"Charting the Course ... ... to Your Success!" Linux for Experienced UNIX Administrators Course Summary Description Linux for Experienced UNIX Administrators is an accelerated course combining the topics from "Enterprise Linux Systems Administration" and "Enterprise Linux Networking Services.” Enterprise Linux Systems Administration is an in-depth course that explores installation, configuration and maintenance of Linux systems. The course focuses on issues universal to every workstation and server. Like all Guru Labs courses, the course material is designed to provide extensive hands-on experience. Topics include: installation and configuration; the boot process; user and group administration; filesystem administration, including quotas, FACLs, RAID and LVM; task automation; client networking; SELinux; software management; log files; troubleshooting; and more. Enterprise Linux Networking Services is an expansive course that covers a wide range of network services useful to every organization. Special attention is paid to the concepts needed to implement these services securely, and to the trouble-shooting skills which will be necessary for real-world administration of these network services. Like all Guru Labs courses, the course material is designed to provide extensive hands-on experience. Topics include: Security with SELinux and Netfilter, DNS concepts and implementation with Bind; LDAP concepts and implementation using OpenLDAP; Web services with Apache; FTP with vsftpd; caching, filtering proxies with Squid; SMB/CIFS (Windows networking) with Samba; and e-mail concepts and implementation with Postfix combined with either Dovecot or Cyrus. Topics           

Linux Orientation Linux Kernel & Hardware Boot Process & Systemd Software Maintenance Local Storage Administration LVM & RAID Remote Storage Administration User/Group Administration Security Administration Process Administration Networking

          

Monitoring & Troubleshooting BIND DNS SQL Fundamentals and MariaDB OpenLDAP VSFTPD & Apache Squid Proxy Server Samba Postfix Email Services Installing RHEL7 Installing SLES12

Audience Students should be experienced UNIX administrators. Prerequisites Students should already be experienced UNIX administrators. Fundamentals such as the UNIX command line and how to edit files will not be covered in class. A good understanding of network concepts, the TCP/IP protocol suite, and basic UNIX security is also assumed. The accelerated pace of this class makes it more difficult for unprepared students to keep up. Less experienced students are encouraged to instead take "Linux Fundamentals", "Enterprise Linux Systems Administration" or "Enterprise Linux Networking Services." Duration Five days Due to the nature of this material, this document refers to numerous hardware and software products by their trade names. References to other companies and their products are for informational purposes only, and all trademarks are the properties of their respective companies. It is not the intent of ProTech Professional Technical Services, Inc. to use any of these names generically

"Charting the Course ... ... to Your Success!" Linux for Experienced UNIX Administrators Course Outline I.

Linux Orientation A. FSF and GNU B. GPL – General Public License C. Linux Kernel and Versioning D. Components of a Distribution E. SUSE Linux Products F. Red Hat Linux Products

II.

Linux Kernel & Hardware A. Hardware Discovery Tools B. Configuring New Hardware with hwinfo C. Hardware and System Clock D. Console E. Virtual Terminals F. Serial Ports G. SCSI Devices H. USB Configuration I. Defining a Printer J. Tape Libraries K. Managing Linux Device Files L. Kernel Hardware Info – /sys/ M. /sys/ Structure N. udev O. Kernel Modules P. Configuring Kernel Components and Modules Q. Handling Module Dependencies R. Configuring the Kernel via /proc/ S. System Tools T. Random Numbers and /dev/random LAB TASKS 1. Adjusting Kernel Options 2. Configuring Print Queues 3. Introduction to Troubleshooting Labs 4. Troubleshooting Practice: Kernel Modules III.

Boot Process & systemd A. System Boot Method Overview B. systemd System and Service Manager C. systemd Targets D. Using systemd E. Legacy Support for SysV init F. Booting Linux on PCs G. GRUB 2 H. GRUB 2 Configuration I. GRUB 2 Security J. Boot Parameters K. Initial RAM Filesystem L. init M. Linux Runlevels Aliases N. Systemd local-fs.target and sysinit.target O. Systemd basic.target and multi-user.target

P. Legacy local bootup script support Q. System Configuration Files R. RHEL7 Configuration Utilities S. SLES12 Configuration Utilities T. Shutdown and Reboot LAB TASKS 1. Boot Process 2. Booting directly to a bash shell 3. GRUB Command Line 4. Basic GRUB Security 5. Managing Services With Systemd's systemctl 6. Troubleshooting Practice: Boot Process IV.

