The Logging System
119
So,
to stop the logging daemon, you could simply enter the following
command:
kali >
service rsyslog stop
Now Linux will stop generating any log
files until the service is
restarted, enabling you to operate without leaving behind any evidence
in the log files!
Summary
Log files track nearly everything that happens on your Linux system. They
can be an invaluable resource in trying
to analyze what has occurred,
whether it be a malfunction or a hack. For the hacker, log files can be evi
dence of their activities and identity. However,
an astute hacker can remove
and shred these files and disable logging entirely,
thus leaving no evidence
behind.
E XERCISES
Before you move on to Chapter 12, try out the skills you learned from this chapter
by completing the following exercises:
1. Use the locate command to find all the rsyslog files.
2.
Open the rsyslog.conf file and change your log rotation to one week.
3. Disable logging on your system. Investigate what is logged in the file
/var/log/syslog when you disable logging.
4. Use the shred command to shred and delete all your kern log files.
