سر فصلها
Basic DNS server configuration
• BIND 9.x configuration files, terms and utilities
• Defining the location of the BIND zone files in BIND configuration files
• Reloading modified configuration and zone files
• Awareness of dnsmasq, djbdns and PowerDNS as alternate name servers • /etc/named.conf
• /var/named/
• /usr/sbin/rndc
• kill
• host
• dig
Create and maintain DNS zones
• BIND 9 configuration files, terms and utilities
• Utilities to request information from the DNS server
• Layout, content and file location of the BIND zone files
• Various methods to add a new host in the zone files, including reverse zones • /var/named/
• zone file syntax
• resource record formats
• named-checkzone
• named-compilezone
• masterfile-format
• dig
• nslookup
•host
Securing a DNS server
• BIND 9 configuration files
• Configuring BIND to run in a chroot jail
• Split configuration of BIND using the forwarders statement
• Configuring and using transaction signatures (TSIG)
•Awareness of DNSSEC and basic tools
• Awareness of DANE and related records
• /etc/named.conf
• /etc/passwd
• DNSSEC
• dnssec-keygen
• dnssec-signzone
Web Services
Implementing a web server
• Apache 2.4 configuration files, terms and utilities
• Apache log files configuration and content
• Access restriction methods and files
• mod_perl and PHP configuration
• Client user authentication files and utilities
• Configuration of maximum requests, minimum and maximum servers and clients
•Apache 2.4 virtual host implementation (with and without dedicated IP addresses)
• Using redirect statements in Apache’s configuration files to customize file access • access logs and error logs
• .htaccess
• httpd.conf
• mod_auth_basic,
mod_authz_host
mod_access_compat
• htpasswd
• AuthUserFile, AuthGroupFile
• apachectl, apache2ctl
• httpd, apache2
Apache configuration for HTTPS
• SSL configuration files, tools and utilities
• Generate a server private key and CSR for a commercial CA
• Generate a self-signed Certificate
• Install the key and certificate, including intermediate CAs
• Configure Virtual Hosting using SNI
• Awareness of the issues with Virtual Hosting and use of SSL
• Security issues in SSL use, disable insecure protocols and ciphers
• Apache2 configuration files
• /etc/ssl/, /etc/pki/
• openssl, CA.pl
• SSLEngine, SSLCertificateKeyFile, SSLCertificateFile
• SSLCACertificateFile, SSLCACertificatePath
• SSLProtocol, SSLCipherSuite, ServerTokens, ServerSignature, TraceEnable
Implementing a proxy server
•Squid 3.x configuration files, terms and utilities
• Access restriction methods
• Client user authentication methods
• Layout and content of ACL in the Squid configuration files
• squid.conf
• acl
• http_access
Implementing Nginx as a web server and a reverse proxy
• Nginx
• Reverse Proxy
• Basic Web Server • /etc/nginx/
• nginx
File Sharing
SAMBA Server Configuration
• Samba 4 documentation
• Samba 4 configuration files
• Samba 4 tools and utilities and daemons
• Mounting CIFS shares on Linux
• Mapping Windows user names to Linux user names
• User-Level, Share-Level and AD security
• smbd, nmbd, winbindd
• smbcontrol, smbstatus, testparm, smbpasswd, nmblookup
•samba-tool
• net
• smbclient
• mount.cifs
• /etc/samba/
• /var/log/samba/
NFS Server Configuration
• NFS version 3 configuration files
• I/O redirection
• NFS tools and utilities
• Access restrictions to certain hosts and/or subnets
• Mount options on server and client
•TCP Wrappers
• Awareness of NFSv4 • /etc/exports
• exportfs
• showmount
• nfsstat
• /proc/mounts
• /etc/fstab
• rpcinfo
• mountd
• portmapper
Network Client Management
DHCP configuration
• DHCP configuration files, terms and utilities
• Subnet and dynamically-allocated range setup
• Awareness of DHCPv6 and IPv6 Router Advertisements
• dhcpd.conf
• dhcpd.leases
• DHCP Log messages in syslog or systemd journal
