Wade Schlueter, March 25, 2010 IT-302 - Linux Operating System, Mr. Reid HW Unit 1 due in Week 2: (Chapters 2, 3, and 11 readings, Next Class: Chapters 1 and 25) 1. What are the runlevels available in Linux and what does each runlevel do? a. There are runlevels 0 through 6. Runlevel 0 halts the entire system Runlevel 1 gets the system into Single User mode, which brings up a command line interface. Runlevel 2 brings up “Multiuser without NFS”, which is a command line interface without network file systems running. Runlevel 3 does the same thing as runlevel 2, the only difference being that it runs NFS. Runlevel 4 is user defined and runlevel 5 brings up “Multiuser with X” which uses a GUI instead of the command line interface. Runlevel 6 reboots the system. (Table pg 418) 2. What is the purpose of the /etc/inittab file? a. It “controls how the init process behaves.” This determines processes that are started upon system startup and what runlevel to use when the system starts. (Pg 418, 466) 3. What is the proper naming convention when manually setting up runlevels for new daemons? a. Scripts are located in /etc/rc.d/rc#.d (where # is the run level), and start with either a K (for kill commands) or an S (for start commands). Then each script is numbered which provides the method for how services are started, stopped, and in what order this process occurs. (Pg 418-419) 4. How do you start and stop services from that command prompt? a. /sbin/service service_name start b. /sbin/service service_name stop (Pg 419, 420) 5. What does the chkconfig command do and how can it be used in Linux? a. “The chkconfig character-based utility duplicates much of what system-config-services does: It makes it easier for a system administrator to maintain the /etc/rc.d directory hierarchy. This utility can add, removes, list startup information, and check the state of system services. It changes the configuration only—it does not change the current state of any service.” (Pg 422) 6. What does the telinit command do and how can it be used in Linux? a. “The telinit utility tells init which runlevel to enter. The telinit executable is a symbolic link to the init executable but, by convention, running telninit is preferred to running init directly.” This can be used to change the runstate of the system, if you wanted to get past a locked out machine by going into “Single User” mode which is run level 1. (Pg 423) Wade Schlueter, April 1, 2010 IT-302 - Linux Operating System, Mr. Reid HW Unit 2 due in Week 3: (Chapters 11 and 25 readings, Next Class: Chapters 14 and 18) 1. What type of control does SELinux implement? a. SELinux uses the “Principle of Least Privilege” (Page 406, 414) 2. What are the three different states of SELinux and what does each state do? a. Enforcing – Means that SELinux breaks how services are supposed to work in order to make the system more secure, unless the security policy says otherwise. b. Permissive – All SELinux polices are disabled and therefore won’t interfere with services, but warning messages are logged. c. Disabled – All SELinux polices are disabled, which means that it won’t interfere with services to make the system more secure. (Page 414) 3. What are TCP Wrappers and how are the hosts.allow and hosts.deny used to control them? a. This allows for a ability to say who can and who cannot access the system, which can be specified separately for local or remote access for the same service. b. The hosts.allow is the more restrictive of the two lists, as only the clients in the list may access the service. The hosts.deny is far more open, because only the users listed are denied. Therefore, the hosts.allow would make sense to use instead as it would be more secure for your system (and a lot less typing too). (Page 441) 4. What daemon is used to run web sites? a. Apache, or httpd, is the web server daemon used by Linux flavors to host a web site. (Page 389, 811) 5. What daemon is used to run ftp sites? a. Ftpd and vsftpd can be used to transfer files on a website. (Page 389) 6. What daemon is used to run ssh? a. The ssh (secure shell) or scp (secure copy) can be used to connect to remote systems securely. This daemon must be running in order for this to work, of course. (Page 388, 390) 7. What are the INPUT, OUTPUT, and FORWARD chains used for in iptables? a. INPUT – if a packet coming into the system is destined for the system it is entering, input helps to specify what happens under this condition based on a variety of factors (such as port, IP, etc etc) and then what the iptable should to do with the packet. b. OUTPUT – Works in the same way as INPUT, but only for outgoing packets to other systems. This controls how information leaves the system. c. FORWARD – Deteremines what to do with the packet if the packet is not destined for the system, which may be altered or filtered. (Page 790, 792, 795) 8. What is the purpose and function of a chroot jail? a. It is to prevent a file from accessing or modifying (potentially in a harmful way) files on the system. This is a good way to increase the security of the