Linux Network Professional LPIC-2 Exam 202

Network Academy Eğitimlerini İnceleyin!

Linux Network Professional LPIC-2 Exam 202

Topic 207: Domain Name Server
207.1 Basic DNS server configuration

• BIND 9.x configuration files, terms and utilities
• Defining the location of the BIND zone files in BIND configuration files
• Reloading modified configuration and zone files
• Awareness of dnsmasq, djbdns and PowerDNS as alternate name servers

The following is a partial list of the used files, terms and utilities:

• /etc/named.conf
• /var/named/
• /usr/sbin/rndc
• kill
• host
• dig

207.2 Create and maintain DNS zones

• BIND 9 configuration files, terms and utilities
• Utilities to request information from the DNS server
• Layout, content and file location of the BIND zone files
• Various methods to add a new host in the zone files, including reverse zones

Terms and Utilities:

• /var/named/
• zone file syntax
• resource record formats
• dig
• nslookup
• host

207.3 Securing a DNS server

• BIND 9 configuration files
• Configuring BIND to run in a chroot jail
• Split configuration of BIND using the forwarders statement
• Configuring and using transaction signatures (TSIG)
• Awareness of DNSSEC and basic tools

Terms and Utilities:

• /etc/named.conf
• /etc/passwd
• dnssec-keygen
• dnssec-signzone

Topic 208: Web Services
208.1 Implementing a web server

• Apache 2.x configuration files, terms and utilities
• Apache log files configuration and content
• Access restriction methods and files
• mod_perl and PHP configuration
• Client user authentication files and utilities
• Configuration of maximum requests, minimum and maximum servers and clients
• Apache 2.x virtual host implementation (with and without dedicated IP addresses)
• Using redirect statements in Apache’s configuration files to customize file access

Terms and Utilities:

• access logs and error logs
• .htaccess
• httpd.conf
• mod_auth
• htpasswd
• AuthUserFile, AuthGroupFile
• apache2ctl
• httpd

208.2 Apache configuration for HTTPS

• SSL configuration files, tools and utilities
• Ability to generate a server private key and CSR for a commercial CA
• Ability to generate a self-signed Certificate from private CA
• Ability to install the key and Certificate
• Awareness of the issues with Virtual Hosting and use of SSL
• Security issues in SSL use

Terms and Utilities:

• Apache2 configuration files
• /etc/ssl/, /etc/pki/
• openssl,
• SSLEngine, SSLCertificateKeyFile, SSLCertificateFile, SSLCertificateChainFile
• SSLCACertificateFile, SSLCACertificatePath
• SSLProtocol, SSLCipherSuite, ServerTokens, ServerSignature, TraceEnable

208.3 Implementing a proxy server

• Squid 3.x configuration files, terms and utilities
• Access restriction methods
• Client user authentication methods
• Layout and content of ACL in the Squid configuration files

Terms and Utilities:

• squid.conf
• acl
• http_access

208.4 Implementing Nginx as a web server and a reverse proxy

• Nginx
• Reverse Proxy
• Basic Web Server

Terms and Utilities:

• /etc/nginx/
• nginx

Topic 209: File Sharing
209.1 SAMBA Server Configuration

• Samba 3 documentation
• Samba configuration files
• Samba tools and utilities
• Mounting Samba shares on Linux
• Samba daemons
• Mapping Windows usernames to Linux usernames
• User-Level and Share-Level security

Terms and Utilities:

• smbd, nmbd
• smbstatus, testparm, smbpasswd, nmblookup
• smbclient
• net /etc/smb/
• /var/log/samba/

209.2 NFS Server Configuration

• NFS version 3 configuration files
• NFS tools and utilities
• Access restrictions to certain hosts and/or subnets
• Mount options on server and client
• TCP Wrappers
• Awareness of NFSv4

Terms and Utilities:

• /etc/exports
• exportfs
• showmount
• nfsstat
• /proc/mounts
• /etc/fstab
• rpcinfo
• mountd
• portmapper

Topic 210: Network Client Management
210.1 DHCP configuration

• DHCP configuration files, terms and utilities
• Subnet and dynamically-allocated range setup

Terms and Utilities:

• dhcpd.conf
• /var/log/daemon.log and /var/log/messages
• dhcpd.leases
• arp
• dhcpd

210.2 PAM authentication

• PAM configuration files, terms and utilities
• passwd and shadow passwords

Terms and Utilities:

• /etc/pam.d/
• pam.conf
• nsswitch.conf
• pam_unix, pam_cracklib, pam_limits, pam_listfile

210.3 LDAP client usage

• LDAP utilities for data management and queries
• Change user passwords
• Querying the LDAP directory

Terms and Utilities:

• ldapsearch
• ldappasswd
• ldapadd
• ldapdelete

210.4 Configuring an OpenLDAP server

• OpenLDAP
• Access Control
• Distinguished Names
• Changetype Operations
• Schemas and Whitepages
• Directories
• Object IDs, Attributes and Classes
• Awareness of System Security Services Daemon (SSSD)

Terms and Utilities:

• slapd
• slapd.conf
• slapadd
• slapcat
• slapindex
• /var/lib/ldap/
• loglevel

Topic 211: E-Mail Services
211.1 Using e-mail servers

• Configuration files for postfix
• Basic knowledge of the SMTP protocol
• Awareness of sendmail and exim

Terms and Utilities:

• Configuration files and commands for postfix
• /etc/postfix/
• /var/spool/postfix/
• sendmail emulation layer commands
• /etc/aliases
• mail-related logs in /var/log/

211.2 Managing Local E-Mail Delivery

• procmail configuration files, tools and utilities
• Usage of procmail on both server and client side

Terms and Utilities:

• ~/.procmailrc
• /etc/procmailrc
• procmail
• mbox and Maildir formats

211.3 Managing Remote E-Mail Delivery

• Courier IMAP and Courier POP configuration
• Dovecot configuration

Terms and Utilities:

• /etc/courier/
• dovecot.conf

Topic 212: System Security
212.1 Configuring a router

• iptables configuration files, tools and utilities
• Tools, commands and utilities to manage routing tables.
• Private address ranges
• Port redirection and IP forwarding
• List and write filtering and rules that accept or block datagrams based on source or
• Destination protocol, port and address
• Save and reload filtering configurations
• Awareness of ip6tables and filtering

Terms and Utilities:

• /proc/sys/net/ipv4/
• /etc/services
• iptables

212.2 Securing FTP servers

• Configuration files, tools and utilities for Pure-FTPd and vsftpd
• Awareness of ProFTPd
• Understanding of passive vs. active FTP connections

Terms and Utilities:

• vsftpd.conf
• important Pure-FTPd command line options

212.3 Secure shell (SSH)

• OpenSSH configuration files, tools and utilities
• Login restrictions for the superuser and the normal users
• Managing and using server and client keys to login with and without password
• Usage of multiple connections from multiple hosts to guard against loss of connection to remote host following configuration changes

Terms and Utilities:

• ssh
• sshd
• /etc/ssh/sshd_config
• /etc/ssh/
• Private and public key files
• PermitRootLogin, PubKeyAuthentication, AllowUsers, PasswordAuthentication, Protocol

212.4 Security tasks

• Tools and utilities to scan and test ports on a server
• Locations and organizations that report security alerts as Bugtraq, CERT or other sources
• Tools and utilities to implement an intrusion detection system (IDS)
• Awareness of OpenVAS and Snort

Terms and Utilities:

• telnet
• nmap
• fail2ban
• nc
• iptables

212.5 OpenVPN

• OpenVPN

Terms and Utilities:

• /etc/openvpn/
• openvpn