1. Trang chủ >
  2. Công Nghệ Thông Tin >
  3. Kỹ thuật lập trình >

Chapter 42. Exam 202 Review Questions and Exercises

Bạn đang xem bản rút gọn của tài liệu. Xem và tải ngay bản đầy đủ của tài liệu tại đây (10.57 MB, 1,207 trang )

This document was created by an unregistered ChmMagic, please go to http://www.bisenter.com to register


it. Thanks

42.1. Networking Configuration (Topic 2.205)

42.1.1. Review Questions


You have learned that a system does not currently specify the correct default gateway. The correct default gateway address

is What commands would you issue to delete the existing gateway address and add a new one?


What command would you issue to assign a second IP address of and a netmask of to your eth1



The arpwatch daemon has discovered several "flip-flops," implying that ARP poisoning has occurred on your network. Where

can you read the alerts sent by the daemon?


A remote office has had to swap out a failed NIC in its Linux router. This router must work with an ISP's cable modem to allow

the remote office to access the Internet. However, the ISP's cable modem recognizes only the MAC address of the failed

card. What command can help you solve this problem?


You have tried to use tcpdump to capture packets and analyze them. However,tcpdump captures only the first few parts of

the packet by default, and you want to capture and display the entire packet. You also want to save the capture into a file

named cap1.cap. What command allows you to do this?


You have just used the netstat command, and have read the following entry:

tcp 0 6 64-128-206-189.ge:53208 mail1.oreilly.com:imap2 ESTABLISHED

What system has opened port 143?

42.1.2. Answers


Run two commands:

# route del default gw

# route add default gw



# ifconfig eth1:1 netmask


arpwatch alerts are usually mailed to theroot user. Use the mail command to read the messages.


Use the ifconfig command to specify the same MAC address as the failed NIC:

This document was created by an unregistered ChmMagic, please go to http://www.bisenter.com to register


it. Thanks

# ifdown eth0

# ifconfig eth0 hw ether 00:02:03:06:07:08

# ifup eth0


Use the following tcpdump command:

# tcpdump -vvv -s 1518 -i eth0 -w cap1.cap


The system named mail1.oreilly.com has opened port 143, because this port is the IMAP port.

42.1.3. Exercise


As root, experiment with thetcpdump command. Many examples exist in the manpage fortcpdump. Specifically for the LPI 202

Exam, experiment with the following command:

# tcpdump host host1 and \( host2 or host3 \)

The tcpdump command captures all packets sent between the host namedhost1 and either the host namedhost2 or the host

named host3. Now, try the following command:

# tcpdump -i eth1 not arp and not '(port ssh)' and not '(port http)'

This command excludes ARP packets, as well as those associated with SSH and standard web traffic. You can add more

ports by adding more and not phrases. Notice also that the previous command specifies an interface, in this case the second

one on the system. If you are using a standard hub-based network, you will be able to sniff the packets going to and from

remote systems. However, if you are on a switch-based network, tcpdump will capture only packets going to and from your

local system.


Experiment with the ifconfig command. Use it to add a second IP address. Then ping the new address from both your local

system and a remote system. Change your system's MAC address. You can also stop and start interfaces and change the

system's IP address. Finally, use ifconfig to change your network interface's IP address. Reboot your system and see whether

the change you made remains. Then, review the /etc/network/interfaces file (for Debian-based systems) or the

/etc/sysconfig/network-scripts file (for Red Hat/Fedora-based systems).


The arp command allows you to view and manipulate the ARP cache. View the cache by running the

arp command without

arguments, then use it to add and delete entries. Notice that if you delete an entry, then reconnect to the system, you will see

that the deleted system has been added back.


The netcat command (also nc) has become a standard tool. It is ideal for testing to see whether local or remote ports are

open. You can also use it as a primitive port scanner and even as a quick and dirty way to transfer files between systems.

Use netcat to monitor your systems only.


The arpwatch command monitors MAC address and IP address pairings on a network. These pairings should not change

often. Install and run arpwatch if it is not already working. Use an application such asettercap, or use ifconfig to change a

system's MAC address, then see how arpwatch sends the root account on the local system notifications that a pairing has

changed. Sudden changes can be evidence that an attacker is trying to spoof connections or engage in packet sniffing on a

switch-based network.


