The LPIC-2 Exam Prep

Snow B.V.

Heinrich W. Klöpping

Beno T.J. Mesman

Piet W. Plomp

Willem A. Schreuder

Ricky Latupeirissa

Patryck Winkelmolen

Many, many Snow B.V. colleagues for peer reviewing and authoring updates.

Edited by

Jos Jansen

Edited by

Joost Helberg

Abstract

Audience:  this book is intended to help people prepare for the LPIC-2 exam. You will need to have at least 2 years of practical experience with Unix, preferably Linux. Though you may take the LPIC-2 exam without it, you should be an LPIC-1 alumnus to be allowed to the titles and rights that come with the LPIC-2 certification.

Approach:  We wanted to create a set of documents that could help us and others pass the LPIC-2 exams. This book contains all the information (and more) needed to pass the exam.

Sources:  Our sources of information were partly material on the Internet. Mostly practical experience of the authors and others and research done by the authors are to be credited. We try to give credit where due, but are fallible. We apologize.

Caution

While every precaution was made in the preparation of this book, we can assume no responsibility for errors or omissions. When you feel we have not given you proper credit or feel we may have violated your rights or when you have suggestions how we may improve our work please notify us immediately at so we can take corrective actions.

Organization of this book:  This book has been organized to follow the Linux Professional Institute level 2 objectives for LPIC-2 certification revision 4.0.0 of November 1st, 2013. The detailed objectives are available via http://www.lpi.org/linux-certifications/programs/lpic-2 .

In case new objectives are published, the book will follow shortly thereafter. The book for version 3 of the objectives is still available but is not maintained and will disappear shortly after version 4 is active.

The authors use the DocBook documentation standard for this book.


