Term
| SELinux (security enhanced linux) |
|
Definition
| Was developed by the US NSA, and implements Mandatory Access Control (MAC) in the Linux Kernel, MAC enforces policies that limit what a user or program can do. |
|
|
Term
| 3 modes (states) of SELinux |
|
Definition
Enforcing- default state a security policy is enforced.
Permissive-diagnostic state-sends a warning message to a log but does not enforce the policy
Disabled-does not enforce a security policy because none is loaded |
|
|
Term
| TCP Wrappers: Client/Server Security (hosts.allow and hosts.deny) |
|
Definition
when opening a local system 3 criteria must be met:
-Open the local system only to systems you want to allow to access it.
-Allow each remote system to access only the data you want it to access
-Allow each remote system to access data only in the appropriate manner (readonly, read/write, write only) |
|
|
Term
| When a client requests a connection with a local server, the hosts.allow and hosts.deny files are consulted in the following manner: |
|
Definition
1. if the daemon/client pair matches a line in hosts.allow, access is granted
2. if the daemon/client pair matches a line in hosts.deny access is denied
3.if there is no match in either the hosts.allow or hosts.deny files, access is granted |
|
|
Term
|
Definition
| The chroot utility allows you to run a process with a root directory other than /. |
|
|
Term
|
Definition
| an artificial root directory-you prevent a program from accessing or modifying (possibly maliciously ) files outside directory hierarchy starting at its root. You must set up a chroot jail property to increase security. If you do not you can make it easier for a malicious user to gain access to a system than if there were no chroot jail. |
|
|
Term
| Advantages of DHCP (Dynamic Host Configuration Protocol) |
|
Definition
-A new user can set up an internet connection without dealing with ip addresses, netmasks, dns and other detail.
-DHCP facilitates assignment and management of IP addresses by centralizing the process on a server. A sys admin can config new systems from remote locations
-IP addresses can be used by more than one system, reducing the total number of IP addresses needed. |
|
|
Term
|
Definition
The info in an option line is sent to each client when it connects.
The option broadcast-addresses line specifies the broadcast address of the network.
The routers and domain-name-servers options can be followed by multiple values separated by commas. |
|
|
Term
| Protocols supported by CUPS |
|
Definition
Common Unix printing System-
System V, BSD command line interfaces
IPP, LPD/LPR
HTTP and SMB and JetDirect (socket) |
|
|
Term
| CUPS Config Options are found: |
|
Definition
1. CLI
2. Web interface
3. GUI |
|
|
Term
|
Definition
| this utility provides information about he printer drivers and interfaces available to CUPS. The -m option displays the list of available PostScript Printer Definition (PPD)files/drivers. |
|
|
Term
|
Definition
Tool that encrypts all traffic
SSH1 is vulnerable to a man-in-the-middle attack.
Ssh utility allows you to log in on a remote system over a network |
|
|
Term
|
Definition
| file where known hosts are stored. known_hosts contains public RSA keys of hosts that the user has connected to. OpenSSH automatically adds entries each time the user connects to a new server. |
|
|
Term
|
Definition
| Userlist is a space-separated list of usernames that specifies users who are allowed to log in using sshd. List includes * and ? wildcards. Can specify user or user@host. 2nd format-must specify the hose as returned by hostname or any user can log in using an OpenSSH client. |
|
|
Term
|
Definition
| Forward X11 to yes in this configuration by using -X option on the ssh command line. Tunneling must be enabled on both the server and client for it to work. (global file) |
|
|
Term
|
Definition
| -Y starts the client in trusted mode. -X is to use nontrusted tunneling. |
|
|
Term
| FTP- Passive vs. Active connections |
|
Definition
Passive mode- the client initiates the connection to the server
Active mode- the server initiates the connection (there is no default port) |
|
|
Term
|
Definition
| Listen: YES runs vsftp in standalone mode; NO runs it in normal mode |
|
|
Term
| Binary vs. ASCII Transfer mode |
|
Definition
| Use ASCII mode for transferring files to windows on the FTP server |
|
|
Term
| Configuring sendmail on a client (sendmail.mc) |
|
Definition
The dnl on at the start of the following line in sendmail.mc indicates that this line is a comment.
To specify a remote STMP server, you must open sendmail.mc in an editor and change the preceding line, deleting dnl from the beginning and replacing with stmp.your.provider. with FQDN of ISP's SMTP. |
|
|
Term
|
Definition
| An STMP server normally uses TCP port 25. If there is a firewall you need to open this port. |
|
|
Term
|
Definition
| Serves email to multiple domains. This file can forward inbound email addresses to different domains. A system that serves mail to many domains needs to have a way to sort the incoming mail. |
|
|
Term
|
Definition
| IMAP-Internet Message Access Protocol and POP Post Office Protocol are two protocols that allow users to retrieve email remotely. |
|
|
Term
|
Definition
| Dovecot is a package that includes the imap-login and pop3 login daemons that implement the IMAP and POP3 protocols. (Dovecot is the CLIENT) |
|
|
Term
Mail Clients:
MUA MTA and MDA (examples) |
|
Definition
MUA (Mail User Agent)- mutt, Kmail, Thunderbird, Outlook
bridge between user and mail system
MTA (Mail Transfer Agent)- sendmail
transfers it to the destination
MDA (Mail Delivery Agent) Procmail
Puts it in the recipients mailbox |
|
|
Term
|
Definition
Whether a system uses NIS, DNS or local files, or a combination as the source of certain information, and in what order is determined by this file.
You can config this file to cause /etc/passwd to override NIS password information for the local system. |
|
|
Term
|
Definition
| /etc/exports-holds a list of exported directory hierarchies- It is the access control list for exported directory hierarchies that the NFS clients can mount |
|
|
Term
|
Definition
/cat /etc/exports
/home grape(rw,sync)
directory thats sharing (/home) system that can access directory (grape with readwrite,sync) |
|
|
Term
|
Definition
mounts directory hierarchies automatically:
Syntax: PCname:share directory format accessoptions
grape:/gc1 /grape.gc1 nfs rsize=8192, wsize=8192 |
|
|
Term
|
Definition
/etc/samba/smbusers users file
/etc/samba/smbpasswd password file
/etc/samba/smb.conf configuration file |
|
|
Term
| The named configuration file |
|
Definition
when using chroot jail zone files are saved in the /var/named/chroot/var/named file.
by default they are kept in /var/named |
|
|
Term
| Resource Records (7 types) |
|
Definition
A-IPV4 Address
AAAA-IPV6 Address
CNAME-maps an alias or nickname to a domain name
MX- mail exchange specifies a destination for mail addressed to the domain
NS-Nameserver specifies the name of the system that provides DNS for the domain
PTR-pointer maps an IP address to a domain name and is used for reverse name resolution
SOA- start of Authority designates the start of a zone |
|
|
Term
|
Definition
| THROUGH is not an a valid iptables chain option |
|
|
Term
|
Definition
Apache supports virtual hosts: There are two types of virtual hosts:
Host-by-name: relies on FQDN
Host-by-IP: examines the IP address |
|
|
Term
|
Definition
| Containers or special directives are directives that group other directives. Containers are delimited by XML tags. .... .... ... examples are in httpd.conf |
|
|
Term
|
Definition
| is an upgrade to ASP based on the .NET framework and enable developers to create dynamic web pages, apps and XML web services using a wide variety of programming languages and development tools. Has an .aspx extension and contain HTML or XML |
|
|
Term
|
Definition
| Active Server Pages- a server side processing engine to provide better web content, has better performance then CGI and is simpler than ISAPI. Have an .asp extension and use VBscripting language |
|
|
Term
|
Definition
| Universal Discovery Description and Integration |
|
|
