COMMON SERVICES

Providing access to and configuring services, both locally and on a network, is a key skill of a BSD system administrator.

BSDP candidates should understand the options available for providing a service and be proficient in installing, configuring, and monitoring the specified service. Candidates are free to implement the service through any software provided with the four supported BSD systems, or available through packages or pkgsrc. Candidates are expected to use their knowledge of the service described and the capabilities of their preferred platform to implement the objectives in a time efficient manner.


3.6.1. Configure and enable a DHCP server.

Importance: 3.8, Frequency: 1.9, Bloom: K,C,A

Concept: (examples described using ISC DHCP)

A Dynamic Host Configuration Protocol (DHCP) server is used to provide network addressing information to systems running DHCP client software.

BSDP candidates should know how to install and configure the DHCP server software of their choice to provide IPv4 addressing information.

Practical:

software of choice from packages/pkgsrc

Estimated Time:

20 minutes to install, configure, and test a DHCP server according to a specification.

3.6.2. Override settings a DHCP client receives from a DHCP server.

Importance: 3.4, Frequency: 1.9, Bloom: K,A

Concept:

A system administrator can configure a DHCP client to override the settings received from a DHCP server. BSD systems provide a dhclient.conf(5) file which contains configuration directives for this purpose.

BSDP candidates should know how to use this file's directives to either override settings received or to specify default settings.

Practical:

dhclient.conf(5), dhclient(8)

Estimated Time:

10 minutes to configure a dhclient.conf file according to a specification.

3.6.3. Enable a DNS caching server.

Importance: 3.9, Frequency: 2.0, Bloom: K,A

Concept:

A caching name server provides name services for clients but may not be authoritative for the domains being queried. A caching server retains name resolution data for all domains that it resolves on behalf of clients.

BSDP candidates should know how to configure and operate a caching name serveras well as how to dump and clear the cache of the name server.

Practical:

software of choice from packages/pkgsrc

Estimated Time:

20 minutes to set up and operate a caching name server.

3.6.4. Configure a primary DNS server.

Importance: 4.0, Frequency: 2.0, Bloom: K,C,A

Concept:

A primary name server serves information found in a master zone. Names resolved in this fashion are considered authoritative.

BSDP candidates should be able to configure a primary name server that provides authoritative replies from a master zone file.

Practical:

software of choice from packages/pkgsrc

Estimated Time:

20 minutes to set up a primary name server according to a specification.

3.6.5. Configure a secondary DNS server.

Importance: 3.8, Frequency: 1.9, Bloom: K,C,A

Concept:

A secondary DNS server serves data from secondary zones. The secondary name server needs to refresh data from a primary server through a zone transfer of the selected zone.

BSDP candidates should be able to configure a secondary name server. Candidates should also be able to configure the server to refresh zone data from a master server via a zone transfer.

Practical:

software of choice from packages/pkgsrc

Estimated Time:

15 minutes to set up a secondary server according to a specification.

3.6.6. Determine which DNS servers are authoritative for a specified hostname.

Importance: 4.0, Frequency: 2.5, Bloom: K,C,A

Concept:

DNS queries that return IP addresses include data in the reply that indicates whether or not the information returned is considered authoritative for the domain or host requested. Authority is determined by configuration of the zone file for that domain.

BSDP candidates should understand the difference between authoritative and non-authoritative DNS replies. They should be able to retrieve replies for any domain and check the authority of the reply.

Practical:

software of choice from packages/pkgsrc

host(1), dig(1)

Estimated Time:

5 minutes to retrieve a DNS reply, determine its authority, and determine what server(s) are authoritative for a host or domain.

3.6.7. Configure a DNS server to permit or deny zone transfers.

Importance: 3.9, Frequency: 1.8, Bloom: K,C,A

Concept:

Primary name servers can be configured to permit or deny zone transfers from specific hosts or from all hosts.

BSDP candidates should know how to configure a primary name server to permit zone transfers from specific hosts, from any host, or not at all.

Practical:

software of choice from packages/pkgsrc

Estimated Time:

10 minutes to configure a name server to permit zone transfers according to a specification.

3.6.8. Configure a DNS server to provide reverse lookups.

Importance: 3.9, Frequency: 2.0, Bloom: K,C,A

Concept:

DNS servers can be configured to return name information when queried with a PTR resource record containing an IP address. Many applications, such as mail servers, expect this functionality.

BSDP candidates should know how to configure a DNS server for reverse lookups and test that it is able to return a hostname for an IP address.

