Main › Enterprise Linux Network Services (H7092S)

Enterprise Linux Network Services (H7092S)

COURSE OVERVIEW

This is an expansive course covering a wide range of network services. Attention is paid to the concepts needed to implement and troubleshoot the network services securely and to provide extensive hands-on experience. Topics include security with SELinux and Netfilter, DNS concepts and implementation with Bind, LDAP concepts and implementation using OpenLDAP, web services with Apache, FTP with vsftpd, caching, filtering proxies with Squid, SMB/CIFS (Windows networking) with Samba, and e-mail concepts and implementation with Postfix combined with either Dovecot or Cyrus.

PREREQUISITES

UNIX fundamentals (51434S) or
Linux fundamentals (U8583S) and
Enterprise Linux Network Administration (H7091S)

AUDIENCE

New Linux system administrators

SUPPORTED DISTRIBUTIONS

Red Hat Enterprise Linux 7, SUSE Linux Enterprise 12

COURSE OBJECTIVES

At the conclusion of this course you should be able to:

Gain the knowledge and skills required to setup, configure, and manage the most popular network services available for Red Hat and SUSE Linux systems

NEXT STEPS

Consider attending other advanced courses in the Linux curriculum
Consider Linux certification: Linux Professional Institute (LPI) Level 1, Red Hat (RHCE, RHCT) or SAIR

BENEFITS TO YOU

Effectively use networking services and security options
Understand and configure services to your specific needs
Avoid unwanted emails by configuring mail services with spam filtering

COURSE OUTLINE

Chapter 1 – Securing Services

Xinetd
Xinetd Connection Limiting and Access Control
Xinetd: Resource limits, redirection, logging
TCP Wrappers
The /etc/hosts.allow & /etc/hosts.deny Files
/etc/hosts.{allow,deny} Shortcuts
Advanced TCP Wrappers
SUSE Basic Firewall Configuration
FirewallD
Netfilter: Stateful Packet Filter Firewall
Netfilter Concepts
Using the iptables Command
Netfilter Rule Syntax
Targets
Common match_specs
Connection Tracking

Lab Tasks

Securing xinetd Services
Enforcing Security Policy with xinetd
Securing Services with TCP Wrappers
Securing Services with SuSEfirewall2
Securing Services with Netfilter
FirewallD
Troubleshooting Practice

Chapter 2 – SELinux and LSM

AppArmor
SELinux Security Framework
Choosing an SELinux Policy
SELinux Commands
SELinux Booleans
SELinux Policy Tools

Lab Tasks

Exploring AppArmor Modes
SELinux File Contexts

Chapter 3 – DNS Concepts

Naming Services
DNS – A Better Way
The Domain Name Space
Delegation and Zones
Server Roles
Resolving Names
Resolving IP Addresses
Basic BIND Administration
Configuring the Resolver
Testing Resolution

Lab Tasks

Configuring a Slave Name Server

Chapter 4 – Configuring BIND

BIND Configuration Files
named.conf Syntax
named.conf Options Block
Creating a Site-Wide Cache
rndc Key Configuration
Zones In named.conf
Zone Database File Syntax
SOA – Start of Authority
A, AAAA, & PTR – Address & Pointer Records
NS – Name Server
TXT, CNAME, & MX – Text, Alias, & Mail Host
SRV – SRV Service Records
Abbreviations and Gotchas
$GENERATE, $ORIGIN, and $INCLUDE

Lab Tasks

Use rndc to Control named
Configuring BIND Zone Files

Chapter 5 – Creating DNS Hierarchies

Subdomains and Delegation
Subdomains
Delegating Zones
in-addr.arpa. Delegation
Issues with in-addr.arpa.
RFC2317 & in-addr.arpa.

Lab Tasks

Create a Subdomain in an Existing Domain
Subdomain Delegation

Chapter 6 – Advanced BIND DNS Features

Address Match Lists & ACLs
Split Namespace with Views
Restricting Queries
Restricting Zone Transfers
Running BIND in a chroot
Dynamic DNS Concepts
Allowing Dynamic DNS Updates
DDNS Administration with nsupdate
Common Problems
Common Problems
Securing DNS With TSIG

Lab Tasks

Configuring Dynamic DNS
Securing BIND DNS

Chapter 7 – Using Apache

HTTP Operation
Apache Architecture
Dynamic Shared Objects
Adding Modules to Apache
Apache Configuration Files
httpd.conf – Server Settings
httpd.conf – Main Configuration
HTTP Virtual Servers
Virtual Hosting DNS Implications
httpd.conf – VirtualHost Configuration
Port and IP based Virtual Hosts
Name-based Virtual Host
Apache Logging
Log Analysis
The Webalizer

Lab Tasks

Apache Architecture
Apache Content
Configuring Virtual Hosts

Chapter 8 – Apache Security

Virtual Hosting Security Implications
Delegating Administration
Directory Protection
Directory Protection with AllowOverride
Common Uses for .htaccess
Symmetric Encryption Algorithms
Asymmetric Encryption Algorithms
Digital Certificates
TLS Using mod_ssl.so

Lab Tasks

Using .htaccess Files
Using TLS Certificates with Apache
Use SNI and TLS with Virtual Hosts

Chapter 9 – Apache Server-Side Scripting Administration

Dynamic HTTP Content
PHP: Hypertext Preprocessor
Developer Tools for PHP
Installing PHP
Configuring PHP
Securing PHP
Security Related php.ini Configuration
Java Servlets and JSP
Apache’s Tomcat
Installing Java SDK
Installing Tomcat Manually
Using Tomcat with Apache

Lab Tasks

CGI Scripts in Apache
Apache’s Tomcat
Using Tomcat with Apache
Installing Applications with Apache and Tomcat

Chapter 10 – Implementing an FTP Server

The FTP Protocol
Active Mode FTP
Passive Mode FTP
ProFTPD
Pure-FTPd
vsftpd
Configuring vsftpd
Anonymous FTP with vsftpd

Lab Tasks

Configuring vsftpd

Chapter 11 – The Squid Proxy Server

Squid Overview
Squid File Layout
Squid Access Control Lists
Applying Squid ACLs
Tuning Squid & Configuring Cache Hierarchies
Bandwidth Metering
Monitoring Squid
Proxy Client Configuration

Lab Tasks

Installing and Configuring Squid
Squid Cache Manager CGI
Proxy Auto Configuration
Configure a Squid Proxy Cluster

Chapter 12 – SQL Fundamentals and MariaDB

Popular SQL Databases
SELECT Statements
INSERT Statements
UPDATE Statements
DELETE Statements
JOIN Clauses
MariaDB
MariaDB Installation and Security
MariaDB User Account Management
MariaDB Replication

Lab Tasks

SQL with Sqlite3
Installing and Securing MariaDB
Creating a database in MariaDB
Create a database backed application

Chapter 13 – LDAP Concepts and Clients

LDAP: History and Uses
LDAP: Data Model Basics
LDAP: Protocol Basics
LDAP: Applications
LDAP: Search Filters
LDIF: LDAP Data Interchange Format
OpenLDAP Client Tools
Alternative LDAP Tools

Lab Tasks

Querying LDAP

Chapter 14 – OpenLDAP Servers

Popular LDAP Server Implementations
OpenLDAP: Server Architecture
OpenLDAP: Backends
OpenLDAP: Replication
Managing slapd
OpenLDAP: Configuration Options
OpenLDAP: Configuration Sections
OpenLDAP: Global Parameters
OpenLDAP: Database Parameters
OpenLDAP Server Tools
Native LDAP Authentication and Migration
Enabling LDAP-based Login
System Security Services Daemon (SSSD)

Lab Tasks

Building An OpenLDAP Server
Enabling TLS For An OpenLDAP Server
Enabling LDAP-based Logins

Chapter 15 – Samba Concepts and Configuration

Introducing Samba
NetBIOS and NetBEUI
Samba Daemons
Accessing Windows/Samba Shares from Linux
Samba Utilities
Samba Configuration Files
The smb.conf File
Mapping Permissions and ACLs
Mapping Linux Concepts
Mapping Users
Sharing Home Directories
Sharing Printers
Share Authentication
Share-Level Access
User-Level Access
Samba Account Database
User Share Restrictions

Lab Tasks

Samba Share-Level Access
Samba User-Level Access
Samba Group Shares
andling Symbolic Links with Samba
Samba Home Directory Shares

Chapter 16 – SMTP Theory

SMTP
SMTP Terminology
SMTP Architecture
SMTP Commands
SMTP Extensions
SMTP AUTH
SMTP STARTTLS
SMTP Session

Chapter 17 – Postfix

Postfix Features
Postfix Architecture
Postfix Components
Postfix Configuration
master.cf
main.cf
Postfix Map Types
Postfix Pattern Matching
Advanced Postfix Options
Virtual Domains
Postfix Mail Filtering
Configuration Commands
Management Commands
Postfix Logging
Logfile Analysis
Postfix, Relaying and SMTP AUTH
SMTP AUTH Server and Relay Control
SMTP AUTH Clients
Postfix / TLS
TLS Server Configuration
Postfix Client Configuration for TLS
Other TLS Clients
Ensuring TLS Security

Lab Tasks

Configuring Postfix
Postfix Virtual Host Configuration
Postfix Network Configuration
Postfix SMTP AUTH Configuration
Postfix STARTTLS Configuration
SUSE Postfix Configuration Cleanup

Chapter 18 – Mail Services and Retrieval

Filtering Email
Procmail
SpamAssassin
Bogofilter
amavisd-new Mail Filtering
Accessing Email
The IMAP4 Protocol
Dovecot POP3/IMAP Server
Cyrus IMAP/POP3 Server
Cyrus IMAP MTA Integration
Cyrus Mailbox Administration
Fetchmail
Roundcube Webmail
Mailing Lists
GNU Mailman
Mailman Configuration

Lab Tasks

Configuring Procmail & SpamAssassin
Configuring Cyrus IMAP
Dovecot TLS Configuration
Configuring Roundcube
Base Mailman Configuration
Basic Mailing List
Private Mailing List

Appendix A – NIS

NIS Overview
NIS Limitations and Advantages
NIS Client Configuration
NIS Server Configuration
NIS Troubleshooting Aids

Lab Tasks

Using NIS for Centralized User Accounts
Configuring NIS
NIS Slave Server
NIS Failover
Troubleshooting Practice: NIS

For more information about HP training programs in Ukraine visit web site at http://www8.hp.com/ua/ru/training/index.html

Main › POSIX Shell Programming (H4322S)

POSIX Shell Programming (H4322S)

COURSE OVERVIEW

This course provides UNIX® users and administrators hands-on skills development in POSIX shell programming. Syntax and constructs of the POSIX shell language are covered including use of variables, branches, loops, file I/O, functions, and traps. An introduction to regular expressions, awk, and sed are also discussed as each of these are commonly used in shell scripts. The 5-day course is 50 percent lecture and 50 percent hands-on labs using HP servers.

AUDIENCE

HP-UX and UNIX general users, system and network administrators, and software developers

PREREQUISITES

Fundamental knowledge of programming and
UNIX Fundamentals (51434S) or
Equivalent experience

COURSE OBJECTIVE

At the conclusion of this course you should be able to:

Read and maintain existing POSIX scripts
Create a POSIX program
Use looping and branching
Use arrays
Use regular expressions
Use subroutines
Use advanced data structures and functions
Understand and use traps and signals
Understand awk and sed

BENEFITS TO YOU

Understand and maintain POSIX scripts already in use in your environment
Learn how to create and run a POSIX shell program, saving time and increasing productivity with automated scripts
Write efficient programs by understanding how shell scripts are processed
Customize shell start-up files
Easily control your administration tasks

DETAILED COURSE OUTLINE

Introduction to POSIX Shell Scripts

What is a shell script?
Script execution
The subprocess environment
Shell features

Shell Scripting

Which shell?
Recommended script format
Planning to write a shell script
Portability issues

Variables

Variables
Displaying and using variables
Concatenation and substrings
Other sources of data for variables

User Input

Reading user input
Positional parameters
Creating positional parameters
Conditional substitution
External influences

Designing Program Output

Variable attributes
Formatted data
Cursor positioning and terminal echo

Shell Arithmetic

Creating integer-only variables
Base10 and others
Working with arithmetic operators and data

Branches and Logic Testing

Logic testing
Conditional operators
Multiway decision branching and the case statement

Shell Patterns

Basic expressions
More complex patterns
Pattern combinations

Program Loops

The while loop
The until loop
The for loop
Breaking out of a loop
Continue and exit commands
The select loop

The getopts Command

Processing arguments
The getopts and OPTARG variable
The OPTIND variable

Array Variables

Substituting and counting
Using integer variables as element numbers

Functions and Function Libraries

Displaying current shell functions
Declaring and using functions
Variable scope
Function libraries and recursion

Managing Input and Output

File descriptors
Reading and writing using file descriptors
Redirecting, parameter lists, and here documents
Creating parameter lists from input lines

For more information about HP training programs in Ukraine visit web site at http://www8.hp.com/ua/ru/training/index.html

Main › HP-UX System and Network Administration for Experienced UNIX® System Administrators (H5875S)

HP-UX System and Network Administration for Experienced UNIX® System Administrators (H5875S)

COURSE OVERVIEW

This fast-paced intensive course is designed for experienced Tru64, AIX, Solaris, Linux, or other UNIX® administrators who need to understand the differences between HP-UX and standard UNIX. It is essential that students have existing UNIX system administration experience. Successful completion of the course will help prepare students for the HP-UX Certified System Administrator (CSA) certification exam. The 5-day course is 50 percent lecture and 50 percent hands-on labs using HP servers.

PREREQUISITES

Existing knowledge and system administration experience of a version of UNIX

AUDIENCE

Experienced UNIX system administrators who are new to HP-UX

COURSE OBJECTIVES

At the conclusion of this course you should be able to:

Configure and manage HP-UX peripherals and device files
Configure and manage disk devices via LVM
Configure and manage JFS file systems
Configure HP-UX network connectivity and services
Configure HP-UX kernel drivers and tunable parameters
Shutdown, boot, and reboot HP-UX
Install HP-UX OS software, applications, and patches

NEXT STEPS

Become an HP-UX Certified System Administrator (CSA) by successfully completing the HP-UX CSA certification exam
Learn more about BladeSystem and partitioning technologies in our HP-UX hardware and partitioning curriculum
Learn more about HP-UX high availability, virtualization, security, and performance tools in our HP-UX advanced administration curriculum

BENEFITS TO YOU

Build on your existing UNIX system administration experience to quickly develop HP-UX administration skills
Become an HP-UX Certified System Administrator (CSA) by successfully completing the Certified System Administrator certification exam

COURSE OUTLINE

Navigating the System Management Homepage (SMH)

SAM and SMH overview
Launching the SMH GUI and TUI
Verifying SMH certificates
Logging into the SMH
Navigating the SMH interface
Launching SMH tools
Launching SMH tasks
Viewing SMH logs
Managing SMH access control
Managing SMH authentication
SMH and SIM integration concepts

Configuring Hardware

Hardware component overview
CPU, cell, crossbar, and Blade overview
SBA, LBA, and I/O overview
iLO/MP, core I/O, and interface adapter card overview
Internal disks, tapes, and DVD overview
Disk array, LUN, SAN, and multipathing overview
Partitioning overview
nPar, vPar, VM, and secure resource partition overview
HP Integrity entry-class rackmount servers
HP Integrity mid-range servers
HP Integrity high-end servers
HP BladeSystem
HP Integrity Superdome 2
Viewing the system hardware configuration
Viewing nPar, vPar, and VM hardware addresses
Hardware address concepts
Legacy HBA, SCSI, and FC hardware address concepts
Agile View HBA, SCSI, and FC hardware address concepts
Viewing legacy hardware addresses
Viewing LUNs via Agile View
Viewing a LUN’s lunpaths via Agile View
Viewing an HBA’s lunpaths via Agile View
Viewing LUN health via Agile View
Viewing LUN attributes via Agile View
Enabling and disabling lunpaths
Slot address concepts
Slot address components
Viewing slot addresses
Installing interface cards with and without OL*
Installing new devices

