GhaymahCourseExam/exam1.md

بسم الله الرحمن الرحيم

Exam Instructions for Ghaymah Course

Exam Duration: 1 hour and 45 minutes (InshAllah).

Requirements:

• Operating System: Ubuntu, Kali, or any Linux distribution.
• Ghaymah Cloud Account: Sign up here https://deploy.ghaymah.systems/

---

Important Instructions for All Students

1. Documentation is Mandatory: For every question and sub-question, you must:

   • Take a screenshot clearly showing the command you executed and its output in the terminal.
   • Paste all screenshots into a single Google Docs or Microsoft Word document.
   • Ensure each screenshot is clearly labeled with the question number (e.g., Q1a, Q1b, Q2c).
   • For commands with long outputs, you may scroll and take multiple screenshots, but they must be contiguous and complete.

2. Submission:

   • Save your document as: YourFullName_GhaymahExam.docx (or .doc / .pdf)
   • Email the document to: hr@ghaymah.systems
   • Subject Line: Ghaymah Course Batch 1 Exam 1
   • The exam is incomplete without this submission.

3. Honor Code:

   • This is an individual exam. You must perform all tasks yourself on your own machine or a provided VM.
   • You may use man pages, official documentation, and notes, but seeking help from others or online forums is prohibited.

---

Section A: Deep Investigation & Analysis

1. Process vs Service: Beyond Definitions (15 marks)

a) Find three currently running services using systemctl. Screenshot the command and output.

b) Choose the ssh service (if not available, choose nginx or apache2) and investigate:

- Locate its main service file and show its path. Screenshot the command to find it and its contents.

- Find all processes related to this service and display the process tree. Screenshot the command and output.

- Identify which user account is running this service. Screenshot the proof.

c) Stop the SSH service temporarily using systemctl stop sshd (or your chosen service).

- What happens to its processes? Prove using `ps aux | grep ssh` (or your service). Screenshot.
- Now restart the service. What is the new PID compared to the old one? Screenshot the status before and after.

2. Filesystem & Permission Forensics (15 marks)

a) Create this directory structure: ~/secure_data/confidential/. Screenshot the command.

b) Inside confidential/, create a file secret.txt with the content "This is sensitive data." Screenshot.

c) Set permissions so that:

- Owner (you) has read, write, execute 

- Group has read-only 

- Others have no access

Screenshot the `ls -l` output showing these permissions.

d) Create a new user called auditor: sudo adduser auditor. Try to access the file as auditor (e.g., sudo -u auditor cat ~/secure_data/confidential/secret.txt). Screenshot the command and the permission denied error.

3. Advanced Networking & Port Analysis (20 marks)

a) Port Scanning Investigation:

- Scan your local machine (localhost) using `nmap -sS -O 127.0.0.1`. Screenshot the output showing open ports.

- For each open port, find the exact process listening on it using `sudo ss -tulpn`. Screenshot the output.

b) Service Configuration Analysis: - If you have SSH, focus on it. Otherwise, install/use nginx or another service.

- Locate its main configuration file (e.g., `/etc/ssh/sshd_config` or `/etc/nginx/nginx.conf`). Screenshot the command and the line that defines the port.

- Change the service to listen on port 2222 (for SSH) or 8080 (for nginx). Edit the config file, then restart the service. Screenshot the change and the restart command.

- Prove it is now listening on the new port using `sudo ss -tulpn | grep :2222` (or 8080). Screenshot.

c) Firewall & Routing: - Use sudo ufw deny 2222/tcp (or your port) to block it. Or use sudo iptables -A INPUT -p tcp --dport 2222 -j DROP. Screenshot the command.

- Test that the port is now blocked. Try to connect: `ssh -p 2222 localhost` (should fail). Screenshot the failure.

- Remove the rule (`ufw delete deny 2222/tcp` or `iptables -D INPUT ...`). Screenshot the removal and then a successful connection test.

4. Process Management & System Monitoring (10 marks)

a) Start three background processes: sleep 500 &, yes > /dev/null &, tail -f /var/log/syslog &. Screenshot the jobs command.

b) Monitor system resources using top (press '1' to see all CPUs). Let it run for a few seconds, then screenshot.

c) Identify the yes process consuming high CPU. Use ps aux --sort=-%cpu | head -5 to find it. Screenshot.

d) Change its priority to the lowest: sudo renice -n 19 -p [PID_of_yes]. Screenshot the command and the updated top showing the nice value.

5. Ghaymah Cloud Platform Integration (25 marks)

a) Installation & Setup:

```
curl -sSL https://cli.ghaymah.systems/install.sh | bash
```

Screenshot the entire installation process and output.
Verify installation: `ghaymah --version`. Screenshot.

b) Authentication & Account Management: Login: gy auth login. Follow the prompts. Screenshot the successful login message. Verify: gy auth status. Screenshot the output.

c) Project Management: List Ghaymah projects. screenshot the output.

Submission Checklist

• All screenshots are in one document.
• Each screenshot is clearly labeled (Q1a, Q1b, Q2a, etc.).
• Document is saved as YourFullName_GhaymahExam.pdf.
• Email sent to hr@ghaymah.systems with subject Ghaymah Course Batch 1 Exam 1.

بالتوفيق ان شاء الله