Mission 344

Privileged boundary review

Read the simulated sudo boundary and verify the target service action is inspection-only.

Security administration
8 minutes Advanced Lesson 344 of 360
catsudosystemctl
Lesson 344 of 360 0/360 lessons 0/17 missions Security administration · 8 minutes
0%
Continue View profile
Ops lab terminal Training lab
New learnerrank 0XP 0%complete
learner@clairos:/home/learner $ Unix ops lab: type a command, press Enter
Instructions 8 minutes

Click any instruction for the command details, the why, and the common mistake to avoid.

Read the learner sudo rule

Run cat /etc/sudoers.d/learners.

cat /etc/sudoers.d/learners
Use the allowed inspection action

Run sudo systemctl status nginx.

sudo systemctl status nginx
Read the inspected unit

Run systemctl cat nginx.

systemctl cat nginx
Lesson support

What to notice while you play.

Objective

Build repeatable confidence with recognizing a narrow privileged command boundary.

Hint

Start with cat /etc/sudoers.d/learners, inspect the result, then continue in order.

Why it matters

Recognizing a narrow privileged command boundary helps operators explain what they know before they change anything.

Common mistakes
  • Skipping the output that proves recognizing a narrow privileged command boundary.
  • Changing several things before recording a baseline.
Reference

Commands in this lesson.

cat <file>

Print text file contents.

systemctl status <service>

Inspect simulated service status.