LPIC-303(ES)
Contents
Introduction
TODO: Need a description for exam here
Version Information
These objectives are version 1.0.0.
Translations of Objectives
The following translations of the objectives are available on this wiki:
- English
- Spanish
Objectives
Topic 320: Cryptography
320.1 OpenSSL
| Weight | 4 |
| Description | Candidates should know how to configure and use OpenSSL. This includes creating your own Certificate Authority and issues SSL certificates for various applications. |
Key Knowledge Areas:
- certificate generation
- key generation
- SSL/TLS client and server tests
The following is a partial list of the used files, terms and utilities:
- openssl
- RSA, DH and DSA
- SSL
- X.509
- CSR
- CRL
320.2 Advanced GPG
| Weight | 4 |
| Description | Candidates should know how to use GPG. This includes key generation, signing and publishing to keyservers. Managing multiple private key and IDs is also included. |
Key Knowledge Areas:
- GPG encyption and signing
- private/public key management
- GPG key servers
- GPG configuration
The following is a partial list of the used files, terms and utilities:
- gpg
- gpgv
- gpg-agent
- ~/.gnupg/
320.3 Encrypted Filesystems
| Weight | 3 |
| Description | Candidates should be able to setup and configure encrypted filesystems. |
Key Knowledge Areas:
- LUKS
- dm-crypt and awareness of CBC, ESSIV, LRW and XTS modes
The following is a partial list of the used files, terms and utilities:
- dm-crypt
- cryptmount
- cryptsetup
Topic 321: Access Control
321.1 Host Based Access Control
| Weight | 2 |
| Description | Candidates should be familiar with basic host based access control such as nsswitch configuration, PAM and password cracking. |
Key Knowledge Areas:
- PAM and PAM configuration files
- password cracking
- nsswitch
The following is a partial list of the used files, terms and utilities:
- nsswitch.conf
- john
321.2 Extended Attributes and ACLs
| Weight | 5 |
| Description | Candidates are required to understand and know how to use Extended Attributes and Access Control Lists. |
Key Knowledge Areas:
- ACLs
- EAs and attribute classes
The following is a partial list of the used files, terms and utilities:
- getfacl
- setfacl
- getfattr
- setfattr
321.3 SELinux
| Weight | 6 |
| Description | Candidates should have a thorough knowledge of SELinux. |
Key Knowledge Areas:
- SELinux configuration and command line tools
- TE, RBAC, MAC and DAC concepts and use
The following is a partial list of the used files, terms and utilities:
- fixfiles/setfiles
- newrole
- setenforce/getenforce
- selinuxenabled
- semanage
- sestatus
- /etc/selinux/
- /etc/selinux.d/
321.4 Other Mandatory Access Control Systems
| Weight | 2 |
| Description | Candidates should be familiar with other Mandatory Access Control systems for Linux. This includes major features of these systems but not configuration and use. |
Key Knowledge Areas:
- SMACK
- AppArmor
The following is a partial list of the used files, terms and utilities:
- SMACK
- AppArmor
Topic 322: Application Security
322.1 BIND/DNS
| Weight | 2 |
| Description | Candidates should have experience and knowledge of security issues in use and configuration of BIND DNS services. |
Key Knowledge Areas:
- BIND v9
- BIND vulnerabilities
- chroot environments
The following is a partial list of the used files, terms and utilities:
- TSIG
- BIND ACLs
- named-checkconf
322.2 Mail Services
| Weight | 2 |
| Description | Candidates should have experience and knowledge of security issues in use and configuration of Postfix mail services. Awareness of security issues in Sendmail is also required but not configuration. |
Key Knowledge Areas:
- Postfix security centric configuration
- securing Sendmail
- chroot environments
The following is a partial list of the used files, terms and utilities:
- /etc/postfix/
- TLS
322.3 Apache/HTTP/HTTPS
| Weight | 2 |
| Description | Candidates should have experience and knowledge of security issues in use and configuration of Apache web services. |
Key Knowledge Areas:
