diff options
Diffstat (limited to 'zarb-ml/mageia-dev/2012-November/020275.html')
| -rw-r--r-- | zarb-ml/mageia-dev/2012-November/020275.html | 158 |
1 files changed, 158 insertions, 0 deletions
diff --git a/zarb-ml/mageia-dev/2012-November/020275.html b/zarb-ml/mageia-dev/2012-November/020275.html new file mode 100644 index 000000000..dbd77bb84 --- /dev/null +++ b/zarb-ml/mageia-dev/2012-November/020275.html @@ -0,0 +1,158 @@ +<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN"> +<HTML> + <HEAD> + <TITLE> [Mageia-dev] OpenVPN missing PID dir + </TITLE> + <LINK REL="Index" HREF="index.html" > + <LINK REL="made" HREF="mailto:mageia-dev%40mageia.org?Subject=Re%3A%20%5BMageia-dev%5D%20OpenVPN%20missing%20PID%20dir&In-Reply-To=%3C50B2DBC5.8050104%40LinuxCabal.org%3E"> + <META NAME="robots" CONTENT="index,nofollow"> + <META http-equiv="Content-Type" content="text/html; charset=us-ascii"> + <LINK REL="Previous" HREF="020274.html"> + <LINK REL="Next" HREF="020287.html"> + </HEAD> + <BODY BGCOLOR="#ffffff"> + <H1>[Mageia-dev] OpenVPN missing PID dir</H1> + <B>Richard Couture</B> + <A HREF="mailto:mageia-dev%40mageia.org?Subject=Re%3A%20%5BMageia-dev%5D%20OpenVPN%20missing%20PID%20dir&In-Reply-To=%3C50B2DBC5.8050104%40LinuxCabal.org%3E" + TITLE="[Mageia-dev] OpenVPN missing PID dir">rrc at LinuxCabal.org + </A><BR> + <I>Mon Nov 26 04:02:29 CET 2012</I> + <P><UL> + <LI>Previous message: <A HREF="020274.html">[Mageia-dev] OpenVPN missing PID dir +</A></li> + <LI>Next message: <A HREF="020287.html">[Mageia-dev] OpenVPN + auth-user-pass + systemd password agents (was: Re: OpenVPN missing PID dir) +</A></li> + <LI> <B>Messages sorted by:</B> + <a href="date.html#20275">[ date ]</a> + <a href="thread.html#20275">[ thread ]</a> + <a href="subject.html#20275">[ subject ]</a> + <a href="author.html#20275">[ author ]</a> + </LI> + </UL> + <HR> +<!--beginarticle--> +<PRE>I didn't mean to open a can of worms, but since it's open ... + +with script-security 2 added to the client.conf, openvpn starts just +fine with the command systemctl restart <A HREF="https://www.mageia.org/mailman/listinfo/mageia-dev">openvpn at client.service</A> UNTIL +you add the parameter auth-user-pass to the client.conf +Once that param is added, openvpn refuses to start via systemD though it +starts just fine via sys5 +[<A HREF="https://www.mageia.org/mailman/listinfo/mageia-dev">root at pwyr</A> openvpn]# cd /etc/init.d/ +[<A HREF="https://www.mageia.org/mailman/listinfo/mageia-dev">root at pwyr</A> init.d]# ./openvpn restart +Shutting down openvpn: [ OK ] +Starting openvpn: Enter Auth Username:rrc +Enter Auth Password: + [ OK ] +Since were looking at openvpn, hopefully we can figure out what this is +all about as this param is EXTREMELY important to harden the security of +openvpn + +Thanks + + + + +Richard + + + +On 11/25/2012 06:18 PM, Colin Guthrie wrote: +><i> 'Twas brillig, and Olivier Blin at 25/11/12 23:31 did gyre and gimble: +</I>>><i> Colin Guthrie<<A HREF="https://www.mageia.org/mailman/listinfo/mageia-dev">mageia at colin.guthr.ie</A>> writes: +</I>>><i> +</I>>>><i> 'Twas brillig, and Olivier Blin at 25/11/12 15:19 did gyre and gimble: +</I>>>>><i> Colin Guthrie<<A HREF="https://www.mageia.org/mailman/listinfo/mageia-dev">mageia at colin.guthr.ie</A>> writes: +</I>>>>><i> +</I>>>>>><i> 1. "systemd-tmpfiles --create" is not run in the %post (before +</I>>>>>><i> add-service