Podcast
Questions and Answers
What is the purpose of rkhunter?
What is the purpose of rkhunter?
What is a certificate chain?
What is a certificate chain?
What is a Trojan?
What is a Trojan?
What is a rogue access point?
What is a rogue access point?
Signup and view all the answers
The purpose of a TLSA record in DANE is to provide information about a TLS server.
The purpose of a TLSA record in DANE is to provide information about a TLS server.
Signup and view all the answers
How are SELinux permissions related to standard Linux permissions?
How are SELinux permissions related to standard Linux permissions?
Signup and view all the answers
What option of mount.cifs specifies the user that appears as the local owner of the files of a mounted CIFS share when the server does not provide ownership information?
What option of mount.cifs specifies the user that appears as the local owner of the files of a mounted CIFS share when the server does not provide ownership information?
Signup and view all the answers
Which of the following practices are important for the security of private keys? (Choose TWO correct answers)
Which of the following practices are important for the security of private keys? (Choose TWO correct answers)
Signup and view all the answers
What is the purpose of NSEC3 in DNSSEC?
What is the purpose of NSEC3 in DNSSEC?
Signup and view all the answers
Which command is used to run a new shell for a user changing the SELinux context?
Which command is used to run a new shell for a user changing the SELinux context?
Signup and view all the answers
Which file is used to configure AIDE?
Which file is used to configure AIDE?
Signup and view all the answers
Which of the following statements describes the purpose of ndpmon?
Which of the following statements describes the purpose of ndpmon?
Signup and view all the answers
What is an asymmetric key?
What is an asymmetric key?
Signup and view all the answers
Which of the following is an example of a behavioral-based HID technique?
Which of the following is an example of a behavioral-based HID technique?
Signup and view all the answers
Which command revokes ACL-based write access for groups and named users on the file afile?
Which command revokes ACL-based write access for groups and named users on the file afile?
Signup and view all the answers
Which command is used to set an extended attribute on a file in Linux?
Which command is used to set an extended attribute on a file in Linux?
Signup and view all the answers
Determine whether the given solution is correct?
Determine whether the given solution is correct?
Signup and view all the answers
Which of the following openssl commands generates a certificate signing request (CSR) using the already existing private key contained in the file private/keypair.pem?
Which of the following openssl commands generates a certificate signing request (CSR) using the already existing private key contained in the file private/keypair.pem?
Signup and view all the answers
What is Cryptography?
What is Cryptography?
Signup and view all the answers
What type of activity does HID monitor for?
What type of activity does HID monitor for?
Signup and view all the answers
Which of the following is NOT a benefit of using HID?
Which of the following is NOT a benefit of using HID?
Signup and view all the answers
What is a ciphertext?
What is a ciphertext?
Signup and view all the answers
What is a rootkit?
What is a rootkit?
Signup and view all the answers
Which of the following commands defines an audit rule that monitors read and write operations to the file '/etc/firewall/rules' and associates the rule with the name 'firewall'?
Which of the following commands defines an audit rule that monitors read and write operations to the file '/etc/firewall/rules' and associates the rule with the name 'firewall'?
Signup and view all the answers
What is a plaintext?
What is a plaintext?
Signup and view all the answers
Which protocol is commonly used to transmit X.509 certificates?
Which protocol is commonly used to transmit X.509 certificates?
Signup and view all the answers
What option of mount.cifs specifies the user that appears as the local owner of the files of a mounted CIFS share when the server does not provide ownership information?
What option of mount.cifs specifies the user that appears as the local owner of the files of a mounted CIFS share when the server does not provide ownership information?
Signup and view all the answers
Which of the following practices are important for the security of private keys? (Choose TWO correct answers.)
Which of the following practices are important for the security of private keys? (Choose TWO correct answers.)
Signup and view all the answers
What is the purpose of NSEC3 in DNSSEC?
What is the purpose of NSEC3 in DNSSEC?
Signup and view all the answers
Which command is used to run a new shell for a user changing the SELinux context?
Which command is used to run a new shell for a user changing the SELinux context?
Signup and view all the answers
Which file is used to configure AIDE?
Which file is used to configure AIDE?
Signup and view all the answers
Which of the following statements describes the purpose of ndpmon?
Which of the following statements describes the purpose of ndpmon?
Signup and view all the answers
What is an asymmetric key?
What is an asymmetric key?
Signup and view all the answers
Which of the following is an example of a behavioral-based HID technique?
Which of the following is an example of a behavioral-based HID technique?
Signup and view all the answers
Which command revokes ACL-based write access for groups and named users on the file afile?
Which command revokes ACL-based write access for groups and named users on the file afile?
Signup and view all the answers
Which command is used to set an extended attribute on a file in Linux?
Which command is used to set an extended attribute on a file in Linux?
Signup and view all the answers
When OpenVPN sends a control packet to its peer, it expects an acknowledgement in 2 seconds by default. Which of the following options changes the timeout period to 5 seconds?
When OpenVPN sends a control packet to its peer, it expects an acknowledgement in 2 seconds by default. Which of the following options changes the timeout period to 5 seconds?
Signup and view all the answers
Which permission bit allows a user to delete a file?
Which permission bit allows a user to delete a file?
Signup and view all the answers
What is the purpose of rkhunter?
What is the purpose of rkhunter?
Signup and view all the answers
What is a certificate chain?
What is a certificate chain?
Signup and view all the answers
Which of the following commands changes the source IP address to 192.0.2.11 for all IPv4 packets which go through the network interface eth0?
Which of the following commands changes the source IP address to 192.0.2.11 for all IPv4 packets which go through the network interface eth0?
Signup and view all the answers
Which statement is used in a parameter file for setkey to create a new SPD entry?
Which statement is used in a parameter file for setkey to create a new SPD entry?
