DOCSLIB.ORG

BSD Professional Certification Job Task Analysis Survey Results

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
BSD Professional Certification Job Task Analysis Survey Results BSD Professional Certification Job Task Analysis Survey Results March 21, 2010 BSD Professional Job Task Analysis Survey Results 2 Copyright © 2010 BSD Certification Group All Rights Reserved All trademarks are owned by their respective companies. This work is protected by a Creative Commons License which requires attribution and prevents commercial and derivative works. The human friendly version of the license can be viewed at http://creativecommons.org/licenses/by-nc-nd/3.0/ which also provides a hyperlink to the legal code. These conditions can only be waived by written permission from the BSD Certification Group. See the website for contact details. BSD Daemon Copyright 1988 by Marshall Kirk McKusick. All Rights Reserved. Puffy Artwork Copyright© 2004 by OpenBSD. FreeBSD® is a registered trademark of The FreeBSD Foundation, Inc. NetBSD® is a registered trademark of The NetBSD Foundation, Inc. The NetBSD Logo Copyright© 2004 by The NetBSD Foundation, Inc. Fred Artwork Copyright© 2005 by DragonFly BSD. Use of the above names, trademarks, logos, and artwork does not imply endorsement of this certification program by their respective owners. www.bsdcertification.org BSD Professional Job Task Analysis Survey Results 3 Table of Contents Executive Summary ................................................................................................................................... 9 Introduction .............................................................................................................................................. 10 Purpose ................................................................................................................................................ 10 Methodology ....................................................................................................................................... 10 Notes on Survey Accuracy ............................................................................................................. 11 BSDP JTA Survey Results ....................................................................................................................... 11 Comments ............................................................................................................................................ 12 Demographic Insights .......................................................................................................................... 14 INSTALLATION and SETUP ............................................................................................................ 16 1. Build and install system from source code. ............................................................................. 16 2. Use bsdlabel or disklabel to modify or create partitions. ........................................................ 16 3. Use fdisk tool to modify or create partitions. .......................................................................... 16 4. Change Partition IDs to other BSD or non-BSD IDs. ............................................................. 16 5. Create FAT32, NTFS, or other non-BSD partitions. ............................................................... 17 6. Create or edit the device.hints or loader.conf file. ................................................................... 17 7. Perform a 'headless' install using serial console. ..................................................................... 17 8. Create install script or configuration for unattended installation. ........................................... 17 9. Create an ISO installation image. ............................................................................................ 18 10. Create an emergency repair disk. ............................................................................................ 18 11. Display the order of startup steps/scripts to be run at boot time. ........................................... 18 12. Install a boot manager. ............................................................................................................ 18 13. Restore a corrupted boot sector. ............................................................................................. 19 14. Boot via the serial console. ..................................................................................................... 19 15. Configure a splash screen at boot. .......................................................................................... 19 16. Configure custom kernel tunables to be enabled at boot time. ............................................... 19 17. Password protect single user mode. ........................................................................................ 20 18. Configure BSD system for PXE booting. ............................................................................... 20 19. Configure system to mount remote network filesystems at boot. .......................................... 20 20. Create and install a jail. .......................................................................................................... 20 21. Prepare a host system for jails. ............................................................................................... 21 22. Start or shutdown a jail. .......................................................................................................... 21 23. Create an internal package repository. .................................................................................... 21 24. Compile a customized binary using ports, packages, or pkgsrc. ............................................ 21 25. Compress a kernel. .................................................................................................................. 22 26. Perform cross-platform building, such as using build.sh or 'make universe'. ........................ 22 Comments on “Installation and Setup” ........................................................................................... 22 SECURITY ......................................................................................................................................... 25 28. Raise or lower security level. .................................................................................................. 25 29. Configure system to deny root logins. .................................................................................... 25 www.bsdcertification.org BSD Professional Job Task Analysis Survey Results 4 30. Configure PAM to support an alternative authentication mechanism. ................................... 25 31. Configure ACLs to augment traditional Unix permissions. ................................................... 25 32. Change the flags on sensitive files. ......................................................................................... 26 33. Configure SSH to restrict logins. ............................................................................................ 26 34. Configure a Network Intrusion Detection System. ................................................................. 26 35. Install (if needed), configure, and use sudo. ........................................................................... 26 36. Apply security patches. ........................................................................................................... 27 37. Scan a network to review open ports. ..................................................................................... 27 38. Generate self-signed certificates. ............................................................................................ 27 39. Scan a password file for weak passwords. .............................................................................. 27 40. Configure kernel to prevent ability to perform network sniffing. .......................................... 28 41. Configure a firewall to act as an authentication gateway. ...................................................... 28 42. Configure a firewall for greylisting or blacklisting. ............................................................... 28 43. Configure a firewall to disable multiple connection attempts from an attacker. .................... 28 44. Configure a firewall with custom packet filtering rules. ........................................................ 29 45. Configure TCP wrappers. ....................................................................................................... 29 46. Configure a file integrity checking utility. ............................................................................. 29 47. Configure One-Time Passwords (OTP). ................................................................................. 29 48. Configure login.conf or PAM for improving new password security. ................................... 30 49. Monitor system for common security threats. ........................................................................ 30 50. Install and configure a Kerberos server. ................................................................................. 30 51. Configure an IPSec VPN. ....................................................................................................... 30 52. Configure security event auditing. .......................................................................................... 31 Comments on “Security” ................................................................................................................ 31 FILESYSTEMS and FILES ...............................................................................................................
