From 9097354a7806d15482337e7b14d2d73150407896 Mon Sep 17 00:00:00 2001 From: Bob Mottram Date: Fri, 16 Jun 2017 15:43:17 +0100 Subject: [PATCH] Replace shred when toggling logging --- src/freedombone-logging | 51 ++++++++++++++++++++++------------------- 1 file changed, 28 insertions(+), 23 deletions(-) diff --git a/src/freedombone-logging b/src/freedombone-logging index e3e3ea29..23e59581 100755 --- a/src/freedombone-logging +++ b/src/freedombone-logging @@ -35,6 +35,11 @@ export TEXTDOMAINDIR="/usr/share/locale" WEBSERVER_LOG_LEVEL='warn' +# Shredding could be used here, but especially on microSD +# or SSD it's debatable how useful shredding really is. +# Also the shred command can be very slow on Beaglebone Black +REMOVE_FILES_COMMAND='rm -rf' + function turn_off_rsys_logging { sed -i 's|mail,news.none.*|mail,news.none /dev/null|g' /etc/rsyslog.conf sed -i 's|auth,authpriv.\*.*|auth,authpriv.\* /dev/null|g' /etc/rsyslog.conf @@ -48,14 +53,14 @@ function turn_off_rsys_logging { sed -i 's|\*.\*;auth,authpriv.none.*|\*.\*;auth,authpriv.none /dev/null|g' /etc/rsyslog.conf sed -i 's|#cron.\*|cron.\*|g' /etc/rsyslog.conf sed -i 's|cron.\*.*|cron.\* /dev/null|g' /etc/rsyslog.conf - shred -zu /var/log/wtmp* - shred -zu /var/log/debug* - shred -zu /var/log/cron.* - shred -zu /var/log/auth.* - shred -zu /var/log/mail.* - shred -zu /var/log/daemon.* - shred -zu /var/log/user.* - shred -zu /var/log/messages* + $REMOVE_FILES_COMMAND /var/log/wtmp* + $REMOVE_FILES_COMMAND /var/log/debug* + $REMOVE_FILES_COMMAND /var/log/cron.* + $REMOVE_FILES_COMMAND /var/log/auth.* + $REMOVE_FILES_COMMAND /var/log/mail.* + $REMOVE_FILES_COMMAND /var/log/daemon.* + $REMOVE_FILES_COMMAND /var/log/user.* + $REMOVE_FILES_COMMAND /var/log/messages* } function turn_on_rsys_logging { @@ -155,34 +160,34 @@ else sed -i 's|log_config:|#log_config:|g' /var/lib/matrix/homeserver.yaml fi if [ -f /etc/matrix/homeserver.log ]; then - shred -zu /etc/matrix/homeserver.log + $REMOVE_FILES_COMMAND /etc/matrix/homeserver.log fi if [ -f /etc/matrix/homeserver.log.1 ]; then - shred -zu /etc/matrix/homeserver.log.1 + $REMOVE_FILES_COMMAND /etc/matrix/homeserver.log.1 fi fi if [ -d /etc/tor ]; then sed -i 's|#Log notice file.*|Log notice file /dev/null|g' /etc/tor/torrc sed -i 's|Log notice file.*|Log notice file /dev/null|g' /etc/tor/torrc if [ -d /var/log/tor ]; then - shred -zu /var/log/tor/* + $REMOVE_FILES_COMMAND /var/log/tor/* rm -rf /var/log/tor fi fi if [ -f /etc/mumble-server.ini ]; then sed -i 's|logfile=.*|logfile=/dev/null|g' /etc/mumble-server.ini if [ -d /var/log/mumble-server ]; then - shred -zu /var/log/mumble-server/* + $REMOVE_FILES_COMMAND /var/log/mumble-server/* rm -rf /var/log/mumble-server fi fi if [ -d /var/log/radicale ]; then - shred -zu /var/log/radicale/* + $REMOVE_FILES_COMMAND /var/log/radicale/* rm -rf /var/log/radicale fi if [ -f /etc/php/7.0/fpm/php-fpm.conf ]; then sed -i 's|error_log =.