[logs] How to log - commands and file access
Anton Chuvakin
anton at chuvakin.org
Mon Nov 12 20:07:00 PST 2007
> Concerning BASH logging, I have found a bash "syslog version" :
If you are resorting to stealth logging, I won't do logging bash
(google for a version I modified for Honeynet use, for example), but
just go kernel-level with sebek, which is a modern Honeynet tool to
accomplish the same.
Now, the above is NOT an endorsement of "stealth logging" even though
sometimes it is pretty useful (see e.g. see this discussion
http://chuvakin.blogspot.com/2007/11/protecting-logs-from-admins-lost-battle.html)
--
Anton Chuvakin, Ph.D., GCIA, GCIH, GCFA
http://www.chuvakin.org
http://chuvakin.blogspot.com
http://www.info-secure.org
More information about the LogAnalysis
mailing list