LPIC-303 Objectives V1: Difference between revisions
From LPI Wiki
Jump to navigationJump to search
Created page with 'Placeholder for LPIC-3 303 objectives' |
No edit summary |
||
| Line 1: | Line 1: | ||
__FORCETOC__ | |||
==Introduction== | |||
TODO: Need a description for exam here | |||
<br /> | |||
<br /> | |||
==Version Information== | |||
These objectives are version 1.0.0. | |||
<br /> | |||
<br /> | |||
==Objectives== | |||
===''Topic 320: Cryptography''=== | |||
====<span style="color:navy">320.1 OpenSSL</span>==== | |||
{| | |||
| style="background:#dadada" | '''Weight''' | |||
| style="background:#eaeaea" | 4 | |||
|- | |||
| style="background:#dadada; padding-right:1em" | '''Description''' | |||
| style="background:#eaeaea" | Candidates should know how to configure and use OpenSSL. This includes creating your own Certificate Authority and issues SSL certificates for various applications. | |||
|} | |||
'''Key Knowledge Areas:''' | |||
* certificate generation | |||
* key generation | |||
* SSL/TLS client and server tests | |||
'''The following is a partial list of the used files, terms and utilities:''' | |||
* openssl | |||
* RSA, DH and DSA | |||
* SSL | |||
* X.509 | |||
* CSR | |||
* CRL | |||
<br /> | |||
====<span style="color:navy">320.2 Advanced GPG</span>==== | |||
{| | |||
| style="background:#dadada" | '''Weight''' | |||
| style="background:#eaeaea" | 4 | |||
|- | |||
| style="background:#dadada; padding-right:1em" | '''Description''' | |||
| style="background:#eaeaea" | Candidates should know how to use GPG. This includes key generation, signing and publishing to keyservers. Managing multiple private key and IDs is also included. | |||
|} | |||
'''Key Knowledge Areas:''' | |||
* GPG encyption and signing | |||
* private/public key management | |||
* GPG key servers | |||
* GPG configuration | |||
'''The following is a partial list of the used files, terms and utilities:''' | |||
* gpg | |||
* gpgv | |||
* gpg-agent | |||
* ~/.gnupg/ | |||
<br /> | |||
====<span style="color:navy">320.3 Encrypted Filesystems</span>==== | |||
{| | |||
| style="background:#dadada" | '''Weight''' | |||
| style="background:#eaeaea" | 3 | |||
|- | |||
| style="background:#dadada; padding-right:1em" | '''Description''' | |||
| style="background:#eaeaea" | Candidates should be able to setup and configure encrypted filesystems. | |||
|} | |||
'''Key Knowledge Areas:''' | |||
* LUKS | |||
* dm-crypt and awareness of CBC, ESSIV, LRW and XTS modes | |||
'''The following is a partial list of the used files, terms and utilities:''' | |||
* dm-crypt | |||
* cryptmount | |||
* cryptsetup | |||
<br /> | |||
<br /> | |||
===''Topic 321: Access Control''=== | |||
====<span style="color:navy">321.1 Host Based Access Control</span>==== | |||
{| | |||
| style="background:#dadada" | '''Weight''' | |||
| style="background:#eaeaea" | 2 | |||
|- | |||
| style="background:#dadada; padding-right:1em" | '''Description''' | |||
| style="background:#eaeaea" | Candidates should be familiar with basic host based access control such as nsswitch configuration, PAM and password cracking. | |||
|} | |||
'''Key Knowledge Areas:''' | |||
* PAM and PAM configuration files | |||
* password cracking | |||
* nsswitch | |||
'''The following is a partial list of the used files, terms and utilities:''' | |||
* nsswitch.conf | |||
* john | |||
<br /> | |||
====<span style="color:navy">321.2 Extended Attributes and ACLs</span>==== | |||
{| | |||
| style="background:#dadada" | '''Weight''' | |||
| style="background:#eaeaea" | 5 | |||
|- | |||
| style="background:#dadada; padding-right:1em" | '''Description''' | |||
