Cyber Patriot 18 CP-18 Round 2 Mint 21 Answer Key

Summary

Total Checks: 98
Positive Checks: 25
Penalties: 72
Maximum Possible Points: 100

Forensics Questions

Question 1

File Path: /home/benjamin/Desktop/Forensics Question 1.txt

Content:

What is the very first message that is displayed to clients 
as soon as they connect to the FTP server (before logging in)?
( EXAMPLE: 220 Hello World )
ANSWER: <Type Answer Here>

Question 2

File Path: /home/benjamin/Desktop/Forensics Question 2.txt

Content:

The ftpusers file is a list of usernames not allowed to log in via FTP, even 
if they're valid system users. Two users have reported issues logging into 
the FTP server, and you suspect they were mistakenly added to ftpusers.
Which two users have been prevented from logging onto the FTP server?
( EXAMPLE: llitt )
ANSWER: <Type Answer Here>
ANSWER: <Type Answer Here>

Category: Account policy (F) (ACT)

✅ A minimum password length is required `+4`

Specific Conditions:

/etc/pam.d/common-password has Exists equal to true
Data of /etc/pam.d/common-password matches pattern (?i)^\s*password[^\n]*pam_unix.so[^\n]*minlen=0*[1-9]+[0-9]*
OR
/etc/pam.d/common-password has Exists equal to true
Data of /etc/pam.d/common-password matches pattern (?i)^\s*password[^\n]*pam_unix.so
Data of /etc/pam.d/common-password matches pattern (?i)^\s*password[^\n]*pam_cracklib.so[^\n]*minlen=0*[1-9]+[0-9]*
OR
/etc/pam.d/common-password has Exists equal to true
Data of /etc/pam.d/common-password matches pattern (?i)^\s*password[^\n]*pam_unix.so
Data of /etc/pam.d/common-password matches pattern (?i)^\s*password[^\n]*pam_pwquality.so[^\n]*minlen=0*[1-9]+[0-9]*
OR
OR
/usr/lib/i386-linux-gnu/security/pam_cracklib.so has Exists equal to true
OR
OR
OR
/usr/lib/x86_64-linux-gnu/security/pam_cracklib.so has Exists equal to true
OR
OR
OR
OR
/usr/lib/i386-linux-gnu/security/pam_pwquality.so has Exists equal to true
OR
OR
OR
/usr/lib/x86_64-linux-gnu/security/pam_pwquality.so has Exists equal to true

ID: `PWMINL`

Category: Application security (F) (APP)

✅ FTP users may log in with SSL `+5`

Specific Conditions:

/etc/vsftpd.conf has Exists equal to true
Data of /etc/vsftpd.conf matches pattern ^\s*local_root\s*=\s*/srv/afa
Data of /etc/vsftpd.conf matches pattern ^\s*ssl_enable\s*=\s*(?i)(YES|TRUE|1)

ID: `FTP_SSL`

Category: Application update (F) (AUP)

✅ Chromium has been updated `+4`

Specific Conditions:

/usr/lib/chromium/chromium has Exists equal to true
/usr/lib/chromium/chromium has Signature equal to 0:7f454c4602
/usr/lib/chromium/chromium has BuildID not equal to 6e1c92650f83897b300dc129c4069914dbccf83a

ID: `CHRM`

✅ Vsftpd has been updated `+4`

Specific Conditions:

/usr/sbin/vsftpd has Exists equal to true
/usr/sbin/vsftpd has Signature equal to 0:7f454c4602
/usr/sbin/vsftpd has BuildID not equal to fc5dd07368a19c9258b75efa395e200b4b862e74

ID: `VSFTP`

Category: Defensive countermeasure (F) (DEF)

✅ Uncomplicated Firewall (UFW) protection has been enabled `+5`

Specific Conditions:

