Chapter 10 Securing Your System

Question 1

A _________or sometimes called a service dispatcher is a type of daemon run generally on Unix-like systems

Answer 1

super-server Pg 525

Question 2

you can employ security checks in the super daemon to protect the servers it manages. Linux has two primary super daemons: Pg 525

Answer 2

inted xinted

Question 3

inted Pg 525

Answer 3

This is a legacy super daemon in Linux. Most likely you will never run into it. However it is listed in the certification exam objectives.

Question 4

if you type this command as an ordinary user, you’ll see only your own network connections. Thus, in order for this command to be useful diagnostic for systems security, you must run it using superuser privileges or as root.

Answer 4

lsof -i

Question 5

is the program that is used to either set or display the current host, domain or node name of the system. These names are used by many of the networking programs to identify the machine. The domain name is also used by NIS/YP.

Answer 5

hostname or hostaddr

Question 6

displays the PIDs of processes using the specified files or file systems. In the default display mode, each file name is followed by a letter denoting the type of access:

Answer 6

fuser

Question 7

In the Linux operating system, a ____________ file is a system file in which encryption user password are stored so that they aren’t available to people who try to break into the system.

Answer 7

shadow password

Question 8

All major Linux distributions use shadow passwords by default. If yours doesnt you can type this_______ to move all password info from /etc/passwd file to the locked down /etc/shadow file.

Answer 8

pwconv

Question 9

you should run this utility to ensure that files are in sync.

Answer 9

pwck

Question 10

if you type su alone in the command prompt what it prompt you for?

Answer 10

root password. If the password is typed in correctly the session effectiely becomes a root session

Question 11

What are three ways ways to make a strong password? pg 543

Answer 11

• Adding Numbers or Punctuation
• Mixing Case
• Growing the Haystack

Question 12

To detemine who is currently onto a system,there are two primary commands to use:

Answer 12

• who
• w

Question 13

A________ is imposed by the sytem admin and cannot be exceeded under any circumstances.

Answer 13

Hard Limit.

Question 14

Identify the purpose of a super servers?

Answer 14

Super servers such as inetd and xinetd manage incominh network connections for multiple servers.

Question 15

Explain the function of super server port access controls?

Answer 15

Super servers or programs called by then (such as TCP wrappers) can restrict access to ports for the servers they manage. These restrictions occure at a higher level than a firewall’d restrictions, and they apply only to the servers managed by super server.

Question 17

Describe why SUID and SGID programs are potentially risky.

Answer 17

The set user ID (SUID) and ser Group ID (SGID) tell linux to run the program as the user or group that owns the file. This is particularly risky when root owns the program ile because it essentially elevates all users to root for the purpose of running the file, making bugs in the program more dangerous and raising the possibilityof a clever yser abusing the program to acquire fill root provileges or other wise wreaking havoc.

Question 18

Explain why SSH is the preferred remote text-mode login tool?

Answer 18

The SSH protocl provides encryption for all traffic, including both the password exchange and all subsesquent data exchanges, whereas older tools, such as telnet, do not. This makes SSH much safter for the exchange of senstive data, particularly over untrusted networks such as the internet.

Question 19

identify the most important SSH config file?

Answer 19

The SSH server is controlled through the /etc/ssh/ssh_config; dont confuse the two.

Question 20

What is the command line to generate a key?

Answer 20

$ gpg –gen-key

Question 21

What is the command line to revoke a key?

Answer 21

$ gpg –gen-revoke jennie@luna.edu