Difference between revisions of "LPIC-303 Objectives V1"
From LPI Wiki
(Created page with 'Placeholder for LPIC-3 303 objectives') |
|||
| Line 1: | Line 1: | ||
| − | + | __FORCETOC__ | |
| + | ==Introduction== | ||
| + | TODO: Need a description for exam here | ||
| + | <br /> | ||
| + | <br /> | ||
| + | ==Version Information== | ||
| + | These objectives are version 1.0.0. | ||
| + | <br /> | ||
| + | <br /> | ||
| + | ==Objectives== | ||
| + | ===''Topic 320: Cryptography''=== | ||
| + | ====<span style="color:navy">320.1 OpenSSL</span>==== | ||
| + | {| | ||
| + | | style="background:#dadada" | '''Weight''' | ||
| + | | style="background:#eaeaea" | 4 | ||
| + | |- | ||
| + | | style="background:#dadada; padding-right:1em" | '''Description''' | ||
| + | | style="background:#eaeaea" | Candidates should know how to configure and use OpenSSL. This includes creating your own Certificate Authority and issues SSL certificates for various applications. | ||
| + | |} | ||
| + | '''Key Knowledge Areas:''' | ||
| + | * certificate generation | ||
| + | * key generation | ||
| + | * SSL/TLS client and server tests | ||
| + | '''The following is a partial list of the used files, terms and utilities:''' | ||
| + | * openssl | ||
| + | * RSA, DH and DSA | ||
| + | * SSL | ||
| + | * X.509 | ||
| + | * CSR | ||
| + | * CRL | ||
| + | <br /> | ||
| + | ====<span style="color:navy">320.2 Advanced GPG</span>==== | ||
| + | {| | ||
| + | | style="background:#dadada" | '''Weight''' | ||
| + | | style="background:#eaeaea" | 4 | ||
| + | |- | ||
| + | | style="background:#dadada; padding-right:1em" | '''Description''' | ||
| + | | style="background:#eaeaea" | Candidates should know how to use GPG. This includes key generation, signing and publishing to keyservers. Managing multiple private key and IDs is also included. | ||
| + | |} | ||
| + | '''Key Knowledge Areas:''' | ||
| + | * GPG encyption and signing | ||
| + | * private/public key management | ||
| + | * GPG key servers | ||
| + | * GPG configuration | ||
| + | '''The following is a partial list of the used files, terms and utilities:''' | ||
| + | * gpg | ||
| + | * gpgv | ||
| + | * gpg-agent | ||
| + | * ~/.gnupg/ | ||
| + | <br /> | ||
| + | ====<span style="color:navy">320.3 Encrypted Filesystems</span>==== | ||
| + | {| | ||
| + | | style="background:#dadada" | '''Weight''' | ||
| + | | style="background:#eaeaea" | 3 | ||
| + | |- | ||
| + | | style="background:#dadada; padding-right:1em" | '''Description''' | ||
| + | | style="background:#eaeaea" | Candidates should be able to setup and configure encrypted filesystems. | ||
| + | |} | ||
| + | '''Key Knowledge Areas:''' | ||
| + | * LUKS | ||
| + | * dm-crypt and awareness of CBC, ESSIV, LRW and XTS modes | ||
| + | '''The following is a partial list of the used files, terms and utilities:''' | ||
| + | * dm-crypt | ||
| + | * cryptmount | ||
| + | * cryptsetup | ||
| + | <br /> | ||
| + | <br /> | ||
| + | ===''Topic 321: Access Control''=== | ||
| + | ====<span style="color:navy">321.1 Host Based Access Control</span>==== | ||
| + | {| | ||
| + | | style="background:#dadada" | '''Weight''' | ||
| + | | style="background:#eaeaea" | 2 | ||
| + | |- | ||
| + | | style="background:#dadada; padding-right:1em" | '''Description''' | ||
| + | | style="background:#eaeaea" | Candidates should be familiar with basic host based access control such as nsswitch configuration, PAM and password cracking. | ||
| + | |} | ||
| + | '''Key Knowledge Areas:''' | ||
| + | * PAM and PAM configuration files | ||
| + | * password cracking | ||
| + | * nsswitch | ||
| + | '''The following is a partial list of the used files, terms and utilities:''' | ||
| + | * nsswitch.conf | ||
| + | * john | ||
| + | <br /> | ||
| + | ====<span style="color:navy">321.2 Extended Attributes and ACLs</span>==== | ||
| + | {| | ||
| + | | style="background:#dadada" | '''Weight''' | ||
| + | | style="background:#eaeaea" | 5 | ||
| + | |- | ||
| + | | style="background:#dadada; padding-right:1em" | '''Description''' | ||
| + | | style="background:#eaeaea" | Candidates are required to understand and know how to use Extended Attributes and Access Control Lists. | ||
| + | |} | ||
| + | '''Key Knowledge Areas:''' | ||
| + | * ACLs | ||
| + | * EAs and attribute classes | ||
| + | '''The following is a partial list of the used files, terms and utilities:''' | ||
| + | * getfacl | ||
| + | * setfacl | ||
| + | * getfattr | ||
| + | * setfattr | ||
| + | <br /> | ||
| + | ====<span style="color:navy">321.3 SELinux</span>==== | ||
| + | {| | ||
| + | | style="background:#dadada" | '''Weight''' | ||
| + | | style="background:#eaeaea" | 6 | ||
| + | |- | ||
| + | | style="background:#dadada; padding-right:1em" | '''Description''' | ||
| + | | style="background:#eaeaea" | Candidates should have a thorough knowledge of SELinux. | ||
| + | |} | ||
| + | '''Key Knowledge Areas:''' | ||
| + | * SELinux configuration and command line tools | ||
| + | * TE, RBAC, MAC and DAC concepts and use | ||
| + | '''The following is a partial list of the used files, terms and utilities:''' | ||
| + | * fixfiles/setfiles | ||
| + | * newrole | ||
| + | * setenforce/getenforce | ||
| + | * selinuxenabled | ||
| + | * semanage | ||
| + | * sestatus | ||
| + | * /etc/selinux/ | ||
| + | * /etc/selinux.d/ | ||
| + | <br /> | ||
| + | ====<span style="color:navy">321.4 Other Mandatory Access Control Systems</span>==== | ||
| + | {| | ||
| + | | style="background:#dadada" | '''Weight''' | ||
| + | | style="background:#eaeaea" | 2 | ||
| + | |- | ||
| + | | style="background:#dadada; padding-right:1em" | '''Description''' | ||
| + | | style="background:#eaeaea" | Candidates should be familiar with other Mandatory Access Control systems for Linux. This includes major features of these systems but not configuration and use. | ||
| + | |} | ||
| + | '''Key Knowledge Areas:''' | ||
| + | * SMACK | ||
| + | * AppArmor | ||
| + | '''The following is a partial list of the used files, terms and utilities:''' | ||
| + | * SMACK | ||
| + | * AppArmor | ||
| + | <br /> | ||
| + | <br /> | ||
| + | ===''Topic 322: Application Security''=== | ||
| + | ====<span style="color:navy">322.1 BIND/DNS</span>==== | ||
| + | {| | ||
| + | | style="background:#dadada" | '''Weight''' | ||
| + | | style="background:#eaeaea" | 2 | ||
| + | |- | ||
| + | | style="background:#dadada; padding-right:1em" | '''Description''' | ||
| + | | style="background:#eaeaea" | Candidates should have experience and knowledge of security issues in use and configuration of BIND DNS services. | ||
| + | |} | ||
| + | '''Key Knowledge Areas:''' | ||
| + | * BIND v9 | ||
| + | * BIND vulnerabilities | ||
| + | * chroot environments | ||
| + | '''The following is a partial list of the used files, terms and utilities:''' | ||
| + | * TSIG | ||
| + | * BIND ACLs | ||
| + | * named-checkconf | ||
| + | <br /> | ||
| + | ====<span style="color:navy">322.2 Mail Services</span>==== | ||
| + | {| | ||
| + | | style="background:#dadada" | '''Weight''' | ||
| + | | style="background:#eaeaea" | 2 | ||
| + | |- | ||
| + | | style="background:#dadada; padding-right:1em" | '''Description''' | ||
| + | | style="background:#eaeaea" | Candidates should have experience and knowledge of security issues in use and configuration of Postfix mail services. Awareness of security issues in Sendmail is also required but not configuration. | ||
| + | |} | ||
| + | '''Key Knowledge Areas:''' | ||
| + | * Postfix security centric configuration | ||
| + | * securing Sendmail | ||
| + | * chroot environments | ||
| + | '''The following is a partial list of the used files, terms and utilities:''' | ||
| + | * /etc/postfix/ | ||
| + | * TLS | ||
| + | <br /> | ||
| + | ====<span style="color:navy">322.3 Apache/HTTP/HTTPS</span>==== | ||
| + | {| | ||
| + | | style="background:#dadada" | '''Weight''' | ||
| + | | style="background:#eaeaea" | 2 | ||
| + | |- | ||
| + | | style="background:#dadada; padding-right:1em" | '''Description''' | ||
| + | | style="background:#eaeaea" | Candidates should have experience and knowledge of security issues in use and configuration of Apache web services. | ||
| + | |} | ||
| + | '''Key Knowledge Areas:''' | ||
| + | * Apache v1 and v2 security centric configuration | ||