Preface
0. Capacity Planning (200)
Measure and Troubleshoot Resource Usage (200.1)
iostat
vmstat
netstat
ps
pstree
w
lsof
free
top
uptime
sar
Match / correlate system symptoms with likely problems
Estimate throughput and identify bottlenecks in a system including networking
Predict Future Resource Needs (200.2)
Predict future growth
Resource Exhaustion
Questions and answers
1. Linux Kernel (201)
Kernel Components (201.1)
Different types of kernel images
Overview of numbering schemes for kernels and patches
Scheme up to 2.6.0 kernels
Kernel Versioning since kernel version 2.6.0 and up to 3.0
Kernel Versioning since kernel version 3.0
What are kernel modules
Compiling a Linux kernel (201.2)
Getting the kernel sources
Cleaning the kernel
Creating a .config file
make config
make menuconfig
make xconfig and gconfig
make oldconfig
Compiling the kernel
Installing the new kernel
The initial ram disk (initrd)
Manual initrd creation
Patching a Kernel
Removing a kernel patch from a production kernel
Kernel runtime management and troubleshooting (201.3)
Customise, build and install a custom kernel and kernel modules
/proc filesystem
Contents of /, /boot , and /lib/modules
Tools and utilities to trace software and their system and library calls
Questions and answers
2. System Startup (202)
Customising SysV-init system startup (202.1)
Create initrd using mkinitrd
Create initrd using mkinitramfs
Setting the root device
The Linux Boot process
The init process
update-rc.d
The LSB standard
The bootscript environment and commands
System recovery (202.2)
GRUB explained
Influencing the regular boot process
The Rescue Boot process
Alternate Bootloaders (202.3)
Questions and answers
3. Filesystem and Devices (203)
Operating The Linux Filesystem (203.1)
The File Hierarchy
Filesystems
Creating Filesystems
Mounting and Unmounting
Swap
UUIDs
sync
Maintaining a Linux Filesystem (203.2)
fsck (fsck.*)
mkfs (mkfs.*)
tune2fs
dumpe2fs
badblocks
debugfs
ext4
btrfs awareness
mkswap
xfs_info
xfs_check
xfs_repair
Creating And Configuring Filesystem Options (203.3)
Autofs and automounter
CD-ROM filesystem
Encrypted file systems
Questions and answers
4. Advanced Storage Device Administration (204)
Configuring RAID (204.1)
What is RAID?
RAID levels
Hardware RAID
Software RAID
Recognizing RAID on your Linux system
Configuring RAID (using mdadm)
Configuring RAID (alternative)
Adjusting Storage Device Access (204.2)
Configuring disks
Configuring kernel options
Logical Volume Manager (204.3)
Configuring Logical Volume Management
Modifying logical volumes, volume groups and physical volumes
LVM Snapshots
LVM commands
Device mapper
Questions and answers
5. Networking Configuration (205)
Basic Networking Configuration (205.1)
Configuring the network interface
The Loopback Interface
Ethernet Interfaces
Routing Through a Gateway
The ip command
ARP, Address Resolution Protocol
Wireless networking
Advanced Network Configuration and Troubleshooting (205.2)
Virtual Private Network
Troubleshooting
Troubleshooting network issues (205.3)
Introduction to network troubleshooting
An example situation
Name resolution problems
Incorrect initialization of the system
Security settings
Network configuration
NetworkManager
Questions and answers
6. System Maintenance (206)
Make and install programs from source (206.1)
Unpacking source code
Building from source
Patch
Backup Operations (206.2)
Why?
What?
When?
How?
Where?
Backup utilities
Backup solutions
Notifying users on system-related issues (206.3)
The /etc/issue, /etc/issue.net, and /etc/motd files
The wall command
The shutdown command communication.
Questions and answers
7. Domain Name Server (207)
Basic DNS server configuration (207.1)
LPIC 2 objective 207.1 (3 points)
Name-server components in BIND
The named.conf file
The named name server daemon
The rndc program
Sending signals to named
Controlling named with a start/stop script
dnsmasq
The dig and host utilities
Create And Maintain DNS Zones (207.2)
LPIC 2 objective 207.2 (3 points)
Zones and reverse zones
Master and slave servers
Creating subdomains
DNS Utilities
Securing a DNS Server (207.3)
LPIC 2 objective 207.3 (2 points)
DNS Security Strategies
Making information harder to get
Controlling requests
Limiting effects of an intrusion
Securing name server connections
dnssec-signzone
Internal DNS
TSIG
Questions and answers
8. Web Services (208)
Basic Apache Configuration (208.1)
Key Knowledge Areas
Key files, terms and utilities include:
Installing the Apache web-server
Modularity
Run-time loading of modules (DSO)
Monitoring Apache load and performance
Enhancing Apache performance
Apache access_log file
Restricting client user access
Configuring authentication modules
User files
Group files
Configuring mod_perl
Configuring mod_php support
The httpd binary
Configuring Apache server options
Apache Virtual Hosting
Customizing file access
Apache configuration for HTTPS (208.2)
Key Knowledge Areas
The following is a partial list of the used files, terms and utilities:
Apache2 configuration files
Encrypted webservers: SSL
Directory /etc/ssl/*
How to create a SSL server Certificate
Implementing Squid as a caching proxy (208.3)
Key Knowledge Areas
The following is a partial list of the used files, terms and utilities:
Web-caches
squid
Redirectors
Authenticators
Access policies
Utilizing memory usage
Implementing Nginx as a web server and a reverse proxy(208.4)
Key Knowledge Areas
The following is a partial list of the used files, terms and utilities:
NGINX
Questions and answers
9. File Sharing(209)
Configuring a Samba Server (209.1)
Key Knowledge Areas
The following is a partial list of the used files, terms and utilities:
What is Samba?
Installing the Samba components
configuration
Samba commands
Samba configuration directory /etc/smb or /etc/samba.
