Module 14 Security, Troubleshooting, and Performance

mpstat (multiple processor statistics) command

Displays CPU statistics on a Linux system.

seinfo command

Displays SELinux features.

brctl command

Displays and modifies Ethernet bridge configuration within the Linux kernel.

arp command

Displays and modifies the MAC address cache on a system.

dmidecode command

Displays hardware device information detected by the system BIOS.

iostat (input/output statistics)

Displays input and output statistics for block storage devices on the system.

tload command

Displays load average information for a Linux system.

vmstat command

Displays memory, CPU, and swap statistics on a Linux system.

uptime command

Displays system uptime and load average information for a Linux system.

iftop command

Displays the bandwidth sent from the local computer to other hosts.

sestatus command

Displays the current status and functionality of the SELinux subsystem.

audit2why command

Displays the description and purpose of SELinux log entries.

Proactive maintenance

The measures taken to reduce future system problems.

Reactive maintenance

The measures taken when system problems arise.

jabbering

The process by which failing hardware components send large amounts of information to the CPU.

bus mastering

The process by which peripheral components perform tasks normally executed by the CPU.

Monitoring

The process by which system areas are observed for problems or irregularities.

multi-factor authentication

The process whereby multiple separate mechanisms are used to validate a user's identity.

Which package is required for shadow passwords to be enabled?

The shadow-utils package

troubleshooting procedures

The tasks performed when solving system problems.

tcpdump command

Used to display the network traffic passing through a network interface.

sudoedit command

Used to edit text files as another user via entries in the /etc/sudoers file.

iperf command

Used to measure the bandwidth between two computers.

setsebool command

Used to modify SELinux settings within an SELinux policy.

ulimit command

Used to modify process limit parameters in the current shell.

visudo command

Used to modify the contents of the /etc/sudoers file.

sudo command

Used to perform commands as another user via entries in the /etc/sudoers file.

nmap (network mapper) command

Used to scan ports on network computers.

tshark command

Used to start a command-line version of the graphical Wireshark program.

klist command

Used to view Kerberos authentication information.

firewall-cmd command

Used to view and configure firewalld zones, services, and rules.

udevadm command

Used to view and modify udev daemon configuration.

faillock command

Used to view and modify user lockout settings.

pam_tally2 command

Used to view and modify user lockout settings.

aa-status command

Used to view the status of AppArmor and AppArmor profiles.

getenforce command

Used to view whether SELinux is using enforcing or permissive mode.

iotop (input/output top) command

Displays the processes on a Linux system that have the highest number of associated input/output requests to block storage devices.

sar (system activity reporter) command

Displays various performance-related statistics on a Linux system.

After executing the top command, you can also sort the output by CPU usage by pressing the __________ keys.

Shift + P

rules

The components of a firewall that match specific network traffic that is to be allowed or dropped.

chains

The components of a firewall that specify the general type of network traffic to which rules apply.

file handles

The connections that a program makes to files on a filesystem.

aa-enforce command

Sets an AppArmor profile to enforce mode.

getsebool command

Used to display SELinux settings within an SELinux policy.

free command

Used to display memory and swap statistics.

Which parameter when used with the usermod command will lock a user account?

-L

Which parameter should be used with the ls command to view the security content of a file?

-Z

You can display active and inactive memory using the vmstat command with the _______ parameter.

-a

Using the vmstat command along with the _______ parameter, you can also display the number of forks since you last booted the system.

-f

Which parameter should you use along with the vmstat command to display the slab information?

-m

Which parameter should you use along with the vmstat command to display various statistics in a tabular format?

-s

In which directory is the shadow file stored?

/etc

In which file can you view the runlevel of a Linux system?

/etc/inittab

To restrict root access to a Linux system, which two files do you need to edit?

/etc/pam.d/sshd /etc/pam.d/login

In which directory do you create the deniedusers file?

/etc/ssh/

Which file do you need to create for deny root access to a system?

/etc/ssh/deniedusers

To change the mode from Permissive to Enforcing, which value should be used with the setenforce command?

1

How might you restore a Linux system that does not use a fault tolerant storage configuration

1. Power down the computer and replace the failed hard disk or SSD. 2. Boot the Linux system. 3. Create partitions on the replaced hard disk or SSD. 4. Optionally configure LVM logical volumes from the partitions created in Step 3. 5. Use the mkfs (or equivalent) command to create filesystems on the partitions or LVM logical volumes. 6. Restore the original data using a backup utility (e.g., tar, restore, or cpio). 7. Ensure that /etc/fstab has the appropriate entries to mount the filesystems at system startup.

Filesystems can suffers corruption, and bad blocks can cause a wide range of problems. how might one fix this issue if it occurs? (Do not restore data onto a damaged filesystem; ensure that the filesystem has been recreated first.)

1. Unmount the filesystem, if mounted. 2. Run the fsck (or equivalent) command on the filesystem device. 3. If the fsck (or equivalent) command cannot repair the filesystem, use the mkfs (or equivalent) command to re-create the filesystem and restore the original data for the filesystem using a backup utility.

You need to ensure that the directory is not readable by anyone except the root user. Using the chmod command, which value should you assigned to the private key?

700

AppArmor

A Linux kernel module and related software packages that prevent malicious software from accessing system resources.

transport mode

A VPN mode whereby traffic is encrypted between two computers.

tunnel mode

A VPN mode whereby traffic is encrypted between two routers.

self-signed certificate

A certificate that was digitally signed by the computer that generated the public key within.

network zone

A component of firewalld that defines the level of trust for network connections.

Pluggable Authentication Module (PAM)

A component that provides authentication-related functionality on a Linux system.

network latency

A condition where replies to network requests are slow or intermittent.

memory leaks

A condition whereby a process continually uses more and more memory within a system, until there is no more memory available.

firewall daemon (firewalld)

A daemon that can be used to simplify the configuration of netfilter firewall rules via network zones.

GPG agent

A daemon that can be used to store the private key passphrase used by GPG.

Firewall Configuration utility

A graphical firewall configuration utility used on Fedora systems.

Wireshark

A graphical program used to display the network traffic passing through a network interface.

IP set

A list of hosts and networks that can be used within a firewall rule.

baseline

A measure of normal system activity.

login banner

A message that is displayed to users after logging into a system.

Stateful packet filters

A packet filter that applies rules to related packets within the same network session.

One Time Password (OTP)

A password that is used to validate a user's identity once only.

Automatic Bug Reporting Tool Daemon (abrtd)

A process that automatically sends application crash data to an online bug reporting service.

TCP wrapper

A program that can be used to run a network daemon with additional client restrictions specified in the /etc/hosts.allow and /etc/hosts.deny files.

server closet

A secured room that stores servers within an organization.

Remote Dial In User Service (RADIUS)

A service that provides centralized authentication, logging, and policy restrictions on a network.

Terminal Access Controller Access Control System Plus (TACACS+)

A service that provides centralized authentication, logging, and policy restrictions on a network.

Uncomplicated Firewall (UFW)

A software component that can be used to simplify the configuration of netfilter firewall rules.

System Statistics (sysstat) package

A software package that contains common performance-monitoring utilities.

Common Vulnerabilities and Exposures (CVE)

A system used to catalog security vulnerabilities.

Common Weakness Enumeration (CWE)

A system used to catalog security vulnerabilities.

Linux Unified Key Setup (LUKS)

A technology that encrypts the contents of a Linux filesystem.

AppArmor profile

A text file within the /etc/ apparmor.d directory that lists application-specific restrictions.

biometric

A type of authentication that uses physical human attributes, such as fingerprints, to validate a user's identity.

buffer overrun

An attack in which a network service is altered in memory.

label

An identifier that SELinux places on a file, directory, or process.

Lightweight Directory Access Protocol (LDAP)

An industry-standard protocol used to access directory service databases across a network.

GNU Privacy Guard (GPG)

An open source asymmetric encryption technology that can be used to encrypt and digitally sign files and email.

Multi-Category Security (MCS)

An optional SELinux policy scheme that prevents processes from accessing other processes that have similar attributes.

Multi-Level Security (MLS)

An optional SELinux policy scheme that uses custom attributes.

Comparing the total used swap space reported by the top and free commands: which statement is most accurate?

Both commands displayed the same value

aa-disable command

Disables an AppArmor profile.

pidstat (PID statistics) command

Displays CPU statistics for each PID on a Linux system.

Which mode of SELinux blocks an event if it occurs against the defined policy?

Enforcing

Using the /etc/init.d directory, which of the tasks can be performed on a service?

Force-reload Stop Restart Start Reload

restorecon command

Forces SELinux to set the default label on system files and directories.

Which of the following is used to display the memory with the free command?

KB

aa-unconfined command

Lists processes that are not controlled by AppArmor.

What is the default state of a newly added user if the password has not been set?

Locked

Which mode of SELinux does not block an event but logs it if it occurs against the defined policy?

Permissive

UFW also provides the flexibility of filtering packet with a _____ and _______

Port and protocol

Security Enhanced Linux (SELinux)x

Security Enhanced Linux (SELinux)A set of Linux kernel components and related software packages that prevent malicious software from accessing system resources.

ioping (input/output ping) command

Sends input/output requests to a block storage device and measures the speed at which they occur.

aa-complain command

Sets an AppArmor profile to complain mode.

Security Information and Event Management (SIEM)

Software that is used to monitor security events and vulnerabilities on systems across a network.

vulnerability scanner

Software that is used to scan a system for known vulnerabilities.

documentation

System information that is stored in a file or log book for future reference.

netfilter

The Linux kernel component that provides firewall and NAT capability on modern Linux systems.

kinit command

Used to authenticate to a Kerberos authentication service.

setenforce command

Used to change SELinux between enforcing and permissive mode.

chcon command

Used to change the type classification within SELinux labels on system files and directories.

ipset command

Used to configure IP sets.

iptables command

Used to configure IPv4 rules for a netfilter firewall.

ip6tables command

Used to configure IPv6 rules for a netfilter firewall.

ufw (Uncomplicated Firewall) command

Used to configure UFW.

gpg command

Used to configure and manage GPG.

cryptsetup command

Used to configure and manage LUKS.

To block ICMP requests, which file do you need to edit?

before.rules

To install UFW, which repository do you need to install?

epel-release

To find all SUID and SGID files owned by anyone, which command should be used?

find

checksums are often called what?

hashes or message digests.

The _________ command can display the CPU and input/output statistics for devices and partitions.

iostat

Which command should you use to check if a package is PAM-aware?

ldd

Which PAM package is used check if a package is PAM compatible?

libpam.so

To list the files in the /plab directory including the public and private keys, which command should you use?

ll

Which command should you use to find out if a file has SUID/SGID bit set?

ls -l

Which command should you use to display the CPU information?

mpstat

Which file should be created to disable logins into a Linux system?

nologin

Which of the following package should be installed to create a self-signed certificate?

openssl

Using the _______ command, you can display CPU activity for today.

sar

Which command should you use to get the SELinux configuration status?

sestatus

Which command should you use to verify the status of UFW?

ufw status

Which command will help you check the status of UFW rules?

ufw status verbose

Which command should you use to set the expiration date for a user account?

usermod

You can use the _______ command to display various information, such as CPU, swap, and memory utilization.

vmstat