AfNOG 2007 Workshop on Network Technology

Track E0 - Unix System Administration

Detailed Course Outline

General Objectives

• Install and upgrade the Unix operating system on standard PC hardware
• Provide basic security for a Unix installation
• Use Unix to provide some essential Internet services

• Basic Internet Protocols and how they work
• Some basic Internet services and how they function, including DNS, Web, SSH and E-mail
• Designing installations for long-term scalability of services

MONDAY

Material: OpenOffice | PDF | Word

Unix as compared to Linux as compared to Windows (Hervey Allen)

HTML

Topics:

• Windows and design philosophy. Why we don't use it.
• Up-front costs.
• Linux: a viable choice
• Mac OS: major issue is hardware
• FreeBSD: proven, stable, fast.
• Design philosophies and history of these OS's.

Presentation: OpenOffice | PDF | PowerPoint

Topics:

• Bird's eye view of Unix
• The kernel
• Shells
• User processes
• System processes
• Security models
• Filesystem layout
• Partitioning
• Devices

PDF | HTML
• Installing FreeBSD from CD. Network configuration is not covered. Gnome-Desktop is installed but not configured.
• partition, install 'X-developer', reboot
• login as root
  • Get a prompt; note that everything you type is 'command [args..]'
  • Use 'passwd root' to change root's password
  • Note that you can run /stand/sysinstall (some things are useful here, e.g. change keyboard mapping, set up anon ftp, partition a new drive)
• where's the documentation?
  • man pages
  • /usr/share/doc/en/{articles,books}, also on www.freebsd.org (especially the FreeBSD handbook)
  • /usr/share/examples

Session 3: Hands On Unix - Part I (Patrick Okui)
Presentation: Open Office | PowerPoint | PDF
Handout: Open Office | Word | PDF
Topics:

• Virtual Terminals
• The root account VS ordinary accounts
• The file system
  • Tree Structure
  • Navigating
• Getting Help
• File permissions
• Editing Files

Session 4: Hands On Unix - Part II (Patrick Okui)
Presentation: Open Office | PowerPoint | PowerPoint | PDF
Handout:Open Office | Word | PDF
Topics:

• Processes
  • Intro
  • Enviroment
  • Security
• The shell
  • Shell expansion
  • Process start and control

TUESDAY

Session 1: Ports and packages: Installing software on FreeBSD (Phil Regnauld)

Presentation: [OpenOffice]| [PDF]
Exercises: [OpenOffice]| [PDF]
Notes:
In this session, students will learn about the software packaging system of FreeBSD, and how to install new software, including:

• using pkg_add
• using the ports collection
• understanding the software build process, and the advantages of each method
• using portupgrade as a meta-package management system

Presentation:

OpenDocument | PDF | MS PowerPoint

• security reasons for upgrading
• talk about the different branches of FreeBSD: CURRENT, 6_STABLE, 6_2_STABLE etc.
• ways to update
• updating by reinstalling a new release
• updating by using the binary upgrade feature (pros/cons)
• updating through source
• install cvsup-without-gui package
• upgrade the system source to 6_2_STABLE using cvsup (copy the example supfile, modify it to point to our local cvs mirror!)
• Do source update
• read /usr/src/UPDATING (why?)
• follow ALL the steps to build and install new world and kernel (because kernel changes can be tied to the userland utilities)
• show updating individual binaries through make / make install (example of a FreeBSD security alert)

Session 4: IP basics (Patrick Okui)
Presentation:Open Office | PowerPoint | PDF
Packet: PDF
Netmask Table: Excel | PDF
Notes:

• Encapsulation & Decapsulation
• Packets at different layers
• IPv4 Addresses
  • Structure of an IP address
  • Netmasks
  • basic subnetting
  • private vs public IP adress space
  • Network setup in FreeBSD
• Switching & Routing
• Host - Host communication

WEDNESDAY

Presentation: OpenOffice | PDF | PowerPoint

Topics:

• Core security principals
• Symmetric ciphers
• Examples (DES3, AES, Blowfish)
• Features
• Key distribution problems
• Hashing core concepts
• Message digests
• Data integrity
• Hash fuctions
• Collisions
• Public/Private keys
• Passphrases
• Digital signatures
• SSH
• Man-in-the-middle attacks
• TLS/SSL
• CA's: Certificate Authorities
• PGP and Web of Trush
• Exercises included in the presentation
• What's running
• Using sockstat, lsof and netstat

Presentation: OpenOffice | PDF | PowerPoint

Topics:

• Where to get SSH, particularly for Windows
• Enabling and configuring SSH
• SSH connection methods: password or public/private keys
• Authentication
• Exchanging host keys
• SSH "Magic Phrase"

Session 2: Apache, SSL and Digital Signatures Using FreeBSD (HA)

Presentation: OpenOffice | PDF | PowerPoint

Topics:

• A brief history of SSL
• Apache+mod_ssl - What is it?
• Digital certificates and signing them
• How a certificate request is done
• Issues with CA's
• Configuring a local certificate
• The 10 steps of an SSL connection

