1
00:00:00,740 --> 00:00:06,770
For any Linux user, it's a circular to be no knowledgeable in the use of the look files here.

2
00:00:07,190 --> 00:00:12,740
So look was store information about events that occurred when the operating system and applications

3
00:00:12,800 --> 00:00:18,700
are run, so including any errors and security errors, of course.

4
00:00:18,710 --> 00:00:26,930
So your system will log information automatically based on the series of rules that I will show show

5
00:00:27,140 --> 00:00:30,470
you how to configure in this elections.

6
00:00:30,860 --> 00:00:38,510
So I think this lecture will know this section of our Udemy course will be to lecture sexually.

7
00:00:38,930 --> 00:00:46,100
So as a hacker, the log files can be a trail to your target activities and identify identity.

8
00:00:46,850 --> 00:00:53,090
So but it can also be a trail to your own activities on someone else's system.

9
00:00:53,450 --> 00:00:59,860
So a hacker training for needs to know what information they can gather, as well as what can be gathered

10
00:00:59,870 --> 00:01:05,060
about their own actions and the methods in order to hide that evidence here.

11
00:01:05,780 --> 00:01:12,170
So on the other side, an insecure and an annual securing the new systems needs to know how to manage

12
00:01:12,170 --> 00:01:18,590
the logging functions to determine whether a system has been attacked and then decipher what actually

13
00:01:18,590 --> 00:01:21,980
happened and who did it so well.

14
00:01:22,020 --> 00:01:29,900
This, therefore, shows you how to fix a mine and configure log files, as well as how to remove evidence

15
00:01:29,900 --> 00:01:34,160
of your activity and even disable Loading all together.

16
00:01:34,190 --> 00:01:38,930
So first, we will look at the damage that, uh, doesn't uh, does the logging.

17
00:01:40,410 --> 00:01:50,890
So there are six log logging down, so Linux is a Linux user that Diamond called us.

18
00:01:51,060 --> 00:01:52,860
See, you say, look, they're here.

19
00:01:53,430 --> 00:02:01,980
So to automatically log in once on your computer simulation of cease logging coding since launching

20
00:02:01,980 --> 00:02:07,860
here, including our seas, look here and our seas look.

21
00:02:10,020 --> 00:02:18,270
Actually, since log energy here, we have actually so are used on different distributions of Linux,

22
00:02:18,630 --> 00:02:21,900
so were thought they operate very similarly.

23
00:02:21,950 --> 00:02:24,120
And some minor differences exist, of course.

24
00:02:24,540 --> 00:02:32,760
So since color Linux is built on Debian and Debian comes with RCC, look here.

25
00:02:33,030 --> 00:02:37,410
By default, we focus on that to achieve this lecture here.

26
00:02:37,800 --> 00:02:43,830
So if you want to use other distributions, it's what, uh, doing a little research on the old logging

27
00:02:43,830 --> 00:02:44,370
systems.

28
00:02:44,760 --> 00:02:51,720
So let's take a look at our, uh uh, our system, a log on our system here.

29
00:02:51,990 --> 00:02:56,160
We will search for all files related to our seas.

30
00:02:56,160 --> 00:02:59,460
Look here first, open a terminal in Cali and enter here.

31
00:02:59,790 --> 00:03:03,360
Locate our c c look here.

32
00:03:05,640 --> 00:03:11,450
So as you can see, numerous files can contain the key word cease.

33
00:03:11,460 --> 00:03:12,150
Look here.

34
00:03:13,330 --> 00:03:17,170
So, uh, some of which are more useful than others.

35
00:03:18,450 --> 00:03:22,900
Uh, the one we want to examine is the configuration file.

36
00:03:23,250 --> 00:03:28,590
Our seas look confused, so they are this low configuration file.

37
00:03:28,590 --> 00:03:35,850
Like nearly every application in Linux, our log is managed and configured by a plaintext configuration

38
00:03:35,850 --> 00:03:39,750
file located as a as is generally the case on Linux.

