LPIC-2 E-Book

LPIC-2: Linux Professional Institute Certification

Study GuideExam 201 and Exam 202

Second Edition

Senior Acquisitions Editor: Kenyon BrownDevelopment Editor: Gary SchwartzTechnical Editor: Kevin RyanProduction Editor: Christine O'ConnorCopy Editor: Linda RectenwaldEditorial Manager: Mary Beth WakefieldProduction Manager: Kathleen WisorExecutive Publisher: Jim MinatelBook Designers: Judy Fung and Bill GibsonProofreader: Rebecca RiderIndexer: John SleevaProject Coordinator, Cover: Brent SavageCover Designer: WileyCover Image: Getty Images Inc./Jeremy Woodhouse

Copyright © 2016 by John Wiley & Sons, Inc., Indianapolis, Indiana

Published simultaneously in Canada

ISBN: 978-1-119-15079-4

ISBN: 978-1-119-15081-7 (ebk.)

ISBN: 978-1-119-15080-0 (ebk.)

Manufactured in the United States of America

No part of this publication may be reproduced, stored in a retrieval system or transmitted in any form or by any means, electronic, mechanical, photocopying, recording, scanning or otherwise, except as permitted under Sections 107 or 108 of the 1976 United States Copyright Act, without either the prior written permission of the Publisher, or authorization through payment of the appropriate per-copy fee to the Copyright Clearance Center, 222 Rosewood Drive, Danvers, MA 01923, (978) 750-8400, fax (978) 646-8600. Requests to the Publisher for permission should be addressed to the Permissions Department, John Wiley & Sons, Inc., 111 River Street, Hoboken, NJ 07030, (201) 748-6011, fax (201) 748-6008, or online at http://www.wiley.com/go/permissions.

Limit of Liability/Disclaimer of Warranty: The publisher and the author make no representations or warranties with respect to the accuracy or completeness of the contents of this work and specifically disclaim all warranties, including without limitation warranties of fitness for a particular purpose. No warranty may be created or extended by sales or promotional materials. The advice and strategies contained herein may not be suitable for every situation. This work is sold with the understanding that the publisher is not engaged in rendering legal, accounting, or other professional services. If professional assistance is required, the services of a competent professional person should be sought. Neither the publisher nor the author shall be liable for damages arising herefrom. The fact that an organization or Web site is referred to in this work as a citation and/or a potential source of further information does not mean that the author or the publisher endorses the information the organization or Web site may provide or recommendations it may make. Further, readers should be aware that Internet Web sites listed in this work may have changed or disappeared between when this work was written and when it is read.

For general information on our other products and services or to obtain technical support, please contact our Customer Care Department within the U.S. at (877) 762-2974, outside the U.S. at (317) 572-3993 or fax (317) 572-4002.

Wiley publishes in a variety of print and electronic formats and by print-on-demand. Some material included with standard print versions of this book may not be included in e-books or in print-on-demand. If this book refers to media such as a CD or DVD that is not included in the version you purchased, you may download this material at http://booksupport.wiley.com. For more information about Wiley products, visit www.wiley.com.

Library of Congress Control Number: 2016952321

TRADEMARKS: Wiley, the Wiley logo, and the Sybex logo are trademarks or registered trademarks of John Wiley & Sons, Inc. and/or its affiliates, in the United States and other countries, and may not be used without written permission. All other trademarks are the property of their respective owners. John Wiley & Sons, Inc. is not associated with any product or vendor mentioned in this book.

To those looking to further their knowledge of Linux. “A wise man is full of strength, and a man of knowledge enhances his might.” Prov 24:5 (ESV)

Acknowledgments

First, all glory and praise go to God, who through His Son, Jesus Christ, makes all things possible and gives us the gift of eternal life.

Many thanks go to the fantastic team of people at Sybex for their outstanding work on this project. Thanks to Kenyon Brown, the senior acquisitions editor, for offering us the opportunity to work on this book. Also thanks to Gary Schwartz, the development editor, for keeping things on track and making the book more presentable. Thanks, Gary, for all your hard work and diligence. The technical editor, Kevin E. Ryan, did a wonderful job of double-checking all of the work in the book in addition to making suggestions to improve the content. Thanks also goes to the young and talented Daniel Anez (theanez.com) for his illustration work. We would like to thank Carole Jelen at Waterside Productions, Inc., for arranging this opportunity for us and for helping us out in our writing careers.

Christine would particularly like to thank her husband, Timothy, for his encouragement, patience, and willingness to listen, even when he has no idea what she is talking about.

Rich would particularly like to thank his wife, Barbara, for enduring his grouchy attitude during this project and helping to keep up his spirits with baked goods.

About the Authors

Christine Bresnahan     started working with computers more than 25 years ago in the IT industry as a systems administrator. Christine is an adjunct professor at Ivy Tech Community College, where she teaches Linux certification and Python programming classes. She also writes books and produces instructional resources for the classroom.

Richard Blum     has worked in the IT industry for more than 25 years as both a system and network administrator, and he has published numerous Linux and open source books. Rich is an online instructor for Linux and web programming courses that are used by colleges and universities across the United States. When he is not being a computer nerd, Rich enjoys spending time with his wife, Barbara, and his two daughters, Katie and Jessica.

CONTENTS

Introduction

Assessment Test

Answers to Assessment Test

Part I The LPI 201 Exam

Chapter 1 Starting a System

The Linux Boot Process

The Firmware Startup

Linux Bootloaders

Process Initialization

System Recovery

Summary

Exam Essentials

Review Questions

Chapter 2 Maintaining the System

Keeping Users Informed

Backing Up the System

Installing Programs from Source

Managing Resource Usage

Summary

Exam Essentials

Review Questions

Chapter 3 Mastering the Kernel

What Is the Kernel?

Compiling a Kernel

Maintaining the Kernel

Summary

Exam Essentials

Review Questions

Chapter 4 Managing the Filesystem

Operating the Linux Filesystem

Exploring Additional Filesystem Topics

Maintaining Linux Filesystems

Summary

Exam Essentials

Review Questions

Chapter 5 Administering Advanced Storage Devices

Configuring RAID

Adjusting Storage Devices

Managing Logical Volumes

Summary

Exam Essentials

Review Questions

Chapter 6 Navigating Network Services

Networking Basics

Configuring Network Features

Basic Network Troubleshooting

Advanced Network Troubleshooting

Summary

Exam Essentials

Review Questions

Part II The LPI 202 Exam

Chapter 7 Organizing Email Services

The Linux Mail System

Email Protocols

Using Email Servers

Local Email Delivery

Remote Email Delivery

Summary

Exam Essentials

Review Questions

Chapter 8 Directing DNS

Configuring a DNS Server

Creating and Maintaining DNS Zones

Securing a DNS Server

Summary

Exam Essentials

Review Questions

Chapter 9 Offering Web Services

What Is a Web Server?

The Apache Web Server

Using a Proxy Server

The Nginx Server

Summary

Exam Essentials

Review Questions

Chapter 10 Sharing Files

Looking at Samba

Looking at NFS

Looking at FTP Servers

Summary

Exam Essentials

Review Questions

Chapter 11 Managing Network Clients

Assigning Network Addresses

Authentication Service

Network Directories

Summary

Exam Essentials

Review Questions

Chapter 12 Setting Up System Security

Server Network Security

Connecting Securely to a Server

Security Resources

Summary

Exam Essentials

Review Questions

Appendix Answers to Review Questions

Chapter 1: Starting a System

Chapter 2: Maintaining the System

Chapter 3: Mastering the Kernel

Chapter 4: Managing the Filesystem

Chapter 5: Administering Advanced Storage Devices

Chapter 6: Navigating Network Services

Chapter 7: Organizing Email Services

Chapter 8: Directing DNS

Chapter 9: Offering Web Services

Chapter 10: Sharing Files

Chapter 11: Managing Network Clients

Chapter 12: Setting Up System Security

Advert

EULA

List of Tables

Introduction

TABLE OM.1

TABLE OM.2

Chapter 1

TABLE 1.1

TABLE 1.2

TABLE 1.3

TABLE 1.4

TABLE 1.5

Chapter 2

TABLE 2.1

TABLE 2.2

TABLE 2.3

TABLE 2.4

TABLE 2.5

TABLE 2.6

TABLE 2.7

Chapter 3

TABLE 3.1

TABLE 3.2

TABLE 3.3

TABLE 3.4

TABLE 3.5

TABLE 3.6

TABLE 3.7

TABLE 3.8

Chapter 4

TABLE 4.1

TABLE 4.2

TABLE 4.3

TABLE 4.4

TABLE 4.5

TABLE 4.6

TABLE 4.7

TABLE 4.8

TABLE 4.9

TABLE 4.10

TABLE 4.11

Chapter 5

TABLE 5.1

TABLE 5.2

TABLE 5.3

TABLE 5.4

TABLE 5.5

Chapter 6

TABLE 6.1

TABLE 6.2

TABLE 6.3

TABLE 6.4

TABLE 6.5

TABLE 6.6

Chapter 7

TABLE 7.1

TABLE 7.2

TABLE 7.3

TABLE 7.4

TABLE 7.5

TABLE 7.6

TABLE 7.7

TABLE 7.8

TABLE 7.9

TABLE 7.10

TABLE 7.11

TABLE 7.12

TABLE 7.13

TABLE 7.14

TABLE 7.15

TABLE 7.16

TABLE 7.17

Chapter 8

TABLE 8.1

TABLE 8.2

Chapter 9

TABLE 9.1

TABLE 9.2

TABLE 9.3

TABLE 9.4

Chapter 10

TABLE 10.1

TABLE 10.2

TABLE 10.3

TABLE 10.4

TABLE 10.5

TABLE 10.6

TABLE 10.7

TABLE 10.8

TABLE 10.9

TABLE 10.10

TABLE 10.11

TABLE 10.12

TABLE 10.13

TABLE 10.14

TABLE 10.15

TABLE 10.16

TABLE 10.17

TABLE 10.18

TABLE 10.19

Chapter 11

TABLE 11.1

TABLE 11.2

TABLE 11.3

TABLE 11.4

TABLE 11.5

TABLE 11.6

TABLE 11.7

Chapter 12

TABLE 12.1

TABLE 12.2

TABLE 12.3

TABLE 12.4

List of Illustrations

Chapter 1

FIGURE 1.1

Editing an Ubuntu GRUB2 menu entry

FIGURE 1.2

The CentOS Grub boot menu with multiple kernel options

Chapter 2

FIGURE 2.1

Issuing the

write

command

FIGURE 2.2

Receiving

write

command output

FIGURE 2.3

Issuing the

wall

command

FIGURE 2.4

Receiving

wall

command output

FIGURE 2.5

Trying out the

notify-send

command

FIGURE 2.6

Issuing the

notify-send

command to another user

FIGURE 2.7

Receiving

notify-send

command output

FIGURE 2.8

Issuing the

notify-send

command to another user on CentOS

FIGURE 2.9

Using the

shutdown

command with a message

FIGURE 2.10

Using a modified

/etc/issue

file

FIGURE 2.11

Using a modified

/etc/issue.net

file with OpenSSH

FIGURE 2.12

Using a modified

/etc/motd

file

FIGURE 2.13

Depiction of magnetic tape files

FIGURE 2.14

Using

rsync

locally

FIGURE 2.15

Using

rsync

over a network

Chapter 3

FIGURE 3.1

The Linux system

FIGURE 3.2

The Linux system memory map

FIGURE 3.3

The

make xconfig

menu options

Chapter 5

FIGURE 5.1

RAID 0 diagram

FIGURE 5.2

RAID 1 diagram

FIGURE 5.3

RAID 10 diagram

FIGURE 5.4

RAID 5 diagram

FIGURE 5.5

RAID 6 diagram

Chapter 6

FIGURE 6.1

A wired office network infrastructure

FIGURE 6.2

A wireless network infrastructure

FIGURE 6.3

Network addressing on a local network

FIGURE 6.4

Network Manager showing a wireless network

FIGURE 6.5

The Network Connections window

Chapter 7

FIGURE 7.1

The Linux modular email environment

FIGURE 7.2

Using an MDA program on an email server

FIGURE 7.3

The Evolution MUA program

FIGURE 7.4

Block diagram of Postfix

Chapter 8

FIGURE 8.1

Domain Name Space depiction

FIGURE 8.2

Namespace root zone and TLDs

FIGURE 8.3

DNS query process

Chapter 9

FIGURE 9.1

Basic HTTP session

FIGURE 9.2

The HTTPS communication process

Figure 9.3

The Squid web proxy server

FIGURE 9.4

The default Apache web page for Ubuntu

FIGURE 9.5

The default Apache web page for CentOS

FIGURE 9.6

Basic web page authentication

FIGURE 9.7

The self-signed certificate warning

FIGURE 9.8

Viewing the self-signed certificate in Firefox

FIGURE 9.9

The web proxy settings in Firefox

FIGURE 9.10

The response from Squid for a denied website

FIGURE 9.11

The nginx default web page

Chapter 10

FIGURE 10.1

Accessing an FTP server with Firefox

Chapter 11

FIGURE 11.1

The DHCP process

FIGURE 11.2

DHCP relay set up

FIGURE 11.3

The DHCP settings for an Ubuntu client

FIGURE 11.4

The PAM system in action

FIGURE 11.5

A sample LDAP directory tree

FIGURE 11.6

A more complicated LDAP tree structure

FIGURE 11.7

Simple distributed LDAP server network

FIGURE 11.8

Sample LDAP database layout

Chapter 12

FIGURE 12.1

