Linux+ (2009 Edition) Study Notes 1 Linux+ (2009 Edition) Study Notes Introduction The CompTIA Linux+ (2009 Edition) certification is a vendor neutral credential. The Linux+ exam is a validation of “foundation” level Linux skills and knowledge, and is used by organizations and security professionals around the globe. The skills and knowledge measured by this examination are derived from an industry-wide Job Task Analysis (JTA) and were validated through a global survey in Q4, 2008. The results of the survey were used to validate the content of the subject areas (domains) and exam objectives, as well as the overall domain weightings, ensuring the importance of one domain relative to another. The CompTIA Linux+ (2009 Edition) certification is aimed at an IT administrator experienced in Windows or other operating systems who also has at least 6-12 months as a Linux system administrator. The exam assumes experience with command line utilities, common administrative tasks, and troubleshooting. Domain Percentage of Examination 1.0 Installation & Configuration 22% 2.0 System Maintenance & Operations 28% 3.0 Application & Services 23% 4.0 Networking 14% 5.0 Security 13% Total 100% **Note: The lists of examples provided in bulleted format below each objective are not exhaustive lists. Other examples of technologies, processes or tasks pertaining to each objective may also be included on the exam although not listed or covered in this objectives document. CompTIA is constantly reviewing the content of our exams and updating test questions to be sure our exams are current and the security of the questions is protected. When necessary, we will publish updated exams based on existing exam objectives. Please know that all related exam preparation materials will still be valid.
Welcome message from author
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
Linux+ (2009 Edition) Study Notes 1
Linux+ (2009 Edition) Study Notes
Introduction
The CompTIA Linux+ (2009 Edition) certification is a vendor neutral credential. The Linux+ exam is a
validation of “foundation” level Linux skills and knowledge, and is used by organizations and security
professionals around the globe.
The skills and knowledge measured by this examination are derived from an industry-wide Job Task
Analysis (JTA) and were validated through a global survey in Q4, 2008. The results of the survey were
used to validate the content of the subject areas (domains) and exam objectives, as well as the overall
domain weightings, ensuring the importance of one domain relative to another.
The CompTIA Linux+ (2009 Edition) certification is aimed at an IT administrator experienced in Windows
or other operating systems who also has at least 6-12 months as a Linux system administrator. The exam
assumes experience with command line utilities, common administrative tasks, and troubleshooting.
Domain Percentage of Examination
1.0 Installation & Configuration 22% 2.0 System Maintenance & Operations 28% 3.0 Application & Services 23% 4.0 Networking 14% 5.0 Security 13% Total 100%
**Note: The lists of examples provided in bulleted format below each objective are not exhaustive lists.
Other examples of technologies, processes or tasks pertaining to each objective may also be included on
the exam although not listed or covered in this objectives document.
CompTIA is constantly reviewing the content of our exams and updating test questions to be sure our
exams are current and the security of the questions is protected. When necessary, we will publish
updated exams based on existing exam objectives. Please know that all related exam preparation
materials will still be valid.
