Results 1 to 5 of 5

Thread: Privacy concerns from persistent install logs.

  1. #1
    Just burned their ISO
    Join Date
    Mar 2010
    Posts
    15

    Question Privacy concerns from persistent install logs.

    First, I just want to give huge thanks to everyone involved in the BackTrack project - it is beyond awesome and useful, both as a network testing environment and as a learning tool. That said I hope my post doesn't land me in the idiots box...

    I installed BT 4 PF as a persistent install on an 8GB MicroSD card and customized and tweaked the hell out if it - so far so good. The one thing I noticed is the huge amount of activity logging that goes on. I am not the most paranoid guy out there, I mean I don't keep my junk in a Faraday cage cod piece, but it occurred to me that as these activity logs continue to grow in size, they can be a privacy liability for some. Also, since I am a Linux newb, what other files besides the syslog in var/log are there that maintain and append my activities, system configuration changes (when switching systems) that I should be concerned with?

    I love the persistent install, but I would like some info on keeping it clean and as anonymous as possible.

    Thanks in advance!

    Best Regards,

    PG

  2. #2
    Very good friend of the forum Gitsnik's Avatar
    Join Date
    Jan 2010
    Location
    The Crystal Wind
    Posts
    851

    Default

    You have a couple of options available to you - and some thoughts before you continue.

    Your first thoughts should be: do I really want to blow away my logs - what happens if I have to debug an error? What about if I get cracked back and want to see how they got in? Will I be doing anything illegal at all to justify blowing away my logs?

    Especially if you are doing this professionally, keeping logs is essential for proof later on. If you are not, then you are either doing things illegal (in which case we can't help you) or you are being overly paranoid for no reason (in which case we can't help you - but I can recommend a good psych if you are in the .au region :P).

    There is a third option which will probably pertain to you. I run my BT install on an Asus with internal SSD. It's lightning fast but I'd rather not have burn out too fast, so my /var/log directory is a separate partition created tmpfs (check the BT3 installation process for how to do this - I imagine the same will work for BT4 but I haven't migrated my portable to it yet). I make sure I rsync my logfiles to an external USB device during tests to be sure I have the files backed up and for reliability purposes, but when I'm just mucking around with my system, there is no need for this.

    That might be your best option - other options include linking certain files to /dev/null ( rm /var/log/message && ln -s /dev/null /var/log/messages ) or using wiper programs.

    If you are doing illegal stuff, I retract all previous statements and hope you get caught for appealing to my weaker moment this early in the morning.
    Still not underestimating the power...

    There is no such thing as bad information - There is truth in the data, so you sift it all, even the crap stuff.

  3. #3
    Just burned their ISO
    Join Date
    Mar 2010
    Posts
    15

    Default Thank you!

    I am not doing anything illegal, however I do have a major paranoid/obsessive-compulsive streak that I nurtured since the 70s. BTW, what kind of wiper programs are there that work on BT4?

    Thanks again!

  4. #4
    Senior Member
    Join Date
    Jan 2009
    Posts
    114

    Default

    there are some tool under menu / backtrack / digital forensics / anti forensics
    acer 5920g , 345abg , nvidia 8600m
    bt5 kde 64bit + acpi + cuda 4.0 / nvidia 270.40 / pyrit

  5. #5
    My life is this forum thorin's Avatar
    Join Date
    Jan 2010
    Posts
    2,629

    Default

    My first thought here is privacy != security (and vice versa).

    Logs exist for a reason, debugging problems (whether system or user problems).

    If you believe you don't need the logs then turn them off or setup a shutdown script that cleans them up.
    I'm a compulsive post editor, you might wanna wait until my post has been online for 5-10 mins before quoting it as it will likely change.

    I know I seem harsh in some of my replies. SORRY! But if you're doing something illegal or posting something that seems to be obvious BS I'm going to call you on it.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •