Which of the following actions will help detect attacker attempts to further alter log files?

Last Updated on August 14, 2021 by Admin 3

An administrator thinks the UNIX systems may be compromised, but a review of system log files provides no useful information. After discussing the situation with the security team, the administrator suspects that the attacker may be altering the log files and removing evidence of intrusion activity.

Which of the following actions will help detect attacker attempts to further alter log files?

  • Enable verbose system logging
  • Change the permissions on the user’s home directory
  • Implement remote syslog
  • Set the bash_history log file to “read only”
0 0 votes
Article Rating
Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments