09 Security Fundamentals

Question 1

T/F The user’s password is stored in /etc/passwd

Answer 1

False

Question 2

In which file is the primary group for a user stored?

Answer 2

/etc/passwd

Question 3

What is the default intrusion detection package called?

Answer 3

AIDE Advanced Intrusion Detection Environment

Question 4

What do the file’s permissions or modes represented by three octal digits 755 mean?

Answer 4

Readable, writable and executable by the file’s owner. Readable and executable by the group and all others

Question 5

if you need to make it so the account bob can use sudo, what file must you access?

Answer 5

/etc/sudoers.d/bob

Question 6

what command is used to list and modify password aging values

Answer 6

chage

Question 7

What is OpenSSl

Answer 7

A software library that provides encryption for applications in order to secure network communications

Question 8

What is a network firewall

Answer 8

An entity that checks packet headers against a set of rules configured by the administrator

Question 9

What would the content of the file for user student in the sudoers directory look like? Given all sudo permissions.

Answer 9

student ALL=(ALL:ALL) ALL

Question 10

How many fields does an entry for a user in the /etc/passwd file have? And what are they?

Answer 10

7: username, password (an x, the pw is in shadow), user ID, Group ID, comment, home directory, default shell

Question 11

how many fields are there for each entry in the /etc/shadow file and what are they?

Answer 11

9: username, encrypted password, last changed, min/max password age, password warning period, password inactivity period, account expiration date, and one reserved field for potential future use

Question 12

what are the 7 types of files that can be represented in the metadata?

Answer 12

”-“ regular file
“d” directory entry
“l” soft link
“c” character device
“b” block device
“p” named pipe
“s” socket

Question 13

What is an ACL

Answer 13

Access Control List, list of permissions associated with the file. Allows more than one user or group per file.

Question 14

What is SELinux?

Answer 14

Security Enhanced Linux, finer grained access control. If something is not explicitly allowed the action is denied

Question 15

What is AppArmor?

Answer 15

Linux kernel security module that lets sysadmins control a program’s capabilities and use of resources

Question 16

What is GPG?

Answer 16

GNU Privacy Guard. Create keys, prepare keys for exchange with others, and manage keys.

Question 17

What utility is often used to encrypt filesystems?

Answer 17

cryptsetup, often used on partitions

Question 18

What are some applications that utilize OpenSSL?

Answer 18

https, ssh, OpenSSH, and postfix

Question 19

What is the linux firewall and what are it’s two most common types?

Answer 19

Netfilter, two types are iptables and nftables. iptables is the older more simpler one, nftables is more advanced and flexible

Question 20

in packet filtering, what does a INVALID state mean?

Answer 20

packet is associated with no known connection

Question 21

in packet filtering, what does an ESTABLISHED state mean?

Answer 21

packet is associated with a connection that has seen packets in both directions

Question 22

in packet filtering, what does a NEW state mean?

Answer 22

packet has started a new connection

Question 23

in packet filtering, what does a RELATED state mean?

Answer 23

packet is starting a new connection but is associated with an existing connection

Question 24

when packet filtering, what are some of the details given by a packet’s context

Answer 24

IP address and port destination
IP address and port source
Timer for idle connections
Packet length
TCP sequence
Packet fragmentation

Question 25

Name the 5 IDS described by this course, besides AIDE

Answer 25

SELinux
Open Source Tripwire
Fail2ban
OSSEC
Snort