Linux Enterprise Professional Certification LPIC-3

Network Academy Eğitimlerini İnceleyin!

Linux Enterprise Professional Certification LPIC-3

LPIC-3 LPI’s Multi-level Linux Professional, programın sonucu sertifikasyonudur. En üst düzeyi temsil etmektedir.

Önkoşul: LPIC-3 sertifikası almak için aktif bir LPIC-2 yetki belgesine sahip olunmalıdır.

Sertifikasyon İçin Geçilmesi Gereken Sınavlar: LPIC-3 özel sınavlarından(300, 303 ya da 304) birini geçmeniz gereklidir.

LPIC-3 300: Mixed Environments

Topic 390: OpenLDAP Configuration
390.1 OpenLDAP Replication

• Replication concepts
• Configure OpenLDAP replication
• Analyze replication log files
• Understand replica hubs
• LDAP referrals
• LDAP sync replication

The following is a partial list of the used files, terms and utilities:

• master / slave server
• multi-master replication
• consumer
• replica hub
• one-shot mode
• referral
• syncrepl
• pull-based / push-based synchronization
• refreshOnly and refreshAndPersist
• replog

390.2 Securing the Directory

• Securing the directory with SSL and TLS
• Firewall considerations
• Unauthenticated access methods
• User / password authentication methods
• Maintanence of SASL user DB
• Client / server certificates

Terms and Utilities:

• SSL / TLS
• Security Strength Factors (SSF)
• SASL
• proxy authorization
• StartTLS
• iptables

390.3 OpenLDAP Server Performance Tuning

• Measure OpenLDAP performance
• Tune software configuration to increase performance
• Understand indexes

Terms and Utilities:

• index
• DB_CONFIG

Topic 391: OpenLDAP as an Authentication Backend
391.1 LDAP Integration with PAM and NSS

• Configure PAM to use LDAP for authentication
• Configure NSS to retrieve information from LDAP
• Configure PAM modules in various Unix environments

Terms and Utilities:

• PAM
• NSS
• /etc/pam.d/
• /etc/nsswitch.conf

391.2 Integrating LDAP with Active Directory and Kerberos

• Kerberos integration with LDAP
• Cross platform authentication
• Single sign-on concepts
• Integration and compatibility limitations between OpenLDAP and Active Directory

Terms and Utilities:

• Kerberos
• Active Directory
• single sign-on
• DNS

Topic 392: Samba Basics
392.1 Samba Concepts and Architecture

• Understand the roles of the Samba daemons and components
• Understand key issues regarding heterogeneous network
• Identify key TCP/UDP ports used with SMB/CIFS
• Knowledge of Samba3 and Samba4 differences

Terms and Utilities:

• /etc/services
• Samba daemons: smbd, nmbd, samba, winbindd

392.2 Configure Samba

• Knowledge of Samba server configuration file structure
• Knowledge of Samba variables and configuration parameters
• Troubleshoot and debug configuration problems with Samba

Terms and Utilities:

• smb.conf
• smb.conf parameters
• smb.conf variables
• testparm
• secrets.tdb

392.3 Regular Samba Maintenance

• Monitor and interact with running Samba daemons
• Perform regular backups of Samba configuration and state data

Terms and Utilities:

• smbcontrol
• smbstatus
• tdbbackup

392.4 Troubleshooting Samba

• Configure Samba logging
• Backup TDB files
• Restore TDB files
• Identify TDB file corruption
• Edit / list TDB file content

Terms and Utilities:

• /var/log/samba/.
• log level
• debuglevel
• smbpasswd
• pdbedit
• secrets.tdb
• tdbbackup
• tdbdump
• tdbrestore
• tdbtool

392.5 Internationalization

• Understand internationalization character codes and code pages
• Understand the difference in the name space between Windows and Linux/Unix with respect to share, file and directory names in a non-English environment
• Understand the difference in the name space between Windows and Linux/Unix with respect to user and group naming in a non-English environment
• Understand the difference in the name space between Windows and Linux/Unix with respect to computer naming in a non-English environment

Terms and Utilities:

• internationalization
• character codes
• code pages
• smb.conf
• dos charset, display charset and unix charset

Topic 393: Samba Share Configuration
393.1 File Services

• Create and configure file sharing
• Plan file service migration
• Limit access to IPC$
• Create scripts for user and group handling of file shares
• Samba share access configuration parameters

Terms and Utilities:

• smb.conf
• [homes
] • smbcquotas
• smbsh
• browseable, writeable, valid users, write list, read list, read only and guest ok
• IPC$
• mount, smbmount

393.2 Linux File System and Share/Service Permissions

• Knowledge of file / directory permission control
• Understand how Samba interacts with Linux file system permissions and ACLs
• Use Samba VFS to store Windows ACLs

Terms and Utilities:

• smb.conf
• chmod, chown
• create mask, directory mask, force create mode, force directory mode
• smbcacls
• getfacl, setfacl
• vfs_acl_xattr, vfs_acl_tdb and vfs objects

393.3 Print Services

• Create and configure printer sharing
• Configure integration between Samba and CUPS
• Manage Windows print drivers and configure downloading of print drivers
• Configure [print$]
• Understand security concerns with printer sharing
• Uploading printer drivers for Point’n’Print driver installation using ‘Add Print Driver Wizard’ in Windows

Terms and Utilities:

• smb.conf
• [print$]
• CUPS
• cupsd.conf
• /var/spool/samba/.
• smbspool
• rpcclient
• net

Topic 394: Samba User and Group Management
394.1 Managing User Accounts and Groups

• Manager user and group accounts
• Understand user and group mapping
• Knowledge of user account management tools
• Use of the smbpasswd program
• Force ownership of file and directory objects

Terms and Utilities:

• pdbedit
• smb.conf
• samba-tool user (with subcommands)
• samba-tool group (with subcommands)
• smbpasswd
• /etc/passwd
• /etc/group
• force user, force group.
• idmap

394.2 Authentication, Authorization and Winbind

• Setup a local password database
• Perform password synchronization
• Knowledge of different passdb backends
• Convert between Samba passdb backends
• Integrate Samba with LDAP
• Configure Winbind service
• Configure PAM and NSS

Terms and Utilities:

• smb.conf
• smbpasswd, tdbsam, ldapsam
• passdb backend
• libnss_winbind
• libpam_winbind
• libpam_smbpass
• wbinfo
• getent
• SID and foreign SID
• /etc/passwd
• /etc/group

Topic 395: Samba Domain Integration
395.1 Samba as a PDC and BDC

• Understand and configure domain membership and trust relationships
• Create and maintain a primary domain controller with Samba3 and Samba4
• Create and maintain a backup domain controller with Samba3 and Samba4
• Add computers to an existing domain
• Configure logon scripts
• Configure roaming profiles
• Configure system policies

Terms and Utilities:

• smb.conf
• security mode
• server role
• domain logons
• domain master
• logon script
• logon path
• NTConfig.pol
• net
• profiles
• add machine script
• profile acls

395.2 Samba4 as an AD compatible Domain

• Configure and test Samba 4 as an AD DC
• Using smbclient to confirm AD operation
• Understand how Samba integrates with AD services: DNS, Kerberos, NTP, LDAP

Terms and Utilities:

• smb.conf
• server role
• samba-tool domain (with subcommands)
• samba

395.3 Configure Samba as a Domain Member Server

• Joining Samba to an existing NT4 domain
• Joining Samba to an existing AD domain
• Ability to obtain a TGT from a KDC

Terms and Utilities:

• smb.conf
• server role
• server security
• net command
• kinit, TGT and REALM

Topic 396: Samba Name Services
396.1 NetBIOS and WINS

• Understand WINS concepts
• Understand NetBIOS concepts
• Understand the role of a local master browser
• Understand the role of a domain master browser
• Understand the role of Samba as a WINS server
• Understand name resolution
• Configure Samba as a WINS server
• Configure WINS replication
• Understand NetBIOS browsing and browser elections
• Understand NETBIOS name types

Terms and Utilities:

• smb.conf
• nmblookup
• smbclient
• name resolve order
• lmhosts
• wins support, wins server, wins proxy, dns proxy
• domain master, os level, preferred master

396.2 Active Directory Name Resolution

• Understand and manage DNS for Samba4 as an AD Domain Controller
• DNS forwarding with the internal DNS server of Samba4

Terms and Utilities:

• samba-tool dns (with subcommands)
• smb.conf
• dns forwarder
• /etc/resolv.conf
• dig, host

Topic 397: Working with Linux and Windows Clients
397.1 CIFS Integration

• Understand SMB/CIFS concepts
• Access and mount remote CIFS shares from a Linux client
• Securely storing CIFS credentials
• Understand features and benefits of CIFS
• Understand permissions and file ownership of remote CIFS shares

Terms and Utilities:

• SMB/CIFS
• mount, mount.cifs
• smbclient
• smbget
• smbtar
• smbtree
• findsmb
• smb.conf
• smbcquotas
• /etc/fstab

397.2 Working with Windows Clients

• Knowledge of Windows clients
• Explore browse lists and SMB clients from Windows
• Share file / print resources from Windows
• Use of the smbclient program
• Use of the Windows net utility

Terms and Utilities:

• Windows net command
• smbclient
• control panel
• rdesktop
• workgroup

LPIC-3 303: Security

Topic 325: Cryptography
325.1 X.509 Certificates and Public Key Infrastructures

• Understand X.509 certificates, X.509 certificate lifecycle, X.509 certificate fields and X.509v3 certificate extensions
• Understand trust chains and public key infrastructures
• Generate and manage public and private keys
• Create, operate and secure a certification authority
• Request, sign and manage server and client certificates
• Revoke certificates and certification authorities

The following is a partial list of the used files, terms and utilities:

• openssl, including relevant subcommands
• OpenSSL configuration
• PEM, DER, PKCS
• CSR
• CRL
• OCSP

325.2 X.509 Certificates for Encryption, Signing and Authentication

• Understand SSL, TLS and protocol versions
• Understand common transport layer security threats, for example Man-in-the-Middle
• Configure Apache HTTPD with mod_ssl to provide HTTPS service, including SNI and HSTS
• Configure Apache HTTPD with mod_ssl to authenticate users using certificates
• Configure Apache HTTPD with mod_ssl to provide OCSP stapling
• Use OpenSSL for SSL/TLS client and server tests

Terms and Utilities:

• Intermediate certification authorities
• Cipher configuration (no cipher-specific knowledge)
• httpd.conf
• mod_ssl
• openssl

325.3 Encrypted File Systems

• Understand block device and file system encryption
• Use dm-crypt with LUKS to encrypt block devices
• Use eCryptfs to encrypt file systems, including home directories and
• PAM integration
• Be aware of plain dm-crypt and EncFS

Terms and Utilities:

• cryptsetup
• cryptmount
• /etc/crypttab
• ecryptfsd
• ecryptfs-* commands
• mount.ecryptfs, umount.ecryptfs
• pam_ecryptfs

325.4 DNS and Cryptography

• Understanding of DNSSEC and DANE
• Configure and troubleshoot BIND as an authoritative name server serving DNSSEC secured zones
• Configure BIND as an recursive name server that performs DNSSEC validation on behalf of its clients
• Key Signing Key, Zone Signing Key, Key Tag
• Key generation, key storage, key management and key rollover
• Maintenance and re-signing of zones
• Use DANE to publish X.509 certificate information in DNS
• Use TSIG for secure communication with BIND

Terms and Utilities:

• DNS, EDNS, Zones, Resource Records
• DNS resource records: DS, DNSKEY, RRSIG, NSEC, NSEC3, NSEC3PARAM, TLSA
• DO-Bit, AD-Bit
• TSIG
• named.conf
• dnssec-keygen
• dnssec-signzone
• dnssec-settime
• dnssec-dsfromkey
• rndc
• dig
• delv
• openssl

Topic 326: Host Security
326.1 Host Hardening

• Configure BIOS and boot loader (GRUB 2) security
• Disable useless software and services
• Use sysctl for security related kernel configuration, particularly ASLR,
• Exec-Shield and IP / ICMP configuration
• Limit resource usage
• Work with chroot environments
• Drop unnecessary capabilities
• Be aware of the security advantages of virtualization

Terms and Utilities:

• grub.cfg
• chkconfig, systemctl
• ulimit
• /etc/security/limits.conf
• pam_limits.so
• chroot
• sysctl
• /etc/sysctl.conf

326.2 Host Intrusion Detection

• Use and configure the Linux Audit system
• Use chkrootkit
• Use and configure rkhunter, including updates
• Use Linux Malware Detect
• Automate host scans using cron
• Configure and use AIDE, including rule management
• Be aware of OpenSCAP

Terms and Utilities:

• auditd
• auditctl
• ausearch, aureport
• /etc/auditd/auditd.conf
• /etc/auditd/auditd.rules
• pam_tty_audit.so
• chkrootkit
• rkhunter
• /etc/rkhunter.conf
• maldet
• conf.maldet
• aide
• /etc/aide/aide.conf

326.3 User Management and Authentication

• Understand and configure NSS
• Understand and configure PAM
• Enforce password complexity policies and periodic password changes
• Lock accounts automatically after failed login attempts
• Configure and use SSSD
• Configure NSS and PAM for use with SSSD
• Configure SSSD authentication against Active Directory, IPA, LDAP,
• Kerberos and local domains
• Obtain and manage Kerberos tickets

Terms and Utilities:

• nsswitch.conf
• /etc/login.defs
• pam_cracklib.so
• chage
• pam_tally.so, pam_tally2.so
• faillog
• pam_sss.so
• sssd
• sssd.conf
• sss_* commands
• krb5.conf
• kinit, klist, kdestroy

326.4 FreeIPA Installation and Samba Integration

• Understand FreeIPA, including its architecture and components
• Understand system and configuration prerequisites for installing FreeIPA
• Install and manage a FreeIPA server and domain
• Understand and configure Active Directory replication and Kerberos cross-realm trusts
• Be aware of sudo, autofs, SSH and SELinux integration in FreeIPA

Terms and Utilities:

• 389 Directory Server, MIT Kerberos, Dogtag Certificate System, NTP, DNS, SSSD, certmonger
• ipa, including relevant subcommands
• ipa-server-install, ipa-client-install, ipa-replica-install
• ipa-replica-prepare, ipa-replica-manage

Topic 327: Access Control
327.1 Discretionary Access Control

• Understand and manage file ownership and permissions, including SUID and SGID
• Understand and manage access control lists
• Understand and manage extended attributes and attribute classes
Terms and Utilities:

• getfacl
• setfacl
• getfattr
• setfattr
327.2 Mandatory Access Control

• Understand the concepts of TE, RBAC, MAC and DAC
Configure, manage and use SELinux
Be aware of AppArmor and Smack

Terms and Utilities:

• getenforce, setenforce, selinuxenabled
• getsebool, setsebol, togglesebool
• fixfiles, restorecon, setfiles
• newrole, runcon
• semanage
• sestatus, seinfo
• apol
• seaudit, seaudit-report, audit2why, audit2allow
• /etc/selinux/*

327.3 Network File Systems

• Understand NFSv4 security issues and improvements
• Configure NFSv4 server and clients
• Understand and configure NFSv4 authentication mechanisms (LIPKEY, SPKM, Kerberos)
• Understand and use NFSv4 pseudo file system
• Understand and use NFSv4 ACLs
• Configure CIFS clients
• Understand and use CIFS Unix Extensions
• Understand and configure CIFS security modes (NTLM, Kerberos)
• Understand and manage mapping and handling of CIFS ACLs and SIDs in a Linux system

Terms and Utilities:

• /etc/exports
• /etc/idmap.conf
• nfs4acl
• mount.cifs parameters related to ownership, permissions and security modes
• winbind
• getcifsacl, setcifsacl

Topic 328: Network Security
328.1 Network Hardening

• Configure FreeRADIUS to authenticate network nodes
• Use nmap to scan networks and hosts, including different scan methods
• Use Wireshark to analyze network traffic, including filters and statistics
• Identify and deal with rogue router advertisements and DHCP messages

