• Home
  • Archive
  • Tools
  • Contact Us

The Customize Windows

Technology Journal

  • Cloud Computing
  • Computer
  • Digital Photography
  • Windows 7
  • Archive
  • Cloud Computing
  • Virtualization
  • Computer and Internet
  • Digital Photography
  • Android
  • Sysadmin
  • Electronics
  • Big Data
  • Virtualization
  • Downloads
  • Web Development
  • Apple
  • Android
Advertisement
You are here: Home » unix Commands to Check Server Logs For Security

By Abhishek Ghosh September 16, 2015 9:34 am Updated on September 16, 2015

unix Commands to Check Server Logs For Security

Advertisement

Here is a Basic Guide For the Beginners to Self Manage Cloud Server Instances. Master these unix Commands to Check Server Logs For Security. Self-Managing server by one person only is quite dangerous. One of the reason why most advanced users’ server do not get under attack is precaution.

 

Introduction to unix Commands to Check Server Logs For Security

 

It is quite normal today for a new user to use a cheaper Cloud IaaS at $5-$10/month charge to host website. It is, indeed far better than Shared Hosting. But you should be aware at least to understand that you may be under attack! Installing WordPress is quite easy, but server administration is not exactly easy. We recommend to use HP Cloud IaaS over Rackspace and Softlayer for HP Cloud’s excellent virtual router, possibility to easily take a backup as snapshot and change the IP using OpenStack floating IP system.

How you’ll secure the server, that is fully different topic. This is for a basic checking. Perhaps, you installed WordPress reading our guides or someone else’s; that is great. But you need to learn more. Suddenly using web based graphical monitoring system may introduce more vulnerabilities due to your lack of knowledge!

Advertisement

---

You are doing these on a GNU/Linux server (we used Ubuntu) with Nginx PHP5-FPM setup as root user. There is no reason to think that, knowing these unix commands to check server logs for security is enough.

 

Where to Check these unix Commands to Check Server Logs

 

Usually, the location /var/log/ is constant. There is a file named /etc/rsyslog.conf (do not edit it without knowledge), that controls this location. On custom setup, we change this location. If a third party get access to log, they will find the flaw faster!

You should have a minimum idea about sed, grep, awk, tail, cat, last, more, head and unix pipe. These are basic commands or utilities. Only under /var/log/, there are are at least 30 files which are important to check, needless to say, some location & names are corresponding to our previous guides :

Vim
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
/var/log/nginx/access.log
/var/log/nginx/error.log
/var/log/nginx/fpm.status.log
/var/log/mysql/error.log
/var/log/mysql/mysql.log
/var/log/messages
/var/log/dmesg
/var/log/auth.log
/var/log/boot.log
/var/log/daemon.log
/var/log/dpkg.log
/var/log/kern.log
/var/log/lastlog
/var/log/maillog /var/log/mail.log
/var/log/user.log
/var/log/Xorg.x.log
/var/log/alternatives.log
/var/log/btmp
/var/log/anaconda.log
/var/log/cron
/var/log/secure
/var/log/wtmp or /var/log/utmp
/var/log/faillog
/var/log/mail/
/var/log/prelink/
/var/log/prelink/prelink.log
/var/log/audit/
/var/log/sssd/

for checking these files, running a cat is basic work :

Vim
1
cat /var/log/nginx/access.log

But, that is not a way to filter the errors. Our previous guide on XMLRPC attack elaborates complicated commands with real examples. It is mandatory to read, else you will not understand what we want to do with :

Vim
1
cat /var/log/nginx/access.log | grep xmlrpc | awk '{print $1}' | sort | uniq

 

unix Commands to Check Server Logs For Security : Networking

 

It is important to check the networking randomly. If you run this command (control+C is quit) :

Vim
1
sudo watch netstat -anlp

you’ll get an idea around the open requests towards the ports. netstat -na is great basic tool which can rule out DDoS attacks on IaaS. I expect that, the table for :

Vim
1
netstat -an | grep :443 | sort

will be larger than :

Vim
1
netstat -an | grep :80 | sort

for this website. This is a HSTS website. I can see the IP address sending requests :

Vim
1
netstat -ntu | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort -n

Last but not the least, top definitely one of the top notch basic command to check the system resource usage on the go. Q is to quit it. This is a server under attack, eating up the full memory attack (shown with yellow lines). Obviously, if you never checked the maximum memory consumed at highest load with a known number of traffic shown in any software like Google Analytics, normal situation will appear as “under attack”.

unix Commands to Check Server Logs For Security

These commands are lesser than what you really should know, but yet better than knowing nothing.

Tagged With unix commands to check logs , aix security logs , unix command to see logs , command to check log file on server , checking unix logs for attacks , xml logs and server using unix commands , checking logs with cat command in unix , check unix logs on host server , cat security server command , basic commands to check the unix server maintenance

This Article Has Been Shared 489 Times!

Facebook Twitter Pinterest

Abhishek Ghosh

About Abhishek Ghosh

Abhishek Ghosh is a Businessman, Surgeon, Author and Blogger. You can keep touch with him on Twitter - @AbhishekCTRL.

Here’s what we’ve got for you which might like :

Articles Related to unix Commands to Check Server Logs For Security

  • How to Upload Backup to Dropbox from Cloud Server

    Here is How to Upload Backup to Dropbox from Cloud Server in Case You Want To Keep Your Backup of Files and Database on a Free Cloud Storage.

  • WordPress Multisite on Nginx on Ubuntu 14.04 on HP Cloud

    Here is a Step by Step Guide on Setting Up WordPress Multisite on Nginx on Ubuntu 14.04 on HP Cloud with All Commands and the Configuration.

  • Steps To Install Nginx Plus on Ubuntu Server (HP Cloud)

    Here Are the Steps To Install Nginx Plus on Ubuntu Server Running on HP Cloud. Nginx Plus is the Paid Version of Nginx with Extra Features.

  • WordPress XML-RPC Attack & Fake PHP5-FPM Error

    WordPress XML-RPC Attack Can Bring DDoS Resulting in Random 502 PHP5-FPM Errors on Nginx Server or Can Make the Database Down. Here is Fix.

  • Business Cloud Computing : Use the Power of Cloud Computing

    Business Cloud Computing means Return of Investment. You can either power your business with Cloud or use Cloud Computing for a new Business itself.

Additionally, performing a search on this website can help you. Also, we have YouTube Videos.

Take The Conversation Further ...

We'd love to know your thoughts on this article.
Meet the Author over on Twitter to join the conversation right now!

If you want to Advertise on our Article or want a Sponsored Article, you are invited to Contact us.

Contact Us

Subscribe To Our Free Newsletter

Get new posts by email:

Please Confirm the Subscription When Approval Email Will Arrive in Your Email Inbox as Second Step.

Search this website…

 

Popular Articles

Our Homepage is best place to find popular articles!

Here Are Some Good to Read Articles :

  • Cloud Computing Service Models
  • What is Cloud Computing?
  • Cloud Computing and Social Networks in Mobile Space
  • ARM Processor Architecture
  • What Camera Mode to Choose
  • Indispensable MySQL queries for custom fields in WordPress
  • Windows 7 Speech Recognition Scripting Related Tutorials

Social Networks

  • Pinterest (24.3K Followers)
  • Twitter (5.8k Followers)
  • Facebook (5.7k Followers)
  • LinkedIn (3.7k Followers)
  • YouTube (1.3k Followers)
  • GitHub (Repository)
  • GitHub (Gists)
Looking to publish sponsored article on our website?

Contact us

Recent Posts

  • What is Voice User Interface (VUI) January 31, 2023
  • Proxy Server: Design Pattern in Programming January 30, 2023
  • Cyberpunk Aesthetics: What’s in it Special January 27, 2023
  • How to Do Electrical Layout Plan for Adding Smart Switches January 26, 2023
  • What is a Data Mesh? January 25, 2023

About This Article

Cite this article as: Abhishek Ghosh, "unix Commands to Check Server Logs For Security," in The Customize Windows, September 16, 2015, February 1, 2023, https://thecustomizewindows.com/2015/09/unix-commands-to-check-server-logs-for-security/.

Source:The Customize Windows, JiMA.in

PC users can consult Corrine Chorney for Security.

Want to know more about us? Read Notability and Mentions & Our Setup.

Copyright © 2023 - The Customize Windows | dESIGNed by The Customize Windows

Copyright  · Privacy Policy  · Advertising Policy  · Terms of Service  · Refund Policy

We use cookies on our website to give you the most relevant experience by remembering your preferences and repeat visits. By clicking “Accept”, you consent to the use of ALL the cookies.
Do not sell my personal information.
Cookie SettingsAccept
Manage consent

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.
CookieDurationDescription
cookielawinfo-checkbox-analytics11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional11 monthsThe cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy11 monthsThe cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
Functional
Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.
Performance
Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.
Analytics
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.
Advertisement
Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.
Others
Other uncategorized cookies are those that are being analyzed and have not been classified into a category as yet.
SAVE & ACCEPT