39
00:03:40,020 --> 00:03:46,350
So in the ATC Here directory, in the case of, uh, our seas look here.

40
00:03:46,350 --> 00:03:49,620
The configuration file is located at ATC Arceus.

41
00:03:49,620 --> 00:03:54,840
Look that conf uh, and open that file in with any text editor here.

42
00:03:54,840 --> 00:04:00,630
For example, mousepad, um, mousepad ATC.

43
00:04:01,440 --> 00:04:05,850
Uh, our our c c log here that can fill.

44
00:04:07,380 --> 00:04:13,620
And as you can see here, we opened this file, so it's read on, as you can see here, if we want to

45
00:04:13,620 --> 00:04:20,640
change, you should use this system for us was using pseudo command for root right here.

46
00:04:22,230 --> 00:04:22,620
So.

47
00:04:24,280 --> 00:04:27,100
You shall see a text file like that.

48
00:04:27,680 --> 00:04:36,420
Uh, so as you can see there, you see here, then our seats look, uh, that configuration file comes

49
00:04:36,430 --> 00:04:41,500
well documented with, uh, numerous, uh, numerous comments explaining its use.

50
00:04:41,950 --> 00:04:48,430
So much of this information will not be useful to you at this moment, but if you navigate down, believe,

51
00:04:48,760 --> 00:04:52,210
uh, to line here, uh, fifty one.

52
00:04:54,220 --> 00:04:59,740
Or 49 here, you will find the rules here.

53
00:05:00,780 --> 00:05:09,900
As you can see here, uh, so this is where you can set the rules for what your system will automatically

54
00:05:09,900 --> 00:05:10,530
look for you.

55
00:05:10,650 --> 00:05:21,480
So our um, sea slug, uh, logging groups here, then artists, uh, log in their rules, determine

56
00:05:21,480 --> 00:05:23,280
what kind of information is logged.

57
00:05:23,820 --> 00:05:29,980
So you know what programs have their messages logged and where that log is stored as a hacker?

58
00:05:30,000 --> 00:05:34,230
This allows you to find out what is being logged and varied.

59
00:05:34,230 --> 00:05:38,310
Dos logs are written so you can delete or upskill them.

60
00:05:38,790 --> 00:05:41,400
Scroll it, align to.

61
00:05:43,920 --> 00:05:49,680
56 here, and you should see something like this here.

62
00:05:51,390 --> 00:05:56,100
So each line is a separate looking role here.

63
00:05:56,460 --> 00:06:03,780
Uh, that that says what messages are locked and where where, uh, they are locked here.

64
00:06:04,110 --> 00:06:10,770
The basic format for these rules is, for example, um, facility priority here.

65
00:06:11,340 --> 00:06:14,430
And the action here like that.

66
00:06:15,750 --> 00:06:23,310
So the physiologically word references the programs such as such as meal here, as you can see here,

67
00:06:23,310 --> 00:06:29,010
male like Colonel or Ielpi are like this here.

68
00:06:29,850 --> 00:06:31,710
Colonel Ielpi are here.

69
00:06:32,560 --> 00:06:33,270
Uh, so.

70
00:06:35,280 --> 00:06:39,760
And the priority queue, what determines what kind of messages to look for that program?

71
00:06:40,240 --> 00:06:42,610
So the action keyword here.

72
00:06:43,520 --> 00:06:47,240
As you can see here, action and priority, um.

73
00:06:49,400 --> 00:06:56,480
Uh, on the far right here, as you can see here, action keyword here, uh, references the location

74
00:06:56,520 --> 00:06:59,950
where, uh, the log vehicle was sent here.

75
00:06:59,960 --> 00:07:04,640
As you can see, there is there where our logs will be sent.

76
00:07:07,080 --> 00:07:11,190
Let's look at each section more closely beginning there, no course.

77
00:07:11,490 --> 00:07:18,000
So beginning the UM facility, the key word here, as you can see, there is a specific keywords here

78
00:07:18,720 --> 00:07:25,110
and which refers to whatever software is generating the look, whether that's criminal, the mail system

79
00:07:25,110 --> 00:07:26,400
or the user here.