helper) (note that on cauldron the command must be: +</I>>>>>><i> "systemd-tmpfiles --create openvpn.conf"). This means that you'll need a +</I>>>>>><i> reboot before openvpn will work on mga2 after installing it. +</I>>>>><i> +</I>>>>><i> Hi, +</I>>>>><i> +</I>>>>><i> Shouldn't this be done through a rpm filetrigger? +</I>>>><i> +</I>>>><i> I don't think there is a way to specify which files triggered the file +</I>>>><i> trigger is there? +</I>>>><i> +</I>>>><i> Basically we'd need to know the basename of the file that changed, also +</I>>>><i> there are times when it has to be excluded (e.g. some files should not +</I>>>><i> be run except at boot). +</I>>><i> +</I> +>><i> Looks like this list is available to the script from stdin, see +</I>>><i> /var/lib/rpm/filetriggers/httpd.script or +</I>>><i> /var/lib/rpm/filetriggers/pear.script +</I>><i> +</I>><i> OK good to know. +</I>><i> +</I>><i> Sadly the ordering is still wrong as this needs to be run after %pre but +</I>><i> before any calls to %_post_service (i.e. in %post). +</I>><i> +</I>><i> As a result I don't think it's really possible to automate this. It +</I>><i> could be added to a filetrigger for "safety" and baked into +</I>><i> %_post_service but it still doesn't cover several corner cases, and I +</I>><i> don't think it's really worth the bother personally. +</I>><i> +</I>><i> Col +</I>><i> +</I>><i> +</I> +-- +LinuxCabal Asociación Civil +Ing. Richard Couture +Novell CNE, ECNE, MCNE +HP/Compaq ASE +Tel.: (+52) (333) 145-2638 +Cel.: (+52) (044) 333 377-7505 +Cel.: (+52) (044) 333 377-7506 +Web: <A HREF="http://www.LinuxCabal.org">http://www.LinuxCabal.org</A> +E-Mail: <A HREF="https://www.mageia.org/mailman/listinfo/mageia-dev">rrc at linuxcabal.org</A> +Hosted en la nube Cloud Sigma - www.CloudSigma.com + +AVISO DE CONFIDENCIALIDAD: Este correo electrónico, incluyendo en su +caso, los archivos adjuntos al mismo, pueden contener información de +carácter confidencial y/o privilegiada, y se envían a la atención única +y exclusivamente de la persona y/o entidad a quien va dirigido. La +copia, revisión, uso, revelación y/o distribución de dicha información +confidencial sin la autorización por escrito de LinuxCabal está +prohibida. Si usted no es el destinatario a quien se dirige el presente +correo, favor de contactar al remitente respondiendo al presente correo +y eliminar el correo original incluyendo sus archivos, así como +cualesquiera copia del mismo. Mediante la recepción del presente correo +usted reconoce y acepta que en caso de incumplimiento de su parte y/o de +sus representantes a los términos antes mencionados, LinuxCabal tendrá +derecho a los daños y perjuicios que esto le cause. + +</PRE> + + + + + + + + + + +<!--endarticle--> + <HR> + <P><UL> + <!--threads--> + <LI>Previous message: <A HREF="020274.html">[Mageia-dev] OpenVPN missing PID dir +</A></li> + <LI>Next message: <A HREF="020287.html">[Mageia-dev] OpenVPN + auth-user-pass + systemd password agents (was: Re: OpenVPN missing PID dir) +</A></li> + <LI> <B>Messages sorted by:</B> + <a href="date.html#20275">[ date ]</a> + <a href="thread.html#20275">[ thread ]</a> + <a href="subject.html#20275">[ subject ]</a> + <a href="author.html#20275">[ author ]</a> + </LI> + </UL> + +<hr> +<a href="https://www.mageia.org/mailman/listinfo/mageia-dev">More information about the Mageia-dev +mailing list</a><br> +</body></html> |