Scribd
Upload
9 views13 pages

Lec3 4

Uploaded by

bnhatm216
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
9 views13 pages

Lec3 4

Uploaded by

bnhatm216
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 13

Manage user accounts and groups

Managing user accounts and groups is a process that includes creating, managing,
and deleting accounts and groups to determine permissions and organize work.
What Are User Accounts and Groups?
User account:
Represents a person or process running on the system.
Group:
An entity that brings together multiple users to facilitate the management of
permissions.
View user list:

View list of groups:

Guidelines for Managing User Accounts

 Choose unique and easy names.


 Identify unique UID numbers.
 Set up a Home folder for each user.
Add a user named "cyber":

Set up a password:

Set up password policies


File responsible for preparing policies:
/etc/login.defs
This file contains general settings related to passwords, such as length, minimum and
maximum password age
Most important password settings:
Set minimum password length:

Find the line:


PASS_MIN_LEN 8
Change the number to the minimum required (eg 12).
Minimum and maximum password age:

View user password settings:

Set password age:

Disabling a user account after the password has expired:

Add a new group:

Add a user to a group:

Change username:
Lock a user account:

Unlock a user account:

View the groups a user belongs to:

Remove a user from a group:


You need to manually edit the /etc/group file with a text editor like nano:

Change a group name:

Add user to sudo group:


First, you can add the user to the sudo group, which is the group that grants root
privileges via sudo

Grant full privileges to the user:


Inside /etc/sudoers, look for the line that allows users in the sudo group to use
sudo. You should see a line similar to this:
%sudo ALL=(ALL:ALL) ALL

Delete group:

Delete user:
Delete a user without deleting their personal directory:
Delete a user and delete their personal directory:

Permissions management
Change ownership of files and folders:

Change ownership group:

Change file permissions:

User ID Numbers (UIDs)


UID is the user ID number and must be unique
View a list of UIDs

Brute Force attack simulation


Brute Force is an attempt to guess passwords using a large number of attempts.
Hydra supports several protocols such as:

 SSH
 FTP
 HTTP
 RDP
For the purposes of this tutorial, we'll be using the SSH protocol.
Simulation tool:
Use a tool like hydra to simulate the attack.

Carrying out the attack on a user account (Cyber2):


Create a password file to try:
Or the list of built-in passwords in Kali Linux:

Get the IP address of the target device. You can use:

You might also like