I need some help with LOGS tweaks

lamehen · 28 March 2025 12:34

How to put directories like /tmp, /var/tmp, /var/log (especially logs!) in tmpfs to enchance privacy?

ALL logs, including system ones and journald… I can grant them 50 Mb space in RAM? Or use sledgehammer method with /dev/null?

I need to reduce anything that can be used to track how i used my laptop. I understand risk that this can make troubleshooting harder.

I have 16gb of RAM. And I use it pretty much.

So if putting logs to RAM is bad for performance maybe in /dev/null (won’t constant use of dev/null harm SSD?)? But I need not to break anything in system. And yes, I am okay with headache with troubleshooting. This is tradeoff for maximum privacy if unauthorized access.

How to do so? Can you please help for both versions (tmpfs and /dev/null)?

Linux mint 22.

madpenguin · 28 March 2025 12:53

Hi Iamehen,

You can fiddle around with system fundamentals, but if you do this “by hand” then you will eventually come unstuck when something updates something that’s not expecting your by-hand customization.

It sounds like you want to minimize your footprint at a system level when using your workstation, so from that perspective I’d recommend one of two approaches;

Use a Live distribution (which is read-only), then store your /home folder one some normal (read-write) media. Live distro’s are pre-disposed to store all temporary files and logs in volatile memory so when you power down you should be left with your own files only and no traces on the system.
Use an immutable distribution. Depending on your choice of distro, some of these will allow you to specify where and how writable files are stored. One example of this kind of approach would be https://nixos.org/

If you could be more specific about what you’re worried about in terms of logging, you might get a more targeted answer, I’m not entirely sure for example what might end up in /tmp or /var/log that might be sensitive. Web browser logs for example which might be more relevant (?) are stored elsewhere …

lamehen · 28 March 2025 15:36

Tails. I know. Using in in critical things. But I need to “harden” especially home distro.

Home distro approximately only libreoffice, Firefox and GIMP. Mint 22

madpenguin · 28 March 2025 17:42

Ok, so if you’re just worried about logs … make sure you don’t install a specific logger (like rsyslog) and take a look at /etc/systemd/journald.conf

[Journal]
Storage=
SystemMaxFileSize=
SystemMaxFiles=

If you set storage to “volatile”, it shouldn’t be persisted, then set your maxfilesize and maxfiles and it should take care of your logging problem.

As for temporary files, take a look at man tmpfiles.d and the associated systemd-tmpfiles. You can set up a .conf file to specify which temporary locations you want to keep clean (like /tmp, /var/tmp) then either have them automatically cleaned at regular intervals, or force clean them with systemd-tmpfiles*.

(or even auto-cleaned on shutdown)

hth