7

I have recently signed up with digitalocean, created a server for a SSH tunnel for browsing security. But this is only as good as logs kept and would like to disable them all.

I am looking to find out how to disable all possible logs. I know its not a good idea, from what I have read on the internet. If something goes wrong later I will just create a new server... not a big deal.I have been searching and searching for days online and have found very little. So I broke down and decided to ask here.

I am running Ubuntu server 16.04. I have deleted the actual .log files in /var/log.. They dont seem to be coming back.

However when I look at the logrotate it does have current dates on there.

I am not sure what command or commands I need to run to disable any and all logging for a security/ privacy server.

If there is anything that you need please let me know and I will do what I can.

Thank you again for any help that you can provide.

strapt
  • 89

1 Answers1

11

on newer versions of ubuntu, (at least from 14.04 onwards - and probably earlier releases too) the core system logging is managed through the rsyslog daemon. i.e. logging for

  • kernel
  • iptables firewall (which is a component of the kernel)
  • SSH
  • mail

For a full list see /etc/rsyslog.d/50-default or ls -al the /var/log folder, the logfiles owned by syslog are services whose logging is managed through rsyslog.
Therefore for these core systems you can prevent logging by either

stopping the rsyslog daemon

for pre 15.10 releases

sudo service rsyslog stop

for 15.10 and later the above will probably still work, but you could also do

sudo systemctl stop rsyslog.service

This will only stop rsyslog for the current session, to make sure rsyslog doesnt start on reboot, use:

sudo systemctl disable rsyslog.service

or you can...

Turn off logging via rsyslog's configuration

i.e comment out this line

$IncludeConfig /etc/rsyslog.d/*.conf

in /etc/rsyslog.conf

For more info see man 5 rsyslog.conf.

All the other logs are usually generated by the various programs directly and you would possibly need to reconfigure each daemon one by one to stop their logging.

logrotate

logrotate is a utility that runs - I believe - once a day via cron job, that rotates out (creates a new base log file for each service and increments the log file numbers of existing log file that are too long lived or too large and performs compression and deletion on log files, its not really a place I would look at to stop logging.

the_velour_fog
  • 2,410