Free Essay

Linux Security Lab 2

In:

Submitted By Ramman911
Words 313
Pages 2
1. What is the significance of creating Groups and adding Users to Groups?
By creating groups you can get people access to the information that they need to get to. When a user is created and added to a group that user then has the access permissions of the group that has been made.
2. Given a scenereo where there are 5 database admins that may periodically need access to a given system. Discuss a better concept to better manage the admins access permissions.
Break down admin responsabilities and only give them the access for what duties they need to perform. PAM command is a great idea in this scenereo.
3. New web admin account has been set up and a password provided. What is the command to force a password change upon login.
Chage –d 0 <user name>
4. What is the purpose of the “SU” command.
This is the command to get into the machine as ROOT. (Super User I like to call it) this is like the ultimate authority command to change what you want and equally allows you to screw things up if you want.
5. Restricting the use of the “SU” command can be configured using what mechanism.
/etc/pam.d/su to edit the PAM. Edit the #auth required pam_wheel.so use_uid
6. What is the purpose of the login.defs file? Creates accounts and is site specific for the shadow login. This has rules like expirations, password requirements.
7. What is the PASS_MIN_DAYS setting? Min days until you have to change the password
8. What is the PASS_MAX_DAYS setting? Why is it good to set this? Max days to change your password. This is a great idea to force people to change passwords and if they don’t then the account goes bye bye.
9. NO
10. Make group, use login.defs, set max days

Similar Documents

Premium Essay

Is3440 Linux Security Lab 1

...Week 1 Lab This lab consists of two parts: Make sure you label each section accordingly and answer all the questions. For this lab it is recommended that you review the Demo Lab presentations in the Unit 1 and Unit 2 Learning Space. Click the PRACTICE link > DEMO LAB > then click the hyperlink to launch the demonstration. Part # 1 Install a Core Linux Operating System on a Server Learning Objectives and Outcomes Upon completing this lab, students should know more about the following tasks: * Install a base Linux operating system using a Fedora core Linux server for production use on the VM server farm * Create secured partitions within the core Linux server for desired security hardening, performance, and application support * Enable a network time server during installation to maintain a synchronized time setting throughout the system * Set a hostname that is descriptive of the role of the server to maintain standard and concise naming conventions during installation * Create a non-privileged user account for system administration access as a secure alternative to logging in as root user Overview In this lab the students will see how to install and partition a Fedora Core Linux Server. The installation process, applying passwords, creating partitions, and system administrator access controls will be part of the operating system configuration requirements. The demonstration will show how to use the terminal or terminal emulator for...

Words: 1494 - Pages: 6

Free Essay

Construct a Linux Host Firewall and Monitor for Ip Traffic

...130 LAB #9 | Construct a Linux Host Firewall and Monitor for IP Traffic LAB #9 – ASSESSMENT SPREADSHEET Construct a Linux Host Firewall and Monitor for IP Traffic Course Name and Number: Student Name: Instructor Name: Lab Due Date: Internal Firewall Policy Definition Configure your “TargetUbuntu02” desktop Linux internal host IP stateful firewall according to the following policy definition. Test and validate your implementation after you configure it based on the policy definition. The following is your Ubuntu internal firewall policy definition: Deny incoming traffic Deny the following specific applications: TFTP Telnet SNMP ICMP FTP Allow the following specific applications under “Advanced” settings: SSH SMTP POP3 HTTPS HTTP Make a screen capture of the changes you made to the configuration and paste it into the text document. Use the File Transfer button to download the text file to your local computer and submit it as part of your deliverables. Assessment Worksheet 131 9 Construct a Linux Host Firewall and Monitor for IP Traffic LAB #9 – ASSESSMENT WORKSHEET Construct a Linux Host Firewall and Monitor for IP Traffic Course Name and Number: Student Name: Instructor Name: Lab Due Date: Overview In this lab, you configured the Gufw Ubuntu host IP stateful firewall as an internal service running on the Linux desktop. By defining what IP traffic is allowed and what IP traffic is denied, you implemented another layer of security in your overall...

Words: 665 - Pages: 3

Premium Essay

Install a Core Linux Operating System on a Server

...Week 1 Lab This lab consists of two parts: Make sure you label each section accordingly and answer all the questions. For this lab it is recommended that you review the Demo Lab presentations in the Unit 1 and Unit 2 Learning Space. Click the PRACTICE link > DEMO LAB > then click the hyperlink to launch the demonstration. Part # 1 Install a Core Linux Operating System on a Server Learning Objectives and Outcomes Upon completing this lab, students should know more about the following tasks: * Install a base Linux operating system using a Fedora core Linux server for production use on the VM server farm * Create secured partitions within the core Linux server for desired security hardening, performance, and application support * Enable a network time server during installation to maintain a synchronized time setting throughout the system * Set a hostname that is descriptive of the role of the server to maintain standard and concise naming conventions during installation * Create a non-privileged user account for system administration access as a secure alternative to logging in as root user Overview In this lab the students will see how to install and partition a Fedora Core Linux Server. The installation process, applying passwords, creating partitions, and system administrator access controls will be part of the operating system configuration requirements. The demonstration will show how to use the terminal or terminal emulator for...

Words: 1168 - Pages: 5

Premium Essay

Wk 3 Lab

...Week 3 Lab Part 1: Web and Database Attacks & Malware and Malicious Software Learning Objectives and Outcomes Upon completing this lab, students will be able to: * Identify web application and web server backend database vulnerabilities as viable attack vectors * Develop an attack plan to compromise and exploit a web site using cross-site scripting (XSS) against sample vulnerable web applications * Conduct a manual Cross-site Scripting (XSS) attack against sample vulnerable web applications * Perform SQL injection attacks against sample vulnerable web applications with e-commerce data entry fields * Mitigate known web application and web server vulnerabilities with security countermeasures to eliminate risk from compromise and exploitation Overview This Lab will demonstrate a Cross-site Scripting (XSS) exploit and an SQL Injection attack on the test bed web application and web server using the Damn Vulnerable Web App (DVWA) loaded on an Apache Web Server on “TargetUbuntu01” Linux VM server. They will first identify the IP target host, identify known vulnerabilities and exploits, and then attack the web application and web server using XSS and an SQL Injection to exploit the web application using a web browser and some simple command strings. Assignment Requirements Watch the Demo Lab in Learning Space Unit 5 and then answer questions 1-10 below. Lab Assessment Questions & Answers 1. Why is it critical...

Words: 1054 - Pages: 5

Free Essay

Securing Linux Lab Assignment

...Week 3 Lab This lab consists of two parts. Make sure you label each section accordingly and answer all the questions. For this lab it is recommended that you review the Demo Lab presentations in the Unit 5 and Unit 6 Learning Space. Click the PRACTICE link > DEMO LAB > then click the hyperlink to launch the demonstration. Part #1 Apply Hardened Security for Linux Services & Applications Learning Objectives and Outcomes Upon completing this lab, students will learn about the following tasks: * Harden Linux server services when enabling and installing them, and keep a security perspective during configuration * Create an Apache Web Server installation and perform basic security configurations to assure that the system has been hardened before hosting a web site * Configure and perform basic security for a MySQL database, understanding the ramifications of a default installation and recommending hardening steps for the database instance * Install, setup and perform basic security configuration for Sendmail to be able to leverage the built-in messaging capabilities of the Linux System * Enable and implement secure SSH for encrypted remote access over the network or across the Internet of a Linux server system Overview This lab is an extension of the previous hands-on labs, and it incorporates security hardening for Linux services and applications loaded in the physical server. This demonstration will configure security and hardened services...