• arp
• dhcpd
• radvd
• radvd.conf
PAM authentication
• PAM configuration files, terms and utilities
• passwd and shadow passwords
• Use sssd for LDAP authentication • /etc/pam.d/
• pam.conf
• nsswitch.conf
• pam_unix, pam_cracklib, pam_limits, pam_listfile, pam_sss
• sssd.conf
LDAP client usage
• LDAP utilities for data management and queries
• Change user passwords
• Querying the LDAP directory
• ldapsearch
• ldappasswd
• ldapadd
• ldapdelete
Configuring an OpenLDAP server
• OpenLDAP
• Directory based configuration
• Access Control
• Distinguished Names
• Changetype Operations
• Schemas and Whitepages
• Directories
• Object IDs, Attributes and Classes
• slapd
• slapd-config
• LDIF
• slapadd
• slapcat
• slapindex
• /var/lib/ldap/
• loglevel
E-Mail Services
Using e-mail servers
• Configuration files for postfix
•Basic TLS configuration for postfix
• Basic knowledge of the SMTP protocol
• Awareness of sendmail and exim
• Configuration files and commands for postfix
• /etc/postfix/
• /var/spool/postfix/
• sendmail emulation layer commands
• /etc/aliases
• mail-related logs in /var/log/
Managing E-Mail Delivery
• Understanding of Sieve functionality, syntax and operators
• Use Sieve to filter and sort mail with respect to sender, recipient(s), headers and size
• Awareness of procmail
• Conditions and comparison operators
• keep, fileinto, redirect, reject, discard, stop
• Dovecot vacation extension
Managing Remote E-Mail Delivery
• Dovecot IMAP and POP3 configuration and administration
• Basic TLS configuration for Dovecot
• Awareness of Courier
• /etc/dovecot/
• dovecot.conf
• doveconf
• doveadm
Configuring a router
• iptables and ip6tables configuration files, tools and utilities
• Tools, commands and utilities to manage routing tables.
• Private address ranges (IPv4) and Unique Local Addresses as well as Link Local Addresses (IPv6)
• Port redirection and IP forwarding
• List and write filtering and rules that accept or block IP packets based on source or destination protocol, port and address
• Save and reload filtering configurations
• /proc/sys/net/ipv4/
• /proc/sys/net/ipv6/
• /etc/services
• iptables
• ip6tables
Securing FTP servers
• Configuration files, tools and utilities for Pure-FTPd and vsftpd
• Awareness of ProFTPd
• Understanding of passive vs. active FTP connections
• vsftpd.conf
• important Pure-FTPd command line options
Secure shell (SSH)
• OpenSSH configuration files, tools and utilities
• Login restrictions for the superuser and the normal users
• Managing and using server and client keys to login with and without password
• Usage of multiple connections from multiple hosts to guard against loss of connection to remote host following configuration changes • ssh
• sshd
• /etc/ssh/sshd_config
• /etc/ssh/
• Private and public key files
• PermitRootLogin, PubKeyAuthentication, AllowUsers, PasswordAuthentication, Protocol
Security tasks
• Tools and utilities to scan and test ports on a server
• Locations and organizations that report security alerts as Bugtraq, CERT or other sources
• Tools and utilities to implement an intrusion detection system (IDS)
• Awareness of OpenVAS and Snort
• telnet
• nmap
• fail2ban
• nc
• iptables
OpenVPN
• OpenVPN
• /etc/openvpn/
• openvpn
Capacity Planning
Measure and Troubleshoot Resource Usage
• Measure CPU usage
• Measure memory usage
• Measure disk I/O
• Measure network I/O
• Measure firewalling and routing throughput
• Map client bandwidth usage
• Match / correlate system symptoms with likely problems
• Estimate throughput and identify bottlenecks in a system including networking • iostat
• netstat
• w
• top
• sar
• processes blocked on I/O
• blocks out
• vmstat
• pstree, ps
• Isof
• uptime
• swap
• blocks in
Predict Future Resource Needs
• Use monitoring and measurement tools to monitor IT infrastructure usage.
