Professional Documents
Culture Documents
Overview of Tasks
To pass Level 1, someone should be able to: 1. Work at the Linux command line 2. Perform easy maintenance tasks: help users, add users to a larger system, backup and restore, shutdown and reboot 3. Install and configure a workstation (including X) and connect it to a LAN, or a standalone PC to the Internet.
Terms and Utilities / (root) filesystem /var filesystem /home filesystem swap space mount points partitions
Key Knowledge Areas Install, re-install, upgrade and remove packages using RPM and YUM. Obtain information on RPM packages such as version, status, dependencies, integrity and signatures. Determine what files a package provides, as well as find which package a specific file comes from. Terms and Utilities rpm rpm2cpio /etc/yum.conf /etc/yum.repos.d/ yum yumdownloader
mkdir mv ls rm rmdir touch tar cpio dd file gzip gunzip bzip2 file globbing
Terms and Utilities & bg fg jobs kill nohup ps top free uptime killall
Key Knowledge Areas Set up a disk quota for a filesystem. Edit, check and generate user quota reports. Terms and Utilities quota edquota repquota quotaon
104.7 Find system files and place files in the correct location
Weight: 2 Description: Candidates should be thouroughly familiar with the Filesystem Hierarchy Standard (FHS), including typical file locations and directory classifications. Key Knowledge Areas Understand the correct locations of files under the FHS. Find files and commands on a Linux system. Know the location and purpose of important file and directories as defined in the FHS. Terms and Utilities find locate updatedb whereis which type /etc/updatedb.conf
Click here for a list of the objectives on this exam that will be updated July 2, 2012.
Key Knowledge Areas Set environment variables (e.g. PATH) at login or when spawning a new shell. Write BASH functions for frequently used sequences of commands. Maintain skeleton directories for new user accounts. Set command search path with the proper directory.
Terms and Utilities /etc/profile env export set unset ~/.bash_profile ~/.bash_login ~/.profile ~/.bashrc ~/.bash_logout function alias lists
Terms and Utilities /etc/inittab xdm configuration files kdm configuration files gdm configuration files
106.3 Accessibility
Weight: 1 Description: Demonstrate knowledge and awareness of accessibility technologies. Key Knowledge Areas Keyboard Accessibility Settings Visual Settings and Themes Assistive Technology (ATs) Terms and Utilities Sticky/Repeat Keys Slow/Bounce/Toggle Keys Mouse Keys High Contrast Desktop Themes Large Print Desktop Themes Screen Reader Braille Display Screen Magnifier On-Screen Keyboard Gestures Orca GOK emacspeak
at atq atrm
Terms and Utilities /usr/share/zoneinfo /etc/timezone /etc/localtime /etc/ntp.conf date hwclock ntpd ntpdate pool.ntp.org
sendmail emulation layer commands newaliases mail mailq postfix sendmail exim qmail
Terms and Utilities CUPS config files, tools and utils /etc/cups lpd legacy interface (lpr, lprm, lpq)
Terms and Utilities /etc/services ftp telnet host ping dig traceroute tracepath
Terms and Utilities ifconfig ifup ifdown route host hostname dig netstat ping traceroute
Understand SSH port tunnels (including X11 tunnels). Terms and Utilities ssh ssh-keygen ssh-agent ssh-add ~/.ssh/id_rsa id_rsa.pub ~/.ssh/id_dsa id_dsa.pub /etc/ssh/ssh_host_rsa_key ssh_host_rsa_key.pub /etc/ssh/ssh_host_dsa_key ssh_host_dsa_key.pub ~/.ssh/authorized_keys /etc/ssh_known_hosts gpg ~/.gnupg/*
LPIC-2
Advanced Level Linux Certification
Status: First published November 29, 2001; last republish, April 2009; latest revision August 2012. Prerequisites: You must have an active LPIC-1 certification to receive LPIC-2 certification, but the LPIC-1 and LPIC-2 exams may be taken in any order. Requirements: Passing exams 201 and 202 Live Now:Exams 201/202 - Refreshed August 2012 (See Below) Next Republish: The next version of the exams goes live October 2013, details here. Important Note:A summary of the changes between V3 (current) and V4 (next version) for publishers and alumni needing to recertify.
Overview of Tasks
To pass Level 2 someone should be able to: Administer a small to medium-sized site Plan, implement, maintain, keep consistent, secure, and troubleshoot a small mixed (MS, Linux) network, including a: LAN server (samba) Internet Gateway (firewall, proxy, mail, news) Internet Server (webserver, FTP server) Supervise assistants
recompiling the Linux kernel as needed, updating and noting changes in a new kernel, creating an initrd image and installing new kernels. Key Knowledge Areas /usr/src/linux/ GRUB configuration files Kernel 2.6.x make targets Kernel 3.x make targets
Terms and Utilities mkinitrd mkinitramfs make make targets (config, xconfig, menuconfig, oldconfig, mrproper, zImage, bzImage, modules, modules_install)
201.4 Customise, build and install a custom kernel and kernel modules
Weight: 2 Description: Candidates should be able to customise, build and install a 2.6 kernel for specific system requirements, by patching, compiling and editing configuration files as required. This objective includes being able to assess requirements for a kernel compile as well as build and configure kernel modules. Key Knowledge Areas Customize the current kernel configuration. Build a new kernel and appropriate kernel modules. Install a new kernel and any modules. Ensure that the boot manager can locate the new kernel and associated files.
/usr/src/linux/ Module configuration files Terms and Utilities patch make module tools /usr/src/linux/* /usr/src/linux/.config /lib/modules/kernel-version/* /boot/*
services at various run levels. A thorough understanding of the init structure and boot process is required. This objective includes interacting with runlevels. Key Knowledge Areas Linux Standard Base Specification (LSB) Terms and Utilities /etc/inittab /etc/init.d/ /etc/rc.d/ chkconfig update-rc.d
Use of UUIDs Terms and Utilities /etc/fstab /etc/mtab /proc/mounts mount and umount sync swapon swapoff
basic feature knowledge of encrypted filesystems Terms and Utilities /etc/auto.master /etc/auto.[dir] mkisofs dd mke2fs
to a local, wired or wireless, and a wide-area network. This objective includes being able to communicate between various subnets within a single network including both IPv4 and IPv6 networks. Key Knowledge Areas Utilities to configure and manipulate ethernet network interfaces Configuring wireless networks Terms and Utilities /sbin/route /sbin/ifconfig /sbin/ip /usr/sbin/arp /sbin/iwconfig /sbin/iwlist
Terms and Utilities /sbin/route /sbin/ifconfig /bin/netstat /bin/ping /usr/sbin/arp /usr/sbin/tcpdump /usr/sbin/lsof /usr/bin/nc /sbin/ip /etc/openvpn/* openvpn nmap wireshark
Terms and Utilities /sbin/ifconfig /sbin/route /bin/netstat /etc/network /etc/sysconfig/network-scripts/ /var/log/syslog /var/log/messages /bin/ping /etc/resolv.conf /etc/hosts /etc/hosts.allow /etc/hosts.deny /etc/hostname /etc/HOSTNAME /bin/hostname /usr/sbin/traceroute /usr/bin/dig /bin/dmesg /usr/bin/host
Terms and Utilities /usr/src/ gunzip gzip bzip2 tar configure make uname install
Partially or fully restore backups. Terms and Utilities /bin/sh cpio dd tar /dev/st* /dev/nst* mt rsync
Various methods to add a new host in the zone files, including reverse zones Terms and Utilities /var/named/* zone file syntax resource record formats dig nslookup host
Terms and Utilities access logs error logs .htaccess httpd.conf mod_auth htpasswd htgroup apache2ctl httpd
Terms and Utilities smbd, nmbd smbstatus testparm smbpasswd nmblookup smbclient net /etc/smb/* /var/log/samba/
Terms and Utilities /etc/exports exportfs showmount nfsstat /proc/mounts /etc/fstab rpcinfo mountd portmapper
Terms and Utilities /etc/pam.d pam.conf nsswitch.conf pam_unix pam_cracklib pam_limits pam_listfile
objective includes configuring port redirection, managing filter rules and averting attacks. Key Knowledge Areas iptables configuration files, tools and utilities Tools, commands and utilities to manage routing tables. Private address ranges Port redirection and IP forwarding List and write filtering and rules that accept or block datagrams based on source or destination protocol, port and address Save and reload filtering configurations Terms and Utilities /proc/sys/net/ipv4 /etc/services iptables routed
