AnekaDiscs

LinuxCBT All In One

Genre: Video Training Tutoriaols

LinuxCBT | UnixCBT are the most comprehensive and cost-effective GNU/Linux, Unix, and Open Source training solutions available.

This pack includes:

LinuxCBT Classic

linuxcbt-rh9-classic-01.iso 170 Mb
linuxcbt-rh9-classic-02.iso 437 Mb
linuxcbt-rh9-classic-03.iso 351 Mb
linuxcbt-rh9-classic-04.iso 281 Mb
linuxcbt-rh9-classic-05.iso 324 Mb
linuxcbt-rh9-classic-06.iso 174 Mb
linuxcbt-rh9-classic-07.iso 279 Mb
linuxcbt-rh9-classic-08.iso 281 Mb
linuxcbt-rh9-classic-09.iso 128 Mb
linuxcbt-rh9-classic-10.iso 345 Mb

LinuxCBT Debian

linuxcbt-debian-01.iso 346 Mb
linuxcbt-debian-02.iso 260 Mb
linuxcbt-debian-03.iso 205 Mb
linuxcbt-debian-04.iso 388 Mb
linuxcbt-debian-05.iso 264 Mb

LinuxCBT Mail

linuxcbt-mail-postfix.iso 532 Mb
linuxcbt-mail-qmail.iso 664 Mb
linuxcbt-mail-sendmail.iso 494 Mb

LinuxCBT RHEL 4

linuxcbt-rhel4.iso 2,048 Mb

LinuxCBT Samba

linuxcbt-samba.iso 709 Mb

LinuxCBT Scripting

linuxcbt-bash.iso 279 Mb
linuxcbt-perl.iso 316 Mb
linuxcbt-php.iso 418 Mb
linuxcbt-python.iso 226 Mb

LinuxCBT Security

linuxcbt-security.iso 2,048 Mb

LinuxCBT Suse

linuxcbt-suse-01.iso 560 Mb
linuxcbt-suse-02.iso 476 Mb
linuxcbt-suse-03.iso 513 Mb
linuxcbt-suse-04.iso 659 Mb
linuxcbt-suse-05.iso 463 Mb

CBT Nuggets Linux+ Series (Beginner) and Intermediate to Advanced Linux Series
Genre: Video Training | 1.97 GB

While many things in this world today seem to originate from a desire for economic gain, Linux is truly pure. It was designed and continues to thrive to honestly make the computing world a better place. Nowhere else do you find such selfless giving of so many talented individual’s time and energy. The Linux operating system is a collection of the work of some of the brightest minds on the planet, thousands of individuals collaborating to create the ultimate operating system, stable and powerful, yet flexible and easy to use. This was the dream of Linus Torvald, and it has blossomed into a beautiful reality.

Linux makes an excellent desktop operating system, but really shines in the server market. The majority of the web servers in use today on the Internet use the Linux operating system, partly because it’s free, but more so because it’s in many cases the best alternative. The CBT Nuggets web servers are running Linux for performance and stability reasons.

Video tutorial LinuxCBT Debian 3 Edition | 1.4 GB

Computer based Training Planet offers comprehensive computer training and blended learning solutions that enable individuals and enterprise organizations alike to receive the training they need efficiently. Dozens of options exist ranging from IT certification boot camps such as the MCITP 2008 boot camp and self-study CBTs to online computer training and onsite training programs. Whether you’re looking for an enterprise training solution or self-study computer training CDs / DVDs you can get the most out of your training dollars when you choose CBT Planet. You’ll find a complete catalog list covering Microsoft Office, IT training, IT certification, and soft skills topics in numerous training formats. For example, if you need Microsoft training, choose from online courses, blended learning formats, computer training videos, CBT, distance learning, and boot camps.

 

 

LinuxCBT SLES-10 Edition focuses exclusively on the SUSE Enterprise 10 Linux operating system.

LinuxCBT SLES-10 Edition, is unparalleled in content, depth and expertise. LinuxCBT SLES-10 Edition prepares you or your organization for successfully deploying and managing business-critical SUSE Enterprise 10-based server solutions.

Let LinuxCBT SLES-10 Edition teach you SUSE Enterprise 10 Linux skills!

Recommended Prerequisites:

• Open mind & determination to master Linux and related open-source applications
• Basic MS Windows skills
• Basic understanding of networking concepts
• Access to a spare PC to perform all of the installations and exercises

 

 

Course Objectives

Installation & General Usage – Module 1

• Network-based (HTTP & SSH) Installations
  • Enable Apache HTTPD on Installation server
  • Configure SUSE Ent. 10 Server as an HTTP Installation source with Apache
  • Discuss system requirements
  • Install SUSE Ent. 10 Server via HTTP
  • Confirm results

 

• Grand Unified Boot Loader (GRUB) & System V Linux Runlevel implementation
  • Explore GRUB configuration
  • Explain SUSE Linux System V Init Runlevel (0 – 6) concepts & applications
  • Identify key startup files, including scripts (inittab,Sscripts,Kscripts,etc.)

 

• GNOME & YaST
  • Explore the GNOME Desktop Interface
  • Explore YaST, centralized management tool
  • Install packages using Yast package manager

 

• Basic GNU/Linux Skills – Command Line Interface (CLI) – BASH
  • Introduction to GNOME Terminal
  • Demonstrate usage of the following useful commands & concepts
  • ls, pwd, cd, cp, mv, rm, mkdir, rmdir, whoami, man, info
  • alias, cat, file, chmod, chown, history
  • Standard in/out, UNIX Pipes, Redirection, Command Chaining
  • ps, df, free, vmstat, top, kill
  • less & more, head & tail, diff
  • which & whereis, w, who
  • Use grep and cut to process delimited log files
  • find, locate
  • tar, gzip/gunzip, bzip2, zcat
  • Explore Pico text editor
  • Install and explore Nano text editor
  • Convert Windows text files to Unix format using dos2unix
  • Convert Unix text files to Windows format using unix2dos

 

• Common Network Clients
• File Transfer Protocol (FTP) client
• Install and use LFTP – Sophisticated FTP Client to connect to FTP/HTTP servers
• Mirror and reverse mirror using LFTP to synchronize data
• Wget – HTTP/HTTPS/FTP connectivity
• Explain SSH concepts, implementation, etc.
• Use SSH Client to connect to remote Linux Systems using password authentication
• Identify key SSH-client files (.known_hosts, public/private key pairs,etc.)
• Authenticate to remote Linux systems using alternate credentials
• Use Secure Copy Protocol (SCP) to move data between systems non-interactively
• Use Secure File Transfer Protocol (SFTP) to move data between systems interactively
• Demonstrate how to generate Public/Private key (RSA/DSA) pairs using SSH-Keygen
• Demonstrate using SSH to authenticate to remote Linux hosts without passwords
• Generate Public Key/Private Key pairs for use with file and E-mail encryption
• Demonstrate using E-mail client with GNU Privacy Guard (GPG) Open PGP for E-Mail encryption
• Use Remote Desktop to connect to RDP & VNC remote Linux and Windows hosts
• Use ping, mtr & arp
• Use dig, host, nslookup name resolution clients
• NETSTAT
• IFCONFIG

Systems Managment & Configuration – Module 2

• RPM Package Management Tool Concepts & Usage
  • Explain classes of SUSE Linux Packages
  • Query existing packages
  • Identify offline and online package repositories
  • Install packages
  • Upgrade packages
  • Freshen packages
  • Remove packages
  • Identify package membership of files on the SUSE system

 

• Manage Users and Groups & Permissions
  • User profile implementation logic and concepts – (Bash profile/etc/skel/aliases/PATH/etc.)
  • User and group creation & management concepts – passwd, shadow, group, gshadow files
  • Use YaST to create and manage users and groups
  • SETUID
  • SETGID – Group collaboration
  • Sticky Bit
  • Explore Hard and Symbolic links including across disparate file systems

 

• Paritions, File Systems & Volumes (RAID|LVM)
  • Provision new paritions with FDISK/Parted/YaST & ReiserFS
  • Configure RAID 0/1/5/ Volumes
  • Implement Logical Volume Management (LVM)
  • Provision additional Swap storage paritions and files
  • Use MKSWAP & SWAPON to enable additional Swap storage
  • Identify allocated swap space to the kernel
  • Committ changes for persistence

 

• Explore System Logging via SYSLOG-NG and Logrotate
• Explore Boot log & System Log
• Explanation of syslog facilities & levels
• Discuss SYSLOG-NG features & enhancements
• Demonstrate syslog administration
• Enable SYSLOG network listener
• Demonstrate Cisco PIX Firewall to SUSE Linux SYSLOG-NG functionality
• Explore automatic log rotation and customization via Logrotate
• Configure Logrotate to rotate & compress sample log files

 

Core Networking Services – Module 3

• Network – Physical & Logical Configuration
  • Identify key directories & files for static & dynamic communications
  • Configure Linux client with static TCP/IP parameters for network communication
  • Explore hotplug -> hwup -> ifup logic
  • Use ifconfig to ascertain logical TCP/IP configuration
  • Use hwinfo to ascertain installed hardware
  • Configure Aliased Ethernet Interfaces to faciliate multiple IP addresses

 

• Implement Network Time Protocol (NTP) Client/Server
  • Configure Network Time Protocol (NTP) to perform client/server time synchronization
  • Identify NTP bounded UDP interfaces
  • Synchronize SUSE Enterprise Linux NTP with RedHat Linux Stratum 2 NTP server
  • Synchronize against Stratum 1 NTP servers

 

• Dynamic Host Configuration Protocol (DHCP)
  • Explain DHCP Concepts & Applications
  • Explore DHCP confiuration files
  • Configure DHCP subnet with applicable options
  • Configure DHCP Reservation based on layer-2 address
  • Enable DHCP with DDNS
  • Configure DHCP Failover between SUSE and RedHat Linux Servers
  • Test DHCP Failover with Windows 2003 Host

 

• Domain Name System (DNS)
  • Explore SUSE DNS configuration via YaST
  • Configure BIND as a caching-only DNS server
  • Implement Master DNS Zone
  • Configure Reverse Zone for local subnet
  • Implement Dynamic Domain Name System (DDNS) Zones (Forward/Reverse)
  • Explain DHCP and DNS update integration options
  • Integrate DHCP with DNS via Encypted Transaction Signatures (TSigs)
  • Configure Windows 2003 Active Directory to publish DNS Records to SUSE Server
  • Examine Windows 2003 SRV Records
  • Configure Master/Slave Zones with RedHat Linux Server
  • Evaluate results of BIND configuration using DIG & host
  • Implement DNS sub-domains (Third-level domains)

 

• CRON – System Scheduler
  • Explore Cron Implementation
  • Explain scheduling options
  • Global and scope-based Cron options
  • Schedules jobs to run & examine the output
  • Configure individual Crontab entries

 

• Samba Implementation
  • Implement Linux & Windows Integration via Samba
  • Explore Samba Configuration files
  • Implement SMBFS integration with SUSE Enterprise Linux File System
  • Mount Windows shares seamlessly using Samba File System (SMBFS)
  • Configure FSTAB to support repetitive mounts
  • Implement secure SMBFS credentials for mounting
  • Install Samba Server support
  • Install Samba Web-based Administration Tool (SWAT)
  • Configure Samba file sharing
  • Configure Samba with multiple NETBIOS aliases
  • Install Active Directory on Windows 2003 Server
  • Integrate SUSE Ent. 10 Server with Windows Active Directory (AD)
  • Test Samba-to-Windows integration using ‘getent‘ and authentication

 

• Very Secure VSFTPD File Transfer Protocol (FTP) services
  • Implement anonymous FTPD
  • Implement user-level FTPD access
  • Implement FTPD banners
  • Disable anonymous access
  • Configure VSFTPD to chroot jail users into their home directories
  • Implement bandwidth rate-limiting to control bandwidth usage
  • Implement & test banning of unwelcomed anonymous e-mail addresses
  • Implement VSFTPD user with redirect to a Samba share

 

• Network File System (NFS) Implementation
  • Identify key services/daemons
  • Configure NFS Client & Server
  • Evaluate NFS connectivity to other Linux hosts

 

• RSYNC Implementation
  • Discuss features and benefits
  • Implement rsync
  • Confirm results

 

Linux Apache MySQL PHP (LAMP) – Messaging – PureFTPD – Module 4

• Apache Web Server Implementation
  
  • Discuss Apache server’s features and concepts
  • Examine Apache-SUSE HTTPD CONF hierarchy
  • Examine various configuration files
  • Implement Apache Mod Alias and ScriptAlias
  • Examine user home directories
  • Discuss the Directory directive
  • Explore redirects
  • Configure .htacess file with directives
  • Implement Basic and digest authentication schemes
  • Configure IP-based Virtual Hosts
  • Configure Name-based Virtual Hosts
  • Explore Apache logging
  • Implement Apache logging system per virtual host
  • Webalizer Log Analysis software Implementation
  • Generate web reports using Webalizer
  • Implementation of PHP Dynamic Web Access Scripting Engine
  • Evaluate PHP Dynamic Web Access Scripting Engine installation results
  • Test basic PHP script-processing using sample scripts
  • Create and test PHP-form with Apache

 

• MySQL Relational Database Management System
  • Install MySQL Relational Database Management System
  • Secure access to MySQL
  • Explore MySQL monitor shell-based interface
  • Create sample MySQL databases
  • Load external data-set from Linux
  • Load external data-set from Windows
  • Integrate PHP with MySQL

 

• PHPMyAdmin – MySQL Web-based Management Interface
  • Install PHPMyAdmin for web-based management of MySQL instances
  • Explain & Secure access to PHPMyAdmin
  • Explore PHPMyAdmin’s interface

 

• Postfix Message Transfer Agent (MTA)
  • Introduction to Postfix Message Transfer Agent (MTA)
  • Explore the directives in the Postfix configuration files
  • Define default values for the FQDN
  • Alter myorigin and examine results
  • Configure Postfix to route messages using a Smarthost
  • Examine how Postfix delivers mail locally
  • Configure SMTP Relaying in Postfix
  • Use Mutt to demonstrate outbound mail handling using Postfix
  • Define SMTP Virtual domains for hosting multiple DNS domains
  • Configure Postfix with a production LinuxCBT DNS domain
  • Examine Virtual domain routing with production and non-production DNS domains