Linux+ (2009 Edition) Study Notes 2
1.0 Installation and Configuration
1.1 Compare and contrast installation sources
Physical installation media
o CD-ROM
o DVD
Network types
o HTTP
o FTP
o NFS
http://www.linux.com/learn/tutorials/287317-linux-installation-choices
http://www.faqs.org/docs/Linux-HOWTO/Network-Install-HOWTO.html
http://www.linux.org/docs/beginner/install.html
1.2 Implement partitioning schemes and filesystem layout using the following
tools and practices
LVM – a method of allocating space on mass-storage devices that is more flexible than
conventional partitioning schemes
RAID – technology that provides increased storage reliability through redundancy, combining
multiple low-cost, less-reliable disk drive components into a logical unit where all drives in the
array are interdependent
fdisk – Partition table manipulator for Linux
parted – a partition manipulation program
mkfs – build a Linux file system
http://en.wikipedia.org/wiki/Disk_partitioning
1.3 Explain the purpose for using each of the following filesystem types
Local
o EXT2 – second extended filesystem
o EXT3 – third extended filesystem
o Reiser – general-purpose, journaled computer file system
o FAT – File Allocation Table
Linux+ (2009 Edition) Study Notes 3
o NTFS – New Technology File System
o VFAT – Virtual FAT
o ISO9660 – a.k.a. CDFS (Compact Disc File System) is a file system standard for optical
disc media
Network
o NFS – Network File System
o SMBFS / CIFS – Server Message Block file system/Common Internet File System
http://en.wikipedia.org/wiki/File_system
1.4 Conduct routine mount and unmount of filesystems
mount – mount a file system
umount – unmount file systems
/etc/fstab – static information about the filesystems
1.5 Explain the advantages of having a separate partition or volume for any of
the following directories
/boot
/home
/tmp
/usr
/var
/opt
http://tldp.org/LDP/lame/LAME/linux-admin-made-easy/install-partitioning.html
1.6 Explain the purpose of the following directories
/
/bin
/dev
/etc
/mnt
/proc
/root
Linux+ (2009 Edition) Study Notes 4
/sbin
/user/bin
/usr/local
/usr/lib
/usr/lib64
/usr/share
/var/log
http://www.tuxfiles.org/linuxhelp/linuxdir.html
http://www.comptechdoc.org/os/linux/usersguide/linux_ugfilestruct.html
1.7 Configure the boot process including the following
GRUB
o /boot/grub/grub.conf
o /boot/grub/menu.lst
o grub-install – install GRUB on your drive
o grub – the grub shell
http://wiki.linuxquestions.org/wiki/GRUB
http://www.gnu.org/software/grub/manual/grub.html
http://www.gnu.org/software/grub/
1.8 Perform the following package management functions
Install, remove and update programs
o rpm – RPM Package Manager
• rpm -Uvh – install a package using RPM
• rpm -qa – query all packages
• rpm -e – erase a package
• yum – Yellowdog Updater Modified
http://en.wikipedia.org/wiki/RPM_Package_Manager
http://en.wikipedia.org/wiki/Yellowdog_Updater,_Modified
o deb – package manager for Debian
• dpkg -i – install a package using DPKG
Linux+ (2009 Edition) Study Notes 5
• dpkg -r – remove an installed package
• apt-get – APT package handling utility – command-line interface
• apt-cache search – APT package handling utility – cache manipulator
http://www.cyberciti.biz/howto/question/linux/dpkg-cheat-sheet.php
o source
• ./configure
• make – make utility to maintain groups of programs
• make install
• make uninstall
• tar – GNU version of the tar archiving utility
• make clean
• autoconf – Generate configuration scripts
• make test
• tar.gz
• INSTALL
• bzip – a block-sorting file compressor
• gzip – compress or expand files
http://www.tuxfiles.org/linuxhelp/softinstall.html
Resolve dependencies
Add and remove repositories
1.9 Configure profile and environment variables system-wide and at the user
level
PS1
PS2
PATH
EDITOR
TERM
PAGER
HOME
PRINTER
Linux+ (2009 Edition) Study Notes 6
http://lowfatlinux.com/linux-environment-variables.html
http://www.comptechdoc.org/os/linux/usersguide/linux_ugenvironment.html
1.10 Troubleshoot boot issues using the following tools
Kernel options
Single-user mode (including recovering the root user)
Rescue – live CDs, DVDs and USB keys – bootable CDs/DVDs/USB sticks used to troubleshoot, or
to recover data from computers that fail to start properly
dmesg – print or control the kernel ring buffer
1.11 Manage devices using the following tools
lsusb – list all USB devices
lspci – list all PCI devices
lsmod – program to show the status of modules in the Linux Kernel
/sys
/proc/usbinfo
modprobe – program to add and remove modules from the Linux Kernel
/proc – process information pseudo-filesystem
/etc/modules.conf – configuration file for loading kernel modules
/etc/modprobe.conf – configuration file/directory for modprobe
Hardware Compatibility List (HCL) – list of computer hardware (typically including many types of
peripheral) that is compatible with a particular operating system or device management
software.
Linux+ (2009 Edition) Study Notes 7
2.0 System Maintenance and Operations
2.1 Given a scenario, use the following fundamental Linux tools, techniques
and resources
• Directory navigation (cd, ls, pushd, popd, pwd)
• File commands
o file – determine file type
o test – check file types and compare values
o find – search for files in a directory hierarchy
o locate – find filenames quickly
o slocate – Security Enhanced version of the GNU Locate
o which – shows the full path of (shell) commands
o whereis – locate the binary, source, and manual page files for a command
o ln – make links between files
o ls -F – list directory contents, append indicator (one of */=@|) to entries
o mknod – make block or character special files
o touch – change file timestamps
o mkdir – make directories
o mv – move (rename) files
o cp – copy files and directories
o rm – remove files or directories
o cd – change the current directory
o file types
• hardlinks, softlinks, directory, device file, regular file, named pipe
• File editing with vi – see also ‘vimtutor’ program under Linux
http://en.wikipedia.org/wiki/Vim_%28text_editor%29
• Process management
o ps – report a snapshot of the current processes
o kill – terminate a process
o top – display Linux tasks
Linux+ (2009 Edition) Study Notes 8
o iostat – report CPU statistics and I/O statistics for devices and partitions
o pstree – display a tree of processes
o nice – run a program with modified scheduling priority
o renice – alter priority of running processes
o signals
o PID – process ID (see help for ‘top’ and ‘ps’ for info on PID and PPID)
o PPID – parent process ID
• I/O redirection
o <
o >
o =
o ==
o |
o ;
o tee – read from standard input and write to standard output and files
o xargs – build and execute command lines from standard input
o STDIN
o STDOUT
o STDERR
Special devices
o /dev/null – data sink
http://en.wikipedia.org/wiki//dev/null
o /dev/random – random number generator
http://en.wikipedia.org/wiki//dev/random
o /dev/zero – data sink
http://en.wikipedia.org/wiki//dev/zero
o /dev/urandom
System documentation
o Man pages
• man# – format and display the on-line manual pages
Linux+ (2009 Edition) Study Notes 9
• apropos – search the whatis database for strings
• makewhatis – create whatis database
• whatis – search the whatis database for complete words
o Info pages
o /usr/share/docs – location where most Linux documentation resides
Virtual consoles – a.k.a. Virtual terminal (VT) is a conceptual combination of the keyboard and
display for a computer user interface
http://luv.asn.au/overheads/virtualconsoles.html
Kernel / architecture information
o cat – concatenate files and print on the standard output
o /proc/version – obtain kernel and gcc version
http://www.cyberciti.biz/faq/howto-find-out-what-kernel-version-running/
o uname – print system information
o common sysctl settings
http://www.cyberciti.biz/faq/linux-kernel-etcsysctl-conf-security-hardening/
o /etc/sysctl.conf – sysctl(8) preload/configuration file
2.2 Conduct basic tasks using BASH
Basics of scripting (only: execute permission, #!/bin/bash, sh script)
Shell features
o history – display the command history list with line numbers
o tab completion – a common feature of command line interpreters, in which the
program automatically fills in partially typed commands.
