Visão Geral

Este é um Curso Enterprise Linux Network Services, extenso que cobre uma ampla gama de serviços de rede. É dada atenção aos conceitos necessários para implementar e solucionar problemas dos serviços de rede com segurança e para fornecer ampla experiência prática. Os tópicos incluem segurança com SELinux e Netfilter, conceitos e implementação de DNS com Bind, conceitos e implementação de LDAP usando OpenLDAP, serviços web com Apache, FTP com vsftpd, cache, filtragem de proxies com Squid, SMB/CIFS (rede Windows®) com Samba e conceitos de e-mail e implementação com Postfix combinado com Dovecot ou Cyrus

Objetivo

Após realizar este Curso Enterprise Linux Network Services você será capaz de:

• Obtenha o conhecimento e as habilidades necessárias para instalar, configurar e gerenciar os serviços de rede mais populares disponíveis para sistemas Red Hat e SUSE Linux

Benefícios para você

• Use efetivamente serviços de rede e opções de segurança
• Entenda e configure serviços de acordo com suas necessidades específicas
• Evite e-mails indesejados configurando serviços de e-mail com filtragem de spam

Publico Alvo

• Novos administradores de sistema Linux

Materiais

Inglês/Português/Lab Prático

Conteúdo Programatico

Securing services

1. Xinetd
2. Xinetd Connection limiting and access control
3. Xinetd: Resource limits, redirection, logging
4. TCP wrappers
5. The /etc/hosts.allow and /etc/hosts.deny files
6. /etc/hosts.{allow,deny} shortcuts
7. Advanced TCP wrappers
8. SUSE basic firewall configuration
9. FirewallD
10. Netfilter: Stateful packet filter firewall
11. Netfilter Concepts
12. Using the iptables command
13. Netfilter rule syntax
14. Targets
15. Common match_specs
16. Connection tracking

Lab Tasks

• Securing xinetd Services
• Enforcing Security Policy with xinetd
• Securing Services with TCP Wrappers
• Securing Services with SUSEfirewall2
• Securing Services with Netfilter
• FirewallD
• Troubleshooting Practice

Module 2: SELinux and LSM

1. AppArmor
2. SELinux security framework
3. Choosing an SELinux policy
4. SELinux commands
5. SELinux Booleans
6. SELinux policy tools

Lab Tasks

• Exploring AppArmor Modes
• SELinux File Contexts

DNS concepts

1. Naming Services
2. DNS—A better way
3. The domain name space
4. Delegation and zones
5. Server roles
6. Resolving names
7. Resolving IP addresses
8. Basic BIND administration
9. Configuring the resolver
10. Testing resolution

Lab Tasks

• Configuring a Slave Name Server

Configuring BIND

1. BIND configuration files
2. named.conf Syntax
3. named.conf options block
4. Creating a site-wide cache
5. rndc key configuration
6. Zones in named.conf
7. Zone database file Syntax
8. SOA—start of authority
9. A, AAAA, and PTR—Address and pointer records
10. NS—Name Server
11. TXT, CNAME, and MX—text, alias, and mail host
12. SRV—SRV service records
13. Abbreviations and gotchas
14. $GENERATE, $ORIGIN, and $INCLUDE

Lab Tasks

• Use rndc to Control named
• Configuring BIND Zone Files

Creating DNS Hierarchies

1. Subdomains and delegation
2. Subdomains
3. Delegating zones
4. in-addr.arpa. delegation
5. Issues with in-addr.arpa.
6. RFC2317 and in-addr.arpa.

Lab Tasks

• Create a Subdomain in an Existing Domain
• Subdomain Delegation

Advanced BIND DNS features

1. Address Match Lists and ACLs
2. Split namespace with views
3. Restricting Queries
4. Restricting zone transfers
5. Running BIND in a chroot
6. Dynamic DNS concepts
7. Allowing dynamic DNS updates
8. DDNS administration with nsupdate
9. Common problems
10. Securing DNS with TSIG

Lab Tasks

• Configuring Dynamic DNS
• Securing BIND DNS

Using Apache

1. HTTP operation
2. Apache architecture
3. Dynamic shared objects
4. Adding modules to Apache
5. Apache configuration files
6. httpd.conf-Server settings
7. httpd.conf-Main configuration
8. HTTP Virtual servers
9. Virtual hosting DNS implications
10. httpd.conf-VirtualHost configuration
11. Port and IP based virtual hosts
12. Name-based virtual host
13. Apache logging
14. Log analysis
15. The webalizer

Lab Tasks

• Apache Architecture
• Apache Content
• Configuring Virtual Hosts

Apache security

1. Virtual hosting security implications
2. Delegating administration
3. Directory protection
4. Directory protection with AllowOverride
5. Common uses for .htaccess
6. Symmetric encryption algorithms
7. Asymmetric encryption algorithms
8. Digital certificates
9. TLS using mod_ssl.so

Lab Tasks

• Using .htaccess Files
• Using TLS Certificates with Apache
• Use SNI and TLS with Virtual Hosts

Apache server—side scriptingadministration

1. Dynamic HTTP content
2. PHP: Hypertext preprocessor
3. Developer tools for PHP
4. Installing PHP
5. Configuring PHP
6. Securing PHP
7. Security related php.ini configuration
8. Java servlets and JSP
9. Apache’s Tomcat
10. Installing Java SDK
11. Installing Tomcat manually
12. Using Tomcat with Apache

Lab Tasks

• CGI Scripts in Apache
• Apache’s Tomcat
• Using Tomcat with Apache
• Installing Applications with Apache and Tomcat

Implementing an FTP server

1. The FTP protocol
2. Active mode FTP
3. Passive mode FTP
4. ProFTPD
5. Pure-FTPd
6. vsftpd
7. Configuring vsftpd
8. Anonymous FTP with vsftpd

Lab Tasks

• Configuring vsftpd

The Squid Proxy server

1. Squid overview
2. Squid file layout
3. Squid access control lists
4. Applying Squid ACLs
5. Tuning Squid and configuring cache Hierarchies
6. Bandwidth metering
7. Monitoring Squid
8. Proxy client configuration

Lab Tasks

• Installing and Configuring Squid
• Squid Cache Manager CGI
• Proxy Auto Configuration
• Configure a Squid Proxy Cluster

SQL fundamentals and MariaDB

1. Popular SQL databases
2. SELECT statements
3. INSERT statements
4. UPDATE statements
5. DELETE statements
6. JOIN clauses
7. MariaDB
8. MariaDB installation and security
9. MariaDB user account management
10. MariaDB replication

Lab Tasks

• SQL with Sqlite3
• Installing and Securing MariaDB
• Creating a database in MariaDB
• Create a database backed application

LDAP concepts and clients

1. LDAP: History and uses
2. LDAP: Data model basics
3. LDAP: Protocol basics
4. LDAP: Applications
5. LDAP: Search filters
6. LDIF: LDAP data interchange format
7. OpenLDAP Client Tools
8. Alternative LDAP tools

Lab Tasks

• Querying LDAP

OpenLDAP servers

1. Popular LDAP server implementations
2. OpenLDAP: Server architecture
3. OpenLDAP: Backends
4. OpenLDAP: Replication
5. Managing slapd
6. OpenLDAP: Configuration options
7. OpenLDAP: Configuration sections
8. OpenLDAP: Global parameters
9. OpenLDAP: Database parameters
10. OpenLDAP: Server tools
11. Native LDAP authentication and migration
12. Enabling LDAP-based login
13. System Security Services Daemon (SSSD)

Lab Tasks

• Building An OpenLDAP Server
• Enabling TLS For An OpenLDAP Server
• Enabling LDAP-based Logins

Samba concepts and configuration

1. Introducing Samba
2. NetBIOS and NetBEUI
3. Samba Daemons
4. Accessing Windows/Samba shares from Linux
5. Samba utilities
6. Samba configuration files
7. The smb.conf file
8. Mapping permissions and ACLs
9. Mapping Linux concepts
10. Mapping users
11. Sharing home directories
12. Sharing printers
13. Share authentication
14. Share-level access
15. User-level access
16. Samba account database
17. User share restrictions

Lab Tasks

• Samba Share-Level Access
• Samba User-Level Access
• Samba Group Shares
• Handling Symbolic Links with Samba
• Samba Home Directory Shares

SMTP theory

1. SMTP
2. SMTP terminology
3. SMTP architecture
4. SMTP commands
5. SMTP extensions
6. SMTP AUTH
7. SMTP STARTTLS
8. SMTP session

Postfix

1. Postfix features
2. Postfix architecture
3. Postfix components
4. Postfix configuration
5. master.cf
6. main.cf
7. Postfix map types
8. Postfix pattern matching
9. Advanced Postfix options
10. Virtual domains
11. Postfix mail filtering
12. Configuration commands
13. Management commands
14. Postfix logging
15. Logfile analysis
16. Postfix, relaying and SMTP AUTH
17. SMTP AUTH server and Relay control
18. SMTP AUTH clients
19. Postfix/TLS
20. TLS server configuration
21. Postfix client configuration for TLS
22. Other TLS clients
23. Ensuring TLS security

Lab Tasks

• Configuring Postfix
• Postfix Virtual Host Configuration
• Postfix Network Configuration
• Postfix SMTP AUTH Configuration
• Postfix STARTTLS Configuration
• SUSE Postfix Configuration Cleanup

Mail Services and Retrieval

1. Filtering Email
2. Procmail
3. SpamAssassin
4. Bogofilter
5. amavisd-new Mail Filtering
6. Accessing Email
7. The IMAP4 Protocol
8. Dovecot POP3/IMAP Server
9. Cyrus IMAP/POP3 Server
10. Cyrus IMAP MTA Integration
11. Cyrus Mailbox Administration
12. Fetchmail
13. Roundcube Webmail
14. Mailing Lists
15. GNU Mailman
16. Mailman Configuration

Lab Tasks

1. Configuring Procmail and SpamAssassin
2. Configuring Cyrus IMAP
3. Dovecot TLS Configuration
4. Configuring Roundcube
5. Base Mailman Configuration
6. Basic Mailing List
7. Private Mailing List

Appendix A—NIS

1. NIS Overview
2. NIS Limitations and Advantages
3. NIS Client Configuration
4. NIS Server Configuration
5. NIS Troubleshooting Aids

Lab Tasks

1. Using NIS for Centralized User Accounts
2. Configuring NIS
3. NIS Slave Server
4. NIS Failover
5. Troubleshooting Practice: NIS