Terms and Utilities:

• radiusd
• radmin
• radtest, radclient
• radlast, radwho
• radiusd.conf
• /etc/raddb/*
• nmap
• wireshark
• tshark
• tcpdump
• ndpmon

328.2 Network Intrusion Detection

• Implement bandwidth usage monitoring
• Configure and use Snort, including rule management
• Configure and use OpenVAS, including NASL

Terms and Utilities:

• ntop
• Cacti
• snort
• snort-stat
• /etc/snort/*
• openvas-adduser, openvas-rmuser
• openvas-nvt-sync
• openvassd
• openvas-mkcert
• /etc/openvas/*

328.3 Packet Filtering

• Understand common firewall architectures, including DMZ
• Understand and use netfilter, iptables and ip6tables, including standard modules, tests and targets
• Implement packet filtering for both IPv4 and IPv6
• Implement connection tracking and network address translation
• Define IP sets and use them in netfilter rules
• Have basic knowledge of nftables and nft
• Have basic knowledge of ebtables
• Be aware of conntrackd

Terms and Utilities:

• iptables
• ip6tables
• iptables-save, iptables-restore
• ip6tables-save, ip6tables-restore
• ipset
• nft
• ebtables

328.4 Virtual Private Networks

• Configure and operate OpenVPN server and clients for both bridged and routed VPN networks
• Configure and operate IPsec server and clients for routed VPN networks using IPsec-Tools / racoon
• Awareness of L2TP

Terms and Utilities:

• /etc/openvpn/*
• openvpn server and client
• setkey
• /etc/ipsec-tools.conf
/etc/racoon/racoon.conf

LPIC-3 304: Virtualization & High Availability

Topic 330: Virtualization
330.1 Virtualization Concepts and Theory

• Terminology
• Pros and Cons of Virtualization
• Variations of Virtual Machine Monitors
• Migration of Physical to Virtual Machines
• Migration of Virtual Machines between Host systems
• Cloud Computing

The following is a partial list of the used files, terms and utilities:

• Hypervisor
• Hardware Virtual Machine (HVM)
• Paravirtualization (PV)
• Container Virtualization
• Emulation and Simulation
• CPU flags
• /proc/cpuinfo
• Migration (P2V, V2V)
• IaaS, PaaS, SaaS

330.2 Xen

• Xen architecture, networking and storage
• Xen configuration
• Xen utilities
• Troubleshooting Xen installations
• Basic knowledge of XAPI
• Awareness of XenStore
• Awareness of Xen Boot Parameters
• Awareness of the xm utility

Terms and Utilities:

• Domain0 (Dom0), DomainU (DomU)
• PV-DomU, HVM-DomU
• /etc/xen/
• xl
• xl.cfg
• xl.conf
• xe
• xentop

330.3 KVM

• KVM architecture, networking and storage
• KVM configuration
• KVM utilities
• Troubleshooting KVM installations

Terms and Utilities:

• Kernel modules: kvm, kvm-intel and kvm-amd
• /etc/kvm/
• /dev/kvm
• kvm
• KVM monitor
• qemu
• qemu-img

330.4 Other Virtualization Solutions

• Basic knowledge of OpenVZ and LXC
• Awareness of other virtualization technologies
• Basic knowledge of virtualization provisioning tools

Terms and Utilities:

• OpenVZ
• VirtualBox
• LXC
• docker
• packer
• vagrant

330.5 Libvirt and Related Tools

• libvirt architecture, networking and storage
• Basic technical knowledge of libvirt and virsh
• Awareness of oVirt

Terms and Utilities:

• libvirtd
• /etc/libvirt/
• virsh
• oVirt

330.6 Cloud Management Tools

• Basic feature knowledge of OpenStack and CloudStack
• Awareness of Eucalyptus and OpenNebula
Terms and Utilities:

• OpenStack
• CloudStack
• Eucalyptus
• OpenNebula

Topic 334: High Availability Cluster Management
334.1 High Availability Concepts and Theory

• Understand the most important cluster architectures
• Understand recovery and cluster reorganization mechanisms
• Design an appropriate cluster architecture for a given purpose
• Application aspects of high availability
• Operational considerations of high availability

Terms and Utilities:

• Active/Passive Cluster, Active/Active Cluster
• Failover Cluster, Load Balanced Cluster
• Shared-Nothing Cluster, Shared-Disk Cluster
• Cluster resources
• Cluster services
• Quorum
• Fencing
• Split brain
• Redundancy
• Mean Time Before Failure (MTBF)
• Mean Time To Repair (MTTR)
• Service Level Agreement (SLA)
• Disaster Recovery
• Replication
• Session handling

334.2 Load Balanced Clusters

• Understanding of LVS / IPVS
• Basic knowledge of VRRP
• Configuration of keepalived
• Configuration of ldirectord
• Backend server network configuration
• Understanding of HAProxy
• Configuration of HAProxy

Terms and Utilities:

• ipvsadm
• syncd
• LVS Forwarding (NAT, Direct Routing, Tunneling, Local Node)
• connection scheduling algorithms
• keepalived configuration file
• ldirectord configuration file
• genhash
• HAProxy configuration file
• load balancing algorithms
• ACLs

334.3 Failover Clusters

• Pacemaker architecture and components (CIB, CRMd, PEngine, LRMd, DC, STONITHd)
• Pacemaker cluster configuration
• Resource classes (OCF, LSB, Systemd, Upstart, Service, STONITH, Nagios)
• Resource rules and constraints (location, order, colocation)
• Advanced resource features (templates, groups, clone resources, multi-state resources)
• Pacemaker management using pcs
• Pacemaker management using crmsh
• Configuration and Management of corosync in conjunction with Pacemaker
• Awareness of other cluster engines (OpenAIS, Heartbeat, CMAN)

Terms and Utilities:

• pcs
• crm
• crm_mon
• crm_verify
• crm_simulate
• crm_shadow
• crm_resource
• crm_attribute
• crm_node
• crm_standby
• cibadmin
• corosync.conf
• authkey
• corosync-cfgtool
• corosync-cmapctl
• corosync-quorumtool
• stonith_admin

334.4 High Availability in Enterprise Linux Distributions

• Basic knowledge of Red Hat Enterprise Linux High Availability Add-On
• Basic knowledge of SUSE Linux Enterprise High Availability Extension

Terms and Utilities:

• Distribution specific configuration tools
• Integration of cluster engines, load balancers, storage technology, cluster filesystems, etc.

Topic 335: High Availability Cluster Storage
335.1 DRBD / cLVM

• Understanding of DRBD resources, states and replication modes
• Configuration of DRBD resources, networking, disks and devices
• Configuration of DRBD automatic recovery and error handling
• Management of DRBD using drbdadm
• Basic knowledge of drbdsetup and drbdmeta
• Integration of DRBD with Pacemaker
• cLVM
• Integration of cLVM with Pacemaker

Terms and Utilities:

• Protocol A, B and C
• Primary, Secondary
• Three-way replication
• drbd kernel module
• drbdadm
• drbdsetup
• drbdmeta
• /etc/drbd.conf
• /proc/drbd
• LVM2
• clvmd
• vgchange, vgs

335.2 Clustered File Systems

• Understand the principles of cluster file systems
• Create, maintain and troubleshoot GFS2 file systems in a cluster
• Create, maintain and troubleshoot OCFS2 file systems in a cluster
• Integration of GFS2 and OCFS2 with Pacemaker
• Awareness of the O2CB cluster stack
• Awareness of other commonly used clustered file systems

Terms and Utilities:

• Distributed Lock Manager (DLM)
• mkfs.gfs2
• mount.gfs2
• fsck.gfs2
• gfs2_grow
• gfs2_edit
• gfs2_jadd
• mkfs.ocfs2
• mount.ocfs2
• fsck.ocfs2
• tunefs.ocfs2
• mounted.ocfs2
• o2info
• o2image
• CephFS
• GlusterFS
• AFS

EĞİTİM BİLGİ TALEP FORMU

Mesajınız