This is not an easy task... It depends on how thorough you wish to be. Simply modifying your squid program to overwrite the logs before rotation would get you most of the way to where you want to go... At the extreme, you have to worry about sideband data on the platters etc... if you want to hide stuff from the NSA..
I've not looked at Squid source ( I assume it is open source... dunno for sure ), but most likely it simply does a unlink on the oldest log file, which leave the 'data' blocks on the disk to be reused at a later time. Someone with computer forensic skills could recover those data block, until they are reused for other purposes. - jim On Mon, 04 Nov 2002 14:54:10 -0500 [EMAIL PROTECTED] (Larry Scritchfield) wrote: > I have a web proxy (squid) running on RH 7.3, filesystem ext3. > > When the log files are rotated, what happens to the old files? > > Are they deleted, in the same sense as rm'ing them? > > Do the new log files overwrite the old ones immediately, or are those blocks >overwritten as needed? > > If I REALLY want to keep log files which have been rotated out from being > recovered, how would I do that? > > I've looked into the "scrub" utility from Jim Garlick of Lawrence Livermore > Labs. To use scrub you issue: scrub [-options] file > > http://doe-is.llnl.gov/SecRes/DOECustomTools.html > > But there is no "file" in the case of log files that have been rotated - > the filename(s) are in use again. > > I suppose that to prevent recovery of log data, I'd have to use scrub to > fill the remaining space on the filesystem, then rm that file. Does that > sound right? > > My motivation for erasing logs for good is the protection of the privacy of users of >the proxy. > > Larry > > __________________________________________________________________ > The NEW Netscape 7.0 browser is now available. Upgrade now! >http://channels.netscape.com/ns/browsers/download.jsp > > Get your own FREE, personal Netscape Mail account today at >http://webmail.netscape.com/ > _______________________________________________ > RLUG mailing list > [EMAIL PROTECTED] > http://www.rlug.org/mailman/listinfo/rlug > _______________________________________________ RLUG mailing list [EMAIL PROTECTED] http://www.rlug.org/mailman/listinfo/rlug
