From 9a3b531f8a731ed26c652425543e742feb5e2ff9 Mon Sep 17 00:00:00 2001
From: Fabian Keil <fk@fabiankeil.de>
Date: Mon, 11 May 2015 13:24:26 +0200
Subject: [PATCH 063/257] newsyslog.conf: Do not give world read permissions
 and don't compress stuff

Obtained from: ElectroBSD
---
 etc/newsyslog.conf | 46 ++++++++++++++++++++--------------------------
 1 file changed, 20 insertions(+), 26 deletions(-)

diff --git a/etc/newsyslog.conf b/etc/newsyslog.conf
index ab595cac61db..a40949390c1e 100644
--- a/etc/newsyslog.conf
+++ b/etc/newsyslog.conf
@@ -10,34 +10,28 @@
 #
 # The 'flags' field is one or more of the letters: BCDGJNUXZ or a '-'.
 #
-# Note: some sites will want to select more restrictive protections than the
-# defaults.  In particular, it may be desirable to switch many of the 644
-# entries to 640 or 600.  For example, some sites will consider the
-# contents of maillog, messages, and lpd-errs to be confidential.  In the
-# future, these defaults may change to more conservative ones.
-#
 # logfilename          [owner:group]    mode count size when  flags [/pid_file] [sig_num]
-/var/log/all.log			600  7	   *	@T00  J
-/var/log/amd.log			644  7	   100	*     J
-/var/log/auth.log			600  7     100  @0101T JC
-/var/log/console.log			600  5	   100	*     J
-/var/log/cron				600  3	   100	*     JC
-/var/log/daily.log			640  7	   *	@T00  JN
-/var/log/debug.log			600  7     100  *     JC
-/var/log/init.log			644  3	   100	*     J
-/var/log/kerberos.log			600  7	   100	*     J
-/var/log/lpd-errs			644  7	   100	*     JC
-/var/log/maillog			640  7	   *	@T00  JC
-/var/log/messages			644  5	   100	@0101T JC
-/var/log/monthly.log			640  12	   *	$M1D0 JN
-/var/log/pflog				600  3	   100	*     JB    /var/run/pflogd.pid
-/var/log/ppp.log	root:network	640  3	   100	*     JC
-/var/log/devd.log			644  3	   100	*     JC
-/var/log/security			600  10	   100	*     JC
+/var/log/all.log			600  7	   *	@T00
+/var/log/amd.log			640  7	   100	*
+/var/log/auth.log			600  7     100  @0101T C
+/var/log/console.log			600  5	   100	*
+/var/log/cron				600  3	   100	*     C
+/var/log/daily.log			640  7	   *	@T00  N
+/var/log/debug.log			600  7     100  *     C
+/var/log/init.log			640  3	   100	*
+/var/log/kerberos.log			600  7	   100	*
+/var/log/lpd-errs			640  7	   100	*     C
+/var/log/maillog			640  7	   *	@T00  C
+/var/log/messages			640  5	   100	@0101T C
+/var/log/monthly.log			640  12	   *	$M1D0 N
+/var/log/pflog				600  3	   100	*     B    /var/run/pflogd.pid
+/var/log/ppp.log	root:network	640  3	   100	*     C
+/var/log/devd.log			640  3	   100	*     C
+/var/log/security			600  10	   100	*     C
 /var/log/sendmail.st			640  10	   *	168   BN
-/var/log/utx.log			644  3	   *	@01T05 B
-/var/log/weekly.log			640  5	   *	$W6D0 JN
-/var/log/xferlog			600  7	   100	*     JC
+/var/log/utx.log			640  3	   *	@01T05 B
+/var/log/weekly.log			640  5	   *	$W6D0 N
+/var/log/xferlog			600  7	   100	*     C
 
 <include> /etc/newsyslog.conf.d/*
 <include> /usr/local/etc/newsyslog.conf.d/*
-- 
2.11.0