Signup and view all the answers
Which methods can be used to deactivate a rule in Snort? (Choose TWO correct answers.)
Which methods can be used to deactivate a rule in Snort? (Choose TWO correct answers.)
Signup and view all the answers
Which command adds users using SSSD's local service?
Which command adds users using SSSD's local service?
Signup and view all the answers
Which DNS records are used in DNSSEC?
Which DNS records are used in DNSSEC?
Signup and view all the answers
What is the purpose of a Certificate Authority (CA)?
What is the purpose of a Certificate Authority (CA)?
Signup and view all the answers
Is the command 'ipa-server-install' a correct solution?
Is the command 'ipa-server-install' a correct solution?
Signup and view all the answers
Which of the following openssl commands generates a certificate signing request (CSR) using the already existing private key?
Which of the following openssl commands generates a certificate signing request (CSR) using the already existing private key?
Signup and view all the answers
What is Cryptography?
What is Cryptography?
Signup and view all the answers
Which type of activity does HID monitor for?
Which type of activity does HID monitor for?
Signup and view all the answers
Which of the following is NOT a benefit of using HID?
Which of the following is NOT a benefit of using HID?
Signup and view all the answers
What is a ciphertext?
What is a ciphertext?
Signup and view all the answers
Which of the following commands defines an audit rule that monitors read and write operations to a specified file?
Which of the following commands defines an audit rule that monitors read and write operations to a specified file?
Signup and view all the answers
What is a rootkit?
What is a rootkit?
Signup and view all the answers
Which of the following commands displays all ebtable rules contained in a specified table?
Which of the following commands displays all ebtable rules contained in a specified table?
Signup and view all the answers
What is a plaintext?
What is a plaintext?
Signup and view all the answers
Which protocol is commonly used to transmit X.509 certificates?
Which protocol is commonly used to transmit X.509 certificates?
Signup and view all the answers
What is the purpose of the program snort-stat?
What is the purpose of the program snort-stat?
Signup and view all the answers
Which tool can be used to check for rootkits on a Linux system?
Which tool can be used to check for rootkits on a Linux system?
Signup and view all the answers
What is the purpose of rkhunter?
What is the purpose of rkhunter?
Signup and view all the answers
What is a certificate chain?
What is a certificate chain?
Signup and view all the answers
Which permission bit allows a user to delete a file?
Which permission bit allows a user to delete a file?
Signup and view all the answers
Which of the following DNS records are used in DNSSEC?
Which of the following DNS records are used in DNSSEC?
Signup and view all the answers
What is the purpose of a Certificate Authority (CA)?
What is the purpose of a Certificate Authority (CA)?
Signup and view all the answers
What option of mount.cifs specifies the user that appears as the local owner of the files of a mounted CIFS share when the server does not provide ownership information?
What option of mount.cifs specifies the user that appears as the local owner of the files of a mounted CIFS share when the server does not provide ownership information?
Signup and view all the answers
Which of the following practices are important for the security of private keys? (Choose TWO correct answers.)
Which of the following practices are important for the security of private keys? (Choose TWO correct answers.)
Signup and view all the answers
What is the purpose of NSEC3 in DNSSEC?
What is the purpose of NSEC3 in DNSSEC?
Signup and view all the answers
Which command is used to run a new shell for a user changing the SELinux context?
Which command is used to run a new shell for a user changing the SELinux context?
Signup and view all the answers
Which file is used to configure AIDE?
Which file is used to configure AIDE?
Signup and view all the answers
What is an asymmetric key?
What is an asymmetric key?
Signup and view all the answers
Which of the following is an example of a behavioral-based HID technique?
Which of the following is an example of a behavioral-based HID technique?
Signup and view all the answers
Which command revokes ACL-based write access for groups and named users on the file afile?
Which command revokes ACL-based write access for groups and named users on the file afile?
Signup and view all the answers
Which command is used to set an extended attribute on a file in Linux?
Which command is used to set an extended attribute on a file in Linux?
Signup and view all the answers
Which option in an Apache HTTPD configuration file enables OCSP stapling?
Which option in an Apache HTTPD configuration file enables OCSP stapling?
Signup and view all the answers
Determine whether the given solution is correct?
Determine whether the given solution is correct?
Signup and view all the answers
What type of attack is phishing?
What type of attack is phishing?
Signup and view all the answers
What is the purpose of a Certificate Revocation List (CRL)?
What is the purpose of a Certificate Revocation List (CRL)?
Signup and view all the answers
What type of record is used to map an IP address to a hostname?
What type of record is used to map an IP address to a hostname?
Signup and view all the answers
What is the purpose of AIDE?
What is the purpose of AIDE?
Signup and view all the answers
What is host intrusion detection (HID)?
What is host intrusion detection (HID)?
Signup and view all the answers
What is the purpose of a DNSKEY record in DNSSEC?
What is the purpose of a DNSKEY record in DNSSEC?
Signup and view all the answers
What is social engineering?
What is social engineering?
Signup and view all the answers
What is the purpose of an RRSIG record in DNSSEC?
What is the purpose of an RRSIG record in DNSSEC?
Signup and view all the answers
What is the primary function of ndpmon?
What is the primary function of ndpmon?
Signup and view all the answers
What type of key is used for both encryption and decryption that is generated in a pair?
What type of key is used for both encryption and decryption that is generated in a pair?
Signup and view all the answers
What is an example of a behavioral-based HID technique?
What is an example of a behavioral-based HID technique?
Signup and view all the answers
Which command is used to set an extended attribute on a file in Linux?
Which command is used to set an extended attribute on a file in Linux?
Signup and view all the answers
Which option in an Apache HTTPD configuration file enables OCSP stapling?
