Difference between revisions of "LPIC-303 Objectives V1"
(Created page with 'Placeholder for LPIC-3 303 objectives') |
|||
Line 1: | Line 1: | ||
− | + | __FORCETOC__ | |
+ | ==Introduction== | ||
+ | TODO: Need a description for exam here | ||
+ | <br /> | ||
+ | <br /> | ||
+ | ==Version Information== | ||
+ | These objectives are version 1.0.0. | ||
+ | <br /> | ||
+ | <br /> | ||
+ | ==Objectives== | ||
+ | ===''Topic 320: Cryptography''=== | ||
+ | ====<span style="color:navy">320.1 OpenSSL</span>==== | ||
+ | {| | ||
+ | | style="background:#dadada" | '''Weight''' | ||
+ | | style="background:#eaeaea" | 4 | ||
+ | |- | ||
+ | | style="background:#dadada; padding-right:1em" | '''Description''' | ||
+ | | style="background:#eaeaea" | Candidates should know how to configure and use OpenSSL. This includes creating your own Certificate Authority and issues SSL certificates for various applications. | ||
+ | |} | ||
+ | '''Key Knowledge Areas:''' | ||
+ | * certificate generation | ||
+ | * key generation | ||
+ | * SSL/TLS client and server tests | ||
+ | '''The following is a partial list of the used files, terms and utilities:''' | ||
+ | * openssl | ||
+ | * RSA, DH and DSA | ||
+ | * SSL | ||
+ | * X.509 | ||
+ | * CSR | ||
+ | * CRL | ||
+ | <br /> | ||
+ | ====<span style="color:navy">320.2 Advanced GPG</span>==== | ||
+ | {| | ||
+ | | style="background:#dadada" | '''Weight''' | ||
+ | | style="background:#eaeaea" | 4 | ||
+ | |- | ||
+ | | style="background:#dadada; padding-right:1em" | '''Description''' | ||
+ | | style="background:#eaeaea" | Candidates should know how to use GPG. This includes key generation, signing and publishing to keyservers. Managing multiple private key and IDs is also included. | ||
+ | |} | ||
+ | '''Key Knowledge Areas:''' | ||
+ | * GPG encyption and signing | ||
+ | * private/public key management | ||
+ | * GPG key servers | ||
+ | * GPG configuration | ||
+ | '''The following is a partial list of the used files, terms and utilities:''' | ||
+ | * gpg | ||
+ | * gpgv | ||
+ | * gpg-agent | ||
+ | * ~/.gnupg/ | ||
+ | <br /> | ||
+ | ====<span style="color:navy">320.3 Encrypted Filesystems</span>==== | ||
+ | {| | ||
+ | | style="background:#dadada" | '''Weight''' | ||
+ | | style="background:#eaeaea" | 3 | ||
+ | |- | ||
+ | | style="background:#dadada; padding-right:1em" | '''Description''' | ||
+ | | style="background:#eaeaea" | Candidates should be able to setup and configure encrypted filesystems. | ||
+ | |} | ||
+ | '''Key Knowledge Areas:''' | ||
+ | * LUKS | ||
+ | * dm-crypt and awareness of CBC, ESSIV, LRW and XTS modes | ||
+ | '''The following is a partial list of the used files, terms and utilities:''' | ||
+ | * dm-crypt | ||
+ | * cryptmount | ||
+ | * cryptsetup | ||
+ | <br /> | ||
+ | <br /> | ||
+ | ===''Topic 321: Access Control''=== | ||
+ | ====<span style="color:navy">321.1 Host Based Access Control</span>==== | ||
+ | {| | ||
+ | | style="background:#dadada" | '''Weight''' | ||
+ | | style="background:#eaeaea" | 2 | ||
+ | |- | ||
+ | | style="background:#dadada; padding-right:1em" | '''Description''' | ||
+ | | style="background:#eaeaea" | Candidates should be familiar with basic host based access control such as nsswitch configuration, PAM and password cracking. | ||
+ | |} | ||
+ | '''Key Knowledge Areas:''' | ||
+ | * PAM and PAM configuration files | ||
+ | * password cracking | ||
+ | * nsswitch | ||
+ | '''The following is a partial list of the used files, terms and utilities:''' | ||
+ | * nsswitch.conf | ||
+ | * john | ||
+ | <br /> | ||
+ | ====<span style="color:navy">321.2 Extended Attributes and ACLs</span>==== | ||
+ | {| | ||
+ | | style="background:#dadada" | '''Weight''' | ||
+ | | style="background:#eaeaea" | 5 | ||
+ | |- | ||
+ | | style="background:#dadada; padding-right:1em" | '''Description''' | ||
+ | | style="background:#eaeaea" | Candidates are required to understand and know how to use Extended Attributes and Access Control Lists. | ||
+ | |} | ||
+ | '''Key Knowledge Areas:''' | ||
+ | * ACLs | ||
+ | * EAs and attribute classes | ||
+ | '''The following is a partial list of the used files, terms and utilities:''' | ||
+ | * getfacl | ||
+ | * setfacl | ||
+ | * getfattr | ||
+ | * setfattr | ||
+ | <br /> | ||
+ | ====<span style="color:navy">321.3 SELinux</span>==== | ||
+ | {| | ||
+ | | style="background:#dadada" | '''Weight''' | ||
+ | | style="background:#eaeaea" | 6 | ||
+ | |- | ||
+ | | style="background:#dadada; padding-right:1em" | '''Description''' | ||
+ | | style="background:#eaeaea" | Candidates should have a thorough knowledge of SELinux. | ||
+ | |} | ||
+ | '''Key Knowledge Areas:''' | ||
+ | * SELinux configuration and command line tools | ||
+ | * TE, RBAC, MAC and DAC concepts and use | ||
+ | '''The following is a partial list of the used files, terms and utilities:''' | ||
+ | * fixfiles/setfiles | ||
+ | * newrole | ||
+ | * setenforce/getenforce | ||
+ | * selinuxenabled | ||
+ | * semanage | ||
+ | * sestatus | ||
+ | * /etc/selinux/ | ||
+ | * /etc/selinux.d/ | ||
+ | <br /> | ||
+ | ====<span style="color:navy">321.4 Other Mandatory Access Control Systems</span>==== | ||
+ | {| | ||
+ | | style="background:#dadada" | '''Weight''' | ||
+ | | style="background:#eaeaea" | 2 | ||
+ | |- | ||
+ | | style="background:#dadada; padding-right:1em" | '''Description''' | ||
+ | | style="background:#eaeaea" | Candidates should be familiar with other Mandatory Access Control systems for Linux. This includes major features of these systems but not configuration and use. | ||
+ | |} | ||
+ | '''Key Knowledge Areas:''' | ||
+ | * SMACK | ||
+ | * AppArmor | ||
+ | '''The following is a partial list of the used files, terms and utilities:''' | ||
+ | * SMACK | ||
+ | * AppArmor | ||
+ | <br /> | ||
+ | <br /> | ||
+ | ===''Topic 322: Application Security''=== | ||
+ | ====<span style="color:navy">322.1 BIND/DNS</span>==== | ||
+ | {| | ||
+ | | style="background:#dadada" | '''Weight''' | ||
+ | | style="background:#eaeaea" | 2 | ||
+ | |- | ||
+ | | style="background:#dadada; padding-right:1em" | '''Description''' | ||
+ | | style="background:#eaeaea" | Candidates should have experience and knowledge of security issues in use and configuration of BIND DNS services. | ||
+ | |} | ||
+ | '''Key Knowledge Areas:''' | ||
+ | * BIND v9 | ||
+ | * BIND vulnerabilities | ||
+ | * chroot environments | ||
+ | '''The following is a partial list of the used files, terms and utilities:''' | ||
+ | * TSIG | ||
+ | * BIND ACLs | ||
+ | * named-checkconf | ||
+ | <br /> | ||
+ | ====<span style="color:navy">322.2 Mail Services</span>==== | ||
+ | {| | ||
+ | | style="background:#dadada" | '''Weight''' | ||
+ | | style="background:#eaeaea" | 2 | ||
+ | |- | ||
+ | | style="background:#dadada; padding-right:1em" | '''Description''' | ||
+ | | style="background:#eaeaea" | Candidates should have experience and knowledge of security issues in use and configuration of Postfix mail services. Awareness of security issues in Sendmail is also required but not configuration. | ||
+ | |} | ||
+ | '''Key Knowledge Areas:''' | ||
+ | * Postfix security centric configuration | ||
+ | * securing Sendmail | ||
+ | * chroot environments | ||
+ | '''The following is a partial list of the used files, terms and utilities:''' | ||
+ | * /etc/postfix/ | ||
+ | * TLS | ||
+ | <br /> | ||
+ | ====<span style="color:navy">322.3 Apache/HTTP/HTTPS</span>==== | ||
+ | {| | ||
+ | | style="background:#dadada" | '''Weight''' | ||
+ | | style="background:#eaeaea" | 2 | ||
+ | |- | ||
+ | | style="background:#dadada; padding-right:1em" | '''Description''' | ||
+ | | style="background:#eaeaea" | Candidates should have experience and knowledge of security issues in use and configuration of Apache web services. | ||
+ | |} | ||
+ | '''Key Knowledge Areas:''' | ||
+ | * Apache v1 and v2 security centric configuration | ||
+ | '''The following is a partial list of the used files, terms and utilities:''' | ||
+ | * SSL | ||
+ | * .htaccess | ||
+ | * Basic Authentication | ||
+ | * htpasswd | ||
+ | * AllowOverride | ||
+ | <br /> | ||
+ | ====<span style="color:navy">322.4 FTP</span>==== | ||
+ | {| | ||
+ | | style="background:#dadada" | '''Weight''' | ||
+ | | style="background:#eaeaea" | 1 | ||
+ | |- | ||
+ | | style="background:#dadada; padding-right:1em" | '''Description''' | ||
+ | | style="background:#eaeaea" | Candidates should have experience and knowledge of security issues in use and configuration of Pure-FTPd and vsftpd FTP services. | ||
+ | |} | ||
+ | '''Key Knowledge Areas:''' | ||
+ | * Pure-FTPd configuration and important command line options | ||
+ | * vsftpd configuration | ||
+ | * chroot environments | ||
+ | '''The following is a partial list of the used files, terms and utilities:''' | ||
+ | * SSL/TLS | ||
+ | * vsftp.conf | ||
+ | <br /> | ||
+ | ====<span style="color:navy">322.5 OpenSSH</span>==== | ||
+ | {| | ||
+ | | style="background:#dadada" | '''Weight''' | ||
+ | | style="background:#eaeaea" | 3 | ||
+ | |- | ||
+ | | style="background:#dadada; padding-right:1em" | '''Description''' | ||
+ | | style="background:#eaeaea" | Candidates should have experience and knowledge of security issues in use and configuration of OpenSSH SSH services. | ||
+ | |} | ||
+ | '''Key Knowledge Areas:''' | ||
+ | * OpenSSH configuration and command line tools | ||
+ | * OpenSSH key management and access control | ||
+ | * Awareness of SSH protocol v1 and v2 security issues | ||
+ | '''The following is a partial list of the used files, terms and utilities:''' | ||
+ | * /etc/ssh/ | ||
+ | * ~/.ssh/ | ||
+ | * ssh-keygen | ||
+ | * ssh-agent | ||
+ | * ssh-vulnkey | ||
+ | <br /> | ||
+ | ====<span style="color:navy">322.6 NFSv4</span>==== | ||
+ | {| | ||
+ | | style="background:#dadada" | '''Weight''' | ||
+ | | style="background:#eaeaea" | 1 | ||
+ | |- | ||
+ | | style="background:#dadada; padding-right:1em" | '''Description''' | ||
+ | | style="background:#eaeaea" | Candidates should have experience and knowledge of security issues in use and configuration of NFSv4 NFS services. Earlier versions of NFS are not required knowledge. | ||
+ | |} | ||
+ | '''Key Knowledge Areas:''' | ||
+ | * NFSv4 security improvements, issues and use | ||
+ | * NFSv4 pseudo file system | ||
+ | * NFSv4 security mechanisms (LIPKEY, SPKM, Kerberos) | ||
+ | '''The following is a partial list of the used files, terms and utilities:''' | ||
+ | * NFSv4 ACLs | ||
+ | * nfs4acl | ||
+ | * RPCSEC_GSS | ||
+ | * /etc/exports | ||
+ | <br /> | ||
+ | ====<span style="color:navy">322.7 Syslog</span>==== | ||
+ | {| | ||
+ | | style="background:#dadada" | '''Weight''' | ||
+ | | style="background:#eaeaea" | 1 | ||
+ | |- | ||
+ | | style="background:#dadada; padding-right:1em" | '''Description''' | ||
+ | | style="background:#eaeaea" | Candidates should have experience and knowledge of security issues in use and configuration of syslog services. | ||
+ | |} | ||
+ | '''Key Knowledge Areas:''' | ||
+ | * syslog security issues | ||
+ | * chroot environments | ||
+ | '''The following is a partial list of the used files, terms and utilities:''' | ||
+ | * remote syslog servers | ||
+ | <br /> | ||
+ | <br /> | ||
+ | ===''Topic 323: Operations Security''=== | ||
+ | ====<span style="color:navy">323.1 Host Configuration Management</span>==== | ||
+ | {| | ||
+ | | style="background:#dadada" | '''Weight''' | ||
+ | | style="background:#eaeaea" | 2 | ||
+ | |- | ||
+ | | style="background:#dadada; padding-right:1em" | '''Description''' | ||
+ | | style="background:#eaeaea" | Candidates should be familiar with the use of RCS and Puppet for host configuration management. | ||
+ | |} | ||
+ | '''Key Knowledge Areas:''' | ||
+ | * RCS | ||
+ | * Puppet | ||
+ | '''The following is a partial list of the used files, terms and utilities:''' | ||
