PRACTICAL LAB EXERCISE

Using Access Control Techniques & Checking Logs for Unauthorized Access Attempts

1. Lab Objectives

By the end of this lab, students should be able to:

• Create and manage Linux user accounts
• Set file and folder permissions
• Apply Discretionary Access Control (DAC)
• Apply Role-Based Access Control (RBAC)
• Check authentication and system logs
• Identify suspicious activities and unauthorized access attempts

2. Lab Requirements

• Linux Virtual Machine (Ubuntu / Kali recommended)
• Terminal access (sudo privileges)
• Internet access (optional for online Linux terminals)

3. Lab Scenario

You are a System Administrator at a college. Your duties include:

• Creating student and admin users
• Assigning roles using RBAC
• Protecting sensitive academic files using DAC
• Detecting unauthorized access attempts
• Producing a report for security review

4. LAB TASKS

Task 1: Create User Accounts (RBAC Basics)

Step 1 — Create Three Users

sudo adduser student1
sudo adduser student2
sudo adduser adminuser

Verification:

cat /etc/passwd | grep student
cat /etc/passwd | grep adminuser

Step 2 — Create RBAC Roles as Groups

sudo groupadd students
sudo groupadd admins

Verify Groups:

getent group students
getent group admins

Step 3 — Assign Users to Roles

sudo usermod -aG students student1
sudo usermod -aG students student2
sudo usermod -aG admins adminuser

Verify Role Assignments:

groups student1
groups student2
groups adminuser

Task 2: Create Protected Folder & Apply DAC

Step 1 — Create Secure Folder

sudo mkdir /securedata

Step 2 — Allow Only Admins to Access It

sudo chown adminuser:admins /securedata
sudo chmod 770 /securedata

Step 3 — Test Access as Student

su - student1
cd /securedata

Permission denied

Task 3: Generate Unauthorized Access Attempts

While logged in as student1, try to access an admin file.

cat /securedata/file.txt

cat: /securedata/file.txt: Permission denied

Task 4: Check Logs for Unauthorized Attempts

Step 1 — Switch Back to Admin User

su - adminuser

4.1 — Check Authentication Logs

sudo cat /var/log/auth.log | grep "student1"

• "permission denied"
• "failed to access"
• "authentication failure"

4.2 — Check System Logs

sudo tail /var/log/syslog

• Repeated access failures
• Unauthorized file access attempts
• Login attempts at odd hours

4.3 — If Auditd is Installed (Optional)

sudo ausearch -x cat

Task 5: Prepare Security Report

Students must write a report containing:

1. Who attempted unauthorized access?
2. What time did it occur?
3. What command was used?
4. What resource was accessed?
5. Which access control technique blocked it (DAC/RBAC)?
6. Screenshots from the logs

6. Bonus Practical Tasks (Optional)

Enable File Audit Logging

sudo apt install auditd
sudo auditctl -w /securedata -p rwxa

Detect Brute Force Attacks

sudo grep "Failed password" /var/log/auth.log

Block Unknown IP Using Firewall

sudo ufw deny from 192.168.100.10

7. Online Linux Terminals for Practical Testing

You can perform ALL commands in the following online Linux environments:

1. Copy.sh Online Linux (Instant Ubuntu Terminal)

Link: https://copy.sh/v86/?profile=linux26

2. JSLinux Browser Linux Emulator

Link: https://bellard.org/jslinux/

3. Killercoda (Full Ubuntu VM, Best for This Lab)

Link: https://killercoda.com

4. Tutorialspoint Ubuntu Shell (Basic Commands)

Link: https://www.tutorialspoint.com/execute_bash_online.php

5. Webminal Online Linux Training

Link: https://www.webminal.org

6. GitPod Full Ubuntu Workspace

Link: https://gitpod.io/#new