Vulnerabilities
This permission setting allowed anyone on the system to modify or delete files in the sibshared directory.
What is 777 ?
This Linux command shows which users belong to the sudo group.
What is grep sudo /etc/group?
This is the first action you should take if an auditor discovers a user with unexpected sudo privileges.
What is immediately remove the user from the sudo group?
For enhanced security, you should prioritize implementing this authentication method before file integrity monitoring.
What is multi-factor authentication?
This SSH configuration setting allowed attackers to gain immediate full control of the system if compromised.
What is PermitRootLogin yes?
Group-based permissions are preferred over individual permissions for this primary reason in large teams.
What is simplified administration and consistent privilege management?
After removing unauthorized sudo access, you should check these system records to identify any unauthorized actions taken.
What are system logs (auth.log, sudo logs, syslog)?
Strong password policies should enforce this minimum character length according to security best practices.
What is 8 characters (or longer)?
This security principle was violated when multiple employees were given unnecessary sudo privileges.
What is the principle of least privilege?
In role-based access control, users are assigned permissions based on this factor rather than individual identity.
What is their job role or organizational function?
If you discover a directory with 777 permissions containing sensitive data, these are the two immediate steps to take.
What are change permissions to restrictive settings (750) and audit who accessed the directory?
This often-overlooked security practice involves regularly reviewing logs and system configurations to detect attacks and misconfigurations.
What is continuous auditing and monitoring?
Name two impacts of having weak password policies with no minimum length or complexity requirements.
What are increased risk of brute force attacks and credential compromise?
This special permission bit ensures that files created in shared directories maintain the same group ownership.
What is setgid (set group ID)?
What log file would you check first if you suspect unauthorized login attempts on your Linux server?
What is /var/log/auth.log ?
Name three elements that should be included in a comprehensive password policy.
What are minimum length, complexity requirements, expiration periods, password history, and account lockout policies?