LPI Wiki - User contributions [en]

Linux Essentials Summary Version 1.6 To 2.0

2026-03-05T10:08:19Z

Babafou: s/ascpects/aspects/, added a comma

__FORCETOC__

=Purpose=

This document is meant to provide a detailed overview into what has changed with the objectives update for the Linux Essentials exam (010). A detailed diff is available in the [https://wiki.lpi.org/w/index.php?title=Linux_Essentials_Objectives_V2.0&diff=&oldid=5877 document history of the objectives page].

=Changes in Exam 010=

The following changes constitute the update of exam 010 from version 1.6 to version 2.0:

* '''Topic 1: The Linux Operating System and Open Source Software''' (renamed from ''The Linux Community and a Career in Open Source'')
** '''1.1 Linux Distributions''' (renamed from ''Linux Evolution and Popular Operating Systems'')
*** Changed to better reflect Linux distribution families, include support schemas and Linux components (kernelspace and userspace)
*** Updated description
*** Added 'Kernel and userspace'
*** Added 'Distribution life cycle management' (moved from 4.1)
*** Added 'Awareness of Android and its relation to Linux'
*** Replaced individual distribution names with distribution family groupings:
**** Added 'Debian-based Distributions (Debian GNU/Linux, Ubuntu, Raspberry Pi OS)' — replaces 'Debian, Ubuntu (LTS)' and 'Raspberry Pi, Raspbian'
**** Added 'Enterprise Linux-based Distributions (Red Hat Enterprise Linux, AlmaLinux, Rocky Linux, Fedora Linux, CentOS Stream)' — replaces 'CentOS, Red Hat'
**** Added 'SUSE-based Distributions (SUSE Linux Enterprise, openSUSE Leap, openSUSE Tumbleweed)' — replaces 'openSUSE, SUSE'
**** Added 'Alpine Linux (main and edge)'
**** Added 'Long-Term Support (LTS), stable, testing and unstable releases, and rolling releases'
**** Removed 'Linux Mint, Scientific Linux'
** '''1.2 Major Open Source Applications'''
*** Updated description to clarify that awareness of purpose and features is required, not specific usage or installation details
*** Changed 'Development languages' to 'Programming languages'
*** Added 'Web applications'
*** Added 'Software packages and repositories'
*** Added (awareness level) 'Chromium / Chrome, Codium / VS Code, Inkscape, VLC, GPG, R'
*** Added (awareness level) 'Kodi, Jitsi, Big Blue Button, Moodle, Git, GitLab, Forgejo / Gitea'
*** Added (awareness level) 'PostgreSQL'
*** Added (awareness level) 'C++, Rust, Go'
*** Added 'apt, dnf, zypper, apk'
*** Removed 'OpenOffice.org'
*** Removed 'Perl, shell'
** '''1.3 Open Source Software and Licensing'''
*** Updated description to add digital autonomy and digital sovereignty
*** Editorial changes to the description
*** Changed 'Open source licensing' to 'Open source and open content licensing'
*** Added 'Proprietary software'
*** Added: 'Free software'
*** Added: 'Digital autonomy', 'Digital sovereignty'
*** Removed: 'FOSS, FLOSS', 'Open source business models'
** '''1.4 Linux Usage''' (renamed from ''ICT Skills and Working in Linux'')
*** Changed to focus on various kinds of system that run Linux as well as securely accessing remote system, such as cloud providers
*** Updated description
*** Added 'Understanding types of computers that can run Linux'
*** Added 'Awareness of virtualization, containers and cloud computing'
*** Added 'Awareness of common text editors'
*** Added 'Awareness of configuration management tools'
*** Added 'Secure handling of credentials'
*** Added 'Secure transfer and storage of data'
*** Added 'Desktop computers, laptops and other mobile devices'
*** Added 'Server computers, virtual machines and cloud instances'
*** Added 'Embedded systems and HPC clusters'
*** Added 'Client and server roles'
*** Added 'vi, nano'
*** Added 'Strong password, password managers, multi-factor authentication, passkeys'
*** Added 'Encryption in network protocols (HTTPS), storage media'
*** Added 'Secure handling of USB devices'
*** Removed 'Desktop skills'
*** Removed 'Getting to the command line'
*** Removed 'Industry uses of Linux, cloud computing and virtualization'
*** Removed 'Using a browser, privacy concerns, configuration options, searching the web and saving content'
*** Removed 'Terminal and console'
*** Removed 'Password issues'
*** Removed 'Privacy issues and tools'
*** Removed 'Use of common open source applications in presentations and projects'
* '''Topic 2: Command Line Basics''' (renamed from ''Finding Your Way on a Linux System'')
** '''2.1 Command Line Usage''' (renamed from ''Command Line Basics'')
*** Editorial changes to the description
*** Added to utilities: '/bin, /usr/bin, /usr/sbin, /sbin'
** '''2.2 Documentation, Man Pages and Usage Information''' (renamed from ''Using the Command Line to Get Help'')
*** Updated to include parameters for querying usage information and removed info pages and locate
*** Updated Description
*** Added 'Common help parameters of command line tools'
*** Added '-h, --help'
*** Removed 'Info pages'
*** Removed 'info', 'locate'
** '''2.3 Files, Directories and Paths''' (renamed from ''Using Directories and Listing Files'')
*** Changed to include find
*** Updated description
*** Added 'Searching for files based on file names'
*** Added to utilities: 'find'
*** Added '''/'''' (root path)
*** Changed 'home' to '/home'
** '''2.4 File and Directory Management''' (renamed from ''Creating, Moving and Deleting Files'')
*** Editorial changes to the description
* '''Topic 3: Data Processing''' (renamed from ''The Power of the Command Line'')
** '''3.1 File Archives and Compression''' (renamed from ''Archiving Files on the Command Line'')
*** Editorial changes to the description
** '''3.2 Redirections and String Processing''' (renamed from ''Searching and Extracting Data from Files'')
*** Changed to use Extended Regular Expressions instead of Basic Regular Expressions
*** Updated Description
*** Added 'grep -E'
*** Added 'uniq'
** '''3.3 Shell Scripting Basics''' (renamed from ''Turning Commands into a Script'')
*** Editorial changes to the description
*** Changed 'for loops' to 'for loops (iterate over space separated lists and file glob expressions)'
*** Added 'if conditions (file existence and variable equality)'
*** Removed 'Awareness of common text editors (vi and nano)' (now in to 1.4)
* '''Topic 4: Linux System Administration Basics''' (renamed from ''The Linux Operating System'')
** '''4.1 Linux Installation and Provisioning''' (renamed from ''Choosing an Operating System'')
*** Updated cover the installation of Linux on physical machines, VMs and cloud instances
*** Added 'Installing Linux on a computer or in a virtual machine'
*** Added 'Using Linux in cloud instances'
*** Changed 'OS X' to 'macOS'
*** Added 'Installation media, ISO files'
*** Added 'Operating system images'
*** Added 'Dual boot'
*** Added 'Windows Subsystem for Linux'
*** Removed 'Distribution life cycle management' (now in 1.1)
*** Removed 'GUI versus command line, desktop configuration'
*** Removed 'Maintenance cycles, beta and stable'
** '''4.2 Computer Hardware and Device Access''' (renamed from ''Understanding Computer Hardware'')
*** Changed to include kernel aspects, hardware management and device files
*** Updated description
*** Added Key Knowledge Area: 'Device files for physical and virtual devices'
*** Added 'processors (x86, ARM)' and 'memory'
*** Added 'Network interface cards (Ethernet, WiFi)'
*** Added '/dev/nvme*'
*** Added 'Raspberry Pi'
*** Changed 'Drivers' to 'Drivers and Kernel Modules'
*** Added '/dev/, /boot/, /sys/'
*** Added '/dev/null, /dev/zero, /dev/urandom'
** '''4.3 Processes and Log Messages''' (renamed from ''Where Data is Stored'')
*** Changed to include systemd service management and journal querying and remove syslog
*** Updated description
*** Added 'Services'
*** Added 'systemctl (start, stop, status)'
*** Added 'systemd Journal'
*** Added 'journalctl'
*** Removed 'System messaging'
*** Removed 'Memory addresses'
*** Removed 'syslog'
*** Removed '/boot/, /dev/, /sys/'
** '''4.4 Network Configuration''' (renamed from ''Your Computer on the Network'')
*** Changed to include IPv6 and remove net-utils
*** Updated description
*** Added 'Automatic network configuration'
*** Added 'ip -6 route show'
*** Added 'resolvectl'
*** Added 'DHCP, SLAAC, DHCPv6'
*** Removed 'route'
*** Removed 'ifconfig'
*** Removed 'netstat'
* '''Topic 5: Security and File System Permissions''' (renamed from ''Security and File Permissions'')
** '''5.1 Remote Logins, File Transfers and Elevated Permissions''' (renamed from ''Basic Security and Identifying User Types'')
*** Changed to focusing on SSH, remote access and privilege escalation, user management aspects were moved to 5.2.
*** Updated description
*** Added 'Executing commands with elevated permissions'
*** Added 'Remote logins using SSH'
*** Added 'SSH key generation and authentication'
*** Added 'ssh, scp'
*** Added 'ssh-keygen'
*** Added '~/.ssh/authorized_keys'
*** Removed '/etc/passwd, /etc/shadow, /etc/group' (now in 5.2)
*** Removed 'id, last, who, w' (not in 5.2)
** '''5.2 User and Group Management''' (renamed from ''Creating Users and Groups'')
*** Editorial changes to the description
*** Added 'w, last, wtmpdb last'
** '''5.3 File System Permissions and Ownership''' (renamed from ''Managing File Permissions and Ownership'')
*** Editorial changes to the description
** '''5.4 Special Directories and Files'''
*** Editorial changes to the description

LPIC-2 Objectives V5.0

2023-10-24T15:18:24Z

Babafou: /* 205.2 Backup Operations (weight: 3) */ fix typo

__FORCETOC__
==Overview of Tasks==

These are required exams for LPI certification Level 2. It covers advanced skills for the Linux professional that are common across all distributions of Linux. Also, [[LPIC-1_Objectives|LPIC-1]] must be obtained in order to receive the certification. Exams may be taken in any order but all
of the requirements must be met.

To pass LPIC-2, the candidate should be able to:

* Administer a small to medium-sized site.
* Plan, implement, maintain, keep consistent, secure, and troubleshoot a small mixed (MS, Linux) network, including a:
** LAN server (Samba, NFS, DNS, DHCP, client management).
** Internet Gateway (firewall, VPN, SSH, mail).
** Internet Server (web server and reverse proxy).
* Supervise assistants.
* Advise management on automation and purchases.

 

==Exams==

In order to be certified [[LPIC-2]], the candidate must pass both the [[#Objectives: Exam 201|201]] and [[#Objectives: Exam 202|202]] exams and be a holder of an active [[LPIC-1]] certification.

* [[#Objectives: Exam 201|201]]
* [[#Objectives: Exam 202|202]]

 

==Version Information==

These objectives are A DRAFT version 5.0.0.

The [[LPIC-2_Objectives_V4|version 4.5 of the LPIC-2 Objectives]] are still online.
 

==Addenda==

 
 

==Translations of Objectives==

The following translations of the objectives are available on this wiki:

* [[LPIC-2_Objectives_V5.0|English]]

If you would like to help translating the objectives, please contact [mailto:fthorns@lpi.org Fabian]

 
 

==Objectives: Exam 201==

===''Topic 201: System Startup''===

====201.1 Linux Kernel (weight: 2)====

{|
| style="background:#dadada" |

'''Weight'''

| style="background:#eaeaea" | 2
|-
| style="background:#dadada; padding-right:1em" | '''Description'''

| style="background:#eaeaea" | Candidates should understand the startup of a Linux system, including all relevant components. Candidates should understand the architecture of the Linux kernel and how it allows device access. Furthermore, candidates should be able to manage Linux kernel modules, updates of the Linux kernel and use DKMS to install kernel modules.
|}

'''Key Knowledge Areas:'''

* Understanding the Linux startup process

* Understanding the Linux kernel architecture, including kernel modules

* Linux kernel release and versioning scheme

* Linux kernel modules

* DKMS

* udev

'''Partial list of the used files, terms and utilities:'''

* Bootloader

* Kernel

* Initramfs

* Init

* Udev

* mkinitramfs

* uname

* Module configuration files in /etc/

* modules.dep

* depmod

* modinfo

* modprobe

* insmod

* lsmod

* rmmod

* dmesg

* lshw

* lspci

* lsusb

* udevmonitor

* udevadm monitor

* /etc/udev

* /proc

* /proc/sys

* /etc/sysctl.conf, /etc/sysctl.conf.d/

* sysctl

 

====201.2 Sytemd Startup Configuration (weight: 4)====

{|
| style="background:#dadada" |

'''Weight'''

| style="background:#eaeaea" | 4
|-
| style="background:#dadada; padding-right:1em" | '''Description'''

| style="background:#eaeaea" | Candidates should be able to configure the startup of a Linux system using system. This includes understanding the most important systemd concepts, including various unit types used to manage the system startup, as well as tools to configure the system startup.
|}

'''Key Knowledge Areas:'''

* Systemd concepts

* Systemd unit types (Service, Socket, Target, Slice)

* Systemd System and User Slices

* Systemd Override and Drop-In Units

* Awareness of SystemV init and OpenRC

'''Partial list of the used files, terms and utilities:'''

* /usr/lib/systemd/

* /etc/systemd/

* /run/systemd/

* systemctl

* systemd-delta

 

====201.3 Bootloaders and System Recovery (weight: 4)====

{|
| style="background:#dadada" |

'''Weight'''

| style="background:#eaeaea" | 4
|-
| style="background:#dadada; padding-right:1em" | '''Description'''

| style="background:#eaeaea" | Candidates should be able to properly manipulate a Linux system during both the boot process and during recovery mode. This objective includes using both the init utility and init-related kernel options. Candidates should be able to determine the cause of errors in loading and usage of bootloaders. GRUB version 2 and GRUB Legacy are the bootloaders of interest. Both BIOS and UEFI systems are covered.
|}

'''Key Knowledge Areas:'''

* BIOS and UEFI

* GRUB version 2

* GRUB shell

* GRUB configuration

* GRUB password security

* systemd-boot installation

* systemd-boot configuration

* boot loader start and hand off to kernel

* kernel loading

* hardware initialization and setup

* daemon/service initialization and setup

* Know the different boot loader install locations on a hard disk or removable device.

* Overwrite standard boot loader options and using boot loader shells.

* Use systemd rescue and emergency modes.

'''Partial list of the used files, terms and utilities:'''

* mount

* fsck

* The contents of /boot/, /boot/grub/ and /boot/efi/

* EFI System Partition (ESP)

* GRUB

* grub-install

* bootctl

* loader.conf

* efibootmgr

* efivar

* UEFI shell

* initrd, initramfs

* Master boot record

* systemctl

 

====201.4 Alternate Bootloaders (weight: 2)====

{|
| style="background:#dadada" |

'''Weight'''

| style="background:#eaeaea" | 2
|-
| style="background:#dadada; padding-right:1em" | '''Description'''

| style="background:#eaeaea" | Candidates should be aware of other bootloaders and their major features.
|}

'''Key Knowledge Areas:'''

* SYSLINUX, ISOLINUX, PXELINUX

* Understanding of PXE and iPXE for both BIOS and UEFI

'''Partial list of the used files, terms and utilities:'''

* syslinux

* extlinux

* isolinux.bin

* isolinux.cfg

* isohdpfx.bin

* efiboot.img

* pxelinux.0

* pxelinux.cfg/

* uefi/shim.efi

* uefi/grubx64.efi

 
 

===''Topic 202: Filesystem and Devices''===

====202.1 Operating the Linux Filesystem (weight: 4)====

{|
| style="background:#dadada" |

'''Weight'''

| style="background:#eaeaea" | 4
|-
| style="background:#dadada; padding-right:1em" | '''Description'''

| style="background:#eaeaea" | Candidates should be able to properly configure and navigate the standard Linux filesystem. This objective includes configuring and mounting various filesystem types as well as using systemd mount, swap and automount units.
|}

'''Key Knowledge Areas:'''

* The concept of the fstab configuration

* The concept of systemd mount and swap units

* Configuring systemd automount units

* Tools and utilities for handling swap partitions and files

* Use of UUIDs for identifying and mounting file systems

'''Partial list of the used files, terms and utilities:'''

* /etc/fstab

* /etc/mtab

* /proc/mounts

* mount and umount

* blkid

* sync

* swapon

* swapoff

* systemctl

 

====202.2 Storage Device Integrity and Encryption (weight: 3)====

{|
| style="background:#dadada" |

'''Weight'''

| style="background:#eaeaea" | 3
|-
| style="background:#dadada; padding-right:1em" | '''Description'''

| style="background:#eaeaea" | Candidates should be able to maintain the integrity of storage device and encrypt the information stored on a storage device.
|}

'''Key Knowledge Areas:'''

* Query, understand and monitor SMART values

* Understand the concepts of disk and file system encryption

* Understand the concepts of dm-crypt and LUKS

* Use LUKS to encrypt storage devices

* Awareness of SAN, including relevant protocols (iSCSI, AoE, FCoE)

* Awareness of WWID, WWN, LUN numbers

'''Partial list of the used files, terms and utilities:'''

* smartd

* smartctl

* cryptsetup

* /etc/crypttab

 
 

===''Topic 203: Advanced Storage Device Administration''===

====203.1 Configuring RAID (weight: 4)====

{|
| style="background:#dadada" |

'''Weight'''

| style="background:#eaeaea" | 4
|-
| style="background:#dadada; padding-right:1em" | '''Description'''

| style="background:#eaeaea" | Candidates should be able to configure and implement software RAID. This objective includes using and configuring RAID 0, 1 and 5.
|}

'''Key Knowledge Areas:'''

* Software RAID configuration files and utilities

* Understanding the RAID levels 0, 1, 5 and 10

* Awareness of the RAID levels 6, 7 and 50

* Recovery of a failed RAID device

* Replacement of a failed disk within a RAID device

'''Partial list of the used files, terms and utilities:'''

* mdadm.conf

* mdadm

* /proc/mdstat

* partition type 0xFD

 

====203.2 Logical Volume Manager (weight: 4)====

{|
| style="background:#dadada" |

'''Weight'''

| style="background:#eaeaea" | 4
|-
| style="background:#dadada; padding-right:1em" | '''Description'''

| style="background:#eaeaea" | Candidates should be able to create and remove logical volumes, volume groups, and physical volumes. This objective includes snapshots and resizing logical volumes.
|}

'''Key Knowledge Areas:'''

* Tools in the LVM suite

* Resizing, renaming, creating, and removing logical volumes, volume groups, and physical volumes

* Creating and maintaining snapshots

* Activating volume groups

'''Partial list of the used files, terms and utilities:'''

* /sbin/pv*

* /sbin/lv*

* /sbin/vg*

* mount

* /dev/mapper/

* lvm.conf

 

====203.3 Basic ZFS Operations (weight: 2)====

{|
| style="background:#dadada" |

'''Weight'''

| style="background:#eaeaea" | 2
|-
| style="background:#dadada; padding-right:1em" | '''Description'''

| style="background:#eaeaea" | Candidates should be able to create and manage a ZFS file system. This includes managing subvolumes and awareness of ZFS raid features.
|}

'''Key Knowledge Areas:'''

* Understand the concepts of ZFS
* Create and use a ZFS file system
* Create and manage ZFS subvolumes, including quota
* Awareness of ZFS RAID features

'''Partial list of the used files, terms and utilities:'''

* VDEV
* Zpool
* zfs

 
 

===''Topic 204: Advanced Networking Configuration''===

====204.1 Runtime Networking Configuration (weight: 3)====

{|
| style="background:#dadada" |

'''Weight'''

| style="background:#eaeaea" | 3
|-
| style="background:#dadada; padding-right:1em" | '''Description'''

| style="background:#eaeaea" | Candidates should be able to configure wired and wireless network device using iproute2. This includes managing links, addresses and routes for IPv4 and IPv6.
|}

'''Key Knowledge Areas:'''

* Understand IPv4 and IPv6 addressing and routing

* Manage wireless network interfaces

* Manage links, addresses and routes using iproute2

* Awareness of VLANs, bridges and bonds

'''Partial list of the used files, terms and utilities:'''

* ip

* iw

* iwconfig

* iwlist

* wpa_supplicant

* iwd

 

====204.2 Persistent Network Configuration (weight: 4)====

{|
| style="background:#dadada" |

'''Weight'''

| style="background:#eaeaea" | 4
|-
| style="background:#dadada; padding-right:1em" | '''Description'''

| style="background:#eaeaea" | Candidates should be able to configure wired and wireless network device using NetworkMananger as well as systemd-networkd. This includes managing links, addresses and routes for IPv4 and IPv6.
|}

'''Key Knowledge Areas:'''

* Understand the architecture and configuration of NetworkMananger

* Understand the architecture and configuration of systemd-networkd and systemd-resolved

* Configure manual IPv4 and IPv6 addresses and routes

* Configure automatic IPv4 and IPv6 configuration

'''Partial list of the used files, terms and utilities:'''

* nmcli

* nmtui

* systemctl

* networkctl

* resolvectl

* hostnamectl

* Systemd network units

 

====204.3 Network Troubleshooting (weight: 4)====

{|
| style="background:#dadada" |

'''Weight'''

| style="background:#eaeaea" | 4
|-
| style="background:#dadada; padding-right:1em" | '''Description'''

| style="background:#eaeaea" | Candidates should be able to identify and correct common network setup issues.
|}

'''Key Knowledge Areas:'''

* Determine what network configuration framework a system use

* Utilities to gain information about the network configuration

* Identify common issues in network configuration and relate symptoms to configuration issues

* Awareness of ifupdown, Wicked and netplan

'''Partial list of the used files, terms and utilities:'''

* ip

* ping

* ss

* lsof

* nc

* /etc/network/interfaces, /etc/sysconfig/network-scripts

* mtr

* hostname

* /etc/resolv.conf

* /etc/hosts

* /etc/hostname, /etc/HOSTNAME

 
 

===''Topic 205: System Maintenance''===

====205.1 Make and Install Programs from Source (weight: 2)====

{|
| style="background:#dadada" |

'''Weight'''

| style="background:#eaeaea" | 2
|-
| style="background:#dadada; padding-right:1em" | '''Description'''

| style="background:#eaeaea" | Candidates should be able to build and install an executable program from source. This objective includes being able to unpack a file of sources.
|}

'''Key Knowledge Areas:'''

* Unpack source code using common compression and archive utilities.

* Understand basics of invoking make to compile programs.

* Apply parameters to a configure script.

* Know where sources are stored by default.

'''Partial list of the used files, terms and utilities:'''

* /usr/src/

* gunzip

* gzip

* bzip2

* xz

* tar

* configure

* make

* uname

* install

* patch

 

====205.2 Backup Operations (weight: 3)====

{|
| style="background:#dadada" |

'''Weight'''

| style="background:#eaeaea" | 3
|-
| style="background:#dadada; padding-right:1em" | '''Description'''

| style="background:#eaeaea" | Candidates should be able to use system tools to back up important system data.
|}

'''Key Knowledge Areas:'''

* Understand the concepts of backups, including common backup strategies

* Knowledge about directories that have to be included in backups

* Understand application aspects of backup consistency

* Understand how to leverage file system or block device snapshots for backups

* Awareness of borg, including features and use cases

* Awareness of network backup solutions such as Bacula, Bareos and BackupPC

* Knowledge of the benefits and drawbacks of tapes, disks or other backup media

* Perform partial and manual backups using Linux standard tools

* Verify the integrity of backup files

* Partially or fully restore backups

'''Partial list of the used files, terms and utilities:'''

* Full, differential and incremental backups

* dd

* tar

* /dev/st* and /dev/nst*

* mt

* rsync

 

====205.3 Resource Management (weight: 4)====

{|
| style="background:#dadada" |

'''Weight'''

| style="background:#eaeaea" | 4
|-
| style="background:#dadada; padding-right:1em" |

'''Description'''

| style="background:#eaeaea" |

Candidates should be able to measure hardware resource consumption. This includes identifying and troubleshooting resource problems. Furthermore, candidates should be able to restrict the consumption of hardware resources using systemd resource management features.

|}

'''Key Knowledge Areas:'''

* Measure CPU, memory, disk and I/O usage.

* Match / correlate system symptoms with likely problems.

* Estimate throughput and identify bottlenecks in a system including networking.

* Manage resource consumption of systemd slices, scopes and services

* Awareness of Cgroups

'''Partial list of the used files, terms and utilities:'''

* iostat

* iotop

* vmstat

* netstat

* ss

* iptraf

* pstree, ps

* w

* lsof

* top

* htop

* uptime

* sar

* swap

* systemctl

* systemd-cgls

* CPUWeight, CPUQuota, CPUQuotaPeriodSec, AllowedCPUs

* MemoryMin, MemoryLow, MemoryHigh, MemoryMax

* IOWeight, IODeviceWeight, IOReadBandwidthMax, IOReadIOPSMax, IODeviceLatencyTargetSec

 
 

===''Topic 206: Configuration Management''===

====206.1 Ansible Basics (weight: 4)====

{|
| style="background:#dadada" |

'''Weight'''

| style="background:#eaeaea" | 3
|-
| style="background:#dadada; padding-right:1em" | '''Description'''

| style="background:#eaeaea" | Candidates should be able to use Asible to perform basic system configuration management and administration.
|}

'''Key Knowledge Areas:'''

* Understand the principles of automated system configuration and software installation

* Understand how Ansible interacts with remote systems

* Understand the requirements of Ansible on a target node

* Create and maintain inventory files

* Create, maintain and run Ansible playbooks, including tasks, handlers, conditionals, loops and registers

* Awareness of dynamic inventory

* Awareness of cloud-init

'''Partial list of the used files, terms and utilities:'''

* ansible.cfg

* ansible-playbook

* ansible-doc

 

====206.2 Ansible Modules (weight: 3)====

{|
| style="background:#dadada" |

'''Weight'''

| style="background:#eaeaea" | 3
|-
| style="background:#dadada; padding-right:1em" | '''Description'''

| style="background:#eaeaea" | Candidates should be able to use important and commonly used Ansible modules to automate basic Linux system administration tasks.
|}

'''Key Knowledge Areas:'''

* Understand and use Ansible roles and install Ansible roles from Ansible Galaxy

* Understand and use important Ansible tasks

'''Partial list of the used files, terms and utilities:'''

* file

* copy

* template

* ini_file

* lineinfile

* patch

* replace

* user

* group

* command

* shell

* service

* systemd

* cron

* apt

* debconf

* yum

* git

* debug

* ansible-galaxy

 

====206.3 Ansible Templates and Variables (weight: 4)====

{|
| style="background:#dadada" |

'''Weight'''

| style="background:#eaeaea" | 4
|-
| style="background:#dadada; padding-right:1em" | '''Description'''

| style="background:#eaeaea" | Candidates should be able to understand variables and facts and Ansible and write simple Jinja2 templates.
|}

'''Key Knowledge Areas:'''

* Set and use variables and facts

* Maintain secrets using Ansible vaults

* Write Jinja2 templates, including using common filters, loops and conditionals

'''Partial list of the used files, terms and utilities:'''

* Jinja2 syntax

* ansible-vault

 
 

==Objectives: Exam 202==

===''Topic 207: Domain Name Server''===

====207.1 Basic DNS Server Configuration (weight: 3)====

{|
| style="background:#dadada" |

'''Weight'''

| style="background:#eaeaea" | 3
|-
| style="background:#dadada; padding-right:1em" | '''Description'''

| style="background:#eaeaea" | Candidates should be able to configure BIND to function as an authoritative and as a recursive, caching-only DNS server. This objective includes the ability to manage a running server and configuring logging.
|}

'''Key Knowledge Areas:'''

* BIND 9.x configuration files, terms and utilities

* Defining the location of the BIND zone files in BIND configuration files

* Reloading modified configuration and zone files

* Awareness of dnsmasq and PowerDNS as alternate name servers

'''The following is a partial list of the used files, terms and utilities:'''

* named.conf

* rndc

* named-checkconf

* kill

* host

* dig

 

====207.2 Create and Maintain DNS Zones (weight: 3)====

{|
| style="background:#dadada" |

'''Weight'''

| style="background:#eaeaea" | 3
|-
| style="background:#dadada; padding-right:1em" | '''Description'''

| style="background:#eaeaea" | Candidates should be able to create a zone file for a forward or reverse zone. This objective includes setting appropriate values for records, adding hosts in zones and adding zones to the DNS. A candidate should also be able to delegate zones to another DNS server.
|}

'''Key Knowledge Areas:'''

* BIND 9 configuration files, terms and utilities

* Utilities to request information from the DNS server

* Layout, content and file location of the BIND zone files

* Various methods to add a new host in the zone files, including reverse zones

'''The following is a partial list of the used files, terms and utilities:'''

* /var/named/

* zone file syntax

* resource record formats

* named-checkzone

* named-compilezone

* masterfile-format

* dig

* host

 

====207.3 Securing a DNS Server (weight: 2)====

{|
| style="background:#dadada" |

'''Weight'''

| style="background:#eaeaea" | 2
|-
| style="background:#dadada; padding-right:1em" | '''Description'''

| style="background:#eaeaea" | Candidates should be able to secure a BIND DNS server. This objective includes secure exchange of data between DNS servers. Furthermore, this topic includes awareness of DNSSEC and DANE.
|}

'''Key Knowledge Areas:'''

* BIND 9 configuration files

* Split configuration of BIND using the forwarders statement

* Configuring and using transaction signatures (TSIG)

* Awareness of DNSSEC and basic tools

* Awareness of DANE and related records

'''The following is a partial list of the used files, terms and utilities:'''

* /etc/named.conf

* DNSSEC

* dnssec-keygen

* dnssec-signzone

 
 

===''Topic 208: HTTP Services''===

====208.1 HTTP Protocol (weight: 2)====

{|
| style="background:#dadada" |

'''Weight'''

| style="background:#eaeaea" | 2
|-
| style="background:#dadada; padding-right:1em" | '''Description'''

| style="background:#eaeaea" | Candidates should understand the basics of the HTTP procotol. This includes major differences of HTTP versions, important headers as well as how HTTP is used in various other standards.
|}

'''Key Knowledge Areas:'''

* Understanding the principles of HTTP version 1.1 and HTTP version 2.0

* Understanding the principle of virtual hosts

* Application Server Integration

'''The following is a partial list of the used files, terms and utilities:'''

* HTTP methods and status codes

* HTTP headers

* HTTP cookies

* CGI, FastCGI, WSGI, AJP

 

====208.2 HTTPS, PKI and TLS (weight: 4)====

{|
| style="background:#dadada" |

'''Weight'''

| style="background:#eaeaea" | 4
|-
| style="background:#dadada; padding-right:1em" | '''Description'''

| style="background:#eaeaea" | Candidates should understand how X.509 Public Key Infrastructures work. This includes procuring X.509 certifications from an existing certificate authority, as well as understanding the cryptographic basics involved in PKI. Furthermore candidates should understand the principles of TLS, in order to be able to configure various services to use TLS for connection encryption.
|}

'''Key Knowledge Areas:'''

* Cyptographic concenpts

* TLS and SNI

* X.509 certificates, including important fields for HTTPS

* PKI

* Generate a self-signed Certificate

* Generate a server private key and CSR for a commercial CA

* Install the key and certificate, including intermediate CAs

* Let's Encrypt for certificate procurement

* Security issues in SSL use, awareness of insecure protocols and ciphers

'''The following is a partial list of the used files, terms and utilities:'''

* Symetric and asymetric cryptography

* Hash functions

* Key exchange algorithms

* Perfect forward secrecy

* Certification Authorities

* ACME, including challenges

* openssl

* certbot

 

====208.3 Apache HTTPD Configuration (weight: 4)====

{|
| style="background:#dadada" |

'''Weight'''

| style="background:#eaeaea" | 4
|-
| style="background:#dadada; padding-right:1em" | '''Description'''

| style="background:#eaeaea" | Candidates should be able to install and configure a web server using Apache HTTPD. This objective includes monitoring the server's load and performance, restricting client user access, configuring support for scripting languages as modules and setting up client user authentication. Also included is configuring server options to restrict usage of resources. Candidates should be able to configure a web server to use virtual hosts and customize file access.
|}

'''Key Knowledge Areas:'''

* Apache HTTPD 2.4 architecture, configuration files, terms and utilities

* Apache HTTPD Virtual host implementation (with and without dedicated IP addresses)

* HTTPS configuration for IP and name-based virtual hosts

* Apache log files configuration and content

* Access restriction methods and files

* Client user authentication files and utilities

* Using redirect statements in Apache's configuration files to customize file access

* Configure reverse proxies for HTTP, FastCGI, WSGI and AJP

* mod_php and PHP FPM

* mod_python and Python WSGI

* Configuration of maximum requests, minimum and maximum servers and clients

* Awareness of mod_security and mod_evasive

'''The following is a partial list of the used files, terms and utilities:'''

* access logs and error logs

* .htaccess

* httpd.conf

* mod_auth_basic, mod_authz_host and mod_access_compat

* htpasswd

* AuthUserFile, AuthGroupFile

* SSLEngine, SSLCertificateKeyFile, SSLCertificateFile

* SSLProtocol, SSLCipherSuite, ServerTokens, ServerSignature, TraceEnable

* apachectl, apache2ctl

* httpd, apache2

 

====208.4 NGINX Configuration (weight: 4)====

{|
| style="background:#dadada" |

'''Weight'''

| style="background:#eaeaea" | 4
|-
| style="background:#dadada; padding-right:1em" | '''Description'''

| style="background:#eaeaea" | Candidates should be able to install and configure a web server using NGINX. This objective includes monitoring the server's load and performance, restricting client user access, configuring support for scripting languages as modules and setting up client user authentication. Also included is configuring server options to restrict usage of resources. Candidates should be able to configure a web server to use virtual hosts and customize file access.
|}

'''Key Knowledge Areas:'''

* NGINX architecture, configuration files, terms and utilities

* NGINX virtual host implementation (with and without dedicated IP addresses)

* HTTPS configuration for IP and name-based virtual hosts

* NGINX log files configuration and content

* Access restriction methods and files

* Client user authentication files and utilities

* Configure redirects

* Configure reverse proxies for HTTP, FastCGI, WSGI and AJP

* Configuration of maximum requests, minimum and maximum servers and clients

'''The following is a partial list of the used files, terms and utilities:'''

* nginx

 
 

===''Topic 209: File Sharing''===

====209.1 Samba File Server Configuration (weight: 4)====

{|
| style="background:#dadada" |

'''Weight'''

| style="background:#eaeaea" | 4
|-
| style="background:#dadada; padding-right:1em" | '''Description'''

| style="background:#eaeaea" | Candidates should be able to set up a Samba server for various clients. This objective includes setting up Samba as a standalone server as well as integrating Samba as a member in an Active Directory. Furthermore, the configuration of simple CIFS file and printer shares is covered. Also covered is a configuring a Linux client to use a Samba server. Troubleshooting installations is also tested.
|}

'''Key Knowledge Areas:'''

* Samba 4 configuration files

* Samba 4 tools and utilities and daemons

* Mounting CIFS shares on Linux

* Mapping Windows user names to Linux user names

* User-level security

* Active Directory membership

'''The following is a partial list of the used files, terms and utilities:'''

* samba, smbd, nmbd, winbindd

* smbcontrol, smbstatus, testparm, smbpasswd

* samba-tool

* net

* smbclient

* mount.cifs

* /etc/samba/

 

====209.2 NFS Server Configuration (weight: 3)====

{|
| style="background:#dadada" |

'''Weight'''

| style="background:#eaeaea" | 3
|-
| style="background:#dadada; padding-right:1em" | '''Description'''

| style="background:#eaeaea" | Candidates should be able to export filesystems using NFS. This objective includes access restrictions, mounting an NFS filesystem on a client and securing NFS.
|}

'''Key Knowledge Areas:'''

* NFS version 3 and 4 configuration files

* NFS tools and utilities

* Access restrictions to specific hosts and/or subnets

* Mount options on server and client

'''The following is a partial list of the used files, terms and utilities:'''

* /etc/exports

* exportfs

* showmount

* nfsstat

* /proc/mounts

* /etc/fstab

* rpcinfo

* mountd

* portmapper

 
 

===''Topic 210: Network Client Management''===

====210.1 DHCP Configuration (weight: 2)====

{|
| style="background:#dadada" |

'''Weight'''

| style="background:#eaeaea" | 2
|-
| style="background:#dadada; padding-right:1em" | '''Description'''

| style="background:#eaeaea" | Candidates should be able to configure a DHCP server. This objective includes setting default and per client options, adding static hosts and BOOTP hosts. Also included is configuring a DHCP relay agent and maintaining the DHCP server.
|}

'''Key Knowledge Areas:'''

* ISC DHCP configuration files, terms and utilities for DHCPv4

* ISC DHCP configuration files, terms and utilities for DHCPv6

* radvd configuration files, terms and utilities for IPv6 SLAAC

* Subnet and dynamically-allocated DHCP range setup

* Subnet and host-specific DHCP range setup

* DHCPv4 and DHCPv6 options for PXE boot

* Awareness of KEA

'''The following is a partial list of the used files, terms and utilities:'''

* dhcpd.conf

* dhcpd6.conf

* dhcpd.leases

* dhcpd6.leases

* radvd.conf

* dhcpd

* radvd

* DHCP Log messages in syslog or systemd journal

 

====210.2 PAM Authentication (weight: 3)====

{|
| style="background:#dadada" |

'''Weight'''

| style="background:#eaeaea" | 3
|-
| style="background:#dadada; padding-right:1em" | '''Description'''

| style="background:#eaeaea" | The candidate should be able to configure PAM to support authentication using various available methods. This includes basic SSSD functionality.
|}

'''Key Knowledge Areas:'''

* PAM configuration files, terms and utilities

* passwd and shadow passwords

* Use sssd for LDAP authentication

'''The following is a partial list of the used files, terms and utilities:'''

* /etc/pam.d/

* pam.conf

* nsswitch.conf

* pam_unix, pam_pwquality, pam_limits, pam_listfile, pam_sss

* sssd.conf

 

====210.3 LDAP Client Usage (weight: 2)====

{|
| style="background:#dadada" |

'''Weight'''

| style="background:#eaeaea" | 2
|-
| style="background:#dadada; padding-right:1em" | '''Description'''

| style="background:#eaeaea" | Candidates should be able to perform queries and updates to an LDAP server. Also included is importing and adding items, as well as adding and managing users.
|}

'''Key Knowledge Areas:'''

* Understand key concepts of LDAP

* LDAP utilities for data management and queries

* Change user passwords

* Querying the LDAP directory

'''The following is a partial list of the used files, terms and utilities:'''

* ldapsearch

* ldappasswd

* ldapadd

* ldapdelete

 

====210.4 Authentication Mechanisms and Standards (weight: 2)====

{|
| style="background:#dadada" |

'''Weight'''

| style="background:#eaeaea" | 2
|-
| style="background:#dadada; padding-right:1em" | '''Description'''

| style="background:#eaeaea" | Candidates should bei understand the main principles of various authentication mechanisms and standards, including their use in Linux and Linux-based services.
|}

'''Key Knowledge Areas:'''

* Directory service and authentication standards

* Domains and authentication management systems

* Web-based authentication standards

* Multi-factor authentication and one-time passwords (OTP)

* Understanding the most important properties and use cases of relevant procotols and standards

'''The following is a partial list of the used files, terms and utilities:'''

* LDAP

* Kerberos 5

* Active Directory

* FreeIPA

* Oauth2

* OpenID Connect

* kinit, klist, kdestroy

* pam_oath and pam_otp

 
 

===''Topic 211: Email Services''===

====211.1 Using Email Servers (weight: 4)====

{|
| style="background:#dadada" |

'''Weight'''

| style="background:#eaeaea" | 4
|-
| style="background:#dadada; padding-right:1em" | '''Description'''

| style="background:#eaeaea" | Candidates should be able to manage an email server, including the configuration of email aliases, email quotas and virtual email domains. This objective includes configuring internal email relays and monitoring email servers.
|}

'''Key Knowledge Areas:'''

* Configuration files for postfix

* Basic TLS configuration for postfix

* Basic knowledge of the SMTP protocol

* Configure Postfix for SASL authentication using cyrus-sasl

* Configure nullmailer for email relay

* Awareness of exim

'''The following is a partial list of the used files, terms and utilities:'''

* Configuration files and commands for postfix

* /etc/postfix/

* /var/spool/postfix/

* /etc/aliases

* mail-related logs in /var/log/

* /etc/sasl2/smtpd.conf

* testsaslauthd

* nullmailer/me

* nullmailer/remotes

* nullmailer/defaultdomain

 

====211.2 Managing Email Delivery (weight: 2)====

{|
| style="background:#dadada" |

'''Weight'''

| style="background:#eaeaea" | 2
|-
| style="background:#dadada; padding-right:1em" | '''Description'''

| style="background:#eaeaea" | Candidates should be able to implement client email management software to filter, sort and monitor incoming user email.
|}

'''Key Knowledge Areas:'''

* Understanding of Sieve functionality, syntax and operators

* Use Sieve to filter and sort mail with respect to sender, recipient(s), headers and size

'''The following is a partial list of the used files, terms and utilities:'''

* Conditions and comparison operators

* keep, fileinto, redirect, reject, discard, stop

* Dovecot vacation extension

 

====211.3 Managing Mailbox Access (weight: 2)====

{|
| style="background:#dadada" |

'''Weight'''

| style="background:#eaeaea" | 2
|-
| style="background:#dadada; padding-right:1em" | '''Description'''

| style="background:#eaeaea" | Candidates should be able to install and configure IMAP daemons.
|}

'''Key Knowledge Areas:'''

* Dovecot IMAP configuration and administration

* Basic TLS configuration for Dovecot

'''The following is a partial list of the used files, terms and utilities:'''

* /etc/dovecot/

* dovecot.conf

* doveconf

* doveadm

 
 

===''Topic 212: System Security''===

====212.1 Configuring a Router (weight: 4)====

{|
| style="background:#dadada" |

'''Weight'''

| style="background:#eaeaea" | 4
|-
| style="background:#dadada; padding-right:1em" | '''Description'''

| style="background:#eaeaea" | Candidates should be able to configure a system to forward IP packet and perform network address translation (NAT, IP masquerading) and state its significance in protecting a network. This objective includes configuring port redirection, managing filter rules and averting attacks.
|}

'''Key Knowledge Areas:'''

* iptables and ip6tables configuration files, tools and utilities

* Tools, commands and utilities to manage routing tables.

* Private address ranges (IPv4) and Unique Local Addresses as well as Link Local Addresses (IPv6)

* Port redirection and IP forwarding

* List and write filtering and rules that accept or block IP packets based on source or destination protocol, port and address

* Save and reload filtering configurations

* Understand the main concepts of firewalld

* Use firewalld to implement a simple edge node and router firewall

* Awareness of ufw and firewalld

'''The following is a partial list of the used files, terms and utilities:'''

* /proc/sys/net/ipv4/

* /proc/sys/net/ipv6/

* /etc/services

* iptables

* ip6tables

* firewall-cmd

* /etc/firewalld/firewalld.conf

 

====212.3 Advanced Secure Shell (SSH) (weight: 3)====

{|
| style="background:#dadada" |

'''Weight'''

| style="background:#eaeaea" | 3
|-
| style="background:#dadada; padding-right:1em" | '''Description'''

| style="background:#eaeaea" | Candidates should be able to configure and secure an SSH daemon. This objective includes managing keys using an SSH CA. Candidates should also be able to forward an application protocol over SSH and manage the SSH login.
|}

'''Key Knowledge Areas:'''

* OpenSSH configuration files, tools and utilities

* Login restrictions for the superuser and the normal users

* Using SSH to forward local and remote ports

* Understand the concept of an SSH CA

* Use an SSH CA to manage SSH keys

* Awareness of SSH Banners

'''The following is a partial list of the used files, terms and utilities:'''

* ssh

* sshd

* /etc/ssh/sshd_config

* /etc/ssh/

* PermitRootLogin, PubKeyAuthentication, AllowUsers, PasswordAuthentication

* ssh-keygen

* AuthorizedPrincipalsFile

* TrustedUserCAKeys

* Banner

 

====212.4 Security Tasks (weight: 4)====

{|
| style="background:#dadada" |

'''Weight'''

| style="background:#eaeaea" | 4
|-
| style="background:#dadada; padding-right:1em" | '''Description'''

| style="background:#eaeaea" | Candidates should be able to secure the services running on a Linux server. This includes leveraging various systemd settings to manage the runtime configuration of services. Furthermore, the candidate is expected to scan systems for open ports and implement fail2ban.

|}

'''Key Knowledge Areas:'''

* Tools and utilities to scan and test ports on a server

* Understand and configure fail2ban

* Configure systemd units to run with specific privileges

* Configure systemd units with a private /tmp directory

* Use systemd to restrict device access of services

* Use systemd to manage network accessiability of services

* Awareness of capabilitites and Cgroups

* Awareness of OpenVAS and Snort

'''The following is a partial list of the used files, terms and utilities:'''

* telnet

* nmap

* fail2ban

* nc

* User

* Group

* SupplementaryGroups

* PrivateTmp

* DeviceAllow

* IPAddressAllow

* IPAddressDeny

* RestrictNetworkInterfaces

 

====212.5 Virtual Private Networks (weight: 3)====

{|
| style="background:#dadada" |

'''Weight'''

| style="background:#eaeaea" | 3
|-
| style="background:#dadada; padding-right:1em" | '''Description'''

| style="background:#eaeaea" | Candidates should be able to configure a VPN (Virtual Private Network) and create secure point-to-point or site-to-site connections.
|}

'''Key Knowledge Areas:'''

* Understand the concepts of a virtual private network

* Understand the different requirements of a site-to-site and an end user VPN

* Wireguard

* Awareness of OpenVPN

* Awareness of the main differences between OpenVPN and Wireguard

'''The following is a partial list of the used files, terms and utilities:'''

* /etc/wireguard/

* wg

* wg-quick

 
 

==Future Change Considerations==

Future changes to the objective will/may include:

* Remove paths to commands and configuration files wherever possible

LPIC-1 Summary Version 4.0 To 5.0

2019-03-27T14:49:11Z

Babafou: systemd.socket is in 110.2, not 109.4

__FORCETOC__
=Purpose=

This document is meant to provide a higher level overview into what has changed with the objectives update for LPIC-1 exams.

The exams that are affect by this update are LPIC-1 (101 and 102) exams.

=Changes in Exam 101=

The following changes constitute the update of exam 101 from version 4.0 to version 5.0:

* '''101: System Architecture'''
** '''101.1 Determine and configure hardware settings'''
*** Removed 'Configure systems with or without external peripherals such as keyboards.'
*** Removed 'Know the differences between coldplug and hotplug devices.'
** '''101.2 Boot the system'''
*** Added coverage of UEFI (equal to BIOS coverage) and journalctl (with respect to boot events)
** '''101.3 Change runlevels / boot targets and shutdown or reboot system'''
*** Added awareness of acpid
* '''102: Linux Installation and Package Management'''
** '''102.1 Design hard disk layout'''
*** Added EFI System Partition (ESP)
** '''102.2 Install a boot manager'''
*** (no changes)
** '''102.3 Manage shared libraries'''
*** (no changes)
** '''102.4 Use Debian package management'''
*** Removed aptitude
*** Added awareness of apt.
** '''102.5 Use RPM and YUM package management'''
*** Removed yumdownloader
*** Added Zypper (equal to YUM)
*** Added awareness of dnf
** '''102.6 Linux as a virtualization guest'''
*** New objective (weight: 1)
*** Added specialties of running Linux in a virtual machines and containers on premise and in the cloud
* '''103: GNU and Unix Commands'''
** '''103.1 Work on the command line'''
*** Added quoting
*** Added type and which
** '''103.2 Process text streams using filters'''
*** Decreased weight from 3 to 2
*** Removed expand, fmt, join, pr and unexpand
*** Added bzcat, md5sum, sha256sum, sha512sum, xzcat and zcat
** '''103.3 Perform basic file management'''
*** Added bunzip2 and unxz
** '''103.4 Use streams, pipes and redirects'''
*** (no changes)
** '''103.5 Create, monitor and kill processes'''
*** Added watch and tmux
** '''103.6 Modify process execution priorities'''
*** (no changes)
** '''103.7 Search text files using regular expressions'''
*** Increased weight from 2 to 3
*** Added understanding of the differences between basic and extended regular expressions
*** Added understanding of the concepts of special characters, character classes, quantifiers and anchors
*** Added use of regular expressions to delete, change and substitute text
** '''103.8 Basic file editing'''
*** Renamed from 'Perform basic file editing operations using vi' to ' Basic file editing'
*** Clarified wording of 'Understand and use vi modes.'
*** Removed vi commands c and :e!
*** Added awareness of other common editors (Emacs, nano and vim) and setting the default editor (EDITOR environment variable)
* '''104: Devices, Linux Filesystems, Filesystem Hierarchy Standard'''
** '''104.1 Create partitions and filesystems'''
*** Removed awareness of ReiserFS
*** Added GPT partition tables
*** Added exFAT
*** Changed awareness of Btrfs to 'Basic feature knowledge of Btrfs, including multi-device filesystems, compression and subvolumes.'
** '''104.2 Maintain the integrity of filesystems'''
*** Removed debugfs and dumpe2fs
*** Changed 'XFS tools (such as xfs_metadump and xfs_info)' to coverage of xfs_repair, xfs_fsr and xfs_db
** '''104.3 Control mounting and unmounting of filesystems'''
*** Added use of labels and UUIDs for identifying and mounting file systems
*** Added awareness of systemd mount units
*** Added blkid and lsblk
** '''104.4 Manage disk quotas'''
*** Removed objective (former weight: 1)
** '''104.5 Manage file permissions and ownership'''
*** (no changes)
** '''104.6 Create and change hard and symbolic links'''
*** (no changes)
** '''104.7 Find system files and place files in the correct location'''
*** (no changes)

=Changes in Exam 102=

The following changes constitute the update of exam 102 from version 4.0 to version 5.0:

* '''105: Shells and Shell Scripting'''
** Renamed from 'Shells, Scripting and Data Management' to 'Shells and Shell Scripting'
** '''105.1 Customize and use the shell environment'''
*** Removed lists
** '''105.2 Customize or write simple scripts'''
*** Added execution of chained commands
*** Added && and ||
** '''105.3 SQL data management'''
*** Removed objective (former weight: 2)
* '''106: User Interfaces and Desktops'''
** '''106.1 Install and configure X11'''
*** Removed verifying that the video card and monitor are supported by an X server
*** Removed awareness of the X font server
*** Removed xwininfo
*** Removed xpdyinfo
*** Added understanding of the X11 architecture
*** Added overwriting specific aspects of Xorg configuration, such as keyboard layout
*** Added understanding of the components of desktop environments, such as display managers and window managers
*** Added managing access to the X server and display applications on remote X servers
*** Added awareness of Wayland.
*** Added /etc/X11/xorg.conf.d/
*** Added ~/.xsession-errors
*** Added xauth
** '''106.2 Graphical Desktops'''
*** Removed old content (configuration of display managers / LightDM)
*** Changed to cover awareness of major desktop environments and protocols to access remote desktop sessions
*** Added KDE, Gnome, Xfce, X11, XDMCP, VNC, Spice and RDP
** '''106.3 Accessibility'''
*** Removed Basic knowledge of keyboard accessibility settings (AccessX)
*** Removed Orca, GOK and emacspeak
*** Added voice recognition
* '''107: Administrative Tasks'''
** '''107.1 Manage user and group accounts and related system files'''
*** (no changes)
** '''107.2 Automate system administration tasks by scheduling jobs'''
*** Removed anacron
*** Added systemd timers
*** Added systemctl and systemd-run
** '''107.3 Localisation and internationalisation'''
*** (no changes)
* '''108: Essential System Services'''
** '''108.1 Maintain system time'''
*** Added chrony (chronyc)
*** Added timedatectl
** '''108.2 System logging'''
*** Increased weight from 3 to 4
*** Removed klogd and syslogd (syslog.conf)
*** Changed syslog from main topic to awareness
*** Changed rsyslog from awareness to main topic, focus is basic configuration
*** Added accessing the systemd journal, including queries, filters, persistent storage, deletion of old events and recovering journal content from a system's copy.
*** Added understanding of interaction of rsyslog with systemd-journald
*** Added systemd-cat
** '''108.3 Mail Transfer Agent (MTA) basics'''
*** Removed qmail
** '''108.4 Manage printers and printing'''
*** (no changes)
* '''109: Networking Fundamentals'''
** '''109.1 Fundamentals of internet protocols'''
*** (no changes)
** '''109.2 Persistent network configuration'''
*** Renamed from 'Basic network configuration' to 'Persistent network configuration'
*** Changed focus from viewing settings to manage the persistent network configuration
*** Removed ip, route, ping, ifconfig (still in 109.3)
*** Added configuration of ethernet and wi-fi network configuration using NetworkManager
*** Added awareness of systemd-networkd
*** Added /etc/resolv.conf, nmcli and hostnamectl
** '''109.3 Basic network troubleshooting'''
*** Changed to focus on manual interaction with network interfaces using iproute2
*** Changed coverage of net-tools commands to awareness
*** Removed dig and host (still in 109.4)
*** Removed ifup and ifdown (still in 109.2)
*** Added ss
** '''109.4 Configure client side DNS'''
*** Added debuging errors related to name resolution
*** Added awareness of systemd-resolved
* '''110: Security'''
** '''110.1 Perform security administration tasks'''
*** (no changes)
** '''110.2 Setup host security'''
*** Added systemd.socket
*** Removed /etc/inetd.d/
*** Removed /etc/inetd.conf
** '''110.3 Securing data with encryption'''
*** Increased weight from 3 to 4
*** Added use of GPG to encrypt, decrypt, sign and verify files
*** Added gpg-agent
*** Added additional ciphers for SSH keys (~/.ssh/id_ecdsa, id_ecdsa.pub, ~/.ssh/id_ed25519, id_ed25519.pub, /etc/ssh/ssh_host_ecdsa_key, ssh_host_ecdsa_key.pub, /etc/ssh/ssh_host_ed25519_key and ssh_host_ed25519_key.pub)

LinuxEssentials Objectives V1.6(FR)

2019-03-09T18:27:57Z

Babafou: /* 2.1 Bases sur la ligne de commande (valeur : 3) */

__FORCETOC__

==Introduction==

L'objectif de la certification Linux Essentials est de définir les connaissances élémentaires requises pour utiliser de manière compétente un ordinateur fixe ou portable fonctionnant avec le système d'exploitation Linux. Le programme Linux Essentials qui lui est associé guidera et encouragera les jeunes gens (et ceux qui découvrent Linux et le logiciel libre) à comprendre la place de Linux et du logiciel libre dans le contexte plus large de l'industrie informatique.

 

==Description des candidats==

Voici la description d'un candidat qui est à peine qualifié pour réussir l'examen Linux Essentials. Cette personne hypothétique est appelée Candidat Minimalement Qualifié (CMQ). Le niveau de l'examen Linux Essentials est fixé de telle sorte que cette personne (ainsi que quiconque de plus compétent) puisse le réussir mais que quiconque de moins compétent ne le puisse pas.

Le CMQ doit comprendre l'industrie de Linux et du logiciel libre et connaître les applications libres les plus répandues. Le candidat doit comprendre les composants principaux du système d'exploitation Linux et avoir les compétences techniques lui permettant de travailler sous Linux en ligne de commande. Le CMQ doit comprendre les rudiments de la sécurité et de l'administration tels que la gestion des utilisateurs et des groupes, le travail en ligne de commande et les droits d'accès. Le détenteur de la certification Linux Essentials est très probablement l'utilisateur final d'un système administré par ailleurs.

Le '''CMQ Linux Essentials''' doit avoir des compétences ou des connaissances rudimentaires dans les domaines suivants :

* le logiciel libre ou à code source ouvert, les différentes communautés et licences
* les processus, les programmes et les composants d'un système d'exploitation
* le matériel informatique
* la sécurité du système, les utilisateurs, les groupes et les droits d'accès pour des répertoires publiques et privés
* rendre le système accessible et pouvoir le raccorder à d'autres ordinateurs en réseau local
* les applications libres sur le lieu de travail et comment elles se rapportent à leurs équivalent propriétaires
* les explorateurs du système de fichiers sur un poste de travail sous Linux
* où trouver de l'aide
* travailler en ligne de commande et avec des fichiers
* réaliser des sauvegardes et des archives simples et les restaurer
* utiliser un éditeur élémentaire en ligne de commande
* comprimer des fichiers
* créer et exécuter des scripts shell simples

 

==Informations de version==

Ceci est la version 1.6 des objectifs.

Vous trouverez également le [[LinuxEssentials_Summary_Version_1.5_To_1.6|résumé et les informations détaillées]] concernant les différences entre les versions 1.5 et 1.6 des objectifs.

La [[LinuxEssentials Objectives V1.5|version 1.5 des objectifs]] est disponible [[LinuxEssentials Objectives V1.5|ici]].

 

==Traductions des objectifs==

Les traductions suivantes sont disponibles sur ce wiki :

* [[LinuxEssentials Objectives V1.6|Anglais]]
* [[LinuxEssentials Objectives V1.6(PT-BR)|Portugais (brésilien)]]
* [[LinuxEssentials Objectives V1.6(ZH)|Chinois (simplifié)]]
* [[LinuxEssentials Objectives V1.6(ZH-TW)|Chinois (traditionnel)]]
* [[LinuxEssentials Objectives V1.6(NL)|Néerlandais]]
* [[LinuxEssentials Objectives V1.6(FR)|Français]]
* [[LinuxEssentials Objectives V1.6(DE)|Allemand]]
* [[LinuxEssentials Objectives V1.6(IT)|Italien]]
* [[LinuxEssentials Objectives V1.6(JA)|Japonais]]
* [[LinuxEssentials Objectives V1.6(ES)|Espagnol]]

 

==Examens et prérequis==

La certification Linux Essentials est décernée après avoir réussi l'examen :

* 010 (40 questions en 60 minutes)

Il n'est pas nécessaire de posséder une autre certification.

 

==Objectifs==

===''Sujet 1 : Communauté Linux et carrière dans le logiciel libre''===

====1.1 Évolution de Linux et systèmes d'exploitation populaires (valeur : 2)====

{|
| style="background:#dadada" |

'''Valeur'''

| style="background:#eaeaea" | 2
|-
| style="background:#dadada; padding-right:1em" |

'''Description'''

| style="background:#eaeaea" |

Connaissance de l'évolution de Linux et des distributions principales.

|}

'''Domaines de connaissance les plus importants :'''

* Distributions
* Systèmes embarqués
* Linux dans le nuage

'''Liste partielle de termes, fichiers et utilitaires utilisés pour cet objectif :'''

* Debian, Ubuntu (LTS)
* CentOS, openSUSE, Red Hat, SUSE
* Linux Mint, Scientific Linux
* Raspberry Pi, Raspbian
* Android

 

====1.2 Applications libres majeures (valeur : 2)====

{|
| style="background:#dadada" |

'''Valeur'''

| style="background:#eaeaea" | 2
|-
| style="background:#dadada; padding-right:1em" |

'''Description'''

| style="background:#eaeaea" |

Savoir quelles sont les applications majeures ainsi que leurs utilisations et leur évolution.

|}

'''Domaines de connaissance les plus importants :'''

* Applications pour postes de travail
* Applications pour serveurs
* Langages de programmation
* Outils de gestion et dépôts de paquetages

'''Liste partielle de termes, fichiers et utilitaires utilisés pour cet objectif :'''

* OpenOffice.org, LibreOffice, Thunderbird, Firefox, GIMP
* Nextcloud, ownCloud
* Apache HTTPD, NGINX, MariaDB, MySQL, NFS, Samba
* C, Java, JavaScript, Perl, shell, Python, PHP
* dpkg, apt-get, rpm, yum

 

====1.3 Logiciel à code source ouvert et licences (valeur : 1)====

{|
| style="background:#dadada" |

'''Valeur'''

| style="background:#eaeaea" | 1
|-
| style="background:#dadada; padding-right:1em" |

'''Description'''

| style="background:#eaeaea" |

Communautés ouvertes et licences de logiciels à code source ouvert pour les entreprises.

|}

'''Domaines de connaissance les plus importants :'''

* Philosophie des logiciels à code source ouvert
* Licences des logiciels à code source ouvert
* Free Software Foundation (FSF), Open Source Initiative (OSI)

'''Liste partielle de termes, fichiers et utilitaires utilisés pour cet objectif :'''

* Copyleft, Permissive
* GPL, BSD, Creative Commons
* Free Software, Open Source Software, FOSS, FLOSS
* Modèles économiques des logiciels à code source ouvert

 

====1.4 Compétences informatiques et travail sous Linux (valeur : 2)====

{|
| style="background:#dadada" |

'''Valeur'''

| style="background:#eaeaea" | 2
|-
| style="background:#dadada; padding-right:1em" |

'''Description'''

| style="background:#eaeaea" |

Compétences élémentaires en technologies de l'information et de la communication(TIC) et travail sous Linux.

|}

'''Domaines de connaissance les plus importants :'''

* Compétences en bureautique
* Accéder à la ligne de commande
* Utilisations de Linux, de l'informatique en nuage et de la virtualisation dans l'industrie

'''Liste partielle de termes, fichiers et utilitaires utilisés pour cet objectif :'''

* Utilisation d'un navigateur Web, préoccupations de confidentialité, options de configuration, recherche sur le Web et sauvegarde de contenu
* Terminal et console
* Problématiques de mots de passe
* Problématiques et outils de confidentialité
* Utilisation d'applications à code source ouvert courantes pour des présentations et des projets

 

===''Sujet 2 : Trouver son chemin sur un système Linux''===

====2.1 Bases sur la ligne de commande (valeur : 3)====

{|
| style="background:#dadada" |

'''Valeur'''

| style="background:#eaeaea" | 3
|-
| style="background:#dadada; padding-right:1em" |

'''Description'''

| style="background:#eaeaea" |

Bases d'utilisation en ligne de commande sous Linux.

|}

'''Domaines de connaissance les plus importants :'''

* Interpréteur de commandes élémentaire
* Syntaxe en ligne de commande
* Variables
* Mise entre apostrophes ou guillemets

'''Liste partielle de termes, fichiers et utilitaires utilisés pour cet objectif :'''

* Bash
* echo
* history
* Variable d'environnement PATH
* export
* type

 

====2.2 Utilisation de la ligne de commande pour obtenir de l'aide (valeur : 2)====

{|
| style="background:#dadada" |

'''Valeur'''

| style="background:#eaeaea" | 2
|-
| style="background:#dadada; padding-right:1em" |

'''Description'''

| style="background:#eaeaea" |

Exécution de commandes d'aide et navigation dans les différents systèmes d'aide.

|}

'''Domaines de connaissance les plus importants :'''

* Pages de manuel
* Pages d'information

'''Liste partielle de termes, fichiers et utilitaires utilisés pour cet objectif :'''

* man
* info
* /usr/share/doc/
* locate

 

====2.3 Utilisation des répertoires et liste des fichiers (valeur : 2)====

{|
| style="background:#dadada" |

'''Valeur'''

| style="background:#eaeaea" | 2
|-
| style="background:#dadada; padding-right:1em" |

'''Description'''

| style="background:#eaeaea" |

Navigation dans le répertoire personnel et les répertoires du système et affichage de listes de fichiers à différents emplacements.

|}

'''Domaines de connaissance les plus importants :'''

* Fichiers, répertoires
* Fichiers et répertoires cachés
* Répertoires personnels
* Chemins d'accès absolus et relatifs

'''Liste partielle de termes, fichiers et utilitaires utilisés pour cet objectif :'''

* Options courantes de ls
* listes récursives de fichiers
* cd
* '''.''' et '''..'''
* répertoire personnel et ~

 

====2.4 Création, déplacement et suppression de fichiers (valeur : 2)====

{|
| style="background:#dadada" |

'''Valeur'''

| style="background:#eaeaea" | 2
|-
| style="background:#dadada; padding-right:1em" |

'''Description'''

| style="background:#eaeaea" |

Créer, déplacer et supprimer fichiers et répertoires dans le répertoire personnel.

|}

'''Domaines de connaissance les plus importants :'''

* Fichiers et répertoires
* Sensibilité à la casse
* Englobements simples

'''Liste partielle de termes, fichiers et utilitaires utilisés pour cet objectif :'''

* mv, cp, rm, touch
* mkdir, rmdir

 

===''Sujet 3 : Le pouvoir de la ligne de commande''===

====3.1 Archivage de fichiers en ligne de commande (valeur : 2)====

{|
| style="background:#dadada" |

'''Valeur'''

| style="background:#eaeaea" | 2
|-
| style="background:#dadada; padding-right:1em" |

'''Description'''

| style="background:#eaeaea" |

Archiver des fichiers dans le répertoire personnel de l'utilisateur.

|}

'''Domaines de connaissance les plus importants :'''

* Fichiers, répertoires
* Archives, compression

'''Liste partielle de termes, fichiers et utilitaires utilisés pour cet objectif :'''

* tar
* Options courantes de tar
* gzip, bzip2, xz
* zip, unzip

 

====3.2 Recherche et extraction de données à partir de fichiers (valeur : 3)====

{|
| style="background:#dadada" |

'''Valeur'''

| style="background:#eaeaea" | 3
|-
| style="background:#dadada; padding-right:1em" |

'''Description'''

| style="background:#eaeaea" |

Rechercher et extraire des données à partir de fichiers dans le répertoire personnel.

|}

'''Domaines de connaissance les plus importants :'''

* Tuyaux en ligne de commande
* Redirection d'entrée-sortie
* Expressions rationnelles élémentaires utilisant ., [ ], *, et ?

'''Liste partielle de termes, fichiers et utilitaires utilisés pour cet objectif :'''

* grep
* less
* cat, head, tail
* sort
* cut
* wc

 

====3.3 Conversion de commandes en script (valeur : 4)====

{|
| style="background:#dadada" |

'''Valeur'''

| style="background:#eaeaea" | 4
|-
| style="background:#dadada; padding-right:1em" |

'''Description'''

| style="background:#eaeaea" |

Convertir des commandes répétitives en scripts simples.

|}

'''Domaines de connaissance les plus importants :'''

* Faire des scripts shell simples
* Connaître des éditeurs de texte courants (vi et nano)

'''Liste partielle de termes, fichiers et utilitaires utilisés pour cet objectif :'''

* #! (shebang)
* /bin/bash
* Variables
* Arguments
* boucle for
* echo
* Statut de sortie

 

===''Sujet 4 : Le système d'exploitation Linux''===

====4.1 Choix d'un système d'exploitation (valeur : 1)====

{|
| style="background:#dadada" |

'''Valeur'''

| style="background:#eaeaea" | 1
|-
| style="background:#dadada; padding-right:1em" |

'''Description'''

| style="background:#eaeaea" |

Connaissance des systèmes d'exploitation et distributions Linux majeurs.

|}

'''Domaines de connaissance les plus importants :'''

* Différences entre Windows, OS X et Linux
* Gestion du cycle de vie des distributions

'''Liste partielle de termes, fichiers et utilitaires utilisés pour cet objectif :'''

* Interface graphique par rapport à la ligne de commande, configuration d'un poste de travail
* Cycles de maintenance, versions bêta et stables

 

====4.2 Compréhension du matériel informatique (valeur : 2)====

{|
| style="background:#dadada" |

'''Valeur'''

| style="background:#eaeaea" | 2
|-
| style="background:#dadada; padding-right:1em" |

'''Description'''

| style="background:#eaeaea" |

Être familier avec les composants entrant dans la construction d'ordinateurs de bureau et de serveurs.

|}

'''Domaines de connaissance les plus importants :'''

* Matériel informatique

'''Liste partielle de termes, fichiers et utilitaires utilisés pour cet objectif :'''

* Cartes mères, processeurs, alimentations, disques optiques, périphériques
* Disques durs, SSD et partitions, /dev/sd*
* Pilotes de périphériques

 

====4.3 Localisation des données (valeur : 3)====

{|
| style="background:#dadada" |

'''Valeur'''

| style="background:#eaeaea" | 3
|-
| style="background:#dadada; padding-right:1em" |

'''Description'''

| style="background:#eaeaea" |

Où les différents types d'informations sont stockés sur un système Linux.

|}

'''Domaines de connaissance les plus importants :'''

* Programmes et configuration
* Processus
* Adresses en mémoire
* Messagerie système
* Journalisation

'''Liste partielle de termes, fichiers et utilitaires utilisés pour cet objectif :'''

* ps, top, free
* syslog, dmesg
* /etc/, /var/log/
* /boot/, /proc/, /dev/, /sys/

 

====4.4 Intégration au réseau (valeur : 2)====

{|
| style="background:#dadada" |

'''Valeur'''

| style="background:#eaeaea" | 2
|-
| style="background:#dadada; padding-right:1em" |

'''Description'''

| style="background:#eaeaea" |

Interrogation des paramètres de configuration importants du réseau et détermination des prérequis élémentaires pour intégrer un ordinateur à un réseau local.

|}

'''Domaines de connaissance les plus importants :'''

* Internet, réseau, routeurs
* Interrogation de la configuration DNS cliente
* Interrogation de la configuration du réseau

'''Liste partielle de termes, fichiers et utilitaires utilisés pour cet objectif :'''

* route, ip route show
* ifconfig, ip addr show
* netstat, ss
* /etc/resolv.conf, /etc/hosts
* IPv4, IPv6
* ping
* host

 

===''Sujet 5 : Sécurité et droits d'accès aux fichiers''===

====5.1 Sécurité élémentaire et identification des catégories d'utilisateurs (valeur : 2)====

{|
| style="background:#dadada" |

'''Valeur'''

| style="background:#eaeaea" | 2
|-
| style="background:#dadada; padding-right:1em" |

'''Description'''

| style="background:#eaeaea" |

Différentes catégories d'utilisateurs sur un système Linux.

|}

'''Domaines de connaissance les plus importants :'''

* Root et utilisateurs standards
* Utilisateurs système

'''Liste partielle de termes, fichiers et utilitaires utilisés pour cet objectif :'''

* /etc/passwd, /etc/shadow, /etc/group
* id, last, who, w
* sudo, su

 

====5.2 Création des utilisateurs et des groupes (valeur : 2)====

{|
| style="background:#dadada" |

'''Valeur'''

| style="background:#eaeaea" | 2
|-
| style="background:#dadada; padding-right:1em" |

'''Description'''

| style="background:#eaeaea" |

Créer des utilisateurs et des groupes sur un système Linux.

|}

'''Domaines de connaissance les plus importants :'''

* Commandes de création d'utilisateurs et de groupes
* Identification des utilisateurs

'''Liste partielle de termes, fichiers et utilitaires utilisés pour cet objectif :'''

* /etc/passwd, /etc/shadow, /etc/group, /etc/skel/
* useradd, groupadd
* passwd

 

====5.3 Gestion des propriétés et des droits d'accès aux fichiers (valeur : 2)====

{|
| style="background:#dadada" |

'''Valeur'''

| style="background:#eaeaea" | 2
|-
| style="background:#dadada; padding-right:1em" |

'''Description'''

| style="background:#eaeaea" |

Comprendre et manipuler les paramètres de droits d'accès et de propriété sur les fichiers.

|}

'''Domaines de connaissance les plus importants :'''

* Droits d'accès et propriété des fichiers et répertoires

'''Liste partielle de termes, fichiers et utilitaires utilisés pour cet objectif :'''

* ls -l, ls -a
* chmod, chown

 

====5.4 Répertoires et fichiers spéciaux (valeur : 1)====

{|
| style="background:#dadada" |

'''Valeur'''

| style="background:#eaeaea" | 1
|-
| style="background:#dadada; padding-right:1em" |

'''Description'''

| style="background:#eaeaea" |

Répertoires et fichiers spéciaux sur un système Linux, y compris les droits d'accès spéciaux.

|}

'''Domaines de connaissance les plus importants :'''

* Utilisation de fichiers et répertoires temporaires
* Liens symboliques

'''Liste partielle de termes, fichiers et utilitaires utilisés pour cet objectif :'''

* /tmp/, /var/tmp/ et Sticky Bit
* ls -d
* ln -s

LinuxEssentials Objectives V1.6(FR)

2019-03-09T18:24:25Z

Babafou: /* 2.4 Création, déplacement et suppression de fichiers (valeur : 2) */

__FORCETOC__

==Introduction==

L'objectif de la certification Linux Essentials est de définir les connaissances élémentaires requises pour utiliser de manière compétente un ordinateur fixe ou portable fonctionnant avec le système d'exploitation Linux. Le programme Linux Essentials qui lui est associé guidera et encouragera les jeunes gens (et ceux qui découvrent Linux et le logiciel libre) à comprendre la place de Linux et du logiciel libre dans le contexte plus large de l'industrie informatique.

 

==Description des candidats==

Voici la description d'un candidat qui est à peine qualifié pour réussir l'examen Linux Essentials. Cette personne hypothétique est appelée Candidat Minimalement Qualifié (CMQ). Le niveau de l'examen Linux Essentials est fixé de telle sorte que cette personne (ainsi que quiconque de plus compétent) puisse le réussir mais que quiconque de moins compétent ne le puisse pas.

Le CMQ doit comprendre l'industrie de Linux et du logiciel libre et connaître les applications libres les plus répandues. Le candidat doit comprendre les composants principaux du système d'exploitation Linux et avoir les compétences techniques lui permettant de travailler sous Linux en ligne de commande. Le CMQ doit comprendre les rudiments de la sécurité et de l'administration tels que la gestion des utilisateurs et des groupes, le travail en ligne de commande et les droits d'accès. Le détenteur de la certification Linux Essentials est très probablement l'utilisateur final d'un système administré par ailleurs.

Le '''CMQ Linux Essentials''' doit avoir des compétences ou des connaissances rudimentaires dans les domaines suivants :

* le logiciel libre ou à code source ouvert, les différentes communautés et licences
* les processus, les programmes et les composants d'un système d'exploitation
* le matériel informatique
* la sécurité du système, les utilisateurs, les groupes et les droits d'accès pour des répertoires publiques et privés
* rendre le système accessible et pouvoir le raccorder à d'autres ordinateurs en réseau local
* les applications libres sur le lieu de travail et comment elles se rapportent à leurs équivalent propriétaires
* les explorateurs du système de fichiers sur un poste de travail sous Linux
* où trouver de l'aide
* travailler en ligne de commande et avec des fichiers
* réaliser des sauvegardes et des archives simples et les restaurer
* utiliser un éditeur élémentaire en ligne de commande
* comprimer des fichiers
* créer et exécuter des scripts shell simples

 

==Informations de version==

Ceci est la version 1.6 des objectifs.

Vous trouverez également le [[LinuxEssentials_Summary_Version_1.5_To_1.6|résumé et les informations détaillées]] concernant les différences entre les versions 1.5 et 1.6 des objectifs.

La [[LinuxEssentials Objectives V1.5|version 1.5 des objectifs]] est disponible [[LinuxEssentials Objectives V1.5|ici]].

 

==Traductions des objectifs==

Les traductions suivantes sont disponibles sur ce wiki :

* [[LinuxEssentials Objectives V1.6|Anglais]]
* [[LinuxEssentials Objectives V1.6(PT-BR)|Portugais (brésilien)]]
* [[LinuxEssentials Objectives V1.6(ZH)|Chinois (simplifié)]]
* [[LinuxEssentials Objectives V1.6(ZH-TW)|Chinois (traditionnel)]]
* [[LinuxEssentials Objectives V1.6(NL)|Néerlandais]]
* [[LinuxEssentials Objectives V1.6(FR)|Français]]
* [[LinuxEssentials Objectives V1.6(DE)|Allemand]]
* [[LinuxEssentials Objectives V1.6(IT)|Italien]]
* [[LinuxEssentials Objectives V1.6(JA)|Japonais]]
* [[LinuxEssentials Objectives V1.6(ES)|Espagnol]]

 

==Examens et prérequis==

La certification Linux Essentials est décernée après avoir réussi l'examen :

* 010 (40 questions en 60 minutes)

Il n'est pas nécessaire de posséder une autre certification.

 

==Objectifs==

===''Sujet 1 : Communauté Linux et carrière dans le logiciel libre''===

====1.1 Évolution de Linux et systèmes d'exploitation populaires (valeur : 2)====

{|
| style="background:#dadada" |

'''Valeur'''

| style="background:#eaeaea" | 2
|-
| style="background:#dadada; padding-right:1em" |

'''Description'''

| style="background:#eaeaea" |

Connaissance de l'évolution de Linux et des distributions principales.

|}

'''Domaines de connaissance les plus importants :'''

* Distributions
* Systèmes embarqués
* Linux dans le nuage

'''Liste partielle de termes, fichiers et utilitaires utilisés pour cet objectif :'''

* Debian, Ubuntu (LTS)
* CentOS, openSUSE, Red Hat, SUSE
* Linux Mint, Scientific Linux
* Raspberry Pi, Raspbian
* Android

 

====1.2 Applications libres majeures (valeur : 2)====

{|
| style="background:#dadada" |

'''Valeur'''

| style="background:#eaeaea" | 2
|-
| style="background:#dadada; padding-right:1em" |

'''Description'''

| style="background:#eaeaea" |

Savoir quelles sont les applications majeures ainsi que leurs utilisations et leur évolution.

|}

'''Domaines de connaissance les plus importants :'''

* Applications pour postes de travail
* Applications pour serveurs
* Langages de programmation
* Outils de gestion et dépôts de paquetages

'''Liste partielle de termes, fichiers et utilitaires utilisés pour cet objectif :'''

* OpenOffice.org, LibreOffice, Thunderbird, Firefox, GIMP
* Nextcloud, ownCloud
* Apache HTTPD, NGINX, MariaDB, MySQL, NFS, Samba
* C, Java, JavaScript, Perl, shell, Python, PHP
* dpkg, apt-get, rpm, yum

 

====1.3 Logiciel à code source ouvert et licences (valeur : 1)====

{|
| style="background:#dadada" |

'''Valeur'''

| style="background:#eaeaea" | 1
|-
| style="background:#dadada; padding-right:1em" |

'''Description'''

| style="background:#eaeaea" |

Communautés ouvertes et licences de logiciels à code source ouvert pour les entreprises.

|}

'''Domaines de connaissance les plus importants :'''

* Philosophie des logiciels à code source ouvert
* Licences des logiciels à code source ouvert
* Free Software Foundation (FSF), Open Source Initiative (OSI)

'''Liste partielle de termes, fichiers et utilitaires utilisés pour cet objectif :'''

* Copyleft, Permissive
* GPL, BSD, Creative Commons
* Free Software, Open Source Software, FOSS, FLOSS
* Modèles économiques des logiciels à code source ouvert

 

====1.4 Compétences informatiques et travail sous Linux (valeur : 2)====

{|
| style="background:#dadada" |

'''Valeur'''

| style="background:#eaeaea" | 2
|-
| style="background:#dadada; padding-right:1em" |

'''Description'''

| style="background:#eaeaea" |

Compétences élémentaires en technologies de l'information et de la communication(TIC) et travail sous Linux.

|}

'''Domaines de connaissance les plus importants :'''

* Compétences en bureautique
* Accéder à la ligne de commande
* Utilisations de Linux, de l'informatique en nuage et de la virtualisation dans l'industrie

'''Liste partielle de termes, fichiers et utilitaires utilisés pour cet objectif :'''

* Utilisation d'un navigateur Web, préoccupations de confidentialité, options de configuration, recherche sur le Web et sauvegarde de contenu
* Terminal et console
* Problématiques de mots de passe
* Problématiques et outils de confidentialité
* Utilisation d'applications à code source ouvert courantes pour des présentations et des projets

 

===''Sujet 2 : Trouver son chemin sur un système Linux''===

====2.1 Bases sur la ligne de commande (valeur : 3)====

{|
| style="background:#dadada" |

'''Valeur'''

| style="background:#eaeaea" | 3
|-
| style="background:#dadada; padding-right:1em" |

'''Description'''

| style="background:#eaeaea" |

Bases d'utilisation en ligne de commande sous Linux.

|}

'''Domaines de connaissance les plus importants :'''

* Interpréteur de commandes élémentaire
* Syntaxe en ligne de commande
* Variables
* TODO Quoting

'''Liste partielle de termes, fichiers et utilitaires utilisés pour cet objectif :'''

* Bash
* echo
* history
* Variable d'environnement PATH
* export
* type

 

====2.2 Utilisation de la ligne de commande pour obtenir de l'aide (valeur : 2)====

{|
| style="background:#dadada" |

'''Valeur'''

| style="background:#eaeaea" | 2
|-
| style="background:#dadada; padding-right:1em" |

'''Description'''

| style="background:#eaeaea" |

Exécution de commandes d'aide et navigation dans les différents systèmes d'aide.

|}

'''Domaines de connaissance les plus importants :'''

* Pages de manuel
* Pages d'information

'''Liste partielle de termes, fichiers et utilitaires utilisés pour cet objectif :'''

* man
* info
* /usr/share/doc/
* locate

 

====2.3 Utilisation des répertoires et liste des fichiers (valeur : 2)====

{|
| style="background:#dadada" |

'''Valeur'''

| style="background:#eaeaea" | 2
|-
| style="background:#dadada; padding-right:1em" |

'''Description'''

| style="background:#eaeaea" |

Navigation dans le répertoire personnel et les répertoires du système et affichage de listes de fichiers à différents emplacements.

|}

'''Domaines de connaissance les plus importants :'''

* Fichiers, répertoires
* Fichiers et répertoires cachés
* Répertoires personnels
* Chemins d'accès absolus et relatifs

'''Liste partielle de termes, fichiers et utilitaires utilisés pour cet objectif :'''

* Options courantes de ls
* listes récursives de fichiers
* cd
* '''.''' et '''..'''
* répertoire personnel et ~

 

====2.4 Création, déplacement et suppression de fichiers (valeur : 2)====

{|
| style="background:#dadada" |

'''Valeur'''

| style="background:#eaeaea" | 2
|-
| style="background:#dadada; padding-right:1em" |

'''Description'''

| style="background:#eaeaea" |

Créer, déplacer et supprimer fichiers et répertoires dans le répertoire personnel.

|}

'''Domaines de connaissance les plus importants :'''

* Fichiers et répertoires
* Sensibilité à la casse
* Englobements simples

'''Liste partielle de termes, fichiers et utilitaires utilisés pour cet objectif :'''

* mv, cp, rm, touch
* mkdir, rmdir

 

===''Sujet 3 : Le pouvoir de la ligne de commande''===

====3.1 Archivage de fichiers en ligne de commande (valeur : 2)====

{|
| style="background:#dadada" |

'''Valeur'''

| style="background:#eaeaea" | 2
|-
| style="background:#dadada; padding-right:1em" |

'''Description'''

| style="background:#eaeaea" |

Archiver des fichiers dans le répertoire personnel de l'utilisateur.

|}

'''Domaines de connaissance les plus importants :'''

* Fichiers, répertoires
* Archives, compression

'''Liste partielle de termes, fichiers et utilitaires utilisés pour cet objectif :'''

* tar
* Options courantes de tar
* gzip, bzip2, xz
* zip, unzip

 

====3.2 Recherche et extraction de données à partir de fichiers (valeur : 3)====

{|
| style="background:#dadada" |

'''Valeur'''

| style="background:#eaeaea" | 3
|-
| style="background:#dadada; padding-right:1em" |

'''Description'''

| style="background:#eaeaea" |

Rechercher et extraire des données à partir de fichiers dans le répertoire personnel.

|}

'''Domaines de connaissance les plus importants :'''

* Tuyaux en ligne de commande
* Redirection d'entrée-sortie
* Expressions rationnelles élémentaires utilisant ., [ ], *, et ?

'''Liste partielle de termes, fichiers et utilitaires utilisés pour cet objectif :'''

* grep
* less
* cat, head, tail
* sort
* cut
* wc

 

====3.3 Conversion de commandes en script (valeur : 4)====

{|
| style="background:#dadada" |

'''Valeur'''

| style="background:#eaeaea" | 4
|-
| style="background:#dadada; padding-right:1em" |

'''Description'''

| style="background:#eaeaea" |

Convertir des commandes répétitives en scripts simples.

|}

'''Domaines de connaissance les plus importants :'''

* Faire des scripts shell simples
* Connaître des éditeurs de texte courants (vi et nano)

'''Liste partielle de termes, fichiers et utilitaires utilisés pour cet objectif :'''

* #! (shebang)
* /bin/bash
* Variables
* Arguments
* boucle for
* echo
* Statut de sortie

 

===''Sujet 4 : Le système d'exploitation Linux''===

====4.1 Choix d'un système d'exploitation (valeur : 1)====

{|
| style="background:#dadada" |

'''Valeur'''

| style="background:#eaeaea" | 1
|-
| style="background:#dadada; padding-right:1em" |

'''Description'''

| style="background:#eaeaea" |

Connaissance des systèmes d'exploitation et distributions Linux majeurs.

|}

'''Domaines de connaissance les plus importants :'''

* Différences entre Windows, OS X et Linux
* Gestion du cycle de vie des distributions

'''Liste partielle de termes, fichiers et utilitaires utilisés pour cet objectif :'''

* Interface graphique par rapport à la ligne de commande, configuration d'un poste de travail
* Cycles de maintenance, versions bêta et stables

 

====4.2 Compréhension du matériel informatique (valeur : 2)====

{|
| style="background:#dadada" |

'''Valeur'''

| style="background:#eaeaea" | 2
|-
| style="background:#dadada; padding-right:1em" |

'''Description'''

| style="background:#eaeaea" |

Être familier avec les composants entrant dans la construction d'ordinateurs de bureau et de serveurs.

|}

'''Domaines de connaissance les plus importants :'''

* Matériel informatique

'''Liste partielle de termes, fichiers et utilitaires utilisés pour cet objectif :'''

* Cartes mères, processeurs, alimentations, disques optiques, périphériques
* Disques durs, SSD et partitions, /dev/sd*
* Pilotes de périphériques

 

====4.3 Localisation des données (valeur : 3)====

{|
| style="background:#dadada" |

'''Valeur'''

| style="background:#eaeaea" | 3
|-
| style="background:#dadada; padding-right:1em" |

'''Description'''

| style="background:#eaeaea" |

Où les différents types d'informations sont stockés sur un système Linux.

|}

'''Domaines de connaissance les plus importants :'''

* Programmes et configuration
* Processus
* Adresses en mémoire
* Messagerie système
* Journalisation

'''Liste partielle de termes, fichiers et utilitaires utilisés pour cet objectif :'''

* ps, top, free
* syslog, dmesg
* /etc/, /var/log/
* /boot/, /proc/, /dev/, /sys/

 

====4.4 Intégration au réseau (valeur : 2)====

{|
| style="background:#dadada" |

'''Valeur'''

| style="background:#eaeaea" | 2
|-
| style="background:#dadada; padding-right:1em" |

'''Description'''

| style="background:#eaeaea" |

Interrogation des paramètres de configuration importants du réseau et détermination des prérequis élémentaires pour intégrer un ordinateur à un réseau local.

|}

'''Domaines de connaissance les plus importants :'''

* Internet, réseau, routeurs
* Interrogation de la configuration DNS cliente
* Interrogation de la configuration du réseau

'''Liste partielle de termes, fichiers et utilitaires utilisés pour cet objectif :'''

* route, ip route show
* ifconfig, ip addr show
* netstat, ss
* /etc/resolv.conf, /etc/hosts
* IPv4, IPv6
* ping
* host

 

===''Sujet 5 : Sécurité et droits d'accès aux fichiers''===

====5.1 Sécurité élémentaire et identification des catégories d'utilisateurs (valeur : 2)====

{|
| style="background:#dadada" |

'''Valeur'''

| style="background:#eaeaea" | 2
|-
| style="background:#dadada; padding-right:1em" |

'''Description'''

| style="background:#eaeaea" |

Différentes catégories d'utilisateurs sur un système Linux.

|}

'''Domaines de connaissance les plus importants :'''

* Root et utilisateurs standards
* Utilisateurs système

'''Liste partielle de termes, fichiers et utilitaires utilisés pour cet objectif :'''

* /etc/passwd, /etc/shadow, /etc/group
* id, last, who, w
* sudo, su

 

====5.2 Création des utilisateurs et des groupes (valeur : 2)====

{|
| style="background:#dadada" |

'''Valeur'''

| style="background:#eaeaea" | 2
|-
| style="background:#dadada; padding-right:1em" |

'''Description'''

| style="background:#eaeaea" |

Créer des utilisateurs et des groupes sur un système Linux.

|}

'''Domaines de connaissance les plus importants :'''

* Commandes de création d'utilisateurs et de groupes
* Identification des utilisateurs

'''Liste partielle de termes, fichiers et utilitaires utilisés pour cet objectif :'''

* /etc/passwd, /etc/shadow, /etc/group, /etc/skel/
* useradd, groupadd
* passwd

 

====5.3 Gestion des propriétés et des droits d'accès aux fichiers (valeur : 2)====

{|
| style="background:#dadada" |

'''Valeur'''

| style="background:#eaeaea" | 2
|-
| style="background:#dadada; padding-right:1em" |

'''Description'''

| style="background:#eaeaea" |

Comprendre et manipuler les paramètres de droits d'accès et de propriété sur les fichiers.

|}

'''Domaines de connaissance les plus importants :'''

* Droits d'accès et propriété des fichiers et répertoires

'''Liste partielle de termes, fichiers et utilitaires utilisés pour cet objectif :'''

* ls -l, ls -a
* chmod, chown

 

====5.4 Répertoires et fichiers spéciaux (valeur : 1)====

{|
| style="background:#dadada" |

'''Valeur'''

| style="background:#eaeaea" | 1
|-
| style="background:#dadada; padding-right:1em" |

'''Description'''

| style="background:#eaeaea" |

Répertoires et fichiers spéciaux sur un système Linux, y compris les droits d'accès spéciaux.

|}

'''Domaines de connaissance les plus importants :'''

* Utilisation de fichiers et répertoires temporaires
* Liens symboliques

'''Liste partielle de termes, fichiers et utilitaires utilisés pour cet objectif :'''

* /tmp/, /var/tmp/ et Sticky Bit
* ls -d
* ln -s

LinuxEssentials Objectives V1.6(FR)

2019-03-09T15:50:44Z

Babafou: French names for other translations

__FORCETOC__

==Introduction==

L'objectif de la certification Linux Essentials est de définir les connaissances élémentaires requises pour utiliser de manière compétente un ordinateur fixe ou portable fonctionnant avec le système d'exploitation Linux. Le programme Linux Essentials qui lui est associé guidera et encouragera les jeunes gens (et ceux qui découvrent Linux et le logiciel libre) à comprendre la place de Linux et du logiciel libre dans le contexte plus large de l'industrie informatique.

 

==Description des candidats==

Voici la description d'un candidat qui est à peine qualifié pour réussir l'examen Linux Essentials. Cette personne hypothétique est appelée Candidat Minimalement Qualifié (CMQ). Le niveau de l'examen Linux Essentials est fixé de telle sorte que cette personne (ainsi que quiconque de plus compétent) puisse le réussir mais que quiconque de moins compétent ne le puisse pas.

Le CMQ doit comprendre l'industrie de Linux et du logiciel libre et connaître les applications libres les plus répandues. Le candidat doit comprendre les composants principaux du système d'exploitation Linux et avoir les compétences techniques lui permettant de travailler sous Linux en ligne de commande. Le CMQ doit comprendre les rudiments de la sécurité et de l'administration tels que la gestion des utilisateurs et des groupes, le travail en ligne de commande et les droits d'accès. Le détenteur de la certification Linux Essentials est très probablement l'utilisateur final d'un système administré par ailleurs.

Le '''CMQ Linux Essentials''' doit avoir des compétences ou des connaissances rudimentaires dans les domaines suivants :

* le logiciel libre ou à code source ouvert, les différentes communautés et licences
* les processus, les programmes et les composants d'un système d'exploitation
* le matériel informatique
* la sécurité du système, les utilisateurs, les groupes et les droits d'accès pour des répertoires publiques et privés
* rendre le système accessible et pouvoir le raccorder à d'autres ordinateurs en réseau local
* les applications libres sur le lieu de travail et comment elles se rapportent à leurs équivalent propriétaires
* les explorateurs du système de fichiers sur un poste de travail sous Linux
* où trouver de l'aide
* travailler en ligne de commande et avec des fichiers
* réaliser des sauvegardes et des archives simples et les restaurer
* utiliser un éditeur élémentaire en ligne de commande
* comprimer des fichiers
* créer et exécuter des scripts shell simples

 

==Informations de version==

Ceci est la version 1.6 des objectifs.

Vous trouverez également le [[LinuxEssentials_Summary_Version_1.5_To_1.6|résumé et les informations détaillées]] concernant les différences entre les versions 1.5 et 1.6 des objectifs.

La [[LinuxEssentials Objectives V1.5|version 1.5 des objectifs]] est disponible [[LinuxEssentials Objectives V1.5|ici]].

 

==Traductions des objectifs==

Les traductions suivantes sont disponibles sur ce wiki :

* [[LinuxEssentials Objectives V1.6|Anglais]]
* [[LinuxEssentials Objectives V1.6(PT-BR)|Portugais (brésilien)]]
* [[LinuxEssentials Objectives V1.6(ZH)|Chinois (simplifié)]]
* [[LinuxEssentials Objectives V1.6(ZH-TW)|Chinois (traditionnel)]]
* [[LinuxEssentials Objectives V1.6(NL)|Néerlandais]]
* [[LinuxEssentials Objectives V1.6(FR)|Français]]
* [[LinuxEssentials Objectives V1.6(DE)|Allemand]]
* [[LinuxEssentials Objectives V1.6(IT)|Italien]]
* [[LinuxEssentials Objectives V1.6(JA)|Japonais]]
* [[LinuxEssentials Objectives V1.6(ES)|Espagnol]]

 

==Examens et prérequis==

La certification Linux Essentials est décernée après avoir réussi l'examen :

* 010 (40 questions en 60 minutes)

Il n'est pas nécessaire de posséder une autre certification.

 

==Objectifs==

===''Sujet 1 : Communauté Linux et carrière dans le logiciel libre''===

====1.1 Évolution de Linux et systèmes d'exploitation populaires (valeur : 2)====

{|
| style="background:#dadada" |

'''Valeur'''

| style="background:#eaeaea" | 2
|-
| style="background:#dadada; padding-right:1em" |

'''Description'''

| style="background:#eaeaea" |

Connaissance de l'évolution de Linux et des distributions principales.

|}

'''Domaines de connaissance les plus importants :'''

* Distributions
* Systèmes embarqués
* Linux dans le nuage

'''Liste partielle de termes, fichiers et utilitaires utilisés pour cet objectif :'''

* Debian, Ubuntu (LTS)
* CentOS, openSUSE, Red Hat, SUSE
* Linux Mint, Scientific Linux
* Raspberry Pi, Raspbian
* Android

 

====1.2 Applications libres majeures (valeur : 2)====

{|
| style="background:#dadada" |

'''Valeur'''

| style="background:#eaeaea" | 2
|-
| style="background:#dadada; padding-right:1em" |

'''Description'''

| style="background:#eaeaea" |

Savoir quelles sont les applications majeures ainsi que leurs utilisations et leur évolution.

|}

'''Domaines de connaissance les plus importants :'''

* Applications pour postes de travail
* Applications pour serveurs
* Langages de programmation
* Outils de gestion et dépôts de paquetages

'''Liste partielle de termes, fichiers et utilitaires utilisés pour cet objectif :'''

* OpenOffice.org, LibreOffice, Thunderbird, Firefox, GIMP
* Nextcloud, ownCloud
* Apache HTTPD, NGINX, MariaDB, MySQL, NFS, Samba
* C, Java, JavaScript, Perl, shell, Python, PHP
* dpkg, apt-get, rpm, yum

 

====1.3 Logiciel à code source ouvert et licences (valeur : 1)====

{|
| style="background:#dadada" |

'''Valeur'''

| style="background:#eaeaea" | 1
|-
| style="background:#dadada; padding-right:1em" |

'''Description'''

| style="background:#eaeaea" |

Communautés ouvertes et licences de logiciels à code source ouvert pour les entreprises.

|}

'''Domaines de connaissance les plus importants :'''

* Philosophie des logiciels à code source ouvert
* Licences des logiciels à code source ouvert
* Free Software Foundation (FSF), Open Source Initiative (OSI)

'''Liste partielle de termes, fichiers et utilitaires utilisés pour cet objectif :'''

* Copyleft, Permissive
* GPL, BSD, Creative Commons
* Free Software, Open Source Software, FOSS, FLOSS
* Modèles économiques des logiciels à code source ouvert

 

====1.4 Compétences informatiques et travail sous Linux (valeur : 2)====

{|
| style="background:#dadada" |

'''Valeur'''

| style="background:#eaeaea" | 2
|-
| style="background:#dadada; padding-right:1em" |

'''Description'''

| style="background:#eaeaea" |

Compétences élémentaires en technologies de l'information et de la communication(TIC) et travail sous Linux.

|}

'''Domaines de connaissance les plus importants :'''

* Compétences en bureautique
* Accéder à la ligne de commande
* Utilisations de Linux, de l'informatique en nuage et de la virtualisation dans l'industrie

'''Liste partielle de termes, fichiers et utilitaires utilisés pour cet objectif :'''

* Utilisation d'un navigateur Web, préoccupations de confidentialité, options de configuration, recherche sur le Web et sauvegarde de contenu
* Terminal et console
* Problématiques de mots de passe
* Problématiques et outils de confidentialité
* Utilisation d'applications à code source ouvert courantes pour des présentations et des projets

 

===''Sujet 2 : Trouver son chemin sur un système Linux''===

====2.1 Bases sur la ligne de commande (valeur : 3)====

{|
| style="background:#dadada" |

'''Valeur'''

| style="background:#eaeaea" | 3
|-
| style="background:#dadada; padding-right:1em" |

'''Description'''

| style="background:#eaeaea" |

Bases d'utilisation en ligne de commande sous Linux.

|}

'''Domaines de connaissance les plus importants :'''

* Interpréteur de commandes élémentaire
* Syntaxe en ligne de commande
* Variables
* TODO Quoting

'''Liste partielle de termes, fichiers et utilitaires utilisés pour cet objectif :'''

* Bash
* echo
* history
* Variable d'environnement PATH
* export
* type

 

====2.2 Utilisation de la ligne de commande pour obtenir de l'aide (valeur : 2)====

{|
| style="background:#dadada" |

'''Valeur'''

| style="background:#eaeaea" | 2
|-
| style="background:#dadada; padding-right:1em" |

'''Description'''

| style="background:#eaeaea" |

Exécution de commandes d'aide et navigation dans les différents systèmes d'aide.

|}

'''Domaines de connaissance les plus importants :'''

* Pages de manuel
* Pages d'information

'''Liste partielle de termes, fichiers et utilitaires utilisés pour cet objectif :'''

* man
* info
* /usr/share/doc/
* locate

 

====2.3 Utilisation des répertoires et liste des fichiers (valeur : 2)====

{|
| style="background:#dadada" |

'''Valeur'''

| style="background:#eaeaea" | 2
|-
| style="background:#dadada; padding-right:1em" |

'''Description'''

| style="background:#eaeaea" |

Navigation dans le répertoire personnel et les répertoires du système et affichage de listes de fichiers à différents emplacements.

|}

'''Domaines de connaissance les plus importants :'''

* Fichiers, répertoires
* Fichiers et répertoires cachés
* Répertoires personnels
* Chemins d'accès absolus et relatifs

'''Liste partielle de termes, fichiers et utilitaires utilisés pour cet objectif :'''

* Options courantes de ls
* listes récursives de fichiers
* cd
* '''.''' et '''..'''
* répertoire personnel et ~

 

====2.4 Création, déplacement et suppression de fichiers (valeur : 2)====

{|
| style="background:#dadada" |

'''Valeur'''

| style="background:#eaeaea" | 2
|-
| style="background:#dadada; padding-right:1em" |

'''Description'''

| style="background:#eaeaea" |

Créer, déplacer et supprimer fichiers et répertoires dans le répertoire personnel.

|}

'''Domaines de connaissance les plus importants :'''

* Fichiers et répertoires
* Sensibilité à la casse
* TODO Englobement simple Simple globbing

'''Liste partielle de termes, fichiers et utilitaires utilisés pour cet objectif :'''

* mv, cp, rm, touch
* mkdir, rmdir

 

===''Sujet 3 : Le pouvoir de la ligne de commande''===

====3.1 Archivage de fichiers en ligne de commande (valeur : 2)====

{|
| style="background:#dadada" |

'''Valeur'''

| style="background:#eaeaea" | 2
|-
| style="background:#dadada; padding-right:1em" |

'''Description'''

| style="background:#eaeaea" |

Archiver des fichiers dans le répertoire personnel de l'utilisateur.

|}

'''Domaines de connaissance les plus importants :'''

* Fichiers, répertoires
* Archives, compression

'''Liste partielle de termes, fichiers et utilitaires utilisés pour cet objectif :'''

* tar
* Options courantes de tar
* gzip, bzip2, xz
* zip, unzip

 

====3.2 Recherche et extraction de données à partir de fichiers (valeur : 3)====

{|
| style="background:#dadada" |

'''Valeur'''

| style="background:#eaeaea" | 3
|-
| style="background:#dadada; padding-right:1em" |

'''Description'''

| style="background:#eaeaea" |

Rechercher et extraire des données à partir de fichiers dans le répertoire personnel.

|}

'''Domaines de connaissance les plus importants :'''

* Tuyaux en ligne de commande
* Redirection d'entrée-sortie
* Expressions rationnelles élémentaires utilisant ., [ ], *, et ?

'''Liste partielle de termes, fichiers et utilitaires utilisés pour cet objectif :'''

* grep
* less
* cat, head, tail
* sort
* cut
* wc

 

====3.3 Conversion de commandes en script (valeur : 4)====

{|
| style="background:#dadada" |

'''Valeur'''

| style="background:#eaeaea" | 4
|-
| style="background:#dadada; padding-right:1em" |

'''Description'''

| style="background:#eaeaea" |

Convertir des commandes répétitives en scripts simples.

|}

'''Domaines de connaissance les plus importants :'''

* Faire des scripts shell simples
* Connaître des éditeurs de texte courants (vi et nano)

'''Liste partielle de termes, fichiers et utilitaires utilisés pour cet objectif :'''

* #! (shebang)
* /bin/bash
* Variables
* Arguments
* boucle for
* echo
* Statut de sortie

 

===''Sujet 4 : Le système d'exploitation Linux''===

====4.1 Choix d'un système d'exploitation (valeur : 1)====

{|
| style="background:#dadada" |

'''Valeur'''

| style="background:#eaeaea" | 1
|-
| style="background:#dadada; padding-right:1em" |

'''Description'''

| style="background:#eaeaea" |

Connaissance des systèmes d'exploitation et distributions Linux majeurs.

|}

'''Domaines de connaissance les plus importants :'''

* Différences entre Windows, OS X et Linux
* Gestion du cycle de vie des distributions

'''Liste partielle de termes, fichiers et utilitaires utilisés pour cet objectif :'''

* Interface graphique par rapport à la ligne de commande, configuration d'un poste de travail
* Cycles de maintenance, versions bêta et stables

 

====4.2 Compréhension du matériel informatique (valeur : 2)====

{|
| style="background:#dadada" |

'''Valeur'''

| style="background:#eaeaea" | 2
|-
| style="background:#dadada; padding-right:1em" |

'''Description'''

| style="background:#eaeaea" |

Être familier avec les composants entrant dans la construction d'ordinateurs de bureau et de serveurs.

|}

'''Domaines de connaissance les plus importants :'''

* Matériel informatique

'''Liste partielle de termes, fichiers et utilitaires utilisés pour cet objectif :'''

* Cartes mères, processeurs, alimentations, disques optiques, périphériques
* Disques durs, SSD et partitions, /dev/sd*
* Pilotes de périphériques

 

====4.3 Localisation des données (valeur : 3)====

{|
| style="background:#dadada" |

'''Valeur'''

| style="background:#eaeaea" | 3
|-
| style="background:#dadada; padding-right:1em" |

'''Description'''

| style="background:#eaeaea" |

Où les différents types d'informations sont stockés sur un système Linux.

|}

'''Domaines de connaissance les plus importants :'''

* Programmes et configuration
* Processus
* Adresses en mémoire
* Messagerie système
* Journalisation

'''Liste partielle de termes, fichiers et utilitaires utilisés pour cet objectif :'''

* ps, top, free
* syslog, dmesg
* /etc/, /var/log/
* /boot/, /proc/, /dev/, /sys/

 

====4.4 Intégration au réseau (valeur : 2)====

{|
| style="background:#dadada" |

'''Valeur'''

| style="background:#eaeaea" | 2
|-
| style="background:#dadada; padding-right:1em" |

'''Description'''

| style="background:#eaeaea" |

Interrogation des paramètres de configuration importants du réseau et détermination des prérequis élémentaires pour intégrer un ordinateur à un réseau local.

|}

'''Domaines de connaissance les plus importants :'''

* Internet, réseau, routeurs
* Interrogation de la configuration DNS cliente
* Interrogation de la configuration du réseau

'''Liste partielle de termes, fichiers et utilitaires utilisés pour cet objectif :'''

* route, ip route show
* ifconfig, ip addr show
* netstat, ss
* /etc/resolv.conf, /etc/hosts
* IPv4, IPv6
* ping
* host

 

===''Sujet 5 : Sécurité et droits d'accès aux fichiers''===

====5.1 Sécurité élémentaire et identification des catégories d'utilisateurs (valeur : 2)====

{|
| style="background:#dadada" |

'''Valeur'''

| style="background:#eaeaea" | 2
|-
| style="background:#dadada; padding-right:1em" |

'''Description'''

| style="background:#eaeaea" |

Différentes catégories d'utilisateurs sur un système Linux.

|}

'''Domaines de connaissance les plus importants :'''

* Root et utilisateurs standards
* Utilisateurs système

'''Liste partielle de termes, fichiers et utilitaires utilisés pour cet objectif :'''

* /etc/passwd, /etc/shadow, /etc/group
* id, last, who, w
* sudo, su

 

====5.2 Création des utilisateurs et des groupes (valeur : 2)====

{|
| style="background:#dadada" |

'''Valeur'''

| style="background:#eaeaea" | 2
|-
| style="background:#dadada; padding-right:1em" |

'''Description'''

| style="background:#eaeaea" |

Créer des utilisateurs et des groupes sur un système Linux.

|}

'''Domaines de connaissance les plus importants :'''

* Commandes de création d'utilisateurs et de groupes
* Identification des utilisateurs

'''Liste partielle de termes, fichiers et utilitaires utilisés pour cet objectif :'''

* /etc/passwd, /etc/shadow, /etc/group, /etc/skel/
* useradd, groupadd
* passwd

 

====5.3 Gestion des propriétés et des droits d'accès aux fichiers (valeur : 2)====

{|
| style="background:#dadada" |

'''Valeur'''

| style="background:#eaeaea" | 2
|-
| style="background:#dadada; padding-right:1em" |

'''Description'''

| style="background:#eaeaea" |

Comprendre et manipuler les paramètres de droits d'accès et de propriété sur les fichiers.

|}

'''Domaines de connaissance les plus importants :'''

* Droits d'accès et propriété des fichiers et répertoires

'''Liste partielle de termes, fichiers et utilitaires utilisés pour cet objectif :'''

* ls -l, ls -a
* chmod, chown

 

====5.4 Répertoires et fichiers spéciaux (valeur : 1)====

{|
| style="background:#dadada" |

'''Valeur'''

| style="background:#eaeaea" | 1
|-
| style="background:#dadada; padding-right:1em" |

'''Description'''

| style="background:#eaeaea" |

Répertoires et fichiers spéciaux sur un système Linux, y compris les droits d'accès spéciaux.

|}

'''Domaines de connaissance les plus importants :'''

* Utilisation de fichiers et répertoires temporaires
* Liens symboliques

'''Liste partielle de termes, fichiers et utilitaires utilisés pour cet objectif :'''

* /tmp/, /var/tmp/ et Sticky Bit
* ls -d
* ln -s

LPIC-1 Objectives V5.0(FR)

2019-03-09T15:47:28Z

Babafou: /* Traductions des objectifs */

__FORCETOC__
==Introduction==

Cet examen est nécessaire pour obtenir la certification LPI de niveau 1. Il couvre les compétences d'administration Linux communes aux différentes distributions.

Cette page présente les objectifs de la version actuelle de la certification LPIC-1.

 

==Informations de version==

Ceci est la version 5.0.0 des objectifs.

Vous trouverez également le [[LPIC-1_Summary_Version_4.0_To_5.0|résumé et les informations détaillées]] concernant les différences entre les versions 4.0 et 5.0 des objectifs.

La version [[LPIC-1_Objectives_V4(FR)|4 des objectifs]] est disponible [[LPIC-1_Objectives_V4(FR)|ici]].

 

==Examens==

Pour être certifié [[LPIC-1 Objectives V5.0(FR)|LPIC-1]], le candidat doit obtenir les examens [[LPIC-1 Objectives V5(FR)#Objectifs: Examen 101|101]] et [[LPIC-1 Objectives V5(FR)#Objectifs: Examen 102|102]].

