[EMAIL PROTECTED] wrote:
>
> Hey everyone,
>
> I have spent all day rewriting and HTML'izing the current Preliminary
> objectives. First thing in the morning I plan to release this on the live
> LPI site for public review. If you see something obvious before this
> publishing, please let me know.
>
A couple of objective titles I don't think match the objective
description:
Objective ID 2.x.5: Debugging a Kernel
this is really: Debugging a Kernel compile.
I don't think we've gotten into debugging a kernel panic message.
Objective ID 2.x.1: Operating the Linux Filesystem
How about: Manipulating the Linux Filesystem.
Objective ID 2.x.2: Advanced Network Configuration and Troubleshooting
shouldn't this include /sbin/modprobe? To activate a network device you
need this. And if it gives you errors, you probably have the wrong
driver.
Objective ID 2.x.2: Using Sendmail
for now, we could use aliases to create small mail lists
files list should also include:
virtusertable
genericstable
access.db
sendmail.cw
sendmail.cf
mailertable
relay-domains
By sendmail default, these are put in /etc/mail, however, some distros
are still using /etc or /etc/sendmail.
Objective ID 2.x.2: Configuring a router
The filter list mentions nothing of iptables use of stateful filtering
capabilities or connection tracking. Also, iptables (unlike ipchains)
can mitigate DOS attacks.
Objective ID 2.x.5: TCP_wrappers
Objective statement needs expanding to include:
checking and testing hosts.allow setup, denying from certain users, and
sending back messages to hosts, or running programs (booby-trapping
ports), and understanding how tcp_wrappers compile-time options like
paranoid and process_options affects program function.
files and programs should include:
tcpdchk
tcpdmatch
Objective ID 2.x.6: Security Tasks
I asked this before and one person answered: kerberos -- I've only seen
one installation in over 12 years of working Unix (was a large US gov't
site). Should we be testing on something that has been restricted to the
US until recently.
Also: code auditing? I'm qualified to do a number of things, but I'm
not a C programmer and I can't security audit C code. I can read the
code. But I'm not qualified to security audit C code (or are we just
talking about shell scripts -- but I think most career sysadmins would
have trouble identifying unsecure shell code).
Just my thoughts,
David A. Bandel
--
Focus on the dream, not the competition.
-- Nemesis Racing Team motto
--
This message was sent from the lpi-examdev mailing list.
Send `unsubscribe lpi-examdev' in the subject to [EMAIL PROTECTED]
to leave the list.
