Home » LPI » 117-201 » Which of the following methods could be used so that you will be notified whenever the suspect user is logged in?
You suspect malicious behavior by one of your console session users. Which of the following methods could be used so that you will be notified whenever the suspect user is logged in? The method should not tip off the suspect user or affect overall system integrity or performance to a noticeable degree.
A. Pipe the btmp file to a filter and launch a notification script if the user logs on.
B. Insert into the suspect user’s profile a script to notify you.
C. Configure syslogd to pipe all auth log messages to a script which checks for the suspect user and then notifies you via email.
D. Modify the user’s login script to inform you of his presence and then exec itself with the real shell.
Correct Answer: C
Explanation/Reference:
Explanation: Syslogd (the system log daemon) can be configured via the syslog.conf file. This file specifies where log entries should be written. You can configure syslogd to send authentication log messages to a script which checks for the suspect user and then notifies you via email.
Incorrect Answers
A:The btmp file is used to record failed logon attempts. This won’t work because the user is able to log on successfully.
B:Inserting a script into the users profile file won’t work because the user may notice the script if he/she looks at the profile file.
D:Modifying the users login script won’t work because the user may notice the modification if he/she looks at the script.
Download Printable PDF. VALID exam to help you PASS.
|
|