80
00:07:27,380 --> 00:07:33,350
So the following here, as you can see here, is a, for example.

81
00:07:34,840 --> 00:07:43,000
Uh, out of here is, uh, security authorization messages, for example, a Quran here is cloak diamonds

82
00:07:43,660 --> 00:07:44,860
and colonel.

83
00:07:44,860 --> 00:07:46,360
Here is colonel messages.

84
00:07:46,780 --> 00:07:47,590
Uh, diamond.

85
00:07:47,590 --> 00:07:50,700
Here is other diamonds, which stores as you can see.

86
00:07:50,710 --> 00:07:56,620
What a long time I'll look here and I'll pair is means, um, printing system here.

87
00:07:57,100 --> 00:08:03,910
Uh, mail is, as you know, mail, uh, use their mail system here and this is them their generic user

88
00:08:03,910 --> 00:08:05,290
level, uh, here.

89
00:08:06,160 --> 00:08:06,490
So.

90
00:08:08,140 --> 00:08:12,220
You can select more than one facility by listing them separately by coming here.

91
00:08:12,580 --> 00:08:16,540
So the two terms the system, what kinds of messages to lock you?

92
00:08:17,990 --> 00:08:18,470
So.

93
00:08:24,410 --> 00:08:31,070
For example, cuts are listed from lowest priorities starting at the back to highest priority ending

94
00:08:31,250 --> 00:08:32,080
panic here.

95
00:08:32,660 --> 00:08:42,410
So if it's a priority here is, uh, like that messages of our priorities are logged.

96
00:08:44,110 --> 00:08:51,280
So when you specify your priority messages of that priority and hires are logged, for instance, if

97
00:08:51,280 --> 00:08:58,090
you specify a priority code alert, the system will log messages classified as alert and a higher priority.

98
00:08:58,090 --> 00:09:05,290
But it won't look messages marked as Crete or any, uh, any prior to lower than the alert here.

99
00:09:05,530 --> 00:09:10,720
So first thing, I want to show you how priorities here and priority names here.

100
00:09:11,260 --> 00:09:12,330
So, um.

101
00:09:13,910 --> 00:09:17,870
And here is 12 priorities, I think so.

102
00:09:18,200 --> 00:09:19,370
The first is Denmark.

103
00:09:20,000 --> 00:09:20,960
Yes, there is a.

104
00:09:22,360 --> 00:09:23,320
Um, actually.

105
00:09:23,650 --> 00:09:24,180
Nine.

106
00:09:24,430 --> 00:09:25,720
Yes, they bark here.

107
00:09:25,960 --> 00:09:29,140
Uh, info notice here.

108
00:09:29,170 --> 00:09:33,580
Uh, warning the barn and roof air.

109
00:09:34,030 --> 00:09:38,680
Create alert, merge panic element here.

110
00:09:39,610 --> 00:09:41,860
So the court's warning?

111
00:09:44,240 --> 00:09:44,720
One.

112
00:09:44,840 --> 00:09:48,740
So there is the not most priorities here, for example.

113
00:09:49,280 --> 00:09:51,910
The bug is the motivator.

114
00:09:51,920 --> 00:10:00,140
Priorities in for little would be enforce priorities bigger than in the bank and not his priority is

115
00:10:00,380 --> 00:10:01,160
bigger than info.

116
00:10:01,500 --> 00:10:04,910
Priority priorities bigger than not is like that and the most prioritized.

117
00:10:04,940 --> 00:10:07,820
Um, this message we're looking at is panic.

118
00:10:08,630 --> 00:10:09,020
So.

119
00:10:11,990 --> 00:10:17,510
For example, there is the burning barn here where some barn.

120
00:10:18,620 --> 00:10:18,890
Oops!

121
00:10:20,430 --> 00:10:23,200
Warning, uh, one morning.

122
00:10:24,140 --> 00:10:24,620
Uh.

123
00:10:26,690 --> 00:10:29,360
Actually not warning, you know, one.