| style="background:#eaeaea" | Candidates are required to understand and know how to use Extended Attributes and Access Control Lists. | |||
|} | |||
'''Key Knowledge Areas:''' | |||
* ACLs | |||
* EAs and attribute classes | |||
'''The following is a partial list of the used files, terms and utilities:''' | |||
* getfacl | |||
* setfacl | |||
* getfattr | |||
* setfattr | |||
<br /> | |||
====<span style="color:navy">321.3 SELinux</span>==== | |||
{| | |||
| style="background:#dadada" | '''Weight''' | |||
| style="background:#eaeaea" | 6 | |||
|- | |||
| style="background:#dadada; padding-right:1em" | '''Description''' | |||
| style="background:#eaeaea" | Candidates should have a thorough knowledge of SELinux. | |||
|} | |||
'''Key Knowledge Areas:''' | |||
* SELinux configuration and command line tools | |||
* TE, RBAC, MAC and DAC concepts and use | |||
'''The following is a partial list of the used files, terms and utilities:''' | |||
* fixfiles/setfiles | |||
* newrole | |||
* setenforce/getenforce | |||
* selinuxenabled | |||
* semanage | |||
* sestatus | |||
* /etc/selinux/ | |||
* /etc/selinux.d/ | |||
<br /> | |||
====<span style="color:navy">321.4 Other Mandatory Access Control Systems</span>==== | |||
{| | |||
| style="background:#dadada" | '''Weight''' | |||
| style="background:#eaeaea" | 2 | |||
|- | |||
| style="background:#dadada; padding-right:1em" | '''Description''' | |||
| style="background:#eaeaea" | Candidates should be familiar with other Mandatory Access Control systems for Linux. This includes major features of these systems but not configuration and use. | |||
|} | |||
'''Key Knowledge Areas:''' | |||
* SMACK | |||
* AppArmor | |||
'''The following is a partial list of the used files, terms and utilities:''' | |||
* SMACK | |||
* AppArmor | |||
<br /> | |||
<br /> | |||
===''Topic 322: Application Security''=== | |||
====<span style="color:navy">322.1 BIND/DNS</span>==== | |||
{| | |||
| style="background:#dadada" | '''Weight''' | |||
| style="background:#eaeaea" | 2 | |||
|- | |||
| style="background:#dadada; padding-right:1em" | '''Description''' | |||
| style="background:#eaeaea" | Candidates should have experience and knowledge of security issues in use and configuration of BIND DNS services. | |||
|} | |||
'''Key Knowledge Areas:''' | |||
* BIND v9 | |||
* BIND vulnerabilities | |||
* chroot environments | |||
'''The following is a partial list of the used files, terms and utilities:''' | |||
* TSIG | |||
* BIND ACLs | |||
* named-checkconf | |||
<br /> | |||
====<span style="color:navy">322.2 Mail Services</span>==== | |||
{| | |||
| style="background:#dadada" | '''Weight''' | |||
| style="background:#eaeaea" | 2 | |||
|- | |||
| style="background:#dadada; padding-right:1em" | '''Description''' | |||
| style="background:#eaeaea" | Candidates should have experience and knowledge of security issues in use and configuration of Postfix mail services. Awareness of security issues in Sendmail is also required but not configuration. | |||
|} | |||
'''Key Knowledge Areas:''' | |||
* Postfix security centric configuration | |||
* securing Sendmail | |||
* chroot environments | |||
'''The following is a partial list of the used files, terms and utilities:''' | |||
* /etc/postfix/ | |||
* TLS | |||
<br /> | |||
====<span style="color:navy">322.3 Apache/HTTP/HTTPS</span>==== | |||
{| | |||
| style="background:#dadada" | '''Weight''' | |||
| style="background:#eaeaea" | 2 | |||
|- | |||
| style="background:#dadada; padding-right:1em" | '''Description''' | |||
| style="background:#eaeaea" | Candidates should have experience and knowledge of security issues in use and configuration of Apache web services. | |||
|} | |||
'''Key Knowledge Areas:''' | |||
* Apache v1 and v2 security centric configuration | |||
