Theresa May seems to have got her way, and the Snoopers Charter has passed into UK law. Squashed Fly hosts among others websites, both the Freedom Press and Freedom News sites, and as part of that I don’t like clear text services (see Encrypt Everything) and now with the ‘legal requirment’ to turn over logs or data it makes sense not to store any more than I need.
Sentroa by defult generates massive logs for apache and email, however logrotate.d is installed for other things, so three new files later and our logging is hugely reduced:
First file limits what Apache stores: /etc/logrotate.d/sentora-apache
/var/sentora/logs/domains/*/*.log /var/sentora/logs/sentora*.log /var/sentora/logs/daemon*.log {
su root root
daily
size 100k
missingok
rotate 7
compress
delaycompress
notifempty
create 664 root root
sharedscripts
postrotate
/etc/init.d/apache2 reload > /dev/null
endscript
}
and Dovecot for limiting email metadata availability: /etc/logrotate.d/sentora-dovecot
/var/log/dovecot*.log {
su root root
daily
size 100k
missingok
rotate 1
compress
delaycompress
notifempty
create 660 vmail mail
sharedscripts
postrotate
doveadm log reopen
endscript
}
While ProFTP is not used often, its worth also culling what it stores: /etc/logrotate.d/sentora-proftpd
/var/sentora/logs/proftpd/access.log /var/sentora/logs/proftpd/auth.log /var/sentora/logs/proftpd/xferlog.www {
su root root
daily
size 100k
missingok
rotate 2
compress
delaycompress
notifempty
create 644 root root
sharedscripts
postrotate
# reload could be not sufficient for all logs, a restart is safe
/etc/init.d/proftpd force-reload > /dev/null
endscript
}
These scripts work on Sentroa installed on Ubuntu, other installs may require changes.
Please note that this still leaves mailstores, and hosted data in clear text so please consider encripting emails as well!
Leave a Reply