-/bin/nano
\ No newline at end of file
+/usr/bin/vim.basic
\ No newline at end of file
-/usr/share/man/man1/nano.1.gz
\ No newline at end of file
+/usr/share/man/man1/vim.1.gz
\ No newline at end of file
--- /dev/null
+/usr/share/man/fr/man1/vim.1.gz
\ No newline at end of file
--- /dev/null
+/usr/share/man/it/man1/vim.1.gz
\ No newline at end of file
--- /dev/null
+/usr/share/man/ja/man1/vim.1.gz
\ No newline at end of file
--- /dev/null
+/usr/share/man/pl/man1/vim.1.gz
\ No newline at end of file
--- /dev/null
+/usr/share/man/ru/man1/vim.1.gz
\ No newline at end of file
--- /dev/null
+/usr/bin/mlocate
\ No newline at end of file
--- /dev/null
+/usr/share/man/man1/mlocate.1.gz
\ No newline at end of file
--- /dev/null
+/usr/bin/python2-pbr
\ No newline at end of file
--- /dev/null
+/bin/zsh5
\ No newline at end of file
--- /dev/null
+/usr/share/man/man1/zsh.1.gz
\ No newline at end of file
--- /dev/null
+/usr/bin/updatedb.mlocate
\ No newline at end of file
--- /dev/null
+/bin/zsh5
\ No newline at end of file
--- /dev/null
+/bin/zsh5
\ No newline at end of file
--- /dev/null
+# This is the main Apache server configuration file. It contains the
+# configuration directives that give the server its instructions.
+# See http://httpd.apache.org/docs/2.4/ for detailed information about
+# the directives and /usr/share/doc/apache2/README.Debian about Debian specific
+# hints.
+#
+#
+# Summary of how the Apache 2 configuration works in Debian:
+# The Apache 2 web server configuration in Debian is quite different to
+# upstream's suggested way to configure the web server. This is because Debian's
+# default Apache2 installation attempts to make adding and removing modules,
+# virtual hosts, and extra configuration directives as flexible as possible, in
+# order to make automating the changes and administering the server as easy as
+# possible.
+
+# It is split into several files forming the configuration hierarchy outlined
+# below, all located in the /etc/apache2/ directory:
+#
+# /etc/apache2/
+# |-- apache2.conf
+# | `-- ports.conf
+# |-- mods-enabled
+# | |-- *.load
+# | `-- *.conf
+# |-- conf-enabled
+# | `-- *.conf
+# `-- sites-enabled
+# `-- *.conf
+#
+#
+# * apache2.conf is the main configuration file (this file). It puts the pieces
+# together by including all remaining configuration files when starting up the
+# web server.
+#
+# * ports.conf is always included from the main configuration file. It is
+# supposed to determine listening ports for incoming connections which can be
+# customized anytime.
+#
+# * Configuration files in the mods-enabled/, conf-enabled/ and sites-enabled/
+# directories contain particular configuration snippets which manage modules,
+# global configuration fragments, or virtual host configurations,
+# respectively.
+#
+# They are activated by symlinking available configuration files from their
+# respective *-available/ counterparts. These should be managed by using our
+# helpers a2enmod/a2dismod, a2ensite/a2dissite and a2enconf/a2disconf. See
+# their respective man pages for detailed information.
+#
+# * The binary is called apache2. Due to the use of environment variables, in
+# the default configuration, apache2 needs to be started/stopped with
+# /etc/init.d/apache2 or apache2ctl. Calling /usr/bin/apache2 directly will not
+# work with the default configuration.
+
+
+# Global configuration
+#
+
+#
+# ServerRoot: The top of the directory tree under which the server's
+# configuration, error, and log files are kept.
+#
+# NOTE! If you intend to place this on an NFS (or otherwise network)
+# mounted filesystem then please read the Mutex documentation (available
+# at <URL:http://httpd.apache.org/docs/2.4/mod/core.html#mutex>);
+# you will save yourself a lot of trouble.
+#
+# Do NOT add a slash at the end of the directory path.
+#
+#ServerRoot "/etc/apache2"
+
+#
+# The accept serialization lock file MUST BE STORED ON A LOCAL DISK.
+#
+Mutex file:${APACHE_LOCK_DIR} default
+
+#
+# PidFile: The file in which the server should record its process
+# identification number when it starts.
+# This needs to be set in /etc/apache2/envvars
+#
+PidFile ${APACHE_PID_FILE}
+
+#
+# Timeout: The number of seconds before receives and sends time out.
+#
+Timeout 300
+
+#
+# KeepAlive: Whether or not to allow persistent connections (more than
+# one request per connection). Set to "Off" to deactivate.
+#
+KeepAlive On
+
+#
+# MaxKeepAliveRequests: The maximum number of requests to allow
+# during a persistent connection. Set to 0 to allow an unlimited amount.
+# We recommend you leave this number high, for maximum performance.
+#
+MaxKeepAliveRequests 100
+
+#
+# KeepAliveTimeout: Number of seconds to wait for the next request from the
+# same client on the same connection.
+#
+KeepAliveTimeout 5
+
+
+# These need to be set in /etc/apache2/envvars
+User ${APACHE_RUN_USER}
+Group ${APACHE_RUN_GROUP}
+
+#
+# HostnameLookups: Log the names of clients or just their IP addresses
+# e.g., www.apache.org (on) or 204.62.129.132 (off).
+# The default is off because it'd be overall better for the net if people
+# had to knowingly turn this feature on, since enabling it means that
+# each client request will result in AT LEAST one lookup request to the
+# nameserver.
+#
+HostnameLookups Off
+
+# ErrorLog: The location of the error log file.
+# If you do not specify an ErrorLog directive within a <VirtualHost>
+# container, error messages relating to that virtual host will be
+# logged here. If you *do* define an error logfile for a <VirtualHost>
+# container, that host's errors will be logged there and not here.
+#
+ErrorLog ${APACHE_LOG_DIR}/error.log
+
+#
+# LogLevel: Control the severity of messages logged to the error_log.
+# Available values: trace8, ..., trace1, debug, info, notice, warn,
+# error, crit, alert, emerg.
+# It is also possible to configure the log level for particular modules, e.g.
+# "LogLevel info ssl:warn"
+#
+LogLevel warn
+
+# Include module configuration:
+IncludeOptional mods-enabled/*.load
+IncludeOptional mods-enabled/*.conf
+
+# Include list of ports to listen on
+Include ports.conf
+
+
+# Sets the default security model of the Apache2 HTTPD server. It does
+# not allow access to the root filesystem outside of /usr/share and /var/www.
+# The former is used by web applications packaged in Debian,
+# the latter may be used for local directories served by the web server. If
+# your system is serving content from a sub-directory in /srv you must allow
+# access here, or in any related virtual host.
+<Directory />
+ Options FollowSymLinks
+ AllowOverride None
+ Require all denied
+</Directory>
+
+<Directory /usr/share>
+ AllowOverride None
+ Require all granted
+</Directory>
+
+<Directory /var/www/>
+ Options Indexes FollowSymLinks
+ AllowOverride None
+ Require all granted
+</Directory>
+
+#<Directory /srv/>
+# Options Indexes FollowSymLinks
+# AllowOverride None
+# Require all granted
+#</Directory>
+
+
+
+
+# AccessFileName: The name of the file to look for in each directory
+# for additional configuration directives. See also the AllowOverride
+# directive.
+#
+AccessFileName .htaccess
+
+#
+# The following lines prevent .htaccess and .htpasswd files from being
+# viewed by Web clients.
+#
+<FilesMatch "^\.ht">
+ Require all denied
+</FilesMatch>
+
+
+#
+# The following directives define some format nicknames for use with
+# a CustomLog directive.
+#
+# These deviate from the Common Log Format definitions in that they use %O
+# (the actual bytes sent including headers) instead of %b (the size of the
+# requested file), because the latter makes it impossible to detect partial
+# requests.
+#
+# Note that the use of %{X-Forwarded-For}i instead of %h is not recommended.
+# Use mod_remoteip instead.
+#
+LogFormat "%v:%p %h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" vhost_combined
+LogFormat "%h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" combined
+LogFormat "%h %l %u %t \"%r\" %>s %O" common
+LogFormat "%{Referer}i -> %U" referer
+LogFormat "%{User-agent}i" agent
+
+# Include of directories ignores editors' and dpkg's backup files,
+# see README.Debian for details.
+
+# Include generic snippets of statements
+IncludeOptional conf-enabled/*.conf
+
+# Include the virtual host configurations:
+IncludeOptional sites-enabled/*.conf
+
+# vim: syntax=apache ts=4 sw=4 sts=4 sr noet
--- /dev/null
+# Read the documentation before enabling AddDefaultCharset.
+# In general, it is only a good idea if you know that all your files
+# have this encoding. It will override any encoding given in the files
+# in meta http-equiv or xml encoding tags.
+
+#AddDefaultCharset UTF-8
+
+# vim: syntax=apache ts=4 sw=4 sts=4 sr noet
--- /dev/null
+
+LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" \"%T\" \"%v\" \"%f\"" full
+LogFormat "%v:%p %h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\" \"%T\" \"%v\" \"%f\"" full_combined
+
+<IfModule logio_module>
+ # You need to enable mod_logio.c to use %I and %O
+ LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" \"%T\" \"%v\" \"%f\" %I %O" full_io
+ LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %I %O" combinedio
+ LogFormat "%v %h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %I %O" vhostio
+</IfModule>
+
+# vim: filetype=apache ts=4 sw=4 sts=4 sr noet
--- /dev/null
+# Customizable error responses come in three flavors:
+# 1) plain text
+# 2) local redirects
+# 3) external redirects
+#
+# Some examples:
+#ErrorDocument 500 "The server made a boo boo."
+#ErrorDocument 404 /missing.html
+#ErrorDocument 404 "/cgi-bin/missing_handler.pl"
+#ErrorDocument 402 http://www.example.com/subscription_info.html
+#
+
+#
+# Putting this all together, we can internationalize error responses.
+#
+# We use Alias to redirect any /error/HTTP_<error>.html.var response to
+# our collection of by-error message multi-language collections. We use
+# includes to substitute the appropriate text.
+#
+# You can modify the messages' appearance without changing any of the
+# default HTTP_<error>.html.var files by adding the line:
+#
+#Alias /error/include/ "/your/include/path/"
+#
+# which allows you to create your own set of files by starting with the
+# /usr/share/apache2/error/include/ files and copying them to /your/include/path/,
+# even on a per-VirtualHost basis. If you include the Alias in the global server
+# context, is has to come _before_ the 'Alias /error/ ...' line.
+#
+# The default include files will display your Apache version number and your
+# ServerAdmin email address regardless of the setting of ServerSignature.
+#
+# WARNING: The configuration below will NOT work out of the box if you have a
+# SetHandler directive in a <Location /> context somewhere. Adding
+# the following three lines AFTER the <Location /> context should
+# make it work in most cases:
+# <Location /error/>
+# SetHandler none
+# </Location>
+#
+# The internationalized error documents require mod_alias, mod_include
+# and mod_negotiation. To activate them, uncomment the following 37 lines.
+
+#<IfModule mod_negotiation.c>
+# <IfModule mod_include.c>
+# <IfModule mod_alias.c>
+#
+# Alias /error/ "/usr/share/apache2/error/"
+#
+# <Directory "/usr/share/apache2/error">
+# Options IncludesNoExec
+# AddOutputFilter Includes html
+# AddHandler type-map var
+# Order allow,deny
+# Allow from all
+# LanguagePriority en cs de es fr it nl sv pt-br ro
+# ForceLanguagePriority Prefer Fallback
+# </Directory>
+#
+# ErrorDocument 400 /error/HTTP_BAD_REQUEST.html.var
+# ErrorDocument 401 /error/HTTP_UNAUTHORIZED.html.var
+# ErrorDocument 403 /error/HTTP_FORBIDDEN.html.var
+# ErrorDocument 404 /error/HTTP_NOT_FOUND.html.var
+# ErrorDocument 405 /error/HTTP_METHOD_NOT_ALLOWED.html.var
+# ErrorDocument 408 /error/HTTP_REQUEST_TIME_OUT.html.var
+# ErrorDocument 410 /error/HTTP_GONE.html.var
+# ErrorDocument 411 /error/HTTP_LENGTH_REQUIRED.html.var
+# ErrorDocument 412 /error/HTTP_PRECONDITION_FAILED.html.var
+# ErrorDocument 413 /error/HTTP_REQUEST_ENTITY_TOO_LARGE.html.var
+# ErrorDocument 414 /error/HTTP_REQUEST_URI_TOO_LARGE.html.var
+# ErrorDocument 415 /error/HTTP_UNSUPPORTED_MEDIA_TYPE.html.var
+# ErrorDocument 500 /error/HTTP_INTERNAL_SERVER_ERROR.html.var
+# ErrorDocument 501 /error/HTTP_NOT_IMPLEMENTED.html.var
+# ErrorDocument 502 /error/HTTP_BAD_GATEWAY.html.var
+# ErrorDocument 503 /error/HTTP_SERVICE_UNAVAILABLE.html.var
+# ErrorDocument 506 /error/HTTP_VARIANT_ALSO_VARIES.html.var
+# </IfModule>
+# </IfModule>
+#</IfModule>
+
+# vim: syntax=apache ts=4 sw=4 sts=4 sr noet
--- /dev/null
+# Define an access log for VirtualHosts that don't define their own logfile
+CustomLog ${APACHE_LOG_DIR}/other_vhosts_access.log vhost_combined
+
+# vim: syntax=apache ts=4 sw=4 sts=4 sr noet
--- /dev/null
+#
+# Disable access to the entire file system except for the directories that
+# are explicitly allowed later.
+#
+# This currently breaks the configurations that come with some web application
+# Debian packages.
+#
+#<Directory />
+# AllowOverride None
+# Order Deny,Allow
+# Deny from all
+#</Directory>
+
+
+# Changing the following options will not really affect the security of the
+# server, but might make attacks slightly more difficult in some cases.
+
+#
+# ServerTokens
+# This directive configures what you return as the Server HTTP response
+# Header. The default is 'Full' which sends information about the OS-Type
+# and compiled in modules.
+# Set to one of: Full | OS | Minimal | Minor | Major | Prod
+# where Full conveys the most information, and Prod the least.
+#ServerTokens Minimal
+ServerTokens OS
+#ServerTokens Full
+
+#
+# Optionally add a line containing the server version and virtual host
+# name to server-generated pages (internal error documents, FTP directory
+# listings, mod_status and mod_info output etc., but not CGI generated
+# documents or custom error documents).
+# Set to "EMail" to also include a mailto: link to the ServerAdmin.
+# Set to one of: On | Off | EMail
+#ServerSignature Off
+ServerSignature On
+
+#
+# Allow TRACE method
+#
+# Set to "extended" to also reflect the request body (only for testing and
+# diagnostic purposes).
+#
+# Set to one of: On | Off | extended
+TraceEnable Off
+#TraceEnable On
+
+#
+# Forbid access to version control directories
+#
+# If you use version control systems in your document root, you should
+# probably deny access to their directories. For example, for subversion:
+#
+#<DirectoryMatch "/\.svn">
+# Require all denied
+#</DirectoryMatch>
+
+#
+# Setting this header will prevent MSIE from interpreting files as something
+# else than declared by the content type in the HTTP headers.
+# Requires mod_headers to be enabled.
+#
+#Header set X-Content-Type-Options: "nosniff"
+
+#
+# Setting this header will prevent other sites from embedding pages from this
+# site as frames. This defends against clickjacking attacks.
+# Requires mod_headers to be enabled.
+#
+#Header set X-Frame-Options: "sameorigin"
+
+
+# vim: syntax=apache ts=4 sw=4 sts=4 sr noet
--- /dev/null
+<IfModule mod_alias.c>
+ <IfModule mod_cgi.c>
+ Define ENABLE_USR_LIB_CGI_BIN
+ </IfModule>
+
+ <IfModule mod_cgid.c>
+ Define ENABLE_USR_LIB_CGI_BIN
+ </IfModule>
+
+ <IfDefine ENABLE_USR_LIB_CGI_BIN>
+ ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
+ <Directory "/usr/lib/cgi-bin">
+ AllowOverride None
+ Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
+ Require all granted
+ </Directory>
+ </IfDefine>
+</IfModule>
+
+# vim: syntax=apache ts=4 sw=4 sts=4 sr noet
--- /dev/null
+../conf-available/charset.conf
\ No newline at end of file
--- /dev/null
+../conf-available/custom-log.conf
\ No newline at end of file
--- /dev/null
+../conf-available/localized-error-pages.conf
\ No newline at end of file
--- /dev/null
+../conf-available/other-vhosts-access-log.conf
\ No newline at end of file
--- /dev/null
+../conf-available/security.conf
\ No newline at end of file
--- /dev/null
+../conf-available/serve-cgi-bin.conf
\ No newline at end of file
--- /dev/null
+# envvars - default environment variables for apache2ctl
+
+# this won't be correct after changing uid
+unset HOME
+
+# for supporting multiple apache2 instances
+if [ "${APACHE_CONFDIR##/etc/apache2-}" != "${APACHE_CONFDIR}" ] ; then
+ SUFFIX="-${APACHE_CONFDIR##/etc/apache2-}"
+else
+ SUFFIX=
+fi
+
+# Since there is no sane way to get the parsed apache2 config in scripts, some
+# settings are defined via environment variables and then used in apache2ctl,
+# /etc/init.d/apache2, /etc/logrotate.d/apache2, etc.
+export APACHE_RUN_USER=www-data
+export APACHE_RUN_GROUP=www-data
+# temporary state file location. This might be changed to /run in Wheezy+1
+export APACHE_PID_FILE=/var/run/apache2/apache2$SUFFIX.pid
+export APACHE_RUN_DIR=/var/run/apache2$SUFFIX
+export APACHE_LOCK_DIR=/var/lock/apache2$SUFFIX
+# Only /var/log/apache2 is handled by /etc/logrotate.d/apache2.
+export APACHE_LOG_DIR=/var/log/apache2$SUFFIX
+
+## The locale used by some modules like mod_dav
+export LANG=C
+## Uncomment the following line to use the system default locale instead:
+#. /etc/default/locale
+
+export LANG
+
+## The command to get the status for 'apache2ctl status'.
+## Some packages providing 'www-browser' need '--dump' instead of '-dump'.
+#export APACHE_LYNX='www-browser -dump'
+
+## If you need a higher file descriptor limit, uncomment and adjust the
+## following line (default is 8192):
+#APACHE_ULIMIT_MAX_FILES='ulimit -n 65536'
+
+## If you would like to pass arguments to the web server, add them below
+## to the APACHE_ARGUMENTS environment.
+#export APACHE_ARGUMENTS=''
+
+## Enable the debug mode for maintainer scripts.
+## This will produce a verbose output on package installations of web server modules and web application
+## installations which interact with Apache
+#export APACHE2_MAINTSCRIPT_DEBUG=1
--- /dev/null
+# Magic data for mod_mime_magic (originally for file(1) command)
+#
+# The format is 4-5 columns:
+# Column #1: byte number to begin checking from, ">" indicates continuation
+# Column #2: type of data to match
+# Column #3: contents of data to match
+# Column #4: MIME type of result
+# Column #5: MIME encoding of result (optional)
+
+#------------------------------------------------------------------------------
+# Localstuff: file(1) magic for locally observed files
+# Add any locally observed files here.
+
+# Real Audio (Magic .ra\0375)
+0 belong 0x2e7261fd audio/x-pn-realaudio
+0 string .RMF application/vnd.rn-realmedia
+
+#video/x-pn-realvideo
+#video/vnd.rn-realvideo
+#application/vnd.rn-realmedia
+# sigh, there are many mimes for that but the above are the most common.
+
+# Taken from magic, converted to magic.mime
+# mime types according to http://www.geocities.com/nevilo/mod.htm:
+# audio/it .it
+# audio/x-zipped-it .itz
+# audio/xm fasttracker modules
+# audio/x-s3m screamtracker modules
+# audio/s3m screamtracker modules
+# audio/x-zipped-mod mdz
+# audio/mod mod
+# audio/x-mod All modules (mod, s3m, 669, mtm, med, xm, it, mdz, stm, itz, xmz, s3z)
+
+# Taken from loader code from mikmod version 2.14
+# by Steve McIntyre (stevem@chiark.greenend.org.uk)
+# <doj@cubic.org> added title printing on 2003-06-24
+0 string MAS_UTrack_V00
+>14 string >/0 audio/x-mod
+#audio/x-tracker-module
+
+#0 string UN05 MikMod UNI format module sound data
+
+0 string Extended\ Module: audio/x-mod
+#audio/x-tracker-module
+##>17 string >\0 Title: "%s"
+
+21 string/c \!SCREAM! audio/x-mod
+#audio/x-screamtracker-module
+21 string BMOD2STM audio/x-mod
+#audio/x-screamtracker-module
+1080 string M.K. audio/x-mod
+#audio/x-protracker-module
+#>0 string >\0 Title: "%s"
+1080 string M!K! audio/x-mod
+#audio/x-protracker-module
+#>0 string >\0 Title: "%s"
+1080 string FLT4 audio/x-mod
+#audio/x-startracker-module
+#>0 string >\0 Title: "%s"
+1080 string FLT8 audio/x-mod
+#audio/x-startracker-module
+#>0 string >\0 Title: "%s"
+1080 string 4CHN audio/x-mod
+#audio/x-fasttracker-module
+#>0 string >\0 Title: "%s"
+1080 string 6CHN audio/x-mod
+#audio/x-fasttracker-module
+#>0 string >\0 Title: "%s"
+1080 string 8CHN audio/x-mod
+#audio/x-fasttracker-module
+#>0 string >\0 Title: "%s"
+1080 string CD81 audio/x-mod
+#audio/x-oktalyzer-tracker-module
+#>0 string >\0 Title: "%s"
+1080 string OKTA audio/x-mod
+#audio/x-oktalyzer-tracker-module
+#>0 string >\0 Title: "%s"
+# Not good enough.
+#1082 string CH
+#>1080 string >/0 %.2s-channel Fasttracker "oktalyzer" module sound data
+1080 string 16CN audio/x-mod
+#audio/x-taketracker-module
+#>0 string >\0 Title: "%s"
+1080 string 32CN audio/x-mod
+#audio/x-taketracker-module
+#>0 string >\0 Title: "%s"
+
+# Impuse tracker module (it)
+0 string IMPM audio/x-mod
+#>4 string >\0 "%s"
+#>40 leshort !0 compatible w/ITv%x
+#>42 leshort !0 created w/ITv%x
+
+#------------------------------------------------------------------------------
+# end local stuff
+#------------------------------------------------------------------------------
+
+# xml based formats!
+
+# svg
+
+0 string \<?xml
+# text/xml
+>38 string \<\!DOCTYPE\040svg image/svg+xml
+
+
+# xml
+0 string \<?xml text/xml
+
+
+#------------------------------------------------------------------------------
+# Java
+
+0 short 0xcafe
+>2 short 0xbabe application/java
+
+#------------------------------------------------------------------------------
+# audio: file(1) magic for sound formats
+#
+# from Jan Nicolai Langfeldt <janl@ifi.uio.no>,
+#
+
+# Sun/NeXT audio data
+0 string .snd
+>12 belong 1 audio/basic
+>12 belong 2 audio/basic
+>12 belong 3 audio/basic
+>12 belong 4 audio/basic
+>12 belong 5 audio/basic
+>12 belong 6 audio/basic
+>12 belong 7 audio/basic
+
+>12 belong 23 audio/x-adpcm
+
+# DEC systems (e.g. DECstation 5000) use a variant of the Sun/NeXT format
+# that uses little-endian encoding and has a different magic number
+# (0x0064732E in little-endian encoding).
+0 lelong 0x0064732E
+>12 lelong 1 audio/x-dec-basic
+>12 lelong 2 audio/x-dec-basic
+>12 lelong 3 audio/x-dec-basic
+>12 lelong 4 audio/x-dec-basic
+>12 lelong 5 audio/x-dec-basic
+>12 lelong 6 audio/x-dec-basic
+>12 lelong 7 audio/x-dec-basic
+# compressed (G.721 ADPCM)
+>12 lelong 23 audio/x-dec-adpcm
+
+# Bytes 0-3 of AIFF, AIFF-C, & 8SVX audio files are "FORM"
+# AIFF audio data
+8 string AIFF audio/x-aiff
+# AIFF-C audio data
+8 string AIFC audio/x-aiff
+# IFF/8SVX audio data
+8 string 8SVX audio/x-aiff
+
+
+
+# Creative Labs AUDIO stuff
+# Standard MIDI data
+0 string MThd audio/unknown
+#>9 byte >0 (format %d)
+#>11 byte >1 using %d channels
+# Creative Music (CMF) data
+0 string CTMF audio/unknown
+# SoundBlaster instrument data
+0 string SBI audio/unknown
+# Creative Labs voice data
+0 string Creative\ Voice\ File audio/unknown
+## is this next line right? it came this way...
+#>19 byte 0x1A
+#>23 byte >0 - version %d
+#>22 byte >0 \b.%d
+
+# [GRR 950115: is this also Creative Labs? Guessing that first line
+# should be string instead of unknown-endian long...]
+#0 long 0x4e54524b MultiTrack sound data
+#0 string NTRK MultiTrack sound data
+#>4 long x - version %ld
+
+# Microsoft WAVE format (*.wav)
+# [GRR 950115: probably all of the shorts and longs should be leshort/lelong]
+# Microsoft RIFF
+0 string RIFF
+# - WAVE format
+>8 string WAVE audio/x-wav
+>8 string/B AVI video/x-msvideo
+#
+>8 string CDRA image/x-coreldraw
+
+# AAC (aka MPEG-2 NBC)
+0 beshort&0xfff6 0xfff0 audio/X-HX-AAC-ADTS
+0 string ADIF audio/X-HX-AAC-ADIF
+0 beshort&0xffe0 0x56e0 audio/MP4A-LATM
+0 beshort 0x4De1 audio/MP4A-LATM
+
+# MPEG Layer 3 sound files
+0 beshort&0xfffe =0xfffa audio/mpeg
+#MP3 with ID3 tag
+0 string ID3 audio/mpeg
+# Ogg/Vorbis
+0 string OggS application/ogg
+
+#------------------------------------------------------------------------------
+# c-lang: file(1) magic for C programs or various scripts
+#
+
+# XPM icons (Greg Roelofs, newt@uchicago.edu)
+# ideally should go into "images", but entries below would tag XPM as C source
+0 string /*\ XPM image/x-xpmi 7bit
+
+# 3DS (3d Studio files)
+#16 beshort 0x3d3d image/x-3ds
+
+# this first will upset you if you're a PL/1 shop... (are there any left?)
+# in which case rm it; ascmagic will catch real C programs
+# C or REXX program text
+#0 string /* text/x-c
+# C++ program text
+#0 string // text/x-c++
+
+#------------------------------------------------------------------------------
+# commands: file(1) magic for various shells and interpreters
+#
+#0 string :\ shell archive or commands for antique kernel text
+0 string #!/bin/sh application/x-shellscript
+0 string #!\ /bin/sh application/x-shellscript
+0 string #!/bin/csh application/x-shellscript
+0 string #!\ /bin/csh application/x-shellscript
+# korn shell magic, sent by George Wu, gwu@clyde.att.com
+0 string #!/bin/ksh application/x-shellscript
+0 string #!\ /bin/ksh application/x-shellscript
+0 string #!/bin/tcsh application/x-shellscript
+0 string #!\ /bin/tcsh application/x-shellscript
+0 string #!/usr/local/tcsh application/x-shellscript
+0 string #!\ /usr/local/tcsh application/x-shellscript
+0 string #!/usr/local/bin/tcsh application/x-shellscript
+0 string #!\ /usr/local/bin/tcsh application/x-shellscript
+# bash shell magic, from Peter Tobias (tobias@server.et-inf.fho-emden.de)
+0 string #!/bin/bash application/x-shellscript
+0 string #!\ /bin/bash application/x-shellscript
+0 string #!/usr/local/bin/bash application/x-shellscript
+0 string #!\ /usr/local/bin/bash application/x-shellscript
+
+#
+# zsh/ash/ae/nawk/gawk magic from cameron@cs.unsw.oz.au (Cameron Simpson)
+0 string #!/bin/zsh application/x-shellscript
+0 string #!/usr/bin/zsh application/x-shellscript
+0 string #!/usr/local/bin/zsh application/x-shellscript
+0 string #!\ /usr/local/bin/zsh application/x-shellscript
+0 string #!/usr/local/bin/ash application/x-shellscript
+0 string #!\ /usr/local/bin/ash application/x-shellscript
+#0 string #!/usr/local/bin/ae Neil Brown's ae
+#0 string #!\ /usr/local/bin/ae Neil Brown's ae
+0 string #!/bin/nawk application/x-nawk
+0 string #!\ /bin/nawk application/x-nawk
+0 string #!/usr/bin/nawk application/x-nawk
+0 string #!\ /usr/bin/nawk application/x-nawk
+0 string #!/usr/local/bin/nawk application/x-nawk
+0 string #!\ /usr/local/bin/nawk application/x-nawk
+0 string #!/bin/gawk application/x-gawk
+0 string #!\ /bin/gawk application/x-gawk
+0 string #!/usr/bin/gawk application/x-gawk
+0 string #!\ /usr/bin/gawk application/x-gawk
+0 string #!/usr/local/bin/gawk application/x-gawk
+0 string #!\ /usr/local/bin/gawk application/x-gawk
+#
+0 string #!/bin/awk application/x-awk
+0 string #!\ /bin/awk application/x-awk
+0 string #!/usr/bin/awk application/x-awk
+0 string #!\ /usr/bin/awk application/x-awk
+# update to distinguish from *.vcf files by Joerg Jenderek: joerg dot jenderek at web dot de
+#0 regex BEGIN[[:space:]]*[{] application/x-awk
+
+# For Larry Wall's perl language. The ``eval'' line recognizes an
+# outrageously clever hack for USG systems.
+# Keith Waclena <keith@cerberus.uchicago.edu>
+0 string #!/bin/perl application/x-perl
+0 string #!\ /bin/perl application/x-perl
+0 string eval\ "exec\ /bin/perl application/x-perl
+0 string #!/usr/bin/perl application/x-perl
+0 string #!\ /usr/bin/perl application/x-perl
+0 string eval\ "exec\ /usr/bin/perl application/x-perl
+0 string #!/usr/local/bin/perl application/x-perl
+0 string #!\ /usr/local/bin/perl application/x-perl
+0 string eval\ "exec\ /usr/local/bin/perl application/x-perl
+
+#------------------------------------------------------------------------------
+# compress: file(1) magic for pure-compression formats (no archives)
+#
+# compress, gzip, pack, compact, huf, squeeze, crunch, freeze, yabba, whap, etc.
+#
+# Formats for various forms of compressed data
+# Formats for "compress" proper have been moved into "compress.c",
+# because it tries to uncompress it to figure out what's inside.
+
+# standard unix compress
+#0 string \037\235 application/x-compress
+
+# gzip (GNU zip, not to be confused with [Info-ZIP/PKWARE] zip archiver)
+#0 string \037\213 application/x-gzip
+
+0 string PK\003\004 application/x-zip
+
+# RAR archiver (Greg Roelofs, newt@uchicago.edu)
+0 string Rar! application/x-rar
+
+# According to gzip.h, this is the correct byte order for packed data.
+0 string \037\036 application/octet-stream
+#
+# This magic number is byte-order-independent.
+#
+0 short 017437 application/octet-stream
+
+# XXX - why *two* entries for "compacted data", one of which is
+# byte-order independent, and one of which is byte-order dependent?
+#
+# compacted data
+0 short 0x1fff application/octet-stream
+0 string \377\037 application/octet-stream
+# huf output
+0 short 0145405 application/octet-stream
+
+# Squeeze and Crunch...
+# These numbers were gleaned from the Unix versions of the programs to
+# handle these formats. Note that I can only uncrunch, not crunch, and
+# I didn't have a crunched file handy, so the crunch number is untested.
+# Keith Waclena <keith@cerberus.uchicago.edu>
+#0 leshort 0x76FF squeezed data (CP/M, DOS)
+#0 leshort 0x76FE crunched data (CP/M, DOS)
+
+# Freeze
+#0 string \037\237 Frozen file 2.1
+#0 string \037\236 Frozen file 1.0 (or gzip 0.5)
+
+# lzh?
+#0 string \037\240 LZH compressed data
+
+257 string ustar\0 application/x-tar posix
+257 string ustar\040\040\0 application/x-tar gnu
+
+0 short 070707 application/x-cpio
+0 short 0143561 application/x-cpio swapped
+
+0 string =<ar> application/x-archive
+0 string \!<arch> application/x-archive
+>8 string debian application/x-debian-package
+
+#------------------------------------------------------------------------------
+#
+# RPM: file(1) magic for Red Hat Packages Erik Troan (ewt@redhat.com)
+#
+0 beshort 0xedab
+>2 beshort 0xeedb application/x-rpm
+
+0 lelong&0x8080ffff 0x0000081a application/x-arc lzw
+0 lelong&0x8080ffff 0x0000091a application/x-arc squashed
+0 lelong&0x8080ffff 0x0000021a application/x-arc uncompressed
+0 lelong&0x8080ffff 0x0000031a application/x-arc packed
+0 lelong&0x8080ffff 0x0000041a application/x-arc squeezed
+0 lelong&0x8080ffff 0x0000061a application/x-arc crunched
+
+0 leshort 0xea60 application/x-arj
+
+# LHARC/LHA archiver (Greg Roelofs, newt@uchicago.edu)
+2 string -lh0- application/x-lharc lh0
+2 string -lh1- application/x-lharc lh1
+2 string -lz4- application/x-lharc lz4
+2 string -lz5- application/x-lharc lz5
+# [never seen any but the last; -lh4- reported in comp.compression:]
+2 string -lzs- application/x-lha lzs
+2 string -lh\ - application/x-lha lh
+2 string -lhd- application/x-lha lhd
+2 string -lh2- application/x-lha lh2
+2 string -lh3- application/x-lha lh3
+2 string -lh4- application/x-lha lh4
+2 string -lh5- application/x-lha lh5
+2 string -lh6- application/x-lha lh6
+2 string -lh7- application/x-lha lh7
+# Shell archives
+10 string #\ This\ is\ a\ shell\ archive application/octet-stream x-shell
+
+#------------------------------------------------------------------------------
+# frame: file(1) magic for FrameMaker files
+#
+# This stuff came on a FrameMaker demo tape, most of which is
+# copyright, but this file is "published" as witness the following:
+#
+0 string \<MakerFile application/x-frame
+0 string \<MIFFile application/x-frame
+0 string \<MakerDictionary application/x-frame
+0 string \<MakerScreenFon application/x-frame
+0 string \<MML application/x-frame
+0 string \<Book application/x-frame
+0 string \<Maker application/x-frame
+
+#------------------------------------------------------------------------------
+# html: file(1) magic for HTML (HyperText Markup Language) docs
+#
+# from Daniel Quinlan <quinlan@yggdrasil.com>
+#
+0 string/cB \<!DOCTYPE\ html text/html
+0 string/cb \<head text/html
+0 string/cb \<title text/html
+0 string/bc \<html text/html
+0 string \<!-- text/html
+0 string/c \<h1 text/html
+
+0 string \<?xml text/xml
+
+#------------------------------------------------------------------------------
+# images: file(1) magic for image formats (see also "c-lang" for XPM bitmaps)
+#
+# originally from jef@helios.ee.lbl.gov (Jef Poskanzer),
+# additions by janl@ifi.uio.no as well as others. Jan also suggested
+# merging several one- and two-line files into here.
+#
+# XXX - byte order for GIF and TIFF fields?
+# [GRR: TIFF allows both byte orders; GIF is probably little-endian]
+#
+
+# [GRR: what the hell is this doing in here?]
+#0 string xbtoa btoa'd file
+
+# PBMPLUS
+# PBM file
+0 string P1 image/x-portable-bitmap 7bit
+# PGM file
+0 string P2 image/x-portable-greymap 7bit
+# PPM file
+0 string P3 image/x-portable-pixmap 7bit
+# PBM "rawbits" file
+0 string P4 image/x-portable-bitmap
+# PGM "rawbits" file
+0 string P5 image/x-portable-greymap
+# PPM "rawbits" file
+0 string P6 image/x-portable-pixmap
+
+# NIFF (Navy Interchange File Format, a modification of TIFF)
+# [GRR: this *must* go before TIFF]
+0 string IIN1 image/x-niff
+
+# TIFF and friends
+# TIFF file, big-endian
+0 string MM image/tiff
+# TIFF file, little-endian
+0 string II image/tiff
+
+# possible GIF replacements; none yet released!
+# (Greg Roelofs, newt@uchicago.edu)
+#
+# GRR 950115: this was mine ("Zip GIF"):
+# ZIF image (GIF+deflate alpha)
+0 string GIF94z image/unknown
+#
+# GRR 950115: this is Jeremy Wohl's Free Graphics Format (better):
+# FGF image (GIF+deflate beta)
+0 string FGF95a image/unknown
+#
+# GRR 950115: this is Thomas Boutell's Portable Bitmap Format proposal
+# (best; not yet implemented):
+# PBF image (deflate compression)
+0 string PBF image/unknown
+
+# GIF
+0 string GIF image/gif
+
+# JPEG images
+0 beshort 0xffd8 image/jpeg
+
+# PC bitmaps (OS/2, Windoze BMP files) (Greg Roelofs, newt@uchicago.edu)
+0 string BM image/x-ms-bmp
+#>14 byte 12 (OS/2 1.x format)
+#>14 byte 64 (OS/2 2.x format)
+#>14 byte 40 (Windows 3.x format)
+#0 string IC icon
+#0 string PI pointer
+#0 string CI color icon
+#0 string CP color pointer
+#0 string BA bitmap array
+
+# CDROM Filesystems
+32769 string CD001 application/x-iso9660
+
+# Newer StuffIt archives (grant@netbsd.org)
+0 string StuffIt application/x-stuffit
+#>162 string >0 : %s
+
+# BinHex is the Macintosh ASCII-encoded file format (see also "apple")
+# Daniel Quinlan, quinlan@yggdrasil.com
+11 string must\ be\ converted\ with\ BinHex\ 4 application/mac-binhex40
+##>41 string x \b, version %.3s
+
+
+#------------------------------------------------------------------------------
+# lisp: file(1) magic for lisp programs
+#
+# various lisp types, from Daniel Quinlan (quinlan@yggdrasil.com)
+0 string ;; text/plain 8bit
+# Emacs 18 - this is always correct, but not very magical.
+0 string \012( application/x-elc
+# Emacs 19
+0 string ;ELC\023\000\000\000 application/x-elc
+
+#------------------------------------------------------------------------------
+# mail.news: file(1) magic for mail and news
+#
+# There are tests to ascmagic.c to cope with mail and news.
+0 string Relay-Version: message/rfc822 7bit
+0 string #!\ rnews message/rfc822 7bit
+0 string N#!\ rnews message/rfc822 7bit
+0 string Forward\ to message/rfc822 7bit
+0 string Pipe\ to message/rfc822 7bit
+0 string Return-Path: message/rfc822 7bit
+0 string Received: message/rfc822
+0 string Path: message/news 8bit
+0 string Xref: message/news 8bit
+0 string From: message/rfc822 7bit
+0 string Article message/news 8bit
+#------------------------------------------------------------------------------
+# msword: file(1) magic for MS Word files
+#
+# Contributor claims:
+# Reversed-engineered MS Word magic numbers
+#
+
+0 string \376\067\0\043 application/msword
+0 string \320\317\021\340\241\261 application/msword
+0 string \333\245-\0\0\0 application/msword
+
+
+
+#------------------------------------------------------------------------------
+# printer: file(1) magic for printer-formatted files
+#
+
+# PostScript
+0 string %! application/postscript
+0 string \004%! application/postscript
+
+# Acrobat
+# (due to clamen@cs.cmu.edu)
+0 string %PDF- application/pdf
+
+#------------------------------------------------------------------------------
+# sc: file(1) magic for "sc" spreadsheet
+#
+38 string Spreadsheet application/x-sc
+
+#------------------------------------------------------------------------------
+# tex: file(1) magic for TeX files
+#
+# XXX - needs byte-endian stuff (big-endian and little-endian DVI?)
