Chapter 10 - Securing Your System Flashcards
what is a super server / super daemon?
10-525
this is a program that listens for network connections on behalf of another program
linux has two primary super daemons. what are their names?
10-525
inetd
xinetd
the socket type entry tells the system what kind of connection to expect. tell me three of them and contrast them.
10-526
stream - reliable two way connection
dgram - less reliable connection with less overhead
raw - low-level connection to the network
how is xinetd an extended super daemon?
10-528
provides the functionality of the legacy inetd, but it also has security options that are similar to those of TCP wrappers
there is a configuration tool you can use to bind a server only to the loopback interface. what is that tool?
10-529
Samba Web Administration Tool
SWAT
in linux, how do you program the packet filter firewall capabilities of the kernel?
10-530
set up the firewall rules by using the iptables program followed by various options
tell me 2 ways you can disable your unused servers for the sake of security
10-531
uninstall the package
reconfigure the server
tell me 3 audit tools available to use for security reasons
10-531
netstat
lsof
remote network scanners
when you want to quickly spot servers listening for connections, what command do you type?
10-533
netstat -lp
tell me 2 things that lsof is used for
10-534
identify what files are open
find who’s accessing those files
the network scanner Nmap is used in security audits by scanning for what?
10-535
open ports
what’s a scanning tool that is more user friendly than Nmap? (hint: built on top of Nmap and has a GUI)
10-537
Nessus
what would you use the fuser command for?
10-537
to determine the processes currently using a particular network port
you need to move all password information from the /etc/password file to the locked-down /etc/shadow file. what command do you run to accomplish this?
10-541
pwconv
when mitigating password risks, you should use secure remote login protocols. tell me 2 protocols to disable and 2 to use instead and why
10-541
disable Telnet and FTP
use SSH and SFTP
because Telnet and FTP use cleartext passwords
tell me how to build a strong password in 2 steps
10-542
choose a base that’s easy to remember but difficult to guess
modify that base in ways that increase the difficulty of guessing the password
which is more secure, su or sudo?
10-545
sudo
you will find 2 types of entries in the /etc/sudoers file. what are they?
10-546
aliases
user specification
there are two primary commands for determining who is currently logged onto a system. what are they?
10-547
who
w
if you want to see if anyone has been directly accessing the root account, what command do you use?
10-549
last root
PAM (Pluggable Authentication Modules) limit lines consist of four fields. tell me what they are.
10-551
domain
type
item
value
an example of a limit is:
@limited hard cpu 2
what does this mean?
10-552
hard CPU limit of 2 minutes applied to the limited group. members of the group can log in and run programs, but if a program consumes more than 2 minutes of CPU time, it will be terminated
tell me 4 things that SSH does that makes it so awesome
10-555
encrypts the password exchange
encrypts all subsequent data transfers
provides file transfer features
provides the ability to tunnel other network protocols
you have 2 config files.
one is sshd_config
the other is ssh_config
tell me the difference between the two
10-556
sshd_config controls the OpenSSH server
ssh_config controls the SSH client program ssh
what command do you use to copy files via SSH?
10-559
scp
to revoke a key
1-566
$ gpg –gen-revoke jennie@luna.edu
super user prompt
normal user prompt
the pound sign
the dollar sign
