110 Security KT

Question 1

110.1 Perform security administration tasks

Answer 1

The following is a partial list of the used files, terms and utilities:

find
passwd
fuser
lsof
nmap
chage
netstat
sudo
/etc/sudoers
su
usermod
ulimit
who, w, last

Question 2

find

Answer 2

Command: GNU find searches the directory tree rooted at each given starting-point by evaluating the given expression from left to right, according to the rules of precedence until the outcome is known, at which point find moves on to the next file name.

find [-H] [-L] [-P] [-D debugopts] [-Olevel] [starting-point…] [expression]

Question 3

passwd

Answer 3

Command: The passwd command changes passwords for user accounts. A normal user may only change the password for his/her own account, while the superuser may change the password for any account.

passwd [options] [LOGIN]

Question 4

fuser

Answer 4

Command: fuser displays the PIDs of processes using the specified files or file systems.

fuser [-fuv] [-a|-s] [-4|-6] [-c|-m|-n space] [ -k [-i] [-M] [-w] [-SIGNAL] ] name …

Question 5

lsof

Answer 5

Command: lsof revision 4.91 lists on its standard output file information about files opened by processes.

lsof [ -?abChlnNOPRtUvVX ] [ -A A ] [ -c c ] [ +c c ] [ +|-d d ] [ +|-D D ] [ +|-e s ] [ +|-E ] [ +|-f [cfgGn] ] [ -F [f] ] [ -g [s] ]
[ -i [i] ] [ -k k ] [ -K k ] [ +|-L [l] ] [ +|-m m ] [ +|-M ] [ -o [o] ]
[ -p s ] [ +|-r [t[m]] ] [ -s [p:s] ] [ -S [t] ] [ -T [t] ] [ -u s ]
[ +|-w ] [ -x [fl] ] [ -z [z] ] [ -Z [Z] ] [ – ] [names]

Question 6

nmap

Answer 6

Command: Nmap (“Network Mapper”) is an open source tool for network exploration and security auditing.

nmap [Scan Type…] [Options] {target specification}

Question 7

chage

Answer 7

Command: The chage command changes the number of days between password changes and the date of the last password change.

chage [options] [LOGIN]

Question 8

netstat

Answer 8

Command: Netstat prints information about the Linux networking subsystem. The type of information printed is controlled by the first argument.

netstat [address_family_options] [–tcp|-t] [–udp|-u] [–udplite|-U] [–sctp|-S] [–raw|-w] [–l2cap|-2] [–rfcomm|-f] [–listening|-l] [–all|-a] [–numeric|-n] [–numeric-hosts] [–numeric-ports] [–numeric-users] [–symbolic|-N] [–extend|-e[–extend|-e]] [–timers|-o] [–program|-p] [–verbose|-v] [–continuous|-c] [–wide|-W]

Question 9

sudo

Answer 9

Command: sudo allows a permitted user to execute a command as the superuser or another user, as specified by the security policy.

sudo [-AbEHnPS] [-C num] [-g group] [-h host] [-p prompt] [-r role] [-t type] [-T timeout] [-u user] [VAR=value] [-i | -s] [command]

Question 10

/etc/sudoers

Answer 10

The /etc/sudoers file controls who can run what commands as what users on what machines and can also control special things such as whether you need a password for particular commands.

Question 11

su

Answer 11

Command: su allows to run commands with a substitute user and group ID.

su [options] [-] [user [argument…]]

Question 12

usermod

Answer 12

Command: The usermod command modifies the system account files to reflect the changes that are specified on the command line.

usermod [options] LOGIN

Question 13

ulimit

Answer 13

Command: The ulimit utility sets or reports the file-size writing limit imposed on files written by the shell and its child processes (files of any size may be read).

/usr/bin/ulimit [-f] [blocks]
ulimit [-[HS][c|d|f|n|s|t|v]] limit

Question 14

who, w, last

Answer 14

who: Print information about users who are currently logged in.

who [OPTION]… [ FILE | ARG1 ARG2 ]

w: w displays information about the users currently on the machine, and their processes.

w [options] user […]

last: last searches back through the /var/log/wtmp file (or the file designated by the -f option) and displays a list of all users logged in (and out) since that file was created.

last [options] [username…] [tty…]

Question 15

110.2 Setup host security

Answer 15

The following is a partial list of the used files, terms and utilities:

/etc/nologin
/etc/passwd
/etc/shadow
/etc/xinetd.d/
/etc/xinetd.conf
systemd.socket
/etc/inittab
/etc/init.d/
/etc/hosts.allow
/etc/hosts.deny

Question 16

/etc/nologin

Answer 16

The file /etc/nologin.txt exists to support the nologin command/utility. The /etc/nologin.txt will displays its contents to the user instead of the default message.

Question 17

/etc/passwd

Answer 17

/etc/passwd is a text file that contains the attributes of each user or account on a computer running Linux or another Unix-like operating system.

Question 18

/etc/shadow

Answer 18

The /etc/shadow file stores actual password in encrypted format (more like the hash of the password) for user’s account with additional properties related to user password.

Question 19

/etc/xinetd.d/

Answer 19

The /etc/xinetd.d/ directory contains the configuration files for each service managed by xinetd and the names of the files correlate to the service.

Question 20

/etc/xinetd.conf

Answer 20

xinetd.conf is the configuration file that determines the services provided by xinetd.

Question 21

systemd.socket

Answer 21

A unit configuration file whose name ends in “.socket” encodes information about an IPC or network socket or a file system FIFO controlled and supervised by systemd, for socket-based activation.

Question 22

/etc/inittab

Answer 22

The /etc/inittab file is the configuration file used by the System V (SysV) initialization system in Linux. This file defines three items for the init process.

Question 23

/etc/init.d/

Answer 23

The init.d directory contains a number of start/stop scripts for various services on your system.

Question 24

/etc/hosts.allow

Answer 24

The /etc/hosts.allow file helps control which hosts can access its system. Access will be granted when a (daemon,client) pair matches an entry in the /etc/hosts.allow file.

Question 25

/etc/hosts.deny

Answer 25

The /etc/hosts.allow file helps control which hosts can access its system. Access will be denied when a (daemon,client) pair matches an entry in the /etc/hosts.deny file.

Question 26

110.3 Securing data with encryption

Answer 26

The following is a partial list of the used files, terms and utilities:

ssh
ssh-keygen
ssh-agent
ssh-add
~/.ssh/id_rsa and id_rsa.pub
~/.ssh/id_dsa and id_dsa.pub
~/.ssh/id_ecdsa and id_ecdsa.pub
~/.ssh/id_ed25519 and id_ed25519.pub
/etc/ssh/ssh_host_rsa_key and ssh_host_rsa_key.pub
/etc/ssh/ssh_host_dsa_key and ssh_host_dsa_key.pub
/etc/ssh/ssh_host_ecdsa_key and ssh_host_ecdsa_key.pub
/etc/ssh/ssh_host_ed25519_key and ssh_host_ed25519_key.pub
~/.ssh/authorized_keys
ssh_known_hosts
gpg
gpg-agent
~/.gnupg/

Question 27

ssh

Answer 27

Command: ssh (SSH client) is a program for logging into a remote machine and for executing commands on a remote machine.

ssh [-46AaCfGgKkMNnqsTtVvXxYy] [-B bind_interface]
[-b bind_address] [-c cipher_spec] [-D [bind_address:]port] [-E log_file] [-e escape_char] [-F configfile] [-I pkcs11]
[-i identity_file] [-J destination] [-L address] [-l login_name] [-m mac_spec] [-O ctl_cmd] [-o option] [-p port]
[-Q query_option] [-R address] [-S ctl_path] [-W host:port]
[-w local_tun[:remote_tun]] destination [command]

Question 28

ssh-keygen

Answer 28

Command: ssh-keygen generates, manages and converts authentication keys for ssh(1).

ssh-keygen [-q] [-b bits] [-t dsa | ecdsa | ed25519 | rsa]
[-N new_passphrase] [-C comment] [-f output_keyfile]

Question 29

ssh-agent

Answer 29

Command: ssh-agent is a program to hold private keys used for public key authentication (RSA, DSA, ECDSA, Ed25519).

ssh-agent [-c | -s] [-Dd] [-a bind_address]
[-E fingerprint_hash] [-P pkcs11_whitelist] [-t life] [command [arg …]]

Question 30

ssh-add

Answer 30

Command: ssh-add adds private key identities to the authentication agent, ssh-agent(1).

ssh-add [-cDdkLlqXx] [-E fingerprint_hash] [-t life] [file …]

Question 31

~/.ssh/id_rsa and id_rsa.pub

Answer 31

~/.ssh/id_rsa
Contains the DSA, ECDSA, Ed25519 or RSA authentication identity of the user. This file should not be readable by anyone but the user. It is possible to specify a passphrase when generating the key; that passphrase will be used to encrypt the private part of this file using 128-bit AES.

id_rsa.pub
Contains the public key for authentication. These files are not sensitive and can (but need not) be readable by anyone.

Question 32

~/.ssh/id_dsa and id_dsa.pub

Answer 32

~/.ssh/id_dsa
Contains the DSA, ECDSA, Ed25519 or RSA authentication identity of the user. This file should not be readable by anyone but the user. It is possible to specify a passphrase when generating the key; that passphrase will be used to encrypt the private part of this file using 128-bit AES.

id_dsa.pub
Contains the public key for authentication. These files are not sensitive and can (but need not) be readable by anyone.

Question 33

~/.ssh/id_ecdsa and id_ecdsa.pub

Answer 33

~/.ssh/id_ecdsa
Contains the DSA, ECDSA, Ed25519 or RSA authentication identity of the user. This file should not be readable by anyone but the user. It is possible to specify a passphrase when generating the key; that passphrase will be used to encrypt the private part of this file using 128-bit AES.

id_ecdsa.pub
Contains the public key for authentication. These files are not sensitive and can (but need not) be readable by anyone.

Question 34

~/.ssh/id_ed25519 and id_ed25519.pub

Answer 34

~/.ssh/id_ed25519
Contains the DSA, ECDSA, Ed25519 or RSA authentication identity of the user. This file should not be readable by anyone but the user. It is possible to specify a passphrase when generating the key; that passphrase will be used to encrypt the private part of this file using 128-bit AES.

id_ed25519.pub
Contains the public key for authentication. These files are not sensitive and can (but need not) be readable by anyone.

Question 35

/etc/ssh/ssh_host_rsa_key and ssh_host_rsa_key.pub

Answer 35

/etc/ssh/ssh_host_rsa_key
These files contain the private parts of the host keys and are used for host-based authentication.

ssh_host_rsa_key.pub
Contains the public part of the key used for host-based authentication.

Question 36

/etc/ssh/ssh_host_dsa_key and ssh_host_dsa_key.pub

Answer 36

/etc/ssh/ssh_host_dsa_key
These files contain the private parts of the host keys and are used for host-based authentication.

ssh_host_dsa_key.pub
Contains the public part of the key used for host-based authentication.

Question 37

/etc/ssh/ssh_host_ecdsa_key and ssh_host_ecdsa_key.pub

Answer 37

/etc/ssh/ssh_host_ecdsa_key
These files contain the private parts of the host keys and are used for host-based authentication.

ssh_host_ecdsa_key.pub
Contains the public part of the key used for host-based authentication.

Question 38

/etc/ssh/ssh_host_ed25519_key and ssh_host_ed25519_key.pub

Answer 38

/etc/ssh/ssh_host_ed25519_key
These files contain the private parts of the host keys and are used for host-based authentication.

ssh_host_ed25519_key.pub
Contains the public part of the key used for host-based authentication.

Question 39

~/.ssh/authorized_keys

Answer 39

Lists the public keys (DSA, ECDSA, Ed25519, RSA) that can be used for logging in as this user. The format of this file is described in the sshd(8) manual page. This file is not highly sensitive, but the recommended permissions are read/write for the user, and not accessible by others.

Question 40

ssh_known_hosts

Answer 40

Systemwide list of known host keys. This file should be prepared by the system administrator to contain the public host keys of all machines in the organization. It should be world-readable. See sshd(8) for further details of the format of this file.

Question 41

gpg

Answer 41

Command: gpg is the OpenPGP part of the GNU Privacy Guard (GnuPG). It is a tool to provide digital encryption and signing services using the OpenPGP standard.

gpg [–homedir dir] [–options file] [options] command [args]

Question 42

gpg-agent

Answer 42

Command: gpg-agent is a daemon to manage secret (private) keys independently from any protocol. It is used as a backend for gpg and gpgsm as well as for a couple of other utilities.

gpg-agent [–homedir dir] [–options file] [options

Question 43

~/.gnupg/

Answer 43

This is the default home directory which is used if neither the environment variable GNUPGHOME nor the option –homedir is given.