WELCOME • Who Am I Eli Papatestas 917-226-5582 firstname.lastname@example.org • Experience Computer Hobbyist Help Desk System & Network Administrator Experience & Education My expectations • Come to class prepared – Skim the chapters before and after class – Test yourself with Sample questions • Ask Questions • Study on your own • Plan on taking the test • Learn something new What’s in it for You • Prepare for Linux + exam • Learn new Operating System • Vendor Neutral Certification • Useful skills Testing Objectives Domain % of Examination Installation 19% Management 26% Configuration 20% Security 21% Documentation 6% Hardware 8% Total 100% Installation • This domain requires the knowledge and skills to determine installation methods, select appropriate settings, protocols and software packages, and validate correct performance. This domain covers activities as they relate to initial installation of the operating system. For example: • installing the Apache Web server is covered here, but starting the service is covered in Domain 2.0 and changing its configuration is covered in Domain 3.0. • The candidate is not expected to know how to install a specific distribution, but should be familiar with setting used by installers on the major distributions. The scope of the exam is limited to software and settings common to Linux software from Red Hat, SuSE, Mandrake, and TurboLinux. Students will need to know one, not all, of these distributions. • Candidates must be familiar with systems and peripherals (as well as their modules and utilities) used on 32-bit and 64-bit x86-based PCs and servers, as of October, 2004. Questions requiring knowledge of proprietary software will not be asked. Installation • 1.1 Identify all system hardware required (for example: CPU, memory, drive space, scalability) and check compatibility with Linux Distribution • 1.2 Determine appropriate method of installation based on environment (for example: boot disk, CD-ROM, network (HTTP, FTP, NFS, SMB)) • 1.3 Install multimedia options (for example: video, sound, codecs) • 1.4 Identify purpose of Linux machine based on predetermined customer requirements (for example:appliance, desktop system, database, mail server, web server, etc.) • 1.5 Determine what software and services should be installed (for example: client applications for workstation, server services for desired task) Installation 1.6 Partition according to pre-installation plan using fdisk (for example: /boot, /usr, /var, /home, swap, RAID/volume, hot-spare, lvm) 1.7 Configure file systems (for example: (ext2) or (ext3) or REISER) 1.8 Configure a boot manager (for example: LILO, ELILO, GRUB, multiple boot options) 1.9 Manage packages after installing the operating systems (for example: install, uninstall, update) (for example: RPM, tar, gzip) 1.10 Select appropriate networking configuration and protocols (for example: inetd, xinetd, modems, Ethernet) 1.11 Select appropriate parameters for Linux installation (for example: language, time zones, keyboard, mouse) 1.12 Configure peripherals as necessary (for example: printer, scanner, modem) Management • Candidates must be able to demonstrate proficiency in everyday management of Linux-based clients and basic management of server systems. The six to 12 month technician is expected to fully support, maintain, and troubleshoot Linux-based desktop systems. Server management questions will focus on day-to-day server operation and basic administration. • The candidate is expected to be able to fully utilize vi, manage the Linux system completely from the command-line, including permission and user account management, and create basic shell scripts. Management 2.1 Manage local storage devices and file systems (for example:: fsck, fdisk, mkfs) using CLI commands 2.2 Mount and unmount varied filesystems (for example: Samba, NFS) using CLI commands 2.3 Create files and directories and modify files using CLI commands 2.4 Execute content and directory searches using find and grep 2.5 Create linked files using CLI commands Management 2.6 Modify file and directory permissions and ownership (for example: chmod, chown, sticky bit, octal permissions, chgrp) using CLI commands 2.7 Identify and modify default permissions for files and directories (for example: umask) using CLI commands 2.8 Perform and verify backups and restores (tar, cpio) 2.9 Access and write data to recordable media (for example: CDRW, hard drive, flash memory devices) 2.10 Manage runlevels and system initialization from the CLI and configuration files (for example: /etc/inittab and init command, /etc/rc.d, rc.local) Management 2.11 Identify, execute, manage and kill processes (for example: ps, kill, killall, bg, fg, jobs, nice, renice, rc) 2.12 Differentiate core processes from non-critical services (for example: init, [kernel processes], PID, and PPID values) 2.13 Repair packages and scripts (for example: resolving dependencies, repairing, installing, updating applications) 2.14 Monitor and troubleshoot network activity (for example: ping, netstat, traceroute) 2.15 Perform text manipulation (for example: sed, awk, vi) 2.16 Manage print jobs and print queues (for example: lpd, lprm, lpq, CUPS) Management 