Log Files and their Significance

Question 1

Which logfile is the primary system log file which contains a wide variety of information about the system, including kernel messages, system error messages, and the startup messages of various services?

Answer 1

/var/log/syslog or /var/log/messages

Question 2

Which logfile records authentication logs, including successful and failed login attempts, and other authentication-related events?

Answer 2

/var/log/auth.log or /var/log/secure

Question 3

Which log file would you analyze to detect unauthorized access attempts or breaches?

Answer 3

/var/log/auth.log or /var/log/secure

Question 4

Which log file contains messages related to the system boot process and is useful for diagnosing issues related to the boot sequence and ensuring that all necessary services start correctly?

Answer 4

/var/log/boot.log

Question 5

Which log file holds messages related to kernel activities, such as hardware device status and driver messages and is valuable for troubleshooting hardware and driver issues?

Answer 5

/var/log/dmesg

Question 6

Which log file is dedicated to kernel logs and is useful for a deeper dive into kernel-specific messages and issues, separate from general system logs?

Answer 6

/var/log/kern.log

Question 7

Which log file records all cron job activities and helps in monitoring and troubleshooting scheduled tasks?

Answer 7

/var/log/cron.log

Question 8

Which log file maintains a log of failed login attempts and is useful for security analysis, especially in detecting potential brute-force or other unauthorized login attempts?

Answer 8

/var/log/faillog

Question 9

Which log file records all requests made to the Apache server?

Answer 9

/var/log/apache2/access.log

same with nginx, but the path is /var/log/nginx/access.log

Question 10

Which log file contains error messages, which are essential for troubleshooting web server issues?

Answer 10

/var/log/apache2/error.log

same with nginx, but the path is /var/log/nginx/error.log

Question 11

Which directory usually contains log files?

Answer 11

/var/log

Question 12

Which log file would include logs like creation of a new group, a new user, and the addition of the user into different groups?

Answer 12

/var/log/auth.log

Question 13

Which directory includes logs such as webserver, database, or file share server logs?

Answer 13

/var/log

Question 14

Where are the commands that are run on a Linux host using sudo logged?

Answer 14

/var/log/auth.log
<br/ >
~~~
/var/log/auth.log.1:Apr 17 21:04:29 Linux4n6 sudo: tryhackme : user NOT in sudoers ; TTY=pts/0 ; PWD=/home/tryhackme ; USER=root ; COMMAND=/usr/bin/apt-get install apache2
~~~

Question 15

Which log file stores logs for opened files in vim?

Answer 15

.viminfo in the home directory

command line history, search string history, etc. for the opened files

Question 16

What are the 3 log files that can be examined when searching for evidence of execution?

Answer 16

• /var/log/auth.log for sudo commands
• .bash_history
• .viminfo

Question 17

What does .bash_history contain?

Answer 17

any commands other than the ones run using sudo