LPIC-303 Objectives V1

2010-03-11T17:16:41Z

Jannamillers: /* 320.1 OpenSSL */

__FORCETOC__
==Introduction==
TODO: Need a description for exam here
 
 
==Version Information==
These objectives are version 1.0.0.
 
 
==Objectives==
===''Topic 320: Cryptography''===
====320.1 OpenSSL====
{|
| style="background:#dadada" | '''Weight'''
| style="background:#eaeaea" | 4
|-
| style="background:#dadada; padding-right:1em" | '''Description'''
| style="background:#eaeaea" | Candidates should know how to configure and use OpenSSL. This includes creating your own Certificate Authority and issues SSL certificates for various applications.
|}
'''Key Knowledge Areas:'''
*[http://www.bestdissertation.com/services/dissertation.html dissertation writing]
* certificate generation
* key generation
* SSL/TLS client and server tests
'''The following is a partial list of the used files, terms and utilities:'''
* openssl
* RSA, DH and DSA
* SSL
* X.509
* CSR
* CRL
 

====320.2 Advanced GPG====
{|
| style="background:#dadada" | '''Weight'''
| style="background:#eaeaea" | 4
|-
| style="background:#dadada; padding-right:1em" | '''Description'''
| style="background:#eaeaea" | Candidates should know how to use GPG. This includes key generation, signing and publishing to keyservers. Managing multiple private key and IDs is also included.
|}
'''Key Knowledge Areas:'''
* GPG encyption and signing
* private/public key management
* GPG key servers
* GPG configuration
'''The following is a partial list of the used files, terms and utilities:'''
* gpg
* gpgv
* gpg-agent
* ~/.gnupg/
 
====320.3 Encrypted Filesystems====
{|
| style="background:#dadada" | '''Weight'''
| style="background:#eaeaea" | 3
|-
| style="background:#dadada; padding-right:1em" | '''Description'''
| style="background:#eaeaea" | Candidates should be able to setup and configure encrypted filesystems.
|}
'''Key Knowledge Areas:'''
* LUKS
* dm-crypt and awareness of CBC, ESSIV, LRW and XTS modes
'''The following is a partial list of the used files, terms and utilities:'''
* dm-crypt
* cryptmount
* cryptsetup
 
 
===''Topic 321: Access Control''===
====321.1 Host Based Access Control====
{|
| style="background:#dadada" | '''Weight'''
| style="background:#eaeaea" | 2
|-
| style="background:#dadada; padding-right:1em" | '''Description'''
| style="background:#eaeaea" | Candidates should be familiar with basic host based access control such as nsswitch configuration, PAM and password cracking.
|}
'''Key Knowledge Areas:'''
* PAM and PAM configuration files
* password cracking
* nsswitch
'''The following is a partial list of the used files, terms and utilities:'''
* nsswitch.conf
* john
 
====321.2 Extended Attributes and ACLs====
{|
| style="background:#dadada" | '''Weight'''
| style="background:#eaeaea" | 5
|-
| style="background:#dadada; padding-right:1em" | '''Description'''
| style="background:#eaeaea" | Candidates are required to understand and know how to use Extended Attributes and Access Control Lists.
|}
'''Key Knowledge Areas:'''
* ACLs
* EAs and attribute classes
'''The following is a partial list of the used files, terms and utilities:'''
* getfacl
* setfacl
* getfattr
* setfattr
 
====321.3 SELinux====
{|
| style="background:#dadada" | '''Weight'''
| style="background:#eaeaea" | 6
|-
| style="background:#dadada; padding-right:1em" | '''Description'''
| style="background:#eaeaea" | Candidates should have a thorough knowledge of SELinux.
|}
'''Key Knowledge Areas:'''
* SELinux configuration and command line tools
* TE, RBAC, MAC and DAC concepts and use
'''The following is a partial list of the used files, terms and utilities:'''
* fixfiles/setfiles
* newrole
* setenforce/getenforce
* selinuxenabled
* semanage
* sestatus
* /etc/selinux/
* /etc/selinux.d/
 
