LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 07-07-2018, 10:48 AM   #1
tombro
LQ Newbie
 
Registered: Mar 2009
Location: Sunny Florida, USA
Distribution: Fedora 28
Posts: 12

Rep: Reputation: 1
Downloading revoke.crl from crl.cacert.org creates sequentially numbered files


While setting up sendmail, I downloaded the revoke.crl file from http://crl.cacert.org. To stay current, cron does this weekly.
I noticed that every time a file is downloaded, it gets incremented by one.
So, now I have revoke.crl, revoke.crl.1, revoke.crl.2, etc.
Should I delete revoke.crl before downloading a new one?
Any information as to what's happening would be welcome.
 
Old 07-09-2018, 01:52 AM   #2
scasey
Senior Member
 
Registered: Feb 2013
Location: Tucson, AZ, USA
Distribution: CentOS 7.5
Posts: 1,790

Rep: Reputation: 562Reputation: 562Reputation: 562Reputation: 562Reputation: 562Reputation: 562
Can you show us the script that does the download, please?
 
Old 07-09-2018, 05:25 PM   #3
tombro
LQ Newbie
 
Registered: Mar 2009
Location: Sunny Florida, USA
Distribution: Fedora 28
Posts: 12

Original Poster
Rep: Reputation: 1
This is the script run weekly:
Quote:
#!/usr/bin/bash
#
cd /etc/pki/tls/certs
wget http://crl.cacert.org/revoke.crl
 
Old 07-09-2018, 06:06 PM   #4
scasey
Senior Member
 
Registered: Feb 2013
Location: Tucson, AZ, USA
Distribution: CentOS 7.5
Posts: 1,790

Rep: Reputation: 562Reputation: 562Reputation: 562Reputation: 562Reputation: 562Reputation: 562
From man wget: (emphasis added)
Code:
      -nc
       --no-clobber
           If a file is downloaded more than once in the same directory, Wget's behavior depends on a few options, including -nc.  In certain cases, the local file will be clobbered, or
           overwritten, upon repeated download.  In other cases it will be preserved.

           When running Wget without -N, -nc, -r, or -p, downloading the same file in the same directory will result in the original copy of file being preserved and the second copy being named
           file.1.  If that file is downloaded yet again, the third copy will be named file.2, and so on.  (This is also the behavior with -nd, even if -r or -p are in effect.)  When -nc is
           specified, this behavior is suppressed, and Wget will refuse to download newer copies of file.  Therefore, ""no-clobber"" is actually a misnomer in this mode---it's not clobbering
           that's prevented (as the numeric suffixes were already preventing clobbering), but rather the multiple version saving that's prevented.

           When running Wget with -r or -p, but without -N, -nd, or -nc, re-downloading a file will result in the new copy simply overwriting the old.  Adding -nc will prevent this behavior,
           instead causing the original version to be preserved and any newer copies on the server to be ignored.

           When running Wget with -N, with or without -r or -p, the decision as to whether or not to download a newer copy of a file depends on the local and remote timestamp and size of the
           file.  -nc may not be specified at the same time as -N.
I think you want wget -r ...but please review the man page and experiment accordingly.

man pages are your friend
 
Old 07-12-2018, 09:14 AM   #5
tombro
LQ Newbie
 
Registered: Mar 2009
Location: Sunny Florida, USA
Distribution: Fedora 28
Posts: 12

Original Poster
Rep: Reputation: 1
Sean - My bad! Thanks for reminding me of my own advice to others. RTFM
In this case, without full investigation, I copied the one liner in my haste to get this running.
 
Old 07-12-2018, 10:54 AM   #6
scasey
Senior Member
 
Registered: Feb 2013
Location: Tucson, AZ, USA
Distribution: CentOS 7.5
Posts: 1,790

Rep: Reputation: 562Reputation: 562Reputation: 562Reputation: 562Reputation: 562Reputation: 562
Glad to help...
FWIW, I usually use “RTM”, ‘cause there’s (usually) no need to cuss when giving that advice...

But then, I usually use IMO instead of IMHO, ‘cause I’m seldom humble
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Should CRL from CA2 fail user auth with certs issued by CA1 if CRL from CA1? rosect Linux - Security 1 02-08-2014 07:07 AM
TLS and CRL Linux_Kidd Linux - Security 1 12-12-2012 07:59 AM
problem when importing CRL into Firefox tklima Linux - Software 2 08-02-2010 10:27 AM
crl.pem and Oulook PcHammer Linux - Software 0 01-27-2005 02:39 AM
crl update is overdue --> What for? in IPSEC cmisip Linux - Security 3 12-02-2003 07:58 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 02:53 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration