A.2.4 Linux Pro Domain 4: Security and Access Control

Ace your homework & exams now with Quizwiz!

Maggie Brown (mbrown) and Corey Flynn (cflynn) have recently been hired in the Human Resources department. You have already created their user accounts. In this lab, your task is to: Add the hr group as a secondary group for the mbrown and cflynn user accounts. View the /etc/group file or use the groups command to verify the changes.

1. Add the hr group as a secondary group for Maggie and Corey. a. From the Favorites bar, select Terminal. b. At the prompt, type usermod -G hr mbrown and press Enter to make mbrown a member of the hr group. c. Type usermod -G hr cflynn and press Enter to make cflynn a member of the hr group. 1. Verify the assignments. a. Type groups mbrown and press Enter to verify mbrown's group membership. b. Type groups cflynn and press Enter to verify cflynn's group membership.

You use a special user account called Administrator to log on to your computer. However, you think that someone has learned your password. You are currently logged on as Administrator. In this lab, your task is to: Change your password. The current Administrator account uses 7hevn9jan as the password. New password: r8ting4str

1. Change the password for the Administrator account. a. From the Favorites bar, select Terminal. b. At the prompt, type passwd and press Enter. c. When prompted, enter 7hevn9jan as the current password and press Enter. d. At the New password prompt, enter r8ting4str and press Enter. e. Retype r8ting4str as the new password and press Enter.

Salman Chawla (schawla) is no longer part of the sales team and is waiting to be assigned a new position. In the meantime, you do not want him to have access to sales resources. Complete this lab from the Terminal. In this lab, your task is to: Remove the schawla user from all secondary group memberships. View the /etc/group file to verify the changes.

1. Remove the schawla user from all secondary group memberships. a. From the Favorites bar, select Terminal. b.At the prompt, type usermod -G "" schawla and press Enter to remove the user from all groups. Do not include a space between the quotes. c. Type groups schawla or cat /etc/group to verify the changes.

To limit the number of people who know the root password on the computer used by the marketing team, you need to designate a user that can use sudo to manage the system. You are currently logged in as the root user. Complete this lab from the Terminal. In this lab, your task is to: Use the applicable utility to give wadams sudo privileges as a regular user. Verify that the change has taken effect as follows: Use the su - wadams command to switch to the wadams account. As the wadams user, try to use the touch command to change the modified date and time of the /etc/hosts file. As the wadams user, try to use the sudo touch command to change the modified date and time of the /etc/hosts file. 6or7en wadams's password. Use the ls command to view the modified date and time of the /etc/hosts file.

1. Use visudo to edit the /etc/sudoers file. a. From the Favorites bar, select Terminal. b. From the prompt, type visudo and press Enter. c. Select 1 to use the nano editor. d. Press Enter to add a new line. e. Press the Up arrow to move to the new line added. f. Type wadams ALL=(ALL) ALL to add wadams as a regular user. g. Press Ctrl + X to exit the editor. h. Type y to save your changes. i. Press Enter to use the default name. 2. Verify that wadams does not have rights to create the /etc/hosts file. a. Type su - wadams and press Enter. b. Type touch /etc/hosts to try and edit the file. Notice the Permissions denied error. 3. Verify that wadams now has sudo rights. a. Type sudo touch /etc/hosts to edit the file. b. Type 6or7en for the password and then press Enter. Notice that you were able to change the modified date of the file. c. Type ls -l /etc/hosts and then press Enter to verify that the file modified date was changed.

A change in company policy requires users in the hr group to make changes to the files in the /hr directory. Complete this lab from the terminal. In this lab, your task is to: Give the Write group permission to the files in the /hr directory in addition to any existing permissions. Use the ls command to verify the changes.

Give the Write group permission to the files in the /hr directory. a. From the Favorites bar, select Terminal. b. At the prompt, type chmod g+w /hr/* and press Enter to add the write group permission to all files in the /hr directory. c. Type ls -la /hr and press Enter to verify the changes.

Your manager wants to verify information regarding the various groups on this system. Complete this lab from the Terminal. In this lab, your task is to: View the contents of the file that contains the group information. Answer the questions.

Type cat /etc/group

Your manager wants to verify information regarding the users on this system. Complete this lab from the Terminal. In this lab, your task is to: View the contents of the file that contains the user information. Answer the questions.

cat /etc/passwd

Your system administrator has scheduled a system update. The administrator has asked that everyone log out of their systems and leave them running. In this lab, your task is to: Log out of the system while leaving the system powered on.

logout

You are the IT administrator for this Linux system. Your manager has asked you to verify the ownership of a few files and directories. Complete this lab from the Terminal. In this lab, your task is to: View the ownership for the /sales/orders file. Answer Question 1. View the ownership for the /projects/darkhorse file. Answer Question 2. View the ownership for the /projects directory. Answer Question 3. View the ownership for the /hr directory. Answer Question 4.

ls -l NAME

Terry Haslam (thaslam) was dismissed from the organization. His colleagues have harvested the files they need from his home directory and other directories. Your company's Security Policy states that upon dismissal, users accounts should be removed in their entirety. In this lab, your task is to: Remove the thaslam user account and home directory from the system. View the /etc/passwd file and /home directory to verify the account's removal.

userdel -r thaslam cat /etc/passwd

Your organization has added three development servers that will not be part of the Domain Name Service (DNS). To be able to access these servers more easily, you want to add them to the /etc/hosts file. Complete this lab from the Terminal. In this lab, your task is to: Use the applicable commands to edit the /etc/hosts file using either the nano or vim editors. Add the following hosts to the /etc/hosts file: Host IP Address Alias potato.corpnet.local 192.168.122.84 potato radish.corpnet.local 192.168.122.85 radish lettuce.corpnet.local 192.168.122.86 lettuce Use the cat command to verify the changes.

1. Add the additional hosts to the /etc/hosts file. a. From the Favorites bar, select Terminal. b. From the prompt, type sudo nano /etc/hosts and then press Enter. c. Enter 6or7en as the password for wadams and then press Enter. d. Using your arrow keys and keyboard, add the following hosts to the end of the hosts file: *192.168.122.84 potato.corpnet.local potato *192.168.122.85 radish.corpnet.local radish *192.168.122.86 lettuce.corpnet.local lettuce 2. Save the changes to the file and exit. a. Press Ctrl + x to save the modified buffer. b. Press y to confirm your choice. c. Press Enter to save the name using the default file name. 3. Verify the changes. a. From the prompt, type cat /etc/hosts and then press Enter. b. Verify that the new hosts have been added.

The Sales team uses the /sales directory to store documents related to sales, contacts, and orders. Currently, permissions on the directory only allow the user and group owners to view the contents of the directory. Users who are not part of the group owner are unable to list the contents of the directory. As part of a new company policy to increase teamwork, you want to allow all users to be able to see the /sales directory and list its contents. You also want to let all users open any document inside that directory, but you do not want them to make changes to the documents. Complete this lab from the Terminal. In this lab, your task is to: Allow the group other to browse the /sales directory. Modify permissions on all files in the /sales directory to allow members of the other group to view the files, but prohibit them from changing them.

1. Allow the group other to browse the /sales directory. a. From the Favorites bar, select Terminal. b. At the prompt, type chmod o+rx /sales and press Enter to enable the other group to browse the /sales directory. 2. The read and execute permissions are necessary to see the directory and list its contents. Modify permissions on all files in the /sales directory to allow members of the other group to view the files but prohibit them from changing them. a. Type chmod o+r /sales/* and press Enter to allow the other group to read all documents in the /sales directory.

The wadams user needs access to a file in the /sales folder on your system, but does not belong to the sales group. In this lab, your task is to use ACL utilities to: Check the permissions on the /sales/forecast.txt file. Grant full rights for the /sales/forecast.txt file to wadams.

1. Check permissions on the /sales/forecast.txt file. a. From the Favorites bar, select Terminal. b. At the prompt, type getfacl /sales/forecast.txt and then select Enter. 2. Grant full rights for the /sales/forecast.txt file to wadams. a. Type setfacl -m u:wadams:rwx /sales/forecast.txt and then select Enter. b. Type getfacl /sales/forecast.txt and then select Enter.

