filmov
tv
TLDR CIS 245 Weeks 8 and 9
Показать описание
Week 8 and 9 Security
Learning Outcomes:
Able to Monitor users, apps, ports, traffic setting and logs
Able to identify and use tools such as tripwire rootkit detection
Able to create and edit finding scripts, for things such as users with root access
Able to get snapshots of users, processes update management DMZ
Labs
Scripts for Security Part 1
A lot of these would make sense as a cron job, make sure you set up a cron job for at least the snapshot, but feel free to use cron jobs for the rest as well.
1. Write a Script to detect ip addresses trying to gain access, examples of things to pay attention to include all use between midnight and 6, all logins for a specific user, anything else you consider behavior that should send up a red flag.
2. Write script to detect changes to a specific directory. Such as changes to /var/log or /etc/ think about using a diff here, or a hash.
3. Monitor hidden files, root executables, and see if changes are made, who made them, and when they were changed.
Deliverables:
Well commented and tested scripts including a link to your GitHub where you've uploaded them. Documentation for scripts should include any changes or updates to the system needed for these scripts to run. You should have 1 document for your CentOS machine and 1 for your other server. Include any assumptions made with justifications (such as what is considered concerning behavior? which directories are the most concerning if changes are made to them and why?)
A small paragraph or two explaining if there anything else you think you should have a script and/or cron job for relating to security? why or why not?
Security Part 2
A lot of these would make sense as a cron job, make sure you set up a cron job for at least the snapshot, but feel free to use cron jobs for the rest as well.
1. Take a snapshot of users every hour (Use a cron job for this) to see if there is any suspicious adding/removing of users
2. Write a document that will show how to control what daemons run on boot and how to change that. assume your audience is technically inclined, but not an expert.
3. Find out how to boot into emergency mode for both your servers. Write a one page (or less) document on how to do that. Include 1 paragraph executive summary on why you might want to.
Deliverables:
Text document(s) including answers for each of the above questions. Include an explanation of how to set up a cron job, why they are used, and any sources you used for setting them up. Documentation for the boot system and emergency boot should be focused on how to do each of those things. audience is someone technically inclined but not an expert. Use screenshots as well as descriptions to guide someone through how to control the daemons and emergency boot. Include the short paragraph of why you would want to.
Security, Hardening and Compliance
Create a short report on the findings and what you'll do to improve your server setup.
Write a script to monitor the health of your server using the commands from the PowerPoint as your base. Think about what info you care about, and how to make it easier for you to read or upload to your dashboard. Data is only good if you're using it for something.
Deliverables:
Your Lynix report, including any changes you made to each server and why you made those changes.
A well commented script for health monitoring. Documentation for this should include a short text file explaining what you choose to include on your health monitor and why. As well as the location for where the health report is saved and instructions for how to run your script remotely. Audience is a new intern at the company who's first set of jobs is to check the health of all our report servers here at Acme Corp.
Learning Outcomes:
Able to Monitor users, apps, ports, traffic setting and logs
Able to identify and use tools such as tripwire rootkit detection
Able to create and edit finding scripts, for things such as users with root access
Able to get snapshots of users, processes update management DMZ
Labs
Scripts for Security Part 1
A lot of these would make sense as a cron job, make sure you set up a cron job for at least the snapshot, but feel free to use cron jobs for the rest as well.
1. Write a Script to detect ip addresses trying to gain access, examples of things to pay attention to include all use between midnight and 6, all logins for a specific user, anything else you consider behavior that should send up a red flag.
2. Write script to detect changes to a specific directory. Such as changes to /var/log or /etc/ think about using a diff here, or a hash.
3. Monitor hidden files, root executables, and see if changes are made, who made them, and when they were changed.
Deliverables:
Well commented and tested scripts including a link to your GitHub where you've uploaded them. Documentation for scripts should include any changes or updates to the system needed for these scripts to run. You should have 1 document for your CentOS machine and 1 for your other server. Include any assumptions made with justifications (such as what is considered concerning behavior? which directories are the most concerning if changes are made to them and why?)
A small paragraph or two explaining if there anything else you think you should have a script and/or cron job for relating to security? why or why not?
Security Part 2
A lot of these would make sense as a cron job, make sure you set up a cron job for at least the snapshot, but feel free to use cron jobs for the rest as well.
1. Take a snapshot of users every hour (Use a cron job for this) to see if there is any suspicious adding/removing of users
2. Write a document that will show how to control what daemons run on boot and how to change that. assume your audience is technically inclined, but not an expert.
3. Find out how to boot into emergency mode for both your servers. Write a one page (or less) document on how to do that. Include 1 paragraph executive summary on why you might want to.
Deliverables:
Text document(s) including answers for each of the above questions. Include an explanation of how to set up a cron job, why they are used, and any sources you used for setting them up. Documentation for the boot system and emergency boot should be focused on how to do each of those things. audience is someone technically inclined but not an expert. Use screenshots as well as descriptions to guide someone through how to control the daemons and emergency boot. Include the short paragraph of why you would want to.
Security, Hardening and Compliance
Create a short report on the findings and what you'll do to improve your server setup.
Write a script to monitor the health of your server using the commands from the PowerPoint as your base. Think about what info you care about, and how to make it easier for you to read or upload to your dashboard. Data is only good if you're using it for something.
Deliverables:
Your Lynix report, including any changes you made to each server and why you made those changes.
A well commented script for health monitoring. Documentation for this should include a short text file explaining what you choose to include on your health monitor and why. As well as the location for where the health report is saved and instructions for how to run your script remotely. Audience is a new intern at the company who's first set of jobs is to check the health of all our report servers here at Acme Corp.
0:25:30
0:00:15
0:04:16
0:05:50
0:04:02
0:14:17
0:16:56
1:05:09
1:05:33
1:02:50
0:18:35
1:11:10
0:04:14
0:08:11
0:22:49
0:50:27
0:59:32
1:00:32
0:12:31
0:59:29
0:34:54
0:54:24
0:53:11
0:19:43