Configuring Device Special Files

DSF attribute concepts
DSF directories
Legacy DSF names
Persistent DSF names
LUN, disk, and DVD DSF names
Boot disk DSFs
Tape drive DSFs
Tape autochanger DSFs
Terminal, modem, and printer DSFs
Listing legacy DSFs
Listing persistent DSFs
Correlating persistent and legacy DSFs
Correlating persistent DSFs with lunpaths and WWIDs
Decoding legacy and persistent DSF attributes
Creating DSFs via insf, mksf, and mknod
Removing DSFs via rmsf
Disabling and enabling legacy mode DSFs

Managing Disk Devices

Disk partitioning concepts
Whole disk partitioning concepts
LVM disk partitioning concepts
LVM physical volume concepts
LVM volume group concepts
LVM logical volume concepts
LVM extent concepts
LVM extent size concepts
LVM versions and limits
LVM DSF directories
LVMv1 device files
LVMv2 device files
Creating physical volumes
Creating LVMv1 volume groups
Creating LVMv2 volume groups
Creating logical volumes
Verifying the LVM configuration
Comparing disk space management tools

Managing File Systems

File system types
HFS and VxFS comparison
Creating file systems
Mounting file systems
Automatically mounting file systems
Mounting CDFS file systems
Mounting LOFS file systems
Mounting ISO file systems
Mounting MemFS file systems

Managing Swap Space

HP-UX memory concepts
HP-UX swap concepts
HP-UX swap types
HP-UX pseudoswap
Enabling swap via the CLI
Enabling swap via /etc/fstab
Monitoring swap space
Disabling swap
Guidelines for configuring swap space

Maintaining Logical Volumes and File Systems

Defragmenting file systems
Repairing corrupted file systems
Monitoring free space
Reclaiming wasted file system space
Extending, reducing, and removing volume groups
Extending, reducing, and removing logical volumes
Extending and reducing file systems

Preparing for Disasters

Disaster recovery, mirroring, and DRD clone concepts
Using DRD to minimize planned downtime
Using DRD to minimize unplanned downtime
Installing DRD
Using the drd command
Creating a DRD clone
Synchronizing a DRD clone
Verifying a DRD clone’s status
Accessing inactive images via DRD-safe commands
Managing software via DRD-safe commands
Managing kernel tunables via DRD-safe commands
Accessing inactive images via other commands
Activating and deactivating an inactive image
Customizing the make_*_recovery archive contents
Backing up the boot disk via make_tape_recovery
Backing up the boot disk via make_net_recovery
Using a make_*_recovery archive
Interacting with the recovery process

Accessing the System Console and the iLO/MP

Management processor concepts
Viewing MP/console ports
Connecting MP serial and LAN ports
Accessing the MP
Navigating the MP menu and web interfaces
Accessing nPar, vPar, and VM consoles
Accessing the VFP, console log, and system event log
Accessing the MP help menus
Accessing the MP command menu
Configuring the MP LAN interface
Enabling MP remote access
Managing MP user accounts and access levels
Managing MP login sessions
Rebooting via the MP

Booting PA-RISC Systems

HP-UX shutdown and reboot concepts
PA-RISC boot process major players
PA-RISC boot disk structures
PA-RISC boot process overview
Autoboot and manual boot concepts
Interacting with the BCH and ISL/IPL

Booting Integrity Systems

HP-UX shutdown and reboot concepts
Integrity boot process major players
Integrity boot disk structures
Integrity boot disk system, OS, and HPSP structures
Integrity and PA-RISC boot process comparison
UEFI/EFI addressing concepts
Autoboot and manual boot concepts
Booting from primary, alternate, and arbitrary boot devices
Booting from Ignite-UX servers and recovery archives
Managing boot menu settings
Managing console settings
Interacting with the UEFI/EFI shell
Interacting with the hpux.efi OS loader

Managing System Startup

Configuring network services via /etc/rc.config.d/ files
Controlling network services via /sbin/rc*.d/ directories and scripts
Starting and stopping network services via /sbin/init.d/ scripts
Creating custom startup/shutdown scripts

Configuring IP Connectivity

Installing and verifying LAN software
Configuring link layer connectivity
Configuring IP connectivity
Configuring IP multiplexing
Configuring IP routing
Configuring the system hostname and /etc/hosts
Configuring network tunable parameters
Configuring static and default routes
Configuring the resolver
Configuring the name service switch
Troubleshooting network connectivity
Configuring network services

Configuring the HP-UX Kernel

Kernel configuration concepts
Special kernel configurations
Kernel configuration commands
Modifying the current kernel configuration
Creating a named configuration
Copying and loading a configuration
Kernel module concepts, states, and state changes
Viewing and managing module states
Kernel tunable concepts and types
Viewing, managing, and monitoring kernel tunables
Viewing, managing, and monitoring kernel resource alarms
Kernel troubleshooting
Viewing the kernel change log
Booting from an alternate kernel
Booting via override parameters
Booting to tunable maintenance mode

Managing Software with SD-UX

SD-UX software structure concepts
SD-UX software depot concepts
SD-UX IPD concepts
SD-UX daemon and agent concepts
Listing software
Installing and updating software
Removing software

Managing Patches with SD-UX

Patch concepts
Patch naming convention concepts
Patch supersession concepts
Patch rating concepts
Patch source concepts
Patch tool concepts
Downloading and installing HPSC patches
Installing patches from DVD, tape, and directory depots
Listing and removing patches

Managing Depots with SD-UX

SD-UX depot server concepts and advantages
Planning for depots
Adding software and patches to a depot
Removing software from a depot
Registering or unregistering a depot
Pulling and pushing software from a depot

Installing the OS with Ignite/UX

Install source concepts
Planning an install
Choosing an operating environment
Choosing an install-time security bundle
Locating the source media
Initiating a PA-RISC or an Integrity install
Navigating the Ignite-UX menus
Verifying an installation
Completing post-install configuration tasks

For more information about HP training programs in Ukraine visit the web site at http://www8.hp.com/ua/ru/training/index.html

Main › HP-UX Performance and Tuning (H4262S)

HP-UX Performance and Tuning (H4262S)

COURSE OVERVIEW

This course shows you how to optimize the performance of your computing environment, including multiprocessor and cell-based systems. Extensive hands-on labs allow you to gain experience using standard UNIX and HP-specific tools to monitor, analyze, and tune the performance of HP-UX systems and common network services. The 5-day course is 50 percent lecture and 50 percent hands-on.

PREREQUISITES

HP-UX System and Network Administration I (H3064S) and HP-UX System and Network Administration II (H3065S) or for Experienced UNIX System Administrators(H5875S)
Inside the HP-UX Operating System (H5081S) is advantageous

AUDIENCE

Experienced HP-UX system and network administrators

COURSE OBJECTIVES

Explore a methodology for investigating performance issues
Identify tools used to monitor HP-UX performance
Identify bottlenecks and potential problems
Determine appropriate remedial actions to take

BENEFITS TO YOU

Effectively utilize the range of performance tools that are available to you
Learn how to regularly monitor your systems and quickly recognize problems
Optimize your systems by identifying and removing performance bottlenecks
Effectively allocate resources such as CPU, memory, disk I/O bandwidth among your critical and lower priority users and applications
Deliver a guaranteed level of application performance to your end users

DETAILED COURSE OUTLINE

Introduction to Performance

What is a performance problem
The “System centric” view of performance
Measuring performance
The first rule of interpreting metrics
Types of performance
Multiprocessor scaling
Bottlenecks
Baseline
Queuing and response times
Increasing CPU counts and utilization
Types of metrics

HP Performance Tools

HP Performance tools
Sources of data
Glance
GPM – Glance Plus Motif
Adviser and Alarms
HP Performance Agent and Manager
HP Performance Manager
PRM
WLM
gWLM
Unix Performance Tools
Caliper
Prospect
tusc
lsof
sar
top

CPUs and Performance

Types of CPU bottlenecks
CPUs and performance
Data access times
Tuning for data latency
Performance and system size
mpsched
Launch policies
Processor sets
Address translation delays
Variable page size kernel parameters
The change attributes command
Hyperthreading
Shared caches
Compiler optimizations

Processes and Performance

CPU performance problems
Understanding the “standard” scheduler
Load balancing
Managing priorities
psets
Priority Inversion
Interrupt processing
Looking at CPU Utilization

CPUs Adjusting Performance

Unix commands to adjust prioritie
HP Tools and CPU Management
Process Resource Manager

VxFS I/O Performance

Layers of I/O
I/O and performance
The filesystem layer
VxFS performance topics
VxFS inodes and extents
Defragmenting OnlineJFS filesystems
Understanding your I/O workload
Mount options
Caching controls
DSYNC
Concurrent I/O
vxtunefs
Performance implications of locks
Large directories
Buffered I/O, reading ahead
Writing behind
Direct I/O
Caching

Volume Manager I/O Performance

Volume managers, introduction
Mirroring and performance
Striping
Multipathing
Load balancing policies
Looking at I/O performance in glance
Examining VxVM performance with vxstat
How PRM Manages Disk Bandwidth

Disk I/O Performance

The SCSI layer
Optimizing I/Os in the SCSI Layer
Device caching
Setting low level SCSI parameters
Immediate reporting with simple disks
I/O related wait states
Process system calls

Cell Local Memory and Performance

LORA
Uniform Memory access patterns
Non-Uniform memory access platform
Locality domains to manage ccNUMA memory
Configuring CLM
Impact of I/O locality
Applications suited to LORA
LORA with nPars
LORA with vPars
LORA with VM
SAP on LORA
Java on LORA
Oracle on LORA
Strategies for HP NUMA platforms

Memory

System memory management
When does memory affect performance
Virtual memory
Memory allocation
vhand, the page daemon
Memory Resource Groups
File/Buffer cache paging differences
Diagnosing memory problems
Tuning the swap environment
How PRM manages memory
Memory File System

Virtual Machine Performance

Monitoring VMs
hpvmsar
HP Integrity VM Manager
Glance
Measureware

Java Performance

Measureware
Java out of the box
HPjmeter
Java Management console
Recipes for diagnosing problems

Network Performance

Types of performance
Latency and response time
Bandwidth
Layers within networking

For more information about HP training programs in Ukraine visit the web site at http://www8.hp.com/ua/ru/training/index.html

Main › HP-UX System and Network Troubleshooting (H4264S)

HP-UX System and Network Troubleshooting (H4264S)

COURSE OVERVIEW

This course provides troubleshooting tools and procedures to find and fix HP-UX system problems. Concepts are refreshed before tools and techniques are examined. Critical thinking labs are provided using case studies, demonstrations, and hands-on break/fix labs. The course is 55 percent lecture and 45 percent hands-on labs using HP Integrity servers.

AUDIENCE

Experienced HP-UX system administrators

PREREQUISITES

HP-UX System and Network Administration I (H3064S) and HP-UX System and Network Administration II (H3065S) or
HP-UX System and Network Administration for Experienced UNIX® System Administrators (H5875S) or
Equivalent experience

BENEFITS TO YOU

Learn the techniques needed to troubleshoot and recover your system components
Understand fsck and the recovery options to restore lost data
Anticipate problems and minimize network downtime by using basic diagnostics tools
Ensure your network is operating properly by checking NFS and DNS functionality
Keep your system current by managing software patches

COURSE OBJECTIVES

At the conclusion of this course you should be able to:

Use the Management Processor for troubleshooting
Troubleshoot EFI problems
Recover a non-bootable HP Integrity system or partition
Troubleshoot an 11i v3 kernel, system startup, and kernel crash dump
Troubleshoot process, login, patch, and storage problems
Troubleshoot LVM, VxVM, and VxFS problems
Troubleshoot network problems

NEXT STEPS

HP-UX Logical Volume Manager (H6285S)
Inside HP-UX (H5081S)
HP-UX Performance and Tuning (H4262S)
HP-UX Partition Management (HG770S)

COURSE OUTLINE

Troubleshooting Methodology and Resources

Troubleshooting methodology and techniques
Troubleshooting resources
Common troubleshooting and monitoring tools

HP-UX Concepts Review

HP-UX structural overview
System calls and processes

Troubleshooting HP-UX Startup Files

Concepts review: system startup
System configuration files
Interrupting the rc start scripts
System startup links and sequence
Booting to single-user mode

Troubleshooting Process Problems

Concept review: What is a process?
Troubleshooting processes and memory problems
Zombie processes
Identifying CPU-intensive processes
Advanced system features, hyper-threading, NUMA, and LORA
Managing workloads and enhanced user core naming

Troubleshooting Storage

Concepts review: how I/O requests are processed
HP-UX hardware addressing
Storage device special files and slot addresses
Storage-related commands

Troubleshooting Logical Volumes

Concepts review: LVMs
Recovering lost or damaged structures
Missing device files and failed disks
VxVM structures
Restoring group configuration and recovering volumes

Troubleshooting File Systems

Concepts review: file system overview
File system corruption examples
Troubleshooting techniques
fsck, fsadm, and fsdb

Troubleshooting Login Problems

Concept review: login methods
Troubleshooting GUI login
Protecting the system with /etc/shadow
Pluggable authentication modules

Troubleshooting Software and Patch Installation

Concept review: installing software
Patch management process and HP-UX patch management
Using DRD to install software and patches
Troubleshooting patches
Working with SD-UX logfiles and common SD-UX problems

Troubleshooting Network Problems

Networking subsystem layers
Troubleshooting configuration problems and the nwmgr command
Subnetting, routing, and DNS concepts and troubleshooting
Network tracing and performance
NFS review and common problems

Troubleshooting the Kernel

Concepts review: kernel configuration
Kernel troubleshooting and recovery options
Booting from an alternate kernel
Kernel crashes and analysis
Dump units and post-reboot configuration

Troubleshooting Hardware and Firmware

Concepts review: kernel provides hardware services to applications
Troubleshooting hardware and firmware
Management Processor overview and commands

Troubleshooting HP Integrity System Boot

Concepts review: HP Integrity boot disk structure
Booting from an alternate disk from EFI
Booting a DRD clone and booting alternatives
Recovery shell, system startup, and EFI recovery options
Partitions and booting: HP Integrity nPar and vPar boot sequence

For more information about HP training programs in Ukraine visit the web site at http://www8.hp.com/ua/ru/training/index.html

Main › HP-UX Security (H3541S)

HP-UX Security (H3541S)

SPECIAL NOTES

This fast-paced hands-on course examines a variety of popular tools and techniques for hardening and securing HP-UX systems. The course is 50% lecture / 50% lab.

COURSE OVERVIEW

This course examines the most common HP-UX system security vulnerabilities, and introduces a variety of tools and techniques that can be used to prevent hackers from exploiting these vulnerabilities.

