Scribd
Upload
2 views11 pages

Lab 3

The document outlines a lab exercise focused on securing user accounts in a Linux environment. It includes steps for assigning limited sudo privileges, disabling the sudo timer, setting password complexity criteria, managing account expiration dates, and preventing brute-force password attacks. Additionally, it provides instructions for detecting compromised passwords using a script.

Uploaded by

Ái Lê
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
2 views11 pages

Lab 3

The document outlines a lab exercise focused on securing user accounts in a Linux environment. It includes steps for assigning limited sudo privileges, disabling the sudo timer, setting password complexity criteria, managing account expiration dates, and preventing brute-force password attacks. Additionally, it provides instructions for detecting compromised passwords using a script.

Uploaded by

Ái Lê
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 11

LAB 3 - Securing administrative and normal user accounts

1. Assigning Limited Sudo Privileges


Step 1: Log in to the CentOS7 virtual machine and create user accounts for Lionel,
Katelyn, and Maggie:

Step 2: Open visudo :


Step 3: Add the following lines to the end of the file, using tabs to separate the columns:
Step 4: To save time, we’ll use su to log in to the different user accounts.
2. Disabling the Sudo Timer:
Step 1: Log in to the same AlmaLinux virtual machine
Step 2: At your own user account command prompt, enter the following commands:
Step 3: At your own user account command prompt, run the following:

3. – Setting password complexity criteria


Step 1: For Ubuntu only, install the libpam-pwquality package:
Step 2: Open the /etc/security/pwquality.conf file in your preferred text editor.

Step 3: Save the file and exit the editor.


Step 4: Create a user account for Goldie and attempt to assign her the passwords
turkeylips, TurkeyLips , and Turkey93Lips.
Step 5: In the pwquality.conf file, comment out the minlen line.

Step 6: Save the file and exit the text editor


Step 7: Try assigning various passwords that don’t meet the complexity criteria that
you’ve set to Goldie’s account and view the results.
4. – Setting account and password expiry data
Step 1: create a user account for Samson with the expiration date of June 30, 2025, and
view the results:

Step 3: Use usermod to change Samson’s account expiration date to July 31, 2025:
Step 4: Assign a password to Samson’s account, then force him to change his password
on his first login.

5. – Preventing brute-force password attacks by configuring pam_faillock


on Ubuntu
1. Open the /etc/pam.d/common-auth file in your favorite text editor.
2. Open the /etc/pam.d/common-account file in your text editor
6. Detecting compromised passwords
1. Use curl to see how many passwords there are with the 21BD1 string in their
password hashes:

2. In the home directory of any of your Linux virtual machines, create the
pwnpassword.sh script with the following content:
3. Add the executable permission to the script:

4. Run the script, specifying TurkeyLips as a password:

You might also like