LinuxCBT feat. Debian4x Edition focuses primarily on the true open-source Debian GNU/Linux 4x operating system.
LinuxCBT feat. Debian4x Edition prepares you or your organization for successfully deploying and managing business-critical Debian GNU/Linux-based server solutions. Let LinuxCBT feat. Debian4x Edition teach you what traditional training outlets and other CBTs do not; solid Debian GNU/Linux skills!
Recommended Prerequisites:
- Open mind & determination to master Linux and related open-source applications
- Basic MS Windows skills
- Basic understanding of networking concepts
- Access to a spare PC to perform all of the installations and exercises
Introduction to & Installation of Debian GNU/Linux
- Install Debian Linux
Using Various Methods
- Explore network layout
- Identify Debian GNU/Linux distribution sites
- Explain various methods of obtaining Debian GNU/Linux
- Explain the various branches
- Prep the Intel-based system for a minimal installation
- Install Debian Linux on x86 machine using local media
and the Internet
- Install Debian Linux on Intel-based x86 machine using CD-ROMs
- Configure the installation process with Server-oriented packages
- Prep the Intel-based system for a PXE network installation
- Identify Network Installation ISO Image repositories
- Configure the installation process with Server-oriented packages
- Prepare VMWare host server
- Install Debian GNU/Linux on VMWare Server
Debian GNU/Linux Fundamentals
- Explore Linux boot sequence
- Explore Debian GNU/Linux GNOME Desktop Interface & Default Applications
- Basic Debian GNU/Linux Skills
- Demonstrate usage of the following useful commands & concepts
- ls, pwd, cd, cp, mv, rm, mkdir, rmdir, whoami, man, info
- alias, cat, file, chmod, chown, history
- Standard in/out, UNIX Pipes, Redirection, Command Chaining
- ps, df, free, vmstat, top, kill
- less & more, head & tail, find
- which & whereis, w, who
- PING (Packet Internet Groper)
- dig (Domain Information Groper) - used to query DNS servers
- Demonstrate typical usage of the vi text editor
- Demonstrate typical usage the nano text editor
- Tarball Archiving & compression of files & directories with tar|gzip|bzip2|unzip
- Explain UNIX/Linux file security & permissions (-rwxrwxrwx)
- Use mount/umount to access CD-ROM and floppy devices
- Explore /etc/fstab (File system Table file)
- Explore TCP/IP Configuration
- Explore Wget and demonstrate its typical usage to interface to HTTP/FTP servers
- Explore GNU: GREP | Awk | Sed
- Advanced Package Management Tool (APT) Concepts
- Explain classes of Debian GNU/Linux Packages
- Identify Debian GNU/Linux Package Management Tools
- Inventory currently installed DEB packages
- Identify key Advanced Package Tool (APT) configuration files
- Search for Debian GNU/Linux packages using Advanced Package Tool (APT)
- Install/Update/Remove software using APT
- Configure APT to query multiple sources for packages
- Use DPKG to install a DEB package located on an EXT3 File System
- Configure APT to install packages from varying versions of Debian GNU/Linux
- Use Aptitude to manage Debian GNU/Linux packages
- Install Apt-Spy using APT to identify optimal mirrors
- Disk & Volume Management
- Provision additional Storage partitions using FDISK
- Use MKE2FS to provision multiple EXT2 & EXT3 File Systems
- Provision additional Storage partitions using Parted
- Provision additional Swap storage
- Use MKSWAP & SWAPON to enable additional Swap storage
- Update File System Table (FSTAB) to reflect system changes
- Explore Logical Volume Management (LVM) Configuration
- Create volume sets using: Logical Volume Management (LVM)
- Package Management
- Discuss various package management options
- Explore package management repositories
- Use DPKG to install a .deb package
- Install
packages using 'apt-get'
- Manage packages using 'aptitude'
- INIT
- Explain Debian GNU/Linux System V Init Runlevel (0 - 6) concepts & applications
- Explore INIT configuration
- Identify key startup files, including scripts (inittab,Sscripts,Kscripts,etc.)
