• Home
  • Archive
  • Tools
  • Contact Us

The Customize Windows

Technology Journal

  • Cloud Computing
  • Computer
  • Digital Photography
  • Windows 7
  • Archive
  • Cloud Computing
  • Virtualization
  • Computer and Internet
  • Digital Photography
  • Android
  • Sysadmin
  • Electronics
  • Big Data
  • Virtualization
  • Downloads
  • Web Development
  • Apple
  • Android
Advertisement
You are here: Home » unix Commands to Check Server Logs For Security

By Abhishek Ghosh September 16, 2015 9:34 am Updated on September 16, 2015

unix Commands to Check Server Logs For Security

Advertisement

Here is a Basic Guide For the Beginners to Self Manage Cloud Server Instances. Master these unix Commands to Check Server Logs For Security. Self-Managing server by one person only is quite dangerous. One of the reason why most advanced users’ server do not get under attack is precaution.

 

Introduction to unix Commands to Check Server Logs For Security

 

It is quite normal today for a new user to use a cheaper Cloud IaaS at $5-$10/month charge to host website. It is, indeed far better than Shared Hosting. But you should be aware at least to understand that you may be under attack! Installing WordPress is quite easy, but server administration is not exactly easy. We recommend to use HP Cloud IaaS over Rackspace and Softlayer for HP Cloud’s excellent virtual router, possibility to easily take a backup as snapshot and change the IP using OpenStack floating IP system.

How you’ll secure the server, that is fully different topic. This is for a basic checking. Perhaps, you installed WordPress reading our guides or someone else’s; that is great. But you need to learn more. Suddenly using web based graphical monitoring system may introduce more vulnerabilities due to your lack of knowledge!

Advertisement

---

You are doing these on a GNU/Linux server (we used Ubuntu) with Nginx PHP5-FPM setup as root user. There is no reason to think that, knowing these unix commands to check server logs for security is enough.

 

Where to Check these unix Commands to Check Server Logs

 

Usually, the location /var/log/ is constant. There is a file named /etc/rsyslog.conf (do not edit it without knowledge), that controls this location. On custom setup, we change this location. If a third party get access to log, they will find the flaw faster!

You should have a minimum idea about sed, grep, awk, tail, cat, last, more, head and unix pipe. These are basic commands or utilities. Only under /var/log/, there are are at least 30 files which are important to check, needless to say, some location & names are corresponding to our previous guides :

Vim
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
/var/log/nginx/access.log
/var/log/nginx/error.log
/var/log/nginx/fpm.status.log
/var/log/mysql/error.log
/var/log/mysql/mysql.log
/var/log/messages
/var/log/dmesg
/var/log/auth.log
/var/log/boot.log
/var/log/daemon.log
/var/log/dpkg.log
/var/log/kern.log
/var/log/lastlog
/var/log/maillog /var/log/mail.log
/var/log/user.log
/var/log/Xorg.x.log
/var/log/alternatives.log
/var/log/btmp
/var/log/anaconda.log
/var/log/cron
/var/log/secure
/var/log/wtmp or /var/log/utmp
/var/log/faillog
/var/log/mail/
/var/log/prelink/
/var/log/prelink/prelink.log
/var/log/audit/
/var/log/sssd/

for checking these files, running a cat is basic work :

Vim
1
cat /var/log/nginx/access.log

But, that is not a way to filter the errors. Our previous guide on XMLRPC attack elaborates complicated commands with real examples. It is mandatory to read, else you will not understand what we want to do with :

Vim
1
cat /var/log/nginx/access.log | grep xmlrpc | awk '{print $1}' | sort | uniq

 

unix Commands to Check Server Logs For Security : Networking

 

It is important to check the networking randomly. If you run this command (control+C is quit) :

Vim
1
sudo watch netstat -anlp

you’ll get an idea around the open requests towards the ports. netstat -na is great basic tool which can rule out DDoS attacks on IaaS. I expect that, the table for :

Vim
1
netstat -an | grep :443 | sort

will be larger than :

Vim
1
netstat -an | grep :80 | sort

for this website. This is a HSTS website. I can see the IP address sending requests :

Vim
1
netstat -ntu | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort -n

Last but not the least, top definitely one of the top notch basic command to check the system resource usage on the go. Q is to quit it. This is a server under attack, eating up the full memory attack (shown with yellow lines). Obviously, if you never checked the maximum memory consumed at highest load with a known number of traffic shown in any software like Google Analytics, normal situation will appear as “under attack”.

unix Commands to Check Server Logs For Security

These commands are lesser than what you really should know, but yet better than knowing nothing.

