Basic ACL Policies Lab
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
Already have an account? Sign In »
4 hours 53 minutes
Welcome back. I hope you had some success. And I hope you didn't have to dig into the lab sub folder because that's where we have the solution for this. I'm gonna walk through this lab solution in this second part of the lesson. First step. Let's look at the actual until upload policy file itself.
It's pretty straightforward. Set up. We wanted to go secret data and then any mission name. That's the structure we're using here at M I. Six. Right? We're going to create a sub folder for the particular mission and then another sub path for Agent Intel. And we want to allow these
different secret agents to have the rights of creating
and updating, and that's about it.
I'm gonna shoot over to my terminal now and go ahead and create that policy. Clear the screening and upload the policy. First
involved policy. Right. We're gonna call the policy Intel lab dash intel upload dot hcea
Now we're gonna create a few keys. Just Teoh set this stage and pre populate with some data that will want for later testing on the 1st 1 of the for doctor. No, doctor, No mission.
Animal to say
the value don't need to make it 22 exciting. Here. We're gonna create another secret.
And the doctor? No. Will say Agent Intel.
Even though we're not James Bond right now on the route. User, I'm gonna go ahead and create a secret there.
Let's, uh, create a secret for the good old GoldenEye mission,
and we'll create some pre populated agent in detail there.
And then finally, we're gonna go straight and just create some agent intel here for some false positive testing.
Let's go ahead and enable the user paths. Maybe user pass
looks. Looks like I was thinking audit when I should have been is thinking off.
Okay, user passes. No, no, no.
I think we are in good shape. Let's just do a little bit of a check here. Say, vault off list. So we have the authentication set up.
Okay, I'm just checking here. We have policies. There's our policy called the Intel policy. Let's go forward and create the James Bond account off user pass users. James password will be
and policies will be until
So, for final testing way, we would like to log in
using the user past method user name James Bond in the password Shaken.
And there we go so we can see automatically. We have our token and were associated with a few policies, namely default in Intel. So that's shaping up to be what we want. Let's go ahead and run the different commands to interact with keys. What's even get the secret for Dr No. Sure enough, we can't
as similarly, the Agent Intel sub Secret Directory
should be denied. Get no permissions to perform those activities about GoldenEye mission. That's another secret that we created.
No permission is denied. Um, Gold, just street agent Intel Secret that we created directly off the route.
We cannot perform that activity. Let's try creating a secrets in Dr No, and we will do it in such a way nooky equals value. And, um, way should not
have success here either.
Sure enough, we don't and let's try and write one more secret directly into, let's say the Agent Intel
directory and Secret Stash cannot do that either.
Now, on to performing some operations that were, we should have success. So let's put a secrets doctor. No mission. We want to upload some agent intel because we are logged in as James Bond. We want to send it back to base. We say new key equals new value
We should be able to do something very similar for the GoldenEye. Mission. Success.
Let's test this out. Just one more area by specifying a mission that doesn't even exist yet wasn't even created. Call the Spectrum mission also have success there, so we can upload and create secrets to any Agent Intel
for closing this out. What did we learn? Well, we talked about vault policies and theory. We looked at the actual policy files and understood the basics of the syntax. We applied that knowledge in an actual lab activity, and we ended up creating a custom policy file
that provided right only access to certain secrets following that particular agent Intel