- Switch between run levels and evaluate
- Demonstrate using SSH to authenticate to remote Linux hosts without passwords
-
- Explore the CRON scheduling daemon & configuration
- Identify key Cron configuration scopes (Global & User)
- Explain Crontab file format and applicable options
- Define custom cron jobs system-wide
- Define custom cron jobs user-wide
- Evaluate results of cron jobs
-
top
Core Network Services
- System Logging via Syslog, Syslog-NG and Logrotate
- Explanation of syslog facilities & levels
- Demonstrate syslog administration
- Demonstrate Cisco to Linux SYSLOG functionality
- Migrate system to Syslog-NG
- Discuss Syslog-NG features and benefits
- Explore automatic log rotation and customization via Logrotate
- Configure Logrotate to rotate & compress sample log files
-
- IPv4 & IPv6 Configuration
- Identify key files for the transition from DHCP to Static addressing
- Configure Linux client with static TCP/IP parameters for network communication
- Configure Virtual (Sub) Ethernet Interfaces to faciliate multiple IP addresses
- Explain IPv6 addresses (prefixes)
- Explore IPv6 configuration
on Linux and Cisco router
- Implement Network Time Protocol (NTP) Client/Server
- Configure Network Time Protocol (NTP) to perform client/server time synchronization
- Identify NTP bounded UDP interfaces
- Synchronize Debian GNU/Linux NTP with RedHat Linux Stratum 2 NTP server
- Configure RedHat Linux NTP server to synchronize with Debian GNU/Linux server
- Trivial File Transfer Protocol Daemon (TFTPD)
- Discuss features and benefits
- Explore TFTPD configuration
- Backup Cisco router and firewall configuration using TFTPD
- Evaluate results
-
- Very Secure File Transfer Protocol Daemon (VSFTPD) & LFTP Client
- Discuss features and benefits
- Explore configuration
- Test FTP connectivity
- Explore LFTP client features
- Evaluate results
-
- Telnet Daemon (TELNETD) for temporary clear-text shell communications
- Discuss features and benefits
- Install TELNETD using Aptitude
- Explore configuration and usage
- Examine Message of the day banners (MOTD), /etc/issue file (pre-login banner/display info.)
-
- Commonly-used Network Utilities
- NETSTAT
- Traceroute & MTR (PING & Traceroute functionality)
- ARP
- IFCONFIG
- Route
- DIG & NSLOOKUP
- Whois
-
- Dynamic Host Configuration Protocol (DHCP) services
- Explain the various steps of the DHCP process
- Configure global & scope-level DHCP options
- Configure IP reservations based on layer 2 MAC addresses
- Enable Linux DHCP services
- Configure Windows/Linux clients to receive dynamic addresses from Linux
- Examine evidence of clients requesting addresses from DHCPD
-
- Implement the Berkeley Internet Naming Daemon (BIND) Domain Name Server (DNS)
- Implement BIND 9.x
- Configure BIND as a caching-only DNS server
- Test caching-only name resolution from Linux hosts
- Configure Linux/Windows 2003 clients to use Linux BIND DNS server
- Configure BIND as an Authoritative DNS server
- Test primary name resolution from Windows & Linux hosts
- Configure BIND as a secondary(slave) DNS server
- Evaluate results of BIND configuration using DIG
- Configure DNS zones
- Configure zone transfers
- Evaluate BIND's configuration files
- Implement IPv6 DNS
AAAA records & evaluate forward IPv6 name resolution
- Implement IPv6 DNS reverse records & evaluate reverse IPv6 name resolution
-
- Network File System (NFS)
- Discuss features and benefits
- Explore NFS configuration
- Test NFS on clients and servers
-
- Implement Linux & Windows Integration via Samba
- Implement SMBFS integration with Debian GNU/Linux File System
- Mount Windows shares seamlessly using Samba File System (SMBFS)
- Configure FSTAB to support repetitive mounts
- Implement secure SMBFS credentials for mounting
- Install Samba Server support
- Install Samba Web-based Administration Tool (SWAT)
- Configure Samba file sharing
- Configure Samba with multiple NETBIOS aliases
- Configure Samba Windows Internet Name Server (WINS) support
- Evaluate Windows XP client access to Debian GNU/Linux Samba server
top
Application Services - Linux|Apache|MySQL|PHP (LAMP)
- Web Application Services
- Implement Apache Web Server
- Examine httpd.conf file directives
- Implement virtual directories using Apache and symbollic links
- Implement Redirects using Locate and various Apache directives
- Configure virtual hosts bound to the primary IP address and port
- Configure virtual hosts bound to alternate virtual IP addresses and ports
- Implement Apache logging system per virtual host
- Configure basic authentication to virtual hosts containers via Directory directives
- Configure digest authentication
- Implementation of Webalizer Log Analysis software
- Generate web reports using Webalizer
- Implementation of PHP Dynamic Web Access Scripting Engine
- Evaluate PHP Dynamic Web Access Scripting Engine installation results
- Test basic PHP script-processing using sample scripts
-
- MySQL Relational Database Management System
- Install MySQL Relational Database Management System
- Secure access to MySQL
- Create sample MySQL databases
- Install PHPMyAdmin for web-based management of MySQL instances
- Explain & Secure access to PHPMyAdmin
- Explore PHPMyAdmin's interface
- Postfix MTA
- Install Postfix MTA
- Introduction to Postfix Message Transfer Agent (MTA)
- Use Mutt to demonstrate outbound mail handling using Postfix
- Explore Postfix Configuration
-
- Post Office Protocol Version 3 (POP3)
