Professional Documents
Culture Documents
Lab 2 - Authentication Authorization Accounting
Lab 2 - Authentication Authorization Accounting
Student ID 21521717
Full name Pham Trong Khanh
Total completion time
Self-assessment grade
Feedback (if any)
Background / Scenario
Computing power and resources have increased tremendously over the last 10 years. A benefit of having
multicore processors and large amounts of RAM is the ability to use virtualization. With virtualization, one or
more virtual computers can operate inside a single physical computer. Virtual computers that run within
physical computers are called virtual machines. Virtual machines are often called guests, and physical
computers are often called hosts. Anyone with a modern computer and operating system can run virtual
machines.
A virtual machine image file has been created for you to install on your computer. In this lab, you will
download and import this image file using a desktop virtualization application, such as VirtualBox.
Required Resources
Computer with a minimum of 2 GB of RAM and 8 GB of free disk space
High speed Internet access to download Oracle VirtualBox and the virtual machine image file
Note: The image file is about 2.5 GB, and can grow up to 5 GB after the virtual machine is in operation. While
you can delete the image file after the virtual machine is imported, the 8 GB free disk space requirement is for
users who decide to keep the image file.
Note: To install and run 64bit virtual machines on a host physical computer, the computer needs to be a 64bit
system and have hardware virtualization technology enabled in BIOS. If you are unable to install the virtual
machine image you may need to reboot your computer and enter setup mode in BIOS to enable hardware
virtualization technology under advanced system settings.
© 2022 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 1 of 30
Lab – Authentication, Authorization, and Accounting and Detecting Threats and Vulnerabilities
a. Navigate to http://www.oracle.com/technetwork/server-storage/virtualbox/downloads/index.html.
b. Choose and download the appropriate installation file based on your operating system.
c. When you have downloaded the VirtualBox installation file, run the installer and accept the default
installation settings.
© 2022 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 2 of 30
Lab – Authentication, Authorization, and Accounting and Detecting Threats and Vulnerabilities
operate the guest operating system. Your host operating system will no longer detect keystrokes or mouse
movements. Press the right CTRL key to return keyboard and mouse focus to the host operating system.
Reflection
What are the advantages and disadvantages of using a virtual machine?
You can test new programs or operating systems on a virtual computer without compromising your host PC.
When you close a virtual machine, you can also save the current machine state. If you run into any problems,
you can restore the virtual machine to a previously stored state. A virtual machine, on the other hand, requires
the host system's hardware resources, such as hard drive space, RAM, and processor power.
______________________________________________________________________________________
_______________________________________________________________________________________
_______________________________________________________________________________________
© 2022 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 3 of 30
Lab – Authentication, Authorization, and Accounting and Detecting Threats and Vulnerabilities
_______________________________________________________________________________________
© 2022 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 4 of 30
Lab – Authentication, Authorization, and Accounting and Detecting Threats and Vulnerabilities
Background / Scenario
You will be conducting host security practices using the Linux command line by performing the following
tasks:
Adding Groups, Users, and Passwords
Verifying Groups, Users, and Passwords
Setting Symbolic Permissions
Setting Absolute Permissions
Required Resources
PC with Ubuntu 16.0.4 LTS installed in a VirtualBox or VMware virtual machine.
© 2022 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 5 of 30
Lab – Authentication, Authorization, and Accounting and Detecting Threats and Vulnerabilities
Step 2: Escalate privileges to the root level by entering the sudo su command. Enter the
password password when prompted.
cisco@ubuntu:~$ sudo su
Step 3: Add a new group named HR by entering the command groupadd HR.
root@ubuntu:/home/cisco# groupadd HR
© 2022 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 6 of 30
Lab – Authentication, Authorization, and Accounting and Detecting Threats and Vulnerabilities
The new group HR will be added to the bottom of the /etc/group file with a group ID = __1001__________
© 2022 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 7 of 30
Lab – Authentication, Authorization, and Accounting and Detecting Threats and Vulnerabilities
[Screenshot]
© 2022 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 8 of 30
Lab – Authentication, Authorization, and Accounting and Detecting Threats and Vulnerabilities
© 2022 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 9 of 30
Lab – Authentication, Authorization, and Accounting and Detecting Threats and Vulnerabilities
- Explain the meaning of each field in the user A’s line (All fields are separated by a colon (:) symbol).
khanhh: user name
x: Holding place for the user’s “encrypted password.” Traditionally, this field actually stored the user’s
encrypted password. Modern Unix systems store encrypted passwords in a separate file (the shadow
password file) that can be accessed only by privileged users.
1001: User’s user identification number (UID).
1002: User’s group identification number (GID).
pham trong khanh: user’s full name
/home/khanh: user directory
/bin/blash: user’s shell
_______________________________________________________________________________
_______________________________________________________________________________
_______________________________________________________________________________
_______________________________________________________________________________
© 2022 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 10 of 30
Lab – Authentication, Authorization, and Accounting and Detecting Threats and Vulnerabilities
- Explain the meaning of each field in the user joe’s line (All fields are separated by a colon (:) symbol).
- How the password was stored in Ubuntu OS? Could you find the password of joe using these fields in
the shadow file?
Joe: username
$6$jrWmjYOm18nPWgl3$Z/XpmSkLK5hbyDSVsiV.S5FPKdo9FbxxeE/
qmJ9ciq440GKZVMind9JHF66Gd1lN/wNJn103WrRNyIPmgts3Z/: encrypted password. The
password should be minimum 8-12 characters long including special characters, digits, lower case
alphabetic and more
19077: Last password change (lastchanged): Days since Jan 1 1970, that password was
last changed
0: The minimum number of days required between password changes i.e., the number of days left
before the user is allowed to change his/her password
99999: The maximum number of days the password is valid (after that user is forced to change
his/her password)
7: The number of days before password is to expire that user is warned that his/her password must
be changed______________________________________________________________________
_______________________________________________________________________________
_______________________________________________________________________________
_______________________________________________________________________________
_______________________________________________________________________________
_______________________________________________________________________________
_______________________________________________________________________________
© 2022 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 11 of 30
Lab – Authentication, Authorization, and Accounting and Detecting Threats and Vulnerabilities
Note: If you are unable to use tty1 terminal, return to graphical user interface (GUI) of the host by using
CTRL+ALT+F7 and open a terminal window in the GUI Ubuntu OS. At the prompt, enter su –l [user A] at the
prompt and enter the password. Proceed to Step 4.
Example: cisco@ubuntu:~$ su –l jenny
Step 2: Once on the Terminal login screen, type [user A] and press Enter.
Step 3: When prompted for the password, type the password and press Enter.
Step 4: After a successful login, you will see the [user A]@ubuntu:~$ prompt.
[Screenshot]
© 2022 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 12 of 30
Lab – Authentication, Authorization, and Accounting and Detecting Threats and Vulnerabilities
- What is the difference between $ and # signs (in the previous part) on the left of the blinking cursor?
$ means you are normal user
# means you are system adminstator__________________________________________________
_______________________________________________________________________________
_______________________________________________________________________________
© 2022 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 13 of 30
Lab – Authentication, Authorization, and Accounting and Detecting Threats and Vulnerabilities
© 2022 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 14 of 30
Lab – Authentication, Authorization, and Accounting and Detecting Threats and Vulnerabilities
The Linux operating system has a total of 10 letters or dashes in the permissions fields:
o The first field is a dash for a file an a d for a directory
nd th
o The 2 through 4 fields are for the user
th th
o The 5 through 7 fields are for the group
th th
o The 8 through 10 fields are for others (accounts other than those in the group)
© 2022 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 15 of 30
Lab – Authentication, Authorization, and Accounting and Detecting Threats and Vulnerabilities
jenny@ubuntu:/home$ cd joe
Step 9: Press and hold CTRL+ALT+F2 to switch to another Terminal session (tty2).
Step 10: Login as the user root with the password secretpassword.
Note: If you are unable to use tty2 terminal, return to graphical user interface (GUI) of the host by using
CTRL+ALT+F7 and open a terminal window in the GUI Ubuntu OS. At the prompt, enter sudo -i at the
prompt and enter the password password.
Step 12: Change the “other” permission on joe’s folder by making it non-executable.
root@ubuntu:/home# chmod o-x joe
© 2022 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 16 of 30
Lab – Authentication, Authorization, and Accounting and Detecting Threats and Vulnerabilities
Step 13: List the directories once more with their respective permissions.
root@ubuntu:/home# ls -l
[Screenshot]
Notice now that there are two dashes in the “others” field for joe’s folder.
Step 14: Press and hold CTRL+ALT+F1 to switch back to the other Terminal session (tty1).
Make sure you are viewing the following command prompt: jenny@ubuntu:/home$.
