Aufgabe Security Audit für Kuno

Part 1: Security Audit Preparation

⏱️ Duration: 25 minutes

Create an audit directory structure

sudo mkdir -p /audit/{logs,reports,backups,scripts}
sudo mkdir -p /audit/logs/{user_activity,permission_changes,system_access}

User Account Audit

Find all users with sudo privileges

grep -Po '^sudo.+:\K.*$' /etc/group

List all users with their UID and home directory

cat /etc/passwd | cut -d: -f1,3,6

Find users who haven't changed their password recently

sudo cat /etc/shadow | cut -d: -f1,3

Create a custom report file

Create: /audit/reports/user_audit_$(date +%Y%m%d).txt

Requirements:

Include: username, UID, group memberships, home directory, login shell
Use redirection: command > file.txt

Part 2: Permission Security Scan

⏱️ Duration: 30 minutes

Dangerous Permission Detection

Find all world-writable files (security risk)

sudo find /home -type f -perm -002 -ls

Find files with no owner

sudo find /home -nouser -o -nogroup

Find SUID/SGID executables (potential security risk)

sudo find / -type f \( -perm -4000 -o -perm -2000 \) 2>/dev/null

Find files modified in the last 24 hours

sudo find /etc -type f -mtime -1

Advanced Permission Analysis Tasks

Task 1: Create a file /audit/reports/permission_security_scan.txt containing:

Count of world-writable files
List of all SUID binaries
Files in /tmp older than 7 days

Task 2: Use pipes to filter and count

find /home -type f -perm -002 | wc -l

Task 3: Combine multiple commands

ls -la /etc/ | grep "^d" | wc -l  # Count directories

Part 3: Automated User Management Script

⏱️ Duration: 25 minutes

Create a bash script: `/audit/scripts/user_report.sh`

#!/bin/bash

# User Report Generator

# Date: $(date)

echo "=== SYSTEM USER AUDIT REPORT ==="
echo "Generated on: $(date '+%Y-%m-%d %H:%M:%S')"
echo "================================"
echo ""

echo "Total number of users:"
cat /etc/passwd | wc -l
echo ""

echo "Users with login shells (excluding system users):"
grep -E "/bin/bash$|/bin/sh$" /etc/passwd | cut -d: -f1
echo ""

echo "Groups and their members:"
cat /etc/group | grep -E "developers|testers|management"
echo ""

echo "Recently modified files in /etc (last 7 days):"
sudo find /etc -type f -mtime -7 -printf "%T+ %p\n" | sort | head -10
echo ""

echo "Disk usage by home directories:"
sudo du -sh /home/* 2>/dev/null
echo ""

Script Requirements

Make the script executable:

chmod +x /audit/scripts/user_report.sh

Run it and redirect output:

./user_report.sh > /audit/reports/daily_report.txt

Add error handling using 2>/dev/null to suppress errors
Use variables to make it more flexible:

REPORT_DIR="/audit/reports"
REPORT_FILE="$REPORT_DIR/report_$(date +%Y%m%d).txt"

Part 4: Advanced Command Combinations

⏱️ Duration: 10 minutes

Practice complex pipe operations

Find top 5 largest files in /home

sudo find /home -type f -exec du -h {} + | sort -rh | head -5

Count files by extension

find /home -type f | sed 's/.*\.//' | sort | uniq -c | sort -rn

List users sorted by UID

cat /etc/passwd | sort -t: -k3 -n | cut -d: -f1,3

Find and display permissions for all .conf files

sudo find /etc -name "*.conf" -exec ls -lh {} \; | head -20

Challenges with grep and awk

Extract only IP addresses from system logs (if available)
Find all lines in /etc/group containing "alice" OR "bob"
Count how many users have /bin/bash as their shell

Part 5: System Monitoring and Logs (Bonus)

⏱️ Duration: 15 minutes

System Investigation Tasks

Check system resource usage

Install and run htop (from Day 3 content)

sudo apt install htop
htop

Use df -h to check disk space
Use free -h to check memory usage

Process investigation

ps aux | grep firefox
ps -ef --forest  # Show process tree

Check for failed login attempts

sudo grep "Failed password" /var/log/auth.log | tail -20

Monitor system logs in real-time

sudo tail -f /var/log/syslog

Deliverables

Submit the following for assessment:

✅ A working /audit/scripts/user_report.sh script with comments
✅ Complete /audit/reports/permission_security_scan.txt with findings
✅ A markdown document explaining:
- 3 security risks you discovered
- How to fix each risk
- Which commands you used to find them
✅ Screenshot showing the output of your script
✅ Answers to:
- "Why is it dangerous to have world-writable files?"
- "What is the SUID bit and why is it a security concern?"

Expandable: Suggested answers (for reference)

Why is it dangerous to have world-writable files?

World-writable files allow any user on the system to modify those files. This can lead to unauthorized changes, tampering, privilege escalation (if executable), or insertion of malicious code. Attackers or untrusted users could replace files with altered versions to compromise the system.

What is the SUID bit and why is it a security concern?

The SUID (Set User ID) bit on an executable causes the program to run with the file owner's privileges rather than the privileges of the user invoking it. If set on a root-owned executable, it can allow regular users to perform operations with root privileges. Misconfigured or vulnerable SUID binaries can be exploited for privilege escalation.

Assessment Criteria

Criterion

Weight

Description

Correctness

40%

Do the permissions and configurations work as specified?

Understanding

30%

Can you explain why certain permissions are used?

Documentation

20%

Are your commands and solutions well-documented?

Problem-solving

10%

Did you identify and fix issues independently?

Tips for Success:

Test each command individually before adding it to your script
Use man command to learn more about unfamiliar commands (e.g., man find)
Document any errors you encounter and how you resolved them
Work with a partner to discuss security implications

Common Pitfalls:

Forgetting to use sudo for system-level operations
Not handling errors properly in scripts (use 2>/dev/null)
Missing the -a flag when appending to files with >>
Not making scripts executable with chmod +x

PreviousZusatzaufgaben Tag 3 NextRepetition Tag 1 und 2 für Alyssa