PREREQUISITES

HP-UX System and network administration I (H3064S) and HP-UX System and Network Administration II (H3065S) or
HP-UX for experienced UNIX system administrators (H5875S) or equivalent experience
Equivalent experience

AUDIENCE

Experienced system and network administrators responsible for securing and monitoring HP-UX systems

BENEFITS TO YOU

Learn how to use Role Based Access Control (RBAC), Secure Shell (SSH), Host Intrusion Detection System (HIDS), Software Assistant (SWA), IPFilter, Bastille, and other HP supported tools to harden and secure HP-UX systems
Create secure, isolated execution environments for applications with HP-UX security compartments and Secure Resource Partitions
Learn how to use Tripwire, John the Ripper, nmap, lsof, and other open source tools to further improve HP-UX system security

COURSE OUTLINE

Introduction

Why security?
HP-UX security tools
HP-UX security certifications
Course agenda

Securing user accounts: user passwords

Understanding the /etc/passwd file
Understanding the /etc/shadow file
DES-based password encryption
SHA512 password encryption
Enabling shadow passwords
Enabling SHA512 passwords
Enabling long passwords
Managing passwords
Configuring password aging
Cracking passwords with John the Ripper
Authenticating users via PAM
Configuring /etc/pam.conf

Securing user accounts: special cases

Protecting user accounts: guidelines
Protecting the root account: guidelines
Limiting root and operator access via /etc/security
Limiting root and operator access via sudo
Limiting root and operator access via the restricted SAM builder
Limiting root and operator access via the SMH
Configuring accounts for guest users
Configuring accounts for single application users
Configuring accounts for teams and groups
Preventing dormant accounts

Securing user accounts: Standard Mode Security Extensions (SMSE)

Configuring SMSE user security
Understanding Standard Mode Security Enhancements Benefits
Understanding SMSE attributes and repositories
Configuring /etc/security.dsc
Configuring /etc/default/security
Configuring /etc/passwd and /etc/shadow
Configuring /var/adm/userdb/ via userdbset, userdbget, and userdbck
Enforcing SMSE security policies

Securing user accounts: Role Based Access Control (RBAC)

RBAC features and benefits
Installing RBAC
Configuring & assigning RBAC roles
Configuring & assigning RBAC authorizations
Configuring RBAC commands & privileges
Verifying the RBAC database
Configuring RBAC logging & auditing
Running commands with privrun
Editing files with privedit
Enabling RBAC keystroke logging

Protecting data via file permissions and JFS Access Control Lists (ACLs)

Understanding how hackers exploit improper file and directory permissions
Viewing and changing file permissions
Searching for files with improper permissions
Configuring and using the SUID bit
Configuring and using the SGID bit
Configuring and using the sticky bit
Configuring and using JFS ACLs

Protecting data via swverify, md5sum, and Tripwire

File integrity checking overview
Verifying executable integrity with swverify
Verifying file integrity with md5sum
Verifying file integrity with Tripwire
Installing Tripwire
Creating Tripwire keys
Creating the Tripwire configuration file
Creating the Tripwire policy file
Creating the Tripwire database
Performing a Tripwire integrity check
Updating the Tripwire database
Updating the Tripwire policy file

Protecting data via Encrypted Volumes and File Systems (EVFS)

EVFS, EVS, and EFS features and benefits
EVFS architecture
EVFS volumes
EVFS volume encryption keys, user keys, and recovery keys
- Step 1: Installing and configuring EVS software
- Step 2: Creating user keys
- Step 3: Creating recovery keys
- Step 4: Creating an LVM or VxVM volume
- Step 5: Creating EVS device files
- Step 6: Creating and populating the volume’s EMD
- Step 7: Enabling the EVS volume
- Step 8: Creating and mounting a file system
- Step 9: Enabling autostart
- Step 10: Migrating data to the EVS volume
- Step 11: Backing up the EVS configuration
Managing EVS volume users
Managing the EVS key database
Extending an EVS volume
Reducing an EVS volume
Removing EVS volumes
Backing up EVS volumes
EVS limitations
EVS and TPM/TCS integration overview

Securing network services: inetd & tcpwrapper

inetd service overview
inetd configuration file overview
Securing inetd
Securing the inetd internal services
Securing the RPC services
Securing the Berkeley services
Securing FTP
Securing FTP service classes
Securing anonymous FTP
Securing guest FTP
Securing other ftpaccess security features
Securing other inetd services
Securing other non-inetd services
Securing inetd via TCPwrapper

Securing network services: SSH

Legacy Network Service Vulnerabilities: DNS
Legacy Network Service Vulnerabilities: Sniffers
Legacy Network Service Vulnerabilities: IP spoofing
Solution: Securing the Network Infrastructure
Solution: Using Symmetric Key Encryption
Solution: Using Public Key Encryption
Solution: Using Public Key Authentication
HP-UX Encryption & Authentication Product overview
Configuring SSH encryption & server authentication
Configuring SSH client/user authentication
Configuring SSH single sign-on
Managing SSH keys
Using the UNIX SSH Clients
Using PuTTY SSH Clients

Securing network services: IPFilter & nmap

Firewall overview
Packet filtering firewalls
Network Address Translation firewalls
Host versus perimeter firewalls
Installing IPFilter
Managing IPFilter rulesets
Configuring a default deny policy
Preventing IP and loopback spoofing
Controlling ICMP service access
Controlling access to UDP services
Controlling access to TCP services
Controlling access via active and passive FTP
Testing IPFilter rulesets with ipftest
Testing IPFilter rulesets with nmap
Monitoring IPFilter & Nessus

Hardening HP-UX with Bastille

Bastille overview
Installing Bastille
Generating a Bastille assessment
Creating a Bastille configuration file
Applying a Bastille configuration file
Applying a pre-configured Bastille configuration file
Applying a pre-configured Bastille configuration via Ignite-UX
Reviewing the Bastille logs
Monitoring changes with bastille_drift
Reverting to the pre-Bastille configuration
Integrating Bastille and HP SIM

Monitoring activity via system log files

Monitoring log files
Monitoring logins via last, lastb, and who
Monitoring processes via ps, top, and whodo
Monitoring file access via ll, fuser, and lsof
Monitoring network connections via netstat, idlookup, and lsof
Monitoring inetd connections
Monitoring system activity via syslogd
Configuring /etc/syslog.conf
Hiding connections, processes, and arguments
Doctoring log files and time stamps

Monitoring activity via SMSE auditing

Auditing overview
Trusted system versus SMSE auditing
Enabling and disabling auditing
Verifying auditing
& system calls to audit
Selecting users to audit
Selecting system calls, aliases, and events to audit
Creating and applying an audit profile
Viewing and filtering audit trails via auditdp
Switching audit trails
Understanding audomon AFS & FSS switches
Understanding audomon audit trail names
Configuring audomon parameters
Configuring audomon custom scripts

Monitoring suspicious activity via HP’s Host Intrusion Detection System (HIDS)

HIDS overview
HIDS architecture
Installing HP’s HIDS product
Configuring HIDS detection templates and properties
Configuring HIDS surveillance groups
Configuring HIDS surveillance schedules
Configuring HIDS response scripts
Assigning surveillance schedules to clients
Monitoring HIDS alerts and errors

Managing security patches with Software Assistant (SWA)

Security patch overview
SWA overview
Reading US-CERT advisory bulletins
Reading HP-UX security bulletins
Installing swa
Generating swa reports
Viewing swa reports
Retrieving swa recommended patches
Installing swa patches
Installing other products recommended by swa
Applying other manual changes
Regenerating swa reports
Purging swa caches
Viewing swa logs
Customizing swa defaults
Integrating SWA and HP SIM
Preventing unauthorized swa and swlist access
Preventing buffer overflow attacks
Setting the executable_stack kernel parameter
Setting the chatr +es executable stack option

Hardening HP-UX with Bastille

Bastille overview
Installing Bastille
Generating a Bastille assessment
Creating a Bastille configuration file
Applying a Bastille configuration file
Applying a pre-configured Bastille configuration file
Applying a pre-configured Bastille configuration via Ignite-UX
Reviewing the Bastille logs
Monitoring changes with bastille_drift
Reverting to the pre-Bastille configuration

Isolating applications via security compartments

Security compartment concepts
& Using FGP TRIALMODE
Compartment rule concepts
INIT compartment concepts
Installing compartment software
Enabling compartment functionality
Creating and modifying compartments
Viewing compartments
Adding network interface rules
Adding file permission rules
Adding a compartment-specific directory
Viewing compartments
Configuring compartment administrators
Configuring compartment users
Executing commands in compartments
Removing compartments
Disabling compartment functionality

Isolating Applications via Secure Resource Partitions

SRP concepts
SRP example
SRP subsystems
SRP templates
SRP services
Installing SRP
Enabling and configuring SRP
Verifying the SRP configuration
Creating an SRP interactively
Creating an SRP non-interactively
Adding the init, prm, network, ipfilter, login, and ipsec services to an SRP
Adding the ssh, apache, tomcat, and oracle templates to an SRP
Adding the custom template to an SRP
Deploying an application in an SRP
Updating an SRP
Viewing the SRP configuration & status
Starting & stopping an SRP
Accessing an SRP
Removing an SRP

