HI there, I think it's time to reanimate this thread. I've already had some great offline discussions regarding LPIC-3, but I'd like to share some thoughts with all of you and ask you to comment on them.
For LPIC-303, some specific questions that came up so far were: * Shall we include a higher level cert/ca management tool in 325.1? If we do, which one? cfssl? * Shall we break out resource limits from 326.1 into an own topic, along with cgroups and systemd cgroup management? * Shall we include USB guard in 326.2? * How much SSSD shall we keep in 303, now that is intensely covered in LPIC-300 and that basic SSSD knowledge is tested in LPIC-2? One might argue that identity management could be addresses completely in LPIC-300 now. * Is wireguard stable enough to include questions about it already? With FreeIPA (and potentially user management + authentication) being moved to LPIC-300 now, we need to reassign their weights. We could either add topics to the objectives, increase the weight of the remaining objectives, or do both. What do you think about a topic on penetration testing, potentially focused on Metasploit and surrounding tools? Do you think it's a good idea to cover tools which could be used in offensive attacks, and to which extend would you test them (e.g., include meterpreter?) Which other topics might be relevant for LPIC-303? Let's try to think about potential new topic in LPIC-303 a bit more, it's a great opportunity for us to shape for focus of the exam. Regards, Fabian On Tue, Nov 27, 2018 at 12:55 AM Fabian Thorns <[email protected]> wrote: > Hi, > > by moving the objectives > > 326.3 User Management and Authentication (weight: 5) > > and > > 326.4 FreeIPA Installation and Samba Integration (weight: 4) > > from the 303 to the 300 exam we'll vacate nine weight points in exam 303. > > Some of these points should certainly be dedicated to penetration testing. > Metasploit would be one of the potentials tools, but there are more for > sure, and we should consider if there are other topics that should get some > of those spare weights, too. > > What do you think? > > And, this might be quite important, are you aware of any 'dual use' > considerations in your local legislation which might make it hard for > candidates and trainers to (responsibly) use pentesting tools for exam > preparation legally? > > Fabian > > > > On Tue, Oct 23, 2018 at 7:36 PM Markus Schade < > [email protected]> wrote: > >> Also in regards to host hardening, the whole secure/trusted boot topic >> is AFAIK currently nowhere addressed. >> Microcode updates and where to check in cpuinfo and sysfs for cpu bugs >> would also be nice. >> >> 325.3 >> >> We should mention LUKS2 >> >> Also there is clevis/tang for network bound disk encryption or TPM >> unlocking. >> >> 328.4 >> >> Get rid of racoon. It's dead since 2014 >> Replace with strongswan >> >> I'd really love to see wireguard here. I know it's not yet finalized, >> but the configuration seems to be already stable. >> >> 320.6 >> >> should also include configuration of ciphers, macs and hostkey >> algorithms all of which had to be set in the last years to disable >> insecure suites. So candidates should not only see this in the field and >> but should also be capable of setting these. >> >> Maybe have awareness of SSH CA. >> >> Best regards, >> Markus >> >> >> Am 18.10.2018 um 19:22 schrieb Marc Baudoin: >> > Fabian Thorns <[email protected]> écrit : >> >> >> >> this thread is supposed to discuss exam 303. >> >> >> >> The current objectives are available here: >> >> >> >> https://wiki.lpi.org/wiki/LPIC-303_Objectives_V2 >> >> >> >> The current objectives for this exam seem quite fine to me, although a >> few >> >> tools might need to be updated (IPsec) / reconsidered. But I'm sure you >> >> will spot more discussion points in the objectives once you review them >> >> again. >> > >> > My 2 cents... >> > >> > 325.4 DNS and Cryptography >> > >> > This talks about DANE to illustrate a real-world use of DNSSEC. >> > Adding the SSHFP RR should be considered as another example. >> > >> > 326.1 Host Hardening >> > >> > Considering what's known about Spectre, I think "Be aware of the >> > security advantages of virtualization" should be dropped or >> > rephrased. >> > >> > 326.3 User Management and Authentication >> > >> > Should pam_tally.so (not pam_tally2.so) be dropped? >> > >> > 326.4 FreeIPA Installation and Samba Integration >> > >> > The ipa-replica-prepare doesn't seem to exist anymore in current >> > versions of FreeIPA. >> > >> > 327.2 Mandatory Access Control >> > >> > I couldn't find togglesebool in CentOS 7. I didn't checked in >> > CentOS 6. Is it still available somewhere? >> > >> > Maybe the chcon command should be added. >> > _______________________________________________ >> > lpi-examdev mailing list >> > [email protected] >> > http://list.lpi.org/cgi-bin/mailman/listinfo/lpi-examdev >> > >> _______________________________________________ >> lpi-examdev mailing list >> [email protected] >> http://list.lpi.org/cgi-bin/mailman/listinfo/lpi-examdev > > > > -- > Fabian Thorns <[email protected]> GPG: F1426B12 > Director of Certification Development, Linux Professional Institute > -- Fabian Thorns <[email protected]> GPG: F1426B12 Director of Certification Development, Linux Professional Institute
_______________________________________________ lpi-examdev mailing list [email protected] https://list.lpi.org/mailman/listinfo/lpi-examdev
