← All paths

Linux host administration

Users and permissions, least-privilege sudo, defusing a SUID bug, log rotation, and service hardening.

8 challenges · ~3 h · every step earns its own verified proof

0/8 solved
Start: Set up a team's users and groups
  1. Set up a team's users and groupseasy~20 min

    Accounts and group membership, the first thing to get right on a new host.

  2. Lock down a secrets fileeasy~20 min

    Owner, group, and mode on a secrets file. The daily bread of Linux.

  3. A shared folder the whole team can usemedium~20 min

    A team folder that works, using setgid so new files inherit the group.

  4. Least-privilege sudo for a deploy usermedium~20 min

    Grant exactly one command through sudo, not full root.

  5. Defuse a SUID privilege escalationmedium~25 min

    A world-writable SUID binary is a root shell. Defuse it without breaking the tool.

  6. The app logs are filling the diskeasy~25 min

    Unbounded logs fill the disk. Rotate, compress, and cap them.

  7. The export daemon runs as root with no guardrailsmedium~25 min

    Run a daemon as a service account inside systemd's sandbox.

  8. Harden the kernel's network stackmedium~30 min

    Turn off the routing and redirects a plain host should never do.