+#
+# From <conklin@talisman.kaleida.com>
+
+# Although we may know the offset of certain text fields in TeX DVI
+# and font files, we can't use them reliably because they are not
+# zero terminated. [but we do anyway, christos]
+0 string \367\002 application/x-dvi
+#0 string \367\203 TeX generic font data
+#0 string \367\131 TeX packed font data
+#0 string \367\312 TeX virtual font data
+#0 string This\ is\ TeX, TeX transcript text
+#0 string This\ is\ METAFONT, METAFONT transcript text
+
+# There is no way to detect TeX Font Metric (*.tfm) files without
+# breaking them apart and reading the data. The following patterns
+# match most *.tfm files generated by METAFONT or afm2tfm.
+2 string \000\021 application/x-tex-tfm
+2 string \000\022 application/x-tex-tfm
+#>34 string >\0 (%s)
+
+# Texinfo and GNU Info, from Daniel Quinlan (quinlan@yggdrasil.com)
+0 string \\input\ texinfo text/x-texinfo
+0 string This\ is\ Info\ file text/x-info
+
+# correct TeX magic for Linux (and maybe more)
+# from Peter Tobias (tobias@server.et-inf.fho-emden.de)
+#
+0 leshort 0x02f7 application/x-dvi
+
+# RTF - Rich Text Format
+0 string {\\rtf text/rtf
+
+#------------------------------------------------------------------------------
+# animation: file(1) magic for animation/movie formats
+#
+# animation formats, originally from vax@ccwf.cc.utexas.edu (VaX#n8)
+# MPEG file
+# MPEG sequences
+0 belong 0x000001BA
+>4 byte &0x40 video/mp2p
+>4 byte ^0x40 video/mpeg
+0 belong 0x000001BB video/mpeg
+0 belong 0x000001B0 video/mp4v-es
+0 belong 0x000001B5 video/mp4v-es
+0 belong 0x000001B3 video/mpv
+0 belong&0xFF5FFF1F 0x47400010 video/mp2t
+0 belong 0x00000001
+>4 byte&0x1F 0x07 video/h264
+
+# FLI animation format
+0 leshort 0xAF11 video/fli
+# FLC animation format
+0 leshort 0xAF12 video/flc
+#
+# SGI and Apple formats
+# Added ISO mimes
+0 string MOVI video/sgi
+4 string moov video/quicktime
+4 string mdat video/quicktime
+4 string wide video/quicktime
+4 string skip video/quicktime
+4 string free video/quicktime
+4 string idsc image/x-quicktime
+4 string idat image/x-quicktime
+4 string pckg application/x-quicktime
+4 string/B jP image/jp2
+4 string ftyp
+>8 string isom video/mp4
+>8 string mp41 video/mp4
+>8 string mp42 video/mp4
+>8 string/B jp2 image/jp2
+>8 string 3gp video/3gpp
+>8 string avc1 video/3gpp
+>8 string mmp4 video/mp4
+>8 string/B M4A audio/mp4
+>8 string/B qt video/quicktime
+# The contributor claims:
+# I couldn't find a real magic number for these, however, this
+# -appears- to work. Note that it might catch other files, too,
+# so BE CAREFUL!
+#
+# Note that title and author appear in the two 20-byte chunks
+# at decimal offsets 2 and 22, respectively, but they are XOR'ed with
+# 255 (hex FF)! DL format SUCKS BIG ROCKS.
+#
+# DL file version 1 , medium format (160x100, 4 images/screen)
+0 byte 1 video/unknown
+0 byte 2 video/unknown
+#
+# Databases
+#
+# GDBM magic numbers
+# Will be maintained as part of the GDBM distribution in the future.
+# <downsj@teeny.org>
+0 belong 0x13579ace application/x-gdbm
+0 lelong 0x13579ace application/x-gdbm
+0 string GDBM application/x-gdbm
+#
+0 belong 0x061561 application/x-dbm
+#
+# Executables
+#
+0 string \177ELF
+>16 leshort 0 application/octet-stream
+>16 leshort 1 application/x-object
+>16 leshort 2 application/x-executable
+>16 leshort 3 application/x-sharedlib
+>16 leshort 4 application/x-coredump
+>16 beshort 0 application/octet-stream
+>16 beshort 1 application/x-object
+>16 beshort 2 application/x-executable
+>16 beshort 3 application/x-sharedlib
+>16 beshort 4 application/x-coredump
+#
+# DOS
+0 string MZ application/x-dosexec
+#
+# KDE
+0 string [KDE\ Desktop\ Entry] application/x-kdelnk
+0 string \#\ KDE\ Config\ File application/x-kdelnk
+# xmcd database file for kscd
+0 string \#\ xmcd text/xmcd
+
+#------------------------------------------------------------------------------
+# pkgadd: file(1) magic for SysV R4 PKG Datastreams
+#
+0 string #\ PaCkAgE\ DaTaStReAm application/x-svr4-package
+
+#PNG Image Format
+0 string \x89PNG image/png
+
+# MNG Video Format, <URL:http://www.libpng.org/pub/mng/spec/>
+0 string \x8aMNG video/x-mng
+0 string \x8aJNG video/x-jng
+
+#------------------------------------------------------------------------------
+# Hierarchical Data Format, used to facilitate scientific data exchange
+# specifications at http://hdf.ncsa.uiuc.edu/
+#Hierarchical Data Format (version 4) data
+0 belong 0x0e031301 application/x-hdf
+#Hierarchical Data Format (version 5) data
+0 string \211HDF\r\n\032 application/x-hdf
+
+# Adobe Photoshop
+0 string 8BPS image/x-photoshop
+
+# Felix von Leitner <felix-file@fefe.de>
+0 string d8:announce application/x-bittorrent
+
+
+# lotus 1-2-3 document
+0 belong 0x00001a00 application/x-123
+0 belong 0x00000200 application/x-123
+
+# MS Access database
+4 string Standard\ Jet\ DB application/msaccess
+
+## magic for XBase files
+#0 byte 0x02
+#>8 leshort >0
+#>>12 leshort 0 application/x-dbf
+#
+#0 byte 0x03
+#>8 leshort >0
+#>>12 leshort 0 application/x-dbf
+#
+#0 byte 0x04
+#>8 leshort >0
+#>>12 leshort 0 application/x-dbf
+#
+#0 byte 0x05
+#>8 leshort >0
+#>>12 leshort 0 application/x-dbf
+#
+#0 byte 0x30
+#>8 leshort >0
+#>>12 leshort 0 application/x-dbf
+#
+#0 byte 0x43
+#>8 leshort >0
+#>>12 leshort 0 application/x-dbf
+#
+#0 byte 0x7b
+#>8 leshort >0
+#>>12 leshort 0 application/x-dbf
+#
+#0 byte 0x83
+#>8 leshort >0
+#>>12 leshort 0 application/x-dbf
+#
+#0 byte 0x8b
+#>8 leshort >0
+#>>12 leshort 0 application/x-dbf
+#
+#0 byte 0x8e
+#>8 leshort >0
+#>>12 leshort 0 application/x-dbf
+#
+#0 byte 0xb3
+#>8 leshort >0
+#>>12 leshort 0 application/x-dbf
+#
+#0 byte 0xf5
+#>8 leshort >0
+#>>12 leshort 0 application/x-dbf
+#
+#0 leshort 0x0006 application/x-dbt
+
+# Debian has entries for the old PGP formats:
+# pgp: file(1) magic for Pretty Good Privacy
+# see http://lists.gnupg.org/pipermail/gnupg-devel/1999-September/016052.html
+#text/PGP key public ring
+0 beshort 0x9900 application/pgp
+#text/PGP key security ring
+0 beshort 0x9501 application/pgp
+#text/PGP key security ring
+0 beshort 0x9500 application/pgp
+#text/PGP encrypted data
+0 beshort 0xa600 application/pgp-encrypted
+#text/PGP armored data
+##public key block
+2 string ---BEGIN\ PGP\ PUBLIC\ KEY\ BLOCK- application/pgp-keys
+0 string -----BEGIN\040PGP\40MESSAGE- application/pgp
+0 string -----BEGIN\040PGP\40SIGNATURE- application/pgp-signature
+#
+# GnuPG Magic:
+#
+#
+#text/GnuPG key public ring
+0 beshort 0x9901 application/pgp
+#text/OpenPGP data
+0 beshort 0x8501 application/pgp-encrypted
+
+# flash: file(1) magic for Macromedia Flash file format
+#
+# See
+#
+# http://www.macromedia.com/software/flash/open/
+#
+0 string FWS
+>3 byte x application/x-shockwave-flash
+
+# The following paramaters are created for Namazu.
+# <http://www.namazu.org/>
+#
+# 1999/08/13
+#0 string \<!--\ MHonArc text/html; x-type=mhonarc
+0 string BZh application/x-bzip2
+
+# 1999/09/09
+# VRML (suggested by Masao Takaku)
+0 string #VRML\ V1.0\ ascii model/vrml
+0 string #VRML\ V2.0\ utf8 model/vrml
+
+#------------------------------------------------------------------------------
+# ichitaro456: file(1) magic for Just System Word Processor Ichitaro
+#
+# Contributor kenzo-:
+# Reversed-engineered JS Ichitaro magic numbers
+#
+
+0 string DOC
+>43 byte 0x14 application/ichitaro4
+>144 string JDASH application/ichitaro4
+
+0 string DOC
+>43 byte 0x15 application/ichitaro5
+
+0 string DOC
+>43 byte 0x16 application/ichitaro6
+
+#------------------------------------------------------------------------------
+# office97: file(1) magic for MicroSoft Office files
+#
+# Contributor kenzo-:
+# Reversed-engineered MS Office magic numbers
+#
+
+#0 string \320\317\021\340\241\261\032\341
+#>48 byte 0x1B application/excel
+
+2080 string Microsoft\ Excel\ 5.0\ Worksheet application/excel
+2114 string Biff5 application/excel
+
+0 string \224\246\056 application/msword
+
+0 belong 0x31be0000 application/msword
+
+0 string PO^Q` application/msword
+
+0 string \320\317\021\340\241\261\032\341
+>546 string bjbj application/msword
+>546 string jbjb application/msword
+
+512 string R\0o\0o\0t\0\ \0E\0n\0t\0r\0y application/msword
+
+2080 string Microsoft\ Word\ 6.0\ Document application/msword
+2080 string Documento\ Microsoft\ Word\ 6 application/msword
+2112 string MSWordDoc application/msword
+
+#0 string \320\317\021\340\241\261\032\341 application/powerpoint
+0 string \320\317\021\340\241\261\032\341 application/msword
+
+0 string #\ PaCkAgE\ DaTaStReAm application/x-svr4-package
+
+
+# WinNT/WinCE PE files (Warner Losh, imp@village.org)
+#
+128 string PE\000\000 application/octet-stream
+0 string PE\000\000 application/octet-stream
+
+# miscellaneous formats
+0 string LZ application/octet-stream
+
+
+# .EXE formats (Greg Roelofs, newt@uchicago.edu)
+#
+0 string MZ
+>24 string @ application/octet-stream
+
+0 string MZ
+>30 string Copyright\ 1989-1990\ PKWARE\ Inc. application/x-zip
+
+0 string MZ
+>30 string PKLITE\ Copr. application/x-zip
+
+0 string MZ
+>36 string LHa's\ SFX application/x-lha
+
+0 string MZ application/octet-stream
+
+# LHA archiver
+2 string -lh
+>6 string - application/x-lha
+
+
+# Zoo archiver
+20 lelong 0xfdc4a7dc application/x-zoo
+
+# ARC archiver
+0 lelong&0x8080ffff 0x0000081a application/x-arc
+0 lelong&0x8080ffff 0x0000091a application/x-arc
+0 lelong&0x8080ffff 0x0000021a application/x-arc
+0 lelong&0x8080ffff 0x0000031a application/x-arc
+0 lelong&0x8080ffff 0x0000041a application/x-arc
+0 lelong&0x8080ffff 0x0000061a application/x-arc
+
+# Microsoft Outlook's Transport Neutral Encapsulation Format (TNEF)
+0 lelong 0x223e9f78 application/ms-tnef
+
+# From: stephane.loeuillet@tiscali.f
+# http://www.djvuzone.org/
+0 string AT&TFORM image/x.djvu
+
+# Danny Milosavljevic <danny.milo@gmx.net>
+# this are adrift (adventure game standard) game files, extension .taf
+# depending on version magic continues with 0x93453E6139FA (V 4.0)
+# 0x9445376139FA (V 3.90)
+# 0x9445366139FA (V 3.80)
+# this is from source (http://www.adrift.org.uk/) and I have some taf
+# files, and checked them.
+#0 belong 0x3C423FC9
+#>4 belong 0x6A87C2CF application/x-adrift
+#0 string \000\000\001\000 image/x-ico
+
+# Quark Xpress 3 Files:
+# (made the mimetype up)
+0 string \0\0MMXPR3\0 application/x-quark-xpress-3
+
+# EET archive
+# From: Tilman Sauerbeck <tilman@code-monkey.de>
+0 belong 0x1ee7ff00 application/x-eet
+
+# From: Denis Knauf, via gentoo.
+0 string fLaC audio/x-flac
+0 string CWS application/x-shockwave-flash
+
+# Gnumeric spreadsheet
+# This entry is only semi-helpful, as Gnumeric compresses its files, so
+# they will ordinarily reported as "compressed", but at least -z helps
+39 string =<gmr:Workbook application/x-gnumeric
+
--- /dev/null
+# Depends: authn_core
+LoadModule access_compat_module /usr/lib/apache2/modules/mod_access_compat.so
--- /dev/null
+# a2enmod-note: needs-configuration
+
+#
+# Action lets you define media types that will execute a script whenever
+# a matching file is called. This eliminates the need for repeated URL
+# pathnames for oft-used CGI file processors.
+# Format: Action media/type /cgi-script/location
+# Format: Action handler-name /cgi-script/location
+#
+
+# vim: syntax=apache ts=4 sw=4 sts=4 sr noet
--- /dev/null
+LoadModule actions_module /usr/lib/apache2/modules/mod_actions.so
--- /dev/null
+<IfModule alias_module>
+ # Aliases: Add here as many aliases as you need (with no limit). The format is
+ # Alias fakename realname
+ #
+ # Note that if you include a trailing / on fakename then the server will
+ # require it to be present in the URL. So "/icons" isn't aliased in this
+ # example, only "/icons/". If the fakename is slash-terminated, then the
+ # realname must also be slash terminated, and if the fakename omits the
+ # trailing slash, the realname must also omit it.
+ #
+ # We include the /icons/ alias for FancyIndexed directory listings. If
+ # you do not use FancyIndexing, you may comment this out.
+
+ Alias /icons/ "/usr/share/apache2/icons/"
+
+ <Directory "/usr/share/apache2/icons">
+ Options FollowSymlinks
+ AllowOverride None
+ Require all granted
+ </Directory>
+
+</IfModule>
+
+# vim: syntax=apache ts=4 sw=4 sts=4 sr noet
--- /dev/null
+LoadModule alias_module /usr/lib/apache2/modules/mod_alias.so
--- /dev/null
+LoadModule allowmethods_module /usr/lib/apache2/modules/mod_allowmethods.so
--- /dev/null
+# Depends: mime
+LoadModule asis_module /usr/lib/apache2/modules/mod_asis.so
--- /dev/null
+# Depends: authn_core
+LoadModule auth_basic_module /usr/lib/apache2/modules/mod_auth_basic.so
--- /dev/null
+# Depends: authn_core
+LoadModule auth_digest_module /usr/lib/apache2/modules/mod_auth_digest.so
--- /dev/null
+# Depends: session authn_core
+LoadModule auth_form_module /usr/lib/apache2/modules/mod_auth_form.so
--- /dev/null
+LoadModule authn_anon_module /usr/lib/apache2/modules/mod_authn_anon.so
--- /dev/null
+LoadModule authn_core_module /usr/lib/apache2/modules/mod_authn_core.so
--- /dev/null
+# Depends: dbd
+LoadModule authn_dbd_module /usr/lib/apache2/modules/mod_authn_dbd.so
--- /dev/null
+LoadModule authn_dbm_module /usr/lib/apache2/modules/mod_authn_dbm.so
--- /dev/null
+LoadModule authn_file_module /usr/lib/apache2/modules/mod_authn_file.so
--- /dev/null
+LoadModule authn_socache_module /usr/lib/apache2/modules/mod_authn_socache.so
--- /dev/null
+LoadModule authnz_fcgi_module /usr/lib/apache2/modules/mod_authnz_fcgi.so
--- /dev/null
+# Depends: ldap
+LoadModule authnz_ldap_module /usr/lib/apache2/modules/mod_authnz_ldap.so
--- /dev/null
+LoadModule authz_core_module /usr/lib/apache2/modules/mod_authz_core.so
--- /dev/null
+# Depends: dbd authz_core
+LoadModule authz_dbd_module /usr/lib/apache2/modules/mod_authz_dbd.so
--- /dev/null
+# Depends: authz_core
+LoadModule authz_dbm_module /usr/lib/apache2/modules/mod_authz_dbm.so
--- /dev/null
+# Depends: authz_core
+LoadModule authz_groupfile_module /usr/lib/apache2/modules/mod_authz_groupfile.so
--- /dev/null
+# Depends: authz_core
+LoadModule authz_host_module /usr/lib/apache2/modules/mod_authz_host.so
--- /dev/null
+LoadModule authz_owner_module /usr/lib/apache2/modules/mod_authz_owner.so
--- /dev/null
+# Depends: authz_core
+LoadModule authz_user_module /usr/lib/apache2/modules/mod_authz_user.so
--- /dev/null
+<IfModule mod_autoindex.c>
+ # Directives controlling the display of server-generated directory listings.
+
+ #
+ # IndexOptions: Controls the appearance of server-generated directory
+ # listings.
+ # Remove/replace the "Charset=UTF-8" if you don't use UTF-8 for your filenames.
+ IndexOptions FancyIndexing VersionSort HTMLTable NameWidth=* DescriptionWidth=* Charset=UTF-8
+
+ #
+ # AddIcon* directives tell the server which icon to show for different
+ # files or filename extensions. These are only displayed for
+ # FancyIndexed directories.
+ AddIconByEncoding (CMP,/icons/compressed.gif) x-compress x-gzip x-bzip2
+
+ AddIconByType (TXT,/icons/text.gif) text/*
+ AddIconByType (IMG,/icons/image2.gif) image/*
+ AddIconByType (SND,/icons/sound2.gif) audio/*
+ AddIconByType (VID,/icons/movie.gif) video/*
+
+ AddIcon /icons/binary.gif .bin .exe
+ AddIcon /icons/binhex.gif .hqx
+ AddIcon /icons/tar.gif .tar
+ AddIcon /icons/world2.gif .wrl .wrl.gz .vrml .vrm .iv
+ AddIcon /icons/compressed.gif .Z .z .tgz .gz .zip
+ AddIcon /icons/a.gif .ps .ai .eps
+ AddIcon /icons/layout.gif .html .shtml .htm .pdf
+ AddIcon /icons/text.gif .txt
+ AddIcon /icons/c.gif .c
+ AddIcon /icons/p.gif .pl .py
+ AddIcon /icons/f.gif .for
+ AddIcon /icons/dvi.gif .dvi
+ AddIcon /icons/uuencoded.gif .uu
+ AddIcon /icons/script.gif .conf .sh .shar .csh .ksh .tcl
+ AddIcon /icons/tex.gif .tex
+ # It's a suffix rule, so simply matching "core" matches "score" as well !
+ AddIcon /icons/bomb.gif /core
+ AddIcon (SND,/icons/sound2.gif) .ogg
+ AddIcon (VID,/icons/movie.gif) .ogm
+
+ AddIcon /icons/back.gif ..
+ AddIcon /icons/hand.right.gif README
+ AddIcon /icons/folder.gif ^^DIRECTORY^^
+ AddIcon /icons/blank.gif ^^BLANKICON^^
+
+ # Default icons for OpenDocument format
+ AddIcon /icons/odf6odt-20x22.png .odt
+ AddIcon /icons/odf6ods-20x22.png .ods
+ AddIcon /icons/odf6odp-20x22.png .odp
+ AddIcon /icons/odf6odg-20x22.png .odg
+ AddIcon /icons/odf6odc-20x22.png .odc
+ AddIcon /icons/odf6odf-20x22.png .odf
+ AddIcon /icons/odf6odb-20x22.png .odb
+ AddIcon /icons/odf6odi-20x22.png .odi
+ AddIcon /icons/odf6odm-20x22.png .odm
+
+ AddIcon /icons/odf6ott-20x22.png .ott
+ AddIcon /icons/odf6ots-20x22.png .ots
+ AddIcon /icons/odf6otp-20x22.png .otp
+ AddIcon /icons/odf6otg-20x22.png .otg
+ AddIcon /icons/odf6otc-20x22.png .otc
+ AddIcon /icons/odf6otf-20x22.png .otf
+ AddIcon /icons/odf6oti-20x22.png .oti
+ AddIcon /icons/odf6oth-20x22.png .oth
+
+ #
+ # DefaultIcon is which icon to show for files which do not have an icon
+ # explicitly set.
+ DefaultIcon /icons/unknown.gif
+
+ #
+ # AddDescription allows you to place a short description after a file in
+ # server-generated indexes. These are only displayed for FancyIndexed
+ # directories.
+ # Format: AddDescription "description" filename
+ #AddDescription "GZIP compressed document" .gz
+ #AddDescription "tar archive" .tar
+ #AddDescription "GZIP compressed tar archive" .tgz
+
+ #
+ # ReadmeName is the name of the README file the server will look for by
+ # default, and append to directory listings.
+ #
+ # HeaderName is the name of a file which should be prepended to
+ # directory indexes
+ ReadmeName README.html
+ HeaderName HEADER.html
+
+ #
+ # IndexIgnore is a set of filenames which directory indexing should ignore
+ # and not include in the listing. Shell-style wildcarding is permitted.
+ IndexIgnore .??* *~ *# RCS CVS *,v *,t
+
+</IfModule>
+
+# vim: syntax=apache ts=4 sw=4 sts=4 sr noet
--- /dev/null
+LoadModule autoindex_module /usr/lib/apache2/modules/mod_autoindex.so
--- /dev/null
+LoadModule buffer_module /usr/lib/apache2/modules/mod_buffer.so
--- /dev/null
+LoadModule cache_module /usr/lib/apache2/modules/mod_cache.so
--- /dev/null
+<IfModule mod_cache_disk.c>
+
+ # cache cleaning is done by htcacheclean, which can be configured in
+ # /etc/default/apache2
+ #
+ # For further information, see the comments in that file,
+ # /usr/share/doc/apache2/README.Debian, and the htcacheclean(8)
+ # man page.
+
+ # This path must be the same as the one in /etc/default/apache2
+ CacheRoot /var/cache/apache2/mod_cache_disk
+
+ # This will also cache local documents. It usually makes more sense to
+ # put this into the configuration for just one virtual host.
+ #CacheEnable disk /
+
+
+ # The result of CacheDirLevels * CacheDirLength must not be higher than
+ # 20. Moreover, pay attention on file system limits. Some file systems
+ # do not support more than a certain number of inodes and
+ # subdirectories (e.g. 32000 for ext3)
+ CacheDirLevels 2
+ CacheDirLength 1
+
+</IfModule>
+
+# vim: syntax=apache ts=4 sw=4 sts=4 sr noet
--- /dev/null
+# Depends: cache
+LoadModule cache_disk_module /usr/lib/apache2/modules/mod_cache_disk.so
--- /dev/null
+# Depends: cache
+LoadModule cache_socache_module /usr/lib/apache2/modules/mod_cache_socache.so
--- /dev/null
+LoadModule cgi_module /usr/lib/apache2/modules/mod_cgi.so
--- /dev/null
+# Socket for cgid communication
+ScriptSock ${APACHE_RUN_DIR}/cgisock
+
+# vim: syntax=apache ts=4 sw=4 sts=4 sr noet
--- /dev/null
+LoadModule cgid_module /usr/lib/apache2/modules/mod_cgid.so
--- /dev/null
+LoadModule charset_lite_module /usr/lib/apache2/modules/mod_charset_lite.so
--- /dev/null
+LoadModule data_module /usr/lib/apache2/modules/mod_data.so
--- /dev/null
+LoadModule dav_module /usr/lib/apache2/modules/mod_dav.so
--- /dev/null
+DAVLockDB ${APACHE_LOCK_DIR}/DAVLock
+
+# vim: syntax=apache ts=4 sw=4 sts=4 sr noet
--- /dev/null
+# Depends: dav
+LoadModule dav_fs_module /usr/lib/apache2/modules/mod_dav_fs.so
--- /dev/null
+LoadModule dav_lock_module /usr/lib/apache2/modules/mod_dav_lock.so
--- /dev/null
+LoadModule dbd_module /usr/lib/apache2/modules/mod_dbd.so
--- /dev/null
+<IfModule mod_deflate.c>
+ <IfModule mod_filter.c>
+ # these are known to be safe with MSIE 6
+ AddOutputFilterByType DEFLATE text/html text/plain text/xml
+
+ # everything else may cause problems with MSIE 6
+ AddOutputFilterByType DEFLATE text/css
+ AddOutputFilterByType DEFLATE application/x-javascript application/javascript application/ecmascript
+ AddOutputFilterByType DEFLATE application/rss+xml
+ AddOutputFilterByType DEFLATE application/xml
+ </IfModule>
+</IfModule>
+
+# vim: syntax=apache ts=4 sw=4 sts=4 sr noet
--- /dev/null
+# Depends: filter
+LoadModule deflate_module /usr/lib/apache2/modules/mod_deflate.so
--- /dev/null
+LoadModule dialup_module /usr/lib/apache2/modules/mod_dialup.so
--- /dev/null
+<IfModule mod_dir.c>
+ DirectoryIndex index.html index.cgi index.pl index.php index.xhtml index.htm
+</IfModule>
+
+# vim: syntax=apache ts=4 sw=4 sts=4 sr noet
--- /dev/null
+LoadModule dir_module /usr/lib/apache2/modules/mod_dir.so
--- /dev/null
+LoadModule dumpio_module /usr/lib/apache2/modules/mod_dumpio.so
--- /dev/null
+LoadModule echo_module /usr/lib/apache2/modules/mod_echo.so
--- /dev/null
+LoadModule env_module /usr/lib/apache2/modules/mod_env.so
--- /dev/null
+LoadModule expires_module /usr/lib/apache2/modules/mod_expires.so
--- /dev/null
+LoadModule ext_filter_module /usr/lib/apache2/modules/mod_ext_filter.so
--- /dev/null
+# Depends: cache
+LoadModule file_cache_module /usr/lib/apache2/modules/mod_file_cache.so
--- /dev/null
+LoadModule filter_module /usr/lib/apache2/modules/mod_filter.so
--- /dev/null
+LoadModule headers_module /usr/lib/apache2/modules/mod_headers.so
--- /dev/null
+# This module depends on mod_watchdog to be loaded before. In Debian, this
+# module is statically linked.
+LoadModule heartbeat_module /usr/lib/apache2/modules/mod_heartbeat.so
--- /dev/null
+# This module depends on mod_watchdog to be loaded before. In Debian, this
+# module is statically linked.
+LoadModule heartmonitor_module /usr/lib/apache2/modules/mod_heartmonitor.so
--- /dev/null
+LoadModule ident_module /usr/lib/apache2/modules/mod_ident.so
--- /dev/null
+# Depends: mime
+LoadModule include_module /usr/lib/apache2/modules/mod_include.so
--- /dev/null
+<IfModule mod_info.c>
+
+ # Allow remote server configuration reports, with the URL of
+ # http://servername/server-info (requires that mod_info.c be loaded).
+ # Uncomment and change the "192.0.2.0/24" to allow access from other hosts.
+ #
+ <Location /server-info>
+ SetHandler server-info
+ Require local
+ #Require ip 192.0.2.0/24
+ </Location>
+
+</IfModule>
+
+# vim: syntax=apache ts=4 sw=4 sts=4 sr noet
--- /dev/null
+LoadModule info_module /usr/lib/apache2/modules/mod_info.so
--- /dev/null
+# Depends: proxy_balancer
+LoadModule lbmethod_bybusyness_module /usr/lib/apache2/modules/mod_lbmethod_bybusyness.so
--- /dev/null
+# Depends: proxy_balancer
+LoadModule lbmethod_byrequests_module /usr/lib/apache2/modules/mod_lbmethod_byrequests.so
--- /dev/null
+# Depends: proxy_balancer
+LoadModule lbmethod_bytraffic_module /usr/lib/apache2/modules/mod_lbmethod_bytraffic.so
--- /dev/null
+# Depends: proxy_balancer
+LoadModule lbmethod_heartbeat_module /usr/lib/apache2/modules/mod_lbmethod_heartbeat.so
--- /dev/null
+<Location /ldap-status>
+ SetHandler ldap-status
+ Require local
+</Location>
+
+# vim: syntax=apache ts=4 sw=4 sts=4 sr noet
--- /dev/null
+LoadModule ldap_module /usr/lib/apache2/modules/mod_ldap.so
--- /dev/null
+LoadModule log_debug_module /usr/lib/apache2/modules/mod_log_debug.so
--- /dev/null
+LoadModule log_forensic_module /usr/lib/apache2/modules/mod_log_forensic.so
--- /dev/null
+LoadModule lua_module /usr/lib/apache2/modules/mod_lua.so
--- /dev/null
+LoadModule macro_module /usr/lib/apache2/modules/mod_macro.so
--- /dev/null
+<IfModule mod_mime.c>
+
+ #
+ # TypesConfig points to the file containing the list of mappings from
+ # filename extension to MIME-type.
+ #
+ TypesConfig /etc/mime.types
+
+ #
+ # AddType allows you to add to or override the MIME configuration
+ # file mime.types for specific file types.
+ #
+ #AddType application/x-gzip .tgz
+ #
+ # AddEncoding allows you to have certain browsers uncompress
+ # information on the fly. Note: Not all browsers support this.
+ # Despite the name similarity, the following Add* directives have
+ # nothing to do with the FancyIndexing customization directives above.
+ #
+ #AddEncoding x-compress .Z
+ #AddEncoding x-gzip .gz .tgz
+ #AddEncoding x-bzip2 .bz2
+ #
+ # If the AddEncoding directives above are commented-out, then you
+ # probably should define those extensions to indicate media types:
+ #
+ AddType application/x-compress .Z
+ AddType application/x-gzip .gz .tgz
+ AddType application/x-bzip2 .bz2
+
+ #
+ # DefaultLanguage and AddLanguage allows you to specify the language of
+ # a document. You can then use content negotiation to give a browser a
+ # file in a language the user can understand.
+ #
+ # Specify a default language. This means that all data
+ # going out without a specific language tag (see below) will
+ # be marked with this one. You probably do NOT want to set
+ # this unless you are sure it is correct for all cases.
+ #
+ # * It is generally better to not mark a page as
+ # * being a certain language than marking it with the wrong
+ # * language!
+ #
+ # DefaultLanguage nl
+ #
+ # Note 1: The suffix does not have to be the same as the language
+ # keyword --- those with documents in Polish (whose net-standard
+ # language code is pl) may wish to use "AddLanguage pl .po" to
+ # avoid the ambiguity with the common suffix for perl scripts.
+ #
+ # Note 2: The example entries below illustrate that in some cases
+ # the two character 'Language' abbreviation is not identical to
+ # the two character 'Country' code for its country,
+ # E.g. 'Danmark/dk' versus 'Danish/da'.
+ #
+ # Note 3: In the case of 'ltz' we violate the RFC by using a three char
+ # specifier. There is 'work in progress' to fix this and get
+ # the reference data for rfc1766 cleaned up.
+ #
+ # Catalan (ca) - Croatian (hr) - Czech (cs) - Danish (da) - Dutch (nl)
+ # English (en) - Esperanto (eo) - Estonian (et) - French (fr) - German (de)
+ # Greek-Modern (el) - Hebrew (he) - Italian (it) - Japanese (ja)
+ # Korean (ko) - Luxembourgeois* (ltz) - Norwegian Nynorsk (nn)
+ # Norwegian (no) - Polish (pl) - Portugese (pt)
+ # Brazilian Portuguese (pt-BR) - Russian (ru) - Swedish (sv)
+ # Simplified Chinese (zh-CN) - Spanish (es) - Traditional Chinese (zh-TW)
+ #
+ AddLanguage am .amh
+ AddLanguage ar .ara
+ AddLanguage be .be
+ AddLanguage bg .bg
+ AddLanguage bn .bn
+ AddLanguage br .br
+ AddLanguage bs .bs
+ AddLanguage ca .ca
+ AddLanguage cs .cz .cs
+ AddLanguage cy .cy
+ AddLanguage da .dk
+ AddLanguage de .de
+ AddLanguage dz .dz
+ AddLanguage el .el
+ AddLanguage en .en
+ AddLanguage eo .eo
+ # es is ecmascript in /etc/mime.types
+ RemoveType es
+ AddLanguage es .es
+ AddLanguage et .et
+ AddLanguage eu .eu
+ AddLanguage fa .fa
+ AddLanguage fi .fi
+ AddLanguage fr .fr
+ AddLanguage ga .ga
+ AddLanguage gl .glg
+ AddLanguage gu .gu
+ AddLanguage he .he
+ AddLanguage hi .hi
+ AddLanguage hr .hr
+ AddLanguage hu .hu
+ AddLanguage hy .hy
+ AddLanguage id .id
+ AddLanguage is .is
+ AddLanguage it .it
+ AddLanguage ja .ja
+ AddLanguage ka .ka
+ AddLanguage kk .kk
+ AddLanguage km .km
+ AddLanguage kn .kn
+ AddLanguage ko .ko
+ AddLanguage ku .ku
+ AddLanguage lo .lo
+ AddLanguage lt .lt
+ AddLanguage ltz .ltz
+ AddLanguage lv .lv
+ AddLanguage mg .mg
+ AddLanguage mk .mk
+ AddLanguage ml .ml
+ AddLanguage mr .mr
+ AddLanguage ms .msa
+ AddLanguage nb .nob
+ AddLanguage ne .ne
+ AddLanguage nl .nl
+ AddLanguage nn .nn
+ AddLanguage no .no
+ AddLanguage pa .pa
+ AddLanguage pl .po
+ AddLanguage pt-BR .pt-br
+ AddLanguage pt .pt
+ AddLanguage ro .ro
+ AddLanguage ru .ru
+ AddLanguage sa .sa
+ AddLanguage se .se
+ AddLanguage si .si
+ AddLanguage sk .sk
+ AddLanguage sl .sl
+ AddLanguage sq .sq
+ AddLanguage sr .sr
+ AddLanguage sv .sv
+ AddLanguage ta .ta
+ AddLanguage te .te
+ AddLanguage th .th
+ AddLanguage tl .tl
+ RemoveType tr
+ # tr is troff in /etc/mime.types
+ AddLanguage tr .tr
+ AddLanguage uk .uk
+ AddLanguage ur .ur
+ AddLanguage vi .vi
+ AddLanguage wo .wo
+ AddLanguage xh .xh
+ AddLanguage zh-CN .zh-cn
+ AddLanguage zh-TW .zh-tw
+
+ #
+ # Commonly used filename extensions to character sets. You probably
+ # want to avoid clashes with the language extensions, unless you
+ # are good at carefully testing your setup after each change.
+ # See http://www.iana.org/assignments/character-sets for the
+ # official list of charset names and their respective RFCs.
+ #
+ AddCharset us-ascii .ascii .us-ascii
+ AddCharset ISO-8859-1 .iso8859-1 .latin1
+ AddCharset ISO-8859-2 .iso8859-2 .latin2 .cen
+ AddCharset ISO-8859-3 .iso8859-3 .latin3
+ AddCharset ISO-8859-4 .iso8859-4 .latin4
+ AddCharset ISO-8859-5 .iso8859-5 .cyr .iso-ru
+ AddCharset ISO-8859-6 .iso8859-6 .arb .arabic
+ AddCharset ISO-8859-7 .iso8859-7 .grk .greek
+ AddCharset ISO-8859-8 .iso8859-8 .heb .hebrew
+ AddCharset ISO-8859-9 .iso8859-9 .latin5 .trk
+ AddCharset ISO-8859-10 .iso8859-10 .latin6
+ AddCharset ISO-8859-13 .iso8859-13
+ AddCharset ISO-8859-14 .iso8859-14 .latin8
+ AddCharset ISO-8859-15 .iso8859-15 .latin9
+ AddCharset ISO-8859-16 .iso8859-16 .latin10
+ AddCharset ISO-2022-JP .iso2022-jp .jis
+ AddCharset ISO-2022-KR .iso2022-kr .kis
+ AddCharset ISO-2022-CN .iso2022-cn .cis
+ AddCharset Big5 .Big5 .big5 .b5
+ AddCharset cn-Big5 .cn-big5
+ # For russian, more than one charset is used (depends on client, mostly):
+ AddCharset WINDOWS-1251 .cp-1251 .win-1251
+ AddCharset CP866 .cp866
+ AddCharset KOI8 .koi8
+ AddCharset KOI8-E .koi8-e
+ AddCharset KOI8-r .koi8-r .koi8-ru
+ AddCharset KOI8-U .koi8-u
+ AddCharset KOI8-ru .koi8-uk .ua
+ AddCharset ISO-10646-UCS-2 .ucs2
+ AddCharset ISO-10646-UCS-4 .ucs4
+ AddCharset UTF-7 .utf7
+ AddCharset UTF-8 .utf8
+ AddCharset UTF-16 .utf16
+ AddCharset UTF-16BE .utf16be
+ AddCharset UTF-16LE .utf16le
+ AddCharset UTF-32 .utf32
+ AddCharset UTF-32BE .utf32be
+ AddCharset UTF-32LE .utf32le
+ AddCharset euc-cn .euc-cn
+ AddCharset euc-gb .euc-gb
+ AddCharset euc-jp .euc-jp
+ AddCharset euc-kr .euc-kr
+ #Not sure how euc-tw got in - IANA doesn't list it???
+ AddCharset EUC-TW .euc-tw
+ AddCharset gb2312 .gb2312 .gb
+ AddCharset iso-10646-ucs-2 .ucs-2 .iso-10646-ucs-2
+ AddCharset iso-10646-ucs-4 .ucs-4 .iso-10646-ucs-4
+ AddCharset shift_jis .shift_jis .sjis
+ AddCharset BRF .brf
+
+ #
+ # AddHandler allows you to map certain file extensions to "handlers":
+ # actions unrelated to filetype. These can be either built into the server
+ # or added with the Action directive (see below)
+ #
+ # To use CGI scripts outside of ScriptAliased directories:
+ # (You will also need to add "ExecCGI" to the "Options" directive.)
+ #
+ #AddHandler cgi-script .cgi
+
+ #
+ # For files that include their own HTTP headers:
+ #
+ #AddHandler send-as-is asis
+
+ #
+ # For server-parsed imagemap files:
+ #
+ #AddHandler imap-file map
+
+ #
+ # For type maps (negotiated resources):
+ # (This is enabled by default to allow the Apache "It Worked" page
+ # to be distributed in multiple languages.)
+ #
+ AddHandler type-map var
+
+ #
+ # Filters allow you to process content before it is sent to the client.
+ #
+ # To parse .shtml files for server-side includes (SSI):
+ # (You will also need to add "Includes" to the "Options" directive.)