Output of nft-n list ruleset exists
Output of nft-n list ruleset matches pattern ^\s*chain\s+INPUT
Output of nft-n list ruleset matches pattern ^\s*chain\s+OUTPUT
Output of nft-n list ruleset exists
Output of nft-n list ruleset matches pattern ^\s*chain\s+INPUT
Output of nft-n list ruleset matches pattern ^\s*chain\s+OUTPUT
Output of nft-n list ruleset exists
Output of nft-n list ruleset matches pattern ^\s*chain\s+INPUT
Output of nft-n list ruleset matches pattern ^\s*chain\s+OUTPUT
OR
/etc/ufw/ufw.conf has Exists equal to true
Data of /etc/ufw/ufw.conf matches pattern (?i)^\s*ENABLED="?yes"?

ID: `FWALL`

Category: Prohibited file (F) (FIL)

✅ Prohibited MP3 files are removed `+4`

Specific Conditions:

/srv/afa/01-01- Ocean Motion.mp3 has Exists equal to false
OR
/srv/afa/01-04- Tinker Bells Dream.mp3 has Exists equal to false
OR
/srv/afa/01-07- Last Thoughts.mp3 has Exists equal to false
OR
/srv/afa/ has Exists equal to true

ID: `MP3`

Category: Forensic Question (F) (FOR)

✅ Forensics Question 1 correct `+6`

Specific Conditions:

Data of /home/benjamin/Desktop/Forensics Question 1.txt matches pattern (?i)^\s*[A-Z]{6}:\s*(?:220\s+)?Welcome\sto\sAFA(?:\s|$)

ID: `Q1`

✅ Forensics Question 2 correct `+6`

Specific Conditions:

Data of /home/benjamin/Desktop/Forensics Question 2.txt matches pattern (?i)^\s*[A-Z]{6}:\s*rzane(?:\s|$)
Data of /home/benjamin/Desktop/Forensics Question 2.txt matches pattern (?i)^\s*[A-Z]{6}:\s*shuntley(?:\s|$)

ID: `Q2`

Category: Operating system update (F) (OUP)

✅ The system refreshes the list of updates automatically `+4`

Specific Conditions:

Output of /usr/bin/su-l -s /bin/bash -c /usr/bin/dconf dump /com/linuxmint/ benjamin matches pattern refresh-schedule-enabled=true

ID: `DAILY_MNT`

✅ The update manager installs updates automatically `+4`

Specific Conditions:

/var/lib/linuxmint/mintupdate-automatic-upgrades-enabled has Exists equal to true

ID: `AUTO_MNT`

✅ Install updates from important security updates `+4`

Specific Conditions:

/etc/apt/sources.list has Exists equal to true
Data of /etc/apt/sources.list matches pattern ^\s*deb\s+https?://[^/]+.ubuntu.com/ubuntu/?\s+[^\s]+-security\s+(?:[^\n]+\s+)?main

ID: `SEC_UBU`

✅ Systemd has been updated `+4`

Specific Conditions:

/usr/lib/systemd/systemd has Exists equal to true
/usr/lib/systemd/systemd has Signature equal to 0:7f454c4602
/usr/lib/systemd/systemd has BuildID not equal to ef2b0a29855b95866e8343e4af5edbcd2b7fc6c6

ID: `SYSD`

Category: Penalty (F) (PEN)

➖ WARNING: VirtualBox is unsupported `0`

Specific Conditions:

Data of /proc/bus/input/devices matches pattern VirtualBox
OR
Data of /sys/devices/virtual/dmi/id/product_name matches pattern VirtualBox
OR
Data of /sys/devices/virtual/dmi/id/bios_version matches pattern VirtualBox
OR
Data of /sys/devices/virtual/dmi/id/board_name matches pattern VirtualBox

ID: `VBX`

❌ VSFTP service has been stopped or removed `-5`

Specific Conditions:

Process /vsftpd does not exists
OR
OR
OR
/usr/sbin/vsftpd has Exists equal to false

ID: `SRV_VSFTPD`

❌ Chromium has been removed `-5`

Specific Conditions:

/usr/lib/chromium/chromium has Exists not equal to true

ID: `SFT_CHRM`

❌ Missing or corrupt FTP configuration `-5`

Specific Conditions:

/etc/vsftpd.conf has Exists equal to true
Data of /etc/vsftpd.conf does not match pattern ^\s*local_root\s*=\s*/srv/afa
OR
/etc/vsftpd.conf has Exists equal to true
Data of /etc/vsftpd.conf matches pattern ^\s*anonymous_enable\s*=\s*YES
Data of /etc/vsftpd.conf does not match pattern ^\s*local_enable\s*=\s*
OR
/etc/vsftpd.conf has Exists equal to true
Data of /etc/vsftpd.conf matches pattern ^\s*anonymous_enable\s*=\s*YES
Data of /etc/vsftpd.conf matches pattern ^\s*local_enable\s*=\s*NO

ID: `CFG_VSFTPD`

❌ Removed one or more authorized administrators `-5`

Specific Conditions:

Data of /etc/group does not match pattern (?i)^(?:sudo|wheel):[^\n]*[:,]benjamin(?:,|$)
OR
OR
OR
benjamin has Exists equal to false
OR
OR
jpearson has Exists equal to false
OR
OR
hspecter has Exists equal to false
OR
OR
llitt has Exists equal to false

ID: `USRA`

❌ Removed one or more authorized users `-5`

Specific Conditions:

dscott has Exists equal to false
OR
nnesbitt has Exists equal to false
OR
pporter has Exists equal to false
OR
kbennett has Exists equal to false
OR
mross has Exists equal to false
OR
rzane has Exists equal to false
OR
dpaulsen has Exists equal to false
OR
shuntley has Exists equal to false
OR
jpomaville has Exists equal to false
OR
sbandaru has Exists equal to false
OR
sthomas has Exists equal to false

ID: `USRS`

❌ Removed one or more authorized user directories `-5`

Specific Conditions:

/home/benjamin has Exists equal to false
OR
/home/jpearson has Exists equal to false
OR
/home/hspecter has Exists equal to false
OR
/home/llitt has Exists equal to false
OR
/home/dscott has Exists equal to false
OR
/home/nnesbitt has Exists equal to false
OR
/home/pporter has Exists equal to false
OR
/home/kbennett has Exists equal to false
OR
/home/mross has Exists equal to false
OR
/home/rzane has Exists equal to false
OR
/home/dpaulsen has Exists equal to false
OR
/home/shuntley has Exists equal to false
OR
/home/jpomaville has Exists equal to false
OR
/home/sbandaru has Exists equal to false
OR
/home/sthomas has Exists equal to false

ID: `USRD`

Category: Local policy (F) (POL)

✅ IPv4 TCP SYN cookies have been enabled `+4`

Specific Conditions:

/proc/sys/net/ipv4/tcp_syncookies has Exists equal to true
Data of /proc/sys/net/ipv4/tcp_syncookies matches pattern 1

ID: `PRC_SYNC`

Category: Penalty (F) (SCR)

❌ Removed multiple authorized user directories `-2`

Specific Conditions:

/home/benjamin has Exists equal to false
OR
/home/jpearson has Exists equal to false
OR
/home/hspecter has Exists equal to false
OR
/home/llitt has Exists equal to false
OR
/home/dscott has Exists equal to false
OR
/home/nnesbitt has Exists equal to false
OR
/home/pporter has Exists equal to false
OR
/home/kbennett has Exists equal to false
OR
/home/mross has Exists equal to false
OR
/home/rzane has Exists equal to false
OR
/home/dpaulsen has Exists equal to false
OR
/home/shuntley has Exists equal to false
OR
/home/jpomaville has Exists equal to false
OR
/home/sbandaru has Exists equal to false
OR
/home/sthomas has Exists equal to false

