Local Access Troubleshooting

Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
or

Already have an account? Sign In »

Time
21 hours 25 minutes
Difficulty
Intermediate
CEU/CPE
21
Video Transcription
00:00
>> Hey there Siberians,
00:00
>> welcome back to the Linux plus course here at Cybrary.
00:00
>> I'm your instructor Rob Goelz.
00:00
In today's lesson, we're going to be
00:00
covering local access issues.
00:00
Upon completion of today's lesson,
00:00
you're going to be able to understand
00:00
>> the types of local access issues
00:00
>> that a user is likely to encounter,
00:00
>> as well as find local account information
00:00
>> and identify methods to troubleshoot
00:00
>> or resolve access issues.
00:00
Local access issues are really just those
00:00
>> that are experienced by users directly connected
00:00
>> to a Linux system.
00:00
>> Recall, we're going to talk about remote access issues
00:00
later in this module,
00:00
but there are few things you can check
00:00
>> when you're troubleshooting local access.
00:00
>> For example, if the account is new
00:00
>> and the user has logged in,
00:00
>> verify the user exists.
00:00
We can see them in the /etc/password/ file
00:00
and they should have
00:00
a password that's actually specified
00:00
>> and set in the /etc/shadow/ file.
00:00
>> For example, we use testuser for this lesson,
00:00
we could use grep testuser on /etc/password/.
00:00
We can see the user is there,
00:00
so their account has been created.
00:00
We see an x and that second column or the second field,
00:00
which indicates the user should have a password.
00:00
But then if we go over to /etc/shadow/,
00:00
we grep for a testuser in /etc/shadow/,
00:00
we see an exclamation point.
00:00
Well in this example,
00:00
this means that the shadow entry
00:00
>> for the user has an exclamation point.
00:00
>> This means that no password reset for this user.
00:00
They can have a real hard time logging in.
00:00
They don't have a password set.
00:00
Normally that second column would have
00:00
a long string of hash characters,
00:00
and that would indicate that
00:00
>> there was a password for that user.
00:00
>> Now if the user is not new,
00:00
well verify that the user's logged
00:00
>> into the system before
00:00
>> and there are a few ways that you could do that.
00:00
>> You could do a sudo last -f on /var/ log/ wtmp,
00:00
and then grep for the user.
00:00
That's going to check the login attempts.
00:00
We could also do a sudo lastlogged -u
00:00
>> and then specify the username
00:00
>> that checks that /var/log lastlog file
00:00
>> and it'll return never logged in
00:00
>> if the user is not found at all there.
00:00
>> Then we could use the lastb command
00:00
>> to grep for the user and check and see
00:00
>> if there are any failed login attempts.
00:00
>> If we don't see any logins for the user
00:00
>> or if we see failed logins,
00:00
>> we can verify the user account
00:00
exists the same way we did previously.
00:00
We can check and make sure that has a password
00:00
in the same way as we did in the last slide.
00:00
Grep for testuser and /etc/password/ grep for
00:00
that testuser or user in /etc/shadow/.
00:00
Now if the user has successfully logged in,
00:00
but they're still having issues locally accessing things,
00:00
check and see how they're logging in.
00:00
Is it is a view of the GUI or
00:00
are they using a text-based terminal?
00:00
If they're logging in via GUI interface,
00:00
have a user try terminal.
00:00
If they can login via the terminal,
00:00
then you can troubleshoot the GUI or the target.
00:00
If they login via terminal,
00:00
normally, we'll have them try a different one.
00:00
If they can log in via that terminal,
00:00
check and make sure that terminal device file
00:00
that they use isn't somehow corrupted.
00:00
If they can't log in at all,
00:00
then you also are down to
00:00
checking the target on the system.
00:00
When we're troubleshooting targets in system D,
00:00
the first thing that we're want to do
00:00
is look at the default system target.
00:00
We can find that by using system CTL gets -default.
00:00
System CTL get -default,
00:00
and if the system is configured for GUI,
00:00
it should return graphical dot target.
00:00
If the system is configured for
00:00
our multi-user terminal or in other words,
00:00
text-based terminal only environment,
00:00
the system CTL get
00:00
-default command should return multi-user target.
00:00
Now there are a few other random local access issues
00:00
that you might want to look out for.
00:00
For example, you can have a user
00:00
>> who just has their account log.
00:00
>> You can see this using the password command,
00:00
password -s, and then the username.
00:00
We can also check, look and see
00:00
>> if the account is expired using chage.
00:00
>> You can use chage -l and then the username,
00:00
and that will tell us whether or not
00:00
the account has expired.
00:00
Then finally, you may also want to investigate
00:00
this etc/security/access.com file
00:00
and make sure the user
00:00
>> or the terminal that's used by the user
00:00
>> isn't blocked in the access.com.
00:00
>> In this lesson, we covered the types of
00:00
local access issues a user may encounter
00:00
>> and we also talked about
00:00
>> how to find local user account information
00:00
>> and methods to troubleshoot
00:00
>> and resolve the access issues.
00:00
>> Thanks so much for being here
00:00
>> and I look forward to seeing you in the next lesson.
Up Next