advanced_administration

Linux Administration

Section 1 Linux Installation

Pre-Installation Considerations
Hardware Compatibility
Multi-OS Booting
Partition Considerations
Partition Planning
Filesystem Considerations
Journaled Filesystems
Installation Choices
CD-ROM Installation
Network Installation
Local Hard Drive Installation
FC Personal Desktop Class
FC Workstation Class
FC Server Class
FC Custom Class
Install Program Interface
Installation Diagnostics
Language Selection
Keyboard Configuration
Fedora Install Options
Automatic Partitioning
Partitioning with Disk Druid
Installing a Boot Loader
Network Configuration
Security Configuration
Language Support Selection
Root Password Configuration
Time Zone Configuration
Package Group Selection
Installing Packages
Install Finished
First Boot
Finalizing GUI Configuration
Video Card Configuration
Monitor Configuration
Authentication Configuration

Lab 1 - Installation

Perform a GUI network NFS based workstation install
Configure LVM and Software RAID at installation time

Section 2 PC Hardware and Linux

Kudzu
PC System Hardware
USB Devices and Configuration
Linux Device Files
Configuring New Hardware
Kernel Modules
Handling Module Dependencies
Configuring Kernel via /proc
Kernel Hardware Info - /sys/
/sys/ structure

Lab 2 - PC Hardware and Linux

Enable the Magic-SysReq key
Use system-config-proc to disable ICMP broadcast

Section 3 Post-Install System
Configuration

Configuration Utilites and Files
Network Services
Managing System Time and Network-Wide Time
Continual Time Sync - NTP
Configuring NTP Clients
Managing Software
RPM Features, Architecture, and Package Files
Working With RPMs
Querying and Verifying with RPM
Package Dependencies
Intro to YUM
Using the YUM command
Configuring YUM
YUM Repositories and Resources
Configuring Printers
Common UNIX Printing System
Defining a Printer
Kickstart
Creating Kickstart Files
Using Kickstart files

Lab 3 - Post-Install Config

Answer some questions about the system using RPM
queries
Install zsh using RPM
Troubleshoot and repair a package using RPM
verification
Upgrade the kernel using RPM
Install the XFCE desktop environment using YUM
Create and test a custom YUM repository
Crate a custom YUM repository for installing software
Setup CUPS print queues using: system-config-printer,
lpadmin, and the CUPS web interface
Modify a kickstart file using a text editor
Create a kickstart file using ksconfig
Start an install using a pre made kickstart file

Section 4 Boot Process and SysV Init

Booting Linux on PCs
LILO Options
GRUB Configuration
Kernel Boot Parameters
/sbin/init
System init Styles
/etc/inittab
rc.sysinit
/etc/init.d and /etc/rcX.d
rc
Typical SysV Init Script
The rc.local file
Managing Daemons
Controlling Startup Services
Shutdown and Reboot

Lab 4 - Boot Process

Use GRUB to boot into single user mode
Modify kernel/init parameters in GRUB
Explore the GRUB interface
Attach to the /boot filesystem and display the contents
of the grub/grub.conf file
Set a GRUB password
Modify the lilo.conf creating a new stanza that passes
kernel parameters

Section 5 User/Group Administration
and NFS

User/Group Concepts
User Private Group Scheme
User Administration
Modifying Accounts
Group Administration
Password Aging
Default User Files
Controlling Logins
PAM, PAM Services, and PAM Control Statements
su, Wheel, and sudo
DNS Client Configuration
File Sharing via NFS
NFS Server Configuration
NFS Clients
Automounting Filesystems

Lab 5 - User Administration

Customize /etc/skel
Add new users and manage password aging
Set up wheel group behavior for su
Configure a project directory to take advantage of the
user private group scheme
Configure autofs to access an NFS export
Configure NIS client as part of the domain
Configure autofs to mount home directories
Switch to using LDAP for authentication
Setup an NFS server and export directories

Section 6 Filesystem Administration

Partition Tables
File System Creation
Mounting File Systems
Filesystem Maintenance
Persistent Block Devices
udev
Resizing Filesystems
File Deletion and Undeletion
Swap
Disk Usage
Configuring Disk Quotas
Checking Disk Quotas
Filesystem Attributes
File Access Control Lists
Manipulating FACLs
Viewing FACLs
Backing Up FACLs
Backup Hardware, Software, and Examples
Tape Libraries

