Unit 4 - Practice Quiz

The lscpu command gathers CPU architecture information from sysfs and /proc/cpuinfo and displays it in a human-readable format. lsusb lists USB devices, lspci lists PCI devices, and free shows memory usage.

The ps (process status) command is the standard tool for listing currently running processes and their PIDs (Process IDs).

The kill command sends a specified signal to a process. By default, it sends the SIGTERM signal, which requests the process to terminate gracefully.

The free command displays the amount of free and used physical and swap memory in the system, as well as the buffers and cache used by the kernel.

The uname command prints system information. The -r flag specifically prints the kernel release version. lsmod shows loaded modules, and dmesg shows kernel ring buffer messages.

systemctl is the primary tool for controlling the systemd init system. The start action is used to start a service immediately. While older commands might still work via compatibility links, systemctl is the correct modern command.

The systemctl enable <service> command creates the necessary symbolic links to ensure the service is started at boot time. start only starts it for the current session.

NTP is a networking protocol designed to synchronize the clocks of computers over a network to a common time reference, which is crucial for logging, security, and many distributed applications.

localectl is a utility that allows administrators to control system-wide localization settings, including the system locale, virtual console keymap, and X11 layout.

An IP (Internet Protocol) address is a numerical label assigned to each device connected to a computer network that uses the Internet Protocol for communication. It serves as a unique identifier and location address for that device.

DNS acts as the "phonebook of the Internet," translating domain names, which are easy for humans to remember, into the numerical IP addresses necessary for computers to locate each other.

The ip command from the iproute2 suite is the modern standard for network configuration in Linux. ip addr show (or its shortcut ip a) specifically displays information about network interfaces and their assigned addresses. ifconfig is a legacy command.

The lspci command is a utility for displaying information about PCI buses in the system and all devices connected to them. lsusb is for USB devices, lscpu for CPU, and lsblk for block devices.

Swap space is a portion of a hard disk that is used as an extension of the system's physical memory (RAM). When RAM becomes full, inactive pages of memory are moved to the swap space to free up RAM for active processes.

ping sends ICMP (Internet Control Message Protocol) "echo request" packets to the target host and waits for an "echo reply". It's the fundamental tool for checking if a remote system is online and responsive.

SSH provides a secure, encrypted channel over an unsecured network, making it the standard for remote command-line login and administration. Telnet is insecure as it transmits data in plain text.

The traceroute command is a network diagnostic tool used to display the route and measure transit delays of packets across an Internet Protocol (IP) network.

Loadable kernel modules (LKMs) allow a Linux system to add support for new hardware or filesystems, or to add other functionality, without needing to recompile the entire kernel. They provide flexibility and a smaller base kernel.

A locale is a set of parameters that defines the user's language, country, and any special variant preferences that the user wants to see in their user interface, such as collation, date/time format, and character encoding.

cron is a time-based job scheduler. Administrators use it to automate system maintenance, run backups, or execute any script or command at a recurring interval defined in a crontab file.

lspci -v provides verbose output for all PCI devices. By adding -s followed by the device's bus ID (e.g., 03:00.0, which can be found with a simple lspci), you can filter the output for a specific device. The verbose output includes details like the kernel driver in use and device capabilities, which is exactly what the administrator needs. lscpu shows CPU info, lsusb is for USB devices, and dmidecode queries BIOS/DMI tables.

The renice command is used to alter the scheduling priority of one or more running processes. A higher nice value corresponds to a lower priority. The range for nice values is from -20 (highest priority) to 19 (lowest priority). renice 19 12345 sets the priority of the process with PID 12345 to the lowest possible value, making it yield CPU time to more important processes. nice is used to start a new process with a specific priority, not change an existing one. renice -19 would increase its priority, and kill -9 would terminate it forcefully.

When a user logs out, the shell sends a SIGHUP (hangup) signal to all its child processes, which typically causes them to terminate. The disown command removes a job from the shell's active job table. Using disown -h %1 (where %1 is the job ID) specifically marks the job so that it will not receive the SIGHUP signal, allowing it to continue running even after the terminal session is closed. An alternative is to start the process with nohup initially.

The /proc/sys/vm/swappiness parameter controls how aggressively the kernel swaps memory pages. The value ranges from 0 to 100. A low value (e.g., 10) tells the kernel to avoid swapping as much as possible, only doing so to avoid out-of-memory conditions. A high value (e.g., 90) tells the kernel to swap aggressively. To favor keeping data in RAM, the administrator should decrease this value. The change can be made permanent using sysctl.

