From b2dcebd7829f4375749b708d768f439e518d9881 Mon Sep 17 00:00:00 2001 From: Petr Bokoc Date: Oct 16 2018 14:59:53 +0000 Subject: Convert links to https where applicable --- diff --git a/LICENSE.txt b/LICENSE.txt index 3b01bda..b12d143 100644 --- a/LICENSE.txt +++ b/LICENSE.txt @@ -1,4 +1,4 @@ This work is licensed under the Creative Commons Attribution 4.0 International License. To view a copy of this license, visit -http://creativecommons.org/licenses/by/4.0/ or send a letter to Creative +https://creativecommons.org/licenses/by/4.0/ or send a letter to Creative Commons, PO Box 1866, Mountain View, CA 94042, USA. diff --git a/README.md b/README.md index 82ad1f6..b59af31 100644 --- a/README.md +++ b/README.md @@ -14,8 +14,8 @@ All of this is written in AsciiDoc. It's a simple mostly-plain-text markup language. You may want to look at: -* [AsciiDoc Syntax Quick Reference](http://asciidoctor.org/docs/asciidoc-syntax-quick-reference/) -* [AsciiDoc Writer’s Guide](http://asciidoctor.org/docs/asciidoc-writers-guide/) +* [AsciiDoc Syntax Quick Reference](https://asciidoctor.org/docs/asciidoc-syntax-quick-reference/) +* [AsciiDoc Writer’s Guide](https://asciidoctor.org/docs/asciidoc-writers-guide/) * [Antora Documentation](https://docs.antora.org/antora/1.0/page/) diff --git a/modules/system-administrators-guide/pages/_partials/Legal_Notice.adoc b/modules/system-administrators-guide/pages/_partials/Legal_Notice.adoc index b65d4a5..5027815 100644 --- a/modules/system-administrators-guide/pages/_partials/Legal_Notice.adoc +++ b/modules/system-administrators-guide/pages/_partials/Legal_Notice.adoc @@ -3,7 +3,7 @@ Copyright {YEAR} {HOLDER}. -The text of and illustrations in this document are licensed by Red Hat under a Creative Commons Attribution–Share Alike 3.0 Unported license ("CC-BY-SA"). An explanation of CC-BY-SA is available at link:++http://creativecommons.org/licenses/by-sa/3.0/++[]. The original authors of this document, and Red Hat, designate the Fedora Project as the "Attribution Party" for purposes of CC-BY-SA. In accordance with CC-BY-SA, if you distribute this document or an adaptation of it, you must provide the URL for the original version. +The text of and illustrations in this document are licensed by Red Hat under a Creative Commons Attribution–Share Alike 3.0 Unported license ("CC-BY-SA"). An explanation of CC-BY-SA is available at link:++https://creativecommons.org/licenses/by-sa/3.0/++[]. The original authors of this document, and Red Hat, designate the Fedora Project as the "Attribution Party" for purposes of CC-BY-SA. In accordance with CC-BY-SA, if you distribute this document or an adaptation of it, you must provide the URL for the original version. Red Hat, as the licensor of this document, waives the right to enforce, and agrees not to assert, Section 4d of CC-BY-SA to the fullest extent permitted by applicable law. diff --git a/modules/system-administrators-guide/pages/_partials/entities.adoc b/modules/system-administrators-guide/pages/_partials/entities.adoc index 2856c82..b7a3858 100644 --- a/modules/system-administrators-guide/pages/_partials/entities.adoc +++ b/modules/system-administrators-guide/pages/_partials/entities.adoc @@ -1,5 +1,5 @@ :BOOKID: system-administrator's-guide -:BZURL: link:++https://bugzilla.redhat.com/enter_bug.cgi?product=Fedora%20Documentation&component=system-administrator's-guide++[http://bugzilla.redhat.com/] +:BZURL: link:++https://bugzilla.redhat.com/enter_bug.cgi?product=Fedora%20Documentation&component=system-administrator's-guide++[https://bugzilla.redhat.com/] :HOLDER: Red Hat, Inc. and others :MAJOROS: Fedora :MAJOROSVER: Fedora Rawhide diff --git a/modules/system-administrators-guide/pages/_partials/servers/FTP.adoc b/modules/system-administrators-guide/pages/_partials/servers/FTP.adoc index 0e4216f..4b52e23 100644 --- a/modules/system-administrators-guide/pages/_partials/servers/FTP.adoc +++ b/modules/system-administrators-guide/pages/_partials/servers/FTP.adoc @@ -572,6 +572,6 @@ indexterm:[vsftpd,additional resources,useful websites] * link:++https://security.appspot.com/vsftpd.html++[https://security.appspot.com/vsftpd.html] — The [command]#vsftpd# project page is a great place to locate the latest documentation and to contact the author of the software. -* link:++http://slacksite.com/other/ftp.html++[http://slacksite.com/other/ftp.html] — This website provides a concise explanation of the differences between active and passive mode `FTP`. +* link:++https://slacksite.com/other/ftp.html++[https://slacksite.com/other/ftp.html] — This website provides a concise explanation of the differences between active and passive mode `FTP`. -* link:++http://www.ietf.org/rfc/rfc0959.txt++[http://www.ietf.org/rfc/rfc0959.txt] — The original _Request for Comments_ (_RFC_) of the `FTP` protocol from the IETF. +* link:++https://www.ietf.org/rfc/rfc0959.txt++[https://www.ietf.org/rfc/rfc0959.txt] — The original _Request for Comments_ (_RFC_) of the `FTP` protocol from the IETF. diff --git a/modules/system-administrators-guide/pages/_partials/servers/OpenLDAP.adoc b/modules/system-administrators-guide/pages/_partials/servers/OpenLDAP.adoc index bf60062..aaa5d8f 100644 --- a/modules/system-administrators-guide/pages/_partials/servers/OpenLDAP.adoc +++ b/modules/system-administrators-guide/pages/_partials/servers/OpenLDAP.adoc @@ -19,7 +19,7 @@ Using a client-server architecture, LDAP provides a reliable means to create a c [IMPORTANT] ==== -The OpenLDAP suite in {MAJOROSVER} no longer uses OpenSSL. Instead, it uses the Mozilla implementation of _Network Security Services_ (*NSS*). OpenLDAP continues to work with existing certificates, keys, and other TLS configuration. For more information on how to configure it to use Mozilla certificate and key database, see [citetitle]_link:++http://www.openldap.org/faq/index.cgi?file=1514++[How do I use TLS/SSL with Mozilla NSS]_. +The OpenLDAP suite in {MAJOROSVER} no longer uses OpenSSL. Instead, it uses the Mozilla implementation of _Network Security Services_ (*NSS*). OpenLDAP continues to work with existing certificates, keys, and other TLS configuration. For more information on how to configure it to use Mozilla certificate and key database, see [citetitle]_link:++https://www.openldap.org/faq/index.cgi?file=1514++[How do I use TLS/SSL with Mozilla NSS]_. ==== @@ -488,8 +488,8 @@ It accepts either a plain text string, or a hash. To generate a hash, type the f [subs="quotes, macros, attributes"] ---- ~]${nbsp}pass:attributes[{blank}][command]#slappaswd# -New password: -Re-enter new password: +New password: +Re-enter new password: \{SSHA}WczWsyPEnMchFf1GRTweq2q7XJcvmSxD ---- @@ -527,14 +527,14 @@ olcSuffix: dc=example,dc=com [[s3-ldap-configuration-schema]] ==== Extending Schema indexterm:[OpenLDAP,schema]indexterm:[OpenLDAP,directories,/etc/openldap/slapd.d/cn=config/cn=schema/] -Since OpenLDAP 2.3, the `/etc/openldap/slapd.d/` directory also contains LDAP definitions that were previously located in `/etc/openldap/schema/`. It is possible to extend the schema used by OpenLDAP to support additional attribute types and object classes using the default schema files as a guide. However, this task is beyond the scope of this chapter. For more information on this topic, see link:++http://www.openldap.org/doc/admin/schema.html++[]. +Since OpenLDAP 2.3, the `/etc/openldap/slapd.d/` directory also contains LDAP definitions that were previously located in `/etc/openldap/schema/`. It is possible to extend the schema used by OpenLDAP to support additional attribute types and object classes using the default schema files as a guide. However, this task is beyond the scope of this chapter. For more information on this topic, see link:++https://www.openldap.org/doc/admin/schema.html++[]. [[s3-establishing_a_secure_connection]] ==== Establishing a Secure Connection indexterm:[OpenLDAP,configuration,TLS]indexterm:[OpenLDAP,files,/etc/openldap/ldap.conf]indexterm:[OpenLDAP,files,/etc/openldap/slapd.d/cn=config.ldif]indexterm:[OpenLDAP,security] OpenLDAP clients and servers can be secured using the Transport Layer Security (TLS) framework. TLS is a cryptographic protocol designed to provide communication security over the network. As noted above, OpenLDAP suite in Fedora uses Mozilla NSS as the TLS implementation. -To establish a secure connection using TLS, obtain the required certificates as described in [citetitle]_link:++http://www.openldap.org/faq/index.cgi?file=1514++[How do I use TLS/SSL with Mozilla NSS]_. Then, a number of options must be configured on both the client and the server. At a minimum, a server must be configured with the Certificate Authority (CA) certificates and also its own server certificate and private key. The clients must be configured with the name of the file containing all the trusted CA certificates. +To establish a secure connection using TLS, obtain the required certificates as described in [citetitle]_link:++https://www.openldap.org/faq/index.cgi?file=1514++[How do I use TLS/SSL with Mozilla NSS]_. Then, a number of options must be configured on both the client and the server. At a minimum, a server must be configured with the Certificate Authority (CA) certificates and also its own server certificate and private key. The clients must be configured with the name of the file containing all the trusted CA certificates. Typically, a server only needs to sign a single CA certificate. A client may want to connect to a variety of secure servers, therefore it is common to specify a list of several trusted CAs in its configuration. @@ -940,13 +940,13 @@ Configuration Files:: {blank} .Online Documentation -link:++http://www.openldap.org/doc/admin24/++[]:: The current version of the [citetitle]_OpenLDAP Software Administrator's Guide_. +link:++https://www.openldap.org/doc/admin24/++[]:: The current version of the [citetitle]_OpenLDAP Software Administrator's Guide_. -link:++http://www.kingsmountain.com/ldapRoadmap.shtml++[]:: Jeff Hodges' [citetitle]_LDAP Roadmap & FAQ_ containing links to several useful resources and emerging news concerning the LDAP protocol. +link:++https://www.kingsmountain.com/ldapRoadmap.shtml++[]:: Jeff Hodges' [citetitle]_LDAP Roadmap & FAQ_ containing links to several useful resources and emerging news concerning the LDAP protocol. link:++http://www.ldapman.org/articles/++[]:: A collection of articles that offer a good introduction to LDAP, including methods to design a directory tree and customizing directory structures. -link:++http://www.padl.com/++[]:: A website of developers of several useful LDAP tools. +link:++https://www.padl.com/++[]:: A website of developers of several useful LDAP tools. [[s3-ldap-related-books]] === Related Books diff --git a/modules/system-administrators-guide/pages/_partials/servers/Printer_Configuration.adoc b/modules/system-administrators-guide/pages/_partials/servers/Printer_Configuration.adoc index fa77438..2509c64 100644 --- a/modules/system-administrators-guide/pages/_partials/servers/Printer_Configuration.adoc +++ b/modules/system-administrators-guide/pages/_partials/servers/Printer_Configuration.adoc @@ -460,4 +460,4 @@ To learn more about printing on {MAJOROS}, see the following resources. link:++https://wiki.linuxfoundation.org/openprinting/start++[]:: [citetitle]_Open Printing_ contains a large amount of information about printing in Linux. -link:++http://www.cups.org/++[]:: Documentation, FAQs, and newsgroups about CUPS. +link:++https://www.cups.org/++[]:: Documentation, FAQs, and newsgroups about CUPS. diff --git a/modules/system-administrators-guide/pages/_partials/servers/Samba.adoc b/modules/system-administrators-guide/pages/_partials/servers/Samba.adoc index dbc5e7b..1f46555 100644 --- a/modules/system-administrators-guide/pages/_partials/servers/Samba.adoc +++ b/modules/system-administrators-guide/pages/_partials/servers/Samba.adoc @@ -176,7 +176,7 @@ The default configuration file (`/etc/samba/smb.conf`) allows users to view thei [[sect-Samba-GUI_Configuration]] ==== Graphical Configuration indexterm:[Samba,graphical configuration] -To configure Samba using a graphical interface, use one of the available Samba graphical user interfaces. A list of available GUIs can be found at link:++http://www.samba.org/samba/GUI/++[http://www.samba.org/samba/GUI/]. +To configure Samba using a graphical interface, use one of the available Samba graphical user interfaces. A list of available GUIs can be found at link:++https://www.samba.org/samba/GUI/++[https://www.samba.org/samba/GUI/]. [[sect-Samba-Command-Line-Configuration]] ==== Command-Line Configuration @@ -611,7 +611,7 @@ domain master = yes comment = Home Directories valid users = %S read only = no - + [netlogon] comment = Network Logon Service path = /var/lib/samba/netlogon/scripts @@ -1183,10 +1183,10 @@ The following sections give you the means to explore Samba in greater detail. .Useful Websitesindexterm:[Samba,Additional Resources,useful websites] -* link:++http://www.samba.org/++[http://www.samba.org/] — Homepage for the Samba distribution and all official documentation created by the Samba development team. Many resources are available in HTML and PDF formats, while others are only available for purchase. Although many of these links are not {MAJOROS} specific, some concepts may apply. +* link:++https://www.samba.org/++[https://www.samba.org/] — Homepage for the Samba distribution and all official documentation created by the Samba development team. Many resources are available in HTML and PDF formats, while others are only available for purchase. Although many of these links are not {MAJOROS} specific, some concepts may apply. * link:++https://wiki.samba.org/index.php/User_Documentation++[https://wiki.samba.org/index.php/User_Documentation] — Samba 4.x official documentation. -* link:++http://us1.samba.org/samba/archives.html++[http://samba.org/samba/archives.html ] — Active email lists for the Samba community. Enabling digest mode is recommended due to high levels of list activity. +* link:++https://www.samba.org/samba/archives.html++[https://www.samba.org/samba/archives.html ] — Active email lists for the Samba community. Enabling digest mode is recommended due to high levels of list activity. -* Samba newsgroups — Samba threaded newsgroups, such as link:++http://www.gmane.org/++[www.gmane.org], that use the `NNTP` protocol are also available. This an alternative to receiving mailing list emails. +* Samba newsgroups — Samba threaded newsgroups, such as link:++https://www.gmane.org/++[www.gmane.org], that use the `NNTP` protocol are also available. This an alternative to receiving mailing list emails. diff --git a/modules/system-administrators-guide/pages/_partials/servers/The_Apache_HTTP_Server.adoc b/modules/system-administrators-guide/pages/_partials/servers/The_Apache_HTTP_Server.adoc index 6e298d6..72ab9e5 100644 --- a/modules/system-administrators-guide/pages/_partials/servers/The_Apache_HTTP_Server.adoc +++ b/modules/system-administrators-guide/pages/_partials/servers/The_Apache_HTTP_Server.adoc @@ -2,7 +2,7 @@ [[s1-The_Apache_HTTP_Server]] == The Apache HTTP Server indexterm:[httpd,Apache HTTP Server] -The web server available in {MAJOROS} is the Apache HTTP server daemon, `httpd`, an open source web server developed by the link:++http://www.apache.org/++[Apache Software Foundation]. In Fedora 19 the Apache server was updated to [application]*Apache HTTP Server 2.4*. This section describes the basic configuration of the `httpd` service, and covers some advanced topics such as adding server modules, setting up virtual hosts, or configuring the secure HTTP server. +The web server available in {MAJOROS} is the Apache HTTP server daemon, `httpd`, an open source web server developed by the link:++https://www.apache.org/++[Apache Software Foundation]. In Fedora 19 the Apache server was updated to [application]*Apache HTTP Server 2.4*. This section describes the basic configuration of the `httpd` service, and covers some advanced topics such as adding server modules, setting up virtual hosts, or configuring the secure HTTP server. There are important differences between the Apache HTTP Server 2.4 and version 2.2, and if you are upgrading from a release prior to Fedora 19, you will need to update the `httpd` service configuration accordingly. This section reviews some of the newly added features, outlines important changes, and guides you through the update of older configuration files. @@ -61,7 +61,7 @@ Some additional configuration files are provided by the [package]*httpd* package Default Configuration:: A minimal `httpd.conf` file is now provided by default. Many common configuration settings, such as `Timeout` or `KeepAlive` are no longer explicitly configured in the default configuration; hard-coded settings will be used instead, by default. The hard-coded default settings for all configuration directives are specified in the manual. See xref:Web_Servers.adoc#bh-The_Apache_HTTP_Server-Installable_Documentation[Installable Documentationindexterm:[Apache HTTP Server,additional resources,installable documentation]] for more information. -Incompatible Syntax Changes:: If migrating an existing configuration from [application]*httpd 2.2* to [application]*httpd 2.4*, a number of backwards-incompatible changes to the `httpd` configuration syntax were made which will require changes. See the following Apache document for more information on upgrading link:++http://httpd.apache.org/docs/2.4/upgrading.html++[] +Incompatible Syntax Changes:: If migrating an existing configuration from [application]*httpd 2.2* to [application]*httpd 2.4*, a number of backwards-incompatible changes to the `httpd` configuration syntax were made which will require changes. See the following Apache document for more information on upgrading link:++https://httpd.apache.org/docs/2.4/upgrading.html++[] Processing Model:: In previous releases of {MAJOROS}, different _multi-processing models_ (*MPM*) were made available as different `httpd` binaries: the forked model, "prefork", as `/usr/sbin/httpd`, and the thread-based model "worker" as `/usr/sbin/httpd.worker`. @@ -79,11 +79,11 @@ Packaged content provided with `httpd` has been moved from `/var/www/` to `/usr/ ** `/usr/share/httpd/error/` — The `/var/www/error/` has moved to `/usr/share/httpd/error/`. Custom multi-language HTTP error pages. Not configured by default, the example configuration file is provided at `/usr/share/doc/httpd-_VERSION_pass:attributes[{blank}]/httpd-multilang-errordoc.conf`. -Authentication, Authorization and Access Control:: The configuration directives used to control authentication, authorization and access control have changed significantly. Existing configuration files using the `Order`, `Deny` and `Allow` directives should be adapted to use the new `Require` syntax. See the following Apache document for more information link:++http://httpd.apache.org/docs/2.4/howto/auth.html++[] +Authentication, Authorization and Access Control:: The configuration directives used to control authentication, authorization and access control have changed significantly. Existing configuration files using the `Order`, `Deny` and `Allow` directives should be adapted to use the new `Require` syntax. See the following Apache document for more information link:++https://httpd.apache.org/docs/2.4/howto/auth.html++[] suexec:: To improve system security, the [application]*suexec* binary is no longer installed as if by the `root` user; instead, it has file system capability bits set which allow a more restrictive set of permissions. In conjunction with this change, the [application]*suexec* binary no longer uses the `/var/log/httpd/suexec.log` logfile. Instead, log messages are sent to [application]*syslog*pass:attributes[{blank}]; by default these will appear in the `/var/log/secure` log file. -Module Interface:: Third-party binary modules built against [application]*httpd 2.2* are not compatible with [application]*httpd 2.4* due to changes to the `httpd` module interface. Such modules will need to be adjusted as necessary for the [application]*httpd 2.4* module interface, and then rebuilt. A detailed list of the API changes in version `2.4` is available here: link:++http://httpd.apache.org/docs/2.4/developer/new_api_2_4.html++[]. +Module Interface:: Third-party binary modules built against [application]*httpd 2.2* are not compatible with [application]*httpd 2.4* due to changes to the `httpd` module interface. Such modules will need to be adjusted as necessary for the [application]*httpd 2.4* module interface, and then rebuilt. A detailed list of the API changes in version `2.4` is available here: link:++https://httpd.apache.org/docs/2.4/developer/new_api_2_4.html++[]. The [application]*apxs* binary used to build modules from source has moved from `/usr/sbin/apxs` to `/usr/bin/apxs`. @@ -117,7 +117,7 @@ Note that you can check the configuration for possible errors by using the follo Syntax OK ---- -For more information on upgrading the Apache HTTP Server configuration from version 2.2 to 2.4, see link:++http://httpd.apache.org/docs/2.4/upgrading.html++[]. +For more information on upgrading the Apache HTTP Server configuration from version 2.2 to 2.4, see link:++https://httpd.apache.org/docs/2.4/upgrading.html++[]. [[s2-apache-running]] === Running the httpd Service @@ -129,7 +129,7 @@ This section describes how to start, stop, restart, and check the current status ~]#{nbsp}dnf install httpd ---- -For more information on the concept of targets and how to manage system services in {MAJOROS} in general, see +For more information on the concept of targets and how to manage system services in {MAJOROS} in general, see //link to systemd section when ready xref:../infrastructure-services/Services_and_Daemons.adoc#ch-Services_and_Daemons[Services and Daemons]. @@ -2318,10 +2318,10 @@ By default, most web browsers are configured to trust a set of widely used certi [options="header"] |=== |Web Browser|Link -|[application]*Mozilla Firefox*|link:++http://www.mozilla.org/projects/security/certs/included/++[Mozilla root CA list]. -|[application]*Opera*|link:++http://www.opera.com/docs/ca/++[Information on root certificates used by Opera]. -|[application]*Internet Explorer*|link:++http://support.microsoft.com/kb/931125++[Information on root certificates used by Microsoft Windows]. -|[application]*Chromium*|link:++http://www.chromium.org/Home/chromium-security/root-ca-policy++[Information on root certificates used by the Chromium project]. +|[application]*Mozilla Firefox*|link:++https://www.mozilla.org/projects/security/certs/included/++[Mozilla root CA list]. +|[application]*Opera*|link:++https://www.opera.com/docs/ca/++[Information on root certificates used by Opera]. +|[application]*Internet Explorer*|link:++https://support.microsoft.com/kb/931125++[Information on root certificates used by Microsoft Windows]. +|[application]*Chromium*|link:++https://www.chromium.org/Home/chromium-security/root-ca-policy++[Information on root certificates used by the Chromium project]. |=== When setting up an SSL server, you need to generate a certificate request and a private key, and then send the certificate request, proof of the company's identity, and payment to a certificate authority. Once the CA verifies the certificate request and your identity, it will send you a signed certificate you can use with your server. Alternatively, you can create a self-signed certificate that does not contain a CA signature, and thus should be used for testing purposes only. @@ -2496,7 +2496,7 @@ image::apache-mod_ssl-genkey-01.png[Running the genkey utility] Use the kbd:[Tab] key to select the btn:[Next] button, and press kbd:[Enter] to proceed to the next screen. -. Using the kbd:[up] and kbd:[down] arrow keys, select a suitable key size. Note that while a larger key increases the security, it also increases the response time of your server. The NIST recommends using `2048 bits`. See [citetitle]_link:++http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-131Ar1.pdf++[NIST Special Publication 800-131A Revision 1]_. +. Using the kbd:[up] and kbd:[down] arrow keys, select a suitable key size. Note that while a larger key increases the security, it also increases the response time of your server. The NIST recommends using `2048 bits`. See [citetitle]_link:++https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-131Ar1.pdf++[NIST Special Publication 800-131A Revision 1]_. [[figure-apache-mod_ssl-genkey-02]] .Selecting the key size @@ -2595,8 +2595,8 @@ Before accessing the documentation, issue the following commands as `root`: .Online Documentationindexterm:[Apache HTTP Server,additional resources,useful websites] -* link:++http://httpd.apache.org/++[] — The official website for the Apache HTTP Server with documentation on all the directives and default modules. +* link:++https://httpd.apache.org/++[] — The official website for the Apache HTTP Server with documentation on all the directives and default modules. -* ulink url="http://www.modssl.org/" /> — The official website for the [application]*mod_ssl* module. +* link:++http://www.modssl.org/++[] — The official website for the [application]*mod_ssl* module. -* link:++http://www.openssl.org/++[] — The OpenSSL home page containing further documentation, frequently asked questions, links to the mailing lists, and other useful resources. +* link:++https://www.openssl.org/++[] — The OpenSSL home page containing further documentation, frequently asked questions, links to the mailing lists, and other useful resources. diff --git a/modules/system-administrators-guide/pages/basic-system-configuration/Opening_GUI_Applications.adoc b/modules/system-administrators-guide/pages/basic-system-configuration/Opening_GUI_Applications.adoc index d4f7b27..7fce065 100644 --- a/modules/system-administrators-guide/pages/basic-system-configuration/Opening_GUI_Applications.adoc +++ b/modules/system-administrators-guide/pages/basic-system-configuration/Opening_GUI_Applications.adoc @@ -38,7 +38,7 @@ When a program is executed on the command line, the terminal is occupied until t Open XML file: /home/fedorauser/.config/astromenace/amconfig.xml VFS file was opened /usr/share/astromenace/gamedata.vfs - + Vendor : OpenAL Community Renderer : OpenAL Soft Version : 1.1 ALSOFT 1.15.1 @@ -139,7 +139,7 @@ image::alt-f2_XFCE.png[XFCE command entry dialog box.] [[gui-from_menu]] == Launching applications from the Desktop Menu -Applications can also be opened from the menu system provided by the desktop environment in use. While the presentation may vary between desktop environments, the menu entries and their categories are provided by the individual application and standardized by the link:++http://standards.freedesktop.org/menu-spec/menu-spec-latest.html++[freedesktop.org Desktop Menu Specification]. Some desktop environments also provide search functionality in their menu system to allow quick and easy access to applications. +Applications can also be opened from the menu system provided by the desktop environment in use. While the presentation may vary between desktop environments, the menu entries and their categories are provided by the individual application and standardized by the link:++https://standards.freedesktop.org/menu-spec/menu-spec-latest.html++[freedesktop.org Desktop Menu Specification]. Some desktop environments also provide search functionality in their menu system to allow quick and easy access to applications. [[gui-from_menu-gnome]] === Using GNOME menus diff --git a/modules/system-administrators-guide/pages/infrastructure-services/OpenSSH.adoc b/modules/system-administrators-guide/pages/infrastructure-services/OpenSSH.adoc index 7e51f40..0d62bc4 100644 --- a/modules/system-administrators-guide/pages/infrastructure-services/OpenSSH.adoc +++ b/modules/system-administrators-guide/pages/infrastructure-services/OpenSSH.adoc @@ -497,7 +497,7 @@ Host keys are generated on the system by default, to list the keys, enter a comm [IMPORTANT] ==== -It is recommended to create and store CA keys in a safe place just as with any other private key. In these examples the `root` user will be used. In a real production environment using an offline computer with an administrative user account is recommended. For guidance on key lengths see [citetitle]_link:++http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-131Ar1.pdf++[NIST Special Publication 800-131A Revision 1]_. +It is recommended to create and store CA keys in a safe place just as with any other private key. In these examples the `root` user will be used. In a real production environment using an offline computer with an administrative user account is recommended. For guidance on key lengths see [citetitle]_link:++https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-131Ar1.pdf++[NIST Special Publication 800-131A Revision 1]_. ==== @@ -1334,6 +1334,6 @@ For more information on how to configure or connect to an OpenSSH server on Fedo .Online Documentation -* link:++http://www.openssh.com/++[OpenSSH Home Page] — The OpenSSH home page containing further documentation, frequently asked questions, links to the mailing lists, bug reports, and other useful resources. +* link:++https://www.openssh.com/++[OpenSSH Home Page] — The OpenSSH home page containing further documentation, frequently asked questions, links to the mailing lists, bug reports, and other useful resources. -* link:++http://www.openssl.org/++[OpenSSL Home Page] — The OpenSSL home page containing further documentation, frequently asked questions, links to the mailing lists, and other useful resources. +* link:++https://www.openssl.org/++[OpenSSL Home Page] — The OpenSSL home page containing further documentation, frequently asked questions, links to the mailing lists, and other useful resources. diff --git a/modules/system-administrators-guide/pages/kernel-module-driver-configuration/Manually_Upgrading_the_Kernel.adoc b/modules/system-administrators-guide/pages/kernel-module-driver-configuration/Manually_Upgrading_the_Kernel.adoc index e66a7cb..db7708d 100644 --- a/modules/system-administrators-guide/pages/kernel-module-driver-configuration/Manually_Upgrading_the_Kernel.adoc +++ b/modules/system-administrators-guide/pages/kernel-module-driver-configuration/Manually_Upgrading_the_Kernel.adoc @@ -100,7 +100,7 @@ You must have a copy of the `boot.iso` file from a {MAJOROS} installation DVD, o [subs="attributes"] ---- ~]#{nbsp}grep -v local /mnt/isoboot/isolinux/isolinux.cfg > /mnt/diskboot/syslinux.cfg - + ---- . Unmount `boot.iso` and the USB storage device: @@ -108,7 +108,7 @@ You must have a copy of the `boot.iso` file from a {MAJOROS} installation DVD, o [subs="attributes"] ---- ~]#{nbsp}umount /mnt/isoboot /mnt/diskboot - + ---- . You should reboot the machine with the boot media and verify that you are able to boot with it before continuing. @@ -137,7 +137,7 @@ From the output, determine which packages need to be downloaded for the kernel u indexterm:[kernel,downloading]indexterm:[kernel,upgrade kernel available]indexterm:[kernel,upgrade kernel available,via Fedora Update System]indexterm:[kernel,upgrade kernel available,Security Advisories] There are several ways to determine if an updated kernel is available for the system. -* Via Fedora Update System — Download and install the kernel RPM packages. For more information, refer to link:++http://bodhi.fedoraproject.org/++[]. +* Via Fedora Update System — Download and install the kernel RPM packages. For more information, refer to link:++https://bodhi.fedoraproject.org/++[]. * Via `_DNF_` using check-update: ---- @@ -163,7 +163,7 @@ At a shell prompt, change to the directory that contains the kernel RPM packages [subs="attributes"] ---- -~]#{nbsp}rpm -ivh kernel-kernel_version.arch.rpm +~]#{nbsp}rpm -ivh kernel-kernel_version.arch.rpm ---- The next step is to verify that the initial RAM disk image has been created. See xref:Manually_Upgrading_the_Kernel.adoc#sec-Verifying_the_Initial_RAM_Disk_Image[Verifying the Initial RAM Disk Image] for details. diff --git a/modules/system-administrators-guide/pages/monitoring-and-automation/OProfile.adoc b/modules/system-administrators-guide/pages/monitoring-and-automation/OProfile.adoc index 791bd40..6adef5c 100644 --- a/modules/system-administrators-guide/pages/monitoring-and-automation/OProfile.adoc +++ b/modules/system-administrators-guide/pages/monitoring-and-automation/OProfile.adoc @@ -92,7 +92,7 @@ If you run [command]#operf# [option]`--system-wide` as a background process (wit [subs="quotes, macros"] ---- -[command]#kill -SIGINT operf-PID# +[command]#kill -SIGINT operf-PID# ---- When running [command]#operf# [option]`--system-wide`, it is recommended that your current working directory is `/root` or a subdirectory of `/root` so that sample data files are not stored in locations accessible by regular users. @@ -128,7 +128,7 @@ Some older processor models are not supported by the underlying Linux Performanc ---- Your kernel's Performance Events Subsystem does not support your processor type - + ---- when attempting to use [command]#operf#, try profiling with [command]#opcontrol# to see if your processor type may be supported by OProfile's legacy mode. @@ -584,7 +584,7 @@ To retrieve more detailed profiled information about a specific executable, use Replace _executable_ with the full path to the executable to be analyzed. _mode_ stands for one of the following options: -[option]`-l`:: This option is used to list sample data by symbols. For example, running this command: +[option]`-l`:: This option is used to list sample data by symbols. For example, running this command: + [subs="attributes"] ---- @@ -594,31 +594,31 @@ Replace _executable_ with the full path to the executable to be analyzed. _mode_ produces the following output: + ---- -samples % symbol name -12 21.4286 __gconv_transform_utf8_internal -5 8.9286 _int_malloc 4 7.1429 malloc -3 5.3571 __i686.get_pc_thunk.bx -3 5.3571 _dl_mcount_wrapper_check -3 5.3571 mbrtowc -3 5.3571 memcpy -2 3.5714 _int_realloc -2 3.5714 _nl_intern_locale_data -2 3.5714 free -2 3.5714 strcmp -1 1.7857 __ctype_get_mb_cur_max -1 1.7857 __unregister_atfork -1 1.7857 __write_nocancel -1 1.7857 _dl_addr -1 1.7857 _int_free -1 1.7857 _itoa_word -1 1.7857 calc_eclosure_iter -1 1.7857 fopen@@GLIBC_2.1 -1 1.7857 getpid -1 1.7857 memmove -1 1.7857 msort_with_tmp -1 1.7857 strcpy -1 1.7857 strlen -1 1.7857 vfprintf +samples % symbol name +12 21.4286 __gconv_transform_utf8_internal +5 8.9286 _int_malloc 4 7.1429 malloc +3 5.3571 __i686.get_pc_thunk.bx +3 5.3571 _dl_mcount_wrapper_check +3 5.3571 mbrtowc +3 5.3571 memcpy +2 3.5714 _int_realloc +2 3.5714 _nl_intern_locale_data +2 3.5714 free +2 3.5714 strcmp +1 1.7857 __ctype_get_mb_cur_max +1 1.7857 __unregister_atfork +1 1.7857 __write_nocancel +1 1.7857 _dl_addr +1 1.7857 _int_free +1 1.7857 _itoa_word +1 1.7857 calc_eclosure_iter +1 1.7857 fopen@@GLIBC_2.1 +1 1.7857 getpid +1 1.7857 memmove +1 1.7857 msort_with_tmp +1 1.7857 strcpy +1 1.7857 strlen +1 1.7857 vfprintf 1 1.7857 write ---- + @@ -636,7 +636,7 @@ To sort the output from the largest number of samples to the smallest (reverse o returns the following output: + ---- -samples % symbol name +samples % symbol name 12 100.000 __gconv_transform_utf8_internal ---- + @@ -654,18 +654,18 @@ The first column is the number of samples for the memory symbol. The second colu this output is returned: + ---- -vma samples % symbol name -00a98640 12 100.000 __gconv_transform_utf8_internal -00a98640 1 8.3333 -00a9868c 2 16.6667 -00a9869a 1 8.3333 -00a986c1 1 8.3333 -00a98720 1 8.3333 -00a98749 1 8.3333 -00a98753 1 8.3333 -00a98789 1 8.3333 -00a98864 1 8.3333 -00a98869 1 8.3333 +vma samples % symbol name +00a98640 12 100.000 __gconv_transform_utf8_internal +00a98640 1 8.3333 +00a9868c 2 16.6667 +00a9869a 1 8.3333 +00a986c1 1 8.3333 +00a98720 1 8.3333 +00a98749 1 8.3333 +00a98753 1 8.3333 +00a98789 1 8.3333 +00a98864 1 8.3333 +00a98869 1 8.3333 00a98b08 1 8.3333 ---- + @@ -876,7 +876,7 @@ To learn more about OProfile and how to configure it, see the following resource [[br-oprofile_online_documentation]] .Online Documentation -* link:++http://oprofile.sourceforge.net/++[http://oprofile.sourceforge.net/] — Contains the latest upstream documentation, mailing lists, IRC channels, and more. +* link:++https://oprofile.sourceforge.net/++[http://oprofile.sourceforge.net/] — Contains the latest upstream documentation, mailing lists, IRC channels, and more. .See Also diff --git a/modules/system-administrators-guide/pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc b/modules/system-administrators-guide/pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc index b8afdbd..8823af3 100644 --- a/modules/system-administrators-guide/pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc +++ b/modules/system-administrators-guide/pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc @@ -40,7 +40,7 @@ Facility/Priority-based filters:: The most used and well-known way to filter sy ---- _FACILITY_._PRIORITY_ - + ---- where: @@ -64,7 +64,7 @@ The following are a few examples of simple facility/priority-based filters that ---- kern.