1
00:00:07,170 --> 00:00:08,220
- So in this lab,

2
00:00:08,220 --> 00:00:11,730
you need to find a file
where errors are written to.

3
00:00:11,730 --> 00:00:14,073
Well, if it's a file, then it's rsyslog.

4
00:00:15,660 --> 00:00:17,280
If it's rsyslog,

5
00:00:17,280 --> 00:00:21,100
then you should start with rsyslog.conf

6
00:00:22,440 --> 00:00:24,363
Where we can see,

7
00:00:25,500 --> 00:00:26,766
there we go.

8
00:00:26,766 --> 00:00:27,742
Authpriv.

9
00:00:27,742 --> 00:00:32,742
Authpriv is the authentication
related priority.

10
00:00:32,790 --> 00:00:35,400
And the authentication related priority

11
00:00:35,400 --> 00:00:38,730
is writing all messages to var/log/secure

12
00:00:38,730 --> 00:00:40,650
So you know what? We found it.

13
00:00:40,650 --> 00:00:41,973
var/log/secure.

14
00:00:43,380 --> 00:00:46,230
Authpriv. That's the priority
that you should be looking at.

15
00:00:46,230 --> 00:00:50,190
And if you use less /var/log/secure,

16
00:00:50,190 --> 00:00:51,150
what is in there?

17
00:00:51,150 --> 00:00:53,280
Well, stuff like this.

18
00:00:53,280 --> 00:00:57,810
Security related,
authentication related events

19
00:00:57,810 --> 00:01:00,600
You will see a lot of
pam messages as well.

20
00:01:00,600 --> 00:01:03,480
Pam is for plugable
authentication modules.

21
00:01:03,480 --> 00:01:07,350
That's a system behind
authentication in a Linux system

22
00:01:07,350 --> 00:01:10,173
and that's all that I expected
you to do for this lab.