;;; 30-auth-log-lesson.el --- auth-log-lesson (defun auth-log-lesson () "Linux+ lesson for authentication logs." (interactive) (delete-other-windows) (let ((buf (get-buffer-create "*Auth Log Lesson*")) (shell (or shell-file-name (getenv "SHELL") "/bin/sh"))) (switch-to-buffer buf) (read-only-mode -1) (erase-buffer) (insert "Linux+ Lesson: Authentication Logs\n" "=================================\n\n" "Concept:\n" "Different Linux distributions store authentication logs in different locations.\n\n" "You MUST know this for Linux+:\n\n" " Red Hat / RHEL / Rocky / Alma:\n" " /var/log/secure\n\n" " Debian / Ubuntu:\n" " /var/log/auth.log\n\n" "Hands-on tasks (run in the terminal below):\n\n" "1. Try viewing both files:\n" " sudo less /var/log/auth.log\n" " sudo less /var/log/secure\n\n" " One of these will exist, depending on your distro.\n\n" "2. Search for failed logins:\n" " sudo grep -i fail /var/log/auth.log\n" " sudo grep -i fail /var/log/secure\n\n" "3. Search for ssh login activity:\n" " sudo grep ssh /var/log/auth.log\n" " sudo grep ssh /var/log/secure\n\n" "4. Count failed login attempts:\n" " sudo grep -i fail | wc -l\n\n" "Replace with the correct log file for your system.\n\n" "What to notice:\n" "- Which file exists\n" "- What failed login entries look like\n" "- How grep helps filter logs\n\n" "Linux+ exam trap:\n" "If the question mentions failed login attempts on a Red Hat system,\n" "the answer is:\n\n" " /var/log/secure\n\n" "When finished, run:\n" " M-x auth-log-quiz\n") (goto-char (point-min)) (view-mode 1) (split-window-below) (other-window 1) (let ((term (get-buffer "*term*"))) (if (buffer-live-p term) (switch-to-buffer term) (ansi-term shell "term"))) (other-window -1))) ;;; 30-auth-log-lesson.el ends here