Unit 4 - Server & Linux - cyops Flashcards
What are servers?
Servers are computers with software installed that enables them to provide services to clients across the network.
There are many types of services. Some provide external resources such as files, email messages, or web pages to clients upon request. Other services run maintenance tasks such as log management, memory management, disk scanning, and more. Each service requires separate server software. For example, the server in the figure uses file server software to provide clients with the ability to retrieve and submit files.
What protocol use the following ports?
Port 20/21
Port 22
Port 23
20/21
File Transfer Protocol (FTP)
22
Secure Shell (SSH)
23
Telnet remote login service
What protocol use the following ports?
25
53
67/68
25
Simple Mail Transfer Protocol (SMTP)
53
Domain Name System (DNS)
67/68
Dynamic Host Configuration Protocol (DHCP)
What protocol use the following ports?
69
80
110
69
Trivial File Transfer Protocol (TFTP)
80
Hypertext Transfer Protocol (HTTP)
110
Post Office Protocol version 3 (POP3)
What protocol use the following ports?
123
143
161/162
443
123
Network Time Protocol (NTP)
143
Internet Message Access Protocol (IMAP)
161/162
Simple Network Management Protocol (SNMP)
443
HTTP Secure (HTTPS)
In order that a computer can be the server for multiple services, _____ are used.
In order that a computer can be the server for multiple services, ports are used. A server is said to be “listening” on a port when it has associated itself to that port.
While the administrator can decide which port to use with any given service, many clients are configured to use a specific port by default. It is common practice to leave the service running in its default port. The table lists a few commonly used ports and their services. These are also called “well-known ports”.
What is a port said to be?
A port is a reserved network resource used by a service.
What are clients?
Clients are programs or applications designed to communicate with a specific type of server.
Client is a hardware/software combination that people use directly.
Also known as client applications, clients use a well-defined protocol to communicate with the server. Web browsers are web clients that are used to communicate with web servers through the Hyper Text Transfer Protocol (HTTP) on port 80. The File Transfer Protocol (FTP) client is software used to communicate with an FTP server. The figure shows a client uploading files to a server.
How are services managed in Linux?
In Linux, services are managed using configuration files.
Common options in configuration files are port number, location of the hosted resources, and client authorization details. When the service starts, it looks for its configuration files, loads them into memory, and adjusts itself according to the settings in the files. Configuration file modifications often require restarting the service before the changes take effect.
List some basic best practices for hardening.
The following are basic best practices for device hardening.
Ensure physical security Minimize installed packages Disable unused services Use SSH and disable the root account login over SSH Keep the system updated Disable USB auto-detection Enforce strong passwords Force periodic password changes Keep users from re-using old passwords
Name three events that are recorded in log files?
Kernel, services, and application events are all recorded in log files. It is very important for an administrator to periodically review the logs of a computer to keep it healthy. By monitoring Linux log files, an administrator gains a clear picture of the computer’s performance, security status, and any underlying issues. Log file analysis allows an administrator to guard against upcoming issues before they occur.
In Linux, log files can be categorized as?
In Linux, log files can be categorized as:
Application logs
Event logs
Service logs
System logs
What is a daemon?
A daemon is a background process that runs without the need for user interaction. For example, the System Security Services Daemon (SSSD) manages remote access and authentication for single sign-on capabilities.
/var/log/messages
/var/log/messages
This directory contains generic computer activity logs.
It is mainly used to store informational and non-critical system messages.
In Debian-based computers, /var/log/syslog directory serves the same purpose.
/var/log/boot.log
/var/log/boot.log
This file stores boot-related information and messages logged during the computer startup process.
What is the Swap File System?
Swap File System
The swap file system is used by Linux when it runs out of RAM.
Technically, it is a swap partition that does not have a specific file system, but it is relevant to the file system discussion.
When this happens, the kernel moves inactive RAM content to the swap partition on the disk.
While swap partitions (also known as swap space) can be useful to Linux computers with a limited amount of memory, they should not be considered as a primary solution.
Swap partition is stored on disk which has much lower access speeds than RAM.
What is HFS+
HFS Plus or HFS+ (Hierarchical File System Plus)
A file system used by Apple in its Macintosh computers. The Linux kernel includes a module for mounting HFS+ for read-write operations.
What is APFS?
APFS (Apple File System)
An updated file system that is used by Apple devices. It provides strong encryption and is optimized for flash and solid-state drives.
Where is the MBR located?
Master Boot Record (MBR)
Located in the first sector of a partitioned computer, the MBR stores all the information about the way in which the file system is organized.
The MBR quickly hands over control to a loading function, which loads the OS.
What is mounting?
Mounting is the term used for the process of assigning a directory to a partition. After a successful mount operation, the file system contained on the partition is accessible through the specified directory. In this context, the directory is called the mounting point for that file system. Windows users may be familiar with a similar concept; the drive letter.
The command output shows the output of the mount command issued in the Cisco CyberOPS VM.
Explain the output from ls -l command for the document space.txt
Output:
(-rwxrw-r–)
The file space.txt in has the following permissions:
The dash (-) means that this is a file. For directories, the first dash would be a “d”. The first set of characters is for user permission (rwx). The user, analyst, who owns the file can Read, Write and eXecute the file. The second set of characters is for group permissions (rw-). The group, staff, who owns the file can Read and Write to the file. The third set of characters is for any other user or group permissions (r--). Any other user or group on the computer can only Read the file.
Explain the output from “1” to the end.
[analyst@secOps ~]$ ls -l space.txt
-rwxrw-r– 1 analyst staff 253 May 20 12:49 space.txt
The second field defines the number of hard links to the file (the number 1 after the permissions). A hard link creates another file with a different name linked to the same place in the file system (called an inode). This is in contrast to a symbolic link, which is discussed on the next page.
The third and fourth field display the user (analyst) and group (staff) who own the file, respectively.
The fifth field displays the file size in bytes. The space.txt file has 253 bytes.
The sixth field displays the date and time of the last modification.
The seventh field displays the file name.
The only user that can override file permission on a Linux computer is the ____ ____.
File permissions are a fundamental part of Linux and cannot be broken. A user has only the rights to a file that the file permissions allow. The only user that can override file permission on a Linux computer is the root user. Because the root user has the power to override file permissions, the root user can write to any file. Because everything is treated as a file, the root user has full control over a Linux computer. Root access is often required before performing maintenance and administrative tasks. Because of the power of the root user, root credentials should use strong passwords and not be shared with anyone other than system administrators and other high-level users.
What are the benefits of soft links over hard links?
Although symbolic links have a single point of failure (the underlying file), symbolic links have several benefits over hard links:
Locating hard links is more difficult. Symbolic links show the location of the original file in the ls -l command, as shown in the last line of output in the previous command output (mytest.txt -> test.txt).
Hard links are limited to the file system in which they are created. Symbolic links can link to a file in another file system.
Hard links cannot link to a directory because the system itself uses hard links to define the hierarchy of the directory structure. However, symbolic links can link to directories.