Samba logging in /var/log/samba directory.
An example of the functionality we wish to achieve
Accessing Samba shares from Windows 2000
Accessing Windows or Samba shares from a Linux Samba client
Sending a message with smbclient
Using a Linux Samba printer from Windows 2000
Using a Windows printer from Linux
Setting up an nmbd WINS server
Creating logon scripts for clients
Configuring an NFS Server (209.2)
LPIC 2 objective 209.2
Key Knowledge Areas
The following is a partial list of the used files, terms and utilities:
NFS - The Network File System
Setting up NFS
Testing NFS
Securing NFS
Overview of NFS components
NFS protocol versions
NFSv4
Questions and answers
10. Network Client Management (210)
DHCP Configuration (210.1)
Key Knowledge Areas
Key files, terms and utilities include:
What is DHCP?
How is the server configured?
An example
Controlling the DHCP-server's behaviour
DHCP-relaying
PAM authentication (210.2)
Key Knowledge Areas
Key files, terms and utilities include:
What is it?
How does it work?
Modules
LDAP client usage (210.3)
Key Knowledge Areas
Key files, terms and utilities include:
What is it?
LDAP Filters
ldapsearch
ldappasswd
ldapadd
ldapdelete
More on LDAP
Configuring an OpenLDAP server (210.4)
Key Knowledge Areas
The following is a partial list of the used files, terms and utilities:
OpenLDAP
Questions and answers
11. E-Mail services (211)
Using e-mail servers(211.1)
Key Knowledge Areas
The following is a (partial) list of the used files, terms and utilities:
Basic knowledge of the SMTP protocol
Sendmail
Important sendmail files.
Antirelaying
Sendmail test option
Sendmail and DNS
Manual entries sendmail.cf
Exim
Postfix
logging
Sendmail emulation layer commands
/var/spool/mail
Managing local e-mail delivery
Key Knowledge Areas
The following is a partial list of the used files, terms and utilities:
procmail
Mbox and maildir storage formats
Managing remote e-mail delivery
Key Knowledge Areas
The following is a partial list of the used files, terms and utilities:
Courier IMAP and POP configuration
Dovecot
Questions and answers
12. System Security (212)
Configuring a router (212.1)
Key Knowledge Areas
The following is a partial list of the used files, terms and utilities:
Private Network Addresses
Network Address Translation (NAT)
The Linux firewall, an overview
Saving And Restoring Firewall Rules
Port and/or IP forwarding
Denial of Service (DoS) attacks
Using /proc/sys/net/ipv4 (sysctl) to prevent simple DOS attacks
Routed
ip6tables
IPCHAINS
Managing FTP servers (212.2)
Key Knowledge Areas
The following is a partial list of the used files, terms and utilities:
FTP connection modes
Active mode
Passive mode
Enabling connections through a firewall
vsftpd
Pure-FTPd
Secure shell (SSH) (212.3)
Key Knowledge Areas
The following is a partial list of the used files, terms and utilities:
SSH client and server
Keys and their purpose
Configuring sshd
ssh-agent
Tunneling an application protocol over ssh with portmapping
The .rhosts and .shosts files
Security tasks (212.4)
Key Knowledge Areas
The following is a partial list of the used files, terms and utilities:
nc (netcat)
The fail2ban command
The nmap command
OpenVAS
The Snort IDS (Intrusion Detection System)
Intrusion Detection and Prevention Systems
Keeping track of security alerts
Testing for open mail relays with telnet
OpenVPN (212.5)
Key Knowledge Areas
OpenVPN
Questions and answers
13. Troubleshooting (213)
Identifying boot stages and troubleshooting bootloaders(213.1)
Key Knowledge Areas
The following is a partial list of the used files, terms and utilities:
The bootstrap process
Kernel loading
Daemon initialization
Recognizing the four stages during boot
The contents of /boot/ and /boot/grub/
The contents of /boot/grub on a debian6 system is
The grub-install command
initrd, initramfs
MBR Master Boot Record
/etc/init.d
/etc/lilo.conf
Overwriting standard bootloader options and using bootloader shells
Troubleshooting LILO
General troubleshooting (213.2)
Key Knowledge Areas
The following is a partial list of the used files, terms and utilities:
Various system and daemon log files
Kernel syslog entries in system logs
lshw
lsmod
modprobe
insmod
Tools and utilities to trace software and their system and library calls
Troubleshooting - a word of caution
Getting help
Generic issues with hardware problems
Resolving initial boot problems
Resolving kernel boot problems
Resolving IRQ/DMA conflicts
Troubleshooting system resources (213.3)
Key Knowledge Areas
The following is a partial list of the used files, terms and utilities:
Core system variables
/etc/profile
/etc/profile.d
/etc/bashrc
Login shells
Shell startup environment
/etc/init.d/
/etc/rc.*
Editors
Setting kernel parameters
Troubleshooting environment configurations (213.4)
Key Knowledge Areas
The following is a partial list of the used files, terms and utilities:
Core system variables
Login process
init configuration files
/etc/syslog.conf
syslogd
Questions and answers
A. LPIC Level 2 Objectives
Bibliography
Index

List of Figures

13.1. A (DOS) partition table entry

List of Tables

7.1. Major BIND components
7.2. Controlling named
7.3. /etc/init.d/bind parameters
9.1. Kernel options for NFS
9.2. Overview of exportfs
9.3. Overview of showmount
9.4. Some options for the nfsstat program
9.5. Overview of NFS-related programs and files
9.6. Overview of NFS protocol versions
10.1. The first two octets are 21.31
10.2. Company-wide services
10.3. Subnet-dependent Services
10.4. LDAP field operators
12.1. Valid chains per table
13.1. Commonly used environment variables
13.2. Commonly used configuration files in HOME
A.1. LPIC Level 200 - 206 Objectives And Their Relative Weight
A.2. LPIC Level 207 - 213 Objectives And Their Relative Weight
Copyright Snow B.V. The Netherlands