The LPIC-2 Exam Prep

Snow B.V.

Heinrich W. Klöpping

Beno T.J. Mesman

Piet W. Plomp

Willem A. Schreuder

Ricky Latupeirissa

Patryck Winkelmolen

Many, many Snow B.V. colleagues for peer reviewing and authoring updates

Edited by

Jos Jansen

Edited by

Joost Helberg


Audience:  this book is intended to help people prepare for the LPIC-2 exam. You will need to have at least 2 years of practical experience with Unix, preferably Linux. Though you may take the LPIC-2 exam without it, you should be an LPIC-1 alumnus to be allowed to the titles and rights that come with the LPIC-2 certification.

Approach:  We wanted to create a set of documents that could help us and others to pass the LPIC-2 exams. This book contains all the information (and more) needed to pass the exam.

Sources:  Our sources of information were partly acquired from material on the Internet. Also practical experience of the authors and others and research done by the authors are to be credited. We try to give credit where due, but are fallible. We apologize.


While every precaution was made in the preparation of this book, we can assume no responsibility for errors or omissions. When you feel we have not given you proper credit or feel we may have violated your rights or when you have suggestions how we may improve our work please notify us immediately at so we can take corrective actions.

Organization of this book:  This book has been organized to follow the Linux Professional Institute level 2 objectives for LPIC-2 certification revision 4.0.0 of November 1st, 2013. The detailed objectives are available via .

In case new objectives are published, the book will follow shortly thereafter. The book for version 3 of the objectives is still available but is not maintained anymore and will disappear shortly after version 4 is active.

The authors use the DocBook documentation standard for this book.

