Scripting for Server Security Part 2

Accessibility Notice

This document is also available in HTML format at:

https://aholdengouveia.name/LinuxAdmin/labexcercises/securitypt2.html

The HTML version provides enhanced accessibility features including keyboard navigation, screen reader support, responsive design, dark mode support, and high contrast options.

Objectives:

• The objective of this lab is to develop students' systematic troubleshooting skills and security automation capabilities through hands-on problem-solving exercises. Students will diagnose and resolve deliberately introduced server issues, transform troubleshooting processes into automated scripts, implement scheduled security monitoring using cron jobs, and master emergency boot procedures—building the diagnostic expertise and proactive security practices essential for maintaining robust and resilient Linux server environments.

Complete the following problems

Troubleshooting

Attached to this lab is a script that will B0rk your machine in some way. Your job is to use your troubleshooting skills to find out what happened and how to fix it. Think of it like a puzzle or mystery.

I STRONGLY recommend that you make a backup copy of your virtual machine before running the script or doing any troubleshooting. It is very easy for things to go wrong and have to start over.

1. On each server go through some troubleshooting steps that you've learned to try to figure out what the issue is, document the steps including screenshots.
2. You may use AI to help you come up with ideas, you may not use AI to do it for you, and YOU MUST test it. "I think it works.", "I assume it works." or "It probably works." are not acceptable.

enumerate

Please include the script, a screenshot showing it works as intended, cite all sources you used, and give a short explanation of how the script works works and why.

Solutions

1. Once you figure it out what the issue is explain how to solve it including screenshots.
2. Now that you have your problem solved, how could you turn your troubleshooting into a script?
3. Create a script in the language of your choice that will help you troubleshoot this potential set of issues, test the script on each server.
4. Make sure the script creates a file that gives some results to help you diagnose the issue.
5. Testing should include screenshots showing that you have run the script and it gives you the expected and useful information.
6. Write a Script to detect ip addresses trying to gain access, examples of things to pay attention to include all use between midnight and 6, all logins for a specific user, anything else you consider behavior that should send up a red flag. Make sure to include in your assignment what you consider a "red flag" and why
7. Write script to detect changes to a specific directory. Such as changes to /var/log or /etc/ think about using a diff here, or a hash.
8. Monitor hidden files, root executables, and see if changes are made, who made them, and when they were changed

Documentation

1. Write a document that will show how to control what daemons run on boot and how to change that. assume your audience is technically inclined, but not an expert.
2. Write a one page (or less) document on how to do boot into emergency mode on each server. Include 1 paragraph executive summary on why you might want to. Include screenshots showing what each step of the emergency boot process looks like
3. Set up a cron job to run your troubleshooting script at specific intervals (daily, weekly, and/or monthly). Document both how you set up the cron job, and make notes on why you've chosen the frequency you have.

Deliverables

1. You should have 1 document for your CentOS machine and 1 for your other server. You may have more documents as well, but each server should have it's own clearly labelled document.
2. Documentation for scripts should include any changes or updates to the system needed for the script to run. If there is nothing much needed you may include the instructions as part of a comment at the top of the script.
3. A short document explaining how to set up a cron job, why they are used, and any sources you used for setting them up. Make sure to include a simple sample for someone to follow
4. Document for the boot system and emergency boot should be focused on how to do each of those things. Audience is someone technically inclined but not an expert. Use screenshots as well as descriptions to guide someone through how to control the daemons and emergency boot.
5. Turn in a document with the script, that includes your screenshots showing that it runs correctly, answers to all of the above questions and screenshots with documentation showing the troubleshooting and fix for the issues on EACH server. Make sure that you have all of these answers for both servers. Well commented and tested script should including a link to your GitHub where you've uploaded it.
6. All Sources used should be noted at the end of each document.