2.17 Perform remote management (for example: rsh, ssh, rlogin) 2.18 Perform NIS-related domain management (yp commands) 2.19 Create, modify, and use basic shell scripts 2.20 Create, modify, and delete user and group accounts (for example: useradd, groupadd, /etc/passwd, chgrp, quota, chown, chmod, grpmod) using CLI utilities 2.21 Manage and access mail queues (for example: sendmail, postfix, mail, mutt) using CLI utilities 2.22 Schedule jobs to execute in the future using "at" and "cron" daemons 2.23 Redirect output (for example: piping, redirection) Configuration • This domain requires the basic knowledge and skills to configure system settings, network services and access rights. Candidates must be able to configure files routinely used on client systems, such as mtab, fstab, hosts, resolv.conf, and inittab. Candidates need to identify which files are used to configure common server applications, but are not required to configure them. As they are often used on clients, some knowledge of Samba and HTTP service configuration is required. • Special utilities, such as linuxconf, or distribution-specific utilities will not be used. Using compilers is not required, but candidates should understand basic makefile structure. Candidates must identify settings for the X.org (XFree86) X Window system and utilities that are used to configure it. Configuration 3.1 Configure client network services and settings (for example: settings for TCP/IP) 3.2 Configure basic server network services (for example: DNS, DHCP, SAMBA, Apache) 3.3 Implement basic routing and subnetting (for example: /sbin/route, IP forward statement) 3.4 Configure the system and perform basic makefile changes to support compiling applications and drivers 3.5 Configure files that are used to mount drives or partitions (for example: fstab, mtab, SAMBA, nfs, syntax) 3.6 Implement DNS and describe how it works (for example: edit /etc/hosts, edit /etc/host.conf, edit /etc/resolv.conf, dig, host, named) Configuration 3.7 Configure a Network Interface Card (NIC) from a command line 3.8 Configure Linux printing (for example: CUPS, BSD LPD, SAMBA) 3.9 Apply basic printer permissions 3.10 Configure log files (for example: syslog, remote logfile storage) 3.11 Configure the X Window system 3.12 Set up environment variables (for example: $PATH, $DISPLAY, $TERM, $PROMPT, $PS1) Security • The domain requires that candidates describe common security terms and describe practices, as well as implement security options on client systems. The ability to configure security-related files is required. • Candidates are not expected to create security policies, but must know which practices are commonly used and against what a practice protects. Security 4.1 Configure security environment files (for example: hosts.allow, sudoers, ftpusers, sshd_config, PAM) 4.2 Delete accounts while maintaining data stored in that user's home directory 4.3 Given security requirements, implement appropriate encryption configuration (for example: blowfish 3DES, MD5) 4.4 Detect symptoms that indicate a machine's security has been compromised (for example: review logfiles for irregularities or intrusion attempts) Security 4.5 Use appropriate access level for login (for example: root level vs user level activities, su, sudo) 4.6 Set process and special permissions (for example: SUID, GUID) 4.7 Identify different Linux Intrusion Detection Systems (IDS) (for example: Snort, PortSentry) 4.8 Given security requirements, implement basic IP tables/chains (note: requires knowledge of common ports) 4.9 Implement security auditing for files and authentication Security 4.10 Identify whether a package or file has been corrupted / altered (for example: checksum, Tripwire) 4.11 Given a set of security requirements, set password policies to match (complexity / aging / shadowed passwords) (for example: identify systems not shadow passwords) 4.12 Identify security vulnerabilities within Linux services 4.13 Set up user-level security (for example: limits on logins, memory usage and processes) Documentation • Candidates must be able to provide written documentation about any work they perform. They must identify information that should be recorded for an installation or change in configuration. In addition they must also be able to use system-generated files to monitor or diagnose systems. Documentation 5.1 Establish and monitor system performance baseline (for example: top, sar, vmstat, pstree) 5.2 Create written procedures for installation, configuration, security and management 5.3 Document installed configuration (for example: installed packages, package options, TCP/IP assignment list, changes -configuration and maintenance) 5.4 Troubleshoot errors using systems logs (for example: tail, head, grep) 5.5 Troubleshoot application errors using application logs (for example: tail, head, grep) 5.6 Access system documentation and help files (for example: man, info, readme, Web) Hardware • This domain includes hardware knowledge as it relates to typical Linux client and server systems. • Candidates must be able to identify and describe components used in a 32 or 64-bit x86 client computer or laptop. They must also identify corresponding