system, as it isolates the directory in such a way that it believes that it is in the root directory and therefore has no concept of other files existing on the system itself. (Page 442) Wade Schlueter, April 8, 2010 IT-302 - Linux Operating System, Mr. Reid HW Unit 3 due in Week 4: (Chapters 14 and 18, Next Class: Chapters 22 and 23) 1. What printing protocols are supported by CUPS? a. CUPS supports IPP, LPD/LPR, HTTP, SMB, and JetDirect. (Page 512) 2. What are all the different methods of configuring a CUPS server? a. Connect a printer to the computer and it will automatically install (you can configure it when the dialogue box opens), the system-config-printer command (This allows for adding, removing, and the configuration of local and/or remote printers. This can also be done through the Main menu bar, Administration, Printing.), CUPS web interface (type localhost:631 in the web browser), or the lpadmin command. (Page 513-514, 518, 524, 527) 3. What are the proper file extensions for Linux printer drivers? a. The file extension is *.ppd for PostScript Printer Definition files/drivers. (Page 526) 4. Why has SSH version 1 been replaced with version 2? a. SSHv1 has been replaced because it is vulnerable to man-in-the-middle attacks and is not compatible with SSHv2 because SSHv2 uses floating-point units. (Page 592) 5. What is in the ~/.ssh/known_hosts file and what is the file’s purpose? a. “Contains public RSA keys (by default) of hosts that the user has connected to. OpenSSH automatically adds entries each time the user connects to a new server,” quoted from “A Practical Guide to Fedora and RedHat Enterprise Linux.” b. In other words, this means that the file stores security keys in this file so that security keys are stored for future use for secure connections with that device. (Page 593-594) 6. How is the configuration file in SSH modified to give access to multiple users, such as Genghis, Mohadeeb, and Kipling? a. With the “AllowUsers” command which is separated by spaces. (Page 605) b. i.e. AllowUsers Genghis Mohadeeb Kipling Research Assignment due in Week 4: Using the ITT Tech Virtual Library, write a three-page double-spaced paper on at least three Linux security technologies. For each security technology that you discuss, explain what organization, if any, is behind it, and what reason that entity would have to be involved. Explain how each technology changes the operating system to enforce security and if the security measure can be easily bypassed. Lastly, your paper should describe the types of threats each of the technologies is designed to eliminate. Please cite your sources used from the ITT Tech Virtual Library. This assignment counts toward your research grade. Wade Schlueter, April , 2010 IT-302 - Linux Operating System, Mr. Reid HW Unit 4 due in Week 5: (Chapters 22 and 23, Next Class: Chapters 19 and 26) 1. What is the configuration file used to control the SSH daemon? a. The configuration file is in the /etc/ssh directory, and is called sshd_config. It allows for specific configuration edits of how SSH works, like allowed users, connection procedure, and various other settings.(Page 593, 605) 2. What are the different options available in OpenSSH and what does each option do? Which option(s) control the different tunnel protocols available? a. Here are only SOME of the available commands. Much more can be found online and within the textbook, as OpenSSH supports scp (secure copy) –c sets compression, -f sends ssh to the background (implies use of –n apparently), -L forwards a port on the local client to a remote system, - l user = attempts to log in as user, -n (aka null) redirects standard input to ssh to come from /dev/null, - o option = specifies option in the format used in the configuration files (page 601), -p specifies the port on the remote host the connection is to be connected to, -R forwards a port on the remote system to the local client, -t (tty) allocates a pseudo-tty to the ssh process on the remote system (which in other words, allocates use of a terminal for a specific process so stuff works as expected), -v (aka verbose) Displays debugging messages b. The following options control protocol, which in particular the X11 protocol is used for remote connection to a computer via a Graphical User Interface. -X turns on nontrusted x11 fowarding (refer to configuration file for more information about this particular command and what can be set up in that file), -x turns off X11 forwarding, -Y turns on trusted X11 forwarding (Page 599, 608, and http://www.webhostgear.com/35.html, http://www.openbsd.org/cgibin/man.cgi?query=ssh&sektion=1) 3. What is the purpose of the /etc/exports file? a. This file holds a list that controls who can access exported directories mounted by NFS. (Page 709-711) 4. How would configure the exports file to allow the service it supports to work for a specific IP address range? a. By typing the ip address and the appropriate CIDR, a address like 192.128.0.0/28 would give an ip range of 0-15.(Page 709-711, and http://www.redhat.com/docs/manuals/linux/RHL-9-Manual/refguide/s1-nfs-server-config.html) 5. How would you use the fstab to mount a directory called /crap on another server to the root of your local server? a. The fstab is divided into columns, which starts off with the device name, mounting point, file system type, options, dump-frequency (adjusts archiving schedule for the partition), and passnum (controls the order in which fsck checks the device/partition for errors at boot time). b. /crap ext3 defaults 00 c. The fstab file (in /etc/fstab) lists the directories that the system automatically starts at system startup.(Page 483, 705) 6. What does the smbpasswd command do? a. It changes the Windows NT password hashes on Samba and Windows NT servers. (Page 720, 731, 740) 7. What are the different configuration files in Samba and what does each file control? a. /etc/samba/smbusers keeps username maps in this file b. /etc/samba/smbpasswd this is where passwords are kept by default c. /etc/samba/smb.conf is the configuration file for samba (things like network information, allowed/denied hosts, log information, etc. d. /var/log/samba/%m.log is the log file for samba (Page 722-723, 725, 729-735) Research Assignment due in Week 5: In 2006, Microsoft posted a high-level summary of alleged 235 patents that were violated by Free and Open Source Software (FOSS), including the Linux Kernel, Samba, OpenOffice.org, and others. Shortly after that, MS entered into a series of three contracts with Novell, one of which was a patent agreement that basically said, “Don’t sue us and we won’t sue you.” At that time, some predicted dire consequences for FOSS. How has FOSS fared since then? What impact have these events made since then, or will they make? Has FOSS been hurt, helped, or neither? What in FOSS’s or Microsoft’s actions against FOSS has changed since then? Write a two page, double spaced summary of your finding and your conclusions. Please cite your sources used from the ITT Tech Virtual Library or the Internet. This assignment counts towards your research grade. Wade Schlueter, April 22, 2010 IT-302 - Linux Operating System, Mr. Reid HW Unit 5 due in Week 6: (Chapters 19 and 26, Next Class: Chapters 11 and 24) 1. What operating modes can be used when running an FTP client and which mode would you pick when behind a firewall? a. Passive mode (“client initiates the connection to the server (on port 20 by default)”) and active mode (“the server initiates the connection (there is no default port…)” are the modes used by the FTP client. When running behind a firewall, using passive mode works for clients and is easier to set up than active mode. (Page 614-615, 619, 620) 2. What does the listen directive in vsftpd’s configuration file do? a. It changes whether or not vsftpd runs in stand-alone mode (“yes” will use this mode so that the daemon directly) or normal mode (“no” will use this mode which is called by the xinetd daemon). (Page 624, 626-628) 3. Which transfer mode is most useful when transferring text files from Linux computers to Windows computers? a. Vsftpd can use the ASCII mode to transfer text files from Linux to Windows to change how the ends of a line are marked so it is displayed correctly. (Page 620) 4. What is virtual hosting and what is it used for? a. Virtual hosting allows a single instance of Apache to “respond to requests directed to multiple IP addresses or hostnames a though it were multiple servers.” (Page 824, 828, 844) 5. What is the purpose of the VirtualHost container in Apache? a. It holds information that Apache applies to the virtual host, such as configuration information. (Page 824 & 828. Page 844 for an example of this container) Wade Schlueter, April 29, 2010 IT-302 - Linux Operating System, Mr. Reid HW Unit 6 due in Week 7: (Chapters 11 and 24, Next Class: Chapter 20) 1. What are the different valid DHCP options? a. The default options are: subnet-mask, broadcast-address, routers, and domain-name-servers. (Pages 445-448) 2. What are the advantages of using DHCP? a. Easy to set up additional computers, facilitates IP assignment, ease of management, and conservation of limited IPv4 address space (by allowing multiple computers/devices to use the same IP address when not in use).(Pages 445) 3. Which directory does BIND store its database when it is running in Fedora’s chroot jail? a. If using the chroot jail, the BIND database is located in /var/named/chroot/var/named, otherwise BIND database is kept in /var/named. (Pages 764, 774) 4. What are the different types of DNS records and what type of information does each type hold? a. A – “IPv4 Address Maps a domain name to the IPv4 address of a host.” b. AAAA – “IPv6 Address Maps a domain name to the IPv6 address of a host.” c. CNAME – Canonical Name – “Maps an alias or nickname to a domain name.” d. MX – Mail Exchange – “Specifies a destination for mail address to the domain. MX records must always point to A (or AAAA) records.” e. NS – Nameserver – “Specifies the name of the system that provides domain server (DNS records) for the domain.” f. PTR – “Pointer Maps an IP address to a domain name and