What can Joe do to hide the wiretap program from being detected by ifconfig command?
Joe the Hacker breaks into XYZ’s Linux system and plants a wiretap program in order to sniff
passwords and user accounts off the wire. The wiretap program is embedded as a Trojan horse in
one of the network utilities. Joe is worried that network administrator might detect the wiretap
program by querying the interfaces to see if they are running in promiscuous mode.
What can Joe do to hide the wiretap program from being detected by ifconfig command?
What is the expected result of the following exploit?
What is the expected result of the following exploit?
What kind of program can you use to track changes to files on the server?
You have just installed a new Linux file server at your office. This server is going to be used by
several individuals in the organization, and unauthorized personnel must not be able to modify any
data.
What kind of program can you use to track changes to files on the server?
Which built-in functionality of Linux can achieve this?
Jim’s organization has just completed a major Linux roll out and now all of the organization’s
systems are running the Linux 2.5 kernel. The roll out expenses has posed constraints on
purchasing other essential security equipment and software. The organization requires an option
to control network traffic and also perform stateful inspection of traffic going into and out of the
DMZ.
Which built-in functionality of Linux can achieve this?
What library does it use?
WinDump is a popular sniffer which results from the porting to Windows of TcpDump for Linux.
What library does it use?
They are at odds over what types of encryption are used to secure Linux passwords.(Choose all that apply.
Several of your co-workers are having a discussion over the etc/passwd file. They are at odds
over what types of encryption are used to secure Linux passwords.(Choose all that apply.
How can she restrict this type of abuse by limiting access to only specific IP addresses that are trusted by u
Rebecca has noted multiple entries in her logs about users attempting to connect on ports that are
either not opened or ports that are not for public usage. How can she restrict this type of abuse by
limiting access to only specific IP addresses that are trusted by using one of the built-in Linux
Operating System tools?
What does this mean in the context of Linux Security?
John is discussing security with Jane. Jane had mentioned to John earlier that she suspects an
LKM has been installed on her server. She believes this is the reason that the server has been
acting erratically lately. LKM stands for Loadable Kernel Module.
What does this mean in the context of Linux Security?
Which of the following snort rules look for FTP root login attempts?
Which of the following snort rules look for FTP root login attempts?
how many user IDs can you identify that the attacker has tampered with?
After studying the following log entries, how many user IDs can you identify that the attacker has
tampered with?
1. mkdir -p /etc/X11/applnk/Internet/.etc
2. mkdir -p /etc/X11/applnk/Internet/.etcpasswd
3. touch -acmr /etc/passwd /etc/X11/applnk/Internet/.etcpasswd
4. touch -acmr /etc /etc/X11/applnk/Internet/.etc
5. passwd nobody -d
6. /usr/sbin/adduser dns -d/bin -u 0 -g 0 -s/bin/bash
7. passwd dns -d
8. touch -acmr /etc/X11/applnk/Internet/.etcpasswd /etc/passwd
9. touch -acmr /etc/X11/applnk/Internet/.etc /etc