http://en.wikipedia.org/wiki/Bash_%28Unix_shell%29
http://en.wikipedia.org/wiki/Bourne_shell
2.3 Given a scenario, analyze system and application logs to troubleshoot
Linux systems
Common log files
o /var/log/messages – General message and system related stuff
o /var/log/syslog – System logs
o /var/log/maillog – Mail server logs
Linux+ (2009 Edition) Study Notes 10
o /var/log/secure – Authentication log
o /var/log/lastlog – lastlog logging file
https://help.ubuntu.com/community/LinuxLogFiles
Rotated logs
o logrotate – rotates, compresses, and mails system logs
Searching and interpreting log files
o grep – print lines matching a pattern
o tail -f – output the last part of files, output appended data (follow) as the file grows
o awk – pattern scanning and processing language
o sed – stream editor
2.4 Conduct and manage backup and restore operations
Copying data
o rsync – faster, flexible replacement for rcp
o ftp – a Internet file transfer program
Archive and restore commands
o cpio – copy files to and from archives
o tar – GNU version of the tar archiving utility
o dump – ext2/3 filesystem backup
o restore – restore files or file systems from backups made with dump
o dd – convert and copy a file
http://en.wikipedia.org/wiki/Dd_%28Unix%29
Write to removable media (CD-RW, DVD-RW)
2.5 Explain the following features and concept of X11
Starting and stopping X11
http://en.wikibooks.org/wiki/Guide_to_X11/Starting_Sessions
Difference between the X11 client and server
Window managers (KDM, GDM)
Multiple desktops
X11 configuration file (xorg.conf)
Linux+ (2009 Edition) Study Notes 11
Terminal emulators (xterm, etc)
2.6 Explain the difference in runlevels and their purpose
Command: init – process control initialization
http://en.wikipedia.org/wiki/Init
Runlevels
o 0 - Halt
o 1 - single-user mode
o 2 - single-user mode with networking
o 3 - networked multi-user mode
o 4 - user configurable
o 5 - X11 multi-user mode
o 6 - reboot
2.7 Manage filesystems using the following
Check disk usage
o df – report filesystem disk space usage
o du – estimate file space usage
Quotas
o edquota – edit user quotas
o repquota – summarize quotas for a filesystem
o quotacheck – scan a filesystem for disk usage, create, check and repair quota files
Check and repair filesystems (fsck)
Loopback devices (ISO filesystems)
NFS
http://nfs.sourceforge.net/nfs-howto/
o configuration
o mount
o exports – NFS file systems being exported (for Kernel based NFS)
o fstab – static information about the filesystems
o /etc/exports
Linux+ (2009 Edition) Study Notes 12
o showmount – show mount information for an NFS server
Swap
o mkswap – set up a Linux swap area
o swapon – start/stop swapping to file/device
o swapoff – start/stop swapping to file/device
2.8 Implement task scheduling using the following tools
cron (cron.allow, cron.deny) – daemon to execute scheduled commands
crontab command syntax – maintain crontab files for individual users
crontab file format – tables for driving cron
at (atq) – queue, examine or delete jobs for later execution
2.9 Utilize performance monitoring tools and concepts to identify common
problems
Commands
o sar – collect, report, or save system activity information
o iostat – report Central Processing Unit (CPU) statistics and input/output statistics for
devices and partitions
o vmstat – report virtual memory statistics
o uptime – tell how long the system has been running
o top – display Linux tasks
Load average
Linux+ (2009 Edition) Study Notes 13
3.0 Application and Services
3.1 Manage Linux system services using the following
/etc/init.d
o start
o stop
o restart
http://www.ghacks.net/2009/04/04/get-to-know-linux-the-etcinitd-directory/
inetd – internet “super-server”
http://en.wikipedia.org/wiki/Inetd
xinetd – the extended Internet services daemon
http://en.wikipedia.org/wiki/Xinetd
chkconfig – updates and queries runlevel information for system services
3.2 Implement interoperability with Windows using the following
rdesktop - client – a an open source client for Windows Terminal Services, capable of natively
speaking Remote Desktop Protocol (RDP) in order to present the user's Windows desktop
http://en.wikipedia.org/wiki/Rdesktop
vnc - server and client – a graphical desktop sharing system that uses the RFB protocol to
remotely control another computer.
http://www.csd.uwo.ca/~magi/doc/vnc/
Samba - server and client – a Windows SMB/CIFS fileserver for UNIX
o smb.conf – the configuration file for the Samba suite
o winbind – UNIX implementation of Microsoft RPC calls, Pluggable Authentication
Modules (PAMs), and the name service switch (NSS) to allow Windows NT domain users
to appear and operate as UNIX users on a UNIX machine.
