: Enable centralized logging to prevent attackers from wiping local .bash_history .
: Recovery of deleted Bash history files or temporary exploit code. B. User Activity & Account Security
: Inspect ~/.ssh/authorized_keys for unauthorized public keys. D. Network Artifacts