YUM History

Overview

Evidence: Yum History Description: Collect Yum History Category: System Platform: Linux Short Name: yumhisto Is Parsed: Yes Sent to Investigation Hub: Yes Collect File(s): No

Background

This collector gathers yum history information from the Linux system. This data is essential for understanding system activity, detecting security incidents, and investigating system-related events.

Data Collected

This collector gathers structured data about yum history.

Yum History Data

Field

Description

Example

ID

Primary key (auto-increment)

TransactionId

Transaction ID

123

StartTime

Transaction start time

2023-10-15 14:30:25

EndTime

Transaction end time

2023-10-15 14:35:25

Command

YUM command

install

Packages

Package list

vim,git

Status

Transaction status

Success

Collection Method

This collector parses the necessary data from the yum_history table.

Usage

This evidence is crucial for forensic investigations as it provides yum history information. It helps investigators understand system activity, detect security incidents, and investigate system-related events. The data can reveal system changes, unauthorized activities, and potential security vulnerabilities. Analysts can use this information to identify system compromises, trace malicious activities, and assess Linux security posture.

Notes

This data may contain sensitive information that should be handled according to data protection requirements. Ensure proper chain of custody is maintained during collection and analysis.

PreviousYUM Sources NextSELinux Configs

Last updated 13 minutes ago

Was this helpful?