0. This module is on Ubuntu
This module is on Ubuntu. This will probably be the most unfamiliar topic for most of you, so we will go slowly and have a lot of time to practice to ensure that everyone understands the concepts.
As you demonstrate how to navigate Ubuntu in this module, students should follow along on the Ubuntu Demo Image you have downloaded to their machines.
Module 4

1. CyberPatriot Competition!
AFA CyberCamp Format
Day One
Cyber Safety
Day Two
Windows System Administration
Day Three
Intermediate Windows Security
Day Four
Intro to Linux and Ubuntu Security
Day Five
CyberPatriot Competition!
This is the last module before our competition!

2. Module Four Learning Objectives
1. Linux Intro Review
-Become familiar with important vocabulary and navigating the Ubuntu interface
2. Basic GUI Security
- Apply key security principles to an Ubuntu system in the Graphic User Interface (GUI)
3. Intro to Command Line
- Understand command line syntax and explore using commands through code
4. Basic Command Line Security
- Use command line to change account management settings
5. Intermediate Ubuntu Security
- Make intermediate security settings using command line and the GUI
Today, we will dive back into Ubuntu. While the cybersecurity principles we learned in the last few modules apply across operating systems, navigating Ubuntu will take some getting used to.
Make sure to take notes, especially when we start discussing command line. As we talked about briefly in the last module, unlike in Windows, in Ubuntu, there are some security settings that have to be made with code and not in the Graphic User Interface.

3. Devote minutes to Instruction Slides 4-5 including giving students minutes to complete the tasks on Page 15 of their workbooks.
While it is recommended to take notes throughout the Linux portion, there are some slides that distinctly say “Take Notes!” these slides will directly correlate with later lab activities.
Linux Intro Review

4. Review: Adding and Removing Software
Software is bundled into packages
Packages are managed by package managers
Click the Ubuntu Software Center in the left-hand menu
Have the students follow along on the Ubuntu Demo Image.
As we discussed yesterday, Ubuntu uses packages to store everything that a particular program needs to run. A 'package', then, is essentially a collection of files bundled into a single file, which can be handled much more easily.
Packages are inventoried and controlled by package managers. In Ubuntu, the package manager is called “Ubuntu Software Center”. Ubuntu Software Center looks a lot like app storefronts you have probably seen before, such as iOS, OS X’s App Store, and Microsoft’s Windows Apps program. This is where you download new software for your operating system.
Click for next bullet and screenshot.
Click to reveal red box around All Software.
You can download both free or pay-for-use software to your machine using the All Software button.
You can manage software you have already installed using the Installed button. You would use this button to uninstall existing software.
Click to reveal red box around Installed.
To view a log of all the recent software changes (installs, removals, and updates) on your system, click the History button.
Click to reveal red box around Updates.
Whenever you attempt to install new software using the All Software button or uninstall or modify existing software using the Install button, you will be prompted to login to the using root permissions. We will talk more about how to do this later in this module.

5. Activity 4-1: Linux Familiarization Lab
Instructions (Workbook Page 15):
Open the Ubuntu Demo Image in VMware Player
User: cyberpatriot
Password: CyberPatriot!
Complete the tasks outlined in your workbooks
Do not change any passwords or user account settings
Give students minutes to complete the tasks on Page 15 of their workbooks.
This lab will review some of the basic capabilities of the Ubuntu operating system. If time and computer resources allow, each of the students should complete the tasks alone.
Stress that the students should not change any passwords or user account settings. If the students are unsure whether or not they can change something during this part of the activity, they should not make the change, as there is a possibility it will affect later portions of this module’s activities.
Answer Key: .
It is safe and useful because the program is well-known and used in businesses and homes all over the world. The reviews seem legitimate and emphasize its import.
Microsoft Word
Rhythmbox Music Player
/home/hypatia/Downloads/infinity
They cannot access the folder because they need to enable root permissions to do so. They are authorized to do so because they are administrators. However, they need to authenticate their identity first.
Sources:

6. Basic GUI Security Devote 15-25 minutes to Slides 7-16.
Allow the students minutes to complete the Activity 4-2 :Linux GUI Security Lab on Slide 16, Student Workbook page 16.
Throughout this section, students should follow along in the Ubuntu Demo Image as you show them how to change security settings in the Ubuntu GUI.
Basic GUI Security

7. User Accounts No Control Panel like in Windows
Click the System Settings in the left-hand menu
Click User Accounts in the System Settings window
Unlike Windows Operating Systems, there is no Control Panel or Action Center in Linux from which you can modify all of your basic security settings.
There is a System Settings menu, but it does not offer as many options as Windows’ Control Panel or Action Center.
Click to reveal red box.
To access the System Settings, click the System Settings icon in the menu on the left of the desktop.
Note: The entire System Settings window may not all fit in one VMWare window. If it does not fit, you must use the VMWare scroll bar to view the bottom menu options.
As you can see, there are some similarities here with the Windows Control Panel. Can you identify anything here that may be helpful for improving the security of an Ubuntu operating system?
Click to reveal red box around User Accounts.
User accounts is similar to Windows. This is where an administrator can make changes to all users.

8. User Accounts Select the user archimedes
To make changes, click Unlock and authenticate.
Keep Automatic Login set to off
The user account type can be changed by clicking the field next to Account Type
Students should follow along on the Ubuntu Demo Image.
The User Accounts section is the most important section in the system settings menu for improving security. This option is very similar to the User Accounts window in Windows.
Clicking the User Accounts button brings up a list of all the users on the image. All of the users on this image are famous mathematicians.
Click to reveal next image and instruction.
Only users with root permissions can make changes to other users’ account types and passwords. Individual users can change their own password, but not their user type.
Any administrator who makes changes in User Accounts needs to unlock the window (that is, make user information editable) and authenticate his or her identity. To unlock the window, click Unlock in the top right and enter your password. Ubuntu requires administrators/root users to authenticate themselves before making changes to someone else’s password or account.
Ubuntu can automatically log a user in when the computer is turned on. This feature is disabled for all users and should be kept that way by default. If it is not, anyone could gain access to a user’s information just by booting up a computer.
To change the user type of a user, click Administrator or Standard. Selecting Administrator gives the user root permissions, while Standard does not.

9. User Account Passwords
Click the field next to Password
Set a password now allows you to change a user’s password
Do not select Log in without a password
The third option allows you to disable or enable an account
Press Cancel to return to the User Accounts windows
To change a user’s password, click the Password field.
Click to reveal next bullet and screenshot.
After clicking the field next to Password in User Accounts, you will see a window that looks like this. In that window, click the field next to Action.
Click the first option to change a user’s password. If you are an Administrator and you are changing your password, you will need to enter your old password before creating a new one. This provides an extra layer of authentication. Since you already authenticated to make the User Accounts window editable, if you try to change another user’s password, you do not need to enter your password or the user’s old password.
Click to reveal next red box and bulleted instruction.
Clicking the second option in the field next to Action allows a user to log on without a password. This is very insecure and should never be selected. If it is selected, you will see the boxes for typing a new password grayed out.
To disable a user account, click the final option in the Action field. This option does not delete a user’s account, but instead changes the user’s password to an encrypted value that is extremely difficult to crack. A user can therefore only enter their account when an administrator removes the encrypted password by re-enabling the account.
Why might this be important?
An employee may not have left the company, but may have their account frozen due to disciplinary action, failure to complete an action, or because the administrator needs to access the account without the user changing anything.
Click to reveal red box around Cancel to not save changes.