- Explain POP3 concepts and applications
- Implement POP3 daemon
- Connect to POP3 daemon using Windows Outlook Express client
- Use Mutt to send SMTP-based messages to POP3 account
-
- Internet Messaging Access Protocol (IMAP)
- Explain IMAP concepts and applications in comparison to POP3
- Implement IMAP services
- Connect to IMAP services from remote Windows Outlook Express client
-
- Web-based Mail Implementation using Squirrel-mail
- Describe required squirrel mail components for web-mail integration
- Install squirrel mail on Debian GNU/Linux system
- Configure Apache virtual directory for squirrel mail integration
- Configure Apache Virtual Host for squirrel mail integration
- Configure BIND DNS services for squirrel mail integration
- Explore squirrel mail's web-based interface
-
top
Security Implementation Techniques
- TCP Wrappers (hosts.allow/hosts.deny)
- Discuss TCP Wrappers concepts & applications
- Identify primary package and key TCP Wrappers configuration files
- Demonstrate disabled TCP Wrappers configurations by attempting connectivity
- Examine pre and post TCP Wrappers configuration effects
- Implement TCP Wrappers for common services
- Test local & remote access to TCP Wrappers-protected host & services
-
- XINETD (Enhanced & Secure INETD Super Server Implementation)
- Upgrade Debian GNU/Linux system from INETD to XINETD
- Identify key XINETD configuration files
- Explain the contents and structure of xinetd.conf
- Restrict access to various daemons/services based on hosts & subnets
- Compare & contrast TCP Wrappers and XINETD
- Secure services with XINETD
- Insert common global xinetd.conf daemon/service defaults
- Configure XINETD to log via SYSLOG
- Configure XINETD to restrict number of spawned instances of daemons/services
- Configure port forwarding of daemons/services
- Configure XINETD to bind daemons/services to specific sub-interfaces (Virtual IP addresses)
- Explore additional XINETD features
-
- IPTABLES (Netfilter Linux Kernel-based Firewall)
- Discuss IPTABLES/Netfilter Concepts
- Explain IPTABLES default chains/filters and policies
- Examine TCP/ICMP communications pre-IPTABLES chains
- Implement ICMP inbound filtration based on various hosts
- Use Cisco PIX Firewall to verify ICMP debugging
- Filter traffic based on Layer-4 TCP/UDP (Source/Destination Ports) information
- Restrict access to various daemons (SSH/FTP/HTTP/etc.)
- Test connectivity locally and remotely (RedHat/Windows/etc.)
-
- Network Mapper (NMAP)
- Obtain, compile and install current version of NMAP
- Identify commonly used NMAP options/switches/parameters
- Perform default TCP SYN-based ethical scans of local and remote resources
- Explain typical TCP handshake protocol while using NMAP
- Examine the results of scans on remote Cisco firewall with debugging mode enabled
- Perform default TCP Connect-based ethical scans of local and remote resources
- Examine the results of scans on remote Cisco PIX Firewall with debugging mode enabled
- Use NMAP to scan using aliased and spoofed IP addresses
- Peform local ethical scans
- Identifiy key NMAP configuration files
- Use NMAP to perform operating system fingerprinting
- Peform subnet-wide ethical scans
-
- Nessus Vulnerability Scanner
- Download, compile, and prepare Nessus vulnerability scanner for deployment
- Implement Nessus client/server Security vulnerability scanner in SSL-mode
- Identify Nessus's key features and explore its graphical interface
- Ethical scan of the local system for vulnerabilities
- Examine scan results via the reporting engine
- Discuss mitigation techniques for suggested vulnerabilities
- Ethical scan of a fraction of the class C subnet by using CIDR
- Examine the scan results and discuss
- Ethical scan of the entire class C subnet
- Examine Nessus process utilization while vulnerability scans are in progress
- Lockdown (Debian GNU/Linux System Lockdown)
- Explain potential network-based entry points to the system
- Identify superfluous daemons/services using NETSTAT & NMAP
- Disable superfluous daemons/services using update-rc.d and proper scripts
- Identify changes in the system as a result of performing the lockdown
- Disable superfluous daemons/services using XINETD
- Restrict source address access to daemons/services using XINETD
- Restrict bind address for daemons/services using XINETD
- Discuss application-layer security for added protection (MySQL/Apache/Sendmail/SSH/Nessus)
- Force SSHD to bind to desired layer-3 IP address for controlled security
- Secure the system using IPTABLES & TCP Wrappers for added security
-
- TCPDump & Wireshark
- Discuss features and benefits
- Explore TCPDump usage
- Capture interesting traffic
- Analyze with Wireshark
- Snort 2.8x Intrusion Detection System (IDS)
- Obtain, and install Snort pre-requisites (libpcap/libpcre/etc.)
- Obtain, compile and install the Snort Intrusion Detection System (IDS)
- Identify and explain key operating modes (Sniffer/Logger/IDS)
- Run Snort in all three modes and examine the results
- Output Snort logs to ASCII text format and examine the results
- Output Snort logs to binary format and examine the results
- Use Snort with Berkeley Packet Filter (BPF) to parse logs
- Implement Snort with BPF to filter real-time traffic
- Obtain and install requisite MySQL libraries for Snort
- Recompile Snort IDS with MySQL support
- Implement Snort IDS with MySQL integration for real-time reporting
- Implement ACID web-based front-end for examining Snort logs
top
|
