QWERTYUIOP{

GL254 - RED HAT ENTERPRISE LINUX SYSTEMS ADMINISTRATION III

This GL254 course is designed to follow an identical set of topics as the Red Hat®
RH254, RH255 RHCE exam prep courses with the added benefit of very comprehensive
lab exercises and detailed lecture material.

The Red Hat Enterprise Linux (RHEL) system administration topics covered in this
course along with the GL199 course cover the certification objects of the Red Hat
Certified Engineer (RHCE) exam.

This course builds upon a foundation of core Linux systems administration principles
and skills. Students will advance their Linux systems administration knowledge. The
course will focus on helping students optimize system administration skills using
automation techniques and deploy commonly used network services. Once this course
is completed students will know how to deploy critical network services in a secure
fashion.

Current Version: A00

Red Hat® is a registered trademark of Red Hat, Inc. and its use by Guru Labs, L.C.
does not imply association or sponsorship by Red Hat, Inc.

Prerequisites:

Students should have skill equal to those taught in the GL124 "Red Hat
Enterprise Linux Systems Admin I" and GL134 "Red Hat Enterprise Linux
Systems Admin I" courses. Also these prerequisite skills are taught in the
GL120 "Linux Fundamentals" and GL250 "Enterprise Linux Systems
Administration" courses.

Supported Distributions:
Red Hat Enterprise Linux 6

Course Outline:

1. ENHANCE USER SECURITY

1. Kerberos Concepts
2. Kerberos Components
3. Kerberos Principals
4. Overall Goals for Users
 5. Authentication Process
6. Install krb5.conf on Clients
7. Client PAM Configuration
8. Signing In to Kerberos
9. Viewing Tickets
10. Removing Tickets
11. Passwords
12. Changing Passwords
13. Giving Others Access
14. SSH Key Management
15. ssh-agent
16. OpenSSH and Kerberos

LAB TASKS

17. SSH Key-based User Authentication

18. Using ssh-agent
19. Kerberos Client Setup
20. OpenSSH with Kerberos
2. BASH SCRIPTING AND TOOLS

1. Shell Script Strengths and Weaknesses

2. Example Shell Script
3. Positional Parameters
4. Input & Output
5. Doing Math
6. Comparisons with test
7. Exit Status
8. Conditional Statements
9. Flow Control: case
10. The for Loop
11. The while and until Loops

LAB TASKS

12. Writing a Shell Script

3. FILE SECURITY WITH GNUPG

1. GPG - GNU Privacy Guard

LAB TASKS

2. File Encryption with GPG

4. SOFTWARE MANAGEMENT

1. RPM Package Files

2. Source RPMs
3. Using Source RPMs
4. Installing Source RPM Packages
5. Creating Support Files
6. The Spec file
 7. The Header Stanza
8. Prep, Build, and Install
9. The Files Section
10. Optional Script Section(s)
11. The Changelog Section
12. Building Packages
13. Digitally Signing Packages
14. Revising a Package
15. RPM Development Tools
16. Yum Plugins
17. Dealing With RPM & YUM Digest Changes

LAB TASKS

18. rpmdevtools and Simple RPM Creation

5. NETWORK MONITORING

1. tcpdump and wireshark

2. Information from netstat and ss
3. lsof and fuser
4. nmap

LAB TASKS

5. Network Tools
6. NMAP
6. ROUTE NETWORK TRAFFIC

1. Configuring the Kernel via /proc/

2. Tuning Kernel Network Settings
3. Linux as a Router
4. Configuring Routing Tables
5. IP to MAC Address Mapping with ARP

LAB TASKS

6. Adjusting Kernel Options

7. SECURE NETWORK TRAFFIC

1. SSH Port Forwarding

2. Persistent Port Forwarding Configuration
3. Netfilter: Stateful Packet Filter Firewall
4. Netfilter Concepts
5. Using the iptables Command
6. Common match_specs
7. Address Translation
8. Configuring NAT and PAT
9. NAT Limitations
10. Security Using NAT and PAT
11. Detecting NAT
 LAB TASKS

12. Tunneling TCP connections over SSH

13. Securing Services with Netfilter
8. NTP SERVER CONFIGURATION

1. Managing Network-Wide Time

2. Continual Time Sync with NTP
3. Configuring NTP Clients
4. Useful NTP Commands

LAB TASKS

5. NTP Client Configuration

9. SYSTEM MONITORING AND LOGS

1. Filesystem Structures
2. Determining Disk Usage With df and du
3. Filesystem Maintenance
4. Corrupt Filesystems
5. Troubleshooting Incorrect File Permissions
6. System Status - Memory
7. System Status - I/O
8. System Status - CPU
9. Viewing Processes
10. Performance Trending with sar
11. System Logging
12. Rsyslog
13. /etc/rsyslog.conf
14. Log Management
15. Log Anomaly Detector

