1) In your opinion, what are the most important log files that a system
admin should check regularly (complete path will be nice)? Explain why
do you think it is important
2) In a typical log file, I get the following. Explain what it means to you.
a)
Code:
####################################################################################
Apr 3 08:48:10 machinename kernel: ** IN_SANITY **IN=eth0 OUT=
MAC=00:02:b3:ef:25:f1:00:0f:f7:70:8e:80:08:00 SRC=59.92.139.198
DST=67.18.183.194 LEN=40 TOS=0x00 PREC=0x00 TTL=45 ID=2775 PROTO=TCP
SPT=113 DPT=52837 WINDOW=0 RES=0x00 ACK RST FIN URGP=0
####################################################################################
b)
Code:
####################################################################################
Dec 20 2005 01:55:45 Deny TCP (no connection) from 10.54.202.42:3438 to
192.168.5.10/22 flags FIN ACK on interface outside
####################################################################################
Ans: A firewall is configured for it. Which Drop TCP packets of host 10.54.202.42.
c)
Code:
####################################################################################
Built inbound TCP connection 3491867 for faddr 10.54.202.41/3440 gaddr
192.168.5.10/22 laddr 192.168.7.1/22
Teardown TCP connection 3491867 for faddr 10.54.202.41/3440 gaddr
192.168.5.10/22 laddr 192.168.7.1/22 duration 0:00:02 bytes 102942 (TCP
FINs)
####################################################################################
3) If we ask you to build a linux box from just source code, what do you
think is the single most essential component you will need to start up?
Explain.