| + | '''The following is a partial list of the used files, terms and utilities:''' | ||
| + | * SSL | ||
| + | * .htaccess | ||
| + | * Basic Authentication | ||
| + | * htpasswd | ||
| + | * AllowOverride | ||
| + | <br /> | ||
| + | ====<span style="color:navy">322.4 FTP</span>==== | ||
| + | {| | ||
| + | | style="background:#dadada" | '''Weight''' | ||
| + | | style="background:#eaeaea" | 1 | ||
| + | |- | ||
| + | | style="background:#dadada; padding-right:1em" | '''Description''' | ||
| + | | style="background:#eaeaea" | Candidates should have experience and knowledge of security issues in use and configuration of Pure-FTPd and vsftpd FTP services. | ||
| + | |} | ||
| + | '''Key Knowledge Areas:''' | ||
| + | * Pure-FTPd configuration and important command line options | ||
| + | * vsftpd configuration | ||
| + | * chroot environments | ||
| + | '''The following is a partial list of the used files, terms and utilities:''' | ||
| + | * SSL/TLS | ||
| + | * vsftp.conf | ||
| + | <br /> | ||
| + | ====<span style="color:navy">322.5 OpenSSH</span>==== | ||
| + | {| | ||
| + | | style="background:#dadada" | '''Weight''' | ||
| + | | style="background:#eaeaea" | 3 | ||
| + | |- | ||
| + | | style="background:#dadada; padding-right:1em" | '''Description''' | ||
| + | | style="background:#eaeaea" | Candidates should have experience and knowledge of security issues in use and configuration of OpenSSH SSH services. | ||
| + | |} | ||
| + | '''Key Knowledge Areas:''' | ||
| + | * OpenSSH configuration and command line tools | ||
| + | * OpenSSH key management and access control | ||
| + | * Awareness of SSH protocol v1 and v2 security issues | ||
| + | '''The following is a partial list of the used files, terms and utilities:''' | ||
| + | * /etc/ssh/ | ||
| + | * ~/.ssh/ | ||
| + | * ssh-keygen | ||
| + | * ssh-agent | ||
| + | * ssh-vulnkey | ||
| + | <br /> | ||
| + | ====<span style="color:navy">322.6 NFSv4</span>==== | ||
| + | {| | ||
| + | | style="background:#dadada" | '''Weight''' | ||
| + | | style="background:#eaeaea" | 1 | ||
| + | |- | ||
| + | | style="background:#dadada; padding-right:1em" | '''Description''' | ||
| + | | style="background:#eaeaea" | Candidates should have experience and knowledge of security issues in use and configuration of NFSv4 NFS services. Earlier versions of NFS are not required knowledge. | ||
| + | |} | ||
| + | '''Key Knowledge Areas:''' | ||
| + | * NFSv4 security improvements, issues and use | ||
| + | * NFSv4 pseudo file system | ||
| + | * NFSv4 security mechanisms (LIPKEY, SPKM, Kerberos) | ||
| + | '''The following is a partial list of the used files, terms and utilities:''' | ||
| + | * NFSv4 ACLs | ||
| + | * nfs4acl | ||
| + | * RPCSEC_GSS | ||
| + | * /etc/exports | ||
| + | <br /> | ||
| + | ====<span style="color:navy">322.7 Syslog</span>==== | ||
| + | {| | ||
| + | | style="background:#dadada" | '''Weight''' | ||
| + | | style="background:#eaeaea" | 1 | ||
| + | |- | ||
| + | | style="background:#dadada; padding-right:1em" | '''Description''' | ||
| + | | style="background:#eaeaea" | Candidates should have experience and knowledge of security issues in use and configuration of syslog services. | ||
| + | |} | ||
| + | '''Key Knowledge Areas:''' | ||
| + | * syslog security issues | ||
| + | * chroot environments | ||
| + | '''The following is a partial list of the used files, terms and utilities:''' | ||
| + | * remote syslog servers | ||
| + | <br /> | ||
| + | <br /> | ||
| + | ===''Topic 323: Operations Security''=== | ||
| + | ====<span style="color:navy">323.1 Host Configuration Management</span>==== | ||
| + | {| | ||
| + | | style="background:#dadada" | '''Weight''' | ||
| + | | style="background:#eaeaea" | 2 | ||
| + | |- | ||
| + | | style="background:#dadada; padding-right:1em" | '''Description''' | ||
| + | | style="background:#eaeaea" | Candidates should be familiar with the use of RCS and Puppet for host configuration management. | ||
| + | |} | ||
| + | '''Key Knowledge Areas:''' | ||
| + | * RCS | ||
| + | * Puppet | ||
| + | '''The following is a partial list of the used files, terms and utilities:''' | ||
