Here are my comments on the LPIC 2 objectives
General:
Maybe Add: Automated installation kickstart, autoyast, dpkg
--get-selections. This is important in large Desktop installations /
hosting centres.
Add a topic: Kernel tuning: /proc/sys/kernel, sysctl.
Add a Topic: Binary kernel upgrade: distro supplied package.
Maybe Add: Advanced security: the "attributes", chattr. File System
ACL's are not mentioned anywhere, The extended attributes:
User.Title="LPI exam objectives", setfattr. attribute spaces.
Add to the topic Creation of rpm and dpkg packages from source. Drop
source code all together from LPIC 1.
Add a topic on the inner workings of PAM: The ability to add modules for
security calculators etc; Understand that most distributions re-direct
all services into common files.
Add a topic on TLS / SSL: Generating a request, self-signed certificate
etc. Maybe how to integrate those into a FEW popular applications:
Apache, sendmail, Postfix, Courier, Dovecot.
About topic 212 Security: What to do with sudo? Is it LPIC1 or LPIC2...
Consider a Process Security topic: se-linux, AppArmour, chroot jail etc.
These mechanisms are quite popular. But leave it a the conceptual level.
Topic 201: Linux Kernel
Add a topic: Kernel parameter tuning: /proc/sys/kernel/*, sysctl. (it is
very lightly mentioned elsewhere but deserves a topic on its own!)
This topic could even go very well in LPIC1!
Add a Topic: Binary kernel upgrade. Upgrade using a distro supplied
package.
201.4 Customising, build and install a custom kernel and kernel modules
Add: dkms - Dynamic Kernel Module Support
202.2 System recovery
Add: Rescue environment offered by most distributors. Concept only:
ramfs with CD-ROM mounted and system-under-repair mounted somewhere.
203.2 Maintaining a Linux filesystem
Consider dropping this entirly. Maybe add a few topics to LPIC 1 104.2
203.3 Creating and configuring filesystem options
Consider dropping this in LPIC 2. Maybe add a topic to LPIC 1 about
nautilus burner and K3B. The command line tools are too hard to use and
therefore almost never used. Candidates should figure this out via the
manual, not for their exams...
Topic 204: Advanced Storage Device Administration
Maybe add: Concept of connecting to a SAN via FC and ISCSI.
Maybe drop or very little weight: Software RAID using MD. Is anyone
really using this in production????
205.1 Basic networking configuration
Why is the firewall (in filter mode) not covered? It is mentioned
somewhere else. But I would say this is THE topic!
Add VPN here as well. It is not that important in troubleshooting, but
you should know how to configure it!
Maybe Add: Using tunneling to connect to to an IPv6 backbone. ip tunnel
etc.. ifconfig tun0. Multipoint and PtP tunnels.
205.2 Advanced Network Configuration and Troubleshooting
Add: Wireshark and nmap.
Drop: vpn
205.4 Notify users on system-related issues
Drop this entire topic and move it to LPIC-1. It's childs play. Add in
LPIC1 also /etc/issue.net and the Banner option of sshd_config. Legal
requirements dictate a warning upon entering a restricted system.
206.1 Using e-mail servers
Is this topic not too over-loaded? The most popular MTA's are Sendmail
and Postfix.
Add: Conceptual knowledge of the functions of: MTA, Delivery Agent (DA)
and User Agent (UA).
Add Knowledge area: Interaction with DNS: MX record and SPF TXT records.
Maybe: Change the requirement to: Configuration of Sendmail and Postfix.
Understand that exim and qmail exist.
206.2 Managing Local E-Mail Delivery
Change the name of this topic to Advanced Configuration of local DA's.
(Basic local mail delivery is coved in LPIC1.)
Procmail is a very popular DA.
Add: Understanding mail box formats: mbox, MailDir.
Maybe Add: Integrating SpamAssassin into the local delivery of mail.
206.3 Managing Remote E-Mail Delivery
Change topic name to Configuration of Remote DA's.
Add: Dovecot to DA list.
Add: webmail: squirrelmail maybe others.
Elaborate the extend of Cyrus knowledge: Cyrus is a world in itself!
207.1 Basic DNS server configuration
Add: Whois lookup of registrants.
