diff --git a/subjects/add-vm/audit/README.md b/subjects/add-vm/audit/README.md new file mode 100644 index 00000000..9778dd3b --- /dev/null +++ b/subjects/add-vm/audit/README.md @@ -0,0 +1,17 @@ +#### Functional + +##### Ask the auditee to start VirtualBox. + +###### Is VirtualBox correctly installed on the auditee's machine? + +##### Ask the auditee to show you the VM `01_add-vm`. + +###### Does the VM appears correctly on the list under the name `01_add-vm`? + +##### Ask the auditee to make a "snapshot". + +###### Was the auditee able to make a "snapshot" of the VM? + +##### Ask the auditee to start and stop the VM. (reminder the password is a single space) + +###### Was the auditee able to start and stop the VM? diff --git a/subjects/connect/audit/README.md b/subjects/connect/audit/README.md new file mode 100644 index 00000000..78db1ddb --- /dev/null +++ b/subjects/connect/audit/README.md @@ -0,0 +1,15 @@ +#### Functional + +###### Is VirtualBox installed? + +###### Are the 3 VMs, 01_connect_box, 01_connect_machine1, and 01_connect_machine2 properly added to VirtualBox? + +#### General + +##### Ask the auditee to start the 3 VMs in Virtual Box. Ask him to change the IP address of machine2. + +###### Ask the auditee this command `timeout --signal SIGINT 1m ping google.com`. Is the number of lost packets close to 0%? + +##### Ask the auditee make the IP address dynamic and explain the process. + +###### Ask the auditee this command `timeout --signal SIGINT 1m ping google.com`. Is the number of lost packets still close to 0%? diff --git a/subjects/linux/audit/README.md b/subjects/linux/audit/README.md index 511fe00e..1eddab20 100644 --- a/subjects/linux/audit/README.md +++ b/subjects/linux/audit/README.md @@ -1,7 +1,13 @@ #### Functional -###### Is VirtualBox correctly installed ? +##### Ask the auditee to start VirtualBox. -###### Does the virtual machine boot Debian properly (in less than 2 minutes) ? +###### Is VirtualBox correctly installed on the auditee's machine? -###### After the boot is complete, does the system react to the ACPI Shutdown and does the virtual machine stop ? +##### Ask the auditee to show you his VM with a version of debian already installed. + +###### Does the virtual machine boot Debian properly (in less than 2 minutes)? + +##### After the boot is completed, ask the auditee to shutdown his VM with the ACPI Shutdown. + +###### Does the system react to the ACPI Shutdown and does the virtual machine stop? diff --git a/subjects/login/audit/README.md b/subjects/login/audit/README.md new file mode 100644 index 00000000..78ab07eb --- /dev/null +++ b/subjects/login/audit/README.md @@ -0,0 +1,27 @@ +#### Functional + +##### Ask the auditee to start VirtualBox. + +###### Is VirtualBox correctly installed on the auditee's machine? + +#### General + +##### Ask the auditee to login as a user in one terminal. + +###### Has the password been correctly changed to "michelle"? + +##### Ask the auditee to login as a superuser (root) in another terminal. + +###### Has the password been correctly changed to "michelle"? + +##### Ask the auditee to execute a command to show you the inode of a file. (The inode is a number) + +###### Has the auditee correctly shown you (and if necessary explained) the inode of a file? + +##### Ask the auditee to execute a command to show you the current user ID (it is also a number). + +###### Has the auditee correctly shown you (and if necessary explained) the id a the user? + +##### Ask the auditee to execute a command to show you the PID (another number) of a program (like bash for example). + +###### Has the auditee correctly shown you (and if necessary explained) the PID a program? diff --git a/subjects/remote/audit/README.md b/subjects/remote/audit/README.md new file mode 100644 index 00000000..0c4f8059 --- /dev/null +++ b/subjects/remote/audit/README.md @@ -0,0 +1,21 @@ +#### Functional + +###### Is VirtualBox installed? + +###### Is the VM, 01_remote, added to VirtualBox? + +#### General + +##### The auditeee is supposed to set a port forwarding rule in the VM settings that maps the host port to a guest port. + +##### Ask the auditee to show you that rule in the settings or to set it up if it is not done yet. + +##### Ask the auditee to connect to the VM via SSH thru the host port. + +###### Did the auditee manage to connect via SSH with either this command: `ssh -p22 root@localhost` or `ssh -pANOTHER_PORT root@localhost`? + +##### If the auditee connected thru port 22, ask the auditee to change the port of the Guest VM. + +##### Ask the auditee to connect to the VM via SSH thru the new chosen host port. + +###### Did the auditee manage to connect via SSH with this command `ssh -pANOTHER_PORT root@localhost`? diff --git a/subjects/scan/audit/README.md b/subjects/scan/audit/README.md new file mode 100644 index 00000000..94094ffa --- /dev/null +++ b/subjects/scan/audit/README.md @@ -0,0 +1,13 @@ +#### Functional + +###### Is VirtualBox installed? + +###### Are the 2 VMs, 01_scan_RRF-CONTROL and 01_scan_laptop, properly added to VirtualBox? + +#### General + +##### Ask the auditee, from the VM laptop, to get get into the other VM. As a reminder the port forwarding is set to 10122. + +##### (Allow some time for the hacking to take place) + +###### Did the auditee manage to get `RRF-control` appearing on the laptop VM (did the auditee manage to get thru)?