Study Guide Linux Professional Institute Certification Level 2 Exam 2 Contents

Study Guide Linux Professional Institute Certification Level 2 Exam 2 Contents Prerequisites 1 Linux - CentOS 6, CentOS 7 (or Other SysVInit or Systemd Distribution) 1 Topic 207 - Domain Name Server 1 207.1 Basic DNS Server Configuration (DNS Overview) 1 207.1 Basic DNS Server Configuration (BIND Configuration and Setup - Caching Name Server) 2 207.1 Basic DNS Server Configuration (Testing - BIND Commands) 3 207.2 Create and Maintain DNS Zones (Configuring for Zones) 5 207.2 Create and Maintain DNS Zones (Zone Files and Record Types) 6 207.2 Create and Maintain DNS Zones (Finalize Master DNS Server Configuration) 8 207.2 Create and Maintain DNS Zones (Create Forward and Reverse Zone Files and Testing the Configuration) 9 207.3 Securing a DNS Server (CHROOT Jails) 10 207.3 Securing a DNS Server (BIND - Split Name Server Setup)  11 207.3 Securing a DNS Server (DNS Security Tools - Discussion, Keys and Signing a Zone File) 12 Topic 208 Web Services 13 208.1 Implementing a Web Server (Apache - Configuration File and Directives) 13 208.1 Implementing a Web Server (Apache - Enabling Perl and PHP Scripting) 14 208.1 Implementing a Web Server (Apache - Security Settings and User Authentication) 15 208.1 Implementing a Web Server (Apache - Virtual Hosts) 16 208.2 Apache Configuration for HTTPS (SSL Key Generation) 17 208.2 Apache Configuration for HTTPS (Adding SSL Certificates to Configuration and Key SSL Directives) 19 208.3 Implementing a Proxy Server (Squid - Installation and Default Configuration Walkthrough) 20 208.3 Implementing a Proxy Server (Squid - Testing with a Client) 22 208.4 Implementing Nginx as a Web Server and Reverse Proxy (Nginx - Basic Web Server Configuration) 22 208.4 Implementing Nginx as a Web Server and Reverse Proxy (Nginx - Basic Reverse Proxy Configuration) 22 209 - File Sharing 23 209.1 SAMBA Server Configuration (Server Installation and Share Configuration) 23 209.1 SAMBA Server Configuration (Security and Account Management) 25 209.1 SAMBA Server Configuration (Client Installation and Access) 26 209.2 NFS Server Configuration (NFS3 Server Installation, Configuration and Testing) 27 209.2 NFS Server Configuration (NFS3 Client Configuration and Share Mounting) 29 Topic 210 - Network Client Management 31 210.1 DHCP Configuration 31 210.2 PAM Authentication (Overview) 33 210.2 PAM Authentication (Modules - pam_unix.so, pam_ cracklib.so, pam_limits.so and pam_listfile.so) 34 210.2 PAM Authentication (Authentication Order - nsswitch.conf)  36 210.3 Configuring an OpenLDAP Server (Overview) 36 210.3 Configuring an OpenLDAP Server (Installation and Initial Configuration) 37 210.3 Configuring an OpenLDAP Server (LDIF Creation for Adding Objects) 39 210.4 LDAP Client Usage (Client Utilities for Searching, Adding and Deleting Records) 40 Topic 211 - E-Mail Services 42 211.1 Using E-Mail Services (E-Mail Overview) 42 211.1 Using E-Mail Services (Postfix Key Configuration and Input Files) 43 211.2 Managing E-Mail Delivery (Rules Based Message Management) 45 211.3 Managing Remote E-Mail Delivery (Dovecot Installation and Configuration) 45 Topic 212 - System Security 48 212.1 Configuring a Router 48 212.2 Securing FTP Servers (Server - vsftpd) 52 212.2 Securing FTP Servers (Server - Pure-FTPD, ProFTPD and Active vs. Passive Connections) 53 212.3 Secure Shell (SSH Configuration) 54 212.3 Secure Shell (SSH Client Tools) 56 212.3 Secure Shell (Advanced SSH - Using SSH Keys for Authentication) 57 212.4 Security Tasks 58 Appendix A - Sample Configuration Files 61 /etc/dhcpd.conf (Sample Configuration File from Package) 61 /etc/nsswitch.conf 61 /etc/security/limits.conf 62 /etc/pam.d/passwd 63 /etc/pam.d/system-auth 63 /etc/samba/smb.conf (example configuration file) 64 /etc/named.conf (default - caching DNS server) 64 /etc/named.conf (configuration for full ‘mydomain.com’ example DNS server) 66 /var/named/named.localhost 67 /var/named/fwd.mydomain.com.db (forward lookup zone file) 67 /var/named/0.1.10.db (reverse lookup zone file) 67 LDIF Sample - Top Level Directory 68 LDIF Sample - Creating an Organizational Unit 68 LDIF Sample - Adding a Single Record 68 LDIF Sample - Adding Multiple Records 69 Linux Professional Institute Certification Level 2 Exam 2 Linux Academy - 1 - Prerequisites Linux - CentOS 6, CentOS 7 (or Other SysVInit or Systemd Distribution) Topic 207 - Domain Name Server 207.1 Basic DNS Server Configuration (DNS Overview) • DNS (Domain Name Service) • used to provide translation of IP addresses to names and is part of the TCP/IP standards that provide this type of functionality • additional name resolution protocols are LDAP and NIS, although DNS is unique in that is provides ONLY name resolution (unlike the other two) • /etc/resolv.conf • the client configuration file for DNS resolution, directives