14-Jul-2020 04:29
Hi all,
If someone ran a qkview call on the command line, would there be any logging entry anywhere?
So, the question relates to a pen test activity, and the ability to remain unseen
Will the admins be able to see the command being issued?
Thanks
14-Jul-2020 06:20
Yes, logs will come in audit files, under /var/log, in audit.
It will looks like: AUDIT - pid=xxxx user=xxxx folder=/Common module=(tmos)# status=[Command OK] cmd_data=run /util qkview
