- Shuffle
Toggle OnToggle Off
- Alphabetize
Toggle OnToggle Off
- Front First
Toggle OnToggle Off
- Both Sides
Toggle OnToggle Off
Front
How to study your flashcards.
Right/Left arrow keys: Navigate between flashcards.right arrow keyleft arrow key
Up/Down arrow keys: Flip the card between the front and back.down keyup key
H key: Show hint (3rd side).h key
PLAY BUTTON
PLAY BUTTON
82 Cards in this Set
- Front
- Back
|
Where do you configure the default umask?
|
/etc/bashrc
|
|
What are the two classes of access controls in Linux
|
Discretionary and Mandatory Access Controls
Discretionary - ACLs, Ownership, stuff that overrides standard default ownership and permissions Mandatory - SELinux |
|
What does the first position of ugo rights mean?
|
- Regular File
d - directory b - Device l - Linked file |
|
What do the 3 sets of 3 positions past the file type mean?
-rwxr-xr-x |
ugo - UserGroupOther - User Owner, Group Owner, All Other Users
own Grp All other -rwxr-xr-x 4 2 1 |
|
What do the codes in file permissions add up to?
And what would '-rwxr-xr-x be? |
4 - Read
2 - Write 1 - Execute 755 |
|
Set the following rights on /humu:
rwxr-xr-x using numbers Add write permissions to everyone using letters Remove write permissions from Owner using #s |
chmod 755 humu
chmod o+w humu chmod 557 humu |
|
Give the group write rights to -rwxr-xr-x humu using
Letters Numbers |
chmod g+w humu
chmod 775 humu |
|
Where is the SUID, SGID, and Sticky bit set?
|
SUID
-rwsr-xr-x. /usr/bin/passwd Set on Commands SGID -rwxr-sr-x. /usr/bin/ssh-agent Set on Commands Sticky Bit drwxrwxrwt. /tmp/ Set on directories |
|
What does the sticky bit do?
|
drwxrwxrwt. /tmp/
Set on directories Allows other (where it's set of course) users to place files there, but retain ownership |
|
What does the SUID Special Bit do?
|
SUID (set user ID)
-rwsr-xr-x. /usr/bin/passwd It sets the user's ID temporarily as the owner while it is executed The file (executable or script) can be executed by other users with the authority of the file owner which is in this case root |
|
What does the SGID Special Bit do?
|
SGID
-rwxr-sr-x. /usr/bin/ssh-agent It sets your group ID to the file's group ID while it is executed The file (executable or script) can be executed by other users with the authority of the file group owner which is in this case root |
|
If you do a ls -l of /etc/usr/bin/passwd, it looks like:
-rwsr-xr-x. Root root passwd What does this 's' mean? |
It can be executed by other users with the authority level of the owner - root
It allows a user to run the passwd command and edit the passwd and shadow files from the command This is the SUID bit |
|
What does the '.' at the end of the security string mean?
-rwx-r-x-r-x. -rwx-r-x-r-x+ |
Under Control of SELinux
ACL has been applied (probably also under control of SELinux) |
|
What are the two owners of a file (1st and 2nd root):
root root humu |
Owner of file first, then group that also owns the file
|
|
How do you backup the configuration of the firewall?
|
cp /etc/sysconfig/iptables
|
|
What file do you change to turn off enforcing in selinux?
|
/etc/sysconfig/selinux
|
|
How do you toggle enforcing of selinux using a command?
|
setenforce enforcing/permissive
|
|
What are two ways to set up SELinux?
|
Run setenforce enforcing/permissive
Edit /etc/sysconfig/selinux file Reboot |
|
How do you check SELinux Status?
|
getenforce
sestatus (more detailed) |
|
How do you disable SELinux?
|
Edit /etc/sysconfig/selinux and change selinux= from enforcing or permissive to disabled
|
|
How does umask work?
What are the default permissions What are the two different umasks? What is the result of the two umasks on new files? |
Default permissions for any file created is 666 rw rw rw (used to be 777)
Default umask for 199 and below is 022 (Root and special accounts) 666-022=644 Root mask 022 -rw-r--r-- Default umask for 200 and above is 002 (general users) 666-002=664 Humu mask 002 -rw-rw-r-- |
|
How do you find the umask for the user you are
currently logged in as? |
umask
|
|
What are the main special file attributes?
|
a - append only (prevents deletion)
i - prevents deletion and change d - no dump (Disallows backups) |
|
How do you list special file attributes?
|
lsattr
|
|
How would you prevent deletion and change to a file
using special file attributes? |
chattr +i /etc/fstab
|
|
What are ACLs good for?
|
If you want to give humu access to your files in your home directory, you can only do it
on a single group basis or give right to everybody using the ugo/rwx rights ACLs allow you to give selected users rights to selected files |
|
How can you remount a filesystem for ACLs if it hasn't
been set if fstab? |
mount -o remount -o /dev/mapper/vg_humu-lv_root /
|
|
How do you add rightsf or a user to a file/directory using
ACLs? |
setfacl -m u:humu:rwx /root/turtle.txt
You'll need to give rights to /root/ before this would work though setfacl -m u:humu:x /root/ |
|
How do you remove humu's ACL rights to /root/turtle.txt
|
setfacl -x u:humu /root/turtle.txt
|
|
How do you add rights for a group to a file/directory using
ACLs? |
setfacl -m g:fish:r-- /root/turtle.txt
|
|
How do you remove all ACL entries on a file?
Actually set it to default? |
setfacl -b /root/turtle.txt
|
|
How do you set up fstab to be ACL friendly?
|
/dev/mapper/vg_humu-lv_root / ext4 defaults,acl 1 1
|
|
How would I give ACL rights to a group named triggers?
|
setfacl -m g:triggers:x /root/
|
|
You can set up ACLs using Users and Groups, but what
about Other? |
You can set this the same way, but it uses UGO rights
to set other to have the rights on the file/folder (so a setfacl -b or -x won't work on other once set, need to use a chmod command to remove) |
|
What are the ACL switches?
Which ones are commonly used? |
-b Removes all ACL entries for ALL users, retains UGO
-m modifies the ACL (common) -n omits the mask in recalculating permissions -R applies changes recursively -x remove a specific entry (common) |
|
Give humu read rights to everything in /var/ and sub
folders |
setfacl -R -m u:humu:r /var/
|
|
When you set ACLs for a user/group, is it additive?
|
No, it resets like chmod does
|
|
How would you remove humu's ACL rights recursively to
to /var/ directory? |
setfacl -R -x u:humu /var/
|
|
Use ACLs to deny humu rights to /etc/passwd
|
setfacl -m u:humu:--- /etc/passwd
This can of course be done recursively to directories as well setfacl -R -m u:humu:--- /etc/ |
|
How do you implement an ACL mask?
|
setfacl -m mask:r-- /etc/passwd
|
|
What happens to the ACLs with symbolic and hard links?
|
They are accessible from them
|
|
What happens to the ACLs on copied files?
|
They are set to default on the destination
|
|
What file can you open to tell you all the ports to services?
|
/etc/services
|
|
What port is FTP?
|
21
|
|
What port is SSH?
|
22
|
|
What port is Telnet?
|
23
|
|
What port is SMTP?
|
25
|
|
What port is DNS?
|
53
|
|
What port is Kerberos?
|
88
|
|
What port is POP?
|
110
|
|
What port is NetBIOS?
|
139
|
|
What service is port 21
|
FTP
|
|
What service is port 22
|
SSH
|
|
What service is port 23
|
Telnet
|
|
What service is port 25
|
SMTP
|
|
What service is port 53
|
DNS
|
|
What service is port 88
|
Kerberos
|
|
What service is port 110
|
POP
|
|
What service is port 139
|
NetBIOS
|
|
What is the format for the iptables command?
|
iptables -t tabletype <action direction> <Packet Pattern> -j <What to do>
|
|
What are the four different parts of an iptables command?
|
Table Type
Action Direction Packet Pattern What to do |
|
What are the options for the tabletype portion of the
iptables command? |
filter (default) (will occur if -t tabletype is left out)
nat |
|
What are the options for the Action Direction portion of
the iptables command? |
-A Append - appends rule to the end of the chain
-D Delete -L List -F Flush - Flushes all rules until next reboot |
|
What are the options for the Packet Pattern portion of
the iptables command? |
There are lots. Example of using an IP pattern is
-s ip_address (all packets are checked for a specific source IP) -d ip_address (all packets are checked for a specific destination IP) |
|
What are the options for the What to Do portion of
the iptables command? |
DROP Packet dropped with no message sent to requesting computer
REJECT Packet dropped and message sent to requesting computer ACCEPT Packet is allowed to proceed with -A and the following action: INPUT OUTPUT FORWARD |
|
how do you launch the console type firewall configurator?
|
system-config-firewall-tui
|
|
How do you restore the firewall from a backup stored as
/etc/sysconfig/iptables_backup? |
cp /etc/sysconfig/iptables_backup /etc/sysconfig/iptables
service iptables restart |
|
What are two ways to set up SELinux?
|
Run setenforce enforcing or setenforce permissive
Edit /etc/sysconfig/selinux file Reboot |
|
In SELinux, what are the three different contexts and
what do they do? |
subjects - a process such as a command in action or Apache in operation
objects - a file actions - what the subject may do to an object |
|
What are the default modes for SELinux with RHEL6 install?
|
Enforcing and Targeted
|
|
What is the caveat with using the setenforce command
|
You can use setenforce to toggle between permissive and enforcing
BUT if SELinux is disabled, you will have to edit /etc/sysconfig/selinux and reboot and wait for a relabel |
|
How do you see the SELinux context of a particular file?
|
ls -Z
|
|
How do you get the SELinux privileges for the logged in user?
|
just id (for a more complete list) or id -Z (for just SELinux stuff)
if the results say unconfined, the user is not configed |
|
Where are the selinux stuff stored?
Booleans Selinux configuration? selinux Audit Log |
/selinux/booleans/ (directory)
/etc/selinux/config (file) Link to the config is in /etc/sysconfig/selinux /var/log/audit/audit.log |
|
How do you set the SELinux context of say
/var/ftp/pub/newfolder to the same context as /pub? |
chcon -R --reference /var/ftp/pub /var/ftp/pub/newfolder
|
|
What log file would be like the windows security log file?
|
/var/log/secure (file)
|
|
How do you install the selinux gui configurator?
|
Install policycoreutils-gui
This will also install the semanage command |
|
How do you look at and set SELinux booleans?
|
getsebool
setsebool -P user_ping 1 (or 0) |
|
What command can you use (instead of the GUI) to see
the confined status of each user on the system? |
semanage login -l
|
|
How do you set humu to be a confined user?
|
semanage login -a -s user_u humu
|
|
What entry do you put in fstab to mount the iso to media
on boot up? |
/iso/rheliso.iso /media iso9660 loop,ro,auto 0 0
|
|
say you ran chcon -R --reference / /var/ftp/pub
How would you fix the SELinux context? |
restorecon /var/ftp/pub
|
