1. What changes does FTP make to an ASCII file when you download it in ASCII mode to a windows machine from a Linux server? What changes are made when you download the file to a Mac? Unix, Linux, etc uses only a line feed at the end of each line. So transferring to a Window will add a carriage return to each line.
New Mac’s are Linux-based, transferring from a Linux to a Mac shouldn’t change anything. 2. What happens if you transfer an executable program file in ASCII mode?
The file will be corrupted: Any bytes that match a NEWLINE will be altered, resulting in a program that will not execute properly.
3. When would FTP be a better choice than SFTP?
When downloading public files
4. How would you prevent a local user from logging in on a vsftpd server using her system username and password? Put the following line in /etc/vsftpd/vsftpd.conf: local_enable=NO
5. What advantage does sftp have over ftp?
FTP is not a secure protocol. All usernames and passwords are exchanged in set up and in a FTP connection are sent in clear text, data exchanged over an FTP connection is not encrypted and the connection is subject to hacking. An SFTP protocol however, is secure, thus your information is far safer.
6. What is the difference between cd and lcd in ftp?
A cd command changes the remote working directory, while lcd changes the local working directory.
7. Why might you have problems connecting to an FTP server in PORT mode? Check that the server has passive ftp enabled.
8. Why is it advantageous to run vsftpd in a chroot jail?
Any program that listens for Internet connections is vulnerable to compromise. If a daemon that runs as root is compromised, the entire system is compromised. The vsftpd daemon does not run as root, but it may still be possible for a malicious user to use a local root exploit to gain root access. Running vsftpd in the restricted environment of a chroot jail makes it significantly less likely that a malicious user can compromise the system. Without root access, the malicious user can see only other files in the chroot jail, rendering an attack harmless.
9. After downloading a file, you find out that it doesn’t match the MD5 checksum provided. Downloading the file again gives the same incorrect checksum. What have you done wrong and how would fix it?
It can be a few different things, maybe the file was corrupted. It could also be the site where you downloaded it from. It could be the different settings you have set for SFTP were not allowing you to download.
10. How would you configure vsftpd to run through xinetd, and what would be the main advantage of this approach? To configure vsftpd to run through xinetd, set listen=NO in /etc/vsftpd/vsftpd.conf, and create an xinetd configuration file for vsftpd in /etc/xinetd.d. This configuration allows you to provide finer-grained access control to the server.
1. How would you tell Apache that your content is in /usr/local/www?
What you want is the DocumentRoot and Directory directives in the Apache configuration file. In your case these should be DocumentRoot “/usr/local/www” and
2. How would you instruct an Apache server to listen on Port 81 instead of Port 80? In httpd.conf, change the directive
3. How would you enable Sam to publish Web pages from his ~/website directory directory but not allow anyone else to publish to the web? You could just add an Alias and Directory directive to your site
4. Apache must be started as root. Why? Why does this not present a security risk?
By default, Apache listens on port 80, which is a privileged port. Only root can use privileged ports, so you must start Apache as root. Starting Apache as root is not a security risk because Apache releases root privileges as soon as it has started using the port.
5. If you running an Apache on a firewall system, perhaps to display a web front-end for firewall configuration, how would you make sure that it is accessible from inside the local network? I believe you can set the interface that apache listens on in httpd.conf file. For example: # Change this to Listen on specific IP addresses as shown below to # prevent Apache from glomming onto all bound IP addresses (0.0.0.0) #
6. Why is it more efficient to run scripts using mod_php or mod_perl than through CGI?
Running a CGI script requires a system call to fork() and exec() to create a new process. Once the process has finished (which, in the case of CGI scripts, is usually very shortly after it has started), it terminates. A script run from a module does not have this overhead because it runs inside the Apache server process.
7. What two things does SSL provide and how does this situation differ if the certificate is self signed? Authentication and integrity
8. Some Web sites generate content by retrieving data from a database and inserting it into a template using PHP or CGI each time the site is
accessed. Why is this often a poor practice? In many cases, the same data is generated each time a given page is accessed, unneccesarily using CPU and disk resources for each access. Using resources unneccesarily can result in pages being unavailable when the system load is high.
9. Assume you want to provide webmail access for employees on the same server that hosts the corporate Web site. The Web site address is example.com, you want to use mail.example.com for Webmail, and the Webmail application is located in /var/www/webmail. Describe two ways you can change this configuration.
10. Part of a Web site is a private intranet and is accessed as http://example.com/intranet. Describe how you would prevent people outside the company accessing this site. Assume the company uses the 192.168.0.0/16 subnet internally.
a. Insert the following lines in httpd.conf:
Deny from all
Allow from 192.168.
b. Create the following .htaccess file in the intranet directory: Order deny,allow
Deny from all
Allow from 192.168.