SECURITY AND ACCESS CONTROL

You use a special user account called administrator to log on to your computer; however, you think someone has learned your password. You are logged on as Administrator. In this lab, your task is to change your password to r8ting4str. The current administrator account uses 7hevn9jan as the password. As you type in the password, the cursor will not move. Continue entering the password anyway.

A the prompt, type passwd and press Enter. When prompted, enter 7hevn9jan as the current password and press Enter. At the New password prompt, enter r8ting4str and press Enter. Retype r8ting4str as the new password and press Enter.

The Sales team uses the /sales directory to store documents related to sales, contacts, and orders. Currently, permissions on the directory only allow the user and group owners to view the contents of the directory. Users who are not part of the group owner are unable to list the contents of the directory. As part of a new company policy to increase teamwork, you want to allow all users to be able to see the /sales directory and list its contents. You also want to let all users open any document inside that directory, but you don't want them to make changes to documents. In this lab, your task is to complete the following: Allow the other group to browse the /sales directory. Modify permissions on all files in the /sales directory to allow members of the other group to view the file but prohibit them from changing it.

At the command prompt, type chmod o+rx /sales and press Enter to enable the other group to browse the /sales directory. The read and execute permissions are necessary to see the directory and list its contents. Type chmod o+r /sales/* and press Enter to allow the other group to read all documents in the /sales directory.

The human resources team uses the /hr directory to keep important employee documents. Over time, you notice that permissions set on each file have become inconsistent. You want to make sure that all files in the /hr directory have the same permissions settings. You must modify the file permissions to be -rw-rw---- (the octal equivalent of 110 110 000 = 660). In this lab, your task is to configure permissions on all files in the /hr directory as follows: User and group owners should have Read and Write permissions to the files. All other users should have no permissions on any file. Use the ls command to verify your changes.

At the prompt, type chmod 660 /hr/* and press Enter to set the permissions on all files in the /hr folder to the same permissions. Type ls -la /hr and press Enter to verify the changes.

An assistant administrator has been modifying permissions on the /hr directory. You want to quickly change the permissions on /hr to match the permission settings documented in your company's security policy. You must modify the directory permissions to be drwxr-xr-x (the octal equivalent of 111 101 101 = 755). In this lab, your task is to modify the permissions on the /hr directory as follows: User: Read, Write, Execute Group: Read, Execute Other: Read, Execute

At the prompt, type chmod 755 /hr. Press Enter to set these permissions on the /hr directory.

A change in company policy requires users in the hr group to make changes to the files in the /hr directory. In this lab, your task is to: Give the Write group permission to the files in the /hr directory in addition to any existing permissions. Use the ls command to verify the changes.

At the prompt, type chmod g+w /hr/* and press Enter to add the write group permission to all files in the /hr directory. Type ls -la /hr and press Enter to verify the changes.

You have a Linux workstation that you use at home. You are the only person that uses this computer. You want to improve security by removing the SUID and SGID from some files. In this lab, your task is to: Remove the SUID from the following files: /usr/bin/gpasswd /usr/bin/newgrp Remove the SGID from the following files: /usr/bin/wall /usr/bin/write Leave permissions on the files as they are.

At the prompt, type chmod u-s /usr/bin/gpasswd and press Enter to remove the SUID. Type chmod u-s /usr/bin/newgrp and press Enter to remove the SUID. Type chmod g-s /usr/bin/wall and press Enter to remove the SGID. Type chmod g-s /usr/bin/write and press Enter to remove the SGID.

During a random security audit, you found that ownership and group ownership for the /hr directory is set to Will Adams (wadams). For security reasons, you need to change the ownership. You want to give ownership to Brenda Cassini (bcassini), the office manager, and you want to give group ownership to the hr group for all the files in the directory. After you do this, you need to reset group ownership on the /hr/personnel file to mgmt1. In this lab, your task is to: Give bcassini ownership of the /hr directory and all of its contents. Give hr group ownership of the /hr directory and all of its contents. Return group ownership of the /hr/personnel file to mgmt1.

At the prompt, type chown -R bcassini:hr /hr and press Enter to assign user ownership to bcassini and group ownership to hr for the /hr directory and all of its contents.The -R switch changes the ownership recursively throughout the /hr directory tree. Use chgrp mgmt1 /hr/personnel and press Enter to return group ownership of the /hr/personnel file to mgmt1.

Brenda Cassini (bcassini) is taking over payroll documentation for Will Adams (wadams). In this lab, your task is to give the bcassini user ownership of the /hr/payroll file. Use the ls -l command to verify the ownership changes.

At the prompt, type chown bcassini /hr/payroll and press Enter to give bcassini ownership of the /hr/payroll file. Type ls -l /hr and press Enter to verify the change in ownership.