http://lists.samba.org/archive/samba/2001-October/030378.html
o lmhosts – the Samba NetBIOS hosts file
http://www.samba.org/
http://en.wikipedia.org/wiki/Samba_%28software%29
Security and authentication (Kerberos)
Linux+ (2009 Edition) Study Notes 14
http://en.wikipedia.org/wiki/Kerberos_%28protocol%29
3.3 Implement, configure and maintain Web and FTP services
Apache – http://www.apache.org/
http://httpd.apache.org/docs/2.2/
o Maintain PHP settings (php.ini) – controls many aspects of PHP’s behaviour
Check: /etc/php.ini
o Edit Apache configuration files
• Enable and disable modules – see /etc/http/httpd.conf
o Containers
• Virtual hosts
• Directories
o Access control (.htaccess)
o CGI (ExecCGI, ScriptAlias)
o Commands: apachectl (-t, -S, graceful, restart)
o Configuring apache logs
http://httpd.apache.org/docs/2.1/glossary.html
FTP services
o Configure FTP users
• /etc/ftpusers – list of users that may not log in via the FTP daemon
• chroot – run command or interactive shell with special root directory
o Configure anonymous access – edit /etc/vsftpd/vsftpd.conf
http://www.faqs.org/docs/securing/ftpd.html
http://www.linuxhomenetworking.com/wiki/index.php/Quick_HOWTO_:_Ch15_:_Linux_FTP_Server
_Setup
3.4 Given a scenario, explain the purpose of the following web-related services
Tomcat – an open source servlet container, which implements the Java Servlet and the
JavaServer Pages (JSP) specifications and provides a "pure Java" HTTP web server environment
for Java code to run
Apache – web server software
Linux+ (2009 Edition) Study Notes 15
Squid – a proxy server and web cache daemon with a wide variety of uses, from speeding up a
web server by caching repeated requests, caching web, DNS and other computer network
lookups for a group of people sharing network resources, and aiding security by filtering traffic
3.5 Troubleshoot web-related services using the following utilities
Commands
o curl – transfer a URL
o wget – the non-interactive network downloader.
o ftp – Internet file transfer program
o telnet – user interface to the TELNET protocol
3.6 Given a scenario, troubleshoot common FTP problems
Active vs. passive
ASCII vs. binary
3.7 Given a scenario, perform the following MySQL administrative tasks
Locate configuration file
Starting and stopping
Test the connection
http://www.yolinux.com/TUTORIALS/LinuxTutorialMySQL.html
http://www.linuxhomenetworking.com/wiki/index.php/Quick_HOWTO_:_Ch34_:_Basic_MySQL_Co
nfiguration
3.8 Explain the purpose of each of the following mail services, protocols and
features
Protocols – used for communicating data across a packet-switched internetwork using the
Internet Protocol Suite, also referred to as TCP/IP
o SMTP – Simple Mail Transfer Protocol
o IMAP – Internet Message Access Protocol
o POP3 – Post Office Protocol version 3
MTA – software that transfers e-mail between computers
o Postfix – a free and open-source mail transfer agent (MTA) that routes and delivers
electronic mail
o Sendmail – a general purpose internetwork email routing facility that supports many
kinds of mail-transfer and delivery methods
Linux+ (2009 Edition) Study Notes 16
Email aliases – a forwarding e-mail address
o /etc/aliases – aliases file for sendmail
o newaliases – rebuild the data base for the mail aliases file
http://www.linuxhomenetworking.com/wiki/index.php/Quick_HOWTO_:_Ch21_:_Configuring_Linu
x_Mail_Servers
3.9 Deploy and manage CUPS print services
Enable and disable queues
Web management interface (port 631)
Printing commands
o lpr – print files
o lp – print files
o lpq – show printer queue status
o lpstat – print cups status information
o cancel – cancel jobs
http://www.cups.org/doc-1.1/sam.html
3.10 Set up, install, configure and maintain a BIND DNS server and related
services
DNS utilities – a hierarchical naming system for computers, services, or any resource connected
to the Internet or a private network
o named – Internet domain name server
o rndc – name server control utility
http://en.wikipedia.org/wiki/BIND
Config file locations (/var/named)
Forward zones, reverse zones, root hints
http://www.linuxhomenetworking.com/wiki/index.php/Quick_HOWTO_:_Ch18_:_Configuring_DNS
3.11 Perform basic administration of the DHCP server
/etc/dhcpd.conf – dhcpd configuration file
dhcpd.leases – DHCP client lease database
http://linuxmanpages.com/man8/dhcpd.8.php
Linux+ (2009 Edition) Study Notes 17
