by Anil Jalela | Oct 17, 2022 | Linux
Q001:-How do you execute a UNIX command in the background?
Script &, screen |
Q002:-Explain iostat, vmstat and netstat.
Iostat :- Report CPU statistics, and input/output statistics for devices and partitions.
VMSTAT:- vmstat reports information about processes, memory, paging, block IO, traps, and CPU activity.
NETSTAT:- netstat displays a list of open sockets. |
| Q003:-Explain soft(symbolic)/hard link and difference.
A soft link is a pointer to something else in the file hierarchy. Thus it matters where on the visibly exposed hierarchy a file resides. This is why they can point to things on different filesystems, as long as they are mounted in a consistent spot.
Ex: ext2 partition mounted /mnt/a, reiserfs partition mounted /mnt/b, symlink /mnt/a/mylink -> /mnt/b/my_real_file
If b were unmounted, this link goes away. if a were mounted again as b, the association would also not work. this isn’t magic. There is time spent handling this redirection, that you don’t have with hard links. Accessing a symlink makes it need to find the symlink, realize it’s a symlink, then go to the actual file.
Hard link: different inodes representing the same physical location on the disk. Obviously can’t go outside of its partition boundaries (and be legal). Thus /file1 and /file2 are hard linked to the same physical location on the disk. There is no redirection here as there is with symlinks.
different
A hard link cannot span file systems.
A soft link can point to files anywhere on the network.
All hard links share the same inode number.
Each soft link has a unique inode number.
If you delete the source hard link file you can still access the other one. However, with a soft link, if you delete the source link, you cannot access the other one.
With a soft link, you can create a symbolic link to a file that does not exist yet. You cannot create a hard link unless the source file already exists. |
| Q004:-what is Kernel parameters?
Kernal parameters are nothing but all the parameters in
/etc/sysctl.conf here we can edit according to our requirements. |
| Q005:-How to check many CPUs have been used in your machine?
to check the how many CPUs are in the machine just type this
command #psrinfo to check the CPU spec
#psrinfo –v |
| Q006:-what is a daemon?
A process that runs in the background and performs a specified operation at predefined times or in response to certain events. |
| Q007:-I want to change the run level but the Users shall not be disturbed. how?
Init (run level)
systemctl list-units –type=target
systemctl isolate multi-user.target
| Sysvinit Runlevel |
Systemd Target |
Function |
| 0 |
runlevel0.target, poweroff.target |
System halt/shutdown |
| 1,single,s |
System halt/shutdown |
Single-user mode |
| 2,4 |
runlevel2.target, runlevel4.target, multi-user.target |
User-defined/Site-specific runlevels. By default, identical to 3. |
| 3 |
runlevel3.target, multi-user.target |
Multi-user, non-graphical mode, text console only |
| 5 |
runlevel5.target, graphical.target |
Multi-user, graphical mode |
| 6 |
runlevel6.target, reboot.target |
Reboot |
| emergency |
emergency.target |
Emergency mode |
|
| Q007:-Disk have 5GB disk utilization even though files are unable to create, why?
(1)ACL
(2)inod
(3)over quata |
Q008:-sar command o/p?
using sar we can see cpu user system iowait steal idl process statistics in other word sar Collect report or save system activity information.
sar -bBcdqrRuvwWy -I SUM -I XALL -n ALL -P ALL CPU %user %nice %system %iowait %steal %idl
| 1 |
CPU usage: |
a. To get current CPU usage
# sar 2 10
# sar -p 2 10
# sar -P ALL 2 10b. To get the CPU usage for the previous date, consider 14th:
# sar -P ALL -f /var/log/sa/sa14c. To get the CPU usage for the 10th of the month, from 7 AM to 3 PM (i.e. specifying the time):
# sar -P ALL -f /var/log/sa/sa10 -s 07:00:00 -e 15:00:00 |
| 2 |
Memory usage: |
a. To get current memory usage:
# sar -r 2 10b. To get the memory usage for the previous date, consider 14th:
# sar -r -f /var/log/sa/sa14c. To get the memory usage for the 10th of the month, from 7 AM to 3 PM (i.e. specifying the time):
# sar -r -f /var/log/sa/sa10 -s 07:00:00 -e 15:00:00 |
|
Swap usage: |
a. To get current swap usage:
# sar -S 2 10b. To get swap usage for the previous date, consider 14th:
# sar -S -f /var/log/sa/sa14c. To get swap usage for the 10th of the month, from 7 AM to 3 PM:
# sar -S -f /var/log/sa/sa10 -s 07:00:00 -e 15:00:00 |
|
Load Average: |
a. To get current load average stats:
# sar -q 2 10b. To get load average stats for the previous date, consider 14th:
# sar -q -f /var/log/sa/sa14c. To get load average stats for the 10th of the month, from 7 AM to 3 PM:
# sar -q -f /var/log/sa/sa10 -s 07:00:00 -e 15:00:00 |
|
Paging usage: |
a. To get current paging usage:
# sar -B 2 10b. To get paging usage for the previous date, consider 14th:
# sar -B -f /var/log/sa/sa14c. To get paging usage for the 10th of the month, from 7 AM to 3 PM:
# sar -B -f /var/log/sa/sa10 -s 07:00:00 -e 15:00:00 |
|
IO usage: |
a. To get current IO usage:
# sar -b 2 10b. To get IO usage for the previous date, consider 14th:
# sar -b -f /var/log/sa/sa14c. To get IO usage for the 10th of the month, from 7 AM to 3 PM:
# sar -b -f /var/log/sa/sa10 -s 07:00:00 -e 15:00:00 |
|
Disk IO usage: |
a. To get current disk IO usage:
# sar -d -p 2 10b. To get disk IO usage for the previous date, consider 14th:
# sar -d -p -f /var/log/sa/sa14c. To get disk IO usage for the 10th of the month, from 7 AM to 3 PM:
# sar -d -p -f /var/log/sa/sa10 -s 07:00:00 -e 15:00:00 |
|
Networking stats: |
a. To get current network device stats:
# sar -n DEV 2 10b. To get network device stats for the previous date, consider 14th:
# sar -n DEV -f /var/log/sa/sa14c. To get network device stats for the 10th of the month, from 7 AM to 3 PM:
# sar -n DEV -f /var/log/sa/sa10 -s 07:00:00 -e 15:00:00 |
|
Power Management Stats: |
a. To get current power management usage:
# sar -m 2 10b. To get power management used for the previous date, consider 14th:
# sar -m -f /var/log/sa/sa14c. To get power management used for the 10th of the month, from 7 AM to 3 PM:
# sar -m ALL -f /var/log/sa/sa10 -s 07:00:00 -e 15:00:00 |
|
Memory Stats (Page activities): |
a. To get current memory stats:
# sar -R 2 10b. To get memory stats for the previous date, consider 14th:
# sar -R -f /var/log/sa/sa14c. To get memory stats for the 10th of the month, from 7 AM to 3 PM:
# sar -R ALL -f /var/log/sa/sa10 -s 07:00:00 -e 15:00:00 |
|
|
by Anil Jalela | Oct 2, 2022 | Linux
Create a CSR certificate for your domain name with help with OpenSSL.
[root@server2 ~]# mkdir /etc/httpd/conf/ssl/csr/www.nitwings.com/ -p
You have new mail in /var/spool/mail/root
[root@server2 ~]# /usr/bin/openssl genrsa 2048 > /etc/httpd/conf/ssl/csr/www.nitwings.com/www.nitwings.com.key
Generating RSA private key, 2048 bit long modulus
……………………………………………………………………+++
…………………+++
e is 65537 (0x10001)
[root@server2 ~]# chmod go-rwx /etc/httpd/conf/ssl/csr/www.nitwings.com/www.nitwings.com.key
[root@server2 ~]# openssl req -new -key /etc/httpd/conf/ssl/csr/www.nitwings.com/www.nitwings.com.key > /etc/httpd/conf/ssl/csr/www.nitwings.com/www.nitwings.com.csr
You are about to be asked to enter information that will be incorporated into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter ‘.’, the field will be left blank.
