Linux is an Open-Source OS based on Unix. Linux was first introduced by Linus Torvalds. The main purpose of Linux was to provide free and low-cost Operating System for users who could not afford Operating Systems like Windows or iOS or Unix.
It is freely distributable and is generally built around Linux Kernel (low-level system software that is used to manage hardware resources for users). Furthermore, it can be installed in mobiles, laptops, computers, notebooks, etc. Flavors of Linux OS include Ubuntu, Debian, SUSE Linux, Gentoo, etc.
- [Tutorial] How to Install MobSF on Kali Linux 2022.1
- How To Install Jenkins on Ubuntu Machine
- [Tutorial] How To Install Webmin in Ubuntu
- How to Install Apache Tomcat on Ubuntu Machine
- A Step-by-Step Guide to Installing the LAMP Stack on Ubuntu
- [Linux] MySQL: The Easy Way to Check Your Version
- How To Install Remmina in Ubuntu – A Remote Desktop Client
- 18 Most Frequently Used Commands in Linux
- How to Install Apache Cassandra in Ubuntu
- Mount a Remote Filesystem over SSH with SSHFS
Enhance your chances of performing well in the interviews with our set of multiple choice questions, which covers important topics on Linux to help freshers, as well as experienced candidates, ace their interviews.
Q1) What is the function of vLock?
(A) It locks some or all of the virtual consoles in your Linux computer.
(B) It locks the booting up of your computer by a user.
(C) It locks the display and requires a password.
(D) It locks the computer if the user enters incorrect passwords three times.
Answer – vlock locks some or all of the virtual consoles in your Linux computer.
Q2) The chmod 664 test.txt command is equivalent to which of the following commands?
(A) chmod u+rw g+rw o+r test.txt
(B)chmod u-rw g+rw o-r test.txt
(C) chmod u+rw g-rw o-r test.txt
(D) chmod u-rw g-rw o-r test.txt
Answer – The chmod 664 test.txt command is equivalent to chmod u+rw g+rw o+r test.txt because read is equivalent to 4 and write is equivalent to 2.
Q3) To prevent unauthorized users from rebooting your computer, you can use the __________ file, which contains a list of usernames that are authorized to reboot the computer.
(B) /bin/ shutdown.allow
(C) /etc/ allow.shutdown
Answer – /etc/shutdown.allow contains a list of user names that are authorized to reboot the computer.
Q4) __________ is a computer used to control access between an organization’s intranet and the Internet.
(A) Bastion hosts
Answer – Bastion hosts control access between an organization’s intranet and the Internet.
Q5) NIS does not share information contained in the __________ file over a network.
Answer – NIS does not share information contained in /etc/allow file over a network.
Q6) To password protect LILO using Red Hat Linux, you can use the ________ utility.
Answer – linuxconf can be used to password protect LILO.
Q7) The ____________ utility creates the shadow file if it does not exist.
Answer – The pwconv utility creates the shadow file if it does not exist.
Q8) _______ prevents anyone from booting the computer without entering the password.
Answer – POP prevents anyone from booting the computer without entering the password.
Q9) The ___________ and __________ files contain the login records for all users on your system.
Answer – The files that contain the login record for users are /var/log/utmp and /var/run/utmp.
Q10) The Red Hat installation program uses the __________ file to determine the packages that are available in the /RedHat/RPMS directory for each category of package to be installed.
Answer – The Red Hat installation program uses the /RedHat/base/comps file to determine the packages that are available in the /RedHat/RPMS directory—for each category of package to be installed.
Q11) The ______ and _______ packages form a part of the base system of Linux operating system.
Answer – The libc and termcap packages form a part of the base system of the Linux operating system.
Q12) Select the three main sections of the config file.
(A) System info
(B) RedHat packages
(C) Post-installation shell commands
(D) Pre-installation shell commands
Answer – The three main sections of the config file are system info, RedHat packages, and post-installation shell commands.
Q13) The list of packages that can be installed is available in the __________ file.
Answer – The list of packages that can be installed is available in the /RedHat/base/comps file.
Q14) During Kickstart installation, which key combinations will you use to view the system log console?
Answer – During Kickstart installation, the Alt+F4 key combination is used to view the system log console.
Q15) Which directory contains the man pages?
Answer – The /usr directory contains the man pages.
Q16) Which directory contains mount and umount utilities?
Answer – The /bin directory contains mount and umount utilities.
Q17) Which of the following is the default port for SMTP?
Answer – The default port for SMTP is 25.
Q18) Which command will generate the following outputs? procs memory swap io system cpu r b w swpd free buff cache si so bi bo in cs us sy id 0 0 0 5392 3492 15268 29108 0 0 0 1 113 18 0 0 100
Answer – The given output is obtained by executing the vmstat command.
Q19) Linuxconf main menu contains which of these options?
Answer – The options in the Linuxconf main menu are config, control, and status.
Q20) Which of the following enables you to manage user accounts?
Answer – The config menu provides you the option to manage the user accounts.
Q21) ____________ is a remote display system that enables you to view a desktop environment not only on the computer where it is running but also from a remote location.
Answer – VNC is a remote display system that enables you to view a desktop environment not only on the computer where it is running but also from a remote location
Q22) Which configuration file allows you to set logon defaults?
Answer – The logon.defs file allows you to set logon defaults.
Q23) Which of the following tasks are triggered when you run the pwconv command while the /etc/shadow file exists?
(A) Entries in the /etc/passwd file, which don’t exist in the /etc/shadow file, are added to the /etc/shadow file.
(B) Entries in /etc/shadow, which are not present in /etc/passwd, are removed from the /etc/shadow file.
(C) Entries in /etc/shadow, which are present in /etc/passwd, are removed from the /etc/passwd file.
(D) Password details for entries that exist in both the files are copied from the /etc/passwd file to the /etc/shadow file.
Answer – The tasks that are triggered when you run the pwconv command and the /etc/shadow are as follows:
- Entries in /etc/passwd, which don’t exist in the /etc/shadow file, are added to the /etc/shadow file.
- Entries in /etc/shadow, which are not present in /etc/passwd, are removed from the /etc/shadow file.
- Password details for entries that exist in both files are copied from the /etc/passwd file to the /etc/shadow file.
Q24) Select the modules supported by Linux PAM.
Answer – The modules supported by Linux-PAM are authentication, session, and password.
Q25) What is an ICMP ECHO request?
(A) A method of establishing a TCP connection.
(B) A method to transfer files from one computer to another over an IP network.
(C) A method to determine the network operational status of another computer.
(D) A method to broadcast a data packet to all the computers in a network.
Answer – ICMP ECHO request is a method to determine the network operational status of another computer.
Q26) Which of the following is the correct expansion of the acronym UDP?
(A) Universal Datagram Protocol
(B) Unreliable Data Protocol
(C) Unlimited Data Protocol
(D) User Datagram Protocol
Answer – UDP stands for User Datagram Protocol.
Q27) What is the minimum number of network interface cards that a router should have?
Answer – A router should have a minimum of two network interface cards.
Q28) A dictionary-based brute force attack targets which component of a network or computer?
(A) Bandwidth of a network
(B) Password file of a computer
(C) Memory of a computer
(D) None of the above
Answer – A dictionary-based brute force attack targets the password file of a computer.
Q29) Which of the following correctly defines a CGI script?
(A) A daemon or service that continuously runs in the background
(B) An application that connects various services running in a computer to trusted networks
(C) A hardware component that connects two different networks
(D) A script that can add dynamic functionality to Web pages
Answer – CGI is a script that can add dynamic functionality to Web pages.
Q30) Trinoo is an example of:
(A) A word-list or dictionary based attack.
(B) A SYN Flood Attack
(C) A UDP based DoS Attack
(D) A DoS attack that exploits vulnerability in the ICMP client/server transit mechanism
Answer – Trinoo is a UDP-based DoS attack.
Q31) Which of these services on the server handles a ping request from the client?
(A) Hyper Text Terminal Protocol Server
(B) File Transfer Protocol Server
(C) Post Office Protocol Server
(D) Internet Control Message Protocol Server
Answer – The ICMP service handles a ping request from a client.
Q32) Smurf attack fabricates the ICMP ECHO request so that the source IP in the packet becomes:
(A) The IP of an intermediary network
(B) The victim computer
(C) A non-existent IP address
Answer – The source IP address becomes the victim computer because all the ICMP ECHO reply packets are directed towards it. Therefore, the source receives a large number of data packets in reply to just a single broadcast ICMP ECHO request.
Q33) Which file in the current versions of Apache contains directives for controlling the specification of the documents that are provided by the server to the clients?
Answer – The httpd.conf file contains directives that control the specification of the documents provided by the server to the clients.
Q34) Which sections are present in the http.conf file?
(A) The Global Environment section
(B) The Main server configuration section
(C) The Main Hosts section
(D) The Virtual Environment section
(E) The Virtual Hosts section
Answer – The sections of http.conf file are as follows:
- The Global Environment section
- The Main server configuration section
- The Virtual Environment section
Q35) The ___________ directive is used to specify the location where the configuration, error, and log files are located.
Answer – The ServerRoot directive specifies the location of the configuration, error, and log files.
Q36) The ResourceConfig and AccessConfig directives store the path for the ____________ and ___________ files, respectively
Answer – The ResourceConfig and AccessConfig directives store the path for the srm.conf and access.conf files, respectively.
Q37) Why do you need a DNS server?
(A) It allows a computer to be recognized based on names.
(B) It allows a computer to shares files with another computer on the Internet.
(C) It allows transfer of files from one computer to another.
(D) It provides username- and password-based authentications to many computer zones single-handedly.
Answer – A DNS server is needed because it allows a computer to be recognized based on names.
Q38) Which of these services allows a Linux user to participate in a Windows network?
(A) Apache Web Server
(B) Sendmail Server
(C) ICMP Server
(D) SAMBA Server
Answer – A SAMBA server allows a Linux computer user to participate in a Windows network.
Q39) File Transfer Protocol sends all data in an encrypted format.
Answer – File Transfer Protocol doesn’t send all data in an encrypted format.
Q40) Sendmail is __________:
(A) A server that collects e-mails for every user in a Linux server.
(B) A server that is used as needed to accept e-mails in a Linux network that originated from a Windows computer.
(C) A server that broadcasts instant messages or e-mails to all users in a server who are currently connected.
(D) An implementation of a Simple Mail Transfer Protocol in Linux.
Answer – Sendmail is an implementation of a Simple Mail Transfer Protocol in Linux.
Q41) An alternate to a DNS server for Internet in Linux is ______________:
(A) Writing the names and IP addresses of every computer on the Internet in the /etc/hosts file.
(B) Writing the names of every server on the Internet in the /etc/host.allow file.
(C) Installing a SAMBA server in your Linux computer.
(D) Computers on the Internet can interact with each other as they do with a DNS server. DNS isn’t really required, but it has been added for security reasons.
Answer – An alternate to a DNS server for Internet in Linux can be writing the names and IP addresses of every computer on the Internet in the /etc/hosts file.
Q42) The SMB protocol was initially developed for _______:
(A) Windows Networks
(B) UNIX networks
(C) Linux Networks
(D) ISO Reference Model Specifications
Answer – The SMB protocol was initially developed for UNIX networks.
Q43) Which command is used to view network connections, routing tables, interface statistics, masquerade connections, and multi-cast memberships?
Answer – The nestat command is used to view network connections, routing tables, interface statistics, masquerade connections, and multi-cast memberships.
Q44) Which command is used to list the open files?
Answer – The lsof command is used to list the open files.
Q45) Which of the following components is responsible for encapsulating information of higher level protocols?
(A) SSL handshake protocol
(B) SSL record protocol
(C) SSH handshake protocol
(D) SSH record protocol
Answer – The SSL Record Protocol is responsible for encapsulating information of higher level protocols.
Q46) Select the header fields of an SSL record:
Answer – Type, version, and length are the header fields of an SSL record.
Q47) What is the command to enable or disable a module?
Answer – modprobe is the command to enable or disable a module.
Q48) Arrange the following steps involved in making changes to the kernel in the proper sequence.
(A) Build or compile the kernel.
(B) Edit the kernel.
(C) Install the kernel.
Answer – The correct sequence for making changes to the kernel is as follows:
- Edit the kernel.
- Build or compile the kernel.
- Install the kernel.
Q49) What is the command to generate the dependency files?
Answer – The command to generate the dependency files: make dep clean
Q50) Which of the following configuration options for kernel enable you to effectively make your computer a router?
Answer – The option to enable you to effectively make your computer a router is CONFIG_IP_FORWARD.
