Reading...
Play button
Play button
Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
126 Cards in this Set
- Front
- Back
|
1 Use two different methods to identify the CPU architecture of the system
|
uname -p
cat /proc/cpuinfo |
|
|
2 do an MD5 and a sha256 checksum on the hosts file
|
md5sum /etc/hosts
sha256sum /etc/hosts |
|
|
3 mount /test.iso to /media
|
mount -o loop /test.iso /media
|
|
|
4 check the mode that selinux is in
|
sestatus
|
|
|
5 look at the status of what is being allowed with iptables
|
iptables -L
|
|
|
6 go to console 3 using a key combo
|
ctl-alt-f3
|
|
|
7 go to the GUI console using a key combo
|
ctl-alt-f1
|
|
|
8 go to the directory that contains the different shells
|
/bin/ bash dash tcsh zsh
|
|
|
9 ping yahoo.com and output the good to /good.txt and output the bad to /bad.txt
make sure it doesn't overwrite any previous entries |
ping yahoo.com >> /good.txt 2>> /bad.txt
|
|
|
10 change yahoo.com to something that doesn't exist and verify good and bad have
something in them |
ping yahojfdfjdkjfldk.com >> /good.txt 2>> /bad.txt
|
|
|
11 display your path
|
echo $PATH
|
|
|
12 create a directory named /humu and add it to root's path
Now add this to the path for everybody |
edit /root/.bash_profile and add :/humu to PATH=$PATH:$HOME/bin
edit /etc/profile.d/custom.sh (new file) and add PATH=$PATH:/humu |
|
|
13 Add a 4 GB disk and scan it in. Create an LV with an encrypted filesystem
and make it prompt for a password |
0
|
|
|
14 Revert to snapshot, then add two disks. Create a LV and mount it, then extend
the LV to the second disk |
0
|
|
|
15 Revert to snapshot then add a disk and create a standard mount disk and
create an encrypted file system on it. Make sure it doesn't prompt for password then change it to prompt for password |
0
|
|
|
16 Revert to snapshot and add a 2 GB and a 3 GB disk
Use the 2 GB disk to extend the VG and then extend the swap lv by 2 GB Use the 3 GB disk to create an additional swap file and add it to overall swap |
0
|
|
|
17 Revert to snapshot and do a mkdir /dev/vg_test
Edit fstab and add /dev/vg_test /t ext4 defaults 1 1 reboot and fix it. Once fixed, remove these entries. |
0
|
|
|
18 Display the messages hidden by the splash screen on bootup
|
dmesg |less
|
|
|
19 Do a directory listing and display the SELinux attributes
|
ls -Z
|
|
|
20 Create a user from scratch
|
vipw (Opens /etc/passwd)
passwd newuser vigr vigr -s Create users home directory in /home/newuser chown newuser:newuser /home/newuser chmod 700 /home/newuser cp -r /etc/skel/. /home/trigger |
|
|
21 create a file /home/humu/linkme.txt and add the word crab to it
create a hard link in / to it named tt.txt create a soft link in root to the same file named test.txt |
ln /home/humu/linkme.txt /tt.txt
ln -s /home/humu/linkme.txt /test.txt |
|
|
22 create the following directory structure in one command:
/test/me/for/multiple/dirs |
mkdir -p /test/me/for/multiple/dirs
|
|
|
23 Make stuff go to a hidden trashcan in root when rm is used
|
edit /root/.bashrc
Change alias rm='rm -I' to alias rm='mv -t /root/.trash' save file mkdir /root/.trash |
|
|
24 Automount humu's home directory on ssc02nas assuming home is in the root of ssc02nas
|
Edit auto.master:
/home /etc/auto.home Edit auto.home * -fstype=nfs,rw,tcp,etc. ssc02nas:/vol/home/& |
|
|
25 find all files with host in the name under the /etc directory only
|
find /etc -name host*
|
|
|
26 update the locate command's database
Background the job so you can get the prompt back |
/etc/cron.daily/mlocate.cron
Ctrl-Z bg |
|
|
27 read the last 5 lines of the security log
now follow the security log Now have it alert you whenever you have a security event while you are working Stop the backgrounding |
tail -n 5 /var/log/secure
tail -f /var/log/secure CTRL -z bg fg ctrl -z |
|
|
28 List the passwd file in alphabetical order
|
sort /etc/passwd
|
|
|
29 Count the number of lines, words, and characters in /etc/passwd
|
wc /etc/passwd
|
|
|
30 find all man pages with nfs in the title
find all man pages with nfs in the description |
whatis nfs
apropos nfs |
|
|
31 use a command that gives you a hyperlinked help file
|
info
|
|
|
32 update the man pages with data from newly installed packages
|
/etc/cron.daily/makewhatis.cron
|
|
|
33 List the runlevels that the network service is set to start in
List all adapters, not just active ones Bring your active adapter down then up |
chkconfig --list network
ifconfig -a ifconfig eth0 down then ifconfig eth0 up |
|
|
34 Editing network files
Go to where you change your host name Run command to look at or change your hostname Add a DNS server Edit the DNS suffix search order Networking isn't working |
/etc/hosts and /etc/sysconfig/network
hostname /etc/resolv.conf and /etc/sysconfig/network-scripts/ifcfg-eth0 /etc/resolv.conf look at /etc/sysconfig/network |
|
|
35 Launch the GUI network editor
|
nm-connection-editor
|
|
|
36 Edit the file that allows you to reference DNS before Hosts file
|
/etc/nsswitch.conf
|
|
|
37 Remove the certmonger service and re-add it
|
chkconfig --del certmonger
chkconfig --add certmonger chkconfig --list certmonger chkconfig certmonger on service certmonger start |
|
|
38 Make certmonger only start in RL 3
|
chkconfig certmonger off
chkconfig --level 3 certmonger on |
|
|
39 Create a folder /humu Assign it rwxr-xr-x rights using numbers
Add write permissions to everyone using letters Remove write permissions from owner using letters |
chmod 755 /humu
chmod o+w /humu chmod u-w /humu |
|
|
40 Set up the passwd command to run as the owner (root) when run for any user
|
chmod u+s /usr/bin/passwd
|
|
|
41 Set up the ssh-agent (in /usr/bin) to run as the group when executed by users
|
chmod g+s /usr/bin/ssh-agent
|
|
|
42 Create a folder called /home/fishshared and make is so that the group "fish" has
access rights (and obtains ownership) regardless of who drops files there |
mkdir /home/fishshared
create a group called fishgroup with a GID really high Add your various triggers to the group chown nobody.fishgroup /home/fishshared chmod 070 /home/fishshared ----at this point your triggers can add files, but they can't be read by anybody else chmod 2070 /home/fishshared -or- chmod 070 /home/fishshared and chmod g+s /home/fishshared Now they become the groups' files when writted by a user -optional- Run chmod o-rwx /home/fishshared/* to remove any existing rights Run chown nobody.fishgroup /home/fishshared/* to fix any old rights |
|
|
43 Set up the /tmp directory so that when users place files there, they keep ownership
|
chmod o+t /tmp
|
|
|
44 run an ls -la of / what does the . Mean at the end of rights? What if there was a +?
