creator/Anthropic-Cybersecurity-Skills
1
0
Fork 0
mirror of https://github.com/mukul975/Anthropic-Cybersecurity-Skills.git synced 2026-06-11 13:44:56 +03:00
Code Issues Packages Projects Releases Wiki Activity
Files
d5f3fa32486ea335db802d68fe2147fa2da69583
Anthropic-Cybersecurity-Skills/skills/performing-linux-log-forensics-investigation/references/workflows.md
T

634 B
Raw Blame History

Workflows - Linux Log Forensics

Workflow 1: Authentication Investigation

Collect /var/log/auth.log and rotated copies
    |
Parse for successful and failed SSH logins
    |
Identify brute force sources (>10 failures per IP)
    |
Trace sudo command execution by user
    |
Detect account creation/modification events
    |
Correlate with wtmp/btmp login records

Workflow 2: Full System Timeline

Collect all logs from /var/log/
    |
Export systemd journal (journalctl --output=json)
    |
Parse audit.log for security events
    |
Merge into unified timeline
    |
Identify unauthorized access and persistence
Reference in New Issue View Git Blame Copy Permalink