[EMAIL PROTECTED] wrote:
> 
> Hi everyone,
> 
[snip]


Here's my second cut on this categorization thingie.
***** Note: yes, I realize some categories depend on knowledge of other
categories and that the categories have no order in that regard.  For
this categorization, each category stands alone, unlike real life where
categories do indeed require prior knowledge of other categories -- so
sue me. ****

Categories:

Security/access control
        secure access
                        5.2.9 remote connections, best practices
                ssh
                        1.1.5 configure ssh
                        5.2.13 SSH, port forward, encryption, configure
                        5.2.16 SSH, version 1, version 2, configure
                        5.2.17 SSH, maintenance, best practices
                        5.2.18 SSH, trusted hosts, configure
                        5.2.2 SSH, configure
                        5.2.5 SSH, public/private key, ~/.ssh/identity,
~/.ssh/identity.pub, maintenance
                        5.2.7 SSH, public key, remote login,
~/.ssh/authoirzed_keys
                        5.2.8 SSH, ssh-agent, configure
                        6.3.1 SSH, /etc/ssh/sshd_config, DenyGroup,
configure
                vpn
                        5.2.1 VPN, configure
        tcp wrappers    
        PAM
                        6.3.7 PAM, authentication, configure
        security/system updates
                        6.2.7 bug track, security alerts, monitoring, best practices
                        6.3.5 bugfixes, maintenance, security

System administration
        system monitoring
                1.2.4 monitor processes, use 'ps'
                6.2.1 lsof, abnormal programs, maintenance, error
control, best practices
        System auditing/logging
                1.2.12 best practices, monitor logs, error maintenance
                5.1.8 logging, maintenance, best practices
                5.1.11 log, log server, /etc/syslog.conf, configure
                6.1.1 /var/log/messages, kernel, maintenance, error
control
                6.1.2 /var/log/secure, login, maintenance, error control
                6.1.3 /var/log/xferlog, transfers, maintenance, error
control
                6.1.4 /var/log/maillog, errors, maintenance, error
control
                6.1.5 /var/httpd/*, errors, maintenance, error control
                6.1.6 /var/log/* maintenance, error control, best
practices
                3.16.5 syslog, configure, network log server
                3.16.2 log server, configure
        file handling
                1.3.4 best practices, find, error maintenance   
                6.2.4 cmp, diff, maintenance, best practices
                6.2.5 md5sum, files, maintenance
        backups
                3.16.3 backup server, configure
                6.3.8 backup, maintenance, best practices

Hardware
        interrupts/ioports
                4.11.1 interrupts, /proc/interrupts, maintenance
        laptops
                5.2.20 laptop, network, configure
                5.2.21 laptop, script, network, configure, develop
        PCMCIA
                4.8.1 PCMCIA, configure
                4.8.2 PCMCIA, network, configure
        miscellaneous
                4.3.2 hardware, dumb terminal, configure
                4.3.3 hardware, UPS, configure
                4.4.5 hardware, serial ports, configure
                4.6.3 hardware, kernel, IDE, cd-burner, configure
Hard disks
        general
                4.2.1 hardware, hard drive, configure
                4.2.2 hardware, kernel, UDMA66, configure
        RAID/LVM
                4.1.1 RAID, mkraid, software RAID
                4.1.2 RAID, mirror, stripe, hardware, configure
                4.2.3 hardware, LVM, hard drive, configure
        maintenance
                1.2.5 fsck, ext2
                4.11.2 tune2fs, hard drive, maintenance
                4.11.3 hdparm, hard drive, configure

Filesystems
        fstab
                1.2.9 fstab, mounting filesystems, configuring
filesystems
        /proc
                3.2.1 IP forwarding, /proc/sys/net/ipv4/ip_forward
                3.2.2 tcp_max_syn_backlog, tcp_syn_retries,
tcp_syncookies, syn connections, synflood           
        partitions
                1.3.8 /var, partitions, filesystem maintenance
        fs types
                1.3.10 mkisofs, filesystem maintenance, iso9660