|
Means it's under control of selinux
+ would mean ACL applied |
|
|
45 Using special file attributes, make is so that /humu can only be edited, not deleted
Change the attributes so that you can't even add to humu as well as not delete change the attributes so that you can backup the folder Remove these limits |
chattr +a /humu
chattr +I /humu chattr +d /humu chattr -aid /humu Use lsattr to list |
|
|
46 Edit the file that has the default umask
What is the default umask for root? What is the default umask for users 200 and above? How do these default umasks work? Map it out. Finally, run a command to see your umask |
/etc/bashrc
022 002 File is 666, directory is 777 Default for root is file 644 and directory 755 Default for users is file 664 and directory 775 umask |
|
|
47 Create a file named turtle.txt in /root/ and give humu full rights to this file only
|
setfacl -m u:humu:x /root
setfacl -m u:humu:rwx /root/turtle.txt |
|
|
48 Create a file named fishgroup.txt in /root/ and give the group "fish" full rights
Humu is a member of this group from a previous exercise, so test his access before and after |
setfacl -m g:fish:rwx /root/fishgroup.txt
|
|
|
49 Remove the group "fish"'s rights to /root/fishgroup.txt
|
setfacl -x g:fish /root/fishgroup.txt
|
|
|
50 Create a directory and file in /root/test/testing/greenbean.txt and give humu rwx
Verify his rights Remove humu's rights to everything in /root/ and subdirectories Remove all ACL entries on /root/ (actually setting back to default of ugo only) Remove all ACL entries on /root/ and all subdirectories |
mkdir -p /root/test/testing
getfacl /root/test/testing/greenbean.txt setfacl -R -x u:humu /root/ setfacl -b /root/ setfacl -R -b /root/ |
|
|
51 Give humu read rights to everything in /var/ and all it's subdirectories
|
setfacl -R -m u:humu:r /var
|
|
|
52 Give humu r and x rights to /var/games
now give humu write rights using setfacl -m u:humu:w games What happened? |
setfacl -m u:humu:rx games
setfacl -m u:humu:w games Rights are not additive, the w right overwrote all rights |
|
|
53 Give humu rights to /var/ of execute and /var/spool of rwx and verify
Add a mask to /var/spool that allows nothing through Verify humu can't access Add acl rights for humu but make sure you don't affect the mask Verify humu can't access and look at the ACL Add acl rights for humu, but allow it to change the mask Verify humu has access |
setfacl -m u:humu:x /var setfacl -m u:humu:rwx /var/spool
setfacl -m mask:--- /var/spool also chmod o-rx /var/spool setfacl -n -m u:humu:rwx /var/spool setfacl -m u:humu:rwx /var/spool |
|
|
54 Use ACLs to deny access for humu to his home directory
Why didn't this work? Use acl's to deny access for humu to /humu which is owned by root and def. ugo rights How would I deny humu access to all files he is not owner of in /etc and subdirctories? Poor Humu -:() |
setfacl -m u:humu:--- /home/humu
Because humu is the owner and ugo rights gave him access setfacl -m u:humu:--- /humu setfacl -R -m u:humu:--- /etc |
|
|
55 If I were to set acl for humu to a file what would be his access to hard and soft links?
If I copy a file humu has access to to another directory, does he retain acl rights? |
same
no they are set to DEFAULT for the destination |
|
|
56 Backup the firewall
|
cp /etc/sysconfig/iptables
|
|
|
57 Find the file that lists all services and their ports
|
/etc/services
|
|
|
58 Launch the console type firewall configurator and add the ports for VNC
|
system-config-firewall-tui
Go to forward and add: 5900 tcp 5900 udp 5901-5905 tcp |
|
|
59 Look at SELinux's status
Disable SELinux by editing a file Change the enforcing mode back to on, but permissive using a command |
sestatus
edit /etc/sysconfig/selinux and change enforcing to disabled /etc/sysconfig/selinux file and change disabled to permissive and reboot |
|
|
60 List the SELinux context of /etc/hosts
Set the context of /etc/hosts to the same as /var/log/secure Now change the SELinux context for /etc/hosts back Tail the log for SELinux |
ls -Z /etc/hosts
chcon -R --reference /var/log/secure /etc/hosts restorecon /etc/hosts tail /var/log/audit/audit.log |
|
|
61 Install the SELinux GUI configurator
|
rpm -I policycoreuitls
|
|
|
62 Set up the /test.iso to mount to /media automatically
Test this using mount -a and then revert to snapshot |
/test.iso /media iso9660 loop,ro,auto 0 0
|
|
|
63 Change the root password to something else and try to recover your password
after rebooting using a command and a file edit |
Run vipw -s and remove the entire hash
run passwd -d root Both will make a blank password |
|
|
64 Boot into a mode that will not load any init related files and then mount as RW
and edit fstab in RW mode |
use init=/bin/sh (this has to be exactly correct)
mount -o remount / |
|
|
65 Rename grub.conf to grubby.conf and reboot
Find the partition with the /boot directory (2 ways)? Now read the grub file Make the system boot and rename grub.conf back |
Use command root
find /grub/grubby.conf cat (hd0,0)/grub/grubby.conf Manually enter root=, kernel=. And initrd= |
|
|
66 What are the runlevels?
|
0 - Halt
1 - Single User 2 Multi User with some network 3 Multi with full network 5 GUI 6 reboot (Don't set this) |
|
|
67 What if you've edited the iptables file, how do you implement your changes, Issue
the command |
service iptables reload
|
|
|
68 get a list of all runlevels of all services
Get a list of runlevels for certmonger Set up certmonger to run in RL 3 and 5 only Set up certmonger to run in RL 2,3,5 using a console utility Which runlevels does this console utility use by default? |
chkconfig --list
chkconfig --list certmonger chkconfig certmonger off then chkconfig --level 35 certmonger on ntsysv --level 235 Only the current one if you don't specify --level |
|
|
69 Change the number of consoles from 6 to 7 and test
|
Edit /etc/sysconfig/init
Edit /etc/init/start-ttys.cong Reboot and test ctrl-alt-F7 |
|
|
70 what happens when you chkconfig certmonger on?
|
In /etc/rc3.d and rc5.d, K01certmonger changes to S99certmonger
|
|
|
71 look at the routing table
|
netstat -nr
-or- route |
|
|
72 Delete the default gateway
Add the gateway back in |
route del default gw 192.168.0.1
route add default gw 192.168.0.1 |
|
|
73 Launch the GUI network configurator
|
nm-connection-editor
-or- setup |
|
|
74 Change the default runlevel
Where are all the config files that used to be here? |
edit /etc/inittab
/etc/init/* |
|
|
75 Make a note of the location of the LV for where root is
Rename grub.conf to grubby.conf Reboot and get the system booted manually |
Find the location of the first drive by running 'root'
kernel=(hd0,0)/[TAB] root=/dev/mapper/vg_new-lv_root initrd=(hd0,0)/[TAB] boot |
|
|
76 Add a 4GB disk and create a VG and LV
Make a ext2 filesystem Change the filesystem to ext3 Change the filesystem to ext4 |
tune2fs -j /dev/sdb1
unmount it tune2f2 -O extents,uninit_bg,dir_index /dev/sdb1 |
|
|
77 Add a 8 GB disk and extend the 4GB VG in 76 to it.
Only extend the LV by 4 GB Only extend the filesystem by it by 1.99 GB |
lvextend -L+3.99G -n /dev/vg_fish/lv_fish
resize2fs /dev/vg_humu/lv_humu 1999M (5900 because you enter the final size here (4.0 +1.9 = 5.9) |
|
|
78 What are the two fstab numbers at the end of each entry?
|
The first is the dump value. 0 dumps it, 1 saves to disk upon exit of Linux
The second value is the filesystem check order. root 1 removable 0 All else 2 |
|
|
79 Add the following entries to fstab:
A NAS share from server nasshare1 on /vol/ingenix to /nas/sftp An SMB share from //dc1/pub to /share |
nasshare1:/vol/ingenix /nas/sftp nfs rw,tcp,rsize=8192,wsize=8192,timeo=14,intr,upd 0 0
//server/pub /share cifs rw,username=user,password=pass 0 0 |
|
|
80 now mount that SMB share using a secret passowrd
|
//server/pub /share cifs rw,credentials=/etc/secret 0 0
make /etc/secret and chmod it to 600 username=user password=password |
|
|
81 Display all the automounter files
Make sure to automounter service is enabled |
go to etc and ls auto*
service autofs status Look at /etc/auto.misc for examples |
|
|
82 Set up a local repository using FTP
Set one up using HTTP |
Install vsftpd (Don't forget to chkconfig and start it)
Install FTP (so you have a client) Move /disc into /var/ftp/pub/ Edit /etc/yum.repos.d/trigger.repo [triggerfish] name=Chucks Super Triggerix Repository baseurl=ftp://anonymous:anonymous@172.20.165.30/pub run: rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release yum clean all yum update chcon the disc folder when this doesn't work |
|
|
83 List all packages installed
|
rpm -qa
|
|
|
84 Look at the shadow file and figure out which encryption algorithm is being used
|
vipw -s and the algorithm starts with $6 which means SHA-512 ($1 would be MD5)
|
|
|
85 Change the password hash used from SHA-512 to MD5
Where can you change all the defaults for logins in a file? |
system-config-authentication
/etc/login.defs |
|
|
86 Explain the defaults of umask? (Again)
|
Default access modes for Directories are 777 and files are 666
Default umask for root is 022 = 755 (rwxr-xr-x) Dir and 644 (rw-r--r--) files Default umask for anybody above 200 is 002 = 775 (rwxrwxr-x) dirs and 664 (rw-rw-r--) for files |
|
|
87 make it so that root can't log into any console
How would you get in to the system if you locked out root from all consoles? |
Edit /etc/securetty and comment out everything, even console
The vc and tty need to both be commented out together for each console Log into the GUI as it's not affected by this file Log in as another user and su to root use single user mode |
|
|
88 Change the default RL to 3 and reboot
Log in and change to RL 5 from the command line |
Edit /etc/inittab
init 5 |
|
|
89 How would you go about controlling user's access from remote with all sorts of options
Make it so that user humu can only access from the local system |
First, add "account required pam_access.so" to /etc/pam.d/sshd (Place it above the other "account required" entry)
now, edit /etc/security/access.conf and mess with the options |
|
|
90 Limit su access to only humu and test it with another user
|
Create a user named chuck
Edit /etc/pam.d/su and uncomment the noted section Add humu to the wheel group |
|
|
91 Log in as Humu and run /sbin/fsck under root without logging out/in
What is the difference betweeen su - root and just su root? |
su -c /sbin/fsck
su by itself will not ask for a password unless from a lower user to root (This is used for just running commands as another user) su - will ask for password and actually move you into the user's shell |
|
|
92 Set up a test case for sg to work. It won't because of a bug though
|
Create a group named fish
Don't add any users to the group gpasswd fish to set the group password create a file called crab.txt and give nobody:fish and 070 rights from humu's account, sg fish -c 'cat crab.txt' -or- sg fish |
|
|
93 give the fish group access to shutdown the system, and make humu a member
Explain the layout of the standard sudo entry |
visudo and change the last line to %fish ALL=/sbin/shutdown - now
-or- %fish new.example.com=/sbin/shutdown -now jim (1)ALL= (2)(ALL) (3) ALL (1) On all systems (including this one) (2) As all users, you could put in (root,chuck) and he could run as either using sudo -u chuck (3) commands allowed to run |
|
|
94 Create a directory for all fish that uses SGID so the files become the groups files no
matter what user drops them there Test with humu before finalizing the SGID to verify rights are working |
mkdir /home/fishshared
create a group called fishgroup with a GID really high Add your various triggers to the group chown nobody.fishgroup /home/fishshared chmod 070 /home/fishshared ----at this point your triggers can add files, but they can't be read by anybody else chmod 2070 /home/fishshared -or- chmod 070 /home/fishshared and chmod g+s /home/fishshared Now they become the groups' files when writted by a user -optional- Run chmod o-rwx /home/fishshared/* to remove any existing rights Run chown nobody.fishgroup /home/fishshared/* to fix any old rights |
|
|
95 Install VNC
|
yum install: vinagre, tigervnc, tigervnc-server
|
|
|
96 Set up preferences for the Gnome VNC client
|
vino-preferences
|
|
|
97 Set up a user for VNC on port 5903
|
vncserver :3
|
|
|
98 Create a folder named zip and add crab.txt
Zip and unzip the file only using gzip Zip and unzip the file only using bzip tar up the folder and use gzip then extract it using tar tar up the folder and use bzip then extract it using tar |
gzip crab.txt then gzip -d crab[TAB]
bzip2 crab.txt then bzip2 -d crab [TAB] tar czvf zip.tar.gz /zip then tar-xzvf zip.tar.gz tar cjvf zip.tar.bz /zip then tar -xjvf zip.tar.bz |
|
|
99 run a PS command to only show user processes from humu
run a PS command to show running processes from all users run a PS command to show running processes from all users but with PIDS |
ps -u humu
ps -aux ps -axl |
|
|
100 Launch Firefox
Look at it's nice level Change it's nice level from what it is to the highest level Change firefoxes nice to the lowest priority Kill firefox - Check for dependencies first |
ps -axl |grep firefox
renice -20 3005 renice -20 3022 renice 19 3005 renice 19 3022 pstree to check it's dependents ps -axl |grep firefox Find the first PID on the left and kill -9 3022 You could also use top to try to kill it |
|
|
101 Get a ten minute scheduled report of system activity
Get a detailed report |
sar
sar -A |
|
|
102 Change the amount of time the log files are kept from 7 days to 10
Edit the file that controls what is logged in the logs Edit the file that handles how the logs are rotated |
/etc/sysconfig/sysstat
/etc/rsyslog.conf /etc/logrotate.conf |
|
|
103 Restrict cron access to only humu (no root or anything)
Restrict cron access to root only Restrict cron access so everybody except humu can use it |
Edit cron.allow and add humu only.
Either edit cron.allow and only have root in there or delete both files Edit cron.deny and add humu, make sure he isn't in cron.allow |
|
|
104 Set up a cron job for yourself that exports an ls of / every 2 minutes
What if you wanted it to run every hour from 7-10 Now list your entries Where would you find a good example of cron commands? Go to the directory that contains your jobs |
crontab -e
*/2 * * * * ls / >> /ls.txt * 7-10 * * * ls / >> /ls.txt crontab -l /etc/crontab /var/spool/cron/{users name} |
|
|
105 set up a one time command to write the date and time to a file at 6:00pm
Now look at your AT jobs Cancel the job you just created |
at 18:00 04/29/12
date >> /date/txt CTRL-D atq atrm |
|
|
106 Configure logging for the vsftpd service
|
/etc/vsftpd/vsftpd.conf
also in '/var/log/xferlog |
|
|
107 Set up LDAP (May need to get an LDAP server)
|
system-config-authentication
|
|
|
108 Mess with KVMs
|
0
|
|
|
109 Mess with SELinux
|
0
|
|
|
110 Secure the GRUB bootloader
1. with a password before editing it 2. With a password before selecting an option |
1. Run grub-md5-crypt to create a hash from a password
Add password --md5 DFSDFSDFERWE#$!@ just above the first stanza (before title) 2. Run grub-md5-crypt to create a hash from a password Add password --md5 DFSDFSDFERWE#$!@ anywhere inside the stanza (after title) |
|
|
111 Upgrade the Kernel
|
Use rpm -ivh newkernel or yum install kernel (The key is to use install, NEVER upgrade)
|
|
|
112 Find out which .conf files have changed since the system was installed
|
rpm -Va
|
|
|
113 Install RPM package zsh-4.3.10-4.1.el6.x86_64.rpm from another system using the RPM command over FTP
|
rpm -ivh ftp://anonymous:anonymous@192.168.0.195/pub/disc/Packages/zsh-4.3.10-4.1.el6.x86_64.rpm
|
|
|
114 edit the file that contains all the RPMs that were installed during system installation
|
/root/install.log
|
|
|
115 Assuming you've installed all the RPM-GPG-KEYs, how would you validate a package?
|
rpm -k rpmlocation&name
|
|
|
116 When running sudo as humu, what password do you use?
|
Humu's password
|
|
|
117 Set up a cron job to run at 4:42 am on the third day of each month
Set up another cron job that will run at 4:00am every week |
crontab -e
42 4 3 * * 00 4 * * 0 <--- 0 is Sunday |
|
|
118 Look for and then add the kvm module to the kernel
|
lsmod | grep kvm
modprobe kvm |
|
|
119 go to the directories that contain the virtual machine's xml files and the one that contains the disks
|
/etc/libvirt/qemu/ XML files
/var/lib/libvirt/images/ Disks |
|
|
120 When using telnet to test ports what do each of these responses mean?
1 no route to host 2 connection refused 3 Connected |
1 Firewall is on and is blocking this port
2 Firewall is on, hole is in place, but nothing listening on this port -or- firewall off, nothing on this port 3 Firewall is either off or has a hole and something is actively listening on the port |
|
|
121 What is a good port scanning tool?
|
nmap
|
|
|
122 What is the ftp program that automatically uses anonymous for logging in?
|
lftp
|
|
|
123 Remount / for ACLs
|
mount -o remount,acl /
|
|
|
124 Install the SELinux GUI configurator
How do you see the SELinux privileges for the logged in user? |
rpm -ivh policycoreutils-gui
id or id-Z |
|
|
125 What are the three different ways to boot the system by editing the grub.conf during boot?
|
1 - boots straight into root admin account
single - Everything but read scripts in /etc/rc1.d init=/bin/sh - Does not load any init stuff and mounts / in ro |
|
|
126 Change the VNC password
|
remove /root/.vnc/passwd
run vncserver :3 again |
