Secure VPN | Secure VPS | Private Email | Security Consultancy

+1(352) 325-6111 sales@whattheserver.me

SoftEther VPN Log Purging

Just posting up a cool script I made for ensuring not even server level logs are saved for SoftEther.

In the SoftEther documentation it tells how to disable the logs per VPN hub which we have done, but when doing the initial testing prior to launch we wanted to ensure absolutely no logs would ever be saved which would allow us to identify our users we noticed some without an option to disable.

https://www.softether.org/4-docs/1-manual/3._SoftEther_VPN_Server_Manual/3.A_Logging_Service

“3.10.2 Server Log

The server log is saved under the [server_log] directory. The entire VPN Server operating log is saved in the server log, which saves detailed operating records including event records upon the launch & termination of the VPN Server and when & what type of connections were received. Therefore, subsequent analysis of this log enables the tracing of unauthorized access and the cause of problems.

In addition, copies of each of the Virtual Hubs’ security logs are saved together in the server log so that even if a Virtual Hub Administrator sets the security log not to be saved, it is always saved automatically in the server log. Accordingly, even when the Virtual Hub Administrator does not save the Virtual Hub logs or deletes them, their contents can still be accessed from the VPN Server’s server log.”

So we set about to ensure that would not be possible even if enabled they would forcibly be removed every single minute via cron.

 

We wrote a bash script to use in a cron. Feel free to use and share if setting up your own SoftEther node this is an awesome easy way to ensure no logs.

#!/bin/bash
# as root use "nano /root/softetherlogpurge.sh" to create file and save the contents of this into it
# then execute "chmod +x /root/softetherlogpurge.sh" to make it executable
# "crontab -e" to add the line "* * * * * /root/softetherlogpurge.sh >/dev/null 2>&1" to setup all .logs for SofEther to be purged every minute.
# Script to Purge SoftEther Log
# Copyleft (C) 2018 WhatTheServer - All Rights Reserved
# Permission to copy and modify is granted under the CopyLeft license
# Last revised 6/6/2018
 
#Ensure packet logs are cleared if they ever get enabled
#truncate -s 0 /usr/local/vpnserver/packet_log/**/*.log
 
#Ensure security logs are cleared if they ever get enabled
#truncate -s 0 /usr/local/vpnserver/security_log/**/*.log
 
#Ensure softether server logs are cleared if they ever get enabled
#truncate -s 0 /usr/local/vpnserver/server_log/*.log
 
#Delete softether empty log file names
cd /usr/local/vpnserver/; find -name '*.log' -delete

Super simple to fetch and use with your SoftEther VPN Server as root

wget -O /root/softetherlogpurge.sh https://whattheserver.me/softether-scripts/softetherlogpurge.sh
dos2unix /root/softetherlogpurge.sh
chmod +x /root/softetherlogpurge.sh

To add a cron

crontab -e

add this to bottom

* * * * * /root/softetherlogpurge.sh >/dev/null 2>&1