# LPIC-2 202 Linux Server Professional Certification ## Overview LPIC-2 is the second certification in LPI’s multi-level professional certification program. The LPIC-2 will validate the candidate's ability to administer small to medium–sized mixed networks. The candidate must have an active LPIC-1 certification to receive LPIC-2 certification, but the LPIC-1 and LPIC-2 exams may be taken in any order. ## Duration Full time 5 days. ## Technical Skill **To become LPIC-2 certified the candidate must be able to**: * perform advanced system administration, including common tasks regarding the Linux kernel, system startup and maintenance; * perform advanced Management of block storage and file systems as well as advanced networking and authentication and system security, including firewall and VPN; * install and configure fundamental network services, including DHCP, DNS, SSH, Web servers, file servers using FTP, NFS and Samba, email delivery; and * supervise assistants and advise management on automation and purchases. ## Private Training The course can be offered privately onsite or on our premises. A minimum of 4 delegates is required to schedule the course. The course price is R9 500 onsite and R12 500 on our premises. There is no set date to run the course, we schedule the date that suits your team. ## Public Training This course is also offered publicly. The course runs at our offices in Cape Town or Johannesburg. A minimum of 4 delegates is required to run the course. A tentative date is set but the course will only be confirmed to run once we have 4 confirmed bookings. There is no set date as the course is run on demand. ## Course Curriculum ## Domain Name Server ### Basic DNS server configuration BIND 9.x configuration files, terms and utilities Defining the location of the BIND zone files in BIND configuration files Reloading modified configuration and zone files Awareness of dnsmasq, djbdns and PowerDNS as alternate name servers ### Create and maintain DNS zones BIND 9 configuration files, terms and utilities Utilities to request information from the DNS server Layout, content and file location of the BIND zone files Various methods to add a new host in the zone files, including reverse zones ### Securing a DNS server BIND 9 configuration files Configuring BIND to run in a chroot jail Split configuration of BIND using the forwarders statement Configuring and using transaction signatures (TSIG) Awareness of DNSSEC and basic tools ## Web Services ### Implementing a web server Apache 2.x configuration files, terms and utilities Apache log files configuration and content Access restriction methods and files mod\_perl and PHP configuration Client user authentication files and utilities Configuration of maximum requests, minimum and maximum servers and clients Apache 2.x virtual host implementation (with and without dedicated IP addresses) Using redirect statements in Apache’s configuration files to customize file access ### Apache configuration for HTTPS SSL configuration files, tools and utilities Ability to generate a server private key and CSR for a commercial CA Ability to generate a self-signed Certificate from private CA Ability to install the key and Certificate Awareness of the issues with Virtual Hosting and use of SSL Security issues in SSL use ### Implementing a proxy server Squid 3.x configuration files, terms and utilities Access restriction methods Client user authentication methods Layout and content of ACL in the Squid configuration files ### Implementing Nginx as a web server and a reverse proxy Nginx Reverse Proxy Basic Web Server ## File Sharing ### SAMBA Server Configuration Samba 3 documentation Samba configuration files Samba tools and utilities Mounting Samba shares on Linux Samba daemons Mapping Windows usernames to Linux usernames User-Level and Share-Level security ### NFS Server Configuration NFS version 3 configuration files NFS tools and utilities Access restrictions to certain hosts and/or subnets Mount options on server and client TCP Wrappers Awareness of NFSv4 ## Network Client Management ### DHCP configuration DHCP configuration files, terms and utilities Subnet and dynamically-allocated range setup ### PAM authentication PAM configuration files, terms and utilities passwd and shadow passwords ### LDAP client usage LDAP utilities for data management and queries Change user passwords Querying the LDAP directory ### Configuring an OpenLDAP server OpenLDAP Access Control Distinguished Names Changetype Operations Schemas and Whitepages Directories Object IDs, Attributes and Classes Awareness of System Security Services Daemon (SSSD) ## E-Mail Services ### Using e-mail servers Configuration files for postfix Basic knowledge of the SMTP protocol Awareness of sendmail and exim ### Managing Local E-Mail Delivery procmail configuration files, tools and utilities Usage of procmail on both server and client side ### Managing Remote E-Mail Delivery Courier IMAP and Courier POP configuration Dovecot configuration ## System Security ### Configuring a router iptables configuration files, tools and utilities Tools, commands and utilities to manage routing tables. Private address ranges Port redirection and IP forwarding List and write filtering and rules that accept or block datagrams based on source or Destination protocol, port and address Save and reload filtering configurations Awareness of ip6tables and filtering ### Securing FTP servers Configuration files, tools and utilities for Pure-FTPd and vsftpd Awareness of ProFTPd Understanding of passive vs. active FTP connections ### Secure shell (SSH) OpenSSH configuration files, tools and utilities Login restrictions for the superuser and the normal users Managing and using server and client keys to login with and without password Usage of multiple connections from multiple hosts to guard against loss of connection to remote host following configuration changes ### Security tasks Tools and utilities to scan and test ports on a server Locations and organizations that report security alerts as Bugtraq, CERT or other sources Tools and utilities to implement an intrusion detection system (IDS) Awareness of OpenVAS and Snort ### OpenVPN OpenVPN --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.peruzal.com/course-outlines/lpic-2-exam-202-linux-server-certification.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.