PrepAway - Latest Free Exam Questions & Answers

Which of the following lines in the user’s history log shows evidence that the user attempted to escape the

The security administrator is analyzing a user’s history file on a Unix server to determine if the user was
attempting to break out of a rootjail. Which of the following lines in the user’s history log shows evidence
that the user attempted to escape the rootjail?

PrepAway - Latest Free Exam Questions & Answers

A.
cd ../../../../bin/bash

B.
whoami

C.
ls /root

D.
sudo -u root

Explanation:
On modern UNIX variants, including Linux, you can define the root directory on a perprocess basis. The
chroot utility allows you to run a process with a root directory other than /.
The root directory appears at the top of the directory hierarchy and has no parent: A process cannot
access any files above the root directory (because they do not exist). If, for example, you run a program
(process) and specify its root directory as /home/sam/jail, the program would have no concept of any files
in /home/sam or above: jail is the program’s root directory and is labeled / (not jail).
By creating an artificial root directory, frequently called a (chroot) jail, you prevent a program from
accessing or modifying—possibly maliciously—files outside the directory hierarchy starting at its root. You
must set up a chroot jail properly to increase security: If you do not set up the chroot jail correctly, you
can actually make it easier for a malicious user to gain access to a system than if there were no chroot jail.
The command cd .. takes you up one level in the directory structure. Repeated commands would take you
to the top level the root which is represented by a forward slash /. The command /bin/bash is an attempt
to run the bash shell from the root level.
Incorrect Answers:
B: The whoami command is used to display the username that the user is working under. It does not
signify an attempt to break out of a rootjail.
C: The ls / command is used to list the directories at the root level of the directory structure. It does not
signify an attempt to break out of a rootjail.
D: The sudo -u root command is used to change the security context to that of the root user. The root
user is equivalent to the Administrator account in Windows. It does not signify an attempt to break out of
a rootjail.

http://searchitchannel.techtarget.com/feature/Secure-your-Linux-server-with-a-chroot-jail-or-TCPwrappers


Leave a Reply