<html xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40"><head><meta http-equiv=Content-Type content="text/html; charset=utf-8"><meta name=Generator content="Microsoft Word 15 (filtered medium)"><style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0cm;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
p.msonormal0, li.msonormal0, div.msonormal0
{mso-style-name:msonormal;
mso-margin-top-alt:auto;
margin-right:0cm;
mso-margin-bottom-alt:auto;
margin-left:0cm;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}
span.EmailStyle18
{mso-style-type:personal-reply;
font-family:"Calibri",sans-serif;
color:windowtext;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:612.0pt 792.0pt;
margin:70.85pt 70.85pt 2.0cm 70.85pt;}
div.WordSection1
{page:WordSection1;}
--></style></head><body lang=DE link=blue vlink=purple><div class=WordSection1><p class=MsoNormal><span lang=EN-US>Hi Michael<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>None of my 5207/5208 servers seem to have received this, although last yum update was 02.05.2018 (and a manual yum update says no updates available)<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>A test 5209 does have the option..<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>Am I missing something? <o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>Best regards<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>Janwillem<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US><o:p> </o:p></span></p><div style='border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0cm 0cm 0cm'><p class=MsoNormal><b><span style='font-size:12.0pt;color:black'>From: </span></b><span style='font-size:12.0pt;color:black'>Blueonyx <blueonyx-bounces@mail.blueonyx.it> on behalf of Michael Stauber <mstauber@blueonyx.it><br><b>Organization: </b>Team BlueOnyx (www.blueonyx.it)<br><b>Reply-To: </b>BlueOnyx General Mailing List <blueonyx@mail.blueonyx.it><br><b>Date: </b>Tuesday, 1. May 2018 at 04:45<br><b>To: </b><blueonyx@mail.blueonyx.it><br><b>Subject: </b>[BlueOnyx:21992] 5207R, 5208R and 5209R: EU-GDPR & EU-DSGVO compliance updates released<o:p></o:p></span></p></div><div><p class=MsoNormal><o:p> </o:p></p></div><div><p class=MsoNormal><a name="_MailOriginalBody">Hi all,<o:p></o:p></a></p></div><div><p class=MsoNormal><span style='mso-bookmark:_MailOriginalBody'><o:p> </o:p></span></p></div><div><p class=MsoNormal><span style='mso-bookmark:_MailOriginalBody'>We already discussed the upcoming deadline of 25th May 2018 until which<o:p></o:p></span></p></div><div><p class=MsoNormal><span style='mso-bookmark:_MailOriginalBody'>EU businesses must certify compliance under the new EU-GDPR (or in<o:p></o:p></span></p></div><div><p class=MsoNormal><span style='mso-bookmark:_MailOriginalBody'>German: EU-DSGVO) regulations.<o:p></o:p></span></p></div><div><p class=MsoNormal><span style='mso-bookmark:_MailOriginalBody'><o:p> </o:p></span></p></div><div><p class=MsoNormal><span style='mso-bookmark:_MailOriginalBody'>The prior discussion can be found under this headline:<o:p></o:p></span></p></div><div><p class=MsoNormal><span style='mso-bookmark:_MailOriginalBody'><o:p> </o:p></span></p></div><div><p class=MsoNormal><span style='mso-bookmark:_MailOriginalBody'>[BlueOnyx:21882] Re: EU-DSGVO - anonymize ip addresses in apache<o:p></o:p></span></p></div><div><p class=MsoNormal><span style='mso-bookmark:_MailOriginalBody'>logfiles / other logfiles?<o:p></o:p></span></p></div><div><p class=MsoNormal><span style='mso-bookmark:_MailOriginalBody'><o:p> </o:p></span></p></div><div><p class=MsoNormal><span style='mso-bookmark:_MailOriginalBody'>I just published YUM updates for 5207Rm 5208R and 5209R which should<o:p></o:p></span></p></div><div><p class=MsoNormal><span style='mso-bookmark:_MailOriginalBody'>assist BlueOnyx server owners in the task of getting their servers<o:p></o:p></span></p></div><div><p class=MsoNormal><span style='mso-bookmark:_MailOriginalBody'>compliant.