Hi.

I am a newbie with stunnel and news servers that use SSL connections.
What am I doing wrong as shown below? I also tried shutting down the
firewall via Guarddog program, but it didn't make any differences.

$ stunnel -c -d 1119 -r news.giganews.com:563; tin -g localhost -p 1119
tin 1.9.3 release 20080506 ("Dalintober") [UNIX] (c) Copyright 1991-2008
Iain Lea.
Connecting to localhost:1119...
socket or connect problem
Failed to connect to NNTP server localhost. Exiting...

Thank you in advance.
--
"The ants are back Ted!" --Dougal from Father Ted TV show.
/\___/\
/ /\ /\ \ Phil/Ant @ http://antfarm.home.dhs.org (Personal Web Site)
| |o o| | Ant's Quality Foraged Links (AQFL): http://aqfl.net
\ _ / Remove ANT from e-mail address: philpi@earthlink.netANT
( ) or ANTant@zimage.com
Go Los Angeles/L.A. Lakers. Ant is/was listening to a song on his home
computer: Covenant - Dead Stars (Longer)

["Followup-To:" header set to comp.os.linux.misc.]
On 2008-06-15, Ant wrote:

> $ stunnel -c -d 1119 -r news.giganews.com:563; tin -g localhost -p 1119
> tin 1.9.3 release 20080506 ("Dalintober") [UNIX] (c) Copyright 1991-2008
> Iain Lea.
> Connecting to localhost:1119...
> socket or connect problem
> Failed to connect to NNTP server localhost. Exiting...

Hmmmm..... do you mean 119 rather than 1119?

Andrew

--
Do you think that's air you're breathing now?

On 6/15/2008 12:30 AM PT, andrew typed:

>> $ stunnel -c -d 1119 -r news.giganews.com:563; tin -g localhost -p 1119
>> tin 1.9.3 release 20080506 ("Dalintober") [UNIX] (c) Copyright 1991-2008
>> Iain Lea.
>> Connecting to localhost:1119...
>> socket or connect problem
>> Failed to connect to NNTP server localhost. Exiting...
>
> Hmmmm..... do you mean 119 rather than 1119?

Same error/result:
$ stunnel -c -d 119 -r news.giganews.com:563; tin -g localhost -p 119
tin 1.9.3 release 20080506 ("Dalintober") [UNIX] (c) Copyright 1991-2008
Iain Lea.
Connecting to localhost...
socket or connect problem
Failed to connect to NNTP server localhost. Exiting...
--
/\___/\
/ /\ /\ \ Phil/Ant @ http://antfarm.home.dhs.org (Personal Web Site)
| |o o| | Ant's Quality Foraged Links (AQFL): http://aqfl.net
\ _ / Remove ANT from e-mail address: philpi@earthlink.netANT
( ) or ANTant@zimage.com
Ant is currently not listening to any songs on his home computer. Go
Los Angeles/L.A. Lakers!

On Sun, 15 Jun 2008 07:52:06 UTC in comp.os.linux.questions, Ant
wrote:

> On 6/15/2008 12:30 AM PT, andrew typed:
>
> >> $ stunnel -c -d 1119 -r news.giganews.com:563; tin -g localhost -p 1119
> >> tin 1.9.3 release 20080506 ("Dalintober") [UNIX] (c) Copyright 1991-2008
> >> Iain Lea.
> >> Connecting to localhost:1119...
> >> socket or connect problem
> >> Failed to connect to NNTP server localhost. Exiting...
> >
> > Hmmmm..... do you mean 119 rather than 1119?
>
> Same error/result:
> $ stunnel -c -d 119 -r news.giganews.com:563; tin -g localhost -p 119
> tin 1.9.3 release 20080506 ("Dalintober") [UNIX] (c) Copyright 1991-2008
> Iain Lea.
> Connecting to localhost...
> socket or connect problem
> Failed to connect to NNTP server localhost. Exiting...

It might help if you were using a slightly less prehistoric version of stunnel -
v3 was already old about 5 years ago. The newer v4 does everything via
stunnel.conf and mine looks like this:

cert = stunnel.pem
socket = l:TCP_NODELAY=1
socket = r:TCP_NODELAY=1
client = yes
[nntps]
accept = 127.0.0.1:119
connect = news.giganews.com:563

With this, you might also want the debugging options set on while you get it to
work.

debug = 7
output = stunnel.log

To listen on a local port < 1024 you will need to run stunnel as root.

--
Trevor Hemsley, Brighton, UK
Trevor dot Hemsley at ntlworld dot com

On 6/15/2008 2:39 AM PT, Trevor Hemsley typed:

>>>> $ stunnel -c -d 1119 -r news.giganews.com:563; tin -g localhost -p 1119
>>>> tin 1.9.3 release 20080506 ("Dalintober") [UNIX] (c) Copyright 1991-2008
>>>> Iain Lea.
>>>> Connecting to localhost:1119...
>>>> socket or connect problem
>>>> Failed to connect to NNTP server localhost. Exiting...

>>> Hmmmm..... do you mean 119 rather than 1119?

>> Same error/result:
>> $ stunnel -c -d 119 -r news.giganews.com:563; tin -g localhost -p 119
>> tin 1.9.3 release 20080506 ("Dalintober") [UNIX] (c) Copyright 1991-2008
>> Iain Lea.
>> Connecting to localhost...
>> socket or connect problem
>> Failed to connect to NNTP server localhost. Exiting...
>
> It might help if you were using a slightly less prehistoric version of stunnel -
> v3 was already old about 5 years ago. The newer v4 does everything via
> stunnel.conf and mine looks like this:

Here is the version in Debian (I apt-get update and upgrade daily):

$ stunnel
2008.06.15 02:55:30 LOG3[29444:3083032240]: Either -r, -l (or -L) option
must be used


> cert = stunnel.pem
> socket = l:TCP_NODELAY=1
> socket = r:TCP_NODELAY=1
> client = yes
> [nntps]
> accept = 127.0.0.1:119
> connect = news.giganews.com:563
>
> With this, you might also want the debugging options set on while you get it to
> work.
>
> debug = 7
> output = stunnel.log
>
> To listen on a local port < 1024 you will need to run stunnel as root.

Shouldn't command line parameters be enough? I searched (locate command)
for stunnel.conf, but it is nowhere found. Your debugging comment gave
me an idea:

$ stunnel -o stunnel.log -D 7 -c -d 1119 -r news.giganews.com:563; tin
-g lalhost -p 1119

$ more stunnel.log . Exiting...
2008.06.15 02:59:47 LOG5[29636:3083413168]: Using
'news.giganews.com.563' as tcpwrapper service name
2008.06.15 02:59:47 LOG7[29636:3083413168]: RAND_status claims
sufficient entropy for the PRNG
2008.06.15 02:59:47 LOG6[29636:3083413168]: PRNG seeded successfully
2008.06.15 02:59:47 LOG5[29636:3083413168]: stunnel 3.26 on
i486-pc-linux-gnu PTHREAD+LIBWRAP with OpenSSL 0.9.8g 19 Oct 2007
2008.06.15 02:59:47 LOG3[29637:3083413168]: Argument to -P
(/var/run/stunnel/) is not valid a directory name

Is it because of /var/run/stunnel/? If so, then how do I fix it? I tried
making a /var/run/stunnel/, but it didn't make any differences when I
retried.
--
"The ants are back Ted!" --Dougal from Father Ted TV show.
/\___/\
/ /\ /\ \ Phil/Ant @ http://antfarm.home.dhs.org (Personal Web Site)
| |o o| | Ant's Quality Foraged Links (AQFL): http://aqfl.net
\ _ / Remove ANT from e-mail address: philpi@earthlink.netANT
( ) or ANTant@zimage.com
Ant is currently not listening to any songs on his home computer. Go
Los Angeles/L.A. Lakers!

On Sun, 15 Jun 2008 10:04:20 UTC in comp.os.linux.questions, Ant
wrote:

> Here is the version in Debian (I apt-get update and upgrade daily):

Sorry, I can't help, v3 is too old and I have forgotten all about it. The
difference between v3 and v4 is mainly the addition of stunnel.conf and the
dropping of all the command line parameters. I have no idea why Debian should
continue to ship something that hasn't been updated in about 7 years but all
other distros that I've used switched to v4 a long time ago.

I do know that stunnel is very fussy about permissions on all its directories
though so it's possible that just creating the directory is not enough, you
might have to chown/chmod it too. It's also possible that stunnel is running
from a chroot jail in which case you might need to be creating
//var/run/stunnel

--
Trevor Hemsley, Brighton, UK
Trevor dot Hemsley at ntlworld dot com

I demand that Trevor Hemsley may or may not have written...

> On Sun, 15 Jun 2008 10:04:20 UTC in comp.os.linux.questions, Ant
> wrote:
>> Here is the version in Debian (I apt-get update and upgrade daily):

> Sorry, I can't help, v3 is too old and I have forgotten all about it. The
> difference between v3 and v4 is mainly the addition of stunnel.conf and the
> dropping of all the command line parameters. I have no idea why Debian
> should continue to ship something that hasn't been updated in about 7 years
> but all other distros that I've used switched to v4 a long time ago.

http://packages.debian.org/search?keywords=stunnel
http://packages.debian.org/search?keywords=stunnel4

[snip]
--
| Darren Salt | linux or ds at | nr. Ashington, | Toon
| RISC OS, Linux | youmustbejoking,demon,co,uk | Northumberland | Army
| + Output less CO2 => avoid massive flooding. TIME IS RUNNING OUT *FAST*.

Jack the Ripper excused himself on the grounds that it was human nature.

On 6/15/2008 4:06 AM PT, Trevor Hemsley typed:

>> Here is the version in Debian (I apt-get update and upgrade daily):
>
> Sorry, I can't help, v3 is too old and I have forgotten all about it. The
> difference between v3 and v4 is mainly the addition of stunnel.conf and the
> dropping of all the command line parameters. I have no idea why Debian should
> continue to ship something that hasn't been updated in about 7 years but all
> other distros that I've used switched to v4 a long time ago.
>
> I do know that stunnel is very fussy about permissions on all its directories
> though so it's possible that just creating the directory is not enough, you
> might have to chown/chmod it too. It's also possible that stunnel is running
> from a chroot jail in which case you might need to be creating
> //var/run/stunnel

Someone else suggested:

$ stunnel -f -c -d 1119 -r news.giganews.com:563
2008.06.15 09:45:06 LOG5[2756:3082602160]: Using 'news.giganews.com.563'
as tcpwrapper service name
2008.06.15 09:45:06 LOG5[2756:3082602160]: stunnel 3.26 on
i486-pc-linux-gnu PTHREAD+LIBWRAP with OpenSSL 0.9.8g 19 Oct 2007
2008.06.15 09:45:06 LOG3[2756:3082602160]: Argument to -P
(/var/run/stunnel/) is not valid a directory name

Then, I tried uninstalling and reinstalling stunnel and stunnel4
packages via apt-get command. I retried and got different results:

$ stunnel -f -c -d 1119 -r news.giganews.com:563
2008.06.15 10:02:12 LOG5[3325:3082749616]: stunnel 4.22 on
i486-pc-linux-gnu with OpenSSL 0.9.8g 19 Oct 2007
2008.06.15 10:02:12 LOG5[3325:3082749616]: Threading:PTHREAD SSL:ENGINE
Sockets:POLL,IPv6 Auth:LIBWRAP
2008.06.15 10:02:12 LOG5[3325:3082749616]: 500 clients allowed
2008.06.15 10:02:12 LOG3[3325:3082749616]: Cannot create pid file
/var/run/stunnel4.pid
2008.06.15 10:02:12 LOG3[3325:3082749616]: create: Permission denied (13)
$ ls -l stunnel*
total 0
$ ls -l
total 160
srw-rw-rw- 1 root root 0 2008-05-28 12:52 acpid.socket
-rw-r--r-- 1 root root 5 2008-06-01 14:56 apcupsd.pid
-rw-r--r-- 1 root root 6 2008-03-24 11:38 crond.pid
---------- 1 root root 0 2008-03-11 20:49 crond.reboot
drwxr-xr-x 3 root lp 4096 2008-06-15 06:25 cups
drwxr-xr-x 2 messagebus messagebus 4096 2008-05-07 14:11 dbus
-rw-r--r-- 1 root root 6 2008-06-15 06:25 denyhosts.pid
drwxr-xr-x 2 root root 4096 2008-06-15 06:25 dirmngr
-rw-r--r-- 1 root root 6 2008-06-15 06:25 dirmngr.pid
drwxr-x--- 2 Debian-exim Debian-exim 4096 2008-04-13 15:17 exim4
-rw-r--r-- 1 root root 5 2008-03-11 20:49 gpm.pid
drwxr-xr-x 2 haldaemon haldaemon 4096 2008-06-03 17:21 hal
drwxr-xr-x 2 hplip root 4096 2007-12-23 14:02 hplip
drwxr-xr-x 2 identd nogroup 4096 2008-03-12 12:33 identd
-rw-r--r-- 1 root root 6 2008-05-01 12:23 inetd.pid
-rw-r--r-- 1 root root 6 2008-06-14 23:36 klogd.pid
-rw-r--r-- 1 root root 352 2008-03-11 20:49 motd
drwxr-xr-x 2 root root 4096 2008-03-11 20:49 network
-rw-r--r-- 1 root root 5 2008-05-20 11:10 ntpd.pid
drwxr-xr-t 2 root root 4096 2008-06-13 06:30 pcscd
drwxr-xr-x 3 root root 4096 2008-06-06 06:42 samba
drwxrwxr-x 5 root utmp 4096 2007-11-15 21:00 screen
-rw------- 1 root root 5 2008-03-22 12:19 smartd.pid
drwxr-xr-x 2 root root 4096 2007-07-30 02:24 sshd
-rw-r--r-- 1 root root 6 2008-06-11 06:39 sshd.pid
drwxr-xr-x 2 stunnel4 stunnel4 4096 2008-06-15 10:00 stunnel4
-rw-r--r-- 1 root root 6 2008-06-14 23:36 syslogd.pid
-r----S--- 1 root root 5 2008-05-07 14:11
system-tools-backends.pid
-rw-rw-r-- 1 root utmp 13440 2008-06-15 09:45 utmp
drwxr-xr-x 2 root root 4096 2008-05-04 22:42 VirtualBox
srwxr-xr-x 1 root root 0 2008-06-02 20:48 vmnat.356
-rw-r--r-- 1 root root 4 2008-06-02 20:48
vmnet-bridge-0.pid
-rw-r----- 1 root root 4 2008-06-02 20:48
vmnet-dhcpd-vmnet1.pid
-rw-r----- 1 root root 4 2008-06-02 20:48
vmnet-dhcpd-vmnet8.pid
-rw-r--r-- 1 root root 18 2008-06-02 20:48 vmnet-natd-8.mac
-rw-r--r-- 1 root root 4 2008-06-02 20:48 vmnet-natd-8.pid
-rw-r--r-- 1 root root 4 2008-06-02 20:48
vmnet-netifup-vmnet1.pid
-rw-r--r-- 1 root root 4 2008-06-02 20:48
vmnet-netifup-vmnet8.pid
drwxr-xr-x 3 root root 4096 2008-06-10 21:26 vmware
drwxr-xr-x 2 root root 4096 2008-04-11 10:54 vsftpd

It seems like it is mentioning the same permission problems you are
referring to. Do I chown and chmod to my user/accountname or what? I
don't know what this chroot jail thing is about.
--
"The tiny ant dares to enter the lion's ear." --Armenian
/\___/\
/ /\ /\ \ Phil/Ant @ http://antfarm.home.dhs.org (Personal Web Site)
| |o o| | Ant's Quality Foraged Links (AQFL): http://aqfl.net
\ _ / Remove ANT from e-mail address: philpi@earthlink.netANT
( ) or ANTant@zimage.com
Ant is currently not listening to any songs on his home computer. Go
Los Angeles/L.A. Lakers!

On Sun, 15 Jun 2008 17:09:52 UTC in comp.os.linux.questions, Ant
wrote:

> Do I chown and chmod to my user/accountname or what? I
> don't know what this chroot jail thing is about.

