Subtitles of the Movie

In this video we examine system faults and security breaches. System faults include errors and related logging messages. Breaches are a specific type of fault such as an entry attempt by an unauthorized user. All are related to log files, generally stored in the var slash log directory and various sub-directories. Whenever you see a problem during your exam, the first place to look in most cases, are the associated log files. So, let's look at some of these log files. Logging configuration is defined in the etc slash syslog dot conf configuration file. Note how logging messages are directed to various configuration files. For example, authpriv messages that relate to secure shell access and sudo access are stored in var log secure. Many log names are descriptive. For example, the cron log file lists when cron jobs are run. The maillog file lists important events associated with outgoing e-mail services such as sendmail and postfix. The squid log file is associated with the squid Web proxy server. Let's look at a current list of log files. You'll note that some of these files have extensions like dot 1, dot 2, dot 3, and dot 4. By default these are log files that are rotated on a weekly basis. If you want to diagnose problems with an installation you should be interested in the anaconda dot log and anaconda dot sys log files. The anaconda dot sys log file is sort of like the first kernel ring buffer, like the first time the dmesg command is run upon installation. The anaconda dot log file documents a lot of what else happened during the installation process. If you're comfortable with the intricacies of security-enhanced Linux look at the files in the var log audit directory. Each of these files have things known as abc messages. They relate to enforcement events associated with security-enhanced Linux on your system. Cups jobs as documented in var log cups are related to the standard print servers, the common unix printing system. The logs in this directory are straightforward. Access logs are related to access attempts, error logs are associated with configuration problems, and page logs relate to print jobs. Similar log files are associated with the apache server, naturally these log files, at least the default version of these files, are stored at the var log httpd directory. They may be stored in different locations depending on configuration directives associated with your virtual servers. Access logs and error logs are straightforward. The log files that start with ssl are associated with access and errors to secure sites. The var log secure file, as you can see it, is associated with secure shell access as well as local access to the root account via sudo. Messages in the var slash log slash setroubleshoot directory are associated with the security-enhanced Linux troubleshooting browser, which itself is an important tool to help you diagnose problems with security-enhanced Linux. If there are problems with starting or running the X window, there are often clues available in the X window logs, namely x org dot zero dot log. If there are problems with updates they are now documented in the yum dot log file. And back to the sys log configuration file. Note how a lot of default logging messages are stored and sent to the var log messages file.