<o:p></o:p></span></p></div><div><p class=MsoNormal><span style='mso-bookmark:_MailOriginalBody'><o:p> </o:p></span></p></div><div><p class=MsoNormal><span style='mso-bookmark:_MailOriginalBody'>Now as it is with any legal stuff I'll have to throw in the standard<o:p></o:p></span></p></div><div><p class=MsoNormal><span style='mso-bookmark:_MailOriginalBody'>disclaimer: I am no lawyer nor should anything I say be taken as legal<o:p></o:p></span></p></div><div><p class=MsoNormal><span style='mso-bookmark:_MailOriginalBody'>advice.<o:p></o:p></span></p></div><div><p class=MsoNormal><span style='mso-bookmark:_MailOriginalBody'><o:p> </o:p></span></p></div><div><p class=MsoNormal><span style='mso-bookmark:_MailOriginalBody'>However: Just ticking a few checkboxes in the GUI will not make any<o:p></o:p></span></p></div><div><p class=MsoNormal><span style='mso-bookmark:_MailOriginalBody'>BlueOnyx "street legal" in the sense of the EU-GDPR/EU-DSGVO. Those who<o:p></o:p></span></p></div><div><p class=MsoNormal><span style='mso-bookmark:_MailOriginalBody'>are already familiar with the topic will know that proper certification<o:p></o:p></span></p></div><div><p class=MsoNormal><span style='mso-bookmark:_MailOriginalBody'>and compliance requires a thorough audit of servers, software, internal<o:p></o:p></span></p></div><div><p class=MsoNormal><span style='mso-bookmark:_MailOriginalBody'>procedures, record keeping, consent tracking and what not. (Am I glad<o:p></o:p></span></p></div><div><p class=MsoNormal><span style='mso-bookmark:_MailOriginalBody'>that I don't live in the EU anymore!)<o:p></o:p></span></p></div><div><p class=MsoNormal><span style='mso-bookmark:_MailOriginalBody'><o:p> </o:p></span></p></div><div><p class=MsoNormal><span style='mso-bookmark:_MailOriginalBody'>But BlueOnyx now has an extra GUI page and some built in features that<o:p></o:p></span></p></div><div><p class=MsoNormal><span style='mso-bookmark:_MailOriginalBody'>help you to jump the new extra-hurdles that the clowns in Brussels have<o:p></o:p></span></p></div><div><p class=MsoNormal><span style='mso-bookmark:_MailOriginalBody'>set up for you.<o:p></o:p></span></p></div><div><p class=MsoNormal><span style='mso-bookmark:_MailOriginalBody'><o:p> </o:p></span></p></div><div><p class=MsoNormal><span style='mso-bookmark:_MailOriginalBody'>You can read in detail about it here:<o:p></o:p></span></p></div><div><p class=MsoNormal><span style='mso-bookmark:_MailOriginalBody'><o:p> </o:p></span></p></div><div><p class=MsoNormal><span style='mso-bookmark:_MailOriginalBody'></span><a href="https://www.blueonyx.it/index.php?page=gdpr-dsgvo"><span style='mso-bookmark:_MailOriginalBody'>https://www.blueonyx.it/index.php?page=gdpr-dsgvo</span><span style='mso-bookmark:_MailOriginalBody'></span></a><span style='mso-bookmark:_MailOriginalBody'><o:p></o:p></span></p></div><div><p class=MsoNormal><span style='mso-bookmark:_MailOriginalBody'><o:p> </o:p></span></p></div><div><p class=MsoNormal><span style='mso-bookmark:_MailOriginalBody'>It has also a screenshot of the new GUI page, which you can find under<o:p></o:p></span></p></div><div><p class=MsoNormal><span style='mso-bookmark:_MailOriginalBody'>"Server Management" / "System Settings" / "Data Retention".<o:p></o:p></span></p></div><div><p class=MsoNormal><span style='mso-bookmark:_MailOriginalBody'><o:p> </o:p></span></p></div><div><p class=MsoNormal><span style='mso-bookmark:_MailOriginalBody'>Once you have these updates installed only two things will change<o:p></o:p></span></p></div><div><p class=MsoNormal><span style='mso-bookmark:_MailOriginalBody'>(mandatory) and all the rest is optional and can be configured via this<o:p></o:p></span></p></div><div><p class=MsoNormal><span style='mso-bookmark:_MailOriginalBody'>new GUI page:<o:p></o:p></span></p></div><div><p class=MsoNormal><span style='mso-bookmark:_MailOriginalBody'><o:p> </o:p></span></p></div><div><p class=MsoNormal><span style='mso-bookmark:_MailOriginalBody'>Change #1: Logfiles in /var/log will only be retained for 14 days. It<o:p></o:p></span></p></div><div><p class=MsoNormal><span style='mso-bookmark:_MailOriginalBody'>used to be four weeks, but now it has been cut in half to err on the<o:p></o:p></span></p></div><div><p class=MsoNormal><span style='mso-bookmark:_MailOriginalBody'>safe side of things.