Lab 6 - Filesystem Admin

Create and activate additional swap space
Configure and test disk quotas on the /tmp filesystem
Backup files using tar and cpio over ssh
Backup files using rsync over ssh
Backup and restore files with dump and restore
Create and test an ISO9660 image

Section 7 - LVM and Raid

Logical Volume Management
Implementing LVMs
Manipulating VGs and LVs
Advanced LVM Concepts
Graphical LVM Tool
RAID Concepts, Tools, and Implementation
RAID Monitoring/Control

Lab 7 - RAID and LVM

Use command line tools to partition free space
Configure software RAID-5 with a hot spare
Fail a member device of the array, examine the
automatic recovery using the hot-spare
Fail another member device testing RAID-5
Remove failed member devices, add new devices to
array, examine the recovery of array
Partition the drive and create LVM Physical Volumes
Create a LVM Volume Group and Logical Volume to
hold website content
Verify the operation of LVM snapshots
Extend and grow the Logical Volume and the ext3
filesytem

Section 8 Task Automation & Process
Accounting

Automating Tasks
at / batch
at Access Control
cron, crontab, and crontab Format
/etc/cron.* Directories
anacron
Viewing Processes
Managing Processes
System Logging
/etc/syslog.conf
Log Management
Log Anomaly Detector
Process Accounting
Using Process Accounting
Limiting System Resources
System Status - Memory, I/O, and, CPU
sar

Lab 8 - Cron & Process Admin

Create and edit user cron jobs
Add a system-wide cron task to /etc/cron.hourly
Install and configure process accounting
Enable and set process limits
Remove cron jobs created in previous tasks

Section 9 Client Networking

Linux Network Interfaces
Ethernet Hardware Tools
Runtime configuration change
Configuring Routing Tables
ARP
Advanced Configuration
Starting and Stopping Interfaces
Virtual IP Interfaces
Enabling IPv6
Interface Bonding
802.1q VLANS
Network Profiles and ifup
IP Stack Configuration
DNS Clients
Network Services via DHCP
DHCP Clients
dhcpd.conf Syntax
Red Hat Configuration Tools
Network Diagnostics
Point-to-Point Protocol
PPP Configuration Files, Chat, and Secrets Files

Lab 9 - Client Networking

Enable static configuration
Configure a virtual interface and verify connectivity
through the new interface
Verify Link-Local IPv6 connectivity
Configure and test Site-Local connectivity

Section 10 The X Window System

The X Window System
Xorg
Configuring X
X Fonts
Using Fonts
Display Manager Selection
XDMCP
Using Unix Remotely
X Security
Specialized X Servers
Starting X Apps Automatically

Lab 10 - X

Change your display manager to gdm
Enable XDMCP to support remote desktop login
Configure VNC to accept incoming connections
Launch a program by creating a script in the
/etc/X11/xinit/xinitrc.d/ directory
Start a custom X session by modifying the ~/.xinitrc file
Secure X for use in a public kiosk
Test and verify that the special key sequences are
disabled

Section 11 Security Concepts

Security Concepts
Tightening Default Security
Staying Current
Using up2date
Security Advisories
SELinux Secuity Framework
Choosing a SELinux Policy
SELinux Commands
Booleans
Graphical Policy Tools
inetd / xinetd
Xinetd Features
TCP Wrappers
hosts.allow & hosts.deny
hosts.* Syntax Shortcuts
Advanced TCP Wrappers
Basic Firewall Activation
Stateful Packet Filter: iptables
Netfilter Rule Syntax
Targets
Common match_specs
Stateless Firewall Example
Connection Tracking
Stateful Firewall Example

Lab 11 - Security Lab

Examine current system
Configure Xinetd to provide a variety of limits for
connecting to services
Configure a sensor to log connection attempts
Use TCP Wrappers to secure various services
Use the Netfilter stateful packet filtering to better
protect the system

Section 12 Linux Kernel Compilation

Why Compile?
Getting Kernel Source
Preparing to Compile
Configuring the Kernel
General Options
Disk Configuration
Network Configuration
Expansion Port Configuration
Multimedia Configuration
Kernel Documentation
RH 2.4 Kernel Extensions
Compiling the Kernel
Compile and Install Modules
Installing the Kernel
Tips and Tricks

