We have 72 hours will this be done in that time?
Practical Assigning 4: Privileges and LDAP Part 1: UNIX Passwd Suite 1. Open the configuration file [ /etc/defaults/useradd ] a. Note the various options, including the "skel" file location b. *** What is the purpose of the skel file? 2. In the [ /etc/skel ] directory, create two folders, and place a text file in one of those folders. 3. Use the [ useradd ] command to create a new user account called "student2" a. *** list the contents of the student2 user's home directory, and take a screen capture. 4. Open the [ /etc/passwd ] file: a. *** What is your student2 user's ID number and group ID number? 5. open the [ /etc/shadow ] file: a. *** What is your student2 user's password hash? b. *** What is your student user's password hash? (If you use a different account name than "student", use that accounts) Part 2: Privileges 1. Create a file, and note its default permissions. a. *** What does the [ umask ] command do? How is this important for Linux security? 2. Use the [ chown ] command to change the ownership of the file you created to student2 a. *** What command did you use? 3. use the [ chmod ] command to make that file executable by all users. a. *** What command did you use? 4. *** Which files on your system have the SUID bit set? (Note: use the command from the demonstration video to list these files.) Part 3: Access Logs 1. Use the [ last ] command to see your previous successful login attempts. 2. use the command from the lecture/demonstration that will show all failed login attempts, and the IP/FQDN from which they originated. a. *** What was the command you used to generate this list? b. *** Look at some of the failed attempts, and research known vulnerabilies that someone might be trying to exploit with that username. Part 4: PAM 1. *** Which executables have a configuration for PAM (files located in [ /etc/pam.d ])? 2. Open the config file that contains options for passwords. a. *** How do these config options control password policy? b. *** What options would you set to ensure all passwords are at least 8 characters, and contain at least one upper and one lower case letter? Part 5: LDAP 1. Run the following command to install LDAP packages: yum -y install openldap compat-openldap openldap-clients openldap-servers openldap-servers-sql openldap-devel 2. Start and enable LDAP with the following commands: systemctl start slapd systemctl enable slapd 3. Ensure LDAP is listening on TCP port 389: netstat -antup | grep -i 389 4. Set your LDAP admin password, and copy/paste the password hash to use later: slappasswd -h {SSHA} -s ldppassword a. *** What is your password hash? 5. Create a file called [ db.ldif ] with the following contents (replace the '#' synbol with the hash you saved in step 4; example: [ {SSHA}p8d8LwfCnSKeNTbE/kJ9Dn8PWsotue5Z ]): --- Copy Below ------------------------------------- dn: olcDatabase={2}hdb,cn=config changetype: modify replace: olcSuffix olcSuffix: dc=cis285,dc=local dn: olcDatabase={2}hdb,cn=config changetype: modify replace: olcRootDN olcRootDN: cn=ldapadm,dc=cis285,dc=local dn: olcDatabase={2}hdb,cn=config changetype: modify replace: olcRootPW olcRootPW: # --- Copy Above ------------------------------------ 6. Execute the contents of the [ db.ldif ] file: ldapmodify -Y EXTERNAL -H ldapi:/// -f db.ldif 7. Create a file called [ monitor.ldif ]: --- Copy Below ---------------------------------------------------------------------------------- dn: olcDatabase={1}monitor,cn=config changetype: modify replace: olcAccess olcAccess: {0}to * by dn.base="gidNumber=0+uidNumber=0,cn=peercred,cn=external, cn=auth" read by dn.base="cn=ldapadm,dc=cis285,dc=local" read by * none ------------------------------------------------------------------------------------------------- 8. Execute the contents of the [ monitor.ldif ] file: ldapmodify -Y EXTERNAL -H ldapi:/// -f monitor.ldif 9. Copy the contents of the DB_CONFIG.example into your DB_CONFIG with the following two commands: cp /usr/share/openldap-servers/DB_CONFIG.example /var/lib/ldap/DB_CONFIG chown ldap:ldap /var/lib/ldap/* 10. Add your schema (ObjectClass) with the three commands below: ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/schema/cosine.ldif ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/schema/nis.ldif ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/schema/inetorgperson.ldif 11. Create a file called [ base.ldif ] with the contents below: --- Copy Below ----------------------- dn: dc=cis285,dc=local dc: cis285 objectClass: top objectClass: domain dn: cn=ldapadm ,dc=cis285,dc=local objectClass: organizationalRole cn: ldapadm description: LDAP Manager dn: ou=People,dc=cis285,dc=local objectClass: organizationalUnit ou: People dn: ou=Group,dc=cis285,dc=local objectClass: organizationalUnit ou: Group --------------------------------------- 12. Execute the contents of the [ base.ldif ] command: ldapadd -x -W -D "cn=ldapadm,dc=cis285,dc=local" -f base.ldif 13: Create a user file, with "your username", for example, mine is [ brian.ldif ], and change ALL references to username to your username: --- Copy Below ---------------------------------- dn: uid=brian,ou=People,dc=cis285,dc=local<---- change="" [="" brian="" ]="" to="" your="" username!="" objectclass:="" top="" objectclass:="" account="" objectclass:="" posixaccount="" objectclass:="" shadowaccount="" cn:="" brian=""><---- change="" [="" brian="" ]="" to="" your="" username!="" uid:="" brian=""><---- change="" [="" brian="" ]="" to="" your="" username!="" uidnumber:="" 9999="" gidnumber:="" 100="" homedirectory:="" home/brian=""><---- change="" [="" brian="" ]="" to="" your="" username!="" loginshell:="" bin/bash="" gecos:="" brian="" [admin="" (at)="" cis285]=""><---- change="" [="" brian="" ]="" to="" your="" username!="" userpassword:="" {crypt}x="" shadowlastchange:="" 17058="" shadowmin:="" 0="" shadowmax:="" 99999="" shadowwarning:="" 7="" --------------------------------------------------="" 14.="" add="" the="" new="" user="" account="" with="" the="" following="" command:="" ldapadd="" -x="" -w="" -d="" "cn="ldapadm,dc=cis285,dc=local"" -f="" brian.ldif="" ^^^^^^^^^^="" |-----="" step="" 13="" file="" name!="" 15.="" set="" the="" new="" user's="" password:="" ldappasswd="" -s="" password123="" -w="" -d="" "cn="ldapadm,dc=cis285,dc=local"" -x="" "uid="brian,ou=People,dc=cis285,dc=local"" ^^^^^^^^^^^="" ^^^^^="" |-----------="" set="" the="" password!="" |----="" the="" username="" from="" step="" 13!="" 15.="" use="" the="" command="" below="" to="" search="" for="" your="" new="" user:="" ldapsearch="" -x="" cn="brian" -b="" dc="cis285,dc=local" ^^^^^="" |-----="" the="" username="" you="" configured="" in="" step="" 13!="" a.="" ***="" what="" was="" the="" output="" of="" this="" command?="" 16.="" configure="" the="" firewall="" to="" allow="" external="" connections="" to="" tcp/389="" (ldap):="" firewall-cmd="" --permanent="" --add-service="ldap" firewall-cmd="" --reload="" 17.="" configure="" your="" google="" virtual="" firewall="" (vpc-firewall)="" to="" allow="" tcp="" 389="" into="" your="" linux="" vm="" 18.="" install="" and="" configure="" ldapexplorertool="" 2="" on="" a="" windows="" pc:="" a.="" set="" server=""> Server Name to your Linux VMs public IP. b. Set Connection > User DN to "cn=ldapadm,dc=cis285,dc=local" c. Set Connection > Password to the password you configured in Step 4 (the plaintext, not hash). d. Set Connection > Base DN to "dc=cis285,dc=local" 19. Connect to your server with LDAPExplorerTool a. *** Take a screen capture showing your user information in the right pane.