Self Test


The following questions will help you measure your understanding of the material presented in this chapter. As no multiple choice questions appear on the Red Hat exams, no multiple choice questions appear in this book. These questions exclusively test your understanding of the chapter. It is okay if you have another way of performing a task. Getting results, not memorizing trivia, is what counts on the Red Hat exams. There may be more than one answer to many of these questions.

Using tcp_wrappers to Secure Services

1. 

What happens to a service if you allow the service in /etc/hosts.allow and prohibit it in /etc/ hosts.deny?

_____________________________________________________________________

image from book

2. 

You are using the xinetd program to start services. How could you limit Telnet access to clients on the 192.168.170.0 network? Hint: The telnet daemon, when installed, is in /usr/kerberos/ sbin/telnetd.

_____________________________________________________________________

image from book

Answers

1. 

If you allow a service in /etc/hosts.allow and prohibit it in /etc/hosts.deny, the service is allowed.

2. 

You are using the xinetd program to start services. To limit Telnet access to clients on the 192.168.170.0 network, you'd allow access to the network in /etc/hosts.allow and deny it to all others in /etc/hosts.deny. As /usr/kerberos/sbin is in the root user path, you can cite telnetd directly and add the following directive to /etc/hosts.allow (remember, CIDR notation doesn't work in these files):

 telnetd : 192.168.0.170/255.255.255.0 

Then add the following to /etc/hosts.deny:

 telnetd : ALL 

Firewalls and Packet Filtering Using netfilter

3. 

You have recently connected your organization's network to the Internet, and you are a little worried because nothing other than your router is standing between your network and the Internet. You have a spare 400 MHz PC with 256MB of RAM that just happens to have two Ethernet cards. You also have a mixture of systems on your network that includes Macintosh, Windows 2000, and Linux. You also want your system to reject unwanted packets. What might you do to alleviate your concerns?

_____________________________________________________________________

_____________________________________________________________________

image from book

4. 

Consider the following command:

 # iptables -A INPUT -s 192.168.77.77 -j REJECT 

Once saved to your firewall, what effect will this have when the client with an IP of 192.168.77.77 tries to connect to your system?

_____________________________________________________________________

image from book

5. 

What command saves iptables rules?

_____________________________________________________________________

the command that saves iptables rules is iptables-save .

6. 

Where are iptables rules stored?

_____________________________________________________________________

rules associated with iptables rules are stored in /etc/sysconfig/iptables.

Answers

3. 

It's best to create a firewall using the iptables command. The standard Red Hat Security Level Configuration tool creates iptables commands that REJECT unwanted packets by default. You can now even support access to the network that can communicate natively with Microsoft and modern Macintosh systems, Samba. All you need is to allow access using the tool.

4. 

Based on the given command, any connection attempt (including pings) from the 192.168.77.77 system is rejected.

5. 

The command that saves iptables rules is iptables-save.

6. 

Rules associated with iptables rules are stored in /etc/sysconfig/iptables.

Network Address Translation

7. 

You are setting up a small office and would like to provide Internet access to a small number of users, but you don't want to pay for a dedicated IP address for each system on the network. What can you do?

_____________________________________________________________________

_____________________________________________________________________

image from book

8. 

What iptables command switch sets up masquerading?

_____________________________________________________________________

the iptables command switch that sets up masquerading is -t nat .

Answers

7. 

To set up a small office while providing Internet access to a small number of users, all you need is one dedicated IP address. The other addresses can be on a private network. Masquerading makes this possible.

8. 

The iptables command switch that sets up masquerading is -t nat.

Security Enhanced Linux

9. 

What directive activates Security Enhanced Linux in /etc/sysconfig/selinux?

_____________________________________________________________________

image from book

10. 

If you want to let SELinux allow vsFTP service for user home directories, what would you do?

_____________________________________________________________________

image from book

11. 

Where are standard SELinux boolean directives stored?

_____________________________________________________________________

standard selinux boolean directives are stored in the /selinux/booleans directory.

12. 

If you want to disable SELinux, what would you do?

_____________________________________________________________________

_____________________________________________________________________

image from book

Answers

9. 

The directive in /etc/sysconfig/selinux that activates Security Enhanced Linux is SELINUX=enabled.

10. 

If you want SELinux to allow reading of home directories via an FTP server, activate the Allow Ftp To Read/Write Files In The User Home Directories option. Alternatively, run the setsebool-P ftp_home_dir 1 command. Additional configuration is required in the vsFTP configuration file, as defined in Chapter 10.

11. 

Standard SELinux boolean directives are stored in the /selinux/booleans directory.

12. 

You can disable SELinux in a number of ways. You can do so directly in /etc/sysconfig/selinux by setting SELINUX=disabled. You can use the Security Level Configuration tool or even the SELinux Management Tool. You can even add the selinux=0 directive to the kernel configuration line in your GRUB bootloader. I can even visualize a situation where all these options are used, which would make it more difficult for an RHCE candidate to enable SELinux during an exam.



RHCE Red Hat Certified Engineer Linux Study Guide (Exam RH302)
Linux Patch Management: Keeping Linux Systems Up To Date
ISBN: 0132366754
EAN: 2147483647
Year: 2004
Pages: 227
Authors: Michael Jang

Similar book on Amazon
Linux Quick Fix Notebook
Linux Quick Fix Notebook
Self-Service Linux: Mastering the Art of Problem Determination
Self-Service Linux: Mastering the Art of Problem Determination
RHCSA/RHCE Red Hat Linux Certification Study Guide (Exams EX200 & EX300), 6th Edition (Certification Press)
RHCSA/RHCE Red Hat Linux Certification Study Guide (Exams EX200 & EX300), 6th Edition (Certification Press)
Security Strategies in Linux Platforms and Applications (Information Systems Security & Assurance)
Security Strategies in Linux Platforms and Applications (Information Systems Security & Assurance)

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net