Clearing Kernel Message

Created the Thursday 16 January 2025. Updated 2 days, 1 hour ago.

The dmesg -C command clears the kernel message buffer, which stores diagnostic messages generated by the kernel. These messages include logs about hardware interactions, system events, kernel module loads, and errors such as segmentation faults. The attacker can run this command to make sure that no trace of kernel-related activity, including any anomalies caused by exploitation, remains in the message buffer.

Investigators rely on kernel messages to identify signs of compromise or abnormal behavior, such as unauthorized kernel module loads or system crashes. Attackers can clear the buffer to hide exploitation techniques or tools that interacted directly with the kernel and make it more challenging to identify or reproduce their attack path during forensic analysis.

What is dmesg?

The dmesg command in Linux displays the contents of the kernel message buffer. This buffer contains diagnostic and debug information generated by the Linux kernel, including:

  • Hardware initialization during boot.
  • Kernel module loading and unloading.
  • System errors and warnings.
  • Crash dumps or segmentation faults.

These messages are critical for system administrators and forensic analysts to debug issues or understand system behavior.

What Does dmesg -C Do?

The -C option clears the kernel message buffer. When you run dmesg -C, the kernel overwrites all existing messages in the buffer, leaving it empty.

  • Before execution: Running dmesg displays the current messages in the buffer.
  • After execution: Running dmesg shows no output because the buffer is empty. This action does not affect system logs stored in persistent files (e.g., /var/log/kern.log) unless configured to write kernel messages exclusively to the buffer.
Technique Identifier

U0309

Technique Tags

linux dmesg kernel

Additional Resources

External Links

The resources provided below are associated links that will give you even more detailed information and research on current evasion technique. It is important to note that, while these resources may be helpful, it is important to exercise caution when following external links. As always, be careful when clicking on links from unknown sources, as they may lead to malicious content.

Sleeping Alien

Subscribe to our Newsletter

Don't miss out on the latest and greatest updates from us! Subscribe to our newsletter and be the first to know about exciting content and future updates.