___________________________________________________________________________ |-------------------=MAXIMIZE your window for best results=-----------------| |---------------------------------------------------------------------------| |---------------------------------------------------------------------------| |---....Introduction to the Log Files in a Unix System...................---| |---.....................................................................---| |---..................................by WhiteDevil......................---| |---.....................................................................---| |---.....................................................................---| |---------------------------------------------------------------------------| |---------------------------------------------------------------------------| \ Diclaimer: I WhiteDevil cannot be held responsible for any actions you / \ may do with the information provided in this file, nor nac anyone who / \ provided you with this information, or any group I am involved in be / \ held responsible for your actions. This file is strictly for / \ informataional uses only. If you do decide to use this file for / \ illegal puposes, stop reading now! By continuing you agree to / \ these terms! / \*************************************************************/ \***********************************************************/ -=-=-=-=-=-=-=-=-=-=-=-=- So What's all this about? -=-=-=-=-=-=-=-=-=-=-=-=- Ok, I know all you newbies out there are dying to know what the hell to do to prevent the computer you hacked into from tracking you down. Well in this little article all your questions will be answered. What do you think a good admin does once he logs into a system, and things seems a bit peculiar and out of the ordinary. Well if you guessed check all the logs, you're dead right. -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- OK SO WHERE THE HELL ARE THE LOG FILES? -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Depending on the system of UNIX that you are logged onto will have a different directory where it stores log files. The most common locations are in the following: -----/usr/adm - Earlier versions use this -----/var/adm - Newer versions use this location -----/var/log - Used by some versions of Solaris, Linux BSD, and Free BSD. -----/etc - Most versions of Unix store utmp, and some store the wtmp here also, along with syslong.conf Depending on which directory it's in you should find the following files in that directory, or maybe a sub. The following is a list of these files, and what they do acct OR pacct -- Records commands used by every user access_log -- For servers running NCSA HTTPD, this log will keep track of what sites have been contacting your server. aculog -- Keeps the records of dial-out modems lastlog -- Logs each users most recent login, and sometime the last unsuccessful login loginlog -- Records bad login attempts messages -- Records output to the system's consol and other messages generated from the syslog facility security -- Records instances at which violations of restrictions are attempted using the UUCP system. sulog -- Logs use of the su command utmp -- Records each user currently logged in. utmpx -- Extended utmp uucp -- Includes logs of transfers, foreign contacts, and user activity. vold.log -- Logs errors encountered with the use of external media. xferlog -- Logs FTP access. -=-=-=-=-=-=-=-=-=-=-=-=- Other types of log files- -=-=-=-=-=-=-=-=-=-=-=-=- There are some other types of log files that don't have a specific title, but start with a specific tag. You might see the following in front of something else, which might mean that file is a log. So edit it's ass. xfer -- Indicates attempts to make prohibited transfers of files. rexe -- Indicates attempts to execute a command that is not allowed. Many other types of logs exist, that are the result of third-party software , or even that bastard admin who's got his eye on you. So keep your eye out for files you may think are logs. How? you ask. Well many admins have the tendancy to keep their log files in the same directory to make it better organized. Little do they know their aiding you in your quest for dissapearence from their system. So check out all the files in the directory where you find the common logs listed above. Along with the ordinary log files in a UNIX system, there are also shell history's, which keep track of every user's actions. Such a history file should be edited once you're finished with the system, but be warned of those sneaky admins. Some admins will create a hard link to the existing history file, and to locate the link in a direcotry that is inaccessible to the user. Another file you should watch out for is a file that will log the mail for a specific user. This file name can vary, or sometimes it can be a part of the syslog file. So now I guess you're wondering about syslog since we have yet to discuss it. Syslog is basically a program that logs certain things to certain files. To find out where syslog is logging these messages check out the file syslog.conf and its sercrets shall be revealed. This file can be found in the /etc directory. -=-=-=-=-=- Wrapping UP -=-=-=-=-=- By now you should be fairly familiar with the Unix logging files. There are only a few things I wish to address before I leave you to your hacking. Do not be lazy on editing log files, for such a characteristic will surely lead to your ass being found. Also I forewarn you that most admins will check their log files on a fairly regular basis. If you can somehow find out when this happens, then you might be able to fool the admin during the time period when he's wacking off or god knows what, but not checking the logs. Happy Hacking -WhiteDevil ***************************************************************************** Well that's it. I hope you enjoyed reading this file, and it helped you out as much as possible. Look out for more of my files if you enjoyed this one. Peace! http://www.gis.net/~whitedvl ***************************************************************************** (C)1998 WhiteDevil All Rights Reserved