Linux Administration 3510

IT3510 Course Notes

Know how to encrypt a file

  • gpg -e (or --encrypt) -r recipient file_name

  • gpg -d (or --decrypt) file_name

  • gpg -c (-symmetric) file prompts for password

Know how to SCP a file to a vpn location

  • scp <file> <username>@<IP address or hostname>:<Destination>


  1. know how to … static entry for host in DNS, what file is this? same on all OS

    • /etc/resolv.conf

    • search,

  2. If you need to mount a file at startup what file do you set this up in?

    • /etc/fstab

  3. How to tell which ports are listening and which have connections

    • netstat –nat all Internet connections

    • sudo netstat -atpn all Connections currently in use

    • netstat –tulpn all listening ports

    • netstat –tue all established connections

    • more /etc/services list of services with ports

  4. How to test connectivity between machines, like for email,

    • telnet localhost 25

    • netcat localhost 25

  5. Test if port is open for each of the 3 email protocols and what are they? IMAP, POP, SMTP?

    • IMAP uses port 143, but SSL/TLS encrypted IMAPs uses port 993.

    • POP uses port 110, pop3 but SSL/TLS encrypted POP3s uses port 995.

    • SMTP uses port 25, but SSL/TLS encrypted SMTP uses port 465.

  6. Configured NFS, and Samba, in what files are the configs?

    • #vim /etc/samba/smb.conf

      • sudo mount -t cifs //ip_address/myshare /opt/CIFS -o username=samb_user,noexec

    • #vim /etc/default/nfs-common

    • sudo mount –t nfs4 ip_or_host_name:/ /opt/NFSMount

    • /etc/exports

  7. What are the couple of modules in Apache we enabled and what do they do? Modrewrite and ? How do you enable them?

    • sudo a2ensite default-ssl Enable SSL

    • sudo a2enmod rewrite Enable mod rewrite

    • or copy from /etc/apache2/mods-available to /etc/apache2/mods-enabled

  8. How to enable sites, looked at apache config, know how to change default port apache listens on

    • sudo a2ensite sitename

    • sudo a2dissite sitename

    • or create a link ln -s /etc/apache2/sites-available/conf /etc/apache2/sites-enabled/conf

  9. Understand public and private key encryption, if you want to encrypt a file and send it to someone what key (public or private) do you use? Using asymmetric cryptography

    • If you encrypt (“lock”) something with your private key, anyone can decrypt it with your public key (“unlock”), but this serves as a proof you encrypted it: it’s “digitally signed” by you.

    • Any person can encrypt a message using the receiver's public key. That encrypted message can only be decrypted with the receiver's private key

    • gpg --encrypt file_name

    • gpg --decrypt file_name

    • gpg –list-keys

    • gpg -e (or --encrypt) -r recipient file_name

  10. SNMP, Mibs and traps, what they are

    • SNMP uses MIB to provide information about a device and all associated features

    • Trap – A client will decide if something interesting happened, based on Traps, and send that information to the server

    • snmpd (the Daemon) snmp (the tools)

    • snmpwalk -c public -v1 localhost | less

  11. TCPdump and Tshark, what are the switches for: adapters, write to file, read from file, source port, destination port

    • sudo tcpdump host localhost and dst port 2049

      • -n switch can be used to prevent domain name resolution.

      • -v option will provide more verbose data, the more v’s you add, the more verbose it gets.

      • -w switch will save data to a file,

      • -r switch will read a file in

    • tshark -i eth0 -c 50 -w /var/tmp/capture.pcap not tcp port 22 and not host

    • -c is the count for how many packets to capture,

    • -w is the file to capture to and the filter statements are at the end.

  12. forward and reverse lookup zone, he will give us an IP and we should know its reverse zone lookup

    • nslookup IP-address for reverse lookup use IP to find name

    • dig -t MX Show mail record types

    • dig record types: NS - Name server, SOA - Start of Authorit, CNAME - pointer for an alias, A - Basic host record (dig will also search each server listed in /etc/resolv.conf)

  13. From HW5 sys stats packge, what package is it

    • sar

    • sudo sar -n DEV 1 1 This shows Network -n network

    • sudo sar -b 1 1 This shows Disk IO

    • sudo sar 1 1 This shows CPU -p processor

    • sudo sar -u 1 1 This shows CPU -u utilization

    • sudo sar -S 1 1 This shows Swap -S

  14. What port is used for http (80) https (443)

    • 80 http

    • 443 https

  15. NTP (Network Time Protocol) which daemon is running for it on debian, named differently the file you used to use to set which servers to use to get time but no longer used in the new one

    • timesyncd replaces ntpd and ntpdate

    • timedatectl status

    • service systemd-timesyncd

  16. stop, restart and reload a daemon service

    • sudo service apache2 restart

    • sudo service apache2 stop

    • sudo service apache2 reload

    • sudo systemctl start apache2.service

    • sudo journalctl -u apache2

  17. standard typical web has 3 servers, DB-App-Web, which is apache and which is tomcat

    • Tomcat - Java application server

    • Apache – Web server

  18. Where main bind config file is and its path

    • /etc/bind/named.conf.local

    • template for zone sudo cp /etc/bind/db.local /etc/bind/

    • sudo /etc/init.d/bind9 restart

  19. Name of bind daemon

    • bind9

    • or sudo /etc/init.d/bind9 restart

  20. Basic Bind record types

    • Record format: priority, host, points to, TTL

    • A record: for the name server

    • CNAME: Canonical or alias

    • MX record: mail exchange

    • NS record: name server

    • SPF record: Sender Policy Framework = list of email server FQDN (fully qualified Domain)

    • PTR record: reverse lookup for each A record

    • DNS records

  21. From test 1, know the commands to configure UFW (uncomplicated fireWall) to allow ports for email, 3 protocols

    • sudo ufw allow 25 (or by name nfs samba )

  22. From Advanced Networking, know the command to tcp to figure our what OS and what other stuff is at a network address/port

    • tshark -c 5 -w vartmp/jeff.pcap not tcp port 22

    • tshark -r vartmp/jeff.pcap

  23. Last question is easy

  24. Copy a file

    • scp <file> <username>@<IP address or hostname>:<Destination>

  25. RootKit hunter for linux rkhunter

  26. Services running - service –-status-all

  27. mail protocols pop3, imap, smtp

  28. change user expiration time – chage

  29. Change the apparent root directory for the running of the command – chroot

  30. Remove root from ssh daemon - Edit /etc/ssh/ssh_config add PermitRootLogin no

  31. Open Ports – nmap -O localhost

  32. list installed packages – apt listening

  33. download from command line – wget or curl

  34. Show hardward info – lshw

  35. shutdown init 0, reboot init 6

  36. NFS config - //etc/exports

  37. samba config //etc/smb/smb.conf

  38. dump network traffice – tcpdump or tshark

  39. DNS config for zone– //etc/bind/name.conf.local

  40. Commands to generate cert signing request for a signing root authority and which files it generates (there are two) and what they are for

    1. openssl req -new -newkey rsa:2048 -nodes -keyout -out

    2. .csr file is certificate request

    3. key file is private key

    4. .crt file is public certificate

    5. Organization Unit = is the first file

    6. FQDN = Fully Qualified Domain Name host name users will use

  41. What three things the browser verifies to check that the cert is valid

  42. Signed by root auth

  43. Expiration date

  44. Host name matches

  45. Edit /etc/ssh/ssh_config add PermitRootLogin no

  46. How to lock down the ssh daemon so it doesn’t have root

  47. Host equivalance SSH Keys -