Forensics_Question_1.txt,'^ANSWER:\s*/home/tess/.priv_escal',6
Forensics_Question_2.txt,'^ANSWER:\s*Dreams can become reality',6
Forensics_Question_3.txt,'^ANSWER:\s*lcredit',6
Forensic Question 3 correct
2,User bandolette removed
2,User remedy removed
2,User tess not an admin
2,User kyle not an admin
2,User cole  assigned as admin
2,User ragnarok assigned as admin
2,User tess password set
2,User cole password set
cmd_match,cat /etc/shadow,grep '^ragnarok' | cut -d ':' -f 2,
fw_policy,INPUT,DROP,2,
fw_rule,ALLOW IN,22/tcp,4,
service_disabled,,13,5,
service_disabled,,21,3,
service_enabled,,22,3,
service_disabled,,631,1,CUPSD backdoor not running
file_no_match,/etc/crontab,grep '^\*.*cupsd',3,Cups entry removed from crontab
cmd_no_match,ls -a /usr/sbin/cupsd,grep "/usr/sbin/cupsd",2,Backdoor executable cupsd removed
service_disabled,,88,2,inetd backdoor not running
file_no_match,/etc/inetd.conf,grep '^kerberos',3,kerberos removed from inetd
file_no_match,/etc/gdm3/custom.conf,grep -i "^\s*AutomaticLoginEnable=true",4,Auto login disabled
file_match,/etc/pam.d/common-password,agrep 'dcredit;ocredit;lcredit;ucredit',3,Password complexity enabled
2,Package steghide removed 
2,Package nmap removed 
2,Package aircrack-ng wifi cracker removed 
2,Hydra logon cracker removed
2,Vulnerability scanner yersinia removed
file_num_lessthan,grep -i '^PASS_MAX_DAYS' /etc/login.defs |rev|cut -f 1 |rev,121,2,Password Max age set
file_match,/etc/pam.d/common-password,grep '\s*password\s*requisite.*minlen',3,Minimum password lenght set
file_no_match,/etc/sudoers,grep '^%sudo.*NOPASSWD',4,sudo requires authentication
file_match,/etc/apt/sources.list,grep '^deb\s.*\jammy main',2,Software repository enabled
file_match,/etc/apt/sources.list,grep '^deb\s.*\jammy-security .*main',2,Security updates enabled
file_num_lessthan,ls /home/sparkplug/.Music/ |wc -l,1,2,Music files deleted
cmd_no_match,ls -a /home/tess,grep "\.priv_escal",4,Privilege Escalation command removed