L14 Troubleshooting, Performance & Security
3. The lspci command can be used to isolate problems with X Windows. True or False?
...
Review Questions
...
_____ are connections that a program can initiate to files on a filesystem.
File Handles
State the three categories of system problems described in your book.
Hardware-related problems Software-related problems User-related problems
_____ occurs when failing hardware components send large amounts of information to the CPU when it is not in use.
Jabbering
The SSH agent and SSH identity are provided by the GNOME keyring daemon and managed by the _____
Password and Encryption Keys utility.
Network applications that authenticate users typically do so via _____. It logs information to the /var/log/secure file and this file should be checked for PAM errors and alerts.
Pluggable Authentication Modules (PAM)
To configure SELinux within a desktop environment, you can use the ______.
SELinux Administration utility
T.F. By comparing the output of the dmesg, lsusb and lspci commands with the output of the lsmod command, you can determine whether a driver module is missing for a hardware device in your system.
True
T/F. After modifying the /etc/selinux/config file to enable SELinux, you must reboot to relabel the system for the changes to take place.
True
T/F. Another component to network security involves local file permissions.
True
T/F. Any system documentation should be printed and kept in a log book.
True
T/F. Applications can fail during execution for a number of reasons, including missing program libraries and files, process restrictions or conflicting applications.
True
T/F. At minimum, you should review system log files associated with authentication to detect whether unauthorized users logged in to the system.
True
T/F. Because private keys can also be used as a form of authentication, you can create an SSH identity for your user account and use the SSH agent to automatically authenticate to other computers using digital signatures.
True
T/F. Before a TCP wrapper starts a network daemon, it first checks the /etc/hosts.allow and /etc/hosts.deny files.
True
T/F. By default, Fedora has definitions for the targeted policy that protect the system from malicious applications that can damage system files or compromise security.
True
T/F. For services that are not needed, ensure that they are not automatically started when entering your runlevel.
True
T/F. GRUB problems are typically a result of missing files in the /boot directory.
True
T/F. Hardware failure can render a device unusable.
True
T/F. Hardware-related problems often involve improper hardware or software configuration.
True
T/F. If a hacker has gained access to your system, the hacker has likely changed certain files on the hard disk to gain more access, modify sensitive data or vandalize services.
True
T/F. If a large number of pages are being sent to and taken from the swap partition, the system will suffer from slower performance. To remedy this, you can add more physical memory (RAM) to the system.
True
T/F. If you encrypt the data with the private key, you must decrypt with the matching public key or vice versa.
True
T/F. Killing the parent process of zombie processes can free several entries in the process table.
True
T/F. Knoppix Linux and BBC Linux are bootable Linux distributions with many filesystem repair utilities.
True
T/F. Like SSH, GPG typically uses RSA and DSA key pairs for asymmetric encryption and digital signing, respectively.
True
T/F. Linux systems today are typically made available across networks such as the Internet. They are more prone to security loopholes and attacks both locally and from across networks. To protect your Linux computer, you should take steps to improve local and network security as well as understand how to detect intruders who manage to breach your Linux system.
True
T/F. Most software-related problems are related to the operating system and they include X Windows, boot loaders and filesystems.
True
T/F. Netfilter/iptables discards certain network packets according to chains of rules that are stored in your computer's memory.
True
T/F. Next, you can configure the SELINUXTYPE option with targeted or strict.
True
T/F. The public key is freely distributed to another host and the private key is used only by the system and is never distributed.
True
T/F. These keys can then be used to secure communications to other computers. However, each user will need to authenticate to other computers before SSH is used to encrypt the data.
True
T/F. This allows the system administrator the ability to restrict the network service that it can only be accessed by certain hosts within your organization.
True
T/F. To enable SELinux, edit the /etc/selinux/config file with the enforcing, permissive and disabled options.
True
T/F. To get the full benefit of the information stored in log files, you should regularly analyze the log files in the /var/log directory associated with the network services that are run on your computer.
True
T/F. Tripwire is a program that checks the integrity of important files and directories.
True
T/F. Tunneling encloses the network traffic within encrypted SSH packets.
True
T/F. Viewing the output of the dmesg command or the contents of the /var/log/boot.log and /var/log/messages log files can isolate most hardware problems. These types of problems are typically specific to the type of hardware.
True
T/F. You can identify whether the software-related problem is application software or operating system software.
True
T/F. You can minimize the root user's time that he/she is logged in.
True
T/F. You can remove floppy drives, CD/DVD drives from the workstations and ensure that the BIOS prevents booting from USB ports. Be sure that the BIOS password is set and set the boot loader password in the LILO or GRUB configuration file. It prevents intruders from interacting with the boot loader.
True
T/F. You should ensure that network service daemons are not run as the root user on the system when possible.
True
5. Which command indicates the shared libraries required by a certain executable program? a) ldconfig b) ldd c) rpm -V d) slconfig
b) ldd
You can use the _____ command to view your current SELinux status.
sestatus
Reactive maintenance is further composed of many procedures known as ______, which can be used to efficiently solve a problem in a systematic manner.
troubleshooting procedures
The _____ command can be used to modify the number of file handles a process can start in a shell.
ulimit
The _____ command is used to switch between the root user and a regular user.
su (switch user)
The _____ command performs commands as another user if you have the rights to do that listed in /etc/sudoers file.
sudo
The_____ command measures the flow of information to and from disk devices.
input/output statistics (iostat)
The _____ command can be used to lists files that are currently being edited by users and system processes.
lsof (list open files)
The _____ command displays a list of PCI devices detected by the Linux kernel.
lspci
The _____ command displays a list of USB devices detected by the Linux kernel.
lsusb
The _____ utility is used to display CPU statistics and is used to monitor CPU performance.
multiple processor statistics (mpstat)
_____ uses a pair of keys that are uniquely generated on each system: a public key and a private key.
Asymmetric encryption
If you suspect hardware-related problems, state some items that should be checked.
Be sure that parallel SCSI devices are terminated. The video card and monitor settings have been configured correctly. All hardware is on the Hardware Compatibility List.
4. Which of the following commands can be used to display memory statistics? (Choose all that apply.) a) free b) sar c) vmstat d) iostat
a) free, b) sar, c) vmstat,
1. On which part of the maintenance cycle do Linux administrators spend the most time? a) monitoring b) proactive maintenance c) reactive maintenance d) documentation
a) monitoring
The _____ command displays the hardware that is detected by the Linux kernel.
dmesg
2. Which of the following files is likely to be found in the /var/log/sa directory over time? a) 15 b) sa39 c) sa19 d) 00
c) sa19
Many technologies use a(n) _____ to protect the data before it is transmitted on the network. These programs require a key as the random component to modify the steps within the algorithm.
encryption algorithm
A _____ is a message that has been encrypted using a private key.
digital signature
The proper steps for troubleshooting both noncritical and critical directories are discussed on page 630.
...
Most system log files are stored in the _____ directory or subdirectories named for the application.
/var/log
State the two troubleshooting golden rules.
1) Prioritize problems according to severity Spend reasonable amount of time on each problem given its priority Ask for help if you can't solve the problem 2) Try to solve the root of the problem Avoid missing underlying cause Justify why a certain solution is successful
_____ contain information or irregularities that can indicate if an intrusion has taken place.
Log files
_____ a Linux system involves examining log files and running performance utilities periodically to identify problems and their causes. It is the activity on which Linux administrators spend the most time.
Monitoring
Although you can manage keys, encrypt data and digitally sign data using the gpg command, it is much easier to use a graphical utility such as _____ utility within Fedora.
Passwords and Encryption Keys
_____ involves taking the necessary steps to minimize the chance of future problems or their impact. Performing regular system backups and identifying potential problem areas are examples of this type of maintenance. All maintenance tasks should be documented for future reference.
Proactive maintenance
_____ involves correcting problems when they arise during monitoring. When a problem is solved, it needs to be documented and the system adjusted to reduce the likelihood that the same problem will occur in the future.
Reactive maintenance
_____ is a series of kernel patches and utilities created by the National Security Agency (NSA) that enforces role-based security on your system using security profiles and policies that prevent applications from being used to access resources and system components in insecure ways.
SELinux
State the two most common technologies that provide asymmetric encryption on Linux systems.
Secure Shell (SSH) and GNU Privacy Guard (GPG)
A _____ is a program (/usr/sbin/tcpd) that can start a network daemon. It provides extra security.
TCP wrapper
T/F. By default, SSH uses the Rivest Shamir Adleman (RSA) asymmetric algorithm to encrypt data and the Digital Signature Algorithm (DSA) asymmetric algorithm to digitally sign data.
True
T/F. By default, Security Enhanced Linux (SELinux) is configured and enabled during the Fedora Core installation.
True
T/F. Each GPG user has a public/private key pair, which is used for encryption as well as for authentication.
True
T/F. Ensuring that the Linux kernel resides before the 1024th cylinder of the hard disk and lba32 keyword is specified in the configuration file typically eliminates BIOS problems with large hard drives.
True
T/F. Even if an application stores its log files elsewhere, it usually hard links its log files to files within the /var/log directory.
True
T/F. Most companies should retire computer equipment after two to five years of use.
True
T/F. Networks services listen for network traffic on a certain port number and interact with that traffic. There is always a possibility that hackers can manipulate a network service by interacting with it in unusual ways.
True
T/F. New network service versions usually include fixes for known network attacks and the network administrator should keep network services up-to-date.
True
T/F. One of the most important security-related practices is to limit access to the physical computer itself. It prevents malicious users from accessing files by directly booting the computer with or without their own device.
True
T/F. POST test alerts usually indicate that hardware connections are either loose or connected improperly.
True
T/F. Package files may be removed accidentally.
True
T/F. Private keys can also be used to authenticate a message.
True
T/F. SSH allows you to securely administer a remote Linux system by encrypting all traffic that passes between the two computers.
True
T/F. Similarly, for daemons such as Apache that run as the non-root user, you should ensure that the shell listed in /etc/passwd for the daemon is set to /sbin/nologin. A hacker attempting to remotely log in to the system would not be able to get a BASH shell.
True
T/F. System wide RSA and DSA public/private key pairs are generated the first time the SSH daemon is started.
True
T/F. The absence of a device driver also prevents the operating system from using the associated hardware device.
True
T/F. The administrator needs to carefully examine the permissions for files and directories associated with system and network services.
True
T/F. When performance issues arise, you can compare the output of performance utilities with the baseline values recorded in the system log book. Values that have changed dramatically from the baseline can help you pinpoint the source of the performance problem.
True
T/F. You can also limit access to the graphical desktops and shells. It is good security practice to lock your desktop environment or exit the command-line shell before leaving the computer.
True
T/F. You can minimize the number of network services running on your computer.
True
T/F. You should also check the /var/log/wtmp log file, which lists users who logged into the system and received a BASH shell. Because this file is in binary format, you must use the who /var/log/wtmp command to view this file.
True
The _____ command scans the ports on network computers.
nmap (network mapper)
The _____ command prevents the background processes from being killed when parent shell is killed or exited.
nohup
By default, the _____ commands are usually scheduled by the cron daemon to run every 10 minutes in Fedora Linux and it displays various system statistics. All performance information is logged into a file in the /var/log/sa directory called sa#, where # represents the day of the month. One month of records is kept at any one time.
system activity reporter (sar)
The _____ command indicates still more information concerning processes, memory, swap statistics and CPU usage.
vmstat