2.    Install, configure, and test security hardware and software tools with supporting documentation such as port scanners, vulnerability detection systems, intrusion detection systems, firewalls, system hardening, anti-virus tools, patch management, auditing and assessment.

​

First I looked at the Database to find the users, I found that playerone was an entire month newer than the admin user which infers that it is a compromised account.
Next I looked within the mysql log files on Prod-Web you can see at the bottom that the accounts were deleted from the database and that’s why they weren't able to login. The command to get here is cd /var/log/mysql/mysql.log   nano mysql.log 
Then I went to backup and did startx to launch the kali desktop view. I then went to the file system and looked for the backup file of the database. I found the compromised accounts with passwords in plaintext. I then submitted an incident response form. 
All 3 green checks acquired. (I had already submitted it and this was the only screenshot I had of this step, I corrected the name list with some names I had forgotten.)

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

​
 

​