Hi, by moving the objectives
326.3 User Management and Authentication (weight: 5) and 326.4 FreeIPA Installation and Samba Integration (weight: 4) from the 303 to the 300 exam we'll vacate nine weight points in exam 303. Some of these points should certainly be dedicated to penetration testing. Metasploit would be one of the potentials tools, but there are more for sure, and we should consider if there are other topics that should get some of those spare weights, too. What do you think? And, this might be quite important, are you aware of any 'dual use' considerations in your local legislation which might make it hard for candidates and trainers to (responsibly) use pentesting tools for exam preparation legally? Fabian On Tue, Oct 23, 2018 at 7:36 PM Markus Schade <[email protected]> wrote: > Also in regards to host hardening, the whole secure/trusted boot topic > is AFAIK currently nowhere addressed. > Microcode updates and where to check in cpuinfo and sysfs for cpu bugs > would also be nice. > > 325.3 > > We should mention LUKS2 > > Also there is clevis/tang for network bound disk encryption or TPM > unlocking. > > 328.4 > > Get rid of racoon. It's dead since 2014 > Replace with strongswan > > I'd really love to see wireguard here. I know it's not yet finalized, > but the configuration seems to be already stable. > > 320.6 > > should also include configuration of ciphers, macs and hostkey > algorithms all of which had to be set in the last years to disable > insecure suites. So candidates should not only see this in the field and > but should also be capable of setting these. > > Maybe have awareness of SSH CA. > > Best regards, > Markus > > > Am 18.10.2018 um 19:22 schrieb Marc Baudoin: > > Fabian Thorns <[email protected]> écrit : > >> > >> this thread is supposed to discuss exam 303. > >> > >> The current objectives are available here: > >> > >> https://wiki.lpi.org/wiki/LPIC-303_Objectives_V2 > >> > >> The current objectives for this exam seem quite fine to me, although a > few > >> tools might need to be updated (IPsec) / reconsidered. But I'm sure you > >> will spot more discussion points in the objectives once you review them > >> again. > > > > My 2 cents... > > > > 325.4 DNS and Cryptography > > > > This talks about DANE to illustrate a real-world use of DNSSEC. > > Adding the SSHFP RR should be considered as another example. > > > > 326.1 Host Hardening > > > > Considering what's known about Spectre, I think "Be aware of the > > security advantages of virtualization" should be dropped or > > rephrased. > > > > 326.3 User Management and Authentication > > > > Should pam_tally.so (not pam_tally2.so) be dropped? > > > > 326.4 FreeIPA Installation and Samba Integration > > > > The ipa-replica-prepare doesn't seem to exist anymore in current > > versions of FreeIPA. > > > > 327.2 Mandatory Access Control > > > > I couldn't find togglesebool in CentOS 7. I didn't checked in > > CentOS 6. Is it still available somewhere? > > > > Maybe the chcon command should be added. > > _______________________________________________ > > lpi-examdev mailing list > > [email protected] > > http://list.lpi.org/cgi-bin/mailman/listinfo/lpi-examdev > > > _______________________________________________ > lpi-examdev mailing list > [email protected] > http://list.lpi.org/cgi-bin/mailman/listinfo/lpi-examdev -- Fabian Thorns <[email protected]> GPG: F1426B12 Director of Certification Development, Linux Professional Institute
_______________________________________________ lpi-examdev mailing list [email protected] http://list.lpi.org/cgi-bin/mailman/listinfo/lpi-examdev
