Linux

Question 1

Where would you find user account information?

File Location

Answer 1

/etc/passwd

Question 2

Where would you find account password hashes?

File Location

Answer 2

/etc/shadow

Question 3

pwck

Command

Answer 3

Verifies each line in the /etc/passwd and /etc/shadow files and identifies discrepencies.

Question 4

pwconv

Command

Answer 4

Adds the necessary information to synchronize the /etc/passwd and /etc/shadow files.

Question 5

Where would you find group information?

File Location

Answer 5

/etc/group

Question 6

Where would you find the default values used by the useradd command?

Answer 6

/etc/default/useradd

Question 7

/etc/login.defs

Reminder

Answer 7

The /etc/login.defs file contains:
- Values used for the group and user ID numbers.
- Parameters for password encryption in the shadow file.
- Password expiration values for user accounts.

Question 8

/etc/skel

Reminder

Answer 8

The /etc/skel directory contains a set of configuration file templates that are copied into a new user’s home directory when it is created, including the following files:
- .bashrc
- .bash_logout
- .bash_profile
- .kshrc

Question 9

useradd

Command

Answer 9

Adds a new user.

Question 10

useradd -c

Option

Answer 10

Adds a description for the account in the GECOS field.

This changes the full name of the account.

Question 11

useradd - m

Option

Answer 11

Creates the user’s home directory (if it does not exist)

Question 12

useradd

Option List

Answer 12

• -c adds a description for the account in the GECOS field of /etc/passwd.
• -d assigns an absolute pathname to a custom home directory location.
• -D displays the default values specified in the /etc/default/useradd file.
• -e specifies the date on which the user account will be disabled.
• -f specifies the number of days after a password expires until the account is permanently disabled.
• -M defines the secondary group membership.
• -m creates the user’s home directory (if it does not exist).
• -n does not create a group with the same name as the user (Red Hat and Fedora, respectively).
• -p defines the encrypted password.
• -r specifies that the user account is a system user.
• -s defines the default shell.
• -u assigns the user a custom UID. This is useful when assigning ownership of files and directories to a different user.

Question 13

passwd

Command

Answer 13

Assigns or changes a password for a user.

Question 14

passwd

Option List

Answer 14

• -S username displays the status of the user account. LK indicates that the user account is locked, and PS indicates the user account has a password.
• -l disables (locks) an account. This command inserts a !! before the password in the /etc/shadow file, effectively disabling the account.
• -u enables (unlocks) an account.
• -d removes the password from an account.
• -n sets the minimum days before a password can be changed.
• -x sets the number of days before a user must change the password (password expiration time).
• -w sets the number of days before the password expires that the user is warned.
• -t sets the number of days following the password expiration that the account will be disabled.

Question 15

usermod

Command

Answer 15

Modifies an existing user account.

Question 16

usermod

Option List

Answer 16

• -c changes the description for the account.
• -l renames a user account.
• -L locks the user account. This command inserts a ! before the password in the /etc/shadow file, effectively disabling the account.
• -U unlocks the user account.

Question 17

userdel

Command

Answer 17

Removes a user account.

Question 18

userdel -r

Option

Answer 18

Removes the user’s home directory.

Question 19

userdel

Option List

Answer 19

• userdel [username] (without options) removes the user account.
• -r removes the user’s home directory.
• -f forces removing the user account even when the user is logged into the system.

Question 20

chage

Command

Answer 20

Sets user passwords to expire.

Question 21

chage

Option List

Answer 21

• -M sets the maximum number of days before the password expires.
• -W sets the number of days before the password expires that a warning message displays.
• -m sets the minimum number of days that must pass after a password has been changed before a user can change the password again.

Question 22

ulimit

Command

Answer 22

Limits computer resources used for applications launched from the shell. Limits can be hard or soft. Users can modify soft limits, but only the root user can modify hard limits.

Question 23

ulimit

Option List

Answer 23

• -c limits the size of a core dump file. The value is in blocks.
• -f limits the file size of files created using the shell session. The value is in blocks.
• -n limits the maximum number of files that can be opened.
• -t limits the amount of CPU time a process can use. This is set in seconds.
• -u limits the number of concurrent processes a user can run.
• -d limits the maximum amount of memory a process can use. The value is in kilobytes.
• -H sets a hard resource limit.
• -S sets a soft resource limit.
• -a displays current limits. The default shows soft limits.

Question 24

groupadd

Command

Answer 24

Creates a new group.

Question 25

groupadd | Option List

Answer 25

The following options override the settings found in the /etc/login.defs file: - g defines the group ID (GID). - p defines the group password. - - r creates a system group.

Question 26

groupmod | Command

Answer 26

Modifies the existing group.

Question 27

groupdel | Command

Answer 27

Modifies the system account files by deleting all entries that refer to the specified group. The named group must exist. You cannot remove the primary group of any existing user. You must remove the user before you remove the group.

Question 28

gpasswd | Command

Answer 28

Changes a group password.

Question 29

gpasswd | Option List

Answer 29

- groupname prompts for a new password. - - r removes a group password.

Question 30

newgrp | Command

Answer 30

Is used to change the current group ID during a login session. If the optional - flag is given, the user's environment will be reinitialized as though the user had logged in. Otherwise, the current environment, including the working directory, remains unchanged. You can use this when working in a directory where all the files must have the same group ownership.

Question 31

usermod | Group Option List

Answer 31

Modifies group membership for the user account. Be aware of the following options: - g assigns a user to a primary group. - G assigns a user to a secondary group (or groups). Follow the command with a comma-separated list of groups. - aG assigns a user to a secondary group (or groups) by appending the group to any group the user already belongs to. Follow the command with a comma-separated list of groups. - - G "" removes the user from all secondary group memberships. Do not include a space between the quotes.

Question 32

groups | Command

Answer 32

Display the primary and secondary group membership for the specified user account.

Question 33

chmod | Command

Answer 33

The `chmod` command is used to modify permissions. It can be used in symbolic mode or absolute mode. In symbolic mode, the command works as follows: `chmod g+w, o-xhome` In absolute mode, permissions are assigned using octal notation, where r=4, w=2, and x=1. For example, the following command has the same effect: `chmod 755home`

Question 34

Remove unnecessary software | Multiple command choices

Answer 34

Enter one of the following commands: - `yum list installed` or `dnf list installed` to see installed RPM packages on the computer. - `apt` - `apt autoremove` automatically removes unused packages - `apt list list all` installed packages - `dpkg get-selections` to see installed Debian packages on the computer. Research the function of any unrecognized package to determine if it is necessary. Use one of the following commands to uninstall unnecessary packages. `yum erase` *packagename* `dnf remove` *packagename* `apt remove` *packagename* `rpm -e` *packagename* `dpkg -r` *packagename*

Question 35

Check for unnecessary network services | Step by Step (with commands)

Answer 35

To remove unnecessary network services: - Find all installed services and determine which are not needed: DNS, SNMP, DHCP, and others. `systemctl --type=service --state=active` - Use the `man` command and the internet to research services you do not recognize. - If the service is not needed, determine if it is a dependency for another service. - Disable the service by using the following command: `systemctl disable` *servicename* - Use the following command to stop the script immediately: `systemctl stop` *servicename*

Question 36

Locate Open Ports | Step by Step (with commands)

Answer 36

To locate open ports: - Install the nmap utility if it is not already installed. `yum install nmap` `dnf install nmap` `apt -i nmap` - Use both of the following commands to scan for open ports: `nmap -sT` *ipaddress*|*fqdn* scans for TCP ports `nmap -sU` *ipaddress*|*fqdn* scans for UDP ports - Determine which services use the open ports. - Disable any unused service using the open ports information. ( Make sure the service used is not a dependency for another service .) `systemctl disable` *servicename* `systemctl stop` *servicename*

Question 37

Check Network Connections | netstat and ss options

Answer 37

Use the following `netstat` (network statistics) or `ss` (socket statistics) options to identify the open network connections on Linux systems: - `-a` lists both listening and non-listening sockets. - `-l` ( lowercase 'L' ) lists listening sockets. - `-s` displays statistics for each protocol. - `-i` displays a table of all network interfaces.

Question 38

iptables Chains | List

Answer 38

The Linux iptables firewall utility uses policy chains (sets of rules) to allow or block network traffic. When a connection is initiated to your system, iptables looks for a matching rule. If it doesn't find one, it uses the default action in the tables. Chain Types - Input This chain controls the behavior of incoming connections. For example, if a user attempts to ping the system, iptables attempts to match the IP address and port to a rule in the input chain. - Forward This chain is used for packets leaving the system. These are incoming connections that aren't delivered locally. In other words, the traffic is not destined for the router; the router forwards the traffic to the destination device. - Output This chain is used for outgoing connections. For example, if you ping testout.com, iptables check its output chain to see what the rules are regarding ping and testout.com before allowing or denying the ping request. Action Types - Accept Allows the connection. - Drop Drops the connection. For example, an IP address in a rule with a drop action pings your system; the request is dropped. No response is sent to the user. - Reject Rejects the connection but will send a response back. This lets the sender know that the traffic reached a system but was rejected.

Question 39

Sample iptables Commands

Answer 39

- List current rules `sudo iptables -L` - Clear current rules `sudo iptables -F` - Save iptables changes (Ubuntu) `sudo /sbin/iptables-save` - Drop all incoming traffic `sudo iptables -A INPUT -j DROP` - Block connections from 192.168.0.254 `sudo iptables -A INPUT -s 192.168.0.254 -j DROP` - Block SMTP mail on port 25 `sudo iptables -A OUTPUT -p tcp --dport 25 -j REJECT` - Allow SMTP mail on port 25 `sudo iptables -A INPUT -p tcp --dport 25 -m conntrack --ctstate NEW,ESTABLISHED -j ACCEPT` `sudo iptables -A OUTPUT -p tcp --sport 25 -m conntrack --ctstate ESTABLISHED -j ACCEPT` - Allow HTTP traffic on port 80 `sudo iptables -A INPUT -p tcp --dport 80 -m conntrack --ctstate NEW,ESTABLISHED -j ACCEPT` `sudo iptables -A OUTPUT -p tcp --sport 80 -m conntrack --ctstate ESTABLISHED -j ACCEPT` - Allow HTTPS traffic on port 443 `sudo iptables -A INPUT -p tcp -m multiport --dports 80,443 -m conntrack --ctstate NEW,ESTABLISHED -j ACCEPT` `sudo iptables -A OUTPUT -p tcp -m multiport --dports 80,443 -m conntrack --ctstate ESTABLISHED -j ACCEPT`