Practical:

software of choice from packages/pkgsrc

dig(1), host(1)

Estimated Time:

15 minutes to configure a DNS server to provide reverse lookups and test the configuration according to a specification.

122. Configure a DNS server to act as a standalone root server.

Importance: 3.0, Frequency: 1.4, Bloom: K,A

Concept: (examples described using BIND) dru@ removed 08/10 due to low frequency, the edge case scenario that does not occur in most administrator's experience, and amount of other DNS questions dealing with more common scenarios

RFC 1034 describes the hierarchical nature of the DNS name space and specifies the operation of "root" name servers- i.e. those that exist at the top level hierarchy. DNS software usually requires a special configuration to operate as a root name server, and while this is not generally needed in production environments it is often quite useful in test environments.

BSDP candidates should be able to configure their chosen DNS software to operate as a root name server.

Practical:

named(8), named.conf(5), BIND Administrator Reference Manual (ARM), dig(1), named-checkconf(8), named-checkzone(8), rndc(8)

Estimated Time:

15 minutes to configure a name server to operate as a root name server.

3.6.9. Change the order of name resolution.

Importance: 3.5, Frequency: 1.7, Bloom: K,C,A

Concept:

BSD systems can use text files, DNS, a DNS caching daemon, or Network Information Service (NIS) for name resolution. The system administrator can configure the order of these name resolution methods.

BSDP candidates should be able to configure the order of name resolution on their BSD system.

Practical:

DragonFly BSD, FreeBSD, NetBSD: nsswitch.conf(5)

OpenBSD: resolv.conf(5)

Estimated Time:

5 minutes to configure the order of name resolution on a BSD system according to a specification.

3.6.10. Configure an NTP server.

Importance: 3.0, Frequency: 1.5, Bloom: K,A

Concept:

Network Time Protocol (NTP) is capable of synchronizing time across multiple disparate devices. This is useful in environments that require precision timekeeping.

BSDP candidates should have a general understanding of NTP operation and be able to configure a BSD system to operate as an NTP server.

Practical:

software of choice from packages/pkgsrc

FreeBSD: ntpd(8), ntp.conf(5), ntpdate(8), ntpdc(8), ntpq(8)

NetBSD: ntpd(1)

OpenBSD: ntpd(8), ntpd.conf(5)

Estimated Time:

25 minutes to configure and test an NTP server according to a specification.

3.6.11. Install and configure an FTP server.

Importance: 3.6, Frequency: 1.8, Bloom: K,C,A

Concept:

File Transfer Protocol (FTP) enables authenticated users to transfer files between computer systems. An FTP server accepts connection requests from FTP clients and uploads or downloads data according to requests from the client.

BSDP candidates should be able to configure and test an FTP server.

Practical:

software of choice from packages/pkgsrc

ftpd(8), ftp(1), services(5), inetd(8)

DragonFly BSD, FreeBSD: ftpchroot(5)

NetBSD: ftpd.conf(5), ftpusers(5)

OpenBSD: ftp-proxy(8)

Estimated Time:

15 minutes to configure an FTP server according to a specification.

126. Configure Anonymous FTP.

Importance: 3.0, Frequency: 1.5, Bloom: K,A

Concept: dru@ removed 08/10 as covered by previous objective

Anonymous FTP provides the ability to log into an FTP file server and access files without having a dedicated (registered) account. Anonymous FTP makes it possible to set up a file collection that can be accessed by anyone without worrying about userids and passwords.

BSDP candidates should be able to install, configure, test, and operate an anonymous FTP server to provide anonymous access to a collection of files.

Practical:

ftpd(8)

Estimated Time:

20 minutes to install, configure, test, and operate an anonymous FTP server according to a specification.

3.6.12. Configure a Mail Transfer Agent (MTA) to send and receive email.

Importance: 4.1, Frequency: 2.0, Bloom: K,C,A

Concept:

A mail server is one of the most important and widely used components of an organization's IT infrastructure. A system administrator needs to be able to configure an MTA to send and receive email to and from a domain and subdomains, rewrite source addresses, issue custom replies for unknown users, manage mail aliases, and perform other similar technical tasks.

BSDP candidates should know how to configure the MTA of their choice to send and receive email, and verify that the configuration is working correctly.

Practical:

MTA of choice either included with the BSD system or installed from packages/pkgsrc

Estimated Time:

30 minutes to configure an MTA to send and receive email according to a specification.

3.6.13. Manually send an email using SMTP protocol.

Importance: 3.8, Frequency: 2.4, Bloom: K,C,A

Concept:

It is occasionally necessary to test an MTA by manually sending a test email.

