Difference between revisions of "Operating Systems/Linux/Ubuntu/Ubuntu 16.04 LTS/User Account Management"

From Vista Ridge Cyberpatriot
Jump to navigation Jump to search
 
(15 intermediate revisions by 6 users not shown)
Line 24: Line 24:
  
 
Command Line Interface (CLI):
 
Command Line Interface (CLI):
 
 
# Click on the "Search your computer" icon (The Ubuntu logo) from the menu on the left.
 
# Click on the "Search your computer" icon (The Ubuntu logo) from the menu on the left.
 
# Search for the "Terminal" application and click on it when it appears.
 
# Search for the "Terminal" application and click on it when it appears.
# Run the command ''sudo bash'' and enter the password for your user account when prompted.
+
# Run the command <code>sudo bash</code> and enter the password for your user account when prompted.
 
# Go through each of the users in the README file and verify that they exist on the system:
 
# Go through each of the users in the README file and verify that they exist on the system:
#* Run the command ''awk -F: '{ print $1 }' /etc/passwd'' to get the list of all users on the system.
+
#* Run the command <code>cat /etc/passwd | grep bash | cut -d':' -f1</code> to get the list of all users on the system.
#* Run the command ''awk -F: '{ print $1 }' /etc/passwd | grep <username>'' to see if a specific username exists on the system.
+
#* Run the command <code>cat /etc/passwd | cut -d':' -f1 | grep <username></code> to see if a specific username exists on the system.
 
# If you notice a user in the README that is not listed, use the appropriate command to add the new user:
 
# If you notice a user in the README that is not listed, use the appropriate command to add the new user:
#* Account Type: Standard: ''useradd <username>''
+
#* Account Type: Standard: <code>useradd <username></code>
#* Account Type: Administrator: ''useradd <username> -G sudo''
+
#* Account Type: Administrator: <code>useradd <username> -G sudo</code>
  
 
==== Audit #2: Find and Remove Extra Users ====
 
==== Audit #2: Find and Remove Extra Users ====
 +
Graphical User Interface (GUI):
 +
 
1. Open the Activities overview and start typing Users.
 
1. Open the Activities overview and start typing Users.
  
Line 47: Line 48:
  
 
Each user has their own home folder for their files and settings. You can choose to keep or delete the user’s home folder. Click Delete Files if you are sure they will not be used anymore and you need to free up disk space. These files are permanently deleted. They cannot be recovered. You may want to back up the files to an external storage device before deleting them.
 
Each user has their own home folder for their files and settings. You can choose to keep or delete the user’s home folder. Click Delete Files if you are sure they will not be used anymore and you need to free up disk space. These files are permanently deleted. They cannot be recovered. You may want to back up the files to an external storage device before deleting them.
 +
 +
Command Line Interface (CLI):
 +
 +
1. List users registered in the system using:  cat /etc/passwd
 +
 +
2.If not in the root use this command to delete the user: sudo deluser <username>
 +
 +
3. Check to see if the user has been successfully deleted using: cat /etc/passwd
 +
 +
Here is a script to view all the users on the virtual machine: #!/usr/bin/env bash
 +
 +
show_all_user_accounts(){
 +
 +
  cat /etc/passwd | grep "sh$" | cut -d':' -f1
 +
 +
}
  
 
==== Audit #3: Find and Promote Non-Admin Users to Administrator ====
 
==== Audit #3: Find and Promote Non-Admin Users to Administrator ====
 +
Graphical User Interface (GUI):
 +
 +
# Click on the "System Settings" icon (The gear and wrench icon) from the menu on the left. 
 +
# Double click on "User Accounts".
 +
# Click on the "Unlock" button in the top right corner if it is locked and enter the current user's password to authenticate.
 +
# Go through each of the users in the README file and verify that they have the correct permissions
 +
# If you notice a user in the README that does not have the correct permissions
 +
# Select the username of the user you want to change permissions for
 +
# Select the correct permission for the user, then exit
 +
 +
Command Line Interface (CLI):
 +
 +
# Click on the "Search your computer" icon (The Ubuntu logo) from the menu on the left.
 +
# Search for the "Terminal" application and click on it when it appears.
 +
# Run the command ''sudo bash'' and enter the password for your user account when prompted.
 +
# Go through each of the users in the README file and verify that they have the correct permissions:
 +
#* Run the command ''$ sudo nano visudo'' to get the list of all sudoers
 +
# If you notice a user in the README that has incorrect permissions, use the appropriate command change their permissions:
 +
#* Use these two commands to make a user a admin ''[username] ALL=(ALL) ALL'' and ''User_Alias ADMINS = [username] Cmnd_Alias HTTPD = /etc/init.d/httpd ADMINS ALL = HTTPD''
 +
# Exit the file through Ctrl+X and press Y to save
  
 
==== Audit #4: Find and Remove Additional Administrator Users ====
 
==== Audit #4: Find and Remove Additional Administrator Users ====
 +
 +
 +
 +
 +
 +
==== Audit #5: Add and remove groups ====
 +
# Run the command ''addgroup <groupname>''
 +
# To remove groups run the command ''removegroup <groupname>''
 +
# To add people to groups, use the command "sudo usermod -aG group_name username"
 +
 +
==== Audit #6: Change the UID of users with a UID of 0 ====
 +
A user having a UID of 0 gives them the same privileges as being root, without it being their name.
 +
# Find users with a UID of 0 with <code>grep ":0:" /etc/passwd</code>, and ignore the root user, who should have a UID of 0.
 +
# <code>sudo nano /etc/passwd</code>
 +
# Find the line with their name in it
 +
# Change the occurrences of 0 to a UID not used by another user, like 1100. For example "bob:x:0:0:" -> "bob:x:1100:1100:".

