Shared Flashcard Set

Details

RHEL6 security workbook 2 (actual)
covers workbook 2 of RHEL6 security (actual)
38
Computer Networking
Not Applicable
04/09/2013

Additional Computer Networking Flashcards

 


 

Cards

Term
What is the only TCP network application in Red Hat Enterprise Linux that installs enabled to receive external client connections by default?
Definition
sshd
Term
Although the cups service installs with the cupsd daemon enabled by default, why is it not thought to be a network security risk?
Definition
The cupsd daemon binds only to the loopback interface.
Term
What TCP state indicates a socket which is ready to receive new client connections?
Definition
LISTEN
Term
What UDP state indicates a socket which is ready to receive new client connections?
Definition
nothing
Term
Which of the following command lines would cause nmap to scan ports 10000 through 20000 of the host printserver.example.com?
Definition
nmap -p 10000-20000 printserver.example.com
Term
Which of the following command lines causes nmap to attempt to identify particular versions of applications?
Definition
nmap -A printserver.example.com
Term
When browsing the file /var/log/secure, you discover the following log message: Jan 7 07:48:34 localhost sshd[3179]: Did not receive identification string from UNKNOWN. What is a likely cause?
Definition
Someone performed a port scan of the machine.
Term
Using netstat -tunap, you discover that a process named hpiod is bound to a TCP port. Which of the following commands can be used to discover where the program is located in your filesystem?
Definition
which hpoid
Term
Knowing that the hpiod program is installed at /usr/sbin/hpiod, which of the following command lines can help find the name of the Red Hat Enterprise Linux service which controls the daemon?
Definition
rpm -q -f /usr/sbin/hpoid -l | grep etc
Term
Having discovered that the service name is hplip, which of the following commands would disable the service immediately and on subsequent reboots?
Definition
service hplip stop

chkconfig hplip off
Term
Which is least likely to be true for a daemon?
Definition
Has a graphical interface.
Term
Logging via rsyslogd is configured/controlled by:
Definition
Facility, severity and target specified in /etc/rsyslog.conf.
Term
Which of the following is not a standard rsyslog facility name?

mail
cron
vsftp
authpriv
local3
Definition
vsftp
Term
Which of the following rsyslog severities is the least severe?

err
crit
emerg
alert
warning
Definition
warning
Term
Which /etc/rsyslog.conf line would send mail.warning messages to a local log file?
Definition
*.notice /var/log/messages
Term
Which /etc/rsyslog.conf line might generate the most network traffic?
Definition
cron.none;*.debug @192.168.1.103
Term
Which /etc/rsyslog.conf line contains a syntax error?
Definition
mail.* /192.168.1.*
Term
Most appropriate command to put /etc/rsyslog.conf changes into effect.
Definition
service rsyslog reload
Term
The line from a chkconfig --list command shown below indicates that the system logging service is called "rsyslog" rather than "rsyslogd." What might be the reason for this?
Definition
The logging service has more than one associated daemon.
Term
Which of the following rsyslog severities is the most severe?

notice
info
alert
debug
crit
Definition
alert
Term
The following ls output indicates that thisfile is executable by whom?
Definition
thisfile is not executable.
Term
Assuming that root is the only privileged user and group on the system, which of the following is potentially the most dangerous if exploited by a hacker?
Definition
-rwsrwSrwx 1 root users 63 Aug 20 16:29 thisfile
Term
Which of following commands could have just been executed against thisfile based on the ls output shown below?

-rwsrwsrwx 1 root root 0 Aug 20 16:15 thisfile
Definition
chmod 6777 thisfile

chmod u+s,g+s thisfile
Term
The following command executed by root would find which files?

find / -perm -600 -print
Definition
All files in the filesystem that are both readable and writeable by owner.
Term
The following command executed by root would find which files?

find / -perm /6000 -ls
Definition
All SetUID files in the current directory.
All SetGID files in the current directory.
All SetUID files in the file system.
All SetGID files in the file system.
Term
The following command executed by root would find which files?

find -perm -6000 -maxdepth 1 -print
Definition
All files in the current directory with both SetUID and SetGID set.
Term
Which might be preferred for fingerprinting files, sha1sum or md5sum, and why?
Definition
sha1sum, because it is harder to compromise.
Term
What is the difference between du and df output.
Definition
df shows statistics for file systems, du for directories and files.
Term
Which output line from the following df command hints at trouble brewing?

df -h | grep "^/dev"



/dev/sda3 45G 45G 45M 99% /home
/dev/sda2 8G 4G 4G 50% /
/dev/sda1 12G 2G 10G 16% /boot
Definition
/dev/sda3 45G 45G 45M 99% /home
Term
Which command executed by root might show a useful summary of local users' home directory disk usage?
Definition
du -sh /home
Term
What service must be running for commands like sa to work?
Definition
psacct
Term
A useful file for configuring process limits:
Definition
/etc/security/limits.conf
Term
.

Based on the following output from the command groups elvis, which line in /etc/security/limits.conf would limit the number of concurrent logins elvis could have?

elvis : music wrestle physics emperors
Definition
@physics hard maxlogins 10
Term
Which line in /etc/security/limits.conf would prevent members of the smokers group from ever starting more than 500 processes?
Definition
@smokers hard nproc 500
Term
Which line in /etc/security/limits.conf would most likely prevent elvis from accomplishing any meaningful work? (Note: The presence of this line would probably indicate an error on part of the administrator, versus a valid security limit.)
Definition
elvis hard nproc 5
Term
Consider a system on which process accounting has been enabled for one week. The administrator on this system knows that elvis was logged on for several hours today, but is now logged off. Which of the following would show the administrator a list of commands run by elvis during his last session?
Definition
lastcomm --user elvis
Term
User elvis is currently logged on and the administrator would like to monitor his activity. Which of the following would give the administrator a running summary of elvis's impact to the system?
Definition
top -U elvis
Term
the priorities of syslog messages, from least to most important are:
Definition
debug
info
notice
warning
err
crit
alert
emerg
Supporting users have an ad free experience!