...
/var/log/apache2
or/var/log/nginx
/var/log/{secure*,syslog,auth.log*,kern.log}
/opt/atlassian/*/logs
/var/log/atop_*
/tmp
/var/log/journal
(if systemd journaling is enabled)
...
Code Block |
---|
rsync -raR --numeric-ids root@hackedserver:/tmp,/var/log/{secure*,syslog,auth.log*,kern.log},.... hackedserver-contents/ |
...