The command ps aux lists all running processes. The --sort=-%mem option sorts this list in descending order based on the percentage of memory usage (%MEM column). Piping this to head -n 6 will display the header line plus the top 5 memory-consuming processes. top -o %CPU sorts by CPU usage, free shows overall memory usage not per-process, and vmstat provides summary statistics about virtual memory.

Whenever a systemd unit file on disk is created or modified, systemd needs to be told to rescan its configuration. The systemctl daemon-reload command reloads the systemd manager configuration, causing it to read all unit files again. Without this step, systemd will continue to use the old, cached version of the unit file, and restarting the service will not apply the new settings.

network.target only indicates that the network management stack is up, not that there is a configured network connection. network-online.target is a special target that indicates the system has achieved network connectivity. Using Requires=network-online.target creates a strong dependency, meaning critical-app.service will fail if the network doesn't come online. After=network-online.target ensures that the service is started only after the network is confirmed to be up.

The modprobe configuration directory, /etc/modprobe.d/, is the standard place to control kernel module behavior. Creating a configuration file (e.g., /etc/modprobe.d/blacklist.conf) and adding the line blacklist buggy_driver will instruct the system not to load that module automatically. This is the correct and persistent way to prevent a module from loading. Deleting the file is a bad practice as it will be restored on kernel updates, and rmmod is not persistent.

The ip addr add command is used to add a new address to a network interface. Unlike ip addr replace or configuring the interface from scratch, add will not remove or alter any existing IP addresses on the interface. This allows for the assignment of multiple IP addresses (IP aliasing) to a single physical interface. The ifconfig command is deprecated, and the nmcli command shown would replace all existing addresses with the new one.

The problem description indicates that the service is running correctly and listening locally (curl to 127.0.0.1 works). This rules out issues with the service itself. Since external connections are failing, it points to a connectivity issue between the outside world and the server process. A very common cause for this is a host-based firewall (like firewalld or iptables) that has not been configured to allow incoming traffic on the required port (443 for HTTPS). Using firewall-cmd or iptables is the direct way to check the active firewall rules.

The most effective way to prevent brute-force password attacks is to disable password-based authentication entirely. By setting PasswordAuthentication no and ensuring PubkeyAuthentication yes, the server will only accept logins via cryptographic key pairs. This method is vastly more secure than passwords, as cracking a private key is computationally infeasible. Changing the port or limiting users helps, but disabling passwords addresses the root vulnerability of brute-force attacks.

The netmask 255.255.255.240 is equivalent to a /28 CIDR prefix. This means the last 4 bits are for host addresses, and the network increments in blocks of . To find the network address, we find the multiple of 16 that is less than or equal to the host address (50). The multiples are 0, 16, 32, 48, 64... So, the network address is 172.16.100.48. The next network starts at 172.16.100.64, so the broadcast address for the .48 network is one less, which is 172.16.100.63.

The crontab format uses five time-and-date fields, followed by the command to be run. The order is: Minute (0-59), Hour (0-23), Day of Month (1-31), Month (1-12), Day of Week (0-7, where both 0 and 7 are Sunday). To run a job at 11:30 PM, the minute must be 30 and the hour must be 23. The asterisks * in the other fields mean 'every', so 30 23 * * * translates to 'at minute 30 past hour 23 on every day-of-month, every month, and every day-of-week'.

On modern systemd-based systems, timedatectl is the standard utility for managing time and date settings. The command timedatectl set-timezone Europe/London correctly sets the system's timezone. This command automatically updates the /etc/localtime symlink and handles all necessary configurations. While creating the symlink manually or using dpkg-reconfigure tzdata (on Debian-based systems) can also work, timedatectl is the universal and recommended method on systems that use systemd.

The traceroute (or tracepath) command is specifically designed to trace the network path (the sequence of routers) that packets take to reach a destination. It works by sending packets with increasing TTL (Time to Live) values. Each router along the path decrements the TTL and sends back an ICMP 'Time Exceeded' message, allowing traceroute to identify each hop. If the trace stops at a certain router, it indicates that the problem lies at or beyond that point, making it an essential tool for diagnosing routing issues.

