Information Assurance
Clay Shields, Department of Computer Science, Georgetown University
Homework 1 Familiarization with Linux
Due before class January 23rd, 2023
Configuring access to the system
This semester we will be doing several projects on a instructional linux system dedicated specifically to this class. If you have used unix or linux before then some of this material will be new. Some of it may not be. Please note that both the professor and TA for the course will have access to your files on this machine (and if you mess up the file permissions other students may as well). We will use this for helping you and accessing your code for testing, setup, or grading. Do not leave confidential or personal files on the class machine! Please note as well that the class machine is not backed up. Students must keep copies of their files elsewhere to preserve against loss.
Getting initial accessFirst, we will set up access to your account on the ia-class.georgetown.edu machine. The account has been created for you with your netid. Your first task will be to login and set up cryptographic keys to provide secure access.
You will have to use ssh to reach ia-class. Windows 10 has its own built in client. Mac OS X already has a ssh client available through the terminal application. It is also available from the command line of linux systems by default.
The default password will be emailed to you. It will long and complex and will not be changeable! The reason for this is that the internet is a very unfriendly place, and there are automated bots that look for open ssh servers and attempt to log in using common passwords. As security students, you need to learn to exist in this hostile environment.
You will quickly notice that unix, or in this case linux, has a command line interface. You will have to type commands you want executed. This is good and bad. You have more control over what happens, but you have a lot to learn. I have been using unix and linux for about 30 years now, and keep learning things.
First Off
First, you need to know that you can get what passes for help for
any command on a linux system by typing:
man <command>
where <command> is the command you
want information about. The man pages
are not always useful in a tutorial sense, but they will explain the
variety of options available for each command.
To see what
man can tell you about itself try: man man
Because man pages are excessively complex, there are other commands
you can use that will give you only shorter examples of how to use
commands; there can be very useful. You can try:
tldr <command>
or
cheat <command>
Setting up and using cryptographic keys
Note: before you start make sure you are not on the wifi network GuestNet. For some evil reason, you cannot ssh to Georgetown machines from that network. If you can't reach the machine, then check that you are not on GuestNet first. I have complained to UIS about this repeatedly but they don't care and are unwilling to change. Any time you can't reach the machine, check if you are on GuestNet! This is the problem about 98% of the time
Mac/Linux instructions
0. Before beginning, make sure you can log into ia-class using your netid and password. You need to log in once to make sure it is working.
1. Open a terminal window. On Mac, it is under Applications/Utilities. On linux, you are probably already there. From your home directory, go to the ssh configurations directory by typing:
cd ~/.ssh
If this fails, then you don't have a configuration directory. Type:
mkdir ~/.ssh
chmod go-rx ~/.ssh
cd ~/.ssh
to make the directory and set the permissions correctly, and go there. The command:
pwd
should show you that you are in your .ssh directory.
2. The command to create an SSH key is ssh-keygen.
You can generate a key with the command:
ssh-keygen -t ed25519
You will get a request to enter a name; I recommend keeping using one key per host and naming it with the host, so I'd use:
id_ed25519_ia-class
for example.
You will have the option for a passphrase; I only use them for super secure machines. You can just hit enter to skip this.
Finally, you might get an ascii art thing and the key will be done. The art is for human verification of keys, I've never had cause to use it.
3. We can see the key exists now if we look in the ~/.ssh directory:
id_ed25519_ia-class
id_ed25519_ia-class.pub
Edit: at this point we need to make sure the permissions for the keys are correct. You should be able to do this by running the commands:
chmod go-rx ~/.ssh
chmod go-rwx id_ed25519_ia-class*
Nwe just need to move the right key - the one with the .pub - to the right place on the server and then set up some permissions. The easy way to do this is to run `ssh-copy-id` with the hostname and the right identity file, like this:
ssh-copy-id -i ~/.ssh/id_ed25519_ia-class.pub clay@ia-class.cs.georgetown.edu
This should set up entry. To log in using ssh, you can then do:
ssh -i ~/.ssh/id_ed25519_test clay@ia-class.cs.georgetown.edu
That is annoying to type all the time, so you can create (or edit an existing) file named config in your .ssh directory on your local machine (not the server) that has an entry like this:
Host ia-class
HostName ia-class.cs.georgetown.edu
User clay
IdentityFile ~/.ssh/id_ed25519_ia-class
Then, when you want to ssh from the machine with the key, all you have to type is:
ssh ia-class
and the config file handles the rest.
Windows instructions
0. Before beginning, make sure you can log into ia-class using your netid and password. Update and change your password if needed.
1. Open a command window by typing cmd into the search box. From your home directory, go to the ssh configurations directory by typing:
cd .ssh
If this fails, then you don't have a configuration directory. Type:
mkdir .ssh
cd .ssh
to make the directory and go there. The command prompt might show you are in the ssh directory, or typing:
dir
will say what directory you are in and what files are there. Make sure you are in the .ssh directory you made.
2. The command to create an SSH key is ssh-keygen.
You can generate a key with the command:
ssh-keygen -t ed25519
You will get a request to enter a name; I recommend keeping using one key per host and naming it with the host, so I'd use:
id_ed25519_ia-class
for example.
You will have the option for a passphrase; I only use them for super secure machines. You can just hit enter to skip this.
Finally, you might get an ascii art thing and the key will be done. The art is for human verification of keys, I've never had cause to use it.
3. We can see the key exists now if we look in the ~/.ssh directory using dir:
id_ed25519_ia-class
id_ed25519_ia-class.pub
We just need to move the right key - the one with the .pub - to the right place on the server and then set up some permissions. While there is a convenient command to do this on Mac and Linux, there is not for Windows. So we will do it the old-fashioned way.
First, copy the public key, which is the one that ends in .pub, to ia-class, either with something like Filezilla Links to an external site.or with scp like this (notice the : at the end of the line, it is needed):
scp id_ed25519_ia-class.pub <netid>@ia-class.cs.georgetown.edu:
where <netid> is your personal netid without the brackets; you will need to enter your ia-class password
Now log into ia-class using your password with the command:
ssh <netid>@ia-class.cs.georgetown.edu:
Once on the server, cd to the .ssh directory there with:
cd .ssh
if you do not have a .ssh directory on the server, run these commands to create one:
mkdir ~/.ssh
chmod go-rx ~/.ssh
Now we need to move the file you copied over into the .ssh directory. Assuming you copied the key file into your home directory, the command:
mv id_ed25519_ia-class.pub ~/.ssh
Then change into the directory:
cd ~/.ssh
Now we need to copy the key file into another file names authorized_keys and make sure the permissions are correct, which we do with the commands
cat id_ed25519_ia-class.pub >> authorized_keys
chmod go-rx authorized_keys
At this point you should be good to go with passwordless login. From your Windows machine command window, in your home directory which is where it starts with a new window, type:
ssh -i .ssh/id_ed25519_ia-class <netid>@ia-class.cs.georgetown.edu
and you should be in. If this doesn't work, please get in touch with the TAs and they can help you troubleshoot.
Working with the command line
Now that you have configured secure access to the system, you will learning or practicing using the commands that you will need for other assignments this semester. We will practice both some command line tools and practice compiling programs.
Reference informationA number of good tutorials exist that will teach you all you need to know about unix, and more. The Internet is also your friend. The links below go to Georgetown Library references, but you can find references all over the place
-
Intro to the command line
- Linux Command Line and Shell Scripting Techniques
- The Linux Command Line
-
Intro to System Administration (more in-depth)
- The Linux System Administrator's Guide(Chapter 3 is most useful for you)
You should also look in the Practical Unix text, as it has very useful relevant information.
What to doYou task will be to write a bash shell script that, when run, will run a series of commands, each of which is one command. The commands will be things that do or answer the questions below in the order listed. Your shell script will be in your home directory on ia-class and must be named <netid>-hw1.sh
Use the class text, man pages and the tutorials referenced above (other on-line sources are fine too, but ask me before you talk to people other than the TAs about the assignment) to figure out how to do the following things on a unix system, then create the shell script that will run all the commands in order.
