Security Essentials, Lab Manual page 27

Chapter 3 Security Evaluation 27 Copyright Goodheart-Willcox Co., Inc. May not be reproduced or posted to a publicly accessible website. Name ________________________________________________________________ Date ________________________ Class ________________ Lab 3-4 Explore Syslog in Linux Security administrators must be able to view and manage logs in multiple platforms. In this lab, you will explore the use of a system logging protocol (syslog) on a Linux platform, such as Kali Linux or Ubuntu. Learning Goals • Identify logs and location data on a Linux operating system. • Analyze event logs in syslog. Materials • Virtual machine or other machine for which you have administrator permissions • Kali Linux or Ubuntu Procedures 1. Log into your Linux distribution with root access. 2. Open a terminal. Navigate to the /var/log directory. Enter ls /var/log to see the listing type. Remember, commands, directories, and files are case sensitive in Linux. Create a screenshot of your logs. 3. By default, logs are rotated every week. When logs are rotated, they are renamed to the following order: filename.number. To see this, execute the following command syntax: ls -l /var/log/syslog Create and save a screenshot of your rotated logs. Note that logs are deleted after four weeks have passed however, five weeks of logs may be visible at any given time. 4. Another common log in the /var/log folder is messages. The kernel/core system logs are located there. To view the current messages log, key cat /var/log/messages, and press the [Enter] key. Create and save a screenshot of the log. 5. The auth log displays information about the authentication setup on the system. To view the log, enter and run the following syntax: cat /var/log/auth.log. Note, this can be a rather large file. The grep command can filter or query the log. To locate entries related to the root user, key cat /var/log/auth.log | grep root, and press the [Enter] key. Create a screenshot of this output. 6. The syslog service or daemon may run from different implementations, including syslog, rsyslogd, and syslog- ng. For this step, you will be using rsyslog. Key service -- status-all, and press the [Enter] key. Make sure to enter a space and two hyphens between service and status. Look for a plus (+) next to rsyslog to confirm if it is running. Which, if any, rsyslogs were running on your system? _ __________________________________________________________________________________________________________________ _________________________________________________________________________________________________________________ 7. You can view the primary settings for syslog (rsyslog). Key nano ryslog.conf, and press the [Enter] key. Browse through the file to view settings. Who is made the default owner of all log files? When you are finished, press [Ctrl][X] to exit. _ _________________________________________________________________________________________________________________

Previous Page Next Page

Security Essentials, Lab Manual Page 27 (35 of 232)

Resources and Downloads

Help