Certified in Cyber Security Full Practice Test #1

3
Created on By admin

Certified in Cyber Security FULL practice test #1

1 / 2

When would be a time we should update our Business Continuity Plan (BCP) and its sub plans outside of our annual cycle?

2 / 2

When we are talking about data remanence, what does that refer to?

Your score is

The average score is 83%

0%

Math Quiz

/3
0 votes, 0 avg
3
Created on

Mathematic Quiz

Math quiz helps us to increase our knowledge

1 / 3

5*40

2 / 3

10+20

3 / 3

150/3

Your score is

0%

Please rate this quiz

Recreating missing virtual disk (VMDK) Descriptor File Vmware

Recreating missing virtual disk (VMDK) Descriptor File

Problem-

You just noticed that virtual machine’s VMDK files are missing and lost somehow. The reason, not able to start VM and when you try to add existing HDD – existing VMDK and -flat. VMDK files are not available to attach with Virtual Machine too.

Solution

We need to recreate missing VMDK files, to add VMDK files and start Virtual Machine.

  1. Login to ESXI PS with Putty. Make sure, SSH service is enabled and running for the PS.
  2. Switch to the directory where your virtual machine is located.

cd /vmfs/volumes/<<datastore>>/VM-Directory

cd /vmfs/volumes/5d406ca3-62654bd0-75fd-e4434b75ed38/APP-U1-63-25

3. Run below command to identify and record the exact size of the existing flat vmdk file for the VM.

ls -ltr *

-rw——-    1 root     root     16106127360 Jun 21 12:20 APP-U1-63-25-flat.vmdk

-rw——-    1 root     root     214748364800 Jun 21 10:49 APP-U1-63-25_1-flat.vmdk

4. Run the vmkfstools to create new virtual disk, i.e VMDK (Descriptor File)

vmkfstools -c 16106127360 -d thin -a lsilogic APP-U1-63-25-OS.vmdk

vmkfstools -c 214748364800 -d thin -a lsilogic APP-U1-63-25-DATA.vmdk

5. As mentioned, there are 2 new files created: APP-U1-63-25-OS.vmdk and APP-U1-63-25-DATA.vmdk are created as a result.

ls -ltr

rw——-    1 root     root     16106127360 Jun 21 19:21 APP-U1-63-25-OS-flat.vmdk

-rw——-    1 root     root     214748364800 Jun 21 19:21 APP-U1-63-25-DATA-flat.vmdk

-rw——-    1 root     root           546 Jun 21 21:05 APP-U1-63-25-OS.vmdk 

-rw——-    1 root     root           550 Jun 21 21:05 APP-U1-63-25-DATA.vmdk 

-rw——-    1 root     root     214748364800 Jun 22 05:08 APP-U1-63-25_1-flat.vmdk

-rw——-    1 root     root     16106127360 Jun 22 05:08 APP-U1-63-25-flat.vmdk

6. We need to Rename APP-U1-63-25-OS.vmdk  and APP-U1-63-25-DATA.vmdk to the name that is needed to match the orphaned -flat file.

mv APP-U1-63-25-OS.vmdk APP-U1-63-25.vmdk

mv APP-U1-63-25-DATA.vmdk APP-U1-63-25_1.vmdk

7. Now, it is final stage where editing descriptor file (APP-U1-63-25.vmdk and APP-U1-63-25_1.vmdk)

find the line with RW ####### and change the name of the -flat to match the orphaned -flat file you have. So, I changed to APP-U1-63-25-flat.vmdk and APP-U1-63-25_1-flat.vmdk respectively for both disks, as you can see in the image below.

vi APP-U1-63-25.vmdk

vi APP-U1-63-25_1.vmdk

8. You can now delete the below files created earlier. These are not required anymore.

rw——-    1 root     root     16106127360 Jun 21 19:21 APP-U1-63-25-OS-flat.vmdk

-rw——-    1 root     root     214748364800 Jun 21 19:21 APP-U1-63-25-DATA-flat.vmdk

9. Attach the respective VMDK files to the virtual machine as earlier.

10. Now, All set and good to power on the virtual machine.

USING CURL TO TROUBLESHOOT

To use curl to test basic network connectivity, you need to know several things:

  • The remote server name or IP address.
  • The protocol for the service to be tested (HTTP, FTP, SMTP, etc.)
  • The port number for the network application you want to test.

To open a connection to a remote server, open a terminal window on your computer, and then type curl protocol://IP/host:port, where protocol is the communication protocol to be used IP/host represents the IP address or hostname of the server, and port represents the TCP port number. Port is optional when the standard port for a given protocol is used.

C:\>curl http://asgaur.com
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>301 Moved Permanently</title>
</head><body>
<h1>Moved Permanently</h1>
<p>The document has moved <a href="http://asgaur.com/wp/">here</a>.</p>
</body></html>

Use curl to try and connect via SMTP protocol

C:\>curl smtp://asgaur.com
C:\>curl smtp://asgaur.com:2525 (2525 custom port if any)
214-Commands supported:
214 AUTH STARTTLS HELO EHLO MAIL RCPT DATA BDAT NOOP QUIT RSET HELP

To test an FTP server, use curl to connect via ftp protocol or to port 21.

C:\>curl ftp://asgaur.com
C:\>curl asgaur.com:21
220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------
220-You are user number 18 of 50 allowed.
220-Local time is now 10:04. Server port: 21.
220-This is a private system - No anonymous login
220-IPv6 connections are also welcome on this server.
220 You will be disconnected after 15 minutes of inactivity.

SSH uses encrypted connections. However, you can still use curl to verify that the service is running on a server.

C:\>curl asgaur.com:22
SSH-2.0-OpenSSH_XX

passwd: Authentication token manipulation error | RHEL 6

Problem described as below-

Getting passwd: Authentication token manipulation error on  RHEL6 Machine.

[root@ip-linuxbox~]# passwd user1
Changing password for user user1.
New password:
Retype new password:
passwd: Authentication token manipulation error

[root@ip-linuxbox~]# passwd -u user1 [Tried to unlock the account password.]
Unlocking password for user user1.
passwd: Libuser error at line: 179 – error creating `/etc/passwd+’: Permission denied.
passwd: Error (password not set?)  [Getting Permission denied error hence passwd is not getting changed/updated. Hence, we need to restore the permission on passwd.]

[root@ip-linuxbox~]# chage -l user1
Last password change : Apr 03, 2019
Password expires : never
Password inactive : never
Account expires : never
Minimum number of days between password change : 0
Maximum number of days between password change : 99999
Number of days of warning before password expires : 7

Solution-

[root@ip-linuxbox~]# rpm –setperms passwd  [Restore permission on passwd file.]

[root@ip-linuxbox~]# which passwd | xargs chmod u+s [Setting required permission on passwd file.]

[root@ip-linuxbox ~]# restorecon /etc/* [ if SELinux context is properly set for, it will fix the same.]

[root@ip-linuxbox~]# passwd user1
Changing password for user user1.
New password:
Retype new password:
passwd: all authentication tokens updated successfully.

[root@ip-linuxbox~]# chage -l user1
Last password change : Jul 28, 2020
Password expires : never
Password inactive : never
Account expires : never
Minimum number of days between password change : 0
Maximum number of days between password change : 99999
Number of days of warning before password expires : 7

AQI Delhi

[barChart width=”500px” stacked=”1″
legend=”{ position: ‘top’, maxLines: 2 }”
vaxis=”{title: ‘in $000’, titleTextStyle: {color: ‘blue’}}”
haxis=”{title: ‘Year’, titleTextStyle: {color: ‘blue’}}”]
[‘Year’, ‘Sales’, ‘Expenses’],
[‘2004’, 1000, 400],
[‘2005’, 1170, 460],
[‘2006’, 660, 1120],
[‘2007’, 1030, 540]
[/barChart]

[gvn_schart_2 id=”1″ width=”500″ height=”400″]

File System shows 100% occupied but du tells different and still has Unused Spaces.