'''The following is a partial list of the used files, terms and utilities:''' | |||
* SSL | |||
* .htaccess | |||
* Basic Authentication | |||
* htpasswd | |||
* AllowOverride | |||
<br /> | |||
====<span style="color:navy">322.4 FTP</span>==== | |||
{| | |||
| style="background:#dadada" | '''Weight''' | |||
| style="background:#eaeaea" | 1 | |||
|- | |||
| style="background:#dadada; padding-right:1em" | '''Description''' | |||
| style="background:#eaeaea" | Candidates should have experience and knowledge of security issues in use and configuration of Pure-FTPd and vsftpd FTP services. | |||
|} | |||
'''Key Knowledge Areas:''' | |||
* Pure-FTPd configuration and important command line options | |||
* vsftpd configuration | |||
* chroot environments | |||
'''The following is a partial list of the used files, terms and utilities:''' | |||
* SSL/TLS | |||
* vsftp.conf | |||
<br /> | |||
====<span style="color:navy">322.5 OpenSSH</span>==== | |||
{| | |||
| style="background:#dadada" | '''Weight''' | |||
| style="background:#eaeaea" | 3 | |||
|- | |||
| style="background:#dadada; padding-right:1em" | '''Description''' | |||
| style="background:#eaeaea" | Candidates should have experience and knowledge of security issues in use and configuration of OpenSSH SSH services. | |||
|} | |||
'''Key Knowledge Areas:''' | |||
* OpenSSH configuration and command line tools | |||
* OpenSSH key management and access control | |||
* Awareness of SSH protocol v1 and v2 security issues | |||
'''The following is a partial list of the used files, terms and utilities:''' | |||
* /etc/ssh/ | |||
* ~/.ssh/ | |||
* ssh-keygen | |||
* ssh-agent | |||
* ssh-vulnkey | |||
<br /> | |||
====<span style="color:navy">322.6 NFSv4</span>==== | |||
{| | |||
| style="background:#dadada" | '''Weight''' | |||
| style="background:#eaeaea" | 1 | |||
|- | |||
| style="background:#dadada; padding-right:1em" | '''Description''' | |||
| style="background:#eaeaea" | Candidates should have experience and knowledge of security issues in use and configuration of NFSv4 NFS services. Earlier versions of NFS are not required knowledge. | |||
|} | |||
'''Key Knowledge Areas:''' | |||
* NFSv4 security improvements, issues and use | |||
* NFSv4 pseudo file system | |||
* NFSv4 security mechanisms (LIPKEY, SPKM, Kerberos) | |||
'''The following is a partial list of the used files, terms and utilities:''' | |||
* NFSv4 ACLs | |||
* nfs4acl | |||
* RPCSEC_GSS | |||
* /etc/exports | |||
<br /> | |||
====<span style="color:navy">322.7 Syslog</span>==== | |||
{| | |||
| style="background:#dadada" | '''Weight''' | |||
| style="background:#eaeaea" | 1 | |||
|- | |||
| style="background:#dadada; padding-right:1em" | '''Description''' | |||
| style="background:#eaeaea" | Candidates should have experience and knowledge of security issues in use and configuration of syslog services. | |||
|} | |||
'''Key Knowledge Areas:''' | |||
* syslog security issues | |||
* chroot environments | |||
'''The following is a partial list of the used files, terms and utilities:''' | |||
* remote syslog servers | |||
<br /> | |||
<br /> | |||
===''Topic 323: Operations Security''=== | |||
====<span style="color:navy">323.1 Host Configuration Management</span>==== | |||
{| | |||
| style="background:#dadada" | '''Weight''' | |||
| style="background:#eaeaea" | 2 | |||
|- | |||
| style="background:#dadada; padding-right:1em" | '''Description''' | |||
| style="background:#eaeaea" | Candidates should be familiar with the use of RCS and Puppet for host configuration management. | |||
|} | |||
'''Key Knowledge Areas:''' | |||
* RCS | |||
* Puppet | |||
'''The following is a partial list of the used files, terms and utilities:''' | |||
