Linux logs and CLI applications

Posted on by

H2

I did this exercise with:

HP Pavilion 15-aw022no
AMD A9-9410 (2.9GHz, 2 Cores)
8GB DDR4-SDRAM 2133MHz (2 x 4)
256GB SSD
AMD Radeon R7 M440 (2GB, GDDR3)
Ubuntu 16.04.3 LTS

Instructions for exercises from: http://terokarvinen.com/2017/aikataulu-%E2%80%93-linux-palvelimet-ict4tn021-7-ti-ja-6-to-alkukevat-2018-5-op

a) Cause two different log events. One from successful action and one forbidden or unsuccessful action. Analyze log events.

00:36

Unsuccessful action:

First I opened terminal and gave command tail -f /var/log/auth.log to see authorization information such as user logins. Opened new terminal tab and gave command ssh matias@localhost. Next I typed wrong password. On the other terminal prompt informed:

Jan 29 00:39:12 matias-HP-Pavilion-Notebook sshd[2231]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=10.0.0.1 user=matias

Jan 29 00:39:12 – Date and time

matias-HP-Pavilion-Notebook – computer name

sshd[2231]: – Application’s name, number is possibly PROCID

– pam unix is probably a basic authentication modul for linux and (sshhd:auth): is probably a app-name field.

tty=ssh – My guess is tty indicates what protocol I used.

Rhost=10.0.0.1 – My guess is Rhost stands for remote host and number stands for remote host’s IPv4 address.

User=matias – My guess is this is the user which I tried to log in.

Jan 29 00:39:14 matias-HP-Pavilion-Notebook sshd[2231]: Failed password for matias from 10.0.0.1 port 48032 ssh2

Jan 29 00:39:12 – Date and time

matias-HP-Pavilion-Notebook – computer name

sshd[2231] – Application name and possibly PROCID

Failed password for matias from 10.0.0.1 port 48032 ssh2 – message what happened.

Overall analysis of these two logs. They show who tried to log in where, from where, when, with which protocol and was it successful. I couldn’t find information about every detail of these logs. Some help found from loggly.com.

01:19

Next was successful log.

In terminal I gave command tail -f /var/log/kern.log. Then I removed physically an USB drive from my laptop. Terminal informed:

Jan 29 01:20:46 matias-HP-Pavilion-Notebook kernel: [ 2798.619702] usb 2-2: USB disconnect, device number 4

Jan 29 01:20:46 – Date and time

matias-HP-Pavilion-Notebook – Computer name

kernel: [ 2798.619702] – I assume this indicates message is given because something changed on hardware, can’t find any information on the numbers.

Usb 2-2: – I assume this is the USB standard

USB disconnect, device number 4 – Message what have been happened.

Overall analysis from this log. This shows what have been removed and when.

b) Install a SSH-daemon. Try one of these on your own ssh-server: ssh-copy-id, sshfs, scp or git.

01:34

First on terminal I gave commands sudo apt-get update and sudo apt-get upgrade. Next sudo apt-get install ssh. Once it was finished, I gave command ssh matias@localhost. Then i gave command scp LinuxH1.odt matias@localhost. This didn’t work, it just gave cp: cannot stat ‘LinuxH1.odt’: No such file or directory as an answer. I made a new text file to /home/matias and named it a.txt. I tried again with command scp a.txt matias@localhost. This time it didn’t give any error messages so i checked my File manager, and there was a copy from the a.txt named mats@localhost.

matias@localhostFilemanager

I was left curious why it didn’t work with LinuxH1.odt, so i googled it. It seemed that i left out the path to the file in the command. Correct command was scp /home/matias/Documents/LinuxPalvelimet/LinuxH1.odt matias@localhost. This time it worked and it made a copy from LinuxH1.odt, but it didn’t make a new file. It did overwrite a.txt with LinuxH1.odt-file.

c) Create a apt-get install command of your dreams. One command which installs your favorite software.

Sudo apt-get install ssh gimp pinta apache2 -y
d) Install three new CLI apps with CLI and try them.

02:53

In terminal i gave command sudo apt-get install curl vim mutt -y. This installed all three apps on the same time. Immediately it displayed Postfix Configuration.

Postfix

I chose local only. Next i had to name a System mail name, i named it matias. After that it finished installations. Next tested curl, by giving a command curl https://jsonplaceholder.typicode.com/posts/2.

Curl

03:02

Then i tested Vim by giving command vim kolmeltaaamuyöllä.txt.

vim

This created a text file called kolmeltaaamuyöllä.

03:09

And lastly i tested Mutt by giving command mutt and then answered yes to question. I’ll familiarize my self with this application little later.

Mutt

Post Views: 833

Leave a Reply

Your email address will not be published.