February 2020
Intermediate to advanced
666 pages
15h 45m
English
Content preview from Mastering Linux Security and Hardening - Second Edition
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
Start your free trial
The system log and the authentication log
It doesn't matter whether you're talking about the syslog and auth.log files on Debian/Ubuntu or the messages and secure files on RHEL/CentOS. On either system, the files are the same, just with different names. The system log files and the authentication log files have the same basic structure and are all plaintext files. This makes it easy to search for specific information with tools that are already built into Linux. It doesn't really matter which virtual machine (VM) we use for this, other than to keep the names of the files straight.
To begin, let's look at a simple message from the system log:
Jul 1 18:16:12 localhost systemd[1]: Started Postfix Mail Transport Agent.
Here's the breakdown: