CEG 4420/6420: Host Computer Security Lab: Getting Started Weight 5%; Due Date: Shown on the Home Page

A lab in this course expects you to learn security related issues on Linux. In a Lab, you will not be expected to write new code.

This lab is to be done on "your own" Linux PC. This lab gets you started on installing Linux and a decent config.

By the time this lab is due, we would have refreshed the essentials of (i) System Calls, (ii) File Volumes and (iii) Process Management that were done in 2350/Lectures/OS-on-USB/.

Task: Install a Linux Distro

1. Install on a USB drive a multi-boot Linux setup. You will have better performance if you install this on a HDD/SSD.
2. One installation should be Knoppix and another Kali. Use the latest versions. You will need a USBD of at least 8 GB. For details of how-to-do-it, you can visit the home page of Dr Mateti's version of CEG2350 and then click on the OS-on-USBD Lab. You can also visit http://www.pendrivelinux.com/, but this just gives you recipes without an explanation of how things work.
3. Verify that the USBD can boot a few different PC/Laptops that you have access to. Capture screenshots.
4. If you have already done this, describe that effort.

Task: Learn Linux Commands/ SysCalls/ Libraries

Coming into the course, you are expected to be comfortable with Linux commands. Recall that CEG2350 and CEG4350 are in the prerequisite chain.

1. Try all the commands of the Minimal List of Unix Commands [You cannot claim to be Linux-familiar unless you have used them all a few times.]
   1. Use script (read man script) to demonstrate that you invoked the commands, and to capture stdin + stdout. If what you captured is way too long, trim it.
   2. A few commands cannot be run unless you are superuser; for such commands, just capture its message. Better yet, use sudo, but beware of consequences.
2. Explain what the command indent -kr -i2 -pmt *.C *.h does. Include a description of the effect of the options -kr -i2 -pmt. [The indent program may not be installed in the standard installation of your Linux distro. On Kubuntu, install it using apt install indent]
3. Explain briefly in one or two lines what the following do.
   1. ltrace, strace
   2. nm, size
   3. ldd
4. The following are standard library routines:
   fopen, fclose, fread, fwrite, fstat, fscanf, fprintf, printf, sprintf
   Look up their functionality in both the local and the on-line man pages. Describe their functionality briefly, one sentence each, in your own words. Do these use syscalls? Which?
5. Assuming none other than you is on *your* system, how many processes can you have that are simultaneously alive? Read up on what is known as a "Fork Bomb".

Task: Study a Few Tiny Programs

The source code for a several tiny programs is given in the directory ./StudyPrograms. Study the source to see what syscalls and library calls they make, and how they are to be built, and the numerical relationships between the addresses of variable.

1. There is a Makefile included. make will compile and link one program with no error messages. It is using CFLAGS = -g -Wall -ansi -pedantic   Explain what these flags cause gcc to do. Expand the Makefile to become complete, so that all included programs in the directory are built properly.
2. List the names of 5 standard library routines other than the ones listed in the above task, and 5 corresponding system calls used by these tiny programs.
3. Improve the recurse above so that it recurses more deeply. Explain what you did.
4. What is a "Segmentation Fault"?
5. What is the max amount of virtual memory can a Linux process have?

Task: Bootup Sequence

1. Freshly reboot into your choice of (HDD/ SSD/ USBD installed) Linux. Wait for the GUI to show.
2. Save the output of ps with flags that show all processes with the greatest amount of detail. You will notice several gaps in the process id numbers.
3. Consider process ids in the ranges of 1 to 500, and 900 to 1000. Note the missing pids. Among the missing ids, explain the details of at least five processes from the range 1 to 500 and another five from 900 to 1000 that must have come to life, performed their duties, and terminated. Be aware that the bash shell has many built in commands such as echo that do not cause process creation.
4. Among the running processes, identify all the daemon processes, and how and where from they were invoked. The specific names of script files in the current installation of Linux are not necessarily rc.multiuser etc as indicated in the lectures.
5. Describe how the kernel selects the init program. Does the kernel log this info somewhere?
6. [Optional] [Bonus Points 20] [Devious.] Plant an alternate, fully functional but rogue, init. Did the kernel know it is invoking an alternate init, possibly a rogue init? Suggest how we can discover the rogue init.

Submission

You must follow the Lab Report Template. There should be a section on each of the tasks. A couple of lines of an answer to each (implied) question. Use good judgement and do not make the report way longer than, say, 20 pages. Submit explanations and code that verifies your answers.

1. Submit a PDF file named *exactly* Report-L1.pdf.
2. Make a tar-ball of all source code files you changed. Keep the directory structure. Submit this tar-ball as L1.tar.gz.
3. Scripts are used to check various things -- so file names should obey such "rules".

References

For links, visit the course home page.

1. Prabhaker Mateti, Lecture Notes on Linux Setup.
2. Prabhaker Mateti, Lecture Notes on Bootup.

CEG 4420/6420 Grading Sheet for Getting Started with Linux Lab Weight 5% Instructor = Dr Prabhaker Mateti; Grader = TBA

Bonus points are awarded in recognition of good work, in addition to the max possible points. Quality is subjectively judged. Merely turning in a file will not receive full score. Some items have a cascading effect.