• originalucifer@moist.catsweat.com
    link
    fedilink
    arrow-up
    46
    ·
    9 months ago

    information itself is a liability. best to have a policy of ‘we keep no IPs in logs, so are happy to hand over whatever’… dump data the moment you dont require it

    • Tangent5280@lemmy.world
      link
      fedilink
      English
      arrow-up
      29
      ·
      9 months ago

      yeah, this sounds like a much more sustainable solution. Do it the way signal does it. Collect as little as necessary, and delete it as soon as you dont need it.

    • cmnybo@discuss.tchncs.de
      link
      fedilink
      English
      arrow-up
      10
      arrow-down
      1
      ·
      9 months ago

      Just store what logs you need on a ram drive. The logs will be gone the instant the server shuts down and there is no way to recover them.

      • nevemsenki@lemmy.world
        link
        fedilink
        English
        arrow-up
        8
        ·
        9 months ago

        Downsides include : if any intrusion happens on the server, red team just needs to reboot it to wipe evidence.

        • Perhyte@lemmy.world
          link
          fedilink
          English
          arrow-up
          5
          ·
          edit-2
          9 months ago

          If they have the root access typically needed to reboot a server1 they could also just wipe the logs without rebooting.

          1: GUIs typically have a way to reboot without such privileges, but those are typically not installed on machines just used as servers.