Currently, all the sales people in your company belong to a group called sales. The VP of sales wants two sales groups, a western sales division and an eastern sales division. In this lab, your task is to: Rename the sales group western_sales_division. Create the eastern_sales_division group. Remove aespinoza as a member of the western_sales_division group. Assign aespinoza as a member of the eastern_sales_division group. When you're finished, view the /etc/group file or use the groups command to verify the changes.

At the prompt, type groupmod -n western_sales_division sales and press Enter to rename the sales group to western_sales_division. Type groupadd eastern_sales_division and press Enter to create the eastern_sales_division group. Type usermod -G eastern_sales_division aespinoza and press Enter to modify group membership. When you assign aespinoza to the eastern_sales_division group with the usermod -G option, the user account is removed from the western_sales_division group. Use cat /etc/group or groups aespinoza to verify the aespinoza's group membership.

Corey Flynn (cflynn) currently belongs to several groups. Due to some recent restructuring, he no longer needs to be a member of the hr group. To preserve existing group membership, use the usermod -G command listing all groups to which the user must belong. Do not include the primary group name in the list of groups. In this lab, your task is to: Remove cflynn from the hr group. Preserve all other group memberships. View the /etc/group file or use the groups command to verify the changes.

At the prompt, type groups cflynn and press Enter to view a list of all groups to which the user belongs. You will see that cflynn currently belongs to the mgmt1, it, and hr secondary groups. The cflynn group is the user's primary group. Type usermod -G mgmt1,it cflynn and press Enter to change group membership. Type groups cflynn and press Enter to verify the user account's group membership.

The VP of sales promoted Salman Chawla (schawla) to regional sales director. Now Salman needs the rights and permissions assigned to the mgmt2 and hr groups. You are logged on as root. When assigning group membership, remember that: When you use the usermod -G command to assign group membership, the user account is removed from all existing secondary groups before being added to the groups specified with the usermod command. When you use the usermod -aG command to assign group membership, the new group is appended to the list of existing secondary groups the user belongs to. In this lab, your task is to: Identify all the groups that the schawla user belongs. Add mgmt2 and hr as secondary groups to the schawla user, but make sure the user is still a member of all current groups. When you're finished, view the /etc/group file to verify the changes.

At the prompt, type groups schawla and press Enter to view a list of all groups the user belongs to. You will see that schawla currently belongs to the mgmt1 and sales group. The schawla group is the user's primary group. Type usermod -aG mgmt2,hr schawla and press Enter to add hr and mgmt2 to the secondary group memberships for the schawla user account. Type cat /etc/group or groups schawla and press Enter to verify the changes.

You are an IT manager. One of your job duties is monitoring system logs for the Linux systems on your network. The Journald service is collecting and storing system log data. In this lab, your task is to view the system logs using the journalctl command with the option that: Displays the kernel message log from the current boot. Displays the system log in reverse order with the newest entries first.

At the prompt, type journalctl -k and press Enter. Type q to quit. Type journalctl -r and press Enter.

Your system administrator scheduled a system update that requires all machines to be running and all users to be logged out of the system. In this lab, your task is to log out of the system while leaving the system powered on.

At the prompt, type logout. Press Enter to log off of the system.

The hr group currently owns the /hr/personnel file, but the mgmt1 group should own the file to protect employee privacy. In this lab, your task is to: Change the group ownership of the /hr/personnel file from hr to mgmt1. Use the ls -l command to verify the ownership change.

At the prompt, type one of the following commands and press Enter:chgrp mgmt1 /hr/personnelchown .mgmt1 /hr/personnelchown :mgmt1 /hr/personnel Type ls -l /hr and press Enter to verify the ownership change.

You have a Linux workstation that you use at home for browsing the internet, playing music, and writing letters. When you run your MP3 player, it sometimes pauses in playback. You have heard that you might be able to alleviate the problem by raising the priority of the program. You decide to set the SUID bit to automatically run the program as root and thereby raise its priority. In this lab, your task is to: Set the SUID bit for the /usr/bin/xmms program. Don't change any other permissions on the file.

At the prompt, type one of the following commands: chmod u+s /usr/bin/xmms chmod 4755 /usr/bin/xmms Press Enter to add the SUID bit to the file without changing the other permissions.

You're the IT administrator for a small corporate network. You've set up an internal web server to do some testing. You would like to obscure the server some by changing the default ports. In this lab, your task is to: Use ss -lt and netstat to determine which ports the web server is running on. Modify the ports.conf file to change port 80 to 81 and port 8080 to 8081. Restart the web server to implement the port change. Use netstat and ss -lt to verify that the server is listening on the new ports.