Q51) Which option enables you to configure your Linux box as a packet filter firewall for a local TCP/IP based network?
Answer – The option to enable you to configure your Linux box as a packet filter firewall for a local TCP/IP-based network is CONFIG_IP_FIREWALL.
Q52) The default log file for sendmail is
Answer – The default log file for sendmail is /var/logs/maillog.
Q53) Which of the following is true for Apache error logs?
(A) After every entry in the Apache error log, Apache is either restarted or halted.
(B) Every error reported in the error log is caused by the Apache daemon.
(C) Every entry in the Apache error log contains an error code from 200 to 503, inclusively.
(D) Apache error log cannot be rotated using logrotate.
Answer – None
Q54) State which of these statements about logrotate are true:
(A) logrotate can change the default value for log files for most daemons in Linux.
(B) logrotate can compress log files after rotating them.
(C) logrotate cannot be used with kernel logs.
(D) logrotate should not store the backup files in the boot partition of Linux.
Answer – B and D
Q55) Which of these statements are true about FTP logs?
(A) If a client accesses an FTP server using the web browser by typing ftp://ftp.sitename.com,
(B) FTP logs are not generated for these transactions.
(C) There are no FTP logs generated for anonymous FTP downloads or uploads.
(D) FTP logs can be generated by the syslogd daemon.
Answer – C
Q56) Apache access logs store events that resulted in errors, along with the error code.
Answer – Apache access logs store events that resulted in errors, along with the error code: True.
Q57) Which of the following is a client/server-based network backup tool?
Answer – A and C, Both AMANDA and rsync are client/server-based network backup tools.
Q58) Which program in AMANDA provides you with an interactive interface to browse the AMANDA index files?
Answer – B, amrecover provides you with an interactive interface to browse the AMANDA index files and allows you to choose the tape from which files will be recovered. It also can run amrestore and the system restore program, such as tar, in some cases.
Q59) Which types of backups are supported by Backup Professional?
(A) Selective backups
(B) Master backups
(C) Incremental backups
(D) All of the above
Answer – D, Backup Professional allows you to take three types of backups. A master backup archives the complete data on a specified client. An incremental backup archives data that have been modified after the last master backup was performed. A selective backup archives only the selected files. Backup Professional file recovery/verification utility is used to restore files and directories to client machines and verify previous backups.
Q1) You are a network administrator. You are performing a security check for intrusion detection on the server. One of the guidelines for the check requires you to search for unowned files that have no owner or belong to no group. Give the command to search for such files.
Answer – Root# find / -nouser -o -nogroup –print
Q2) You need to suggest to the Chief Technical Officer (CTO) of your organization how the organization should go about securing its network. Briefly describe the role and advantages of the SSH and SSL protocols that make it a feasible option for implementing network security
Answer – Secure Shell (SSH) protocol is used for securing remote access connections over IP networks. SSH protocol secures data by encrypting when it is transmitted over the network. The SSH program has made remote management of network hosts over the Internet possible.
Secure Socket Layer (SSL) protocol provides privacy and reliability between two communicating applications. The SSL protocol runs above TCP/IP and below other higher level protocols, such as TELNET, FTP, or HTTP. SSH enables data encryption, authentication of server and client, and message authentication. The benefits of using SSL include cryptographic security, reliability, interoperability, extensibility, and efficiency.
Q3) Edward, the system administrator, needs to access the Webmin through the Web browser. Which command does he need to execute? In addition, briefly discuss the following interfaces provided by Webmin:
Answer – The command to run Webmin from the Web browser is to enter the following address in the address bar: http://<computer_name>: 10000 System interface:
- The System tab manages tasks within the computer or server environment, including disk quota, NIS, PAM, syslog, adding users, managing cron, managing NFS and changing boot services, processes, and restarting the machine. Servers interface.
- The Servers tab allows you to manage servers, such as Apache, BIND, DHCP, sendmail, Squid, and so on.
Q4) List some of the tasks that can be automated by cfengine.
Answer – Some of the tasks that can be automated by using cfengine are listed here:
- Check and configure the network interface.
- Edit text files.
- Make and maintain symbolic links, including multiple links from a single command.
- Check and set the permissions and ownership of files.
- Manage junk files which clutter the system.
