Lab 1

• In lab 1 we will try to
  • Become familiar with the virtual environment.
  • Learn what root on a unix system can do.
• Why do this lab?
  • If you don't know what someone can do, how can you defend against it.
  • This lab will introduce you to the types of things "root" can do.
• Why linux?
  • That is where your instructor's expertise lies.
  • Microsoft owns the desktop.
  • But android and iOS own the tablet/phone world (linux/unix derivatives)
  • And unix/linux owns the web server market (W3Techs
• Linux is open source, so we can study the software at a deep level.
  • I assume we will have a discussion on security through obscurity.
• Ideas from one platform generally transfer to another.
  • This has become more true as security tightens.
• We will be using Virtual Box from Oracle.
  • This is a free open source system.
  • It is easy to install on windows
  • On linux you might need to change a bios setting.
  • But it is installed in the labs.
• This is a complete intel/amd hardware simulator.
• For each lab, you will probably need to load a guest system.
  • You do this from an image.
  • Anthony has already downloaded this image to each of the workstations in the lab.
  • We will work through the first part together.
• In the lab
  • Please split into pairs.
  • Work with the same partner unless there are major problems.
  • Please discuss the steps as you go through.
    • There are some questions in the labs.
    • But really push each other, make sure you understand what you are doing.
  • Keep your eyes open and always ask
    • Why did I do that last step?
    • What was the result of that last step?
  • If you can't answer this, ask for clarification.
  • Since these are virtual machines, feel free to break the guest os.
    • Experiment.
  • Please take notes
    • I don't expect you to memorize any of the commands, alto that would be helpful to you.
    • But I do expect you to build a tool box of useful commands.
  • Please seek assistance:
    • I am making most of the beginning labs.
    • I do not have much experience with this
    • I am sure there are holes and vague instructions.
    • I am here to help.
    • Anthony is here to help.
• We will look at su and sudo
  • su - substitute user
    • su username
    • su - username
  • sudo - work as the superuser
    • sudo command
      • sudo leafpad will allow you to run the leafpad editor as root.
      • leafpad is a simple, gui, notepad like editor.
      • I know I have a bad instruction somewhere in lab 1 about an editor.
    • sudo -i
• Systems administration
  • We will lean some things that are not quite right for a systems administrator.
  • I am sure in the systems classes they will correct these behaviors.
  • But time is limited.
• Responsibility
  • You will be learning things that allow you to compromise the security of a computer system.
  • Compromising the security of a university system is a violation of the student code of conduct and could lead to ..
    • Information Technology Violation Includes (a) Failure to Protect Secured Data, including but not limited to obtaining passwords, circumventing account security, monitoring another user's data communications, or attempting to read, copy, change, delete or transmit another's user files or software, to gain unauthorized access to remote computers, or failure to protect data media by securing them immediately after use. Any person attaching a computer or network device to Edinboro University's network is responsible for the security of the computer system and for any intentional or unintentional activities from or to those network connections. The use of any type of wireless network equipment including but not limited to wireless switches and wireless routers on the University network is strictly prohibited. Network services and wiring may not be modified or extended by users for any reason. (b) Improper use or access to E-mail, (c) Violation of Ownership and Use of Computing and Information Technology Facilities and Resources: may include computers, accounts, workstations, peripherals, networks, communication devices, switches, software programs, and systems, as well as related devices and hardware and telecommunications equipment, (d) Privately owned devices improperly accessing University resources, (e) Violation of applicable state, federal, and international laws, as well as University policies, (f) Operating a network-intensive application or a defective computer, which causes network overload. Sanction considerations will include limiting or revoking electronic account privileges, suspension, or expulsion on any student or student group found responsible.
  • Compromising other systems is potentially a violation of local, state and federal law and could lead to fines and imprisonment.
  • Compromising foreign systems is potentially an act of war or terrorism and can possibly lead to death.
  • Just because you know how to do something, doesn't mean that you should.
• Please start on Lab 1, Rootly Powers
  • Please provide feedback on problems you encounter.