Transcript Document
Administering Linux Internet Services © 2001 ComputerPREP, Inc. All rights reserved. Lesson 1: TCP/IP Configuration © 2001 ComputerPREP, Inc. All rights reserved. Objectives • Deploy ifconfig and Linuxconf to reconfigure a NIC in Linux • Use the netconfig and netcfg commands • Identify the /etc/sysconfig/network-scripts file • Use ping options • List the uses of the arp, netstat, and route commands • Use the traceroute command to discover network paths • Enable IP forwarding TCP/IP Configuration Parameters • Basic configuration information – Computer name – IP address – Subnet mask – Default gateway – DNS information – DHCP client information Static Addressing • Configuration commands • Manual interface configuration Dynamic Addressing • DHCP – Client/server node configuration – BOOTP Testing Network Connectivity • • • • • The ping command Address resolution and ARP The netstat command The route command Traceroute Using Multiple Ethernet Adapters • Adding multiple adapters • IP forwarding – Enabling IP forwarding – Editing the network scripts directly Summary Deploy ifconfig and Linuxconf to reconfigure a NIC in Linux Use the netconfig and netcfg commands Identify the /etc/sysconfig/network-scripts file Use ping options List the uses of the arp, netstat, and route commands Use the traceroute command to discover network paths Enable IP forwarding Lesson 2: The Domain Name System © 2001 ComputerPREP, Inc. All rights reserved. Objectives • • • • • Explain the DNS Identify DNS components List the common DNS record types Define reverse DNS lookup Use nslookup and other DNS troubleshooting tools • Implement DNS on Linux Domain Name System • Address resolution Domain Name Space • Root level • Top level • Second level – Subdomains Accessing Hosts by DNS Name • Fully qualified domain name (FQDN) • DNS components • DNS server types Setting Up DNS • Zone files • DNS records • Reverse lookups and the in-addr.arpa trick Probing DNS with nslookup • BIND • Basic nslookup operation – Interactive operation • Finding other record types • Changing servers • Listing domains (zone file transfers) Setting Up DNS in Linux • • • • • Named.conf (BIND v.8) Named.ca Named.local Forward zone Reverse zone Troubleshooting DNS • Utilities • Additional tools Summary Explain the DNS Identify DNS components List the common DNS record types Define reverse DNS lookup Use nslookup and other DNS troubleshooting tools Implement DNS on Linux Lesson 3: Modem Configuration © 2001 ComputerPREP, Inc. All rights reserved. Objectives • Identify tools to configure a PPP interface • Configure a PPP interface to make outbound connections • Configure a modem to listen for and service inbound connections • Configure a PPP logon script • List steps for initiating an ISDN connection Modems and Interfaces • PPP • ISDN • Additional types of dial-up interfaces – Dummy – SLIP – CSLIP • Selecting the correct modem • Inbound and outbound access Common Configuration Options • Automatic reconnection • Startup program • Connection software The Modem Chat Sequence • Hayes commands • Unsuccessful sessions • Authentication and the chat sequence PPP Configuration • • • • PPP configuration files Using Linuxconf Using Kppp Creating a new account Activating the Interface • ifup ppp0 • Kppp • Linuxconf Listing the PPP Interface • Monitoring interface activity Troubleshooting the Modem • Minicom utility • PPP HOWTO • auth required /lib/security/pam_pwdb.so module ISDN and Linux • ISDN adapter • Linux utilities to configure ISDN support Summary Identify tools to configure a PPP interface Configure a PPP interface to make outbound connections Configure a modem to listen for and service inbound connections Configure a PPP logon script List steps for initiating an ISDN connection Lesson 4: Configuring a DHCP Server © 2001 ComputerPREP, Inc. All rights reserved. Objectives • Identify the usefulness of DHCP • Configure a DHCP server • Configure a DHCP client How DHCP Works • • • • • • • Discover message Initializing Offer message Selecting state Request message Requesting state Acknowledgment message DHCP Implementation • Dynamic allocation • Manual allocation (client reservation) Summary Identify the usefulness of DHCP Configure a DHCP server Configure a DHCP client Lesson 5: Configuring Apache Server © 2001 ComputerPREP, Inc. All rights reserved. Objectives • • • • • • Stop and start Apache Server Create aliases Redirect URLs Understand CGI and Perl Enable access control Create a virtual server Apache Server Concepts • Document root directories • Apache Server RPM files – Controlling the server Administering Apache Server • • • • • Apache Server processes Stopping and starting httpd Configuring Apache Server Merging all three files Graphical user interfaces and Apache Apache Server and Perl • Apache Server modules – perl_module – php3_module – php4_module Controlling Access • Creating a password file • Adding users • Additional options Virtual Servers • Order of entries • Giving the correct name • Additional server directives Summary Stop and start Apache Server Create aliases