Podcast
Questions and Answers
What is the purpose of the /etc/nologin file?
What is the purpose of the /etc/nologin file?
What is the command used to change the age of a user's password?
What is the command used to change the age of a user's password?
What is the purpose of the xinetd superdaemon?
What is the purpose of the xinetd superdaemon?
What is the command used to set whether a service would start at boot time or not?
What is the command used to set whether a service would start at boot time or not?
Signup and view all the answers
What can be used in place of a user's shell to prevent them from logging in?
What can be used in place of a user's shell to prevent them from logging in?
Signup and view all the answers
What is the purpose of the TCP wrappers?
What is the purpose of the TCP wrappers?
Signup and view all the answers
What is the command used to display daemons that access network ports?
What is the command used to display daemons that access network ports?
Signup and view all the answers
What file stores passwords and password security settings?
What file stores passwords and password security settings?
Signup and view all the answers
What is the file extension of the revocation certificate file?
What is the file extension of the revocation certificate file?
Signup and view all the answers
What is the command used to display the contents of the revocation_file.asc file?
What is the command used to display the contents of the revocation_file.asc file?
Signup and view all the answers
What is the purpose of the revocation certificate?
What is the purpose of the revocation certificate?
Signup and view all the answers
What is the format of the revocation certificate file?
What is the format of the revocation certificate file?
Signup and view all the answers
What is the command used to control various aspects of services and sockets on a computer using systemd?
What is the command used to control various aspects of services and sockets on a computer using systemd?
Signup and view all the answers
What is the name of the directory where the revocation_file.asc file is located?
What is the name of the directory where the revocation_file.asc file is located?
Signup and view all the answers
What is the command used to display more information about various sockets in use on the system?
What is the command used to display more information about various sockets in use on the system?
Signup and view all the answers
What is the message at the beginning of the revocation certificate?
What is the message at the beginning of the revocation certificate?
Signup and view all the answers
What is the command used to enable or disable a system to start at boot time on Debian-based distributions?
What is the command used to enable or disable a system to start at boot time on Debian-based distributions?
Signup and view all the answers
What is the command used to set the expiration date of an account to never?
What is the command used to set the expiration date of an account to never?
Signup and view all the answers
What is the license under which the content is provided?
What is the license under which the content is provided?
Signup and view all the answers
What is the command used to disable the CUPS printing service permanently?
What is the command used to disable the CUPS printing service permanently?
Signup and view all the answers
What is the command used to check if the appropriate port is not active anymore after disabling the CUPS printing service?
What is the command used to check if the appropriate port is not active anymore after disabling the CUPS printing service?
Signup and view all the answers
What is the command used to check if nginx supports TCP wrappers?
What is the command used to check if nginx supports TCP wrappers?
Signup and view all the answers
What is the superdaemon that can control access to a network service on demand?
What is the superdaemon that can control access to a network service on demand?
Signup and view all the answers
What is the purpose of importing the revocation certificate file to your keyring?
What is the purpose of importing the revocation certificate file to your keyring?
Signup and view all the answers
What command is used to list the keys in the keyring?
What command is used to list the keys in the keyring?
Signup and view all the answers
What is the result of running gpg --import revocation_file.asc
?
What is the result of running gpg --import revocation_file.asc
?
Signup and view all the answers
What must be done with the revoked key?
What must be done with the revoked key?
Signup and view all the answers
What is the purpose of importing a public key into a keyring?
What is the purpose of importing a public key into a keyring?
Signup and view all the answers
What is the output of the gpg --list-keys
command?
What is the output of the gpg --list-keys
command?
Signup and view all the answers
What is the result of running gpg --import carol.pub.key
?
What is the result of running gpg --import carol.pub.key
?
Signup and view all the answers
What is the purpose of using GPG to encrypt a file?
What is the purpose of using GPG to encrypt a file?
Signup and view all the answers
What is the primary function of gpg-agent?
What is the primary function of gpg-agent?
Signup and view all the answers
What is the option to run gpg-agent in daemon mode?
What is the option to run gpg-agent in daemon mode?
Signup and view all the answers
What type of cryptography is used by GnuPG?
What type of cryptography is used by GnuPG?
Signup and view all the answers
What is the purpose of the trust database in GPG?
What is the purpose of the trust database in GPG?
Signup and view all the answers
What is the command to display the help options for gpg-agent?
What is the command to display the help options for gpg-agent?
Signup and view all the answers
What is the purpose of the directory for revocation certificates in GPG?
What is the purpose of the directory for revocation certificates in GPG?
Signup and view all the answers
What is the main component of public key cryptography used in GnuPG?
What is the main component of public key cryptography used in GnuPG?
Signup and view all the answers
What is the license under which GnuPG is distributed?
What is the license under which GnuPG is distributed?
Signup and view all the answers
Study Notes
Setting Up Host Security
- The file
/etc/nologin
prevents the login of the user root. - The existence of the
/etc/nologin
file does not prevent passwordless logins with SSH keys. - If the file
/etc/nologin
contains the line "login currently is not possible only", it does not affect the login of ordinary users.
User Management
- Passwords are stored in the file
/etc/passwd
, along with some password security settings, such as expiration time. - The command
chage
is used to change the age of a user's password. - The command
passwd
is used to create or change a user's password.
Network Services
- The superdaemon
xinetd
can control access to a network service on demand, leaving the service inactive until it is actually called upon to perform some task. - The command
netstat
is a classic utility that displays daemons that access network ports on a system and their usage. - The command
ss
is the modern equivalent tonetstat
, but also displays more information about various sockets in use on the system.
Security Measures
- TCP wrappers can be used as a simple firewall.
- The command
chkconfig
is used to set whether a service would start at boot time or not. - The command
update-rc.d
is a classic command that enables or disables a system to start at boot time on Debian-based distributions.
Data Encryption
- GPG (GNU Privacy Guard) is used to encrypt, decrypt, sign, and verify files.
- To effectively revoke a private key, a revocation certificate needs to be merged with the key, which is done by importing the revocation certificate file to the keyring using
gpg --import revocation_file.asc
. - The command
gpg-agent
is the daemon that manages private keys for GPG.
gpg-agent
-
gpg-agent
is started on demand by GPG. -
gpg-agent
can be run in daemon mode (background) or server mode (foreground) using the options--daemon
and--server
, respectively.
Studying That Suits You
Use AI to generate personalized quizzes and flashcards to suit your learning preferences.
Related Documents
Description
Test your knowledge of Unix security features, including login restrictions and user management.