From f1c48f22ccffce3d76e89381ea7e87f7c98aaffe Mon Sep 17 00:00:00 2001 From: ghaymah_dev Date: Tue, 9 Sep 2025 17:41:04 +0000 Subject: [PATCH] Add exam1.md --- exam1.md | 139 +++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 139 insertions(+) create mode 100644 exam1.md diff --git a/exam1.md b/exam1.md new file mode 100644 index 0000000..5e64f04 --- /dev/null +++ b/exam1.md @@ -0,0 +1,139 @@ +# بسم الله الرحمن الرحيم + + +## Exam Instructions for Ghaymah Course + +### Exam Duration: 1 hour and 45 minutes (InshAllah). + +### Requirements: +- **Operating System**: Ubuntu, Kali, or any Linux distribution. +- **Ghaymah Cloud Account**: Sign up here https://deploy.ghaymah.systems/ + + +--- + + +## **Important Instructions for All Students** + +1. **Documentation is Mandatory:** For every question and sub-question, you must: + * Take a screenshot clearly showing the command you executed and its output in the terminal. + * Paste all screenshots into a single Google Docs or Microsoft Word document. + * Ensure each screenshot is clearly labeled with the question number (e.g., Q1a, Q1b, Q2c). + * For commands with long outputs, you may scroll and take multiple screenshots, but they must be contiguous and complete. + + +2. **Submission:** + * Save your document as: `YourFullName_GhaymahExam.docx` (or `.doc` / `.pdf`) + * Email the document to: **hr@ghaymah.systems** + * Subject Line: **Ghaymah Course Batch 1 Exam 1** + * The exam is incomplete without this submission. + +3. **Honor Code:** + * This is an individual exam. You must perform all tasks yourself on your own machine or a provided VM. + * You may use man pages, official documentation, and notes, but seeking help from others or online forums is prohibited. + + +--- + + +## **Section A: Deep Investigation & Analysis (60 marks)** + +### **1. Process vs Service: Beyond Definitions (15 marks)** +a) Find three currently running services using `systemctl`. Screenshot the command and output. + + +b) Choose the `ssh` service (if not available, choose `nginx` or `apache2`) and investigate: + + - Locate its main service file and show its path. Screenshot the command to find it and its contents. + + - Find all processes related to this service and display the process tree. Screenshot the command and output. + + - Identify which user account is running this service. Screenshot the proof. + + +c) Stop the SSH service temporarily using `systemctl stop sshd` (or your chosen service). + + - What happens to its processes? Prove using `ps aux | grep ssh` (or your service). Screenshot. + - Now restart the service. What is the new PID compared to the old one? Screenshot the status before and after. + + + + +### **2. Filesystem & Permission Forensics (15 marks)** +a) Create this directory structure: `~/secure_data/confidential/`. Screenshot the command. + +b) Inside `confidential/`, create a file `secret.txt` with the content "This is sensitive data." Screenshot. + +c) Set permissions so that: + + - Owner (you) has read, write, execute + + - Group has read-only + + - Others have no access + + Screenshot the `ls -l` output showing these permissions. + +d) Create a new user called `auditor`: `sudo adduser auditor`. Try to access the file as `auditor` (e.g., `sudo -u auditor cat ~/secure_data/confidential/secret.txt`). Screenshot the command and the permission denied error. + + +### **3. Advanced Networking & Port Analysis (20 marks)** +a) Port Scanning Investigation: + + - Scan your local machine (localhost) using `nmap -sS -O 127.0.0.1`. Screenshot the output showing open ports. + + - For each open port, find the exact process listening on it using `sudo ss -tulpn`. Screenshot the output. + + +b) Service Configuration Analysis: + - If you have SSH, focus on it. Otherwise, install/use `nginx` or another service. + + - Locate its main configuration file (e.g., `/etc/ssh/sshd_config` or `/etc/nginx/nginx.conf`). Screenshot the command and the line that defines the port. + + - Change the service to listen on port 2222 (for SSH) or 8080 (for nginx). Edit the config file, then restart the service. Screenshot the change and the restart command. + + - Prove it is now listening on the new port using `sudo ss -tulpn | grep :2222` (or 8080). Screenshot. + + +c) Firewall & Routing: + - Use `sudo ufw deny 2222/tcp` (or your port) to block it. Or use `sudo iptables -A INPUT -p tcp --dport 2222 -j DROP`. Screenshot the command. + + - Test that the port is now blocked. Try to connect: `ssh -p 2222 localhost` (should fail). Screenshot the failure. + + - Remove the rule (`ufw delete deny 2222/tcp` or `iptables -D INPUT ...`). Screenshot the removal and then a successful connection test. + + +### **4. Process Management & System Monitoring (10 marks)** +a) Start three background processes: `sleep 500 &`, `yes > /dev/null &`, `tail -f /var/log/syslog &`. Screenshot the `jobs` command. + +b) Monitor system resources using `top` (press '1' to see all CPUs). Let it run for a few seconds, then screenshot. + +c) Identify the `yes` process consuming high CPU. Use `ps aux --sort=-%cpu | head -5` to find it. Screenshot. + +d) Change its priority to the lowest: `sudo renice -n 19 -p [PID_of_yes]`. Screenshot the command and the updated `top` showing the nice value. + + + +### **5. Ghaymah Cloud Platform Integration (25 marks)** +a) Installation & Setup: + ```bash + curl -sSL https://cli.ghaymah.systems/install.sh | bash + ``` + Screenshot the entire installation process and output. + Verify installation: `ghaymah --version`. Screenshot. +b) Authentication & Account Management: + Login: `gy auth login`. Follow the prompts. Screenshot the successful login message. + Verify: `gy auth status`. Screenshot the output. +c) Project Management: + List Ghaymah projects. screenshot the output. + + + + +## **Submission Checklist** +- [ ] All screenshots are in one document. +- [ ] Each screenshot is clearly labeled (Q1a, Q1b, Q2a, etc.). +- [ ] Document is saved as `YourFullName_GhaymahExam.pdf`. +- [ ] Email sent to **hr@ghaymah.systems** with subject **Ghaymah Course Batch 1 Exam 1**. + +**بالتوفيق ان شاء الله** \ No newline at end of file