LPI202

LPIC-2 Exam Prep (Course 2)

This course prepares students to take the LPI 202 exam of the LPIC-2 certification. The Linux Professional Institute (LPI) is the go-to certification body for vendor independent Linux certifications. This course covers more advanced Linux skills such as system management and networking. Students will feel confident taking the LPI LPIC-2 202 exam with in classroom assessments and practice exams. Current Version: F02

Introduction Course Outline

Duration

Four days

Outline for LPIC-2 Exam Prep (Course 2)

Chapter 1. DNS CONCEPTS

LPI Objectives Covered

Naming Services

DNS – A Better Way

The Domain Name Space

Delegation and Zones

Server Roles

Resolving Names

Resolving IP Addresses

Basic BIND Administration

BIND Configuration Files

rndc Key Configuration

Configuring the Resolver

Testing Resolution

LAB TASKS

Configuring a Slave Name Server

Use rndc to Control named

Chapter 2. CREATING DNS HIERARCHIES

LPI Objectives Covered

named.conf Syntax

named.conf Options Block

Creating a Site-Wide Cache

Zones In named.conf

Zone Database File Syntax

SOA – Start of Authority

A, AAAA, & PTR – Address & Pointer Records

NS – Name Server

TXT, CNAME, & MX – Text, Alias, & Mail Host

Abbreviations and Gotchas

$GENERATE, $ORIGIN, and $INCLUDE

Subdomains and Delegation

Subdomains

Delegating Zones

in-addr.arpa. Delegation

Issues with in-addr.arpa.

RFC2317 & in-addr.arpa.

LAB TASKS

Configuring BIND Zone Files

Create a Subdomain in an Existing Domain

Subdomain Delegation

Chapter 3. SECURING DNS

LPI Objectives Covered

Split Namespaces

Split Namespace with Views

Address Match Lists & ACLs

Restricting Queries

Restricting Zone Transfers

Running BIND in a chroot

Securing DNS With TSIG

LAB TASKS

Securing BIND DNS

Chapter 4. IMPLEMENTING A WEB SERVER

LPI Objectives Covered

Apache Architecture

Dynamic HTTP Content

Configuring PHP

Securing PHP

Security Related php.ini Configuration

Installing PHP

Apache Configuration Files

httpd.conf – Server Settings

httpd.conf – Main Configuration

Adding Modules to Apache

Virtual Hosting DNS Implications

httpd.conf – VirtualHost Configuration

Port and IP based Virtual Hosts

Name-based Virtual Host

Apache Logging

Log Analysis

Delegating Administration

Apache Access Controls (mod_access)