Tagged With unix commands to check logs , aix security logs , unix command to see logs , command to check log file on server , checking unix logs for attacks , xml logs and server using unix commands , checking logs with cat command in unix , check unix logs on host server , cat security server command , basic commands to check the unix server maintenance

This Article Has Been Shared 953 Times!

Facebook Twitter Pinterest
Abhishek Ghosh

About Abhishek Ghosh

Abhishek Ghosh is a Businessman, Surgeon, Author and Blogger. You can keep touch with him on Twitter - @AbhishekCTRL.

Here’s what we’ve got for you which might like :

Articles Related to unix Commands to Check Server Logs For Security

  • How to Upload Backup to Dropbox from Cloud Server

    Here is How to Upload Backup to Dropbox from Cloud Server in Case You Want To Keep Your Backup of Files and Database on a Free Cloud Storage.

  • WordPress Multisite on Nginx on Ubuntu 14.04 on HP Cloud

    Here is a Step by Step Guide on Setting Up WordPress Multisite on Nginx on Ubuntu 14.04 on HP Cloud with All Commands and the Configuration.

  • Steps To Install Nginx Plus on Ubuntu Server (HP Cloud)

    Here Are the Steps To Install Nginx Plus on Ubuntu Server Running on HP Cloud. Nginx Plus is the Paid Version of Nginx with Extra Features.

  • WordPress XML-RPC Attack & Fake PHP5-FPM Error

    WordPress XML-RPC Attack Can Bring DDoS Resulting in Random 502 PHP5-FPM Errors on Nginx Server or Can Make the Database Down. Here is Fix.

  • Business Cloud Computing : Use the Power of Cloud Computing

    Business Cloud Computing means Return of Investment. You can either power your business with Cloud or use Cloud Computing for a new Business itself.

Additionally, performing a search on this website can help you. Also, we have YouTube Videos.

Take The Conversation Further ...

We'd love to know your thoughts on this article.
Meet the Author over on Twitter to join the conversation right now!

If you want to Advertise on our Article or want a Sponsored Article, you are invited to Contact us.

Contact Us

Subscribe To Our Free Newsletter

Get new posts by email:

Please Confirm the Subscription When Approval Email Will Arrive in Your Email Inbox as Second Step.

Search this website…

 

Popular Articles

Our Homepage is best place to find popular articles!

Here Are Some Good to Read Articles :

  • Cloud Computing Service Models
  • What is Cloud Computing?
  • Cloud Computing and Social Networks in Mobile Space
  • ARM Processor Architecture
  • What Camera Mode to Choose
  • Indispensable MySQL queries for custom fields in WordPress
  • Windows 7 Speech Recognition Scripting Related Tutorials

Social Networks

  • Pinterest (22.1K Followers)
  • Twitter (5.8k Followers)
  • Facebook (5.7k Followers)
  • LinkedIn (3.7k Followers)
  • YouTube (1.3k Followers)
  • GitHub (Repository)
  • GitHub (Gists)
Looking to publish sponsored article on our website?

Contact us

Recent Posts

  • The Future Of Serverless: The Load-Intensive Workload Case May 25, 2022
  • Cutting Out The Coding: Serverless Computing In Action May 24, 2022
  • Types of Blackjack Variants: Discover the Different Versions of the Game May 23, 2022
  • How Cloud, Robotics And Sensor Technologies Are Changing The Business Landscape May 23, 2022
  • Modernizing Your Business With a Hybrid Cloud Strategy May 22, 2022

About This Article

Cite this article as: Abhishek Ghosh, "unix Commands to Check Server Logs For Security," in The Customize Windows, September 16, 2015, May 25, 2022, https://thecustomizewindows.com/2015/09/unix-commands-to-check-server-logs-for-security/.

Source:The Customize Windows, JiMA.in

This website uses cookies. If you do not want to allow us to use cookies and/or non-personalized Ads, kindly clear browser cookies after closing this webpage.

Read Privacy Policy.

PC users can consult Corrine Chorney for Security.

Want to know more about us? Read Notability and Mentions & Our Setup.

Copyright © 2022 - The Customize Windows | dESIGNed by The Customize Windows

Copyright  · Privacy Policy  · Advertising Policy  · Terms of Service  · Refund Policy