The following code demonstrates how I used Linux commands to determine the existing permissions set for a specific directory in the file system.
The first line of the screenshot displays the command I entered, and the other lines display the output. The code lists all contents of the projects directory. I used the ls command with the -la option to display a detailed listing of the file contents that also returned hidden files. The output of my command indicates that there is one directory named drafts, one hidden file named .project_x.txt, and five other project files. The 10-character string in the first column represents the permissions set on each file or directory.
The 10-character string can be deconstructed to determine who is authorized to access the file and their specific permissions. The characters and what they represent are as follows:
- 1st character: This character is either a d or hyphen (-) and indicates the file type. If it’s a d, it’s a directory. If it’s a hyphen (-), it’s a regular file.
- 2nd-4th characters: These characters indicate the read (r), write (w), and execute (x) permissions for the user. When one of these characters is a hyphen (-) instead, it indicates that this permission is not granted to the user.
- 5th-7th characters: These characters indicate the read (r), write (w), and execute (x) permissions for the group. When one of these characters is a hyphen (-) instead, it indicates that this permission is not granted for the group.
- 8th-10th characters: These characters indicate the read (r), write (w), and execute (x) permissions for other. This owner type consists of all other users on the system apart from the user and the group. When one of these characters is a hyphen (-) instead, that indicates that this permission is not granted for other.
For example, the file permissions for project_t.txt are -rw-rw-r--. Since the first character is a hyphen (-), this indicates that project_t.txt is a file, not a directory. The second, fifth, and eighth characters are all r, which indicates that user, group, and other all have read permissions. The third and sixth characters are w, which indicates that only the user and group have write permissions. No one has execute permissions for project_t.txt.
The organization determined that other shouldn't have write access to any of their files. To comply with this, I referred to the file permissions that I previously returned. I determined project_k.txt must have the write access removed for other.
The following code demonstrates how I used Linux commands to do this:
The first two lines of the screenshot display the commands I entered, and the other lines display the output of the second command. The chmod command changes the permissions on files and directories. The first argument indicates what permissions should be changed, and the second argument specifies the file or directory. In this example, I removed write permissions from other for the project_k.txt file. After this, I used ls -la to review the updates I made.
Change file permissions on a hidden file:
The following code demonstrates how I used Linux commands to change the permissions:
The first two lines of the screenshot display the commands I entered, and the other lines display the output of the second command. I know .project_x.txt is a hidden file because it starts with a period (.). In this example, I removed write permissions from the user and group, and added read permissions to the group. I removed write permissions from the user with u-w. Then, I removed write permissions from the group with g-w, and added read permissions to the group with g+r.
My organization only wants the researcher2 user to have access to the drafts directory and its contents. This means that no one other than researcher2 should have execute permissions.
The following code demonstrates how I used Linux commands to change the permissions:
I changed multiple permissions to match the level of authorization my organization wanted for files and directories in the projects directory. The first step in this was using ls -la to check the permissions for the directory. This informed my decisions in the following steps. I then used the chmod command multiple times to change the permissions on files and directories.
# Start Nessus in a Docker container (if Docker is used)
docker run -d --name nessus -p 8834:8834 -e "NESSUS_LICENSE=your-activation-code" nessus/nessus
# Open a web browser and navigate to Nessus web interface
# Login to the Nessus web interface, configure the scan, and initiate the vulnerability scan
# Update package repositories
sudo apt update
# Upgrade installed packages, applying available security patches
sudo apt upgrade
# Review available security patches
sudo apt list --upgradable
# Install specific security updates
sudo apt install package-name
# Apply kernel security updates
sudo reboot
# Allow SSH (replace xx.xx.xx.xx with your IP)
sudo iptables -A INPUT -p tcp --dport 22 -s xx.xx.xx.xx -j ACCEPT
# Allow HTTP and HTTPS traffic
sudo iptables -A INPUT -p tcp --dport 80 -j ACCEPT
sudo iptables -A INPUT -p tcp --dport 443 -j ACCEPT
# Drop all other incoming traffic
sudo iptables -A INPUT -j DROP
# Save the rules
sudo iptables-save > /etc/iptables.rules
# Enable IPTables on boot
sudo systemctl enable netfilter-persistent
# Check the system logs (e.g., syslog)
cat /var/log/syslog
# Search for specific keywords (e.g., 'suspicious activity')
grep 'suspicious activity' /var/log/syslog
# Analyze authentication logs
cat /var/log/auth.log
# Monitor real-time logs
tail -f /var/log/syslog
# Start Snort in IDS mode with a specific configuration file
sudo snort -q -A console -q -c /etc/snort/snort.conf -i eth0
# Analyze Snort logs for alerts
cat /var/log/snort/alert
# Review Snort rules and customize for your network
sudo nano /etc/snort/rules/local.rules
# Scan a target host for open ports
nmap target-host
# Scan a range of IP addresses
nmap 192.168.1.1-50
# Scan a specific port range
nmap -p 80-100 target-host
# Save the scan results to a file
nmap -oN scan-results.txt target-host
# Generate an SSH key pair (if not already generated)
ssh-keygen -t rsa
# Copy the public key to the remote server for key-based authentication
ssh-copy-id user@remote-host
# Edit SSH server configuration
sudo nano /etc/ssh/sshd_config
# Disable password-based logins
PasswordAuthentication no
# Restart the SSH service to apply changes
sudo systemctl restart ssh
# Simulate a security incident by creating a test file
touch /var/test-incident-file.txt
# Generate log entries related to the incident
echo "Unauthorized access detected" >> /var/log/security.log
# Execute the incident response plan
Follow predefined procedures for incident containment, investigation, and recovery
# Create a copy of the suspicious file for analysis
cp suspicious-file /var/forensics/
# Analyze the file using various forensic tools
strings /var/forensics/suspicious-file
hexdump -C /var/forensics/suspicious-file
file /var/forensics/suspicious-file
# Review system logs for any related activities
cat /var/log/auth.log
# Check the current SELinux status
sestatus
# Install SELinux utilities (if not already installed)
sudo yum install policycoreutils
# Modify SELinux policy to control access for specific processes
sudo semanage permissive -a httpd_t
# Apply SELinux policies and relabel the file system
sudo touch /.autorelabel
sudo reboot
# Check the current kernel version
uname -r
# Download the latest kernel patch from the official source
wget https://www.kernel.org/pub/linux/kernel/v5.x/linux-5.x.x.tar.xz
# Extract the kernel source code
tar -xvf linux-5.x.x.tar.xz
# Apply the security patch
cd linux-5.x.x
patch -p1 < security-patch.diff
# Recompile and install the patched kernel
make && make modules_install && make install
# Reboot the system to load the new kernel
reboot
# Install the Snort IDS system
sudo apt-get install snort
# Configure Snort rules and policies
sudo nano /etc/snort/snort.conf
sudo nano /etc/snort/rules/local.rules
# Start the Snort IDS service
sudo systemctl start snort
sudo systemctl enable snort
# Collect and analyze system logs
grep "Unauthorized access" /var/log/auth.log
grep "malware detected" /var/log/syslog
# Create custom log analysis scripts
nano analyze-logs.sh
# Automate log analysis with cron jobs
crontab -e
# Edit SSH server configuration
sudo nano /etc/ssh/sshd_config
# Disable root login
PermitRootLogin no
# Set idle timeout for SSH sessions
ClientAliveInterval 300
ClientAliveCountMax 0
# Implement rate-limiting for login attempts
MaxAuthTries 3
# Restart the SSH service to apply changes
sudo systemctl restart ssh
Summary: In this project, you improved the security of SSH by modifying its configuration to disable root logins, set an idle timeout, and implement rate-limiting for login attempts. These measures enhance the security of remote access to the system.
