Visit our newest sister site!
Hundreds of free aircraft flight manuals
Civilian • Historical • Military • Declassified • FREE!

TUCoPS :: Unix :: General :: logging.txt

Introduction to the Logfiles in a Unix System

|-------------------=MAXIMIZE your window for best results=-----------------|
|---....Introduction to the Log Files in a Unix System...................---|
| WhiteDevil......................---|
\ Diclaimer: I WhiteDevil cannot be held responsible for any actions you    / 
 \ may do with the information provided in this file, nor nac anyone who   / 
  \ provided you with this information, or any group I am involved in be  /
   \ held responsible for your actions.  This file is strictly for       /
    \ informataional uses only.  If you do decide to use this file for  /
     \ illegal puposes, stop reading now!  By continuing you agree to  /
      \                          these terms!                         /

So What's all this about?

  Ok, I know all you newbies out there are dying to know what the hell to do
to prevent the computer you hacked into from tracking you down.  Well in this
little article all your questions will be answered.  

  What do you think a good admin does once he logs into a system, and things 
seems a bit peculiar and out of the ordinary.  Well if you guessed check all 
the logs, you're dead right.


  Depending on the system of UNIX that you are logged onto will have a 
different directory where it stores log files.  The most common locations are
in the following:

-----/usr/adm  - Earlier versions use this
-----/var/adm  - Newer versions use this location
-----/var/log  - Used by some versions of Solaris, Linux BSD, and Free BSD.
-----/etc      - Most versions of Unix store utmp, and some store the wtmp 
		 here also, along with syslong.conf

  Depending on which directory it's in you should find the following files in
that directory, or maybe a sub. The following is a list of these files, and 
what they do

acct OR pacct   -- Records commands used by every user
access_log	-- For servers running NCSA HTTPD, this
		   log will keep track of what sites
		   have been contacting your server.
aculog		-- Keeps the records of dial-out modems
lastlog		-- Logs each users most recent login, 
		   and sometime the last unsuccessful
loginlog	-- Records bad login attempts
messages	-- Records output to the system's 
		   consol and other messages generated
		   from the syslog facility
security	-- Records instances at which violations
		   of restrictions are attempted using
		   the UUCP system.
sulog		-- Logs use of the su command
utmp		-- Records each user currently logged in.
utmpx		-- Extended utmp
uucp		-- Includes logs of transfers, foreign
		   contacts, and user activity.
vold.log	-- Logs errors encountered with the use
		   of external media.
xferlog		-- Logs FTP access.

Other types of log files-

  There are some other types of log files that don't have a specific title, 
but start with a specific tag.  You might see the following in front of 
something else, which might mean that file is a log. So edit it's ass.

xfer		-- Indicates attempts to make prohibited
		   transfers of files.
rexe		-- Indicates attempts to execute a 
		   command that is not allowed.

  Many other types of logs exist, that are the result of third-party software
, or even that bastard admin who's got his eye on you.  So keep your eye out 
for files you may think are logs.  How? you ask.  Well many admins have the 
tendancy to keep their log files in the same directory to make it better 
organized.  Little do they know their aiding you in your quest for 
dissapearence from their system.  So check out all the files in the directory
where you find the common logs listed above.

  Along with the ordinary log files in a UNIX system, there are also shell
history's, which keep track of every user's actions.  Such a history file
should be edited once you're finished with the system, but be warned of those
sneaky admins.  Some admins will create a hard link to the existing history
file, and to locate the link in a direcotry that is inaccessible to the user.

  Another file you should watch out for is a file that will log the mail for
a specific user.  This file name can vary, or sometimes it can be a part of 
the syslog file.  So now I guess you're wondering about syslog since we have
yet to discuss it.
  Syslog is basically a program that logs certain things to certain files.
To find out where syslog is logging these messages check out the file
syslog.conf and its sercrets shall be revealed. This file can be found in 
the /etc directory.

Wrapping UP

  By now you should be fairly familiar with the Unix logging files.  There
are only a few things I wish to address before I leave you to your hacking.
Do not be lazy on editing log files, for such a characteristic will surely
lead to your ass being found.  Also I forewarn you that most admins will 
check their log files on a fairly regular basis.  If you can somehow find out
when this happens, then you might be able to fool the admin during the time
period when he's wacking off or god knows what, but not checking the logs.
Happy Hacking
	Well that's it.  I hope you enjoyed reading this file, and it helped
you out as much as possible.  Look out for more of my files if you enjoyed
this one. Peace!
(C)1998 WhiteDevil

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2015 AOH