Limit Logging from SSH Session
To avoid logging in /var/log/wtmp
ssh [email protected] bash -c /bin/sh
OR
ssh [email protected] bash -i
Finding Writable Directories for your Current User find / -type d -perm -0222 2>/dev/null
/dev/shm
/usr/local/man
/usr/src
Main log files can be identified by viewing
Majority of the log files
Kill bash shell and prevent command writing to .bash_history
Dont save history for shell session, run as your first command when you get on the box
On some distributions adding a leading space will prevent the command from writing
This will only work if the eviromental variable HISTCONTROL is set to ignorespace
Accounting Entries in Unix
Currently logged in users
Distro Dependent
Successful login attempts
Unsuccessful login attempts
Some admins will turn this off so evidence of miss typed password in the username field are not saved
File to show login name, port, and last login time for each user
These are binary files and need special tools in order to edit
/var/log/auth.log
/var/log/syslog
/var/log/messages
/var/spool/mail/root
/var/log/secure
/var/log/cron
/var/log/httpd/access_log*
/var/log/httpd/error_log*
##Dont forget the journel##
Filename
Purpose
auth.log
System authentication and security events
boot.log
A record of boot-related events
dmesg
Kernel-ring buffer events related to device drivers
dpkg.log
Software package-management events
kern.log
Linux kernel events
syslog
A collection of all logs
wtmp
Tracks user sessions (accessed through the who and last commands)
Level
Description
debug
Helpful for debugging
info
Informational
notice
Normal conditions
warn
Conditions requiring warnings
err
Error conditions
crit
Critical conditions
alert
Immediate action required
emerg
System unusable