1. 程式人生 > >Linux syslog程序退出日誌審計

Linux syslog程序退出日誌審計

Linux syslog程序退出日誌審計

一、syslog正常關閉

二、syslog正常啟動

 

三、syslog正常重啟

 

四、kill掉sylsog程序(沒有產生任何日誌)

 

 

五、nessus掃描產生的日誌

Jan  9 15:17:36 localhost sshd[4838]: Did not receive identification string from UNKNOWN

Jan  9 15:18:21 localhost sshd[4845]: fatal: Read from socket failed: Connection reset by peer

Jan  9 15:20:56 localhost sshd[4860]: Did not receive identification string from UNKNOWN

Jan  9 15:21:45 localhost sshd[4882]: fatal: Read from socket failed: Connection reset by peer

Jan  9 15:21:46 localhost sshd[4886]: fatal: Read from socket failed: Connection reset by peer

Jan  9 15:21:46 localhost sshd[4883]: Invalid user emailswitch from 192.168.31.27

Jan  9 15:21:46 localhost sshd[4891]: Protocol major versions differ for UNKNOWN: SSH-2.0-OpenSSH_4.3 vs. SSH-9.9-OpenSSH_5.0

Jan  9 15:21:46 localhost sshd[4887]: Invalid user anonymous from 192.168.31.27

Jan  9 15:21:46 localhost sshd[4885]: input_userauth_request: invalid user emailswitch

Jan  9 15:21:46 localhost sshd[4883]: pam_unix(sshd:auth): check pass; user unknown

Jan  9 15:21:46 localhost sshd[4883]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.168.31.27

Jan  9 15:21:46 localhost sshd[4883]: pam_succeed_if(sshd:auth): error retrieving information about user emailswitch

Jan  9 15:21:46 localhost sshd[4888]: input_userauth_request: invalid user anonymous

Jan  9 15:21:46 localhost sshd[4887]: pam_unix(sshd:auth): check pass; user unknown

Jan  9 15:21:46 localhost sshd[4887]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.168.31.27

Jan  9 15:21:46 localhost sshd[4887]: pam_succeed_if(sshd:auth): error retrieving information about user anonymous

Jan  9 15:21:46 localhost sshd[4889]: Invalid user _9hwH87a from 192.168.31.27

Jan  9 15:21:46 localhost sshd[4890]: input_userauth_request: invalid user _9hwH87a

Jan  9 15:21:46 localhost sshd[4889]: pam_unix(sshd:auth): check pass; user unknown

Jan  9 15:21:46 localhost sshd[4889]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.168.31.27

Jan  9 15:21:46 localhost sshd[4889]: pam_succeed_if(sshd:auth): error retrieving information about user _9hwH87a

Jan  9 15:21:47 localhost sshd[4892]: Protocol major versions differ for UNKNOWN: SSH-2.0-OpenSSH_4.3 vs. SSH-1.33-OpenSSH_5.0

Jan  9 15:21:48 localhost sshd[4893]: Protocol major versions differ for UNKNOWN: SSH-2.0-OpenSSH_4.3 vs. SSH-1.5-OpenSSH_5.0

Jan  9 15:21:48 localhost sshd[4895]: fatal: Read from socket failed: Connection reset by peer

Jan  9 15:21:49 localhost sshd[4883]: Failed password for invalid user emailswitch from 192.168.31.27 port 62201 ssh2

Jan  9 15:21:49 localhost sshd[4885]: fatal: Read from socket failed: Connection reset by peer

Jan  9 15:21:49 localhost sshd[4887]: Failed password for invalid user anonymous from 192.168.31.27 port 62203 ssh2

Jan  9 15:21:49 localhost sshd[4888]: fatal: Read from socket failed: Connection reset by peer

Jan  9 15:21:49 localhost sshd[4889]: Failed password for invalid user _9hwH87a from 192.168.31.27 port 62204 ssh2

Jan  9 15:21:49 localhost sshd[4890]: fatal: Read from socket failed: Connection reset by peer

Jan  9 15:21:49 localhost sshd[4896]: Invalid user product from 192.168.31.27

Jan  9 15:21:49 localhost sshd[4898]: Invalid user guest from 192.168.31.27

Jan  9 15:21:49 localhost sshd[4899]: input_userauth_request: invalid user guest

Jan  9 15:21:49 localhost sshd[4898]: pam_unix(sshd:auth): check pass; user unknown

Jan  9 15:21:49 localhost sshd[4898]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.168.31.27

Jan  9 15:21:49 localhost sshd[4898]: pam_succeed_if(sshd:auth): error retrieving information about user guest

