Linux Cheat Sheet | Notion

Untitled

<aside> 💡 Logs

</aside>

File	syslog
Location	/var/log/syslog/var/log/messages
Contents	Execution of cron jobsExecution of services

File	access.log
Location	/var/log/apache2/access.log/var/log/nginx/access.log
Contents	Web requests

File	auth.log
Location	/var/log/auth.log/var/log/secure
Contents	Logon eventsUser creation eventsGroup eventsUser change events

File	logins and log
Location	/var/log/wtmp - All valid past logins
/var/log/lastlog - Last login for each user
/var/log/btmp - All bad logins
/var/run/utmp - All current logins
/var/log/* - Various logs
Contents	Last logon information

File	bash_history
Location	~/.bash_history
Contents	Executed commands through terminal

File	passwd; shadow
Location	/etc/passwd
/etc/shadow
/etc/group
/etc/sudoers
Contents	user list

<aside> 💡 detection and analysis

</aside>

user and group related.
process and network
persistence
commonly targeted directory → check time of attack/ breach compare with files/dir in these.
suspicious files and dir
command line history

copyleft aldosimon.com