Lab 12 - Kernel Compilation

Build, test, and install a new driver for the currently
running kernel
Patch the Linux kernel source to add support for a
new device
Compile and install a custom Linux kernel

Section 13 Troubleshooting

Basic Troubleshooting
Gathering Information
Information from df and mount
Information from Log Files
Information Regarding Network Settings
Information from ps, chkconfig, dmesg, w, and netstat
Useful Debugging Aids
Common Problems
Incorrect File Permissions
Inability To Boot
Corrupt File Systems
Typos in Configuration Files
Disks Full?
Runaway Processes
Shared Libraries
The Rescue Environment

Lab 13 - Troubleshooting

Explore troubleshooting and disaster recovery on
non-mission-critical machines
Practive troubleshooting common system and
daemon errors

Click here to see Course Schedule>

Advanced Linux Administration

Section 1 Linux Installation
Pre-Installation Considerations
Partition Considerations
Partition Planning
Filesystem Considerations
Journaled Filesystems
Installation Choices
CD-ROM Installation
Network Installation
Local Hard Drive Installation
FC Personal Desktop Class
FC Workstation Class
FC Server Class
FC Custom Class
Install Program Interface
Installation Diagnostics
Language Selection
Keyboard Configuration
Mouse Configuration
Fedora Install Options
Automatic Partitioning
Partitioning with Disk Druid
Installing a Boot Loader
Network Configuration
Security Configuration
Language Support Selection
Root Password Configuration
Time Zone Configuration
Package Group Selection
Installing Packages
Install Finished
Firstboot
Finalizing GUI Configuration
Video Card Configuration
Monitor Configuration
Authentication Configuration
Lab 1 - Installation
Perform a GUI network NFS based
workstation install
Configure LVM and Software RAID at
installation time

Section 2 Post-Install System
Configuration
Configuration Utilities
Configuration Files
Network Services
Managing System Time
Managing Network-Wide Time
Continual Time Sync - NTP
Configuring NTP Clients
Managing Software
RPM Features, Architecture, and
Package Files
Working With RPMs
Querying and Verifying with rpm
Package Dependencies
Intro to YUM
Using the YUM command
Configuring YUM
YUM Repositories
YUM Resources
Common UNIX Printing System
Defining a Printer
Kickstart
Creating Kickstart Files
Using Kickstart files
Lab 2 - Post-Install Config
Answer some questions about the
system using RPM queries
Install zsh using RPM
Troubleshoot and repair a package
using RPM verification
Upgrade the kernel using RPM
Install the XFCE desktop environment
using YUM
Create and test a custom YUM repository
Create a custom YUM repository for
installing software
Setup CUPS print queues using:
system-config-printer, lpadmin, and the
CUPS web interface
Modify a kickstart file using a text editor
Create a kickstart file using ksconfig
Start an install using a pre made
kickstart file

Section 3 Boot Process and SysV Init
Booting Linux on PCs
GRUB Configuration
Kernel Boot Parameters
/sbin/init
System init Styles
/etc/inittab
rc.sysinit
/etc/init.d and /etc/rcX.d
rc
Typical SysV Init Script
The rc.local file
Managing Daemons
Controlling Startup Services
Shutdown and Reboot
Lab 3 - Boot Process
Use GRUB to boot into single user mode
Modify kernel/init parameters in GRUB
Explore the GRUB interface
Attach to the /boot filesystem and
display the contents of the grub/grub.
conf file
Set a GRUB password
Modify the lilo.conf creating a new
stanza that passes kernel parameters

Section 4 User/Group Administration
and NFS
User Private Group Scheme
User Administration
Modifying Accounts
Group Administration
Password Aging
Default User Files
Controlling Logins
PAM, PAM Services, and PAM Control
Statements
su, Wheel, and sudo
DS Client Configuration
NFS Server Configuration and NFS
Clients
Automounting Filesystems
Lab 4 - User Admin
Learn to customize /etc/skel
Learn to add new users and manage
password aging
Practice setting up wheel group
behavior for su
Configure a project directory to take
advantage of the user private group
scheme
Configure autofs to access an NFS
export
Configure NIS client as part of the
EXAMPLE.COM domain
Configure autofs to mount home
directories
Switch to using LDAP for authentication
Setup an NFS server and export
directories