—–
Country Name (2 letter code) [XX]:IN
State or Province Name (full name) []:Maharashtra
Locality Name (eg, city) [Default City]:Mumbai
Organization Name (eg, company) [Default Company Ltd]:Nitwings Pvt.Ltd
Organizational Unit Name (eg, section) []:SDU
Common Name (eg, your name or your server’s hostname) []:www.nitwings.com
Email Address []:[email protected]
Please enter the following ‘extra’ attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
You have mail in /var/spool/mail/root
[root@server2 ~]#cat /etc/httpd/conf/ssl/csr/www.nitwings.com/www.nitwings.com.csr
submit CSR to SSL provider.
by Anil Jalela | Sep 29, 2022 | Linux
SFC is a Generic shell script compiler. We can use SFC binary to encrypt the shell script. Using SFC you can set the expiry date of your shell script.
yum install shc
shc [ -e date ] [ -m addr ] [ -i iopt ] [ -x cmnd ] [ -l lopt ] [ -o outfile ] [ -ABCDhUHvSr ] -f script
encrypt the blackpost.sh
shc -f blackpost.sh
blackpost.sh is the original unencrypted shell script
blackpost.sh.x is the encrypted shell script in binary format
blackpost.sh.x.c is the C source code of the blackpost.sh file.
This C source code is compiled to create the above encrypted blackpost.sh.x file.
The whole logic behind the shc is to convert the blackpost.sh shell script to blackpost.sh.x.c C program (and of course compile that to generate the blackpost.sh.x executable
Expiration Date for Shell Script:-
shc -e 11/11/2022 -m “call to aniljalela” -f blackpost.sh
Redistributable Encrypted Shell Scripts:-
-r will relax security to create a redistributable binary that executes on other systems that runs the same operating system as the one on which it was compiled.
-v is for verbose
shc -v -r -f blackpost.sh
by Anil Jalela | Sep 29, 2022 | Linux
There are many use cases of proxy servers. It can range from individual Internet access to restricting organizational systems/servers from accessing the outside world or limiting external Internet access to a set of servers on the cloud.
The best way to configure a proxy server is by using Squid Proxy. It is a widely used proxy server.
The concept of a proxy server offers a surprisingly large number of benefits:
Control Internet access in corporate networks
Bandwidth savings for large networks
Improved speed
Privacy
Security
Bypass censorship
yum -y install squid
htpasswd -bc /etc/squid/squid_passwd squidadmin your-password
cp /etc/squid/squid.conf /etc/squid/org_squid.conf
echo ”
auth_param basic program /usr/lib64/squid/basic_ncsa_auth /etc/squid/squid_passwd
acl ncsa_users proxy_auth REQUIRED
http_access allow ncsa_users
acl manager proto cache_object
acl localhost src 127.0.0.1/32
acl to_localhost dst 127.0.0.0/8 0.0.0.0/32
acl SSL_ports port 443
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT
http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access deny all
http_port 3128
hierarchy_stoplist cgi-bin ?
