Tuesday, 31 December 2019

LPIC-1 Exam 102: Objectives

LPIC-1 Exam 102-500, LPIC-1 Certifications, LPIC-1 Tutorial and Material, LPIC-1 Guides, LPIC-1 Online Exam

Exam Objectives Version: Version 5.0

Exam Code: 102-500

Also Read: 102-500: LPI Linux Administrator - 102

LPIC-1 Exam 102-500, LPIC-1 Certifications, LPIC-1 Tutorial and Material, LPIC-1 Guides, LPIC-1 Online Exam
About Objective Weights: Each objective is assigned a weighting value. The weights indicate the relative importance of each objective on the exam. Objectives with higher weights will be covered in the exam with more questions.

Exam 102 Objectives


Topic Details 
Topic 105: Shells and Shell Scripting
105.1 Customize and use the shell environment Weight: 4
Description: Candidates should be able to customize shell environments to meet users' needs. Candidates should be able to modify global and user profiles.
Key Knowledge Areas:
- Set environment variables (e.g. PATH) at login or when spawning a new shell.
- Write Bash functions for frequently used sequences of commands.
- Maintain skeleton directories for new user accounts.
- Set command search path with the proper directory.
The following is a partial list of the used files, terms and utilities:
- .
- source
- /etc/bash.bashrc
- /etc/profile
- env
- export
- set
- unset
- ~/.bash_profile
- ~/.bash_login
- ~/.profile
- ~/.bashrc
- ~/.bash_logout
- function
- alias
105.2 Customize or write simple scripts Weight: 4
Description: Candidates should be able to customize existing scripts, or write simple new Bash scripts.
Key Knowledge Areas:
- Use standard sh syntax (loops, tests).
- Use command substitution.
- Test return values for success or failure or other information provided by a command.
- Execute chained commands.
- Perform conditional mailing to the superuser.
- Correctly select the script interpreter through the shebang (#!) line.
- Manage the location, ownership, execution and suid-rights of scripts.
The following is a partial list of the used files, terms and utilities:
- for
- while
- test
- if
- read
- seq
- exec
- ||
- &&
Topic 106: User Interfaces and Desktops
106.1 Install and configure X11 Weight: 2
Description: Candidates should be able to install and configure X11.
Key Knowledge Areas:
- Understanding of the X11 architecture.
- Basic understanding and knowledge of the X Window configuration file.
- Overwrite specific aspects of Xorg configuration, such as keyboard layout.
- Understand the components of desktop environments, such as display managers and window managers.
- Manage access to the X server and display applications on remote X servers.
- Awareness of Wayland.
The following is a partial list of the used files, terms and utilities:
- /etc/X11/xorg.conf
- /etc/X11/xorg.conf.d/
- ~/.xsession-errors
- xhost
- xauth
- DISPLAY
- X
106.2 Graphical Desktops Weight: 1
Description: Candidates should be aware of major Linux desktops. Furthermore, candidates should be aware of protocols used to access remote desktop sessions.
Key Knowledge Areas:
- Awareness of major desktop environments
- Awareness of protocols to access remote desktop sessions
The following is a partial list of the used files, terms and utilities:
- KDE
- Gnome
- Xfce
- X11
- XDMCP
- VNC
- Spice
- RDP
106.3 Accessibility Weight: 1
Description: Demonstrate knowledge and awareness of accessibility technologies.
Key Knowledge Areas:
- Basic knowledge of visual settings and themes.
- Basic knowledge of assistive technology.
The following is a partial list of the used files, terms and utilities:
- High Contrast/Large Print Desktop Themes.
- Screen Reader.
- Braille Display.
- Screen Magnifier.
- On-Screen Keyboard.
- Sticky/Repeat keys.
- Slow/Bounce/Toggle keys.
- Mouse keys.
- Gestures.
- Voice recognition.
Topic 107: Administrative Tasks
107.1 Manage user and group accounts and related system files Weight: 5
Description: Candidates should be able to add, remove, suspend and change user accounts.
Key Knowledge Areas:
- Add, modify and remove users and groups.
- Manage user/group info in password/group databases.
- Create and manage special purpose and limited accounts.
The following is a partial list of the used files, terms and utilities:
- /etc/passwd
- /etc/shadow
- /etc/group
- /etc/skel/
- chage
- getent
- groupadd
- groupdel
- groupmod
- passwd
- useradd
- userdel
- usermod
107.2 Automate system administration tasks by scheduling jobs Weight: 4
Description: Candidates should be able to use cron and systemd timers to run jobs at regular intervals and to use at to run jobs at a specific time.
Key Knowledge Areas:
- Manage cron and at jobs.
- Configure user access to cron and at services.
- Understand systemd timer units.
The following is a partial list of the used files, terms and utilities:
- /etc/cron.{d,daily,hourly,monthly,weekly}/
- /etc/at.deny
- /etc/at.allow
- /etc/crontab
- /etc/cron.allow
- /etc/cron.deny
- /var/spool/cron/
- crontab
- at
- atq
- atrm
- systemctl
- systemd-run
107.3 Localisation and internationalisation Weight: 3
Description: Candidates should be able to localize a system in a different language than English. As well, an understanding of why LANG=C is useful when scripting.
Key Knowledge Areas:
- Configure locale settings and environment variables.
- Configure timezone settings and environment variables.
The following is a partial list of the used files, terms and utilities:
- /etc/timezone
- /etc/localtime
- /usr/share/zoneinfo/
- LC_*
- LC_ALL
- LANG
- TZ
- /usr/bin/locale
- tzselect
- timedatectl
- date
- iconv
- UTF-8
- ISO-8859
- ASCII
- Unicode
 Topic 108: Essential System Services
108.1 Maintain system time Weight: 3
Description: Candidates should be able to properly maintain the system time and synchronize the clock via NTP.
Key Knowledge Areas:
- Set the system date and time.
- Set the hardware clock to the correct time in UTC.
- Configure the correct timezone.
- Basic NTP configuration using ntpd and chrony.
- Knowledge of using the pool.ntp.org service.
- Awareness of the ntpq command.
The following is a partial list of the used files, terms and utilities:
- /usr/share/zoneinfo/
- /etc/timezone
- /etc/localtime
- /etc/ntp.conf
- /etc/chrony.conf
- date
- hwclock
- timedatectl
- ntpd
- ntpdate
- chronyc
- pool.ntp.org
108.2 System logging Weight: 4
Description: Candidates should be able to configure rsyslog. This objective also includes configuring the logging daemon to send log output to a central log server or accept log output as a central log server. Use of the systemd journal subsystem is covered. Also, awareness of syslog and syslog-ng as alternative logging systems is included.
Key Knowledge Areas:
- Basic configuration of rsyslog.
- Understanding of standard facilities, priorities and actions.
- Query the systemd journal.
- Filter systemd journal data by criteria such as date, service or priority.
- Configure persistent systemd journal storage and journal size.
- Delete old systemd journal data.
- Retrieve systemd journal data from a rescue system or file system copy.
- Understand interaction of rsyslog with systemd-journald.
- Configuration of logrotate.
- Awareness of syslog and syslog-ng.
Terms and Utilities:
- /etc/rsyslog.conf
- /var/log/
- logger
- logrotate
- /etc/logrotate.conf
- /etc/logrotate.d/
- journalctl
- systemd-cat
- /etc/systemd/journald.conf
- /var/log/journal/
108.3 Mail Transfer Agent (MTA) basics Weight: 3
Description: Candidates should be aware of the commonly available MTA programs and be able to perform basic forward and alias configuration on a client host. Other configuration files are not covered.
Key Knowledge Areas:
- Create e-mail aliases.
- Configure e-mail forwarding.
- Knowledge of commonly available MTA programs (postfix, sendmail, exim) (no configuration).
Terms and Utilities:
- ~/.forward
- sendmail emulation layer commands
- newaliases
- mail
- mailq
- postfix
- sendmail
- exim
108.4 Manage printers and printing Weight: 2
Description: Candidates should be able to manage print queues and user print jobs using CUPS and the LPD compatibility interface.
Key Knowledge Areas:
- Basic CUPS configuration (for local and remote printers).
- Manage user print queues.
- Troubleshoot general printing problems.
- Add and remove jobs from configured printer queues.
The following is a partial list of the used files, terms and utilities:
- CUPS configuration files, tools and utilities
- /etc/cups/
- lpd legacy interface (lpr, lprm, lpq)
Topic 109: Networking Fundamentals
109.1 Fundamentals of internet protocols  Weight: 4
Description: Candidates should demonstrate a proper understanding of TCP/IP network fundamentals.
Key Knowledge Areas:
- Demonstrate an understanding of network masks and CIDR notation.
- Knowledge of the differences between private and public "dotted quad" IP addresses.
- Knowledge about common TCP and UDP ports and services (20, 21, 22, 23, 25, 53, 80, 110, 123, 139, 143, 161, 162, 389, 443, 465, 514, 636, 993, 995).
- Knowledge about the differences and major features of UDP, TCP and ICMP.
- Knowledge of the major differences between IPv4 and IPv6.
- Knowledge of the basic features of IPv6.
The following is a partial list of the used files, terms and utilities:
- /etc/services
- IPv4, IPv6
- Subnetting
- TCP, UDP, ICMP
109.2 Persistent network configuration Weight: 4
Description: Candidates should be able to manage the persistent network configuration of a Linux host.
Key Knowledge Areas:
- Understand basic TCP/IP host configuration.
- Configure ethernet and wi-fi network configuration using NetworkManager.
- Awareness of systemd-networkd.
The following is a partial list of the used files, terms and utilities:
- /etc/hostname
- /etc/hosts
- /etc/nsswitch.conf
- /etc/resolv.conf
- nmcli
- hostnamectl
- ifup
- ifdown
109.3 Basic network troubleshooting Weight: 4
Description: Candidates should be able to troubleshoot networking issues on client hosts.
Key Knowledge Areas:
- Manually configure network interfaces, including viewing and changing the configuration of network interfaces using iproute2.
- Manually configure routing, including viewing and changing routing tables and setting the default route using iproute2.
- Debug problems associated with the network configuration.
- Awareness of legacy net-tools commands.
The following is a partial list of the used files, terms and utilities:
- ip
- hostname
- ss
- ping
- ping6
- traceroute
- traceroute6
- tracepath
- tracepath6
- netcat
- ifconfig
- netstat
- route
109.4 Configure client side DNS Weight: 2
Description: Candidates should be able to configure DNS on a client host.
Key Knowledge Areas:
- Query remote DNS servers.
- Configure local name resolution and use remote DNS servers.
- Modify the order in which name resolution is done.
- Debug errors related to name resolution.
- Awareness of systemd-resolved.
The following is a partial list of the used files, terms and utilities:
- /etc/hosts
- /etc/resolv.conf
- /etc/nsswitch.conf
- host
- dig
- getent
Topic 110: Security
110.1 Perform security administration tasks  Weight: 3
Description: Candidates should know how to review system configuration to ensure host security in accordance with local security policies.
Key Knowledge Areas:
- Audit a system to find files with the suid/sgid bit set.
- Set or change user passwords and password aging information.
- Being able to use nmap and netstat to discover open ports on a system.
- Set up limits on user logins, processes and memory usage.
- Determine which users have logged in to the system or are currently logged in.
- Basic sudo configuration and usage.
The following is a partial list of the used files, terms and utilities:
- find
- passwd
- fuser
- lsof
- nmap
- chage
- netstat
- sudo
-/etc/sudoers
- su
- usermod
- ulimit
- who, w, last
110.2 Setup host security Weight: 3
Description: Candidates should know how to set up a basic level of host security.
Key Knowledge Areas:
- Awareness of shadow passwords and how they work.
- Turn off network services not in use.
- Understand the role of TCP wrappers.
The following is a partial list of the used files, terms and utilities:
- /etc/nologin
- /etc/passwd
- /etc/shadow
- /etc/xinetd.d/
- /etc/xinetd.conf
- systemd.socket
- /etc/inittab
- /etc/init.d/
- /etc/hosts.allow
- /etc/hosts.deny
110.3 Securing data with encryption Weight: 4
Description: The candidate should be able to use public key techniques to secure data and communication.
Key Knowledge Areas:
- Perform basic OpenSSH 2 client configuration and usage.
- Understand the role of OpenSSH 2 server host keys.
- Perform basic GnuPG configuration, usage and revocation.
- Use GPG to encrypt, decrypt, sign and verify files.
- Understand SSH port tunnels (including X11 tunnels).
The following is a partial list of the used files, terms and utilities:
- ssh
- ssh-keygen
- ssh-agent
- ssh-add
- ~/.ssh/id_rsa and id_rsa.pub
- ~/.ssh/id_dsa and id_dsa.pub
- ~/.ssh/id_ecdsa and id_ecdsa.pub
- ~/.ssh/id_ed25519 and id_ed25519.pub
- /etc/ssh/ssh_host_rsa_key and ssh_host_rsa_key.pub
- /etc/ssh/ssh_host_dsa_key and ssh_host_dsa_key.pub
- /etc/ssh/ssh_host_ecdsa_key and ssh_host_ecdsa_key.pub
- /etc/ssh/ssh_host_ed25519_key and ssh_host_ed25519_key.pub
- ~/.ssh/authorized_keys
- ssh_known_hosts
- gpg
- gpg-agent
- ~/.gnupg/

Saturday, 28 December 2019

rcp Command in Linux with examples

There comes a time while using LINUX when there is a need to copy some information stored in a file to another computer. This can be done simply using rcp command line utility . Obviously there exists some other methods to complete the above mentioned task which are more secure (like scp or rsync) but this command lets you do this in the simple way and a LINUX beginner can use this command to copy files from one computer to another computer.

rcp Command, Linux Tutorial and Materials, Linux Study Materials

Here’s the syntax of rcp command:

// syntax of rcp command

rcp [-p] [-r] file name ... directory


Using rcp command


To simply use the rcp command, just provide the source and destination to rcp command with a colon used to separate the host and the data.

/* using rcp command
to send a file from local
host to remote host */

rcp /mydirectory/kt.txt kartik:one/kt.txt

/* the example
above is to send a file
not to receive a file
from remote host */

What actually happening in the above example is the file named kt.txt whose path is given as /mydirectory/kt.txt is getting transferred from this local path (/mydirectory) that is you can say from a local host to the remote system named kartik and the file on that system will be placed in the directory one(as path one/kt.txt is given).

Options for rcp command


◈ -r : This option is used when there is a need to cpy an entire directory.
◈ -p : This option allows the copy to have the modification times, access times, modes and ACLs if applicable as the original file.
◈ file name : refers to the name of the file.
◈ directory : refers to the name of directory

Examples of using rcp command


◈ Using rcp to receive a file from remote host to local host : In the above example we learnt how to use rcp command to send a file from local host to a remote host. We can use the same rcp command to receive a file from a remote host to a local host like shown below:

/*using rcp command
to receive a file from
a remote host */

rcp kartik:one/kt.txt .

/*the difference in the
syntax of receiving
is just of not using
the source path before
'kartik' i.e the name of
remote system */

The above will transfer a file named kt.txt in one directory from a remote host named kartik to the local host. The . (dot) used at the end is for placing the file kt.txt in the current directory of the local host, obviously you can provide a path of your own choice instead of a dot that is here representing the current directory.

◈ Using rcp with -p option : The rcp command like cp changes the modification time of the destination file to the late time. So, in order to retain the same modification time -p option is used.

//using rcp with -p option

rcp -p kartik:one/kt.txt

◈ Using rcp to copy directories : The rcp allows you to copy directories also when used with -r option.

rcp Command, Linux Tutorial and Materials, Linux Study Materials

/*using -r option
with rcp */

rcp -r localdir kartik:

The above will copy the entire directory localdir along with it sub directories to the HOME directory of remote host named kartik.

◈ Using rcp to copy two files together : this can be done simply just giving the names of two files together. For the sake of simplicity, we are using rcp for transferring the files from a local host to a remote host.

/*using rcp to copy
two files from local
host to remote host */

rcp kt.txt pt.txt kartik:/var/docs

The above will copy the files kt.txt and pt.txt from a local host (no path is specified cause in this case it is assumed that these files are placed in the current directory) to a remote host named kartik in /var/docs.

Note : The rcp command can only be used when both the computers have a .rhosts file in the user’s home directory.

Thursday, 26 December 2019

Linux: Regular Expression in grep

grep Command, Linux Tutorial and Materials, Linux Certifications, Linux Online Exam, Linux Prep

Prerequisite: Grep

Basic Regular Expression


Regular Expression provides an ability to match a “string of text” in a very flexible and concise manner. A “string of text” can be further defined as a single character, word, sentence or particular pattern of characters.

Like the shell’s wild–cards which match similar filenames with a single expression, grep uses an expression of a different sort to match a group of similar patterns.

◉ [ ]: Matches any one of a set characters
◉ [ ] with hyphen: Matches any one of a range characters
◉ ^: The pattern following it must occur at the beginning of each line
◉ ^ with [ ] : The pattern must not contain any character in the set specified
◉ $: The pattern preceding it must occur at the end of each line
◉ . (dot): Matches any one character
◉ \ (backslash): Ignores the special meaning of the character following it
◉ *: zero or more occurrences of the previous character
◉ (dot).*: Nothing or any numbers of characters.

Examples


(a) [ ] : Matches any one of a set characters

1. $grep  “New[abc]”  filename

It specifies the search pattern as :

Newa , Newb or Newc

2. $grep  “[aA]g[ar][ar]wal”  filename

It specifies the search pattern as

Agarwal , Agaawal , Agrawal , Agrrwal

agarwal , agaawal , agrawal , agrrwal

(b) Use [ ] with hyphen: Matches any one of a range characters

1. $grep  “New[a-e]” filename

It specifies the search pattern as

Newa , Newb or Newc , Newd, Newe

2. $grep  “New[0-9][a-z]”  filename

It specifies the search pattern as: New followed by a number and then an alphabet.

New0d, New4f etc

(c ) Use ^: The pattern following it must occur at the beginning of each line

1. $grep  “^san”  filename

Search lines beginning with san. It specifies the search pattern as

sanjeev ,sanjay, sanrit , sanchit , sandeep etc.

2. $ls –l |grep  “^d”

Display list of directories only

3. $ls –l |grep  “^-”

Display list of regular files only

(d) Use ^ with [ ]: The pattern must not contain any character in the set specified

1. $grep  “New[^a-c]”  filename

It specifies the pattern containing the word “New” followed by any character other than an ‘a’,’b’, or ‘c’

2. $grep  “^[^a-z A-Z]”  filename

Search lines beginning with an non-alphabetic character

(e) Use $: The pattern preceding it must occur at the end of each line

$ grep "vedik$" file.txt

(f) Use . (dot): Matches any one character

$ grep "..vik" file.txt
$ grep "7..9$" file.txt

(g) Use \ (backslash): Ignores the special meaning of the character following it

1. $ grep "New\.\[abc\]" file.txt

It specifies the search pattern as New.[abc]

2. $ grep "S\.K\.Kumar" file.txt

It specifies the search pattern as

S.K.Kumar

(h) Use *: zero or more occurrences of the previous character

$ grep "[aA]gg*[ar][ar]wal" file.txt

(i) Use (dot).*: Nothing or any numbers of characters.

$ grep "S.*Kumar" file.txt

Tuesday, 24 December 2019

LPIC-3 Exam 300: Mixed Environment

LPIC-3, Mixed Environment, LPI Study Materials, LPI Guides, LPI Tutorial and Material, LPI Certifications

Exam Objectives Version: Version 1.0

Exam Code: 300-100

About Objective Weights: Each objective is assigned a weighting value. The weights indicate the relative importance of each objective on the exam. Objectives with higher weights will be covered in the exam with more questions.

Exam Topics


LPIC-3, Mixed Environment, LPI Study Materials, LPI Guides, LPI Tutorial and Material, LPI Certifications

Topic 390: OpenLDAP Configuration


390.1 OpenLDAP Replication

Description: Candidates should be familiar with the server replication available with OpenLDAP.

Weight: 3

Key Knowledge Areas:

◈ Replication concepts
◈ Configure OpenLDAP replication
◈ Analyze replication log files
◈ Understand replica hubs
◈ LDAP referrals
◈ LDAP sync replication

The following is a partial list of the used files, terms and utilities:

◈ master / slave server
◈ multi-master replication
◈ consumer
◈ replica hub
◈ one-shot mode
◈ referral
◈ syncrepl
◈ pull-based / push-based synchronization
◈ refreshOnly and refreshAndPersist
◈ replog

390.2 Securing the Directory

Description: Candidates should be able to configure encrypted access to the LDAP directory, and restrict access at the firewall level.

Weight: 3

Key Knowledge Areas:

◈ Securing the directory with SSL and TLS
◈ Firewall considerations
◈ Unauthenticated access methods
◈ User / password authentication methods
◈ Maintanence of SASL user DB
◈ Client / server certificates

Terms and Utilities:

◈ SSL / TLS
◈ Security Strength Factors (SSF)
◈ SASL
◈ proxy authorization
◈ StartTLS
◈ iptables

390.3 OpenLDAP Server Performance Tuning

Weight: 2

Description: Candidates should be capable of measuring the performance of an LDAP server, and tuning configuration directives.

Key Knowledge Areas:

◈ Measure OpenLDAP performance
◈ Tune software configuration to increase performance
◈ Understand indexes

Terms and Utilities:

◈ index
◈ DB_CONFIG

Topic 391: OpenLDAP as an Authentication Backend


391.1 LDAP Integration with PAM and NSS

Weight: 2

Description: Candidates should be able to configure PAM and NSS to retrieve information from an LDAP directory.

Key Knowledge Areas:

◈ Configure PAM to use LDAP for authentication
◈ Configure NSS to retrieve information from LDAP
◈ Configure PAM modules in various Unix environments

Terms and Utilities:

◈ PAM
◈ NSS
◈ /etc/pam.d/
◈ /etc/nsswitch.conf

391.2 Integrating LDAP with Active Directory and Kerberos

Weight: 2

Description: Candidates should be able to integrate LDAP with Active Directory Services.

Key Knowledge Areas:

◈ Kerberos integration with LDAP
◈ Cross platform authentication
◈ Single sign-on concepts
◈ Integration and compatibility limitations between OpenLDAP and Active Directory

Terms and Utilities:

◈ Kerberos
◈ Active Directory
◈ single sign-on
◈ DNS

Topic 392: Samba Basics


392.1 Samba Concepts and Architecture

Weight: 2

Description: Candidates should understand the essential concepts of Samba. As well, the major differences between Samba3 and Samba4 should be known.

Key Knowledge Areas:

◈ Understand the roles of the Samba daemons and components
◈ Understand key issues regarding heterogeneous networks
◈ Identify key TCP/UDP ports used with SMB/CIFS
◈ Knowledge of Samba3 and Samba4 differences

The following is a partial list of the used files, terms and utilities:

◈ /etc/services
◈ Samba daemons: smbd, nmbd, samba, winbindd

392.2 Configure Samba

Weight: 4

Description: Candidates should be able to configure the Samba daemons for a wide variety of purposes.

Key Knowledge Areas:

◈ Knowledge of Samba server configuration file structure
◈ Knowledge of Samba variables and configuration parameters
◈ Troubleshoot and debug configuration problems with Samba

Terms and Utilities:

◈ smb.conf
◈ smb.conf parameters
◈ smb.conf variables
◈ testparm
◈ secrets.tdb

392.3 Regular Samba Maintenance

Weight: 2

Description: Candidates should know about the various tools and utilities that are part of a Samba installation.

Key Knowledge Areas:

◈ Monitor and interact with running Samba daemons
◈ Perform regular backups of Samba configuration and state data

Terms and Utilities:

◈ smbcontrol
◈ smbstatus
◈ tdbbackup

392.4 Troubleshooting Samba

Weight: 2

Description: Candidates should understand the structure of trivial database files and know how troubleshoot problems.

Key Knowledge Areas:

◈ Configure Samba logging
◈ Backup TDB files
◈ Restore TDB files
◈ Identify TDB file corruption
◈ Edit / list TDB file content

Terms and Utilities:

◈ /var/log/samba/
◈ log level
◈ debuglevel
◈ smbpasswd
◈ pdbedit
◈ secrets.tdb
◈ tdbbackup
◈ tdbdump
◈ tdbrestore
◈ tdbtool

392.5 Internationalization

Weight: 1

Description: Candidates should be able to work with internationalization character codes and code pages.

Key Knowledge Areas:

◈ Understand internationalization character codes and code pages
◈ Understand the difference in the name space between Windows and Linux/Unix with respect to share, file and directory names in a non-English environment
◈ Understand the difference in the name space between Windows and Linux/Unix with respect to user and group naming in a non-English environment
◈ Understand the difference in the name space between Windows and Linux/Unix with respect to computer naming in a non-English environment

Terms and Utilities:

◈ internationalization
◈ character codes
◈ code pages
◈ smb.conf
◈ dos charset, display charset and unix charset

Topic 393: Samba Share Configuration


393.1 File Services

Weight: 4

Description: Candidates should be able to create and configure file shares in a mixed environment.

Key Knowledge Areas:

◈ Create and configure file sharing
◈ Plan file service migration
◈ Limit access to IPC$
◈ Create scripts for user and group handling of file shares
◈ Samba share access configuration parameters

Terms and Utilities:

◈ smb.conf
◈ [homes]
◈ smbcquotas
◈ smbsh
◈ browseable, writeable, valid users, write list, read list, read only and guest ok
◈ IPC$
◈ mount, smbmount

393.2 Linux File System and Share/Service Permissions

Weight: 3

Description: Candidates should understand file permissions on a Linux file system in a mixed environment.

Key Knowledge Areas:

◈ Knowledge of file / directory permission control
◈ Understand how Samba interacts with Linux file system permissions and ACLs
◈ Use Samba VFS to store Windows ACLs

Terms and Utilities:

◈ smb.conf
◈ chmod, chown
◈ create mask, directory mask, force create mode, force directory mode
◈ smbcacls
◈ getfacl, setfacl
◈ vfs_acl_xattr, vfs_acl_tdb and vfs objects

393.3 Print Services

Weight: 2

Description: Candidates should be able to create and manage print shares in a mixed environment.

Key Knowledge Areas:

◈ Create and configure printer sharing
◈ Configure integration between Samba and CUPS
◈ Manage Windows print drivers and configure downloading of print drivers
◈ Configure [print$]
◈ Understand security concerns with printer sharing
◈ Uploading printer drivers for Point’n’Print driver installation using ‘Add Print Driver Wizard’ in Windows

Terms and Utilities:

◈ smb.conf
◈ [print$]
◈ CUPS
◈ cupsd.conf
◈ /var/spool/samba/.
◈ smbspool
◈ rpcclient
◈ net

Topic 394: Samba User and Group Management


394.1 Managing User Accounts and Groups

Weight: 4

Description: Candidates should be able to manage user and group accounts in a mixed environment.

Key Knowledge Areas:

◈ Manager user and group accounts
◈ Understand user and group mapping
◈ Knowledge of user account management tools
◈ Use of the smbpasswd program
◈ Force ownership of file and directory objects

Terms and Utilities:

◈ pdbedit
◈ smb.conf
◈ samba-tool user (with subcommands)
◈ samba-tool group (with subcommands)
◈ smbpasswd
◈ /etc/passwd
◈ /etc/group
◈ force user, force group.
◈ idmap

394.2 Authentication, Authorization and Winbind

Weight: 5

Description: Candidates should understand the various authentication mechanisms and configure access control. Candidates should be able to install and configure the Winbind service.

Key Knowledge Areas:

◈ Setup a local password database
◈ Perform password synchronization
◈ Knowledge of different passdb backends
◈ Convert between Samba passdb backends
◈ Integrate Samba with LDAP
◈ Configure Winbind service
◈ Configure PAM and NSS

Terms and Utilities:

◈ smb.conf
◈ smbpasswd, tdbsam, ldapsam
◈ passdb backend
◈ libnss_winbind
◈ libpam_winbind
◈ libpam_smbpass
◈ wbinfo
◈ getent
◈ SID and foreign SID
◈ /etc/passwd
◈ /etc/group

Topic 395: Samba Domain Integration


395.1 Samba as a PDC and BDC

Weight: 3

Description: Candidates should be able to setup and maintain primary and backup domain controllers. Candidates should be able to manage Windows/Linux client access to the NT-Style domains.

Key Knowledge Areas:

◈ Understand and configure domain membership and trust relationships
◈ Create and maintain a primary domain controller with Samba3 and Samba4
◈ Create and maintain a backup domain controller with Samba3 and Samba4
◈ Add computers to an existing domain
◈ Configure logon scripts
◈ Configure roaming profiles
◈ Configure system policies

Terms and Utilities:

◈ smb.conf
◈ security mode
◈ server role
◈ domain logons
◈ domain master
◈ logon script
◈ logon path
◈ NTConfig.pol
◈ net
◈ profiles
◈ add machine script
◈ profile acls

395.2 Samba4 as an AD compatible Domain Controller

Weight: 3

Description: Candidates should be able to configure Samba 4 as an AD Domain Controller.

Key Knowledge Areas:

◈ Configure and test Samba 4 as an AD DC
◈ Using smbclient to confirm AD operation
◈ Understand how Samba integrates with AD services: DNS, Kerberos, NTP, LDAP

Terms and Utilities:

◈ smb.conf
◈ server role
◈ samba-tool domain (with subcommands)
◈ samba

395.3 Configure Samba as a Domain Member Server

Weight: 3

Description: Candidates should be able to integrate Linux servers into an environment where Active Directory is present.

Key Knowledge Areas:

◈ Joining Samba to an existing NT4 domain
◈ Joining Samba to an existing AD domain
◈ Ability to obtain a TGT from a KDC

Terms and Utilities:

◈ smb.conf
◈ server role
◈ server security
◈ net command
◈ kinit, TGT and REALM

Topic 396: Samba Name Services


396.1 NetBIOS and WINS

Weight: 3

Description: Candidates should be familiar with NetBIOS/WINS concepts and understand network browsing.

Key Knowledge Areas:

◈ Understand WINS concepts
◈ Understand NetBIOS concepts
◈ Understand the role of a local master browser
◈ Understand the role of a domain master browser
◈ Understand the role of Samba as a WINS server
◈ Understand name resolution
◈ Configure Samba as a WINS server
◈ Configure WINS replication
◈ Understand NetBIOS browsing and browser elections
◈ Understand NETBIOS name types

Terms and Utilities:

◈ smb.conf
◈ nmblookup
◈ smbclient
◈ name resolve order
◈ lmhosts
◈ wins support, wins server, wins proxy, dns proxy
◈ domain master, os level, preferred master

396.2 Active Directory Name Resolution

Weight: 2

Description: Candidates should be familiar with the internal DNS server with Samba4.

