I upgraded a server to PHP 8, (turned on remi-php80 repo, run yum update, accepted dependencies) only to discover it broke a pretty critical and fairly old PHP function.  To give myself time to debug, I wanted to get production going again.

I used yum to downgrade in this way:

Since I wanted to go back to php 7.4, so I disabled the remi-php80 repository.

I then ran

 yum downgrade php

This failed, showing me all the dependency packages that were up to version 8 as well.  So I added those to the downgrade list, which then showed more dependencies that needed to be downgraded, until I got the full list. 

Here is the final command that downgraded everything that was adjacent...

yum downgrade php php-common php-cli php-sodium php-process php-gd php-pecl-mcrypt php-mbstring php-xml php-pdo php-mysqlnd

And, all seems to be well!  I'll try to determine what in the scrollers isn't php 8 compliant, and go again...

To remove old kernels that clog up the boot partition:

 apt autoremove --purge

To capture traffic from my rsyslog encryption exercise and ensure the traffic was encrypted, I used tcpdump on the server, and wireshark on my local machine.

tcpdump -nnvvvS -s 0 -U -w /tmp/<capture file name> -i <interface> dst <destination IP> and dst port <port number>

tcp dump helpfully counts packets for you, so when I had several I turned off tcpdump (ctrl-C), and moved my capture file to my local machine, and opened it up in wireshark.

Logwatch is a great tool, until you want to change the default or do something different than how the basic install is configured.

Then the location of the conf files can be quite confusing.  Here are the basics you (and I) have to remember:

• Default conf files are in /usr/share/logwatch
• Other conf files and local changes to default conf files should be placed in /etc/logwatch/conf
• /etc/cron.daily/0logwatch (YMMV) overrides all, especially the mail or file output option...