Jan  9 15:21:49 localhost sshd[4900]: Invalid user VWWjRsTx from 192.168.31.27

Jan  9 15:21:49 localhost sshd[4902]: Invalid user n3ssus from 192.168.31.27

Jan  9 15:21:49 localhost sshd[4903]: input_userauth_request: invalid user n3ssus

Jan  9 15:21:49 localhost sshd[4902]: pam_unix(sshd:auth): check pass; user unknown

Jan  9 15:21:49 localhost sshd[4902]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.168.31.27

Jan  9 15:21:49 localhost sshd[4902]: pam_succeed_if(sshd:auth): error retrieving information about user n3ssus

Jan  9 15:21:49 localhost sshd[4905]: fatal: Read from socket failed: Connection reset by peer

Jan  9 15:21:50 localhost sshd[4907]: fatal: Read from socket failed: Connection reset by peer

Jan  9 15:21:51 localhost sshd[4898]: Failed password for invalid user guest from 192.168.31.27 port 62236 ssh2

Jan  9 15:21:51 localhost sshd[4899]: fatal: Read from socket failed: Connection reset by peer

Jan  9 15:21:51 localhost sshd[4902]: Failed password for invalid user n3ssus from 192.168.31.27 port 62238 ssh2

Jan  9 15:21:51 localhost sshd[4903]: fatal: Read from socket failed: Connection reset by peer

Jan  9 15:21:51 localhost sshd[4909]: fatal: Read from socket failed: Connection reset by peer

Jan  9 15:21:51 localhost sshd[4911]: fatal: Read from socket failed: Connection reset by peer

Jan  9 15:21:51 localhost sshd[4913]: fatal: Read from socket failed: Connection reset by peer

Jan  9 15:21:52 localhost sshd[4914]: Invalid user admin from 192.168.31.27

Jan  9 15:21:52 localhost sshd[4915]: input_userauth_request: invalid user admin

Jan  9 15:21:52 localhost sshd[4914]: pam_unix(sshd:auth): check pass; user unknown

Jan  9 15:21:52 localhost sshd[4914]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.168.31.27

Jan  9 15:21:52 localhost sshd[4914]: pam_succeed_if(sshd:auth): error retrieving information about user admin

Jan  9 15:21:54 localhost sshd[4897]: input_userauth_request: invalid user product

Jan  9 15:21:54 localhost sshd[4896]: pam_unix(sshd:auth): check pass; user unknown

Jan  9 15:21:54 localhost sshd[4896]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.168.31.27

Jan  9 15:21:54 localhost sshd[4896]: pam_succeed_if(sshd:auth): error retrieving information about user product

Jan  9 15:21:54 localhost sshd[4901]: input_userauth_request: invalid user VWWjRsTx

Jan  9 15:21:54 localhost sshd[4901]: fatal: Read from socket failed: Connection reset by peer

Jan  9 15:21:54 localhost sshd[4914]: Failed password for invalid user admin from 192.168.31.27 port 62275 ssh2

Jan  9 15:21:54 localhost sshd[4915]: fatal: Read from socket failed: Connection reset by peer

Jan  9 15:21:55 localhost sshd[4916]: Invalid user admin from 192.168.31.27

Jan  9 15:21:55 localhost sshd[4917]: input_userauth_request: invalid user admin

Jan  9 15:21:55 localhost sshd[4916]: pam_unix(sshd:auth): check pass; user unknown

Jan  9 15:21:55 localhost sshd[4916]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.168.31.27

Jan  9 15:21:55 localhost sshd[4916]: pam_succeed_if(sshd:auth): error retrieving information about user admin

Jan  9 15:21:55 localhost sshd[4920]: Invalid user guest from 192.168.31.27

Jan  9 15:21:55 localhost sshd[4923]: fatal: Read from socket failed: Connection reset by peer

Jan  9 15:21:55 localhost sshd[4918]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.168.31.27  user=root

Jan  9 15:21:56 localhost sshd[4896]: Failed password for invalid user product from 192.168.31.27 port 62234 ssh2

Jan  9 15:21:56 localhost sshd[4897]: fatal: Read from socket failed: Connection reset by peer

Jan  9 15:21:56 localhost sshd[4926]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.168.31.27  user=root

Jan  9 15:21:57 localhost sshd[4926]: Failed password for root from 192.168.31.27 port 62305 ssh2

Jan  9 15:21:57 localhost sshd[4927]: fatal: Read from socket failed: Connection reset by peer

Jan  9 15:21:57 localhost sshd[4916]: Failed password for invalid user admin from 192.168.31.27 port 62296 ssh2

