Chapter 11 Phase 5: Covering Tracks and Hiding

Altering System Logs in Unix

¨Unix log files are stored in files specified in /etc/syslog.conf (eg. /var/adm/messages) ¨Attackers can alter log files via editors such as vi or emacs