Here's a working set up from a Centos 5 system which should give you an idea of
how it works.

cert = /etc/stunnel/stunnel.pem
chroot = /var/run/stunnel/
setuid = nobody
setgid = nobody
; PID is created inside chroot jail (/var/run/stunnel/stunnel.pid)
pid = /stunnel.pid
socket = l:TCP_NODELAY=1
socket = r:TCP_NODELAY=1
client = yes
output = /stunnel.log

chroot = points to a directory and all other paths and file names are then
relative to that - though I just checked my working system and it does not have
a /var/run/stunnel/etc/stunnel/stunnel.pem so the cert may be different. The
directory /var/run/stunnel is then owned by the uid/gid named in the
setuid/setgid lines and the dir has 700 permissions.


--
Trevor Hemsley, Brighton, UK
Trevor dot Hemsley at ntlworld dot com

On 6/15/2008 11:54 AM PT, Trevor Hemsley typed:

> On Sun, 15 Jun 2008 17:09:52 UTC in comp.os.linux.questions, Ant
> wrote:
>
>> Do I chown and chmod to my user/accountname or what? I
>> don't know what this chroot jail thing is about.
>
> Here's a working set up from a Centos 5 system which should give you an idea of
> how it works.
>
> cert = /etc/stunnel/stunnel.pem
> chroot = /var/run/stunnel/
> setuid = nobody
> setgid = nobody
> ; PID is created inside chroot jail (/var/run/stunnel/stunnel.pid)
> pid = /stunnel.pid
> socket = l:TCP_NODELAY=1
> socket = r:TCP_NODELAY=1
> client = yes
> output = /stunnel.log
>
> chroot = points to a directory and all other paths and file names are then
> relative to that - though I just checked my working system and it does not have
> a /var/run/stunnel/etc/stunnel/stunnel.pem so the cert may be different. The
> directory /var/run/stunnel is then owned by the uid/gid named in the
> setuid/setgid lines and the dir has 700 permissions.

Is your sample/example same as this one (didn't change anything in it) I
have?
# cat /etc/stunnel/stunnel.conf
; Sample stunnel configuration file by Michal Trojnara 2002-2006
; Some options used here may not be adequate for your particular
configuration
; Please make sure you understand them (especially the effect of chroot
jail)

; Certificate/key is needed in server mode and optional in client mode
cert = /etc/stunnel/mail.pem
;key = /etc/stunnel/mail.pem

; Protocol version (all, SSLv2, SSLv3, TLSv1)
sslVersion = SSLv3

; Some security enhancements for UNIX systems - comment them out on Win32
chroot = /var/lib/stunnel4/
setuid = stunnel4
setgid = stunnel4
; PID is created inside chroot jail
pid = /stunnel4.pid

; Some performance tunings
socket = l:TCP_NODELAY=1
socket = r:TCP_NODELAY=1
;compression = rle

; Workaround for Eudora bug
;options = DONT_INSERT_EMPTY_FRAGMENTS

; Authentication stuff
;verify = 2
; Don't forget to c_rehash CApath
; CApath is located inside chroot jail
;CApath = /certs
; It's often easier to use CAfile
;CAfile = /etc/stunnel/certs.pem
; Don't forget to c_rehash CRLpath
; CRLpath is located inside chroot jail
;CRLpath = /crls
; Alternatively you can use CRLfile
;CRLfile = /etc/stunnel/crls.pem

; Some debugging stuff useful for troubleshooting
;debug = 7
;output = /var/log/stunnel4/stunnel.log

; Use it for client mode
;client = yes

; Service-level configuration

[pop3s]
accept = 995
connect = 110

[imaps]
accept = 993
connect = 143

[ssmtp]
accept = 465
connect = 25

;[https]
;accept = 443
;connect = 80
;TIMEOUTclose = 0

; vim:ft=dosini


If not, then where would I put this sample/example in and what filename?
--
"Now I have you where I want you... where is my jar of Bull ants?" --unknown
/\___/\
/ /\ /\ \ Phil/Ant @ http://antfarm.home.dhs.org (Personal Web Site)
| |o o| | Ant's Quality Foraged Links (AQFL): http://aqfl.net
\ _ / Remove ANT from e-mail address: philpi@earthlink.netANT
( ) or ANTant@zimage.com
Ant is currently not listening to any songs on his home computer. Go
Los Angeles/L.A. Lakers!

On Sun, 15 Jun 2008 19:16:41 UTC in comp.os.linux.questions, Ant
wrote:

> Is your sample/example same as this one (didn't change anything in it) I
> have?

Pretty much though slightly different. Yours should still be usable though. It
has a chroot line that says that everything is based relative to
/var/lib/stunnel4 so the pid = /stunnel4.pid line in it actualy means it will
try to create the file /var/lib/stunnel4/stunnel.pid and it will run as the user
'stunnel4'. That means that the directory /var/lib/stunnel4 needs to be owned by
the user stunnel4 and group stunnel4 and that the user will need write access to
it to be able to create the files there.

You need to uncomment the line that says
;client = yes
so that it reads
client = yes

For the purpose you want to use this for you also need to add the following
section

[nntps]
accept = 127.0.0.1:119
connect = news.giganews.com:563

Then point your tin to localhost:119 for its connections.

You may also want to remove the sections that are provided for [pop3s], [imaps]
and [ssmtp] (or comment them out anyway).

--
Trevor Hemsley, Brighton, UK
Trevor dot Hemsley at ntlworld dot com

On 6/15/2008 12:25 PM PT, Trevor Hemsley typed:

> Pretty much though slightly different. Yours should still be usable though. It
> has a chroot line that says that everything is based relative to
> /var/lib/stunnel4 so the pid = /stunnel4.pid line in it actualy means it will
> try to create the file /var/lib/stunnel4/stunnel.pid and it will run as the user
> 'stunnel4'. That means that the directory /var/lib/stunnel4 needs to be owned by
> the user stunnel4 and group stunnel4 and that the user will need write access to
> it to be able to create the files there.
>
> You need to uncomment the line that says
> ;client = yes
> so that it reads
> client = yes
>
> For the purpose you want to use this for you also need to add the following
> section
>
> [nntps]
> accept = 127.0.0.1:119
> connect = news.giganews.com:563
>
> Then point your tin to localhost:119 for its connections.
>
> You may also want to remove the sections that are provided for [pop3s], [imaps]
> and [ssmtp] (or comment them out anyway).

Here's what it looks like now (made a bckup copy of the original just in
case):

# cat stunnel.conf
; Sample stunnel configuration file by Michal Trojnara 2002-2006
; Some options used here may not be adequate for your particular
configuration
; Please make sure you understand them (especially the effect of chroot
jail)

; Certificate/key is needed in server mode and optional in client mode
cert = /etc/stunnel/mail.pem
;key = /etc/stunnel/mail.pem

; Protocol version (all, SSLv2, SSLv3, TLSv1)
sslVersion = SSLv3

; Some security enhancements for UNIX systems - comment them out on Win32
chroot = /var/lib/stunnel4/
setuid = stunnel4
setgid = stunnel4
; PID is created inside chroot jail
pid = /stunnel4.pid

; Some performance tunings
socket = l:TCP_NODELAY=1
socket = r:TCP_NODELAY=1
;compression = rle

; Workaround for Eudora bug
;options = DONT_INSERT_EMPTY_FRAGMENTS

; Authentication stuff
;verify = 2
; Don't forget to c_rehash CApath
; CApath is located inside chroot jail
;CApath = /certs
; It's often easier to use CAfile
;CAfile = /etc/stunnel/certs.pem
; Don't forget to c_rehash CRLpath
; CRLpath is located inside chroot jail
;CRLpath = /crls
; Alternatively you can use CRLfile
;CRLfile = /etc/stunnel/crls.pem

; Some debugging stuff useful for troubleshooting
;debug = 7
;output = /var/log/stunnel4/stunnel.log

; Use it for client mode
client = yes

; Service-level configuration

;[pop3s]
;accept = 995
;connect = 110

;[imaps]
;accept = 993
;connect = 143

;[ssmtp]
;accept = 465
;connect = 25

;[https]
;accept = 443
;connect = 80
;TIMEOUTclose = 0

[nntps]
accept = 127.0.0.1:119
connect = news.giganews.com:563

; vim:ft=dosini


I still seem to have problems running stunntel with tin:

$ stunnel -D 7 -c -d 119 -r localhost:119 ; tin -g localhost -p 119
tin 1.9.3 release 20080506 ("Dalintober") [UNIX] (c) Copyright 1991-2008
Iain Lea.
Connecting to localhost...
socket or connect problem
Failed to connect to NNTP server localhost. Exiting...

