Troubleshoot Flashcards
[Troubleshoot]
Steps when dealing with BRUTE FORCE ATTACKS
1) Identify the attack (monitor sys logs (/var/log/auth.log and/or /var/log/secure) use ‘lastb’ to see failed login attempts
2) Block the attacker (using Fail2Ban (for SSH, webservers, etc) or manually by editing ‘iptables’ or ‘firewalld’)
3) Enforce Strong Authentication (disable password authentication in /etc/ssh/sshd_config and use SSH keys instead) and/or enable multi-factor authentication
4) Limit Login Attemps (edit /etc/ssh/sshd_config > MaxAuthTries)
5) Change Default Port (change from port 22 to a no-standard port (ie 2222) in /etc/ssh/sshd_config)
6) Monitor and Audit regularly
-use Intrusion Detections System (IDS) like OSSEC or AIDE
-Regularly check /var/log/auth.log or use journalctl -xe
-automate alerts using Fail2Ban w/ email notifications
7) Use Web Application Firewalls (WAFs)
-use ModSecurity or cloud-based WAFs like Cloudflare or AWS WAF
8) Keep System Updated (via constant patching)
[Troubleshoot]
I used Ansible to patch multiple systems but one system could not update the patch. Troubleshoot, why?
I would run the playbook with ‘-vvv’ to identify specific errors.
If the issue is package-related, I would manually check the package manager, ensure disk space is sufficient, and confirm that the repository is accessible.
I would also verify that the playbook logic, conditions, and inventory settings don’t exclude the host.
[Troubleshoot]
What would you do if you received an error message that the file system is full?
Check disk usage: $ df -h
Identify large files: $ du -sh /*
Delete or compress unnecessary files: $ rm, journalctl –vacuum-time=7d
Check deleted files still using space: $ lsof | grep deleted
Extend filesystem if necessary: $ lvextend, resizefs
