What does Security-enhanced Linux give me that standard linux can't?
The Security-enhanced Linux kernel enforces mandatory access control policies that confine user programs and system servers to the minimum amount of privilege they require to do their jobs. When confined in this way, the ability of these user programs and system daemons to cause harm when compromised (via buffer overflows or misconfigurations, for example) is reduced or eliminated. This confinement mechanism operates independently of the traditional Linux access control mechanisms. It has no concept of a “root” super-user, and does not share the well-known shortcomings of the traditional Linux security mechanisms (such as a dependence on setuid/setgid binaries).The security of an unmodified Linux system depends on the correctness of the kernel, all the privileged applications, and each of their configurations. A problem in any one of these areas may allow the compromise of the entire system. In contrast, the security of a modified system based on the Security-enhanced Linux kernel depends primarily on the correctness of the kernel and its security policy configuration. While problems with the correctness or configuration of applications may allow the limited compromise of individual user programs and system daemons, they do not pose a threat to the security of other user programs and system daemons or to the security of the system as a whole.
What is SELINUX ?
SELinux
Security-enhanced Linux is a research prototype of the Linux® kernel and a number of utilities with enhanced security functionality designed simply to demonstrate the value of mandatory access controls to the Linux community and how such controls could be added to Linux. The Security-enhanced Linux kernel contains new architectural components originally developed to improve the security of the Flask operating system. These architectural components provide general support for the enforcement of many kinds of mandatory access control policies, including those based on the concepts of Type Enforcement®, Role-based Access Control, and Multi-level Security.
What is the most graceful way to get to run level single user mode?
The most graceful way is to use the command init s.
If you want to shut everything down before going to single user mode then do init 0 first and from the ok prompt do a boot -s.
Write a command to find all of the files which have been accessed with in the last 10 days ?
The following command will find all of the files which have been accessed within the last 10 days
find / -type f -atime -10 > December.files
This command will find all the files under root, which is ‘/’, with file type is file. ‘-atime -30′ will give all the files accessed less than 10 days ago. And the output will put into a file call Monthname.files.
What is the main advantage of creating links to a file instead of copies of the file?
The main advantage is not really that it saves disk space (though it does that too) but, rather, that a change of permissions on the file is applied to all the link access points. The link will show permissions of lrwxrwxrwx but that is for the link itself and not the access to the file to which the link points. Thus if you want to change the permissions for a command, such as su, you only have to do it on the original. With copies you have to find all of the copies and change permission on each of the copies.
What is LILO ?
LILO stands for Linux boot loader. It will load the MBR, master boot record, into the memory, and tell the system which partition and hard drive to boot from.
What is CVS ?
CVS is Concurrent Version System. It is the front end to the RCS revision control system which extends the notion of revision control from a collection of files in a single directory to a hierarchical collection of directories consisting of revision controlled files. These directories and files can be combined together to form a software release.
There are some useful commands that are being used very often. They are
cvs checkout
cvs update
cvs add
cvs remove
cvs commit
- How do you list the files in an UNIX directory while also showing hidden files? ls -ltra
- How do you execute a UNIX command in the background? Use the “&”.
- What UNIX command will control the default file permissions when files are created? umask
- Explain the read, write, and execute permissions on a UNIX directory. Read allows you to see and list the directory contents. Write allows you to create, edit and delete files and subdirectories in the directory. Execute gives you the permissions to run programs or shells from the directory.
- What is the difference between a soft link and a hard link? A symbolic (soft) linked file and the targeted file can be located on the same or different file system while for a hard link they must be located on the same file system.
- Give the command to display space usage on the UNIX file system. df -lk
- Explain iostat, vmstat and netstat. iostat reports on terminal, disk and tape I/O activity. vmstat reports on virtual memory statistics for processes, disk, tape and CPU activity. netstat reports on the contents of network data structures.
- How would you change all occurrences of a value using VI? %s/(old value)/(new value)/g
- Give two UNIX kernel parameters that effect an Oracle install. SHMMAX & SHMMNI
- Briefly, how do you install Oracle software on UNIX? Basically, set up disks, kernel parameters, and run orainst.