Reference: Virtual host Apache configuration sample: Text

Session 3: Apache2 Webserver with Modssl (Noah Sematimba)

Presentation:

OpenDocument | PDF | MS PowerPoint

Handout: MS DOC | OpenDocument

• install apache22 package from FTP
  • /etc/rc.conf apache22_enable="YES"
  • Go through httpd.conf take note of DocumentRoot, uncomment ssl configuration file
  • Edit ssl configuration file httpd-ssl.conf and point to certificates setup in previous session.
  • run and test
    • apachectl start
    • use ps to show something is running
    • use lynx-ssl to browse your own server and someone else's
    • use telnet to port 80 to show what's really happening
  • look at its log files
  • Note DocumentRoot, edit the default index.html and note changes in a web browser.
  • note documentation at httpd.apache.org

FreeBSD Startup and Repair (Hervey Allen)

Presentation: OpenOffice | PDF | PowerPoint

Topics:

• What happens at startup?
• BIOS
• MBR
• Bootloader
• Kernel
• init
• Scripts and processes
• Single-user mode
• bootloader.conf
• /etc/rc.conf
• Shell scripts
• Recovering from file system damage using fsck and single user mode
• Replacing/updating your MBR

Mirroring and RAID (Phil Regnauld)

Presentation: [OpenOffice]| [PDF]
Notes:
This session covers the basic principles of disk mirroring and RAID configuration. Students will learn about:

• RAID levels
• advantages and inconvenients of each type
• why RAID is not backup
• software vs hardware RAID

THURSDAY

DNS Introduction (Phil Regnauld / Randy Bush)
Presentation: [OpenOffice]| [PowerPoint]| [PDF] | [PDF Handouts]
Exercises: [OpenOffice]
Notes:
DNS is a fundamental and often misunderstood network service. The goal of this session is for students to understand the basics of the DNS including lookup of information, architecture, and basic problem isolation.

Students will learn:

• What is DNS ?
• How DNS is built/how does it work ?
• How does a DNS query work ? using host and dig
• Recursion mechanism
• Tracing DNS data
• Finding root servers
• Record types
• Caching vs authoritative
• Starting your own nameservice
• Delegations and domains vs. zones
• Finding the error: using the 'doc' tool

MS PowerPoint | OpenDocument | PDF |

• overview of MTA/MUA, SMTP, POP3/IMAP
• SMTP error codes
  • test them using telnet (including forging E-mail!) and reinforce password sniffing problem
• choosing an MTA, pros/cons of exim
• overview of exim configuration: routers, transports, acls
• where to find exim docs

Session 4: Building a basic mail server (Patrick Okui)
Handout: OpenOffice | Word | PDF

Notes:

• Building and installing Exim.
  • Install Exim from ports
  • Replace Sendmail with Exim
• Running basic tests.
  • Test a standard installation and default configuration
  • Inspect and manage the mail queue
  • Check relay control
  • Process log data
• Simple modification of the runtime configuration.
• Setting up your host as a mail relay

FRIDAY

Secure Authentication: A brief overview (Hervey Alen)

Presentation: OpenOffice | PDF | PowerPoint

Topics:

• Replacing POP, IMAP, Telnet, FTP and HTTP
• Avoiding SSH tunnels
• Can be painful
• Installation of courier-imap, including
• Reconfiguration of Exim for Maildir
• courier-authlib
• pop and imap
• Testing of these services
• Generation of local SSL certificate
• Configuration of pops and imaps
• Starting the services

Session 3: PHP and Webmail (squirrelmail) (Noah Sematimba)
Handout:

OpenDocument | MS Word | PDF

• Install php4 and configure apache to use php4. Take note of the LoadModule and AddType commands in the ap ache configuration.
• Install squirrelmail and setup its preferences.
• Configure a virtual host container in apache for our webmail. Start apache and test.
• Test e-mail sending using the webmail between neighbouring computers.

Session 4: Introduction to Shell scripting [demo] (Patrick Okui)
Reference material: Bash Beginners Guide | Advanced Bash Scripting Guide
Notes:

• Review of typical workflow of an admin
• Review of stringing commands in the shell with ';'
• using $SHELL filename
• shebang
• read and echo
• beyond here

Workshop summary and announcements

Q&A

Final Exam

Materials: OpenOffice | PDF | Word |

Tear down of equipment

Certificates given out during dinner after end of workshop.

Photos

[not done in class]

Backups (Phil Regnauld)
Presentation: [OpenOffice]| [PDF]
Exercises: [OpenOffice]| [PDF]
Notes:
In this session students will learn about the concept of data protection, and the different methods that can be done to backup data on modern UNIX systems, including:

• dump - the traditional filesystem dump tool
• dd - binary disk / partition copying
• tar
• rsync and rsync-based tools (incremental/differential) rsnapshot, etc...
• client-server backup systems - amanda and bacula

PGP key management (Hervey Allen)
Presentation: [OpenOffice]| [PDF] | [PowerPoint] |
Exercises: HTML]

Topics:

• Installing GnuPG
• Generating your public and private keys
• Sharing your public key
• Encrypting data with a public key
• Signing data with your private key
• Signing someone else's public key