is used for reverse name resolution.” g. SOA – Start of Authority – “Designates the start of a zone.” h. TXT – “Text associates a character string with a domain.” (Page 749-752) Research Assignment due in Week 7: Find any recent article(s) about weaknesses or vulnerabilities with DNS and possible solutions on how to secure those weaknesses or vulnerabilities. This paper needs to be at least 2 double spaced pages in length and cite all references used. (Pages 744, 749, 756, 773-774, 781-782) Wade Schlueter, April 29, 2010 IT-302 - Linux Operating System, Mr. Reid HW Unit 7 due in Week 8: (Chapter 20, Next Class: Chapter 21) 1. What does the file sendmail.mc do? a. The sendmail.mc file is the configuration file for sendmail daemon. (Pages 642-643) 2. What port does the sendmail use to send mail? a. Port 25 is used for sending mail (SMTP). (Pages 641, 643) 3. What does the virtusertable file do? a. “The virtusertable file can forward inbound email address to different domains (aliases cannot do this).” (Pages 645, 651) 4. Which two protocols are provided by Dovecot? a. “Provides IMAP and POM incoming mail server daemons.” (Page 641, 659) 5. What is an MTA and what does it do? a. An MTA, or Mail Transfer Agent, would be one such as STARTTLS (Start Transport Layer Security; www.sendmail.org/~ca/email/starttls.com)(Page 644 and 1019) Wade Schlueter, May 13, 2010 IT-302 - Linux Operating System, Mr. Reid HW Unit 8 due in Week 9: (Chapter 21, Next Class: Appendix A) 1. What is the purpose and function of the /etc/nsswitch.conf a. “Whether a system uses NIS, DNS, local files, or a combination as the source of certain information, and in what order, is determined” by nsswitch.conf. (Page 668) 2. What is the database file for an NIS database called? a. The database “file” is actually a collection of maps (in the dbm format). (Pages 669, 670) 3. What is the top-level domain in an LDAP hierarchy called? a. “The DSE (DSA Specific Entry) is the root, or top-level, entry in an LDAP directory. (DSA stands for Directory System Agent.) The DSE specifies the domain name of the server and is defined in the /etc/openldap/slapd.conf file. LDAP define a domain name in terms of its component parts. The default slapd.conf file holds the following line, which defines the DSE comprising the Domain Component (DC) my-domain and the DC com:” i. “suffix “dc=my-domain,dc=com” “ (Pages 683, 682-693 for LDAP) 4. What port does LDAP use for unencrypted traffic and what port for encrypted traffic? a. LDAP listens on port 389, which is not encrypted. Port 636 is used with SSL for authentication purposes. (Page 685, Note – Firewall) 5. What is an example of a fully Distinguished Name in an LDAP database? a. “A Distinguished Name (DN) uniquely identifies each entry in an LDAP directory.” Thus, such an entry would not change (unlike how phone numbers, names, addresses can change). Something like an employee number, or a social security number. (Page 683) b. dn: “cn=Bob Smith,dc=tucson,dc=issa,dc=org” (Page 683-684) Research Due in Week 9: Using the ITT Virtual Library, write a 1 to 2 page paper on upcoming innovations in Linux, and please cite your references. Wade Schlueter, May 19, 2010 IT-302 - Linux Operating System, Mr. Reid HW Unit 9 due in Week 10: 1. What is a delimiter and what is it used for? a. “A character called a delimiter usually marks the beginning and end of a regular expression. The delimiter is always a special character for the regular expression it delimits (that is, it does not represent itself but marks the beginning and end of the expression). (Page 994) 2. What does the ^ character do when placed at the beginning of the line? a. “A regular expression that begins with a caret (^) can match a string only at the beginning of the line.” This basically means that all lines starting with the same first character in the line as the script denotes with the caret symbol, is a match when searching for a string. (Page 995, 996, 1001) 3. What set of characters are used to define a character class in a regular expression? a. Brackets are used to define a character class. (Page 995) 4. What is sed and what is it used for? a. “You can use the sed command to change all occurrences of one string to another within a file, just like the search-and-replace feature of your word processor. The sed command can also delete a range of lines from a file. Since sed is a stream editor, it takes the file given as input, and sends the output to the screen, unless you redirect output to a file. In other words, sed does not change the input file.” (Page 998, http://lowfatlinux.com/linux-sed.html) 5. What is awk and what is it used for? a. “The awk command combines the functions of grep and sed, making it one of the most powerful Unix commands. Using awk, you can substitute words from an input file's lines for words in a template or perform calculations on numbers within a file. (In case you're wondering how awk got such an offbeat name, it's derived from the surnames of the three programmers who invented it.)” (Page 999, http://lowfatlinux.com/linux-awk.html)