optimize logging disable

moose.sh

@@ -144,24 +144,30 @@ if [[ -n $hostname_var ]]; then
     fi
 fi
 
-
 if [ "$disable_logging" = true ]; then
-    systemctl disable --now rsyslog
-    systemctl disable --now systemd-journald
-    systemctl disable --now systemd-journald.socket
-    systemctl disable --now systemd-journald-dev-log.socket
-    systemctl disable --now auditd
+    # Files to modify and make read-only and immutable
+    log_files=("/var/log/wtmp" "/var/log/btmp" "/var/run/utmp" "/var/log/lastlog")
 
-    # Make logs read-only
-    chmod 444 /var/log/wtmp
-    chmod 444 /var/log/btmp
-    chmod 444 /var/run/utmp
-    chmod 444 /var/log/lastlog
+    # Disable logging services
+    for service in rsyslog systemd-journald systemd-journald.socket systemd-journald-dev-log.socket auditd logrotate logrotate.timer; do
+        if systemctl is-active --quiet "$service"; then
+            systemctl disable --now "$service"
+        fi
+    done
 
-    systemctl disable --now logrotate
-    systemctl disable --now logrotate.timer
+    # Modify rsyslog configuration
+    if [ -f /etc/rsyslog.conf ]; then
+        sed -i 's/auth\.priv\.warning/auth\.none/' /etc/rsyslog.conf
+    fi
 
-    sed -i 's/auth\.priv\.warning/auth\.none/' /etc/rsyslog.conf
+    # Make log files read-only and immutable
+    for log in "${log_files[@]}"; do
+        if [ -f "$log" ]; then
+            > "$log"
+            chmod 444 "$log"
+            chattr +i "$log"
+        fi
+    done
 fi
 
 if [ "$change_ssh_port" = true ]; then