XK0-005 Question #590: Real Exam Question with Answer & Explanation

Question

The security team has identified a web service that is running with elevated privileges. A Linux administrator is working to change the systemd service file to meet security compliance standards. Given the following output: [Unit] Description=CompTIA server daemon Documentation=man:webserver(8) man:webserver_config(5) After=network.target [Service] Type=notify EnvironmentFile=/etc/webserver/config ExecStart=/usr/sbin/webserver -D $OPTIONS ExecReload=/bin/kill -HUP SMAINPID KillMode=process Restart=on-failure RestartSec=42s [Install] WantedBy=multi-user.target Which of the following remediation steps will prevent the web service from running as a privileged user?

Options

• ARemoving the ExecStart=/usr/sbin/webserver -D $OPTIONS from the service file
• BUpdating the EnvironmentFile line in the [Service] section to /home/webservice/config
• CAdding the User=webservice to the [Service] section of the service file
• DChanging the multi-user.target in the [Install] section to basic.target

Explanation

To prevent a systemd service from running with elevated privileges, the service configuration needs to explicitly specify an unprivileged user.

Common mistakes.

• A. Removing the ExecStart line would prevent the web service from starting at all, which is not a remediation step to change its running user.
• B. Updating the EnvironmentFile path changes where environment variables are loaded from, but does not directly control the user under which the service runs.
• D. Changing WantedBy in the [Install] section affects when the service is enabled during different boot targets but does not control the user it runs as.

Concept tested. Systemd service privilege escalation prevention

Reference. https://www.freedesktop.org/software/systemd/man/systemd.service.html

No community discussion yet for this question.