124
00:10:31,380 --> 00:10:31,750
Raw.

125
00:10:34,180 --> 00:10:38,170
Air and emerge here, um.

126
00:10:38,740 --> 00:10:45,790
And panic here have all been deprecated and shall not be used, so if you want to use it, the action

127
00:10:45,790 --> 00:10:49,660
is usually a file name and the location where the looks should be sent.

128
00:10:50,630 --> 00:10:51,080
So.

129
00:10:53,810 --> 00:10:56,280
Don't save, so we don't want to save.

130
00:10:56,540 --> 00:10:57,590
It's just a note here.

131
00:10:58,010 --> 00:11:04,240
So not at the general outlook for us are sent to VAR look directory.

132
00:11:05,300 --> 00:11:06,620
So um.

133
00:11:09,930 --> 00:11:15,450
With a file name, of course, that describes the facility that generated them, such as that out here,

134
00:11:16,020 --> 00:11:16,590
like that?

135
00:11:16,740 --> 00:11:17,640
Yeah, out.

136
00:11:19,370 --> 00:11:22,370
Or Colonel meal like that.

137
00:11:23,360 --> 00:11:24,260
As you can see here.

138
00:11:26,640 --> 00:11:34,440
Uh, this means, for example, that looks generated by the old facility will be sent to VAR, log out

139
00:11:34,710 --> 00:11:35,580
that lock here.

140
00:11:36,570 --> 00:11:44,040
So, uh, we can, uh, see the worm our mail looks cause, uh, VAR log mail that work here.

141
00:11:44,760 --> 00:11:47,070
Uh, so like that, for example.

142
00:11:48,460 --> 00:11:51,760
Actually, let's look out here, so.

143
00:11:53,430 --> 00:12:02,070
Yeah, we can clean automatically, upload speed logo, look, rotate here, so look, look files takes

144
00:12:02,580 --> 00:12:10,080
up space, so if you don't delete them, so actually, I um forgot to mention you are so you can change

145
00:12:10,080 --> 00:12:12,510
this look was the direction here.

146
00:12:12,510 --> 00:12:17,880
For example, if you want to save your mail, look uh, to your home directory.

147
00:12:17,880 --> 00:12:21,660
You can change it here, but I will not change any of it.

148
00:12:22,230 --> 00:12:22,590
So.

149
00:12:24,010 --> 00:12:30,280
Now you can also automatically clean up looks with a local road to.

150
00:12:31,320 --> 00:12:38,310
The log rotate command to look fires takes take up space, so if you don't delete them periodically,

151
00:12:38,580 --> 00:12:40,950
they will eventually fill your entire hard drive.

152
00:12:41,520 --> 00:12:46,710
On the other hand, if you delete your log fast or frequently, you won't have logs to investigate at

153
00:12:46,710 --> 00:12:51,900
some future point in time so you can use log, but rotate.

154
00:12:53,970 --> 00:13:00,780
A little later to determine the balance between the opposing requirements, by opposing the requirements,

155
00:13:00,780 --> 00:13:08,880
by rotating your blocks, so log rotation is the process of recovery archiving look fast by moving them

156
00:13:08,910 --> 00:13:10,890
to some other location.

157
00:13:11,310 --> 00:13:16,250
So leaving you with a fresh look, find that archive now.

158
00:13:16,350 --> 00:13:23,790
Location will get cleaned up after a specific, specific specified period of time, so your system is

159
00:13:23,790 --> 00:13:26,400
already rotating log files using your current job.

160
00:13:26,700 --> 00:13:35,070
So that employs the local state utility so you can configure the log rotate utility to choose the regularity

161
00:13:35,340 --> 00:13:40,230
of your log rotation with ATC Log Rotate Call Mantgem.

162
00:13:40,230 --> 00:13:49,290
It's um, so let's open it with a text editor sudo mousepad ATC log rotate here call.

163
00:13:50,890 --> 00:13:55,960
And you can see here we can see our little rate configuration file.

