D. L. Corbet & Associates, LLC

Linux Capabilities and Performance Objectives

 

Planning Implementations

Skill Set(s): The basic knowledge and skills required to associate different hardware, software and services options with the specific purposes and requirements of Linux users.

Objectives

  • Identify purpose of Linux machine based on predetermined customer requirements (e.g., appliance, desktop system, database, mail server)
  • Identify all system hardware requirements supported by Linux as required by customer specifications (e.g., CPUs, RAM, graphics cards, storage devices, network interface cards, modem)
  • Determine what software and services should be installed (e.g., client applications for workstation, server services for desired task)
  • Determine how storage space will be allocated to file systems. (e.g., partition schemes)
  • Compare and contrast how major Linux licensing schemes work (e.g., GPL, LGPL, freeware, shareware, open source, closed source, artistic license)
  • Identify the function of different Linux services (e.g., Apache, Squid, SAMBA, Sendmail, ipchains, BIND)
  • Identify strengths and weaknesses of different distributions and their packaging solutions (e.g, tar ball vs. RPM/DEB)
  • Describe the functions, features, and benefits of a Linux solutions as compared with other operating systems (e.g., Linux distributions, available software)
  • Identify how the Linux kernel version numbering works
  • Identify where to obtain software and support

 

Installation

Skill Set(s): The basic knowledge and skills required to determine installation methods, selecting appropriate settings, protocols and software packages, and validate correct performance.

Objectives

  • Determine appropriate method of installation based on the environment (e.g., boot disk, CD-ROM, Network (HTTP, FTP, NFS, SMB)
  • Describe the different types of Linux installation interaction and determine which to use for a given situation (e.g., GUI, text, network)
  • Select appropriate parameters for Linux installation (e.g., language, time zones, keyboard, mouse)
  • Select packages based on the machine's "role" (e.g., Workstation, Appliance, Server, Custom)
  • Select appropriate options for partitions based on pre-installation choices (e.g., disk druid, FDISK, third party partitioning software)
  • Partition according to pre-installation plan using fdisk (e.g., /boot, /, /usr, /var/home, SWAP)
  • Configure file systems (e.g., ext2, Journalize, FAT, NTFS)
  • Select appropriate networking configuration and protocols (e.g., modems, Ethernet, Token-Ring)
  • Select appropriate security settings (e.g., Shadow password, root password, umask value, password limitations, password rules and MD-5 encryption)
  • Create users and passwords during installation
  • Install X Window server
  • Select Video card support (e.g., chipset, memory, support resolution(s))
  • Select appropriate monitor manufacturer and settings (e.g., custom, vertical and horizontal frequencies, non-interlacing)
  • Select the appropriate window managers or desktop environment (e.g., KDE, GNOME and others)
  • Explain when and why the kernel will need to be recompiled
  • Install boot loader (e.g., LILO, MBR, GRUB vs. first sector of boot partition)
  • Install and uninstall applications after installing the operating system (e.g., RPM, tar, gzip)
  • Read the Logfiles created during installation to verify the success of the installation
  • Validate that an installed application is performing correctly in both a test and a production environment

 

Configuration

Skill Set(s): The basic knowledge and skills required to configure system settings, network services, and access rights.

Objectives

  • Reconfigure the Xwindow System with automated utilities (e.g., Xconfigurator, XF86Setup)
  • Configure the client's workstation for remote access (e.g., ppp, ISDN)
  • Set environment variables (e.g, PATH, DISPLAY, TERM)
  • Configure basic network services and settings (e.g., netconfig, linuxconf; settings for TCP/IP, DNS, DHCP)
  • Configure basic server services (e.g., X, SMB, NIS, NFS)
  • Configure basic Internet services (e.g., HTTP, POP, SMTP, SNMP, FTP)
  • Identify when swap space needs to be increased
  • Add and configure printers
  • Install and configure add-in hardware (e.g., monitors, modems, network interfaces, scanners)
  • Reconfigure boot loader (e.g., LILO, GRUB)
  • Identify the purpose and characteristics of configuration files (e.g., BASH, inittab, fstab, /etc/*) 3.12 Edit basic configuration files (e.g., BASH files, inittab, fstab)
  • Load, remove, and edit list modules (e.g., insmod, rmmod, Ismod, modprobe)
  • Document the installation of the operating system, including configuration
  • Configure access rights (e.g., rlogin NIS, FTP, TFTP, SSH, Telnet)
  • Install and configure wireless protocols, including 802.11B

 

Administration

Skill Set(s): The basic knowledge and skills required to manage users, file systems, services, devices and run levels using common shell commands, administrative utilities, and superuser privileges.

Objectives

  • Create and delete users
  • Modify existing users (e.g., password, groups, personal information)
  • Create, modify and delete groups
  • Identify and change file permissions, modes and types by using chmod, chown and chgrp
  • Manage and navigate the Linux hierarchy (e.g., /etc, /usr, /bin, /var)
  • Manage and navigate the standard Linux file system (e.g., mv, mkdir, ls, rm)
  • Perform administrative tasks while logged in as root, or by using the su command (e.g., understand commands that are dangerous to the system)
  • Mount and manage filesystems and devices (e.g., /mnt, /dev, du, df, mount, umount)
  • Describe and use the features of the multi-user environment (e.g., virtual terminals, multiple logins)
  • Use common shell commands and expressions
  • Use network commands to connect to and manage remote systems (e.g., telnet, ftp, ssh, netstat, transfer files, redirect Xwindow)
  • Create, extract and edit file and tape archives using tar
  • Manage runlevels using init and shutdown
  • Stop, start, and restart services (daemons) as needed (e.g., init files)
  • Manage print spools and queues
  • Create, edit and save files using vi
  • Manage and navigate the Graphical User Interface (e.g., menus, xterm)
  • Program basic shell scripts using common shell commands (e.g., grep, find, cut, if)
  • System security, including

o        Host-level security (Bootloader security, passwords, PAM, sudo)

o        Service-level security (Securing System V services, tcp_wrappers, xinetd)

o        Network-level security (Firewalling, NAT, iptables)

o        System monitoring (Filesystem analysis, Log file analysis, monitoring and limiting processes, tripwire)

o        Encrypted Communications (Digital Certificates, OpenSSH, stunnel)

o        Pluggable Authentication Modules (PAM)

o        Network Information Service

o        Lightweight Directory Access Protocol (LDAP)

o        The xinetd Super-Server and tcp_wrappers

o        ssh: secure shell, telnet and remote copy

o        Securing BIND

o        Name server topology: public vs. private, DMZs, etc.

o        Configuring appropriate recursion and fetching policies

o        Using authentication keys

o        Running BIND in a chrooted environment

o        Improving NIS and NFS

o        Configurations to avoid

o        Restricting accounts

o        Securing LDAP

o        Configuring TLS authentication

o        Restricting access to directory schema

o        Locking Down Sendmail

o        Configuring access control

o        Authentication configuration options, including TLS

o        Implementing the Real-time Black Hole List and other

o        Anti-spam features

o        Secure Email Alternatives: imaps and pop3s

o        SSL-tunneled IMAP and POP3 mail

o        Restricting FTP Access

o        Configuring restricted guest account

o        Mastering host-based access controls

o        Advanced xinetd configuration

o        Advanced tcp_wrappers configuration

o        Securing Apache

o        Containing CGI risks

o        Auditing PHP and scripts

o        Controlling and monitoring hosted sites

o        Using Kerberos Authentication

o        Using Kerberos in heterogeneous environments

o        The Secure Shell: OpenSSH

o        Using public-private key pairs for authentication

o        Remote administration using OpenSSH

o        Port-forwarding

o        Alternate authentication methods

o        Database security issues

 

System Maintenance

Skill Set(s): The basic knowledge and skills required to monitor and maintain processes, network interfaces, system logs, security, and backup.

Objectives

  • Create and manage local storage devices and file systems (e.g., fsck, fdisk, mkfs)
  • Verify user and root cron jobs and understand the function of cron
  • Identify core dumps and remove or forward as appropriate
  • Run and interpret ifconfig
  • Download and install patches and updates (e.g., packages, tgz)
  • Differentiate core services from non-critical services (e.g., ps, PID, PPID, init, timer)
  • Identify, execute and kill processes (ps, kill, killall)
  • Monitor system log files regularly for errors, logins, and unusual activity
  • Document work performed on a system for customer acceptance
  • Perform and verify backup and restore
  • Perform and verify security best practices (e.g., passwords, physical environments)
  • Assess security risks (e.g., location, sensitive data, file system permissions, remove/disable unused accounts, audit system services/programs)
  • Set daemon and process permissions (e.g., SUID - SGID - Owner/groups)

 

Troubleshooting

Skill Set(s): The basic knowledge and skills required to identify, inspect and diagnose problems in the Linux operating system, and apply remedies using common commands and utilities.

Objectives

  • Locate a problem by determining whether the problem is hardware, operating system, application software, configuration or the user
  • Describe troubleshooting best practices (i.e., methodology)
  • Examine and edit configuration files based on symptoms of a problem using system utilities
  • Examine, start, and stop processes based on the signs and symptoms of a problem
  • Use system status tools to examine system resources and statuses (e.g., fsck, setserial)
  • Use systems boot disk(s) and root disk on workstation and server to diagnose and rescue file system
  • Inspect and determine cause of errors from system log files
  • Use disk utilities to solve file system problems (e.g., mount, umount)
  • Resolve problems based on user feedback (e.g., rights, unable to login to the system, unable to print, unable to receive or transmit mail)
  • Recognize common errors (e.g., package dependencies, library errors, version conflicts)
  • Take appropriate action on boot errors (e.g., LILO, bootstrap)
  • Identify backup and restore errors
  • Identify application failure on server (e.g., Web page, telnet, ftp, pop3, snmp)
  • Use shell trouble shooting commands (e.g., locate, find, grep, cat, tail)
  • Locate troubleshooting resources and update as allowable (e.g., Web, man pages, howtos, infopages, LUGs)
  • Use network utilities to identify network and connectivity problems (e.g., ping, route, traceroute, netstat)

 

Identify, Install, and Maintain System Hardware

Skill Set(s): The basic knowledge and skills of core and peripheral hardware installation, configuration, and troubleshooting in a Linux environment. It includes generic hardware issues and Linux specific hardware issues.

Objectives

  • Basic terms, concepts, and functions of system components, including how each component should work during normal operation and during the boot process
  • Assure that system hardware is configured correctly prior to installation (e.g., IRQs, BIOS, DMA, SCSI settings, cabling) by identifying proper procedures for installing and configuring ATA devices
  • Assure that system hardware is configured correctly prior to installation (e.g., IRQs, BIOS, DMA, SCSI settings, cabling) by identifying proper procedures for installing and configuring SCSI and IEEE 1394 devices
  • Assure that system hardware is configured correctly prior to installation (e.g., IRQs, BIOS, DMA, SCSI, cabling) settings by identifying proper procedures for installing and configuring peripheral devices
  • Assure that system hardware is configured correctly prior to installation (e.g, IRQs, BIOS, DMA, SCSI, cabling) settings by identifying available IRQs, DMAs, and I/O addresses and procedures for device installation and configuration
  • Remove and replace hardware and accessories (e.g., cables and components) based on symptoms of a problem by identifying basic procedures for adding and removing field replaceable components
  • Remove and replace hardware and accessories (e.g., cables and components) based on symptoms of a problem by identifying common symptoms and problems associated with each component and how to troubleshoot and isolate the problems
  • Basic networking concepts, including how a network works
  • Proper procedures for diagnosing and troubleshooting mass storage devices
  • Proper procedures for diagnosing and troubleshooting peripheral devices
  • Proper procedures for diagnosing and troubleshooting minimum system hardware
  • Maintain mobile system hardware (e.g., PCMCIA, APM)