CS558 - Cybersecurity Essentials

Lab - 1 (Weightage - 2%)

Linux commands lab (23 marks)

You are required to explore the commands provided in the given files and analyze their
functionality. Additionally, You need to submit it in a report combining terminal screenshots.
Document when it is asked to do.

Objective:

To familiarize students with the basic and advanced Linux commands for file manipulation,
system navigation, process management, and network troubleshooting.

Prerequisites:

● Basic understanding of terminal and Linux operating systems (Commands are for
ubuntu).
● Access to a Linux-based system or a virtual machine running Linux.

[ Note: VM creation and install a linux operating system such as ubuntu

○ Download the latest version of Ubuntu Desktop.

○ Install VirtualBox on your computer.
○ Create a new virtual machine and install Ubuntu.]

Lab Exercise:

Part 1: Navigation and File Management [2 marks]

● Explore the file system: (Terminal screenshots)

○ Use the pwd command to display the current working directory.
○ List all files and directories using ls (try using ls -l for detailed information).
○ Use cd to navigate between directories:
■ cd /home (navigate to the home directory)
■ cd .. (move up one directory level)
■ cd ~ (navigate to the home directory)
● Explore the Linux Filesystem Hierarchy
● Using a Linux system (physical or virtual), open a terminal.
● Navigate through key directories (/bin, /etc, /var, /usr, /home, etc.).
○ Identify the types of files found in each directory and document
what each directory is used for.
 ● Create, view, and delete files and directories: (Terminal screenshots)
○ Create a new directory named LabExercise using mkdir LabExercise.
○ Navigate to this directory (cd LabExercise).
○ Create a new file named testfile.txt using the touch command.
○ View the contents of the file (use cat, less, or more).
○ Write a few lines to the file using echo "Text goes here" > testfile.txt.
○ Append more text using echo "Additional line" >> testfile.txt.
○ Delete the file using rm testfile.txt.
○ Delete the directory using rmdir LabExercise.

mkdir LabExercise # Create a new directory

cd LabExercise # Navigate to the directory

touch testfile.txt # Create a new file named testfile.txt

cat testfile.txt # View the contents of the file (initially empty)

echo "Text goes here" > testfile.txt # Write a few lines to the file

echo "Additional line" >> testfile.txt # Append more text to the file

rm testfile.txt # Delete the file

cd .. # Navigate back to the parent directory

rmdir LabExercise # Delete the directory

Part 2: File Permissions (Terminal screenshot) [1 mark]

● Understanding File Permissions:

○ Use ls -l to view file permissions.
○ Use chmod to change file permissions:
■ Set the file permissions of testfile.txt to rw-r--r-- using chmod 644
testfile.txt.
■ Set the file permissions of testfile.txt to rwxr-xr-x using chmod 755
testfile.txt.

Step 1: View the initial file permissions

ls -l testfile.txt

Step 2: Change permissions to rw-r--r-- (644)

chmod 644 testfile.txt

 ls -l testfile.txt Verify

Step 3: Change permissions to rwxr-xr-x (755)

chmod 755 testfile.txt

ls -l testfile.txt Verify

Step 4: Change permissions to r--r--r-- (444)

chmod 444 testfile.txt

ls -l testfile.txt Verify

Step 5: Change permissions to rw-rw-rw- (666)

chmod 666 testfile.txt

ls -l testfile.txt Verify

Step 6: Change permissions to rwxrwx--- (770)

chmod 770 testfile.txt

ls -l testfile.txt Verify

● Change file ownership:

○ Change the owner of testfile.txt using chown:
■ sudo chown username:groupname testfile.txt (replace username and
groupname with valid values).

Step 1: Check the current ownership of the file

ls -l testfile.txt

Step 2: Change the ownership of the file (replace 'username' and 'groupname'
with actual values)

sudo chown username:groupname testfile.txt

Step 3: Verify the ownership change

ls -l testfile.txt
Just replace username and groupname with valid values for your system (e.g., faculty:students).
After running these commands, the ownership of testfile.txt will be updated, and the ls -l
command will show the new owner and group.

Document

● Set the file permissions of testfile.txt so that the owner can read and write, the
group can read, and others have no permissions.
● Add the setgid bit to a directory named shared to ensure new files inherit the
group.
● Set an ACL on example.txt to grant read permission to a user named alice.

Step 1: Set the file permissions of testfile.txt

chmod 640 testfile.txt

ls -l testfile.txt # Verify the permission change

Step 2: Add the setgid bit to the directory shared

chmod g+s shared

ls -ld shared # Verify the setgid bit

Step 3: Set an ACL on example.txt to grant read permission to user alice

setfacl -m u:alice:r example.txt

getfacl example.txt # Verify the ACL

These commands will:

● Set testfile.txt to rw-r-----,

● Ensure the shared directory inherits the group for new files via the setgid bit, and
● Grant alice read access to example.txt using ACL.

Part 3: Process Management (Terminal screenshot) [1 mark]

1. View Running Processes:

○ List running processes using ps and top.
○ Use ps aux to display all running processes.
 ○ Use top for an interactive process monitor. Learn how to quit top by pressing q.

# Step 1: List running processes using ps aux

ps aux

# Step 2: Use top for an interactive process monitor

top

# To quit top, press 'q'

2. Managing Processes: (<PID> process id)

○ Kill a process using kill and kill -9 (e.g., kill -9 <PID>).
○ Use & to run a command in the background (e.g., sleep 100 &).
○ Use fg and bg to manage background and foreground tasks.

# Run a process in the background

sleep 100 &

# List the jobs to see background processes

jobs

# Bring the background job to the foreground

fg %1

# Send the current foreground job to the background

Ctrl+Z

bg

# Kill a process with PID 1234

kill 1234

kill -9 1234

Part 4: Searching and Redirection (Terminal screenshot) [1 mark]

 ● Searching Files:
○ Search for a specific file in a directory using find (e.g., find . -name testfile.txt).
○ Search for a string within a file using grep (e.g., grep "Text" testfile.txt).

# Step 1: Search for a specific file in a directory using find

find . -name testfile.txt # Search for 'testfile.txt' in the current directory and
subdirectories

# Step 2: Search for a string within a file using grep

grep "Text" testfile.txt # Search for the string "Text" within 'testfile.txt'

● find . -name testfile.txt searches for a file named testfile.txt starting from the current
directory (.) and includes all subdirectories.
● grep "Text" testfile.txt searches for the string "Text" inside the file testfile.txt.

● Redirection:
○ Use > to redirect the output of a command to a file (e.g., echo "Hello, Linux" >
output.txt).
○ Use >> to append output to an existing file.
○ Redirect both standard output and error output using 2>&1.

# Step 1: Redirect the output of a command to a file using >

echo "Hello, Linux" > output.txt # Redirects the output of echo to 'output.txt'

# Step 2: Append output to an existing file using >>

echo "New line of text" >> output.txt # Appends text to 'output.txt'

# Step 3: Redirect both standard output and error output using 2>&1

command > output.txt 2>&1 # Redirects both stdout and stderr of 'command' to
'output.txt'

Explanation:

● >: Redirects the output of a command to a file, overwriting the file if it already exists.
 ● >>: Appends the output of a command to the end of an existing file.
● 2>&1: Redirects both standard output (stdout) and error output (stderr) to the same file
or stream. Here, 2 represents stderr, 1 represents stdout, and >&1 redirects stderr to
stdout.

Part 5: Network Troubleshooting (Terminal screenshot) [1 mark]

1. Network Commands:
○ Check the IP address of your system using ifconfig or ip a.
○ Ping a remote server (e.g., ping google.com) to check network connectivity.
○ Use netstat to view open network connections (e.g., netstat -tuln).

# Step 1: Check the IP address of your system using ifconfig

ifconfig # Display network configuration including IP address

# Alternatively, use ip a to check the IP address

ip a # Display IP address and network information

# Step 2: Ping a remote server to check network connectivity

ping google.com # Check network connectivity by pinging google.com

# Step 3: Use netstat to view open network connections

netstat -tuln # Display open TCP/UDP ports and listening connections

Explanation:

● ifconfig or ip a: These commands display the network configuration, including your

system's IP address.
● ping google.com: Sends ICMP packets to google.com to check if your system can
reach the remote server.
● netstat -tuln: Displays active network connections, including listening ports for TCP (t),
UDP (u), and other networking protocols, without resolving domain names (n). The l flag
shows only listening connections.

Part 6: Advanced Commands (Terminal screenshot) [1 marks]

● Create a symbolic link:

 ○ Create a symbolic link to a file using ln -s (e.g., ln -s testfile.txt symlink.txt).
○ Verify the link using ls -l.

# Step 1: Create a symbolic link to a file using ln -s

ln -s testfile.txt symlink.txt # Creates a symbolic link 'symlink.txt' pointing to 'testfile.txt'

# Step 2: Verify the symbolic link using ls -l

ls -l symlink.txt # Display details of 'symlink.txt' to confirm it's a symbolic link

● Archive and Compress Files:

○ Create a tar archive of the directory using tar -cvf archive.tar directory_name/.
○ Compress the archive using gzip (e.g., gzip archive.tar).
○ Extract the contents using tar -xvf archive.tar.

# Step 3: Create a tar archive of the directory

tar -cvf archive.tar directory_name/ # Creates a tar archive 'archive.tar' from
'directory_name'
# Step 4: Compress the archive using gzip
gzip archive.tar # Compress 'archive.tar' into 'archive.tar.gz'
# Step 5: Extract the contents using tar
tar -xvf archive.tar # Extracts the contents of 'archive.tar' (without
decompression)
ln -s: Creates a symbolic (soft) link, where testfile.txt is the target, and symlink.txt is the
link.
tar -cvf: Creates a .tar archive of the specified directory.
gzip: Compresses the .tar file, creating a .tar.gz archive.
tar -xvf: Extracts the contents of a .tar archive (use gzip -d or gunzip to decompress if
needed).

Part 7: Command Line Basics (Terminal screenshot and document scripts.) [4 marks]

1. Use the command line to navigate to your home directory and create a subdirectory
named LinuxPractices.
2. Inside LinuxPractices, create a file named practice.txt, and enter some text into it using a
command line text editor (like nano or vi).
3. List all files in the LinuxPractices directory showing detailed information and redirect this
output to a file named details.txt.
4. Use command line tools to display the contents of practice.txt on the terminal.
 5. Write a script that creates a backup of all .txt files in your Documents directory and
stores them in a Backup directory. Ensure the script checks if the Backup directory exists
and creates it if it does not.
6. The script should log each file it backs up with a timestamp in a log file named
backup.log.
7. Write a shell script that updates the system, cleans up temporary files, and shows
system information such as disk usage and memory usage. This script should log its
operations in a system log file.
8. Include error handling in the script to manage any potential failures during execution.
9. Write a script that requires administrator privileges, checks for them at the start, and
exits with an appropriate message if not run as root.
10. Include comments in your script to explain each section of the code and ensure it
adheres to best practices for security and performance.

Part 8: Basic Network Configuration (Terminal screenshot ) [2 marks]

1. Configure a static IP address on a network interface using the ip command.

2. Display the current network configuration and save the output to a file.
3. Test connectivity to an external server using the ping command.

Part 9: Basic User and Group Management (Terminal screenshot and document scripts.) [2 marks]

1. Create a new user account named johndoe with a home directory and a default shell of
/bin/bash.
2. Add the user johndoe to a new group named developers.
3. Change the username johndoe to johnsmith.
4. Delete the user johnsmith and ensure their home directory is removed.

Part 10: Monitoring and Managing Processes (Terminal screenshot and document scripts.) [2
marks]

1. Use the ps command to list all processes and save the output to a file named
ps_output.txt.
2. Install htop (if not already installed) and use it to monitor processes interactively.
3. Use the kill command to terminate a process by its PID (use a harmless process for this
task, such as a dummy script).
4. Change the priority of a running process using the renice command.

Part 11: Using System Monitoring Tools (Terminal screenshot and document scripts.) [2 marks]
To monitor system performance using essential Linux monitoring tools.
1. Use the vmstat command to monitor system performance for 1 minute with 5-second
intervals. Save the output to a file named vmstat_output.txt.
 2. Use the iostat command to monitor disk I/O statistics every 10 seconds for 1 minute.
Save the output to a file named iostat_output.txt.
3. Install htop (if not already installed) and take a screenshot of htop running, showing CPU
and memory usage.
4. Use the mpstat command to monitor CPU usage per core every 5 seconds for 1 minute.
Save the output to a file named mpstat_output.txt.

Part 12: Configuring and Managing Logs (Terminal screenshot and document scripts.) [2 marks]

1. Configure rsyslog to log all authentication events (auth,authpriv.) to a custom log file
named /var/log/auth_custom.log.
2. Create a logrotate configuration that rotates /var/log/auth_custom.log daily, keeps 7 days
of logs, and compresses old logs.
3. Test the logrotate configuration using the logrotate command and provide the output.

Part 13: Analyzing and Searching Logs (Terminal screenshot and document scripts.) [2 marks]

1. Use grep to search for all failed SSH login attempts in /var/log/auth.log and save the
results to a file named ssh_failed_attempts.txt.
2. Use awk to extract and count the IP addresses involved in failed SSH login attempts.
Save the results to a file named failed_ips_count.txt.
3. Use sed to anonymize (replace with "REDACTED") a specific IP address (of your
choice) in /var/log/auth.log and save the modified log to a new file named
auth_redacted.log.
4. Use journalctl to display all systemd logs related to the sshd service for the last 24 hours.
Save the output to a file named sshd_journal.log.

----------------------------------------------------------------------------------------------------------------------
----------------------------------------------------------------------------------------------------------------------
----------------------------------------------------------------------------------------------------------------------
------------------------------------------------------------------------------------------------------------------