* RCS | |||
* ci/co | |||
* rcsdiff | |||
* puppet | |||
* puppetd | |||
* puppetmasterd | |||
* /etc/puppet/ | |||
<br /> | |||
<br /> | |||
===''Topic 324: Network Security''=== | |||
====<span style="color:navy">324.1 Intrusion Detection</span>==== | |||
{| | |||
| style="background:#dadada" | '''Weight''' | |||
| style="background:#eaeaea" | 4 | |||
|- | |||
| style="background:#dadada; padding-right:1em" | '''Description''' | |||
| style="background:#eaeaea" | Candidates should be familiar with the use and configuration of intrusion detection software. | |||
|} | |||
'''Key Knowledge Areas:''' | |||
* Snort configuration, rules and use | |||
* Tripwire configuration, policies and use | |||
'''The following is a partial list of the used files, terms and utilities:''' | |||
* snort | |||
* snort-stat | |||
* /etc/snort/ | |||
* tripwire | |||
* twadmin | |||
* /etc/tripwire/ | |||
<br /> | |||
====<span style="color:navy">324.2 Network Security Scanning</span>==== | |||
{| | |||
| style="background:#dadada" | '''Weight''' | |||
| style="background:#eaeaea" | 5 | |||
|- | |||
| style="background:#dadada; padding-right:1em" | '''Description''' | |||
| style="background:#eaeaea" | Candidates should be familiar with the use and configuration of network security scanning tools. | |||
|} | |||
'''Key Knowledge Areas:''' | |||
* Nessus configuration, NASL and use | |||
* Wireshark filters and use | |||
'''The following is a partial list of the used files, terms and utilities:''' | |||
* nmap | |||
* wireshark | |||
* tshark | |||
* tcpdump | |||
* nessus | |||
* nessus-adduser/nessus-rmuser | |||
* nessusd | |||
* nessus-mkcert | |||
* /etc/nessus | |||
<br /> | |||
====<span style="color:navy">324.3 Network Monitoring</span>==== | |||
{| | |||
| style="background:#dadada" | '''Weight''' | |||
| style="background:#eaeaea" | 3 | |||
|- | |||
| style="background:#dadada; padding-right:1em" | '''Description''' | |||
| style="background:#eaeaea" | Candidates should be familiar with the use and configuration of network monitoring tools. | |||
|} | |||
'''Key Knowledge Areas:''' | |||
* Nagios configuration and use | |||
* ntop | |||
'''The following is a partial list of the used files, terms and utilities:''' | |||
* ntop | |||
* nagios | |||
* nagiostats | |||
* nagios.cfg and other configuration files | |||
<br /> | |||
====<span style="color:navy">324.4 netfilter/iptables</span>==== | |||
{| | |||
| style="background:#dadada" | '''Weight''' | |||
| style="background:#eaeaea" | 5 | |||
|- | |||
| style="background:#dadada; padding-right:1em" | '''Description''' | |||
| style="background:#eaeaea" | Candidates should be familiar with the use and configuration of iptables. | |||
|} | |||
'''Key Knowledge Areas:''' | |||
* Iptables packet filtering and network address translation | |||
'''The following is a partial list of the used files, terms and utilities:''' | |||
* iptables | |||
* iptables-save/iptables-restore | |||
<br /> | |||
====<span style="color:navy">324.5 OpenVPN</span>==== | |||
{| | |||
| style="background:#dadada" | '''Weight''' | |||
| style="background:#eaeaea" | 3 | |||
|- | |||
| style="background:#dadada; padding-right:1em" | '''Description''' | |||
| style="background:#eaeaea" | Candidates should be familiar with the use of OpenVPN. | |||
|} | |||
'''Key Knowledge Areas:''' | |||
* OpenVPN configuration and use | |||
'''The following is a partial list of the used files, terms and utilities:''' | |||
* /etc/openvpn/ | |||
* openvpn server and client | |||
Revision as of 00:53, 4 December 2009
Introduction
TODO: Need a description for exam here
Version Information
These objectives are version 1.0.0.