At the prompt, type ss -lt and press Enter to view which ports the server is listening on. Type netstat and press Enter to identify which ports the apache web server is listening on. The web server is listening on 80, 443, and 8080. Type nano /etc/apache2/ports.conf and press Enter to open the port configuration file. Change 80 to 81. Change 8080 to 8081. Press Ctrl + O. Press Enter to save the file. Press Ctrl + X to exit the editor. Type systemctl restart apache2 and press Enter to restart the web server. Type ss -lt and press Enter. Type netstat and press Enter to verify that the server is listening on the new ports.

Salman Chawla (schawla) forgot his password and needs access to the resources on his computer. You are logged on as wadams. The password for the root account is 1worm4b8. In this lab, your task is to: Change the password for the schawla user account to G20oly04 (0 is a zero). Make sure the password is encrypted in the shadow file. Do not use the usermod -p command to change the password, as this stores the unencrypted version of the password in the /etc/shadow file.

At the prompt, type su -c "passwd schawla" and press Enter. Type 1worm4b8 and press Enter for the root user password. Type G20oly04 and press Enter for the new password for the schawla user account. Type G20oly04 as the new password and press Enter.

You want to change your default umask to give yourself and members of the groups to which you belong full permissions to the files and directories you create. You want to deny permissions for everyone else. You are logged on as wadams. The octal values in the umask command subtracts permissions rather than grant them. In this case, the 0 in the first position subtracts no permissions from the user. The 0 in the second position subtracts no permissions from the group. The 7 in the third position subtracts all permissions for other users. You cannot create a file with execute permissions because you must compile an executable file. You can only create a directory with execute permissions. Use the table below to determine the octal values needed for the umask command. To Subtract Use Directory Result File Result No permissions 0 rwx rw- Execute permissions 1 rw- rw- Write permissions 2 r-x r-- Write and execute permissions 3 r-- r-- Read permissions 4 -wx -w- Read and execute permissions 5 -w- -w- Read and write permissions 6 --x --- All permissions 7 --- --- In this lab, your task is to change your default umask value to give yourself and members of the groups to which you belong full permissions to the files and directories that you create

At the prompt, type umask 007. Press Enter to set the umask value.

The VP of Marketing has told you that Paul Denunzio will join the company as a market analyst in two weeks. You need to create a new user account for him. In this lab, your task is to complete the following: Create the pdenunzio user account. Include the full name, Paul Denunzio, as a comment for the user account. Set eye8cereal as the password for the user account. When you're finished, view the /etc/passwd file to verify the creation of the account.

At the prompt, type useradd -c "Paul Denunzio" pdenunzio and press Enter to create the user and set the comment in a single command. Type passwd pdenunzio and press Enter. Type eye8cereal as the password and press Enter. Retype eye8cereal as the password and press Enter. Type cat /etc/passwd and press Enter to verify that the account was created.

Linda Blaine (lblaine) and Rhonda Conger (rconger) are temporary employees who were auditing your organization's financial documents. Their user accounts are members of the auditors group. They have completed their work and have moved on to new assignments. You need to remove their user accounts, home directories, and the auditors group from the system. In this lab, your task is to: Delete the following user accounts and their corresponding home directories:lblainerconger Delete the auditors group. View the /etc/group file to verify the changes.

At the prompt, type userdel -r lblaine and press Enter to delete the lblaine user account and home directory. The inclusion of the -r switch removes the home directory. Type userdel -r rconger and press Enter to delete the rconger user account and home directory. Type groupdel auditors and press Enter to delete the auditors group. Type cat /etc/group and press Enter. Type ls /home and press Enter to verify the changes.

Terry Haslam (thaslam) was dismissed from the organization. His colleagues have harvested the files they need from his home and other directories. Your company security policy states that upon dismissal, users accounts should be removed in their entirety. In this lab, your task is to: Remove the thaslam user account and the home directory from the system. The -r switch removes the home directory when the user is also removed. When you're finished, view the /etc/passwd file and /home directory to verify the account's removal.

At the prompt, type userdel -r thaslam and press Enter to remove the user account and the home directory. Type cat /etc/passwd and press Enter. Type ls /home and press Enter to verify that the account was removed.

Salman Chawla (schawla) is no longer part of the sales team and is waiting to be assigned a new position. In the meantime, you do not want him to have access to sales resources. In this lab, your task is to: Remove the schawla user from all secondary group memberships. View the /etc/group file to verify the changes.

At the prompt, type usermod -G "" schawla and press Enter to remove the user from all groups. Do not include a space between the quotes. Type cat /etc/group or groups schawla to verify the changes.

Maggie Brown (mbrown) and Corey Flynn (cflynn) have recently been hired in the Human Resources department. You have already created their user accounts. In this lab, your task is to complete the following: Add the hr group as a secondary group for the mbrown and cflynn user accounts. When you're finished, view the /etc/group file or use the groups command to verify the changes. The -g switch with the usermod command sets the primary group membership, not the secondary group membership.

