مدیریت سطح سوم لینوکس LPIC 303
LPIC-3 303: امنیت
این آزمون از سری برنامه های آموزشی LPI در سطوح حرفه ای مدیریت سیستم های لینوکس است و به مدیریت حرفه ای لینوکس با تاکید بر مبحث امنیت می پردازد.
نسخه سرفصل های آزمون: شامل نسخه 1.0 و 5/1 (آخرین تغییر در 4 دسامبر 2014 – معتبر تا 30 ژوئن 2016) – سرفصل های نسخه 2 هم اکنون منتشرشده است که آزمون مربوطه از ابتدای 2016 قابل ارائه می باشد.
آزمون: شامل یک آزمون LPIC-3 303
پیش نیاز: اعتبار مدارک LPIC-1 و LPIC-2
درباره وزن سرفصل ها: هر قسمت از سرفصل ها دارای یک وزن مشخص شده (از 1 تا 10) می باشد. هر سرفصل با وزن بالاتر، تعداد سوالات بیشتری را در آزمون خواهد داشت.
عناوین سرفصل ها:
320- رمزنگاری
321- کنترل دسترسی
323- امنیت برنامه های کاربردی
324- امنیت عملیاتی
325- امنیت شبکه
سرفصل های آزمون LPIC3 – 303:
Topic 320: Cryptography
320.1 OpenSSL Weight: 4 Description: Candidates should know how to configure and use OpenSSL. This includes creating your own Certificate Authority and issues SSL certificates for various applications.
Key Knowledge Areas: Certificate generation Key generation
SSL/TLS client and server tests
The following is a partial list of the used files, terms and utilities:
- openssl
- RSA, DH and DSA
- SSL
- 509
- CSR
- CRL
320.2 Advanced GPG
Weight: 4
Description: Candidates should know how to use GPG. This includes key generation, signing and publishing to keyservers. Managing multiple private key and IDs is also included.
Key Knowledge Areas:
- GPG encryption and signing
- Private/public key management
- GPG key servers
- GPG configuration
Terms and Utilities:
- gpg
- gpgv
- gpg-agent
- ~/.gnupg/
320.3 Encrypted Filesystems
Weight: 3
Description: Candidates should be able to setup and configure encrypted filesystems.
Key Knowledge Areas:
- LUKS
- dm-crypt and awareness of CBC, ESSIV, LRW and XTS modes
Terms and Utilities:
- dm-crypt
- cryptmount
- cryptsetup
Topic 321: Access Control
321.1 Host Based Access Control
Weight: 2
Description: Candidates should be familiar with basic host based access control such as nsswitch configuration, PAM and password cracking.
Key Knowledge Areas:
- PAM and PAM configuration files
- Password cracking
- nsswitch
Terms and Utilities:
- conf
- john
321.2 Extended Attributes and ACLs
Weight: 5
Description: Candidates are required to understand and know how to use Extended Attributes and Access Control Lists.
Key Knowledge Areas:
- ACLs
- EAs and attribute classes
Terms and Utilities:
- getfacl
- setfacl
- getfattr
- setfattr
321.3 SELinux
Weight: 6
Description: Candidates should have a thorough knowledge of SELinux.
Key Knowledge Areas:
- SELinux configuration and command line tools
- TE, RBAC, MAC and DAC concepts and use
Terms and Utilities:
- fixfiles/setfiles
- newrole
- setenforce/getenforce
- selinuxenabled
- semanage
- sestatus
- /etc/selinux/
- /etc/selinux.d/
321.4 Other Mandatory Access Control Systems
Weight: 2
Description: Candidates should be familiar with other Mandatory Access Control systems for Linux. This includes major features of these systems but not configuration and use.
Key Knowledge Areas:
- SMACK
- AppArmor
Terms and Utilities:
- SMACK
- AppArmor
Topic 322: Application Security
322.1 BIND/DNS
Weight: 2
Description: Candidates should have experience and knowledge of security issues in use and configuration of BIND DNS services.
Key Knowledge Areas:
- BIND vulnerabilities
- chroot environments
Terms and Utilities:
- TSIG
- BIND
- ACLs
- named-checkconf
322.2 Mail Services
Weight: 2
Description: Candidates should have experience and knowledge of security issues in use and configuration of Postfix mail services. Awareness of security issues in Sendmail is also required but not configuration.
Key Knowledge Areas:
- Postfix security centric configuration
- securing Sendmail
- chroot environments
Terms and Utilities:
- /etc/postfix/
- TLS
322.3 Apache/HTTP/HTTPS
Weight: 2
Description: Candidates should have experience and knowledge of security issues in use and configuration of Apache web services.
Key Knowledge Areas:
- Apache v1 and v2 security centric configuration
Terms and Utilities:
- SSL
- .htaccess
- Basic Authentication
- htpasswd
- AllowOverride
322.4 FTP
Weight: 1
Description: Candidates should have experience and knowledge of security issues in use and configuration of Pure-FTPd and vsftpd FTP services.
Key Knowledge Areas:
- Pure-FTPd configuration and important command line options
- vsftpd configuration
- chroot environments
Terms and Utilities:
- SSL/TLS
- conf
322.5 OpenSSH
Weight: 3
Description: Candidates should have experience and knowledge of security issues in use and configuration of OpenSSH SSH services.
Key Knowledge Areas:
- OpenSSH configuration and command line tools
- OpenSSH key management and access control
- Awareness of SSH protocol v1 and v2 security issues
Terms and Utilities:
- /etc/ssh/
- ~/.ssh/
- ssh-keygen
- ssh-agent
- ssh-vulnkey
322.6 NFSv4
Weight: 1
Description: Candidates should have experience and knowledge of security issues in use and configuration of NFSv4 NFS services. Earlier versions of NFS are not required knowledge.
Key Knowledge Areas:
- NFSv4 security improvements, issues and use
- NFSv4 pseudo file system
- NFSv4 security mechanisms (LIPKEY, SPKM, Kerberos)
Terms and Utilities:
- NFSv4 ACLs
- nfs4acl
- RPCSEC_GSS
- /etc/exports
322.7 Syslog
Weight: 1
Description: Candidates should have experience and knowledge of security issues in use and configuration of syslog services.
Key Knowledge Areas:
- syslog security issues
- chroot environments
Terms and Utilities:
- remote syslog servers
Topic 323: Operations Security
323.1 Host Configuration Management
Weight: 2
Description: Candidates should be familiar with the use of RCS and Puppet for host configuration management.
Key Knowledge Areas:
- RCS
- Puppet
Terms and Utilities:
- RCS
- ci/co
- rcsdiff
- puppet puppetd
- puppetmasterd
- /etc/puppet/
Topic 324: Network Security
324.1 Intrusion Detection
Weight: 4
Description: Candidates should be familiar with the use and configuration of intrusion detection software.
Key Knowledge Areas:
- Snort configuration, rules and use
- Tripwire configuration, policies and use
Terms and Utilities:
- snort
- snort-stat
- /etc/snort/
- tripwire
- twadmin
- /etc/tripwire/
324.2 Network Security Scanning
Weight: 5
Description: Candidates should be familiar with the use and configuration of network security scanning tools.
Key Knowledge Areas:
- Nessus configuration, NASL and use
- Wireshark filters and use
Terms and Utilities:
- nmap
- wireshark
- tshark
- tcpdump
- nessus
- nessus-adduser/nessus-rmuser
- nessusd
- nessus-mkcert
- /etc/nessus
324.3 Network Monitoring
Weight: 3
Description: Candidates should be familiar with the use and configuration of network monitoring tools.
Key Knowledge Areas:
- Nagios configuration and use
- ntop
Terms and Utilities:
- ntop
- nagios
- nagiostats
- cfgand other configuration files
324.4 netfilter/iptables
Weight: 5
Description: Candidates should be familiar with the use and configuration of iptables.
Key Knowledge Areas:
- Iptables packet filtering and network address translation
Terms and Utilities:
- iptables-save/iptables-restore
324.5 OpenVPN
Weight: 3
Description: Candidates should be familiar with the use of OpenVPN.
Key Knowledge Areas:
- OpenVPN configuration and use
Terms and Utilities:
- openvpn server and client