LPIC-2: Linux Engineer Exam 202

Course

Intro Video

Photo of Terrence Cox

Terrence Cox

Senior Vice President of Content

A veteran of twenty years in Information Technology in a variety of roles. He has worked in development, security and infrastructure well before they merged into what we now call DevOps. He provides training in Linux, VMWare, DevOps (Ansible, Jenkins, etc) as well as containers and AWS topics. He now leads the Training Architects to produce the courses and content we all know and love!

Length

42:41:55

Difficulty

Advanced

Course Details

This course is designed to follow the Linux Professional Institute's Level 2 Exam 2 objectives. Upon completion of this course and with the associated downloadable materials, the student should be prepared to successfully complete the final exam in the LPIC-2 certification.

As of August 2018 this course has been updated to v4.5 of the LPIC Objectives.

Syllabus

Introduction

About the Course

00:07:36

Lesson Description:

We will talk through all the exam objectives and what we are going to cover in this course.

About the Course Author

00:02:23

Lesson Description:

Let's talk about the course author, what you can expect from this course, and other key information!

Important Information about LPI Exam Discount Vouchers for 2019

00:01:24

Lesson Description:

Please view the following video for important information regarding LPI exam vouchers for 2019.

Introduction to LPIC-2 and the Exam

00:06:16

Lesson Description:

In this video, we will talk about the LPIC-2 Exam specifically and the best way to prepare.

How to Use the Linux Academy Cloud Playground for this Course

00:06:10

Lesson Description:

This video provides an initial walkthrough on how to access and use Linux Academy's new Cloud Playground. The new service has replaced our now deprecated "Cloud Servers" platform. It is important to note that some videos in this course may use/refer to the old "Cloud Servers" platform, so here are a few important notes to remember and use:_1) If you see the instructor using (and/or telling you to use) login credentials such as "user" or "linuxacademy" AND the password "123456" - they will no longer work. Use the specific credentials provided to you (for the server you are using) in the new Cloud Playground user interface. 2) You cannot log into the Cloud Playground servers as the root user. However, you can access the root shell by using the command sudo -i. NOTE: In this course, you may see the instructor running commands as the root user. In order to follow along with those commands, you must run the sudo -i command first. Otherwise, you will get a permissions error.3) To access the servers GUI (if you provisioned a distribution that has one), you need to select "Actions" then "Graphical Shell" for your server in the Cloud Playground. NOTE: You cannot access the GUI via VNC Viewer as port 5901 is blocked. Detailed documentation on the new Cloud Playground can be found here: https://support.linuxacademy.com/hc/en-us/articles/360019096651-Cloud-Playground-FAQ

Topic 207: Domain Name Server

207.1 - Basic DNS Server Configuration (DNS Client Configuration and Terms)

00:15:30

Lesson Description:

Description:  Candidates should be able to configure BIND to function as a caching-only DNS server. This objective includes the ability to managing a running server and configuring logging. Key Knowledge Areas: BIND 9.x configuration files, terms and utilities; defining the location of the BIND zone files in BIND configuration files; reloading modified configuration and zone files; awareness of dnsmasq, djbdns, and PowerDNS as alternate name servers.

207.1 - Basic DNS Server Configuration (BIND Installation - Caching Name Server)

00:15:21

Lesson Description:

Install the packages needed for our BIND caching name server, and a quick walkthrough of the major components and options in the primary configuration file, /etc/named.conf.

207.1 - Basic DNS Server Configuration (BIND Service Start and rndc Command)

00:20:51

Lesson Description:

We will be starting our named BIND service and learning about the rndc command. We will use that command to create a secure key, a secure configuration for controlling our server, and then use it to manage our caches and zones as needed. Finally, we will test our Caching DNS Server with the appropriate client utilities.

207.1 - Basic DNS Server Configuration (named-checkconf)

00:01:19

Lesson Description:

This is a quick video covering the utility named-checkconf.

207.2 - Create and Maintain DNS Zones (Configuring for Zones)

00:11:01

Lesson Description:

In this video, we will begin adding the necessary information on the domain (zones) that our DNS server will be responsible for. We will take a look at the master and slave configuration for both the forward and reverse lookup zones in the /etc/named.conf file.

207.2 - Create and Maintain DNS Zones (Zone Files and Record Types)

00:10:43

Lesson Description:

This presentation will go over all the most common DNS forward and reverse zone record types you need to be familiar with for the exam and for later creation of our zone files.

207.2 - Create and Maintain DNS Zones (Finalize /etc/named.conf for Master DNS Server)

00:04:03

Lesson Description:

We will quickly complete the service configuration (/etc/named.conf) for our instance by talking about several settings for querying and updates before we move on to creating our zone files.

207.2 - Create and Maintain DNS Zones (Create Forward and Reverse Zone Files and Testing the Configuration)

00:23:36

Lesson Description:

As a final step, we will create the forward and reverse zone files for our test domain, test our configuration using the appropriate tools, and then run typical DNS client commands to be sure the output for our domains are what we expect.

207.2 - Basic DNS Server Configuration (named-checkzone, named-compilezone, and the masterfile-format setting)

00:02:32

Lesson Description:

A video that covers named-checkzone, named-compilezone, and the masterfile-format setting.

207.3 - Securing a DNS Server (Split DNS Configuration for Security)

00:07:51

Lesson Description:

Conceptually, a split DNS configuration needs some discussion. We will walk through a multi-server split DNS configuration and discuss why you would use it as well as how it would be implemented.

207.3 - Securing a DNS Server (Running BIND in a Chroot Jail)

00:13:01

Lesson Description:

As part of a secure BIND implementation, you can configure a new "root directory" to isolate the named service from any other directory or configuration file that could potentially be a security risk. This is done through the use of 'chroot jails'. In this video, we will manually configure a jail where our service to run securely.

207.3 - Securing a DNS Server (DNS Security Tools - Discussion, Keys and Signing a Zone File)

00:11:19

Lesson Description:

Transactions and updates between DNS servers are secured with the DNSSEC extensions. Using Transaction Signatures can help verify that an update or query comes from a trusted source. Further, using the DNSSEC tools, we can create public and private keys to use for those transactions and use them to sign zone files.

207.3 - Securing a DNS Server (DANE, TLSA records)

00:03:02

Lesson Description:

This video covers DANE and the anatomy of a TLSA record.

Exercise: Prepare Your System for a Secure DNS Server (chroot Jail Configuration)

01:00:00

Exercise: Create a DNS Server Forward Zone File

01:00:00

Hands-on Labs are real live environments that put you in a real scenario to practice what you have learned without any other extra charge or account to manage.

207 - Create a Caching-Only DNS Server

00:00:03

207 - Domain Name Server (End of Section Quiz)

Topic 208: Web Services

208.1 - Implementing a Web Server (Apache - Configuration File and Basic Directives)

00:15:28

Lesson Description:

We will introduce the Apache web server and talk about some differences amongst distribution types and versions. Then we will install it and walk through the primary directives in the main configuration file that determine how the server behaves. Finally, we will enable and start the service and test that it is serving content.

208.1 - Implementing a Web Server (Enabling Modules - Perl)

00:13:51

Lesson Description:

In this video, we will talk about how to create a server-side CGI directory and enable Perl scripts to be called and their output displayed on the web client. We will install the mod_perl package, show that it is enabled, create the appropriate directives in the primary apache configuration file, and then test that it works as intended.

208.1 - Implementing a Web Server (Enabling Modules - PHP)

00:06:25

Lesson Description:

In this video, we will talk about how to enable PHP files. We will install the php package, show that it is enabled, and then test that it works as intended.

208.1 - Implementing a Web Server (Using Authentication for Security - htpasswd and mod_auth)

00:11:29

Lesson Description:

In this video, we will use the mod_auth module to enable basic authentication to secure a site directory's content to valid users with a password.

208.1 - Implementing a Web Server (Using Authentication for Security - htaccess file)

00:08:02

Lesson Description:

This video will present an alternative method of securing site content by user authentication through the .htaccess file. We will discuss how to implement it and why you may choose this method vs. the prior.

208.1 - Implementing a Web Server (Name-Based Virtual Hosts)

00:12:20

Lesson Description:

In this video, we will demonstrate how to create name-based virtual hosts (where each host will resolve to the same IP address).

208.1 - Implementing a Web Server (IP-Based Virtual Hosts)

00:09:13

Lesson Description:

Contrasting against the prior virtual host configuration, we will demonstrate a virtual host that is based upon having multiple IPs or network interfaces, each one responding to a site name.

208.1 - Implementing a Web Server (mod_access_compat)

00:01:16

Lesson Description:

This is a quick video explaining what mod_access_compat is.

208.2 - Apache Configuration for HTTPS (Generating SSL Signing Requests and Self-Signed Certificates)

00:13:13

Lesson Description:

In this video, we will use openssl and openssl-perl to generate a private key and a certificate signing request for a certificate authority to provide a full certificate for our site. Additionally, we will generate a key and a CSR and then sign the certificate ourselves to demonstrate the creation of a self-signed certificate.

208.2 - Apache Configuration for HTTPS (Configuring Apache for SSL Certificates)

00:06:41

Lesson Description:

Now that we have generated our certificates, we will configure our Apache instance to use them and then test that SSL is serving our content.

208.2 - Apache Configuration for HTTPS (SSL and SNI)

00:01:36

Lesson Description:

This is a quick video explaining what SNI is and when to use it.

208.3 - Implementing a Proxy Server (Squid - Forward Proxy Configuration)

00:12:34

Lesson Description:

We will introduce various types of proxy servers briefly and then begin an installation and walkthrough of a forward proxy server called Squid.

208.3 - Implementing a Proxy Server (Squid - Testing the Service)

00:08:16

Lesson Description:

Here we will test our squid proxy configuration by configuring a separate client instance to use lynx through it. We will disable squid as well as restricting the client network so you can see the different behaviors and then add JUST the client IP back in as an allowable client connection address.

208.4 - Implementing Nginx as a Web Server and a Reverse Proxy (Nginx - Installation and Configuration as Web Server)

00:10:03

Lesson Description:

Nginx can be used for various things, and in this video, we will be demonstrating the basic installation and configuration necessary for Nginx to run web services on a custom site we create and then test.

208.4 - Implementing Nginx as a Web Server and a Reverse Proxy (Nginx - Basic Reverse Proxy Configuration)

00:10:08

Lesson Description:

Wrapping up our Web Services section of the course, we will install and configure Nginx as a basic reverse proxy server. We will create a simple Apache server with custom content on a second server and configure our Nginx server to proxy that content when connected to over port 80.

Exercise: Implement an Nginx Web Server

01:00:00

Exercise: Create an Nginx Reverse Proxy Configuration

00:30:00

Exercise: Generate Self-Signed SSL Certificates

00:30:00

Hands-on Labs are real live environments that put you in a real scenario to practice what you have learned without any other extra charge or account to manage.

208 - Implement an Apache Web Server with Perl CGI

00:00:02

Hands-on Labs are real live environments that put you in a real scenario to practice what you have learned without any other extra charge or account to manage.

208 - Implement an Apache Web Server with PHP Enabled

00:00:03

Hands-on Labs are real live environments that put you in a real scenario to practice what you have learned without any other extra charge or account to manage.

208 - Deploy and Test a Squid Forward Proxy Server

00:00:03

208 - Web Services

Topic 209: File Sharing

209.1 - SAMBA Server Configuration (Server Installation and Share Configuration)

00:17:32

Lesson Description:

Candidates should be able to set up a SAMBA server for various clients. This objective includes setting up Samba for login clients and setting up the workgroup in which a server participates and defining shared directories and printers. Also covered is a configuring a Linux client to use a Samba server. Troubleshooting installations is also tested. Key Knowledge Areas: Samba 3 documentation, Samba configuration files, Samba tools and utilities, mounting Samba shares on Linux, Samba daemons, mapping Windows usernames to Linux usernames, user-level and share-level security

209.1 - SAMBA Server Configuration (Security and Account Management)

00:10:49

Lesson Description:

Now that we have installed and configured both our server and intended share, we need to create the user account(s) that can access it. Once we create accounts and a usermap file, we will then use various client utilities on the server to be sure that our share(s) are available.

209.1 - SAMBA Server Configuration (Client Configuration and Testing)

00:13:35

Lesson Description:

Finally, we have our server ready for connections, so we need to set up a client that can access, mount, and provide persistent connectivity on boot.

209.2 - NFS Server Configuration (NFSv3 Server Installation, Configuration and Testing)

00:23:37

Lesson Description:

Candidates should be able to export filesystems using NFS. This objective includes access restrictions, mounting an NFS filesystem on a client and securing NFS. Key Knowledge Areas: NFS version 3 configuration files, NFS tools and utilities, access restrictions to certain hosts and/or subnets, mount options on server and client, TCP wrappers, awareness of NFSv4

209.2 - NFS Server Configuration (NFSv3 Client Configuration and Share Mounting)

00:15:03

Lesson Description:

Now that our client is configured and secured as we need, we will configure a client to mount the share (both manually and automatically on boot), explain the various mount options, and show how the UID/GID mapping done previously carries permissions and ownership forward on all clients to the server.

209.2 - NFS Server Configuration (Differences between NFSv3 and NFSv4)

00:02:47

Lesson Description:

Candidates should be able to export filesystems using NFS. This objective will explain some of the differences between NFSv3 and NFSv4.

Exercise: Create a Samba Share

00:30:00

Exercise: Create an NFS Export File with Permissions

01:00:00

Hands-on Labs are real live environments that put you in a real scenario to practice what you have learned without any other extra charge or account to manage.

209 - Deploy a Samba Server

00:00:03

Hands-on Labs are real live environments that put you in a real scenario to practice what you have learned without any other extra charge or account to manage.

209 Deploy an NFS Server

00:00:03

209 - File Sharing (End of Section Quiz)

Topic 210: Network Client Management

210.1 - DHCP Configuration (Overview and Configuration)

00:15:47

Lesson Description:

In this video, we will talk about key terms and definitions around DHCP configuration as well as talk through how a DHCP client and server communicate. After, we will walk through an example configuration that defines a DHCP server that will provide IP addresses to the defined network it is responsible for.

210.2 - PAM Authentication (Overview)

00:06:48

Lesson Description:

This video will serve as a basic overview of what PAM is and the advantages it offers on your system.

210.2 - PAM Authentication (Modules - pam_unix, pam_cracklib, pam_limits and pam_listfile)

00:22:29

Lesson Description:

Although there are a large number of modules to explore, we are going to key in with examples on the four we need to know for the exam.

210.2 - PAM Authentication (Authentication Order - /etc/nsswitch.conf)

00:07:04

Lesson Description:

Since the /etc/nsswitch.conf file can affect the order that services respond authoritatively or authenticate on your system, we will walk through the common configuration values and how they can affect PAM on our system.

210.2 - PAM Authentication (SSSD)

00:05:45

Lesson Description:

This lesson includes an overview of SSSD. We go over what it is, how to configure it, and how it works.

210.3 - Configuring an OpenLDAP Server (Overview)

00:08:49

Lesson Description:

This video will provide an overview of what OpenLDAP is and define the key terms we will be using throughout this section.

210.3 - Configuring an OpenLDAP Server (Installation and Initial Configuration)

00:16:34

Lesson Description:

We will walk through the client and server packages to be installed to support an OpenLDAP server. Additionally, we will make modifications to the appropriate /etc/slapd.conf sections as an example DN for our use.

210.3 - Configuring an OpenLDAP Server (LDIF Creation for Adding Objects)

00:15:03

Lesson Description:

Now that we have created our initial DN on our directory server, we need to learn how to create and import LDIF files containing attributes that will build OUs and allow us to associate records (people) with each.

210.4 - LDAP Client Usage (Client Utilities for Searching, Adding, and Deleting Records)

00:14:17

Lesson Description:

We wrap up our OpenLDAP coverage by going over the client utilities that can be used to access, search, update passwords, modify records, and delete objects in our directory.

Exercise: Secure User Access to VSFTPD Service with PAM Module

01:00:00

Hands-on Labs are real live environments that put you in a real scenario to practice what you have learned without any other extra charge or account to manage.

210 - Deploy an OpenLDAP Client and Server

00:00:03

210 - Network Client Management (End of Section Quiz)

Topic 211: Email Services

211.1 - Using Email Servers (Overview)

00:07:21

Lesson Description:

This video will introduce the student to a list of terms and technologies that will be referred to throughout our exploration and configuration of email services during the rest of this course section.

211.1 - Using Email Servers (Postfix Key Configuration Items and Input Files)

00:27:30

Lesson Description:

In this video, we will install (if needed) and configure postfix to handle SMTP delivery of email for our localhost/domain. We will walk through the key configuration items for our setup and then test that email works as expected. We will then create aliases for non-user accounts that will deliver to local accounts and talk about how to convert the aliases file to a binary format for our use. Finally, we will talk about the mail directory structure and logging available to monitor the delivery of email and the mail system in general.

211.2 - Managing Local Email Delivery (Rules-Based Message Management)

00:04:37

Lesson Description:

A brief discussion around applying rules and filters to your Mail Transfer Agents so that (sometimes) complex rules can be used to filter, back up, and sort email before it is picked up by clients.

211.3 - Managing Remote Email Delivery (Dovecot - POP3 and IMAP with TLS Configuration)

00:21:13

Lesson Description:

This video will see us install the dovecot email server used to provide POP3 and IMAP service (including TLS/SSL if desired). We will walk through the key configuration components, including the external configuration directives and their order of precedence. We will then start and test the POP3/IMAP and TLS versions of each service to be sure the referenced security certificates are valid and capable of being passed down to our hosts.

211.2 Managing Email Delivery (Sieve and Dovecot)

00:11:20

Lesson Description:

A brief discussion around applying rules and filters to your Mail Transfer Agents so that (sometimes) complex rules can be used to filter, back up, and sort email before it is picked up by clients.

Exercise: Deploy and Configure a Postfix Email Server

00:30:00

Exercise: Deploy and Configure a Courier IMAP and POP Server

00:30:00

Hands-on Labs are real live environments that put you in a real scenario to practice what you have learned without any other extra charge or account to manage.

211 - Creating a Local Email Delivery Server

00:00:03

211 - E-Mail Services (End of Section Quiz)

Topic 212: System Security

212.1 - Configuring a Router (Configuring Linux for Routing and Using IPTables)

00:25:58

Lesson Description:

Setting up Linux as a router is a straightforward affair requiring only minimal configuration of a few kernel parameters. After we walk through that, we will spend the rest of this video talking about iptables. We will talk about key terms and definitions and provide examples of creating rules in a chain and then discuss the best way to practice.

212.2 - Securing FTP Servers (Server - vsftpd)

00:21:27

Lesson Description:

In this video, we will take a look at the most popular replacement FTP service called VSFTPD. Although not encrypted, this server is considered safer than standard FTP. We will walk through the installation and configuration of various directives that can help secure it in your environment.

212.2 - Securing FTP Servers (Server - pure-ftpd, proftpd, and Active/Passive Connections)

00:15:15

Lesson Description:

This video shows us installing and then running with several command line parameters, the pure-ftpd service (as well as reviewing the man page for where to find other options). We will then enable and disable anonymous access and show the behavior. We will wrap up by discussing proftpd as an option for FTP we need to be aware of for the exam and then discuss the difference between active and passive connections.

212.3 - Secure Shell (SSH Configuration Options)

00:20:19

Lesson Description:

We all know what SSH is, but you may not have a firm grasp at a number of common security-related configuration options available in the /etc/ssh/sshd_config and /etc/ssh/ssh_config files for both the OpenSSH-server and ssh client utilities. In this video, we will walk through those we need for the LPIC-2 exam and demonstrate how they affect user access and messages that we can display pre and post-authentication.

212.3 - Secure Shell (SSH Client Tools)

00:15:44

Lesson Description:

Now that our server is configured, we will walk through the SSH client utilities SSH, SCP, and SFTP. We will demonstate how to connect to a system and transfer files or run commands and finally explain how these systems are tracking in our known_hosts file.

212.3 - Secure Shell (Advanced SSH - Using SSH Keys for Authentication)

00:11:45

Lesson Description:

We can create and exchange a public key with remote systems so that we can use our private key thereafter to authenticate without a password if we choose. We will generate our keys and show two methods of exchanging them with the remote system. After, we can talk about two-factor authentication with a key passphrase to secure our keys and still have the convenience through using a special utility called the ssh-agent.

212.4 - Security Tasks (Review of Tools, Monitoring, and Organizations)

00:10:27

Lesson Description:

Security is an important part of being a system administrator. Here we will be discussing the tools, utilities, and organizations that we can rely on to help identify, report on, and mitigate vulnerabilities.

212.5 - IPTables Firewall (Discussion)

00:25:58

Lesson Description:

IPTables is the precursor to the "firewalld" firewall process we see in modern distributions. Let's walk through what it is and how it works while defining key concepts and terms. NOTE: Even though this video shows as 212.1, it is still relevant. The video covers iptables which covers the requirements for 212.5.

212.5 - OpenVPN Server Configuration

00:12:11

Lesson Description:

Candidates should be able to configure a VPN (Virtual Private Network) and create secure point-to-point or site-to-site connections. This video will go over how to configure OpenVPN on the server side.

212.5 - OpenVPN Client Configuration

00:09:07

Lesson Description:

Candidates should be able to configure a VPN (Virtual Private Network) and create secure point-to-point or site-to-site connections. This video will go over how to configure OpenVPN on the client side.

Exercise: Generate Public and Private SSH Keys

01:00:00

Exercise: Use Netcat to Set Up a Basic Network Listener to Test System Access

00:30:00

Hands-on Labs are real live environments that put you in a real scenario to practice what you have learned without any other extra charge or account to manage.

212 - Secure Shell and SSH Key Exchange

00:00:02

Hands-on Labs are real live environments that put you in a real scenario to practice what you have learned without any other extra charge or account to manage.

212 - Deploy and Test VSFTPD Server

00:00:02

212 - System Security (End of Section Quiz)

Course Assessment Exam

Conclusion

Summary and Next Steps

00:05:47

Lesson Description:

Now that we have completed our content, let's talk about where you can go next – both inside Linux Academy and otherwise!