* - + ---- To select all mail syslog messages with priority [command]#crit# and higher, use this form: @@ -73,7 +73,7 @@ To select all mail syslog messages with priority [command]#crit# and higher, use ---- mail.crit - + ---- To select all cron syslog messages except those with the [command]#info# or [command]#debug# priority, set the configuration in the following form: @@ -81,8 +81,8 @@ To select all cron syslog messages except those with the [command]#info# or [com [subs="quotes"] ---- -cron.!info,!debug - +cron.!info,!debug + ---- ==== @@ -154,7 +154,7 @@ The basic syntax of expression-based filter looks as follows: ---- if _EXPRESSION_ then _ACTION_ else _ACTION_ - + ---- where: @@ -183,7 +183,7 @@ if $programname == 'prog1' then { else action(type="omfile" file="/var/log/prog1notest.log") } - + ---- ==== @@ -235,7 +235,7 @@ Sending syslog messages over the network:: [application]*rsyslog* allows you to [subs="quotes, macros"] ---- @([command]#zpass:attributes[{blank}]_NUMBER_pass:attributes[{blank}]#)_HOST_:pass:attributes[{blank}]_PORT_ - + ---- where: @@ -259,23 +259,23 @@ The following are some examples of actions that forward syslog messages over the ---- *.* @192.168.0.1 - + ---- To forward messages to "example.com" using port 18 and the `TCP` protocol, use: ---- -*.* @@example.com:18 - +*.* @@example.com:18 + ---- The following compresses messages with [application]*zlib* (level 9 compression) and forwards them to `2001:db8::1` using the `UDP` protocol ---- -*.* @(z9)[2001:db8::1] - +*.* @(z9)[2001:db8::1] + ---- ==== @@ -284,7 +284,7 @@ Output channels:: Output channels are primarily used to specify the maximum siz [subs="macros"] ---- -$outchannel pass:quotes[_NAME_], pass:quotes[_FILE_NAME_], pass:quotes[_MAX_SIZE_], pass:quotes[_ACTION_] +$outchannel pass:quotes[_NAME_], pass:quotes[_FILE_NAME_], pass:quotes[_MAX_SIZE_], pass:quotes[_ACTION_] ---- where: @@ -312,8 +312,8 @@ The following output shows a simple log rotation through the use of an output ch ---- - $outchannel log_rotation, /var/log/test_log.log, 104857600, /home/joe/log_rotation_script - + $outchannel log_rotation, /var/log/test_log.log, 104857600, /home/joe/log_rotation_script + ---- and then it is used in a rule that selects every syslog message with any priority and executes the previously-defined output channel on the acquired syslog messages: @@ -321,7 +321,7 @@ and then it is used in a rule that selects every syslog message with any priorit ---- *.* :omfile:$log_rotation - + ---- Once the limit (in the example 100{nbsp}MB) is hit, the `/home/joe/log_rotation_script` is executed. This script can contain anything from moving the file into a different folder, editing specific content out of it, or simply removing it. @@ -391,7 +391,7 @@ In order to use the `MySQL` and `PostgreSQL` database writer functionality, inst $ModLoad ommysql # Output module for MySQL support $ModLoad ompgsql # Output module for PostgreSQL support - + ---- For more information on [application]*rsyslog* modules, see xref:Viewing_and_Managing_Log_Files.adoc#s1-using_rsyslog_modules[Using Rsyslog Modules]. @@ -424,7 +424,7 @@ For each selector, you are allowed to specify multiple actions. To specify multi _FILTER_ _ACTION_ & _ACTION_ & _ACTION_ - + ---- Specifying multiple actions improves the overall performance of the desired outcome since the specified selector has to be evaluated only once. @@ -440,7 +440,7 @@ In the following example, all kernel syslog messages with the critical priority kern.=crit user1 & ^test-program;temp & @192.168.0.1 - + ---- ==== @@ -544,7 +544,7 @@ The following are some examples of simple properties: %msg:::drop-last-lf% ---- -* The following property obtains the first 10 characters of the time stamp that is generated when the syslog message is received and formats it according to the [citetitle]_link:++http://www.rfc-editor.org/info/rfc3339++[RFC 3339]_ date standard. +* The following property obtains the first 10 characters of the time stamp that is generated when the syslog message is received and formats it according to the [citetitle]_link:++https://www.rfc-editor.org/info/rfc3339++[RFC 3339]_ date standard. [subs="quotes"] ---- @@ -646,7 +646,7 @@ Global directives are configuration options that apply to the `rsyslogd` daemon. ---- $MainMsgQueueSize 50000 - + ---- The default size defined for this directive (10,000 messages) can be overridden by specifying a different value (as shown in the example above). @@ -666,7 +666,7 @@ weekly rotate 4 # uncomment this if you want your log files compressed compress - + ---- All of the lines in the sample configuration file define global options that apply to every log file. In our example, log files are rotated weekly, rotated log files are kept for four weeks, and all rotated log files are compressed by [application]*gzip* into the `.gz` format. Any lines that begin with a hash sign (#) are comments and are not processed. @@ -685,7 +685,7 @@ The following is an example of a configuration file placed in the `/etc/logrotat /usr/bin/killall -HUP syslogd endscript } - + ---- The configuration options in this file are specific for the `/var/log/messages` log file only. The settings specified here override the global settings where possible. Thus the rotated `/var/log/messages` log file will be kept for five weeks instead of four weeks as was defined in the global options. @@ -742,7 +742,7 @@ $InputFileName /tmp/inputfile $InputFileTag tag1: $InputFileStateFile inputfile-state $InputRunFileMonitor - + ---- and the same configuration with the use of the new format statement: @@ -751,7 +751,7 @@ and the same configuration with the use of the new format statement: ---- input(type="imfile" file="/tmp/inputfile" tag="tag1:" statefile="inputfile-state") - + ---- This significantly reduces the number of parameters used in configuration, improves readability, and also provides higher execution speed. For more information on RainerScript statements and parameters see xref:Viewing_and_Managing_Log_Files.adoc#brid-Log_Files-Resources-Online[Online Documentation]. @@ -782,13 +782,13 @@ With the new configuration format in rsyslog 7, the `input()` and `ruleset()` st [subs="quotes, macros"] ---- -ruleset(name="pass:attributes[{blank}]_rulesetname_pass:attributes[{blank}]") { +ruleset(name="pass:attributes[{blank}]_rulesetname_pass:attributes[{blank}]") { _rule_ _rule2_ call _rulesetname2_ - … + … } - + ---- Replace _rulesetname_ with an identifier for your ruleset. The ruleset name cannot start with `RSYSLOG_` since this namespace is reserved for use by [application]*rsyslog*. `RSYSLOG_DefaultRuleset` then defines the default set of rules to be performed if the message has no other ruleset assigned. With _rule_ and _rule2_ you can define rules in filter-action format mentioned above. With the `call` parameter, you can nest rulesets by calling them from inside other ruleset blocks. @@ -823,7 +823,7 @@ ruleset(name="remote-10515") { input(type="imtcp" port="10514" ruleset="remote-10514"); input(type="imtcp" port="10515" ruleset="remote-10515"); - + ---- Rulesets shown in the above example define log destinations for the remote input from two ports, in case of 10515, messages are sorted according to the facility. Then, the TCP input is enabled and bound to rulesets. Note that you must load the required modules (imtcp) for this configuration to work. @@ -1026,7 +1026,7 @@ $ActionQueueSaveOnShutdown on *.* @@example1.com $ActionQueueType LinkedList -$ActionQueueFileName example_fwd2 +$ActionQueueFileName example_fwd2 $ActionResumeRetryCount -1 $ActionQueueSaveOnShutdown on *.* @@example2.com @@ -1234,7 +1234,7 @@ template(name="TmplAuthpriv" type="string" template(name="TmplMsg" type="string" string="/var/log/remote/msg/%HOSTNAME%/%PROGRAMNAME:::secpath-replace%.log" ) - + ---- These templates can also be written in the list format as follows: @@ -1287,7 +1287,7 @@ Due to its modular design, [application]*rsyslog* offers a variety of _modules_ ---- $ModLoad _MODULE_ - + ---- where [option]`$ModLoad` is the global directive that loads the specified module and _MODULE_ represents your desired module. For example, if you want to load the Text File Input Module ([command]#imfile#) that enables [application]*rsyslog* to convert any standard text files into syslog messages, specify the following line in the `/etc/rsyslog.conf` configuration file: @@ -1296,7 +1296,7 @@ where [option]`$ModLoad` is the global directive that loads the specified module ---- $ModLoad imfile - + ---- [application]*rsyslog* offers a number of modules which are split into the following main categories: @@ -1313,7 +1313,7 @@ $ModLoad imfile * Library Modules — Library modules provide functionality for other loadable modules. These modules are loaded automatically by [application]*rsyslog* when needed and cannot be configured by the user. -A comprehensive list of all available modules and their detailed description can be found at link:++http://www.rsyslog.com/doc/rsyslog_conf_modules.html/++[http://www.rsyslog.com/doc/rsyslog_conf_modules.html]. +A comprehensive list of all available modules and their detailed description can be found at link:++https://www.rsyslog.com/doc/rsyslog_conf_modules.html/++[https://www.rsyslog.com/doc/rsyslog_conf_modules.html]. [WARNING] ==== @@ -1332,7 +1332,7 @@ The Text File Input Module, abbreviated as [command]#imfile#, enables [applicati $ModLoad imfile $InputFilePollInterval _int_ - + ---- It is sufficient to load [command]#imfile# once, even when importing multiple files. The *$InputFilePollInterval* global directive specifies how often [application]*rsyslog* checks for changes in connected text files. The default interval is 10 seconds, to change it, replace _int_ with a time interval specified in seconds. @@ -1353,7 +1353,7 @@ $InputRunFileMonitor # File 2 $InputFileName pass:quotes[_path_to_file2_] ... - + ---- Four settings are required to specify an input text file: @@ -1382,7 +1382,7 @@ $InputFileName /var/log/httpd/error_log $InputFileTag apache-error: $InputFileStateFile state-apache-error $InputRunFileMonitor - + ---- ==== @@ -1404,7 +1404,7 @@ $ModLoad ommysql $ActionOmmysqlServerPort 1234 *.* :ommysql:database-server,database-name,database-userid,database-password - + ---- First, the output module is loaded, then the communication port is specified. Additional information, such as name of the server and the database, and authentication data, is specified on the last line of the above example. @@ -1439,7 +1439,7 @@ As an alternative, configure `rsyslogd` to read from the socket provided by `jou $ModLoad imuxsock $OmitLocalLogging off - + ---- The above syntax loads the `imuxsock` module and turns off the [option]`$OmitLocalLogging` directive, which enables the import trough the system socket. The path to this socket is specified separately in `/etc/rsyslog.d/listen.conf` as follows: @@ -1448,7 +1448,7 @@ The above syntax loads the `imuxsock` module and turns off the [option]`$OmitLoc ---- $SystemLogSocketName /run/systemd/journal/syslog - + ---- You can also output messages from [application]*Rsyslog* to [application]*Journal* with the `omjournal` module. Configure the output in `/etc/rsyslog.conf` as follows: @@ -1458,7 +1458,7 @@ You can also output messages from [application]*Rsyslog* to [application]*Journa $ModLoad omjournal *.* :omjournal: - + ---- For instance, the following configuration forwards all received messages on tcp port 10514 to the Journal: @@ -1467,13 +1467,13 @@ For instance, the following configuration forwards all received messages on tcp $ModLoad imtcp $ModLoad omjournal - + $RuleSet remote *.* :omjournal: $InputTCPServerBindRuleset remote $InputTCPServerRun 10514 - + ---- [[s1-structured_logging_with_rsyslog]] @@ -1507,7 +1507,7 @@ The following is an example of a lumberjack-formatted message: ---- @cee: {"pid":17055, "uid":1000, "gid":1000, "appname":"logger", "msg":"Message text."} - + ---- To build this structure inside [application]*Rsyslog*, a template is used, see xref:Viewing_and_Managing_Log_Files.adoc#s2-filtering_structured_messages[Filtering Structured Messages]. Applications and servers can employ the `libumberlog` library to generate messages in the lumberjack-compliant form. For more information on `libumberlog`, see xref:Viewing_and_Managing_Log_Files.adoc#brid-Log_Files-Resources-Online[Online Documentation]. @@ -1529,7 +1529,7 @@ $imjournalStateFile pass:quotes[_path_] $imjournalRatelimitInterval pass:quotes[_seconds_] $imjournalRatelimitBurst pass:quotes[_burst_number_] $ImjournalIgnorePreviousMessages pass:quotes[_off/on_] - + ---- * With _number_of_messages_, you can specify how often the journal data must be saved. This will happen each time the specified number of messages is reached. @@ -1553,7 +1553,7 @@ $ModLoad imjournal $OmitLocalLogging on $AddUnixListenSocket /run/systemd/journal/syslog - + ---- ==== @@ -1569,7 +1569,7 @@ To create a lumberjack-formatted message that is required by [application]*rsysl ---- template(name="CEETemplate" type="string" string="%TIMESTAMP% %HOSTNAME% %syslogtag% @cee: %$!all-json%\n") - + ---- This template prepends the `@cee:` string to the JSON string and can be applied, for example, when creating an output file with `omfile` module. To access JSON field names, use the *$!* prefix. For example, the following filter condition searches for messages with specific *hostname* and *UID*: @@ -1578,7 +1578,7 @@ This template prepends the `@cee:` string to the JSON string and can be applied, ---- ($!hostname == "pass:attributes[{blank}]_hostname_pass:attributes[{blank}]" && $!UID== "pass:attributes[{blank}]_UID_pass:attributes[{blank}]") - + ---- [[s2-parsing_JSON]] @@ -1595,7 +1595,7 @@ To parse lumberjack-formatted JSON messages with `mmjsonparse`, use the followin $ModLoad mmjsonparse *.* :mmjsonparse: - + ---- In this example, the `mmjsonparse` module is loaded on the first line, then all messages are forwarded to it. Currently, there are no configuration parameters available for `mmjsonparse`. @@ -1613,7 +1613,7 @@ To forward log messages into MongoDB, use the following syntax in the `/etc/rsys $ModLoad ommongodb *.* action(type="ommongodb" server="pass:quotes[_DB_server_]" serverport="pass:quotes[_port_]" db="pass:quotes[_DB_name_]" collection="pass:quotes[_collection_name_]" uid="pass:quotes[_UID_]" pwd="pass:quotes[_password_]") - + ---- * Replace _DB_server_ with the name or address of the MongoDB server. Specify _port_ to select a non-standard port from the MongoDB server. The default _port_ value is `0` and usually there is no need to change this parameter. @@ -1641,7 +1641,7 @@ With this command, `rsyslogd` produces debugging information and prints it to th export RSYSLOG_DEBUGLOG="pass:quotes[_path_]" export RSYSLOG_DEBUG="Debug" - + ---- Replace _path_ with a desired location for the file where the debugging information will be logged. For a complete list of options available for the RSYSLOG_DEBUG variable, see the related section in the `rsyslogd(8)` manual page. @@ -1721,7 +1721,7 @@ Aug 01 15:42:12 localhost kernel: Initializing cgroup subsys cpuset Aug 01 15:42:12 localhost kernel: Initializing cgroup subsys cpu [...] - + ---- ==== @@ -1775,9 +1775,9 @@ Fri 2013-08-02 14:41:22 CEST [s=e1021ca1b81e4fc688fad6a3ea21d35b;i=55c;b=78c8144 _SELINUX_CONTEXT=system_u:system_r:system_dbusd_t:s0-s0:c0.c1023 MESSAGE=[system] Successfully activated service 'net.reactivated.Fprint' _SOURCE_REALTIME_TIMESTAMP=1375447282839181 - + [...] - + ---- This example lists fields that identify a single log entry. These meta data can be used for message filtering as shown in xref:Viewing_and_Managing_Log_Files.adoc#advanced_filtering[Advanced Filtering]. For a complete description of all possible fields see the `systemd.journal-fields(7)` manual page. @@ -2013,7 +2013,7 @@ In order to use the [application]*System Log*, first ensure the [package]*gnome- [subs="attributes"] ---- ~]#{nbsp}dnf install gnome-system-log - + ---- For more information on installing packages with DNF, see xref:../package-management/DNF.adoc#sec-Installing[Installing Packages]. @@ -2025,7 +2025,7 @@ After you have installed the [package]*gnome-system-log* package, open the [appl [subs="quotes, macros, attributes"] ---- ~]${nbsp}pass:attributes[{blank}][command]#gnome-system-log# - + ---- The application only displays log files that exist; thus, the list might differ from the one shown in xref:Viewing_and_Managing_Log_Files.adoc#fig-redhat-logviewer[System Log]. @@ -2075,7 +2075,7 @@ When you select the `Show matches only` option, only the matched strings will be === Adding a Log File To add a log file you want to view in the list, select menu:File[ -> `Open` > +> `Open` > ]. This will display the `Open Log` window where you can select the directory and file name of the log file you want to view. xref:Viewing_and_Managing_Log_Files.adoc#fig-redhat-logviewer-add[System Log - adding a log file] illustrates the Open Log window. [[fig-redhat-logviewer-add]] @@ -2125,10 +2125,8 @@ For more information on how to configure the `rsyslog` daemon and how to locate, [[brid-Log_Files-Resources-Online]] .Online Documentation -* link:++http://www.rsyslog.com/++[rsyslog Home Page] — The [application]*rsyslog* home page offers a thorough technical breakdown of its features, documentation, configuration examples, and video tutorials. - -* link:++http://www.rsyslog.com/doc/rainerscript.html++[pass:attributes[{blank}]*RainerScript* documentation on the rsyslog Home Page] — Commented summary of data types, expressions, and functions available in *RainerScript*. +* link:++https://www.rsyslog.com/++[rsyslog Home Page] — The [application]*rsyslog* home page offers a thorough technical breakdown of its features, documentation, configuration examples, and video tutorials. -* link:++http://www.rsyslog.com/doc/queues.html++[Description of *queues* on the rsyslog Home Page] — General information on various types of message queues and their usage. +* link:++https://www.rsyslog.com/doc/rainerscript.html++[pass:attributes[{blank}]*RainerScript* documentation on the rsyslog Home Page] — Commented summary of data types, expressions, and functions available in *RainerScript*. -* link:++http://wiki.rsyslog.com/index.php/Main_Page++[rsyslog Wiki] — [citetitle]_The rsyslog Wiki_ contains useful configuration examples. +* link:++https://www.rsyslog.com/doc/queues.html++[Description of *queues* on the rsyslog Home Page] — General information on various types of message queues and their usage. diff --git a/modules/system-administrators-guide/pages/package-management/DNF.adoc b/modules/system-administrators-guide/pages/package-management/DNF.adoc index 378084f..7c7b8cd 100644 --- a/modules/system-administrators-guide/pages/package-management/DNF.adoc +++ b/modules/system-administrators-guide/pages/package-management/DNF.adoc @@ -48,7 +48,6 @@ Complete! Note that [command]#dnf upgrade# installs only those updates that can be installed. If a package cannot be updated, because of dependency problems for example, it is skipped. The [command]#dnf check-update# command can be used see which installed packages on your system have new versions available, however it does not mean that they can be successfully installed. This command is therefore mostly useful in scripts and for checking for updated packages that were not installed after running [command]#dnf upgrade#. -// See http://pastebin.test.redhat.com/pastebin.php?diff=283438 I cannot see the difference. For example: @@ -908,4 +907,4 @@ indexterm:[DNF,Additional Resources] .Online Documentation -link:++http://dnf.readthedocs.org/en/latest/index.html++[]:: The DNF wiki contains more documentation. +link:++https://dnf.readthedocs.org/en/latest/index.html++[]:: The DNF wiki contains more documentation. diff --git a/modules/system-administrators-guide/pages/package-management/intro-package-management.adoc b/modules/system-administrators-guide/pages/package-management/intro-package-management.adoc index 299d422..554cfe8 100644 --- a/modules/system-administrators-guide/pages/package-management/intro-package-management.adoc +++ b/modules/system-administrators-guide/pages/package-management/intro-package-management.adoc @@ -15,8 +15,8 @@ The "Atomic" variant of {MAJOROS} uses [application]*rpm-ostree* to update the host. `rpm-ostree` is a hybrid image/package system. By default, installations are in "image" mode using OSTree, but additional packages can be installed. It also supports overrides, rebases, and many other features. For more information, -see link:++http://www.projectatomic.io/docs/os-updates/++[its online documentation]. +see link:++https://www.projectatomic.io/docs/os-updates/++[its online documentation]. Additionally, the `atomic` CLI supports installation of system containers, which are Docker/OCI images distinct from the host user space. For more information, -see link:++http://www.projectatomic.io/docs/usr-bin-atomic/++[its online documentation]. +see link:++https://www.projectatomic.io/docs/usr-bin-atomic/++[its online documentation]. diff --git a/modules/system-administrators-guide/pages/servers/Configuring_NTP_Using_ntpd.adoc b/modules/system-administrators-guide/pages/servers/Configuring_NTP_Using_ntpd.adoc index 0e5db49..86838fb 100644 --- a/modules/system-administrators-guide/pages/servers/Configuring_NTP_Using_ntpd.adoc +++ b/modules/system-administrators-guide/pages/servers/Configuring_NTP_Using_ntpd.adoc @@ -29,7 +29,7 @@ Stratum 0::: Atomic Clocks and their signals broadcast over Radio and GPS ** Mobile Phone Systems -** Low Frequency Radio Broadcasts +** Low Frequency Radio Broadcasts WWVB (Colorado, USA.), JJY-40 and JJY-60 (Japan), DCF77 (Germany), and MSF (United Kingdom) These signals can be received by dedicated devices and are usually connected by RS-232 to a system used as an organizational or site-wide time server. @@ -49,8 +49,8 @@ This process continues down to Stratum 15 which is the lowest valid stratum. The [[s1-Understanding_NTP]] == Understanding NTP -The version of `NTP` used by {MAJOROS} is as described in [citetitle]_link:++http://www.rfc-editor.org/info/rfc1305++[RFC 1305 Network Time Protocol (Version 3) -Specification, Implementation and Analysis]_ and [citetitle]_link:++http://www.rfc-editor.org/info/rfc5905++[RFC 5905 Network Time Protocol Version 4: Protocol and Algorithms Specification]_ +The version of `NTP` used by {MAJOROS} is as described in [citetitle]_link:++https://www.rfc-editor.org/info/rfc1305++[RFC 1305 Network Time Protocol (Version 3) +Specification, Implementation and Analysis]_ and [citetitle]_link:++https://www.rfc-editor.org/info/rfc5905++[RFC 5905 Network Time Protocol Version 4: Protocol and Algorithms Specification]_ This implementation of `NTP` enables sub-second accuracy to be achieved. Over the Internet, accuracy to 10s of milliseconds is normal. On a Local Area Network (LAN), 1 ms accuracy is possible under ideal conditions. This is because clock drift is now accounted and corrected for, which was not done in earlier, simpler, time protocol systems. A resolution of 233 picoseconds is provided by using 64-bit time stamps. The first 32-bits of the time stamp is used for seconds, the last 32-bits are used for fractions of seconds. @@ -77,7 +77,7 @@ The operation of `ntpd` is explained in more detail in the man page `ntpd(8)`. T [[s1-Authentication_Options_for_NTP]] == Authentication Options for NTP -`NTPv4` added support for the Autokey Security Architecture, which is based on public asymmetric cryptography while retaining support for symmetric key cryptography. The Autokey Security Architecture is described in [citetitle]_link:++http://www.rfc-editor.org/info/rfc5906++[RFC 5906 Network Time Protocol Version 4: Autokey Specification]_. The man page `ntp_auth(5)` describes the authentication options and commands for `ntpd`. +`NTPv4` added support for the Autokey Security Architecture, which is based on public asymmetric cryptography while retaining support for symmetric key cryptography. The Autokey Security Architecture is described in [citetitle]_link:++https://www.rfc-editor.org/info/rfc5906++[RFC 5906 Network Time Protocol Version 4: Autokey Specification]_. The man page `ntp_auth(5)` describes the authentication options and commands for `ntpd`. An attacker on the network can attempt to disrupt a service by sending `NTP` packets with incorrect time information. On systems using the public pool of `NTP` servers, this risk is mitigated by having more than three `NTP` servers in the list of public `NTP` servers in `/etc/ntp.conf`. If only one time source is compromised or spoofed, `ntpd` will ignore that source. You should conduct a risk assessment and consider the impact of incorrect time on your applications and organization. If you have internal time sources you should consider steps to protect the network over which the `NTP` packets are distributed. If you conduct a risk assessment and conclude that the risk is acceptable, and the impact to your applications minimal, then you can choose not to use authentication. @@ -91,7 +91,7 @@ Virtual machines cannot access a real hardware clock and a virtual clock is not [[s1-Understanding_Leap_Seconds]] == Understanding Leap Seconds -Greenwich Mean Time (GMT) was derived by measuring the solar day, which is dependent on the Earth's rotation. When atomic clocks were first made, the potential for more accurate definitions of time became possible. In 1958, International Atomic Time (TAI) was introduced based on the more accurate and very stable atomic clocks. A more accurate astronomical time, Universal Time 1 (UT1), was also introduced to replace GMT. The atomic clocks are in fact far more stable than the rotation of the Earth and so the two times began to drift apart. For this reason UTC was introduced as a practical measure. It is kept within one second of UT1 but to avoid making many small trivial adjustments it was decided to introduce the concept of a _leap second_ in order to reconcile the difference in a manageable way. The difference between UT1 and UTC is monitored until they drift apart by more than half a second. Then only is it deemed necessary to introduce a one second adjustment, forward or backward. Due to the erratic nature of the Earth's rotational speed, the need for an adjustment cannot be predicted far into the future. The decision as to when to make an adjustment is made by the [citetitle]_link:++http://www.iers.org++[International Earth Rotation and Reference Systems Service (IERS)]_. However, these announcements are important only to administrators of Stratum 1 servers because `NTP` transmits information about pending leap seconds and applies them automatically. +Greenwich Mean Time (GMT) was derived by measuring the solar day, which is dependent on the Earth's rotation. When atomic clocks were first made, the potential for more accurate definitions of time became possible. In 1958, International Atomic Time (TAI) was introduced based on the more accurate and very stable atomic clocks. A more accurate astronomical time, Universal Time 1 (UT1), was also introduced to replace GMT. The atomic clocks are in fact far more stable than the rotation of the Earth and so the two times began to drift apart. For this reason UTC was introduced as a practical measure. It is kept within one second of UT1 but to avoid making many small trivial adjustments it was decided to introduce the concept of a _leap second_ in order to reconcile the difference in a manageable way. The difference between UT1 and UTC is monitored until they drift apart by more than half a second. Then only is it deemed necessary to introduce a one second adjustment, forward or backward. Due to the erratic nature of the Earth's rotational speed, the need for an adjustment cannot be predicted far into the future. The decision as to when to make an adjustment is made by the [citetitle]_link:++https://www.iers.org++[International Earth Rotation and Reference Systems Service (IERS)]_. However, these announcements are important only to administrators of Stratum 1 servers because `NTP` transmits information about pending leap seconds and applies them automatically. [[s1-Understanding_the_ntpd_Configuration_File]] == Understanding the ntpd Configuration File @@ -475,7 +475,7 @@ The [command]#broadcast# command takes the following form: where _address_ is an `IP` broadcast or multicast address to which packets are sent. -This command configures a system to act as an `NTP` broadcast server. The address used must be a broadcast or a multicast address. Broadcast address implies the `IPv4` address `255.255.255.255`. By default, routers do not pass broadcast messages. The multicast address can be an `IPv4` Class D address, or an `IPv6` address. The IANA has assigned `IPv4` multicast address `224.0.1.1` and `IPv6` address `FF05::101` (site local) to `NTP`. Administratively scoped `IPv4` multicast addresses can also be used, as described in [citetitle]_link:++http://www.rfc-editor.org/info/rfc2365++[RFC 2365 Administratively Scoped IP Multicast]_. +This command configures a system to act as an `NTP` broadcast server. The address used must be a broadcast or a multicast address. Broadcast address implies the `IPv4` address `255.255.255.255`. By default, routers do not pass broadcast messages. The multicast address can be an `IPv4` Class D address, or an `IPv6` address. The IANA has assigned `IPv4` multicast address `224.0.1.1` and `IPv6` address `FF05::101` (site local) to `NTP`. Administratively scoped `IPv4` multicast addresses can also be used, as described in [citetitle]_link:++https://www.rfc-editor.org/info/rfc2365++[RFC 2365 Administratively Scoped IP Multicast]_. [[s2_Adding_a_Manycast_Client_Address]] === Adding a Manycast Client Address @@ -667,7 +667,7 @@ To list the available clock sources on your system, issue the following commands ---- ~]${nbsp}cd /sys/devices/system/clocksource/clocksource0/ clocksource0]$ cat available_clocksource -kvm-clock tsc hpet acpi_pm +kvm-clock tsc hpet acpi_pm clocksource0]$ cat current_clocksource kvm-clock ---- @@ -740,6 +740,6 @@ The following sources of information provide additional resources regarding `NTP link:++http://doc.ntp.org/++[]:: The NTP Documentation Archive -link:++http://www.eecis.udel.edu/~mills/ntp.html++[]:: Network Time Synchronization Research Project. +link:++https://www.eecis.udel.edu/~mills/ntp.html++[]:: Network Time Synchronization Research Project. -link:++http://www.eecis.udel.edu/~mills/ntp/html/manyopt.html++[]:: Information on Automatic Server Discovery in `NTPv4`. +link:++https://www.eecis.udel.edu/~mills/ntp/html/manyopt.html++[]:: Information on Automatic Server Discovery in `NTPv4`. diff --git a/modules/system-administrators-guide/pages/servers/Configuring_NTP_Using_the_chrony_Suite.adoc b/modules/system-administrators-guide/pages/servers/Configuring_NTP_Using_the_chrony_Suite.adoc index a3bd3c7..14fdc8f 100644 --- a/modules/system-administrators-guide/pages/servers/Configuring_NTP_Using_the_chrony_Suite.adoc +++ b/modules/system-administrators-guide/pages/servers/Configuring_NTP_Using_the_chrony_Suite.adoc @@ -68,7 +68,7 @@ The [application]*chrony* daemon, `chronyd`, can be controlled by the command li [[sect-Understanding_the_chrony_configuration_commands]] === Understanding the chrony Configuration Commands -The default configuration file for `chronyd` is `/etc/chrony.conf`. The [option]`-f` option can be used to specify an alternate configuration file path. See the `chronyd` man page for further options. For a complete list of the directives that can be used see [citetitle]_link:++http://chrony.tuxfamily.org/manual.html#Configuration-file++[http://chrony.tuxfamily.org/manual.html#Configuration-file]_. Below is a selection of configuration options: +The default configuration file for `chronyd` is `/etc/chrony.conf`. The [option]`-f` option can be used to specify an alternate configuration file path. See the `chronyd` man page for further options. For a complete list of the directives that can be used see [citetitle]_link:++https://chrony.tuxfamily.org/manual.html#Configuration-file++[https://chrony.tuxfamily.org/manual.html#Configuration-file]_. Below is a selection of configuration options: Comments:: Comments should be preceded by #, %, ; or ! @@ -128,7 +128,7 @@ tempcomp::: This option logs the temperature measurements and system rate compen The log files are written to the directory specified by the [command]#logdir# command. -An example of the command is: +An example of the command is: [subs="quotes"] ---- @@ -229,7 +229,7 @@ Other entries in the key file can be used as `NTP` keys to authenticate packets ---- server w.x.y.z key 10 peer w.x.y.z key 10 - + ---- The location of the key file is specified in the `/etc/chrony.conf` file. The default entry in the configuration file is: @@ -393,7 +393,7 @@ Root delay : 0.373169 seconds Root dispersion : 0.024780 seconds Update interval : 64.2 seconds Leap status : Normal - + ---- The fields are as follows: @@ -571,7 +571,7 @@ initstepslew 10 client1 client3 client6 local stratum 8 manual allow 192.0.2.0 - + ---- Where `192.0.2.0` is the network or subnet address from which the clients are allowed to connect. @@ -698,4 +698,4 @@ The following sources of information provide additional resources regarding [app [[s2-chrony_Online_Documentation]] === Online Documentation -link:++http://chrony.tuxfamily.org/manual.html++[]:: The online user guide for [application]*chrony*. +link:++https://chrony.tuxfamily.org/manual.html++[]:: The online user guide for [application]*chrony*. diff --git a/modules/system-administrators-guide/pages/servers/Configuring_PTP_Using_ptp4l.adoc b/modules/system-administrators-guide/pages/servers/Configuring_PTP_Using_ptp4l.adoc index c301468..9ac3f8a 100644 --- a/modules/system-administrators-guide/pages/servers/Configuring_PTP_Using_ptp4l.adoc +++ b/modules/system-administrators-guide/pages/servers/Configuring_PTP_Using_ptp4l.adoc @@ -423,7 +423,7 @@ phc2sys[880.968]: rms 183 max 440 freq -37102 ± 164 delay 2734 ± 91 phc2sys[940.973]: rms 244 max 584 freq -37095 ± 216 delay 2748 ± 16 phc2sys[1000.979]: rms 220 max 573 freq -36666 ± 182 delay 2747 ± 43 phc2sys[1060.984]: rms 266 max 675 freq -36759 ± 234 delay 2753 ± 17 - + ---- [[sec-Serving_PTP_Time_with_NTP]] @@ -701,4 +701,4 @@ The following sources of information provide additional resources regarding `PTP link:++http://linuxptp.sourceforge.net/++[]:: The Linux PTP project. -link:++http://www.nist.gov/el/isd/ieee/ieee1588.cfm++[]:: The IEEE 1588 Standard. +link:++https://www.nist.gov/el/isd/ieee/ieee1588.cfm++[]:: The IEEE 1588 Standard. diff --git a/modules/system-administrators-guide/pages/servers/Mail_Servers.adoc b/modules/system-administrators-guide/pages/servers/Mail_Servers.adoc index fc0c3b1..a3778b8 100644 --- a/modules/system-administrators-guide/pages/servers/Mail_Servers.adoc +++ b/modules/system-administrators-guide/pages/servers/Mail_Servers.adoc @@ -144,7 +144,7 @@ To configure `SSL` on [command]#dovecot#: ~]#{nbsp}systemctl restart dovecot ---- -More details on [command]#dovecot# can be found online at link:++http://www.dovecot.org++[http://www.dovecot.org]. +More details on [command]#dovecot# can be found online at link:++https://www.dovecot.org++[https://www.dovecot.org]. [[s1-email-types]] == Email Program Classifications @@ -787,10 +787,10 @@ Procmail recipes take the following form: [subs="macros"] ---- -:0 pass:quotes[_flags_] : pass:quotes[_lockfile-name_] -* pass:quotes[_condition_1_special-condition-character_] pass:quotes[_condition_1_regular_expression_] -* pass:quotes[_condition_2_special-condition-character_] pass:quotes[_condition-2_regular_expression_] -* pass:quotes[_condition_N_special-condition-character_] pass:quotes[_condition-N_regular_expression_] +:0 pass:quotes[_flags_] : pass:quotes[_lockfile-name_] +* pass:quotes[_condition_1_special-condition-character_] pass:quotes[_condition_1_regular_expression_] +* pass:quotes[_condition_2_special-condition-character_] pass:quotes[_condition-2_regular_expression_] +* pass:quotes[_condition_N_special-condition-character_] pass:quotes[_condition-N_regular_expression_] pass:quotes[_special-action-character_] pass:quotes[_action-to-perform_] ---- @@ -1146,7 +1146,7 @@ indexterm:[email,additional resources,useful websites] * link:++http://www.procmail.org/++[http://www.procmail.org/] — The home page for Procmail with links to assorted mailing lists dedicated to Procmail as well as various FAQ documents. -* link:++http://spamassassin.apache.org/++[http://spamassassin.apache.org/] — The official site of the SpamAssassin project. +* link:++https://spamassassin.apache.org/++[https://spamassassin.apache.org/] — The official site of the SpamAssassin project. [[s2-email-related-books]] === Related Books