Term
| What is the only TCP network application in Red Hat Enterprise Linux that installs enabled to receive external client connections by default? |
|
Definition
|
|
Term
| Although the cups service installs with the cupsd daemon enabled by default, why is it not thought to be a network security risk? |
|
Definition
| The cupsd daemon binds only to the loopback interface. |
|
|
Term
| What TCP state indicates a socket which is ready to receive new client connections? |
|
Definition
|
|
Term
| What UDP state indicates a socket which is ready to receive new client connections? |
|
Definition
|
|
Term
| Which of the following command lines would cause nmap to scan ports 10000 through 20000 of the host printserver.example.com? |
|
Definition
| nmap -p 10000-20000 printserver.example.com |
|
|
Term
| Which of the following command lines causes nmap to attempt to identify particular versions of applications? |
|
Definition
| nmap -A printserver.example.com |
|
|
Term
| When browsing the file /var/log/secure, you discover the following log message: Jan 7 07:48:34 localhost sshd[3179]: Did not receive identification string from UNKNOWN. What is a likely cause? |
|
Definition
| Someone performed a port scan of the machine. |
|
|
Term
| Using netstat -tunap, you discover that a process named hpiod is bound to a TCP port. Which of the following commands can be used to discover where the program is located in your filesystem? |
|
Definition
|
|
Term
| Knowing that the hpiod program is installed at /usr/sbin/hpiod, which of the following command lines can help find the name of the Red Hat Enterprise Linux service which controls the daemon? |
|
Definition
| rpm -q -f /usr/sbin/hpoid -l | grep etc |
|
|
Term
| Having discovered that the service name is hplip, which of the following commands would disable the service immediately and on subsequent reboots? |
|
Definition
service hplip stop
chkconfig hplip off |
|
|
Term
| Which is least likely to be true for a daemon? |
|
Definition
| Has a graphical interface. |
|
|
Term
| Logging via rsyslogd is configured/controlled by: |
|
Definition
| Facility, severity and target specified in /etc/rsyslog.conf. |
|
|
Term
Which of the following is not a standard rsyslog facility name?
mail
cron
vsftp
authpriv
local3 |
|
Definition
|
|
Term
Which of the following rsyslog severities is the least severe?
err
crit
emerg
alert
warning |
|
Definition
|
|
Term
| Which /etc/rsyslog.conf line would send mail.warning messages to a local log file? |
|
Definition
| *.notice /var/log/messages |
|
|
Term
| Which /etc/rsyslog.conf line might generate the most network traffic? |
|
Definition
| cron.none;*.debug @192.168.1.103 |
|
|
Term
| Which /etc/rsyslog.conf line contains a syntax error? |
|
Definition
|
|
Term
| Most appropriate command to put /etc/rsyslog.conf changes into effect. |
|
Definition
|
|
Term
| The line from a chkconfig --list command shown below indicates that the system logging service is called "rsyslog" rather than "rsyslogd." What might be the reason for this? |
|
Definition
| The logging service has more than one associated daemon. |
|
|
Term
Which of the following rsyslog severities is the most severe?
notice
info
alert
debug
crit |
|
Definition
|
|
Term
| The following ls output indicates that thisfile is executable by whom? |
|
Definition
| thisfile is not executable. |
|
|
Term
| Assuming that root is the only privileged user and group on the system, which of the following is potentially the most dangerous if exploited by a hacker? |
|
Definition
| -rwsrwSrwx 1 root users 63 Aug 20 16:29 thisfile |
|
|
Term
Which of following commands could have just been executed against thisfile based on the ls output shown below?
-rwsrwsrwx 1 root root 0 Aug 20 16:15 thisfile |
|
Definition
chmod 6777 thisfile
chmod u+s,g+s thisfile |
|
|
Term
The following command executed by root would find which files?
find / -perm -600 -print |
|
Definition
| All files in the filesystem that are both readable and writeable by owner. |
|
|
Term
The following command executed by root would find which files?
find / -perm /6000 -ls |
|
Definition
All SetUID files in the current directory.
All SetGID files in the current directory.
All SetUID files in the file system.
All SetGID files in the file system. |
|
|
Term
The following command executed by root would find which files?
find -perm -6000 -maxdepth 1 -print |
|
Definition
| All files in the current directory with both SetUID and SetGID set. |
|
|
Term
| Which might be preferred for fingerprinting files, sha1sum or md5sum, and why? |
|
Definition
| sha1sum, because it is harder to compromise. |
|
|
Term
| What is the difference between du and df output. |
|
Definition
| df shows statistics for file systems, du for directories and files. |
|
|
Term
Which output line from the following df command hints at trouble brewing?
df -h | grep "^/dev"
/dev/sda3 45G 45G 45M 99% /home
/dev/sda2 8G 4G 4G 50% /
/dev/sda1 12G 2G 10G 16% /boot |
|
Definition
| /dev/sda3 45G 45G 45M 99% /home |
|
|
Term
| Which command executed by root might show a useful summary of local users' home directory disk usage? |
|
Definition
|
|
Term
| What service must be running for commands like sa to work? |
|
Definition
|
|
Term
| A useful file for configuring process limits: |
|
Definition
| /etc/security/limits.conf |
|
|
Term
.
Based on the following output from the command groups elvis, which line in /etc/security/limits.conf would limit the number of concurrent logins elvis could have?
elvis : music wrestle physics emperors |
|
Definition
| @physics hard maxlogins 10 |
|
|
Term
| Which line in /etc/security/limits.conf would prevent members of the smokers group from ever starting more than 500 processes? |
|
Definition
|
|
Term
| Which line in /etc/security/limits.conf would most likely prevent elvis from accomplishing any meaningful work? (Note: The presence of this line would probably indicate an error on part of the administrator, versus a valid security limit.) |
|
Definition
|
|
Term
| Consider a system on which process accounting has been enabled for one week. The administrator on this system knows that elvis was logged on for several hours today, but is now logged off. Which of the following would show the administrator a list of commands run by elvis during his last session? |
|
Definition
|
|
Term
| User elvis is currently logged on and the administrator would like to monitor his activity. Which of the following would give the administrator a running summary of elvis's impact to the system? |
|
Definition
|
|
Term
| the priorities of syslog messages, from least to most important are: |
|
Definition
debug
info
notice
warning
err
crit
alert
emerg |
|
|
