Aufgabe Security Audit für Kuno

Part 1: Security Audit Preparation

⏱️ Duration: 25 minutes

Create an audit directory structure

sudo mkdir -p /audit/{logs,reports,backups,scripts}
sudo mkdir -p /audit/logs/{user_activity,permission_changes,system_access}

User Account Audit

1. Find all users with sudo privileges

grep -Po '^sudo.+:\K.*$' /etc/group

1. List all users with their UID and home directory

cat /etc/passwd | cut -d: -f1,3,6

1. Find users who haven't changed their password recently

sudo cat /etc/shadow | cut -d: -f1,3

1. Create a custom report file

Create: /audit/reports/user_audit_$(date +%Y%m%d).txt

Requirements:

• Include: username, UID, group memberships, home directory, login shell

• Use redirection: command > file.txt

Part 2: Permission Security Scan

⏱️ Duration: 30 minutes

Dangerous Permission Detection

1. Find all world-writable files (security risk)

sudo find /home -type f -perm -002 -ls

1. Find files with no owner

sudo find /home -nouser -o -nogroup

1. Find SUID/SGID executables (potential security risk)

sudo find / -type f \( -perm -4000 -o -perm -2000 \) 2>/dev/null

1. Find files modified in the last 24 hours

sudo find /etc -type f -mtime -1

Advanced Permission Analysis Tasks

Task 1: Create a file /audit/reports/permission_security_scan.txt containing:

• Count of world-writable files

• List of all SUID binaries

• Files in /tmp older than 7 days

Task 2: Use pipes to filter and count

find /home -type f -perm -002 | wc -l

Task 3: Combine multiple commands

ls -la /etc/ | grep "^d" | wc -l  # Count directories

Part 3: Automated User Management Script

⏱️ Duration: 25 minutes

Create a bash script: /audit/scripts/user_report.sh

#!/bin/bash

# User Report Generator

# Date: $(date)

echo "=== SYSTEM USER AUDIT REPORT ==="
echo "Generated on: $(date '+%Y-%m-%d %H:%M:%S')"
echo "================================"
echo ""

echo "Total number of users:"
cat /etc/passwd | wc -l
echo ""

echo "Users with login shells (excluding system users):"
grep -E "/bin/bash$|/bin/sh$" /etc/passwd | cut -d: -f1
echo ""

echo "Groups and their members:"
cat /etc/group | grep -E "developers|testers|management"
echo ""

echo "Recently modified files in /etc (last 7 days):"
sudo find /etc -type f -mtime -7 -printf "%T+ %p\n" | sort | head -10
echo ""

echo "Disk usage by home directories:"
sudo du -sh /home/* 2>/dev/null
echo ""

Script Requirements

1. Make the script executable:

chmod +x /audit/scripts/user_report.sh

1. Run it and redirect output:

./user_report.sh > /audit/reports/daily_report.txt

1. Add error handling using 2>/dev/null to suppress errors

2. Use variables to make it more flexible:

REPORT_DIR="/audit/reports"
REPORT_FILE="$REPORT_DIR/report_$(date +%Y%m%d).txt"

Part 4: Advanced Command Combinations

⏱️ Duration: 10 minutes

Practice complex pipe operations

1. Find top 5 largest files in /home

sudo find /home -type f -exec du -h {} + | sort -rh | head -5

1. Count files by extension

find /home -type f | sed 's/.*\.//' | sort | uniq -c | sort -rn

1. List users sorted by UID

cat /etc/passwd | sort -t: -k3 -n | cut -d: -f1,3

1. Find and display permissions for all .conf files

sudo find /etc -name "*.conf" -exec ls -lh {} \; | head -20

Challenges with grep and awk

• Extract only IP addresses from system logs (if available)

• Find all lines in /etc/group containing "alice" OR "bob"

• Count how many users have /bin/bash as their shell

Part 5: System Monitoring and Logs (Bonus)

⏱️ Duration: 15 minutes

System Investigation Tasks

1. Check system resource usage

• Install and run htop (from Day 3 content)

sudo apt install htop
htop

• Use df -h to check disk space

• Use free -h to check memory usage

1. Process investigation

ps aux | grep firefox
ps -ef --forest  # Show process tree

1. Check for failed login attempts

sudo grep "Failed password" /var/log/auth.log | tail -20

1. Monitor system logs in real-time

sudo tail -f /var/log/syslog