Hi there, the current version of the LPIC-303 objectives draft received some more changes:
- EncFS was dropped from 331.3 (filesystems) - 332.1 now includes various ways to restrict a process using systemd as well as managing meltdown and spectre mitigations - Cacti was dropped from 332.2 - Conceptual understanding of honeypots was added to 335.1 - Penetration testing (335.2) was changed to focus on nmap instead of metasploit. The rationale is that nmap balances the dual use characteristics of pentesting tools far better than metasploit, i.e. when including meterpreter msfvenom - One weight was moved from 335.2 to 332.1 - QUESTION: What do you think about Let's Encrypt and certbot? For now it is awareness, but we had some discussion if we should go into more details and i.e. include certbot. On the other hand, this would link to the objectives (for now) to a specific service whose existence is not in LPI's control and might render parts of the objectives void if, for some reason, Let's Encrypt would change/disappear for some reason. What's your thought on this? The complete draft is available at https://wiki.lpi.org/wiki/LPIC-303_Objectives_V3.0 If you'd like to propose more changes, please feel free to follow up. Fabian On Mon, Feb 25, 2019 at 3:38 PM Fabian Thorns <[email protected]> wrote: > Hello, > > as this thread turns out to be pretty quiet (luckily some of you shared > offline, special thanks to Markus and Marc), I've put up an objectives > draft for the new 303 exam: > > https://wiki.lpi.org/wiki/LPIC-303_Objectives_V3.0 > > You can also see the changes since version 2.0: > > > https://wiki.lpi.org/pubwiki/index.php?title=LPIC-303_Objectives_V3.0&type=revision&diff=&oldid=5056 > > Topics which were moved to exam 300 were dropped; instead, we now have a > topic on vulnerabilities and penetration testing. > > Some questions I'd like to bring up with you are: > > * Shall we provide a list of relevant sub commands for tools like openssl > (req, ca, ...)? > * Shall we provide a list of relevant options for configuration files such > as HTTPD? > * If you said yes to the those two questions, for which commands / > configuration files would so be that specific? > * What do you think about cryptmount's relevance? > * Shall we keep 'Implement bandwidth usage monitoring' in 334.2? I was > tempted to drop it since it is complicated, at the edge of the topic and we > don't cover traffic shaping anyway. > * I've bounced nft back to awareness level. Do you agree? > * How specific should we be about metasploit modules? > > Two topics we've discussed offline did not make it to the draft: > > * TPM2 > * Microcode Updates / Secureboot > > If you'd like to see them in there, please propose a position and wording. > > Otherwise... I'm really looking to some corrections, additions, > discussions... Don't be shy to speak up, it's just LPIC-3 :) > > Fabian > > > > > > > On Thu, Feb 7, 2019 at 10:44 PM Fabian Thorns <[email protected]> wrote: > >> HI there, >> >> I think it's time to reanimate this thread. I've already had some great >> offline discussions regarding LPIC-3, but I'd like to share some thoughts >> with all of you and ask you to comment on them. >> >> For LPIC-303, some specific questions that came up so far were: >> >> * Shall we include a higher level cert/ca management tool in 325.1? If we >> do, which one? cfssl? >> >> * Shall we break out resource limits from 326.1 into an own topic, along >> with cgroups and systemd cgroup management? >> >> * Shall we include USB guard in 326.2? >> >> * How much SSSD shall we keep in 303, now that is intensely covered in >> LPIC-300 and that basic SSSD knowledge is tested in LPIC-2? One might argue >> that identity management could be addresses completely in LPIC-300 now. >> >> * Is wireguard stable enough to include questions about it already? >> >> With FreeIPA (and potentially user management + authentication) being >> moved to LPIC-300 now, we need to reassign their weights. We could either >> add topics to the objectives, increase the weight of the remaining >> objectives, or do both. What do you think about a topic on penetration >> testing, potentially focused on Metasploit and surrounding tools? Do you >> think it's a good idea to cover tools which could be used in offensive >> attacks, and to which extend would you test them (e.g., include >> meterpreter?) Which other topics might be relevant for LPIC-303? >> >> Let's try to think about potential new topic in LPIC-303 a bit more, it's >> a great opportunity for us to shape for focus of the exam. >> >> Regards, >> >> Fabian >> >> On Tue, Nov 27, 2018 at 12:55 AM Fabian Thorns <[email protected]> wrote: >> >>> Hi, >>> >>> by moving the objectives >>> >>> 326.3 User Management and Authentication (weight: 5) >>> >>> and >>> >>> 326.4 FreeIPA Installation and Samba Integration (weight: 4) >>> >>> from the 303 to the 300 exam we'll vacate nine weight points in exam 303. >>> >>> Some of these points should certainly be dedicated to penetration >>> testing. Metasploit would be one of the potentials tools, but there are >>> more for sure, and we should consider if there are other topics that should >>> get some of those spare weights, too. >>> >>> What do you think? >>> >>> And, this might be quite important, are you aware of any 'dual use' >>> considerations in your local legislation which might make it hard for >>> candidates and trainers to (responsibly) use pentesting tools for exam >>> preparation legally? >>> >>> Fabian >>> >>> >>> >>> On Tue, Oct 23, 2018 at 7:36 PM Markus Schade < >>> [email protected]> wrote: >>> >>>> Also in regards to host hardening, the whole secure/trusted boot topic >>>> is AFAIK currently nowhere addressed. >>>> Microcode updates and where to check in cpuinfo and sysfs for cpu bugs >>>> would also be nice. >>>> >>>> 325.3 >>>> >>>> We should mention LUKS2 >>>> >>>> Also there is clevis/tang for network bound disk encryption or TPM >>>> unlocking. >>>> >>>> 328.4 >>>> >>>> Get rid of racoon. It's dead since 2014 >>>> Replace with strongswan >>>> >>>> I'd really love to see wireguard here. I know it's not yet finalized, >>>> but the configuration seems to be already stable. >>>> >>>> 320.6 >>>> >>>> should also include configuration of ciphers, macs and hostkey >>>> algorithms all of which had to be set in the last years to disable >>>> insecure suites. So candidates should not only see this in the field and >>>> but should also be capable of setting these. >>>> >>>> Maybe have awareness of SSH CA. >>>> >>>> Best regards, >>>> Markus >>>> >>>> >>>> Am 18.10.2018 um 19:22 schrieb Marc Baudoin: >>>> > Fabian Thorns <[email protected]> écrit : >>>> >> >>>> >> this thread is supposed to discuss exam 303. >>>> >> >>>> >> The current objectives are available here: >>>> >> >>>> >> https://wiki.lpi.org/wiki/LPIC-303_Objectives_V2 >>>> >> >>>> >> The current objectives for this exam seem quite fine to me, although >>>> a few >>>> >> tools might need to be updated (IPsec) / reconsidered. But I'm sure >>>> you >>>> >> will spot more discussion points in the objectives once you review >>>> them >>>> >> again. >>>> > >>>> > My 2 cents... >>>> > >>>> > 325.4 DNS and Cryptography >>>> > >>>> > This talks about DANE to illustrate a real-world use of DNSSEC. >>>> > Adding the SSHFP RR should be considered as another example. >>>> > >>>> > 326.1 Host Hardening >>>> > >>>> > Considering what's known about Spectre, I think "Be aware of the >>>> > security advantages of virtualization" should be dropped or >>>> > rephrased. >>>> > >>>> > 326.3 User Management and Authentication >>>> > >>>> > Should pam_tally.so (not pam_tally2.so) be dropped? >>>> > >>>> > 326.4 FreeIPA Installation and Samba Integration >>>> > >>>> > The ipa-replica-prepare doesn't seem to exist anymore in current >>>> > versions of FreeIPA. >>>> > >>>> > 327.2 Mandatory Access Control >>>> > >>>> > I couldn't find togglesebool in CentOS 7. I didn't checked in >>>> > CentOS 6. Is it still available somewhere? >>>> > >>>> > Maybe the chcon command should be added. >>>> > _______________________________________________ >>>> > lpi-examdev mailing list >>>> > [email protected] >>>> > http://list.lpi.org/cgi-bin/mailman/listinfo/lpi-examdev >>>> > >>>> _______________________________________________ >>>> lpi-examdev mailing list >>>> [email protected] >>>> http://list.lpi.org/cgi-bin/mailman/listinfo/lpi-examdev >>> >>> >>> >>> -- >>> Fabian Thorns <[email protected]> GPG: F1426B12 >>> Director of Certification Development, Linux Professional Institute >>> >> >> >> -- >> Fabian Thorns <[email protected]> GPG: F1426B12 >> Director of Certification Development, Linux Professional Institute >> > > > -- > Fabian Thorns <[email protected]> GPG: F1426B12 > Director of Certification Development, Linux Professional Institute > -- Fabian Thorns <[email protected]> GPG: F1426B12 Director of Certification Development, Linux Professional Institute
_______________________________________________ lpi-examdev mailing list [email protected] https://list.lpi.org/mailman/listinfo/lpi-examdev