+ #
+ AddType text/html .shtml
+ AddOutputFilter INCLUDES .shtml
+
+</IfModule>
+
+# vim: syntax=apache ts=4 sw=4 sts=4 sr noet
--- /dev/null
+LoadModule mime_module /usr/lib/apache2/modules/mod_mime.so
--- /dev/null
+<IfModule mod_mime_magic.c>
+ MIMEMagicFile /etc/apache2/magic
+</IfModule>
+
+# vim: syntax=apache ts=4 sw=4 sts=4 sr noet
--- /dev/null
+LoadModule mime_magic_module /usr/lib/apache2/modules/mod_mime_magic.so
--- /dev/null
+# event MPM
+# StartServers: initial number of server processes to start
+# MinSpareThreads: minimum number of worker threads which are kept spare
+# MaxSpareThreads: maximum number of worker threads which are kept spare
+# ThreadsPerChild: constant number of worker threads in each server process
+# MaxRequestWorkers: maximum number of worker threads
+# MaxConnectionsPerChild: maximum number of requests a server process serves
+<IfModule mpm_event_module>
+ StartServers 2
+ MinSpareThreads 25
+ MaxSpareThreads 75
+ ThreadLimit 64
+ ThreadsPerChild 25
+ MaxRequestWorkers 150
+ MaxConnectionsPerChild 0
+</IfModule>
+
+# vim: syntax=apache ts=4 sw=4 sts=4 sr noet
--- /dev/null
+# Conflicts: mpm_worker mpm_prefork
+LoadModule mpm_event_module /usr/lib/apache2/modules/mod_mpm_event.so
--- /dev/null
+# prefork MPM
+# StartServers: number of server processes to start
+# MinSpareServers: minimum number of server processes which are kept spare
+# MaxSpareServers: maximum number of server processes which are kept spare
+# MaxRequestWorkers: maximum number of server processes allowed to start
+# MaxConnectionsPerChild: maximum number of requests a server process serves
+
+<IfModule mpm_prefork_module>
+ StartServers 5
+ MinSpareServers 5
+ MaxSpareServers 10
+ MaxRequestWorkers 150
+ MaxConnectionsPerChild 0
+</IfModule>
+
+# vim: syntax=apache ts=4 sw=4 sts=4 sr noet
--- /dev/null
+# Conflicts: mpm_event mpm_worker
+LoadModule mpm_prefork_module /usr/lib/apache2/modules/mod_mpm_prefork.so
--- /dev/null
+# worker MPM
+# StartServers: initial number of server processes to start
+# MinSpareThreads: minimum number of worker threads which are kept spare
+# MaxSpareThreads: maximum number of worker threads which are kept spare
+# ThreadLimit: ThreadsPerChild can be changed to this maximum value during a
+# graceful restart. ThreadLimit can only be changed by stopping
+# and starting Apache.
+# ThreadsPerChild: constant number of worker threads in each server process
+# MaxRequestWorkers: maximum number of threads
+# MaxConnectionsPerChild: maximum number of requests a server process serves
+
+<IfModule mpm_worker_module>
+ StartServers 2
+ MinSpareThreads 25
+ MaxSpareThreads 75
+ ThreadLimit 64
+ ThreadsPerChild 25
+ MaxRequestWorkers 150
+ MaxConnectionsPerChild 0
+</IfModule>
+
+# vim: syntax=apache ts=4 sw=4 sts=4 sr noet
--- /dev/null
+# Conflicts: mpm_event mpm_prefork
+LoadModule mpm_worker_module /usr/lib/apache2/modules/mod_mpm_worker.so
--- /dev/null
+<IfModule mod_negotiation.c>
+
+ # LanguagePriority allows you to give precedence to some languages
+ # in case of a tie during content negotiation.
+ #
+ # Just list the languages in decreasing order of preference. We have
+ # more or less alphabetized them here. You probably want to change this.
+ #
+ LanguagePriority en ca cs da de el eo es et fr he hr it ja ko ltz nl nn no pl pt pt-BR ru sv tr zh-CN zh-TW
+
+ #
+ # ForceLanguagePriority allows you to serve a result page rather than
+ # MULTIPLE CHOICES (Prefer) [in case of a tie] or NOT ACCEPTABLE (Fallback)
+ # [in case no accepted languages matched the available variants]
+ #
+ ForceLanguagePriority Prefer Fallback
+
+</IfModule>
+
+# vim: syntax=apache ts=4 sw=4 sts=4 sr noet
--- /dev/null
+LoadModule negotiation_module /usr/lib/apache2/modules/mod_negotiation.so
--- /dev/null
+<IfModule mod_proxy.c>
+
+ # If you want to use apache2 as a forward proxy, uncomment the
+ # 'ProxyRequests On' line and the <Proxy *> block below.
+ # WARNING: Be careful to restrict access inside the <Proxy *> block.
+ # Open proxy servers are dangerous both to your network and to the
+ # Internet at large.
+ #
+ # If you only want to use apache2 as a reverse proxy/gateway in
+ # front of some web application server, you DON'T need
+ # 'ProxyRequests On'.
+
+ #ProxyRequests On
+ #<Proxy *>
+ # AddDefaultCharset off
+ # Require all denied
+ # #Require local
+ #</Proxy>
+
+ # Enable/disable the handling of HTTP/1.1 "Via:" headers.
+ # ("Full" adds the server version; "Block" removes all outgoing Via: headers)
+ # Set to one of: Off | On | Full | Block
+ #ProxyVia Off
+
+</IfModule>
+
+# vim: syntax=apache ts=4 sw=4 sts=4 sr noet
--- /dev/null
+LoadModule proxy_module /usr/lib/apache2/modules/mod_proxy.so
--- /dev/null
+# Depends: proxy
+LoadModule proxy_ajp_module /usr/lib/apache2/modules/mod_proxy_ajp.so
--- /dev/null
+<IfModule mod_proxy_balancer.c>
+
+ # Balancer manager enables dynamic update of balancer members
+ # (needs mod_status). Uncomment to enable.
+ #
+ #<IfModule mod_status.c>
+ # <Location /balancer-manager>
+ # SetHandler balancer-manager
+ # Require local
+ # </Location>
+ #</IfModule>
+
+</IfModule>
+
+# vim: syntax=apache ts=4 sw=4 sts=4 sr noet
--- /dev/null
+# Depends: proxy alias slotmem_shm
+LoadModule proxy_balancer_module /usr/lib/apache2/modules/mod_proxy_balancer.so
--- /dev/null
+# Depends: proxy
+LoadModule proxy_connect_module /usr/lib/apache2/modules/mod_proxy_connect.so
--- /dev/null
+# Depends: proxy
+LoadModule proxy_express_module /usr/lib/apache2/modules/mod_proxy_express.so
--- /dev/null
+# Depends: proxy
+LoadModule proxy_fcgi_module /usr/lib/apache2/modules/mod_proxy_fcgi.so
--- /dev/null
+# Depends: proxy
+LoadModule proxy_fdpass_module /usr/lib/apache2/modules/mod_proxy_fdpass.so
--- /dev/null
+<IfModule mod_proxy_ftp.c>
+
+ # Define the character set for proxied FTP listings. Default is ISO-8859-1
+ ProxyFtpDirCharset UTF-8
+
+</IfModule>
+
+# vim: syntax=apache ts=4 sw=4 sts=4 sr noet
--- /dev/null
+# Depends: proxy
+LoadModule proxy_ftp_module /usr/lib/apache2/modules/mod_proxy_ftp.so
--- /dev/null
+# Configuration example.
+#
+# For detailed information about these directives see
+# <URL:http://httpd.apache.org/docs/2.4/mod/mod_proxy_html.html>
+# and for mod_xml2enc see
+# <URL:http://httpd.apache.org/docs/2.4/mod/mod_xml2enc.html>
+#
+
+# All knowledge of HTML links has been removed from the mod_proxy_html
+# code itself, and is instead read from httpd.conf (or included file)
+# at server startup. So you MUST declare it. This will normally be
+# at top level, but can also be used in a <Location>.
+#
+# Here's the declaration for W3C HTML 4.01 and XHTML 1.0
+
+ProxyHTMLLinks a href
+ProxyHTMLLinks area href
+ProxyHTMLLinks link href
+ProxyHTMLLinks img src longdesc usemap
+ProxyHTMLLinks object classid codebase data usemap
+ProxyHTMLLinks q cite
+ProxyHTMLLinks blockquote cite
+ProxyHTMLLinks ins cite
+ProxyHTMLLinks del cite
+ProxyHTMLLinks form action
+ProxyHTMLLinks input src usemap
+ProxyHTMLLinks head profile
+ProxyHTMLLinks base href
+ProxyHTMLLinks script src for
+
+# To support scripting events (with ProxyHTMLExtended On),
+# you'll need to declare them too.
+
+ProxyHTMLEvents onclick ondblclick onmousedown onmouseup \
+ onmouseover onmousemove onmouseout onkeypress \
+ onkeydown onkeyup onfocus onblur onload \
+ onunload onsubmit onreset onselect onchange
+
+# If you need to support legacy (pre-1998, aka "transitional") HTML or XHTML,
+# you'll need to uncomment the following deprecated link attributes.
+# Note that these are enabled in earlier mod_proxy_html versions
+#
+# ProxyHTMLLinks frame src longdesc
+# ProxyHTMLLinks iframe src longdesc
+# ProxyHTMLLinks body background
+# ProxyHTMLLinks applet codebase
+#
+# If you're dealing with proprietary HTML variants,
+# declare your own URL attributes here as required.
+#
+# ProxyHTMLLinks myelement myattr otherattr
+#
+###########
+# EXAMPLE #
+###########
+#
+# To define the URL /my-gateway/ as a gateway to an appserver with address
+# http://some.app.intranet/ on a private network, after loading the
+# modules and including this configuration file:
+#
+# ProxyRequests Off <-- this is an important security setting
+# ProxyPass /my-gateway/ http://some.app.intranet/
+# <Location /my-gateway/>
+# ProxyPassReverse /
+# ProxyHTMLEnable On
+# ProxyHTMLURLMap http://some.app.intranet/ /my-gateway/
+# ProxyHTMLURLMap / /my-gateway/
+# </Location>
+#
+# Many (though not all) real-life setups are more complex.
+#
+# See the documentation at
+# http://apache.webthing.com/mod_proxy_html/
+# and the tutorial at
+# http://www.apachetutor.org/admin/reverseproxies
--- /dev/null
+# Depends: proxy
+LoadModule proxy_html_module /usr/lib/apache2/modules/mod_proxy_html.so
--- /dev/null
+# Depends: proxy
+LoadModule proxy_http_module /usr/lib/apache2/modules/mod_proxy_http.so
--- /dev/null
+# Depends: proxy
+LoadModule proxy_scgi_module /usr/lib/apache2/modules/mod_proxy_scgi.so
--- /dev/null
+# Depends: proxy
+LoadModule proxy_wstunnel_module /usr/lib/apache2/modules/mod_proxy_wstunnel.so
--- /dev/null
+# Depends: env
+LoadModule ratelimit_module /usr/lib/apache2/modules/mod_ratelimit.so
--- /dev/null
+LoadModule reflector_module /usr/lib/apache2/modules/mod_reflector.so
--- /dev/null
+LoadModule remoteip_module /usr/lib/apache2/modules/mod_remoteip.so
--- /dev/null
+<IfModule reqtimeout_module>
+
+ # mod_reqtimeout limits the time waiting on the client to prevent an
+ # attacker from causing a denial of service by opening many connections
+ # but not sending requests. This file tries to give a sensible default
+ # configuration, but it may be necessary to tune the timeout values to
+ # the actual situation. Note that it is also possible to configure
+ # mod_reqtimeout per virtual host.
+
+
+ # Wait max 20 seconds for the first byte of the request line+headers
+ # From then, require a minimum data rate of 500 bytes/s, but don't
+ # wait longer than 40 seconds in total.
+ # Note: Lower timeouts may make sense on non-ssl virtual hosts but can
+ # cause problem with ssl enabled virtual hosts: This timeout includes
+ # the time a browser may need to fetch the CRL for the certificate. If
+ # the CRL server is not reachable, it may take more than 10 seconds
+ # until the browser gives up.
+ RequestReadTimeout header=20-40,minrate=500
+
+ # Wait max 10 seconds for the first byte of the request body (if any)
+ # From then, require a minimum data rate of 500 bytes/s
+ RequestReadTimeout body=10,minrate=500
+
+</IfModule>
+
+# vim: syntax=apache ts=4 sw=4 sts=4 sr noet
--- /dev/null
+LoadModule reqtimeout_module /usr/lib/apache2/modules/mod_reqtimeout.so
--- /dev/null
+LoadModule request_module /usr/lib/apache2/modules/mod_request.so
--- /dev/null
+LoadModule rewrite_module /usr/lib/apache2/modules/mod_rewrite.so
--- /dev/null
+LoadModule sed_module /usr/lib/apache2/modules/mod_sed.so
--- /dev/null
+LoadModule session_module /usr/lib/apache2/modules/mod_session.so
--- /dev/null
+# Depends: session
+LoadModule session_cookie_module /usr/lib/apache2/modules/mod_session_cookie.so
--- /dev/null
+# Depends: session
+LoadModule session_crypto_module /usr/lib/apache2/modules/mod_session_crypto.so
--- /dev/null
+# Depends: session
+LoadModule session_dbd_module /usr/lib/apache2/modules/mod_session_dbd.so
--- /dev/null
+<IfModule mod_setenvif.c>
+
+ #
+ # The following directives modify normal HTTP response behavior to
+ # handle known problems with browser implementations.
+ #
+ BrowserMatch "Mozilla/2" nokeepalive
+ BrowserMatch "MSIE 4\.0b2;" nokeepalive downgrade-1.0 force-response-1.0
+ BrowserMatch "RealPlayer 4\.0" force-response-1.0
+ BrowserMatch "Java/1\.0" force-response-1.0
+ BrowserMatch "JDK/1\.0" force-response-1.0
+
+ #
+ # The following directive disables redirects on non-GET requests for
+ # a directory that does not include the trailing slash. This fixes a
+ # problem with Microsoft WebFolders which does not appropriately handle
+ # redirects for folders with DAV methods.
+ # Same deal with Apple's DAV filesystem and Gnome VFS support for DAV.
+ #
+ BrowserMatch "Microsoft Data Access Internet Publishing Provider" redirect-carefully
+ BrowserMatch "MS FrontPage" redirect-carefully
+ BrowserMatch "^WebDrive" redirect-carefully
+ BrowserMatch "^WebDAVFS/1.[012]" redirect-carefully
+ BrowserMatch "^gnome-vfs/1.0" redirect-carefully
+ BrowserMatch "^gvfs/1" redirect-carefully
+ BrowserMatch "^XML Spy" redirect-carefully
+ BrowserMatch "^Dreamweaver-WebDAV-SCM1" redirect-carefully
+ BrowserMatch " Konqueror/4" redirect-carefully
+
+</IfModule>
+
+# vim: syntax=apache ts=4 sw=4 sts=4 sr noet
--- /dev/null
+LoadModule setenvif_module /usr/lib/apache2/modules/mod_setenvif.so
--- /dev/null
+LoadModule slotmem_plain_module /usr/lib/apache2/modules/mod_slotmem_plain.so
--- /dev/null
+LoadModule slotmem_shm_module /usr/lib/apache2/modules/mod_slotmem_shm.so
--- /dev/null
+LoadModule socache_dbm_module /usr/lib/apache2/modules/mod_socache_dbm.so
--- /dev/null
+LoadModule socache_memcache_module /usr/lib/apache2/modules/mod_socache_memcache.so
--- /dev/null
+LoadModule socache_shmcb_module /usr/lib/apache2/modules/mod_socache_shmcb.so
--- /dev/null
+LoadModule speling_module /usr/lib/apache2/modules/mod_speling.so
--- /dev/null
+<IfModule mod_ssl.c>
+
+ # Pseudo Random Number Generator (PRNG):
+ # Configure one or more sources to seed the PRNG of the SSL library.
+ # The seed data should be of good random quality.
+ # WARNING! On some platforms /dev/random blocks if not enough entropy
+ # is available. This means you then cannot use the /dev/random device
+ # because it would lead to very long connection times (as long as
+ # it requires to make more entropy available). But usually those
+ # platforms additionally provide a /dev/urandom device which doesn't
+ # block. So, if available, use this one instead. Read the mod_ssl User
+ # Manual for more details.
+ #
+ SSLRandomSeed startup builtin
+ SSLRandomSeed startup file:/dev/urandom 512
+ SSLRandomSeed connect builtin
+ SSLRandomSeed connect file:/dev/urandom 512
+
+ ##
+ ## SSL Global Context
+ ##
+ ## All SSL configuration in this context applies both to
+ ## the main server and all SSL-enabled virtual hosts.
+ ##
+
+ #
+ # Some MIME-types for downloading Certificates and CRLs
+ #
+ AddType application/x-x509-ca-cert .crt
+ AddType application/x-pkcs7-crl .crl
+
+ # Pass Phrase Dialog:
+ # Configure the pass phrase gathering process.
+ # The filtering dialog program (`builtin' is a internal
+ # terminal dialog) has to provide the pass phrase on stdout.
+ SSLPassPhraseDialog exec:/usr/share/apache2/ask-for-passphrase
+
+ # Inter-Process Session Cache:
+ # Configure the SSL Session Cache: First the mechanism
+ # to use and second the expiring timeout (in seconds).
+ # (The mechanism dbm has known memory leaks and should not be used).
+ #SSLSessionCache dbm:${APACHE_RUN_DIR}/ssl_scache
+ SSLSessionCache shmcb:${APACHE_RUN_DIR}/ssl_scache(512000)
+ SSLSessionCacheTimeout 300
+
+ # Semaphore:
+ # Configure the path to the mutual exclusion semaphore the
+ # SSL engine uses internally for inter-process synchronization.
+ # (Disabled by default, the global Mutex directive consolidates by default
+ # this)
+ #Mutex file:${APACHE_LOCK_DIR}/ssl_mutex ssl-cache
+
+
+ # SSL Cipher Suite:
+ # List the ciphers that the client is permitted to negotiate. See the
+ # ciphers(1) man page from the openssl package for list of all available
+ # options.
+ # Enable only secure ciphers:
+ SSLCipherSuite HIGH:!aNULL
+
+ # SSL server cipher order preference:
+ # Use server priorities for cipher algorithm choice.
+ # Clients may prefer lower grade encryption. You should enable this
+ # option if you want to enforce stronger encryption, and can afford
+ # the CPU cost, and did not override SSLCipherSuite in a way that puts
+ # insecure ciphers first.
+ # Default: Off
+ #SSLHonorCipherOrder on
+
+ # The protocols to enable.
+ # Available values: all, SSLv3, TLSv1, TLSv1.1, TLSv1.2
+ # SSL v2 is no longer supported
+ SSLProtocol all -SSLv3
+
+ # Allow insecure renegotiation with clients which do not yet support the
+ # secure renegotiation protocol. Default: Off
+ #SSLInsecureRenegotiation on
+
+ # Whether to forbid non-SNI clients to access name based virtual hosts.
+ # Default: Off
+ #SSLStrictSNIVHostCheck On
+
+</IfModule>
+
+# vim: syntax=apache ts=4 sw=4 sts=4 sr noet
--- /dev/null
+# Depends: setenvif mime socache_shmcb
+LoadModule ssl_module /usr/lib/apache2/modules/mod_ssl.so
--- /dev/null
+<IfModule mod_status.c>
+ # Allow server status reports generated by mod_status,
+ # with the URL of http://servername/server-status
+ # Uncomment and change the "192.0.2.0/24" to allow access from other hosts.
+
+ <Location /server-status>
+ SetHandler server-status
+ Require local
+ #Require ip 192.0.2.0/24
+ </Location>
+
+ # Keep track of extended status information for each request
+ ExtendedStatus On
+
+ # Determine if mod_status displays the first 63 characters of a request or
+ # the last 63, assuming the request itself is greater than 63 chars.
+ # Default: Off
+ #SeeRequestTail On
+
+
+ <IfModule mod_proxy.c>
+ # Show Proxy LoadBalancer status in mod_status
+ ProxyStatus On
+ </IfModule>
+
+
+</IfModule>
+
+# vim: syntax=apache ts=4 sw=4 sts=4 sr noet
--- /dev/null
+LoadModule status_module /usr/lib/apache2/modules/mod_status.so
--- /dev/null
+LoadModule substitute_module /usr/lib/apache2/modules/mod_substitute.so
--- /dev/null
+LoadModule suexec_module /usr/lib/apache2/modules/mod_suexec.so
--- /dev/null
+LoadModule unique_id_module /usr/lib/apache2/modules/mod_unique_id.so
--- /dev/null
+<IfModule mod_userdir.c>
+ UserDir public_html
+ UserDir disabled root
+
+ <Directory /home/*/public_html>
+ AllowOverride FileInfo AuthConfig Limit Indexes
+ Options MultiViews Indexes SymLinksIfOwnerMatch IncludesNoExec
+ <Limit GET POST OPTIONS>
+ Require all granted
+ </Limit>
+ <LimitExcept GET POST OPTIONS>
+ Require all denied
+ </LimitExcept>
+ </Directory>
+</IfModule>
+
+# vim: syntax=apache ts=4 sw=4 sts=4 sr noet
--- /dev/null
+LoadModule userdir_module /usr/lib/apache2/modules/mod_userdir.so
--- /dev/null
+LoadModule usertrack_module /usr/lib/apache2/modules/mod_usertrack.so
--- /dev/null
+LoadModule vhost_alias_module /usr/lib/apache2/modules/mod_vhost_alias.so
--- /dev/null
+LoadModule xml2enc_module /usr/lib/apache2/modules/mod_xml2enc.so
--- /dev/null
+../mods-available/access_compat.load
\ No newline at end of file
--- /dev/null
+../mods-available/alias.conf
\ No newline at end of file
--- /dev/null
+../mods-available/alias.load
\ No newline at end of file
--- /dev/null
+../mods-available/auth_basic.load
\ No newline at end of file
--- /dev/null
+../mods-available/authn_core.load
\ No newline at end of file
--- /dev/null
+../mods-available/authn_file.load
\ No newline at end of file
--- /dev/null
+../mods-available/authz_core.load
\ No newline at end of file
--- /dev/null
+../mods-available/authz_host.load
\ No newline at end of file
--- /dev/null
+../mods-available/authz_user.load
\ No newline at end of file
--- /dev/null
+../mods-available/autoindex.conf
\ No newline at end of file
--- /dev/null
+../mods-available/autoindex.load
\ No newline at end of file
--- /dev/null
+../mods-available/deflate.conf
\ No newline at end of file
--- /dev/null
+../mods-available/deflate.load
\ No newline at end of file
--- /dev/null
+../mods-available/dir.conf
\ No newline at end of file
--- /dev/null
+../mods-available/dir.load
\ No newline at end of file
--- /dev/null
+../mods-available/env.load
\ No newline at end of file
--- /dev/null
+../mods-available/filter.load
\ No newline at end of file
--- /dev/null
+../mods-available/mime.conf
\ No newline at end of file
--- /dev/null
+../mods-available/mime.load
\ No newline at end of file
--- /dev/null
+../mods-available/mpm_event.conf
\ No newline at end of file
--- /dev/null
+../mods-available/mpm_event.load
\ No newline at end of file
--- /dev/null
+../mods-available/negotiation.conf
\ No newline at end of file
--- /dev/null
+../mods-available/negotiation.load
\ No newline at end of file
--- /dev/null
+../mods-available/setenvif.conf
\ No newline at end of file
--- /dev/null
+../mods-available/setenvif.load
\ No newline at end of file
--- /dev/null
+../mods-available/status.conf
\ No newline at end of file
--- /dev/null
+../mods-available/status.load
\ No newline at end of file
--- /dev/null
+# If you just change the port or add more ports here, you will likely also
+# have to change the VirtualHost statement in
+# /etc/apache2/sites-enabled/000-default.conf
+
+Listen 80
+
+<IfModule ssl_module>
+ Listen 443
+</IfModule>
+
+<IfModule mod_gnutls.c>
+ Listen 443
+</IfModule>
+
+# vim: syntax=apache ts=4 sw=4 sts=4 sr noet
--- /dev/null
+<VirtualHost *:80>
+
+ Include sites-available/default-include.conf
+
+</VirtualHost>
+
+# vim: filetype=apache ts=4 sw=4 sts=4 sr noet
--- /dev/null
+
+#ServerName www.example.com
+
+ServerAdmin frank@brehm-online.com
+DocumentRoot /var/www/html
+
+#LogLevel info ssl:warn
+
+ErrorLog ${APACHE_LOG_DIR}/error.log
+CustomLog ${APACHE_LOG_DIR}/access.log full_combined
+
+#Include conf-available/serve-cgi-bin.conf
+
+#Alias /Debian/ /home/repo/repos/Debian/
+#<Directory "/home/repo/repos/Debian">
+# Options Indexes FollowSymLinks
+# AllowOverride All
+# Order allow,deny
+# Allow from all
+#</Directory>
+
+#Alias /Ubuntu/ /home/repo/repos/Ubuntu/
+#<Directory "/home/repo/repos/Ubuntu">
+# Options Indexes FollowSymLinks
+# AllowOverride All
+# Order allow,deny
+# Allow from all
+#</Directory>
+
+#Alias /public/ /home/repo/public/
+#<Directory "/home/repo/public">
+# Options Indexes FollowSymLinks
+# AllowOverride All
+# Order allow,deny
+# Allow from all
+#</Directory>
+
+
+# vim: filetype=apache ts=4 sw=4 sts=4 sr noet
--- /dev/null
+<IfModule mod_ssl.c>
+ <VirtualHost _default_:443>
+
+ Include sites-available/default-include.conf
+
+ SSLEngine on
+
+ SSLCertificateFile /etc/ssl/certs/ssl-cert-snakeoil.pem
+ SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key
+
+ #SSLCertificateChainFile /etc/apache2/ssl.crt/server-ca.crt
+
+ #SSLCACertificatePath /etc/ssl/certs/
+ #SSLCACertificateFile /etc/apache2/ssl.crt/ca-bundle.crt
+
+ #SSLCARevocationPath /etc/apache2/ssl.crl/
+ #SSLCARevocationFile /etc/apache2/ssl.crl/ca-bundle.crl
+
+ #SSLVerifyClient require
+ #SSLVerifyDepth 10
+
+ #SSLOptions +FakeBasicAuth +ExportCertData +StrictRequire
+
+ <FilesMatch "\.(cgi|shtml|phtml|php)$">
+ SSLOptions +StdEnvVars
+ </FilesMatch>
+ <Directory /usr/lib/cgi-bin>
+ SSLOptions +StdEnvVars
+ </Directory>
+
+ BrowserMatch "MSIE [2-6]" \
+ nokeepalive ssl-unclean-shutdown \
+ downgrade-1.0 force-response-1.0
+ # MSIE 7 and newer should be able to use keepalive
+ BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown
+
+ </VirtualHost>
+</IfModule>
+
+# vim: filetype=apache ts=4 sw=4 sts=4 sr noet
--- /dev/null
+../sites-available/000-default.conf
\ No newline at end of file
--- /dev/null
+# Site-specific additions and overrides for usr.sbin.named.
+# For more details, please see /etc/apparmor.d/local/README.
--- /dev/null
+# vim:syntax=apparmor
+# Last Modified: Fri Jun 1 16:43:22 2007
+#include <tunables/global>
+
+/usr/sbin/named {
+ #include <abstractions/base>
+ #include <abstractions/nameservice>
+
+ capability net_bind_service,
+ capability setgid,
+ capability setuid,
+ capability sys_chroot,
+ capability sys_resource,
+
+ # /etc/bind should be read-only for bind
+ # /var/lib/bind is for dynamically updated zone (and journal) files.
+ # /var/cache/bind is for slave/stub data, since we're not the origin of it.
+ # See /usr/share/doc/bind9/README.Debian.gz
+ /etc/bind/** r,
+ /var/lib/bind/** rw,
+ /var/lib/bind/ rw,
+ /var/cache/bind/** lrw,
+ /var/cache/bind/ rw,
+
+ # gssapi
+ /etc/krb5.keytab kr,
+ /etc/bind/krb5.keytab kr,
+
+ # ssl
+ /etc/ssl/openssl.cnf r,
+
+ # GeoIP data files for GeoIP ACLs
+ /usr/share/GeoIP/** r,
+
+ # dnscvsutil package
+ /var/lib/dnscvsutil/compiled/** rw,
+
+ /proc/net/if_inet6 r,
+ /proc/*/net/if_inet6 r,
+ /usr/sbin/named mr,
+ /{,var/}run/named/named.pid w,
+ /{,var/}run/named/session.key w,
+ # support for resolvconf
+ /{,var/}run/named/named.options r,
+
+ # some people like to put logs in /var/log/named/ instead of having
+ # syslog do the heavy lifting.
+ /var/log/named/** rw,
+ /var/log/named/ rw,
+
+ # Site-specific additions and overrides. See local/README for details.
+ #include <local/usr.sbin.named>
+}
// DO NOT EDIT! File autogenerated by /etc/kernel/postinst.d/apt-auto-removal
APT::NeverAutoRemove
{
- "^linux-image-3\.16\.0-4-amd64$";
- "^linux-image-4\.3\.0-0\.bpo\.1-amd64$";
- "^linux-headers-3\.16\.0-4-amd64$";
- "^linux-headers-4\.3\.0-0\.bpo\.1-amd64$";
- "^linux-image-extra-3\.16\.0-4-amd64$";
- "^linux-image-extra-4\.3\.0-0\.bpo\.1-amd64$";
- "^linux-signed-image-3\.16\.0-4-amd64$";
- "^linux-signed-image-4\.3\.0-0\.bpo\.1-amd64$";
- "^kfreebsd-image-3\.16\.0-4-amd64$";
- "^kfreebsd-image-4\.3\.0-0\.bpo\.1-amd64$";
- "^kfreebsd-headers-3\.16\.0-4-amd64$";
- "^kfreebsd-headers-4\.3\.0-0\.bpo\.1-amd64$";
- "^gnumach-image-3\.16\.0-4-amd64$";
- "^gnumach-image-4\.3\.0-0\.bpo\.1-amd64$";
- "^.*-modules-3\.16\.0-4-amd64$";
- "^.*-modules-4\.3\.0-0\.bpo\.1-amd64$";
- "^.*-kernel-3\.16\.0-4-amd64$";
- "^.*-kernel-4\.3\.0-0\.bpo\.1-amd64$";
- "^linux-backports-modules-.*-3\.16\.0-4-amd64$";
- "^linux-backports-modules-.*-4\.3\.0-0\.bpo\.1-amd64$";
- "^linux-tools-3\.16\.0-4-amd64$";
- "^linux-tools-4\.3\.0-0\.bpo\.1-amd64$";
+ "^linux-image-4\.6\.0-0\.bpo\.1-amd64$";
+ "^linux-image-4\.7\.0-0\.bpo\.1-amd64$";
+ "^linux-headers-4\.6\.0-0\.bpo\.1-amd64$";
+ "^linux-headers-4\.7\.0-0\.bpo\.1-amd64$";
+ "^linux-image-extra-4\.6\.0-0\.bpo\.1-amd64$";
+ "^linux-image-extra-4\.7\.0-0\.bpo\.1-amd64$";
+ "^linux-signed-image-4\.6\.0-0\.bpo\.1-amd64$";
+ "^linux-signed-image-4\.7\.0-0\.bpo\.1-amd64$";
+ "^kfreebsd-image-4\.6\.0-0\.bpo\.1-amd64$";
+ "^kfreebsd-image-4\.7\.0-0\.bpo\.1-amd64$";
+ "^kfreebsd-headers-4\.6\.0-0\.bpo\.1-amd64$";
+ "^kfreebsd-headers-4\.7\.0-0\.bpo\.1-amd64$";
+ "^gnumach-image-4\.6\.0-0\.bpo\.1-amd64$";
+ "^gnumach-image-4\.7\.0-0\.bpo\.1-amd64$";
+ "^.*-modules-4\.6\.0-0\.bpo\.1-amd64$";
+ "^.*-modules-4\.7\.0-0\.bpo\.1-amd64$";
+ "^.*-kernel-4\.6\.0-0\.bpo\.1-amd64$";
+ "^.*-kernel-4\.7\.0-0\.bpo\.1-amd64$";
+ "^linux-backports-modules-.*-4\.6\.0-0\.bpo\.1-amd64$";
+ "^linux-backports-modules-.*-4\.7\.0-0\.bpo\.1-amd64$";
+ "^linux-tools-4\.6\.0-0\.bpo\.1-amd64$";
+ "^linux-tools-4\.7\.0-0\.bpo\.1-amd64$";
};
--- /dev/null
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+Version: GnuPG v1
+
+mQINBFavlWMBEAC+YKENyf64sRtMCDUmbe14mY+35YHaXDLZfM73DXf/ueQawY2U
+hUEcG9adiGP/n7f5E2UMckWc21TqwM5ALXhUcdnFbkpayyPTMLrp3/2SsBVVTOO5
+j+RVrAEuVl7dBwcrcN51n3Q5E1rsBnVX+5kZ+B1wCSpk7kY8j2T7Ou+79HjBwEfQ
+X04nFIvpPZnM1Hq4ZYpomynADarWLu16WS86LkumC9Fs35bDmtQGEifDuEG8yr9k
+E0ocmNZMLfOS6OaHQMN6RYBsnF8nSrGznXvp0KQYs86YPdbjoZKpRUq3zqSsaJqv
+HgJzonZuadHI6A5Yj5CBsTwneMR3X5RPXtGmiHO/PG+G0c9ZtC5T0pTMvEx5q/o1
+HW8HilGboFxIz01Lf783F82GLA2rwGdeig4hrtgkdBddZCm5GOev7PvhTgnQ5Koc
+llUhxiyh0YlrkM1Mv7Q76lWRX3z0UtzrMDdMNt52DnO8vkm0RMYvRWeebTA74N7j
+n0/Oh8LjVh8lTdTdxruviV6+8hxDHcUy3T2Nc2knasxRdxcJ5hlwuKJ9YCeb5Pya
+LFW6e+KrdxlYnsnYBnpmbi2fFZtLEXv1q7L9wfC37BT6AQNFgjgd8lgVsnQJOTsm
+oexUinvzpuc5m/N9z9Pt6Wr4KYZ/Kh4l39Lzjlssn+I+VlXrp3ql/DRK6QARAQAB
+tDxSZXBvc2l0b3J5IEFkbWluIGZvciBGcmFuayBCcmVobSA8cGFja2FnZXNAYnJl
+aG0tb25saW5lLmNvbT6JAj4EEwECACgFAlavlWMCGwMFCRLMAwAGCwkIBwMCBhUI
+AgkKCwQWAgMBAh4BAheAAAoJELqtpQR6P8vU0GIQAKp/pJ4ArqnHoaP2OGG14B8P
+ivh7YaeZRx5HmZyJdsXLbdMJ8FM/dLvx0wqNM7HtzN11zEqroLeULPJcURiwavF0
+RndFkS9+0QIxCCYZrgpSyR+2UJgGeSzbOipND71elZQ3U6QlDJT/90XsZQwfJNUh
+Ibd3SeT1iW6ARvvZucFmcqgla67IG88Hq80RyZGoepqb73jGDsgw9/3c+Qtv7VBt
+lOZ+pgQksZHMhTWOpQ/JqOocDk6vfqzHOs+0QwbdaBxdBmRtLkBf0/uvkFvqC/R8
+JANdWvoCJqFnnI8QskbtvcnPiSLjqLtxcL+VGn5PjLD6cU8L+WyXfHMiBRZMetuw
+PFlo+Apz9o6Nh7Pg6N875zVSoJFko/w5hTqUBVIFGKCypLJEhOXfFMbTTx/b1/Gi
+yP6vp3V+n3QoxMt99THXSGOrzMu3TfDyNZGDgcq8N6T0MvOM0H0iMIZga6gbqgIm
+qPz2pSpAvZxe5/T48JpYOKiLqTd+Abx6I2scx5VqKrS9tINJWXEwAL0/oR8hcEzO
+QFgFwjwaj7RD3WSLWKy+dwhGVguLKGdPqkOuHj0yl/S6Wcfc3tNZZIm2kauvLI1l
+qp7qk+qMqeJVD0zqL1SyGSNT9YCndCewuso5VMKHyvTVL62X/xGhwAFgsK7qLFj/
+7sftZtXBk8CMv6UvxF0ouQINBFavlWMBEAC4P5+Miz+VbsFss0RHKiSs/+PgusQg
+85lk4J7zQj2S2MseJ35sJSqNX0MUSQ6BCoem+nQSwa1P4enCVonBRyWGRSbUurG/
+ip+WfrsFzHMZmr0JXw8gh/a3Zt9qwz5irERX0p6EDvwPwY411aCm4o+vdj0dPV/T
+CUX6s2dbrl2E2SAsjTzNi7bvKrPPUlufPHVp9o/LZolW40BL4C3r+1PwQFJN/0Np
+DMoKKIVdpmQcz/Ndz7+vFg4YlaeGfIOBt3kzcjt+AiSv+8L0XmtkM/W498VwkSzv
+rqUafJYPK+JtnWxgA7VyGj2fG9BncLONSAs+L1bSKKVQAt8G0H92MWIIUGDNry0b
+fM33xspNmB/7a3Bb9Cfq9eH3FWcMnBjZTGuPbKUEgVRUjyXCqIaDVvrGZBp8MLzZ
+Rg8qybxXMe9liwGdbytf34LMczO1rJN/zDkGf4mIx9LbaNFgcYCRXcb2SIpoW9F6
+hjKPf0+pRQmrelh8KMIevR1MJka3mV0tTN26gG+NBVkR8JjR766VOr5N/ebOAkcP
+GB/oBvmR4TEcqVZnYcDxmhr3Wvv4JjzbwNf0B+TYemq/9w1/IxCsNmx6WoJrdldO
+vk/iZrcF0qCTPeY0i8p+TorZfXkE6lzBqOg6YlTERPdbF1erXPkloRe7fp2iiHTF
+HVTe+0SOhSYUDwARAQABiQIlBBgBAgAPBQJWr5VjAhsMBQkSzAMAAAoJELqtpQR6
+P8vUwLsP+wcduVskRjvL5GzFoYv1fvq/V63x66s3ujWYkxYL0l5VVkcoavNl9BN8
+Ob8G1tfbSazODO8BQchqDxoD0RjZuR3E1AM8Qxx9UEP6jqhGYVAuutesRHeotkua
+QZOcpnVZ5E9SrBTt9xNu6IN8aOMN5TSwqvJsnCLQYUJtluM9luawO7d7ByGWWCpT
+oVjZ2hs4tqZXYz44pCj+TKfRZ1trYdEiQmv3hTY/LhZN3OszZZ/U7ED7UGPxdZ/D
+yCfNRIwhsTeGhB/JnxgamMShcV6p6VJWO3d2ST5wmTV+hgc12EDonAcOaL1W4gM+
+agmxoSg4utzNRK5yxBdIG/cwSeaGhvVK/PVAnfyeckm4esdgvFX0+lYbq58g/c0n
+VmVsy8sTCK7bWzw83CqQ8a4AydjGKQ5Y8aV87IyDsKnxM57l5+/bjL/eCOAolzFO
+hdoNuTkC94vB6WmIqN1FlvL9aSYpUtu+UxiF301t7WmBkuMatCvlqk4gikkY55dh
+oNAuJQCnlv5eqTJzHm41Xc0mPxVuy9shCXY3okuCPoub1pZOGtpDYaoEha34sHLl
+Iqnb4/+OaY2g4pJzevoQzRDPlPI0knUk0LRtjTyt1JpMgfr2+3EF/oFEyd4nPpgx
+EbsYN/rGbaX6tQzDFkFrUA61rjn9C2vr+LYoGcHmWX1oeyVV2OS5
+=1kpZ
+-----END PGP PUBLIC KEY BLOCK-----
--- /dev/null
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+Version: GnuPG v1
+
+mQINBFdj9dcBEADfCy/wCwo2Nbu3wT6Rg3GInCx8E8QSUtNg2sPUisKD3M9dxp0z
+2ygy9ssL4p1u7h4QK0koQW7ciuauTx31Y7Zvs7hybiOTsh9lI+5DZaz4R5whCmJb
+3FICK7jN9UmRSrh2ztJsgkbDU67SRGwtel8OuPow1O/2nOT2EGPzeaToSoctZeBN
+et/zksOs1wyghbXMEgplQBspaKfr9UAYwKwYcQer7Kw9TaD2QHt370WFV14uMD7S
+GGbD+JUNo8u4vhpjjOfEwB3IAbCAKM62WFbx0mxV+h0EcOwJ0F5vr7Q4xJgOSQXh
+V1ATi91qSRkcu1qZjrT5sdkPqBkUcnBvXlzIMbDmgB7e94OJwA9RW9n44clJe6ok
+PIdKmKfurmrssB6o0JKI3f3DXwOF4T3K7KGTKAzUexQHFe8yAQb/2h/woqzMFWVK
+qXR85S5VGfyofGLtjD8/kKPoOf1nAG7TRaJI3T7neOHncIl7gc9D8GQP+b0gpbtG
+NmFilyQAs7ygBZHF0YoUmOgInDOgizBoNCBJm5jSfdjpvzzo9IuoaN6sHMjxmwoH
+UV0M+t3L6/zNuh+r6By0ao/iyghsyh8Fcum8uHUuziLhUgJfJUidn1RFbTt0rbhk
+vzd/EuUYwwq5a01Z4qJXMHWry7JuUfgQN9B3OybZGfHmriwjcRJa5uZbxQARAQAB
+tDxSZXBvc2l0b3J5IEFkbWluIGZvciBGcmFuayBCcmVobSA8cGFja2FnZXNAYnJl
+aG0tb25saW5lLmNvbT6JAjcEEwEIACECGwMCHgECF4AFAldj/m0FCwkIBwMFFQoJ
+CAsFFgIDAQAACgkQh6jb1reW4Sq40RAA1bzL6v0PqApIlY8DTkSADKBq+7oV2mBV
+e1ZO4sj6KBolWkVlGhgUvqOUjEyNmN4NsGH2lY2n5dfwC3EIW5rz8BCC8nxWflp1
+8+YUvkKiF3SMxRVqCVvDnxDLCG4JfwCX+GTBj7FiFMHJHQIJZH9gCdYt60fxY1TL
+sDOgf8WVKZ/YF7L5IRDvPD4FpA5qV7fo/w8yWWY4ctm3iZyCYuOLo9nXY+PcJuc4
+FN+sb66blHE0Q53GgHtIZPu73mfmdrqhtGUhwgPAM+6mEyAiRwxRssrgfmyjd/ZG
+j7Uo22mUcBYs97K7/7qujNpMmxsVRm0yC3ImnciS0NHfqEU5dm6nbILqA897uyac
+Ps5CC/bzV0kFirp6oaOXFXXERC46WdU0w7+rjimpsIML+IwLy4TmWsfCR3V3Pfys
+7JrSLN2QNh3aKMloWTK0TzYcl5OzRzqzCUfUy2+GPl6j232i0jFwrbPrOpNY81Pj
+V1Cmcgtijk4u5N8tii5l4eGrb1U2Pw6dORg6su27brb9N0ouDNiRtLpagwYLnNpf
+CDTjVN3o0bGf+PnZDOf1Y4Bt22KYujTcDHzN8sozRQM05MaJj5QVbz+lrEtsRfoQ
+zZDGokvL3PxDqDkBX/1i6cx3dGFhZx0EvDgcU5+x4f33VV2dvpOoyQRbvAC2qxue
+rBwR5qJzGwy5Ag0EV2P11wEQAKkgfEIJwhnlWxWCX8/TMIH0MbdMN5j9CKk88E9/
+XCL4x9AsgkX7gqy2FlDMecq/QdgjnE5RsQNOPHLloPZoIyIKdGrHxff14iUyQT4Z
+oJAeHgVyiZRsjlJy0dicPaOD20WV5bkf2Qa8XmQ3qj791Yi5l8MuadopyaLXzOD1
+GpL5PI4bmJuWQ91ew4gQqygjc4gMzgWgQUDdpTGsPLDm1g0fEzGeQ4RwBBFb6374
+d/oghdaMM4+1KeoN+5TyCurOwZW/+mH2ex89xdx0+dRl0gShnOC9AhI6zGz9yijX
+ZFA48I53JV3pYaUEtFyGD/UDwoXnWW6ZdVIW38xrNrVxO6ZuJ3haV7jzQKm2JSkP
+u1uCvjr6avyx8EQ6O9xX+APx7XjEFVvdEkqwv2LA3swdDDKiLUTYZeMiHpzI4aD3
+s1XcWgGT5hSdvavH3390kQwRPmK8bdGT9ZFsiRrH+vp7ndUi1S49UDWKQkNHIPeW
+f61hX16EJhYxeK7Fchzqo0/mBBWpIv0WRP7iwt1C3b8Vq4FFuPG4vkmAMzEfuK23
+5IcRVHhFz6qEMxcV5PXRkUAKJGmgfBqJzBVrc3KdrVcxvdBVSDX8bzfL45nuaipp
+xbBQTruHbmSJCkLGWWLFfvm7kRT+WGVoOYxca0a9MkrzVZBTYl8FJOFIFysQDTyW
++iF7ABEBAAGJAh8EGAEIAAkFAldj9dcCGwwACgkQh6jb1reW4Sq3/g//UZ7qjNkz
+EAWsMTqzD2BsAW2rSlWJfJ5+aqTb4ilPX2lOL1q7h1JQKZ0ZJweelyIuIItVlWwm
+Cuu5fwDsmgkWflZtKkNdQ7pYiibUEMKxymILhTHn5UusfsASs8YiO/9eJtVmbuzg
+nUoSvjdhoUGDYmztmvJtQkfCJnf2fBNnnTTbHOB75M5WHPBcdKEhOHv91q3z+0nC
+OOLyIkLZ4Xwdy7zzGZSg1NOmhN59DTEqnIxA7TVAHZwh1OiY76TRfIcc9Y8LZf/t
+73z39I+lnysppfuS8CuYHGg4/AXqfVTqq5HOsVBpszIpkicd5i9dkBSwCFK/rz4s
+y4l66ft/QLg8J20EMuoIalJExFhR9svOf5jO4sjWjtjjz3QLafjAafGZjftKj6Ys
+COzn2ccQFyxT6LOCj1sYb2ZzGfPMIVf1N2iXJ4COV4ugVKE0364mEx/xwae189wd
+9ThPXCqg3K4IErNFi2hHsP08a0M9ICF+iWydQqode8q8ogFthqFY/NEzM29AUYyK
+m9AbzCBIh9DCDljnevBQ31BLt+Q0Dr0ZvG21W9yPVQrkYBR2iJ/vol3d+E8FEpiN
+3X+GofRaN3Ix1+qwIhxyT8DWtbGBVQwUQId2QuUFNZKAooWpfaoWASJNkzutJM9n
+og4IHx4/ewCHpZw0I5gSrvEl8ClADzV82g8=
+=XuBr
+-----END PGP PUBLIC KEY BLOCK-----
-# deb http://ftp.us.debian.org/debian jessie main
+# deb http://ftp.us.debian.org/debian jessie main
-deb http://ftp.us.debian.org/debian jessie main contrib non-free
-deb-src http://ftp.us.debian.org/debian jessie main contrib non-free
+# main jessie repositories
+deb http://ftp.us.debian.org/debian jessie main contrib non-free
+deb-src http://ftp.us.debian.org/debian jessie main contrib non-free
-deb http://security.debian.org/ jessie/updates main contrib non-free
-deb-src http://security.debian.org/ jessie/updates main contrib non-free
+# jessie security updates
+deb http://security.debian.org/ jessie/updates main contrib non-free
+deb-src http://security.debian.org/ jessie/updates main contrib non-free
# jessie-updates, previously known as 'volatile'
-deb http://ftp.us.debian.org/debian jessie-updates main contrib non-free
-deb-src http://ftp.us.debian.org/debian jessie-updates main contrib non-free
+deb http://ftp.us.debian.org/debian jessie-updates main contrib non-free
+deb-src http://ftp.us.debian.org/debian jessie-updates main contrib non-free
# jessie-backports, previously on backports.debian.org
deb http://ftp.us.debian.org/debian/ jessie-backports main contrib non-free
deb-src http://ftp.us.debian.org/debian/ jessie-backports main contrib non-free
+# vim: noet ts=8
--- /dev/null
+# Packages Frank Brehm
+# ---------------------
+
+#deb http://www.brehm-online.com/debian/jessie ./
+deb http://repo.uhu-banane.de/Debian/jessie ./
+deb-src http://repo.uhu-banane.de/Sources ./
-deb http://repo.saltstack.com/apt/debian/8/amd64/latest jessie main
+deb http://repo.saltstack.com/apt/debian/8/amd64/latest jessie main
--- /dev/null
+# bash completion for Debian apache2 configuration tools
+
+_apache2_allcomp()
+{
+ command ls /etc/apache2/$1 2>/dev/null
+}
+
+_apache2_mods()
+{
+ COMPREPLY=( $( compgen -W '$( _apache2_allcomp $1 \
+ | sed -e 's/[.]load$//' -e 's/[.]conf$//' )' -- $cur ) )
+}
+
+_apache2_sites()
+{
+ COMPREPLY=( $( compgen -W '$( _apache2_allcomp $1 )' -- $cur ) )
+}
+
+_apache2_conf()
+{
+ COMPREPLY=( $( compgen -W '$( _apache2_allcomp $1 \
+ | sed -e 's/[.]conf$//' )' -- $cur ) )
+}
+
+_a2enmod()
+{
+ local cur
+
+ COMPREPLY=()
+ cur=${COMP_WORDS[COMP_CWORD]}
+
+ _apache2_mods mods-available
+}
+complete -F _a2enmod a2enmod
+
+_a2ensite()
+{
+ local cur
+
+ COMPREPLY=()
+ cur=${COMP_WORDS[COMP_CWORD]}
+
+ _apache2_sites sites-available
+}
+complete -F _a2ensite a2ensite
+
+_a2enconf()
+{
+ local cur
+
+ COMPREPLY=()
+ cur=${COMP_WORDS[COMP_CWORD]}
+
+ _apache2_conf conf-available
+}
+complete -F _a2enconf a2enconf
+
+_a2dismod()
+{
+ local cur
+
+ COMPREPLY=()
+ cur=${COMP_WORDS[COMP_CWORD]}
+
+ _apache2_mods mods-enabled
+}
+complete -F _a2dismod a2dismod
+
+_a2dissite()
+{
+ local cur
+
+ COMPREPLY=()
+ cur=${COMP_WORDS[COMP_CWORD]}
+
+ _apache2_sites sites-enabled
+}
+complete -F _a2dissite a2dissite
+
+_a2disconf()
+{
+ local cur
+
+ COMPREPLY=()
+ cur=${COMP_WORDS[COMP_CWORD]}
+
+ _apache2_conf conf-enabled
+}
+complete -F _a2disconf a2disconf
--- /dev/null
+# written by David Pravec
+# - feel free to /msg alekibango on IRC if you want to talk about this file
+
+# TODO: check if --config|-c was used and use configured config file for queries
+# TODO: solve somehow completion for salt -G pythonversion:[tab]
+# (not sure what to do with lists)
+# TODO: --range[tab] -- how?
+# TODO: -E --exsel[tab] -- how?
+# TODO: --compound[tab] -- how?
+# TODO: use history to extract some words, esp. if ${cur} is empty
+# TODO: TEST EVERYTING a lot
+# TODO: cache results of some functions? where? how long?
+# TODO: is it ok to use '--timeout 2' ?
+
+
+_salt_get_grains(){
+ if [ "$1" = 'local' ] ; then
+ salt-call --out=txt -- grains.ls | sed 's/^.*\[//' | tr -d ",']" |sed 's:\([a-z0-9]\) :\1\: :g'
+ else
+ salt '*' --timeout 2 --out=txt -- grains.ls | sed 's/^.*\[//' | tr -d ",']" |sed 's:\([a-z0-9]\) :\1\: :g'
+ fi
+}
+
+_salt_get_grain_values(){
+ if [ "$1" = 'local' ] ; then
+ salt-call --out=txt -- grains.item $1 |sed 's/^\S*:\s//' |grep -v '^\s*$'
+ else
+ salt '*' --timeout 2 --out=txt -- grains.item $1 |sed 's/^\S*:\s//' |grep -v '^\s*$'
+ fi
+}
+
+
+_salt(){
+ local cur prev opts _salt_grains _salt_coms pprev ppprev
+ COMPREPLY=()
+ cur="${COMP_WORDS[COMP_CWORD]}"
+ prev="${COMP_WORDS[COMP_CWORD-1]}"
+ if [ ${COMP_CWORD} -gt 2 ]; then
+ pprev="${COMP_WORDS[COMP_CWORD-2]}"
+ fi
+ if [ ${COMP_CWORD} -gt 3 ]; then
+ ppprev="${COMP_WORDS[COMP_CWORD-3]}"
+ fi
+
+ opts="-h --help -d --doc --documentation --version --versions-report -c \
+ --config-dir= -v --verbose -t --timeout= -s --static -b --batch= \
+ --batch-size= -E --pcre -L --list -G --grain --grain-pcre -N \
+ --nodegroup -R --range -C --compound -X --exsel -I --pillar \
+ --return= -a --auth= --eauth= --extended-auth= -T --make-token -S \
+ --ipcidr --out=pprint --out=yaml --out=overstatestage --out=json \
+ --out=raw --out=highstate --out=key --out=txt --no-color --out-indent= "
+
+ if [[ "${cur}" == -* ]] ; then
+ COMPREPLY=($(compgen -W "${opts}" -- ${cur}))
+ return 0
+ fi
+
+ # 2 special cases for filling up grain values
+ case "${pprev}" in
+ -G|--grain|--grain-pcre)
+ if [ "${cur}" = ":" ]; then
+ COMPREPLY=($(compgen -W "`_salt_get_grain_values ${prev}`" ))
+ return 0
+ fi
+ ;;
+ esac
+ case "${ppprev}" in
+ -G|--grain|--grain-pcre)
+ if [ "${prev}" = ":" ]; then
+ COMPREPLY=( $(compgen -W "`_salt_get_grain_values ${pprev}`" -- ${cur}) )
+ return 0
+ fi
+ ;;
+ esac
+
+ if [ "${cur}" = "=" ] && [[ "${prev}" == --* ]]; then
+ cur=""
+ fi
+ if [ "${prev}" = "=" ] && [[ "${pprev}" == --* ]]; then
+ prev="${pprev}"
+ fi
+
+ case "${prev}" in
+
+ -c|--config)
+ COMPREPLY=($(compgen -f -- ${cur}))
+ return 0
+ ;;
+ salt)
+ COMPREPLY=($(compgen -W "\'*\' ${opts} `salt-key --no-color -l acc`" -- ${cur}))
+ return 0
+ ;;
+ -E|--pcre)
+ COMPREPLY=($(compgen -W "`salt-key --no-color -l acc`" -- ${cur}))
+ return 0
+ ;;
+ -G|--grain|--grain-pcre)
+ COMPREPLY=($(compgen -W "$(_salt_get_grains)" -- ${cur}))
+ return 0
+ ;;
+ -C|--compound)
+ COMPREPLY=() # TODO: finish this one? how?
+ return 0
+ ;;
+ -t|--timeout)
+ COMPREPLY=($( compgen -W "1 2 3 4 5 6 7 8 9 10 15 20 30 40 60 90 120 180" -- ${cur}))
+ return 0
+ ;;
+ -b|--batch|--batch-size)
+ COMPREPLY=($(compgen -W "1 2 3 4 5 6 7 8 9 10 15 20 30 40 50 60 70 80 90 100 120 150 200"))
+ return 0
+ ;;
+ -X|--exsel) # TODO: finish this one? how?
+ return 0
+ ;;
+ -N|--nodegroup)
+ MASTER_CONFIG='/etc/salt/master'
+ COMPREPLY=($(compgen -W "`awk -F ':' 'BEGIN {print_line = 0}; /^nodegroups/ {print_line = 1;getline } print_line && /^ */ {print $1} /^[^ ]/ {print_line = 0}' <${MASTER_CONFIG}`" -- ${cur}))
+ return 0
+ ;;
+ esac
+
+ _salt_coms="$(salt '*' --timeout 2 --out=txt -- sys.list_functions | sed 's/^.*\[//' | tr -d ",']" )"
+ all="${opts} ${_salt_coms}"
+ COMPREPLY=( $(compgen -W "${all}" -- ${cur}) )
+
+ return 0
+}
+
+complete -F _salt salt
+
+
+_saltkey(){
+ local cur prev opts prev pprev
+ COMPREPLY=()
+ cur="${COMP_WORDS[COMP_CWORD]}"
+ prev="${COMP_WORDS[COMP_CWORD-1]}"
+ opts="-c --config-dir= -h --help --version --versions-report -q --quiet \
+ -y --yes --gen-keys= --gen-keys-dir= --keysize= --key-logfile= \
+ -l --list= -L --list-all -a --accept= -A --accept-all \
+ -r --reject= -R --reject-all -p --print= -P --print-all \
+ -d --delete= -D --delete-all -f --finger= -F --finger-all \
+ --out=pprint --out=yaml --out=overstatestage --out=json --out=raw \
+ --out=highstate --out=key --out=txt --no-color --out-indent= "
+ if [ ${COMP_CWORD} -gt 2 ]; then
+ pprev="${COMP_WORDS[COMP_CWORD-2]}"
+ fi
+ if [ ${COMP_CWORD} -gt 3 ]; then
+ ppprev="${COMP_WORDS[COMP_CWORD-3]}"
+ fi
+ if [[ "${cur}" == -* ]] ; then
+ COMPREPLY=($(compgen -W "${opts}" -- ${cur}))
+ return 0
+ fi
+
+ if [ "${cur}" = "=" ] && [[ "${prev}" == --* ]]; then
+ cur=""
+ fi
+ if [ "${prev}" = "=" ] && [[ "${pprev}" == --* ]]; then
+ prev="${pprev}"
+ fi
+
+ case "${prev}" in
+ -a|--accept)
+ COMPREPLY=($(compgen -W "$(salt-key -l un --no-color; salt-key -l rej --no-color)" -- ${cur}))
+ return 0
+ ;;
+ -r|--reject)
+ COMPREPLY=($(compgen -W "$(salt-key -l acc --no-color)" -- ${cur}))
+ return 0
+ ;;
+ -d|--delete)
+ COMPREPLY=($(compgen -W "$(salt-key -l acc --no-color; salt-key -l un --no-color; salt-key -l rej --no-color)" -- ${cur}))
+ return 0
+ ;;
+ -c|--config)
+ COMPREPLY=($(compgen -f -- ${cur}))
+ return 0
+ ;;
+ --keysize)
+ COMPREPLY=($(compgen -W "2048 3072 4096 5120 6144" -- ${cur}))
+ return 0
+ ;;
+ --gen-keys)
+ return 0
+ ;;
+ --gen-keys-dir)
+ COMPREPLY=($(compgen -d -- ${cur}))
+ return 0
+ ;;
+ -p|--print)
+ COMPREPLY=($(compgen -W "$(salt-key -l acc --no-color; salt-key -l un --no-color; salt-key -l rej --no-color)" -- ${cur}))
+ return 0
+ ;;
+ -l|--list)
+ COMPREPLY=($(compgen -W "pre un acc accepted unaccepted rej rejected all" -- ${cur}))
+ return 0
+ ;;
+ --accept-all)
+ return 0
+ ;;
+ esac
+ COMPREPLY=($(compgen -W "${opts} " -- ${cur}))
+ return 0
+}
+
+complete -F _saltkey salt-key
+
+_saltcall(){
+ local cur prev opts _salt_coms pprev ppprev
+ COMPREPLY=()
+ cur="${COMP_WORDS[COMP_CWORD]}"
+ prev="${COMP_WORDS[COMP_CWORD-1]}"
+ opts="-h --help -d --doc --documentation --version --versions-report \
+ -m --module-dirs= -g --grains --return= --local -c --config-dir= -l --log-level= \
+ --out=pprint --out=yaml --out=overstatestage --out=json --out=raw \
+ --out=highstate --out=key --out=txt --no-color --out-indent= "
+ if [ ${COMP_CWORD} -gt 2 ]; then
+ pprev="${COMP_WORDS[COMP_CWORD-2]}"
+ fi
+ if [ ${COMP_CWORD} -gt 3 ]; then
+ ppprev="${COMP_WORDS[COMP_CWORD-3]}"
+ fi
+ if [[ "${cur}" == -* ]] ; then
+ COMPREPLY=($(compgen -W "${opts}" -- ${cur}))
+ return 0
+ fi
+
+ if [ "${cur}" = "=" ] && [[ ${prev} == --* ]]; then
+ cur=""
+ fi
+ if [ "${prev}" = "=" ] && [[ ${pprev} == --* ]]; then
+ prev="${pprev}"
+ fi
+
+ case ${prev} in
+ -m|--module-dirs)
+ COMPREPLY=( $(compgen -d ${cur} ))
+ return 0
+ ;;
+ -l|--log-level)
+ COMPREPLY=( $(compgen -W "info none garbage trace warning error debug" -- ${cur}))
+ return 0
+ ;;
+ -g|grains)
+ return 0
+ ;;
+ salt-call)
+ COMPREPLY=($(compgen -W "${opts}" -- ${cur}))
+ return 0
+ ;;
+ esac
+
+ _salt_coms="$(salt-call --out=txt -- sys.list_functions|sed 's/^.*\[//' | tr -d ",']" )"
+ COMPREPLY=( $(compgen -W "${opts} ${_salt_coms}" -- ${cur} ))
+ return 0
+}
+
+complete -F _saltcall salt-call
+
+
+_saltcp(){
+ local cur prev opts target prefpart postpart helper filt pprev ppprev
+ COMPREPLY=()
+ cur="${COMP_WORDS[COMP_CWORD]}"
+ prev="${COMP_WORDS[COMP_CWORD-1]}"
+ opts="-t --timeout= -s --static -b --batch= --batch-size= \
+ -h --help --version --versions-report -c --config-dir= \
+ -E --pcre -L --list -G --grain --grain-pcre -N --nodegroup \
+ -R --range -C --compound -X --exsel -I --pillar \
+ --out=pprint --out=yaml --out=overstatestage --out=json --out=raw \
+ --out=highstate --out=key --out=txt --no-color --out-indent= "
+ if [[ "${cur}" == -* ]] ; then
+ COMPREPLY=($(compgen -W "${opts}" -- ${cur}))
+ return 0
+ fi
+
+ if [ "${cur}" = "=" ] && [[ "${prev}" == --* ]]; then
+ cur=""
+ fi
+ if [ "${prev}" = "=" ] && [[ "${pprev}" == --* ]]; then
+ prev=${pprev}
+ fi
+
+ case ${prev} in
+ salt-cp)
+ COMPREPLY=($(compgen -W "${opts} `salt-key -l acc --no-color`" -- ${cur}))
+ return 0
+ ;;
+ -t|--timeout)
+ # those numbers are just a hint
+ COMPREPLY=($(compgen -W "2 3 4 8 10 15 20 25 30 40 60 90 120 180 240 300" -- ${cur} ))
+ return 0
+ ;;
+ -E|--pcre)
+ COMPREPLY=($(compgen -W "`salt-key -l acc --no-color`" -- ${cur}))
+ return 0
+ ;;
+ -L|--list)
+ # IMPROVEMENTS ARE WELCOME
+ prefpart="${cur%,*},"
+ postpart=${cur##*,}
+ filt="^\($(echo ${cur}| sed 's:,:\\|:g')\)$"
+ helper=($(salt-key -l acc --no-color | grep -v "${filt}" | sed "s/^/${prefpart}/"))
+ COMPREPLY=($(compgen -W "${helper[*]}" -- ${cur}))
+
+ return 0
+ ;;
+ -G|--grain|--grain-pcre)
+ COMPREPLY=($(compgen -W "$(_salt_get_grains)" -- ${cur}))
+ return 0
+ ;;
+ # FIXME
+ -R|--range)
+ # FIXME ??
+ return 0
+ ;;
+ -C|--compound)
+ # FIXME ??
+ return 0
+ ;;
+ -c|--config)
+ COMPREPLY=($(compgen -f -- ${cur}))
+ return 0
+ ;;
+ esac
+
+ # default is using opts:
+ COMPREPLY=( $(compgen -W "${opts}" -- ${cur}) )
+}
+
+complete -F _saltcp salt-cp
--- /dev/null
+/* $Id: bind.keys,v 1.7 2011/01/03 23:45:07 each Exp $ */
+# The bind.keys file is used to override the built-in DNSSEC trust anchors
+# which are included as part of BIND 9. As of the current release, the only
+# trust anchors it contains are those for the DNS root zone ("."), and for
+# the ISC DNSSEC Lookaside Validation zone ("dlv.isc.org"). Trust anchors
+# for any other zones MUST be configured elsewhere; if they are configured
+# here, they will not be recognized or used by named.
+#
+# The built-in trust anchors are provided for convenience of configuration.
+# They are not activated within named.conf unless specifically switched on.
+# To use the built-in root key, set "dnssec-validation auto;" in
+# named.conf options. To use the built-in DLV key, set
+# "dnssec-lookaside auto;". Without these options being set,
+# the keys in this file are ignored.
+#
+# This file is NOT expected to be user-configured.
+#
+# These keys are current as of January 2011. If any key fails to
+# initialize correctly, it may have expired. In that event you should
+# replace this file with a current version. The latest version of
+# bind.keys can always be obtained from ISC at https://www.isc.org/bind-keys.
+
+managed-keys {
+ # ISC DLV: See https://www.isc.org/solutions/dlv for details.
+ # NOTE: This key is activated by setting "dnssec-lookaside auto;"
+ # in named.conf.
+ dlv.isc.org. initial-key 257 3 5 "BEAAAAPHMu/5onzrEE7z1egmhg/WPO0+juoZrW3euWEn4MxDCE1+lLy2
+ brhQv5rN32RKtMzX6Mj70jdzeND4XknW58dnJNPCxn8+jAGl2FZLK8t+
+ 1uq4W+nnA3qO2+DL+k6BD4mewMLbIYFwe0PG73Te9fZ2kJb56dhgMde5
+ ymX4BI/oQ+cAK50/xvJv00Frf8kw6ucMTwFlgPe+jnGxPPEmHAte/URk
+ Y62ZfkLoBAADLHQ9IrS2tryAe7mbBZVcOwIeU/Rw/mRx/vwwMCTgNboM
+ QKtUdvNXDrYJDSHZws3xiRXF1Rf+al9UmZfSav/4NWLKjHzpT59k/VSt
+ TDN0YUuWrBNh";
+
+ # ROOT KEY: See https://data.iana.org/root-anchors/root-anchors.xml
+ # for current trust anchor information.
+ # NOTE: This key is activated by setting "dnssec-validation auto;"
+ # in named.conf.
+ . initial-key 257 3 8 "AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjF
+ FVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoX
+ bfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaD
+ X6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpz
+ W5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relS
+ Qageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulq
+ QxA+Uk1ihz0=";
+};
--- /dev/null
+;
+; BIND reverse data file for broadcast zone
+;
+$TTL 604800
+@ IN SOA localhost. root.localhost. (
+ 1 ; Serial
+ 604800 ; Refresh
+ 86400 ; Retry
+ 2419200 ; Expire
+ 604800 ) ; Negative Cache TTL
+;
+@ IN NS localhost.
--- /dev/null
+;
+; BIND reverse data file for local loopback interface
+;
+$TTL 604800
+@ IN SOA localhost. root.localhost. (
+ 1 ; Serial
+ 604800 ; Refresh
+ 86400 ; Retry
+ 2419200 ; Expire
+ 604800 ) ; Negative Cache TTL
+;
+@ IN NS localhost.
+1.0.0 IN PTR localhost.
--- /dev/null
+;
+; BIND reverse data file for broadcast zone
+;
+$TTL 604800
+@ IN SOA localhost. root.localhost. (
+ 1 ; Serial
+ 604800 ; Refresh
+ 86400 ; Retry
+ 2419200 ; Expire
+ 604800 ) ; Negative Cache TTL
+;
+@ IN NS localhost.
--- /dev/null
+; BIND reverse data file for empty rfc1918 zone
+;
+; DO NOT EDIT THIS FILE - it is used for multiple zones.
+; Instead, copy it, edit named.conf, and use that copy.
+;
+$TTL 86400
+@ IN SOA localhost. root.localhost. (
+ 1 ; Serial
+ 604800 ; Refresh
+ 86400 ; Retry
+ 2419200 ; Expire
+ 86400 ) ; Negative Cache TTL
+;
+@ IN NS localhost.
--- /dev/null
+;
+; BIND data file for local loopback interface
+;
+$TTL 604800
+@ IN SOA localhost. root.localhost. (
+ 2 ; Serial
+ 604800 ; Refresh
+ 86400 ; Retry
+ 2419200 ; Expire
+ 604800 ) ; Negative Cache TTL
+;
+@ IN NS localhost.
+@ IN A 127.0.0.1
+@ IN AAAA ::1
--- /dev/null
+; This file holds the information on root name servers needed to
+; initialize cache of Internet domain name servers
+; (e.g. reference this file in the "cache . <file>"
+; configuration file of BIND domain name servers).
+;
+; This file is made available by InterNIC
+; under anonymous FTP as
+; file /domain/named.cache
+; on server FTP.INTERNIC.NET
+; -OR- RS.INTERNIC.NET
+;
+; last update: Jan 3, 2013
+; related version of root zone: 2013010300
+;
+; formerly NS.INTERNIC.NET
+;
+. 3600000 IN NS A.ROOT-SERVERS.NET.
+A.ROOT-SERVERS.NET. 3600000 A 198.41.0.4
+A.ROOT-SERVERS.NET. 3600000 AAAA 2001:503:BA3E::2:30
+;
+; FORMERLY NS1.ISI.EDU
+;
+. 3600000 NS B.ROOT-SERVERS.NET.
+B.ROOT-SERVERS.NET. 3600000 A 192.228.79.201
+;
+; FORMERLY C.PSI.NET
+;
+. 3600000 NS C.ROOT-SERVERS.NET.
+C.ROOT-SERVERS.NET. 3600000 A 192.33.4.12
+;
+; FORMERLY TERP.UMD.EDU
+;
+. 3600000 NS D.ROOT-SERVERS.NET.
+D.ROOT-SERVERS.NET. 3600000 A 199.7.91.13
+D.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:2D::D
+;
+; FORMERLY NS.NASA.GOV
+;
+. 3600000 NS E.ROOT-SERVERS.NET.
+E.ROOT-SERVERS.NET. 3600000 A 192.203.230.10
+;
+; FORMERLY NS.ISC.ORG
+;
+. 3600000 NS F.ROOT-SERVERS.NET.
+F.ROOT-SERVERS.NET. 3600000 A 192.5.5.241
+F.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:2F::F
+;
+; FORMERLY NS.NIC.DDN.MIL
+;
+. 3600000 NS G.ROOT-SERVERS.NET.
+G.ROOT-SERVERS.NET. 3600000 A 192.112.36.4
+;
+; FORMERLY AOS.ARL.ARMY.MIL
+;
+. 3600000 NS H.ROOT-SERVERS.NET.
+H.ROOT-SERVERS.NET. 3600000 A 128.63.2.53
+H.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:1::803F:235
+;
+; FORMERLY NIC.NORDU.NET
+;
+. 3600000 NS I.ROOT-SERVERS.NET.
+I.ROOT-SERVERS.NET. 3600000 A 192.36.148.17
+I.ROOT-SERVERS.NET. 3600000 AAAA 2001:7FE::53
+;
+; OPERATED BY VERISIGN, INC.
+;
+. 3600000 NS J.ROOT-SERVERS.NET.
+J.ROOT-SERVERS.NET. 3600000 A 192.58.128.30
+J.ROOT-SERVERS.NET. 3600000 AAAA 2001:503:C27::2:30
+;
+; OPERATED BY RIPE NCC
+;
+. 3600000 NS K.ROOT-SERVERS.NET.
+K.ROOT-SERVERS.NET. 3600000 A 193.0.14.129
+K.ROOT-SERVERS.NET. 3600000 AAAA 2001:7FD::1
+;
+; OPERATED BY ICANN
+;
+. 3600000 NS L.ROOT-SERVERS.NET.
+L.ROOT-SERVERS.NET. 3600000 A 199.7.83.42
+L.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:3::42
+;
+; OPERATED BY WIDE
+;
+. 3600000 NS M.ROOT-SERVERS.NET.
+M.ROOT-SERVERS.NET. 3600000 A 202.12.27.33
+M.ROOT-SERVERS.NET. 3600000 AAAA 2001:DC3::35
+; End of File
--- /dev/null
+dns-uhu-banane. IN KEY 512 3 157 eMhLmrsWxS28+oUnhbjwE6xYhMCvDKtsEBEc6TzD62mPMQ3R57xDb6McBAduXo56/a1xOtrX/tFs4CVnDnYdMw==
--- /dev/null
+Private-key-format: v1.3
+Algorithm: 157 (HMAC_MD5)
+Key: eMhLmrsWxS28+oUnhbjwE6xYhMCvDKtsEBEc6TzD62mPMQ3R57xDb6McBAduXo56/a1xOtrX/tFs4CVnDnYdMw==
+Bits: AAA=
+Created: 20160308220200
+Publish: 20160308220200
+Activate: 20160308220200
--- /dev/null
+dyn-dns-updater. IN KEY 0 3 157 gi69Yjzo1OSPVQ/oTTgw+Q==
--- /dev/null
+Private-key-format: v1.2
+Algorithm: 157 (HMAC_MD5)
+Key: gi69Yjzo1OSPVQ/oTTgw+Q==
+Bits: AAA=
--- /dev/null
+//###############################################################
+//# Bind9-Konfigurationsdatei - Access-Control-Listen
+//# /etc/bind/named-acl.conf
+//#
+//# Host ns2.uhu-banane.de
+//#
+//###############################################################
+
+//###############################################################
+//# Access-Control-Listen
+
+#----------------------------------------
+acl allow-dyn-update {
+ 46.16.73.175;
+ 2001:4dd0:ff00:cd3::2;
+ 85.214.134.152;
+ 2a01:238:4225:6e00:8f8c:808a:7fb8:88df;
+ 144.76.221.169;
+ 2a01:4f8:200:94a8::2;
+ 138.201.28.135;
+ 2a01:4f8:171:3006::2;
+ 185.48.118.128;
+ 162.254.24.33;
+ 185.102.95.107;
+ 2a06:2380:0:1::3a;
+ 2a02:8109:ae3f:fa04:5604:a6ff:fe38:99f9;
+ 127.0.0.1;
+ ::1;
+};
+
+#----------------------------------------
+acl allow-notify {
+ 46.16.73.175;
+ 2001:4dd0:ff00:cd3::2;
+ 85.214.134.152;
+ 2a01:238:4225:6e00:8f8c:808a:7fb8:88df;
+ 144.76.221.169;
+ 2a01:4f8:200:94a8::2;
+ 138.201.28.135;
+ 2a01:4f8:171:3006::2;
+ 185.48.118.128;
+ 162.254.24.33;
+ 185.102.95.107;
+ 2a06:2380:0:1::3a;
+ 2a02:8109:ae3f:fa04:5604:a6ff:fe38:99f9;
+ 127.0.0.1;
+ ::1;
+};
+
+#----------------------------------------
+acl allow-recursion {
+ 46.16.73.175;
+ 2001:4dd0:ff00:cd3::2;
+ 85.214.134.152;
+ 2a01:238:4225:6e00:8f8c:808a:7fb8:88df;
+ 144.76.221.169;
+ 2a01:4f8:200:94a8::2;
+ 185.48.118.128;
+ 162.254.24.33;
+ 185.102.95.107;
+ 2a06:2380:0:1::3a;
+ 2a02:8109:ae3f:fa04:5604:a6ff:fe38:99f9;
+ 138.201.28.135;
+ 138.201.28.184;
+ 138.201.28.185;
+ 138.201.28.186;
+ 2a01:4f8:171:3006::/64;
+ 127.0.0.0/8;
+ ::1/128;
+ fe80::/10;
+};
+
+#----------------------------------------
+acl also-notify-acwain {
+ 144.76.221.169;
+ 2a01:4f8:200:94a8::2;
+ 2a02:8109:ae3f:fa04:5604:a6ff:fe38:99f9;
+ 138.201.28.135;
+ 2a01:4f8:171:3006::2;
+};
+
+#----------------------------------------
+acl also-notify-boreus {
+ 195.50.185.7;
+ 46.189.56.7;
+ 85.199.64.7;
+};
+
+#----------------------------------------
+acl also-notify-uhu-banane {
+ 185.48.118.128;
+ 162.254.24.33;
+};
+
+#----------------------------------------
+acl common-allow-transfer {
+ 195.50.185.7;
+ 46.189.56.7;
+ 85.199.64.7;
+ 46.16.73.175;
+ 2001:4dd0:ff00:cd3::2;
+ 85.214.134.152;
+ 2a01:238:4225:6e00:8f8c:808a:7fb8:88df;
+ 144.76.221.169;
+ 2a01:4f8:200:94a8::2;
+ 138.201.28.135;
+ 2a01:4f8:171:3006::2;
+ 185.48.118.128;
+ 162.254.24.33;
+ 185.102.95.107;
+ 2a06:2380:0:1::3a;
+ 2a02:8109:ae3f:fa04:5604:a6ff:fe38:99f9;
+ 127.0.0.1;
+ ::1;
+};
+
+#----------------------------------------
+acl local-host-ips {
+ 127.0.0.1/8;
+ ::1/128;
+};
+
+#----------------------------------------
+acl local-net-ips {
+ 127.0.0.0/8;
+ 10.0.0.0/8;
+ 172.16.0.0/12;
+ 192.168.0.0/16;
+ ::1/128;
+ fe80::/10;
+};
+
+#----------------------------------------
+acl private-net-ips {
+ 10.12.11.0/24;
+ 46.16.73.175;
+ 2001:4dd0:ff00:cd3::2;
+ 2a02:8109:ae3f:fa04:5604:a6ff:fe38:99f9;
+ 85.214.134.152;
+ 2a01:238:4225:6e00:8f8c:808a:7fb8:88df;
+ 185.102.95.107;
+ 2a06:2380:0:1::3a;
+};
+
+# vim: ts=4 filetype=named noai
--- /dev/null
+//###############################################################
+//# Bind9-Konfigurationsdatei - Dynamische Zonen
+//# /etc/bind/named-dyn.conf
+//#
+//# Host ns2.uhu-banane.de
+//#
+//###############################################################
+
+
+zone "dyn.brehm-online.com" {
+ type slave;
+ file "dyn.brehm-online.com.zone";
+ masters {
+ 185.102.95.107;
+ };
+ allow-transfer {
+ common-allow-transfer;
+ };
+};
+
+zone "dyn.uhu-banane.de" {
+ type slave;
+ file "dyn.uhu-banane.de.zone";
+ masters {
+ 185.102.95.107;
+ };
+ allow-transfer {
+ common-allow-transfer;
+ };
+};
+
+
+# vim: ts=4 filetype=named noai
--- /dev/null
+//###############################################################
+//# Bind9-Konfigurationsdatei Logging
+//# /etc/bind/named-log.conf
+//#
+//# Host ns2.uhu-banane.de
+//#
+//###############################################################
+
+//###############################################################
+//# Angaben zum Logging
+
+logging {
+
+ //---------------------------------------
+ // Channels
+
+ channel complete_debug {
+ file "/var/log/bind/complete-debug.log";
+ print-category yes;
+ print-severity yes;
+ print-time yes;
+ severity debug 99;
+ };
+
+ channel logtofile {
+ file "/var/log/bind/named.log";
+ print-category yes;
+ print-severity yes;
+ print-time yes;
+ severity info;
+ };
+
+ channel moderate_debug {
+ file "/var/log/bind/debug.log";
+ print-category yes;
+ print-severity yes;
+ print-time yes;
+ severity debug 1;
+ };
+
+ channel query_logging {
+ file "/var/log/bind/query.log";
+ print-time yes;
+ };
+
+ channel security_file {
+ file "/var/log/bind/security.log";
+ print-category yes;
+ print-severity yes;
+ print-time yes;
+ severity dynamic;
+ };
+
+ channel syslog-warning {
+ syslog daemon;
+ severity warning;
+ };
+
+
+ //---------------------------------------
+ // Categories
+
+ category default {
+ default_debug;
+ logtofile;
+ };
+
+ category general {
+ logtofile;
+ syslog-warning;
+ };
+
+ category lame-servers {
+ null;
+ };
+
+ category queries {
+ query_logging;
+ };
+
+ category security {
+ security_file;
+ };
+
+};
+
+# vim: ts=4 filetype=named noai
--- /dev/null
+//###############################################################
+//# Bind9-Konfigurationsdatei - Primaere Zonen
+//# /etc/bind/named-pri.conf
+//#
+//# Host ns2.uhu-banane.de
+//#
+//###############################################################
+
+//###############################################################
+//# Master-Zonen (Primary)
+
+
+
+# vim: ts=4 filetype=named noai
--- /dev/null
+//###############################################################
+//# Bind9-Konfigurationsdatei - Sekundaere Zonen
+//# /etc/bind/named-sec
+//#
+//# Host ns2.uhu-banane.de
+//#
+//###############################################################
+
+//###############################################################
+//# Slave-Zonen (Secondary)
+
+
+zone "0.0.0.0.7.b.d.1.8.f.6.0.1.0.0.2.ip6.arpa" {
+ type slave;
+ file "rev.2001-6f8-1db7-0.zone";
+ masters {
+ 185.102.95.107;
+ };
+ allow-transfer {
+ common-allow-transfer;
+ };
+};
+
+zone "0.0.0.1.6.0.0.3.1.7.1.0.8.f.4.0.1.0.a.2.ip6.arpa" {
+ type slave;
+ file "rev.2a01-4f8-171-3006-1000.zone";
+ masters {
+ 138.201.28.135;
+ };
+ allow-transfer {
+ common-allow-transfer;
+ };
+};
+
+zone "0.29.172.in-addr.arpa" {
+ type slave;
+ file "rev.172.29.0.zone";
+ masters {
+ 144.76.221.169;
+ };
+ allow-transfer {
+ common-allow-transfer;
+ };
+};
+
+zone "0.31.172.in-addr.arpa" {
+ type slave;
+ file "rev.172.31.0.zone";
+ masters {
+ 138.201.28.135;
+ };
+ allow-transfer {
+ common-allow-transfer;
+ };
+};
+
+zone "11.12.10.in-addr.arpa" {
+ type slave;
+ file "rev.10.12.11.zone";
+ masters {
+ 185.102.95.107;
+ };
+ allow-transfer {
+ common-allow-transfer;
+ };
+};
+
+zone "20.12.10.in-addr.arpa" {
+ type slave;
+ file "rev.10.12.20.zone";
+ masters {
+ 185.102.95.107;
+ };
+ allow-transfer {
+ common-allow-transfer;
+ };
+};
+
+zone "7.b.d.1.8.f.6.0.1.0.0.2.ip6.arpa" {
+ type slave;
+ file "rev.2001-6f8-1db7.zone";
+ masters {
+ 185.102.95.107;
+ };
+ allow-transfer {
+ common-allow-transfer;
+ };
+};
+
+zone "brehm-berlin.de" {
+ type slave;
+ file "brehm-berlin.de.zone";
+ masters {
+ 185.102.95.107;
+ };
+ allow-transfer {
+ common-allow-transfer;
+ };
+};
+
+zone "brehm-online.eu" {
+ type slave;
+ file "brehm-online.eu.zone";
+ masters {
+ 185.102.95.107;
+ };
+ allow-transfer {
+ common-allow-transfer;
+ };
+};
+
+zone "frankepedia.eu" {
+ type slave;
+ file "frankepedia.eu.zone";
+ masters {
+ 185.102.95.107;
+ };
+ allow-transfer {
+ common-allow-transfer;
+ };
+};
+
+zone "home.brehm-online.com" {
+ type slave;
+ file "home.brehm-online.com.zone";
+ masters {
+ 185.102.95.107;
+ };
+ allow-transfer {
+ common-allow-transfer;
+ };
+};
+
+zone "nexunus.com" {
+ type slave;
+ file "nexunus.com.zone";
+ masters {
+ 138.201.28.135;
+ };
+ allow-transfer {
+ common-allow-transfer;
+ };
+};
+
+zone "nexunus.de" {
+ type slave;
+ file "nexunus.de.zone";
+ masters {
+ 138.201.28.135;
+ };
+ allow-transfer {
+ common-allow-transfer;
+ };
+};
+
+zone "nexunus.net" {
+ type slave;
+ file "nexunus.net.zone";
+ masters {
+ 138.201.28.135;
+ };
+ allow-transfer {
+ common-allow-transfer;
+ };
+};
+
+zone "planetec.de" {
+ type slave;
+ file "planetec.de.zone";
+ masters {
+ 144.76.221.169;
+ };
+ allow-transfer {
+ common-allow-transfer;
+ };
+};
+
+zone "uhu-banane.com" {
+ type slave;
+ file "uhu-banane.com.zone";
+ masters {
+ 185.102.95.107;
+ };
+ allow-transfer {
+ common-allow-transfer;
+ };
+};
+
+zone "uhu-banane.eu" {
+ type slave;
+ file "uhu-banane.eu.zone";
+ masters {
+ 185.102.95.107;
+ };
+ allow-transfer {
+ common-allow-transfer;
+ };
+};
+
+zone "uhu-banane.net" {
+ type slave;
+ file "uhu-banane.net.zone";
+ masters {
+ 185.102.95.107;
+ };
+ allow-transfer {
+ common-allow-transfer;
+ };
+};
+
+zone "uhu-banane.org" {
+ type slave;
+ file "uhu-banane.org.zone";
+ masters {
+ 185.102.95.107;
+ };
+ allow-transfer {
+ common-allow-transfer;
+ };
+};
+
+
+# vim: ts=4 filetype=named noai
--- /dev/null
+//###############################################################
+//# Bind9-Konfigurationsdatei
+//# /etc/bind/named.conf
+//#
+//# Host ns2.uhu-banane.de
+//#
+//###############################################################
+
+// This is the primary configuration file for the BIND DNS server named.
+//
+// Please read /usr/share/doc/bind9/README.Debian.gz for information on the
+// structure of BIND configuration files in Debian, *BEFORE* you customize
+// this configuration file.
+//
+// If you are just adding zones, please do that in /etc/bind/named.conf.local
+
+// access control lists
+include "/etc/bind/named-acl.conf";
+
+// global options
+include "/etc/bind/named.conf.options";
+
+// logging configuration
+include "/etc/bind/named-log.conf";
+
+// local configuration
+include "/etc/bind/named.conf.local";
+
+// Default zones
+include "/etc/bind/named.conf.default-zones";
+
+// master zones
+include "/etc/bind/named-pri.conf";
+
+// dynamic zones
+include "/etc/bind/named-dyn.conf";
+
+// slave zones
+include "/etc/bind/named-sec.conf";
+
+
+
+# vim: ts=4 filetype=named noai
--- /dev/null
+//###############################################################
+//# Bind9-Konfigurationsdatei Default zones
+//# /etc/bind/named.conf.default-zones
+//#
+//# Host ns2.uhu-banane.de
+//#
+//###############################################################
+
+// prime the server with knowledge of the root servers
+zone "." {
+ type hint;
+ file "/etc/bind/db.root";
+};
+
+// be authoritative for the localhost forward and reverse zones, and for
+// broadcast zones as per RFC 1912
+
+zone "localhost" {
+ type master;
+ file "/etc/bind/db.local";
+};
+
+zone "127.in-addr.arpa" {
+ type master;
+ file "/etc/bind/db.127";
+};
+
+zone "0.in-addr.arpa" {
+ type master;
+ file "/etc/bind/db.0";
+};
+
+zone "255.in-addr.arpa" {
+ type master;
+ file "/etc/bind/db.255";
+};
+
+# vim: ts=4 filetype=named noai
--- /dev/null
+//###############################################################
+//# Bind9-Konfigurationsdatei Lokeles Geruempel
+//# /etc/bind/named.conf.local
+//#
+//# Host ns2.uhu-banane.de
+//#
+//###############################################################
+
+//
+// Do any local configuration here
+//
+
+// Consider adding the 1918 zones here, if they are not used in your
+// organization
+include "/etc/bind/zones.rfc1918";
+
+
+# vim: ts=4 filetype=named noai
--- /dev/null
+//###############################################################
+//# Bind9-Konfigurationsdatei for general options
+//# /etc/bind/named.conf.options
+//#
+//# Host ns2.uhu-banane.de
+//#
+//###############################################################
+
+
+//###############################################################
+//# Allgemeine Optionen
+
+options {
+
+ directory "/var/cache/bind";
+
+ // If there is a firewall between you and nameservers you want
+ // to talk to, you may need to fix the firewall to allow multiple
+ // ports to talk. See http://www.kb.cert.org/vuls/id/800113
+
+ // If your ISP provided one or more IP addresses for stable
+ // nameservers, you probably want to use them as forwarders.
+ // Uncomment the following block, and insert the addresses replacing
+ // the all-0's placeholder.
+
+ // forwarders {
+ // 0.0.0.0;
+ // };
+
+ /* https://www.isc.org/solutions/dlv >=bind-9.7.x only */
+ //bindkeys-file "/etc/bind/bind.keys";
+
+ listen-on-v6 { any; };
+ listen-on { any; };
+
+ allow-notify {
+ allow-notify;
+ };
+
+ allow-recursion {
+ allow-recursion;
+ };
+
+ //========================================================================
+ // If BIND logs error messages about the root key being expired,
+ // you will need to update your keys. See https://www.isc.org/bind-keys
+ //========================================================================
+ //dnssec-enable yes;
+ dnssec-validation auto;
+
+ /*
+ * As of bind 9.8.0:
+ * "If the root key provided has expired,
+ * named will log the expiration and validation will not work."
+ */
+ //dnssec-validation auto;
+
+ /* if you have problems and are behind a firewall: */
+ //query-source address * port 53;
+
+ // pid-file "/var/run/named/named.pid";
+
+ version "none";
+
+};
+
+// Managed Keys
+include "/etc/bind/bind.keys";
+
+key "dyn-dns-updater" {
+ algorithm hmac-md5;
+ secret "gi69Yjzo1OSPVQ/oTTgw+Q==";
+};
+
+//###############################################################
+//# Kontrollkanäle für RNDC
+
+include "/etc/bind/rndc.key";
+
+controls {
+ inet 127.0.0.1 port 953 allow {
+ 127.0.0.1;
+ ::1/128;
+ } keys {
+ "rndc-key";
+ };
+};
+
+
+# vim: ts=4 filetype=named noai
--- /dev/null
+key "rndc-key" {
+ algorithm hmac-md5;
+ secret "eMhLmrsWxS28+oUnhbjwE6xYhMCvDKtsEBEc6TzD62mPMQ3R57xDb6McBAduXo56/a1xOtrX/tFs4CVnDnYdMw==";
+};
--- /dev/null
+//###############################################################
+//# Bind9-Konfigurationsdatei Default zones RFC 1918
+//# /etc/bind/zones.rfc1918
+//#
+//# Host ns2.uhu-banane.de
+//#
+//###############################################################
+
+zone "10.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
+
+zone "16.172.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
+zone "17.172.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
+zone "18.172.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
+zone "19.172.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
+zone "20.172.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
+zone "21.172.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
+zone "22.172.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
+zone "23.172.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
+zone "24.172.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
+zone "25.172.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
+zone "26.172.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
+zone "27.172.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
+zone "28.172.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
+zone "29.172.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
+zone "30.172.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
+zone "31.172.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
+
+zone "168.192.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
+
+# vim: ts=4 filetype=named noai
# fails they will be discarded. Thus under some circumstances it is
# better to use IP numbers than host names.
-server 0.debian.pool.ntp.org offline minpoll 8
-server 1.debian.pool.ntp.org offline minpoll 8
-server 2.debian.pool.ntp.org offline minpoll 8
-server 3.debian.pool.ntp.org offline minpoll 8
-
+server 0.debian.pool.ntp.org auto_offline iburst minpoll 8
+server 1.debian.pool.ntp.org auto_offline iburst minpoll 8
+server 2.debian.pool.ntp.org auto_offline iburst minpoll 8
+server 3.debian.pool.ntp.org auto_offline iburst minpoll 8
# Look here for the admin password needed for chronyc. The initial
# password is generated by a random process at install time. You may
local stratum 10
+# GRIDSCALE - Disable server functionality and only bind on localhost
+bindcmdaddress 127.0.0.1
+bindcmdaddress ::1
+port 0
+
+# GRIDSCALE - Allow stepping the clock. Normally, it’s recommended to allow the step only in
+# the first few updates, but in some cases (a virtual machine which can be suspended and resumed
+# with incorrect time) it may be necessary to allow the step at any clock update.
+makestep 1 -1
+
# Allow computers on the unrouted nets to use the server.
allow 10/8
# chrony will assume local time. The line (if any) was written by the
# chrony postinst based on what it found in /etc/default/rcS. You may
# change it if necessary.
-# rtconutc
+rtconutc
--- /dev/null
+# This the default chrony.conf file for the Debian chrony package. After
+# editing this file use the command 'invoke-rc.d chrony restart' to make
+# your changes take effect. John Hasler <jhasler@debian.org> 1998-2008
+
+# See www.pool.ntp.org for an explanation of these servers. Please
+# consider joining the project if possible. If you can't or don't want to
+# use these servers I suggest that you try your ISP's nameservers. We mark
+# the servers 'offline' so that chronyd won't try to connect when the link
+# is down. Scripts in /etc/ppp/ip-up.d and /etc/ppp/ip-down.d use chronyc
+# commands to switch it on when a dialup link comes up and off when it goes
+# down. Code in /etc/init.d/chrony attempts to determine whether or not
+# the link is up at boot time and set the online status accordingly. If
+# you have an always-on connection such as cable omit the 'offline'
+# directive and chronyd will default to online.
+#
+# Note that if Chrony tries to go "online" and dns lookup of the servers
+# fails they will be discarded. Thus under some circumstances it is
+# better to use IP numbers than host names.
+
+server 0.debian.pool.ntp.org offline minpoll 8
+server 1.debian.pool.ntp.org offline minpoll 8
+server 2.debian.pool.ntp.org offline minpoll 8
+server 3.debian.pool.ntp.org offline minpoll 8
+
+
+# Look here for the admin password needed for chronyc. The initial
+# password is generated by a random process at install time. You may
+# change it if you wish.
+
+keyfile /etc/chrony/chrony.keys
+
+# Set runtime command key. Note that if you change the key (not the
+# password) to anything other than 1 you will need to edit
+# /etc/ppp/ip-up.d/chrony, /etc/ppp/ip-down.d/chrony, /etc/init.d/chrony
+# and /etc/cron.weekly/chrony as these scripts use it to get the password.
+
+commandkey 1
+
+# I moved the driftfile to /var/lib/chrony to comply with the Debian
+# filesystem standard.
+
+driftfile /var/lib/chrony/chrony.drift
+
+# Comment this line out to turn off logging.
+
+log tracking measurements statistics
+logdir /var/log/chrony
+
+# Stop bad estimates upsetting machine clock.
+
+maxupdateskew 100.0
+
+# Dump measurements when daemon exits.
+
+dumponexit
+
+# Specify directory for dumping measurements.
+
+dumpdir /var/lib/chrony
+
+# Let computer be a server when it is unsynchronised.
+
+local stratum 10
+
+# Allow computers on the unrouted nets to use the server.
+
+allow 10/8
+allow 192.168/16
+allow 172.16/12
+
+# This directive forces `chronyd' to send a message to syslog if it
+# makes a system clock adjustment larger than a threshold value in seconds.
+
+logchange 0.5
+
+# This directive defines an email address to which mail should be sent
+# if chronyd applies a correction exceeding a particular threshold to the
+# system clock.
+
+# mailonchange root@localhost 0.5
+
+# This directive tells chrony to regulate the real-time clock and tells it
+# Where to store related data. It may not work on some newer motherboards
+# that use the HPET real-time clock. It requires enhanced real-time
+# support in the kernel. I've commented it out because with certain
+# combinations of motherboard and kernel it is reported to cause lockups.
+
+# rtcfile /var/lib/chrony/chrony.rtc
+
+# If the last line of this file reads 'rtconutc' chrony will assume that
+# the CMOS clock is on UTC (GMT). If it reads '# rtconutc' or is absent
+# chrony will assume local time. The line (if any) was written by the
+# chrony postinst based on what it found in /etc/default/rcS. You may
+# change it if necessary.
+rtconutc
--- /dev/null
+# /etc/cron.d/certbot: crontab entries for the certbot package
+#
+# Upstream recommends attempting renewal twice a day
+#
+# Eventually, this will be an opportunity to validate certificates
+# haven't been revoked, etc. Renewal will only occur if expiration
+# is within 30 days.
+SHELL=/bin/sh
+PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
+
+0 */12 * * * root test -x /usr/bin/certbot -a \! -d /run/systemd/system && perl -e 'sleep int(rand(3600))' && certbot -q renew
--- /dev/null
+# Eine nette Begrüßung ...
+1,11,21,31,41,51 * * * * root test -x /root/bin/generate-motd.sh && /root/bin/generate-motd.sh >/dev/null
+@reboot root test -x /root/bin/generate-motd.sh && /root/bin/generate-motd.sh >/dev/null
--- /dev/null
+#!/bin/bash
+
+#Check if removed-but-not-purged
+test -x /usr/share/logwatch/scripts/logwatch.pl || exit 0
+
+#execute
+/usr/sbin/logwatch --output mail
+
+#Note: It's possible to force the recipient in above command
+#Just pass --mailto address@a.com instead of --output mail
--- /dev/null
+#!/bin/sh
+
+# run htcacheclean
+
+set -e
+set -u
+
+type htcacheclean > /dev/null 2>&1 || exit 0
+[ -e /etc/default/apache2 ] || exit 0
+
+
+# edit /etc/default/apache2 to change this
+HTCACHECLEAN_MODE=daemon
+HTCACHECLEAN_RUN=auto
+HTCACHECLEAN_SIZE=300M
+HTCACHECLEAN_PATH=/var/cache/apache2/mod_cache_disk
+HTCACHECLEAN_OPTIONS=""
+
+. /etc/default/apache2
+
+[ "$HTCACHECLEAN_MODE" = "cron" ] || exit 0
+
+[ "$HTCACHECLEAN_RUN" = "yes" ] ||
+( [ "$HTCACHECLEAN_RUN" = "auto" ] && \
+ [ -e /etc/apache2/mods-enabled/cache_disk.load ] ) || exit 0
+
+htcacheclean ${HTCACHECLEAN_OPTIONS} \
+ -p${HTCACHECLEAN_PATH} \
+ -l${HTCACHECLEAN_SIZE}
+
-#!/bin/sh
+#!/bin/bash
test -x /usr/sbin/logrotate || exit 0
-/usr/sbin/logrotate /etc/logrotate.conf
+LOG=/var/log/logrotate.log
+echo >> ${LOG}
+echo "################################################" >> ${LOG}
+echo "[$(date --rfc-3339=seconds )]: Start Logrotating" >> ${LOG}
+/usr/sbin/logrotate /etc/logrotate.conf >> ${LOG} 2>&1
+echo "[$(date --rfc-3339=seconds )]: End Logrotating" >> ${LOG}
--- /dev/null
+#! /bin/bash
+
+set -e
+
+[ -x /usr/bin/updatedb.mlocate ] || exit 0
+
+if which on_ac_power >/dev/null 2>&1; then
+ ON_BATTERY=0
+ on_ac_power >/dev/null 2>&1 || ON_BATTERY=$?
+ if [ "$ON_BATTERY" -eq 1 ]; then
+ exit 0
+ fi
+fi
+
+# See ionice(1)
+if [ -x /usr/bin/ionice ] &&
+ /usr/bin/ionice -c3 true 2>/dev/null; then
+ IONICE="/usr/bin/ionice -c3"
+fi
+
+flock --nonblock /run/mlocate.daily.lock $IONICE /usr/bin/updatedb.mlocate
--- /dev/null
+### htcacheclean settings ###
+
+## run htcacheclean: yes, no, auto
+## auto means run if /etc/apache2/mods-enabled/cache_disk.load exists
+## default: auto
+HTCACHECLEAN_RUN=auto
+
+## run mode: cron, daemon
+## run in daemon mode or as daily cron job
+## default: daemon
+HTCACHECLEAN_MODE=daemon
+
+## cache size
+HTCACHECLEAN_SIZE=300M
+
+## interval: if in daemon mode, clean cache every x minutes
+HTCACHECLEAN_DAEMON_INTERVAL=120
+
+## path to cache
+## must be the same as in CacheRoot directive
+HTCACHECLEAN_PATH=/var/cache/apache2/mod_cache_disk
+
+## additional options:
+## -n : be nice
+## -t : remove empty directories
+HTCACHECLEAN_OPTIONS="-n"
--- /dev/null
+# run resolvconf?
+RESOLVCONF=no
+
+# startup options for the server
+OPTIONS="-u bind"
# File generated by update-locale
-LANG=en_US.UTF-8
+LANG="de_DE.UTF-8"
--- /dev/null
+# File generated by update-locale
+LANG=en_US.UTF-8
--- /dev/null
+# Configuration for netfilter-persistent
+# Plugins may extend this file or have their own
+
+FLUSH_ON_STOP=0
--- /dev/null
+# Controls whether or not service is restarted automatically when it exits.
+# See the manpage for systemd.service(5) for possible values for the "Restart="
+# option.
+RESTART='no'
sendername = Fail2Ban
# Email address of the sender
-sender = fail2ban+ns3@brehm-online.com
+sender = fail2ban+ns2@brehm-online.com
#
# ACTIONS
# Optionally you may override any other parameter (e.g. banaction,
# action, port, logpath, etc) in that section within jail.local
-[ssh]
-
-enabled = true
-port = ssh
-filter = sshd
-logpath = /var/log/syslog.d/auth.log
-action = %(action_mw)s
-maxretry = 6
-
-[dropbear]
+#[ssh]
+#
+#enabled = true
+#port = ssh
+#filter = sshd
+#logpath = /var/log/auth.log
+#maxretry = 6
-enabled = false
-port = ssh
-filter = dropbear
-logpath = /var/log/auth.log
-maxretry = 6
+#[dropbear]
+#
+#enabled = false
+#port = ssh
+#filter = dropbear
+#logpath = /var/log/auth.log
+#maxretry = 6
# Generic filter for pam. Has to be used with action which bans all ports
# such as iptables-allports, shorewall
-[pam-generic]
-
-enabled = false
-# pam-generic filter can be customized to monitor specific subset of 'tty's
-filter = pam-generic
-# port actually must be irrelevant but lets leave it all for some possible uses
-port = all
-banaction = iptables-allports
-port = anyport
-logpath = /var/log/auth.log
-maxretry = 6
-
-[xinetd-fail]
-
-enabled = false
-filter = xinetd-fail
-port = all
-banaction = iptables-multiport-log
-logpath = /var/log/daemon.log
-maxretry = 2
-
+#[pam-generic]
+#
+#enabled = false
+## pam-generic filter can be customized to monitor specific subset of 'tty's
+#filter = pam-generic
+## port actually must be irrelevant but lets leave it all for some possible uses
+#port = all
+#banaction = iptables-allports
+#port = anyport
+#logpath = /var/log/auth.log
+#maxretry = 6
+
+#[xinetd-fail]
+#
+#enabled = false
+#filter = xinetd-fail
+#port = all
+#banaction = iptables-multiport-log
+#logpath = /var/log/daemon.log
+#maxretry = 2
-[ssh-ddos]
-enabled = false
-port = ssh
-filter = sshd-ddos
-logpath = /var/log/auth.log
-maxretry = 6
+#[ssh-ddos]
+#
+#enabled = false
+#port = ssh
+#filter = sshd-ddos
+#logpath = /var/log/auth.log
+#maxretry = 6
# Here we use blackhole routes for not requiring any additional kernel support
# to store large volumes of banned IPs
-[ssh-route]
-
-enabled = false
-filter = sshd
-action = route
-logpath = /var/log/sshd.log
-maxretry = 6
+#[ssh-route]
+#
+#enabled = false
+#filter = sshd
+#action = route
+#logpath = /var/log/sshd.log
+#maxretry = 6
# Here we use a combination of Netfilter/Iptables and IPsets
# for storing large volumes of banned IPs
#
# IPset comes in two versions. See ipset -V for which one to use
# requires the ipset package and kernel support.
-[ssh-iptables-ipset4]
-
-enabled = false
-port = ssh
-filter = sshd
-banaction = iptables-ipset-proto4
-logpath = /var/log/sshd.log
-maxretry = 6
-
-[ssh-iptables-ipset6]
+#[ssh-iptables-ipset4]
+#
+#enabled = false
+#port = ssh
+#filter = sshd
+#banaction = iptables-ipset-proto4
+#logpath = /var/log/sshd.log
+#maxretry = 6
-enabled = false
-port = ssh
-filter = sshd
-banaction = iptables-ipset-proto6
-logpath = /var/log/sshd.log
-maxretry = 6
+#[ssh-iptables-ipset6]
+#
+#enabled = false
+#port = ssh
+#filter = sshd
+#banaction = iptables-ipset-proto6
+#logpath = /var/log/sshd.log
+#maxretry = 6
#
# HTTP servers
#
-[apache]
-
-enabled = false
-port = http,https
-filter = apache-auth
-logpath = /var/log/apache*/*error.log
-maxretry = 6
+#[apache]
+#
+#enabled = false
+#port = http,https
+#filter = apache-auth
+#logpath = /var/log/apache*/*error.log
+#maxretry = 6
# default action is now multiport, so apache-multiport jail was left
# for compatibility with previous (<0.7.6-2) releases
-[apache-multiport]
-
-enabled = false
-port = http,https
-filter = apache-auth
-logpath = /var/log/apache*/*error.log
-maxretry = 6
-
-[apache-noscript]
-
-enabled = false
-port = http,https
-filter = apache-noscript
-logpath = /var/log/apache*/*error.log
-maxretry = 6
-
-[apache-overflows]
-
-enabled = false
-port = http,https
-filter = apache-overflows
-logpath = /var/log/apache*/*error.log
-maxretry = 2
+#[apache-multiport]
+#
+#enabled = false
+#port = http,https
+#filter = apache-auth
+#logpath = /var/log/apache*/*error.log
+#maxretry = 6
-[apache-modsecurity]
+#[apache-noscript]
+#
+#enabled = false
+#port = http,https
+#filter = apache-noscript
+#logpath = /var/log/apache*/*error.log
+#maxretry = 6
-enabled = false
-filter = apache-modsecurity
-port = http,https
-logpath = /var/log/apache*/*error.log
-maxretry = 2
+#[apache-overflows]
+#
+#enabled = false
+#port = http,https
+#filter = apache-overflows
+#logpath = /var/log/apache*/*error.log
+#maxretry = 2
-[apache-nohome]
+#[apache-modsecurity]
+#
+#enabled = false
+#filter = apache-modsecurity
+#port = http,https
+#logpath = /var/log/apache*/*error.log
+#maxretry = 2
-enabled = false
-filter = apache-nohome
-port = http,https
-logpath = /var/log/apache*/*error.log
-maxretry = 2
+#[apache-nohome]
+#
+#enabled = false
+#filter = apache-nohome
+#port = http,https
+#logpath = /var/log/apache*/*error.log
+#maxretry = 2
# Ban attackers that try to use PHP's URL-fopen() functionality
# through GET/POST variables. - Experimental, with more than a year
# of usage in production environments.
-[php-url-fopen]
-
-enabled = false
-port = http,https
-filter = php-url-fopen
-logpath = /var/www/*/logs/access_log
+#[php-url-fopen]
+#
+#enabled = false
+#port = http,https
+#filter = php-url-fopen
+#logpath = /var/www/*/logs/access_log
# A simple PHP-fastcgi jail which works with lighttpd.
# If you run a lighttpd server, then you probably will
# ALERT – tried to register forbidden variable ‘GLOBALS’
# through GET variables (attacker '1.2.3.4', file '/var/www/default/htdocs/index.php')
-[lighttpd-fastcgi]
-
-enabled = false
-port = http,https
-filter = lighttpd-fastcgi
-logpath = /var/log/lighttpd/error.log
+#[lighttpd-fastcgi]
+#
+#enabled = false
+#port = http,https
+#filter = lighttpd-fastcgi
+#logpath = /var/log/lighttpd/error.log
# Same as above for mod_auth
# It catches wrong authentifications
-[lighttpd-auth]
-
-enabled = false
-port = http,https
-filter = suhosin
-logpath = /var/log/lighttpd/error.log
-
-[nginx-http-auth]
+#[lighttpd-auth]
+#
+#enabled = false
+#port = http,https
+#filter = suhosin
+#logpath = /var/log/lighttpd/error.log
-enabled = false
-filter = nginx-http-auth
-port = http,https
-logpath = /var/log/nginx/error.log
+#[nginx-http-auth]
+#
+#enabled = false
+#filter = nginx-http-auth
+#port = http,https
+#logpath = /var/log/nginx/error.log
# Monitor roundcube server
-[roundcube-auth]
-
-enabled = false
-filter = roundcube-auth
-port = http,https
-logpath = /var/log/roundcube/userlogins
-
+#[roundcube-auth]
+#
+#enabled = false
+#filter = roundcube-auth
+#port = http,https
+#logpath = /var/log/roundcube/userlogins
-[sogo-auth]
-enabled = false
-filter = sogo-auth
-port = http, https
-# without proxy this would be:
-# port = 20000
-logpath = /var/log/sogo/sogo.log
+#[sogo-auth]
+#
+#enabled = false
+#filter = sogo-auth
+#port = http, https
+## without proxy this would be:
+## port = 20000
+#logpath = /var/log/sogo/sogo.log
#
# FTP servers
#
-[vsftpd]
-
-enabled = false
-port = ftp,ftp-data,ftps,ftps-data
-filter = vsftpd
-logpath = /var/log/vsftpd.log
-# or overwrite it in jails.local to be
-# logpath = /var/log/auth.log
-# if you want to rely on PAM failed login attempts
-# vsftpd's failregex should match both of those formats
-maxretry = 6
-
-
-[proftpd]
-
-enabled = false
-port = ftp,ftp-data,ftps,ftps-data
-filter = proftpd
-logpath = /var/log/proftpd/proftpd.log
-maxretry = 6
+#[vsftpd]
+#
+#enabled = false
+#port = ftp,ftp-data,ftps,ftps-data
+#filter = vsftpd
+#logpath = /var/log/vsftpd.log
+## or overwrite it in jails.local to be
+## logpath = /var/log/auth.log
+## if you want to rely on PAM failed login attempts
+## vsftpd's failregex should match both of those formats
+#maxretry = 6
-[pure-ftpd]
+#[proftpd]
+#
+#enabled = false
+#port = ftp,ftp-data,ftps,ftps-data
+#filter = proftpd
+#logpath = /var/log/proftpd/proftpd.log
+#maxretry = 6
-enabled = false
-port = ftp,ftp-data,ftps,ftps-data
-filter = pure-ftpd
-logpath = /var/log/syslog
-maxretry = 6
+#[pure-ftpd]
+#
+#enabled = false
+#port = ftp,ftp-data,ftps,ftps-data
+#filter = pure-ftpd
+#logpath = /var/log/syslog
+#maxretry = 6
-[wuftpd]
-enabled = false
-port = ftp,ftp-data,ftps,ftps-data
-filter = wuftpd
-logpath = /var/log/syslog
-maxretry = 6
+#[wuftpd]
+#
+#enabled = false
+#port = ftp,ftp-data,ftps,ftps-data
+#filter = wuftpd
+#logpath = /var/log/syslog
+#maxretry = 6
#
# Mail servers
#
-[postfix]
-
-enabled = true
-port = smtp,ssmtp,submission
-filter = postfix
-logpath = /var/log/syslog.d/mail.log
-action = %(action_mw)s
-
+#[postfix]
+#
+#enabled = false
+#port = smtp,ssmtp,submission
+#filter = postfix
+#logpath = /var/log/mail.log
-[couriersmtp]
-enabled = false
-port = smtp,ssmtp,submission
-filter = couriersmtp
-logpath = /var/log/mail.log
+#[couriersmtp]
+#
+#enabled = false
+#port = smtp,ssmtp,submission
+#filter = couriersmtp
+#logpath = /var/log/mail.log
#
# all relevant ports get banned
#
-[courierauth]
-
-enabled = false
-port = smtp,ssmtp,submission,imap2,imap3,imaps,pop3,pop3s
-filter = courierlogin
-logpath = /var/log/mail.log
-
-
-[sasl]
-
-enabled = false
-port = smtp,ssmtp,submission,imap2,imap3,imaps,pop3,pop3s
-filter = postfix-sasl
-# You might consider monitoring /var/log/mail.warn instead if you are
-# running postfix since it would provide the same log lines at the
-# "warn" level but overall at the smaller filesize.
-logpath = /var/log/mail.log
+#[courierauth]
+#
+#enabled = false
+#port = smtp,ssmtp,submission,imap2,imap3,imaps,pop3,pop3s
+#filter = courierlogin
+#logpath = /var/log/mail.log
-[dovecot]
-enabled = false
-port = smtp,ssmtp,submission,imap2,imap3,imaps,pop3,pop3s
-filter = dovecot
-logpath = /var/log/mail.log
+#[sasl]
+#
+#enabled = false
+#port = smtp,ssmtp,submission,imap2,imap3,imaps,pop3,pop3s
+#filter = postfix-sasl
+## You might consider monitoring /var/log/mail.warn instead if you are
+## running postfix since it would provide the same log lines at the
+## "warn" level but overall at the smaller filesize.