Which option in an Apache HTTPD configuration file enables OCSP stapling?
Signup and view all the answers
Which of the following database names can be used within a Name Service Switch (NSS) configuration file?
Which of the following database names can be used within a Name Service Switch (NSS) configuration file?
Signup and view all the answers
What type of access control model is established by using SELinux?
What type of access control model is established by using SELinux?
Signup and view all the answers
Which command revokes ACL-based write access for groups and named users on the file afile?
Which command revokes ACL-based write access for groups and named users on the file afile?
Signup and view all the answers
What is the purpose of OCSP stapling?
What is the purpose of OCSP stapling?
Signup and view all the answers
Which option of the openvpn command should be used to ensure that ephemeral keys are not written to the swap space?
Which option of the openvpn command should be used to ensure that ephemeral keys are not written to the swap space?
Signup and view all the answers
Which command is used to view the access control list of a file?
Which command is used to view the access control list of a file?
Signup and view all the answers
What is a man-in-the-middle attack?
What is a man-in-the-middle attack?
Signup and view all the answers
Which of the following names correspond to existing attribute namespaces?
Which of the following names correspond to existing attribute namespaces?
Signup and view all the answers
Which of the following scan techniques is used with nmap?
Which of the following scan techniques is used with nmap?
Signup and view all the answers
Which command is used to add a new user to FreeIPA?
Which command is used to add a new user to FreeIPA?
Signup and view all the answers
Which of the following is a Linux Extended File Attribute namespace?
Which of the following is a Linux Extended File Attribute namespace?
Signup and view all the answers
What is the primary purpose of a DNSKEY record in DNSSEC?
What is the primary purpose of a DNSKEY record in DNSSEC?
Signup and view all the answers
A Certificate Revocation List (CRL) is a list of X.509 certificates that have been issued by a particular CA.
A Certificate Revocation List (CRL) is a list of X.509 certificates that have been issued by a particular CA.
Signup and view all the answers
What is the purpose of AIDE?
What is the purpose of AIDE?
Signup and view all the answers
The DNS record used to map an IP address to a hostname is the _______________________ record.
The DNS record used to map an IP address to a hostname is the _______________________ record.
Signup and view all the answers
Match the following security threats with their definitions:
Match the following security threats with their definitions:
Signup and view all the answers
What is the purpose of NSEC3 in DNSSEC?
What is the purpose of NSEC3 in DNSSEC?
Signup and view all the answers
Host intrusion detection (HID) is a system that detects malicious traffic on a network.
Host intrusion detection (HID) is a system that detects malicious traffic on a network.
Signup and view all the answers
What is the purpose of a Certificate Authority (CA)?
What is the purpose of a Certificate Authority (CA)?
Signup and view all the answers
What is the purpose of ndpmon?
What is the purpose of ndpmon?
Signup and view all the answers
A key used for encryption and decryption that is the same is an asymmetric key.
A key used for encryption and decryption that is the same is an asymmetric key.
Signup and view all the answers
What is the command to set an extended attribute on a file in Linux?
What is the command to set an extended attribute on a file in Linux?
Signup and view all the answers
The _______________ option in an Apache HTTPD configuration file enables OCSP stapling.
The _______________ option in an Apache HTTPD configuration file enables OCSP stapling.
Signup and view all the answers
Which of the following database names can be used within a Name Service Switch (NSS) configuration file?
Which of the following database names can be used within a Name Service Switch (NSS) configuration file?
Signup and view all the answers
Match the following HID techniques with their descriptions:
Match the following HID techniques with their descriptions:
Signup and view all the answers
The setfacl command is used to revoke ACL-based write access for groups and named users on a file.
The setfacl command is used to revoke ACL-based write access for groups and named users on a file.
Signup and view all the answers
What is an example of a behavioral-based HID technique?
What is an example of a behavioral-based HID technique?
Signup and view all the answers
Which of the following access control models is established by using SELinux?
Which of the following access control models is established by using SELinux?
Signup and view all the answers
The openssl command 'req -new -x509 -nodes -keyout private/keypair.pem -out cert.csr' generates a certificate signing request (CSR) using a new private key.
The openssl command 'req -new -x509 -nodes -keyout private/keypair.pem -out cert.csr' generates a certificate signing request (CSR) using a new private key.
Signup and view all the answers
What is a man-in-the-middle attack?
What is a man-in-the-middle attack?
Signup and view all the answers
The option '--mlock' of the openvpn command should be used to ensure that _______________________ keys are not written to the swap space.
The option '--mlock' of the openvpn command should be used to ensure that _______________________ keys are not written to the swap space.
Signup and view all the answers
Match the following Linux file attributes with their corresponding namespaces:
Match the following Linux file attributes with their corresponding namespaces:
Signup and view all the answers
The command 'setfacl' is used to view the access control list of a file.
The command 'setfacl' is used to view the access control list of a file.
Signup and view all the answers
Which command is used to add a new user 'usera' to FreeIPA?
Which command is used to add a new user 'usera' to FreeIPA?
Signup and view all the answers
Which of the following options of the openvpn command should be used to change the timeout period to 5 seconds?
Which of the following options of the openvpn command should be used to change the timeout period to 5 seconds?
Signup and view all the answers
What is the purpose of ndpmon?
What is the purpose of ndpmon?
Signup and view all the answers
What is an asymmetric key?
What is an asymmetric key?
Signup and view all the answers
Which of the following is an example of a behavioral-based HID technique?
Which of the following is an example of a behavioral-based HID technique?
Signup and view all the answers
Which command revokes ACL-based write access for groups and named users on the file afile?
Which command revokes ACL-based write access for groups and named users on the file afile?
Signup and view all the answers
Which command is used to set an extended attribute on a file in Linux?
Which command is used to set an extended attribute on a file in Linux?
Signup and view all the answers
Which option in an Apache HTTPD configuration file enables OCSP stapling?
Which option in an Apache HTTPD configuration file enables OCSP stapling?
Signup and view all the answers
Which of the following database names can be used within a Name Service Switch (NSS) configuration file?
Which of the following database names can be used within a Name Service Switch (NSS) configuration file?
Signup and view all the answers
What is the purpose of a Certificate Authority (CA)?
What is the purpose of a Certificate Authority (CA)?
Signup and view all the answers
What is the purpose of a DNSKEY record in DNSSEC?
What is the purpose of a DNSKEY record in DNSSEC?
Signup and view all the answers
What is phishing?
What is phishing?
Signup and view all the answers
What is the purpose of AIDE?
What is the purpose of AIDE?
Signup and view all the answers
What is host intrusion detection (HID)?
What is host intrusion detection (HID)?
Signup and view all the answers
What is a Certificate Revocation List (CRL)?
What is a Certificate Revocation List (CRL)?
Signup and view all the answers
Which of the following DNS records is used to map an IP address to a hostname?
Which of the following DNS records is used to map an IP address to a hostname?
Signup and view all the answers
What is social engineering?
What is social engineering?
Signup and view all the answers
Which of the following is used to verify the authenticity of a DNS query?
Which of the following is used to verify the authenticity of a DNS query?
Signup and view all the answers
Which access control model is established by using SELinux?
Which access control model is established by using SELinux?
Signup and view all the answers
What is the purpose of the '--mlock' option in OpenVPN?
What is the purpose of the '--mlock' option in OpenVPN?
Signup and view all the answers
Which of the following is an example of a scan technique in nmap?
Which of the following is an example of a scan technique in nmap?
Signup and view all the answers
What is a man-in-the-middle attack?
What is a man-in-the-middle attack?
Signup and view all the answers
Which command is used to view the access control list of a file?
Which command is used to view the access control list of a file?
Signup and view all the answers
Which of the following Linux Extended File Attributes are organized into namespaces?
Which of the following Linux Extended File Attributes are organized into namespaces?
Signup and view all the answers
What is the purpose of the 'ipa user-add' command?
What is the purpose of the 'ipa user-add' command?
Signup and view all the answers
Which of the following is a benefit of using Host-based Intrusion Detection (HID)?
Which of the following is a benefit of using Host-based Intrusion Detection (HID)?
Signup and view all the answers
Study Notes
LPIC-3 Security
Mounting CIFS Shares
- The
uid
option ofmount.cifs
specifies the user that appears as the local owner of the files of a mounted CIFS share when the server does not provide ownership information.
Security Practices
- Private keys should be created on the systems where they will be used and should never leave them.
- Private keys should have a sufficient length for the algorithm used for key generation.
- Private keys should not be stored as plain text files without encryption.
DNSSEC
- NSEC3 is used to prevent zone enumeration.
Access Control
- Forcing a file to be executed with the permissions of the file owner is achieved by setting the SetUID bit.
- The difference between SetUID and SetGID is that SetUID allows a file to be executed with the permissions of the file owner, while SetGID allows a file to be executed with the permissions of the group owner.
Symmetric and Asymmetric Keys
- A symmetric key is used for encryption and decryption and is the same for both.
- An asymmetric key, also known as a key pair, is used for encryption and decryption and is generated in a pair.
Linux Audit System
- The
ausearch
command is used to search and filter the audit log.
Network Security
- A honeypot is a network security tool designed to lure attackers into a trap.
- IP sets group together IP addresses that can be referenced by netfilter rules.
Authentication and Authorization
-
rkhunter
is used to detect rootkits and other security threats.
Digital Certificates
- A certificate chain is a sequence of certificates used to verify the authenticity of a digital certificate.
- A Certificate Authority (CA) issues and signs X.509 certificates.
Threats and Attacks
- A buffer overflow is a type of software vulnerability.
- A man-in-the-middle attack intercepts communications between two parties to steal information.
- A Trojan is a type of malware that disguises itself as legitimate software.
- A rogue access point is an unauthorized access point set up to look like a legitimate one.
System Hardening
- Linux Malware Detect is a tool used to detect malware on a Linux system.
-
pam_cracklib
is a PAM module that checks new passwords against dictionary words and enforces complexity.
DNS and DNSSEC
- RRSIG is a DNS record type used in DNSSEC.
-
dnssec-keygen
generates DNSSEC keys.
File Permissions and Access Control
- Linux file ownership is used to restrict access to files only to their owner.
-
chmod
is used to set the permissions of a file in Linux.
Network Security Tools
-
iptable
is used to configure firewall rules. -
nftables
is used to configure packet filtering and classification.
Let me know if you'd like me to clarify or expand on any of these points!### Virtual Host and SSL
- The virtual host is used as a fallback default for all clients that do not support SNI.
- The virtual host is served only on the common name and Subject Alternative.
Apache HTTPD Configuration
- To require a client certificate for authentication, use the configuration option
SSLVerifyClient require
. -
SSLRequestClientCert
is used to request a client certificate, but it does not require one. -
SSLVerifyClient
is used to specify the verification level for client certificates.
Root CA Certificate
- A Root CA certificate is a self-signed certificate.
- It does not include the private key of the CA.
- It must contain an X509v3 Authority extension.
Host-Based Intrusion Detection (HID)
- HID is a system that monitors and detects potential security threats on a single computer or server.
- Best practice for implementing HID is to configure it to alert security personnel of potential security incidents.
SELinux Permissions
- SELinux permissions are verified after standard Linux permissions.
- SELinux permissions do not override standard Linux permissions.
Wireshark Capture Filters
-
tcp portrange 10000-15000
is a valid Wireshark capture filter.
OpenVAS NVT Feed
- The command
openvas-nvt-sync
is used to update NVTs from the OpenVAS NVT feed.
File Permissions
- The
chown
command is used to set the owner and group of a file in Linux. - The
chmod
command is used to set the permissions of a file in Linux.
Executable Files
- The permission bit that allows a file to be executed is
Execute
.
Automation of Host Scans
- Cron can be used to automate host scans on a Linux system.
sysctl Command
- The
sysctl
command is used to configure kernel parameters. - The data that can be altered by the
sysctl
command is accessible in/proc/sys
.
Access Control Lists
- The purpose of an access control list (ACL) in Linux is to specify fine-grained permissions for users and groups.
NFS Configuration
- Kerberos authentication was added to NFS in version 4.
OCSP Stapling
- OCSP stapling is a mechanism that allows a server to provide proof of the revocation status of its own SSL/TLS certificate.
FreeIPA Server
- The command
ipa-server-install
is used to install and configure a new FreeIPA server, including all sub-components, and creates a new FreeIPA domain.
OpenSSL Commands
- The command
openssl req –new –key private/keypair.pem –out req/csr.pem
is used to generate a certificate signing request (CSR) using the already existing private key contained in the fileprivate/keypair.pem
.
Cryptography
- Cryptography is the art of sending secret messages.
HID Monitoring
- HID monitors for unauthorized access attempts.
Benefits of HID
- HID provides real-time detection of security incidents.
- HID allows for quick response to security incidents.
- HID helps prevent security incidents from occurring.
Ciphertext and Plaintext
- Ciphertext is the encrypted message.
- Plaintext is the original message before encryption.
Rootkits
- A rootkit is a type of malware that disguises itself as legitimate software.
ebtables
- The command
ebtables -t filter -L -v
is used to display all ebtables rules contained in the table filter, including their packet and byte counters.
LDAP and Certificates
- LDAP is commonly used to transmit X.509 certificates.
Snort-stat
- The purpose of the program snort-stat is to read syslog files containing Snort information and generate port scan statistics.
chkrootkit
- chkrootkit is a tool used to check for rootkits on a Linux system.
LUKS Devices
- The command
cryptsetup luksOpen /dev/sda1 crypt-vol
is used to map a LUKS device. - The command
cryptsetup luksDelKey /dev/mapper/crypt-vol 1
is used to delete a key from a LUKS device.
eCryptfs
- eCryptfs is a stacked cryptographic filesystem for Linux.
- For every file in an eCryptfs directory, there exists a corresponding file that contains the encrypted content.
User Account Management
- The command
chage --maxdays -1 usera
is used to disable the automatic password expiry for the userusera
.
TSIG and DNS
- TSIG authenticates name servers in order to perform secured zone transfers by using a secret key that is shared between the servers.
FreeIPA Components
- FreeIPA includes a Kerberos KDC, a Directory Server, and a Public Key Infrastructure.
DNSSEC
- DNSSEC is used to provide authentication of DNS data and verify the integrity of DNS data.
X.509 Certificates
- An X.509 certificate contains information such as the subject, issuer, validity dates, and public key.
- A Certificate Revocation List (CRL) is a list of X.509 certificates that have been revoked by a particular CA.
AppArmor and SELinux
- AppArmor and SELinux are both Mandatory Access Control (MAC) systems.
- AppArmor is implemented in user space only, while SELinux is a Linux kernel module.
Host Intrusion Detection
- Host intrusion detection (HID) monitors and detects potential security threats on a single computer or server.
Social Engineering
- Social engineering is a type of attack that exploits human psychology to gain access to sensitive information.
AIDE
- AIDE is a file integrity checker that detects intrusions and system changes.
DNS over TLS and DNS over HTTPS
- DNS over TLS and DNS over HTTPS are used to provide secure communication between DNS clients and servers.
LPIC-3 Security
Mounting CIFS Shares
- The
uid
option ofmount.cifs
specifies the user that appears as the local owner of the files of a mounted CIFS share when the server does not provide ownership information.
Security Practices
- Private keys should be created on the systems where they will be used and should never leave them.
- Private keys should have a sufficient length for the algorithm used for key generation.
- Private keys should not be stored as plain text files without encryption.
DNSSEC
- NSEC3 is used to prevent zone enumeration.
Access Control
- Forcing a file to be executed with the permissions of the file owner is achieved by setting the SetUID bit.
- The difference between SetUID and SetGID is that SetUID allows a file to be executed with the permissions of the file owner, while SetGID allows a file to be executed with the permissions of the group owner.
Symmetric and Asymmetric Keys
- A symmetric key is used for encryption and decryption and is the same for both.
- An asymmetric key, also known as a key pair, is used for encryption and decryption and is generated in a pair.
Linux Audit System
- The
ausearch
command is used to search and filter the audit log.
Network Security
- A honeypot is a network security tool designed to lure attackers into a trap.
- IP sets group together IP addresses that can be referenced by netfilter rules.
Authentication and Authorization
-
rkhunter
is used to detect rootkits and other security threats.
Digital Certificates
- A certificate chain is a sequence of certificates used to verify the authenticity of a digital certificate.
- A Certificate Authority (CA) issues and signs X.509 certificates.
Threats and Attacks
- A buffer overflow is a type of software vulnerability.
- A man-in-the-middle attack intercepts communications between two parties to steal information.
- A Trojan is a type of malware that disguises itself as legitimate software.
- A rogue access point is an unauthorized access point set up to look like a legitimate one.
System Hardening
- Linux Malware Detect is a tool used to detect malware on a Linux system.
-
pam_cracklib
is a PAM module that checks new passwords against dictionary words and enforces complexity.
DNS and DNSSEC
- RRSIG is a DNS record type used in DNSSEC.
-
dnssec-keygen
generates DNSSEC keys.
File Permissions and Access Control
- Linux file ownership is used to restrict access to files only to their owner.
-
chmod
is used to set the permissions of a file in Linux.
Network Security Tools
-
iptable
is used to configure firewall rules. -
nftables
is used to configure packet filtering and classification.
Let me know if you'd like me to clarify or expand on any of these points!### Virtual Host and SSL
- The virtual host is used as a fallback default for all clients that do not support SNI.
- The virtual host is served only on the common name and Subject Alternative.
Apache HTTPD Configuration
- To require a client certificate for authentication, use the configuration option
SSLVerifyClient require
. -
SSLRequestClientCert
is used to request a client certificate, but it does not require one. -
SSLVerifyClient
is used to specify the verification level for client certificates.
Root CA Certificate
- A Root CA certificate is a self-signed certificate.
- It does not include the private key of the CA.
- It must contain an X509v3 Authority extension.
Host-Based Intrusion Detection (HID)
- HID is a system that monitors and detects potential security threats on a single computer or server.
- Best practice for implementing HID is to configure it to alert security personnel of potential security incidents.
SELinux Permissions
- SELinux permissions are verified after standard Linux permissions.
- SELinux permissions do not override standard Linux permissions.
Wireshark Capture Filters
-
tcp portrange 10000-15000
is a valid Wireshark capture filter.
OpenVAS NVT Feed
- The command
openvas-nvt-sync
is used to update NVTs from the OpenVAS NVT feed.
File Permissions
- The
chown
command is used to set the owner and group of a file in Linux. - The
chmod
command is used to set the permissions of a file in Linux.
Executable Files
- The permission bit that allows a file to be executed is
Execute
.
Automation of Host Scans
- Cron can be used to automate host scans on a Linux system.
sysctl Command
- The
sysctl
command is used to configure kernel parameters. - The data that can be altered by the
sysctl
command is accessible in/proc/sys
.
Access Control Lists
- The purpose of an access control list (ACL) in Linux is to specify fine-grained permissions for users and groups.
NFS Configuration
- Kerberos authentication was added to NFS in version 4.
OCSP Stapling
- OCSP stapling is a mechanism that allows a server to provide proof of the revocation status of its own SSL/TLS certificate.
FreeIPA Server
- The command
ipa-server-install
is used to install and configure a new FreeIPA server, including all sub-components, and creates a new FreeIPA domain.
OpenSSL Commands
- The command
openssl req –new –key private/keypair.pem –out req/csr.pem
is used to generate a certificate signing request (CSR) using the already existing private key contained in the fileprivate/keypair.pem
.
Cryptography
- Cryptography is the art of sending secret messages.
HID Monitoring
- HID monitors for unauthorized access attempts.
Benefits of HID
- HID provides real-time detection of security incidents.
- HID allows for quick response to security incidents.
- HID helps prevent security incidents from occurring.
Ciphertext and Plaintext
- Ciphertext is the encrypted message.
- Plaintext is the original message before encryption.
Rootkits
- A rootkit is a type of malware that disguises itself as legitimate software.
ebtables
- The command
ebtables -t filter -L -v
is used to display all ebtables rules contained in the table filter, including their packet and byte counters.
LDAP and Certificates
- LDAP is commonly used to transmit X.509 certificates.
Snort-stat
- The purpose of the program snort-stat is to read syslog files containing Snort information and generate port scan statistics.
chkrootkit
- chkrootkit is a tool used to check for rootkits on a Linux system.
LUKS Devices
- The command
cryptsetup luksOpen /dev/sda1 crypt-vol
is used to map a LUKS device. - The command
cryptsetup luksDelKey /dev/mapper/crypt-vol 1
is used to delete a key from a LUKS device.
eCryptfs
- eCryptfs is a stacked cryptographic filesystem for Linux.
- For every file in an eCryptfs directory, there exists a corresponding file that contains the encrypted content.
User Account Management
- The command
chage --maxdays -1 usera
is used to disable the automatic password expiry for the userusera
.
TSIG and DNS
- TSIG authenticates name servers in order to perform secured zone transfers by using a secret key that is shared between the servers.
FreeIPA Components
- FreeIPA includes a Kerberos KDC, a Directory Server, and a Public Key Infrastructure.
DNSSEC
- DNSSEC is used to provide authentication of DNS data and verify the integrity of DNS data.
X.509 Certificates
- An X.509 certificate contains information such as the subject, issuer, validity dates, and public key.
- A Certificate Revocation List (CRL) is a list of X.509 certificates that have been revoked by a particular CA.
AppArmor and SELinux
- AppArmor and SELinux are both Mandatory Access Control (MAC) systems.
- AppArmor is implemented in user space only, while SELinux is a Linux kernel module.
Host Intrusion Detection
- Host intrusion detection (HID) monitors and detects potential security threats on a single computer or server.
Social Engineering
- Social engineering is a type of attack that exploits human psychology to gain access to sensitive information.
AIDE
- AIDE is a file integrity checker that detects intrusions and system changes.
DNS over TLS and DNS over HTTPS
- DNS over TLS and DNS over HTTPS are used to provide secure communication between DNS clients and servers.
LPIC-3 Security
Mounting CIFS Shares
- The
uid
option ofmount.cifs
specifies the user that appears as the local owner of the files of a mounted CIFS share when the server does not provide ownership information.
Security Practices
- Private keys should be created on the systems where they will be used and should never leave them.
- Private keys should have a sufficient length for the algorithm used for key generation.
- Private keys should not be stored as plain text files without encryption.
DNSSEC
- NSEC3 is used to prevent zone enumeration.
Access Control
- Forcing a file to be executed with the permissions of the file owner is achieved by setting the SetUID bit.
