[Imc-tech] Re: logging

David Young dyoung at onthejob.net
Wed May 9 13:58:31 CDT 2001 

To make sure logs cannot be undeleted, you can write them over with
zeros before you delete them. Use dd if=/dev/zero of=<log filename here>
bs=1024 count=<size of log file in kilobytes> .

Maybe this is just a legend, but I've heard that under certain
circumstances, a determined investigator can read over-written files by
disassembling the drive and analyzing the magnetic charge of regions
between consecutive cylinders. This works because the influence of
hard disk drive's write head spreads out from the center of the track.
I hear that is even possible to read files over-written twice or more.
If all this is true, the only way to truly destroy your data is to wreck
the magnetic charge across the whole platter. The easiest, most sure-fire
way to do that is probably to heat the entire disk above some very
high temperature for a certain amount of time, which will randomize its
content, I think.  (Maybe you can do this in your oven at home?) But maybe
you can just write and re-write over and over again to destroy any trace.

If you're concerned for people's privacy, you could append some secret
to IP addresses and other identifying informations before hashing them
with MD5, converting to hexadecimal strings, and writing them back to the
log. That way certain statistics are easily computed but identification
becomes very challenging. The secret and the mapping from hash to IP
address are probably important to keep, just in case, but they need
never be written to the hard drive; you can probably write them to a
floppy disk or even print them out and send them home with someone at
the close of every business day. You can get so complicated with these
privacy measures that it's silly.

Dave

On Wed, May 09, 2001 at 12:13:47PM -0500, Daniel S. Lewart wrote:
> Zach, et al,
> 
> > stefani banerian of global tech says:
> > > in addition to the seattle IMC that has been served with a court order,
> > > another IMC, which uses a different server, ahs also been served - in a
> > > different case.
> > > the suggestion, or rather, the consideration,  of sysadmins, for the
> > > time being at the very least, is not to log IP addresses (e.g. web
> > > server logs).  that is a matter for your own choosing.
> 
> > Rather than make this decision myself I'd like for the tech focus
> > group and/or the steering group to tell me whether or not to log IPs.
> 
> > benefits of not logging: xref seattle and the above note.
> > benefits to logging: we can get rough statistics on where people are
> > ...
> 
> We could run a (daily?) cron job to crunch the logs (with analog or
> webalizer?) to get summary information and then delete the logs.
> Technically, how can we make sure deleted files cannot be undeleted?
> 
> Cheers,
> Dan
> 
> _______________________________________________
> Imc-tech mailing list
> Imc-tech at urbana.indymedia.org
> http://lists.groogroo.com/cgi-bin/listinfo/imc-tech

-- 
David Young                   On the Job Consulting
dyoung at onthejob.net     Urbana, IL * (217) 278-3933

More information about the Imc-tech mailing list