|
What does Linux "Track"?
All of the operating systems I have worked with in the past (except DOS, CPM and maybe Windows 3.1) keep track of what the user does.
Does Linux track files opened, devices attached, web sites visited, login times and dates, programs run, etc? I realize that some programs may have their own custom ways to keep track of what they have done, but does the operating system have tracking of what the user does? Thanks. |
You can track everything you want. Just do a web search for "Linux auditing" and "Linux accounting".
By default various things are tracked in various places but the level of detail you're talking about would enable turning on full accounting and you need to insure you have space to keep all the logs for that. You can use the "last" command to see logins. You review files in /var/log to see various things. (e.g. /var/log/secure will show when users switch users). I wonder what OS you've worked on that "tracks everything" by default as I've not worked on any though almost all have ways that one can. |
Quote:
The OS I was referring to was Windows. Last opened, recent file list, programs run and when, last login, and the lists are kept in a variety of places, like the directory "Recent" the registry, and the files themselves which are edited to include the last date opened. It even remembers the devices I have previously connected to my computer. In fact, I can't think of anything I did in Windows that wasn't logged somewhere for some indefinite period of time. It can be convenient, but not necessary, and it's like having the NSA know when you go to the bathroom. Probably not important, but, then... |
These look like pretty good articles on the contents and reading of Linux log files:
http://www.thegeekstuff.com/2011/08/...var-log-files/ http://www.nixtutor.com/linux/gettin...th-linux-logs/ |
Or use a live session for "those" purposes - then it all goes away when you reboot.
|
optical media and read only filesystems can keep linux from tracking things persistently.
By default, /var/log/ has stuff like boot info and logins. The ~/.bash_history has commands entered from the command line. The usual browser cache files. There's encrypted filesystems to prevent others from gaining access to your track'd data. And running linux from RAM can help since RAM loses it's data after twenty-ish minutes of having no power. |
https://tails.boum.org/
http://www.livecdlist.com/purpose/security id look into those 2 links. specifically tails as it is built from the ground up for exactly what you are looking for. |
Quote:
|
At the end of the day RAM is just an electromagnet and magnets tend to keep their state, even electro magnets. The longer they've had the state, the more likely they are to retain it. Like keeping a paper clip attached to a magnet in a drawer. Remove the paper clip after a period of time and it's a paper clip with magnetic properties.
Researchers at princeton seem to think that you can freeze RAM with a can of compressed air and move it to another machine with at least some of the information on it still intact. With minutes to spare. And that the contents of RAM survives a cold reboot. Perhaps not 20-ish minutes without employing some physics (freezing) techniques. But it's been proven to not be as volatile as most believe. |
Really? So if the power flickers, and the PSU cuts out for about a half a second, then immediately comes back, would it be possible for the computer to resume right where it left off?
|
Quote:
The contents of RAM may be retained, but for the "computer" to resume it would be necessary for the whole state of the machine to be retained, and that is generally not so. |
http://www.zdnet.com/blog/security/c...on-methods/900
there is a good writeup about what he is talking about. A few things that can be done to help get around this issue is to reboot the system a few times into the native OS, thus replacing the data from your LiveOS with the native OS's data. RAM once written over can not be recovered unlike a physical platter spinning disk that can be disassembled and data retrieved. |
If paranoid about it, keep a memtest bootable media handy, boot and run it after your session. That will quickly write random patterns to all the RAM.
|
Yeah, I figured that the BIOS would end up overwriting it or something...
|
| All times are GMT -5. The time now is 01:45 PM. |