The OpenVAS main web page

FIGURE 12.2

Placing the Snort server on your network

FIGURE 12.3

Using NAT for a local network

FIGURE 12.4

Using a firewall on a local network

FIGURE 12.5

The Linux packet processing chain

FIGURE 12.6

Using a VPN to connect two remote systems

Guide

Cover

Contents

Part

Pages

iv

v

vii

ix

xxiii

xxiv

xxv

xxvi

xxvii

xxviii

xxix

xxx

xxxi

xxxii

xxxiii

xxxiv

xxxv

xxxvi

xxxvii

xxxviii

xxxix

xl

xli

xlii

xliii

xliv

xlv

xlvi

xlvii

xlviii

xlix

l

li

lii

liii

liv

1

3

4

5

6

7

8

9

10

11

12

13

14

15

16

17

18

19

20

21

22

23

24

25

26

27

28

29

30

31

32

33

34

35

36

37

38

39

40

41

42

43

44

45

46

47

48

49

50

51

52

53

54

55

56

57

58

59

60

61

62

63

64

65

66

67

68

69

70

71

72

73

74

75

76

77

78

79

80

81

82

83

84

85

86

87

88

89

90

91

92

93

94

95

96

97

98

99

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

166

167

168

169

170

171

172

173

174

175

176

177

178

179

180

181

182

183

184

185

186

187

188

189

190

191

192

193

194

195

196

197

198

199

200

201

202

203

204

205

206

207

208

209

210

211

212

213

214

215

216

217

218

219

220

221

222

223

224

225

226

227

228

229

230

231

232

233

234

235

236

237

238

239

240

241

242

243

244

245

246

247

248

249

250

251

252

253

254

255

256

257

258

259

260

261

262

263

264

265

266

267

268

269

270

271

272

273

274

275

276

277

278

279

280

281

282

283

284

285

286

287

288

289

290

291

292

293

294

295

296

297

298

299

300

301

302

303

304

305

306

307

308

309

310

311

312

313

315

317

318

319

320

321

322

323

324

325

326

327

328

329

330

331

332

333

334

335

336

337

338

339

340

341

342

343

344

345

346

347

348

349

350

351

352

353

354

355

356

357

358

359

360

361

362

363

364

365

366

367

368

369

371

372

373

374

375

376

377

378

379

380

381

382

383

384

385

386

387

388

389

390

391

392

393

394

395

396

397

398

399

400

401

402

403

404

405

406

407

408

409

410

411

412

413

414

415

416

417

418

419

420

421

422

423

424

425

426

427

428

429

430

431

432

433

434

435

436

437

438

439

440

441

442

443

444

445

446

447

448

449

450

451

452

453

454

455

456

457

458

459

460

461

462

463

464

465

466

467

468

469

470

471

472

473

474

475

476

477

478

479

480

481

482

483

484

485

486

487

488

489

490

491

492

493

494

495

497

498

499

500

501

502

503

504

505

506

507

508

509

510

511

512

513

514

515

516

517

518

519

520

521

522

523

524

525

526

527

528

529

530

531

532

533

534

535

536

537

538

539

540

541

542

543

544

545

546

547

548

549

550

551

552

553

554

555

556

557

558

559

560

561

562

563

564

565

566

567

568

569

570

571

572

573

574

575

576

577

578

579

580

581

582

583

584

585

586

587

588

589

590

591

592

593

594

595

596

597

598

599

600

601

602

603

604

605

606

607

608

609

610

611

612

613

614

615

616

617

619

620

621

622

623

624

625

626

627

628

629

630

631

632

633

634

635

636

637

638

639

640

641

642

643

644

645

646

647

648

649

650

651

652

653

655

656

657

658

659

660

661

662

663

664

665

666

667

668

669

670

671

672

673

674

675

676

677

678

679

680

681

682

683

684

685

686

687

688

689

690

Introduction

Welcome to the LPIC-2: Linux Professional Institute Certification Study Guide. If you used our LPIC-1: Linux Professional Institute Certification Study Guide to study for your LPIC-1 exam, welcome back! We’re glad that you decided to stay with us for your LPIC-2 study resources.

Just like our LPIC-1 Study Guide, this book contains detailed explanations for all of the LPIC-2 exam objectives, along with example questions, flashcards for self-study, and practice questions. The purpose of this book is to help you pass both of the LPIC-2 exams, 201 and 202. These exams cover more advanced topics than the LPIC-1 exam, such as the Linux kernel, system startup, filesystems, network operations, DNS servers, web servers, file servers, email servers, network client management, and security. This book will walk you through all of these topics, helping prepare you for the LPIC-2 exam questions.

LPI’s Certification Program

The purpose of the Linux Professional Institute’s (LPI) LPIC-2 program is to define the basic knowledge required to administer small to medium-sized mixed (Microsoft and Linux) networks, focusing on the Linux operating system. The program guides professionals wishing to build on knowledge gained from the LPIC-1 program.

It is expected that you have already passed the LPI Linux Essentials (optional) exam and the LPIC-1 (or CompTIA Linux+) exam and have at least five years’ experience in administering a Linux server(s) in a mixed network environment.

The successful LPIC-2 candidate should have at a minimum knowledge and experience concerning the following topics:

Administering multiple Linux servers

Advising management on computerization and purchasing

Planning and managing a small, mixed-network environment, which includes the following:

LAN server:

Client management

DHCP

DNS

NFS

Samba

Internet gateway:

Firewall

Mail

OpenSSH

VPN

Web cache/proxy

Internet server:

FTP server

Web server

Web server with a reverse proxy

Team supervision skills

If you’ve already passed the LPIC-1 exam, you’ve proven to the world that you’re proficient with the basic operation of Linux, along with the basic Linux commands. But don’t stop there. When you pass the LPIC-2 exam, that will demonstrate that you have the skills that companies look for when hiring Linux administrators. Having the LPIC-2 certification validates your skills, and it helps prepare you for working with Linux servers in a commercial environment.

How to Become Certified

The LPIC-2 certification is available to anyone who has an active LPIC-1 certification and who passes the two required exams: 201 and 202.

To take an LPI exam, you must first register with LPI to obtain an LPI ID number (if you already did this for the LPIC-1 exam, you must use your existing LPI ID number for the LPIC-2 exam). If you need to register, you can do this online at https://cs.lpi.org/caf/Xamman/register. LPI will email your LPI ID number to you. With that you can log into the LPI Marketplace to purchase an exam voucher.

The exams are administered by Pearson VUE. The exam can be taken at any Pearson VUE testing center. If you pass, you will get a certificate in the mail saying that you have passed. Call (877) 619-2096 for Pearson VUE contact information.

To register for the exam with Pearson VUE, go to http://www.vue.com. Enter the exam voucher number that you received from the LPI Marketplace, and schedule the time and place to take the exam.

Who Should Buy This Book

Anyone who wants to pass the LPIC-2 certification exams may benefit from this book. You should already have a basic knowledge of Linux, as covered by the LPIC-1 exam material. If not, you should start with our LPIC-1: Linux Professional Institute Study Guide book and then move on to this book. This book focuses on the more advanced Linux topics covered by the LPIC-2 201 and 202 exams. Once you obtain your certification, this book will continue to be useful by serving as a handy resource for information on installing and maintaining Linux servers.

Even if you don’t plan to take the LPIC-2 exams, this book makes an excellent resource for understanding advanced Linux server topics. It covers topics such as creating your own web server, email server, and file server. These skills are required by Linux administrators in small and medium-sized network environments.

This book is written with the assumption that you have a basic knowledge of Linux. You should be familiar with how Linux works and be able to work in the Linux command line, including the core commands such as ls, cp, mv, cat, less, ps, free, and uptime. You should also already know how to install a default Linux distribution environment, because that is not covered in this book.

You’ll need a Linux system with which to practice and perform the chapter activities. Any Linux desktop or server distribution will work for the activities in this book; however, we focus on the Ubuntu and CentOS Linux desktop distributions for our examples.

How This Book Is Organized

This book consists of 12 chapters plus supplementary information: an online glossary, this introduction, and the assessment test after the introduction.

Part I of the book, Chapters 1 through 6, covers the LPIC-2 201 exam topics. Part II, Chapters 7 through 12, covers the 202 exam topics. Each chapter begins with a list of the exam objectives that are covered in that chapter. However, the book doesn’t cover the objectives in order.

Part I: The LPI 201 Exam

Chapter 1: Starting a System    This chapter covers how Linux boots from the system BIOS. It discusses the Linux bootloader program and how to create a dual-boot Linux environment.

Chapter 2: Maintaining the System    This chapter describes how to install and manage resources on a Linux system. It also covers how to back up Linux systems and communicate with system users to warn of system issues or downtime.

Chapter 3: Mastering the Kernel    This chapter focuses on the core of the Linux system—the kernel. It walks you through how to install a custom kernel, as well as how to create and maintain kernel modules required to support the hardware on your Linux system.

Chapter 4: Managing the Filesystem This chapter explores the different Linux filesystems and how to manage and maintain them, as well as how to troubleshoot them when problems occur.

Chapter 5: Administering Advanced Storage Devices    This chapter takes a look at two of the more advanced storage methods used in Linux environments. It focuses on how to use RAID devices in Linux, either as hardware devices or using a software RAID emulator. It also demonstrates how to implement a Logical Volume Manager in a Linux environment.

Chapter 6: Navigating Network Services    This chapter takes a deeper look at how Linux interacts in a network environment. It covers how to use the Linux command-line commands to set up a network interface and how to troubleshoot basic network problems.

Part II: The LPI 202 Exam

Chapter 7: Organizing Email Services    This chapter examines how to run an Internet email server using Linux. It covers the two most popular email servers—sendmail and Postfix, as well as walking you through how to use the most popular Linux email client packages—Courier and Dovecot.

Chapter 8: Directing DNS    This chapter covers the basics of the DNS system and how to configure your Linux server to offer DNS services on your network.

Chapter 9: Offering Web Services    This chapter covers how to run your own web server using a Linux server. It discusses how to install and manage the Apache web server—the most popular web server on the Internet. It also covers the nginx web server, a newer up-and-coming web server that’s quickly gaining in popularity. Also, this chapter dives into the basics of Squid, a popular web proxy server used by many companies as a web firewall to block users from accessing inappropriate websites.

Chapter 10: Sharing Files    This chapter discusses how to use your Linux server as a file server in a local network. It covers using both FTP and NFS to serve files, as well as the popular Samba package to serve files to Microsoft Windows clients on a network.

Chapter 11: Managing Network Clients    This chapter explores how to use a Linux server to provide basic network services to clients on a local network. It shows how to create a DHCP server for serving dynamic IP addresses, how to create an LDAP server for providing simple network directory services, and how to use PAM to provide authentication services to local applications.

Chapter 12: Setting Up System Security    This chapter explores some ways to use your Linux server security in a network environment. It covers using the iptables program as a firewall, OpenSSH for remote communication with clients, and OpenVPN to provide a secure tunnel for remote clients to get to your network.

At the end of each chapter, you’ll find a couple of elements that you can use to prepare for the exam:

Exam Essentials    This section summarizes important information that was covered in the chapter. You should be able to perform each of the tasks or convey the information requested.

Review Questions    Each chapter concludes with 20 review questions. You should answer these questions and check your answers against the ones provided after the questions. If you can’t answer at least 80 percent of these questions correctly, go back and review the chapter, or at least those sections that seem to be giving you difficulty.

The review questions, assessment test, and other testing elements included with this book are not derived from the actual exam questions, so don’t memorize the answers to these questions and assume that doing so will enable you to pass the exam. You should learn the underlying topic, as described in the text of the book. This will let you answer the questions provided with this book and pass the exam. Learning the underlying topic is also the approach that will serve you best in the workplace—the ultimate goal of a certification.

To get the most out of this book, you should read each chapter from start to finish and then check your memory and understanding with the end-of-chapter elements. Even if you’re already familiar with a topic, you should skim the chapter; Linux is complex enough that there are often multiple ways to accomplish a task, so you may learn something even if you’re already competent in an area.

Interactive Online Learning Environment and Test Bank

The authors have worked hard to provide some really great tools to help you with your certification process. The interactive online learning environment that accompanies the LPIC-2: Linux Professional Institute Certification Study Guide: Exam 201 and Exam 202 provides a test bank with study tools to help you prepare for the certification exams—and increase your chances of passing them the first time! The test bank includes the following:

Sample Tests   All of the questions in this book are included, including the assessment test at the end of this introduction and the 240 questions from the review sections at the end of each chapter. In addition, there are two 72-question practice exams. Use these questions to test your knowledge of the study guide material. The online test bank runs on multiple devices.

Electronic Flashcards   The online text bank includes over 300 flashcards specifically written to hit you hard, so don’t get discouraged if you don’t ace your way through them at first. They’re there to ensure that you’re really ready for the exams. And no worries—armed with the review questions, practice exams, and flashcards, you’ll be more than prepared when exam day comes. Questions are provided in digital flashcard format (a question followed by a single correct answer). You can use the flashcards to reinforce your learning and provide last-minute test prep before the exam.

Glossary   In addition, a glossary of key terms from this book is available as a fully searchable PDF.

Readers can access these tools by visiting http://www.wiley.com/go/sybextestprep.

Conventions Used in This Book

This book uses certain typographic styles in order to help you quickly identify important information and to avoid confusion over the meaning of words such as on-screen prompts. In particular, look for the following styles:

Italicized text

indicates key terms that are described at length the first time they are used in a chapter. (Italics are also used for emphasis.)

A monospaced font

indicates the contents of configuration files, messages displayed at a text-mode Linux shell prompt, filenames, text-mode command names, and Internet URLs.

Italicized monospaced text

indicates a variable—information that differs from one system or command run to another, such as the name of a client computer or a process ID number.

Bold monospaced text is information that you’re to type into the computer, usually at a Linux shell prompt. This text can also be italicized to indicate that you should substitute an appropriate value for your system. (When isolated on their own lines, commands are preceded by non-bold monospaced

$

or

#

command prompts, denoting regular user or system administrator use, respectively.)

In addition to these text conventions, which can apply to individual words or entire paragraphs, a few conventions highlight segments of text:

A note indicates information that’s useful or interesting but that’s somewhat peripheral to the main text. A note might be relevant to a small number of networks, for instance, or it may refer to an outdated feature.

A tip provides information that can save you time or frustration and that may not be entirely obvious. A tip might describe how to get around a limitation or how to use a feature to perform an unusual task.

Warnings describe potential pitfalls or dangers. If you fail to heed a warning, you may end up spending a lot of time recovering from a bug, or you may even end up restoring your entire system from scratch.

Sidebar

A sidebar is like a note but longer. The information in a sidebar is useful, but it doesn’t fit into the main flow of the text.

Real World Scenario

A real world scenario is a type of sidebar that describes a task or example that’s particularly grounded in the real world. This may be a situation the authors or someone the authors know has encountered, or it may be advice on how to work around problems that are common in real, working Linux environments.

EXERCISE

An exercise is a procedure that you should try on your own computer to help you learn about the material in the chapter. Don’t limit yourself to the procedures described in the exercises, though! Try other commands and procedures to really learn about Linux.

The Exam Objectives

Behind every computer industry exam, you can be sure to find exam objectives—the broad topics in which exam developers want to ensure your competency. The official exam objectives are listed here. (They’re also printed at the start of the chapters in which they’re covered.)

Exam objectives are subject to change at any time without prior notice and at LPI’s sole discretion. Please visit LPI’s website (http://www.lpi.org) for the most current listing of exam objectives.

Exam 201 Objectives

The following are the areas in which you must be proficient in order to pass the 201 exam. This exam is broken into seven topics (200–206), each of which has two or three objectives. Each objective has an associated weight that reflects its importance to the exam as a whole. The seven main topics are listed here:

Subject Area

200 Capacity Planning

201 Linux Kernel

202 System Startup

203 Filesystem and Devices

204 Advanced Storage Device Administration

205 Networking Configuration

206 System Maintenance

200 Capacity Planning

200.1 Measure and Troubleshoot Resource Usage

Measure CPU usage.

Measure memory usage.

Measure disk I/O.

Measure network I/O.

Measure firewalling and routing throughput.

Map client bandwidth usage.

Match/correlate system symptoms with likely problems.

Estimate throughput and identify bottlenecks in a system including networking.

200.2 Predict Future Resource Needs

Use monitoring and measurement tools to monitor IT infrastructure usage.

Predict capacity break point of a configuration.

Observe growth rate of capacity usage.

Graph the trend of capacity usage.

Awareness of monitoring solutions such as Icinga2, Nagios, collectd, MRTG, and Cacti

201 Linux Kernel

201.1 Kernel Components

Kernel 2.6.x, 3.x and 4.x documentation

The

/usr/src/linux/

kernel directory

Creating a kernel using zImage

Creating a kernel using bzImage

Using xz compression to compress the kernel

201.2 Compiling a Linux Kernel

The

/usr/src/linux/

directory

Kernel Makefiles

Kernel 2.6.x, 3.x, and 4.x make targets

Customize the current kernel configuration.

Build a new kernel and appropriate kernel modules.

Install a new kernel and any modules.

Ensure that the boot manager can locate the new kernel and associated files.

Module configuration files

Use DKMS to compile kernel modules.

Awareness of dracut

201.3 Kernel Runtime Management and Troubleshooting

Use command-line utilities to get information about the currently running kernel and kernel modules.

Manually load and unload kernel modules.

Determine when modules can be unloaded.

Determine what parameters a module accepts.

Configure the system to load modules by names other than their file name.

