BSD Professional Certification Job Task Analysis Survey Results March 21, 2010 BSD Professional Job Task Analysis Survey Results 2 Copyright © 2010 BSD Certification Group All Rights Reserved All trademarks are owned by their respective companies. This work is protected by a Creative Commons License which requires attribution and prevents commercial and derivative works. The human friendly version of the license can be viewed at http://creativecommons.org/licenses/by-nc-nd/3.0/ which also provides a hyperlink to the legal code. These conditions can only be waived by written permission from the BSD Certification Group. See the website for contact details. BSD Daemon Copyright 1988 by Marshall Kirk McKusick. All Rights Reserved. Puffy Artwork Copyright© 2004 by OpenBSD. FreeBSD® is a registered trademark of The FreeBSD Foundation, Inc. NetBSD® is a registered trademark of The NetBSD Foundation, Inc. The NetBSD Logo Copyright© 2004 by The NetBSD Foundation, Inc. Fred Artwork Copyright© 2005 by DragonFly BSD. Use of the above names, trademarks, logos, and artwork does not imply endorsement of this certification program by their respective owners. www.bsdcertification.org BSD Professional Job Task Analysis Survey Results 3 Table of Contents Executive Summary ................................................................................................................................... 9 Introduction .............................................................................................................................................. 10 Purpose ................................................................................................................................................ 10 Methodology ....................................................................................................................................... 10 Notes on Survey Accuracy ............................................................................................................. 11 BSDP JTA Survey Results ....................................................................................................................... 11 Comments ............................................................................................................................................ 12 Demographic Insights .......................................................................................................................... 14 INSTALLATION and SETUP ............................................................................................................ 16 1. Build and install system from source code. ............................................................................. 16 2. Use bsdlabel or disklabel to modify or create partitions. ........................................................ 16 3. Use fdisk tool to modify or create partitions. .......................................................................... 16 4. Change Partition IDs to other BSD or non-BSD IDs. ............................................................. 16 5. Create FAT32, NTFS, or other non-BSD partitions. ............................................................... 17 6. Create or edit the device.hints or loader.conf file. ................................................................... 17 7. Perform a 'headless' install using serial console. ..................................................................... 17 8. Create install script or configuration for unattended installation. ........................................... 17 9. Create an ISO installation image. ............................................................................................ 18 10. Create an emergency repair disk. ............................................................................................ 18 11. Display the order of startup steps/scripts to be run at boot time. ........................................... 18 12. Install a boot manager. ............................................................................................................ 18 13. Restore a corrupted boot sector. ............................................................................................. 19 14. Boot via the serial console. ..................................................................................................... 19 15. Configure a splash screen at boot. .......................................................................................... 19 16. Configure custom kernel tunables to be enabled at boot time. ............................................... 19 17. Password protect single user mode. ........................................................................................ 20 18. Configure BSD system for PXE booting. ............................................................................... 20 19. Configure system to mount remote network filesystems at boot. .......................................... 20 20. Create and install a jail. .......................................................................................................... 20 21. Prepare a host system for jails. ............................................................................................... 21 22. Start or shutdown a jail. .......................................................................................................... 21 23. Create an internal package repository. .................................................................................... 21 24. Compile a customized binary using ports, packages, or pkgsrc. ............................................ 21 25. Compress a kernel. .................................................................................................................. 22 26. Perform cross-platform building, such as using build.sh or 'make universe'. ........................ 22 Comments on “Installation and Setup” ........................................................................................... 22 SECURITY ......................................................................................................................................... 25 28. Raise or lower security level. .................................................................................................. 25 29. Configure system to deny root logins. .................................................................................... 25 www.bsdcertification.org BSD Professional Job Task Analysis Survey Results 4 30. Configure PAM to support an alternative authentication mechanism. ................................... 25 31. Configure ACLs to augment traditional Unix permissions. ................................................... 25 32. Change the flags on sensitive files. ......................................................................................... 26 33. Configure SSH to restrict logins. ............................................................................................ 26 34. Configure a Network Intrusion Detection System. ................................................................. 26 35. Install (if needed), configure, and use sudo. ........................................................................... 26 36. Apply security patches. ........................................................................................................... 27 37. Scan a network to review open ports. ..................................................................................... 27 38. Generate self-signed certificates. ............................................................................................ 27 39. Scan a password file for weak passwords. .............................................................................. 27 40. Configure kernel to prevent ability to perform network sniffing. .......................................... 28 41. Configure a firewall to act as an authentication gateway. ...................................................... 28 42. Configure a firewall for greylisting or blacklisting. ............................................................... 28 43. Configure a firewall to disable multiple connection attempts from an attacker. .................... 28 44. Configure a firewall with custom packet filtering rules. ........................................................ 29 45. Configure TCP wrappers. ....................................................................................................... 29 46. Configure a file integrity checking utility. ............................................................................. 29 47. Configure One-Time Passwords (OTP). ................................................................................. 29 48. Configure login.conf or PAM for improving new password security. ................................... 30 49. Monitor system for common security threats. ........................................................................ 30 50. Install and configure a Kerberos server. ................................................................................. 30 51. Configure an IPSec VPN. ....................................................................................................... 30 52. Configure security event auditing. .......................................................................................... 31 Comments on “Security” ................................................................................................................ 31 FILESYSTEMS and FILES ...............................................................................................................