+#logpath = /var/log/mail.log
+
+#[dovecot]
+#
+#enabled = false
+#port = smtp,ssmtp,submission,imap2,imap3,imaps,pop3,pop3s
+#filter = dovecot
+#logpath = /var/log/mail.log
# To log wrong MySQL access attempts add to /etc/my.cnf:
# log-error=/var/log/mysqld.log
# log-warning = 2
-[mysqld-auth]
-
-enabled = false
-filter = mysqld-auth
-port = 3306
-logpath = /var/log/mysqld.log
+#[mysqld-auth]
+#
+#enabled = false
+#filter = mysqld-auth
+#port = 3306
+#logpath = /var/log/mysqld.log
# DNS Servers
#filter = named-refused
#logpath = /var/log/named/security.log
-[named-refused-tcp]
-
-enabled = false
-port = domain,953
-protocol = tcp
-filter = named-refused
-logpath = /var/log/named/security.log
-
-[freeswitch]
-
-enabled = false
-filter = freeswitch
-logpath = /var/log/freeswitch.log
-maxretry = 10
-action = iptables-multiport[name=freeswitch-tcp, port="5060,5061,5080,5081", protocol=tcp]
- iptables-multiport[name=freeswitch-udp, port="5060,5061,5080,5081", protocol=udp]
+#[named-refused-tcp]
+#
+#enabled = false
+#port = domain,953
+#protocol = tcp
+#filter = named-refused
+#logpath = /var/log/named/security.log
-[ejabberd-auth]
+#[freeswitch]
+#
+#enabled = false
+#filter = freeswitch
+#logpath = /var/log/freeswitch.log
+#maxretry = 10
+#action = iptables-multiport[name=freeswitch-tcp, port="5060,5061,5080,5081", protocol=tcp]
+# iptables-multiport[name=freeswitch-udp, port="5060,5061,5080,5081", protocol=udp]
-enabled = false
-filter = ejabberd-auth
-port = xmpp-client
-protocol = tcp
-logpath = /var/log/ejabberd/ejabberd.log
+#[ejabberd-auth]
+#
+#enabled = false
+#filter = ejabberd-auth
+#port = xmpp-client
+#protocol = tcp
+#logpath = /var/log/ejabberd/ejabberd.log
# Multiple jails, 1 per protocol, are necessary ATM:
# see https://github.com/fail2ban/fail2ban/issues/37
-[asterisk-tcp]
-
-enabled = false
-filter = asterisk
-port = 5060,5061
-protocol = tcp
-logpath = /var/log/asterisk/messages
-
-[asterisk-udp]
+#[asterisk-tcp]
+#
+#enabled = false
+#filter = asterisk
+#port = 5060,5061
+#protocol = tcp
+#logpath = /var/log/asterisk/messages
-enabled = false
-filter = asterisk
-port = 5060,5061
-protocol = udp
-logpath = /var/log/asterisk/messages
+#[asterisk-udp]
+#
+#enabled = false
+#filter = asterisk
+#port = 5060,5061
+#protocol = udp
+#logpath = /var/log/asterisk/messages
# Jail for more extended banning of persistent abusers
# Make sure that your loglevel specified in fail2ban.conf/.local
# is not at DEBUG level -- which might then cause fail2ban to fall into
# an infinite loop constantly feeding itself with non-informative lines
-[recidive]
-
-enabled = false
-filter = recidive
-logpath = /var/log/fail2ban.log
-action = iptables-allports[name=recidive]
- sendmail-whois-lines[name=recidive, logpath=/var/log/fail2ban.log]
-bantime = 604800 ; 1 week
-findtime = 86400 ; 1 day
-maxretry = 5
+#[recidive]
+#
+#enabled = false
+#filter = recidive
+#logpath = /var/log/fail2ban.log
+#action = iptables-allports[name=recidive]
+# sendmail-whois-lines[name=recidive, logpath=/var/log/fail2ban.log]
+#bantime = 604800 ; 1 week
+#findtime = 86400 ; 1 day
+#maxretry = 5
# See the IMPORTANT note in action.d/blocklist_de.conf for when to
# use this action
#
# Report block via blocklist.de fail2ban reporting service API
# See action.d/blocklist_de.conf for more information
-[ssh-blocklist]
-
-enabled = false
-filter = sshd
-action = iptables[name=SSH, port=ssh, protocol=tcp]
- sendmail-whois[name=SSH, dest="%(destemail)s", sender="%(sender)s", sendername="%(sendername)s"]
- blocklist_de[email="%(sender)s", apikey="xxxxxx", service="%(filter)s"]
-logpath = /var/log/sshd.log
-maxretry = 20
+#[ssh-blocklist]
+#
+#enabled = false
+#filter = sshd
+#action = iptables[name=SSH, port=ssh, protocol=tcp]
+# sendmail-whois[name=SSH, dest="%(destemail)s", sender="%(sender)s", sendername="%(sendername)s"]
+# blocklist_de[email="%(sender)s", apikey="xxxxxx", service="%(filter)s"]
+#logpath = /var/log/sshd.log
+#maxretry = 20
# consider low maxretry and a long bantime
# nobody except your own Nagios server should ever probe nrpe
-[nagios]
-enabled = false
-filter = nagios
-action = iptables[name=Nagios, port=5666, protocol=tcp]
- sendmail-whois[name=Nagios, dest="%(destemail)s", sender="%(sender)s", sendername="%(sendername)s"]
-logpath = /var/log/messages ; nrpe.cfg may define a different log_facility
-maxretry = 1
+#[nagios]
+#enabled = false
+#filter = nagios
+#action = iptables[name=Nagios, port=5666, protocol=tcp]
+# sendmail-whois[name=Nagios, dest="%(destemail)s", sender="%(sender)s", sendername="%(sendername)s"]
+#logpath = /var/log/messages ; nrpe.cfg may define a different log_facility
+#maxretry = 1
# vim: filetype=dosini
--- /dev/null
+
+[apache]
+
+enabled = true
+port = http,https
+filter = apache-auth
+logpath = /var/log/apache*/*error.log
+maxretry = 6
+
+[apache-noscript]
+
+enabled = true
+port = http,https
+filter = apache-noscript
+logpath = /var/log/apache*/*error.log
+maxretry = 6
+
+[apache-overflows]
+
+enabled = true
+port = http,https
+filter = apache-overflows
+logpath = /var/log/apache*/*error.log
+maxretry = 2
+
+[apache-modsecurity]
+
+enabled = true
+filter = apache-modsecurity
+port = http,https
+logpath = /var/log/apache*/*error.log
+maxretry = 2
+
+[apache-nohome]
+
+enabled = true
+filter = apache-nohome
+port = http,https
+logpath = /var/log/apache*/*error.log
+maxretry = 2
+
+
+
+# vim: filetype=dosini
--- /dev/null
+
+[postfix]
+
+enabled = true
+port = smtp,ssmtp,submission
+filter = postfix
+logpath = /var/log/syslog.d/mail.log
+action = %(action_mw)s
+
+
+# vim: filetype=dosini
--- /dev/null
+
+[ssh]
+
+enabled = true
+port = ssh
+filter = sshd
+logpath = /var/log/syslog.d/auth.log
+action = %(action_)s
+maxretry = 6
+
+
+# vim: filetype=dosini
--- /dev/null
+
+[Global]
+
+backup_dir = '/var/backup'
+
+[FTP]
+
+host = 'backup.serverkompetenz.de'
+user = 'b082473'
+#user = 'b047934'
+password = '53rVer'
+passive = True
+dir = '/backup'
+timezone = 'UTC'
+
+[Copies]
+
+yearly = 3
+monthly = 4
+weekly = 3
+daily = 4
+
--- /dev/null
+
+[Global]
+
+backup_dir = '/var/backup'
+
+[SFTP]
+
+host = 'rsync.hidrive.strato.com'
+user = 'frank.brehm'
+
+dir = '/users/frank.brehm/Backup'
+
+key_file = '/etc/ftp-backup/id_rsa'
+
+[Copies]
+
+yearly = 3
+monthly = 4
+weekly = 3
+daily = 4
+
--- /dev/null
+-----BEGIN RSA PRIVATE KEY-----
+MIIEpAIBAAKCAQEAr+YczQdb+IEn+3WOCv7G0CGjvInCJR4FQgxxSMnicPam/uYV
+DUA2DkVhy3ZJj4sw9DywSK6QlN7ivBIXDz3wJfr7c9JHG7Buv3bmJDiq+5GGyjrm
+t6ILSvAQEza7S/p+G9lXTlZDADi1jEruIQoutSDU4C0qQeoH2LeUdMBnZ10Ojgf8
+UeH5k6z4FytutRXQEwgA8iS5YH3SP24qjIfr7zvTQQntR7UI1q2STcEpmnAttKdN
+1LTZIl8iwNoX6S/UTOpaxfYtHwUfFvfQUw5hhdv8Omk7W3AQTpNcphwY7sVSOrTM
+G8WabEy46foDszDp648XHCkK1VsJqcDBvDDG8wIDAQABAoIBABLdllczI90aVSR2
+Lj7lpoMqKHqPN+BtQNkdpoTNClldSvnpyXY7XdDYBi4hSLB5mE2JuMqC1oTxBtZv
+BkQfO4OHULLSacgBe09TvElEPqpuqEtGV/p4CcgGyWKWKy5x9lacT+3Z+KOscWRT
+oQiwI+RPWiWVEoQxSpgm0GhZPn3qYnNGlDFbs65jSaGyTupNZXxvpClPvcjPm21+
+O6UyY2dXP3KJXYNmalFGPlhBGi4qV+azAC0IuTROtO7YXnRvh43e3EWDbyiQsk73
+0wew9IhhAAxnUbZc/OHjy0x10/aiugNfUK/KrmZLmiX1+fHpflu1ArG3s3FLK5rG
+qTiQ4ZECgYEA5+yF8cR5gAwUCPPAb49x7Ry3pisZPT/A2eZ3rz7ops8Icki5M87G
+bVLipMYGQOxWxoA6DeLh7EJ0aClx1TVg9vCzIDpdIi+Iaki1uO1RJF/V0eEkZw21
+01msYWAUgeq9oRauWxbmuxR9oriRmhUu58y6+5yY1Ebnje2ROPC8/EkCgYEAwiiz
+MR+/60SMXktfnHYnl0lPyVodU9OfIgueMXaOv+jIBMwk31Jm14wTfc9tBqT5mweY
+vY7M1ZnPg5OJIytXQo7vOFixT41EJlc7Ipiehzc7SZU0JPyX68ebXZmJjzRxuZYx
+DSZmiDCC16NvoJRzHuKl/AEiG6RRScSgJZOwUVsCgYAD1DnZ5f6DiK+D/lI9BUdC
+POkjSy7dfgH3FwD+2bEJn/1ptZ2pJ07LW0T2p3ZO+BfuqwtKU2abefVmCtkgRgNV
+0F+EtrH28IX2C0FEzlY6nYJwNqFdOjK4TJC2AtoT0wZSdIdoZZZlnE7+ssFko9jk
+ZtLneIxlZM5J35Q4NnFIUQKBgQC36VGDUK28Ltw/XWodjJYH6buX4LIy+xubZiHc
+fI7PHbKJSM4Mc8NSnS7BVz/QsWh1/wYhWCiSk/VKju+xzpYDR901JF4gGpHZN3ue
+U66mKh0QoDIabuGAxzxVtt/kNCsdPjUMXbl1e24U0I0mMDezo8DSKkiiok0VcRi5
+P2IeTQKBgQDmTP+Q+PbUsUsdkTHJ8piIi0CgMPyzQ7eg9Ia6toul8MYeMF3kTX1w
+jaHJrL21QicBnIuIRgB9wIJsa8MEnozPcmgE3DjbP5eI1/8gsyCkfC9m9BIARh+4
+CoYNRyRhfBp7Jz0+SNUIP3o4Mh/xtNSK6YUnF9nQpAEax8gDiprjbw==
+-----END RSA PRIVATE KEY-----
--- /dev/null
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCv5hzNB1v4gSf7dY4K/sbQIaO8icIlHgVCDHFIyeJw9qb+5hUNQDYORWHLdkmPizD0PLBIrpCU3uK8EhcPPfAl+vtz0kcbsG6/duYkOKr7kYbKOua3ogtK8BATNrtL+n4b2VdOVkMAOLWMSu4hCi61INTgLSpB6gfYt5R0wGdnXQ6OB/xR4fmTrPgXK261FdATCADyJLlgfdI/biqMh+vvO9NBCe1HtQjWrZJNwSmacC20p03UtNkiXyLA2hfpL9RM6lrF9i0fBR8W99BTDmGF2/w6aTtbcBBOk1ymHBjuxVI6tMwbxZpsTLjp+gOzMOnrjxccKQrVWwmpwMG8MMbz backup@helga
mail:x:8:
news:x:9:
uucp:x:10:
-man:x:12:
+man:x:12:repo
proxy:x:13:
kmem:x:15:
dialout:x:20:
audio:x:29:
dip:x:30:
www-data:x:33:
-backup:x:34:
-operator:x:37:
+backup:x:34:repo
+operator:x:37:repo
list:x:38:
irc:x:39:
-src:x:40:
+src:x:40:repo
gnats:x:41:
shadow:x:42:
utmp:x:43:
video:x:44:
sasl:x:45:
plugdev:x:46:
-staff:x:50:
+staff:x:50:repo
games:x:60:
users:x:100:
nogroup:x:65534:
ssl-cert:x:110:
postfix:x:111:
postdrop:x:112:
+mlocate:x:113:repo
+bind:x:114:
+ulog:x:115:
ssh:x:109:
ssl-cert:x:110:
postfix:x:111:
+postdrop:x:112:
+mlocate:x:113:
+bind:x:114:
+ulog:x:115:
mail:*::
news:*::
uucp:*::
-man:*::
+man:*::repo
proxy:*::
kmem:*::
dialout:*::
audio:*::
dip:*::
www-data:*::
-backup:*::
-operator:*::
+backup:*::repo
+operator:*::repo
list:*::
irc:*::
-src:*::
+src:*::repo
gnats:*::
shadow:*::
utmp:*::
video:*::
sasl:*::
plugdev:*::
-staff:*::
+staff:*::repo
games:*::
users:*::
nogroup:*::
ssl-cert:!::
postfix:!::
postdrop:!::
+mlocate:!::repo
+bind:!::
+ulog:!::
ssh:!::
ssl-cert:!::
postfix:!::
+postdrop:!::
+mlocate:!::
+bind:!::
+ulog:!::
--- /dev/null
+#!/bin/sh
+### BEGIN INIT INFO
+# Provides: apache2
+# Required-Start: $local_fs $remote_fs $network $syslog $named
+# Required-Stop: $local_fs $remote_fs $network $syslog $named
+# Default-Start: 2 3 4 5
+# Default-Stop: 0 1 6
+# X-Interactive: true
+# Short-Description: Apache2 web server
+# Description: Start the web server and associated helpers
+# This script will start apache2, and possibly all associated instances.
+# Moreover, it will set-up temporary directories and helper tools such as
+# htcacheclean when required by the configuration.
+### END INIT INFO
+
+DESC="web server"
+NAME=apache2
+DAEMON=/usr/sbin/$NAME
+
+SCRIPTNAME="${0##*/}"
+SCRIPTNAME="${SCRIPTNAME##[KS][0-9][0-9]}"
+if [ -n "$APACHE_CONFDIR" ] ; then
+ if [ "${APACHE_CONFDIR##/etc/apache2-}" != "${APACHE_CONFDIR}" ] ; then
+ DIR_SUFFIX="${APACHE_CONFDIR##/etc/apache2-}"
+ else
+ DIR_SUFFIX=
+ fi
+elif [ "${SCRIPTNAME##apache2-}" != "$SCRIPTNAME" ] ; then
+ DIR_SUFFIX="-${SCRIPTNAME##apache2-}"
+ APACHE_CONFDIR=/etc/apache2$DIR_SUFFIX
+else
+ DIR_SUFFIX=
+ APACHE_CONFDIR=/etc/apache2
+fi
+if [ -z "$APACHE_ENVVARS" ] ; then
+ APACHE_ENVVARS=$APACHE_CONFDIR/envvars
+fi
+export APACHE_CONFDIR APACHE_ENVVARS
+
+ENV="env -i LANG=C PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
+if [ "$APACHE_CONFDIR" != /etc/apache2 ] ; then
+ ENV="$ENV APACHE_CONFDIR=$APACHE_CONFDIR"
+fi
+if [ "$APACHE_ENVVARS" != "$APACHE_CONFDIR/envvars" ] ; then
+ ENV="$ENV APACHE_ENVVARS=$APACHE_ENVVARS"
+fi
+
+
+#edit /etc/default/apache2 to change this.
+HTCACHECLEAN_RUN=auto
+HTCACHECLEAN_MODE=daemon
+HTCACHECLEAN_SIZE=300M
+HTCACHECLEAN_DAEMON_INTERVAL=120
+HTCACHECLEAN_PATH=/var/cache/apache2$DIR_SUFFIX/mod_cache_disk
+HTCACHECLEAN_OPTIONS=""
+
+# Read configuration variable file if it is present
+if [ -f /etc/default/apache2$DIR_SUFFIX ] ; then
+ . /etc/default/apache2$DIR_SUFFIX
+elif [ -f /etc/default/apache2 ] ; then
+ . /etc/default/apache2
+fi
+
+PIDFILE=$(. $APACHE_ENVVARS && echo $APACHE_PID_FILE)
+
+VERBOSE=no
+if [ -f /etc/default/rcS ]; then
+ . /etc/default/rcS
+fi
+. /lib/lsb/init-functions
+
+
+# Now, set defaults:
+APACHE2CTL="$ENV apache2ctl"
+HTCACHECLEAN="$ENV htcacheclean"
+PIDFILE=$(. $APACHE_ENVVARS && echo $APACHE_PID_FILE)
+APACHE2_INIT_MESSAGE=""
+
+CONFTEST_OUTFILE=
+cleanup() {
+ if [ -n "$CONFTEST_OUTFILE" ] ; then
+ rm -f "$CONFTEST_OUTFILE"
+ fi
+}
+trap cleanup 0 # "0" means "EXIT", but "EXIT" is not portable
+
+
+apache_conftest() {
+ [ -z "$CONFTEST_OUTFILE" ] || rm -f "$CONFTEST_OUTFILE"
+ CONFTEST_OUTFILE=$(mktemp)
+ if ! $APACHE2CTL configtest > "$CONFTEST_OUTFILE" 2>&1 ; then
+ return 1
+ else
+ rm -f "$CONFTEST_OUTFILE"
+ CONFTEST_OUTFILE=
+ return 0
+ fi
+}
+
+clear_error_msg() {
+ [ -z "$CONFTEST_OUTFILE" ] || rm -f "$CONFTEST_OUTFILE"
+ CONFTEST_OUTFILE=
+ APACHE2_INIT_MESSAGE=
+}
+
+print_error_msg() {
+ [ -z "$APACHE2_INIT_MESSAGE" ] || log_warning_msg "$APACHE2_INIT_MESSAGE"
+ if [ -n "$CONFTEST_OUTFILE" ] ; then
+ echo "Output of config test was:" >&2
+ cat "$CONFTEST_OUTFILE" >&2
+ rm -f "$CONFTEST_OUTFILE"
+ CONFTEST_OUTFILE=
+ fi
+}
+
+apache_wait_start() {
+ local STATUS=$1
+ local i=0
+
+ if [ $STATUS != 0 ] ; then
+ return $STATUS
+ fi
+ while : ; do
+ PIDTMP=$(pidofproc -p $PIDFILE $DAEMON)
+ if [ -n "${PIDTMP:-}" ] && kill -0 "${PIDTMP:-}" 2> /dev/null; then
+ return $STATUS
+ fi
+
+ if [ $i = "20" ] ; then
+ APACHE2_INIT_MESSAGE="The apache2$DIR_SUFFIX instance did not start within 20 seconds. Please read the log files to discover problems"
+ return 2
+ fi
+
+ [ "$VERBOSE" != no ] && log_progress_msg "."
+ sleep 1
+ i=$(($i+1))
+ done
+}
+
+apache_wait_stop() {
+ local STATUS=$1
+ local METH=$2
+
+ if [ $STATUS != 0 ] ; then
+ return $STATUS
+ fi
+
+ PIDTMP=$(pidofproc -p $PIDFILE $DAEMON)
+ if [ -n "${PIDTMP:-}" ] && kill -0 "${PIDTMP:-}" 2> /dev/null; then
+
+ if [ "$METH" = "kill" ]; then
+ killproc -p $PIDFILE $DAEMON
+ else
+ $APACHE2CTL $METH > /dev/null 2>&1
+ fi
+
+ local i=0
+ while kill -0 "${PIDTMP:-}" 2> /dev/null; do
+ if [ $i = '60' ]; then
+ STATUS=2
+ break
+ fi
+ [ "$VERBOSE" != no ] && log_progress_msg "."
+ sleep 1
+ i=$(($i+1))
+ done
+ return $STATUS
+ else
+ return $STATUS
+ fi
+}
+
+
+#
+# Function that starts the daemon/service
+#
+do_start()
+{
+ # Return
+ # 0 if daemon has been started
+ # 1 if daemon was already running
+ # 2 if daemon could not be started
+
+ if pidofproc -p $PIDFILE "$DAEMON" > /dev/null 2>&1 ; then
+ return 1
+ fi
+
+ if apache_conftest ; then
+ $APACHE2CTL start
+ apache_wait_start $?
+ return $?
+ else
+ APACHE2_INIT_MESSAGE="The apache2$DIR_SUFFIX configtest failed."
+ return 2
+ fi
+}
+
+#
+# Function that stops the daemon/service
+#
+do_stop()
+{
+ # Return
+ # 0 if daemon has been stopped
+ # 1 if daemon was already stopped
+ # 2 if daemon could not be stopped
+ # other if a failure occurred
+
+ # either "stop" or "graceful-stop"
+ local STOP=$1
+ # can't use pidofproc from LSB here
+ local AP_RET=0
+
+ if pidof $DAEMON > /dev/null 2>&1 ; then
+ if [ -e $PIDFILE ] && pidof $DAEMON | tr ' ' '\n' | grep -w $(cat $PIDFILE) > /dev/null 2>&1 ; then
+ AP_RET=2
+ else
+ AP_RET=1
+ fi
+ else
+ AP_RET=0
+ fi
+
+ # AP_RET is:
+ # 0 if Apache (whichever) is not running
+ # 1 if Apache (whichever) is running
+ # 2 if Apache from the PIDFILE is running
+
+ if [ $AP_RET = 0 ] ; then
+ return 1
+ fi
+
+ if [ $AP_RET = 2 ] && apache_conftest ; then
+ apache_wait_stop $? $STOP
+ return $?
+ else
+ if [ $AP_RET = 2 ]; then
+ clear_error_msg
+ APACHE2_INIT_MESSAGE="The apache2$DIR_SUFFIX configtest failed, so we are trying to kill it manually. This is almost certainly suboptimal, so please make sure your system is working as you'd expect now!"
+ apache_wait_stop $? "kill"
+ return $?
+ elif [ $AP_RET = 1 ] ; then
+ APACHE2_INIT_MESSAGE="There are processes named 'apache2' running which do not match your pid file which are left untouched in the name of safety, Please review the situation by hand".
+ return 2
+ fi
+ fi
+
+}
+
+
+#
+# Function that sends a SIGHUP to the daemon/service
+#
+do_reload() {
+ if apache_conftest; then
+ if ! pidofproc -p $PIDFILE "$DAEMON" > /dev/null 2>&1 ; then
+ APACHE2_INIT_MESSAGE="Apache2 is not running"
+ return 2
+ fi
+ $APACHE2CTL graceful > /dev/null 2>&1
+ return $?
+ else
+ APACHE2_INIT_MESSAGE="The apache2$DIR_SUFFIX configtest failed. Not doing anything."
+ return 2
+ fi
+}
+
+
+check_htcacheclean() {
+ [ "$HTCACHECLEAN_MODE" = "daemon" ] || return 1
+ [ "$HTCACHECLEAN_RUN" = "yes" ] && return 0
+
+ MODSDIR=$(. $APACHE_ENVVARS && echo $APACHE_MODS_ENABLED)
+ [ "$HTCACHECLEAN_RUN" = "auto" \
+ -a -e ${MODSDIR:-$APACHE_CONFDIR/mods-enabled}/cache_disk.load ] && \
+ return 0
+ return 1
+}
+
+start_htcacheclean() {
+ $HTCACHECLEAN $HTCACHECLEAN_OPTIONS -d$HTCACHECLEAN_DAEMON_INTERVAL \
+ -i -p$HTCACHECLEAN_PATH -l$HTCACHECLEAN_SIZE
+}
+
+stop_htcacheclean() {
+ pkill -P 1 -f "htcacheclean.* -p$HTCACHECLEAN_PATH " 2> /dev/null || return 1
+}
+
+
+# Sanity checks. They need to occur after function declarations
+[ -x $DAEMON ] || exit 0
+
+if [ ! -x $DAEMON ] ; then
+ echo "No apache-bin package installed"
+ exit 0
+fi
+
+if [ -z "$PIDFILE" ] ; then
+ echo ERROR: APACHE_PID_FILE needs to be defined in $APACHE_ENVVARS >&2
+ exit 2
+fi
+
+if check_htcacheclean ; then
+ if [ ! -d "$HTCACHECLEAN_PATH" ] ; then
+ echo "htcacheclean is configured, but directory $HTCACHECLEAN_PATH does not exist!" >&2
+ exit 2
+ fi
+fi
+
+
+
+case "$1" in
+ start)
+ log_daemon_msg "Starting $DESC" "$NAME"
+ do_start
+ RET_STATUS=$?
+ case "$RET_STATUS" in
+ 0|1)
+ log_success_msg
+ [ "$VERBOSE" != no ] && [ $RET_STATUS = 1 ] && log_warning_msg "Server was already running"
+ if check_htcacheclean ; then
+ [ "$VERBOSE" != no ] && log_daemon_msg "Starting HTTP cache cleaning daemon" "htcacheclean"
+ start_htcacheclean
+ [ "$VERBOSE" != no ] && log_end_msg $?
+ fi
+ ;;
+ 2)
+ log_failure_msg
+ print_error_msg
+ exit 1
+ ;;
+ esac
+ ;;
+ stop|graceful-stop)
+ log_daemon_msg "Stopping $DESC" "$NAME"
+ do_stop "$1"
+ RET_STATUS=$?
+ case "$RET_STATUS" in
+ 0|1)
+ log_success_msg
+ [ "$VERBOSE" != no ] && [ $RET_STATUS = 1 ] && log_warning_msg "Server was not running"
+ ;;
+ 2)
+ log_failure_msg
+ print_error_msg
+ exit 1
+ ;;
+ esac
+ print_error_msg
+
+ if check_htcacheclean ; then
+ [ "$VERBOSE" != no ] && log_daemon_msg "Stopping HTTP cache cleaning daemon" "htcacheclean"
+ stop_htcacheclean
+ [ "$VERBOSE" != no ] && log_end_msg $?
+ fi
+
+ ;;
+ status)
+ status_of_proc -p $PIDFILE "apache2" "$NAME"
+ exit $?
+ ;;
+ reload|force-reload|graceful)
+ log_daemon_msg "Reloading $DESC" "$NAME"
+ do_reload
+ RET_STATUS=$?
+ case "$RET_STATUS" in
+ 0|1)
+ log_success_msg
+ [ "$VERBOSE" != no ] && [ $RET_STATUS = 1 ] && log_warning_msg "Server was already running"
+ ;;
+ 2)
+ log_failure_msg
+ print_error_msg
+ exit 1
+ ;;
+ esac
+ print_error_msg
+ ;;
+ restart)
+ log_daemon_msg "Restarting $DESC" "$NAME"
+ do_stop stop
+ case "$?" in
+ 0|1)
+ do_start
+ case "$?" in
+ 0)
+ log_end_msg 0
+ ;;
+ 1|*)
+ log_end_msg 1 # Old process is still or failed to running
+ print_error_msg
+ exit 1
+ ;;
+ esac
+ ;;
+ *)
+ # Failed to stop
+ log_end_msg 1
+ print_error_msg
+ exit 1
+ ;;
+ esac
+ ;;
+ start-htcacheclean)
+ log_daemon_msg "Starting htcacheclean"
+ start_htcacheclean
+ log_end_msg $?
+ exit $?
+ ;;
+ stop-htcacheclean)
+ log_daemon_msg "Stopping htcacheclean"
+ stop_htcacheclean
+ log_end_msg $?
+ exit $?
+ ;;
+ *)
+ echo "Usage: $SCRIPTNAME {start|stop|graceful-stop|restart|reload|force-reload|start-htcacheclean|stop-htcacheclean}" >&2
+ exit 3
+ ;;
+esac
+
+exit 0
+
+# vim: syntax=sh ts=4 sw=4 sts=4 sr noet
--- /dev/null
+#!/bin/sh -e
+
+### BEGIN INIT INFO
+# Provides: bind9
+# Required-Start: $remote_fs
+# Required-Stop: $remote_fs
+# Should-Start: $network $syslog
+# Should-Stop: $network $syslog
+# Default-Start: 2 3 4 5
+# Default-Stop: 0 1 6
+# Short-Description: Start and stop bind9
+# Description: bind9 is a Domain Name Server (DNS)
+# which translates ip addresses to and from internet names
+### END INIT INFO
+
+PATH=/sbin:/bin:/usr/sbin:/usr/bin
+
+# for a chrooted server: "-u bind -t /var/lib/named"
+# Don't modify this line, change or create /etc/default/bind9.
+OPTIONS=""
+RESOLVCONF=no
+
+test -f /etc/default/bind9 && . /etc/default/bind9
+
+test -x /usr/sbin/rndc || exit 0
+
+. /lib/lsb/init-functions
+PIDFILE=/var/run/named/named.pid
+
+check_network() {
+ if [ -x /usr/bin/uname ] && [ "X$(/usr/bin/uname -o)" = XSolaris ]; then
+ IFCONFIG_OPTS="-au"
+ else
+ IFCONFIG_OPTS=""
+ fi
+ if [ -z "$(/sbin/ifconfig $IFCONFIG_OPTS)" ]; then
+ #log_action_msg "No networks configured."
+ return 1
+ fi
+ return 0
+}
+
+case "$1" in
+ start)
+ log_daemon_msg "Starting domain name service..." "bind9"
+
+ modprobe capability >/dev/null 2>&1 || true
+
+ # dirs under /var/run can go away on reboots.
+ mkdir -p /var/run/named
+ chmod 775 /var/run/named
+ chown root:bind /var/run/named >/dev/null 2>&1 || true
+
+ if [ ! -x /usr/sbin/named ]; then
+ log_action_msg "named binary missing - not starting"
+ log_end_msg 1
+ fi
+
+ if ! check_network; then
+ log_action_msg "no networks configured"
+ log_end_msg 1
+ fi
+
+ if start-stop-daemon --start --oknodo --quiet --exec /usr/sbin/named \
+ --pidfile ${PIDFILE} -- $OPTIONS; then
+ if [ "X$RESOLVCONF" != "Xno" ] && [ -x /sbin/resolvconf ] ; then
+ echo "nameserver 127.0.0.1" | /sbin/resolvconf -a lo.named
+ fi
+ log_end_msg 0
+ else
+ log_end_msg 1
+ fi
+ ;;
+
+ stop)
+ log_daemon_msg "Stopping domain name service..." "bind9"
+ if ! check_network; then
+ log_action_msg "no networks configured"
+ log_end_msg 1
+ fi
+
+ if [ "X$RESOLVCONF" != "Xno" ] && [ -x /sbin/resolvconf ] ; then
+ /sbin/resolvconf -d lo.named
+ fi
+ pid=$(/usr/sbin/rndc stop -p | awk '/^pid:/ {print $2}') || true
+ if [ -z "$pid" ]; then # no pid found, so either not running, or error
+ pid=$(pgrep -f ^/usr/sbin/named) || true
+ start-stop-daemon --stop --oknodo --quiet --exec /usr/sbin/named \
+ --pidfile ${PIDFILE} -- $OPTIONS
+ fi
+ if [ -n "$pid" ]; then
+ sig=0
+ n=1
+ while kill -$sig $pid 2>/dev/null; do
+ if [ $n -eq 1 ]; then
+ echo "waiting for pid $pid to die"
+ fi
+ if [ $n -eq 11 ]; then
+ echo "giving up on pid $pid with kill -0; trying -9"
+ sig=9
+ fi
+ if [ $n -gt 20 ]; then
+ echo "giving up on pid $pid"
+ break
+ fi
+ n=$(($n+1))
+ sleep 1
+ done
+ fi
+ log_end_msg 0
+ ;;
+
+ reload|force-reload)
+ log_daemon_msg "Reloading domain name service..." "bind9"
+ if ! check_network; then
+ log_action_msg "no networks configured"
+ log_end_msg 1
+ fi
+
+ /usr/sbin/rndc reload >/dev/null && log_end_msg 0 || log_end_msg 1
+ ;;
+
+ restart)
+ if ! check_network; then
+ log_action_msg "no networks configured"
+ exit 1
+ fi
+
+ $0 stop
+ $0 start
+ ;;
+
+ status)
+ ret=0
+ status_of_proc -p ${PIDFILE} /usr/sbin/named bind9 2>/dev/null || ret=$?
+ exit $ret
+ ;;
+
+ *)
+ log_action_msg "Usage: /etc/init.d/bind9 {start|stop|reload|restart|force-reload|status}"
+ exit 1
+ ;;
+esac
+
+exit 0
--- /dev/null
+#!/bin/sh
+
+# This file is part of netfilter-persistent
+# Copyright (C) 2014 Jonathan Wiltshire
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of the GNU General Public License
+# as published by the Free Software Foundation, either version 3
+# of the License, or (at your option) any later version.
+
+### BEGIN INIT INFO
+# Provides: netfilter-persistent
+# Required-Start: mountkernfs $remote_fs
+# Required-Stop: $remote_fs
+# Default-Start: S
+# Default-Stop: 0 1 6
+# Short-Description: Load boot-time netfilter configuration
+# Description: Loads boot-time netfilter configuration
+### END INIT INFO
+
+. /lib/lsb/init-functions
+
+case "$1" in
+start|restart|reload|force-reload)
+ log_action_begin_msg "Loading netfilter rules"
+ /usr/sbin/netfilter-persistent start
+ log_action_end_msg $?
+ ;;
+save)
+ log_action_begin_msg "Saving netfilter rules"
+ /usr/sbin/netfilter-persistent save
+ log_action_end_msg $?
+ ;;
+stop)
+ log_action_begin_msg "Stopping netfilter rules"
+ /usr/sbin/netfilter-persistent stop
+ log_action_end_msg $?
+ ;;
+flush)
+ log_action_begin_msg "Flushing netfilter rules"
+ /usr/sbin/netfilter-persistent flush
+ log_action_end_msg $?
+ ;;
+*)
+ echo "Usage: $0 {start|restart|reload|force-reload|save|flush}" >&2
+ exit 1
+ ;;
+esac
+
+exit $rc
--- /dev/null
+#!/bin/sh
+### BEGIN INIT INFO
+# Provides: salt-minion
+# Required-Start: $remote_fs $network
+# Required-Stop: $remote_fs $network
+# Default-Start: 2 3 4 5
+# Default-Stop: 0 1 6
+# Short-Description: salt minion control daemon
+# Description: This is a daemon that controls the salt minions
+### END INIT INFO
+
+# Author: Michael Prokop <mika@debian.org>
+
+PATH=/sbin:/usr/sbin:/bin:/usr/bin
+DESC="salt minion control daemon"
+NAME=salt-minion
+DAEMON=/usr/bin/salt-minion
+DAEMON_ARGS="-d"
+PIDFILE=/var/run/$NAME.pid
+SCRIPTNAME=/etc/init.d/$NAME
+
+# Exit if the package is not installed
+[ -x "$DAEMON" ] || exit 0
+
+# Read configuration variable file if it is present
+[ -r /etc/default/$NAME ] && . /etc/default/$NAME
+
+. /lib/lsb/init-functions
+
+do_start() {
+ # Return
+ # 0 if daemon has been started
+ # 1 if daemon was already running
+ # 2 if daemon could not be started
+ pid=$(pidofproc -p $PIDFILE $DAEMON)
+ if [ -n "$pid" ] ; then
+ return 1
+ fi
+
+ start-stop-daemon --start --quiet --background --pidfile $PIDFILE --exec $DAEMON -- \
+ $DAEMON_ARGS \
+ || return 2
+}
+
+do_stop() {
+ # Return
+ # 0 if daemon has been stopped
+ # 1 if daemon was already stopped
+ # 2 if daemon could not be stopped
+ # other if a failure occurred
+ start-stop-daemon --stop --quiet --retry=TERM/30/KILL/5 --pidfile $PIDFILE --name $NAME
+ RETVAL="$?"
+ [ "$RETVAL" = 2 ] && return 2
+ rm -f $PIDFILE
+ return "$RETVAL"
+}
+
+case "$1" in
+ start)
+ [ "$VERBOSE" != no ] && log_daemon_msg "Starting $DESC" "$NAME"
+ do_start
+ case "$?" in
+ 0|1) [ "$VERBOSE" != no ] && log_end_msg 0 ;;
+ 2) [ "$VERBOSE" != no ] && log_end_msg 1 ;;
+ esac
+ ;;
+ stop)
+ [ "$VERBOSE" != no ] && log_daemon_msg "Stopping $DESC" "$NAME"
+ do_stop
+ case "$?" in
+ 0|1) [ "$VERBOSE" != no ] && log_end_msg 0 ;;
+ 2) [ "$VERBOSE" != no ] && log_end_msg 1 ;;
+ esac
+ ;;
+ status)
+ status_of_proc "$DAEMON" "$NAME" && exit 0 || exit $?
+ ;;
+ #reload)
+ # not implemented
+ #;;
+ restart|force-reload)
+ log_daemon_msg "Restarting $DESC" "$NAME"
+ do_stop
+ case "$?" in
+ 0|1)
+ do_start
+ case "$?" in
+ 0) log_end_msg 0 ;;
+ 1) log_end_msg 1 ;; # Old process is still running
+ *) log_end_msg 1 ;; # Failed to start
+ esac
+ ;;
+ *)
+ # Failed to stop
+ log_end_msg 1
+ ;;
+ esac
+ ;;
+ *)
+ echo "Usage: $SCRIPTNAME {start|stop|status|restart|force-reload}" >&2
+ exit 3
+ ;;
+esac
+
+exit 0
--- /dev/null
+#! /bin/sh
+
+### BEGIN INIT INFO
+# Provides: sudo
+# Required-Start: $local_fs $remote_fs
+# Required-Stop:
+# X-Start-Before: rmnologin
+# Default-Start: 2 3 4 5
+# Default-Stop:
+# Short-Description: Provide limited super user privileges to specific users
+# Description: Provide limited super user privileges to specific users.
+### END INIT INFO
+
+. /lib/lsb/init-functions
+
+N=/etc/init.d/sudo
+
+set -e
+
+case "$1" in
+ start)
+ # make sure privileges don't persist across reboots
+ if [ -d /var/lib/sudo ]
+ then
+ find /var/lib/sudo -exec touch -d @0 '{}' \;
+ fi
+ ;;
+ stop|reload|restart|force-reload|status)
+ ;;
+ *)
+ echo "Usage: $N {start|stop|restart|force-reload|status}" >&2
+ exit 1
+ ;;
+esac
+
+exit 0
--- /dev/null
+#!/bin/sh
+### BEGIN INIT INFO
+# Provides: ulogd2 ulogd
+# Required-Start: $remote_fs $syslog
+# Required-Stop: $remote_fs $syslog
+# Default-Start: 2 3 4 5
+# Default-Stop: 0 1 6
+# Short-Description: Starts ulogd2
+# Description: Starts the netfilter userspace log daemon
+### END INIT INFO
+
+# Author: Chris Boot <debian@bootc.net>
+
+PATH=/sbin:/usr/sbin:/bin:/usr/bin
+DESC="netfilter userspace log daemon"
+NAME=ulogd
+DAEMON=/usr/sbin/$NAME
+DAEMON_USER=ulog
+PIDDIR=/run/ulog
+PIDFILE=$PIDDIR/$NAME.pid
+DAEMON_ARGS="--daemon --uid $DAEMON_USER --pidfile $PIDFILE"
+SCRIPTNAME=/etc/init.d/$NAME
+
+# Exit if the package is not installed
+[ -x "$DAEMON" ] || exit 0
+
+# Read configuration variable file if it is present
+[ -r /etc/default/$NAME ] && . /etc/default/$NAME
+
+# Load the VERBOSE setting and other rcS variables
+. /lib/init/vars.sh
+
+# Define LSB log_* functions.
+# Depend on lsb-base (>= 3.2-14) to ensure that this file is present
+# and status_of_proc is working.
+. /lib/lsb/init-functions
+
+#
+# Function that starts the daemon/service
+#
+do_start()
+{
+ # Make sure our /run directory exists
+ if [ ! -d $PIDDIR ]; then
+ mkdir $PIDDIR
+ chown $DAEMON_USER: $PIDDIR
+ fi
+
+ # Return
+ # 0 if daemon has been started
+ # 1 if daemon was already running
+ # 2 if daemon could not be started
+ start-stop-daemon --start --quiet --pidfile $PIDFILE --exec $DAEMON \
+ --test > /dev/null || return 1
+ start-stop-daemon --start --quiet --pidfile $PIDFILE --exec $DAEMON -- \
+ $DAEMON_ARGS || return 2
+}
+
+#
+# Function that stops the daemon/service
+#
+do_stop()
+{
+ # Return
+ # 0 if daemon has been stopped
+ # 1 if daemon was already stopped
+ # 2 if daemon could not be stopped
+ # other if a failure occurred
+ start-stop-daemon --stop --quiet --retry=TERM/30/KILL/5 \
+ --pidfile $PIDFILE --name $NAME
+}
+
+#
+# Function that sends a SIGHUP to the daemon/service
+#
+do_reload() {
+ start-stop-daemon --stop --signal HUP --quiet --pidfile $PIDFILE \
+ --name $NAME
+ return 0
+}
+
+case "$1" in
+ start)
+ log_daemon_msg "Starting $DESC" "$NAME"
+ do_start; RET=$?
+ case $RET in
+ 0|1) log_end_msg 0; exit 0 ;;
+ *) log_end_msg 1; exit 1 ;;
+ esac
+ ;;
+ stop)
+ log_daemon_msg "Stopping $DESC" "$NAME"
+ do_stop; RET=$?
+ case $RET in
+ 0|1) log_end_msg 0; exit 0 ;;
+ *) log_end_msg 1; exit 1 ;;
+ esac
+ ;;
+ status)
+ status_of_proc "$DAEMON" "$NAME"
+ ;;
+ reload|force-reload)
+ log_daemon_msg "Reloading $DESC" "$NAME"
+ do_reload; RET=$?
+ log_end_msg $RET
+ exit $RET
+ ;;
+ restart)
+ log_daemon_msg "Restarting $DESC" "$NAME"
+ do_stop; RET=$?
+ case $RET in
+ 0|1)
+ do_start; RET=$?
+ case $RET in
+ 0) log_end_msg 0; exit 0 ;;
+ 1) log_end_msg 1; exit 1 ;; # Old process is still running
+ *) log_end_msg 1; exit 1 ;; # Failed to start
+ esac
+ ;;
+ *)
+ # Failed to stop
+ log_end_msg 1; exit 1
+ ;;
+ esac
+ ;;
+ *)
+ echo "Usage: $SCRIPTNAME {start|stop|status|restart|reload|force-reload}" >&2
+ exit 3
+ ;;
+esac
+
--- /dev/null
+description "Salt Minion"
+
+start on (net-device-up
+ and local-filesystems
+ and runlevel [2345])
+stop on runlevel [!2345]
+
+# The respawn in the minion is known to cause problems
+# because if the main minion process dies it has done
+# so most likely for a good reason. Uncomment these
+# two lines to enable respawn
+#respawn
+#respawn limit 10 5
+
+script
+ # Read configuration variable file if it is present
+ [ -f /etc/default/$UPSTART_JOB ] && . /etc/default/$UPSTART_JOB
+
+ # Activate the virtualenv if defined
+ [ -f $SALT_USE_VIRTUALENV/bin/activate ] && . $SALT_USE_VIRTUALENV/bin/activate
+
+ exec salt-minion
+end script
--- /dev/null
+# ulogd2 - Netfilter Userspace Logging Daemon
+#
+# ulogd is an advanced netfilter logging daemon.
+
+description "Netfilter Userspace Logging Daemon"
+
+start on runlevel [2345]
+stop on runlevel [!2345]
+
+expect fork
+respawn
+
+exec /usr/sbin/ulogd --daemon --uid ulog
--- /dev/null
+# /etc/inittab: init(8) configuration.
