Re: [DNG] ..forensics on systemd or journald logs

2017-11-25 Thread Clarke Sideroad
On 25/11/17 11:10 PM, zap wrote: The troublesome routers I would temporarily try a "factory reset" on https://www.dd-wrt.com/wiki/index.php/Hard_reset_or_30/30/30 and set them up from scratch and attempt installation of the most current firmware. It you are having pop-up warnings I would take

Re: [DNG] ..forensics on systemd or journald logs

2017-11-25 Thread zap
The troublesome routers I would temporarily try a "factory reset" on > https://www.dd-wrt.com/wiki/index.php/Hard_reset_or_30/30/30 > and set them up from scratch and attempt installation of the most > current firmware. > > It you are having pop-up warnings I would take a good look at your web >

Re: [DNG] ..forensics on systemd or journald logs

2017-11-25 Thread Clarke Sideroad
On 25/11/17 03:23 AM, leloft wrote: I have learned more about deep-security issues from this list than from all other sources combined. It is probably my most important resource for informations of this kind: it makes me think in ways that I would never have even considered, and is as far

Re: [DNG] ..forensics on systemd or journald logs

2017-11-25 Thread zap
> So could I ask for your opinions please? > 1) What should I replace the Netgear router with? > What's the 'critics choice'? > 2) Which is less insecure: launching X > through a display manager (which has root privileges and grants them > to X), or from startx and Xwrapper

Re: [DNG] ..forensics on systemd or journald logs

2017-11-25 Thread Dan Purgert
On 11/25/2017 03:23 AM, leloft wrote: > On Thu, 23 Nov 2017 15:32:52 -0600 > goli...@dyne.org wrote: > > > So could I ask for your opinions please? > 1) What should I replace the Netgear router with? > What's the 'critics choice'? If you're a "networking guy" (or at least comfortable with

Re: [DNG] ..forensics on systemd or journald logs

2017-11-25 Thread leloft
On Thu, 23 Nov 2017 15:32:52 -0600 goli...@dyne.org wrote: > On 2017-11-23 15:06, Rick Moen wrote: > > > > Seriously, guys, less bullshit on security matters, please. Some > > of us can actually detect it and find it annoying. > > > > What I'm finding annoying is that someone who has been

Re: [DNG] ..forensics on systemd or journald logs

2017-11-23 Thread golinux
On 2017-11-23 15:06, Rick Moen wrote: Seriously, guys, less bullshit on security matters, please. Some of us can actually detect it and find it annoying. What I'm finding annoying is that someone who has been moderated still has a presence on this list via a reply to an off-list email.

Re: [DNG] ..forensics on systemd or journald logs

2017-11-23 Thread Rick Moen
Quoting Arnt Karlsen (a...@iaksess.no): > On Thu, 23 Nov 2017 14:47:40 +0100, John wrote in message > <02372660-5727-d160-fe49-e3a4963f8...@atlantech.com>: > > > On 23/11/17 12:28, Arnt Karlsen wrote: > > > ..the kernel guys has this far proven more trustworthy, IME. > > > > Number of times

Re: [DNG] ..forensics on systemd or journald logs

2017-11-23 Thread Arnt Karlsen
On Thu, 23 Nov 2017 11:32:57 +0100, John wrote in message <51f391b3-2c10-78b0-d1ce-39f56f8e0...@atlantech.com>: > Replying directly because Jaromil has said I am not welcome. ..no problem, I'll cc the list. ;o) > On 23/11/17 11:06, Arnt Karlsen wrote: > > > ..which leaves in place that

Re: [DNG] ..forensics on systemd or journald logs

2017-11-23 Thread Arnt Karlsen
On Thu, 23 Nov 2017 08:20:05 +0100, John wrote in message <25c55d20-a650-5ec7-5943-f2224ba21...@atlantech.com>: > On 22/11/17 17:35, Arnt Karlsen wrote: > > ..to reiterate: Is there a way to decode and read those binary > > systemd journal logs on classic POSIX/Unix etc forensic systems > >

Re: [DNG] ..forensics on systemd or journald logs

2017-11-22 Thread John Hughes
On 22/11/17 17:35, Arnt Karlsen wrote: ..to reiterate: Is there a way to decode and read those binary systemd journal logs on classic POSIX/Unix etc forensic systems _not_ running systemd? Of course. Either install a tool that does it for you, i.e. journalctl, or write a tool to do it using

Re: [DNG] ..forensics on systemd or journald logs

2017-11-22 Thread Arnt Karlsen
On Wed, 22 Nov 2017 12:58:10 +, Arnt wrote in message <6ff3d9c1-e23c-4b0e-af51-5f8db1425...@gulbrandsen.priv.no>: > Arnt Karlsen writes: > > you appear to suggest that law enforcement wanting to read systemd > > journal logs, _should_ depend on the mercy of systemd developers > > not

Re: [DNG] ..forensics on systemd or journald logs, was: rc.local removed from Debian 9, rly?

2017-11-22 Thread Didier Kryn
Le 22/11/2017 à 16:46, Arnt Gulbrandsen a écrit : Didier Kryn writes:     Well, postgress is a database manager. You have a choice of several others; they must be able to deal with high fluxes of data. None of them is a critical system component. WTF? Postgres is a critical system component

Re: [DNG] ..forensics on systemd or journald logs, was: rc.local removed from Debian 9, rly?

2017-11-22 Thread Arnt Gulbrandsen
Didier Kryn writes: Well, postgress is a database manager. You have a choice of several others; they must be able to deal with high fluxes of data. None of them is a critical system component. WTF? Postgres is a critical system component of every single server where I've ever installed

Re: [DNG] ..forensics on systemd or journald logs, was: rc.local removed from Debian 9, rly?

2017-11-22 Thread Didier Kryn
Le 22/11/2017 à 13:58, Arnt Gulbrandsen a écrit : If you really want to look at the details in postgres, you can take a good guess at whether two rows were inserted at the same time or one later than the other.     Well, postgress is a database manager. You have a choice of several others;

Re: [DNG] ..forensics on systemd or journald logs, was: rc.local removed from Debian 9, rly?

2017-11-22 Thread Clarke Sideroad
On 2017-11-22 09:46 AM, Arnt Gulbrandsen wrote: Aldemir Akpinar writes: No, I've actually asked an honest question. In that case you'll get my honest answer. I've implemented several file/network formats vaguely like that journal format, one of them has likely been used by millions of

Re: [DNG] ..forensics on systemd or journald logs, was: rc.local removed from Debian 9, rly?

2017-11-22 Thread Arnt Gulbrandsen
Aldemir Akpinar writes: No, I've actually asked an honest question. In that case you'll get my honest answer. I've implemented several file/network formats vaguely like that journal format, one of them has likely been used by millions of people. In each case, the team decided to use a

Re: [DNG] ..forensics on systemd or journald logs, was: rc.local removed from Debian 9, rly?

2017-11-22 Thread John Hughes
On 22/11/17 15:08, Aldemir Akpinar wrote: On 22 November 2017 at 17:03, John Hughes > wrote: On 22/11/17 14:18, Aldemir Akpinar wrote: Could you elaborate why are you comparing a relational database system where its files must be

Re: [DNG] ..forensics on systemd or journald logs, was: rc.local removed from Debian 9, rly?

2017-11-22 Thread Dave Turner
On 22/11/17 14:22, Arnt Gulbrandsen wrote: Aldemir Akpinar writes: Could you elaborate why are you comparing a relational database system where its files must be binary with a logging system where its files doesn't need to binary? You make it sound is if binary files were some sort of horror

Re: [DNG] ..forensics on systemd or journald logs, was: rc.local removed from Debian 9, rly?

2017-11-22 Thread Aldemir Akpinar
On 22 November 2017 at 17:22, Arnt Gulbrandsen wrote: > Aldemir Akpinar writes: > >> Could you elaborate why are you comparing a relational database system >> where its files must be binary with a logging system where its files >> doesn't need to binary? >> > > You make

Re: [DNG] ..forensics on systemd or journald logs, was: rc.local removed from Debian 9, rly?

2017-11-22 Thread Arnt Gulbrandsen
Aldemir Akpinar writes: Could you elaborate why are you comparing a relational database system where its files must be binary with a logging system where its files doesn't need to binary? You make it sound is if binary files were some sort of horror that requires special justification.

Re: [DNG] ..forensics on systemd or journald logs, was: rc.local removed from Debian 9, rly?

2017-11-22 Thread Aldemir Akpinar
On 22 November 2017 at 17:03, John Hughes wrote: > On 22/11/17 14:18, Aldemir Akpinar wrote: > > > That's routine. Few readers read everything that can be read. For example, >> look at postgres. Its binary file format reveals quite a bit more than you >> can get using psql,

Re: [DNG] ..forensics on systemd or journald logs, was: rc.local removed from Debian 9, rly?

2017-11-22 Thread John Hughes
On 22/11/17 14:18, Aldemir Akpinar wrote: That's routine. Few readers read everything that can be read. For example, look at postgres. Its binary file format reveals quite a bit more than you can get using psql, and by design: The writer and binary format are intended for

Re: [DNG] ..forensics on systemd or journald logs, was: rc.local removed from Debian 9, rly?

2017-11-22 Thread Aldemir Akpinar
> That's routine. Few readers read everything that can be read. For example, > look at postgres. Its binary file format reveals quite a bit more than you > can get using psql, and by design: The writer and binary format are > intended for storing things quickly and reliably, and the reader for >

Re: [DNG] ..forensics on systemd or journald logs, was: rc.local removed from Debian 9, rly?

2017-11-22 Thread Arnt Gulbrandsen
Arnt Karlsen writes: you appear to suggest that law enforcement wanting to read systemd journal logs, _should_ depend on the mercy of systemd developers not "filtering" away inconvenient evidence of e.g. systemd developer wrongdoing from said law enforcement. That's routine. Few readers read