coredump_dir /var/spool/squid
cache deny all
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
refresh_pattern . 0 20% 4320
icp_port 3130
forwarded_for off
request_header_access Allow allow all
request_header_access Authorization allow all
request_header_access Proxy-Authorization allow all
request_header_access Proxy-Authenticate allow all
request_header_access Cache-Control allow all
request_header_access Content-Encoding allow all
request_header_access Content-Length allow all
request_header_access Content-Type allow all
request_header_access Date allow all
request_header_access Expires allow all
request_header_access Host allow all
request_header_access If-Modified-Since allow all
request_header_access Last-Modified allow all
request_header_access Location allow all
request_header_access Pragma allow all
request_header_access Accept allow all
request_header_access Accept-Charset allow all
request_header_access Accept-Encoding allow all
request_header_access Accept-Language allow all
request_header_access Content-Language allow all
request_header_access Mime-Version allow all
request_header_access Retry-After allow all
request_header_access Title allow all
request_header_access Connection allow all
request_header_access Proxy-Connection allow all
request_header_access User-Agent allow all
request_header_access Cookie allow all
request_header_access All deny all
visible_hostname nitwings.com
” > squid.conf
sudo systemctl start squid
sudo systemctl enable squid
by Anil Jalela | Sep 29, 2022 | Linux
IT security professionals with the right skills are in high demand. In 2015, the unemployment rate for information security managers averaged 0.9%, which is as close to full employment as you can get. However, one of the things hiring managers still complain about is a lack of skilled IT professionals, as evidenced by the frustration CISOs and others express after interviewing candidates.
Below is a list of interview questions categorized by different cybersecurity job roles intended to reveal a candidate’s strengths and most glaring weaknesses. Categories include:
• General IT Security Administration
• Network Security
• Application Security
• Security Architect
• Risk Management
• Security Audit, Testing and Incident Response
• Cryptography
The questions evaluate a broad range of candidate’s technical skills, understanding of cybersecurity terminology and technology as well as their ability to think and solve problems.
1. What is information security and how is it achieved?
2. What are the core principles of information security?
3. What is non–repudiation (as it applies to IT security)?
4. What is the relationship between information security and data availability?
5. What is a security policy and why do we need one?
6. What is the difference between logical and physical security? Can you give an example of
both?
7. What’s an acceptable level of risk?
8. What are the most common types of attacks that threaten enterprise data security?
9. What is the difference between a threat and a vulnerability?
10. Can you give me an example of common security vulnerabilities?
11. Are you familiar with any security management frameworks such as ISO/IEC 27002?
12. What is a security control?
13. What are the different types of security control?
14. Can you describe the information lifecycle? How do you ensure information security at each phase?
15. What is Information Security Governance?
16. What are your professional values? Why are professional ethics important in the information security field?
17. Are open–source projects more or less secure than proprietary ones?
18. Who do you look up to within the field of Information Security? Why?
19. Where do you get your security news from?
20. What’s the difference between symmetric and public–key cryptography?
21. What kind of network do you have at home?
22. What are the advantages offered by bug bounty programs over normal testing practices?
23. What are your first three steps when securing a Linux server?
24. What are your first three steps when securing a Windows server?
25. Who’s more dangerous to an organization, insiders or outsiders?
26. Why is DNS monitoring important?
27. How would traceroute help you find out where a breakdown in communication is?
28. Why would you want to use SSH from a Windows PC?
29. How would you find out what a POST code means?
30. What is the difference between a black hat and a white hat?
31. What do you think of social networking sites such as Facebook and LinkedIn?
32. Why are internal threats often more successful than external threats?
33. Why is deleted data not truly gone when you delete it?
34. What is the Chain of Custody?
35. How would you permanently remove the threat of data falling into the wrong hands?
36. What is exfiltration?
37. How do you protect your home wireless access point?
38. If you were going to break into a database–based website, how would you do it?
39. What is the CIA triangle?
40. What is the difference between information protection and information assurance?
41. How would you lock down a mobile device?
42. What is the difference between closed–source and open–source? Which is better?
43. What is your opinion on hacktivist groups such as Anonymous?
Network security
44. What port does ping work over?
45. Do you prefer filtered ports or closed ports on your firewall?
46. How exactly does traceroute/tracert work at the protocol level?
47. What are Linux’s strengths and weaknesses vs. Windows?
48. What is a firewall? And provide an example of how a firewall can be bypassed by an outsider to
access the corporate network.
49. Besides firewalls, what other devices are used to enforce network boundaries?
50. What is the role of network boundaries in information security?
51. What does an intrusion detection system do? How does it do it?
52. What is a honeypot? What type of attack does it defend against?
53. What technologies and approaches are used to secure information and services deployed on cloud computing infrastructure?
54. What information security challenges are faced in a cloud computing environment?
55. Can you give me an overview of IP multicast?
56. How many bits do you need for a subnet size?
57. What is packet filtering?
58. Can you explain the difference between a packet filtering firewall and an application layer firewall?
59. What are the layers of the OSI model?
60. How would you login to Active Directory from a Linux or Mac box?
61. What is an easy way to configure a network to allow only a single computer to login on a
particular jack?
62. What are the three ways to authenticate a person?
63. You find out that there is an active problem on your network. You can fix it, but it is out of your jurisdiction. What do you do?
64. How would you compromise an “office workstation” at a hotel?
65. What is worse in firewall detection, a false negative or a false positive? And why?
66. How would you judge if a remote server is running IIS or Apache?
67. What is the difference between an HIDS and a NIDS?
Application security
68. Describe the last program or script that you wrote. What problem did it solve?
69. Can you briefly discuss the role of information security in each phase of the software
development lifecycle?
70. How would you implement a secure login field on a high-traffic website where performance is a consideration?
71. What are the various ways to handle account brute force?
72. What is cross–site request forgery?
73. How does one defend against CSRF?
74. If you were a site administrator looking for incoming CSRF attacks, what would you look for?
75. What’s the difference between HTTP and HTML?
76. How does HTTP handle state?
77. What exactly is cross–site scripting?
78. What’s the difference between stored and reflected XSS?
79. What are the common defenses against XSS?
80. You are remoted into a headless system in a remote area. You have no physical access to the
hardware and you need to perform an OS installation. What do you do?
81. On a Windows network, why is it easier to break into a local account than an AD account?
Security Architect
82. Explain data leakage and give examples of some of the root causes.
83. What are some effective ways to control data leakage?
84. Describe the 80/20 rules of networking.
85. What are web server vulnerabilities and name a few methods to prevent web server attacks?
86. What are the most damaging types of malwares?
87. What’s your preferred method of giving remote employees access to the company network and
are there any weaknesses associated to it?
88. List a couple of tests that you would do to a network to identify security flaws.
89. What kind of websites and cloud services would you block?
90. What type of security flaw is there in VPN?
91. What is a DDoS attack?
92. Can you describe the role of security operations in the enterprise?
93. What is layered security architecture? Is it a good approach? Why?
94. Have you designed security measures that span overlapping information domains? Can you
give me a brief overview of the solution?
95. How do you ensure that a design anticipates human error?
96. How do you ensure that a design achieves regulatory compliance?
97. What is capability–based security? Have you incorporated this pattern into your designs? How?
98. Can you give me a few examples of security architecture requirements?
99. Who typically owns security architecture requirements and what stakeholders contribute?
100. What special security challenges does SOA present?
101. What security challenges do unified communications present?
102. Do you take a different approach to security architecture for a COTS vs a custom solution?
103. Have you architected a security solution that involved SaaS components? What challenges did you face?
104. Have you worked on a project in which stakeholders choose to accept identified security risks that worried you? How did you handle the situation?
105. You see a user logging in as root to perform basic functions. Is this a problem?
106. What is data protection in transit vs data protection at rest?
107. You need to reset a password–protected BIOS configuration. What do you do?
Risk management
108. Is there an acceptable level of risk?
109. How do you measure risk? Can you give an example of a specific metric that measures
information security risk?
110. Can you give me an example of risk trade–offs (e.g. risk vs cost)?
111. What is incident management?
112. What is business continuity management? How does it relate to security?
113. What is the primary reason most companies haven’t fixed their vulnerabilities?
114. What’s the goal of information security within an organization?
115. What’s the difference between a threat, vulnerability, and a risk?
116. If you were to start a job as head engineer or CSO at a Fortune 500 company due to the
previous guy being fired for incompetence, what would your priorities be? [Imagine you start on
day one with no knowledge of the environment]
117. As a corporate information security professional, what’s more important to focus on: threats or
vulnerabilities?
