Managing Log Files

Task 2: Review secure log files

In this task, I used common Linux tools to review the secure log files and used the lastlog Linux application to review the previous logins.

Step 1: Navigating to the correct folder

To validate that I was in the companyA home folder, I entered:

pwd

Then pressed Enter. If I wasn't in this folder, I would need to enter:

cd companyA

Step 2: Viewing secure log files

To use the secure log file as a test, I entered:

sudo less /tmp/log/secure

And pressed Enter. The output showed a list of errors and failures including the following information: where the user was trying to access from (IP address), if they failed authentication, and which port.

Usually, the secure log file is located at /var/log/secure. This activity presents a sample secure log file at /tmp/log/secure.

To exit the program, I entered:

Step 3: Reviewing last login information

To view the last login times of all the users on the machine, I entered:

sudo lastlog

And pressed Enter. The output displayed examples of the users who last logged in were: root which shows as never logged in, bin never logged in, and daemon never logged in, etc.

Additional challenge

What information can I extract for some of my business purposes?

From these log files, I can extract valuable information such as:

Potential security threats from repeated failed login attempts
Unusual login patterns or access times
Inactive user accounts that should be reviewed or disabled
Source IP addresses of login attempts for network security analysis