Mission 297

Capstone suspicious login

Review auth evidence, SSH policy, firewall state, and notes.

Capstone labs
8 minutes Capstone Lesson 297 of 360
grepjournalctlufwtee
Lesson 297 of 360 0/360 lessons 0/17 missions Capstone labs · 8 minutes
0%
Continue View profile
Ops lab terminal Training lab
New learnerrank 0XP 0%complete
learner@clairos:/home/learner $ Unix ops lab: type a command, press Enter
Instructions 8 minutes

Click any instruction for the command details, the why, and the common mistake to avoid.

Find denied logins

Run grep denied /var/log/auth.log.

grep denied /var/log/auth.log
Read SSH journal

Run journalctl -u ssh -n 2.

journalctl -u ssh -n 2
Review firewall

Run ufw status verbose.

ufw status verbose
Write review

Run printf suspicious-login-reviewed | tee lab/login-review.txt.

printf suspicious-login-reviewed | tee lab/login-review.txt
Lesson support

What to notice while you play.

Objective

Review auth evidence, SSH policy, firewall state, and notes.

Hint

Run the commands in order and compare the outputs.

Why it matters

Junior operators build confidence by gathering evidence before changing systems.

Common mistakes
  • Skipping the inspection step.
  • Assuming one command tells the whole story.
Reference

Commands in this lesson.

grep [-i] <text> <file>

Find literal text inside a file.

tee <file>

Write piped text to a lab file and keep it on screen.

journalctl -u <service>

Read simulated service journal entries.

ufw status

Inspect simulated firewall rules.