include: • nameserver [IP Address] • one or more lines indicating the IP address of a server configured to respond to DNS queries from the client (typically up to three nameserver values are supported, order of appearance is the order they will be queried) • search [domain] • the default domain that will be searched for member names • domain [domain] • the default domain that all names will be assumed to be a member of unless specified by a FQDN • root servers • these servers are the “end point,” where DNS queries are passed off to by all other DNS servers • currently, there are 13 root server entries (described by default in the BIND zone files - see configuration further down) • key terms • Domain name • valid names registered in a DNS server (they can be public, private or both) • Top-level domain • referred to by the “.” (dot) character in a domain, the final portion of a domain name (i.e. .com, .net, .int, .gov, .edu, .mil - the original top level domains) • FQDN (fully qualified domain name) • the host name followed by the domain it belongs to (i.e. user1.mylabserver.com is the FQDN for one of the Linux Academy lab servers with the host name ‘user1’) Linux Professional Institute Certification Level 2 Exam 2 Linux Academy - 2 - • Subdomain • part of the larger domain (for example, dev.mylabserver.com, qa.mylabserver. com, prod.mylabserver.com - each subdomain indicating the environment it represents) • Zone files and records • this file stores the translation from IP to name and a record is the individual line that represents one such translation • caching name server • a DNS server that returns address information received from another DNS server, used to speed DNS queries by caching those results for a period of time • TTL (time to live) • the amount of time a cached DNS record will be returned before a query is sent back out to obtain a fresh copy (generally by default, it is 24 hours but can be set to any value desired, see subsequent BIND server setup later) • DNS forwarder • simply forwards DNS requests from one network to another (often internal network to external network DNS) • Forward lookups • IP to domain name (default DNS behavior) • Reverse lookup • domain name to IP (most DNS servers provide in addition to forward lookups) • BIND (Berkley Internet Name Domain) • most common DNS server, specific configuration tested during LPIC-2 Exam 2 • dnsmasq • additional DNS server that functions as a forwarding DNS server and/or for DHCP • PowerDNS • load balanced DNS server (service) that was originally proprietary but later open sourced • djbdns • developed as a more secure alternative to the BIND DNS server, more popular on Debian/Ubuntu systems 207.1 Basic DNS Server Configuration (BIND Configuration and Setup - Caching Name Server) • BIND9 • DNS server for LPIC-2 configuration • package on each distribution - bind, bind-utils • /etc/named. conf • primary configuration file for the BIND server • read by the BIND service on start (BIND service named) • most settings will NOT need to be changed • the default settings are for a caching name server (part of the LPIC-2 requirements), simply starting the default configuration with the ‘named’ service will start a fully configured and functional caching only DNS server Linux Professional Institute Certification Level 2 Exam 2 Linux Academy - 3 - • key configuration items • listen-on • port and interface(s) to listen on (semicolon delimited list) • Example • listen-on port 53 { 127.0.0.1; 10.1.0.100; }; • would listen on the localhost IP and 10.1.0.100 over port 53 for DNS requests • Directory • by default, will be /var/named, but can be defined to any location (taking SELinux into consideration) for the working directory of the server (except for chroot jails, covered in a later topic) • dump-file • directory of the file created with the rndc dumpdb command • allow-query • indicates the systems the server will respond to (semicolon delimited list of allowed/disallowed systems) • Example • allow-query { localhost; !10.1.0.100; 10.1.0/24 }; • will allow queries from localhost, and the entire 10.1.0/24 network EXCEPT 10.1.0.100 • dnssec-enable • set to yes will enable the DNSSEC (Secure DNS Extension), for securing/authenticating DNS data (again, covered in a later topic in more detail) • dnssec-validation • enables the user of managed keys (trusted) • bindkeys-file • the file used if the dnssec-lookaside directive is set to auto • managed-keys-directory • the directory used to store the managed keys in a secure DNS server configuration • session-keyfile • contains the Transaction uploads/Litterature/ study-guide 4 .pdf

Tags
littérature server configuration linux files example
Documents similaires
  • 76
  • 0
  • 0
Afficher les détails des licences
Licence et utilisation
Gratuit pour un usage personnel Attribution requise
Partager