LPIC-2 Certified Linux Engineer 202-450 LPI Study Notes

 The keyword that is used in the Squid configuration to define networks and times used to limit access to the service is acl. The acl keyword stands for access control list, and it is used to create rules that match certain criteria, such as source or destination IP address, port number, URL, protocol, time, or user name. The acl keyword is followed by a name and a type, and optionally some arguments or a file name. For example, the following lines define two acl rules named localnet and daytime:

acl localnet src 192.168.0.0/16 # match local network acl daytime time 08:00-18:00 # match working hours

The acl rules can then be used with other keywords, such as http_access, to allow or deny access to the Squid service based on the matching criteria. For example, the following line allows access to the Squid service only from the local network and only during working hours:

http_access allow localnet daytime

The acl keyword is one of the most important and versatile keywords in the Squid configuration, and it can be used to create complex and flexible access policies. For more information about the acl keyword and its types and arguments, you can refer to the following resources:

• 1: A Squid documentation page that explains the syntax and usage of the acl keyword and its types and arguments.
• 2: A Squid documentation page that provides examples of common acl rules and how to use them.
• 3: A Squid FAQ page that answers some frequently asked questions about acl rules and how they work.

To prevent anonymous FTP users from listing uploaded file names, the upload directory must not have the read or execute permission set for the anonymous user or group. The read permission allows the user to view the contents of a file or directory, while the execute permission allows the user to enter or search a directory. Therefore, removing both permissions will prevent the user from accessing or listing the files in the upload directory. However, the write permission can be left on, as it allows the user to create or modify files in the directory, which is the purpose of an upload directory. References:

• LPIC-2 Exam 202-450 Objectives, Topic 211: File Sharing, Objective 211.2: Manage FTP Service, Weight: 3
• LPIC-2 Linux Professional Institute Certification Study Guide: Exam 201 and Exam 202, Chapter 9: File Sharing, FTP, p. 353-354
• Linux File Permissions Explained, Read, Write, and Execute Permissions, p. 2-4

 The FTP names that are recognized as anonymous users in vsftpd when the option anonymous_enable is set to yes in the configuration file are anonymous and ftp. These are the default names that vsftpd accepts as valid anonymous users, and they can be used interchangeably. The anonymous user does not need to enter a password, but can optionally enter an email address as a password. The anonymous user has limited permissions and can only access the directory specified by the anon_root directive, which is usually /var/ftp or /srv/ftp. The anonymous user can download files from the server, but cannot upload or modify files, unless the anon_upload_enable and anon_mkdir_write_enable directives are also set to yes.

The other options are not recognized as anonymous users in vsftpd. Option C is incorrect, because vsftpd will reject any username that does not belong to an existing user or an anonymous user. Option D is incorrect, because nobody is a system user that has no permissions and is not related to FTP. Option E is incorrect, because guest is not a valid FTP name, unless the guest_enable directive is set to yes, which will make all non-anonymous users log in as the guest_username, which is usually ftp.

References:

• vsftpd.conf - config file for vsftpd
• How To Set Up vsftpd for Anonymous Downloads on Ubuntu 16.04
• How to Configure vsftpd FTP Server on CentOS 8

 The Apache HTTPD directive that enables HTTPS protocol support is SSLEngine on. This directive activates the SSL/TLS protocol engine for the current virtual host. HTTPS is a secure version of HTTP that uses SSL/TLS to encrypt the communication between the client and the server. To enable HTTPS, the server must have a valid SSL certificate and a corresponding private key, and configure them using the SSLCertificateFile and SSLCertificateKeyFile directives123 References:

• LPIC-2 Overview
• LPIC-2 202-450
• SSL/TLS Strong Encryption: How-To - Apache HTTP Server Version 2.4