Question

Charles wants to detect port scans using syslog so that he can collect and report on the information using his SIEM. If he is using a default CentOS system, what should he do?

A. Search for use of privileged ports in sequential order.
B. Search for connections to ports in the /var/syslog directory.
C. Log all kernel messages to detect scans.
D. Install additional tools that can detect scans and send the logs to syslog

Answer 1

To detect port scans using syslog on a default CentOS system, Charles should choose option C: Log all kernel messages to detect scans.

Step-by-step explanation:

Configuring the system to log all kernel messages is a common approach to detect port scans. In CentOS, syslog is the default logging service. By configuring syslog to capture kernel messages, Charles can monitor and analyze network activity. Port scans often generate patterns in kernel messages that can be indicative of scanning activities. The syslog data can then be collected and reported using a Security Information and Event Management (SIEM) system for further analysis and correlation.

Options A and B are not standard methods for detecting port scans using syslog on CentOS. Option D suggests installing additional tools, which may be effective but is not necessary for achieving Charles' goal in this scenario.

Option C is the answer.