LPIC-2

Question 1

what’s the purpose of an authoritative nameserver

Answer 1

holding zone data for domains

Question 2

config dir of sendmail?

Answer 2

/etc/mail

Question 3

Apache2 SSL relevant options?

Answer 3

SSLEngine, SSLCertificateFile, SSLCertificateKeyFile, SSLCACertificateFile

Question 4

which kernel module is necessary for a DHCP server?

Answer 4

packet socket

Question 5

What’s the name of the BIND package?

Answer 5

bind

Question 6

You can configure a caching-only server in one of three ways. Name them.

Answer 6

forwarding only, full recursive or both (full recursive if forward fails)

Question 7

use kill(all) to reload the config of BIND

Answer 7

kill -s SIGHUP or killall -s SIGHUP named

Question 8

fetch the current root zone file with dig

Answer 8

dig . ns @a.root-servers.net > db.cache

Question 9

name alternative DNS Servers

Answer 9

dnsmasq, djbdns and PowerDNS

Question 10

use “net” to join a domain with adminstrative user “adminuser”

Answer 10

net join member -U adminuser

Question 11

which binary utility scans your smb.conf for errors?

Answer 11

/usr/bin/testparm

Question 12

how to display the current status of samba connections?

Answer 12

/usr/bin/smbstatus

Question 13

name the two daemons of samba

Answer 13

nmbd and smbd

Question 14

where are the samba logfiles stored and which naming convention is used for client logs?

Answer 14

/var/log/samba

client logfiles are either named after their IP or name

Question 15

how would you connect to samba share “allusers” on 192.168.1.1 with username “foo” on command line?

Answer 15

smbclient “//192.168.1.1/allusers” -U foo

Question 16

how would you show available shares on 192.168.1.1 via command line with user “bar”?

Answer 16

smbclient -L 192.168.1.1 -U bar

Question 17

name smbclient’s option to provide user and pw from a file

Answer 17

-A

Question 18

if you provide smbclient a auth file, which options does it have to contain and which permissions are necessary?

Answer 18

username, password, domain

0440 or 0600

Question 19

configure your OpenVPN CA

Answer 19

./vars, ./clean-all, ./build-ca

Question 20

create keys for OpenVPN Server and a client

Answer 20

./build-key-server, ./build-key

Question 21

how to build the diffie-hellman parameters for OpenVPN?

Answer 21

./build-dh

Question 22

specify the file “ca.crt” related to OpenVPN

Answer 22

Copy to: server and all clients
Purpose: CA certificate
Secret: No

Question 23

specify the file “ca.key” related to OpenVPN

Answer 23

Copy to: Key signing machine only
Purpose: CA Key
Secret: yes

Question 24

specify the file “dh1024.pem” related to OpenVPN

Answer 24

Copy to: server only
Purpose: Diffie Hellman parameters
Secret: No

Question 25

specify the file “server.crt” related to OpenVPN

Answer 25

Copy to: server only
Purpose: Server certificate
Secret: no

Question 26

specify the file “server.key” related to OpenVPN

Answer 26

Copy to: server only
Purpose: Server key
Secret: yes

Question 27

specify the file “client.crt” related to OpenVPN

Answer 27

Copy to: client only
Purpose: Client certificate
Secret: no

Question 28

specify the file “client.key” related to OpenVPN

Answer 28

Copy to: Client only
Purpose: Client key
Secret: yes

Question 29

which options of OpenVPN allows communication between different client networks?

Answer 29

client-to-client

Question 30

on which port in OpenVPN listening?

Answer 30

1194 UDP

Question 31

advertise a 10.60.0.0/24 subnet to OpenVPN clients

Answer 31

push “route 10.60.0.0 255.255.255.0”

Question 32

build a point-to-point connection to remote IP 1.2.3.4 with device tun1, local IP 10.9.8.1 and remote 10.9.8.2

Answer 32

openvpn –remote 1.2.3.4 –dev tun1 –ifconfig 10.9.8.2 10.9.8.1

Question 33

do a dns lookup on google.com using the caching dns server of the local machine. Provide commands with dig, host and nslookup

Answer 33

dig google.com @127.0.0.1
host google.com 127.0.0.1
nslookup google.com 127.0.0.1

Question 34

name the 4 main daemons of djbdns

Answer 34

dnscache, tinydns, rbldns, axfrdns

Question 35

TSIG?

Answer 35

Transaction SIGnature

Question 36

which two commands are used to sign a zone file?

Answer 36

dnssec-keygen and dnssec-signzone

Question 37

which option is used to tell named to run in a chroot environment?

Answer 37

-t

Question 38

In which directory are DNS zone files typically stored?

Answer 38

/var/named

Question 39

which 3 options are necessary for squid in order to configure a ACL?

Answer 39

auth_param, acl, and http_access, proxy_auth

Question 40

how to enable user web pages in apache?

Answer 40

UserDir

Question 41

which two ways of apache can by used to serve virtual domains?

Answer 41

VirtualDocumentRoot and VirtualHost

Question 42

name the option of apache to enable SSL

Answer 42

SSLEngine On

Question 43

which option is used to force SSL for apache?

Answer 43

SSLRequireSSL

Question 44

This directive sets the directory where you keep the Certificates of Certification Authorities (CAs)

Answer 44

SSLCACertificatePath

Question 45

This directive identifies the SSL certificate file

Answer 45

SSLCertificateFile

Question 46

show all configured vHosts

Answer 46

apachectl -t -D DUMP_VHOSTS

Question 47

create a RSA certificate

Answer 47

openssl req -new

Question 48

create a RSA private key (server.key) with triple-des encryption and 2048 bit

Answer 48

openssl genrsa -des3 -out server.key 2048

Question 49

create a CSR with server.key to server.csr

Answer 49

openssl req -new -key server.key -out server.csr

Question 50

PAM management groups

Answer 50

auth, account, session, password

Question 51

PAM control flags

Answer 51

requisite, required, sufficient, and optional

Question 52

which is the PAM configuration directory?

Answer 52

/etc/pam.d

Question 53

describe the PAM module pam_access.so

Answer 53

Mgmt Group: account
arguments: accessfile=
Desc: restricts access based on user, host, network name, IP or terminal

Question 54

describe the PAM module pam_cracklib.so

Answer 54

Mgmt Group: password
arguments: use_authtok
Dec: check password strength

Question 55

describe the PAM module pam_deny.so

Answer 55

Mgmt group: all

Desc: always indicates a failure

Question 56

describe the PAM module pam_echo.so

Answer 56

Mgmt group: all
arguments: file=
Desc: displays text for testmode logins

Question 57

describe the PAM module pam_env.so

Answer 57

Mgmt Group: auth, session

arguments: conffile, envfile
desc: set env variable

Question 58

describe the PAM module pam_limits.so

Answer 58

mgmt group: session

arguments: conf
desc: sets login session limits. if conf is not given, /etc/security/limits.conf is taken

Question 59

describe the PAM module pam_listfile.so

Answer 59

mgmt group: all

arguments: item, sense, file
desc: searches the specified filename

Question 60

describe the PAM module pam_mail.so

Answer 60

mgmt group: auth, session

arguments: dir
desc: display a message if the user has new mail

Question 61

describe the PAM module pam_mkhomedir.so

Answer 61

mgmt group: session

arguments: skel, umask
desc: create home directory

Question 62

describe the PAM module pam_motd.so

Answer 62

mgmt group: session

arguments: motd
desc: display motd

Question 63

name bug trackers

Answer 63

bugtraq, CERT, CIAC

Question 64

describe the PAM module pam_nologin.so

Answer 64

mgmt grou: auth, account

arguments: successok
desc: fails for all users but root and displays content of /etc/nologin

Question 65

describe the PAM module pam_securetty.so

Answer 65

mgmt group: auth

desc: fails if user root attempts to login from a device not listed in /etc/securetty

Question 66

describe the PAM module pam_selinux.so

Answer 66

mgmt group: session

arguments: various
desc: sets up the security enhanced linux context for the login

Question 67

describe the PAM module pam_stack.so

Answer 67

mgmt group: all

arguments: service
desc: calls an external stack

Question 68

describe the PAM module pam_unix.so

Answer 68

mgmt group: all

arguments: nullok, likeauth, shadow, try_first_pass, user_first_pass, use_authok
desc: performs traditional linux authentication based on passwd and shadow

Question 69

describe the PAM module pam_unix2.so

Answer 69

mgmt group: all

arguments: nullok, likeauth, shadow, try_first_pass, user_first_pass, use_authok
desc: similar to pam_unix.so, but implements additional features such as Network Information Service (NIS)

Question 70

which binary helps the user create an RSA key pair for SSH?

Answer 70

ssh-keygen

Question 71

which option tells netcat to do a portscan?

Answer 71

-z

Question 72

do a portscan with nmap on localhost

Answer 72

nmap -sT localhost

Question 73

what is OpenVAS?

Answer 73

The Open Vulnerability Assessment System (OpenVAS) is an open source framework of several services and tools offering a comprehensive and powerful vulnerability scanning and vulnerability management solution.

Question 74

name 3 proxy servers

Answer 74

tinyproxy, squid, privoxy

Question 75

which option defines the port squid3 is listening on?

Answer 75

http_port

Question 76

name the 4 options of squid’s auth_param basic in order to maintaine an authentication

Answer 76

program, children, realm, credentialsttl

Question 77

windows clients sometimes can’t handle the subnet, that a linux DHCP server delivers. Which command can help?

Answer 77

route add -host 255.255.255.255 dev eth0

Question 78

name the option of DHCP to push the subnetmask 255.255.255.0

Answer 78

option subnet-mask 255.255.255.0;

Question 79

name the DHCP option to push 2 DNS servers

Answer 79

option domain-name-servers 172.27.15.2,10.72.81.2;

Question 80

which option of DHCP helps to resolve NetBIOS names?

Answer 80

option netbios-node-type 8;

Question 81

DHCP: declare a /24 subnet

Answer 81

subnet 10.60.10.0 netmask 255.255.255.0 { range 10.60.10.2 10.60.10.254; }

Question 82

which DHCP options is meant to check if a IP is free or not?

Answer 82

ping-check

Question 83

DHCP: declare a fixed IP address for client demo.example.com with MAC address 12:34:…

Answer 83

host demo.example.com { hardware ethernet 12:34:..; fixed_address 10.60.10.2; }

Question 84

LDAP: which two options define the path or path to a directory, in which a certificate can be found for secure communication?

Answer 84

TLS_CACERT, TLS_ CACERTDIR

Question 85

LDIF is an abbreviation for?

Answer 85

LDAP Data Interchange Format

Question 86

LDAP: which binary is used for encrypting passwords?

Answer 86

slappasswd

Question 87

LDAP: which binaries are used to add data from a ldif-file?

Answer 87

ldapadd / ldapmodify

Question 88

LDAP: which option for ldapadd (or ldapsearch) sets “dryrun”?

Answer 88

-n

Question 89

LDAP: which option for ldapadd (or ldapsearch) logs errors to a file?

Answer 89

-S

Question 90

LDAP: which option of slappasswd changes the hashing scheme? And which schemes are available?

Answer 90

-h, CRYPT, MD5, SMD5, SSHA, SHA

Question 91

LDAP: there’s a different way, to change a users password than with slappasswd and ldapmodify. name it.

Answer 91

ldappasswd

Question 92

LDAP: which binary deletes a user account?

Answer 92

ldapdelete

Question 93

LDAP: which binary display information about user accounts?

Answer 93

getent

Question 94

name the command to enable IP4-Forwarding for linux systems

Answer 94

echo “1” > /proc/sys/net/ipv4/ip_forward

Question 95

what’s pureftpd’s option, to accept only ipv4 or ipv6?

Answer 95

-4 or -6

Question 96

which option causes pureftpd to not chroot users of a specific group?

Answer 96

-a

Question 97

which option of pureftpd chroot’s everyone?

Answer 97

-A

Question 98

which option of pureftpd starts the server daemonized?

Answer 98

-B (background)

Question 99

which option of pureftpd only allows anonymous access?

Answer 99

-e

Question 100

which option of pureftpd disallow anonymous login?

Answer 100

-E

Question 101

which option of pureftpd disallows uploads by anonymous?

Answer 101

-i

Question 102

which option of pureftpd allows anonymous to create dirs?

Answer 102

-M

Question 103

which option of pureftpd is for NAT mode?

Answer 103

-N

Question 104

which option of pureftpd accepts only access for users above a psecific userid?

Answer 104

-u uid

Question 105

which option and value needs to be configured, to make vsftpd listen on the default port?

Answer 105

listen yes

Question 106

which option of vsftpd defines anonymous logins?

Answer 106

anonymous_enable

Question 107

which option of vsftpd defines the root dir of anoymous logins?

Answer 107

anon_root

Question 108

which option of vsftpd defines if local users are chrooted?

Answer 108

chroot_local_users

Question 109

which option of vsftpd (dis)allows users to up- or download files?

Answer 109

write_enable

Question 110

which option grants anonymous users to upload files with vsftpd?

Answer 110

anon_upload_enable

Question 111

where is the global procmail configuration located?

Answer 111

/etc/procmailrc

Question 112

explain the H-Flag of procmail

Answer 112

matching is done to the message headers

Question 113

explain the B-Flag of procmail

Answer 113

matching is done to the body

Question 114

explain the D-Flag of procmail

Answer 114

matching is done case-sensitive. default is not

Question 115

explain the c-Flag of procmail

Answer 115

Matching is done on a “carbon copy” of the message

Question 116

explain the w-Flag of procmail

Answer 116

Procmail waits for the action to complete

Question 117

explain the W-Flag of procmail

Answer 117

The same as a flag of w, but it suppresses program failure messages.

Question 118

which option of courier sets the address that the daemon should listen on?

Answer 118

ADDRESS

Question 119

which option of courier sets the port that the daemon should listen on?

Answer 119

PORT

Question 120

Courier: Limits the number of daemons

Answer 120

MAXDAEMONS

Question 121

Courier: Limits the number of simultaneous connections from a single client IP address

Answer 121

MAXPERIP

Question 122

Courier: Sets the name of the directory in which the server stores emails

Answer 122

MAILDIRPATH

Question 123

Dovecot: Specifies the protocols Dovecot should support

Answer 123

protocols

Question 124

Dovecot: Specifies whether each login launches its own process

Answer 124

login_process_per_ connection

Question 125

Dovecot: Sets the maximum number of Dovecot login processes

Answer 125

login_max_processes_count

Question 126

Dovecot: Sets the maximum number of connections per process if login_process_per_connection is set to no.

Answer 126

login_max_connections

Question 127

Dovecot: Specifies the location of the mbox files or maildir directories to be used for mail storage

Answer 127

mail_location