Building my own outline on Debian based on LinuxCBT Debian5. Since I have a tight budget to have formal training on Linux, so I'd decide to create this outline based on internet reference.
# Debian GNU/Linux Fundamentals
* Basic Debian GNU/Linux Skills
* Demonstrate usage of the following useful commands & concepts
- PING (Packet Internet Groper)
- dig (Domain Information Groper) - used to query DNS servers
- Explain UNIX/Linux file security & permissions (-rwxrwxrwx)
- Explore /etc/fstab (File system Table file)
- Explore TCP/IP Configuration
*
* Advanced Package Management Tool (APT) Concepts
- Explain classes of Debian GNU/Linux Packages
- Inventory currently installed DEB packages
- Identify key Advanced Package Tool (APT) configuration files
- Search for Debian GNU/Linux packages using Advanced Package Tool (APT)
- Install/Update/Remove software using APT
- Configure APT to query multiple sources for packages
- Use DPKG to install a DEB package located on an EXT3 File System
- Configure APT to install packages from varying versions of Debian GNU/Linux
- Use Aptitude to manage Debian GNU/Linux packages
- Install Apt-Spy using APT to identify optimal mirrors
*
* Disk & Volume Management
- Provision additional Storage partitions using FDISK
- Use MKE2FS to provision multiple EXT2 & EXT3 File Systems
- Provision additional Storage partitions using Parted
- Provision additional Swap storage
- Use MKSWAP & SWAPON to enable additional Swap storage
- Update File System Table (FSTAB) to reflect system changes
- Explore Logical Volume Management (LVM) Configuration
- Create volume sets using: Logical Volume Management (LVM)
*
* Package Management
- Discuss various package management options
- Explore package management repositories
- Use DPKG to install a .deb package
- Install packages using 'apt-get'
- Manage packages using 'aptitude'
*
* INIT
- Explain Debian GNU/Linux System V Init Runlevel (0 - 6) concepts & applications
- Explore INIT configuration
- Identify key startup files, including scripts (inittab,Sscripts,Kscripts,etc.)
- Switch between run levels and evaluate
- Demonstrate using SSH to authenticate to remote Linux hosts without passwords
-
*
* Explore the CRON scheduling daemon & configuration
- Identify key Cron configuration scopes (Global & User)
- Explain Crontab file format and applicable options
- Define custom cron jobs system-wide
- Define custom cron jobs user-wide
- Evaluate results of cron jobs
*
#
# top
# Core Network Services
* System Logging via Syslog, Syslog-NG and Logrotate
- Explanation of syslog facilities & levels
- Demonstrate syslog administration
- Demonstrate Cisco to Linux SYSLOG functionality
- Migrate system to Syslog-NG
- Discuss Syslog-NG features and benefits
- Explore automatic log rotation and customization via Logrotate
- Configure Logrotate to rotate & compress sample log files
*
* IPv4 & IPv6 Configuration
- Identify key files for the transition from DHCP to Static addressing
- Configure Linux client with static TCP/IP parameters for network communication
- Configure Virtual (Sub) Ethernet Interfaces to faciliate multiple IP addresses
- Explain IPv6 addresses (prefixes)
- Explore IPv6 configuration on Linux and Cisco router
*
* Implement Network Time Protocol (NTP) Client/Server
- Configure Network Time Protocol (NTP) to perform client/server time synchronization
- Identify NTP bounded UDP interfaces
- Synchronize Debian GNU/Linux NTP with RedHat Linux Stratum 2 NTP server
- Configure RedHat Linux NTP server to synchronize with Debian GNU/Linux server
*
* Trivial File Transfer Protocol Daemon (TFTPD)
- Discuss features and benefits
- Explore TFTPD configuration
- Backup Cisco router and firewall configuration using TFTPD
- Evaluate results
*
* Very Secure File Transfer Protocol Daemon (VSFTPD) & LFTP Client
- Discuss features and benefits
- Explore configuration
- Test FTP connectivity
- Explore LFTP client features
- Evaluate results
*
* Telnet Daemon (TELNETD) for temporary clear-text shell communications
- Discuss features and benefits
- Install TELNETD using Aptitude
- Explore configuration and usage
- Examine Message of the day banners (MOTD), /etc/issue file (pre-login banner/display info.)
*
* Commonly-used Network Utilities
- NETSTAT
- Traceroute & MTR (PING & Traceroute functionality)
- ARP
- IFCONFIG
- Route
- DIG & NSLOOKUP
- Whois
*
* Dynamic Host Configuration Protocol (DHCP) services
- Explain the various steps of the DHCP process
- Configure global & scope-level DHCP options
- Configure IP reservations based on layer 2 MAC addresses
- Enable Linux DHCP services
- Configure Windows/Linux clients to receive dynamic addresses from Linux
- Examine evidence of clients requesting addresses from DHCPD
*
* Implement the Berkeley Internet Naming Daemon (BIND) Domain Name Server (DNS)
- Implement BIND 9.x
- Configure BIND as a caching-only DNS server
- Test caching-only name resolution from Linux hosts
- Configure Linux/Windows 2003 clients to use Linux BIND DNS server
- Configure BIND as an Authoritative DNS server
- Test primary name resolution from Windows & Linux hosts
- Configure BIND as a secondary(slave) DNS server
- Evaluate results of BIND configuration using DIG
- Configure DNS zones
- Configure zone transfers
- Evaluate BIND's configuration files
- Implement IPv6 DNS AAAA records & evaluate forward IPv6 name resolution
- Implement IPv6 DNS reverse records & evaluate reverse IPv6 name resolution
*
* Network File System (NFS)
- Discuss features and benefits
- Explore NFS configuration
- Test NFS on clients and servers
*
* Implement Linux & Windows Integration via Samba
- Implement SMBFS integration with Debian GNU/Linux File System
- Mount Windows shares seamlessly using Samba File System (SMBFS)
- Configure FSTAB to support repetitive mounts
- Implement secure SMBFS credentials for mounting
- Install Samba Server support
- Install Samba Web-based Administration Tool (SWAT)
- Configure Samba file sharing
- Configure Samba with multiple NETBIOS aliases
- Configure Samba Windows Internet Name Server (WINS) support
- Evaluate Windows XP client access to Debian GNU/Linux Samba server
*
# top
# Application Services - Linux|Apache|MySQL|PHP (LAMP)
* Web Application Services
- Implement Apache Web Server
- Examine httpd.conf file directives
- Implement virtual directories using Apache and symbollic links
- Implement Redirects using Locate and various Apache directives
- Configure virtual hosts bound to the primary IP address and port
- Configure virtual hosts bound to alternate virtual IP addresses and ports
- Implement Apache logging system per virtual host
- Configure basic authentication to virtual hosts containers via Directory directives
- Configure digest authentication
- Implementation of Webalizer Log Analysis software
- Generate web reports using Webalizer
- Implementation of PHP Dynamic Web Access Scripting Engine
+ Evaluate PHP Dynamic Web Access Scripting Engine installation results
+ Test basic PHP script-processing using sample scripts
-
*
* MySQL Relational Database Management System
- Install MySQL Relational Database Management System
- Secure access to MySQL
- Create sample MySQL databases
- Install PHPMyAdmin for web-based management of MySQL instances
- Explain & Secure access to PHPMyAdmin
- Explore PHPMyAdmin's interface
*
* Postfix MTA
- Install Postfix MTA
- Introduction to Postfix Message Transfer Agent (MTA)
- Use Mutt to demonstrate outbound mail handling using Postfix
- Explore Postfix Configuration
*
* Post Office Protocol Version 3 (POP3)
- Explain POP3 concepts and applications
- Implement POP3 daemon
- Connect to POP3 daemon using Windows Outlook Express client
- Use Mutt to send SMTP-based messages to POP3 account
*
* Internet Messaging Access Protocol (IMAP)
- Explain IMAP concepts and applications in comparison to POP3
- Implement IMAP services
- Connect to IMAP services from remote Windows Outlook Express client
*
* Web-based Mail Implementation using Squirrel-mail
- Describe required squirrel mail components for web-mail integration
- Install squirrel mail on Debian GNU/Linux system
- Configure Apache virtual directory for squirrel mail integration
- Configure Apache Virtual Host for squirrel mail integration
- Configure BIND DNS services for squirrel mail integration
- Explore squirrel mail's web-based interface
*
#
# top
# Security Implementation Techniques
* IPTABLES (Netfilter Linux Kernel-based Firewall)
- Discuss IPTABLES/Netfilter Concepts
- Explain IPTABLES default chains/filters and policies
- Examine TCP/ICMP communications pre-IPTABLES chains
- Implement ICMP inbound filtration based on various hosts
- Use Cisco PIX Firewall to verify ICMP debugging
- Filter traffic based on Layer-4 TCP/UDP (Source/Destination Ports) information
- Restrict access to various daemons (SSH/FTP/HTTP/etc.)
- Test connectivity locally and remotely (RedHat/Windows/etc.)
*
* Network Mapper (NMAP)
- Obtain, compile and install current version of NMAP
- Identify commonly used NMAP options/switches/parameters
- Perform default TCP SYN-based ethical scans of local and remote resources
- Explain typical TCP handshake protocol while using NMAP
- Examine the results of scans on remote Cisco firewall with debugging mode enabled
- Perform default TCP Connect-based ethical scans of local and remote resources
- Examine the results of scans on remote Cisco PIX Firewall with debugging mode enabled
- Use NMAP to scan using aliased and spoofed IP addresses
- Peform local ethical scans
- Identifiy key NMAP configuration files
- Use NMAP to perform operating system fingerprinting
- Peform subnet-wide ethical scans
*
* Lockdown (Debian GNU/Linux System Lockdown)
- Explain potential network-based entry points to the system
- Identify superfluous daemons/services using NETSTAT & NMAP
- Disable superfluous daemons/services using update-rc.d and proper scripts
- Identify changes in the system as a result of performing the lockdown
- Disable superfluous daemons/services using XINETD
- Restrict source address access to daemons/services using XINETD
- Restrict bind address for daemons/services using XINETD
- Discuss application-layer security for added protection (MySQL/Apache/SSH)
- Force SSHD to bind to desired layer-3 IP address for controlled security
- Secure the system using IPTABLE for added security
*
* TCPDump & Wireshark
- Discuss features and benefits
- Explore TCPDump usage
- Capture interesting traffic
- Analyze with Wireshark