Run a command as root to watch the /var/log/messages file. {Enter the command used}

Insert your USB flash drive and determine the device name of the USB flash drive. {Screen capture}

Run a command to list the partition table for the USB flash drive. {Enter the command used}

Delete all the partitions on your USB flash drive, save the changes, and make sure the changes were made both on the disk's partition table and in the Linux kernel. {Screen capture}

Add three partitions to the USB flash drive: 100MB Linux partition, 200MB swap partition, and 500MB LVM partition. Save the changes. {Screen capture}

Put an ext3 filesystem on the Linux partition. {Enter the command used}

Create a mount point called /mnt/mypart, and mount the Linux partition on it. {Enter the command used}

Enable the swap partition, and turn it on so additional swap space is immediately available. {Screen capture}

Create a volume group called abc from the LVM partition. {Enter the command used}

Create a 200MB logical volume from that group called data. {Enter the command used}

Add a VFAT partition. {Enter the command used}

Temporarily mount the logical volume on a new directory named /mnt/test. Check that it was successfully mounted. {Screen capture}

Grow the logical volume from 200MB to 300MB. {Enter the command used}

Safely remove the USB flash drive from the computer. {Enter the command used}

Unmount the Linux partition. {Enter the command used}

Turn off the swap partition. {Enter the command used}

Unmount the logical volume. {Enter the command used}

Delete the volume group from the USB flash drive. {Screen capture}

Part II Working with Services

Run a command to see which initialization daemon your server is currently using. {Enter the command used}

Use a command to check the status of the sshd daemon, depending on the initialization daemon in use on your Linux server. {Enter the command used}

Run a command to determine your server's previous and current runlevel. {Enter the command used}

Change the default runlevel or target unit on your Linux server to runlevel3 target.

For your initialization daemon, run the commands to list services running (or active) on your server? {Screen capture}

For each initialization daemon, run a command to show a particular service's current status. {Enter the command used}

Show the status of the cups daemon on your Linux server. {Screen capture}

Attempt to restart the cups daemon on your Linux server. {Screen capture}

Attempt to reload the cups daemon on your Linux server. {Screen capture}

Part III Working with Server Administration

You will need to have a second Linux system available that you can log in to and try different commands. On that second system, you need to make sure that the sshd service is running, that the firewall is open, and that ssh is allowed for the user account you are trying to log in to (root is often blocked by sshd).

Using the ssh command, log in to another computer using any account you have access to. {Screen capture}

Using remote execution with the ssh command, display the contents of a remote /etc/system-release file and have its contents displayed on the local system. {Screen capture both terminals}

Use the ssh command to use X11 forwarding to display a gedit window on your local system; then save a file in the remote user's home directory. {Screen capture both terminals}

Recursively copy all the files from the /usr/share/selinux directory on a remote system to the /tmp directory on your local system in such a way that all the modification times on the files are updated to the time on the local system when they are copied. {Screen capture both terminals}

Recursively copy all the files from the /usr/share/logwatch directory on a remote system to the /tmp directory on your local system in such a way that all the modification times on the files from the remote system are maintained on the local system. {Screen capture both terminals}

Create a public/private key pair to use for SSH communications (no passphrase on the key), copy the public key file to a remote user's account with ssh-copy-id, and use key-based authentication to log in to that user account without having to enter a password. {Screen capture}

Create an entry in /etc/rsyslog.conf that stores all authentication messages (authpriv) info level and higher into a file named /var/log/myauth. From one terminal, watch the file as data comes into it, and in another terminal, try to ssh into your local machine as any valid user, with a bad password. {Screen capture of both terminals}

Use the du command to determine the largest directory structures under /usr/share, sort them from largest to smallest, and list the top ten of those directories in terms of size. {Enter the command used}

Use the df command to show the space that is used and available from all the filesystems currently attached to the local system, but exclude any tmpfs or devtmpfs filesystems. {Enter the command used}

Find any files in the /usr directory that are more than 10MB in size. {Screen capture}

Part IV Working with Basic Linux Security

Check log messages from the systemd journal for the following services: NetworkManager.service, sshd.service, and auditd.service. {Screen capture}

List the permissions of the file containing your system's user passwords, and determine if they are appropriate. {Enter the command used}

Determine your account's password aging and if it will expire using a single command. {Enter the command used}

Start auditing writes to the /etc/shadow with the auditd daemon, and then check your audit settings. {Screen capture}

Create a report from the auditd daemon on the /etc/shadow file, and then turn off auditing on that file. {Screen capture}

Install the lemon package, damage the /usr/bin/lemon file (perhaps copy /etc/services there), verify that the file has been tampered with, and remove the lemon package. {Screen capture}

You suspect you have had a malicious attack on your system today and important binary files have been modified. What command should you use to find these modified files? {Screen capture}

Install and run chkrootkit to see if the malicious attack from #5 above installed a rootkit. {Screen capture}

Find files with the SetUID or SetGID permission set. {Enter the command used}

Install the aide package, run the aide command to initialize the aide database, copy the database to the correct location, and run the aide command to check if any important files on your system have been modified. {Screen capture}

Part V Working with Network Security

The commands in this project do not permanently change your firewall as your old firewall rules will return when the firewall service is restarted. But, keep in mind that improperly modifying your firewall can result in unwanted access.

Install the Network Mapper utility on your local Linux system. {Screen capture}

Run a TCP Connect scan on your local loopback address. What ports have a service running on them? {Screen capture}

Run a UDP Connect scan on your Linux system from a remote system. {Screen capture}

Check to see if the ssh daemon on your Linux system uses TCP Wrapper support. {Enter the command used}

Using the TCP Wrapper files, allow access to the ssh tools on your Linux system from a designated remote system. Deny all other access. Hint: /etc/hosts.allow file and the /etc/hosts.deny file {Screen capture}

Determine your Linux system's current netfilter/iptables firewall policies and rules. {Enter the command used}

Flush your Linux system's current firewall rules, and then restore them. {Enter the command used}

For your Linux system's firewall, set your Linux system's firewall filter table for the input chain to a policy of DROP. {Enter the command used}

Change your Linux system firewall's filter table policy back to accept for the input chain. {Enter the command used}

Add a rule to drop all network packets from the IP address 10.140.67.23. {Screen capture}

Without flushing or restoring your Linux system firewall's rules, remove the rule you added above. {Enter the command used}