Slashdot Mirror

← Back to Stories (view on slashdot.org)

EFF's Logfinder

Posted by CmdrTaco on from the watching-the-watchers dept.

clonebarkins writes "EFF has just released a new software tool called "logfinder" to help server admins find (and delete) unnecessary log files on their boxen. "By finding unwanted log files, logfinder informs system administrators when their servers are collecting personal data and gives them the opportunity to turn logging off if it isn't gathering information necessary for administering the system.""

11 of 169 comments (clear)

  1. I just made one, too by Anonymous Coward · · Score: 4, Funny

    locate log

  2. Can't subpeona what doesn't exist? by PornMaster · · Score: 5, Insightful

    Is the point of this that law enforcement can't subpoena records that don't exist?

    --
    500GB of disk, 5TB of transfer, $5.95/mo
    1. Re:Can't subpeona what doesn't exist? by sporktoast · · Score: 4, Insightful

      If an admin is just using this tool to destroy potentially incriminating logs, then they are using it poorly. Like trying to pound a screw in with a hammer.

      The use this has for an admin is to survey (or for the less experienced admin, to discover) what logs the system is currently, so that the admin can decide as a policy which logs should be active or not, and with what level of detail. The itch this tool scratches is that many systems as a default keep more logs than perhaps are necessary. A good admin will shut off whatever is deemed unnecessary, based on multiple criteria (security, system load, user/company privacy).

      Forbidding the use of log destruction tools (rm?) is moot. Destroying evidence is illegal. Now, laws (or court orders) mandating a level of logging are a completely different matter.

      --
      In a related story, the IRS has recently ruled that the cost of Windows upgrades can NOT be deducted as a gambling loss.
  3. I appreciate the effort but... by garcia · · Score: 4, Insightful

    I would seriously hope that:

    a) the sysadmins are competent enough to handle this themselves. I would think that a sysadmin would know how to use some sort of local file search.

    b) the EFF understands that it's not always up to the sysadmins to determine the amount of time to keep logs that might be used against an individual.

    1. Re:I appreciate the effort but... by EnronHaliburton2004 · · Score: 4, Informative

      Admittedly NT logfiles are slightly more organised than *nix logfiles. Most will at least be under c:\Windows\system rather than spread over /etc /var /usr /root /usr/X11 and even (I kid you not) /bin. The rather haphazard way different programs save their files about *nix systems can be a headache sometimes. It would be nice if someone would standardise the process.

      I don't think you understand *nix logging, or you've been working with poorly-designed systems.

      Locations for log files has been pretty well standardized by Posix and the LSB. Logs generally go in /var/log (or /var/adm on older systems), or in $APPLICATION_ROOT/log. A sysadmin might write a log to /var or /root, but those are temporary logs.

      Logfiles which end up in /etc, /bin, /usr or /usr/X11 is the result of poor or very old configuration.

      Now, compare this to a Windows 2003 Server running Exchange 2003, where the log files in c:\windows c:\Windows\system c:\Windows\system\Logfiles c:\Windows\system\security
      C:\Program Files\Exchsrvr\ C:\Program Files\Exchsrvr\MDBDATA C:\Program Files\Exchsrvr\mtdata . Many of the logfiles are not viewable with a text viewer. Some of the log files really aren't "Log files", but are "Transaction Logs", which is a different thing in my book.

      Some of this makes sense, some of this does not. But I'm not a windows admin, and I didn't design this network here, so maybe this is the result of a poor configuration.

      --
      94% of Repubs and 21% of Dems voted to renew the Patriot Act
  4. Oh, yeah by Otter · · Score: 4, Funny

    God forbid professional sysadmins should be expected to understand how their services are configured and what files are being written. If I were a user on one of their systems, sendmail log files would be the least of my concern.

    --
    What I'm listening to now on Pandora...
  5. "Boxen" by m_member · · Score: 5, Funny

    Can I have a tool to locate and delete people who use the word 'boxen'? GPL preferably.

  6. Just as an example... by PartialInfinity · · Score: 4, Insightful

    This is just EFF's way of reminding sysadmins to be vigilent about their log files, it's not meant to replace good administration habits.

  7. interesting... by Spider[DAC] · · Score: 5, Informative

    Actually, it uses lsof and a few other niceties to locate open files that change over time, then scans them for presence of time/date stamps, mailaddress or other "log" activity.

    So, no, its not just "locate log" that somone suggested, nor is it "find /var/log" either, but a bit more complex.

    As for the comment about competent site-admin. This is a bit more than that too, its also about users and active software, peoples IRC logs, various ftp clients that clobber up and log passwords along with everything else in their config dir. And so on and so forth.

    --
    I didn't do this, now did I?
  8. Re:Thanks EFF! by innerweb · · Score: 5, Insightful
    As is always, that which helps to protect the innocent can be used to protect the *evil*. The problem is the innocent do not know what is being done, and the *evil* are studying and learning to use and abuse. Nothing new there.

    InnerWeb

    --
    Freud might say that Intelligent Design is religion's ID.
  9. Re:neat by e2d2 · · Score: 4, Funny

    Any tool could probably be used for evil. For instance I have a calendar on my wall. If I took it down and rolled it up, I could probably beat you half way to death with enough strong blows.