mirror of
https://github.com/trailofbits/algo.git
synced 2025-09-08 13:03:32 +02:00
db02a8f8aa
- Add no_log directives to all cloud provider credential handling - Set privacy-focused defaults (StrongSwan logging disabled, DNSCrypt syslog off) - Implement privacy role with log rotation, history clearing, and log filtering - Add Privacy Considerations section to README - Make all privacy features configurable and enabled by default This update significantly reduces Algo's logging footprint to enhance user privacy while maintaining the ability to enable logging for debugging when needed.
22 lines
No EOL
931 B
Django/Jinja
22 lines
No EOL
931 B
Django/Jinja
#!/bin/bash
|
|
# Privacy log cleanup script
|
|
# Immediately cleans up existing logs and applies privacy settings
|
|
# Generated by Algo VPN privacy role
|
|
|
|
set -euo pipefail
|
|
|
|
echo "Starting privacy log cleanup..."
|
|
|
|
# Truncate existing log files to apply new rotation settings immediately
|
|
find /var/log -type f -name "*.log" -size +{{ privacy_log_rotation.max_size }}M -exec truncate -s {{ privacy_log_rotation.max_size }}M {} \; 2>/dev/null || true
|
|
|
|
# Remove old rotated logs that exceed our retention policy
|
|
find /var/log -type f \( -name "*.log.*" -o -name "*.gz" \) -mtime +{{ privacy_log_rotation.max_age }} -delete 2>/dev/null || true
|
|
|
|
# Clean up systemd journal to respect new settings
|
|
if [ -d /var/log/journal ]; then
|
|
journalctl --vacuum-time={{ privacy_log_rotation.max_age }}d 2>/dev/null || true
|
|
journalctl --vacuum-size={{ privacy_log_rotation.max_size * 10 }}M 2>/dev/null || true
|
|
fi
|
|
|
|
echo "Privacy log cleanup completed" |