Your organization needed to conduct a security compliance audit on Linux servers to identify vulnerabilities and ensure adherence to security best practices.# Install Lynis, a security auditing tool
wget https://cisofy.com/files/lynis-3.x.x.tar.gz
tar -xvf lynis-3.x.x.tar.gz
# Run a security audit with Lynis
cd lynis
sudo ./lynis audit system
# Review the audit report for findings and recommendations
cat /var/log/lynis-report.dat
# Install encryption tools (e.g., LUKS)
sudo apt-get install cryptsetup
# Create an encrypted volume
sudo cryptsetup luksFormat /dev/sdX
# Open the encrypted volume
sudo cryptsetup open /dev/sdX encrypted-volume
# Format the encrypted volume with a filesystem (e.g., ext4)
sudo mkfs.ext4 /dev/mapper/encrypted-volume
# Mount the encrypted volume
sudo mount /dev/mapper/encrypted-volume /mnt/encrypted-data
# Install the necessary packages
sudo apt-get install libpam-google-authenticator
# Configure 2FA for a specific user
google-authenticator
# Edit the SSH PAM configuration
sudo nano /etc/pam.d/sshd
# Add the following line to enable 2FA for SSH
auth required pam_google_authenticator.so
# Restart the SSH service
sudo systemctl restart ssh
# Configure the bastion host server
sudo apt-get install openssh-server
# Create SSH keys for administrators
ssh-keygen -t rsa
# Install the public keys on the bastion host
cat ~/.ssh/id_rsa.pub >> ~/.ssh/authorized_keys
# Configure SSH to allow gateway functionality
sudo nano /etc/ssh/sshd_config
# Check disk space usage
df -h
# Set up automated disk space alerts
nano disk-space-monitor.sh
# Schedule the script with cron
crontab -
# Install iptables
sudo apt-get install iptables
# Define the rules for the firewall
sudo iptables -A INPUT -p tcp --dport 22 -j ACCEPT
sudo iptables -A INPUT -p tcp --dport 80 -j ACCEPT
sudo iptables -A INPUT -j DROP
# Save the firewall rules
sudo apt-get install iptables-persistent
# Configure log rotation
sudo nano /etc/logrotate.conf
# Define log rotation settings for specific log files
sudo nano /etc/logrotate.d/app-logs
# Test log rotation settings
logrotate -d /etc/logrotate.conf
# Enable user auditing
sudo nano /etc/audit/auditd.conf
sudo service auditd restart
# Monitor user account changes
auditctl -a always,exit -F arch=b64 -S usermod -k usermod_changes
auditctl -a always,exit -F arch=b64 -S passwd -k passwd_changes
# Review audit logs
ausearch -k usermod_changes
# Install a FIM tool like Tripwire
sudo apt-get install tripwire
# Initialize and configure Tripwire
sudo tripwire --init
sudo tripwire --update-policy
# Check for changes in the file system
sudo tripwire --check
# Install and configure the ELK Stack (Elasticsearch, Logstash, Kibana)
sudo apt-get install elasticsearch logstash kibana
# Set up Logstash to collect and filter logs
# Configure Kibana for log visualization
# Forward logs from Linux servers to the ELK Stack
# Modify SSH configuration
sudo nano /etc/ssh/sshd_config
# Implement security measures like disabling root login, using key authentication, and limiting login attempts
# Install Snort
sudo apt-get install snort
# Configure Snort rules and network interfaces
sudo nano /etc/snort/snort.conf
# Start Snort in Network Intrusion Detection mode
sudo snort -q -A console -q -q -c /etc/snort/snort.conf
# Install LUKS (Linux Unified Key Setup)
sudo apt-get install cryptsetup
# Initialize LUKS encryption
sudo cryptsetup --verbose --verify-passphrase luksFormat /dev/sdX
# Create an encrypted partition and mount it
sudo cryptsetup luksOpen /dev/sdX my_encrypted_partition
These projects demonstrate your expertise in Linux-based security practices, further enriching your portfolio as a cybersecurity analyst.
Your organization required a robust system for managing system updates and patches to ensure security and stability.# Update package lists
sudo apt update
# Upgrade packages
sudo apt upgrade
# Automate updates with unattended-upgrades
sudo apt install unattended-upgrades
Summary: In this project, you established a reliable system for managing system updates and patches, enhancing the organization's security and stability.
Your organization needed to deploy a web server for hosting company websites and web applications securely.# Install Apache web server
sudo apt-get install apache2
# Configure firewall settings
sudo ufw allow 'Apache'
# Enable HTTPS with Let's Encrypt
sudo apt-get install certbot python3-certbot-apache
Summary: In this project, you set up and secured an Apache web server, ensuring that websites and applications are hosted securely and efficiently.
Your organization wanted to centralize user authentication to simplify user management across multiple Linux servers.# Install and configure an LDAP server
sudo apt-get install slapd ldap-utils
# Create LDAP entries for users and groups
sudo ldapadd -x -D cn=admin,dc=example,dc=com -W -f user.ldif
Summary: In this project, you implemented a centralized user authentication system using LDAP, simplifying user management and enhancing security.
Your organization needed automated backup solutions to ensure data integrity and availability in case of data loss or system failures.# Create backup scripts
nano backup_script.sh
# Schedule automated backups with cron
crontab -e
Summary: In this project, you designed and implemented automated backup solutions, safeguarding critical data and ensuring quick recovery in the event of data loss or system failures.
Your organization wanted to create a virtualized environment for efficient resource management and scalability.# Install KVM and QEMU
sudo apt-get install qemu-kvm libvirt-bin
# Create and manage virtual machines
virt-install --name=VMname --memory=1024 --vcpus=2 --disk size=10
Summary: In this project, you set up virtualization using KVM/QEMU, providing your organization with a flexible and efficient IT environment.
These projects showcase your skills as a Linux system administrator and enrich your portfolio with examples of critical system administration tasks.
Your organization needed to enhance security by configuring SSH (Secure Shell) for secure remote access to Linux servers.# Edit SSH configuration file
sudo nano /etc/ssh/sshd_config
# Implement key-based authentication
Summary: In this project, you improved server security by configuring SSH to allow key-based authentication, reducing the risk of unauthorized access.
Your organization aimed to streamline application deployment and scaling by implementing a Docker containerization environment.# Install Docker
sudo apt-get install docker.io
# Create and manage Docker containers
docker run -d -p 80:80 nginx
Summary: In this project, you established a Docker containerization environment, simplifying application deployment and management.
Your organization required a centralized logging system to monitor and analyze logs across multiple servers.# Install and configure the ELK Stack (Elasticsearch, Logstash, Kibana)
# Create custom firewall rules
sudo iptables -A INPUT -p tcp --dport 22 -j DROP
Summary: In this project, you improved network security by configuring custom firewall rules using IPtables, providing granular control over network traffic.
Your organization wanted a robust monitoring system to track server performance and detect issues proactively.# Install and configure Nagios
Summary: In this project, you established an automated monitoring system with Nagios, ensuring early issue detection and server performance tracking.
Your organization aimed to enhance system performance through various Linux performance tweaks.# Implement system optimizations such as optimizing swap usage or file system changes.
Summary: In this project, you optimized system performance by applying various Linux tweaks, ensuring optimal system operation.
Your organization needed custom automation scripts to streamline routine tasks.# Write custom Bash scripts to automate specific tasks.
These projects demonstrate your expertise as a Linux system administrator and contribute valuable examples to your portfolio.
Automate the backup of a website's files and database at regular intervals.#!/bin/bash
# Website backup script
# Replace the placeholders with your website's specific details
# Set backup directory
backup_dir="/path/to/backup"
# Set website root directory
website_dir="/path/to/website"
# Set database credentials
db_user="username"
db_pass="password"
db_name="database_name"
# Create a backup folder with the current date
backup_folder="$backup_dir/backup-$(date +\%Y\%m\%d)"
# Create the directory
mkdir -p $backup_folder
# Backup website files
cp -r $website_dir $backup_folder
# Backup the database
mysqldump -u $db_user -p$db_pass $db_name > $backup_folder/database.sql
# Optionally, compress the backup folder
tar -czf $backup_folder.tar.gz $backup_folder
# Remove the uncompressed folder if needed
# rm -r $backup_folder
#!/bin/bash
# Log cleanup script
# Set the path to the log directory
log_dir="/path/to/logs"
# Set the maximum number of log files to keep
max_logs=10
# Clean up log files
find $log_dir -type f -mtime +$max_logs -exec rm {} \;
#!/bin/bash
# File transfer script
# Replace placeholders with your server and file details
# Set source file
source_file="/path/to/local/file"
# Set destination server
server="username@remote_server_ip"
# Set destination directory
destination_dir="/path/to/remote/directory"
# Transfer file to the remote server
scp $source_file $server:$destination_dir
#!/bin/bash
# Daily system report script
# Generate a system report and save it to a file
report_file="/path/to/daily_report.txt"
echo "Daily System Report" > $report_file
date >> $report_file
free -h >> $report_file
df -h >> $report_file
# Add more system commands as needed
# Email the report
recipient="your@email.com"
subject="Daily System Report"
cat $report_file | mail -s "$subject" $recipient
These Bash scripts showcase your automation skills and can be tailored to meet specific needs in your role as a system administrator.
Automate the process of creating, updating, or deleting user accounts on a Linux system.#!/bin/bash
# User management script
# Action can be 'create', 'update', or 'delete'
action="create"
username="newuser"
fullname="New User"
homedir="/home/$username"
password="userpassword"
if [ "$action" == "create" ]; then
# Create a new user
useradd -m -d $homedir -c "$fullname" $username
echo "$username:$password" | chpasswd
passwd -e $username # Force user to change password on first login
elif [ "$action" == "update" ]; then
# Update user details
usermod -c "$fullname" $username
echo "$username:$password" | chpasswd
elif [ "$action" == "delete" ]; then
# Delete a user
userdel -r $username
fi
#!/bin/bash
# Log rotation script
# Set the path to the log directory
log_dir="/path/to/logs"
# Set the maximum number of log files to keep
max_logs=10
# Archive old logs
for logfile in $(find $log_dir -type f -mtime +$max_logs); do
gzip $logfile
done
#!/bin/bash
# Backup verification script
# Set the source and backup directories
source_dir="/path/to/source"
backup_dir="/path/to/backup"
# Use rsync to compare source and backup
rsync -n -a --delete $source_dir/ $backup_dir/
#!/bin/bash
# Server monitoring and alert script
# Set thresholds for resource usage
cpu_threshold=80
memory_threshold=90
# Check CPU usage
cpu_usage=$(top -bn1 | grep "Cpu(s)" | awk '{print $2}')
if (( $(echo "$cpu_usage > $cpu_threshold" | bc -l) )); then
echo "High CPU usage: $cpu_usage%" | mail -s "Server Alert" admin@example.com
fi
# Check memory usage
memory_usage=$(free | awk '/Mem/{print $3/$2 * 100.0}')
if (( $(echo "$memory_usage > $memory_threshold" | bc -l) )); then
echo "High memory usage: $memory_usage%" | mail -s "Server Alert" admin@example.com
fi
These Bash scripts can help you automate various tasks as a system administrator, saving time and reducing the risk of errors in routine operations.
Automate routine system maintenance tasks, such as updating packages and cleaning up temporary files.#!/bin/bash
# Daily system maintenance script
# Update package repositories and upgrade packages
apt-get update
apt-get upgrade -y
# Clean up temporary files
apt-get autoclean
apt-get autoremove -y
# Send a notification
echo "System maintenance completed on $(date)" | mail -s "System Maintenance" admin@example.com
#!/bin/bash
# Web server log analysis script
# Set log file path
log_file="/var/log/apache/access.log"
# Generate usage statistics using AWK
awk '{print $1}' $log_file | sort | uniq -c | sort -n > usage_stats.txt
# Send the statistics to an email address
mail -s "Web Server Usage Stats" admin@example.com < usage_stats.txt
#!/bin/bash
# Firewall rule update script
# Set the IP address to allow or deny
ip_address="192.168.1.100"
# Add a rule to allow the IP address
iptables -A INPUT -s $ip_address -j ACCEPT
# Save the firewall rules
iptables-save > /etc/iptables/rules.v4
#!/bin/bash
# Disk space monitoring script
# Set the threshold (in percentage) for alerting
threshold=90
# Get disk space usage
disk_usage=$(df -h / | awk 'NR==2{print $5}' | cut -d'%' -f1)
# Check if disk usage exceeds the threshold
if [ $disk_usage -ge $threshold ]; then
echo "Disk space usage is at $disk_usage%" | mail -s "Disk Space Alert" admin@example.com
fi
#!/bin/bash
# Configuration file backup script
# Set the backup directory
backup_dir="/backup/configs"
# List of configuration files to back up
config_files=("/etc/nginx/nginx.conf" "/etc/ssh/sshd_config" "/etc/apache2/httpd.conf")
# Create a timestamp for the backup folder
timestamp=$(date +"%Y-%m-%d_%H-%M-%S")
backup_folder="$backup_dir/configs_$timestamp"
# Create the backup directory
mkdir -p $backup_folder
# Copy each configuration file to the backup directory
for file in "${config_files[@]}"; do
cp $file $backup_folder
done
# Tar and compress the backup folder
tar -czvf "$backup_folder.tar.gz" $backup_folder
# Remove the original backup folder
rm -rf $backup_folder
#!/bin/bash