We have faced an issue as below mentioned – found /oracle mount-point showing 100% as Used. But getting different size values for folders under /oracle mount-point, when we executed du -gs .

bash-4.4# df -g
Filesystem GB blocks Free %Used Iused %Iused Mounted on
/dev/hd4 4.00 1.39 66% 20686 6% /
/dev/hd2 4.00 1.02 75% 45679 16% /usr
/dev/hd9var 2.00 1.01 50% 16318 7% /var
/dev/hd3 2.00 1.83 9% 407 1% /tmp
/dev/hd1 1.00 0.16 85% 6124 12% /home
/dev/hd11admin 0.25 0.25 1% 5 1% /admin
/proc – – – – – /proc
/dev/hd10opt 0.50 0.07 87% 12979 44% /opt
/dev/livedump 0.25 0.25 1% 4 1% /var/adm/ras/livedump
/dev/fslv00 198.00 0.01 100% 440205 16% /oracle

bash-4.4# cd /oracle/
bash-4.4# du -gs *
0.00 AutoDeployment
5.45 Oracle
0.03 Patch
7.54 data01
11.67 fmw_12.1.3.0.0_wls
0.01 jboss
0.20 jdk
0.00 lost+found
0.92 wls1221

You may notice 100 % utilization for /oracle mount-point on the “df -g” output , but with “du -gs ” We found the files did not occupy the entire space.

It may be because of open files in the file-system. These open files hold space on the file-system to complete there execution, once the write operation is completed. 

To overcome, from this issue, We need to follow below two steps:-

  1. We need to find all such processes still running but using deleted files, in result – /oracle mount-point is showing 100% as Used.

bash-4.4# fuser -dV /oracle/
/oracle/:
inode=670047 size=5242722 fd=389 5570776
inode=1165305 size=20278 fd=1 8061106
inode=1165313 size=182335565824 fd=1 8716486
inode=1165305 size=20278 fd=1 9044152
inode=1165313 size=182335565824 fd=1 9371672
inode=1165305 size=20278 fd=1 11141354
inode=669981 size=5514335 fd=1 13041898


2. We have to kill all such processes as found in above command.

bash-4.4# kill -9 5570776
bash-4.4# kill -9 8061106
bash-4.4# kill -9 8716486
bash-4.4# kill -9 9044152
bash-4.4# kill -9 9371672
bash-4.4# kill -9 11141354
bash-4.4# kill -9 13041898

bash-4.4# fuser -dV /oracle/
/oracle/:

bash-4.4# df -g
Filesystem GB blocks Free %Used Iused %Iused Mounted on
/dev/hd4 4.00 1.39 66% 20686 6% /
/dev/hd2 4.00 1.02 75% 45679 16% /usr
/dev/hd9var 2.00 1.01 50% 16318 7% /var
/dev/hd3 2.00 1.83 9% 407 1% /tmp
/dev/hd1 1.00 0.16 85% 6124 12% /home
/dev/hd11admin 0.25 0.25 1% 5 1% /admin
/proc – – – – – /proc
/dev/hd10opt 0.50 0.07 87% 12979 44% /opt
/dev/livedump 0.25 0.25 1% 4 1% /var/adm/ras/livedump
/dev/fslv00 198.00 170.01 15% 440205 1% /oracle
bash-4.4# cd /oracle/
bash-4.4# du -gs *
0.00 AutoDeployment
5.45 Oracle
0.03 Patch
7.54 data01
11.67 fmw_12.1.3.0.0_wls
0.01 jboss
0.20 jdk
0.00 lost+found
0.92 wls1221

How to Find Server Public IP Address in Linux Terminal

root@test:/var/log/nginx# wget -qO – icanhazip.com
www.xxx.yyy.zzz
root@test:/var/log/nginx# wget -qO- http://ipecho.net/plain | xargs echo
www.xxx.yyy.zzz
root@test:/var/log/nginx# wget -qO – icanhazip.com
www.xxx.yyy.zzz
root@test:/var/log/nginx# curl icanhazip.com
www.xxx.yyy.zzz
root@test:/var/log/nginx#

sed to play with data or parsing your text

To select all the lines starting from STARTING_PATTERN up to  blank line ^$ and then delete those lines.