ID: `SCRD`

❌ Removed multiple authorized users `-6`

Specific Conditions:

dscott has Exists equal to false
OR
nnesbitt has Exists equal to false
OR
pporter has Exists equal to false
OR
kbennett has Exists equal to false
OR
mross has Exists equal to false
OR
rzane has Exists equal to false
OR
dpaulsen has Exists equal to false
OR
shuntley has Exists equal to false
OR
jpomaville has Exists equal to false
OR
sbandaru has Exists equal to false
OR
sthomas has Exists equal to false
OR
benjamin has Exists equal to false
OR
jpearson has Exists equal to false
OR
hspecter has Exists equal to false
OR
llitt has Exists equal to false

ID: `SCRU`

Category: Unwanted software (F) (SFT)

✅ Prohibited software aMule removed `+4`

Specific Conditions:

/usr/bin/amule has Exists equal to false
OR
/usr/ has Exists equal to true

ID: `AMUL`

✅ Prohibited software Wireshark removed `+4`

Specific Conditions:

/usr/bin/wireshark has Exists equal to false
OR
/usr/bin/ has Exists equal to true

ID: `WIRE`

✅ Prohibited software Zangband removed `+4`

Specific Conditions:

/usr/games/zangband has Exists equal to false
OR
/usr/ has Exists equal to true

ID: `ZANG`

❌ Performed an unspecified action on the filesystem `-2`

Specific Conditions:

/usr/sbin/lvmsadc has Exists equal to true
OR
/usr/sbin has Exists equal to false

ID: `CMWS`

❌ Performed an unspecified action on the filesystem `-2`

Specific Conditions:

/usr/bin/xscreensaver-getimage has Exists equal to true
OR
/usr/bin has Exists equal to false

ID: `USSV`

❌ Performed an unspecified action on the filesystem `-2`

Specific Conditions:

/usr/bin/ppmtorgb3 has Exists equal to true
OR
/usr/bin has Exists equal to false

ID: `JCRZ`

❌ Performed an unspecified action on the filesystem `-2`

Specific Conditions:

/bin/pinentry has Exists equal to true
OR
/bin has Exists equal to false

ID: `FMJZ`

❌ Performed an unspecified action on the filesystem `-2`

Specific Conditions:

/bin/foomatic-rip has Exists equal to true
OR
/bin has Exists equal to false

ID: `YXWW`

❌ Performed an unspecified action on the filesystem `-2`

Specific Conditions:

/usr/bin/hcitool has Exists equal to true
OR
/usr/bin has Exists equal to false

ID: `FJBQ`

❌ Performed an unspecified action on the filesystem `-2`

Specific Conditions:

/sbin/deluser has Exists equal to true
OR
/sbin has Exists equal to false

ID: `SMVG`

❌ Performed an unspecified action on the filesystem `-2`

Specific Conditions:

/usr/bin/grub-script-check has Exists equal to true
OR
/usr/bin has Exists equal to false

ID: `DGKV`

❌ Performed an unspecified action on the filesystem `-2`

Specific Conditions:

/sbin/ebtables-nft has Exists equal to true
OR
/sbin has Exists equal to false

ID: `RWDZ`

❌ Performed an unspecified action on the filesystem `-2`

Specific Conditions:

/bin/ranlib has Exists equal to true
OR
/bin has Exists equal to false

ID: `XXBJ`

❌ Performed an unspecified action on the filesystem `-2`

Specific Conditions:

/usr/sbin/zvol_wait has Exists equal to true
OR
/usr/sbin has Exists equal to false

ID: `JVFH`

❌ Performed an unspecified action on the filesystem `-2`

Specific Conditions:

/usr/bin/spa-inspect has Exists equal to true
OR
/usr/bin has Exists equal to false

ID: `BHGF`

❌ Performed an unspecified action on the filesystem `-2`

Specific Conditions:

/usr/bin/sensible-pager has Exists equal to true
OR
/usr/bin has Exists equal to false

ID: `NNIJ`

❌ Performed an unspecified action on the filesystem `-2`

Specific Conditions:

