In this lab you will work on aspects of the Admin Project as discussed in class.
Write the create-users script described in the project documentation file. You can use this starter script to get going. The starter script implements some, but not all the required functionality.
The document describing the project lists several possible security monitoring activities that might be useful. For this lab, implement the first bullet item about scanning your system for SUID changes to its inventory of SUID programs.
Two scripts are required. The first scans your system looking for existing SUID programs and creates a file that lists them all. You can use the find utility to do the bulk of this work. The manual page for find is your resource for all of find's many options; however, there is an example in the manual page that explicitly shows a way to scan for SUID programs.
The second script also scans your system except that it compares what it finds with the inventory file created by the first script. This might be a good place to use AWK.
Here is a skeletal AWK program that reads a second input file in its BEGIN block. This isn't a solution to the SUID monitoring problem, but it provides a starting point for implementing the comparison logic.
Following the instructions in the project documentation, set up and configure a local-only mail transport agent (using postfix). Be sure to redirect root's mail to your account. You will be asked about this during the configuration.
The goal of this part is to configure cron to run the check-suid script on regular intervals. You will need to edit the /etc/crontab file to achieve this.
Proceed as follows:
Create a crontab file named monitoring.cron. It should contain the following.
# Use /bin/bash to run commands, instead of the default /bin/sh SHELL=/bin/bash # Mail any output to 'xyzzy', no matter whose crontab this is MAILTO=xyzzy # Example of job definition: # .---------------- minute (0 - 59) # | .------------- hour (0 - 23) # | | .---------- day of month (1 - 31) # | | | .------- month (1 - 12) OR jan,feb,mar,apr ... # | | | | .---- day of week (0 - 6) (Sunday=0 or 7) OR sun,mon,tue,wed,thu,fri,sat # | | | | | # m h dom mon dow command 30 2 1 * * cd /home/xyzzy && ./check-suid.sh
Change "xyzzy" to reflect your real user name. Note that this crontab will run the script once per month at 2:30 AM on the first of the month. For testing you might want to change this.
The cron daemon should automatically email the script's output to the indicated user without you having to change anything. If you want, you could explore modifying the script to explicitly mail its output to you, although this would be more necessary if the script wanted to send mail to multiple users.
For this lab, submit a document that shows the commands you used in each part, your script files, and any relevant observations. This lab is worth 20 points.
Last Revised: 2025-12-04
© Copyright 2025 by Peter Chapin <peter.chapin@vermontstate.edu>