Tools and Other Requirements :

$1.$ VMware Workstation$/$Fusion with SIFT VM $20\mathrm{.}04$

$2.$ Updated SIFT $20\mathrm{.}04$ workstation using $($MUST$),$ copy$-$paste the command:

sudo apt update; sudo apt upgrade $-$y

$---------------------------------------------------------------------------------------------------------------$

Important task before commencing the lab: Delete all other user accounts that you

created for previous labs, along with their home directories :

$$ sudo deluser bruce $--$remove$-$home

$$ sudo deluser terry $--$remove$-$home

$----------------------------------------------------------------------------------------------------------------$

The sudoers file modification in SIFT $20\mathrm{.}04$ Linux Task $($Read the full question first$)$

a$.$ Once you have deleted all the previously created user accounts, log in to the

sansforensics user and issue the sudo $-$l command on the terminal to check the

root user$$s permissions. Take proper screenshot$($s$)$ of this step

b$.$ Now create a user by your first name, having the account full name as Test

YourFirstName and password as passcode $($leave all the other information

blank$).$ Check the syntax and example below.

$-$ Syntax to add a new user: sudo adduser

$-$ Example: sudo adduser bill

$-$ Example of the account Full name: Test Bill

Log in to your newly created user account to activate it$.$ Then type sudo apt

update on the terminal. You should be getting a message on the terminal

regarding incident reporting$/$ not allowed to execute. Take proper screenshot$($s$)$

of this step. Now log out from the test account and login back to the

sansforensics account.

c$.$ Open the sudoers file from the terminal of sansforensics by following the steps

below. Important: DO NOT USE ANY OTHER EDITOR FOR THIS STEP, ELSE

THE SYSTEM WILL BE BRICKED IF YOU MAKE A MISTAKE IN SUDOERS FILE:

$$ Type sudo su in the sansforensics user terminal, and the prompt will change

to that of the root user.

$$ Then type visudo $/$etc$/$sudoers $($GNU Nano editor will be opened$).$

$$ Then, under the #User privilege specification area and right below the root

entry, type the following :

test ALL$=($root$)$ NOPASSWD: $/$usr$/$bin$/$cat $/$etc$/$shadow$,/$usr$/$bin$/$apt

$$ Take proper screenshot$($s$)$ of this step after entering the above command.

$$ Press CTRL$+$X and save it after confirmation.

d$.$ Login back to the test account and execute sudo cat $/$etc$/$shadow followed by

sudo apt update, and sudo fdisk $-$l$.$ Take proper screenshot$($s$)$ for the output of

the three commands one by one.

e$.$ What did you observe after typing the three commands one by one in the previous

step? Explain.

Explain the above screenshots briefly with a one or two$-$sentence explanation at most.

Complete this task in your SIFT $20\mathrm{.}04$ workstation.

$[$IMPORTANT$]$: Delete the test user account with the home directory and remove the

test user entry from the sudoers file by going to the sansforensics user account.

$$ sudo deluser test $--$remove$-$home