The ping command is quite standard. However, familiarize yourself with various options, includingping -c, ping -a, and ping -f.

The -f option will work only when run asroot. If you want, use tcpdump to collect the flood of packets sent when you use the-f

option. Experiment also with specifying packet sizes and different time to live (TTL) settings.

This document was created by an unregistered ChmMagic, please go to http://www.bisenter.com to register it. Thanks.


Use wvdialconf and wvdial to configure PPP-based dial-up access for your system. Also, familiarize yourself with the chat

program and the contents of a standard chat file. Examples of this file exist in this book, as well as on the Internet. Make sure

that you understand the purpose of the chap-secrets and pap-secrets files.


Once you have configured PPP access, configure VPN access using the pptp command. Make sure that you clearly

understand the ports used in pptp and how to troubleshoot connections by reviewing files such as/var/log/messages using tail

with the -f option.


Linux systems are extremely flexible. For example, it is possible to add a second NIC to your Linux system and use it as a

router. Once you have two NICs installed and recognized, configure each with IP addresses. Then enable IP forwarding. You

can do this either by changing the value of /proc/sys/net/ipv4/ip_forward to 1 or by editing the/etc/sysctl.conf file. As root,

simply add the following line:


Then run the following command:

# sysctl -p /etc/sysctl.conf

Once you have done this, your system will forward packets between the two NICs. You can return your system to normal by

changing the 1 value to 0 in the /proc/sys/net/ipv4/ip_forward file.

10. The netstat command is deceptively simple. Familiarize yourself with all of the fields innetstat output. Also, become familiar

with the many options to netstat, including -na, -nr, and -M.

This document was created by an unregistered ChmMagic, please go to http://www.bisenter.com to register it. Thanks

42.2. Mail and News (Topic 2.206)

42.2.1. Review Questions


You wish to map mail from one local user account to another local user account. What file would you edit?


You wish to map mail from remote hosts to your hosts to different accounts on the system. What file would you use?


You wish to rewrite outgoing emails from the system mail.company1.com so that they appear to come from the

mail.company2.com domain. What file would you use to create the proper mappings?


What command is used to add or remove groups in innd?


You have just installed Majordomo 2 on a system named listserv.company.com. The password is listserv1. What command

would you issue to create a list named operations?


You are reading the following Procmail recipe:

* ^From: .*@sales.com


What is the result of the recipe?

42.2.2. Answers


Use the /etc/aliases file.


Use the virtusertable file.


Use the genericstable file.


Use the ctlinnd command.



# create operations listserv1


All email messages from sales.com will be redirected to the /dev/null file and thus be deleted.

This document was created by an unregistered ChmMagic, please go to http://www.bisenter.com to register it. Thanks.

42.2.3. Exercises


Install and configure a simple Sendmail server. Configure the proper aliases according to RFC 821. Use the proper files, m4

macros, and commands to configure the system of your choice. Do not forget to configure the MX records for the domain so

that emails sent to your domain will be properly mapped to your Sendmail server. Test your configuration and settings using

the commands discussed in this book and at http://ww.sendmail.org.


Once you have configured Sendmail to work in a basic manner, experiment with the server. For example, use the

genericstable file so that emails sent from the system appear to be sent from another related domain. Do not engage in illicit

activity. Simply experiment with how to rewrite headers.


After working on your Sendmail configuration, secure it. Shut down and remove all unnecessary services, such as web and

database servers. Use the iptables or (if you have an older system) ipchains command to block unnecessary connections. If

you are using SSH or VNC, lock down these services so that they use the best encryption available and accept connections

only from trusted hosts.


Install and configure Procmail. Use recipes to forward email to another user. Then create a recipe that automatically

responds and informs people that the user is on vacation.


Install and configure Majordomo 2. Prepare Sendmail or your alternative MTA to work well with Majordomo 2. Then, create

new lists. Subscribe and unsubscribe from these lists. Customize these lists by enabling and disabling moderation, as well as

enabling and disabling message digesting.


Experiment with the different ways to configure Majordomo 2. You can configure it either by editing the readers.conf file or by

sending control email messages.