The human resources team uses the /hr directory to keep important employee documents. Over time, you notice that permissions set on each file have become inconsistent. You want to make sure that all files in the /hr directory have the same permissions settings. You must modify the file permissions to be -rw-rw---- (the octal equivalent of 110 110 000 = 660). Complete this lab from the Terminal. In this lab, your task is to: Configure permissions on all files in the /hr directory as follows: User and group owners should have Read and Write permissions to the files. All other users should have no permissions on any file. Use the ls command to verify your changes.

1. Configure permissions on all files in the /hr directory. a. From the Favorites bar, select Terminal. b. At the prompt, type chmod 660 /hr/* and press Enter to set the permissions on all files in the /hr folder to the same permissions. c. Type ls -la /hr and press Enter to verify the changes.

Salman Chawla (schawla) forgot his password and needs access to the resources on his computer. You are logged on as wadams. The password for the root account is 1worm4b8. In this lab, your task is to: Change the password for the schawla user account to G20oly04 (0 is a zero). Make sure that the password is encrypted in the shadow file.

1. Create a new password for Salman Chawla. a. From the Favorites bar, select Terminal. b. At the prompt, type su -c "passwd schawla" and press Enter. c. Type 1worm4b8 and press Enter for the root user password. d. Type G20oly04 and press Enter for the new password for the schawla user account. e. Type G20oly04 as the new password and press Enter.

The VP of Marketing has told you that Paul Denunzio will join the company as a market analyst in two weeks. You need to create a new user account for him. In this lab, your task is to: Create the pdenunzio user account. Include the full name (Paul Denunzio) as a comment for the user account. Set eye8cereal as the password for the user account. When you're finished, view the /etc/passwd file to verify the creation of the account. Answer the question.

1. Create a user. a. From the Favorites bar, select Terminal. b. At the prompt, type useradd -c "Paul Denunzio" pdenunzio and press Enter to create the user and set the comment in a single command. 2. Create a password for the new user. a. Type passwd pdenunzio and press Enter. b. Type eye8cereal as the password and press Enter. c. Retype eye8cereal as the password and press Enter. 3. View the passwd file and answer the question. a. Type cat /etc/passwd and press Enter to verify that the account was created. b.From the top right, select Answer Questions. c. Answer Question 1. d. Select Score Lab.

Linda Blaine (lblaine) and Rhonda Conger (rconger) are temporary employees who were auditing your organization's financial documents. Their user accounts are members of the auditors group. They have completed their work and have moved on to new assignments. You need to remove their user accounts, home directories, and the auditors group from the system. Complete this lab from the terminal. In this lab, your task is to: Delete the following user accounts and their corresponding home directories: lblaine rconger Delete the auditors group. View the /etc/group file to verify the changes.

1. Delete the user accounts and their corresponding home directories. a. From the Favorites bar, select Terminal. b. At the prompt, type userdel -r lblaine and press Enter to delete the lblaine user account and home directory. The inclusion of the -r switch removes the home directory. c. Type userdel -r rconger and press Enter to delete the rconger user account and home directory. 2. Delete the auditors group. a. Type groupdel auditors and press Enter to delete the auditors group. b. Type cat /etc/group and press Enter to verify that the users were deleted. c. Type ls /home and press Enter to verify that the home directories were deleted.

An assistant administrator has been modifying permissions on the /hr directory. You want to quickly change the permissions on /hr to match the permission settings documented in your company's security policy. You must modify the directory permissions to be drwxr-xr-x (the octal equivalent of 111 101 101 = 755). Complete this lab from the Terminal. In this lab, your task is to: Determine the current permissions for the /hr directory. Answer the question. Modify the permissions on the /hr directory as follows: User: Read, Write, Execute Group: Read, Execute Other: Read, Execute

1. Determine the current permissions for the /hr directory. a. From the Favorites bar, select Terminal. b. At the prompt, type ls -la /hr and press Enter. c. From the top right, select Answer Questions. d. Answer Question 1. 1. Modify the permissions on the /hr directory to rwxr-xr-x. a. From the Terminal prompt, type chmod 755 /hr and press Enter to set these permissions on the /hr directory. b. At the prompt, type ls -l / and press Enter to verify the change.

You want to change your default umask to give yourself and members of the groups to which you belong full permissions to the files and directories you create. You want to deny permissions for everyone else. You are logged on as wadams. Complete this lab from the Terminal. In this lab, your task is to: Change your default umask value to give yourself and members of the groups to which you belong full permissions to the files and directories that you create.

1. Determine the current umask for Will Adams. a. From the Favorites bar, select Terminal. b. At the prompt, type umask and then press Enter to view the current umask value. c. From the top right, select Answer Questions. d. Answer Question 1. 2. Change your default umask value to give yourself and members of the groups to which you belong full permissions to the files and directories that you create. a. At the prompt, type umask 007 and press Enter to set the umask value. b. At the prompt, type umask and then press Enter to view the current umask value. c. From the Lab Questions dialog, select Score Lab.

The CEO of the company wants to make sure that the employees' personal information, as stored in the /hr/personnel file, is protected. The CEO has asked that you make sure that the human resources (HR) department is the owner of that file. Complete this lab from the Terminal. In this lab, your task is to: Find the current owner of the /hr/personnel file. Answer the question. Change the group ownership of the /hr/personnel file to the hr group. Verify the ownership change.

1. Determine which group is the current owner of the /hr/personnel file. a. From the Favorites bar, select Terminal. b. At the prompt, type ls -l /hr and press Enter to find the current file ownership. c. From the top right, select Answer Questions. d. Answer Question 1. 2. Change the group ownership of the /hr/personnel file. a. At the prompt, type one of the following commands and press Enter: *chgrp hr /hr/personnel *chown .hr /hr/personnel *chown :hr /hr/personnel b. Type ls -l /hr and press Enter to verify the ownership change. c. From the Lab Questions dialog, select Score Lab.

You are an IT manager. One of your job duties is monitoring system logs for the Linux systems on your network. The Journald service is collecting and storing system log data. Complete this lab from the Terminal. In this lab, your task is to: Display the kernel message log from the current boot. Display the system log in reverse order with the newest entries first.

1. Display the kernel message log from the current boot. a. From the Favorites bar, select Terminal. b. At the prompt, type journalctl -k and press Enter. c. Type q to quit. 2. Display the system log in reverse order with the newest entries first. a. Type journalctl -r and press Enter. b. Type q to quit.

Brenda Cassini (bcassini) is taking over payroll documentation for Will Adams (wadams). In this lab, your task is to give the bcassini user ownership of the /hr/payroll file.

1. Give bcassini ownership of the /hr/payroll file. a. From the Favorites bar, select Terminal. b. At the prompt, type ls -l /hr and press Enter to view the current ownership of the /hr/payroll file. c. At the prompt, type chown bcassini /hr/payroll and press Enter to give bcassini ownership of the /hr/payroll file. d. Type ls -l /hr and press Enter to verify the change in ownership.

During a random security audit, you found that the user and group ownership for the /hr directory is set to Will Adams (wadams). For security reasons, you need to change the ownership. You want to give ownership to Brenda Cassini (bcassini), the office manager, and you want to give group ownership to the hr group for all the files in the directory. After you do this, you need to reset group ownership on the /hr/personnel file to mgmt1. Complete this lab from the Terminal. In this lab, your task is to: Give bcassini ownership of the /hr directory and all of its contents. Give the hr group ownership of the /hr directory and all of its contents. Return group ownership of the /hr/personnel file to mgmt1.

1. Give the bcassini user and the hr group ownership of the /hr directory and all of its contents. a. From the Favorites bar, select Terminal. b. At the prompt, type chown -R bcassini:hr /hr and press Enter to assign user ownership to bcassini and group ownership to hr for the /hr directory and all of its contents. The -R switch changes the ownership recursively throughout the /hr directory tree. 2. Return group ownership of the /hr/personnel file to mgmt1. a. Use chgrp mgmt1 /hr/personnel and press Enter to return group ownership of the /hr/personnel file to mgmt1.