Load more

Recommended publications
  • Proceedings of the Bsdcon 2002 Conference
    USENIX Association Proceedings of the BSDCon 2002 Conference San Francisco, California, USA February 11-14, 2002 THE ADVANCED COMPUTING SYSTEMS ASSOCIATION © 2002 by The USENIX Association All Rights Reserved For more information about the USENIX Association: Phone: 1 510 528 8649 FAX: 1 510 548 5738 Email: [email protected] WWW: http://www.usenix.org Rights to individual papers remain with the author or the author's employer. Permission is granted for noncommercial reproduction of the work for educational or research purposes. This copyright notice must be included in the reproduced paper. USENIX acknowledges all trademarks herein. Rethinking /devand devices in the UNIX kernel Poul-Henning Kamp <[email protected]> The FreeBSD Project Abstract An outstanding novelty in UNIX at its introduction was the notion of ‘‘a file is a file is a file and evenadevice is a file.’’ Going from ‘‘hardware only changes when the DEC Field engineer is here’’to‘‘my toaster has USB’’has put serious strain on the rather crude implementation of the ‘‘devices as files’’concept, an implementation which has survivedpractically unchanged for 30 years in most UNIX variants. Starting from a high-levelviewofdevices and the semantics that have grown around them overthe years, this paper takes the audience on a grand tour of the redesigned FreeBSD device-I/O system, to convey anoverviewofhow itall fits together,and to explain whythings ended up as theydid, howtouse the newfeatures and in particular hownot to. 1. Introduction tax and meaning, so that a program expecting a file name as a parameter can be passed a device name; There are really only twofundamental ways to concep- finally,special files are subject to the same protec- tualise I/O devices in an operating system: The usual tion mechanism as regular files.
    [Show full text]
  • Debugging Kernel Problems
    Debugging Kernel Problems by GregLehey Edition for AsiaBSDCon 2004 Taipei, 13 March 2004 Debugging Kernel Problems by GregLehey([email protected]) Copyright © 1995-2004 GregLehey 3Debugging Kernel Problems Preface Debugging kernel problems is a black art. Not manypeople do it, and documentation is rare, in- accurate and incomplete. This document is no exception: faced with the choice of accuracyand completeness, I chose to attempt the latter.Asusual, time was the limiting factor,and this draft is still in beta status. This is a typical situation for the whole topic of kernel debugging: building debug tools and documentation is expensive,and the people who write them are also the people who use them, so there'satendencytobuild as much of the tool as necessary to do the job at hand. If the tool is well-written, it will be reusable by the next person who looks at a particular area; if not, it might fall into disuse. Consider this book a starting point for your own develop- ment of debugging tools, and remember: more than anywhere else, this is an area with ``some as- sembly required''. Debugging Kernel Problems 4 1 Introduction Operating systems fail. All operating systems contain bugs, and theywill sometimes cause the system to behave incorrectly.The BSD kernels are no exception. Compared to most other oper- ating systems, both free and commercial, the BSD kernels offer a large number of debugging tools. This tutorial examines the options available both to the experienced end user and also to the developer. In this tutorial, we’ll look at the following topics: • Howand whykernels fail.
