| A/I Orange Book (1.0): An how-to for the realization of a resilient network of self-managed servers | ||
|---|---|---|
| Prev | Next | |
A theme we are particularly caring for is the possibility of not keeping any record of the users access (log), so as to protect the choice of anonymity our users have done. This possibility is presently heavily threatened and this is one of the reasons why we wrote this document in the first place.
Thus, thanks to the work of many other activists all over the world, we can use some simple tricks to make sure that on our servers there is no log (not even temporarily) that will allow to connect accesses to our services to IP addresses (leading to the identification of users).
Apart from various tricks (from wtmp deletion, to the use of ssh relays for connections, to Tor) that we use to protect the identity of our administrators, let's see how services have been configured:
This is by far the easiest thing to do. To make Apache anonymous, you need to create a new type of logs in the apache2.conf file that you can call "anonymous":
LogFormat "127.0.0.1 %l %u %t \"%r\" %>s %b
\"%{Referer}i\" \"%{User-Agent}i\"" anonymous
(tutto su una riga).
This way you can define an anonymous access log for each virtualhost:
CustomLog /var/log/apache2/access_log anonymous