OSCP
Search…
Cover your tracks

On Linux

Log files

/etc/syslog.conf
In this file you can read all the logs that syslog log.
On linux systems a lot of logs are stored in:
1
/var/logs
Copied!
For example:
1
/var/log/messages
Copied!
Here you have failed and successful login attempts. SSH, SUDO, and much more.
1
/var/log/auth.log
Copied!

Apache

1
/var/log/apache2/access.log
2
/var/log/apache2/error.log
Copied!
Remove your own ip like this
1
grep -v '<src-ip-address>' /path/to/access_log > a && mv a /path/to/access_log
Copied!
What it does is simply to copy all lines except the lines that contain your IP-address. And then move them, and them move them back again.
1
grep -v <entry-to-remove> <logfile> > /tmp/a ; mv /tmp/a <logfile> ; rm -f /tmp/a
Copied!

UTMP and WTMP

These logs are not stored in plaintext but instead as binaries. Which makes it a bit harder to clear.
1
who
Copied!
1
last
Copied!
1
lastlog
Copied!

Command history

All your commands are also stored.
1
echo $HISTFILE
2
echo $HISTSIZE
Copied!
You can set your file-size like this to zero, to avoid storing commands.
1
export HISTSIZE=0
Copied!
If you set it when you get shell you won't have to worry about cleaning up the history.

Shred files

Shredding files lets you remove files in a more secure way.
1
shred -zu filename
Copied!

On windows