Corey Flynn (cflynn) currently belongs to several groups. Due to some recent restructuring, he no longer needs to be a member of the hr group. Complete this lab from the Terminal. In this lab, your task is to: Find the groups to which Corey currently belongs. Answer Question 1. Remove cflynn from the hr group while preserving all other group memberships. View the /etc/group file or use the groups command to verify the changes.

1. Learn the groups to which Corey is currently a member of. a. From the Favorites bar, select Terminal. b. At the prompt, type groups cflynn and press Enter to view a list of all groups to which the user belongs. c. From the top right, select Answer Questions. d. Answer Question 1. 2. Remove cflynn from the hr group while preserving all other group memberships. a. Type usermod -G mgmt1,it cflynn and press Enter to change group membership. b. Type groups cflynn and press Enter to verify the user account's group membership. c. From the Lab Questions dialog, select Score Lab.

The VP of sales has promoted Salman Chawla (schawla) to regional sales director. Now, Salman needs the rights and permissions assigned to the mgmt2 and hr groups. You are logged on as root. Complete this lab from the Terminal. In this lab, your task is to: Identify all the groups that the schawla user belongs to. Answer Questions 1 and 2. Add mgmt2 and hr as secondary groups for the schawla user, but make sure that the user is still a member of all current groups. View the /etc/group file to verify the changes.

1. Locate the groups that Salman belongs to. a. From the Favorites bar, select Terminal. b. At the prompt, type groups schawla and press Enter to view a list of all groups that the user belongs to. c. From the top right, select Answer Questions. d. Answer Questions 1 and 2. 2. Add mgmt2 and hr as secondary groups for the schawla user. a. From the Terminal prompt, type usermod -aG mgmt2,hr schawla and press Enter to add hr and mgmt2 to the secondary group memberships for the schawla user account. 3. Verify the changes. a. Type groups schawla or cat /etc/group and press Enter to verify the changes. b. From the Lab Questions dialog, select Score Lab.

Every seven years, your company provides a six-week sabbatical for each employee. Vera Edwards (vedwards), Corey Flynn (cflynn), and Bhumika Kahn (bkahn) are leaving today, while Maggie Brown (mbrown), Brenda Cassini (bcassini), and Arturo Espinoza (aespinoza) are just returning. Complete this lab from the Terminal. The company Security Policy mandates that user accounts for employees gone for longer than two weeks be disabled. In this lab, your task is to: Lock the following user accounts: vedwards cflynn bkahn Unlock the following user accounts: mbrown bcassini aespinoza View the /etc/shadow file to verify the changes.

1. Lock the required accounts. a. From the Favorites bar, select Terminal. b.At the prompt, type usermod -L vedwards or passwd -l vedwards and press Enter to lock the user account. c. Type usermod -L cflynn or passwd -l cflynn and press Enter to lock the user account. d. Type usermod -L bkahn or passwd -l bkahn and press Enter to lock the user account. 2. Unlock the required accounts. a. Type usermod -U mbrown or passwd -u mbrown and press Enter to unlock the user account. b. Type usermod -U bcassini or passwd -u bcassini and press Enter to unlock the user account. c. Type usermod -U aespinoza or passwd -u aespinoza and press Enter to unlock the user account. 3. Verify the changes. a. Type cat /etc/shadow to verify the changes. The inclusion of the exclamation point (!) in the password field indicates that the account is disabled.

You have a Linux workstation that you use at home. You are the only person that uses this computer. You want to improve security by removing the SUID and SGID from some files. Complete this lab from the Terminal. In this lab, your task is to: Remove the SUID from the following files: /usr/bin/gpasswd /usr/bin/newgrp Remove the SGID from the following files: /usr/bin/wall /usr/bin/write Leave permissions on the files as they are.