    [Show full text]
  • The Complete Freebsd
    The Complete FreeBSD® If you find errors in this book, please report them to Greg Lehey <grog@Free- BSD.org> for inclusion in the errata list. The Complete FreeBSD® Fourth Edition Tenth anniversary version, 24 February 2006 Greg Lehey The Complete FreeBSD® by Greg Lehey <[email protected]> Copyright © 1996, 1997, 1999, 2002, 2003, 2006 by Greg Lehey. This book is licensed under the Creative Commons “Attribution-NonCommercial-ShareAlike 2.5” license. The full text is located at http://creativecommons.org/licenses/by-nc-sa/2.5/legalcode. You are free: • to copy, distribute, display, and perform the work • to make derivative works under the following conditions: • Attribution. You must attribute the work in the manner specified by the author or licensor. • Noncommercial. You may not use this work for commercial purposes. This clause is modified from the original by the provision: You may use this book for commercial purposes if you pay me the sum of USD 20 per copy printed (whether sold or not). You must also agree to allow inspection of printing records and other material necessary to confirm the royalty sums. The purpose of this clause is to make it attractive to negotiate sensible royalties before printing. • Share Alike. If you alter, transform, or build upon this work, you may distribute the resulting work only under a license identical to this one. • For any reuse or distribution, you must make clear to others the license terms of this work. • Any of these conditions can be waived if you get permission from the copyright holder. Your fair use and other rights are in no way affected by the above.
    [Show full text]
  • Kratka Povijest Unixa Od Unicsa Do Freebsda I Linuxa
    Kratka povijest UNIXa Od UNICSa do FreeBSDa i Linuxa 1 Autor: Hrvoje Horvat Naslov: Kratka povijest UNIXa - Od UNICSa do FreeBSDa i Linuxa Licenca i prava korištenja: Svi imaju pravo koristiti, mijenjati, kopirati i štampati (printati) knjigu, prema pravilima GNU GPL licence. Mjesto i godina izdavanja: Osijek, 2017 ISBN: 978-953-59438-0-8 (PDF-online) URL publikacije (PDF): https://www.opensource-osijek.org/knjige/Kratka povijest UNIXa - Od UNICSa do FreeBSDa i Linuxa.pdf ISBN: 978-953- 59438-1- 5 (HTML-online) DokuWiki URL (HTML): https://www.opensource-osijek.org/dokuwiki/wiki:knjige:kratka-povijest- unixa Verzija publikacije : 1.0 Nakalada : Vlastita naklada Uz pravo svakoga na vlastito štampanje (printanje), prema pravilima GNU GPL licence. Ova knjiga je napisana unutar inicijative Open Source Osijek: https://www.opensource-osijek.org Inicijativa Open Source Osijek je član udruge Osijek Software City: http://softwarecity.hr/ UNIX je registrirano i zaštićeno ime od strane tvrtke X/Open (Open Group). FreeBSD i FreeBSD logo su registrirani i zaštićeni od strane FreeBSD Foundation. Imena i logo : Apple, Mac, Macintosh, iOS i Mac OS su registrirani i zaštićeni od strane tvrtke Apple Computer. Ime i logo IBM i AIX su registrirani i zaštićeni od strane tvrtke International Business Machines Corporation. IEEE, POSIX i 802 registrirani i zaštićeni od strane instituta Institute of Electrical and Electronics Engineers. Ime Linux je registrirano i zaštićeno od strane Linusa Torvaldsa u Sjedinjenim Američkim Državama. Ime i logo : Sun, Sun Microsystems, SunOS, Solaris i Java su registrirani i zaštićeni od strane tvrtke Sun Microsystems, sada u vlasništvu tvrtke Oracle. Ime i logo Oracle su u vlasništvu tvrtke Oracle.