164
00:13:57,680 --> 00:13:59,960
So now let's talk about them.

165
00:14:00,380 --> 00:14:06,050
So first is virtually as quickly as you can see these comments here so quickly.

166
00:14:06,140 --> 00:14:11,210
What is very clear, first, you can see that the unit or unit of time you wrote it, numbers refer

167
00:14:11,220 --> 00:14:12,940
to this here.

168
00:14:12,950 --> 00:14:16,230
For example, the default here is weekly.

169
00:14:16,520 --> 00:14:20,450
Meaning any number after the rotate keyword always referred to weeks.

170
00:14:21,460 --> 00:14:24,280
So I'm further down, you can see the settings.

171
00:14:24,970 --> 00:14:27,880
How often rotate locks, locks here.

172
00:14:28,270 --> 00:14:34,420
Uh, the default setting is to rotate logs every four weeks.

173
00:14:34,870 --> 00:14:36,160
Um, here.

174
00:14:36,400 --> 00:14:40,120
So this default configuration will work for most people.

175
00:14:40,420 --> 00:14:47,370
But if you want to keep your locks longer for investigative purposes or, uh, shorter to clean, uh,

176
00:14:47,380 --> 00:14:54,460
them out quicker, this is the setting you should change so you can so you can change its here.

177
00:14:56,270 --> 00:15:03,530
So, for instance, if you check your log files every week and want to save storage space, you could

178
00:15:03,530 --> 00:15:07,550
change the setting to rotate one here.

179
00:15:08,000 --> 00:15:09,910
But I will leave it as it is.

180
00:15:10,880 --> 00:15:18,050
So if you have a plenty of storage for your looks and want to keep semi-permanent or record for forensic

181
00:15:18,050 --> 00:15:24,560
analysis later, you could change the setting to rotate, for example, to save to keep your logs for

182
00:15:25,220 --> 00:15:29,360
six months or rotate it to to keep them for one year.

183
00:15:36,690 --> 00:15:36,990
Yeah.

184
00:15:41,440 --> 00:15:48,850
So by default, the same plan and you look file is created when old ones are rotated out here, as you

185
00:15:48,850 --> 00:15:49,990
can see, create here.

186
00:15:50,930 --> 00:15:54,860
So as the comments in the configuration file advice.

187
00:15:55,920 --> 00:16:04,210
Uh, you can also choose the competition, uh, route rotated, uh, rotated, look, file, see it

188
00:16:04,230 --> 00:16:11,700
as you can see your compass, but it's common here and this means there's, uh, uncompressed look fancier

189
00:16:12,660 --> 00:16:14,630
at the end of the rotation period.

190
00:16:14,640 --> 00:16:21,690
The log files are named and pushed, uh, towards the end of the chain of logs as a new look file is

191
00:16:21,690 --> 00:16:28,500
created, uh, replacing the current look for, for instance, VAR log out will become, uh, VAR log

192
00:16:28,500 --> 00:16:31,680
out one, then VAR log out too.

193
00:16:31,680 --> 00:16:42,330
And so if you rotate logs every four weeks and keep keep for a set of backups, you will have VAR log

194
00:16:42,330 --> 00:16:50,100
out for about no VAR log out five, meaning that VAR log out four will be deleted rather than being

195
00:16:50,100 --> 00:16:51,930
pushed to look out five.

196
00:16:52,410 --> 00:17:00,350
So you can see this by using the look at common to find, um, out log log files with the wildcard here,

197
00:17:00,360 --> 00:17:00,990
for example.

198
00:17:00,990 --> 00:17:02,450
Let's find.

199
00:17:04,980 --> 00:17:15,420
Locate, as we a layer of our law clear out that log and then quiet, as you can see here, we have

200
00:17:15,420 --> 00:17:18,960
to outlook one and outlook to hear.

201
00:17:19,900 --> 00:17:27,060
So for more details on the many ways to customize and use the log rotate, utilities say the MEN and

202
00:17:27,340 --> 00:17:33,400
log will rotate while the log rotate page here, as you can see here.

