An administrator thinks the UNIX systems may be compromised, but a review of system log files provides no useful information.
After discussing the situation with the security team, the administrator suspects that the attacker may be altering the log files and removing evidence of intrusion activity.
Which of the following actions will help detect attacker attempts to further alter log files?
Click on the arrows to vote for the correct answer
A. B. C. D.C.
The correct answer is A. Enable verbose system logging.
Verbose system logging records detailed information about system activity, which can help to detect and investigate security incidents. By enabling verbose logging, the administrator can capture more information about system activity, including any attempts by an attacker to alter log files or cover their tracks.
Changing the permissions on a user's home directory (answer B) may help to protect user data, but it is unlikely to provide any information about the compromise of the system.
Implementing remote syslog (answer C) can help to centralize logging information and provide redundancy in case of a system failure, but it is unlikely to help detect attempts to alter log files.
Setting the bash_history log file to "read only" (answer D) can help to prevent an attacker from erasing their command history, but it will not help detect attempts to alter other log files.
Therefore, enabling verbose system logging is the most appropriate action to help detect attacker attempts to further alter log files. By capturing more detailed information about system activity, the administrator can more easily identify suspicious behavior and investigate potential security incidents.