Linux Network Professional LPIC-2 Exam 202
Topic 207: Domain Name Server
207.1 Basic DNS server configuration
• BIND 9.x configuration files, terms and utilities
• Defining the location of the BIND zone files in BIND configuration files
• Reloading modified configuration and zone files
• Awareness of dnsmasq, djbdns and PowerDNS as alternate name servers
The following is a partial list of the used files, terms and utilities:
• /etc/named.conf
• /var/named/
• /usr/sbin/rndc
• kill
• host
• dig
207.2 Create and maintain DNS zones
• BIND 9 configuration files, terms and utilities
• Utilities to request information from the DNS server
• Layout, content and file location of the BIND zone files
• Various methods to add a new host in the zone files, including reverse zones
Terms and Utilities:
• /var/named/
• zone file syntax
• resource record formats
• dig
• nslookup
• host
207.3 Securing a DNS server
• BIND 9 configuration files
• Configuring BIND to run in a chroot jail
• Split configuration of BIND using the forwarders statement
• Configuring and using transaction signatures (TSIG)
• Awareness of DNSSEC and basic tools
Terms and Utilities:
• /etc/named.conf
• /etc/passwd
• DNSSEC
• dnssec-keygen
• dnssec-signzone
Topic 208: Web Services
208.1 Implementing a web server
• Apache 2.x configuration files, terms and utilities
• Apache log files configuration and content
• Access restriction methods and files
• mod_perl and PHP configuration
• Client user authentication files and utilities
• Configuration of maximum requests, minimum and maximum servers and clients
• Apache 2.x virtual host implementation (with and without dedicated IP addresses)
• Using redirect statements in Apache’s configuration files to customize file access
Terms and Utilities:
• access logs and error logs
• .htaccess
• httpd.conf
• mod_auth
• htpasswd
• AuthUserFile, AuthGroupFile
• apache2ctl
• httpd
208.2 Apache configuration for HTTPS
• SSL configuration files, tools and utilities
• Ability to generate a server private key and CSR for a commercial CA
• Ability to generate a self-signed Certificate from private CA
• Ability to install the key and Certificate
• Awareness of the issues with Virtual Hosting and use of SSL
• Security issues in SSL use
Terms and Utilities:
• Apache2 configuration files
• /etc/ssl/, /etc/pki/
• openssl, CA.pl
• SSLEngine, SSLCertificateKeyFile, SSLCertificateFile, SSLCertificateChainFile
• SSLCACertificateFile, SSLCACertificatePath
• SSLProtocol, SSLCipherSuite, ServerTokens, ServerSignature, TraceEnable
208.3 Implementing a proxy server
• Squid 3.x configuration files, terms and utilities
• Access restriction methods
• Client user authentication methods
• Layout and content of ACL in the Squid configuration files
Terms and Utilities:
• squid.conf
• acl
• http_access
208.4 Implementing Nginx as a web server and a reverse proxy
• Nginx
• Reverse Proxy
• Basic Web Server
Terms and Utilities:
• /etc/nginx/
• nginx
Topic 209: File Sharing
209.1 SAMBA Server Configuration
• Samba 3 documentation
• Samba configuration files
• Samba tools and utilities
• Mounting Samba shares on Linux
• Samba daemons
• Mapping Windows usernames to Linux usernames
• User-Level and Share-Level security
Terms and Utilities:
• smbd, nmbd
• smbstatus, testparm, smbpasswd, nmblookup
• smbclient
• net /etc/smb/
• /var/log/samba/
209.2 NFS Server Configuration
• NFS version 3 configuration files
• NFS tools and utilities
• Access restrictions to certain hosts and/or subnets
• Mount options on server and client
• TCP Wrappers
• Awareness of NFSv4
Terms and Utilities:
• /etc/exports
• exportfs
• showmount
• nfsstat
• /proc/mounts
• /etc/fstab
• rpcinfo
• mountd
• portmapper
Topic 210: Network Client Management
210.1 DHCP configuration
• DHCP configuration files, terms and utilities
• Subnet and dynamically-allocated range setup
Terms and Utilities:
• dhcpd.conf
• /var/log/daemon.log and /var/log/messages
• dhcpd.leases
• arp
• dhcpd
210.2 PAM authentication
• PAM configuration files, terms and utilities
• passwd and shadow passwords
Terms and Utilities:
• /etc/pam.d/
• pam.conf
• nsswitch.conf
• pam_unix, pam_cracklib, pam_limits, pam_listfile
210.3 LDAP client usage
• LDAP utilities for data management and queries
• Change user passwords
• Querying the LDAP directory
Terms and Utilities:
• ldapsearch
• ldappasswd
• ldapadd
• ldapdelete
210.4 Configuring an OpenLDAP server
• OpenLDAP
• Access Control
• Distinguished Names
• Changetype Operations
• Schemas and Whitepages
• Directories
• Object IDs, Attributes and Classes
• Awareness of System Security Services Daemon (SSSD)
Terms and Utilities:
• slapd
• slapd.conf
• LDIF
• slapadd
• slapcat
• slapindex
• /var/lib/ldap/
• loglevel
Topic 211: E-Mail Services
211.1 Using e-mail servers
• Configuration files for postfix
• Basic knowledge of the SMTP protocol
• Awareness of sendmail and exim
Terms and Utilities:
• Configuration files and commands for postfix
• /etc/postfix/
• /var/spool/postfix/
• sendmail emulation layer commands
• /etc/aliases
• mail-related logs in /var/log/
211.2 Managing Local E-Mail Delivery
• procmail configuration files, tools and utilities
• Usage of procmail on both server and client side
Terms and Utilities:
• ~/.procmailrc
• /etc/procmailrc
• procmail
• mbox and Maildir formats
211.3 Managing Remote E-Mail Delivery
• Courier IMAP and Courier POP configuration
• Dovecot configuration
Terms and Utilities:
• /etc/courier/
• dovecot.conf
Topic 212: System Security
212.1 Configuring a router
• iptables configuration files, tools and utilities
• Tools, commands and utilities to manage routing tables.
• Private address ranges
• Port redirection and IP forwarding
• List and write filtering and rules that accept or block datagrams based on source or
• Destination protocol, port and address
• Save and reload filtering configurations
• Awareness of ip6tables and filtering
Terms and Utilities:
• /proc/sys/net/ipv4/
• /etc/services
• iptables
212.2 Securing FTP servers
• Configuration files, tools and utilities for Pure-FTPd and vsftpd
• Awareness of ProFTPd
• Understanding of passive vs. active FTP connections
Terms and Utilities:
• vsftpd.conf
• important Pure-FTPd command line options
212.3 Secure shell (SSH)
• OpenSSH configuration files, tools and utilities
• Login restrictions for the superuser and the normal users
• Managing and using server and client keys to login with and without password
• Usage of multiple connections from multiple hosts to guard against loss of connection to remote host following configuration changes
Terms and Utilities:
• ssh
• sshd
• /etc/ssh/sshd_config
• /etc/ssh/
• Private and public key files
• PermitRootLogin, PubKeyAuthentication, AllowUsers, PasswordAuthentication, Protocol
212.4 Security tasks
• Tools and utilities to scan and test ports on a server
• Locations and organizations that report security alerts as Bugtraq, CERT or other sources
• Tools and utilities to implement an intrusion detection system (IDS)
• Awareness of OpenVAS and Snort
Terms and Utilities:
• telnet
• nmap
• fail2ban
• nc
• iptables
212.5 OpenVPN
• OpenVPN
Terms and Utilities:
• /etc/openvpn/
• openvpn