We notice traces
Remember I told about kill -9 $$ ?
So, I repeat a bit: kill -9 $$ - “exit” from the console without saving the history.
How it works: $$ - identifier of the current console process; kill -9 I think no need to explain? Well, just in case: kill -9 kills the specified process (the child processes will also be killed themselves).
But before disappearing completely from the console, it would not hurt to clean up the ~ / .bash_history file, and the most interesting file: / var / log / lastlog, which is where the last IP from which was logged in. This file is not an ordinary plain text, so you need to edit it carefully. Open and change your IP everywhere.
In general, it can be completely removed, then when I login to the console, there will be no last login line at all, I’m on Debian, for example, it’s not created.
')
Thus, knowing the password, you can get into the system almost imperceptibly and disappear from there as well.
For operations with the lastlog file, you need root rights.
And perhaps the most important thing: do not forget that Linux keeps quite detailed logs, and your every action can be somewhere and recorded.
So, I repeat a bit: kill -9 $$ - “exit” from the console without saving the history.
How it works: $$ - identifier of the current console process; kill -9 I think no need to explain? Well, just in case: kill -9 kills the specified process (the child processes will also be killed themselves).
But before disappearing completely from the console, it would not hurt to clean up the ~ / .bash_history file, and the most interesting file: / var / log / lastlog, which is where the last IP from which was logged in. This file is not an ordinary plain text, so you need to edit it carefully. Open and change your IP everywhere.
In general, it can be completely removed, then when I login to the console, there will be no last login line at all, I’m on Debian, for example, it’s not created.
')
Thus, knowing the password, you can get into the system almost imperceptibly and disappear from there as well.
For operations with the lastlog file, you need root rights.
And perhaps the most important thing: do not forget that Linux keeps quite detailed logs, and your every action can be somewhere and recorded.
Source: https://habr.com/ru/post/53590/
All Articles