Presentation is loading. Please wait.

Presentation is loading. Please wait.

CyberPatriot Competition!

Similar presentations


Presentation on theme: "CyberPatriot Competition!"— Presentation transcript:

0 This module is on Ubuntu
This module is on Ubuntu. This will probably be the most unfamiliar topic for most of you, so we will go slowly and have a lot of time to practice to ensure that everyone understands the concepts. As you demonstrate how to navigate Ubuntu in this module, students should follow along on the Ubuntu Demo Image you have downloaded to their machines. Module 4

1 CyberPatriot Competition!
AFA CyberCamp Format Day One Cyber Safety Day Two Windows System Administration Day Three Intermediate Windows Security Day Four Intro to Linux and Ubuntu Security Day Five CyberPatriot Competition! This is the last module before our competition!

2 Module Four Learning Objectives
1. Linux Intro Review -Become familiar with important vocabulary and navigating the Ubuntu interface 2. Basic GUI Security - Apply key security principles to an Ubuntu system in the Graphic User Interface (GUI) 3. Intro to Command Line - Understand command line syntax and explore using commands through code 4. Basic Command Line Security - Use command line to change account management settings 5. Intermediate Ubuntu Security - Make intermediate security settings using command line and the GUI Today, we will dive back into Ubuntu. While the cybersecurity principles we learned in the last few modules apply across operating systems, navigating Ubuntu will take some getting used to. Make sure to take notes, especially when we start discussing command line. As we talked about briefly in the last module, unlike in Windows, in Ubuntu, there are some security settings that have to be made with code and not in the Graphic User Interface.

3 Devote minutes to Instruction Slides 4-5 including giving students minutes to complete the tasks on Page 15 of their workbooks. While it is recommended to take notes throughout the Linux portion, there are some slides that distinctly say “Take Notes!” these slides will directly correlate with later lab activities. Linux Intro Review

4 Review: Adding and Removing Software
Software is bundled into packages Packages are managed by package managers Click the Ubuntu Software Center in the left-hand menu Have the students follow along on the Ubuntu Demo Image. As we discussed yesterday, Ubuntu uses packages to store everything that a particular program needs to run. A 'package', then, is essentially a collection of files bundled into a single file, which can be handled much more easily. Packages are inventoried and controlled by package managers. In Ubuntu, the package manager is called “Ubuntu Software Center”. Ubuntu Software Center looks a lot like app storefronts you have probably seen before, such as iOS, OS X’s App Store, and Microsoft’s Windows Apps program. This is where you download new software for your operating system. Click for next bullet and screenshot. Click to reveal red box around All Software. You can download both free or pay-for-use software to your machine using the All Software button. You can manage software you have already installed using the Installed button. You would use this button to uninstall existing software. Click to reveal red box around Installed. To view a log of all the recent software changes (installs, removals, and updates) on your system, click the History button. Click to reveal red box around Updates. Whenever you attempt to install new software using the All Software button or uninstall or modify existing software using the Install button, you will be prompted to login to the using root permissions. We will talk more about how to do this later in this module.

5 Activity 4-1: Linux Familiarization Lab
Instructions (Workbook Page 15): Open the Ubuntu Demo Image in VMware Player User: cyberpatriot Password: CyberPatriot! Complete the tasks outlined in your workbooks Do not change any passwords or user account settings Give students minutes to complete the tasks on Page 15 of their workbooks. This lab will review some of the basic capabilities of the Ubuntu operating system. If time and computer resources allow, each of the students should complete the tasks alone. Stress that the students should not change any passwords or user account settings. If the students are unsure whether or not they can change something during this part of the activity, they should not make the change, as there is a possibility it will affect later portions of this module’s activities. Answer Key: . It is safe and useful because the program is well-known and used in businesses and homes all over the world. The reviews seem legitimate and emphasize its import. Microsoft Word Rhythmbox Music Player /home/hypatia/Downloads/infinity They cannot access the folder because they need to enable root permissions to do so. They are authorized to do so because they are administrators. However, they need to authenticate their identity first. Sources:

6 Basic GUI Security Devote 15-25 minutes to Slides 7-16.
Allow the students minutes to complete the Activity 4-2 :Linux GUI Security Lab on Slide 16, Student Workbook page 16. Throughout this section, students should follow along in the Ubuntu Demo Image as you show them how to change security settings in the Ubuntu GUI. Basic GUI Security

7 User Accounts No Control Panel like in Windows
Click the System Settings in the left-hand menu Click User Accounts in the System Settings window Unlike Windows Operating Systems, there is no Control Panel or Action Center in Linux from which you can modify all of your basic security settings. There is a System Settings menu, but it does not offer as many options as Windows’ Control Panel or Action Center. Click to reveal red box. To access the System Settings, click the System Settings icon in the menu on the left of the desktop. Note: The entire System Settings window may not all fit in one VMWare window. If it does not fit, you must use the VMWare scroll bar to view the bottom menu options. As you can see, there are some similarities here with the Windows Control Panel. Can you identify anything here that may be helpful for improving the security of an Ubuntu operating system? Click to reveal red box around User Accounts. User accounts is similar to Windows. This is where an administrator can make changes to all users.

8 User Accounts Select the user archimedes
To make changes, click Unlock and authenticate. Keep Automatic Login set to off The user account type can be changed by clicking the field next to Account Type Students should follow along on the Ubuntu Demo Image. The User Accounts section is the most important section in the system settings menu for improving security. This option is very similar to the User Accounts window in Windows. Clicking the User Accounts button brings up a list of all the users on the image. All of the users on this image are famous mathematicians. Click to reveal next image and instruction. Only users with root permissions can make changes to other users’ account types and passwords. Individual users can change their own password, but not their user type. Any administrator who makes changes in User Accounts needs to unlock the window (that is, make user information editable) and authenticate his or her identity. To unlock the window, click Unlock in the top right and enter your password. Ubuntu requires administrators/root users to authenticate themselves before making changes to someone else’s password or account. Ubuntu can automatically log a user in when the computer is turned on. This feature is disabled for all users and should be kept that way by default. If it is not, anyone could gain access to a user’s information just by booting up a computer. To change the user type of a user, click Administrator or Standard. Selecting Administrator gives the user root permissions, while Standard does not.

9 User Account Passwords
Click the field next to Password Set a password now allows you to change a user’s password Do not select Log in without a password The third option allows you to disable or enable an account Press Cancel to return to the User Accounts windows To change a user’s password, click the Password field. Click to reveal next bullet and screenshot. After clicking the field next to Password in User Accounts, you will see a window that looks like this. In that window, click the field next to Action. Click the first option to change a user’s password. If you are an Administrator and you are changing your password, you will need to enter your old password before creating a new one. This provides an extra layer of authentication. Since you already authenticated to make the User Accounts window editable, if you try to change another user’s password, you do not need to enter your password or the user’s old password. Click to reveal next red box and bulleted instruction. Clicking the second option in the field next to Action allows a user to log on without a password. This is very insecure and should never be selected. If it is selected, you will see the boxes for typing a new password grayed out. To disable a user account, click the final option in the Action field. This option does not delete a user’s account, but instead changes the user’s password to an encrypted value that is extremely difficult to crack. A user can therefore only enter their account when an administrator removes the encrypted password by re-enabling the account. Why might this be important? An employee may not have left the company, but may have their account frozen due to disciplinary action, failure to complete an action, or because the administrator needs to access the account without the user changing anything. Click to reveal red box around Cancel to not save changes.

10 User Accounts Making Changes: Users can be added or removed
Use Bottom left +/- Must be Unlocked first Only Users with Root Settings can make changes Must authenticate to make changes Never allow automatic log in To Change User Type: Click Administrator or Standard from User Type drop down box Students should follow along on the Ubuntu Demo Image. Click to reveal first set of text. The User Accounts section is the most important section in the system settings menu for improving security. This option is very similar to the User Accounts window in Windows. When you click the User Accounts button it brings up a list of all the users on the image. All of the users on this image are famous mathematicians. Click to reveal first second set of text. Only users with root permissions can make changes to other users’ account types and passwords. Individual users can change their own password, but not their user type. Any administrator who makes changes in User Accounts needs to unlock the window (that is, make user information editable) and authenticate his or her identity. To unlock the window, click Unlock in the top right and enter your password. Ubuntu requires administrators/root users to authenticate themselves before making changes to someone else’s password or account. Click to reveal third set of text. Ubuntu can automatically log a user in when the computer is turned on. This feature is disabled for all users and should be kept that way by default. If it is not, anyone could gain access to a user’s information just by booting up a computer. Click to reveal last set of text and instruction. To change the user type of a user, click Administrator or Standard. Selecting Administrator gives the user root permissions, while Standard does not.

11 Configure Updates Click Software & Updates in the System Settings window Now, we will talk about keeping your Ubuntu system up-to-date. As we talked about during the introduction to Linux, most Linux software is open source, which means that some programs may be insecure because they come from unknown sources or have not been properly debugged. However, updates are released very frequently, so it is important to make sure you have the latest patches for your software. It is possible that students may also see a box about upgrading to a newer version of Ubuntu. Students should NOT upgrade to a newer version of Ubuntu. To show what files need updating, click settings in the bottom-left of the Update Manager window.

12 Update Policy Three Important Tabs Ubuntu Software Other Software
Updates After clicking Settings, a window will open that allows you to customize the types of updates and downloads that you can apply to your operating system Click to reveal first bullet and screenshot. Ubuntu Software tab allows you to determine from which sources you want to download Ubuntu sources. Why might this be important? Because Ubuntu is open-source, you need to be careful you are only downloading from trusted users, not all of them Click to reveal second bullet and screenshot. The Other Software tab is the same as the Ubuntu tab, but applies to non-Ubuntu software (outside applications and software, for example). These programs are not made by the developers of Ubuntu. All of these options should therefore only be selected if you can be reasonably sure they are secure and do not conflict with any of the needs of anyone using the system. Click to reveal third bullet and screenshot. The first section of the Updates tab allows you to customize where you want to install updates from. Which of these three options do you think should be checked? Remember, we want to be sure we know where our updates are coming from and that they are not buggy or insecure. Important security updates should definitely be checked because they provide important fixes to known vulnerabilities. Recommended updates should also be checked. These updates will not necessarily be important for security, but they will fix other major issues with outside software. Unsupported updates should only be downloaded if you know exactly what they will be used for and if you are reasonably confident that they will not harm security. Checking these boxes does not automatically begin the install process. You will still have the option to manually select individual updates, as we will see in a moment. You can also select how often you want the OS to check for and display new updates. As was the case with Windows, we want to automatically check for updates daily so that the operating system stays up-to-date. Security and recommended updates should be set to display automatically for the same reason. Have the students leave Important security updates and Recommended updates unchecked for now. They will be asked to check these boxes during their next Lab activity. The last three tabs are more advanced and will not be discussed in this camp.

13 Installing Updates Click the Ubuntu button in the left-hand menu and search for Update Manager The update manager is a very easy way to install the latest updates. Once the students have all opened the Update Manager, click for the next screenshot. Clicking on this for the first time will bring up a screen like this. You will see that there are not any updates to ready to be installed. That’s because, as we saw on the last slide, it’s not configured to install Important Security Updates or Recommended Updates. The students may see a box that asks them to check for updates manually. This can be ignored. Students may also see a box about upgrading to a newer version of Ubuntu. They should NOT upgrade to a newer version of Ubuntu. Click to reveal red box around the red settings box. Another way access the Software & Updates configuration is by clicking the Settings… button in the Software Updater

14 Source: https://help.ubuntu.com/community/UFW
Local Firewall Built-in Firewall: ufw Not activated by default Command line interface GUI interface: gufw Does anyone remember why firewalls are important from when we talked about them in our Windows discussion? Firewalls are designed to prevent unauthorized access to a system. They can be implemented via hardware or software. The Students were supposed to install gufw (and ufw) during their previous lab activity. If it’s not there, the students need to install it via the ubuntu software center. Click to reveal first bullet. Like Windows, Ubuntu has a built-in firewall. It is called the Uncomplicated Firewall (UFW) Click to reveal second bullet. UFW is turned off by default because Linux is used more frequently as a development tool than Windows is. Programmers prefer having more freedom to accomplish tasks without having traffic blocked by default. Instead, developers work to customize the firewall to their personal specifications before turning it on. However, for general use, it is best to turn the firewall on by default, especially if you are unsure about how to customize it. Click to reveal third and fourth bullet and screenshot. The firewall is a command line-only tool by default, but a GUI can be installed to make it easier to configure. This GUI is called the Graphical Uncomplicated Firewall (Gufw). You should have installed this earlier as part of the Linux Familiarization Lab activity. The next slide walks through how to customize the firewall using Gufw. If students have not installed this program (they should have done so during the Linux Familiarization Lab activity on Slide 14), have them do so now. It can be installed by going to the Ubuntu Software Center, and searching for Gufw or Firewall Configuration. Source:

15 GUFW – Customizing Settings
Go to Search → Firewall Configuration Or Click Authenticate Click Status → On Default: Deny all incoming traffic Allow all outgoing traffic Deny vs. Reject Preconfigured Rules To configure the firewall, the first thing you need to do is turn it on. NOTE: “Firewall Configuration” does not always show up in search immediately after installing it. Instead click the shield icon, or have the students log out and log back in again. Have the students follow the directions on the screen to turn on the Ubuntu Demo Image’s firewall. Remind them that they will need to unlock the firewall after the window pops up. This can be accomplished by entering the administrative password for authentication. After all the students have turned the firewall on, click to reveal screenshot and first bulleted text set. Gufw’s default settings are very secure. If it is not necessary to customize the firewall for the specific requirements of the user’s organization, these settings can be left as they are. All outgoing traffic from the user’s computer to other computers is allowed to pass through automatically. All traffic coming into the computer is denied. This is very secure as it blocks any outside users who may be trying to access the computer without users’ knowledge. Click to reveal second bullet and screenshot. In addition to allowing and denying traffic, the firewall can reject traffic. There is a very slight difference between Deny and Reject. Denying means denying the traffic without informing the connection that it has been blocked. Rejecting means denying traffic and informing the outside connection that its data packet has been blocked. Reject is not a good option to select for all incoming traffic, but for certain programs it can be good to notify other computers that their connection has been blocked. The shield is color-coded based on incoming and outgoing rules. The top third of the shield corresponds to incoming traffic and the bottom third corresponds to outgoing traffic. Green means Deny, blue means Reject, and red means Allow. Click to reveal third bullet and screenshot. The Preconfigured rule panel allows incoming and/or outgoing traffic to be controlled for certain applications or services. Tools such as Skype may be controlled by selecting the application from the menu and setting the other menus accordingly to restrict or allow traffic. This panel is very similar to Firewall Exceptions in Windows. There are some programs that you do trust and which you do not want blocked by a firewall. It is much safer to allow these programs through a firewall than to open an entire port. Have the students enable incoming traffic on ports 80 and 443, which control HTTP and HTTPS respectively. Source:

16 Activity 4-2: GUI Security Lab
Instructions (Workbook Page 16): Open the Ubuntu Demo Image in VMware Player User: cyberpatriot Password: CyberPatriot! Complete the tasks outlined in your workbooks Do not change any passwords or user account settings Give students about minutes to complete the tasks listed on Page 16 of their workbooks. If time and computer resources allow, have each student complete the activities separately. This lab will review some of the basic ways of improving the security of an Ubuntu operating system. It will have the students run through many of the activities that were discussed in the previous slides. Stress that the students should not change any passwords or user account settings not mentioned in the activity. The students might need the passwords for some of the other user accounts to complete some the tasks in their workbooks. Some user names and passwords for the accounts on the system are below: User Name: cantor Password: CyberPatriot! User Name: gauss Password: password

17 Intro to the Command Line
Devote minutes to Slides Allow an additional minutes for students to complete the Activity 4-3 Linux Command Line Lab I on Slide 31, Student Workbook pages This section will cover basic commands and command line syntax. Remind the students again that they should take notes. Some of the settings made in command line cannot be duplicated in the GUI, so it is important to have notes of the relevant commands. Walking through the steps in this section will show students how to perform basic command line tasks including: Navigating the Linux filesystem Accessing and reading command manuals Manipulating files (creating, copying, moving, removing) Viewing the contents of files Simple output redirection Now that we have applied some very basic security settings, you will learn how to make your systems even more secure without using the Ubuntu GUI. As we discussed earlier, one thing that sets Linux apart from Windows operating systems is its heavy focus on the command line. We will learn how to perform some very simple tasks in command line before we apply this knowledge to making our operating systems more secure. Intro to the Command Line

18 Linux Filesystem Linux filesystem tree
Base or trunk of the tree is the root directory (/) Branches of the tree are directories Leaves of the tree are files Linux commands, files, and directory names are case sensitive Filesystems can be thought of as a tree. One of the defining features of Linux and other UNIX-like operating systems is that “everything is a file” including directories, hardware devices, system information, and other things. In Linux, everything is underneath the root directory, which is represented as single forward slash /. You can think of the root directory as the base, or trunk, of the tree. You can think of directories as branches of that tree. You can think of files as the leaves of that tree. There are no restrictions on what you can or cannot name files and directories. However, it is important to remember that all commands, files, and directory names are case sensitive.

19 Open a terminal Click the Ubuntu button Type terminal
Press Enter or click the icon labeled Terminal Have the students follow the directions on the side to open a terminal

20 Basic Navigation Commands
pwd “Present Working Directory” Prints out your current working directory ls [FILE]… “List Segments” Optional file/directory paths as an argument cd [dir] “Change Directory” Optional directory path as an argument Absolute paths Starts from the root directory (/) cd /home/cyberpatriot/Music Relative paths Start from the current directory (.) cd ./Music or just cd Music One dot (.) indicates the current directory Two dots (..) indicates the parent directory The pwd command prints out your “Present Working Directory” The ls command was originally an acronym for “list segments” This acronym is outdated Today this command is used for listing files. The ls command takes an optional “argument” specifying a file (or directory) to “list” If no argument is passed to ls it lists the files in your current working directory The cd command will change your current working directory The cd command takes an optional argument specifying the directory you want to make your current working directory If no argument is passed to cd, it will make your “home directory” your current working directory Click to reveal absolute vs relative path information When specifying file or directory paths as arguments there are two ways to do this, absolute paths or relative paths Absolute paths always start with the root directory which is a forward slash ( / ) Relative paths start with a file or directory inside your current working directory There are two special directory names inside every directory that you may also use to start a relative path One dot ( . ) represents the current working directory Two dots ( .. ) represents the parent directory. For example. the parent directory of /home/cyberpatriot is /home

21 Basic Navigation Commands
Type the following commands in order: cd pwd ls cd ./Music cd ../Documents Have the students type the commands exactly as shown

22 Command Manuals and Usage
man [section] page “Manual” Displays the manual for a command Type man man and press Enter Displays the manual for the command “man” Use the arrow keys or PgUp/PgDn to scroll up and down The man command displays the manual for that command For example, you can view the manual for the man command by typing man man Click to display instructions for the students to follow Type the command man man and use the PgUp/PgDn keys to scroll up and down Give the students a brief amount of time to view the manual for man before continuing Click to display instructions on how to quit the man program Type q to exit before we continue Type q Exits man

23 Command Manuals and Usage
Many commands have a --help or –h option Type ls --help and press Enter Displays help for the command ls Often, commands will display help text if you pass the command a --help (dash-dash-help) or a -h (dash-h) option Click to reveal instructions for students Type the command ls --help as shown What does the help output say about the -1 (dash-one) option? Test out the ls –l option by typing it into your terminal now (ls dash-one) What does the -1 (number one) option do? Type ls -1

24 File Manipulation Commands
cp SOURCE… DEST “copy” Used to copy a file (or directory) to a new location Can copy multiple source files into a destination directory mv SOURCE… DEST “move” Used to move or rename a file (or directory) Can move multiple source files into a destination directory touch FILE… Opens and closes a file Creates an empty file if it does not exist rm FILE… “remove” Remove one or more files or directories The cp command can be used to copy one or more files The cp command takes at least two arguments, one or more sources and a destination If the destination is a directory, it will copy the source file(s) into that directory If the destination is a file or does not exist, it will create or overwrite the destination file with the source file The mv command can be used to move one or more files The mv command takes at least two arguments, one or more sources and a destination If the destination is a directory, it will move the source file(s) into that directory If the destination does not exist, the source file will be renamed to the destination If the destination is an existing file, it will be deleted and the source file will be renamed to the destination The touch command will open and close a file without doing anything else. This may update the files “last access time” This will also create the file if it does not exist The rm command will remove any files passed as arguments

25 File Manipulation Commands
Type the following commands in order: cd touch Documents/a cp Documents/a b mv b c ls ./ Documents rm c Documents/a Have the students type the commands exactly as shown Touch created the file Documents/a, we then copied it to b, and then we moved b to c We can see the new files Documents/a and c from the output of the ls command After we remove the files with rm, the ls command no longer shows the files

26 File Contents and Output Redirection
cat [FILE]... “Concatenate” Concatenate files and prints to standard output Commonly used to print the contents of a single file file file... determines the type of a file echo [STRING]... displays a line of text in the command line [command] > FILE The standard output of any command can be redirected to a file with a “greater than” symbol This will create a new file or overwrite an existing file The cat command stands for concatenate This command may take any number of file names as arguments The cat command will concatenate all of the files together and print them to standard output The cat command is commonly used to print out the contents of a single file Under normal circumstances, when a program prints text, it prints to what is called standard output Sometimes, when printing error messages, a program prints to what is called standard error Both standard output and standard error appear as text in the terminal The file command displays information about one or more files that are presented as arguments on the command line The echo command will print whatever you put on the command line to standard output The greater than > symbol allows you to redirect standard output to a file Use this with care, if the file exists it will be completely overwritten with the new contents.

27 File Contents and Output Redirection
Type the following commands: cd echo “Hello” > hello echo “World!” > world ls cat hello world Have the students type the commands exactly as shown Click to reveal the results of running these commands We create two new files, hello and world, containing their respective strings Using the cat command we can concatenate and print out the result

28 File Contents and Output Redirection
Type the following commands in order: cat hello world > helloworld ls cat helloworld file helloworld file Music/4.mp3 rm hello world helloworld Have the students type the commands exactly as shown Click to reveal the results of running these commands Again we use the cat command to concatenate the contents of the files hello and world, but this time we redirect standard output to a new file called helloworld If we cat out the file helloworld, we can see that it does indeed contain the concatenation of the files hello and world The file command tells us that the file helloworld is an ASCII text file The file command also tells us that file Music/4.mp3 is indeed an mpeg layer 3 audio file, and it even prints out the bitrate, sampling frequency, and number of channels for us.

29 File Editing gedit [FILE]… nano [FILE]… Easiest
Open the files in a common graphical editor nano [FILE]… Sometimes there is no GUI Easy to use terminal editor ^O (Ctrl+O) “Write Out” (Save) ^X (Ctrl+X) Exit Editing files on the command line can sometimes be a challenge The easiest thing to do is to use the gedit command gedit is a commonly used graphical text editor The gedit command can take any number of file names to edit as arguments Another option is to use nano Sometimes you may not have access to a GUI The easiest way to edit files without a GUI is to use nano We won’t be using nano for this class, but if you ever find yourself needing to use nano, it has easy to use commands displayed on the bottom of the terminal. Just remember that in UNIX the Caret ^ often stands for Ctrl+, so for example the save command ^O (Caret-o) is just Ctrl+O. Do not type the shift key, just ctrl and o.

30 Type gedit Documents/napier.txt
File Editing Type gedit Documents/napier.txt Have the students type the commands exactly as shown Click to reveal the results of running these commands The gedit command opens the specified file in a new gedit window Close the gedit window by clicking the x in the upper left hand corner Save and close the gedit window before continuing

31 Activity 4-3: Command Line Lab 1
Instructions (Workbook Page 17-18): Complete the tasks outlined in your workbooks Do not change or delete anything not listed in your workbooks Give students about minutes to complete Pages of their workbooks. If time and computer resources allow, have each student complete the activities separately. Answer key: /home/cyberpatriot /home test: MPEG ADTS, layer III, v1, 160 kbps, 44.1 kHz, Stereo i^2 = -1 test: ASCII text Do not create any files Remove directories and their contents recursively JPEG (or jpg) Version 1.3 1 = …

32 Security and the Command Line
Devote minutes to Slides Allow an additional minutes for students to complete the Activity 4-4 Linux Command Line Lab II on Slide 66, Student Workbook pages This section will cover basic commands and command line syntax. Remind the students again that they should take notes. Some of the settings made in command line cannot be duplicated in the GUI, so it is important to have notes of the relevant commands. Now that we have applied some very basic security settings, you will learn how to make your systems even more secure without using the Ubuntu GUI. As we discussed earlier, one thing that sets Linux apart from Windows operating systems is its heavy focus on the command line. We will learn how to perform some very simple tasks in command line before we apply this knowledge to making our operating systems more secure. Security and the Command Line

33 The Password file – Take Notes!
/etc/passwd Usually does not contain passwords (anymore) Contains user information Type cat /etc/passwd Despite it’s name, the password file does not actually contain passwords anymore Passwords used to be kept in the password file, along with user information, but this is generally a bad idea since everyone on the computer can read the password file Instead encrypted passwords are stored in the “shadow” file which we will cover later Click to reveal instructions to view the password file. Type cat /etc/passwd (sometimes pronounced like “etsee password”) Notice this is an absolute file path since it starts with the root directory Click to reveal instructions to view the password file manual Type man 5 passwd now. Give the students a minute to read the manual, but it’s long so you’re going to have to interrupt them Press q to quit man Type man 5 passwd to view the manual for the password file When you are done, press q to quit

34 The Password File – Take Notes!
User Name User ID Password Group ID User Name The name associated with this user account This is primarily used by humans to identify a user account Password x denotes password is stored in shadow file User ID – Numerical user ID, or “UID” The OS internally identifies users using their UID not Username Group ID – Numerical primary group ID, or “GID” The User Name field is the user name you use to log in with This is what people usually use to identify user accounts Click to reveal information about the password field Although this can contain an encrypted password, this field is usually an x indicating that the password is stored in the shadow file Click to reveal information about the User ID field Each user has a numeric User ID, and this is how the Operating System internally identifies users Click to reveal information about the Group ID field Each user may belong to multiple groups, but this is the ID of the users “primary” group. Again the Group ID is how the Operating System internally identifies groups.