# User account management script
# Set the list of user accounts to create
users=("user1" "user2" "user3")
# Create user accounts
for user in "${users[@]}"; do
useradd -m -s /bin/bash $user
echo "Password123" | passwd --stdin $user
done
# Modify user account properties
usermod -g newgroup user1
usermod -aG additionalgroup user2
# Delete user accounts
userdel -r user3
#!/bin/bash
# Log rotation script
# Set the log file to rotate
log_file="/var/log/application.log"
# Set the maximum log file size in MB
max_size=10
# Check if the log file size exceeds the maximum size
if [ $(du -m $log_file | cut -f1) -gt $max_size ]; then
# Rotate the log file
mv $log_file "$log_file.1"
touch $log_file
fi
#!/bin/bash
# Software update script
# Update package repositories
apt-get update
# Upgrade installed packages
apt-get upgrade -y
# Clean up after the update
apt-get autoremove -y
apt-get clean
#!/bin/bash
# Daily system health check script
# Log file for the report
log_file="/var/log/system_health.log"
# Get current date and time
current_datetime=$(date "+%Y-%m-%d %H:%M:%S")
# Check CPU and memory usage
cpu_usage=$(top -bn1 | grep "Cpu(s)" | awk '{print $2}')
memory_usage=$(free -m | awk '/Mem/ {print $3}')
# Check disk space
disk_space=$(df -h | awk '/sda1/ {print $4}')
# Write the results to the log file
echo "Date and Time: $current_datetime" >> $log_file
echo "CPU Usage: $cpu_usage" >> $log_file
echo "Memory Usage: $memory_usage MB" >> $log_file
echo "Available Disk Space: $disk_space" >> $log_file
#!/bin/bash
# Log file monitoring script
# Log file to monitor
log_file="/var/log/application.log"
# Search for a specific error message in the log file
error_message="Error:"
# Email address to receive notifications
recipient="admin@example.com"
# Check for the error message
if grep -q "$error_message" $log_file; then
# Send an email notification
echo "Error found in log file $log_file" | mail -s "Log Error Notification" $recipient
fi
#!/bin/bash
# Firewall rule update script
# IP address or range to allow
allowed_ip="192.168.1.100"
# Port to open
port="22"
# Update firewall rule to allow the IP address and port
iptables -A INPUT -p tcp -s $allowed_ip --dport $port -j ACCEPT
#!/bin/bash
# System backup script
# Directory to store backups
backup_dir="/backups/system"
# Create a timestamp for the backup folder
timestamp=$(date +"%Y-%m-%d")
# Create the backup directory
mkdir -p $backup_dir/$timestamp
# Backup important system files
cp -r /etc $backup_dir/$timestamp
cp -r /var/www $backup_dir/$timestamp
These additional Bash scripts can help system administrators streamline routine tasks and ensure the reliability and security of their systems.
Automate log rotation to prevent log files from consuming too much disk space.#!/bin/bash
# Log rotation script
# Log file to rotate
log_file="/var/log/application.log"
# Number of log files to keep
num_logs_to_keep=5
# Perform log rotation
mv $log_file $log_file.1
# Remove old log files
for ((i = $num_logs_to_keep; i > 1; i--)); do
mv $log_file.$(($i - 1)) $log_file.$i
done
# Create an empty log file
touch $log_file
#!/bin/bash
# User account management script
# File containing user data (username:access_level)
user_data_file="users.txt"
# Read user data and create user accounts
while IFS=":" read -r username access_level; do
useradd -m -s /bin/bash $username
if [ "$access_level" == "admin" ]; then
usermod -aG sudo $username
fi
done < "$user_data_file"
#!/bin/bash
# System update script
# Check for system updates
sudo apt update
# Upgrade system packages
sudo apt upgrade -y
#!/bin/bash
# Database backup script
# Database connection details
db_user="username"
db_password="password"
db_name="mydb"
# Directory to store backups
backup_dir="/backups/database"
# Create a timestamp for the backup file
timestamp=$(date +"%Y%m%d%H%M%S")
# Backup the database and compress it
mysqldump -u $db_user -p$db_password $db_name | gzip > $backup_dir/backup_$timestamp.sql.gz