The LPIC-2 Exam Prep

Snow B.V.

Heinrich W. Klöpping

Beno T.J. Mesman

Piet W. Plomp

Willem A. Schreuder

Ricky Latupeirissa

Patryck Winkelmolen

Henk van de Weg

Many, many Snow B.V. colleagues for peer reviewing and authoring updates

Edited by

Jos Jansen

Joost Helberg

Abstract

Audience:  this book is intended to help people prepare for the LPIC-2 exam. You will need to have at least 2 years of practical experience with Unix, preferably Linux. Though you may take the LPIC-2 exam without it, you should be an LPIC-1 alumnus to be allowed to the titles and rights that come with the LPIC-2 certification.

Approach:  We wanted to create a set of documents that could help us and others to pass the LPIC-2 exams. This book contains all the information (and more) needed to pass the exam.

Sources:  Our sources of information were partly acquired from material on the Internet. Also practical experience of the authors and others and research done by the authors are to be credited. We try to give credit where due, but are fallible. We apologize.

Caution

While every precaution was made in the preparation of this book, we can assume no responsibility for errors or omissions. When you feel we have not given you proper credit or feel we may have violated your rights or when you have suggestions how we may improve our work please notify us immediately at so we can take corrective actions.

Organization of this book:  This book has been organized to follow the Linux Professional Institute level 2 objectives for LPIC-2 certification revision 4.0.0 of November 1st, 2013. The detailed objectives are available via https://www.lpi.org/study-resources/lpic-2-201-exam-objectives/ and https://www.lpi.org/study-resources/lpic-2-202-exam-objectives/ .

In case new objectives are published, the book will follow shortly thereafter. The book for version 3 of the objectives is still available but is not maintained anymore and will disappear shortly after version 4 is active.

The authors use the DocBook documentation standard for this book.