<o:p></o:p></span></p></div><div><p class=MsoNormal><span style='mso-bookmark:_MailOriginalBody'><o:p> </o:p></span></p></div><div><p class=MsoNormal><span style='mso-bookmark:_MailOriginalBody'>Change #2: Logfiles stored under Vsites (like: /home/sites/<site>/logs/)<o:p></o:p></span></p></div><div><p class=MsoNormal><span style='mso-bookmark:_MailOriginalBody'>now only inherit logfile snippets related to their Vsites which already<o:p></o:p></span></p></div><div><p class=MsoNormal><span style='mso-bookmark:_MailOriginalBody'>have the IPv4 or IPv6 addresses of visitors already anonymized. IPv4 IPs<o:p></o:p></span></p></div><div><p class=MsoNormal><span style='mso-bookmark:_MailOriginalBody'>get their last octet set to '0' and IPv6 IPs loose their least<o:p></o:p></span></p></div><div><p class=MsoNormal><span style='mso-bookmark:_MailOriginalBody'>significant byte, providing sufficient anonymization, yet still allow<o:p></o:p></span></p></div><div><p class=MsoNormal><span style='mso-bookmark:_MailOriginalBody'>attributability of traffic to some degree. As the data there is only<o:p></o:p></span></p></div><div><p class=MsoNormal><span style='mso-bookmark:_MailOriginalBody'>uses for historical or statistical purpose we can live with that.<o:p></o:p></span></p></div><div><p class=MsoNormal><span style='mso-bookmark:_MailOriginalBody'><o:p> </o:p></span></p></div><div><p class=MsoNormal><span style='mso-bookmark:_MailOriginalBody'>However: This does NOT affect any data that has already been aggregated<o:p></o:p></span></p></div><div><p class=MsoNormal><span style='mso-bookmark:_MailOriginalBody'>before these updates got installed.<o:p></o:p></span></p></div><div><p class=MsoNormal><span style='mso-bookmark:_MailOriginalBody'><o:p> </o:p></span></p></div><div><p class=MsoNormal><span style='mso-bookmark:_MailOriginalBody'>Means: You may still end up with Vsites that have 5 years worth of<o:p></o:p></span></p></div><div><p class=MsoNormal><span style='mso-bookmark:_MailOriginalBody'>logfiles with full IP addresses stored in their own logs directory.<o:p></o:p></span></p></div><div><p class=MsoNormal><span style='mso-bookmark:_MailOriginalBody'><o:p> </o:p></span></p></div><div><p class=MsoNormal><span style='mso-bookmark:_MailOriginalBody'>For that reason the new GUI page allows you to purge both the server as<o:p></o:p></span></p></div><div><p class=MsoNormal><span style='mso-bookmark:_MailOriginalBody'>well as all Vsites of historical log data that was set aside for<o:p></o:p></span></p></div><div><p class=MsoNormal><span style='mso-bookmark:_MailOriginalBody'>statistical reasons.<o:p></o:p></span></p></div><div><p class=MsoNormal><span style='mso-bookmark:_MailOriginalBody'><o:p> </o:p></span></p></div><div><p class=MsoNormal><span style='mso-bookmark:_MailOriginalBody'>Checkbox "Purge Usage Statistics" wipes the /logs/ directory of Vsites.<o:p></o:p></span></p></div><div><p class=MsoNormal><span style='mso-bookmark:_MailOriginalBody'><o:p> </o:p></span></p></div><div><p class=MsoNormal><span style='mso-bookmark:_MailOriginalBody'>Checkbox "Purge Webalizer" cleans out all Webalizer directories.<o:p></o:p></span></p></div><div><p class=MsoNormal><span style='mso-bookmark:_MailOriginalBody'><o:p> </o:p></span></p></div><div><p class=MsoNormal><span style='mso-bookmark:_MailOriginalBody'>Checkbox "Purge AWStas" only shows up if you have our AWStats PKG<o:p></o:p></span></p></div><div><p class=MsoNormal><span style='mso-bookmark:_MailOriginalBody'>installed and likewise allows you to remove all historical AWStats<o:p></o:p></span></p></div><div><p class=MsoNormal><span style='mso-bookmark:_MailOriginalBody'>statistic files.<o:p></o:p></span></p></div><div><p class=MsoNormal><span style='mso-bookmark:_MailOriginalBody'><o:p> </o:p></span></p></div><div><p class=MsoNormal><span style='mso-bookmark:_MailOriginalBody'>Additionally you can configure SendmailAnalyzer to anonymize whatever<o:p></o:p></span></p></div><div><p class=MsoNormal><span style='mso-bookmark:_MailOriginalBody'>data it gathers for the onboard email statistics by setting a checkbox.<o:p></o:p></span></p></div><div><p class=MsoNormal><span style='mso-bookmark:_MailOriginalBody'><o:p> </o:p></span></p></div><div><p class=MsoNormal><span style='mso-bookmark:_MailOriginalBody'>That - of course - does not retroactively anonymize any data that has<o:p></o:p></span></p></div><div><p class=MsoNormal><span style='mso-bookmark:_MailOriginalBody'>already been gathered. But there is a separate checkbox for that purpose<o:p></o:p></span></p></div><div><p class=MsoNormal><span style='mso-bookmark:_MailOriginalBody'>which allows you to remove all SendmailAnalyzer data files.<o:p></o:p></span></p></div><div><p class=MsoNormal><span style='mso-bookmark:_MailOriginalBody'><o:p> </o:p></span></p></div><div><p class=MsoNormal><span style='mso-bookmark:_MailOriginalBody'>Lastly: If the AV-SPAM is installed this GUI page allows you to<o:p></o:p></span></p></div><div><p class=MsoNormal><span style='mso-bookmark:_MailOriginalBody'>configure that the Milter-GeoIP database records will be automatically<o:p></o:p></span></p></div><div><p class=MsoNormal><span style='mso-bookmark:_MailOriginalBody'>expired once they reach a certain age. The age at which it does expire<o:p></o:p></span></p></div><div><p class=MsoNormal><span style='mso-bookmark:_MailOriginalBody'>these SQL records is identical to the one in the "Vsite Usage<o:p></o:p></span></p></div><div><p class=MsoNormal><span style='mso-bookmark:_MailOriginalBody'>Information" pulldown on top of this page.<o:p></o:p></span></p></div><div><p class=MsoNormal><span style='mso-bookmark:_MailOriginalBody'><o:p> </o:p></span></p></div><div><p class=MsoNormal><span style='mso-bookmark:_MailOriginalBody'><o:p> </o:p></span></p></div><div><p class=MsoNormal><span style='mso-bookmark:_MailOriginalBody'>"Vsite Usage Information" (Pulldown). The default is 5 years.<o:p></o:p></span></p></div><div><p class=MsoNormal><span style='mso-bookmark:_MailOriginalBody'>--------------------------------------------------------------<o:p></o:p></span></p></div><div><p class=MsoNormal><span style='mso-bookmark:_MailOriginalBody'><o:p> </o:p></span></p></div><div><p class=MsoNormal><span style='mso-bookmark:_MailOriginalBody'>Means:<o:p></o:p></span></p></div><div><p class=MsoNormal><span style='mso-bookmark:_MailOriginalBody'><o:p> </o:p></span></p></div><div><p class=MsoNormal><span style='mso-bookmark:_MailOriginalBody'>- The logs of Vsites are kept that long.<o:p></o:p></span></p></div><div><p class=MsoNormal><span style='mso-bookmark:_MailOriginalBody'>- SendmailAnalyzer will keep its records that long.<o:p></o:p></span></p></div><div><p class=MsoNormal><span style='mso-bookmark:_MailOriginalBody'><o:p> </o:p></span></p></div><div><p class=MsoNormal><span style='mso-bookmark:_MailOriginalBody'>A daily cronjob purges data that is older than that.<o:p></o:p></span></p></div><div><p class=MsoNormal><span style='mso-bookmark:_MailOriginalBody'><o:p> </o:p></span></p></div><div><p class=MsoNormal><span style='mso-bookmark:_MailOriginalBody'>Individual Vsites might have different retention periods configured for<o:p></o:p></span></p></div><div><p class=MsoNormal><span style='mso-bookmark:_MailOriginalBody'>their logfiles and statistics.<o:p></o:p></span></p></div><div><p class=MsoNormal><span style='mso-bookmark:_MailOriginalBody'><o:p> </o:p></span></p></div><div><p class=MsoNormal><span style='mso-bookmark:_MailOriginalBody'>However: If you now set this "Vsite Usage Information" to something<o:p></o:p></span></p></div><div><p class=MsoNormal><span style='mso-bookmark:_MailOriginalBody'>different like "1 year", then all Vsites that currently have their<o:p></o:p></span></p></div><div><p class=MsoNormal><span style='mso-bookmark:_MailOriginalBody'>retention period configured for *more* than one year will have it<o:p></o:p></span></p></div><div><p class=MsoNormal><span style='mso-bookmark:_MailOriginalBody'>reduced to "1 year". Furthermore no Vsite may change this value again to<o:p></o:p></span></p></div><div><p class=MsoNormal><span style='mso-bookmark:_MailOriginalBody'>something higher. Lower? Yes. Higher? No.<o:p></o:p></span></p></div><div><p class=MsoNormal><span style='mso-bookmark:_MailOriginalBody'><o:p> </o:p></span></p></div><div><p class=MsoNormal><span style='mso-bookmark:_MailOriginalBody'>That way you can make sure that your siteAdmins don't keep their<o:p></o:p></span></p></div><div><p class=MsoNormal><span style='mso-bookmark:_MailOriginalBody'>logfiles indefinitely or for longer than you are comfortable with.<o:p></o:p></span></p></div><div><p class=MsoNormal><span style='mso-bookmark:_MailOriginalBody'><o:p> </o:p></span></p></div><div><p class=MsoNormal><span style='mso-bookmark:_MailOriginalBody'>The AV-SPAM will also use this new maximum for expiring MySQL data if<o:p></o:p></span></p></div><div><p class=MsoNormal><span style='mso-bookmark:_MailOriginalBody'>the checkbox "AV-SPAM data expiry" is ticked.<o:p></o:p></span></p></div><div><p class=MsoNormal><span style='mso-bookmark:_MailOriginalBody'><o:p> </o:p></span></p></div><div><p class=MsoNormal><span style='mso-bookmark:_MailOriginalBody'>I think that should cover BlueOnyx and EU-GDPR & EU-DSGVO compliance<o:p></o:p></span></p></div><div><p class=MsoNormal><span style='mso-bookmark:_MailOriginalBody'>from a vendor point of view.<o:p></o:p></span></p></div><div><p class=MsoNormal><span style='mso-bookmark:_MailOriginalBody'><o:p> </o:p></span></p></div><div><p class=MsoNormal><span style='mso-bookmark:_MailOriginalBody'>Let me know if you have any questions.<o:p></o:p></span></p></div><div><p class=MsoNormal><span style='mso-bookmark:_MailOriginalBody'><o:p> </o:p></span></p></div><div><p class=MsoNormal><span style='mso-bookmark:_MailOriginalBody'>-- <o:p></o:p></span></p></div><div><p class=MsoNormal><span style='mso-bookmark:_MailOriginalBody'>With best regards<o:p></o:p></span></p></div><div><p class=MsoNormal><span style='mso-bookmark:_MailOriginalBody'><o:p> </o:p></span></p></div><div><p class=MsoNormal><span style='mso-bookmark:_MailOriginalBody'>Michael Stauber<o:p></o:p></span></p></div><div><p class=MsoNormal><span style='mso-bookmark:_MailOriginalBody'>_______________________________________________<o:p></o:p></span></p></div><div><p class=MsoNormal><span style='mso-bookmark:_MailOriginalBody'>Blueonyx mailing list<o:p></o:p></span></p></div><div><p class=MsoNormal><span style='mso-bookmark:_MailOriginalBody'></span><a href="mailto:Blueonyx@mail.blueonyx.it"><span style='mso-bookmark:_MailOriginalBody'>Blueonyx@mail.blueonyx.it</span><span style='mso-bookmark:_MailOriginalBody'></span></a><span style='mso-bookmark:_MailOriginalBody'><o:p></o:p></span></p></div><div><p class=MsoNormal><span style='mso-bookmark:_MailOriginalBody'></span><a href="http://mail.blueonyx.it/mailman/listinfo/blueonyx"><span style='mso-bookmark:_MailOriginalBody'>http://mail.blueonyx.it/mailman/listinfo/blueonyx</span><span style='mso-bookmark:_MailOriginalBody'></span></a><span style='mso-bookmark:_MailOriginalBody'><o:p></o:p></span></p></div><div><p class=MsoNormal><span style='mso-bookmark:_MailOriginalBody'><o:p> </o:p></span></p></div></div></body></html>