Evaluation

Question 1

How does a virtual machine work?

Answer 1

A virtual machine is a software-based virtual version of a computer with dedicated ammounts of CPU, memory and storage “borrowed from a physical host computer. The virtual machine is partitioned from the rest of the system, meaning that software inside a vm can’t interfere with the hosts primary operating system.

ELIM5: Normally to run an operating system, like MacOS or windows, you need a real world device like a laptop or a computer. These will usually only run one operating system. An operating system makes sure a computer is useable by regular humans and makes sure you can run other programs like spotify for instance.

When you have a virtual machine program, you can simulate another operating system. It’s like having a computer in a computer. It will work using some of your real computers hardware, which will be set apart and can’t reach the operating system of the real computer. This means you have a safe space to test things you would normally not want to test on your actual computer.

Question 2

Wat is the purpose of a virtual machine

Answer 2

• Test applications on different operating systems (what works on a MacOS might not work on Windows)
• Try out different operating systems (when you’re not sure what to buy for instance)
• Get more out of the hardware
• Handle potential Malware more safely. You can see what a virus does to an operating system without it affecting your main operating system. You can test theories that might break your computer.
• To run old incompatible software. You can start up windows xp for instance.
• Being able to take snapshots or clone the machine. You can easily create a vm and copy it to another machine or go back to a previous version of your vm.

Question 3

How do you check the password policy?

Answer 3

For password requirement:
sudo nano /etc/pam.d/common-password

Password expiration:
sudo nano /etc/login.defs

Question 4

Explain your password policy implementation

Answer 4

If you get this you can aslo just look at the subject and match them with the rules:

retry=3 : only 3 retries
minlen=10 : at least be 10 char
ucredit=-1 : at least one uppercase
lcredit=-1 : at least one lowercase
dcredit=-1 : at least one digit
maxrepeat=3 : no more than 3 consecutive characters
usercheck=0 : can’t have the username
enforce_for_root : make sure the root also needs to comform to the rules
difok=7 at least 7 char not from the former password

Question 5

How do you check the password policy?

Answer 5

For password requirement:
sudo nano /etc/pam.d/common-password

Password expiration:
sudo nano /etc/login.defs

Question 6

Explain your password policy implementation

Answer 6

If you get this you can aslo just look at the subject and match them with the rules:

retry=3 : only 3 retries
minlen=10 : at least be 10 char
ucredit=-1 : at least one uppercase
lcredit=-1 : at least one lowercase
dcredit=-1 : at least one digit
maxrepeat=3 : no more than 3 consecutive characters
usercheck=0 : can’t have the username
enforce_for_root : make sure the root also needs to comform to the rules
difok=7 at least 7 char not from the former password

Question 7

How to set up a new group called “evaluating”? How do you assign a user to this group? How do you check if the user is part of the group?

Answer 7

1. sudo groupadd evaluating
2. usermod -aG evaluating username
3. sudo groups username or getent group sudo

Question 8

How do you create a new user? And how do you set their password?

Answer 8

1. sudo useradd newusername

2. sudo passwd newusername

Question 9

Explain the advantages of the password policy. Explain the advantages/ disadvantages of the implementation

Answer 9

Advantages
- Creates a bigger and more varied password, which should make it harder to guess for other humans

Disadvatanges:

• Easy to get wrong for the user.
• Easy to see what is missing for people trying to hack you. it will tell you if you are missing a digit. or special character for instance. And most people just use first letter as upper case and add a single digit to the end, so that narrows down the ammount of passwds

Question 10

How to check that the hostname of the machine is correctly formatted as follows: login42 (login of the student being evaluated)

Answer 10

hostnamectl

Question 11

How do you modify the host name?

you should also be able to restore the machine with the original hostname/ or just rename it again

Answer 11

1. su
2. hostnamectl set-hostname newname
3. nano /etc/hosts
4. edit the name to the newname (to prevent errors)
5. reboot

Question 12

How do you check if the UFW service is started?

Answer 12

sudo systemctl status ufw

Question 13

How do you check if the ssh service is started?

Answer 13

sudo systemctl status ssh

Question 14

How do you check what operating system you’re running

Answer 14

hostnamectl | grep Operating

Question 15

What are the basic differences between CentOS and Debian

Answer 15

1. Debian has more packages
2. Debian is updated more frequently, every 2 years there is a big update, CentOS has an update cycle of 10 years
3. There for CentOS is more difficult to upgrade, but only requires system administrators to look at upgrading every 10 years, which makes it nice for big enterprises
4. CentOs is supported by a specific community called Red hat. Debian is suported by individuals

Question 16

What is the difference between aptitude and apt, and what is APPArmor?

Answer 16

1. Aptitude gives the user a little terminal menu so the user can manage packages, with apt you need to know what you want to get specifically (and what you want to do, like install/ uninstall)
2. Aptitude allows the user to search for packages with certain words or characters
3. Apt is the default package manager, aptitude needs to be installed.

App armor:
To check the status: sudo aa-status.

Apparmor is a security framework that prevents applications from turning evil. For example: If I run Firefox and visit a bad site that tries to install malware that will delete my home folder, Apparmor has limits on Firefox though preventing it from doing anything I don’t want (like accessing my music, documents, etc). This way even if your application is compromised, no harm can be done.

Question 17

How do you show the partitions on the machine?

Answer 17

lsblk

Question 18

How do you check the hostname?

Answer 18

hostnamectl

Question 19

How does LVM work?

Answer 19

It stands for logical volume management. It can be used to gather existing storage devices into groups and allocate logical units from the combined space as needed.

It starts with physical volumes, which can be a disk or a partition on a disk for instance.
Then a volume group is created from multiple physical volumes.
The logical volumes can be created from the physical extents that are present in the volume group.
file systems build on top of logical volumes, we need this to mount the logical volume, so we can access it and store data in it.

Question 20

How do you check if the sudo program is properly installed?

Answer 20

dpkg -l | grep sudo

sudo -l

Question 21

Where did you configure the sudo rules from the subject?

Answer 21

sudo nano /etc/sudoers

of

sudo visudo

Question 22

What is the value and operation of sudo?

Answer 22

sudo is a linux program that enables users to run programs with the security privileges of another user, by default the superuser. It stands for super user do.

Users need to supply their own passwords and not that of the root/ other user, which is nice because not everybody knows the super user password or other people’s passwords. It also makes sure not just one user can install packages for instance.

Question 23

How do you check the status of the fire wall UFW

Answer 23

sudo ufw status

for more info:
sudo ufw status verbose

Question 24

What is UFW and what is the value of using it?

Answer 24

It stands for uncomplicated firewall and is an easy to use program manage a netfilter firewall. It can control incoming and outgoing network traffic.

the value of using it: the alternative to UFW for security is learning how to use iptables which is very complex and can take new users weeks to get up to speed and make the most of it. The front end of iptables is UFW and gives suers a more user friendly way to work with the firewall. It also has a few GUI friendly tools so you wouldn’t need to use commandlines to configure it.

Question 25

How do you show the active rules in UFW?

Answer 25

sudo ufw status verbose

Question 26

How do you add a new rule to UFW to open port 8080? How do yo check it’s active? how do you delete it?

Answer 26

sudo ufw allow 8080
sudo ufw status numbered
sudo ufw delete “number of the rule”

Question 27

How do yo check ssh is properly installed and working?

Answer 27

sudo systemctl status ssh

Question 28

What is ssh and what is the value of it?

Answer 28

SSH, also known as Secure Shell or Secure Socket Shell, is a network protocol that gives users, particularly system administrators, a secure way to access a computer over an unsecured network.

SSH also refers to the suite of utilities that implement the SSH protocol. Secure Shell provides strong password authentication and public key authentication, as well as encrypted data communications between two computers connecting over an open network, such as the internet.

Question 29

How do you verify that ssh only uses port 4242

Answer 29

grep “Port “ /etc/ssh/sshd_config

Question 30

Use the ssh in order to log in to the newly created user, use a key or a simple password, make sure you cannot use the ssh with the root user

Answer 30

ssh new_user@localhost -p4242
fill in password

to check root:, it should not be possible
ssh root@localhost -p4242

Question 31

How does the monitoring script work?

Answer 31

to find the script: /usr/local/bin/monitoring.sh

walk through the script

Question 32

Explain what cron is

Answer 32

A job scheduler, used to execute a command to an operating system or server for a job at a specified time.

Question 33

Show how the script runs every 10 minutes

Answer 33

sudo crontab -u root -e

crontab is the file, for (-u) user root, -e = edit

Question 34

How to stop the cronjob without editing the crontab file?

Answer 34

sudo service cron stop

Question 35

How do you get the signature?

Answer 35

shasum +vdi file