log cleaners?
Results 1 to 7 of 7

Thread: log cleaners?

  1. #1
    Junior Member
    Join Date
    Aug 2001
    Posts
    8

    log cleaners?

    hows it going everyone?

    Im running red hat 7 and ive tried using some log cleaners to test to see if they work .They compiled fine and I adjusted the paths in the scripts to point to the appropriate files (/var/log/wtmp & /var/log/lastlog) but when for example zap2 ran it said zap but when I checked the wtmp file the logs of my username were still there.

    Anyone come across this situation, have red hat beaten these cleaners or are these cleaners only valid for some forms of *nix.
    Im fairly sure I used it right!!!
    Attached Files Attached Files
    Share on Google+

  2. #2
    The idea behind, "log cleaners", I think, is ridisulous. This is a UNXI machine, run under permissions. If someone ahs the ability to edit logs for hte sake of removing thier presence, just delete them. Yes, this will cause the sys admin to wonder what happend, but, who cares? If you're there doing something you shouldn't be, you wouldn't have to "clean the logs". Well, back to my original point..
    This wouldn't be a "RedHat" specific thing. GNU creates programs that log in utmp, and wtmp, which is read by the progrma "lastlog". Lastlog not being a log itself, only a program to read them.
    Anyway.. There are more things to worry about than those, try looking for /usr/adm/log, or /var/log/.. You'll find some interesting things to expose yourself with.
    Jason Parker - http://www.o-negative.net
    o-Negative: Information Network
    Share on Google+

  3. #3
    Junior Member
    Join Date
    Aug 2001
    Posts
    18

    Talking

    Of course you can alway delete the log file, then recreate it as a symbolic link to /dev/null. of course the admin will wonder why the log is always empty, and a simple ls -l will tell you its symbolic link. And if they are set for logrotation, then cron should come along, sweep it up, and make a new log file (right?).
    Share on Google+

  4. #4
    Yep.. which will still trigger a response because the admin will be like, "Where the hell is my log for yesterday?". The best thing to do would be to trojan /bin/login with a hacked version of it so that you can login with a certain username that isn't tracked. If you hack /bin/login's source, then you can even make it so none of your processes show up. You were never there, but, yet again, you were. Very interesting concept..
    Jason Parker - http://www.o-negative.net
    o-Negative: Information Network
    Share on Google+

  5. #5
    Junior Member
    Join Date
    Sep 2001
    Posts
    18

    Exclamation /bin/login trojan!

    if the administrator uses logrotation AND tjek his logfiles, he would proberly check (or used automated software) the size and crc of the most (or all) of the importent system programs.
    Share on Google+

  6. #6

    Post

    Whilst on the topic of cleaning logs etc....has anyone else noticed that clicking the clear disk/memory cache butons in Netscape has no affect at all? Im using Red Hat 7.0
    Share on Google+

  7. #7
    Member
    Join Date
    Sep 2001
    Posts
    77
    Most properly configured and secured systems will log locally to the usual files and also log through syslog to another secured log system. Thus, even if you clean up the local files, a complete copy will be available for the admin's use on his secured logging system.

    cheers
    I\'m not a BOT I\'m a beer droid!
    Prepare to be Assimilated.
    Share on Google+

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

 Security News

     Patches

       Security Trends

         How-To

           Buying Guides