Wade Schlueter, March 25, 2010 IT-302 - Linux Operating System, Mr. Reid HW Unit 1 due in Week 2: (Chapters 2, 3, and 11 readings, Next Class: Chapters 1 and 25)

snottysurfsideΔιακομιστές

9 Δεκ 2013 (πριν από 3 χρόνια και 4 μήνες)

97 εμφανίσεις

Wade Schlueter, March 25, 2010

IT
-
302
-

Linux Operating System, Mr. Reid


HW Unit 1 due in Week 2: (Chapters 2, 3, and 11 readings
, Next Class: Chapters 1 and 25
)

1.

What are the runlevels available in Linux and what does each runlevel do?

a.

There are runlevels

0 through 6. Runlevel 0 halts the entire system Runlevel 1 gets the system
into Single User mode, which brings up a command line interface. Runlevel 2 brings up
“Multiuser without NFS”, which is a command line interface without network file systems
runnin
g. Runlevel 3 does the same thing as runlevel 2, the only difference being that it runs NFS.
Runlevel 4 is user defined

and runlevel 5 brings up “Multiuser with X” which uses a GUI instead
of the command line interface. Runlevel 6 reboots the system.
(Tabl
e pg 418)

2.

What is the purpose of the /etc/inittab file?

a.

It “controls how the init process behaves.” This determines processes that are started upon
system startup and what runlevel to use when the system starts.
(Pg 418
, 466
)

3.

What is the proper naming conv
ention when manually setting up runlevels for new daemons?

a.

Scripts are located in /etc/rc.d/rc#.d (where # is the run level), and start with either a K (for kill
commands) or an S (for start commands). Then each script is numbered which provides the
method

for how services are started, stopped, and in what order this process occurs.
(Pg 418
-
419)

4.

How do you start and stop services from that command prompt
?

a.

/sbin/service service_name start

b.

/sbin/service service_name stop


(
P
g
419,
420)

5.

What does the chkconfig

command do and how can it be used in Linux?

a.

“The chkconfig character
-
based utility duplicates much of what system
-
config
-
services does: It
makes it easier for a system administrator to maintain the /etc/rc.d directory hierarchy. This
utility can add, remo
ves, list startup information, and check the state of system services. It
changes the configuration only

it does not change the current state of any service.”
(Pg 422)

6.

What does the telinit command do and how can it be used in Linux?

a.

“The telinit utility t
ells init which runlevel to enter. The telinit executable is a symbolic link to
the init executable but, by convention, running telninit is preferred to running init directly.” This
can be used to change the runstate of the system, if you wanted to get pas
t a locked out machine
by going into “Single User” mode which is run level 1. (Pg 423
)















Wade Schlueter, April 1, 2010

IT
-
302
-

Linux Operating System, Mr. Reid

HW Unit 2 due in Week 3: (Chapters 11 and 25 readings
, Next Class: Chapters 14 and
18
)

1.

What type of control does SELinux implement?

a.

SELinux uses the “Principle of Least Privilege” (Page 406, 414)

2.

What are the three different states of SELinux and what does each state do?

a.

Enforcing


Means that SELinux breaks how services are supposed to

work in order to make the
system more secure, unless the security policy says otherwise.

b.

Permissive


All SELinux polices are disabled and therefore won’t interfere with services, but
warning messages are logged.

c.

Disabled


All SELinux polices are disabl
ed, which means that it won’t interfere with services to
make the system more secure. (Page 414)

3.

What are TCP Wrappers and how are the hosts.allow and hosts.deny used to control them?

a.

This allows for a ability to say who can and who cannot access the syste
m, which can be specified
separately for local or remote access for the same service.

b.

The hosts.allow is the more restrictive of the two lists, as only the clients in the list may access the
service. The hosts.deny is far more open, because only the users
listed are denied. Therefore, the
hosts.allow would make sense to use instead as it would be more secure for your system (and a lot
less typing too). (Page 441)

4.

What daemon is used to run web sites?

a.

Apache, or httpd, is the web server daemon used by Linux
flavors to host a web site. (Page 389, 811)

5.

What daemon is used to run ftp sites?

a.

Ftpd and vsftpd can be used to transfer files on a website. (Page 389)

6.

What daemon is used to run ssh?

a.

The ssh (secure shell) or scp (secure copy) can be used to connect to r
emote systems securely. This
daemon must be running in order for this to work, of course. (Page 388, 390)

7.

What are the INPUT, OUTPUT, and FORWARD chains used for in iptables?

a.

INPUT


if a packet coming into the system is destined for the system it is enter
ing, input helps to
specify what happens under this condition based on a variety of factors (such as port, IP, etc etc) and
then what the iptable should to do with the packet.

b.

OUTPUT


Works in the same way as INPUT, but only for outgoing packets to other
systems. This
controls how information leaves the system.

c.

FORWARD


Deteremines what to do with the packet if the packet is not destined for the system,
which may be altered or filtered. (Page 790, 792, 795)

8.

What is the purpose and function of a chroot jai
l?

a.

It is to prevent a file from accessing or modifying (potentially in a harmful way) files on the system.
This is a good way to increase the security of the system, as it isolates the directory in such a way
that it believes that it is in the root directo
ry and therefore has no concept of other files existing on
the system itself. (Page 442)







Wade Schlueter, April 8, 2010

IT
-
302
-

Linux Operating System, Mr. Reid

HW Unit 3 due in Week 4: (Chapters 14 and 18
, Next Class: Chapters 22 and 23
)

1.

What printi
ng protocols are supported by CUPS?

a.

CUPS supports IPP, LPD/LPR, HTTP, SMB, and JetDirect.
(Page 512)

2.

What are all the different methods of configuring a CUPS server?

a.

Connect a printer to the computer and it will automatically install (you can configure it
when the
dialogue box opens), the system
-
config
-
printer command (This allows for adding, removing, and
the configuration of local and/or remote printers. This can also be done through the Main menu
bar, Administration, Printing.), CUPS web interface (type
localhost:631 in the web browser), or
the lpadmin command.
(Page 513
-
514,
518,
524, 527)

3.

What are the proper file extensions for Linux printer drivers?

a.

The file extension is *.ppd for PostScript Printer Definition files/drivers.
(Page 526)

4.

Why

has SSH vers
ion 1 been replaced with version 2?

a.

SSHv1 has been replaced because it is vulnerable to man
-
in
-
the
-
middle attacks and is not
compatible with SSHv2 because SSHv2 uses floating
-
point units.
(Page 592)

5.

What is in the ~/.ssh/known_hosts file and what is the fi
le’s purpose?

a.

“Contains public RSA keys (by default) of hosts that the user has connected to. OpenSSH
automatically adds entries each time the user connects to a new server,” quoted from “A
Practical Guide to Fedora and RedHat Enterprise Linux.”

b.

In other w
ords, this means that the file stores security keys in this file so that security keys are
stored for future use for secure connections with that device.
(Page 593
-
594)

6.

How is the configuration file in SSH modified to give access to multiple users, such as

Genghis,
Mohadeeb, and Kipling?

a.

With the “AllowUsers” command which is separated by spaces. (Page 605)

b.

i.e. AllowUsers Genghis Mohadeeb Kipling



Research Assignment due in Week 4:


Using the ITT Tech Virtual Library, write a three
-
page double
-
spaced pape
r on at least three Linux
security technologies. For each security technology that you discuss, explain what organization, if any, is
behind it, and what reason that entity would have to be involved. Explain how each technology changes the
operating system

to enforce security and if the security measure can be easily bypassed. Lastly, your paper
should describe the types of threats each of the technologies is designed to eliminate. Please cite your sources
used from the ITT Tech Virtual Library. This assign
ment counts toward your research grade.












Wade Schlueter, April , 2010

IT
-
302
-

Linux Operating System, Mr. Reid

HW Unit 4 due in Week 5:

(Chapters 22 and 23
, Next Class: Chapters 19 and 26
)

1.

What is the configuration file used to control the SS
H

d
aemon?

a.

The configuration file is in the /etc/ssh directory, and is called sshd_config. It allows for specific
configuration edits of how SSH works, like allowed users, connection procedure, and various
other settings.
(Page 593, 605)

2.

What are the diffe
rent
options available in OpenSSH

and what does each option do? Which option(s)
control the different tunnel protocols available?

a.

Here are only SOME of the available commands. Much more can be found online and within the
textbook, as OpenSSH supports scp (secur
e copy)

c sets compression,
-
f sends ssh to the
background (implies use of

n apparently),
-
L forwards a port on the local client to a remote
system,
-

l user = attempts to log in as user,
-
n (aka null) redirects standard input to ssh to come
from /dev/nu
ll,
-

o option = specifies option in the format used in the configuration files (page
601),
-
p specifies the port on the remote host the c
onnection is to be connected to,
-
R forwards a
port on the remote system to the local client,
-
t (tty) allocates a pse
udo
-
tty to the ssh process on
the remote system (which in other words, allocates use of a terminal for a specific process so
stuff works as expected),
-
v (aka verbose) Displays debugging messages

b.

The following options control protocol, which in particular
the X11 protocol is used for remote
connection to a computer via a Graphical User Interface.
-
X turns on nontrusted x11 fowarding
(refer to configuration file for more information about this particular command and what can be
set up in that file),
-
x turns

off X11 forwarding,
-
Y turns on trusted X11 forwarding
(Page 599
,
608, and
http://www.webhostgear.com/35.html
,
http://www.openbsd.
org/cgi
-
bin/man.cgi?query=ssh&sektion=1
)

3.

What is the purpose of the /etc/exports file?

a.

This file holds a list that controls who can access exported directories mounted by NFS.
(Page
709
-
711)

4.

How would configure the exports file to allow the service it sup
ports to work for a specific IP address
range?

a.

By typing the ip address and the appropriate CIDR, a address like 192.128.0.0/28 would give an
ip range of 0
-
15.
(Page 709
-
711
, and
http://www.redhat.com/docs/manuals/linux/RHL
-
9
-
Manual/ref
-
guide/s1
-
nfs
-
server
-
config.html
)

5.

How would you use the fstab to mount a directory called /crap on another server to the root of your
local server?

a.

The fstab is divided in
to columns, which starts off with the device name, mounting point, file
system type, options, dump
-
frequency (adjusts archiving schedule for the partition), and pass
-
num (controls the order in which fsck checks the device/parti
ti
on for errors at boot time)
.

b.

/crap


ext3

defaults

0 0

c.

The fstab file (in /etc/fstab) lists the directories that the system automatically starts at system
startup.
(Page
483,
705)

6.

What does the smbpasswd command do?

a.

It changes the Windows NT password hashes on Samba and Windows NT ser
vers.
(Page 720,
731, 740)

7.

What are the different config
uration files in Samba and what does each file control?

a.

/etc/samba/smbusers keeps username maps in this file

b.

/etc/samba/smbpasswd this is where passwords are kept by default

c.

/etc/samba/smb.conf is th
e configuration file for samba

(thing
s like network information,
allowed/denied hosts
, log information, etc.

d.

/var/log/samba/%m.log is the log file for samba
(Page 722
-
723,
725, 729
-
735)


Research Assignment due in Week 5:


In 2006, Microsoft posted a high
-
level summary of alleged 235 patents that were violated by Free and
Open Source Software (FOSS), including the Linux Kernel, Samba, OpenOffice.org, and others. Shortly after
that, MS entered into a series of three contracts with Novell, one of which was a
patent agreement that basically
said, “Don’t sue us and we won’t sue you.”



At that time, some predicted dire cons
e
quences for FOSS. How has FOSS fared since then? What
impact have these events made since then, or will they make? Has FOSS been hurt, helpe
d, or neither? What in
FOSS’s or Microsoft’s actions against FOSS has changed since then? Write a two page, double spaced
summary of your finding and your conclusions. Please cite your sources used from the ITT Tech Virtual Library
or the Internet. This as
signment counts towards your research grade.






























Wade Schlueter, April
22
, 2010

IT
-
302
-

Linux Operating System, Mr. Reid

HW Unit 5 due in Week 6:

(Chapters 19 and 26
, Next Class: Chapters 11 and 24
)

1.

What operating modes can be use
d when running an FTP client and which mode would you pick when
behind a firewall?

a.

Passive mode (“client initiates the connection to the server (on port 20 by default)
”) and active
mode (“the server initiates the connection (there is no default port…)” are

the modes used by the
FTP client. When running behind a firewall, using passive mode works for clients and is easier to
set up than active mode.
(Page
614
-
615, 619, 620)

2.

What does the listen directive in vsftpd’s configuration file do?

a.

It changes whether
or not vsftpd runs in stand
-
alone mode (“yes” will use this mode so that the
daemon directly) or normal mode (“no” will use this mode which is called by the xinetd
daemon). (
Page 624, 626
-
628)

3.

Which transfer mode is most useful when transferring text files

from Linux computers to Windows
computers?

a.

Vsftpd can use the ASCII mode to transfer text files from Linux to Windows to change how the
ends of a line are marked so it is displayed correctly.
(Page
620
)

4.

What is virtual hosting and what is it used for?

a.

Vir
tual hosting allows a single instance of Apache to “respond to requests directed to multiple IP
addresses or hostnames a though it were multiple servers.”
(Page 824, 828, 844)

5.

What is the purpose of the VirtualHost container in Apache?

a.

It holds information

that Apache applies to the virtual host, such as configuration information.
(Page 824 & 828. Page 844 for an example of this container
)























Wade Schlueter, April 29, 2010

IT
-
302
-

Linux Operating System, Mr. Reid

HW Unit 6 due in Week 7:

(Chapters 11 and 24
, Next Class: Chapter 20
)

1.

What are the different valid DHCP options?

a.

The default options are: subnet
-
mask, broadcast
-
address, routers, and domain
-
name
-
servers.
(Pages 445
-
448)

2.

What are the advantages of using DHCP?

a.

Easy to set up additi
onal computers, facilitates IP assignment, ease of management, and
conservation of limited IPv4 address space (by allowing multiple computers/devices to use the
same IP address when not in use).
(Pages
445
)

3.

Which directory does BIND store its database when
it is running in Fedora’s chroot jail?

a.

If using the chroot jail, the BIND database is located in /var/named/chroot/var/named, otherwise
BIND database is kept in /var/named.
(Pages 764, 774)

4.

What are the different types of DNS records and what type of infor
mation does each type hold?

a.

A



“IPv4 Address Maps a domain name to the IPv4 address of a host.”

b.

AAAA



“IPv6 Address Maps a domain name to the IPv6 address of a host.”

c.

CNAME



Canonical Name


“Maps an alias or nickname to a domain name.”

d.

MX



Mail Exchan
ge


“Specifies a destination for mail address to the domain. MX records
must always point to A (or AAAA) records.”

e.

NS



Nameserver


“Specifies the name of the system that provides domain server (DNS
records) for the domain.”

f.

PTR



“Pointer Maps an IP add
ress to a domain name and is used for reverse name resolution.”

g.

SOA


Start of Authority



Designates the start of a zone
.”

h.

TXT


“Text associates a character string with a domain.”
(Page 749
-
752
)


Research Assignment due in Week 7:


Find any recent artic
le(s) about weaknesses or vulnerabilities with DNS and possible solutions on how
to secure those weaknesses or vulnerabilities. This paper needs to be at least 2 double spaced pages in length
and cite all references used.

(Pages 744, 749, 756, 773
-
774, 781
-
782)
















Wade Schlueter, April 29, 2010

IT
-
302
-

Linux Operating System, Mr. Reid

HW Unit 7 due in Week 8:

(Chapter 20
, Next Class: Chapter
21
)

1.

What does the file sendmail
.mc do?

a.

The sendmail.mc file is the
configuration file for sendmail daemo
n.
(Pages 642
-
643)

2.

What port do
e
s the sendmail use to send mail?

a.

Port 25 is used for sending mail (SMTP).
(Pages 641, 643)

3.

What does the virtusertable file do?

a.

“The virtusertable file can forward inbound email address to different domains (aliases cannot d
o
this).”
(Pages 645, 651)

4.

