Files
linuxplus/30-auth-log-lesson.el
2026-06-16 10:40:35 -04:00

57 lines
2.0 KiB
EmacsLisp

;;; 30-auth-log-lesson.el --- auth-log-lesson
(defun auth-log-lesson ()
"Linux+ lesson for authentication logs."
(interactive)
(delete-other-windows)
(let ((buf (get-buffer-create "*Auth Log Lesson*"))
(shell (or shell-file-name (getenv "SHELL") "/bin/sh")))
(switch-to-buffer buf)
(read-only-mode -1)
(erase-buffer)
(insert
"Linux+ Lesson: Authentication Logs\n"
"=================================\n\n"
"Concept:\n"
"Different Linux distributions store authentication logs in different locations.\n\n"
"You MUST know this for Linux+:\n\n"
" Red Hat / RHEL / Rocky / Alma:\n"
" /var/log/secure\n\n"
" Debian / Ubuntu:\n"
" /var/log/auth.log\n\n"
"Hands-on tasks (run in the terminal below):\n\n"
"1. Try viewing both files:\n"
" sudo less /var/log/auth.log\n"
" sudo less /var/log/secure\n\n"
" One of these will exist, depending on your distro.\n\n"
"2. Search for failed logins:\n"
" sudo grep -i fail /var/log/auth.log\n"
" sudo grep -i fail /var/log/secure\n\n"
"3. Search for ssh login activity:\n"
" sudo grep ssh /var/log/auth.log\n"
" sudo grep ssh /var/log/secure\n\n"
"4. Count failed login attempts:\n"
" sudo grep -i fail <file> | wc -l\n\n"
"Replace <file> with the correct log file for your system.\n\n"
"What to notice:\n"
"- Which file exists\n"
"- What failed login entries look like\n"
"- How grep helps filter logs\n\n"
"Linux+ exam trap:\n"
"If the question mentions failed login attempts on a Red Hat system,\n"
"the answer is:\n\n"
" /var/log/secure\n\n"
"When finished, run:\n"
" M-x auth-log-quiz\n")
(goto-char (point-min))
(view-mode 1)
(split-window-below)
(other-window 1)
(let ((term (get-buffer "*term*")))
(if (buffer-live-p term)
(switch-to-buffer term)
(ansi-term shell "term")))
(other-window -1)))
;;; 30-auth-log-lesson.el ends here