ComputerSecurityStudent (CSS) [Login] [Join Now]

|UNIX >> SUDO >> Current Page |Views: 13342

(Very Basic Perl Parsing #2: /var/log/auth.log)

{ Searching for SUDO}

Background Information
  • Background
    • The Authorization Log tracks usage of authorization systems, the mechanisms for authorizing users which prompt for user passwords, such as the Pluggable Authentication Module (PAM) system, the sudo command, remote logins to sshd and so on. The Authorization Log file may be accessed at /var/log/auth.log. This log is useful for learning about user logins and usage of the sudo command.


  1. Login to your TargetUbuntu02 VM, as username administrator
    • For those of you that do not have access to my class, the TargetUbuntu02 VM is a Linux Ubuntu Operating System.


Section 1: Creating a very very basic Perl Script To Parse /var/log/auth.log
  1. Command:  vi


  2. Use the contents in the below sample file to paste into your script.


  3. Command: To save press the ESC Key, then type :wq!


  4. Command: chmod 700
    • chmod gives read, write and execute permissions to the perl script
    • Note: If a script does not have at least read(4) and execute(1) permission, then the script will not execute.


  5. Command: ./ -OR- perl
    • To execute a perl script you can do the following
      1. ./


      2. perl


  6. Your contents should look like (See Below).
    • Note: Pay attention to the USER and which COMMAND was run.
    • It should be red flag that the usernames for "sudo: administrator" and "USER=root" are not both administrator.


Proof of Lab
  1. Do a screen print of Section 1, Step 6 into a word document and submit to Moodle.

Help ComputerSecurityStudent
pay for continued research,
resources & bandwidth