Phase 5

· Phase 5: Remove the evidence of your existence

This is all about removing any evidence. You should always edit the specific log files and delete only the parts that trace back to you. A completely empty log file look quite suspicious. Below are some samples of linux logfiles that you should take care at least!

Edit (not delete) ~/.bash_history

Edit (not delete) /var/log/messages

Edit (not delete) /var/log/auth_log

Edit (not delete) ~/.ssh/known_hosts