Explore fundamental concepts of Linux security with focused questions on firewalls, iptables rules, and SELinux features. This quiz is designed to help reinforce your understanding of key mechanisms for protecting Linux systems against threats through access control and traffic management.
In the context of a Linux firewall using iptables, what happens if the default INPUT chain policy is set to DROP and no explicit rules exist for incoming traffic?
Explanation: When the default INPUT chain policy is set to DROP, all incoming packets are blocked unless a specific rule allows them. Setting the policy to ACCEPT would permit all traffic except that which is explicitly denied, so option two is incorrect. The OUTPUT chain handles outgoing, not incoming, traffic—making the third and fourth options inaccurate. Understanding default policies is critical for a secure firewall configuration.
Which SELinux mode allows all actions but logs any operations that would have been denied if enforcement were enabled?
Explanation: SELinux in permissive mode does not enforce security policies but logs violations for review, which helps in troubleshooting and policy development. The enforcing mode actively blocks and logs forbidden actions, making it unsuitable here. Disabled mode turns off SELinux entirely, removing both enforcement and logging. Monitoring is not a recognized SELinux mode.
Given the rule 'iptables -A INPUT -p tcp --dport 22 -j ACCEPT', what is its effect on the firewall policy?
Explanation: The given rule permits incoming traffic on TCP port 22, which is typically used for SSH connections. It does not deny any other traffic, so the second option is incorrect. The rule affects inbound, not outbound, connections—invalidating the third choice. The last option is the exact opposite of the rule's function.
Why is it important to correctly label files with their appropriate SELinux context on a Linux server running sensitive web applications?
Explanation: Proper file labeling enables SELinux to apply the intended security policies and restrict unauthorized access, which is vital for protecting sensitive applications and data. SELinux labeling does not hide or compress files, and it does not inherently prevent execution unless rules specify so. The other options do not reflect how SELinux contexts operate.
Compared to stateless firewalls, why are stateful firewalls generally considered more secure for Linux servers?
Explanation: Stateful firewalls maintain awareness of active connections, allowing them to distinguish between legitimate returning traffic and new or unsolicited attempts, thereby enhancing security. Stateless firewalls lack this capability and filter solely on packet attributes, so the second and third options are incorrect. While ports are important in rule criteria, stateful firewalls use more information than just destination ports, making the last choice incomplete.