Glossary of Terms

Note

Many terms here have been reproduced from various locations across the Internet and are governed by the licenses surrounding the source material. Please see the reference links for specifics on usage and reproducibility.

ACL
Access Control List
A list of permissions attached to an object. An ACL specifies which users or system processes are granted access to objects, as well as what operations are allowed on given objects. Each entry in a typical ACL specifies a subject and an operation.
AIDE
Advanced Intrusion Detection Environment
An intrusion detection system for checking the integrity of files under Linux. AIDE can be used to help track file integrity by comparing a snapshot of the system’s files prior to and after a suspected incident. It is maintained by Rami Lehti and Pablo Virolainen.
Auditd
The userspace component to the Linux Auditing System. It is responsible for writing audit records to the disk. Viewing the logs is done with the ausearch or aureport utilities. Configuring the audit rules is done with the auditctl utility. During startup, the rules in /etc/audit/audit.rules are read by auditctl. The audit daemon itself has some configuration options that the admin may wish to customize. They are found in the auditd.conf file.
BIOS
Basic Input/Output System

A type of firmware used to perform hardware initialization during the booting process (power-on startup) on IBM PC compatible computers.

Source: Wikipedia: BIOS

CA
Certificate Authority
An entity that issues X.509 digital certificates.
CentOS
Community Enterprise Operating System
An Enterprise-grade Operating System that is mostly compatible with a prominent Linux distribution.
CLI
Command Line Interface

A means of interacting with a computer program where the user (or client) issues commands to the program in the form of successive lines of text (command lines).

CPU
Central Processing Unit

A central processing unit (CPU) is the electronic circuitry within a computer that carries out the instructions of a computer program by performing the basic arithmetic, logical, control and input/output (I/O) operations specified by the instructions

Source: Wikipedia: Central Processing Unit

DHCP
Dynamic Host Configuration Protocol
A network protocol that enables a server to automatically assign an IP address to a computer.
DNS
Domain Name System
A database system that translates a computer’s fully qualified domain name into an IP address and the reverse.
ENC
External Node Classifier

An arbitrary script or application which can tell Puppet which classes a node should have. It can replace or work in concert with the node definitions in the main site manifest (site.pp).

The Puppet Enterprise Console and The Foreman are two examples of External Node Classifiers.

Source: External Node Classifiers

FIPS
Federal Information Processing Standard

Federal Information Processing Standards (FIPS) Publications are standards issued by NIST after approval by the Secretary of Commerce pursuant to the Federal Information Security Management Act (FISMA)

The particular standard of note in SIMP is FIPS 140-2

Source: FIPS Publications

FQDN
Fully Qualified Domain Name
A domain name that specifies its exact location in the tree hierarchy of the DNS. It specifies all domain levels, including the top-level domain and the root zone. An FQDN is distinguished by its unambiguity; it can only be interpreted one way.
GUI
Graphical User Interface

A type of interface that allows users to interact with electronic devices through graphical icons and visual indicators such as secondary notation, as opposed to text-based interfaces, typed command labels or text navigation.

Source: Wikipedia: Graphical User Interface

HDD
Hard Disk Drive
A device for storing and retrieving digital information, primarily computer data.
Hiera

A key/value lookup tool for configuration data, built to make Puppet better and let you set node-specific data without repeating yourself.

Source: Hiera Overview

IP
IP Address
Internet Protocol Address

A numerical label assigned to each device (e.g., computer, printer) participating in a computer network that uses the Internet Protocol for communication.

Source: Wikipedia: IP Address

IP6Tables
Internet Protocol 6 Tables
A user space application that provides an interface to the IPv6 firewall rules on modern Linux systems.
IPTables
Internet Protocol Tables
A user space application that provides an interface to the IPv4 firewall rules on modern Linux systems.
Kerberos
A computer network authentication protocol that works on the basis of “tickets” to allow nodes communicating over a non-secure network to prove their identity to one another in a secure manner.
Key Distribution Center
Part of a cryptosystem intended to reduce the risks inherent in exchanging keys. KDCs often operate in systems within which some users may have permission to use certain services at some times and not at others.
LDAP
Lightweight Directory Access Protocol
A protocol for querying and modifying LDAP directory services including information such as names, addresses, email, phone numbers, and other information from an online directory.
MAC
MAC Address
Media Access Control
Media Access Control Address

A unique identifier assigned to network interfaces for communications on the physical network segment.