Which two protocols are provided by Dovecot?

a.

“Provides IMAP and POM incoming mail server daemons.”
(Page
641,
659)

5.

What is an MTA and what does it do?

a.

An MTA, or Mail Transfer Agent, would be one such as STARTTLS (Start Transport

Layer
Security; www.sendmail.org/~ca/email/starttls.com)
(Page 644 and 1019)































Wade Schlueter,
May 13,

2010

IT
-
302
-

Linux Operating System, Mr. Reid

HW Unit 8 due in Week 9: (Chapter 21, Next Class:
Appendix A
)

1.

What is the purp
ose and function of the /etc/nsswitch.conf

a.

“Whether a system uses NIS, DNS, local files, or a combination as the source of certain
information, and in what order, is determined” by nsswitch.conf.
(Page 668)

2.

What is the database file for an NIS database cal
led?

a.

The database “file” is actually a collection of maps (in the dbm format).
(Pages 669,

670
)

3.

What is the top
-
level domain in an LDAP hierarchy called?

a.

“The DSE (DSA Specific Entry) is the root, or top
-
level, entry in an LDAP directory. (DSA
stand
s for
Directory System Agent.) The DSE specifies the domain name of the server and is
defined in the /etc/openldap/slapd.conf file. LDAP define a domain name in terms of its
component parts. The default slapd.conf file holds the following line, which defines the

DSE
comprising the Domain Component (DC) my
-
domain and the DC com:”

i.

“suffix


“dc=my
-
domain,dc=com” “
(Pages 683, 682
-
693 for LDAP)

4.

What port does LDAP use for unencrypted traffic and what port for encrypted traffic?

a.


LDAP listens on port 389, which is not

encrypted. Port 636 is
used with SSL for authentication
purposes.

(Page 685, Note


Firewall)

5.

What is an example of a fully Distinguished Name in an LDAP database?

a.

“A Distinguished Name (DN) uniquely identifies each entry in an LDAP directory.” Thus, such

an entry would not change (unlike how phone numbers, names, addresses can change).
Something like an employee number, or a social security number.
(Page 683)

b.

dn:


cn=
Bob S
mith,dc=tucson,dc=issa,
dc=org”

(Page 683
-
684)


Research Due in Week 9:


Using the IT
T Virtual Library, write a 1 to 2 page paper on upcoming innovations in Linux, and please
cite your references.



















Wade Schlueter, May 19, 2010

IT
-
302
-

Linux Operating System, Mr. Reid

HW Unit 9 due in Week 10:

1.

What is a delimiter and what
is it used for?

a.

“A character called a delimiter usually marks the beginning and end of a regular expression. The
delimiter is always a special character for the regular expression it delimits (that is, it does not
represent itself but marks the beginning a
nd end of the expression).
(Page 994)

2.

What does the ^ character do when placed at the beginning of the line?

a.

“A regular expression that begins with a caret (^) can match a string only at the beginning of the
line.” This basically means that all lines start
ing with the same first character in the line as the
script denotes with the caret symbol, is a match when searching for a string.
(Page 995, 996,
1001)

3.

What set of characters are used to define a character class in a regular expression?

a.

Brackets are used
to define a character class. (Page 995
)

4.

What is sed and what is it used for?

a.

“You can use the

sed

command to change all occurrences of one string to another within a file,
just like the search
-
and
-
replace feature of your word processor. The

sed

command can

also
delete a range of lines from a file. Since

sed

is a stream editor, it takes the file given as input, and
sends the output to the screen, unless you redirect output to a file. In other words,

sed

does not
change the input file.”

(Page 998
, http://lowf
atlinux.com/linux
-
sed.html
)

5.

What is awk and what is it used for?

a.

“The

awk

command combines the functions of

grep

and

sed, making it one of the most powerful
Unix commands. Using awk, you can substitute words from an input file's lines for words in a
templa
te or perform calculations on numbers within a file. (In case you're wondering
how

awk

got such an offbeat name, it's derived from the surnames of the three programmers who
invented it.)”
(Page 999
,
http://lowfatlinux.com/linux
-
awk.html
)