Which of the following directories should be checked for system log files when a Linux system has been compromised?Select one:a./varb./etcc./bind./usr
Question
Which of the following directories should be checked for system log files when a Linux system has been compromised?
Select one:
- a.
/var - b.
/etc - c.
/bin - d.
/usr
Solution
When investigating a compromised Linux system, the primary directory to check for system log files is /var. This directory contains various logs that are essential for monitoring system activity and identifying potential security issues.
-
Understanding the Directory Structure:
/var: This directory typically includes log files located in/var/log, which are crucial for troubleshooting and security analysis./etc: This directory contains configuration files, not log files./bin: This directory holds executable binaries, which are not related to logs./usr: This directory contains user programs and may include some logs, but they are not the primary source for system logs.
-
Relevant Log Files: Common log files found in
/var/loginclude:syslog: Contains system activity logs.auth.log: Records authentication-related events, which can be critical for understanding unauthorized access.
In summary, the correct answer is:
Final Answer
a. /var
Similar Questions
Which directory is the top of the system's file-system hierarchy?A /etcB /C /home/rootD /root
Which directories are the default location for executable files?A. etc and varB. bin and sbinC. home and etcD. root and dev
In which of the following directory does the configuration files are present?0.5 Marks/bin/usr/home/etc
Executable files such as ping, grep and cp are stored in which directory?1 point/etc/bin/root/sbin
Which of the following Linux commands lists open files and what processes are using them?
Upgrade your grade with Knowee
Get personalized homework help. Review tough concepts in more detail, or go deeper into your topic by exploring other relevant questions.