Editing the GRUB entry at boot time is the standard way to add a kernel parameter for a single boot session. Pressing 'e' in the GRUB menu allows the user to edit the boot commands. The parameter should be added to the line that starts with linux or linuxefi. This change is temporary and will be discarded on the next reboot. Editing /etc/default/grub and running update-grub would make the change permanent, which is not the desired outcome for temporary troubleshooting.

The lshw (list hardware) command is a powerful utility that extracts detailed information about the hardware configuration of the machine. The -short option provides a concise, summary-style output that is easy to read and gives a quick overview of all major hardware components. While dmidecode is excellent for BIOS/DMI information, lshw provides a broader summary of all detected hardware in a more consolidated format. cat /proc/cpuinfo is specific to the CPU, and inxi is a great tool but not always installed by default.

IP forwarding is a kernel-level setting that allows the Linux kernel to forward packets from one network interface to another. This feature is controlled by the /proc/sys/net/ipv4/ip_forward file. Writing a 1 to this file enables forwarding immediately, but the change will be lost on reboot. To make the change permanent, one would add net.ipv4.ip_forward = 1 to /etc/sysctl.conf and run sysctl -p. The iptables command is necessary for firewall rules but does not enable the forwarding capability itself.

The sshd_config file provides the AllowGroups directive to restrict SSH access to users who are members of specific groups. By adding the line AllowGroups wheel, the SSH daemon will reject login attempts from any user who is not a member of the wheel group. This is a common security practice to limit administrative access to a predefined set of trusted users.

On systems using chrony (the default on many modern distributions), the chronyc utility is used to interact with the chronyd daemon. The makestep command tells chronyd to immediately step the system clock, correcting any time offset at once, rather than gradually slewing it. The ntpdate command is deprecated and conflicts with running NTP daemons. timedatectl set-ntp true only enables or disables the NTP client service, it does not force an immediate sync.

A zombie (or defunct) process is one that has completed execution but still has an entry in the process table. It exists only so its parent can read its exit status. The process itself is already dead and cannot be killed. The only way to remove the entry from the process table is for its parent process to reap it using the wait() or waitpid() system call. If the parent is not programmed to do this or is stuck, you must terminate the parent process. When the parent is killed, the zombie process is inherited by the init process (PID 1), which periodically calls wait() and will clean up the orphan zombie.

si (swap in) and so (swap out) indicate the amount of memory being swapped to and from disk. Consistently high values are a classic sign of memory thrashing, where the system is constantly moving pages between RAM and swap, leading to poor performance. While the page cache ('buff/cache') is beneficial, for a database server, keeping the application's active memory (anonymous pages) in RAM is more critical. The vm.swappiness parameter (0-100) controls the kernel's tendency to swap. A high value favors swapping anonymous pages to free RAM for page cache. A low value (e.g., 10) makes the kernel much less likely to swap out application memory, preferring to shrink the page cache instead. This is the correct tuning action for this scenario.

The "Required key not available" error is a specific message indicating that the kernel is enforcing module signature verification, which is a security feature typically enabled in conjunction with UEFI Secure Boot. When this is active, the kernel will refuse to load any module that is not signed with a key that is part of the kernel's trusted keyring. A custom-compiled module would not have this signature unless the administrator specifically signed it and enrolled the corresponding key. A version mismatch or a missing dependency would produce different, more direct error messages.

Requires= defines a strong, mandatory dependency. If service-b.service fails to activate, systemd will not start service-a.service. Furthermore, if service-b.service stops or fails while service-a.service is running, service-a.service will also be stopped. In contrast, Wants= defines a weaker, optional dependency. If service-b.service fails to start, systemd will still proceed to start service-c.service. The dependency is not considered critical for the operation of service-c.

In mtr output, packet loss should be interpreted based on where it begins and if it persists. Hop 8 shows 0% loss. Hop 9 shows 80% loss, and that same level of loss continues to the final destination (hop 11). This pattern strongly indicates that the packet loss is real and is being introduced at hop 9 (edge-router.isp.net) or the link leading to it. The ??? at hop 10 is likely a router configured not to respond to ICMP/UDP probes and can often be ignored if subsequent hops respond. If the loss were only due to ICMP rate-limiting, the final hop would likely show 0% loss. Loss on the return path would typically manifest differently, often with less clear patterns.

dmidecode is a tool that reads data from the Desktop Management Interface (DMI), also known as SMBIOS. The command dmidecode -t memory (or -t 17 for memory device and -t 16 for physical memory array) queries this data to show detailed information about the memory subsystem. This includes the 'Maximum Capacity' supported by the motherboard and a list of each physical memory device slot, indicating whether it is populated and what its size is. lshw can provide similar info but dmidecode is often more direct and detailed for this specific query. /proc/meminfo and free only report on the currently installed and recognized RAM, not the motherboard's maximum capacity or physical slot count.

