110 Security KT Flashcards

1
Q

110.1 Perform security administration tasks

A

The following is a partial list of the used files, terms and utilities:

find
passwd
fuser
lsof
nmap
chage
netstat
sudo
/etc/sudoers
su
usermod
ulimit
who, w, last
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

find

A

Command: GNU find searches the directory tree rooted at each given starting-point by evaluating the given expression from left to right, according to the rules of precedence until the outcome is known, at which point find moves on to the next file name.

find [-H] [-L] [-P] [-D debugopts] [-Olevel] [starting-point…] [expression]

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

passwd

A

Command: The passwd command changes passwords for user accounts. A normal user may only change the password for his/her own account, while the superuser may change the password for any account.

passwd [options] [LOGIN]

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

fuser

A

Command: fuser displays the PIDs of processes using the specified files or file systems.

fuser [-fuv] [-a|-s] [-4|-6] [-c|-m|-n space] [ -k [-i] [-M] [-w] [-SIGNAL] ] name …

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

lsof

A

Command: lsof revision 4.91 lists on its standard output file information about files opened by processes.

lsof [ -?abChlnNOPRtUvVX ] [ -A A ] [ -c c ] [ +c c ] [ +|-d d ] [ +|-D D ] [ +|-e s ] [ +|-E ] [ +|-f [cfgGn] ] [ -F [f] ] [ -g [s] ]
[ -i [i] ] [ -k k ] [ -K k ] [ +|-L [l] ] [ +|-m m ] [ +|-M ] [ -o [o] ]
[ -p s ] [ +|-r [t[m]] ] [ -s [p:s] ] [ -S [t] ] [ -T [t] ] [ -u s ]
[ +|-w ] [ -x [fl] ] [ -z [z] ] [ -Z [Z] ] [ – ] [names]

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

nmap

A

Command: Nmap (“Network Mapper”) is an open source tool for network exploration and security auditing.

nmap [Scan Type…] [Options] {target specification}

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

chage

A

Command: The chage command changes the number of days between password changes and the date of the last password change.

chage [options] [LOGIN]

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

netstat

A

Command: Netstat prints information about the Linux networking subsystem. The type of information printed is controlled by the first argument.

netstat [address_family_options] [–tcp|-t] [–udp|-u] [–udplite|-U] [–sctp|-S] [–raw|-w] [–l2cap|-2] [–rfcomm|-f] [–listening|-l] [–all|-a] [–numeric|-n] [–numeric-hosts] [–numeric-ports] [–numeric-users] [–symbolic|-N] [–extend|-e[–extend|-e]] [–timers|-o] [–program|-p] [–verbose|-v] [–continuous|-c] [–wide|-W]

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

sudo

A

Command: sudo allows a permitted user to execute a command as the superuser or another user, as specified by the security policy.

sudo [-AbEHnPS] [-C num] [-g group] [-h host] [-p prompt] [-r role] [-t type] [-T timeout] [-u user] [VAR=value] [-i | -s] [command]

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

/etc/sudoers

A

The /etc/sudoers file controls who can run what commands as what users on what machines and can also control special things such as whether you need a password for particular commands.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

su

A

Command: su allows to run commands with a substitute user and group ID.

su [options] [-] [user [argument…]]

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

usermod

A

Command: The usermod command modifies the system account files to reflect the changes that are specified on the command line.

usermod [options] LOGIN

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

ulimit

A

Command: The ulimit utility sets or reports the file-size writing limit imposed on files written by the shell and its child processes (files of any size may be read).

/usr/bin/ulimit [-f] [blocks]
ulimit [-[HS][c|d|f|n|s|t|v]] limit

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

who, w, last

A

who: Print information about users who are currently logged in.

who [OPTION]… [ FILE | ARG1 ARG2 ]

w: w displays information about the users currently on the machine, and their processes.

w [options] user […]

last: last searches back through the /var/log/wtmp file (or the file designated by the -f option) and displays a list of all users logged in (and out) since that file was created.

last [options] [username…] [tty…]

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

110.2 Setup host security

A

The following is a partial list of the used files, terms and utilities:

/etc/nologin
/etc/passwd
/etc/shadow
/etc/xinetd.d/
/etc/xinetd.conf
systemd.socket
/etc/inittab
/etc/init.d/
/etc/hosts.allow
/etc/hosts.deny
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

/etc/nologin

A

The file /etc/nologin.txt exists to support the nologin command/utility. The /etc/nologin.txt will displays its contents to the user instead of the default message.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

/etc/passwd

A

/etc/passwd is a text file that contains the attributes of each user or account on a computer running Linux or another Unix-like operating system.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

/etc/shadow

A

The /etc/shadow file stores actual password in encrypted format (more like the hash of the password) for user’s account with additional properties related to user password.