Section 5 Filesystem Administration
Partition Tables
File System Creation
Mounting File Systems
Filesystem Maintenance
Persistent Block Devices
udev
Resizing Filesystems
File Deletion and Undeletion
Swap
Disk Usage
Configuring Disk Quotas
Checking Disk Quotas
Filesystem Attributes
File Access Control Lists
Manipulating FACLs
Viewing FACLs
Backing Up FACLs
Backup Hardware
Tape Libraries
Backup Software
Backup Examples
Lab 5 - Filesystem Admin
Create and activate additional swap
space
Configure and test disk quotas on the
/tmp filesystem
Backup files using tar and cpio over ssh
Backup files using rsync over ssh
Backup and restore files with dump and
restore
Create and test an ISO9660 image

Section 6 LVM and RAID
Logical Volume Management
Implementing LVM
Manipulating VGs and LVs
Advanced LVM Concepts
Graphical LVM Tool
RAID Concepts, Tools, Implementation,
and Monitoring/Control
Lab 6 - RAID and LVM
Use command line tools to partition free
space
Configure software RAID-5 with a hot-
spare
Fail a member device of the array,
examine the automatic recovery using
the hot-spare
Fail another member device testing
RAID-5
Remove failed member devices, add
new devices to array examine the
recovery of array
Partition the drive and create LVM
Physical Volumes
Create a LVM Volume Group and
Logical Volume to hold website content
Verify the operation of LVM snapshots
Extend and grow the Logical Volume
and the ext3 filesystem

Section 7 Task Automation & Process
Accounting
Automating Tasks
at Access Control
crontab
/etc/cron.* Directories
anacron
Viewing Processes
Managing Processes
System Logging
/etc/syslog.conf
Log Management
Log Anomaly Detector
Process Accounting
Using Process Accounting
Limiting System Resources
System Status - Memory, I/O, and, CPU
sar
Lab 7 - Cron & Process Admin
Create and edit user cron jobs
Add a system-wide cron task to
/etc/cron.hourly
Install and configure process accounting
Enable and set process limits
Remove cron jobs

Section 8 Client Networking
Linux Network Interfaces
Ethernet Hardware Tools
Runtime configuration change
Configuring Routing Tables
Advanced Configuration
Starting and Stopping Interfaces
Virtual IP Interfaces
Enabling IPv6
Interface Bonding
802q VLANS
IP Stack Configuration
DNS Clients
DHCP Clients
Red Hat Configuration Tools
Network Diagnostics
Lab 8 - Client Networking
Enable static configuration
Configure a virtual interface and verify
connectivity through the new interface
Verify Link-Local IPv6 Connectivity
Configure and Test Site-Local
Connectivity

Section 9 The X Window System
The X Window System
Xorg
Configuring X
X Fonts
Using Fonts
Display Manager Selection
XDMCP
Specialized X Servers
Starting X Apps Automatically
Lab 9 - X
Change the display manager to gdm
Enable XDMCP to support remote
desktop login
Configure VNC to accept incoming
connections
Launch a program by creating a script in
the /etc/X11/xinit/xinitrc.d/ directory
Start a custom X session by modifying
the -/.xinitrc file.
Secure X for use in a public kiosk
Test and verify that the special key
sequences are disabled

Section 10 Security Concepts
Tightening Default Security
Staying Current
Using up2date
Security Advisories
SELinux Security Framework
Choosing a SELinux Policy
SELinux Commands
Booleans
Graphical Policy Tools
inetd / xinetd
Xinetd Features
TCP Wrappers
hosts.allow & hosts.deny
hosts.* Syntax Shortcuts
Basic Firewall Activation
Stateful Packet Filter: iptables
Netfilter Concepts
Using the iptables Command
Netfilter Rule Syntax
Targets
Common match_specs
Stateless Firewall Example
Connection Tracking
Stateful Firewall Example
Lab 10 - Security Lab
Examine current system
Configure Xinetd to provide a variety of
limits for connecting to services
Configure a sensor to log connection
attempts
Use TCP Wrappers to secure various
services
Use the Netfilter stateful packet filtering
to protect the system-

Section 11 Linux Kernel Compilation
Why Compile?
Getting Kernel Source
Preparing to Compile
Configuring the Kernel
General Options
Disk Configuration
Network Configuration
Expansion Port Configuration
Multimedia Configuration
Kernel Documentation
RH 2.6 Kernel Extensions
Compiling the Kernel
Compile and Install Modules
Installing the Kernel
Tips and Tricks
Lab 11 - Kernel Compilation
Compile and install a new driver for the
running kernel
Patch the Linux kernel source to add
support
Compile and install a custom Linux
kernel

Section 12 DNS Concepts
Naming Services and A Better Way
The Domain Name Space
Delegation and Zones
Server Roles
Resolving Names and IP Addresses
BIND Administration
rndc key configuration
Configuring the Resolver
Testing Resolution
Lab 12 - Configure BIND
Install the BIND name server on the
system and configure it to act as a slave
for the classroom domains
Configure the name server to support
the rndc command.

Section 13 Configuring Bind
BIND Configuration Files
named.conf Syntax and Options Block
Creating a Site-Wide Cache
Zones in named.conf
Zone Database File Syntax
SOA - Start of Authority
A -Address / PTR-Pointer
NS - Name Server
CNAME -Alias / MX-Mail Host
Abbreviations and Shortcuts
$GENERATE
Lab 13 - Configure BIND
Configure the name server as the
primary master name server for a new
domain and it’s corresponding id-addr.
arpa domain

Section 14 OpenLDAP Servers
OpenLDAP Components
Configuring slapd
Global Parameters
Schema Definition
Access Control
Backend Types
Backend Configuration
Database Configuration
Indexes
Replicas and Replica Configuration
Lab 14 - Configure LDAP
Configure the LDAP server
Create a new directory
Add, modify, and delete entries in the
LDAP server

Section 15 Using OpenLDAP
Managing slapd
Online and Offline Data Manipulation
Native LDAP authentication and Client
Config
Lab 15 - Configure LDAP
Create self-signed x509 certificate for
LDAP server use
Configure LDAP server to enable secure
connections
Configure LDAP server with baseDN
and rootDN settings
Install Perl Libraries needed by
ldapmigrate
Add three UNIX users
Use ldapmigrate to import the /etc files
Setup LDAP client to use native LDAP
authentication

Section 16 Using Apache
Apache History, Status, and Architecture
SSL / HTTPS and Apache
Apache Configuration Files
httpd.conf
Dynamic Shared Objects
Adding Modules to Apache
Apache Logging
Log Analysis
Lab 16 - Configure Apache
Configure the ServerName directive
Optimize Apache by turning off
unneeded modules
Create an index.html file

Section 17 Virtual Hosting with Apache
HTTP Virtual Servers
DNS Implications
Security Implications
IP-based Virtual Host
Name-based Virtual Host
Port-based Virtual Host
Lab 17 - Configure Apache
Configure Apache Virtual Hosts
Use the "Main" server for global settings

Section 18 Apache Security
Delegating Administration
Directory Protection
Common Uses for .htaccess
SSL Using mod_ssl
Lab 18 - Configure Apache
Password protect a directory
Override MIME types for a single
directory
Redirect traffic to a different URL
Create a test SSL certificate
Use Apache and SSL to setup an SSL-
enabled site

Section 19 Implementing an FTP Server
WU-FTPD
vsftpd
Configuring vsftpd
Anonymous FTP with vsftpd
Lab 19 Configure VSFTPD
Install and configure vsftpd for basic
authenticated access
Configure vsftpd for anonymous
uploads

Section 20 The SQUID proxy server
Squid Overview, Layout, Access Control
Lists, and ACL application
Tuning Squid / Hierarchies
Bandwidth Metering and Monitoring of
Squid
Proxy Client Configuration
Lab 20 - Configure SQUID
Define an ACL for authorized IP
networks
Apply the ACL using http_access
Enable the Squid cachmgr.cgi program
View Squid statistics
Create a Proxy Auto Configuration file
Change the mime-type in Apache for the
PAC file
Configure the web browser to use the
PAC file
Create an ICP proxy mesh
Secure the default ICP permissions

Section 21 Samba Concepts
SMB Network Protocol
NetBIOS and NetBEUI
NetBIOS Naming
Introducing Samba
Samba Daemons, Clients, Utilities, and
Configuration Files
The smb.conf File
Lab 21 - Configure Samba
Install the Samba server and configure it
to share the /tmp directory.
Use smbclient and smbfs to access
SMB shares

Section 22 Using Samba
Unix and DOS Permissions
Unix and Windows Concepts
Name and Case Mangling
Sharing [homes] and Printers
Restricting Access
Share-Level Access and User-Level
Access
Mapping Users
SMB and Passwords
The smbpasswd Database
User Share Restrictions
Lab 22 - Configure Samba
Examine Samba’s behavior when
handling symbolic links and file
permissions
Configure the Samba server to use
share-level access and user-level access
Compare encrypted user-level access
with unencrypted user-level access
Configure Samba to share users home
directories on demand
Configure a new group and add the user
to the group
Create a directory for use by the group
Configure the share to support the
group that is read only for some users
and read write for others

Section 23 Sendmail
sendmail Features, Process,
Architecture, Components, and
Configuration
Configuration Files
Databases
Text Files
Network Access
Masquerading Sendmail
Controlling access
Configuring SMTP AUTH and SMTP
STARTTLS
Lab 23 - Configure Sendmail
Install the Sendmail SMTP server on the
system and configure it to serve
domains
Configure Sendmail to accept remote
network connections
Configure virtual hosts on Sendmail
Configure Sendmail to support
STARTTLS

Section 24 Postfix
Postfix Features, Architecture,
Components, and Configuration
master.cf and main.cf
Postfix Map Types and Pattern Matching
Advanced Options
Virtual Domains
Mail Filtering
Configuration and Management
Commands
Postfix Logging and Logfile Analysis
chroot’ing Postfix
Postfix and SMTP AUTH
SMTP AUTH Server and Clients
Postfix Extensions
Postfix/TLS
TLS Server Configuration
Postfix Client Configuration
Other TLS Clients and Ensuring TLS
Security
Lab 24 - Configure Postfix
Install the Postfix SMTP server on the
system and configure it to serve
domains
Configure Postfix to accept network
connections
Configure virtual hosts on Postfix
Configure Postfix to use SMTP AUTH for
secure relaying
Configure Postfix too support
STARTTLS to secure SMTP AUTH

Section 25 IMAP, POP, Spam Filtering
and Web Mail
Filtering Email
procmail
SpamAssassin
Sendmail Mail Filter (milter)
Amavisd-new Mail Filtering
Accessing Email
The POP3 and IMAP4 Protocol
Dovecot POP3/IMAP Server
Cyrus IMAP/POP3 Server
Cyrus IMAP MTA integration
Cyrus Mailbox Admin
Fetchmail and SquirrelMail
Lab 25 - Filtering/Web Mail
Install the procmail mail-filtering
software and configure it as the default
MDA on the server
Install SpamAssassin and configure it to
flag spam on the server
Install and configure Cyrus IMAP
Enable POP3 and IMAP over SSL
Install and configure the SquirrelMail
web email client

Section 26 Troubleshooting
Basic Troubleshooting
Gathering Information
Information from df,and mount
Information from Log Files
Information Regarding Network Settings
Information from ps, chkconfig, dmesg,
w, and netstat
Useful Debugging Aids
Common Problems
Incorrect File Permissions
Inability To Boot
Corrupt File Systems
Typos in Configuration Files
Disks Full?
Runaway Processes
Shared Libraries
The Rescue Environment
Lab 26 - Troubleshooting
Explore troubleshooting and disaster
recovery on non-mission-critical
machines
Practice troubleshooting common
system and daemon errors

Appendix 1 - Using NIS
NIS History, Overview, Limitations,
Advantages, and Implementation
Creating a NIS Master Server
NIS Client Configuration
Slave Server Configuration
Troubleshooting Aids
Appendix NIS - Lab 1
Configure a NIS master server and NIS
client
Configure a NIS slave server
Enable ypxfrd for high-performance
database transfers between master and
slave NIS servers
Configure a NIS client system
Observe client usage of a NIS slave
server when a NIS master server fails