# User Issues - terminal issues? - run `ls -l /dev/tty?` to check if any terminals are corrupted - corrupted terminal include a dash instead of a c prefix on the perms string (because character device)![[images/Pasted image 20250731130801.png]] - remote connection issues? - `sudo systemctl status sshd` to check if sshd is running ![[images/Pasted image 20250731131723.png]] - check firewall for open port 22 - `sudo ufw status` - run ssh with -vvv flag to show verbose debug info - check `~/.ssh/authorized_keys` file on server for client pubkeys - check for misconfigurations within `/etc/ssh/sshd_config` on server and within `~/.ssh/config` and `etc/ssh/ssh_config` on client - does account exist? - `whoami` shows current user - see `/etc/passwd` or `/etc/shadow` for users - `sudo getent passwd user_name` to grab entry from `/etc/passwd` for user ![[images/Pasted image 20250731103456.png]] - if user exists an entry will be returned - can do same with `sudo getent shadow user_name` - `sudo user add user_name` to add user - incorrect user privs - `id user_name` shows user info including UID, GID, and groups ![[images/Pasted image 20250731104605.png]] - check `/etc/sudoers` - `cat /etc/group | grep sudo` to see users in sudo group - `sudo getent group sudo` to see users in sudo group - password problems such as expiry or lockout? - `sudo lastlog -u user_name` shows last login by user ![[images/Pasted image 20250731104517.png]] - `lastlog` pulls from `/var/log/lastlog` - -u option to specify a user - -t option to specify numbers of days - `last | head` shows recent login info ![[images/Pasted image 20250801181932.png]] - `sudo getent shadow user_name` if ! precedes the password hash the user's account is locked - unlock user account with `sudo passwd -u user_name` or `sudo usermod -U user_name` - `sudo chage -l user_name` lists password expiry options/status ![[images/Pasted image 20250731105417.png]] - check PAM settings in `/etc/pam.d` such as `pam_tally2` or `faillock` - are ACLs or attrtibutes set? - `getfacl file_name` - `lsattr file_name` - is SElinux or apparmor active? - `sudo sestatus` or `sudo aa-status` to see status - `getsebool file_name` to see app/file booleans - reset user passwords - `sudo passwd user_name` to change password for user - ensure account is enabled and not locked - if ! precedes hash in `/etc/shadow`, the account is locked - `sudo passwd -l user_name` to lock user - `sudo passwd -u user_name` to unlock user - `sudo usermod -L user_name` to lock user account - `sudo usermod -U user_name` to unlock user account - unable to login/access terminal or system over network - `cat /etc/etc/security/access.conf` to check for entries that deny specific users or groups from accessing system such as test terminal or across networks - `cat /etc/group` to show users within each group - existence of `/etc/nologin` disables all accounts save root - common for temporary maintenance # Managing sudo and SUID - add user to `/etc/sudoers` with `visudo` - `su -` to login as root - locked out of root - user with sudo privs may be able to reset root password - `cat /etc/group | grep sudo` to return users with sudo privs - sign in other user with sudo privs and try `sudo passwd root` - hold shift during boot to enter bootloader menu and select recovery mode - drop into root shell prompt from recovery mode and reset root password with `passwd` - check that root fs is mounted in rw mode to reset password - `mount` shows mounted file systems and perms - `mount -o remount /` to mount root fs - restore to image or VM snapshot where root password was known - `sudo chmod o+s test` to add SUID bit to test - `sudo chmod 4755 test` to add SUID bit to test - SUID allows all users to access/execute file with owner perms - __most linux systems disregard SUID for shell scripts as a security feature but system honors SUID for binaries and files__ - work around: call script from a binary with SUID bit