| + | * RCS | ||
| + | * ci/co | ||
| + | * rcsdiff | ||
| + | * puppet | ||
| + | * puppetd | ||
| + | * puppetmasterd | ||
| + | * /etc/puppet/ | ||
| + | <br /> | ||
| + | <br /> | ||
| + | ===''Topic 324: Network Security''=== | ||
| + | ====<span style="color:navy">324.1 Intrusion Detection</span>==== | ||
| + | {| | ||
| + | | style="background:#dadada" | '''Weight''' | ||
| + | | style="background:#eaeaea" | 4 | ||
| + | |- | ||
| + | | style="background:#dadada; padding-right:1em" | '''Description''' | ||
| + | | style="background:#eaeaea" | Candidates should be familiar with the use and configuration of intrusion detection software. | ||
| + | |} | ||
| + | '''Key Knowledge Areas:''' | ||
| + | * Snort configuration, rules and use | ||
| + | * Tripwire configuration, policies and use | ||
| + | '''The following is a partial list of the used files, terms and utilities:''' | ||
| + | * snort | ||
| + | * snort-stat | ||
| + | * /etc/snort/ | ||
| + | * tripwire | ||
| + | * twadmin | ||
| + | * /etc/tripwire/ | ||
| + | <br /> | ||
| + | ====<span style="color:navy">324.2 Network Security Scanning</span>==== | ||
| + | {| | ||
| + | | style="background:#dadada" | '''Weight''' | ||
| + | | style="background:#eaeaea" | 5 | ||
| + | |- | ||
| + | | style="background:#dadada; padding-right:1em" | '''Description''' | ||
| + | | style="background:#eaeaea" | Candidates should be familiar with the use and configuration of network security scanning tools. | ||
| + | |} | ||
| + | '''Key Knowledge Areas:''' | ||
| + | * Nessus configuration, NASL and use | ||
| + | * Wireshark filters and use | ||
| + | '''The following is a partial list of the used files, terms and utilities:''' | ||
| + | * nmap | ||
| + | * wireshark | ||
| + | * tshark | ||
| + | * tcpdump | ||
| + | * nessus | ||
| + | * nessus-adduser/nessus-rmuser | ||
| + | * nessusd | ||
| + | * nessus-mkcert | ||
| + | * /etc/nessus | ||
| + | <br /> | ||
| + | ====<span style="color:navy">324.3 Network Monitoring</span>==== | ||
| + | {| | ||
| + | | style="background:#dadada" | '''Weight''' | ||
| + | | style="background:#eaeaea" | 3 | ||
| + | |- | ||
| + | | style="background:#dadada; padding-right:1em" | '''Description''' | ||
| + | | style="background:#eaeaea" | Candidates should be familiar with the use and configuration of network monitoring tools. | ||
| + | |} | ||
| + | '''Key Knowledge Areas:''' | ||
| + | * Nagios configuration and use | ||
| + | * ntop | ||
| + | '''The following is a partial list of the used files, terms and utilities:''' | ||
| + | * ntop | ||
| + | * nagios | ||
| + | * nagiostats | ||
| + | * nagios.cfg and other configuration files | ||
| + | <br /> | ||
| + | ====<span style="color:navy">324.4 netfilter/iptables</span>==== | ||
| + | {| | ||
| + | | style="background:#dadada" | '''Weight''' | ||
| + | | style="background:#eaeaea" | 5 | ||
| + | |- | ||
| + | | style="background:#dadada; padding-right:1em" | '''Description''' | ||
| + | | style="background:#eaeaea" | Candidates should be familiar with the use and configuration of iptables. | ||
| + | |} | ||
| + | '''Key Knowledge Areas:''' | ||
| + | * Iptables packet filtering and network address translation | ||
| + | '''The following is a partial list of the used files, terms and utilities:''' | ||
| + | * iptables | ||
| + | * iptables-save/iptables-restore | ||
| + | <br /> | ||
| + | ====<span style="color:navy">324.5 OpenVPN</span>==== | ||
| + | {| | ||
| + | | style="background:#dadada" | '''Weight''' | ||
| + | | style="background:#eaeaea" | 3 | ||
| + | |- | ||
| + | | style="background:#dadada; padding-right:1em" | '''Description''' | ||
| + | | style="background:#eaeaea" | Candidates should be familiar with the use of OpenVPN. | ||
| + | |} | ||
| + | '''Key Knowledge Areas:''' | ||
| + | * OpenVPN configuration and use | ||
| + | '''The following is a partial list of the used files, terms and utilities:''' | ||
| + | * /etc/openvpn/ | ||
| + | * openvpn server and client | ||
Revision as of 19:53, 3 December 2009
Contents
Introduction
TODO: Need a description for exam here
Version Information
These objectives are version 1.0.0.