* [[#Objectives: Exam 101|101]]
* [[#Objectives: Exam 102|102]]

==Mises à jour==

 

==Traductions des objectifs==

Les traductions suivantes sont disponibles sur ce wiki :

* [[LPIC-1 Objectives V5.0|Anglais]]
* [[LPIC-1 Objectives V5.0(PT-BR)|Portugais(Portugal)]]
* [[LPIC-1 Objectives V5.0(ZH)|Chinois (simplifié)]]
* [[LPIC-1 Objectives V5.0(ZH-TW)|Chinois (traditionnel)]]
* [[LPIC-1 Objectives V5.0(FR)|Français]]
* [[LPIC-1 Objectives V5.0(DE)|Allemand]]
* [[LPIC-1 Objectives V5.0(IT)|Italien]]
* [[LPIC-1 Objectives V5.0(JA)|Japonais]]
* [[LPIC-1 Objectives V5.0(ES)|Espagnol]]

 

==Objectifs de l'examen LPI 101==

===''Sujet 101 : Architecture système''===

====101.1 Détermination et configuration des paramètres du matériel====

{|
| style="background:#dadada" |

'''Valeur'''

| style="background:#eaeaea" | 2
|-
| style="background:#dadada; padding-right:1em" |

'''Description'''

| style="background:#eaeaea" |

Les candidats doivent être en mesure de déterminer et de configurer le matériel.

|}

'''Domaines de connaissance les plus importants :'''

* Activer et désactiver les périphériques intégrés.
* Savoir différencier les types de périphériques de stockage de masse.
* Déterminer les ressources matérielles des périphériques.
* Outils et commandes permettant d'obtenir des informations sur les périphériques (par exemple lsusb, lspci, etc.).
* Outils et commandes permettant de manipuler les périphériques USB.
* Compréhension des concepts sysfs, udev et dbus.

'''Liste partielle de termes, fichiers et utilitaires utilisés pour cet objectif :'''

* /sys/
* /proc/
* /dev/
* modprobe
* lsmod
* lspci
* lsusb

 

====101.2 Démarrage du système====

{|
| style="background:#dadada" |

'''Valeur'''

| style="background:#eaeaea" | 3
|-
| style="background:#dadada; padding-right:1em" |

'''Description'''

| style="background:#eaeaea" |

Les candidats doivent être en mesure de guider le système dans la procédure d'initialisation.

|}

'''Domaines de connaissance les plus importants :'''

* Passage de commandes au chargeur de démarrage et passage de paramètres d'amorçage au noyau.
* Démontrer sa connaissance des séquences d'amorçage depuis le BIOS / UEFI jusqu'à l'achèvement des séquences de démarrage.
* Compréhension de l'init SysV et de systemd.
* Sensibilisation à Upstart.
* Consulter les événements de la phase de démarrage dans les journaux (logs).

'''Liste partielle de termes, fichiers et utilitaires utilisés pour cet objectif :'''

* dmesg
* journalctl
* BIOS
* UEFI
* chargeur d'amorçage (bootloader)
* kernel
* initramfs
* init
* SysVinit
* systemd

 

====101.3 Changement de niveaux d'exécution / des cibles de démarrage de systemd et arrêt ou redémarrage du système ====

{|
| style="background:#dadada" |

'''Valeur'''

| style="background:#eaeaea" | 3
|-
| style="background:#dadada; padding-right:1em" |

'''Description'''

| style="background:#eaeaea" |

Les candidats doivent être en mesure de gérer les niveaux d'exécution d'init SysV et les cibles (target) systemd du système. Cet objectif inclut le passage en mode mono-utilisateur, l'arrêt et le redémarrage du système. Les candidats doivent être en mesure de prévenir les utilisateurs avant de changer de niveau d'exécution ou de cible systemd (target) et de terminer correctement les processus. Cet objectif inclut également le paramétrage du niveau d'exécution ou de la cible systemd par défaut. Il inclut également la connaissance d'Upstart comme alternative à init SysV ou à systemd.

|}

'''Domaines de connaissance les plus importants :'''

* Paramétrage du niveau d'exécution ou de la cible systemd par défaut.
* Passage d'un niveau d'exécution / d'une cible systemd à un(e) autre, y compris en mode mono-utilisateur.
* Arrêt et redémarrage du système en ligne de commande.
* Avertissement des utilisateurs avant un changement de niveau d'exécution / de cible systemd ou pour d'autres événements système importants.
* Terminer les processus correctement.
* Connaissance de base de acpid.

'''Liste partielle de termes, fichiers et utilitaires utilisés pour cet objectif :'''

* /etc/inittab
* shutdown
* init
* /etc/init.d/
* telinit
* systemd
* systemctl
* /etc/systemd/
* /usr/lib/systemd/
* wall

 

===''Sujet 102 : Installation de Linux et gestion de paquetages''===

====102.1 Conception du schéma de partitionnement====

{|
| style="background:#dadada" |

'''Valeur'''

| style="background:#eaeaea" | 2
|-
| style="background:#dadada; padding-right:1em" |

'''Description'''

| style="background:#eaeaea" |

Les candidats doivent être en mesure de concevoir un schéma de partitionnement du disque dur pour un système Linux.

|}

'''Domaines de connaissance les plus importants :'''

* Répartition des systèmes de fichiers et de l'espace d'échange (swap) sur des partitions ou des disques séparés.
* Ajustement du schéma de partitionnement en fonction de l'usage prévu du système.
* Vérification que la partition /boot est conforme aux besoins de l'architecture matérielle pour le démarrage.
* Connaissance des caractéristiques de base de LVM.

'''Liste partielle de termes, fichiers et utilitaires utilisés pour cet objectif :'''

* système de fichiers racine /
* système de fichiers /var
* système de fichiers /home
* système de fichiers /boot
* partition système EFI - EFI System Partition (ESP)
* espace d'échange swap
* points de montage
* partitions

 

====102.2 Installation d'un gestionnaire d'amorçage====

{|
| style="background:#dadada" |

'''Valeur'''

| style="background:#eaeaea" | 2
|-
| style="background:#dadada; padding-right:1em" |

'''Description'''

| style="background:#eaeaea" |

Les candidats doivent être en mesure de sélectionner, d'installer et de configurer un gestionnaire d'amorçage.

|}

'''Domaines de connaissance les plus importants :'''

* Démarrage sur des images d'amorçage alternatives et sauvegarde des options de démarrage.
* Installation et configuration d'un chargeur de démarrage tel que GRUB Legacy.
* Modifications élémentaires pour GRUB2.
* Interactions avec le chargeur d'amorçage.

'''Liste partielle de termes, fichiers et utilitaires utilisés pour cet objectif :'''

* menu.lst, grub.cfg et grub.conf
* grub-install
* grub-mkconfig
* MBR

 

====102.3 Gestion des bibliothèques partagées====

{|
| style="background:#dadada" |

'''Valeur'''

| style="background:#eaeaea" | 1
|-
| style="background:#dadada; padding-right:1em" |

'''Description'''

| style="background:#eaeaea" |

Les candidats doivent être en mesure de déterminer les bibliothèques partagées dont dépendent les programmes et les installer en cas de besoin.

|}

'''Domaines de connaissance les plus importants :'''

* Identification des bibliothèques partagées.
* Identification des emplacements typiques des bibliothèques systèmes.
* Chargement des bibliothèques partagées.

'''Liste partielle de termes, fichiers et utilitaires utilisés pour cet objectif :'''

* ldd
* ldconfig
* /etc/ld.so.conf
* LD_LIBRARY_PATH

 

====102.4 Utilisation du gestionnaire de paquetage Debian====

{|
| style="background:#dadada" |

'''Valeur'''

| style="background:#eaeaea" | 3
|-
| style="background:#dadada; padding-right:1em" |

'''Description'''

| style="background:#eaeaea" |

Les candidats doivent être en mesure de gérer les paquetages en utilisant les outils de gestion de paquetages Debian.

|}

'''Domaines de connaissance les plus importants :'''

* Installation, mise à jour et désinstallation des paquetages binaires Debian.
* Recherche des paquetages contenant des fichiers ou des bibliothèques spécifiques installés ou non.
* Obtention d'informations sur un paquetage Debian comme la version, le contenu, les dépendances, l'intégrité du paquetage, et l'état d'installation (que le paquetage soit installé ou non).
* Connaissance de base de apt.

'''Liste partielle de termes, fichiers et utilitaires utilisés pour cet objectif :'''

* /etc/apt/sources.list
* dpkg
* dpkg-reconfigure
* apt-get
* apt-cache

 

====102.5 Utilisation des gestionnaires de paquetage RPM et YUM====

{|
| style="background:#dadada" |

'''Valeur'''

| style="background:#eaeaea" | 3
|-
| style="background:#dadada; padding-right:1em" |

'''Description'''

| style="background:#eaeaea" |

Les candidats doivent être en mesure de gérer les paquetages avec les outils RPM, YUM et Zypper.

|}

'''Domaines de connaissance les plus importants :'''

*Installation, réinstallation, mise à jour et suppression des paquetages avec RPM, YUM et Zypper.
* Obtention d'informations sur un paquetage RPM comme la version, le contenu, les dépendances, l'intégrité du paquetage, la signature et l'état d'installation.
* Détermination des fichiers relatifs à un paquetage donné, et recherche du paquetage auquel appartient un fichier donné.
* Connaissance de base de dnf.

'''Liste partielle de termes, fichiers et utilitaires utilisés pour cet objectif :'''

* rpm
* rpm2cpio
* /etc/yum.conf
* /etc/yum.repos.d/
* yum
* zypper

 

====102.6 Linux en tant que système virtuel hébergé====

{|
| style="background:#dadada" |

'''Valeur'''

| style="background:#eaeaea" | 1
|-
| style="background:#dadada; padding-right:1em" |

'''Description'''

| style="background:#eaeaea" |

Les candidats doivent être en mesure de comprendre les implications de la virtualisation et du cloud computing pour un système Linux virtualisé.

|}

'''Domaines de connaissance les plus importants :'''

* Compréhension des concepts généraux concernant la virtualisation et les conteneurs
* Compréhension des éléments communs de virtualisation dans le Cloud IaaS (Infratruction as a Service), comme les instances de machines, les blocs de stockage et le réseau
* Compréhension des propriétés de configuration uniques d'un système Linux à changer en cas de clone ou d'utilisation d'un modèle
* Compréhension de la manière dont les images système sont utilisées pour déployer les machines virtuelles, instances de machines dans le cloud ou les conteneurs
* Compréhension des extensions Linux permettant d'intégrer Linux à un outil de virtualisation
* Connaissance de base de cloud-init

'''Liste partielle de termes, fichiers et utilitaires utilisés pour cet objectif :'''

* Machine virtuelles
* Conteneur Linux
* Conteneur d'application
* Pilotes invité (guest drivers)
* Clés SSH machine
* D-Bus machine id

 

===''Sujet 103 : Commandes GNU et Unix''===

====103.1 Travail en ligne de commande====

{|
| style="background:#dadada" |

'''Valeur'''

| style="background:#eaeaea" | 4
|-
| style="background:#dadada; padding-right:1em" |

'''Description'''

| style="background:#eaeaea" |

Les candidats doivent être en mesure d'interagir avec des shells et des commandes à partir de la ligne de commande. Cet objectif est basé sur le shell Bash.

|}

'''Domaines de connaissance les plus importants :'''

* Utilisation de commandes ou de séquences de commandes pour réaliser des tâches simples en ligne de commande.
* Utilisation et modification de l'environnement du shell, en particulier la définition, l'export et le référencement des variables d'environnement.
* Utilisation et édition de l'historique des commandes.
* Exécution des commandes comprises ou non dans le chemin (path) par défaut.

'''Liste partielle de termes, fichiers et utilitaires utilisés pour cet objectif :'''

* bash
* echo
* env
* export
* pwd
* set
* unset
* type
* which
* man
* uname
* history
* .bash_history
* Protection (quoting)

 

====103.2 Traitement de flux de type texte avec des filtres====

{|
| style="background:#dadada" |

'''Valeur'''

| style="background:#eaeaea" | 2
|-
| style="background:#dadada; padding-right:1em" |

'''Description'''

| style="background:#eaeaea" |

Les candidats doivent être en mesure d'appliquer des filtres à un flux de type texte.

|}

'''Domaines de connaissance les plus importants :'''

* Envoi de fichiers textes ou de sorties de commandes à des filtres textuels pour les modifier en utilisant des commandes UNIX appartenant au paquetage GNU textutils.

'''Liste partielle de termes, fichiers et utilitaires utilisés pour cet objectif :'''

* bzcat
* cat
* cut
* head
* less
* md5sum
* nl
* od
* paste
* sed
* sha256sum
* sha512sum
* sort
* split
* tail
* tr
* uniq
* wc
* xzcat
* zcat

 

====103.3 Gestion élémentaire des fichiers====

{|
| style="background:#dadada" |

'''Valeur'''

| style="background:#eaeaea" | 4
|-
| style="background:#dadada; padding-right:1em" |

'''Description'''

| style="background:#eaeaea" |

Les candidats doivent être en mesure d'utiliser les commandes Linux de base pour gérer les fichiers et les répertoires.

|}

'''Domaines de connaissance les plus importants :'''

* Copie, déplacement et suppression des fichiers ou des répertoires individuellement.
* Copie récursive de plusieurs fichiers et répertoires.
* Suppression récursive de fichiers et répertoires.
* Utilisation simple et avancée des caractères génériques (wildcard) dans les commandes.
* Utilisation de find pour localiser et agir sur des fichiers en se basant sur leurs types, leurs tailles ou leurs temps (de création, modification ou accès).
* Utilisation des commandes tar, cpio et dd.

'''Liste partielle de termes, fichiers et utilitaires utilisés pour cet objectif :'''

* cp
* find
* mkdir
* mv
* ls
* rm
* rmdir
* touch
* tar
* cpio
* dd
* file
* gzip
* gunzip
* bzip2
* bunzip2
* xz
* unxz
* Développement des noms de fichiers (file globbing)

 

====103.4 Utilisation des flux, des tubes et des redirections====

{|
| style="background:#dadada" |

'''Valeur'''

| style="background:#eaeaea" | 4
|-
| style="background:#dadada; padding-right:1em" |

'''Description'''

| style="background:#eaeaea" |

Les candidats doivent être en mesure de rediriger des flux et de les associer pour traiter efficacement des données textuelles. Ces tâches incluent les redirections de l'entrée standard, de la sortie standard et de l'erreur standard, la redirection de la sortie d'une commande vers l'entrée d'une autre, l'utilisation de la sortie d'une commande comme paramètres pour une autre commande et l'envoi de la sortie à la fois sur la sortie standard et dans un fichier.

|}

'''Domaines de connaissance les plus importants :'''

* Redirection de l'entrée standard, de la sortie standard et de l'erreur standard.
* Connexion de la sortie d'une commande à l'entrée d'une autre commande.
* Utilisation de la sortie d'une commande comme paramètres d'une autre commande.
* Envoi simultané du résultat d'une commande vers la sortie standard et vers un fichier.

'''Liste partielle de termes, fichiers et utilitaires utilisés pour cet objectif :'''

* tee
* xargs

 
====103.5 Création, contrôle et interruption des processus====

{|
| style="background:#dadada" |

'''Valeur'''

| style="background:#eaeaea" | 4
|-
| style="background:#dadada; padding-right:1em" |

'''Description'''

| style="background:#eaeaea" |

Les candidats doivent être en mesure d'effectuer une gestion élémentaire des processus.

|}

'''Domaines de connaissance les plus importants :'''

* Exécution de tâches au premier plan et en arrière plan.
* Indiquer à un programme qu'il doit continuer à s'exécuter après la déconnexion.
* Contrôle des processus actifs.
* Sélection et tri des processus à afficher.
* Envoi de signaux aux processus.

'''Liste partielle de termes, fichiers et utilitaires utilisés pour cet objectif :'''

* &
* bg
* fg
* jobs
* kill
* nohup
* ps
* top
* free
* uptime
* pgrep
* pkill
* killall
* watch
* screen
* tmux

 

====103.6 Modification des priorités des processus====

{|
| style="background:#dadada" |

'''Valeur'''

| style="background:#eaeaea" | 2
|-
| style="background:#dadada; padding-right:1em" |

'''Description'''

| style="background:#eaeaea" |

Les candidats doivent être en mesure de gérer les priorités des processus.

|}

'''Domaines de connaissance les plus importants :'''

* Connaissance de la priorité par défaut affectée à un nouveau processus.
* Exécution de programme avec une priorité plus haute ou plus basse que celle par défaut.
* Changement de la priorité d'un processus en cours d'exécution.

'''Liste partielle de termes, fichiers et utilitaires utilisés pour cet objectif :'''

* nice
* ps
* renice
* top

 

====103.7 Recherche dans des fichiers texte avec les expressions rationnelles====

{|
| style="background:#dadada" |

'''Valeur'''

| style="background:#eaeaea" | 3
|-
| style="background:#dadada; padding-right:1em" |

'''Description'''

| style="background:#eaeaea" |

Les candidats doivent être en mesure de manipuler des fichiers et des données de type texte en utilisant des expressions rationnelles. Cet objectif inclut la création d'expressions rationnelles simples contenant différents caractères de notation ainsi que la compréhension des différences entre les expressions rationnelles de simples et étendues. Cela inclut également l'utilisation des expressions rationnelles dans des commandes pour effectuer des recherches dans une arborescence ou dans le contenu d'un fichier.

|}

'''Domaines de connaissance les plus importants :'''

* Création d'expressions rationnelles simples contenant différents éléments de notation.
* Compréhension des différences entre les expressions rationnelles simples et étendues.
* Compréhension des concepts de caractères spéciaux, classes de caractères et ancres.
* Utilisation des expressions rationnelles dans des commandes pour effectuer des recherches dans une arborescence ou dans le contenu d'un fichier.
* Utilisation des expressions rationnelles pour supprimer, modifier et substituer du texte.

'''Liste partielle de termes, fichiers et utilitaires utilisés pour cet objectif :'''

* grep
* egrep
* fgrep
* sed
* regex(7)

 

====103.8 Édition de fichier simple====

{|
| style="background:#dadada" |

'''Valeur'''

| style="background:#eaeaea" | 3
|-
| style="background:#dadada; padding-right:1em" |

'''Description'''

| style="background:#eaeaea" |

Les candidats doivent être en mesure d'éditer des fichiers texte avec vi. Cet objectif inclut le déplacement dans vi, les modes de base de vi, l'insertion, la modification, la suppression, la copie et la recherche de texte. Cela inclut également la connaissance d'autres éditeurs de texte courants ainsi que la configuration de l'éditeur de texte par défaut..

|}

'''Domaines de connaissance les plus importants :'''

* Déplacement dans un document édité avec vi.
* Compréhension et utilisation des modes de base de vi.
* Insertion, modification, suppression, copie et recherche de texte dans vi.
* Connaissance de base de Emacs, nano et vim.
* Configuration de l'éditeur de texte par défaut.

'''Liste partielle de termes, fichiers et utilitaires utilisés pour cet objectif :'''

* vi
* /, ?
* h,j,k,l
* i, o, a
* d, p, y, dd, yy
* ZZ, :w!, :q!
* EDITOR

 

===''Sujet 104 : Disques, systèmes de fichiers Linux , arborescence de fichiers standard (FHS) ''===

====104.1 Création des partitions et des systèmes de fichiers====

{|
| style="background:#dadada" |

'''Valeur'''

| style="background:#eaeaea" | 2
|-
| style="background:#dadada; padding-right:1em" |

'''Description'''

| style="background:#eaeaea" |

Les candidats doivent être en mesure de configurer le partitionnement des disques puis de créer des systèmes de fichiers sur des supports comme les disques durs. Ceci inclut la prise en charge des partitions d'échange (swap).

|}

'''Domaines de connaissance les plus importants :'''

* Gestion des tables de partition MBR et GPT
* Utilisation des différentes commandes mkfs pour le paramétrage des partitions et la création des différents systèmes de fichiers comme :
** ext2/ext3/ext4
** XFS
** VFAT
** exFAT
* Connaissance de base de Btrfs, y compris les systèmes de fichiers sur plusieurs périphériques, la compression et les sous-volumes.

'''Liste partielle de termes, fichiers et utilitaires utilisés pour cet objectif :'''

* fdisk
* gdisk
* parted
* mkfs
* mkswap

 

====104.2 Maintenance de l'intégrité des systèmes de fichiers====

{|
| style="background:#dadada" |

'''Valeur'''

| style="background:#eaeaea" | 2
|-
| style="background:#dadada; padding-right:1em" |

'''Description'''

| style="background:#eaeaea" |

Les candidats doivent être en mesure de maintenir l'intégrité d'un système de fichiers standard, ainsi que les informations supplémentaires associées à la journalisation.

|}

'''Domaines de connaissance les plus importants :'''

* Vérification de l'intégrité des systèmes de fichiers.
* Contrôle de l'espace et des inodes libres.
* Réparation de problèmes élémentaires sur les système de fichiers.

'''Liste partielle de termes, fichiers et utilitaires utilisés pour cet objectif :'''

* du
* df
* fsck
* e2fsck
* mke2fs
* tune2fs
* xfs_repair
* xfs_fsr
* xfs_db

 

====104.3 Montage et démontage des systèmes de fichiers====

{|
| style="background:#dadada" |

'''Valeur'''

| style="background:#eaeaea" | 3
|-
| style="background:#dadada; padding-right:1em" |

'''Description'''

| style="background:#eaeaea" |

Les candidats doivent être en mesure de configurer le montage d'un système de fichiers.

|}

'''Domaines de connaissance les plus importants :'''

* Montage et démontage manuel des systèmes de fichiers.
* Configuration du montage des systèmes de fichiers au démarrage du système.
* Configuration des options de montage des systèmes de fichiers.
* Utilisation des étiquettes et UUID pour l'identification et le montage des systèmes de fichier
* Connaissance de base des unités de montage systemd mount units (systemd mount units).

'''Liste partielle de termes, fichiers et utilitaires utilisés pour cet objectif :'''

* /etc/fstab
* /media/
* mount
* umount
* blkid
* lsblk

 

====104.4 Supprimé====

 

====104.5 Gestion des permissions et de la propriété sur les fichiers====

{|
| style="background:#dadada" |

'''Valeur'''

| style="background:#eaeaea" | 3
|-
| style="background:#dadada; padding-right:1em" |

'''Description'''

| style="background:#eaeaea" |

Les candidats doivent être en mesure de contrôler l'accès aux fichiers en utilisant les droits d'accès et les propriétés appropriés.

|}

'''Domaines de connaissance les plus importants :'''

* Gestion des permissions d'accès sur les fichiers standards et les fichiers spéciaux, ainsi que sur les répertoires.
* Utilisation des modes d'accès comme suid, sgid et sticky bit pour maintenir la sécurité.
* Savoir changer le masque de création des fichiers par défaut.
* Utilisation du champ groupe pour attribuer les permissions aux membres d'un groupe.

'''Liste partielle de termes, fichiers et utilitaires utilisés pour cet objectif :'''

* chmod
* umask
* chown
* chgrp

 
====104.6 Création et modification des liens physiques et symboliques sur les fichiers====

{|
| style="background:#dadada" |

'''Valeur'''

| style="background:#eaeaea" | 2
|-
| style="background:#dadada; padding-right:1em" |

'''Description'''

| style="background:#eaeaea" |

Les candidats doivent être en mesure de créer et de gérer les liens physiques et symboliques vers un fichier.

|}

'''Domaines de connaissance les plus importants :'''

* Création des liens.
* Identification des liens physiques et/ou symboliques.
* Copie versus liens vers les fichiers.
* Utilisation des liens pour les tâches d'administration système.

'''Liste partielle de termes, fichiers et utilitaires utilisés pour cet objectif :'''

* ln
* ls

 

====104.7 Recherche de fichiers et placement des fichiers aux endroits adéquats====

{|
| style="background:#dadada" |

'''Valeur'''

| style="background:#eaeaea" | 2
|-
| style="background:#dadada; padding-right:1em" |

'''Description'''

| style="background:#eaeaea" |

Les candidats doivent être parfaitement familiarisés avec la norme de la hiérarchie des systèmes de fichiers (FHS - Filesystem Hierarchy Standard), y compris le placement adéquat des fichiers et l'organisation des répertoires.

|}

'''Domaines de connaissance les plus importants :'''

* Compréhension de l'emplacement correct des fichiers dans le FHS.
* Recherche de fichiers et de commandes sur un système Linux
* Connaissance de l'emplacement et du but des fichiers et des répertoires importants tels que définis dans la FHS.

'''Liste partielle de termes, fichiers et utilitaires utilisés pour cet objectif :'''

* find
* locate
* updatedb
* whereis
* which
* type
* /etc/updatedb.conf

 

==Objectifs de l'examen LPI 102==

===''Sujet 105 : Shells et scripts Shell''===

====105.1 Personnalisation et utilisation de l'environnement du shell====

{|
| style="background:#dadada" |

'''Valeur'''

| style="background:#eaeaea" | 4
|-
| style="background:#dadada; padding-right:1em" |

'''Description'''

| style="background:#eaeaea" |

Les candidats doivent être en mesure de personnaliser l'environnement du shell afin de l'adapter aux besoins des utilisateurs. Les candidats doivent pouvoir modifier les profils globaux et utilisateurs.

|}

'''Domaines de connaissance les plus importants :'''

* Définition des variables environnement (par exemple le PATH) utilisées lors de la connexion ou au lancement d'un nouveau shell.
* Réalisation de fonctions BASH pour des séquences de commandes fréquentes.
* Mise à jour des répertoires squelette pour les nouveaux comptes utilisateurs.
* Définition correcte de la liste des chemins d'accès pour les commandes.

'''Liste partielle de termes, fichiers et utilitaires utilisés pour cet objectif :'''

* .
* source
* /etc/bash.bashrc
* /etc/profile
* env
* export
* set
* unset
* ~/.bash_profile
* ~/.bash_login
* ~/.profile
* ~/.bashrc
* ~/.bash_logout
* function
* alias

 

====105.2 Personnalisation ou écriture de scripts simples====

{|
| style="background:#dadada" |

'''Valeur'''

| style="background:#eaeaea" | 4
|-
| style="background:#dadada; padding-right:1em" |

'''Description'''

| style="background:#eaeaea" |

Les candidats doivent être en mesure de personnaliser des scripts existants ou d'écrire des scripts Bash simples.

|}

'''Domaines de connaissance les plus importants :'''

* Utilisation de la syntaxe standard du shell sh (boucles, tests).
* Utilisation de la substitution de commandes.
* Test de la valeur de retour d’une fonction indiquant la réussite, l’échec ou d’autres informations.
* Exécution de commandes chaînées.
* Envoi conditionnel de courriels au superutilisateur.
* Sélection correcte de l’interpréteur de commandes à utiliser dans l’entête du script (#!).
* Gestion de l'emplacement, des propriétés, des droits d’exécution et les droits spéciaux (suid) des scripts.

'''Liste partielle de termes, fichiers et utilitaires utilisés pour cet objectif :'''

* for
* while
* test
* if
* read
* seq
* exec
* ||
* &&

 

===''Sujet 106 : Interfaces et bureaux utilisateur''===

====106.1 Installation et configuration de X11====

{|
| style="background:#dadada" |

'''Valeur'''

| style="background:#eaeaea" | 2
|-
| style="background:#dadada; padding-right:1em" |

'''Description'''

| style="background:#eaeaea" |

Les candidats doivent être en mesure d'installer et de configurer un serveur X11.

|}

'''Domaines de connaissance les plus importants :'''

* Compréhension de l'architecture X11.
* Compréhension et connaissances de base du fichier de configuration de X Window.
* Remplacement d'aspects spécifiques de la configuration, comme l'agencement du clavier.
* Compréhension des composants des environements de bureau, comme les gestionnaires d'affichage et les gestionnaires de fenêtres.
* Gestion de l'accès au serveur X et affichage d'applications sur des serveurs X distants.
* Connaissance de base de Wayland.

'''Liste partielle de termes, fichiers et utilitaires utilisés pour cet objectif :'''

* /etc/X11/xorg.conf
* /etc/X11/xorg.conf.d/
* ~/.xsession-errors
* xhost
* xauth
* DISPLAY
* X

 

====106.2 Bureaux graphiques====

{|
| style="background:#dadada" |

'''Valeur'''

| style="background:#eaeaea" | 1
|-
| style="background:#dadada; padding-right:1em" |

'''Description'''

| style="background:#eaeaea" |

Les candidats doivent connaître les bureaux graphiques les plus importants sous Linux. De plus, les candidats doivent connaître les protocoles utilisés pour accéder à des sessions graphiques distantes.

|}

'''Domaines de connaissance les plus importants :'''

* Connaissance des bureaux graphiques les plus importants.
* Connaissance des protocoles utilisés pour accéder aux sessions graphiques distantes.

'''Liste partielle de termes, fichiers et utilitaires utilisés pour cet objectif :'''

* KDE
* Gnome
* Xfce
* X11
* XDMCP
* VNC
* Spice
* RDP

 

====106.3 Accessibilité====

{|
| style="background:#dadada" |

'''Valeur'''

| style="background:#eaeaea" | 1
|-
| style="background:#dadada; padding-right:1em" |

'''Description'''

| style="background:#eaeaea" |

Les candidats devront faire la preuve de leurs connaissances et de leur sensibilisation aux technologies d'accessibilité.

|}

'''Domaines de connaissance les plus importants :'''

* Connaissance de base des paramètres d'affichage et des thèmes.
* Connaissance de base des outils d'accessibilité.

'''Liste partielle de termes, fichiers et utilitaires utilisés pour cet objectif :'''

* Thèmes du bureau à fort contraste ou grandes polices.
* Lecteur d'écran.
* Lecteur braille.
* Loupe d'écran.
* Clavier virtuel.
* Touches Difficiles/Répétition.
* Touches lentes/rebond/inverser.
* Émulation de la souris au clavier.
* Gestuelles.
* Reconnaissance vocale.

 

===''Sujet 107 : Tâches d'administration''===

====107.1 Gestion des comptes utilisateurs et des groupes ainsi que des fichiers systèmes concernés====

{|
| style="background:#dadada" |

'''Valeur'''

| style="background:#eaeaea" | 5
|-
| style="background:#dadada; padding-right:1em" |

'''Description'''

| style="background:#eaeaea" |

Les candidats doivent être en mesure d’ajouter, de supprimer, de suspendre et de modifier des comptes utilisateurs.

|}

'''Domaines de connaissance les plus importants :'''

* Ajout, modification et suppression d'utilisateurs et de groupes.
* Gestion des informations associées aux utilisateurs et aux groupes dans les fichiers de bases de données système.
* Création et gestion de comptes pour des usages spécifiques et limités.

'''Liste partielle de termes, fichiers et utilitaires utilisés pour cet objectif :'''

* /etc/passwd
* /etc/shadow
* /etc/group
* /etc/skel/
* chage
* getent
* groupadd
* groupdel
* groupmod
* passwd
* useradd
* userdel
* usermod

 

====107.2 Automatisation des tâches d'administration par la planification des travaux====

{|
| style="background:#dadada" |

'''Valeur'''

| style="background:#eaeaea" | 4
|-
| style="background:#dadada; padding-right:1em" |

'''Description'''

| style="background:#eaeaea" |

Les candidats doivent être en mesure d’utiliser cron et les horloges systemd (systemd timers) pour exécuter des commandes planifiées et récurrentes ainsi que d’utiliser at pour lancer des commandes à un instant précis.

|}

'''Domaines de connaissance les plus importants :'''

* Gestion des tâches cron et at.
* Configuration des accès aux services cron et atd.
* Compréhension des unités d'horloge systemd (systemd timer units).

'''Liste partielle de termes, fichiers et utilitaires utilisés pour cet objectif :'''

* /etc/cron.{d,daily,hourly,monthly,weekly}/
* /etc/at.deny
* /etc/at.allow
* /etc/crontab
* /etc/cron.allow
* /etc/cron.deny
* /var/spool/cron/
* crontab
* at
* atq
* atrm
* systemctl
* systemd-run

 

====107.3 Paramètres régionaux et langues====

{|
| style="background:#dadada" |

'''Valeur'''

| style="background:#eaeaea" | 3
|-
| style="background:#dadada; padding-right:1em" |

'''Description'''

| style="background:#eaeaea" |

Les candidats doivent être en mesure de paramétrer le système dans une langue autre que l'anglais. Cet objectif inclut la compréhension de l'intérêt de LANG=C pour l'écriture de scripts.

|}

'''Domaines de connaissance les plus importants :'''

* Configuration de l'environnement linguistique et des variables d'environnement correspondantes.
* Configuration du fuseau horaire et des variables d'environnement correspondantes.

'''Liste partielle de termes, fichiers et utilitaires utilisés pour cet objectif :'''

* /etc/timezone
* /etc/localtime
* /usr/share/zoneinfo/
* LC_*
* LC_ALL
* LANG
* TZ
* /usr/bin/locale
* tzselect
* timedatectl
* date
* iconv
* UTF-8
* ISO-8859
* ASCII
* Unicode

 

===''Sujet 108 : Services systèmes essentiels''===

====108.1 Gestion de l'horloge système====

{|
| style="background:#dadada" |

'''Valeur'''

| style="background:#eaeaea" | 3
|-
| style="background:#dadada; padding-right:1em" |

'''Description'''

| style="background:#eaeaea" |

Les candidats doivent être en mesure de maintenir l'horloge système et de synchroniser l'horloge avec le protocole NTP.

|}

'''Domaines de connaissance les plus importants :'''

* Configuration de la date et de l’heure système.
* Configuration de l’horloge matérielle correctement en temps UTC.
* Configuration du fuseau horaire.
* Configuration élémentaire de NTP avec ntpd et chrony.
* Connaissance du service pool.ntp.org.
* Connaissance de base de la commande ntpq.

'''Liste partielle de termes, fichiers et utilitaires utilisés pour cet objectif :'''

* /usr/share/zoneinfo/
* /etc/timezone
* /etc/localtime
* /etc/ntp.conf
* /etc/chrony.conf
* date
* hwclock
* timedatectl
* ntpd
* ntpdate
* chronyc
* pool.ntp.org

 

====108.2 Journaux systèmes====

{|
| style="background:#dadada" |

'''Valeur'''

| style="background:#eaeaea" | 4
|-
| style="background:#dadada; padding-right:1em" |

'''Description'''

| style="background:#eaeaea" |

Les candidats doivent être en mesure de configurer le service rsyslog. Cet objectif inclut également la configuration du serveur de log pour envoyer la sortie des journaux vers un serveur central ou pour accepter les journaux en tant que serveur central. L'utilisation du sous-système de gestion de journal systemd est couverte. De même, la connaissance des alternatives que sont syslog et syslog-ng est au programme.

|}

'''Domaines de connaissance les plus importants :'''

* Configuration de base de rsyslog.
* Compréhension des sous-systèmes (facilities), priorités et actions standards.
* Interrogation du journal systemd.
* Filtrage des données du journal systemd sur des critères comme la date, leservice ou la priorité
* Configuration du stockage persistant du journal systemd et de la taille du journal
* Suppression des anciennes informations du journal systemd
* Récupération du journal systemd à partir d'une sauvegarde ou d'une copie
* Compréhension des interactions entre rsyslog et systemd-journald
* Configuration de logrotate.
* Connaissance de base de syslog et syslog-ng.

'''Liste partielle de termes, fichiers et utilitaires utilisés pour cet objectif :'''

* /etc/rsyslog.conf
* /var/log/
* logger
* logrotate
* /etc/logrotate.conf
* /etc/logrotate.d/
* journalctl
* systemd-cat
* /etc/systemd/journald.conf
* /var/log/journal/

 

====108.3 Bases sur l'agent de transfert de courrier (MTA)====

{|
| style="background:#dadada" |

'''Valeur'''

| style="background:#eaeaea" | 3
|-
| style="background:#dadada; padding-right:1em" |

'''Description'''

| style="background:#eaeaea" |

Les candidats doivent connaître les principaux serveurs SMTP, être capables de faire suivre les courriers (forward) et de configurer les alias sur un poste client. Les autres fichiers de configuration ne sont pas au programme.

|}

'''Domaines de connaissance les plus importants :'''

* Création des alias de courriel.
* Transfert de courriel (forward).
* Connaissance des principaux serveurs SMTP (postfix, sendmail, et exim) (sans configuration).

'''Liste partielle de termes, fichiers et utilitaires utilisés pour cet objectif :'''

* ~/.forward
* couche d'émulation des commandes sendmail
* newaliases
* mail
* mailq
* postfix
* sendmail
* exim

 

====108.4 Gestion des imprimantes et de l'impression====

{|
| style="background:#dadada" |

'''Valeur'''

| style="background:#eaeaea" | 2
|-
| style="background:#dadada; padding-right:1em" |

'''Description'''

| style="background:#eaeaea" |

Les candidats doivent être en mesure de gérer les files et les travaux d'impression avec CUPS et d'utiliser les commandes de compatibilité avec le système d'impression LPD.

|}

'''Domaines de connaissance les plus importants :'''

* Configuration élémentaire de CUPS (pour les imprimantes locales et distantes).
* Gestion des files d'attente des utilisateurs.
* Résolution des problèmes d'impression.
* Ajout et suppression des travaux des files d'impression configurées.

