Skip to main content

Examine Log Files and Remove Traces of Your Presence

Hands-On Lab

 

Photo of

Training Architect

Length

00:30:00

Difficulty

Intermediate

The goal of this lab is to find traces of your presence in the system logs and remove them.

What are Hands-On Labs?

Hands-On Labs are scenario-based learning environments where learners can practice without consequences. Don't compromise a system or waste money on expensive downloads. Practice real-world skills without the real-world risk, no assembly required.

Examine Log Files and Remove Traces of Your Presence

Introduction

The goal of this lab is to find traces of your presence in the system logs and remove them.

Connecting to the Lab

  1. Open your terminal application, and run the following command. (Remember to replace <PUBLIC_IP> with the public IP you were provided on the lab instructions page.)
    ssh cloud_user@<PUBLIC_IP>
  2. Type yes at the prompt.
  3. Enter your password at the prompt.

Find Your IP Address

  1. Open your web browser, and type, "What is my IP?" into your preferred search engine. (Or visit https://whatismyipaddress.com or https://www.whatsmyip.org.)
  2. Copy your IP address to your clipboard.
  3. Close your browser.

Remove Your IP Address from the System Logs

  1. In your terminal application, install vim.
    sudo yum install vim
  2. Become root.
    sudo -i
  3. Open the secure log file.
    sudo vim /var/log/secure
  4. At the bottom of the log file, type /, then paste the IP address you copied to your clipboard earlier.
  5. Press Enter to search the file for your IP address.
  6. Press ESC, then type i to enter Insert mode.
  7. Move your cursor to each entry containing your IP address, and delete them.
  8. Press Shift, then type :wq to exit the vim text editor.
  9. Type exit to log out of the server.

Conclusion

Congratulations, you've successfully completed this hands-on lab!