logo

CMP3750M Cyber Security Assessment

Locating and interpreting log files for authentication and analyzing log file output from an Apache web server.

12 Pages1547 Words19 Views
   

Added on  2022-08-25

CMP3750M Cyber Security Assessment

Locating and interpreting log files for authentication and analyzing log file output from an Apache web server.

   Added on 2022-08-25

ShareRelated Documents
END OF MODULE ASSESSMENT: In-Class Test
COLLEGE: Science
SCHOOL: School of Computer
Science
MODULE: Cyber Security
MODULE CODE: CMP3750M
LEVEL: 3
CO-ORDINATOR: Yvonne James
DATE: May 2020
TIME ALLOWED: 2 Hours
INSTRUCTIONS TO STUDENTS:
QUESTIONS TO ANSWER: Answer ALL
questions
MARKING SCHEME: Questions are
individually weighted
MATERIALS PROVIDED: None
MATERIALS ALLOWED: Pen and Paper, PC
NOTES TO STUDENTS: Attempt all questions.
Please write your answers on this answer file and
submit the Supporting Documents on Blackboard. Once
Page 1 of 4
CMP3750M Cyber Security Assessment_1
submitted you cannot change the file. This is a single
submission only.
Do not use the Internet.
Once completed upload this document to Blackboard.
Page 2 of 4
CMP3750M Cyber Security Assessment_2
Part 1: Locating and interpreting log files
Log files are files used by computers to log events. Software
programs, background processes, services, or transactions
between services, including the operating system, generate
these events. Log files are dependent on the application that
generates them and is implemented by the software developer.
1. Identify the log files used for authentication.
What is the log file used for authentication?
auth.log; this log file’s location is: /var/log/auth.log [2
Marks]
4. The output below is from a log file generated by an
Apache web server.
[Wed Mar 22 11:23:12.207022 2017] [core:error] [pid 3548:tid 4682351596]
[client 209.165.200.230] File does not exist:
/var/www/apache/htdocs/favicon.ico
What information do the following identifiers provide?
Identifier Information provided
Timestamp [Wed Mar 22 11:23:12.207022 2017]
This is a record that shows exactly
when the event took place.
PID [pid 3548:tid 4682351596]
This is the ID of the process that was
affected by the event. The thread ID
is also given.
Type [core:error]
This shows the type of event that
occurred and its severity.
Client [client 209.165.200.230]
This contains the IP address of the
Page 3 of 4
CMP3750M Cyber Security Assessment_3
client that made the request.
Description File does not exist:
/var/www/apache/htdocs/favicon.ico
This is contains the details of
the event that occurred.
[5 Marks]
Examine the output and describe what happened.
[6 Marks]
The generated output shows that on Wednesday, March 22,
at 11:23am in 2017, a core error occurred because the file
‘favicon.ico’ did not exist. The missing file is supposed to be
located at /var/www/apache/htdocs/favicon.ico
Page 4 of 4
CMP3750M Cyber Security Assessment_4

End of preview

Want to access all the pages? Upload your documents or become a member.