Software Maintenance A. RPM Architecture B. Working With RPMs C. Querying and Verifying with RPM D. Updating the Kernel RPM E. Using the Yum command F. Using the Zypper command G. YUM package groups H. Zypper Services and Catalogs I. Configuring Yum J. YUM Repositories K. Rebuilding Source RPM Packages L. Software Tools Comparison Matrix LAB TASKS 1. Managing Software with RPM 2. Creating a Custom RPM Repository 3. Querying the RPM Database 4. Installing Software via RPM & Source and Rebuilding SRPMs 5. Using Yum 6. Using Zypper V.

Local Storage Administration A. Partitioning Disks with fdisk & gdisk B. Resizing a GPT Partition with gdisk C. Partitioning Disks with parted D. Filesystem Creation E. Mounting Filesystems F. Filesystem Maintenance G. Resizing Filesystems H. Managing an XFS Filesystem I. Swap J. Filesystem Attributes K. Filesystem Creation and Management LAB TASKS 1. Creating and Managing Filesystems 2. Hot Adding Swap

Due to the nature of this material, this document refers to numerous hardware and software products by their trade names. References to other companies and their products are for informational purposes only, and all trademarks are the properties of their respective companies. It is not the intent of ProTech Professional Technical Services, Inc. to use any of these names generically

"Charting the Course ... ... to Your Success!" Linux for Experienced UNIX Administrators Course Outline (cont’d) VI.

LVM & RAID A. Logical Volume Management B. Implementing LVM C. Creating Logical Volumes D. Manipulating VGs & LVs E. Advanced LVM Concepts F. gnome-disk-utility G. SLES Graphical Disk Tool H. RAID Concepts I. Array Creation with mdadm J. Software RAID Monitoring K. Software RAID Control and Display L. LVM and RAID: Unix Tool Comparison LAB TASKS 1. Creating and Managing LVM Volumes 2. Creating and Managing a RAID-5 Array Remote Storage Administration A. Remote Storage Overview B. Remote Filesystem Protocols C. Remote Block Device Protocols D. NFS Clients E. NFS Server Configuration F. Implementing NFSv4 G. AutoFS H. AutoFS Configuration I. SAN Multipathing J. Multipath Configuration K. Multipathing Best Practices L. iSCSI Architecture M. Open-iSCSI Initiator Implementation N. iSCSI Initiator Discovery O. iSCSI Initiator Node Administration P. Mounting iSCSI Targets at Boot Q. iSCSI Multipathing Considerations LAB TASKS 1. Using autofs 2. NFS Server Configuration 3. iSCSI Initiator Configuration

L. M. N. O. P. Q.

PAM Module Types PAM Order of Processing PAM Control Statements pam_wheel.so pam_limits.so User/Group Administration Comparison Matrix LAB TASKS 1. User and Group Administration 2. Using LDAP for Centralized User Accounts 3. Troubleshooting Practice: Account Management 4. Restricting superuser access to wheel group membership 5. Setting Limits with the pam_limits Modules 6. Using pam_limits to Restrict Simultaneous Logins

VII.

VIII.

User/Group Administration A. Approaches to Storing User Accounts B. User and Group Concepts C. User Administration D. Modifying Accounts E. Group Administration F. Password Aging G. Default User Files H. Controlling Login Sessions I. system-config-authentication J. SLES DS Client Configuration K. PAM Overview

IX.

Security Administration A. Security Concepts B. Tightening Default Security C. Security Advisories D. Fine Grained Authorizations with Polkit E. File Access Control Lists F. Manipulating FACLs G. Viewing FACLs H. Backing Up FACLs I. File Creation Permissions with umask J. User Private Group Scheme K. Alternatives to UPG L. TCP Wrappers Concepts M. TCP Wrappers Concepts N. Xinetd O. SUSE Basic Firewall Configuration P. Netfilter Concepts Q. Using the iptables Command R. Common match_specs S. Connection Tracking T. AppArmor U. SELinux Security Framework V. SELinux Modes W. SELinux Commands X. Choosing an SELinux Policy Y. SELinux Booleans Z. SELinux Policy Tools AA. (X)INETD and Firewalls LAB TASKS 1. User Private Groups 2. Using Filesystem ACLs 3. Securing xinetd Services 4. Enforcing Security Policy with xinetd 5. Securing Services with TCP Wrappers

Due to the nature of this material, this document refers to numerous hardware and software products by their trade names. References to other companies and their products are for informational purposes only, and all trademarks are the properties of their respective companies. It is not the intent of ProTech Professional Technical Services, Inc. to use any of these names generically

"Charting the Course ... ... to Your Success!" Linux for Experienced UNIX Administrators Course Outline (cont’d) 6. Securing Services with SuSEfirewall2 7. Securing Services with Netfilter 8. Exploring SELinux Modes 9. SELinux File Contexts X.

Process Administration A. at & cron Usage B. Anacron C. Viewing Processes D. Managing Processes E. Tuning Process Scheduling F. Process Accounting G. Setting Resource Limits via ulimit LAB TASKS 1. Creating and Managing User Cron Jobs 2. Adding System cron Jobs XI.

Networking A. Linux Network Interfaces B. Ethernet Hardware Tools C. Network Configuration with ip Command D. Configuring Routing Tables E. IP to MAC Address Mapping with ARP F. Starting and Stopping Interfaces G. NetworkManager H. DNS Clients I. DHCP Clients J. Network Diagnostics K. Information from ss and netstat L. Managing Network-Wide Time M. Continual Time Sync with NTP N. Configuring NTP Clients O. Multiple IP Addresses P. IPv6 Q. Interface Aggregation R. Interface Bonding S. Network Teaming T. Interface Bridging U. 802.1q VLANS V. Network Configuration Tools LAB TASKS 1. Network Discovery 2. Basic Client Networking 3. NTP Client Configuration 4. Multiple IP Addresses Per Network Interface 5. Configuring IPv6 6. Troubleshooting Practice: Networking XII.

Monitoring & Troubleshooting A. System Status – Memory B. System Status – I/O C. System Status – CPU

D. Performance Trending with sar E. Troubleshooting Basics: The Process F. Troubleshooting Basics: The Tools G. System Logging H. Syslog-ng I. systemd Journal J. systemd Journal's journactl K. Secure Logging with Journal's Log Sealing L. Rsyslog M. /etc/rsyslog.conf N. Log Management O. Log Anomaly Detector P. strace and ltrace Q. Troubleshooting Incorrect File Permissions R. Inability to Boot S. Typos in Configuration Files T. Corrupt Filesystems U. RHEL7 Rescue Environment V. SUSE Rescue Environment W. Process Tools LAB TASKS 1. Using the systemd Journal 2. Setting up a Full Debug Logfile 3. Remote Syslog Configuration 4. Remote Rsyslog TLS Configuration 5. Recovering Damaged MBR XIII.

BIND DNS A. The Domain Name Space B. Delegation and Zones C. Server Roles D. Resolving Names E. Resolving IP Addresses F. Basic BIND Administration G. Configuring the Resolver H. Testing Resolution I. rndc Key Configuration J. named.conf Options Block K. Creating a Site-Wide Cache L. Zones In named.conf M. Zone Database File Syntax N. SOA – Start of Authority O. A, AAAA, & PTR – Address & Pointer Records P. NS – Name Server Q. TXT, CNAME, & MX – Text, Alias, & Mail Host R. Abbreviations and Gotchas S. $GENERATE, $ORIGIN, and $INCLUDE

Due to the nature of this material, this document refers to numerous hardware and software products by their trade names. References to other companies and their products are for informational purposes only, and all trademarks are the properties of their respective companies. It is not the intent of ProTech Professional Technical Services, Inc. to use any of these names generically

"Charting the Course ... ... to Your Success!" Linux for Experienced UNIX Administrators Course Outline (cont’d) LAB TASKS 1. Configuring a Slave Name Server 2. Use rndc to Control named 3. Configuring BIND Zone Files XIV.

SQL Fundamentals and MariaDB A. Popular SQL Databases B. SELECT Statements C. INSERT Statements D. UPDATE Statements E. DELETE Statements F. JOIN Clauses G. MariaDB H. MariaDB Installation and Security I. MariaDB User Account Management J. MariaDB Replication LAB TASKS 1. SQL with Sqlite3 2. Installing and Securing MariaDB 3. Creating a Database in MariaDB 4. Create a Database Backed Application XV.

OpenLDAP A. OpenLDAP: Server Architecture B. OpenLDAP: Backends C. OpenLDAP: Replication D. OpenLDAP: Configuration Options E. OpenLDAP Server Tools F. OpenLDAP Client Tools G. LDIF: LDAP Data Interchange Format H. Enabling LDAP-based Login I. System Security Services Daemon (SSSD) LAB TASKS 1. Building An OpenLDAP Server 2. Enabling TLS For An OpenLDAP Server 3. Enabling LDAP-based Logins XVI.

vsftpd & Apache A. vsftpd B. Anonymous FTP with vsftpd C. Configuring vsftpd D. HTTP Operation E. Apache Architecture F. Apache Configuration Files G. httpd.conf – Server Settings H. httpd.conf – Main Configuration I. httpd.conf – VirtualHost Configuration J. Virtual Hosting DNS Implications K. Adding Modules to Apache L. Apache Logging

M. Delegating Administration N. Directory Protection O. Directory Protection with AllowOverride P. Common Uses for .htaccess Q. TLS Using mod_ssl.so LAB TASKS 1. Configuring vsftpd 2. Apache Architecture 3. Apache Content 4. Configuring Virtual Hosts 5. Using .htaccess Files 6. Using TLS Certificates with Apache XVII. Squid Proxy Server A. Squid Overview B. Squid File Layout C. Squid Access Control Lists D. Applying Squid ACLs E. Tuning Squid & Configuring Cache Hierarchies F. Bandwidth Metering G. Monitoring Squid H. Proxy Client Configuration LAB TASKS 1. Installing and Configuring Squid 2. Squid Cache Manager CGI 3. Proxy Auto Configuration 4. Configure a Squid Proxy Cluster XVIII. Samba A. Samba Daemons B. Accessing Windows/Samba Shares from Linux C. Samba Utilities D. Samba Configuration Files E. The smb.conf File F. Mapping Permissions and ACLs G. Mapping Linux Concepts H. Sharing Home Directories I. Sharing Printers J. Share Authentication K. User-Level Access L. Mapping Users M. Samba Account Database N. User Share Restrictions LAB TASKS 1. Samba Share-Level Access 2. Samba User-Level Access 3. Samba Group Shares 4. Handling Symbolic Links with Samba 5. Samba Home Directory Shares

Due to the nature of this material, this document refers to numerous hardware and software products by their trade names. References to other companies and their products are for informational purposes only, and all trademarks are the properties of their respective companies. It is not the intent of ProTech Professional Technical Services, Inc. to use any of these names generically

"Charting the Course ... ... to Your Success!" Linux for Experienced UNIX Administrators Course Outline (cont’d) XIX.

Postfix A. Postfix Features B. Postfix Components C. Postfix Configuration D. master.cf E. main.cf F. Postfix Map Types G. Postfix Pattern Matching H. Virtual Domains I. Postfix Mail Filtering J. Configuration Commands K. Management Commands L. SMTP AUTH Server and Relay Control M. SMTP AUTH Clients N. TLS Server Configuration O. Postfix Client Configuration for TLS LAB TASKS 1. Configuring Postfix 2. Postfix Network Configuration 3. Postfix Virtual Host Configuration 4. Postfix SMTP AUTH Configuration 5. Postfix STARTTLS Configuration 6. SUSE Postfix Configuration Cleanup XX.

Email Services A. Procmail B. SpamAssassin C. amavisd-new Mail Filtering D. Cyrus IMAP/POP3 Server E. Cyrus IMAP MTA Integration F. Cyrus Mailbox Administration G. Dovecot POP3/IMAP Server LAB TASKS 1. Configuring Procmail & SpamAssassin 2. Configuring Cyrus IMAP 3. Dovecot TLS Configuration

XXI.

Installing RHEL7 A. Anaconda: An Overview B. Anaconda: Booting the System C. Anaconda: Common Boot Options D. Anaconda: Loading Anaconda and Packages E. Anaconda: Storage Options F. Anaconda: Troubleshooting G. FirstBoot H. Kickstart I. Network Booting with PXE J. A Typical Install LAB TASKS 1. Linux Installation 2. Automating Installation with Kickstart XXII. Installing SLES12 A. YaST Install Program Interface B. Network Installation C. SLP for SUSE Linux Installation D. Installation Choices E. Kernel Crash Dump Configuration F. Network Booting with PXE G. Creating AutoYaST2 Files H. Using AutoYaST2 files I. linuxrc Automation J. Installation Diagnostics K. After The First Reboot L. A Typical Install LAB TASKS 1. SUSE Linux Enterprise Server Installation 2. Automating Installation with AutoYaST

Due to the nature of this material, this document refers to numerous hardware and software products by their trade names. References to other companies and their products are for informational purposes only, and all trademarks are the properties of their respective companies. It is not the intent of ProTech Professional Technical Services, Inc. to use any of these names generically