Reading...
Play button
Play button
Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
33 Cards in this Set
- Front
- Back
|
How would you tell apache that your content is in /usr/local/www?
|
In the /etc/httpd/conf/httpd.conf I would specify
DocumentRoot /usr/local/www |
|
|
How would you instruct an Apache server to listen on port 81 instead of port 80?
|
Add the "listen 81" line to the /etc/httpd/conf/httpd.conf file
|
|
|
How would you enable Sam to publish web pages from his ~/webiste directory but not allow anyone else to publish to the web?
|
Edit /etc/httpd/conf/httpd.conf
add UserDir enabled sam |
|
|
Apache must be started with root privileges. Why? Why does this action not present a security risk?
|
It must be in root because apache listens on port 80, which is a privileged port. It is not a threat because once apache has started using the port it releases the root privileges.
|
|
|
Assume you want to provide Webmail access for employees on the same server that hosts the corporate website. The website address is example.com you want to use mail.example.com for the webmail and you want the webmail application located in the /var/www/webmail. Describe two ways to do this.
|
1. You could use a virtual server of mail.example.com and have it files located in /var/www/webmail
2. Create a new server of mail.example.com and point it at /var/www/webmail with DocumentRoot |
|
|
Describe how you would prevent people outside the company's internal 192.168.0.0/16 network from accessing this site. Defined as.
<virtualHost *> ServerName example.com DocumentRoot /var/ww <Directory /var/www/intranet> AllowOverride AuthConfig </Directory> </VirtualHost> |
First you would add the following lines into the httpd.conf file.
<Directory /var/www/html/corp> Order deny,allow Deny from all Allow from 192.168. </Directory> Then you would create a .htaccess file that looked like this: Order deny, allow Deny from all Allow from 192.168. |
|
|
How would you remove all iptables rules and chains, but not change policy?
|
Iptables --delete-chain
|
|
|
How would you list all current iptables rules?
|
Iptables --list
|
|
|
How is configuring iptables different from configuring most linux services?
|
Instead of having to use an editor to go into a file and add rules, you just use the Iptables command to add rules. Also you do not need to restart the Iptables service every time you add a rule.
|
|
|
Define an iptables rule that will reject incoming connections on the TELNET port.
|
iptables -A INPUT --append FORWARD --sport telnet -j REJECT
|
|
|
What does NAT stand for? What does the NAT table do?
|
Network Address Translation. A NAT tables rewrites the destination address of a packet. It translates one IP address into another.
|
|
|
What does the conntrack module do?
|
The conntrack module provides information on the state of a packet. This allows you to define rules that match criteria based on the state of the connection the packet is part of. This module handles connection tracking.
|
|
|
What do rule match criteria do? What are they used for?
|
Rule match criteria identify existing rules.
|
|
|
What do packet match criteria do? What are they used for?
|
Packet match criteria identify network packets and implement rules that take action on packets that match that criteria. It is used to identify which packets need to be filtered based on some rules. It implements rules that take action on packets that match a certain criteria.
|
|
|
Which utilities copy packet filtering rules to and from the kernel? How do they work?
|
The Iptables-save utility copies packet filtering rules to and from the kernel
|
|
|
Write a rule that will silently block incoming SMTP connections from 10.10.10.10.
|
Iptables –append FORWARD --dport smtp --source 10.10.10.10 –jump DROP
|
|
|
Which are the two daemons of the samba suite? What does each do?
|
The two daemons that are part of the samba suite are smbd and nmbd. Smbd provides file and print services, while nmbd provides browsing support and netBios name service.
|
|
|
What steps are required for mapping a windows user to a different Linux user?
|
In order to map a windows user to a Linux user you need to set the “username map” parameter in the smb.conf file to point to the map file. This file is usually located at /etc/samba/smbusers. Once you have done that you need to assign a Samba password to the user.
|
|
|
How can a system administrator add a samba password for a user
|
smbpasswd
|
|
|
What is the purpose of the [home] share? Should this share be browsable? Why?
|
The [homes] share shares the home directory of each user without having to define it specifically. It should be browseable only to the user and not to everyone. Only the user needs to access his/her home drive.
|
|
|
Describe how samba's handling of users differs from that of NFS?
|
With an NFS share they are mounted by root and NFS maps users on the client to users on the server. With Samba a share is mounted by a non-root user and all accesses to the share is under that users name.
|
|
|
Which configuration changes would you need to apply to routers if they wanted to allow SMB/CIFS browsing across multiple subnets without configuring master browsers?
|
Since routers don’t usually allow broadcast packets to travel between subnets and since browsing uses broadcast you would need to configure the router to forward the broadcast packets between the subnets.
|
|
|
How could you use swat securely from a remote location?
|
To provide the most secure connection you would want to use swat through SSL option. This encryption on the remote connection.
|
|
|
WINS resolution allows hosts to define their own named. Suggest a way to use Samba to assign named from a centralized list.
|
One way is to configure the Samba server to act like a WINS server. To do this you would enable a DNS proxy mode and keep the centralized list in DNS and configure each of the clients to use WINS. If the NetBios fails to resolve than the Samba server will use DNS to resolve the systems name.
|
|
|
By default email's sent to a system goes to root. How would you also save a copy in /var/logs/systemmail?
|
I would edit the /etc/aliases file and include “system: root, /var/logs/systemmail”
|
|
|
How would Max store a copy of his email in ~/mbox and send a copy to max@example.com?
|
Create a forward file.
create sam/.forward and add ~/mbox max@bravo.com \max |
|
|
If you firewall allows only the machine with the IP address 192.168.1.1 to send email outside the network, how would you instruct the local copy of sendmail to use this server as a relay?
|
edit the /etc/mail/access and add the following
Connect 192.168.1.1 RELAY |
|
|
What does dnl stand for in the m4 macro language? what are dnl commands used for?
|
Delete to new line, its used like a comment
|
|
|
Describe the software and protocols used when Max sends an email to Sam on a remote Linux system?
|
a. Max’s MUA sends the email to sendmail.
b. Then the sendmail uses SMTP to deliver the email to the sendmail on Sam’s system. c. Then Sam’s sendmail sends the email to the MDA. d. Then the MDA stores the email in the spool directory e. Then Sam’s MDA grabs the email from the spool directory |
|
|
Give a simple way of reading your email that does not involve the use of an mua
|
use the mail command or look in the /home/user/Maildir
|
|
|
If you accidentally delete /etc/alisases file how could you easily re-create it?
|
praliases > /etc/alsiases
|
|
|
What does NFS stand for
|
Network File System
|
|
|
What does DNS stand for
|
Domain Name Services
|
