Linux+ Chapter 14 Security, Troubleshooting, and Performance

%nice value

%of time processor spent executing user programs and daemons

sar -d

I/O stats for each block device

What type of iptables chain targets traffic that is destined for the local computer?

INPUT

what is the average time of a computer equipment?

2-3 years

Remote Dial In User Service (RADIUS)

Client-server protocol that provides AAA services that can be implemented on the network

sudoedit command

Edit text files into such as configuration files as the root user

firewall-cmd --add-port=port

Enable(allow) the specified port within the current network zone

firewall-cmd --add-serveice=service

Enable(allow) the specified service within the current network zone

Tunnel mode

Encryption for all IP packets that travel between two routers

Hashes

checksum of a certificate

Netfilter

The Linux kernel component that provides firewall and NAT capability on modern Linux systems.

visudo command

The command in Fedora 13 used to edit the /etc/sudoers file

Uncomplicated firewall

UFW is a simplified front end for IPtables

Computers open in the public should have their BIOS changed to prevent booting from ______________________ and set ___________

USB ports BIOS Password

how can you change the sar logging interval?

editing the /etc/cron.d/sysstat cron table

what is self-signed certificated used for?

for SSL/TLS connection

Network zone home

mutable-for trusted home network connections

what is an INPUT chain?

network packets destined to your computer

Which of the following commands can be used to scan the available ports on computers within your organization?

nmap

tcpdump command

used to examine traffic that is passing from and to your network. same as wireshark

aa-status command

view processes managed by AppArmor

tshark command

wireshark in command line

Which of the following commands can be used to display memory statistics?

-free -sar -vmstat

how do you make sure that the iptables are loaded at each boot?

-install the iptables-persistent package -iptables-save /etc/iptables/rules.v4 command

Where does the Ubuntu load default firewalls?

/etc/default/ufw

where is the custom network zone configuration stored at?

/etc/firewalld/zones

Location of the PAM files in Ubuntu

/etc/pam.d/common-password or /etc/pam.d/common-auth

Location for the PAM files in Fedora

/etc/pam.d/password-auth or /etc/pam.d/system-auth

aa-complain command

A command used to set an AppArmor profile to complain mode.

aa-enforce command

A command used to set an AppArmor profile to enforce mode.

Network zone

A component of firewalld that defines the level of trust for network connections.

sar -u

Displays CPU stats

firewall-cmd --get

Displays all available networks

firewall-cmd --list-all-zones

Displays the services that are enabled (allowed) for the current network zone

firewall-cmd --remove-port=port firewall-cmd --permanent

Ensure that the specified port is disabled(disallowed) within the current network zone at boot time

firewall-cmd --remove-service= firewall-cmd --service --permanent

Ensure that the specified service is disabled(disallowed) within the current network zone at boot time

firewall-cmd --add-service=service firewall-cmd --permanent

Ensure that the specified service is enabled(allowed) within the current network zone at boot time

AppArmor is enable by default in Fedora Linux. True or False?

False

ipset command

IP set that includes the appropriate set of hosts and networks which you want to either block or allow using firewall

Login Banner

In a Cisco router or switch, a text message that the router/switch displays for the user during the login process.

What is one of the most important security-related practices for computer and server closet?

Limiting Physical Access

Monitoring

Linux Administrators involves examining log files and running performance utilities periodically to identify problems and their causes

Which of the following firewalld commands can be used to allow incoming SSH connections the next time the system is booted?

firewall-cmd --add-service ssh --permanent

audit2why command

generates easy-to-read descriptions of SELinux related events

udevadm command

identifies the unique attributes of the bus ID and device ID

Network zone block

immutable-Deny all incoming connections, which ICMP host-prohibited messages issued to the sender

Network zone drop

immutable-Deny all incoming connections; outgoing ones are accepted

Documentation

logs that are being printed or stored separately to keep during a system failure

iftop command

measure the badwidth from the network interface to each system

iostat command

measures flow of information to and form disk devices

On which part of the maintenance cycle do Linux administrators spend the most time?

monitoring

how do you unlock an user using pam_tally2/faillock?

pam_tally2/faillock --reset --user <name>

bus mastering

peripheral devices that perform a great deal of processing that is normally performed by CPU

what do you need to do to enable sar on Ubuntu?

set ENABLED="true" within the /etc/default/sysstat file

SElinux label

sets of preconfigured SElinux policies

To set udev rules on a Linux system, you must add the appropriate line to a file within the /etc/udev/rules.d directory. True or False?

true

What does SELINUXTYPE = mls

use MLS attributes instead of type classifications

ufw command

used to set the uncomplicated firewall

How can you prevent public computers to be restarted using the Ctrl+Alt+Del in Systemd?

run systemctl mask ctrl-alt-del.target command

sar -o file_name

saves ouput to a file in binary format

iptables -s address

source address of the packet

iptables -sport port#

specifies port # of a rule

sar -w

swapping stats

brctl command

view or modify the bridge configuration used by the Linux kernel for the network adapter

tload

view system load average values

when you move a file that has an SELinux label to a new directory, the files will have the label from the new directory. True or False?

False

The pam_tally2.so PAM can be used to enforce complex passwords on a Linux system. True or False?

False (locks them after # of unsuccessful attempts)

iptables -R number

Replaces a rule for a chain specified

sar -n ALL

Reports all network statistics

Network zone trusted

immutable-allow all network connections

ioping (input/ouput ping) command

monitors performance of a specific storage device

Which of the following UFW commands can be used to view configured firewall rules?

ufw status

setsebool

Sets specific SE linux rules on or off

cryptsetup command

Sets up LUKS after installation

When the fsck command cannot repair a non-root ( / ) filesystem, you should immediately restore all data from backup. True or False?

False

GNU Privacy Guard (GPG)

Free and open-source software that is commonly used to encrypt and decrypt data.

sar -v

kernel-related filesystem stats

Network zone internal

mutable-Internal network, restrict incoming connections

Network zone Public

mutable-Public areas, do not trust other computers

Network zone external

mutable-for computers with masquerading enabled, protecting a local network

iptables -p protocol

specifies the protocol type o for a rule

What does the SELinux labels consist of?

user:role:type:level

faillock command

List users who have been locked out by pam_faillock.so

iptables -L chain

Lists rules of a certain chain

What are best practices for securing a local Linux server?

Lock the server in a server closet -Ensure SELinux and AppArmor is used -encrypt files and network traffic

ARP command

displays MAC addreses cache

biometric

uses unique physical characteristics such as fingerprints, retinal scans, or voiceprints to authenticate

how can you manage network zones and firewall rules?

/etc/firewalld/zones directory using the firewall-cmd command

Which file contains information regarding the users, computers, and commands used by the sudo command?

/etc/sudoers

while using the vi editor, what command you must use in order to save your changes superseding the underlying file permissions?

:w!

self-signed certificate

A certificate that lacks a third-party signature.

uptime command

A command that displays the amount or percentage of time a computer system or associated hardware is functioning and available for use.

sudo command

A command that is used to perform commands as another user via entries in the /etc/sudoers file.

gpg command

A command used to create and manage GPG keys.

free command

A command used to display memory and swap statistics.

firewall daemon (firewalld)

A daemon used on some Linux systems to provide for easier configuration of netfilter via the ipchains command.

firewall configuration utility

A graphical firewall configuration utility within Fedora 20.

Security Information and Event Management (SIEM)

A method for analyzing risk in software systems. It is a centralized collection of monitoring of security and event logs from different systems. SIEM allows for the correlation of different events and early detection of attacks.

Nmap

A network utility designed to scan a network and create a map. Frequently used as a vulnerability scanner.

Lightweight Directory Access Protocol

A protocol used to access and query directory services systems such as Microsoft Active Directory.

server closet

A secured room that stores servers within an organization.

Security Enhanced Linux (SELinux)

A set of Linux kernel components and related software packages that prevent malicious software from executing on a Linux system.

System Statistics (sysstat) package

A software package that contains common performance monitoring utilities, such as mpstat, iostat, and sar.