 

• Post Office Protocol Version 3 (POP3)
  • Explain POP3 concepts and applications
  • Implement POP3 daemon
  • Connect to POP3 daemon using Windows 2003 Outlook Express client
  • Reroute inbound messages using Sendmail to POP3 account for retrieval
  • Use Mutt to send SMTP-based messages to POP3 account

 

• Internet Messaging Access Protocol (IMAP)
  • Explain IMAP concepts and applications in comparison to POP3
  • Implement IMAP services
  • Connect to IMAP services from remote Windows Outlook Express client

 

• Squirrel-mail Web-based Mail Interface Implementation
  • Describe required squirrel mail components for web-mail integration
  • Install squirrel mail on SUSE Enterprise Linux system
  • Configure Apache virtual directory for squirrel mail integration
  • Configure Apache Virtual Host for squirrel mail integration
  • Configure BIND DNS services for squirrel mail integration
  • Explore squirrel mail’s web-based interface

 

• PureFTPD Implementation
  • Explore configuration & enable service
  • Test various modes of operation

 

• Xen Virtualization
  • Discuss features & benefits
  • Implement Xen with instance of SUSE Ent. 10 Edition

Security Implementation Techniques – Module 5

• System Audit & Lockdown
  • Identify tools to perform system audit
  • Ascertain and document current system state
  • Close all superflous services
  • Bind necessary services (daemons) to necessary interfaces and logical addresses
  • Establish security configuration baseline

 

• XINETD (Enhanced & Secure INETD Super Server Implementation)
  • Identify key XINETD configuration files
  • Explain the contents and structure of xinetd.conf
  • Restrict access to various daemons/services based on hosts & subnets
  • Lockdown XINETD-controlled services
  • Configure XINETD to restrict number of spawned instances of daemons/services
  • Configure XINETD to bind daemons/services to specific sub-interfaces (Virtual IP addresses)
  • XINETD logging
  • Explore additional XINETD features

 

• TCP Wrappers concepts & applications
• • Identify primary package and key TCP Wrappers configuration files
  • Demonstrate disabled TCP Wrappers configurations by attempting connectivity
  • Examine pre and post TCP Wrappers configuration effects
  • Implement TCP Wrappers for common services
  • Test local & remote access to TCP Wrappers-protected host & services

 

• IPTABLES (Netfilter Linux Kernel-based Firewall)
  • Discuss IPTABLES/Netfilter Concepts
  • Explain IPTABLES default chains/filters and policies
  • Examine TCP/ICMP communications pre-IPTABLES chains
  • Implement ICMP inbound filtration based on various hosts
  • Use Cisco PIX Firewall to verify ICMP debugging
  • Filter traffic based on Layer-4 TCP/UDP (Source/Destination Ports) information
  • Restrict access to various daemons (SSH/FTP/HTTP/etc.)
  • Test connectivity locally and remotely (RedHat/Windows/etc.)
• Network Mapper (NMAP)
  • Obtain, compile and install current version of NMAP
  • Identify commonly used NMAP options/switches/parameters
  • Perform default TCP SYN-based ethical scans of local and remote resources
  • Explain typical TCP handshake protocol while using NMAP
  • Examine the results of scans on remote Cisco firewall with debugging mode enabled
  • Perform default TCP Connect-based ethical scans of local and remote resources
  • Examine the results of scans on remote Cisco PIX Firewall with debugging mode enabled
  • Use NMAP to scan using aliased and spoofed IP addresses
  • Peform local ethical scans
  • Identifiy key NMAP configuration files
  • Use NMAP to perform operating system fingerprinting
  • Peform subnet-wide ethical scans

 

• Nessus Vulnerability Scanner Implementation
  • Download & Install Nessus Client & Server
  • Configure & test credentials
  • Discuss plug-ins and scopes
  • Perform vulnerability scans & evaluate results

 

• TCPDump Traffic Capture
  • Discuss features
  • Capture data in ASCII & Binary formats
  • Implement Berkeley Packet Filters (BPFs)
  • Analyze results

 

• Ethereal Traffic Analysis
  • Discuss features
  • Install using YaST
  • Analyze TCPDump binary file
  • Rebuild interesting TCP sessions

 

