Do you want to set up an anonymous server on Debian and fully protect your data? In our article you will find a practical guide: how to disable logs (wtmp, journalctl, auth.log), set up disk encryption, configure temporary storage of log files and securely delete data without leaving any traces. Everything is step-by-step, simple, with commands.
The updated Debian server setup guide will help you ensure maximum privacy and data protection. The material is intended for both beginners and experienced users who want to minimize digital traces, make system logs unreadable, and make it impossible to recover deleted data, especially in the event of a server being taken away for forensic examination.
It contains proven practices, detailed instructions, and working examples that allow you to set up a server with a high level of privacy step by step. The main goal is to create a system in which logs are either not stored at all or are not subject to analysis, and the contents of the disk are reliably protected from recovery.
The article discusses methods for disabling log storage (wtmp, lastlog, journalctl, syslog, auth.log), setting up full disk encryption, and regularly cleaning residual data. Both basic solutions suitable for beginners and more technically complex options for advanced users are offered.
As a result, the server becomes as protected as possible from digital forensics and ready for scenarios where security and privacy are of paramount importance.
Logs are files that the system automatically records information about events that occur. They are useful for diagnostics, but can be a problem if you want to hide your activity. Here are the main logs we will work with:
wtmp: Records user logins and logouts. Path: /var/log/wtmp
lastlog: Stores the last login of each user. Path: /var/log/lastlog
journalctl: Systemd’s log, which collects logs from various services. Can be stored on disk or in memory.
syslog: General system messages. Path: /var/log/syslog
auth.log: Authentication logs, such as SSH login attempts. Path: /var/log/auth.log
These files contain information about who did what on the server, when, and what. To make them unreadable, we will either disable disk writing or configure the system to delete them on reboot. Let’s see how to do this step by step.
The wtmp file records all user logins and logouts. To disable it:
1. Open the file for editing:
nano /etc/tmpfiles.d/var.conf
2. Find the line related to wtmp (for example, f /var/log/wtmp – root utmp 0664) and comment it out by adding # at the beginning:
#f /var/log/wtmp - root utmp 0664
3. Save changes (Ctrl+O, Enter, Ctrl+X)
In newer versions of Debian, this file may not exist. In this case, we use an alternative method:
1. Disable services that write to wtmp:
systemctl disable systemd-update-utmp systemctl disable systemd-update-utmp-runlevel
These commands prevent services from starting at system boot.
2. Delete the existing wtmp file:
rm /var/log/wtmp
Additional measure: Symbolic link
3. Create a link to /dev/null so that any attempts to write to wtmp are ignored:
ln -s /dev/null /var/log/wtmp
Note: Some processes may expect wtmp to be a regular file, not a link, but this usually does not affect system performance in any way.
Security rating: ★★★★ ★ – No logs are written, but other data sources may remain.
The lastlog file stores information about each user’s last login. To minimize it:
1. Clear the file and make it immutable:
> /var/log/lastlog chattr +i /var/log/lastlog
The first command clears the file, the second prevents it from being updated. You can clear the file in another way, use any method that is convenient for you.
2. Configure PAM so that lastlog is not updated:
Open the file /etc/pam.d/common-session:
nano /etc/pam.d/common-session
Add or change the line:
session optional pam_lastlog.so noupdate
Save and Exit
Security Rating: ★★★ ★★ – Effective for lastlog, but other logs may contain data.
Journalctl is a systemd journal that saves logs to disk by default. To make them temporary:
1. Open the configuration file:
nano /etc/systemd/journald.conf
2. Find the [Journal] section and add or change the line:
[Journal] Storage=volatile
This will force the system to store logs only in memory (/run/log/journal) and they will disappear on reboot.
3. Restart the service:
systemctl restart systemd-journald
Security rating: ★★★★★★ – Logs are not saved to disk, which makes their analysis much more difficult.
These logs are managed by the rsyslog service.
1. Open the configuration file:
nano /etc/rsyslog.conf
2. Delete or comment out all lines of the form:
*.*;auth,authpriv.none -/var/log/syslog auth,authpriv.* /var/log/auth.log cron.* -/var/log/cron.log kern.* -/var/log/kern.log mail.* -/var/log/mail.log user.* -/var/log/user.log *.emerg :omusrmsg:*
3. Add the following line to the end:
*.* /dev/null
This will redirect all logs to the “black hole”
4. Restart the service:
systemctl restart rsyslog
Alternative: Disable rsyslog completely
systemctl stop rsyslog systemctl disable rsyslog
Note: This may affect the operation of some services, software, etc., as they may depend on logging.
Security rating: ★★★★ ★ – Logs are not written, but check if they are created by other means.
If you are using OpenSSH, it writes logs to auth.log. To reduce their size:
1. Open the SSH configuration file:
nano /etc/ssh/sshd_config
2. Find the LogLevel line and change it to QUIET:
LogLevel QUIET
3. Restart the SSH service:
systemctl restart sshd
Security Rating: ★★★ ★★ – Reduces logging, but does not completely disable it
To protect your data from recovery, configure Full Disk Encryption during your Debian installation. This ensures that all data on the disk is encrypted and cannot be read without a password, even if the server is physically removed.
During installation, select the option “Guided – use entire disk and set up encrypted LVM”.
Specify the disk to install to.
Select encryption and enter a strong password.
Note for hosting: If the host allows you to install any OS from iso on the server, then it is not difficult for you to encrypt the disk, but if the host does not provide such an opportunity – then create additional encrypted partitions and work on them.
Encryption protects not only existing files, but also deleted data that could be recovered. Even if someone gains access to the disk, without a key they will only see a random set of characters.
Security rating: ★★★★★ – Maximum protection if the password is complex enough.
Normal file systems such as ext4, Xfs or Btrfs do not prevent the recovery of deleted data. Therefore, encryption is the best choice for the paranoid.
Simply deleting files (the rm command) does not erase the data from the disk – they can be recovered using tools like R-Studio.
Install the packages for secure deletion:
apt-get install secure-delete wipe -y
1. shred – Overwrites a file with random data and deletes:
shred -u file.txt
2. srm – Securely deletes a file by overwriting it multiple times:
srm file.txt
3. wipe – A similar overwrite tool:
wipe file.txt
4. dd – Fills a file with zeros before deleting:
dd if=/dev/zero of=file.txt rm file.txt
To overwrite free space on a disk and prevent old files from being restored:
Use sfill:
sfill -f /path/to/directory
Or manually using dd:
dd if=/dev/zero of=/home/zero bs=1M rm /tmp/zero
For greater security, use random data:
dd if=/dev/urandom of=/home/random bs=1M rm /tmp/random
Security Rating: ★★★★★ – Overwriting makes recovery virtually impossible
Here is a summary table with the security rating of each method (from ★ ★★★★ – minimum protection, to ★★★★★ – maximum):
If you’re new to servers, you might be thinking, “Why would I want this?” Imagine that your server is taken down for inspection. Without these precautions, it’s easy for experts to find out what you’ve been doing, what files you’ve created, and when you’ve logged in. Disabling logs and encryption is your shield.
1. Install Debian with encryption (select “encrypted LVM” during installation).
2. Run the commands to disable wtmp:
systemctl disable systemd-update-utmp rm /var/log/wtmp ln -s /dev/null /var/log/wtmp
3. Set journalctl to volatile:
nano /etc/systemd/journald.conf # Добавить: Storage=volatile systemctl restart systemd-journald
4. Install shred and delete files securely:
shred -u file.txt
Weak password for encryption: Use a long password with letters, numbers, and symbols.
Skip reboot: After configuring journalctl, reboot the server to make sure that no logs are persisted.
Normal deletion: Do not use rm without overwriting – the data will remain on the disk.
Now you have a complete guide to making your Debian server secure and hidden from prying eyes. Disabling logs (wtmp, lastlog, journalctl, syslog, auth.log), setting up full disk encryption, and regularly securely deleting files will help protect your activity and data. Even if the server is taken down without a password and the data is overwritten, it will be almost impossible to recover anything.
Combine these methods for maximum protection:
Encrypt the disk during installation.
Disable all logs or configure them in memory.
Use shred, srm, or sfill to clean up data.
If you are a beginner, start with simple steps and gradually master more complex settings. For experienced users, this article is a cheat sheet with proven methods. Your privacy is in your hands! In fact, there are quite a few methods for finding your activity data, in the article I described only the “basic” ones so that you have an understanding of how everything works.
76 
228 
431 