LAB TASKS

16. Setting up a Full Debug Logfile

17. Remote Syslog Configuration
18. System Activity Reporter
10. CENTRALIZED AND SECURE STORAGE

1. SAN Multipathing
2. Multipath Configuration
3. Multipathing Best Practices
4. iSCSI Architecture
5. Open-iSCSI Initiator Implementation
6. iSCSI Initiator Discovery
7. iSCSI Initiator Node Administration
8. Mounting iSCSI Targets at Boot
9. iSCSI Multipathing Considerations
10. File Encryption With encfs
11. Linux Unified Key Setup (LUKS)
 LAB TASKS

12. iSCSI Initiator Configuration

13. LUKS-on-disk format Encrypted Filesystem
11. SSL-ENCAPSULATED WEB SERVICES

1. Apache Architecture
2. Adding Modules to Apache
3. Apache Configuration Files
4. httpd.conf - Server Settings
5. httpd.conf - Main Configuration
6. Symmetric Encryption Algorithms
7. Asymmetric Encryption Algorithms
8. Digital Certificates
9. SSL Using mod_ssl.so

LAB TASKS

10. Apache Architecture

11. Apache Content
12. Using SSL Certificates with Apache
12. WEB SERVER ADDITIONAL CONFIGURATION

1. Virtual Hosting DNS Implications

2. httpd.conf - VirtualHost Configuration
3. Name-based Virtual Host
4. Apache Logging
5. Delegating Administration
6. Directory Protection
7. Directory Protection with AllowOverride
8. Common Uses for .htaccess
9. Configuring CGI

LAB TASKS

10. Configuring Virtual Hosts

11. Using .htaccess Files
12. CGI Scripts in Apache
13. BASIC SMTP CONFIGURATION

1. Postfix Features
2. Postfix Components
3. Postfix Configuration
4. master.cf
5. main.cf
6. Postfix Map Types
7. Postfix Pattern Matching
8. Virtual Domains
9. Configuration Commands
10. Management Commands
11. Postfix, Relaying and SMTP AUTH
 12. SMTP AUTH Server and Relay Control

LAB TASKS

13. Configuring Postfix

14. Postfix Network Configuration
15. Postfix Virtual Host Configuration
14. CACHING-ONLY DNS SERVER

1. Naming Services
2. The Domain Name Space
3. Delegation and Zones
4. Server Roles
5. Resolving Names
6. Resolving IP Addresses
7. Basic BIND Administration
8. Configuring the Resolver
9. Testing Resolution
10. Creating a Site-Wide Cache
11. SOA - Start of Authority
12. A & PTR - Address & Pointer Records
13. NS - Name Server
14. CNAME & MX - Alias & Mail Host

LAB TASKS

15. Caching-only DNS

15. FILE SHARING WITH NFS

1. File Sharing via NFS

2. NFSv4
3. NFS Clients
4. NFS Server Configuration
5. Implementing NFSv4

LAB TASKS

6. NFS Server Configuration

16. FILE SHARING WITH CIFS

1. Samba Daemons
2. Accessing Windows/Samba Shares from Linux
3. Samba Utilities
4. Samba Configuration Files
5. The smb.conf File
6. Mapping Permissions and ACLs
7. Mapping Linux Concepts
8. Mapping Users
9. Share Authentication
10. User-Level Access
11. Samba Account Database
 12. User Share Restrictions

LAB TASKS

13. Samba Share-Level Access

14. Samba User-Level Access
15. Samba Group Shares
17. FILE SHARING WITH FTP

1. The FTP Protocol

2. Active Mode FTP
3. Passive Mode FTP
4. vsftpd
5. Anonymous FTP with vsftpd

LAB TASKS

6. Configuring vsftpd
18. TROUBLESHOOTING BOOT PROCESS

1. Booting Linux on PCs

2. GRUB Configuration
3. Boot Parameters
4. Initial ramdisk
5. /sbin/init
6. System Init Styles
7. Linux Runlevels
8. /etc/inittab
9. /etc/rc.d/rc.sysinit
10. Runlevel Implementation
11. System Configuration Files
12. Typical SysV Init Script
13. The /etc/rc.local File
14. Shutdown and Reboot
15. Rescue Environment

LAB TASKS

16. Boot Process

17. Recovering Damaged MBR
18. Introduction to Troubleshooting Labs
19. Troubleshooting Practice: Boot Process