- Mount file systems systematically and automatically.
- Check for the presence of important files and file systems.
- Control execution of user scripts and shell commands.
Q5) Edward is unable to understand to format of an entry in the pam.conf file. Explain the format to him.
Answer – The general entry in the pam.conf file has the following format: [service-name] [module-type] [control-flag] [module-path] [arguments] The [service_name] argument specifies the service or the application associated with the given configuration entry. By using this parameter, you can select services such as ftpd, rlogind, and su. The [module_type] argument can have one of the four listed values:
The [control_flag] argument is used to specify the response of the PAM library in events of success or failure of the module with which it is associated. The keywords that you can assign are listed here:
The [module_path] argument represents the pathname of the dynamically loadable object file, which is normally the pluggable module.
The [arguments] arguments are a list of tokens that are passed to the module when it is invoked.
Q6) Briefly discuss these secret key algorithms:
DES is a method for data encryption that uses a secret key, which is extremely difficult to break, to encrypt data. DES applies a 56-bit key to each 64-bit block of data.
This method uses the private key cryptography, where both the sender and the receiver use the same private key to encrypt and decrypt data.
3DES takes three 64-bit keys to form an overall key length of 192 bits. The data is encrypted with the first key and decrypted with the second key.
This decrypted data is again encrypted with the third key. The 3DES encryption breaks the secret key into three subkeys and pads the keys, if necessary, so that they are each 64-bit long. The 3DES encryption is more secure than the DES encryption.
IDEA is a symmetric block cipher designed to facilitate both software and hardware implementation. It was developed to provide a high level of security with ease of implementation.
IDEA encrypts data in 64-bit blocks with a 128-bit key. The 64-bit data block is divided into four 16- bit sub-blocks. Each of these sub-blocks undergoes eight rounds of operations where the XOR algorithm is applied on the sub-blocks. This results in a very complex value, which is very difficult to analyze.
Q7) Discuss the PAM modules.
Answer – Linux PAM supports four types of modules:
- Authentication. This module first establishes the identity of the user by directing the applications to accept passwords or other identity details from the users. After that, the module grants permissions and group membership to the user.
- Account. This module is responsible for account management. It can be used to perform tasks, such as granting permission for files and directories based on the time and day configured, the maximum number of users allowed to log on at a time, and so on.
- Session. This module manages tasks, such as maintaining logs and other information after a session is established with a user. The session module works until the session remains active.
- Password. This module is required for updating the authentication token associated with the user.
Q8) Why is TCP a reliable protocol?
Answer – TCP uses a two-way communication system for data transfer. Whenever a data packet is sent from one computer to another, the recipient sends an acknowledgement receipt back to the sender. This method is a confirmation for the original sender that the communication was successful. This mechanism makes TCP a reliable protocol.
Q9) What is packet encapsulation?
Answer – A particular data packet can travel only in the layer that it is meant for. If an application layer packet needs to travel in an IP-based network, the application layer packet must be encapsulated inside an IP packet. Encapsulation is the process of enclosing the upper layer data packet inside a lower layer protocol’s packet header.
Q10) What is the Listen directive? Discuss the values contained by the Listen directive.
Answer – The Listen directive is used to specify the IP address on which Apache will listen to the clients. The Listen directive can contain any of these three values:
- This value indicates that Apache will listen to all IP addresses configured on the server machine.
- IP address. This value represents an IP address that is used by the server. You can specify only one IP address.
- Domain name. This value represents a fully qualified domain name, which can be specified in the BindAddress directive. This value indicates that Apache will listen only to the Internet domain name specified.
Q11) Explain the five categories of directives that can be used in .htaccess files.
Answer – The five categories of directives that can be used in .htaccess files are these:
- AuthConfig. These directives can be used to control directives that deal with Web page security, such as the AuthName, Satisfy, and Require directives.
- FileInfo. These directives control how files are processed.
- Indexes. These directives affect file listings.
- Limit. These directives are related to security. However, they usually involve involuntary controls, such as controlling access by IP address.
- Options. These directives support miscellaneous options, such as ContentDigest and XBitHack.
Q12) Edward, the system administrator, has decided to use Snort as the network intrusion detection tool in his network. Explain to him the modes in which Snort can be configured. Execute the command to display the packet data as well as the headers. Edward needs to specify the log directory as snort_log in the current directory. You also need to explain to him how to enable Network Intrusion Detection System (NIDS) and specify the snort_rules as the rules file. Help him do all these.
Answer – Snort is a network intrusion detection system used to notify an administrator of an intrusion attempt. Snort is easy to use and many command line options are available. There are three main modes in which Snort can be configured:
- Sniffer. This mode reads the packets off the network and displays them on the console. The command to display the packet data as well as the headers is as follows:/snort -vd
- Packet logger. This mode is used to log the packets to a log file. You need to specify a logging directory and Snort will automatically switch to the packet logger mode. The command to specify the directory as snort_log is as follows:. /snort –dev –l ./snort_log
- Network Intrusion Detection. This mode allows Snort to analyze network traffic for matches against a user-defined rule set and perform actions. To enable Network Intrusion Detection System (NIDS) mode, execute the following command: ./snort –dev –l ./log –h 172.17.1.0/24 –c snort_rules.conf
Q13) Stephen, the network administrator, is consulting with management in favor of using the SSH protocol in the network for security reasons. He needs to explain to them the different layers of the SSH protocol. Help him do so.
Answer – The SSH protocol consists of three layers:
- Transport Layer. This layer provides server authentication, data confidentiality, and integrity. SSH transport layer provides various services, including encryption, host authentication, and data integrity protection.
- User Authentication Layer. This layer runs over Transport layer protocol and authenticates a client to a server. SSH user authentication protocol relies on the transport layer for data integrity. It also assumes that the transport protocol has already authenticated a server machine, established an encrypted communication channel, and computed a unique session identifier for that session. It supports different authentication modes.
- Connection Layer. This layer runs over the user authentication layer. The connection layer allows opening secure channels over a single SSH connection. These channels may be used for a wide variety of services, such as transparent tunneling of existing protocols and new ones. It provides interactive login sessions, remote execution of commands, forwarded TCP/IP connections, and forwarded X11 connections.
Q14) Briefly discuss the following kernel configuration options:
Answer – The kernel configuration options are explained here:
- CONFIG_FIREWALL. This option should be set if you intend to run any firewall on your Linux computer. If the computer will be used only as a client computer, you should specify the no value.
- CONFIG_IP_FORWARD. This option effectively makes your computer a router. This option is enabled if you specify the yes value. IP forwarding is not secure if your computer is on a network because the data will be directly forwarded from one computer to another.
- CONFIG_SYN_COOKIES. This option, if enabled, allows a legitimate user to connect by using a challenge protocol known as SYN cookies. TCP/IP networking is vulnerable to an attack known as SYN flooding. SYN flooding prevents legitimate remote users from connecting to your computer during a session.
Q15) Discuss the following subdirectories of the /usr/src/linux directory.
Answer – Descriptions of some of the subdirectories of /usr/src/linux directory are given here:
- arch. This directory contains all of the architecture-specific kernel code. It has further subdirectories, one per supported architecture; for example, i386 and alpha.
- include. This directory contains most of the include files needed to build the kernel code. Like the arch directory, it has various subdirectories.
- mm. This directory contains the memory management code. In this directory, the architecture-specific memory management code is stored.
- drivers. This directory stores the device drivers. Device drivers are an interface between the operating system and the hardware devices.
- fs. This directory stores the file system code. The subdirectories within this directory represent a supported file system.
- scripts. This directory contains the scripts that are used when configuring the kernel
Q16) Write a brief description of the Apache error log.
Answer – Apache error logs are used to store all the errors that occurred during any events that were handled by Apache. These error logs contain many fields including a field that tells the level of error. The other fields stored in the error logs are date/time, the reason for the error, the name of the service that caused the error, and Apache’s response action to this error.
Q17) Write a brief description of log filtering.
Answer – Log filtering is a process that removes data from log files. Log filtering is done on three criteria, such as pattern-based matches, time-based matches, and source-based matching.
Q18) What is the difference between selective and incremental backups?
Answer – Selective backups can be a form of incremental backups. When making incremental backups, you back up the areas that have modified since the last backup. You can do this manually or automate it by using a backup tool that allows automation of incremental backups. Selective backups are backups in which you back up the selected files. Obviously, these files would be the ones that change frequently.
Q19) How can backup logs be helpful in managing backups?