35 The Password File – Take Notes!
User Name User ID Comment Home Directory Shell Password Group ID Comment Typically used to store the users “real name” Home Directory The current working directory when this user log in Shell The shell (or command) that gets executed when you log in How this user interacts with the computer when logging in on the command line The Comment field can contain anything, however it is typically used to store the users “real name” Sometimes this defaults to the “user name” if no “real name” is given Click to reveal information about the Home Directory field The Home directory field specifies the current working directory when this user logs in If this user types cd with no arguments, this is the directory the user will be taken to Click to reveal information about the Shell field This is the command that gets executed when the user logs in via a terminal This is typically a shell, but could be any command A shell is a special program that controls everything you can do and see within a terminal Your shell executes all the commands you type and displays their output in the terminal window

36 What are all these users?
The Password File What are all these users? UID 0 – “root” UID – “nobody” UIDs 1-99 – special system users UIDs >= 1000 – human users start at 1000 Why can’t I see all these users in the GUI? UIDs less than 1000 are hidden Hidden in the display manager (lightdm) Hidden in the System Settings->User Accounts What are all these users doing on my system? The UID of 0 is reserved for the super user root The UID of is typically reserved for the user nobody The UIDs of 1-99 are traditionally reserved for special system users Other UIDs up to 1000 are typically reserved for other non-human users Click to reveal the question. You might be wondering, why can’t I see all theses users when I log in or manage user accounts via the GUI? That’s because the GUI automatically hides all UIDs < 1000? How might an attacker exploit this? Attackers could create hidden users What can you do to protect yourself? You can regularly review the password file manually

37 Listing Users Try running the following commands in the terminal:
whoami Prints your current username users Prints the user names of users currently logged in to the current host who Prints information about users who are currently logged in w Displays information about the users currently on the machine, and their processes The whoami command prints out your current user name The users command prints out the user names of the users currently logged in The who command prints out some information about the currently logged in users The w command displays information about the users currently logged in and their processes Run these commands in your terminal to view their output Click to reveal the command results. The output on the students machines will vary slightly.

38 Type man 5 group to view the manual for the group file
/etc/group Defines the groups on the system Type cat /etc/group The group file defines the user groups on the system Click to reveal student instructions Type cat /etc/group (sometimes pronounced “etsee group”) These are the groups currently present on your computer Type man 5 group to view the manual for the group file Give the students a short amount of time to briefly review the manual Type q to quit man Type man 5 group to view the manual for the group file When you are done, press q to quit

39 The Groups File Group Name Password Group ID User List
The name of the group This is primarily used by humans to identify a group Password Generally not used Group ID The OS internally identifies groups by their GID not Groupname User List The list of users that belong to this group Let’s inspect the contents of the group file The first field in the group file is the Group Name Just like a user name, this is what humans use to uniquely identify the group Click to reveal information on the password field The password filed is generally not used, but it is possible to set passwords for groups Click to reveal information on the group ID field The Operating System uses the group ID internally to identify groups This is the Group ID that we saw referenced in the password file Click to reveal information on the User List field The User List field contains a comma separated list of users that belong to this group. If a user has this group set as his or her “primary group”, then this user belongs to this group and may or may not be listed in in the “User List” field

40 Groups groups [USERNAME]
Prints the groups a user is in Try running the following commands in the terminal: groups groups cantor groups euclid The groups command will print the groups that a user belongs to If no user is specified as an argument, it defaults to the current user Click to reveal student instructions Run the following commands in your terminal Notice that cyberpatriot is in the sudo group Also notice that euclid is in the geometry group

41 The getent Command getent database [key]...
Database may be passwd, group, or shadow If key is not specified, it displays the entire file If one or more keys are specified, displays only those lines Type the following commands getent passwd fermat getent group users The getent command can be used to display information from the password, group, or shadow file The first argument should be passwd, group, or shadow The second argument may be one or more users or groups If no key is specified it will display the entire contents of the file Click to reveal student instructions Try typing the following commands Click to reveal the command output As you can see from this example the getent command displays selected lines from the password or group files

42 File Permissions Traditional Unix access control
File modes or permissions Every file/directory has an owner and group File modes determine the permissions granted to: The “user” who owns the file The “group” this file belongs to Any “other” users Three types of permissions read, write, execute Access to files and directories in UNIX is traditionally controlled using file modes. Access control is a huge security topic File modes are a typically example of one specific type of access control called “Discretionary access control” Click to revel file ownership text In UNIX every file and directory has an owner and group associated with it Click to reveal file mode text File modes determine the permissions that are granted to the user who owns the file, the group this file belongs to, and any other files. user, group, and other are represented by the letters u, g, and o Click to reveal permission type text The user, group, and others may be granted read, write, and execute permissions These permissions are represented by the letters r, w, and x

43 File Permissions ls -l [FILE] Type ls –l pythagoras.sh
ls command with the lower case letter “l” option Long listing format Shows a file’s owner, group, permissions and other information Type ls –l pythagoras.sh The ls command has a very useful option -l (dash-el), the lowercase letter l. This option will produce output using the “long listing format” Click to reveal student instructions Type ls -l pythagoras.sh Click to reveal the command output This is the what you should be seeing in your terminals Let’s examine this closer Click to reveal file mode bits File mode bits will be covered in detail on the next screen, this determines the permissions given to the Click to reveal Links Links is the number of hard links to this file. We will not be discussing hard links further. Click to reveal Owner Owner is the user who owns this file Click to reveal Group Group is the group this file belongs to Click to reveal Size Size is the size of this file in bytes Click to reveal Date Modified Date Modified is last time this file was written to Click to reveal File File is simply the name of the file File Mode Bits Owner Size File Links Group Date Modified

44 Files Permissions File Mode Bits Type User/Group/Other
Owner User (Owner) Other The file mode “bits” are represented by 10 characters The first character represents the file type. For example, a file type of d means this is a directory and file type of l means this is a symbolic link Click to reveal User/Group/Other file mode information The next three characters represent the permissions granted to the user that owns this file The next three characters represent the permissions granted to the group that this file belongs to The final three characters represent the permissions granted to any other users The next slide continues with this example File Mode Bits Type Not part of the permissions “d” means directory, “l” means link User/Group/Other “r” means read permissions are granted to this user “w” means write permissions are granted to this user “x” means execute permissions are granted to this user

45 Files Permissions Who can do what with the file pythagoras.sh?
Group Group Type Owner User (Owner) Other In this example, who has been granted permissions to do what with the file pythagoras.sh? Click to reveal user “who” What can the owner cyberpatriot do? Click to reveal user “what” There is an r, w, and x present in the user section of the file mode, this means the owner has read, write, and execute permissions. Click to reveal group “who” What can the group users do? Click to reveal group “what” There is an r, and an x present in the group section of the file mode, this means the group users has been granted read and execute permissions Click to reveal other “who” What can the any other users do? Click to reveal other “what” There is no r, w, or x present in the other section of the file mode. This means that any other users can not read, write, or execute this file. Who can do what with the file pythagoras.sh? The user “cyberpatriot” (owner) Has read, write, and execute permissions The group “users” Has read and execute permissions Other users Have no permissions

46 Hidden Files Hidden files start with a dot ( . ) ls -a [FILE]
Any file type including directories can be hidden ls -a [FILE] Lower case “a” option Shows all files, including hidden files Options can often be combined ls –la [FILE] Lower case “l” option Shows all files using the long listing format Hidden files in Linux start with a dot ( . ) Any files including directories can be hidden The GUI or the ls command do not show hidden files by default Click to reveal the ls -a command The ls command can take the -a (dash-a) option This option shows all files, including hidden files Click to reveal about combining options Command options can often be combined For example, if you want to do a “long listing” of “all” files you can use the command ls -la (dash-l-a)

47 Hidden Files Type ls –la Remember
Type the command ls -la on your Ubuntu Demo Image now. Click to view the command output The output of your command should look something like this There are lots of hidden files in your home directory, mostly used to store configuration information Click to view information about special directories You should be able to see the dot ( . ) and dot-dot ( .. ) special directories present inside every directory Remember a single dot goes to your current directory, and two dots goes to your parent directory Remember ( . ) is always your current directory ( .. ) is always your parent directory

48 Switching Users Many administrative commands must be run as root
su [username] Change user ID or become superuser If no username specified, defaults to root Must enter password of target user “username” sudo [-u username] command Execute a command as another user May be required to enter your own password Sometimes the root user does not have a password cannot log in cannot authenticate with su Many administrative commands must be run as root There are two common ways to run commands as another user The su command will allow you to “become” a different user, but you have to know the password for that user If you don’t tell su what user you want to “become” it defaults to root. Click to reveal sudo information The sudo command will allow you run commands as another user As a safety precaution sudo will usually ask you for your password before you can do this If you don’t specify the user to run commands as, it defaults to root Usually only certain users are allowed to use sudo such as Administrators or members of the sudo group Click to reveal root with no password information By default Ubuntu does not assign a password to the root user. This is actually very secure since it prevents the root user from logging in. However, this also prevents you from using the su program to become root.

49 Switching to Root You can also switch to root by typing:
sudo su Type your password if prompted Works even if root has no password Type the command whoami Being root can be dangerous so exit Type exit If root has no password, you can still switch to root by typing sudo su This will run the su program as root, and all you need to know is your current users password. By default root can use the su program without need to enter any passwords. Try it out now. Remember sudo may or may not ask you for your password depending on how recently you successfully authenticated to sudo last. After you are root, your prompt should change to a pound or number sign as shown in this screenshot. Type the command whoami to confirm that you are root. You can now run any commands as root. But it’s easy to accidentally mess things up as root so we’re going to exit by typing exit. From now on in this class we’re only going to use sudo to execute commands as root.

50 Adding and Removing Users
useradd LOGIN userdel LOGIN Low level utility for adding and deleting users Exists on all major Linux distributions adduser user deluser user Recommended over useradd/userdel for Debian/Ubuntu Does not exist on some Linux distributions The useradd and userdel commands are present on all major Linux distributions and can add or remove users from the command line. By default these commands have very basic functionality and you have to remember a lot of command line options in order to do things like automatically make users home directories. Click to reveal adduser/deluser command information Debian based distributions, such as Ubuntu, recommend using adduser and deluser instead of useradd and userdel These commands are more user friendly and by default usually do what you want them to do without having to remember a bunch of command line options

51 Adding a User – Take Notes!
Add the user boole Type sudo adduser boole Sudo may prompt you for your password Enter your password if prompted by sudo Practice adding users from the command line by creating a user named boole Only root can add users so we have to use sudo Type sudo adduser boole Remember sudo may or may not prompt you for your password Click to reveal sudo output When prompted type a new secure password for boole Accept all the default options and confirm by pressing Enter repeatedly Click to reveal the final output. When you are finished your screen should look like this Type a new secure password for boole Press ENTER (defaults) Press ENTER (confirm)

52 Removing a User – Take Notes!
The user “wolowitz” is not an authorized user Remove the user wolowitz Type sudo deluser wolowitz (You may be prompted for your password) The user wolowitz is not an authorized user and should be removed immediately Remove wolowitz by typing sudo deluser wolowitz Click to reveal the output of the deluser command Click to reveal the next command Now type getent passwd to print the contents of the password file Is the user wolowitz present in the password file? What about the user boole? Type getent passwd Is the user “wolowitz” present? Is the user “boole” present?

53 Adding and removing groups
groupadd group Creates a new group groupdel GROUP Delete an existing group gpasswd –a LOGIN GROUP Add a user to a group gpasswd –d LOGIN GROP Delete a user from a group Similar to useradd and userdel, all major linux distributions have the groupadd and groupdel commands for creating new groups or deleting existing groups Click to reveal usermod information In order to add or remove existing users to or from existing groups, we can use the gpasswd command Use the -a (dash-a) option to add a user to a group, and the -d (dash-d) option to remove a user from a group

54 Create a New Group – Take Notes!
Create a new physics group Type the following commands: sudo groupadd physics (You may be prompted for your password) sudo gpasswd –a newton physics sudo gpasswd –a lagrange physics getent group physics Now type these commands in order to create the physics group and add newton and lagrange to the physics group Now type getent group physics to print the physics line from the group file Click to reveal the command output The getent command will allow you to verify that newton and lagrange are now in the physics group Your output should look similar to this

55 Delete a Group Delete the armyants group Type the following commands:
getent group armyants sudo groupdel armyants (You may be prompted for your password) groups cooper The group armyants is being disbanded. Delete the armyants group by typing the following commands. Click to reveal the output of the commands Your output should look similar to this You can see that after deleting the armyants group, cooper no longer belongs to that group

56 User Passwords /etc/shadow passwd [LOGIN]
Contains encrypted user passwords and other information passwd [LOGIN] Change a users password If no user is specified, defaults to the current user The /etc/shadow (sometimes pronounced etsee-shadow) file contains the encrypted user passwords Passwords were moved here from the password file because all users need to have read access to the password file. Even though the passwords are encrypted, we don’t want any users to be able to see them to prevent malicious users from using a password cracker. Click to reveal passwd command information The passwd command will change the password for a user If no user is given on the command line, then it defaults to the current user

57 Changing User Passwords
Type the following commands: sudo getent shadow newton sudo passwd newton Type the following commands into your terminal Click to reveal command output (command output will vary) Your output should look similar to this The encrypted password for newton is the second field and begins with a $6$ You can see after changing the password for the user newton that the encrypted password in the shadow file also changes

58 Changing File Permissions
chown OWNER FILE “Change ownership” chgrp GROUP FILE “Change group” chmod MODE[,MODE]… FILE “Change mode” MODE [ugoa][+-=][rwx] User/Group/Other/All +-= Read/Write/eXecute File owner, group, and mode can be changed by the chown, chgrp, and chmod commands. For the chown command type the new owner the file will belong to, followed by the name of the file or directory For the chgrp command type the new group the file will belong to, followed by the name of the file or directory For the chmod command, type the MODE modification command followed by the name of the file or directory The MODE modification command is a u,g,o, or a followed by a +, -, or = followed by a r, w, or x Click to reveal the mode modification command details. u stands for user, g for group, o for other, and a for all. + or – indicates if you want to add or remove permissions r, w and x stands for read write or execute The next slide covers a hands on example

59 Changing File Permissions – Take Notes!
Type the following commands: ls –l pascal.py These permissions are bad sudo chown cyberpatriot pascal.py chgrp users pascal.py The following commands change the ownership and group of the pascal.py file Notice that the pascal.py file poorly chosen owner and group since the file is in your home directory Notice also that anyone can write to the pascal.py file, which is probably not what you want. We have to use sudo to chown pascal.py since we do not own the file But, after we take ownership of the file do not have to use sudo to modify the files group, since we are the owner Click to reveal command output

60 Changing File Permissions
Type the following commands: chmod og-w pascal.py Remove (-) others, groups permission to write chmod o-rx pascal.py Remove (-) others permission to read, execute chmod g+x pascal.py Add (+) groups permission to execute ls –l pascal.py Pascal.py now has a more appropriate user and group, but what about that insecure file mode? Remove (-) the ability for “other” and “group” users to “write” to this file by using the mode modification og-w Click to reveal next step Remove (-) the ability for “other” users to “read” and “execute” this file by using the mode modification o-rx Click to reveal the next step Finally, grant (+) the ability for the “group” to “execute” this file by using the mode modification g+x Click to reveal the ls –l pascal.py command Click to reveal the command results If you do a long listing on the file again, your output should looks similar to this Notice that the user can now read, write, and execute this file The group can now read and execute this file And all other users can no long read, write, or execute this file

61 Ubuntu is based on Debian, which uses apt-get apt-get update
APT Package Manager Ubuntu is based on Debian, which uses apt-get apt-get update Get the latest list of available packages Use before upgrade or dist-upgrade apt-get upgrade Install the newest version of all packages currently installed apt-get dist-upgrade Like upgrade but “smarter” Debian has a great package management system know as APT and pronounced like the word “apt” APT stands for advanced package tool You’ve already interacted with the APT package manger via the GUI apt-get is probably the most widely-used APT command line tool Before you can install the latest updates you have to run apt-get update Now apt-get update doesn’t actually update any software installed on your computer, but it will use your configured software sources and update the list of available software. After you’ve run apt-get update, you can run apt-get upgrade, or better yet use apt-get dist- upgrade instead apt-get upgrade installs the newest version of all the packages currently installed. apt-get dist-upgrade is similar but it more intelligently handles package dependencies, and resolves conflicts better.

62 APT Package Manager apt-get install apt-get remove apt-get purge
Install a new package, including any required dependencies apt-get remove Remove a package, but keep old configuration files apt-get purge Remove a package and remove old configuration files Installing and removing packages from the command line is just as easy. In fact, if you know the name of the package you want to install or remove, it’s usually a lot faster to use the command line commands than the GUI. apt-get install will install a new package, including an required dependencies apt-get remove will remove a currently installed package, but will keep any old configuration files in case you change your mind or want to reinstall the package later. If you’re certain you want to remove ALL of the files, you can use the apt-get purge command which will remove all of the installed package files including any configuration files

63 Installing Packages Install a new, useful software package
sudo apt-get install members Use your new apt skills to install the command members by typing sudo apt-get install members Click to reveal the command output In this case, apt-get get didn’t need to install any additional dependencies, but if it needed to it would have done so automatically after asking you to review and confirm the packages to install Click to reveal the next section Try out your newly installed software by typing the command members calculus As you can see, members prints out the members of a group In this case the group calculus has two members, gauss and euler Try it out by typing members calculus

64 Removing Packages Some companies prohibit network and port scanning utilities, so remove them Type sudo apt-get purge nmap zenmap Press ENTER to continue Often, companies prohibit network scanning and sniffing software on users computers This computer has zenmap installed, which is a graphical front end to the nmap port scanner Remove nmap and zenmap by typing the command sudo apt-get purge nmap zenmap Click to revel the command output Notice that apt-get will ask you to confirm, and notify you that you will have some unnecessary packages installed Press Enter to confirm the removal of these packages.

65 Removing Packages Often you want to also remove any unnecessary dependencies sudo apt-get autoremove Press ENTER to continue We still have some unnecessary packages installed after removing nmap and zenmap Type sudo apt-get autoremove to automatically remove unnecessary packages Be sure to carefully review the packages that will be uninstalled It’s easy to accidentally uninstall important packages (such as your GUI) with autoremove if you don’t carefully review the list of packages Click to review the command output This list of packages to uninstall looks ok so press Enter to continue

66 Activity 4-4: Command Line Lab II
Instructions (Workbook Pages 19-20): Complete the tasks outlined in your workbooks Do not change or delete anything not listed in your workbooks Give students minutes to enter and identify the commands listed on Pages of their workbooks. If time and computer resources allow, have each student complete the activities separately. This activity will run the students through many of the tasks that were outlined in the last sections. This may be a difficult activity for the students because it requires heavy use of the command line. It is recommended that the instructor flips back to slides to help any students who are having trouble with any of the problems. Answer key: lagrange /bin/tcsh 128 newton, euclid, pythagoras ,archimedes, fermat root calculus All users - The owner cyberpatriot, members of the group calculus (gauss, euler), and other users The owner cyberpatriot, and members of the group calculus (gauss, euler). .lorentz

67 Intermediate Ubuntu Security
Spend minutes on Slides Allow an additional minutes for students to first complete the Activity 4-5 Intermediate Ubuntu Security Lab on Slide 73, Student Workbook page 21. 5 minutes to discuss the conclusions on Slide 74. Throughout this section, students should follow along in their Ubuntu Demo Images as you walk them through the intermediate Ubuntu security commands. Intermediate Ubuntu Security

68 Turn off the Guest Account
Turned on by default LightDM: display manager controlling the login screen Type sudo gedit /etc/lightdm/lightdm.conf Add the line allow-guest=false under [Seat:*] Now that you know how to access gedit, we will use it to make our Ubuntu machines more secure. We will begin with turning off the guest account. The Ubuntu guest account works just like the one in Windows. It allows users to log into the operating system without their own account and often without a password. The guest account is turned on by default. It is important to turn this off to reduce the chance of unauthorized access to the computer. To see that the guest account is turned on, go to the top right of the top menu on your Ubuntu desktop and click “cyberpatriot.” The Guest Session should be visible in the dropdown menu. Click to reveal second bullet. To turn off the Guest account, we need to edit a file in the LightDM folder. LightDM is a display manager that displays what the login screen looks like. You will notice that editing a file in this folder is very different from managing accounts in Windows. Enter this command into the Terminal. Make sure you are root authenticated before doing so otherwise, you will not be able to save the file. As you will see, you do not need to access this file with root permissions. After entering this command, you will see the lightdm.conf file in a separate editable window. Click to reveal screenshot and third bullet. Typing this line into this file does exactly what it says it does. It sets the “allow-guest” variable, which controls whether the guest account can be used, to false and denies all access to the account. Restart the Ubuntu Demo Image by clicking the gear button on the right of your desktop’s top menu, going to Shut Down, and then clicking Restart. When your image restarts, click the “cyberpatriot” button on the top-right of your desktop and check whether the Guest Session has been removed from the login screen. Click to reveal last bullet. Sources:

69 Sources: http://xmodulo.com/2013/12/set-password-policy-linux.html,
Password Age Policy In a terminal, type sudo gedit /etc/login.defs Maximum Password Duration: Minimum Password Duration: Password Warning Before Expiration: PASS_MAX_DAYS 90 PASS_MIN_DAYS 5 PASS_WARN_AGE 7 You may have noticed earlier when we were modifying password policy that we neglected to handle a few settings that we were able to set in Windows password policy. Can anyone think of what we have not done yet? Maximum and minimum password age. As a reminder, maximum password age requires users to change their passwords often and minimum password age prevents users from quickly cycling back to their favorite passwords despite the password history policy. To change these settings, we will need to edit a different file than one of the PAM files. This file is called login.defs. Click to reveal instructions for opening the login.defs and screenshot. Students should follow the instructions to open up the file. This file is much longer and more complicated than any of the PAM files we have looked at. We only need to modify three lines of code in this long document. To easily find these lines, click inside the file, hit Ctrl+F and type “pass” or just search the file until you see the Password Aging Controls section. Click to reveal red circle. Here is where we can set the maximum and minimum password duration, as well as the date at which users will be warned about needing to change their password. PASS_MAX_DAYS refers to maximum duration, PASS_MIN_DAYS refers to minimum password duration, and PASS_WARN_AGE refers to the warning date. Does anyone remember what the recommended settings are for these variables? Click to reveal recommended settings. We did not talk about the warning date in Windows, but a good policy is to set this to 7 days, so that users have a full week to receive warnings about needing to change their password. Once you finish adding these lines, save the document and close it. Sources:

70 System Logs Can add different types of logs
Similar to Windows Event Viewer From the Search field, type System Log Four types of logs auth.log: Tracks authentication events dpkg.log: Tracks software events syslog: Tracks operating system events Xorg.0.log: Tracks desktop events Can add different types of logs Does anyone remember what Event Viewer does in Windows? Event Viewer is a security tool that allows you to view records of changes and other events that have happened on your computer. Event Viewer is a key tool for cybersecurity professionals, who use it to monitor system changes, the inner workings, and less visible processes run by a computer. Does anyone remember the type of tasks that the Windows Event Viewer monitored? Examples: Login events, account settings changes (enabling/disabling accounts, changing passwords, etc.), attempts to gain access to sensitive files There is no exact analogue to the Windows Event Viewer in Linux, but the System Log is close. It monitors events occurring on the operating system. Click to reveal instructions for accessing the System Log and screenshot. Click to reveal next bullet and red circle. The system logs monitor four different types of logs by default. You can see these in the panel on the left of the System Log window. Click to reveal sub-bullets and next screenshot. auth.log tracks events that prompt for user passwords. These events include uses of PAM files and the invocation of the sudo command. dpkg.log tracks software events, including installations, updates, and access attempts. Syslog tracks events from the operating system itself, such as error messages and other flags from the system. Xorg.0.log tracks events from the desktop, including GUI events, service changes, and graphic card errors. Click to reveal last bullet. These four logs are the only ones there by default. You can also add different logs to this application like events related to . For example, this machine may have a mail.log in this window. Sources:

71 Audit Policies Unlike Windows, auditing is not set up by default in Ubuntu Three step process Install, type sudo apt-get install auditd Enable: type sudo auditctl –e 1 Modify: type sudo gedit /etc/audit/auditd.conf Who remembers what audit policies do in Windows? Generate events that can be monitored for cybersecurity purposes. Audit policy is not configured by default in Ubuntu. However, it can be set up easily using three commands. Click to reveal second bullet and first step of the process. The first step of the process to set up audit policy is to install this Ubuntu software. This can be accomplished using the apt-get command, which controls software installs and modifications. Typing “apt-get” and then “install” lets the operating system know you want to install a program. “auditd” is the name of the software we need for auditing. Click to reveal second step and screenshot. After installing the program, the next step is to enable audit policy. We do this using the “auditctl” command. (This command does not exist before installing auditd in the previous step.) We then enable the service by using the option “-e 1.” Click to reveal final step and screenshot. Finally, you can view and modify audit policy using the gedit command. We will not delve into this file deeply at this time.

72 Services Can be run in the GUI
To install, type sudo apt-get install bum To run, type sudo bum The final things we will talk about in this module are services. Services in Ubuntu run very similarly to how they do in Windows. They can be turned on and off from the GUI after installing an application for them. Click to reveal second bullet. First we install bum, which is an acronym for Boot Up Manager. Click to reveal third bullet and screenshot. The Boot Up Manager lists all currently running services and allows you to start, stop, and disable all of them on the system. To enable a service, click the checkbox in the column to the left. To start a service, right click the service and select the option to start the service. If a service is started, the light bulb in the right column will be lit up. If it is stopped, the light bulb will be dark. Do you remember from our Windows modules what types of services should not be run? The most insecure services are those that allow remote connections. In many cases, these services have benevolent uses, but they can increase your computer’s vulnerability if they are used by individuals trying to hack your system.

73 Activity 4-5: Intermediate Ubunt
Instructions (Workbook Page 21): Complete the tasks outlined in your workbooks Do not change or delete anything not listed in your workbooks Give students minutes to complete Page 21 of their workbooks. If time and computer resources allow, have each student complete the activities separately. This activity will run the students through many of the tasks that were outlined in the last sections. This may be a difficult activity for the students because it requires heavy use of the command line. It is recommended that the instructor flips back to slides to help any students who are having trouble with any of the problems. Answer key: . Answers should bum, auditd, openssh-server, members, and gufw authentication failure; logname= uid=1021 euid=0 tty=/dev/pts/4 ruser=cyberpatriot rhost= user=root

74 Linux Conclusion Ubuntu and other Linux operating systems are both very similar and very different to Windows operating systems Ubuntu is vulnerable to many of the same problems as Windows systems Securing Ubuntu requires some knowledge of the command line environment What did you learn today? How would you compare the Linux family to Windows operating systems? How would you compare Ubuntu to Windows 7? Click to reveal first conclusion bullet. Click to reveal second conclusion bullet. Click to reveal final conclusion bullet. If the students did not receive significant instructor help when they created their checklist during the Checklist Challenge activity in Module 3, remind them that they should bring their workbooks to use as a reference during the AFA CyberCamp competition.


Download ppt "CyberPatriot Competition!"

Similar presentations


Ads by Google