Hi Michael None of my 5207/5208 servers seem to have received this, although last yum update was 02.05.2018 (and a manual yum update says no updates available)
A test 5209 does have the option.. Am I missing something? Best regards Janwillem From: Blueonyx <blueonyx-boun...@mail.blueonyx.it> on behalf of Michael Stauber <mstau...@blueonyx.it> Organization: Team BlueOnyx (www.blueonyx.it) Reply-To: BlueOnyx General Mailing List <blueonyx@mail.blueonyx.it> Date: Tuesday, 1. May 2018 at 04:45 To: <blueonyx@mail.blueonyx.it> Subject: [BlueOnyx:21992] 5207R, 5208R and 5209R: EU-GDPR & EU-DSGVO compliance updates released Hi all, We already discussed the upcoming deadline of 25th May 2018 until which EU businesses must certify compliance under the new EU-GDPR (or in German: EU-DSGVO) regulations. The prior discussion can be found under this headline: [BlueOnyx:21882] Re: EU-DSGVO - anonymize ip addresses in apache logfiles / other logfiles? I just published YUM updates for 5207Rm 5208R and 5209R which should assist BlueOnyx server owners in the task of getting their servers compliant. Now as it is with any legal stuff I'll have to throw in the standard disclaimer: I am no lawyer nor should anything I say be taken as legal advice. However: Just ticking a few checkboxes in the GUI will not make any BlueOnyx "street legal" in the sense of the EU-GDPR/EU-DSGVO. Those who are already familiar with the topic will know that proper certification and compliance requires a thorough audit of servers, software, internal procedures, record keeping, consent tracking and what not. (Am I glad that I don't live in the EU anymore!) But BlueOnyx now has an extra GUI page and some built in features that help you to jump the new extra-hurdles that the clowns in Brussels have set up for you. You can read in detail about it here: https://www.blueonyx.it/index.php?page=gdpr-dsgvo It has also a screenshot of the new GUI page, which you can find under "Server Management" / "System Settings" / "Data Retention". Once you have these updates installed only two things will change (mandatory) and all the rest is optional and can be configured via this new GUI page: Change #1: Logfiles in /var/log will only be retained for 14 days. It used to be four weeks, but now it has been cut in half to err on the safe side of things. Change #2: Logfiles stored under Vsites (like: /home/sites/<site>/logs/) now only inherit logfile snippets related to their Vsites which already have the IPv4 or IPv6 addresses of visitors already anonymized. IPv4 IPs get their last octet set to '0' and IPv6 IPs loose their least significant byte, providing sufficient anonymization, yet still allow attributability of traffic to some degree. As the data there is only uses for historical or statistical purpose we can live with that. However: This does NOT affect any data that has already been aggregated before these updates got installed. Means: You may still end up with Vsites that have 5 years worth of logfiles with full IP addresses stored in their own logs directory. For that reason the new GUI page allows you to purge both the server as well as all Vsites of historical log data that was set aside for statistical reasons. Checkbox "Purge Usage Statistics" wipes the /logs/ directory of Vsites. Checkbox "Purge Webalizer" cleans out all Webalizer directories. Checkbox "Purge AWStas" only shows up if you have our AWStats PKG installed and likewise allows you to remove all historical AWStats statistic files. Additionally you can configure SendmailAnalyzer to anonymize whatever data it gathers for the onboard email statistics by setting a checkbox. That - of course - does not retroactively anonymize any data that has already been gathered. But there is a separate checkbox for that purpose which allows you to remove all SendmailAnalyzer data files. Lastly: If the AV-SPAM is installed this GUI page allows you to configure that the Milter-GeoIP database records will be automatically expired once they reach a certain age. The age at which it does expire these SQL records is identical to the one in the "Vsite Usage Information" pulldown on top of this page. "Vsite Usage Information" (Pulldown). The default is 5 years. -------------------------------------------------------------- Means: - The logs of Vsites are kept that long. - SendmailAnalyzer will keep its records that long. A daily cronjob purges data that is older than that. Individual Vsites might have different retention periods configured for their logfiles and statistics. However: If you now set this "Vsite Usage Information" to something different like "1 year", then all Vsites that currently have their retention period configured for *more* than one year will have it reduced to "1 year". Furthermore no Vsite may change this value again to something higher. Lower? Yes. Higher? No. That way you can make sure that your siteAdmins don't keep their logfiles indefinitely or for longer than you are comfortable with. The AV-SPAM will also use this new maximum for expiring MySQL data if the checkbox "AV-SPAM data expiry" is ticked. I think that should cover BlueOnyx and EU-GDPR & EU-DSGVO compliance from a vendor point of view. Let me know if you have any questions. -- With best regards Michael Stauber _______________________________________________ Blueonyx mailing list Blueonyx@mail.blueonyx.it http://mail.blueonyx.it/mailman/listinfo/blueonyx
_______________________________________________ Blueonyx mailing list Blueonyx@mail.blueonyx.it http://mail.blueonyx.it/mailman/listinfo/blueonyx