This is the correct configuration. The Match User sftp_user Address 10.20.30.0/24 block correctly targets the specific user from the specific subnet. ChrootDirectory jails the user to the specified path (%u is a token for the username). ForceCommand internal-sftp is crucial; it forces the execution of the in-process SFTP server and prevents shell access. AllowTcpForwarding no and X11Forwarding no are important security hardening steps for a restricted account. The other options are incorrect: one applies to all connections from the user, another uses incorrect directives (JailDirectory), and one doesn't properly restrict the user to SFTP.

This requires policy-based routing using ip rule and custom routing tables. The correct procedure is: 1. Define a new routing table (e.g., table 100 named custom_table) in /etc/iproute2/rt_tables for clarity. 2. Add a route to that new table, in this case, a default route for that table via the desired gateway (ip route add ... table custom_table). 3. Create a rule that directs the kernel to use this new table for traffic matching a specific selector (ip rule add from 192.168.10.50 ...). The other options are incorrect: a simple host route doesn't use a separate table, iptables is for NAT/firewalling not routing policy, and the last option has an incorrect rule and route definition.

The nice command is used to run a program with a modified scheduling priority. The niceness value ranges from -20 (highest priority, least nice) to 19 (lowest priority, most nice). A standard user can only increase the niceness value (make their processes 'nicer'), while the root user can set any value. To give the process the lowest possible priority, you must set the niceness value to the maximum of 19. nice -n 19 does this. -n -20 would attempt to give it the highest priority (and would likely fail for a non-root user). renice modifies the priority of an already running process. --adjustment=-19 is not a valid syntax for the standard nice command.

The cron access control is determined by two files: /etc/cron.allow and /etc/cron.deny. The logic is as follows: 1. If /etc/cron.allow exists, a user MUST be listed in it to use cron. All other users are denied. 2. If /etc/cron.allow does NOT exist, but /etc/cron.deny does, then any user listed in /etc/cron.deny is denied access. All others are allowed. Given the user is not in cron.deny, the most likely reason for being denied access is the existence of a cron.allow file that does not contain their username. The default cron PATH almost always includes /usr/bin, and /sbin/nologin affects interactive shells, not typically cron job execution.

While blacklist nouveau is a common method, it is not foolproof. A module that explicitly depends on nouveau can sometimes still cause it to be loaded. The most definitive method is using the install directive in a modprobe.d configuration file. The line install nouveau /bin/true instructs modprobe that whenever it is asked to load the nouveau module, it should run the command /bin/true instead. Since /bin/true does nothing and exits successfully, the kernel is satisfied, the dependency is considered met, but the actual nouveau module is never loaded. rmmod is temporary, options only changes parameters, and deleting the file is a bad practice that will be undone by a kernel update.

The modern and correct systemd way to override specific directives of a unit file is to use a "drop-in" configuration file. By creating a directory named after the service (vendor.service.d) inside /etc/systemd/system/ and placing a .conf file within it, you can specify only the directives you want to change or add. This drop-in file is merged with the original unit file at runtime. This method is robust against package updates, which would overwrite any direct edits to /usr/lib/systemd/system/vendor.service. Creating a full override file in /etc/systemd/system/ is also possible but less ideal, as you would have to maintain a full copy of the unit.

In the TCP three-way handshake: 1. The client sends a SYN packet with its initial sequence number (ISN), let's call it client_isn (1000 in this case). 2. The server responds with a SYN-ACK packet. The Acknowledgment number is the client's sequence number plus one (client_isn + 1, so 1001), indicating it has received up to byte 1000. The server also sends its own initial sequence number, which is chosen randomly for security reasons, let's call it server_isn. 3. The client completes the handshake by sending an ACK packet with its acknowledgment number set to server_isn + 1. Therefore, the server's response has a random sequence number and an acknowledgment number of 1001.