Preface
0. Capacity Planning (200)
Measure and Troubleshoot Resource Usage (200.1)
Objectives
iostat
vmstat
netstat
ps
pstree
w
lsof
free
top
uptime
sar
Match / correlate system symptoms with likely problems
Estimate throughput and identify bottlenecks in a system including networking
Predict Future Resource Needs (200.2)
Monitor IT infrastructure
Predict future growth
Resource Exhaustion
Questions and answers
1. Linux Kernel (201)
Kernel Components (201.1)
Key knowledge Areas:
Terms and Utilities
Different types of kernel images
Overview of numbering schemes for kernels and patches
Scheme up to 2.6.0 kernels
Kernel Versioning since kernel version 2.6.0 and up to 3.0
Kernel Versioning since kernel version 3.0
What are kernel modules
Compiling a Linux kernel (201.2)
Key Knowledge Areas
Terms and Utilities
Getting the kernel sources
Cleaning the kernel
Creating a .config file
make config
make menuconfig
make xconfig and gconfig
make oldconfig
Compiling the kernel
Installing the new kernel
The initial ram disk (initrd)
Manual initrd creation
Patching a Kernel
Removing a kernel patch from a production kernel
Kernel runtime management and troubleshooting (201.3)
Customise, build and install a custom kernel and kernel modules
Manipulating modules
Configuring modules
Module Dependency File
kmod versus kerneld
Building A Custom Kernel
/proc filesystem
Contents of /, /boot, and /lib/modules
Tools and utilities to trace software and their system and library calls
The bootprocess
Hardware and Kernel Information
udev
Questions and answers
2. System Startup (202)
Customizing SysV-init system startup (202.1)
Key Knowledge Areas
Terms and Utilities
Create initrd using mkinitrd
Create initrd using mkinitramfs
Setting the root device
The Linux Boot process
The init process
update-rc.d
The LSB standard
The bootscript environment and commands
System recovery (202.2)
Objectives
Key Knowledge Areas
Terms and Utilities
GRUB explained
Differences with GRUB Legacy
GRUB Legacy
Influencing the regular boot process
The Rescue Boot process
Alternate Bootloaders (202.3)
Key Knowledge Areas
Terms and Utilities
LILO
SYSLINUX, ISOLINUX, PXELINUX: The Syslinux Project
Syslinux Boot Configuration
PXELINUX
Understanding PXE
Proxy DHCP for PXE
Example DHCP request
Questions and answers
3. Filesystem and Devices (203)
Operating The Linux Filesystem (203.1)
Key Knowledge Areas
Terms and Utilities
The File Hierarchy
Filesystems
Creating Filesystems
Mounting and Unmounting
Swap
UUIDs
sync
Maintaining a Linux Filesystem (203.2)
Key Knowledge Areas
Terms and Utilities
Disk Checks
fsck (fsck.*)
mkfs (mkfs.*)
tune2fs
dumpe2fs
badblocks
debugfs
ext4
btrfs awareness
mkswap
xfs_info
xfs_check
xfs_repair
smartmontools: smartd and smartctl
Creating And Configuring Filesystem Options (203.3)
Key Knowledge Areas
Terms and Utilities
Autofs and automounter
CD-ROM filesystem
Encrypted file systems
Questions and answers
4. Advanced Storage Device Administration (204)
Configuring RAID (204.1)
Key Knowledge Areas
Terms and Utilities
What is RAID?
RAID levels
Hardware RAID
Software RAID
Recognizing RAID on your Linux system
Configuring RAID (using mdadm)
Configuring RAID (alternative)
Adjusting Storage Device Access (204.2)
Key Knowledge Areas
Terms and Utilities
Configuring disks
Configuring kernel options
Logical Volume Manager (204.3)
Key Knowledge Areas
Terms and Utilities
Configuring Logical Volume Management
Modifying logical volumes, volume groups and physical volumes
LVM Snapshots
LVM commands
Device mapper
Questions and answers
5. Networking Configuration (205)
Basic Networking Configuration (205.1)
Key Knowledge Areas
Terms and Utilities
Configuring the network interface
The Loopback Interface
Ethernet Interfaces
Routing Through a Gateway
The ip command
ARP, Address Resolution Protocol
Wireless networking
Advanced Network Configuration and Troubleshooting (205.2)
Key Knowledge Areas
Terms and Utilities
Virtual Private Network
Troubleshooting
Troubleshooting network issues (205.3)
Key Knowledge Areas
Terms and Utilities
Introduction to network troubleshooting
An example situation
Name resolution problems
Incorrect initialization of the system
Security settings
Network configuration
NetworkManager
Questions and answers
6. System Maintenance (206)
Make and install programs from source (206.1)
Key Knowledge Areas
Terms and Utilities
Unpacking source code
Building from source
Patch
Backup Operations (206.2)
Key Knowledge Areas
Terms and Utilities
Why?
What?
When?
How?
Where?
Backup utilities
Backup solutions
Notifying users on system-related issues (206.3)
Key Knowledge Areas
Terms and Utilities
The /etc/issue, /etc/issue.net, and /etc/motd files
The wall command
The shutdown command communication.
Questions and answers
7. Domain Name Server (207)
Basic DNS server configuration (207.1)
Key Knowledge Areas
Terms and Utilities
Name-server components in BIND
The named.conf file
The named name server daemon
The rndc program
Sending signals to named
Controlling named with a start/stop script
dnsmasq
The dig and host utilities
Create and maintain DNS zones (207.2)
Key Knowledge Areas
Terms and Utilities
Zones and reverse zones
