Linux Logs Investigations

Just like a map guides explorers, logs can be used to navigate system administrators and security analysts through the intricate world of Linux. This room equips you with essential skills to decipher these logs, focusing on core areas like logging levels, kernel whispers via /var/log/kern.log, user interactions, the watchful eye of auditd, the versatile syslog, and the modern journal. By the end, you'll be able to unearth hidden clues and safeguard your systems.

Objectives

• Learn about the different types of logs recorded on Linux systems.
• Learn how to perform forensic analysis through logs on Linux systems, focused on determining malicious processes, services, and scripts.
• Hunt malicious processes, services, and configurations to mitigate further compromise in a hands-on IR scenario.
  

Prerequisites

To understand how to work with Linux logs for forensic investigations, you should have a solid grasp of the Linux operating system basics and system hardening concepts.

• Log Analysis
• Linux Fundamentals: Part 1, Part 2, and Part 3
• Linux File System Analysis
• Linux System Hardening

Connecting to the machine

To start the VM, press the green Start Machine button attached to this task. The machine will start in split view. In case it is not showing up, you can press the blue Show Split View button at the top of the page.