BSDP candidates should to be able to connect to an MTA using an ASCII data stream and process a test email. The email should arrive at the assigned destination, which may or may not be on the local system.

Practical:

RFC 821 (updated by RFC 2821)

telnet(1)

DragonFly BSD, FreeBSD, OpenBSD: nc(1)

Estimated Time:

10 minutes to manually connect to an MTA and process an email according to a specification.

3.6.14. Configure MTA for outgoing mail only.

Importance: 3.7, Frequency: 1.9, Bloom: K,A

Concept:

An MTA can be configured to only send email or to relay outgoing mail to another mail server.

BSDP candidates should know how to configure their MTA for outbound only operation, either as a main mail server or a forwarding mail server.

Practical:

MTA of choice either included with the BSD system or installed from packages/pkgsrc

Estimated Time:

15 minutes to configure MTA for outbound only operation according to a specification.

3.6.15. Configure MTA to use SASL.

Importance: 3.4, Frequency: 1.7, Bloom: K,C,A

Concept:

RFC 4422 describes the Simple Authentication and Security Layer (SASL), a framework for adding authentication support to connection-based protocols. When added to an MTA, the mail server will first authenticate users to determine if they are allowed to establish a connection to the mail server.

BSDP candidates should be able to add SASL support to their MTA of choice and confirm that authentication is working properly.

Practical:

MTA of choice either included with the BSD system or installed from packages/pkgsrc

SASL implementation from packages/pkgsrc

Estimated Time:

45 minutes to configure a SASL enabled MTA according to a specification.

3.6.16. Configure MTA to use TLS.

Importance: 3.5, Frequency: 1.7, Bloom: K,C,A

Concept:

RFC 5246 describes how SMTP servers can use Transport Layer Security (TLS) to provide private, authenticated communication over the Internet. TLS enables an MTA to encrypt email communications.

BSDP candidates should be able to add TLS support to their MTA of choice and confirm that mail communications over the network are encrypted.

Practical:

MTA of choice, either included with the BSD system or installed from packages/pkgsrc

software of choice from packages/pkgsrc

tcpdump(1)

Estimated Time:

45 minutes to configure TLS for an MTA according to a specification.

3.6.17. Configure MTA to filter SPAM.

Importance: 4.0, Frequency: 2.2, Bloom: K,C,A

Concept:

BSD administrators should be aware of various options for filtering SPAM. Common requirements include rejecting email from misconfigured systems that violate the SMTP protocol, filtering on keywords, or rejecting email from systems on blacklists.

BSDP candidates should be able to configure their MTA or SPAM filtering utility of choice to reject a SPAM email.

Practical:

software of choice either included with the BSD system or installed from packages/ pkgsrc

Estimated Time:

45 minutes to configure an MTA to reject a SPAM message according to a specification.

3.6.18. Configure MTA to use a virus scanner.

Importance: 3.8, Frequency: 2.0, Bloom: K,C,A

Concept:

BSD system administrators should be aware of the various options for deploying virus detection and removal systems. Common requirements include identifying and filtering email from systems containing attachments of specific file types ("file.exe", "file.pdf", "file.xyz", etc.), accepting email from systems on a sender whitelist even if an attachment contains a virus, and creating sender blacklists for known virus senders.

BSDP candidates should be able to configure an MTA to accept or reject email containing an attachment with a virus.

Practical:

software of choice either included with the BSD system or installed from packages/pkgsrc

Estimated Time:

45 minutes to configure an MTA to reject an email message containing a virus in an attachment according to a specification.

3.6.19. Install and configure an IMAP server.

Importance: 3.7, Frequency: 1.8, Bloom: K,C,A

Concept:

Internet Message Access Protocol (IMAP) is widely used by organizations as it allows users the flexibility of deciding which emails to download and which to store on the mail server.

BSDP candidates should be able to configure and test their IMAP server of choice.

Practical:

software of choice from packages/pkgsrc

Estimated Time:

30 minutes to install, configure, and test an IMAP server according to a specification.

3.6.20. Install and configure a POP3 server.

Importance: 3.6, Frequency: 1.8, Bloom: K,C,A

Concept:

Post Office Protocol version 3 (POP3) is a commonly used protocol for downloading email from a mail server.

BSDP candidates should be able to configure and test their POP3 server of choice.

Practical:

software of choice from packages/pkgsrc

telnet(1)

OpenBSD: popa3d(8)

Estimated Time:

30 minutes to install, configure, and test a POP3 server according to a specification.

3.6.21. Configure an email client to send encrypted emails.

Importance: 3.2, Frequency: 1.8, Bloom: K,A

Concept:

An email client can be configured to automatically send and receive encrypted emails.

BSDP candidates should be able to configure their email client of choice to provide encryption and decryption using PGP, PGPi, GnuPG, or any related encryption solution. Solutions may encompass either symmetric or asymmetric encryption techniques, but should not require manual encryption of individual files.

Practical:

software of choice either included with the BSD system or installed from packages/pkgsrc

Estimated Time:

30 minutes to install, configure, and test an encrypted email solution according to a specification.

3.6.22. Install and configure a webmail server.

Importance: 3.4, Frequency: 1.6, Bloom: K,C,A

Concept:

Webmail provides an easy way to send and receive mail when computer access is limited to a browser-only environment, or when technical requirements disallow the use of standard SMTP protocols for Mail User Agents (MUAs).

BSDP candidates should be able to configure a webmail solution that provides the capability to create, send, receive, and manage email messages.

Practical:

software of choice from packages/pkgsrc

Estimated Time:

45 minutes to install, configure, and test a webmail server according to a specification.

3.6.23. Install and configure a webserver.

Importance: 4.1, Frequency: 2.2, Bloom: K,C,A

Concept:

Web services are a key business requirement for all Internet connected businesses and organizations.

BSDP candidates should be able to configure a webserver that provides the capability to display pages and execute simple scripts.

Practical:

software of choice from packages/pksgrc

NetBSD, OpenBSD: httpd(8)

Estimated Time:

30 minutes to install, configure, and test a webserver according to a specification.

3.6.24. Configure webserver for HTTPS / SSL.

Importance: 4.2, Frequency: 2.1, Bloom: K,C,A

Concept:

Enabling secure communications for web traffic provides businesses with the ability to complete secure transactions over the Internet.

BSDP candidates should be able to install, modify, or configure a webserver to utilize Secure Sockets Layer (SSL) or Transport Layer Security (TLS) encryption for secure communications using an existing certificate.

Practical:

software of choice from packages/pksgrc

openssl(1)

NetBSD, OpenBSD: httpd(8)

Estimated Time:

45 minutes to install, configure, and test an HTTPS connection according to a specification.

140. Install and configure a RADIUS server.

Importance: 2.9, Frequency: 1.5, Bloom:

Concept: BSDCG Note: This objective was removed at the 15/5/10 SME session.

Practical:

Estimated Time:

3.6.25. Enable NFS server and share a local directory for network usage.

Importance: 3.8, Frequency: 2.1, Bloom: K,A

Concept:

Network File System (NFS) provides the capability to access files remotely over a network.

BSDP candidates should be able to configure, test, and operate an NFS server to serve files over a network.

Practical:

mountd(8), nfsd(8), exports(5), mount(8), nfsstat(1)

Estimated Time:

20 minutes to setup, configure, and test an NFS server according to a specification.

3.6.26. Enable and configure NIS service.

Importance: 2.6, Frequency: 1.4, Bloom: K,A

Concept:

Network Information Service (NIS) maintains a centralized directory of user and group information, hostnames, email aliases and configuration files and makes them available to other Unix systems in a network.

BSDP candidates should be able to configure a master NIS server and verify that the data is available to clients within the NIS domain.

Practical:

rc.conf(5), yp(8), ypinit(8), ypserv(8), ypcat(1), ypbind(8)

Estimated Time:

30 minutes to configure a master NIS server and verify its operation according to a specification.

3.6.27. Install and configure an RDBMS.

Importance: 3.6, Frequency: 1.9, Bloom: K,A

Concept:

A Relational Data Base Management System (RDBMS) is used to collect, organize, operate on, and report about collections of information that contain interrelated attributes. Setting up the correct relationships is usually the job of a database administrator. However, system administrators are often required to setup and manage the database server themselves.

BSDP candidates should have a basic understanding of setting up a relational database with one or two tables. Some experience with Structured Query Language (SQL) will be required, though use will be limited to table management, data insertion, and simple data retrieval.

Practical:

software of choice from packages/pkgsrc

Estimated Time:

30 minutes to install, configure, and test an RDBMS according to a specification.

3.6.28. Configure an RDBMS to allow specific logins.

Importance: 3.6, Frequency: 1.9, Bloom: K,A

Concept:

It is often desirable to limit database connections to authorized users.

BSDP candidates should be able to configure a database for non-privileged as well as privileged access. Requirements may include the name and password of the database user and basic security settings such as limiting who can access the database.

Practical:

software of choice from packages/pkgsrc

Estimated Time:

15 minutes to configure a database to allow logins according to a specification.