The successful completion of this exam entitles candidates to the specialty designation: LPI 303: Security
Topic 320: Cryptography
320.1 OpenSSL (weight: 4) | Weight | 4 | | Description | Candidates should know how to configure and use OpenSSL. This includes creating your own Certificate Authority and issues SSL certificates for various applications. | Key Knowledge Areas - certificate generation
- key generation
- SSL/TLS client and server tests
The following is a partial list of the used files, terms and utilities: - openssl
- RSA, DH and DSA
- SSL
- X.509
- CSR
- CRL
320.2 Advanced GPG (weight: 4) | Weight | 4 | | Description | Candidates should know how to use GPG. This includes key generation, signing and publishing to keyservers. Managing multiple private key and IDs is also included. | Key Knowledge Areas - GPG encyption and signing
- private/public key management
- GPG key servers
- GPG configuration
The following is a partial list of the used files, terms and utilities: - gpg
- gpgv
- gpg-agent
- ~/.gnupg/
320.3 Encrypted Filesystems (weight: 3) | Weight | 3 | | Description | Candidates should be able to setup and configure encrypted filesystems. | Key Knowledge Areas - LUKS
- dm-crypt and awareness of CBC, ESSIV, LRW and XTS modes
The following is a partial list of the used files, terms and utilities: - dm-crypt
- cryptmount
- cryptsetup
Topic 321: Access Control
321.1 Host Based Access Control (weight: 2) | Weight | 2 | | Description | Candidates should be familiar with basic host based access control such as nsswitch configuration, PAM and password cracking. | Key Knowledge Areas - PAM and PAM configuration files
- password cracking
- nsswitch
The following is a partial list of the used files, terms and utilities:
321.2 Extended Attributes and ACLs (weight: 5) | Weight | 5 | | Description | Candidates are required to understand and know how to use Extended Attributes and Access Control Lists. | Key Knowledge Areas - ACLs
- EAs and attribute classes
The following is a partial list of the used files, terms and utilities: - getfacl
- setfacl
- getfattr
- setfattr
321.3 SELinux (weight: 6) | Weight | 6 | | Description | Candidates should have a thorough knowledge of SELinux. | Key Knowledge Areas - SELinux configuration and command line tools
- TE, RBAC, MAC and DAC concepts and use
The following is a partial list of the used files, terms and utilities: - fixfiles/setfiles
- newrole
- setenforce/getenforce
- selinuxenabled
- semanage
- sestatus
- /etc/selinux/
- /etc/selinux.d/
321.4 Other Mandatory Access Control Systems (weight: 2) | Weight | 2 | | Description | Candidates should be familiar with other Mandatory Access Control systems for Linux. This includes major features of these systems but not configuration and use. | Key Knowledge Areas The following is a partial list of the used files, terms and utilities:
Topic 322: Application Security
322.1 BIND/DNS (weight: 2) | Weight | 2 | | Description | Candidates should have experience and knowledge of security issues in use and configuration of BIND DNS services. | Key Knowledge Areas - BIND v9
- BIND vulnerabilities
- chroot environments
The following is a partial list of the used files, terms and utilities: - TSIG
- BIND ACLs
- named-checkconf
322.2 Mail Services (weight: 2) | Weight | 2 | | Description | Candidates should have experience and knowledge of security issues in use and configuration of Postfix mail services. Awareness of security issues in Sendmail is also required but not configuration. | Key Knowledge Areas - Postfix security centric configuration
- securing Sendmail
- chroot environments
The following is a partial list of the used files, terms and utilities:
322.3 Apache/HTTP/HTTPS (weight: 2) | Weight | 2 | | Description | Candidates should have experience and knowledge of security issues in use and configuration of Apache web services. | Key Knowledge Areas - Apache v1 and v2 security centric configuration
The following is a partial list of the used files, terms and utilities: - SSL
- .htaccess
- Basic Authentication
- htpasswd
- AllowOverride
322.4 FTP (weight: 1) | Weight | 1 | | Description | Candidates should have experience and knowledge of security issues in use and configuration of Pure-FTPd and vsftpd FTP services. | Key Knowledge Areas - Pure-FTPd configuration and important command line options
- vsftpd configuration
- chroot environments
The following is a partial list of the used files, terms and utilities:
322.5 OpenSSH (weight: 3) | Weight | 3 | | Description | Candidates should have experience and knowledge of security issues in use and configuration of OpenSSH SSH services. | Key Knowledge Areas - OpenSSH configuration and command line tools
- OpenSSH key management and access control
- Awareness of SSH protocol v1 and v2 security issues
The following is a partial list of the used files, terms and utilities: - /etc/ssh/
- ~/.ssh/
- ssh-keygen
- ssh-agent
- ssh-vulnkey
322.6 NFSv4 (weight: 1) | Weight | 1 | | Description | Candidates should have experience and knowledge of security issues in use and configuration of NFSv4 NFS services. Earlier versions of NFS are not required knowledge. | Key Knowledge Areas - NFSv4 security improvements, issues and use
- NFSv4 pseudo file system
- NFSv4 security mechanisms (LIPKEY, SPKM, Kerberos)
The following is a partial list of the used files, terms and utilities: - NFSv4 ACLs
- nfs4acl
- RPCSEC_GSS
- /etc/exports
322.7 Syslog (weight: 1) | Weight | 1 | | Description | Candidates should have experience and knowledge of security issues in use and configuration of syslog services. | Key Knowledge Areas - syslog security issues
- chroot environments
The following is a partial list of the used files, terms and utilities:
Topic 323: Operations Security
323.1 Host Configuration Management (weight: 2) | Weight | 2 | | Description | Candidates should be familiar with the use of RCS and Puppet for host configuration management. | Key Knowledge Areas The following is a partial list of the used files, terms and utilities: - RCS
- ci/co
- rcsdiff
- puppet
- puppetd
- puppetmasterd
- /etc/puppet/
Topic 324: Network Security
324.1 Intrusion Detection (weight: 4) | Weight | 4 | | Description | Candidates should be familiar with the use and configuration of intrusion detection software. | Key Knowledge Areas - Snort configuration, rules and use
- Tripwire configuration, policies and use
The following is a partial list of the used files, terms and utilities: - snort
- snort-stat
- /etc/snort/
- tripwire
- twadmin
- /etc/tripwire/
324.2 Network Security Scanning (weight: 5) | Weight | 5 | | Description | Candidates should be familiar with the use and configuration of network security scanning tools. | Key Knowledge Areas - Nessus configuration, NASL and use
- Wireshark filters and use
The following is a partial list of the used files, terms and utilities: - nmap
- wireshark
- tshark
- tcpdump
- nessus
- nessus-adduser/nessus-rmuser
- nessusd
- nessus-mkcert
- /etc/nessus
324.3 Network Monitoring (weight: 3) | Weight | 3 | | Description | Candidates should be familiar with the use and configuration of network monitoring tools. | Key Knowledge Areas - Nagios configuration and use
- ntop
The following is a partial list of the used files, terms and utilities: - ntop
- nagios
- nagiostats
- nagios.cfg and other configuration files
324.4 netfilter/iptables (weight: 5) | Weight | 5 | | Description | Candidates should be familiar with the use and configuration of iptables. | Key Knowledge Areas - Iptables packet filtering and network address translation
The following is a partial list of the used files, terms and utilities: - iptables
- iptables-save/iptables-restore
324.5 OpenVPN (weight: 3) | Weight | 3 | | Description | Candidates should be familiar with the use of OpenVPN. | Key Knowledge Areas - OpenVPN configuration and use
The following is a partial list of the used files, terms and utilities: - /etc/openvpn/
- openvpn server and client
|
