Certification Linux LPI/Administrateur système avancé/Examen 202/Objectifs détaillés

Objectifs détaillés

Chapitre no 1
Leçon : Examen 202
Retour au	Sommaire
Chap. suiv. :	Gestion de réseaux

En raison de limitations techniques, la typographie souhaitable du titre, « Examen 202 : Objectifs détaillés
Certification Linux LPI/Administrateur système avancé/Examen 202/Objectifs détaillés », n'a pu être restituée correctement ci-dessus.

Voici les objectifs détaillés tels que définis par LPI. Ce cours n'a pas une approbation officielle de LPI.

Voici le minimum requis pour le niveau 2 de la certification LPI. Cela recouvre les tâches d'administration avancée du systéme qui sont communes à toutes les distributions Linux.

Chaque objectif est pondéré par un poids. Les poids s'étendent de 1 à 10, et indiquent l'importance relative de chaque objectif. Les objectifs avec les poids les plus élevés seront représentés dans l'examen par plus de questions.

Poids

5

Description: Le candidat doit être capable de configurer un périphérique réseau, de se connecter à un réseau local ainsi qu’à un réseau distant. Cela englobe la capacité à communiquer entre plusieurs sous-réseaux à l’intérieur d’un même réseau, de configurer un accès « dialup » en utilisant « mgetty », de configurer un accès « dialup » en utilisant un modem ou ISDN, de configurer les protocoles d'authentification tels que PAP et CHAP, et de configurer les connexions TCP/IP logging.

Fichiers, termes, et commandes inclus :

• /sbin/route
• /sbin/ifconfig
• /sbin/arp
• /usr/sbin/arpwatch
• /etc/

Poids

3

Description : Le candidat doit être capable de configurer un périphérique réseau et implémenter différents méthodes d'authentification réseau. Cet objectif inclut la configuration d’un périphérique avec plusieurs interfaces, d’un réseau privé virtuel (VPN) et de résoudre les problèmes de réseaux et de communication.

Fichiers, termes, et commandes inclus :

• /sbin/route
• /sbin/route
• /sbin/ifconfig
• /bin/netstat
• /bin/ping
• /sbin/arp
• /usr/sbin/tcpdump
• /usr/sbin/lsof
• /usr/bin/nc

Poids

1

Description: Installez et gérez des listes de diffusion avec Majordomo. Surveillez les problèmes liés à Majordomo en consultant les journaux.

Fichiers, termes, et commandes inclus :

• Majordomo2

Poids

4

Description: Les candidats doivent être capables de gérer une configuration Sendmail, y compris les alias de messagerie, les quotas de messagerie et les domaines de messagerie virtuels. Cet objectif comprend la configuration des relais de messagerie internes et la surveillance des serveurs SMTP.

Fichiers, termes, et commandes inclus :

/etc/aliases 
sendmail.cw 
virtusertable 
genericstable 

Poids

3

Description: Les candidats doivent être capables d'implémenter un logiciel de gestion du courrier client pour filtrer, trier et surveiller le courrier entrant des utilisateurs. Cet objectif comprend l'utilisation de logiciels tels que Procmail, côté serveur et côté client.

Fichiers, termes, et commandes inclus :

procmail 

Poids

1

Description: Candidates should be able to install and configure news servers using inn. This objective includes customizing and monitoring served newsgroups.

Fichiers, termes, et commandes inclus :

innd

Poids

2

Description: The candidate should be able to configure BIND to function as a caching-only DNS server. This objective includes the ability to convert a BIND 4.9 named.boot file to the BIND 8.x named.conf format, and reload the DNS by using kill or ndc. This objective also includes configuring logging and options such as directoryh location for zone files.

Fichiers, termes, et commandes inclus :

/etc/named.conf 
/usr/sbin/ndc 
/usr/sbin/named-bootconf 
kill 

Poids

3

Description: The candidate should be able to create a zone file for a forward or reverse zone or root level server. This objective includes setting appropriate values for the SOA resource record, NS records, and MX records. Also included is adding hosts with A resource records and CNAME records as appropriate, adding hosts to reverse zones with PTR records, and adding the zone to the /etc/named.conf file using the zone statement with appropriate type, file and masters values. A candidate should also be able to delegate a zone to another DNS server.

Fichiers, termes, et commandes inclus :

contents of /var/named 
zone file syntax 
resource record formats 
dig 
nslookup 
host 

Poids

3

Description: The candidate should be able to configure BIND to run as a non-root user, and configure BIND to run in a chroot jail. This objective includes configuring DNSSEC statements such as key and trusted-keys to prevent domain spoofing. Also included is the ability to configure a split DNS configuration using the forwarders statement, and specifying a non-standard version number string in response to queries.

Fichiers, termes, et commandes inclus :

SysV init files or rc.local 
/etc/named.conf 
/etc/passwd 
dnskeygen 

Poids

2

Description: Candidates should be able to install and configure an Apache web server. This objective includes monitoring Apache load and performance, restricting client user access, configuring mod_perl and PHP support, and setting up client user authentication. Also included is configuring Apache server options such as maximum requests, minimum and maximim servers, and clients.

Fichiers, termes, et commandes inclus :

access.log 
.htaccess 
httpd.conf 
mod_auth 
htpasswd 
htgroup 

Poids

2

Description: Candidates should be able to configure Apache to use virtual hosts for websites without dedicated IP addresses. This objective also includes creating an SSL certification for Apache and defining SSL definitions in configuration files using OpenSSL. Also included is customizing file access by implementing redirect statements in Apache's configuration files.

Fichiers, termes, et commandes inclus :

httpd.conf 

Poids

2

Description: Candidates should be able to install and configure a proxy server using Squid. This objective includes impelementing access policies, setting up authentication, and utilizing memory usage.

Fichiers, termes, et commandes inclus :

squid.conf 
acl 
http_access

Poids

2

Description: The candidate should be able to configure a DHCP server and set default options, create a subnet, and create a dynamically-allocated range. This objective includes adding a static host, setting options for a single host, and adding bootp hosts. Also included is to configure a DHCP relay agent, and reload the DHCP server after making changes.

Fichiers, termes, et commandes inclus :

dhcpd.conf 
dhcpd.leases

Poids

1

Description: The candidate should be able to configure an NIS server and create NIS maps for major configuration files. This objective includes configuring a system as a NIS client, setting up an NIS slave server, and configuring ability to search local files, DNS, NIS, etc. in nsswitch.conf.

Fichiers, termes, et commandes inclus :

nisupdate, ypbind, ypcat, ypmatch, ypserv, ypswitch, yppasswd, yppoll, yppush, ypwhich, rpcinfo
nis.conf, nsswitch.conf, ypserv.conf 
Contents of /etc/nis/: netgroup, nicknames, securenets 
Makefile

Poids

1

Description: The candidate should be able to configure an LDAP server. This objective includes configuring a directory hierarchy, adding group, hosts, services and other data to the hierarchy. Also included is importing items from LDIF files and add items with a management tool, as well as adding users to the directory and change their passwords.

Fichiers, termes, et commandes inclus :

slapd 
slapd.conf

Poids

2

Description: The candidate should be able to configure PAM to support authentication via traditional /etc/passwd, shadow passwords, NIS, or LDAP.

Fichiers, termes, et commandes inclus :

/etc/pam.d 
pam.conf

Poids

2

Description: The candidate should be able to configure ipchains and iptables to perform IP masquerading, and state the significance of Network Address Translation and Private Network Addresses in protecting a network. This objective includes configuring port redirection, listing filtering rules, and writing rules that accept or block datagrams based upon source or destination protocol, port and address. Also included is saving and reloading filtering configurations, using settings in /proc/sys/net/ipv4 to respond to DOS attacks, using /proc/sys/net/ipv4/ip_forward to turn IP forwarding on and off, and usingtools such as PortSentry to block port scans and vulnerability probes.

Fichiers, termes, et commandes inclus :

/proc/sys/net/ipv4 
/etc/services 
ipchains 
iptables
routed

Poids

2

Description: The candidate should be able to configure an anonymous download FTP server. This objective includes configuring an FTP server to allow anonymous uploads, listing additional precautions to be taken if anonymous uploads are permitted, configuring guest users and groups with chroot jail, and configuring ftpaccess to deny access to named users or groups.

Fichiers, termes, et commandes inclus :

ftpaccess, ftpusers, ftpgroups 
/etc/passwd 
chroot

Poids

2

Description: The candidate should be able to configure sshd to allow or deny root logins, enable or disable X forwarding. This objective includes generating server keys, generating a user's public/private key pair, adding a public key to a user's authorized_keys file, and configuring ssh-agent for all users. Candidates should also be able to configure port forwarding to tunnel an application protocol over ssh, configure ssh to support the ssh protocol versions 1 and 2, disable non-root logins during system maintenance, configure trusted clients for ssh logins without a password, and make multiple connections from multiple hosts to guard against loss of connection to remote host following configuration changes.

Fichiers, termes, et commandes inclus :

ssh, sshd
/etc/ssh/sshd_config 
~/.ssh/identity.pub and identity, ~/.ssh/authorized_keys 
.shosts, .rhosts

Poids

1

Description: The candidate should be able to configure tcpwrappers to allow connections to specified servers from only certain hosts or subnets.

Fichiers, termes, et commandes inclus :

inetd.conf, tcpd 
hosts.allow, hosts.deny 
xinetd

Poids

3

Description: The candidate should be able to install and configure kerberos and perform basic security auditing of source code. This objective includes arranging to receive security alerts from Bugtraq, CERT, CIAC or other sources, being able to test for open mail relays and anonymous FTP servers, installing and configuring an intrusion detection system such as snort or Tripwire. Candidates should also be able to update the IDS configuration as new vulnerabilities are discovered and apply security patches and bugfixes.

Fichiers, termes, et commandes inclus :

Tripwire 
telnet 
nmap

Poids

1

Description: The candidate should be able to identify and correct common network setup issues to include knowledge of locations for basic configuration files and commands.

Fichiers, termes, et commandes inclus :

/sbin/ifconfig 
/sbin/route 
/bin/netstat
/etc/network || /etc/sysconfig/network-scripts/ 
system log files such as /var/log/syslog && /var/log/messages 
/bin/ping
/etc/resolv.conf 
/etc/hosts 
/etc/hosts.allow && /etc/hosts.deny 
/etc/hostname || /etc/HOSTNAME 
/sbin/hostname 
/usr/sbin/traceroute 
/usr/bin/nslookup 
/usr/bin/dig 
/bin/dmesg 
host

Examen 202

Sommaire

Gestion de réseaux