sourCEntral - mobile manpages

pdf

LR_DEANONYMIZE.IN

NAME

lr_deanonymize − restore anonymized data, using a dump as produced by lr_anonymize(1)

SYNOPSIS

lr_deanonymize dumpfilestem

DESCRIPTION

lr_deanonymize is typically used when receiving anonymized reports from a responder. See the section on "Processing The Responder’s Results" in the chapter on "Using A Responder" in the Lire User Manual for usage examples.

lr_deanonymize reads a file containing anonymized emailaddresses, ipnumbers, and hostnames (typically a report, generated from a logfile from an internet service) from stdin, and prints a "deanonymized" version of this file to stdout. It reads its information to do this from a bunch of Berkeley DB ’s, stored in files whose’s names are derived from dumpfilestem, as produced by lr_anonymize(1).

EXAMPLE

A ’logfile’ like e.g.

 blaat fkrf 1.2.3.4.in−addr.arpa] pietje AT bigcompany DOT com bla 1 2 3 lj;agas;gag
 blaat 1.2.3.4 fkrf 3.2.3.4.in−addr.arpa] bla 1 www.hotsex.com 2 3 lj;agas;gag
 jan AT blaat DOT frut DOT com agagag
 blaat fkrf 4.2.3.4.in−addr.arpa] bla pietje AT bigcompany DOT com www.hotsex.com
 234.34.2.0 jan AT blaat DOT frut DOT com 4.2.3.4.in−addr.arpa1 2 3 lj;agas;gag
 blaat fkrf tweede 3.2.3.4.in−addr.arpa] bla 1.2.3.4 1 blablabla.com
 2 mdcc.cx
 3 lj;agas;gag

wil get anonymized to

 blaat fkrf 1.0.0.10.in−addr.arpa] john DOT doe DOT 1 AT example DOT com bla 1 2 3 lj;agas;gag
 blaat 10.0.0.1 fkrf 2.0.0.10.in−addr.arpa] bla 1 1.example.com 2 3 lj;agas;gag
 john DOT doe DOT 2 AT example DOT com agagag
 blaat fkrf 3.0.0.10.in−addr.arpa] bla john DOT doe DOT 1 AT example DOT com 1.example.com
 10.0.0.2 john DOT doe DOT 2 AT example DOT com 3.0.0.10.in−addr.arpa1 2 3 lj;agas;gag
 blaat fkrf tweede 2.0.0.10.in−addr.arpa] bla 10.0.0.1 1 2.example.com
 2 3.example.com
 3 lj;agas;gag

The dump will look like

 ip 234.34.2.0 10.0.0.2
 ip 1.2.3.4 10.0.0.1
 inaddr 3.2.3.4.in−addr.arpa 2.0.0.10.in−addr.arpa
 inaddr 1.2.3.4.in−addr.arpa 1.0.0.10.in−addr.arpa
 inaddr 4.2.3.4.in−addr.arpa 3.0.0.10.in−addr.arpa
 domain mdcc.cx 3.example.com
 domain blablabla.com 2.example.com
 domain www.hotsex.com 1.example.com
 email jan AT blaat DOT frut DOT com john DOT doe DOT 2 AT example DOT com
 email pietje AT bigcompany DOT com john DOT doe DOT 1 AT example DOT com

SEE ALSO

lr_anonymize(1)

VERSION

$Id: lr_deanonymize.in,v 1.4 2006/07/23 13:16:32 vanbaal Exp $

COPYRIGHT

Copyright (C) 2000−2001 Stichting LogReport Foundation LogReport AT LogReport DOT org

This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.

This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY ; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE . See the GNU General Public License for more details.

You should have received a copy of the GNU General Public License along with this program (see COPYING ); if not, check with http://www.gnu.org/copyleft/gpl.html.

AUTHOR

Joost van Baal <joostvb AT logreport DOT org>

pdf