Home

Awesome

[WIP] BURN

An Anti-Forensics Toolkit to clear sensible logfiles on *nix sistems, inspired by an EquationGroup's command which originally made sure "you've cleaned up any temporary files you've left on the box".

USAGE

BURN has several operational modes:

TODO

Log Files in the /var/log Directory:

System Logs NameFilenameDescription
Boot Logboot.logContains messages indicating which systems services have started and shut down successfully and which (if any) have failed to start or stop.
Cron LogcronContains status messages from the crond, a daemon that periodically runs scheduled jobs, such as backups and log file rotation.
Kernel Startup LogdmesgA recording of messages printed by the kernel when the system boots.
FTP LogxferlogInformation about files transferred using the wu-ftpd FTP service.
Apache Access Loghttpd/access_logLogs requests for information from your Apache Web server.
Apache Error Loghttpd/error_logLogs errors encountered from clients trying to access data on your Apache Web server.
Mail LogmaillogContains information about addresses to which and from which e-mail was sent. Useful for detecting spamming.
MySQL Server Logmysqld.logIncludes information related to activities of the MySQL database server (mysqld).
News LogspoolerDirectory containing logs of messages from the Usenet News server, if you are running one.
RPM PackagesrpmpkgsContains a listing of RPM packages that are installed on your system.
Security LogsecureRecords the date, time, and duration of login attempts and sessions.
System LogmessagesA general-purpose log file to which many programs record messages.
Update Agent Logup2dateContains messages resulting from actions by the Red Hat Update Agent.
XFree86 LogXFree86.0.logIncludes messages output by the Xfree86 server.
*gdm/:0.logHolds messages related to the login screen (GNOME display manager).
*samba/log.smbdMessages from the Samba SMB file service daemon.
*squid/access.logContains messages related to the squid proxy/caching server.
*vsftpd.logContains messages relating to transfers made using the vsFTPd daemon (FTP server).
*sendmailError messages recorded by the sendmail daemon.
*uucpStatus messages from the Unix to Unix Copy Protocol daemon.
*snortSNORT
*/aide/aide.logAIDE, Advanced Intrusion Detection Environment