Commands
    22. Choosing an SELinux Policy
    23. SELinux Booleans
    24. SELinux Policy Tools
    25. (X)INETD and Firewalls
    Lab Tasks
    1. User Private Groups
    2. Using Filesystem ACLs
    3. Securing xinetd Services
    4. Enforcing Security Policy with xinetd
    5. Securing Services with TCP Wrappers
    6. Securing Services with Netfilter
    7. Exploring SELinux Modes
    8. SELinux File Contexts
  8. Accountability with Kernel Auditd
    1. Accountability and Auditing
    2. Simple Session Auditing
    3. Simple Process Accounting & Command History
    4. Kernel-Level Auditing
    5. Configuring the Audit Daemon
    6. Controlling Kernel Audit System
    7. Creating Audit Rules
    8. Searching Audit Logs
    9. Generating Audit Log Reports
    10. Audit Log Analysis
    Lab Tasks
    1. Auditing Login/Logout
    2. Auditing File Access
    3. Auditing Command Execution
  9. SELinux
    1. DAC vs. MAC
    2. Shortcomings of Traditional Unix Security
    3. SELinux Goals
    4. SELinux Evolution
    5. SELinux Modes
    6. Gathering Information
    7. SELinux Virtual Filesystem
    8. SELinux Contexts
    9. Managing Contexts
    10. The SELinux Policy
    11. Choosing an SELinux Policy
    12. Policy Layout
    13. Tuning and Adapting Policy
    14. Booleans
    15. Permissive Domains
    16. Managing File Contexts
    17. Managing Port Contexts
    18. SELinux Policy Tools
    19. Examining Policy
    20. SELinux Troubleshooting
    21. SELinux Troubleshooting Continued
    Lab Tasks
    1. Exploring SELinux Modes
    2. SELinux Contexts in Action
    3. Managing SELinux Booleans
    4. Creating Policy with Audit2allow
    5. Creating & Compiling Policy from Source
  10. Networking
    1. Linux Network Interfaces
    2. Ethernet Hardware Tools
    3. Network Configuration with ip Command
    4. Configuring Routing Tables
    5. IP to MAC Address Mapping with ARP
    6. Starting and Stopping Interfaces
    7. NetworkManager
    8. DNS Clients
    9. DHCP Clients
    10. Network Diagnostics
    11. Information from netstat and ss
    12. Managing Network-Wide Time
    13. Continual Time Sync with NTP
    14. Configuring NTP Clients
    15. Multiple IP Addresses
    16. Enabling IPv6
    17. Interface Bonding
    18. Interface Bridging
    19. 802.1q VLANS
    20. Network Configuration Tools
    Lab Tasks
    1. Network Discovery
    2. Basic Client Networking
    3. NTP Client Configuration
    4. Multiple IP Addresses Per Network Interface
    5. Configuring IPv6
    6. Troubleshooting Practice: Networking
  11. Monitoring & Troubleshooting
    1. System Status - Memory
    2. System Status - I/O
    3. System Status - CPU
    4. Performance Trending with sar
    5. Troubleshooting Basics: The Process
    6. Troubleshooting Basics: The Tools
    7. System Logging
    8. Rsyslog
    9. /etc/rsyslog.conf
    10. Log Management
    11. Log Anomaly Detector
    12. strace and ltrace
    13. Troubleshooting Incorrect File Permissions
    14. Inability to Boot
    15. Typos in Configuration Files
    16. Corrupt Filesystems
    17. RHEL6 Rescue Environment
    18. Process Tools
    Lab Tasks
    1. Setting up a Full Debug Logfile
    2. Remote Syslog Configuration
    3. Recovering Damaged MBR
  12. BIND DNS
    1. The Domain Name Space
    2. Delegation and Zones
    3. Server Roles
    4. Resolving Names
    5. Resolving IP Addresses
    6. Basic BIND Administration
    7. Configuring the Resolver
    8. Testing Resolution
  13. LDAP Concepts and Clients
    1. LDAP: History and Uses
    2. LDAP: Data Model Basics
    3. LDAP: Protocol Basics
    4. LDAP: Applications
    5. LDAP: Search Filters
    6. LDIF: LDAP Data Interchange Format
    7. OpenLDAP Client Tools
    8. Alternative LDAP Tools
    Lab Tasks
    1. Querying LDAP
  14. vsFTPd & Apache
    1. vsftpd
    2. Anonymous FTP with vsftpd
    3. Configuring vsftpd
    4. HTTP Operation
    5. Apache Architecture
    6. Apache Configuration Files
    7. httpd.conf - Server Settings
    8. httpd.conf - Main Configuration
    9. httpd.conf - VirtualHost Configuration
    10. Virtual Hosting DNS Implications
    11. Adding Modules to Apache
    12. Apache Logging
    Lab Tasks
    1. Configuring vsftpd
    2. Apache Architecture
    3. Apache Content
    4. Configuring Virtual Hosts
  15. Apache Security
    1. Apache Overview
    2. Configuring CGI
    3. Turning Off Unneeded Modules
    4. Delegating Administration
    5. Apache Access Controls (mod_access)
    6. HTTP User Authentication
    7. Standard Auth Modules
    8. HTTP Digest Authentication
    9. SSL Using mod_ssl.so
    10. Authentication via SQL
    11. Authentication via LDAP
    12. Scrubbing HTTP Headers
    13. Metering HTTP Bandwidth
    Lab Tasks
    1. Hardening Apache by Minimizing Loaded Modules
    2. Scrubbing Apache & PHP Version Headers
    3. Protecting Web Content
    4. Using the suexec Mechanism
    5. Create a TLS CA key pair
    6. Using SSL CA Certificates with Apache
    7. Enable Apache SSL Client Certificate Authentication
  16. SQUID Proxy Server
    1. Squid Overview
    2. Squid File Layout
    3. Squid Access Control Lists
    4. Applying Squid ACLs
    5. Tuning Squid & Configuring Cache Hierarchies
    6. Bandwidth Metering
    7. Monitoring Squid
    8. Proxy Client Configuration
    Lab Tasks
    1. Installing and Configuring Squid
    2. Squid Cache Manager CGI
    3. Proxy Auto Configuration
    4. Configure a Squid Proxy Cluster
  1. Local Storage Administration
    1. Partitioning Disks with fdisk
    2. Partitioning Disks with parted
    3. Filesystem Creation
    4. Mounting Filesystems
    5. Extended Filesystem Maintenance
    6. Resizing Filesystems
    7. Managing an XFS Filesystem
    8. Swap
    9. Configuring Disk Quotas
    10. Setting Quotas
    11. Viewing and Monitoring Quotas
    12. Filesystem Attributes
    13. Backup Software
    14. Backup Examples
    15. Filesystem Creation and Management
    Lab Tasks
    1. Creating and Managing Filesystems
    2. Hot Adding Swap
    3. Setting User Quotas
    4. Using tar and cpio for Backups
    5. Using rsync and ssh for Backups
    6. Using dump and restore for Backups
  2. Spacewalk
    1. Spacewalk
    2. Hierarchical organization model
    3. Logging
    4. Hardware and software inventory
    5. Software Management
    6. Configuration File Control
    7. Provisioning Systems
    Lab Tasks
    1. Spacewalk Installation
    2. Spacewalk Channels