You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The command useradd _____
creates a new user account.
The command _____ changes a file's owner or group.
chown
The command _____ changes a user's password.
passwd
Default shell files should have default value of _____ set, for example to 077
umask
Debian's password encryption algorithm is set by Pluggable Authentication Modules (PAM) in the _____ file
/etc/pam.d/common-passwd
Encrypted Linux passwords all have the same _____, even if the unencrypted passwords do not
length
the chmod _____ permission means READ permission for owner, group and public
0444
The command _____ modifies a group
groupmod
The command _____ modifies a user account.
usermod
gVisor is a _____ that can sandbox syscalls in userspace via restricted seccomp filters
kernel security module
The /etc/passwd file stores _____
users and data about them
The _____ file contains group definitions.
/etc/group
the chmod 0111 permission means EXECUTE permission for _____
owner, group and public
Login names can never contain colons or newlines - these characters are used as field and entry separators in the _____ file respectively
/etc/passwd
Each line of the /etc/shadow password file represents a user. The user's fields are separated by colons: username:password:Last password change:Minimum days required between password changes:_____:password expiration warning duration:password expiration ban deadline:{{c10::account expiration date}}
Maximum days between password changes
_____ filters decide which syscalls are allowed inside in a system. This prevents signals from being arbitrarily ran by an attacker, or being used to break out of a Linux namespace via unshare
seccomp
The root, system, or wheel group always has GID of _____
0
AppArmor profiles in complain mode _____
report violations
Each line in the /etc/passwd file represents a user. A line's colon-separated fields represent: _____:password:UID:Default GID:comments:home:shell
username
AppArmor profiles in _____ mode block access to disallowed resources
enforcing
Each line of the /etc/shadow password file represents a user. The user's fields are separated by colons: _____:password:Last password change:Minimum days required between password changes:Maximum days between password changes:password expiration warning duration:password expiration ban deadline:{{c10::account expiration date}}
username
The command _____ sets a password for a user
passwd [username]
The command _____ reconciles the contents of the /etc/shadow and /etc/passwd files
pwconv
root user's UID always equals _____
0
the chmod 0444 permission means _____ permission for owner, group and public
READ
The command _____ sets a group's password, allowing users to enter it
gpasswd
RHEL's password encryption algorithm is set in the /etc/login.defs file, or through the _____ command
authconfig
The command _____ can change a user’s configuration through editing the /etc/passwd file
vipw
Each line of the /etc/shadow password file represents a user. The user's fields are separated by colons: username:password:Last password change:Minimum days required between password changes:Maximum days between password changes:password expiration warning duration:_____:{{c10::account expiration date}}
password expiration ban deadline
seccomp filters decide which _____ are allowed inside in a system. This prevents signals from being arbitrarily ran by an attacker, or being used to break out of a Linux namespace via unshare
syscalls
Debian's password encryption algorithm is set by _____ in the /etc/pam.d/common-passwd file
Pluggable Authentication Modules (PAM)
the chmod 0111 permission means _____ permission for owner, group and public
EXECUTE
The command userdel _____
deletes a user account.
Each line of the /etc/shadow password file represents a user. The user's fields are separated by colons: username:password:_____:Minimum days required between password changes:Maximum days between password changes:password expiration warning duration:password expiration ban deadline:{{c10::account expiration date}}
Last password change
Each line in the /etc/passwd file represents a user. A line's colon-separated fields represent: username:password:UID:Default GID:comments:home:_____
shell
Each line in the /etc/passwd file represents a user. A line's colon-separated fields represent: username:password:UID:Default GID:comments:_____:shell
home
Pseudo-users have a _____, and therefore cannot be logged into. They are commonly defined as owners of commands and configuration files
fake login shell
_____ is a kernel security module that confines programs to a limited set of resources, reducing an application's attack surface
AppArmor
The /etc/shadow password file is readable only by _____
the superuser
"The command _____ searches the /var/log/ directory for usages of the word ""login"""
grep login /var/log/*
Each line of the /etc/shadow password file represents a user. The user's fields are separated by colons: username:password:Last password change:Minimum days required between password changes:Maximum days between password changes:_____:password expiration ban deadline:{{c10::account expiration date}}
password expiration warning duration
sh reads _____ before reading ~/.profile and ~/.bash_profile
/etc/profile
the chmod 0222 permission means _____ permission for owner, group and public
WRITE
Never manually edit /etc/passwd, /etc/group or /etc/shadow. Use the commands useradd, adduser, usermod, _____, vipw, vipw -s and chsh instead
pw
Are login names case-sensitive? _____
Yes
The command _____ deletes a user account.
userdel
Human user UIDs should equal to _____
1000 or higher
A user's group memberships equals the union of those defined for the user in /etc/passwd and _____
/etc/group
gVisor is a kernel security module that can _____ syscalls in userspace via restricted seccomp filters
sandbox
AppArmor profiles configure access to capabilities, network access, file permissions, either in _____ or complain mode
enforcing
The _____ file stores users and data about them
/etc/passwd
Never manually edit /etc/passwd, /etc/group or /etc/shadow. Use the commands useradd, _____, usermod, pw, vipw, vipw -s and chsh instead
adduser
The command chown _____
changes a file's owner or group.
A Linux user is represented by its number: the _____
user ID or UID
A user's group memberships equals the union of those defined for the user in _____ and /etc/group
/etc/passwd
The command passwd _____
changes a user's password.
New files are typically owned by the user's _____ group
effective
Edit /etc/group by running _____ and /etc/gshadow by running vigr -s
vigr
Do login names have to be unique? _____
Yes
Each line in the /etc/passwd file represents a _____. A line's colon-separated fields represent: username:password:UID:Default GID:comments:home:shell
user
The command whoami displays _____
the currently logged in user
Group names should be limited to _____ characters for compatibility
8
AppArmor profiles in enforcing mode _____
block access to disallowed resources
The _____ password file is readable only by the superuser
/etc/shadow
A line in the /etc/group file represents a single group. Its fields are separated by colons: Name:Password:GID:_____
Members, separated by commas
Each line in the /etc/passwd file represents a user. A line's colon-separated fields represent: username:password:UID:_____:comments:home:shell
Default GID
The command _____ displays the groups a user belongs to
groups
Never manually edit /etc/passwd, /etc/group or /etc/shadow. Use the commands _____, adduser, usermod, pw, vipw, vipw -s and chsh instead
useradd
AppArmor profiles configure access to capabilities, network access, file permissions, either in enforcing or _____ mode
complain
Each line in the /etc/passwd file represents a user. A line's colon-separated fields represent: username:password:_____:Default GID:comments:home:shell
UID
Each line of the /etc/shadow password file represents a user. The user's fields are separated by colons: username:_____:Last password change:Minimum days required between password changes:Maximum days between password changes:password expiration warning duration:password expiration ban deadline:{{c10::account expiration date}}
password
The command usermod _____
modifies a user account.
The command id displays _____
user and group ID's
Never manually edit /etc/passwd, /etc/group or /etc/shadow. Use the commands useradd, adduser, usermod, pw, _____, vipw -s and chsh instead
vipw
the chmod _____ permission means EXECUTE permission for owner, group and public
0111
AppArmor _____ configure access to capabilities, network access, file permissions, either in enforcing or complain mode
profiles
The command _____ adds a user group
groupadd
The /etc/shadow file contains _____
encrypted passwords.
_____ profiles configure access to capabilities, network access, file permissions, either in enforcing or complain mode
AppArmor
AppArmor is a kernel security module that confines programs to _____, reducing an application's attack surface
a limited set of resources
The _____ file contains encrypted passwords.
/etc/shadow
Linux passwords are encrypted with a random _____, allowing them to have several encrypted forms, especially if several users use the same password
salt
Linux typically encrypts passwords under the _____ cryptographic function
SHA-512
Each line in the _____ file represents a user. A line's colon-separated fields represent: username:password:UID:Default GID:comments:home:shell
/etc/passwd
Edit _____ by running vigr and /etc/gshadow by running vigr -s
/etc/group
The command groupadd _____
adds a user group
The command vipw can change a user’s configuration through editing the _____ file
/etc/passwd
the chmod 0444 permission means READ permission for _____
owner, group and public
Human groups should have GID of _____
1000 or higher
The commands useradd, usermod and userdel can be configured via the files /etc/login.defs and _____
/etc/default/useradd
the chmod _____ permission means WRITE permission for owner, group and public
0222
The command _____ changes a user's login shell
chsh
The command _____ lists users who are logged in.