    [Show full text]
  • Development Tools for the Kernel Release 4.13.0-Rc4+
    Development tools for the Kernel Release 4.13.0-rc4+ The kernel development community Sep 05, 2017 CONTENTS 1 Coccinelle 3 1.1 Getting Coccinelle ............................................. 3 1.2 Supplemental documentation ...................................... 3 1.3 Using Coccinelle on the Linux kernel .................................. 4 1.4 Coccinelle parallelization ......................................... 4 1.5 Using Coccinelle with a single semantic patch ............................ 5 1.6 Controlling Which Files are Processed by Coccinelle ......................... 5 1.7 Debugging Coccinelle SmPL patches .................................. 5 1.8 .cocciconfig support ............................................ 6 1.9 Additional flags ............................................... 7 1.10 SmPL patch specific options ....................................... 7 1.11 SmPL patch Coccinelle requirements .................................. 7 1.12 Proposing new semantic patches .................................... 7 1.13 Detailed description of the report mode ................................ 7 1.14 Detailed description of the patch mode ................................ 8 1.15 Detailed description of the context mode ............................... 9 1.16 Detailed description of the org mode .................................. 9 2 Sparse 11 2.1 Using sparse for typechecking ...................................... 11 2.2 Using sparse for lock checking ...................................... 11 2.3 Getting sparse ..............................................
    [Show full text]
  • Bsdcan-2018-Governance.Pdf (Application/Pdf
    The Evolution of FreeBSD Governance Marshall Kirk McKusick [email protected] http://www.mckusick.com Based on a paper written with Benno Rice The FreeBSD Journal, 4,5. September 2017, pp 26−31 BSDCan Conference Ottawa,Canada June 9, 2018 Copyright 2018 by Marshall Kirk McKusick 1 Background and Introduction The BerkeleySoftware Distribution (BSD) started in 1977 as a project of Bill Joy at the University of California at Berkeley Became a full distribution with the release of 3BSD for the VAX in 1979 Use of source-code control (SCCS) started in 1980 Adecade of releases were managed by the Computer Systems Research Group (CSRG), afour-person development team. Nearly-full open-source release of Net/2 in 1991 followed by 4.4BSD-Lite in 1994 2 The Formation of the FreeBSD Project FreeBSD was named on June 19, 1993 and wasderivedfrom Bill Jolitz version of 4.4BSD-Lite for the Intel 386 Managed under the CVS source-code control system Core team (with lifetime terms) created to decide who should be allowed to commit Initially distributed by Walnut Creek CDROM Separated into base system and ports to keep base system size managable GNATSwas brought up manage bug reports 3 The FreeBSD Project Movesinto Companies Yahoo ran entirely on FreeBSD and agreed to host CVS and distribution Justin Gibbs starts the FreeBSD Foundation aiming to provide the FreeBSD infrastructure Deadwood and apathy in the 20-member core team lead to creating bylaws that set up a 9-member elected core team First elected core team in 2000 with few carryovers from old core
    [Show full text]
  • Freebsd System Programming Freebsd System Programming
    FreeBSD system programming FreeBSD system programming Authors: Nathan Boeger (nboeger at khmere.com) Mana Tominaga (manna at dumaexplorer.com ) Copyright (C) 2001,2002,2003,2004 Nathan Boeger and Mana Tominaga Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation License, Version 1.1 or any later version published by the Free Software Foundation; with no Invariant Sections, one Front-Cover Texts, and one Back-Cover Text: "Nathan Boeger and Mana Tominaga wrote this book and asks for your support through donation. Contact the authors for more information" A copy of the license is included in the section entitled GNU Free Documentation License" Welcome to the FreeBSD System Programming book. Please note that this is a work in progress and feedback is appreciated! please note a few things first: • We have written the book in a new format. I have read many programming books that have covered many different areas. Personally, I found it hard to follow code with no comments or switching back and forth between text explaining code and the code. So in this book, after chapter 1, I have split the code and text into separate pieces. The source code for each chapter is online and fully downloaded able. That way if you only want to check out the source code examples you can view them only. And if you want to understand the concepts you can read the text or even have them side by side. Please let us know your thoughts on this • The book was ordinally intended to be published in hard copy form.
    [Show full text]
  • An Overview of Security in the Freebsd Kernel 131 Dr
    AsiaBSDCon 2014 Proceedings March 13-16, 2014 Tokyo, Japan Copyright c 2014 BSD Research. All rights reserved. Unauthorized republication is prohibited. Published in Japan, March 2014 INDEX P1A: Bold, fast optimizing linker for BSD — Luba Tang P1B: Visualizing Unix: Graphing bhyve, ZFS and PF with Graphite 007 Michael Dexter P2A: LLVM in the FreeBSD Toolchain 013 David Chisnall P2B: NPF - progress and perspective 021 Mindaugas Rasiukevicius K1: OpenZFS: a Community of Open Source ZFS Developers 027 Matthew Ahrens K2: Bambi Meets Godzilla: They Elope 033 Eric Allman P3A: Snapshots, Replication, and Boot-Environments—How new ZFS utilities are changing FreeBSD & PC-BSD 045 Kris Moore P3B: Netmap as a core networking technology 055 Luigi Rizzo, Giuseppe Lettieri, and Michio Honda P4A: ZFS for the Masses: Management Tools Provided by the PC-BSD and FreeNAS Projects 065 Dru Lavigne P4B: OpenBGPD turns 10 years - Design, Implementation, Lessons learned 077 Henning Brauer P5A: Introduction to FreeNAS development 083 John Hixson P5B: VXLAN and Cloud-based networking with OpenBSD 091 Reyk Floeter INDEX P6A: Nested Paging in bhyve 097 Neel Natu and Peter Grehan P6B: Developing CPE Routers based on NetBSD: Fifteen Years of SEIL 107 Masanobu SAITOH and Hiroki SUENAGA P7A: Deploying FreeBSD systems with Foreman and mfsBSD 115 Martin Matuška P7B: Implementation and Modification for CPE Routers: Filter Rule Optimization, IPsec Interface and Ethernet Switch 119 Masanobu SAITOH and Hiroki SUENAGA K3: Modifying the FreeBSD kernel Netflix streaming servers — Scott Long K4: An Overview of Security in the FreeBSD Kernel 131 Dr. Marshall Kirk McKusick P8A: Transparent Superpages for FreeBSD on ARM 151 Zbigniew Bodek P8B: Carve your NetBSD 165 Pierre Pronchery and Guillaume Lasmayous P9A: How FreeBSD Boots: a soft-core MIPS perspective 179 Brooks Davis, Robert Norton, Jonathan Woodruff, and Robert N.
    [Show full text]
  • Recent Filesystem Optimisations in Freebsd
    Recent Filesystem Optimisations in FreeBSD Ian Dowse <[email protected]> Corvil Networks. David Malone <[email protected]> CNRI, Dublin Institute of Technology. Abstract 2.1 Soft Updates In this paper we summarise four recent optimisations Soft updates is one solution to the problem of keeping to the FFS implementation in FreeBSD: soft updates, on-disk filesystem metadata recoverably consistent. Tra- dirpref, vmiodir and dirhash. We then give a detailed ex- ditionally, this has been achieved by using synchronous position of dirhash’s implementation. Finally we study writes to order metadata updates. However, the perfor- these optimisations under a variety of benchmarks and mance penalty of synchronous writes is high. Various look at their interactions. Under micro-benchmarks, schemes, such as journaling or the use of NVRAM, have combinations of these optimisations can offer improve- been devised to avoid them [14]. ments of over two orders of magnitude. Even real-world workloads see improvements by a factor of 2–10. Soft updates, proposed by Ganger and Patt [4], allows the reordering and coalescing of writes while maintain- ing consistency. Consequently, some operations which have traditionally been durable on system call return are 1 Introduction no longer so. However, any applications requiring syn- chronous updates can still use fsync(2) to force specific changes to be fully committed to disk. The implementa- Over the last few years a number of interesting tion of soft updates is relatively complicated, involving filesystem optimisations have become available under tracking of dependencies and the roll forward/back of FreeBSD. In this paper we have three goals.