Usage of XWindow and other application protocols through SSH tunnels Configuration of ssh-agent Usage of multiple connections from multiple hosts to guard against loss of connection to remote host following configuration changes Terms and Utilities ssh sshd /etc/ssh/sshd_config Private and public key files ~/.ssh/authorized_keys PermitRootLogin PubKeyAuthentication AllowUsers PasswordAuthentication Protocol
sources Tools and utilities to implement an intrusion detection system (IDS) Awareness of OpenVAS Terms and Utilities telnet nmap snort fail2ban nc iptables
Terms and Utilities /boot/ /boot/grub/ GRUB grub-install initrd, initramfs Master boot record /etc/init.d lilo /etc/lilo.conf
Key Knowledge Areas /proc filesystem Various system and daemon log files Content of /, /boot , and /lib/modules Screen output during bootup Kernel syslog entries in system logs (if entry is able to be gained) Tools and utilities to analyse information about the used hardware Tools and utilities to trace software and their system and library calls
Terms and Utilities dmesg /sbin/lspci /usr/bin/lsdev /sbin/lsmod /sbin/modprobe /sbin/insmod /bin/uname strace strings ltrace lsof lsusb
Terms and Utilities /etc/ /etc/inittab /etc/rc.local /etc/rc.boot /var/spool/cron/crontabs/ /etc/login.defs /etc/syslog.conf /etc/passwd /etc/shadow /etc/group /sbin/init /usr/sbin/cron /usr/bin/crontab
LPIC-3
Senior Level Linux Certification
The LPIC-3 certification is the culmination of LPI's certification program. LPIC-3 is designed for the enterprise-level Linux professional. The program has been developed with the advice of hundreds of Linux professionals and some of the world's leading technology companies. It also represents the highest level of professional, distribution-neutral Linux certification within the industry. Important Note: The LPIC-3 certification program is undergoing significant revision to allow for independent specializations in the following: Mixed Environment, Security and Virtualization/High Availability. Please see Rationale of Changes section below
Speciality Details
New Specialties: 300 Mixed Environment (replaces 301 and 302 as of October 2013) Retiring Specialties: 301 Core (retires end of 2013) 302 Mixed Environment (still requires LPI-301 until the exam retires at the end of 2013) Existing Specialties: 303 Security 304 High Availability and Virtualization
Rationale of Changes
LPIC-3 Core (LPI-301) and LPIC-3 Mixed Environments (LPI-302) will remain valid certifications. However, these exams will no longer be necessary for the LPIC-3 certification designation. As of October 1, 2013 any one exam in the 300 series will be sufficient to obtain LPIC3 designation. Prior to October 1, 2013, candidates required the LPI-301 Core to obtain any of the other specialties and LPIC-3 certification. As of October 1, 2013, a LPIC-2 certified professional will be able to obtain LPIC-3 certification status by successfully completing any of the number of specialty exams as outlined below. NOTE: The LPI-301 and LPI-302 exams are being retired at the end of 2013. The LPI-300 exam replaces the pair of exams and also provides the designation of LPIC-3 Mixed Environment.
Description Candidates should be familiar with the server replication available with OpenLDAP. Key Knowledge Areas: Replication concepts. Configure OpenLDAP replication. Analyze replication log files. Understand replica hubs. LDAP referrals. LDAP sync replication. master / slave server multi-master replication consumer replica hub one-shot mode
The following is a partial list of the used files, terms and utilities:
390.2 Securing the Directory (weight: 3) Weight Description 3 Candidates should be able to configure encrypted access to the LDAP directory, and restrict access at the firewall level.
Key Knowledge Areas: Securing the directory with SSL and TLS. Firewall considerations. Unauthenticated access methods. User / password authentication methods. Maintanence of SASL user DB. Client / server certificates. SSL / TLS Security Strength Factors (SSF) SASL proxy authorization StartTLS iptables
The following is a partial list of the used files, terms and utilities:
390.3 OpenLDAP Server Performance Tuning (weight: 2) Weight Description 2 Candidates should be capable of measuring the performance of an LDAP server, and tuning configuration directives
Key Knowledge Areas: Measure OpenLDAP performance. Tune software configuration to increase performance. Understand indexes. The following is a partial list of the used files, terms and utilities: index DB_CONFIG
Key Knowledge Areas: Configure PAM to use LDAP for authentication. Configure NSS to retrieve information from LDAP. Configure PAM modules in various Unix environments. The following is a partial list of the used files, terms and utilities: PAM NSS /etc/pam.d/* /etc/nsswitch.conf
391.2 Integrating LDAP with Active Directory and Kerberos (weight: 2) Weight 2
Description Candidates should be able to integrate LDAP with Active Directory Services. Key Knowledge Areas: Kerberos integration with LDAP. Cross platform authentication. Single sign-on concepts. Integration and compatibility limitations between OpenLDAP and Active Directory. Kerberos Active Directory single sign-on DNS
The following is a partial list of the used files, terms and utilities:
Description Candidates should understand the essential concepts of Samba. As well, the major differences between Samba3 and Samba4 should be known.
Key Knowledge Areas: Understand the roles of the Samba daemons and components. Understand key issues regarding heterogeneous networks. Identify key TCP/UDP ports used with SMB/CIFS. Knowledge of Samba3 and Samba4 differences.
The following is a partial list of the used files, terms and utilities: /etc/services. Samba daemons: smbd, nmbd, samba, winbindd.
392.2 Configure Samba (weight: 4) Weight Description 4 Candidates should be able to configure the Samba daemons for a wide variety of purposes
Key Knowledge Areas: Knowledge of Samba server configuration file structure. Knowledge of Samba variables and configuration parameters. Troubleshoot and debug configuration problems with Samba. The following is a partial list of the used files, terms and utilities: smb.conf. smb.conf parameters. smb.conf variables. testparm. secrets.tdb.
392.3 Regular Samba Maintenance (weight: 2) Weight 2 Candidates should know about the various tools and utilities that are part of a Samba installation.
Description
Key Knowledge Areas: Monitor and interact with running Samba daemons. Perform regular backups of Samba configuration and state data. The following is a partial list of the used files, terms and utilities: smbcontrol. smbstatus. tdbbackup.
392.4 Troubleshooting Samba (weight: 2) Weight Description 2 Candidates should understand the structure of trivial database files and know how troubleshoot problems
Key Knowledge Areas: Configure Samba logging. Backup TDB files. Restore TDB files. Identify TDB file corruption. Edit / list TDB file content. /var/log/samba/* log level. debuglevel. smbpasswd. pdbedit. secrets.tdb. tdbbackup. tdbdump. tdbrestore. tdbtool.
The following is a partial list of the used files, terms and utilities:
392.5 Internationalization (weight: 1) Weight Description 1 Candidates should be able to work with internationalization character codes and code pages
Key Knowledge Areas: Understand internationalization character codes and code pages. Understand the difference in the name space between Windows and Linux/Unix with respect to share, file and directory names in a non-English environment. Understand the difference in the name space between Windows and Linux/Unix with respect to user and group naming in a non-English environment. Understand the difference in the name space between Windows and Linux/Unix with respect to computer naming in a non-English environment. The following is a partial list of the used files, terms and utilities: internationalization. character codes. code pages.
Description Candidates should be able to create and configure file shares in a mixed environment Key Knowledge Areas: Create and configure file sharing. Plan file service migration. Limit access to IPC$. Create scripts for user and group handling of file shares. Samba share access configuration parameters. smb.conf. [homes]. smbcquotas. smbsh. browseable, writeable, valid users, write list, read list, read only and guest ok. IPC$. mount, smbmount.
The following is a partial list of the used files, terms and utilities:
393.2 Linux File System and Share/Service Permissions (weight: 3) Weight Description 3 Candidates should understand file permissions on a Linux file system in a mixed environment
Key Knowledge Areas: Knowledge of file / directory permission control. Understand how Samba interacts with Linux file system permissions and ACLs. Use Samba VFS to store Windows ACLs. The following is a partial list of the used files, terms and utilities: smb.conf. chmod, chown. create mask, directory mask, force create mode, force directory mode. smbcacls. getfacl, setfacl. vfs_acl_xattr, vfs_acl_tdb and vfs objects.
Description Candidates should be able to create and manage print shares in a mixed environment Key Knowledge Areas: Create and configure printer sharing. Configure integration between Samba and CUPS. Manage Windows print drivers and configure downloading of print drivers. Configure [print$]. Understand security concerns with printer sharing. Uploading printer drivers for Point'n'Print driver installation using 'Add Print Driver Wizard' in Windows. smb.conf. [print$]. CUPS. cupsd.conf. /var/spool/samba. smbspool. rpcclient. net.
The following is a partial list of the used files, terms and utilities:
The following is a partial list of the used files, terms and utilities:
394.2 Authentication, Authorization and Winbind (weight: 5) 5 Candidates should understand the various authentication mechanisms and configure Description access control. Candidates should be able to install and configure the Winbind service. Key Knowledge Areas: Setup a local password database Perform password synchronization Knowledge of different passdb backends Convert between Samba passdb backends Integrate Samba with LDAP Configure Winbind service Configure PAM and NSS smb.conf smbpasswd, tdbsam, ldapsam passdb backend libnss_winbind libpam_winbind libpam_smbpass wbinfo getent SID and foreign SID /etc/passwd /etc/group Weight
The following is a partial list of the used files, terms and utilities:
Configure logon scripts Configure roaming profiles Configure system policies The following is a partial list of the used files, terms and utilities: smb.conf security mode server role domain logons domain master logon script logon path NTConfig.pol net profiles add machine script profile acls
395.2 Samba4 as an AD compatible Domain Controller (weight: 3) Weight 3 Description Candidates should be able to configure Samba 4 as an AD Domain Controller Key Knowledge Areas: Configure and test Samba 4 as an AD DC Using smbclient to confirm AD operation Understand how Samba integrates with AD services; DNS, Kerberos, NTP, LDAP The following is a partial list of the used files, terms and utilities: smb.conf server role samba-tool domain (with subcommands) samba
395.3 Configure Samba as a Domain Member Server (weight: 3) 3 Candidates should be able to integrate Linux servers into an environment where Description Active Directory is present Key Knowledge Areas: Joining Samba to an existing NT4 domain Joining Samba to an existing AD domain Ability to obtain a TGT from a KDC The following is a partial list of the used files, terms and utilities: smb.conf server role Weight
The following is a partial list of the used files, terms and utilities:
396.2 Active Directory Name Resolution (weight: 2) Weight 2 Description Candidates should be familiar with the internal DNS server with Samba4. Key Knowledge Areas: Understand and manage DNS for Samba4 as an AD Domain Controller DNS forwarding with the internal DNS sever of Samba4 The following is a partial list of the used files, terms and utilities: samba-tool dns (with subcommands) smb.conf dns forwarder /etc/resolv.conf dig, host
The following is a partial list of the used files, terms and utilities:
397.2 Working with Windows Clients (weight: 2) 2 Clients should be able to interact with remote Windows clients, and configure Description Windows workstations to access file and print services from Linux servers Key Knowledge Areas: Knowledge of Windows clients Explore browse lists and SMB clients from Windows Share file / print resources from Windows Use of the smbclient program Use of the Windows net utility Windows net command smbclient control panel rdesktop workgroup Weight
The following is a partial list of the used files, terms and utilities:
301.3 Schemas
Weight: 3 Description: Candidates should be familiar with schema concepts, and the base schema files included with an OpenLDAP installation. Key Knowledge Areas LDAP schema concepts Create and modify schemas Attribute and object class syntax Terms and Utilities Distributes schema Extended schema Object Identifiers /etc/ldap/schema/* Object class Attribute include directive
Terms and Utilities make gpg rpm dpkg bdb slapd slurpd
with OpenLDAP. Key Knowledge Areas Replication concepts Configure OpenLDAP replication Execute and manage slurpd Analyze replication log files Understand replica hubs LDAP referrals LDAP sync replication
Terms and Utilities slurpd slapd.conf master / slave server consumer replica hub one-shot mode referral syncrepl refreshOnly and refreshAndPersist replog pull-based / push-based synchronization
Terms and Utilities SSL / TLS Security Strength Factors (SSF) SASL proxy authorization StartTLS slapd.conf
iptables
directory. Key Knowledge Areas Use OpenLDAP search tools with basic options Use OpenLDAP search tools with advanced options Optimize LDAP search queries Knowledge of search filters and their syntax
304.3 Whitepages
Weight: 1 Description: Candidates should be able to build and maintain a whitepages service. Key Knowledge Areas Plan whitepages services Configure whitepages services Configure clients to retrieve data from whitepages services
Cross platform authentication Single sign-on concepts Integration and compatibility limitations between OpenLDAP and Active Directory Terms and Utilities Kerberos Active Directory single sign-on DNS
Map client bandwidth usage Terms and Utilities iostat vmstat pstree w lsof top uptime sar
Terms and Utilities PDQ CPU usage memory usage appropriate measurement time
Description: Candidates should be aware of Samba's security modes, and the key roles of the Samba daemons. Key Knowledge Areas Understand Samba security modes Identify roles of core Samba daemons Manage Samba daemons Terms and Utilities User Level Security Share Level Security Domain Security Mode ADS Security Mode smb.conf smbd nmbd winbindd smbcontrol
Key Knowledge Areas Knowledge of Samba server configuration file structure Knowledge of Samba variables and configuration parameters Identify key TCP/UDP ports used with SMB/CIFS Configure Samba logging Troubleshoot and debug problems with Samba
Terms and Utilities smb.conf parameters smb.conf variables /etc/services /var/log/samba/* log level debuglevel testparm smbtar strace
Terms and Utilities smb.conf [homes] browseable, writeable, valid users IPC$ mount, smbmount
Key Knowledge Areas Create and configure printer sharing Configure integration between Samba and CUPS Manage Windows print drivers and configure downloading of print drivers Configure [print$] Understand security concerns with printer sharing Setup and manage print accounting
Terms and Utilities smb.conf [print$] CUPS cupsd.conf /var/spool/samba print accounting smbprngenpdf smbspool
Terms and Utilities primary domain controller backup domain controller domain membership roaming profiles system policies logon scripts Active Directory LDAP trust relationships
312.6 Internationalization
Weight: 1 Description: Candidates should be able to work with internationalization character codes and code pages. Key Knowledge Areas Understand internationalization character codes and code pages Patch and build appropriate code conversion libraries Understand the difference in the name space between Windows and Linux/Unix with respect to user and group naming in a non-English environment Understand the difference in the name space between Windows and Linux/Unix with respect to computer naming in a non-English environment Terms and Utilities internationalization character codes code pages smb.conf code conversion libraries
Description: Candidates should be able to manage user and group accounts in a mixed environment. Key Knowledge Areas Manager user and group accounts Understand user and group mapping Knowledge of user account management tools Use of the smbpasswd program Force ownership of file and directory objects
Terms and Utilities smb.conf /usr/bin/smbpasswd /etc/passwd /etc/group force user, force group idmap
Terms and Utilities smb.conf smbpasswd passdb backend security mask PAM NSS password synchronization LDAP
313.3 Winbind
Weight: 2 Description: Candidates should be able to install and configure the Winbind service. Key Knowledge Areas Install Winbind Configure Winbind Terms and Utilities smb.conf winbindd PAM NSCD SID /etc/passwd /etc/group foreign SID
Description:Candidates should be familiar with NetBIOS/WINS concepts and understand network browsing . Key Knowledge Areas Understand WINS concepts Understand NetBIOS concepts Understand the role of a local master browser Understand the role of a domain master browser Understand the role of Samba as a WINS server Understand name resolution Configure Samba as a WINS server Configure WINS replication Understand NetBIOS browsing, service announcements and elections
Terms and Utilities NetBIOS WINS local master browser domain master browser service announcements elections node types smbclient findsmb name resolve order lmhosts smbtree
Terms and Utilities Windows' net command smbclient mount, smbmount control panel rdesktop workgroup smbget
creating your own Certificate Authority and issues SSL certificates for various applications. Key Knowledge Areas certificate generation key generation SSL/TLS client and server tests Terms and Utilities openssl RSA, DH and DSA SSL X.509 CSR CRL
321.3 SELinux
Weight: 6 Description: Candidates should have a thorough knowledge of SELinux.
Key Knowledge Areas SELinux configuration and command line tools TE, RBAC, MAC and DAC concepts and use Terms and Utilities fixfiles/setfiles newrole setenforce/getenforce selinuxenabled semanage sestatus /etc/selinux/ /etc/selinux.d/
named-checkconf
322.3 Apache/HTTP/HTTPS
Weight: 2 Description: Candidates should have experience and knowledge of security issues in use and configuration of Apache web services. Key Knowledge Areas Apache v1 and v2 security centric configuration Terms and Utilities SSL .htaccess Basic Authentication htpasswd AllowOverride
322.4 FTP
Weight: 1 Description: Candidates should have experience and knowledge of security issues in use and configuration of Pure-FTPd and vsftpd FTP services. Key Knowledge Areas Pure-FTPd configuration and important command line options
322.5 OpenSSH
Weight: 3 Description: Candidates should have experience and knowledge of security issues in use and configuration of OpenSSH SSH services. Key Knowledge Areas OpenSSH configuration and command line tools OpenSSH key management and access control Awareness of SSH protocol v1 and v2 security issues Terms and Utilities /etc/ssh/ ~/.ssh/ ssh-keygen ssh-agent ssh-vulnkey
322.6 NFSv4
Weight: 1 Description: Candidates should have experience and knowledge of security issues in use and configuration of NFSv4 NFS services. Earlier versions of NFS are not required knowledge. Key Knowledge Areas NFSv4 security improvements, issues and use NFSv4 pseudo file system NFSv4 security mechanisms (LIPKEY, SPKM, Kerberos) Terms and Utilities NFSv4 ACLs nfs4acl RPCSEC_GSS /etc/exports
322.7 Syslog
Weight: 1 Description: Candidates should have experience and knowledge of security issues in use and configuration of syslog services. Key Knowledge Areas syslog security issues chroot environments Terms and Utilities remote syslog servers
Key Knowledge Areas Snort configuration, rules and use Tripwire configuration, policies and use Terms and Utilities snort snort-stat /etc/snort/ tripwire twadmin /etc/tripwire/
Terms and Utilities ntop nagios nagiostats nagios.cfg and other configuration files
324.4 netfilter/iptables
Weight: 5 Description: Candidates should be familiar with the use and configuration of iptables. Key Knowledge Areas Iptables packet filtering and network address translation Terms and Utilities iptables-save/iptables-restore
324.5 OpenVPN
Weight: 3 Description: Candidates should be familiar with the use of OpenVPN. Key Knowledge Areas OpenVPN configuration and use Terms and Utilities openvpn server and client
Terms and Utilities Hypervisor HVM(HardwareVirtualMachine) PV(Paravirtualization) domains emulation and simulation CPU flags
330.2 Xen
Weight: 10 Description: Candidates should be able to install, configure, maintain and troubleshoot Xen installations. Key Knowledge Areas Terms and Utilities Xen w/Intel VT Xen w/AMD-V Dom0 DomU GuestOS HostOS xm /etc/xen xmdomain.cfg xentop
330.3 KVM
Weight: 7 Description: Candidates should be able to install, configure, maintain and troubleshoot KVM installations. Key Knowledge Areas Terms and Utilities /proc/cpuinfo kernel modules: kvm kvm-intel kvm-amd /etc/kvm/ kvm-qemu kvm_stat kvm netwoking kvm monitor kvm storage qemu
331.2 HAProxy
Weight: 3 Description: Exam candidates should be able to install, configure, maintain and troubleshoot HAProxy. Key Knowledge Areas HAProxy Terms and Utilities ACLs
331.3 LinuxPMI
Weight: 1 Description: Candidates should understand the concepts of LinuxPMI. Basic experience in the installation of LinuxPMI is also expected. Key Knowledge Areas kernel patching SSI vs MSI Terms and Utilities linuxPMI
Description: Candidates should have experience in advanced features of the Pacemaker cluster management set of technologies. This includes the use of OpenAIS and corosync. Key Knowledge Areas fencing quorum data integrity integration with file systems
Terms and Utilities STONITHd OCFS2 ldirectord softdog OpenAIS and corosync
data integrity integration with file systems integration with LVS Terms and Utilities qdiskd /etc/lvs.cf Piranha GFS Conga