chore: bootstrap lean sysadmin-chronicles repo
Import the runnable game code, content, docs, scripts, and repo guidance while leaving local agent state, dependency installs, build output, and backup copies out of the published tree.
This commit is contained in:
@@ -0,0 +1,130 @@
|
||||
{
|
||||
"id": "Q005",
|
||||
"title": "The Midnight Visitor",
|
||||
"tier": 2,
|
||||
"primary_vm": "web_server",
|
||||
"required_vms": ["workstation", "web_server"],
|
||||
"ticket_id": "T005",
|
||||
"baseline_snapshot": "baseline.post-q004",
|
||||
"summary": "A cron job that runs nightly database backups is executing as root instead of the dedicated backup user. It works, but it's leaving root-owned files in /var/backups/db/ that the backup user can't manage. The symptom is that the backup retention script — which runs as the backup user — fails to delete old backups, and the backup directory is filling up. Dave notices the disk warning. The root cause is a misconfigured crontab entry in /etc/cron.d/db-backup that specifies no user field (defaults to root) instead of the backup user.",
|
||||
"clue_fingerprint": {
|
||||
"description": "Disk is filling in /var/backups/db/. Files in that directory are owned by root. The backup service log shows permission denied when trying to delete old files. /etc/cron.d/db-backup has no user field on the job line — it defaults to root. /etc/passwd shows a backup-agent user exists. The correct entry should specify backup-agent as the executing user.",
|
||||
"evidence": [
|
||||
{ "type": "disk_usage_above", "vm": "web_server", "path": "/var/backups", "threshold_percent": 80 },
|
||||
{ "type": "file_owner_is_not", "vm": "web_server", "path": "/var/backups/db", "expected_user": "backup-agent" },
|
||||
{ "type": "log_contains", "vm": "web_server", "path": "/var/log/backup-agent.log", "contains": "Permission denied" },
|
||||
{ "type": "file_contains", "vm": "web_server", "path": "/etc/cron.d/db-backup", "contains": "db-backup.sh" }
|
||||
]
|
||||
},
|
||||
"objectives": [
|
||||
{
|
||||
"id": "crontab-correct-user",
|
||||
"description": "The cron job runs as backup-agent, not root",
|
||||
"check_mode": "passive",
|
||||
"validation": {
|
||||
"type": "file_contains",
|
||||
"vm": "web_server",
|
||||
"path": "/etc/cron.d/db-backup",
|
||||
"contains": "backup-agent"
|
||||
}
|
||||
},
|
||||
{
|
||||
"id": "backup-dir-ownership",
|
||||
"description": "Existing backup files are owned by backup-agent",
|
||||
"check_mode": "explicit",
|
||||
"validation": {
|
||||
"type": "file_owner",
|
||||
"vm": "web_server",
|
||||
"path": "/var/backups/db",
|
||||
"user": "backup-agent",
|
||||
"group": "backup-agent"
|
||||
}
|
||||
},
|
||||
{
|
||||
"id": "disk-pressure-cleared",
|
||||
"description": "Backup directory is below disk threshold",
|
||||
"check_mode": "passive",
|
||||
"validation": {
|
||||
"type": "disk_usage_below",
|
||||
"vm": "web_server",
|
||||
"path": "/var/backups",
|
||||
"threshold_percent": 70
|
||||
}
|
||||
}
|
||||
],
|
||||
"solution_branches": [
|
||||
{
|
||||
"id": "full-fix",
|
||||
"label": "Full Fix — User Corrected and Ownership Cleaned",
|
||||
"priority": 100,
|
||||
"validation": {
|
||||
"type": "and",
|
||||
"rules": [
|
||||
{ "type": "file_contains", "vm": "web_server", "path": "/etc/cron.d/db-backup", "contains": "backup-agent" },
|
||||
{ "type": "file_owner", "vm": "web_server", "path": "/var/backups/db", "user": "backup-agent", "group": "backup-agent" },
|
||||