users
A line in the /etc/group file represents a single group. Its fields are separated by colons: _____:Password:GID:Members, separated by commas
Name
Never manually edit /etc/passwd, /etc/group or /etc/shadow. Use the commands useradd, adduser, usermod, pw, vipw, _____ and chsh instead
vipw -s
The command groups displays _____
the groups a user belongs to
A line in the /etc/group file represents a single group. Its fields are separated by colons: Name:Password:_____:Members, separated by commas
GID
Edit /etc/group by running vigr and /etc/gshadow by running _____
vigr -s
A line in the _____ file represents a single group. Its fields are separated by colons: Name:Password:GID:Members, separated by commas
/etc/group
The _____ file configures password expiration, encryption algorithms, UID ranges and GID ranges
login.defs
The command pwconv reconciles the contents of the /etc/shadow and _____ files
/etc/passwd
Each line of the _____ password file represents a user. The user's fields are separated by colons: username:password:Last password change:Minimum days required between password changes:Maximum days between password changes:password expiration warning duration:password expiration ban deadline:{{c10::account expiration date}}
/etc/shadow
The command users _____
lists users who are logged in.
_____ is a kernel security module that can sandbox syscalls in userspace via restricted seccomp filters
gVisor
The command _____ displays the currently logged in user
whoami
The commands useradd, usermod and userdel can be configured via the files _____ and /etc/default/useradd
/etc/login.defs
Each line of the /etc/shadow password file represents a user. The user's fields are separated by colons: username:password:Last password change:_____:Maximum days between password changes:password expiration warning duration:password expiration ban deadline:{{c10::account expiration date}}
Minimum days required between password changes
Each line in the /etc/passwd file represents a user. A line's colon-separated fields represent: username:password:UID:Default GID:_____:home:shell
comments
Users managed through LDAP (or other directory service) might have special entries in the /etc/passwd file beginning with _____, integrating the file with the directory service
+ or -
The /etc/group file contains _____
group definitions.
The _____ GID is used during creation of new files and directories
default
Edit /etc/group by running vigr and _____ by running vigr -s
/etc/gshadow
Grant a user sudo privileges by adding their username to the _____ file
sudoers
The _____ group always has GID of 0
root, system, or wheel
You can generate AppArmor profiles using the _____ generation tool
Bane (https://github.com/jfrazelle/bane)
Each line in the /etc/passwd file represents a user. A line's colon-separated fields represent: username:_____:UID:Default GID:comments:home:shell
password
gVisor is a kernel security module that can sandbox _____ in userspace via restricted seccomp filters
syscalls
seccomp filters decide which syscalls are allowed inside in a system. This prevents signals from being arbitrarily ran by an attacker, or being used to break out of a Linux namespace via _____
unshare
A line in the /etc/group file represents a single group. Its fields are separated by colons: Name:_____:GID:Members, separated by commas
Password
The command _____ displays user and group ID's
id
The command chage -d 0 username _____
invalidates a user’s password and forces an update
gVisor is a kernel security module that can sandbox syscalls in userspace via _____
restricted seccomp filters
The _____ directory holds sample startup files
/etc/skel
The command _____ invalidates a user’s password and forces an update
chage -d 0 username
AppArmor is a _____ that confines programs to a limited set of resources, reducing an application's attack surface
kernel security module
It is best practice that a human user should have the same consistent login name and _____ across all machines they use
UID
The command groupmod_____
modifies a group
The command groupdel _____
deletes a group
The /etc/skel directory holds _____
sample startup files
It is best practice that a human user should have the same consistent _____ and UID across all machines they use
login name
The _____ file defines groups
/etc/group
The command _____ creates a new user account.
useradd
LDAP and /etc/passwd integration can be configured in the _____ file
/etc/nsswitch.conf
The command _____ deletes a group
groupdel
RHEL's password encryption algorithm is set in the _____ file, or through the authconfig command
/etc/login.defs
gVisor is a kernel security module that can sandbox syscalls in _____ via restricted seccomp filters
userspace
Linux limits login length to _____ characters
32
Never manually edit /etc/passwd, /etc/group or /etc/shadow. Use the commands useradd, adduser, _____, pw, vipw, vipw -s and chsh instead
usermod
The command pwconv reconciles the contents of the _____ and /etc/passwd files
/etc/shadow
To manually create a new Linux user, add them into the files: _____
/etc/passwd, /etc/shadow and /etc/group
the chmod 0222 permission means WRITE permission for _____
owner, group and public
Never manually edit /etc/passwd, /etc/group or /etc/shadow. Use the commands useradd, adduser, usermod, pw, vipw, vipw -s and _____ instead
chsh
Users managed through LDAP (or other directory service) might have special entries in the _____ file beginning with + or -, integrating the file with the directory service
/etc/passwd
"The command grep login /var/log/* _____"
searches the /var/log/ directory for usages of the word ""login""