On Wed, Aug 17, 2016 at 10:10 PM, Divya Thaluru <divya.thal...@gmail.com> wrote:
> Hi, > > Journalctl stores metadata like "_UID,_GID,_CMDLINE,_SYSTEMD_CGROUP etc…" > for each message. Is there any way, can we encrypt metadata (commandline > info) so sensitive information wont be stored. > > If encryption of metadata is not possible, can we disable collecting the > metadata? > Store your logs in a LUKS volume. There's no built-in encryption in journald. And... quite frankly, I cannot imagine how service name or its UID would be more sensitive than the messages themselves? It seems the opposite of every single system I've seen. The *messages* often contain sensitive information, whereas PIDs or service names are mostly generic info. Just set up a LUKS container for /var/log. -- Mantas Mikulėnas <graw...@gmail.com>
_______________________________________________ systemd-devel mailing list systemd-devel@lists.freedesktop.org https://lists.freedesktop.org/mailman/listinfo/systemd-devel