10. User Accounts Making Changes: Users can be added or removed
Use Bottom left +/-
Must be Unlocked first
Only Users with Root Settings can make changes
Must authenticate to make changes
Never allow automatic log in
To Change User Type:
Click Administrator or Standard from User Type drop down box
Students should follow along on the Ubuntu Demo Image.
Click to reveal first set of text.
The User Accounts section is the most important section in the system settings menu for improving security. This option is very similar to the User Accounts window in Windows.
When you click the User Accounts button it brings up a list of all the users on the image. All of the users on this image are famous mathematicians.
Click to reveal first second set of text.
Only users with root permissions can make changes to other users’ account types and passwords. Individual users can change their own password, but not their user type.
Any administrator who makes changes in User Accounts needs to unlock the window (that is, make user information editable) and authenticate his or her identity. To unlock the window, click Unlock in the top right and enter your password. Ubuntu requires administrators/root users to authenticate themselves before making changes to someone else’s password or account.
Click to reveal third set of text.
Ubuntu can automatically log a user in when the computer is turned on. This feature is disabled for all users and should be kept that way by default. If it is not, anyone could gain access to a user’s information just by booting up a computer.
Click to reveal last set of text and instruction.
To change the user type of a user, click Administrator or Standard. Selecting Administrator gives the user root permissions, while Standard does not.

11. Configure Updates
Click Software & Updates in the System Settings window
Now, we will talk about keeping your Ubuntu system up-to-date. As we talked about during the introduction to Linux, most Linux software is open source, which means that some programs may be insecure because they come from unknown sources or have not been properly debugged. However, updates are released very frequently, so it is important to make sure you have the latest patches for your software.
It is possible that students may also see a box about upgrading to a newer version of Ubuntu. Students should NOT upgrade to a newer version of Ubuntu.
To show what files need updating, click settings in the bottom-left of the Update Manager window.

12. Update Policy Three Important Tabs Ubuntu Software Other Software
Updates
After clicking Settings, a window will open that allows you to customize the types of updates and downloads that you can apply to your operating system
Click to reveal first bullet and screenshot.
Ubuntu Software tab allows you to determine from which sources you want to download Ubuntu sources. Why might this be important?
Because Ubuntu is open-source, you need to be careful you are only downloading from trusted users, not all of them
Click to reveal second bullet and screenshot.
The Other Software tab is the same as the Ubuntu tab, but applies to non-Ubuntu software (outside applications and software, for example). These programs are not made by the developers of Ubuntu. All of these options should therefore only be selected if you can be reasonably sure they are secure and do not conflict with any of the needs of anyone using the system.
Click to reveal third bullet and screenshot.
The first section of the Updates tab allows you to customize where you want to install updates from. Which of these three options do you think should be checked? Remember, we want to be sure we know where our updates are coming from and that they are not buggy or insecure.
Important security updates should definitely be checked because they provide important fixes to known vulnerabilities.
Recommended updates should also be checked. These updates will not necessarily be important for security, but they will fix other major issues with outside software.
Unsupported updates should only be downloaded if you know exactly what they will be used for and if you are reasonably confident that they will not harm security.
Checking these boxes does not automatically begin the install process. You will still have the option to manually select individual updates, as we will see in a moment.
You can also select how often you want the OS to check for and display new updates. As was the case with Windows, we want to automatically check for updates daily so that the operating system stays up-to-date. Security and recommended updates should be set to display automatically for the same reason.
Have the students leave Important security updates and Recommended updates unchecked for now. They will be asked to check these boxes during their next Lab activity.
The last three tabs are more advanced and will not be discussed in this camp.

13. Installing Updates
Click the Ubuntu button in the left-hand menu and search for Update Manager
The update manager is a very easy way to install the latest updates.
Once the students have all opened the Update Manager, click for the next screenshot.
Clicking on this for the first time will bring up a screen like this. You will see that there are not any updates to ready to be installed.
That’s because, as we saw on the last slide, it’s not configured to install Important Security Updates or Recommended Updates.
The students may see a box that asks them to check for updates manually. This can be ignored.
Students may also see a box about upgrading to a newer version of Ubuntu. They should NOT upgrade to a newer version of Ubuntu.
Click to reveal red box around the red settings box.
Another way access the Software & Updates configuration is by clicking the Settings… button in the Software Updater

14. Source: https://help.ubuntu.com/community/UFW
Local Firewall
Built-in Firewall: ufw
Not activated by default
Command line interface
GUI interface: gufw
Does anyone remember why firewalls are important from when we talked about them in our Windows discussion?
Firewalls are designed to prevent unauthorized access to a system. They can be implemented via hardware or software.
The Students were supposed to install gufw (and ufw) during their previous lab activity. If it’s not there, the students need to install it via the ubuntu software center.
Click to reveal first bullet.
Like Windows, Ubuntu has a built-in firewall. It is called the Uncomplicated Firewall (UFW)
Click to reveal second bullet.
UFW is turned off by default because Linux is used more frequently as a development tool than Windows is. Programmers prefer having more freedom to accomplish tasks without having traffic blocked by default. Instead, developers work to customize the firewall to their personal specifications before turning it on.
However, for general use, it is best to turn the firewall on by default, especially if you are unsure about how to customize it.
Click to reveal third and fourth bullet and screenshot.
The firewall is a command line-only tool by default, but a GUI can be installed to make it easier to configure. This GUI is called the Graphical Uncomplicated Firewall (Gufw). You should have installed this earlier as part of the Linux Familiarization Lab activity.
The next slide walks through how to customize the firewall using Gufw. If students have not installed this program (they should have done so during the Linux Familiarization Lab activity on Slide 14), have them do so now. It can be installed by going to the Ubuntu Software Center, and searching for Gufw or Firewall Configuration.
Source:

15. GUFW – Customizing Settings
Go to Search → Firewall Configuration
Or Click
Authenticate
Click Status → On
Default:
Deny all incoming traffic
Allow all outgoing traffic
Deny vs. Reject
Preconfigured Rules
To configure the firewall, the first thing you need to do is turn it on.
NOTE: “Firewall Configuration” does not always show up in search immediately after installing it. Instead click the shield icon, or have the students log out and log back in again.
Have the students follow the directions on the screen to turn on the Ubuntu Demo Image’s firewall. Remind them that they will need to unlock the firewall after the window pops up. This can be accomplished by entering the administrative password for authentication.
After all the students have turned the firewall on, click to reveal screenshot and first bulleted text set.
Gufw’s default settings are very secure. If it is not necessary to customize the firewall for the specific requirements of the user’s organization, these settings can be left as they are.
All outgoing traffic from the user’s computer to other computers is allowed to pass through automatically.
All traffic coming into the computer is denied. This is very secure as it blocks any outside users who may be trying to access the computer without users’ knowledge.
Click to reveal second bullet and screenshot.
In addition to allowing and denying traffic, the firewall can reject traffic. There is a very slight difference between Deny and Reject. Denying means denying the traffic without informing the connection that it has been blocked. Rejecting means denying traffic and informing the outside connection that its data packet has been blocked. Reject is not a good option to select for all incoming traffic, but for certain programs it can be good to notify other computers that their connection has been blocked.
The shield is color-coded based on incoming and outgoing rules. The top third of the shield corresponds to incoming traffic and the bottom third corresponds to outgoing traffic. Green means Deny, blue means Reject, and red means Allow.
Click to reveal third bullet and screenshot.
The Preconfigured rule panel allows incoming and/or outgoing traffic to be controlled for certain applications or services. Tools such as Skype may be controlled by selecting the application from the menu and setting the other menus accordingly to restrict or allow traffic. This panel is very similar to Firewall Exceptions in Windows. There are some programs that you do trust and which you do not want blocked by a firewall. It is much safer to allow these programs through a firewall than to open an entire port.
Have the students enable incoming traffic on ports 80 and 443, which control HTTP and HTTPS respectively.
Source:

16. Activity 4-2: GUI Security Lab
Instructions (Workbook Page 16):
Open the Ubuntu Demo Image in VMware Player
User: cyberpatriot
Password: CyberPatriot!
Complete the tasks outlined in your workbooks
Do not change any passwords or user account settings
Give students about minutes to complete the tasks listed on Page 16 of their workbooks. If time and computer resources allow, have each student complete the activities separately.
This lab will review some of the basic ways of improving the security of an Ubuntu operating system. It will have the students run through many of the activities that were discussed in the previous slides.
Stress that the students should not change any passwords or user account settings not mentioned in the activity.
The students might need the passwords for some of the other user accounts to complete some the tasks in their workbooks. Some user names and passwords for the accounts on the system are below:
User Name: cantor
Password: CyberPatriot!
User Name: gauss
Password: password

17. Intro to the Command Line
Devote minutes to Slides
Allow an additional minutes for students to complete the Activity 4-3 Linux Command Line Lab I on Slide 31, Student Workbook pages
This section will cover basic commands and command line syntax. Remind the students again that they should take notes. Some of the settings made in command line cannot be duplicated in the GUI, so it is important to have notes of the relevant commands.
Walking through the steps in this section will show students how to perform basic command line tasks including:
Navigating the Linux filesystem
Accessing and reading command manuals
Manipulating files (creating, copying, moving, removing)
Viewing the contents of files
Simple output redirection
Now that we have applied some very basic security settings, you will learn how to make your systems even more secure without using the Ubuntu GUI.
As we discussed earlier, one thing that sets Linux apart from Windows operating systems is its heavy focus on the command line. We will learn how to perform some very simple tasks in command line before we apply this knowledge to making our operating systems more secure.
Intro to the Command Line

18. Linux Filesystem Linux filesystem tree
Base or trunk of the tree is the root directory (/)
Branches of the tree are directories
Leaves of the tree are files
Linux commands, files, and directory names are case sensitive
Filesystems can be thought of as a tree.
One of the defining features of Linux and other UNIX-like operating systems is that “everything is a file” including directories, hardware devices, system information, and other things.
In Linux, everything is underneath the root directory, which is represented as single forward slash /.
You can think of the root directory as the base, or trunk, of the tree.
You can think of directories as branches of that tree.
You can think of files as the leaves of that tree.
There are no restrictions on what you can or cannot name files and directories.
However, it is important to remember that all commands, files, and directory names are case sensitive.

19. Open a terminal Click the Ubuntu button Type terminal
Press Enter or click the icon labeled Terminal
Have the students follow the directions on the side to open a terminal

20. Basic Navigation Commands
pwd
“Present Working Directory”
Prints out your current working directory
ls [FILE]…
“List Segments”
Optional file/directory paths as an argument
cd [dir]
“Change Directory”
Optional directory path as an argument
Absolute paths
Starts from the root directory (/)
cd /home/cyberpatriot/Music
Relative paths
Start from the current directory (.)
cd ./Music or just cd Music
One dot (.) indicates the current directory
Two dots (..) indicates the parent directory
The pwd command prints out your “Present Working Directory”
The ls command was originally an acronym for “list segments”
This acronym is outdated
Today this command is used for listing files.
The ls command takes an optional “argument” specifying a file (or directory) to “list”
If no argument is passed to ls it lists the files in your current working directory
The cd command will change your current working directory
The cd command takes an optional argument specifying the directory you want to make your current working directory
If no argument is passed to cd, it will make your “home directory” your current working directory
Click to reveal absolute vs relative path information
When specifying file or directory paths as arguments there are two ways to do this, absolute paths or relative paths
Absolute paths always start with the root directory which is a forward slash ( / )
Relative paths start with a file or directory inside your current working directory
There are two special directory names inside every directory that you may also use to start a relative path
One dot ( . ) represents the current working directory
Two dots ( .. ) represents the parent directory. For example. the parent directory of /home/cyberpatriot is /home

21. Basic Navigation Commands
Type the following commands in order: cd
pwd ls
cd ./Music
cd ../Documents
Have the students type the commands exactly as shown

22. Command Manuals and Usage
man [section] page
“Manual”
Displays the manual for a command
Type man man and press Enter
Displays the manual for the command “man”
Use the arrow keys or PgUp/PgDn to scroll up and down
The man command displays the manual for that command
For example, you can view the manual for the man command by typing man man
Click to display instructions for the students to follow
Type the command man man and use the PgUp/PgDn keys to scroll up and down
Give the students a brief amount of time to view the manual for man before continuing
Click to display instructions on how to quit the man program
Type q to exit before we continue
Type q
Exits man

23. Command Manuals and Usage
Many commands have a --help or –h option
Type ls --help and press Enter
Displays help for the command ls
Often, commands will display help text if you pass the command a --help (dash-dash-help) or a -h (dash-h) option
Click to reveal instructions for students
Type the command ls --help as shown
What does the help output say about the -1 (dash-one) option?
Test out the ls –l option by typing it into your terminal now (ls dash-one)
What does the -1 (number one) option do?
Type ls -1

24. File Manipulation Commands
cp SOURCE… DEST
“copy”
Used to copy a file (or directory) to a new location
Can copy multiple source files into a destination directory
mv SOURCE… DEST
“move”
Used to move or rename a file (or directory)
Can move multiple source files into a destination directory
touch FILE…
Opens and closes a file
Creates an empty file if it does not exist
rm FILE…
“remove”
Remove one or more files or directories
The cp command can be used to copy one or more files
The cp command takes at least two arguments, one or more sources and a destination
If the destination is a directory, it will copy the source file(s) into that directory
If the destination is a file or does not exist, it will create or overwrite the destination file with the source file
The mv command can be used to move one or more files
The mv command takes at least two arguments, one or more sources and a destination
If the destination is a directory, it will move the source file(s) into that directory
If the destination does not exist, the source file will be renamed to the destination
If the destination is an existing file, it will be deleted and the source file will be renamed to the destination
The touch command will open and close a file without doing anything else.
This may update the files “last access time”
This will also create the file if it does not exist
The rm command will remove any files passed as arguments

25. File Manipulation Commands
Type the following commands in order: cd
touch Documents/a
cp Documents/a b
mv b c
ls ./ Documents
rm c Documents/a
Have the students type the commands exactly as shown
Touch created the file Documents/a, we then copied it to b, and then we moved b to c
We can see the new files Documents/a and c from the output of the ls command
After we remove the files with rm, the ls command no longer shows the files

26. File Contents and Output Redirection
cat [FILE]...
“Concatenate”
Concatenate files and prints to standard output
Commonly used to print the contents of a single file
file file...
determines the type of a file
echo [STRING]...
displays a line of text in the command line
[command] > FILE
The standard output of any command can be redirected to a file with a “greater than” symbol
This will create a new file or overwrite an existing file
The cat command stands for concatenate
This command may take any number of file names as arguments
The cat command will concatenate all of the files together and print them to standard output
The cat command is commonly used to print out the contents of a single file
Under normal circumstances, when a program prints text, it prints to what is called standard output
Sometimes, when printing error messages, a program prints to what is called standard error
Both standard output and standard error appear as text in the terminal
The file command displays information about one or more files that are presented as arguments on the command line
The echo command will print whatever you put on the command line to standard output
The greater than > symbol allows you to redirect standard output to a file
Use this with care, if the file exists it will be completely overwritten with the new contents.

27. File Contents and Output Redirection
Type the following commands: cd
echo “Hello” > hello
echo “World!” > world ls
cat hello world
Have the students type the commands exactly as shown
Click to reveal the results of running these commands
We create two new files, hello and world, containing their respective strings
Using the cat command we can concatenate and print out the result

28. File Contents and Output Redirection
Type the following commands in order:
cat hello world > helloworld ls
cat helloworld
file helloworld
file Music/4.mp3
rm hello world helloworld
Have the students type the commands exactly as shown
Click to reveal the results of running these commands
Again we use the cat command to concatenate the contents of the files hello and world, but this time we redirect standard output to a new file called helloworld
If we cat out the file helloworld, we can see that it does indeed contain the concatenation of the files hello and world
The file command tells us that the file helloworld is an ASCII text file
The file command also tells us that file Music/4.mp3 is indeed an mpeg layer 3 audio file, and it even prints out the bitrate, sampling frequency, and number of channels for us.

29. File Editing gedit [FILE]… nano [FILE]… Easiest
Open the files in a common graphical editor
nano [FILE]…
Sometimes there is no GUI
Easy to use terminal editor ^O
(Ctrl+O)
“Write Out” (Save) ^X
(Ctrl+X)
Exit
Editing files on the command line can sometimes be a challenge
The easiest thing to do is to use the gedit command
gedit is a commonly used graphical text editor
The gedit command can take any number of file names to edit as arguments
Another option is to use nano
Sometimes you may not have access to a GUI
The easiest way to edit files without a GUI is to use nano
We won’t be using nano for this class, but if you ever find yourself needing to use nano, it has easy to use commands displayed on the bottom of the terminal. Just remember that in UNIX the Caret ^ often stands for Ctrl+, so for example the save command ^O (Caret-o) is just Ctrl+O. Do not type the shift key, just ctrl and o.

30. Type gedit Documents/napier.txt
File Editing
Type gedit Documents/napier.txt
Have the students type the commands exactly as shown
Click to reveal the results of running these commands
The gedit command opens the specified file in a new gedit window
Close the gedit window by clicking the x in the upper left hand corner
Save and close the gedit window before continuing

31. Activity 4-3: Command Line Lab 1
Instructions (Workbook Page 17-18):
Complete the tasks outlined in your workbooks
Do not change or delete anything not listed in your workbooks
Give students about minutes to complete Pages of their workbooks. If time and computer resources allow, have each student complete the activities separately.
Answer key:
/home/cyberpatriot
/home
test: MPEG ADTS, layer III, v1, 160 kbps, 44.1 kHz, Stereo
i^2 = -1
test: ASCII text
Do not create any files
Remove directories and their contents recursively
JPEG (or jpg)
Version 1.3
1 = …

32. Security and the Command Line
Devote minutes to Slides
Allow an additional minutes for students to complete the Activity 4-4 Linux Command Line Lab II on Slide 66, Student Workbook pages
This section will cover basic commands and command line syntax. Remind the students again that they should take notes. Some of the settings made in command line cannot be duplicated in the GUI, so it is important to have notes of the relevant commands.
Now that we have applied some very basic security settings, you will learn how to make your systems even more secure without using the Ubuntu GUI.
As we discussed earlier, one thing that sets Linux apart from Windows operating systems is its heavy focus on the command line. We will learn how to perform some very simple tasks in command line before we apply this knowledge to making our operating systems more secure.
Security and the Command Line

33. The Password file – Take Notes!
/etc/passwd
Usually does not contain passwords (anymore)
Contains user information
Type cat /etc/passwd
Despite it’s name, the password file does not actually contain passwords anymore
Passwords used to be kept in the password file, along with user information, but this is generally a bad idea since everyone on the computer can read the password file
Instead encrypted passwords are stored in the “shadow” file which we will cover later
Click to reveal instructions to view the password file.
Type cat /etc/passwd (sometimes pronounced like “etsee password”)
Notice this is an absolute file path since it starts with the root directory
Click to reveal instructions to view the password file manual
Type man 5 passwd now.
Give the students a minute to read the manual, but it’s long so you’re going to have to interrupt them
Press q to quit man
Type man 5 passwd to view the manual for the password file
When you are done, press q to quit

34. The Password File – Take Notes!
User Name
User ID
Password
Group ID
User Name
The name associated with this user account
This is primarily used by humans to identify a user account
Password
x denotes password is stored in shadow file
User ID – Numerical user ID, or “UID”
The OS internally identifies users using their UID not Username
Group ID – Numerical primary group ID, or “GID”
The User Name field is the user name you use to log in with
This is what people usually use to identify user accounts
Click to reveal information about the password field
Although this can contain an encrypted password, this field is usually an x indicating that the password is stored in the shadow file
Click to reveal information about the User ID field
Each user has a numeric User ID, and this is how the Operating System internally identifies users
Click to reveal information about the Group ID field
Each user may belong to multiple groups, but this is the ID of the users “primary” group. Again the Group ID is how the Operating System internally identifies groups.

