Managing Network Clients Flashcards

Question 1

Q

The 3 common DHCP client linux packages are

Answer

A

dhcpd, pump, dhclient

Question 2

Q

How would you install ISC’s DHCP server on Debian and on Redhat

Answer

A

Debian
apt-get install isc-dhcp-server
Redhat:
yum install dhcp

Question 3

Q

DHCP config file location

Answer

A

/etc/dhcp/dhcpd.conf

Question 4

Q

What do the DHCP option lines look like in the config file?

Answer

A

Each option setting is on it’s own line and terminated with a semi-colon;

For example:
option domain-name-servers 10.0.10.10 10.0.10.11;
option smtp-server 10.0.10.100;

Question 5

Q

You see this in /etc/dhcp/dhcpd.conf - what does it do?

subnet 10.1.10.0 netmask 255.255.255.0 {
   option router 10.1.10.1;
   option broadcast-address 10.1.10.255;
   range 10.1.10.10 10.1.10.200;
}

Answer

A

This sets up the subnet 10.1.10.0, defining the router and the broadcast address. Then sets of pool of IP addresses to be used for clients 10.1.10.10 to 10.1.10.200

Question 6

Q

It is possible to declare multiple subnets in a single /etc/dhcp/dhcpd.conf file. True of False?

Answer

A

True. If multiple subnets share some settings they can be grouped together using the shared-net directive.

Question 7

Q

Where does the dhcpd package keep a record of IP address leases?

Answer

A

/var/lib/dhcp/dhcpd.leases

Question 8

Q

What 2 methods can you use to assign static IP addresses to clients when using DHCP

Answer

A

1 Set the static address on the client manually

2 Create a static host entry in the config file

Question 9

Q

You see this in /etc/dhcp/dhcpd.conf - what does it do?

host luna {
   hardware ethernet 00:02:01:EF:CD:AB;
   fixed-address 192.168.20.11;
   option router 192.168.20.1;
   option broadcast-address 192.168.20.255;
   netmask 255.255.255.0;
   option host-name "luna";
}

Answer

A

This is defining a static hostname in dhcpd.conf.

The hardware ethernet directive identifies the client with the clients mac address.

Question 10

Q

What does the group directive do in the dhcpd.conf

Answer

A

group allows you to define a set of options that are shared. So for example, if you are setting up a number of static IP addresses in the config, you can use group to group them and share common settings with all the static clients.

Question 11

Q

Which options are used in ISC DHCP to enable and use BOOTP?

Answer

A

Enable BOOTP:
   allow booting;
   allow bootp;
Use BOOTP, in each Host config use:
   filename "/abootfile.img";
   server-name = "bootp-server1";
   next-server = "bootp-server2";

Question 12

Q

What does PAM sand for and what does it do?

Answer

A

PAM = Pluggable Authentication Module
It provides a single interface for authentication.

Kerberos and NIS (network info service) provide a centralised database of network authentication - PAM improves on this by providing an API that allows the OS and other apps to use a single authentication method..

Question 13

Q

Common PAM module that uses the standard /etc/passwd and /etc/shadow files for authentication

Answer

A

pam_unix.so

Question 14

Q

Common PAM module that uses Kerberos for authentication

Answer

A

pam_krb5.so

Question 15

Q

Common PAM module that uses Lightweight Directory Access Protocol for authentication

Answer

A

pam_ldap.so

Question 16

Q

Common PAM module that uses the Network Information Service (NIS) for authentication

Answer

A

pam_nis.so

Question 17

Q

Common PAM module that uses System Security Services Daemon (SSSD) for authentication

Answer

A

pam_sss.so

Question 18

Q

Common PAM module that uses standard .db database file for authentication

Answer

A

pam_userdb.so

Question 19

Q

PAM library module that is used to provide anonymous logins for public FTP servers

Answer

A

pam_access.so

Question 20

Q

PAM library module that is used to create a locked down area for logins

Answer

A

pam_chroot.so

Question 21

Q

PAM library module that is used to provide a console login environment

Answer

A

pam_console.so

Question 22

Q

PAM library module that is used to provide password strength checking

Answer

A

pam_cracklib.so

Question 23

Q

PAM library module that is used to prohibit login - this is often used as a default, fall-back option

Answer

A

pam_deny.so

Question 24

Q

PAM library module that is used to set or unset environment variables

Answer

A

pam_env.so

Question 25

Q

PAM library module that is used to provide the last login time for a user account

Answer

A

pam_lastlog.so

Question 26

Q

PAM library module that is used to enforce resource limits

Answer

A

pam_limits.so

Question 27

Q

PAM library module that is used to allow or deny actions based on a list file

Answer

A

pam_listfile.so

Question 28

Q

Where is the pam config file usually located?

Answer

A

/etc/pam.conf or in separate files in the /etc/pam.d/ directory

Question 29

Q

What is the format of the pam.conf config lines?

Answer

A

service type control module arguments

e.g.
login auth required pam_unix.so

Question 30

Q

There are 4 groups of PAM feature types, they are

Answer

A

account - Account verification settings
auth - Authentication services
password - Password management services
session - External services (e.g. logging)

Question 31

Q

There are four PAM control actions, they are

Answer

A

requiste - terminate the application if auth fails
required - return failure status if auth fails
sufficient - if this rule succeeds, stop processing with success status
optional - the rule is … optional

Question 32

Q

LDAP stands for

Answer

A

Lightweight Directory Access Protocol.

OpenLDAP is the most popular implementation of LDAP

Question 33

Q

LDAP database is based on hierarchical database design. Hierarchical databases are known for

Answer

A

fast read times and slow write times

Question 34

Q

Each LDAP Database object is defined by an [answer1] and assigned a unique [answer2]

Answer

A

answer1 - ObjectClass

answer2 - Object ID

Question 35

Q

an LDAP dc is

Answer

A

a domain context

Question 36

Q

What is an LDAP dn

Answer

A

a distinguished name - a unique object name on the database.

e.g.
cn=”John”,dc=”Student”,dc=”lpi”,dc=”org”

Question 37

Q

What is LDIF

Answer

A

LDAP Data interchange format

Example format:
dn: 
\: 
\: 
....

Question 38

Q

What are the 3 methods of storing a LDAP database

Answer

A

stand-alone - entire db on single server
replication - entire db on multiple servers
distribution - db spread across multiple servers

Question 39

Q

OpenLDAP website

Answer

A

www.openldap.org

Question 40

Q

What are the LDAP server and client packages in Debian based distros

Answer

A

slapd
ldap-utils

sudo apt-get install slapd ldap-utils

Question 41

Q

What are the LDAP server and client packages in Redhat based distros

Answer

A

openldap-servers
openldap-clients

sudo yum install openldap-servers openldap-clients

Question 42

Q

What is the main LDAP server program called.

Answer

A

slapd - it listens for LDAP connections

Question 43

Q

slapd switch to choose an alternative configuration file

Answer

A

-f [config]

Question 44

Q

slapd switch to choose a URL other than localhost for LDAP requests

Question 45

Q

slapd switch to turn on debugging

Answer

A

-d [debuglevel]

Question 46

Q

slapd switch to choose syslog level

Answer

A

-s [syslog]

Question 47

Q

slapd switch to start slapd in a chroot jail

Question 48

Q

slapd switch to specify a user name to run slapd with

Answer

A

-u [user]

Question 49

Q

slapd switch to specify a group to run slapd with

Answer

A

-g [group]

Question 50

Q

What is slurpd?

Answer

A

slurpd is the ldap daemon used in replicated server environments.

Question 51

Q

slurpd switch to specify debug level

Answer

A

-d [debug]

Question 52

Q

slurpd switch to specify alternate configuration file to use

Answer

A

-f [config]

Question 53

Q

slurpd switch to specify an alternative replication log

Answer

A

-r [replog]

Question 54

Q

slurpd switch to specify an alternate processing directory

Question 55

Q

slurpd switch to specify that slurpd shoulld run once then stop

Question 56

Q

slurpd switch to specify an alternative kerberos srvtab file to use

Answer

A

-k [srvtab]

Question 57

Q

In terms of LDAP, what is inet0rgperson

Answer

A

It is the most popular LDAP schema templates in the LDAP package. Provides white pages type directory.

Question 58

Q

There are two methods for implementing openldap directory schemas they are…

Answer

A

in slapd.conf or

in slapd-config

Question 59

Q

if using the slapd.conf method of implementing openldap, what are the 3 minimum configuration options to change

Answer

A

suffix
rootdn
rootpw

e.g.
suffix “dc=lpicstudy, dc=net”
rootdn “cn=administrator, dc=lpicstudy, dc=net”
rootpw testpassword

Question 60

Q

What LDAP server utility can be used to generate an encrypted password for use in theslapd.conf file

Answer

A

slappasswd

utility will output password, that is entered into slapd.conf prefixed with {SHA} to indicate encryption

Question 61

Q

What LDAP server utility can be used to re-index the LDAP database

Answer

A

slapindex

Question 62

Q

What LDAP server utility can be used to output the LDAP configuration into LDIF format?

Question 63

Q

What LDAP server utility can be used to add new objects to the LDAP database

Answer

A

slapadd

e.g. after stopping slapd
slapadd -l ldif.txt

Question 64

Q

If using the slapd-config method of implementing LDAP, how do you modify the config files in /etc/slap.d?

Answer

A

You don’t. Use the LDAP utilities to add and modify objects in the LDAP database

Answer 60

A

ldapdelete

Answer 61

A

ldapmodify

Answer 62

A

ldappasswd

Answer 63

A

ldapsearch

Answer 64

A

-f [file]

Answer 65

A

-w [password]

Answer 66

A

-b [base]

Answer 67

A

-w [password]

Answer 68

A

Search the LDAP directory for any object (wildcard *) starting at the dc-lpicstudy,dc=net base dn.

Brainscape's Knowledge GenomeTM

Managing Network Clients Flashcards

DHCP, PAM, LDAP and OpenLDAP

Brainscape's Knowledge Genome^TM