From d6e9fec198b55bcffa82c2959796a8d5aeb0f160 Mon Sep 17 00:00:00 2001 From: Chris Date: Wed, 2 Jun 2021 03:04:52 +0100 Subject: [PATCH] audits for first admin sys exercises --- subjects/add-vm/audit/README.md | 17 +++++++++++++++++ subjects/connect/audit/README.md | 15 +++++++++++++++ subjects/linux/audit/README.md | 12 +++++++++--- subjects/login/audit/README.md | 27 +++++++++++++++++++++++++++ subjects/remote/audit/README.md | 21 +++++++++++++++++++++ subjects/scan/audit/README.md | 13 +++++++++++++ 6 files changed, 102 insertions(+), 3 deletions(-) create mode 100644 subjects/add-vm/audit/README.md create mode 100644 subjects/connect/audit/README.md create mode 100644 subjects/login/audit/README.md create mode 100644 subjects/remote/audit/README.md create mode 100644 subjects/scan/audit/README.md diff --git a/subjects/add-vm/audit/README.md b/subjects/add-vm/audit/README.md new file mode 100644 index 000000000..9778dd3b2 --- /dev/null +++ b/subjects/add-vm/audit/README.md @@ -0,0 +1,17 @@ +#### Functional + +##### Ask the auditee to start VirtualBox. + +###### Is VirtualBox correctly installed on the auditee's machine? + +##### Ask the auditee to show you the VM `01_add-vm`. + +###### Does the VM appears correctly on the list under the name `01_add-vm`? + +##### Ask the auditee to make a "snapshot". + +###### Was the auditee able to make a "snapshot" of the VM? + +##### Ask the auditee to start and stop the VM. (reminder the password is a single space) + +###### Was the auditee able to start and stop the VM? diff --git a/subjects/connect/audit/README.md b/subjects/connect/audit/README.md new file mode 100644 index 000000000..78db1ddb6 --- /dev/null +++ b/subjects/connect/audit/README.md @@ -0,0 +1,15 @@ +#### Functional + +###### Is VirtualBox installed? + +###### Are the 3 VMs, 01_connect_box, 01_connect_machine1, and 01_connect_machine2 properly added to VirtualBox? + +#### General + +##### Ask the auditee to start the 3 VMs in Virtual Box. Ask him to change the IP address of machine2. + +###### Ask the auditee this command `timeout --signal SIGINT 1m ping google.com`. Is the number of lost packets close to 0%? + +##### Ask the auditee make the IP address dynamic and explain the process. + +###### Ask the auditee this command `timeout --signal SIGINT 1m ping google.com`. Is the number of lost packets still close to 0%? diff --git a/subjects/linux/audit/README.md b/subjects/linux/audit/README.md index 511fe00ef..1eddab201 100644 --- a/subjects/linux/audit/README.md +++ b/subjects/linux/audit/README.md @@ -1,7 +1,13 @@ #### Functional -###### Is VirtualBox correctly installed ? +##### Ask the auditee to start VirtualBox. -###### Does the virtual machine boot Debian properly (in less than 2 minutes) ? +###### Is VirtualBox correctly installed on the auditee's machine? -###### After the boot is complete, does the system react to the ACPI Shutdown and does the virtual machine stop ? +##### Ask the auditee to show you his VM with a version of debian already installed. + +###### Does the virtual machine boot Debian properly (in less than 2 minutes)? + +##### After the boot is completed, ask the auditee to shutdown his VM with the ACPI Shutdown. + +###### Does the system react to the ACPI Shutdown and does the virtual machine stop? diff --git a/subjects/login/audit/README.md b/subjects/login/audit/README.md new file mode 100644 index 000000000..78ab07eb6 --- /dev/null +++ b/subjects/login/audit/README.md @@ -0,0 +1,27 @@ +#### Functional + +##### Ask the auditee to start VirtualBox. + +###### Is VirtualBox correctly installed on the auditee's machine? + +#### General + +##### Ask the auditee to login as a user in one terminal. + +###### Has the password been correctly changed to "michelle"? + +##### Ask the auditee to login as a superuser (root) in another terminal. + +###### Has the password been correctly changed to "michelle"? + +##### Ask the auditee to execute a command to show you the inode of a file. (The inode is a number) + +###### Has the auditee correctly shown you (and if necessary explained) the inode of a file? + +##### Ask the auditee to execute a command to show you the current user ID (it is also a number). + +###### Has the auditee correctly shown you (and if necessary explained) the id a the user? + +##### Ask the auditee to execute a command to show you the PID (another number) of a program (like bash for example). + +###### Has the auditee correctly shown you (and if necessary explained) the PID a program? diff --git a/subjects/remote/audit/README.md b/subjects/remote/audit/README.md new file mode 100644 index 000000000..0c4f80597 --- /dev/null +++ b/subjects/remote/audit/README.md @@ -0,0 +1,21 @@ +#### Functional + +###### Is VirtualBox installed? + +###### Is the VM, 01_remote, added to VirtualBox? + +#### General + +##### The auditeee is supposed to set a port forwarding rule in the VM settings that maps the host port to a guest port. + +##### Ask the auditee to show you that rule in the settings or to set it up if it is not done yet. + +##### Ask the auditee to connect to the VM via SSH thru the host port. + +###### Did the auditee manage to connect via SSH with either this command: `ssh -p22 root@localhost` or `ssh -pANOTHER_PORT root@localhost`? + +##### If the auditee connected thru port 22, ask the auditee to change the port of the Guest VM. + +##### Ask the auditee to connect to the VM via SSH thru the new chosen host port. + +###### Did the auditee manage to connect via SSH with this command `ssh -pANOTHER_PORT root@localhost`? diff --git a/subjects/scan/audit/README.md b/subjects/scan/audit/README.md new file mode 100644 index 000000000..94094ffa6 --- /dev/null +++ b/subjects/scan/audit/README.md @@ -0,0 +1,13 @@ +#### Functional + +###### Is VirtualBox installed? + +###### Are the 2 VMs, 01_scan_RRF-CONTROL and 01_scan_laptop, properly added to VirtualBox? + +#### General + +##### Ask the auditee, from the VM laptop, to get get into the other VM. As a reminder the port forwarding is set to 10122. + +##### (Allow some time for the hacking to take place) + +###### Did the auditee manage to get `RRF-control` appearing on the laptop VM (did the auditee manage to get thru)?