Escolar Documentos
Profissional Documentos
Cultura Documentos
Linux Security
1. What type of access control model is Linux based on?
Ans: Some possible answers: files, directories, named pipes, special files, symbolic
links, hard links, device files.
Ans: The sticky bit limits users' ability to delete things in a directory by only allowing
an object’s user-owner or its parent directory’s user-owner to delete that object,
regardless of the directory or object’s group ownerships.
Ans: A file with setuid on/set will, if executed, run with the privileges of its userowner.
Setuid has no effect on directories.
Ans: A file with setguid on/set will, if executed, run with the privileges of its groupowner.
If a directory’s setguid bit is enabled, each object created in that directory
will have the same group-owner as the directory, regardless of who creates the
object..
Ans: Either a set of standard system utilities (ls, ps, top, lsof, etc.) that behave
normally except for deliberately omitting information about an attacker’s files
and processes; or a loadable kernel module (or modules) that intercept the results
of system calls and purges them of information about an attacker’s files and
processes (making the attacker’s files and processes are hidden to all local
applications). They are hard to detect because either type of rootkit hides itself in
addition to the attacker’s other files and processes.
Network Security tutorial CT037-3-2
Ans: Linux antivirus servers most typically provide services to non-Linux clients.
10. What is dangerous about a process running as root? Your answer should describe more
than one threat scenario.