1

I'm a root user on my server. There are a bunch of users on my system. As you know, when you type w you can see who is and who isn't online. With the last command you can check last users who were logged in to your system, according to /var/log/wtmp path.

Is there any way to stop all logging throughout the system for a specific user?

I know we can do like cat /dev/null > /var/log/wtmp, but this action removes all of the logs.

It can be done by rootkits like vlany, but how we can do it without them, I mean with commands?

schroeder
  • 123,438
  • 55
  • 284
  • 319
Freeman
  • 221
  • 1
  • 3
  • 6
  • You would need to filter all log inputs through something that would block a certain user. You could rewrite the syslog process, but that only works for logs generated by syslog. If I wrote my own app, I could generate and store logs anywhere I like, for instance. – schroeder May 21 '19 at 12:43
  • @schroeder, So we can not able to manage all log files as we want, even if we have root access ? – Freeman May 21 '19 at 12:46
  • So what is the mechanism of vlany for instance ? It generates new syslog ? – Freeman May 21 '19 at 12:48
  • Root access is not the problem. Knowing all the processes that log and knowing how/where they log is the problem. – schroeder May 21 '19 at 14:18

0 Answers0