Access Control Assignment

A boutique Defense Contractor supports two fledgling research groups, NOVA and SOSRG. The NOVA group consists of:

1. Jerry 2. Bailey 3. Kevin

The SOSRG team consists of:

1. Natasha 2. Aleks

These groups share a linux-based server and work within similar directory structures as shown below:

The security policy for these two groups is as follows:

Files in the reports directory for each group should be readable and writeable by the file owner, readable by the group, and readable otherwise.

Files in the data directory for each group should be readable and writeable by the owner and group, and inaccessible otherwise.

The executables (with the * annotation) in the bin directories should be executable by all.

The a.config file in the NOVA/bin directory should be readable and writeable by the owner and group, and inaccessible otherwise.

A few salient facts:

1. The analyzer executable in the NOVA/bin directory reads a.config in that same directory to establish its operational parameters. The NOVA group executes:

./analyzer ../dataet.m ../data/exp.p from within their bin directory to run the code.

2. The policycheck executable in the SOSRG/bin directory invokes the NOVA groups analyzer executable. (Again, it must read a.config to establish its operational parameters.) The SOSRG group executes:

./policycheck ../data/os.m ../data/exp.p from within their bin directory to run the code.

3. The auditd facility is running and is watching for writes and attributes changes to files in the /home/NOVA and /home/SOSRG directories with rules that use keywords NOV A and SOSRG, respectively.

NOTE: You will be distributed login instructions, giving you the IP address for thehost, and your user ID and password. Use these to complete the assignment.

1. (25 pts) In order to support the above policy, anticipate what you would expect as the unix permissions for directories and files in the NOVA and SOSRG directories. Fill in the following table:

2. (25 pts) Now, compare your table with what you see on the research groups server.

Login to the system using ssh with the credentials you have been provided:

ssh p @ Document what you see. Hint: ls l. Again, you may use the table provided:

3. (25 pts) Describe the problems you discovered and their impact on the policy and functioning of the groups. Organize your comments by group and folder, e.g.:

NOV A:

Reports:

Bin:

Data:

SOSRG

Reports:

Bin:

Data:

4. (25 pts) Fix the permissions to correctly implement the policy mandated above. Document your fixes, organizing them by group and folder, and verify your fixes with directory listings showing the permissions for each folder.

NOV A:

Reports:

Bin:

Data:

SOSRG

Reports:

Bin:

Data:

Hint: chmod and/or chown (and related commands) may play a role in your fixes. Guidance: General rubric: Grading is based on 3 targets: soundness (is the answer correct?),

completeness (is it responsive/comprehensive?) and writing (is the writing good quality?). Read and respond to the questions in their entirety.

Permissions Owner Group Permissions Owner Group drwxrwxrwx drwxrwxrwx \begin{tabular}{|l|l|l|l|} \hline & & & NOVA \\ \hline & & & reports \\ \hline & & & jerry.txt \\ \hline & & & bailey.txt \\ \hline & & & kevin.txt \\ \hline & & & bin \\ \hline & & & analyzer \\ \hline & & & a.config \\ \hline & & & data \\ \hline & & & net.m \\ \hline & & & exp.p \\ \hline \end{tabular} \begin{tabular}{|l|l|l|l|} \hline & & & SOSRG \\ \hline & & reports \\ \hline & & natasha.txt \\ \hline & & & aleks.txt \\ \hline & & bin \\ \hline & & & policycheck \\ \hline & & & data \\ \hline & & & os.m \\ \hline & & & exp.p \\ \hline \end{tabular} Permissions Owner Group Permissions Owner Group drwxrwxrwx drwxrwxrwx \begin{tabular}{|l|l|l|l|} \hline & & & NOVA \\ \hline & & & reports \\ \hline & & & jerry.txt \\ \hline & & & bailey.txt \\ \hline & & & kevin.txt \\ \hline & & & bin \\ \hline & & & analyzer \\ \hline & & & a.config \\ \hline & & & data \\ \hline & & & net.m \\ \hline & & & exp.p \\ \hline \end{tabular} \begin{tabular}{|l|l|l|l|} \hline & & & SOSRG \\ \hline & & reports \\ \hline & & natasha.txt \\ \hline & & & aleks.txt \\ \hline & & bin \\ \hline & & & policycheck \\ \hline & & & data \\ \hline & & & os.m \\ \hline & & & exp.p \\ \hline \end{tabular}