LPIC-2 Flashcards
1
Q
what’s the purpose of an authoritative nameserver
A
holding zone data for domains
2
Q
config dir of sendmail?
A
/etc/mail
3
Q
Apache2 SSL relevant options?
A
SSLEngine, SSLCertificateFile, SSLCertificateKeyFile, SSLCACertificateFile
4
Q
which kernel module is necessary for a DHCP server?
A
packet socket
5
Q
What’s the name of the BIND package?
A
bind
6
Q
You can configure a caching-only server in one of three ways. Name them.
A
forwarding only, full recursive or both (full recursive if forward fails)
7
Q
use kill(all) to reload the config of BIND
A
kill -s SIGHUP or killall -s SIGHUP named
8
Q
fetch the current root zone file with dig
A
dig . ns @a.root-servers.net > db.cache
9
Q
name alternative DNS Servers
A
dnsmasq, djbdns and PowerDNS
10
Q
use “net” to join a domain with adminstrative user “adminuser”
A
net join member -U adminuser
11
Q
which binary utility scans your smb.conf for errors?
A
/usr/bin/testparm
12
Q
how to display the current status of samba connections?
A
/usr/bin/smbstatus
13
Q
name the two daemons of samba
A
nmbd and smbd
14
Q
where are the samba logfiles stored and which naming convention is used for client logs?
A
/var/log/samba
client logfiles are either named after their IP or name
15
Q
how would you connect to samba share “allusers” on 192.168.1.1 with username “foo” on command line?
A
smbclient “//192.168.1.1/allusers” -U foo
16
Q
how would you show available shares on 192.168.1.1 via command line with user “bar”?
A
smbclient -L 192.168.1.1 -U bar
17
Q
name smbclient’s option to provide user and pw from a file
A
-A
18
Q
if you provide smbclient a auth file, which options does it have to contain and which permissions are necessary?
A
username, password, domain
0440 or 0600
19
Q
configure your OpenVPN CA
A
./vars, ./clean-all, ./build-ca
20
Q
create keys for OpenVPN Server and a client
A
./build-key-server, ./build-key
21
Q
how to build the diffie-hellman parameters for OpenVPN?
A
./build-dh
22
Q
specify the file “ca.crt” related to OpenVPN
A
Copy to: server and all clients
Purpose: CA certificate
Secret: No
23
Q
specify the file “ca.key” related to OpenVPN
A
Copy to: Key signing machine only
Purpose: CA Key
Secret: yes
24
Q
specify the file “dh1024.pem” related to OpenVPN
A
Copy to: server only
Purpose: Diffie Hellman parameters
Secret: No
25
specify the file "server.crt" related to OpenVPN
Copy to: server only
Purpose: Server certificate
Secret: no
26
specify the file "server.key" related to OpenVPN
Copy to: server only
Purpose: Server key
Secret: yes
27
specify the file "client.crt" related to OpenVPN
Copy to: client only
Purpose: Client certificate
Secret: no
28
specify the file "client.key" related to OpenVPN
Copy to: Client only
Purpose: Client key
Secret: yes
29
which options of OpenVPN allows communication between different client networks?
client-to-client
30
on which port in OpenVPN listening?
1194 UDP
31
advertise a 10.60.0.0/24 subnet to OpenVPN clients
push “route 10.60.0.0 255.255.255.0”
32
build a point-to-point connection to remote IP 1.2.3.4 with device tun1, local IP 10.9.8.1 and remote 10.9.8.2
openvpn --remote 1.2.3.4 --dev tun1 --ifconfig 10.9.8.2 10.9.8.1
33
do a dns lookup on google.com using the caching dns server of the local machine. Provide commands with dig, host and nslookup
dig google.com @127.0.0.1
host google.com 127.0.0.1
nslookup google.com 127.0.0.1
34
name the 4 main daemons of djbdns
dnscache, tinydns, rbldns, axfrdns
35
TSIG?
Transaction SIGnature
36
which two commands are used to sign a zone file?
dnssec-keygen and dnssec-signzone
37
which option is used to tell named to run in a chroot environment?
-t
38
In which directory are DNS zone files typically stored?
/var/named
39
which 3 options are necessary for squid in order to configure a ACL?
auth_param, acl, and http_access, proxy_auth
40
how to enable user web pages in apache?
UserDir
41
which two ways of apache can by used to serve virtual domains?
VirtualDocumentRoot and VirtualHost
42
name the option of apache to enable SSL
SSLEngine On
43
which option is used to force SSL for apache?
SSLRequireSSL
44
This directive sets the directory where you keep the Certificates of Certification Authorities (CAs)
SSLCACertificatePath
45
This directive identifies the SSL certificate file
SSLCertificateFile
46
show all configured vHosts
apachectl -t -D DUMP_VHOSTS
47
create a RSA certificate
openssl req -new
48
create a RSA private key (server.key) with triple-des encryption and 2048 bit
openssl genrsa -des3 -out server.key 2048
49
create a CSR with server.key to server.csr
openssl req -new -key server.key -out server.csr
50
PAM management groups
auth, account, session, password
51
PAM control flags
requisite, required, sufficient, and optional
52
which is the PAM configuration directory?
/etc/pam.d
53
describe the PAM module pam_access.so
Mgmt Group: account
arguments: accessfile=
Desc: restricts access based on user, host, network name, IP or terminal
54
describe the PAM module pam_cracklib.so
Mgmt Group: password
arguments: use_authtok
Dec: check password strength
55
describe the PAM module pam_deny.so
Mgmt group: all
| Desc: always indicates a failure
56
describe the PAM module pam_echo.so
Mgmt group: all
arguments: file=
Desc: displays text for testmode logins
57
describe the PAM module pam_env.so
Mgmt Group: auth, session
arguments: conffile, envfile
desc: set env variable
58
describe the PAM module pam_limits.so
mgmt group: session
arguments: conf
desc: sets login session limits. if conf is not given, /etc/security/limits.conf is taken
59
describe the PAM module pam_listfile.so
mgmt group: all
arguments: item, sense, file
desc: searches the specified filename
60
describe the PAM module pam_mail.so
mgmt group: auth, session
arguments: dir
desc: display a message if the user has new mail
61
describe the PAM module pam_mkhomedir.so
mgmt group: session
arguments: skel, umask
desc: create home directory
62
describe the PAM module pam_motd.so
mgmt group: session
arguments: motd
desc: display motd
63
name bug trackers
bugtraq, CERT, CIAC
64
describe the PAM module pam_nologin.so
mgmt grou: auth, account
arguments: successok
desc: fails for all users but root and displays content of /etc/nologin
65
describe the PAM module pam_securetty.so
mgmt group: auth
| desc: fails if user root attempts to login from a device not listed in /etc/securetty
66
describe the PAM module pam_selinux.so
mgmt group: session
arguments: various
desc: sets up the security enhanced linux context for the login
67
describe the PAM module pam_stack.so
mgmt group: all
arguments: service
desc: calls an external stack
68
describe the PAM module pam_unix.so
mgmt group: all
arguments: nullok, likeauth, shadow, try_first_pass, user_first_pass, use_authok
desc: performs traditional linux authentication based on passwd and shadow
69
describe the PAM module pam_unix2.so
mgmt group: all
arguments: nullok, likeauth, shadow, try_first_pass, user_first_pass, use_authok
desc: similar to pam_unix.so, but implements additional features such as Network Information Service (NIS)
70
which binary helps the user create an RSA key pair for SSH?
ssh-keygen
71
which option tells netcat to do a portscan?
-z
72
do a portscan with nmap on localhost
nmap -sT localhost
73
what is OpenVAS?
The Open Vulnerability Assessment System (OpenVAS) is an open source framework of several services and tools offering a comprehensive and powerful vulnerability scanning and vulnerability management solution.
