|
@@ -35,6 +35,11 @@ export TEXTDOMAINDIR="/usr/share/locale"
|
35
|
35
|
|
36
|
36
|
WEBSERVER_LOG_LEVEL='warn'
|
37
|
37
|
|
|
38
|
+# Shredding could be used here, but especially on microSD
|
|
39
|
+# or SSD it's debatable how useful shredding really is.
|
|
40
|
+# Also the shred command can be very slow on Beaglebone Black
|
|
41
|
+REMOVE_FILES_COMMAND='rm -rf'
|
|
42
|
+
|
38
|
43
|
function turn_off_rsys_logging {
|
39
|
44
|
sed -i 's|mail,news.none.*|mail,news.none /dev/null|g' /etc/rsyslog.conf
|
40
|
45
|
sed -i 's|auth,authpriv.\*.*|auth,authpriv.\* /dev/null|g' /etc/rsyslog.conf
|
|
@@ -48,14 +53,14 @@ function turn_off_rsys_logging {
|
48
|
53
|
sed -i 's|\*.\*;auth,authpriv.none.*|\*.\*;auth,authpriv.none /dev/null|g' /etc/rsyslog.conf
|
49
|
54
|
sed -i 's|#cron.\*|cron.\*|g' /etc/rsyslog.conf
|
50
|
55
|
sed -i 's|cron.\*.*|cron.\* /dev/null|g' /etc/rsyslog.conf
|
51
|
|
- shred -zu /var/log/wtmp*
|
52
|
|
- shred -zu /var/log/debug*
|
53
|
|
- shred -zu /var/log/cron.*
|
54
|
|
- shred -zu /var/log/auth.*
|
55
|
|
- shred -zu /var/log/mail.*
|
56
|
|
- shred -zu /var/log/daemon.*
|
57
|
|
- shred -zu /var/log/user.*
|
58
|
|
- shred -zu /var/log/messages*
|
|
56
|
+ $REMOVE_FILES_COMMAND /var/log/wtmp*
|
|
57
|
+ $REMOVE_FILES_COMMAND /var/log/debug*
|
|
58
|
+ $REMOVE_FILES_COMMAND /var/log/cron.*
|
|
59
|
+ $REMOVE_FILES_COMMAND /var/log/auth.*
|
|
60
|
+ $REMOVE_FILES_COMMAND /var/log/mail.*
|
|
61
|
+ $REMOVE_FILES_COMMAND /var/log/daemon.*
|
|
62
|
+ $REMOVE_FILES_COMMAND /var/log/user.*
|
|
63
|
+ $REMOVE_FILES_COMMAND /var/log/messages*
|
59
|
64
|
}
|
60
|
65
|
|
61
|
66
|
function turn_on_rsys_logging {
|
|
@@ -155,34 +160,34 @@ else
|
155
|
160
|
sed -i 's|log_config:|#log_config:|g' /var/lib/matrix/homeserver.yaml
|
156
|
161
|
fi
|
157
|
162
|
if [ -f /etc/matrix/homeserver.log ]; then
|
158
|
|
- shred -zu /etc/matrix/homeserver.log
|
|
163
|
+ $REMOVE_FILES_COMMAND /etc/matrix/homeserver.log
|
159
|
164
|
fi
|
160
|
165
|
if [ -f /etc/matrix/homeserver.log.1 ]; then
|
161
|
|
- shred -zu /etc/matrix/homeserver.log.1
|
|
166
|
+ $REMOVE_FILES_COMMAND /etc/matrix/homeserver.log.1
|
162
|
167
|
fi
|
163
|
168
|
fi
|
164
|
169
|
if [ -d /etc/tor ]; then
|
165
|
170
|
sed -i 's|#Log notice file.*|Log notice file /dev/null|g' /etc/tor/torrc
|
166
|
171
|
sed -i 's|Log notice file.*|Log notice file /dev/null|g' /etc/tor/torrc
|
167
|
172
|
if [ -d /var/log/tor ]; then
|
168
|
|
- shred -zu /var/log/tor/*
|
|
173
|
+ $REMOVE_FILES_COMMAND /var/log/tor/*
|
169
|
174
|
rm -rf /var/log/tor
|
170
|
175
|
fi
|
171
|
176
|
fi
|
172
|
177
|
if [ -f /etc/mumble-server.ini ]; then
|
173
|
178
|
sed -i 's|logfile=.*|logfile=/dev/null|g' /etc/mumble-server.ini
|
174
|
179
|
if [ -d /var/log/mumble-server ]; then
|
175
|
|
- shred -zu /var/log/mumble-server/*
|
|
180
|
+ $REMOVE_FILES_COMMAND /var/log/mumble-server/*
|
176
|
181
|
rm -rf /var/log/mumble-server
|
177
|
182
|
fi
|
178
|
183
|
fi
|
179
|
184
|
if [ -d /var/log/radicale ]; then
|
180
|
|
- shred -zu /var/log/radicale/*
|
|
185
|
+ $REMOVE_FILES_COMMAND /var/log/radicale/*
|
181
|
186
|
rm -rf /var/log/radicale
|
182
|
187
|
fi
|
183
|
188
|
if [ -f /etc/php/7.0/fpm/php-fpm.conf ]; then
|
184
|
189
|
sed -i 's|error_log =.*|error_log = /dev/null|g' /etc/php/7.0/fpm/php-fpm.conf
|
185
|
|
- shred -zu /var/log/php-fpm.*
|
|
190
|
+ $REMOVE_FILES_COMMAND /var/log/php-fpm.*
|
186
|
191
|
fi
|
187
|
192
|
if [ -d /etc/nginx ]; then
|
188
|
193
|
for filename in /etc/nginx/sites-available/* ; do
|
|
@@ -192,7 +197,7 @@ else
|
192
|
197
|
done
|
193
|
198
|
sed -i 's|access_log.*|access_log /dev/null;|g' /etc/nginx/nginx.conf
|
194
|
199
|
sed -i 's|error_log.*|error_log /dev/null;|g' /etc/nginx/nginx.conf
|
195
|
|
- shred -zu /var/log/nginx/*
|
|
200
|
+ $REMOVE_FILES_COMMAND /var/log/nginx/*
|
196
|
201
|
fi
|
197
|
202
|
if [ -f /etc/init.d/spamassassin ]; then
|
198
|
203
|
sed -i 's|DOPTIONS="-d --pidfile=$PIDFILE"|DOPTIONS="-s null -d --pidfile=$PIDFILE"|g' /etc/init.d/spamassassin
|
|
@@ -201,31 +206,31 @@ else
|
201
|
206
|
sed -i 's|info = "/var/log/prosody/prosody.log";|info = "/dev/null";|g' /etc/prosody/prosody.cfg.lua
|
202
|
207
|
sed -i 's|error = "/var/log/prosody/prosody.err";|error = "/dev/null";|g' /etc/prosody/prosody.cfg.lua
|
203
|
208
|
sed -i 's|levels = { "error" }; to = "syslog";|levels = { "error" }; to = "/dev/null";|g' /etc/prosody/prosody.cfg.lua
|
204
|
|
- shred -zu /var/log/prosody/*
|
|
209
|
+ $REMOVE_FILES_COMMAND /var/log/prosody/*
|
205
|
210
|
rm -rf /var/log/prosody
|
206
|
211
|
fi
|
207
|
212
|
if [ -d /etc/exim4 ]; then
|
208
|
213
|
sed -i 's|MAIN_LOG_SELECTOR = .*|MAIN_LOG_SELECTOR = -all|g' /etc/exim4/conf.d/main/01_exim4-config_listmacrosdefs
|
209
|
214
|
sed -i 's|MAIN_LOG_SELECTOR = .*|MAIN_LOG_SELECTOR = -all|g' /etc/exim4/exim4.conf.template
|
210
|
215
|
sed -i 's|log_selector =.*|log_selector = -all|g' /etc/exim4/conf.d/main/90_exim4-config_log_selector
|
211
|
|
- shred -zu /var/log/exim4/*
|
|
216
|
+ $REMOVE_FILES_COMMAND /var/log/exim4/*
|
212
|
217
|
fi
|
213
|
218
|
if [ -f /etc/dovecot/dovecot.conf ]; then
|
214
|
219
|
sed -i 's|log_path =.*|log_path = /dev/null|g' /etc/dovecot/dovecot.conf
|
215
|
220
|
sed -i 's|info_log_path =.*|info_log_path = /dev/null|g' /etc/dovecot/dovecot.conf
|
216
|
221
|
sed -i 's|debug_log_path =.*|debug_log_path = /dev/null|g' /etc/dovecot/dovecot.conf
|
217
|
|
- shred -zu /var/log/mail.*
|
218
|
|
- shred -zu /var/log/dovecot*
|
|
222
|
+ $REMOVE_FILES_COMMAND /var/log/mail.*
|
|
223
|
+ $REMOVE_FILES_COMMAND /var/log/dovecot*
|
219
|
224
|
fi
|
220
|
225
|
if [ -d /etc/mysql ]; then
|
221
|
226
|
if [ -d /var/log/mysql ]; then
|
222
|
|
- shred -zu /var/log/mysql/*
|
|
227
|
+ $REMOVE_FILES_COMMAND /var/log/mysql/*
|
223
|
228
|
fi
|
224
|
229
|
if [ -f /var/log/mysql.err ]; then
|
225
|
|
- shred -zu /var/log/mysql.err
|
|
230
|
+ $REMOVE_FILES_COMMAND /var/log/mysql.err
|
226
|
231
|
fi
|
227
|
232
|
if [ -f /var/log/mysql.log ]; then
|
228
|
|
- shred -zu /var/log/mysql.log
|
|
233
|
+ $REMOVE_FILES_COMMAND /var/log/mysql.log
|
229
|
234
|
fi
|
230
|
235
|
if [ -f /etc/mysql/my.cnf ]; then
|
231
|
236
|
sed -i 's|log_error =.*|log_error = /dev/null|g' /etc/mysql/my.cnf
|
|
@@ -234,7 +239,7 @@ else
|
234
|
239
|
if [ -f /etc/fail2ban/fail2ban.conf ]; then
|
235
|
240
|
sed -i 's|loglevel.*|loglevel = 1|g' /etc/fail2ban/fail2ban.conf
|
236
|
241
|
sed -i 's|logtarget.*|logtarget = /dev/null|g' /etc/fail2ban/fail2ban.conf
|
237
|
|
- shred -zu /var/log/fail2ban.*
|
|
242
|
+ $REMOVE_FILES_COMMAND /var/log/fail2ban.*
|
238
|
243
|
fi
|
239
|
244
|
turn_off_rsys_logging
|
240
|
245
|
fi
|