- Apache v1 and v2 security centric configuration
The following is a partial list of the used files, terms and utilities:
- SSL
- .htaccess
- Basic Authentication
- htpasswd
- AllowOverride
322.4 FTP
| Weight | 1 |
| Description | Candidates should have experience and knowledge of security issues in use and configuration of Pure-FTPd and vsftpd FTP services. |
Key Knowledge Areas:
- Pure-FTPd configuration and important command line options
- vsftpd configuration
- chroot environments
The following is a partial list of the used files, terms and utilities:
- SSL/TLS
- vsftp.conf
322.5 OpenSSH
| Weight | 3 |
| Description | Candidates should have experience and knowledge of security issues in use and configuration of OpenSSH SSH services. |
Key Knowledge Areas:
- OpenSSH configuration and command line tools
- OpenSSH key management and access control
- Awareness of SSH protocol v1 and v2 security issues
The following is a partial list of the used files, terms and utilities:
- /etc/ssh/
- ~/.ssh/
- ssh-keygen
- ssh-agent
- ssh-vulnkey
322.6 NFSv4
| Weight | 1 |
| Description | Candidates should have experience and knowledge of security issues in use and configuration of NFSv4 NFS services. Earlier versions of NFS are not required knowledge. |
Key Knowledge Areas:
- NFSv4 security improvements, issues and use
- NFSv4 pseudo file system
- NFSv4 security mechanisms (LIPKEY, SPKM, Kerberos)
The following is a partial list of the used files, terms and utilities:
- NFSv4 ACLs
- nfs4acl
- RPCSEC_GSS
- /etc/exports
322.7 Syslog
| Weight | 1 |
| Description | Candidates should have experience and knowledge of security issues in use and configuration of syslog services. |
Key Knowledge Areas:
- syslog security issues
- chroot environments
The following is a partial list of the used files, terms and utilities:
- remote syslog servers
Topic 323: Operations Security
323.1 Host Configuration Management
| Weight | 2 |
| Description | Candidates should be familiar with the use of RCS and Puppet for host configuration management. |
Key Knowledge Areas:
- RCS
- Puppet
The following is a partial list of the used files, terms and utilities:
- RCS
- ci/co
- rcsdiff
- puppet
- puppetd
- puppetmasterd
- /etc/puppet/
Topic 324: Network Security
324.1 Intrusion Detection
| Weight | 4 |
| Description | Candidates should be familiar with the use and configuration of intrusion detection software. |
Key Knowledge Areas:
- Snort configuration, rules and use
- Tripwire configuration, policies and use
The following is a partial list of the used files, terms and utilities:
- snort
- snort-stat
- /etc/snort/
- tripwire
- twadmin
- /etc/tripwire/
324.2 Network Security Scanning
| Weight | 5 |
| Description | Candidates should be familiar with the use and configuration of network security scanning tools. |
Key Knowledge Areas:
- Nessus configuration, NASL and use
- Wireshark filters and use
The following is a partial list of the used files, terms and utilities:
- nmap
- wireshark
- tshark
- tcpdump
- nessus
- nessus-adduser/nessus-rmuser
- nessusd
- nessus-mkcert
- /etc/nessus
324.3 Network Monitoring
| Weight | 3 |
| Description | Candidates should be familiar with the use and configuration of network monitoring tools. |
Key Knowledge Areas:
- Nagios configuration and use
- ntop
The following is a partial list of the used files, terms and utilities:
- ntop
- nagios
- nagiostats
- nagios.cfg and other configuration files
324.4 netfilter/iptables
| Weight | 5 |
| Description | Candidates should be familiar with the use and configuration of iptables. |
Key Knowledge Areas:
- Iptables packet filtering and network address translation
The following is a partial list of the used files, terms and utilities:
- iptables
- iptables-save/iptables-restore
324.5 OpenVPN
| Weight | 3 |
| Description | Candidates should be familiar with the use of OpenVPN. |
Key Knowledge Areas:
- OpenVPN configuration and use
The following is a partial list of the used files, terms and utilities:
- /etc/openvpn/
- openvpn server and client