Key Knowledge Areas:

◈ Understand and manage DNS for Samba4 as an AD Domain Controller
◈ DNS forwarding with the internal DNS server of Samba4

Terms and Utilities:

◈ samba-tool dns (with subcommands)
◈ smb.conf
◈ dns forwarder
◈ /etc/resolv.conf
◈ dig, host

Topic 397: Working with Linux and Windows Clients


397.1 CIFS Integration

Weight: 3

Description: Candidates should be comfortable working with CIFS in a mixed environment.

Key Knowledge Areas:

◈ Understand SMB/CIFS concepts
◈ Access and mount remote CIFS shares from a Linux client
◈ Securely storing CIFS credentials
◈ Understand features and benefits of CIFS
◈ Understand permissions and file ownership of remote CIFS shares

Terms and Utilities:

◈ SMB/CIFS
◈ mount, mount.cifs
◈ smbclient
◈ smbget
◈ smbtar
◈ smbtree
◈ findsmb
◈ smb.conf
◈ smbcquotas
◈ /etc/fstab

397.2 Working with Windows Clients

Weight: 2

Description: Candidates should be able to interact with remote Windows clients, and configure Windows workstations to access file and print services from Linux servers.

Key Knowledge Areas:

◈ Knowledge of Windows clients
◈ Explore browse lists and SMB clients from Windows
◈ Share file / print resources from Windows
◈ Use of the smbclient program
◈ Use of the Windows net utility

Terms and Utilities:

◈ Windows net command
◈ smbclient
◈ control panel
◈ rdesktop
◈ workgroup

Saturday, 21 December 2019

The Prides and Perils of Open (Source) Diplomacy

LPI Study Materials, LPI Guides, LPI Learning, LPI Guides, LPI Certifications

Decades of experience in giving speeches, keynotes, and running workshops. Done!

Days of scripting and slide-making, and targeting a highly technical COSCUP audience. Done!

Seventeen hours of a flight to Shanghai followed by a maglev train into the city. Done!

An hour-long presentation about open source education, careers, and opportunities. Done!

Breathe. Now, it was time for the Q&A where the first question from the audience was totally unexpected:

“Why does LPI’s Marketplace have Taiwan listed as a country?”

It took me a moment to collect myself, but the answer came quickly: neutrality, one of LPI’s the core principles of Linux Professional Institure (LPI).

One of the things that has always distinguished LPI from other IT education and certification programs has been neutrality, baked into our mission from day one. No Linux distribution, no vendor, no method of training was to be preferred over others. As we go into our third decade, not only has our commitment to neutrality not diminished, it is more important than ever.

LPI’s recently released BSD Specialist certification program, the result of years of collaboration with the original BSD Certification Group, represents neutrality of open source operating systems. That, and our DevOps programs, takes us beyond our purely-Linux roots, along with other programs under development. Lately, an even more intriguing form of neutrality has become an issue, whether or not we wanted it, that being political neutrality.

The unexpected question posed that day at East China Normal University extracted an answer that was itself quite natural for us. Besides all the other forms of neutrality to which LPI adheres, political neutrality is just as important, if not as high profile.

The TL:DR version of this neutrality is that LPI will offer its programs anywhere we are welcomed and legally allowed to do so. This cuts across political systems, transparency, or human-rights ratings, or any other criteria that won’t put our people in danger. We try to avoid inter-country conflict, working with anyone who wants to work with us. When it comes to naming -- the source of the Shanghai complaint -- we prefer to use the terms that people use to define themselves, while recognizing that even names can cause big difficulties. Sometimes no matter what we do, someone is going to be offended, but our default is to let our community members self-identify.

It’s been a fortunate history that LPI’s legal head office is in Canada, a country with few international hostilities and many free trade agreements. There are very few countries on which Canada has sanctions, and even on that list, most are against specific people or industries rather than the whole country. Consequently, we are able to operate in many places that some would consider controversial, the exam labs recently held in Cuba being a perfect example.

LPI Study Materials, LPI Guides, LPI Learning, LPI Guides, LPI Certifications
LPI has always been about open source, open technology, and people who either work with it or want to work with it. We know that not everyone agrees with the politics of their governments, and even if they do that shouldn’t get in the way of our mission. We believe that open source and open standards (and more openness in general, including more use of Creative Commons) are globally beneficial, directly to practitioners, and indirectly to the societies in which they live. If we and our community are given an opportunity to spread the use of open source and help people make careers using it, we’ll take that opportunity wherever it happens. We’re eager to make partnerships, talk to user groups, and participate in relevant events anywhere we’re welcome  (subject to available resources and planning, of course).

One of our great sources of pride, that makes it into almost every new conversation and presentation, is the fact that there are people who have received LPI certifications in more than 184 countries. That includes Israel and Iran, China and [whatever name for Taiwan you prefer to use], and a whole bunch of hostile neighbours and unpopular governments.

We are not trying to solve world peace, nor are we equipped to do so. In fact, we have been accused, on occasion, of endorsing unliked regimes by working in their countries. But our focus is sharply on the people who love technology and want to make a life working with it. If we can bring them a common passion for software openness, and bring that message home, I think we’re doing some Good.

Source: lpi.org

Thursday, 19 December 2019

Basic Unix and Linux Commands With Examples

Unix Command, Linux Command, LPI Study Materials, LPI Certifications

Learning unix operating system is very easy. It is just that you need to understand the unix server concepts and familiar with the unix commands. Here I am providing some important unix commands which will be used in daily work.

Unix Commands With Examples:

1. Listing files


The first thing after logging into the unix system, everyone does is listing the files in a directory. The ls command is used to list the files in a directory.

>ls

add.sh
logfile.txt
prime.pl

If you simply execute ls on the command prompt, then it will display the files and directories in the current directory.

>ls /usr/local/bin

You can pass a directory as an argument to ls command. In this case, the ls command prints all the files and directories in the specific directory you have passed.

2. Displaying the contents of a file.


The next thing is to display the contents of a file. The cat command is used to display the contents in a file.

>cat file.txt
This is a sample unix file
Learning about unix server is awesome

3. Displaying first few lines from a file.


The head command can be used to print the specified number of lines from the starting of a file. The below head command displays the first five lines of file.

>head -5 logfile.dat

4. Displaying last few lines from a file.


The tail command can be used to print the specified number of lines from the ending of a file. The below tail command displays the last three lines of file.

>tail -3 logfile.dat

5. Changing the directories


The cd command can be used to change from one directory to another directory. You need to specify the target directory where you want to go.

>cd /var/tmp

After typing this cd command you will be in /var/tmp directory.

6. Creating a file.


The touch command simply creates an empty file. The below touch command creates a new file in the current directory.

touch new_file.txt

7. copying the contents of one file into another.


The cp command is used to copy the content of source file into the target file. If the target file already have data, then it will be overwritten.

>cp source_file target_file

8. Creating a directory.


Directories are a way of organizing your files. The mkdir command is used to create the specified directory.

>mkdir backup

This will create the backup directory in the current directory.

Unix Command, Linux Command, LPI Study Materials, LPI Certifications

9. Renaming and moving the files.


The mv command is used to rename the files and it also used for moving the files from one directory into another directory.

Renaming the file.

>mv file.txt new_file.txt

Moving the file to another directory.

>mv new_file.txt tmp/

10. Finding the number of lines in a file


The wc command can be used to find the number of line, words and characters in a file.

>wc logfile.txt
21  26 198 logfile.txt

To know about the unix command, it is always good to see the man pages. To see the man pages simply pass the command as an argument to the man.

man ls

Tuesday, 17 December 2019

Wget command in Linux/Unix

Wget is the non-interactive network downloader which is used to download files from the server even when the user has not logged on to the system and it can work in the background without hindering the current process.

Wget Command, Linux Tutorial and Material, Linux Certifications, Linux Learning, LPI Online Exam

◈ GNU wget is a free utility for non-interactive download of files from the Web. It supports HTTP, HTTPS, and FTP protocols, as well as retrieval through HTTP proxies.

◈ wget is non-interactive, meaning that it can work in the background, while the user is not logged on. This allows you to start a retrieval and disconnect from the system, letting wget finish the work. By contrast, most of the Web browsers require constant user’s presence, which can be a great hindrance when transferring a lot of data.

◈ wget can follow links in HTML and XHTML pages and create local versions of remote web sites, fully recreating the directory structure of the original site. This is sometimes referred to as recursive downloading. While doing that, wget respects the Robot Exclusion Standard (/robots.txt). wget can be instructed to convert the links in downloaded HTML files to the local files for offline viewing.

◈ wget has been designed for robustness over slow or unstable network connections; if a download fails due to a network problem, it will keep retrying until the whole file has been retrieved. If the server supports resuming, it will instruct the server to continue the download from where it left off.


Syntax :


wget [option] [URL]


Example :


1. To simply download a webpage:

wget http://example.com/sample.php

2. To download the file in background

wget -b http://www.example.com/samplepage.php

3. To overwrite the log wile of the wget command

wget http://www.example.com/filename.txt -o /path/filename.txt

4. To resume a partially downloaded file

wget -c http://example.com/samplefile.tar.gz

5. To try a given number of times

wget --tries=10 http://example.com/samplefile.tar.gz


Wget Command, Linux Tutorial and Material, Linux Certifications, Linux Learning, LPI Online Exam

Options :


1. -v / –version : This is used to display the version of the wget available on your system.

Syntax

$wget -v

2. -h / –help : This is used to print a help message displaying all the possible options of the line command that is available with the wget command line options

Syntax

$wget -h [URL]

3. -o logfile : This option is used to direct all the messages generated by the system to the logfile specified by the option and when the process is completed all the messages thus generated are available in the log file. If no log file has been specified then the output messages are redirected to the default log file i.e. wget -log

Syntax

$wget -o logfile [URL]

4. -b / –background : This option is used to send a process to the background as soon as the process has started so that other processes can be carried out. If no output file is specified via the -o option, output is redirected to wget-log by default.

Syntax

$wget -b [URL]

5. -a : This option is used to append the output messages to the current output log file without overwriting the file as in -o option the output log file is overwritten but by using this option the log of the previous command is saved and the current log is written after that of the previous ones.

Syntax

$wget -a logfile [URL]

6. -i : This option is used to read URLs from file. If -i is specified as file, URLs are read from the standard input.If this function is used, no URLs need be present on the command line. If there are URLs both on the command line and in an input file, those on the command lines will be the first ones to be retrieved. The file need not be an HTML document if the URLs are just listed sequentially.

Syntax

$wget -i inputfile
$wget -i inputfile [URL]

7. -t number / –tries=number : This option is used to set number of retries to a specified number of times. Specify 0 or inf for infinite retrying. The default is to retry 20 times, with the exception of fatal errors like connection refused or link not found, which are not retried once the error has occurred.

Syntax

$wget -t number [URL]

8. -c : This option is used to resume a partially downloaded file if the resume capability of the file is yes otherwise the downloading of the file cannot be resume if the resume capability of the given file is no or not specified.

Syntax

$wget -c [URL]

9. -w : This option is used to set the system to wait the specified number of seconds between the retrievals. Use of this option is recommended, as it lightens the server load by making the requests less frequent. Instead of in seconds, the time can be specified in minutes using the m suffix, in hours using h suffix, or in days using d suffix. Specifying a large value for this option is useful if the network or the destination host is down, so that wget can wait long enough to reasonably expect the network error to be fixed before the retry.

Syntax

$wget -w number in seconds [URL]

10. -r : this option is used to turn on the recursive retrieving of the link specified in case of fatal errors also. This option is a recursive call to the given link in the command line.

Syntax

$wget -r [URL]

Saturday, 14 December 2019

LPIC-2 Exam 202: Linux Engineer

202-450 LPIC-2, LPI LPIC-2 Certification, LPIC-2 Certifications, LPIC-2 Linux Engineer, LPIC-2 Practice Test, LPIC-2 Practice Test

Exam Objectives Version: 4.5 (Exam code 202-450).

About Objective Weights: Each objective is assigned a weighting value. The weights indicate the relative importance of each objective on the exam. Objectives with higher weights will be covered in the exam with more questions.

Topic 207: Domain Name Server


207.1 Basic DNS server configuration

Weight: 3

Description: Candidates should be able to configure BIND to function as a caching-only DNS server. This objective includes the ability to manage a running server and configuring logging.

Key Knowledge Areas:

◈ BIND 9.x configuration files, terms and utilities
◈ Defining the location of the BIND zone files in BIND configuration files
◈ Reloading modified configuration and zone files
◈ Awareness of dnsmasq, djbdns and PowerDNS as alternate name servers

The following is a partial list of the used files, terms and utilities:

◈ /etc/named.conf
◈ /var/named/
◈ /usr/sbin/rndc
◈ kill
◈ host
◈ dig

207.2 Create and maintain DNS zones

Weight: 3

Description: Candidates should be able to create a zone file for a forward or reverse zone and hints for root level servers. This objective includes setting appropriate values for records, adding hosts in zones and adding zones to the DNS. A candidate should also be able to delegate zones to another DNS server.

Key Knowledge Areas:

◈ BIND 9 configuration files, terms and utilities
◈ Utilities to request information from the DNS server
◈ Layout, content and file location of the BIND zone files
◈ Various methods to add a new host in the zone files, including reverse zones

Terms and Utilities:

◈ /var/named/
◈ zone file syntax
◈ resource record formats
◈ named-checkzone
◈ named-compilezone
◈ masterfile-format
◈ dig
◈ nslookup
◈ host

207.3 Securing a DNS server

Weight: 2

Description: Candidates should be able to configure a DNS server to run as a non-root user and run in a chroot jail. This objective includes secure exchange of data between DNS servers.

Key Knowledge Areas:

◈ BIND 9 configuration files
◈ Configuring BIND to run in a chroot jail
◈ Split configuration of BIND using the forwarders statement
◈ Configuring and using transaction signatures (TSIG)
◈ Awareness of DNSSEC and basic tools
◈ Awareness of DANE and related records

Terms and Utilities:

◈ /etc/named.conf
◈ /etc/passwd
◈ DNSSEC
◈ dnssec-keygen
◈ dnssec-signzone

Topic 208: Web Services


208.1 Implementing a web server

Weight: 4

Description: Candidates should be able to install and configure a web server. This objective includes monitoring the server’s load and performance, restricting client user access, configuring support for scripting languages as modules and setting up client user authentication. Also included is configuring server options to restrict usage of resources. Candidates should be able to configure a web server to use virtual hosts and customize file access.

Key Knowledge Areas:

◈ Apache 2.4 configuration files, terms and utilities
◈ Apache log files configuration and content
◈ Access restriction methods and files
◈ mod_perl and PHP configuration
◈ Client user authentication files and utilities
◈ Configuration of maximum requests, minimum and maximum servers and clients
◈ Apache 2.4 virtual host implementation (with and without dedicated IP addresses)
◈ Using redirect statements in Apache’s configuration files to customize file access

Terms and Utilities:

◈ access logs and error logs
◈ .htaccess
◈ httpd.conf
◈ mod_auth_basic, mod_authz_host and mod_access_compat
◈ htpasswd
◈ AuthUserFile, AuthGroupFile
◈ apachectl, apache2ctl
◈ httpd, apache2

208.2 Apache configuration for HTTPS

Weight: 3

Description: Candidates should be able to configure a web server to provide HTTPS.

Key Knowledge Areas:

◈ SSL configuration files, tools and utilities
◈ Generate a server private key and CSR for a commercial CA
◈ Generate a self-signed Certificate
◈ Install the key and certificate, including intermediate CAs
◈ Configure Virtual Hosting using SNI
◈ Awareness of the issues with Virtual Hosting and use of SSL
◈ Security issues in SSL use, disable insecure protocols and ciphers

Terms and Utilities:

◈ Apache2 configuration files
◈ /etc/ssl/, /etc/pki/
◈ openssl, CA.pl
◈ SSLEngine, SSLCertificateKeyFile, SSLCertificateFile
◈ SSLCACertificateFile, SSLCACertificatePath
◈ SSLProtocol, SSLCipherSuite, ServerTokens, ServerSignature, TraceEnable

208.3 Implementing a proxy server

Weight: 2

Description: Candidates should be able to install and configure a proxy server, including access policies, authentication and resource usage.

Key Knowledge Areas:

◈ Squid 3.x configuration files, terms and utilities
◈ Access restriction methods
◈ Client user authentication methods
◈ Layout and content of ACL in the Squid configuration files

Terms and Utilities:

◈ squid.conf
◈ acl
◈ http_access

208.4 Implementing Nginx as a web server and a reverse proxy

Weight: 2

Description: Candidates should be able to install and configure a reverse proxy server, Nginx. Basic configuration of Nginx as a HTTP server is included.

Key Knowledge Areas:

◈ Nginx
◈ Reverse Proxy
◈ Basic Web Server

Terms and Utilities:

◈ /etc/nginx/
◈ nginx

Topic 209: File Sharing


209.1 SAMBA Server Configuration

Weight: 5

Description: Candidates should be able to set up a Samba server for various clients. This objective includes setting up Samba as a standalone server as well as integrating Samba as a member in an Active Directory. Furthermore, the configuration of simple CIFS and printer shares is covered. Also covered is a configuring a Linux client to use a Samba server. Troubleshooting installations is also tested.

Key Knowledge Areas:

◈ Samba 4 documentation
◈ Samba 4 configuration files
◈ Samba 4 tools and utilities and daemons
◈ Mounting CIFS shares on Linux
◈ Mapping Windows user names to Linux user names
◈ User-Level, Share-Level and AD security

Terms and Utilities:

◈ smbd, nmbd, winbindd
◈ smbcontrol, smbstatus, testparm, smbpasswd, nmblookup
◈ samba-tool
◈ net
◈ smbclient
◈ mount.cifs
◈ /etc/samba/
◈ /var/log/samba/

209.2 NFS Server Configuration

Weight: 3

Description: Candidates should be able to export filesystems using NFS. This objective includes access restrictions, mounting an NFS filesystem on a client and securing NFS.

Key Knowledge Areas:

◈ NFS version 3 configuration files
◈ NFS tools and utilities
◈ Access restrictions to certain hosts and/or subnets
◈ Mount options on server and client
◈ TCP Wrappers
◈ Awareness of NFSv4

Terms and Utilities:

◈ /etc/exports
◈ exportfs
◈ showmount
◈ nfsstat
◈ /proc/mounts
◈ /etc/fstab
◈ rpcinfo
◈ mountd
◈ portmapper

Topic 210: Network Client Management


210.1 DHCP configuration

Weight: 2

Description: Candidates should be able to configure a DHCP server. This objective includes setting default and per client options, adding static hosts and BOOTP hosts. Also included is configuring a DHCP relay agent and maintaining the DHCP server.

Key Knowledge Areas:

◈ DHCP configuration files, terms and utilities
◈ Subnet and dynamically-allocated range setup
◈ Awareness of DHCPv6 and IPv6 Router Advertisements

Terms and Utilities:

◈ dhcpd.conf
◈ dhcpd.leases
◈ DHCP Log messages in syslog or systemd journal
◈ arp
◈ dhcpd
◈ radvd
◈ radvd.conf

210.2 PAM authentication

Weight: 3

Description: The candidate should be able to configure PAM to support authentication using various available methods. This includes basic SSSD functionality.

Key Knowledge Areas:

◈ PAM configuration files, terms and utilities
◈ passwd and shadow passwords
◈ Use sssd for LDAP authentication

Terms and Utilities:

◈ /etc/pam.d/
◈ pam.conf
◈ nsswitch.conf
◈ pam_unix, pam_cracklib, pam_limits, pam_listfile, pam_sss
◈ sssd.conf

210.3 LDAP client usage

Weight: 2

Description: Candidates should be able to perform queries and updates to an LDAP server. Also included is importing and adding items, as well as adding and managing users.

Key Knowledge Areas:

◈ LDAP utilities for data management and queries
◈ Change user passwords
◈ Querying the LDAP directory

Terms and Utilities:

◈ ldapsearch
◈ ldappasswd
◈ ldapadd
◈ ldapdelete

210.4 Configuring an OpenLDAP server

Weight: 4

Description: Candidates should be able to configure a basic OpenLDAP server including knowledge of LDIF format and essential access controls.

Key Knowledge Areas:

◈ OpenLDAP
◈ Directory based configuration
◈ Access Control
◈ Distinguished Names
◈ Changetype Operations
◈ Schemas and Whitepages
◈ Directories
◈ Object IDs, Attributes and Classes

Terms and Utilities:

◈ slapd
◈ slapd-config
◈ LDIF
◈ slapadd
◈ slapcat
◈ slapindex
◈ /var/lib/ldap/
◈ loglevel

Topic 211: E-Mail Services


211.1 Using e-mail servers

Weight: 4

Description: Candidates should be able to manage an e-mail server, including the configuration of e-mail aliases, e-mail quotas and virtual e-mail domains. This objective includes configuring internal e-mail relays and monitoring e-mail servers.

Key Knowledge Areas:

◈ Configuration files for postfix
◈ Basic TLS configuration for postfix
◈ Basic knowledge of the SMTP protocol
◈ Awareness of sendmail and exim

Terms and Utilities:

◈ Configuration files and commands for postfix
◈ /etc/postfix/
◈ /var/spool/postfix/
◈ sendmail emulation layer commands
◈ /etc/aliases
◈ mail-related logs in /var/log/

211.2 Managing E-Mail Delivery

Weight: 2

Description: Candidates should be able to implement client e-mail management software to filter, sort and monitor incoming user e-mail.

Key Knowledge Areas:

◈ Understanding of Sieve functionality, syntax and operators
◈ Use Sieve to filter and sort mail with respect to sender, recipient(s), headers and size
◈ Awareness of procmail

Terms and Utilities:

◈ Conditions and comparison operators
◈ keep, fileinto, redirect, reject, discard, stop
◈ Dovecot vacation extension

211.3 Managing Remote E-Mail Delivery

Weight: 2

Description: Candidates should be able to install and configure POP and IMAP daemons.

Key Knowledge Areas:

◈ Dovecot IMAP and POP3 configuration and administration
◈ Basic TLS configuration for Dovecot
◈ Awareness of Courier

Terms and Utilities:

◈ /etc/dovecot/
◈ dovecot.conf
◈ doveconf
◈ doveadm

Topic 212: System Security


212.1 Configuring a router

Weight: 3

Description: Candidates should be able to configure a system to forward IP packet and perform network address translation (NAT, IP masquerading) and state its significance in protecting a network. This objective includes configuring port redirection, managing filter rules and averting attacks.

