Both servers mutually verify their X509 certificates.

Both servers use a secret key that is shared between the servers.

Both servers verify appropriate DANE records for the labels of the NS records used to delegate the transferred zone.

Both servers use DNSSEC to mutually verify that they are authoritative for the transferred zone.

example.com

dane.www.example.com

soa.example com

www.example.com

_443_tcp.www example.com

For every file in an eCryptfs directory there exists a corresponding file that contains the encrypted content.

The content of all files in an eCryptfs directory is stored in an archive file similar to a tar file with an additional index to improve performance.

After unmounting an eCryptfs directory, the directory hierarchy and the original file names are still visible, although, it is not possible to view the contents of the files.

When a user changes his login password, the contents of his eCryptfs home directory has to be re-encrypted using his new login password.

eCryptfs cannot be used to encrypt only directories that are the home directory of a regular Linux user.

It displays statistics from the running Snort process.

It returns the status of all configured network devices.

It reports whether the Snort process is still running and processing packets.

It displays the status of all Snort processes.

It reads syslog files containing Snort information and generates port scan statistics.

- -mlock

- -no-swap

--root-swap

--keys-no-swap

ACL

GRANT

GROUP

OWNER

SID

setfacI -x group: * : rx, user:*: rx afile

setfacl -x mask: : rx afile

setfacl ~m mask: : rx afile

setfacl ~m group: * : rx, user:*: rx afile

chage --maxdays none usera

chage –maxdays 99 usera

chage --maxdays -1 usera

chage --lastday none usera

chage --lastday 0 usera

Kerberos authentication

SSH hostkey authentication

Winbind authentication

SSL certificate authentication