• Predict capacity break point of a configuration
• Observe growth rate of capacity usage
• Graph the trend of capacity usage
• Awareness of monitoring solutions such as Icinga2, Nagios, collectd, MRTG and Cacti.
• diagnose
• predict growth
• resource exhaustion
Linux Kernel
Kernel Components
• Kernel 2.6.x, 3.x and 4.x documentation
• /usr/src/linux/
• /usr/src/linux/Documentation/
• zImage
• bzImage
• xz compression
Compiling a kernel
• /usr/src/linux/
• Kernel Makefiles
• Kernel 2.6.x/3.x make targets
• Customize the current kernel configuration.
• Build a new kernel and appropriate kernel modules.
• Install a new kernel and any modules.
• Ensure that the boot manager can locate the new kernel and associated files.
• Module configuration files
• Use DKMS to compile kernel modules.
• Awareness of dracut • mkinitrd
• mkinitramfs
• make
• make targets (all, config, xconfig, menuconfig, gconfig, oldconfig, mrproper, zImage, bzImage, modules, modules_install, rpm-pkg, binrpm-pkg, deb-pkg)
• gzip
• bzip2
• module tools
• /usr/src/linux/.config
• /lib/modules/kernel-version/
• depmod
• dkms
Kernel runtime management and troubleshooting
• Use command-line utilities to get information about the currently running kernel and kernel modules
• Manually load and unload kernel modules
• Determine when modules can be unloaded
• Determine what parameters a module accepts
• Configure the system to load modules by names other than their file name.
• /proc filesystem
• Content of /, /boot/ , and /lib/modules/
• Tools and utilities to analyze information about the available hardware
• udev rules • /lib/modules/kernel-version/modules.dep
• module configuration files in /etc/
• /proc/sys/kernel/
• /sbin/depmod
• /sbin/rmmod
• /sbin/modinfo
• /bin/dmesg
• /sbin/lspci
• /usr/bin/lsdev
• /sbin/lsmod
• /sbin/modprobe
• /sbin/insmod
• /bin/uname
•/usr/bin/lsusb
• /etc/sysctl.conf, /etc/sysctl.d/
• /sbin/sysctl
• udevmonitor
• udevadm monitor
• /etc/udev/
Customizing SysV-init system startup
• Systemd
• SysV init
• Linux Standard Base Specification (LSB) • /usr/lib/systemd/
• /etc/systemd/
• /run/systemd/
• systemctl
• systemd-delta
• /etc/inittab
• /etc/init.d/
• /etc/rc.d/
• chkconfig
• update-rc.d
• init and telinit
System Recovery
• BIOS and UEFI
• NVMe booting
• GRUB version 2 and Legacy
• grub shell
• boot loader start and hand off to kernel
• kernel loading
• hardware initialisation and setup
• daemon/service initialisation and setup
• Know the different boot loader install locations on a hard disk or removable device.
• Overwrite standard boot loader options and using boot loader shells.