Redirect URLs Understand CGI and Perl Enable access control Create a virtual server Lesson 6: Sendmail © 2001 ComputerPREP, Inc. All rights reserved. Objectives • • • • • • • Describe how Sendmail uses SMTP Differentiate between SMTP, POP3, and IMAP Stop and start Sendmail and configure parameters Create mail aliases Configure mail forwarding Control access to Sendmail Troubleshoot Sendmail E-Mail Agents • Mail transfer agent • Mail delivery agent • Mail user agent E-Mail Delivery Methods • Central server • Individual machines E-Mail Server Terminology • • • • • • Masquerading Aliasing Relaying E-mail hub Combining aliasing and forwarding MX records The Simple Mail Transfer Protocol • SMTP headers Post Office Protocol 3 • • • • • • user pass list retr dele quit Internet Message Access Protocol • IMAP and e-mail clients Stopping and Starting Sendmail • System V scripts • ps • /var/run/sendmail.pid file Miscellaneous Configuration Issues • Modifying sendmail.cf • Common client modifications • Aliasing with Sendmail – Machine aliases The /etc/mail Directory • • • • The access file Forwarding e-mail to a local user Forwarding e-mail to a remote user The .forward file The Mail Queue • Viewing the mail queue • Deleting queued messages • Managing queued messages Troubleshooting Sendmail • Using the mail command • The /var/log/messages file Enabling POP3 and IMAP • IMAP and POP3 daemons • Concurrent servers Summary Describe how Sendmail uses SMTP Differentiate between SMTP, POP3, and IMAP Stop and start Sendmail and configure parameters Create mail aliases Configure mail forwarding Control access to Sendmail Troubleshoot Sendmail Lesson 7: Network Monitoring © 2001 ComputerPREP, Inc. All rights reserved. Objectives • • • • Use tcpdump to examine all network traffic Obtain a graphical display of all network traffic View a network activity matrix Gather network use statistics for your own interface • Identify the type and amount of traffic passing through a network Packet Sniffing • Ethereal Network Analyzer – Dependencies • Sniffit • Promiscuous mode – Switches – Running tcpdump Viewing a Network Matrix • • • • • • HTTP FTP DNS ICMP ARP SSH • • • • • SMTP UNIX Login Telnet IPv IPv6 Gathering Statistics • IPTraf • Ntop Summary Use tcpdump to examine all network traffic Obtain a graphical display of all network traffic View a network activity matrix Gather network use statistics for your own interface Identify the type and amount of traffic passing through a network Lesson 8: Security Principles, Tools and Practices © 2001 ComputerPREP, Inc. All rights reserved. Objectives • • • • • • • Discuss authentication and encryption Explain how PAMs work in Linux Search for commonly exploited file permissions Identify system scanning tools Use shadow passwords Deploy TCPWrapper Control user access to system processes Encryption • Categories – Symmetric – Asymmetric – Hash • Benefits – Data confidentiality – Data integrity – Authentication – Nonrepudiation Authentication • Methods – Prove what you know – Show what you have – Demonstrate who you are – Identify where you are Logon Security and Pluggable Authentication Modules • • • • • • Configuring PAM Remote access and the root account Denying remote access to specific users Time-based access Controlling processor and memory usage The ulimit command System Scanning • Finding suspect files • Disabling accounts • chattr and isattr TCPWrapper • Tcpd • Syntax for hosts.allow and hosts.deny Setting FTP Logon Limits • Creating and limiting classes Incident Response • • • • • • Notify management Break the link or create a “jail” Call the police Contact the hacker Conduct trace routes Delete and replace affected binaries Proactive Maintenance • • • • CERT BugTraq SecurityPortal Linux vendors Summary Discuss authentication and encryption Explain how PAMs work in Linux Search for commonly exploited file permissions Identify system scanning tools Use shadow passwords Deploy TCPWrapper Control user access to system processes Lesson 9: Deploying Secure Shell © 2001 ComputerPREP, Inc. All rights reserved. Objectives • • • • Describe public key encryption Obtain and install SSH to replace Telnet Use Linux clients to connect to an SSH server Authenticate using public key encryption Secure Shell • • • • • • Security services provided by SSH Obtaining SSH Encryption in SSH Authentication in SSH SSH2 components SSH clients Preparing SSH Components • • • • Installing components and starting the server Logging on using SSH Compatibility with SSH1 SSH and DNS Secure Shell and Authentication • Exchanging public keys • Establishing trust relationships • Using the secure FTP client Summary Describe public key encryption Obtain and install SSH to replace Telnet Use Linux clients to connect to an SSH server Authenticate using public key encryption Administering Linux Internet Services TCP/IP Configuration The Domain Name System Modem Configuration Configuring a DHCP Server Configuring Apache Server Administering Linux Internet Services Sendmail Network Monitoring Security Principles, Tools and Practices Deploying Secure Shell