Protect the privacy of your server's users

Sadly some people have the misfortune of living under regimes which debase the basic individual human right of privacy in order to accrue profit for a handful of wealthy people. Very, very sad. Some of my undergraduate students from these countries have told me pretty harrowing tails, and so here are six very simple and very basic techniques I show them with which they can help ensure they protect the human rights of their user communities when they return home to design and run ISP or server shops:

(Note - what follows assumes you are using a real operating system rather than those proprietary overpriced spyware systems sold by certain allegedly unethical computer software giants.)

 

1. Always ensure that ssl is enabled and forced where necessary.
Here is an example of forcing ssl access under apache2, Lightttpd is similar. Obviously you must first enable ssl in both servers by RTFM
  1. # If you use Apache, place this into your apache2.conf file. This will
    # guarantee that users of your site's webmail system are switched to ssl automatically
    <IfModule mod_rewrite.c>
    <IfModule mod_ssl.c>
    <Location /webmail>
    RewriteEngine on
    RewriteCond %{HTTPS} !^on$ [NC]
    RewriteRule . https://%{HTTP_HOST}:443%{REQUEST_URI} [L]
    </Location>
    </IfModule>
    </IfModule>
  2. Of course you should change the 443 to whatever port your ssl runs on, and open that port in your firewall
2. Erase web and mail logs nightly:
  1. change /etc/logrotate.conf as follows for whatever logs you wish
    "/var/log/httpd/access.log" /var/log/httpd/error.log {
    rotate 0
    mail www@me.somewhere
    size 100k
    sharedscripts
    postrotate
    /usr/bin/killall -HUP httpd
    endscript
    }
  2. "/var/log/mail.log " /var/log/mail.info {
    missingok
    daily
    rotate 0
    create
    compress
    start 0
    }
  3. Note: Change rotate to whatever value is appropriate for your site.
    For example you can put a script into cron.daily to run log analysis before logrotate, which allows for the flagging of any untoward events and aggragate usage information before the log is erased. If your site is extremely busy, simply move logrotate out of cron.daily and put it into cron.hourly instead.
3. Remove source IP from all of your remote email users (I am assuming here that postfix is your MTA):
  1. Add this to your main.cf file:
    1. header_checks = regexp:/etc/postfix/maps/header_checks.regexp
  2. Add this to /etc/postfix/maps/header_checks.regexp:
    1. /^Date:/
      PREPEND Received: from [127.0.0.1]

    This will ensure that any remote connection to your site will leave your MTA with the original IP replaced by your localhost IP, and the date of transmission from the remote connection, erased
4. Erase system logs weekly:
This is basically the same proceedure as in step 1, supra. However since different systems have syslogs in different places, simply modify the general technique given to match your system. For example, you may wish to erase the system logs every day after first having a script in cron.daily analyse the logs and email me the aggregate analysis
5. Always use proxies.
Always show your users how to use proxies. Never surf the web without the intermediary of a proxy such as I describe here.
See my page on how to setup a proxy.

6. All email user accounts should be virtual.

Most ftp and mail deamons offer virtual accounts. Postfix, Courier Dovecot, Sftpd, etc. are all easy to set up with virutal accounts. Horde and even squirrelmail (with a plugin) work virtually. If you have some other software that absolutely must have fixed user accounts, run it on a computer which does not run any ports-facing-the-world daemons

 

.