Hello qube heads. I am new to whole “logging” thing because i havent bothered about thinking it before, i mean system logs.
They say rotating logs is the way, not deleting or disabling im i right here? How to “rotate” logs on example debian vm? With noob friendly command please
So if police comes and takes my pc the logs are not understandable
If you make system journal volatile, it won’t survive rebooting. In your template:
sudo sed -ri 's/#Storage=.*/Storage=volatile/g' /etc/systemd/journald.conf
For rotating, read man journalctl.
Xen and Qubes specific logs are separate from system journal.
So if police comes and takes my pc the logs are not understandable
They have to decrypt your drive first. If they do this, your logs are your smallest concern.
Qubes is not privacy or anti-forensics focused.
This might be helpful for you:
Why would one use a security-focused OS, which take special measures to isolate VMs, and gather all the logs of all VMs (sensitive data which any attacker would love to have) in a single domU?
Because it depends on what you want to use it for. (I.E. what they mean when they say “depends on your threat model”)