Description
[[ Use Kali To Examine Debian]]The assignment document and template contain all the requirements in detail. Please follow the instructions and grading table division as well. #use Harvard style for referencesYou must submit A .docx report & pdf report sshd_config file
Unformatted Attachment Preview
School of Computing & Data Science
Coursework Title:
Secure System Implementation
Module Name:
Secure Systems
Module Code:
Level:
Credit Rating:
7542CYQR
7
20
Weighting:
60%
Maximum mark available: 100
Lecturer:
Contact:
Dr Ali Baydoun
If you have any issues with this coursework, you may contact your
lecturer.
Email: [email protected]
Hand-out Date:
04/03/2024
Hand-in Date:
04/04/2024
Hand-in Method:
Canvas
Feedback Date:
TBD
Feedback Method:
Canvas
Programmes:
MSc Cyber Security
Introduction
For this assignment, you are to assume the role of a cybersecurity consultant who has been hired by
a small business. The company has provided you with a copy of their virtual server and would like
you to undertake the following tasks:
1) Identify four security-related configuration issues on the virtual server.
2) Fix two of these security issues and validate the fixes.
3) Install and configure a secure SSH server that fulfils the company’s requirements given later
in this specification.
1
Learning Outcomes to be assessed
2.
Apply wide-ranging technical and conceptual skills to the task of securing new and existing
systems.
3.
Demonstrate the ability to apply practical configuration, diagnostic and problem-solving
skills to real-world scenarios.
Detail of the task
This is an individual assignment designed to evaluate YOUR knowledge. Copying pre-existing
configuration files (partial or complete), reports or testing plans from other sources is prohibited.
You must develop the contents yourself, based on what you have learned.
Task 1 – Virtual server security audit
Using any selection of tools that you deem appropriate, you are to perform a detailed inspection of
the CW2 VM provided. You need to identify four configuration mistakes (or ambiguities) that can
lead to security problems. The following will NOT be accepted:
• Weak credentials
• Credentials visible in /etc/issue
• Use of default account names or port numbers
• Outdated packages
• TCP timestamp-related issues
Hint: Blindly including “problems” identified by automated tools, which you haven’t
researched, or don’t understand, rarely score any marks!
For each issue you MUST:
– Comprehensively explain the issue in your own words (using supporting evidence where
appropriate).
– Explain any potential vulnerability that may arise from this issue and outline the potential
impacts (using supporting evidence where appropriate).
– Provide a detailed technical write-up as to how you tested for and identified this issue.
– Provide evidence of this testing through the use of screenshots. All screenshots must be
produced by you; the use of library/stock/reference/shared images is prohibited.
**You are permitted to install self-auditing tools on the VM, but all other tools should only be used
from/installed on a testing VM**
2
Task 2 – Virtual server security repair
Selecting any two of the security issues previously identified, you are required to implement
permanent fixes on the provided VM.
Each fix MUST:
– Permanently resolve the issue identified, temporary fixes or workarounds are not accepted.
– Be appropriate and proportionate to the specific issue identified (e.g. correcting configuration
errors instead of uninstalling the entire application).
– Be fully documented, with an explanation detailing how the issue was fixed and outlining
credible resources used to create and/or implement your fix.
– Provide evidence to demonstrate the implementation of your proposed fix (e.g. diff files,
screenshots).
– Validate the fix and original component functionality, by using all of the same tools used for
identification in Task 1. Evidence for this validation must be supplied through the inclusion of
your own screenshots in the report.
You are encouraged to make use of academic resources, which need to be referenced. Your report
should use either the Harvard or IEEE referencing style.
Task 3 – Implement a secure SSH server
You are tasked with installing and configuring OpenSSH on the provided VM. Your implementation
must conform to the company’s requirements given below. You will need to interpret these and
devise a suitable configuration for the server. If you find any element ambiguous, it is up to you to
select the configuration you feel is most appropriate for the company’s needs.
