majorlinux/majorwiki
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Compare commits

base: majorlinux:a785e858218a98ee7b1e1f2433fe053cb45da6c1
Branches Tags
majorlinux:main
majorlinux:code/majormac/wiki-draft-warp-iphonemirroring
majorlinux:code/majormac/tailscale-ios-hostname-fix
..
compare: majorlinux:c22457f1aa8a9a26fe438ff9093fe7a620ca747b
Branches Tags
majorlinux:main
majorlinux:code/majormac/wiki-draft-warp-iphonemirroring
majorlinux:code/majormac/tailscale-ios-hostname-fix

No commits in common. "a785e858218a98ee7b1e1f2433fe053cb45da6c1" and "c22457f1aa8a9a26fe438ff9093fe7a620ca747b" have entirely different histories.
a785e85821 ... c22457f1aa

2 changed files with 2 additions and 29 deletions
Show stats Expand all files Collapse all files

3
02-selfhosting/cloud/vps-migration-baseline-checklist.md
View file

@ -10,7 +10,7 @@ tags:
- checklist - checklist
status: published status: published
created: 2026-05-09 created: 2026-05-09
updated: 2026-05-13T10:35 updated: 2026-05-11T07:33
--- ---
# VPS Migration Baseline Checklist # VPS Migration Baseline Checklist
@ -61,7 +61,6 @@ Every server in the fleet should have these. Check each one after migration:
| SSH hardening | `openssh-server` | `openssh-server` | `configure_ssh_hardening.yml` | Key-only, no root password | | SSH hardening | `openssh-server` | `openssh-server` | `configure_ssh_hardening.yml` | Key-only, no root password |
| Timezone | — | — | — | US servers: `America/New_York`; UK: `Europe/London`. Hetzner defaults to UTC. | | Timezone | — | — | — | US servers: `America/New_York`; UK: `Europe/London`. Hetzner defaults to UTC. |
| CA bundle (Fedora) | `ca-certificates` | `ca-certificates` | — | Verify `/etc/pki/tls/certs/ca-bundle.crt` symlink exists — see [Fedora CA bundle fix](../../05-troubleshooting/security/fedora-ca-bundle-missing-symlink.md) | | CA bundle (Fedora) | `ca-certificates` | `ca-certificates` | — | Verify `/etc/pki/tls/certs/ca-bundle.crt` symlink exists — see [Fedora CA bundle fix](../../05-troubleshooting/security/fedora-ca-bundle-missing-symlink.md) |
| Syslog (Fedora) | `rsyslog` | — (pre-installed) | — | Fedora 44 Hetzner images have journald only. Logwatch needs `/var/log/messages` + `/var/log/secure`. |
### After Migration ### After Migration

28
02-selfhosting/monitoring/logwatch-fleet-setup.md
View file

@ -9,7 +9,7 @@ tags:
- ubuntu - ubuntu
status: published status: published
created: 2026-05-09 created: 2026-05-09
updated: 2026-05-13T10:35 updated: 2026-05-11T07:37
--- ---
# Logwatch Fleet Setup — Surviving Package Upgrades # Logwatch Fleet Setup — Surviving Package Upgrades
@ -117,32 +117,6 @@ dpkg -V logwatch # Debian
# Look for S.5....T. on the defaults file — means it was replaced # Look for S.5....T. on the defaults file — means it was replaced
# S = size, 5 = md5, T = timestamp changed # S = size, 5 = md5, T = timestamp changed
# Check if logwatch produces any output at all
logwatch --output stdout --range yesterday | wc -l
# If 0 lines — logwatch has no log data to report (see rsyslog section below)
```
## Fedora: rsyslog Missing — Logwatch Produces Zero Output
Fedora 44 cloud images (Hetzner, possibly others) ship with **journald only** — no rsyslog. This means `/var/log/messages`, `/var/log/secure`, and `/var/log/cron` do not exist. Logwatch scans those files, finds nothing, produces empty output, and sends no email. Exit code is still 0 — no error anywhere.
This is particularly insidious because everything else can be correct (crond running, postfix relaying, logwatch config pointing to the right recipient) and you'll still get silence.
```bash
# Diagnose
rpm -q rsyslog # "package rsyslog is not installed"
ls /var/log/messages # "No such file or directory"
# Fix
dnf install -y rsyslog
systemctl enable --now rsyslog
# Verify log files appear
ls /var/log/messages /var/log/secure /var/log/cron
# Test logwatch
logwatch --output stdout --range today | wc -l # should be >0
``` ```
## Fedora CA Bundle Missing — Postfix TLS Engine Unavailable ## Fedora CA Bundle Missing — Postfix TLS Engine Unavailable