/proc

filesystem

Content of

/

,

/boot/

, and

/lib/modules/

Tools and utilities to analyze information about the available hardware

udev rules

202 System Startup

202.1 Customizing System Startup

Systemd

SysV init

Linux Standard Base Specification (LSB)

202.2 System Recovery

BIOS and UEFI

NVMe booting

GRUB version 2 and Legacy

Grub shell

Boot loader start and handoff to kernel

Kernel loading

Hardware initialization and setup

Daemon/service initialization and setup

Know the different bootloader install locations on a hard disk or removable device.

Overwrite standard bootloader options and using boot loader shells.

Use systemd rescue and emergency modes.

202.3 Alternate Bootloaders

SYSLINUX, ISOLINUX, PXELINUX

Understanding of PXE for both BIOS and UEFI

Awareness of systemd-boot and U-Boot

203 Filesystem and Devices

203.1 Operating the Linux Filesystem

The concept of the fstab configuration

Tools and utilities for handling swap partitions and files

Use of UUIDs for identifying and mounting file systems

Understanding of systemd mount units

203.2 Maintaining a Linux Filesystem

Tools and utilities to manipulate an ext2, ext3, and ext4 filesystem

Tools and utilities to perform basic Btrfs operations, including subvolumes and snapshots

Tools and utilities to manipulate XFS

Awareness of ZFS

203.3 Creating and Configuring Filesystem Options

autofs configuration files

Understanding of automount units

UDF and ISO9660 tools and utilities

Awareness of other CD-ROM filesystems (HFS)

Awareness of CD-ROM filesystem extensions (Joliet, Rock Ridge, El Torito)

Basic feature knowledge of data encryption (dm-crypt / LUKS)

204 Advanced Storage Device Administration

204.1 Configuring RAID

Software RAID configuration files and utilities

The mdadm program

The

mdadm.conf

configuration file

The

/proc/mdstat

file

Using partition type 0xFD

204.2 Adjusting Storage Device Access

Tools and utilities to configure DMA for IDE devices including ATAPI and SATA

Tools and utilities to configure Solid State Drives including AHCI and NVMe

Tools and utilities to manipulate or analyze system resources (e.g., interrupts)

Awareness of sdparm command and its uses

Tools and utilities for iSCSI

Awareness of SAN, including relevant protocols (AoE, FCoE)

204.3 Logical Volume Manager

Tools in the LVM suite

Resizing, renaming, creating, and removing logical volumes, volume groups, and physical volumes

Creating and maintaining snapshots

Activating volume groups

205 Networking Configuration

205.1 Basic Networking Configuration

Utilities to configure and manipulate ethernet network interfaces

Configuring basic access to wireless networks

205.2 Advanced Network Configuration

Utilities to manipulate routing tables

Utilities to configure and manipulate ethernet network interfaces

Utilities to analyze the status of the network devices

Utilities to monitor and analyze the TCP/IP traffic

205.3 Troubleshooting Network Issues

Location and content of access restriction files

Utilities to configure and manipulate ethernet network interfaces

Utilities to manage routing tables

Utilities to list network states

Utilities to gain information about the network configuration

Methods of information about the recognized and used hardware devices

System initialization files and their contents (Systemd and SysV init)

Awareness of NetworkManager and its impact on network configuration

206 System Maintenance

206.1 Make and Install Programs from Source

Unpack source code using common compression and archive utilities.

Understand basics of invoking make to compile programs.

Apply parameters to a configure script.

Know where sources are stored by default.

206.2 Backup Operations

Knowledge about directories that have to be include in backups

Awareness of network backup solutions such as Amanda, Bacula, Bareos, and BackupPC

Knowledge of the benefits and drawbacks of tapes, CDR, disk, or other backup media

Perform partial and manual backups.

Verify the integrity of backup files.

Partially or fully restore backups.

206.3 Notify Users on System-Related Issues

Automate communication with users through logon messages.

Inform active users of system maintenance.

Exam 202 Objectives

The 202 exam comprises six topics (207–212), each of which contains two to five objectives. The six major topics are these:

Subject Area

207 Domain Name Server

208 HTTP Services

209 File Sharing

210 Network Client Management

211 E-Mail Services

212 System Security

207 Domain Name Server

207.1 Basic DNS Server Configuration

BIND 9.x configuration files, terms and utilities

Defining the location of the BIND zone files in BIND configuration files

Reloading modified configuration and zone files

Awareness of dnsmasq, djbdns, and PowerDNS as alternate name servers

207.2 Create and Maintain DNS Zones

BIND 9 configuration files, terms, and utilities

Utilities to request information from the DNS server

Layout, content and file location of the BIND zone files

Various methods to add a new host in the zone files, including reverse zones

207.3 Securing a DNS Server

BIND 9 configuration files

Configuring BIND to run in a chroot jail

Split configuration of BIND using the forwarders statement

Configuring and using transaction signatures (TSIG)

Awareness of DNSSEC and basic tools

Awareness of DANE and related records

208 HTTP Services

208.1 Basic Apache Configuration

Apache 2.4 configuration files, terms, and utilities

Apache log files configuration and content

Access restriction methods and files

mod_perl and PHP configuration

Client user authentication files and utilities

Configuration of maximum requests, minimum and maximum servers and clients

Apache 2.4 virtual host implementation (with and without dedicated IP addresses)

Using redirect statements in Apache’s configuration files to customize file access