SSH requirements provided by the company:
• Access by student, student2, student3 must be possible using password authentication only.
• Root access must be possible using public-key login only.
• No access is permitted outside the local network for any account (use the subnet address
range assigned to your VM)
• Must operate over port 8022
• Must have a banner message reminding users that only authorised persons can use the
system (exact wording is up to you)
• Must not allow empty passwords
• Must have an idle timeout of 90 seconds using 2 message attempts
You must provide the sshd_config file as part of your submission, which will be tested on the VM
provided. Remember, your configuration files must be commented to explain changes where any
default values have been changed and why.
3
What you should hand in
You must submit the following items to the two separate Canvas handlers:
• sshd_config file
• A .doc/docx report
To enable anonymous marking, you should not include your name or student ID in any files.
Marking Scheme/Assessment Criteria
Task
1
2
3
Assessment Criteria
Weighting
Security Audit (total 36%)
Issue identification and explanation (x4)
• Identification of suitable issue
• Technical explanation of issue
Vulnerability and impact assessment (x4)
• Technical vulnerability explanation
• Impact assessment with appropriate evidence
Testing procedure write-up, with supporting evidence (x4)
• Write-up of testing steps undertaken
• Screenshot evidence
(12% total)
1%
2%
(12% total)
2%
1%
(12% total)
2%
1%
Security Fixes (total 30%)
Application of suitable fix (x2)
• Creation of suitable fix
• Implementation of suitable fix
Explanation of devised fix (x2)
• Explanation of fix and how it permanently solves issue
Validation of fix, with supporting evidence (x2)
• Write-up of steps undertaken to validate fix
• Screenshot evidence
(10% total)
2%
3%
(10% total)
5%
(10% total)
3%
2%
SSH Implementation (total 30%)
• SSH configuration
• Commenting
25%
5%
Quality of report
4%
4
Assessment Rubric
Task
Poor
Average
Good
Excellent
Task 1
Issue Identification &
Explanation
Valid issues are
Valid issues are
Valid issues are
outlined and explained
outlined with
outlined but not all are
well.
reasonable
valid, or the offered
explanations are poor, explanations but there
The issues are not
or part of the answer is are knowledge gaps.
security related or are
missing.
on the disallowed list.
Vulnerability
Explanation & Impact
Assessment
Element is missing,
misunderstood or
incoherent.
Element is missing,
misunderstood or
incoherent.
The issues are not
security related or are
on the disallowed list.
Test Writeup &
Evidence
Element is missing,
misunderstood or
incoherent.
Explanations for the Explanations of issues
issues are provided but are good but there are
lack technical depth or minor details missing
important details are
missing.
Issues are wellexplained, and
evidence is used to
support these
explanations.
Some parts of the
testing process are
explained but this is
either incomplete or
too basic.
Testing process is
clearly explained with
a good level of detail.
Testing process is
explained but there
are some gaps.
Screenshots are
The issues are not
Sufficient screenshot
provided but some evidence is supplied to
security related or are
on the disallowed list. Screenshots are either may be missing or fail support the writeup.
to show required
missing or belong to a
information.
third party.
Task 2
Application of Suitable
Fixes
Element is
missing,
misunderstood or
incoherent.
One/both fixes only Fixes address most of Fixes fully address the
issues.
partially address the the issue but there are
some factors not
issues or are not fully
considered.
implemented.
Or the fixes do not
work or are
inappropriate.
5
Explanation of Fixes
Element is missing,
misunderstood or
incoherent.
Explanations are given
but are brief and lack
sufficient technical
detail.
Explanations
Explanations are
cover most details
clearly written
of the fixes, but
covering all details of
the fixes.
some
elements are missing
or unclear.
Validation of fixes &
evidence
Element is missing,
misunderstood or
incoherent.
The fixes only partially Minor elements of the Fixes are properly
work, or the same
fixes may not have validated using the
been validated or
same tools and a good
Or the fixes are not
adequately
demonstrated.
tools have not been
used, as required.
evidence is
incomplete.
level of evidence is
supplied.
