Question 1mediummultiple choice
Read the full System Security explanation →LPIC-2 System Security • Complete Question Bank
Complete LPIC-2 System Security question bank — all 0 questions with answers and detailed explanations.
Refer to the exhibit. # cat /etc/ssh/sshd_config | grep -v '^#' | grep -v '^$' Port 22 Protocol 2 PermitRootLogin no PubkeyAuthentication yes PasswordAuthentication no ChallengeResponseAuthentication no UsePAM yes AllowUsers alice bob DenyUsers charlie
Refer to the exhibit. # getfacl /var/www/html/index.html # file: var/www/html/index.html # owner: root # group: www-data user::rw- user:www-data:r-- group::r-- mask::r-- other::---
Refer to the exhibit. ``` # auditctl -l -a always,exit -F arch=b64 -S openat -F success=0 -F key=access_denied -a always,exit -F arch=b64 -S connect -F key=outbound_connect -w /etc/shadow -p wa -k shadow_changes -w /etc/ssh/sshd_config -p wa -k sshd_config_change ```
Drag steps to the numbered slots on the right, or tap a step then tap a slot.
Drag a concept onto its matching description — or click a concept then click the description.
Manages a daemon or process
Manages IPC or network socket
Triggers activation based on time events
Controls filesystem mount points
Groups units to define system states
Refer to the exhibit. ``` # /etc/sudoers Defaults:user !requiretty user ALL=(root) NOPASSWD: /usr/bin/apt-get update user ALL=(root) /usr/bin/apt-get upgrade ```
Refer to the exhibit. ``` /var/log/auth.log Mar 10 08:12:15 server sshd[1234]: Failed password for root from 192.168.1.10 port 45678 ssh2 Mar 10 08:12:17 server sshd[1235]: Failed password for root from 192.168.1.10 port 45679 ssh2 Mar 10 08:12:19 server sshd[1236]: Failed password for root from 192.168.1.10 port 45680 ssh2 ... (repeated entries) ```
# /etc/pam.d/sshd auth required pam_securetty.so auth required pam_unix.so nullok auth required pam_nologin.so account required pam_unix.so password required pam_unix.so session required pam_unix.so
# aide.conf excerpt /etc/passwd p+i+u+g+s+m+c+sha512 /etc/shadow p+i+u+g+s+m+c+sha512 /etc/group p+i+u+g+s+m+c+sha512 /etc/sudoers p+i+u+g+s+m+c+sha512 /var/log p+sha512
Refer to the exhibit. Output of `sudo -l`: User root may run the following commands on this host: (ALL) ALL User alice may run the following commands on this host: (root) /bin/systemctl restart httpd, (root) /sbin/reboot User bob may run the following commands on this host: (root) PASSWD: /bin/systemctl restart httpd, (ALL) ALL User charlie may run the following commands on this host: (root) NOPASSWD: /usr/bin/tail /var/log/messages
Refer to the exhibit. # sudoers file User_Alias ADMINS = alice, bob Cmnd_Alias SOFTWARE = /usr/bin/apt-get, /usr/bin/dpkg ADMINS ALL = SOFTWARE