Words: 2020 - Pages: 9

Premium Essay

Configure Basic Security Controls on a Linux Server

...Configure Basic Security Controls on a Fedora Linux Server The students are required to submit their lab assignment answers through this website. All lab assignment questions listed are for each course's week lab activity. This may be a theory based or lab based activity. Lab assessment results and answers are due at the beginning of class the following week. Students are encouraged to perform and submit their lab assessment results immediately upon completion of the lab activity or prior to the due date. During this lab students will properly secure a Linux server system. They will perform steps to secure the bootloader, enable iptables and run SELinux to help lock down the Linux OS. The students will also apply ACLs to directories and files and then check those ACLs and permissions on the system. To accomplish the lab assignment below, students will need to obtain a copy of the Fedora Image provided to you by the Substitute Instructor and complete a basic VMware installation of Fedora. The questions in the lab book will be based on the installation experience. Assigned Pages: 10-26 Questions: 1 through 10. This assignment is due by the beginning of class for Unit 3. 1. What is GRUB and why is it important to lock it down? GRUB stands for Grand Unified Bootloader (1 of 2 boot menus' for the operating system) which is important to lock down is for security reasons. These reasons include being used to start other operating systems (eg. other versions of Linux or Microsoft...

Words: 745 - Pages: 3

Premium Essay

Nt2580 Unit 1

...NT2580-M1 Introduction to Information Security Unit 1: Information Systems Security Fundamentals 2015-Summer, 6/20/2015, Saturday (9:00am – 1:30pm) Student Name ___________________________________ Lesson Plan Theory (in class, Lab #2)……………………………..…………………..……...2 Reading  Kim and Solomon, Chapter 1: Information Systems Security. Objectives……………..………………….……………………………….2 Student Assignments for this Unit Unit 1 Lab Perform Reconnaissance & Probing Using ZenMap GUI (Nmap) Lab #1: Performing Network Reconnaissance using Common Tools Overview and access vLab..............................................................................................3 Part 1: Exploring the Tools used in the Virtual Lab Environment……………16 Unit 1 Assignment Match Risks/Threats to Solutions Part 2: Connecting to a Linux Machine …………………. .........................44 Unit 1 Assignment Impact of a Data Classification Standard Part 3: Using Zenmap to Perform Basic Reconnaissance ……………………59 Appendix A. SYLLABUS………………………………………………..……..………….69 B. Forgot your password?………………………………………………..……..73 Instructor: Yingsang “Louis” HO Tel: 425-241-8080 (cell), (206) 244-3300 (school) Email: yho@itt-tech.edu NT2580_2015_Summer_M1_UNIT1.doc Page 1 of 76 Unit 1: Information Systems Security Fundamentals Learning Objective  Explain the concepts of information systems security (ISS) as applied to an IT infrastructure. Key Concepts  Confidentiality, integrity, and availability...

Words: 3379 - Pages: 14

Free Essay

Is3440 - Unit 1 Lab Assessment Sheet

...Assessment Worksheet Installing a Core Linux Operating System on a Server IS3440 - Linux Security Course Name and Number: _____________________________________________________ Student Name: ________________________________________________________________ Instructor Name: ______________________________________________________________ Lab Due Date: ________________________________________________________________ Overview The foundation of host-based security starts with the installation of the operating system (OS). Contrary to popular opinion, there is no such thing as a secure operating system, but in this lab, you learned how to install the Linux CentOS operating system in a secure manner. You created a new virtual machine, partitioned the hard drive, and installed the Linux operating system. You also created a non-root user account and verified that key services were (or were not) running. Lab Assessment Questions & Answers 1. During the Minimal install, NTP (Network Time Protocol) server was not installed. From a security perspective, why is it important for a system to keep accurate time? To keep the system in sync and up to date for logging purposes such as any incidents that occur. Otherwise a time may not be correct when checking logs for an incident. 2. During the install, you set a password for the root user. What is the root user, and when is it appropriate to use this account? The root user is the system administrator. It is only appropriate...