Or some fix evidence is
missing.
Task 3
SSH Configuration
Element is missing,
misunderstood or
incoherent.
Or config not supplied
in the correct format.
Comments
Element is missing,
misunderstood or
incoherent.
Comments are not in
the config file.
Quality
Structure and/or
presentation of report
is poor.
Quality of writing is
poor.
Config has been
Most config elements Config adheres to the
attempted but is either have been attempted requirements set out
and work, but this is
in the specification.
mostly incorrect or
not
the
case
for
all.
incomplete.
Or config file is not
readable by OpenSSH.
Comments are not
meaningful.
Comments are
provided for some
changes but not all.
Report structure is
acceptable.
Quality of writing
needs improvement
Comments are
Appropriate
provided for changes comments are used
but in parts are too consistently
brief or too long.
throughout.
Report is neatly
Report is professionally
presented and mostly presented and well
written.
well written but there
is scope for
improvement
Extenuating Circumstances
If something serious happens that means that you will not be able to complete this assignment, you
need to contact the module leader as soon as possible. There are a number of things that can be
done to help, such as extensions, waivers and alternative assessments, but we can only arrange this
6
if you tell us. To ensure that the system is not abused, you will need to provide some evidence of
the problem.
More guidance is available at: https://www.ljmu.ac.uk/about-us/publicinformation/studentregulations/guidance-policy-and-process
Any coursework submitted late without the prior agreement of the module leader will receive 0
marks.
Academic Misconduct
The University defines Academic Misconduct as ‘any case of deliberate, premeditated cheating,
collusion, plagiarism or falsification of information, in an attempt to deceive and gain an unfair
advantage in assessment’. This includes attempting to gain marks as part of a team without making
a contribution. The Faculty takes Academic Misconduct very seriously and any suspected cases will
be investigated through the University’s standard policy (https://www.ljmu.ac.uk/aboutus/publicinformation/student-regulations/academic-misconduct). If you are found guilty, you may
be expelled from the University with no award.
It is your responsibility to ensure that you understand what constitutes Academic Misconduct
and to ensure that you do not break the rules. If you are unclear about what is required, please
ask.
For more information you are directed to following the University web pages:
•
•
•
Information regarding academic misconduct:
https://www.ljmu.ac.uk/about-us/public-information/student-regulations/academicmisconduct
Information on study skills:
https://www.ljmu.ac.uk/microsites/library/skills-ljmu
Information regarding referencing:
https://www.ljmu.ac.uk/microsites/library/skills-ljmu/referencing-and-endnote
7
School of Computing & Data Science
Coursework Title:
Secure System Implementation
Module Name:
Secure Systems
Module Code:
Level:
Credit Rating:
7542CYQR
7
20
Weighting:
60%
Maximum mark available: 100
Lecturer:
Contact:
Dr Ali Baydoun
If you have any issues with this coursework, you may contact your
lecturer.
Email: [email protected]
Hand-out Date:
04/03/2024
Hand-in Date:
04/04/2024
Hand-in Method:
Canvas
Feedback Date:
TBD
Feedback Method:
Canvas
Programmes:
MSc Cyber Security
Introduction
For this assignment, you are to assume the role of a cybersecurity consultant who has been hired by
a small business. The company has provided you with a copy of their virtual server and would like
you to undertake the following tasks:
1) Identify four security-related configuration issues on the virtual server.
2) Fix two of these security issues and validate the fixes.
3) Install and configure a secure SSH server that fulfils the company’s requirements given later
in this specification.
1
Learning Outcomes to be assessed
2.
Apply wide-ranging technical and conceptual skills to the task of securing new and existing
systems.
3.
Demonstrate the ability to apply practical configuration, diagnostic and problem-solving
skills to real-world scenarios.
Detail of the task
This is an individual assignment designed to evaluate YOUR knowledge. Copying pre-existing
configuration files (partial or complete), reports or testing plans from other sources is prohibited.