====321.4 Other Mandatory Access Control Systems====
{|
| style="background:#dadada" | '''Weight'''
| style="background:#eaeaea" | 2
|-
| style="background:#dadada; padding-right:1em" | '''Description'''
| style="background:#eaeaea" | Candidates should be familiar with other Mandatory Access Control systems for Linux. This includes major features of these systems but not configuration and use.
|}
'''Key Knowledge Areas:'''
* SMACK
* AppArmor
'''The following is a partial list of the used files, terms and utilities:'''
* SMACK
* AppArmor
 
 
===''Topic 322: Application Security''===
====322.1 BIND/DNS====
{|
| style="background:#dadada" | '''Weight'''
| style="background:#eaeaea" | 2
|-
| style="background:#dadada; padding-right:1em" | '''Description'''
| style="background:#eaeaea" | Candidates should have experience and knowledge of security issues in use and configuration of BIND DNS services.
|}
'''Key Knowledge Areas:'''
* BIND v9
* BIND vulnerabilities
* chroot environments
'''The following is a partial list of the used files, terms and utilities:'''
* TSIG
* BIND ACLs
* named-checkconf
 
====322.2 Mail Services====
{|
| style="background:#dadada" | '''Weight'''
| style="background:#eaeaea" | 2
|-
| style="background:#dadada; padding-right:1em" | '''Description'''
| style="background:#eaeaea" | Candidates should have experience and knowledge of security issues in use and configuration of Postfix mail services. Awareness of security issues in Sendmail is also required but not configuration.
|}
'''Key Knowledge Areas:'''
* Postfix security centric configuration
* securing Sendmail
* chroot environments
'''The following is a partial list of the used files, terms and utilities:'''
* /etc/postfix/
* TLS
 
====322.3 Apache/HTTP/HTTPS====
{|
| style="background:#dadada" | '''Weight'''
| style="background:#eaeaea" | 2
|-
| style="background:#dadada; padding-right:1em" | '''Description'''
| style="background:#eaeaea" | Candidates should have experience and knowledge of security issues in use and configuration of Apache web services.
|}
'''Key Knowledge Areas:'''
* Apache v1 and v2 security centric configuration
'''The following is a partial list of the used files, terms and utilities:'''
* SSL
* .htaccess
* Basic Authentication
* htpasswd
* AllowOverride
 
====322.4 FTP====
{|
| style="background:#dadada" | '''Weight'''
| style="background:#eaeaea" | 1
|-
| style="background:#dadada; padding-right:1em" | '''Description'''
| style="background:#eaeaea" | Candidates should have experience and knowledge of security issues in use and configuration of Pure-FTPd and vsftpd FTP services.
|}
'''Key Knowledge Areas:'''
* Pure-FTPd configuration and important command line options
* vsftpd configuration
* chroot environments
'''The following is a partial list of the used files, terms and utilities:'''
* SSL/TLS
* vsftp.conf
 
====322.5 OpenSSH====
{|
| style="background:#dadada" | '''Weight'''
| style="background:#eaeaea" | 3
|-
| style="background:#dadada; padding-right:1em" | '''Description'''
| style="background:#eaeaea" | Candidates should have experience and knowledge of security issues in use and configuration of OpenSSH SSH services.
|}
'''Key Knowledge Areas:'''
* OpenSSH configuration and command line tools
* OpenSSH key management and access control
* Awareness of SSH protocol v1 and v2 security issues
'''The following is a partial list of the used files, terms and utilities:'''
* /etc/ssh/
* ~/.ssh/
* ssh-keygen
* ssh-agent
* ssh-vulnkey
 
====322.6 NFSv4====
{|
| style="background:#dadada" | '''Weight'''
| style="background:#eaeaea" | 1
|-
| style="background:#dadada; padding-right:1em" | '''Description'''
| style="background:#eaeaea" | Candidates should have experience and knowledge of security issues in use and configuration of NFSv4 NFS services. Earlier versions of NFS are not required knowledge.
|}
'''Key Knowledge Areas:'''
* NFSv4 security improvements, issues and use
* NFSv4 pseudo file system
* NFSv4 security mechanisms (LIPKEY, SPKM, Kerberos)
'''The following is a partial list of the used files, terms and utilities:'''
* NFSv4 ACLs
* nfs4acl
* RPCSEC_GSS
* /etc/exports
 
