Description: Candidates should be able to utilize kernel components that are necessary to specific hardware, hardware drivers, system resources and requirements. This objective includes implementing different types of kernel images, identifying stable and development kernels and patches, as well as using kernel modules.
Key files, terms, and utilities include:
zImage
bzImage
Description: Candidates should be able to properly compile a kernel to include or disable specific features of the Linux kernel as necessary. This objective includes compiling and recompiling the Linux kernel as needed, implementing updates and noting changes in a new kernel, creating a system initrd image, and installing new kernels.
Key files, terms, and utilities include:
make
config, xconfig, menuconfig, oldconfig
mrproper
zImage, bzImage
modules, modules_install
mkinitrd (both Red Hat and Debian based)
/usr/src/linux/
/etc/lilo.conf
Description: Candidates should be able to properly patch a kernel for various purposes including to implement kernel updates, to implement bug fixes, and to add support for new hardware. This objective also includes being able to properly remove kernel patches from existing production kernels.
Key files, terms, and utilities include:
patch
Makefile
gzip
bzip
Description: Candidates should be able to customize a kernel for specific system requirements by patching, compiling, and editing configuration files as required. This objective includes being able to assess requirements for a kernel compile versus a kernel patch as well as build and configure kernel modules.
Key files, terms, and utilities include:
patch
make
/usr/src/linux
/proc/sys/kernel/
modprobe
/etc/conf.modules, /etc/modules.conf
insmod, lsmod
kmod
kerneld
Description: Candidates should be able to edit appropriate system startup scripts to customize standard system run levels and boot processes. This objective includes interacting with run levels and creating custom initrd images as needed.
Key files, terms, and utilities include:
/etc/init.d/
/etc/inittab
/etc/rc.d/
mkinitrd (both Red Hat and Debian scripts)
Description: Candidates should be able to properly manipulate a Linux system during both the boot process and during recovery mode. This objective includes using both the init utility and init= kernel options.
Key files, terms, and utilities include:
LILO
init
inittab
mount
fsck
Description: Candidates should be able to properly configure and navigate the standard Linux filesystem. This objective includes configuring and mounting various filesystem types. Also included, is manipulating filesystems to adjust for disk space requirements or device additions.
Key files, terms, and utilities include:
/etc/fstab
mount and umount
/etc/mtab
sync
swapon and swapoff
/proc/mounts
Description: Candidates should be able to properly maintain a Linux filesystem using system utilities. This objective includes manipulating a standards ext2 filesystem.
Key files, terms, and utilities include:
fsck (fsck.ext2)
badblocks
mke2fs
dumpe2fs
debuge2fs
tune2fs
Description: Candidates should be able to configure automount filesystems. This objective includes configuring automount for network and device filesystems. Also included is creating non ext2 filesystems for devices such as CD-ROMs.
Key files, terms, and utilities include:
/etc/auto.master
/etc/auto.[dir]
mkisofs
dd
mke2fs
Description: Candidates should be able to configure and implement software RAID. This objective includes using mkraid tools and configuring RAID 0, 1, and 5.
Key files, terms, and utilities include:
mkraid
/etc/raidtab
Description: Candidates should be able to configure internal and external devices for a system including new hard disks, dumb terminal devices, serial UPS devices, multi-port serial cards, and LCD panels.
Key files, terms, and utilities include:
XFree86
modprobe
lsmod
lsdev
lspci
setserial
usbview
/proc/bus/usb
Description: Candidates should be able to configure kernel options to support various hardware devices including UDMA66 drives and IDE CD burners. This objective includes using LVM (Logical Volume Manager) to manage hard disk drives and particitions as well as software tools to interact with hard disk settings.
Key files, terms, and utilities include:
hdparm
tune2fs
/proc/interrupts
sysctl
Description: Candidates should be able to configure a Linux installation to include PCMCIA support. This objective includes configuring PCMCIA devices, such as ethernet adapters, to autodetect when inserted.
Key files, terms, and utilities include:
/etc/pcmcia/
*.opts
cardctl
cardmgr
Description: The candidate should be able to set up a Samba server for various clients. This objective includes setting up a login script for Samba clients, and setting up an nmbd WINS server. Also included is to change the workgroup in which a server participates, define a shared directory in smb.conf, define a shared printer in smb.conf, use nmblookup to test WINS server functionality, and use the smbmount command to mount an SMB share on a Linux client.