$ stunnel -D 7 -c -d 119 -r news.giganews.com:563 ; tin -g localhost -p 119
tin 1.9.3 release 20080506 ("Dalintober") [UNIX] (c) Copyright 1991-2008
Iain Lea.
Connecting to localhost...
socket or connect problem
Failed to connect to NNTP server localhost. Exiting...

$ stunnel tin -r localhost:119
2008.06.15 12:47:57 LOG7[5694:3082544816]: RAND_status claims sufficient
entropy for the PRNG
2008.06.15 12:47:57 LOG7[5694:3082544816]: PRNG seeded successfully
2008.06.15 12:47:57 LOG3[5694:3082544816]: /etc/stunnel/stunnel.pem: No
such file or directory (2)


Maybe I am doing all that wrong.
--
"The ants are my friends, they're blowin' in the wind. The ant, sir, is
blowin' in the wind." --the misheard lyrics to Bob Dylan's "Blowin' in
the Wind"
/\___/\
/ /\ /\ \ Phil/Ant @ http://antfarm.home.dhs.org (Personal Web Site)
| |o o| | Ant's Quality Foraged Links (AQFL): http://aqfl.net
\ _ / Remove ANT from e-mail address: philpi@earthlink.netANT
( ) or ANTant@zimage.com
Ant is currently not listening to any songs on his home computer. Go
Los Angeles/L.A. Lakers!

On Sun, 15 Jun 2008 19:51:03 UTC in comp.os.linux.questions, Ant
wrote:

> $ stunnel -D 7 -c -d 119 -r localhost:119 ; tin -g localhost -p 119

You need to find out which stunnel you are using and stick with it! This is an
stunnel v3 command line and what you have been tweaking is an stunnel v4
configuration file. I have no idea how Debian installs this for you but if you
have stunnel4 then maybe you have an /etc/init.d/stunnel4 script to start it up?
If so then you'd have to start that as root and it will read the config file and
do what it wants.

Or maybe it is stunnel4 and you're trying to pass it parameters that it's just
silently ignoring! The log output you post shows that it probably is reading
your conf file as it's talking about /etc/stunnel/stunnel.pem being missing -
perhaps you need to create it or point stunnel to one that does exist?


--
Trevor Hemsley, Brighton, UK
Trevor dot Hemsley at ntlworld dot com

On 6/15/2008 1:11 PM PT, Trevor Hemsley typed:

>> $ stunnel -D 7 -c -d 119 -r localhost:119 ; tin -g localhost -p 119
>
> You need to find out which stunnel you are using and stick with it! This is an
> stunnel v3 command line and what you have been tweaking is an stunnel v4
> configuration file. I have no idea how Debian installs this for you but if you
> have stunnel4 then maybe you have an /etc/init.d/stunnel4 script to start it up?
> If so then you'd have to start that as root and it will read the config file and
> do what it wants.
>
> Or maybe it is stunnel4 and you're trying to pass it parameters that it's just
> silently ignoring! The log output you post shows that it probably is reading
> your conf file as it's talking about /etc/stunnel/stunnel.pem being missing -
> perhaps you need to create it or point stunnel to one that does exist?

I think I know what happened:

# apt-cache show stunnel
Package: stunnel
Priority: optional
Section: net
Installed-Size: 40
Maintainer: Luis Rodrigo Gallardo Cruz
Architecture: all
Source: stunnel4
Version: 3:4.22-1.1
Depends: stunnel4 (>= 3:4.20-3)
Filename: pool/main/s/stunnel4/stunnel_4.22-1.1_all.deb
Size: 10166
MD5sum: 9d3162fdeb77a7d4b62fddefc62cdf9f
SHA1: f9b3271905c413176406fef8d30ff111b8b9cc02
SHA256: 616d7c80d6269bbfe5530a20ff5214c8df9e92a054f39cfd9e 8f815caa77e5d1
Description: dummy upgrade package
stunnel version 3 has been removed from Debian. This is a dummy package
to ease upgrading to stunnel4.

Ant wrote:
> On 6/15/2008 4:06 AM PT, Trevor Hemsley typed:
>
>>> Here is the version in Debian (I apt-get update and upgrade daily):
>>
>> Sorry, I can't help, v3 is too old and I have forgotten all about it.
>> The difference between v3 and v4 is mainly the addition of
>> stunnel.conf and the dropping of all the command line parameters. I
>> have no idea why Debian should continue to ship something that hasn't
>> been updated in about 7 years but all other distros that I've used
>> switched to v4 a long time ago.
>> I do know that stunnel is very fussy about permissions on all its
>> directories though so it's possible that just creating the directory
>> is not enough, you might have to chown/chmod it too. It's also
>> possible that stunnel is running from a chroot jail in which case you
>> might need to be creating //var/run/stunnel
>
> Someone else suggested:
>
> $ stunnel -f -c -d 1119 -r news.giganews.com:563
> 2008.06.15 09:45:06 LOG5[2756:3082602160]: Using 'news.giganews.com.563'
> as tcpwrapper service name
> 2008.06.15 09:45:06 LOG5[2756:3082602160]: stunnel 3.26 on
> i486-pc-linux-gnu PTHREAD+LIBWRAP with OpenSSL 0.9.8g 19 Oct 2007
> 2008.06.15 09:45:06 LOG3[2756:3082602160]: Argument to -P
> (/var/run/stunnel/) is not valid a directory name
>
> Then, I tried uninstalling and reinstalling stunnel and stunnel4
> packages via apt-get command. I retried and got different results:
>
> $ stunnel -f -c -d 1119 -r news.giganews.com:563
> 2008.06.15 10:02:12 LOG5[3325:3082749616]: stunnel 4.22 on
> i486-pc-linux-gnu with OpenSSL 0.9.8g 19 Oct 2007
> 2008.06.15 10:02:12 LOG5[3325:3082749616]: Threading:PTHREAD SSL:ENGINE
> Sockets:POLL,IPv6 Auth:LIBWRAP
> 2008.06.15 10:02:12 LOG5[3325:3082749616]: 500 clients allowed
> 2008.06.15 10:02:12 LOG3[3325:3082749616]: Cannot create pid file
> /var/run/stunnel4.pid
> 2008.06.15 10:02:12 LOG3[3325:3082749616]: create: Permission denied (13)
>
> [snip]
>
> It seems like it is mentioning the same permission problems you are
> referring to. Do I chown and chmod to my user/accountname or what? I
> don't know what this chroot jail thing is about.

Only root can create pid files in /var/run.

I choose not to run stunnel as root (actually I run it "nobody" using
options in stunnel.conf), so I create a subdir (/var/run/stunnel) owned
by "nobody" and change the pidfile directory using one of the options in
stunnel.conf. The man page describes the options.

On Sun, 15 Jun 2008 20:20:04 UTC in comp.os.linux.questions, Ant
wrote:

> It looks like I have BOTH v3 and v4. I tried the same command as earlier
> with stunnel4 (e.g., stunnel4 -D 7 -c -d 119 -r localhost:119 ; tin -g
> localhost -p 119), but still get the same errors.

V4 takes none of those parameters - it pretty much just wants the location of
its config file. All the other stuff you've given it there is either ignored or
is causing an error (ignored mst likely).

> # ls -all /usr/bin/stunnel*

What would be far more interesting is the output from ls -la /var/lib/stunnel4

--
Trevor Hemsley, Brighton, UK
Trevor dot Hemsley at ntlworld dot com

On 6/15/2008 2:51 PM PT, Trevor Hemsley typed:

> On Sun, 15 Jun 2008 20:20:04 UTC in comp.os.linux.questions, Ant
> wrote:
>
>> It looks like I have BOTH v3 and v4. I tried the same command as earlier
>> with stunnel4 (e.g., stunnel4 -D 7 -c -d 119 -r localhost:119 ; tin -g
>> localhost -p 119), but still get the same errors.
>
> V4 takes none of those parameters - it pretty much just wants the location of
> its config file. All the other stuff you've given it there is either ignored or
> is causing an error (ignored mst likely).

Ah. And you say my config file should work. Hmm.


>> # ls -all /usr/bin/stunnel*
>
> What would be far more interesting is the output from ls -la /var/lib/stunnel4

$ ls -la /var/lib/stunnel4
total 8
drwxr-xr-x 2 stunnel4 stunnel4 4096 2008-06-15 09:49 .
drwxr-xr-x 63 root root 4096 2008-06-15 09:49 ..

Doesn't seem to help (empty)?
--
"To conquer the world, we must be as meticulus and calculating as a
colony of ants on the march." --Julius Caesar
/\___/\
/ /\ /\ \ Phil/Ant @ http://antfarm.home.dhs.org (Personal Web Site)
| |o o| | Ant's Quality Foraged Links (AQFL): http://aqfl.net
\ _ / Remove ANT from e-mail address: philpi@earthlink.netANT
( ) or ANTant@zimage.com
Ant is currently not listening to any songs on his home computer. Go
Los Angeles/L.A. Lakers!

On 6/15/2008 2:36 PM PT, Allen Kistler typed:

>>>> Here is the version in Debian (I apt-get update and upgrade daily):
>>>
>>> Sorry, I can't help, v3 is too old and I have forgotten all about it.
>>> The difference between v3 and v4 is mainly the addition of
>>> stunnel.conf and the dropping of all the command line parameters. I
>>> have no idea why Debian should continue to ship something that hasn't
>>> been updated in about 7 years but all other distros that I've used
>>> switched to v4 a long time ago.
>>> I do know that stunnel is very fussy about permissions on all its
>>> directories though so it's possible that just creating the directory
>>> is not enough, you might have to chown/chmod it too. It's also
>>> possible that stunnel is running from a chroot jail in which case you
>>> might need to be creating //var/run/stunnel
>>
>> Someone else suggested:
>>
>> $ stunnel -f -c -d 1119 -r news.giganews.com:563
>> 2008.06.15 09:45:06 LOG5[2756:3082602160]: Using 'news.giganews.com.563'
>> as tcpwrapper service name
>> 2008.06.15 09:45:06 LOG5[2756:3082602160]: stunnel 3.26 on
>> i486-pc-linux-gnu PTHREAD+LIBWRAP with OpenSSL 0.9.8g 19 Oct 2007
>> 2008.06.15 09:45:06 LOG3[2756:3082602160]: Argument to -P
>> (/var/run/stunnel/) is not valid a directory name
>>
>> Then, I tried uninstalling and reinstalling stunnel and stunnel4
>> packages via apt-get command. I retried and got different results:
>>
>> $ stunnel -f -c -d 1119 -r news.giganews.com:563
>> 2008.06.15 10:02:12 LOG5[3325:3082749616]: stunnel 4.22 on
>> i486-pc-linux-gnu with OpenSSL 0.9.8g 19 Oct 2007
>> 2008.06.15 10:02:12 LOG5[3325:3082749616]: Threading:PTHREAD
>> SSL:ENGINE Sockets:POLL,IPv6 Auth:LIBWRAP
>> 2008.06.15 10:02:12 LOG5[3325:3082749616]: 500 clients allowed
>> 2008.06.15 10:02:12 LOG3[3325:3082749616]: Cannot create pid file
>> /var/run/stunnel4.pid
>> 2008.06.15 10:02:12 LOG3[3325:3082749616]: create: Permission denied (13)
>>
>> [snip]
>>
>> It seems like it is mentioning the same permission problems you are
>> referring to. Do I chown and chmod to my user/accountname or what? I
>> don't know what this chroot jail thing is about.
>
> Only root can create pid files in /var/run.
>
> I choose not to run stunnel as root (actually I run it "nobody" using
> options in stunnel.conf), so I create a subdir (/var/run/stunnel) owned
> by "nobody" and change the pidfile directory using one of the options in
> stunnel.conf. The man page describes the options.

I also do not run it as root especially for newgroup reading and
postings! Maybe I am not seeing it, but I don't see anything about
"nobody" in man for both stunnel3 and stunnel4 commands. I see these two
in my /var/run/:

drwxrwxrwt 2 root root 4096 2008-06-15 11:27 stunnel
drwxr-xr-x 2 stunnel4 stunnel4 4096 2008-06-15 10:00 stunnel4

Sorry if I found like a newbie. I am with this stunnel and not that
knowledgeable with Linux. This stuff is pretty confusing!
--
"I don't understand them anymore, these people that travel the
commuter-trains to their dormitory towns. These people call themselves
human, but, by a pressure they do not feel, are forced to do their work
like ants. With what do they fill their time when they are free of work
on their silly little Sundays?" --Antoine de saint-Exupéry, 'Wind, Sand,
and Stars,' 1939
/\___/\
/ /\ /\ \ Phil/Ant @ http://antfarm.home.dhs.org (Personal Web Site)
| |o o| | Ant's Quality Foraged Links (AQFL): http://aqfl.net
\ _ / Remove ANT from e-mail address: philpi@earthlink.netANT
( ) or ANTant@zimage.com
Ant is currently not listening to any songs on his home computer. Go
Los Angeles/L.A. Lakers!

On Sun, 15 Jun 2008 22:14:25 UTC in comp.os.linux.questions, Ant
wrote:

> And you say my config file should work. Hmm.

There is an 'output =' line in the config file. I would uncomment that and point
it to /stunnel.log, start it up then look at /var/lib/stunnel4/stunnel.log for
pointers to the error. If it's missing a .pem file then you need to create one
and I don't know how you do that on Debian. You could also list all the files in
your /var/log directory and see if any of those contain useful info.

--
Trevor Hemsley, Brighton, UK
Trevor dot Hemsley at ntlworld dot com

On 6/15/2008 3:22 PM PT, Trevor Hemsley typed:

>> And you say my config file should work. Hmm.
>
> There is an 'output =' line in the config file. I would uncomment that and point
> it to /stunnel.log, start it up then look at /var/lib/stunnel4/stunnel.log for
> pointers to the error. If it's missing a .pem file then you need to create one
> and I don't know how you do that on Debian. You could also list all the files in
> your /var/log directory and see if any of those contain useful info.

I edited my /etc/stunnel/stunnel.log to remove comments in this section:
; Some debugging stuff useful for troubleshooting
debug = 7
output = /var/log/stunnel4/stunnel.log

$ stunnel4 ; tin -g localhost -p 1119

tin 1.9.3 release 20080506 ("Dalintober") [UNIX] (c) Copyright 1991-2008
Iain Lea.
Connecting to localhost:1119...
socket or connect problem
Failed to connect to NNTP server localhost. Exiting...


Am I using the right parameters for stunnel4 command? I recall using
port lower than 1024 requires root access so I added an "1" to make it
1119, but that didn't help either. Here's my stunnel.conf again with
requested changes:

$ cat stunnel.conf
; Sample stunnel configuration file by Michal Trojnara 2002-2006
; Some options used here may not be adequate for your particular
configuration
; Please make sure you understand them (especially the effect of chroot
jail)

; Certificate/key is needed in server mode and optional in client mode
cert = /etc/stunnel/mail.pem
;key = /etc/stunnel/mail.pem

; Protocol version (all, SSLv2, SSLv3, TLSv1)
sslVersion = SSLv3

; Some security enhancements for UNIX systems - comment them out on Win32
chroot = /var/lib/stunnel4/
setuid = stunnel4
setgid = stunnel4
; PID is created inside chroot jail
pid = /stunnel4.pid

; Some performance tunings
socket = l:TCP_NODELAY=1
socket = r:TCP_NODELAY=1
;compression = rle

; Workaround for Eudora bug
;options = DONT_INSERT_EMPTY_FRAGMENTS

; Authentication stuff
;verify = 2
; Don't forget to c_rehash CApath
; CApath is located inside chroot jail
;CApath = /certs
; It's often easier to use CAfile
;CAfile = /etc/stunnel/certs.pem
; Don't forget to c_rehash CRLpath
; CRLpath is located inside chroot jail
;CRLpath = /crls
; Alternatively you can use CRLfile
;CRLfile = /etc/stunnel/crls.pem

; Some debugging stuff useful for troubleshooting
debug = 7
output = /var/log/stunnel4/stunnel.log

; Use it for client mode
client = yes

; Service-level configuration

;[pop3s]
;accept = 995
;connect = 110

;[imaps]
;accept = 993
;connect = 143

;[ssmtp]
;accept = 465
;connect = 25

;[https]
;accept = 443
;connect = 80
;TIMEOUTclose = 0

[nntps]
accept = 127.0.0.1:1119
connect = news.giganews.com:563

; vim:ft=dosini


$ ls -l /var/log/stunnel4/stunnel.log
-rw-r--r-- 1 stunnel4 stunnel4 0 2008-06-15 09:49
/var/log/stunnel4/stunnel.log
It is empty.

