RHEL5/6 Interview Questions : System Security
1. All services in Red Hat can use TCP Wrappers. True or False?
1a. False. A service needs to have support for TCP Wrappers to be able to use it.
2. The firewall service is disabled by default. True or False?
2a. False. The firewall service is enabled by default.
3. When Red Hat Enterprise Linux 6 is installed, SELinux is set to enforcing by default. True or False?
3a. True. For Red Hat Enterprise Linux 6, SELinux comes set up in enforcing mode. When installing Red Hat Enterprise Linux 5, you have the option to
choose which mode you’d like it to operate in.
4. What does the following firewall rule accomplish: iptables -I INPUT 5 -p tcp -m tcp –dport 80 -j ACCEPT?
4a. The firewall rule is inserted into the fifth line of the iptables rules and opens up TCP port 80 (for the HTTP service) on the firewall to allow incoming connections.
5. What is the last rule in the iptables file?
5a. The last rule is always an implicit deny statement rejecting anything that wasn’t matched by previous rules.
6. What is PAM used for?
6a. PAM is used as a modular way to leverage security. In this post, the main function we discussed was for managing password policies and complexity.
7. What is NAT? How is it used?
7a. Network address translation (NAT) maintains a table that allows the use of multiple internal IP addresses to a multiple public IP address (called address translation). It can also be used for one-to-one or one-to-many relationships as well.
8. iptables –I RH-Firewall-1-INPUT –p tcp –m tcp -–dport 22 –j ACCEPT. Is this valid rule under RHEL6? True or False?
8a. False. The INPUT chain being used is the default under Red Hat Enterprise Linux 5. This rule generates errors under Red Hat Enterprise Linux 6.