From 39cbe1b4e7a94cbc027901bc1d8458314d182cff Mon Sep 17 00:00:00 2001
From: Fabian Keil <fk@fabiankeil.de>
Date: Thu, 4 Nov 2021 17:24:55 +0100
Subject: [PATCH 226/310] newsyslog.conf: Do not give world read permissions
 and don't compress stuff

Obtained from: ElectroBSD
---
 usr.sbin/newsyslog/newsyslog.conf | 39 ++++++++++++++-----------------
 1 file changed, 17 insertions(+), 22 deletions(-)

diff --git a/usr.sbin/newsyslog/newsyslog.conf b/usr.sbin/newsyslog/newsyslog.conf
index 80e8270935a1..c8a5ed16dbbd 100644
--- a/usr.sbin/newsyslog/newsyslog.conf
+++ b/usr.sbin/newsyslog/newsyslog.conf
@@ -8,29 +8,24 @@
 # is no process which needs to be signalled when a given log file is
 # rotated, then the entry for that file should include the 'N' flag.
 #
-# Note: some sites will want to select more restrictive protections than the
-# defaults.  In particular, it may be desirable to switch many of the 644
-# entries to 640 or 600.  For example, some sites will consider the
-# contents of maillog, messages, and lpd-errs to be confidential.  In the
-# future, these defaults may change to more conservative ones.
-#
 # logfilename          [owner:group]    mode count size when  flags [/pid_file] [sig_num]
-/var/log/all.log			600  7	   *	@T00  J
-/var/log/auth.log			600  7     1000 @0101T JC
-/var/log/console.log			600  5	   1000	*     J
-/var/log/cron				600  3	   1000	*     JC
-/var/log/daily.log			640  7	   *	@T00  JN
-/var/log/debug.log			600  7     1000 *     JC
-/var/log/init.log			644  3	   1000	*     J
-/var/log/kerberos.log			600  7	   1000	*     J
-/var/log/maillog			640  7	   *	@T00  JC
-/var/log/messages			644  5	   1000	@0101T JC
-/var/log/monthly.log			640  12	   *	$M1D0 JN
-/var/log/devd.log			644  3	   1000	*     JC
-/var/log/security			600  10	   1000	*     JC
-/var/log/utx.log			644  3	   *	@01T05 B
-/var/log/weekly.log			640  5	   *	$W6D0 JN
-/var/log/daemon.log			644  5	   1000	@0101T JC
+/var/log/all.log			600  7	   *	@T00
+/var/log/auth.log			600  7     1000 @0101T C
+/var/log/console.log			600  5	   1000	*
+/var/log/cron				600  3	   1000	*     C
+/var/log/daily.log			640  7	   *	@T00  N
+/var/log/debug.log			600  7     1000 *     C
+/var/log/init.log			640  3	   1000	*
+/var/log/kerberos.log			600  7	   1000	*
+/var/log/maillog			640  7	   *	@T00  C
+/var/log/messages			640  5	   1000	@0101T C
+/var/log/monthly.log			640  12	   *	$M1D0 N
+/var/log/devd.log			640  3	   1000	*     C
+/var/log/security			600  10	   1000	*     C
+/var/log/utx.log			640  3	   *	@01T05 B
+/var/log/weekly.log			640  5	   *	$W6D0 N
+/var/log/daemon.log			644  0	   1000	@0101T C
+
 
 <include> /etc/newsyslog.conf.d/[!.]*.conf
 <include> /usr/local/etc/newsyslog.conf.d/[!.]*.conf
-- 
2.37.1