| ID |
Date |
Icon |
Author |
Author Email |
Category |
OS |
ELOG Version |
Subject |
|
66385
|
Sun Jun 7 06:30:52 2009 |
 | Gerardo Pruneda | gerardopruneda@yahoo.com | Question | Windows | 2.7.6 | I can not access the Logbook from another machine |
I need some guidedance on how to access the logbook from another computer. I installed the logbook on a Windows server machine and started the logbook using port 81.
I can connect to the logbook on the same machine, but I can not access it from another machine on the same network.
I already confirm that the windows firewall is not enable. |
|
1196
|
Fri Jun 17 20:30:53 2005 |
| Gerfried Kumbartzki | kum@physics.rutgers.edu | Question | Linux | 2.6.0 | Cloning |
Elog is installed on a laptop (Redhat Linux 2.4.20-8) for quite a while. I like to have a "base" of that logbook on a server and keep it
in sync. Mirroring seem to be the perfect solution. For that I updated to elog v2.6.0 yesterday.
The server is an Alpha running Linux Redhat 7.1. I compiled from elog-latest.tar and installed elog in the 'same' locations as on the laptop.
Created a user elog and a group elog, put elogd.cfg, themes, logbooks ... in /usr/local/elog, owned by elog. Started the elogd, tested,
all seems to work. The elogd.cfg has a read and write passwd set. Any user can access the logbook, read and write after providing the proper user id and password.
Next I wanted to clone the logbooks from the laptop to the server. As superuser I can start elogd -v -C http://latop:8080, but get stuck right away with "Cannot contact elogd at http://laptop:8080/"
As user it works as follows:
Remote configuration successfully received.
Option "Mirror server = http://wotan.rutgers.edu:8080" added to config file.
Logbook directory "logbooks" successfully created.
Created directory "demo"
Indexing logbook "demo" ... Found empty logbook "demo"
Created directory "tfexp"
Indexing logbook "tfexp" ... Found empty logbook "tfexp"
Retrieve remote logbook entries? [y]/n:
Retrieving entries from "http://wotan.rutgers.edu:8080/demo"...
ID1: Remote entry received
Retrieving entries from "http://wotan.rutgers.edu:8080/tfexp"...
Error accessing remote logbook
Cloning finished. Check elogd.cfg and start the server normally.
Allthough, tfexp contains a number of entries all owned by elog like the entry in demo.
Beside missing the real stuff everything ends up in the users home directory. I would like it in the general area (/usr/local/elog for instance).
The other option is to use synchronize after changing [global] from with in the browser. Start elogd, open the logbook and click on config,
enter a Mirror server = http://laptop:8080/
Clicking synchronize give "Error accessing remote logbook"
Again, the logbooks are on both machines in /usr/local/elog/logbooks (owner:group elog:elog). The tfexp in this case is passwd protected.
Any user can access the elogs in both machines, locally or remote. But, I'm unable to synchronize the two.
Maybe somebody can point me in the right direction.
Thank's Gerfried |
|
1209
|
Wed Jun 22 18:34:18 2005 |
 | Gerfried Kumbartzki | kum@physics.rutgers.edu | Question | Linux | 2.6.0 | Re: Cloning |
Thank you for the suggestions; I commented the read and write passwd in elogd.cfg out and only then I was able to clone
(elogd -v -C http://laptop:8080) the logbook to the new server.
But this is only part of the story. The logbook on the labtop is owned by the
default user elog and default group elog, that is needed to start up the elogd. Only a user "elog" can do the cloning, unless temporarily the owner ship in /usr/local/elog is changed. I made it work by temporarily changing the owner ship on both machines, did the cloning, changed back to owner elog, started elogd and all was running.
I setup synchronizing and here too it works only if the read passwd in elogd.cfg is commented out.
Sync works fine from the RedHat linux laptop (rpm installed), but crashes the elogd on the alpha Linux machine (compiled from src) most of the time. elogd hast to be restarted and the sync had not finished.
So for now I settled to do the synchronize only from the laptop but have to remove the read passwd each time. That is tolerable but not
convenient.
Here I have another question: My Elog is passwd protected, encrypted passwd in elogd.cfg (read and write). When connecting to the elog the window
pops up asking for a user name and the passwd. I donot remember exactly, what was done to set name and passwd. But I find it "strange" that the user name can be anything as long as the passwd is right to access the ELog.
I think I have to learn more about the whole user and passwd protection schema.
Thanks again
Gerfried |
|
66525
|
Thu Sep 3 21:55:52 2009 |
| Gerhard Schneider | gs@ilsb.tuwien.ac.at | Question | Linux | 2.7.7-2246 | chain.crt |
Like many educational institutions we get "educational certificates" that are chain certificates..
With apache the full certificate chain is working as expected..
For elog I copied the appropriate files to server.crt and server.key
Netscape 3 is happy with that setup, Internet Explorer and Opera are mentioning the open certificate chain.
When I tried to copy the file known as SSLCACertificateFile in Apache to chain.crt elogd does not longer work and
openssl s_client -showcerts -connect <myserver>:<elogd_port>
only shows:
CONNECTED(00000003)
25523:error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure:s23_clnt.c:562:
What do I do wrong?
Gerhard Schneider |
|
66556
|
Wed Oct 7 07:56:52 2009 |
| Gerhard Schneider | gs@ilsb.tuwien.ac.at | Question | Linux | 2.7.7-2246 | Re: chain.crt |
> Like many educational institutions we get "educational certificates" that are chain certificates..
>
> only shows:
>
> CONNECTED(00000003)
> 25523:error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure:s23_clnt.c:562:
>
> What do I do wrong?
>
After reading the OpenSSL Documentation:
The certificates must be in PEM format and must be sorted starting with the subject's certificate (actual client or
server certificate), followed by intermediate CA certificates if applicable, and ending at the highest level (root) CA.
The chain.crt has to be of the following format:
HOST CERTIFICATE
INTERMEDIATE CERTIFICATE
ROOT CERTIFICATE
Then it is working w/o problems
GS |
|
66644
|
Tue Dec 8 19:22:06 2009 |
| Gerhard Schneider | gs@ilsb.tuwien.ac.at | Question | Windows | latest | Re: Certificate Error |
How did you create the certificate?
Are you running eLog on a server with more than one host name (CNAME entries) and are you pointing to your eLog
via one of that aliases?
Certificates that work with an Apache 1 Web server do work with eLog, too.
GS |
|
66646
|
Tue Dec 8 19:47:56 2009 |
| Gerhard Schneider | gs@ilsb.tuwien.ac.at | Question | Windows | latest | Re: Certificate Error |
>
> The certificate that is on there right now is the one that gets created when you install elogs. I have tried
> creating one with a windows server 2008 box with the CA role installed. The certificate is created without issue
> and I can install it on the server but when I try to restart the elog service it wont start until I put the
> original server.crt and server.key file back into the ssl directory.
>
I don't know anything about Windows server CA, but eLog is very strict in the syntax of the CERTs.
I had to learn it the hard way when installing a chain CERT.
For server.crt and server.key it MUST NOT be a chain cert. Therefor you have to use chain.crt
Are the generated CERTs ASCII (with only one -----BEGIN CERTIFICATE----- and -----END CERTIFICATE----- in
server.crt
and -----BEGIN RSA PRIVATE KEY----- and -----END RSA PRIVATE KEY----- in server.key)?
So the eLog generated keys should look like..
GS |
|
69592
|
Tue Dec 20 17:37:42 2022 |
| Germano Massullo | germano.massullo@cern.ch | Bug report | Linux | 3.14 EL7 EPEL | remove elog from EPEL and Fedora. |
> > elogd binary from EPEL
>
> thank you for bringing this up to our attention. we recently went through this with debian and ubuntu. the elog package was severely out of date and
> did not include the security patches that went it right before covid started in the Winter of 2020.
>
> the elogd package in EPEL7 is insecure and should not be used. (I see it is removed from EPEL8, EPEL9 and current Fedora).
>
> I will have to contact EPEL maintainers to have it removed from EPEL7 (or at least to have it marked as "insecure, do not use").
>
> https://dl.fedoraproject.org/pub/epel/7/SRPMS/Packages/e/elog-3.1.4-1.20190113git283534d97d5a.el7.src.rpm
>
> https://packages.fedoraproject.org/pkgs/elog/elog/
> https://packages.fedoraproject.org/pkgs/elog/elog/fedora-35.html
> https://packages.fedoraproject.org/pkgs/elog/elog/epel-7.html
>
> note in the changelog "Update to post-release snapshot of 3.1.4. - Fix several security issues."
>
> K.O.
Good day, elog has never been retired in EPEL 7. It is still there
https://src.fedoraproject.org/rpms/elog/tree/epel7
I am pretty sure because I am a Fedora/RHEL package maintainer and a retired package should contain in its Git branch only a file named "dead.package" |