System Initialization
        SysV init
                1.4.1 /etc/init.d, /etc/rc.d/init.d
                1.4.2 runlevels, system configuration
                2.3.3 chkconfig, services, runlevels
        emergency procedures
                1.4.6 init=/bin/sh, system boot
                1.4.7 root filesystem, mount, error maintenance,
read-only, reboot
        modular boot
                2.2.11 initrd
        LILO
                2.3.9 kernel, LILO, boot image


Scripting
        general
                6.2.6 script, monitor, error control, best practices,
develop
        shell
                5.1.10 script, maintenance, develop
        Perl
                1.7.1 Perl, modules, scripts
                1.7.2 Perl, taint, security, scripts
                1.7.3 Perl, modules, CPAN
        sed
                1.7.4 sed, regular expressions
        awk
                1.7.5 awk, regular expressions
        task automation
                        5.1.1 script, automation, develop
                cron
                        5.1.2 cron, script, error maintenance, develop
                        5.2.15 cron scripts, rsync, develop

Package Management
        RPM/deb
                1.7.6 rebuild packages (RPM, DEB)
Kernel compiling
        general
                2.3.4 kernel, zImage, bzImage, best practices
                2.3.5 kernels, stable, development
                2.2.7 best practices, kernel, install
                2.4.3 kernel, SMP
                2.4.5 kernel, SMP
                2.3.14 kernel, patches, Linus, AC, subsystems,
experiemental
        configuration
                1.2.17  filesystems, /proc/filesystems, kernel support 
                2.2.12 kernel, configure
                2.2.13 kernel, .config, configure
                2.4.8 kernel, binary support, configure
                2.4.1 best practices, kernel, disable support
                2.4.2 kernel, modularize, rebuild, best practices
        compiling
                2.3.13 compile, /usr/src/linux*, revisions
                2.5.5 kernel, compile, source tree, sound, PCMCIA
        patching
                2.2.1 best practices, kernel, recompile
                2.2.2 best practices, kernel, updates
                2.2.5 kernel, patch, usb
                2.2.8 kernel, patch
                2.2.9 kernel, patch, update
                2.2.10 kernel, patch, revert
                2.2.15 kernel, patch, upgrade
                2.3.8 kernel, upgrade, patch
        modules
                modprobe
                        2.5.10 modprobe, insmod
                /etc/modules
                        2.5.7 kernel, module, /etc/conf.modules
                        2.5.8 kernel, modules, /etc/conf.modules
                        2.5.9 kernel, modules


Services
        DHCP
                3.10.14 ARP, configure
                3.13.1 DHCP, static hosts, dhcpd.conf
                3.13.2 DHCP, subnet, dynamic range, static, configure
                3.13.2 DHCP, dynamic IP range, dhcpd.conf
                3.13.4 DHCP, local LAN, configure
                3.13.5 DHCP, local LAN, remote DHCP, configure
                3.13.6 DHCP, bootp, dhcpd.conf
        DNS
                3.1.1 DNS, chroot
                3.1.2 DNS, primary domain database, forward reverse
zones
                3.1.3 DNS, primary domain database, forward and reverse
zone files
                3.1.4 BIND, domain spoofing, key statement
                3.1.5 BIND, DNS, nobody user
                3.1.6 DNS, BIND, named.conf
                3.1.7 DNS, slave, named.conf
                3.1.8 primary forward domain, DNS
                3.1.9 primary reverse domain, in-addr.arpa
                3.1.10 BIND, secondary DNS
                3.1.11 DNS, master, slave
                3.1.12 BIND, upgrade
                3.1.13 BIND, firewall, internal
                3.1.14 BIND, SOA, NS, CNAME, PTR, MX
                3.1.15 DNS, subdomain

        httpd
                3.6.1 Apache, access.log, best practices, logging
                3.6.2 .htaccess, user restrictions
                3.6.3 Apache, mod_perl
                3.6.4 Apache, PHP3
                3.6.6 Apache, mod_auth, htpasswd, htgroup
                3.6.7 Apache, module, install
                3.6.10 Apache, virtual hosts, httpd.conf
                3.6.11 Apache, SSL
                3.6.12 Apache, SSL, httpd.conf
                3.6.13 Apache, MaxkeepAliveRequests
                3.6.14 Apache, MinSpareServers, MaxSpareServers,
httpd.conf
                3.6.15 Apache, StartServers, httpd.conf
                3.6.16 Apache, httpd servers, MaxClients, httpd.conf
                3.6.17 Apache, Redirect, httpd.conf

