Hundreds of people log in to a server from remote locations per day. Which of the following
commands show remote SSH, FTP & telnet sessions for a particular day?
A.
cat /var/log/messages | grep “‘date “+%b %e”‘” | egrep ‘(telnet|ssh|ftp)’
B.
cat /var/log/messages | egrep ‘(telnet|ssh|ftp)’
C.
cat /var/log/messages | grep “`date “+%b %e”`” | grep -E ‘(telnet|ssh|ftp)’
D.
cat /var/log/messages | date | egrep ‘(telnet|ssh|ftp)’
E.
cat /var/log/messages > grep “‘date “+%b %e”‘” > egrep ‘(telnet\ssh\ftp)’
Explanation:
example for /var/log/messages:
Jan 1 01:02:03 host kernel: [ 1730.648910] usb 2-6: new high speed USB device
using ehci_hcd and address 3
`date “+%b %e”` gets the current date in the format “Jan 1”, so you filter entries for these dates only.
Then use the extended grep (egrep or grep -E) to filter for telnet or ssh or ftp.