The command useradd _____
creates a new user account.
The command _____ changes a file's owner or group.
chown
The command _____ changes a user's password.
passwd
Default shell files should have default value of _____ set, for example to 077
umask
Debian's password encryption algorithm is set by Pluggable Authentication Modules (PAM) in the _____ file
/etc/pam.d/common-passwd
Encrypted Linux passwords all have the same _____, even if the unencrypted passwords do not
length
the chmod _____ permission means READ permission for owner, group and public
0444
The command _____ modifies a group
groupmod
The command _____ modifies a user account.
usermod
gVisor is a _____ that can sandbox syscalls in userspace via restricted seccomp filters
kernel security module
The /etc/passwd file stores _____
users and data about them
The _____ file contains group definitions.
/etc/group
the chmod 0111 permission means EXECUTE permission for _____
owner, group and public
Login names can never contain colons or newlines - these characters are used as field and entry separators in the _____ file respectively
/etc/passwd
Each line of the /etc/shadow password file represents a user. The user's fields are separated by colons: username:password:Last password change:Minimum days required between password changes:_____:password expiration warning duration:password expiration ban deadline:{{c10::account expiration date}}
Maximum days between password changes
_____ filters decide which syscalls are allowed inside in a system. This prevents signals from being arbitrarily ran by an attacker, or being used to break out of a Linux namespace via unshare
seccomp
The root, system, or wheel group always has GID of _____
0
AppArmor profiles in complain mode _____
report violations
Each line in the /etc/passwd file represents a user. A line's colon-separated fields represent: _____:password:UID:Default GID:comments:home:shell
username
AppArmor profiles in _____ mode block access to disallowed resources
enforcing
Each line of the /etc/shadow password file represents a user. The user's fields are separated by colons: _____:password:Last password change:Minimum days required between password changes:Maximum days between password changes:password expiration warning duration:password expiration ban deadline:{{c10::account expiration date}}
username
The command _____ sets a password for a user
passwd [username]
The command _____ reconciles the contents of the /etc/shadow and /etc/passwd files
pwconv
root user's UID always equals _____
0
the chmod 0444 permission means _____ permission for owner, group and public
READ
The command _____ sets a group's password, allowing users to enter it
gpasswd
RHEL's password encryption algorithm is set in the /etc/login.defs file, or through the _____ command
authconfig
The command _____ can change a user’s configuration through editing the /etc/passwd file
vipw
Each line of the /etc/shadow password file represents a user. The user's fields are separated by colons: username:password:Last password change:Minimum days required between password changes:Maximum days between password changes:password expiration warning duration:_____:{{c10::account expiration date}}
password expiration ban deadline
seccomp filters decide which _____ are allowed inside in a system. This prevents signals from being arbitrarily ran by an attacker, or being used to break out of a Linux namespace via unshare
syscalls
Debian's password encryption algorithm is set by _____ in the /etc/pam.d/common-passwd file
Pluggable Authentication Modules (PAM)
the chmod 0111 permission means _____ permission for owner, group and public
EXECUTE
The command userdel _____
deletes a user account.
Each line of the /etc/shadow password file represents a user. The user's fields are separated by colons: username:password:_____:Minimum days required between password changes:Maximum days between password changes:password expiration warning duration:password expiration ban deadline:{{c10::account expiration date}}
Last password change
Each line in the /etc/passwd file represents a user. A line's colon-separated fields represent: username:password:UID:Default GID:comments:home:_____
shell
Each line in the /etc/passwd file represents a user. A line's colon-separated fields represent: username:password:UID:Default GID:comments:_____:shell
home
Pseudo-users have a _____, and therefore cannot be logged into. They are commonly defined as owners of commands and configuration files
fake login shell
_____ is a kernel security module that confines programs to a limited set of resources, reducing an application's attack surface
AppArmor
The /etc/shadow password file is readable only by _____
the superuser
"The command _____ searches the /var/log/ directory for usages of the word ""login"""
grep login /var/log/*
Each line of the /etc/shadow password file represents a user. The user's fields are separated by colons: username:password:Last password change:Minimum days required between password changes:Maximum days between password changes:_____:password expiration ban deadline:{{c10::account expiration date}}
password expiration warning duration
sh reads _____ before reading ~/.profile and ~/.bash_profile
/etc/profile
the chmod 0222 permission means _____ permission for owner, group and public
WRITE
Never manually edit /etc/passwd, /etc/group or /etc/shadow. Use the commands useradd, adduser, usermod, _____, vipw, vipw -s and chsh instead
pw
Are login names case-sensitive? _____
Yes
The command _____ deletes a user account.
userdel
Human user UIDs should equal to _____
1000 or higher
A user's group memberships equals the union of those defined for the user in /etc/passwd and _____
/etc/group
gVisor is a kernel security module that can _____ syscalls in userspace via restricted seccomp filters
sandbox
AppArmor profiles configure access to capabilities, network access, file permissions, either in _____ or complain mode
enforcing
The _____ file stores users and data about them
/etc/passwd
Never manually edit /etc/passwd, /etc/group or /etc/shadow. Use the commands useradd, _____, usermod, pw, vipw, vipw -s and chsh instead
adduser
The command chown _____
changes a file's owner or group.
A Linux user is represented by its number: the _____
user ID or UID
A user's group memberships equals the union of those defined for the user in _____ and /etc/group
/etc/passwd
The command passwd _____
changes a user's password.
New files are typically owned by the user's _____ group
effective
Edit /etc/group by running _____ and /etc/gshadow by running vigr -s
vigr
Do login names have to be unique? _____
Yes
Each line in the /etc/passwd file represents a _____. A line's colon-separated fields represent: username:password:UID:Default GID:comments:home:shell
user
The command whoami displays _____
the currently logged in user
Group names should be limited to _____ characters for compatibility
8
AppArmor profiles in enforcing mode _____
block access to disallowed resources
The _____ password file is readable only by the superuser
/etc/shadow
A line in the /etc/group file represents a single group. Its fields are separated by colons: Name:Password:GID:_____
Members, separated by commas
Each line in the /etc/passwd file represents a user. A line's colon-separated fields represent: username:password:UID:_____:comments:home:shell
Default GID
The command _____ displays the groups a user belongs to
groups
Never manually edit /etc/passwd, /etc/group or /etc/shadow. Use the commands _____, adduser, usermod, pw, vipw, vipw -s and chsh instead
useradd
AppArmor profiles configure access to capabilities, network access, file permissions, either in enforcing or _____ mode
complain
Each line in the /etc/passwd file represents a user. A line's colon-separated fields represent: username:password:_____:Default GID:comments:home:shell
UID
Each line of the /etc/shadow password file represents a user. The user's fields are separated by colons: username:_____:Last password change:Minimum days required between password changes:Maximum days between password changes:password expiration warning duration:password expiration ban deadline:{{c10::account expiration date}}
password
The command usermod _____
modifies a user account.
The command id displays _____
user and group ID's
Never manually edit /etc/passwd, /etc/group or /etc/shadow. Use the commands useradd, adduser, usermod, pw, _____, vipw -s and chsh instead
vipw
the chmod _____ permission means EXECUTE permission for owner, group and public
0111
AppArmor _____ configure access to capabilities, network access, file permissions, either in enforcing or complain mode
profiles
The command _____ adds a user group
groupadd
The /etc/shadow file contains _____
encrypted passwords.
_____ profiles configure access to capabilities, network access, file permissions, either in enforcing or complain mode
AppArmor
AppArmor is a kernel security module that confines programs to _____, reducing an application's attack surface
a limited set of resources
The _____ file contains encrypted passwords.
/etc/shadow
Linux passwords are encrypted with a random _____, allowing them to have several encrypted forms, especially if several users use the same password
salt
Linux typically encrypts passwords under the _____ cryptographic function
SHA-512
Each line in the _____ file represents a user. A line's colon-separated fields represent: username:password:UID:Default GID:comments:home:shell
/etc/passwd
Edit _____ by running vigr and /etc/gshadow by running vigr -s
/etc/group
The command groupadd _____
adds a user group
The command vipw can change a user’s configuration through editing the _____ file
/etc/passwd
the chmod 0444 permission means READ permission for _____
owner, group and public
Human groups should have GID of _____
1000 or higher
The commands useradd, usermod and userdel can be configured via the files /etc/login.defs and _____
/etc/default/useradd
the chmod _____ permission means WRITE permission for owner, group and public
0222
The command _____ changes a user's login shell
chsh
The command _____ lists users who are logged in.
users
A line in the /etc/group file represents a single group. Its fields are separated by colons: _____:Password:GID:Members, separated by commas
Name
Never manually edit /etc/passwd, /etc/group or /etc/shadow. Use the commands useradd, adduser, usermod, pw, vipw, _____ and chsh instead
vipw -s
The command groups displays _____
the groups a user belongs to
A line in the /etc/group file represents a single group. Its fields are separated by colons: Name:Password:_____:Members, separated by commas
GID
Edit /etc/group by running vigr and /etc/gshadow by running _____
vigr -s
A line in the _____ file represents a single group. Its fields are separated by colons: Name:Password:GID:Members, separated by commas
/etc/group
The _____ file configures password expiration, encryption algorithms, UID ranges and GID ranges
login.defs
The command pwconv reconciles the contents of the /etc/shadow and _____ files
/etc/passwd
Each line of the _____ password file represents a user. The user's fields are separated by colons: username:password:Last password change:Minimum days required between password changes:Maximum days between password changes:password expiration warning duration:password expiration ban deadline:{{c10::account expiration date}}
/etc/shadow
The command users _____
lists users who are logged in.
_____ is a kernel security module that can sandbox syscalls in userspace via restricted seccomp filters
gVisor
The command _____ displays the currently logged in user
whoami
The commands useradd, usermod and userdel can be configured via the files _____ and /etc/default/useradd
/etc/login.defs
Each line of the /etc/shadow password file represents a user. The user's fields are separated by colons: username:password:Last password change:_____:Maximum days between password changes:password expiration warning duration:password expiration ban deadline:{{c10::account expiration date}}
Minimum days required between password changes
Each line in the /etc/passwd file represents a user. A line's colon-separated fields represent: username:password:UID:Default GID:_____:home:shell
comments
Users managed through LDAP (or other directory service) might have special entries in the /etc/passwd file beginning with _____, integrating the file with the directory service
+ or -
The /etc/group file contains _____
group definitions.
The _____ GID is used during creation of new files and directories
default
Edit /etc/group by running vigr and _____ by running vigr -s
/etc/gshadow
Grant a user sudo privileges by adding their username to the _____ file
sudoers
The _____ group always has GID of 0
root, system, or wheel
You can generate AppArmor profiles using the _____ generation tool
Bane (https://github.com/jfrazelle/bane)
Each line in the /etc/passwd file represents a user. A line's colon-separated fields represent: username:_____:UID:Default GID:comments:home:shell
password
gVisor is a kernel security module that can sandbox _____ in userspace via restricted seccomp filters
syscalls
seccomp filters decide which syscalls are allowed inside in a system. This prevents signals from being arbitrarily ran by an attacker, or being used to break out of a Linux namespace via _____
unshare
A line in the /etc/group file represents a single group. Its fields are separated by colons: Name:_____:GID:Members, separated by commas
Password
The command _____ displays user and group ID's
id
The command chage -d 0 username _____
invalidates a user’s password and forces an update
gVisor is a kernel security module that can sandbox syscalls in userspace via _____
restricted seccomp filters
The _____ directory holds sample startup files
/etc/skel
The command _____ invalidates a user’s password and forces an update
chage -d 0 username
AppArmor is a _____ that confines programs to a limited set of resources, reducing an application's attack surface
kernel security module
It is best practice that a human user should have the same consistent login name and _____ across all machines they use
UID
The command groupmod_____
modifies a group
The command groupdel _____
deletes a group
The /etc/skel directory holds _____
sample startup files
It is best practice that a human user should have the same consistent _____ and UID across all machines they use
login name
The _____ file defines groups
/etc/group
The command _____ creates a new user account.
useradd
LDAP and /etc/passwd integration can be configured in the _____ file
/etc/nsswitch.conf
The command _____ deletes a group
groupdel
RHEL's password encryption algorithm is set in the _____ file, or through the authconfig command
/etc/login.defs
gVisor is a kernel security module that can sandbox syscalls in _____ via restricted seccomp filters
userspace
Linux limits login length to _____ characters
32
Never manually edit /etc/passwd, /etc/group or /etc/shadow. Use the commands useradd, adduser, _____, pw, vipw, vipw -s and chsh instead
usermod
The command pwconv reconciles the contents of the _____ and /etc/passwd files
/etc/shadow
To manually create a new Linux user, add them into the files: _____
/etc/passwd, /etc/shadow and /etc/group
the chmod 0222 permission means WRITE permission for _____
owner, group and public
Never manually edit /etc/passwd, /etc/group or /etc/shadow. Use the commands useradd, adduser, usermod, pw, vipw, vipw -s and _____ instead
chsh
Users managed through LDAP (or other directory service) might have special entries in the _____ file beginning with + or -, integrating the file with the directory service
/etc/passwd
"The command grep login /var/log/* _____"
searches the /var/log/ directory for usages of the word ""login""