HTTP User Authentication

Standard Auth Modules

HTTP Digest Authentication

Directory Protection

Directory Protection with AllowOverride

Common Uses for .htaccess

Apache Troubleshooting

LAB TASKS

Apache Architecture

Apache Content

Using .htaccess Files

CGI Scripts in Apache

Chapter 5. MAINTAINING A WEB SERVER

LPI Objectives Covered

HTTP Virtual Servers

Virtual Hosting DNS Implications

Virtual Hosting Security Implications

Port and IP based Virtual Hosts

Name-based Virtual Host

Scrubbing HTTP Headers

Symmetric Encryption Algorithms

Asymmetric Encryption Algorithms

Digital Certificates

TLS Using mod_ssl.so

LAB TASKS

Configuring Virtual Hosts

Using TLS Certificates with Apache

Create a TLS CA key pair

Using SSL CA Certificates with Apache

Enable Apache SSL Client Certificate Authentication

Chapter 6. NGINX, SQUID, AND DHCP

LPI Objectives Covered

Nginx

Squid Overview

Squid File Layout

Squid Access Control Lists

Applying Squid ACLs

Monitoring Squid

DHCP Protocol Operation

IP to MAC Address Mapping with ARP

Configuring a DHCP server

LAB TASKS

Nginx Web Basics

HTTPS and Reverse Proxy with Nginx

Installing and Configuring Squid

Squid Cache Manager CGI

Chapter 7. SAMBA SERVER CONFIGURATION

LPI Objectives Covered

Introducing Samba

Samba Daemons

Accessing Windows/Samba Shares from Linux

Samba Utilities

Samba Configuration Files

The smb.conf File

Share Authentication

Share-Level Access

User-Level Access

Mapping Users

Samba Account Database

User Share Restrictions

LAB TASKS

Samba Share-Level Access

Chapter 8. NFS SERVER CONFIGURATION & SECURING FTP SERVERS

LPI Objectives Covered

File Sharing via NFS

NFSv4+

NFS Clients

TCP Wrappers

The /etc/hosts.allow & /etc/hosts.deny Files

/etc/hosts.{allow,deny} Shortcuts

Advanced TCP Wrappers

NFS Server Configuration

The FTP Protocol

Active Mode FTP

Passive Mode FTP

vsftpd

Configuring vsftpd

Anonymous FTP with vsftpd

Pure-FTPd

ProFTPD

LAB TASKS

NFS Server Configuration

Configuring vsftpd

Chapter 9. PAM AUTHENTICATION

LPI Objectives Covered

PAM Overview

PAM Module Types

PAM Order of Processing

PAM Control Statements

PAM Modules

pam_unix

pam_limits.so

pam_cracklib.so

pam_listfile.so

pam_tally2.so

pam_console.so

LAB TASKS

Setting Limits with the pam_limits Modules

Using pam_limits to Restrict Simultaneous Logins

Chapter 10. CONFIGURING AN OPENLDAP SERVER AND CLIENT

LPI Objectives Covered

LDAP

What LDAP Provides

LDAP Concepts

LDAP Organization

Entry Referencing

Online LDAP Data Manipulation

Querying LDAP Databases

OpenLDAP: Server Architecture

OpenLDAP: Backends

OpenLDAP: Replication

OpenLDAP: Configuration Options

OpenLDAP: Configuration Sections

OpenLDAP: Global Parameters

OpenLDAP: Database Parameters

OpenLDAP Server Tools

Enabling LDAP-based Login

System Security Services Daemon (SSSD)

LAB TASKS

Querying LDAP

Building An OpenLDAP Server

Enabling TLS For An OpenLDAP Server

Enabling LDAP-based Logins

Chapter 11. USING E-MAIL SERVERS

LPI Objectives Covered

SMTP

SMTP Terminology

SMTP Architecture

SMTP Commands

SMTP Session

Sendmail Architecture

Sendmail Configuration

Sendmail Remote Configuration

Controlling Access

Sending Email with sendmail

Exim

Postfix Features

Postfix Architecture

Postfix Components

Postfix Configuration

master.cf

main.cf

Virtual Domains

Configuration Commands

Postfix Logging

Advanced Postfix Options

LAB TASKS

Configuring Sendmail

Configuring Postfix

Postfix Virtual Host Configuration

Postfix Network Configuration

Postfix SMTP AUTH Configuration

Postfix STARTTLS Configuration

SUSE Postfix Configuration Cleanup

Chapter 12. MANAGING LOCAL AND REMOTE E-MAIL DELIVERY

LPI Objectives Covered

Filtering Email

Procmail

SpamAssassin

Accessing Email

The IMAP4 Protocol

Courier IMAP

Dovecot POP3/IMAP Server

LAB TASKS

Configuring Procmail & SpamAssassin

Dovecot Setup

Chapter 13. CONFIGURING A ROUTER AND SECURITY TASKS

LPI Objectives Covered

IPv4 Fundamentals

TCP/UDP Fundamentals

Security Advisories

Discovering Hosts

nmap

Netcat

Nessus/OpenVAS Insecurity Scanner

Configuring OpenVAS

Intrusion Detection Systems

Snort Rules

Writing Snort Rules

Linux as a Router

Configuring Routing Tables

SUSE Basic Firewall Configuration

Using the iptables Command

Netfilter Rule Syntax

Netfilter Concepts

Targets

Common match_specs

Netfilter: Stateful Packet Filter Firewall

Connection Tracking

Address Translation

Configuring NAT and PAT

LAB TASKS

NMAP

OpenVAS

Securing Services with SuSEfirewall2

Securing Services with Netfilter

Chapter 14. OPENSSH AND OPENVPN

LPI Objectives Covered

Secure Shell

OpenSSH Client & Server Configuration

Accessing Remote Shells

SSH Port Forwarding

Transferring Files

SSH Key Management

ssh-agent

OpenVPN

LAB TASKS

Introduction to ssh and scp

SSH Key-based User Authentication

Using ssh-agent

OpenVPN