# sed ‘/STARTING_PATTERN/,/^$/d’ filename

To edit files in place, use -i option.

# sed -i ‘/STARTING_PATTER/,/^$/d’ filename

Insert multiple lines into a file after specified pattern.

# sed ‘/cdef/r add.txt’ input.txt

# sed ‘/cdef/r add.txt’ input.txt

input.txt:
abcd
accd
cdef
line
web
add.txt:
line1
line2
line3
line4
Output :
abcd
accd
cdef
line1
line2
line3
line4
line
web

If you want to apply the changes in input.txt file. Then, use -i with sed.

# sed -i ‘/cdef/r add.txt’ input.txt

If you want to use a regex as an expression you have to use the -E tag with sed.

# sed -E ‘/RegexPattern/r add.txt’ input.txt

Usefull Linux Commands for SAN LUN allocation in RHEL

ls -l /dev/disk/by-* | grep lun-31
ls -l /dev/disk/by-* | grep lun-33
ls -l /dev/disk/by-* | grep lun-20
ls -l /dev/disk/by-* | grep lun-10
cat /sys/class/fc_transport/*/node_name
grep 50060160bee045be /sys/class/fc_transport/*/node_name
lsscsi
./inq.LinuxAMD64 -clariion
multipath -ll
df -h
cat /etc/fstsb
cat /etc/fstab
multipath -ll | grep mpathg
ls -ltr /data*
ls -ls /data*
ls -ld /data*
df -h
mount/dev/mapper/mpathg /data10
mount /dev/mapper/mpathg /data10
df -h
cd /data10
ls -ltr
du -hs regcss
rm -rf regcss
df -h
ls -ltr
vi /etc/fstab
cat /etc/fstsb
cat /etc/fstab
cd
mount /data10
umount /data10
mount /data10
df -h
multipath -ll | grep mpathk
multipath -ll | grep mpathl
ls -l /dev/disk/by-* | grep lun-33
echo “0 5 33” > /sys/class/scsi_host/host2/scan
ls -l /dev/disk/by-* | grep lun-33
echo “0 4 33” > /sys/class/scsi_host/host2/scan
ls -l /dev/disk/by-* | grep lun-33
ls -l /dev/disk/by-* | grep lun-31
cat /sys/class/fc_transport/*/node_name
echo “0 5 33” > /sys/class/scsi_host/host1/scan
ls -l /dev/disk/by-* | grep lun-33
cd /proc/scsi
ls
cd scsi
cd sg
ls
cd device
cd devices
cat devices
grep 0x50060160bee045be  /sys/class/fc_transport/*/node_name
echo “0 0 33” > /sys/class/scsi_host/host1/scan
ls -l /dev/disk/by-* | grep lun-33
echo “0 1 33” > /sys/class/scsi_host/host1/scan
ls -l /dev/disk/by-* | grep lun-33
echo “0 3 33” > /sys/class/scsi_host/host1/scan
ls -l /dev/disk/by-* | grep lun-33
echo “0 3 33” > /sys/class/scsi_host/host2/scan
ls -l /dev/disk/by-* | grep lun-33
echo “0 1 33” > /sys/class/scsi_host/host2/scan
ls -l /dev/disk/by-* | grep lun-33
grep 0x5006016b08605821  /sys/class/fc_transport/*/node_name
cat /sys/class/fc_transport/*/node_name
grep 0x5006016088605821  /sys/class/fc_transport/*/node_name
echo “0 2 33” > /sys/class/scsi_host/host2/scan
ls -l /dev/disk/by-* | grep lun-33
echo “0 4 33” > /sys/class/scsi_host/host1/scan
ls -l /dev/disk/by-* | grep lun-33
echo “0 2 33” > /sys/class/scsi_host/host1/scan
ls -l /dev/disk/by-* | grep lun-33
grep 0x50060160bea0597f  /sys/class/fc_transport/*/node_name