• Snort 2.x Network Intrusion Detection System (NIDS)
  • Obtain, and install Snort pre-requisites (libpcap/libpcre/etc.)
  • Obtain, compile and install the Snort Intrusion Detection System (NIDS)
  • Identify and explain key operating modes (Sniffer/Logger/NIDS)
  • Explore Snort in network sniffer mode
  • Explain OSI Model and relevant Snort sniffing options
  • Explore Snort in ASCII and Binary (TCPDUMP) logging modes
  • Output Snort logs to ASCII text format and examine the results
  • Output Snort logs to binary format and examine the results
  • Implement Snort with BPF to filter traffic
  • Generate traffic from remote Windows 2003 and Linux hosts
  • Use Snort with Berkeley Packet Filter (BPF) to parse logs
  • Implement Snort in NIDS modes
  • Explore the snort.conf file and discuss rules
  • Explain Logging and Alerting output options
  • Perform port-scans from remote Linux systems and analyze Alerts
  • Configure MySQL with Snort-compliant schema
  • Configure Snort to log to MySQL
  • Download & Install BASE web analysis application
  • Configure BASE to read alerts from MySQL
  • Evaluate results

 

 

 

LinuxCBT Enterprise Linux 5 Edition focuses on the RedHat® Enterprise 5 GNU/Linux operating system. It is the successor to LinuxCBT EL-4 Edition.

LinuxCBT EL-5 Edition, is unparalleled in content, depth and expertise. LinuxCBT EL-5 Edition prepares you or your organization for successfully deploying and managing business-critical RedHat® Enterprise 5-based solutions. Let LinuxCBT EL-5 Edition teach you applicable GNU/Linux skills.

Recommended Prerequisites for:

• LinuxCBT EL-5 Edition
  • Open mind & determination to master Linux and related open-source applications
  • Basic MS Windows skills
  • Basic understanding of networking concepts
  • Access to a PC to perform all of the installations and exercises

 

 

Installations – Shell Basics – Permissions – File Systems – Package Management

• Installations – Local Media – Network – LVM- RAID5 – VMWare – Kickstart
  • Explore network layout
  • Discuss features of RedHat® Enterprise Linux 5
  • Install RedHat Enterprise 5 on Dell Power Edge Server using local media
  • VMWare – Virtual Machine Installation
  • VMWare Network Installation
  • Installation with RAID5
  • Installation with Logical Volume Management (LVM) volumes
  • Kickstart, automated installation
  • Kickstart installation with RAID5
  • FTP installation
  • Explore – BIOS – GRUB – INIT environments
  • Explain GNU/Linux System V Init Runlevel (0 – 6) concepts & applications
  • Enter the Rescue environment
  • Debug failed INITRD environments

 

• Common BASH Shell commands – Command Line Interface (CLI)
  • pwd, touch, stat, ls – explore useful Linux system commands
  • echo, cat – expose ASCII text and integrate with files
  • cp – copy files
  • mv – move files throughout the file system
  • tar – explore features and advantages of tarballs
  • gzip, bzip2, zip- intetgrate with tar and examine Internet archive
  • diff – compare and contrast between 2 or 3 files – diff3
  • file – discuss logic used to ascertain file type
  • find – single and multiple expressions and criteria
  • slocate – Compare and contrast with find and create system-wide DB
  • w, wall, watch, whereis, which, who – Important w commands
  • ps – explore process lists
  • free & top – explore process management with top
  • seq, top, jobs, fg, kill, killall, bg – Manage processes using standard tools
  • Use grep to process lines
  • Use awk to process fields
  • Use sed to process text streams
  • Explore Perl basics
  • User and group creation & management concepts – passwd, shadow, group, gshadow files
  • Use system-config-users to create and manage users and groups

 

• Permissions – Symlinks – Quotas – File System Management
  • Discuss & Identify file system permissions
  • Create Symbolic links (hard & soft)
  • Implement file system quotas
  • Use FDISK
  • Create Standard Linux Partition
  • Make EXT2 File System & mount for general usage
  • Remove EXT2 partition and create EXT3-based parition
  • FSTAB – explore File System Table
  • Use FDISK to create a swap partition
  • Create Swap partition using MKSWAP & SWAPON
  • Provision additional swap space using swapon & swapoff
  • Create Swap space using files in conjunction with partitions
  • Logical Volume Management (LVM) – Discuss concepts and applications
  • Allocate partitions for usage with LVM
  • Create Physical Volumes
  • Create Volume Groups based on Physical Volumes
  • Create Logical Volumes based on Volume Groups
  • Mount and use LVM Volumes
  • Resize LVM Volumes
  • Create run-time RAID volumes
  • Evaluate results

 

• Kickstart-based RAID Installation
  • Use Kickstart tool to configure automated kickstart process
  • Installation via HTTP using Kickstart
  • Discuss RAID concepts and configuration
  • Configure RAID disk partitions

 

• RPM | YUM Package Management Tools – Concepts & Usage
  • Query existing packages & file-based packages
  • Identify offline and online package repositories
  • Install packages
  • Upgrade packages
  • Freshen packages
  • Remove packages
  • Create YUM repository
  • Install packages using YUM

 

• CRON – System Scheduler
  • Explore Cron Implementation
  • Explain scheduling options
  • Global and scope-based Cron options
  • Schedules jobs to run & examine the output
  • Configure individual Crontab entries

 

• Explore System Logging via SYSLOG and Logrotate
  • Explore Boot log & System Log
  • Explore dmesg
  • Explanation of syslog facilities & levels
  • Demonstrate syslog administration
  • Enable SYSLOG network listener
  • Demonstrate Cisco PIX Firewall to Linux SYSLOG functionality
  • Explore automatic log rotation and customization via Logrotate
  • Configure Logrotate to rotate & compress sample log files

 

• Common Network Utilities
  • Explore PING
  • Use Telnet to test TCP ports
  • Explore Netstat socket listings
  • Use arp to reveal layer-2 information
  • LFTP – basic usage, job control
  • LFTP – mirror and reverse mirror content – resume transmission
  • LFTP – batch, non-interactive, scripted mode
  • Introduction to SSH concepts, implementation, etc.
  • Use SSH Client to connect to remote Linux Systems using password authentication
  • Identify key SSH-client files (.known_hosts, public/private key pairs,etc.)
  • Authenticate to remote Linux systems using alternate credentials
  • Use Secure Copy Protocol (SCP) to move data between systems non-interactively
  • Use Secure File Transfer Protocol (SFTP) to move data between systems interactively
  • Demonstrate how to generate Public/Private key (RSA/DSA) pairs using SSH-Keygen
  • Demonstrate using SSH to authenticate to remote Linux hosts without passwords
  • Install RedHat Enterprise Workstation on Dell Laptop using HTTP
  • Generate Public Key/Private Key pairs for use with file and E-mail encryption

 

• Network Interface Configuration
• Discuss concepts
• Identify key files
• Configure aliased interfaces
• Evaluate results
• Kernel Concepts and Management – NTSYSV & Chkconfig
  • Identify and discuss kernel implementation
  • Use kernel utils to identify modules and supported hardware
  • Discuss proper kernel update procedures
  • Download and Install the latest SMP-based kernel
  • Confirm results
  • Remove outdated kernel and confirm results
  • Download and Install the latest Uniprocessor-based kernel
  • Examine changes to GRUB and other key directory trees
  • Explore ntsysv
  • Explore chkconfig

 

• Implement Network Time Protocol (NTP) Client/Server
  • Configure Network Time Protocol (NTP) to perform client/server time synchronization
  • Synchronize SUSE Enterprise Linux NTP with additional Linux Stratum 2 NTP server
  • Synchronize against Stratum 1 NTP servers

 

• Trivial File Transfer Protocol Daemon (TFTPD)
  • Explain TFTPD Concepts & Applications
  • Explore TFTPD  configuration file
  • Configure TFTPD with applicable options
  • Backup Cisco configuration using TFTPD

 

• Very Secure File Transfer Protocol Daemon (VSFTPD)
  • Explain VSFTPD Concepts & Applications
  • Explore VSFTPD  configuration file
  • Configure VSFTPD with applicable options
  • Connect to VSFTPD server

 

• TelnetD
  • Explain Telnet Concepts & Applications
  • Explore Telnet  configuration files
  • Evaluate Telnet connectivity

 

• Dynamic Host Configuration Protocol (DHCP)
  • Explain DHCP Concepts & Applications
  • Explore DHCP configuration files
  • Configure DHCP subnet with applicable options
  • Configure DHCP Reservation based on layer-2 address

 

• Domain Name System (DNS)
  • Configure BIND as a caching-only DNS server
  • Implement Master DNS Zone
  • Configure Reverse Zone for local subnet
  • Configure Master/Slave Zones with Linux Server
  • Evaluate results of BIND configuration using DIG, nslookup & host
  • Configure BIND with reverse DNS support
  • Configure BIND with IPv6 support

 

• Network File System (NFS) Implementation
  • Implement NFS Server
  • Export shares and discuss options
  • Mount NFS exports on remote Linux Host
  • Implement AutoFS

 

• Samba Implementation
  • Implement Linux & Windows Integration via Samba
  • Explore Samba Configuration files
  • Install Samba Server support
  • Install Samba Web-based Administration Tool (SWAT)
  • Configure Samba file sharing
  • Configure Samba with multiple NETBIOS aliases
  • Configure Samba-Active Directory Integration with Winbind
  • Evaluate results

Apache – MySQL® – PHP (LAMP)

• Apache Web Server Implementation
  
  • Discuss Apache server’s features and concepts
  • Examine Apache HTTPD CONF hierarchy
  • Examine various configuration files
  • Implement Apache Mod Alias
  • Follow SYMLINKS
  • Discuss and implement the Directory directive
  • Restrict access to content based on IPs and subnets
  • Discuss .htacess file with directives
  • Configure IP-based Virtual Hosts
  • Configure Name-based Virtual Hosts
  • Implement Basic and digest authentication schemes
  • Explore Apache logging semantics
  • Implement Apache logging system per virtual host
  • Configure Apache with SSL support

 

• MySQL® Relational Database Management System
  • Install MySQL® Relational Database Management System
  • Secure access to MySQL®
  • Explore MySQL® monitor shell-based interface
  • Create sample MySQL® database
  • Populate with data and execute queries
  • Evaluate results

 

• Postfix Message Transfer Agent (MTA)
  • Introduction to Sendmail Implementation
  • Configure Postfix as default MTA
  • Introduction to Postfix Message Transfer Agent (MTA)
  • Explore the directives in the Postfix configuration files
  • Define default values for the FQDN
  • Alter myorigin and examine results
  • Configure Postfix to route messages using a Smarthost
  • Examine how Postfix delivers mail locally
  • Configure SMTP Relaying in Postfix
  • Use Mutt to demonstrate outbound mail handling using Postfix
  • Define SMTP Virtual domains for hosting multiple DNS domains
  • Configure Postfix with a production LinuxCBT DNS domain
  • Examine Virtual domain routing with production and non-production DNS domains

 

• Internet Messaging Access Protocol (IMAP) – Dovecot
  • Explain IMAP concepts and applications in comparison to POP3
  • Implement IMAP services
  • Connect to IMAP services from remote Windows Outlook Express client
  • Implement IMAPS
  • Generate new self-signed SSL certificate for use with IMAPS

 

• Squirrel-mail Web-based Mail Interface Implementation
  • Describe required squirrel mail components for web-mail integration
  • Install squirrel mail on SUSE Enterprise Linux system
  • Configure Apache virtual directory for squirrel mail integration
  • Configure Apache Virtual Host for squirrel mail integration
  • Configure BIND DNS services for squirrel mail integration
  • Explore squirrel mail’s web-based interface

 

• Squid Proxy Server
  • Discuss features and benefits
  • Explore configuration
  • Enable and test Squid from a web browser
  • Evaluate results

Security Implementation Techniques

• SELinux Intro
  • Discuss features and benefits
  • Explore default configuration
  • Enable | Disable SELinux
  • Identify key tools
  • Evaluate results

 

• GNU Privacy Guard (GPG) Implementation
  • Discuss features and benefits
  • Explore default configuration
  • Generate usage keys
  • Encrypt | Decrypt data
  • Exchange encrypted data with remote user
  • Evaluate results

 

• Secure Shell Daemon – Secure Communications Implementation
  • Explore SSHD key configuration files
  • Restrict access to SSHD
  • Explore SSHD logging
  • Execute remote commands in non-interactive mode using SSH
  • Discuss forced-commands framework
  • Configure SUSE Enterprise to accomodate forced-commands
  • Test forced-commands for pre-configured accounts for push/pull secure transactions
  • Integrate SSHD with Windows 2003 Server and PuTTY SSH client
  • Implement PKI with PuTTY SSH
  • Use PSCP and PSFTP to communicate securely from Windows
  • Evaluate results

 

• IPTABLES (Netfilter Linux Kernel-based Firewall)
  • Discuss IPTABLES/Netfilter Concepts
  • Explore default tables and chains
  • Define and test INPUT chain
  • Define and test OUTPUT chain
  • Create user-defined chain and evaluate results
  • Explain IPTABLES default chains/filters and policies
  • Examine TCP/ICMP communications pre-IPTABLES chains
  • Filter traffic based on Layer-4 TCP/UDP (Source/Destination Ports) information
  • Restrict access to SSH and test connectivity
  • Implement IP Forwarding between disparate subnets
  • Evaluate IPTables6 (IPv6) support

 

• NMAP – Port Scanner and Vulnerability Assessment Tool
  • Obtain, and install current version of NMAP
  • Identify commonly used NMAPoptions/switches/parameters
  • Explain typical TCPhandshake protocol while using NMAP
  • Identifiy key NMAP configuration files
  • Use NMAP to perform operating system fingerprinting
  • Peform subnet-wide ethical scans
  • Perform default TCPSYN-based ethical scans of local and remote resources
  • Examine the results of scans on remote Cisco firewall with debugging mode enabled
  • Perform default TCPConnect-based ethical scans of local and remote resources
  • Peform local ethical scans
  • Discuss NMAP’s features and applications
  • Perform Connect/Syn/Fin and various ethical port-scans
  • Perform service exposure scans

 

• Nessus Vulnerability Scanner
  • Download and Install Nessus Vulnerability Scanner
  • Register Nessus to obtain updated definitions
  • Perform basic Nessus system configuration and start the daemon
  • Use Nessus Linux client to connect to Nessus Server and perform scans
  • Examine resuls of scanning local and remote hosts
  • Evaluate results

