LEARNING OUTCOMES

The learning outcomes (LOs) for this module are:-

LO1 Demonstrate knowledge of the fundamentals of an operating system, including its
architecture and the implementation of its services.
LO2 Apply scripting languages and tools to the monitoring, investigation and administration
of an operating system and its resources.
LO3 Design and utilise simple SQL queries.
LO4 Communicate the results of work / study accurately and reliably.
This assessment addresses learning outcomes LO1, LO2, LO3 and LO4.

The assessment including two parts, i.e., Practical Lab (50%) and Report (50%).

1. Practical Lab (Weighting: 50%)

You are required to demonstrate an ability to apply methods and tools that would aid you in
analysing a disk image, e.g., it might be obtained from a computer that you suspect which
may have been compromised.

For the disk image, please direct your browser to download KF40052023.img from
the following link:

https://livenorthumbriaac-my.sharepoint.com/:f:/g/personal/
abbas_mehrabidavoodabadi_northumbria_ac_uk/
EqL9uw8YgAhKi2RWVb0ip0YB4EdH72XhVSPxF1tmVnXZ3w?e=FdDzOo

You should enter the required shell commands using a command terminal. The commands
that you enter will be saved automatically in the file /home/student/.bash_history or
/home/student/<your_user_id>/kf4005/.bash_history or similar locations depending on your
current working directory. You should redirect the output from all commands to a file
called bashoutput.txt. Ensure that you start with an empty file and that you
always append output to the file rather than overwriting it. At the end of the task you should
copy your commands in .bash_history file to a file called bashinput.txt. Use your regular text
editor, e.g., nano, to edit both bashinput.txt and bashoutput.txt. Your bashinput.txt should
contain just the commands required to satisfy the requirements below. Add comments to
the file so that it is clear which command has been used to solve which problem. Add the
problem number to the comment associated with the corresponding command.
Your bashoutput.txt file should contain just the output produced by the commands in your
edited bashinput.txt file. Again, you should add numbered comments to the
bashoutput.txt to make it clear which output goes with which problem. Next, you should
have with you the disk_analysis.sh shell script. You will need to run this script at the
appropriate point to generate two text files, i.e., filedata.txt and sqlout.txt.

❖ For bashinput.txt and bashoutput.txt, please do the following tasks:

(1) Create directories for the lab session (2 marks)

Enter a command in your terminal window to create directories for this practical lab. The
directories can be created in /home/student or other suitable place and may be
called /home/student/<your_user_id>/kf4005/bin or /home/<your pc username>/
<your_user_id>/kf4005/bin, where you may replace <your_user_id> with your actual user
id, e.g. w12345678. Create all directories using a single command.
(2) Copy the script, make it executable and add your bin directory to your PATH (3
marks)
Enter commands to copy your disk_analysis.sh script into the bin directory that you’ve just
created, make the script executable and add the bin directory to your PATH. The PATH
modification should be temporary, using a simple shell command, rather than by editing
.bashrc.

(3) Obtain the raw disk image (2 marks)

Enter a command to copy the disk image KF40052022.img which you have just downloaded
into /home/student/<your_user_id>/kf4005 or other suitable directory (e.g., your working
directory).

(4) Examine the partition table (2 marks)

Enter commands to show the partition table of the raw disk image. Ensure that the output is
sent to bashoutput.txt.

(5) Partition table questions (6 marks)

Briefly answer the following three questions about the partition table. Enter commands to
append your answers to your output file (bashoutput.txt).

a). What is the total size of the raw disk image in bytes?
b). What is the name of the bootable partition?
c). What is the offset in bytes of the start of the first partition? (show how you get the answer)

(6) Mount the raw disk image (4 marks)

Enter commands to
a). Create a mount point for the disk image and call the mount point
/home/student/<your_user_id>/kf4005/image or any other suitable name.
b). Mount the raw disk image to the mount point. The image must be mounted read-only.