1. Remove the SUID from the required files. a. From the Favorites bar, select Terminal. b. At the prompt, type chmod u-s /usr/bin/gpasswd and press Enter to remove the SUID. c. Type chmod u-s /usr/bin/newgrp and press Enter to remove the SUID. 2. Remove the SGID from the required files. a. Type chmod g-s /usr/bin/wall and press Enter to remove the SGID. b. Type chmod g-s /usr/bin/write and press Enter to remove the SGID.

Listen to exam instructions To answer this question, complete the lab using the information below. All the sales people in your company currently belong to a group named sales. The VP of sales wants to have two sales groups, one for the western division and one for the eastern division. In this lab, your task is to: Rename the existing sales group western_sales. Create the new eastern_sales group. Remove aespinoza as a member of the western_sales group. Assign aespinoza as a member of the eastern_sales group. When you're finished, view the /etc/group file or use the groups command to verify the changes.

1. Rename the sales group to western_sales. a. From the Favorites bar, select Terminal. b. At the prompt, type groupmod -n western_sales sales and press Enter. 2. Create the eastern_sales group. a. Type groupadd eastern_sales and press Enter. 3. Remove aespinoza from the western_sales group and add her to the eastern_sales group. a. Type usermod -G eastern_sales aespinoza and press Enter to modify group membership. b. Use cat /etc/group or groups aespinoza to verify the aespinoza's group membership.

You have a Linux workstation, which you use at home for browsing the internet, playing music, and writing letters. When you run your MP3 player, it sometimes pauses in playback. You have heard that you might be able to alleviate the problem by raising the priority of the program. You decide to set the SUID bit to automatically run the program as root and, thereby, raise its priority. Complete this lab from the Terminal. In this lab, your task is to: Set the SUID bit for the /usr/bin/xmms program. Do not change any other permissions on the file.

1. Set the SUID bit for the /usr/bin/xmms program. a. From the Favorites bar, select Terminal. b. At the prompt, type one of the following commands: *chmod u+s /usr/bin/xmms *chmod 4755 /usr/bin/xmms c. Press Enter to add the SUID bit to the file without changing the other permissions.

Earlier in the day, you created a user account for Brenda Cassini (bcassini). When she tries to log in, she is unsuccessful. You realize that you misspelled her username as bcasini. You are logged on as wadams, so you will have to address this issue as the root user. The root password is 1worm4b8. Complete this lab from the Terminal. In this lab, your task is to: Change the login name from bcasini to bcassini. Change the home directory to /home/bcassini. When you are finished, view the /etc/passwd file to verify the changes.

1. Switch to the root user. a. From the Favorites bar, select Terminal. b. At the prompt, type su - and press Enter to change to the root user. c. Type 1worm4b8 as the root password and press Enter. 2. Change the login name from bcasini to bcassini. a. Type usermod -l bcassini bcasini and press Enter to change the account name. 3. Change the home directory to /home/bcassini. a. Type usermod -d /home/bcassini bcassini and press Enter to change bcassini's home directory. b. Use cat /etc/passwd and press Enter to verify the changes.

Brenda Cassini (bcassini) was recently married. Her name is now Brenda Palmer. You need to update her user account to reflect her new last name. In this lab, your task is to: Rename Brenda's user account bpalmer. Change the comment field to read Brenda Palmer. Change Brenda's home directory to /home/bpalmer, moving the contents of the old home directory to the new location. View the /etc/passwd file and the /home directory to verify the modification.

1. Update Brenda's account information. a. From the Favorites bar, select Terminal. b. At the prompt, type usermod -c "Brenda Palmer" -d /home/bpalmer -m -l bpalmer bcassini and press Enter. 2. Verify the changes. a. Type cat /etc/passwd and press Enter. b. Type ls /home and press Enter to verify that the account was modified.


Related study sets

PSYC 345: Quiz 3: Part 1 week 3 me

View Set

Module 5 Study Guide (Apologia Marine Biology)

View Set

Adult health and PEDS nclex (copy)

View Set

NURS 3230 Chapter 31 Skin Integrity and Wound Care NCLEX

View Set

MCAT general and organic chemistry

View Set

Consumer Behavior: Chapter 8 Quiz Review

View Set

MTLB- MODULE 5 (HIV LAWS)- RA 8504

View Set