Overview
What this challenge is about.
Mount the provided base image (Ubuntu 22.04 LTS derivative) and inventory all setuid + setgid binaries. For each, classify into 4 buckets: legitimately needed, replaceable with file capabilities, removable (no longer used), unknown. For unknowns, identify the upstream package and propose investigation steps. Recommend at least 8 specific changes (removals, capability swaps, sudo-policy moves). Deliver a CSV inventory, a 7-page report, and a 90-day hardening roadmap with effort estimates. Honestly mark items you cannot classify and explain why.
The Brief
What you'll do, and what you'll demonstrate.
Audit all setuid binaries in a Linux base image, classify by risk, and produce a 90-day hardening roadmap a CISO can fund.
Earning criteria — what you'll demonstrate
- Understand the Linux setuid model and its historical attack patterns
- Use file capabilities (cap_set_file) as a least-privilege alternative to setuid
- Classify OS-level risk in terms a security leader can fund
- Write security recommendations that respect operational reality
Program Fit
Where this fits in your program.
Sharpens the same skills your degree expects you to demonstrate.
Skills
Skills you'll demonstrate.
Each one shows up on your verified credential.
Careers
Roles this prepares you for.
Real titles. Real skill bridges. Pick the one closest to your trajectory.