http://www.linuxhomenetworking.com/wiki/index.php/Quick_HOWTO_:_Ch08_:_Configuring_the_
DHCP_Server
3.12 Given a scenario, troubleshoot NTP related issues
/etc/ntp.conf – the default name of the configuration file (/etc/ntp/ntp.conf)
ntpdate – set the date and time via NTP
date – print or set the system date and time
ntpq -p – standard NTP query program
http://en.wikipedia.org/wiki/Network_Time_Protocol
http://www.ntp.org/documentation.html
http://tldp.org/LDP/sag/html/basic-ntp-config.html
http://www.linuxhomenetworking.com/wiki/index.php/Quick_HOWTO_:_Ch24_:_The_NTP_Server
Linux+ (2009 Edition) Study Notes 18
4.0 Networking
4.1 Identify common networking ports and the associated service
20 – ftp data (FTP)
21 – ftp control (FTP)
22 – secure shell (SSH)
23 – telnet
25 – simple mail transfer protocol (SMTP)
53 – domain name server (DNS)
80 – hypertext transfer protocol (HTTP)
110 – post office protocol (POP3)
123 – network time protocol (NTP)
143 – internet message access protocol (IMAP)
443 – hypertext transfer protocol secure (HTTPS)
631 – internet printing protocol (IPP)
3306 – MySQL
/etc/services – Internet network services list
4.2 Execute network interface configuration using the following
dhclient – Dynamic Host Configuration Protocol Client
dhcpcd – DHCP client daemon
ifconfig – configure a network interface
iwconfig –configure a wireless network interface
route – show / manipulate the IP routing table
ifup – bring a network interface up
ifdown – take a network interface down
network configuration files
http://linux.die.net/Linux-CLI/c8319.htm
http://www.linuxhomenetworking.com/wiki/index.php/Quick_HOWTO_:_Ch03_:_Linux_Networkin
g
Linux+ (2009 Edition) Study Notes 19
4.3 Implement configurations and/or configuration changes for the following
Packet filtering: iptables – administration tool for IPv4 packet filtering and NAT
http://en.wikipedia.org/wiki/Iptables
http://www.netfilter.org/documentation/FAQ/netfilter-faq.html
Hostname lookup
o /etc/hosts – the static table lookup for host names
o /etc/nsswitch.conf – system Databases and Name Service Switch configuration file
o /etc/resolv.conf – DNS client
4.4 Explain the different DNS record types and the process of DNS resolution
Local resolution
TTL/caching – a limit on the period of time or number of iterations or transmissions in computer
and computer network technology that a unit of data (e.g. a packet) can experience before it
should be discarded.
Root name servers – a name server for the Domain Name System's root zone, which directly
answers requests for records in the root zone and answers other requests returning a list of the
designated authoritative name servers for the appropriate top-level domain (TLD)
A – returns a 32-bit IPv4 address, commonly used to map hostnames to host IP address
MX – maps a domain name to a list of message transfer agents for that domain
PTR – pointer to a canonical name
CNAME – alias of one name to another
NS – delegates a DNS zone to use the given authoritative name servers
TXT – originally for arbitrary human-readable text in a DNS record
http://www.dns.net/dnsrd/rr.html
http://www.debianhelp.co.uk/dnsrecords.htm
http://en.wikipedia.org/wiki/List_of_DNS_record_types
4.5 Troubleshoot basic connectivity issues using the following tools
netstat – print network connections, routing tables, interface statistics, masquerade
connections, and multicast memberships
ping – send ICMP ECHO_REQUEST to network hosts
traceroute – print the route packets take to network host
Linux+ (2009 Edition) Study Notes 20
arp – manipulate the system ARP cache
telnet – user interface to the TELNET protocol
route – show / manipulate the IP routing table
4.6 Troubleshoot name resolution issues using the following tools
dig – DNS lookup utility
host – DNS lookup utility
nslookup – query Internet name servers interactively
hostname – show or set the system's host name
Linux+ (2009 Edition) Study Notes 21
5.0 Security
5.1 Manage and monitor user and group accounts using the following
Tools
o useradd – Create a new user or update default new user information
o userdel – Delete a user account and related files
o usermod – Modify a user account
o groupadd – Create a new group
o groupdel – Delete a group
o groupmod – Modify a group
o lock – usermod –l, passwd -l
o who – show who is logged on
o w – Show who is logged on and what they are doing.
