Commands Used:
grep <flag> <argument1 - regex> <argument2 - path>
sed <flag <argument1 – regex> <argument2 - path>
1) What is the regular expression to capture the date in mm/dd/yyyy format where mm is the month, dd is the day and yyyy is the year?
2) What are the limitations of this regex? (ie, can I enter a month over two digits? A 2-digit value over 12?)
3) Best practice as it relates to logging is to ‘aggregate’ or collect logs on a separate system as well as the host. If we are on the system that is aggregating those logs, and we want to pull all the messages that relate to our vm’s from the file named /opt/app/aggregate.log what would the regex be to find any event that has our hostname in it?
4) A common attack will be against DNS as it is a complex blend of host and networking skill sets, it’s not usually well understood how to set DNS up securely. How do we search the file above for any event from our vm’s that also contain the service name ‘named’ (without apostrophes, that was just to separate name and named)?
5) If neither of those show up, we would want to look at more general data. What would the command be to search the file above for an event from our host that had ‘error’ in the message section of an event?
6) What is the sed command to replace the first instance of ‘Sea’ in our teams.txt with the letter C?
7) Where does the output of the above command go to?
Commands Used
sed <flag> <argument1 – regex> <argument2 – filepath>
awk <argument1 – regex> <argument2 – filepath>
8) What happens if we run the sed command from question 6 and then redirect the STDOUT back to the same file with > ? (in essence, overwrite the file with the STDOUT of the regex after we saw it worked)
9) What happened to the content in teams.txt?
10) Why did this happen?
11) How could we work around this issue?
12) What is the sed command to replace every instance of Sea in teams2.txt with the letter C?
13) What is the awk command to print out every service that has caused a log message in our /var/log/messages file?
14) Redirect the output of an ls –alh into a file. Then vi the file, pick a single entry (for example, the location of the owner of the third file. It should either be student, or your user), and move the cursor to the start of the username. Replace the username with spaces so the owner of the file is blank, but all other data is lined up. For example:
-rw------- 1 student student 5.0K May 13 00:00 .bash_hisory
-rw------- 1 student 33 Mar 18 13:14 .bash_logout
That is the third column of data (if you use another column, you will have to reference your column accordingly). What is the awk command to show the list of each value in the third column of our redirected file?
15) What is the awk command to show each value in the fourth column of our file (or adjust your value if you did not modify the third column – what is the value of the next column over)?
16) What happened to that value?
17) Why?
pattie.pepper
p13.docx
0