'''Liste partielle de termes, fichiers et utilitaires utilisés pour cet objectif :'''

* Fichiers, outils et utilitaires de configuration de CUPS
* /etc/cups/
* Interface héritée de lpd (lpr, lprm, lpq)

 

===''Sujet 109 : Notions élémentaires sur les réseaux''===

====109.1 Notions élémentaires sur les protocoles Internet====

{|
| style="background:#dadada" |

'''Valeur'''

| style="background:#eaeaea" | 4
|-
| style="background:#dadada; padding-right:1em" |

'''Description'''

| style="background:#eaeaea" |

Les candidats doivent être en mesure de démontrer leur bonne connaissance des fondamentaux sur les réseaux TCP/IP.

|}

'''Domaines de connaissance les plus importants :'''

* Compréhension des masques réseau et de la notation CIDR.
* Connaissance des différences entre les adresses IP privées et publiques.
* Connaissance des ports TCP et UDP les plus courants (20, 21, 22, 23, 25, 53, 80, 110, 123, 139, 143, 161, 162, 389, 443, 465, 514, 636, 993, 995).
* Connaissance des caractéristiques principales et des différences entre UDP, TCP et ICMP.
* Connaissance des différences principales entre IPv4 et IPv6.
* Connaissance des caractéristiques de base d'IPv6.

'''Liste partielle de termes, fichiers et utilitaires utilisés pour cet objectif :'''

* /etc/services
* IPv4, IPv6
* Sous-réseaux
* TCP, UDP, ICMP

 

====109.2 Configuration réseau persistante====

{|
| style="background:#dadada" |

'''Valeur'''

| style="background:#eaeaea" | 4
|-
| style="background:#dadada; padding-right:1em" |

'''Description'''

| style="background:#eaeaea" |

Les candidats doivent être en mesure de gérer la configuration réseau persistante sur un système Linux.

|}

'''Domaines de connaissance les plus importants :'''

* Compréhension de la configuration TCP/IP élémentaire
* Configuration ethernet et wi-fi network à partir de NetworkManager
* Connaissance de base de systemd-networkd

'''Liste partielle de termes, fichiers et utilitaires utilisés pour cet objectif :'''

* /etc/hostname
* /etc/hosts
* /etc/nsswitch.conf
* /etc/resolv.conf
* nmcli
* hostnamectl
* ifup
* ifdown

 

====109.3 Résolution de problèmes réseaux simples====

{|
| style="background:#dadada" |

'''Valeur'''

| style="background:#eaeaea" | 4
|-
| style="background:#dadada; padding-right:1em" |

'''Description'''

| style="background:#eaeaea" |

Les candidats doivent être en mesure de dépanner les problèmes réseau sur les postes de travail.

|}

'''Domaines de connaissance les plus importants :'''

* Configuration manuelle des interfaces réseau, y compris l'affichage et la modification de la configuration des interfaces réseau à partir de iproute2.
* Configuration manuelle du routage, y compris l'affichage et la modification, de même que la configuration de la passerelle par défaut à partir de iproute2.
* Résolution des problèmes associés à la configuration réseau.
* Connaissance des commandes historiques net-tools.

'''Liste partielle de termes, fichiers et utilitaires utilisés pour cet objectif :'''

* ip
* hostname
* ss
* ping
* ping6
* traceroute
* traceroute6
* tracepath
* tracepath6
* netcat
* ifconfig
* netstat
* route

 

====109.4 Configuration de la résolution de noms====

{|
| style="background:#dadada" |

'''Valeur'''

| style="background:#eaeaea" | 2
|-
| style="background:#dadada; padding-right:1em" |

'''Description'''

| style="background:#eaeaea" |

Les candidats doivent être en mesure de configurer la résolution de noms d'hôtes sur les postes de travail.

|}

'''Domaines de connaissance les plus importants :'''

* Requêtes sur serveurs DNS distants.
* Configuration de la résolution de nom locale et utilisation de serveurs DNS distants.
* Modification de l'ordre de la résolution des noms.
* Résolution d'erreurs reliées avec la résolution de nom.
* Connaissance de base de systemd-resolved

'''Liste partielle de termes, fichiers et utilitaires utilisés pour cet objectif :'''

* /etc/hosts
* /etc/resolv.conf
* /etc/nsswitch.conf
* host
* dig
* getent

 

===''Sujet 110 : Securité''===

====110.1 Tâches d'administration de sécurité====

{|
| style="background:#dadada" |

'''Valeur'''

| style="background:#eaeaea" | 3
|-
| style="background:#dadada; padding-right:1em" |

'''Description'''

| style="background:#eaeaea" |

Les candidats doivent savoir vérifier la configuration du système afin de s’assurer que la sécurité de la machine est en accord avec les politiques de sécurité.

|}

'''Domaines de connaissance les plus importants :'''

* Audit du système pour retrouver les fichiers ayant les permissions suid/guid positionnées.
* Définition ou modification des mots de passe utilisateur ainsi que des informations d'expiration du compte.
* Utilisation de nmap et netstat pour connaître les ports ouverts sur une machine
* Définition des limites utilisateur pour les connexions, les processus et l'utilisation de la mémoire.
* Détermination des connexions utilisateur passées ou actuelles.
* Configuration et utilisation élémentaire de sudo.

'''Liste partielle de termes, fichiers et utilitaires utilisés pour cet objectif :'''

* find
* passwd
* fuser
* lsof
* nmap
* chage
* netstat
* sudo
* /etc/sudoers
* su
* usermod
* ulimit
* who, w, last

 

====110.2 Configuration de la sécurité du système====

{|
| style="background:#dadada" |

'''Valeur'''

| style="background:#eaeaea" | 3
|-
| style="background:#dadada; padding-right:1em" |

'''Description'''

| style="background:#eaeaea" |

Les candidats doivent savoir configurer un niveau élémentaire de sécurité système.

|}

'''Domaines de connaissance les plus importants :'''

* Compréhension des mots de passe shadow et de leur fonctionnement.
* Arrêt des services inutiles.
* Compréhension du rôle des TCP wrappers.

'''Liste partielle de termes, fichiers et utilitaires utilisés pour cet objectif :'''

* /etc/nologin
* /etc/passwd
* /etc/shadow
* /etc/xinetd.d/
* /etc/xinetd.conf
* systemd.socket
* /etc/inittab
* /etc/init.d/
* /etc/hosts.allow
* /etc/hosts.deny

 

====110.3 Sécurisation des données avec le chiffrement====

{|
| style="background:#dadada" |

'''Valeur'''

| style="background:#eaeaea" | 4
|-
| style="background:#dadada; padding-right:1em" |

'''Description'''

| style="background:#eaeaea" |

Les candidats doivent être en mesure d'utiliser les techniques de chiffrement à partir des clés publiques pour sécuriser les données et les communications.

|}

'''Domaines de connaissance les plus importants :'''

* Configuration élémentaire et utilisation des clients OpenSSH2.
* Compréhension du rôle des clés du serveur hôte OpenSSH.
* Utilisation et configuration de base de GnuPG, y compris la révocation des clés.
* Utilisation de GPG pour chiffrer, déchiffrer, signer et vérifier des fichiers.
* Compréhension des tunnels SSH (y compris les tunnels X11).

'''Liste partielle de termes, fichiers et utilitaires utilisés pour cet objectif :'''

* ssh
* ssh-keygen
* ssh-agent
* ssh-add
* ~/.ssh/id_rsa et id_rsa.pub
* ~/.ssh/id_dsa et id_dsa.pub
* ~/.ssh/id_ecdsa et id_ecdsa.pub
* ~/.ssh/id_ed25519 et id_ed25519.pub
* /etc/ssh/ssh_host_rsa_key et ssh_host_rsa_key.pub
* /etc/ssh/ssh_host_dsa_key et ssh_host_dsa_key.pub
* /etc/ssh/ssh_host_ecdsa_key et ssh_host_ecdsa_key.pub
* /etc/ssh/ssh_host_ed25519_key et ssh_host_ed25519_key.pub
* ~/.ssh/authorized_keys
* ssh_known_hosts
* gpg
* gpg-agent
* ~/.gnupg/

==Considérations de modifications ultérieures==

Les prochaines versions des objectifs pourront inclure les changements suivants :

* Suppression de ifup/ifdown et des commandes net-tools historiques
* Suppression de TCP wrappers

LinuxEssentials Objectives V1.6(FR)

2019-03-09T15:42:42Z

Babafou: French translation for Linux Essentials 1.6 objectives

__FORCETOC__

==Introduction==

L'objectif de la certification Linux Essentials est de définir les connaissances élémentaires requises pour utiliser de manière compétente un ordinateur fixe ou portable fonctionnant avec le système d'exploitation Linux. Le programme Linux Essentials qui lui est associé guidera et encouragera les jeunes gens (et ceux qui découvrent Linux et le logiciel libre) à comprendre la place de Linux et du logiciel libre dans le contexte plus large de l'industrie informatique.

 

==Description des candidats==

Voici la description d'un candidat qui est à peine qualifié pour réussir l'examen Linux Essentials. Cette personne hypothétique est appelée Candidat Minimalement Qualifié (CMQ). Le niveau de l'examen Linux Essentials est fixé de telle sorte que cette personne (ainsi que quiconque de plus compétent) puisse le réussir mais que quiconque de moins compétent ne le puisse pas.

Le CMQ doit comprendre l'industrie de Linux et du logiciel libre et connaître les applications libres les plus répandues. Le candidat doit comprendre les composants principaux du système d'exploitation Linux et avoir les compétences techniques lui permettant de travailler sous Linux en ligne de commande. Le CMQ doit comprendre les rudiments de la sécurité et de l'administration tels que la gestion des utilisateurs et des groupes, le travail en ligne de commande et les droits d'accès. Le détenteur de la certification Linux Essentials est très probablement l'utilisateur final d'un système administré par ailleurs.

Le '''CMQ Linux Essentials''' doit avoir des compétences ou des connaissances rudimentaires dans les domaines suivants :

* le logiciel libre ou à code source ouvert, les différentes communautés et licences
* les processus, les programmes et les composants d'un système d'exploitation
* le matériel informatique
* la sécurité du système, les utilisateurs, les groupes et les droits d'accès pour des répertoires publiques et privés
* rendre le système accessible et pouvoir le raccorder à d'autres ordinateurs en réseau local
* les applications libres sur le lieu de travail et comment elles se rapportent à leurs équivalent propriétaires
* les explorateurs du système de fichiers sur un poste de travail sous Linux
* où trouver de l'aide
* travailler en ligne de commande et avec des fichiers
* réaliser des sauvegardes et des archives simples et les restaurer
* utiliser un éditeur élémentaire en ligne de commande
* comprimer des fichiers
* créer et exécuter des scripts shell simples

 

==Informations de version==

Ceci est la version 1.6 des objectifs.

Vous trouverez également le [[LinuxEssentials_Summary_Version_1.5_To_1.6|résumé et les informations détaillées]] concernant les différences entre les versions 1.5 et 1.6 des objectifs.

La [[LinuxEssentials Objectives V1.5|version 1.5 des objectifs]] est disponible [[LinuxEssentials Objectives V1.5|ici]].

 

==Traductions des objectifs==

Les traductions suivantes sont disponibles sur ce wiki :

* [[LinuxEssentials Objectives V1.6|English]]
* [[LinuxEssentials Objectives V1.6(PT-BR)|Brazilian Portuguese]]
* [[LinuxEssentials Objectives V1.6(ZH)|Chinese (Simplified)]]
* [[LinuxEssentials Objectives V1.6(ZH-TW)|Chinese (Traditional)]]
* [[LinuxEssentials Objectives V1.6(NL)|Dutch]]
* [[LinuxEssentials Objectives V1.6(FR)|French]]
* [[LinuxEssentials Objectives V1.6(DE)|German]]
* [[LinuxEssentials Objectives V1.6(IT)|Italian]]
* [[LinuxEssentials Objectives V1.6(JA)|Japanese]]
* [[LinuxEssentials Objectives V1.6(ES)|Spanish]]

 

==Examens et prérequis==

La certification Linux Essentials est décernée après avoir réussi l'examen :

* 010 (40 questions en 60 minutes)

Il n'est pas nécessaire de posséder une autre certification.

 

==Objectifs==

===''Sujet 1 : Communauté Linux et carrière dans le logiciel libre''===

====1.1 Évolution de Linux et systèmes d'exploitation populaires (valeur : 2)====

{|
| style="background:#dadada" |

'''Valeur'''

| style="background:#eaeaea" | 2
|-
| style="background:#dadada; padding-right:1em" |

'''Description'''

| style="background:#eaeaea" |

Connaissance de l'évolution de Linux et des distributions principales.

|}

'''Domaines de connaissance les plus importants :'''

* Distributions
* Systèmes embarqués
* Linux dans le nuage

'''Liste partielle de termes, fichiers et utilitaires utilisés pour cet objectif :'''

* Debian, Ubuntu (LTS)
* CentOS, openSUSE, Red Hat, SUSE
* Linux Mint, Scientific Linux
* Raspberry Pi, Raspbian
* Android

 

====1.2 Applications libres majeures (valeur : 2)====

{|
| style="background:#dadada" |

'''Valeur'''

| style="background:#eaeaea" | 2
|-
| style="background:#dadada; padding-right:1em" |

'''Description'''

| style="background:#eaeaea" |

Savoir quelles sont les applications majeures ainsi que leurs utilisations et leur évolution.

|}

'''Domaines de connaissance les plus importants :'''

* Applications pour postes de travail
* Applications pour serveurs
* Langages de programmation
* Outils de gestion et dépôts de paquetages

'''Liste partielle de termes, fichiers et utilitaires utilisés pour cet objectif :'''

* OpenOffice.org, LibreOffice, Thunderbird, Firefox, GIMP
* Nextcloud, ownCloud
* Apache HTTPD, NGINX, MariaDB, MySQL, NFS, Samba
* C, Java, JavaScript, Perl, shell, Python, PHP
* dpkg, apt-get, rpm, yum

 

====1.3 Logiciel à code source ouvert et licences (valeur : 1)====

{|
| style="background:#dadada" |

'''Valeur'''

| style="background:#eaeaea" | 1
|-
| style="background:#dadada; padding-right:1em" |

'''Description'''

| style="background:#eaeaea" |

Communautés ouvertes et licences de logiciels à code source ouvert pour les entreprises.

|}

'''Domaines de connaissance les plus importants :'''

* Philosophie des logiciels à code source ouvert
* Licences des logiciels à code source ouvert
* Free Software Foundation (FSF), Open Source Initiative (OSI)

'''Liste partielle de termes, fichiers et utilitaires utilisés pour cet objectif :'''

* Copyleft, Permissive
* GPL, BSD, Creative Commons
* Free Software, Open Source Software, FOSS, FLOSS
* Modèles économiques des logiciels à code source ouvert

 

====1.4 Compétences informatiques et travail sous Linux (valeur : 2)====

{|
| style="background:#dadada" |

'''Valeur'''

| style="background:#eaeaea" | 2
|-
| style="background:#dadada; padding-right:1em" |

'''Description'''

| style="background:#eaeaea" |

Compétences élémentaires en technologies de l'information et de la communication(TIC) et travail sous Linux.

|}

'''Domaines de connaissance les plus importants :'''

* Compétences en bureautique
* Accéder à la ligne de commande
* Utilisations de Linux, de l'informatique en nuage et de la virtualisation dans l'industrie

'''Liste partielle de termes, fichiers et utilitaires utilisés pour cet objectif :'''

* Utilisation d'un navigateur Web, préoccupations de confidentialité, options de configuration, recherche sur le Web et sauvegarde de contenu
* Terminal et console
* Problématiques de mots de passe
* Problématiques et outils de confidentialité
* Utilisation d'applications à code source ouvert courantes pour des présentations et des projets

 

===''Sujet 2 : Trouver son chemin sur un système Linux''===

====2.1 Bases sur la ligne de commande (valeur : 3)====

{|
| style="background:#dadada" |

'''Valeur'''

| style="background:#eaeaea" | 3
|-
| style="background:#dadada; padding-right:1em" |

'''Description'''

| style="background:#eaeaea" |

Bases d'utilisation en ligne de commande sous Linux.

|}

'''Domaines de connaissance les plus importants :'''

* Interpréteur de commandes élémentaire
* Syntaxe en ligne de commande
* Variables
* TODO Quoting

'''Liste partielle de termes, fichiers et utilitaires utilisés pour cet objectif :'''

* Bash
* echo
* history
* Variable d'environnement PATH
* export
* type

 

====2.2 Utilisation de la ligne de commande pour obtenir de l'aide (valeur : 2)====

{|
| style="background:#dadada" |

'''Valeur'''

| style="background:#eaeaea" | 2
|-
| style="background:#dadada; padding-right:1em" |

'''Description'''

| style="background:#eaeaea" |

Exécution de commandes d'aide et navigation dans les différents systèmes d'aide.

|}

'''Domaines de connaissance les plus importants :'''

* Pages de manuel
* Pages d'information

'''Liste partielle de termes, fichiers et utilitaires utilisés pour cet objectif :'''

* man
* info
* /usr/share/doc/
* locate

 

====2.3 Utilisation des répertoires et liste des fichiers (valeur : 2)====

{|
| style="background:#dadada" |

'''Valeur'''

| style="background:#eaeaea" | 2
|-
| style="background:#dadada; padding-right:1em" |

'''Description'''

| style="background:#eaeaea" |

Navigation dans le répertoire personnel et les répertoires du système et affichage de listes de fichiers à différents emplacements.

|}

'''Domaines de connaissance les plus importants :'''

* Fichiers, répertoires
* Fichiers et répertoires cachés
* Répertoires personnels
* Chemins d'accès absolus et relatifs

'''Liste partielle de termes, fichiers et utilitaires utilisés pour cet objectif :'''

* Options courantes de ls
* listes récursives de fichiers
* cd
* '''.''' et '''..'''
* répertoire personnel et ~

 

====2.4 Création, déplacement et suppression de fichiers (valeur : 2)====

{|
| style="background:#dadada" |

'''Valeur'''

| style="background:#eaeaea" | 2
|-
| style="background:#dadada; padding-right:1em" |

'''Description'''

| style="background:#eaeaea" |

Créer, déplacer et supprimer fichiers et répertoires dans le répertoire personnel.

|}

'''Domaines de connaissance les plus importants :'''

* Fichiers et répertoires
* Sensibilité à la casse
* TODO Englobement simple Simple globbing

'''Liste partielle de termes, fichiers et utilitaires utilisés pour cet objectif :'''

* mv, cp, rm, touch
* mkdir, rmdir

 

===''Sujet 3 : Le pouvoir de la ligne de commande''===

====3.1 Archivage de fichiers en ligne de commande (valeur : 2)====

{|
| style="background:#dadada" |

'''Valeur'''

| style="background:#eaeaea" | 2
|-
| style="background:#dadada; padding-right:1em" |

'''Description'''

| style="background:#eaeaea" |

Archiver des fichiers dans le répertoire personnel de l'utilisateur.

|}

'''Domaines de connaissance les plus importants :'''

* Fichiers, répertoires
* Archives, compression

'''Liste partielle de termes, fichiers et utilitaires utilisés pour cet objectif :'''

* tar
* Options courantes de tar
* gzip, bzip2, xz
* zip, unzip

 

====3.2 Recherche et extraction de données à partir de fichiers (valeur : 3)====

{|
| style="background:#dadada" |

'''Valeur'''

| style="background:#eaeaea" | 3
|-
| style="background:#dadada; padding-right:1em" |

'''Description'''

| style="background:#eaeaea" |

Rechercher et extraire des données à partir de fichiers dans le répertoire personnel.

|}

'''Domaines de connaissance les plus importants :'''

* Tuyaux en ligne de commande
* Redirection d'entrée-sortie
* Expressions rationnelles élémentaires utilisant ., [ ], *, et ?

'''Liste partielle de termes, fichiers et utilitaires utilisés pour cet objectif :'''

* grep
* less
* cat, head, tail
* sort
* cut
* wc

 

====3.3 Conversion de commandes en script (valeur : 4)====

{|
| style="background:#dadada" |

'''Valeur'''

| style="background:#eaeaea" | 4
|-
| style="background:#dadada; padding-right:1em" |

'''Description'''

| style="background:#eaeaea" |

Convertir des commandes répétitives en scripts simples.

|}

'''Domaines de connaissance les plus importants :'''

* Faire des scripts shell simples
* Connaître des éditeurs de texte courants (vi et nano)

'''Liste partielle de termes, fichiers et utilitaires utilisés pour cet objectif :'''

* #! (shebang)
* /bin/bash
* Variables
* Arguments
* boucle for
* echo
* Statut de sortie

 

===''Sujet 4 : Le système d'exploitation Linux''===

====4.1 Choix d'un système d'exploitation (valeur : 1)====

{|
| style="background:#dadada" |

'''Valeur'''

| style="background:#eaeaea" | 1
|-
| style="background:#dadada; padding-right:1em" |

'''Description'''

| style="background:#eaeaea" |

Connaissance des systèmes d'exploitation et distributions Linux majeurs.

|}

'''Domaines de connaissance les plus importants :'''

* Différences entre Windows, OS X et Linux
* Gestion du cycle de vie des distributions

'''Liste partielle de termes, fichiers et utilitaires utilisés pour cet objectif :'''

* Interface graphique par rapport à la ligne de commande, configuration d'un poste de travail
* Cycles de maintenance, versions bêta et stables

 

====4.2 Compréhension du matériel informatique (valeur : 2)====

{|
| style="background:#dadada" |

'''Valeur'''

| style="background:#eaeaea" | 2
|-
| style="background:#dadada; padding-right:1em" |

'''Description'''

| style="background:#eaeaea" |

Être familier avec les composants entrant dans la construction d'ordinateurs de bureau et de serveurs.

|}

'''Domaines de connaissance les plus importants :'''

* Matériel informatique

'''Liste partielle de termes, fichiers et utilitaires utilisés pour cet objectif :'''

* Cartes mères, processeurs, alimentations, disques optiques, périphériques
* Disques durs, SSD et partitions, /dev/sd*
* Pilotes de périphériques

 

====4.3 Localisation des données (valeur : 3)====

{|
| style="background:#dadada" |

'''Valeur'''

| style="background:#eaeaea" | 3
|-
| style="background:#dadada; padding-right:1em" |

'''Description'''

| style="background:#eaeaea" |

Où les différents types d'informations sont stockés sur un système Linux.

|}

'''Domaines de connaissance les plus importants :'''

* Programmes et configuration
* Processus
* Adresses en mémoire
* Messagerie système
* Journalisation

'''Liste partielle de termes, fichiers et utilitaires utilisés pour cet objectif :'''

* ps, top, free
* syslog, dmesg
* /etc/, /var/log/
* /boot/, /proc/, /dev/, /sys/

 

====4.4 Intégration au réseau (valeur : 2)====

{|
| style="background:#dadada" |

'''Valeur'''

| style="background:#eaeaea" | 2
|-
| style="background:#dadada; padding-right:1em" |

'''Description'''

| style="background:#eaeaea" |

Interrogation des paramètres de configuration importants du réseau et détermination des prérequis élémentaires pour intégrer un ordinateur à un réseau local.

|}

'''Domaines de connaissance les plus importants :'''

* Internet, réseau, routeurs
* Interrogation de la configuration DNS cliente
* Interrogation de la configuration du réseau

'''Liste partielle de termes, fichiers et utilitaires utilisés pour cet objectif :'''

* route, ip route show
* ifconfig, ip addr show
* netstat, ss
* /etc/resolv.conf, /etc/hosts
* IPv4, IPv6
* ping
* host

 

===''Sujet 5 : Sécurité et droits d'accès aux fichiers''===

====5.1 Sécurité élémentaire et identification des catégories d'utilisateurs (valeur : 2)====

{|
| style="background:#dadada" |

'''Valeur'''

| style="background:#eaeaea" | 2
|-
| style="background:#dadada; padding-right:1em" |

'''Description'''

| style="background:#eaeaea" |

Différentes catégories d'utilisateurs sur un système Linux.

|}

'''Domaines de connaissance les plus importants :'''

* Root et utilisateurs standards
* Utilisateurs système

'''Liste partielle de termes, fichiers et utilitaires utilisés pour cet objectif :'''

* /etc/passwd, /etc/shadow, /etc/group
* id, last, who, w
* sudo, su

 

====5.2 Création des utilisateurs et des groupes (valeur : 2)====

{|
| style="background:#dadada" |

'''Valeur'''

| style="background:#eaeaea" | 2
|-
| style="background:#dadada; padding-right:1em" |

'''Description'''

| style="background:#eaeaea" |

Créer des utilisateurs et des groupes sur un système Linux.

|}

'''Domaines de connaissance les plus importants :'''

* Commandes de création d'utilisateurs et de groupes
* Identification des utilisateurs

'''Liste partielle de termes, fichiers et utilitaires utilisés pour cet objectif :'''

* /etc/passwd, /etc/shadow, /etc/group, /etc/skel/
* useradd, groupadd
* passwd

 

====5.3 Gestion des propriétés et des droits d'accès aux fichiers (valeur : 2)====

{|
| style="background:#dadada" |

'''Valeur'''

| style="background:#eaeaea" | 2
|-
| style="background:#dadada; padding-right:1em" |

'''Description'''

| style="background:#eaeaea" |

Comprendre et manipuler les paramètres de droits d'accès et de propriété sur les fichiers.

|}

'''Domaines de connaissance les plus importants :'''

* Droits d'accès et propriété des fichiers et répertoires

'''Liste partielle de termes, fichiers et utilitaires utilisés pour cet objectif :'''

* ls -l, ls -a
* chmod, chown

 

e="color:navy">5.4 Répertoires et fichiers spéciaux (valeur : 1)====

{|
| style="background:#dadada" |

'''Valeur'''

| style="background:#eaeaea" | 1
|-
| style="background:#dadada; padding-right:1em" |

'''Description'''

| style="background:#eaeaea" |

Répertoires et fichiers spéciaux sur un système Linux, y compris les droits d'accès spéciaux.

|}

'''Domaines de connaissance les plus importants :'''

* Utilisation de fichiers et répertoires temporaires
* Liens symboliques

'''Liste partielle de termes, fichiers et utilitaires utilisés pour cet objectif :'''

* /tmp/, /var/tmp/ et Sticky Bit
* ls -d
* ln -s

LPIC-303 Objectives V2

2018-07-31T09:13:34Z

Babafou: Correct path is /etc/idmapd.conf, not /etc/idmap.conf

__FORCETOC__
==Introduction==
The description of the entire [[LPIC-3]] programme is listed [[LPIC-3|here]].
 
 

==Version Information==

These objectives are version 2.0.0.

The version [[LPIC-303 Objectives V1|1.x objectives]] can be found [[LPIC-303 Objectives V1|here]].

 

==Translations of Objectives==
The following translations of the objectives are available on this wiki:
* [[LPIC-303|English]]
* [[LPIC-303(ES)|Spanish]]
 

==Objectives==
===''Topic 325: Cryptography''===
====325.1 X.509 Certificates and Public Key Infrastructures (weight: 5)====
{|
| style="background:#dadada" | '''Weight'''
| style="background:#eaeaea" | 5
|-
| style="background:#dadada; padding-right:1em" | '''Description'''
| style="background:#eaeaea" | Candidates should understand X.509 certificates and public key infrastructures. They should know how to configure and use OpenSSL to implement certification authorities and issue SSL certificates for various purposes.
|}
'''Key Knowledge Areas:'''
* Understand X.509 certificates, X.509 certificate lifecycle, X.509 certificate fields and X.509v3 certificate extensions.
* Understand trust chains and public key infrastructures.
* Generate and manage public and private keys.
* Create, operate and secure a certification authority.
* Request, sign and manage server and client certificates.
* Revoke certificates and certification authorities.
'''The following is a partial list of the used files, terms and utilities:'''
* openssl, including relevant subcommands
* OpenSSL configuration
* PEM, DER, PKCS
* CSR
* CRL
* OCSP

 

====325.2 X.509 Certificates for Encryption, Signing and Authentication (weight: 4)====
{|
| style="background:#dadada" | '''Weight'''
| style="background:#eaeaea" | 4
|-
| style="background:#dadada; padding-right:1em" | '''Description'''
| style="background:#eaeaea" | Candidates should know how to use X.509 certificates for both server and client authentication. Candidates should be able to implement user and server authentication for Apache HTTPD. The version of Apache HTTPD covered is 2.4 or higher.
|}
'''Key Knowledge Areas:'''
* Understand of SSL, TLS and protocol versions.
* Understand common transport layer security threats, for example Man-in-the-Middle.
* Configure Apache HTTPD with mod_ssl to provide HTTPS service, including SNI and HSTS.
* Configure Apache HTTPD with mod_ssl to authenticate users using certificates.
* Configure Apache HTTPD with mod_ssl to provide OCSP stapling.
* Use OpenSSL for SSL/TLS client and server tests.
'''The following is a partial list of the used files, terms and utilities:'''
* Intermediate certification authorities
* Cipher configuration (no cipher-specific knowledge)
* httpd.conf
* mod_ssl
* openssl

 

====325.3 Encrypted File Systems (weight: 3)====
{|
| style="background:#dadada" | '''Weight'''
| style="background:#eaeaea" | 3
|-
| style="background:#dadada; padding-right:1em" | '''Description'''
| style="background:#eaeaea" | Candidates should be able to set up and configure encrypted file systems.
|}
'''Key Knowledge Areas:'''
* Understand block device and file system encryption.
* Use dm-crypt with LUKS to encrypt block devices.
* Use eCryptfs to encrypt file systems, including home directories and PAM integration.
* Be aware of plain dm-crypt and EncFS.
'''The following is a partial list of the used files, terms and utilities:'''
* cryptsetup
* cryptmount
* /etc/crypttab
* ecryptfsd
* ecryptfs-* commands
* mount.ecryptfs, umount.ecryptfs
* pam_ecryptfs

 

====325.4 DNS and Cryptography (weight: 5)====
{|
| style="background:#dadada" | '''Weight'''
| style="background:#eaeaea" | 5
|-
| style="background:#dadada; padding-right:1em" | '''Description'''
| style="background:#eaeaea" | Candidates should have experience and knowledge of cryptography in the context of DNS and its implementation using BIND. The version of BIND covered is 9.7 or higher.
|}
'''Key Knowledge Areas:'''
* Understanding of DNSSEC and DANE.
* Configure and troubleshoot BIND as an authoritative name server serving DNSSEC secured zones.
* Configure BIND as an recursive name server that performs DNSSEC validation on behalf of its clients.
* Key Signing Key, Zone Signing Key, Key Tag
* Key generation, key storage, key management and key rollover
* Maintenance and re-signing of zones
* Use DANE to publish X.509 certificate information in DNS.
* Use TSIG for secure communication with BIND.
'''The following is a partial list of the used files, terms and utilities:'''
* DNS, EDNS, Zones, Resource Records
* DNS resource records: DS, DNSKEY, RRSIG, NSEC, NSEC3, NSEC3PARAM, TLSA
* DO-Bit, AD-Bit
* TSIG
* named.conf
* dnssec-keygen
* dnssec-signzone
* dnssec-settime
* dnssec-dsfromkey
* rndc
* dig
* delv
* openssl

 
 

===''Topic 326: Host Security''===

====326.1 Host Hardening (weight: 3)====
{|
| style="background:#dadada" | '''Weight'''
| style="background:#eaeaea" | 3
|-
| style="background:#dadada; padding-right:1em" | '''Description'''
| style="background:#eaeaea" | Candidates should be able to secure computers running Linux against common threats. This includes kernel and software configuration.
|}
'''Key Knowledge Areas:'''
* Configure BIOS and boot loader (GRUB 2) security.
* Disable useless software and services.
* Use sysctl for security related kernel configuration, particularly ASLR, Exec-Shield and IP / ICMP configuration.
* Limit resource usage.
* Work with chroot environments.
* Drop unnecessary capabilities.
* Be aware of the security advantages of virtualization.
'''The following is a partial list of the used files, terms and utilities:'''
* grub.cfg
* chkconfig, systemctl
* ulimit
* /etc/security/limits.conf
* pam_limits.so
* chroot
* sysctl
* /etc/sysctl.conf
 

====326.2 Host Intrusion Detection (weight: 4)====
{|
| style="background:#dadada" | '''Weight'''
| style="background:#eaeaea" | 4
|-
| style="background:#dadada; padding-right:1em" | '''Description'''
| style="background:#eaeaea" | Candidates should be familiar with the use and configuration of common host intrusion detection software. This includes updates and maintenance as well as automated host scans.
|}
'''Key Knowledge Areas:'''
* Use and configure the Linux Audit system.
* Use chkrootkit.
* Use and configure rkhunter, including updates.
* Use Linux Malware Detect.
* Automate host scans using cron.
* Configure and use AIDE, including rule management.
* Be aware of OpenSCAP.
'''The following is a partial list of the used files, terms and utilities:'''
* auditd
* auditctl
* ausearch, aureport
* auditd.conf
* audit.rules
* pam_tty_audit.so
* chkrootkit
* rkhunter
* /etc/rkhunter.conf
* maldet
* conf.maldet
* aide
* /etc/aide/aide.conf

 

====326.3 User Management and Authentication (weight: 5)====
{|
| style="background:#dadada" | '''Weight'''
| style="background:#eaeaea" | 5
|-
| style="background:#dadada; padding-right:1em" | '''Description'''
| style="background:#eaeaea" | Candidates should be familiar with management and authentication of user accounts. This includes configuration and use of NSS, PAM, SSSD and Kerberos for both local and remote directories and authentication mechanisms as well as enforcing a password policy.
|}
'''Key Knowledge Areas:'''
* Understand and configure NSS.
* Understand and configure PAM.
* Enforce password complexity policies and periodic password changes.
* Lock accounts automatically after failed login attempts.
* Configure and use SSSD.
* Configure NSS and PAM for use with SSSD.
* Configure SSSD authentication against Active Directory, IPA, LDAP, Kerberos and local domains.
* Obtain and manage Kerberos tickets.
'''The following is a partial list of the used files, terms and utilities:'''
* nsswitch.conf
* /etc/login.defs
* pam_cracklib.so
* chage
* pam_tally.so, pam_tally2.so
* faillog
* pam_sss.so
* sssd
* sssd.conf
* sss_* commands
* krb5.conf
* kinit, klist, kdestroy

 

====326.4 FreeIPA Installation and Samba Integration (weight: 4)====
{|
| style="background:#dadada" | '''Weight'''
| style="background:#eaeaea" | 4
|-
| style="background:#dadada; padding-right:1em" | '''Description'''
| style="background:#eaeaea" | Candidates should be familiar with FreeIPA v4.x. This includes installation and maintenance of a server instance with a FreeIPA domain as well as integration of FreeIPA with Active Directory.
|}
'''Key Knowledge Areas:'''
* Understand FreeIPA, including its architecture and components.
* Understand system and configuration prerequisites for installing FreeIPA.
* Install and manage a FreeIPA server and domain.
* Understand and configure Active Directory replication and Kerberos cross-realm trusts.
* Be aware of sudo, autofs, SSH and SELinux integration in FreeIPA.
'''The following is a partial list of the used files, terms and utilities:'''
* 389 Directory Server, MIT Kerberos, Dogtag Certificate System, NTP, DNS, SSSD, certmonger
* ipa, including relevant subcommands
* ipa-server-install, ipa-client-install, ipa-replica-install
* ipa-replica-prepare, ipa-replica-manage
 
 

===''Topic 327: Access Control''===
====327.1 Discretionary Access Control (weight: 3)====
{|
| style="background:#dadada" | '''Weight'''
| style="background:#eaeaea" | 3
|-
| style="background:#dadada; padding-right:1em" | '''Description'''
| style="background:#eaeaea" | Candidates are required to understand Discretionary Access Control and know how to implement it using Access Control Lists. Additionally, candidates are required to understand and know how to use Extended Attributes.
|}
'''Key Knowledge Areas:'''
* Understand and manage file ownership and permissions, including SUID and SGID.
* Understand and manage access control lists.
* Understand and manage extended attributes and attribute classes.
'''The following is a partial list of the used files, terms and utilities:'''
* getfacl
* setfacl
* getfattr
* setfattr

 

====327.2 Mandatory Access Control (weight: 4)====
{|
| style="background:#dadada" | '''Weight'''
| style="background:#eaeaea" | 4
|-
| style="background:#dadada; padding-right:1em" | '''Description'''
| style="background:#eaeaea" | Candidates should be familiar with Mandatory Access Control systems for Linux. Specifically, candidates should have a thorough knowledge of SELinux. Also, candidates should be aware of other Mandatory Access Control systems for Linux. This includes major features of these systems but not configuration and use.
|}
'''Key Knowledge Areas:'''
* Understand the concepts of TE, RBAC, MAC and DAC.
* Configure, manage and use SELinux.
* Be aware of AppArmor and Smack.
'''The following is a partial list of the used files, terms and utilities:'''
* getenforce, setenforce, selinuxenabled
* getsebool, setsebool, togglesebool
* fixfiles, restorecon, setfiles
* newrole, runcon
* semanage
* sestatus, seinfo
* apol
* seaudit, seaudit-report, audit2why, audit2allow
* /etc/selinux/*

 

====327.3 Network File Systems (weight: 3)====
{|
| style="background:#dadada" | '''Weight'''
| style="background:#eaeaea" | 3
|-
| style="background:#dadada; padding-right:1em" | '''Description'''
| style="background:#eaeaea" | Candidates should have experience and knowledge of security issues in use and configuration of NFSv4 clients and servers as well as CIFS client services. Earlier versions of NFS are not required knowledge.
|}
'''Key Knowledge Areas:'''

* Understand NFSv4 security issues and improvements.
* Configure NFSv4 server and clients.
* Understand and configure NFSv4 authentication mechanisms (LIPKEY, SPKM, Kerberos).
* Understand and use NFSv4 pseudo file system.
* Understand and use NFSv4 ACLs.
* Configure CIFS clients.
* Understand and use CIFS Unix Extensions.
* Understand and configure CIFS security modes (NTLM, Kerberos).
* Understand and manage mapping and handling of CIFS ACLs and SIDs in a Linux system.

'''The following is a partial list of the used files, terms and utilities:'''
* /etc/exports
* /etc/idmapd.conf
* nfs4acl
* mount.cifs parameters related to ownership, permissions and security modes
* winbind
* getcifsacl, setcifsacl

 
 

===''Topic 328: Network Security''===
====328.1 Network Hardening (weight: 4)====
{|
| style="background:#dadada" | '''Weight'''
| style="background:#eaeaea" | 4
|-
| style="background:#dadada; padding-right:1em" | '''Description'''
| style="background:#eaeaea" | Candidates should be able to secure networks against common threats. This includes verification of the effectiveness of security measures.
|}
'''Key Knowledge Areas:'''
* Configure FreeRADIUS to authenticate network nodes.
* Use nmap to scan networks and hosts, including different scan methods.
* Use Wireshark to analyze network traffic, including filters and statistics.
* Identify and deal with rogue router advertisements and DHCP messages.
'''The following is a partial list of the used files, terms and utilities:'''
* radiusd
* radmin
* radtest, radclient
* radlast, radwho
* radiusd.conf
* /etc/raddb/*
* nmap
* wireshark
* tshark
* tcpdump
* ndpmon

 

====328.2 Network Intrusion Detection (weight: 4)====
{|
| style="background:#dadada" | '''Weight'''
| style="background:#eaeaea" | 4
|-
| style="background:#dadada; padding-right:1em" | '''Description'''
| style="background:#eaeaea" | Candidates should be familiar with the use and configuration of network security scanning, network monitoring and network intrusion detection software. This includes updating and maintaining the security scanners.
|}
'''Key Knowledge Areas:'''
* Implement bandwidth usage monitoring.
* Configure and use Snort, including rule management.
* Configure and use OpenVAS, including NASL.
'''The following is a partial list of the used files, terms and utilities:'''
* ntop
* Cacti
* snort
* snort-stat
* /etc/snort/*
* openvas-adduser, openvas-rmuser
* openvas-nvt-sync
* openvassd
* openvas-mkcert
* /etc/openvas/*

 

====328.3 Packet Filtering (weight: 5)====
{|
| style="background:#dadada" | '''Weight'''
| style="background:#eaeaea" | 5
|-
| style="background:#dadada; padding-right:1em" | '''Description'''
| style="background:#eaeaea" | Candidates should be familiar with the use and configuration of packet filters. This includes netfilter, iptables and ip6tables as well as basic knowledge of nftables, nft and ebtables.
|}
'''Key Knowledge Areas:'''
* Understand common firewall architectures, including DMZ.
* Understand and use netfilter, iptables and ip6tables, including standard modules, tests and targets.
* Implement packet filtering for both IPv4 and IPv6.
* Implement connection tracking and network address translation.
* Define IP sets and use them in netfilter rules.
* Have basic knowledge of nftables and nft.
* Have basic knowledge of ebtables.
* Be aware of conntrackd.
'''The following is a partial list of the used files, terms and utilities:'''
* iptables
* ip6tables
* iptables-save, iptables-restore
* ip6tables-save, ip6tables-restore
* ipset
* nft
* ebtables
 

====328.4 Virtual Private Networks (weight: 4)====
{|
| style="background:#dadada" | '''Weight'''
| style="background:#eaeaea" | 4
|-
| style="background:#dadada; padding-right:1em" | '''Description'''
| style="background:#eaeaea" | Candidates should be familiar with the use of OpenVPN and IPsec.
|}
'''Key Knowledge Areas:'''
* Configure and operate OpenVPN server and clients for both bridged and routed VPN networks.
* Configure and operate IPsec server and clients for routed VPN networks using IPsec-Tools / racoon.
* Awareness of L2TP.
'''The following is a partial list of the used files, terms and utilities:'''
* /etc/openvpn/*
* openvpn server and client
* setkey
* /etc/ipsec-tools.conf
* /etc/racoon/racoon.conf

==Other Comments for consideration==

As examples, following items are not in the current objectives:

1) <del>Related to Wireless LAN: (Note: It’s not only for Linux though, it is necessary to consider because there are many points to be taken care for configuration in terms of security measure.)</del>

Some aspects (i.e. Radius) are implemented in V2 (fth)

2) <del>Related to IPv6: Not only IPv4, but also IPv6 should be considered.</del>

Implemented in V2 wherever applicable (fth)

3) <del>Security features in Linux: For example, ASLR and Exec-Shield (ASCII Armor) should be considered, because it causes security level lower if those are disabled.</del>

Implemented in host hardening in V2 (fth)

4) <del>Related to Forensics: In the survey of malware’s behavior, Sleuth Kit would be used to analyze the hard disk on Linux machine. Also in some cases, LVM commands would be used to restore the disk which became un-mountable. So that this area should be learned.</del>

This is an interesting topic, but it goes beyond basic security in the sense it "prevention and defending". This is postmortal analysis. As the exam already contains a lot of topic this is postponed but up to discussion (fth)

5) <del>Database (RDB, NoSQL) security: Because Application Security (bind, apache, etc.) is covered now, this item would be nice to cover. And this item is listed in the CIF, security contest almost every time. Also the counter-measure in server side is necessary.</del>

As the other software / service aspects beyond Linux system security have been dropped this is considered out of scope for now too (fth)

6) <del>Related to OpenFlow: There are several points to be considered in terms of security measure about the configuration of OpenFlow.</del>

This is considered as an application aspect which seems to be beyond the scope for not (fth).

7) <del>RADIUS: This was covered in 301 though, this is not covered now. This should be covered.</del>

Implemented in V2 (fth)

8) <del>DNS: More DNSSEC and DANE.</del>

Implemented in V2 (fth)

9) <del>Secure development, hardening</del>

Hardening has been implemented for both hosts and networks in V2 (fth), Secure development is considered out of scope for now (fth)

10) Certificate Transparency

11) polkit

==Changes since version 1==

===321.3===
The following aspects have been removed from objective 321.3 User Management and Authentication:

'''Key Knowledge Areas:'''
* Kerberos Key Distribution Centre
* Kerberos Principals
* Kerberos Tickets
* password cracking
'''The following is a partial list of the used files, terms and utilities:'''
* krb5.conf
* krb5kdc/kdc.conf
* kdb5_util
* rb5kdc/kadm5.acl
* kadmin, kadmin.local
* john

 

====320.3 Advanced GPG====
{|
| style="background:#dadada" | '''Weight'''
| style="background:#eaeaea" | To be determined
|-
| style="background:#dadada; padding-right:1em" | '''Description'''
| style="background:#eaeaea" | Candidates should know how to use GPG. This includes key generation, signing and publishing to key servers. Managing multiple private keys and IDs is also included.
|}
'''Key Knowledge Areas:'''
* Use GPG for encryption and signing.
* Configure GPG.
* Manage private and public keys.
* Interact with GPG key servers to publish and retrieve public keys.
'''The following is a partial list of the used files, terms and utilities:'''
* gpg
* gpgv
* gpg-agent
* ~/.gnupg/*

 

====320.6 OpenSSH====
{|
| style="background:#dadada" | '''Weight'''
| style="background:#eaeaea" | To be determined
|-
| style="background:#dadada; padding-right:1em" | '''Description'''
| style="background:#eaeaea" | Candidates should have experience and knowledge of security issues in use and configuration of OpenSSH SSH services.
|}
'''Key Knowledge Areas:'''
* Configure and use OpenSSH.
* Manage OpenSSH keys and access control.
* Be aware of SSH protocol v1 and v2 security issues.
'''The following is a partial list of the used files, terms and utilities:'''
* /etc/ssh/*
* ~/.ssh/*
* ssh-keygen
* ssh-agent
* ssh-vulnkey

LPIC-303 Objectives V2

2016-04-19T12:49:23Z

Babafou: /* 327.2 Mandatory Access Control (weight: 4) */ s/setsebol/setsebool/

__FORCETOC__
==Introduction==
The description of the entire [[LPIC-3]] programme is listed [[LPIC-3|here]].
 
 

==Version Information==

These objectives are version 2.0.0.

The version [[LPIC-303 Objectives V1|1.x objectives]] can be found [[LPIC-303 Objectives V1|here]].

 

==Translations of Objectives==
The following translations of the objectives are available on this wiki:
* [[LPIC-303|English]]
* [[LPIC-303(ES)|Spanish]]
 

==Objectives==
===''Topic 325: Cryptography''===
====325.1 X.509 Certificates and Public Key Infrastructures (weight: 5)====
{|
| style="background:#dadada" | '''Weight'''
| style="background:#eaeaea" | 5
|-
| style="background:#dadada; padding-right:1em" | '''Description'''
| style="background:#eaeaea" | Candidates should understand X.509 certificates and public key infrastructures. They should know how to configure and use OpenSSL to implement certification authorities and issue SSL certificates for various purposes.
|}
'''Key Knowledge Areas:'''
* Understand X.509 certificates, X.509 certificate lifecycle, X.509 certificate fields and X.509v3 certificate extensions.
* Understand trust chains and public key infrastructures.
* Generate and manage public and private keys.
* Create, operate and secure a certification authority.
* Request, sign and manage server and client certificates.
* Revoke certificates and certification authorities.
'''The following is a partial list of the used files, terms and utilities:'''
* openssl, including relevant subcommands
* OpenSSL configuration
* PEM, DER, PKCS
* CSR
* CRL
* OCSP

 

====325.2 X.509 Certificates for Encryption, Signing and Authentication (weight: 4)====
{|
| style="background:#dadada" | '''Weight'''
| style="background:#eaeaea" | 4
|-
| style="background:#dadada; padding-right:1em" | '''Description'''
| style="background:#eaeaea" | Candidates should know how to use X.509 certificates for both server and client authentication. Candidates should be able to implement user and server authentication for Apache HTTPD. The version of Apache HTTPD covered is 2.4 or higher.
|}
'''Key Knowledge Areas:'''
* Understand of SSL, TLS and protocol versions.
* Understand common transport layer security threats, for example Man-in-the-Middle.
* Configure Apache HTTPD with mod_ssl to provide HTTPS service, including SNI and HSTS.
* Configure Apache HTTPD with mod_ssl to authenticate users using certificates.
* Configure Apache HTTPD with mod_ssl to provide OCSP stapling.
* Use OpenSSL for SSL/TLS client and server tests.
'''The following is a partial list of the used files, terms and utilities:'''
* Intermediate certification authorities
* Cipher configuration (no cipher-specific knowledge)
* httpd.conf
* mod_ssl
* openssl

 

====325.3 Encrypted File Systems (weight: 3)====
{|
| style="background:#dadada" | '''Weight'''
| style="background:#eaeaea" | 3
|-
| style="background:#dadada; padding-right:1em" | '''Description'''
| style="background:#eaeaea" | Candidates should be able to set up and configure encrypted file systems.
|}
'''Key Knowledge Areas:'''
* Understand block device and file system encryption.
* Use dm-crypt with LUKS to encrypt block devices.
* Use eCryptfs to encrypt file systems, including home directories and PAM integration.
* Be aware of plain dm-crypt and EncFS.
'''The following is a partial list of the used files, terms and utilities:'''
* cryptsetup
* cryptmount
* /etc/crypttab
* ecryptfsd
* ecryptfs-* commands
* mount.ecryptfs, umount.ecryptfs
* pam_ecryptfs

 

====325.4 DNS and Cryptography (weight: 5)====
{|
| style="background:#dadada" | '''Weight'''
| style="background:#eaeaea" | 5
|-
| style="background:#dadada; padding-right:1em" | '''Description'''
| style="background:#eaeaea" | Candidates should have experience and knowledge of cryptography in the context of DNS and its implementation using BIND. The version of BIND covered is 9.7 or higher.
|}
'''Key Knowledge Areas:'''
* Understanding of DNSSEC and DANE.
* Configure and troubleshoot BIND as an authoritative name server serving DNSSEC secured zones.
* Configure BIND as an recursive name server that performs DNSSEC validation on behalf of its clients.
* Key Signing Key, Zone Signing Key, Key Tag
* Key generation, key storage, key management and key rollover
* Maintenance and re-signing of zones
* Use DANE to publish X.509 certificate information in DNS.
* Use TSIG for secure communication with BIND.
'''The following is a partial list of the used files, terms and utilities:'''
* DNS, EDNS, Zones, Resource Records
* DNS resource records: DS, DNSKEY, RRSIG, NSEC, NSEC3, NSEC3PARAM, TLSA
* DO-Bit, AD-Bit
* TSIG
* named.conf
* dnssec-keygen
* dnssec-signzone
* dnssec-settime
* dnssec-dsfromkey
* rndc
* dig
* delv
* openssl

 
 

===''Topic 326: Host Security''===

====326.1 Host Hardening (weight: 3)====
{|
| style="background:#dadada" | '''Weight'''
| style="background:#eaeaea" | 3
|-
| style="background:#dadada; padding-right:1em" | '''Description'''
| style="background:#eaeaea" | Candidates should be able to secure computers running Linux against common threats. This includes kernel and software configuration.
|}
'''Key Knowledge Areas:'''
* Configure BIOS and boot loader (GRUB 2) security.
* Disable useless software and services.
* Use sysctl for security related kernel configuration, particularly ASLR, Exec-Shield and IP / ICMP configuration.
* Limit resource usage.
* Work with chroot environments.
* Drop unnecessary capabilities.
* Be aware of the security advantages of virtualization.
'''The following is a partial list of the used files, terms and utilities:'''
* grub.cfg
* chkconfig, systemctl
* ulimit
* /etc/security/limits.conf
* pam_limits.so
* chroot
* sysctl
* /etc/sysctl.conf
 

====326.2 Host Intrusion Detection (weight: 4)====
{|
| style="background:#dadada" | '''Weight'''
| style="background:#eaeaea" | 4
|-
| style="background:#dadada; padding-right:1em" | '''Description'''
| style="background:#eaeaea" | Candidates should be familiar with the use and configuration of common host intrusion detection software. This includes updates and maintenance as well as automated host scans.
|}
'''Key Knowledge Areas:'''
* Use and configure the Linux Audit system.
* Use chkrootkit.
* Use and configure rkhunter, including updates.
* Use Linux Malware Detect.
* Automate host scans using cron.
* Configure and use AIDE, including rule management.
* Be aware of OpenSCAP.
'''The following is a partial list of the used files, terms and utilities:'''
* auditd
* auditctl
* ausearch, aureport
* /etc/auditd/auditd.conf
* /etc/auditd/audit.rules
* pam_tty_audit.so
* chkrootkit
* rkhunter
* /etc/rkhunter.conf
* maldet
* conf.maldet
* aide
* /etc/aide/aide.conf

 

====326.3 User Management and Authentication (weight: 5)====
{|
| style="background:#dadada" | '''Weight'''
| style="background:#eaeaea" | 5
|-
| style="background:#dadada; padding-right:1em" | '''Description'''
| style="background:#eaeaea" | Candidates should be familiar with management and authentication of user accounts. This includes configuration and use of NSS, PAM, SSSD and Kerberos for both local and remote directories and authentication mechanisms as well as enforcing a password policy.
|}
'''Key Knowledge Areas:'''
* Understand and configure NSS.
* Understand and configure PAM.
* Enforce password complexity policies and periodic password changes.
* Lock accounts automatically after failed login attempts.
* Configure and use SSSD.
* Configure NSS and PAM for use with SSSD.
* Configure SSSD authentication against Active Directory, IPA, LDAP, Kerberos and local domains.
* Obtain and manage Kerberos tickets.
'''The following is a partial list of the used files, terms and utilities:'''
* nsswitch.conf
* /etc/login.defs
* pam_cracklib.so
* chage
* pam_tally.so, pam_tally2.so
* faillog
* pam_sss.so
* sssd
* sssd.conf
* sss_* commands
* krb5.conf
* kinit, klist, kdestroy

 

====326.4 FreeIPA Installation and Samba Integration (weight: 4)====
{|
| style="background:#dadada" | '''Weight'''
| style="background:#eaeaea" | 4
|-
| style="background:#dadada; padding-right:1em" | '''Description'''
| style="background:#eaeaea" | Candidates should be familiar with FreeIPA v4.x. This includes installation and maintenance of a server instance with a FreeIPA domain as well as integration of FreeIPA with Active Directory.
|}
'''Key Knowledge Areas:'''
* Understand FreeIPA, including its architecture and components.
* Understand system and configuration prerequisites for installing FreeIPA.
* Install and manage a FreeIPA server and domain.
* Understand and configure Active Directory replication and Kerberos cross-realm trusts.
* Be aware of sudo, autofs, SSH and SELinux integration in FreeIPA.
'''The following is a partial list of the used files, terms and utilities:'''
* 389 Directory Server, MIT Kerberos, Dogtag Certificate System, NTP, DNS, SSSD, certmonger
* ipa, including relevant subcommands
* ipa-server-install, ipa-client-install, ipa-replica-install
* ipa-replica-prepare, ipa-replica-manage
 
 

===''Topic 327: Access Control''===
====327.1 Discretionary Access Control (weight: 3)====
{|
| style="background:#dadada" | '''Weight'''
| style="background:#eaeaea" | 3
|-
| style="background:#dadada; padding-right:1em" | '''Description'''
| style="background:#eaeaea" | Candidates are required to understand Discretionary Access Control and know how to implement it using Access Control Lists. Additionally, candidates are required to understand and know how to use Extended Attributes.
|}
'''Key Knowledge Areas:'''
* Understand and manage file ownership and permissions, including SUID and SGID.
* Understand and manage access control lists.
* Understand and manage extended attributes and attribute classes.
'''The following is a partial list of the used files, terms and utilities:'''
* getfacl
* setfacl
* getfattr
* setfattr

 

====327.2 Mandatory Access Control (weight: 4)====
{|
| style="background:#dadada" | '''Weight'''
| style="background:#eaeaea" | 4
|-
| style="background:#dadada; padding-right:1em" | '''Description'''
| style="background:#eaeaea" | Candidates should be familiar with Mandatory Access Control systems for Linux. Specifically, candidates should have a thorough knowledge of SELinux. Also, candidates should be aware of other Mandatory Access Control systems for Linux. This includes major features of these systems but not configuration and use.
|}
'''Key Knowledge Areas:'''
* Understand the concepts of TE, RBAC, MAC and DAC.
* Configure, manage and use SELinux.
* Be aware of AppArmor and Smack.
'''The following is a partial list of the used files, terms and utilities:'''
* getenforce, setenforce, selinuxenabled
* getsebool, setsebool, togglesebool
* fixfiles, restorecon, setfiles
* newrole, runcon
* semanage
* sestatus, seinfo
* apol
* seaudit, seaudit-report, audit2why, audit2allow
* /etc/selinux/*

 

====327.3 Network File Systems (weight: 3)====
{|
| style="background:#dadada" | '''Weight'''
| style="background:#eaeaea" | 3
|-
| style="background:#dadada; padding-right:1em" | '''Description'''
| style="background:#eaeaea" | Candidates should have experience and knowledge of security issues in use and configuration of NFSv4 clients and servers as well as CIFS client services. Earlier versions of NFS are not required knowledge.
|}
'''Key Knowledge Areas:'''

* Understand NFSv4 security issues and improvements.
* Configure NFSv4 server and clients.
* Understand and configure NFSv4 authentication mechanisms (LIPKEY, SPKM, Kerberos).
* Understand and use NFSv4 pseudo file system.
* Understand and use NFSv4 ACLs.
* Configure CIFS clients.
* Understand and use CIFS Unix Extensions.
* Understand and configure CIFS security modes (NTLM, Kerberos).
* Understand and manage mapping and handling of CIFS ACLs and SIDs in a Linux system.

'''The following is a partial list of the used files, terms and utilities:'''
* /etc/exports
* /etc/idmap.conf
* nfs4acl
* mount.cifs parameters related to ownership, permissions and security modes
* winbind
* getcifsacl, setcifsacl

 
 

===''Topic 328: Network Security''===
====328.1 Network Hardening (weight: 4)====
{|
| style="background:#dadada" | '''Weight'''
| style="background:#eaeaea" | 4
|-
| style="background:#dadada; padding-right:1em" | '''Description'''
| style="background:#eaeaea" | Candidates should be able to secure networks against common threats. This includes verification of the effectiveness of security measures.
|}
'''Key Knowledge Areas:'''
* Configure FreeRADIUS to authenticate network nodes.
* Use nmap to scan networks and hosts, including different scan methods.
* Use Wireshark to analyze network traffic, including filters and statistics.
* Identify and deal with rogue router advertisements and DHCP messages.
'''The following is a partial list of the used files, terms and utilities:'''
* radiusd
* radmin
* radtest, radclient
* radlast, radwho
* radiusd.conf
* /etc/raddb/*
* nmap
* wireshark
* tshark
* tcpdump
* ndpmon

 

====328.2 Network Intrusion Detection (weight: 4)====
{|
| style="background:#dadada" | '''Weight'''
| style="background:#eaeaea" | 4
|-
| style="background:#dadada; padding-right:1em" | '''Description'''
| style="background:#eaeaea" | Candidates should be familiar with the use and configuration of network security scanning, network monitoring and network intrusion detection software. This includes updating and maintaining the security scanners.
|}
'''Key Knowledge Areas:'''
* Implement bandwidth usage monitoring.
* Configure and use Snort, including rule management.
* Configure and use OpenVAS, including NASL.
'''The following is a partial list of the used files, terms and utilities:'''
* ntop
* Cacti
* snort
* snort-stat
* /etc/snort/*
* openvas-adduser, openvas-rmuser
* openvas-nvt-sync
* openvassd
* openvas-mkcert
* /etc/openvas/*

 

====328.3 Packet Filtering (weight: 5)====
{|
| style="background:#dadada" | '''Weight'''
| style="background:#eaeaea" | 5
|-
| style="background:#dadada; padding-right:1em" | '''Description'''
| style="background:#eaeaea" | Candidates should be familiar with the use and configuration of packet filters. This includes netfilter, iptables and ip6tables as well as basic knowledge of nftables, nft and ebtables.
|}
'''Key Knowledge Areas:'''
* Understand common firewall architectures, including DMZ.
* Understand and use netfilter, iptables and ip6tables, including standard modules, tests and targets.
* Implement packet filtering for both IPv4 and IPv6.
* Implement connection tracking and network address translation.
* Define IP sets and use them in netfilter rules.
* Have basic knowledge of nftables and nft.
* Have basic knowledge of ebtables.
* Be aware of conntrackd.
'''The following is a partial list of the used files, terms and utilities:'''
* iptables
* ip6tables
* iptables-save, iptables-restore
* ip6tables-save, ip6tables-restore
* ipset
* nft
* ebtables
 

====328.4 Virtual Private Networks (weight: 4)====
{|
| style="background:#dadada" | '''Weight'''
| style="background:#eaeaea" | 4
|-
| style="background:#dadada; padding-right:1em" | '''Description'''
| style="background:#eaeaea" | Candidates should be familiar with the use of OpenVPN and IPsec.
|}
'''Key Knowledge Areas:'''
* Configure and operate OpenVPN server and clients for both bridged and routed VPN networks.
* Configure and operate IPsec server and clients for routed VPN networks using IPsec-Tools / racoon.
* Awareness of L2TP.
'''The following is a partial list of the used files, terms and utilities:'''
* /etc/openvpn/*
* openvpn server and client
* setkey
* /etc/ipsec-tools.conf
* /etc/racoon/racoon.conf

==Other Comments for consideration==

As examples, following items are not in the current objectives:

1) <del>Related to Wireless LAN: (Note: It’s not only for Linux though, it is necessary to consider because there are many points to be taken care for configuration in terms of security measure.)</del>

Some aspects (i.e. Radius) are implemented in V2 (fth)

2) <del>Related to IPv6: Not only IPv4, but also IPv6 should be considered.</del>

Implemented in V2 wherever applicable (fth)

3) <del>Security features in Linux: For example, ASLR and Exec-Shield (ASCII Armor) should be considered, because it causes security level lower if those are disabled.</del>

Implemented in host hardening in V2 (fth)

4) <del>Related to Forensics: In the survey of malware’s behavior, Sleuth Kit would be used to analyze the hard disk on Linux machine. Also in some cases, LVM commands would be used to restore the disk which became un-mountable. So that this area should be learned.</del>

This is an interesting topic, but it goes beyond basic security in the sense it "prevention and defending". This is postmortal analysis. As the exam already contains a lot of topic this is postponed but up to discussion (fth)

5) <del>Database (RDB, NoSQL) security: Because Application Security (bind, apache, etc.) is covered now, this item would be nice to cover. And this item is listed in the CIF, security contest almost every time. Also the counter-measure in server side is necessary.</del>

As the other software / service aspects beyond Linux system security have been dropped this is considered out of scope for now too (fth)

6) <del>Related to OpenFlow: There are several points to be considered in terms of security measure about the configuration of OpenFlow.</del>

This is considered as an application aspect which seems to be beyond the scope for not (fth).

7) <del>RADIUS: This was covered in 301 though, this is not covered now. This should be covered.</del>

Implemented in V2 (fth)

8) <del>DNS: More DNSSEC and DANE.</del>

Implemented in V2 (fth)

9) <del>Secure development, hardening</del>

Hardening has been implemented for both hosts and networks in V2 (fth), Secure development is considered out of scope for now (fth)

==Changes since version 1==

===321.3===
The following aspects have been removed from objective 321.3 User Management and Authentication:

'''Key Knowledge Areas:'''
* Kerberos Key Distribution Centre
* Kerberos Principals
* Kerberos Tickets
* password cracking
'''The following is a partial list of the used files, terms and utilities:'''
* krb5.conf
* krb5kdc/kdc.conf
* kdb5_util
* rb5kdc/kadm5.acl
* kadmin, kadmin.local
* john

 

====320.3 Advanced GPG====
{|
| style="background:#dadada" | '''Weight'''
| style="background:#eaeaea" | To be determined
|-
| style="background:#dadada; padding-right:1em" | '''Description'''
| style="background:#eaeaea" | Candidates should know how to use GPG. This includes key generation, signing and publishing to key servers. Managing multiple private keys and IDs is also included.
|}
'''Key Knowledge Areas:'''
* Use GPG for encryption and signing.
* Configure GPG.
* Manage private and public keys.
* Interact with GPG key servers to publish and retrieve public keys.
'''The following is a partial list of the used files, terms and utilities:'''
* gpg
* gpgv
* gpg-agent
* ~/.gnupg/*

 

====320.6 OpenSSH====
{|
| style="background:#dadada" | '''Weight'''
| style="background:#eaeaea" | To be determined
|-
| style="background:#dadada; padding-right:1em" | '''Description'''
| style="background:#eaeaea" | Candidates should have experience and knowledge of security issues in use and configuration of OpenSSH SSH services.
|}
'''Key Knowledge Areas:'''
* Configure and use OpenSSH.
* Manage OpenSSH keys and access control.
* Be aware of SSH protocol v1 and v2 security issues.
'''The following is a partial list of the used files, terms and utilities:'''
* /etc/ssh/*
* ~/.ssh/*
* ssh-keygen
* ssh-agent
* ssh-vulnkey

LPIC-1 Objectives V4

2015-02-10T13:56:25Z

Babafou: /* 106.2 Setup a display manager */ fix typo (Manger -> Manager)

__FORCETOC__
==Introduction==

This is a required exam for LPIC-1 or LPI certification Level 1. It covers basic skills for the Linux professional that are common across all distributions of Linux.

This page covers the currently released objective for the LPIC-1 certification.

 

==Version Information==

These objectives are version 4.0.0.

There is also a [[LPIC1SummaryVersion3To4|summary and detailed information]] on the changes from version 3.5 to 4.0 of the objectives.

The version [[LPIC-1 Objectives V3|3.x objectives]] can be found [[LPIC-1 Objectives V3|here]].

 

==Exams==

In order to be certified [[LPIC-1 Objectives V4|LPIC-1]], the candidate must pass both the [[LPIC-1 Objectives V4#Objectives: Exam 101|101]] and [[LPIC-1 Objectives V4#Objectives: Exam 102|102]] exams.

* [[LPIC-1 Objectives V4#Objectives: Exam 101|101]]
* [[LPIC-1 Objectives V4#Objectives: Exam 102|102]]

==Addenda==

None

 

==Translations of Objectives==

The following translations of the objectives are available on this wiki:

* [[LPIC-1 Objectives V4(Catalan)|Catalan]] (currently 101 only).
* [[LPIC-1 Objectives V4|English]].
* [[LPIC-1 Objectives V4(FR)|French]].
* [http://www.lpice.eu/de/lpi-zertifizierungsinhalte.html German].
* [[LPIC-1 Objectives V4(Greek)|Greek]].
* [[LPIC-1 Objectives V4(PT-PT)|Portuguese(Portugal)]].
* [[LPIC-1 Objectives V4(RU)|Russian]].
* [[LPIC-1 Objectives V4(ES)|Spanish]].
* [[LPIC-1 Objectives V4(SW)|Swahili]].
* [[LPIC-1 Objectives V4(SV)|Swedish]].
* [[LPIC-1 Objectives V4(TR)|Turkish]].

 

==Objectives: Exam 101==

===''Topic 101: System Architecture''===

====101.1 Determine and configure hardware settings====

{|
| style="background:#dadada" |

'''Weight'''

| style="background:#eaeaea" | 2
|-
| style="background:#dadada; padding-right:1em" |

'''Description'''

| style="background:#eaeaea" |

Candidates should be able to determine and configure fundamental system hardware.

|}

'''Key Knowledge Areas:'''

* Enable and disable integrated peripherals.
* Configure systems with or without external peripherals such as keyboards.
* Differentiate between the various types of mass storage devices.
* Know the differences between coldplug and hotplug devices.
* Determine hardware resources for devices.
* Tools and utilities to list various hardware information (e.g. lsusb, lspci, etc.).
* Tools and utilities to manipulate USB devices.
* Conceptual understanding of sysfs, udev, dbus.

'''The following is a partial list of the used files, terms and utilities:'''

* /sys/
* /proc/
* /dev/
* modprobe
* lsmod
* lspci
* lsusb

 

====101.2 Boot the system====

{|
| style="background:#dadada" |

'''Weight'''

| style="background:#eaeaea" | 3
|-
| style="background:#dadada; padding-right:1em" |

'''Description'''

| style="background:#eaeaea" |

Candidates should be able to guide the system through the booting process.

|}

'''Key Knowledge Areas:'''

* Provide common commands to the boot loader and options to the kernel at boot time.
* Demonstrate knowledge of the boot sequence from BIOS to boot completion.
* Understanding of SysVinit and systemd.
* Awareness of Upstart.
* Check boot events in the log files.

'''The following is a partial list of the used files, terms and utilities:'''

* dmesg
* BIOS
* bootloader
* kernel
* initramfs
* init
* SysVinit
* systemd

 

====101.3 Change runlevels / boot targets and shutdown or reboot system ====

{|
| style="background:#dadada" |

'''Weight'''

| style="background:#eaeaea" | 3
|-
| style="background:#dadada; padding-right:1em" |

'''Description'''

| style="background:#eaeaea" |

Candidates should be able to manage the SysVinit runlevel or systemd boot target of the system. This objective includes changing to single user mode, shutdown or rebooting the system. Candidates should be able to alert users before switching runlevels / boot targets and properly terminate processes. This objective also includes setting the default SysVinit runlevel or systemd boot target. It also includes awareness of Upstart as an alternative to SysVinit or systemd.

|}

'''Key Knowledge Areas:'''

* Set the default runlevel or boot target.
* Change between runlevels / boot targets including single user mode.
* Shutdown and reboot from the command line.
* Alert users before switching runlevels / boot targets or other major system events.
* Properly terminate processes.

'''The following is a partial list of the used files, terms and utilities:'''

* /etc/inittab
* shutdown
* init
* /etc/init.d/
* telinit
* systemd
* systemctl
* /etc/systemd/
* /usr/lib/systemd/
* wall

 

===''Topic 102: Linux Installation and Package Management''===

====102.1 Design hard disk layout====

{|
| style="background:#dadada" |

'''Weight'''

| style="background:#eaeaea" | 2
|-
| style="background:#dadada; padding-right:1em" |

'''Description'''

| style="background:#eaeaea" |

Candidates should be able to design a disk partitioning scheme for a Linux system.

|}

'''Key Knowledge Areas:'''

* Allocate filesystems and swap space to separate partitions or disks.
* Tailor the design to the intended use of the system.
* Ensure the /boot partition conforms to the hardware architecture requirements for booting.
* Knowledge of basic features of LVM.

'''The following is a partial list of the used files, terms and utilities:'''

* / (root) filesystem
* /var filesystem
* /home filesystem
* /boot filesystem
* swap space
* mount points
* partitions

 

====102.2 Install a boot manager====

{|
| style="background:#dadada" |

'''Weight'''

| style="background:#eaeaea" | 2
|-
| style="background:#dadada; padding-right:1em" |

'''Description'''

| style="background:#eaeaea" |

Candidates should be able to select, install and configure a boot manager.

|}

'''Key Knowledge Areas:'''

* Providing alternative boot locations and backup boot options.
* Install and configure a boot loader such as GRUB Legacy.
* Perform basic configuration changes for GRUB 2.
* Interact with the boot loader.

'''The following is a partial list of the used files, terms and utilities:'''

* menu.lst, grub.cfg and grub.conf
* grub-install
* grub-mkconfig
* MBR

 

====102.3 Manage shared libraries====

{|
| style="background:#dadada" |

'''Weight'''

| style="background:#eaeaea" | 1
|-
| style="background:#dadada; padding-right:1em" |

'''Description'''

| style="background:#eaeaea" |

Candidates should be able to determine the shared libraries that executable programs depend on and install them when necessary.

|}

'''Key Knowledge Areas:'''

* Identify shared libraries.
* Identify the typical locations of system libraries.
* Load shared libraries.

'''The following is a partial list of the used files, terms and utilities:'''

* ldd
* ldconfig
* /etc/ld.so.conf
* LD_LIBRARY_PATH

 

====102.4 Use Debian package management====

{|
| style="background:#dadada" |

'''Weight'''

| style="background:#eaeaea" | 3
|-
| style="background:#dadada; padding-right:1em" |

'''Description'''

| style="background:#eaeaea" |

Candidates should be able to perform package management using the Debian package tools.

|}

'''Key Knowledge Areas:'''

* Install, upgrade and uninstall Debian binary packages.
* Find packages containing specific files or libraries which may or may not be installed.
* Obtain package information like version, content, dependencies, package integrity and installation status (whether or not the package is installed).

'''The following is a partial list of the used files, terms and utilities:'''

* /etc/apt/sources.list
* dpkg
* dpkg-reconfigure
* apt-get
* apt-cache
* aptitude

 
====102.5 Use RPM and YUM package management====

{|
| style="background:#dadada" |

'''Weight'''

| style="background:#eaeaea" | 3
|-
| style="background:#dadada; padding-right:1em" |

'''Description'''

| style="background:#eaeaea" |

Candidates should be able to perform package management using RPM and YUM tools.

|}

'''Key Knowledge Areas:'''

* Install, re-install, upgrade and remove packages using RPM and YUM.

* Obtain information on RPM packages such as version, status, dependencies, integrity and signatures.
* Determine what files a package provides, as well as find which package a specific file comes from.

'''The following is a partial list of the used files, terms and utilities:'''

* rpm
* rpm2cpio
* /etc/yum.conf
* /etc/yum.repos.d/
* yum
* yumdownloader

 

===''Topic 103: GNU and Unix Commands''===

====103.1 Work on the command line====

{|
| style="background:#dadada" |

'''Weight'''

| style="background:#eaeaea" | 4
|-
| style="background:#dadada; padding-right:1em" |

'''Description'''

| style="background:#eaeaea" |

Candidates should be able to interact with shells and commands using the command line. The objective assumes the Bash shell.

|}

'''Key Knowledge Areas:'''

* Use single shell commands and one line command sequences to perform basic tasks on the command line.
* Use and modify the shell environment including defining, referencing and exporting environment variables.
* Use and edit command history.
* Invoke commands inside and outside the defined path.

'''The following is a partial list of the used files, terms and utilities:'''

* bash
* echo
* env
* export
* pwd
* set
* unset
* man
* uname
* history
* .bash_history

 

====103.2 Process text streams using filters====

{|
| style="background:#dadada" |

'''Weight'''

| style="background:#eaeaea" | 3
|-
| style="background:#dadada; padding-right:1em" |

'''Description'''

| style="background:#eaeaea" |

Candidates should should be able to apply filters to text streams.

|}

'''Key Knowledge Areas:'''

* Send text files and output streams through text utility filters to modify the output using standard UNIX commands found in the GNU textutils package.

'''The following is a partial list of the used files, terms and utilities:'''

* cat
* cut
* expand
* fmt
* head
* join
* less
* nl
* od
* paste
* pr
* sed
* sort
* split
* tail
* tr
* unexpand
* uniq
* wc

 

====103.3 Perform basic file management====

{|
| style="background:#dadada" |

'''Weight'''

| style="background:#eaeaea" | 4
|-
| style="background:#dadada; padding-right:1em" |

'''Description'''

| style="background:#eaeaea" |

Candidates should be able to use the basic Linux commands to manage files and directories.

|}

'''Key Knowledge Areas:'''

* Copy, move and remove files and directories individually.
* Copy multiple files and directories recursively.
* Remove files and directories recursively.
* Use simple and advanced wildcard specifications in commands.
* Using find to locate and act on files based on type, size, or time.
* Usage of tar, cpio and dd.

'''The following is a partial list of the used files, terms and utilities:'''

* cp
* find
* mkdir
* mv
* ls
* rm
* rmdir
* touch
* tar
* cpio
* dd
* file
* gzip
* gunzip
* bzip2
* xz
* file globbing

 

====103.4 Use streams, pipes and redirects====

{|
| style="background:#dadada" |

'''Weight'''

| style="background:#eaeaea" | 4
|-
| style="background:#dadada; padding-right:1em" |

'''Description'''

| style="background:#eaeaea" |

Candidates should be able to redirect streams and connect them in order to efficiently process textual data. Tasks include redirecting standard input, standard output and standard error, piping the output of one command to the input of another command, using the output of one command as arguments to another command and sending output to both stdout and a file.

|}

'''Key Knowledge Areas:'''

* Redirecting standard input, standard output and standard error.
* Pipe the output of one command to the input of another command.
* Use the output of one command as arguments to another command.
* Send output to both stdout and a file.

'''The following is a partial list of the used files, terms and utilities:'''

* tee
* xargs

 
====103.5 Create, monitor and kill processes====

{|
| style="background:#dadada" |

'''Weight'''

| style="background:#eaeaea" | 4
|-
| style="background:#dadada; padding-right:1em" |

'''Description'''

| style="background:#eaeaea" |

Candidates should be able to perform basic process management.

|}

'''Key Knowledge Areas:'''

* Run jobs in the foreground and background.
* Signal a program to continue running after logout.
* Monitor active processes.
* Select and sort processes for display.
* Send signals to processes.

'''The following is a partial list of the used files, terms and utilities:'''

* &
* bg
* fg
* jobs
* kill
* nohup
* ps
* top
* free
* uptime
* pgrep
* pkill
* killall
* screen

 

====103.6 Modify process execution priorities====

{|
| style="background:#dadada" |

'''Weight'''

| style="background:#eaeaea" | 2
|-
| style="background:#dadada; padding-right:1em" |

'''Description'''

| style="background:#eaeaea" |

Candidates should should be able to manage process execution priorities.

|}

'''Key Knowledge Areas:'''

* Know the default priority of a job that is created.
* Run a program with higher or lower priority than the default.
* Change the priority of a running process.

'''The following is a partial list of the used files, terms and utilities:'''

* nice
* ps
* renice
* top

 

====103.7 Search text files using regular expressions====

{|
| style="background:#dadada" |

'''Weight'''

| style="background:#eaeaea" | 2
|-
| style="background:#dadada; padding-right:1em" |

'''Description'''

| style="background:#eaeaea" |

Candidates should be able to manipulate files and text data using regular expressions. This objective includes creating simple regular expressions containing several notational elements. It also includes using regular expression tools to perform searches through a filesystem or file content.

|}

'''Key Knowledge Areas:'''

* Create simple regular expressions containing several notational elements.
* Use regular expression tools to perform searches through a filesystem or file content.

'''The following is a partial list of the used files, terms and utilities:'''

* grep
* egrep
* fgrep
* sed
* regex(7)

 

====103.8 Perform basic file editing operations using vi====

{|
| style="background:#dadada" |

'''Weight'''

| style="background:#eaeaea" | 3
|-
| style="background:#dadada; padding-right:1em" |

'''Description'''

| style="background:#eaeaea" |

Candidates should be able to edit text files using vi. This objective includes vi navigation, basic vi modes, inserting, editing, deleting, copying and finding text.

|}

'''Key Knowledge Areas:'''

* Navigate a document using vi.
* Use basic vi modes.
* Insert, edit, delete, copy and find text.

'''The following is a partial list of the used files, terms and utilities:'''

* vi
* /, ?
* h,j,k,l
* i, o, a
* c, d, p, y, dd, yy
* ZZ, :w!, :q!, :e!

 

===''Topic 104: Devices, Linux Filesystems, Filesystem Hierarchy Standard''===

====104.1 Create partitions and filesystems====

{|
| style="background:#dadada" |

'''Weight'''

| style="background:#eaeaea" | 2
|-
| style="background:#dadada; padding-right:1em" |

'''Description'''

| style="background:#eaeaea" |

Candidates should be able to configure disk partitions and then create filesystems on media such as hard disks. This includes the handling of swap partitions.

|}

'''Key Knowledge Areas:'''

* Manage MBR partition tables
* Use various mkfs commands to create various filesystems such as:
** ext2/ext3/ext4
** XFS
** VFAT
* Awareness of ReiserFS and Btrfs
* Basic knowledge of gdisk and parted with GPT.

'''The following is a partial list of the used files, terms and utilities:'''

* fdisk
* gdisk
* parted
* mkfs
* mkswap

 

====104.2 Maintain the integrity of filesystems====

{|
| style="background:#dadada" |

'''Weight'''

| style="background:#eaeaea" | 2
|-
| style="background:#dadada; padding-right:1em" |

'''Description'''

| style="background:#eaeaea" |

Candidates should be able to maintain a standard filesystem, as well as the extra data associated with a journaling filesystem.

|}

'''Key Knowledge Areas:'''

* Verify the integrity of filesystems.
* Monitor free space and inodes.
* Repair simple filesystem problems.

'''The following is a partial list of the used files, terms and utilities:'''

* du
* df
* fsck
* e2fsck
* mke2fs
* debugfs
* dumpe2fs
* tune2fs
* XFS tools (such as xfs_metadump and xfs_info)

 
====104.3 Control mounting and unmounting of filesystems====

{|
| style="background:#dadada" |

'''Weight'''

| style="background:#eaeaea" | 3
|-
| style="background:#dadada; padding-right:1em" |

'''Description'''

| style="background:#eaeaea" |

Candidates should be able to configure the mounting of a filesystem.

|}

'''Key Knowledge Areas:'''

* Manually mount and unmount filesystems.
* Configure filesystem mounting on bootup.
* Configure user mountable removable filesystems.

'''The following is a partial list of the used files, terms and utilities:'''

* /etc/fstab
* /media/
* mount
* umount

 

====104.4 Manage disk quotas====

{|
| style="background:#dadada" |

'''Weight'''

| style="background:#eaeaea" | 1
|-
| style="background:#dadada; padding-right:1em" |

'''Description'''

| style="background:#eaeaea" |

Candidates should be able to manage disk quotas for users.

|}

'''Key Knowledge Areas:'''

* Set up a disk quota for a filesystem.
* Edit, check and generate user quota reports.

'''The following is a partial list of the used files, terms and utilities:'''

* quota
* edquota
* repquota
* quotaon

 

====104.5 Manage file permissions and ownership====

{|
| style="background:#dadada" |

'''Weight'''

| style="background:#eaeaea" | 3
|-
| style="background:#dadada; padding-right:1em" |

'''Description'''

| style="background:#eaeaea" |

Candidates should be able to control file access through the proper use of permissions and ownerships.

|}

'''Key Knowledge Areas:'''

* Manage access permissions on regular and special files as well as directories.
* Use access modes such as suid, sgid and the sticky bit to maintain security.
* Know how to change the file creation mask.
* Use the group field to grant file access to group members.

'''The following is a partial list of the used files, terms and utilities:'''

* chmod
* umask
* chown
* chgrp

 
====104.6 Create and change hard and symbolic links====

{|
| style="background:#dadada" |

'''Weight'''

| style="background:#eaeaea" | 2
|-
| style="background:#dadada; padding-right:1em" |

'''Description'''

| style="background:#eaeaea" |

Candidates should be able to create and manage hard and symbolic links to a file.

|}

'''Key Knowledge Areas:'''

* Create links.
* Identify hard and/or soft links.
* Copying versus linking files.
* Use links to support system administration tasks.

'''The following is a partial list of the used files, terms and utilities:'''

* ln
* ls

 

====104.7 Find system files and place files in the correct location====

{|
| style="background:#dadada" |

'''Weight'''

| style="background:#eaeaea" | 2
|-
| style="background:#dadada; padding-right:1em" |

'''Description'''

| style="background:#eaeaea" |

Candidates should be thoroughly familiar with the Filesystem Hierarchy Standard (FHS), including typical file locations and directory classifications.

|}

'''Key Knowledge Areas:'''

* Understand the correct locations of files under the FHS.
* Find files and commands on a Linux system.
* Know the location and purpose of important file and directories as defined in the FHS.

'''The following is a partial list of the used files, terms and utilities:'''

* find
* locate
* updatedb
* whereis
* which
* type
* /etc/updatedb.conf

 

==Objectives: Exam 102==

===''Topic 105: Shells, Scripting and Data Management''===

====105.1 Customize and use the shell environment====

{|
| style="background:#dadada" |

'''Weight'''

| style="background:#eaeaea" | 4
|-
| style="background:#dadada; padding-right:1em" |

'''Description'''

| style="background:#eaeaea" |

Candidates should be able to customize shell environments to meet users' needs. Candidates should be able to modify global and user profiles.

|}

'''Key Knowledge Areas:'''

* Set environment variables (e.g. PATH) at login or when spawning a new shell.
* Write Bash functions for frequently used sequences of commands.
* Maintain skeleton directories for new user accounts.
* Set command search path with the proper directory.

'''The following is a partial list of the used files, terms and utilities:'''

* .
* source
* /etc/bash.bashrc
* /etc/profile
* env
* export
* set
* unset
* ~/.bash_profile
* ~/.bash_login
* ~/.profile
* ~/.bashrc
* ~/.bash_logout
* function
* alias
* lists

 

====105.2 Customize or write simple scripts====

{|
| style="background:#dadada" |

'''Weight'''

| style="background:#eaeaea" | 4
|-
| style="background:#dadada; padding-right:1em" |

'''Description'''

| style="background:#eaeaea" |

Candidates should be able to customize existing scripts, or write simple new Bash scripts.

|}

'''Key Knowledge Areas:'''

* Use standard sh syntax (loops, tests).
* Use command substitution.
* Test return values for success or failure or other information provided by a command.
* Perform conditional mailing to the superuser.
* Correctly select the script interpreter through the shebang (#!) line.
* Manage the location, ownership, execution and suid-rights of scripts.

'''The following is a partial list of the used files, terms and utilities:'''

* for
* while
* test
* if
* read
* seq
* exec

 

====105.3 SQL data management====

{|
| style="background:#dadada" |

'''Weight'''

| style="background:#eaeaea" | 2
|-
| style="background:#dadada; padding-right:1em" |

'''Description'''

| style="background:#eaeaea" |

Candidates should be able to query databases and manipulate data using basic SQL commands. This objective includes performing queries involving joining of 2 tables and/or subselects.

|}

'''Key Knowledge Areas:'''

* Use of basic SQL commands.
* Perform basic data manipulation.

'''The following is a partial list of the used files, terms and utilities:'''

* insert
* update
* select
* delete
* from
* where
* group by
* order by
* join

 

===''Topic 106: User Interfaces and Desktops''===

====106.1 Install and configure X11====

{|
| style="background:#dadada" |

'''Weight'''

| style="background:#eaeaea" | 2
|-
| style="background:#dadada; padding-right:1em" |

'''Description'''

| style="background:#eaeaea" |

Candidates should be able to install and configure X11.

|}

'''Key Knowledge Areas:'''

* Verify that the video card and monitor are supported by an X server.
* Awareness of the X font server.
* Basic understanding and knowledge of the X Window configuration file.

'''The following is a partial list of the used files, terms and utilities:'''

* /etc/X11/xorg.conf
* xhost
* DISPLAY
* xwininfo
* xdpyinfo
* X

 

====106.2 Setup a display manager====

{|
| style="background:#dadada" |

'''Weight'''

| style="background:#eaeaea" | 1
|-
| style="background:#dadada; padding-right:1em" |

'''Description'''

| style="background:#eaeaea" |

Candidates should be able to describe the basic features and configuration of the LightDM display manager. This objective covers awareness of the display managers XDM (X Display Manager), GDM (Gnome Display Manager) and KDM (KDE Display Manager).

|}

'''Key Knowledge Areas:'''

* Basic configuration of LightDM.
* Turn the display manager on or off.
* Change the display manager greeting.
* Awareness of XDM, KDM and GDM.

'''The following is a partial list of the used files, terms and utilities:'''

* lightdm
* /etc/lightdm/

 

====106.3 Accessibility====

{|
| style="background:#dadada" |

'''Weight'''

| style="background:#eaeaea" | 1
|-
| style="background:#dadada; padding-right:1em" |

'''Description'''

| style="background:#eaeaea" |

Demonstrate knowledge and awareness of accessibility technologies.

|}

'''Key Knowledge Areas:'''

* Basic knowledge of keyboard accessibility settings (AccessX).
* Basic knowledge of visual settings and themes.
* Basic knowledge of assistive technology (ATs).

'''The following is a partial list of the used files, terms and utilities:'''

* Sticky/Repeat Keys.
* Slow/Bounce/Toggle Keys.
* Mouse Keys.
* High Contrast/Large Print Desktop Themes.
* Screen Reader.
* Braille Display.
* Screen Magnifier.
* On-Screen Keyboard.
* Gestures (used at login, for example GDM).
* Orca.
* GOK.
* emacspeak.

 

===''Topic 107: Administrative Tasks''===

====107.1 Manage user and group accounts and related system files====

{|
| style="background:#dadada" |

'''Weight'''

| style="background:#eaeaea" | 5
|-
| style="background:#dadada; padding-right:1em" |

'''Description'''

| style="background:#eaeaea" |

Candidates should be able to add, remove, suspend and change user accounts.

|}

'''Key Knowledge Areas:'''

* Add, modify and remove users and groups.
* Manage user/group info in password/group databases.
* Create and manage special purpose and limited accounts.

'''The following is a partial list of the used files, terms and utilities:'''

* /etc/passwd
* /etc/shadow
* /etc/group
* /etc/skel/
* chage
* getent
* groupadd
* groupdel
* groupmod
* passwd
* useradd
* userdel
* usermod

 

====107.2 Automate system administration tasks by scheduling jobs====

{|
| style="background:#dadada" |

'''Weight'''

| style="background:#eaeaea" | 4
|-
| style="background:#dadada; padding-right:1em" |

'''Description'''

| style="background:#eaeaea" |

Candidates should be able to use cron or anacron to run jobs at regular intervals and to use at to run jobs at a specific time.

|}

'''Key Knowledge Areas:'''

* Manage cron and at jobs.
* Configure user access to cron and at services.
* Configure anacron.

'''The following is a partial list of the used files, terms and utilities:'''

* /etc/cron.{d,daily,hourly,monthly,weekly}/
* /etc/at.deny
* /etc/at.allow
* /etc/crontab
* /etc/cron.allow
* /etc/cron.deny
* /var/spool/cron/
* crontab
* at
* atq
* atrm
* anacron
* /etc/anacrontab

 

====107.3 Localisation and internationalisation====

{|
| style="background:#dadada" |

'''Weight'''

| style="background:#eaeaea" | 3
|-
| style="background:#dadada; padding-right:1em" |

'''Description'''

| style="background:#eaeaea" |

Candidates should be able to localize a system in a different language than English. As well, an understanding of why LANG=C is useful when scripting.

|}

'''Key Knowledge Areas:'''

* Configure locale settings and environment variables.
* Configure timezone settings and environment variables.

'''The following is a partial list of the used files, terms and utilities:'''

* /etc/timezone
* /etc/localtime
* /usr/share/zoneinfo/
* LC_*
* LC_ALL
* LANG
* TZ
* /usr/bin/locale
* tzselect
* tzconfig
* date
* iconv
* UTF-8
* ISO-8859
* ASCII
* Unicode

 

===''Topic 108: Essential System Services''===

====108.1 Maintain system time====

{|
| style="background:#dadada" |

'''Weight'''

| style="background:#eaeaea" | 3
|-
| style="background:#dadada; padding-right:1em" |

'''Description'''

| style="background:#eaeaea" |

Candidates should be able to properly maintain the system time and synchronize the clock via NTP.

|}

'''Key Knowledge Areas:'''

* Set the system date and time.
* Set the hardware clock to the correct time in UTC.
* Configure the correct timezone.
* Basic NTP configuration.
* Knowledge of using the pool.ntp.org service.
* Awareness of the ntpq command.

'''The following is a partial list of the used files, terms and utilities:'''

* /usr/share/zoneinfo/
* /etc/timezone
* /etc/localtime
* /etc/ntp.conf
* date
* hwclock
* ntpd
* ntpdate
* pool.ntp.org

 

====108.2 System logging====

{|
| style="background:#dadada" |

'''Weight'''

| style="background:#eaeaea" | 3
|-
| style="background:#dadada; padding-right:1em" |

'''Description'''

| style="background:#eaeaea" |

Candidates should be able to configure the syslog daemon. This objective also includes configuring the logging daemon to send log output to a central log server or accept log output as a central log server. Use of the systemd journal subsystem is covered. Also, awareness of rsyslog and syslog-ng as alternative logging systems is included.

|}

'''Key Knowledge Areas:'''

* Configuration of the syslog daemon.
* Understanding of standard facilities, priorities and actions.
* Configuration of logrotate.
* Awareness of rsyslog and syslog-ng.

'''The following is a partial list of the used files, terms and utilities:'''

* syslog.conf
* syslogd
* klogd
* /var/log/
* logger
* logrotate
* /etc/logrotate.conf
* /etc/logrotate.d/
* journalctl
* /etc/systemd/journald.conf
* /var/log/journal/

 

====108.3 Mail Transfer Agent (MTA) basics====

{|
| style="background:#dadada" |

'''Weight'''

| style="background:#eaeaea" | 3
|-
| style="background:#dadada; padding-right:1em" |

'''Description'''

| style="background:#eaeaea" |

Candidates should be aware of the commonly available MTA programs and be able to perform basic forward and alias configuration on a client host. Other configuration files are not covered.

|}

'''Key Knowledge Areas:'''

* Create e-mail aliases.
* Configure e-mail forwarding.
* Knowledge of commonly available MTA programs (postfix, sendmail, qmail, exim) (no configuration)

'''The following is a partial list of the used files, terms and utilities:'''

* ~/.forward
* sendmail emulation layer commands
* newaliases
* mail
* mailq
* postfix
* sendmail
* exim
* qmail

 

====108.4 Manage printers and printing====

{|
| style="background:#dadada" |

'''Weight'''

| style="background:#eaeaea" | 2
|-
| style="background:#dadada; padding-right:1em" |

'''Description'''

| style="background:#eaeaea" |

Candidates should be able to manage print queues and user print jobs using CUPS and the LPD compatibility interface.

|}

'''Key Knowledge Areas:'''

* Basic CUPS configuration (for local and remote printers).
* Manage user print queues.
* Troubleshoot general printing problems.
* Add and remove jobs from configured printer queues.

'''The following is a partial list of the used files, terms and utilities:'''

* CUPS configuration files, tools and utilities
* /etc/cups/
* lpd legacy interface (lpr, lprm, lpq)

 

===''Topic 109: Networking Fundamentals''===

====109.1 Fundamentals of internet protocols====

{|
| style="background:#dadada" |

'''Weight'''

| style="background:#eaeaea" | 4
|-
| style="background:#dadada; padding-right:1em" |

'''Description'''

| style="background:#eaeaea" |

Candidates should demonstrate a proper understanding of TCP/IP network fundamentals.

|}

'''Key Knowledge Areas:'''

* Demonstrate an understanding of network masks and CIDR notation.
* Knowledge of the differences between private and public "dotted quad" IP addresses.
* Knowledge about common TCP and UDP ports and services (20, 21, 22, 23, 25, 53, 80, 110, 123, 139, 143, 161, 162, 389, 443, 465, 514, 636, 993, 995).
* Knowledge about the differences and major features of UDP, TCP and ICMP.
* Knowledge of the major differences between IPv4 and IPv6.
* Knowledge of the basic features of IPv6.

'''The following is a partial list of the used files, terms and utilities:'''

* /etc/services
* IPv4, IPv6
* Subnetting
* TCP, UDP, ICMP

 

====109.2 Basic network configuration====

{|
| style="background:#dadada" |

'''Weight'''

| style="background:#eaeaea" | 4
|-
| style="background:#dadada; padding-right:1em" |

'''Description'''

| style="background:#eaeaea" |

Candidates should be able to view, change and verify configuration settings on client hosts.

|}

'''Key Knowledge Areas:'''

* Manually and automatically configure network interfaces.
* Basic TCP/IP host configuration.
* Setting a default route.

'''The following is a partial list of the used files, terms and utilities:'''

* /etc/hostname
* /etc/hosts
* /etc/nsswitch.conf
* ifconfig
* ifup
* ifdown
* ip
* route
* ping

 

====109.3 Basic network troubleshooting====

{|
| style="background:#dadada" |

'''Weight'''

| style="background:#eaeaea" | 4
|-
| style="background:#dadada; padding-right:1em" |

'''Description'''

| style="background:#eaeaea" |

Candidates should be able to troubleshoot networking issues on client hosts.

|}

'''Key Knowledge Areas:'''

* Manually and automatically configure network interfaces and routing tables to include adding, starting, stopping, restarting, deleting or reconfiguring network interfaces.
* Change, view, or configure the routing table and correct an improperly set default route manually.
* Debug problems associated with the network configuration.

'''The following is a partial list of the used files, terms and utilities:'''

* ifconfig
* ip
* ifup
* ifdown
* route
* host
* hostname
* dig
* netstat
* ping
* ping6
* traceroute
* traceroute6
* tracepath
* tracepath6
* netcat

 

====109.4 Configure client side DNS====

{|
| style="background:#dadada" |

'''Weight'''

| style="background:#eaeaea" | 2
|-
| style="background:#dadada; padding-right:1em" |

'''Description'''

| style="background:#eaeaea" |

Candidates should be able to configure DNS on a client host.

|}

'''Key Knowledge Areas:'''

* Query remote DNS servers.
* Configure local name resolution and use remote DNS servers.
* Modify the order in which name resolution is done.

'''The following is a partial list of the used files, terms and utilities:'''

* /etc/hosts
* /etc/resolv.conf
* /etc/nsswitch.conf
* host
* dig
* getent

 

===''Topic 110: Security''===

====110.1 Perform security administration tasks====

{|
| style="background:#dadada" |

'''Weight'''

| style="background:#eaeaea" | 3
|-
| style="background:#dadada; padding-right:1em" |

'''Description'''

| style="background:#eaeaea" |

Candidates should know how to review system configuration to ensure host security in accordance with local security policies.

|}

'''Key Knowledge Areas:'''

* Audit a system to find files with the suid/sgid bit set.
* Set or change user passwords and password aging information.
* Being able to use nmap and netstat to discover open ports on a system.
* Set up limits on user logins, processes and memory usage.
* Determine which users have logged in to the system or are currently logged in.
* Basic sudo configuration and usage.

'''The following is a partial list of the used files, terms and utilities:'''

* find
* passwd
* fuser
* lsof
* nmap
* chage
* netstat
* sudo
* /etc/sudoers
* su
* usermod
* ulimit
* who, w, last

 

====110.2 Setup host security====

{|
| style="background:#dadada" |

'''Weight'''

| style="background:#eaeaea" | 3
|-
| style="background:#dadada; padding-right:1em" |

'''Description'''

| style="background:#eaeaea" |

Candidates should know how to set up a basic level of host security.

|}

'''Key Knowledge Areas:'''

* Awareness of shadow passwords and how they work.
* Turn off network services not in use.
* Understand the role of TCP wrappers.

'''The following is a partial list of the used files, terms and utilities:'''

* /etc/nologin
* /etc/passwd
* /etc/shadow
* /etc/xinetd.d/
* /etc/xinetd.conf
* /etc/inetd.d/
* /etc/inetd.conf
* /etc/inittab
* /etc/init.d/
* /etc/hosts.allow
* /etc/hosts.deny

 

====110.3 Securing data with encryption====

{|
| style="background:#dadada" |

'''Weight'''

| style="background:#eaeaea" | 3
|-
| style="background:#dadada; padding-right:1em" |

'''Description'''

| style="background:#eaeaea" |

The candidate should be able to use public key techniques to secure data and communication.

|}

'''Key Knowledge Areas:'''

* Perform basic OpenSSH 2 client configuration and usage.
* Understand the role of OpenSSH 2 server host keys.
* Perform basic GnuPG configuration, usage and revocation.
* Understand SSH port tunnels (including X11 tunnels).

'''The following is a partial list of the used files, terms and utilities:'''

* ssh
* ssh-keygen
* ssh-agent
* ssh-add
* ~/.ssh/id_rsa and id_rsa.pub
* ~/.ssh/id_dsa and id_dsa.pub
* /etc/ssh/ssh_host_rsa_key and ssh_host_rsa_key.pub
* /etc/ssh/ssh_host_dsa_key and ssh_host_dsa_key.pub
* ~/.ssh/authorized_keys
* /etc/ssh_known_hosts
* gpg
* ~/.gnupg/

==Future Change Considerations==

Future changes to the objective will/may include:

* include another monitoring command : watch
* cover UEFI in LPIC-1 instead of LPIC-2
* explicitly mention GUIDs
* add declare to Bash coverage
* dump older syslog implementations
* cover compgen
* bring back awk coverage (maybe LPIC-2)

LPIC-303 Objectives V1

2015-01-26T18:33:36Z

Babafou: /* 320.2 Advanced GPG */ fix a few typos

__FORCETOC__
==Introduction==
The description of the entire [[LPIC-3]] programme is listed [[LPIC-3|here]].
 
 

==Version Information==
These objectives are version 1.0.0.
 
==Translations of Objectives==
The following translations of the objectives are available on this wiki:
* [[LPIC-303|English]]
* [[LPIC-303(ES)|Spanish]]
 

==Objectives==
===''Topic 320: Cryptography''===
====320.1 OpenSSL====
{|
| style="background:#dadada" | '''Weight'''
| style="background:#eaeaea" | 4
|-
| style="background:#dadada; padding-right:1em" | '''Description'''
| style="background:#eaeaea" | Candidates should know how to configure and use OpenSSL. This includes creating your own Certificate Authority and issues SSL certificates for various applications.
|}
'''Key Knowledge Areas:'''
* certificate generation
* key generation
* SSL/TLS client and server tests
'''The following is a partial list of the used files, terms and utilities:'''
* openssl
* RSA, DH and DSA
* SSL
* X.509
* CSR
* CRL
 

====320.2 Advanced GPG====
{|
| style="background:#dadada" | '''Weight'''
| style="background:#eaeaea" | 4
|-
| style="background:#dadada; padding-right:1em" | '''Description'''
| style="background:#eaeaea" | Candidates should know how to use GPG. This includes key generation, signing and publishing to key servers. Managing multiple private keys and IDs is also included.
|}
'''Key Knowledge Areas:'''
* GPG encryption and signing
* private/public key management
* GPG key servers
* GPG configuration
'''The following is a partial list of the used files, terms and utilities:'''
* gpg
* gpgv
* gpg-agent
* ~/.gnupg/
 

====320.3 Encrypted Filesystems====
{|
| style="background:#dadada" | '''Weight'''
| style="background:#eaeaea" | 3
|-
| style="background:#dadada; padding-right:1em" | '''Description'''
| style="background:#eaeaea" | Candidates should be able to setup and configure encrypted filesystems.
|}
'''Key Knowledge Areas:'''
* LUKS
* dm-crypt and awareness of CBC, ESSIV, LRW and XTS modes
'''The following is a partial list of the used files, terms and utilities:'''
* dm-crypt
* cryptmount
* cryptsetup
 
 
===''Topic 321: Access Control''===
====321.1 Host Based Access Control====
{|
| style="background:#dadada" | '''Weight'''
| style="background:#eaeaea" | 2
|-
| style="background:#dadada; padding-right:1em" | '''Description'''
| style="background:#eaeaea" | Candidates should be familiar with basic host based access control such as nsswitch configuration, PAM and password cracking.
|}
'''Key Knowledge Areas:'''
* PAM and PAM configuration files
* password cracking
* nsswitch
'''The following is a partial list of the used files, terms and utilities:'''
* nsswitch.conf
* john
 
====321.2 Extended Attributes and ACLs====
{|
| style="background:#dadada" | '''Weight'''
| style="background:#eaeaea" | 5
|-
| style="background:#dadada; padding-right:1em" | '''Description'''
| style="background:#eaeaea" | Candidates are required to understand and know how to use Extended Attributes and Access Control Lists.
|}
'''Key Knowledge Areas:'''
* ACLs
* EAs and attribute classes
'''The following is a partial list of the used files, terms and utilities:'''
* getfacl
* setfacl
* getfattr
* setfattr
 
====321.3 SELinux====
{|
| style="background:#dadada" | '''Weight'''
| style="background:#eaeaea" | 6
|-
| style="background:#dadada; padding-right:1em" | '''Description'''
| style="background:#eaeaea" | Candidates should have a thorough knowledge of SELinux.
|}
'''Key Knowledge Areas:'''
* SELinux configuration and command line tools
* TE, RBAC, MAC and DAC concepts and use
'''The following is a partial list of the used files, terms and utilities:'''
* fixfiles/setfiles
* newrole
* setenforce/getenforce
* selinuxenabled
* semanage
* sestatus
* /etc/selinux/
* /etc/selinux.d/
 
====321.4 Other Mandatory Access Control Systems====
{|
| style="background:#dadada" | '''Weight'''
| style="background:#eaeaea" | 2
|-
| style="background:#dadada; padding-right:1em" | '''Description'''
| style="background:#eaeaea" | Candidates should be familiar with other Mandatory Access Control systems for Linux. This includes major features of these systems but not configuration and use.
|}
'''Key Knowledge Areas:'''
* SMACK
* AppArmor
'''The following is a partial list of the used files, terms and utilities:'''
* SMACK
* AppArmor
 
 
===''Topic 322: Application Security''===
====322.1 BIND/DNS====
{|
| style="background:#dadada" | '''Weight'''
| style="background:#eaeaea" | 2
|-
| style="background:#dadada; padding-right:1em" | '''Description'''
| style="background:#eaeaea" | Candidates should have experience and knowledge of security issues in use and configuration of BIND DNS services.
|}
'''Key Knowledge Areas:'''
* BIND v9
* BIND vulnerabilities
* chroot environments
'''The following is a partial list of the used files, terms and utilities:'''
* TSIG
* BIND ACLs
* named-checkconf
 
====322.2 Mail Services====
{|
| style="background:#dadada" | '''Weight'''
| style="background:#eaeaea" | 2
|-
| style="background:#dadada; padding-right:1em" | '''Description'''
| style="background:#eaeaea" | Candidates should have experience and knowledge of security issues in use and configuration of Postfix mail services. Awareness of security issues in Sendmail is also required but not configuration.
|}
'''Key Knowledge Areas:'''
* Postfix security centric configuration
* securing Sendmail
* chroot environments
'''The following is a partial list of the used files, terms and utilities:'''
* /etc/postfix/
* TLS
 
====322.3 Apache/HTTP/HTTPS====
{|
| style="background:#dadada" | '''Weight'''
| style="background:#eaeaea" | 2
|-
| style="background:#dadada; padding-right:1em" | '''Description'''
| style="background:#eaeaea" | Candidates should have experience and knowledge of security issues in use and configuration of Apache web services.
|}
'''Key Knowledge Areas:'''
* Apache v1 and v2 security centric configuration
'''The following is a partial list of the used files, terms and utilities:'''
* SSL
* .htaccess
* Basic Authentication
* htpasswd
* AllowOverride
 
====322.4 FTP====
{|
| style="background:#dadada" | '''Weight'''
| style="background:#eaeaea" | 1
|-
| style="background:#dadada; padding-right:1em" | '''Description'''
| style="background:#eaeaea" | Candidates should have experience and knowledge of security issues in use and configuration of Pure-FTPd and vsftpd FTP services.
|}
'''Key Knowledge Areas:'''
* Pure-FTPd configuration and important command line options
* vsftpd configuration
* chroot environments
'''The following is a partial list of the used files, terms and utilities:'''
* SSL/TLS
* vsftpd.conf
 

====322.5 OpenSSH====
{|
| style="background:#dadada" | '''Weight'''
| style="background:#eaeaea" | 3
|-
| style="background:#dadada; padding-right:1em" | '''Description'''
| style="background:#eaeaea" | Candidates should have experience and knowledge of security issues in use and configuration of OpenSSH SSH services.
|}
'''Key Knowledge Areas:'''
* OpenSSH configuration and command line tools
* OpenSSH key management and access control
* Awareness of SSH protocol v1 and v2 security issues
'''The following is a partial list of the used files, terms and utilities:'''
* /etc/ssh/
* ~/.ssh/
* ssh-keygen
* ssh-agent
* ssh-vulnkey
 
====322.6 NFSv4====
{|
| style="background:#dadada" | '''Weight'''
| style="background:#eaeaea" | 1
|-
| style="background:#dadada; padding-right:1em" | '''Description'''
| style="background:#eaeaea" | Candidates should have experience and knowledge of security issues in use and configuration of NFSv4 NFS services. Earlier versions of NFS are not required knowledge.
|}
'''Key Knowledge Areas:'''
* NFSv4 security improvements, issues and use
* NFSv4 pseudo file system
* NFSv4 security mechanisms (LIPKEY, SPKM, Kerberos)
'''The following is a partial list of the used files, terms and utilities:'''
* NFSv4 ACLs
* nfs4acl
* RPCSEC_GSS
* /etc/exports
 
====322.7 Syslog====
{|
| style="background:#dadada" | '''Weight'''
| style="background:#eaeaea" | 1
|-
| style="background:#dadada; padding-right:1em" | '''Description'''
| style="background:#eaeaea" | Candidates should have experience and knowledge of security issues in use and configuration of syslog services.
|}
'''Key Knowledge Areas:'''
* syslog security issues
* chroot environments
'''The following is a partial list of the used files, terms and utilities:'''
* remote syslog servers
 
 
===''Topic 323: Operations Security''===
====323.1 Host Configuration Management====
{|
| style="background:#dadada" | '''Weight'''
| style="background:#eaeaea" | 2
|-
| style="background:#dadada; padding-right:1em" | '''Description'''
| style="background:#eaeaea" | Candidates should be familiar with the use of RCS and Puppet for host configuration management.
|}
'''Key Knowledge Areas:'''
* RCS
* Puppet
'''The following is a partial list of the used files, terms and utilities:'''
* RCS
* ci/co
* rcsdiff
* puppet
* puppetd
* puppetmasterd
* /etc/puppet/
 
 
===''Topic 324: Network Security''===
====324.1 Intrusion Detection====
{|
| style="background:#dadada" | '''Weight'''
| style="background:#eaeaea" | 4
|-
| style="background:#dadada; padding-right:1em" | '''Description'''
| style="background:#eaeaea" | Candidates should be familiar with the use and configuration of intrusion detection software.
|}
'''Key Knowledge Areas:'''
* Snort configuration, rules and use
* Tripwire configuration, policies and use
'''The following is a partial list of the used files, terms and utilities:'''
* snort
* snort-stat
* /etc/snort/
* tripwire
* twadmin
* /etc/tripwire/
 
====324.2 Network Security Scanning====
{|
| style="background:#dadada" | '''Weight'''
| style="background:#eaeaea" | 5
|-
| style="background:#dadada; padding-right:1em" | '''Description'''
| style="background:#eaeaea" | Candidates should be familiar with the use and configuration of network security scanning tools.
|}
'''Key Knowledge Areas:'''
* Nessus configuration, NASL and use
* Wireshark filters and use
'''The following is a partial list of the used files, terms and utilities:'''
* nmap
* wireshark
* tshark
* tcpdump
* nessus
* nessus-adduser/nessus-rmuser
* nessusd
* nessus-mkcert
* /etc/nessus
 
====324.3 Network Monitoring====
{|
| style="background:#dadada" | '''Weight'''
| style="background:#eaeaea" | 3
|-
| style="background:#dadada; padding-right:1em" | '''Description'''
| style="background:#eaeaea" | Candidates should be familiar with the use and configuration of network monitoring tools.
|}
'''Key Knowledge Areas:'''
* Nagios configuration and use
* ntop
'''The following is a partial list of the used files, terms and utilities:'''
* ntop
* nagios
* nagiostats
* nagios.cfg and other configuration files
 
====324.4 netfilter/iptables====
{|
| style="background:#dadada" | '''Weight'''
| style="background:#eaeaea" | 5
|-
| style="background:#dadada; padding-right:1em" | '''Description'''
| style="background:#eaeaea" | Candidates should be familiar with the use and configuration of iptables.
|}
'''Key Knowledge Areas:'''
* Iptables packet filtering and network address translation
'''The following is a partial list of the used files, terms and utilities:'''
* iptables
* iptables-save/iptables-restore
 
====324.5 OpenVPN====
{|
| style="background:#dadada" | '''Weight'''
| style="background:#eaeaea" | 3
|-
| style="background:#dadada; padding-right:1em" | '''Description'''
| style="background:#eaeaea" | Candidates should be familiar with the use of OpenVPN.
|}
'''Key Knowledge Areas:'''
* OpenVPN configuration and use
'''The following is a partial list of the used files, terms and utilities:'''
* /etc/openvpn/
* openvpn server and client

==Future consideration not part of current exam==

===''Topic 390: FreeIPA and Kerberos''===

====390.1 Deploying Kerberos (weight: 2)====

{|
| style="background:#dadada" |

'''Weight'''

| style="background:#eaeaea" | 2
|-
| style="background:#dadada; padding-right:1em" |

'''Description'''

| style="background:#eaeaea" |

Candidates should be familiar with deploying a Kerberos on a single domain.

|}

'''Key Knowledge Areas:'''

* Key Distribution Centre
* Principals
* Tickets

'''The following is a partial list of the used files, terms and utilities:'''

* kinit
* krb5.conf
* krb5kdc/kdc.conf
* kdb5_util
* rb5kdc/kadm5.acl
* klist
* kadmin, kadmin.local

 

====390.2 FreeIPA Installation (weight: 2)====

{|
| style="background:#dadada" |

'''Weight'''

| style="background:#eaeaea" | 2
|-
| style="background:#dadada; padding-right:1em" |

'''Description'''

| style="background:#eaeaea" |

Candidates should be familiar with FreeIPA v3.x installation process of creating a server instance. Knowledge of the components used by FreeIPA.

|}

'''Key Knowledge Areas:'''

* System and configuration prerequisites for installing FreeIPA
* FreeIPA Components: LDAP, Kerberos, PKI, DNS, Certmonger

'''The following is a partial list of the used files, terms and utilities:'''

* ipa-server-install and options
* ipa

 

====390.3 Integrating FreeIPA with Samba (weight: 2)====

{|
| style="background:#dadada" |

'''Weight'''

| style="background:#eaeaea" | 2
|-
| style="background:#dadada; padding-right:1em" |

'''Description'''

| style="background:#eaeaea" |

Candidates should be able to integrate with Samba for group management, Kerberized CIFS and as an AD DC with FreeIPA.

|}

'''Key Knowledge Areas:'''

* Cross-realm trusts

'''The following is a partial list of the used files, terms and utilities:'''

* ipa trust-add-ad
* ipa config-mod
* net
* ldapadd

 

====390.4 System Security Services Daemon (weight: 2)====

{|
| style="background:#dadada" |

'''Weight'''

| style="background:#eaeaea" | 2
|-
| style="background:#dadada; padding-right:1em" |

'''Description'''

| style="background:#eaeaea" |

Candidates should be able to configure and use SSSD manage access to remote directories and authentication mechanisms

|}

'''Key Knowledge Areas:'''

* SSSD daemon and command line tools
* Configuring NSS and PAM for use with SSSD
* Authenticate against a local, LDAP and Kerberos domain

'''The following is a partial list of the used files, terms and utilities:'''

* SSSD
* sss_* commands
* sssd.conf
* nsswitch.conf

 
 

==Other Comments for consideration==

Secure development, hardening

As examples, following items are not in the current objectives:

1) Related to Wireless LAN:

(Note: It’s not only for Linux though, it is necessary to consider because

there are many points to be taken care for configuration in terms of security

measure.)

