lab 9 - Please help me answer these questions in great deatail for a cumpter sci

Question

lab 9 - Please help me answer these questions in great deatail for a cumpter science/cyber secuirty class

3.What is the primary place to store log files on a local Linux system and what are recommended procedures for that location?

4.Explain each of the options or switches used in the following command: tar zxvf fwbsl.tar.gz etc/mail/sendmail.mc -C / etc/mail

5.What are the steps to recover a deleted file from the pseudo file system /proc?

6.Why is encrypting an already compressed file necessary?

7.If the recovery time objective (RTO) were unacceptable to your organization’s business continuity plan, what could you do to ensure that you achieve the desired RTO for data file, applications, or systems?

8.Why is performing messaging, such as e-mails, in an encrypted fashion recommended as part of a secure communications strategy? Explain.

9.Why is remote logging to a central server considered a best practice?

10.How would you check to see that a recurring cron job was scheduled to run?

11.What change would you make to the rsyslog.conf file to send logging information from your Linux system to a remote logging server at 172.130.1.254?

12.Explain what hashing is and how this differs from encryption.

13.What could be an issue when restoring a tar that was saved onto the local drive under /home/student?

14.Why is it best practice to encrypt backups?

15.Specify a security implication of the syslog service on a system.

16.Why is the Tripwire application considered a file integrity checker?

17.Could rkhunter be considered a file integrity checker? Why or why not?

Explanation / Answer

I have answered almost based on my knowledge.

3) /var/log directory and it is usually helpful to mount this separately.

4)z- used to filter the archive through gzip
x- extract files from archive
v- verboselity
f- following is the archive file name
w- interactive, confirmation
b- block size
s- list of names to extract is sorted

5)It is possible to recover by locating the deleted file’s PID and changing to the /proc/<PID>/fd.

6)The main reason of encrypting is to ensure that the file is secure, and adds an additional password by using public key technology wichh can't be decrypted.

7)If the RTO is not met the organization terms and conditions then adjust the plan and test it again. Keep work with the person who wrote the BCP recovery plan.

8)when the data is sent over the internet there is no chance to unauthorized users to read the data.

9) In case if the server is hacked, logs in the server can still be trusted because they are also logged on the remote server. By maintaining remote logging helps to provide central location to audit log files.

10)By using the command su –c ‘crontab –l’.

11)By editing the /etc/rsyslog.conf file by adding line *.*10.10.10.4:514. On the remote server also, edit the /etc/rsyslog.conf file by adding the lines $ModLoad imudp.so and $UDPServerRun 514.

12)Hashing is the process of taking a message and creating a new message in such a way that it cannot be reversed. There is no need any key to unlock it.

Encryption is the process of transforming original information using an public key encryption algorithm to make it unreadable to unauthorized one.

13)The main issue is encryption.Hence it is not being able to access.

14)With encrypt backups,only authorized users can access the backup

16)Because it compares the state of stable

Related Questions

Navigate

• Browse (All)
• Browse L
• Subjects

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.