General Objectives
After attending this track students will be able to:
- Install and upgrade the Unix operating system on standard PC
hardware
- Provide basic security for a Unix installation
- Use Unix to provide some essential Internet services
- Administer a Unix server in a reasonable, secure and reliable fashion
In addition they will be taught concepts such as:
- Basic Internet Protocols and how they work (IPv4 and IPv6)
- Some basic Internet services and how they function, including
DNS, Web, SSH and E-mail
- Designing installations for long-term scalability of
services
Instructors
(HA) Hervey Allen, USA
(DM) Dorcas Muthoni, Kenya
(PO) Patrick Okui, Uganda
(PR) Phil Reganuld, Denmark
Assisting
(YH) Youness Hamidi, Morocco
Session 1
Welcome!
Written survey (Hervey Allen)
Material:
OpenOffice |
PDF |
Word
Unix as compared to Linux as compared to Windows (Hervey Allen)
HTML
Topics:
- Windows and design philosophy. Why we don't use it.
- Up-front costs.
- Linux: a viable choice
- Mac OS: major issue is hardware
- FreeBSD: proven, stable, fast.
- Design philosophies and history of these OS's.
Introduction to Unix (Hervey Allen)
Presentation:
OpenOffice |
PDF |
PowerPoint
Topics:
- Bird's eye view of Unix
- The kernel
- Shells
- User processes
- System processes
- Security models
- Filesystem layout
- Partitioning
- Devices
Session 2: FreeBSD installation practical (Noah Sematimba)
Presentation:
PDF |
HTML
- Installing FreeBSD from CD. Network configuration is not covered. Gnome-Desktop is
installed but not configured.
- partition, install 'X-developer', reboot
- login as root
- Get a prompt; note that everything you type is 'command [args..]'
- Use 'passwd root' to change root's password
- Note that you can run /stand/sysinstall (some things are
useful here, e.g. change keyboard mapping, set up anon ftp, partition a
new drive)
- where's the documentation?
- man pages
- /usr/share/doc/en/{articles,books}, also on www.freebsd.org (especially the FreeBSD handbook)
- /usr/share/examples
Session 3: Hands On Unix - Part I (Patrick Okui)
Presentation: Open Office | PowerPoint | PDF
Handout: Open Office | Word | PDF
Topics:
- Virtual Terminals
- The root account VS ordinary accounts
- The file system
- Tree Structure
- Navigating
- Getting Help
- File permissions
- Editing Files
Session 4: Hands On Unix - Part II (Patrick Okui)
Presentation: Open Office | PowerPoint | PowerPoint | PDF
Handout:Open Office | Word | PDF
Topics:
- Processes
- Intro
- Enviroment
- Security
- The shell
- Shell expansion
- Process start and control
Session 1: Ports and packages: Installing software on FreeBSD (Phil Regnauld)
Presentation:
[OpenOffice]|
[PDF]
Exercises:
[OpenOffice]|
[PDF]
Notes:
In this session, students will learn about the software packaging system
of FreeBSD, and how to install new software, including:
- using pkg_add
- using the ports collection
- understanding the software build process, and the advantages of each method
- using portupgrade as a meta-package management system
Session 2 and 3: Source Upgrading and Building System (Noah Sematimba)
Presentation:
Handout:
MS DOC |
OpenDocument
- security reasons for upgrading
- talk about the different branches of FreeBSD: CURRENT, 6_STABLE, 6_2_STABLE etc.
- ways to update
- updating by reinstalling a new release
- updating by using the binary upgrade feature (pros/cons)
- updating through source
- install cvsup-without-gui package
- upgrade the system source to 6_2_STABLE using cvsup (copy the example supfile, modify it to point to our local cvs mirror!)
- Do source update
- read /usr/src/UPDATING (why?)
- follow ALL the steps to build and install new world and kernel (because kernel changes can be tied to the userland utilities)
- show updating individual binaries through make / make install (example of a FreeBSD security alert)
Session 4: IP basics (Patrick Okui)
Presentation:Open Office | PowerPoint | PDF
Packet: PDF
Netmask Table: Excel | PDF
Notes:
- Encapsulation & Decapsulation
- Packets at different layers
- IPv4 Addresses
- Structure of an IP address
- Netmasks
- basic subnetting
- private vs public IP adress space
- Network setup in FreeBSD
- Switching & Routing
- Host - Host communication
Session 1: Security & Cryptographic Methods (HA)
Presentation:
OpenOffice |
PDF |
PowerPoint
Topics:
- Core security principals
- Symmetric ciphers
- Examples (DES3, AES, Blowfish)
- Features
- Key distribution problems
- Hashing core concepts
- Message digests
- Data integrity
- Hash fuctions
- Collisions
- Public/Private keys
- Passphrases
- Digital signatures
- SSH
- Man-in-the-middle attacks
- TLS/SSL
- CA's: Certificate Authorities
- PGP and Web of Trush
- Exercises included in the presentation
- What's running
- Using sockstat, lsof and netstat
Security with SSH (Overview) (HA)
Presentation:
OpenOffice |
PDF |
PowerPoint
Topics:
- Where to get SSH, particularly for Windows
- Enabling and configuring SSH
- SSH connection methods: password or public/private keys
- Authentication
- Exchanging host keys
- SSH "Magic Phrase"
Exercises: HTML
Session 2: Apache, SSL and Digital Signatures Using FreeBSD (HA)
Presentation:
OpenOffice |
PDF |
PowerPoint
Topics:
- A brief history of SSL
- Apache+mod_ssl - What is it?
- Digital certificates and signing them
- How a certificate request is done
- Issues with CA's
- Configuring a local certificate
- The 10 steps of an SSL connection
Exercises: HTML
Reference: Virtual host Apache configuration sample: Text
Session 3: Apache2 Webserver with Modssl (Noah Sematimba)
Presentation:
Handout:
MS DOC |
OpenDocument
- install apache22 package from FTP
- /etc/rc.conf apache22_enable="YES"
- Go through httpd.conf take note of DocumentRoot, uncomment ssl configuration file
- Edit ssl configuration file httpd-ssl.conf and point to certificates setup
in previous session.
- run and test
- apachectl start
- use ps to show something is running
- use lynx-ssl to browse your own server and someone else's
- use telnet to port 80 to show what's really happening
- look at its log files
- Note DocumentRoot, edit the default index.html and note changes in a web browser.
-
- note documentation at httpd.apache.org
Session 4
FreeBSD Startup and Repair (Hervey Allen)
Presentation:
OpenOffice |
PDF |
PowerPoint
Topics:
- What happens at startup?
- BIOS
- MBR
- Bootloader
- Kernel
- init
- Scripts and processes
- Single-user mode
- bootloader.conf
- /etc/rc.conf
- Shell scripts
- Recovering from file system damage using fsck and single user mode
- Replacing/updating your MBR
Exercises: HTML
Mirroring and RAID (Phil Regnauld)
Presentation:
[OpenOffice]|
[PDF]
Notes:
This session covers the basic principles of disk mirroring and RAID
configuration. Students will learn about:
- RAID levels
- advantages and inconvenients of each type
- why RAID is not backup
- software vs hardware RAID
Sessions 1 and 2
DNS Introduction (Phil Regnauld / Randy Bush)
Presentation:
[OpenOffice]|
[PowerPoint]|
[PDF] |
[PDF Handouts]
Exercises:
[OpenOffice]
Notes:
DNS is a fundamental and often misunderstood network service. The goal
of this session is for students to understand the basics of the DNS
including lookup of information, architecture, and basic problem isolation.
Students will learn:
- What is DNS ?
- How DNS is built/how does it work ?
- How does a DNS query work ? using host and dig
- Recursion mechanism
- Tracing DNS data
- Finding root servers
- Record types
- Caching vs authoritative
- Starting your own nameservice
- Delegations and domains vs. zones
- Finding the error: using the 'doc' tool
Session 3: E-mail (Noah Sematimba)
Presentation:
- overview of MTA/MUA, SMTP, POP3/IMAP
- SMTP error codes
- test them using telnet (including forging E-mail!) and reinforce password sniffing problem
- choosing an MTA, pros/cons of exim
- overview of exim configuration: routers, transports, acls
- where to find exim docs
Session 4: Building a basic mail server (Patrick Okui)
Handout: OpenOffice | Word | PDF
Notes:
- Building and installing Exim.
- Install Exim from ports
- Replace Sendmail with Exim
- Running basic tests.
- Test a standard installation and default configuration
- Inspect and manage the mail queue
- Check relay control
- Process log data
- Simple modification of the runtime configuration.
- Setting up your host as a mail relay
Session 1 and 2:
Secure Authentication: A brief overview (Hervey Alen)
Presentation:
OpenOffice |
PDF |
PowerPoint
Topics:
- Replacing POP, IMAP, Telnet, FTP and HTTP
- Avoiding SSH tunnels
- Can be painful
- Installation of courier-imap, including
- Reconfiguration of Exim for Maildir
- courier-authlib
- pop and imap
- Testing of these services
- Generation of local SSL certificate
- Configuration of pops and imaps
- Starting the services
Exercises: HTML
Session 3: PHP and Webmail (squirrelmail) (Noah Sematimba)
Handout:
- Install php4 and configure apache to use php4. Take note of the LoadModule and AddType commands in the ap
ache configuration.
- Install squirrelmail and setup its preferences.
- Configure a virtual host container in apache for our webmail. Start apache and test.
- Test e-mail sending using the webmail between neighbouring computers.
Session 4: Introduction to Shell scripting [demo] (Patrick Okui)
Reference material: Bash Beginners Guide | Advanced Bash Scripting Guide
Notes:
- Review of typical workflow of an admin
- Review of stringing commands in the shell with ';'
- using $SHELL filename
- shebang
- read and echo
- beyond here
Workshop summary and announcements
Q&A
Final Exam
Materials:
OpenOffice |
PDF |
Word |
Tear down of equipment
Certificates given out during dinner after end of workshop.
Photos
[not done in class]
Backups (Phil Regnauld)
Presentation:
[OpenOffice]|
[PDF]
Exercises:
[OpenOffice]|
[PDF]
Notes:
In this session students will learn about the concept of data protection, and
the different methods that can be done to backup data on modern UNIX systems,
including:
- dump - the traditional filesystem dump tool
- dd - binary disk / partition copying
- tar
- rsync and rsync-based tools (incremental/differential) rsnapshot, etc...
- client-server backup systems - amanda and bacula
Studens will learn to make the difference between simple data redundancy
and proper off-site backup, and sample scenarios to implement those.
PGP key management (Hervey Allen)
Presentation:
[OpenOffice]|
[PDF] |
[PowerPoint] |
Exercises: HTML]
Topics:
- Installing GnuPG
- Generating your public and private keys
- Sharing your public key
- Encrypting data with a public key
- Signing data with your private key
- Signing someone else's public key