Which file contains a set of services and hosts that will be allowed to connect to the server by going through a TCP Wrapper program such as tcpd? (Specify the full name of the file, including path.)https://lh3.googleusercontent.com/-5cd-clmKnbk/AAAAAAAAAAI/AAAAAAAAADM/-SXesH19Ido/s4
Correct Answer:
/etc/hosts.allow Explanation: The /etc/hosts.allow file contains a set of rules that specify which services and hosts are allowed to connect to the server by going through a TCP Wrapper program such as tcpd. TCP Wrappers are a security mechanism that can filter incoming requests based on the source address, destination address, and service name. TCP Wrappers can also perform logging, redirection, and execution of commands based on the rules. The /etc/hosts.allow file has the following format: service_list : host_list [ : option_list ] The service_list is a comma-separated list of service names, such as sshd, telnet, or ftp. The host_list is a comma-separated list of host names, IP addresses, or network masks that are allowed to access the services. The option_list is an optional list of keywords that can modify the behavior of the rule, such as twist, spawn, deny, or allow. For example, the following rule in /etc/hosts.allow allows ssh access from any host in the 192.168.1.0/24 network, and logs the connection attempt: sshd : 192.168.1.0/255.255.255.0 : spawn /bin/echo %a from %h attempted to access %d >> /var/log/sshd.log The /etc/hosts.allow file is processed before the /etc/hosts.deny file, which contains the rules for denying access to the server. If a request matches a rule in /etc/hosts.allow, it is granted access and the processing stops. If it does not match any rule in /etc/hosts.allow, it is checked against the rules in /etc/hosts.deny. If it matches a rule in /etc/hosts.deny, it is denied access and the processing stops. If it does not match any rule in either file, it is granted access by default. References: * LPI 102-500 Exam Objectives, Topic 110.3: Implement host security * LPI 102-500 Study Guide, Chapter 10: Securing Your System, Section 10.3: TCP Wrappers * hosts.allow man page
Question 162
On a Linux system with shadow passwords enabled, which file in the file system contains the password hashes of all local users? (Specify the full name of the file, including path.)
Correct Answer:
/etc/shadow Explanation: On a Linux system with shadow passwords enabled, the file that contains the password hashes of all local users is /etc/shadow. This file is a replacement for the password field in /etc/passwd, which is a world-readable file that contains basic information about users. The /etc/shadow file is not readable by regular users, and it stores the encrypted passwords (or hashes) of each user, along with other information such as password expiration dates, minimum and maximum password ages, and password warning periods. The /etc/shadow file has nine colon-delimited fields for each user: * Username: The name used when the user logs into the system. * Password: The encrypted password of the user, or a special character that indicates the password status. For example, an asterisk (*) means the account is locked, and an exclamation mark (!) means the password is expired. * Last Password Change: The date of the last password change, expressed as the number of days since January 1, 1970. * Minimum Password Age: The minimum number of days required between password changes. A zero means the password can be changed anytime. * Maximum Password Age: The maximum number of days the password is valid. After this number of days, the password must be changed. A zero means the password never expires. * Password Warning Period: The number of days before the password expires that the user will be warned. A zero means no warning is given. * Password Inactivity Period: The number of days after the password expires that the account will be disabled. A negative value means the account is never disabled. * Account Expiration Date: The date when the account will be disabled, expressed as the number of days since January 1, 1970. A zero means the account never expires. * Reserved Field: A field for future use. The /etc/shadow file can be modified by using the commands passwd and chage, which are used to change the password and the password aging information of a user, respectively. The /etc/shadow file should not be edited directly, but always through the tools provided by the distribution. For more details, see the shadow manual page. References: * LPIC-1 Exam 102 Objectives, Topic 110: Security, Subtopic 110.2: Use sudo to manage access to the root account, Weight: 2, Key Knowledge Areas: Configure sudo and sudoers. Use sudo to execute commands as another user. * LPIC-1 Exam 102 Learning Materials, Topic 110: Security, Subtopic 110.2: Use sudo to manage access to the root account, Section 110.2.1: sudo and sudoers, Page 3-5.
Question 163
Which of the following commands configure network interfaces based on the system's existing distributionspecific configuration files? (Choose two.)
Correct Answer: B,C
Question 164
Which of the following files is not read directly by a Bash login shell?
Correct Answer: A
Question 165
Which command will set the local machine's timezone to UTC?
