The shared public key must be included in the user‘s authorized_keys file.

The X Display Manager Control Protocol (XDMCP) is the native X11 protocol. SPICE (Simple Protocol for Independent Computing Environment) is a complete and secure solution for remote access. RFB (Remote FrameBuffer) is the protocol used by VNC and its derivatives.

The /etc/shadow file contains the hash of each user‘s password, as well as several settings related to the user‘s password, such as password change limit, date of last change, and so on.

The Braille Display is a device for implementing the Braille code. Screen reader is a kind of sofware to read a text file. And Screen Magnifier is a tool to increase what is displayed on the screen. GOK is an application that provides a virtual keyboard to be used with the mouse and the Toggle Keys associated with motor difficulties.

The “dpkg-reconfigure tzdata“ command allows the administrator to configure the time zone settings by reconfiguring the tzdata package. The tzselect command only selects the state and time zone for later configuration.

The 5 fields of a crontab schedule are: minute hour day-of-month month day-of-week. The use of */10 indicates every 10 minutes, every 10 days and so on. The use of 9-18 indicates a range, for example, from hours 9 to 18. The use of 5,10,15,20 indicates several specific values, for example minutes 5, 10, 15, 20. The last field is referring to the day of the week, 0 and 7 indicate Sunday, 1 = Monday, 2 = Tuesday, 3 = Wednesday, 4 = Thursday, 5 = Friday and 6 = Saturday.

The /etc/crontab file contains system schedules, not directly related to any user but can only be changed by the root user. This file is also commonly used to invoke the scripts located in the /etc/cron.hourly/, /etc/cron.daily/, /etc/cron.weekly/ and /etc/cron.montly/

In the configurations of the systemd-timer scheduling units, the OnCalendar= parameter is used to define when the related service will run. The time is set with “WeekDay Year-Month-Day Hour:Minute:Second“. Details and more examples can be seen by the “man systemd.time“

The first field is user login, the “x“ in the second field indicates that the password will be found in hash format in the /etc/shadow file, the third field is the user ID (UID), the fourth the primary group GID), the fifth the user description, the sixth the user‘s home and the seventh and last shell used by the user after login.

In a slightly different way, the groups and id commands show all the groups, primary and additional, that a user belongs to.

The usermod -g option defines a user‘s primary group. The -G option defines the additional groups.

By default, useradd does not create the user‘s default directory, to force this creation you must use the -m option. The -d option enables the administrator to set a directory other than the /home/user directory.

The environment variable SSH_AGENT_SOCK stores the socket file that will be used for communication between processes, and SSH_AGENT_PID, the ssh-agent PID.

The command “gpg –list-keys“ shows all the keys (public and private) configured on the user‘s key chain.

The ssh-keygen command has the function of creating and managing a user‘s public and private keys. These keys are stored in the $HOME/.ssh/

The xhost command is used to define which sources can access the X server on the machine. Without arguments it displays the current settings.

The /etc/hosts.allow file settings are read first, and if there is a release for the service, for an IP or network on hosts.allow, hosts.deny is not even queried.

The xinetd service has /etc/xinetd.conf as the main configuration file, but most service-related configurations are included in the /etc/xinetd.d/ directory.

The /usr/sbin/tcpd process uses the libwrap library, which uses the settings included in the /etc/hosts.allow and /etc/hosts.deny files to control access to services available on the system.

The ulimit command is used to set these limits in a session, but to set them permanently for a user must be done by the file /etc/security/limits.conf.

The nmap command is used to scan a local or remote machine for Open Ports, as well as other information. It can also be used to analyze all machines in a specific logical network.

The information displayed by the “passwd -S“ command is: Account Status (P=Password OK, NP=No Password, L=Locked Account). Date of Last Password Change. Minimum days limit for password. Limit maximum number of days for the password. Warning days before the password expires. Time after the password expires until the account is disabled, -1 means disabled.

Analysis based on the passwd -S user1 output user1 P 10/12/2017 1 60 7 -1:

P: Account Status P means “Password OK“. So, “The account is locked“ is incorrect.
10/12/2017: This is the “Date of Last Password Change“. So, “The date of the next password change will be October 12, 2017“ is incorrect. The next password change date depends on the maximum days.
60: This is the “Limit maximum number of days for the password“. 60 days is approximately 2 months. So, “The user must change the password every 2 months“ is Correct.
-1: This is “Time after the password expires until the account is disabled, -1 means disabled“. A value of -1 here typically means the account will not be disabled (locked) after expiration, but rather the password will simply be expired and the user will be forced to change it on next login. Thus, “The account will not be locked after the password expires“ is Correct.
7: This is “Warning days before the password expires“. So, “7 days before the expiration of the password the user will receive system warnings“ is Correct.

The /etc/resolv.conf file allows the configuration of multiple DNS servers, and they will be classified as primary DNS, secondary DNS, and so on. However only one will be consulted and if it does not have the answer or if it is out of service, the next server will be queried. In addition to the nameserver, the domain and search parameters can be used.

The first space should be the IP and then the equivalent names. Only 1 IP can be entered per line, but it can be associated with multiple names.

The ping command sends packets by using the Internet Control Message Protocol (ICMP) protocol. The command sends a packet and waits for the response of the destination, thus verifying that the destination is accessible, responding to the requests and the response time.

The ifdown and ifup command works based on the /etc/network/intefaces or /etc/sysconfig/network-scripts configuration files. In the ip command, the link option refers to the interfaces and the set option can be used to enable or disable an interface.

When there is no default route defined, packets sent to IPs that are not part of the machine‘s network do not know the way forward, so Internet access will not be possible by domain names or direct IPs.

The traceroute command traces a route from the local machine to the target machine, informing all the gateways/hops that were used in the path.

systemd-networkd is a system service that manages networks. It detects and configures network devices as they appear.

The nameserver property is used to specify the IPs of the DNS servers used for name resolution. More than one can be used to indicate Primary, Secondary, and DNS.

The mask 255.255.255.128, or /25, divides a network into 2 subnets. In this case, the subnet in which IP 192.168.8.180 is included has the subnet address 192.168.8.128 and the broadcast address 192.168.8.255. The other subnet has the network address of 192.168.8.0 and the broadcast address of 192.168.8.127.

The iconv command is used to convert character encoding from one file to another type of encoding.

Defining the LANC variable with the C value is a common practice in scripts or programs that should always use the same location definitions, regardless of where it is running.

The hwclock command with the -s or –hctosys parameters sets the system time from the BIOS time. The -w or –systohc options do the opposite, set the BIOS time based on the current system time.

The sources option displays detailed synchronization information for each server and pool that is configured and in use.

NTP is an optional but highly recommended service on Linux servers. The ntpd and chronyd services queries remote servers via UDP/123 port, and based on its information keeps the date and time of the local machine updated.

The logger command is used inside the script, sending log records to the configured facilities in syslog or rsyslog. An example usage is: logger -p local0.warn “Warning message“

In the rsyslog configuration files the settings must be: facility.priority file-log. The .err setting indicates priority equal to or greater than error, the. =err setting indicates only the error priority.

Syslog, Rsyslog and Syslog-ng are the log management software currently used in Linux. Syslog is the oldest and most distributions currently use rsyslog.

The vacuum-size option of journalctl causes the /var/log/journal directory‘s “archive“ records to be cleaned up. In the case of vacuum-size, what should be cleaned is defined in Kb, Mb, Gb and so on. However, vacuum-time can also be used to define time-based cleaning and vacuum-file for the number of files.

The /etc/aliases file will implement what is described in the statement. It can only be edited by the root user and for your changes to take effect the “newaliases“ command should be executed.

The set command shows all variables, exported or not, in addition to the functions defined in the current session. The env command only shows the variables that were exported.

Port 25 is the port used by the Simple Mail Transfer Protocol (SMTP) service. It is through this port that the messages are typically sent by the MTA.

The /var/spool/cups directory stores all files sent to the cupsd print queue.

The lpr command can be used by directly informing the file to be printed or by receiving the contents to be printed via | (pipe). Without arguments the job is sent to the default queue, to specify a queue the -P option should be used.

The mailq and “sendmail -bp“ commands, despite the name, can be used with any mail server, not just sendmail. They show the queue of mail being processed or waiting for the mail server, emails that have not yet been delivered.

IP 191.12.40.50 is considered a Public IP. The tracks reserved for Private IPs are: 10.0.0.0 – 10.255.255.255, 172.16.0.0 – 172.31.255.255, 192.168.0.0 – 192.168.255.255 e 169.254.0.0 – 169.254.255.255

The FTP protocol works with 2 ports, port 20 is used for file transfer and port 21 is used for sending commands and controlling the connection. 22 is the port used by SSH and 23 by the Telnet service.

An IPv6 address consists of 128 bits, separated into 8 sets of 16 bits, usually represented in hexadecimal format, and each group separated by “:“. However, when groups are in sequence with 0000 values, these can be abbreviated and omitted, which is indicated by the indication “::“.

The order of the host parameter list indicates the search order of a name, “files“ indicates that /etc/hosts should be queried first, if nothing is found the system then look for the DNS configured in /etc/resolv. conf.

In the nmcli tool, every operation based on a connection must be performed with the “connection“ option, or “con“ or “c“. To enable or disable a connection are used up or down respectively.

The /etc/at.allow file indicates which users can use at. If it exists and is empty, no user is authorized to use the at. If the file does not exist, the file /etc/at.deny will be queried and the listed users will be blocked. If neither of the 2 files exists, or both are blank, only root can use at.

The /etc/profile file runs for all users after a login event. The /etc/bash.bashrc file runs at each new session. If after login a new session is started, only /etc/bash.bashrc is executed.

A function can be used in the same way as a command, just by stating its name and its arguments.

Aliases are displayed when typing aliases with no arguments. A new alias should be defined as: alias name=‘command-arguments‘

In the test command, or [], -e indicates whether the specified file or directory exists, -f has the same effect but only for files. The use of && causes the second command to be executed only if the first one is executed successfully, || is the opposite, the second command is executed only if the first one has error return, other than 0.

Since 3 variables are being read by the read command, and we have 5 values being reported, “a“ will be associated with var1, “b“ will be associated with var2 and “cd e“ associated with var3. Warning because this is a behavior of the read command, the same does not happen with the parameters of a script.

The seq 0 3 command generates numbers from 0 to 3, each on a new line. The for loop iterates over these values. In each iteration, the echo Valor $i command prints “Valor “ followed by the current value of i. Because seq outputs each number on a new line, the for loop processes them individually, resulting in each “Valor X“ statement also being printed on a new line.

The -ge option of the “test“ command means “greater or equal (greater or equal)“. The test command can be replaced by the [] syntax.

In the InputDevice section, specifications about the mouse and keyboard can be performed. Other important sections are: “Files“ – Paths to some important files, especially FontsPath. “ServerLayout“ – X Server General Settings. “Module“ – Loading extra modules. “Monitor“ – Configuration of the monitor used. “Device“ – Video card and driver configuration. “Screen“ – Combination of the Monitor with the Device, mainly setting the screen resolution.