0. Capacity Planning (200)
Measure and Troubleshoot Resource Usage (200.1)
Match / correlate system symptoms with likely problems
Estimate throughput and identify bottlenecks in a system including networking
Predict Future Resource Needs (200.2)
Monitor IT infrastructure
Predict future growth
Resource Exhaustion
Questions and answers
1. Linux Kernel (201)
Kernel Components (201.1)
Different types of kernel images
Overview of numbering schemes for kernels and patches
Scheme up to 2.6.0 kernels
Kernel Versioning since kernel version 2.6.0 and up to 3.0
Kernel Versioning since kernel version 3.0
What are kernel modules
Compiling a Linux kernel (201.2)
Getting the kernel sources
Cleaning the kernel
Creating a .config file
make config
make menuconfig
make xconfig and gconfig
make oldconfig
Compiling the kernel
Installing the new kernel
The initial ram disk (initrd)
Manual initrd creation
Patching a Kernel
Removing a kernel patch from a production kernel
Kernel runtime management and troubleshooting (201.3)
Customise, build and install a custom kernel and kernel modules
Manipulating modules
Configuring modules
Module Dependency File
kmod versus kerneld
Building A Custom Kernel
/proc filesystem
Contents of /, /boot, and /lib/modules
Tools and utilities to trace software and their system and library calls
The bootprocess
Hardware and Kernel Information
Questions and answers
2. System Startup (202)
Customising SysV-init system startup (202.1)
Create initrd using mkinitrd
Create initrd using mkinitramfs
Setting the root device
The Linux Boot process
The init process
The LSB standard
The bootscript environment and commands
System recovery (202.2)
GRUB explained
Differences with GRUB Legacy
GRUB Legacy
Influencing the regular boot process
The Rescue Boot process
Alternate Bootloaders (202.3)
Objectives for 202.3
Syslinux Boot Configuration
Understanding PXE
Questions and answers
3. Filesystem and Devices (203)
Operating The Linux Filesystem (203.1)
The File Hierarchy
Creating Filesystems
Mounting and Unmounting
Maintaining a Linux Filesystem (203.2)
fsck (fsck.*)
mkfs (mkfs.*)
btrfs awareness
smartmontools: smartd and smartctl
Creating And Configuring Filesystem Options (203.3)
Autofs and automounter
CD-ROM filesystem
Encrypted file systems
Questions and answers
4. Advanced Storage Device Administration (204)
Configuring RAID (204.1)
What is RAID?
RAID levels
Hardware RAID
Software RAID
Recognizing RAID on your Linux system
Configuring RAID (using mdadm)
Configuring RAID (alternative)
Adjusting Storage Device Access (204.2)
Configuring disks
Configuring kernel options
Logical Volume Manager (204.3)
Configuring Logical Volume Management
Modifying logical volumes, volume groups and physical volumes
LVM Snapshots
LVM commands
Device mapper
Questions and answers
5. Networking Configuration (205)
Basic Networking Configuration (205.1)
Configuring the network interface
The Loopback Interface
Ethernet Interfaces
Routing Through a Gateway
The ip command
ARP, Address Resolution Protocol
Wireless networking
Advanced Network Configuration and Troubleshooting (205.2)
Virtual Private Network
Troubleshooting network issues (205.3)
Introduction to network troubleshooting
An example situation
Name resolution problems
Incorrect initialization of the system
Security settings
Network configuration
Questions and answers
6. System Maintenance (206)
Make and install programs from source (206.1)
Unpacking source code
Building from source
Backup Operations (206.2)
Backup utilities
Backup solutions
Notifying users on system-related issues (206.3)
The /etc/issue, /etc/, and /etc/motd files
The wall command
The shutdown command communication.
Questions and answers
7. Domain Name Server (207)
Basic DNS server configuration (207.1)
LPIC 2 objective 207.1 (3 points)
Name-server components in BIND
The named.conf file
The named name server daemon
The rndc program
Sending signals to named
Controlling named with a start/stop script
The dig and host utilities
Create And Maintain DNS Zones (207.2)
LPIC 2 objective 207.2 (3 points)
Zones and reverse zones
Master and slave servers
Creating subdomains
DNS Utilities
Securing a DNS Server (207.3)
LPIC 2 objective 207.3 (2 points)
DNS Security Strategies
Making information harder to get
Controlling requests
Limiting effects of an intrusion
Securing name server connections
Internal DNS
Questions and answers
8. Web Services (208)
Basic Apache Configuration (208.1)
Key Knowledge Areas
Key files, terms and utilities include:
Installing the Apache web-server
Run-time loading of modules (DSO)
Monitoring Apache load and performance
Enhancing Apache performance
Apache access_log file
Restricting client user access
Configuring authentication modules
User files
Group files
Configuring mod_perl
Configuring mod_php support
The httpd binary
Configuring Apache server options
Apache Virtual Hosting
Customizing file access
Apache configuration for HTTPS (208.2)
Key Knowledge Areas
The following is a partial list of the used files, terms and utilities:
Apache2 configuration files
Encrypted webservers: SSL
Directory /etc/ssl/
How to create a SSL server Certificate
Apache SSL Directives
Creating and installing a self-signed certificate for Apache
Other Apache Directives
SSL with Apache Virtual Hosts
SSL Security Issues
Implementing Squid as a caching proxy (208.3)
Key Knowledge Areas
The following is a partial list of the used files, terms and utilities:
Access policies
Authenticator Behaviour
Utilizing memory usage
Implementing Nginx as a web server and a reverse proxy (208.4)
Key Knowledge Areas
The following is a partial list of the used files, terms and utilities:
Questions and answers
9. File Sharing (209)
SAMBA Server Configuration (209.1)
Key Knowledge Areas
The following is a partial list of the used files, terms and utilities:
What is Samba?
Installing the Samba components
Samba commands
Samba configuration directory /etc/smb or /etc/samba.
Samba logging in /var/log/samba directory.
An example of the functionality we wish to achieve
Accessing Samba shares from Windows 2000
Accessing Windows or Samba shares from a Linux Samba client
Sending a message with smbclient
Using a Linux Samba printer from Windows 2000
Using a Windows printer from Linux
Setting up a nmbd WINS server
Creating logon scripts for clients
Configuring an NFS Server (209.2)
LPIC 2 objective 209.2
Key Knowledge Areas
The following is a partial list of the used files, terms and utilities:
NFS - The Network File System
Setting up NFS
Testing NFS
Securing NFS
Overview of NFS components
NFS protocol versions
Questions and answers
10. Network Client Management (210)
DHCP Configuration (210.1)
Key Knowledge Areas
Key files, terms and utilities include:
What is DHCP?
How is the server configured?
An example
Controlling the DHCP-server's behaviour
PAM authentication (210.2)
Key Knowledge Areas
Key files, terms and utilities include:
What is PAM?
How does it work?
LDAP client usage (210.3)
Key Knowledge Areas
Key files, terms and utilities include:
What is it?
LDAP Filters
More on LDAP
Configuring an OpenLDAP server (210.4)
Key Knowledge Areas
The following is a partial list of the used files, terms and utilities:
Questions and answers
11. E-Mail services (211)
Using e-mail servers (211.1)
Key Knowledge Areas
Terms and Utilities
Basic knowledge of the SMTP protocol
Important sendmail files
Sendmail test option
Sendmail and DNS
Manual entries in
Sendmail emulation layer commands
Managing local e-mail delivery
Key Knowledge Areas
Terms and Utilities
Mbox and maildir storage formats
Managing remote e-mail delivery
Key Knowledge Areas
Terms and Utilities:
Courier IMAP and POP configuration
Questions and answers
12. System Security (212)
Configuring a router (212.1)
Key Knowledge Areas
The following is a partial list of the used files, terms and utilities:
Private Network Addresses
Network Address Translation (NAT)
The Linux firewall, an overview
Saving And Restoring Firewall Rules
Port and/or IP forwarding
Denial of Service (DoS) attacks
Using /proc/sys/net/ipv4 (sysctl) to prevent simple DOS attacks
Managing FTP servers (212.2)
Key Knowledge Areas
Terms and Utilities
FTP connection modes
Active mode
Passive mode
Enabling connections through a firewall
Other FTP servers
Secure shell (SSH) (212.3)
Key Knowledge Areas
Terms and utilities
SSH client and server
Keys and their purpose
Configuring sshd
Tunneling an application protocol over ssh with portmapping
Security tasks (212.4)
Key Knowledge Areas
The following is a partial list of the used files, terms and utilities:
nc (netcat)
The fail2ban command
The nmap command
The Snort IDS (Intrusion Detection System)
Intrusion Detection and Prevention Systems
Keeping track of security alerts
Testing for open mail relays with telnet
OpenVPN (212.5)
Key Knowledge Areas
Questions and answers
A. LPIC Level 2 Objectives

List of Figures

2.1. pxelinux.0 embedded options (optional)

List of Tables

7.1. Major BIND components
7.2. Controlling named
7.3. /etc/init.d/bind parameters
9.1. Kernel options for NFS
9.2. Overview of exportfs
9.3. Overview of showmount
9.4. Some options for the nfsstat program
9.5. Overview of NFS-related programs and files
9.6. Overview of NFS protocol versions
10.1. The first two octets are 21.31
10.2. Company-wide services
10.3. Subnet-dependent Services
10.4. LDAP field operators
12.1. Valid chains per table
A.1. LPIC Level 200 - 206 Objectives And Their Relative Weight
A.2. LPIC Level 207 - 212 Objectives And Their Relative Weight
Copyright Snow B.V. The Netherlands