Linux Study Notes

Question 1

What is the first Unix Shell?

Answer 1

Bourne Shell

Also referred to as “The Shell”

Question 2

Who created the first Unix Shell?

Answer 2

Stephen R. Bourne

Question 3

What are the three types of Unix Shells?

Answer 3

Login Shell, Interactive Shell, Non-Interactive Shell

Question 4

What is a Login shell?

Answer 4

The shell that is run when you log in to a system, either via the terminal or via SSH.

Question 5

What is an Interactive shell?

Answer 5

A shell that actively reads commands from user input

Question 6

What is a Non-Interactive shell?

Answer 6

A shell that cannot interact with the user. it’s most often run from a script or similar.
This means that .bashrc and .profile are not executed.
Init and startup scripts are necessarily non-interactive, since they must run without human intervention.

Question 7

What is a KERNEL?

Answer 7

This is the software that acts as the brain in Linux. It controls the hardware, which is then able to interact with applications.

Question 8

What is a process?

Answer 8

A process is any active (running) instance of a program.

Question 9

What is a boot loader?

Answer 9

A program that boots the operation system.

examples of boot loader are GRUB and ISOLINUX.

Question 10

What is CLI?

Answer 10

Command Line Interface

an interface for typing commmands on top of an OS.

Question 11

What is the DAEMON?

Answer 11

A Linux/UNIX program that runs in the background.

Question 12

What is a Systemcall?

Answer 12

The fundamental interface between an application and the Linux kernel (OS).

Question 13

What is a File System?

Answer 13

A method for storing and organizing files in Linux.

Question 14

What are the READ and WRITE interface numbers for a Systemcall?

Answer 14

Read = 0
Write = 1

Question 15

What Systemcall gets time of day?

Answer 15

Syscall 96
gettimeofday
Gets the system time in seconds since 12:00 AM Jan. 1, 1970

Question 16

What is the Systemcall 99?

Answer 16

sysinfo

gets information about memory usage and CPU load average

Question 17

What processes are at the “least-privileged” level?

Answer 17

User processes
(when a program is executed in User Mode, it cannot directly access the kernel data structures or the kernel programs)

Question 18

Describe the Kernel Mode.

Answer 18

The Kernel mode is the privileged mode where the process has unrestricted access to the system resources like hardware, memory, etc.

The Kernel itself is not a process but a PROCESS MANAGER.

Question 19

(True or False)

System Calls are the only way through which a process can go into kernel mode from user mode.

Answer 19

TRUE

Question 20

What are the 2 types of device drivers and what do they do?

Answer 20

Kernel-mode Device Drivers and User-mode Device Drivers.
Device drivers let the OS know how to access and use information from that device. They act as a translator between a device and the app or OS that uses it.

Question 21

What does the Kernel-Mode Device Driver include?

Answer 21

This includes generic hardware that loads the BIOS, motherboard and processor.
It also includes the minimum system requirement device drivers for each OS.

Question 22

What is an aka for User-Mode Device Driver and give example.

Answer 22

aka: user space driver
Example: USB driver which handles the different devices connected through a USB port. If problems, the task can be killed.

Question 23

What are the common device drivers?

Answer 23

Character, Block, Network and USB Drivers

Question 24

What command lists all PCI buses in the system along with the devices connected to them?

Answer 24

lspci

• n (shows device code as numbers)
• k (kernel drivers @device & modules)
• v (description all devices)

Question 25

System call and signals can be traced by utilizing what command?

Answer 25

strace ls

Question 26

Also know as Modules, what is built into the base kernel and were created to allow users to add code to the Linux Kernel while it is running?

Answer 26

LKM or Loadable Kernel Modules

Question 27

What interprets the contents of a file system and can be added to a LKM?

Answer 27

File System Drivers

Question 28

(True or False)
A majority of the system calls are built into the Kernel, but a user can invent a system call of their own and install it as an LKM.

Answer 28

TRUE

Question 29

What driver interprets a network protocol?

Answer 29

Network drivers

Question 30

What loads and runs an executable?

Answer 30

Executable Interpreters

Question 31

What command will show the status of currently loaded LKMs?

Answer 31

lsmod

Question 32

In Linux, and executable stored on a disk is called what?

Answer 32

a Program

Question 33

A program loaded into memory and running is called what?

Answer 33

A PROCESS

Question 34

what does PID and PPID stand for?

Answer 34

PID - Process ID

PPID - Parent Process ID

Question 35

When a process is started, it is given a unique number called what?

Answer 35

Process ID

PID & PPID

Question 36

What assigns the unique PID?

Answer 36

the Kernel

Question 37

Files in what directory are executed first, then the files in the home directory follow?

Answer 37

the /etc directory

Question 38

What command lets us see what login shell the user is currently operating in?

Answer 38

echo $0

use echo $SHELL to show what type of shell you’re in

Question 39

Where do we go to set up an alias, variables, scrips to automatically run upon startup of every terminal?

Answer 39

.bashrc

within a user’s account & typically in the root directory /

Question 40

What are local variables?

Answer 40

restricted in scope and ONLY accessed in the shell in which they were created. They are not transferred to a new shell when the variable is created because they are used by the shell itself, not applications. Example: history.

Question 41

What is a user restricted to in a restricted shell?

Answer 41

Restricted users can only use current directory

Question 42

What are environmental variables?

Answer 42

Variable set across user accounts.

Question 43

What are the 4 examples of Environmental Variables?

Answer 43

Path, Home, Shell, User
Path - list of directories searched by shell to locate a command.
Home - User’s home dir upon login.
Shell - User’s login shell & the one invoked by programs having shell escapes.
User - Login name of user - LOGNAME

to View, printenv

Question 44

What does sftp stand for and do?

Answer 44

Secure File Transfer Protocol & Securely transfer files to and from a remote network.

Question 45

Why is SFTP secure?

Answer 45

because it requires a login and password just like SSH and provides encryption.

Question 46

If using ftp, what can you do to make it secure?

Answer 46

Tunneling using SSH.
You can utilize a secure shell like ssh in conjunction with the cp (copy) and ftp commands to securely copy and transfer files between hosts.

Question 47

What are the three basic types of Linux user accounts?

Answer 47

Administrative, Regular and Service

Question 48

Which user account has the most privileges?

Answer 48

Administrative and the root account is also know as “Super User”

Question 49

Which directory are the passwords stored?

Answer 49

/etc/shadow - contains encrypted passwords and bookkeeping info

/etc/passwd - contains a list of local users and their data

Question 50

What identifies the user on a system?

Answer 50

The username and user ID (UID)

Question 51

When a user account is created, it is given a same and assigned a UID which must be a positive number and above what number?

Answer 51

above 500

each user has its own password

Question 52

System accounts usually have what numbers?

Answer 52

numbers below 100

Question 53

What command is used to add a user account?

Answer 53

sudo useradd

Question 54

If using useradd, what does -c do?

what does -e do?

Answer 54

• c allows you to add a comment

- e sets ab expiration date

Question 55

What is the command to create a group?

Answer 55

sudo groupadd

Question 56

What command do you use to show a user’s UID?

Answer 56

id ‘username’

Question 57

From the command line, what does the command ‘netstat’ do?

Answer 57

Displays the status of the network

Question 58

What does the command ‘ping’ do?

Answer 58

checks network connectivity and ICMP requests

Question 59

What are other network config commands?

Answer 59

ifconfig - displays the configuration for a network interface
traceroute - shows the path taken to reach a host
route - displays the routing table and/or lets you configure it
arp - shows the address resolution table and/or lets you configure it

Question 60

What are some common interface names seen?

Answer 60

lo - Loopback interface
en - Ethernet
wl - Wireless LAN (WLAN)
ww - Wireless WAN (WWAN)

Question 61

What does Samba do?

Answer 61

A suite of software developed to provide file and print sharing between different OS’.

Using the SMB (Server Message Block) protocol or CIFS (Common Internet File System), Samba provides secure, stable, and fast file and print services for all clients.

Question 62

Samba’s functionality comes from two daemons. What are they?

Answer 62

smbd - Server Message Block Daemon

nmbd - NetBIOS Message Block Daemon

Question 63

What are the two Samba security modes?

Answer 63

Share-Level

User-Level: default setting

Question 64

What are the four ways to implement Samba user-level?

Answer 64

User Security Mode - Provides username and password

Domain Security Mode - has machine acct (domain security trust account) and causes all authentication requests to be passed through to the domain controllers.

Active Directory Security Mode - Samba server can join an Active Directory Security using Kerberos.

Server Security Mode - previously used when Samba was not capable of acting as a domain member server.

Question 65

What is LDAP?

Answer 65

Lightweight Directory Access Protocol:

Central place for AUTHENTICATION. it stores usernames and passwords.

a mechanism for interacting with directory servers. It’s often used for authentication and storing information about users, groups and applications.

Question 66

What is the most commonly used Web server on Linux systems?

Answer 66

Apache web server.

The Apache2 web server is available in Ubuntu Linux.

install by using command: sudo apt install apache2

Question 67

Why do we have iptables?

Answer 67

Command-line firewall utility that uses policy chains to ALLOW or BLOCK traffic.

When a connection tries to establish itself on your system, iptables look for a rule in it’s list to match it to. If it doesn’t find one, it resorts to the default action.

To install/update: sudo apt-get install iptables

Question 68

In iptables, what are ‘rule-sets’?

Answer 68

Rules are defined for the packets.
If the input matches a rule, the target action defined in the rule is performed.
If no match is found at the end of a chain, a special kind of target called the default policy is applied and can only be ACCEPT or DROP.

Structure is: iptables > Tables > Chains > Rules

Question 69

What are the three IP Tables?

Answer 69

Filter - used to control the flow of packet in and out of a system
(INPUT, OUTPUT & FORWARD chains)

NAT - used to redirect connections to other interface on the network (PREROUTING, POSTROUTING, OUTPUT chains)

Mangle - specialized for packet alteration. Commonly used to alter QOS and/or VLAN bits in the TCP header.
(ACCEPT, DROP, QUEUE, RETURN)

Question 70

For the Mangle table, what are the possible special values that you can specify as the target action of the rule?

Answer 70

ACCEPT, DROP, QUEUE, RETURN

ACCEPT - Firewall will accept the packet
DROP - Firewall will drop the packet
QUEUE - Firewall will pass the packet to the userspace
RETURN - Firewall will stop executing the next set of rules in the current chain for this packet. Control returned to calling chain.

Question 71

What command is used to show all existing iptables?

Answer 71

sudo iptables –list

Question 72

What is FIM?

Answer 72

File Integrity Monitoring

Refers to an IT security process and tech that test and checks OS, db, and app software files to determine whether or not they have been tampered with or corrupted.
Reactive (forensic) auditing as well as proactive, rule-based active monitoring.

Establishing a BASELINE state and monitoring for file changes helps to protect sensitive data and maintain compliance.

Question 73

When validating file integrity, what changes from the baseline?

Answer 73

Hashes do.

Hashes are unique to each file (like fingerprints). Without correct hash, you cannot make changes to these files. If authorized change, then NEW HASH is created for that file.

Question 74

What are common hashes (MD5 hashing tools)?

Answer 74

MD5SUM, CRC-32, HAVAL, SHA-1, TIGER

The more secure hashes are typically the slowest.

Question 75

What is NETWORK SECURITY?

Answer 75

It is a set of rules and configurations designed to protect the integrity, confidentiality and accessibility of computer networks and data using both software and hardware technologies.

Question 76

What are some of the most common forms of network security?

Answer 76

Switch or Router with policies (ACL - Access Control List). works similar to software firewalls.

Dedicated Hardware Firewall

SIEM - Security Information & Event Management

Network Services: DNS Servers, Time Servers, VPN Concentrators, VPN Tunnels

Question 77

What is Banner Grabbing often termed as?

Answer 77

Service Fingerprinting

Banners are the welcome screens that divulge software version numbers and other system information on network hosts. This can show the operating system, the version number, and the specific service packs to give the bad guys a leg up on attacking the network.

Question 78

What are the two main types of Banner Grabbing?

Answer 78

Active & Passive Banner Grabbing

Question 79

What is a way to grab the banner?

Answer 79

cURL command

Example: curl -s -I 192.168.x.x

wget command

Question 80

What command will inform you which network ports are currently open and which services are making use of them?

Answer 80

netstat

Question 81

What functions as the ancestor of all processes?

Answer 81

INIT

This is the first program ran when turning on computer. One responsibility of init is running the programs that let users log into the system.

For terminal, getty (get terminal) and login are used.

Question 82

What is the file called where your login name is looked up?

Answer 82

/etc/passwd

which is a sequence of lines each describing a user account.

Question 83

What is a syslog?

Answer 83

Syslog logs system events.

The syslog protocol is a way to transport messages from network devices to a syslog server.
Syslog provides a way for network devices to send messages and log events.

Question 84

What protocol and port does syslog use to communicate?

Answer 84

UDP (User Datagram Protocol)

Port 514

Question 85

Syslog has three layers. What are they?

Answer 85

Content, Application, Transport

Question 86

What elements does a syslog message contain?

Answer 86

Header, Structured Data, Message

Header - Includes host name, priority, application, process ID, and message ID

Structure Data - Contains data blocks followed by the message

Message - encoded using 8-bit Unicode Transformation Format (UTF).

Question 87

Syslog servers have several components. What are they?

Answer 87

A Syslog Listener - UDP port 514
A Database
Management and Filtering Software

Question 88

What command is used to view all our logs?

Answer 88

ls var/log

Question 89

Key files on the Linux System.

What does /dev do?

Answer 89

Contains device files for all the hardware devices on the machine

Question 90

Key files on the Linux System.

What does /srv do?

Answer 90

This directory contains server specific and service related files

Question 91

what is a DPKG?

Answer 91

Debian Package - this is a base package management system for the Debian Linux family, used to install, remove, store and provide information about .deb packages.

Question 92

What is APT?

Answer 92

Advanced Packaging Tool

Command line package management system that is a front end for dpkg package management system.

ex: sudo apt-get update

Question 93

What is RPM and what tools go with it?

Answer 93

REDHAT Package Manager

YUM (Yellowdog Updater, Modified) is an open source and popular command line package manager that works as an interface for users to RPM.

DNF (Dandified Yum) a package manager for RPM-based distributions, introduced in Fedora 18 and is next generation of YUM

Question 94

What is a popular and powerful, yet simple package manager for Arch Linux?

Answer 94

PACMAN Package Manager

Other package mgrs:
ZYPPER for OpenSUSE Linux, uses libzypp library

PORTAGE for Gentoo - simple and trouble free PM. backwards compatibility, automation +

Question 95

What serves as a way to update Linux systems and keep them secure?

Answer 95

Patching

Security-related patches should be deployed IMMEDIATELY