Words: 503 - Pages: 3

Premium Essay

Test

...Technical Institute IS3340 Windows Security Onsite Course SYLLABUS Credit hours: 4.5 Contact/Instructional hours: 60 (30 Theory Hours, 30 Lab Hours) Prerequisite(s) and/or Corequisite(s): Prerequisite: NT2580 Introduction to Information Security or equivalent Course Description: This course examines security implementations for a variety of Windows platforms and applications. Areas of study include analysis of the security architecture of Windows systems. Students will identify and examine security risks and apply tools and methods to address security issues in the Windows environment. Windows Security Syllabus Where Does This Course Belong? This course is required for the Bachelor of Science in Information Systems Security program. This program covers the following core areas:    Foundational Courses Technical Courses BSISS Project The following diagram demonstrates how this course fits in the program:    IS4799 NT2799 IS4670 ISC Capstone Project Capstone ProjectCybercrime Forensics NSA    NT2580 NT2670  Introduction to  Information Security IS4680 IS4560 NT2580 NT2670 Email and Web Services Hacking and Introduction to  Security Auditing for Compliance Countermeasures Information Security Email and Web Services      NT1230 NT1330 Client-Server Client-Server  Networking I Networking II  IS3230 IS3350 NT1230 NT1330  Issues Client-Server Client-Server  SecurityContext in Legal Access Security Networking I Networking II   NT1110 ...

Words: 2305 - Pages: 10

Free Essay

Css 200 Ip2-Lab

...CSS200-1401B-01 Principals of Network Security Instructor: Gregory Roby Phase 2, Individual Project Date: March 08, 2014 By: Gil Palacio Lab #3 Overview: In this Lab I am learning how to use the Zenmap Graphical User Interface (GUI) for the free Nmap Security Scanner application. This application is an open source tool that automates network exploration to perform several different types of security audit scans of large IP networks (LAB 3, CTU. 2014). SO here is what I gather while doing this Lab: I added several IPs to putty in order to build information or to give information to the GUI that I am looking into. I copy pasted the two interfaces that are up,up in the 1st question from the Lab Assessment sheet of the putty profile created: Interface Ethernet0/0 "", is up, line protocol is up Hardware is 88E6095, BW 100 Mbps Auto-Duplex(Full-duplex), Auto-Speed(100 Mbps) Available but not configured via nameif MAC address c84c.7556.de9e, MTU not set IP address unassigned 0 packets input, 0 bytes, 0 no buffer Received 0 broadcasts, 0 runts, 0 giants 0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort 0 L2 decode drops 0 switch ingress policy drops 0 packets output, 0 bytes, 0 underruns 0 output errors, 0 collisions, 0 interface resets 0 babbles, 0 late collisions, 0 deferred 0 lost carrier, 0 no carrier 0 rate limit drops ...

Words: 1306 - Pages: 6

Premium Essay

It255

...Technical Institute IT255 Introduction to Information Systems Security Onsite Course SYLLABUS Credit hours: 4 Contact/Instructional hours: 50 (30 Theory Hours, 20 Lab Hours) Prerequisite(s) and/or Corequisite(s): Prerequisites: IT220 Network Standards and Protocols, IT221 Microsoft Network Operating System I, IT250 Linux Operating System Course Description: This course provides an overview of security challenges and strategies of counter measures in the information systems environment. Topics include definition of terms, concepts, elements, and goals incorporating industry standards and practices with a focus on availability, vulnerability, integrity and confidentiality aspects of information systems. Introduction to Information Systems Security Syllabus Where Does This Course Belong? This course is required for the Bachelor of Science in Information Systems Security program. This program covers the following core areas:    Foundational Courses Technical Courses BSISS Project The following diagram demonstrates how this course fits in the program: IS427 Information Systems Security Capstone Project 400 Level IS404 Access Control, Authentication & KPI IS411 Security Policies & Implementation Issues IS415 System Forensics Investigation & Response IS416 Securing Windows Platforms & Applications IS418 Securing Linux Platforms & Applications IS421 Legal & Security Issues IS423 Securing Windows Platforms & Applications 300...

