Assignment 0: UNIX Scavenger Hunt

Due: Tue Jan 17 11:59 pm
No late submissions accepted.

Assignment by Cynthia Lee (incorporating past Unix guides and scavenger hunt from Schuyler, Travis, Sumi, and Mindy)

[Quick Links: Advice page, Grading]

Learning goals

Completing this assignment will give you valuable practice with working in the unix environment, including:

  1. setting up ssh to log in to myth (our class' computers),
  2. navigating the filesystem,
  3. executing programs,
  4. editing files,
  5. using common helpful UNIX tools,
  6. and configuring your UNIX environment for better ease and comfort.

Introduction

Everything we'll do this quarter involves running commands on Unix. Developed in the 70s at Bell Labs, Unix is an operating system, like Windows or Android or MacOS. Over the years, Unix and its derivatives and cousins, including Linux, have become ubiquitous. In fact, MacOS X is built on Unix and lets you access its Unix insides through the Terminal (more on that later). Although technically Linux (that we'll use in this class) isn't Unix, but rather a copy-cat of Unix rebuilt from the ground up to address some of Unix's limitations. However, the interface that users (that's us!) see is so similar that for the purposes of this class "Linux" and "Unix" are synonymous.

In CS107, we'll be working on "myth," a cluster of computers in the basement of Gates running Ubuntu Linux. The myth computers themselves are physically located in Gates B08, and you'll use them in person during your labs this quarter. You'll also use them remotely to do assignments, because the room is not always available to everyone (for example, during scheduled labs).

Your assignment

This introductory exercise is intended to acclimate you to the UNIX environment. It proceeds as follows:

  1. Instructions for logging in to myth with SSH (no specific deliverable, but needed to complete assign0)
  2. Unix tutorial in the form of a scavenger hunt and simulated hacker/intruder detection activity (fun!), with milestones recorded for turning in as your assign0.

Note for the Unix experts: If you are already familiar with Unix, you will find that the explanatory passages in the beginning of the scavenger hunt cover material you already know, but you should be able to skim them and finish fairly quickly. You may also learn a few useful things that are more specific to our CS107, such as our use of Mercurial (the hg command to check out, commit, and submit code for your assignments). I hope the intruder detection portion will be more fun for you! (though again you should be able to do it quickly)

Logging in to myth with SSH

The first step of this assignment is to set up your own computer to log in to myth. Logging in through a program called ssh will allow you to work on the myth computers in a way that is indistinguishable from being physically in the Gates B08 room. While some version of ssh is available on all kinds of computers, the exact details of this step will be different depending on what kind of computer you have:

MacOS

Use this if you are on a Stanford lab machine in libraries, dorms, etc.

You'll type the ssh command inside the Terminal program on your Mac. If you haven't used the Terminal program before and aren't sure what it is or where to find it, follow the instructions in this Youtube video.

The Terminal is the Unix core of your own Mac. So you'll initially be seeing the files and programs of your own laptop, but through the lens of Unix. From there you can use the ssh command to connect to the myth machines. Just be sure to keep track in your own mind of whether you're on myth or your own laptop at any given moment! The ssh command you want to type is:

ssh [sunet]@myth.stanford.edu

where [sunet] is your SUNet ID (i.e., the name part of your stanford email address, so I would type ssh cbl@myth.stanford.edu). It will ask for your password, which is your usual Stanford password.

Windows 10

If you have Windows 10, you can enable Developer Mode to be able to log in to myth through a Linux environment on your own laptop (you could also follow the older Windows version instructions below instead--your choice).

First, follow the instructions here to the end of that page. After you create a Unix user (last step at that page), you need to make a settings adjustment to the screen buffer size (allows you to scroll back further in your window history, it will make your life much easier later):

After this point, close the Ubuntu on Windows program and then start it again. In this program, you'll initially be seeing the files and programs of your own laptop but through the lens of Unix. From there you can use the ssh command to connect to the myth machines. Just be sure to keep track in your own mind of whether you're on myth or your own laptop at any given moment! The ssh command you want to type is:

ssh [sunet]@myth.stanford.edu

where [sunet] is your SUNet ID (i.e., the name part of your stanford email address, so I would type ssh cbl@myth.stanford.edu). It will ask for your password, which is your usual Stanford password.

Windows (all versions)

(optional for Windows 10, required for versions older than Windows 10)

Download and install the SecureCRT software program that will run ssh for you. It is available for download free from Stanford (usually $100). Of the two download options at that link (32-bit and 64-bit), choose 64-bit unless your computer is more than about 5 years old.

After the program is installed, you want to go to File -> Quick Connect. Enter Hostname "myth.stanford.edu". For Username, enter your SUNet ID (i.e., the name part of your stanford email address). * Leave everything else as-is, and click Connect.

It will ask you for a password; use your usual Stanford password. You don't need to type the ssh command as with Linux and macOS--the SecureCRT program is your ssh client.

Note: if you are unable to install SecureCRT for some reason (for example, if it is not your computer and you don't have permission to install software), download the Putty program instead. It does not require install; you just directly run the downloaded putty.exe file. Putty is available here. It works basically the same as SecureCRT, but has fewer "nice-to-have" features such as copy-pasting from the screen.

Linux

Open a Terminal window and follow the steps for MacOS.

Understanding myth

If you have successfully logged in to myth, you should see something like this:

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
 myth7.Stanford.EDU      
 Ubuntu 14.04 (Linux 3.13.0-106-generic amd64)
 2 x Intel(R) Core(TM)2 Duo CPU E8500 @ 3.16GHz, 7.73 GB RAM, 3.81 GB swap
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
   -> For help with your SUNetID, AFS, or class dirs call 725-HELP, or visit
            http://helpsu.stanford.edu 
   -> For problems with hardware, local software, or facilities email
            action@soe.stanford.edu 
   -> The myths are not for CPU-intensive workloads. For alternative
            computers see http://farmshare.stanford.edu 
   -> To logout of the console, click in the background then hit ctrl-alt-del.

myth7:~>

The "myth7" part may name a different myth (myth1 or myth12, etc). Remember that Gates B08 contains many myth machines. When you ssh to "myth.stanford.edu" as a generic name, you are randomly assigned to one of the myths that is currently most idle (fewest other people trying to use it). This log in greeting message is simply telling you which one you were assigned. You may also ssh to a specific myth by using that myth's name (e.g., ssh cbl@myth9.stanford.edu), but you won't need to do this until perhaps the very last assignment. The myths all share a single file system called AFS, so any files you save for yourself on one myth will appear the same on other myths.

YOUR TURN: GO AHEAD AND FOLLOW THE INSTRUCTIONS FOR YOUR COMPUTER, AND TRY THIS! Now is the time! Do not proceed until you have seen the text shown above, indicating a successful login.

Upload/download files from myth

The above instructions allow you to access myth to do things on myth--edit your code, compile your code, run your code, debug your code, submit your code, and so on. What it doesn't allow you to do is to bring any files that are on myth back with you to your own computer. To do that, you'll need an FTP/SCP file transfer program. There are several options for this, again varying based on your operating system. But the easiest is probably just to use Stanford's AFS web interface. You'll be asked to log in to Stanford as you would for Axess and other secure Stanford websites (unless you are already logged in to one of those at the moment). It will then take you to a list of all the files on your myth account. Click the download icon next to any file to download it. You can also uplaod files using this web interface, and files you add will be visible when you ssh to myth.

YOUR TURN: GO AHEAD AND FOLLOW THE INSTRUCTIONS ABOVE TO ACCESS YOUR FILES AND UPLOAD A FILE FROM YOUR LAPTOP TO MYTH VIA THE WEB! It can be any file (just pick some image or Word doc essay or anything). Do not proceed until you see your file listed on the web page (you may need to refresh), indicating successful upload. You could also try downloading a file.

Unix tutorial/scavenger hunt

Now that you've successfully logged in to myth, you need to take a look around and get comfortable working in a Unix environment. We have set this up as a scavenger hunt. In the beginning, the scavenger hunt includes explanatory material introducing each step as you go, so you can dive right in without any prior knowledge or experience. As the scavenger hunt progresses, and especially as you get to the simulated hacker/intruder detection part of the part of activity, there are fewer explanations and you'll be expected to practice the skills you learned earlier. If you need to refresh yourself on the details of the earlier lessons, you should refer to this reference page that our TAs put together that reviews the scavenger hunt material:

To begin, use ssh to connect to myth and then type these two commands at the prompt, pressing enter after each one (we'll explain what exactly these commands are doing shortly, for now just bear with us):

cd /afs/ir/class/cs107/samples/unixhunt
cat clue1

Now you should see the text of the first clue printed in your terminal. Follow its instructions to proceed. Good luck! Remember to ask your TA if you have any questions or get stuck.