•Use systemd rescue and emergency modes. • mount fsck
• inittab, telinit and init with SysV init
• The contents of /boot/, /boot/grub/ and /boot/efi/
• EFI System Partition (ESP)
• GRUB
• grub-install
• efibootmgr
• UEFI shell
• initrd, initramfs
• Master boot record
• systemctl
Alternate Bootloaders
• SYSLINUX, ISOLINUX, PXELINUX
• Understanding of PXE for both BIOS and UEFI
• Awareness of systemd-boot and U-Boot
• syslinux
• extlinux
• isolinux.bin
• isolinux.cfg
• isohdpfx.bin
• efiboot.img
• pxelinux.0
• pxelinux.cfg/
• uefi/shim.efi
• uefi/grubx64.efi
Filesystem and Devices
• The concept of the fstab configuration
• Tools and utilities for handling swap partitions and files
• Use of UUIDs for identifying and mounting file systems
• Understanding of systemd mount units • /etc/fstab
• /etc/mtab
• /proc/mounts
• mount and umount
• blkid
• sync
• swapon
• swapoff
Maintaining a Linux filesystem
• Tools and utilities to manipulate and ext2, ext3 and ext4
• Tools and utilities to perform basic Btrfs operations, including subvolumes and snapshots
• Tools and utilities to manipulate XFS
• Awareness of ZFS • mkfs (mkfs.*)
• mkswap
• fsck (fsck.*)
• tune2fs, dumpe2fs and debugfs
• btrfs, btrfs-convert
• xfs_info, xfs_check, xfs_repair, xfsdump and xfsrestore
• smartd, smartctl
Creating and configuring filesystem options
• autofs configuration files
• Understanding of automount units
• UDF and ISO9660 tools and utilities
• Awareness of other CD-ROM filesystems (HFS)
• Awareness of CD-ROM filesystem extensions (Joliet, Rock Ridge, El Torito)
• Basic feature knowledge of data encryption (dm-crypt / LUKS) • mkfs (mkfs.*)
• mkswap
• /etc/auto.master
• /etc/auto.[dir]
• mkisofs
• cryptsetup
Network Configuration
Basic networking configuration
• Utilities to configure and manipulate ethernet network interfaces
• Configuring basic access to wireless networks • ip
• ifconfig
• route
• arp
• iw
• iwconfig
• iwlist
Advanced Network Configuration and Troubleshooting
• Utilities to manipulate routing tables
• Utilities to configure and manipulate ethernet network interfaces
• Utilities to analyze the status of the network devices
• Utilities to monitor and analyze the TCP/IP traffic • ip
• ifconfig
• route
• arp
• ss
• netstat
• lsof
• ping, ping6
• nc
• tcpdump
• nmap
Troubleshooting Network Issues
• Location and content of access restriction files
• Utilities to configure and manipulate ethernet network interfaces
• Utilities to manage routing tables
• Utilities to list network states.
• Utilities to gain information about the network configuration
• Methods of information about the recognized and used hardware devices
• System initialization files and their contents (SysV init process)
• Awareness of NetworkManager and its impact on network configuration • ip
• ifconfig
• route
• ss
• netstat
• /etc/network/, /etc/sysconfig/network-scripts/
• ping, ping6
• traceroute, traceroute6
• mtr
• hostname
• System log files such as /var/log/syslog, /var/log/messages and the systemd journal
• dmesg
• /etc/resolv.conf
• /etc/hosts
• /etc/hostname, /etc/HOSTNAME
• /etc/hosts.allow, /etc/hosts.deny
System Maintenance
Make and install programs from source
• Unpack source code using common compression and archive utilities
• Understand basics of invoking make to compile programs
• Apply parameters to a configure script
• Know where sources are stored by default • /usr/src/
• gunzip
• gzip
• bzip2
• xz
• tar
• configure
• make
• uname
• install
• patch
Backup operations
• Knowledge about directories that have to be include in backups
• Awareness of network backup solutions such as Amanda, Bacula, Bareos and BackupPC
• Knowledge of the benefits and drawbacks of tapes, CDR, disk or other backup media
• Perform partial and manual backups.
• Verify the integrity of backup files.
• Partially or fully restore backups.
• /bin/sh
• dd
• tar
• /dev/st* and /dev/nst*
• mt
• rsync
Notify users on system-related issues
• Automate communication with users through logon messages
• Inform active users of system maintenance
• /etc/issue
• /etc/issue.net
• /etc/motd
• wall
• /sbin/shutdown
• systemctl