Key Knowledge Areas:

◈ iptables and ip6tables configuration files, tools and utilities
◈ Tools, commands and utilities to manage routing tables.
◈ Private address ranges (IPv4) and Unique Local Addresses as well as Link Local Addresses (IPv6)
◈ Port redirection and IP forwarding
◈ List and write filtering and rules that accept or block IP packets based on source or destination protocol, port and address
◈ Save and reload filtering configurations

Terms and Utilities:

◈ /proc/sys/net/ipv4/
◈ /proc/sys/net/ipv6/
◈ /etc/services
◈ iptables
◈ ip6tables

212.2 Securing FTP servers

Weight: 2

Description: Candidates should be able to configure an FTP server for anonymous downloads and uploads. This objective includes precautions to be taken if anonymous uploads are permitted and configuring user access.

Key Knowledge Areas:

◈ Configuration files, tools and utilities for Pure-FTPd and vsftpd
◈ Awareness of ProFTPd
◈ Understanding of passive vs. active FTP connections

Terms and Utilities:

◈ vsftpd.conf
◈ important Pure-FTPd command line options

212.3 Secure shell (SSH)

Weight: 4

Description: Candidates should be able to configure and secure an SSH daemon. This objective includes managing keys and configuring SSH for users. Candidates should also be able to forward an application protocol over SSH and manage the SSH login.

Key Knowledge Areas:

◈ OpenSSH configuration files, tools and utilities
◈ Login restrictions for the superuser and the normal users
◈ Managing and using server and client keys to login with and without password
◈ Usage of multiple connections from multiple hosts to guard against loss of connection to remote host following configuration changes

Terms and Utilities:

◈ ssh
◈ sshd
◈ /etc/ssh/sshd_config
◈ /etc/ssh/
◈ Private and public key files
◈ PermitRootLogin, PubKeyAuthentication, AllowUsers, PasswordAuthentication, Protocol

212.4 Security tasks

Weight: 3

Description: Candidates should be able to receive security alerts from various sources, install, configure and run intrusion detection systems and apply security patches and bugfixes.

Key Knowledge Areas:

◈ ​Tools and utilities to scan and test ports on a server
◈ Locations and organizations that report security alerts as Bugtraq, CERT or other sources
◈ Tools and utilities to implement an intrusion detection system (IDS)
◈ Awareness of OpenVAS and Snort

Terms and Utilities:

◈ telnet
◈ nmap
◈ fail2ban
◈ nc
◈ iptables

212.5 OpenVPN

Weight: 2

Description: Candidates should be able to configure a VPN (Virtual Private Network) and create secure point-to-point or site-to-site connections.

Key Knowledge Areas:

◈ OpenVPN

Terms and Utilities:

◈ /etc/openvpn/
◈ openvpn

Tuesday, 10 December 2019

The Ultimate Guide to LPI Certifications - Overview

LPI Linux Essentials, LPIC-1, LPIC-1 Certifications, LPIC-2, LPIC-2 Certifications, LPIC-3, LPIC-3 Certifications, LPIC-OT

The Linux Professional Institute (LPI) is a nonprofit organization based in Toronto, Canada that increases the use of Linux, open source and free software. One way in which the organization furthers its mission is to give vendor-neutral Linux certifications to IT professionals around the globe. With "more than 500,000 exams delivered" to candidates LPI stakes a claim as “the world’s first and largest vendor-neutral Linux and open source certification body.”

LPI Certification Overview


The LPI certification program is simple. It includes three certifications that make on one another:

LPIC-1: Linux Administrator the Entry-level accreditation that recognizes individuals who can install and configure a workstation running Linux, maintain the system from the command line and set a primary network
LPIC-2: Linux Engineer Mid-level certification designed for professionals who administer small- to medium-sized mixed networks
LPIC-3: Linux Enterprise Professional the Senior-level accreditation that identifies Linux professionals who plan, conceptualize, design, implement and troubleshoot Linux installations in enterprise environments

LPI Linux Essentials, LPIC-1, LPIC-1 Certifications, LPIC-2, LPIC-2 Certifications, LPIC-3, LPIC-3 Certifications, LPIC-OT
LPI Linux Essentials

◈ What: Ability to use basic console line editor and demonstrate an understanding of processes, programs and components of the Linux Operating System.

◈ How: Pass the LPI 010 exam; 40 multiple-choice questions in 60 minutes.

◈ Cost: $110 USD (1 exam, certificate does not expire). Price may vary per region. Learn More

LPI Linux Essentials, LPIC-1, LPIC-1 Certifications, LPIC-2, LPIC-2 Certifications, LPIC-3, LPIC-3 Certifications, LPIC-OT
LPIC-OT 701: DevOps Tools Engineer

◈ What: Have a working knowledge of DevOps-related domains such as Software Engineering and Architecture, Container and Machine Deployment, Configuration Management and Monitoring.

◈ How: Pass LPI 701 exam; 60 multiple-choice and fill-in-the-blank questions in 90 minutes.

◈ Cost: $200 USD (1 exam, certification valid for 5 years). Price may vary per region. Learn More

LPI Linux Essentials, LPIC-1, LPIC-1 Certifications, LPIC-2, LPIC-2 Certifications, LPIC-3, LPIC-3 Certifications, LPIC-OT
LPIC-1 Certified Linux Administrator

◈ What: Ability to perform maintenance tasks with the command line, install and configure a computer running Linux and be able to configure basic networking.

◈ How: Pass LPI 101 and 102 exams; each exam is 60 multiple-choice and fill-in-the-blank questions in 90 minutes.

◈ Cost: $200 USD per exam (2 exams, certification valid for 5 years). Price may vary per region. Learn More

LPI Linux Essentials, LPIC-1, LPIC-1 Certifications, LPIC-2, LPIC-2 Certifications, LPIC-3, LPIC-3 Certifications, LPIC-OT
LPIC-2 Certified Linux Engineer

◈ What: Ability to administer small to medium–sized mixed networks.

◈ How: Pass LPI 201 and 202 exams; each exam is 60 multiple-choice and fill-in-the-blank questions in 90 minutes. Must also have active LPIC-1 certification.

◈ Cost: $200 USD per exam (2 exams, certification valid for 5 years). Price may vary per region. Learn More

LPI Linux Essentials, LPIC-1, LPIC-1 Certifications, LPIC-2, LPIC-2 Certifications, LPIC-3, LPIC-3 Certifications, LPIC-OT
LPIC-3 300: Linux Enterprise Professional Mixed Environment

◈ What: Ability to integrate Linux services in an enterprise-wide mixed environment.

◈ How: Pass LPI 300 exam; 60 multiple-choice and fill-in-the-blank questions in 90 minutes. Must also have active LPIC-2 certification.

◈ Cost: $200 USD (1 exam, certification valid for 5 years). Price may vary per region. Learn More

LPI Linux Essentials, LPIC-1, LPIC-1 Certifications, LPIC-2, LPIC-2 Certifications, LPIC-3, LPIC-3 Certifications, LPIC-OT
LPIC-3 303: Linux Enterprise Professional Security

◈ What: Ability to secure and harden Linux-based servers, services and networks enterprise-wide.

◈ How: Pass LPI 303 exam; 60 multiple-choice and fill-in-the-blank questions in 90 minutes. Must also have active LPIC-2 certification.

◈ Cost: $200 USD (1 exam, certification valid for 5 years). Price may vary per region. Learn More

LPI Linux Essentials, LPIC-1, LPIC-1 Certifications, LPIC-2, LPIC-2 Certifications, LPIC-3, LPIC-3 Certifications, LPIC-OT
LPIC-3 304: Linux Enterprise Professional Virtualization and High Availability

◈ What: Ability to plan and implement enterprise-wide virtualization and high availability setups using Linux-based technologies.

◈ How: Pass LPI 304 exam; 60 multiple-choice and fill-in-the-blank questions in 90 minutes. Must also have active LPIC-2 certification.

◈ Cost: $200 USD (1 exam, certification valid for 5 years). Price may vary per region. Learn More