diff --git a/labs/lab3/report.typ b/labs/lab3/report.typ
index 7e712bc..0d6386d 100644
--- a/labs/lab3/report.typ
+++ b/labs/lab3/report.typ
@@ -31,8 +31,8 @@
 #align(center)[Направление подготовки 11.03.02]
 \
 \
-#align(center)[Лабораторная работа №2]
-#align(center)[Создание и использование размерных типов данных]
+#align(center)[Лабораторная работа №3]
+#align(center)[Подсистема хранения]
 \
 \
 \ //#align(center)[Вариант 19]
diff --git a/labs/lab4/assets/1.png b/labs/lab4/assets/1.png
new file mode 100644
index 0000000..ac2d611
Binary files /dev/null and b/labs/lab4/assets/1.png differ
diff --git a/labs/lab4/assets/10.png b/labs/lab4/assets/10.png
new file mode 100644
index 0000000..c6490b9
Binary files /dev/null and b/labs/lab4/assets/10.png differ
diff --git a/labs/lab4/assets/11.png b/labs/lab4/assets/11.png
new file mode 100644
index 0000000..b71f8ca
Binary files /dev/null and b/labs/lab4/assets/11.png differ
diff --git a/labs/lab4/assets/12.png b/labs/lab4/assets/12.png
new file mode 100644
index 0000000..524854d
Binary files /dev/null and b/labs/lab4/assets/12.png differ
diff --git a/labs/lab4/assets/13.png b/labs/lab4/assets/13.png
new file mode 100644
index 0000000..73e7abb
Binary files /dev/null and b/labs/lab4/assets/13.png differ
diff --git a/labs/lab4/assets/14.png b/labs/lab4/assets/14.png
new file mode 100644
index 0000000..bcfbe24
Binary files /dev/null and b/labs/lab4/assets/14.png differ
diff --git a/labs/lab4/assets/15.png b/labs/lab4/assets/15.png
new file mode 100644
index 0000000..8507561
Binary files /dev/null and b/labs/lab4/assets/15.png differ
diff --git a/labs/lab4/assets/16.png b/labs/lab4/assets/16.png
new file mode 100644
index 0000000..cd50735
Binary files /dev/null and b/labs/lab4/assets/16.png differ
diff --git a/labs/lab4/assets/17.png b/labs/lab4/assets/17.png
new file mode 100644
index 0000000..cbc13ad
Binary files /dev/null and b/labs/lab4/assets/17.png differ
diff --git a/labs/lab4/assets/18.png b/labs/lab4/assets/18.png
new file mode 100644
index 0000000..ccfcabc
Binary files /dev/null and b/labs/lab4/assets/18.png differ
diff --git a/labs/lab4/assets/19.png b/labs/lab4/assets/19.png
new file mode 100644
index 0000000..f518fdf
Binary files /dev/null and b/labs/lab4/assets/19.png differ
diff --git a/labs/lab4/assets/2.png b/labs/lab4/assets/2.png
new file mode 100644
index 0000000..cbd8b7a
Binary files /dev/null and b/labs/lab4/assets/2.png differ
diff --git a/labs/lab4/assets/20.png b/labs/lab4/assets/20.png
new file mode 100644
index 0000000..8d814e4
Binary files /dev/null and b/labs/lab4/assets/20.png differ
diff --git a/labs/lab4/assets/21.png b/labs/lab4/assets/21.png
new file mode 100644
index 0000000..c841d5e
Binary files /dev/null and b/labs/lab4/assets/21.png differ
diff --git a/labs/lab4/assets/22.png b/labs/lab4/assets/22.png
new file mode 100644
index 0000000..91976cb
Binary files /dev/null and b/labs/lab4/assets/22.png differ
diff --git a/labs/lab4/assets/23.png b/labs/lab4/assets/23.png
new file mode 100644
index 0000000..b18bfba
Binary files /dev/null and b/labs/lab4/assets/23.png differ
diff --git a/labs/lab4/assets/24.png b/labs/lab4/assets/24.png
new file mode 100644
index 0000000..cf95f27
Binary files /dev/null and b/labs/lab4/assets/24.png differ
diff --git a/labs/lab4/assets/25.png b/labs/lab4/assets/25.png
new file mode 100644
index 0000000..032de28
Binary files /dev/null and b/labs/lab4/assets/25.png differ
diff --git a/labs/lab4/assets/26.png b/labs/lab4/assets/26.png
new file mode 100644
index 0000000..34198de
Binary files /dev/null and b/labs/lab4/assets/26.png differ
diff --git a/labs/lab4/assets/27.png b/labs/lab4/assets/27.png
new file mode 100644
index 0000000..ac787de
Binary files /dev/null and b/labs/lab4/assets/27.png differ
diff --git a/labs/lab4/assets/28.png b/labs/lab4/assets/28.png
new file mode 100644
index 0000000..94fa71e
Binary files /dev/null and b/labs/lab4/assets/28.png differ
diff --git a/labs/lab4/assets/29.png b/labs/lab4/assets/29.png
new file mode 100644
index 0000000..0e98cd0
Binary files /dev/null and b/labs/lab4/assets/29.png differ
diff --git a/labs/lab4/assets/3.png b/labs/lab4/assets/3.png
new file mode 100644
index 0000000..b90870b
Binary files /dev/null and b/labs/lab4/assets/3.png differ
diff --git a/labs/lab4/assets/30.png b/labs/lab4/assets/30.png
new file mode 100644
index 0000000..af7ea0e
Binary files /dev/null and b/labs/lab4/assets/30.png differ
diff --git a/labs/lab4/assets/31.png b/labs/lab4/assets/31.png
new file mode 100644
index 0000000..fc09df4
Binary files /dev/null and b/labs/lab4/assets/31.png differ
diff --git a/labs/lab4/assets/32.png b/labs/lab4/assets/32.png
new file mode 100644
index 0000000..b18e7c9
Binary files /dev/null and b/labs/lab4/assets/32.png differ
diff --git a/labs/lab4/assets/33.png b/labs/lab4/assets/33.png
new file mode 100644
index 0000000..6b3156c
Binary files /dev/null and b/labs/lab4/assets/33.png differ
diff --git a/labs/lab4/assets/34.png b/labs/lab4/assets/34.png
new file mode 100644
index 0000000..47566d0
Binary files /dev/null and b/labs/lab4/assets/34.png differ
diff --git a/labs/lab4/assets/35.png b/labs/lab4/assets/35.png
new file mode 100644
index 0000000..c1ec0d2
Binary files /dev/null and b/labs/lab4/assets/35.png differ
diff --git a/labs/lab4/assets/36.png b/labs/lab4/assets/36.png
new file mode 100644
index 0000000..82a9e49
Binary files /dev/null and b/labs/lab4/assets/36.png differ
diff --git a/labs/lab4/assets/37.png b/labs/lab4/assets/37.png
new file mode 100644
index 0000000..3134a1a
Binary files /dev/null and b/labs/lab4/assets/37.png differ
diff --git a/labs/lab4/assets/38.png b/labs/lab4/assets/38.png
new file mode 100644
index 0000000..ab9478e
Binary files /dev/null and b/labs/lab4/assets/38.png differ
diff --git a/labs/lab4/assets/39.png b/labs/lab4/assets/39.png
new file mode 100644
index 0000000..08a921b
Binary files /dev/null and b/labs/lab4/assets/39.png differ
diff --git a/labs/lab4/assets/4.png b/labs/lab4/assets/4.png
new file mode 100644
index 0000000..7b9be5a
Binary files /dev/null and b/labs/lab4/assets/4.png differ
diff --git a/labs/lab4/assets/40.png b/labs/lab4/assets/40.png
new file mode 100644
index 0000000..30b183e
Binary files /dev/null and b/labs/lab4/assets/40.png differ
diff --git a/labs/lab4/assets/41.png b/labs/lab4/assets/41.png
new file mode 100644
index 0000000..8804736
Binary files /dev/null and b/labs/lab4/assets/41.png differ
diff --git a/labs/lab4/assets/42.png b/labs/lab4/assets/42.png
new file mode 100644
index 0000000..a03a43d
Binary files /dev/null and b/labs/lab4/assets/42.png differ
diff --git a/labs/lab4/assets/5.png b/labs/lab4/assets/5.png
new file mode 100644
index 0000000..f5fceb7
Binary files /dev/null and b/labs/lab4/assets/5.png differ
diff --git a/labs/lab4/assets/6.png b/labs/lab4/assets/6.png
new file mode 100644
index 0000000..743d862
Binary files /dev/null and b/labs/lab4/assets/6.png differ
diff --git a/labs/lab4/assets/7.png b/labs/lab4/assets/7.png
new file mode 100644
index 0000000..9b9c2cd
Binary files /dev/null and b/labs/lab4/assets/7.png differ
diff --git a/labs/lab4/assets/8.png b/labs/lab4/assets/8.png
new file mode 100644
index 0000000..156c7e6
Binary files /dev/null and b/labs/lab4/assets/8.png differ
diff --git a/labs/lab4/assets/9.png b/labs/lab4/assets/9.png
new file mode 100644
index 0000000..e99de56
Binary files /dev/null and b/labs/lab4/assets/9.png differ
diff --git a/labs/lab4/report.pdf b/labs/lab4/report.pdf
new file mode 100644
index 0000000..255b1ea
Binary files /dev/null and b/labs/lab4/report.pdf differ
diff --git a/labs/lab4/report.typ b/labs/lab4/report.typ
new file mode 100644
index 0000000..0e366e2
--- /dev/null
+++ b/labs/lab4/report.typ
@@ -0,0 +1,255 @@
+#set text(size: 1.3em)
+#set page(footer: context {
+  if counter(page).get().first() > 1 [
+    #align(center)[
+      #counter(page).display("1")
+    ]
+  ]
+})
+
+
+#show raw.where(block: false): box.with(
+  fill: luma(240),
+  inset: (x: 3pt, y: 0pt),
+  outset: (y: 3pt),
+  radius: 2pt,
+)
+
+#show raw.where(block: true): block.with(
+  fill: luma(240),
+  inset: 10pt,
+  radius: 4pt,
+)
+    
+// title
+    
+#align(center)[Санкт-Петербургский национальный исследовательский университет информационных технологий, механики и оптики]
+\
+\
+\
+#align(center)[Факультет инфокоммуникационных технологий]
+#align(center)[Направление подготовки 11.03.02]
+\
+\
+#align(center)[Лабораторная работа №4]
+#align(center)[Элементы безопасности в Linux]
+\
+\
+\ //#align(center)[Вариант 19]
+\
+\
+\
+\
+\
+\
+\
+#align(right)[Выполнил:]
+#align(right)[Дощенников Никита Андреевич]
+#align(right)[Группа: К3221]
+#align(right)[Проверил:]
+#align(right)[Береснев Артем Дмитриевич]
+\
+\
+#align(center)[Санкт-Петербург]
+#align(center)[2025]
+
+#pagebreak()
+
+=== Цель работы: 
+
+Получить практические навыки работы с сетевой подсистемой в Linux, научится управлять пользователями, правами на файлы и каталоги, научиться
+настраивать сетевые интерфейсы, NAT и настраивать ssh.
+
+=== Часть 1. Подготовка конфигурации.
+
+У себя на машине я создал новую виртуальную сеть: 
+
+```bash
+virsh net-define /tmp/intnet.xml
+virsh net-autostart intnet
+virsh net-start intnet
+```
+
+Содержание файла `/tmp/intnet.xml`: 
+
+```xml
+<network>
+  <name>intnet</name>
+  <forward mode='none'/>
+</network>
+```
+
+К первой машине я добавил дополнительный интерфейс, подключенный к сети intnet: 
+
+```bash 
+virsh attach-interface --domain ubuntu24.04 --type network --source intnet --model virtio --config --live
+```
+
+Вторую машину я полностью перевел во внутреннюю сеть: 
+
+```bash
+virsh detach-interface --domain ubuntu24.04-clone --type network --mac 52:54:00:76:1f:db --config --live
+virsh attach-interface --domain ubuntu24.04-clone --type network --source intnet --model virtio --config --live
+```
+
+#align(center)[#image("assets/1.png")]
+#align(center)[#image("assets/2.png")]
+
+На `c7-1`:
+
+#align(center)[#image("assets/3.png")]
+#align(center)[#image("assets/5.png")]
+#align(center)[#image("assets/6.png")]
+#align(center)[#image("assets/8.png")]
+
+На `c7-2`: 
+
+#align(center)[#image("assets/4.png")]
+#align(center)[#image("assets/7.png")]
+#align(center)[#image("assets/9.png")]
+
+
+=== Часть 2. Создание пользователей и настройка OpenSSH Server (sshd).
+
+Я создал пользователя на каждой машине: 
+
+#align(center)[#image("assets/10.png")]
+#align(center)[#image("assets/11.png")]
+
+Затем я настроил `ssh` на обеих машинах: 
+
+#align(center)[#image("assets/12.png")]
+
+И перезапустил daemon:
+
+#align(center)[#image("assets/13.png")]
+
+Все те же действия я проделал на второй машине.
+
+Попробовал подключиться с `c7-1` на `c7-2`:
+
+#align(center)[#image("assets/14.png")]
+
+=== Часть 3. Подключение к виртуальной машине c7-1 по ssh через NAT VirtualBox.
+
+У себя на машине: 
+
+#align(center)[#image("assets/15.png")]
+
+#align(center)[#image("assets/16.png")]
+#align(center)[#image("assets/17.png")]
+
+Копирование файла с `c7-2` на `c7-1`:
+
+#align(center)[#image("assets/18.png")]
+
+Копирование с `c7-2` на `c7-1`:
+
+#align(center)[#image("assets/19.png")]
+
+=== Часть 4. Установка и настройка NAT в iptables.
+
+Я установил `iptables`:
+
+#align(center)[#image("assets/20.png")]
+
+Настроил клиентский NAT, то есть настроил связь между `10.0.0.0/24` и `enp1s0` через роутер `c7-1`.
+
+#align(center)[#image("assets/21.png")]
+
+Затем я разрешил форвардинг трафика на `c7-1`:
+
+#align(center)[#image("assets/22.png")]
+
+После этого я проверил работу интернета с `c7-2`:
+
+#align(center)[#image("assets/23.png")]
+
+Я настроил проброс порта: 
+
+#align(center)[#image("assets/24.png")]
+
+На `c7-1`: 
+
+#align(center)[#image("assets/25.png")]
+
+Локально: 
+
+#align(center)[#image("assets/26.png")]
+
+Текущие правила: 
+
+#align(center)[#image("assets/27.png")]
+
+Настройки не сбрасываются после перезагрузки: 
+
+#align(center)[#image("assets/28.png")]
+
+=== Часть 5. Настройка прав на файлы и каталоги.
+
+Я создал скрипт `mkuser.sh`:
+
+```bash
+#!/usr/bin/env bash
+set -euo pipefail
+count="${1:?}"
+start="${2:?}"
+for ((i=0;i<count;i++)); do
+  n=$((start+i))
+  u="u${n}"
+  p="DerParol${n}"
+  id -u "$u" >/dev/null 2>&1 || adduser --disabled-password --gecos "" "$u"
+  echo "${u}:${p}" | chpasswd
+done
+```
+
+#align(center)[#image("assets/29.png")]
+#align(center)[#image("assets/30.png")]
+
+Затем я создал группу: 
+
+#align(center)[#image("assets/31.png")]
+
+Членам группы я выдал полный доступ, а остальным только чтение: 
+
+#align(center)[#image("assets/32.png")]
+#align(center)[#image("assets/33.png")]
+
+Проверим: 
+
+#align(center)[#image("assets/34.png")]
+
+Я сделал так, чтобы в `/DATA/sec1` любой мог писать, но удалять - только свои файлы: 
+
+#align(center)[#image("assets/35.png")]
+
+Проверим: 
+
+#align(center)[#image("assets/36.png")]
+
+`/DATA/sec2` настроен на полный доступ для спец. пользователя, для пользователей `uN` только чтение, для прочих нельзя.
+
+#align(center)[#image("assets/37.png")]
+
+Проверим: 
+
+#align(center)[#image("assets/38.png")]
+
+В `/DATA/sec3` скопировал `nano` и любой пользователь смог изменять с помощью его файлы в нем.
+
+#align(center)[#image("assets/39.png")]
+
+Проверим: 
+
+#align(center)[#image("assets/40.png")]
+#align(center)[#image("assets/41.png")]
+
+Права: 
+
+#align(center)[#image("assets/42.png")]
+
+=== Часть 6. Настройка аутентификации по ключу.
+
+=== Часть 7. Sudo.
+
+=== Часть 8. Получение информации о пользователях.