Install INN. Configure it to serve up at least two newsgroups. You will likely find that the server is configured by default to

reject posts from remote hosts. Configure the system to accept remote posts. You will likely need to do this using both the

ctlinnd command and by configuring thereaders.conf file.


Once you have configured INN to accept posts from remote users, enable password protection using the htpasswd

command. You will likely have to edit the readers.conf file to recognize your use of the database. Your entry will likely appear

as follows:

auth "useraccounts" {

auth: "ckpasswd -f /etc/news/nntp_passwd"


Now experiment with user authentication on the server, and monitor when users make posts.


Once you have configured user authentication, experiment with upstream and downstream feeds. Even if you do not have

access to these streams, configure INN as if you did.

This document was created by an unregistered ChmMagic, please go to http://www.bisenter.com to register


it. Thanks

42.3. DNS (Topic 2.207)

42.3.1. Review Questions


You wish to use the dig command to query the server nameddns1.company.com to see whether the PTR record for the

system named adam exists. What would this command look like?


Consider the following text:

zone "." {

type hint;

file "/etc/bind/db.root";


What is the purpose of this entry, and what file does this entry belong in?


You have been given a new host to enter into the forward DNS zone. This hostname is for the Web server. The host's IP

address is, and the host's name is www.company.com. Write in the entry you would create in the DNS server's

forward zone file for this server.


You wish to establish a chroot jail for your DNS server. You are using BIND. Why is it necessary to copy or move directories

such as the /etc/bind directory to another, special location on the hard drive?


Your system ships with the BIND 8 dnskeygen command, rather than the BIND 9dnssec-keygen command. Both have the

same function. Using dnskeygen or its equivalent, what command would you issue to create a public-key pair with the size of

1024 bits that can be used only for authentication for the mycompany.com domain?


You are in an interactive nslookup session. What command would you issue to switch from the default nameserver to


42.3.2. Answers



# dig @dns1.company.com PTR adam


The text primes the DNS server to look for root servers. This entry belongs in the named.conf file.


Create the following entry in the DNS server's forward zone file:

This document was created by an unregistered ChmMagic, please go to http://www.bisenter.com to register


it. Thanks





The purpose is to provide BIND with an isolated environment. If a buffer overflow or other problem occurs, any exploit or other

problem will remain local to that environment and will not be able to spread easily to the rest of the system.


The command is:

# dnskeygen -H 1024 -c -h key.mycompany.com.


The command is:

> server dns2.company.com

42.3.3. Exercises


Install BIND on your system. Take some time to verify where the configuration files are. In many newer systems, the files will

be located in the /etc/bind directory. In other systems, the files will be located in both the/etc directory and in the /var/named

subdirectories. Once you have confirmed the location of these files, verify the location of the startup script. In some systems,

it will be in the /etc/rc.d/init.d directory. In other systems, it will be in the/etc/bind directory. Sometimes, the startup file is called

named. In other cases, it is called bind9. The names and locations of files may vary. This series of exercises will assume that

all configuration files reside off of the /etc/bind directory.


Using sample zone files that reside on the local system or on the Internet, review the syntax of valid DNS entries. Also review

the syntax for the named.conf file, the top-level nameserver file, and the forward and reverse loopback zone files.


Configure BIND to act as a DNS server for your network. First, configure the /etc/bind/named.conf file so that it contains

references for the root servers, and so that this server knows that it is authoritative for the zone you are going to create. You

will also need to add forward and reverse loopback zones, as well as references for the forward and reverse zones you are

going to create. Remember the names and locations of the forward and reverse zone files. You will be creating these files in

the next step.


As you configure named.conf, make sure that you are referencing all files properly and that these files exist, even if they are

currently empty. Use the touch command to create the files, or download sample files from the Internet. The files for the

forward and reverse loopback zones should already exist on your system. If your system has not already provided them,

obtain hint files from http://www.bind.org.


Using a text editor, create both forward and reverse lookup zone files in the /etc/bind directory. Make sure that these files

have the same names as those indicated in the /etc/bind/named.conf file. Populate the forward and reverse zone files with

valid entries. The entries you create will include valid TTL and SOA information, valid nameserver information, and A records.

Make sure as you start BIND that you review the /var/log/messages file. Using the tail -f command is a good idea, as it will

help you read any error messages BIND gives. You may also have to verify that the BIND service is running. One way to do

this is to use the ps aux command and pipe the output throughgrep:

ps aux | grep bind


You will likely have to make several changes to the forward and reverse zone files before BIND properly initializes and begins

resolving names. You will have to restart your server whenever you make a change to your zone or configuration files.


Once you have started BIND, configure the /etc/resolv.conf file for your DNS server and also for your clients so that they are

using your DNS server. Use the ping command to verify that you can access hosts by both IP address and by DNS hostname.


Use nslookup in interactive mode, as well as a one-time command, to verify that your server is properly resolving names. In

This document was created by an unregistered ChmMagic, please go to http://www.bisenter.com to register it. Thanks.

some systems, nslookup is deprecated. You can use the -sil option to eliminate the warning messages. While using nslookup,

change between DNS servers, view A and PTR records, review the SOA record for the zone, and see if you can conduct a

zone transfer.


The dig command is quite sophisticated. Use thedig command to query your forward and reverse zone records, as well as

review the SOA fields. You can also use BIND to query other DNS servers and conduct zone transfers if the DNS server

allows such activity (increasingly unlikely). Make sure that you know the options that allow you to conduct multiple inquiries.

10. The host command is quite handy for conducting quick DNS searches. Make sure that you know the options that allow you to

conduct zone transfers and specify the types of records you wish to view (e.g., SOA, CNAME, and AXFR).

11. You already have a working server. However, you can add more names. Add CNAME and MX records to your zones. When

you make changes, make sure that you increment the serial number so that changes are recognized by secondary (i.e.,

slave) DNS servers.

12. Configure a secondary (slave) DNS server. Conduct zone transfers to verify that your configuration has worked.

13. Once you are confident that your master/primary and secondary/slave DNS servers are working properly, secure them. Use

the dnskeygen command (or its equivalent) to create public keys for your zones. Then take the necessary steps to require

authentication and encryption for all zone transfers. Then configure named.conf to restrict zone transfers to certain servers.

Even though such settings can be rather easily fooled by attackers who know how to spoof IP addresses, you may as well

lock down as many settings as possible. Also consider stopping all other daemons and dedicating this system to just providing

name resolution. Even if you are simply experimenting, consider the daemons that you would shut down if you were to

configure this system as a dedicated DNS server.

This document was created by an unregistered ChmMagic, please go to http://www.bisenter.com to register it. Thanks.

42.4. Web Services (Topic 2.208)

42.4.1. Review Questions


No startup script exists to start, stop, or restart your apache server. What is the most nearly universal command that you can

use to start the Apache server?


You wish to enable .htaccess files on your web server to enable user-based access. Where should these files be located?


You have noticed that an .htaccess file you have created is not being recognized. You have copied it from another server, so

you know it is formatted correctly What can you do to solve this problem?


You need to run htpasswd for the first time and create a database named/etc/apache2/users. What command should you

issue to create the database?


You wish to start the Apache server with SSL support. What command would you issue? Also, what files might need to be

edited to enable SSL support?


You wish to create a virtual host in an older version of Apache. What file should you edit to enable virtual hosts?


You wish to forbid all web-based access to URLs that contain the words Paris and Hilton. You have created the following ACL

entry in Squid:

acl Paris1 url_regex Paris

acl Hilton1 url_regex Hilton

http_access deny Paris1

http_access deny Hilton1

http_access allow all

However, you still notice that many users have been able to access URLs such as http://naughtysite.us/paris. Why is this the


This document was created by an unregistered ChmMagic, please go to http://www.bisenter.com to register


it. Thanks

42.5. Answers


Use the apachectl command:

# apachectl start


It should be a hidden file in the resource you wish to restrict.


Edit httpd.conf or apache2.conf and enable support for .htaccess files. Look for a directive similar to the following and make

sure that the directive is not commented out:

AccessFileName .htaccess

Order allow,deny

Deny from all


Issue the following command as root:

# htpasswd -c /etc/apache2/users


Issue the following command:

# apachectl startssl

You may also need to edit the http.conf file or the ssl.conf and ssl.load files.


