Lab 04 - IronMansDaughter/Sys-255 GitHub Wiki

Lab Summary:

This lab was all about us setting up DHCP through our ad01 vm and ssh-ing into our linux server in order to make the correct configurations. We used out windows workstation in order to switch out IP configurations to DHCP. Other than that we also were tasked with finding how to change the default lease time. In order to change this you must enter your vim file for DHCP config and then type the two lines "default-lease-time 3600;" next line "max-lease-time 14400;". The numbers are how many second the lease may last, so for this example I set the default time to 1 hour and the max lease time to 4 hours. That way when the time is up the user's IP expires and they get a new one.

3 Items related to DHCP w/ wireshark:

  1. UDP(user datagram protocol)-

"DHCP cannot use TCP as the transport protocol because TCP requires both end-points to have unique IP addresses. At the time a host is required to use DHCP, it does not have an IP address it can source the packets from, nor does it have the IP address of the DHCP server. So it uses 0.0.0.0 as the source IP address and 255.255.255.255 (broadcast) as the destination IP address. These IP addresses are not valid host IP addresses and can be used by multiple clients at any time. So a TCP connection wouldn't be "unique" for lack of a better term." The only choice the DHCP client has is to send out a datagram over UDP to the broadcast address and the server does the same in its reply.

Source-

guidevguidev 51911 gold badge55 silver badges1313 bronze badges, et al. “Why Does DHCP Use UDP and Not TCP?” Network Engineering Stack Exchange, 1 May 1967, https://networkengineering.stackexchange.com/questions/64401/why-does-dhcp-use-udp-and-not-tcp#64402.

  1. DNS(domain name system)-

DNS simply relates to DHCP because the DHCP was configure through our personal domain name system(janelle.local) that we set up a few labs ago. We see this traffic in wireshark and responding to queries from the client and responding back. The link below does a nice job explaining the differences between the two and how to work.

Link to Article- https://community.fs.com/blog/dhcp-and-dns-difference.html

  1. CLDAP(Connectionless Lightweight Directory Access Protocol)-

The Lightweight Directory Access Protocol is an open, vendor-neutral, industry standard application protocol for accessing and maintaining distributed directory information services over an Internet Protocol network. This showed up in our wireshark capture because there was search request for root and this was when I accessed the root through ad01 while ssh-ing into my linux server in order to install DHCP and set it up.

Linux File Permissions:

Creating a User- So to add a user you simply type the command "useradd" and the their name. Ex. "useradd Fred". Then you can set their password with the command "passwd" and then their name. Ex. "passwd Fred".

Creating Groups- To create a group you type the command "groupadd" and then whatever you want the group to be called. Ex. "groupadd Marketing".

Add Group Member- To add a member/user to a group type the command "usermod -aG" then whatever group you want that user in, and then the user's name. Ex. "usermod -aG Marketing Fred".

Creating a directory- Type command "mkdir" and then the name of the directory. EX. "mkdir Marketing".

Adjust group in root- In order to change the group in the root directory type the command, "chgrp" then the name and then when you want it. Ex. "chgrp Marketing /Marketing/" Ex. Before ... "root root" after... "root Marketing".

File Permissions for users, groups, and other- So first you need to type "chmod" and then for users it's "u+"and then whatever permissions you want to add, like "rwx". For group it's "g+"and then whatever permissions you want to add, like "rwx". For other it's "o+"and then whatever permissions you want to add, like "rwx". then after you need to put the name of the file you're editing the permissions on. An example who be "chmod g+r bobreview.txt".

Securing SSH

Disable SSH logins for root:

Screen Shot 2022-09-23 at 10 34 24 PM (2)

-What root’s uid (user id) is. What is it and based on the logs, what logic is used to prevent root's login?-

The root ID is 0. I found this using the command “ID”. The reason that the root login is prevented is that the requirement for the root user to login is that the user ID is greater than or equal to 1000, and because the root user ID is set to 0, that requirement reads as “not met”, failing the login.

Link on Securing SSH- https://www.a2hosting.com/kb/getting-started-guide/accessing-your-account/disabling-ssh-logins-for-root

How to create a root privileged user:

image

Link to article for more into on privileged users and how to use them- https://www.shellhacks.com/how-to-grant-root-access-user-root-privileges-linux/