No matter ssh or the terminal obtained through rebound, there is a log. Therefore, the first thing we do after getting the terminal is to try not to record the log. Generally, we will execute the following three commands: HISTFILE =/dev/null, HISTFILESIZE = 0, and HISTSIZE = 0 (I usually use python scripts for rebound. It comes with the pty module and has built-in unsetenv (), so it can be left empty ), however, if you ssh to other machines in the terminal, there will be another log, such as wtmp and lastlog. If you do not know it, others can find it after the last one, in addition, the Administrator also sends detailed logon information during ssh logon. Therefore, when logging on to ssh, you must be clear about wtmp and lastlog. This requires additional programs. If sed is used, it is too troublesome, and not thorough.
Someone has written logtamper in China and can delete (or hide) lastlog, wtmp, and other information.
I didn't know the records such as wtmp and lastlog in the Intranet before, but I was miserable. After the Administrator directly entered iptables-A, I said goodbye to the Intranet.
When talking to A friend, he also did not clear the lastlog, wtmp and other records. The Administrator also sent A few times of iptables-A, and he also said goodbye to the Intranet.
Then he discussed how to redesign RT, hide ports, hide connection information, and hide files, I asked him to record ssh, ftp, telnet login and logout information, and specifically told him to include the logtamper function. If it is connected through RT, records such as wtmp and lastlog are automatically cleared.
Some administrators will record wget. Even if you execute commands such as HISTFILE =/dev/null, you will still record wget.