14.3.1 Linux/MacOS:  Installing the script


Note: L-Soft no longer supports MacOS for new installations of LISTSERV.  However, for customers who are still running recent versions of LISTSERV on MacOS, we have continued to publish these instructions.  References to MacOS will be removed after the next full version of LISTSERV is released.

Installing the script on a Linux or MacOS machine presumes that you have already installed the latest version of Microsoft PowerShell Core, which at this writing is 7.1.  Microsoft have published articles on that:

For Linux: https://docs.microsoft.com/en-us/powershell/scripting/install/installing-powershell-core-on-linux?view=powershell-7.1

For MacOS: https://docs.microsoft.com/en-us/powershell/scripting/install/installing-powershell-core-on-macos?view=powershell-7.1

You will also need to compile the lcmdx.c source code which is included in the gdprscan.zip bundle.  This can be as simple as opening a terminal box and issuing the command

[root@linuxbox ~]# gcc -O lcmdx.c -o lcmdx


at the prompt.  (Note that this also presumes that you have the 'gcc' compiler installed.)

If you are installing GDPRSCAN on a machine that is running LISTSERV, lcmdx may already be compiled; if not, check the $LSVROOT directory for lcmdx.c, and then simply run `make lcmdx' to compile and link the executable.

Once you have lcmdx compiled, you can either keep it in the same directory with gdprscan.ps1, or you can copy it into /usr/local/bin or some other directory in your $PATH.  You will also want to set appropriate ownership and permissions for lcmdx.  For instance, `chmod 755 lcmdx; chown root:root lcmdx' will result in the following:

-rwxr-xr-x.  1 root     root 13384 Apr 11 10:42 lcmdx


which should allow any user to execute lcmdx. This may be more extreme than you prefer; the only constraint is that the ownership and permissions must be set so lcmdx can be executed by whomever needs to run gdprscan.

14.3.2 Linux/MacOS:  Where to write the XML report?


By default, GDPRSCAN will write the resulting XML report to your Windows desktop.  This may or may not be optimal for you, so there is an option to change it.  If you wanted to change it to your “Documents" directory, simply use the -XMLpath (minimum abbreviation: -x) to set it accordingly:

-XMLPath '/home/myuserid/Documents'

14.3.3 Linux/MacOS:  Executing the script


Once you have installed the script, you will execute the script like this (optional command line arguments shown in square brackets []):

PS /home/you > ./gdprscan.ps1 -s listserv-hostname -t target-email -p postmaster-email [-d ALLlists | SYSTEM | FULL]

You will have to provide one additional piece of information to the script after running it – the LISTSERV personal password corresponding to the postmaster-email address you are using.  The password is obtained securely and is stored as a secure string while the program is running.

Example:

The script will continue to execute after you hit <return>.

The final command line argument is optional, defining the depth of the changelog scan.  For a normal (default) scan, this argument is not used.  Changelog scanning levels are defined as follows:

Default (no argument)

Only the listname.changelog files for the lists to which the target email address is subscribed are scanned.

ALLlists

(minimum abbreviation: “ALL”) All listname.changelogs are scanned, regardless of whether the target email address is subscribed.  (This may pick up information on lists to which the target email was subscribed in the past.)

SYSTEM

Same as the default, plus SYSTEM and NOLIST-* changelogs are scanned, if present.

FULL

All changelogs on the server are scanned.

If specified, these levels are mutually exclusive; only one may be specified per run.  

The options are presented above in ascending order of how much time they will typically take to execute.  On one L-Soft server, the ALL option resulted in a 51-minute-long scan for a single user; however, significant network latency may have contributed to that test.  Another L-Soft server with a very large SYSTEM.CHANGELOG processed the ALL option for a single user in 15 minutes.

Typically, scanning changelogs other than those belonging to the list(s) to which the target address is subscribed is an expensive operation, there may be little if any personal information for the target address found in them, and it may simply not be desirable to run that deep of a scan.

GDPR does not require data controllers to spend an unlimited amount of time on requests, and therefore, L-Soft has left the decision on depth of scan up to the customer.