A high number of sockets in the TIME_WAIT state is common on busy web servers that handle many short-lived HTTPS connections. This state is a normal part of the TCP connection termination process, designed to ensure any stray, delayed packets from the old connection are properly handled. However, an excessive number of TIME_WAIT sockets can exhaust the available source ports for new connections. The kernel parameter net.ipv4.tcp_tw_reuse (when enabled by setting to 1) allows the kernel to reuse sockets in the TIME_WAIT state for new outgoing connections if it can be done safely, which is an effective mitigation for this specific problem. tcp_fin_timeout controls a different state (FIN_WAIT_2), and tcp_syncookies and somaxconn are related to connection initiation, not termination.

The correct nmcli syntax involves managing connections (conn), not just devices. The process is three-fold: 1. Create a new connection of type bond for the master interface (bond0), specifying its connection name, interface name, and bonding mode. 2. Create a new connection of type bond-slave for the first slave interface (eth1), specifying its interface name and linking it to the master bond0. 3. Repeat the process for the second slave interface (eth2). The other options use incorrect nmcli subcommands (device add, bond add) or connection types (ethernet instead of bond-slave).

The LC_* environment variables have a strict order of precedence. LC_ALL is the ultimate override; if it is set, it overrides all other LC_* variables and LANG. However, the prompt implies the user logged in successfully, making it more likely the system-wide LC_ALL=C was not applied to their interactive session, or was overridden later. In a standard shell startup sequence, ~/.bash_profile is sourced. Therefore, the precedence is:

1. LC_ALL (if set, overrides everything)
2. Individual LC_* variables (e.g., LC_MESSAGES, LC_COLLATE for sorting)
3. LANG (serves as a default for any unset LC_* variables)

In this scenario, LC_ALL=C forces everything, including sorting (LC_COLLATE), to the basic C locale. However, the user's profile explicitly sets LC_MESSAGES=fr_FR.UTF-8. Individual LC_* variables override LC_ALL if set after it. Assuming the user's profile is sourced last, LC_MESSAGES will be French. Since LC_COLLATE is not set by the user, it falls back to the LC_ALL=C setting for sorting. Therefore, messages are in French, sorting is by C rules.

The HostKeyAlgorithms directive in /etc/ssh/sshd_config explicitly specifies which host key algorithms the server will offer. By setting this to a comma-separated list, you restrict the server to only those algorithms. Clients that do not support any of the offered algorithms will fail to connect. Ciphers controls the symmetric encryption algorithms. KexAlgorithms controls the key exchange methods. PubkeyAcceptedKeyTypes (or PubkeyAcceptedAlgorithms in newer OpenSSH) controls the types of user keys accepted for public key authentication, not the server's host key.

ss is the modern and more efficient replacement for netstat. The options -4 explicitly filters for IPv4 sockets. -l filters for listening sockets. -t filters for TCP sockets. -n prevents name resolution (faster). -p shows the process using the socket. Finally, the filter expression 'sport = :8443' is the most precise way to filter for the specific source port, avoiding false positives if '8443' appeared in the PID or address. netstat is considered legacy. lsof is powerful but often slower than ss for pure network socket queries. The ss command without -4 would show both IPv4 and IPv6.

This configuration correctly addresses all requirements. server 192.168.100.1 iburst tells chronyd to sync with the master time server and to send a burst of packets on startup for faster initial synchronization. allow 192.168.0.0/16 configures this machine as an NTP server, allowing clients from the specified subnet to connect to it. The key directive is local stratum 10. This allows chronyd to act as a source for other clients even when it is not synchronized to a better time source itself. It will advertise with a high stratum number (10), indicating its time is less reliable, which prevents time loops but allows the isolated network to maintain a consistent (if not perfectly accurate) time.

vm.min_free_kbytes sets a minimum amount of memory that the kernel attempts to keep free. When the amount of free memory drops below this value, the kernel's kswapd0 process wakes up and starts reclaiming pages (either by writing dirty pages to disk or swapping out inactive pages) until the free memory is above the threshold again. Setting this value higher (with caution) forces the kernel to start reclaiming memory earlier and more aggressively, which can reduce the latency of future memory allocation requests because free pages are more readily available. vm.dirty_background_ratio relates to writing file-backed pages, vm.overcommit_memory relates to allocation policy, and vm.swappiness controls the balance between swapping anonymous pages and dropping page cache.