SR

week 6

Checkpoint deadlines and policies

  • Clear distinction between hard deadlines and purple-patch flexibility for the first checkpoint

  • Instructor expresses willingness to understand for the first checkpoint, but moving forward, deadlines are hard.

  • If a student has a special situation, they should discuss it with the instructor to get it sorted out

  • Penalties: students will be docked points for late submissions; no full credit for late work

  • The instructor emphasizes the goal of minimizing late submissions so the checkpoint isn’t missed

  • No explicit numeric penalty beyond “docked points,” but a reference to missing the checkpoint as a consequence

Splunk deep dive, market value, and lab details

  • New item unlocked: Homeland number five (Splunk-focused lab) and enterprise challenge context

  • Splunk as a career-changing tool in systems administration

    • Splunk can enable a six-figure job with the right role (e.g., Splunk Administrator, Splunk Architect)

    • Market signals can be checked by doing live job searches for tool Certifications and roles

  • Job-market check example: search terms like “Splunk administrator” reveal roles such as Splunk admin systems engineer with salary ranges around 140{,}000 annually or 65{-}90{,}000 per year depending on region and role

    • These examples illustrate market demand and salary potential for Splunk skills

  • Splunk lab expectations

    • Students will deploy Splunk and learn core fundamentals; this is directly relevant to their resume and job prospects

    • Splunk is an industry-leading tool, with relevance to cyber security (vulnerability analysis and SIEM integrations).

Certification track: Splunk offers certification pathways up to Architect level; certifications can correlate with higher compensation.

Professor

  • Real-world relevance

    • Splunk is used in cyber security and SIEM deployments; hands-on experience in the lab mirrors enterprise deployments

Periodic processes, backups, and log files (lecture content)

  • Core definitions

    • A process = any program running on a system; can run in foreground or background

    • Foreground processes are visible (e.g., on-screen apps); background processes support OS or applications

  • Periodic processes

    • Some background processes run continuously; most run only when needed, then terminate until next trigger

    • They handle system/admin tasks (e.g., setting up shared drives, maintenance tasks)

    • Many periodic processes are installed with the OS or software (Windows, Linux) but you can also create your own using Task Scheduler (Windows) or Cron (Unix/Linux)

  • Task Scheduler (Windows)

    • Built-in in Windows (client and server editions)

    • Graphical interface to configure scheduled tasks (scheduled tasks = triggers + actions)

    • Observing existing tasks (example: Office automatic updates 2.0) shows multiple triggers (e.g., daily at 3:00 AM, logon, idle)

    • Each task points to an executable or script; tasks can use specialized options for the executable (under the program path and arguments)

    • Creating a basic task: a wizard guides you through naming, description, triggers, actions, and starting conditions

    • Actions examples: start a program (executable or script). Other actions (send email, display message) are deprecated

    • You can run scripts in PowerShell, Python, batch, etc.; scripts enable automation beyond single executables

    • Unattended vs attended execution: ensure scripts can run without manual interaction if you want full automation

  • Cron (Linux/Unix)

    • In Linux, cron is the command-line tool that schedules tasks; cron table (crontab) stores the jobs as plain text files

    • Cron jobs are similar in concept to Windows tasks: they automate admin/system maintenance tasks

    • Cron basics: a cron job consists of minutes, hours, day of month, month, day of week, and the command to run

    • The structure resembles a table: columns = fields, rows = individual cron jobs

    • Typical fields and their meaning

    • Minutes, Hours, Day of Month, Month, Day of Week, Command

    • Wildcards: the asterisk “*” acts as a wildcard for any value in a given field

    • Example interpretation of a cron line form:

    • A cron line like: 0 ext{ }12 ext{ }*\ *\ 1-5\ /root/checkservers.sh corresponds to: at minute 0 of hour 12 on Monday through Friday, execute /root/checkservers.sh

    • Syntax understanding: you can edit with a text editor or use GUI cron generators to format the line correctly

  • Linux vs Windows reminders

    • In Linux, everything (including scheduled tasks) is treated as a file interaction; Cron jobs are stored in a cron tab file

    • You can deny or allow certain cron usage (cron deny) for security controls

  • Practical examples of periodic tasks

    • File system cleanup (periodic purge of temporary files and cookies)

    • Log management and log rotation (move old logs to archive storage)

    • Software installation persistence checks (ensuring critical software remains installed)

    • Automated backups and their scheduling using scripts

  • Logs and log management

    • Logs are receipts of system activity; important for functionality, troubleshooting, and security (audit trail)

    • Windows log categories

    • Security logs (successful/failed logins, privilege changes)

    • Setup logs (install/upgrade events)

    • System logs (OS-level events)

    • Forwarded events (logs from other machines)

    • Linux log locations

    • Logs stored under /var/log (with flavor-based variations across Debian-based vs Red Hat-based distros)

    • Debian-based (e.g., Ubuntu) may place system events in /var/log/syslog or /var/log/kern.log; prong jobs results in /var/log/cron or equivalent

    • Log management tools

    • Log viewers (simpler): Loggly, Log Viewer, GoAccess, less common LOS viewers

    • SIEM tools (more advanced): Splunk, Graylog, ArcSight, LogRhythm, SolarWinds, etc.

  • SIEM vs log viewing tools

    • Log viewers collect and present logs from various sources; provide search, merge, sort, and filter capabilities

    • SIEM tools collect logs, store them in a database, analyze them, and provide powerful querying capabilities (e.g., Splunk’s own search language)

    • SIEM tools can ingest data from computing devices, firewalls, anti-virus, network devices, and mobile devices; designed for centralized security analytics

  • Practical implications and ethics

    • Security trade-offs when considering cloud backups (cost, security controls, and control over data location)

    • Caution using AI tools for scripting: avoid exposing sensitive org data to public AI services; consider internal/enterprise AI solutions for custom scripts

    • Centralization (single pane of glass) improves admin efficiency but requires robust access controls and monitoring

  • Takeaways for exam preparation

    • Understand the difference between foreground and background processes, and the role of periodic processes

    • Know how Task Scheduler and Cron operate, how to interpret cron syntax, and how to implement automation safely (attended vs unattended)

    • Grasp backup fundamentals: purpose, redundancy vs backup, on-prem vs cloud pros/cons, backup types (full, incremental, differential), and the importance of testing restores

    • Recognize log management concepts: log types, locations, and the difference between log viewing tools and SIEM solutions

    • Familiarity with Splunk basics and why it’s valuable in enterprise environments, including certification pathways and practical lab expectations