You must develop the contents yourself, based on what you have learned.
Task 1 – Virtual server security audit
Using any selection of tools that you deem appropriate, you are to perform a detailed inspection of
the CW2 VM provided. You need to identify four configuration mistakes (or ambiguities) that can
lead to security problems. The following will NOT be accepted:
• Weak credentials
• Credentials visible in /etc/issue
• Use of default account names or port numbers
• Outdated packages
• TCP timestamp-related issues
Hint: Blindly including “problems” identified by automated tools, which you haven’t
researched, or don’t understand, rarely score any marks!
For each issue you MUST:
– Comprehensively explain the issue in your own words (using supporting evidence where
appropriate).
– Explain any potential vulnerability that may arise from this issue and outline the potential
impacts (using supporting evidence where appropriate).
– Provide a detailed technical write-up as to how you tested for and identified this issue.
– Provide evidence of this testing through the use of screenshots. All screenshots must be
produced by you; the use of library/stock/reference/shared images is prohibited.
**You are permitted to install self-auditing tools on the VM, but all other tools should only be used
from/installed on a testing VM**
2
Task 2 – Virtual server security repair
Selecting any two of the security issues previously identified, you are required to implement
permanent fixes on the provided VM.
Each fix MUST:
– Permanently resolve the issue identified, temporary fixes or workarounds are not accepted.
– Be appropriate and proportionate to the specific issue identified (e.g. correcting configuration
errors instead of uninstalling the entire application).
– Be fully documented, with an explanation detailing how the issue was fixed and outlining
credible resources used to create and/or implement your fix.
– Provide evidence to demonstrate the implementation of your proposed fix (e.g. diff files,
screenshots).
– Validate the fix and original component functionality, by using all of the same tools used for
identification in Task 1. Evidence for this validation must be supplied through the inclusion of
your own screenshots in the report.
You are encouraged to make use of academic resources, which need to be referenced. Your report
should use either the Harvard or IEEE referencing style.
Task 3 – Implement a secure SSH server
You are tasked with installing and configuring OpenSSH on the provided VM. Your implementation
must conform to the company’s requirements given below. You will need to interpret these and
devise a suitable configuration for the server. If you find any element ambiguous, it is up to you to
select the configuration you feel is most appropriate for the company’s needs.
SSH requirements provided by the company:
• Access by student, student2, student3 must be possible using password authentication only.
• Root access must be possible using public-key login only.
• No access is permitted outside the local network for any account (use the subnet address
range assigned to your VM)
• Must operate over port 8022
• Must have a banner message reminding users that only authorised persons can use the
system (exact wording is up to you)
• Must not allow empty passwords
• Must have an idle timeout of 90 seconds using 2 message attempts
You must provide the sshd_config file as part of your submission, which will be tested on the VM
provided. Remember, your configuration files must be commented to explain changes where any
default values have been changed and why.
3
What you should hand in
You must submit the following items to the two separate Canvas handlers:
• sshd_config file
• A .doc/docx report
To enable anonymous marking, you should not include your name or student ID in any files.
Marking Scheme/Assessment Criteria
Task
1
2
3
Assessment Criteria
Weighting
Security Audit (total 36%)
Issue identification and explanation (x4)
• Identification of suitable issue
• Technical explanation of issue
Vulnerability and impact assessment (x4)
• Technical vulnerability explanation
• Impact assessment with appropriate evidence
Testing procedure write-up, with supporting evidence (x4)
• Write-up of testing steps undertaken
• Screenshot evidence
(12% total)
1%
2%
(12% total)
2%
1%
(12% total)
2%
1%
Security Fixes (total 30%)
Application of suitable fix (x2)
• Creation of suitable fix
• Implementation of suitable fix
Explanation of devised fix (x2)
• Explanation of fix and how it permanently solves issue
Validation of fix, with supporting evidence (x2)
• Write-up of steps undertaken to validate fix
• Screenshot evidence
(10% total)
2%
3%
(10% total)
5%
(10% total)
3%
2%
SSH Implementation (total 30%)
• SSH configuration
• Commenting
25%
5%
Quality of report
4%
4
Assessment Rubric
Task
Poor
Average
Good
Excellent
Task 1
Issue Identification &
Explanation
Valid issues are
Valid issues are
Valid issues are
outlined and explained
outlined with
outlined but not all are
well.
reasonable
valid, or the offered
explanations are poor, explanations but there
The issues are not
or part of the answer is are knowledge gaps.
security related or are
missing.
on the disallowed list.
Vulnerability
Explanation & Impact
Assessment
Element is missing,
misunderstood or
incoherent.
Element is missing,
misunderstood or
incoherent.
The issues are not
security related or are
on the disallowed list.
Test Writeup &
Evidence
Element is missing,
misunderstood or
incoherent.
Explanations for the Explanations of issues
issues are provided but are good but there are
lack technical depth or minor details missing
important details are
missing.
Issues are wellexplained, and
evidence is used to
support these
explanations.
Some parts of the
testing process are
explained but this is
either incomplete or
too basic.
Testing process is
clearly explained with
a good level of detail.
Testing process is
explained but there
are some gaps.
Screenshots are
The issues are not
Sufficient screenshot
provided but some evidence is supplied to
security related or are
on the disallowed list. Screenshots are either may be missing or fail support the writeup.
to show required
missing or belong to a
information.
third party.
Task 2
Application of Suitable
Fixes
Element is
missing,
misunderstood or
incoherent.
One/both fixes only Fixes address most of Fixes fully address the
issues.
partially address the the issue but there are
some factors not
issues or are not fully
considered.
implemented.
Or the fixes do not
work or are
inappropriate.
5
Explanation of Fixes
Element is missing,
misunderstood or
incoherent.
Explanations are given
but are brief and lack
sufficient technical
detail.
Explanations
Explanations are
cover most details
clearly written
of the fixes, but
covering all details of
the fixes.
some
elements are missing
or unclear.
Validation of fixes &
evidence
Element is missing,
misunderstood or
incoherent.
The fixes only partially Minor elements of the Fixes are properly
work, or the same
fixes may not have validated using the
been validated or
same tools and a good
Or the fixes are not
adequately
demonstrated.
tools have not been
used, as required.
evidence is
incomplete.
level of evidence is
supplied.
Or some fix evidence is
missing.
Task 3
SSH Configuration
Element is missing,
misunderstood or
incoherent.
Or config not supplied
in the correct format.
Comments
Element is missing,
misunderstood or
incoherent.
Comments are not in
the config file.
Quality
Structure and/or
presentation of report
is poor.
Quality of writing is
poor.
Config has been
Most config elements Config adheres to the
attempted but is either have been attempted requirements set out
and work, but this is
in the specification.
mostly incorrect or
not
the
case
for
all.
incomplete.
Or config file is not
readable by OpenSSH.
Comments are not
meaningful.
Comments are
provided for some
changes but not all.
Report structure is
acceptable.
Quality of writing
needs improvement
Comments are
Appropriate
provided for changes comments are used
but in parts are too consistently
brief or too long.
throughout.
Report is neatly
Report is professionally
presented and mostly presented and well
written.
well written but there
is scope for
improvement
Extenuating Circumstances
If something serious happens that means that you will not be able to complete this assignment, you
need to contact the module leader as soon as possible. There are a number of things that can be
done to help, such as extensions, waivers and alternative assessments, but we can only arrange this
6
if you tell us. To ensure that the system is not abused, you will need to provide some evidence of
the problem.
More guidance is available at: https://www.ljmu.ac.uk/about-us/publicinformation/studentregulations/guidance-policy-and-process
Any coursework submitted late without the prior agreement of the module leader will receive 0
marks.