+ | * RCS | ||
+ | * ci/co | ||
+ | * rcsdiff | ||
+ | * puppet | ||
+ | * puppetd | ||
+ | * puppetmasterd | ||
+ | * /etc/puppet/ | ||
+ | <br /> | ||
+ | <br /> | ||
+ | ===''Topic 324: Network Security''=== | ||
+ | ====<span style="color:navy">324.1 Intrusion Detection</span>==== | ||
+ | {| | ||
+ | | style="background:#dadada" | '''Weight''' | ||
+ | | style="background:#eaeaea" | 4 | ||
+ | |- | ||
+ | | style="background:#dadada; padding-right:1em" | '''Description''' | ||
+ | | style="background:#eaeaea" | Candidates should be familiar with the use and configuration of intrusion detection software. | ||
+ | |} | ||
+ | '''Key Knowledge Areas:''' | ||
+ | * Snort configuration, rules and use | ||
+ | * Tripwire configuration, policies and use | ||
+ | '''The following is a partial list of the used files, terms and utilities:''' | ||
+ | * snort | ||
+ | * snort-stat | ||
+ | * /etc/snort/ | ||
+ | * tripwire | ||
+ | * twadmin | ||
+ | * /etc/tripwire/ | ||
+ | <br /> | ||
+ | ====<span style="color:navy">324.2 Network Security Scanning</span>==== | ||
+ | {| | ||
+ | | style="background:#dadada" | '''Weight''' | ||
+ | | style="background:#eaeaea" | 5 | ||
+ | |- | ||
+ | | style="background:#dadada; padding-right:1em" | '''Description''' | ||
+ | | style="background:#eaeaea" | Candidates should be familiar with the use and configuration of network security scanning tools. | ||
+ | |} | ||
+ | '''Key Knowledge Areas:''' | ||
+ | * Nessus configuration, NASL and use | ||
+ | * Wireshark filters and use | ||
+ | '''The following is a partial list of the used files, terms and utilities:''' | ||
+ | * nmap | ||
+ | * wireshark | ||
+ | * tshark | ||
+ | * tcpdump | ||
+ | * nessus | ||
+ | * nessus-adduser/nessus-rmuser | ||
+ | * nessusd | ||
+ | * nessus-mkcert | ||
+ | * /etc/nessus | ||
+ | <br /> | ||
+ | ====<span style="color:navy">324.3 Network Monitoring</span>==== | ||
+ | {| | ||
+ | | style="background:#dadada" | '''Weight''' | ||
+ | | style="background:#eaeaea" | 3 | ||
+ | |- | ||
+ | | style="background:#dadada; padding-right:1em" | '''Description''' | ||
+ | | style="background:#eaeaea" | Candidates should be familiar with the use and configuration of network monitoring tools. | ||
+ | |} | ||
+ | '''Key Knowledge Areas:''' | ||
+ | * Nagios configuration and use | ||
+ | * ntop | ||
+ | '''The following is a partial list of the used files, terms and utilities:''' | ||
+ | * ntop | ||
+ | * nagios | ||
+ | * nagiostats | ||
+ | * nagios.cfg and other configuration files | ||
+ | <br /> | ||
+ | ====<span style="color:navy">324.4 netfilter/iptables</span>==== | ||
+ | {| | ||
+ | | style="background:#dadada" | '''Weight''' | ||
+ | | style="background:#eaeaea" | 5 | ||
+ | |- | ||
+ | | style="background:#dadada; padding-right:1em" | '''Description''' | ||
+ | | style="background:#eaeaea" | Candidates should be familiar with the use and configuration of iptables. | ||
+ | |} | ||
+ | '''Key Knowledge Areas:''' | ||
+ | * Iptables packet filtering and network address translation | ||
+ | '''The following is a partial list of the used files, terms and utilities:''' | ||
+ | * iptables | ||
+ | * iptables-save/iptables-restore | ||
+ | <br /> | ||
+ | ====<span style="color:navy">324.5 OpenVPN</span>==== | ||
+ | {| | ||
+ | | style="background:#dadada" | '''Weight''' | ||
+ | | style="background:#eaeaea" | 3 | ||
+ | |- | ||
+ | | style="background:#dadada; padding-right:1em" | '''Description''' | ||
+ | | style="background:#eaeaea" | Candidates should be familiar with the use of OpenVPN. | ||
+ | |} | ||
+ | '''Key Knowledge Areas:''' | ||
+ | * OpenVPN configuration and use | ||
+ | '''The following is a partial list of the used files, terms and utilities:''' | ||
+ | * /etc/openvpn/ | ||
+ | * openvpn server and client |
Revision as of 19:53, 3 December 2009
Contents
Introduction
TODO: Need a description for exam here
Version Information
These objectives are version 1.0.0.
Objectives
Topic 320: Cryptography
320.1 OpenSSL
Weight | 4 |
Description | Candidates should know how to configure and use OpenSSL. This includes creating your own Certificate Authority and issues SSL certificates for various applications. |
Key Knowledge Areas:
- certificate generation
- key generation
- SSL/TLS client and server tests
The following is a partial list of the used files, terms and utilities:
- openssl
- RSA, DH and DSA
- SSL
- X.509
- CSR
- CRL
320.2 Advanced GPG
Weight | 4 |
Description | Candidates should know how to use GPG. This includes key generation, signing and publishing to keyservers. Managing multiple private key and IDs is also included. |
Key Knowledge Areas:
- GPG encyption and signing
- private/public key management
- GPG key servers
- GPG configuration
The following is a partial list of the used files, terms and utilities:
- gpg
- gpgv
- gpg-agent
- ~/.gnupg/
320.3 Encrypted Filesystems
Weight | 3 |
Description | Candidates should be able to setup and configure encrypted filesystems. |
Key Knowledge Areas:
- LUKS
- dm-crypt and awareness of CBC, ESSIV, LRW and XTS modes
The following is a partial list of the used files, terms and utilities:
- dm-crypt
- cryptmount
- cryptsetup
Topic 321: Access Control
321.1 Host Based Access Control
Weight | 2 |
Description | Candidates should be familiar with basic host based access control such as nsswitch configuration, PAM and password cracking. |
Key Knowledge Areas:
- PAM and PAM configuration files
- password cracking
- nsswitch
The following is a partial list of the used files, terms and utilities:
- nsswitch.conf
- john
321.2 Extended Attributes and ACLs
Weight | 5 |
Description | Candidates are required to understand and know how to use Extended Attributes and Access Control Lists. |
Key Knowledge Areas:
- ACLs
- EAs and attribute classes
The following is a partial list of the used files, terms and utilities:
- getfacl
- setfacl
- getfattr
- setfattr
321.3 SELinux
Weight | 6 |
Description | Candidates should have a thorough knowledge of SELinux. |
Key Knowledge Areas:
- SELinux configuration and command line tools
- TE, RBAC, MAC and DAC concepts and use
The following is a partial list of the used files, terms and utilities:
- fixfiles/setfiles
- newrole
- setenforce/getenforce
- selinuxenabled
- semanage
- sestatus
- /etc/selinux/
- /etc/selinux.d/
321.4 Other Mandatory Access Control Systems
Weight | 2 |
Description | Candidates should be familiar with other Mandatory Access Control systems for Linux. This includes major features of these systems but not configuration and use. |
Key Knowledge Areas:
- SMACK
- AppArmor
The following is a partial list of the used files, terms and utilities:
- SMACK
- AppArmor
Topic 322: Application Security
322.1 BIND/DNS
Weight | 2 |
Description | Candidates should have experience and knowledge of security issues in use and configuration of BIND DNS services. |
Key Knowledge Areas:
- BIND v9
- BIND vulnerabilities
- chroot environments
The following is a partial list of the used files, terms and utilities:
- TSIG
- BIND ACLs
- named-checkconf
322.2 Mail Services
Weight | 2 |
Description | Candidates should have experience and knowledge of security issues in use and configuration of Postfix mail services. Awareness of security issues in Sendmail is also required but not configuration. |
Key Knowledge Areas:
- Postfix security centric configuration
- securing Sendmail
- chroot environments
The following is a partial list of the used files, terms and utilities:
- /etc/postfix/
- TLS
322.3 Apache/HTTP/HTTPS
Weight | 2 |
Description | Candidates should have experience and knowledge of security issues in use and configuration of Apache web services. |
Key Knowledge Areas:
- Apache v1 and v2 security centric configuration
The following is a partial list of the used files, terms and utilities:
- SSL
- .htaccess
- Basic Authentication
- htpasswd
- AllowOverride
322.4 FTP
Weight | 1 |
Description | Candidates should have experience and knowledge of security issues in use and configuration of Pure-FTPd and vsftpd FTP services. |
Key Knowledge Areas:
- Pure-FTPd configuration and important command line options
- vsftpd configuration
- chroot environments
The following is a partial list of the used files, terms and utilities:
- SSL/TLS
- vsftp.conf
322.5 OpenSSH
Weight | 3 |
Description | Candidates should have experience and knowledge of security issues in use and configuration of OpenSSH SSH services. |
Key Knowledge Areas:
- OpenSSH configuration and command line tools
- OpenSSH key management and access control
- Awareness of SSH protocol v1 and v2 security issues
The following is a partial list of the used files, terms and utilities:
- /etc/ssh/
- ~/.ssh/
- ssh-keygen
- ssh-agent
- ssh-vulnkey
322.6 NFSv4
Weight | 1 |
Description | Candidates should have experience and knowledge of security issues in use and configuration of NFSv4 NFS services. Earlier versions of NFS are not required knowledge. |
Key Knowledge Areas:
- NFSv4 security improvements, issues and use
- NFSv4 pseudo file system
- NFSv4 security mechanisms (LIPKEY, SPKM, Kerberos)
The following is a partial list of the used files, terms and utilities:
- NFSv4 ACLs
- nfs4acl
- RPCSEC_GSS
- /etc/exports
322.7 Syslog
Weight | 1 |
Description | Candidates should have experience and knowledge of security issues in use and configuration of syslog services. |
Key Knowledge Areas:
- syslog security issues
- chroot environments
The following is a partial list of the used files, terms and utilities:
- remote syslog servers
Topic 323: Operations Security
323.1 Host Configuration Management
Weight | 2 |
Description | Candidates should be familiar with the use of RCS and Puppet for host configuration management. |
Key Knowledge Areas:
- RCS
- Puppet
The following is a partial list of the used files, terms and utilities:
- RCS
- ci/co
- rcsdiff
- puppet
- puppetd
- puppetmasterd
- /etc/puppet/
Topic 324: Network Security
324.1 Intrusion Detection
Weight | 4 |
Description | Candidates should be familiar with the use and configuration of intrusion detection software. |
Key Knowledge Areas:
- Snort configuration, rules and use
- Tripwire configuration, policies and use
The following is a partial list of the used files, terms and utilities:
- snort
- snort-stat
- /etc/snort/
- tripwire
- twadmin
- /etc/tripwire/
324.2 Network Security Scanning
Weight | 5 |
Description | Candidates should be familiar with the use and configuration of network security scanning tools. |
Key Knowledge Areas:
- Nessus configuration, NASL and use
- Wireshark filters and use
The following is a partial list of the used files, terms and utilities:
- nmap
- wireshark
- tshark
- tcpdump
- nessus
- nessus-adduser/nessus-rmuser
- nessusd
- nessus-mkcert
- /etc/nessus
324.3 Network Monitoring
Weight | 3 |
Description | Candidates should be familiar with the use and configuration of network monitoring tools. |
Key Knowledge Areas:
- Nagios configuration and use
- ntop
The following is a partial list of the used files, terms and utilities:
- ntop
- nagios
- nagiostats
- nagios.cfg and other configuration files
324.4 netfilter/iptables
Weight | 5 |
Description | Candidates should be familiar with the use and configuration of iptables. |
Key Knowledge Areas:
- Iptables packet filtering and network address translation
The following is a partial list of the used files, terms and utilities:
- iptables
- iptables-save/iptables-restore
324.5 OpenVPN
Weight | 3 |
Description | Candidates should be familiar with the use of OpenVPN. |
Key Knowledge Areas:
- OpenVPN configuration and use
The following is a partial list of the used files, terms and utilities:
- /etc/openvpn/
- openvpn server and client