35. The Password File – Take Notes!
User Name
User ID
Comment
Home Directory
Shell
Password
Group ID
Comment
Typically used to store the users “real name”
Home Directory
The current working directory when this user log in
Shell
The shell (or command) that gets executed when you log in
How this user interacts with the computer when logging in on the command line
The Comment field can contain anything, however it is typically used to store the users “real name”
Sometimes this defaults to the “user name” if no “real name” is given
Click to reveal information about the Home Directory field
The Home directory field specifies the current working directory when this user logs in
If this user types cd with no arguments, this is the directory the user will be taken to
Click to reveal information about the Shell field
This is the command that gets executed when the user logs in via a terminal
This is typically a shell, but could be any command
A shell is a special program that controls everything you can do and see within a terminal
Your shell executes all the commands you type and displays their output in the terminal window

36. What are all these users?
The Password File
What are all these users?
UID 0 – “root”
UID – “nobody”
UIDs 1-99 – special system users
UIDs >= 1000 – human users start at 1000
Why can’t I see all these users in the GUI?
UIDs less than 1000 are hidden
Hidden in the display manager (lightdm)
Hidden in the System Settings->User Accounts
What are all these users doing on my system?
The UID of 0 is reserved for the super user root
The UID of is typically reserved for the user nobody
The UIDs of 1-99 are traditionally reserved for special system users
Other UIDs up to 1000 are typically reserved for other non-human users
Click to reveal the question.
You might be wondering, why can’t I see all theses users when I log in or manage user accounts via the GUI?
That’s because the GUI automatically hides all UIDs < 1000?
How might an attacker exploit this?
Attackers could create hidden users
What can you do to protect yourself?
You can regularly review the password file manually

37. Listing Users Try running the following commands in the terminal:
whoami
Prints your current username
users
Prints the user names of users currently logged in to the current host
who
Prints information about users who are currently logged in w
Displays information about the users currently on the machine, and their processes
The whoami command prints out your current user name
The users command prints out the user names of the users currently logged in
The who command prints out some information about the currently logged in users
The w command displays information about the users currently logged in and their processes
Run these commands in your terminal to view their output
Click to reveal the command results. The output on the students machines will vary slightly.

38. Type man 5 group to view the manual for the group file
/etc/group
Defines the groups on the system
Type cat /etc/group
The group file defines the user groups on the system
Click to reveal student instructions
Type cat /etc/group (sometimes pronounced “etsee group”)
These are the groups currently present on your computer
Type man 5 group to view the manual for the group file
Give the students a short amount of time to briefly review the manual
Type q to quit man
Type man 5 group to view the manual for the group file
When you are done, press q to quit

39. The Groups File Group Name Password Group ID User List
The name of the group
This is primarily used by humans to identify a group
Password
Generally not used
Group ID
The OS internally identifies groups by their GID not Groupname
User List
The list of users that belong to this group
Let’s inspect the contents of the group file
The first field in the group file is the Group Name
Just like a user name, this is what humans use to uniquely identify the group
Click to reveal information on the password field
The password filed is generally not used, but it is possible to set passwords for groups
Click to reveal information on the group ID field
The Operating System uses the group ID internally to identify groups
This is the Group ID that we saw referenced in the password file
Click to reveal information on the User List field
The User List field contains a comma separated list of users that belong to this group.
If a user has this group set as his or her “primary group”, then this user belongs to this group and may or may not be listed in in the “User List” field

40. Groups groups [USERNAME]
Prints the groups a user is in
Try running the following commands in the terminal:
groups
groups cantor
groups euclid
The groups command will print the groups that a user belongs to
If no user is specified as an argument, it defaults to the current user
Click to reveal student instructions
Run the following commands in your terminal
Notice that cyberpatriot is in the sudo group
Also notice that euclid is in the geometry group

41. The getent Command getent database [key]...
Database may be passwd, group, or shadow
If key is not specified, it displays the entire file
If one or more keys are specified, displays only those lines
Type the following commands
getent passwd fermat
getent group users
The getent command can be used to display information from the password, group, or shadow file
The first argument should be passwd, group, or shadow
The second argument may be one or more users or groups
If no key is specified it will display the entire contents of the file
Click to reveal student instructions
Try typing the following commands
Click to reveal the command output
As you can see from this example the getent command displays selected lines from the password or group files

42. File Permissions Traditional Unix access control
File modes or permissions
Every file/directory has an owner and group
File modes determine the permissions granted to:
The “user” who owns the file
The “group” this file belongs to
Any “other” users
Three types of permissions
read, write, execute
Access to files and directories in UNIX is traditionally controlled using file modes.
Access control is a huge security topic
File modes are a typically example of one specific type of access control called “Discretionary access control”
Click to revel file ownership text
In UNIX every file and directory has an owner and group associated with it
Click to reveal file mode text
File modes determine the permissions that are granted to the user who owns the file, the group this file belongs to, and any other files.
user, group, and other are represented by the letters u, g, and o
Click to reveal permission type text
The user, group, and others may be granted read, write, and execute permissions
These permissions are represented by the letters r, w, and x

43. File Permissions ls -l [FILE] Type ls –l pythagoras.sh
ls command with the lower case letter “l” option
Long listing format
Shows a file’s owner, group, permissions and other information
Type ls –l pythagoras.sh
The ls command has a very useful option -l (dash-el), the lowercase letter l.
This option will produce output using the “long listing format”
Click to reveal student instructions
Type ls -l pythagoras.sh
Click to reveal the command output
This is the what you should be seeing in your terminals
Let’s examine this closer
Click to reveal file mode bits
File mode bits will be covered in detail on the next screen, this determines the permissions given to the
Click to reveal Links
Links is the number of hard links to this file. We will not be discussing hard links further.
Click to reveal Owner
Owner is the user who owns this file
Click to reveal Group
Group is the group this file belongs to
Click to reveal Size
Size is the size of this file in bytes
Click to reveal Date Modified
Date Modified is last time this file was written to
Click to reveal File
File is simply the name of the file
File Mode Bits
Owner
Size
File
Links
Group
Date Modified

44. Files Permissions File Mode Bits Type User/Group/Other
Owner
User (Owner)
Other
The file mode “bits” are represented by 10 characters
The first character represents the file type.
For example, a file type of d means this is a directory and file type of l means this is a symbolic link
Click to reveal User/Group/Other file mode information
The next three characters represent the permissions granted to the user that owns this file
The next three characters represent the permissions granted to the group that this file belongs to
The final three characters represent the permissions granted to any other users
The next slide continues with this example
File Mode Bits
Type
Not part of the permissions
“d” means directory, “l” means link
User/Group/Other
“r” means read permissions are granted to this user
“w” means write permissions are granted to this user
“x” means execute permissions are granted to this user

45. Files Permissions Who can do what with the file pythagoras.sh?
Group
Group
Type
Owner
User (Owner)
Other
In this example, who has been granted permissions to do what with the file pythagoras.sh?
Click to reveal user “who”
What can the owner cyberpatriot do?
Click to reveal user “what”
There is an r, w, and x present in the user section of the file mode, this means the owner has read, write, and execute permissions.
Click to reveal group “who”
What can the group users do?
Click to reveal group “what”
There is an r, and an x present in the group section of the file mode, this means the group users has been granted read and execute permissions
Click to reveal other “who”
What can the any other users do?
Click to reveal other “what”
There is no r, w, or x present in the other section of the file mode. This means that any other users can not read, write, or execute this file.
Who can do what with the file pythagoras.sh?
The user “cyberpatriot” (owner)
Has read, write, and execute permissions
The group “users”
Has read and execute permissions
Other users
Have no permissions