Objectives
Topic 320: Cryptography
320.1 OpenSSL
| Weight | 4 |
| Description | Candidates should know how to configure and use OpenSSL. This includes creating your own Certificate Authority and issues SSL certificates for various applications. |
Key Knowledge Areas:
- certificate generation
- key generation
- SSL/TLS client and server tests
The following is a partial list of the used files, terms and utilities:
- openssl
- RSA, DH and DSA
- SSL
- X.509
- CSR
- CRL
320.2 Advanced GPG
| Weight | 4 |
| Description | Candidates should know how to use GPG. This includes key generation, signing and publishing to keyservers. Managing multiple private key and IDs is also included. |
Key Knowledge Areas:
- GPG encyption and signing
- private/public key management
- GPG key servers
- GPG configuration
The following is a partial list of the used files, terms and utilities:
- gpg
- gpgv
- gpg-agent
- ~/.gnupg/
320.3 Encrypted Filesystems
| Weight | 3 |
| Description | Candidates should be able to setup and configure encrypted filesystems. |
Key Knowledge Areas:
- LUKS
- dm-crypt and awareness of CBC, ESSIV, LRW and XTS modes
The following is a partial list of the used files, terms and utilities:
- dm-crypt
- cryptmount
- cryptsetup
Topic 321: Access Control
321.1 Host Based Access Control
| Weight | 2 |
| Description | Candidates should be familiar with basic host based access control such as nsswitch configuration, PAM and password cracking. |
Key Knowledge Areas:
- PAM and PAM configuration files
- password cracking
- nsswitch
The following is a partial list of the used files, terms and utilities:
- nsswitch.conf
- john
321.2 Extended Attributes and ACLs
| Weight | 5 |
| Description | Candidates are required to understand and know how to use Extended Attributes and Access Control Lists. |
Key Knowledge Areas:
- ACLs
- EAs and attribute classes
The following is a partial list of the used files, terms and utilities:
- getfacl
- setfacl
- getfattr
- setfattr
321.3 SELinux
| Weight | 6 |
| Description | Candidates should have a thorough knowledge of SELinux. |
Key Knowledge Areas:
- SELinux configuration and command line tools
- TE, RBAC, MAC and DAC concepts and use
The following is a partial list of the used files, terms and utilities:
- fixfiles/setfiles
- newrole
- setenforce/getenforce
- selinuxenabled
- semanage
- sestatus
- /etc/selinux/
- /etc/selinux.d/
321.4 Other Mandatory Access Control Systems
| Weight | 2 |
| Description | Candidates should be familiar with other Mandatory Access Control systems for Linux. This includes major features of these systems but not configuration and use. |
Key Knowledge Areas:
- SMACK
- AppArmor
The following is a partial list of the used files, terms and utilities:
- SMACK
- AppArmor
Topic 322: Application Security
322.1 BIND/DNS
| Weight | 2 |
| Description | Candidates should have experience and knowledge of security issues in use and configuration of BIND DNS services. |
Key Knowledge Areas:
- BIND v9
- BIND vulnerabilities
- chroot environments
The following is a partial list of the used files, terms and utilities:
- TSIG
- BIND ACLs
- named-checkconf
322.2 Mail Services
| Weight | 2 |
| Description | Candidates should have experience and knowledge of security issues in use and configuration of Postfix mail services. Awareness of security issues in Sendmail is also required but not configuration. |
Key Knowledge Areas:
- Postfix security centric configuration
- securing Sendmail
- chroot environments
The following is a partial list of the used files, terms and utilities:
- /etc/postfix/
- TLS
322.3 Apache/HTTP/HTTPS
| Weight | 2 |
| Description | Candidates should have experience and knowledge of security issues in use and configuration of Apache web services. |
Key Knowledge Areas:
- Apache v1 and v2 security centric configuration
The following is a partial list of the used files, terms and utilities:
- SSL
- .htaccess
- Basic Authentication
- htpasswd
- AllowOverride
322.4 FTP
| Weight | 1 |
| Description | Candidates should have experience and knowledge of security issues in use and configuration of Pure-FTPd and vsftpd FTP services. |
Key Knowledge Areas:
- Pure-FTPd configuration and important command line options
- vsftpd configuration
- chroot environments
The following is a partial list of the used files, terms and utilities:
- SSL/TLS
- vsftp.conf
322.5 OpenSSH
| Weight | 3 |
| Description | Candidates should have experience and knowledge of security issues in use and configuration of OpenSSH SSH services. |
Key Knowledge Areas:
- OpenSSH configuration and command line tools
- OpenSSH key management and access control
- Awareness of SSH protocol v1 and v2 security issues
The following is a partial list of the used files, terms and utilities:
- /etc/ssh/
- ~/.ssh/
- ssh-keygen
- ssh-agent
- ssh-vulnkey
322.6 NFSv4
| Weight | 1 |
| Description | Candidates should have experience and knowledge of security issues in use and configuration of NFSv4 NFS services. Earlier versions of NFS are not required knowledge. |
Key Knowledge Areas:
- NFSv4 security improvements, issues and use
- NFSv4 pseudo file system
- NFSv4 security mechanisms (LIPKEY, SPKM, Kerberos)
The following is a partial list of the used files, terms and utilities:
- NFSv4 ACLs
- nfs4acl
- RPCSEC_GSS
- /etc/exports
322.7 Syslog
| Weight | 1 |
| Description | Candidates should have experience and knowledge of security issues in use and configuration of syslog services. |
Key Knowledge Areas:
- syslog security issues
- chroot environments
The following is a partial list of the used files, terms and utilities:
- remote syslog servers
Topic 323: Operations Security
323.1 Host Configuration Management
| Weight | 2 |
| Description | Candidates should be familiar with the use of RCS and Puppet for host configuration management. |
Key Knowledge Areas:
- RCS
- Puppet
The following is a partial list of the used files, terms and utilities:
- RCS
- ci/co
- rcsdiff
- puppet
- puppetd
- puppetmasterd
- /etc/puppet/
Topic 324: Network Security
324.1 Intrusion Detection
| Weight | 4 |
| Description | Candidates should be familiar with the use and configuration of intrusion detection software. |
Key Knowledge Areas:
- Snort configuration, rules and use
- Tripwire configuration, policies and use
The following is a partial list of the used files, terms and utilities:
- snort
- snort-stat
- /etc/snort/
- tripwire
- twadmin
- /etc/tripwire/
324.2 Network Security Scanning
| Weight | 5 |
| Description | Candidates should be familiar with the use and configuration of network security scanning tools. |
Key Knowledge Areas:
- Nessus configuration, NASL and use
- Wireshark filters and use
The following is a partial list of the used files, terms and utilities:
- nmap
- wireshark
- tshark
- tcpdump
- nessus
- nessus-adduser/nessus-rmuser
- nessusd
- nessus-mkcert
- /etc/nessus
324.3 Network Monitoring
| Weight | 3 |
| Description | Candidates should be familiar with the use and configuration of network monitoring tools. |
Key Knowledge Areas:
- Nagios configuration and use
- ntop
The following is a partial list of the used files, terms and utilities:
- ntop
- nagios
- nagiostats
- nagios.cfg and other configuration files
324.4 netfilter/iptables
| Weight | 5 |
| Description | Candidates should be familiar with the use and configuration of iptables. |
Key Knowledge Areas:
- Iptables packet filtering and network address translation
The following is a partial list of the used files, terms and utilities:
- iptables
- iptables-save/iptables-restore
324.5 OpenVPN
| Weight | 3 |
| Description | Candidates should be familiar with the use of OpenVPN. |
Key Knowledge Areas:
- OpenVPN configuration and use
The following is a partial list of the used files, terms and utilities:
- /etc/openvpn/
- openvpn server and client
