Some servers are set up to not keep logs so that there is nothing for others to track. Is that something that Virtualmin can help with? How is this normally done?
Thanks.
What are you trying to hide ? And in what context?
On top of that you have not supplied system details therefore it’s impossible to help
You can only control what you have control over. So this could be a minefield with quicksand ready to swallow you up!
Of course if you control your server you have the ability to just delete all your logs. but is that really enough every 3rd party up (your VM provider the provider of all those packages that are installed) and down the chain (from Virtualmin, Git to et al) keep or have the potential to keep logs - not to mention the internet and email. If you are concerned it is a question perhaps more directed towards GCHQ and similar authorities.
You can of course encrypt the logs but that really doesn’t delete tham just another layer of obscuring the content.
The logs are there to help you find problems and hopefully fix them so why delete them just have a rotation policy. (what about your backups?)
I have servers around the world (including China/Russia and the US) I don’t trust anyone of them! Do you?
Really? Who tells you so?
I agree with @Stegan and to further add:
- Virtualmin is not designed to hide logs.
- You would as an admin have to do all of that yourself or configure the server not to keep logs.
Thank you all for the replies. I am only at the general spit-balling phase. The line of thinking goes something like this. If a person uses a good VPN, like say Nord, they do not keep logs. Therefore, their customers cannot be tracked, even if handed a warrant.
In this day and age, with ever increasing interference by nefarious characters, privacy and anonymity is of utmost import.
It is not suggested that this is something that Virtualmin does, but rather this forum might be a place where someone might know something about this sort of setup.
Thanks again.
Not sure what you want.
Your server, your logs.
What do you not want to be logged/tracked, be specific please
Are you using pptp server and wish to remove those logs ? If so this is out of scope for webmin ( webmin handles the pptp server not virtualmin) you need some code written that removes the logs or stop pptpd writing logs in the first place. Maybe look in
/etc/pptpd.conf
For options
Sorry if I’m not clear enough for you folks. I just want to know how these things work. I’m just trying to gather information.
The tunneling protocol is one thing, but what about just visitor info in general or about users of the email system? I am totally unclear about how privacy is kept sacrosanct in server situations in general.
Yes, @KitchM and you are within your rights to ask that question about Virtualmin, regardless of what your motivation might be to not keep logs.
It seems to me that you are engaging with the community without first having installed or used the GPL version of Virtualmin. It would be so much more productive to have a discussion if you actually use Virtualmin.
Why don’t you install it?
Oh, sorry to not inform. But I have used it before for quite a long time. Wonderful package!
I do not currently operate any servers, but the desire is tickling the back of my mind once again, and I’d like to think about the next level.
You are not required to keep logs, with Virtualmin or any other system I’m aware of.
You can edit Server Templates (or current Virtual Server VirtualHost sections) to remove the log-related entries. You’ll also have to configure the top-level config to not have logs, as well. You haven’t told us your OS and version, so I can’t tell you which files and directories that’ll be in. You can grep -R CustomLog <apcahe-config-directory> (replace apache-config-directory where your actual Apache config directory, don’t just copy-paste this).
If you want to disable error logs, you can also look for ErrorLog entries. (But, beware maintaining a web server with no logs is Hard Mode. You’re making your life hard.)
You’ll also probably want to disable log file rotation for the domain Apache logs, since you won’t have logs to rotate.
Also, everybody else, it’s OK to just think, “I don’t know”, and leave it alone. Y’all don’t have to attack OP about it! This may be a very unusual request, even something to discourage (gently), but it’s not impossible or even difficult to do. Please feel free to step back and not participate if you have no idea and it makes you mad that you have no idea.
3 Likes
That’s wonderful, @KitchM. You will recall then that Webmin → System → System Logs and Webmin → System → System Log Viewer are many log files that exist and can be deleted on a schedule via cron.
Edit: Joe’s solution above is the better one.
Ah, yes. Good points, All. I would think that the pros tend to only delete logs that may have something to do with visitors. Surely, there must be some way to make sure that error logs do not contain visitor tracking or timing concerns, but still contain necessary information of server problems. Hmmmm.
One would also have to be sure that another taking control of the server surreptitiously would not be able to undo the changes. Especially if one uses a VPS.
I’m also wondering about encrypted processing. Maybe something along those lines.
@KitchM I’m not trying to rag your very valid question (though agree with @Joe 's comment about this discussion is outside Virtualmin) it does have wider importance for this or indeed any community.
Some of us operate our servers in regimes that demand and even legislate for the collection and release of such information. - It is something we probably all should be considering and those within larger corporations be passing to our legal teams.
The point I was trying to make in my quick (potentially hasty - but with no intended negative or “put down”) reply. Was that this is a serious issue and that there is only so much that is within our control.
Everything else - and that is a massive amount - is beyond our control. Indeed who can control what these external authorities/ governments/ regimes/ companies decide to do on a whim and just as important can you trust anyone?
Privacy, Terms of Use and Cookie Policies are perfect examples that litter the web. Most of which are never read (let alone understood) and rarely (if ever) updated. At minimum just an irritant and waste of time.
At the end of the day the best (perhaps only advice) is to do as much as you can do (within your own controlled environment) to comply with the current legal framework in which you operate.
1 Like
Thank you so much for the kind words.
I think we must recognize those locations which are less than safe are to be avoided. Right now it is best to stick with a location such as Iceland, where legal and governmental laws protect server info.
The problem server admins have boils down to whom the server(s) is for. If it is a large company with their own backbone link, they can set up a system whereby things are automated under their own control. This control would include lock and key barricade access at the least, and any attempt at forced entry would trigger an immediate wipe of important info, including memory overwrite.
Even colocation is not safe, because we are giving our physical server over to another’s control. Small to medium businesses, to say nothing about the SOHO situation, are really in a bind. A server in the corner of the office or home is still tough to protect because of knockless warrants and smash-and-grabs.
In looking at OpenFHE, it does not appear to be the solution. I am beginning to figure that TEE or confidential computing might be the only option we have; at least as it gets mature.
Again, thank you.
This topic was automatically closed 8 days after the last reply. New replies are no longer allowed.