 Interview questions on cloud

 To judge hard disk speed, we see IO (input and output rate) and transfer rate
 How to roll back updates in AWS

 We use yum history info command to see packages updates

 How to see live IP

 Some services are available across region and some are only redistricted to Availability zone

 What is NFS & Samba

 How to implement NFS server
 Setting name for server

 Setting Flat DNS

I. We will add the IP address in the hosts file so that machine could navigate through IP address

 How to auto start a service while booting

 How to see that whether your port is open or not
 How to add a new repo file while the OS went EOL (end of life)
1. At first, we will make a file using touch command

2. Afterward, we will paste a running URL in the file

3. In the end we can check by using command yum repolist

 After connecting server and client machine, we will mount the directory on client’s machine

 In order to make mount persistent, we will make an entry on fstab||| file (vi /etc/fstab)

 Afterwards we will used the command of mount -a. Consequently, it will mount all file systems listed
in /etc/fstab
  Mostly problems are arising on server machines

1. On of that reason can be that NFS is set to read only

I. In order to change permission to NFS file-system, we will add comma and rw after sync in
/etc/export file

II. Afterwards we will reload the Ram

 2. Another reason can be that client doesn’t have the permission to access folders

I. We will give permission (for sake of practice we are giving full permission)
 What is FTP

 Difference between NFS & Samba and FTP

 FTP protocols
 Usually, banks use Secure File transfer protocol (SFTP) as it uses ssh

 FTP works on following ports

 Enabling VSFTP
 Command to check service details

 Command to check details

 Seeing the port open

 Default ftp pathway

 How to check whether firewall is running or not

 We use control+square bracket+quit to quit from telnet

 General guidelines/process to use/start any service

This command shows the files installed while downloading following/mentioned package

I. q flag mean query

II. l flag mean list
III. c flag will show configuration files
IV. d flag will show documentation

 How to load service directly/without service command by loading it directly on a RAM

 Types of FTP users

 Making changes in configuration file/disabling anonymous

I. We will simply change it’s tag by overwriting yes to no

II. Afterwards we will restart service by service service name (vsftpd) restart
 Background when you restarts the a service

 Mainly error while starting a service is due to an error in config file

 Connecting ftp through command line

I. We we will first install ftp service on client machine

II. Than will log in to ftp server

 In order to download any file, we will use mget +file name (files are downloaded in current
directory) and for upload we will use mput +file name.
 We use bye command to exit from the console
 Turning off Security Enhance Linux (SE Linux)

 How to apply chroot (change root) jail

I. We will open config file by vi /etc/vsftp/vsftp.conf
II. Afterwards we will comment out the chroot tag and enter “yes” to it’s value

III. Than we will reload the service. Normally we don’t use restart as it will interrupt the session with
client & customer therefore if it’s necessary to use, we mostly use in non business hours to
reflect changes.

 Summary
 How to backlist user

 Active FTP vs Passive FTP

 Steps for Apache web-hosting

 All sample files are stored in /usr/share/doc

 Sections om Apache config file

 Last 2 files in Apache are called containers

I. Fist one is called open and second is called closed

II. It lists directives (sequence doesn’t matters) and it’s values
III. To host website, we need to give name of our website in “ServerName”

 Testing configuration file

 How a website is accessed

 Background process when you enter name on browser

 How to add document root security

I. For every/multiple document root, we need to add document root directive

 Types of hosting in Apache server
 Application of firewall

 /etc/hosts.deny file

I. Blocking whole network except one IP address

II. If an entry is passed in /etc/hosts.allow and simultaneously passed in /etc/hosts.deny, it will

follow first in first out approach hence an IP won’t be blocked
III. TCP wrapper only works on few services
 In order to see service dependent library, we use ldd (list dependencies) command

 How does TCP Wrappers works

 Kernel level firewall in Linux are called IPTables & Firewalld

 IPTables

 Blocking incoming traffic

I. Hyphen A mean append/add

II. Hyphen s mean source
III. Hyphen j mean jump
IV. We use iptable - F (flush) command to remove rules
V. Making rule permanent/persistent

 Blocking outgoing traffic

 Background process

 How to block a specific IP and flushing/removing it

 Case scenario

I. It follows FIFO approach hence first command/steps would be void ab initio

 How to fully secure a server/drop policy (not practical)

 Accepting a particular port request from client

 Accepting port 80

 Accepting a particular IP with particular port access

 States in firewall
 Setting a rule for establishing a connection, hence only established connection can got out,

I. Hyphen d mean destination

II. Hyphen m mean match
III. Hyphen L mean list

 How to delete a rule

I. Hyphen D mean delete

 PIng command works on icmp protocol

I. Hyphen p mean protocol

 Tables in iptables

 Seeing chains in raw table

I. Hyphen t mean type

 Seeing chains in filter table

 Uses of different table

 By default filter table is used

 Checking firewall status on CentOS 7 & 8

 In CentOS 7 & 8, there are zones instead of tables

 How to check open ports in firewall

 Opening a port of a service

 We need to reload the firewall service each time, in order to make an entry on RAM
 Finding names in firewall table

 How to see zones in firewall

 By default, we are in public zone

 Seeing details of each zone

 Blocking everything

 Firewall in different OS version

 Security enhance Linux (SE Linux)

 In order to see SE Linux, we use sestatus command
 We need to reboot the machine, each time when the status is changed from/to disable

 For enabling or disabling SE Linux

 SE Linux working

 It’s an OS level security

 Turning on & off

 How to see context value

 How to details of services

 What is DNS

 It works on port 53

 Making DNS caching + Recursive server

 Root/Home directory of DNS

 Bind file related to it will be available in this directory

 Main configuration file

 How to open port in Fire wall for DNS

 dig command
 Background process

 Caching is stored on a RAM

 top-level domain (tld)
 Dot (.) in the end of tld is called root server, without it
 It works in reverse order
 How to create a zone in your DNS server and how to resolve your domain in your local zone

 Sample file

I. “@” this sign tells the origin

 In the last section of the sample file, we will simply write internet address

 We can write any of these

 Changing iptables/firewall in AWS security group
 xinetd service

 How to start in CenOs 6 & 7

 Root part of xinetd service

 Enabling sub service

 tftp service
 nrpe service

 ssh service vs telnet service

 ssh service encapsulate data hence it’s more secure than telnet service

 Checking ssh service status

 It’s root file

 Background

 Finding port numbers of services

 Giving a particular port

 Source code and destination port

 Ssh configuration file

 Changing the port of a service

 OS hardening/disabling the root access to clients/remotely

 Logging in particular user

 Or

 By making public and private key for server and client, we can set password-less ssh prompt in
order to achieve automation.
 Summary
 SAMBA service
 Root and configuration file of samba

 It’s configuration file have 2 sections

 Making new share and giving tags

 Testing the service

 How to create samba user
 Samba ports

 Adding service in the firewall

 File locking tag, it’s recommended to avoid file corruption

 How to find all tags in samba

 How samba works

 Samba turns on nmb (Net-BIOS Message Block) in order to connect with windows machine
 After connecting to winbind, you can connect to Linux client to windows. As it helps in the
authentication.
 Servers in a company

I. POC (proof of concept)

II. UAT (User acceptance testing)
III.DEV (developer)
IV. Live/production
 We will create virtual IP to connect to main or redundant/fail-over servers,

 RAID should be configured before installation of OS

I. It’s used for hardware redundancy
II. RAID have 2 types; hardware and software
III. It is accessed just like bios
IV. RAID levels
 RAID 0 does striping

a) Since it strips the data, hence its speed is faster

b) It has zero fault tolerance

 RAID 1 does mirroring

a) Minimum two hard-disk is required

b) It creates copy by mirroring data to redundant disk
c) fault tolerant is 1
d) It will be slower

 RAID 5 does stripping & parity

a) It needs minimum 3 hard disk

b) Mostly company uses this raid level
c) fault tolerant is 1
d) If 2 hard disk disk fails at a time, data will be lost
e) It is costly
 RAID 1+0 does striping + mirroring
a) It needs minimum 4 hard disk
b) fault tolerant is 2
c) It is faster
d) It’s costly
e) You must need hardware controller

 Choosing from different levels

I. For read operation RAID 5 will be suitable
II. For write operation RAID 1+0
III. For OS usually we use RAID 1