Task 1 - "Install only applications needed" - this comes down to detailed understanding of distro install programs (e.g. Anaconda, etc.) which we're not otherwise testing here. Post installation, it comes down to *not* doing things; how do we test that a candidate knows how to *not* invoke "rpm -ivh" ? <g>
Task 2 - "Remove or disable unnecessary services" - I would broaden this to cover applications and other subsystems. For example, do you really want to leave gcc installed on that firewall? Development tools such as compilers should not in fact be installed on any production systems, but one can't say that in public for fear of offending Gentoo purists. . . Task 5 - "Understand a Nessus report" - I'd consider moving this to a "Security Validation" Content Area. Tasks 7, 8,9,10,11, 12, 14, 15, 17 - I'd make RSBAC a separate Content Area, if I included it at all (why not SELinux, LIDS, etc?) Task 13 - Install hardening scripts - *Which* hardening scripts? Bastille? Others? Got to be specific here. Task 16 - "Examine hosts.allow", etc. - Perhaps we need more extensive coverage of tcpwrappers/libwrap; specifically, the extended syntax for hosts.allow and hosts.deny (see man 5 hosts_options), and how libwrap is used by sshd and some other things people might not expect. Task 18 - "store logs on other machines" - perhaps rewrite as "Edit /etc/syslog.conf to direct selected log messages to a remote host, and configure syslogd to accept log messages from a remote host". Task 19 - "Understand User Mode Linux" - Again, I'd categorize this with RSBAC, SELinux, etc. I don't see employers seeking certified applicants doing much with UML; in fact, there'd be more mileage in examining on VMWare. Task 21 - /etc/issue - has anyone actually seen /etc/issue.net, especially, or /etc/motd recently? It might be better to look at modifying pre-logon banners in KDE and GNOME, these days. Or configuring sshd to emit a banner. . . Task 23 - "Install and configure a port scan detector" - Which one? PortSentry seems to be unsupported these days, since Cisco aquired the developers Task 24 - "Install and configure log monitoring / alerting software" - Again, which? Real-time or batch? Swatch? Best, --- Les Bell, RHCE, CISSP [http://www.lesbell.com.au] _______________________________________________ lpi-examdev mailing list [EMAIL PROTECTED] http://list.lpi.org/mailman/listinfo/lpi-examdev