Common Vulnerabilities and Exposures (CVE)

A standard that enables security devices to share information about attack signatures and other vulnerabilities so that they can work together to protect networks.

what is a popular SIEM open source tool among security personnel?

Alientvault Open Source SIEM OSSIM

buffer overrun

An application error that occurs when more data is sent to a program buffer than it is designed to handle.

one-time password (OTP)

An authentication code that can be used only once or for a limited period of time.

iptables -D number

Deletes a rule for a chain specified

firewall-cmd --remove-port=port

Disable(disallow) the specified port within the current network zone

firewall-cmd --remove-service=service

Disable(disallow) the specified service within the current network zone

getsebool

Displays SE Linux variables

getenforce

Displays SE linux status

firewall-cmd --get-services

Displays a list of names used by firewalld to identify network

iostat

Displays information about terminal, disk, and tape input/output activity

sar -r

Displays memory and swap stats

firewall-cmd --get-active-zones

Displays the network interfaces that are active for each network zone

firewall-cmd --zone=zone --list-all

Displays the services that are enabled(allowed) for the specified network zone(zone)

Network latency issues are often caused by SELinux or AppArmor restrictions. True or False?

False

Vulnerability Scanner

Generic term for a range of products that look for vulnerabilities in networks or systems.

sar -f file_name

Info from the specified file

what must be done prior to using the aa-complain, aa-disable and aa-enforce commands?

Install apparmor-utils package

TCP Wrappers

Is a program that can start a network daemon

if the system has ahigh %sys compared to %usr and %nice, what is likely happening?

It's executing too many resource-intensive programs

Which of the following technologies can encrypt files stored on a filesystem within a Linux system?

LUKS & GPG

FORWARD chain

Network packets that must pass through your computer

Common Weakness Enumeration (CWE)

OWASP categorization of the vulnerabilities identified

what is a popular vulnerability scanner in Linux systems?

OpenVAS

restorecon

Restores SE linux file context based on dir it is in

firewall-cmd --query-port=port

Returns yes if the specified port is enabled(allowed) within the current network zone, and no if it is not

firewall-cmd --query-service=service

Returns yes if the specified service is enable(allowed) within the current network zone, and no if it is not

What does SELINUX = permissive mean?

SELinux generates warnings only and logs events

What does SELINUX = disabled

SELinux is disabled

automatic bug reporting tool

Sends any application crash data to an online bug reporting site such as Bugzilla

iptables -j action

Specifies the action that is taken for a rule

iptables -A chain

Specifies the chain used

iptables -P policy

Specifies the default policy for a chain type

firewall-cmd --get-default-zone=zone

Specifies the destination port number for a rule

iptables -dport port#

Specifies the destination port number for a rule

iptables -i interface

Specifies the input network interface

iptables -o interface

Specifies the output network interface

firewall-cmd --get-default-zone

Specifies the source port number for a rule

What will the command sar -W 3 50 do?

Take 50 swap statistics every 3 seconds

TACAS+

Terminal Access Control Access Control System Plus- same function as RADIUS

sestatus command

The command that displays the current status and functionality of the SELinux subsystem.

sar (system activity reporter) command

The command that displays various system statistics.

iptables command

The command used to configure a firewall in Fedora Linux.

vmstat command

The command used to display memory, CPU, and swap statistics.

ulimit command

The command used to modify process limit parameters in the current shell.

file handles

The connections that a program makes to files on a filesystem.

Network Latency

The delay imposed by the amount of time required for a data packet to make a round trip from point A to point B.

proactive maintenance

The measures taken to reduce future system problems.

Reactive Maintenance

The measures taken when system problems arise.

Troubleshooting procedures

The tasks performed when solving system problems.

If you change the port on a network service daemon, users must specify it when trying to connect to it. True or False?

True

SElinux is activated by default in fedora linux. True or false?

True

Multi-factor authentication

Use of several authentication techniques together, such as passwords and security tokens.

GPG agent daemon

Used to automatically supply your GPG passphrase during the remainder of the login session after it is supplied once

LInux Unified Key Setup(LUKS)

Used to encrypt entire filesystems using AES symmetric encryption

pam_tally2 command

Used to list users who have been locked out by pam_tally2.so

kinit command

Used to login into your authentication service after Kerberos is installed and have a LDAP database

pidstat (PID Statistics) command

View CPU statistics for each process

klist command

View Kerberos authentication information

how do you SAVE the chains and rules in fedora?

iptables-save > /etc/sysconfig/iptables

stateful packet filtering

it remembers traffic that was originally allowed in an existing session and adjust their rules appropriately.

dmidecode

lists BIOS information about the device

Network zone dmz

mutable-For computers publicly acccessible with restricted areas

Network zone work

mutable-for trusted work areas

What does SELINUX = enforcing mean?

policy settings are enforced by SELinux

memory leak

processes that allows them to continually use more memory until it is exhausted.

If you cannot limit access to the computers, what is a good security practice?

remove the CD and DVD drives from the computer

Which of the following files is likely to be found in the /var/log/sa directory on a Fedora system over time?

sa19 (day of the month)

ip6tables command

same as iptables but for IPv6

sar -q

stats for the processor queue

what does the %irq and %soft indicate?

time the CPU is using to respond and interrupts

mpstat

to monitor CPU performance

Which option can be added to the ls or ps command to view the SELinux label?

-Z

OUTPUT chain

packets that originate from your computer

sar -B

swap statistics

Message Digest

unique fingerprint of file

%usr

% of time CPU has spent executing user programs and daemons

%guest

% of time CPU is executing another virtual CPU

Pluggable Authentication Modules (PAM)

A mechanism used in Linux systems to integrate low-level authentication methods into an API.

Wireshark

A popular graphical packet sniffer.

iptables -F chain

Removes all rules for the chain specified

sar -P CPU#

Specifies status for a CPU

What does SELINUXTYPE = targeted mean?

all network daemons are protected

sar -A

all options

AppArmor

alternative to SELinux

jabbering

as the hardware ages, it might start malfuncioning by sending large amounts of information to the CP when not in use

chcon

command changes the security context type of a file or process

How can you prevent public computers to be restarted using the Ctrl+Alt+Del in SysV?

comment out the ctrlaltdel action within the /etc/inittab and restart daemon

AppArmor profiles that generate warnings and log events are called _____________ mode

complain mode

how can you force SELinux to relabel all files on the system during boot up?

create a file name /.autorelabel

iptables -d address

destination address of the packet

iperf command

determine network latency between two computers

aa-disable command

disable an AppArmor profile

how does Netfilter work?

discards packets according to chains of rules

aa-unconfined command

display AppArmor profiles that are in unconfined processes

sar -b

Input/output statistics

what does the %iowait indicate?

% of time th CPU was idle when an outstanding disk I/O request existed

%idle

% of time the CPU did not spend executing tasks

%sys

% of time the system spends maintaining itself

What does SELINUXTYPE =minimum

(only critical network daemons are protected)

When performing a sar -u command, you notice that %idle is consistently 10%. Is this good or bad?

Bad, because the processor is idle 10 percent of the time and perhaps a faster CPU is required

Which of the following steps is not a common troubleshooting procedure?

Delegate responsability

Which of the following actions should you first take to secure your Linux computer against network attacks?

Ensure only necessary services are running

iptables -m match

Specifies a match parameter that should be used within the rule

AppArmor profile

each text file that is under /etc/apparmor.d directory

how do you enable SELinux?

edit the /etc/selinux/config file

Transport mode

encryption for IP packets destined for another computer

AppArmor profiles are enforced by are called ___________________ mode

enforced mode

how can you disable the BASH shell for Apache?

ensure that shell listed in /etc/passwd is invalid shell such as /sbin/nologin

Which command can increase the number of filehandles that programs can open in a shell?

ulimit

multi-level security (MLS) or Multi-Category Security (MCS)

used to restrict access to files based on additional attributes provided by the organization (TS, S, confidential)

setenforce command

used to switch between enforcing mode and permissive mode

seinfo command

views the values available on your system for SELinux label sections