Hi Eric, I as well as many others on this list have either worked as security administrators/ and/or designers in the aspect of systems that you have brought up here. Are you aware of the firewalls mailing list, it could be a HUGE resource in terms of these questions. As to the Logs... well the logfile name could be linked to /dev/null :) that would eliminate the logging problem... Another annoying tracking log is the syslog daemon. Mail connects are logged in their syslog using Sun sendmail and the standard syslog.conf. syslog.conf changes are needed to eliminate this misfeature... cheers kelly p.s. ignore that rather uninformed person who complained you were making yourself look illiterate... most of the folks on this list unless they actually do it for a living(such as moi) ARE quite illiterate about matters such as DNS/Mail logging and TCP/UDP/ICMP/IP logging and/or trusted systems etc. Thats part of what this forum is about for each of us to educate the rest of the list so that privacy issues get FULL spectrum coverage. Please do keep bringing these issues to the forefront... some of do appreciate it. I and others will be happy to discuss the technical details of various tracking and auditing. In-Reply-To: Peter Shipley's message of Fri, 11 Jun 1993 09:51:13 -0700 <9306111651.AA14556@edev0.TFS> Subject: MAIL: logging that happens on soda Re: sendmail logs >Eric, most of us know this stuff you are making yourself look very >unix illiterate. I have opened my mouth and removed all doubt. I _am_ mostly illiterate in the details of Unix; this is one system administration detail I did not know. I have known for a long time that these logs were in principle easy for administration to keep, but I did not know that they were an entirely standard feature. I raise this because it affects perceived remailer security and I have not once heard these specific logs brought up, on the list or in person. Eric
This is not an official NASA document. Hi. If you saw what I do for a living sometime, you'd probably consider me a jackbooted facist of the highest order. I implement logging systems, help build firewalls, implement security software and teach people how to build secure systems. Luckily, this isn't my job at NASA -- I'm not a *government* facist brown-shirt.
Another annoying tracking log is the syslog daemon.
Annoying if you want to be secure. If you're going to send messages through one of 'my' systems, I'm going to track and log them. Period. Don't like it? Route through something else. This list is being run from a UC-system owned computer. It's not in somebody's closet hooked to a phone line. If UC wants to log email, that's just fine.
syslog.conf changes are needed to eliminate this misfeature...
A misfeature that helps me keep people from using 'my' machines unless I let them.
forum is about for each of us to educate the rest of the list so that privacy issues get FULL spectrum coverage.
I thought this list was here to discuss cryptography, not system security or firewalls. :-) If you don't control the system, consider it insecure and all of your informational transfer monitored, logged, and analyzed. -- J. Eric Townsend jet@nas.nasa.gov 415.604.4311| personal email goes to: CM-5 Administrator, Parallel Systems Support | jet@well.sf.ca.us NASA Ames Numerical Aerodynamic Simulation |--------------------------- PGP2.2 public key available upon request or finger jet@simeon.nas.nasa.gov
According to Kelly Goen:
Hi Eric, I as well as many others on this list have either worked as security administrators/ and/or designers in the aspect of systems that you have brought up here.
Are you aware of the firewalls mailing list, it could be a HUGE resource in terms of these questions. As to the Logs...
I, for one, am not aware of this mailing list. Could you post info? Thanx. +-----------------------+-----------------------------+---------+ | J. Michael Diehl ;-) | I thought I was wrong once. | PGP KEY | | mdiehl@triton.unm.edu | But, I was mistaken. |available| | mike.diehl@fido.org | | Ask Me! | | (505) 299-2282 +-----------------------------+---------+ | | +------"I'm just looking for the opportunity to be -------------+ | Politically Incorrect!" <Me> | +-----If codes are outlawed, only criminals wil have codes.-----+ +----Is Big Brother in your phone? If you don't know, ask me---+
On Fri, 11 Jun 93 16:16:49 -0700, jet@nas.nasa.gov (J. Eric Townsend) said:
jet> This list is being run from a UC-system owned computer. It's not in jet> somebody's closet hooked to a phone line. If UC wants to log email, jet> that's just fine. If you're referring to the cypherpunks list, it should be pointed out that toad.com is not a UC system. It is in fact a system in sombody's closet, hooked to a phone line. That is, unless John Gilmore has taken hoptoad out of his bedroom closet since I saw it last... -eric messick (eric@toad.com)
eric@Synopsys.COM writes:
If you're referring to the cypherpunks list, it should be pointed out that toad.com is not a UC system. It is in fact a system in sombody's
I'm a big idiot. I just have a 'cypher' alias, and I forgot what it pointed to. Still, the person with the machine 'in their closet' has the right to keep records. :-)
eric@Synopsys.COM wrote:
If you're referring to the cypherpunks list, it should be pointed out that toad.com is not a UC system. It is in fact a system in sombody's closet, hooked to a phone line. That is, unless John Gilmore has taken hoptoad out of his bedroom closet since I saw it last...
Wrong room of the house and wiring, but right concept. Tim -- Internet: pozar@kumr.lns.com FidoNet: Tim Pozar @ 1:125/555 Snail: Tim Pozar / KKSF / 77 Maiden Lane / San Francisco CA 94108 / USA POTS: +1 415 788 2022 Radio: KC6GNJ / KAE6247
participants (5)
-
eric@Synopsys.COM -
J. Michael Diehl -
jet@nas.nasa.gov -
Kelly Goen -
pozar@kumr.lns.com