Latest revision as of 16:29, 11 April 2024

User Account Management (Ubuntu 16.04 LTS)[edit | edit source]

What Are We Doing?[edit | edit source]

User account management is about ensuring that our users and their permissions are appropriate. Your virtual machine will have a README file located on the desktop when you first boot it up. This README will specify which users should exist on the system and which permissions those users should have. You will need to perform the following audits on the users of the system:

  1. Verify that all users in the README exist on the system. If you see a user noted in the README that does not exist on the system, they will need to be added.
  2. Verify that no users exist on the system who are not in the README. If there are users on the system who are not in the README, they should be removed.
  3. Verify that all users who are listed as Administrators have Administrator privileges. If there are users on the system who should have Administrator privileges, but do not, they should have their permissions modified to add it.
  4. Verify that no users who are not listed as Administrators have Administrator privileges. If there are users on the system who have Administrator privileges, but are not supposed to, they should have their permissions modified to remove it.

Audit #1: Find and Add Missing Users[edit | edit source]

Graphical User Interface (GUI):

  1. Click on the "System Settings" icon (The gear and wrench icon) from the menu on the left.
  2. Double click on "User Accounts".
  3. Click on the "Unlock" button in the top right corner if it is locked and enter the current user's password to authenticate.
  4. Go through each of the users in the README file and verify that they are in the list of accounts on the left.
  5. If you notice a user in the README that is not listed, click the "+" icon underneath the list of users.
  6. Select the appropriate Account Type of "Standard" or "Administrator".
  7. Ensure that the username matches what is listed in the README.
  8. Click "Add"

Command Line Interface (CLI):

  1. Click on the "Search your computer" icon (The Ubuntu logo) from the menu on the left.
  2. Search for the "Terminal" application and click on it when it appears.
  3. Run the command sudo bash and enter the password for your user account when prompted.
  4. Go through each of the users in the README file and verify that they exist on the system:
    • Run the command cat /etc/passwd | grep bash | cut -d':' -f1 to get the list of all users on the system.
    • Run the command cat /etc/passwd | cut -d':' -f1 | grep <username> to see if a specific username exists on the system.
  5. If you notice a user in the README that is not listed, use the appropriate command to add the new user:
    • Account Type: Standard: useradd <username>
    • Account Type: Administrator: useradd <username> -G sudo

Audit #2: Find and Remove Extra Users[edit | edit source]

Graphical User Interface (GUI):

1. Open the Activities overview and start typing Users.

2. Click Users to open the panel.

3. Press Unlock in the top right corner and type in your password when prompted.

4. Click on the user account that you want to delete under Other Users.

5. Press the Remove User... button to delete that user account.

Each user has their own home folder for their files and settings. You can choose to keep or delete the user’s home folder. Click Delete Files if you are sure they will not be used anymore and you need to free up disk space. These files are permanently deleted. They cannot be recovered. You may want to back up the files to an external storage device before deleting them.

Command Line Interface (CLI):

1. List users registered in the system using: cat /etc/passwd

2.If not in the root use this command to delete the user: sudo deluser <username>

3. Check to see if the user has been successfully deleted using: cat /etc/passwd

Here is a script to view all the users on the virtual machine: #!/usr/bin/env bash

show_all_user_accounts(){

 cat /etc/passwd | grep "sh$" | cut -d':' -f1

}

Audit #3: Find and Promote Non-Admin Users to Administrator[edit | edit source]

Graphical User Interface (GUI):

  1. Click on the "System Settings" icon (The gear and wrench icon) from the menu on the left.
  2. Double click on "User Accounts".
  3. Click on the "Unlock" button in the top right corner if it is locked and enter the current user's password to authenticate.
  4. Go through each of the users in the README file and verify that they have the correct permissions
  5. If you notice a user in the README that does not have the correct permissions
  6. Select the username of the user you want to change permissions for
  7. Select the correct permission for the user, then exit

Command Line Interface (CLI):

  1. Click on the "Search your computer" icon (The Ubuntu logo) from the menu on the left.
  2. Search for the "Terminal" application and click on it when it appears.
  3. Run the command sudo bash and enter the password for your user account when prompted.
  4. Go through each of the users in the README file and verify that they have the correct permissions:
    • Run the command $ sudo nano visudo to get the list of all sudoers
  5. If you notice a user in the README that has incorrect permissions, use the appropriate command change their permissions:
    • Use these two commands to make a user a admin [username] ALL=(ALL) ALL and User_Alias ADMINS = [username] Cmnd_Alias HTTPD = /etc/init.d/httpd ADMINS ALL = HTTPD
  6. Exit the file through Ctrl+X and press Y to save

Audit #4: Find and Remove Additional Administrator Users[edit | edit source]

Audit #5: Add and remove groups[edit | edit source]

  1. Run the command addgroup <groupname>
  2. To remove groups run the command removegroup <groupname>
  3. To add people to groups, use the command "sudo usermod -aG group_name username"

Audit #6: Change the UID of users with a UID of 0[edit | edit source]

A user having a UID of 0 gives them the same privileges as being root, without it being their name.

  1. Find users with a UID of 0 with grep ":0:" /etc/passwd, and ignore the root user, who should have a UID of 0.
  2. sudo nano /etc/passwd
  3. Find the line with their name in it
  4. Change the occurrences of 0 to a UID not used by another user, like 1100. For example "bob:x:0:0:" -> "bob:x:1100:1100:".