118. If I’m on my laptop, here inside my company, and I have just plugged in my network cable. How
many packets must leave my NIC in order to complete a traceroute to twitter.com?
119. How would you build the ultimate botnet?
120. What are the primary design flaws in HTTP, and how would you improve it?
121. If you could re–design TCP, what would you fix?
122. What is the one feature you would add to DNS to improve it the most?
123. What is likely to be the primary protocol used for the Internet of Things in 10 years?
124. If you had to get rid of a layer of the OSI model, which would it be?
125. What is residual risk?
126. What is the difference between a vulnerability and an exploit?
Security audits, testing & incident response
127. What is an IT security audit?
128. What is an RFC?
129. What type of systems should be audited?
130. Have you worked in a virtualized environment?
131. What is the most difficult part of auditing for you?
132. Describe the most difficult auditing procedure you’ve implemented.
133. What is change management?
134. What types of RFC or change management software have you used?
135. What do you do if a rollout goes wrong?
136. How do you manage system major incidents?
137. How do you ask developers to document changes?
138. How do you compare files that might have changed since the last time you looked at them?
139. Name a few types of security breaches.
140. What is a common method of disrupting enterprise systems?
141. What are some security software tools you can use to monitor the network?
142. What should you do after you suspect a network has been hacked?
143. How can you encrypt email to secure transmissions about the company?
144. What document describes steps to bring up a network that’s had a major outage?
145. How can you ensure backups are secure?
146. What is one way to do a cross–script hack?
147. How can you avoid cross script hacks?
148. How do you test information security?
149. What is the difference between black box and white box penetration testing?
150. What is a vulnerability scan?
151. In pen testing what’s better, a red team or a blue team?
152. Why would you bring in an outside contractor to perform a penetration test?
Cryptography
153. What is secret–key cryptography?
154. What is public–key cryptography?
155. What is a session key?
156. What is RSA?
157. How fast is RSA?
158. What would it take to break RSA?
159. Are strong primes necessary for RSA?
160. How large a module (key) should be used in RSA?
161. How large should the primes be?
162. How is RSA used for authentication in practice? What are RSA digital signatures?
163. What are the alternatives to RSA?
164. Is RSA currently in use today?
165. What are DSS and DSA?
166. What is difference between DSA and RSA?
167. Is DSA secure?
168. What are special signature schemes?
169. What is a blind signature scheme?
170. What is a designated confirmer signatures?
171. What is a fail–stop signature scheme?
172. What is a group signature?
173. What is blowfish?
174. What is SAFER?
175. What is FEAL?
176. What is Shipjack?
177. What is stream cipher?
178. What is the advantage of public–key cryptography over secret–key cryptography?
179. What is the advantage of secret–key cryptography over public–key cryptography?
180. What is Message Authentication Code (MAC)?
181. What is a block cipher?
182. What are different block cipher modes of operation?
183. What is a stream cipher? Name a most widely used stream cipher.
184. What is one–way hash function?
185. What is collision when we talk about hash functions?
186. What are the applications of a hash function?
187. What is trapdoor function?
188. Cryptographically speaking, what is the main method of building a shared secret over a public
medium?
189. What’s the difference between Diffie–Hellman and RSA?
190. What kind of attack is a standard Diffie–Hellman exchange vulnerable to?
191. What’s the difference between encoding, encryption, and hashing?
192. In public–key cryptography you have a public and a private key, and you often perform both
encryption and signing functions. Which key is used for which function?
193. What’s the difference between Symmetric and Asymmetric encryption?
194. If you had to both encrypt and compress data during transmission, which would you do first,
and why?
195. What is SSL and why is it not enough when it comes to encryption?
196. What is salting, and why is it used?
197. What are salted hashes?
198. What is the Three–way handshake? How can it be used to create a DOS attack?
199. What’s more secure, SSL or HTTPS?
200. Can you describe rainbow tables?
