Linux Security and File Systems

Questions and Answers

What option of mount.cifs specifies the user that appears as the local owner of the files of a mounted CIFS share when the server does not provide ownership information?

• username
• uid (correct)
• owner
• gid

Where should private keys be created and stored?

• On a system with a secure connection
• On a shared network drive
• On a public key server
• On a system where they will be used (correct)

What is the primary purpose of NSEC3 in DNSSEC?

• To authenticate a DNS server
• To provide information about DNSSEC key signing keys
• To prevent zone enumeration (correct)
• To sign a DNS zone

Which command is used to change the SELinux context for a user?

newrole (B)

What is a key used for encryption that is different from the key used for decryption?

An asymmetric key (D)

Which file is used to configure AIDE?

/etc/aide/aide.conf (B)

Which of the following is an example of a behavioral-based HID technique?

Anomaly-based detection (C)

Which command is used to set an extended attribute on a file in Linux?

setfattr (A)

What is the purpose of ndpmon?

To monitor the network for neighbor discovery messages from new IPv6 hosts and routers (D)

Which option in an Apache HTTPD configuration file enables OCSP stapling?

httpd-ssl.conf (B)

What is an asymmetric key used for?

Encryption and decryption using different keys (C)

Why should private keys have a sufficient length for the algorithm used for key generation?

To prevent brute-force attacks (B)

Which of the following database names can be used within a Name Service Switch (NSS) configuration file?

group, shadow, passwd (B)

Which parameter to openssl s_client specifies the host name to use for TLS Server Name Indication?

-servername (B)

Which of the following lines in an OpenSSL configuration adds an X509v3 Subject Alternative Name extension for the host names example.org and www.example.org to a certificate?

subjectAltName = DNS: www.example.org, DNS:example.org (B)

What is a buffer overflow?

A type of software vulnerability (B)

Which tool can be used to manage the Linux Audit system?

auditd (C)

What is the difference between a SetUID and SetGID bit?

SetUID allows a file to be executed with the permissions of the file owner, while SetGID allows a file to be executed with the permissions of the group owner (C)

Which of the following sections are allowed within the Kerberos configuration file krb5.conf?

[realms] (A), [plugins] (D)

What is the purpose of the Linux Audit system?

To detect intrusions and system changes (A)

What is Linux Malware Detect?

A tool to detect malware on a Linux system (B)

What is a Trojan?

A type of malware that disguises itself as legitimate software (B)

What is a rogue access point?

An unauthorized access point that is set up to look like a legitimate one (B)

Which command is used to generate DNSSEC keys?

dnssec-keygen (A)

What is the purpose of file ownership in Linux systems?

To restrict access to files only to their owner (A)

What is a DoS attack?

An attack that floods a network or server with traffic to make it unavailable (D)

What is a trust anchor?

A root certificate that is trusted by a particular CA (C)

What is the purpose of getfacl?

To view the access control list of a file (B)

What is a man-in-the-middle attack?

An attack that intercepts communications between two parties to steal information (A)

Which of the following commands adds a new user to FreeIPA?

ipa user-add usera --first User --last A (B)

What is the purpose of rkhunter?

To detect rootkits and other security threats (C)

What is a certificate chain?

A sequence of certificates used to verify the authenticity of a digital certificate (B)

Which of the following commands changes the source IP address to 192.0.2.11 for all IPv4 packets which go through the network interface eth0?

iptables -t nat -A POSTROUTING -o eth0 -j SNAT --to-source 192.0.2.11 (B)

What is the purpose of a Certificate Authority (CA)?

To issue and sign X.509 certificates (A)

Which directive is used in an OpenVPN server configuration to send network configuration information to the client?

push (D)

Which of the following DNS records are used in DNSSEC?

RRSIG (B)

Which command is used to add users using SSSD’s local service?

sss_useradd (C)

What is the primary purpose of a mechanism that allows a server to provide proof of its own identity to clients?

To verify the identity of the server to clients (D)

Which command is used to install and configure a new FreeIPA server?

ipa-server-install (C)

What is the purpose of a certificate signing request (CSR) in cryptography?

To request a digital certificate from a CA (B)

What is the primary goal of cryptography?

To send secret messages (B)

What type of activity does HID primarily monitor for?

Unauthorized access attempts (C)

What is the benefit of using HID?

Real-time detection of security incidents (C)

What is a ciphertext?

The encrypted message (A)

What is the purpose of the auditctl command?

To define an audit rule (A)

What is a rootkit?

A type of malware that disguises itself as legitimate software (D)

What is the purpose of the ebtables command?

