Mission 90

Auth log review

Search training SSH activity for accepted and denied attempts.

Security administration
8 minutes Admin Lesson 90 of 360
journalctlgrep
Lesson 90 of 360 0/360 lessons 0/17 missions Security administration · 8 minutes
0%
Continue View profile
Ops lab terminal Training lab
New learnerrank 0XP 0%complete
learner@clairos:/home/learner $ Unix ops lab: type a command, press Enter
Instructions 8 minutes

Click any instruction for the command details, the why, and the common mistake to avoid.

Read SSH journal

Run journalctl -u ssh.

journalctl -u ssh
Find denied

Run grep denied /var/log/auth.log.

grep denied /var/log/auth.log
Find accepted

Run grep accepted /var/log/auth.log.

grep accepted /var/log/auth.log
Lesson support

What to notice while you play.

Objective

Find successful and denied SSH events.

Hint

Use journalctl -u ssh and grep accepted or denied.

Why it matters

Security review starts with knowing who got in and who failed.

Common mistakes
  • Only checking failed attempts.
  • Ignoring accepted access.
Reference

Commands in this lesson.

grep [-i] <text> <file>

Find literal text inside a file.

journalctl -u <service>

Read simulated service journal entries.