/bin/udevadm has Exists equal to true
OR
/bin has Exists equal to false

ID: `JBIH`

❌ Performed an unspecified action on the filesystem `-2`

Specific Conditions:

/usr/bin/grub-mkimage has Exists equal to true
OR
/usr/bin has Exists equal to false

ID: `FTKQ`

❌ Performed an unspecified action on the filesystem `-3`

Specific Conditions:

/bin/cmuwmtopbm has Exists equal to true
OR
/bin has Exists equal to false

ID: `MTEW`

❌ Performed an unspecified action on the filesystem `-3`

Specific Conditions:

/bin/aptitude has Exists equal to true
OR
/bin has Exists equal to false

ID: `PUYR`

❌ Performed an unspecified action on the filesystem `-3`

Specific Conditions:

/bin/comm has Exists equal to true
OR
/bin has Exists equal to false

ID: `WJUO`

❌ Performed an unspecified action on the filesystem `-3`

Specific Conditions:

/usr/sbin/vgremove has Exists equal to true
OR
/usr/sbin has Exists equal to false

ID: `CEYO`

❌ Performed an unspecified action on the filesystem `-3`

Specific Conditions:

/bin/X has Exists equal to true
OR
/bin has Exists equal to false

ID: `IGAG`

❌ Performed an unspecified action on the filesystem `-3`

Specific Conditions:

/usr/bin/vmware-rpctool has Exists equal to true
OR
/usr/bin has Exists equal to false

ID: `UQVL`

❌ Performed an unspecified action on the filesystem `-3`

Specific Conditions:

/sbin/jfs_debugfs has Exists equal to true
OR
/sbin has Exists equal to false

ID: `DOZN`

❌ Performed an unspecified action on the filesystem `-3`

Specific Conditions:

/usr/bin/pico has Exists equal to true
OR
/usr/bin has Exists equal to false

ID: `KKDH`

❌ Performed an unspecified action on the filesystem `-3`

Specific Conditions:

/usr/bin/pdffonts has Exists equal to true
OR
/usr/bin has Exists equal to false

ID: `GLNL`

❌ Performed an unspecified action on the filesystem `-4`

Specific Conditions:

/usr/bin/xvminitoppm has Exists equal to true
OR
/usr/bin has Exists equal to false

ID: `YMSQ`

❌ Performed an unspecified action on the filesystem `-4`

Specific Conditions:

/usr/bin/lp has Exists equal to true
OR
/usr/bin has Exists equal to false

ID: `FFTJ`

❌ Performed an unspecified action on the filesystem `-4`

Specific Conditions:

/bin/aa-features-abi has Exists equal to true
OR
/bin has Exists equal to false

ID: `RJCB`

❌ Performed an unspecified action on the filesystem `-4`

Specific Conditions:

/bin/ld.bfd has Exists equal to true
OR
/bin has Exists equal to false

ID: `ZHRW`

❌ Performed an unspecified action on the filesystem `-4`

Specific Conditions:

/usr/sbin/mount.ntfs-3g has Exists equal to true
OR
/usr/sbin has Exists equal to false

ID: `RSYM`

❌ Performed an unspecified action on the filesystem `-4`

Specific Conditions:

/bin/bzfgrep has Exists equal to true
OR
/bin has Exists equal to false

ID: `PZBJ`

❌ Performed an unspecified action on the filesystem `-4`

Specific Conditions:

/usr/sbin/ebtables-nft has Exists equal to true
OR
/usr/sbin has Exists equal to false

ID: `YENW`

❌ Performed an unspecified action on the filesystem `-4`

Specific Conditions:

/bin/t1ascii has Exists equal to true
OR
/bin has Exists equal to false

ID: `FERB`

❌ Performed an unspecified action on the filesystem `-4`

Specific Conditions:

/usr/bin/scanimage has Exists equal to true
OR
/usr/bin has Exists equal to false

ID: `VLPF`

❌ Performed an unspecified action on the filesystem `-4`

Specific Conditions:

/usr/sbin/vpddecode has Exists equal to true
OR
/usr/sbin has Exists equal to false

