John is the network administrator of XSECURITY systems. His network was recently compromised. He analyzes the logfiles to investigate the attack.

Take a look at the following Linux logfile snippet. The hacker compromised and “owned” a Linux machine. What is the hacker trying to accomplish here?

[root@apollo /]# rm rootkit.c
root@apollo /]# [root@apollo /]# ps -aux | grep inetd ; ps -aux | grep portmap ; rm /sbin/portmap ; rm /tmp/h ; rm /usr/sbin/rpc.portmap ; rm -rf .bash* ; rm -rf /root/.bash_history ; rm – rf /usr/sbin/namedps -aux | grep inetd ; ps -aux | grep portmap ; rm /sbin/por359 ? 00:00:00 inetd 59 ? 00:00:00 inetd
m: cannot remove `/tmp/h’: No such file or directory
m: cannot remove `/usr/sbin/rpc.portmap’: No such file or directory [root@apollo /]# ps -aux | grep portmap
root@apollo /]# [root@apollo /]# ps -aux | grep inetd ; ps -aux | grep portmap ; rm /sbin/portmap ; rm /tmp/h ; rm /usr/sbin/rpc.portmap ; rm -rf .bash* ; rm -rf /root/.bash_history ; rm – rf /usr/sbin/namedps -aux | grep inetd ; ps -aux | grep portmap ; rm /sbin/por359 ? 00:00:00 inetd
m: cannot remove `/sbin/portmap’: No such file or directory
m: cannot remove `/tmp/h’: No such file or directory
>rm: cannot remove `/usr/sbin/rpc.portmap’: No such file or directory root@apollo /]# rm: cannot remove `/sbin/portmap’: No such file or directory

A.
The hacker is attempting to compromise more machines on the network

B.
The hacker is trying to cover his tracks

C.
The hacker is running a buffer overflow exploit to lock down the system

D.
The hacker is planting a rootkit

Explanation:
By deleting temporary directories and emptying like bash_history that contains the last commands used with the bash shell he is trying to cover his tracks.