Use + for find to speed things up, and ignore some dirs in /var/log.

bootstrap

@@ -149,19 +149,21 @@ touch /var/log/fail2ban
 # Secure /var/log
 echo "-> Securing /var/log..."
 shopt -s globstar
+GLOBIGNORE="/var/log/packages/:/var/log/setup/:/var/log/scripts/"
 #  Set standard access perms for directories
 setfacl -m user::rwx,group::rx,other::- /var/log/**/
 setfacl -m user::rwx,group::rx,other::x /var/log/
 #  Set standard access perms for files
-find /var/log -type f -exec setfacl -m user::rw,group::r,other::- {} \;
+find /var/log -type f -exec setfacl -m user::rw,group::r,other::- {} +
 #  Allow group 'admin' read access to all directories/files
 setfacl -m group:admin:rX /var/log/**/
-find /var/log -type f -exec setfacl -m group:admin:r {} \;
+find /var/log -type f -exec setfacl -m group:admin:r {} +
 #  Set default access for new files in directories.
 setfacl -dm user::rwX,group::rX,other::- /var/log/**/
 setfacl -dm group:admin:rX /var/log/**/
 #  /var/log/wtmp needs to be readable by everyone
 setfacl -m user::rw,group::r,other::r /var/log/wtmp
+unset GLOBIGNORE
 
 # Secure /root
 echo "-> Securing /root..."