Embedded Files
Changing the Default Mount Directory to the User Home Directory in WSL Permanently In the Virtual Machine Instance: How this relates to the concepts of the CIA Triad.
Author : Edem Adeti
Changing the default directory of your WSL mount point touches on implementing basic security measures. As cybersecurity learners, we need to understand how this simple yet effective step relates to the Confidentiality, Integrity, and Availability of data, better known as the CIA triad.
This framework lays the groundwork for security engineering across various technology projects. In simple terms, the CIA triad serves as a benchmark for security professionals to ensure systems are properly configured and protected. This particular configuration is a great example of how a simple action can directly align with the core principles of this framework and system security in general.
Relating This To The CIA Triad
1. Confidentiality: By default, WSL's root directory is configured to provide direct access to your Windows file system, specifically through the /mnt/c/ path. While convenient, this access can be a confidentiality risk. With his preconfigured settings, should you mistakenly run a malicious script or execute a command by accident within the shell, you could potentially access and expose sensitive data stored on your Windows host. This could result in disruption of services, as it would have an effect on system-wide files and settings.
2. Integrity: Integrity is about ensuring data is authentic and hasn't been tampered with. With the default WSL setup, running a command with elevated privileges in your Linux shell could lead to mistakenly modifying critical Windows system files or configurations in the C:\ drive, resulting in compromising the integrity of the host OS, potentially leading to security vulnerabilities such as file integrity modification.
3. Availability: When the C:\ drive gets compromised due to a misconfigured command from WSL, it could render the entire Windows system unusable. If critical system files are deleted or corrupted, the operating system may fail to boot. This could render your windows machine inaccessible, as well as the file system.
How to mitigate this using in your virtual machine on WSL
WSL VM Configuration
After activating WSL, you would find that it defaults to your Windows user directory. To configure the WSL environment to permanently isolate your VM instance, start in your Linux home directory, we will modify the /etc/profile.d file. This demonstration uses the default Debian-based Ubuntu distribution.
Steps:
a. Locating the profile.d directory and creating our own script (.sh)
Launch your wsl virtual machine.
In the command prompt, we would switch to the root account, as we are assuming the role of the root user (in other words, the system administrator).
Command: sudo -i
Translation: switch into administrator or root mode.
This command is useful for system administration.
b. After issuing this command, you would be prompted to enter your user password go ahead and do so, as it would then grant you superuser access.
The next step we would take here is to navigate to the /etc folder and further move into the /profile.d directory as well.
Command: cd /etc/profile.d
c. Next, we would create a new script here that would automatically run and alter the entire shell irrespective of the user that logs in. This procedure would ensure that our configuration is saved into the system-wide configuration and run upon kernel boot-up.
To create this file, we would use the nano command to create, open and save the file.
Syntax: nano {filename}.sh
Command: nano 01_force_homedir.sh
↪Hit enter to open the file for editing
Translation: Create a file called 01_force_homedir.sh and then open it for editing or viewing.
c. Finally, in the file, we would add a simple command that would ensure that when a user starts up the shell, its initial directory will be the user's home directory.
After typing this in, save the file by using Ctrl+O. You will be prompted to modify the buffer; respond to this by pressing the Enter key only, and then close the file using Ctrl+X.
In the file type: cd ~ Or cd /home/$USER
Translation: This line of code in the script file sets the startup shell directory to the user's home directory.
Testing and Verifying configurations.
After completing the steps, you can now restart the machine.
↪ First, log out of the WSL machine using the exit command.
↪↪ Then, restart or re-log in with the wsl command.
Alternatively, to log in to a specific distribution, you can specify it as shown in the illustration. These steps would allow you to verify that changes made have been successfully implemented.
By following these steps,you can securely operate within WSL safe and sound.
Google Sites
Report abuse