Answer – Backup logs help an administrator keep track of various details regarding backups. These might involve writing the details of the contents of a tape on the tape itself, maintaining a register for the date of backup, name of the backup tape used, the file system being backed up, the type of backup performed, and so on.
Q20) Name a commercial backup tool that is a hardware device.
Answer – EssentialServer
Q21) Briefly discuss the security of Linux.
Answer – Security is ensuring the availability, integrity, and confidentiality of your systems. In Linux, chances of a security breach increase with the increase in the number of services that your server offers.
The best way to tackle this threat is to install Linux with minimum packages and then add the required services. Any services that are no longer needed should be removed from the system. Linux is very secure if it is implemented properly. The administrator should also keep track of the security updates and patches released by various Internet Linux communities.
Q22) How can I protect my system from hackers?
Answer – You can use these security measures to protect your system from hackers:
- Turn off the services not required and protect the other services by implementing TCP wrappers.
- Keep track of the latest security updates and install new security patches regularly.
- Replace unencrypted services, such as ftp and Telnet, with more secure equivalents, such as SSH and SCP.
- Always maintain backup copies of the important resources. Having backup copies helps in recovery. If possible, you also should back up all files that were created or modified by either the administrator or any user.
- Go through security manuals to read updated information about all security measures.
Q23) Why do I always fail while trying to login as root through Telnet?
Answer – Many Linux distributions don’t allow you to login as root through Telnet as an added security feature because the password will travel in a plain text format through the network. You should first login as a normal user and then use the su command to work as root. You can change this option from /etc/securetty, although it is not recommended.
Q24) Is Linux vulnerable to viruses?
Answer – Linux is to a great extent safe from viruses due to the following reasons:
- First, it is very difficult for a virus to activate itself on a Linux machine because Linux does not run programs automatically in the form of mail attachment scripts.
- In Linux, every piece of code needs permission to run. This means that the virus has to find a code in which it can insert itself and get executed. For this, the virus code needs a certain degree of privilege, which is not easy to acquire.
Q25) Why is using SSL considered safe?
Answer – Secure Socket Layer (SSL) protocol was created to provide reliable and secure transfer of data over an unreliable network. This is done by utilizing encryption and authentication features that make SSH more reliable than other protocols, unlike the Telnet protocol in which data and commands are transmitted and received in plain text.
The SSH protocol encrypts every piece of data before transmitting it and decrypts it before the data is put in use. This ensures that network traffic sniffers are unable to collect any unauthorized information during data transits.
Q26) How can I detect whether my system has been hacked?
Answer – To check whether your system has been intruded, you should search for various signs that the hacker may have left behind. Here are some common signs of intrusion:
- Failed logon attempts
- Change of password
- Sudden degradation in system performance
- Strange and unexpected entries in log file
- Missing files
- Change in file organization
Q27) I want to shut down all unused services, but how do I find out which services are already running?
Answer – You can use the ps auxw command to get a list of processes that are currently running. You also can use variations such as ps, auxf, or ps auxfw for a better output in tree format. Using netstat also is a good option for listing services. Some of the options of netstat that you can use are these:
- – a. This option lists the services listening for connection.
- – ltp. This option lists services listening to well-known ports.
Q28) Why is connecting to a computer using Telnet considered unsafe?
Answer – Telnet is a very unsafe means for communication. The data is not encrypted and any hacker listening to your connection can retrieve important information, such as password.
This is possible because all data is sent as plain text. Therefore, using a secure method like SSH is recommended. In SSH, the transfer of the data is encrypted, which makes it more secure.
Q29) My computer has been hacked. What do I do now?
Answer – After your computer has been hacked, your aim should be to minimize the damage that could be done to your system and draw a safe recovery chart. First remove your computer from the network.
This can protect the system from any further damages by the hacker. Check your log files to determine the method of attack. If your data is severely damaged, you should use the backup to replace the data with a correct copy. You also should try to find the vulnerability in your system which led to an attack. This loophole should be immediately removed in order to safeguard your systems from similar threats in future.
Q30) How can I use TCP wrappers to enhance security?
Answer – TCP wrappers are used to provide access control for services. They can be used to mention explicitly the hosts who can use a service. It controls access through two lists:
- /etc/hosts/allow. This file contains a list of users who are allowed access to the service.
