Table of Contents

sealuncheonServers

Dec 9, 2013 (3 years and 11 months ago)

110 views



1

RH253


Network Services and
Security Administration

Table of Contents




Introduction
-

RH253: Network Services and Security Administration

o

Welcome

o

Participant Introductions

o

Red Hat Enterprise Linux

o

Red Hat Enterprise Linux Variants

o

Red Hat Network

o

Other Red Hat Supported Software

o

The Fedora Project

o

Classroo
m Network

o

Objectives of RH253

o

Audience and Prerequisites




Unit 1
-

System Performance and Security

o

Objectives

o

System Resources as Services

o

Security in Principle

o

Security in Practice

o

Security Policy: the People

o

Security Policy: the System

o

Response Strategie
s

o

System Faults and Breaches

o

Method of Fault Analysis

o

Fault Analysis: Hypothesis

o

Method of Fault Analysis, continued

o

Fault Analysis: Gathering Data

o

Benefits of System Monitoring

o

Network Monitoring Utilities

o

Networking, a Local view

o

Networking, a Remote vie
w

o

File System Analysis

o

Typical Problematic Permissions

o

Monitoring Processes

o

Process Monitoring Utilities

o

System Activity Reporting

o

Managing Processes by Account

o

System Log Files

o

syslogd and klogd Configuration

o

Log File Analysis

o

End of Unit 1




Unit 2
-

Syst
em Service Access Controls

o

Objectives

o

System Resources Managed by init



2

RH253


Network Services and
Security Administration

o

System Initialization and Service Management

o

chkconfig

o

Initialization Script Management

o

xinetd Managed Services

o

xinetd Default Controls

o

xinetd Service Configuration

o

xinetd Access Contro
ls

o

Host Pattern Access Controls

o

The /etc/sysconfig/ files

o

Service and Application Access Controls

o

tcp_wrappers Configuration

o

Daemon Specification

o

Client Specification

o

Macro Definitions

o

Extended Options

o

A tcp_wrappers Example

o

xinetd and tcp_wrappers

o

SELinux

o

SELinux, continued

o

SELinux: Targeted Policy

o

SELinux: Management

o

SELinux: semanage

o

SELinux: File Types

o

End of Unit 2




Unit 3
-

Network Resource Access Controls

o

Objectives

o

Routing

o

IPv6 Features

o

Implementing IPv6

o

IPv6: Dynamic Interface Configuration

o

IPv6: S
tatic Interface Configuration

o

IPv6: Routing Configuration

o

tcp_wrappers and IPv6

o

New and Modified Utilities

o

Netfilter Overview

o

Netfilter Tables and Chains

o

Netfilter Packet Flow

o

Rule Matching

o

Rule Targets

o

Simple Example

o

Basic Chain Operations

o

Additional Chai
n Operations

o

Rules: General Considerations

o

Match Arguments

o

Connection Tracking



3

RH253


Network Services and
Security Administration

o

Connection Tracking, continued

o

Connection Tracking Example

o

Network Address Translation (NAT)

o

DNAT Examples

o

SNAT Examples

o

Rules Persistence

o

Sample /etc/sysconfig/iptables

o

IPv6 an
d ip6tables

o

End of Unit 3




Unit 4
-

Organizing Networked Systems

o

Objectives

o

Host Name Resolution

o

The Stub Resolver

o

DNS
-
Specific Resolvers

o

Trace a DNS Query with dig

o

Other Observations

o

Forward Lookups

o

Reverse Lookups

o

Mail Exchanger Lookups

o

SOA Lookups

o

SOA r
data

o

Being Authoritative

o

The Everything Lookup

o

Exploring DNS with host

o

Transitioning to the Server

o

Service Profile: DNS

o

Access Control Profile: BIND

o

Getting Started with BIND

o

Essential named Configuration

o

Configure the Stub Resolver

o

bind
-
chroot Package

o

cac
hing
-
nameserver Package

o

Address Match List

o

Access Control List (ACL)

o

Built
-
In ACL's

o

Server Interfaces

o

Allowing Queries

o

Allowing Recursion

o

Allowing Transfers

o

Modifying BIND Behavior

o

Access Controls: Putting it Together

o

Slave Zone Declaration

o

Master Zone Dec
laration

o

Zone File Creation

o

Tips for Zone Files



4

RH253


Network Services and
Security Administration

o

Testing

o

BIND Syntax Utilities

o

Advanced BIND Topics

o

Remote Name Daemon Control (rndc)