Academic Misconduct
The University defines Academic Misconduct as ‘any case of deliberate, premeditated cheating,
collusion, plagiarism or falsification of information, in an attempt to deceive and gain an unfair
advantage in assessment’. This includes attempting to gain marks as part of a team without making
a contribution. The Faculty takes Academic Misconduct very seriously and any suspected cases will
be investigated through the University’s standard policy (https://www.ljmu.ac.uk/aboutus/publicinformation/student-regulations/academic-misconduct). If you are found guilty, you may
be expelled from the University with no award.
It is your responsibility to ensure that you understand what constitutes Academic Misconduct
and to ensure that you do not break the rules. If you are unclear about what is required, please
ask.
For more information you are directed to following the University web pages:
•
•
•
Information regarding academic misconduct:
https://www.ljmu.ac.uk/about-us/public-information/student-regulations/academicmisconduct
Information on study skills:
https://www.ljmu.ac.uk/microsites/library/skills-ljmu
Information regarding referencing:
https://www.ljmu.ac.uk/microsites/library/skills-ljmu/referencing-and-endnote
7
Make sure you read the CW2 Description posted on Canvas, before you go
through the below template
Task 1- Virtual server security audit (36 points)
You need to identify four security issues with the provided VM – You can use whatever tools
you feel are appropriate for your audit. You can use those featured in the tutorials.
1- Security issue 1
• Issue identification and explanation
− Explain the issue in your own words
• Vulnerability and impact assessment
− Explain any potential vulnerability that may arise from this issue and outline the
potential impacts
• Testing procedure with supporting evidence (screenshots)
− How you tested for and identified this issue
− What tools did you use to define this issue?
− provide evidence of this testing (screenshots) showing the identified issue (from the
tool you used)
2- Security issue 2
.
Same structure as above
.
3- Security issue 3
.
Same structure as above
.
4- Security issue 4
.
Same structure as above
.
Marking Scheme for Task 1
Issue identification and explanation (x4)
Vulnerability and impact assessment (x4)
Testing procedure write-up, with supporting evidence (x4)
12 points (3 each)
12 points (3 each)
12 points (3 each)
Task 2 – Virtual server security repair (30 points)
You must select any of the two defined security issues in task 1 and fix them. For each fixed
issue, you must provide the following:
1- Security issue fix 1
Implementation of the fix and explanation
− How did you fix this issue? (What tools/ resources were used),
− Provide evidence to demonstrate the implementation of your proposed fix (using
screenshots)
Validation – showing the issue is fixed
− Use the same tools you used in task 1 – but now the outcome of the tool should
show that the issue no longer exists, and it is fixed – provide evidence through the
use of screenshots
2- Security issue fix 2
.
Same structure as Security issue fix 1
.
Marking Scheme for Task 2
Application of suitable fix, with supporting evidence (x2)
Explanation of devised fix (x2)
Validation of fix, with supporting evidence (x2)
10 points (5 each)
10 points (5 each)
10 points (5 each)
Task 3 – Implement a secure SSH server (30 points)
1- SSH server installation
− You must install OpenSSH on the provided VM
− Show screenshots and commends used for the installation.
2- Configuration requirements for SSH server
For each requirement below, you must write the following
− How you fulfill the requirement (very brief)
− Provide a screenshot of the changes you made
1. Access by student, student2, student3 must be possible using password
authentication only.
2. Root access must be possible using public-key login only.
3. No access is permitted outside the local network for any account (use the subnet
address range assigned to your VM)
4. Must operate over port 8022
5. Must have a banner message reminding users that only authorised persons can use
the system (exact wording is up to you)
6. Must not allow empty passwords
7. Must have an idle timeout of 90 seconds using 2 message attempts
Task 3 – Marking scheme
SSH configuration
• Commenting
25 points
5 points
What you should hand in
You must submit the following items to Canvas in a single ZIP archive file:
• sshd_config file
• A .docx report
Coursework 2 FAQs
I’m concerned about messing up my VM
You can save the installation package on your laptop and run it again or perhaps contact
your lecturer to re-install it again for you.
