© 2001 ComputerPREP, Inc. All rights reserved. Administering Linux Internet Services

© 2001 ComputerPREP, Inc. All rights reserved.

AdministeringLinux Internet Services


Lesson 1: TCP/IP

Configuration

Objectives

• Deploy ifconfig and Linuxconf to reconfigure a NIC in Linux

• Use the netconfig and netcfg commands• Identify the /etc/sysconfig/network-scripts file• Use ping options• List the uses of the arp, netstat, and route

commands• Use the traceroute command to discover network

paths• Enable IP forwarding

TCP/IPConfiguration Parameters

• Basic configuration information– Computer name– IP address– Subnet mask– Default gateway– DNS information– DHCP client information

StaticAddressing

• Configuration commands• Manual interface configuration

DynamicAddressing

• DHCP– Client/server node configuration– BOOTP

TestingNetwork Connectivity

• The ping command• Address resolution and ARP• The netstat command• The route command• Traceroute

Using MultipleEthernet Adapters

• Adding multiple adapters• IP forwarding

– Enabling IP forwarding– Editing the network scripts directly

Summary

Deploy ifconfig and Linuxconf to reconfigure a NIC in Linux

Use the netconfig and netcfg commands Identify the /etc/sysconfig/network-scripts file Use ping options List the uses of the arp, netstat, and route

commands Use the traceroute command to discover network

paths Enable IP forwarding


Lesson 2:The Domain

Name System

Objectives

• Explain the DNS• Identify DNS components• List the common DNS record types• Define reverse DNS lookup• Use nslookup and other DNS troubleshooting

tools• Implement DNS on Linux

DomainName System

• Address resolution

DomainName Space

• Root level• Top level• Second level

– Subdomains

Accessing Hostsby DNS Name

• Fully qualified domain name (FQDN)• DNS components• DNS server types

Setting Up DNS

• Zone files• DNS records• Reverse lookups and the in-addr.arpa trick

Probing DNSwith nslookup

• BIND• Basic nslookup operation

– Interactive operation• Finding other record types• Changing servers• Listing domains (zone file transfers)

Setting UpDNS in Linux

• Named.conf (BIND v.8)• Named.ca• Named.local• Forward zone• Reverse zone

Troubleshooting DNS

• Utilities• Additional tools

Summary

Explain the DNS Identify DNS components List the common DNS record types Define reverse DNS lookup Use nslookup and other DNS troubleshooting

tools Implement DNS on Linux


Lesson 3:Modem Configuration

Objectives

• Identify tools to configure a PPP interface• Configure a PPP interface to make outbound

connections• Configure a modem to listen for and service

inbound connections• Configure a PPP logon script• List steps for initiating an ISDN connection

Modemsand Interfaces

• PPP• ISDN• Additional types of dial-up interfaces

– Dummy– SLIP– CSLIP

• Selecting the correct modem• Inbound and outbound access

CommonConfiguration Options

• Automatic reconnection• Startup program• Connection software

The ModemChat Sequence

• Hayes commands• Unsuccessful sessions• Authentication and the chat sequence

PPPConfiguration

• PPP configuration files• Using Linuxconf• Using Kppp• Creating a new account

Activatingthe Interface

• ifup ppp0• Kppp• Linuxconf

Listing thePPP Interface

• Monitoring interface activity

Troubleshootingthe Modem

• Minicom utility• PPP HOWTO• auth required /lib/security/pam_pwdb.so

module

ISDNand Linux

• ISDN adapter• Linux utilities to configure ISDN support

Summary

Identify tools to configure a PPP interface Configure a PPP interface to make outbound

connections Configure a modem to listen for and service

inbound connections Configure a PPP logon script List steps for initiating an ISDN connection


Lesson 4:Configuring aDHCP Server

Objectives

• Identify the usefulness of DHCP• Configure a DHCP server• Configure a DHCP client

How DHCP Works

• Discover message• Initializing• Offer message• Selecting state• Request message• Requesting state• Acknowledgment message

DHCPImplementation

• Dynamic allocation• Manual allocation (client reservation)

Summary

Identify the usefulness of DHCP Configure a DHCP server Configure a DHCP client


Lesson 5:Configuring

Apache Server

Objectives

• Stop and start Apache Server• Create aliases• Redirect URLs• Understand CGI and Perl• Enable access control• Create a virtual server

ApacheServer Concepts

• Document root directories• Apache Server RPM files

– Controlling the server

AdministeringApache Server

• Apache Server processes• Stopping and starting httpd• Configuring Apache Server• Merging all three files• Graphical user interfaces and Apache

Apache Serverand Perl

• Apache Server modules– perl_module– php3_module– php4_module

Controlling Access

• Creating a password file• Adding users• Additional options

VirtualServers

• Order of entries• Giving the correct name• Additional server directives

Summary

Stop and start Apache Server Create aliases Redirect URLs Understand CGI and Perl Enable access control Create a virtual server