Add Knowledge area: The DNS recursive lookup process. TOP server -> TLD
server -> your server. TOP cache file.
208.2 Maintaining a web server
Maybe drop SSL / TLS config.
208.3 Implementing a proxy server
Consider dropping this: Who is still using a proxy. My last client
stopped it over a year ago!
209.1 SAMBA Server Configuration
Elaborate more on which samba set-up will be tested: stand-alone,
Active-DS integrated. (But clearly not LDAP DS!)
The stand-alone portion could well be part of the Network Services part
of LPIC1!
Consider dropping: WINS. WINS is DEAD. Use DNS records in stead.
Add Key knowledge: Differences between Windows user name v.s. Linux
username. The password difference: TWO passwords! smppasswd.
210.2 LDAP configuration
Why talk about LDAP if we are not using it for the PADL scripts. Either
drop it or include the PADL nss scripts.
210.3 PAM authentication
Typo: LADP should be LDAP.
Here we discuss pam_ldap. Where is nss_ldap. See above....
211.1 System logging
Drop this Topic: Why do we go over this again when we have covered it
already in LPIC1.
It is very hard to design a course that only explains HALF of something.
I think all the bases are covered already in LPIC1.
211.2 Packaging software
Add: Just add the LPIC1 Compile from source objective here and we have a
very nice exam topic.
Drop Source code from LPIC1 altogether. It is bad to do this without
packaging.
211.3 Backup operations
What has happened to dump/restore? I can live with dropping it, but it
is the only mechanism that allows backups by non-root users...
Suse offers a non-system backup type: It only backs-up the files changed
or found in the RPM database. More distro's should have this feature!
Topic 212 security
Consider adding Process Security: se-linux, AppArmour, chroot jail.
Concepts only!
What to do with sudo....
212.1 Configuring a router
Elaborate more on the fact that here we test SNAT / MASQUERADE while
normal filtering is covered in Basic Networking.
Maybe Add: Helper firewall modules: ip_conntrack_* Concept of why they
are needed.
212.2 Securing FTP servers
Do not add to many implementations and stick to the concepts: Two TCP
ports/ passive v.s. active/ Anonymous FTP.
There are just too many implementations to go into all those config files!
212.3 Secure shell (SSH)
Drop this topic: It is covered in LPIC1. What else is there to explain
beyond LPIC1 ssh? Maybe add something to LPIC1.
212.5 Security tasks
Eloborate more on what is tested: I hope concepts / function only!
Consider mentioning WireShark.
213.1 Automating tasks using scripts
Eloborate more on what those "Basic Commands" of perl, awk sed and rsync
actually are.
214.1 Identifying boot stages
Add: initrd - very important stage.
Add: udevd -> Module load / device file creation.
I assume all knowledge is at the concept level only.
214.3 General troubleshooting
Add: Problems caused by the firewall blocking ports. (A number one cause!)
Consider adding: Identify Linux distribution from the command-line:
/etc/redhat-release, /etc/suse-release, /etc/lsb-release.
Investigate hardware resources: SMBios, dmidecode, lshal.
PCI / USB id to driver mapping: /lib/modules/linux*/modules.pcimap,
/lib/modules/linux*/modules.usbmap
--
OSA logo Vriendelijke Groet / Kind Regards,
Reinier Kleipool
Open Source Academy
Rotterdamserijweg 122
3042 AS Rotterdam
the Netherlands
T: +31 654 227144
E: [EMAIL PROTECTED]
Reinier Kleipool <[EMAIL PROTECTED]>
Curriculum Advisor
Open Source Academy
begin:vcard
fn:Reinier Kleipool
n:Kleipool;Reinier
org:Open Source Academy
adr:;;Rotterdamserijweg 122;Rotterdam;;3042 AS;the Netherlands
email;internet:[EMAIL PROTECTED]
title:Curriculum Advisor
tel;cell:+31 654 227 144
x-mozilla-html:TRUE
url:http://www.OpenSourceAcademy.nl
version:2.1
end:vcard
_______________________________________________
lpi-examdev mailing list
[email protected]
http://list.lpi.org/cgi-bin/mailman/listinfo/lpi-examdev
