mirror of https://github.com/01-edu/public.git
Zouhair AMAZZAL
2 years ago
committed by
Zouhair AMAZZAL
2 changed files with 367 additions and 0 deletions
@ -0,0 +1,366 @@
|
||||
# deep-in-system |
||||
#### General |
||||
##### Check the Repo content |
||||
Files that must be inside the repository: |
||||
|
||||
- DeepInSystem.sha1 |
||||
###### Are the required files present? |
||||
|
||||
##### Check the Virtual machine aliases |
||||
###### The virtual machine is clean of any alias that may affect the results of the audit commands |
||||
|
||||
#### The Virtual Machine Part: |
||||
##### Check the Linux distribution |
||||
To get information about the OS release: |
||||
```console |
||||
user:~$ cat /etc/os-release |
||||
PRETTY_NAME="Ubuntu <...> LTS" |
||||
NAME="Ubuntu" |
||||
VERSION_ID="<...>" |
||||
VERSION="<...> LTS <...>" |
||||
VERSION_CODENAME=<...> |
||||
ID=ubuntu |
||||
ID_LIKE=debian |
||||
HOME_URL="https://www.ubuntu.com/" |
||||
SUPPORT_URL="https://help.ubuntu.com/" |
||||
BUG_REPORT_URL="https://bugs.launchpad.net/ubuntu/" |
||||
PRIVACY_POLICY_URL="https://www.ubuntu.com/legal/terms-and-policies/privacy-policy" |
||||
UBUNTU_CODENAME=<...> |
||||
user:~$ |
||||
``` |
||||
To check if ubuntu is a server and not a desktop: |
||||
```console |
||||
user:~$ dpkg -l ubuntu-desktop |
||||
dpkg-query: no packages found matching ubuntu-desktop |
||||
user:~$ |
||||
``` |
||||
You can check the versions of the ubuntu server from here: https://ubuntu.com/download/server |
||||
###### Is the installed Linux distribution is Ubuntu server's latest LTS? |
||||
##### Check the VM disk and partitions |
||||
You can check the VM disk and partitions with this command: |
||||
```console |
||||
user:~$ lsblk -o NAME,FSTYPE,SIZE,MOUNTPOINT /dev/sda |
||||
NAME FSTYPE SIZE MOUNTPOINT |
||||
sda 30G |
||||
├─sda<...> 1M |
||||
├─sda<...> swap 4G [SWAP] |
||||
├─sda<...> ext4 15G / |
||||
├─sda<...> ext4 5G /home |
||||
└─sda<...> ext4 6G /backup |
||||
user:~$ |
||||
``` |
||||
- The VM disk size must be 30GB. |
||||
|
||||
- VM disk must be divided into these partitions: |
||||
"swap:" 4G |
||||
"/": 15G |
||||
"/home": 5G |
||||
"/backup": 6G |
||||
|
||||
###### Is the VM Disk size correct? |
||||
> There is no problem if the size of the divisions is not very accurate (Authorized error rate: <= 0.5G)! |
||||
###### Are the VM disk partitions correct? |
||||
|
||||
##### Check the hostname and user name |
||||
To check the hostname: |
||||
```console |
||||
user:~$ hostname |
||||
<username>-host |
||||
user:~$ |
||||
``` |
||||
To check the user name and groups: |
||||
```console |
||||
user:~$ id |
||||
uid=<...>({username}) gid=<...>({username}) groups=<...>({username}),<...>(sudo),<...> |
||||
user:~$ |
||||
``` |
||||
###### Does the hostname in the format of "{username}-host"? |
||||
###### Does the student use a user different from the "root" user? |
||||
###### Does the username contain the student login? |
||||
###### Does the user in the sudo group? |
||||
###### Does the student can explain what is sudo group in Linux? |
||||
|
||||
#### The Network & Security Part: |
||||
##### Check the VM IP address |
||||
The student must show the file that was modified to set a static IP address. |
||||
###### Does the student can explain the configuration? |
||||
###### Does the student What is a netmask? |
||||
You can check if the IP address is static with this command: |
||||
```console |
||||
user:~$ ip a | grep dynamic |
||||
user:~$ |
||||
``` |
||||
###### There is no internet interface with dynamic IP assignment? |
||||
You can check if the internet works fine with the static IP address: |
||||
```console |
||||
user:~$ ping -c 5 google.com |
||||
``` |
||||
###### Can connect to the internet properly? |
||||
###### Can The student explain why a static IP address is important for a web server? |
||||
|
||||
##### Check the sshd configuration |
||||
The student must show the file that was modified to secure the ssh server. |
||||
###### Does the student can explain the configuration? |
||||
###### Is the root access disabled in the sshd config (PermitRootLogin: no)? |
||||
###### Is the port of the sshd "2222" |
||||
You can try to connect from outside the VM |
||||
```console |
||||
outsideTheVM:~$ ssh {username}@{machine-ip} -p 2222 |
||||
{username}@{machine-ip}'s password: |
||||
Welcome to Ubuntu <......> |
||||
InsideTheVM:~$ hostname |
||||
{username}-host |
||||
InsideTheVM:~$ |
||||
``` |
||||
###### Can connect to the ssh properly? |
||||
###### Does the student can explain what is ssh server and what the role of it? |
||||
|
||||
##### Check the firewall |
||||
If the student uses ufw you can check it with this command: |
||||
```console |
||||
user:~$ sudo ufw status |
||||
Status: active |
||||
|
||||
To Action From |
||||
-- ------ ---- |
||||
2222/tcp ALLOW Anywhere |
||||
<...> |
||||
Apache ALLOW Anywhere |
||||
<...> |
||||
user:~$ |
||||
``` |
||||
Otherwise, the student must show what firewall is used. |
||||
###### Is the firewall activated? |
||||
The student must justify all open ports. |
||||
###### Are all open ports justified? |
||||
###### Is the MySQL port not open in the firewall? |
||||
###### Does the student can explain what is firewall and what the role of it in a server? |
||||
|
||||
#### User Management Part: |
||||
|
||||
##### Check luffy user |
||||
The student should connect to the machine with the "luffy" user by using this private key: |
||||
- Private key: |
||||
``` |
||||
-----BEGIN OPENSSH PRIVATE KEY----- |
||||
b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAABlwAAAAdzc2gtcn |
||||
NhAAAAAwEAAQAAAYEAvTWGU+bnivtibqTSzgIN8U0nddezcKz4FTdeUtoF34oyZaZjtXQY |
||||
Efq6Ojdsp4KC0y4tkBlFOd8UY9Kf0iX/vRjnZZLeeXj8bNhjSsQAiXK2Sz4sjgW2+VUcsk |
||||
Z94nvOKncOxFEp1kTkwVlSKpHMRPmBT/XtOoEArlMZuxco8FHxDElxGlgizAtqkRM/B/dm |
||||
bRHF6kDSqLRtArSLrhbFV9QkHRIfOr/klTeqVW1Wly1hSpKWUrmwLxnuYOH34i400jH85m |
||||
fgMpXstA5l/u57FdDl4CKYsTJltSlfDTaOaMU0BTxt8+b+wIAlDPB3NUdnY9gI25g0ZYfW |
||||
pk40HdXT0ffUyfODbtXyMLGq+Xhubv6CAN3FE09NvIHAC/ORi8u2BEVMl6W22mqdUILCRl |
||||
YgmBE35VHL8H3caw3rSwW50NmiqqPysclxQ17e7ketfKdoa6LVhPZ1mZyEPdBURVIRCHKK |
||||
tRoNaJ/9BvuDPViKpQoYeqlAKvxotyB1EV5UwT/TAAAFkJiggtqYoILaAAAAB3NzaC1yc2 |
||||
EAAAGBAL01hlPm54r7Ym6k0s4CDfFNJ3XXs3Cs+BU3XlLaBd+KMmWmY7V0GBH6ujo3bKeC |
||||
gtMuLZAZRTnfFGPSn9Il/70Y52WS3nl4/GzYY0rEAIlytks+LI4FtvlVHLJGfeJ7zip3Ds |
||||
RRKdZE5MFZUiqRzET5gU/17TqBAK5TGbsXKPBR8QxJcRpYIswLapETPwf3Zm0RxepA0qi0 |
||||
bQK0i64WxVfUJB0SHzq/5JU3qlVtVpctYUqSllK5sC8Z7mDh9+IuNNIx/OZn4DKV7LQOZf |
||||
7uexXQ5eAimLEyZbUpXw02jmjFNAU8bfPm/sCAJQzwdzVHZ2PYCNuYNGWH1qZONB3V09H3 |
||||
1Mnzg27V8jCxqvl4bm7+ggDdxRNPTbyBwAvzkYvLtgRFTJelttpqnVCCwkZWIJgRN+VRy/ |
||||
B93GsN60sFudDZoqqj8rHJcUNe3u5HrXynaGui1YT2dZmchD3QVEVSEQhyirUaDWif/Qb7 |
||||
gz1YiqUKGHqpQCr8aLcgdRFeVME/0wAAAAMBAAEAAAGATKVGCO7clNxIf3GdQ35pj3olpg |
||||
L+2YH37QBE4WMYRfmBeNPySCsDJSVgEv0osqKXxFxMcLcL5+mKJPXJcCOceUmBUxAvtx1f |
||||
g+gUMNE9NnCVj91bxxxhhpcHzN/pVrm4RlN8U+JdBENcN0arljsBeF9qFq4Ur0JauENJhR |
||||
RYrSFEeCm3+2gAkI9/V81oFx4NC9nLRp2DuHt+PT5N5vOqdW2mQ3B33iClxByMj5Z/ITZs |
||||
1vySkGhQCoSCoBRpieIVKUuJ8Hhh4/uStDRb6NaZZJt8r9W74j5A1qZGJJ1Znt4FaoeFSB |
||||
z9tFEnybJvvrASDgVh1GV9iCi5odV8/HfMQX75bxiOOb6CyOxLYkWL/L9rsg3EiFoaYRT4 |
||||
gPNRFC1UzanccesHg5IOcLFYTed3REnaSTP0YX5XDahDYjstDAIHXuAQOnqGFQ2eOls3Al |
||||
hrOnSbxWTpt4Lla19tctwHB/XcnC3zMDuD2TGrX7HJwsXsOLF0JlfhJdfw8o5kNmaBAAAA |
||||
wBKJ+BeJxzqko1NEBEC3d1W4CYQu3EdPGKlunRIZi/m6l35Xdgo9qPntSr1L56lhtNo5XZ |
||||
77OkKJE2YCCUt82Wp9o0cEBaVKhLWL7EjWEyYVkD23Snvaszg0BUwcK9u46+nS+8ob7+pa |
||||
6Qo1JG9iRqgtb5M61f5aBnxd6TiAHXd7/1z7JRtDZrjjGd3XWbxyF0dL/VlNzn9V2qXrEX |
||||
DupS0Lyy+I+BfUvKznggY/eySJ4lbGhbB5FvfeHcWxyI2R0AAAAMEA37n+g1u4ntYPyelW |
||||
CfzMbSMSJokzAEjskjwFdb2QnTRQUYIawY8y4384n/98o7hCXONW5M1d5XyGiWX5WOUHYG |
||||
LaLs/IUVMqfF+TmR6EMrpa55eHPbW9zDByVaNpAvoh1O6awBpDxFbAIU8j9CqbxZySGQ83 |
||||
WG+i0LuuXDHffjMiTRk5LSknU79dDdbDFCaqDLunmrYnAXdxJ+9EyJfm0wrxpH8u+lr9Im |
||||
1V7Jvm49gLBG8gfPq/zA3zpSmuUuERAAAAwQDYgNWAOUyaNyOeXEu7N3m1KvDkRlEOMjpp |
||||
BTfaKvpcNo1L2GmmHPUBsjyC59yqK24F63pdegL+9jJtOMdONaRa8qQloZPTwTj0yGM42E |
||||
rfszI7Uawg+2RmMuTRPOQ6nFcsnOnPwiFdzkLo7RmQiuUtKlV2VuR2PZXxf+90/l2g69IX |
||||
CdOvB0UKoEkjWVXQsMAKR0dGn6ooyFbfXoawq0ILxvrmxMOGd2l04Dai9d2vEeS+VwF65h |
||||
YFVD5IsAOc0qMAAAAUemFtYXp6YWxAMTkyLjE2OC4xLjcBAgMEBQYH |
||||
-----END OPENSSH PRIVATE KEY----- |
||||
``` |
||||
###### Is the student able to connect to the machine with the "luffy" user by using the private key and without using any password? |
||||
|
||||
- Try to execute a command with sudo: |
||||
```console |
||||
luffy:$ sudo cat /etc/shadow |
||||
root:*:<...> |
||||
luffy:~$ |
||||
``` |
||||
- Check the groups of luffy user: |
||||
```console |
||||
luffy:~$ groups luffy |
||||
luffy : luffy sudo |
||||
luffy:~$ |
||||
``` |
||||
- Check the home directory of luffy user: |
||||
```console |
||||
luffy:~$ echo ~ |
||||
/home/luffy |
||||
luffy:~$ echo $HOME |
||||
/home/luffy |
||||
luffy:~$ |
||||
``` |
||||
###### Is the "luffy" user can perform a command with sudo? |
||||
###### Is the "luffy" user assigned to the sudo group? |
||||
###### Is the home directory of "lufy" user: /home/luffy? |
||||
|
||||
##### Check zoro user |
||||
The student should connect to the machine with the "zoro" user by using this password: `^wb@92Sq&ls644@5*Je0` |
||||
###### Is the student able to connect to the machine with the "zoro" user by the mentioned password? |
||||
|
||||
- Try to execute a command with sudo: |
||||
```console |
||||
zoro:$ sudo cat /etc/shadow |
||||
zoro is not in the sudoers file. This incident will be reported. |
||||
zoro:~$ |
||||
``` |
||||
- Check the groups of zoro user: |
||||
```console |
||||
zoro:~$ groups zoro |
||||
zoro : zoro |
||||
zoro:~$ |
||||
``` |
||||
- Check the home directory of zoro user: |
||||
```console |
||||
zoro:~$ echo ~ |
||||
/home/zoro |
||||
zoro:~$ echo $HOME |
||||
/home/zoro |
||||
zoro:~$ |
||||
``` |
||||
###### Is the "zoro" user can't perform a command with sudo? |
||||
###### Is the "zoro" user not assigned to the sudo group? |
||||
###### Is the home directory of "zoro" user: /home/zoro? |
||||
|
||||
|
||||
##### Quick exam?! |
||||
In less than 10 minutes the student must create a user called "kratos" this user must be a sudoer and must be able to connect with a private key. |
||||
The private ssh key must be created by the student during this exam. |
||||
After the student finishes creating and setting up the user, the student must show that the user can be connected with the private key and can perform a sudo command. |
||||
|
||||
>If the student can't solve this exam, he must directly fail in this project. |
||||
>If did not pass this exam and was able to succeed in this project, a temporal crater will open and the world will be destroyed! |
||||
###### Does the student can create a private key? |
||||
###### Does the student can create the user? |
||||
###### Does the student assign the public key to the user? |
||||
###### Does the student add the user to the sudo group? |
||||
###### Is user "kratos" can connect with the private key? |
||||
###### Is user "kratos" can perform a sudo command? |
||||
|
||||
#### Services Part: |
||||
|
||||
##### Check nami user: |
||||
By using SSH create a file inside /backup: |
||||
```console |
||||
$ sudo touch /backup/audit-check |
||||
``` |
||||
Try to connect to the "nami" user via FTP: |
||||
```console |
||||
user:~$ ftp {vm-ip} |
||||
Connected to {vm-ip}. |
||||
<...> |
||||
Name ({vm-ip}:{username}): nami |
||||
331 Please specify the password. |
||||
Password: |
||||
230 Login successful. |
||||
Remote system type is UNIX. |
||||
Using binary mode to transfer files. |
||||
ftp> ls |
||||
<...> |
||||
<...> audit-check |
||||
<...> |
||||
226 Directory send OK. |
||||
ftp> get audit-check |
||||
<...> |
||||
226 Transfer complete. |
||||
ftp> |
||||
``` |
||||
- "nami" user password: `mYdb6HA^5W4o` |
||||
|
||||
###### Can connect with user "nami" and mentioned password to the FTP Server properly? |
||||
###### Is the created file exist in the FTP Server? |
||||
###### Can get the audit-check file from the FTP Server? |
||||
|
||||
##### Check anonymous user: |
||||