46. Hidden Files Hidden files start with a dot ( . ) ls -a [FILE]
Any file type including directories can be hidden
ls -a [FILE]
Lower case “a” option
Shows all files, including hidden files
Options can often be combined
ls –la [FILE]
Lower case “l” option
Shows all files using the long listing format
Hidden files in Linux start with a dot ( . )
Any files including directories can be hidden
The GUI or the ls command do not show hidden files by default
Click to reveal the ls -a command
The ls command can take the -a (dash-a) option
This option shows all files, including hidden files
Click to reveal about combining options
Command options can often be combined
For example, if you want to do a “long listing” of “all” files you can use the command ls -la (dash-l-a)

47. Hidden Files Type ls –la Remember
Type the command ls -la on your Ubuntu Demo Image now.
Click to view the command output
The output of your command should look something like this
There are lots of hidden files in your home directory, mostly used to store configuration information
Click to view information about special directories
You should be able to see the dot ( . ) and dot-dot ( .. ) special directories present inside every directory
Remember a single dot goes to your current directory, and two dots goes to your parent directory
Remember
( . ) is always your current directory
( .. ) is always your parent directory

48. Switching Users Many administrative commands must be run as root
su [username]
Change user ID or become superuser
If no username specified, defaults to root
Must enter password of target user “username”
sudo [-u username] command
Execute a command as another user
May be required to enter your own password
Sometimes the root user does not have a password
cannot log in
cannot authenticate with su
Many administrative commands must be run as root
There are two common ways to run commands as another user
The su command will allow you to “become” a different user, but you have to know the password for that user
If you don’t tell su what user you want to “become” it defaults to root.
Click to reveal sudo information
The sudo command will allow you run commands as another user
As a safety precaution sudo will usually ask you for your password before you can do this
If you don’t specify the user to run commands as, it defaults to root
Usually only certain users are allowed to use sudo such as Administrators or members of the sudo group
Click to reveal root with no password information
By default Ubuntu does not assign a password to the root user. This is actually very secure since it prevents the root user from logging in. However, this also prevents you from using the su program to become root.

49. Switching to Root You can also switch to root by typing:
sudo su
Type your password if prompted
Works even if root has no password
Type the command whoami
Being root can be dangerous so exit
Type exit
If root has no password, you can still switch to root by typing sudo su
This will run the su program as root, and all you need to know is your current users password.
By default root can use the su program without need to enter any passwords.
Try it out now. Remember sudo may or may not ask you for your password depending on how recently you successfully authenticated to sudo last.
After you are root, your prompt should change to a pound or number sign as shown in this screenshot.
Type the command whoami to confirm that you are root.
You can now run any commands as root.
But it’s easy to accidentally mess things up as root so we’re going to exit by typing exit.
From now on in this class we’re only going to use sudo to execute commands as root.

50. Adding and Removing Users
useradd LOGIN
userdel LOGIN
Low level utility for adding and deleting users
Exists on all major Linux distributions
adduser user
deluser user
Recommended over useradd/userdel for Debian/Ubuntu
Does not exist on some Linux distributions
The useradd and userdel commands are present on all major Linux distributions and can add or remove users from the command line.
By default these commands have very basic functionality and you have to remember a lot of command line options in order to do things like automatically make users home directories.
Click to reveal adduser/deluser command information
Debian based distributions, such as Ubuntu, recommend using adduser and deluser instead of useradd and userdel
These commands are more user friendly and by default usually do what you want them to do without having to remember a bunch of command line options

51. Adding a User – Take Notes!
Add the user boole
Type sudo adduser boole
Sudo may prompt you for your password
Enter your password if prompted by sudo
Practice adding users from the command line by creating a user named boole
Only root can add users so we have to use sudo
Type sudo adduser boole
Remember sudo may or may not prompt you for your password
Click to reveal sudo output
When prompted type a new secure password for boole
Accept all the default options and confirm by pressing Enter repeatedly
Click to reveal the final output.
When you are finished your screen should look like this
Type a new secure password for boole
Press ENTER (defaults)
Press ENTER (confirm)

52. Removing a User – Take Notes!
The user “wolowitz” is not an authorized user
Remove the user wolowitz
Type sudo deluser wolowitz
(You may be prompted for your password)
The user wolowitz is not an authorized user and should be removed immediately
Remove wolowitz by typing sudo deluser wolowitz
Click to reveal the output of the deluser command
Click to reveal the next command
Now type getent passwd to print the contents of the password file
Is the user wolowitz present in the password file?
What about the user boole?
Type getent passwd
Is the user “wolowitz” present?
Is the user “boole” present?

53. Adding and removing groups
groupadd group
Creates a new group
groupdel GROUP
Delete an existing group
gpasswd –a LOGIN GROUP
Add a user to a group
gpasswd –d LOGIN GROP
Delete a user from a group
Similar to useradd and userdel, all major linux distributions have the groupadd and groupdel commands for creating new groups or deleting existing groups
Click to reveal usermod information
In order to add or remove existing users to or from existing groups, we can use the gpasswd command
Use the -a (dash-a) option to add a user to a group, and the -d (dash-d) option to remove a user from a group

54. Create a New Group – Take Notes!
Create a new physics group
Type the following commands:
sudo groupadd physics
(You may be prompted for your password)
sudo gpasswd –a newton physics
sudo gpasswd –a lagrange physics
getent group physics
Now type these commands in order to create the physics group and add newton and lagrange to the physics group
Now type getent group physics to print the physics line from the group file
Click to reveal the command output
The getent command will allow you to verify that newton and lagrange are now in the physics group
Your output should look similar to this

55. Delete a Group Delete the armyants group Type the following commands:
getent group armyants
sudo groupdel armyants
(You may be prompted for your password)
groups cooper
The group armyants is being disbanded.
Delete the armyants group by typing the following commands.
Click to reveal the output of the commands
Your output should look similar to this
You can see that after deleting the armyants group, cooper no longer belongs to that group

56. User Passwords /etc/shadow passwd [LOGIN]
Contains encrypted user passwords and other information
passwd [LOGIN]
Change a users password
If no user is specified, defaults to the current user
The /etc/shadow (sometimes pronounced etsee-shadow) file contains the encrypted user passwords
Passwords were moved here from the password file because all users need to have read access to the password file.
Even though the passwords are encrypted, we don’t want any users to be able to see them to prevent malicious users from using a password cracker.
Click to reveal passwd command information
The passwd command will change the password for a user
If no user is given on the command line, then it defaults to the current user

57. Changing User Passwords
Type the following commands:
sudo getent shadow newton
sudo passwd newton
Type the following commands into your terminal
Click to reveal command output (command output will vary)
Your output should look similar to this
The encrypted password for newton is the second field and begins with a $6$
You can see after changing the password for the user newton that the encrypted password in the shadow file also changes

58. Changing File Permissions
chown OWNER FILE
“Change ownership”
chgrp GROUP FILE
“Change group”
chmod MODE[,MODE]… FILE
“Change mode”
MODE
[ugoa][+-=][rwx]
User/Group/Other/All +-= Read/Write/eXecute
File owner, group, and mode can be changed by the chown, chgrp, and chmod commands.
For the chown command type the new owner the file will belong to, followed by the name of the file or directory
For the chgrp command type the new group the file will belong to, followed by the name of the file or directory
For the chmod command, type the MODE modification command followed by the name of the file or directory
The MODE modification command is a u,g,o, or a followed by a +, -, or = followed by a r, w, or x
Click to reveal the mode modification command details.
u stands for user, g for group, o for other, and a for all.
+ or – indicates if you want to add or remove permissions
r, w and x stands for read write or execute
The next slide covers a hands on example

59. Changing File Permissions – Take Notes!
Type the following commands:
ls –l pascal.py
These permissions are bad
sudo chown cyberpatriot pascal.py
chgrp users pascal.py
The following commands change the ownership and group of the pascal.py file
Notice that the pascal.py file poorly chosen owner and group since the file is in your home directory
Notice also that anyone can write to the pascal.py file, which is probably not what you want.
We have to use sudo to chown pascal.py since we do not own the file
But, after we take ownership of the file do not have to use sudo to modify the files group, since we are the owner
Click to reveal command output

60. Changing File Permissions
Type the following commands:
chmod og-w pascal.py
Remove (-) others, groups permission to write
chmod o-rx pascal.py
Remove (-) others permission to read, execute
chmod g+x pascal.py
Add (+) groups permission to execute
ls –l pascal.py
Pascal.py now has a more appropriate user and group, but what about that insecure file mode?
Remove (-) the ability for “other” and “group” users to “write” to this file by using the mode modification og-w
Click to reveal next step
Remove (-) the ability for “other” users to “read” and “execute” this file by using the mode modification o-rx
Click to reveal the next step
Finally, grant (+) the ability for the “group” to “execute” this file by using the mode modification g+x
Click to reveal the ls –l pascal.py command
Click to reveal the command results
If you do a long listing on the file again, your output should looks similar to this
Notice that the user can now read, write, and execute this file
The group can now read and execute this file
And all other users can no long read, write, or execute this file

61. Ubuntu is based on Debian, which uses apt-get apt-get update
APT Package Manager
Ubuntu is based on Debian, which uses apt-get
apt-get update
Get the latest list of available packages
Use before upgrade or dist-upgrade
apt-get upgrade
Install the newest version of all packages currently installed
apt-get dist-upgrade
Like upgrade but “smarter”
Debian has a great package management system know as APT and pronounced like the word “apt”
APT stands for advanced package tool
You’ve already interacted with the APT package manger via the GUI
apt-get is probably the most widely-used APT command line tool
Before you can install the latest updates you have to run apt-get update
Now apt-get update doesn’t actually update any software installed on your computer, but it will use your configured software sources and update the list of available software.
After you’ve run apt-get update, you can run apt-get upgrade, or better yet use apt-get dist- upgrade instead
apt-get upgrade installs the newest version of all the packages currently installed. apt-get dist-upgrade is similar but it more intelligently handles package dependencies, and resolves conflicts better.

62. APT Package Manager apt-get install apt-get remove apt-get purge
Install a new package, including any required dependencies
apt-get remove
Remove a package, but keep old configuration files
apt-get purge
Remove a package and remove old configuration files
Installing and removing packages from the command line is just as easy. In fact, if you know the name of the package you want to install or remove, it’s usually a lot faster to use the command line commands than the GUI.
apt-get install will install a new package, including an required dependencies
apt-get remove will remove a currently installed package, but will keep any old configuration files in case you change your mind or want to reinstall the package later.
If you’re certain you want to remove ALL of the files, you can use the apt-get purge command which will remove all of the installed package files including any configuration files

63. Installing Packages Install a new, useful software package
sudo apt-get install members
Use your new apt skills to install the command members by typing sudo apt-get install members
Click to reveal the command output
In this case, apt-get get didn’t need to install any additional dependencies, but if it needed to it would have done so automatically after asking you to review and confirm the packages to install
Click to reveal the next section
Try out your newly installed software by typing the command members calculus
As you can see, members prints out the members of a group
In this case the group calculus has two members, gauss and euler
Try it out by typing
members calculus

64. Removing Packages
Some companies prohibit network and port scanning utilities, so remove them
Type sudo apt-get purge nmap zenmap
Press ENTER to continue
Often, companies prohibit network scanning and sniffing software on users computers
This computer has zenmap installed, which is a graphical front end to the nmap port scanner
Remove nmap and zenmap by typing the command sudo apt-get purge nmap zenmap
Click to revel the command output
Notice that apt-get will ask you to confirm, and notify you that you will have some unnecessary packages installed
Press Enter to confirm the removal of these packages.

65. Removing Packages
Often you want to also remove any unnecessary dependencies
sudo apt-get autoremove
Press ENTER to continue
We still have some unnecessary packages installed after removing nmap and zenmap
Type sudo apt-get autoremove to automatically remove unnecessary packages
Be sure to carefully review the packages that will be uninstalled
It’s easy to accidentally uninstall important packages (such as your GUI) with autoremove if you don’t carefully review the list of packages
Click to review the command output
This list of packages to uninstall looks ok so press Enter to continue

66. Activity 4-4: Command Line Lab II
Instructions (Workbook Pages 19-20):
Complete the tasks outlined in your workbooks
Do not change or delete anything not listed in your workbooks
Give students minutes to enter and identify the commands listed on Pages of their workbooks. If time and computer resources allow, have each student complete the activities separately.
This activity will run the students through many of the tasks that were outlined in the last sections. This may be a difficult activity for the students because it requires heavy use of the command line. It is recommended that the instructor flips back to slides to help any students who are having trouble with any of the problems.
Answer key:
lagrange
/bin/tcsh
128
newton, euclid, pythagoras ,archimedes, fermat
root
calculus
All users - The owner cyberpatriot, members of the group calculus (gauss, euler), and other users
The owner cyberpatriot, and members of the group calculus (gauss, euler).
.lorentz

67. Intermediate Ubuntu Security
Spend minutes on Slides
Allow an additional minutes for students to first complete the Activity 4-5 Intermediate Ubuntu Security Lab on Slide 73, Student Workbook page 21.
5 minutes to discuss the conclusions on Slide 74.
Throughout this section, students should follow along in their Ubuntu Demo Images as you walk them through the intermediate Ubuntu security commands.
Intermediate Ubuntu Security

68. Turn off the Guest Account
Turned on by default
LightDM: display manager controlling the login screen
Type sudo gedit /etc/lightdm/lightdm.conf
Add the line allow-guest=false under [Seat:*]
Now that you know how to access gedit, we will use it to make our Ubuntu machines more secure.
We will begin with turning off the guest account.
The Ubuntu guest account works just like the one in Windows. It allows users to log into the operating system without their own account and often without a password. The guest account is turned on by default. It is important to turn this off to reduce the chance of unauthorized access to the computer.
To see that the guest account is turned on, go to the top right of the top menu on your Ubuntu desktop and click “cyberpatriot.” The Guest Session should be visible in the dropdown menu.
Click to reveal second bullet.
To turn off the Guest account, we need to edit a file in the LightDM folder. LightDM is a display manager that displays what the login screen looks like. You will notice that editing a file in this folder is very different from managing accounts in Windows.
Enter this command into the Terminal. Make sure you are root authenticated before doing so otherwise, you will not be able to save the file.
As you will see, you do not need to access this file with root permissions. After entering this command, you will see the lightdm.conf file in a separate editable window.
Click to reveal screenshot and third bullet.
Typing this line into this file does exactly what it says it does. It sets the “allow-guest” variable, which controls whether the guest account can be used, to false and denies all access to the account.
Restart the Ubuntu Demo Image by clicking the gear button on the right of your desktop’s top menu, going to Shut Down, and then clicking Restart.
When your image restarts, click the “cyberpatriot” button on the top-right of your desktop and check whether the Guest Session has been removed from the login screen.
Click to reveal last bullet.
Sources:

69. Sources: http://xmodulo.com/2013/12/set-password-policy-linux.html,
Password Age Policy
In a terminal, type sudo gedit /etc/login.defs
Maximum Password Duration:
Minimum Password Duration:
Password Warning Before Expiration:
PASS_MAX_DAYS 90
PASS_MIN_DAYS 5
PASS_WARN_AGE 7
You may have noticed earlier when we were modifying password policy that we neglected to handle a few settings that we were able to set in Windows password policy. Can anyone think of what we have not done yet?
Maximum and minimum password age. As a reminder, maximum password age requires users to change their passwords often and minimum password age prevents users from quickly cycling back to their favorite passwords despite the password history policy.
To change these settings, we will need to edit a different file than one of the PAM files. This file is called login.defs.
Click to reveal instructions for opening the login.defs and screenshot. Students should follow the instructions to open up the file.
This file is much longer and more complicated than any of the PAM files we have looked at. We only need to modify three lines of code in this long document. To easily find these lines, click inside the file, hit Ctrl+F and type “pass” or just search the file until you see the Password Aging Controls section.
Click to reveal red circle.
Here is where we can set the maximum and minimum password duration, as well as the date at which users will be warned about needing to change their password. PASS_MAX_DAYS refers to maximum duration, PASS_MIN_DAYS refers to minimum password duration, and PASS_WARN_AGE refers to the warning date. Does anyone remember what the recommended settings are for these variables?
Click to reveal recommended settings.
We did not talk about the warning date in Windows, but a good policy is to set this to 7 days, so that users have a full week to receive warnings about needing to change their password.
Once you finish adding these lines, save the document and close it.
Sources:

70. System Logs Can add different types of logs
Similar to Windows Event Viewer
From the Search field, type System Log
Four types of logs
auth.log: Tracks authentication events
dpkg.log: Tracks software events
syslog: Tracks operating system events
Xorg.0.log: Tracks desktop events
Can add different types of logs
Does anyone remember what Event Viewer does in Windows?
Event Viewer is a security tool that allows you to view records of changes and other events that have happened on your computer. Event Viewer is a key tool for cybersecurity professionals, who use it to monitor system changes, the inner workings, and less visible processes run by a computer.
Does anyone remember the type of tasks that the Windows Event Viewer monitored?
Examples: Login events, account settings changes (enabling/disabling accounts, changing passwords, etc.), attempts to gain access to sensitive files
There is no exact analogue to the Windows Event Viewer in Linux, but the System Log is close. It monitors events occurring on the operating system.
Click to reveal instructions for accessing the System Log and screenshot.
Click to reveal next bullet and red circle.
The system logs monitor four different types of logs by default. You can see these in the panel on the left of the System Log window.
Click to reveal sub-bullets and next screenshot.
auth.log tracks events that prompt for user passwords. These events include uses of PAM files and the invocation of the sudo command.
dpkg.log tracks software events, including installations, updates, and access attempts.
Syslog tracks events from the operating system itself, such as error messages and other flags from the system.
Xorg.0.log tracks events from the desktop, including GUI events, service changes, and graphic card errors.
Click to reveal last bullet.
These four logs are the only ones there by default. You can also add different logs to this application like events related to . For example, this machine may have a mail.log in this window.
Sources:

71. Audit Policies
Unlike Windows, auditing is not set up by default in Ubuntu
Three step process
Install, type sudo apt-get install auditd
Enable: type sudo auditctl –e 1
Modify: type sudo gedit /etc/audit/auditd.conf
Who remembers what audit policies do in Windows?
Generate events that can be monitored for cybersecurity purposes.
Audit policy is not configured by default in Ubuntu. However, it can be set up easily using three commands.
Click to reveal second bullet and first step of the process.
The first step of the process to set up audit policy is to install this Ubuntu software. This can be accomplished using the apt-get command, which controls software installs and modifications. Typing “apt-get” and then “install” lets the operating system know you want to install a program. “auditd” is the name of the software we need for auditing.
Click to reveal second step and screenshot.
After installing the program, the next step is to enable audit policy. We do this using the “auditctl” command. (This command does not exist before installing auditd in the previous step.) We then enable the service by using the option “-e 1.”
Click to reveal final step and screenshot.
Finally, you can view and modify audit policy using the gedit command. We will not delve into this file deeply at this time.

72. Services Can be run in the GUI
To install, type sudo apt-get install bum
To run, type sudo bum
The final things we will talk about in this module are services. Services in Ubuntu run very similarly to how they do in Windows. They can be turned on and off from the GUI after installing an application for them.
Click to reveal second bullet.
First we install bum, which is an acronym for Boot Up Manager.
Click to reveal third bullet and screenshot.
The Boot Up Manager lists all currently running services and allows you to start, stop, and disable all of them on the system.
To enable a service, click the checkbox in the column to the left.
To start a service, right click the service and select the option to start the service. If a service is started, the light bulb in the right column will be lit up. If it is stopped, the light bulb will be dark.
Do you remember from our Windows modules what types of services should not be run?
The most insecure services are those that allow remote connections. In many cases, these services have benevolent uses, but they can increase your computer’s vulnerability if they are used by individuals trying to hack your system.

73. Activity 4-5: Intermediate Ubunt
Instructions (Workbook Page 21):
Complete the tasks outlined in your workbooks
Do not change or delete anything not listed in your workbooks
Give students minutes to complete Page 21 of their workbooks. If time and computer resources allow, have each student complete the activities separately.
This activity will run the students through many of the tasks that were outlined in the last sections. This may be a difficult activity for the students because it requires heavy use of the command line. It is recommended that the instructor flips back to slides to help any students who are having trouble with any of the problems.
Answer key: .
Answers should bum, auditd, openssh-server, members, and gufw
authentication failure; logname= uid=1021 euid=0 tty=/dev/pts/4 ruser=cyberpatriot rhost= user=root

74. Linux Conclusion
Ubuntu and other Linux operating systems are both very similar and very different to Windows operating systems
Ubuntu is vulnerable to many of the same problems as Windows systems
Securing Ubuntu requires some knowledge of the command line environment
What did you learn today? How would you compare the Linux family to Windows operating systems? How would you compare Ubuntu to Windows 7?
Click to reveal first conclusion bullet.
Click to reveal second conclusion bullet.
Click to reveal final conclusion bullet.
If the students did not receive significant instructor help when they created their checklist during the Checklist Challenge activity in Module 3, remind them that they should bring their workbooks to use as a reference during the AFA CyberCamp competition.