Chapter 10 Securing Your System Flashcards
A _________or sometimes called a service dispatcher is a type of daemon run generally on Unix-like systems
super-server Pg 525
you can employ security checks in the super daemon to protect the servers it manages. Linux has two primary super daemons: Pg 525
inted xinted
inted Pg 525
This is a legacy super daemon in Linux. Most likely you will never run into it. However it is listed in the certification exam objectives.
if you type this command as an ordinary user, you’ll see only your own network connections. Thus, in order for this command to be useful diagnostic for systems security, you must run it using superuser privileges or as root.
lsof -i
is the program that is used to either set or display the current host, domain or node name of the system. These names are used by many of the networking programs to identify the machine. The domain name is also used by NIS/YP.
hostname or hostaddr
displays the PIDs of processes using the specified files or file systems. In the default display mode, each file name is followed by a letter denoting the type of access:
fuser
In the Linux operating system, a ____________ file is a system file in which encryption user password are stored so that they aren’t available to people who try to break into the system.
shadow password
All major Linux distributions use shadow passwords by default. If yours doesnt you can type this_______ to move all password info from /etc/passwd file to the locked down /etc/shadow file.
pwconv
you should run this utility to ensure that files are in sync.
pwck
if you type su alone in the command prompt what it prompt you for?
root password. If the password is typed in correctly the session effectiely becomes a root session
What are three ways ways to make a strong password? pg 543
- Adding Numbers or Punctuation
- Mixing Case
- Growing the Haystack
To detemine who is currently onto a system,there are two primary commands to use:
- who
- w
A________ is imposed by the sytem admin and cannot be exceeded under any circumstances.
Hard Limit.
Identify the purpose of a super servers?
Super servers such as inetd and xinetd manage incominh network connections for multiple servers.
Explain the function of super server port access controls?
Super servers or programs called by then (such as TCP wrappers) can restrict access to ports for the servers they manage. These restrictions occure at a higher level than a firewall’d restrictions, and they apply only to the servers managed by super server.
Describe why SUID and SGID programs are potentially risky.
The set user ID (SUID) and ser Group ID (SGID) tell linux to run the program as the user or group that owns the file. This is particularly risky when root owns the program ile because it essentially elevates all users to root for the purpose of running the file, making bugs in the program more dangerous and raising the possibilityof a clever yser abusing the program to acquire fill root provileges or other wise wreaking havoc.
Explain why SSH is the preferred remote text-mode login tool?
The SSH protocl provides encryption for all traffic, including both the password exchange and all subsesquent data exchanges, whereas older tools, such as telnet, do not. This makes SSH much safter for the exchange of senstive data, particularly over untrusted networks such as the internet.
identify the most important SSH config file?
The SSH server is controlled through the /etc/ssh/ssh_config; dont confuse the two.
What is the command line to generate a key?
$ gpg –gen-key
What is the command line to revoke a key?
$ gpg –gen-revoke jennie@luna.edu