Try to connect with an anonymous user and a blank password: |
||||
```console |
||||
user:~$ ftp {vm-ip} |
||||
Connected to {vm-ip}. |
||||
<...> |
||||
Name ({vm-ip}:{username}): anonymous |
||||
331 Please specify the password. |
||||
Password: |
||||
530 Login incorrect. |
||||
ftp: Login failed |
||||
ftp> |
||||
``` |
||||
###### Can't connect to FTP Server with an anonymous user and blank password? |
||||
###### Does the student can explain what is FTP Server and what the role of it? |
||||
|
||||
#### WordPress Part: |
||||
From your browser, enter "http://{vm-ip}/" |
||||
> it can be https instead of http if the student installs an SSL certificate! |
||||
|
||||
Ask the student to log in with the admin user. |
||||
WordPress must be installed, Try to post something, any way you are free to do anything. |
||||
###### Is WordPress installed and working properly? |
||||
|
||||
Try to access to "http://{vm-ip}/wp-config.php" |
||||
###### The WordPress config file content is not displayed? |
||||
|
||||
|
||||
#### Backup Part: |
||||
##### Check the cronjob: |
||||
The student must show created cronjob. |
||||
###### Is they are a cron job that starts every Day At 00:00 (0 0 * * *)? |
||||
###### Is the cronjob command creating a tar file of the WordPress database in /backup? |
||||
|
||||
##### Check the FTP system functionality: |
||||
> Before starting this test you have to remove all WordPress backup files in "/backup" and delete the logs file "/var/log/backup.log". |
||||
|
||||
In the crontab, you have to change the scheduling to : |
||||
`* * * * *` |
||||
After 1 minute, check the FTP Server with the "nami" user: |
||||
```console |
||||
user:~$ ftp {vm-ip} |
||||
Connected to {vm-ip}. |
||||
<...> |
||||
Name ({vm-ip}:{username}): nami |
||||
331 Please specify the password. |
||||
Password: |
||||
230 Login successful. |
||||
Remote system type is UNIX. |
||||
Using binary mode to transfer files. |
||||
ftp> ls |
||||
<...> |
||||
<...> {wordpress-backupfile} |
||||
<...> |
||||
226 Directory send OK. |
||||
ftp> get audit-check |
||||
<...> |
||||
226 Transfer complete. |
||||
ftp> |
||||
``` |
||||
###### a WordPress database backup file with the date of today exists in the FTP Server? |
||||
##### Is the student create |
||||
Check the backup logs file: |
||||
```console |
||||
user:~$ cat /var/log/backup.log |
||||
<...>wordpress backup created!, date: <...> |
||||
user:~$ |
||||
``` |
||||
###### Is the backup logs file existing and contains a message informing you that the backup was successful and the timing of the backup? |
||||
|
||||
###### Does the student can explain what is cronjob and what the role of it? |
||||
###### Does the student can explain why backup is important? |
||||
|
||||
#### Bonus |
||||
|
||||
###### + Did the student pass the account creation exam without error and in a short time? |
||||
|
||||
###### + Did the student add any optional bonus? |
||||
|
||||
###### + Is the student a genius of the system administration? |
Loading…
Reference in new issue