Linux Chapter 14 - Terms

Réussis tes devoirs et examens dès maintenant avec Quizwiz!

proactive maintenance

The measures taken to reduce future system problems.

reactive maintenance

The measures taken when system problems arise.

jabbering

The process by which failing hardware components send large amounts of information to the CPU.

bus mastering

The process by which peripheral components perform tasks normally executed by the CPU.

monitoring

The process by which system areas are observed for problems or irregularities.

tunneling

The process of embedding network packets within other network packets.

documentation

The system information that is stored in a log book for future reference.

troubleshooting procedures

The tasks performed when solving system problems.

chains

The components of a firewall that specify the general type of network traffic to which rules apply.

file handles

The connections that a program makes to files on a filesystem.

Universal Access utility

A graphical utility within Fedora 20 used to configure assistive technologies.

AppArmor

A Linux kernel module and related software packages that prevent malicious software from executing on a Linux system. (Ubuntu)

nmap (network mapper) command

A command that can be used to scan ports on network computers. TCP connect scan (default) - -sT ip or host name

logger command

A command that can be used to write system log events.

mpstat (multiple processor statistics) command

A command that displays CPU statistics. common switches include: -P (number) multiple Processors 1 5 (seconds & number of measurements)

iostat (input/output statistics) command

A command that displays Input/Output statistics for block devices.

sudo command

A command that is used to perform commands as another user via entries in the /etc/sudoers file.

lscpu command

A command that lists hardware details for CPUs on the system.

nohup command

A command that prevents other commands from exiting when the parent process is killed.

gpg command

A command used to create and manage GPG keys.

free command

A command used to display memory and swap statistics.

xwininfo command

A command used to display status information about X Windows.

aa-complain command

A command used to set an AppArmor profile to complain mode.

aa-enforce command

A command used to set an AppArmor profile to enforce mode.

firewall-cmd command

A command used to view and configure firewalld zones, services, and rules. example is to use: firewall-cmd --add-service=telnet or to make permanent: firewall-cmd --permanent --add-service=telnet

apparmor_status command

A command used to view the status of AppArmor and AppArmor profiles.

tripwire

A common IDS for Linux that monitors files and directories.

Digital Signature Algorithm (DSA)

A common asymmetric encryption algorithm that is primarily used for creating digital signatures.

Rivest Shamir Adleman (RSA)

A common asymmetric encryption algorithm.

snort / airsnort

A complex IDS that can be used to capture and monitor network packets. It can be used to detect a wide range of network attack or port probing

network zone

A component of firewalld that defines the level of trust for network connections.

firewall daemon (firewalld)

A daemon used on some Linux systems to provide for easier configuration of netfilter via the ipchains command.

Firewall Configuration utility

A graphical firewall configuration utility within Fedora 20.

baseline

A measure of normal system activity.

stateful packet filter

A packet filter that applies rules to related packets within the same network session.

Intrusion Detection System (IDS)

A program that can be used to detect unauthorized access to a Linux system.

TCP wrapper

A program that can be used to run a network daemon with additional security via the /etc/hosts.allow and /etc/hosts.deny files.

server closet

A secured room that stores servers within an organization.

Security Enhanced Linux (SELinux)

A set of Linux kernel components and related software packages that prevent malicious software from executing on a Linux system. sestatus -v to view current status

Knoppix Linux

A small Linux distribution often installed on removable media.

System Statistics (sysstat) package

A software package that contains common performance monitoring utilities, such as mpstat, iostat, and sar.

SSH agent

A software program that can be used to automatically authenticate users using their private key.

AppArmor profile

A text file within the /etc/apparmor.d directory that lists application-specific restrictions.

asymmetric encryption

A type of encryption that uses a key pair to encrypt and decrypt data.

SSH identity

A unique configuration for a user account that is associated with user-specific SSH keys.

key

A unique piece of information that is used within an encryption algorithm.

private key

An asymmetric encryption key that is used to decrypt data and create digital signatures.

public key

An asymmetric encryption key that is used to encrypt data and decrypt digital signatures.

buffer overrun

An attack in which a network service is altered in memory.

GNU Privacy Guard (GPG)

An open source asymmetric encryption technology that is primarily used by e-mail programs.

digital signature

Information that has been encrypted using a private key.

assistive technologies

Software programs that cater to specific user needs.

netfilter

The Linux kernel component that provides firewall and NAT capability on modern Linux systems.

ssh-add command

The command that can be used to add an SSH identity to a user account.

sestatus command

The command that displays the current status and functionality of the SELinux subsystem.

sar (system activity reporter) command

The command that displays various system statistics. common switches -f view log files -b or -d to display info similar to iostat -u display CPU statistics -q processor queue statistics

lsusb command

The command that lists the USB devices that are currently plugged into the system.

lsof (list open files) command

The command that lists the files that are currently being viewed or modified by software programs and users.

lspci command

The command that lists the hardware devices that are currently attached to the PCI bus on the system.

ldconfig command

The command that updates the /etc/ld..so.conf and /etc/ld.so.cache files.

iptables command

The command used to configure IPv4 rules for a netfilter firewall.

ip6tables command

The command used to configure IPv6 rules for a netfilter firewall.

vmstat command

The command used to display memory, CPU, and swap statistics.

ldd command

The command used to display the shared libraries used by a certain program.

ulimit command

The command used to modify process limit parameters in the current shell.

Pluggable Authentication Modules (PAM)

The component that handles authentication requests by daemons on a Linux system.

rules

The components of a firewall that match specific network traffic that is to be allowed or dropped.

/etc/shadow

make sure read only access except to root to keep hacker from accessing encrypted passwords

ssh-keygen -t dsa

used to create both the DSA private key & Public Keys in the ~/.ssh folder

ssh-keygen -t rsa

used to create both the RSA private key & Public Keys in the ~/.ssh folder

ssh-keygen

used to generate or regenerate SSH keys

who /var/log/wtmp

users who login and received a bash shell

set the /etc/passwd shell to an invalid shell such as /sbin/noaccess

what steps do you take to protect the Apache from accessing a Bash shell


Ensembles d'études connexes

Session 16: Right-of-way pt. 3 and school buses

View Set

R.A.D. Four "Risks" of Personal Safety

View Set

Unit 10 Quiz - Brain & Cranial Nerves

View Set

Chapter 10 - Financial Markets: Allocating Financial Resources

View Set

BIO: CH 10, 11, 13 Lecture Exam Study

View Set

select all questions- pathophysio

View Set

Math 142 - Exam 3 Concepts and Review (3.4-4.4)

View Set

INTERNAL MEDICINE EOR SMARTYPANCE

View Set