-
Notifications
You must be signed in to change notification settings - Fork 2
/
evalknowledge.txt
97 lines (81 loc) · 4.58 KB
/
evalknowledge.txt
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
##################################
# Part one: Evaluation Q&A #
##################################
!GOOGLE IT IF YOU WANT MORE!
Q: Why Debian?
A: It's easier to install and configure than CentOS (and i haven't use CentOS befoe)
Q: What is virtual machine?
A: A Virtual Machine (VM) is a compute resource that uses software instead of a physical computer to run programs and deploy
apps. Each virtual machine runs its own operating system and functions separately from the other VMs, even when they are all
running on the same host. For example, you can run a virtual MacOS machine on a physical PC.
Q: What it's purpose?
A: VMs may be deployed to accommodate different levels of processing power needs, to run software that requires a different
operating system, or to test applications in a safe, sandboxed environment.
Q: How does it works?
A: VM working through "Virtualization" technology. Virtualization uses software to simulate virtual hardware that allows
VMs to run on a single host machine.
Q: Diff between aptitude and apt?
A: Aptitude is a high-level package manager while APT is lower-level package manager which can be used by other
higher-level package managers
(read more: https://www.tecmint.com/difference-between-apt-and-aptitude/)
Q: What is AppArmor?
A: AppArmor ("Application Armor") is a Linux kernel security module that allows the system administrator to restrict programs'
capabilities with per-program profiles.
(read more: https://en.wikipedia.org/wiki/AppArmor)
Q: What is SSH?
A: SSH, also known as Secure Shell or Secure Socket Shell, is a network protocol that gives users, particularly system
administrators, a secure way to access a computer over an unsecured network.
(read more: https://searchsecurity.techtarget.com/definition/Secure-Shell)
/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\
| You have to create a new user here. |
| $ sudo adduser username | <- creating new user (yes (no))
| $ sudo chage -l username | <- Verify password expire info for new user
| $ sudo adduser username sudo |
| $ sudo adduser username user42 | <- assign new user to sudo and user42 groups
\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/
Q: How your script works?
A: ... README.md
##################################
# Part two: What to check? #
##################################
|***************************************|
| 1) lsblk 1 <- Check partitions
| 2) sudo aa-status 2 <- AppArmor status
| 3) getent group sudo 3 <- sudo group users
| 4) getent group user42 4 <- user42 group users
| 5) sudo service ssh status 5 <- ssh status, yep
| 6) sudo ufw status 6 <- ufw status
| 7) ssh username@ipadress -p 4242 7 <- connect to VM from your host (physical) machine via SSH
| 8) nano /etc/sudoers.d/<filename> 8 <- yes, sudo config file. You can $ ls /etc/sudoers.d first
| 9) nano /etc/login.defs 9 <- password expire policy
| 10) nano /etc/pam.d/common-password 10 <- password policy
| 11) sudo crontab -l 11 <- cron schedule
|***************************************|
I think this one need an addition to make it more easy to pass evaluation. So, here we are on our checklist and his commands.
How to change hostname?
[$sudo nano /etc/hostname]
Where is sudo logs in /var/log/sudo?
[$cd /var/log/sudo/00/00 && ls]
You will see a lot of directories with names like 01 2B 9S 4D etc. They contain the logs we need.
[$ sudo apt update]
[$ ls]
Now you see that we have a new directory here.
[$ cd <nameofnewdirectory> && ls]
[$ cat log] <- Input log
[$ cat ttyout] <- Output log
How to add and remove port 8080 in UFW?
[$ sudo ufw allow 8080] <- allow
[$ sudo ufw status] <- check
[$ sudo ufw deny 8080] <- deny (yes yes)
How to run script every 30 seconds?
[$ sudo crontab -e]
Remove or commit previous cron "schedule" and add next lines in crontab file
|*************************************************|
| */1 * * * * /path/to/monitoring.sh |
| */1 * * * * sleep 30s && /path/to/monitoring.sh |
|*************************************************|
To stop script running on boot you just need to remove or commit
|********************************|
| @reboot /path/to/monitoring.sh |
|********************************|
line in crontab file.