+# $Id: inittab,v 1.91 2002/01/25 13:35:21 miquels Exp $
+
+# The default runlevel.
+id:2:initdefault:
+
+# Boot-time system configuration/initialization script.
+# This is run first except when booting in emergency (-b) mode.
+si::sysinit:/etc/init.d/rcS
+
+# What to do in single-user mode.
+~~:S:wait:/sbin/sulogin
+
+# /etc/init.d executes the S and K scripts upon change
+# of runlevel.
+#
+# Runlevel 0 is halt.
+# Runlevel 1 is single-user.
+# Runlevels 2-5 are multi-user.
+# Runlevel 6 is reboot.
+
+l0:0:wait:/etc/init.d/rc 0
+l1:1:wait:/etc/init.d/rc 1
+l2:2:wait:/etc/init.d/rc 2
+l3:3:wait:/etc/init.d/rc 3
+l4:4:wait:/etc/init.d/rc 4
+l5:5:wait:/etc/init.d/rc 5
+l6:6:wait:/etc/init.d/rc 6
+# Normally not reached, but fallthrough in case of emergency.
+z6:6:respawn:/sbin/sulogin
+
+# What to do when CTRL-ALT-DEL is pressed.
+ca:12345:ctrlaltdel:/sbin/shutdown -t1 -a -r now
+
+# Action on special keypress (ALT-UpArrow).
+#kb::kbrequest:/bin/echo "Keyboard Request--edit /etc/inittab to let this work."
+
+# What to do when the power fails/returns.
+pf::powerwait:/etc/init.d/powerfail start
+pn::powerfailnow:/etc/init.d/powerfail now
+po::powerokwait:/etc/init.d/powerfail stop
+
+# /sbin/getty invocations for the runlevels.
+#
+# The "id" field MUST be the same as the last
+# characters of the device (after "tty").
+#
+# Format:
+# <id>:<runlevels>:<action>:<process>
+#
+# Note that on most Debian systems tty7 is used by the X Window System,
+# so if you want to add more getty's go ahead but skip tty7 if you run X.
+#
+1:2345:respawn:/sbin/getty --noclear 38400 tty1
+2:23:respawn:/sbin/getty 38400 tty2
+3:23:respawn:/sbin/getty 38400 tty3
+4:23:respawn:/sbin/getty 38400 tty4
+5:23:respawn:/sbin/getty 38400 tty5
+6:23:respawn:/sbin/getty 38400 tty6
+
+# Example how to put a getty on a serial line (for a terminal)
+#
+#T0:23:respawn:/sbin/getty -L ttyS0 9600 vt100
+#T1:23:respawn:/sbin/getty -L ttyS1 9600 vt100
+
+# Example how to put a getty on a modem line.
+#
+#T3:23:respawn:/sbin/mgetty -x0 -s 57600 ttyS3
+
--- /dev/null
+# Generated by iptables-save v1.4.21 on Mon Sep 26 11:27:21 2016
+*filter
+:INPUT ACCEPT [0:0]
+:FORWARD ACCEPT [0:0]
+:OUTPUT ACCEPT [290:38945]
+:fail2ban-postfix - [0:0]
+:fail2ban-ssh - [0:0]
+-A INPUT -p tcp -m multiport --dports 22 -j fail2ban-ssh
+-A INPUT -p tcp -m multiport --dports 25,465,587 -j fail2ban-postfix
+-A INPUT -p tcp -m multiport --dports 22 -j fail2ban-ssh
+-A INPUT -p tcp -m multiport --dports 25,465,587 -j fail2ban-postfix
+-A INPUT -s 220.192.0.0/12 -p tcp -m multiport --dports 22 -j REJECT --reject-with icmp-port-unreachable
+-A INPUT -s 222.184.0.0/13 -p tcp -m multiport --dports 22 -j REJECT --reject-with icmp-port-unreachable
+-A INPUT -m conntrack --ctstate ESTABLISHED -j ACCEPT
+-A INPUT -m conntrack --ctstate RELATED -j ACCEPT
+-A INPUT -i lo -j ACCEPT
+-A INPUT -p icmp -j ACCEPT
+-A INPUT -p udp -m udp --dport 68 -j ACCEPT
+-A INPUT -p udp -m udp --dport 53 -j ACCEPT
+-A INPUT -p tcp -m tcp --dport 53 -j ACCEPT
+-A INPUT -p tcp -m tcp --dport 22 -j ACCEPT
+-A INPUT -p tcp -m multiport --dports 80,443 -j ACCEPT
+-A INPUT -j NFLOG --nflog-prefix "INPUT Reject " --nflog-threshold 1
+-A INPUT -j REJECT --reject-with icmp-port-unreachable
+-A fail2ban-postfix -j RETURN
+-A fail2ban-postfix -j RETURN
+-A fail2ban-ssh -j RETURN
+-A fail2ban-ssh -j RETURN
+COMMIT
+# Completed on Mon Sep 26 11:27:21 2016
--- /dev/null
+# Generated by ip6tables-save v1.4.21 on Mon Sep 26 11:27:21 2016
+*filter
+:INPUT ACCEPT [0:0]
+:FORWARD ACCEPT [0:0]
+:OUTPUT ACCEPT [0:0]
+COMMIT
+# Completed on Mon Sep 26 11:27:21 2016
--- /dev/null
+{"creation_host": "ns2.uhu-banane.de", "creation_dt": "2016-10-31T22:49:24Z"}
\ No newline at end of file
--- /dev/null
+{"e": "AQAB", "d": "TDRJ6wA_FFfSE9B4HyWfvPP5x6oZ6JHfKBsd9he-op3pIlhAor8GRkXGKkelkloHeSJdTRM9_7dDIx6or9QPAGikxtVnXymTcwoad6iQ9e6S1ov2nIs6thKmVFDoe6LcbdQ_EY_FK-zwsYW8ymNAU-YlgyWKaoX2B9aOloEfAPxddCh9DBhj0fUhQOzQxUUKEHYH6IfLhJNiP1B3le7Q-fDlNhjH4uiM6SDaL7bBExSihehIyaBUbFMWr2mKh8EK1TQihOIb0x8nUowh1UTgoy3dwGkcUFlJeZ3DYrOG-8oOSgo2Ecg7A39609-Af7tl50Bif2H20zcgh1ynHY_jiQ", "n": "wQUbR-l2R6l4aFk-gdPwv76vtzfCSYfiBUlBsGOe-2UOTzTD2o6u3IUtz2sIbgS6RyMRqlKMFxXk6eoSoCIutGzi7Qtwiobc16rOkRPai71cZvdI7K9lMKIRwnN96vBZIgXJe0nvnMNlFS159LicegneVVE-_IpxmiLZ6w-q2jmR9Uw5ULCGN9N_lxQjfXMjpfpvr-b5LPnVunRjYBUz316D0i8yqZwpoOhtT1gxCHYmY-2UfXGTzRcL9QEthl71666Povgavku2pXcZsUSBXlYXEh4VFBYQOp7-M6i-JF_LI3Qv6DgGDoz9WAfEWXcNlk5IOqNzOJ5-WDFVXDHd-Q", "q": "y7IwxzaS4LFWAYY2egCqY-1WWVp2BRdJFbIkuuQ0WVu5ff4YfaQQg3DmF411MOFVVvECnyZMThuxrxwU0_aLB2_VWRNmK9sd8QJf90v9eo0s_ebTmiIdRHQeW23j9NPo7D1Z9w3KFba6yCb-RllE4m6u12wGYxBO2kTpFTvoDsM", "p": "8pUhQGNlqB06M1hXFeLpuP-KiXnLixrJcAqorSZjqhXDEdSBG8PdN8rVmcOKJM1fKrn9MjrHLchGpDLbv4SDY0V1_3DLDgCI6X8Kqf2FVzI3eaJE1VzkN89gCOUVmsJqESPgUhphx_Avd2O2Hu0P0eI-Fc2tzUgNRhinJmY6zJM", "kty": "RSA", "qi": "chkJ6z2og9dYIv3mLAN3VekS5tc4wEFPlwPwXDmVYSU9j9rBs1QNv0MvrrENSbOx4pEE-J4lYRdIcT8G0KsBypqZwe01e4-C-nv5FfB68-umxuBxUHdUbujGmzhT23PsQeEn5vQHFbDBRGEFsHuVE46no4r8-xc0CzP-KZlGiMc", "dp": "UaDXGJiZ65EyNXbjjwzVQxhSYOJoGL4BzL75dZJ2dRRvmL9eVp55AT4y1FQVVz74aCM_zTg0L_a1tqkagv6vS6djBnrJCUQqzg-e4gbaaLYQLtDowrdIYHNayIN12qbTFENzR41zG9l5z33xGcUBzsmHxMR6WJqHRPAkxuodnRs", "dq": "JukQBk33erKFcl8X8vBDnDkPIJx2JPzQujNAbu7-zP8HjPjH5uA7Q1CCs4cTFtZEfgol7Q7czqLdq0ya8e6Lmk0TnSNmhgQiURKaEFxUvF9Rc-LvEudnXdcsoVx5iiAcw1vo3pekvccdIPTJ59hPn01zWrVI9w17cphtSeAasQ8"}
\ No newline at end of file
--- /dev/null
+{"body": {"contact": ["mailto:frank@brehm-online.com"], "agreement": "https://letsencrypt.org/documents/LE-SA-v1.1.1-August-1-2016.pdf", "key": {"e": "AQAB", "kty": "RSA", "n": "wQUbR-l2R6l4aFk-gdPwv76vtzfCSYfiBUlBsGOe-2UOTzTD2o6u3IUtz2sIbgS6RyMRqlKMFxXk6eoSoCIutGzi7Qtwiobc16rOkRPai71cZvdI7K9lMKIRwnN96vBZIgXJe0nvnMNlFS159LicegneVVE-_IpxmiLZ6w-q2jmR9Uw5ULCGN9N_lxQjfXMjpfpvr-b5LPnVunRjYBUz316D0i8yqZwpoOhtT1gxCHYmY-2UfXGTzRcL9QEthl71666Povgavku2pXcZsUSBXlYXEh4VFBYQOp7-M6i-JF_LI3Qv6DgGDoz9WAfEWXcNlk5IOqNzOJ5-WDFVXDHd-Q"}}, "uri": "https://acme-v01.api.letsencrypt.org/acme/reg/5740505", "new_authzr_uri": "https://acme-v01.api.letsencrypt.org/acme/new-authz", "terms_of_service": "https://letsencrypt.org/documents/LE-SA-v1.1.1-August-1-2016.pdf"}
\ No newline at end of file
--- /dev/null
+-----BEGIN CERTIFICATE-----
+MIIFozCCBIugAwIBAgISA5g/4aS1p4F+cU+VponaTyUVMA0GCSqGSIb3DQEBCwUA
+MEoxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MSMwIQYDVQQD
+ExpMZXQncyBFbmNyeXB0IEF1dGhvcml0eSBYMzAeFw0xNjEwMzEyMTUzMDBaFw0x
+NzAxMjkyMTUzMDBaMBwxGjAYBgNVBAMTEW5zMi51aHUtYmFuYW5lLmRlMIIBIjAN
+BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmBr4PwCQensuqtymQDbCkv3iOwGK
+ubVVWJ2+0n6rbwd/4Za6fBMFzDO7CY8i0Nw1zcF6tQhnQTVR1UOvqSXLzQHNTpu9
+tGZzo8gg+jt6bAtl+kCm5nEj1xpLibj0Hi3DktAYb67ngPlPB05MSdyIfVOjxmLw
+FfDYTd4yQhfpqfJxU9TeAtREEhI0MYphmv2chWbD4Gsk3VssOo1l8p/kw74IOReI
+kTTuRnAeDZywBObAMP/65cCErhKKRPieMoMTb/frZ7k2yFkWBuUglMtr0fF0NzTc
+ZS/or+LBB/ajxFmAaKckWJifnZS4ARwcfWbODMHdOkyU6OMdJIafsSwAawIDAQAB
+o4ICrzCCAqswDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggr
+BgEFBQcDAjAMBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBT8gOFaMry21ATJhgm5Bfz3
+ko5nATAfBgNVHSMEGDAWgBSoSmpjBH3duubRObemRWXv86jsoTBwBggrBgEFBQcB
+AQRkMGIwLwYIKwYBBQUHMAGGI2h0dHA6Ly9vY3NwLmludC14My5sZXRzZW5jcnlw
+dC5vcmcvMC8GCCsGAQUFBzAChiNodHRwOi8vY2VydC5pbnQteDMubGV0c2VuY3J5
+cHQub3JnLzCBuAYDVR0RBIGwMIGtghRuczIuYnJlaG0tb25saW5lLmNvbYIRbnMy
+LnVodS1iYW5hbmUuZGWCFnJlcG8yLmJyZWhtLW9ubGluZS5jb22CFHJlcG8yLnVo
+dS1iYW5hbmUuY29tghNyZXBvMi51aHUtYmFuYW5lLmRlghNyZXBvMi51aHUtYmFu
+YW5lLmV1ghRyZXBvMi51aHUtYmFuYW5lLm5ldIIUcmVwbzIudWh1LWJhbmFuZS5v
+cmcwgf4GA1UdIASB9jCB8zAIBgZngQwBAgEwgeYGCysGAQQBgt8TAQEBMIHWMCYG
+CCsGAQUFBwIBFhpodHRwOi8vY3BzLmxldHNlbmNyeXB0Lm9yZzCBqwYIKwYBBQUH
+AgIwgZ4MgZtUaGlzIENlcnRpZmljYXRlIG1heSBvbmx5IGJlIHJlbGllZCB1cG9u
+IGJ5IFJlbHlpbmcgUGFydGllcyBhbmQgb25seSBpbiBhY2NvcmRhbmNlIHdpdGgg
+dGhlIENlcnRpZmljYXRlIFBvbGljeSBmb3VuZCBhdCBodHRwczovL2xldHNlbmNy
+eXB0Lm9yZy9yZXBvc2l0b3J5LzANBgkqhkiG9w0BAQsFAAOCAQEAZPubpNEj347Q
+YZyF1ygt+elY+eIepstbCrpMo+/LuNBW74h990aeNZRRp/7wtq7yqogcqiVDMxF4
+J9SBEPDbAecG/t5ccBaJz8tOV98B/ZBBG7n94hUfMnc21DSlMkCf324uXSHhXKYB
+OZ7RtHObE0llv8VUhSVggj6Dm3DvKG60o1+jrGK4va2oZ1DHIJ8bfjjuEq9J7Jo3
+dbwF/9GG81k8xEizJEN4bkfahMc3/EReGlAWj7+opQx890NOBkm5/mPA5pqPDASa
+wZmGmRe/BNUahsFMvAUO+yDyafefeewi3gyzV5GJDoByN74/dmWhcIc2OxQuogOi
+Hc9nOLjt2g==
+-----END CERTIFICATE-----
--- /dev/null
+-----BEGIN CERTIFICATE-----
+MIIEkjCCA3qgAwIBAgIQCgFBQgAAAVOFc2oLheynCDANBgkqhkiG9w0BAQsFADA/
+MSQwIgYDVQQKExtEaWdpdGFsIFNpZ25hdHVyZSBUcnVzdCBDby4xFzAVBgNVBAMT
+DkRTVCBSb290IENBIFgzMB4XDTE2MDMxNzE2NDA0NloXDTIxMDMxNzE2NDA0Nlow
+SjELMAkGA1UEBhMCVVMxFjAUBgNVBAoTDUxldCdzIEVuY3J5cHQxIzAhBgNVBAMT
+GkxldCdzIEVuY3J5cHQgQXV0aG9yaXR5IFgzMIIBIjANBgkqhkiG9w0BAQEFAAOC
+AQ8AMIIBCgKCAQEAnNMM8FrlLke3cl03g7NoYzDq1zUmGSXhvb418XCSL7e4S0EF
+q6meNQhY7LEqxGiHC6PjdeTm86dicbp5gWAf15Gan/PQeGdxyGkOlZHP/uaZ6WA8
+SMx+yk13EiSdRxta67nsHjcAHJyse6cF6s5K671B5TaYucv9bTyWaN8jKkKQDIZ0
+Z8h/pZq4UmEUEz9l6YKHy9v6Dlb2honzhT+Xhq+w3Brvaw2VFn3EK6BlspkENnWA
+a6xK8xuQSXgvopZPKiAlKQTGdMDQMc2PMTiVFrqoM7hD8bEfwzB/onkxEz0tNvjj
+/PIzark5McWvxI0NHWQWM6r6hCm21AvA2H3DkwIDAQABo4IBfTCCAXkwEgYDVR0T
+AQH/BAgwBgEB/wIBADAOBgNVHQ8BAf8EBAMCAYYwfwYIKwYBBQUHAQEEczBxMDIG
+CCsGAQUFBzABhiZodHRwOi8vaXNyZy50cnVzdGlkLm9jc3AuaWRlbnRydXN0LmNv
+bTA7BggrBgEFBQcwAoYvaHR0cDovL2FwcHMuaWRlbnRydXN0LmNvbS9yb290cy9k
+c3Ryb290Y2F4My5wN2MwHwYDVR0jBBgwFoAUxKexpHsscfrb4UuQdf/EFWCFiRAw
+VAYDVR0gBE0wSzAIBgZngQwBAgEwPwYLKwYBBAGC3xMBAQEwMDAuBggrBgEFBQcC
+ARYiaHR0cDovL2Nwcy5yb290LXgxLmxldHNlbmNyeXB0Lm9yZzA8BgNVHR8ENTAz
+MDGgL6AthitodHRwOi8vY3JsLmlkZW50cnVzdC5jb20vRFNUUk9PVENBWDNDUkwu
+Y3JsMB0GA1UdDgQWBBSoSmpjBH3duubRObemRWXv86jsoTANBgkqhkiG9w0BAQsF
+AAOCAQEA3TPXEfNjWDjdGBX7CVW+dla5cEilaUcne8IkCJLxWh9KEik3JHRRHGJo
+uM2VcGfl96S8TihRzZvoroed6ti6WqEBmtzw3Wodatg+VyOeph4EYpr/1wXKtx8/
+wApIvJSwtmVi4MFU5aMqrSDE6ea73Mj2tcMyo5jMd6jmeWUHK8so/joWUoHOUgwu
+X4Po1QYz+3dszkDqMp4fklxBwXRsW10KXzPMTZ+sOPAveyxindmjkW8lGy+QsRlG
+PfZ+G6Z6h7mjem0Y+iWlkYcV4PIWL1iwBi8saCbGS5jN2p8M+X+Q7UNKEkROb3N6
+KOqkqm57TH2H3eDJAkSnh6/DNFu0Qg==
+-----END CERTIFICATE-----
--- /dev/null
+-----BEGIN CERTIFICATE-----
+MIIFozCCBIugAwIBAgISA5g/4aS1p4F+cU+VponaTyUVMA0GCSqGSIb3DQEBCwUA
+MEoxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MSMwIQYDVQQD
+ExpMZXQncyBFbmNyeXB0IEF1dGhvcml0eSBYMzAeFw0xNjEwMzEyMTUzMDBaFw0x
+NzAxMjkyMTUzMDBaMBwxGjAYBgNVBAMTEW5zMi51aHUtYmFuYW5lLmRlMIIBIjAN
+BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmBr4PwCQensuqtymQDbCkv3iOwGK
+ubVVWJ2+0n6rbwd/4Za6fBMFzDO7CY8i0Nw1zcF6tQhnQTVR1UOvqSXLzQHNTpu9
+tGZzo8gg+jt6bAtl+kCm5nEj1xpLibj0Hi3DktAYb67ngPlPB05MSdyIfVOjxmLw
+FfDYTd4yQhfpqfJxU9TeAtREEhI0MYphmv2chWbD4Gsk3VssOo1l8p/kw74IOReI
+kTTuRnAeDZywBObAMP/65cCErhKKRPieMoMTb/frZ7k2yFkWBuUglMtr0fF0NzTc
+ZS/or+LBB/ajxFmAaKckWJifnZS4ARwcfWbODMHdOkyU6OMdJIafsSwAawIDAQAB
+o4ICrzCCAqswDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggr
+BgEFBQcDAjAMBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBT8gOFaMry21ATJhgm5Bfz3
+ko5nATAfBgNVHSMEGDAWgBSoSmpjBH3duubRObemRWXv86jsoTBwBggrBgEFBQcB
+AQRkMGIwLwYIKwYBBQUHMAGGI2h0dHA6Ly9vY3NwLmludC14My5sZXRzZW5jcnlw
+dC5vcmcvMC8GCCsGAQUFBzAChiNodHRwOi8vY2VydC5pbnQteDMubGV0c2VuY3J5
+cHQub3JnLzCBuAYDVR0RBIGwMIGtghRuczIuYnJlaG0tb25saW5lLmNvbYIRbnMy
+LnVodS1iYW5hbmUuZGWCFnJlcG8yLmJyZWhtLW9ubGluZS5jb22CFHJlcG8yLnVo
+dS1iYW5hbmUuY29tghNyZXBvMi51aHUtYmFuYW5lLmRlghNyZXBvMi51aHUtYmFu
+YW5lLmV1ghRyZXBvMi51aHUtYmFuYW5lLm5ldIIUcmVwbzIudWh1LWJhbmFuZS5v
+cmcwgf4GA1UdIASB9jCB8zAIBgZngQwBAgEwgeYGCysGAQQBgt8TAQEBMIHWMCYG
+CCsGAQUFBwIBFhpodHRwOi8vY3BzLmxldHNlbmNyeXB0Lm9yZzCBqwYIKwYBBQUH
+AgIwgZ4MgZtUaGlzIENlcnRpZmljYXRlIG1heSBvbmx5IGJlIHJlbGllZCB1cG9u
+IGJ5IFJlbHlpbmcgUGFydGllcyBhbmQgb25seSBpbiBhY2NvcmRhbmNlIHdpdGgg
+dGhlIENlcnRpZmljYXRlIFBvbGljeSBmb3VuZCBhdCBodHRwczovL2xldHNlbmNy
+eXB0Lm9yZy9yZXBvc2l0b3J5LzANBgkqhkiG9w0BAQsFAAOCAQEAZPubpNEj347Q
+YZyF1ygt+elY+eIepstbCrpMo+/LuNBW74h990aeNZRRp/7wtq7yqogcqiVDMxF4
+J9SBEPDbAecG/t5ccBaJz8tOV98B/ZBBG7n94hUfMnc21DSlMkCf324uXSHhXKYB
+OZ7RtHObE0llv8VUhSVggj6Dm3DvKG60o1+jrGK4va2oZ1DHIJ8bfjjuEq9J7Jo3
+dbwF/9GG81k8xEizJEN4bkfahMc3/EReGlAWj7+opQx890NOBkm5/mPA5pqPDASa
+wZmGmRe/BNUahsFMvAUO+yDyafefeewi3gyzV5GJDoByN74/dmWhcIc2OxQuogOi
+Hc9nOLjt2g==
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIEkjCCA3qgAwIBAgIQCgFBQgAAAVOFc2oLheynCDANBgkqhkiG9w0BAQsFADA/
+MSQwIgYDVQQKExtEaWdpdGFsIFNpZ25hdHVyZSBUcnVzdCBDby4xFzAVBgNVBAMT
+DkRTVCBSb290IENBIFgzMB4XDTE2MDMxNzE2NDA0NloXDTIxMDMxNzE2NDA0Nlow
+SjELMAkGA1UEBhMCVVMxFjAUBgNVBAoTDUxldCdzIEVuY3J5cHQxIzAhBgNVBAMT
+GkxldCdzIEVuY3J5cHQgQXV0aG9yaXR5IFgzMIIBIjANBgkqhkiG9w0BAQEFAAOC
+AQ8AMIIBCgKCAQEAnNMM8FrlLke3cl03g7NoYzDq1zUmGSXhvb418XCSL7e4S0EF
+q6meNQhY7LEqxGiHC6PjdeTm86dicbp5gWAf15Gan/PQeGdxyGkOlZHP/uaZ6WA8
+SMx+yk13EiSdRxta67nsHjcAHJyse6cF6s5K671B5TaYucv9bTyWaN8jKkKQDIZ0
+Z8h/pZq4UmEUEz9l6YKHy9v6Dlb2honzhT+Xhq+w3Brvaw2VFn3EK6BlspkENnWA
+a6xK8xuQSXgvopZPKiAlKQTGdMDQMc2PMTiVFrqoM7hD8bEfwzB/onkxEz0tNvjj
+/PIzark5McWvxI0NHWQWM6r6hCm21AvA2H3DkwIDAQABo4IBfTCCAXkwEgYDVR0T
+AQH/BAgwBgEB/wIBADAOBgNVHQ8BAf8EBAMCAYYwfwYIKwYBBQUHAQEEczBxMDIG
+CCsGAQUFBzABhiZodHRwOi8vaXNyZy50cnVzdGlkLm9jc3AuaWRlbnRydXN0LmNv
+bTA7BggrBgEFBQcwAoYvaHR0cDovL2FwcHMuaWRlbnRydXN0LmNvbS9yb290cy9k
+c3Ryb290Y2F4My5wN2MwHwYDVR0jBBgwFoAUxKexpHsscfrb4UuQdf/EFWCFiRAw
+VAYDVR0gBE0wSzAIBgZngQwBAgEwPwYLKwYBBAGC3xMBAQEwMDAuBggrBgEFBQcC
+ARYiaHR0cDovL2Nwcy5yb290LXgxLmxldHNlbmNyeXB0Lm9yZzA8BgNVHR8ENTAz
+MDGgL6AthitodHRwOi8vY3JsLmlkZW50cnVzdC5jb20vRFNUUk9PVENBWDNDUkwu
+Y3JsMB0GA1UdDgQWBBSoSmpjBH3duubRObemRWXv86jsoTANBgkqhkiG9w0BAQsF
+AAOCAQEA3TPXEfNjWDjdGBX7CVW+dla5cEilaUcne8IkCJLxWh9KEik3JHRRHGJo
+uM2VcGfl96S8TihRzZvoroed6ti6WqEBmtzw3Wodatg+VyOeph4EYpr/1wXKtx8/
+wApIvJSwtmVi4MFU5aMqrSDE6ea73Mj2tcMyo5jMd6jmeWUHK8so/joWUoHOUgwu
+X4Po1QYz+3dszkDqMp4fklxBwXRsW10KXzPMTZ+sOPAveyxindmjkW8lGy+QsRlG
+PfZ+G6Z6h7mjem0Y+iWlkYcV4PIWL1iwBi8saCbGS5jN2p8M+X+Q7UNKEkROb3N6
+KOqkqm57TH2H3eDJAkSnh6/DNFu0Qg==
+-----END CERTIFICATE-----
--- /dev/null
+-----BEGIN PRIVATE KEY-----
+MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQCYGvg/AJB6ey6q
+3KZANsKS/eI7AYq5tVVYnb7SfqtvB3/hlrp8EwXMM7sJjyLQ3DXNwXq1CGdBNVHV
+Q6+pJcvNAc1Om720ZnOjyCD6O3psC2X6QKbmcSPXGkuJuPQeLcOS0BhvrueA+U8H
+TkxJ3Ih9U6PGYvAV8NhN3jJCF+mp8nFT1N4C1EQSEjQximGa/ZyFZsPgayTdWyw6
+jWXyn+TDvgg5F4iRNO5GcB4NnLAE5sAw//rlwISuEopE+J4ygxNv9+tnuTbIWRYG
+5SCUy2vR8XQ3NNxlL+iv4sEH9qPEWYBopyRYmJ+dlLgBHBx9Zs4Mwd06TJTo4x0k
+hp+xLABrAgMBAAECggEBAIIvyzw5Ym/C0R2i/5TEieM/9Asm9bKfdu4DDhmiG19L
+nvPZi8G4kmTF/hdfcKAtasuyBzG9gIr6dRFA/q+azwWnvi7C9Crc6atMFpW2pMCn
+POBlx7RDMDbipba6HA9cgiE9hTzKChGE0VRier9ZR2VlWi7p7a4J10lGneOeDfvL
+WczBzT+Yqu6uIC99gTUMn44lpbGtrWJnjxlJSHvghxZ5NSDmYzVOpXHMTM98SjFa
+Y9ptSPcJnoM80wvWX4nw5cKJMuqPnMKXUkL5pIGOybGZ+25rekDaRR9BbfN5hHhQ
+hUqqqF4qoyGyf7LjUViYat9hwwcjcqPGJzLJ8eNSkaECgYEAx7178D6lzu5iaLKJ
+c8xtShmW5piAWn635Zj2WgVmJzYrOSCU63CWloMp31SyuHYFbh3sSG9oQYpbcQeQ
+kpgl56Xh4POtaWy6qzI0pkqyoDJXauX22VTGN8p02f9IC08Rpofm8ds1vlexff85
+hyZDKcCD6jU0C0zPDBxx2fDKlfsCgYEAwvK3iY+GL6A2CDJyS9xY7FaHohBBN0Dt
+adCLtNtYJkeYOTfru4BQYTU69dyHnhcNuwC4c0Y5tsK+3pm7Lul8RBODmTmtNwYV
+MTFO/d5uA9f+fbrtflPeZK/IhqCqSZrN/4PgbU4PIck6TZNMYtGoJqkYXTdxKyMR
+oSrVjjVN5FECgYBfY2yHBUQmGM5CddESzjP7SVE5eucBULb+HRi5UQ7B9yqZM6gq
+8C/aXXVnxIk9co+RURUAWsQNWMfmqNgwSh0ADcZbqcPNLzHOhEGEkPPRcXkyAfTr
+QYMQLc20Nifvzqj9QLXYFvoJltOa+oI8utckX14gQZxDMUFH5WWx0T7OdQKBgQC9
+5CjNUMVXTMp0z5avuDHR/DNftE+iH5dik+YRw/qoRuLLEWKIoGMrXOtSo35iingw
+aHJCruv2ztmXAM3o0zvdH9j2/sxvpXgtE6eq9+fXzKQzGkrN26nsD6HXKVbWHXl8
+45tPPVLWCSnGeK1WMHyHM/zsh92vNBivEYc1X0zBEQKBgF5eTqYqj37m4XDvJEpT
+ne2JZT90rYEI9SLX8+/fVj9GD4Ub8sRXJktXAJAS9cEmUSvC5Vb9UnwY6evf6UzA
+nKFIUp0YzqGGq40tKa3Ae3qaEtu5OgW1z35etFdKUy4Uctm0Q4irSo5BCtdai4Gl
+Rm/sh2vB4yJf6o0cvyn80xlg
+-----END PRIVATE KEY-----
--- /dev/null
+-----BEGIN CERTIFICATE REQUEST-----
+MIIDMTCCAhkCAQIwHDEaMBgGA1UEAwwRbnMyLnVodS1iYW5hbmUuZGUwggEiMA0G
+CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCYGvg/AJB6ey6q3KZANsKS/eI7AYq5
+tVVYnb7SfqtvB3/hlrp8EwXMM7sJjyLQ3DXNwXq1CGdBNVHVQ6+pJcvNAc1Om720
+ZnOjyCD6O3psC2X6QKbmcSPXGkuJuPQeLcOS0BhvrueA+U8HTkxJ3Ih9U6PGYvAV
+8NhN3jJCF+mp8nFT1N4C1EQSEjQximGa/ZyFZsPgayTdWyw6jWXyn+TDvgg5F4iR
+NO5GcB4NnLAE5sAw//rlwISuEopE+J4ygxNv9+tnuTbIWRYG5SCUy2vR8XQ3NNxl
+L+iv4sEH9qPEWYBopyRYmJ+dlLgBHBx9Zs4Mwd06TJTo4x0khp+xLABrAgMBAAGg
+gc8wgcwGCSqGSIb3DQEJDjGBvjCBuzCBuAYDVR0RBIGwMIGtghFuczIudWh1LWJh
+bmFuZS5kZYIUbnMyLmJyZWhtLW9ubGluZS5jb22CFnJlcG8yLmJyZWhtLW9ubGlu
+ZS5jb22CFHJlcG8yLnVodS1iYW5hbmUuY29tghNyZXBvMi51aHUtYmFuYW5lLmRl
+ghNyZXBvMi51aHUtYmFuYW5lLmV1ghRyZXBvMi51aHUtYmFuYW5lLm5ldIIUcmVw
+bzIudWh1LWJhbmFuZS5vcmcwDQYJKoZIhvcNAQELBQADggEBADuRvcg7c5zhmFEX
+12GEBUKVAINHTx69pprsDWiMnol5tYCOP/jmHUG9t1Ps/18JcP8myhn+Dwyzya5V
+UPCBiFrq0rJ6eeit5rKx6vvoXWPUIhbfEhfC7PvOIjik1XKBEJ8lFfv/AekToMMs
+31FB99bdHzJZ+JAcdew6/ZvGIp/oLHy7njQGhpUzsqaEw3KNf7ycDh7KqVdw3uFa
+vInsl62cJIrpVNUi8sc3o45SUxmSfnqxoG1/Inyb/avNQ7hdHzqadeHaJ98wuhX6
+dMq2tVhNKa3HNYTwnuMo5NvLxLw0BE4iu/bouATxmtmyjzc0Kv0NClKK1WGJCxDU
+RE0e9G4=
+-----END CERTIFICATE REQUEST-----
--- /dev/null
+-----BEGIN PRIVATE KEY-----
+MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQCYGvg/AJB6ey6q
+3KZANsKS/eI7AYq5tVVYnb7SfqtvB3/hlrp8EwXMM7sJjyLQ3DXNwXq1CGdBNVHV
+Q6+pJcvNAc1Om720ZnOjyCD6O3psC2X6QKbmcSPXGkuJuPQeLcOS0BhvrueA+U8H
+TkxJ3Ih9U6PGYvAV8NhN3jJCF+mp8nFT1N4C1EQSEjQximGa/ZyFZsPgayTdWyw6
+jWXyn+TDvgg5F4iRNO5GcB4NnLAE5sAw//rlwISuEopE+J4ygxNv9+tnuTbIWRYG
+5SCUy2vR8XQ3NNxlL+iv4sEH9qPEWYBopyRYmJ+dlLgBHBx9Zs4Mwd06TJTo4x0k
+hp+xLABrAgMBAAECggEBAIIvyzw5Ym/C0R2i/5TEieM/9Asm9bKfdu4DDhmiG19L
+nvPZi8G4kmTF/hdfcKAtasuyBzG9gIr6dRFA/q+azwWnvi7C9Crc6atMFpW2pMCn
+POBlx7RDMDbipba6HA9cgiE9hTzKChGE0VRier9ZR2VlWi7p7a4J10lGneOeDfvL
+WczBzT+Yqu6uIC99gTUMn44lpbGtrWJnjxlJSHvghxZ5NSDmYzVOpXHMTM98SjFa
+Y9ptSPcJnoM80wvWX4nw5cKJMuqPnMKXUkL5pIGOybGZ+25rekDaRR9BbfN5hHhQ
+hUqqqF4qoyGyf7LjUViYat9hwwcjcqPGJzLJ8eNSkaECgYEAx7178D6lzu5iaLKJ
+c8xtShmW5piAWn635Zj2WgVmJzYrOSCU63CWloMp31SyuHYFbh3sSG9oQYpbcQeQ
+kpgl56Xh4POtaWy6qzI0pkqyoDJXauX22VTGN8p02f9IC08Rpofm8ds1vlexff85
+hyZDKcCD6jU0C0zPDBxx2fDKlfsCgYEAwvK3iY+GL6A2CDJyS9xY7FaHohBBN0Dt
+adCLtNtYJkeYOTfru4BQYTU69dyHnhcNuwC4c0Y5tsK+3pm7Lul8RBODmTmtNwYV
+MTFO/d5uA9f+fbrtflPeZK/IhqCqSZrN/4PgbU4PIck6TZNMYtGoJqkYXTdxKyMR
+oSrVjjVN5FECgYBfY2yHBUQmGM5CddESzjP7SVE5eucBULb+HRi5UQ7B9yqZM6gq
+8C/aXXVnxIk9co+RURUAWsQNWMfmqNgwSh0ADcZbqcPNLzHOhEGEkPPRcXkyAfTr
+QYMQLc20Nifvzqj9QLXYFvoJltOa+oI8utckX14gQZxDMUFH5WWx0T7OdQKBgQC9
+5CjNUMVXTMp0z5avuDHR/DNftE+iH5dik+YRw/qoRuLLEWKIoGMrXOtSo35iingw
+aHJCruv2ztmXAM3o0zvdH9j2/sxvpXgtE6eq9+fXzKQzGkrN26nsD6HXKVbWHXl8
+45tPPVLWCSnGeK1WMHyHM/zsh92vNBivEYc1X0zBEQKBgF5eTqYqj37m4XDvJEpT
+ne2JZT90rYEI9SLX8+/fVj9GD4Ub8sRXJktXAJAS9cEmUSvC5Vb9UnwY6evf6UzA
+nKFIUp0YzqGGq40tKa3Ae3qaEtu5OgW1z35etFdKUy4Uctm0Q4irSo5BCtdai4Gl
+Rm/sh2vB4yJf6o0cvyn80xlg
+-----END PRIVATE KEY-----
--- /dev/null
+../../archive/ns2.uhu-banane.de/cert1.pem
\ No newline at end of file
--- /dev/null
+../../archive/ns2.uhu-banane.de/chain1.pem
\ No newline at end of file
--- /dev/null
+../../archive/ns2.uhu-banane.de/fullchain1.pem
\ No newline at end of file
--- /dev/null
+../../archive/ns2.uhu-banane.de/privkey1.pem
\ No newline at end of file
--- /dev/null
+# Baseline setting to Include for SSL sites
+
+SSLEngine on
+
+# Intermediate configuration, tweak to your needs
+SSLProtocol all -SSLv2 -SSLv3
+SSLCipherSuite ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA
+SSLHonorCipherOrder on
+SSLCompression off
+
+SSLOptions +StrictRequire
+
+# Add vhost name to log entries:
+LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-agent}i\"" vhost_combined
+LogFormat "%v %h %l %u %t \"%r\" %>s %b" vhost_common
+
+#CustomLog /var/log/apache2/access.log vhost_combined
+#LogLevel warn
+#ErrorLog /var/log/apache2/error.log
+
+# Always ensure Cookies have "Secure" set (JAH 2012/1)
+#Header edit Set-Cookie (?i)^(.*)(;\s*secure)??((\s*;)?(.*)) "$1; Secure$3$4"
--- /dev/null
+# renew_before_expiry = 30 days
+version = 0.8.1
+cert = /etc/letsencrypt/live/ns2.uhu-banane.de/cert.pem
+privkey = /etc/letsencrypt/live/ns2.uhu-banane.de/privkey.pem
+chain = /etc/letsencrypt/live/ns2.uhu-banane.de/chain.pem
+fullchain = /etc/letsencrypt/live/ns2.uhu-banane.de/fullchain.pem
+
+# Options used in the renewal process
+[renewalparams]
+authenticator = apache
+installer = None
+account = 42e8348f3298d0407fb96743a4903e0b
--- /dev/null
+## some useful aliases
+alias dir ls
+alias less more
+alias zless zmore
+alias bzless bzmore
+alias reconnect "close; cache flush; cd ."
+alias edit "eval -f \"get $0 -o ~/.lftp/edit.tmp.$$ && shell \\\"cp -p ~/.lftp/edit.tmp.$$ ~/.lftp/edit.tmp.$$.orig && $EDITOR ~/.lftp/edit.tmp.$$ && test ~/.lftp/edit.tmp.$$ -nt ~/.lftp/edit.tmp.$$.orig\\\" && put ~/.lftp/edit.tmp.$$ -o $0; shell rm -f ~/.lftp/edit.tmp.$$*\""
+
+## make prompt look better
+set prompt "lftp \S\? \u\@\h:\w> "
+## some may prefer colors (contributed by Matthew <mwormald@optusnet.com.au>)
+#set prompt "\[\e[1;30m\][\[\e[0;34m\]f\[\e[1m\]t\[\e[37m\]p\[\e[30m\]] \[\e[34m\]\u\[\e[0;34m\]\@\[\e[1m\]\h\[\e[1;30m\]:\[\e[1;34m\]\w\[\e[1;30m\]>\[\e[0m\] "
+## Uncomment the following two lines to make switch cls and ls, making
+## cls the default.