74
name 3 proxy servers
tinyproxy, squid, privoxy
75
which option defines the port squid3 is listening on?
http_port
76
name the 4 options of squid's auth_param basic in order to maintaine an authentication
program, children, realm, credentialsttl
77
windows clients sometimes can't handle the subnet, that a linux DHCP server delivers. Which command can help?
route add -host 255.255.255.255 dev eth0
78
name the option of DHCP to push the subnetmask 255.255.255.0
option subnet-mask 255.255.255.0;
79
name the DHCP option to push 2 DNS servers
option domain-name-servers 172.27.15.2,10.72.81.2;
80
which option of DHCP helps to resolve NetBIOS names?
option netbios-node-type 8;
81
DHCP: declare a /24 subnet
subnet 10.60.10.0 netmask 255.255.255.0 { range 10.60.10.2 10.60.10.254; }
82
which DHCP options is meant to check if a IP is free or not?
ping-check
83
DHCP: declare a fixed IP address for client demo.example.com with MAC address 12:34:...
host demo.example.com { hardware ethernet 12:34:..; fixed_address 10.60.10.2; }
84
LDAP: which two options define the path or path to a directory, in which a certificate can be found for secure communication?
TLS_CACERT, TLS_ CACERTDIR
85
LDIF is an abbreviation for?
LDAP Data Interchange Format
86
LDAP: which binary is used for encrypting passwords?
slappasswd
87
LDAP: which binaries are used to add data from a ldif-file?
ldapadd / ldapmodify
88
LDAP: which option for ldapadd (or ldapsearch) sets "dryrun"?
-n
89
LDAP: which option for ldapadd (or ldapsearch) logs errors to a file?
-S
90
LDAP: which option of slappasswd changes the hashing scheme? And which schemes are available?
-h, CRYPT, MD5, SMD5, SSHA, SHA
91
LDAP: there's a different way, to change a users password than with slappasswd and ldapmodify. name it.
ldappasswd
92
LDAP: which binary deletes a user account?
ldapdelete
93
LDAP: which binary display information about user accounts?
getent
94
name the command to enable IP4-Forwarding for linux systems
echo “1” > /proc/sys/net/ipv4/ip_forward
95
what's pureftpd's option, to accept only ipv4 or ipv6?
-4 or -6
96
which option causes pureftpd to not chroot users of a specific group?
-a
97
which option of pureftpd chroot's everyone?
-A
98
which option of pureftpd starts the server daemonized?
-B (background)
99
which option of pureftpd only allows anonymous access?
-e
100
which option of pureftpd disallow anonymous login?
-E
101
which option of pureftpd disallows uploads by anonymous?
-i
102
which option of pureftpd allows anonymous to create dirs?
-M
103
which option of pureftpd is for NAT mode?
-N
104
which option of pureftpd accepts only access for users above a psecific userid?
-u uid
105
which option and value needs to be configured, to make vsftpd listen on the default port?
listen yes
106
which option of vsftpd defines anonymous logins?
anonymous_enable
107
which option of vsftpd defines the root dir of anoymous logins?
anon_root
108
which option of vsftpd defines if local users are chrooted?
chroot_local_users
109
which option of vsftpd (dis)allows users to up- or download files?
write_enable
110
which option grants anonymous users to upload files with vsftpd?
anon_upload_enable
111
where is the global procmail configuration located?
/etc/procmailrc
112
explain the H-Flag of procmail
matching is done to the message headers
113
explain the B-Flag of procmail
matching is done to the body
114
explain the D-Flag of procmail
matching is done case-sensitive. default is not
115
explain the c-Flag of procmail
Matching is done on a “carbon copy” of the message
116
explain the w-Flag of procmail
Procmail waits for the action to complete
117
explain the W-Flag of procmail
The same as a flag of w, but it suppresses program failure messages.
118
which option of courier sets the address that the daemon should listen on?
ADDRESS
119
which option of courier sets the port that the daemon should listen on?
PORT
120
Courier: Limits the number of daemons
MAXDAEMONS
121
Courier: Limits the number of simultaneous connections from a single client IP address
MAXPERIP
122
Courier: Sets the name of the directory in which the server stores emails
MAILDIRPATH
123
Dovecot: Specifies the protocols Dovecot should support
protocols
124
Dovecot: Specifies whether each login launches its own process
login_process_per_ connection
125
Dovecot: Sets the maximum number of Dovecot login processes
login_max_processes_count
126
Dovecot: Sets the maximum number of connections per process if login_process_per_connection is set to no.
login_max_connections
127
Dovecot: Specifies the location of the mbox files or maildir directories to be used for mail storage
mail_location