        FTP
                3.7.1 secure, anonymous FTP, best practices
                3.7.2 FTP, /etc/ftpaccess, DENY
        INN
                3.8.2 INN, news, maintenance
        Samba
                3.12.1 /etc/lmhosts, static hosts, nmbd 
                3.12.2 samba, windows clients, configure
                3.12.3 samba, login profile
                3.12.4 nmbd, WINS, configure
                3.12.5 samba, workgroup, smb.conf
                3.12.6 samba, printer, smb.conf
                3.12.7 samba, directories, smb.conf
                3.12.9 samba, fileshare, smbmount
                3.12.10 samba, NT domain, smb.conf
                3.12.11 samba, print server, NT domain, smb.conf
        SMTP
                MTAs
                        1.2.14 sendmail, email aliases, /etc/aliases
                        1.2.15 best practices, /var/spool/mail,
sendmail, monitor logs, error maintenance
                        1.5.3 sendmail, mail quota
                        3.9.1 virtual mail domain
                        3.9.3 virtual mail domain users 
                        3.9.4 Sendmail, virtual domains
                        3.9.5 Sendmail, virtusertable
                        3.9.6 Sendmail, mail relay, internal servers
                        3.9.7 Sendmail, virtusertables
                        3.9.9 Sendmail, RBL, MTA, configure
                        3.9.10 SMTP, best practices, maintenance
                list managers
                        1.2.13 majordomo, monitor logs, error
maintenance
                MDAs
                        1.3.12 procmail
        SNMP
                5.1.4 snmp, system load, maintenance
        NIS
                3.11.1 NIS, password, configure
                3.11.2 NIS, master, ypinit, configure
                3.11.3 NIS, configure
                3.11.5 NIS, slave server, configure
        NFS
                3.14.1 NFS, exportfs, /etc/exports
                3.14.2 NFS, hosts, subnets, /etc/exports, configure
                3.14.3 NFS, second NIC, remote network, configure
                3.14.5 NFS, tcpwrappers, hosts.deny
                3.14.6 NFS, /etc/exports,  filesystem, configure
                3.14.7 NFS, /etc/exports, maintenance
                3.14.8 NFS, server client, users, configure
                3.14.9 NFS, filesystem, 8k block, mount, configure
                3.14.10 NFS, filesystem, mount, locking, configure
                3.14.11 mount, filesystems, options, hard, intr, soft,
timeo
        LDAP
                3.18.3 LDAP, LDIF, maintenance, configure
                3.18.5 LDAP, maintenance
                3.18.6 LDAP, system database, configure 
                3.18.7 LDAP, ldapsearch, query
        SQUID
                3.19.1 squid, acl, http_acces, squid.conf
                3.19.2 squid, authenticage_program, acl, http_access,
configure
                3.19.3 squid, squid.conf, maintenance

Networking
        general
                3.2.3 path MTU discovery 
                3.4.6 route
                3.5.1 network blocks, /0, /1, ... /32
                3.10.12 MAC addresses, arp
                3.11.4 /etc/nsswitch.conf, LDAP, NIS, PAM, NSS,
configure
                3.16.7 tcpdump, debugging, network
                3.17.5 network, gateway, subnets, configure
                4.10.2 network, routers, configure
                6.2.3 netstat, process maintenance, best practices
        sysctl
        packet filters
                3.4.1 ipchains, ip masq         
                3.4.2 ipchains, input
                3.4.3 network address translation
                3.4.4 ipchains, firewall rules
                6.4.1 firewall, configure
                6.4.3 ipchains, network blocks, configure
                6.4.4 ipchains, ICMP, network blocks, configure
                6.4.5 ipchains, ICMP, configure

        serial communications
                asycn
                        ppp,slip,mgetty,fax
                                3.15.2 PPP, configure
                                3.15.3 mgetty, dial-up, terminal
session, modem, configure
                                3.15.5 mgetty, autoppp, configure 
                                5.2.19 dial-in access, maintenance, best
practices
                                5.2.12 point to point network,
configure        
                sync
                        isdn,frame relay
                                4.10.4 modem, ISDN, dial-in, configure

X
        4.9.1 video, XFree, LCD, configure


Word wrap included at no extra charge.  Feel free to re-work tasks to
other categories (some maybe should be in other/multiple categories?).