- /etc/hosts/deny. This file contains a list of users who are denied access to the service. These configurations are used to accept or drop a requested connection. TCP wrapper also provides you with the additional function of writing logs for all activities that take place.
Q31) I want to test my computer for vulnerabilities. Are their any tools available for this purpose?
Answer – Plenty of tools are available for this purpose and it is considered a good practice to use these tools to check your system, both from inside and outside your network. Here’s a list of such tools:
- SATAN (System Administrator’s Tool for Analysing Networks)
- SAINT (Security Administrator’s Integrated Network Tool)
- Other tools like Nessus
Q32) Are Trojans viruses? Is my system vulnerable to them?
Answer – Trojans are different from viruses. Trojans are harmful programs that try to act like friendly and useful programs. Unlike viruses, trojans do not replicate by themselves. Their aim is to create a security loophole in your system, which can give the hacker access to it.
Q33) How does Linux manage passwords?
Answer – In Linux, passwords are not encrypted. They are hashed using hashing algorithms like MD5, etc. These hash values are unique and cannot be reverted back to the original text. When you enter your password in Linux, its hash value is generated and is compared to the hash value of the stored password. If the values match, access is given; otherwise, access is denied.
Q34) How can I make my Linux kernel more secure?
Answer – The Linux kernel can be configured in a number of ways to make it more secure. A few of these configurations are listed here:
- CONFIG_FIREWALL. This option enables a kernel-based firewall. If you use the intended host on which this configuration will be done as a client machine, this option is not needed.
- CONFIG_IP_FIREWALL. Use this option to enable kernel support for a packet filter-based firewall. This option allows you to use features such as IP masquerading, IP transparent proxying, and IP packet logging. Packet filtering is done in the network layer. Therefore, packet filtering uses only the source address, destination address, type and protocol used, and the port information in the IP packet header to decide whether to let a packet through.
- CONFIG_IP_FORWARD. This option enables IP forwarding on the host machine, thus enabling it to act as a router. If used according to the planned security architecture of a network, this option enables you to avoid the need for a hardware router. But if this is enabled on a secured network that depends on firewall security, it can become the biggest loophole in the security of the network because this host can then forward IP packets to external networks without going through the firewall.
- CONFIG_SYN_COOKIES. This option is used to protect the system from a SYN flooding attack. When enabled, the TCP/IP stack uses a SYS cookie protocol to establish connections. Although this challenge protocol is very effective against a SYS flooding attack, it can cause erroneous reporting at the client machine if the server is actually busy. SYN cookies are not enabled by default.
- CONFIG_IP_MASQUERADE. Use this to enable masquerading for TCP and UDP packets. Masquerading is basically Network Address Translation in which the firewall changes the source IP address of outgoing packets to its own address and the destination IP address of the incoming packet to the actual destination address of the internal network host. You need to enable IP forwarding in order to use this option.
Q35) Does disabling incoming or outgoing pings make my Linux more secure?
Answer – Although rejecting incoming pings doesn’t make your system invisible, it can certainly work against ping sweeps and certain denial-of-service attacks. Incoming pings can be used to flood your network or simply to detect your presence.
Outgoing pings can be exploited by certain Trojans to broadcast their presence in a host to the base. Although outgoing pings are useful in some cases, they should be disabled if not needed.
Q36) How can Identd affect security?
Answer – Identd is used to identify a user in your own network who is creating trouble in an external network. It is not of much use for a very small network. When a user initiates a TCP/IP connection to a remote host, the identd of the remote host replies to port 113, asking the identity of the initiator.
Identd at this time replies with the username of the owner of the process that initiated the connection request. If a user misuses the system to launch an attack targeted at another network, the victim can identify the defaulter and report to the system administrator of the first network. This can be very helpful in keeping the network from becoming a launch pad of attacks.
Identd should never be used as an authenticating service because anyone with root privileges or on a Windows system can tamper the Identd response. You can block access to identd by commenting out the auth line in /etc/ identd.conf or by using tcpwrappers and/or firewalling software to disable or restrict access. If you need to enable identd in order to connect to a certain server, you might want to consider allowing access to it only from that server.
If you choose to firewall the identd port, consider using a reject policy rather than a deny policy. Using deny may greatly increase the time it takes you to connect to servers that use identd.