At some point in the scavenger hunt, you will use the Mercurial (hg command) to check out your assign0 repo. Refer to the CS107 Guide to Mercurial or stop by office hours if you need more help with the Mercurial step.

Simulated Intruder/Hacker Activity

This part of assign0 doesn't come with as much guidance as the earlier scavenger hunt. We'll expect you to think about which commands you were taught earlier will be the most helpful as you try to solve the mystery and answer your friend's questions about what happened to their computer.

Situation: You would like to help a friend whose Unix-based system has been affected by an unauthorized access. Your friend has made a backup copy of several key directories on the system as evidence. They've made a copy of this evidence for you, and would like you to look through it to try to piece together some of the details of what happened.

These evidence files are in /afs/ir/class/cs107/samples/server_image-91107/.

Your friend has determined that one of the first things that the intruder did is add themselves (their username) to the list of "trusted" users of the system. This list is kept in a file config/trusted.list. Whenever this file is edited, a backup copy of its contents before the edit is automatically made. This backup copy from the most recent edit is also in the config/ directory.

The malicious intruder is the only person whose username was added between these two versions. Based on this information, you should be able to answer these two questions (put your answers in the readme.txt):

Your friend suspects that the intruder was trying to install malicious programs on the system. The system's programs (including ones you'll recognize like ls and cd, among others) are located in the bin/ directory. Knowing that the intruder was the only person logged in to the system around the time that they edited the trusted.list, look at the programs and determine which ones may have been edited or installed by the intruder, based on the timestamps of the files. Answer this question in the readme.txt:

Having the malicious code present on the system is of little use (from the intruder's perspective) if it is not executed. Your friend's system has a way that each user can configure certain programs to be automatically launched whenever they log in. This convenience is something the intruder may have tried to exploit, by editing other users' configuration of this feature to execute the malicious programs they installed or modified. Each user has a file called init.d in their home directory. The users' home directories are located in the user/ directory. Answer this question in your readme.txt file:

Deliverables

The following are graded deliverables you should be sure you have done over the course of your scavenger hunt in order to get full credit:

  1. Just after you clone assign0, add your name to the readme.txt and commit with just that one change.
  2. In readme.txt, answer the open-ended question about what you learned about Unix (can be done at any time, not really tied to a particular point in the scavenger hunt).
  3. In readme.txt, answer the open-ended question about what you learned about your chosen editor, either emacs or vim (can be done at any time, not really tied to a particular point in the scavenger hunt).
  4. In readme.txt, answer the question about the Honor Code (first read our course Collaboration and Honor Code Policy).
  5. In readme.txt, answer the question about the number "111".
  6. Edit one line of the m_map.txt file, as specified in scavenger hunt.
  7. In the readme.txt file, answer the first intruder detection question (what is the username of the intruder).
  8. In the readme.txt file, answer the second intruder detection question (what is the date/time that the trusted.txt file was changed).
  9. In the readme.txt file, answer the third intruder detection question (which programs in the bin directory were edited by the intruder).
  10. In the readme.txt file, answer the fourth intruder detection question (what are the usernames of the non-malicious users whose init.d files were compromised).

Each assignment comes with a companion page of advice and hints. This assignment doesn't have as much material there as some others will, but get used to checking there as you work (and before going to Piazza, since we have FAQ there!): Go to advice/FAQ page

Making a commit and submit

Start a habit of making regular commits (cs107 guide to Mercurial) of your work to track your progress and be sure to submit for grading when finished. You are free to make more than one submission (we grade only your most recent). It's a good idea to submit something early--even if it's not yet complete--to "lock in" at least some points in the event that an unexpected disaster prevents you from submitting right at deadline time.

Grading

The assignment is graded out of 20 points, which are awarded based on a review of your readme.txt and m_map.txt files: 2 points per question.

Finishing

After you are finished with your work and have committed all your changes, you must follow the submit instructions to hand in your work. Submit is distinct from commit! You commit as you are working to take snapshots of your progress and submit when finished to send your work to the staff for grading. If you only commit, but never submit, we never see your work and will score the empty repo as a zero.

We recommend you do a trial submit well in advance of the deadline to familiarize yourself with the process and allow time to work through any snags. You can replace that submission with a subsequent one if desired.

No late submissions are accepted on this assignment. The deadline is firm without exception. This assignment is worth a very small numer of points compared to other assignments, but don't miss this chance to snap up some quick points and start your quarter off right!



Contents