Chapter 40. System Security (Topic 2.212)
This Topic focuses on the methods used to secure Linux servers and workstations. The breadth of system security topics would require an entire exam to fully test, so LPI focuses only on routers, FTP servers, using OpenSSH, TCP wrappers, and ipchains/iptables.
This Topic contains five Objectives (numbered 2 through 6 instead of 1 through 5, because of changes during test development):
- Objective 2: Configuring a Router
The LPIC-2 candidate should be able to configure ipchains and iptables to perform IP masquerading and state the significance of network address translation (NAT) and private network addresses in protecting a network. This objective includes configuring port redirection, listing filtering rules, and writing rules that accept or block datagrams based upon source or destination protocol, port, and address. Also included are saving and reloading filtering configurations, using settings in /proc/sys/net/ipv4 to respond to DOS attacks, using /proc/sys/net/ipv4/ip_forward to turn IP forwarding on and off, and using tools such as PortSentry to block port scans and vulnerability probes. Weight: 2.
- Objective 3: Securing FTP Servers
The candidate should be able to configure an anonymous download FTP server. This Objective includes configuring an FTP server to allow anonymous uploads, listing additional precautions to be taken if anonymous uploads are permitted, configuring guest users and groups with chroot jail, and configuring ftpaccess ...
Get LPI Linux Certification in a Nutshell, 2nd Edition now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
