LPI Linux Certification/Security Tasks
Detailed Objectives (212.4)
[edit | edit source](LPIC-2 Version 4.5)
Weight: 3
Description: Candidates should be able to receive security alerts from various sources, install, configure and run intrusion detection systems and apply security patches and bugfixes.
Key Knowledge Areas:
- Tools and utilities to scan and test ports on a server.
- Locations and organisations that report security alerts as Bugtraq, CERT or other sources.
- Tools and utilities to implement an intrusion detection system (IDS).
- Awareness of OpenVAS and Snort.
Terms and Utilities:
telnet
nmap
fail2ban
nc
iptables
Security tasks
[edit | edit source]Overview
[edit | edit source]Description: The candidate should be able to install and configure kerberos and perform basic security auditing of source code. This objective includes arranging to receive security alerts from Bugtraq, CERT, CIAC or other sources, being able to test for open mail relays and anonymous FTP servers, installing and configuring an intrusion detection system such as snort or Tripwire. Candidates should also be able to update the IDS configuration as new vulnerabilities are discovered and apply security patches and bugfixes.
Key files, terms, and utilities include:
Tripwire nessus netsaint snort telnet nmap
Kerberos
[edit | edit source]Reference: Red Hat Enterprise Linux 4: Reference Guide - Chapter 19. Kerberos (http://www.redhat.com/docs/manuals/enterprise/RHEL-4-Manual/ref-guide/ch-kerberos.html)
1. Installing Server
2. Installing Client
3. Basic Configuration (e.g. krb5.conf ..)
Security tasks
[edit | edit source]Use atelnet client to test/debug your servers This implies you know a little about the protocol used : read the corresponding RFCs Check security mailing lists such as Bugtraq, CERT, et al. regularly Patch your systems ASAP !
Run a security scanner on your system regularly Network security scanners Nessus and Netsaint are widely used, highly considered and open-source Bastille Linux is a great host-based security scanner Use some Intrusion Detection Systems (IDS), both network- and hosts-based Tripwire Snort
Don't forget : security is a never-ending process, not a state or a product !
Exercises
[edit | edit source]