Re: [DNG] ..forensics on systemd or journald logs

On 22/11/17 17:35, Arnt Karlsen wrote: ..to reiterate: Is there a way to decode and read those binary systemd journal logs on classic POSIX/Unix etc forensic systems _not_ running systemd? Of course. Either install a tool that does it for you, i.e. journalctl, or write a tool to do it using

Re: [DNG] ifconfig deprecated?

On Wed, Nov 22, 2017 at 09:25:18PM -0500, taii...@gmx.com wrote: > What is so much better about the ifconfig replacement ip? Why should I learn > how to use yet another tool that has no tangible benefit but is being > foisted on me? Because ifconfig is broken. It works only in simplest cases,

Re: [DNG] ifconfig deprecated?

Quoting taii...@gmx.com (taii...@gmx.com): > What is so much better about the ifconfig replacement ip? One, iproute2 is maintained. net-tools isn't. Unmaintained key system tools are a security and reliability risk that can IMO not be justified by merely not wanting to move on. IIRC,

Re: [DNG] ifconfig deprecated?

What is so much better about the ifconfig replacement ip? Why should I learn how to use yet another tool that has no tangible benefit but is being foisted on me? Would I be correct in guessing it is made by red-hat? ___ Dng mailing list

Re: [DNG] rc.local removed from Debian 9, rly?

Quoting Steve Litt (sl...@troubleshooters.com): > Acronym for Apologist Troll. HANDY! (Acronym for 'Have A Nice Day, Y'all.') ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] ..forensics on systemd or journald logs

On Wed, 22 Nov 2017 12:58:10 +, Arnt wrote in message <6ff3d9c1-e23c-4b0e-af51-5f8db1425...@gulbrandsen.priv.no>: > Arnt Karlsen writes: > > you appear to suggest that law enforcement wanting to read systemd > > journal logs, _should_ depend on the mercy of systemd developers > > not

Re: [DNG] rc.local removed from Debian 9, rly?

On Wed, 22 Nov 2017 14:44:57 -0500, Steve wrote in message <20171122144457.02549...@mydesk.domain.cxm>: > On Wed, 22 Nov 2017 13:03:45 +0100 > Arnt Karlsen wrote: > > > On Wed, 22 Nov 2017 02:28:45 -0500, Steve wrote in message > > <20171122022845.1327c...@mydesk.domain.cxm>:

Re: [DNG] rc.local removed from Debian 9, rly?

On Wed, 22 Nov 2017 13:02:37 +0100, John wrote in message <0788acc2-15f4-491f-61bf-d28664664...@atlantech.com>: > On 22/11/17 12:32, KatolaZ wrote: > > On Wed, Nov 22, 2017 at 12:24:28PM +0100, John Hughes wrote: > >> > >> I was amazed that KatolaZ couldn't imagine any way of reading text > >>

[DNG] BookStack on Devuan 1.0.0 (Jessie)

For any that may be interested, I just submitted a pull request for an install script for BookStack on Devuan 1.0.0. Whether or not they accept it is another story, but you can clone my repo here: https://github.com/obeardly/devops.git or just grab the file here:

Re: [DNG] ..forensics on systemd or journald logs, was: rc.local removed from Debian 9, rly?

Le 22/11/2017 à 16:46, Arnt Gulbrandsen a écrit : Didier Kryn writes:     Well, postgress is a database manager. You have a choice of several others; they must be able to deal with high fluxes of data. None of them is a critical system component. WTF? Postgres is a critical system component

Re: [DNG] rc.local removed from Debian 9, rly?

On Wed, 22 Nov 2017 13:03:45 +0100 Arnt Karlsen wrote: > On Wed, 22 Nov 2017 02:28:45 -0500, Steve wrote in message > <20171122022845.1327c...@mydesk.domain.cxm>: > > > On Wed, 22 Nov 2017 02:59:11 +0100 > > Arnt Karlsen wrote: > > > > > On Tue, 21 Nov

Re: [DNG] rc.local removed from Debian 9, rly?

Quoting Arnt Karlsen (a...@iaksess.no): > On Wed, 22 Nov 2017 02:28:45 -0500, Steve wrote in message > <20171122022845.1327c...@mydesk.domain.cxm>: > > A T > > ..er, I _totally_ lost you here. A vådeskudd? ("An > unintended discharge?", may happen if the wrong xterm > has keyboard focus

Re: [DNG] ..forensics on systemd or journald logs, was: rc.local removed from Debian 9, rly?

Didier Kryn writes: Well, postgress is a database manager. You have a choice of several others; they must be able to deal with high fluxes of data. None of them is a critical system component. WTF? Postgres is a critical system component of every single server where I've ever installed

Re: [DNG] ..forensics on systemd or journald logs, was: rc.local removed from Debian 9, rly?

Le 22/11/2017 à 13:58, Arnt Gulbrandsen a écrit : If you really want to look at the details in postgres, you can take a good guess at whether two rows were inserted at the same time or one later than the other.     Well, postgress is a database manager. You have a choice of several others;

Re: [DNG] ..forensics on systemd or journald logs, was: rc.local removed from Debian 9, rly?

On 2017-11-22 09:46 AM, Arnt Gulbrandsen wrote: Aldemir Akpinar writes: No, I've actually asked an honest question. In that case you'll get my honest answer. I've implemented several file/network formats vaguely like that journal format, one of them has likely been used by millions of

Re: [DNG] ..forensics on systemd or journald logs, was: rc.local removed from Debian 9, rly?

Aldemir Akpinar writes: No, I've actually asked an honest question. In that case you'll get my honest answer. I've implemented several file/network formats vaguely like that journal format, one of them has likely been used by millions of people. In each case, the team decided to use a

Re: [DNG] ..forensics on systemd or journald logs, was: rc.local removed from Debian 9, rly?

On 22/11/17 15:08, Aldemir Akpinar wrote: On 22 November 2017 at 17:03, John Hughes > wrote: On 22/11/17 14:18, Aldemir Akpinar wrote: Could you elaborate why are you comparing a relational database system where its files must be

Re: [DNG] ifconfig deprecated?

Adam Borowski - 22.11.17, 11:06: > On Wed, Nov 22, 2017 at 10:45:12AM +0100, Martin Steigerwald wrote: > > For that I do not know a ip command out of the box. But > > > > merkaba:~> netstat -i > > Kernel-Schnittstellentabelle > > Iface MTURX-OK RX-ERR RX-DRP RX-OVRTX-OK TX-ERR TX-DRP

[DNG] OT (..but relevant): reboot command on debian 8 no longer works

Just a heads up. Maybe this is old news to everyone but I run some Proxmox hosts which are based off Debian 8 (I believe) and we've had random problems with the reboot command hanging the system for a good 6 months now. Seems the simple 'reboot' command has been rendered useless.

Re: [DNG] ..forensics on systemd or journald logs, was: rc.local removed from Debian 9, rly?

On 22/11/17 14:22, Arnt Gulbrandsen wrote: Aldemir Akpinar writes: Could you elaborate why are you comparing a relational database system where its files must be binary with a logging system where its files doesn't need to binary? You make it sound is if binary files were some sort of horror

Re: [DNG] ..forensics on systemd or journald logs, was: rc.local removed from Debian 9, rly?

On 22 November 2017 at 17:22, Arnt Gulbrandsen wrote: > Aldemir Akpinar writes: > >> Could you elaborate why are you comparing a relational database system >> where its files must be binary with a logging system where its files >> doesn't need to binary? >> > > You make

Re: [DNG] ..forensics on systemd or journald logs, was: rc.local removed from Debian 9, rly?

Aldemir Akpinar writes: Could you elaborate why are you comparing a relational database system where its files must be binary with a logging system where its files doesn't need to binary? You make it sound is if binary files were some sort of horror that requires special justification.

Re: [DNG] ..forensics on systemd or journald logs, was: rc.local removed from Debian 9, rly?

On 22 November 2017 at 17:03, John Hughes wrote: > On 22/11/17 14:18, Aldemir Akpinar wrote: > > > That's routine. Few readers read everything that can be read. For example, >> look at postgres. Its binary file format reveals quite a bit more than you >> can get using psql,

Re: [DNG] ..forensics on systemd or journald logs, was: rc.local removed from Debian 9, rly?

On 22/11/17 14:18, Aldemir Akpinar wrote: That's routine. Few readers read everything that can be read. For example, look at postgres. Its binary file format reveals quite a bit more than you can get using psql, and by design: The writer and binary format are intended for

Re: [DNG] ..forensics on systemd or journald logs, was: rc.local removed from Debian 9, rly?

> That's routine. Few readers read everything that can be read. For example, > look at postgres. Its binary file format reveals quite a bit more than you > can get using psql, and by design: The writer and binary format are > intended for storing things quickly and reliably, and the reader for >

Re: [DNG] ..forensics on systemd or journald logs, was: rc.local removed from Debian 9, rly?

Arnt Karlsen writes: you appear to suggest that law enforcement wanting to read systemd journal logs, _should_ depend on the mercy of systemd developers not "filtering" away inconvenient evidence of e.g. systemd developer wrongdoing from said law enforcement. That's routine. Few readers read

Re: [DNG] rc.local removed from Debian 9, rly?

On Wed, Nov 22, 2017 at 07:50:44PM +0900, Olaf Meeuwissen wrote: > > Whether /etc/rc.local will be run (and on what run levels) is, IMHO, a > matter for *your* init system to decide. If your init system wants to > cater to a decades long tradition of running /etc/rc.local at system > startup, it

Re: [DNG] rc.local removed from Debian 9, rly?

On Wed, 22 Nov 2017 02:28:45 -0500, Steve wrote in message <20171122022845.1327c...@mydesk.domain.cxm>: > On Wed, 22 Nov 2017 02:59:11 +0100 > Arnt Karlsen wrote: > > > On Tue, 21 Nov 2017 18:21:14 +0100, John wrote in message > >

[DNG] ..forensics on systemd or journald logs, was: rc.local removed from Debian 9, rly?

On Wed, 22 Nov 2017 07:19:20 +0100, John wrote in message : > On 22/11/17 02:59, Arnt Karlsen wrote: > > On Tue, 21 Nov 2017 18:21:14 +0100, John wrote in message > > : > > > >> (Damn but

Re: [DNG] rc.local removed from Debian 9, rly?

On 22/11/17 12:32, KatolaZ wrote: On Wed, Nov 22, 2017 at 12:24:28PM +0100, John Hughes wrote: I was amazed that KatolaZ couldn't imagine any way of reading text from a file without a special application, doesn't he have strings(1) on his "forensic system"? As for journalctl, you forget to

Re: [DNG] rc.local removed from Debian 9, rly?

Hi all, I've read all the followup until 2017-11-22T10:21Z. I may follow up on selected posts, but I wanted to tackle this first. KatolaZ writes: > On Tue, Nov 21, 2017 at 04:05:47PM +0100, John Hughes wrote: >> On 21/11/17 15:53, KatolaZ wrote: >> >> >What matters is that we need to retain

Re: [DNG] rc.local removed from Debian 9, rly?

On Wed, Nov 22, 2017 at 12:24:28PM +0100, John Hughes wrote: > On 22/11/17 11:42, Jaromil wrote: > >On Wed, 22 Nov 2017, John Hughes wrote: > > > >>No way to do that?  Seriously?  No way at all? > >jeez, is John a troll? > > My little joke about the usefulness of the systemd journal in diagnosing

Re: [DNG] ifconfig deprecated?

Adam Borowski wrote: >> merkaba:~> netstat -i > You want "ip -s a", I'm too lazy to see if you can get just the counters. Or use the contents of /proc/net/dev ___ Dng mailing list Dng@lists.dyne.org

Re: [DNG] rc.local removed from Debian 9, rly?

On 22/11/17 11:42, Jaromil wrote: On Wed, 22 Nov 2017, John Hughes wrote: No way to do that?  Seriously?  No way at all? jeez, is John a troll? My little joke about the usefulness of the systemd journal in diagnosing the /etc/rc.local problem could conceivably be considered trolling.  The

Re: [DNG] rc.local removed from Debian 9, rly?

On Wed, 22 Nov 2017, John Hughes wrote: > > On 22/11/17 06:50, KatolaZ wrote: > > On Wed, Nov 22, 2017 at 02:59:11AM +0100, Arnt Karlsen wrote: > > > > > ..is there a way to decode and read those binary systemd journal logs > > > on classic POSIX/Unix etc forensic systems _not_ running systemd?

Re: [DNG] rc.local removed from Debian 9, rly?

On 22/11/17 08:48, Didier Kryn wrote: Le 22/11/2017 à 07:19, John Hughes a écrit : Is there any way to read a file in format X without a program that reads format X?     The question is why use yet another "proprietary format"? Just to force people to be use systemd for every task they need

Re: [DNG] ifconfig deprecated?

On Wed, Nov 22, 2017 at 10:45:12AM +0100, Martin Steigerwald wrote: > For that I do not know a ip command out of the box. But > > merkaba:~> netstat -i > Kernel-Schnittstellentabelle > Iface MTURX-OK RX-ERR RX-DRP RX-OVRTX-OK TX-ERR TX-DRP TX-OVR Flg > eth0 1500 6190114 0

Re: [DNG] ifconfig deprecated?

Hello Hendrik. Hendrik Boom - 21.11.17, 07:05: > On Tue, Nov 21, 2017 at 05:34:15PM -0500, Steve Litt wrote: > > On Mon, 20 Nov 2017 22:55:36 -0500 > > > > Hendrik Boom wrote: > > > On Tue, Nov 21, 2017 at 05:53:49PM +0100, Jaromil wrote: > > > > nono, as I wrote: that

Re: [DNG] ifconfig deprecated?

Hello Steve. Steve Litt - 21.11.17, 23:34: > On Mon, 20 Nov 2017 22:55:36 -0500 > > Hendrik Boom wrote: > > On Tue, Nov 21, 2017 at 05:53:49PM +0100, Jaromil wrote: > > > nono, as I wrote: that script doesn't works anymore, if ran on a > > > freshly debootstrapped