Unix Security Essentials
39 Questions
0 Views

Choose a study mode

Play Quiz
Study Flashcards
Spaced Repetition
Chat to lesson

Podcast

Play an AI-generated podcast conversation about this lesson

Questions and Answers

What is the purpose of the /etc/nologin file?

  • To prevent login of the user root (correct)
  • To store password security settings
  • To disable unnecessary network services
  • To display daemons that access network ports
  • What is the command used to change the age of a user's password?

  • chage (correct)
  • passwd
  • nologin
  • chkconfig
  • What is the purpose of the xinetd superdaemon?

  • To run SSH services on demand (correct)
  • To store passwords and password security settings
  • To handle daytime services
  • To disable network services
  • What is the command used to set whether a service would start at boot time or not?

    <p>chkconfig</p> Signup and view all the answers

    What can be used in place of a user's shell to prevent them from logging in?

    <p>nologin command</p> Signup and view all the answers

    What is the purpose of the TCP wrappers?

    <p>To act as a simple firewall</p> Signup and view all the answers

    What is the command used to display daemons that access network ports?

    <p>netstat</p> Signup and view all the answers

    What file stores passwords and password security settings?

    <p>/etc/passwd</p> Signup and view all the answers

    What is the file extension of the revocation certificate file?

    <p>.asc</p> Signup and view all the answers

    What is the command used to display the contents of the revocation_file.asc file?

    <p>cat revocation_file.asc</p> Signup and view all the answers

    What is the purpose of the revocation certificate?

    <p>To revoke a public key</p> Signup and view all the answers

    What is the format of the revocation certificate file?

    <p>ASCII</p> Signup and view all the answers

    What is the command used to control various aspects of services and sockets on a computer using systemd?

    <p>systemctl</p> Signup and view all the answers

    What is the name of the directory where the revocation_file.asc file is located?

    <p>~/.gnupg</p> Signup and view all the answers

    What is the command used to display more information about various sockets in use on the system?

    <p>ss</p> Signup and view all the answers

    What is the message at the beginning of the revocation certificate?

    <p>This is a revocation certificate</p> Signup and view all the answers

    What is the command used to enable or disable a system to start at boot time on Debian-based distributions?

    <p>update-rc.d</p> Signup and view all the answers

    What is the command used to set the expiration date of an account to never?

    <p>chage -E -1 emma</p> Signup and view all the answers

    What is the license under which the content is provided?

    <p>CC BY-NC-ND 4.0</p> Signup and view all the answers

    What is the command used to disable the CUPS printing service permanently?

    <p>systemctl disable cups.service --now</p> Signup and view all the answers

    What is the command used to check if the appropriate port is not active anymore after disabling the CUPS printing service?

    <p>ss -l | grep ':ipp '</p> Signup and view all the answers

    What is the command used to check if nginx supports TCP wrappers?

    <p>ldd /usr/sbin/nginx | grep 'libwrap'</p> Signup and view all the answers

    What is the superdaemon that can control access to a network service on demand?

    <p>xinetd</p> Signup and view all the answers

    What is the purpose of importing the revocation certificate file to your keyring?

    <p>To revoke a private key</p> Signup and view all the answers

    What command is used to list the keys in the keyring?

    <p>gpg --list-keys</p> Signup and view all the answers

    What is the result of running gpg --import revocation_file.asc?

    <p>A private key is revoked</p> Signup and view all the answers

    What must be done with the revoked key?

    <p>It must be made available to any party that has public keys associated with it</p> Signup and view all the answers

    What is the purpose of importing a public key into a keyring?

    <p>To encrypt a file using the public key</p> Signup and view all the answers

    What is the output of the gpg --list-keys command?

    <p>A list of public keys in the keyring</p> Signup and view all the answers

    What is the result of running gpg --import carol.pub.key?

    <p>A public key is imported into the keyring</p> Signup and view all the answers

    What is the purpose of using GPG to encrypt a file?

    <p>To securely transmit the file to another party</p> Signup and view all the answers

    What is the primary function of gpg-agent?

    <p>To manage private keys for GPG</p> Signup and view all the answers

    What is the option to run gpg-agent in daemon mode?

    <p>--daemon</p> Signup and view all the answers

    What type of cryptography is used by GnuPG?

    <p>Public key cryptography</p> Signup and view all the answers

    What is the purpose of the trust database in GPG?

    <p>To manage key trust relationships</p> Signup and view all the answers

    What is the command to display the help options for gpg-agent?

    <p>gpg-agent --help</p> Signup and view all the answers

    What is the purpose of the directory for revocation certificates in GPG?

    <p>To store revoked certificates</p> Signup and view all the answers

    What is the main component of public key cryptography used in GnuPG?

    <p>Public key and private key</p> Signup and view all the answers

    What is the license under which GnuPG is distributed?

    <p>GPLv3+</p> Signup and view all the answers

    Study Notes

    Setting Up Host Security

    • The file /etc/nologin prevents the login of the user root.
    • The existence of the /etc/nologin file does not prevent passwordless logins with SSH keys.
    • If the file /etc/nologin contains the line "login currently is not possible only", it does not affect the login of ordinary users.

    User Management

    • Passwords are stored in the file /etc/passwd, along with some password security settings, such as expiration time.
    • The command chage is used to change the age of a user's password.
    • The command passwd is used to create or change a user's password.

    Network Services

    • The superdaemon xinetd can control access to a network service on demand, leaving the service inactive until it is actually called upon to perform some task.
    • The command netstat is a classic utility that displays daemons that access network ports on a system and their usage.
    • The command ss is the modern equivalent to netstat, but also displays more information about various sockets in use on the system.

    Security Measures

    • TCP wrappers can be used as a simple firewall.
    • The command chkconfig is used to set whether a service would start at boot time or not.
    • The command update-rc.d is a classic command that enables or disables a system to start at boot time on Debian-based distributions.

    Data Encryption

    • GPG (GNU Privacy Guard) is used to encrypt, decrypt, sign, and verify files.
    • To effectively revoke a private key, a revocation certificate needs to be merged with the key, which is done by importing the revocation certificate file to the keyring using gpg --import revocation_file.asc.
    • The command gpg-agent is the daemon that manages private keys for GPG.

    gpg-agent

    • gpg-agent is started on demand by GPG.
    • gpg-agent can be run in daemon mode (background) or server mode (foreground) using the options --daemon and --server, respectively.

    Studying That Suits You

    Use AI to generate personalized quizzes and flashcards to suit your learning preferences.

    Quiz Team

    Related Documents

    Description

    Test your knowledge of Unix security features, including login restrictions and user management.

    More Like This

    Introduction to Unix
    5 questions

    Introduction to Unix

    BetterKnownElation avatar
    BetterKnownElation
    Use Quizgecko on...
    Browser
    Browser