O'Reilly logo

CompTIA® Linux+ Certification, Powered by LPI, Student Manual by Axzo Press

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

1332 CompTIA Linux+ Certification, Powered by LPI
Unit summary: Security
Topic A In this topic, you learned that Linux provides various commands that you can use to
manage users on your system. You learned how to block logins for all non-root users
and for specific users. You learned how to list open files associated with a user,
process, device, and so forth. You limited resources available to a user with the ulimit
command. Finally, you examined the security options made available by the Pluggable
Authentication Module (PAM) subsystem.
Topic B In this topic, you learned that the Linux kernel includes IP routing support. You
learned about routing tables and how to modify them to configure a computer as a
router. You also learned about iptables network filtering, which enables you to
configure your computer to operate as a firewall. You learned how to scan for services
and ports on your system using netstat and nmap. And, you learned various ways to
disable unneeded services. Finally, you learned about third-party network security
tools.
Review questions
1 What is the difference between the last and lastb commands?
The last command displays a list of the last successfully logged-on users. The lastb command
displays a list of the last failed logon attempts.
2 True or false? The lock command is the standard command on all Linux
distributions for locking your screen when you are idle.
False. The true command is the gnome screensaver command --lock. Your system might have an
alias for that command named lock.
3 What file do you create to prevent all non-root users from logging in to a system?
/etc/nologin
4 Which command do you use to list the files opened by a user, process, or daemon?
A lsof.
B lsopen.
C openfiles.
D of.
5 What is the purpose of the ulimit command?
To limit the resources that a user may consume, such as the maximum number of processes he
or she may start.
6 You configure PAM (Pluggable Authentication Module) preferences by editing the
____ file.
/etc/pam.conf
7 What is a default gateway?
The primary router for your network segment.
8 IP forwarding is the same as __________.
routing
Security 1333
9 To enable routing on your computer, edit the __________ file to contain a 1 (the
digit).
/proc/sys/net/ipv4/ip_forward
10 True or false? The traceroute command sends a diagnostic packet to a remote host
and gathers and reports on the responses it receives.
True. It does so to create a map of the route the packet followed from your host to the destination
host.
11 True or false? The default iptables chains are INPUT, OUTPUT, and ACCEPT.
False. The default chains are INPUT, OUTPUT, and FORWARD.
12 What is the difference between the REJECT and DROP rule?
REJECT blocks the packet and sends a packet back to the sending host. DROP simply blocks
the packet.
13 True or false? You can find open ports by using the netstat command.
True
14 What is the most basic form of the nmap command that you can use to scan the
ports available on a host named corpserver?
nmap corpserver
15 List at least three types of third-party network security tools you might use.
Protocol analyzers, port scanners, network mappers, password crackers, vulnerability scanners,
and intrusion detection systems are the types described in this unit.
Independent practice activity
1 Partner with another student in class (or use a second computer to key both roles in
this exercise). Share your computer’s IP address with your partner.
2 Create an iptables netfilter rule that drops all traffic from your partner.
3 Attempt to ping your partner’s computer. He or she will do the same to yours.
4 Modify the rule to reject rather than drop traffic.
5 Attempt to ping your partner’s computer. He or she will do the same to yours.
6 Restore the default rules that permit all traffic.
1334 CompTIA Linux+ Certification, Powered by LPI

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required