Data and Computer Security (CMPD414) Lab II Topics: secure login, moving into HOME-directory, navigation on Unix, basic commands for vi, Message Digest This lab exercise is to be submitted at the end of the lab session! Remarks: We don't necessarily need the KNOPPIX CDROM for this exercise. But many systems do not have an ssh-client by default. The examples are tailor-made for Uniten. A user account has been created for you on a server of Uniten, claude.uniten.edu.my. We will use this account for most of our exercises. Being in a course on Data and Computer Security, we use a fully encrypted link for the password and all the data. You have a console login on that server, in Unix-speak a shell ('sh'). Since it is a secure shell, the protocol used is called ssh. We begin our lab session today by logging on to that server with your user name and password, the so-called credentials. claude runs an ssh-server (sshd), so you need an ssh-client for the connection on your side. Knoppix has such a client built-in, therefore you start by booting to the Knoppix-CD that you created in Lab exercise 1. Browse around, until you find a console. A console is an application that permits you to enter commands; it is a Command Line Interface (CLI). Here you can issue shell commands (see Unix Cheat Sheet on page 4). One of the commands that can be used is ssh. This command invokes the ssh-client that we need to connect to a remote machine: ssh -l it88888 claude.uniten.edu.my [of course, you use your id here!] where ssh is the command; '-' identifies an option in Unix, 'l' stands for the login_name [This is lowercase 'L', not '1'!], here your username; claude.uniten.edu.my is the name (Fully Qualified Domain Name FQDN) of the remote system. Since you want to log on to your user account on claude, so you use your student-id! (In case this is your first login - or the first login from that PC in front of which you sit - it likes to get a confirmation. Your PC has never 'met' claude and would like to store the public key of the remote system, the so-called host key. You might be surprised that a machine has a pair of keys? Oh, well.. At least you notice, that we're moving into the territory of trusted applications. In future we will discuss this pair of keys in one of our lectures.) Your password will be given to you by the lecturer. You will all get the same password; but only to start with. Yes, this is very insecure! I know that you all want to change it: passwd [That is the command to change your current password to a new one] (It checks your new password. In case it is too short or too obvious, it will remind you to use a better one. We are definitively moving into higher levels of security!) It is your obligation to remember the new password, as the system administrator cannot retrieve it for you (it is 'hashed, as we will observe in the lecture). And in case you'll need a new one (reset your password), you'll be charged RM 5 for charity. ;) Once you managed to log on to claude, and changed your password, you'll find yourself in your Home Directory. You can always go back to this directory by issuing the command cd.
If you are lost and don't know in which directory you are, pwd ('print working directory' or 'present working directory') returns the current directory. Next, try some of the most common commands on Unix/Linux, like: ls, ls -l, ls -la, pwd, cd,..,., hostname, whoami, date, whereis, etc. And refer to the Unix-Cheat-Sheet as attached for more commands and more explanation. Once you have played with some of the commands, for 10 or 15 minutes, go to the directory /var/mail/ and list the owners of the first 5 mailboxes. (/var/mail contains the mailboxes of all users.) The commands that you need to issue are: cd /var/mail [for change directory [to] /var/mail] ls -l [for list the files and directories, option -l for long list] The owners of the first 5 mailboxes are: When did the last mail for user labtest come in? Go back to your respective home directory. The shortcut command for this move is:. [see above] Try it out! You confirm that you are at home by typing: (for printing working directory). Next, pick up (copy) the text called message_digest.txt from the home directory of user labtest. All users have their home directories in /home/. Therefore user labtest has his home directory in /home/labtest. Make sure to copy (cp) that text from /home/labtest to your home directory! The necessary commands are: cd [to bring you back to your Home directory] pwd [to check that you are at home. Is this your home?] cp /home/labtest/message_digest.txt. [cp means 'copy from to' [Here: copy file message_digest.txt in [/home/labtest to '.' Dot ('.') means 'the present working directory' The file contains a text about the topic 'Message Digest'. Read the text, using less. If you typed only 'less', the program would not know which file you wanted to open. You need to add the filename as argument. (You can leave the program using q(uit) ) Generate the message digest MD5 with the command md5. The argument is the filename here, of course: md5 message_digest.txt
The MD5-sum is: Now use an editor (in this case vi) to make a minor change within the text: vi message_digest.txt [vi calls the editor; message_digest.txt is the option] Here is a list of the very basic vi commands: Esc [to get you to command mode, use it repeatedly: Esc-Esc-Esc if unsure] : [colon, to enter a command like the following] w(rite) [saves the file] q(uit) [quits the file] i(nsert) [gets you from command mode to insert mode] x(delete) [deletes the character below the cursor] Get used to the concept of having two modes: 'i' for editing the text, Esc followed by ':' to enter a command, e.g. for file processing. (If you get completely stuck, usually Ctrl-C gets you back to the command prompt.) If something doesn't work properly, read the bottom line and follow the suggestion. Usually it is very helpful in case of problems. In order to observe the idea of Message Digest, just change one single character in that file (message_digest.txt) or add one simple blank; something like that. Leave vi and generate the MD5-sum again, as above. Now the Message Digest is: Observe the huge differences between the two digests despite your minor alterations! Try again; with just another minor or major change.... (You can always copy the original and unmodified file from user labtest to your home directory with cp /home/labtest/message_digest.txt.) Another message digest, even 'better' (256 bits instead of 128 bits) is sha256. Generate the SHA256-digest (SHA256 = Secure Hash Algorithm of 256 bit) of the original message_digest.txt using the command sha1: cksum -a sha256 message_digest.txt The message digest sha256 for the file message_digest.txt is: (Are you sure? Have you used the original file from the home of labtest?? If not, do it now, and copy it another time, see above.) Next, create the SHA1-digest (SHA1 is the Secure Hash Algorithm of 160 bit) of your name. You don't know how? All Unix commands have a help which is called 'man' (for manual pages). Issue man followed by the command you want to learn more about.
In this case, you would type man cksum. You leave as always by typing q(uit). The command to generate the SHA1-digest of a string is: (hint: sha1 is the algorithm) So you need to enter to generate the SHA1-digest for your name. The result is: cksum on OpenBSD has some built-in test functions (refer to the man-pages again). How many MegaBytes per second does our server process? Some final remarks: I hope you could enjoy this lab somehow! - It gives you a feeling how most of the labs in this course will be conducted. You may at any time and from any place log on claude, and repeat the exercises. It is even highly recommended that you do so! You need to remember the commands that we use! Refer to the following pages for some more commands and some more explanation. Also, be aware that the lab sheets will be marked but not returned. You can always inquire about the marks, though. Therefore it is encouraged that you print two sets, one to submit, and one for your personal notes. Last not least: Any quiz or exam will not ask for the results that you enter. Be aware, though, that the printed content of all sheets are subject to examination.
Unix Cheat Sheet (adapted from http://www.rain.org/~mkummel/unix.html) Help on any Unix command. RTFM! man {command} whatis {command} apropos {keyword} Type man ls to read the manual for the ls command. Give short description of command. Search for all Unix commands that match keyword, eg apropos ls List a directory ls {path} ls -l {path} ls -a {path} S ls -R {path} ls {path} more Change to directory cd {dirname} cd cd.. It's okay to combine attributes, eg ls -ltr gets a long listing of all files sorted according to the time in reverse order. Long listing, with date, size and permisions. how all files, including important.dot files that don't otherwise show. Recursive listing, with all subdirs. Show listing one screen at a time. There must be a space between cd and the directory name. Go back to home directory, useful if you're lost. Go back (up) one directory. Make a new directory mkdir {dirname} Remove a directory rmdir {dirname} rm -r {dirname} Print working directory pwd Only works if {dirname} is empty. Remove all files and subdirs. Careful! Show where you are as full path. Useful if you're lost or exploring. Copy a file or directory cp {file1} {file2} cp -r {dir1} {dir2} Copying needs 2 arguments: from... to Recursive, copy directory and all subdirs. Move (or rename) a file mv {oldfile} {newfile} mv {oldname} {newname} Moving a file and renaming it are the same thing. Delete a file rm {filespec}
View a text file more {filename} less {filename} cat {filename} cat {filename} more View file one screen at a time. Like more, with extra features. View file, but it scrolls. View file one screen at a time. Edit a text file. vi {filename} Compare two files diff {file1} {file2} Other text commands grep '{pattern}' {file} spell {file} wc {file} echo Nonsense Find files on system find {filespec} locate {filespec} Show the differences. Find regular expression in file. Display misspelled words. Count words in file. Prints string ( Nonsense ) to standard output Works with wildcards. Handy for snooping. Reads from database. Very fast, but database may be outdated Wildcards and Shortcuts * Match any string of characters, eg page* gets page1, page10, and page.txt.? Match any single character, eg page? gets page1 and page2, but not page10. [...] Match any characters in a range, eg page[1-3] gets page1, page2, and page3. ~ Short for your home directory, eg cd ~ will take you home, and rm -r ~ will destroy it.. The current directory... One directory up the tree, eg ls... Pipes and Redirection (You pipe a command to another command, and redirect it to a file.) {command} > {file} Redirect output to a file, eg ls > list.txt writes directory to file list.txt. {command} >> {file} eg cat up >> archive {command} < {file} {command} {command} eg ls more Append output to an existing file, adds up to end of file archive. Get input from a file, eg sort < file.txt Pipe one command to another, gets directory and sends it to more to show it one page at a time.
Permissions, important and tricky! Unix permissions concern who can read a file or directory, write to it, and execute it. Permissions are granted or withheld with a magic 3-digit number. The three digits correspond to the owner (you); the group (?); and the world (everyone else). Think of each digit as a sum: execute permission = 1 write permission = 2 write and execute (1+2) = 3 read permission = 4 read and execute (4+1) = 5 read and write (4+2) = 6 read, write and execute (4+2+1) = 7 Add the number value of the permissions you want to grant each group to make a three digit number, one digit each for the owner, the group, and the world. Here are some useful combinations. Try to figure them out! chmod 600 {filespec} chmod 700 {filespec} chmod 644 {filespec} chmod 755 {filespec} Applications I use finger finger {userid} lynx System info Find out who else is logged on. Find out what someone's up to. Text-based Web browser, fast and lean. date Show date and time. df Check system disk capacity. du [-h] Check your disk usage and show bytes in each directory -h stands for 'human readable'. Try it out! more /etc/motd Read message of the day set Show all environmental variables (at least in Korn shell$) uptime Find out when system was booted and system load. w Who's online and a lot of other things... Your own notes: