How Do You Use Partitions on a Disk and Have Complete Disk Encryption with Ubuntu?

Problem scenario
You want your entire hard disk to have encryption. You want to install Ubuntu Linux with partitions. What do you do?

Solution
Follow these directions, but make sure the second partition (with GRUB) uses 80 MB. To do this, mentally find this command “sgdisk –new=2:0:+2M $DEV” here:
https://help.ubuntu.com/community/Full_Disk_Encryption_Howto_2019

When you get to that command,

How Do You Get Passwords to Expire for Existing Users?

Problem scenario
You want passwords to rotate periodically for all users. You modified the /etc/login.defs file, and new users are inheriting the temporal rotational policies for passwords. How can pre-existing accounts be forced to periodically change their password?

Solution
Use this command for every password (but replace “jdoe” with the user you want to change and replace “30” with the number of days you want the password to last for before the user is forced to change it):

sudo chage -M 30 jdoe

# The user can still log in one more time after expiration. …

How Do You Disable Hyperthreading in Linux?

Problem scenario
You are running Linux with a multi-core CPU and motherboard. You want to turn off simultaneous multithreading (because in some use cases the performance can improve or you are concerned about security). What should you do?

Possible Solution #1
If you want to be able to turn it back on without rebooting, you could have a crontab job run a script at reboot.

Is the Term “Threadjacking” a Netiquette or Cybersecurity Issue?

Problem scenario
You have heard the term “threadjacking” in different contexts. What does it mean?

Answer
The word “threadjack” can have different meanings. It can be a netiquette issue, a cybersecurity issue, or both.

Threadjacking can refer to the practice of responding to an email thread or website posting to change the topic. These type of threadjackings have no security implication.

How Do You Troubleshoot the Error “req: Use -help for summary”?

Problem scenario
You run a command like this:

sudo openssl req -newkey rsa:2048 -nodes -keyout contint.key -x509 -days 9999 contint.crt

You get this as the output: “req: Use -help for summary.”

What should you do?

Possible Solution #1
Use the “-out” flag between “9999” and “contint.crt”.

Possible Solution #2
Do you have an extra “-new” flag in your command?

How Do You Troubleshoot “jdoe is not authorized to run that command as root”?

Problem scenario
You failed to use visudo on a Red Hat or Debian distribution of Linux. You try to elevate your user to sudo and run a command but you get: “jdoe is not authorized to run that command as root.”

You forgot the root password. You cannot boot into rescue/recovery mode. How do you correct the /etc/sudoers file?

Solution
Run “pkexec” without quotes.

Is It a Best/Recommended Practice to Not Allow Desktop Clipboard Pastes for Password Fields on a Website?

Problem scenario
You think a website field for a password should allow a password to be pasted in. This could make the users not copy the password. Some hackers exploit memory/RAM. Should you avoid allowing a password to be pasted in?

Solution
Traditionally confirmation password fields did not allow pasting (with control-v) from the clipboard. Now NIST is saying you can do this: https://pages.nist.gov/800-63-FAQ/

Some people think it is not ideal to have sensitive information in RAM.

How Do You Install the Putty Utility on a Linux Server?

Problem scenario
You want to run the puttygen command on a Linux server. (You tried yum and dnf commands to install putty, but they failed.) What do you do?

Solution
Prerequisites

i. These directions assume you have installed the C compiler. If you need assistance, see How Do You Install a C Compiler on Linux?
ii. These directions also assume you have the GTK library installed.

Is It a Best/Recommended Practice to Enforce Complex Passwords?

Problem scenario
You are modifying /etc/security/pwquality.conf. Is it a recommended practice to have no or few repeating characters with different classes of characters including lowercase, uppercase, numbers and special characters?

Solution
It can be counter productive to have very strong password requirements according to the NIST (https://pages.nist.gov/800-63-FAQ/).

If you are using Linux or Unix, NIST does suggest you use a crack library dictionary (per A-B10 from https://pages.nist.gov/800-63-FAQ/).

Is It a Best/Recommended Practice to Not Use “Make Visible” the Password when Entering It?

Problem scenario
You think that the users should not click the “make visible” option when entering a password. As an I.T. professional, you are not sure if this should be used or not. You read and think that it should not be used. Is it recommended that you have a practice of not letting the users make the password visible?

Solution
It is not clear.