====322.7 Syslog====
{|
| style="background:#dadada" | '''Weight'''
| style="background:#eaeaea" | 1
|-
| style="background:#dadada; padding-right:1em" | '''Description'''
| style="background:#eaeaea" | Candidates should have experience and knowledge of security issues in use and configuration of syslog services.
|}
'''Key Knowledge Areas:'''
* syslog security issues
* chroot environments
'''The following is a partial list of the used files, terms and utilities:'''
* remote syslog servers
 
 
===''Topic 323: Operations Security''===
====323.1 Host Configuration Management====
{|
| style="background:#dadada" | '''Weight'''
| style="background:#eaeaea" | 2
|-
| style="background:#dadada; padding-right:1em" | '''Description'''
| style="background:#eaeaea" | Candidates should be familiar with the use of RCS and Puppet for host configuration management.
|}
'''Key Knowledge Areas:'''
* RCS
* Puppet
'''The following is a partial list of the used files, terms and utilities:'''
* RCS
* ci/co
* rcsdiff
* puppet
* puppetd
* puppetmasterd
* /etc/puppet/
 
 
===''Topic 324: Network Security''===
====324.1 Intrusion Detection====
{|
| style="background:#dadada" | '''Weight'''
| style="background:#eaeaea" | 4
|-
| style="background:#dadada; padding-right:1em" | '''Description'''
| style="background:#eaeaea" | Candidates should be familiar with the use and configuration of intrusion detection software.
|}
'''Key Knowledge Areas:'''
* Snort configuration, rules and use
* Tripwire configuration, policies and use
'''The following is a partial list of the used files, terms and utilities:'''
* snort
* snort-stat
* /etc/snort/
* tripwire
* twadmin
* /etc/tripwire/
 
====324.2 Network Security Scanning====
{|
| style="background:#dadada" | '''Weight'''
| style="background:#eaeaea" | 5
|-
| style="background:#dadada; padding-right:1em" | '''Description'''
| style="background:#eaeaea" | Candidates should be familiar with the use and configuration of network security scanning tools.
|}
'''Key Knowledge Areas:'''
* Nessus configuration, NASL and use
* Wireshark filters and use
'''The following is a partial list of the used files, terms and utilities:'''
* nmap
* wireshark
* tshark
* tcpdump
* nessus
* nessus-adduser/nessus-rmuser
* nessusd
* nessus-mkcert
* /etc/nessus
 
====324.3 Network Monitoring====
{|
| style="background:#dadada" | '''Weight'''
| style="background:#eaeaea" | 3
|-
| style="background:#dadada; padding-right:1em" | '''Description'''
| style="background:#eaeaea" | Candidates should be familiar with the use and configuration of network monitoring tools.
|}
'''Key Knowledge Areas:'''
* Nagios configuration and use
* ntop
'''The following is a partial list of the used files, terms and utilities:'''
* ntop
* nagios
* nagiostats
* nagios.cfg and other configuration files
 
====324.4 netfilter/iptables====
{|
| style="background:#dadada" | '''Weight'''
| style="background:#eaeaea" | 5
|-
| style="background:#dadada; padding-right:1em" | '''Description'''
| style="background:#eaeaea" | Candidates should be familiar with the use and configuration of iptables.
|}
'''Key Knowledge Areas:'''
* Iptables packet filtering and network address translation
'''The following is a partial list of the used files, terms and utilities:'''
* iptables
* iptables-save/iptables-restore
 
====324.5 OpenVPN====
{|
| style="background:#dadada" | '''Weight'''
| style="background:#eaeaea" | 3
|-
| style="background:#dadada; padding-right:1em" | '''Description'''
| style="background:#eaeaea" | Candidates should be familiar with the use of OpenVPN.
|}
'''Key Knowledge Areas:'''
* OpenVPN configuration and use
'''The following is a partial list of the used files, terms and utilities:'''
* /etc/openvpn/
* openvpn server and client

LPI Wiki - User contributions [en]

LPIC-303 Objectives V1