Source: <Wikipedia: MAC address

NAT
Network Address Translation
The process of modifying IP address information in IP packet headers while in transit across a traffic routing device.
NFS
Network File System
A distributed file system protocol that allows a user on a client computer to access files over a network in a manner similar to how local storage is accessed.
PAM
Pluggable Authentication Modules
A mechanism to integrate multiple low-level authentication schemes into a high-level application programming interface (API). It allows programs that rely on authentication to be written independent of the underlying authentication scheme.
PEM
Privacy Enhanced Mail
An early standard for securing electronic mail. This is the public-key of a specific certificate. This is also the format used for Certificate Authority certificates.
PERL
Practical Extraction and Report Language
A high-level, general-purpose, interpreted, dynamic programming language. PERL was originally developed by Larry Wall in 1987 as a general-purpose Unix scripting language to make report processing easier.
PKI
Public Key Infrastructure
A security architecture that has been introduced to provide an increased level of confidence for exchanging information over an increasingly insecure Internet. PKI enables users of a basically insecure public networks, such as the Internet, to securely authenticate to systems and exchange data. The exchange of data is done by using a combination of cryptographically bound public and private keys.
PSSH
Parallel Secure Shell
A tool that provides parallel versions of OpenSSH and other related tools.
Puppet
An Open Source configuration management tool written and maintained by Puppet Labs. Written as a Ruby DSL, Puppet provides a declarative language that allows system administrators to provide a consistently applied management infrastructure. Users describes system resource and resource state in the Puppet language. Puppet discovers system specific information via facter and compiles Puppet manifests into a system specific catalog containing resources and resource dependencies, which are applied to each client system.
PXE
Preboot Execution Environment
An environment to boot computers using a network interface independently of data storage devices (like hard disks) or installed operating systems.
RAM
Random Access Memory
A form of computer data storage. A random access device allows stored data to be accessed in nearly the same amount of time for any storage location, so data can be accessed quickly in any random order.
Red Hat
Red Hat®
Red Hat®, Inc.

A collection of many different software programs, developed by Red Hat®, Inc. and other members of the Open Source community. All software programs included in Red Hat Enterprise Linux® are GPG signed by Red Hat®, Inc. to indicate that they were supplied by Red Hat®, Inc.

See also RHEL.

RHEL
Red Hat Enterprise Linux
A commercial Linux operating system produced by Red Hat®, Inc. RHEL is designed to provide an Enterprise-ready Linux distribution suitable to multiple target applications.
RPM
RPM Package Manager
A package management system. The name RPM is associated with the .rpm file format, files in this format, software packaged in such files, and the package manager itself. RPM was developed primarily for GNU/Linux distributions; the file format is the baseline package format of the Linux Standard Base.
RSA
An algorithm for public-key cryptography that is based on the presumed difficulty of factoring large integers, the factoring problem. RSA stands for Ron Rivest, Adi Shamir and Leonard Adleman, who first publicly described it in 1977.
Ruby
A dynamic, reflective, general-purpose object-oriented programming language that combines syntax inspired by Perl with Smalltalk-like features. Ruby originated in Japan during the mid-1990s and was first developed and designed by Yukihiro “Matz” Matsumoto. It was influenced primarily by Perl, Smalltalk, Eiffel, and Lisp. Ruby supports multiple programming paradigms, including functional, object oriented, imperative and reflective. It also has a dynamic type system and automatic memory management; it is therefore similar in varying respects to Smalltalk, Python, Perl, Lisp, Dylan, Pike, and CLU.
Service Account
An account that is not for use by a human user but which still requires login access to a host.
SFTP
SSH File Transfer Protocol
A network protocol that provides file access, file transfer, and file management functionalities over any reliable data stream. It was designed by the Internet Engineering Task Force (IETF) as an extension of the Secure Shell protocol (SSH) version 2.0 to provide secure file transfer capability, but is also intended to be usable with other protocols.
SIMP
System Integrity Management Platform
A security framework that sits on top of RHEL or CentOS.
SSH
Secure Shell
An application for secure data communication, remote shell services, or command execution between networked computers. SSH utilizes a server/client model for point-to-point secure communication.
SSL
Secure Sockets Layer

The standard security technology for using PKI keys to provide a secure channel between two servers.

See also TLS.

Sudosh
An application that acts as an echo logger to enhance the auditing of privileged activities at the command line of the operating system. Utilities are available for playing back sudosh sessions in real time.
TFTP
Trivial File Transfer Protocol
A file transfer protocol generally used for automated transfer of configuration or boot files between machines in a local environment.
TLS
Transport Layer Security

A cryptographic protocol that provides network communications security. TLS and SSL encrypt the segments of network connections above the Transport Layer, using asymmetric cryptography for privacy and a keyed message authentication codes for message reliability.

See also SSL.

TTY
A Unix command that prints to standard output the name of the terminal connected to standard input. The name of the program comes from teletypewriter, abbreviated “TTY”.
VM
Virtual Machine
An isolated guest operating system installation running within a host operating system.
VNC
Virtual Network Computing
A graphical desktop sharing system that uses the remote framebuffer (RFB) protocol to control another computer remotely. It transmits the keyboard and mouse events from one computer to another, relaying the graphical screen updates back in the other direction, over a network.
WAN
Wide Area Network
A computer networking technology used to transmit ata over long distances, and between different Local Area Networks (LANs), Metropolitan Area Networks (MANs), and other localized computer networking architectures.
X.509

An ITU-T standard for a public key infrastructure (PKI) and Privilege Management Infrastructure (PMI). X.509 specifies, amongst other things, standard formats for public key certificates, certificate revocation lists, attribute certificates, and a certification path validation algorithm.

Source: Wikipedia: X.509

YUM
Yellowdog Updater, Modified

A software installation tool for Linux. It is a complete software management system that works with RPM files. YUM is designed to be used over a network or the Internet.

See also RPM.