208.2 Apache Configuration for HTTPS

SSL configuration files, tools, and utilities

Generate a server private key and CSR for a commercial CA

Generate a self-signed certificate

Install the key and certificate, including intermediate CAs

Configure Virtual Hosting using SNI

Awareness of the issues with Virtual Hosting and use of SSL

Security issues in SSL use, disable insecure protocols and ciphers

208.3 Implementing Squid as a Caching Proxy

Squid 3.x configuration files, terms, and utilities

Access restriction methods

Client user authentication methods

Layout and content of ACL in the Squid configuration files

208.4 Implementing Nginx as a Web Server and a Reverse Proxy

Nginx installation and configuration

Using Nginx as a reverse proxy

Basic Web server

209 File Sharing

209.1 Samba Server Configuration

Samba 4 documentation

Samba 4 configuration files

Samba 4 tools and utilities and daemons

Mounting CIFS shares on Linux

Mapping Windows usernames to Linux usernames

User-Level Share-Level and AD security

209.2 NFS Server Configuration

NFS version 3 configuration files

NFS tools and utilities

Access restrictions to certain hosts and/or subnets

Mount options on server and client

TCP Wrappers

Awareness of NFSv4

210 Network Client Management

210.1 DHCP Configuration

DHCP configuration files, terms, and utilities

Subnet and dynamically-allocated range setup

210.2 PAM authentication

PAM configuration files, terms, and utilities

passwd and shadow passwords

210.3 LDAP Client Usage

LDAP utilities for data management and queries

Change user passwords

Querying the LDAP directory

210.4 Configuring an OpenLDAP Server

OpenLDAP

Directory based configuration

Access Control

Distinguished Names

Changetype Operations

Schemas and Whitepages

Directories

Object IDs, Attributes and Classes

211 E-mail Services

211.1 Using E-mail Servers

Configuration files for postfix

Basic TLS configuration for postfix

Basic knowledge of the SMTP protocol

Awareness of sendmail and exim

211.2 Managing E-Mail Delivery

Understanding of Sieve functionality, syntax, and operators

Use Sieve to filter and sort mail with respect to sender, recipient(s), headers, and size

Awareness of procmail

211.3 Managing Mailbox Access

Dovecot IMAP and POP3 configuration and administration

Basic TLS configuration for Dovecot

Awareness of Courier

212 System Security

212.1 Configuring a Router

iptables and ip6tables configuration files, tools, and utilities

Tools, commands, and utilities to manage routing tables

Private address ranges (IPv4) and Unique Local Addresses as well as Link Local Addresses (IPv6)

Port redirection and IP forwarding

List and write filtering and rules that accept or block IP packets based on source or destination protocol, port and address.

Save and reload filtering configurations.

212.2 Managing FTP Servers

Configuration files, tools, and utilities for Pure-FTPd and vsftpd

Awareness of ProFTPd

Understanding of passive vs. active FTP connections

212.3 Secure Shell (SSH)

OpenSSH configuration files, tools, and utilities

Login restrictions for the superuser and the normal users

Managing and using server and client keys to login with and without password

Usage of multiple connections from multiple hosts to guard against loss of connection to remote host following configuration changes

212.4 Security Tasks

Tools and utilities to scan and test ports on a server

Locations and organizations that report security alerts as Bugtraq, CERT, or other sources

Tools and utilities to implement an intrusion detection system (IDS)

Awareness of OpenVAS and Snort

212.5 OpenVPN

OpenVPN installation and configuration

Connecting to OpenVPN with network clients

Certification Objectives Map

Table OM.1 and Table OM.2 provide objective mappings for the LPIC-2 certification exams. They identify the chapters where the exam objectives are primarily covered.

TABLE OM.1LPI LPIC-2 Exam 201 Objectives Map

Objectives

Chapter

Topic 200: Capacity Planning

200.1 Measure and Troubleshoot Resource Usage

2

200.2 Predict Future Resource Needs

2

Topic 201: Linux Kernel

201.1 Kernel Components

3

201.2 Compiling a Linux Kernel

3

201.3 Kernel Runtime Management and Troubleshooting

3

Topic 202: System Startup

202.1 Customizing System Startup

1

202.2 System Recovery

1

202.3 Alternate Bootloaders

1

Topic 203: Filesystem and Devices

203.1 Operating the Linux Filesystem

4

203.2 Maintaining a Linux Filesystem

4

203.3 Creating and Configuring Filesystem Options

4

Topic 204: Advanced Storage Device Administration

204.1 Configuring RAID

5

204.2 Adjusting Storage Device Access

5

204.3 Logical Volume Manager

5

Topic 205: Networking Configuration

205.1 Basic Networking Configuration

6

205.2 Advanced Network Configuration

6

205.3 Troubleshooting Network Issues

6

Topic 206: System Maintenance

206.1 Make and Install Programs from Source

2

206.2 Backup Operations

2

206.3 Notify Users on System-Related Issues

2

TABLE OM.2LPI LPIC-2 Exam 202 Objectives Map

Objectives

Chapter

Topic 207: Domain Name Server

207.1 Basic DNS Server Configuration

8

207.2 Create and Maintain DNS Zones

8

207.3 Securing a DNS Server

8

Topic 208: Web Services

208.1 Basic Apache Configuration

9

208.2 Apache Configuration for HTTPS

9

208.3 Implementing Squid as a Caching Proxy

9

208.4 Implementing Nginx as a Web Server and a Reverse Proxy

9

Topic 209: File Sharing

209.1 Samba Server Configuration

10

209.2 NFS Server Configuration

10

Topic 210: Network Client Management

210.1 DHCP Configuration

11

210.2 PAM Authentication

11

210.3 LDAP Client Usage

11

210.4 Configuring an OpenLDAP Server

11

Topic 211: E-Mail Services

211.1 Using E-mail Servers

7

211.2 Managing E-Mail Delivery

7

211.3 Managing Mailbox Access

7

Topic 212: System Security

212.1 Configuring a Router

12

212.2 Managing FTP Servers

10

212.3 Secure Shell (SSH)

12

212.4 Security Tasks

12

212.5 OpenVPN

12

Assessment Test

Which of the following commands will display process information? (Choose all that apply.)

lsof

iostat

pstree

netstat

pmap

Programmers developed the concept of kernel ________ to allow you to insert device driver code into a running kernel without having to recompile the kernel. (Fill in the best answer.)

The Linux kernel configuration file is which file? (Choose the best answer.)

/usr/src/linux/arch/x86/boot

/usr/src/linux/kernel.config

/boot/grub/grub.conf

/etc/modules.conf

/usr/src/linux/.config

Which of the following contains a file or is a file that you can view to see Linux kernel version information? (Choose the best answer.)

/proc/kernel

/proc/sys/kernel

/proc/ioports

/proc/dma

/etc/sysctl.d

Which command(s) could be considered

chkconfig

equivalents? (Choose all that apply.)

inittab

rc

update-rc.d

init

telinit

Which of the following are true statements concerning GRUB Legacy? (Choose all that apply.)

GRUB Legacy was written to replace LILO due to UEFI.

GRUB Legacy uses the

initrd

command.

GRUB Legacy uses the

/boot/grub/grub.cfg

configuration file.

Which of the following are Linux boot loaders? (Choose all that apply.)

SYSLINUX

EXTLINUX

ISOLINUX

PXELINUX

TFTP

When used with no options or parameters, which file does the

mount

command pull data from? (Choose all that apply.)

