Security+ Tracking System Activities (Flashcard #10)

By /

Listen to this Post

Tracking system activities is a critical aspect of cybersecurity, especially when preparing for the Security+ certification. Understanding how to monitor and log activities on a system can help identify potential security breaches and ensure compliance with security policies.

You Should Know:

1. Linux Commands for Tracking System Activities:

  • last: Displays a list of last logged in users. 
    last
  • who: Shows who is logged on the system. 
    who
  • w: Displays information about the users currently on the machine and their processes. 
    w
  • ps: Reports a snapshot of the current processes. 
    ps aux
  • top: Displays real-time system summary information and a list of processes. 
    top
  • auditd: The Linux audit daemon for tracking security-relevant information. 
    sudo systemctl start auditd
sudo auditctl -l

2. Windows Commands for Tracking System Activities:

  • eventvwr: Opens the Event Viewer to check system logs. 
    eventvwr
  • netstat: Displays active TCP connections, ports on which the computer is listening, and Ethernet statistics. 
    netstat -an
  • tasklist: Displays a list of currently running processes. 
    tasklist
  • schtasks: Schedules commands and programs to run periodically or at a specific time. 
    schtasks /query /fo LIST /v

3. Log Management:

  • Linux: Use `rsyslog` or `syslog-ng` for centralized log management. 
    sudo systemctl status rsyslog
  • Windows: Use the `wevtutil` command to manage event logs. 
    wevtutil qe Security /f:text

4. Monitoring Tools:

  • Linux: Tools like Nagios, Zabbix, and `Prometheus` can be used for system monitoring.
  • Windows: Use `Performance Monitor` and `Resource Monitor` for real-time system monitoring.

What Undercode Say:

Tracking system activities is essential for maintaining the security and integrity of any system. Whether you’re using Linux or Windows, the commands and tools mentioned above will help you monitor and log system activities effectively. For those preparing for the Security+ exam, mastering these commands is crucial. Always ensure that your logs are secure and regularly reviewed to detect any unusual activities.

For more detailed information on tracking system activities, you can refer to the CompTIA Security+ Certification Guide.

References:

Reported By: Housenathan Security – Hackers Feeds
Extra Hub: Undercode MoN
Basic Verification: Pass ✅

Join Our Cyber World:

Whatsapp
TelegramFeatured Image

Related Posts: