Clear Your Tracks on Linux


In this article and video, I show you how to clear your tracks in Linux. This is very important if you are a penetration tester, an ethical hacker, or a cybersecurity expert.


Clear Your Tracks The Final Step

It is one of the biggest mistakes an attacker makes to let a track behind.

If you see the biggest attacks in the past years, most of the detection was made really easy from the malware that the black hat hacker(s) have left, which they didn’t clear. Many of the “best hackers” got caught this way.

If you are an attacker your first have to clear your logs, modify your registry, or clear the registry you did create. And at the last remove any files or commands that you have been using. “Clearing Your Tracks” is really underestimated in my opinion.


cd /var/log

As you can see below, when we open the cd /var/log they’re a lot of logs. It is pretty self-explanatory as you can guess it from the names
these log having various use cases like there is a user log, a mack changer log, an authentication log, and kernel log as well with is always interesting.

cd /var/log



The authentication log with stores all the auth.log, which is very important to a forensic team, they can analyze what was happen, and what activities are done. You can of course use any text editor. like vim, nano, pluma, or any other you like.

sudo nano /var/log/auth.log

sudo nano /var/log/auth.log



Another log you can use to view kernel information is the /var/log/kern.log file, this logs the kernel information and events on your system, it also logs dmesg output.

sudo dmesg
sudo dmesg

You can see what’s going on. I will not explain right now, because this can be another topic for another time. But I think you will get the idea.


Clear Your Tracks with Shred

Shred is an amazing tool and for sure one of my favorites..! What shred does, it removes all logs permanently.

But why don’t we just simply delete all those files, because all the deleted files can be recovered, and deleting them with shred it actually wipes them permanently

Shred actually renames the file, and changes it to 0’s so many times, and at the end removes it completely.

Now explored the help menu of shred
It is all self explain.. you also may like to have a look at the man page of shred.

shred -h
man shred

man shred ethical hacking Clear Your Tracks

Now let’s remove a file and clear your tracks

shred -zxuvf (Name of your file)

sudo shred -zxuvf Clear Your Tracks

The command (Explanation) I used for this ::


-z, --zero     add a final overwrite with zeros to hide shredding
-x, --exact    do not round file sizes up to the next full block; this is the default for non-regular files
-u             deallocate and remove file after overwriting
-v, --verbose  show progress
-n, --iterations=N  overwrite N times instead of the default (3)


As you can see it has renamed it so many times 0 and finally removed it.
This can not be recovered.

Apart from that, your bash history is also very important. Even a normal Linux user can guess what someone has done looking at the file, so make sure you delete that as well. You can delete that with shred also but I am not going to do it with shred this time.

Once again, be aware that all files that are normally removed can be recovered..!


Delete The History And Clear Your Tracks

cat ~/.bash_history
> ~/.bash_history

Using the redirect for now

> ~/.bash_history

Delete The History And Clear Your Tracks

Here we go the history is cleared.

Command history #command-history

All your commands are stored at:


You can set your file-size like this to zero, to avoid storing commands.

export HISTSIZE=0

If you set it when you get shell you won’t have to worry about cleaning up the history.



Automate the Clearing of (any) File

To automate the process so that the command history is deleted each day. In this way, if we forget to remove our history (I’m sure I will often) :-D , the system will do it at 11:00 p.m. every day, automatically.

First, open the crontab table in edit mode by typing:

sudo crontab -e
sudo crontab -e

Using the crontab, we can navigate to the end of the file and add the following line.

00 23 * * * shed~/dev/null > ~/.bash_history && cat /dev/null > .bash_hystory

00 23 * * * shed~/dev/null > ~/.bash_history && cat /dev/null > .bash_hystory

In the article below I describe in more detail about the cronjobs



Secure-Delete is a set of tools for Linux operating system and they provide advanced techniques for permanent removal of files.  Once Secure-Delete has been installed on any Linux system, it provides following four commands:

  • srm
  • smem
  • sfill
  • sswap
sudo apt install secure-delete

sudo apt install secure-delete
secure-delete –help


Install Wipe

“Wipe was originally developed to securely erase files from magnetic media. Wipe repeatedly overwrites special patterns to the files to be destroyed, using the fsync() call
and/or the O_SYNC bit to force disk access. In normal mode, 34 patterns are used (of which
8 are random).”
You can remove the contents of a single file, folder, or entire hard disk with this command, but the whole hard disk format using wipe command will take a good amount of time.

sudo apt install wipe

sudo apt install wipe
man wipe
wipe -h

man wipe
wipe -h

Remove any file as:

sudo wipe filename

Remove any directory as:

sudo wipe -r directory name
wipe directory


Some other tricks


Check for hidden files

Are there recent hidden files?

ls -altr


Check what are the currently open files on the systems.

Currently open and active log files?

sudo lsof | grep .log


Check what are the recent documents on the systems

Recent documents on the system?

sudo find / -cmin 0 -print

sudo find / -cmin 0 -print


Don’t forget to remove your Bowser History

Obviously, you should also think about your browser history, your cookies and so many other things. (more about that in another article)


Linux distribution Tails

A good option is to use a Tails for example, which you install on a USB. After shutting down or restarting the system, all downloaded files, browser history, etc. - are deleted.


Clear Your Tracks linux Video

In this video, I show how you give the terminal an attitude. Is this important? No, certainly not, but it is fun.
Then I will show you where to find your all log files, and how to delete them in an easy and good way. I hope you enjoy the video ..! Talking is still a thing :)



Become a member on
Earning on Odysee for watching videos ♥️
Here an invitation link, so that we both benefit.
In this way, you also support my work.$/invite/@hackingpassion:9


Clear Your Tracks Conclusion

I hope from now on, you think a little further than the usual “How to hack” Before you start doing anything, you must have already thought in advance ::

"How am I going to make sure I don’t leave any tracks behind"



Dear people, I do a lot of things on the Internet and I do it all for free. If I don’t get enough to support myself, it becomes very difficult to maintain my web presence, which takes a lot of time, and the server costs also have to be paid. Your support is greatly appreciated.

Thanks guys ..!

Use the link above to donate via PayPal.



✓ This Video and Article is made for educational purposes and pentest only.

* You will not misuse the information to gain unauthorized access.

✓ This information shall only be used to expand knowledge and not for causing malicious or damaging attacks…!

Read also the Disclaimer

All the techniques provided in the tutorials on, are meant for educational purposes only.

If you are using any of those techniques for illegal purposes, can’t be held responsible for possible lawful consequences.

My goal is to educate people and increase awareness by exposing methods used by real black-hat hackers and show how to secure systems from these hackers.



If you have any questions about this article, any feedback, suggestions if you want to share your thoughts, contact me. Please feel free to do so.



By Bulls Eye

Jolanda de koff • emaildonate

My name is Jolanda de Koff and on the internet, I'm also known as Bulls Eye. Ethical Hacker, Penetration tester, Researcher, Programmer, Self Learner, and forever n00b. Not necessarily in that order. Like to make my own hacking tools and I sometimes share them with you. "You can create art & beauty with a computer and Hacking is not a hobby but a way of life ...

I ♥ open-source and Linux