To display ebtable rules (A)

What does the ulimit command control in a Linux system?

The maximum number of open file descriptors (A), The maximum number of user processes (B), The maximum size of written files (C)

What is the purpose of the SSLStrictSNIVHostCheck configuration option in Apache HTTPD?

To serve the virtual host only to clients that support SNI (D)

What is the purpose of the SSLRequestClientCert directive in Apache HTTPD?

To request a client certificate but not require it (C)

What is true about a Root CA certificate?

It is a self-signed certificate (B)

What is the best practice for implementing HID?

Configure HID to alert security personnel of potential security incidents (C)

How are SELinux permissions related to standard Linux permissions?

SELinux permissions are verified after standard Linux permissions (A), Standard Linux permissions override SELinux permissions (B)

What command is used to set the owner and group of a file in Linux?

chown (C)

What is the purpose of an access control list in Linux?

To specify fine-grained permissions for users and groups (A)

What is the purpose of the OCSP stapling mechanism?

To provide proof of the revocation status of its own SSL/TLS certificate (C)

What is the purpose of the openvas-nvt-sync command?

To update NVTs from the OpenVAS NVT feed (B)

What is the purpose of a DNSKEY record in DNSSEC?

To sign a DNS zone (C)

What is the purpose of AIDE?

To detect intrusions and system changes (A)

What is phishing?

A type of social engineering attack (D)

What is an X.509 Certificate?

A digital document that verifies the identity of a website (D)

Which DNS record is used to map an IP address to a hostname?

PTR (D)

What is the purpose of DNS over TLS and DNS over HTTPS?

To provide secure communication between DNS clients and servers (D)

What is the purpose of a Certificate Revocation List (CRL)?

A list of X.509 certificates that have been revoked by a particular CA (A)

Which of the following statements is true about chroot environments?

The chroot path needs to contain all data required by the programs running in the chroot environment (A)

What is social engineering?

A type of attack that exploits human psychology to gain access to sensitive information (D)

Which of the following information, within a DNSSEC-signed zone, is signed by the key signing key?

The zone signing key of the zone (D)

What happens when you run the command cryptsetup luksOpen /dev/sda1 crypt-vol?

It maps the LUKS device to the name 'crypt-vol'. (A)

What is true about eCryptfs?

eCryptfs cannot be used to encrypt only directories that are the home directory of a regular Linux user. (A)

How does TSIG authenticate name servers?

Using a secret key shared between the servers. (D)

Which components are part of FreeIPA?

Kerberos KDC, Directory Server, and Public Key Infrastructure (B)

Which utility is used to generate keys for DNSSEC?

dnssec-keygen (A)

What is the purpose of the pam_cracklib PAM module?

To check new passwords against dictionary words and enforce complexity (D)

What makes the contents of the eCryptfs encrypted directory ~/Private available to the user?

ecryptfs-mount-private (A)

What is the purpose of IP sets in Linux?

To group together IP addresses referenced by netfilter rules (B)

Which of the following is an example of a HID tool?

Security information and event management (SIEM) system (A)

What does the X509 certificate contain?

Basic Constraints with CA:TRUE, pathlen:0 (B)

What is the purpose of an extended attribute in Linux?

To store additional metadata about a file (A)

Which command is used to configure rkhunter?

./etc/rkhunter.conf (C)

What is true about AppArmor and SELinux?

AppArmor is less complex and easier to configure than SELinux. (D)

Which command disables the automatic password expiry for the user usera?

chage --maxdays -1 usera (B)

What is the purpose of the iptables command?

To accept all TCP traffic on port 20 and 21 for the IP address 10.142.232.1 (B)

Which access control model is established by using SELinux?

Mandatory Access Control (MAC) (A)

Which option of the openvpn command should be used to ensure that ephemeral keys are not written to the swap space?

--mlock (D)

Which of the following namespaces are used in Linux Extended File Attributes?

trusted, user, system (D)

What is the purpose of TSIG in DNS?

To sign DNS messages for secure communication (A)

What is the purpose of privilege escalation?

An attack that exploits a vulnerability to gain elevated privileges (A)

Study Notes

Mounting and Access Control

• The uid option in mount.cifs specifies the user that appears as the local owner of files on a mounted CIFS share when the server does not provide ownership information.
• The setfacl command is used to set access control lists (ACLs) on files.

Security and Encryption

• Private keys should be created on the systems where they will be used and should never leave them.
• Private keys should have a sufficient length for the algorithm used for key generation.
• A buffer overflow is a type of software vulnerability.
• A symmetric key is a key used for encryption and decryption that is the same.
• An asymmetric key is a key used for encryption that is different from the key used for decryption.

DNS and DNSSEC

• NSEC3 is used to prevent zone enumeration in DNSSEC.
• TSIG is used to sign DNS messages for secure communication.
• DNSSEC validation is performed on behalf of clients by a recursive name server.

System Security and Auditing

• The Linux Audit system is used to detect intrusions and system changes.
• ausearch is a command used to search and filter the audit log.
• setfattr is a command used to set extended attributes on files.
• getfattr is a command used to get extended attributes of files.

Network Security

• A honeypot is a network security tool designed to lure attackers into a trap.
• An IP set is a group of IP addresses and networks that can be referenced by netfilter rules.
• A man-in-the-middle attack is an attack that intercepts communications between two parties to steal information.

Certificates and Authentication

• A trust anchor is a root certificate that is trusted by a particular Certificate Authority (CA).
• A certificate chain is a sequence of certificates used to verify the authenticity of a digital certificate.
• OpenVPN uses ephemeral keys that are not written to the swap space.

Access Control and Security

• Mandatory Access Control (MAC) is established by using SELinux.
• The chattr command is used to set extended attributes on files.
• The getfacl command is used to view the access control list of a file.### Linux Security and Administration
• SELinux permissions are verified after standard Linux permissions
• The chown command is used to set the owner and group of a file in Linux
• Wireshark capture filters include port range 10000:tcp-15000:tcp and tcp portrange 10000-15000
• The openvas-nvt-sync command is used to update NVTs from the OpenVAS NVT feed
• The execute permission bit allows a file to be executed

Automated Scans

• Host scans can be automated on a Linux system using cron
• OpenSCAP is not used to automate host scans

Access Control

• An access control list in Linux specifies fine-grained permissions for users and groups
• The purpose of an access control list is to specify permissions for users and groups

NFS Authentication

• Kerberos authentication was added to NFS in version 4

OCSP Stapling

• OCSP stapling is a mechanism that allows a server to provide proof of the revocation status of its own SSL/TLS certificate

FreeIPA Server

• The ipa-server-install command installs and configures a new FreeIPA server, including all sub-components, and creates a new FreeIPA domain

OpenSSL

• The openssl req command is used to generate a certificate signing request (CSR) using an existing private key

Cryptography

• Cryptography is the art of sending secret messages
• A ciphertext is the encrypted message
• A plaintext is the original message before encryption

HID (Host-based Intrusion Detection)

• HID monitors for unauthorized access attempts
• HID tools include security information and event management (SIEM) systems

Rootkits

• A rootkit is a type of malware that disguises itself as legitimate software
• chkrootkit is a tool used to check for rootkits on a Linux system

ebtables

• The ebtables command is used to display all ebtable rules contained in the table filter, including their packet and byte counters

Snort-stat

• snort-stat reads syslog files containing Snort information and generates port scan statistics

LUKS Devices

• cryptsetup luksDelKey is used to delete a key from a LUKS device
• cryptsetup luksOpen is used to open a LUKS device

eCryptfs

• eCryptfs is a stacked cryptographic filesystem for Linux
• eCryptfs does not store the contents of all files in an archive file similar to a tar file with an additional index to improve performance

Password Expiry

• chage is used to change the password expiry information for a user
• chage --maxdays none disables password expiry for a user

TSIG

• TSIG authenticates name servers in order to perform secured zone transfers using a secret key that is shared between the servers

FreeIPA Components

• FreeIPA components include Kerberos KDC, Directory Server, and Public Key Infrastructure
• DHCP Server is not a component of FreeIPA

DNSSEC

• dnssec-keygen is used to generate keys for DNSSEC
• DNSSEC is used to provide authentication and integrity of DNS data
• TSIG authenticates name servers in order to perform secured zone transfers using a shared secret key

X.509 Certificates

• An X.509 certificate contains information about the identity of a website
• A Certificate Revocation List (CRL) is a list of X.509 certificates that have been revoked by a particular CA

HID Tools

• HID tools include security information and event management (SIEM) systems
• Antivirus software is not a type of HID tool

AppArmor and SELinux

• AppArmor and SELinux are both Linux security modules
• SELinux is a Linux kernel module, whereas AppArmor is implemented in user space only
• SELinux stores information in extended file attributes, whereas AppArmor does not maintain file-specific information and states

Description

Quiz about Linux security and file systems, including mounting CIFS shares and private key management.