LPI Updated 102-500 Exam Questions and Answers by harlen

The /etc/hosts.allow file contains a set of rules that specify which services and hosts are allowed to connect to the server by going through a TCP Wrapper program such as tcpd. TCP Wrappers are a security mechanism that can filter incoming requests based on the source address, destination address, and service name. TCP Wrappers can also perform logging, redirection, and execution of commands based on the rules.

The /etc/hosts.allow file has the following format:

service_list : host_list [ : option_list ]

The service_list is a comma-separated list of service names, such as sshd, telnet, or ftp. The host_list is a comma-separated list of host names, IP addresses, or network masks that are allowed to access the services. The option_list is an optional list of keywords that can modify the behavior of the rule, such as twist, spawn, deny, or allow.

For example, the following rule in /etc/hosts.allow allows ssh access from any host in the 192.168.1.0/24 network, and logs the connection attempt:

sshd : 192.168.1.0/255.255.255.0 : spawn /bin/echo %a from %h attempted to access %d >> /var/log/sshd.log

The /etc/hosts.allow file is processed before the /etc/hosts.deny file, which contains the rules for denying access to the server. If a request matches a rule in /etc/hosts.allow, it is granted access and the processing stops. If it does not match any rule in /etc/hosts.allow, it is checked against the rules in /etc/hosts.deny. If it matches a rule in /etc/hosts.deny, it is denied access and the processing stops. If it does not match any rule in either file, it is granted access by default.

References:

LPI 102-500 Exam Objectives, Topic 110.3: Implement host security

LPI 102-500 Study Guide, Chapter 10: Securing Your System, Section 10.3: TCP Wrappers

hosts.allow man page

 The top-level directory which contains the configuration files for CUPS is /etc/cups. CUPS stands for Common UNIX Printing System, which is the printer and print job manager for Linux. The /etc/cups directory contains several configuration files related to CUPS, such as cupsd.conf, which is the main configuration file for the cupsd print server daemon, and printers.conf, which contains the definition of the printers. The /etc/cups directory is part of the topic 108.4: Manage printers and printing, which is one of the objectives of the LPI Linux Administrator - 102 exam12. References: 1: LPI Linux Administrator - 102 (LPIC-1) 2: Exam 102 Objectives

 systemd-journald is a system service that collects and stores logging data from various sources, such as kernel, user-mode programs, and services1. It creates and maintains structured, indexed journals that include metadata and binary data where necessary1. The journal format is secure and unfakeable1. systemd-journald is not incompatible with syslog and can coexist with it. It can forward log messages to a syslog daemon for further processing, filtering, or storage2. This can be enabled by setting the ForwardToSyslog option to yes in the /etc/systemd/journald.conf file2. systemd-journald does not only process messages of systemd, but also messages of any other tools that use the standard logging interfaces, such as syslog(3), sd_journal_print(3), or systemd-cat(1)1. systemd-journald also supports syslog facilities, such as kern, user, and auth, which are used to specify the type of program that is logging the message3. These facilities can be used to filter the journal entries by using the -p or --priority option of the journalctl command4. For example, to show only kernel messages, we can use journalctl -p kern4. References:

systemd-journald.service

Introduction to the Systemd journal

systemd/Journal

journalctl: Query the systemd Journal