• nevemsenki@lemmy.world
    link
    fedilink
    English
    arrow-up
    8
    ·
    10 months ago

    Downsides include : if any intrusion happens on the server, red team just needs to reboot it to wipe evidence.

    • Perhyte@lemmy.world
      link
      fedilink
      English
      arrow-up
      5
      ·
      edit-2
      10 months ago

      If they have the root access typically needed to reboot a server1 they could also just wipe the logs without rebooting.

      1: GUIs typically have a way to reboot without such privileges, but those are typically not installed on machines just used as servers.