Also in regards to host hardening, the whole secure/trusted boot topic is AFAIK currently nowhere addressed. Microcode updates and where to check in cpuinfo and sysfs for cpu bugs would also be nice.
325.3 We should mention LUKS2 Also there is clevis/tang for network bound disk encryption or TPM unlocking. 328.4 Get rid of racoon. It's dead since 2014 Replace with strongswan I'd really love to see wireguard here. I know it's not yet finalized, but the configuration seems to be already stable. 320.6 should also include configuration of ciphers, macs and hostkey algorithms all of which had to be set in the last years to disable insecure suites. So candidates should not only see this in the field and but should also be capable of setting these. Maybe have awareness of SSH CA. Best regards, Markus Am 18.10.2018 um 19:22 schrieb Marc Baudoin: > Fabian Thorns <[email protected]> écrit : >> >> this thread is supposed to discuss exam 303. >> >> The current objectives are available here: >> >> https://wiki.lpi.org/wiki/LPIC-303_Objectives_V2 >> >> The current objectives for this exam seem quite fine to me, although a few >> tools might need to be updated (IPsec) / reconsidered. But I'm sure you >> will spot more discussion points in the objectives once you review them >> again. > > My 2 cents... > > 325.4 DNS and Cryptography > > This talks about DANE to illustrate a real-world use of DNSSEC. > Adding the SSHFP RR should be considered as another example. > > 326.1 Host Hardening > > Considering what's known about Spectre, I think "Be aware of the > security advantages of virtualization" should be dropped or > rephrased. > > 326.3 User Management and Authentication > > Should pam_tally.so (not pam_tally2.so) be dropped? > > 326.4 FreeIPA Installation and Samba Integration > > The ipa-replica-prepare doesn't seem to exist anymore in current > versions of FreeIPA. > > 327.2 Mandatory Access Control > > I couldn't find togglesebool in CentOS 7. I didn't checked in > CentOS 6. Is it still available somewhere? > > Maybe the chcon command should be added. > _______________________________________________ > lpi-examdev mailing list > [email protected] > http://list.lpi.org/cgi-bin/mailman/listinfo/lpi-examdev > _______________________________________________ lpi-examdev mailing list [email protected] http://list.lpi.org/cgi-bin/mailman/listinfo/lpi-examdev
