[systemd-devel] how to encrypt journalctl metadata
Divya Thaluru
divya.thaluru at gmail.com
Wed Aug 17 20:02:18 UTC 2016
Thanks Mantas!!! In my case, metadata "cmdline" had sensitive information
which I am not intended to store. Is there any way to disable collecting
metadata?
Thanks,
Divya
On Wed, Aug 17, 2016 at 12:55 PM, Mantas Mikulėnas <grawity at gmail.com>
wrote:
> On Wed, Aug 17, 2016 at 10:10 PM, Divya Thaluru <divya.thaluru at gmail.com>
> wrote:
>
>> Hi,
>>
>> Journalctl stores metadata like "_UID,_GID,_CMDLINE,_SYSTEMD_CGROUP
>> etc…" for each message. Is there any way, can we encrypt metadata
>> (commandline info) so sensitive information wont be stored.
>>
>> If encryption of metadata is not possible, can we disable collecting the
>> metadata?
>>
>
> Store your logs in a LUKS volume. There's no built-in encryption in
> journald.
>
> And... quite frankly, I cannot imagine how service name or its UID would
> be more sensitive than the messages themselves? It seems the opposite of
> every single system I've seen. The *messages* often contain sensitive
> information, whereas PIDs or service names are mostly generic info.
>
> Just set up a LUKS container for /var/log.
>
> --
> Mantas Mikulėnas <grawity at gmail.com>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.freedesktop.org/archives/systemd-devel/attachments/20160817/1119deca/attachment-0001.html>
More information about the systemd-devel
mailing list