Before video started I deleted all files associated with this assignment. Then ran REMOVES ALL OF THE RULES ASSOCIATED WITH THE DIRECTORY ``` sudo auditctl -R /home/code-path/project2-main/ ``` At 1 second ``` wget https://github.com/codepath/project2/archive/main.zip ``` At 2 second ``` unzip main.zip ``` At 3- 9 second ``` chmod u+x attack-a ``` ``` chmod u+x attack-b ``` ``` chmod u+x attack-c ``` At 10-23 second **( YOU WILL NEED TO PRESS ENTER TO RUN THE LAST CMD)** ``` sudo auditctl -w /home/codepath/project2-main/protected_files/car_sales.txt -p wa -k car_sales sudo auditctl -w /home/codepath/project2-main/protected_files/cloudia.txt -p wa -k cloudia sudo auditctl -w /home/codepath/project2-main/protected_files/dolly.txt -p wa -k dolly sudo auditctl -w /home/codepath/project2-main/protected_files/earthquakes.csv -p wa -k earthquakes sudo auditctl -w /home/codepath/project2-main/protected_files/loggy.txt -p wa -k loggy sudo auditctl -w /home/codepath/project2-main/protected_files/oakley.txt -p wa -k oakley sudo auditctl -w /home/codepath/project2-main/protected_files/precipitation.csv -p wa -k precipitation sudo auditctl -w /home/codepath/project2-main/protected_files/squeaky.txt -p wa -k squeaky sudo auditctl -w /home/codepath/project2-main/protected_files/tosty.txt -p wa -k tosty sudo auditctl -w /home/codepath/project2-main/protected_files/website.js -p wa -k website ``` At 24 second **Verify that the audit rule has been added successfully** ``` sudo auditctl -l ``` **Run the attack scripts At 32 second** ``` ./attack-a ./attack-b ./attack-c ``` At 35 seconds **till the end is where Use event log filtering techniques to identify which attack changed** ``` sudo ausearch -k car_sales ``` ``` sudo ausearch -k cloudia ``` *and the rest of the file key as well* ### Questions #### please post in the help channel :) Good Luck!!!!