General Linux Concepts

Question 1

Interpreters

Answer 1

– bash interpreter: A shell program, it is used as an interpreter.
> Location: /bin/bash
> starts always with #!

– other Linux interpreters: sh, csh, ksh, zsh, dash

– Windows powershell : Scripting environment
> good for server management
> system admin tasks can be run with cmdlets that are not accessible in cmd
> can pipe objects between cmdlets

– Other interpreters: Python, Ruby, C, Java, Pearl

Question 2

A directory used to access data on a partition

Answer 2

Mountpoint
○ mount DEVICE MOUNT_POINT
○ mount /dev/sdb3 /opt OR umount /opt

When mounting “test” to the “home” directory it will be under: home/test

View
>df

Question 3

Logical Volume Manager (LVM)

Answer 3

• can move/mount file systems
• can take snapshots> good for easy backups
• is the layer of obstruction on which the file system sits
• grows flexibly

Question 4

tar

Answer 4

It is often referred to as a tarball for distribution or backup purposes. So .tar.gz is just a file format.
Tar is often used together with a with a compression method, such as gzip, to create a compressed archive as well as file.tar.gz (or file.tgz).
Use need: distribute the source code of an application or maybe a binary file to execute a program.

Question 5

Networking with PCAP

Answer 5

PCAP=packet capture also PCAP in general as API for capturing network traffic
There are two libraries:
- libpcap for unix
-Winpcap for windows
In routed environment set interface to “promiscuous” mode, in switched environment set port to “mirrored.
What you can do:
- View Source and destination IP Addresses
- Extract attachment files from PCAP and reconstruct it

Competition: Nmap started Npcap with faster packet capture and security as compare to libpcap

PCAP= file extension (.pcap)

Open .pcap with Wireshark

Question 6

PAM Basics

Linux’s Privileged Access Management

Answer 6

• Privileges Access Attacks. Elevating privileges>Its easier to attack a system from the inside
• Pluggable Authentication Module (mechanism) in Linux that is CENTRALIZED
  Instead of each program quering the /etc/ passsword and etc/shadow file for authentication Linux services and applications go to PAM
• lives at
  /etc/pam.d OR etc/pam.d login and etc/pam.d/sshd

Question 7

Linux Account types

Answer 7

• root, the superuser: can do anything, UID=0
• system accounts UID<1000. see in /etc/login.defs. with
  >useradd -r system_account_name
• chage -l account (shows account aging info to see if account has expired)

Question 8

Network Security

Answer 8

• Network Services and daemons