Which of the following lines in the user’s history log …

The security administrator is analyzing a user’s history file on a Unix server to determine if the user was attempting to break out of a rootjail. Which of the following
lines in the user’s history log shows evidence that the user attempted to escape the rootjail?

The security administrator is analyzing a user’s history file on a Unix server to determine if the user was attempting to break out of a rootjail. Which of the following
lines in the user’s history log shows evidence that the user attempted to escape the rootjail?

A.
cd ../../../../bin/bash

B.
whoami

C.
ls /root

D.
sudo -u root

Explanation:
On modern UNIX variants, including Linux, you can define the root directory on a perprocess basis. The chroot utility allows you to run a process with a root
directory other than /. The root directory appears at the top of the directory hierarchy and has no parent: A process cannot access any files above the root directory

(because they do not exist). If, for example, you run a program (process) and specify its root directory as /home/sam/jail, the program would have no concept of
any files in /home/sam or above: jail is the program’s root directory and is labeled / (not jail).
By creating an artificial root directory, frequently called a (chroot) jail, you prevent a program from accessing or modifying–possibly maliciously–files outside the
directory hierarchy starting at its root. You must set up a chroot jail properly to increase security: If you do not set up the chroot jail correctly, you can actually make
it easier for a malicious user to gain access to a system than if there were no chroot jail.
The command cd.. takes you up one level in the directory structure. Repeated commands would take you to the top level the root which is represented by a forward
slash /. The command /bin/bash is an attempt to run the bash shell from the root level.
Incorrect Answers:
B: The whoami command is used to display the username that the user is working under. It does not signify an attempt to break out of a rootjail. Therefore, this
answer is incorrect.
C: The ls / command is used to list the directories at the root level of the directory structure. It does not signify an attempt to break out of a rootjail. Therefore, this
answer is incorrect.
D: The sudo -u root command is used to change the security context to that of the root user. The root user is equivalent to the Administrator account in Windows. It
does not signify an attempt to break out of a rootjail. Therefore, this answer is incorrect.

http://searchitchannel.techtarget.com/feature/Secure-your-Linux-server-with-a-chroot-jail-or- TCP-wrappers



Leave a Reply 0

Your email address will not be published. Required fields are marked *