Difference between revisions of "LPIC-303 Objectives V1"

From LPI Wiki
Jump to: navigation, search
(Created page with 'Placeholder for LPIC-3 303 objectives')
 
Line 1: Line 1:
Placeholder for LPIC-3 303 objectives
+
__FORCETOC__
 +
==Introduction==
 +
TODO: Need a description for exam here
 +
<br />
 +
<br />
 +
==Version Information==
 +
These objectives are version 1.0.0.
 +
<br />
 +
<br />
 +
==Objectives==
 +
===''Topic 320: Cryptography''===
 +
====<span style="color:navy">320.1 OpenSSL</span>====
 +
{|
 +
| style="background:#dadada" | '''Weight'''
 +
| style="background:#eaeaea" | 4
 +
|-
 +
| style="background:#dadada; padding-right:1em" | '''Description'''
 +
| style="background:#eaeaea" | Candidates should know how to configure and use OpenSSL. This includes creating your own Certificate Authority and issues SSL certificates for various applications.
 +
|}
 +
'''Key Knowledge Areas:'''
 +
* certificate generation
 +
* key generation
 +
* SSL/TLS client and server tests
 +
'''The following is a partial list of the used files, terms and utilities:'''
 +
* openssl
 +
* RSA, DH and DSA
 +
* SSL
 +
* X.509
 +
* CSR
 +
* CRL
 +
<br />
 +
====<span style="color:navy">320.2 Advanced GPG</span>====
 +
{|
 +
| style="background:#dadada" | '''Weight'''
 +
| style="background:#eaeaea" | 4
 +
|-
 +
| style="background:#dadada; padding-right:1em" | '''Description'''
 +
| style="background:#eaeaea" | Candidates should know how to use GPG. This includes key generation, signing and publishing to keyservers. Managing multiple private key and IDs is also included.
 +
|}
 +
'''Key Knowledge Areas:'''
 +
* GPG encyption and signing
 +
* private/public key management
 +
* GPG key servers
 +
* GPG configuration
 +
'''The following is a partial list of the used files, terms and utilities:'''
 +
* gpg
 +
* gpgv
 +
* gpg-agent
 +
* ~/.gnupg/
 +
<br />
 +
====<span style="color:navy">320.3 Encrypted Filesystems</span>====
 +
{|
 +
| style="background:#dadada" | '''Weight'''
 +
| style="background:#eaeaea" | 3
 +
|-
 +
| style="background:#dadada; padding-right:1em" | '''Description'''
 +
| style="background:#eaeaea" | Candidates should be able to setup and configure encrypted filesystems.
 +
|}
 +
'''Key Knowledge Areas:'''
 +
* LUKS
 +
* dm-crypt and awareness of CBC, ESSIV, LRW and XTS modes
 +
'''The following is a partial list of the used files, terms and utilities:'''
 +
* dm-crypt
 +
* cryptmount
 +
* cryptsetup
 +
<br />
 +
<br />
 +
===''Topic 321: Access Control''===
 +
====<span style="color:navy">321.1 Host Based Access Control</span>====
 +
{|
 +
| style="background:#dadada" | '''Weight'''
 +
| style="background:#eaeaea" | 2
 +
|-
 +
| style="background:#dadada; padding-right:1em" | '''Description'''
 +
| style="background:#eaeaea" | Candidates should be familiar with basic host based access control such as nsswitch configuration, PAM and password cracking.
 +
|}
 +
'''Key Knowledge Areas:'''
 +
* PAM and PAM configuration files
 +
* password cracking
 +
* nsswitch
 +
'''The following is a partial list of the used files, terms and utilities:'''
 +
* nsswitch.conf
 +
* john
 +
<br />
 +
====<span style="color:navy">321.2 Extended Attributes and ACLs</span>====
 +
{|
 +
| style="background:#dadada" | '''Weight'''
 +
| style="background:#eaeaea" | 5
 +
|-
 +
| style="background:#dadada; padding-right:1em" | '''Description'''
 +
