L in u X ba sics for h acke rs g e t t I n g s t a r t e d w I t h


T H E L O G G I N G S Y S T E M


Download 7.3 Mb.
Pdf ko'rish
bet107/115
Sana27.10.2023
Hajmi7.3 Mb.
#1728481
1   ...   103   104   105   106   107   108   109   110   ...   115
Bog'liq
linuxbasicsforhackers

11
T H E L O G G I N G S Y S T E M
For any Linux user, it’s crucial to be know­
ledgeable in the use of the log files. Log 
files store information about events that 
occur when the operating system and applica­
tions are run, including any errors and security alerts. 
Your system will log information automatically based 
on the series of rules that I will show you how to con­
figure in this chapter.
As a hacker, the log files can be a trail to your target’s activities and 
identity. But it can also be a trail to your own activities on someone else’s 
system. A hacker therefore needs to know what information they can gather, 
as well as what can be gathered about their own actions and methods in 
order to hide that evidence.
On the other side, anyone securing Linux systems needs to know how 
to manage the logging functions to determine whether a system has been 
attacked and then decipher what actually happened and who did it.


112
Chapter 11
This chapter shows you how to examine and configure log files, as well 
as how to remove evidence of your activity and even disable logging alto­
gether. First, we’ll look at the daemon that does the logging.
The rsyslog Logging Daemon
Linux uses a daemon called 
syslogd
to automatically log events on your com­
puter. Several variations of 
syslog
, including 
rsyslog
and 
syslog-ng
, are used 
on different distributions of Linux, and even though they operate very simi­
larly, some minor differences exist. Since Kali Linux is built on Debian, and 
Debian comes with 
rsyslog
by default, we focus on that utility in this chap­
ter. If you want to use other distributions, it’s worth doing a little research 
on their logging systems.
Let’s take a look at 
rsyslog
on your system. We’ll search for all files 
related to 
rsyslog
. First, open a terminal in Kali and enter the following:
kali >locate rsyslog
/etc/rsyslog.conf
/etc/rsyslog.d
/etc/default/rsyslog
/etc/init.d/rsyslog
/etc/logcheck/ignore.d.server/rsyslog
/etc/logrotate.d/rsyslog
/etc/rc0.d/K04rsyslog
--snip--
As you can see, numerous files contain the keyword 
rsyslog
—some of 
which are more useful than others. The one we want to examine is the con­
figuration file rsyslog.conf.

Download 7.3 Mb.

Do'stlaringiz bilan baham:
1   ...   103   104   105   106   107   108   109   110   ...   115




Ma'lumotlar bazasi mualliflik huquqi bilan himoyalangan ©fayllar.org 2024
ma'muriyatiga murojaat qiling