<aside> 💡 Logs
</aside>
File | syslog |
---|---|
Location | /var/log/syslog/var/log/messages |
Contents | Execution of cron jobsExecution of services |
File | access.log |
---|---|
Location | /var/log/apache2/access.log/var/log/nginx/access.log |
Contents | Web requests |
File | auth.log |
---|---|
Location | /var/log/auth.log/var/log/secure |
Contents | Logon eventsUser creation eventsGroup eventsUser change events |
File | logins and log |
---|---|
Location | /var/log/wtmp - All valid past logins |
/var/log/lastlog - Last login for each user | |
/var/log/btmp - All bad logins | |
/var/run/utmp - All current logins | |
/var/log/* - Various logs | |
Contents | Last logon information |
File | bash_history |
---|---|
Location | ~/.bash_history |
Contents | Executed commands through terminal |
File | passwd; shadow |
---|---|
Location | /etc/passwd |
/etc/shadow | |
/etc/group | |
/etc/sudoers | |
Contents | user list |
<aside> 💡 detection and analysis
</aside>
copyleft aldosimon.com