LPIC-2 Flashcards
what’s the purpose of an authoritative nameserver
holding zone data for domains
config dir of sendmail?
/etc/mail
Apache2 SSL relevant options?
SSLEngine, SSLCertificateFile, SSLCertificateKeyFile, SSLCACertificateFile
which kernel module is necessary for a DHCP server?
packet socket
What’s the name of the BIND package?
bind
You can configure a caching-only server in one of three ways. Name them.
forwarding only, full recursive or both (full recursive if forward fails)
use kill(all) to reload the config of BIND
kill -s SIGHUP or killall -s SIGHUP named
fetch the current root zone file with dig
dig . ns @a.root-servers.net > db.cache
name alternative DNS Servers
dnsmasq, djbdns and PowerDNS
use “net” to join a domain with adminstrative user “adminuser”
net join member -U adminuser
which binary utility scans your smb.conf for errors?
/usr/bin/testparm
how to display the current status of samba connections?
/usr/bin/smbstatus
name the two daemons of samba
nmbd and smbd
where are the samba logfiles stored and which naming convention is used for client logs?
/var/log/samba
client logfiles are either named after their IP or name
how would you connect to samba share “allusers” on 192.168.1.1 with username “foo” on command line?
smbclient “//192.168.1.1/allusers” -U foo
how would you show available shares on 192.168.1.1 via command line with user “bar”?
smbclient -L 192.168.1.1 -U bar
name smbclient’s option to provide user and pw from a file
-A
if you provide smbclient a auth file, which options does it have to contain and which permissions are necessary?
username, password, domain
0440 or 0600
configure your OpenVPN CA
./vars, ./clean-all, ./build-ca
create keys for OpenVPN Server and a client
./build-key-server, ./build-key
how to build the diffie-hellman parameters for OpenVPN?
./build-dh
specify the file “ca.crt” related to OpenVPN
Copy to: server and all clients
Purpose: CA certificate
Secret: No
specify the file “ca.key” related to OpenVPN
Copy to: Key signing machine only
Purpose: CA Key
Secret: yes
specify the file “dh1024.pem” related to OpenVPN
Copy to: server only
Purpose: Diffie Hellman parameters
Secret: No
specify the file “server.crt” related to OpenVPN
Copy to: server only
Purpose: Server certificate
Secret: no
specify the file “server.key” related to OpenVPN
Copy to: server only
Purpose: Server key
Secret: yes
specify the file “client.crt” related to OpenVPN
Copy to: client only
Purpose: Client certificate
Secret: no
specify the file “client.key” related to OpenVPN
Copy to: Client only
Purpose: Client key
Secret: yes
which options of OpenVPN allows communication between different client networks?
client-to-client
on which port in OpenVPN listening?
1194 UDP
advertise a 10.60.0.0/24 subnet to OpenVPN clients
push “route 10.60.0.0 255.255.255.0”
build a point-to-point connection to remote IP 1.2.3.4 with device tun1, local IP 10.9.8.1 and remote 10.9.8.2
openvpn –remote 1.2.3.4 –dev tun1 –ifconfig 10.9.8.2 10.9.8.1
do a dns lookup on google.com using the caching dns server of the local machine. Provide commands with dig, host and nslookup
dig google.com @127.0.0.1
host google.com 127.0.0.1
nslookup google.com 127.0.0.1
name the 4 main daemons of djbdns
dnscache, tinydns, rbldns, axfrdns
TSIG?
Transaction SIGnature
which two commands are used to sign a zone file?
dnssec-keygen and dnssec-signzone
which option is used to tell named to run in a chroot environment?
-t
In which directory are DNS zone files typically stored?
/var/named
which 3 options are necessary for squid in order to configure a ACL?
auth_param, acl, and http_access, proxy_auth
how to enable user web pages in apache?
UserDir
which two ways of apache can by used to serve virtual domains?
VirtualDocumentRoot and VirtualHost
name the option of apache to enable SSL
SSLEngine On
which option is used to force SSL for apache?
SSLRequireSSL
This directive sets the directory where you keep the Certificates of Certification Authorities (CAs)
SSLCACertificatePath
This directive identifies the SSL certificate file
SSLCertificateFile
show all configured vHosts
apachectl -t -D DUMP_VHOSTS
create a RSA certificate
openssl req -new
create a RSA private key (server.key) with triple-des encryption and 2048 bit
openssl genrsa -des3 -out server.key 2048
create a CSR with server.key to server.csr
openssl req -new -key server.key -out server.csr
PAM management groups
auth, account, session, password
PAM control flags
requisite, required, sufficient, and optional
which is the PAM configuration directory?
/etc/pam.d
describe the PAM module pam_access.so
Mgmt Group: account
arguments: accessfile=
Desc: restricts access based on user, host, network name, IP or terminal
describe the PAM module pam_cracklib.so
Mgmt Group: password
arguments: use_authtok
Dec: check password strength
describe the PAM module pam_deny.so
Mgmt group: all
Desc: always indicates a failure
describe the PAM module pam_echo.so
Mgmt group: all
arguments: file=
Desc: displays text for testmode logins
describe the PAM module pam_env.so
Mgmt Group: auth, session
arguments: conffile, envfile
desc: set env variable
describe the PAM module pam_limits.so
mgmt group: session
arguments: conf
desc: sets login session limits. if conf is not given, /etc/security/limits.conf is taken
describe the PAM module pam_listfile.so
mgmt group: all
arguments: item, sense, file
desc: searches the specified filename
describe the PAM module pam_mail.so
mgmt group: auth, session
arguments: dir
desc: display a message if the user has new mail
describe the PAM module pam_mkhomedir.so
mgmt group: session
arguments: skel, umask
desc: create home directory
describe the PAM module pam_motd.so
mgmt group: session
arguments: motd
desc: display motd
name bug trackers
bugtraq, CERT, CIAC
describe the PAM module pam_nologin.so
mgmt grou: auth, account
arguments: successok
desc: fails for all users but root and displays content of /etc/nologin
describe the PAM module pam_securetty.so
mgmt group: auth
desc: fails if user root attempts to login from a device not listed in /etc/securetty
describe the PAM module pam_selinux.so
mgmt group: session
arguments: various
desc: sets up the security enhanced linux context for the login
describe the PAM module pam_stack.so
mgmt group: all
arguments: service
desc: calls an external stack
describe the PAM module pam_unix.so
mgmt group: all
arguments: nullok, likeauth, shadow, try_first_pass, user_first_pass, use_authok
desc: performs traditional linux authentication based on passwd and shadow
describe the PAM module pam_unix2.so
mgmt group: all
arguments: nullok, likeauth, shadow, try_first_pass, user_first_pass, use_authok
desc: similar to pam_unix.so, but implements additional features such as Network Information Service (NIS)
which binary helps the user create an RSA key pair for SSH?
ssh-keygen
which option tells netcat to do a portscan?
-z
do a portscan with nmap on localhost
nmap -sT localhost
what is OpenVAS?
The Open Vulnerability Assessment System (OpenVAS) is an open source framework of several services and tools offering a comprehensive and powerful vulnerability scanning and vulnerability management solution.
name 3 proxy servers
tinyproxy, squid, privoxy
which option defines the port squid3 is listening on?
http_port
name the 4 options of squid’s auth_param basic in order to maintaine an authentication
program, children, realm, credentialsttl
windows clients sometimes can’t handle the subnet, that a linux DHCP server delivers. Which command can help?
route add -host 255.255.255.255 dev eth0
name the option of DHCP to push the subnetmask 255.255.255.0
option subnet-mask 255.255.255.0;
name the DHCP option to push 2 DNS servers
option domain-name-servers 172.27.15.2,10.72.81.2;
which option of DHCP helps to resolve NetBIOS names?
option netbios-node-type 8;
DHCP: declare a /24 subnet
subnet 10.60.10.0 netmask 255.255.255.0 { range 10.60.10.2 10.60.10.254; }
which DHCP options is meant to check if a IP is free or not?
ping-check
DHCP: declare a fixed IP address for client demo.example.com with MAC address 12:34:…
host demo.example.com { hardware ethernet 12:34:..; fixed_address 10.60.10.2; }
LDAP: which two options define the path or path to a directory, in which a certificate can be found for secure communication?
TLS_CACERT, TLS_ CACERTDIR
LDIF is an abbreviation for?
LDAP Data Interchange Format
LDAP: which binary is used for encrypting passwords?
slappasswd
LDAP: which binaries are used to add data from a ldif-file?
ldapadd / ldapmodify
LDAP: which option for ldapadd (or ldapsearch) sets “dryrun”?
-n
LDAP: which option for ldapadd (or ldapsearch) logs errors to a file?
-S
LDAP: which option of slappasswd changes the hashing scheme? And which schemes are available?
-h, CRYPT, MD5, SMD5, SSHA, SHA
LDAP: there’s a different way, to change a users password than with slappasswd and ldapmodify. name it.
ldappasswd
LDAP: which binary deletes a user account?
ldapdelete
LDAP: which binary display information about user accounts?
getent
name the command to enable IP4-Forwarding for linux systems
echo “1” > /proc/sys/net/ipv4/ip_forward
what’s pureftpd’s option, to accept only ipv4 or ipv6?
-4 or -6
which option causes pureftpd to not chroot users of a specific group?
-a
which option of pureftpd chroot’s everyone?
-A
which option of pureftpd starts the server daemonized?
-B (background)
which option of pureftpd only allows anonymous access?
-e
which option of pureftpd disallow anonymous login?
-E
which option of pureftpd disallows uploads by anonymous?
-i
which option of pureftpd allows anonymous to create dirs?
-M
which option of pureftpd is for NAT mode?
-N
which option of pureftpd accepts only access for users above a psecific userid?
-u uid
which option and value needs to be configured, to make vsftpd listen on the default port?
listen yes
which option of vsftpd defines anonymous logins?
anonymous_enable
which option of vsftpd defines the root dir of anoymous logins?
anon_root
which option of vsftpd defines if local users are chrooted?
chroot_local_users
which option of vsftpd (dis)allows users to up- or download files?
write_enable
which option grants anonymous users to upload files with vsftpd?
anon_upload_enable
where is the global procmail configuration located?
/etc/procmailrc
explain the H-Flag of procmail
matching is done to the message headers
explain the B-Flag of procmail
matching is done to the body
explain the D-Flag of procmail
matching is done case-sensitive. default is not
explain the c-Flag of procmail
Matching is done on a “carbon copy” of the message
explain the w-Flag of procmail
Procmail waits for the action to complete
explain the W-Flag of procmail
The same as a flag of w, but it suppresses program failure messages.
which option of courier sets the address that the daemon should listen on?
ADDRESS
which option of courier sets the port that the daemon should listen on?
PORT
Courier: Limits the number of daemons
MAXDAEMONS
Courier: Limits the number of simultaneous connections from a single client IP address
MAXPERIP
Courier: Sets the name of the directory in which the server stores emails
MAILDIRPATH
Dovecot: Specifies the protocols Dovecot should support
protocols
Dovecot: Specifies whether each login launches its own process
login_process_per_ connection
Dovecot: Sets the maximum number of Dovecot login processes
login_max_processes_count
Dovecot: Sets the maximum number of connections per process if login_process_per_connection is set to no.
login_max_connections
Dovecot: Specifies the location of the mbox files or maildir directories to be used for mail storage
mail_location