What tools should I use?
You can use whatever tools you feel are appropriate for your audit. You can use those
featured in the tutorials or additional tools you have found during your research. Please
note that some security issues used in this assignment will not be identified by some tools.
Sometimes manual analysis can prove to be an effective solution too!
How do I install the tools used in the tutorial?
Refer back to Lab 03 to install and run OpenVAS, Both Lynis and unix-privesc-check are
scripts that can be downloaded as below. The followings are the links:
Lynis
wget https://downloads.cisofy.com/lynis/lynis-3.0.7.tar.gz
tar -xvf lynis-3.0.7.tar.gz
Unix-privesc-check
wget https://pentestmonkey.net/tools/unix-privesc-check/unix-privesc-check-1.4.tar.gz
tar -xvf unix-privesc-check-1.4.tar.gz
If the unix-privesc-check script complains about a missing dependency strings, you’ll just
need to install this using the following command:
sudo apt install binutils
How do I export the sshd_config file?
You will need to extract the sshd_config file from your VM to include as part of your
submission. The easiest method would be to use your Kali (or Lubuntu) VM to
perform this.
1) On your Kali/Lubuntu VM, you will need to transfer the sshd_conf file from the
CW2 VM using either SFTP or SCP
(Example: Issue the command: scp -C /etc/ssh/sshd_config
lab@YOURVMDESTINATIONIP:/home/lab) this will transfer the sshd_config file from
your local VM to the specified destination IP “YOURVMDESTINATIONIP”
(Both techniques were covered in Tutorial 4). If you are struggling with doing this via
the command line, you can install a GUI frontend on Kali/Lubuntu, such as Filezilla.
2) Once the file has been transferred to your Kali/Lubuntu VM, you can then use the
included web browser to upload the file to your OneDrive account (other cloud
storage services are fine too e.g. Dropbox/Google Drive) or even email yourself a
copy of the file (using LJMU webmail – https://outlook.office.com).
SSH/SFTP/SCP Connection Broken?
Not to worry, it is usually a minor typo in your config that will have caused the issue.
It would be a good idea to check on the status of your SSHD service to see if it is
operational. If it has failed, you can pinpoint issues by running it in debug mode:
•
o
sudo /usr/sbin/sshd -dD
If you are running out of time, you can do the following as a last resort.
•
•
•
•
•
On the CW2 VM, change to the root user:
o su Navigate to sshd config directory:
o cd /etc/ssh
Find and note the IP of your VM:
o ip a
Start a mini webserver:
o python -m SimpleHTTPServer 8000
In the Kali/Lubuntu VM, open your browser (replacing the IP placeholder) and
navigate to:
o http://:8000/sshd_config
This will display the raw contents of your config file in the browser, you will need to
copy and paste this into a new file on your Kali/Lubuntu VM. This can then be
uploaded to your cloud storage/webmail as above.
To install and start the Secure Systems CW2 VM:
1- Go to the shared drive (the dive I shared in the below email)
2- Click on the download button to start the download (be patient, this will take a little more time)
3- After the download is completed, extract the folder and then double clicks on “Debian
VM_CW2” (as illustrated in the figure below)
4- Insert a name of your new VM ( I named it “SecureSystems_CW2_VM” – You can properly
use any related name)
5- After inserting the name, click on Import (wait for the importing process to finish)
After finishing you will get an error “Something has gone wrong” as shown below – Do not panic:
6-
To fix this issue,
−
−
−
Close the SecureSystems_CW2_VM – Must close the VM first
Go to your VMware Workstation on your desktop
Right click on the newly added VM “SecureSystems_CW2_VM” → settings → Display →
then tick the first option “Accelerate 3D graphics” as shown in the below figure → hit OK
7 – Open the VM and provide the password Lab123
“ — with capital L
You should now log in to the CW2 VM, if you encounter any issues, please contact your
lecturer.
Purchase answer to see full
attachment