© 2022 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 17 of 30
Lab – Authentication, Authorization, and Accounting and Detecting Threats and Vulnerabilities
The chart below shows examples of other ways the chmod command can be used:
chmod u+rwx Adds read, write, and execute permissions for the user
chmod u+rw Adds read and write permission for the user
Step 16: Type exit followed by pressing Enter to logout of the Terminal session.
Note: If you are unable to use tty1 terminal, return to graphical user interface (GUI) of the host by using
CTRL+ALT+F7 and open a terminal window in the GUI Ubuntu OS. At the prompt, enter sudo –l joe at
the prompt and enter the password tooth.
© 2022 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 18 of 30
Lab – Authentication, Authorization, and Accounting and Detecting Threats and Vulnerabilities
Step 4: List all directories and their permissions in the current working directory.
joe@ubuntu:/home~$ ls -l
[Screenshot]
© 2022 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 19 of 30
Lab – Authentication, Authorization, and Accounting and Detecting Threats and Vulnerabilities
Notice that Joe’s folder is set so that “others” are not able to access the folder.
The other way of assigning permissions besides using symbolic permissions is the use of absolute
permissions. Absolute permissions use a three digit octal number to represent the permissions for owner,
group and other.
The table below outlines each absolute value and its corresponding permissions:
Number Permissions
1 Execute
0 None
By typing the command chmod 764 examplefile, the examplefile will be assigned the follow permissions:
o The user will get read, write and execute permissions
o The group will get read and write permissions
o Others will get read access
© 2022 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 20 of 30
Lab – Authentication, Authorization, and Accounting and Detecting Threats and Vulnerabilities
1-Read 1-Write
7 (user) 111
1-Execute
1-Read 1-Write
6 (group) 110
0-No Execute
1-Read
4 (others) 100 0-No Write
0-No Execute
Step 5: Modify the “others” field for Joe’s folder so that others will be able read and execute
but not write while still maintaining the “user” field to read, write, and execute.
- Which command can be used? joe@ubuntu:/home$ chmod 705 joe__________________________
[Screenshot]
Step 6: List the file permissions of the current directory to see that the absolute changes were
made.
joe@ubuntu:/home$ ls -l
[Screenshot]
© 2022 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 21 of 30
Lab – Authentication, Authorization, and Accounting and Detecting Threats and Vulnerabilities
Note: If you are unable to use tty1 terminal, return to graphical user interface (GUI) of the host by using
CTRL+ALT+F7 and open a terminal window in the GUI Ubuntu OS. At the prompt, enter su –l [user A] at the
prompt and enter the password.
Example: User A is jenny
© 2022 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 22 of 30
Lab – Authentication, Authorization, and Accounting and Detecting Threats and Vulnerabilities
cisco@ubuntu:~$ su –l jenny
Step 11: Change to the /home/joe directory and list the content of the directory.
jenny@ubuntu:/home$ cd joe
jenny@ubuntu:/home/joe$ ls -l
[Screenshot]
© 2022 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 23 of 30
Lab – Authentication, Authorization, and Accounting and Detecting Threats and Vulnerabilities
Notice that we are able to enter Joe’s folder and read the files within the directory. We are able to see the
test.txt file.
© 2022 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 24 of 30
Lab – Authentication, Authorization, and Accounting and Detecting Threats and Vulnerabilities
© 2022 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 25 of 30
Lab – Authentication, Authorization, and Accounting and Detecting Threats and Vulnerabilities
Background / Scenario
Network Mapper, or Nmap, is an open-source utility used for network discovery and security auditing.
Administrators also use Nmap for monitoring hosts or managing service upgrade schedules. Nmap
determines what hosts are available on a network, what services are running, what operating systems are
running, and what packet filters or firewalls are running.
Required Resources
PC with Ubuntu 16.0.4 LTS installed in a virtual machine - you can use the VM from labs completed in lab
2.1
© 2022 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 26 of 30
Lab – Authentication, Authorization, and Accounting and Detecting Threats and Vulnerabilities
© 2022 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 27 of 30
Lab – Authentication, Authorization, and Accounting and Detecting Threats and Vulnerabilities
© 2022 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 28 of 30
Lab – Authentication, Authorization, and Accounting and Detecting Threats and Vulnerabilities
Using the –sV switch with the nmap command performs a version detection which you can use to
research vulnerabilities.
© 2022 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 29 of 30
Lab – Authentication, Authorization, and Accounting and Detecting Threats and Vulnerabilities
You captured the SSH keys for the host system. The command runs a set of scripts built into Nmap to test
specific vulnerabilities.
References
Nmap: https://nmap.org/
© 2022 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 30 of 30