Linux System Hardening Banner

Linux System Hardening Logo

Linux System Hardening

This guide contains the answer and steps necessary to get to them for the Linux System Hardening room.

Physical Security
Filesystem Partitioning and Encryption
Firewall
Remote Access
Securing User Accounts
Software and Services
Update and Upgrade Policies
Audit and Log Configuration

Physical Security

What command can you use to create a password for the GRUB bootloader?

The answer can be found in the text.

Click for answer
grub2-mkpasswd-pbkdf2
What does PBKDF2 stand for?

A quick search can give us the answer.

Click for answer
Password-based Key Derivation Function 2

Filesystem Partitioning and Encryption

What does LUKS stand for?

The answer can be found in the text.

Click for answer
Linux Unified Key Set
We cannot attach external storage to theVM, so we have created a /home/tryhackme/secretvault.img file instead. It is encrypted with the password 2N9EdZYNkszEE3Ad. To access it, you need to open it using cryptsetup and then mount it to an empty directory, such as myvault. What is the flag in the secret vault?

First we must open the encrypted image using cryptsetup.
console
```
sudo cryptsetup luksOpen secretvault.img secretvault
or
sudo cryptsetup open --type luks /path/to/dump desired-name
```
Now we can mount this device to the myvault folder and look inside.
console
```
sudo umount /dev/mapper/secretvault
```
Now we can check to see if the device is mounted and look for our flag.

Click for answer
THM{LUKS_not_LUX}

Firewall

There is a firewall running on the Linux VM. It is allowing port 22 TCP as we can ssh into the machine. It is allowing another TCP port; what is it?

For this we can use the handy ufw command.
console
```
ufw status
```
Click for answer
12526
What is the allowed UDP port?

The can be found with the previous command.

Click for answer
14298

Remote Access

What flag is hidden in the sshd_configfile?

To find the flag, we must open the files located at:
console
```
/etc/ssh/sshd_config
```
Click for answer
THM{secure_SEA_shell}

Securing User Accounts

One way to disable an account is to edit the passwd file and change the account’s shell. What is the suggested value to use for the shell?

The answer to this question can be found in the text.

Click for answer
/sbin/nologin
What is the name of the RedHat and Fedora systems sudoers group?

The answer to this question can be found in the text.

Click for answer
wheel
What is the name of the sudoers group on Debian and Ubuntu systems?

The answer to this question can be found in the text.

Click for answer
sudo
Other than tryhackme and ubuntu, what is the username that belongs to the sudoers group?

This can be found by looking through the /etc/passwd file and filtering on 'root'.

Click for answer
blacksmith

Software and Services

Besides FTPS, what is another secure replacement for TFTP and FTP?

The answer to this question can be found in the text.

Click for answer
SFTP

Update and Upgrade Policies

What command would you use to update an older Red Hat system?

The answer to this question can be found in the text.

Click for answer
yum update
What command would you use to update a modern Fedora system?

The answer to this question can be found in the text.

Click for answer
dnf update
What two commands are required to update a Debian system? (Connect the two commands with&&.)

The answer to this question can be found in the text.

Click for answer
apt update && apt upgrade
What does yum stand for?

A quick search should give us the answer.

Click for answer
Yellowdog Updater Modified
What does dnf stand for?

A quick search should give us the answer.

Click for answer
Dandified YUM
What flag is hidden in the sources.list file?

We can find the file by using:
console
```
find / -name sources.list 2>/dev/null
```
Click for answer
THM{not_Advanced_Persistent_Threat}

Audit and Log Configuration

What command can you use to display the last 15 lines of kern.log?

The answer to this question can be found in the text.

Click for answer
tail -n 15 kern.log
What command can you use to display the lines containing the word denied in the filesecure?

The answer to this question can be found in the text.

Click for answer
grep denied secure

Table of contents

Physical Security

What command can you use to create a password for the GRUB bootloader?

The answer can be found in the text.

Click for answer
grub2-mkpasswd-pbkdf2

What does PBKDF2 stand for?

A quick search can give us the answer.

Click for answer
Password-based Key Derivation Function 2

Filesystem Partitioning and Encryption

What does LUKS stand for?

The answer can be found in the text.

Click for answer
Linux Unified Key Set

We cannot attach external storage to theVM, so we have created a /home/tryhackme/secretvault.img file instead. It is encrypted with the password 2N9EdZYNkszEE3Ad. To access it, you need to open it using cryptsetup and then mount it to an empty directory, such as myvault. What is the flag in the secret vault?

First we must open the encrypted image using cryptsetup.

console

sudo cryptsetup luksOpen secretvault.img secretvault
or
sudo cryptsetup open --type luks /path/to/dump desired-name

Now we can mount this device to the myvault folder and look inside.

console

sudo umount /dev/mapper/secretvault

FileSystem Open

Now we can check to see if the device is mounted and look for our flag.

Filesystem Flag

Click for answer
THM{LUKS_not_LUX}

Firewall

There is a firewall running on the Linux VM. It is allowing port 22 TCP as we can ssh into the machine. It is allowing another TCP port; what is it?

For this we can use the handy ufw command.

console

ufw status

Firewall

Click for answer
12526

What is the allowed UDP port?

The can be found with the previous command.

Click for answer
14298

Remote Access

What flag is hidden in the sshd_configfile?

To find the flag, we must open the files located at:

console

/etc/ssh/sshd_config

Remote Sshd

Click for answer
THM{secure_SEA_shell}

Securing User Accounts

One way to disable an account is to edit the passwd file and change the account’s shell. What is the suggested value to use for the shell?

The answer to this question can be found in the text.

Click for answer
/sbin/nologin

What is the name of the RedHat and Fedora systems sudoers group?

The answer to this question can be found in the text.

Click for answer
wheel

What is the name of the sudoers group on Debian and Ubuntu systems?

The answer to this question can be found in the text.

Click for answer
sudo

Other than tryhackme and ubuntu, what is the username that belongs to the sudoers group?

This can be found by looking through the /etc/passwd file and filtering on 'root'.

Click for answer
blacksmith

Software and Services

Besides FTPS, what is another secure replacement for TFTP and FTP?

The answer to this question can be found in the text.

Click for answer
SFTP

Update and Upgrade Policies

What command would you use to update an older Red Hat system?

The answer to this question can be found in the text.

Click for answer
yum update

What command would you use to update a modern Fedora system?

The answer to this question can be found in the text.

Click for answer
dnf update

What two commands are required to update a Debian system? (Connect the two commands with&&.)

The answer to this question can be found in the text.

Click for answer
apt update && apt upgrade

What does yum stand for?

A quick search should give us the answer.

Click for answer
Yellowdog Updater Modified

What does dnf stand for?

A quick search should give us the answer.

Click for answer
Dandified YUM

What flag is hidden in the sources.list file?

We can find the file by using:

console

find / -name sources.list 2>/dev/null

Update File

Click for answer
THM{not_Advanced_Persistent_Threat}

Audit and Log Configuration

What command can you use to display the last 15 lines of kern.log?

The answer to this question can be found in the text.

Click for answer
tail -n 15 kern.log

What command can you use to display the lines containing the word denied in the filesecure?

The answer to this question can be found in the text.

Click for answer
grep denied secure