Exercise 51: Colorado Insurers


There are a number of logs to check for entries that might indicate an intrusion. The primary ones you should examine are

  • /var/log/faillog Open a shell prompt and use the faillog utility to view a list of users' failed authentication attempts.

    TIP

    If the faillog utility does not return any data, there have been no failed login attempts.


  • /var/log/lastlog Open a shell prompt and use the lastlog utility to view a list of all users and when they last logged in.

  • /var/log/messages Use grep, or a derivative thereof, to find login related entries in this file.

  • /var/log/wtmp Open a shell prompt and use the last command to view a list of users who have authenticated to the system.



NovellR Linux Certification Practium Lab Manual
NovellR Linux Certification Practium Lab Manual
ISBN: N/A
EAN: N/A
Year: 2004
Pages: 192

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net