Objectives
Topic 320: Cryptography
320.1 OpenSSL
| Weight | 4 |
| Description | Candidates should know how to configure and use OpenSSL. This includes creating your own Certificate Authority and issues SSL certificates for various applications. |
Key Knowledge Areas:
- certificate generation
- key generation
- SSL/TLS client and server tests
The following is a partial list of the used files, terms and utilities:
- openssl
- RSA, DH and DSA
- SSL
- X.509
- CSR
- CRL
320.2 Advanced GPG
| Weight | 4 |
| Description | Candidates should know how to use GPG. This includes key generation, signing and publishing to keyservers. Managing multiple private key and IDs is also included. |
Key Knowledge Areas:
- GPG encyption and signing
- private/public key management
- GPG key servers
- GPG configuration
The following is a partial list of the used files, terms and utilities:
- gpg
- gpgv
- gpg-agent
- ~/.gnupg/
320.3 Encrypted Filesystems
| Weight | 3 |
| Description | Candidates should be able to setup and configure encrypted filesystems. |
Key Knowledge Areas:
- LUKS
- dm-crypt and awareness of CBC, ESSIV, LRW and XTS modes
The following is a partial list of the used files, terms and utilities:
- dm-crypt
- cryptmount
- cryptsetup
Topic 321: Access Control
321.1 Host Based Access Control
| Weight | 2 |
| Description | Candidates should be familiar with basic host based access control such as nsswitch configuration, PAM and password cracking. |
Key Knowledge Areas:
- PAM and PAM configuration files
- password cracking
- nsswitch
The following is a partial list of the used files, terms and utilities:
- nsswitch.conf
- john
321.2 Extended Attributes and ACLs
| Weight | 5 |
| Description | Candidates are required to understand and know how to use Extended Attributes and Access Control Lists. |
Key Knowledge Areas:
- ACLs
- EAs and attribute classes
The following is a partial list of the used files, terms and utilities:
- getfacl
- setfacl
- getfattr
- setfattr
321.3 SELinux
| Weight | 6 |
| Description | Candidates should have a thorough knowledge of SELinux. |
Key Knowledge Areas:
- SELinux configuration and command line tools
- TE, RBAC, MAC and DAC concepts and use
The following is a partial list of the used files, terms and utilities:
- fixfiles/setfiles
- newrole
- setenforce/getenforce
- selinuxenabled
- semanage
- sestatus
- /etc/selinux/
- /etc/selinux.d/
321.4 Other Mandatory Access Control Systems
| Weight | 2 |
| Description | Candidates should be familiar with other Mandatory Access Control systems for Linux. This includes major features of these systems but not configuration and use. |
Key Knowledge Areas:
- SMACK
- AppArmor
The following is a partial list of the used files, terms and utilities:
- SMACK
- AppArmor
Topic 322: Application Security
322.1 BIND/DNS
| Weight | 2 |
| Description | Candidates should have experience and knowledge of security issues in use and configuration of BIND DNS services. |
Key Knowledge Areas:
- BIND v9
- BIND vulnerabilities
- chroot environments
The following is a partial list of the used files, terms and utilities:
- TSIG
- BIND ACLs
- named-checkconf
322.2 Mail Services
| Weight | 2 |
| Description | Candidates should have experience and knowledge of security issues in use and configuration of Postfix mail services. Awareness of security issues in Sendmail is also required but not configuration. |
Key Knowledge Areas:
- Postfix security centric configuration
- securing Sendmail
- chroot environments
The following is a partial list of the used files, terms and utilities:
- /etc/postfix/
- TLS
322.3 Apache/HTTP/HTTPS
| Weight | 2 |
| Description | Candidates should have experience and knowledge of security issues in use and configuration of Apache web services. |
Key Knowledge Areas:
- Apache v1 and v2 security centric configuration
The following is a partial list of the used files, terms and utilities:
- SSL
