Hello,
here are my 2 cents to 202
207.1
remove PowerDNS and other alternate nameservers, maybe even dnsmasq
why is kill mentioned here?
remove host, dig is the professional alternative
207.2
remove dig and host, they are mentioned in 207.1
207.3
include tsig-keygen
208.1
remove HTTP 1.1. but include HTTP/3
208.2
Cyptographic concenpts -> Cyptographic concepts
208.4
do not replicate topics covered with apache already e.g.
virtual host implementation, log files, redirects, client
user authentification, maximum requests,
minimum and maximum servers and clients, ...
reverse proxy should do, to get candidates enough
insight into nginx
209.1
Active directory membership does not make much sense
without a AD domain controller, so include Samba AD-DC.
nmbd seems outdated to me, AFAIK this is not recommended
by Microsoft anymore.
210.1
include awareness to Kea or even the full stuff
210.2
explicitly add two factor authentication e.g. for SSH
remove SSSD except you stay with LDAP server etc.
210.3
OpenLDAP client tools without server don't make sense.
210.4
make clear what the term Active Directory covers. Is Samba
AD-DC configuration included?
make clear what the term LDAP covers. Is OpenLDAP
server configuration included?
Kerberos client commands without kerberos server don't make sense
put pam_oath and pam_otp into the PAM section 210.2
211.1
remove nullmailer it's more than enough with postfix
212.1
make iptables to awareness level and go to nftables
212.2
oops, this section seems to miss in the proposal, why?
212.3
remove banner, except there is an important use case
212.4
OpenVAS is not included in Debian 12. Installation was
always a mess for me.
mention snort version number e.g. snort 3
--
|=| Werner Heuser
|=| gpg: https://keybase.io/wehe00
|=| Werner Heuser
|=| gpg: https://keybase.io/wehe00
_______________________________________________ lpi-examdev mailing list [email protected] https://list.lpi.org/mailman/listinfo/lpi-examdev
