mirror of
https://github.com/trailofbits/algo.git
synced 2025-10-13 14:05:35 +02:00
db02a8f8aa
- Add no_log directives to all cloud provider credential handling - Set privacy-focused defaults (StrongSwan logging disabled, DNSCrypt syslog off) - Implement privacy role with log rotation, history clearing, and log filtering - Add Privacy Considerations section to README - Make all privacy features configurable and enabled by default This update significantly reduces Algo's logging footprint to enhance user privacy while maintaining the ability to enable logging for debugging when needed.
37 lines
No EOL
1 KiB
Django/Jinja
37 lines
No EOL
1 KiB
Django/Jinja
# Privacy-enhanced kernel log rotation
|
|
# Reduces retention time for kernel logs that may contain VPN traces
|
|
# Generated by Algo VPN privacy role
|
|
|
|
/var/log/kern.log
|
|
{
|
|
# Aggressive rotation for kernel logs
|
|
rotate {{ privacy_log_rotation.rotate_count }}
|
|
maxage {{ privacy_log_rotation.max_age }}
|
|
size {{ privacy_log_rotation.max_size }}M
|
|
|
|
daily
|
|
missingok
|
|
notifempty
|
|
compress
|
|
delaycompress
|
|
|
|
create 0640 syslog adm
|
|
copytruncate
|
|
|
|
# Pre-rotation script to filter VPN-related entries
|
|
prerotate
|
|
# Create filtered version excluding VPN traces
|
|
if [ -f /var/log/kern.log ]; then
|
|
grep -v -E "(wireguard|ipsec|strongswan|xl2tpd)" /var/log/kern.log > /tmp/kern.log.filtered || true
|
|
if [ -s /tmp/kern.log.filtered ]; then
|
|
mv /tmp/kern.log.filtered /var/log/kern.log
|
|
fi
|
|
fi
|
|
endscript
|
|
|
|
postrotate
|
|
if [ -f /var/run/rsyslogd.pid ]; then
|
|
kill -HUP `cat /var/run/rsyslogd.pid`
|
|
fi
|
|
endscript
|
|
} |