Practical Lab: Access Control & Log Analysis

Objectives: Practical Lab: Access Control & Log Analysis

Practical Lab: Access Control & Log Analysis

Practical Lab Exercise

Using Access Control Techniques & Checking Logs for Unauthorized Access Attempts

1. Lab Objectives

By the end of this lab, students should be able to:

  • Create and manage user accounts
  • Set file and folder permissions
  • Apply access control techniques (DAC, RBAC)
  • Check authentication and system logs
  • Identify suspicious and unauthorized access attempts

2. Lab Requirements

  • Linux VM (Ubuntu or Kali recommended)
  • Basic terminal access
  • User accounts (created during the lab)

3. Lab Scenario

You are a System Administrator at a college. Your responsibility is to protect sensitive academic and administrative data.

You must:

  1. Create users and assign roles
  2. Protect sensitive files using access control
  3. Check system logs for suspicious activity
  4. Report unauthorized access attempts

Real-life analogy (Swahili):
Ni kama wewe ni msimamizi wa chuo, una funguo tofauti kwa wanafunzi na wakuu wa idara. Sio kila mtu anaruhusiwa kuingia ofisi ya kumbukumbu muhimu.

4. Lab Tasks

Task 1: Create User Accounts (RBAC Basics)

Step 1 — Create three users

sudo adduser student1
sudo adduser student2
sudo adduser adminuser

Explanation:
These commands create three separate user accounts in the system.

Swahili analogy:
Ni kama kusajili wanafunzi wawili na mfanyakazi mmoja wa utawala kwenye daftari la chuo.

Step 2 — Create roles as groups

sudo groupadd students
sudo groupadd admins

Explanation:
Groups represent roles. Users inherit permissions from groups.

Swahili analogy:
Kama kugawa watu kwenye makundi: wanafunzi na walimu.

Step 3 — Assign users to groups

sudo usermod -aG students student1
sudo usermod -aG students student2
sudo usermod -aG admins adminuser

Explanation:
Users are assigned roles using groups.

  • student1 → student role
  • student2 → student role
  • adminuser → administrator role

Access Control Used: RBAC (Role-Based Access Control)

Swahili analogy:
Mwanafunzi anaruhusiwa darasani tu, lakini mkuu wa chuo ana ruhusa ya ofisi zote.

Task 2: Create Protected File and Apply DAC

Step 1 — Create secure folder

sudo mkdir /securedata

Explanation:
Creates a directory for sensitive information.

Swahili analogy:
Ni kama kujenga chumba cha kumbukumbu muhimu.

Step 2 — Allow only admins to access

sudo chown adminuser:admins /securedata
sudo chmod 770 /securedata

Explanation:

  • chown → Sets owner and group
  • chmod 770 → Full access for owner & group, none for others

Access Control Used: DAC (Discretionary Access Control)

Swahili analogy:
Ni kama kufunga chumba na funguo kubaki kwa wakuu tu.

Step 3 — Test access as student

su - student1
cd /securedata

Expected Result:

Permission denied

Meaning:
Student role is blocked from accessing admin-only resources.

Task 3: Generate Unauthorized Access Attempts

cat /securedata/file.txt

Expected Output:

Permission denied

Explanation:
The system blocks unauthorized access and records it in logs.

Swahili analogy:
Mwanafunzi anajaribu kufungua ofisi ya mkuu bila ruhusa — mlango unagoma.

Task 4: Check Logs for Unauthorized Attempts

Switch back to admin

su - adminuser

4.1 Check Authentication Logs

sudo cat /var/log/auth.log | grep "student1"

Look for:

  • permission denied
  • authentication failure
  • failed access

Swahili analogy:
Ni kama kuangalia CCTV kuona nani alijaribu kuingia bila ruhusa.

4.2 Check System Logs

sudo tail /var/log/syslog

Look for:

  • Repeated access failures
  • Suspicious commands
  • Odd system behavior

4.3 Check File Access Logs (Audit)

sudo ausearch -x cat

Explanation:
Shows which user attempted to read protected files.

Task 5: Report Findings

Students must include:

  1. User who attempted unauthorized access
  2. Date and time of attempt
  3. Resource accessed
  4. Access control technique used (DAC or RBAC)
  5. Screenshot of logs

5. Deliverables

  • Screenshots of user creation
  • Screenshots of permission settings
  • Screenshot of Permission Denied
  • Screenshot of logs
  • Brief written report

6. Bonus Practical Tasks (Optional)

Enable file audit logging

sudo apt install auditd
sudo auditctl -w /securedata -p rwxa

Meaning:
Tracks read, write, execute, and access attempts.

Detect brute-force login attempts

sudo grep "Failed password" /var/log/auth.log

Swahili analogy:
Mtu anajaribu kufungua mlango kwa makufuli mengi tofauti.

Create firewall rule

sudo ufw deny from 192.168.100.10

Meaning:
Blocks suspicious IP address.

Swahili analogy:
Ni kama kumzuia mtu hatari asiingie kabisa kwenye geti.

End of Practical Lab

Status: ✔ Lab-ready | ✔ Teaching-ready | ✔ Certification-ready

Reference Book: N/A

Author name: SIR H.A.Mwala Work email: biasharaboraofficials@gmail.com
#MWALA_LEARN Powered by MwalaJS #https://mwalajs.biasharabora.com
#https://educenter.biasharabora.com

:: 1::