On Thu, 23 Nov 2017 08:20:05 +0100, John wrote in message <25c55d20-a650-5ec7-5943-f2224ba21...@atlantech.com>:
> On 22/11/17 17:35, Arnt Karlsen wrote: > > ..to reiterate: Is there a way to decode and read those binary > > systemd journal logs on classic POSIX/Unix etc forensic systems > > _not_ running systemd? > > Of course. > > Either install a tool that does it for you, i.e. journalctl, ..which leaves in place that "systemd"-filter we wanna avoid... > or write > a tool to do it using the publicly available documentation. ..which assumes that that documentation is truthful etc. ..those 2 ways forward are viable starting points that will help the proper way to deal with suspect code, Samba style re-engineering, which has brought us all e.g. wine, > > ..the "strings" approach suggested by John Hughes requires an > > intimate knowledge of systemd and might be relevant if the > > investigations were on "systemd sabotaging Devuan playing _new_ > > zero-day dirty tricks." > > Intimate knowledge? No, all it requires knowing is that most of the > fields in a systemd journal are ascii keyword=value pairs. ...which we must guess correctly where to find ... > Tell you what, I'll see if I can write a little perl script to output > a systemd journal in a format a little more pretty than strings(1) > for you, give me a day, ok? ..thanks, I'll try it. :o) > > ..so, the systemd crowd should have an interest in e.g. exposing > > "Devuan incompetence and paranoia" by coming up with an easy way > > to decode and read binary systemd journal logs without having to > > run systemd, to prove their case on "Devuan incompetence and > > paranoia on systemd", rather than confirm my current belief. > > incompetence is your word, not mine. Paranoia seems to fit some > people. For example, what do you mean by "_new_ zero-day dirty > tricks" above? ..the bad guys likes to move fast with their best toys, e.g. on Election Day in voting machines. -- ..med vennlig hilsen = with Kind Regards from Arnt Karlsen ...with a number of polar bear hunters in his ancestry... Scenarios always come in sets of three: best case, worst case, and just in case. _______________________________________________ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
