Edit Threat

Name

Category

Tags (comma-separated)

Description Adversaries may clear system logs to hide evidence of an intrusion. macOS and Linux both keep track of system or user-initiated actions via system logs. The majority of native system logging is stored under the /var/log/ directory. Subfolders in this directory categorize logs by their related functions, such as: /var/log/messages:: General and system-related messages /var/log/secure or /var/log/auth.log: Authentication logs /var/log/utmp or /var/log/wtmp: Login records /var/log/kern.log: Kernel