$ ls -l /var/log
total 3680
-rw-r----- 1 root root 0 2008-06-15 06:25 acpid
-rw-r----- 1 root root 20 2008-06-08 06:25 acpid.1.gz
-rw-r----- 1 root root 20 2008-06-01 06:25 acpid.2.gz
-rw-r----- 1 root root 90 2008-05-28 12:51 acpid.3.gz
-rw-r----- 1 root root 64 2008-05-18 06:25 acpid.4.gz
-rw-r--r-- 1 root root 4798 2008-06-11 21:17 apcupsd.events
drwxr-xr-x 2 root root 4096 2008-06-01 06:25 apt
-rw-r--r-- 1 root root 0 2008-02-06 06:27 aptitude
-rw-r--r-- 1 root root 628 2008-02-05 13:08 aptitude.1.gz
-rw-r--r-- 1 root root 318 2007-12-04 15:16 aptitude.2.gz
-rw-r--r-- 1 root root 241 2007-12-03 15:21 aptitude.3.gz
-rw-r--r-- 1 root root 754 2007-08-27 23:09 aptitude.4.gz
-rw-r----- 1 root adm 12095 2008-06-15 15:45 auth.log
-rw-r----- 1 root adm 151385 2008-06-15 06:47 auth.log.0
-rw-r----- 1 root adm 9163 2008-06-08 06:47 auth.log.1.gz
-rw-r----- 1 root adm 27648 2008-06-01 06:47 auth.log.2.gz
-rw-r----- 1 root adm 8400 2008-05-25 06:47 auth.log.3.gz
drwxr-xr-x 2 root root 4096 2007-05-15 17:26 bittorrent
-rw-r----- 1 root adm 31 2007-08-27 23:00 boot
-rw-rw-r-- 1 root utmp 768 2008-06-10 07:35 btmp
-rw-rw-r-- 1 root utmp 0 2008-05-01 06:25 btmp.1
drwxr-xr-x 2 clamav clamav 4096 2008-06-15 06:25 clamav
drwxr-xr-x 2 root root 4096 2008-06-15 06:25 cups
-rw-r----- 1 root adm 15217 2008-06-15 15:20 daemon.log
-rw-r----- 1 root adm 28847 2008-06-15 04:49 daemon.log.0
-rw-r----- 1 root adm 1898 2008-06-08 06:19 daemon.log.1.gz
-rw-r----- 1 root adm 1344 2008-06-01 06:19 daemon.log.2.gz
-rw-r----- 1 root adm 1892 2008-05-25 05:49 daemon.log.3.gz
-rw-r----- 1 root adm 4479 2008-06-15 15:19 debug
-rw-r----- 1 root adm 2745 2008-06-15 04:23 debug.0
-rw-r----- 1 root adm 1115 2008-06-07 00:09 debug.1.gz
-rw-r----- 1 root adm 496 2008-05-31 15:12 debug.2.gz
-rw-r----- 1 root adm 184 2008-05-25 00:48 debug.3.gz
-rw-r----- 1 root root 7140 2008-06-15 15:25 denyhosts
-rw-r----- 1 root root 4873 2008-06-15 05:26 denyhosts.1.gz
-rw-r----- 1 root root 4912 2008-06-08 05:25 denyhosts.2.gz
-rw-r----- 1 root root 4989 2008-06-01 05:27 denyhosts.3.gz
-rw-r----- 1 root root 4777 2008-05-25 05:26 denyhosts.4.gz
-rw-r----- 1 root root 5081 2008-05-18 06:17 denyhosts.5.gz
-rw-r----- 1 root root 5094 2008-05-11 05:26 denyhosts.6.gz
-rw-r----- 1 root root 4683 2008-05-04 05:26 denyhosts.7.gz
-rw-r--r-- 1 root root 140 2008-06-15 06:25 dirmngr.log
-rw-r--r-- 1 root root 269 2008-06-15 06:25 dirmngr.log.1
-rw-r--r-- 1 root root 269 2008-06-08 06:25 dirmngr.log.2
-rw-r--r-- 1 root root 269 2008-06-01 06:25 dirmngr.log.3
-rw-r--r-- 1 root root 261 2008-05-25 06:25 dirmngr.log.4
-rw-r----- 1 root adm 15141 2008-03-11 20:49 dmesg
-rw-r----- 1 root adm 15141 2008-03-06 08:46 dmesg.0
-rw-r----- 1 root adm 5379 2008-02-21 21:39 dmesg.1.gz
-rw-r----- 1 root adm 5548 2008-02-16 16:08 dmesg.2.gz
-rw-r----- 1 root adm 5403 2008-01-26 23:02 dmesg.3.gz
-rw-r----- 1 root adm 5400 2008-01-26 22:58 dmesg.4.gz
-rw-r----- 1 root adm 252653 2008-06-15 10:00 dpkg.log
-rw-r----- 1 root adm 502069 2008-05-31 12:11 dpkg.log.1
-rw-r----- 1 root adm 28661 2007-09-30 14:21 dpkg.log.10.gz
-rw-r----- 1 root adm 73549 2007-08-31 14:45 dpkg.log.11.gz
-rw-r----- 1 root adm 40789 2008-04-30 11:52 dpkg.log.2.gz
-rw-r----- 1 root adm 24384 2008-03-31 11:11 dpkg.log.3.gz
-rw-r----- 1 root adm 5667 2008-03-09 15:28 dpkg.log.4.gz
-rw-r----- 1 root adm 25770 2008-02-29 11:53 dpkg.log.5.gz
-rw-r----- 1 root adm 26284 2008-01-31 14:03 dpkg.log.6.gz
-rw-r----- 1 root adm 34966 2007-12-31 12:55 dpkg.log.7.gz
-rw-r----- 1 root adm 26947 2007-11-27 08:54 dpkg.log.8.gz
-rw-r----- 1 root adm 12108 2007-10-31 06:36 dpkg.log.9.gz
drwxr-s--- 2 Debian-exim adm 4096 2008-06-15 06:25 exim4
-rw-r--r-- 1 root root 24048 2008-06-15 09:49 faillog
-rw-r--r-- 1 root root 2243 2008-04-11 11:55 fontconfig.log
drwxr-xr-x 2 root root 4096 2007-08-27 23:00 fsck
drwxr-xr-x 2 root root 4096 2007-08-28 03:27 gdm
drwxr-xr-x 3 root root 4096 2007-08-27 23:16 installer
-rw-r----- 1 root adm 1800 2008-06-15 15:10 kern.log
-rw-r----- 1 root adm 520607 2008-06-15 04:14 kern.log.0
-rw-r----- 1 root adm 28772 2008-06-08 06:37 kern.log.1.gz
-rw-r----- 1 root adm 18746 2008-05-31 23:53 kern.log.2.gz
-rw-r----- 1 root adm 9926 2008-05-25 00:39 kern.log.3.gz
-rw-r----- 1 root adm 30264 2008-03-09 06:46 kern.log.4.gz
-rw-r----- 1 root adm 86581 2008-03-04 01:56 kern.log.5.gz
-rw-r----- 1 root adm 85033 2008-02-25 06:25 kern.log.6.gz
drwxr-xr-x 2 root root 4096 2007-05-02 22:54 kismet
-rw-rw-r-- 1 root utmp 292584 2008-06-15 09:49 lastlog
-rw-r--r-- 1 root root 0 2007-08-28 06:16 lpr.log
-rw-r--r-- 1 root root 0 2007-08-28 06:16 mail.err
-rw-r--r-- 1 root root 0 2007-08-28 06:16 mail.info
-rw-r--r-- 1 root root 0 2007-08-28 06:16 mail.log
-rw-r--r-- 1 root root 0 2007-08-28 06:16 mail.warn
-rw-r----- 1 root adm 933 2008-06-15 15:36 messages
-rw-r----- 1 root adm 24083 2008-06-15 06:36 messages.0
-rw-r----- 1 root adm 2455 2008-06-08 06:47 messages.1.gz
-rw-r----- 1 root adm 2329 2008-06-01 06:46 messages.2.gz
-rw-r----- 1 root adm 1957 2008-05-25 06:46 messages.3.gz
drwxr-sr-x 2 news news 4096 2007-08-28 06:16 news
drwxr-xr-x 2 ntp ntp 4096 2007-08-28 01:08 ntpstats
-rw-r--r-- 1 root root 27645 2008-05-30 22:06
nvidia-installer.log
drwxr-xr-x 2 root root 4096 2006-10-24 18:06 partimage
-rw------- 1 root root 217617 2008-06-15 15:52 preload.log
-rw------- 1 root root 36890 2008-06-15 06:25 preload.log.1.gz
-rw------- 1 root root 39184 2008-06-14 06:25 preload.log.2.gz
-rw------- 1 root root 36847 2008-06-13 06:24 preload.log.3.gz
-rw------- 1 root root 38579 2008-06-12 06:24 preload.log.4.gz
-rw-r--r-- 1 root root 1434 2008-01-27 11:17 pycentral.log
-rw------- 1 root root 75509 2008-03-11 17:00 rkhunter.log
-rw------- 1 root root 5219 2008-03-11 16:59 rkhunter.log.old
drwxr-x--- 3 root adm 4096 2008-06-08 06:25 samba
-rw-r--r-- 1 root root 0 2008-06-15 06:25 scrollkeeper.log
-rw-r--r-- 1 root root 88935 2008-06-13 06:26 scrollkeeper.log.1
-rw-r--r-- 1 root root 152619 2008-06-06 06:42 scrollkeeper.log.2
drwxr-xr-x 2 stunnel4 stunnel4 4096 2008-06-15 09:49 stunnel4
-rw-r----- 1 root adm 18873 2008-06-15 15:36 syslog
-rw-r----- 1 root adm 74695 2008-06-15 06:25 syslog.0
-rw-r----- 1 root adm 3775 2008-06-14 06:25 syslog.1.gz
-rw-r----- 1 root adm 1991 2008-06-13 06:27 syslog.2.gz
-rw-r----- 1 root adm 3270 2008-06-12 06:25 syslog.3.gz
-rw-r----- 1 root adm 1950 2008-06-11 06:25 syslog.4.gz
-rw-r----- 1 root adm 19239 2008-06-10 06:25 syslog.5.gz
-rw-r----- 1 root adm 3027 2008-06-09 06:25 syslog.6.gz
-rw-r----- 1 root adm 0 2008-06-15 06:47 user.log
-rw-r----- 1 root adm 347 2008-06-13 06:30 user.log.0
-rw-r----- 1 root adm 173 2008-05-30 22:06 user.log.1.gz
-rw-r----- 1 root adm 133 2008-05-03 22:33 user.log.2.gz
-rw-r----- 1 root adm 188 2008-03-11 20:49 user.log.3.gz
-rw-r--r-- 1 root root 0 2007-08-28 06:16 uucp.log
-rw-r--r-- 1 root root 20556 2008-05-04 22:42 vbox-install.log
-rw------- 1 root root 0 2008-06-15 06:25 vsftpd.log
-rw------- 1 root root 1784 2008-06-14 16:48 vsftpd.log.1
-rw------- 1 root root 430 2008-05-17 15:52 vsftpd.log.2
-rw------- 1 root root 1286 2008-04-12 17:07 vsftpd.log.3
-rw------- 1 root root 1208 2008-03-15 16:39 vsftpd.log.4
-rw-rw-r-- 1 root utmp 61440 2008-06-14 16:44 wtmp
-rw-rw-r-- 1 root utmp 151296 2008-05-31 22:49 wtmp.1
-rw-r--r-- 1 root root 23368 2008-06-15 15:01 Xorg.0.log
-rw-r--r-- 1 root root 22467 2008-06-10 07:02 Xorg.0.log.old

$ locate .pem
/etc/ssl/certs/ABAecom_=sub.__Am._Bankers_Assn.=_Root_CA.pem
/etc/ssl/certs/AOL_Time_Warner_Root_Certification_Authority_1.pem
/etc/ssl/certs/AOL_Time_Warner_Root_Certification_Authority_2.pem
/etc/ssl/certs/AddTrust_External_Root.pem
/etc/ssl/certs/AddTrust_Low-Value_Services_Root.pem
/etc/ssl/certs/AddTrust_Public_Services_Root.pem
/etc/ssl/certs/AddTrust_Qualified_Certificates_Root.pem
/etc/ssl/certs/America_Online_Root_Certification_Authority_1.pem
/etc/ssl/certs/America_Online_Root_Certification_Authority_2.pem
/etc/ssl/certs/Baltimore_CyberTrust_Root.pem
/etc/ssl/certs/COMODO_Certification_Authority.pem
/etc/ssl/certs/Camerfirma_Chambers_of_Commerce_Root.pem
/etc/ssl/certs/Camerfirma_Global_Chambersign_Root.pem
/etc/ssl/certs/Certplus_Class_2_Primary_CA.pem
/etc/ssl/certs/Certum_Root_CA.pem
/etc/ssl/certs/Comodo_AAA_Services_root.pem
/etc/ssl/certs/Comodo_Secure_Services_root.pem
/etc/ssl/certs/Comodo_Trusted_Services_root.pem
/etc/ssl/certs/DST_ACES_CA_X6.pem
/etc/ssl/certs/DST_Root_CA_X3.pem
/etc/ssl/certs/DigiCert_Assured_ID_Root_CA.pem
/etc/ssl/certs/DigiCert_Global_Root_CA.pem
/etc/ssl/certs/DigiCert_High_Assurance_EV_Root_CA.pem
/etc/ssl/certs/Digital_Signature_Trust_Co._Global_CA_1.pem
/etc/ssl/certs/Digital_Signature_Trust_Co._Global_CA_2.pem
/etc/ssl/certs/Digital_Signature_Trust_Co._Global_CA_3.pem
/etc/ssl/certs/Digital_Signature_Trust_Co._Global_CA_4.pem
/etc/ssl/certs/Entrust.net_Global_Secure_Personal_CA.pem
/etc/ssl/certs/Entrust.net_Global_Secure_Server_CA.pem
/etc/ssl/certs/Entrust.net_Premium_2048_Secure_Server_CA.pem
/etc/ssl/certs/Entrust.net_Secure_Personal_CA.pem
/etc/ssl/certs/Entrust.net_Secure_Server_CA.pem
/etc/ssl/certs/Entrust_Root_Certification_Authority.pem
/etc/ssl/certs/Equifax_Secure_CA.pem
/etc/ssl/certs/Equifax_Secure_Global_eBusiness_CA.pem
/etc/ssl/certs/Equifax_Secure_eBusiness_CA_1.pem
/etc/ssl/certs/Equifax_Secure_eBusiness_CA_2.pem
/etc/ssl/certs/Firmaprofesional_Root_CA.pem
/etc/ssl/certs/GTE_CyberTrust_Global_Root.pem
/etc/ssl/certs/GTE_CyberTrust_Root_CA.pem
/etc/ssl/certs/GeoTrust_Global_CA.pem
/etc/ssl/certs/GeoTrust_Global_CA_2.pem
/etc/ssl/certs/GeoTrust_Primary_Certification_Authority.pem
/etc/ssl/certs/GeoTrust_Universal_CA.pem
/etc/ssl/certs/GeoTrust_Universal_CA_2.pem
/etc/ssl/certs/GlobalSign_Root_CA.pem
/etc/ssl/certs/GlobalSign_Root_CA_-_R2.pem
/etc/ssl/certs/Go_Daddy_Class_2_CA.pem
/etc/ssl/certs/IPS_CLASE1_root.pem
/etc/ssl/certs/IPS_CLASE3_root.pem
/etc/ssl/certs/IPS_CLASEA1_root.pem
/etc/ssl/certs/IPS_CLASEA3_root.pem
/etc/ssl/certs/IPS_Chained_CAs_root.pem
/etc/ssl/certs/IPS_Servidores_root.pem
/etc/ssl/certs/IPS_Timestamping_root.pem
/etc/ssl/certs/NetLock_Business_=Class_B=_Root.pem
/etc/ssl/certs/NetLock_Express_=Class_C=_Root.pem
/etc/ssl/certs/NetLock_Notary_=Class_A=_Root.pem
/etc/ssl/certs/NetLock_Qualified_=Class_QA=_Root.pem
/etc/ssl/certs/QuoVadis_Root_CA.pem
/etc/ssl/certs/QuoVadis_Root_CA_2.pem
/etc/ssl/certs/QuoVadis_Root_CA_3.pem
/etc/ssl/certs/QuoVadis_Root_Certification_Authority.pem
/etc/ssl/certs/RSA_Root_Certificate_1.pem
/etc/ssl/certs/RSA_Security_1024_v3.pem
/etc/ssl/certs/RSA_Security_2048_v3.pem
/etc/ssl/certs/SPI2007-ca.pem
/etc/ssl/certs/SPI_CA_2006-cacert.pem
/etc/ssl/certs/SecureTrust_CA.pem
/etc/ssl/certs/Secure_Global_CA.pem
/etc/ssl/certs/Security_Communication_Root_CA.pem
/etc/ssl/certs/Sonera_Class_1_Root_CA.pem
/etc/ssl/certs/Sonera_Class_2_Root_CA.pem
/etc/ssl/certs/Staat_der_Nederlanden_Root_CA.pem
/etc/ssl/certs/Starfield_Class_2_CA.pem
/etc/ssl/certs/StartCom_Certification_Authority.pem
/etc/ssl/certs/StartCom_Ltd..pem
/etc/ssl/certs/SwissSign_Gold_CA_-_G2.pem
/etc/ssl/certs/SwissSign_Platinum_CA_-_G2.pem
/etc/ssl/certs/SwissSign_Silver_CA_-_G2.pem
/etc/ssl/certs/Swisscom_Root_CA_1.pem
/etc/ssl/certs/TC_TrustCenter__Germany__Class_2_CA.pem
/etc/ssl/certs/TC_TrustCenter__Germany__Class_3_CA.pem
/etc/ssl/certs/TDC_Internet_Root_CA.pem
/etc/ssl/certs/TDC_OCES_Root_CA.pem
/etc/ssl/certs/TURKTRUST_Certificate_Services_Provider_Root_1.pem
/etc/ssl/certs/TURKTRUST_Certificate_Services_Provider_Root_2.pem
/etc/ssl/certs/Taiwan_GRCA.pem
/etc/ssl/certs/Thawte_Personal_Basic_CA.pem
/etc/ssl/certs/Thawte_Personal_Freemail_CA.pem
/etc/ssl/certs/Thawte_Personal_Premium_CA.pem
/etc/ssl/certs/Thawte_Premium_Server_CA.pem
/etc/ssl/certs/Thawte_Server_CA.pem
/etc/ssl/certs/Thawte_Time_Stamping_CA.pem
/etc/ssl/certs/UTN-USER_First-Network_Applications.pem
/etc/ssl/certs/UTN_DATACorp_SGC_Root_CA.pem
/etc/ssl/certs/UTN_USERFirst_Email_Root_CA.pem
/etc/ssl/certs/UTN_USERFirst_Hardware_Root_CA.pem
/etc/ssl/certs/UTN_USERFirst_Object_Root_CA.pem
/etc/ssl/certs/ValiCert_Class_1_VA.pem
/etc/ssl/certs/ValiCert_Class_2_VA.pem
/etc/ssl/certs/VeriSign_Class_3_Public_Primary_Certification_Auth ority_-_G5.pem
/etc/ssl/certs/Verisign_Class_1_Public_Primary_Certification_Auth ority.pem
/etc/ssl/certs/Verisign_Class_1_Public_Primary_Certification_Auth ority_-_G2.pem
/etc/ssl/certs/Verisign_Class_1_Public_Primary_Certification_Auth ority_-_G3.pem
/etc/ssl/certs/Verisign_Class_1_Public_Primary_OCSP_Responder.pem
/etc/ssl/certs/Verisign_Class_2_Public_Primary_Certification_Auth ority.pem
/etc/ssl/certs/Verisign_Class_2_Public_Primary_Certification_Auth ority_-_G2.pem
/etc/ssl/certs/Verisign_Class_2_Public_Primary_Certification_Auth ority_-_G3.pem
/etc/ssl/certs/Verisign_Class_2_Public_Primary_OCSP_Responder.pem
/etc/ssl/certs/Verisign_Class_3_Public_Primary_Certification_Auth ority.pem
/etc/ssl/certs/Verisign_Class_3_Public_Primary_Certification_Auth ority_-_G2.pem
/etc/ssl/certs/Verisign_Class_3_Public_Primary_Certification_Auth ority_-_G3.pem
/etc/ssl/certs/Verisign_Class_3_Public_Primary_OCSP_Responder.pem
/etc/ssl/certs/Verisign_Class_4_Public_Primary_Certification_Auth ority_-_G2.pem
/etc/ssl/certs/Verisign_Class_4_Public_Primary_Certification_Auth ority_-_G3.pem
/etc/ssl/certs/Verisign_RSA_Secure_Server_CA.pem
/etc/ssl/certs/Verisign_Secure_Server_OCSP_Responder.pem
/etc/ssl/certs/Verisign_Time_Stamping_Authority_CA.pem
/etc/ssl/certs/Visa_International_Global_Root_2.pem
/etc/ssl/certs/Visa_eCommerce_Root.pem
/etc/ssl/certs/Wells_Fargo_Root_CA.pem
/etc/ssl/certs/XRamp_Global_CA_Root.pem
/etc/ssl/certs/beTRUSTed_Root_CA-Baltimore_Implementation.pem
/etc/ssl/certs/beTRUSTed_Root_CA.pem
/etc/ssl/certs/beTRUSTed_Root_CA_-_Entrust_Implementation.pem
/etc/ssl/certs/beTRUSTed_Root_CA_-_RSA_Implementation.pem
/etc/ssl/certs/brasil.gov.br.pem
/etc/ssl/certs/ca.pem
/etc/ssl/certs/class3.pem
/etc/ssl/certs/deutsche-telekom-root-ca-2.pem
/etc/ssl/certs/root.pem
/etc/ssl/certs/signet_ca1_pem.pem
/etc/ssl/certs/signet_ca2_pem.pem
/etc/ssl/certs/signet_ca3_pem.pem
/etc/ssl/certs/signet_ocspklasa2_pem.pem
/etc/ssl/certs/signet_ocspklasa3_pem.pem
/etc/ssl/certs/signet_pca2_pem.pem
/etc/ssl/certs/signet_pca3_pem.pem
/etc/ssl/certs/signet_rootca_pem.pem
/etc/ssl/certs/signet_tsa1_pem.pem
/etc/ssl/certs/spi-ca-2003.pem
/etc/ssl/certs/spi-ca.pem
/etc/ssl/certs/spi-cacert-2008.pem
/etc/ssl/certs/ssl-cert-snakeoil.pem
/etc/ssl/certs/thawte_Primary_Root_CA.pem
/usr/share/doc/gpgsm/com-certs.pem.gz
/usr/share/doc/libgems-ruby1.8/test/private_key.pem
/usr/share/doc/libgems-ruby1.8/test/public_cert.pem
/usr/share/doc/libgems-ruby1.8/test/data/gem-private_key.pem
/usr/share/doc/libgems-ruby1.8/test/data/gem-public_cert.pem
/usr/share/gnupg2/com-certs.pem

I hope those help.
--
"At high tide the fish eat ants; at low tide the ants eat fish." --Thai
Proverb
/\___/\
/ /\ /\ \ Phil/Ant @ http://antfarm.home.dhs.org (Personal Web Site)
| |o o| | Ant's Quality Foraged Links (AQFL): http://aqfl.net
\ _ / Remove ANT from e-mail address: philpi@earthlink.netANT
( ) or ANTant@zimage.com
Ant is currently not listening to any songs on his home computer. Go
Los Angeles/L.A. Lakers!