Now on to what I had trouble with.  Apparently I need to see the
_entire_ task for a few of these.  BTW, were these debated on a list
somewhere about what to include and why that I missed?  Could I get
access to the archives to see what was included and why?

Tasks I had problems with (along with my comments below the task):
1.2.10 automount filesystem
where this falls out depends on the question, but probably should be
under Services.

2.4.7 kernel, /proc/sys/kernel/*, command line
does someone want to change kernel parameters?  If so, this should just
go in Filesystems --> /proc

2.4.10 kernel, serial console, debugging, best practices
kernel config or hardware?  what, exactly, is the task here?

3.10.1 primary server, mirror server
I'm confused.  Are we talking about load balancing, failover clusters,
DNS master/slave, NIS master/slave, e-mail backup (as in a second lower
priority server), or FTP mirror?

3.10.3 tcpdump, monitor bandwidth
tcpdump==traffic monitoring, SNMP is used to monitor bandwidth (usually
with something like MRTG grabbing stats.  Apples and oranges.

3.10.4 ippl, ip-logging, install
3.10.5 ippl-log, logging, portscans
looks like someone has a pet program.  There are lots of port monitoring
programs (snort, courtney, others).  I question the sagacity of
arbitrarily picking one.

3.10.13  arpwatch, monitor 
Specialized.  Same comment as above.

3.16.4 monitoring server, configure, best practices
Are we talking IDS here?  The term "monitoring server" is ambiguous. 
What's the task?  Where can I see them?

3.16.6 mon, big brother, network monitor, configure
Pet program.  Big brother uses SNMP.  I looked at this program years ago
and discarded it.  If we're going to put pet programs in, we'll have
laundry lists of them.  BB is not a standard of any distro I'm familiar
with.

3.16.8 lsof, server port, monitor
lsof -- list of open files.  netstat -- open server ports (netstat
-[tu]pan).  Need more info on this task.

3.16.9 telnet, nc, network, debugging
Insufficient data.  nc?

3.16.10 mon, big brother, network, service, monitoring, configure
more pet programs.

3.17.4 virtual network, ifconfig, subnets, configure
are we talking WAN, VPN? Term "virtual network" ambiguous.  Possibly
should be tunnels?

5.1.9 idled, maintenance
Assume this is like logoutd. need more info.

5.2.10 secure ports, remote administration, superuser, best practices
hmmm.  ports are not secure.  programs that use SSL are, but a port is
just a port (except 0-1023 as opposed to 1024-).

5.2.11 tcpwrappers, ipchains, remote access, best practices
confused, dazed, bewildered, but trying to continue.  TCP wrappers
performs access control based on daemon, IP, domain, user.  ipchains
(should be iptables) does packet filtering based on information in the
packet header (IP source/destination/port) and knows nothing about
user.  tcpwrappers works higher up in the stack.  tcpwrappers also only
works for TCP (not UDP or ICMP).  Apples and oranges in one perspective,
complementary from a general security perspective.

5.2.22 kerberos, security, maintenance, configure
Non-US citizens will likely not be familiar with this unless special
export exceptions have been made.  May have been recently released, but
still not widely used outside the US (in my experience).

6.2.2 security audit, strcpy, sprintf, maintenance, best practices
Are we testing sys admins or C programmers?

6.2.8 open mail relays, anonymous FTP, monitoring, best practices
Apples and oranges.  open mail relays--SMTP-->MTAs.  Anonymous FTP -->
FTP.  Not even vaguely related.

6.2.9 snort, intrusion detection, monitoring, best practices
6.2.10 snort, configure
snort?  What about tripwire?  Other IDS programs?

Throw in a helping of questions, some re/mis-direction, lots of
contradicting opinion, stir well, submit to list. :-)

Let the fun begin. (But don't everyone jump in at once. ;-) )

Ciao,

David A. Bandel
-- 
Focus on the dream, not the competition.
                -- Nemesis Racing Team motto
--
This message was sent from the lpi-examdev mailing list.
Send `unsubscribe lpi-examdev' in the subject to [EMAIL PROTECTED] 
to leave the list.

Reply via email to