Understanding your needs, Linux system security is an important assessment content in the Information Security Engineer examination. I have designed a 5-day Linux crash course closely aligned with the exam points, incorporating analyses of past exam questions to help you prepare efficiently.
To prepare for the exam, knowledge related to Linux may appear in multiple-choice questions and case analysis questions. Multiple-choice questions typically assess basic concepts and commands, while case analysis questions may require you to analyze system configurations, solve security issues, or write security hardening plans.
Below is a table summarizing the study plan for these 5 days:
|
Day |
Core Topic |
Key Knowledge Points |
Question Types and Scores |
|---|---|---|---|
|
1 |
Linux System Basics and Access Control |
User/Group Management ( |
Multiple-choice questions (3-5 points) |
|
2 |
Linux System Security Services and Authentication Mechanisms |
SSH Security Configuration (Key Authentication, Port Modification), PAM Modules, TCP Wrappers ( |
Multiple-choice + Case Questions (6-8 points) |
|
3 |
Linux Firewall and Network Traffic Control |
Basic Syntax of iptables (Four Tables and Five Chains), Basic Concepts of firewalld (Zone, Service), Common Rule Configurations |
Case Questions (6-8 points) |
|
4 |
Linux Log Analysis and Security Auditing |
Common Log Files ( |
Case Questions (6-8 points) |
|
5 |
Linux System Hardening and Intrusion Detection |
Service Hardening (Disabling Unused Services), Vulnerability Scanning, Rootkit Detection (chkrootkit, rkhunter), Comprehensive Security Hardening Strategies |
Case Questions (8-10 points) |
📅 Detailed 5-Day Study Plan
📘 Day 1: Linux System Basics and Access Control
-
Core Knowledge:
-
SUID: Allows users to execute programs as the file owner (e.g.,
<span>/usr/bin/passwd</span>). -
SGID: For files, allows execution as the group owner; for directories, new files created in that directory inherit the directory’s group ownership.
-
Sticky Bit: Typically used for directories (e.g.,
<span>/tmp</span>), only the file owner or root can delete files within.
-
User and Group Management: Understand the structure and meaning of
<span>/etc/passwd</span>,<span>/etc/shadow</span>,<span>/etc/group</span>files. Master commands like<span>useradd</span>,<span>usermod</span>,<span>userdel</span>,<span>groupadd</span>. -
File Permission Management: Deeply understand the different meanings of
<span>rwx</span>permissions for files and directories. Master commands like<span>chmod</span>(numeric and symbolic),<span>chown</span>,<span>chgrp</span>,<span>umask</span>. -
Special Permissions:
Practical Commands:
# Create a user and set a password
sudo useradd -m testuser
sudo passwd testuser
# Create a file and change its permissions to 755 (rwxr-xr-x)
touch test.txt
chmod 755 test.txt # or chmod u=rwx,g=rx,o=rx test.txt
# Find all files with SUID permission
find / -type f -perm -4000 2>/dev/nullReview and Practice with Past Questions (2019 Multiple Choice):
In a Linux system, what does file permission 755 mean for the file owner? ()
A. Read, Execute, Write
B. Read
C. Read, Execute
D. Write
Answer: A. 755 means the owner has read, write, and execute permissions (7), group users have read and execute permissions (5), and other users have read and execute permissions (5).
—— Next Lecture: System Security and Authentication Mechanisms ——