19
Q

/etc/xinetd.d/

A

The /etc/xinetd.d/ directory contains the configuration files for each service managed by xinetd and the names of the files correlate to the service.

20
Q

/etc/xinetd.conf

A

xinetd.conf is the configuration file that determines the services provided by xinetd.

21
Q

systemd.socket

A

A unit configuration file whose name ends in “.socket” encodes information about an IPC or network socket or a file system FIFO controlled and supervised by systemd, for socket-based activation.

22
Q

/etc/inittab

A

The /etc/inittab file is the configuration file used by the System V (SysV) initialization system in Linux. This file defines three items for the init process.

23
Q

/etc/init.d/

A

The init.d directory contains a number of start/stop scripts for various services on your system.

24
Q

/etc/hosts.allow

A

The /etc/hosts.allow file helps control which hosts can access its system. Access will be granted when a (daemon,client) pair matches an entry in the /etc/hosts.allow file.

25
Q

/etc/hosts.deny

A

The /etc/hosts.allow file helps control which hosts can access its system. Access will be denied when a (daemon,client) pair matches an entry in the /etc/hosts.deny file.

26
Q

110.3 Securing data with encryption

A

The following is a partial list of the used files, terms and utilities:

ssh
ssh-keygen
ssh-agent
ssh-add
~/.ssh/id_rsa and id_rsa.pub
~/.ssh/id_dsa and id_dsa.pub
~/.ssh/id_ecdsa and id_ecdsa.pub
~/.ssh/id_ed25519 and id_ed25519.pub
/etc/ssh/ssh_host_rsa_key and ssh_host_rsa_key.pub
/etc/ssh/ssh_host_dsa_key and ssh_host_dsa_key.pub
/etc/ssh/ssh_host_ecdsa_key and ssh_host_ecdsa_key.pub
/etc/ssh/ssh_host_ed25519_key and ssh_host_ed25519_key.pub
~/.ssh/authorized_keys
ssh_known_hosts
gpg
gpg-agent
~/.gnupg/
27
Q

ssh

A

Command: ssh (SSH client) is a program for logging into a remote machine and for executing commands on a remote machine.

ssh [-46AaCfGgKkMNnqsTtVvXxYy] [-B bind_interface]
[-b bind_address] [-c cipher_spec] [-D [bind_address:]port] [-E log_file] [-e escape_char] [-F configfile] [-I pkcs11]
[-i identity_file] [-J destination] [-L address] [-l login_name] [-m mac_spec] [-O ctl_cmd] [-o option] [-p port]
[-Q query_option] [-R address] [-S ctl_path] [-W host:port]
[-w local_tun[:remote_tun]] destination [command]

28
Q

ssh-keygen

A

Command: ssh-keygen generates, manages and converts authentication keys for ssh(1).

ssh-keygen [-q] [-b bits] [-t dsa | ecdsa | ed25519 | rsa]
[-N new_passphrase] [-C comment] [-f output_keyfile]

29
Q

ssh-agent

A

Command: ssh-agent is a program to hold private keys used for public key authentication (RSA, DSA, ECDSA, Ed25519).

ssh-agent [-c | -s] [-Dd] [-a bind_address]
[-E fingerprint_hash] [-P pkcs11_whitelist] [-t life] [command [arg …]]

30
Q

ssh-add

A

Command: ssh-add adds private key identities to the authentication agent, ssh-agent(1).

ssh-add [-cDdkLlqXx] [-E fingerprint_hash] [-t life] [file …]

31
Q

~/.ssh/id_rsa and id_rsa.pub

A

~/.ssh/id_rsa
Contains the DSA, ECDSA, Ed25519 or RSA authentication identity of the user. This file should not be readable by anyone but the user. It is possible to specify a passphrase when generating the key; that passphrase will be used to encrypt the private part of this file using 128-bit AES.

id_rsa.pub
Contains the public key for authentication. These files are not sensitive and can (but need not) be readable by anyone.

