The security administrator is analyzing a user’s history file on a Unix server to determine if the user was
attempting to break out of a rootjail. Which of the following lines in the user’s history log shows evidence that
the user attempted to escape the rootjail?

A.
cd ../../../../bin/bash

B.
whoami

C.
ls /root

D.
sudo -u root

Explanation:
On modern UNIX variants, including Linux, you can define the root directory on a perprocess basis. The chroot
utility allows you to run a process with a root directory other than /.
The root directory appears at the top of the directory hierarchy and has no parent: A process cannot access any
files above the root directory (because they do not exist). If, for example, you run a program (process) and
specify its root directory as /home/sam/jail, the program would have no concept of any files in /home/sam or
above: jail is the program’s root directory and is labeled / (not jail).By creating an artificial root directory, frequently called a (chroot) jail, you prevent a program from accessing or
modifying—possibly maliciously—files outside the directory hierarchy starting at its root. You must set up a
chroot jail properly to increase security: If you do not set up the chroot jail correctly, you can actually make it
easier for a malicious user to gain access to a system than if there were no chroot jail.
The command cd .. takes you up one level in the directory structure. Repeated commands would take you to
the top level the root which is represented by a forward slash /. The command /bin/bash is an attempt to run the
bash shell from the root level.