search

MassBank / MassBank-web

The web server application and directly connected components for a MassBank web server
14 stars 22 forks source link

GDPR compliant logging #117

Closed sneumann closed 3 years ago

sneumann commented 6 years ago

https://www.privacyfoundation.ch/de/service/anonip.html

Can be embedded into logrotate configuration as follows, but needs adapting to tomcat. Will do weekly rotation, and anonymise logs older than one week.

/var/log/apache2/*.log {
        weekly
        missingok
        rotate 52
        compress
        delaycompress
        notifempty
        create 640 root adm
#sharedscripts  !!!
        postrotate
                /etc/init.d/apache2 reload > /dev/null
        endscript
        prerotate
                if [ -d /etc/logrotate.d/httpd-prerotate ]; then \
                        run-parts /etc/logrotate.d/httpd-prerotate; \
                fi; \
                grep -v "webproxy.pac\|infoDisplays" $1 | /usr/local/bin/anonip.py --column 1 --ipv4mask 8 --ipv6mask 64 --replace 0.0.0.0 --output $1.anonip;
                 cp $1.anonip $1;
                 rm $1.anonip;
        endscript
}
tsufz commented 6 years ago

Hi, I suggest to use the German implementation: https://blog.bartlweb.net/2018/02/ip-adressen-in-access-und-error-logs-des-apache-webserver-anonymisieren/

tsufz commented 6 years ago

https://www.zendas.de/technik/sicherheit/apache/index.html

tsufz commented 6 years ago

However, IMHO, Tomcat is logging only internal calls and no external.

tsufz commented 3 years ago

I solved it now straight forward with the original anonin solution. I don't see a requirement to store full IPs. Apache deletes old logs after 14 days anyway. We are pretty much within GDPR.