o

Delegating Subdomains

o

DHCP Overview

o

Service Profile: DHCP

o

Configuring an IPv4 DHCP Server

o

End of Unit 4




Unit 5
-

Network F
ile Sharing Services

o

Objectives

o

File Transfer Protocol(FTP)

o

Service Profile: FTP

o

Network File Service (NFS)

o

Service Profile: NFS

o

Port options for the Firewall

o

NFS Server

o

NFS utilities

o

Client
-
side NFS

o

Samba services

o

Service Profile: SMB

o

Configuring Samba

o

Ov
erview of smb.conf Sections

o

Configuring File and Directory Sharing

o

Printing to the Samba Server

o

Authentication Methods

o

Passwords

o

Samba Syntax Utility

o

Samba Client Tools: smbclient

o

Samba Client Tools: nmblookup

o

Samba Clients Tools: mounts

o

Samba Mounts in /e
tc/fstab

o

End of Unit 5




Unit 6
-

Web Services

o

Objectives

o

Apache Overview

o

Service Profile: HTTPD

o

Apache Configuration

o

Apache Server Configuration

o

Apache Namespace Configuration

o

Virtual Hosts

o

Apache Access Configuration

o

Apache Syntax Utilities

o

Using .htacces
s Files



5

RH253


Network Services and
Security Administration

o

.htaccess Advanced Example

o

CGI

o

Notable Apache Modules

o

Apache Encrypted Web Server

o

Squid Web Proxy Cache

o

Service Profile: Squid

o

Useful parameters in /etc/squid/squid.conf

o

End of Unit 6




Unit 7
-

Electronic Mail Services

o

Objectives

o

Essential Email Op
eration

o

Simple Mail Transport Protocol

o

SMTP Firewalls

o

Mail Transport Agents

o

Service Profile: Sendmail

o

Intro to Sendmail Configuration

o

Incoming Sendmail Configuration

o

Outgoing Sendmail Configuration

o

Inbound Sendmail Aliases

o

Outbound Address Rewriting

o

Sendma
il SMTP Restrictions

o

Sendmail Operation

o

Using alternatives to Switch MTAs

o

Service Profile: Postfix

o

Intro to Postfix Configuration

o

Incoming Postfix Configuration

o

Outgoing Postfix Configuration

o

Inbound Postfix Aliases

o

Outbound Address Rewriting

o

Postfix SMTP
Restrictions

o

Postfix Operation

o

Procmail, A Mail Delivery Agent

o

Procmail and Access Controls

o

Intro to Procmail Configuration

o

Sample Procmail Recipe

o

Mail Retrieval Protocols

o

Service Profile: Dovecot

o

Dovecot Configuration

o

Verifying POP Operation

o

Verifying IMA
P Operation

o

End of Unit 7




Unit 8
-

Securing Data

o

Objectives

o

The Need For Encryption



6

RH253


Network Services and
Security Administration

o

Cryptographic Building Blocks

o

Random Number Generator

o

One
-
Way Hashes

o

Symmetric Encryption

o

Asymmetric Encryption I

o

Asymmetric Encryption II

o

Public Key Infrastructures

o

Digit
al Certificates

o

Generating Digital Certificates

o

OpenSSH Overview

o

OpenSSH Authentication

o

The OpenSSH Server

o

Service Profile: SSH

o

OpenSSH Server Configuration

o

The OpenSSH Client

o

Protecting Your Keys

o

Applications: RPM

o

End of Unit 8




Unit 9
-

Account Managemen
t

o

Objectives

o

User Accounts

o

Account Information (Name Service)

o

Name Service Switch (NSS)

o

getent

o

Authentication

o

Pluggable Authentication Modules (PAM)

o

PAM Operation

o

/etc/pam.d/ Files: Tests

o

/etc/pam.d/ Files: Control Values

o

Example: /etc/pam.d/login File

o

The

system_auth file

o

pam_unix.so

o

Network Authentication

o

auth Modules

o

Password Security

o

Password Policy

o

session Modules

o

Utilities and Authentication

o

PAM Troubleshooting

o

End of Unit 9




Appendix A
-

Installing Software

o

Software Installation