Tryhackme: Linux System Hardening

Daniel Schwarzentraub
5 min readSep 28, 2023

--

Task 1: Introduction

Task 2: Physical Security

What command can you use to create a password for the GRUB bootloader?

Answer: grub2-mkpasswd-pbkdf2

What does PBKDF2 stand for?

Answer: Password-Based Key Derivation Function 2

Task 3: Filesystem Partitioning and Encryption

What does LUKS stand for?

Answer: Linux Unified Key Setup

We cannot attach external storage to the VM, so we have created a /home/tryhackme/secretvault.img file instead. It is encrypted with the password 2N9EdZYNkszEE3Ad. To access it, you need to open it using cryptsetup and then mount it to an empty directory, such as myvault. What is the flag in the secret vault?

Let’s take a look at the question hint

Answer: THM{LUKS_not_LUX}

Task 4: Firewall

There is a firewall running on the Linux VM. It is allowing port 22 TCP as we can ssh into the machine. It is allowing another TCP port; what is it?

Answer: 12526

What is the allowed UDP port?

Answer: 14298

Task 5: Remote Access

What flag is hidden in the sshd_config file?

Answer: THM{secure_SEA_shell}

Task 6: Securing User Accounts

One way to disable an account is to edit the passwd file and change the account’s shell. What is the suggested value to use for the shell?

Answer: /sbin/nologin

What is the name of the RedHat and Fedora systems sudoers group?

Answer: wheel

What is the name of the sudoers group on Debian and Ubuntu systems?

Answer: sudo

Other than tryhackme and ubuntu, what is the username that belongs to the sudoers group?

Answer: blacksmith

Task 7: Software and Services

Besides FTPS, what is another secure replacement for TFTP and FTP?

Answer: SFTP

Task 8: Update and Upgrade Policies

What command would you use to update an older Red Hat system?

Answer: yum update

What command would you use to update a modern Fedora system?

Answer: dnf update

What two commands are required to update a Debian system? (Connect the two commands with &&.)

Answer: apt update && apt upgrade

What does yum stand for?

Answer: Yellowdog Updater, Modified

What does dnf stand for?

Answer: Dandified Yum

What flag is hidden in the sources.list file?

Answer: THM{not_Advanced_Persistent_Threat}

Task 9: Audit and Log Configuration

What command can you use to display the last 15 lines of kern.log?

Answer: tail 15 kern.log

What command can you use to display the lines containing the word denied in the file secure?

Answer: grep denied secure

Task 10: Conclusion and Final Notes

--

--