    [Show full text]
  • A Guide to Kernel Exploitation Attacking the Core (2011
    A Guide to Kernel Exploitation This page intentionally left blank A Guide to Kernel Exploitation Attacking the Core Enrico Perla Massimiliano Oldani Technical Editor Graham Speake AMSTERDAM • BOSTON • HEIDELBERG • LONDON • • • NEW YORK OXFORD PARIS SAN DIEGO SYNGRESS SAN FRANCISCO • SINGAPORE • SYDNEY • TOKYO ® Syngress is an imprint of Elsevier Acquiring Editor: Rachel Roumeliotis Development Editor: Matthew Cater Project Manager: Julie Ochs Designer: Alisa Andreola Syngress is an imprint of Elsevier 30 Corporate Drive, Suite 400, Burlington, MA 01803, USA © 2011 Elsevier Inc. All rights reserved. No part of this publication may be reproduced or transmitted in any form or by any means, electronic or mechanical, including photocopying, recording, or any information storage and retrieval system, without permission in writing from the publisher. Details on how to seek permission, further information about the Publisher’s permissions policies and our arrangements with organizations such as the Copyright Clearance Center and the Copyright Licensing Agency, can be found at our website: www.elsevier.com/permissions. This book and the individual contributions contained in it are protected under copyright by the Publisher (other than as may be noted herein). Notices Knowledge and best practice in this field are constantly changing. As new research and experience broaden our understanding, changes in research methods or professional practices, may become necessary. Practitioners and researchers must always rely on their own experience and knowledge in evaluating and using any information or methods described herein. In using such information or methods they should be mindful of their own safety and the safety of others, including parties for whom they have a professional responsibility.
    [Show full text]
  • Introduction the Daemon Plugins Missing Features
    Magic Tunnel Daemon mtund Matu´sˇ Harvan Information Security, ETH Zurich,¨ Switzerland Introduction Features: ICMP plugin • failover between plugins – using ICMP echo request/reply pairs to pass a stateful NAT gateway IP can easily be tunneled over a plethora of network protocols at various • probing and keep-alive “pings” – sys patch – net.inet.icmp.echo user sysctl allows receiving ICMP echo requests on a raw IP socket layers, such as IP, ICMP, UDP, TCP, DNS, HTTP, SSH and many others. – detects a broken encapsulation While a direct connection may not always be possible due to a firewall, the DNS plugin – keeps state in firewall IP packets could be encapsulated as payload in other protocols, which would – using DNS queries and replies • multi-user support get through. However, each such encapsulation requires the setup of a dif- – DNS encoding and decoding taken from iodine ferent program and the user has to manually probe different encapsulations – one tun(4) interface per client – if a DNS zone is properly delegated, connection to a working nameserver to find out which of them works in a given environment. – clients need to associate with the server is sufficient and direct Internet connectivity is not needed (this is the case The Magic Tunnel Daemon (mtund) consists of a daemon and plugins. Each • fragmentation and fragment reassembly at many hotspots) plugin implements a different encapsulation. The daemon automagically se- lects a working encapsulation in each environment, does the tunneling and Two types of encapsulations: can failover to another encapsulation if the environment changes. 1. direct (TCP, UDP) Missing Features • each side can send data anytime • more plugins The Daemon 2.
    [Show full text]
  • A BRIEF HISTORY of the BSD FAST FILE SYSTEM 9 June07login Press.Qxd:Login June 06 Volume 31 5/27/07 10:22 AM Page 10
    June07login_press.qxd:login June 06 Volume 31 5/27/07 10:22 AM Page 9 I FIRST STARTED WORKING ON THE UNIX file system with Bill Joy in the late MARSHALL KIRK MCKUSICK 1970s. I wrote the Fast File System, now called UFS, in the early 1980s. In this a brief history of article, I have written a survey of the work that I and others have done to the BSD Fast File improve the BSD file systems. Much of System this research has been incorporated into other file systems. Dr. Marshall Kirk McKusick writes books and articles, teaches classes on UNIX- and BSD-related subjects, and provides expert-witness testimony on software patent, trade secret, and copyright issues, particu - 1979: Early Filesystem Work larly those related to operating systems and file sys - tems. While at the University of California at Berke - The first work on the UNIX file system at Berke - ley, he implemented the 4.2BSD Fast File System and was the Research Computer Scientist at the Berkeley ley attempted to improve both the reliability and Computer Systems Research Group (CSRG) oversee - the throughput of the file system. The developers ing the development and release of 4.3BSD and improved reliability by staging modifications to 4.4BSD. critical filesystem information so that the modifi - [email protected] cations could be either completed or repaired cleanly by a program after a crash [14]. Doubling the block size of the file system improved the per - formance of the 4.0BSD file system by a factor of more than 2 when compared with the 3BSD file system.
    [Show full text]