Each question below has an answer that can be provided as a single command. What you will be turning in (see below) is the single command or path that provides an answer. You will not turn in any output! If you can't get the answer to something and need to skip the question, then replace the correct answer with echo SKIP so that your output will have the correct number of lines. This project will be automatically graded; if you have the lines in the wrong order because you skipped a question but don't print SKIP then you will cause problems for the TA and I and make us grumpy.
File System Manipulation commands
Commands to learn:
cat, ls, rm, mkdir, rmdir, cd, pwd, ln, chmod, umask, touch
In your shell script, execute the following commands in the order shown here. Again, if you skip a command replace it with echo SKIP.
- Print the current directory you are in
- List the files in the directory, including all the files starting with a dot.
- Recursively list all the files in that current directory and all subdirectories including files that start with a dot.
- Non-recursively list all files within the subdirectories of the current directory. You should not list files in the subdirectories of the subdirectories or below, just the single directory level below.
- Make a directory named private
- Set the directory permissions of private so that only you can read or change into it. No one should be able to write to it.
- List the directory private in a way that shows the permissions on the directory.
- Make a directory named public and set the permissions so that that anyone can read, write or change into it.
- List the directory public in a way that shows the permissions on the directory
- In the public directory create some sort of file named not_the_password_file that shows the current contents of the /etc/passwd file when cat is used to display the file. Hint, this is not cp.
- Delete the private directory.
- Delete the public directory using a different command than above (which you will need because public should contain a file).
- In your home directory, create an empty file named suid so that if it were an executable when it executed it ran with your user permissions, even if another user were running it.
- List the suid file in a way that shows its permissions
Finding and examining files
Continuing in the same shell script, add commands that perform the following actions below. Commands to learn:
which, whereis, file, strings, more (or less)- Run a command that shows the path to the ls command.
- Run a command that shows what type of file the ls command is.
- Run a command that shows any human readable information in the ls command.
Commands to learn: grep, find
On the class server, there is a directory at /data. It contains a number of files that contain stolen user names and the corresponding cracked passwords.
- Run a command that shows what files in /data contained the string "moond00d"?
- Run a command that shows what files in /data contained either of the strings "moond00d" or "potat0"?
- Run a command that shows what files in /data contained a string similar to "psycho", except in some varying letter case (e.g. PsYCHo)
- Run a command that would show all the files in the /var/log directory that have been accessed within the last day (Please also hide all error messages!)
- Run a command that shows all files on ia-class that are SUID root.(Please also hide all error messages!)
Coding
We will be developing a small amount of code on this machine over the course of the semester. In order to prepare for that, you will write and compile a very small program. You have probably done this in 051, so it should not take long. There are many editors available for coding. If you do not have a favorite, an easy one to learn to use is called nano. Once logged onto ia-class, type:
nano prog1.ccThis bring up your editor and allow you to enter program code.
You should create a program that, when run, does nothing but print out your name and netid. It should be in your home directory in a subdirectory named prog1. The source code should be in a file named prog1.cc. The program executable should be named prog1.exe. Compile it, fixing any errors, and run it to make sure it works. Should you encounter errors you can't work out, email me or refer to one of the TAs. Output should look like this, except with your name and netid:
Clay Shields clay
The basic structure of the program you will need is below. All you need to do is add the line that does the correct output.
#include<iostream>
using namespace std;
int main() {
// This is a comment, code replaces this line
return 0;
}
Once you have completed the program, add one last line to your shell script that will run it as well.
- Add a command to your shell script that runs the progam you wrote
Help on programming
Some links to help you, if you need them:- There is an entire Canvas module that can help with this if you haven't done it before. Please email Clay and he can add you
- Here is a short tutorial on editing and compiling on cs-class.uis.georgetown.edu.
- Here are some links and tutorials on using nano:
What to turn in:
As described above, please leave a shell script named <netid>-hw1.sh in your home directory. In addition, please upload a copy of that script into canvas.
For the program, create a directory named prog1 in your account and leave the source and executable there, as described above. We will log in and verify that it works correctly.