ComputerSecurityStudent (CSS) [Login] [Join Now]

|UNIX >> SUDO >> Current Page |Views: 15996

(Very Basic Perl Parsing #1: /var/log/auth.log)

{ Searching for SUDO}

Background Information
  • Background
    • The Authorization Log tracks usage of authorization systems, the mechanisms for authorizing users which prompt for user passwords, such as the Pluggable Authentication Module (PAM) system, the sudo command, remote logins to sshd and so on. The Authorization Log file may be accessed at /var/log/auth.log. This log is useful for learning about user logins and usage of the sudo command.


  1. Login to your TargetUbuntu01 VM, as username administrator
    • For those of you that do not have access to my class, the TargetUbuntu01 VM is a Linux Ubuntu Operating System.


Section 1: Creating a very very basic Perl Script To Parse /var/log/auth.log
  1. Command:  vi


  2. Place the below contents in your script (See Below)
    • #!/usr/bin/perl

      #Create Array, by filling it with grep'ing for sudo
      #in the auth.log file
      @DATA = `grep sudo /var/log/auth.log`;

      #Counter variable for current line number
      my $cnt = 0;

      foreach my $line (@DATA)
           print "Line ($cnt): $line\n";

           #Increment cnt variable
           print "-------------------------------------\n";



  3. Command: chmod 700
    • chmod gives read, write and execute permissions to the perl script
    • Note: If a script does not have at least read(4) and execute(1) permission, then the script will not execute.


  4. Command: ./ -OR- perl
    • To execute a perl script you can do the following
      1. ./


      2. perl


  5. Your contents should look like (See Below).
    • Note: Pay attention to the USER and which COMMAND was run.
    • It should be red flag that the usernames for "sudo: administrator" and "USER=root" are not both administrator.


Proof of Lab
  1. Do a screen print of Section 1, Step 5 into a word document and submit to moodle.

























Help ComputerSecurityStudent
pay for continued research,
resources & bandwidth