/etc/fstab

/etc/mtab

/proc/mounts

/proc/filesystems

blkid

The

smartd

daemon is configured via its configuration file, which is named ______. (Fill in the filename only with no directory references.)

Which of the following will allow you to check a software-controlled RAID array,

/dev/md1

, on a Linux system? (Choose all that apply.)

mdadm --misc --detail /dev/md1

mdadm --detail /dev/md1

cat /etc/mdadm.conf

cat /proc/mdstat

mdadm --show /dev/md1

To create or increase the size of a logical volume storage pool, which command should you use? (Choose all that apply.)

mdadm

vgextend

pvcreate

vgcreate

lvcreate

To view the ARP table, use which of the following commands? (Choose all that apply.)

ifconfig -arp

ip arp show

arp

route -n

iwlist arp scan

To apply a simulated data transfer across a network using both a server and a client, use the _____ utility. (Choose the best answer.)

tcpdump

ping

or

ping6

traceroute

or

traceroute6

nmap

nc

You just installed a new NIC and set up a wired network interface (

eth2

) on your server. However, it has no network connectivity (no packets are being sent or received through the interface). What should you do? (Choose all that apply.)

Check the interface settings via the

ifconfig eth2

command.

Check the interface from another system using the

ping

or

ping6

command.

Check the packets coming to and from the interface by using the

tcpdump

utility.

Check the kernel ring buffer using the

dmesg

utility.

Check kernel messages in either of the

/var/log/

directory’s

dmesg

,

messages

, or

syslog

files.

You need to use a rewinding tape device to create an archive. Which device could you use on your Linux system? (Choose all that apply.)

/dev/st0

/dev/ht1

/dev/sdt1

/dev/nst0

/dev/nht0

Which of the following statements are true about the

rndc

utility? (Choose all that apply.)

You can start the BIND daemon using it.

You can stop the BIND daemon using it

You can reload BIND configuration files with it.

You can reload BIND zone files with it.

The

rndc

utility does not deal with BIND.

The

type

directive in a BIND zone configuration file can be set to which of the following? (Choose all that apply.)

hint

primary

secondary

forward

stub

Which of the following are commands used with the

apache2ctl

utility? (Choose all that apply.)

force-stop

restart

graceful

fullstatus

status

Which of the following statements are true concerning Nginx? (Choose all that apply.)

Nginx uses separate program threads to handle each client.

Nginx uses an asynchronous architecture that allows it to spawn client threads within the main program as needed.

Nginx uses TCP port 80.

Nginx is deprecated and is being replaced by Apache.

Nginx can have multiple backend web servers to implement reverse proxy features.

Samba user account records can be stored in the ______ database. (Choose all that apply.)

smbpasswd

tdbsam

net

smbclient

ldapsam

Which of the following commands can display all current NFS exports and also reads the NFS export table when the NFS service starts? (Choose the best answer.)

rpcinfo

nfsstat

showmount

exportfs

mountstats

Where does DHCPd typically log DHCP events? (Choose all that apply.)

pump

log file

messages

log file

BOOTP

journal

dhcpd.log

file

systemd

journal

Which PAM authentication module uses the Security Services Daemon for authenticating users? (Choose the best answer.)

pam_sss.so

pam_unix.so

pam_nis.so

pam_krb5.so

pam_ldap.so

Which of the following OpenLDAP client utilities will allow you to add objects, such as user objects, to an LDAP database? (Choose all that apply.)

ldappasswd

ldapmodify

ldapadd

ldapsearch

ldapobject

Which methods, supported by OpenLDAP, will allow you to configure an LDAP environment, using a single text configuration file? (Choose all that apply.)

/etc/ldap.conf

slapd-conf

LDIF

slapd.conf

/etc/ldap

When using Postfix as your email server, which of the following sendmail emulation commands are available? (Choose all that apply.)

sendmail

procmail

mailq

mbox

newaliases

Which of the following directories contains pseudo-files, which control router functions? (Choose the best answer.)

/proc/sys/vm/

/proc/sys/net/

/proc/sys/dev/

/srv/

/proc/sys/iptables/

The Very Secure FTP package’s primary configuration file is the _____ file. (Fill in the filename only with no directory references.)

Which of the following OpenSSH configuration options sets the supported level? (Choose the best answer.)

PermitRootLogin

PubKeyAuthentication

AllowUsers

PasswordAuthentication

Protocol

Which of the following utilities, by default, will update firewall rules when it perceives a threat? (Choose all that apply.)

fail2ban

Snort

Bugtraq

nmap

nc

Answers to Assessment Test

A, C, D, E. Option A is correct, because

lsof

shows open files and network connections by process. The

pstree

command shows current processes in a tree format, so it also is a correct choice. While its focus is primarily on network and routing information, you can determine which process (via its PID) is listening on a particular port using the

netstat

utility. Thus option D is also a correct answer. Option E is correct, because the

pmap

command shows a processes map for the designated PID. The

iostat

utility displays device I/O loading summary broken down per device, so option B is the only incorrect choice.

modules. Programmers developed the concept of kernel

modules

to allow you to insert device driver code into a running kernel without having to recompile the kernel. A module is a self-contained driver library file that can be dynamically linked and unlinked with the kernel. This means that a kernel module can be removed from the kernel when the device is finished being used, something that can’t be done with compiled kernel drivers.

E. Option E is correct, because the Linux kernel configuration is stored in the

/usr/src/linux/.config

file. Option A is a directory that holds the final kernel binary,

bzImage

, after a compilation process, so it is an incorrect choice. Option B is a made-up filename, so it is wrong. The

/boot/grub/grub.conf

file is a GRUB Legacy configuration file, so option C is an incorrect choice. Option D’s

/etc/modules.conf

file is a configuration file for kernel modules, so it is also a wrong choice.

B. The

/proc/sys/kernel

is a directory that contains the

version

file. This file contains Linux kernel version information, so option B is the correct choice. Option A is made up, so it is an incorrect choice. Option C’s

/proc/ioports

is a file containing hardware I/O port information, so it is also an incorrect choice. The

/proc/dma

file contains Direct Memory Access (DMA) channel information, so option C is a wrong choice. Finally,

/etc/sysctl.d

is a directory that contains multiple kernel parameter setting files, so it also is an incorrect choice.