110.1 Perform Security Administration Tasks Flashcards
Gain privileges for user bob, load bob’s home directory and environment variables.
su - bob
Executes a command as user moo and immediately returns to your user account.
su -c some_command moo
Shows who is logged on and what they are doing.
w
Shows who is currently logged in.
who
Shows the history of user login and logout along with the time and date.
last
Scan all devices on the 192.168.1.0 network for open ports, timing 5 seconds.
nmap -T5 192.168.1.0/24
Scan all hosts on 192.168.1.0 network for ports 1-12345, treat all hosts as online to avoid ICMP (ping).
nmap -Pn -p1-12345 192.168.1.0/24
Scan all devices on the 192.168.1.0 network and determine the operating systems for each host.
sudo nmap -O 192.168.1.0/24
Show protocol statistics for IP, TCP, UDP, ICMP.
netstat -s
Show the routing table.
netstat -r
Show all ports on the network in numeric format.
netstat -na
Show only listening sockets in numeric format.
netstat -nl
Find out which process is using port 33737/tcp, verbose.
fuser -v -n tcp 33737
List open files for device sda3, like a USB flash drive needing to be unmounted.
lsof | grep ‘/dev/sda3’
List processes listening on port 23.
lsof -i :23
Kills all processes using the Data file system or folder so that it can be unmounted.
fuser -km Data
Find files owned by root under / with mounted filesystems excluded and suid or sgid bit set.
find / -xdev -user root ( -perm -4000 -o -perm -2000 )
find / -xdev -user root ( -perm /u=s -o -perm /g=s )
Find files in home directory modified in the last 24 hours (last access time / 24 with remainder < 24).
find $HOME -mtime 0
Find files in home directory modified in the last 24 hours, exclude hidden files and directories.
find $HOME ( ! -regex ‘./..’ ) -mtime 0
Where is the EDITOR environment variable set?
~/.bashrc
Sets the max amount of virtual memory available to the shell.
ulimit -v
View the user hard limit for the max number of open files.
ulimit -Hn
Prevent application crashes from creating core dumps.
ulimit -c 0
List all user limits.
ulimit -a
Set user CPU limits.
ulimit -t
Change login name for user moo to zoo.
usermod -l zoo moo
Set the day the password was last changed so user moo will be prompted to enter a new password on login.
chage -d 0 moo
List password info for user moo.
chage -l moo
Expire user moo’s password and force them to change it on next login.
passwd -e moo
show the password status for all users.
passwd -a -S
Delete moo’s password thus disabling moo’s ability to log in.
passwd -d moo
Unlock moo’s account.
passwd -u moo
usermod -U moo
Lock moo’s account.
passwd -l moo
usermod -L moo
Change password for user moo.
sudo passwd moo
Command used to audit the system including suid system calls and the /etc/audit/audit.rules log file.
auditd
Sets the memory usage limit on your system.
setrlimit
Gets the memory usage limit on your system.
getrlimit
The file that overrides the limits.conf file.
limits.d
Full path to the file that contains the config info for sudo, modified with visudo.
/etc/sudoers
Full path to file that if changed requires restarting auditd service, and the command to perform the restart.
/etc/audit/audit.rules
service auditd restart
systemctl restart auditd
Find files in /usr/bin with suid set.
find /usr/bin -perm -u+s
find /usr/bin -perm -4000
find /usr/bin -perm /u=s
Permissions when sgid is set on a file.
Permissions of the set group rather than permissions of the current user’s group.
su stands for what?
substitute user
Add new user moo and create their home directory.
useradd -m moo
Clear any credentials for yourself.
sudo -k
Give regular user moo permission to run useradd and passwd commands but not to change the root user’s password.
sudo visudo
moo ALL=(root) /usr/sbin/useradd, /etc/passwd, !/etc/passwd root
Add moo to the sudo secondary group.
usermod -G 27 moo
View permissions for user moo.
id moo
Temporarily increase the number of open files limit for your user account to 2048.
ulimit -n 2048
Display open file limit:
ulimit -n
2048
Full path to limits.conf file.
/etc/security/limits.conf
Find files in /usr/bin with sgid set.
find /usr/bin -perm -g+s
find /usr/bin -perm -2000
find /usr/bin -perm /g=s