Appendix: Improving user and password security with trusted systems

Trusted system overview
Configuring password format policies
Configuring password aging policies
Configuring user account policies
Configuring terminal security policies
Configuring access control policies
Configuring password aging policies
Understanding the /tcb directory structure

Appendix: Implementing chroot()

Limiting file access via chroot()
Configuring chroot()ed applications

Appendix: Implementing Fine Grained Privileges (FGP)

Limiting privileges via FGP
Installing FGP Software
Installing FGP Software
Recognized Privileges
Permitted, Effective, and Retained Privilege Sets
Configuring FGP Privileges via setfilexsec
Configuring FGP Privileges via RBAC
Configuring & Using FGP TRIALMODE

Appendix: Configuring Process Resource Manager (PRM)

Allocating resources without PRM
Allocating resources with PRM
PRM advantages
PRM managers
PRM groups
PRM Fair Share Scheduler concepts & configuration
PRM PSET concepts & configuration
PRM memory manager concepts & configuration
Reviewing available resources
Analyzing application requirements
Enabling PRM
Creating and updating the PRM configuration file
Monitoring resource usage

For more information about HP training programs in Ukraine visit the web site at http://www8.hp.com/ua/ru/training/index.html

Main › HP-UX 11i v3 for Experienced HP-UX System Administrators (HK711S)

HP-UX 11i v3 for Experienced HP-UX System Administrators (HK711S)

SPECIAL NOTES

This course replaces HE776S, which HP no longer schedules.

COURSE OVERVIEW

This course provides experienced HP-UX 11i System Administrators the opportunity to learn about and develop hands-on experience with many of the new, updated, and enhanced features of HP-UX 11i v3. Course topics of discussion include security, networking, and administration features, with hands-on lab exercises focusing on HP-UX 11i v3 administration features. The 3-day course is 50% lecture and 50% hands-on labs using HP servers.

PREREQUISITES

HP-UX System and Network Administration I (H3064S) and HP-UX System and Network Administration II (H3065S) or
HP-UX System and Network Administration for Experienced UNIX System Administrators (H5875S) or
Experience administering HP-UX 11i servers

NOTE: If you have attended HE775 – HP-UX 11i v3 Features and Functions, please be aware that HE775 is a subset of HK711.

AUDIENCE

System administrators familiar with HP-UX 11i v2

COURSE OBJECTIVES

At the conclusion of this course you should be able to:

Manage mass storage using HP-UX 11i v3 agile addressing
Implement new LVM features, including volume group quiescence, volume group attribute modification, striped logical volume mirrors, creation of LVM version 2.0 volume groups, and upgrades of LVM v1.0 volume groups
Use Dynamic Root Disk to protect the root volume group
Configure new crash dump features
Perform a cold installation of HP-UX 11i v3
Upgrade HP-UX 11i v2 to 11iv3
Upgrade an earlier HP-UX 11iv3 version to a later 11iv3 media kit using Dynamic Root Disk
Configure and monitor standard mode security extensions for user login and password control without converting to trusted mode
Use new network configuration and monitoring tools
Manage HP-UX 11i systems with System Management Homepage and new command line interfaces

NEXT STEPS

HP Integrity Server Blades Administration (HC590S)

BENEFITS TO YOU

Identify HP-UX 11i v3 features desired to enhance your HP-UX IT environment with the latest security, networking, and administration features
Develop the knowledge and skills to implement the new HP-UX 11i v3 features you select for your data center to enhance server management, software security, and networking capabilities

COURSE OUTLINE

Introduction to HP-UX 11i v3

Identify PA-RISC and Integrity server platforms that support HP-UX 11i v3
Locate online documentation for HP-UX 11i v3, including release notes, administration guides, and white papers

HP-UX 11i v3 Hardware Addressing

List the advantages of agile addressing
Display storage devices using legacy addressing
Display storage devices using agile addressing
Toggle storage device addresses between agile and legacy addressing
Use available CLUI, TUI, and GUI administration tools to manage addressable devices

HP-UX 11i v3 Dynamic Root Disk

Minimize downtime with Dynamic Root Disk
Creating and updating a clone
Mange inactive images

HP-UX 11i v3 Installation and Update

Perform a cold install of HP-UX 11i v3
Update an existing HP-UX 11i v2 system to HP-UX 11i v3
Update an earlier version of 11iv3 to a later version of 11iv3 via DRD

HP-UX 11i v3 Mass Storage

Identify LVM enhancements
Identify VxVM enhancements
Use SMH tools to manage disks

HP-UX 11i v3 File Systems

Identify file system enhancements (UFC, CacheFS, VxFS, NFS, CIFS, MemFS, ISO Image Files)

HP-UX 11i v3 User and Group Enhancements

Configure and manage users and groups using new configuration and login security features
Use available CLUI, TUI, and GUI administration tools to manage users and groups

HP-UX 11i v3 Kernel Tuning

Define types, display and modify types of dynamically tunable kernel parameters
Define and modify states of dynamically loadable kernel modules
Create, display, export, import, load, and boot named kernel configurations
Use available CLUI, TUI, and GUI administration tools to manage HP-UX 11i v3 kernel tuning

HP-UX 11i v3 Networking and Security Features

Identify major new, updated, or enhanced security features
Identify major new, updated, or enhanced networking features
Use available CLUI, TUI, and GUI administration tools for managing security and network features

HP-UX 11i v3 Fault Management

Use fault management features to display and analyze system health
Enable/disable PCI error handling
Perform PCI/PCI-X online addition, replacement, and deletion
Use Dynamic nPartitions to online migrate a cell
Configure selective, compressed and concurrent (parallel) dumps
Configure core dump parameters for applications
Create a live kernel dump

For more information about HP training programs in Ukraine visit the web site at http://www8.hp.com/ua/ru/training/index.html

Main › HP-UX System and Network Administration II (H3065S)

HP-UX System and Network Administration II (H3065S)

COURSE OVERVIEW

This course is the second of two courses that prepare system administrators to successfully administer HP-UX servers in a networked environment. The 5-day course is 50 percent lecture and 50 percent hands-on labs using HP servers.

PREREQUISITES

HP-UX System and network administration I (H3064S) or equivalent experience

AUDIENCE

System and network administrators who maintain and configure system resources, control access to resources, and establish procedures

COURSE OBJECTIVES

At the conclusion of this course you should be able to:

Configure HP-UX TCP/IP connectivity
Configure HP-UX static and default routes
Configure custom HP-UX startup and shutdown scripts
Configure NFS and AutoFS servers and clients
Configure DNS servers and resolver clients
Configure telnet, ftp, remsh, rlogin, bootp, tftp, and other inetd services
Configure NTP, SSH, and LDAP servers and clients
Configure an SD-UX depot server

NEXT STEPS

HP-UX Logical Volume Manager (H6285S)

BENEFITS TO YOU

Learn how to optimize your system and network so users experience smooth functioning IT operations
Prepare to take the HP-UX Certified System Administrator exam

COURSE OUTLINE

LAN Concepts

Media Access Control (MAC) addresses
IP addresses and network classes
Host names
Converting IP addresses to MAC addresses
Populating the Address Resolution Protocol (ARP) cache
Managing packet flow with Transmission Control Protocol (TCP) and User Datagram Protocol (UDP)
Sending data to applications via ports
Managing ports with sockets

LAN Hardware Concepts

LAN hardware components, topologies, and access methods
Single- and multi-port network interface cards
Repeaters and hubs
Bridges and switches
Routers, gateways, and firewalls

Configuring LAN Connectivity

Installing and verifying LAN software
Installing and verifying LAN interface cards
Configuring link layer and IP connectivity
Configuring IP multiplexing
Configuring the system hostname and /etc/hosts
Configuring network tunable parameters

Configuring IP Routing

Routing concepts and tables
Viewing routing tables
Configuring static and default routes
Configuring the /etc/rc.config.d/netconf file

Configuring Subnetting

IP addresses and netmasks in a subnetted network
Host IP addresses on a subnet
Routers in a subnetted network

Troubleshooting Network Connectivity

Network troubleshooting tools overview
Troubleshooting network connectivity via nwmgr, lanscan, linkloop, and lanadmin
Troubleshooting network connectivity via arp, ping, netstat, and nsquery

Starting Network Services

Configuring network services via /etc/rc.config.d/ files
Controlling network services via /sbin/rc*.d/ directories and scripts
Starting and stopping network services via /sbin/init.d/ scripts
Creating custom startup/shutdown scripts

Configuring Network File Systems (NFS)

NFS concepts and versions
NFS servers and clients
NFS RPCs, program numbers, and rpcbind
NFS stateless operation and security concepts
NFS authentication and encryption concepts
Planning an NFS configuration
Selecting an NFS protocol
Maintaining UID, GID, and time consistency
Configuring and starting NFS server daemons
Temporarily and permanently sharing file systems
Verifying NFS server configuration
Configuring and starting NFS client daemons
Temporarily and permanently mounting NFS file systems
Verifying NFS client configuration
Troubleshooting NFS
NFS vs CIFS features and benefits

Configuring AutoFS

AutoFS concepts and maps
AutoFS commands and daemons
Configuring the AutoFS master and hosts maps
Configuring the AutoFS direct and indirect maps
Mounting home directories with AutoFS
Configuring AutoFS to access replicated servers
Troubleshooting AutoFS

Configuring Domain Name Service (DNS)

DNS concepts and hierarchical name space
DNS name servers and name server zones
Configuring DNS master, slave, and cache-only servers
Testing name servers with dig
Configuring DNS clients and the /etc/nsswitch.conf file
Testing resolver clients with nsquery
/etc/named.data and /etc/named.conf
Updating DNS master and slave servers

Configuring inetd Services

inetd service overview
Configuring /etc/rc.config.d/netdaemons
Configuring /etc/inetd.conf and /etc/services
Configuring /var/adm/inetd.sec
Configuring /etc/hosts.equiv and ~/.rhosts
FTP configuration issues

Configuring Secure Shell (SSH)

Network service vulnerabilities
SSH encryption, server, and client/user authentication and configuration
SSH single sign-on
Configuring SSH single sign-on
Using UNIX and PuTTY SSH clients

Configuring Network Time Protocol (NTP)

Introduction to NTP
NTP time sources, stratum levels, and roles
How NTP adjusts the system clock
Configuring NTP servers and clients and verifying NTP functionality

Managing Depots with SD-UX

SD-UX depot server concepts and advantages
Planning for depots
Adding software and patches to a depot
Removing software from a depot
Registering or unregistering a depot
Pulling and pushing software from a depot

Configuring LDAP-UX

LDAP concepts
Schema, object classes, attributes, and directory entries
Directory Information Trees (DITs), DNs, RDNs, and LDIF files
Servers, replicas, and LDAP clients
Referrals and security
LDAP software solutions for HP-UX
Installing and verifying an HP directory server
Installing and using a basic LDAP-UX client
Configuring /etc/nsswitch.conf and /etc/pam.conf
Managing passwords and directory entries

For more information about HP training programs in Ukraine visit the web site at http://www8.hp.com/ua/ru/training/index.html

Main › HP-UX System and Network Administration I (H3064S)

HP-UX System and Network Administration I (H3064S)

COURSE OVERVIEW

This hands-on course is the first of two courses that prepare system administrators to successfully configure, manage, maintain, and administer HP-UX servers in a networked environment. This course focuses on configuring disks, file systems, peripherals, and user accounts, as well as managing and configuring core OS, patches, and application software. Successful completion of HP-UX System and Network Administration I and II will help prepare students for the HP-UX CSA technical certification exam. The 5-day course is 50 percent lecture and 50 percent hands-on labs using HP servers.

PREREQUISITES

UNIX Fundamentals (51434S) or equivalent experience

AUDIENCE

HP-UX 11i system administrators and others who install, configure, and maintain HP-UX servers

COURSE OBJECTIVES

At the conclusion of this course you will be able to:

Install and manage HP-UX software and patches
Configure and manage peripheral devices and device files
Configure and manage disks using HP Logical Volume Manager (LVM)
Configure and manage file systems using HP Journal File System (JFS)
Configure HP-UX kernel drivers, subsystems, and tunable parameters
Minimize planned and unplanned downtime with DRD
Shutdown, boot, reboot Integrity HP-UX servers

NEXT STEPS

HP-UX System and Network Administration II (H3065S)

BENEFITS TO YOU

Gain the skills required to effectively install, configure, and manage HP-UX systems so users experience smooth running IT operations

COURSE OUTLINE

Navigating the System Management Homepage (SMH)

SAM and SMH overview
Launching the SMH GUI and TUI
Verifying SMH certificates
Logging into the SMH
Navigating the SMH interface
Launching SMH tools
Launching SMH tasks
Viewing SMH logs
Managing SMH access control
Managing SMH authentication
SMH and SIM integration concepts

Managing Users and Groups

User and group concepts
/etc/passwd, /etc/shadow, and /etc/group concepts
Creating, modifying, deactivating, and removing user accounts
Configuring password aging and password security policies
Managing groups
Managing /etc/skel

Navigating the HP-UX File System

Static and dynamic files and directory concepts
OS and application directory concepts
Top level directory concepts and contents
Searching for files and executables using the find, whereis, which, and file commands

Configuring Hardware

Hardware component overview
CPU, cell, crossbar, and Blade overview
SBA, LBA, and I/O overview
iLO/MP, core I/O, and interface adapter card overview
Internal disks, tapes, and DVD overview
Disk array, LUN, SAN, and multipathing overview
Partitioning overview
nPar, vPar, VM, and secure resource partition overview
System type overview
Entry-class rackmount server overview
Mid-range rackmount server overview
High-end server overview
HP BladeSystem overview
HP BladeSystem c-class enclosure overview
HP Integrity blade server overview
HP Integrity Superdome 2 overview
Viewing system hardware configuration
Viewing nPar, vPar, and VM hardware
Hardware address concepts
Legacy HBA, SCSI, and FC hardware address concepts
Agile View HBA, SCSI, and FC hardware address concepts
Viewing legacy hardware addresses
Viewing LUNs via Agile View
Viewing a LUN’s lunpaths via Agile View
Viewing an HBA’s lunpaths via Agile View
Viewing LUN health via Agile View
Viewing LUN attributes via Agile View
Enabling and disabling lunpaths
Slot address concepts
Slot address components
Viewing slot addresses
Installing interface cards with and without OL*
Installing new devices

Configuring Device Special Files

DSF attribute concepts
DSF directories
Legacy DSF names
Persistent DSF names
LUN, disk, and DVD DSF names
Boot disk DSFs
Tape drive DSFs
Tape autochanger DSFs
Terminal, modem, and printer DSFs
Listing legacy DSFs
Listing persistent DSFs
Correlating persistent and legacy DSFs
Correlating persistent DSFs with lunpaths and WWIDs
Decoding legacy and persistent DSF attributes
Creating DSFs via insf, mksf, and mknod
Removing DSFs via rmsf
Disabling and enabling legacy mode DSFs

Managing Disk Devices

Disk partitioning concepts
Whole disk partitioning concepts
LVM disk partitioning concepts
LVM physical volume concepts
LVM volume group concepts
LVM logical volume concepts
LVM extent concepts
LVM extent size concepts
LVM versions and limits
LVM DSF directories
LVMv1 device files
LVMv2 device files
Creating physical volumes
Creating LVMv1 volume groups
Creating LVMv2 volume groups
Creating logical volumes
Verifying the LVM configuration
Comparing disk space management tools

Managing File Systems

File system concepts
File system types
Superblock, inode, directory, block, extent, and intent log concepts
Hard and symbolic link concepts
HFS and VxFS comparison
Creating file systems
Mounting file systems
Unmounting file systems
Automatically mounting file systems
Mounting CDFS file systems
Mounting LOFS file systems
Mounting ISO file systems
Mounting MemFS file systems

Managing Swap Space

HP-UX memory concepts
HP-UX swap concepts
HP-UX swap types
HP-UX pseudoswap
Enabling swap via the CLI
Enabling swap via /etc/fstab
Monitoring swap space
Disabling swap
Guidelines for configuring swap space

Maintaining Logical Volumes and File Systems

Defragmenting file systems
Repairing corrupted file systems
Monitoring free space
Reclaiming wasted file system space
Extending, reducing, and removing volume groups
Extending, reducing, and removing logical volumes
Extending and reducing file systems

Preparing for Disasters

Disaster recovery, mirroring, and DRD concepts
Using DRD to minimize planned downtime
Using DRD to minimize unplanned downtime
Installing DRD
Using the drd command
Creating a DRD clone
Synchronizing a DRD clone
Verifying a DRD clone’s status
Accessing inactive images via DRD-safe commands
Managing software via DRD-safe commands
Managing kernel tunables via DRD-safe commands
Accessing inactive images via other commands
Activating and deactivating an inactive image
Customizing the make_*_recovery archive contents
Backing up the boot disk via make_tape_recovery
Backing up the boot disk via make_net_recovery
Using a make_*_recovery archive
Interacting with the recovery process

Accessing the System Console and the iLO/MP

Management processor concepts
Viewing MP/console ports
Connecting MP serial and LAN ports
Accessing the MP
Navigating the MP menu and web interfaces
Accessing nPar, vPar, and VM consoles
Accessing the VFP, console log, and system event log
Accessing the MP help menus
Accessing the MP command menu
Configuring the MP LAN interface
Enabling MP remote access
Managing MP user accounts and access levels
Managing MP login sessions
Rebooting via the MP

Booting PA-RISC Systems

HP-UX shutdown and reboot concepts
PA-RISC boot process major players
PA-RISC boot disk structures
PA-RISC boot process overview
Autoboot and manual boot concepts
Interacting with the BCH and ISL/IPL

Booting Integrity Systems

HP-UX shutdown and reboot concepts
Integrity boot process major players
Integrity boot disk structures
Integrity boot disk system, OS, and HPSP structures
Integrity and PA-RISC boot process comparison
UEFI/EFI addressing concepts
Autoboot and manual boot concepts
Booting from primary, alternate, and arbitrary boot devices
Booting from Ignite-UX servers and recovery archives
Managing boot menu settings
Managing console settings
Interacting with the UEFI/EFI shell
Interacting with the hpux.efi OS loader

Configuring the HP-UX Kernel

Kernel configuration concepts
Special kernel configurations
Kernel configuration commands
Modifying the current kernel configuration
Creating a named configuration
Copying a configuration
Loading a configuration
Kernel module concepts, states, and state changes
Viewing and managing module states
Kernel tunable concepts and types
Viewing, managing, and monitoring kernel tunables
Viewing, managing, and monitoring kernel resource alarms
Kernel troubleshooting
Viewing the kernel change log
Booting from an alternate kernel
Booting via override parameters
Booting to tunable maintenance mode

Managing Software with SD-UX

SD-UX software structure concepts
SD-UX software depot concepts
SD-UX IPD concepts
SD-UX daemon and agent concepts
Listing software
Installing and updating software
Removing software

Managing Patches with SD-UX

Patch concepts
Patch naming convention concepts
Patch supersession concepts
Patch rating concepts
Patch source concepts
Patch tool concepts
Downloading and installing patches from the HPSC
Installing patches from DVD, tape, and directory depots
Listing patches
Removing patches

Installing the OS with Ignite-UX

Install source concepts
Planning an install
Choosing an operating environment
Choosing an install-time security bundle
Locating the source media
Initiating a PA-RISC install
Initiating an Integrity install
Navigating the Ignite-UX menus
Verifying an installation
Completing post-install configuration tasks

Self-Study Appendices

Managing printers
Connecting to a network
Navigating the System Administration Manager (SAM)
Configuring the HP-UX 11i v1 kernel

For more information about HP training programs in Ukraine visit the web site at http://www8.hp.com/ua/ru/training/index.html

Main › Enterprise Linux Network Security (U5086S)

Enterprise Linux Network Security (U5086S)

COURSE OVERVIEW

This 5-day course provides focuses on Linux network security and protocols used in Linux, UNIX, and Windows 2000 are examined. After a detailed discussion of the TCP/IP suite component protocols and Ethernet operation, the student practices using various tools to capture, analyze, and generate IP traffic. Students then explore the tools and techniques used to exploit protocol weaknesses and perform more advanced network attacks. After building a thorough understanding of network based attacks, course focus shifts to the defensive solutions available.

AUDIENCE

Linux system administrators wanting to increase their knowledge and skills in Linux network security.

PREREQUISITES

Linux system administration I (H7091S) and Linux system administration II (H7092S); or Accelerated Linux administration for experienced HP-UX or Sun Solaris administrators (U2794S)

BENEFITS TO YOU

Learn and experience the TCP/IP suite component protocols and ethernet operation using various tools to сapture, analyze, and generate IP traffic
Explore the tools and techniques used to exploit protocol weaknesses and perform more advanced network attacks
Install, configure, and test the most popular and powerful NIDS (Network Intrusion Detection Systems) solutions
Efficiently use networking services and security options Create a Linux based router/firewall solution, including advanced functionality such as NAT (Network Address Translation), policy routing, and traffic shaping

DETAILED COURSE OUTLINE

Ethernet and IP operation

Ethernet security issues
Detecting promiscuous NICs
Tcpdump
Ethereal
IP fragmentation
Important ICMP messages
ICMP security issues
LAB: Basic traffic generation, capture, and analysis

IP and ARP vulnerability analysis

IP security issues
Routing protocol security
Protecting against IP abuse
ARP security issues
ARP cache poisoning defense
LAB: Advanced traffic generation, capture, and analysis

UDP/TCP protocol and TELNET vulnerability

UDP segment format
TCP segment format
TCP connection termination
TCP SYN attack
TCP sequence guessing
TCP connection hijacking
Telnet security concerns
LAB: Attacks on TCP

FTP and HTTP vulnerability analysis

FTP concepts
Security concerns
The bounce attack
Minimizing risk
FTP port stealing
HTTP concepts
Security concerns
Header spoofing
LAB: Attacks on FTP and HTTP

DNS protocol vulnerability analysis

DNS concepts
DNS spoofing
DNS cache poisoning
DNS security improvements
LAB: Attacks on DNS

SSH and HTTPS protocol vulnerability analysis

SSH concepts
SSH vulnerabilities
HTTPS protocol analysis
SSL enabled protocols
The SSL handshake
SSL vulnerabilities
Intercepted key exchange
LAB: SSH and HTTPS

Remote operating system detection

OS detection
Commands
TCP/IP stack fingerprinting
Remote fingerprinting applications
Nmap
LAB: Using nmap

Attacks and basic attach detection

Sources of attacks
Denial-of-service attacks
Methods of intrusion
Password cracking
Intrusion detection
Attack detection tools
Klaxon
PortSentry
LAB: Basic scan detection

Intrusion Detection Technologies (IDS)

Intrusion Detection Systems (IDS)
Host-based IDS
Network-based IDS
Network-node IDS
File integrity checkers
Snort architecture
Snort detection rules
Snort logs and alerts
LAB: Exploring snort

Advanced snort configuration

Advanced snort features
Snort add-ons
ACID web console
The ACID interface
Snortcenter management
LAB: snort tools

Snort rules

Snort rules format
Snort rules options
Writing snort rules
LAB: Custom snort rules

Linux and static routing

Linux as a router
Linux router minimum requirements
Router Specific settings
LAB: Static routing

Linux firewalls

Application firewalls: TCP wrappers
Application firewalls: squid
Packet filters: ipchains
Stateful packet filters: iptables
Recommended firewall rules
Using iptables
Advanced iptables actions
LAB: iptables

Network and port address translation

Network Address Translation (NAT)
Port Address Translation (PAT)
Configuring NAT and PAT
NAT limitations
Security using NAT and PAT
Detecting NAT
LAB: Network address translation

IP policy routing

Advanced routing
Replacing ifconfig with ip
Replacing route with arp
Policy routing
Linux policy routing
LAB: Policy routing

For more information about HP training programs in Ukraine visit the web site at http://www8.hp.com/ua/ru/training/index.html