Learning outcome 2

Harden operating system configurations against common attack vectors.

Skill drills that assess this outcome

• CSCD240-E1-A-Q11 primary performance permissions-chmod Change permissions of notes.sh: owner rwx, group rx, other none. Use octal.
• CSCD240-E1-A-Q12 primary performance permissions-chmod Using only letters, remove write permission from the owner on notes.sh.
• CSCD240-E1-A-Q26 primary performance rm-recursive Using absolute path, remove subdirectory scratch under /home/ssteiner. Not in home dir.
• CSCD240-E1-A-Q42 primary performance chmod-recursive Recursively change permissions in current dir so group and other have no write permission.
• CSCD240-E1-B-Q11 primary performance harden Remove setuid bit from /opt/app/runner without changing other permissions.
• CSCD240-E1-B-Q12 primary performance ownership Change owner AND group of /opt/app/runner to svc_app:svc_app in ONE command.
• CSCD240-E1-B-Q13 primary performance harden Recursively set permissions on ~/secrets/ so only owner has any access.
• CSCD240-E1-B-Q14 primary performance enum-misconfig Find every world-writable regular file under /var (common misconfig indicator).
• CSCD240-E1-B-Q32 primary performance signals Send SIGHUP to PID 4112 to reload daemon config.
• CSCD240-E1-C-Q23 primary performance harden Remove the setuid bit from /opt/svc/agent using symbolic form, leaving other perms.
• CSCD240-E1-C-Q29 primary performance signals Send SIGHUP (signal 1) to PID 7120 so the daemon reloads config.
• CSCD240-E1-C-Q42 primary scenario chmod-recursive-trap chmod -R 644 /etc/ssh — what broke and why?
• CSCD240-E1-C-Q47 primary scenario ssh-perms -rw------- on .ssh and drwx------ on .config — which is typical for an SSH private key and why?