Master and slave servers
Creating subdomains
DNS Utilities
Securing a DNS Server (207.3)
Key Knowledge Areas
Terms and Utilities
DNS Security Strategies
Making information harder to get
Controlling requests
Limiting effects of an intrusion
Securing nameserver connections
dnssec-signzone
Internal DNS
TSIG
Questions and answers
8. Web Services (208)
Basic Apache Configuration (208.1)
Key Knowledge Areas
Terms and utilities
Installing the Apache web-server
Modularity
Run-time loading of modules (DSO)
Monitoring Apache load and performance
Enhancing Apache performance
Apache access_log file
Apache error_log file
Restricting client user access
Configuring authentication modules
User files
Group files
Configuring mod_perl
Configuring mod_php support
The httpd binary
Configuring Apache server options
Apache Virtual Hosting
Customizing file access
Apache configuration for HTTPS (208.2)
Key Knowledge Areas
Terms and Utilities:
Apache2 configuration files
Encrypted webservers: SSL
Directory /etc/ssl/
How to create a SSL server Certificate
Apache SSL Directives
Creating and installing a self-signed certificate for Apache
Other Apache Directives
SSL with Apache Virtual Hosts
SSL Security Issues
Implementing Squid as a caching proxy (208.3)
Key Knowledge Areas
The following is a partial list of the used files, terms and utilities:
Web-caches
squid
Redirectors
Authenticators
Access policies
Authenticator Behaviour
Utilizing memory usage
Implementing Nginx as a web server and a reverse proxy (208.4)
Key Knowledge Areas
Terms and Utilities
NGINX
Questions and answers
9. File Sharing (209)
SAMBA Server Configuration (209.1)
Key Knowledge Areas
Terms and Utilities
What is Samba?
Installing the Samba components
Samba commands
Samba logging
Account information databases
Samba configuration
Security levels and modes
Examples
Setting up a nmbd WINS server
Creating logon scripts for clients
Configuring an NFS Server (209.2)
Key Knowledge Areas
Terms and Utilities
NFS - The Network File System
Setting up NFS
Testing NFS
Securing NFS
Overview of NFS components
NFS protocol versions
NFSv4
Questions and answers
10. Network Client Management (210)
DHCP Configuration (210.1)
Key Knowledge Areas
Terms and Utilities
What is DHCP?
How is the server configured?
An example
Controlling the DHCP-server's behaviour
DHCP-relaying
PAM authentication (210.2)
Key Knowledge Areas
Terms and Utilities
What is PAM?
How does it work?
Modules
LDAP client usage (210.3)
Key Knowledge Areas
Terms and Utilities
LDAP
ldapsearch
ldappasswd
ldapadd
ldapdelete
More on LDAP
Configuring an OpenLDAP server (210.4)
Key Knowledge Areas
Terms and Utilities
OpenLDAP
References
Questions and answers
11. E-Mail services (211)
Using e-mail servers (211.1)
Key Knowledge Areas
Terms and Utilities
Basic knowledge of the SMTP protocol
Sendmail
Important sendmail files
Antirelaying
Sendmail test option
Sendmail and DNS
Manual entries in sendmail.cf
Exim
Postfix
Logging
Sendmail emulation layer commands
/var/spool/mail
Managing local e-mail delivery (211.2)
Key Knowledge Areas
Terms and Utilities
Procmail
Mbox and maildir storage formats
Managing remote e-mail delivery (211.3)
Key Knowledge Areas
Terms and Utilities:
Courier IMAP and POP configuration
Dovecot
Questions and answers
12. System Security (212)
Configuring a router (212.1)
Key Knowledge Areas
Terms and Utilities
Private Network Addresses
Network Address Translation (NAT)
The Linux firewall, an overview
Saving And Restoring Firewall Rules
Port and/or IP forwarding
Denial of Service (DoS) attacks
Using /proc/sys/net/ipv4 (sysctl) to prevent simple DOS attacks
Routed
Tools, commands and utilities to manage routing tables
ip6tables
Managing FTP servers (212.2)
Key Knowledge Areas
Terms and Utilities
FTP connection modes
Active mode
Passive mode
Enabling connections through a firewall
vsftpd
Pure-FTPd
Other FTP servers
Secure shell (SSH) (212.3)
Key Knowledge Areas
Terms and utilities
SSH client and server
Keys and their purpose
Configuring sshd
ssh-agent
Tunneling an application protocol over ssh with portmapping
Security tasks (212.4)
Key Knowledge Areas:
Terms and utilities:
nc (netcat)
The fail2ban command
The nmap command
OpenVAS
The Snort IDS (Intrusion Detection System)
Intrusion Detection and Prevention Systems
Keeping track of security alerts
Testing for open mail relays with telnet
OpenVPN (212.5)
Key Knowledge Areas:
Terms and Utilities:
OpenVPN
Questions and answers
A. LPIC Level 2 Objectives
Bibliography
Index

List of Figures

2.1. pxelinux.0 embedded options (optional)

List of Tables

7.1. Major BIND components
7.2. Controlling named
7.3. /etc/init.d/bind parameters
9.1. Kernel options for NFS
9.2. Overview of exportfs
9.3. Overview of showmount
9.4. Some options for the nfsstat program
9.5. Overview of NFS-related programs and files
9.6. Overview of NFS protocol versions
10.1. The first two octets are 21.31
10.2. Company-wide services
10.3. Subnet-dependent Services
10.4. LDAP field operators
12.1. Valid chains per table
A.1. LPIC Level 200 - 206 Objectives And Their Relative Weight
A.2. LPIC Level 207 - 212 Objectives And Their Relative Weight
Copyright Snow B.V. The Netherlands