More work for the objective review (was Re: [lpi-discuss] Re:
IPv6 in exam LPI ?)
Bryan J. Smith
b.j.smith at ieee.org
Thu Aug 18 08:52:26 EDT 2005
[ Since Evan piped up, I'll respond to him once ]
On Wed, 2005-08-17 at 22:32 -0400, Evan Leibovitch wrote:
> Being "in production" does not, in itself, entitle a technology to be
> included in the LPIC program. Even being "widely used", in itself, may
> not be sufficient.
Understood. But IPv6 is a "core foundation" just like IPv4 (see below).
> Whether IPv6, or SELinux, or Postfix, or any other component becomes
> part of the LPIC exam should be determined by a formal process that is
> open, well defined/understood, and based on a broad solicitation of
> input. It requires a sample size substantially greater than the number
> of participants in these threads.
- I'm _not_ for Postfix inclusion (surprise ;-)
Again, despite what some people might think, I am _not_ for adding
Postfix. Furthermore, it is _not_ "foundational" like IPv6. My past
comment MTAs was if there was a way to give a set of questions on 2-3
MTAs each and count only the "best one," that would be ideal. That does
not seem possible, given the format, costs, etc...
I'm not here making "unreasonable" statements, I'm trying to think very
thoughtfully of what can and can't fit into the exam.
- IPv6 _is_ foundational though
But IPv6 _is_ "foundational." You could start by including it in the
standard utility printouts that also use IPv4, the commands that IPv4
uses, etc... You _integrate_ IPv6 into the same IPv4 questions.
Again, my _only_ recommendation for LPIC-1 has been:
"Identify and know how to disable IPv6"
I feel very strongly about #1 because it's shipping on distros, and more
are to come. It's not a "SuSE-only" thing, as others have pointed out.
- MAC/RBAC is debatable, maybe only if we include POSIX ACLs too
SELinux is more debatable. Now it is the MAC/RBAC complement to DAC,
and as I've stated, MAC/RBAC are pretty much mandatory in many
environments. I know many Linux users like to ignore the concept of
MAC/RBAC and only use DAC, but that's not what enterprises want to do.
But most MAC/RBAC concepts _can_ stay with the new LPIC-3 Security exam.
I think the "litmus test" for SELinux is if LPIC-1/2 also covers POSIX
ACLs (getfacl, setfacl). If that is only on the LPIC-3 Security exam,
then let's just stick with DAC-only on the LPIC-1/2. Just my viewpoint.
Although it would be nice to see LPIC-1 with at least:
"Identify and know how to disable SELinux"
> What optimally should come out of these discussions is a proper
> formulation of the _questions_ to ask during the research phase of the
> objective review.
I think I provided that on IPv6 ... tasks, tasks, tasks ...
Level 1 (Junior Admin/18-month):
- Identify a IPv6 address
- Use "ifconfig" to disable an IPv6 address on an interface
(not merely take down the entire interface and IPv4 too)
Level 2 (Seasoned Admin/36-month):
- Identify LINKLOCAL IPv6 Address
- Identify Unicast and Multicast IPv6 address
- Identify Subnet ID in IPv6 address
- Use "ifconfig" assign a PRIVATE IPv6 address
- Use "route" to create a static IPv6 route to another IPv6
- Configure "/etc/hosts" to support static IPv6 addresses
- Configure "dhcpd" sections to assign PRIVATE IPv6 addresses
- Configure "bind" zones to support IPv6 IN A/PTR records
- Troubleshoot IPv6 performance issues
- Troubleshoot IPv6 service issues
I did a "complete dump" of any basic IPv6 I could think of for LPIC-2.
I do _not_ think every above question should be included, just all the
possible tasks that _could_ be included -- that's all.
But the 2 items for LPIC-1, pretty "required" these days, and by 2007,
probably _every_ distro.
> The LPI program should be a reflection, not a driver, of current best
> practice by admins.
How to disable IPv6 seems to be a regular issue right now. ;->
Bryan J. Smith b.j.smith at ieee.org http://thebs413.blogspot.com
The best things in life are NOT free - which is why life is easiest if
you save all the bills until you can share them with the perfect woman
More information about the lpi-discuss