Assignment 0: UNIX Scavenger Hunt

Due: Mon Apr 10 11:59 pm
No late submissions accepted.

Assignment by Cynthia Lee (incorporating past Unix guides and scavenger hunt from Schuyler, Travis, Sumi, and Mindy)

[Quick Links: Advice page, Grading]

Learning goals

Completing this assignment will give you valuable practice with working in the unix environment, including:

  1. setting up ssh to log in to myth (our class' computers),
  2. navigating the filesystem,
  3. executing programs,
  4. editing files,
  5. using common helpful UNIX tools,
  6. and configuring your UNIX environment for better ease and comfort.

Introduction

Everything we'll do this quarter involves running commands on Unix. Developed in the 70s at Bell Labs, Unix is an operating system, like Windows or Android or MacOS. Over the years, Unix and its derivatives and cousins, including Linux, have become ubiquitous. In fact, MacOS X is built on Unix and lets you access its Unix insides through the Terminal (more on that later). Although technically Linux (that we'll use in this class) isn't Unix, but rather a copy-cat of Unix rebuilt from the ground up to address some of Unix's limitations. However, the interface that users (that's us!) see is so similar that for the purposes of this class "Linux" and "Unix" are synonymous.

In CS107, we'll be working on "myth," a cluster of computers in the basement of Gates running Ubuntu Linux. The myth computers themselves are physically located in Gates B08, and you'll use them in person during your labs this quarter. You'll also use them remotely to do assignments, because the room is not always available to everyone (for example, during scheduled labs).

Your assignment

This introductory exercise is intended to acclimate you to the UNIX environment. It proceeds as follows:

  1. Instructions for logging in to myth with SSH (no specific deliverable, but needed to complete assign0)
  2. Unix tutorial in the form of a scavenger hunt and simulated hacker/intruder detection activity, with milestones recorded for turning in as your assign0.

Note for the Unix experts: If you are already familiar with Unix, you will find that the explanatory passages in the beginning of the scavenger hunt cover material you already know, but you should be able to skim them and finish fairly quickly. You may also learn a few useful things that are more specific to our CS107, such as our use of Mercurial (the hg command to check out, commit, and submit code for your assignments). I hope the intruder detection portion will be more fun for you! (though again you should be able to do it quickly)

Logging in to myth with SSH

The first step of this assignment is to set up your own computer to log in to myth. Logging in through a program called ssh will allow you to work on the myth computers in a way that is indistinguishable from being physically in the Gates B08 room. While some version of ssh is available on all kinds of computers, the exact details of this step will be different depending on what kind of computer you have:

YOUR TURN: GO AHEAD AND FOLLOW THE INSTRUCTIONS FOR YOUR COMPUTER, AND TRY THIS! Now is the time! Do not proceed until you have seen myth's successful login welcome text, as shown at the links above.

Upload/download files from myth

The above instructions allow you to access myth to do things on myth--edit your code, compile your code, run your code, debug your code, submit your code, and so on. What it doesn't allow you to do is to bring any files that are on myth back with you to your own computer. To do that, you'll need an FTP/SCP file transfer program. There are several options for this, again varying based on your operating system. But the easiest is probably just to use Stanford's AFS web interface. You'll be asked to log in to Stanford as you would for Axess and other secure Stanford websites (unless you are already logged in to one of those at the moment). It will then take you to a list of all the files on your myth account. Click the download icon next to any file to download it. You can also uplaod files using this web interface, and files you add will be visible when you ssh to myth.

YOUR TURN: GO AHEAD AND FOLLOW THE INSTRUCTIONS ABOVE TO ACCESS YOUR FILES AND UPLOAD A FILE FROM YOUR LAPTOP TO MYTH VIA THE WEB! It can be any file (just pick some image or Word doc essay or anything). Do not proceed until you see your file listed on the web page (you may need to refresh), indicating successful upload. You could also try downloading a file.

Unix tutorial/scavenger hunt

Now that you've successfully logged in to myth, you need to take a look around and get comfortable working in a Unix environment. We have set this up as a scavenger hunt. In the beginning, the scavenger hunt includes explanatory material introducing each step as you go, so you can dive right in without any prior knowledge or experience. As the scavenger hunt progresses, and especially as you get to the simulated hacker/intruder detection part of the part of activity, there are fewer explanations and you'll be expected to practice the skills you learned earlier. If you need to refresh yourself on the details of the earlier lessons, you should refer to this reference page that our TAs put together that reviews the scavenger hunt material:

To begin, use ssh to connect to myth and then type these two commands at the prompt, pressing enter after each one (we'll explain what exactly these commands are doing shortly, for now just bear with us):

cd /afs/ir/class/cs107/samples/unixhunt
cat clue1

Now you should see the text of the first clue printed in your terminal. Follow its instructions to proceed. Good luck! Remember to ask your TA if you have any questions or get stuck.

At some point in the scavenger hunt, you will use the Mercurial (hg command) to check out your assign0 repo. Refer to the CS107 Guide to Mercurial or stop by office hours if you need more help with the Mercurial step.

Simulated Intruder/Hacker Activity

This part of assign0 doesn't come with as much guidance as the earlier scavenger hunt. We'll expect you to think about which commands you were taught earlier will be the most helpful as you try to solve the mystery and answer your friend's questions about what happened to their computer.

Situation: You would like to help a friend whose Unix-based system has been affected by an unauthorized access. Your friend was worried about the few days that the hacker had access to the system and has made a backup copy of several key directories on the system as evidence. They've made a copy of this evidence for you, and would like you to look through it to try to piece together some of the details of what happened.

These evidence files are in /afs/ir/class/cs107/samples/server_image-91107/.

Your friend has determined that one of the first things that the intruder did is add themselves (their username) to the list of "trusted" users of the system. This list is kept in a file config/trusted.list. Whenever this file is edited, a backup copy of its contents before the edit is automatically made. This backup copy from the most recent edit is also in the config/ directory.

The malicious intruder is the only person whose username was added between these two versions. Based on this information, you should be able to answer these two questions (put your answers in the readme.txt):

Your friend suspects that the intruder was trying to install malicious programs on the system. The system's programs (including ones you'll recognize like ls and cd, among others) are located in the bin/ directory. Knowing that the intruder was the only person logged in to the system around the time that they edited the trusted.list, look at the programs and determine which ones may have been edited or installed by the intruder, based on the timestamps of the files. Answer this question in the readme.txt:

Having the malicious code present on the system is of little use (from the intruder's perspective) if it is not executed. Your friend's system has a way that each user can configure certain programs to be automatically launched whenever they log in. This convenience is something the intruder may have tried to exploit, by editing other users' configuration of this feature to execute the malicious programs they installed or modified. Each user has a file called init.d in their home directory. The users' home directories are located in the user/ directory. You can open a couple of these init.d files to see what they look like, but the main thing to know is that if the name of one of the malicious programs you identified appears anywhere in the init.d file, that file should be considered compromised. Answer this question in your readme.txt file:

Deliverables

The following are graded deliverables you should be sure you have done over the course of your scavenger hunt in order to get full credit:

  1. Just after you clone assign0, add your name to the readme.txt and commit with just that one change.
  2. In readme.txt, answer the open-ended question about what you learned about Unix (can be done at any time, not really tied to a particular point in the scavenger hunt).
  3. In readme.txt, answer the open-ended question about what you learned about your chosen editor, either emacs or vim (can be done at any time, not really tied to a particular point in the scavenger hunt).
  4. In readme.txt, answer the question about the Honor Code (first read our course Collaboration and Honor Code Policy).
  5. In readme.txt, answer the question about the number "111".
  6. Edit one line of the m_map.txt file, as specified in scavenger hunt.
  7. In the readme.txt file, answer the first intruder detection question (what is the username of the intruder).
  8. In the readme.txt file, answer the second intruder detection question (what is the date/time that the trusted.txt file was changed).
  9. In the readme.txt file, answer the third intruder detection question (which programs in the bin directory were edited by the intruder).
  10. In the readme.txt file, answer the fourth intruder detection question (what are the usernames of the non-malicious users whose init.d files were compromised).

Each assignment comes with a companion page of advice and hints. This assignment doesn't have as much material there as some others will, but get used to checking there as you work (and before going to Piazza, since we have FAQ there!): Go to advice/FAQ page

Making a commit and submit

Start a habit of making regular commits (cs107 guide to Mercurial) of your work to track your progress and be sure to submit for grading when finished. You are free to make more than one submission (we grade only your most recent). It's a good idea to submit something early--even if it's not yet complete--to "lock in" at least some points in the event that an unexpected disaster prevents you from submitting right at deadline time.

Grading

The assignment is graded out of 20 points, which are awarded based on a review of your readme.txt and m_map.txt files: 2 points per question.

Finishing

After you are finished with your work and have committed all your changes, you must follow the submit instructions to hand in your work. Submit is distinct from commit! You commit as you are working to take snapshots of your progress and submit when finished to send your work to the staff for grading. If you only commit, but never submit, we never see your work and will score the empty repo as a zero.

We recommend you do a trial submit well in advance of the deadline to familiarize yourself with the process and allow time to work through any snags. You can replace that submission with a subsequent one if desired.

No late submissions are accepted on this assignment. The deadline is firm without exception. This assignment is worth a very small numer of points compared to other assignments, but don't miss this chance to snap up some quick points and start your quarter off right!



Contents