ispconfig (rotated) logfiles world readable

Summary

ispconfig (rotated) logfiles world readable (there are sensitive infos in this files like mysql root password if debug is enabled) With mod_python/mod_php or exec() this files would maybe be readable from (hacked) websites

Steps to reproduce

ls -l /var/log/ispconfig/

-rw-------  1 root      root       833384 May 22 09:27 ispconfig.log
-rw-r--r--  1 root      root        37399 Apr 25 00:05 ispconfig.log.1.gz
-rw-r--r--  1 root      root        37325 Apr 24 00:05 ispconfig.log.2.gz
-rw-r--r--  1 root      root        37413 Apr 23 00:05 ispconfig.log.3.gz
-rw-r--r--  1 root      root        37318 Apr 22 00:05 ispconfig.log.4.gz

Correct behaviour

gz files should be 600 too

Environment

Ubuntu Noble - ispconfig 3.3

Proposed fix

This workaround should work i think (ispconfig interface writes into auth.log so ispconfig group needs write permission)

chmod 710 /var/log/ispconfig/ 
chown root:ispconfig /var/log/ispconfig/ 

Better solution maybe to do a chmod 600 in the php logrotate code or maybe move the logrotate from php code to an /etc/logrotate.d/ script.