echo “0 3 33” > /sys/class/scsi_host/host1/scan
ls -l /dev/disk/by-* | grep lun-33
echo “0 5 33” > /sys/class/scsi_host/host1/scan
ls -l /dev/disk/by-* | grep lun-33
ls -l /dev/disk/by-* | grep lun-34
echo “0 5 34” > /sys/class/scsi_host/host1/scan
ls -l /dev/disk/by-* | grep lun-34
echo “0 2 34” > /sys/class/scsi_host/host2/scan
echo “0 2 34” > /sys/class/scsi_host/host1/scan
echo “0 4 34” > /sys/class/scsi_host/host1/scan
echo “0 4 34” > /sys/class/scsi_host/host2/scan
ls -l /dev/disk/by-* | grep lun-34
cd
mkdir /data11
mkdir /data12
multipath ll
multipath -ll
df -h | grep mpathp
history | grep ext4
mkfs.ext4 -L DATA11 -m 0 -b 2048 /dev/mapper/mpathp
df -h | grep mpathq
mkfs.ext4 -L DATA12 -m 0 -b 2048 /dev/mapper/mpathq
df -h
mkdir /data11
mkdir /data12
mount /dev/mapper/mpathp /data11
mount /dev/mapper/mpathp /data12
umount /data12
umount /data11
mount /dev/mapper/mpathp /data11
mount /dev/mapper/mpathq /data12
df -h
umount /data12
vi /etc/fstsb
vi /etc/fstab
df -h
umount /data11
mount all
mount -all
df -h
cat /etc/fstab
df -h
ls -ld /data*
chown -R orarh11g:dba /data11 /data12
ls -ld /data*
df -h
rm -rf /data12
cat /proc/scsi/scsi | egrep -i ‘Host:’ | wc -l
ls /sys/class/fc_host
df -h
cat /etc/fstsb
cat /etc/fstab
vi /etc/fstab
df -h
mount all
mount -all
mkdir /data12
mount -all
df -h
chown -R orarh11g:dba  /data12
df -h
cat /sys/class/scsi_host/host*/device/fc_host/host*/node_name
for i in 0 1 2 3 4 5; do cat host$i/device/fc_host/host$i/port_name;  done
for i in 0 1 2 3 4 5 6 7 8 9 10; do cat host$i/device/fc_host/host$i/port_name;  done
cd  /sys/class/scsi_host/
for i in 0 1 2 3 4 5 6 7 8 9 10; do cat host$i/device/fc_host/host$i/port_name;  done
ls /sys/class/fc_host
fdisk -l |egrep ‘^Disk’ |egrep -v ‘dm-‘
multipath -ll
lspci | grep Fibre
lspci -v -s 05:00.0
ls -l /sys/class/scsi_host
ind /sys/class/pci_bus/0000\:05/device/0000\:05\:00.0/host*/rport-*/target*/*/state | awk -F’/’ ‘{print $11}’ | sort
find /sys/class/pci_bus/0000\:05/device/0000\:05\:00.0/host*/rport-*/target*/*/state | awk -F’/’ ‘{print $11}’ | sort
find /sys/class/pci_bus/0000\:05/device/0000\:05\:00.1/host*/rport-*/target*/*/state | awk -F’/’ ‘{print $11}’ | sort
cat /proc/scsi/scsi | grep scsi2
cat /proc/scsi/scsi | grep scsi1
find   /sys/class/pci_bus/0000\:05/device/0000\:05\:00.0/host*/rport-*/target*/*/block/*/stat | awk -F’/’ ‘{print $11,$13}’
find   /sys/class/pci_bus/0000\:05/device/0000\:05\:00.1/host*/rport-*/target*/*/block/*/stat | awk -F’/’ ‘{print $11,$13}’
udevadm info –query=path –name /dev/sdad
df -h
udevadm info –query=path –name /dev/mapper/mpathq
udevadm info –query=path –name /devices/virtual/block/dm-13
for port in /sys/class/fc_host/host[0-9]/port_name; { echo -n “$port : “; cat $port; }
history
CAILDB-63 scsi_host]#