At the prompt, type usermod -G hr mbrown and press Enter to make mbrown a member of the hr group. Use usermod -G hr cflynn and press Enter to make cflynn a member of the hr group. Use groups mbrown and press Enter to verify the mbrown's group membership. Use groups cflynn and press Enter to verify the cflynn's group membership.

Every seven years, your company provides a 6-week sabbatical for every employee. Vera Edwards (vedwards), Corey Flynn (cflynn), and Bhumika Kahn (bkahn) are leaving today, while Maggie Brown (mbrown), Brenda Cassini (bcassini), and Arturo Espinoza (aespinoza) are just returning. The company security policy mandates that user accounts for employees gone for longer than two weeks be disabled. In this lab, your task is to complete the following: Lock the following user accounts:vedwardscflynnbkahn Unlock the following user accounts:mbrownbcassiniaespinoza When you're finished, view the /etc/shadow file to verify the changes

At the prompt, type usermod -L vedwards or passwd -l vedwards and press Enter to lock the user account. Type usermod -L cflynn or passwd -l cflynn and press Enter to lock the user account. Type usermod -L bkahn or passwd -l bkahn and press Enter to lock the user account. Type usermod -U mbrown or passwd -u mbrown and press Enter to unlock the user account. Type usermod -U bcassini or passwd -u bcassini and press Enter to unlock the user account. Type usermod -U aespinoza or passwd -u aespinoza and press Enter to unlock the user account. Type cat /etc/shadow to verify the changes. The inclusion of the exclamation point (!) in the password field indicates whether the account is disabled.

Brenda Cassini (bcassini) has recently married. You need to update her user account to reflect her new last name. In this lab, your task is to use the usermod command to complete the following: Rename the user account bpalmer. Use the -l switch followed by the new account name. Change the comment field to read Brenda Palmer. Use the -c switch followed by the new comment in quotes. Change the home directory to /home/bpalmer, moving the contents of the old home directory to the new location. Use the -d switch followed by the home directory path and then the -m switch to move the contents to the new location. When you're finished, view the /etc/passwd file and /home directory to verify the modification.

At the prompt, type usermod -c "Brenda Palmer" -d /home/bpalmer -m -l bpalmer bcassini and press Enter. Type cat /etc/passwd and press Enter. Type ls /home and press Enter to verify that the account was modified.

In this lab, select View Lab and type uptime -h to find the correct option to answer the following questions:

On which date was the CorpData server started? 2019-01-10 What time was the CorpData server started on that date? 10:14:00

Earlier in the day, you created a user account for Brenda Cassini (bcassini). When she tries to log in, she can't. You realize that you misspelled her username as bcasini. You are logged on as wadams, so you will have to address this issue as the root user. The root password is 1worm4b8. In this lab, your task is to: Change the user account name from bcasini to bcassini. Change the home directory to /home/bcassini. When you're finished, view the /etc/passwd file to verify the changes. There is more than one procedure that can be used to make the required changes. It is possible to complete these tasks with a single command using the su -c "command" syntax.

Procedure 1 At the prompt, type su - and press Enter to change to the root user. Type 1worm4b8 as the root password and press Enter. Type usermod -l bcassini bcasini and press Enter to change the account name. Type usermod -d /home/bcassini bcassini and press Enter to change bcassini's home directory. Use cat /etc/passwd and press Enter to verify the changes. Procedure 2 At the prompt in the wadams account, type su -c "usermod -l bcassini -d /home/bcassini bcasini" and press Enter to complete this task using a single command. Type 1worm4b8 as the root password and press Enter.

Type cat /etc/passwd at the prompt to answer the following questions:

What is the UID for the schawla user account? 509 What is the full user's name (GECOS field) for the rcronn user account? Robert Cronn What is the primary group ID for the ftp user account? 50 What is the path of the home directory for the root user account? /root

View the /etc/group file. Type cat /etc/group at the prompt to answer the following questions:

Which of the following user accounts is not a member of the mgmt1 group? bcasssini Which of the following users belongs to the devel group? mbrown What is the sales group's ID? 513 What is the name of the group with the ID 503? cflynn

As the IT administrator for a small corporate network, you periodically check the firewall configuration on the CorpData Linux server to make sure everything is secure. In this lab, select View Lab and type iptables -L at the prompt to answer the following question:

Which two TCP services have been allowed through the firewall? SSH and HTTP

You are logged in as root, and the working directory is root's home directory. Type ls -l /folder_name/file_name at the prompt to answer the following questions:

Who owns the /sales/orders file? bcassini Who is the group owner of the /projects/darkhorse file? proj Who is the owner of the /projects directory? bcassini Who is the group owner of the /hr directory? wadams