Chapter 14: Security, Troubleshooting, and Performance
seinfo command
Displays SELinux features
brctl command
Displays and modifies Ethernet bridge configuration within the Linux Kernel
arp command
Displays and modifies the MAC address cache on a system
dmidecode command
Displays hardware device information detected by the system BIOS
iostat (input/output staticstics)
Displays input and output statistics for block storage devices on the system
tload command
Displays load average information for a Linux system
vmstat command
Displays memory, CPU, and swap statistics on a Linux system
uptime command
Displays system uptime and load average information for a Linux system
iftop command
Displays the bandwidth sent from the local computer to other hosts
audit2why command
Displays the description and purpose of SELinux log entries
iotop (input/output top) command
Displays the processes on a Linux system that have the highest number of associated input/output requests to block storage devices
multi-factor authentication
The process whereby multiple separate mechanisms are used to validate a user's identity
iperf command
Used to measure the bandwidth between two computers
setsebool command
Used to modify SELinux settings within an SELinux policy
nmap (network mapper) command
Used to scan ports on network computers
tshark command
Used to start a command-line version of the graphical Wireshark program
firewall-cmd command
Used to view and configure firewalld zones, services, and rules
udevadm command
Used to view and modify udev daemon configuration
pam_tally2 command, faillock command
Used to view and modify user lockout settings
klist command
Used to view kerberos authentication information
aa-status command
Used to view the status of AppArmor and AppArmor profiles
getenforce command
Used to view whether SELinux is using enforcing or permissive mode
transport mode
VPN mode whereby traffic is encrypted between two computers
Proactive maintenance
Measures taken to reduce future system problems
Reactive maintenance
Measures taken when system problems arise
free command
Used to display memory and swap statistics
network zone
A component of firewalld that defines a level of trust for network connections
Stateful Packet Filters
A packet filter that applies rules to related packets within the same network session
baseline
Measure of normal system activity
AppArmor profile
A text file within the /etc/apparmor.d directory that lists application-specific restrictions
buffer overrun
An attack in which a network service is altered in memory
Lightweight Directory Access Protocol (LDAP)
An industry standard protocol used for accessing and managing information within a directory service; an application protocol for querying and modifying data using directory services running over TCP/IP.
rules
Components of a firewall that match specific network traffic that is to be allowed or dropped
memory leak
Condition whereby a process continually uses more and more memory within a system, until there is no more memory available
Network Latency
Condtion where replies to network requests are slow or intermittent
file handles
Connections that a program makes to files on a filesystem
sar (system activity reporter) command
Dispalys various performance-related statistics on a Linux system
pidstat (PID statistics) command
Displays CPU staticstics for each PID on a Linux system
mpstat (multiple processor statistics) command
Displays CPU statistics on a Linux system
restorecon command
Forces SELinux to set the default label on system files and directories
Firewall Configuration Utility
Graphical firewall configuration utility used on fedora systems
Wireshark
Graphical program used to display the network traffic passing through a network interface
netfilter
Linux kernel component that provides firewall and NAT capability on modern Linux systems
AppArmor
Linux kernel module and related software packages that prevent malicious software from accessing system resources
IP set
List of hosts and networks that can be used within a firewall rule
aa-unconfined command
Lists process that aren't controlled by AppArmor
GNU privacy guard (GPG)
Open source assymetric encryption technology that can be used to encrypt and digitally sign files and email
Multi-Category Security (MCS)
Optional SELinux policy scheme that prevents processes from accessing other processes that have similar attributes
Multi-Level Security (MLS)
Optional SELinux policy scheme that uses custom attributes
One time password (OTP)
Password used to validate a user once only
jabbering
Process by which failing hardware components send large amounts of information to the CPU
Monitoring
Process by which system areas are observed for problems or irregularities
Automatic Bug Reporting Tool Daemon (ABRTD)
Process that automatically sends application crash data to an online bug reporting service
TCP wrapper
Program that can be used to run a network daemon with additional client restrictions. Specified in the /etc/hosts.allow and etc/hosts.deny files.
Server Closet
Secured room that stores servers within the organization
ioping (input/output ping) command
Sends input/output requests to a block storage device and measures the speed at which they occur
aa-enforce command
Sets an AppArmor profile to enforce mode
Uncomplicated firewall (UFW)
Software component that can be used to simplify the configuration of netfilter firewall rules
System Statistics (sysstat) package
Software package that contains common performance-monitoring utilities
vulnerability scanner
Software that is used to scan a system for known vulnerabilities
Security Information and Event Management (SIEM)
Software used to monitor security events and vulnerabilities on systems across a network
Common Vulnerabilities and Exposures (CVE), Common weakness Enumeration (CWE)
System used to catalog security vulnerabilities
sestatus command
The command that displays the current status and functionality of the SELinux subsystem.
ulimit command
The command used to modify process limit parameters in the current shell.
chains
The component of a firewall that specify the general type of network traffic to which rules apply.
Pluggable Authentication Modules (PAM)
The component that handles authentication requests by daemons on a Linux system.
biometric
Type of authentication that uses physical human attributes
kinit command
Used to authenticate to a Kerberos authentication service
setenforce command
Used to change SELinux between enforcing and permissive mode
chcon command
Used to change the type classification within SELinux labels on system files and directories
ipset command
Used to configure IP sets
iptables command
Used to configure IPv4 rules for a netfiler firewall
ip6tables command
Used to configure IPv6 rules for a netfilter firewall
ufw command
Used to configure UFW
getsebool command
Used to display SELinux settings within an SELinux policy
login banner
a message that is displayed to users after logging into a system
self-signed certificate
certifcate that was digitally signed by the computer that generated the public key within
GPG agent
daemon that can be used to store the private key passphrase used by GPG
firewall daemon (firewalld)
daemon used to simply the configuration of netfilter rules via network zones
aa-disable command
disables an AppArmor profile
label
identifier that SELinux places on a file, directory, or process
bus mastering
process by which peripheral components perform tasks normally executed by the cpu
hashes, message digests
see checksum
Remote Dial In User Service (RADIUS), Terminal Access Controller Access Control System Plus (TACACS+)
service that provides centralized authentication, logging, and policy restrictions on a network
Security Enhanced Linux (SELinux)
set of linux kernel components and related software packages that prevent malicious software from accessing system resources
aa-complain command
sets an AppArmor profile to complain mode
Documentation
system info that is stored in a file or log book for future reference
troubleshooting procedures
tasks performed when solving system problems
Linux Unified Key Setup (LUKS)
technology that encrypts the contents of a Linux filesystem
cryptsetup command
used to configure and manage LUKS
gpg command
used to configure and manage gpg
tcpdump command
used to display the network traffic passing through a network interface
sudoedit command
used to edit text files as another user
visudo command
used to modify /etc/sudoers file
sudo command
used to perform commands as another user via entries within the /etc/sudoers file
tunnel mode
vpn mode whereby traffic is encrypted between two routers