Home >Operation and Maintenance >Linux Operation and Maintenance >What is the way to clean traces on windows and linux?
What is the way to clean traces on windows and linux?
- WBOYforward
- 2023-05-19 19:17:061301browse
1. Overview:
After the penetration is completed, in order to reduce the probability of discovery and traceability, the attacker must clear his or her attack traces.
2. Windows
Manually delete logs when you have remote desktop permissions:
开始-程序-管理工具-计算机管理-系统工具-事件查看器-清除日志
Wevtutil tool command line clearing:
wevtutil el 列出系统中所有日志名称 wevtutil cl system 清理系统日志 wevtutil cl application 清理应用程序日志 wevtutil cl security 清理安全日志
Meterperter comes with a clear log function:
clearev 清除windows中的应用程序日志、系统日志、安全日志
Clear recent:
或直接打开C:\Users\Administrator\Recent并删除所有内容 或在命令行中输入del /f /s /q “%userprofile%\Recent*.*
3. linux
Clear command history
histroy -r #删除当前会话历史记录 history -c #删除内存中的所有命令历史 rm .bash_history #删除历史文件中的内容 HISTZISE=0
Execute commands in a hidden location , use vim to open the file and execute the command:
:set history=0 :!command
Linux log file
/var/run/utmp 记录现在登入的用户 /var/log/wtmp 记录用户所有的登入和登出 /var/log/lastlog 记录每一个用户最后登入时间 /var/log/btmp 记录错误的登入尝试 /var/log/auth.log 需要身份确认的操作 /var/log/secure 记录安全相关的日志信息 /var/log/maillog 记录邮件相关的日志信息 /var/log/message 记录系统启动后的信息和错误日志 /var/log/cron 记录定时任务相关的日志信息 /var/log/spooler 记录UUCP和news设备相关的日志信息 /var/log/boot.log 记录守护进程启动和停止相关的日志消息
Completely delete the log file
cat /dev/null > filename : > filename > filename echo "" > filename echo > filename
Targeted deletion of the log file
删除当天日志 sed -i '/当天日期/'d filename
Tamper with the log File
将所有170.170.64.17ip替换为127.0.0.1 sed -i 's/170.170.64.17/127.0.0.1/g'
One-click clearing script:
#!/usr/bin/bash echo > /var/log/syslog echo > /var/log/messages echo > /var/log/httpd/access_log echo > /var/log/httpd/error_log echo > /var/log/xferlog echo > /var/log/secure echo > /var/log/auth.log echo > /var/log/user.log echo > /var/log/wtmp echo > /var/log/lastlog echo > /var/log/btmp echo > /var/run/utmp rm ~/./bash_history history -c
The above is the detailed content of What is the way to clean traces on windows and linux?. For more information, please follow other related articles on the PHP Chinese website!