- .htaccess
- Basic Authentication
- htpasswd
- AllowOverride
322.4 FTP
| Weight | 1 |
| Description | Candidates should have experience and knowledge of security issues in use and configuration of Pure-FTPd and vsftpd FTP services. |
Key Knowledge Areas:
- Pure-FTPd configuration and important command line options
- vsftpd configuration
- chroot environments
The following is a partial list of the used files, terms and utilities:
- SSL/TLS
- vsftp.conf
322.5 OpenSSH
| Weight | 3 |
| Description | Candidates should have experience and knowledge of security issues in use and configuration of OpenSSH SSH services. |
Key Knowledge Areas:
- OpenSSH configuration and command line tools
- OpenSSH key management and access control
- Awareness of SSH protocol v1 and v2 security issues
The following is a partial list of the used files, terms and utilities:
- /etc/ssh/
- ~/.ssh/
- ssh-keygen
- ssh-agent
- ssh-vulnkey
322.6 NFSv4
| Weight | 1 |
| Description | Candidates should have experience and knowledge of security issues in use and configuration of NFSv4 NFS services. Earlier versions of NFS are not required knowledge. |
Key Knowledge Areas:
- NFSv4 security improvements, issues and use
- NFSv4 pseudo file system
- NFSv4 security mechanisms (LIPKEY, SPKM, Kerberos)
The following is a partial list of the used files, terms and utilities:
- NFSv4 ACLs
- nfs4acl
- RPCSEC_GSS
- /etc/exports
322.7 Syslog
| Weight | 1 |
| Description | Candidates should have experience and knowledge of security issues in use and configuration of syslog services. |
Key Knowledge Areas:
- syslog security issues
- chroot environments
The following is a partial list of the used files, terms and utilities:
- remote syslog servers
Topic 323: Operations Security
323.1 Host Configuration Management
| Weight | 2 |
| Description | Candidates should be familiar with the use of RCS and Puppet for host configuration management. |
Key Knowledge Areas:
- RCS
- Puppet
The following is a partial list of the used files, terms and utilities:
- RCS
- ci/co
- rcsdiff
- puppet
- puppetd
- puppetmasterd
- /etc/puppet/
Topic 324: Network Security
324.1 Intrusion Detection
| Weight | 4 |
| Description | Candidates should be familiar with the use and configuration of intrusion detection software. |
Key Knowledge Areas:
- Snort configuration, rules and use
- Tripwire configuration, policies and use
The following is a partial list of the used files, terms and utilities:
- snort
- snort-stat
- /etc/snort/
- tripwire
- twadmin
- /etc/tripwire/
324.2 Network Security Scanning
| Weight | 5 |
| Description | Candidates should be familiar with the use and configuration of network security scanning tools. |
Key Knowledge Areas:
- Nessus configuration, NASL and use
- Wireshark filters and use
The following is a partial list of the used files, terms and utilities:
- nmap
- wireshark
- tshark
- tcpdump
- nessus
- nessus-adduser/nessus-rmuser
- nessusd
- nessus-mkcert
- /etc/nessus
324.3 Network Monitoring
| Weight | 3 |
| Description | Candidates should be familiar with the use and configuration of network monitoring tools. |
Key Knowledge Areas:
- Nagios configuration and use
- ntop
The following is a partial list of the used files, terms and utilities:
- ntop
- nagios
- nagiostats
- nagios.cfg and other configuration files
324.4 netfilter/iptables
| Weight | 5 |
| Description | Candidates should be familiar with the use and configuration of iptables. |
Key Knowledge Areas:
- Iptables packet filtering and network address translation
The following is a partial list of the used files, terms and utilities:
- iptables
- iptables-save/iptables-restore
324.5 OpenVPN
| Weight | 3 |
| Description | Candidates should be familiar with the use of OpenVPN. |
Key Knowledge Areas:
- OpenVPN configuration and use
The following is a partial list of the used files, terms and utilities:
- /etc/openvpn/
- openvpn server and client