Words: 4114 - Pages: 17

Premium Essay

Seeking Help

...Systems Security [Onsite] Course Description: This course provides an overview of security challenges and strategies of counter measures in the information systems environment. Topics include definition of terms, concepts, elements, and goals incorporating industry standards and practices with a focus on availability, vulnerability, integrity and confidentiality aspects of information systems. Prerequisite(s) and/or Corequisite(s): Prerequisites: IT220 Network Standards and Protocols, IT221 Microsoft Network Operating System I, IT250 Linux Operating System Credit hours: 4 Contact hours: 50 (30 Theory Hours, 20 Lab Hours) Introduction to Information Systems Security Syllabus Where Does This Course Belong? This course is required for the Bachelor of Science in Information Systems Security program. This program covers the following core areas:    Foundational Courses Technical Courses BSISS Project The following diagram demonstrates how this course fits in the program: IS427 Information Systems Security 400 Level Capstone Project IS418 IS404 Access Control, Authentication & KPI IS421 Legal & Security Issues IS423 Securing Windows Platforms & Applications IS411 Security Policies & Implementation Issues IS415 System Forensics Investigation & Response IS416 Securing Windows Platforms & Applications Securing Linux Platforms & Applications 300 Level IS305 Managing Risk in Information Systems IS308 Security Strategies...

Words: 4296 - Pages: 18

Free Essay

Linux

...qwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmrtyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmrtyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmrtyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmrtyuiopasdfghjklzxcvbnmqwer...

Words: 1010 - Pages: 5

Premium Essay

Unit 1 Assessment Worksheet

...IS3445T Security for web applications | Evaluate Business World Transformation- Impact of the Internet and WWW | Unit 1 Lab 1 | | Daniel Alvarado Jr. | 6/24/2014 | | LAB ASSESMENT QUESTIONS & ANSWERS 1. From the results of the Lab #1 – Business Application Impact Analysis Worksheet, what do you consider to be the greatest type of risk and why? * Private own Bank/ due to financial information 2. Why is it critical to perform periodic web application vulnerability assessments and penetration test? * To reduce vulnerabilities and test environments/ in addition to securing operating systems 3. What kind of web application does Damn Vulnerable Web Application use? * PHP/open source APP * Web Based * Penetration Testing 4. Why is connecting your web servers and web application to the internet like opening Pandora’s Box? * Opens your system to vulnerability confidential information 5. What does the skipfish application do and why is it good security tool for web servers and web application testing? * High speed Web App Recon Tool 6. What is tcdump and why is it a good tool for application for testing the Ubuntu Linux web server and web application security? * Allows to see traffic protocol testing 7. What does the Firefox Live HTTP Headers Plug-in application do, and why is this a good tool for web server and web application security testing? * Debug Application * See Server response 8...

Words: 294 - Pages: 2

Premium Essay

Unit 1 Lab

...Students will be provided with a copy of the VMware image of the Linux distribution and tools that will be used through out this course when I return to class on September 25, 2012. Accompanying this lab students will need to answer the questions from the Security Strategies in Linux Platforms and Applications lab book. To accomplish the lab assignment below, students will need to obtain a copy of the Fedora Image provided to you by the Substitute Instructor and complete a basic VMware installation of Fedora. The questions in the lab book will be based on the installation experience. Assigned Pages: 6-10 Questions: 1 through 15. This assignment is due by the end of class for Unit 1. 1. During the install, the option to sync with a NTP (Network Time Protocol) server was checked. From a security perspective, why is it important for a system to keep accurate time? Accurate time is important because of the date/time stamps (records) that occur on both log-in's and any changes that were made. This allows the logs to be checked to see what individual made the changes, or was logged-in at the time the changes were implemented. 2. During the install, a password has been set for the "root" user. What is the "root" user, and when is it appropriate to use this account? The "root" user is name or account that by default has access to all commands and files. It is also referred to as the root account, root user and the superuser. It would be appropriate to use this account...

Words: 1655 - Pages: 7