Difference between revisions of "LPIC-2 Objectives V4"
GMatthewRice (Talk | contribs) m |
FabianThorns (Talk | contribs) (→Version Information) |
||
(96 intermediate revisions by 6 users not shown) | |||
Line 1: | Line 1: | ||
__FORCETOC__ | __FORCETOC__ | ||
− | == | + | ==Overview of Tasks== |
− | + | These are required exams for LPI certification Level 2. It covers advanced skills for the Linux professional that are common across all distributions of Linux. Also, [[LPIC-1_Objectives|LPIC-1]] must be obtained in order to receive the certification. Exams may be taken in any order but all | |
+ | of the requirements must be met. | ||
+ | |||
+ | To pass LPIC-2, the candidate should be able to: | ||
+ | |||
+ | * Administer a small to medium-sized site. | ||
+ | * Plan, implement, maintain, keep consistent, secure, and troubleshoot a small mixed (MS, Linux) network, including a: | ||
+ | ** LAN server (Samba, NFS, DNS, DHCP, client management). | ||
+ | ** Internet Gateway (firewall, VPN, SSH, web cache/proxy, mail). | ||
+ | ** Internet Server (web server and reverse proxy, FTP server). | ||
+ | * Supervise assistants. | ||
+ | * Advise management on automation and purchases. | ||
<br /><br /> | <br /><br /> | ||
Line 8: | Line 19: | ||
==Version Information== | ==Version Information== | ||
− | These objectives are version 4.0. | + | These objectives are version 4.0.0. This version is to go live on Nov 1, 2013. |
+ | |||
+ | This is also a [[LPIC2AndLPIC3SummaryVersion3To4|summary and detailed information]] on the changes from version 3.5.x to 4.0.0 of the objectives. | ||
+ | |||
+ | The [[LPIC-2_Objectives_V3|version 3.x of the LPIC-2 Objectives]] are still online. | ||
+ | |||
+ | <br /> | ||
+ | |||
+ | {| | ||
+ | | style="background:#ffa0a0" | | ||
+ | <b>PLEASE NOTE:</b> This is an outdated version of the LPIC-2 objectives which not longer available since August 31st, 2017. If you start to prepare for an LPIC-2 exam, please use the most [[LPIC-2_Objectives_V4.5|recent version of the objectives]]. | ||
+ | |} | ||
− | |||
<br /><br /> | <br /><br /> | ||
+ | |||
+ | ==Exams== | ||
+ | |||
+ | In order to be certified [[LPIC-2]], the candidate must pass both the [[LPIC-2_101_v4_|201]] and [[LPIC-2_202_v4_0|202]] exams and be a holder of an active [[LPIC-1]] certification. | ||
+ | |||
+ | * [[LPIC-2_201_v4_0|201]] | ||
+ | * [[LPIC-2_202_v4_0|202]] | ||
+ | |||
==Addenda== | ==Addenda== | ||
− | ===''Version Update ( | + | ===''Proposed Clarification Addendum (Aug 1st, 2015)''=== |
+ | |||
+ | * added named-checkconf to 207.1 | ||
+ | * added named-compilezone, named-checkzone, and masterfile-format to 207.2 | ||
+ | * added apachectl to 208.1 | ||
+ | |||
+ | ===''Clarification Addendum (Nov 1st, 2013)''=== | ||
+ | |||
+ | * changed htgroup to AuthGroupFile and AuthUserFile | ||
+ | |||
+ | ===''Version Update (Nov 1st, 2013)''=== | ||
* updated to version 4.0.0 | * updated to version 4.0.0 | ||
Line 25: | Line 64: | ||
The following translations of the objectives are available on this wiki: | The following translations of the objectives are available on this wiki: | ||
− | * [[LPIC- | + | * [[LPIC-2_Objectives_V4|English]] |
− | * [[LPIC- | + | * [[LPIC-2_Objectives_V4(ES)|Spanish]] |
− | * [[LPIC- | + | * [[LPIC-2_Objectives_V4(FR)|French]] |
− | * [[LPIC- | + | * [[LPIC-2_Objectives_V4(DE)|German]] |
− | + | ||
− | + | ||
− | + | ||
− | + | ||
− | + | ||
− | + | ||
==Objectives: Exam 201== | ==Objectives: Exam 201== | ||
− | ===''Topic | + | ===''Topic 200: Capacity Planning''=== |
− | ====<span style="color:navy"> | + | ====<span style="color:navy">200.1 Measure and Troubleshoot Resource Usage (weight: 6)</span>==== |
{| | {| | ||
Line 50: | Line 83: | ||
'''Weight''' | '''Weight''' | ||
− | | style="background:#eaeaea" | | + | | style="background:#eaeaea" | 6 |
|- | |- | ||
| style="background:#dadada; padding-right:1em" | | | style="background:#dadada; padding-right:1em" | | ||
Line 58: | Line 91: | ||
| style="background:#eaeaea" | | | style="background:#eaeaea" | | ||
− | Candidates should be able to measure hardware resource and network bandwidth | + | Candidates should be able to measure hardware resource and network bandwidth, identify and troubleshoot resource problems. |
|} | |} | ||
Line 75: | Line 108: | ||
* Map client bandwidth usage. | * Map client bandwidth usage. | ||
+ | |||
+ | * Match / correlate system symptoms with likely problems. | ||
+ | |||
+ | * Estimate throughput and identify bottlenecks in a system including networking. | ||
'''The following is a partial list of the used files, terms and utilities:''' | '''The following is a partial list of the used files, terms and utilities:''' | ||
Line 95: | Line 132: | ||
* sar | * sar | ||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
* swap | * swap | ||
Line 133: | Line 141: | ||
* blocks out | * blocks out | ||
− | + | <br /> | |
− | |||
− | ====<span style="color:navy"> | + | ====<span style="color:navy">200.2 Predict Future Resource Needs (weight: 2)</span>==== |
{| | {| | ||
Line 144: | Line 151: | ||
'''Weight''' | '''Weight''' | ||
− | | style="background:#eaeaea" | | + | | style="background:#eaeaea" | 2 |
|- | |- | ||
| style="background:#dadada; padding-right:1em" | | | style="background:#dadada; padding-right:1em" | | ||
Line 165: | Line 172: | ||
* Graph the trend of capacity usage. | * Graph the trend of capacity usage. | ||
+ | |||
+ | * Awareness of monitoring solutions such as Nagios, MRTG and Cacti | ||
'''The following is a partial list of the used files, terms and utilities:''' | '''The following is a partial list of the used files, terms and utilities:''' | ||
Line 201: | Line 210: | ||
'''The following is a partial list of the used files, terms and utilities:''' | '''The following is a partial list of the used files, terms and utilities:''' | ||
− | * /usr/src/linux | + | * /usr/src/linux/ |
− | * /usr/src/linux/Documentation | + | * /usr/src/linux/Documentation/ |
* zImage | * zImage | ||
Line 263: | Line 272: | ||
* /usr/src/linux/.config | * /usr/src/linux/.config | ||
− | * /lib/modules/kernel-version/ | + | * /lib/modules/kernel-version/ |
* depmod | * depmod | ||
Line 297: | Line 306: | ||
* /proc filesystem | * /proc filesystem | ||
− | * Content of /, /boot , and /lib/modules | + | * Content of /, /boot/ , and /lib/modules/ |
* Tools and utilities to analyse information about the available hardware | * Tools and utilities to analyse information about the available hardware | ||
Line 307: | Line 316: | ||
* /lib/modules/kernel-version/modules.dep | * /lib/modules/kernel-version/modules.dep | ||
− | * module configuration files in /etc | + | * module configuration files in /etc/ |
* /proc/sys/kernel/ | * /proc/sys/kernel/ | ||
Line 339: | Line 348: | ||
* udevmonitor | * udevmonitor | ||
− | * /etc/udev | + | * udevadm monitor |
+ | |||
+ | * /etc/udev/ | ||
<br /> | <br /> | ||
Line 436: | Line 447: | ||
<br /> | <br /> | ||
− | ====<span style="color:navy">202.3 Alternate Bootloaders (weight: | + | ====<span style="color:navy">202.3 Alternate Bootloaders (weight: 2)</span>==== |
{| | {| | ||
Line 443: | Line 454: | ||
'''Weight''' | '''Weight''' | ||
− | | style="background:#eaeaea" | | + | | style="background:#eaeaea" | 2 |
|- | |- | ||
| style="background:#dadada; padding-right:1em" | '''Description''' | | style="background:#dadada; padding-right:1em" | '''Description''' | ||
Line 472: | Line 483: | ||
* pxelinux.0 | * pxelinux.0 | ||
− | * pxelinux.cfg/ | + | * pxelinux.cfg/ |
<br/> | <br/> | ||
Line 478: | Line 489: | ||
===''Topic 203: Filesystem and Devices''=== | ===''Topic 203: Filesystem and Devices''=== | ||
− | |||
====<span style="color:navy">203.1 Operating the Linux filesystem (weight: 4)</span>==== | ====<span style="color:navy">203.1 Operating the Linux filesystem (weight: 4)</span>==== | ||
Line 603: | Line 613: | ||
===''Topic 204: Advanced Storage Device Administration''=== | ===''Topic 204: Advanced Storage Device Administration''=== | ||
− | ====<span style="color:navy">204.1 Configuring RAID (weight: | + | ====<span style="color:navy">204.1 Configuring RAID (weight: 3)</span>==== |
{| | {| | ||
Line 610: | Line 620: | ||
'''Weight''' | '''Weight''' | ||
− | | style="background:#eaeaea" | | + | | style="background:#eaeaea" | 3 |
|- | |- | ||
| style="background:#dadada; padding-right:1em" | '''Description''' | | style="background:#dadada; padding-right:1em" | '''Description''' | ||
Line 629: | Line 639: | ||
* /proc/mdstat | * /proc/mdstat | ||
− | * | + | * partition type 0xFD |
+ | |||
<br /> | <br /> | ||
− | ====<span style="color:navy">204.2 Adjusting Storage Device Access (weight: | + | ====<span style="color:navy">204.2 Adjusting Storage Device Access (weight: 2)</span>==== |
{| | {| | ||
Line 639: | Line 650: | ||
'''Weight''' | '''Weight''' | ||
− | | style="background:#eaeaea" | | + | | style="background:#eaeaea" | 2 |
|- | |- | ||
| style="background:#dadada; padding-right:1em" | '''Description''' | | style="background:#dadada; padding-right:1em" | '''Description''' | ||
− | | style="background:#eaeaea" | Candidates should be able to configure kernel options to support various drives. This objective includes software tools to view & modify hard disk settings. | + | | style="background:#eaeaea" | Candidates should be able to configure kernel options to support various drives. This objective includes software tools to view & modify hard disk settings including iSCSI devices. |
|} | |} | ||
Line 653: | Line 664: | ||
* Awareness of sdparm command and its uses | * Awareness of sdparm command and its uses | ||
+ | |||
+ | * Tools and utilities for iSCSI | ||
'''The following is a partial list of the used files, terms and utilities:''' | '''The following is a partial list of the used files, terms and utilities:''' | ||
− | * hdparm | + | * hdparm, sdparm |
− | + | ||
− | + | ||
* tune2fs | * tune2fs | ||
Line 664: | Line 675: | ||
* sysctl | * sysctl | ||
− | * /dev/hd* | + | * /dev/hd*, /dev/sd* |
+ | |||
+ | * iscsiadm, scsi_id, iscsid and iscsid.conf | ||
+ | * WWID, WWN, LUN numbers | ||
<br /> | <br /> | ||
Line 727: | Line 741: | ||
* Utilities to configure and manipulate ethernet network interfaces | * Utilities to configure and manipulate ethernet network interfaces | ||
− | * Configuring wireless networks | + | * Configuring basic access to wireless networks with iw, iwconfig and iwlist |
'''The following is a partial list of the used files, terms and utilities:''' | '''The following is a partial list of the used files, terms and utilities:''' | ||
Line 741: | Line 755: | ||
* /sbin/iwconfig | * /sbin/iwconfig | ||
− | * /sbin/iwlist | + | * /sbin/iwlist |
<br /> | <br /> | ||
Line 833: | Line 847: | ||
* /bin/netstat | * /bin/netstat | ||
− | * /etc/network | + | * /etc/network/, /etc/sysconfig/network-scripts/ |
* System log files such as /var/log/syslog & /var/log/messages | * System log files such as /var/log/syslog & /var/log/messages | ||
Line 843: | Line 857: | ||
* /etc/hosts | * /etc/hosts | ||
− | * /etc/hostname | + | * /etc/hostname, /etc/HOSTNAME |
* /bin/hostname | * /bin/hostname | ||
Line 854: | Line 868: | ||
<br /> | <br /> | ||
− | |||
<br /> | <br /> | ||
Line 938: | Line 951: | ||
* /bin/sh | * /bin/sh | ||
− | |||
− | |||
* dd | * dd | ||
Line 1,004: | Line 1,015: | ||
| style="background:#dadada; padding-right:1em" | '''Description''' | | style="background:#dadada; padding-right:1em" | '''Description''' | ||
− | | style="background:#eaeaea" | Candidates should be able to configure BIND to function as a caching-only DNS server. This objective includes the ability to | + | | style="background:#eaeaea" | Candidates should be able to configure BIND to function as a caching-only DNS server. This objective includes the ability to managing a running server and configuring logging. |
|} | |} | ||
Line 1,021: | Line 1,032: | ||
* /etc/named.conf | * /etc/named.conf | ||
− | * /var/named/ | + | * /var/named/ |
* /usr/sbin/rndc | * /usr/sbin/rndc | ||
Line 1,044: | Line 1,055: | ||
| style="background:#dadada; padding-right:1em" | '''Description''' | | style="background:#dadada; padding-right:1em" | '''Description''' | ||
− | | style="background:#eaeaea" | Candidates should be able to create a zone file for a forward or reverse zone | + | | style="background:#eaeaea" | Candidates should be able to create a zone file for a forward or reverse zone and hints for root level servers. This objective includes setting appropriate values for records, adding hosts in zones and adding zones to the DNS. A candidate should also be able to delegate zones to another DNS server. |
|} | |} | ||
Line 1,056: | Line 1,067: | ||
* Various methods to add a new host in the zone files, including reverse zones | * Various methods to add a new host in the zone files, including reverse zones | ||
− | |||
'''The following is a partial list of the used files, terms and utilities:''' | '''The following is a partial list of the used files, terms and utilities:''' | ||
− | * /var/named/ | + | * /var/named/ |
* zone file syntax | * zone file syntax | ||
Line 1,112: | Line 1,122: | ||
* dnssec-signzone | * dnssec-signzone | ||
+ | <br /> | ||
<br /> | <br /> | ||
Line 1,160: | Line 1,171: | ||
* htpasswd | * htpasswd | ||
− | * | + | * AuthUserFile, AuthGroupFile |
* apache2ctl | * apache2ctl | ||
Line 1,168: | Line 1,179: | ||
<br /> | <br /> | ||
− | ====<span style="color:navy">208.2 Apache configuration for HTTPS (weight: | + | ====<span style="color:navy">208.2 Apache configuration for HTTPS (weight: 3)</span>==== |
{| | {| | ||
Line 1,175: | Line 1,186: | ||
'''Weight''' | '''Weight''' | ||
− | | style="background:#eaeaea" | | + | | style="background:#eaeaea" | 3 |
|- | |- | ||
| style="background:#dadada; padding-right:1em" | '''Description''' | | style="background:#dadada; padding-right:1em" | '''Description''' | ||
Line 1,186: | Line 1,197: | ||
* SSL configuration files, tools and utilities | * SSL configuration files, tools and utilities | ||
− | * SSL | + | * Ability to generate a server private key and CSR for a commercial CA |
+ | |||
+ | * Ability to generate a self-signed Certificate from private CA | ||
+ | |||
+ | * Ability to install the key and Certificate | ||
+ | |||
+ | * Awareness of the issues with Virtual Hosting and use of SSL | ||
+ | |||
+ | * Security issues in SSL use | ||
'''The following is a partial list of the used files, terms and utilities:''' | '''The following is a partial list of the used files, terms and utilities:''' | ||
Line 1,192: | Line 1,211: | ||
* Apache2 configuration files | * Apache2 configuration files | ||
− | * /etc/ssl/ | + | * /etc/ssl/, /etc/pki/ |
− | * openssl | + | * openssl, CA.pl |
+ | |||
+ | * SSLEngine, SSLCertificateKeyFile, SSLCertificateFile, SSLCertificateChainFile | ||
+ | |||
+ | * SSLCACertificateFile, SSLCACertificatePath | ||
+ | |||
+ | * SSLProtocol, SSLCipherSuite, ServerTokens, ServerSignature, TraceEnable | ||
<br /> | <br /> | ||
Line 1,229: | Line 1,254: | ||
* http_access | * http_access | ||
+ | |||
+ | <br /> | ||
====<span style="color:navy">208.4 Implementing Nginx as a web server and a reverse proxy (weight: 2)</span>==== | ====<span style="color:navy">208.4 Implementing Nginx as a web server and a reverse proxy (weight: 2)</span>==== | ||
Line 1,303: | Line 1,330: | ||
* net | * net | ||
− | * /etc/smb/ | + | * /etc/smb/ |
* /var/log/samba/ | * /var/log/samba/ | ||
Line 1,309: | Line 1,336: | ||
<br /> | <br /> | ||
− | ====<span style="color:navy">209.2 NFS Server Configuration (weight: | + | ====<span style="color:navy">209.2 NFS Server Configuration (weight: 3)</span>==== |
{| | {| | ||
Line 1,316: | Line 1,343: | ||
'''Weight''' | '''Weight''' | ||
− | | style="background:#eaeaea" | | + | | style="background:#eaeaea" | 3 |
|- | |- | ||
| style="background:#dadada; padding-right:1em" | '''Description''' | | style="background:#dadada; padding-right:1em" | '''Description''' | ||
Line 1,333: | Line 1,360: | ||
* Mount options on server and client | * Mount options on server and client | ||
− | * | + | * TCP Wrappers |
* Awareness of NFSv4 | * Awareness of NFSv4 | ||
Line 1,418: | Line 1,445: | ||
'''The following is a partial list of the used files, terms and utilities:''' | '''The following is a partial list of the used files, terms and utilities:''' | ||
− | * /etc/pam.d | + | * /etc/pam.d/ |
* pam.conf | * pam.conf | ||
Line 1,508: | Line 1,535: | ||
* slapindex | * slapindex | ||
− | * /var/lib/ldap/ | + | * /var/lib/ldap/ |
* loglevel | * loglevel | ||
Line 1,543: | Line 1,570: | ||
* Configuration files and commands for postfix | * Configuration files and commands for postfix | ||
− | * /etc/postfix/ | + | * /etc/postfix/ |
− | * /var/spool/postfix | + | * /var/spool/postfix/ |
* sendmail emulation layer commands | * sendmail emulation layer commands | ||
Line 1,609: | Line 1,636: | ||
'''The following is a partial list of the used files, terms and utilities:''' | '''The following is a partial list of the used files, terms and utilities:''' | ||
− | * /etc/courier/ | + | * /etc/courier/ |
* dovecot.conf | * dovecot.conf | ||
Line 1,650: | Line 1,677: | ||
'''The following is a partial list of the used files, terms and utilities:''' | '''The following is a partial list of the used files, terms and utilities:''' | ||
− | * /proc/sys/net/ipv4 | + | * /proc/sys/net/ipv4/ |
* /etc/services | * /etc/services | ||
Line 1,720: | Line 1,747: | ||
* /etc/ssh/sshd_config | * /etc/ssh/sshd_config | ||
− | * /etc/ssh/ | + | * /etc/ssh/ |
* Private and public key files | * Private and public key files | ||
Line 1,746: | Line 1,773: | ||
* Tools and utilities to scan and test ports on a server | * Tools and utilities to scan and test ports on a server | ||
− | * Locations and organisations that report security alerts as Bugtraq, CERT | + | * Locations and organisations that report security alerts as Bugtraq, CERT or other sources |
* Tools and utilities to implement an intrusion detection system (IDS) | * Tools and utilities to implement an intrusion detection system (IDS) | ||
Line 1,786: | Line 1,813: | ||
'''The following is a partial list of the used files, terms and utilities:''' | '''The following is a partial list of the used files, terms and utilities:''' | ||
− | * /etc/openvpn/ | + | * /etc/openvpn/ |
* openvpn | * openvpn | ||
Line 1,805: | Line 1,832: | ||
* sieve and maildrop to be considered in a future update. | * sieve and maildrop to be considered in a future update. | ||
− | * SAN | + | * SAN, AoE, and FCoE to be considered in a future update. |
* encrypted file systems are covered in-depth in LPI-303 exam. | * encrypted file systems are covered in-depth in LPI-303 exam. | ||
+ | |||
+ | * mention of DANE | ||
+ | |||
+ | * more SSSD | ||
+ | |||
+ | * drop lilo, (consider U-boot and other non-x86 topics) | ||
+ | |||
+ | * introduction (or more) to FreeIPA | ||
+ | |||
+ | * drop SSLCertificateChainFile...deprecated as of [[https://www.apachehaus.com/index.php?option=com_content&view=article&id=119&Itemid=104 March, 2014]] | ||
+ | |||
+ | * add coverage of mod_security and mod_evasive to Apache HTTP (maybe as a separate topic: Web Application Firewall) | ||
+ | |||
+ | * add coverage of a higher-level firewall package like firewalld or ufw | ||
+ | |||
+ | * add xzImage to kernel image names if it ever gets used | ||
+ | |||
+ | * update 204.2 (adjusting storage devices) to include NVMe and AHCI (with IDE/PIO coverage) - make Bryan do it? :) | ||
+ | |||
+ | * update Samba section to include version 4 and drop version 3 | ||
+ | |||
+ | * be more specific on which features/tech for encrypted file systems (and/or add more content) | ||
+ | |||
+ | * Include sieve filters and reconsider procmail |
Latest revision as of 10:22, 12 September 2017
Contents
- 1 Overview of Tasks
- 2 Version Information
- 3 Exams
- 4 Addenda
- 5 Translations of Objectives
- 6 Objectives: Exam 201
- 7 Objectives: Exam 202
- 8 Future Change Considerations
Overview of Tasks
These are required exams for LPI certification Level 2. It covers advanced skills for the Linux professional that are common across all distributions of Linux. Also, LPIC-1 must be obtained in order to receive the certification. Exams may be taken in any order but all of the requirements must be met.
To pass LPIC-2, the candidate should be able to:
- Administer a small to medium-sized site.
- Plan, implement, maintain, keep consistent, secure, and troubleshoot a small mixed (MS, Linux) network, including a:
- LAN server (Samba, NFS, DNS, DHCP, client management).
- Internet Gateway (firewall, VPN, SSH, web cache/proxy, mail).
- Internet Server (web server and reverse proxy, FTP server).
- Supervise assistants.
- Advise management on automation and purchases.
Version Information
These objectives are version 4.0.0. This version is to go live on Nov 1, 2013.
This is also a summary and detailed information on the changes from version 3.5.x to 4.0.0 of the objectives.
The version 3.x of the LPIC-2 Objectives are still online.
PLEASE NOTE: This is an outdated version of the LPIC-2 objectives which not longer available since August 31st, 2017. If you start to prepare for an LPIC-2 exam, please use the most recent version of the objectives. |
Exams
In order to be certified LPIC-2, the candidate must pass both the 201 and 202 exams and be a holder of an active LPIC-1 certification.
Addenda
Proposed Clarification Addendum (Aug 1st, 2015)
- added named-checkconf to 207.1
- added named-compilezone, named-checkzone, and masterfile-format to 207.2
- added apachectl to 208.1
Clarification Addendum (Nov 1st, 2013)
- changed htgroup to AuthGroupFile and AuthUserFile
Version Update (Nov 1st, 2013)
- updated to version 4.0.0
Translations of Objectives
The following translations of the objectives are available on this wiki:
- English
Objectives: Exam 201
Topic 200: Capacity Planning
200.1 Measure and Troubleshoot Resource Usage (weight: 6)
Weight |
6 |
Description |
Candidates should be able to measure hardware resource and network bandwidth, identify and troubleshoot resource problems. |
Key Knowledge Areas:
- Measure CPU usage.
- Measure memory usage.
- Measure disk I/O.
- Measure network I/O.
- Measure firewalling and routing throughput.
- Map client bandwidth usage.
- Match / correlate system symptoms with likely problems.
- Estimate throughput and identify bottlenecks in a system including networking.
The following is a partial list of the used files, terms and utilities:
- iostat
- vmstat
- netstat
- pstree, ps
- w
- lsof
- top
- uptime
- sar
- swap
- processes blocked on I/O
- blocks in
- blocks out
200.2 Predict Future Resource Needs (weight: 2)
Weight |
2 |
Description |
Candidates should be able to monitor resource usage to predict future resource needs. |
Key Knowledge Areas:
- Use collectd to monitor IT infrastructure usage.
- Predict capacity break point of a configuration.
- Observe growth rate of capacity usage.
- Graph the trend of capacity usage.
- Awareness of monitoring solutions such as Nagios, MRTG and Cacti
The following is a partial list of the used files, terms and utilities:
- diagnose
- predict growth
- resource exhaustion
Topic 201: Linux Kernel
201.1 Kernel components (weight: 2)
Weight |
2 |
Description | Candidates should be able to utilise kernel components that are necessary to specific hardware, hardware drivers, system resources and requirements. This objective includes implementing different types of kernel images, understanding stable and longterm kernels and patches, as well as using kernel modules. |
Key Knowledge Areas:
- Kernel 2.6.x documentation
- Kernel 3.x documentation
The following is a partial list of the used files, terms and utilities:
- /usr/src/linux/
- /usr/src/linux/Documentation/
- zImage
- bzImage
201.2 Compiling a Linux kernel (weight: 3)
Weight |
3 |
Description | Candidates should be able to properly configure a kernel to include or disable specific features of the Linux kernel as necessary. This objective includes compiling and recompiling the Linux kernel as needed, updating and noting changes in a new kernel, creating an initrd image and installing new kernels. |
Key Knowledge Areas:
- /usr/src/linux/
- Kernel Makefiles
- Kernel 2.6.x/3.x make targets
- Customize the current kernel configuration.
- Build a new kernel and appropriate kernel modules.
- Install a new kernel and any modules.
- Ensure that the boot manager can locate the new kernel and associated files.
- Module configuration files
- Awareness of dracut
The following is a partial list of the used files, terms and utilities:
- mkinitrd
- mkinitramfs
- make
- make targets (all, config, xconfig, menuconfig, gconfig, oldconfig, mrproper, zImage, bzImage, modules, modules_install, rpm-pkg, binrpm-pkg, deb-pkg)
- gzip
- bzip2
- module tools
- /usr/src/linux/.config
- /lib/modules/kernel-version/
- depmod
201.3 Kernel runtime management and troubleshooting (weight: 4)
Weight |
4 |
Description | Candidates should be able to manage and/or query a 2.6.x or 3.x kernel and its loadable modules. Candidates should be able to identify and correct common boot and run time issues. Candidates should understand device detection and management using udev. This objective includes troubleshooting udev rules. |
Key Knowledge Areas:
- Use command-line utilities to get information about the currently running kernel and kernel modules.
- Manually load and unload kernel modules.
- Determine when modules can be unloaded.
- Determine what parameters a module accepts.
- Configure the system to load modules by names other than their file name.
- /proc filesystem
- Content of /, /boot/ , and /lib/modules/
- Tools and utilities to analyse information about the available hardware
- udev rules
The following is a partial list of the used files, terms and utilities:
- /lib/modules/kernel-version/modules.dep
- module configuration files in /etc/
- /proc/sys/kernel/
- /sbin/depmod
- /sbin/rmmod
- /sbin/modinfo
- /bin/dmesg
- /sbin/lspci
- /usr/bin/lsdev
- /sbin/lsmod
- /sbin/modprobe
- /sbin/insmod
- /bin/uname
- /usr/bin/lsusb
- /etc/sysctl.conf, /etc/sysctl.d/
- /sbin/sysctl
- udevmonitor
- udevadm monitor
- /etc/udev/
Topic 202: System Startup
202.1 Customising SysV-init system startup (weight: 3)
Weight |
3 |
Description | Candidates should be able to query and modify the behaviour of system services at various run levels. A thorough understanding of the init structure and boot process is required. This objective includes interacting with run levels. |
Key Knowledge Areas:
- Linux Standard Base Specification (LSB)
- SysV init environment
The following is a partial list of the used files, terms and utilities:
- /etc/inittab
- /etc/init.d/
- /etc/rc.d/
- chkconfig
- update-rc.d
- init and telinit
202.2 System recovery (weight: 4)
Weight |
4 |
Description | Candidates should be able to properly manipulate a Linux system during both the boot process and during recovery mode. This objective includes using both the init utility and init-related kernel options. Candidates should be able to determine the cause of errors in loading and usage of bootloaders. GRUB version 2 and GRUB Legacy are the bootloaders of interest. |
Key Knowledge Areas:
- GRUB version 2 and Legacy
- grub shell
- boot loader start and hand off to kernel
- kernel loading
- hardware initialisation and setup
- daemon/service initialisation and setup
- Know the different boot loader install locations on a hard disk or removable device
- Overwriting standard boot loader options and using boot loader shells
- Awareness of UEFI
The following is a partial list of the used files, terms and utilities:
- mount
- fsck
- inittab, telinit and init with SysV init
- The contents of /boot/ and /boot/grub/
- GRUB
- grub-install
- initrd, initramfs
- Master boot record
202.3 Alternate Bootloaders (weight: 2)
Weight |
2 |
Description | Candidates should be aware of other bootloaders and their major features. |
Key Knowledge Areas:
- LILO
- SYSLINUX, ISOLINUX, PXELINUX
- Understanding of PXE
The following is a partial list of the used files, terms and utilities:
- lilo, /etc/lilo.conf
- syslinux
- extlinux
- isolinux.bin
- isolinux.cfg
- pxelinux.0
- pxelinux.cfg/
Topic 203: Filesystem and Devices
203.1 Operating the Linux filesystem (weight: 4)
Weight |
4 |
Description | Candidates should be able to properly configure and navigate the standard Linux filesystem. This objective includes configuring and mounting various filesystem types. |
Key Knowledge Areas:
- The concept of the fstab configuration
- Tools and utilities for handling SWAP partitions and files
- Use of UUIDs for identifying and mounting file systems
The following is a partial list of the used files, terms and utilities:
- /etc/fstab
- /etc/mtab
- /proc/mounts
- mount and umount
- blkid
- sync
- swapon
- swapoff
203.2 Maintaining a Linux filesystem (weight: 3)
Weight |
3 |
Description | Candidates should be able to properly maintain a Linux filesystem using system utilities. This objective includes manipulating standard filesystems and monitoring SMART devices. |
Key Knowledge Areas:
- Tools and utilities to manipulate and ext2, ext3 and ext4
- Tools and utilities to manipulate xfs
- Awareness of Btrfs
The following is a partial list of the used files, terms and utilities:
- fsck (fsck.*)
- mkfs (mkfs.*)
- dumpe2fs, xfsdump, xfsrestore
- debugfs
- tune2fs
- mkswap
- xfs_info, xfs_check and xfs_repair
- smartd, smartctl
203.3 Creating and configuring filesystem options (weight: 2)
Weight |
2 |
Description | Candidates should be able to configure automount filesystems using AutoFS. This objective includes configuring automount for network and device filesystems. Also included is creating filesystems for devices such as CD-ROMs and a basic feature knowledge of encrypted filesystems. |
Key Knowledge Areas:
- autofs configuration files
- UDF and ISO9660 tools and utilities
- awareness of CD-ROM filesystems (UDF, ISO9660, HFS)
- awareness of CD-ROM filesystem extensions (Joliet, Rock Ridge, El Torito)
- basic feature knowledge of encrypted filesystems
The following is a partial list of the used files, terms and utilities:
- /etc/auto.master
- /etc/auto.[dir]
- mkisofs
Topic 204: Advanced Storage Device Administration
204.1 Configuring RAID (weight: 3)
Weight |
3 |
Description | Candidates should be able to configure and implement software RAID. This objective includes using and configuring RAID 0, 1 and 5. |
Key Knowledge Areas:
- Software RAID configuration files and utilities
The following is a partial list of the used files, terms and utilities:
- mdadm.conf
- mdadm
- /proc/mdstat
- partition type 0xFD
204.2 Adjusting Storage Device Access (weight: 2)
Weight |
2 |
Description | Candidates should be able to configure kernel options to support various drives. This objective includes software tools to view & modify hard disk settings including iSCSI devices. |
Key Knowledge Areas:
- Tools and utilities to configure DMA for IDE devices including ATAPI and SATA
- Tools and utilities to manipulate or analyse system resources (e.g. interrupts)
- Awareness of sdparm command and its uses
- Tools and utilities for iSCSI
The following is a partial list of the used files, terms and utilities:
- hdparm, sdparm
- tune2fs
- sysctl
- /dev/hd*, /dev/sd*
- iscsiadm, scsi_id, iscsid and iscsid.conf
- WWID, WWN, LUN numbers
204.3 Logical Volume Manager (weight: 3)
Weight |
3 |
Description | Candidates should be able to create and remove logical volumes, volume groups, and physical volumes. This objective includes snapshots and resizing logical volumes. |
Key Knowledge Areas:
- Tools in the LVM suite
- Resizing, renaming, creating, and removing logical volumes, volume groups, and physical volumes
- Creating and maintaining snapshots
- Activating volume groups
The following is a partial list of the used files, terms and utilities:
- /sbin/pv*
- /sbin/lv*
- /sbin/vg*
- mount
- /dev/mapper/
Topic 205: Networking Configuration
205.1 Basic networking configuration (weight: 3)
Weight |
3 |
Description | Candidates should be able to configure a network device to be able to connect to a local, wired or wireless, and a wide-area network. This objective includes being able to communicate between various subnets within a single network including both IPv4 and IPv6 networks. |
Key Knowledge Areas:
- Utilities to configure and manipulate ethernet network interfaces
- Configuring basic access to wireless networks with iw, iwconfig and iwlist
The following is a partial list of the used files, terms and utilities:
- /sbin/route
- /sbin/ifconfig
- /sbin/ip
- /usr/sbin/arp
- /sbin/iwconfig
- /sbin/iwlist
205.2 Advanced Network Configuration (weight: 4)
Weight |
4 |
Description | Candidates should be able to configure a network device to implement various network authentication schemes. This objective includes configuring a multi-homed network device and resolving communication problems. |
Key Knowledge Areas:
- Utilities to manipulate routing tables
- Utilities to configure and manipulate ethernet network interfaces
- Utilities to analyse the status of the network devices
- Utilities to monitor and analyse the TCP/IP traffic
The following is a partial list of the used files, terms and utilities:
- /sbin/route
- /sbin/ifconfig
- /bin/netstat
- /bin/ping
- /usr/sbin/arp
- /usr/sbin/tcpdump
- /usr/sbin/lsof
- /usr/bin/nc
- /sbin/ip
- nmap
205.3 Troubleshooting network issues (weight: 4)
Weight |
4 |
Description | Candidates should be able to identify and correct common network setup issues, to include knowledge of locations for basic configuration files and commands. |
Key Knowledge Areas:
- Location and content of access restriction files
- Utilities to configure and manipulate ethernet network interfaces
- Utilities to manage routing tables
- Utilities to list network states.
- Utilities to gain information about the network configuration
- Methods of information about the recognised and used hardware devices
- System initialisation files and their contents (SysV init process)
- Awareness of NetworkManager and its impact on network configuration
The following is a partial list of the used files, terms and utilities:
- /sbin/ifconfig
- /sbin/route
- /bin/netstat
- /etc/network/, /etc/sysconfig/network-scripts/
- System log files such as /var/log/syslog & /var/log/messages
- /bin/ping
- /etc/resolv.conf
- /etc/hosts
- /etc/hostname, /etc/HOSTNAME
- /bin/hostname
- /usr/sbin/traceroute
- /bin/dmesg
- /etc/hosts.allow, /etc/hosts.deny
Topic 206: System Maintenance
206.1 Make and install programs from source (weight: 2)
Weight |
2 |
Description | Candidates should be able to build and install an executable program from source. This objective includes being able to unpack a file of sources. |
Key Knowledge Areas:
- Unpack source code using common compression and archive utilities.
- Understand basics of invoking make to compile programs.
- Apply parameters to a configure script.
- Know where sources are stored by default.
The following is a partial list of the used files, terms and utilities:
- /usr/src/
- gunzip
- gzip
- bzip2
- tar
- configure
- make
- uname
- install
- patch
206.2 Backup operations (weight: 3)
Weight |
3 |
Description | Candidates should be able to use system tools to back up important system data. |
Key Knowledge Areas:
- Knowledge about directories that have to be include in backups
- Awareness of network backup solutions such as Amanda, Bacula and BackupPC
- Knowledge of the benefits and drawbacks of tapes, CDR, disk or other backup media
- Perform partial and manual backups.
- Verify the integrity of backup files.
- Partially or fully restore backups.
The following is a partial list of the used files, terms and utilities:
- /bin/sh
- dd
- tar
- /dev/st* and /dev/nst*
- mt
- rsync
Weight |
1 |
Description | Candidates should be able to notify the users about current issues related to the system. |
Key Knowledge Areas:
- Automate communication with users through logon messages.
- Inform active users of system maintenance
The following is a partial list of the used files, terms and utilities:
- /etc/issue
- /etc/issue.net
- /etc/motd
- wall
- /sbin/shutdown
Objectives: Exam 202
Topic 207: Domain Name Server
207.1 Basic DNS server configuration (weight: 3)
Weight |
3 |
Description | Candidates should be able to configure BIND to function as a caching-only DNS server. This objective includes the ability to managing a running server and configuring logging. |
Key Knowledge Areas:
- BIND 9.x configuration files, terms and utilities
- Defining the location of the BIND zone files in BIND configuration files
- Reloading modified configuration and zone files
- Awareness of dnsmasq, djbdns and PowerDNS as alternate name servers
The following is a partial list of the used files, terms and utilities:
- /etc/named.conf
- /var/named/
- /usr/sbin/rndc
- kill
- host
- dig
207.2 Create and maintain DNS zones (weight: 3)
Weight |
3 |
Description | Candidates should be able to create a zone file for a forward or reverse zone and hints for root level servers. This objective includes setting appropriate values for records, adding hosts in zones and adding zones to the DNS. A candidate should also be able to delegate zones to another DNS server. |
Key Knowledge Areas:
- BIND 9 configuration files, terms and utilities
- Utilities to request information from the DNS server
- Layout, content and file location of the BIND zone files
- Various methods to add a new host in the zone files, including reverse zones
The following is a partial list of the used files, terms and utilities:
- /var/named/
- zone file syntax
- resource record formats
- dig
- nslookup
- host
207.3 Securing a DNS server (weight: 2)
Weight |
2 |
Description | Candidates should be able to configure a DNS server to run as a non-root user and run in a chroot jail. This objective includes secure exchange of data between DNS servers. |
Key Knowledge Areas:
- BIND 9 configuration files
- Configuring BIND to run in a chroot jail
- Split configuration of BIND using the forwarders statement
- Configuring and using transaction signatures (TSIG)
- Awareness of DNSSEC and basic tools
The following is a partial list of the used files, terms and utilities:
- /etc/named.conf
- /etc/passwd
- DNSSEC
- dnssec-keygen
- dnssec-signzone
Topic 208: Web Services
208.1 Basic Apache configuration (weight: 4)
Weight |
4 |
Description | Candidates should be able to install and configure a web server. This objective includes monitoring the server's load and performance, restricting client user access, configuring support for scripting languages as modules and setting up client user authentication. Also included is configuring server options to restrict usage of resources. Candidates should be able to configure a web server to use virtual hosts and customise file access. |
Key Knowledge Areas:
- Apache 2.x configuration files, terms and utilities
- Apache log files configuration and content
- Access restriction methods and files
- mod_perl and PHP configuration
- Client user authentication files and utilities
- Configuration of maximum requests, minimum and maximum servers and clients
- Apache 2.x virtual host implementation (with and without dedicated IP addresses)
- Using redirect statements in Apache's configuration files to customise file access
The following is a partial list of the used files, terms and utilities:
- access logs and error logs
- .htaccess
- httpd.conf
- mod_auth
- htpasswd
- AuthUserFile, AuthGroupFile
- apache2ctl
- httpd
208.2 Apache configuration for HTTPS (weight: 3)
Weight |
3 |
Description | Candidates should be able to configure a web server to provide HTTPS. |
Key Knowledge Areas:
- SSL configuration files, tools and utilities
- Ability to generate a server private key and CSR for a commercial CA
- Ability to generate a self-signed Certificate from private CA
- Ability to install the key and Certificate
- Awareness of the issues with Virtual Hosting and use of SSL
- Security issues in SSL use
The following is a partial list of the used files, terms and utilities:
- Apache2 configuration files
- /etc/ssl/, /etc/pki/
- openssl, CA.pl
- SSLEngine, SSLCertificateKeyFile, SSLCertificateFile, SSLCertificateChainFile
- SSLCACertificateFile, SSLCACertificatePath
- SSLProtocol, SSLCipherSuite, ServerTokens, ServerSignature, TraceEnable
208.3 Implementing Squid as a caching proxy (weight: 2)
Weight |
2 |
Description | Candidates should be able to install and configure a proxy server, including access policies, authentication and resource usage. |
Key Knowledge Areas:
- Squid 3.x configuration files, terms and utilities
- Access restriction methods
- Client user authentication methods
- Layout and content of ACL in the Squid configuration files
The following is a partial list of the used files, terms and utilities:
- squid.conf
- acl
- http_access
208.4 Implementing Nginx as a web server and a reverse proxy (weight: 2)
Weight |
2 |
Description | Candidates should be able to install and configure a reverse proxy server, Nginx. Basic configuration of Nginx as a HTTP server is included. |
Key Knowledge Areas:
- Nginx
- Reverse Proxy
- Basic Web Server
The following is a partial list of the used files, terms and utilities:
- /etc/nginx/
- nginx
Topic 209: File Sharing
209.1 Samba Server Configuration (weight: 5)
Weight |
5 |
Description | Candidates should be able to set up a SAMBA server for various clients. This objective includes setting up Samba for login clients and setting up the workgroup in which a server participates and defining shared directories and printers. Also covered is a configuring a Linux client to use a Samba server. Troubleshooting installations is also tested. |
Key Knowledge Areas:
- Samba version 3 documentation
- Samba configuration files
- Samba tools and utilities
- Mounting Samba shares on Linux
- Samba daemons
- Mapping Windows user names to Linux user names
- User-Level and Share-Level security
The following is a partial list of the used files, terms and utilities:
- smbd, nmbd
- smbstatus, testparm, smbpasswd, nmblookup
- smbclient
- net
- /etc/smb/
- /var/log/samba/
209.2 NFS Server Configuration (weight: 3)
Weight |
3 |
Description | Candidates should be able to export filesystems using NFS. This objective includes access restrictions, mounting an NFS filesystem on a client and securing NFS. |
Key Knowledge Areas:
- NFS version 3 configuration files
- NFS tools and utilities
- Access restrictions to certain hosts and/or subnets
- Mount options on server and client
- TCP Wrappers
- Awareness of NFSv4
The following is a partial list of the used files, terms and utilities:
- /etc/exports
- exportfs
- showmount
- nfsstat
- /proc/mounts
- /etc/fstab
- rpcinfo
- mountd
- portmapper
Topic 210: Network Client Management
210.1 DHCP configuration (weight: 2)
Weight |
2 |
Description | Candidates should be able to configure a DHCP server. This objective includes setting default and per client options, adding static hosts and BOOTP hosts. Also included is configuring a DHCP relay agent and maintaining the DHCP server. |
Key Knowledge Areas:
- DHCP configuration files, terms and utilities
- Subnet and dynamically-allocated range setup
The following is a partial list of the used files, terms and utilities:
- dhcpd.conf
- dhcpd.leases
- /var/log/daemon.log and /var/log/messages
- arp
- dhcpd
210.2 PAM authentication (weight: 3)
Weight |
3 |
Description | The candidate should be able to configure PAM to support authentication using various available methods. |
Key Knowledge Areas:
- PAM configuration files, terms and utilities
- passwd and shadow passwords
The following is a partial list of the used files, terms and utilities:
- /etc/pam.d/
- pam.conf
- nsswitch.conf
- pam_unix, pam_cracklib, pam_limits, pam_listfile
210.3 LDAP client usage (weight: 2)
Weight |
2 |
Description | Candidates should be able to perform queries and updates to an LDAP server. Also included is importing and adding items, as well as adding and managing users. |
Key Knowledge Areas:
- LDAP utilities for data management and queries
- Change user passwords
- Querying the LDAP directory
The following is a partial list of the used files, terms and utilities:
- ldapsearch
- ldappasswd
- ldapadd
- ldapdelete
210.4 Configuring an OpenLDAP server (weight: 4)
Weight |
4 |
Description | Candidates should be able to configure a basic OpenLDAP server including knowledge of LDIF format and essential access controls. An understanding of the role of SSSD in authentication and identity management is included. |
Key Knowledge Areas:
- OpenLDAP
- Access Control
- Distinguished Names
- Changetype Operations
- Schemas and Whitepages
- Directories
- Object IDs, Attributes and Classes
- Awareness of System Security Services Daemon (SSSD)
The following is a partial list of the used files, terms and utilities:
- slapd
- slapd.conf
- LDIF
- slapadd
- slapcat
- slapindex
- /var/lib/ldap/
- loglevel
Topic 211: E-Mail Services
211.1 Using e-mail servers (weight: 4)
Weight |
4 |
Description | Candidates should be able to manage an e-mail server, including the configuration of e-mail aliases, e-mail quotas and virtual e-mail domains. This objective includes configuring internal e-mail relays and monitoring e-mail servers. |
Key Knowledge Areas:
- Configuration files for postfix
- Basic knowledge of the SMTP protocol
- Awareness of sendmail and exim
The following is a partial list of the used files, terms and utilities:
- Configuration files and commands for postfix
- /etc/postfix/
- /var/spool/postfix/
- sendmail emulation layer commands
- /etc/aliases
- mail-related logs in /var/log/
211.2 Managing Local E-Mail Delivery (weight: 2)
Weight |
2 |
Description | Candidates should be able to implement client e-mail management software to filter, sort and monitor incoming user e-mail. |
Key Knowledge Areas:
- procmail configuration files, tools and utilities
- Usage of procmail on both server and client side
The following is a partial list of the used files, terms and utilities:
- ~/.procmailrc
- /etc/procmailrc
- procmail
- mbox and Maildir formats
211.3 Managing Remote E-Mail Delivery (weight: 2)
Weight |
2 |
Description | Candidates should be able to install and configure POP and IMAP daemons. |
Key Knowledge Areas:
- Courier IMAP and Courier POP configuration
- Dovecot configuration
The following is a partial list of the used files, terms and utilities:
- /etc/courier/
- dovecot.conf
Topic 212: System Security
212.1 Configuring a router (weight: 3)
Weight |
3 |
Description | Candidates should be able to configure a system to perform network address translation (NAT, IP masquerading) and state its significance in protecting a network. This objective includes configuring port redirection, managing filter rules and averting attacks. |
Key Knowledge Areas:
- iptables configuration files, tools and utilities
- Tools, commands and utilities to manage routing tables.
- Private address ranges
- Port redirection and IP forwarding
- List and write filtering and rules that accept or block datagrams based on source or destination protocol, port and address
- Save and reload filtering configurations
- Awareness of ip6tables and filtering
The following is a partial list of the used files, terms and utilities:
- /proc/sys/net/ipv4/
- /etc/services
- iptables
212.2 Managing FTP servers (weight: 2)
Weight |
2 |
Description | Candidates should be able to configure an FTP server for anonymous downloads and uploads. This objective includes precautions to be taken if anonymous uploads are permitted and configuring user access. |
Key Knowledge Areas:
- Configuration files, tools and utilities for Pure-FTPd and vsftpd
- Awareness of ProFTPd
- Understanding of passive vs. active FTP connections
The following is a partial list of the used files, terms and utilities:
- vsftpd.conf
- important Pure-FTPd command line options
212.3 Secure shell (SSH) (weight: 4)
Weight |
4 |
Description | Candidates should be able to configure and secure an SSH daemon. This objective includes managing keys and configuring SSH for users. Candidates should also be able to forward an application protocol over SSH and manage the SSH login. |
Key Knowledge Areas:
- OpenSSH configuration files, tools and utilities
- Login restrictions for the superuser and the normal users
- Managing and using server and client keys to login with and without password
- Usage of multiple connections from multiple hosts to guard against loss of connection to remote host following configuration changes
The following is a partial list of the used files, terms and utilities:
- ssh
- sshd
- /etc/ssh/sshd_config
- /etc/ssh/
- Private and public key files
- PermitRootLogin, PubKeyAuthentication, AllowUsers, PasswordAuthentication, Protocol
212.4 Security tasks (weight: 3)
Weight |
3 |
Description | Candidates should be able to receive security alerts from various sources, install, configure and run intrusion detection systems and apply security patches and bugfixes. |
Key Knowledge Areas:
- Tools and utilities to scan and test ports on a server
- Locations and organisations that report security alerts as Bugtraq, CERT or other sources
- Tools and utilities to implement an intrusion detection system (IDS)
- Awareness of OpenVAS and Snort
The following is a partial list of the used files, terms and utilities:
- telnet
- nmap
- fail2ban
- nc
- iptables
212.5 OpenVPN (weight: 2)
Weight |
2 |
Description | Candidates should be able to configure a VPN (Virtual Private Network) and create secure point-to-point or site-to-site connections. |
Key Knowledge Areas:
- OpenVPN
The following is a partial list of the used files, terms and utilities:
- /etc/openvpn/
- openvpn
Future Change Considerations
Future changes to the objective will/may include:
- EFI shell, gdisk, parted not included. More appropriate in LPIC-1 update.
- lighttpd would have been too much coverage of web services. Perhaps reduce Apache next revision to make room.
- host level IDS (tripwire, AIDE, etc) to be covered in future LPIC-1.
- sieve and maildrop to be considered in a future update.
- SAN, AoE, and FCoE to be considered in a future update.
- encrypted file systems are covered in-depth in LPI-303 exam.
- mention of DANE
- more SSSD
- drop lilo, (consider U-boot and other non-x86 topics)
- introduction (or more) to FreeIPA
- drop SSLCertificateChainFile...deprecated as of [March, 2014]
- add coverage of mod_security and mod_evasive to Apache HTTP (maybe as a separate topic: Web Application Firewall)
- add coverage of a higher-level firewall package like firewalld or ufw
- add xzImage to kernel image names if it ever gets used
- update 204.2 (adjusting storage devices) to include NVMe and AHCI (with IDE/PIO coverage) - make Bryan do it? :)
- update Samba section to include version 4 and drop version 3
- be more specific on which features/tech for encrypted file systems (and/or add more content)
- Include sieve filters and reconsider procmail