LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 05-30-2014, 09:49 AM   #1
Rooting
LQ Newbie
 
Registered: May 2014
Posts: 8

Rep: Reputation: Disabled
What does Linux "Track"?


All of the operating systems I have worked with in the past (except DOS, CPM and maybe Windows 3.1) keep track of what the user does.

Does Linux track files opened, devices attached, web sites visited, login times and dates, programs run, etc?

I realize that some programs may have their own custom ways to keep track of what they have done, but does the operating system have tracking of what the user does?

Thanks.
 
Old 05-30-2014, 10:23 AM   #2
MensaWater
LQ Guru
 
Registered: May 2005
Location: Atlanta Georgia USA
Distribution: Redhat (RHEL), CentOS, Fedora, Debian, FreeBSD, HP-UX, Solaris, SCO
Posts: 6,580
Blog Entries: 14

Rep: Reputation: 969Reputation: 969Reputation: 969Reputation: 969Reputation: 969Reputation: 969Reputation: 969Reputation: 969
You can track everything you want. Just do a web search for "Linux auditing" and "Linux accounting".

By default various things are tracked in various places but the level of detail you're talking about would enable turning on full accounting and you need to insure you have space to keep all the logs for that.

You can use the "last" command to see logins.

You review files in /var/log to see various things. (e.g. /var/log/secure will show when users switch users).

I wonder what OS you've worked on that "tracks everything" by default as I've not worked on any though almost all have ways that one can.
 
Old 05-30-2014, 06:59 PM   #3
Rooting
LQ Newbie
 
Registered: May 2014
Posts: 8

Original Poster
Rep: Reputation: Disabled
Quote:
Originally Posted by MensaWater View Post
You can track everything you want. Just do a web search for "Linux auditing" and "Linux accounting".

...

I wonder what OS you've worked on that "tracks everything" by default as I've not worked on any though almost all have ways that one can.
I was wondering if I could make Linux "forget" things, like when I open "Snowden.txt", I would rather not have Linux remember that.

The OS I was referring to was Windows. Last opened, recent file list, programs run and when, last login, and the lists are kept in a variety of places, like the directory "Recent" the registry, and the files themselves which are edited to include the last date opened. It even remembers the devices I have previously connected to my computer. In fact, I can't think of anything I did in Windows that wasn't logged somewhere for some indefinite period of time.

It can be convenient, but not necessary, and it's like having the NSA know when you go to the bathroom. Probably not important, but, then...
 
Old 05-30-2014, 09:35 PM   #4
frankbell
LQ Guru
 
Registered: Jan 2006
Location: Virginia, USA
Distribution: Slackware, Debian, Mint, OpenBSD
Posts: 11,361
Blog Entries: 12

Rep: Reputation: 2751Reputation: 2751Reputation: 2751Reputation: 2751Reputation: 2751Reputation: 2751Reputation: 2751Reputation: 2751Reputation: 2751Reputation: 2751Reputation: 2751
These look like pretty good articles on the contents and reading of Linux log files:

http://www.thegeekstuff.com/2011/08/...var-log-files/

http://www.nixtutor.com/linux/gettin...th-linux-logs/
 
Old 05-30-2014, 11:05 PM   #5
descendant_command
Senior Member
 
Registered: Mar 2012
Posts: 1,385

Rep: Reputation: 354Reputation: 354Reputation: 354Reputation: 354
Or use a live session for "those" purposes - then it all goes away when you reboot.
 
Old 05-31-2014, 08:57 AM   #6
Shadow_7
Senior Member
 
Registered: Feb 2003
Distribution: debian
Posts: 2,330
Blog Entries: 1

Rep: Reputation: 449Reputation: 449Reputation: 449Reputation: 449Reputation: 449
optical media and read only filesystems can keep linux from tracking things persistently.

By default, /var/log/ has stuff like boot info and logins. The ~/.bash_history has commands entered from the command line. The usual browser cache files. There's encrypted filesystems to prevent others from gaining access to your track'd data. And running linux from RAM can help since RAM loses it's data after twenty-ish minutes of having no power.
 
Old 05-31-2014, 04:08 PM   #7
lleb
Senior Member
 
Registered: Dec 2005
Location: Florida
Distribution: CentOS/Fedora
Posts: 2,630

Rep: Reputation: 495Reputation: 495Reputation: 495Reputation: 495Reputation: 495
https://tails.boum.org/

http://www.livecdlist.com/purpose/security

id look into those 2 links. specifically tails as it is built from the ground up for exactly what you are looking for.
 
Old 06-01-2014, 10:40 AM   #8
maples
Member
 
Registered: Oct 2013
Location: IN, USA
Distribution: Arch, Debian Jessie
Posts: 810

Rep: Reputation: 264Reputation: 264Reputation: 264
Quote:
Originally Posted by Shadow_7 View Post
optical media and read only filesystems can keep linux from tracking things persistently.

