Privacy concerns from persistent install logs.

[pinchegringo]

First, I just want to give huge thanks to everyone involved in the BackTrack project - it is beyond awesome and useful, both as a network testing environment and as a learning tool. That said I hope my post doesn't land me in the idiots box...

I installed BT 4 PF as a persistent install on an 8GB MicroSD card and customized and tweaked the hell out if it - so far so good. The one thing I noticed is the huge amount of activity logging that goes on. I am not the most paranoid guy out there, I mean I don't keep my junk in a Faraday cage cod piece, but it occurred to me that as these activity logs continue to grow in size, they can be a privacy liability for some. Also, since I am a Linux newb, what other files besides the syslog in var/log are there that maintain and append my activities, system configuration changes (when switching systems) that I should be concerned with?

I love the persistent install, but I would like some info on keeping it clean and as anonymous as possible.

Thanks in advance!

Best Regards,

PG

[Gitsnik]

You have a couple of options available to you - and some thoughts before you continue.

Your first thoughts should be: do I really want to blow away my logs - what happens if I have to debug an error? What about if I get cracked back and want to see how they got in? Will I be doing anything illegal at all to justify blowing away my logs?

Especially if you are doing this professionally, keeping logs is essential for proof later on. If you are not, then you are either doing things illegal (in which case we can't help you) or you are being overly paranoid for no reason (in which case we can't help you - but I can recommend a good psych if you are in the .au region :P).

There is a third option which will probably pertain to you. I run my BT install on an Asus with internal SSD. It's lightning fast but I'd rather not have burn out too fast, so my /var/log directory is a separate partition created tmpfs (check the BT3 installation process for how to do this - I imagine the same will work for BT4 but I haven't migrated my portable to it yet). I make sure I rsync my logfiles to an external USB device during tests to be sure I have the files backed up and for reliability purposes, but when I'm just mucking around with my system, there is no need for this.

That might be your best option - other options include linking certain files to /dev/null ( rm /var/log/message && ln -s /dev/null /var/log/messages ) or using wiper programs.

If you are doing illegal stuff, I retract all previous statements and hope you get caught for appealing to my weaker moment this early in the morning.

[pinchegringo]

I am not doing anything illegal, however I do have a major paranoid/obsessive-compulsive streak that I nurtured since the 70s. BTW, what kind of wiper programs are there that work on BT4?

Thanks again!

[Nemis]

there are some tool under menu / backtrack / digital forensics / anti forensics

[thorin]

My first thought here is privacy != security (and vice versa).

Logs exist for a reason, debugging problems (whether system or user problems).

If you believe you don't need the logs then turn them off or setup a shutdown script that cleans them up.