LinuxCBT Deb7x Edition

English | mp4 | H264 1356x766 | AAC 1 ch | 40 hrs 4 min | 6.93 GB

Course Objective

Features Discussion and Various Installations

- Enumerate relevant features

- Discuss platform support

- Installation preparation

- Obtain relevant ISO image

- Prepare VMWare environment to support Debian

- Install and evaluate

- Update network configuration

- Prepare environment for rapid implementation

- Clone instance and modify accordingly

- Evaluate cloned resource as needed

- Prepare Debian for Xen VM installation

- Provision resources for Xen

- Install on Xen as HVM and evaluate

Basic Debian GNU/Linux Skills

Explore usage of the following useful commands

- ls, pwd, cd, cp, mv, rm, mkdir, rmdir, whoami, tty

- cat, file, chmod, chown, history

- STDIN, STDOUT, STDERR, UNIX Pipes, Redirection, Command Chaining

- ps, df, free, top, kill

- less & more, head & tail, find

- stat, which, w, who

- dig (Domain Information Groper) - used to query DNS servers

- Tar and compression utilities with tar|gzip|bzip2

- Use checksum programs to confirm content integrity

- Explain UNIX/Linux file security & permissions

- Symlinks | Hard Links | Soft Links | Special Bits

Storage Management

- Explore disk topology with FDISK

- Provision EXT4 File Systems as needed

- Provision additional Storage partitions using Parted

- Provision additional Swap storage

- Use MKSWAP & SWAPON to enable additional Swap storage

- Update File System Table (FSTAB) to reflect system changes

- Explore Logical Volume Management (LVM) Configuration

- Create volume sets using: Logical Volume Management (LVM)

Package Management

- Explain classes of Debian GNU/Linux Packages

- Identify Debian GNU/Linux Package Management Tools

- Inventory currently installed DEB packages

- Identify key Advanced Package Tool (APT) configuration files

- Search for Debian GNU/Linux packages using Advanced Package Tool (APT)

- Install/Update/Remove software using APT

- Configure APT to query multiple sources for packages

- Peruse package repository using 'dpkg'

- Configure APT to install packages from varying versions of Debian GNU/Linux

- Use Aptitude to manage Debian GNU/Linux packages

- Discuss various package management options

- Explore package management repositories

- Use DPKG to install a .deb package

- Install packages using 'apt-get'

- Manage packages using 'aptitude'

System Control

- Peruse key directories used by Kernel

- Discuss hierarchy as applied to functioning system

- Identify supported settings

- Influence settings real time and evaluate

- Committ settings for persistence

- Confirm persistence of directives

- Discuss various possible system tweaks

Screen TTYs | PTYs

- Discuss TTY | PTY limitations

- Identify opportunites to benefit from Screen

- Identify configuration environment

- Invoke and use screen natively

- Confirm persistence of TTYs | PTYs across sessions

- Share Screen sessions

- Confirm overall efficacy of Screen

Explore the CRON scheduling daemon & configuration

- Identify key Cron configuration scopes (Global & User)

- Explain Crontab file format and applicable options

- Define global cron jobs

- Define custom cron jobs user-wide

- Evaluate results of cron jobs

Core Network Services

- System Logging via RSyslog and Logrotate

-- Discuss Syslog Facilities | Levels

-- Explore default configuration

-- Receive Syslog data via network

-- Mirror Syslog log as needed

-- Trap Infrastructure device logs and evaluate

-- Explore log rotation and customization via Logrotate

-- Discuss key log rotation use cases

-- Configure Logrotate to rotate sample log files

-- Evaluate results

- Common Network Utilities

-- PING

-- TELNET

-- NETSTAT

-- ARP

-- TRACEPATH

-- DIG

- Interface Configuration

-- Explore network configuration tree

-- Alter settings and evaluate

-- Provision aliased interfaces as needed

-- Confirm communications via various interfaces

-- Committ configuration for persistence

-- Provision interface configuration on various nodes

-- Evaluate accordingly

- RSYNC Transmissions

-- Discuss features and benefits

-- Generate and move data between nodes as needed

-- Confirm results

-- Explore various rsync options

-- Synchronize content as needed

-- Evaluate rsync applicability

- Network Time Protocol Configuration

-- Discuss applicability

-- Install and explore default configuration

-- Re-configure environment to suit internal requirements

-- Confirm ntp strata assignments

-- Ensure time synchronization across nodes

- Very Secure File Transfer Protocol Daemon (VSFTPD)

-- Explain features and applicability

-- Peruse default configuration

-- Test anonymous FTP connectivity

-- Secure configuration per general requirements

-- Use various FTP clients to communicate with VSFTPD

-- Enable local user access

-- Jail users to $HOME - added security

-- Evaluate results

- BIND Domain Name Server - DNS Implementation

-- Implement BIND 9x

-- Configure BIND as a caching-only DNS server

-- Test caching-only name resolution from various nodes

-- Configure primary DNS services

-- Replicate primary content to secondary DNS node

-- Confirm replication information

-- Disable primary and evaluate secondary behaviour

-- Vary TTLs of records and evaluate responsiveness

-- Configure reverse DNS zone - IPv4

-- Provision forward and reverse IPv6 records

-- Confirm IPv[4|6] record resolution

- Windows Integration via Samba

-- Explore default Samba footprint

-- Use Samba clients to ascertain NETBIOS (SMB|CIFS) information

-- Install Samba Server

-- Configure User-level security and evaluate access

-- Provision bridge user and test access

-- Rationalize ineffectiveness of User-level security

-- Contrast User | ADS security levels

-- Install ADS support via Winbind and Kerberos

-- Install Samba SWAT for streamlined web-based administration

-- Connect Samba node to Active Directory Services (ADS)

-- Confirm enumeration of ADS resources

-- Test connectivity via: NETBIOS and SSH

-- Evaluate results

- Apache HTTPD - Web Services

-- Implement Apache Web Server

-- Explore configuration hierarchy

-- Discuss key directives

-- Peruse Apache logging templates and defaults

-- Vary logged information as needed

-- Provision IP-Based Virtual Hosts (VHosts)

-- Confirm distinct IP-Based connectivity to various sites

-- Contrast IP-Based sites with default sites

-- Conserve IP resources with Name-Based VHosts

-- Contrast various VHost types

-- Secure communications with Apache SSL | TLS

-- Test connectivity to various SSL|TLS-enabled sites

- MySQL Installation | Administration

-- Install MySQL Relational Database Management System

-- Explore default client | server environment

-- Use Terminal Monitor Client to ascertain DBMS details

-- Secure DBMS - Remove superfluous accounts

-- Create simple MySQL database with 'mysql' and 'ssh'

-- Install PHPMyAdmin for web-based management of MySQL

-- Use PHPMyAdmin to ascertain DBMS details

-- Test connectivity as various users

-- Explore PHPMyAdmin's interface

-- Evaluate accordingly

- PHP Intro | CLI Script

-- Explore default implementation

-- Ensure proper PHP stack is installed

-- Expose useful debug variables - Apache | PHP

-- Write simple data copy CLI script - normalize file delimiters

-- Evaluate results

- Postfix MTA

-- Install Postfix MTA

-- Introduction to Postfix Message Transfer Agent (MTA)

-- Use Mutt to demonstrate outbound mail handling using Postfix

-- Explore Postfix Configuration

- Post Office Protocol Version 3 (POP3)

-- Explain POP3 concepts and applications

-- Implement POP3 daemon

-- Test basic $SHELL-based connectivity

-- Use Mutt to send SMTP-based messages to POP3 account

-- Configure MUA to interact with POP3 server

-- Contrast clear-text and encrypted communications

- Internet Messaging Access Protocol (IMAP)

-- Contrast IMAP with POP3

-- Install IMAP server

-- Fetch mail from IMAP server and evaluate

-- Confirm secure communications

- Web-based Mail Implementation using Squirrel-mail

-- Describe required squirrel mail components for web-mail integration

-- Install squirrel mail on Debian GNU/Linux system

-- Configure Apache virtual directory for squirrel mail integration

-- Configure Apache Virtual Host for squirrel mail integration

-- Configure BIND DNS services for squirrel mail integration

-- Explore squirrel mail's web-based interface

- Improve Security Posture

-- Update and Upgrade install Packages

-- Identify changes across Nodes

-- Secure content with GNU Privacy Guard (GPG)

-- Explore benefits of various Secure Shell clients

-- Peruse Secure Shell Server security

-- Disable superfluous services

-- Explore and tighten System Policy

-- Login Definitions

-- Evaluate Results

- NMap Security Scanner

-- Obtain, compile and install current version of NMAP

-- Identify commonly used NMAP options/switches/parameters

-- Perform default TCP SYN-based ethical scans of local and remote resources

-- Explain typical TCP handshake protocol while using NMAP

-- Perform default TCP Connect-based ethical scans of local and remote resources

-- Peform local ethical scans

-- Identifiy key NMAP configuration files

-- Use NMAP to perform operating system fingerprinting and versioning

-- Peform subnet-wide ethical scans

- TCPDump Introduction | Usage

-- Identify key tools

-- Use TCPDump to capture traffic

-- Apply Berkeley Packet Filters accordingly

-- Capture and analyze traffic with Wireshark

-- Evaluate Results

- IPTABLES (Netfilter Linux Kernel-based Firewall)

-- Discuss features and benefits

-- Explore IPTABLES default chains/filters and policies

-- Filter traffic as desired

-- Log filtered traffic and evaluate

-- Filter traffic based on Layer-4 TCP/UDP (Source/Destination Ports) information

-- Summarize rules with filtered groups of interesting traffic

-- Restrict access to various daemons (SSH/FTP/HTTP/etc.)

-- Test connectivity locally and remotely

-- Ensure rules persistence across restarts

- Secure Key Services

-- Identify remaining services

-- Generate SSL | TLS Usage Keys

-- Configure FTP Server with SSL | TLS

-- Test secure communications with LFTP and FileZilla

-- MySQL with Secure Shell Security

-- MySQL with SSL | TLS Security

-- Evaluate Results

- Snort® NIDS Introduciton | Usage

-- Discuss features and benefits

-- Explore online sources

-- Install Snort Network Intrusion Detection System Packages

-- Use Snort to intercept interesting traffic as Sniffer

-- Log for archival purposes

-- Apply BPFs as needed

-- Parse captured traffic with common tools

-- Explore NIDS configuration mode

-- Evaluate results