Skip to main content

LPIC-3 Exam 303

With the LPIC-3 certification, you are able to demonstrate that you are at the pinnacle of your career in Linux Administration. Having already gained your LPIC-2 Certification you can now choose from your expertise level certification. The LPIC-3 exam  303 allows you to show your skill in Linux Security by passing the exam  303-200. For detailed objectives, you may visit the LPI Website.

LPIC-3 Exam 303 : Security Topics

  • Cryptography
  • Access Control
  • Application Security
  • Operations Security
  • Network Security

325.1 X509 Certificates and PKI

The first video in this topic look at setting up the 389-DS LDAP directory Service. We need that later in LPIC-3 303 to look at Authenticating with SSSD and PAM. The install will give you both LDAP and LDAPS access, however, with a self-signed certificate the security is not great and commands will fail if we don’t ignore invalid certificates. We can fix this by creating our own CA, certificate authority, and issuing certificates from certificate signing request form the LDAP server. This is a clean and simple CA that we can start with before moving into a more complex setup.

326.1 Host Hardening

We begin this course by looking at topic the LPI objective 326.1 and how we can harden, or secure, our Linux hosts. The LPI publish the objectives online and weight each topic. Host hardening shows with a weight of 3 indicating that you should expect 3 questions on this topic in the exam, from a total of 60. By the end of this topic you will be able to secure your Linux system against common threats. Methods that you will be able to use will include the correct configuration of the Kernel and software. You will find that there is much we can do here to extend the security delivered by and out-of-the box install

Each objective is available to view online. However if you prefer to have all the content in one place and study from an eBook then this objective is now available to download for just £0.99.


326.2 Intrusion Detection

Linux Security is not all about prevention. Being able to detect malicious or incorrect use of the server is a major part of a Linux Administrators role and in this objective we take a look at how we can detect such invasions and intruder detection.

326.3 User Account Management and Authentication

In this objective the focus is upon our user accounts and authentication mechanisms. We will see how Linux can be configured to resolve account names and which authentication mechanisms can be used. For sure, this is going to involve our PAM modules and NSS. We will also dive in LDAP and using SSSD so we can authenticate with multiple LDAP domains. We will also see how we issue authentication token using Kerberos.

327.1 Discretionary Access Control

Discretionary Access Control Lists or DALCs, dacles, represent the permissions that are assigned in the file system.  Discretionary, as a user has the discretion to assign everyone all permissions to their home directory such as assigning  the mode of 777 to $HOME but also as the root user overrides the access control list to maintain access to all files. To a degree this works and is our starting point in the Access Control List journey. In this module we will learn all about user permissions and the files mode. Extending permissions using Access Control Lists and using special permissions to control access. Finally we will look at Posix Capabilities which can be used as a replacement to some special permissions.

328.1 Network Hardening

We have already seen, in objective 326.1, how we can harden our Linux Hosts. We now turn our attention to the network and what we can do with Linux to detect issues and harden our network paths. As we work through this module we will look at FreeRADIUS so we can authenticate networks hosts, port scanning using nmap and tools to capture data from the network so we might analyse what is happening. We start with capturing packets to compare unencrypted traffic with encrypted traffic