L in u X ba sics for h acke rs g e t t I n g s t a r t e d w I t h
Download 7.3 Mb. Pdf ko'rish
|
linuxbasicsforhackers
|
Disabling Logging
Another option for covering your tracks is to simply disable logging. When a hacker takes control of a system, they could immediately disable logging to prevent the system from keeping track of their activities. This, of course, requires root privileges. To disable all logging, the hacker could simply stop the rsyslog daemon. Stopping any service in Linux uses the same syntax, shown here (you’ll see more on this in Chapter 12): service servicename start|stop|restart The Logging System 119 So, to stop the logging daemon, you could simply enter the following command: kali >service rsyslog stop Now Linux will stop generating any log files until the service is restarted, enabling you to operate without leaving behind any evidence in the log files! Summary Log files track nearly everything that happens on your Linux system. They can be an invaluable resource in trying to analyze what has occurred, whether it be a malfunction or a hack. For the hacker, log files can be evi dence of their activities and identity. However, an astute hacker can remove and shred these files and disable logging entirely, thus leaving no evidence behind. E XERCISES Before you move on to Chapter 12, try out the skills you learned from this chapter by completing the following exercises: 1. Use the locate command to find all the rsyslog files. 2. Open the rsyslog.conf file and change your log rotation to one week. 3. Disable logging on your system. Investigate what is logged in the file /var/log/syslog when you disable logging. 4. Use the shred command to shred and delete all your kern log files. |
