110.1 Perform Security Administration Tasks

Question 1

Gain privileges for user bob, load bob’s home directory and environment variables.

Answer 1

su - bob

Question 2

Executes a command as user moo and immediately returns to your user account.

Answer 2

su -c some_command moo

Question 3

Shows who is logged on and what they are doing.

Answer 3

w

Question 4

Shows who is currently logged in.

Answer 4

who

Question 5

Shows the history of user login and logout along with the time and date.

Answer 5

last

Question 6

Scan all devices on the 192.168.1.0 network for open ports, timing 5 seconds.

Answer 6

nmap -T5 192.168.1.0/24

Question 7

Scan all hosts on 192.168.1.0 network for ports 1-12345, treat all hosts as online to avoid ICMP (ping).

Answer 7

nmap -Pn -p1-12345 192.168.1.0/24

Question 8

Scan all devices on the 192.168.1.0 network and determine the operating systems for each host.

Answer 8

sudo nmap -O 192.168.1.0/24

Question 9

Show protocol statistics for IP, TCP, UDP, ICMP.

Answer 9

netstat -s

Question 10

Show the routing table.

Answer 10

netstat -r

Question 11

Show all ports on the network in numeric format.

Answer 11

netstat -na

Question 12

Show only listening sockets in numeric format.

Answer 12

netstat -nl

Question 13

Find out which process is using port 33737/tcp, verbose.

Answer 13

fuser -v -n tcp 33737

Question 14

List open files for device sda3, like a USB flash drive needing to be unmounted.

Answer 14

lsof | grep ‘/dev/sda3’

Question 15

List processes listening on port 23.

Answer 15

lsof -i :23

Question 16

Kills all processes using the Data file system or folder so that it can be unmounted.

Answer 16

fuser -km Data

Question 17

Find files owned by root under / with mounted filesystems excluded and suid or sgid bit set.

Answer 17

find / -xdev -user root ( -perm -4000 -o -perm -2000 )

find / -xdev -user root ( -perm /u=s -o -perm /g=s )

Question 18

Find files in home directory modified in the last 24 hours (last access time / 24 with remainder < 24).

Answer 18

find $HOME -mtime 0

Question 19

Find files in home directory modified in the last 24 hours, exclude hidden files and directories.

Answer 19

find $HOME ( ! -regex ‘./..’ ) -mtime 0

Question 20

Where is the EDITOR environment variable set?

Answer 20

~/.bashrc

Question 21

Sets the max amount of virtual memory available to the shell.

Answer 21

ulimit -v

Question 22

View the user hard limit for the max number of open files.

Answer 22

ulimit -Hn

Question 23

Prevent application crashes from creating core dumps.

Answer 23

ulimit -c 0

Question 24

List all user limits.

Answer 24

ulimit -a

Question 25

Set user CPU limits.

Answer 25

ulimit -t

Question 26

Change login name for user moo to zoo.

Answer 26

usermod -l zoo moo

Question 27

Set the day the password was last changed so user moo will be prompted to enter a new password on login.

Answer 27

chage -d 0 moo

Question 28

List password info for user moo.

Answer 28

chage -l moo

Question 29

Expire user moo’s password and force them to change it on next login.

Answer 29

passwd -e moo

Question 30

show the password status for all users.

Answer 30

passwd -a -S

Question 31

Delete moo’s password thus disabling moo’s ability to log in.

Answer 31

passwd -d moo

Question 32

Unlock moo’s account.

Answer 32

passwd -u moo

usermod -U moo

Question 33

Lock moo’s account.

Answer 33

passwd -l moo

usermod -L moo

Question 34

Change password for user moo.

Answer 34

sudo passwd moo

Question 35

Command used to audit the system including suid system calls and the /etc/audit/audit.rules log file.

Answer 35

auditd

Question 36

Sets the memory usage limit on your system.

Answer 36

setrlimit

Question 37

Gets the memory usage limit on your system.

Answer 37

getrlimit

Question 38

The file that overrides the limits.conf file.

Answer 38

limits.d

Question 39

Full path to the file that contains the config info for sudo, modified with visudo.

Answer 39

/etc/sudoers

Question 40

Full path to file that if changed requires restarting auditd service, and the command to perform the restart.

Answer 40

/etc/audit/audit.rules
service auditd restart
systemctl restart auditd

Question 41

Find files in /usr/bin with suid set.

Answer 41

find /usr/bin -perm -u+s
find /usr/bin -perm -4000
find /usr/bin -perm /u=s

Question 42

Permissions when sgid is set on a file.

Answer 42

Permissions of the set group rather than permissions of the current user’s group.

Question 43

su stands for what?

Answer 43

substitute user

Question 44

Add new user moo and create their home directory.

Answer 44

useradd -m moo

Question 45

Clear any credentials for yourself.

Answer 45

sudo -k

Question 46

Give regular user moo permission to run useradd and passwd commands but not to change the root user’s password.

Answer 46

sudo visudo

moo ALL=(root) /usr/sbin/useradd, /etc/passwd, !/etc/passwd root

Question 47

Add moo to the sudo secondary group.

Answer 47

usermod -G 27 moo

Question 48

View permissions for user moo.

Answer 48

id moo

Question 49

Temporarily increase the number of open files limit for your user account to 2048.

Answer 49

ulimit -n 2048

Display open file limit:
ulimit -n
2048

Question 50

Full path to limits.conf file.

Answer 50

/etc/security/limits.conf

Question 51

Find files in /usr/bin with sgid set.

Answer 51

find /usr/bin -perm -g+s
find /usr/bin -perm -2000
find /usr/bin -perm /g=s