Following on from the initial images for the 2016 – 2017 CyberCenturion competition, the Ubuntu images were available earlier this week for everyone to have a go with. While I can complete the Windows images and fix them pretty quickly, I’m not so good on the Ubuntu ones – some of the students are though.
Anyway, there were 9 problems that needed to be sorted with this image, ranging from users being admins who shouldn’t, through to software updates not being set to install. After spending a few hours looking at the image before the students did, here’s the full list of problems to find:
As most of the students haven’t been exposed to any operating systems apart from Windows, it took a bit of explaining how things worked, and for some of the students to figure out what was needed. Here’s a few examples:
Me: Have you checked for updates?
Student: Yes, there weren’t any.
Me: Are you sure there weren’t any?
Student: Yes, I checked.
Me: So, a two year old operating system has absolutely no updates needed, despite this being a competition about security?
Me: So, in the sshd_config file, you should see a line that says “PermitRootLogon” with a value of “without-password”. Do you think this is a good idea?
Student 1: Erm… no.
Me: Right. So, what should go in place of “without-password”?
Student 1: With password?
Me: Not quite, we don’t want to allow it.
Student 2: Password?
Me: Sort of. Remember we don’t want to let anyone log in as root.
Student 1: Don’t allow?
Student 2: Prevent login?
Student 2: No password?
Student 1: Disallow?
Student 1: Disable?
Student 2: Deny?
Student 3 Is it no?
Me: Yes! Did you catch on that I kept saying the answer as well as saying the guesses weren’t correct?
Student 3: After a while…
(That third student also managed to complete the Windows 7 image in 10 minutes, despite only being shown around on the server image last time, and never doing this stuff before)