0x22bb/hacktricks
1
2
Fork 0
mirror of https://github.com/carlospolop/hacktricks.git synced 2023-12-14 19:12:55 +01:00
Code Releases Activity

GitBook: [master] one page modified

Browse source
This commit is contained in:
CPol 2020-12-26 23:48:55 +00:00 committed by gitbook-bot
parent 9ff828d390
commit c2b04f3fef
No known key found for this signature in database
GPG key ID: 07D2180C7B12D0FF
1 changed files with 2 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
forensics/basic-forensics-esp/linux-forensics.md
View file

@ -24,7 +24,7 @@ netstat -rn; route #Routing table
df; mount #Free space and mounted devices
free #Meam and swap space
w #Who is connected
last #Logins
last -Faiwx #Logins
lsmod #What is loaded
cat /etc/passwd #Unexpected data?
cat /etc/shadow #Unexpected data?
@ -192,7 +192,7 @@ Interesting system logons:
* Shows general messages and info regarding the system. Basically a data log of all activity throughout the global system.
* **/var/log/auth.log** \(debian\) ****or **/var/log/secure** \(Redhat\)
* Keep authentication logs for both successful or failed logins, and authentication processes. Storage depends on system type.
* `cat /var/log/auth.log | grep -i "session opened for"`
* `cat /var/log/auth.log | grep -iE "session opened for|accepted password|new session|not in sudoers"`
* **/var/log/boot.log**: start-up messages and boot info.
* **/var/log/maillog** or **var/log/mail.log:** is for mail server logs, handy for postfix, smtpd, or email-related services info running on your server.
* **/var/log/kern.log**: keeps in Kernel logs and warning info. Kernel activity logs \(e.g., dmesg, kern.log, klog\) can show that a particular service crashed repeatedly, potentially indicating that an unstable trojanized version was installed.