For this program, your script should provide a menu of simple security checks fo

Question

For this program, your script should provide a menu of simple security checks for an administrator to do. The menu will have five basic choices listed below, as well as quit. You should validate the user's choice. The actions for the five choices are as follows:

1) Password file entry checking - go through each line of the password file.
If the entry is for a normal user (it has a UID > 500 or is the root account) you should check three things:
(a) The listed shell is actually a valid shell as given in the file /etc/shells.
(b) The home directory has permissions 700.
(c) The user is not a member of group 0.If the entry is for a non-normal user, you should check:
(a) The listed shell is not in the file /etc/shells, except for that of the root account which should be in /etc/shells.
(b) The root account is a member of group 0, others are not.
(c) The root account has UID 0.
Global checks to make include:
(a) There are no repeated user names in the password file.
(b) There are no repeated UID values in the password file.
(c) There are no repeated group names in the group file.
(d) There are no repeated GID values in the group file.Print an error report about anything wrong determined for each user. Sample password and group files are included above to do some testing if your password file does not have much data in it.

2) Process checking - you should check the list of currently executing processes (using ps) to see if any of them are "bad". A process is considered bad if:
(a) its CPU usage is greater than 75%
(b) its memory usage is greater than 25%
(c) its total execution time has exceeded 1 hour.
For any bad processes found to be running, you should generate an output line in the format:
pid process_name user_name time_started CPU% total_running_time MEM%
These lines should be sorted by process id.

3) PATH check - do checks related to the PATH variable. First check to see if the PATH contains . (current directory) and give an error message if it does. Then you should check the executable programs in each of the directories specified by PATH. You should check to see which programs have the setuid bit turned on and which have write permission for anyone other than the user owner. The output should consist of three lists of problematic files given by their full path names:
(a) those with the setuid bit on and writable by non-owner first,
(b) those with the setuid bit on but only writable by the owner second, and
(c) those with the setuid bit off and writable by non-owner last.
Each group of file names should be sorted alphabetically.

4) /etc directory check - the contents of the /etc directory should be checked for problems:
(a) Check for any files that have write access by anyone other than root. Display problem files with their name, owner's name and permissions, alphabetically ordered by file name.
(b) Check if any files have been modified since 6pm the previous day. List these by file name and time modified, sorted by modify time.
(c) Check if any files have had their properties changed since 6pm the previous day. List these by file name and time changed, sorted by change time.

5) Log processing - the contents of a web log file are attached above. You should process the set of web requests looking for error situations, where the http status code returned is 400 or greater. For these bad requests you should make two reports:
(a) A list of files involved in the bad requests, sorted by file name, with a count of how many times each file was involved in a bad request.
(b) A list of computers involved in the bad requests, with a count of how many times each computer made a bad request, sorted by frequency of bad requests.

Explanation / Answer

1. a,b,b 2. a 3. b 4. b 5. c

Related Questions

Navigate

• Browse (All)
• Browse F
• Subjects

---

---

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.