2) Related to IPv6:

Not only IPv4, but also IPv6 should be considered.

3) Security features in Linux:

For example, ASLR and Exec-Shield (ASCII Armor) should be considered,

because it causes security level lower if those are disabled.

4) Related to Forensics:

In the survey of malware’s behavior, Sleuth Kit would be used to analyze

the hard disk on Linux machine. Also in some cases, LVM commands would be

used to restore the disk which became un-mountable.

So that this area should be learned.

5) Database (RDB, NoSQL) security:

Because Application Security (bind, apache, etc.) is covered now, this item

would be nice to cover. And this item is listed in the CIF, security contest

almost every time.

Also the counter-measure in server side is necessary.

6) Related to OpenFlow:

There are several points to be considered in terms of security measure about

the configuration of OpenFlow.

7) RADIUS

This was covered in 301 though, this is not covered now.

This should be covered.

8) DNS

More DNSSEC and DANE.

LPIC-303 Objectives V1

2013-11-25T17:13:27Z

Babafou: /* 322.4 FTP */ changed vsftp.conf to vsftpd.conf (missing d)

__FORCETOC__
==Introduction==
The description of the entire [[LPIC-3]] programme is listed [[LPIC-3|here]].
 
 

==Version Information==
These objectives are version 1.0.0.
 
==Translations of Objectives==
The following translations of the objectives are available on this wiki:
* [[LPIC-303|English]]
* [[LPIC-303(ES)|Spanish]]
 

==Objectives==
===''Topic 320: Cryptography''===
====320.1 OpenSSL====
{|
| style="background:#dadada" | '''Weight'''
| style="background:#eaeaea" | 4
|-
| style="background:#dadada; padding-right:1em" | '''Description'''
| style="background:#eaeaea" | Candidates should know how to configure and use OpenSSL. This includes creating your own Certificate Authority and issues SSL certificates for various applications.
|}
'''Key Knowledge Areas:'''
* certificate generation
* key generation
* SSL/TLS client and server tests
'''The following is a partial list of the used files, terms and utilities:'''
* openssl
* RSA, DH and DSA
* SSL
* X.509
* CSR
* CRL
 

====320.2 Advanced GPG====
{|
| style="background:#dadada" | '''Weight'''
| style="background:#eaeaea" | 4
|-
| style="background:#dadada; padding-right:1em" | '''Description'''
| style="background:#eaeaea" | Candidates should know how to use GPG. This includes key generation, signing and publishing to keyservers. Managing multiple private key and IDs is also included.
|}
'''Key Knowledge Areas:'''
* GPG encyption and signing
* private/public key management
* GPG key servers
* GPG configuration
'''The following is a partial list of the used files, terms and utilities:'''
* gpg
* gpgv
* gpg-agent
* ~/.gnupg/
 
====320.3 Encrypted Filesystems====
{|
| style="background:#dadada" | '''Weight'''
| style="background:#eaeaea" | 3
|-
| style="background:#dadada; padding-right:1em" | '''Description'''
| style="background:#eaeaea" | Candidates should be able to setup and configure encrypted filesystems.
|}
'''Key Knowledge Areas:'''
* LUKS
* dm-crypt and awareness of CBC, ESSIV, LRW and XTS modes
'''The following is a partial list of the used files, terms and utilities:'''
* dm-crypt
* cryptmount
* cryptsetup
 
 
===''Topic 321: Access Control''===
====321.1 Host Based Access Control====
{|
| style="background:#dadada" | '''Weight'''
| style="background:#eaeaea" | 2
|-
| style="background:#dadada; padding-right:1em" | '''Description'''
| style="background:#eaeaea" | Candidates should be familiar with basic host based access control such as nsswitch configuration, PAM and password cracking.
|}
'''Key Knowledge Areas:'''
* PAM and PAM configuration files
* password cracking
* nsswitch
'''The following is a partial list of the used files, terms and utilities:'''
* nsswitch.conf
* john
 
====321.2 Extended Attributes and ACLs====
{|
| style="background:#dadada" | '''Weight'''
| style="background:#eaeaea" | 5
|-
| style="background:#dadada; padding-right:1em" | '''Description'''
| style="background:#eaeaea" | Candidates are required to understand and know how to use Extended Attributes and Access Control Lists.
|}
'''Key Knowledge Areas:'''
* ACLs
* EAs and attribute classes
'''The following is a partial list of the used files, terms and utilities:'''
* getfacl
* setfacl
* getfattr
* setfattr
 
====321.3 SELinux====
{|
| style="background:#dadada" | '''Weight'''
| style="background:#eaeaea" | 6
|-
| style="background:#dadada; padding-right:1em" | '''Description'''
| style="background:#eaeaea" | Candidates should have a thorough knowledge of SELinux.
|}
'''Key Knowledge Areas:'''
* SELinux configuration and command line tools
* TE, RBAC, MAC and DAC concepts and use
'''The following is a partial list of the used files, terms and utilities:'''
* fixfiles/setfiles
* newrole
* setenforce/getenforce
* selinuxenabled
* semanage
* sestatus
* /etc/selinux/
* /etc/selinux.d/
 
====321.4 Other Mandatory Access Control Systems====
{|
| style="background:#dadada" | '''Weight'''
| style="background:#eaeaea" | 2
|-
| style="background:#dadada; padding-right:1em" | '''Description'''
| style="background:#eaeaea" | Candidates should be familiar with other Mandatory Access Control systems for Linux. This includes major features of these systems but not configuration and use.
|}
'''Key Knowledge Areas:'''
* SMACK
* AppArmor
'''The following is a partial list of the used files, terms and utilities:'''
* SMACK
* AppArmor
 
 
===''Topic 322: Application Security''===
====322.1 BIND/DNS====
{|
| style="background:#dadada" | '''Weight'''
| style="background:#eaeaea" | 2
|-
| style="background:#dadada; padding-right:1em" | '''Description'''
| style="background:#eaeaea" | Candidates should have experience and knowledge of security issues in use and configuration of BIND DNS services.
|}
'''Key Knowledge Areas:'''
* BIND v9
* BIND vulnerabilities
* chroot environments
'''The following is a partial list of the used files, terms and utilities:'''
* TSIG
* BIND ACLs
* named-checkconf
 
====322.2 Mail Services====
{|
| style="background:#dadada" | '''Weight'''
| style="background:#eaeaea" | 2
|-
| style="background:#dadada; padding-right:1em" | '''Description'''
| style="background:#eaeaea" | Candidates should have experience and knowledge of security issues in use and configuration of Postfix mail services. Awareness of security issues in Sendmail is also required but not configuration.
|}
'''Key Knowledge Areas:'''
* Postfix security centric configuration
* securing Sendmail
* chroot environments
'''The following is a partial list of the used files, terms and utilities:'''
* /etc/postfix/
* TLS
 
====322.3 Apache/HTTP/HTTPS====
{|
| style="background:#dadada" | '''Weight'''
| style="background:#eaeaea" | 2
|-
| style="background:#dadada; padding-right:1em" | '''Description'''
| style="background:#eaeaea" | Candidates should have experience and knowledge of security issues in use and configuration of Apache web services.
|}
'''Key Knowledge Areas:'''
* Apache v1 and v2 security centric configuration
'''The following is a partial list of the used files, terms and utilities:'''
* SSL
* .htaccess
* Basic Authentication
* htpasswd
* AllowOverride
 
====322.4 FTP====
{|
| style="background:#dadada" | '''Weight'''
| style="background:#eaeaea" | 1
|-
| style="background:#dadada; padding-right:1em" | '''Description'''
| style="background:#eaeaea" | Candidates should have experience and knowledge of security issues in use and configuration of Pure-FTPd and vsftpd FTP services.
|}
'''Key Knowledge Areas:'''
* Pure-FTPd configuration and important command line options
* vsftpd configuration
* chroot environments
'''The following is a partial list of the used files, terms and utilities:'''
* SSL/TLS
* vsftpd.conf
 

====322.5 OpenSSH====
{|
| style="background:#dadada" | '''Weight'''
| style="background:#eaeaea" | 3
|-
| style="background:#dadada; padding-right:1em" | '''Description'''
| style="background:#eaeaea" | Candidates should have experience and knowledge of security issues in use and configuration of OpenSSH SSH services.
|}
'''Key Knowledge Areas:'''
* OpenSSH configuration and command line tools
* OpenSSH key management and access control
* Awareness of SSH protocol v1 and v2 security issues
'''The following is a partial list of the used files, terms and utilities:'''
* /etc/ssh/
* ~/.ssh/
* ssh-keygen
* ssh-agent
* ssh-vulnkey
 
====322.6 NFSv4====
{|
| style="background:#dadada" | '''Weight'''
| style="background:#eaeaea" | 1
|-
| style="background:#dadada; padding-right:1em" | '''Description'''
| style="background:#eaeaea" | Candidates should have experience and knowledge of security issues in use and configuration of NFSv4 NFS services. Earlier versions of NFS are not required knowledge.
|}
'''Key Knowledge Areas:'''
* NFSv4 security improvements, issues and use
* NFSv4 pseudo file system
* NFSv4 security mechanisms (LIPKEY, SPKM, Kerberos)
'''The following is a partial list of the used files, terms and utilities:'''
* NFSv4 ACLs
* nfs4acl
* RPCSEC_GSS
* /etc/exports
 
====322.7 Syslog====
{|
| style="background:#dadada" | '''Weight'''
| style="background:#eaeaea" | 1
|-
| style="background:#dadada; padding-right:1em" | '''Description'''
| style="background:#eaeaea" | Candidates should have experience and knowledge of security issues in use and configuration of syslog services.
|}
'''Key Knowledge Areas:'''
* syslog security issues
* chroot environments
'''The following is a partial list of the used files, terms and utilities:'''
* remote syslog servers
 
 
===''Topic 323: Operations Security''===
====323.1 Host Configuration Management====
{|
| style="background:#dadada" | '''Weight'''
| style="background:#eaeaea" | 2
|-
| style="background:#dadada; padding-right:1em" | '''Description'''
| style="background:#eaeaea" | Candidates should be familiar with the use of RCS and Puppet for host configuration management.
|}
'''Key Knowledge Areas:'''
* RCS
* Puppet
'''The following is a partial list of the used files, terms and utilities:'''
* RCS
* ci/co
* rcsdiff
* puppet
* puppetd
* puppetmasterd
* /etc/puppet/
 
 
===''Topic 324: Network Security''===
====324.1 Intrusion Detection====
{|
| style="background:#dadada" | '''Weight'''
| style="background:#eaeaea" | 4
|-
| style="background:#dadada; padding-right:1em" | '''Description'''
| style="background:#eaeaea" | Candidates should be familiar with the use and configuration of intrusion detection software.
|}
'''Key Knowledge Areas:'''
* Snort configuration, rules and use
* Tripwire configuration, policies and use
'''The following is a partial list of the used files, terms and utilities:'''
* snort
* snort-stat
* /etc/snort/
* tripwire
* twadmin
* /etc/tripwire/
 
====324.2 Network Security Scanning====
{|
| style="background:#dadada" | '''Weight'''
| style="background:#eaeaea" | 5
|-
| style="background:#dadada; padding-right:1em" | '''Description'''
| style="background:#eaeaea" | Candidates should be familiar with the use and configuration of network security scanning tools.
|}
'''Key Knowledge Areas:'''
* Nessus configuration, NASL and use
* Wireshark filters and use
'''The following is a partial list of the used files, terms and utilities:'''
* nmap
* wireshark
* tshark
* tcpdump
* nessus
* nessus-adduser/nessus-rmuser
* nessusd
* nessus-mkcert
* /etc/nessus
 
====324.3 Network Monitoring====
{|
| style="background:#dadada" | '''Weight'''
| style="background:#eaeaea" | 3
|-
| style="background:#dadada; padding-right:1em" | '''Description'''
| style="background:#eaeaea" | Candidates should be familiar with the use and configuration of network monitoring tools.
|}
'''Key Knowledge Areas:'''
* Nagios configuration and use
* ntop
'''The following is a partial list of the used files, terms and utilities:'''
* ntop
* nagios
* nagiostats
* nagios.cfg and other configuration files
 
====324.4 netfilter/iptables====
{|
| style="background:#dadada" | '''Weight'''
| style="background:#eaeaea" | 5
|-
| style="background:#dadada; padding-right:1em" | '''Description'''
| style="background:#eaeaea" | Candidates should be familiar with the use and configuration of iptables.
|}
'''Key Knowledge Areas:'''
* Iptables packet filtering and network address translation
'''The following is a partial list of the used files, terms and utilities:'''
* iptables
* iptables-save/iptables-restore
 
====324.5 OpenVPN====
{|
| style="background:#dadada" | '''Weight'''
| style="background:#eaeaea" | 3
|-
| style="background:#dadada; padding-right:1em" | '''Description'''
| style="background:#eaeaea" | Candidates should be familiar with the use of OpenVPN.
|}
'''Key Knowledge Areas:'''
* OpenVPN configuration and use
'''The following is a partial list of the used files, terms and utilities:'''
* /etc/openvpn/
* openvpn server and client

==Future consideration not part of current exam==

===''Topic 390: FreeIPA and Kerberos''===

====390.1 Deploying Kerberos (weight: 2)====

{|
| style="background:#dadada" |

'''Weight'''

| style="background:#eaeaea" | 2
|-
| style="background:#dadada; padding-right:1em" |

'''Description'''

| style="background:#eaeaea" |

Candidates should be familiar with deploying a Kerberos on a single domain.

|}

'''Key Knowledge Areas:'''

* Key Distribution Centre
* Principals
* Tickets

'''The following is a partial list of the used files, terms and utilities:'''

* kinit
* krb5.conf
* krb5kdc/kdc.conf
* kdb5_util
* rb5kdc/kadm5.acl
* klist
* kadmin, kadmin.local

 

====390.2 FreeIPA Installation (weight: 2)====

{|
| style="background:#dadada" |

'''Weight'''

| style="background:#eaeaea" | 2
|-
| style="background:#dadada; padding-right:1em" |

'''Description'''

| style="background:#eaeaea" |

Candidates should be familiar with FreeIPA v3.x installation process of creating a server instance. Knowledge of the components used by FreeIPA.

|}

'''Key Knowledge Areas:'''

* System and configuration prerequisites for installing FreeIPA
* FreeIPA Components: LDAP, Kerberos, PKI, DNS, Certmonger

'''The following is a partial list of the used files, terms and utilities:'''

* ipa-server-install and options
* ipa

 

====390.3 Integrating FreeIPA with Samba (weight: 2)====

{|
| style="background:#dadada" |

'''Weight'''

| style="background:#eaeaea" | 2
|-
| style="background:#dadada; padding-right:1em" |

'''Description'''

| style="background:#eaeaea" |

Candidates should be able to integrate with Samba for group management, Kerberized CIFS and as an AD DC with FreeIPA.

|}

'''Key Knowledge Areas:'''

* Cross-realm trusts

'''The following is a partial list of the used files, terms and utilities:'''

* ipa trust-add-ad
* ipa config-mod
* net
* ldapadd

 

====390.4 System Security Services Daemon (weight: 2)====

{|
| style="background:#dadada" |

'''Weight'''

| style="background:#eaeaea" | 2
|-
| style="background:#dadada; padding-right:1em" |

'''Description'''

| style="background:#eaeaea" |

Candidates should be able to configure and use SSSD manage access to remote directories and authentication mechanisms

|}

'''Key Knowledge Areas:'''

* SSSD daemon and command line tools
* Configuring NSS and PAM for use with SSSD
* Authenticate against a local, LDAP and Kerberos domain

'''The following is a partial list of the used files, terms and utilities:'''

* SSSD
* sss_* commands
* sssd.conf
* nsswitch.conf

LPIC2AndLPIC3SummaryVersion3To4

2013-07-16T14:21:13Z

Babafou: added 203.1 changelist (blkid)

__FORCETOC__
=1.0 Purpose=

This document is meant to provide a higher level overview into what
has changed with the objectives update for LPIC-2 and LPIC-3 exams.

As well, this document serves to describe the fundamental change in
how a candidate obtains the LPIC-3 certification level.

The exams that are affect by this update are LPIC-2 (201 and 202) as well
as the creation of a new LPIC-3 exam, 300, and the retirement of the
301 (Core) and 302 (Mixed Environment) exams.

==1.1 Changes to the LPIC-2/LPIC-3 Programs==

The major change to the LPIC-3 program with this release of the LPIC-2 objectives and the new 300 objectives is to allow for the certification of LPIC-3 candidates without the need for them to take the enterprise level 301 (Core) exam.

With the creation of the new 300 exam, also called Mixed Environment, any LPIC-3 level exam will grant the candidate an LPIC-3 certification specialty.

The only exception to this policy change is that the 302 exam will still require the 301 exam in order to obtain the LPIC-3 302 Mixed Environment certification. However, the 301 and 302 exams are to be retired making this a temporary situation.

==1.2 Purpose for the Change to the LPIC-3 Program==

Over the years since the LPIC-3 stream of exams has been released, it was envisioned
that OpenLDAP (or LDAP server knowledge, in general) and Capacity Planning topics
would be central knowledge required for all of the LPIC-3 level exams. This has
proven not to be the case for the 303 (Security) and 304 (Virtualization and High Availability) exams.

In addition, the expectation that an LPIC-2 holder would have some knowledge of LDAP
at the services level and some degree of capacity planning expertise has risen.

==1.2 Benefits of the Change to the LPIC-3 Program==

The main benefit to the holder of the LPIC-2 certification is that they will now be able to achieve
LPIC-3 status by taking any one of the available LPIC-3 exams.

=2.0 Major Universal Changes to LPIC-2 and LPIC-3=

==2.1 Versions of Objectives==

The new version of the objectives for the LPIC-2 exams will be 4.0.

The version for the LPIC-3 300 exam will be 1.0 to reflect that this is a new exam and separate from the LPIC-3 301 (Core) and 302 (Mixed Environment) exams which are to be retired.

==2.2 Weighting of Objectives==

The weighting on the 300 exam has been normalised to 60. This means that each exam will be 60 questions long. This also means that a weighting of 3 on an objective indicates that there will be exactly 3 questions on the exam pertaining to that objective.

==2.3 Objective Numbering==

For the LPIC-2 exams, every attempt to maintain the objective number from the 3.5 version of the objectives has been taken.

For the LPIC-3 300 exam, the objective numbering starts at 390. Starting at 300 would have caused conflict with the 301 exam objective numbers which start at 300.

==2.4 Troubleshooting Content==

In previous releases of the objectives, troubleshooting was a large component of the exam and discrete from the subject matter. Sometimes, the troubleshooting is in an exam different that the one with the original subject matter.

In this release, an attempt has been made to remove the discrete troubleshooting objectives and to include them directly in the objective. This makes it easier to track what is being tested as well as to aid in courseware and book development.

==2.5 Minimized Content Duplication==

Since there is some basic Samba and OpenLDAP content in the 202 exam, an effort was made to avoid duplicating that material in the 300 exam. As such, a 300 exam candidate is expected to know the basics of OpenLDAP configuration.

=3.0 Major Changes in LPIC-2=

==3.1 Re-focus/Consistent Focus==

With this release of the LPIC-2 objectives, the 201 exam now focuses on the scaling, maintenance and troubleshooting of the server. The 202 exam now is primarily focused on core network services as well as system and some network security content.

==3.2 New/Changed/Dropped Content==

===3.2.1 Capacity Planning===

The main focus of the capacity planning objectives is measuring and troubleshooting resource use on a troubled system as well as monitoring and trending the resource usage in order to avoid such situations.

===3.2.2 Focus on the Kernel===

With the maturity and modularity of the Linux kernel, the need to compile and, in particular, patch the kernel has decreased while the run time management requirements of the kernel and its components, such as udev, has increased.

===3.2.3 Alternate Bootloaders===

The notable change is that LILO has lost status as a first class bootloader and has been grouped in with other alternate loaders such as ISOLINUX and PXELINUX.

===3.2.4 Hardware Technologies===

The iSCSI and SMART disk monitoring has been added.

===3.2.5 OpenLDAP Server Basics===

A number of objectives from the 301 exam on basic OpenLDAP server setup and use has been added to the 202 exam.

===3.2.6 Web Services===

The Apache coverage has been logically split between configuration of Apache, in general, and configuring HTTPS. With the explosive growth in popularity of Nginx as both a web server and
a reverse proxy, it has been included in the 202 exam.

===3.2.7 MTA Changes===

Sendmail has been dropped to the awareness level in favour of Postfix. With the presence of Sendmail dropping to under 13% of publicly accessible mail servers, while Postfix accounts for approximately 23% of the publicly accessible mail servers, only Postfix configuration will be covered.

===3.2.8 OpenVPN Changes===

OpenVPN has been broken out of the 201 objective of Advanced Networking into its own objective under System Security in the 202 exam.

=3.0 Major Changes in LPIC-3=

==3.1 Re-focus/Consistent Focus==

With this release of the 300 Mixed Environment exam, the entire exam focuses on the essential services needed across a hetergenous network of MS and Linux system. It is heavily based on the existing 302 Mixed Environment exam with the inclusion of advanced OpenLDAP topics.

This exam covers all aspects of Samba, including the domain functionality and tools of both Samba 3.6 and Samba 4. With the way that Samba 4 has been developed and released, there is still a large need to understand Samba 3.6 configuration. The essential addition that Samba 4 gives is that it can be an Active Directory Domain Controller.

==3.2 New/Changed/Dropped Content==

===3.2.1 Samba 4 Content===

Samba 4 content has been added. In particular, in setting it up as a Active Directory Domain Controller as well as maintaining its naming service (aka DNS) and managing users and groups.

When a question on the exam is Samba 3 or 4 specific, it will be stated. Otherwise, the question would be valid for both versions of Samba.

===3.2.2 OpenLDAP content===

OpenLDAP content has been limited to the advanced topics from the 301 exam. This includes Replication, Security and Performance tuning.

As well, a lot of the integration of LDAP has been excluded in favour of PAM, NSS, AD and Kerberos integration. Integration with a myiad of Unix services and NIS to LDAP migration has been dropped.

=201 Change Summary=

Note: DNS services have been moved to the 202 exam to fit with the change in focus.

Topic 200: Capacity Planning

200.1 Measure and Troubleshoot Resource Usage (weight: 6)

This is a combination of the 306.1 Measure Resource Usage and 306.2 Troubleshoot Resource Problems objectives in the 301 exam.

This is a new objective.

The original weight on the combined objectives was 8.

200.2 Predict Future Resource Needs (weight: 2)

This is partially based on the 306.4 Predict Future Resource Needs objective from the 301 exam with the focused changed more to monitoring and trending to predict needs. The more mathematically rigourous analysis of needs involving queueing theory from 306.3 hasn't been included.

This is a new objective.

The original weight on the objective was 1.

Topic 201: Linux Kernel

201.2 Compiling a Linux kernel (weight: 3)

This has become and amalgamation of the 201.2 Compiling a kernel a the 201.4 Customise, build and install a custom kernel and kernel modules objectives. The patching of kernels has been dropped.

The combined weight of the 3 original objectives was 5.

201.3 Kernel runtime management and troubleshooting (weight: 4)

Renamed from 201.5 Manage/Query kernel and kernel modules at runtime.

This objective has also absorbed the 203.4 udev Device Management objective (weight: 1)

The combined weight of the two original objectives was 4.

Topic 202: System Startup

202.1 Customising SysV-init system startup (weight: 3)

Renamed from 202.1 Customising system startup and boot processes

The renaming is meant to reflect its focus. With the advent of systemd, it was necessary to indicate.

The original weight was 4.

202.2 System recovery (weight: 4)

A lot more detail was included in this objective. Both GRUB2 and GRUB Legac are covered. Also, an awareness of UEFI is expected.

202.3 Alternate Bootloaders (weight: 2)

This is a combination of moving the LILO component of 213.1 Identifying boot stages and troubleshooting bootloaders to an objective to denote its lessening in importance in daily administrative tasks.

Additional bootloaders have also been included.

This is a new objective.

Topic 203: Filesystem and Devices

203.1 Operating the Linux filesystem (weight: 4)

Added blkid.

203.2 Maintaining a Linux filesystem (weight: 3)

The major change has been in dropping ReiserFS in favour of Btrfs and badblocks for SMART Disk monitoring.

Topic 204: Advanced Storage Device Administration

204.1 Configuring RAID (weight: 3)

The original weight was 2.

204.2 Adjusting Storage Device Access (weight: 2)

The inclusion of iSCSI has been made to this objective.

The original weight was 1.

Topic 205: Networking Configuration

205.2 Advanced Network Configuration (weight: 4)

OpenVPN was moved to its own objective in the 202 exam under System Security. wireshark was just removed.

205.3 Troubleshooting network issues (weight: 4)

The original weight was 5.

Topic 206: System Maintenance

206.1 Make and install programs from source (weight: 2)

Moved the use of patch to here from 201.3 Patching a kernel. Lesser emphasis on compiling software, in general.

The original weight was 4.

206.2 Backup operations (weight: 3)

cpio was removed from the list of backup tools.

206.3 Notify users on system-related issues (weight: 1)

The was renamed/renumbered from 205.4 Notify users on system-related issues for better organisation.

=202 Change Summary=

Topic 207: Domain Name Server

This entire objective has been moved from the 201 exam to help with consistency in the theme of the two exams.

207.1 Basic DNS server configuration (weight: 3)

The original weight of this exam was 2.

207.2 Create and maintain DNS zones (weight: 3)

The original weight of this exam was 2.

207.3 Securing a DNS server (weight: 2)

Topic 208: Web Services

208.1 Basic Apache configuration (weight: 4)

Renamed from 208.1 Implementing a web server to be more explicit.
Added vhost configuration and Redirect statements from 208.2.

208.2 Apache configuration for HTTPS (weight: 3)

Renamed from 208.2 Maintaining a web server to focus on its core content.

208.3 Implementing Squid as a caching proxy (weight: 2)

Renamed from 208.3 Implementing a proxy server.
Updated to Squid v3.

The original weight was 1.

208.4 Implementing Nginx as a web server and a reverse proxy (weight: 2)

This is a new objective.

Topic 209: File Sharing

209.1 Samba Server Configuration (weight: 5)

The focus remains on Samba 3.6.

The original weight was 4.

209.2 NFS Server Configuration (weight: 3)

The focus remains on NFSv3. Awareness of NFSv4 has been added.

The original weight was 4.

Topic 210: Network Client Management

210.4 Configuring an OpenLDAP server (weight: 4)

A combination of Topic 301: Concepts, Architecture and Design, 303.2 Access Control Lists in LDAP, 303.6 OpenLDAP Daemon Configuration, and 304.3 Whitepages.

Awareness of System Security Services Daemon (SSSD) is also introduced.

This is a new objective.

The original combined objectives were 13.

Topic 211: E-Mail Services

211.1 Using e-mail servers (weight: 4)

Dropped Sendmail to awareness level.

The original weight was 3.

Topic 212: System Security

212.1 Configuring a router (weight: 3)

Added awareness of IPv6.

212.2 Managing FTP servers (weight: 2)

Renamed from 212.2 Securing FTP servers.

212.3 Secure shell (SSH) (weight: 4)

Much of the ssh client side was dropped to avoid duplication from LPIC-1.

212.4 Security tasks (weight: 3)

Dropped TCP Wrappers as they are covered in LPIC-1
Renumbered from 212.5 (due to loss of TCP Wrapper objective).

212.5 OpenVPN (weight: 2)

This is a new objective. Broken out from 205.2 Advanced Network Configuration and Troubleshooting

NOTE: on the old 213 Troubleshooting Topic
213.1 merged into 202.2
init.d dropped/redundant with 213.3
213.2 merged into 201.5
strings dropped
ltrace to be merged with 102.3 to avoid redundancy
strace to be merged with 102.3 to avoid redundancy
dropped as redundant various system and daemon log files
dropped Kernel syslog entries in system logs (if entry is able to be gained)
213.3 dropped/overlap with LPIC-1
213.4 dropped/overlap with LPIC-1

sysctl, /etc/sysctl.conf, /etc/sysctl.d/ moved to 201.3 Kernel runtime management and troubleshooting

=300 Change Summary=

NOTE: Many of these changes occurred due to the merging of the 302 exam with parts of the 301 exam.
306 (entire Topic) was merged into LPIC-2 201 exam (renumbered to 200)
306.2 merged with 306.2; numbered 200.1
306.3 dropped.
306.4 added collectd and awareness of other monitoring solutions. renumbered to 200.2

NOTE: Dropped from the 302 Samba objectives are:
Topic 311: Compile and Install Samba
312.5 SWAT Configuration
315.2 Samba Security (overlaps with other objectives)
315.3 Performance Tuning

The Samba portion of this exam was restructured into Basics, Shares, User/Group Management, Domain Integration, Name Services and Working with Linux/Windows Clients.

390.1 OpenLDAP Replication (weight: 3)

Renumbered from 303.3 LDAP Replication

The original weight was 5.

390.2 Securing the Directory (weight: 3)

Renumbered from 303.4 Securing the Directory

The original weight was 4.

390.3 OpenLDAP Server Performance Tuning (weight: 2)

Renumbered from 303.5 LDAP Server Performance Tuning

Topic 391: OpenLDAP as an Authentication Backend

391.1 LDAP Integration with PAM and NSS (weight: 2)

Renumbered from 305.1 LDAP Integration with PAM and NSS

391.2 Integrating LDAP with Active Directory and Kerberos (weight: 2)

Renamed/Renumbered from 305.5 Integrating LDAP with Active Directory

Topic 392: Samba Basics

392.1 Samba Concepts and Architecture (weight: 2)

This is a new objective based on component of 302 exam objectives. Parts come from 312.1 Configure Samba

392.2 Configure Samba (weight: 4)

Renumbered from 312.1 Configure Samba

The original weight was 6.

392.3 Regular Samba Maintenance (weight: 2)

This is a new objective.

392.4 Troubleshooting Samba (weight: 2)

Partially based on 310.3 Trivial Database Files and parts of 312.1 Configure Samba

This is a new objective.

392.5 Internationalization (weight: 1)

Renumbered from 312.6 Internationalization

Topic 393: Samba Share Configuration

393.1 File Services (weight: 4)

Based on 312.2 File Services

393.2 Linux File System and Share/Service Permissions (weight: 3)

Based on 315.1 Linux File System and Share/Service Permissions
Added more details and VFS to store Windows ACLs

393.3 Print Services (weight: 2)

Renumbered from 312.3 Print Services

Topic 394: Samba User and Group Management

394.1 Managing User Accounts and Groups (weight: 4)

Renumbered from 313.1 Managing User Accounts and Groups

394.2 Authentication, Authorization and Winbind (weight: 5)

Renumbered from 313.2 Authentication and Authorization

Merged in 313.3 Winbind

The original weight combined weight was 10.

Topic 395: Samba Domain Integration

395.1 Samba as a PDC and BDC (weight: 3)

Renumbered from 312.4 Domain Controller

The original weight was 4

395.2 Samba4 as an AD compatible Domain Controller (weight: 3)

This is a new objective.

395.3 Configure Samba as a Domain Member Server (weight: 3)

This is a new objective.

Topic 396: Samba Name Services

396.1 NetBIOS and WINS (weight: 3)

Renumbered from 314.2 NetBIOS and WINS

Original weight was 7.

396.2 Active Directory Name Resolution (weight: 2)

This is a new objective.

Topic 397: Working with Linux and Windows Clients

397.1 CIFS Integration (weight: 3)

Renumbered from 314.1 CIFS Integration

397.2 Working with Windows Clients (weight: 2)

Renumbered from 314.4 Working with Windows Clients

The original weight was 4.