{ "type": "disk_usage_below", "vm": "web_server", "path": "/var/backups", "threshold_percent": 70 }
|
||||
]
|
||||
},
|
||||
"trust_delta": 3,
|
||||
"world_flags": ["hermes_backup_healthy"],
|
||||
"follow_up_dialogue": "marcus-Q005-complete-clean"
|
||||
},
|
||||
{
|
||||
"id": "cron-fixed-only",
|
||||
"label": "Partial — Cron Fixed, Old Files Not Cleaned",
|
||||
"priority": 50,
|
||||
"validation": {
|
||||
"type": "and",
|
||||
"rules": [
|
||||
{ "type": "file_contains", "vm": "web_server", "path": "/etc/cron.d/db-backup", "contains": "backup-agent" },
|
||||
{ "type": "disk_usage_above", "vm": "web_server", "path": "/var/backups", "threshold_percent": 70 }
|
||||
]
|
||||
},
|
||||
"trust_delta": 1,
|
||||
"world_flags": ["hermes_backup_partial"],
|
||||
"follow_up_incident": "I002",
|
||||
"follow_up_dialogue": "marcus-Q005-complete-partial"
|
||||
},
|
||||
{
|
||||
"id": "disk-cleared-only",
|
||||
"label": "Wrong Fix — Disk Cleared, Root Still Running Job",
|
||||
"priority": 30,
|
||||
"validation": {
|
||||
"type": "and",
|
||||
"rules": [
|
||||
{ "type": "disk_usage_below", "vm": "web_server", "path": "/var/backups", "threshold_percent": 70 },
|
||||
{ "type": "not", "rule": { "type": "file_contains", "vm": "web_server", "path": "/etc/cron.d/db-backup", "contains": "backup-agent" } }
|
||||
]
|
||||
},
|
||||
"trust_delta": -1,
|
||||
"world_flags": ["hermes_backup_root_running", "hermes_disk_healthy"],
|
||||
"follow_up_incident": "I002",
|
||||
"follow_up_dialogue": "marcus-Q005-complete-wrong"
|
||||
}
|
||||
],
|
||||
"pressure_profile": "disk_growth_slow",
|
||||
"blast_radius": ["I002"],
|
||||
"unlock_requirements": ["world_flag:player_ssh_configured"],
|
||||
"narrative_phase": "unease",
|
||||
"linux_concepts": ["cron", "crontab user field", "backup management", "disk usage"],
|
||||
"failure_conditions": ["cron still running as root", "disk not cleared", "backup directory ownership not fixed"],
|
||||
"behavior_impact": {
|
||||
"full-fix": { "curiosity_delta": 1, "obedience_delta": 1, "risk_delta": 0, "suspicion_delta": 0 },
|
||||
"cron-fixed-only": { "curiosity_delta": 0, "obedience_delta": 1, "risk_delta": 0, "suspicion_delta": 0 },
|
||||
"disk-cleared-only": { "curiosity_delta": 0, "obedience_delta": 0, "risk_delta": 1, "suspicion_delta": 1 },
|
||||
"default": { "curiosity_delta": 0, "obedience_delta": 0, "risk_delta": 0, "suspicion_delta": 0 }
|
||||
},
|
||||
"hidden_hook": {
|
||||
"id": "q005_backup_agent_history",
|
||||
"description": "backup-agent home directory contains a .bash_history with unusual commands that predate the current cron misconfiguration.",
|
||||
"discovery_method": "Player reads /home/backup-agent/.bash_history",
|
||||
"significance": "Dale configured this cron job. The history shows it was changed deliberately, not by accident."
|
||||
},
|
||||
"access_requirements": {
|
||||
"minimum_access": { "web_server": "sudo" },
|
||||
"requires_root": false,
|
||||
"temporary_grants_allowed": []
|
||||
},
|
||||
"tags": ["cron", "permissions", "backup", "disk", "web_server"],
|
||||
"internal_notes": "This is the first quest where the symptom (disk full) is the same as Q003 but the cause is completely different. Players who jump to 'find the big log' will find the backup directory instead and need to dig further. The cron user field omission is a real and common mistake. The three branches reward finding the root cause vs just clearing the symptom."
|
||||
}
|
||||
Reference in New Issue
Block a user