LPIC-3 Security Exam 303-300

LPIC-3 Security

Mounting CIFS Shares

• The uid option specifies the user that appears as the local owner of the files when the server does not provide ownership information.

Private Key Security

• Private keys should not be created on a system where they will be used, and should never leave that system.
• Private keys should have sufficient length for the algorithm used for key generation.

DNSSEC

• NSEC3 is used to prevent zone enumeration.
• TSIG is used to sign DNS messages for secure communication.

OpenSSL

• openssl s_client specifies the host name to use for TLS Server Name Indication.

AIDE

• aide.conf is used to configure AIDE.
• Rules are added to aide.conf to specify what files to monitor.

Audit System

• ausearch is used to search and filter the audit log.

Linux File Attributes

• Extended attributes can store additional metadata about a file.
• setfattr is used to set extended attributes on a file.

PAM

• pam_cracklib checks new passwords against dictionary words and enforces complexity.

Access Control

• SELinux is a Mandatory Access Control (MAC) system.

OpenVPN

• openvpn uses ephemeral keys by default.
• The --mlock option ensures that ephemeral keys are not written to swap space.

Snort

• Snort can be used to detect intrusions and system changes.

Certificate Authority

• A Certificate Authority (CA) issues and signs X.509 certificates.

DNS

• DNSSEC keys can be generated using dnssec-keygen.
• RRSIG is a DNS record type used in DNSSEC.

Network Security

• IPSec is used to secure network communications.
• IP sets are used to group together IP addresses and networks that can be referenced by netfilter rules.

Authentication

• rkhunter is used to detect rootkits and other security threats.
• Linux Malware Detect is used to detect malware on a Linux system.

Linux Permissions

• The chmod command is used to set permissions on a file.
• The chown command is used to set the ownership of a file.

Firewall Configuration

• iptables is used to configure network traffic rules.
• The nat table is used to perform Network Address Translation.

System Security

• A buffer overflow is a type of software vulnerability.
• Privilege escalation is an attack that exploits a vulnerability to gain elevated privileges.

DNS Security

• DNSSEC is used to secure DNS communications.
• TLSA records are used in DNS-Based Authentication of Named Entities (DANE).
• A trust anchor is a root certificate that is trusted by a particular CA.### Security Configurations
• The virtual host is used as a fallback default for all clients that do not support SNI.
• To require a client certificate for authentication in Apache HTTPD, the configuration option SSLVerifyClient require is used.

Certificate Authority (CA)

• A Root CA has a self-signed certificate, does not include the private key of the CA, and must contain an X509v3 Authority extension.
• A Root CA certificate is a self-signed certificate that identifies the CA.

Host Intrusion Detection (HID)

• HID monitors for unauthorized access attempts and alerts security personnel of potential security incidents.
• HID does not automatically remove detected threats.

Linux Permissions

• SELinux permissions are verified before standard Linux permissions.
• The command chown is used to set the owner and group of a file in Linux.
• SELinux permissions are verified after standard Linux permissions.

Wireshark

• Valid Wireshark capture filters include port range 10000:tcp-15000:tcp and tcp portrange 10000-15000.

OpenVAS

• The command openvas-nvt-sync is used to update NVTs from the OpenVAS NVT feed.

File Permissions

• The permission bit that allows a file to be executed is the execute bit.

Automation

• Cron can be used to automate host scans on a Linux system.

Access Control List (ACL)

• The purpose of an access control list in Linux is to specify fine-grained permissions for users and groups.

NFS

• Kerberos authentication was added to NFS in version 4.

OCSP Stapling

• OCSP stapling is a mechanism that allows a server to provide proof of the revocation status of its own SSL/TLS certificate.

FreeIPA

• The command ipa-server-install installs and configures a new FreeIPA server, including all sub-components, and creates a new FreeIPA domain.

OpenSSL

• The command openssl req –new -key private/keypair.pem –out req/csr.pem generates a certificate signing request (CSR) using an existing private key.

Cryptography

• Cryptography is the art of sending secret messages.
• Ciphertext is the encrypted message.
• Plaintext is the original message before encryption.

Rootkits

• A rootkit is a type of malware that disguises itself as legitimate software.

Audit Rules

• The command auditctl –w /etc/firewall/rules –p rw –k firewall defines an audit rule that monitors read and write operations to the file /etc/firewall/rules and associates the rule with the name "firewall".

ebtables

• The command ebtables -t filter –L –v displays all ebtable rules contained in the table filter including their packet and byte counters.

Snort-stat

• The program snort-stat reads syslog files containing Snort information and generates port scan statistics.

chkrootkit

• The tool chkrootkit is used to check for rootkits on a Linux system.

eCryptfs

• eCryptfs is a stacked cryptographic filesystem that stores encrypted data and metadata.
• eCryptfs cannot be used to encrypt only directories that are the home directory of a regular Linux user.

LUKS

• The command cryptsetup luksDelKey /dev/sda 1 deletes only the first key from a LUKS device.

FreeIPA

• FreeIPA includes a DHCP server, Kerberos KDC, and Directory Server.

DNSSEC

• DNSSEC is a security extension to DNS that provides authentication of DNS data.
• The command dnssec-keygen is used to generate keys for DNSSEC.

Security Information and Event Management (SIEM) System

• A SIEM system is a type of HID tool.

X.509 Certificate

• An X.509 certificate is a digital document that verifies the identity of a website.
• An X.509 certificate contains information such as the subject, issuer, and validity period.

Certificate Revocation List (CRL)

• A CRL is a list of X.509 certificates that have been revoked by a particular CA.

Social Engineering

• Social engineering is a type of attack that exploits human psychology to gain access to sensitive information.

DNS over TLS and DNS over HTTPS

• DNS over TLS and DNS over HTTPS provide secure communication between DNS clients and servers.

LPIC-3 Security

Mounting CIFS Shares

• The uid option specifies the user that appears as the local owner of the files when the server does not provide ownership information.

Private Key Security

• Private keys should not be created on a system where they will be used, and should never leave that system.
• Private keys should have sufficient length for the algorithm used for key generation.

DNSSEC

• NSEC3 is used to prevent zone enumeration.
• TSIG is used to sign DNS messages for secure communication.

OpenSSL

• openssl s_client specifies the host name to use for TLS Server Name Indication.

AIDE

• aide.conf is used to configure AIDE.
• Rules are added to aide.conf to specify what files to monitor.

Audit System

• ausearch is used to search and filter the audit log.

Linux File Attributes

• Extended attributes can store additional metadata about a file.
• setfattr is used to set extended attributes on a file.

PAM

• pam_cracklib checks new passwords against dictionary words and enforces complexity.

Access Control

• SELinux is a Mandatory Access Control (MAC) system.

OpenVPN

• openvpn uses ephemeral keys by default.
• The --mlock option ensures that ephemeral keys are not written to swap space.

Snort

• Snort can be used to detect intrusions and system changes.

Certificate Authority

• A Certificate Authority (CA) issues and signs X.509 certificates.

DNS

• DNSSEC keys can be generated using dnssec-keygen.
• RRSIG is a DNS record type used in DNSSEC.

Network Security

• IPSec is used to secure network communications.
• IP sets are used to group together IP addresses and networks that can be referenced by netfilter rules.

Authentication

• rkhunter is used to detect rootkits and other security threats.
• Linux Malware Detect is used to detect malware on a Linux system.

Linux Permissions

• The chmod command is used to set permissions on a file.
• The chown command is used to set the ownership of a file.

Firewall Configuration

• iptables is used to configure network traffic rules.
• The nat table is used to perform Network Address Translation.

System Security

• A buffer overflow is a type of software vulnerability.
• Privilege escalation is an attack that exploits a vulnerability to gain elevated privileges.

DNS Security

• DNSSEC is used to secure DNS communications.
• TLSA records are used in DNS-Based Authentication of Named Entities (DANE).
• A trust anchor is a root certificate that is trusted by a particular CA.### Security Configurations
• The virtual host is used as a fallback default for all clients that do not support SNI.
• To require a client certificate for authentication in Apache HTTPD, the configuration option SSLVerifyClient require is used.

Certificate Authority (CA)

• A Root CA has a self-signed certificate, does not include the private key of the CA, and must contain an X509v3 Authority extension.
• A Root CA certificate is a self-signed certificate that identifies the CA.

Host Intrusion Detection (HID)

• HID monitors for unauthorized access attempts and alerts security personnel of potential security incidents.
• HID does not automatically remove detected threats.

Linux Permissions

• SELinux permissions are verified before standard Linux permissions.
• The command chown is used to set the owner and group of a file in Linux.
• SELinux permissions are verified after standard Linux permissions.

Wireshark

• Valid Wireshark capture filters include port range 10000:tcp-15000:tcp and tcp portrange 10000-15000.

OpenVAS

• The command openvas-nvt-sync is used to update NVTs from the OpenVAS NVT feed.

File Permissions

• The permission bit that allows a file to be executed is the execute bit.

Automation

• Cron can be used to automate host scans on a Linux system.

Access Control List (ACL)

• The purpose of an access control list in Linux is to specify fine-grained permissions for users and groups.

NFS

• Kerberos authentication was added to NFS in version 4.

OCSP Stapling

• OCSP stapling is a mechanism that allows a server to provide proof of the revocation status of its own SSL/TLS certificate.

FreeIPA

• The command ipa-server-install installs and configures a new FreeIPA server, including all sub-components, and creates a new FreeIPA domain.

OpenSSL

• The command openssl req –new -key private/keypair.pem –out req/csr.pem generates a certificate signing request (CSR) using an existing private key.

Cryptography

• Cryptography is the art of sending secret messages.
• Ciphertext is the encrypted message.
• Plaintext is the original message before encryption.

Rootkits

• A rootkit is a type of malware that disguises itself as legitimate software.

Audit Rules

• The command auditctl –w /etc/firewall/rules –p rw –k firewall defines an audit rule that monitors read and write operations to the file /etc/firewall/rules and associates the rule with the name "firewall".

ebtables

• The command ebtables -t filter –L –v displays all ebtable rules contained in the table filter including their packet and byte counters.

Snort-stat

• The program snort-stat reads syslog files containing Snort information and generates port scan statistics.

chkrootkit

• The tool chkrootkit is used to check for rootkits on a Linux system.

eCryptfs

• eCryptfs is a stacked cryptographic filesystem that stores encrypted data and metadata.
• eCryptfs cannot be used to encrypt only directories that are the home directory of a regular Linux user.

LUKS

• The command cryptsetup luksDelKey /dev/sda 1 deletes only the first key from a LUKS device.

FreeIPA

• FreeIPA includes a DHCP server, Kerberos KDC, and Directory Server.

DNSSEC

• DNSSEC is a security extension to DNS that provides authentication of DNS data.
• The command dnssec-keygen is used to generate keys for DNSSEC.

Security Information and Event Management (SIEM) System

• A SIEM system is a type of HID tool.

X.509 Certificate

• An X.509 certificate is a digital document that verifies the identity of a website.
• An X.509 certificate contains information such as the subject, issuer, and validity period.

Certificate Revocation List (CRL)

• A CRL is a list of X.509 certificates that have been revoked by a particular CA.

Social Engineering

• Social engineering is a type of attack that exploits human psychology to gain access to sensitive information.

DNS over TLS and DNS over HTTPS

• DNS over TLS and DNS over HTTPS provide secure communication between DNS clients and servers.