❖ For disk_analysis.sh, filedata.txt and sqlout.txt, please do the following tasks:

(7) Disk Analysis

This part is concerned with the disk_analysis.sh shell script. Enter commands to run
your disk_analysis.sh script on the disk image file KF40052022.img that you have already
mounted at /home/student/<your_user_id>/kf4005/image or other place. The requirement
of disk_analysis.sh is as follows:

A. Given the name of a disk image file and the name of a directory to act as a mount point,
mount the specified disk image to the mount point. The script should take reasonable
precautions against failure. For example, it should ensure that: (I) The disk image file
exists. (II) Either the directory for the mount point exists and is empty, or is created by
the script if it does not exist. (III) Your script should allow the user to bypass the mounting
of the disk image file. This functionality can be accessible through the use of a command
line option

B. Extract file metadata from the /bin and /usr/bin directories and output the information as
a list of lines of semi-colon separated data. This makes it easy to include the data into a
database for later analysis. The metadata required is as follows: file name; last access
date and time; last modification date and time; permissions; user and group ids and file
size. Your script should allow the user to specify different directories for analysis, using
 a command line option. Again, the script should take reasonable precautions against
failure. The extracted file metadata should be sent to a file called filedata.txt (8 marks).

C. Create an SQL database, called KF4005A, on your host machine. Create a table, called
filedata, in the KF4005A database. The table schema for filedata should be suitable for
storing the file metadata extracted from the disk image file. Load the file metadata into
the filedata table. Use an SQL SELECT command on the filedata table to output the file
name, file permissions, user id, group id and last access date of all records, in
descending order of last access date. The output from the SQL query should be sent to
a file called sqlout.txt (8 marks).

(8) Your above disk_analysis.sh script will be assessed using the following criteria (15
marks):
> Use of functions - functional decomposition
> Use of meaningful variable and function names
> Use of layout that aids the understanding of the reader etc.
> Use of bash shell script idioms: parameter expansion, command substitution etc.
> Use of SQL

Important: You must ensure that the practical lab deliverables have been prepared exactly
as specified below:

- Create a new directory called deliverables and add the following files to this directory

a) The text file of the edited history of the bash commands used in the exercises
bashinput.txt. (Please see above (1)-(6)).
b) The text file of the edited output of the bash commands used in the exercises
bashoutput.txt. (Please see above (1)-(6)).
c) Your disk image analysis script, called disk_analysis.sh (Please see above (7)-(8)).
d) The text file of the extracted file metadata that was loaded into your filedata table. This
text file should be called filedata.txt. (Please see above (7) B).
e) The text file containing the output from your SQL SELECT statement. This text file should
be called sqlout.txt. (Please see above (7) C).

- Create a zip file called deliverables.zip which includes all the above required files, i.e.,
bashinput.txt, bashoutput.txt, disk_analysis.sh, filedata.txt and sqlout.txt. Please check
that deliverables.zip to make sure it contains all the required files before you submit.

2. Report (Weighting: 50%)

You are required to submit a document that satisfies the requirements below. Number your
answers carefully, using precisely the numbering scheme used in the specification of
requirements below. Failure to number your answers correctly may lead to zero marks.

❖ Process management

A typical behaviour of a user of the Unix operating system is to enter a command such as
ps -eF | grep named into a terminal emulator. This command is interpreted by the shell to
create two processes that communicate via a pipe to execute the required programs.

(1) Use your own words to explain briefly what is meant by the following: shell, terminal
emulator, program, process, pipe (5 marks).
(2) Use your own words to list two advantages and one disadvantage of command line in
Linux Operating Systems and give one example for each case (6 marks).

(3) Use your own words to explain how a pipe can be created and used to allow
communication between the processes. Explain clearly which processes can read and write
to/from the pipe. Draw a diagram to illustrate your answer (4 marks).

(4) Use your own words to describe briefly what happens to each process after it has
completed its execution. How does a parent process discover the termination status of its
children? Consider both successful and unsuccessful termination (5 marks).

❖ Storage Management and Security

(5) Use your own words to explain why many operating systems organise the directory
structure of a file system as a tree. Relate your answer to the main operations that need to
be performed on a directory (6 marks).

(6) Use your own words to explain how does the Linux operating system control access to
files in a file system and give the possible reasons of doing this (7 marks).

(7) Use your own words to explain symmetric and public-key cryptography. Explain what
you understand by these concepts, distinguishing clearly between them (6 marks).

(8) Use your own words to explain man-in-the-middle attack and the possible solutions to
avoid this attack. You can use diagram to illustrate this (6 marks).

❖ C programming

(9) Use your own words to explain why C programming is important for the operating
systems. Give an example how C programming can interact with the operating systems (5
marks).

Please note that all content including references and appendices should be contained in a
single document. Only Microsoft Word (.docx) file formats will be accepted. Referencing
Style: Harvard. Your Report should be about 1, 300 words in total excluding references.
There is no word limit for Practical Lab. There is no fixed penalty for exceeding this limit but
unnecessary verbosity, irrelevance and `padding' make it difficult for the marker to identify
relevant material and may lead to some loss of marks.