Module 14 Security, Troubleshooting, and Performance
mpstat (multiple processor statistics) command
Displays CPU statistics on a Linux system.
seinfo command
Displays SELinux features.
brctl command
Displays and modifies Ethernet bridge configuration within the Linux kernel.
arp command
Displays and modifies the MAC address cache on a system.
dmidecode command
Displays hardware device information detected by the system BIOS.
iostat (input/output statistics)
Displays input and output statistics for block storage devices on the system.
tload command
Displays load average information for a Linux system.
vmstat command
Displays memory, CPU, and swap statistics on a Linux system.
uptime command
Displays system uptime and load average information for a Linux system.
iftop command
Displays the bandwidth sent from the local computer to other hosts.
sestatus command
Displays the current status and functionality of the SELinux subsystem.
audit2why command
Displays the description and purpose of SELinux log entries.
Proactive maintenance
The measures taken to reduce future system problems.
Reactive maintenance
The measures taken when system problems arise.
jabbering
The process by which failing hardware components send large amounts of information to the CPU.
bus mastering
The process by which peripheral components perform tasks normally executed by the CPU.
Monitoring
The process by which system areas are observed for problems or irregularities.
multi-factor authentication
The process whereby multiple separate mechanisms are used to validate a user's identity.
Which package is required for shadow passwords to be enabled?
The shadow-utils package
troubleshooting procedures
The tasks performed when solving system problems.
tcpdump command
Used to display the network traffic passing through a network interface.
sudoedit command
Used to edit text files as another user via entries in the /etc/sudoers file.
iperf command
Used to measure the bandwidth between two computers.
setsebool command
Used to modify SELinux settings within an SELinux policy.
ulimit command
Used to modify process limit parameters in the current shell.
visudo command
Used to modify the contents of the /etc/sudoers file.
sudo command
Used to perform commands as another user via entries in the /etc/sudoers file.
nmap (network mapper) command
Used to scan ports on network computers.
tshark command
Used to start a command-line version of the graphical Wireshark program.
klist command
Used to view Kerberos authentication information.
firewall-cmd command
Used to view and configure firewalld zones, services, and rules.
udevadm command
Used to view and modify udev daemon configuration.
faillock command
Used to view and modify user lockout settings.
pam_tally2 command
Used to view and modify user lockout settings.
aa-status command
Used to view the status of AppArmor and AppArmor profiles.
getenforce command
Used to view whether SELinux is using enforcing or permissive mode.
iotop (input/output top) command
Displays the processes on a Linux system that have the highest number of associated input/output requests to block storage devices.
sar (system activity reporter) command
Displays various performance-related statistics on a Linux system.
After executing the top command, you can also sort the output by CPU usage by pressing the __________ keys.
Shift + P
rules
The components of a firewall that match specific network traffic that is to be allowed or dropped.
chains
The components of a firewall that specify the general type of network traffic to which rules apply.
file handles
The connections that a program makes to files on a filesystem.
aa-enforce command
Sets an AppArmor profile to enforce mode.
getsebool command
Used to display SELinux settings within an SELinux policy.
free command
Used to display memory and swap statistics.
Which parameter when used with the usermod command will lock a user account?
-L
Which parameter should be used with the ls command to view the security content of a file?
-Z
You can display active and inactive memory using the vmstat command with the _______ parameter.
-a
Using the vmstat command along with the _______ parameter, you can also display the number of forks since you last booted the system.
-f
Which parameter should you use along with the vmstat command to display the slab information?
-m
Which parameter should you use along with the vmstat command to display various statistics in a tabular format?
-s
In which directory is the shadow file stored?
/etc
In which file can you view the runlevel of a Linux system?
/etc/inittab
To restrict root access to a Linux system, which two files do you need to edit?
/etc/pam.d/sshd /etc/pam.d/login
In which directory do you create the deniedusers file?
/etc/ssh/
Which file do you need to create for deny root access to a system?
/etc/ssh/deniedusers
To change the mode from Permissive to Enforcing, which value should be used with the setenforce command?
1
How might you restore a Linux system that does not use a fault tolerant storage configuration
1. Power down the computer and replace the failed hard disk or SSD. 2. Boot the Linux system. 3. Create partitions on the replaced hard disk or SSD. 4. Optionally configure LVM logical volumes from the partitions created in Step 3. 5. Use the mkfs (or equivalent) command to create filesystems on the partitions or LVM logical volumes. 6. Restore the original data using a backup utility (e.g., tar, restore, or cpio). 7. Ensure that /etc/fstab has the appropriate entries to mount the filesystems at system startup.
Filesystems can suffers corruption, and bad blocks can cause a wide range of problems. how might one fix this issue if it occurs? (Do not restore data onto a damaged filesystem; ensure that the filesystem has been recreated first.)
1. Unmount the filesystem, if mounted. 2. Run the fsck (or equivalent) command on the filesystem device. 3. If the fsck (or equivalent) command cannot repair the filesystem, use the mkfs (or equivalent) command to re-create the filesystem and restore the original data for the filesystem using a backup utility.
You need to ensure that the directory is not readable by anyone except the root user. Using the chmod command, which value should you assigned to the private key?
700
AppArmor
A Linux kernel module and related software packages that prevent malicious software from accessing system resources.
transport mode
A VPN mode whereby traffic is encrypted between two computers.
tunnel mode
A VPN mode whereby traffic is encrypted between two routers.
self-signed certificate
A certificate that was digitally signed by the computer that generated the public key within.
network zone
A component of firewalld that defines the level of trust for network connections.
Pluggable Authentication Module (PAM)
A component that provides authentication-related functionality on a Linux system.
network latency
A condition where replies to network requests are slow or intermittent.
memory leaks
A condition whereby a process continually uses more and more memory within a system, until there is no more memory available.
firewall daemon (firewalld)
A daemon that can be used to simplify the configuration of netfilter firewall rules via network zones.
GPG agent
A daemon that can be used to store the private key passphrase used by GPG.
Firewall Configuration utility
A graphical firewall configuration utility used on Fedora systems.
Wireshark
A graphical program used to display the network traffic passing through a network interface.
IP set
A list of hosts and networks that can be used within a firewall rule.
baseline
A measure of normal system activity.
login banner
A message that is displayed to users after logging into a system.
Stateful packet filters
A packet filter that applies rules to related packets within the same network session.
One Time Password (OTP)
A password that is used to validate a user's identity once only.
Automatic Bug Reporting Tool Daemon (abrtd)
A process that automatically sends application crash data to an online bug reporting service.
TCP wrapper
A program that can be used to run a network daemon with additional client restrictions specified in the /etc/hosts.allow and /etc/hosts.deny files.
server closet
A secured room that stores servers within an organization.
Remote Dial In User Service (RADIUS)
A service that provides centralized authentication, logging, and policy restrictions on a network.
Terminal Access Controller Access Control System Plus (TACACS+)
A service that provides centralized authentication, logging, and policy restrictions on a network.
Uncomplicated Firewall (UFW)
A software component that can be used to simplify the configuration of netfilter firewall rules.
System Statistics (sysstat) package
A software package that contains common performance-monitoring utilities.
Common Vulnerabilities and Exposures (CVE)
A system used to catalog security vulnerabilities.
Common Weakness Enumeration (CWE)
A system used to catalog security vulnerabilities.
Linux Unified Key Setup (LUKS)
A technology that encrypts the contents of a Linux filesystem.
AppArmor profile
A text file within the /etc/ apparmor.d directory that lists application-specific restrictions.
biometric
A type of authentication that uses physical human attributes, such as fingerprints, to validate a user's identity.
buffer overrun
An attack in which a network service is altered in memory.
label
An identifier that SELinux places on a file, directory, or process.
Lightweight Directory Access Protocol (LDAP)
An industry-standard protocol used to access directory service databases across a network.
GNU Privacy Guard (GPG)
An open source asymmetric encryption technology that can be used to encrypt and digitally sign files and email.
Multi-Category Security (MCS)
An optional SELinux policy scheme that prevents processes from accessing other processes that have similar attributes.
Multi-Level Security (MLS)
An optional SELinux policy scheme that uses custom attributes.
Comparing the total used swap space reported by the top and free commands: which statement is most accurate?
Both commands displayed the same value
aa-disable command
Disables an AppArmor profile.
pidstat (PID statistics) command
Displays CPU statistics for each PID on a Linux system.
Which mode of SELinux blocks an event if it occurs against the defined policy?
Enforcing
Using the /etc/init.d directory, which of the tasks can be performed on a service?
Force-reload Stop Restart Start Reload
restorecon command
Forces SELinux to set the default label on system files and directories.
Which of the following is used to display the memory with the free command?
KB
aa-unconfined command
Lists processes that are not controlled by AppArmor.
What is the default state of a newly added user if the password has not been set?
Locked
Which mode of SELinux does not block an event but logs it if it occurs against the defined policy?
Permissive
UFW also provides the flexibility of filtering packet with a _____ and _______
Port and protocol
Security Enhanced Linux (SELinux)x
Security Enhanced Linux (SELinux)A set of Linux kernel components and related software packages that prevent malicious software from accessing system resources.
ioping (input/output ping) command
Sends input/output requests to a block storage device and measures the speed at which they occur.
aa-complain command
Sets an AppArmor profile to complain mode.
Security Information and Event Management (SIEM)
Software that is used to monitor security events and vulnerabilities on systems across a network.
vulnerability scanner
Software that is used to scan a system for known vulnerabilities.
documentation
System information that is stored in a file or log book for future reference.
netfilter
The Linux kernel component that provides firewall and NAT capability on modern Linux systems.
kinit command
Used to authenticate to a Kerberos authentication service.
setenforce command
Used to change SELinux between enforcing and permissive mode.
chcon command
Used to change the type classification within SELinux labels on system files and directories.
ipset command
Used to configure IP sets.
iptables command
Used to configure IPv4 rules for a netfilter firewall.
ip6tables command
Used to configure IPv6 rules for a netfilter firewall.
ufw (Uncomplicated Firewall) command
Used to configure UFW.
gpg command
Used to configure and manage GPG.
cryptsetup command
Used to configure and manage LUKS.
To block ICMP requests, which file do you need to edit?
before.rules
To install UFW, which repository do you need to install?
epel-release
To find all SUID and SGID files owned by anyone, which command should be used?
find
checksums are often called what?
hashes or message digests.
The _________ command can display the CPU and input/output statistics for devices and partitions.
iostat
Which command should you use to check if a package is PAM-aware?
ldd
Which PAM package is used check if a package is PAM compatible?
libpam.so
To list the files in the /plab directory including the public and private keys, which command should you use?
ll
Which command should you use to find out if a file has SUID/SGID bit set?
ls -l
Which command should you use to display the CPU information?
mpstat
Which file should be created to disable logins into a Linux system?
nologin
Which of the following package should be installed to create a self-signed certificate?
openssl
Using the _______ command, you can display CPU activity for today.
sar
Which command should you use to get the SELinux configuration status?
sestatus
Which command should you use to verify the status of UFW?
ufw status
Which command will help you check the status of UFW rules?
ufw status verbose
Which command should you use to set the expiration date for a user account?
usermod
You can use the _______ command to display various information, such as CPU, swap, and memory utilization.
vmstat