 

• Snort® 2.x Network Intrusion Detection System (NIDS)
  • Obtain, and install pre-requisites (libpcap/libpcre/etc.)
  • Obtain, compile and install the Snort® Network Intrusion Detection System (NIDS)
  • Identify and explain key operating modes (Sniffer/Logger/NIDS)
  • Explore in network sniffer mode
  • Explain OSI Model and relevant sniffing options
  • Explore Snort® in ASCII and Binary (TCPDUMP) logging modes
  • Output logs to ASCII text format and examine the results
  • Output logs to binary format and examine the results
  • Implement Snort® with BPF to filter traffic
  • Generate traffic from remote Linux host and evaluate with Snort
  • Use Snort® with Berkeley Packet Filter (BPF) to parse logs
  • Implement Snort® in NIDS modes
  • Explore the snort.conf file and discuss rules
  • Explain Logging and Alerting output options
  • Install BASE – Analysis package
  • Perform port-scans from remote Linux systems and analyze Alerts using BASE
  • Configure Snort® to log to SYSLOG

 

 

LinuxCBT Proxy Edition feat. Squid is unparalleled in content, depth and expertise. It entails 10-hours, or over 1-day of classroom training. LinuxCBT Proxy Edition feat. Squid prepares you or your organization for successfully securing GNU/Linux & Open Source-based solutions. As a by-product, many of the covered concepts, utilities and tricks are applicable to heterogeneous computing environments, ensuring your coverage of the fundamentals of securing corporate infrastructures.

Let LinuxCBT Proxy Edition feat. Squid cost-effectively sharpen your GNU/Linux & Open Source Security skills!

Recommended Prerequisites for:

• Any LinuxCBT Operating System Course (Classic/EL-4/SUSE/Debian Editions)
  • Open mind & determination to master Linux and related open-source applications
  • Basic understanding of networking concepts
  • Access to a PC to follow the exercises

 

 

 

 

Proxy Security – Module 1

• Squid Proxy Initialization
  • Discuss Squid concepts & applications
  • Discuss DNS application
  • Configure DNS on primary SuSE Linux server for the Squid Proxy environment
  • Confirm DNS environment
  • Start Squid and evaluate default configuration
  • Install Squid Proxy server

 

• General Proxy Usage
  • Configure web browser to utilize proxy services
  • Grant permissions to permit local hosts to utilize proxy services
  • Discuss ideal file system layout – partitioning
  • Explore key configuration files
  • Use client to test the performance of proxy services
  • Discuss HIT/MISS logic for serving content
  • Configure proxy support for text-based (lftp/wget/lynx) HTTP clients
• Squid Proxy Logs
  • Discuss Squid Proxy logging mechanism
  • Identify key log files
  • Discuss & explore the Access log to identify HITS and/or MISSES
  • Discuss & explore the Store log to identify cached content
  • Convert Squid logs to the Common Log Format (CLF) for easy processing
  • Discuss key CLF fields
  • Configure Webalizer to process Squid-CLF logs
  • Revert to Squid Native logs
  • Discuss key Native log fields
  • Configure Webalizer to process Squid Native logs
• Squid Network Configuration & System Stats
  • Discuss cachemgr.cgi Common Gateway Interface(CGI) script
  • Explore the available metrics provided by cachemgr.cgi
  • Change default Squid Proxy port
  • Modify text/graphical clients and test communications
  • Discuss Safe Ports – usage & applications

Squid Access Control Lists (ACLs)

• Intro to Access Control Lists (ACLs) – syntax
• Define & test multiple HTTP-based ACLs
• Define & test ACL lists – to support multiple hosts/subnets
• Define & test time-based ACLs
• Nest ACLs to tighten security
• Implement destination domain based ACLs
• Exempt destination domains from being cached to ensure content freshness
• Define & test Anded ACLs
• Discuss the benefits of Regular Expressions (Regexes)
• Implement Regular Expressions ACLs to match URL patterns
• Exempt hosts/subnets from being cached or using the Squid cache
• Force cache usage
• Configure enterprise-class Cisco PIX firewall to deny outbound traffic
• Configure DNS round-robin with multiple Squid Proxy caches for load-balancing
• Discuss delay pool concepts & applications – bandwidth management
• Configure delay pools – to support rate-limiting
• Examine results of various delay pool classes
• Enforce maximum connections to deter Denial of Service (DoS) attacks
• Verify maximum connections comply with security policy

Squid Proxy Hierarchies

• Discuss Squid cache hierarchy concepts & applications
• Ensure communications through a primary cache server – double-auditing
• Discuss and configure parent-child bypass based on ACLs
• Configure Intranet ACLs for peer-cache bypass
• Discuss & implement Squid cache hierarchy siblings
• Configure transparent proxy services