diff --git a/install.sh b/install.sh
index c857dda1..46e6a5ed 100755
--- a/install.sh
+++ b/install.sh
@@ -141,4 +141,7 @@ install_data misc_systemd_units/user@.service.d/depend-on-remote-homes.conf \
 mkdir -p "$DESTDIR$sysconfdir/systemd/logind.conf.d"
 install_data misc_etc_files/systemd/logind.conf.d/disable_RemoveIPC.conf \
                                                           "$DESTDIR$sysconfdir/systemd/logind.conf.d/disable_RemoveIPC.conf"
+install_data logrotate/logrotate.conf                     "$DESTDIR$sysconfdir/logrotate.conf"
+install_data logrotate/logrotate.service                  "$DESTDIR$systemdunitdir/logrotate.service"
+install_data logrotate/logrotate.timer                    "$DESTDIR$systemdunitdir/logrotate.timer"
 exit
diff --git a/logrotate/logrotate.conf b/logrotate/logrotate.conf
new file mode 100644
index 00000000..4edeed9c
--- /dev/null
+++ b/logrotate/logrotate.conf
@@ -0,0 +1,12 @@
+/var/log/messages {
+	compress
+	dateext
+	dateformat .%Y-%m
+	dateyesterday
+	rotate 12
+	monthly
+	sharedscripts
+	postrotate
+		kill -HUP $(cat /var/run/rsyslogd.pid)
+	endscript
+}
diff --git a/logrotate/logrotate.service b/logrotate/logrotate.service
new file mode 100644
index 00000000..b1c8a7c9
--- /dev/null
+++ b/logrotate/logrotate.service
@@ -0,0 +1,27 @@
+[Unit]
+Description=Rotate log files
+Documentation=man:logrotate(8) man:logrotate.conf(5)
+RequiresMountsFor=/var/log
+ConditionACPower=true
+
+[Service]
+Type=oneshot
+ExecStart=/usr/sbin/logrotate -v /etc/logrotate.conf
+
+# performance options
+Nice=19
+IOSchedulingClass=best-effort
+IOSchedulingPriority=7
+
+# hardening options
+#  details: https://www.freedesktop.org/software/systemd/man/systemd.exec.html
+#  no ProtectHome for userdir logs
+#  no PrivateNetwork for mail deliviery
+#  no ProtectKernelTunables for working SELinux with systemd older than 235
+MemoryDenyWriteExecute=true
+PrivateDevices=true
+PrivateTmp=true
+ProtectControlGroups=true
+ProtectKernelModules=true
+ProtectSystem=full
+RestrictRealtime=true
diff --git a/logrotate/logrotate.timer b/logrotate/logrotate.timer
new file mode 100644
index 00000000..ea379318
--- /dev/null
+++ b/logrotate/logrotate.timer
@@ -0,0 +1,11 @@
+[Unit]
+Description=Daily rotation of log files
+Documentation=man:logrotate(8) man:logrotate.conf(5)
+
+[Timer]
+OnCalendar=daily
+AccuracySec=1h
+Persistent=true
+
+[Install]
+WantedBy=timers.target