ID: `QFCA`

❌ Performed an unspecified action on the filesystem `-4`

Specific Conditions:

/usr/sbin/ModemManager has Exists equal to true
OR
/usr/sbin has Exists equal to false

ID: `HOSA`

❌ Performed an unspecified action on the filesystem `-4`

Specific Conditions:

/usr/bin/rvim has Exists equal to true
OR
/usr/bin has Exists equal to false

ID: `EOMI`

❌ Performed an unspecified action on the filesystem `-4`

Specific Conditions:

/bin/ppmtopi1 has Exists equal to true
OR
/bin has Exists equal to false

ID: `ITCM`

❌ Performed an unspecified action on the filesystem `-5`

Specific Conditions:

/usr/bin/foo2lava has Exists equal to true
OR
/usr/bin has Exists equal to false

ID: `DNIN`

❌ Performed an unspecified action on the filesystem `-5`

Specific Conditions:

/bin/sdptool has Exists equal to true
OR
/bin has Exists equal to false

ID: `XLLV`

❌ Performed an unspecified action on the filesystem `-5`

Specific Conditions:

/usr/bin/mdeltree has Exists equal to true
OR
/usr/bin has Exists equal to false

ID: `KXJO`

❌ Performed an unspecified action on the filesystem `-5`

Specific Conditions:

/bin/lzip has Exists equal to true
OR
/bin has Exists equal to false

ID: `USXC`

❌ Performed an unspecified action on the filesystem `-5`

Specific Conditions:

/bin/gemtopbm has Exists equal to true
OR
/bin has Exists equal to false

ID: `ATCY`

❌ Performed an unspecified action on the filesystem `-5`

Specific Conditions:

/usr/bin/factor has Exists equal to true
OR
/usr/bin has Exists equal to false

ID: `HATB`

❌ Performed an unspecified action on the filesystem `-5`

Specific Conditions:

/bin/xfd has Exists equal to true
OR
/bin has Exists equal to false

ID: `XDRB`

❌ Performed an unspecified action on the filesystem `-5`

Specific Conditions:

/bin/more has Exists equal to true
OR
/bin has Exists equal to false

ID: `KJMR`

❌ Performed an unspecified action on the filesystem `-5`

Specific Conditions:

/usr/bin/sbigtopgm has Exists equal to true
OR
/usr/bin has Exists equal to false

ID: `VQYF`

❌ Performed an unspecified action on the filesystem `-5`

Specific Conditions:

/bin/luit has Exists equal to true
OR
/bin has Exists equal to false

ID: `DOCW`

❌ Performed an unspecified action on the filesystem `-5`

Specific Conditions:

/bin/apt has Exists equal to true
OR
/bin has Exists equal to false

ID: `ANMI`

❌ Performed an unspecified action on the filesystem `-5`

Specific Conditions:

/bin/ntfsls has Exists equal to true
OR
/bin has Exists equal to false

ID: `FKFW`

❌ Performed an unspecified action on the filesystem `-5`

Specific Conditions:

/usr/bin/es2gears_wayland has Exists equal to true
OR
/usr/bin has Exists equal to false

ID: `XWAK`

❌ Performed an unspecified action on the filesystem `-5`

Specific Conditions:

/bin/libnetcfg has Exists equal to true
OR
/bin has Exists equal to false

ID: `PUUB`

❌ Performed an unspecified action on the filesystem `-5`

Specific Conditions:

/bin/pngtopnm has Exists equal to true
OR
/bin has Exists equal to false

ID: `EZYC`

❌ Performed an unspecified action on the filesystem `-5`

Specific Conditions:

/usr/bin/gemtopnm has Exists equal to true
OR
/usr/bin has Exists equal to false

ID: `KONS`

❌ Performed an unspecified action on the filesystem `-5`

Specific Conditions:

/usr/bin/ppmbrighten has Exists equal to true
OR
/usr/bin has Exists equal to false

ID: `PYAO`

❌ Performed an unspecified action on the filesystem `-6`

Specific Conditions:

/usr/bin/oakdecode has Exists equal to true
OR
/usr/bin has Exists equal to false

ID: `IMWB`

❌ Performed an unspecified action on the filesystem `-6`

Specific Conditions:

/bin/pnmcat has Exists equal to true
OR
/bin has Exists equal to false

ID: `CBHX`

❌ Performed an unspecified action on the filesystem `-6`

Specific Conditions:

/etc/nftables.conf has Exists equal to true
OR
/etc has Exists equal to false

ID: `ZHMV`

❌ Performed an unspecified action on the filesystem `-6`

Specific Conditions:

/bin/capinfos has Exists equal to true
OR
/bin has Exists equal to false

ID: `ZJUU`

❌ Performed an unspecified action on the filesystem `-6`

Specific Conditions:

/usr/bin/mint-refresh-cache has Exists equal to true
OR
/usr/bin has Exists equal to false

ID: `ORCB`

❌ Performed an unspecified action on the filesystem `-6`

Specific Conditions:

/usr/bin/rnano has Exists equal to true
OR
/usr/bin has Exists equal to false

ID: `QXUC`

❌ Performed an unspecified action on the filesystem `-6`

Specific Conditions:

/bin/gcc-ar has Exists equal to true
OR
/bin has Exists equal to false

ID: `ZGOQ`

❌ Performed an unspecified action on the filesystem `-6`

Specific Conditions:

/sbin/killall5 has Exists equal to true
OR
/sbin has Exists equal to false

ID: `SENA`

❌ Performed an unspecified action on the filesystem `-6`

Specific Conditions:

/usr/bin/df has Exists equal to true
OR
/usr/bin has Exists equal to false

ID: `QYZE`

❌ Performed an unspecified action on the filesystem `-6`

Specific Conditions:

/bin/glxdemo has Exists equal to true
OR
/bin has Exists equal to false

ID: `XJQL`

Category: Service auditing (F) (SRV)

✅ OpenSSH service is disabled or removed `+4`

Specific Conditions:

Process /sshd does not exists
OR
OR
OR
/usr/sbin/sshd has Exists equal to false

ID: `SSHD`

Category: Uncategorized operating system setting (F) (SYS)

✅ Insecure permissions on FTP root directory fixed `+5`

Specific Conditions:

/srv/afa/ has Exists equal to true
/srv/afa/ has others_write equal to false

ID: `FTP_PERM`

Category: User auditing (F) (USR)

✅ Guest account is disabled `+3`

Specific Conditions:

/etc/lightdm/lightdm.conf has Exists equal to true
Data of /etc/lightdm/lightdm.conf matches pattern (?i)^\s*\[Seat(Defaults|:\*)\]
Data of /etc/lightdm/lightdm.conf matches pattern (?i)^\s*allow-guest\s*=\s*false
OR
OR

ID: `GST`

✅ Removed unauthorized user tgianopolous `+3`

Specific Conditions:

tgianopolous has Exists equal to false

ID: `TGIA`

✅ Removed unauthorized user jquelling `+3`

Specific Conditions:

jquelling has Exists equal to false

ID: `JQUE`

✅ User dscott is not an administrator `+3`

Specific Conditions:

dscott has Exists equal to true
OR
/etc/group has Exists equal to true
Data of /etc/group matches pattern sudo:
Data of /etc/group does not match pattern (?i)^sudo:[^\n]*[:,]dscott

ID: `DSCO`

✅ Changed insecure password for user llitt `+3`

Specific Conditions:

llitt has Exists equal to true
llitt has Password not equal to ugotlittup

ID: `LLIT`

✅ Created new administrator account for edarby `+3`

Specific Conditions:

edarby has Exists equal to true
OR
/etc/group has Exists equal to true
Data of /etc/group matches pattern sudo:
Data of /etc/group matches pattern (?i)^sudo:([^\n]*,)?edarby

ID: `EDAR`

✅ User edarby must change password at next login `+3`

Specific Conditions:

edarby has Exists equal to true
OR
/etc/shadow has Exists equal to true
Data of /etc/shadow matches pattern (?i)^edarby:[^\n:]+:0:

Cyber Patriot 18 CP-18 Round 2 Mint 21 Answer Key

Summary

Forensics Questions

Question 1

Question 2

Category: Account policy (F) (ACT)

✅ A minimum password length is required +4

OR

OR

OR

OR

OR

OR

OR

OR

OR

OR

OR

OR

OR

OR

ID: PWMINL

Category: Application security (F) (APP)

✅ FTP users may log in with SSL +5

ID: FTP_SSL

Category: Application update (F) (AUP)

✅ Chromium has been updated +4

ID: CHRM

✅ Vsftpd has been updated +4

ID: VSFTP

Category: Defensive countermeasure (F) (DEF)

✅ Uncomplicated Firewall (UFW) protection has been enabled +5

OR

ID: FWALL

Category: Prohibited file (F) (FIL)

✅ Prohibited MP3 files are removed +4

OR

OR

OR

ID: MP3

Category: Forensic Question (F) (FOR)

✅ Forensics Question 1 correct +6

ID: Q1

✅ Forensics Question 2 correct +6

ID: Q2

Category: Operating system update (F) (OUP)

✅ The system refreshes the list of updates automatically +4

ID: DAILY_MNT

✅ The update manager installs updates automatically +4

ID: AUTO_MNT

✅ Install updates from important security updates +4

ID: SEC_UBU

✅ Systemd has been updated +4

ID: SYSD

Category: Penalty (F) (PEN)

➖ WARNING: VirtualBox is unsupported 0

OR

OR

OR

ID: VBX

❌ VSFTP service has been stopped or removed -5

OR

OR

OR

ID: SRV_VSFTPD

❌ Chromium has been removed -5

ID: SFT_CHRM

❌ Missing or corrupt FTP configuration -5

OR

OR

ID: CFG_VSFTPD

❌ Removed one or more authorized administrators -5

OR

OR

OR

OR

OR

OR

OR

OR

✅ A minimum password length is required `+4`

ID: `PWMINL`

✅ FTP users may log in with SSL `+5`

ID: `FTP_SSL`

✅ Chromium has been updated `+4`

ID: `CHRM`

✅ Vsftpd has been updated `+4`

ID: `VSFTP`

✅ Uncomplicated Firewall (UFW) protection has been enabled `+5`

ID: `FWALL`

✅ Prohibited MP3 files are removed `+4`

ID: `MP3`

✅ Forensics Question 1 correct `+6`

ID: `Q1`

✅ Forensics Question 2 correct `+6`

ID: `Q2`

✅ The system refreshes the list of updates automatically `+4`

ID: `DAILY_MNT`

✅ The update manager installs updates automatically `+4`

ID: `AUTO_MNT`

✅ Install updates from important security updates `+4`

ID: `SEC_UBU`

✅ Systemd has been updated `+4`

ID: `SYSD`

➖ WARNING: VirtualBox is unsupported `0`

ID: `VBX`

❌ VSFTP service has been stopped or removed `-5`

ID: `SRV_VSFTPD`

❌ Chromium has been removed `-5`

ID: `SFT_CHRM`

❌ Missing or corrupt FTP configuration `-5`

ID: `CFG_VSFTPD`

❌ Removed one or more authorized administrators `-5`

ID: `USRA`

❌ Removed one or more authorized users `-5`

ID: `USRS`

❌ Removed one or more authorized user directories `-5`

ID: `USRD`

✅ IPv4 TCP SYN cookies have been enabled `+4`

ID: `PRC_SYNC`

❌ Removed multiple authorized user directories `-2`

ID: `SCRD`

❌ Removed multiple authorized users `-6`

ID: `SCRU`

✅ Prohibited software aMule removed `+4`

ID: `AMUL`