driver modules and common utilities used to configure or troubleshoot them. Proprietary hardware is not included in this domain. • More detailed knowledge of ATAPI , SCSI, USB, RAID devices, and power management is expected. Hardware 6.1 Describe common hardware components and resources (for example: connectors, IRQs, DMA, SCSI, memory addresses) 6.2 Diagnose hardware issues using Linux tools (for example: /proc, disk utilities, ifconfig, /dev, live CD rescue disk, dmesg) 6.3 Identify and configure removable system hardware (for example: PCMCIA, USB, IEEE1394) 6.4 Configure advanced power management and Advanced Configuration and Power Interface (ACPI) 6.5 Identify and configure mass storage devices and RAID (for example: SCSI, ATAPI, tape, optical recordable) Any Questions? Introduction to Linux Unit objectives • Outline the key features of the Linux operating system • Explain the common uses of Linux in the industry today Topic A: Linux as an operating system 1.1 Identify all system hardware required and check compatibility with Linux Distribution – CPU – Memory 1.22 Select appropriate parameters for Linux installation – language Components of a computer • Hardware – Physical components inside a computer • Potential Problems – Hardware compatibility – Legacy devices – PnP Components of a computer Components of a computer • Software – Instructions that understand how to use the hardware • Applications – Games, WP, Daemons • Operating System – Components to Control Hardware and support Applications. Role of the Operating system • The operating system carries out tasks by interacting with users, applications, and computer hardware Operating system components • Device driver – Software containing instructions to control computer hardware • User interface – What the user sees and uses to interact with OS and application programs • System Services – Handle Printing, scheduling, Network Access • CUPS, CRON, etc. Graphical user interface (GUI) Any Questions? The Linux operating system • Runs many applications on a variety of different hardware • A multi-user and multitasking OS • Boot Process – Load Kernel – Load Device Drivers – Load programs for UI – System starts services • Network • Server functionality Advantages of Open Source software • Developed rapidly through widespread collaboration • Bugs are promptly noted and fixed • Features evolve quickly based on users’ needs • Value of the software increases, as it is based on usefulness, not price Versions of Linux • Kernel/release – Controls hardware via device drivers – Continually improved and expanded – Version of the kernel is major factor in identifying version of the OS • New versions, new features – USB – FireWire – New Technologies Identifying kernel versions • Major number • Minor number – If odd, developmental kernel – If even, production kernel • Revision number • 2.4.21 – Major release 2 – Minor 4 • Production Kernel – Release 21 • 21st update of release 2.4 Kernel.org • Keeps current and past versions of kernel • Bugs, Mailing list, etc • Installation HOW-TO Any Questions? Linux distributions • Use the commonly developed Linux kernel • Packaged with add-on software • Provide convenience and integration Linux distributions • Differentiate on different ideas – Hardware Support – Tools – Options – User Interfaces • GNOME • KDE Package managers and tarballs • Package manager – Software used to install, maintain, and remove other software programs by storing information in a central database – Rpm, Apt-get, Yum • Tarball – Compressed archive of files that contain scripts that install software – Can be source (needs compiling) or binary (compiled for your system) – Harder to manage Major Linux distributions • Fedora Project • Red Hat Enterprise Edition • SuSe Linux • Slackware Linux • Debian Linux • TurboLinux • Mandrake Linux Major Linux distributions • www.linux.org • www.linuxiso.org Any Questions? Topic B:Common uses for Linux 1.1 Identify all system hardware required (for example: CPU, memory, drive space, scalability) and check compatibility with Linux Distribution 1.4 Identify purpose of Linux machine based on predetermined customer requirements (for example: appliance, desktop system, database, mail server, web server, etc.) 2.21 Manage and access mail queues (for example: sendmail, postfix, mail, mutt) using CLI utilities Common uses of Linux • Internet servers • File & print servers – SMB, NFS • Application servers • Supercomputers – GRID, etc • Scientific/Engineering computations • Desktop operating systems – Workstations Internet servers • Mail services • Routing • FTP services • Firewalls and proxy services • Web services • News services • DNS services Mail services • Mail Transfer Agents (MTAs) – An e-mail server • Sendmail • Mail Delivery agent (MDA) – Service that downloads e-mail from an MTA • Procmail, fetch • Mail User Agent (MUA) – Program that allows e-mail to be read and composed • Outlook • Mutt, pine, elm Routing • Core service that is necessary for Internet to function • Linux provides support for routing and is easily customizable – www.linuxrouter.org FTP Services • Share files • Allow uploading or downloading Firewalls • Protect companies from outside intruders – Between private network and connection to internet • Linux firewall support built into the kernel • Proxy Services – Handles all internet requests – Keep track with Network Address Translation (NAT) Table Firewalls • ipchains, netfilter/iptables – Some Proxy ability • Squid – Fully featured caching proxy server – www.squid-cahce.org Web & News Services • Web Server – Apache • Host web sites • More on this later • News Services – Newsgroups – Check out google groups DNS Services • Computers communicating on a network need to be uniquely identified – Each computer is assigned a number called an Internet Protocol (IP) address – IP addresses are matched to user-friendly names – Names are called Fully Qualified Domain Name (FQDN) DNS Services & Appliances • Berkeley Internet Name Daemon – BIND • Appliances – Set tops – Embedded versions of OS • can be done with linksys routers – Limited user interface File Servers • File servers provide – Storage – Security – Sharing – Portability • Network File Services (NFS) – Traditional UNIX file sharing • Server Message Blocks (SMB) – Windows Application servers • Application server – Between client and database • Database Management Systems – Collection of programs and tools designed to allow for the creation, modification, manipulation, maintenance, and access of information from databases – MySQL, Oracle, Sybase, etc Supercomputers • Scalability – Ability of computers to increase workload as the number of processors increases • Clustering – Several smaller computers acting as one large supercomputer – Beowulf clustering Scientific/engineering workstations • Many OSS programs are available for many different fields – Physics, astrophysics, and biophysics – Fluid dynamics and geophysics – Bio-computation – Materials and polymer chemistry – General mathematics and optimization – Data mining – Number theory Office workstation • Text editors – vi • Word processors – Usually do layout • Graphic editing software • Desktop publishing software • Financial software • Office productivity suites Unit summary • Outlined the key features of the Linux operating system • Explained the common uses of Linux in the industry Any Questions? Sample Questions A business wants to be able to track all Websites that are visited by its employees. Which of the following Linux packages would BEST serve this need? A. BIND B. Samba C. Apache D. Squid Sample Questions A business wants to be able to track all Websites that are visited by its employees. Which of the following Linux packages would BEST serve this need? A. BIND B. Samba C. Apache D. Squid Answer: D Explanation: squid is a high-performance proxy caching server for web clients, supporting FTP, gopher and HTTP data objects. Squid keeps meta data and especially hot objects cached in RAM, caches DNS lookup, supports non- locking DNS lookups and implements negative caching of failed requests. As well as you can apply the rules to block the site, can trap the site visited by the users etc. Squid program belongs to squid package. Sample Questions What services would need to be installed to build a combination Web server and Domain Name Server (DNS)? A. Apache and BIND B. Apache and Squid C. ipchains and BIND D. Squid and ipchains Sample Questions What services would need to be installed to build a combination Web server and Domain Name Server (DNS)? A. Apache and BIND B. Apache and Squid C. ipchains and BIND D. Squid and ipchains Answer: A. Explanation: The Linux web server software is called Apache and the Linux DNS software is called BIND. Incorrect Answers: B. Squid is a proxy server program. C. IPChains is a firewall program. D. Squid is a proxy server program and IPChains is a firewall program. Sample Questions A user complains that they can send and receive mail on the Internet, but cannot browse the Web. They have tried using different Web browsers in X. Working offline is disabled. What is most likely to be the problem? A. The user is not typing the Web address correctly. B. Web support was not added during the initial installation. C. X dropped Web access to the browser and needs to be restarted. D. There is a proxy sever that the browsers have not been configured to use. Sample Questions A user complains that they can send and receive mail on the Internet, but cannot browse the Web. They have tried using different Web browsers in X. Working offline is disabled. What is most likely to be the problem? A. The user is not typing the Web address correctly. B. Web support was not added during the initial installation. C. X dropped Web access to the browser and needs to be restarted. D. There is a proxy sever that the browsers have not been configured to use. Answer: D. Explanation: If you have a proxy server configured on the network, the client computers need to be configured to use it to access the internet. Reference: http://www.squid-cache.org/ Incorrect Answers: A. An incorrect web address would return a page not found error or a different website. B. Web support is added by default in most installations. C. This is not something that X can do. Any Questions?
Pages to are hidden for
"Security overview"Please download to view full document