Managing Network Clients

Question 1

The 3 common DHCP client linux packages are

Answer 1

dhcpd, pump, dhclient

Question 2

How would you install ISC’s DHCP server on Debian and on Redhat

Answer 2

Debian
apt-get install isc-dhcp-server
Redhat:
yum install dhcp

Question 3

DHCP config file location

Answer 3

/etc/dhcp/dhcpd.conf

Question 4

What do the DHCP option lines look like in the config file?

Answer 4

Each option setting is on it’s own line and terminated with a semi-colon;

For example:
option domain-name-servers 10.0.10.10 10.0.10.11;
option smtp-server 10.0.10.100;

Question 5

You see this in /etc/dhcp/dhcpd.conf - what does it do?

subnet 10.1.10.0 netmask 255.255.255.0 {
   option router 10.1.10.1;
   option broadcast-address 10.1.10.255;
   range 10.1.10.10 10.1.10.200;
}

Answer 5

This sets up the subnet 10.1.10.0, defining the router and the broadcast address. Then sets of pool of IP addresses to be used for clients 10.1.10.10 to 10.1.10.200

Question 6

It is possible to declare multiple subnets in a single /etc/dhcp/dhcpd.conf file. True of False?

Answer 6

True. If multiple subnets share some settings they can be grouped together using the shared-net directive.

Question 7

Where does the dhcpd package keep a record of IP address leases?

Answer 7

/var/lib/dhcp/dhcpd.leases

Question 8

What 2 methods can you use to assign static IP addresses to clients when using DHCP

Answer 8

1 Set the static address on the client manually

2 Create a static host entry in the config file

Question 9

You see this in /etc/dhcp/dhcpd.conf - what does it do?

host luna {
   hardware ethernet 00:02:01:EF:CD:AB;
   fixed-address 192.168.20.11;
   option router 192.168.20.1;
   option broadcast-address 192.168.20.255;
   netmask 255.255.255.0;
   option host-name "luna";
}

Answer 9

This is defining a static hostname in dhcpd.conf.

The hardware ethernet directive identifies the client with the clients mac address.

Question 10

What does the group directive do in the dhcpd.conf

Answer 10

group allows you to define a set of options that are shared. So for example, if you are setting up a number of static IP addresses in the config, you can use group to group them and share common settings with all the static clients.

Question 11

Which options are used in ISC DHCP to enable and use BOOTP?

Answer 11

Enable BOOTP:
   allow booting;
   allow bootp;
Use BOOTP, in each Host config use:
   filename "/abootfile.img";
   server-name = "bootp-server1";
   next-server = "bootp-server2";

Question 12

What does PAM sand for and what does it do?

Answer 12

PAM = Pluggable Authentication Module
It provides a single interface for authentication.

Kerberos and NIS (network info service) provide a centralised database of network authentication - PAM improves on this by providing an API that allows the OS and other apps to use a single authentication method..

Question 13

Common PAM module that uses the standard /etc/passwd and /etc/shadow files for authentication

Answer 13

pam_unix.so

Question 14

Common PAM module that uses Kerberos for authentication

Answer 14

pam_krb5.so

Question 15

Common PAM module that uses Lightweight Directory Access Protocol for authentication

Answer 15

pam_ldap.so

Question 16

Common PAM module that uses the Network Information Service (NIS) for authentication

Answer 16

pam_nis.so

Question 17

Common PAM module that uses System Security Services Daemon (SSSD) for authentication

Answer 17

pam_sss.so

Question 18

Common PAM module that uses standard .db database file for authentication

Answer 18

pam_userdb.so

Question 19

PAM library module that is used to provide anonymous logins for public FTP servers

Answer 19

pam_access.so

Question 20

PAM library module that is used to create a locked down area for logins

Answer 20

pam_chroot.so

Question 21

PAM library module that is used to provide a console login environment

Answer 21

pam_console.so

Question 22

PAM library module that is used to provide password strength checking

Answer 22

pam_cracklib.so

Question 23

PAM library module that is used to prohibit login - this is often used as a default, fall-back option

Answer 23

pam_deny.so

Question 24

PAM library module that is used to set or unset environment variables

Answer 24

pam_env.so

Question 25

PAM library module that is used to provide the last login time for a user account

Answer 25

pam_lastlog.so

Question 26

PAM library module that is used to enforce resource limits

Answer 26

pam_limits.so

Question 27

PAM library module that is used to allow or deny actions based on a list file

Answer 27

pam_listfile.so

Question 28

Where is the pam config file usually located?

Answer 28

/etc/pam.conf or in separate files in the /etc/pam.d/ directory

Question 29

What is the format of the pam.conf config lines?

Answer 29

service type control module arguments e.g. login auth required pam_unix.so

Question 30

There are 4 groups of PAM feature types, they are

Answer 30

account - Account verification settings auth - Authentication services password - Password management services session - External services (e.g. logging)

Question 31

There are four PAM control actions, they are

Answer 31

requiste - terminate the application if auth fails required - return failure status if auth fails sufficient - if this rule succeeds, stop processing with success status optional - the rule is ... optional

Question 32

LDAP stands for

Answer 32

Lightweight Directory Access Protocol. | OpenLDAP is the most popular implementation of LDAP

Question 33

LDAP database is based on hierarchical database design. Hierarchical databases are known for

Answer 33

fast read times and slow write times

Question 34

Each LDAP Database object is defined by an [answer1] and assigned a unique [answer2]

Answer 34

answer1 - ObjectClass | answer2 - Object ID

Question 35

an LDAP dc is

Answer 35

a domain context

Question 36

What is an LDAP dn

Answer 36

a distinguished name - a unique object name on the database. e.g. cn="John",dc="Student",dc="lpi",dc="org"

Question 37

What is LDIF

Answer 37

LDAP Data interchange format ``` Example format: dn: : : .... ```

Question 38

What are the 3 methods of storing a LDAP database

Answer 38

1. stand-alone - entire db on single server 2. replication - entire db on multiple servers 3. distribution - db spread across multiple servers

Question 39

OpenLDAP website

Answer 39

www.openldap.org

Question 40

What are the LDAP server and client packages in Debian based distros

Answer 40

slapd ldap-utils sudo apt-get install slapd ldap-utils

Question 41

What are the LDAP server and client packages in Redhat based distros

Answer 41

openldap-servers openldap-clients sudo yum install openldap-servers openldap-clients

Question 42

What is the main LDAP server program called.

Answer 42

slapd - it listens for LDAP connections

Question 43

slapd switch to choose an alternative configuration file

Answer 43

-f [config]

Question 44

slapd switch to choose a URL other than localhost for LDAP requests

Answer 44

-h [url]

Question 45

slapd switch to turn on debugging

Answer 45

-d [debuglevel]

Question 46

slapd switch to choose syslog level

Answer 46

-s [syslog]

Question 47

slapd switch to start slapd in a chroot jail

Answer 47

-r [dir]

Question 48

slapd switch to specify a user name to run slapd with

Answer 48

-u [user]

Question 49

slapd switch to specify a group to run slapd with

Answer 49

-g [group]

Question 50

What is slurpd?

Answer 50

slurpd is the ldap daemon used in replicated server environments.

Question 51

slurpd switch to specify debug level

Answer 51

-d [debug]

Question 52

slurpd switch to specify alternate configuration file to use

Answer 52

-f [config]

Question 53

slurpd switch to specify an alternative replication log

Answer 53

-r [replog]

Question 54

slurpd switch to specify an alternate processing directory

Answer 54

-t [dir]

Question 55

slurpd switch to specify that slurpd shoulld run once then stop

Answer 55

-o

Question 56

slurpd switch to specify an alternative kerberos srvtab file to use

Answer 56

-k [srvtab]

Question 57

In terms of LDAP, what is inet0rgperson

Answer 57

It is the most popular LDAP schema templates in the LDAP package. Provides white pages type directory.

Question 58

There are two methods for implementing openldap directory schemas they are...

Answer 58

in slapd.conf or | in slapd-config

Question 59

if using the slapd.conf method of implementing openldap, what are the 3 minimum configuration options to change

Answer 59

suffix rootdn rootpw e.g. suffix "dc=lpicstudy, dc=net" rootdn "cn=administrator, dc=lpicstudy, dc=net" rootpw testpassword

Question 60

What LDAP server utility can be used to generate an encrypted password for use in theslapd.conf file

Answer 60

slappasswd utility will output password, that is entered into slapd.conf prefixed with {SHA} to indicate encryption

Question 61

What LDAP server utility can be used to re-index the LDAP database

Answer 61

slapindex

Question 62

What LDAP server utility can be used to output the LDAP configuration into LDIF format?

Answer 62

slapcat

Question 63

What LDAP server utility can be used to add new objects to the LDAP database

Answer 63

slapadd e.g. after stopping slapd slapadd -l ldif.txt

Question 64

If using the slapd-config method of implementing LDAP, how do you modify the config files in /etc/slap.d?

Answer 64

You don't. Use the LDAP utilities to add and modify objects in the LDAP database

Question 65

LDAP client tool to add objects to the database

Answer 65

ldapadd

Question 66

LDAP client tool to remove objects from the database

Answer 66

ldapdelete

Question 67

LDAP client tool to modify objects in the database

Answer 67

ldapmodify

Question 68

LDAP client tool to change a user password

Answer 68

ldappasswd

Question 69

LDAP client tool to search the database for objects

Answer 69

ldapsearch

Question 70

ldapmodify switch to add a new object

Answer 70

-a

Question 71

ldapmodify switch to use a distinguished name to login to the LDAP directory

Answer 71

-D [dn]

Question 72

ldapmodify switch to use a file (with LDIF entries)

Answer 72

-f [file]

Question 73

ldapmodify switch to use verbose mode

Answer 73

-v

Question 74

ldapmodify switch to specify a password

Answer 74

-w [password]

Question 75

ldapmodify switch prompt for a password

Answer 75

-W

Question 76

ldapsearch switch to specify the distinguished name in which to start the search

Answer 76

-b [base]

Question 77

ldapsearch switch to output the search results in LDIF format

Answer 77

-L

Question 78

ldapsearch switch to use verbose mode

Answer 78

-v

Question 79

ldapsearch switch to specify a password

Answer 79

-w [password]

Question 80

ldapsearch switch to prompt for a password

Answer 80

-W

Question 81

ldapsearch switch to use TLS

Answer 81

-Z

Question 82

What is this doing? | ldapsearch -b 'dc=lpicstudy, dc=net' '(objectclass=*)'

Answer 82

Search the LDAP directory for any object (wildcard *) starting at the dc-lpicstudy,dc=net base dn.