32
Q

~/.ssh/id_dsa and id_dsa.pub

A

~/.ssh/id_dsa
Contains the DSA, ECDSA, Ed25519 or RSA authentication identity of the user. This file should not be readable by anyone but the user. It is possible to specify a passphrase when generating the key; that passphrase will be used to encrypt the private part of this file using 128-bit AES.

id_dsa.pub
Contains the public key for authentication. These files are not sensitive and can (but need not) be readable by anyone.

33
Q

~/.ssh/id_ecdsa and id_ecdsa.pub

A

~/.ssh/id_ecdsa
Contains the DSA, ECDSA, Ed25519 or RSA authentication identity of the user. This file should not be readable by anyone but the user. It is possible to specify a passphrase when generating the key; that passphrase will be used to encrypt the private part of this file using 128-bit AES.

id_ecdsa.pub
Contains the public key for authentication. These files are not sensitive and can (but need not) be readable by anyone.

34
Q

~/.ssh/id_ed25519 and id_ed25519.pub

A

~/.ssh/id_ed25519
Contains the DSA, ECDSA, Ed25519 or RSA authentication identity of the user. This file should not be readable by anyone but the user. It is possible to specify a passphrase when generating the key; that passphrase will be used to encrypt the private part of this file using 128-bit AES.

id_ed25519.pub
Contains the public key for authentication. These files are not sensitive and can (but need not) be readable by anyone.

35
Q

/etc/ssh/ssh_host_rsa_key and ssh_host_rsa_key.pub

A

/etc/ssh/ssh_host_rsa_key
These files contain the private parts of the host keys and are used for host-based authentication.

ssh_host_rsa_key.pub
Contains the public part of the key used for host-based authentication.

36
Q

/etc/ssh/ssh_host_dsa_key and ssh_host_dsa_key.pub

A

/etc/ssh/ssh_host_dsa_key
These files contain the private parts of the host keys and are used for host-based authentication.

ssh_host_dsa_key.pub
Contains the public part of the key used for host-based authentication.

37
Q

/etc/ssh/ssh_host_ecdsa_key and ssh_host_ecdsa_key.pub

A

/etc/ssh/ssh_host_ecdsa_key
These files contain the private parts of the host keys and are used for host-based authentication.

ssh_host_ecdsa_key.pub
Contains the public part of the key used for host-based authentication.

38
Q

/etc/ssh/ssh_host_ed25519_key and ssh_host_ed25519_key.pub

A

/etc/ssh/ssh_host_ed25519_key
These files contain the private parts of the host keys and are used for host-based authentication.

ssh_host_ed25519_key.pub
Contains the public part of the key used for host-based authentication.

39
Q

~/.ssh/authorized_keys

A

Lists the public keys (DSA, ECDSA, Ed25519, RSA) that can be used for logging in as this user. The format of this file is described in the sshd(8) manual page. This file is not highly sensitive, but the recommended permissions are read/write for the user, and not accessible by others.

40
Q

ssh_known_hosts

A

Systemwide list of known host keys. This file should be prepared by the system administrator to contain the public host keys of all machines in the organization. It should be world-readable. See sshd(8) for further details of the format of this file.

41
Q

gpg

A

Command: gpg is the OpenPGP part of the GNU Privacy Guard (GnuPG). It is a tool to provide digital encryption and signing services using the OpenPGP standard.

gpg [–homedir dir] [–options file] [options] command [args]

42
Q

gpg-agent

A

Command: gpg-agent is a daemon to manage secret (private) keys independently from any protocol. It is used as a backend for gpg and gpgsm as well as for a couple of other utilities.

gpg-agent [–homedir dir] [–options file] [options

43
Q

~/.gnupg/

A

This is the default home directory which is used if neither the environment variable GNUPGHOME nor the option –homedir is given.