Why is an understanding of cryptography important to operating systems designers?

A WordArt object cannot have a picture fill added to it

Indicate whether the statement is true or false

While port numbers are just a convention, can you guess what kind of service is running on port 80 TCP?

Display the services currently running. a. Use the ps command to display all the programs running in the background:

[analyst@secOps ~]$ sudo ps –elf
[sudo] password for analyst:
F S UID  PID PPID C PRI NI ADDR SZ WCHAN  STIME TTY  TIME     CMD
4 S root 1    0   0 80  0   - 2250 SyS_ep Feb27  ?  00:00:00 /sbin/init
1 S root 2    0   0 80  0   -    0 kthrea Feb27  ?  00:00:00 [kthreadd]
1 S root 3    2   0 80  0   -    0 smpboo Feb27  ?  00:00:00 [ksoftirqd/0]
1 S root 5    2   0 60  -20 -    0 worker Feb27  ?  00:00:00 [kworker/0:0H]
1 S root 7    2   0 80  0   -    0 rcu_gp Feb27  ?  00:00:00 [rcu_preempt]
1 S root 8    2   0 80  0   -    0 rcu_gp Feb27  ?  00:00:00 [rcu_sched]
1 S root 9    2   0 80  0   -    0 rcu_gp Feb27  ?  00:00:00 [rcu_bh]
1 S root 10   2   0 -40 -   -    0 smpboo Feb27  ?  00:00:00 [migration/0]
1 S root 11   2   0 60  -20 -    0 rescue Feb27  ?  00:00:00 [lru-add-drain]
5 S root 12   2   0 -40 -   -    0 smpboo Feb27  ?  00:00:00 [watchdog/0]
1 S root 13   2   0 80  0   -    0 smpboo Feb27  ?  00:00:00 [cpuhp/0]
5 S root 14   2   0 80  0   -    0 devtmp Feb27  ?  00:00:00 [kdevtmpfs]
1 S root 15   2   0 60  -20 -    0 rescue Feb27  ?  00:00:00 [netns]
1 S root 16   2   0 80  0   -    0 watchd Feb27  ?  00:00:00 [khungtaskd]
1 S root 17   2   0 80  0   -    0 oom_re Feb27  ?  00:00:00 [oom_reaper]

b. In Linux, programs can also call other programs. The ps command can also be used to display such process hierarchy. Use –ejH options to display the currently running process tree.

[analyst@secOps ~]$ sudo ps –ejH
[sudo] password for analyst:

  1     1     1 ?        00:00:00 systemd
  167   167   167 ?        00:00:01   systemd-journal
  193   193   193 ?        00:00:00   systemd-udevd
  209   209   209 ?        00:00:00   rsyslogd
  210   210   210 ?        00:01:41   java
  212   212   212 ?        00:00:01   ovsdb-server
  213   213   213 ?        00:00:00   start_pox.sh
  224   213   213 ?        00:01:18     python2.7
  214   214   214 ?        00:00:00   systemd-logind
  216   216   216 ?        00:00:01   dbus-daemon
  221   221   221 ?        00:00:05   filebeat
  239   239   239 ?        00:00:05   VBoxService
  287   287   287 ?        00:00:00   ovs-vswitchd
  382   382   382 ?        00:00:00   dhcpcd
  387   387   387 ?        00:00:00   lightdm
  410   410   410 tty7     00:00:10     Xorg
  460   387   387 ?        00:00:00     lightdm
  492   492   492 ?        00:00:00       sh
  503   492   492 ?        00:00:00         xfce4-session
  513   492   492 ?        00:00:00           xfwm4
  517   492   492 ?        00:00:00           Thunar
  1592  492   492 ?        00:00:00             thunar-volman
  519   492   492 ?        00:00:00           xfce4-panel
  554   492   492 ?        00:00:00             panel-6-systray
  559   492   492 ?        00:00:00             panel-2-actions
  523   492   492 ?        00:00:01           xfdesktop
  530   492   492 ?        00:00:00           polkit-gnome-au
  395   395   395 ?        00:00:00   nginx
  396   395   395 ?        00:00:00     nginx
  408   384   384 ?        00:01:58   java
  414   414   414 ?        00:00:00   accounts-daemon
  418   418   418 ?        00:00:00   polkitd

c. As mentioned before, servers are essentially programs, often started by the system itself at boot time. The task performed by a server is called service. In such fashion, a web server provides web services. The netstat command is a great tool to help identify the network servers running on a computer. The power of netstat lies on its ability to display network connections. In the terminal window, type netstat.

[analyst@secOps ~]$ netstat
Active Internet connections (w/o servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State
tcp   0      0      localhost.localdo:48746 localhost.local:wap-wsp ESTABLISHED
tcp   0      0      localhost.localdo:48748 localhost.local:wap-wsp ESTABLISHED
tcp6  0      0      localhost.local:wap-wsp localhost.localdo:48748 ESTABLISHED
tcp6  0      0      localhost.local:wap-wsp localhost.localdo:48746 ESTABLISHED
tcp6  0      0      localhost.local:wap-wsp localhost.localdo:48744 ESTABLISHED
tcp6  0      0      localhost.localdo:48744 localhost.local:wap-wsp ESTABLISHED
Active UNIX domain sockets (w/o servers)
Proto RefCnt Flags Type  State I-Node Path
unix  3      [ ]   DGRAM       8472   /run/systemd/notify
unix  2      [ ]   DGRAM       8474   /run/systemd/
cgroups-agent

d. Use netstat with the –tunap options to adjust the output of netstat. Notice that netstat allows multiple options to be grouped together under the same “- ” sign. The information for the nginx server is highlighted.

[analyst@secOps ~]$ sudo netstat -tunap
[sudo] password for analyst:
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address   Foreign Address State
PID/Program name
tcp   0      0      0.0.0.0:80      0.0.0.0:*       LISTEN
395/nginx: master p
tcp   0      0      0.0.0.0:21      0.0.0.0:*       LISTEN
279/vsftpd
tcp   0      0      0.0.0.0:22      0.0.0.0:*       LISTEN
277/sshd
tcp   0      0      0.0.0.0:6633    0.0.0.0:*       LISTEN
257/python2.7
tcp6  0      0      :::22           :::*            LISTEN
277/sshd
tcp6  0      0      :::23           :::*            LISTEN
1/init
udp   0      0      192.168.1.15:68   0.0.0.0:*
237/systemd-network

Clients will connect to a port and, using the correct protocol, request information from a server. The netstat output above displays a number of services that are currently listening on specific ports. Interesting columns are: ? The first column shows the Layer 4 protocol in use (UDP or TCP, in this case). ? The third column uses the format to display the local IP address and port on which a specific server is reachable. The IP address 0.0.0.0 signifies that the server is currently listening on all IP addresses configured in the computer. ? The fourth column uses the same socket format to display the address and port of the device on the remote end of the connection. 0.0.0.0:* means that no remote device is currently utilizing the connection. ? The fifth column displays the state of the connection. ? The sixth column displays the process ID (PID) of the process responsible for the connection. It also displays a short name associated to the process.