| style="background:#eaeaea" | Candidates are required to understand and know how to use Extended Attributes and Access Control Lists.
 +
|}
 +
'''Key Knowledge Areas:'''
 +
* ACLs
 +
* EAs and attribute classes
 +
'''The following is a partial list of the used files, terms and utilities:'''
 +
* getfacl
 +
* setfacl
 +
* getfattr
 +
* setfattr
 +
<br />
 +
====<span style="color:navy">321.3 SELinux</span>====
 +
{|
 +
| style="background:#dadada" | '''Weight'''
 +
| style="background:#eaeaea" | 6
 +
|-
 +
| style="background:#dadada; padding-right:1em" | '''Description'''
 +
| style="background:#eaeaea" | Candidates should have a thorough knowledge of SELinux.
 +
|}
 +
'''Key Knowledge Areas:'''
 +
* SELinux configuration and command line tools
 +
* TE, RBAC, MAC and DAC concepts and use
 +
'''The following is a partial list of the used files, terms and utilities:'''
 +
* fixfiles/setfiles
 +
* newrole
 +
* setenforce/getenforce
 +
* selinuxenabled
 +
* semanage
 +
* sestatus
 +
* /etc/selinux/
 +
* /etc/selinux.d/
 +
<br />
 +
====<span style="color:navy">321.4 Other Mandatory Access Control Systems</span>====
 +
{|
 +
| style="background:#dadada" | '''Weight'''
 +
| style="background:#eaeaea" | 2
 +
|-
 +
| style="background:#dadada; padding-right:1em" | '''Description'''
 +
| style="background:#eaeaea" | Candidates should be familiar with other Mandatory Access Control systems for Linux. This includes major features of these systems but not configuration and use.
 +
|}
 +
'''Key Knowledge Areas:'''
 +
* SMACK
 +
* AppArmor
 +
'''The following is a partial list of the used files, terms and utilities:'''
 +
* SMACK
 +
* AppArmor
 +
<br />
 +
<br />
 +
===''Topic 322: Application Security''===
 +
====<span style="color:navy">322.1 BIND/DNS</span>====
 +
{|
 +
| style="background:#dadada" | '''Weight'''
 +
| style="background:#eaeaea" | 2
 +
|-
 +
| style="background:#dadada; padding-right:1em" | '''Description'''
 +
| style="background:#eaeaea" | Candidates should have experience and knowledge of security issues in use and configuration of BIND DNS services.
 +
|}
 +
'''Key Knowledge Areas:'''
 +
* BIND v9
 +
* BIND vulnerabilities
 +
* chroot environments
 +
'''The following is a partial list of the used files, terms and utilities:'''
 +
* TSIG
 +
* BIND ACLs
 +
* named-checkconf
 +
<br />
 +
====<span style="color:navy">322.2 Mail Services</span>====
 +
{|
 +
| style="background:#dadada" | '''Weight'''
 +
| style="background:#eaeaea" | 2
 +
|-
 +
| style="background:#dadada; padding-right:1em" | '''Description'''
 +
| style="background:#eaeaea" | Candidates should have experience and knowledge of security issues in use and configuration of Postfix mail services. Awareness of security issues in Sendmail is also required but not configuration.
 +
|}
 +
'''Key Knowledge Areas:'''
 +
* Postfix security centric configuration
 +
* securing Sendmail
 +
* chroot environments
 +
'''The following is a partial list of the used files, terms and utilities:'''
 +
* /etc/postfix/
 +
* TLS
 +
<br />
 +
====<span style="color:navy">322.3 Apache/HTTP/HTTPS</span>====
 +
{|
 +
| style="background:#dadada" | '''Weight'''
 +
| style="background:#eaeaea" | 2
 +
|-
 +
| style="background:#dadada; padding-right:1em" | '''Description'''
 +
| style="background:#eaeaea" | Candidates should have experience and knowledge of security issues in use and configuration of Apache web services.
 +
|}
 +
'''Key Knowledge Areas:'''
 +
* Apache v1 and v2 security centric configuration
 +
'''The following is a partial list of the used files, terms and utilities:'''
 +
* SSL
 +
* .htaccess
 +
* Basic Authentication
 +
* htpasswd
 +
* AllowOverride
 +
<br />
 +
====<span style="color:navy">322.4 FTP</span>====
 +
{|
 +
| style="background:#dadada" | '''Weight'''
 +
| style="background:#eaeaea" | 1
 +
|-
 +
| style="background:#dadada; padding-right:1em" | '''Description'''
 +
| style="background:#eaeaea" | Candidates should have experience and knowledge of security issues in use and configuration of Pure-FTPd and vsftpd FTP services.
 +
|}
 +
'''Key Knowledge Areas:'''
 +
* Pure-FTPd configuration and important command line options
 +
* vsftpd configuration
 +
* chroot environments
 +
'''The following is a partial list of the used files, terms and utilities:'''
 +
* SSL/TLS
 +
* vsftp.conf
 +
<br />
 +
====<span style="color:navy">322.5 OpenSSH</span>====
 +
{|
 +
| style="background:#dadada" | '''Weight'''
 +
| style="background:#eaeaea" | 3
 +
|-
 +
| style="background:#dadada; padding-right:1em" | '''Description'''
 +
| style="background:#eaeaea" | Candidates should have experience and knowledge of security issues in use and configuration of OpenSSH SSH services.
 +
|}
 +
'''Key Knowledge Areas:'''
 +
* OpenSSH configuration and command line tools
 +
* OpenSSH key management and access control
 +
* Awareness of SSH protocol v1 and v2 security issues
 +
'''The following is a partial list of the used files, terms and utilities:'''
 +
* /etc/ssh/
 +
* ~/.ssh/
 +
* ssh-keygen
 +
* ssh-agent
 +
* ssh-vulnkey
 +
<br />
 +
====<span style="color:navy">322.6 NFSv4</span>====
 +
{|
 +
| style="background:#dadada" | '''Weight'''
 +
| style="background:#eaeaea" | 1
 +
|-
 +
| style="background:#dadada; padding-right:1em" | '''Description'''
 +
| style="background:#eaeaea" | Candidates should have experience and knowledge of security issues in use and configuration of NFSv4 NFS services. Earlier versions of NFS are not required knowledge.
 +
|}
 +
'''Key Knowledge Areas:'''
 +
* NFSv4 security improvements, issues and use
 +
* NFSv4 pseudo file system
 +
* NFSv4 security mechanisms (LIPKEY, SPKM, Kerberos)
 +
'''The following is a partial list of the used files, terms and utilities:'''
 +
* NFSv4 ACLs
 +
* nfs4acl
 +
* RPCSEC_GSS
 +
* /etc/exports
 +
<br />
 +
====<span style="color:navy">322.7 Syslog</span>====
 +
{|
 +
| style="background:#dadada" | '''Weight'''
 +
| style="background:#eaeaea" | 1
 +
|-
 +
| style="background:#dadada; padding-right:1em" | '''Description'''
 +
| style="background:#eaeaea" | Candidates should have experience and knowledge of security issues in use and configuration of syslog services.
 +
|}
 +
'''Key Knowledge Areas:'''
 +
* syslog security issues
 +
* chroot environments
 +
'''The following is a partial list of the used files, terms and utilities:'''
 +
* remote syslog servers
 +
<br />
 +
<br />
 +
===''Topic 323: Operations Security''===
 +
====<span style="color:navy">323.1 Host Configuration Management</span>====
 +
{|
 +
| style="background:#dadada" | '''Weight'''
 +
| style="background:#eaeaea" | 2
 +
|-
 +
| style="background:#dadada; padding-right:1em" | '''Description'''
 +
| style="background:#eaeaea" | Candidates should be familiar with the use of RCS and Puppet for host configuration management.
 +
|}
 +
'''Key Knowledge Areas:'''
 +
* RCS
 +
* Puppet
 +
'''The following is a partial list of the used files, terms and utilities:'''
 +
* RCS
 +
* ci/co
 +
* rcsdiff
 +
* puppet
 +
* puppetd
 +
* puppetmasterd
 +
* /etc/puppet/
 +
<br />
 +
<br />
 +
===''Topic 324: Network Security''===
 +
====<span style="color:navy">324.1 Intrusion Detection</span>====
 +
{|
 +
| style="background:#dadada" | '''Weight'''
 +
| style="background:#eaeaea" | 4
 +
|-
 +
| style="background:#dadada; padding-right:1em" | '''Description'''
 +
| style="background:#eaeaea" | Candidates should be familiar with the use and configuration of intrusion detection software.
 +
|}
 +
'''Key Knowledge Areas:'''
 +
* Snort configuration, rules and use
 +
* Tripwire configuration, policies and use
 +
'''The following is a partial list of the used files, terms and utilities:'''
 +
* snort
 +
* snort-stat
 +
* /etc/snort/
 +
* tripwire
 +
* twadmin
 +
* /etc/tripwire/
 +
<br />
 +
====<span style="color:navy">324.2 Network Security Scanning</span>====
 +
{|
 +
| style="background:#dadada" | '''Weight'''
 +
| style="background:#eaeaea" | 5
 +
|-
 +
| style="background:#dadada; padding-right:1em" | '''Description'''
 +
| style="background:#eaeaea" | Candidates should be familiar with the use and configuration of network security scanning tools.
 +
|}
 +
'''Key Knowledge Areas:'''
 +
* Nessus configuration, NASL and use
 +
* Wireshark filters and use
 +
'''The following is a partial list of the used files, terms and utilities:'''
 +
* nmap
 +
* wireshark
 +
* tshark
 +
* tcpdump
 +
* nessus
 +
* nessus-adduser/nessus-rmuser
 +
* nessusd
 +
* nessus-mkcert
 +
* /etc/nessus
 +
<br />
 +
====<span style="color:navy">324.3 Network Monitoring</span>====
 +
{|
 +
| style="background:#dadada" | '''Weight'''
 +
| style="background:#eaeaea" | 3
 +
|-
 +
| style="background:#dadada; padding-right:1em" | '''Description'''
 +
| style="background:#eaeaea" | Candidates should be familiar with the use and configuration of network monitoring tools.
 +
|}
 +
'''Key Knowledge Areas:'''
 +
* Nagios configuration and use
 +
* ntop
 +
'''The following is a partial list of the used files, terms and utilities:'''
 +
* ntop
 +
* nagios
 +
* nagiostats
 +
* nagios.cfg and other configuration files
 +
<br />
 +
====<span style="color:navy">324.4 netfilter/iptables</span>====
 +
{|
 +
| style="background:#dadada" | '''Weight'''
 +
| style="background:#eaeaea" | 5
 +
|-
 +
| style="background:#dadada; padding-right:1em" | '''Description'''
 +
| style="background:#eaeaea" | Candidates should be familiar with the use and configuration of iptables.
 +
|}
 +
'''Key Knowledge Areas:'''
 +
* Iptables packet filtering and network address translation
 +
'''The following is a partial list of the used files, terms and utilities:'''
 +
* iptables
 +
* iptables-save/iptables-restore
 +
<br />
 +
====<span style="color:navy">324.5 OpenVPN</span>====
 +
{|
 +
| style="background:#dadada" | '''Weight'''
 +
| style="background:#eaeaea" | 3
 +
|-
 +
| style="background:#dadada; padding-right:1em" | '''Description'''
 +
| style="background:#eaeaea" | Candidates should be familiar with the use of OpenVPN.
 +
|}
 +
'''Key Knowledge Areas:'''
 +
* OpenVPN configuration and use
 +
'''The following is a partial list of the used files, terms and utilities:'''
 +
* /etc/openvpn/
 +
* openvpn server and client

Revision as of 20:53, 3 December 2009

Introduction

TODO: Need a description for exam here

Version Information

These objectives are version 1.0.0.

Objectives

Topic 320: Cryptography

320.1 OpenSSL

Weight 4
Description Candidates should know how to configure and use OpenSSL. This includes creating your own Certificate Authority and issues SSL certificates for various applications.

Key Knowledge Areas:

  • certificate generation
  • key generation
  • SSL/TLS client and server tests

The following is a partial list of the used files, terms and utilities:

  • openssl
  • RSA, DH and DSA
  • SSL
  • X.509
  • CSR
  • CRL


320.2 Advanced GPG

Weight 4
Description Candidates should know how to use GPG. This includes key generation, signing and publishing to keyservers. Managing multiple private key and IDs is also included.

Key Knowledge Areas:

  • GPG encyption and signing
  • private/public key management
  • GPG key servers
  • GPG configuration

The following is a partial list of the used files, terms and utilities:

  • gpg
  • gpgv
  • gpg-agent
  • ~/.gnupg/


320.3 Encrypted Filesystems

Weight 3
Description Candidates should be able to setup and configure encrypted filesystems.

Key Knowledge Areas:

  • LUKS
  • dm-crypt and awareness of CBC, ESSIV, LRW and XTS modes

The following is a partial list of the used files, terms and utilities:

  • dm-crypt
  • cryptmount
  • cryptsetup



Topic 321: Access Control

321.1 Host Based Access Control

Weight 2
Description Candidates should be familiar with basic host based access control such as nsswitch configuration, PAM and password cracking.

Key Knowledge Areas:

  • PAM and PAM configuration files
  • password cracking
  • nsswitch

The following is a partial list of the used files, terms and utilities:

  • nsswitch.conf
  • john


321.2 Extended Attributes and ACLs

Weight 5
Description Candidates are required to understand and know how to use Extended Attributes and Access Control Lists.

Key Knowledge Areas:

  • ACLs
  • EAs and attribute classes

The following is a partial list of the used files, terms and utilities:

  • getfacl
  • setfacl
  • getfattr
  • setfattr


321.3 SELinux

Weight 6
Description Candidates should have a thorough knowledge of SELinux.

Key Knowledge Areas:

  • SELinux configuration and command line tools
  • TE, RBAC, MAC and DAC concepts and use

The following is a partial list of the used files, terms and utilities:

  • fixfiles/setfiles
  • newrole
  • setenforce/getenforce
  • selinuxenabled
  • semanage
  • sestatus
  • /etc/selinux/
  • /etc/selinux.d/


321.4 Other Mandatory Access Control Systems

Weight 2
Description Candidates should be familiar with other Mandatory Access Control systems for Linux. This includes major features of these systems but not configuration and use.

Key Knowledge Areas:

  • SMACK
  • AppArmor

The following is a partial list of the used files, terms and utilities:

  • SMACK
  • AppArmor



Topic 322: Application Security

322.1 BIND/DNS

Weight 2
Description Candidates should have experience and knowledge of security issues in use and configuration of BIND DNS services.

Key Knowledge Areas:

  • BIND v9
  • BIND vulnerabilities
  • chroot environments

The following is a partial list of the used files, terms and utilities:

  • TSIG
  • BIND ACLs
  • named-checkconf


322.2 Mail Services

Weight 2
Description Candidates should have experience and knowledge of security issues in use and configuration of Postfix mail services. Awareness of security issues in Sendmail is also required but not configuration.

Key Knowledge Areas:

  • Postfix security centric configuration
  • securing Sendmail
  • chroot environments

The following is a partial list of the used files, terms and utilities:

  • /etc/postfix/
  • TLS


322.3 Apache/HTTP/HTTPS

Weight 2
Description Candidates should have experience and knowledge of security issues in use and configuration of Apache web services.

Key Knowledge Areas:

  • Apache v1 and v2 security centric configuration

The following is a partial list of the used files, terms and utilities:

  • SSL
  • .htaccess
  • Basic Authentication
  • htpasswd
  • AllowOverride


322.4 FTP

Weight 1
Description Candidates should have experience and knowledge of security issues in use and configuration of Pure-FTPd and vsftpd FTP services.

Key Knowledge Areas:

  • Pure-FTPd configuration and important command line options
  • vsftpd configuration
  • chroot environments

The following is a partial list of the used files, terms and utilities:

  • SSL/TLS
  • vsftp.conf


322.5 OpenSSH

Weight 3
Description Candidates should have experience and knowledge of security issues in use and configuration of OpenSSH SSH services.

Key Knowledge Areas:

  • OpenSSH configuration and command line tools
  • OpenSSH key management and access control
  • Awareness of SSH protocol v1 and v2 security issues

The following is a partial list of the used files, terms and utilities:

  • /etc/ssh/
  • ~/.ssh/
  • ssh-keygen
  • ssh-agent
  • ssh-vulnkey


322.6 NFSv4

Weight 1
Description Candidates should have experience and knowledge of security issues in use and configuration of NFSv4 NFS services. Earlier versions of NFS are not required knowledge.

Key Knowledge Areas:

  • NFSv4 security improvements, issues and use
  • NFSv4 pseudo file system
  • NFSv4 security mechanisms (LIPKEY, SPKM, Kerberos)

The following is a partial list of the used files, terms and utilities:

  • NFSv4 ACLs
  • nfs4acl
  • RPCSEC_GSS
  • /etc/exports


322.7 Syslog

Weight 1
Description Candidates should have experience and knowledge of security issues in use and configuration of syslog services.

Key Knowledge Areas:

  • syslog security issues
  • chroot environments

The following is a partial list of the used files, terms and utilities:

  • remote syslog servers



Topic 323: Operations Security

323.1 Host Configuration Management

Weight 2
Description Candidates should be familiar with the use of RCS and Puppet for host configuration management.

Key Knowledge Areas:

  • RCS
  • Puppet

The following is a partial list of the used files, terms and utilities:

  • RCS
  • ci/co
  • rcsdiff
  • puppet
  • puppetd
  • puppetmasterd
  • /etc/puppet/



Topic 324: Network Security

324.1 Intrusion Detection

Weight 4
Description Candidates should be familiar with the use and configuration of intrusion detection software.

Key Knowledge Areas:

  • Snort configuration, rules and use
  • Tripwire configuration, policies and use

The following is a partial list of the used files, terms and utilities:

  • snort
  • snort-stat
  • /etc/snort/
  • tripwire
  • twadmin
  • /etc/tripwire/


324.2 Network Security Scanning

Weight 5
Description Candidates should be familiar with the use and configuration of network security scanning tools.

Key Knowledge Areas:

  • Nessus configuration, NASL and use
  • Wireshark filters and use

The following is a partial list of the used files, terms and utilities:

  • nmap
  • wireshark
  • tshark
  • tcpdump
  • nessus
  • nessus-adduser/nessus-rmuser
  • nessusd
  • nessus-mkcert
  • /etc/nessus


324.3 Network Monitoring

Weight 3
Description Candidates should be familiar with the use and configuration of network monitoring tools.

Key Knowledge Areas:

  • Nagios configuration and use
  • ntop

The following is a partial list of the used files, terms and utilities:

  • ntop
  • nagios
  • nagiostats
  • nagios.cfg and other configuration files


324.4 netfilter/iptables

Weight 5
Description Candidates should be familiar with the use and configuration of iptables.

Key Knowledge Areas:

  • Iptables packet filtering and network address translation

The following is a partial list of the used files, terms and utilities:

  • iptables
  • iptables-save/iptables-restore


324.5 OpenVPN

Weight 3
Description Candidates should be familiar with the use of OpenVPN.

Key Knowledge Areas:

  • OpenVPN configuration and use

The following is a partial list of the used files, terms and utilities:

  • /etc/openvpn/
  • openvpn server and client