/etc/syslog.conf
In this file you can read all the logs that syslog log.
On linux systems a lot of logs are stored in:
For example:
Here you have failed and successful login attempts. SSH, SUDO, and much more.
/var/log/apache2/access.log
/var/log/apache2/error.log
Remove your own ip like this
grep -v '<src-ip-address>' /path/to/access_log > a && mv a /path/to/access_log
What it does is simply to copy all lines except the lines that contain your IP-address. And then move them, and them move them back again.
grep -v <entry-to-remove> <logfile> > /tmp/a ; mv /tmp/a <logfile> ; rm -f /tmp/a
These logs are not stored in plaintext but instead as binaries. Which makes it a bit harder to clear.
Command history
All your commands are also stored.
You can set your file-size like this to zero, to avoid storing commands.
If you set it when you get shell you won't have to worry about cleaning up the history.
Shredding files lets you remove files in a more secure way.
Clear env https://www.offensive-security.com/metasploit-unleashed/event-log-management/