By default, /var/log/ has stuff like boot info and logins. The ~/.bash_history has commands entered from the command line. The usual browser cache files. There's encrypted filesystems to prevent others from gaining access to your track'd data. And running linux from RAM can help since RAM loses it's data after twenty-ish minutes of having no power.
20 mins? I thought everything was gone within a few seconds of the power cutoff from the PSU?
 
Old 06-01-2014, 05:52 PM   #9
Shadow_7
Senior Member
 
Registered: Feb 2003
Distribution: debian
Posts: 2,330
Blog Entries: 1

Rep: Reputation: 449Reputation: 449Reputation: 449Reputation: 449Reputation: 449
At the end of the day RAM is just an electromagnet and magnets tend to keep their state, even electro magnets. The longer they've had the state, the more likely they are to retain it. Like keeping a paper clip attached to a magnet in a drawer. Remove the paper clip after a period of time and it's a paper clip with magnetic properties.

Researchers at princeton seem to think that you can freeze RAM with a can of compressed air and move it to another machine with at least some of the information on it still intact. With minutes to spare. And that the contents of RAM survives a cold reboot. Perhaps not 20-ish minutes without employing some physics (freezing) techniques. But it's been proven to not be as volatile as most believe.
 
Old 06-01-2014, 05:56 PM   #10
maples
Member
 
Registered: Oct 2013
Location: IN, USA
Distribution: Arch, Debian Jessie
Posts: 810

Rep: Reputation: 264Reputation: 264Reputation: 264
Really? So if the power flickers, and the PSU cuts out for about a half a second, then immediately comes back, would it be possible for the computer to resume right where it left off?
 
Old 06-01-2014, 06:21 PM   #11
astrogeek
Moderator
 
Registered: Oct 2008
Distribution: Slackware [64]-X.{0|1|2|37|-current} ::12<=X<=14, FreeBSD_10{.0|.1|.2}
Posts: 3,887
Blog Entries: 1

Rep: Reputation: 2007Reputation: 2007Reputation: 2007Reputation: 2007Reputation: 2007Reputation: 2007Reputation: 2007Reputation: 2007Reputation: 2007Reputation: 2007Reputation: 2007
Quote:
Originally Posted by maples View Post
Really? So if the power flickers, and the PSU cuts out for about a half a second, then immediately comes back, would it be possible for the computer to resume right where it left off?
That is actually a different question.

The contents of RAM may be retained, but for the "computer" to resume it would be necessary for the whole state of the machine to be retained, and that is generally not so.
 
Old 06-01-2014, 06:29 PM   #12
lleb
Senior Member
 
Registered: Dec 2005
Location: Florida
Distribution: CentOS/Fedora
Posts: 2,630

Rep: Reputation: 495Reputation: 495Reputation: 495Reputation: 495Reputation: 495
http://www.zdnet.com/blog/security/c...on-methods/900

there is a good writeup about what he is talking about. A few things that can be done to help get around this issue is to reboot the system a few times into the native OS, thus replacing the data from your LiveOS with the native OS's data. RAM once written over can not be recovered unlike a physical platter spinning disk that can be disassembled and data retrieved.
 
Old 06-01-2014, 06:33 PM   #13
astrogeek
Moderator
 
Registered: Oct 2008
Distribution: Slackware [64]-X.{0|1|2|37|-current} ::12<=X<=14, FreeBSD_10{.0|.1|.2}
Posts: 3,887
Blog Entries: 1

Rep: Reputation: 2007Reputation: 2007Reputation: 2007Reputation: 2007Reputation: 2007Reputation: 2007Reputation: 2007Reputation: 2007Reputation: 2007Reputation: 2007Reputation: 2007
If paranoid about it, keep a memtest bootable media handy, boot and run it after your session. That will quickly write random patterns to all the RAM.
 
Old 06-01-2014, 07:30 PM   #14
maples
Member
 
Registered: Oct 2013
Location: IN, USA
Distribution: Arch, Debian Jessie
Posts: 810

Rep: Reputation: 264Reputation: 264Reputation: 264
Yeah, I figured that the BIOS would end up overwriting it or something...
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
keeping track of directory being checked by "inotify -r" petemac117 Linux - Newbie 1 04-17-2014 01:10 PM
LXer: Mozilla's "Do Not Track" header gaining support LXer Syndicated Linux News 1 04-02-2011 01:31 PM
LXer: "Do not track" - Mozilla advocates new data protection standard LXer Syndicated Linux News 3 01-25-2011 01:19 PM
"written data in track 1 differs from original" - K3B... CD seems to be working fine. pr_deltoid Linux - Software 3 06-28-2010 01:32 PM
LXer: "Official" appeal from the South African national Body regarding the fast track LXer Syndicated Linux News 0 05-25-2008 05:30 PM


All times are GMT -5. The time now is 04:45 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration