rhca认证详细介绍

https://www.redhat.com/certification/rhca/

RHS333 Red Hat Enterprise Security: Network Services
RHS333 goes beyond the essential security coverage offered in the RHCE curriculum and delves deeper into the security features, capabilities, and risks associated with the most commonly deployed services. Among the topics covered in this four-day, hands-on course are the following:
1. The Threat Model and Protection Methods
o Internet threat model and the attacker's plan
o System security and service availability
o An overview of protection mechanisms
2. Basic Service Security
o SELinux
o Host-based access control
o Firewalls using Netfilter and iptables
o TCP wrappers
o xinetd and service limits
3. Cryptography
o Overview of cryptographic techniques
o Management of SSL certificates
o Using GnuPG
4. Logging and NTP
o Time synchronization with NTP
o Logging: syslog and its weaknesses
o Protecting log servers
5. BIND and DNS Security
o BIND vulnerabilities
o DNS Security: attacks on DNS
o Access control lists
o Transaction signatures
o Restricting zone transfers and recursive queries
o DNS Topologies
o Bogus servers and blackholes
o Views
o Monitoring and logging
o Dynamic DNS security
6. Network Authentication: RPC, NIS, and Kerberos
o Vulnerabilities
o Network-managed users and account management
o RPC and NIS security issues
o Improving NIS security
o Using Kerberos authentication
o Debugging Kerberized Services
o Kerberos Cross-Realm Trust
o Kerberos Encryption
7. Network File System
o Overview of NFS versions 2, 3, and 4
o Security in NFS versions 2 and 3
o Improvements in security in NFS4
o Troubleshooting NFS4
o Client-side mount options
8. OpenSSH
o Vulnerabilities
o Server configuration and the SSH protocols
o Authentication and access control
o Client-side security
o Protecting private keys
o Port-forwarding and X11-forwarding issues
9. Electronic Mail with Sendmail
o Vulnerabilities
o Server topologies
o Email encryption
o Access control and STARTTLS
o Anti-spam mechanisms
10. Postfix
o Vulnerabilities
o Security and Postfix design
o Configuring SASL/TLS
11. FTP
o Vulnerabilities
o The FTP protocol and FTP servers
o Logging
o Anonymous FTP
o Access control
12. Apache security
o Vulnerabilities
o Access control
o Authentication: files, passwords, Kerberos
o Security implications of common configuration options
o CGI security
o Server side includes
o suEXEC
13. Intrusion Detection and Recovery
o Intrusion risks
o Security policy
o Detecting possible intrusions
o Monitoring network traffic and open ports
o Detecting modified files
o Investigating and verifying detected intrusions
o Recovering from, reporting, and documenting intrusions

