Lab 3: Log Analysis and Monitoring — CompTIA A+ Cyber Companion

0 / 6 tasks completed

📋 Tasks

1 View the 50 most recent authentication events

sudo tail -50 /var/log/auth.log

2 Count failed SSH login attempts by IP address

sudo grep 'Failed password' /var/log/auth.log | awk '{print $(NF-3)}' | sort | uniq -c | sort -rn

3 Check for users with UID 0 (root-level access)

awk -F: '$3 == 0 {print $1}' /etc/passwd

4 Find files modified in the last 24 hours in /etc

sudo find /etc -mtime -1 -type f

5 Block the attacking IP with ufw

sudo ufw deny from 10.0.0.55

6 Verify the firewall rule

sudo ufw status numbered

bash — cyber-lab

Welcome to Lab 3: Log Analysis and Monitoring

Type commands below to complete each task. Type 'help' for available commands.

──────────────────────────────────────────────

student@cyber-lab:~$

💡 Complete task 1: View the 50 most recent authentication events

How would you automate this process to run every 5 minutes?

← Lab 2 Lab 4 →