203
00:17:33,790 --> 00:17:40,090
So, uh, as you know, man, is there help, uh, documentation for every couple months in links?

204
00:17:41,140 --> 00:17:46,480
Uh, so we discussed that in previous elections so far.

205
00:17:46,480 --> 00:17:52,270
So this is an excellent resource to learn about the functions you can use and the variables we can change

206
00:17:52,270 --> 00:17:55,030
to customize how your looks are handled.

207
00:17:56,840 --> 00:18:02,750
So I once you become more familiar with Linux, you will get a better sense of how often you need to

208
00:18:02,750 --> 00:18:05,790
log and what options you prefer.

209
00:18:05,810 --> 00:18:08,540
So it's worth revisiting the logo.

210
00:18:08,540 --> 00:18:11,510
Rotate that configuration file.

211
00:18:15,090 --> 00:18:22,080
Remaining still, Tim, actually, I won't look at home, I mean, spend time, OK, remaining Stilton,

212
00:18:22,140 --> 00:18:27,480
once you have compromised the learning system, it's useful to disable logging and remove any evidence

213
00:18:27,480 --> 00:18:32,640
of your intrusion into look files to reduce the chances chances of detection.

214
00:18:33,300 --> 00:18:41,640
So there are many ways to do this, and each carrier's its own risks and level of reliability so we

215
00:18:41,640 --> 00:18:44,910
can remove evidence and others here.

216
00:18:45,930 --> 00:18:52,530
So first, you will want to remove any locks offshore activity so you can't simply open the log files

217
00:18:52,530 --> 00:18:59,550
and press a slim remove annual looks that healing your activity line by line using the file, the deletions

218
00:18:59,550 --> 00:19:03,000
techniques you learned in previously the previous lectures.

219
00:19:04,140 --> 00:19:13,020
So which will look, however, in here this could be time consuming, all the time gaps in the workforce,

220
00:19:13,980 --> 00:19:15,930
which would look suspicious.

221
00:19:15,940 --> 00:19:21,150
Also, deleted files can generally be recorded by a skilled forensics investigator.

222
00:19:21,750 --> 00:19:27,390
A better and more secure solution is to shred the log facts with other file deletion systems.

223
00:19:27,780 --> 00:19:31,170
A skilled investigator is still able to recover the deleted files.

224
00:19:31,890 --> 00:19:38,940
But suppose the way, uh, was a way to delete the file and override as several times making it much

225
00:19:38,940 --> 00:19:40,080
harder to recover.

226
00:19:40,710 --> 00:19:47,790
Lucky for us, Linux has built in command, appropriately named, uh, right here for justice purpose.

227
00:19:50,140 --> 00:19:52,990
So to understand how the red command's work.

228
00:19:53,020 --> 00:19:56,650
Take a quick look at help screen here red.

229
00:19:59,110 --> 00:20:00,960
Should help.

230
00:20:03,290 --> 00:20:08,120
So as you can see here, shreds once on file.

231
00:20:08,390 --> 00:20:15,890
So when it sounds credible, will delete the file and overwrite it several times by default or shred

232
00:20:16,370 --> 00:20:19,010
by default, shred all rights four times.

233
00:20:19,400 --> 00:20:25,280
So general, the more times the file is overwritten, the harder it is to recover.

234
00:20:25,550 --> 00:20:28,280
But keep in mind that each override takes time.

235
00:20:28,550 --> 00:20:32,960
So for very large files, shredding may become time-consuming.

236
00:20:33,440 --> 00:20:40,820
Uh, so two useful options to include are the if option, which means the permissions on the files to

237
00:20:41,260 --> 00:20:49,910
everything if a permission change is necessary and in an option here in, uh, in option.

238
00:20:51,920 --> 00:20:59,210
Which lets you choose how many times all right fails as an example with a shred log files ten times

239
00:20:59,630 --> 00:21:04,790
or using, for example, shred, uh, pseudo read.

240
00:21:06,140 --> 00:21:14,100
Um, if and in ten times so VAR log out will look.

241
00:21:14,390 --> 00:21:14,480
It.

242
00:21:17,360 --> 00:21:24,650
So we need the option to give us a permission to spread out fast and be full of the an option, which

243
00:21:24,650 --> 00:21:29,660
is desired number of number of times to operate.

244
00:21:30,050 --> 00:21:36,770
So after the head of the file, we want to shred being called the Volcker SSX, so we are shredding

245
00:21:36,770 --> 00:21:38,470
not just about that look file.

246
00:21:38,480 --> 00:21:45,530
We are also shredding and look for that have been created with low grade such as Outlook one, Outlook

247
00:21:45,530 --> 00:21:47,030
two, outlook and so on.

248
00:21:48,680 --> 00:21:49,340
So now.

249
00:21:51,070 --> 00:21:54,100
Once shredded, a valuable said that, um.

250
00:21:55,840 --> 00:22:06,220
Contents are in desperate and gibberish, yeah, I saw Mouse Pad Bar long hair out, long one.

251
00:22:07,840 --> 00:22:15,730
It's permissions denied pseudo here, so you can see here there's nothing to see because it's silly

252
00:22:15,730 --> 00:22:16,090
to know.

253
00:22:16,930 --> 00:22:23,020
So no, the security engineer or forensics investigator examines the look files and they will find nothing

254
00:22:23,470 --> 00:22:26,200
of use because none of its of its recoverable.

255
00:22:27,460 --> 00:22:28,720
So now we can.

256
00:22:29,260 --> 00:22:30,580
I want less last limb.

257
00:22:31,300 --> 00:22:37,510
Let's disable logging here, and there are options for recovering or tracks is too simple disable logging,

258
00:22:38,380 --> 00:22:45,040
uh, when a hiker takes control of the system and they could immediately disable logging to prevent

259
00:22:45,040 --> 00:22:47,950
system from keeping track of their activities.

260
00:22:48,850 --> 00:22:50,920
This, of course, requires route closures.

261
00:22:51,160 --> 00:22:53,710
So this to disable all logging.

262
00:22:54,040 --> 00:23:02,890
Uh, the hacker called simplicity of the Irish Sea SEAL Log Diamond Um and stopping and servicing Linux

263
00:23:02,890 --> 00:23:04,990
uses the same syntax here.

264
00:23:05,140 --> 00:23:08,530
Service here I will write syntax here.

265
00:23:08,530 --> 00:23:12,400
Cell service name and start.

266
00:23:13,720 --> 00:23:15,970
Stop or restart it.

267
00:23:16,940 --> 00:23:27,800
So to stop the looking down on you called simply enter here service, so it's, uh, Cecil, look,

268
00:23:27,800 --> 00:23:28,490
stop here.

269
00:23:32,480 --> 00:23:35,570
And it is need, uh, root privileges here.

270
00:23:36,050 --> 00:23:38,060
Enter your account password.

271
00:23:38,750 --> 00:23:43,760
Um, and as you can see here, we just stopped, uh, see smoke.

272
00:23:44,000 --> 00:23:44,300
Yeah.

273
00:23:45,370 --> 00:23:52,090
Now, nukes will stop generating and look fires under the services restarted, enabling you to operate

274
00:23:52,090 --> 00:23:57,340
without leaving behind any evidence in the low profile, so start there.

275
00:23:59,480 --> 00:24:06,530
So and here you can start and serious like that, log files track nearly everything that happens when

276
00:24:06,530 --> 00:24:07,490
your learning system.

277
00:24:07,790 --> 00:24:15,740
They can be invaluable resource in trying to analyze what has occurred, whether it be malfunction or

278
00:24:15,740 --> 00:24:16,160
heck.

279
00:24:16,910 --> 00:24:22,130
So for the hacker, look files can be evidence of their activities and their identity.

280
00:24:22,610 --> 00:24:29,540
So how we were and as true to Hacker, can remove and shred these files and disable logging entirely.

281
00:24:29,900 --> 00:24:31,760
So just leaving no evidence behind.