You may log on to the ssh-server studssh.cs.hioa.no or any other Linux host to do these assignments. Later you will be handed a network of virtual machines.
For more than 10 years ago we got the following email from uninett.no, who are responsible for the networks conecting universities and colleges in Norway (translated from Norwegian):
Subject: Infected computers? Date: Fri, 29 Sep 2006 19:20:34 +0200 (CEST) From: email@example.com To: firstname.lastname@example.org This message is automaticly generated by a script at maal.uninett.no. The following hosts are performing host-scanning as detected by flow-tool on central netflow log computers in UNINETT. Time: IP-adresse: Type scan: Org: 0929.19:06:05 184.108.40.206 tcp 22 scan hio.no The computer is probably infected, and we recommend to investigate the case.We discovered that the host (which was one of the Linux hosts with a public IP handed out to a student of this course) had indeed been hacked. Since it is a VM, it was rebuilt from scratch, but first the bash_history file and some hacker tools were copied. Take a look at the bash_history file and the file scripts.tar.gz containing the hacker tools and try to find out what has happend. NB! Because "Google detected 1 malicious software URLs", these files must be password-protected, you may find the credentials in the archive in Fronter.
Do under no circumstances use any of these hackertools. Do NOT repeat the commands in the bash_history file
We have not analysed this thouroughly, so it is great if you do so. At least you should try to answer the following questions based on the given files.
We don't know the answer to the last question and hope you can find out!
Using Linux one-line commands (or bash-scripts if you prefer), find the following from the auth.log file:
Write a short report answering the questions in a text file. Answer all the questions and submit them using fronter(log on at http://www.hioa.no/fronter and choose engelsk(english) as language), using the folder "Assignment 1". Any format is accepted, preferably PDF or ascii-text. If you submit using a editable format, like ascii, odt or doc, you may receive comments within the text from the teachers. Submit the complete assignment in a single document.