RH423 Red Hat Enterprise Directory Services and Authentication
Course Outline
1. Introduction to Directory Services
o What is a directory?
o LDAP: models, schema, and attributes
o Object classes
o LDIF
2. The LDAP Naming Model
o Directory information trees and Distingued Names
o X.500 and "Internet" naming suffixes
o Planning the directory hierarchy
3. Red Hat Directory Server: Basic Configuration
o Installation and setup of Red Hat Directory Server
o Using the Red Hat Console
o Using logging to monitor Red Hat Directory Server activity
o Backing up and restoring the directory
o Basic performance tuning with indexes
4. Red Hat Directory Server: Authentication and Security
o Configuring TLS security
o Using access control instructions (ACI's)
o ACI's and the Red Hat Console
5. Searching and Modifying the LDAP Directory
o Using command line utilities to search the directory
o Search filter syntax
o Updating the directory
o Using graphical LDAP client utilities
6. Linux User Authentication with NSS and PAM
o Understanding authentication and authorization
o Name service switch (NSS)
o Advanced pluggable authentication modules (PAM) configuration
7. Centralized User Authentication with LDAP
o Central account management with LDAP
o Using migration scripts to migrate existing data into an LDAP server
o LDAP user authentication
8. Kerberos and LDAP
o Introduction to Kerberos
o Configuring the Kerberos key distribution center (KDC) and clients
o Configuring LDAP to support Kerberos
o Access control with Simple Authentication and Security Layer (SASL)
9. Directory Referrals and Replication
o Referrals and replication
o Single master configuration
o Multiple master configuration
o Planning for directory server availability
10. Authenticating Windows Clients
o Windows networking overview
o Configuring a Samba primary domain controller (PDC) using LDAP
11. Windows Domain Authentication and Linux Clients
o Active Directory servers
o Linux as a client
o Active Directory and NSS
o OpenLDAP
o Winbind
RH401 Red Hat Enterprise Deployment, Virtualization, and Systems Management
Course Outline
1. Enterprise System Management Concepts
o System management tasks
o Standardization, centralization, and scalability
o Provisioning and automation
o Red Hat tools for system management
2. Provisioning using DHCP and PXE
o Bare metal provisioning
o Provisioning technologies: DHCP, TFTP, and PXE
o Network installations
o DHCP server configuration
3. Installing a Red Hat Network Satellite Server
o Features and advantages of the RHN Satellite Server
o Types of RHN Satellite Servers
o RHN Satellite Server hardware requirements
o Understanding software channels
o Installing an RHN Satellite Server
o Populating an RHN Satellite Server with software channel content
o Troubleshooting an RHN Satellite Server installation
4. Building RPMs
o Building open source software
o Using RPM macros
o Writing custom spec files
o Using rpmbuild to create and sign RPMs
o Guidelines for custom RPMs
5. Using CVS to Manage Configuration Files
o Basics of CVS for system administrators
o Creating local and remote repository access
o Structuring a CVS project
o Using CVS to track, log, and reverse configuration changes
6. Managing the Red Hat Network Satellite Server
o Configuring clients to use a RHN Satellite Server
o Using activation keys to script installations
o Creating and managing custom software channels
7. Red Hat Network Management and Provisioning
o Types of RHN service
o Elements of a deployment system
o Using custom software channels in a deployment system
o Using configuration channels to maintain system configuration
o Automating installations through kickstart
8. Red Hat Network Proxy Server
o Hosted RHN versus Proxy Server
o Proxy Server software and hardware requirements
o Installing RHN Proxy Server
o Configuring clients to use a RHN Proxy Server
9. Saving Kernel Crash Dumps
o Saving crash signatures over the network
o Saving crash dumps over the network
o Configuring netdump servers
o Configuring netdump clients
o Saving crash dumps locally using kexec and kdump
10. Red Hat Virtualization Overview
o Virtualization concepts and terminology
o Hardware considerations
11. Virtual Machine Management
o Identifying virtual machines
o Virtualization management tools: xm, xentop, virsh
o Creating and monitoring virtual machines
o Resource management
o Accessing consoles
12. Installing and Configuring Virtual Machines
o Installing virtual machines
o Configuring virtual machine resources (CPU, memory, storage, network devices)
13. Hypervisor Details
o Understanding the hypervisor
o vnc console access
o xendomains
14. Virtualization: Advanced Techniques
o Snapshot storage
o Creating virtual private networks
o Masquerading virtual machines
o Physical and logical network separation
RH436 Red Hat Enterprise Clustering and Storage Management
Course Outline
1. Review Red Hat Enterprise Clustering and Storage Management Technologies
2. Linux Dynamic Device Management
o udev Features
o udev Rule Configuration
3. iSCSI
o iSCSI as a Shared Storage Device
o Configuring an iSCSI initiator
o Authentication
4. Advanced Software RAID
o Types and Differences
o Monitoring
o Optimization Techniques
o Growth and High Availability
5. Device Mapper and Multipathing
o Mapping Targets
o LVM2 Snapshots
o Multipath Device Configuration
6. Cluster Technology
o Common Cluster Hardware
o Shared Storage Alternatives
7. Cluster Suite Overview
o Design and Elements of Clustering
o Cluster Configuration Tools
o Clustered Logical Volumes and Lock Management
8. Quorum and the Cluster Manager
o Intracluster Communication
o Cluster Tools
9. Fencing and Failover
o Fencing Components
o Failover Domains
10. Quorum Disk
o Heuristic Configuration
11. Service Manager
o Resource Groups and Recovery
o Hierarchical Resource Ordering
o High Availability Services
12. Global File System (GFS)
o Implementation and Configuration
o Lock Management
o Planning For and Growing On-line GFS
o Monitoring Tools
o Journal Configuration and Management
RH442 Red Hat Enterprise System Monitoring and Performance Tuning
Course Outline
1. Basics: Principles and Terminology
o What is performance tuning?
o Steps in the tuning process
o Quantifying performance
2. Tools for Obtaining Information
o The sysfs and proc filesystems and the sysctl utility
o System process queues
o The system activity reporter
o Passing parameters to kernel modules
o Generating reports using standard utilties
o Benchmarking
o Monitoring systems with SNMP and MRTG
3. Monitoring the Kernel
o Kernel profiling and OProfile
o Monitoring the kernel with SystemTap
4. Hardware Performance Considerations
o Memory: levels, types
o Cache
o Disk and I/O
5. The CPU: Processes and Scheduling
o Controlling processor speed
o How the Linux kernel schedules processes
o Process priority
o Obtaining processor performance information
6. Memory
o How Processes and the kernel utilize memory
o System tunables that affect memory performance
o How page and buffer caches work
o Monitoring and controlling memory usage
o The virtual memory subsystem
7. The I/O Subsystem and Filesystems
o Tuning the disk I/O subsystem
o I/O scheduling
o The virtual file system
o File system tunable parameters
o Layout of the ext2 and ext3 filesystems
o Journaling
8. Network Performance
o Factors affecting performance
o Viewing device information
o Ethernet channel bonding
o Network sockets
o Layers of the OSI model
o TCP tuning
9. Application Tuning
o Causes of performance problems
o Application tuning
o Viewing application behaviors using standard tools
o NFS
o Apache
o Samba