*|error_log = /dev/null|g' /etc/php/7.0/fpm/php-fpm.conf - shred -zu /var/log/php-fpm.* + $REMOVE_FILES_COMMAND /var/log/php-fpm.* fi if [ -d /etc/nginx ]; then for filename in /etc/nginx/sites-available/* ; do @@ -192,7 +197,7 @@ else done sed -i 's|access_log.*|access_log /dev/null;|g' /etc/nginx/nginx.conf sed -i 's|error_log.*|error_log /dev/null;|g' /etc/nginx/nginx.conf - shred -zu /var/log/nginx/* + $REMOVE_FILES_COMMAND /var/log/nginx/* fi if [ -f /etc/init.d/spamassassin ]; then sed -i 's|DOPTIONS="-d --pidfile=$PIDFILE"|DOPTIONS="-s null -d --pidfile=$PIDFILE"|g' /etc/init.d/spamassassin @@ -201,31 +206,31 @@ else sed -i 's|info = "/var/log/prosody/prosody.log";|info = "/dev/null";|g' /etc/prosody/prosody.cfg.lua sed -i 's|error = "/var/log/prosody/prosody.err";|error = "/dev/null";|g' /etc/prosody/prosody.cfg.lua sed -i 's|levels = { "error" }; to = "syslog";|levels = { "error" }; to = "/dev/null";|g' /etc/prosody/prosody.cfg.lua - shred -zu /var/log/prosody/* + $REMOVE_FILES_COMMAND /var/log/prosody/* rm -rf /var/log/prosody fi if [ -d /etc/exim4 ]; then sed -i 's|MAIN_LOG_SELECTOR = .*|MAIN_LOG_SELECTOR = -all|g' /etc/exim4/conf.d/main/01_exim4-config_listmacrosdefs sed -i 's|MAIN_LOG_SELECTOR = .*|MAIN_LOG_SELECTOR = -all|g' /etc/exim4/exim4.conf.template sed -i 's|log_selector =.*|log_selector = -all|g' /etc/exim4/conf.d/main/90_exim4-config_log_selector - shred -zu /var/log/exim4/* + $REMOVE_FILES_COMMAND /var/log/exim4/* fi if [ -f /etc/dovecot/dovecot.conf ]; then sed -i 's|log_path =.*|log_path = /dev/null|g' /etc/dovecot/dovecot.conf sed -i 's|info_log_path =.*|info_log_path = /dev/null|g' /etc/dovecot/dovecot.conf sed -i 's|debug_log_path =.*|debug_log_path = /dev/null|g' /etc/dovecot/dovecot.conf - shred -zu /var/log/mail.* - shred -zu /var/log/dovecot* + $REMOVE_FILES_COMMAND /var/log/mail.* + $REMOVE_FILES_COMMAND /var/log/dovecot* fi if [ -d /etc/mysql ]; then if [ -d /var/log/mysql ]; then - shred -zu /var/log/mysql/* + $REMOVE_FILES_COMMAND /var/log/mysql/* fi if [ -f /var/log/mysql.err ]; then - shred -zu /var/log/mysql.err + $REMOVE_FILES_COMMAND /var/log/mysql.err fi if [ -f /var/log/mysql.log ]; then - shred -zu /var/log/mysql.log + $REMOVE_FILES_COMMAND /var/log/mysql.log fi if [ -f /etc/mysql/my.cnf ]; then sed -i 's|log_error =.*|log_error = /dev/null|g' /etc/mysql/my.cnf @@ -234,7 +239,7 @@ else if [ -f /etc/fail2ban/fail2ban.conf ]; then sed -i 's|loglevel.*|loglevel = 1|g' /etc/fail2ban/fail2ban.conf sed -i 's|logtarget.*|logtarget = /dev/null|g' /etc/fail2ban/fail2ban.conf - shred -zu /var/log/fail2ban.* + $REMOVE_FILES_COMMAND /var/log/fail2ban.* fi turn_off_rsys_logging fi