Part III Working with Server Administration

You will need to have a second Linux system available that you can log in to and try different commands. On that second system, you need to make sure that the sshd service is running, that the firewall is open, and that ssh is allowed for the user account you are trying to log in to (root is often blocked by sshd).

Using the ssh command, log in to another computer using any account you have access to. {Screen capture}

Using remote execution with the ssh command, display the contents of a remote /etc/system-release file and have its contents displayed on the local system. {Screen capture both terminals}

Use the ssh command to use X11 forwarding to display a gedit window on your local system; then save a file in the remote user's home directory. {Screen capture both terminals}

Recursively copy all the files from the /usr/share/selinux directory on a remote system to the /tmp directory on your local system in such a way that all the modification times on the files are updated to the time on the local system when they are copied. {Screen capture both terminals}

Recursively copy all the files from the /usr/share/logwatch directory on a remote system to the /tmp directory on your local system in such a way that all the modification times on the files from the remote system are maintained on the local system. {Screen capture both terminals}

Create a public/private key pair to use for SSH communications (no passphrase on the key), copy the public key file to a remote user's account with ssh-copy-id, and use key-based authentication to log in to that user account without having to enter a password. {Screen capture}

Create an entry in /etc/rsyslog.conf that stores all authentication messages (authpriv) info level and higher into a file named /var/log/myauth. From one terminal, watch the file as data comes into it, and in another terminal, try to ssh into your local machine as any valid user, with a bad password. {Screen capture of both terminals}

Use the du command to determine the largest directory structures under /usr/share, sort them from largest to smallest, and list the top ten of those directories in terms of size. {Enter the command used}

Use the df command to show the space that is used and available from all the filesystems currently attached to the local system, but exclude any tmpfs or devtmpfs filesystems. {Enter the command used}

Find any files in the /usr directory that are more than 10MB in size. {Screen capture}

Part IV Working with Basic Linux Security

Check log messages from the systemd journal for the following services: NetworkManager.service, sshd.service, and auditd.service. {Screen capture}

List the permissions of the file containing your system's user passwords, and determine if they are appropriate. {Enter the command used}

Determine your account's password aging and if it will expire using a single command. {Enter the command used}

Start auditing writes to the /etc/shadow with the auditd daemon, and then check your audit settings. {Screen capture}

Create a report from the auditd daemon on the /etc/shadow file, and then turn off auditing on that file. {Screen capture}

Install the lemon package, damage the /usr/bin/lemon file (perhaps copy /etc/services there), verify that the file has been tampered with, and remove the lemon package. {Screen capture}

You suspect you have had a malicious attack on your system today and important binary files have been modified. What command should you use to find these modified files? {Screen capture}

Install and run chkrootkit to see if the malicious attack from #5 above installed a rootkit. {Screen capture}

Find files with the SetUID or SetGID permission set. {Enter the command used}

Install the aide package, run the aide command to initialize the aide database, copy the database to the correct location, and run the aide command to check if any important files on your system have been modified. {Screen capture}

Part V Working with Network Security

The commands in this project do not permanently change your firewall as your old firewall rules will return when the firewall service is restarted. But, keep in mind that improperly modifying your firewall can result in unwanted access.

Install the Network Mapper utility on your local Linux system. {Screen capture}

Run a TCP Connect scan on your local loopback address. What ports have a service running on them? {Screen capture}

Run a UDP Connect scan on your Linux system from a remote system. {Screen capture}

Check to see if the ssh daemon on your Linux system uses TCP Wrapper support. {Enter the command used}

Using the TCP Wrapper files, allow access to the ssh tools on your Linux system from a designated remote system. Deny all other access. Hint: /etc/hosts.allow file and the /etc/hosts.deny file {Screen capture}

Determine your Linux system's current netfilter/iptables firewall policies and rules. {Enter the command used}

Flush your Linux system's current firewall rules, and then restore them. {Enter the command used}

For your Linux system's firewall, set your Linux system's firewall filter table for the input chain to a policy of DROP. {Enter the command used}

Change your Linux system firewall's filter table policy back to accept for the input chain. {Enter the command used}

Add a rule to drop all network packets from the IP address 10.140.67.23. {Screen capture}

Without flushing or restoring your Linux system firewall's rules, remove the rule you added above. {Enter the command used}