Jan  9 15:21:57 localhost sshd[4917]: fatal: Read from socket failed: Connection reset by peer

Jan  9 15:21:57 localhost sshd[4929]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.168.31.27  user=root

Jan  9 15:21:57 localhost sshd[4931]: Invalid user admin from 192.168.31.27

Jan  9 15:21:57 localhost sshd[4918]: Failed password for root from 192.168.31.27 port 62297 ssh2

Jan  9 15:21:57 localhost sshd[4919]: fatal: Read from socket failed: Connection reset by peer

Jan  9 15:21:57 localhost sshd[4932]: input_userauth_request: invalid user admin

Jan  9 15:21:58 localhost sshd[4931]: pam_unix(sshd:auth): check pass; user unknown

Jan  9 15:21:58 localhost sshd[4931]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.168.31.27

Jan  9 15:21:58 localhost sshd[4931]: pam_succeed_if(sshd:auth): error retrieving information about user admin

Jan  9 15:21:59 localhost sshd[4929]: Failed password for root from 192.168.31.27 port 62319 ssh2

Jan  9 15:21:59 localhost sshd[4930]: fatal: Read from socket failed: Connection reset by peer

Jan  9 15:21:59 localhost sshd[4934]: Invalid user admin1 from 192.168.31.27

Jan  9 15:21:59 localhost sshd[4935]: input_userauth_request: invalid user admin1

Jan  9 15:21:59 localhost sshd[4934]: pam_unix(sshd:auth): check pass; user unknown

Jan  9 15:21:59 localhost sshd[4934]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.168.31.27

Jan  9 15:21:59 localhost sshd[4934]: pam_succeed_if(sshd:auth): error retrieving information about user admin1

Jan  9 15:22:00 localhost sshd[4931]: Failed password for invalid user admin from 192.168.31.27 port 62320 ssh2

Jan  9 15:22:00 localhost sshd[4932]: fatal: Read from socket failed: Connection reset by peer

Jan  9 15:22:00 localhost sshd[4936]: Invalid user Jh_Z_Oa0 from 192.168.31.27

Jan  9 15:22:00 localhost sshd[4937]: input_userauth_request: invalid user Jh_Z_Oa0

Jan  9 15:22:00 localhost sshd[4936]: pam_unix(sshd:auth): check pass; user unknown

Jan  9 15:22:00 localhost sshd[4936]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.168.31.27

Jan  9 15:22:00 localhost sshd[4936]: pam_succeed_if(sshd:auth): error retrieving information about user Jh_Z_Oa0

Jan  9 15:22:00 localhost sshd[4938]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.168.31.27  user=root

Jan  9 15:22:00 localhost sshd[4922]: input_userauth_request: invalid user guest

Jan  9 15:22:00 localhost sshd[4922]: fatal: Read from socket failed: Connection reset by peer

Jan  9 15:22:01 localhost sshd[4934]: Failed password for invalid user admin1 from 192.168.31.27 port 62334 ssh2

Jan  9 15:22:01 localhost sshd[4935]: fatal: Read from socket failed: Connection reset by peer

Jan  9 15:22:01 localhost sshd[4940]: Invalid user shelladmin from 192.168.31.27

Jan  9 15:22:01 localhost sshd[4941]: input_userauth_request: invalid user shelladmin

Jan  9 15:22:01 localhost sshd[4940]: pam_unix(sshd:auth): check pass; user unknown

Jan  9 15:22:01 localhost sshd[4940]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.168.31.27

Jan  9 15:22:01 localhost sshd[4940]: pam_succeed_if(sshd:auth): error retrieving information about user shelladmin

Jan  9 15:22:02 localhost sshd[4936]: Failed password for invalid user Jh_Z_Oa0 from 192.168.31.27 port 62336 ssh2

Jan  9 15:22:02 localhost sshd[4937]: fatal: Read from socket failed: Connection reset by peer

Jan  9 15:22:02 localhost sshd[4938]: Failed password for root from 192.168.31.27 port 62349 ssh2

Jan  9 15:22:02 localhost sshd[4939]: fatal: Read from socket failed: Connection reset by peer

Jan  9 15:22:02 localhost sshd[4942]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.168.31.27  user=root

Jan  9 15:22:03 localhost sshd[4940]: Failed password for invalid user shelladmin from 192.168.31.27 port 62356 ssh2

Jan  9 15:22:03 localhost sshd[4941]: fatal: Read from socket failed: Connection reset by peer

Jan  9 15:22:04 localhost sshd[4942]: Failed password for root from 192.168.31.27 port 62359 ssh2

Jan  9 15:22:04 localhost sshd[4943]: fatal: Read from socket failed: Connection reset by peer

Jan  9 15:22:05 localhost sshd[4951]: Invalid user manage from 192.168.31.27

Jan  9 15:22:05 localhost sshd[4953]: input_userauth_request: invalid user manage

Jan  9 15:22:05 localhost sshd[4951]: pam_unix(sshd:auth): check pass; user unknown

Jan  9 15:22:05 localhost sshd[4951]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.168.31.27

Jan  9 15:22:05 localhost sshd[4951]: pam_succeed_if(sshd:auth): error retrieving information about user manage

Jan  9 15:22:06 localhost sshd[4924]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.168.31.27  user=root

Jan  9 15:22:07 localhost sshd[4951]: Failed password for invalid user manage from 192.168.31.27 port 62440 ssh2

Jan  9 15:22:07 localhost sshd[4953]: fatal: Read from socket failed: Connection reset by peer

Jan  9 15:22:07 localhost sshd[4960]: Invalid user monitor from 192.168.31.27

Jan  9 15:22:07 localhost sshd[4961]: input_userauth_request: invalid user monitor

Jan  9 15:22:07 localhost sshd[4960]: pam_unix(sshd:auth): check pass; user unknown

Jan  9 15:22:07 localhost sshd[4960]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.168.31.27

Jan  9 15:22:07 localhost sshd[4960]: pam_succeed_if(sshd:auth): error retrieving information about user monitor

Jan  9 15:22:07 localhost sshd[4924]: Failed password for root from 192.168.31.27 port 62304 ssh2

Jan  9 15:22:07 localhost sshd[4925]: fatal: Read from socket failed: Connection reset by peer

Jan  9 15:22:09 localhost sshd[4960]: Failed password for invalid user monitor from 192.168.31.27 port 62543 ssh2

Jan  9 15:22:09 localhost sshd[4961]: fatal: Read from socket failed: Connection reset by peer

Jan  9 15:22:09 localhost sshd[4974]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.168.31.27  user=ftp

Jan  9 15:22:11 localhost sshd[4985]: Invalid user admin from 192.168.31.27

Jan  9 15:22:11 localhost sshd[4986]: input_userauth_request: invalid user admin

Jan  9 15:22:11 localhost sshd[4985]: pam_unix(sshd:auth): check pass; user unknown

Jan  9 15:22:11 localhost sshd[4985]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.168.31.27

Jan  9 15:22:11 localhost sshd[4985]: pam_succeed_if(sshd:auth): error retrieving information about user admin

Jan  9 15:22:11 localhost sshd[4974]: Failed password for ftp from 192.168.31.27 port 62697 ssh2

Jan  9 15:22:11 localhost sshd[4975]: fatal: Read from socket failed: Connection reset by peer

Jan  9 15:22:13 localhost sshd[4985]: Failed password for invalid user admin from 192.168.31.27 port 62820 ssh2

Jan  9 15:22:13 localhost sshd[4986]: fatal: Read from socket failed: Connection reset by peer

Jan  9 15:22:13 localhost sshd[5009]: Did not receive identification string from UNKNOWN

Jan  9 15:22:14 localhost sshd[5015]: Invalid user cisco from 192.168.31.27

Jan  9 15:22:14 localhost sshd[5016]: input_userauth_request: invalid user cisco

Jan  9 15:22:15 localhost sshd[5015]: pam_unix(sshd:auth): check pass; user unknown

Jan  9 15:22:15 localhost sshd[5015]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.168.31.27

Jan  9 15:22:15 localhost sshd[5015]: pam_succeed_if(sshd:auth): error retrieving information about user cisco

Jan  9 15:22:15 localhost sshd[5017]: Invalid user __user from 192.168.31.27

Jan  9 15:22:16 localhost sshd[5015]: Failed password for invalid user cisco from 192.168.31.27 port 63129 ssh2

Jan  9 15:22:16 localhost sshd[5016]: fatal: Read from socket failed: Connection reset by peer

Jan  9 15:22:17 localhost sshd[5023]: Invalid user Cisco from 192.168.31.27

Jan  9 15:22:17 localhost sshd[5024]: input_userauth_request: invalid user Cisco

Jan  9 15:22:17 localhost sshd[5023]: pam_unix(sshd:auth): check pass; user unknown

Jan  9 15:22:17 localhost sshd[5023]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.168.31.27

Jan  9 15:22:17 localhost sshd[5023]: pam_succeed_if(sshd:auth): error retrieving information about user Cisco

Jan  9 15:22:19 localhost sshd[5023]: Failed password for invalid user Cisco from 192.168.31.27 port 63226 ssh2

Jan  9 15:22:19 localhost sshd[5024]: fatal: Read from socket failed: Connection reset by peer

Jan  9 15:22:19 localhost sshd[5030]: Invalid user  from 192.168.31.27

Jan  9 15:22:19 localhost sshd[5031]: input_userauth_request: invalid user

Jan  9 15:22:19 localhost sshd[5031]: fatal: Read from socket failed: Connection reset by peer

Jan  9 15:22:20 localhost sshd[5040]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.168.31.27  user=root

Jan  9 15:22:22 localhost sshd[5040]: Failed password for root from 192.168.31.27 port 63387 ssh2

Jan  9 15:22:22 localhost sshd[5041]: fatal: Read from socket failed: Connection reset by peer

Jan  9 15:22:22 localhost sshd[5053]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.168.31.27  user=root

Jan  9 15:22:24 localhost sshd[5053]: Failed password for root from 192.168.31.27 port 63413 ssh2

Jan  9 15:22:24 localhost sshd[5054]: fatal: Read from socket failed: Connection reset by peer

Jan  9 15:22:25 localhost sshd[5018]: input_userauth_request: invalid user __user

Jan  9 15:22:25 localhost sshd[5017]: pam_unix(sshd:auth): check pass; user unknown

Jan  9 15:22:25 localhost sshd[5017]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.168.31.27

Jan  9 15:22:25 localhost sshd[5017]: pam_succeed_if(sshd:auth): error retrieving information about user __user

Jan  9 15:22:27 localhost sshd[5017]: Failed password for invalid user __user from 192.168.31.27 port 63140 ssh2

Jan  9 15:22:27 localhost sshd[5018]: fatal: Read from socket failed: Connection reset by peer

Jan  9 15:22:27 localhost sshd[5108]: Invalid user __super from 192.168.31.27

Jan  9 15:22:27 localhost sshd[5109]: input_userauth_request: invalid user __super

Jan  9 15:22:27 localhost sshd[5108]: pam_unix(sshd:auth): check pass; user unknown

Jan  9 15:22:27 localhost sshd[5108]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.168.31.27

Jan  9 15:22:27 localhost sshd[5108]: pam_succeed_if(sshd:auth): error retrieving information about user __super

Jan  9 15:22:29 localhost sshd[5108]: Failed password for invalid user __super from 192.168.31.27 port 63566 ssh2

Jan  9 15:22:29 localhost sshd[5109]: fatal: Read from socket failed: Connection reset by peer

Jan  9 15:23:12 localhost sshd[5670]: fatal: Read from socket failed: Connection reset by peer

Jan  9 15:23:12 localhost sshd[5675]: fatal: Read from socket failed: Connection reset by peer

Jan  9 15:23:12 localhost sshd[5678]: fatal: Read from socket failed: Connection reset by peer

Jan  9 15:23:13 localhost sshd[5680]: fatal: Read from socket failed: Connection reset by peer

Jan  9 15:23:18 localhost sshd[5682]: fatal: Read from socket failed: Connection reset by peer

Jan  9 15:23:18 localhost sshd[5694]: fatal: Read from socket failed: Connection reset by peer

Jan  9 15:23:18 localhost sshd[5697]: fatal: Read from socket failed: Connection reset by peer

Jan  9 15:23:18 localhost sshd[5699]: fatal: Read from socket failed: Connection reset by peer

Jan  9 15:23:18 localhost sshd[5700]: Invalid user vagrant from 192.168.31.27

Jan  9 15:23:19 localhost sshd[5701]: input_userauth_request: invalid user vagrant

Jan  9 15:23:19 localhost sshd[5701]: fatal: Read from socket failed: Connection reset by peer

 

六、進行history命令記錄清理

1、修改 /etc/profile 將 HISTSIZE=1000改成0或1

清除使用者home路徑下 bash_history

 

2、立即清空history當前歷史命令的記錄

history –c

 

3、bash執行命令時不是馬上把命令名稱寫入history檔案的,二是放在內部的buffer中,等bash退出時會一併寫入。不過呼叫history –w命令要求bash立即更新history檔案。

history –w

 

七、介紹一款清理入侵痕跡工具——logtamper

注意使用logtamper,只能清除日誌痕跡,而且主要針對utmp,wtmp,lastlog。而事實上,linux系統重要的會留下你的痕跡的日誌有:lastlog、utmp、wtmp、message、syslog、sulog以及各種shell記錄使用者使用命令歷史(history)

logtamper是一款*修改*linux日誌的工具,在修改日誌檔案的同時,能夠保留被修改檔案的時間資訊。