Tampering with Log Files

Here are some common attacks to log files:

• Take advantage of weak ACLs on log files and directories
• Modify or delete log files
• Exploit software weakness in logging mechanisms
• Exploit configuration weakness in configuration mechanisms

Contermeasures:

• Secure log file locations
• Store logs on another host
• Use encryption to protect log files
• Use cryptographic hashes to detect tampering
• Back up log files
• Keep logging mechanism patched
• Keep logging mechanism properly configured

Adopted from the book Assessing Network Security by Ben Smith, David LeBlanc, Kevin Lam.