Key files, terms, and utilities include:
smbd, nmbd
smbstatus, smbtestparm, smbpasswd, nmblookup
smb.conf, lmhosts
Description: The candidate should be able to create an exports file and specify filesystems to be exported. This objective includes editing exports file entries to restrict access to certain hosts, subnets or netgroups. Also included is to specify mount options in the exports file, configure user ID mapping, mount an NFS filesystem on a client, using mount options to specify soft or hard and background retries, signal handling, locking, and block size. The candidate should also be able to configure tcpwrappers to further secure NFS.
Key files, terms, and utilities include:
/etc/exports
exportfs
showmount
nfsstat
Description: The candidate should be able to configure syslogd to act as a central network log server. This objective also includes configuring syslogd to send log output to a central log server, logging remote connections, and using grep and other text utils to automate log analysis.
Key files, terms, and utilities include:
syslog.conf
sysklogd
/etc/hosts
Description: The candidate should be able to build a package. This objective includes building (or rebuilding) both RPM and DEB packaged software.
Key files, terms, and utilities include:
rpm
SPEC file format
/debian/rules
Description: The candidate should be able to create an offsite backup storage plan.
Description: The candidate should be able to write simple Perl scripts that make use of modules where appropriate, use the Perl taint mode to secure
data, and install Perl modules from CPAN. This objective includes using sed and
awk in scripts, and using scripts to check for process execution and generate alerts by email or pager if a process dies. Candidates should be able to write and schedule automatic execution of scripts to parse logs for alerts and email them to administrators, synchronize files across machines using rsync, monitor files for changes and generate email alerts, and write a script that notifies administrators when specified users log in or out.
Key files, terms, and utilities include:
perl -MCPAN -e shell
bash, awk, sed
crontab
at
Description: Candidate should be able to: create both a standard bootdisk for system entrance, and a recovery disk for system repair.
Key files, terms, and utilities include:
/usr/sbin/rdev
/bin/cat
/bin/mount (includes -o loop switch)
Any standard editor
/sbin/lilo
/bin/dd
/sbin/mke2fs
/etc/fstab and /etc/inittab
/usr/sbin/chroot
Familiarity with the location and contents of the LDP Bootdisk-HOWTO (http://www.ibiblio.org/pub/Linux/docs/HOWTO/Bootdisk-HOWTO)
Description: Candidate should be able to: determine, from bootup text, the 4 stages of boot sequence and distinguish between each.
Key files,
terms, and utilities include:
boot loader start and hand off to kernel
kernel loading
hardware initializiation and setup
daemon initialization and setup
Description: Candidate should be able to: determine specific stage failures and corrective techniques.
Key files, terms, and utilities include:
Know meaning of L, LI, LIL, LILO, and scrolling 010101 errrors
Know the different LILO install locations, MBR, /dev/fd0, or primary/extended partition.
/boot/boot.b
Know significance of /boot/boot.### files
Description: A candidate should be able to recognize and identify boot loader and kernel specific stages and utilize kernel boot messages to diagnose kernel errors. This objective includes being able to identify and correct common hardware issues, and be able to determine if the problem is hardware or software.
Key files, terms, and utilities include:
screen output during bootup
dmesg
kernel syslog entries in system logs (if entry is able to be gained)
various system and daemon log files in /var/log/
/sbin/lspci
/usr/bin/lsdev
/sbin/lsmod
/sbin/modprobe
/sbin/insmod
/bin/uname
location of system kernel and attending modules /, /boot, and /lib/modules
/proc filesystem
strace
strings
ltrace
lsof
Description: A candidate should be able to identify, diagnose and repair local system environment.
Key files, terms, and utilities include:
/etc/profile && /etc/profile.d/
Core system variables
/etc/bashrc (or other appropriate global shell configuration files)
/etc/init.d/
/etc/rc.*
/bin/ln
/bin/rm
Any editor of choice
/etc/ld.so.conf
/sbin/ldconfig
/sbin/sysctl && /etc/sysctl.conf
Description: A candidate should be able to identify common local system and user environment configuration issues and common repair techniques.
Key files, terms, and utilities include:
/etc/inittab
/sbin/init
/etc/passwd
/etc/shadow
/etc/group
/etc/profile
/etc/rc.local
|| /etc/rc.boot
/usr/sbin/cron
/usr/bin/crontab
/var/spool/cron/crontabs/
/etc/`shell_name`.conf
/etc/login.defs
/etc/syslog.conf
Description: The candidate should be able to configure a network device to be able to connect to a local network and a wide-area network. This objective includes being able to communicate between various subnets within a single network, configure dialup access using mgetty, configure dialup acccess using a modem or ISDN, configure authentication protocols such as PAP and CHAP, and configure TCP/IP logging.
Key files, terms, and utilities include:
/sbin/route
/sbin/ifconfig
/sbin/arp
/usr/sbin/arpwatch
/etc/
Description: The candidate should be able to configure a network device to implement various network authentication schemes. This objective includes configuring a multi- homed network device, configuring a virtual private network and resolving networking and communication problems.
Key files, terms, and utilities include:
/sbin/route
/sbin/route
/sbin/ifconfig
/bin/netstat
/bin/ping
/sbin/arp
/usr/sbin/tcpdump
/usr/sbin/lsof
/usr/bin/nc
Description: Install and maintain mailing lists using majordomo. Monitor majordomo problems by viewing majordomo logs.
Key files, terms, and utilities include:
Majordomo2
Description: Candidates should be able to manage a Sendmail configuration including email aliases, mail quotas, and virtual mail domains. This objective includes configuring internal mail relays and monitoring SMTP servers.
Key files, terms, and utilities include:
/etc/aliases
sendmail.cw
virtusertable
genericstable
Description: Candidates shold be able to implement client mail management software to filter, sort, and monitor incoming user mail. This objective includes using software such as procmail on both server and client side.
Key files, terms, and utilities include:
procmail
.procmailrc
Description: Candidates should be able to install and configure news
servers using inn. This objective includes customizing and monitoring served newsgroups.
Key files, terms, and utilities include:
innd
Description: The candidate should be able to configure BIND to function as a caching-only DNS server. This objective includes the ability to convert a BIND 4.9 named.boot file to the BIND 8.x named.conf format, and reload the DNS by using kill or ndc. This objective also includes configuring logging and options such as directoryh location for zone files.
Key files, terms, and utilities include:
/etc/named.conf
/usr/sbin/ndc
/usr/sbin/named-bootconf
kill
Description: The candidate should be able to create a zone file for a forward or reverse zone or root level server. This objective includes setting appropriate values for the SOA resource record, NS records, and MX records. Also included is adding hosts with A resource records and CNAME records as appropriate, adding hosts to reverse zones with PTR records, and adding the zone to the /etc/named.conf file using the zone statement with appropriate type, file and masters values. A candidate should also be able to delegate a zone to another DNS server.
Key files, terms, and utilities include:
contents of /var/named
zone file syntax
resource record formats
dig
nslookup
host
Description: The candidate should be able to configure BIND to run as a non-root user, and configure BIND to run in a chroot jail. This objective includes configuring DNSSEC statements such as key and trusted-keys to prevent domain spoofing. Also included is the ability to configure a split DNS configuration using the forwarders statement, and specifying a non-standard version number string in response to queries.
Key files, terms, and utilities include:
SysV init files or rc.local
/etc/named.conf
/etc/passwd
dnskeygen
Description: Candidates should be able to install and configure an Apache web server. This objective includes monitoring Apache load and performance, restricting client user access, configuring mod_perl and PHP support, and setting up client user authentication. Also included is configuring Apache server options such as maximum requests, minimum and maximim servers, and clients.
Key files, terms, and utilities include:
access.log
.htaccess
httpd.conf
mod_auth
htpasswd
htgroup
Description: Candidates should be able to configure Apache to use virtual hosts for websites without dedicated IP addresses. This objective also includes creating an SSL certification for Apache and defining SSL definitions in configuration files using OpenSSL. Also included is customizing file access by implementing redirect statements in Apache's configuration files.
Key files, terms, and utilities include:
httpd.conf
Description: Candidates should be able to install and configure a proxy server using Squid. This objective includes impelementing access policies, setting up authentication, and utilizing memory usage.
Key files, terms, and utilities include:
squid.conf
acl
http_access
Description: The candidate should be able to configure a DHCP server
and set default options, create a subnet, and create a dynamically-allocated range. This objective includes adding a static host, setting options for a single host, and adding bootp hosts. Also included is to configure a DHCP relay agent, and reload the DHCP server after making changes.
Key files, terms, and utilities include:
dhcpd.conf
dhcpd.leases
Description: The candidate should be able to configure an NIS server
and create NIS maps for major configuration files. This objective includes configuring a system as a NIS client, setting up an NIS slave server, and configuring ability to search local files, DNS, NIS, etc. in nsswitch.conf.
Key files, terms, and utilities include:
nisupdate, ypbind, ypcat, ypmatch,
ypserv, ypswitch, yppasswd, yppoll, yppush, ypwhich, rpcinfo
nis.conf, nsswitch.conf, ypserv.conf
Contents of /etc/nis/: netgroup, nicknames, securenets
Makefile
Description: The candidate should be able to configure an LDAP server. This objective includes configuring a directory hierarchy, adding group, hosts, services and other data to the hierarchy. Also included is importing items from LDIF files and add items with a management tool, as well as adding users to the directory and change their passwords.
Key files, terms, and utilities include:
slapd
slapd.conf
Description: The candidate should be able to configure PAM to support authentication via traditional /etc/passwd, shadow passwords, NIS, or LDAP.
Key files, terms, and utilities include:
/etc/pam.d
pam.conf
Description: The candidate should be able to configure ipchains and iptables to perform IP masquerading, and state the significance of Network Address Translation and Private Network Addresses in protecting a network. This objective includes configuring port redirection, listing filtering rules, and writing rules that accept or block datagrams based upon source or destination protocol, port and address. Also included is saving and reloading filtering configurations, using settings in /proc/sys/net/ipv4 to respond to DOS attacks, using /proc/sys/net/ipv4/ip_forward to turn IP forwarding on and off, and usingtools such as PortSentry to block port scans and vulnerability probes.
Key files, terms, and utilities include:
ipchains
/proc/sys/net/ipv4
/etc/services
iptables
routed
Description: The candidate should be able to configure an anonymous download FTP server. This objective includes configuring an FTP server to allow anonymous uploads, listing additional precautions to be taken if anonymous uploads are permitted, configuring guest users and groups with chroot jail, and configuring ftpaccess to deny access to named users or groups.
Key files, terms, and utilities include:
ftpaccess, ftpusers, ftpgroups
/etc/passwd
chroot
Description: The candidate should be able to configure sshd to allow
or deny root logins, enable or disable X forwarding. This objective includes generating server keys, generating a user's public/private key pair, adding a public key to a user's authorized_keys file, and configuring ssh-agent for all users. Candidates should also be able to configure port forwarding to tunnel an application protocol over ssh, configure ssh to support the ssh protocol versions 1 and 2, disable non-root logins during system maintenance, configure trusted clients for ssh logins without a password, and make multiple connections from multiple hosts to guard against loss of connection to remote host following configuration changes.
Key files, terms, and utilities include:
ssh, sshd
/etc/ssh/sshd_config
~/.ssh/identity.pub and identity, ~/.ssh/authorized_keys
.shosts, .rhosts
Description: The candidate should be able to configure tcpwrappers to allow connections to specified servers from only certain hosts or subnets.
Key files, terms, and utilities include:
inetd.conf, tcpd
hosts.allow, hosts.deny
xinetd
Description: The candidate should be able to install and configure kerberos and perform basic security auditing of source code. This objective includes arranging to receive security alerts from Bugtraq, CERT, CIAC or other sources, being able to test for open mail relays and anonymous FTP servers, installing and configuring an intrusion detection system such as snort or Tripwire. Candidates should also be able to update the IDS configuration as new vulnerabilities are discovered and apply security patches and bugfixes.
Key files, terms, and utilities include:
telnet
Tripwire
nmap
Description: A candidates should be able to identify and correct common network setup issues to include knowledge of locations for basic configuration files and commands.
Key files, terms, and utilities include:
/sbin/ifconfig
/sbin/route
/bin/netstat
/etc/network || /etc/sysconfig/network-scripts/
system log files such as /var/log/syslog && /var/log/messages
/bin/ping
/etc/resolv.conf
/etc/hosts
/etc/hosts.allow && /etc/hosts.deny
/etc/hostname || /etc/HOSTNAME
/sbin/hostname
/usr/sbin/traceroute
/usr/bin/nslookup
/usr/bin/dig
/bin/dmesg
host