- The difference between SetUID and SetGID is that SetUID allows a file to be executed with the permissions of the file owner, while SetGID allows a file to be executed with the permissions of the group owner.
Symmetric and Asymmetric Keys
- A symmetric key is used for encryption and decryption and is the same for both.
- An asymmetric key, also known as a key pair, is used for encryption and decryption and is generated in a pair.
Linux Audit System
- The
ausearch
command is used to search and filter the audit log.
Network Security
- A honeypot is a network security tool designed to lure attackers into a trap.
- IP sets group together IP addresses that can be referenced by netfilter rules.
Authentication and Authorization
-
rkhunter
is used to detect rootkits and other security threats.
Digital Certificates
- A certificate chain is a sequence of certificates used to verify the authenticity of a digital certificate.
- A Certificate Authority (CA) issues and signs X.509 certificates.
Threats and Attacks
- A buffer overflow is a type of software vulnerability.
- A man-in-the-middle attack intercepts communications between two parties to steal information.
- A Trojan is a type of malware that disguises itself as legitimate software.
- A rogue access point is an unauthorized access point set up to look like a legitimate one.
System Hardening
- Linux Malware Detect is a tool used to detect malware on a Linux system.
-
pam_cracklib
is a PAM module that checks new passwords against dictionary words and enforces complexity.
DNS and DNSSEC
- RRSIG is a DNS record type used in DNSSEC.
-
dnssec-keygen
generates DNSSEC keys.
File Permissions and Access Control
- Linux file ownership is used to restrict access to files only to their owner.
-
chmod
is used to set the permissions of a file in Linux.
Network Security Tools
-
iptable
is used to configure firewall rules. -
nftables
is used to configure packet filtering and classification.
Let me know if you'd like me to clarify or expand on any of these points!### Virtual Host and SSL
- The virtual host is used as a fallback default for all clients that do not support SNI.
- The virtual host is served only on the common name and Subject Alternative.
Apache HTTPD Configuration
- To require a client certificate for authentication, use the configuration option
SSLVerifyClient require
. -
SSLRequestClientCert
is used to request a client certificate, but it does not require one. -
SSLVerifyClient
is used to specify the verification level for client certificates.
Root CA Certificate
- A Root CA certificate is a self-signed certificate.
- It does not include the private key of the CA.
- It must contain an X509v3 Authority extension.
Host-Based Intrusion Detection (HID)
- HID is a system that monitors and detects potential security threats on a single computer or server.
- Best practice for implementing HID is to configure it to alert security personnel of potential security incidents.
SELinux Permissions
- SELinux permissions are verified after standard Linux permissions.
- SELinux permissions do not override standard Linux permissions.
Wireshark Capture Filters
-
tcp portrange 10000-15000
is a valid Wireshark capture filter.
OpenVAS NVT Feed
- The command
openvas-nvt-sync
is used to update NVTs from the OpenVAS NVT feed.
File Permissions
- The
chown
command is used to set the owner and group of a file in Linux. - The
chmod
command is used to set the permissions of a file in Linux.
Executable Files
- The permission bit that allows a file to be executed is
Execute
.
Automation of Host Scans
- Cron can be used to automate host scans on a Linux system.
sysctl Command
- The
sysctl
command is used to configure kernel parameters. - The data that can be altered by the
sysctl
command is accessible in/proc/sys
.
Access Control Lists
- The purpose of an access control list (ACL) in Linux is to specify fine-grained permissions for users and groups.
NFS Configuration
- Kerberos authentication was added to NFS in version 4.
OCSP Stapling
- OCSP stapling is a mechanism that allows a server to provide proof of the revocation status of its own SSL/TLS certificate.
FreeIPA Server
- The command
ipa-server-install
is used to install and configure a new FreeIPA server, including all sub-components, and creates a new FreeIPA domain.
OpenSSL Commands
- The command
openssl req –new –key private/keypair.pem –out req/csr.pem
is used to generate a certificate signing request (CSR) using the already existing private key contained in the fileprivate/keypair.pem
.
Cryptography
- Cryptography is the art of sending secret messages.
HID Monitoring
- HID monitors for unauthorized access attempts.
Benefits of HID
- HID provides real-time detection of security incidents.
- HID allows for quick response to security incidents.
- HID helps prevent security incidents from occurring.
Ciphertext and Plaintext
- Ciphertext is the encrypted message.
- Plaintext is the original message before encryption.
Rootkits
- A rootkit is a type of malware that disguises itself as legitimate software.
ebtables
- The command
ebtables -t filter -L -v
is used to display all ebtables rules contained in the table filter, including their packet and byte counters.
LDAP and Certificates
- LDAP is commonly used to transmit X.509 certificates.
Snort-stat
- The purpose of the program snort-stat is to read syslog files containing Snort information and generate port scan statistics.
chkrootkit
- chkrootkit is a tool used to check for rootkits on a Linux system.
LUKS Devices
- The command
cryptsetup luksOpen /dev/sda1 crypt-vol
is used to map a LUKS device. - The command
cryptsetup luksDelKey /dev/mapper/crypt-vol 1
is used to delete a key from a LUKS device.
eCryptfs
- eCryptfs is a stacked cryptographic filesystem for Linux.
- For every file in an eCryptfs directory, there exists a corresponding file that contains the encrypted content.
User Account Management
- The command
chage --maxdays -1 usera
is used to disable the automatic password expiry for the userusera
.
TSIG and DNS
- TSIG authenticates name servers in order to perform secured zone transfers by using a secret key that is shared between the servers.
FreeIPA Components
- FreeIPA includes a Kerberos KDC, a Directory Server, and a Public Key Infrastructure.
DNSSEC
- DNSSEC is used to provide authentication of DNS data and verify the integrity of DNS data.
X.509 Certificates
- An X.509 certificate contains information such as the subject, issuer, validity dates, and public key.
- A Certificate Revocation List (CRL) is a list of X.509 certificates that have been revoked by a particular CA.
AppArmor and SELinux
- AppArmor and SELinux are both Mandatory Access Control (MAC) systems.
- AppArmor is implemented in user space only, while SELinux is a Linux kernel module.
Host Intrusion Detection
- Host intrusion detection (HID) monitors and detects potential security threats on a single computer or server.
Social Engineering
- Social engineering is a type of attack that exploits human psychology to gain access to sensitive information.
AIDE
- AIDE is a file integrity checker that detects intrusions and system changes.
DNS over TLS and DNS over HTTPS
- DNS over TLS and DNS over HTTPS are used to provide secure communication between DNS clients and servers.
Network Monitoring
- It monitors remote hosts by periodically sending echo requests to them.
Asymmetric Keys
- An asymmetric key is a key used for both encryption and decryption that is generated in a pair.
HID Techniques
- Anomaly-based detection is a behavioral-based HID technique.
File Permissions
- The command
setfacl
is used to set access control lists (ACLs) on files. - The command
setfattr
is used to set extended attributes on files. - The command
getfacl
is used to view the access control list of a file.
DNS
- The PTR record is used to map an IP address to a hostname.
- The DNSKEY record is used to sign a DNS zone in DNSSEC.
Security
- Phishing is a type of social engineering attack.
- Social engineering is a type of attack that aims to deceive individuals into divulging sensitive information.
Access Control
- Mandatory Access Control (MAC) is an access control model established by using SELinux.
VPNs
- The
--mlock
option of theopenvpn
command is used to ensure that ephemeral keys are not written to the swap space.
Linux File Attributes
- Linux Extended File Attributes are organized in namespaces, including
system
,trusted
, anduser
.
Nmap Scan Techniques
- Existing scan techniques with nmap include Xmas Scan and FIN Scan.
User Management
- The
ipa user-add
command is used to add a new user to FreeIPA.
Security Threats
- A man-in-the-middle attack is an attack that intercepts communications between two parties to steal information.
- A Certificate Revocation List (CRL) is a list of X.509 certificates that have been revoked by a particular CA.
- Host intrusion detection (HID) is a system that monitors and detects potential security threats on a single computer or server.
- AIDE is used to detect intrusions and system changes.
Network Monitoring
- It monitors remote hosts by periodically sending echo requests to them.
Asymmetric Keys
- An asymmetric key is a key used for both encryption and decryption that is generated in a pair.
HID Techniques
- Anomaly-based detection is a behavioral-based HID technique.
File Permissions
- The command
setfacl
is used to set access control lists (ACLs) on files. - The command
setfattr
is used to set extended attributes on files. - The command
getfacl
is used to view the access control list of a file.
DNS
- The PTR record is used to map an IP address to a hostname.
- The DNSKEY record is used to sign a DNS zone in DNSSEC.
Security
- Phishing is a type of social engineering attack.
- Social engineering is a type of attack that aims to deceive individuals into divulging sensitive information.
Access Control
- Mandatory Access Control (MAC) is an access control model established by using SELinux.
VPNs
- The
--mlock
option of theopenvpn
command is used to ensure that ephemeral keys are not written to the swap space.
Linux File Attributes
- Linux Extended File Attributes are organized in namespaces, including
system
,trusted
, anduser
.
Nmap Scan Techniques
- Existing scan techniques with nmap include Xmas Scan and FIN Scan.
User Management
- The
ipa user-add
command is used to add a new user to FreeIPA.
Security Threats
- A man-in-the-middle attack is an attack that intercepts communications between two parties to steal information.
- A Certificate Revocation List (CRL) is a list of X.509 certificates that have been revoked by a particular CA.
- Host intrusion detection (HID) is a system that monitors and detects potential security threats on a single computer or server.
- AIDE is used to detect intrusions and system changes.
Network Monitoring
- It monitors remote hosts by periodically sending echo requests to them.
Asymmetric Keys
- An asymmetric key is a key used for both encryption and decryption that is generated in a pair.
HID Techniques
- Anomaly-based detection is a behavioral-based HID technique.
File Permissions
- The command
setfacl
is used to set access control lists (ACLs) on files. - The command
setfattr
is used to set extended attributes on files. - The command
getfacl
is used to view the access control list of a file.
DNS
- The PTR record is used to map an IP address to a hostname.
- The DNSKEY record is used to sign a DNS zone in DNSSEC.
Security
- Phishing is a type of social engineering attack.
- Social engineering is a type of attack that aims to deceive individuals into divulging sensitive information.
Access Control
- Mandatory Access Control (MAC) is an access control model established by using SELinux.
VPNs
- The
--mlock
option of theopenvpn
command is used to ensure that ephemeral keys are not written to the swap space.
Linux File Attributes
- Linux Extended File Attributes are organized in namespaces, including
system
,trusted
, anduser
.
Nmap Scan Techniques
- Existing scan techniques with nmap include Xmas Scan and FIN Scan.
User Management
- The
ipa user-add
command is used to add a new user to FreeIPA.
Security Threats
- A man-in-the-middle attack is an attack that intercepts communications between two parties to steal information.
- A Certificate Revocation List (CRL) is a list of X.509 certificates that have been revoked by a particular CA.
- Host intrusion detection (HID) is a system that monitors and detects potential security threats on a single computer or server.
- AIDE is used to detect intrusions and system changes.
Studying That Suits You
Use AI to generate personalized quizzes and flashcards to suit your learning preferences.
Related Documents
Description
Practice questions for the LPIC-3 Security certification exam, covering various security topics and Linux system administration.