The http.conf file. Apache 2.0 is configured using theapache2.conf file.


Squid ACLs are case-sensitive, as is common with many Unix-based applications and daemons. The ACL given forbids only

Paris and Hilton, not paris and hilton.

42.5.1. Exercises


Install the Apache server using any method you prefer (e.g., RPM for Red Hat/Fedora systems, apt or Synaptic for

Debian-based systems). After you install Apache, review the location and contents of the Apache configuration files. Look for

httpd.conf or the equivalent, as well as associated configuration files. Review the location of all log files, as well. If you wish,

write down the location of the configuration and log files on a separate piece of paper.


Configure the Apache server so that it will serve up a basic page. You may have to enable certain directives, such as the user

and group Apache uses. It is also sometimes necessary to specify the server root (e.g., where the server's configuration files

exist) and the directory that contains all of the sites. In some versions of Apache, all of this information is included in the

This document was created by an unregistered ChmMagic, please go to http://www.bisenter.com to register


it. Thanks

httpd.conf file. In newer versions (Apache 2), look for thesites-available directory. Once you have confirmed that you have

configured all the basic directives, start Apache and use either a web browser or netcat (nc) to verify connectivity. You can

use a startup script or the apachectl or apache2ctl application, depending upon the version of Apache you are using.


Find the location of the directives that allow the use of .htaccess files in Apache. Make sure that the directives are not

commented out. If you have to uncomment any of these directives, restart Apache Server to ensure that it recognizes the use

of .htacess files. Now, create an .htaccess file that requires user-based authentication. Use thehtpasswd or htpasswd2

commands to create a new user database. Configure Apache to recognize this database. Test your work.


Now, configure Apache to use SSL. If necessary, create SSL certificates using the openssl command or the CA.pl application,

which is usually available in the /usr/lib/ssl/misc directory. The CA.pl application requires that Perl be installed. Once you have

created the certificate, configure Apache to recognize it. Then configure a directory to require SSL-based access. Using any

web browser that supports SSL, access the resource.


Enable PHP and Perl support. Do this by editing the httpd.conf file or its equivalent and uncommenting the appropriate

directives. You will have to restart Apache after doing so. Download some sample scripts from the Internet. For example,

O'Reilly has a web site called ONLamp.com (http://www.onlamp.com) where you can obtain scripts that you can run. Make

sure to put them into the cgi-bin directory and make them executable by the correct user.


Web servers often have to throttle connections and bandwidth. Apache makes this quite simple. Open the httpd.conf or its

equivalent and look for the following settings:


The number of servers to start by default. The default setting is often 2; set it to a reasonable number for your



The maximum number of clients that will be served at one time. The default is often set to 150. Set it to the

number that your system can reasonably support.


Limits the number of requests a child process can respond to. Usually set to 25. Set it to a reasonable number.

The higher the number, the slower a particular process will be to serve clients if the system becomes overtaxed.


Determines the lowest number of threads that the server is allowed to have at one time. Limits the number of

servers that can be started.


Review the log files that the Apache server generates. These include the access log, the referrer log, and the error logs.

These are usually located off of the /var/log directory.


Apache is not only a standard web server. It also sports a proxy server that is capable of caching requests, thereby speeding

up access. Configure the Apache server proxy feature and then configure a web browser to use the proxy server. Review the

Apache Server log files and list the files, proxy cache directory to verify that the proxy server is working.


Now install Squid. You can obtain Squid using your system's package manager or athttp://www.squid-cache.org. Once you

have installed Squid, familiarize yourself with the configuration files, including squid.conf. Review the settings insquid.conf,

then start the service. Review the Squid log files and /var/log messages to make sure Squid is running properly. Configure a

web browser as a Squid client and access the Internet. You can also review the Squid cache directory to ensure that Squid is


10. Once Squid is working, enable filtering. Create an ACL that limits usage by URL to a particular text string. Also, enable user

authentication. Review the access logs and other log files that Squid generates to verify that your proxy server is running as

Xem Thêm
Tải bản đầy đủ (.pdf) (1,207 trang)