Lesson 6:Sendmail

Objectives

• Describe how Sendmail uses SMTP• Differentiate between SMTP, POP3, and IMAP• Stop and start Sendmail and configure parameters• Create mail aliases• Configure mail forwarding• Control access to Sendmail• Troubleshoot Sendmail

E-MailAgents

• Mail transfer agent• Mail delivery agent• Mail user agent

E-MailDelivery Methods

• Central server• Individual machines

E-MailServer Terminology

• Masquerading• Aliasing• Relaying• E-mail hub• Combining aliasing and forwarding• MX records

The Simple MailTransfer Protocol

• SMTP headers

Post OfficeProtocol 3

• user• pass• list• retr• dele• quit

Internet MessageAccess Protocol

• IMAP and e-mail clients

Stopping andStarting Sendmail

• System V scripts• ps• /var/run/sendmail.pid file

MiscellaneousConfiguration Issues

• Modifying sendmail.cf• Common client modifications• Aliasing with Sendmail

– Machine aliases

The /etc/mailDirectory

• The access file• Forwarding e-mail to a local user• Forwarding e-mail to a remote user• The .forward file

TheMail Queue

• Viewing the mail queue• Deleting queued messages• Managing queued messages

TroubleshootingSendmail

• Using the mail command• The /var/log/messages file

EnablingPOP3 and IMAP

• IMAP and POP3 daemons• Concurrent servers

Summary

Describe how Sendmail uses SMTP Differentiate between SMTP, POP3, and IMAP Stop and start Sendmail and configure parameters Create mail aliases Configure mail forwarding Control access to Sendmail Troubleshoot Sendmail


Lesson 7:Network Monitoring

Objectives

• Use tcpdump to examine all network traffic• Obtain a graphical display of all network traffic• View a network activity matrix• Gather network use statistics for your own

interface• Identify the type and amount of traffic passing

through a network

Packet Sniffing

• Ethereal Network Analyzer– Dependencies

• Sniffit• Promiscuous mode

– Switches– Running tcpdump

Viewing aNetwork Matrix

• HTTP• FTP• DNS• ICMP• ARP• SSH

• SMTP• UNIX Login• Telnet• IPv• IPv6

GatheringStatistics

• IPTraf• Ntop

Summary

Use tcpdump to examine all network traffic Obtain a graphical display of all network traffic View a network activity matrix Gather network use statistics for your own

interface Identify the type and amount of traffic passing

through a network


Lesson 8:Security Principles,Tools and Practices

Objectives

• Discuss authentication and encryption• Explain how PAMs work in Linux• Search for commonly exploited file permissions• Identify system scanning tools• Use shadow passwords• Deploy TCPWrapper• Control user access to system processes

Encryption

• Categories– Symmetric– Asymmetric– Hash

• Benefits– Data confidentiality– Data integrity– Authentication– Nonrepudiation

Authentication

• Methods– Prove what you know– Show what you have– Demonstrate who you are– Identify where you are

Logon Security and Pluggable Authentication Modules

• Configuring PAM• Remote access and the root account• Denying remote access to specific users• Time-based access• Controlling processor and memory usage• The ulimit command

SystemScanning

• Finding suspect files• Disabling accounts• chattr and isattr

TCPWrapper

• Tcpd• Syntax for hosts.allow and hosts.deny

SettingFTP Logon Limits

• Creating and limiting classes

IncidentResponse

• Notify management• Break the link or create a “jail”• Call the police• Contact the hacker• Conduct trace routes• Delete and replace affected binaries

ProactiveMaintenance

• CERT• BugTraq• SecurityPortal• Linux vendors

Summary

Discuss authentication and encryption Explain how PAMs work in Linux Search for commonly exploited file permissions Identify system scanning tools Use shadow passwords Deploy TCPWrapper Control user access to system processes


Lesson 9:Deploying

Secure Shell

Objectives

• Describe public key encryption• Obtain and install SSH to replace Telnet• Use Linux clients to connect to an SSH server• Authenticate using public key encryption

Secure Shell

• Security services provided by SSH• Obtaining SSH• Encryption in SSH• Authentication in SSH• SSH2 components• SSH clients

PreparingSSH Components

• Installing components and starting the server• Logging on using SSH• Compatibility with SSH1• SSH and DNS

Secure Shelland Authentication

• Exchanging public keys• Establishing trust relationships• Using the secure FTP client

Summary

Describe public key encryption Obtain and install SSH to replace Telnet Use Linux clients to connect to an SSH server Authenticate using public key encryption

Administering Linux Internet Services

TCP/IP Configuration The Domain Name System Modem Configuration Configuring a DHCP Server Configuring Apache Server

Administering Linux Internet Services

Sendmail Network Monitoring Security Principles, Tools and Practices Deploying Secure Shell

Documents

© 2001 ComputerPREP, Inc. All rights reserved. Administering Linux Internet Services