o last – show listing of last logged in users
o whoami – print effective userid
Files
o /etc/skel – default environment file for new users
o /etc/passwd – password file
o /etc/shadow – encrypted password file
o /etc/group – user group file
http://www.faqs.org/docs/linux_admin/x2331.html
5.2 Given a scenario, select the appropriate file permissions and ownership
and troubleshoot common problems
Tools
o chmod – change file access permissions
o chown – change file owner and group
o chroot – run command or interactive shell with special root directory
o chgrp – change group ownership
o lsattr – list file attributes on a Linux second extended file system
o chattr – change file attributes on a Linux second extended file system
Linux+ (2009 Edition) Study Notes 22
o umask – set or get the file-creation mask
Special permissions
o setuid – set user ID upon execution
o setgid – set group ID upon execution
o sticky bit – an access-right flag that can be assigned to files and directories on Unix
systems
5.3 Explain the basics of SELinux
Running modes
o Enabled
o Disabled
o Permissive
http://wiki.centos.org/HowTos/SELinux
5.4 Given a scenario, implement privilege escalation using the following
sudo – execute a command as another user
su – run a shell with substitute user and group IDs
/etc/sudoers – list of which users may execute what
http://www.linuxhomenetworking.com/wiki/index.php/Quick_HOWTO_:_Ch09_:_Linux_Users_and
_Sudo
5.5 Explain the appropriate use of the following security related utilities
nmap – (Network MAPper) is a security scanner used to discover hosts and services on a
computer network, thus creating a "map" of the network
http://nmap.org/
Wireshark – a free and open-source packet analyzer used for network troubleshooting, analysis,
software and communications protocol development, and education.
http://www.wireshark.org/
NESSUS – a proprietary comprehensive vulnerability scanning program, free of charge for
personal use in a non-enterprise environment, used to detect potential vulnerabilities on tested
systems
http://www.nessus.org/nessus/
Linux+ (2009 Edition) Study Notes 23
Snort – a free and open source network intrusion prevention system (NIPS) and network
intrusion detection system (NIDS) capable of performing packet logging and real-time traffic
analysis on IP networks
http://www.snort.org/
Tripwire – a free software security and data integrity tool useful for monitoring and alerting on
specific file change(s) on a range of systems
http://www.tripwire.com/
5.6 Use checksum and file verification utilities
md5sum – compute and check MD5 message digest
http://en.wikipedia.org/wiki/Md5sum
sha1sum – compute and check SHA1 message digest
http://en.wikipedia.org/wiki/Sha1sum
gpg – encryption and signing tool
http://en.wikipedia.org/wiki/GNU_Privacy_Guard
http://www.gnupg.org/
5.7 Deploy remote access facilities using the following
Secure tunnels
SFTP – secure file transfer program
http://en.wikipedia.org/wiki/SSH_file_transfer_protocol
X11 forwarding
Keygen – ssh-keygen - authentication key generation, management and conversion
http://en.wikipedia.org/wiki/Keygen
SSH – OpenSSH SSH client (remote login program)
http://en.wikipedia.org/wiki/Secure_Shell
VNC – a graphical desktop sharing system that uses the RFB protocol to remotely control
another computer by transmitting the keyboard and mouse events from one computer to
another, relaying the graphical screen updates back in the other direction, over a network.
http://www.realvnc.com/
5.8 Explain the methods of authentication
PAM – a mechanism to integrate multiple low-level authentication schemes into a high-level
application programming interface (API).
Linux+ (2009 Edition) Study Notes 24
http://www.kernel.org/pub/linux/libs/pam/
LDAP – an application protocol for querying and modifying data using directory services running
over TCP/IP
http://tldp.org/HOWTO/LDAP-HOWTO/
http://www.ldapman.org/articles/intro_to_ldap.html
NIS – a client–server directory service protocol for distributing system configuration data such as
user and host names between computers on a computer network
http://tldp.org/HOWTO/NIS-HOWTO/
RADIUS – a networking protocol that provides centralized Authentication, Authorization, and
Accounting (AAA) management for computers to connect and use a network service.
http://www.gnu.org/software/radius/
http://freeradius.org/
Two-factor authentication –using any independent two authentication methods to increase the
assurance that the bearer has been authorized to access secure systems.
Linux+ (2009 Edition) Study Notes 25
References
Linux Man Pages
Linux Man Pages – die.net
The Linux Documentation Project
Linux Administration Made Easy
HowToForge
TuxFiles
nixCraft
Linux Home Networking
Wikipedia
GNU Foundation
Linux Kernel Archives
Linux.com
Linux Online
Linux+ (2009 Edition) Study Notes 26
Acronym List
Acronym Meaning
ASCII American Standard Code for Information Interchange
ACPI Advanced Configuration and Power Interface
BASH Bourne Again Shell
BIND Berkeley Internet Naming Daemon
CD Compact Disc
CGI Common Gateway Interface
CIFS Common Internet file System
CUPS Common Unix Printing System
DHCP Dynamic Host Configuration Protocol
DNS Domain Name Service
DVD Digital Versatile Disc
FAT File Allocation Table
FTP File Transfer Protocol
GB Gigabyte
GDM GNOME Display Manager
GNU GNU is not Unix
GPG GNU Privacy Guard
GPM Group Policy Management
GRUB Grand Unified Bootloader
GUID Globally Unique Identifier
HDD Hard Disk Drive
HTTP Hyper Text Transfer Protocol
HTTPS Hyper Text Transfer Protocol-Secure
IMAP Internet Message Access Protocol
ISC Internet Software Consortium
ISO International Standards Organization
JVM Java Virtual Machine
KDM KDE Display Manager
L2TP Level 2 Transfer Protocol
LDAP Lightweight Directory Access Protocol
LILO Linux Loader
LVM Logical Volume Manager
MAC Media Access Control
MB Megabyte
MTA Mail Transport Agent
MUA Mail User Agent
MX Mail Exchanger
NFS Network File System
NIC Network Interface Card
NIS Network Information Service
Linux+ (2009 Edition) Study Notes 27
Acronym Meaning
NMAP Network Mapper
NNTP Network News Transfer Protocol
NSCD Name Service Cache Daemon
NTFS NT File System
NTP Network Time Protocol
OS Operating System
PAM Pluggable Authentication Module
PHP Personal Home Pages
PID Process ID
POP Post Office Protocol
PPC Power PC
PPID Parent Process ID
PPP Point to Point Protocol
RADIUS Remote Authentication Dial-in User Services
RAID Redundant Array of Independent Disks
RDP Remote Desktop Protocol
RPM RedHat Package Manager
SAN Storage Area Network
SCP Secure Copy
SCSI Small Computer System Interface
SELinux Security Enhanced Linux
SFTP Secure File Transfer Protocol
SH Shell
SMBFS Server Message Block File System
SMTP Simple Mail Transport Protocol
SNMP Simple Network Management Protocol
SSH Secure Shell
SSID Service Set Identifier
TTL Time to Live
USB Universal Serial Bus
VFAT Virtual File Allocation Table
VNC Virtual Network Computer
Linux+ (2009 Edition) Study Notes 28
About
I created this guide to consolidate notes I took while studying for my Linux+ exam together with the
Certification Exam Objectives 2009 Edition. While the CompTIA Linux+ Objectives (2009 Edition)
Certification Exam Objectives is much more comprehensive the 2004 Edition, there are still some areas
that are not clear. To this end, I have inserted notes and hyperlinks to web pages to help explain more
about each topic in the objectives. I hope that this guide proves useful in helping you learn Linux quickly!
If you have found this guide useful, please donate to or volunteer with Child Rights and You
(http://www.cry.org), or to any charitable organization of your choice.
Vasudev
This work is licensed under a Creative Commons Attribution-Noncommercial-Share Alike 3.0 Unported
License.
Related Documents