+#alias ls command cls
+#alias hostls command ls
+
+## default protocol selection
+#set default-protocol/ftp.* ftp
+#set default-protocol/www.* http
+#set default-protocol/localhost file
+
+## this makes lftp faster but doesn't work with some sites/routers
+#set ftp:sync-mode off
+
+## synchronous mode for broken servers and/or routers
+set sync-mode/ftp.idsoftware.com on
+set sync-mode/ftp.microsoft.com on
+set sync-mode/sunsolve.sun.com on
+## extended regex to match first server message for automatic sync-mode.
+set auto-sync-mode "icrosoft FTP Service|MadGoat|MikroTik"
+
+## if default ftp passive mode does not work, try this:
+# set ftp:passive-mode off
+
+## Set this to follow http redirections
+set xfer:max-redirections 10
+
+## Proxy can help to pass a firewall
+## Environment variables ftp_proxy, http_proxy and no_proxy are used to
+## initialize the below variables automatically. You can set them here too.
+##
+## ftp:proxy must communicate with client over ftp protocol, squid won't do.
+## This can be e.g. TIS-FWTK or rftpd. User and password are optional.
+# set ftp:proxy ftp://[user:pass@]your_ftp_proxy:port
+## ...but squid still can be used to access ftp servers, using hftp protocol:
+# set ftp:proxy http://your.squid.address:port
+## ...if squid allows CONNECT to arbitrary ports, then you can use CONNECT
+## instead of hftp:
+# set ftp:use-hftp no
+##
+## no proxy for host
+# set ftp:proxy/local_host ""
+## or domain
+# set ftp:proxy/*.domain.com ...
+##
+## http:proxy must communicate with client over http protocol, e.g. squid.
+## Default port is 3128.
+# set http:proxy your_http_proxy[:port]
+## hftp:proxy must also be an http proxy. It is used for FTP over HTTP access.
+# set hftp:proxy your_http_proxy[:port]
+##
+## net:no-proxy disables proxy usage for list of domains.
+# set net:no-proxy .domain.com,.otherdom.net
+
+## If you don't have direct ftp access, this setting can be useful to select
+## hftp instead of ftp automatically.
+# set ftp:proxy http://your.http.proxy:port
+
+## This can be used for automatic saving of configuration
+# set at-exit "set > ~/.lftp/settings"
+# source ~/.lftp/settings
+
+## and this is for remembring last site
+## (combine with previous rule if you want)
+# set at-exit "bo a last"
+# open last
+
+## Terminal strings to set titlebars for terminals that don't
+## properly specify tsl and fsl capabilities.
+## Use cmd:set-term-status to enable this.
+set cmd:term-status/*screen* "\e_\T\e\\"
+set cmd:term-status/*xterm* "\e[11;0]\e]2;\T\007\e[11]"
+set cmd:term-status/*rxvt* "\e[11;0]\e]2;\T\007\e[11]"
+# set cmd:set-term-status on
+
+## If you don't like advertising lftp or servers hate it, set this:
+# set ftp:anon-pass "mozilla@"
+# set ftp:client ""
+# set http:user-agent "Mozilla/4.7 [en] (WinNT; I)"
+
+# try inet6 before inet
+set dns:order "inet6 inet"
+
monthly
create 0664 root utmp
rotate 12
+ dateext
+ dateformat -%Y-%m-%d
size 4M
}
monthly
create 0660 root utmp
rotate 12
+ dateext
+ dateformat -%Y-%m-%d
size 4M
}
--- /dev/null
+/var/log/apache2/*.log {
+ daily
+ missingok
+ rotate 14
+ dateext
+ compress
+ delaycompress
+ notifempty
+ size 4M
+ create 640 root adm
+ sharedscripts
+ postrotate
+ if /etc/init.d/apache2 status > /dev/null ; then \
+ /etc/init.d/apache2 reload > /dev/null; \
+ fi;
+ endscript
+ prerotate
+ if [ -d /etc/logrotate.d/httpd-prerotate ]; then \
+ run-parts /etc/logrotate.d/httpd-prerotate; \
+ fi; \
+ endscript
+}
+
+# vim: ts=4 filetype=conf
/var/log/apt/term.log {
- rotate 12
- monthly
- compress
- missingok
- notifempty
+ rotate 12
+ monthly
+ compress
+ missingok
+ notifempty
+ size 1M
+ delaycompress
+ dateext
+ dateformat -%Y-%m-%d
}
/var/log/apt/history.log {
- rotate 12
- monthly
- compress
- missingok
- notifempty
+ rotate 12
+ monthly
+ compress
+ missingok
+ notifempty
+ size 1M
+ delaycompress
+ dateext
+ dateformat -%Y-%m-%d
}
+# vim: ts=4 filetype=conf et
/var/log/aptitude {
- rotate 6
- monthly
- compress
- missingok
- notifempty
+ rotate 6
+ monthly
+ compress
+ missingok
+ notifempty
+ size 1M
+ delaycompress
+ dateext
+ dateformat -%Y-%m-%d
+ olddir /var/log/.old
}
+
+# vim: ts=4 filetype=conf et
--- /dev/null
+/var/log/bind/complete-debug.log /var/log/bind/debug.log /var/log/bind/query.log /var/log/bind/security.log {
+ daily
+ olddir /var/log/bind/.old
+ dateext
+ size 4M
+ rotate 10
+ notifempty
+ missingok
+ compress
+ delaycompress
+ sharedscripts
+ postrotate
+ /usr/sbin/rndc reload
+ endscript
+}
+
+/var/log/bind/named.log {
+ daily
+ olddir /var/log/bind/.old
+ dateext
+ size 10M
+ rotate 20
+ notifempty
+ missingok
+ compress
+ delaycompress
+ sharedscripts
+ postrotate
+ /usr/sbin/rndc reload
+ endscript
+}
+
+
+# vim: ts=4 filetype=conf
+
notifempty
compress
delaycompress
+ dateext
+ size 4M
sharedscripts
create 644
postrotate
- PASSWORD=`awk '$1 ~ /^1$/ {print $2; exit}' /etc/chrony/chrony.keys`
- cat << EOF | /usr/bin/chronyc | sed '/^200 OK$/d'
- password $PASSWORD
- cyclelogs
- EOF
+ /usr/bin/chronyc -a cyclelogs > /dev/null 2>&1 || true
endscript
}
--- /dev/null
+/var/log/chrony/*.log {
+ weekly
+ rotate 7
+ missingok
+ notifempty
+ compress
+ delaycompress
+ sharedscripts
+ create 644
+ postrotate
+ /usr/bin/chronyc -a cyclelogs > /dev/null 2>&1 || true
+ endscript
+}
/var/log/dpkg.log {
- monthly
- rotate 12
- compress
- delaycompress
- missingok
- notifempty
- create 644 root root
+ monthly
+ rotate 12
+ compress
+ delaycompress
+ missingok
+ notifempty
+ size 1M
+ create 644 root root
+ dateext
+ dateformat -%Y-%m-%d
+ olddir /var/log/.old
}
+
/var/log/alternatives.log {
- monthly
- rotate 12
- compress
- delaycompress
- missingok
- notifempty
- create 644 root root
+ monthly
+ rotate 12
+ compress
+ delaycompress
+ missingok
+ notifempty
+ size 1M
+ create 644 root root
+ dateext
+ dateformat -%Y-%m-%d
+ olddir /var/log/.old
}
+
+# vim: ts=4 filetype=conf et
notifempty
compress
delaycompress
- dateext
- size 4M
- olddir /var/log/.old
+ dateext
+ size 4M
+ olddir /var/log/.old
+ sharedscripts
postrotate
invoke-rc.d rsyslog rotate > /dev/null
endscript
}
+/var/log/all.log
/var/log/mail.info
/var/log/mail.warn
/var/log/mail.err
/var/log/lpr.log
/var/log/cron.log
/var/log/debug
+/var/log/debug.log
{
rotate 4
weekly
notifempty
compress
delaycompress
- dateext
- size 4M
- olddir /var/log/.old
+ dateext
+ size 4M
+ olddir /var/log/.old
sharedscripts
postrotate
invoke-rc.d rsyslog rotate > /dev/null
}
/var/log/syslog.d/*.log {
- rotate 10
- weekly
- missingok
- notifempty
- size 4M
- delaycompress
- dateext
- compress
- olddir /var/log/syslog.d/.old
- sharedscripts
- postrotate
- reload rsyslog >/dev/null 2>&1 || true
- endscript
+ rotate 10
+ weekly
+ missingok
+ notifempty
+ size 4M
+ delaycompress
+ dateext
+ compress
+ olddir /var/log/syslog.d/.old
+ sharedscripts
+ postrotate
+ invoke-rc.d rsyslog rotate > /dev/null
+ endscript
}
# vim: ts=4 filetype=conf et
--- /dev/null
+/var/log/salt/master {
+ weekly
+ missingok
+ dateext
+ rotate 7
+ compress
+ notifempty
+ size +1M
+ sharedscripts
+ postrotate
+ invoke-rc.d salt-master restart > /dev/null
+ endscript
+}
+
+/var/log/salt/minion {
+ weekly
+ missingok
+ dateext
+ rotate 7
+ compress
+ notifempty
+ size +1M
+ sharedscripts
+ postrotate
+ invoke-rc.d salt-minion restart > /dev/null
+ endscript
+}
+
+/var/log/salt/key {
+ weekly
+ missingok
+ dateext
+ rotate 7
+ compress
+ notifempty
+ size +1M
+}
--- /dev/null
+#/var/log/ulog/*.log /var/log/ulog/*.pcap {
+# missingok
+# compress
+# sharedscripts
+# create 640 ulog adm
+# postrotate
+# invoke-rc.d ulogd2 reload > /dev/null
+# endscript
+#}
+
+/var/log/ulog/*.log {
+ weekly
+ dateext
+ rotate 20
+ size 4M
+ compress
+ delaycompress
+ missingok
+ notifempty
+ create 0640 ulog adm
+ sharedscripts
+ postrotate
+ invoke-rc.d ulogd2 reload > /dev/null
+ endscript
+}
+
+# vim: ts=4 filetype=conf
+++ /dev/null
-../modules
\ No newline at end of file
--- /dev/null
+#!/bin/sh -e
+# Called when an interface disconnects
+# Written by LaMont Jones <lamont@debian.org>
+
+# kick named as needed
+
+# If /usr isn't mounted yet, silently bail.
+if [ ! -d /usr/sbin ]; then
+ exit 0
+fi
+
+# if named is running, reconfig it.
+rndc reconfig >/dev/null 2>&1 &
+
+exit 0
--- /dev/null
+#!/bin/sh -e
+# Called when a new interface comes up
+# Written by LaMont Jones <lamont@debian.org>
+
+# kick named as needed
+
+# If /usr isn't mounted yet, silently bail.
+if [ ! -d /usr/sbin ]; then
+ exit 0
+fi
+
+# if named is running, reconfig it.
+rndc reconfig >/dev/null 2>&1 &
+
+exit 0
--- /dev/null
+#%PAM-1.0
+
+@include common-auth
+@include common-account
+@include common-session-noninteractive
-root:x:0:0:root:/root:/bin/bash
+root:x:0:0:root Ns2:/root:/bin/bash
daemon:x:1:1:daemon:/usr/sbin:/usr/sbin/nologin
bin:x:2:2:bin:/bin:/usr/sbin/nologin
sys:x:3:3:sys:/dev:/usr/sbin/nologin
systemd-bus-proxy:x:103:106:systemd Bus Proxy,,,:/run/systemd:/bin/false
sshd:x:104:65534::/var/run/sshd:/usr/sbin/nologin
postfix:x:105:111::/var/spool/postfix:/bin/false
+bind:x:106:114:Bind daemon user,,,:/var/cache/bind:/bin/false
+ulog:x:107:115::/var/log/ulog:/bin/false
+repo:x:1111:100:Repository user ns2,,,:/home/repo:/bin/bash
-root:x:0:0:root:/root:/bin/bash
+root:x:0:0:root Ns2:/root:/bin/bash
daemon:x:1:1:daemon:/usr/sbin:/usr/sbin/nologin
bin:x:2:2:bin:/bin:/usr/sbin/nologin
sys:x:3:3:sys:/dev:/usr/sbin/nologin
systemd-bus-proxy:x:103:106:systemd Bus Proxy,,,:/run/systemd:/bin/false
sshd:x:104:65534::/var/run/sshd:/usr/sbin/nologin
postfix:x:105:111::/var/spool/postfix:/bin/false
+bind:x:106:114:Bind daemon user,,,:/var/cache/bind:/bin/false
+ulog:x:107:115::/var/log/ulog:/bin/false
+repo:x:1111:100::/home/repo:/bin/bash
--- /dev/null
+# This script is only provided as a transition mechanism for
+# removing the current working directory from the library search path
+# in a user-configurable way.
+#
+# It was considered too risky to remove "." from @INC globally in the
+# jessie security update which introduced this file, but administrators
+# are given the option to to override this default by uncommenting the
+# last line of this file.
+#
+# It is hoped that a future update to jessie might change this default,
+# once more is known about the impact on real world Debian systems.
+#
+# However, please note that this facility is expected to be removed after
+# the Debian stretch release, at which point any code in this file will
+# not have any effect.
+#
+# Please see CVE-2016-1238 for background information on the risks
+# of having "." on @INC.
+
+#pop @INC if $INC[-1] eq '.' and !$ENV{PERL_USE_UNSAFE_INC};
+# Managed by config management
# See /usr/share/postfix/main.cf.dist for a commented, more complete version
# Debian specific: Specifying a file name will cause the first
# line of that file to be used as the name. The Debian default
# is /etc/mailname.
-#myorigin = /etc/mailname
+myorigin = /etc/mailname
-smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
+smtpd_banner = $myhostname ESMTP Frank Brehms Mail Service $mail_name ($mail_version) (Debian/GNU)
biff = no
+
# appending .domain is the MUA's job.
append_dot_mydomain = yes
#delay_warning_time = 4h
readme_directory = no
-
-# TLS parameters
+# SASL parameters (http://www.postfix.org/SASL_README.html)
+smtpd_sasl_auth_enable = yes
+smtpd_sasl_path = smtpd
+smtpd_sasl_type = cyrus
+smtpd_sasl_local_domain = $myhostname
+smtpd_sasl_security_options =
+ noanonymous,
+ noplaintext,
+smtpd_sasl_tls_security_options =
+ noanonymous,
+smtpd_tls_auth_only = no
+# TLS parameters (http://www.postfix.org/TLS_README.html)
+# Recipient settings
+smtpd_use_tls = yes
+smtpd_tls_loglevel = 1
+smtpd_tls_security_level = may
smtpd_tls_cert_file = /etc/postfix/postfix.pem
smtpd_tls_key_file = /etc/postfix/postfix.pem
-smtpd_use_tls=yes
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
+smtpd_tls_mandatory_ciphers = high
+smtpd_tls_mandatory_exclude_ciphers =
+ aNULL,
+ MD5,
+smtpd_tls_mandatory_protocols =
+ !SSLv2,
+ !SSLv3,
+tls_preempt_cipherlist = yes
+# Relay/Sender settings
+smtp_tls_loglevel = 1
+smtp_tls_security_level = may
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
+smtpd_tls_received_header = yes
+smtpd_tls_session_cache_timeout = 3600s
-# See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
-# information on enabling SSL in the smtp client.
-
-smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination
myhostname = ns2.uhu-banane.de
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
-myorigin = /etc/mailname
-mydestination = ns2.uhu-banane.de, ns2.brehm-online.com, localhost.uhu-banane.de, localhost
-relayhost = [mail.brehm-online.com]
-mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 162.254.24.33
+mydestination =
+ ns2.uhu-banane.de,
+ ns2.brehm-online.com,
+ localhost.uhu-banane.de,
+ localhost,
+ localhost.localdomain,
+relayhost = [mail.uhu-banane.net]:submission
+mynetworks =
+ 127.0.0.0/8,
+ [::ffff:127.0.0.0]/104,
+ [::1]/128,
+ 162.254.24.33/32,
+ fe80::1:d8ff:fed3:dbd2/128,
mailbox_command = procmail -a "$EXTENSION"
mailbox_size_limit = 0
recipient_delimiter = +
-# inet_interfaces = loopback-only
+inet_interfaces = loopback-only
inet_protocols = ipv4
-mydomain = uhu-banane.de
-smtp_sasl_auth_enable = yes
+
+message_size_limit = 41943040
+
+smtpd_relay_restrictions =
+ permit_mynetworks,
+ permit_sasl_authenticated,
+ defer_unauth_destination,
+smtpd_recipient_restrictions =
+ permit_mynetworks,
+ permit_sasl_authenticated,
+ reject_unauth_destination,
smtp_sasl_password_maps = hash:/etc/postfix/smtp_auth
-smtp_sasl_security_options = noanonymous
-smtp_tls_cert_file = /etc/postfix/postfix.pem
smtp_tls_enforce_peername = no
smtp_tls_key_file = /etc/postfix/postfix.pem
+smtp_tls_cert_file = /etc/postfix/postfix.pem
smtp_use_tls = yes
-smtpd_sasl_auth_enable = yes
-smtpd_sasl_local_domain = $myhostname
-smtpd_sasl_security_options = noanonymous
-smtpd_tls_loglevel = 1
-smtpd_tls_received_header = yes
-smtpd_tls_session_cache_timeout = 3600s
+smtp_sasl_security_options = noanonymous
+smtp_sasl_auth_enable = yes
+smtp_tls_CApath =
+
unknown_local_recipient_reject_code = 550
+
+# vim: filetype=pfmain
randfile="/etc/postfix/postfix.rand"
conffile="/etc/postfix/postfix-cert.cnf"
-if [ -f $pemfile ]; then
- echo "$pemfile already exists."
+if [[ -f "${pemfile}" ]]; then
+ echo "${pemfile} already exists."
exit 1
fi
-if [ ! -f $conffile ] ; then
- echo "$conffile does not exists!"
+if [[ ! -f "${conffile}" [] ; then
+ echo "${conffile} does not exists!"
exit 2
fi
-cp /dev/null $pemfile
-chmod 600 $pemfile
-chown root $pemfile
+cp /dev/null "${pemfile}"
+chmod 600 "${pemfile}"
+chown root "${pemfile}"
cleanup() {
- rm -f $pemfile
- rm -f $randfile
+ rm -f "${pemfile}"
+ rm -f "${randfile}"
exit 1
}
-dd if=/dev/urandom of=$randfile count=1 2>/dev/null
+dd if=/dev/urandom of="${randfile}" count=1 2>/dev/null
/usr/bin/openssl req -new -x509 -days 3650 -nodes \
- -config $conffile -out $pemfile -keyout $pemfile || cleanup
-/usr/bin/openssl gendh -rand $randfile 512 >> $pemfile || cleanup
-/usr/bin/openssl x509 -subject -dates -fingerprint -noout -in $pemfile || cleanup
-rm -f $randfile
+ -config "${conffile}" -out "${pemfile}" -keyout "${pemfile}" || cleanup
+/usr/bin/openssl gendh -rand "${randfile}" 512 >> "${pemfile}" || cleanup
+/usr/bin/openssl x509 -subject -dates -fingerprint -noout -in "${pemfile}" || cleanup
+rm -f "${randfile}"
-
RANDFILE = /usr/share/postfix.rand
[ req ]
L=Berlin
O=Frank Brehm
OU=Mail Server Postfix SSL key
-CN=ns3.uhu-banane.de
+CN=ns2.uhu-banane.de
emailAddress=postmaster@brehm-online.com
[ cert_type ]
nsCertType = server
+# vim: filetype=dosini
-mail.brehm-online.com vmail:uhu
+# Managed by config management
+# Don't change it manually
+#
+
+mail.brehm-online.com vmail:uhu
helga-six.brehm-online.com vmail:uhu
+mail.uhu-banane.net vmail@uhu-banane.net:up2UdLCE
+
+
+# vim: syntax=conf ts=8
--- /dev/null
+#!/bin/sh -e
+# Called when an interface disconnects
+# Written by LaMont Jones <lamont@debian.org>
+
+# kick named as needed
+
+# If /usr isn't mounted yet, silently bail.
+if [ ! -d /usr/sbin ]; then
+ exit 0
+fi
+
+# if named is running, reconfig it.
+rndc reconfig >/dev/null 2>&1 &
+
+exit 0
--- /dev/null
+#!/bin/sh -e
+# Called when a new interface comes up
+# Written by LaMont Jones <lamont@debian.org>
+
+# kick named as needed
+
+# If /usr isn't mounted yet, silently bail.
+if [ ! -d /usr/sbin ]; then
+ exit 0
+fi
+
+# if named is running, reconfig it.
+rndc reconfig >/dev/null 2>&1 &
+
+exit 0
[ -z "$BASH_VERSION" ] && return
# for setting history length see HISTSIZE and HISTFILESIZE in bash(1)
-HISTSIZE=10000
-HISTFILESIZE=10000
+HISTSIZE=50000
+HISTFILESIZE=50000
HISTTIMEFORMAT='%Y-%m-%d %H:%M:%S '
HISTCONTROL=ignoredups:ignorespace
# append to the history file, don't overwrite it
shopt -s checkwinsize
# make less more friendly for non-text input files, see lesspipe(1)
-[ -x /bin/lesspipe ] && eval "$(SHELL=/bin/sh lesspipe)"
+[[ -x /bin/lesspipe ]] && eval "$(SHELL=/bin/sh lesspipe)"
# set variable identifying the chroot you work in (used in the prompt below)
-if [ -z "${debian_chroot:-}" ] && [ -r /etc/debian_chroot ]; then
+if [[ -z "${debian_chroot:-}" && -r /etc/debian_chroot ]]; then
debian_chroot=$(cat /etc/debian_chroot)
fi
# should be on the output of commands, not on the prompt
force_color_prompt=yes
-if [ -n "$force_color_prompt" ]; then
- if [ -x /usr/bin/tput ] && tput setaf 1 >&/dev/null; then
+if [[ -n "$force_color_prompt" ]]; then
+ if [[ -x /usr/bin/tput ]] && tput setaf 1 >&/dev/null; then
# We have color support; assume it's compliant with Ecma-48
# (ISO/IEC-6429). (Lack of such support is extremely rare, and such
# a case would tend to support setf rather than setaf.)
fi
fi
-if [ "$color_prompt" = yes ]; then
+prompt_status() {
+ local e=$?;
+ [[ $e != 0 ]] && echo -e "$e ";
+}
+
+if [[ "$color_prompt" = yes ]]; then
if type -t __git_ps1 >/dev/null ; then
- if [ "$UID" = 0 ]; then
- PS1='$? ${debian_chroot:+($debian_chroot)}\[\033[01;31m\]\u@\h\[\033[01;30m\]:\[\033[01;34m\]\w\[\033[01;31m\]$(__git_ps1)\[\033[01;34m\] \$ \[\033[00m\]'
+ if [[ "$UID" = 0 ]]; then
+ PS1='${debian_chroot:+($debian_chroot)}\[\e[31m\]$(prompt_status)\[\033[01;31m\]\u\[\033[01;33m\]@\[\033[01;36m\]\h \[\033[01;33m\]\w\[\033[01;31m\]$(__git_ps1)\[\033[01;35m\] \$ \[\033[00m\]'
else
- PS1='$? ${debian_chroot:+($debian_chroot)}\[\033[01;32m\]\u@\h\[\033[00m\]:\[\033[01;34m\]\w\[\033[01;31m\]$(__git_ps1)\[\033[01;34m\] > \[\033[00m\]'
+ PS1='${debian_chroot:+($debian_chroot)}\[\e[31m\]$(prompt_status)\[\033[01;32m\]\u\[\033[01;33m\]@\[\033[01;36m\]\h \[\033[01;33m\]\w\[\033[01;31m\]$(__git_ps1)\[\033[01;35m\] > \[\033[00m\]'
fi
else
- if [ "$UID" = 0 ]; then
- PS1='$? ${debian_chroot:+($debian_chroot)}\[\033[01;31m\]\u@\h\[\033[01;30m\]:\[\033[01;34m\]\w \$ \[\033[00m\]'
+ if [[ "$UID" = 0 ]]; then
+ PS1='${debian_chroot:+($debian_chroot)}\[\e[31m\]$(prompt_status)\[\033[01;31m\]\u\[\033[01;33m\]@\[\033[01;36m\]\h \[\033[01;33m\]\w \[\033[01;35m\]\$ \[\033[00m\]'
else
- PS1='$? ${debian_chroot:+($debian_chroot)}\[\033[01;32m\]\u@\h\[\033[00m\]:\[\033[01;34m\]\w > \[\033[00m\]'
+ PS1='${debian_chroot:+($debian_chroot)}\[\e[31m\]$(prompt_status)\[\033[01;32m\]\u\[\033[01;33m\]@\[\033[01;36m\]\h \[\033[01;33m\]\w \[\033[01;35m\]> \[\033[00m\]'
fi
fi
else
- PS1='$? ${debian_chroot:+($debian_chroot)}\u@\h:\w\$ '
+ PS1='${debian_chroot:+($debian_chroot)}$(prompt_status)\u@\h:\w\$ '
fi
# enable color support of ls and also add handy aliases
-if [ -x /usr/bin/dircolors ]; then
+if [[ -x /usr/bin/dircolors ]]; then
test -r ~/.dircolors && eval "$(dircolors -b ~/.dircolors)" || eval "$(dircolors -b)"
alias ls='ls --color=auto'
#alias dir='dir --color=auto'
fi
alias rd='rmdir'
-if [ "$(type -t colordiff)" = "file" ] ; then
+if [[ "$(type -t colordiff)" = "file" ]] ; then
alias diff="$(type -p colordiff)"
fi
-if [ -f ~/.bash_aliases ]; then
+if [[ -f ~/.bash_aliases ]]; then
. ~/.bash_aliases
fi
# enable bash completion in interactive shells
if ! shopt -oq posix; then
- if [ -f /usr/share/bash-completion/bash_completion ]; then
+ if [[ -f /usr/share/bash-completion/bash_completion ]]; then
. /usr/share/bash-completion/bash_completion
- elif [ -f /etc/bash_completion ]; then
+ elif [[ -f /etc/bash_completion ]]; then
. /etc/bash_completion
fi
fi
# if the command-not-found package is installed, use it
-if [ -x /usr/lib/command-not-found -o -x /usr/share/command-not-found/command-not-found ]; then
+if [[ -x /usr/lib/command-not-found || -x /usr/share/command-not-found/command-not-found ]]; then
function command_not_found_handle {
- # check because c-n-f could've been removed in the meantime
- if [ -x /usr/lib/command-not-found ]; then
- /usr/bin/python /usr/lib/command-not-found -- "$1"
- return $?
- elif [ -x /usr/share/command-not-found/command-not-found ]; then
- /usr/bin/python /usr/share/command-not-found/command-not-found -- "$1"
- return $?
+ # check because c-n-f could've been removed in the meantime
+ if [[ -x /usr/lib/command-not-found ]]; then
+ /usr/bin/python /usr/lib/command-not-found -- "$1"
+ return $?
+ elif [[ -x /usr/share/command-not-found/command-not-found ]]; then
+ /usr/bin/python /usr/share/command-not-found/command-not-found -- "$1"
+ return $?
else
- printf "%s: command not found\n" "$1" >&2
- return 127
+ printf "%s: command not found\n" "$1" >&2
+ return 127
fi
}
fi
--- /dev/null
+# install the apport exception handler if available
+try:
+ import apport_python_hook
+except ImportError:
+ pass
+else:
+ apport_python_hook.install()
--- /dev/null
+[DEFAULT]
+# how to byte-compile (comma separated: standard, optimize)
+byte-compile = standard
--- /dev/null
+../init.d/apache2
\ No newline at end of file
--- /dev/null
+../init.d/netfilter-persistent
\ No newline at end of file
--- /dev/null
+../init.d/salt-minion
\ No newline at end of file
--- /dev/null
+../init.d/ulogd2
\ No newline at end of file
--- /dev/null
+../init.d/bind9
\ No newline at end of file
+++ /dev/null
-../init.d/sendsigs
\ No newline at end of file
+++ /dev/null
-../init.d/rsyslog
\ No newline at end of file
--- /dev/null
+../init.d/sendsigs
\ No newline at end of file
+++ /dev/null
-../init.d/hwclock.sh
\ No newline at end of file
--- /dev/null
+../init.d/rsyslog
\ No newline at end of file
+++ /dev/null
-../init.d/umountnfs.sh
\ No newline at end of file
--- /dev/null
+../init.d/hwclock.sh
\ No newline at end of file
+++ /dev/null
-../init.d/networking
\ No newline at end of file
--- /dev/null
+../init.d/umountnfs.sh
\ No newline at end of file
--- /dev/null
+../init.d/networking
\ No newline at end of file
+++ /dev/null
-../init.d/umountfs
\ No newline at end of file
--- /dev/null
+../init.d/umountfs
\ No newline at end of file
+++ /dev/null
-../init.d/umountroot
\ No newline at end of file
+++ /dev/null
-../init.d/halt
\ No newline at end of file
--- /dev/null
+../init.d/umountroot
\ No newline at end of file
--- /dev/null
+../init.d/halt
\ No newline at end of file
--- /dev/null
+../init.d/apache2
\ No newline at end of file
--- /dev/null
+../init.d/netfilter-persistent
\ No newline at end of file
--- /dev/null
+../init.d/salt-minion
\ No newline at end of file
--- /dev/null
+../init.d/ulogd2
\ No newline at end of file
--- /dev/null
+../init.d/bind9
\ No newline at end of file
+++ /dev/null
-../init.d/rsyslog
\ No newline at end of file
--- /dev/null
+../init.d/rsyslog
\ No newline at end of file
+++ /dev/null
-../init.d/bootlogs
\ No newline at end of file
--- /dev/null
+../init.d/bootlogs
\ No newline at end of file
+++ /dev/null
-../init.d/single
\ No newline at end of file
--- /dev/null
+../init.d/single
\ No newline at end of file
--- /dev/null
+../init.d/salt-minion
\ No newline at end of file
--- /dev/null
+../init.d/bind9
\ No newline at end of file
+++ /dev/null
-../init.d/chrony
\ No newline at end of file
+++ /dev/null
-../init.d/cron
\ No newline at end of file
+++ /dev/null
-../init.d/postfix
\ No newline at end of file
+++ /dev/null
-../init.d/rsync
\ No newline at end of file
--- /dev/null
+../init.d/ulogd2
\ No newline at end of file
--- /dev/null
+../init.d/apache2
\ No newline at end of file
+++ /dev/null
-../init.d/bootlogs
\ No newline at end of file
--- /dev/null
+../init.d/bootlogs
\ No newline at end of file
--- /dev/null
+../init.d/chrony
\ No newline at end of file
--- /dev/null
+../init.d/cron
\ No newline at end of file
--- /dev/null
+../init.d/postfix
\ No newline at end of file
+++ /dev/null
-../init.d/rc.local
\ No newline at end of file
+++ /dev/null
-../init.d/rmnologin
\ No newline at end of file
--- /dev/null
+../init.d/rsync
\ No newline at end of file
--- /dev/null
+../init.d/rc.local
\ No newline at end of file
--- /dev/null
+../init.d/rmnologin
\ No newline at end of file
--- /dev/null
+../init.d/salt-minion
\ No newline at end of file
--- /dev/null
+../init.d/bind9
\ No newline at end of file
+++ /dev/null
-../init.d/chrony
\ No newline at end of file
+++ /dev/null
-../init.d/cron
\ No newline at end of file
+++ /dev/null
-../init.d/postfix
\ No newline at end of file
+++ /dev/null
-../init.d/rsync
\ No newline at end of file
--- /dev/null
+../init.d/ulogd2
\ No newline at end of file
--- /dev/null
+../init.d/apache2
\ No newline at end of file
+++ /dev/null
-../init.d/bootlogs
\ No newline at end of file
--- /dev/null
+../init.d/bootlogs
\ No newline at end of file
--- /dev/null
+../init.d/chrony
\ No newline at end of file
--- /dev/null
+../init.d/cron
\ No newline at end of file
--- /dev/null
+../init.d/postfix
\ No newline at end of file
+++ /dev/null
-../init.d/rc.local
\ No newline at end of file
+++ /dev/null
-../init.d/rmnologin
\ No newline at end of file
--- /dev/null
+../init.d/rsync
\ No newline at end of file
--- /dev/null
+../init.d/rc.local
\ No newline at end of file
--- /dev/null
+../init.d/rmnologin
\ No newline at end of file
--- /dev/null
+../init.d/salt-minion
\ No newline at end of file
--- /dev/null
+../init.d/bind9
\ No newline at end of file
+++ /dev/null
-../init.d/chrony
\ No newline at end of file
+++ /dev/null
-../init.d/cron
\ No newline at end of file
+++ /dev/null
-../init.d/postfix
\ No newline at end of file
+++ /dev/null
-../init.d/rsync
\ No newline at end of file
--- /dev/null
+../init.d/ulogd2
\ No newline at end of file
--- /dev/null
+../init.d/apache2
\ No newline at end of file
+++ /dev/null
-../init.d/bootlogs
\ No newline at end of file
--- /dev/null
+../init.d/bootlogs
\ No newline at end of file
--- /dev/null
+../init.d/chrony
\ No newline at end of file
--- /dev/null
+../init.d/cron
\ No newline at end of file
--- /dev/null
+../init.d/postfix
\ No newline at end of file
+++ /dev/null
-../init.d/rc.local
\ No newline at end of file
+++ /dev/null
-../init.d/rmnologin
\ No newline at end of file
--- /dev/null
+../init.d/rsync
\ No newline at end of file
--- /dev/null
+../init.d/rc.local
\ No newline at end of file
--- /dev/null
+../init.d/rmnologin
\ No newline at end of file
--- /dev/null
+../init.d/salt-minion
\ No newline at end of file
--- /dev/null
+../init.d/bind9
\ No newline at end of file
+++ /dev/null
-../init.d/chrony
\ No newline at end of file
+++ /dev/null
-../init.d/cron
\ No newline at end of file
+++ /dev/null
-../init.d/postfix
\ No newline at end of file
+++ /dev/null
-../init.d/rsync
\ No newline at end of file
--- /dev/null
+../init.d/ulogd2
\ No newline at end of file
--- /dev/null
+../init.d/apache2
\ No newline at end of file
+++ /dev/null
-../init.d/bootlogs
\ No newline at end of file
--- /dev/null
+../init.d/bootlogs
\ No newline at end of file
--- /dev/null
+../init.d/chrony
\ No newline at end of file
--- /dev/null
+../init.d/cron
\ No newline at end of file
--- /dev/null
+../init.d/postfix
\ No newline at end of file
+++ /dev/null
-../init.d/rc.local
\ No newline at end of file
+++ /dev/null
-../init.d/rmnologin
\ No newline at end of file
--- /dev/null
+../init.d/rsync
\ No newline at end of file
--- /dev/null
+../init.d/rc.local
\ No newline at end of file
--- /dev/null
+../init.d/rmnologin
\ No newline at end of file
--- /dev/null
+../init.d/apache2
\ No newline at end of file
--- /dev/null
+../init.d/netfilter-persistent
\ No newline at end of file
--- /dev/null
+../init.d/salt-minion
\ No newline at end of file
--- /dev/null
+../init.d/ulogd2
\ No newline at end of file
--- /dev/null
+../init.d/bind9
\ No newline at end of file
+++ /dev/null
-../init.d/sendsigs
\ No newline at end of file
+++ /dev/null
-../init.d/rsyslog
\ No newline at end of file
--- /dev/null
+../init.d/sendsigs
\ No newline at end of file
+++ /dev/null
-../init.d/hwclock.sh
\ No newline at end of file
--- /dev/null
+../init.d/rsyslog
\ No newline at end of file
+++ /dev/null
-../init.d/umountnfs.sh
\ No newline at end of file
--- /dev/null
+../init.d/hwclock.sh
\ No newline at end of file
+++ /dev/null
-../init.d/networking
\ No newline at end of file
--- /dev/null
+../init.d/umountnfs.sh
\ No newline at end of file
--- /dev/null
+../init.d/networking
\ No newline at end of file
+++ /dev/null
-../init.d/umountfs
\ No newline at end of file
--- /dev/null
+../init.d/umountfs
\ No newline at end of file
+++ /dev/null
-../init.d/umountroot
\ No newline at end of file
+++ /dev/null
-../init.d/reboot
\ No newline at end of file
--- /dev/null
+../init.d/umountroot
\ No newline at end of file
--- /dev/null
+../init.d/reboot
\ No newline at end of file
--- /dev/null
+../init.d/netfilter-persistent
\ No newline at end of file
-nameserver 208.94.37.18
-nameserver 162.254.24.10
-domain uhu-banane.de
-search uhu-banane.de brehm-online.com hennig-berlin.org
+domain uhu-banane.de
+search uhu-banane.de brehm-online.com hennig-berlin.org
+nameserver 127.0.0.1
+nameserver 208.94.37.18
+nameserver 162.254.24.10
--- /dev/null
+##### Primary configuration settings #####
+##########################################
+# This configuration file is used to manage the behavior of the Salt Minion.
+# With the exception of the location of the Salt Master Server, values that are
+# commented out but have an empty line after the comment are defaults that need
+# not be set in the config. If there is no blank line after the comment, the
+# value is presented as an example and is not the default.
+
+# Per default the minion will automatically include all config files
+# from minion.d/*.conf (minion.d is a directory in the same directory
+# as the main minion config file).
+#default_include: minion.d/*.conf
+
+# Set the location of the salt master server. If the master server cannot be
+# resolved, then the minion will fail to start.
+#master: salt
+
+# Set http proxy information for the minion when doing requests
+#proxy_host:
+#proxy_port:
+#proxy_username:
+#proxy_password:
+
+# If multiple masters are specified in the 'master' setting, the default behavior
+# is to always try to connect to them in the order they are listed. If random_master is
+# set to True, the order will be randomized instead. This can be helpful in distributing
+# the load of many minions executing salt-call requests, for example, from a cron job.
+# If only one master is listed, this setting is ignored and a warning will be logged.
+# NOTE: If master_type is set to failover, use master_shuffle instead.
+#random_master: False
+
+# Use if master_type is set to failover.
+#master_shuffle: False
+
+# Minions can connect to multiple masters simultaneously (all masters
+# are "hot"), or can be configured to failover if a master becomes
+# unavailable. Multiple hot masters are configured by setting this
+# value to "str". Failover masters can be requested by setting
+# to "failover". MAKE SURE TO SET master_alive_interval if you are
+# using failover.
+# master_type: str
+
+# Poll interval in seconds for checking if the master is still there. Only
+# respected if master_type above is "failover". To disable the interval entirely,
+# set the value to -1. (This may be necessary on machines which have high numbers
+# of TCP connections, such as load balancers.)
+# master_alive_interval: 30
+
+# If the minion is in multi-master mode and the master_type configuration option
+# is set to "failover", this setting can be set to "True" to force the minion
+# to fail back to the first master in the list if the first master is back online.
+#master_failback: False
+
+# If the minion is in multi-master mode, the "master_type" configuration is set to
+# "failover", and the "master_failback" option is enabled, the master failback
+# interval can be set to ping the top master with this interval, in seconds.
+#master_failback_interval: 0
+
+# Set whether the minion should connect to the master via IPv6:
+#ipv6: False
+
+# Set the number of seconds to wait before attempting to resolve
+# the master hostname if name resolution fails. Defaults to 30 seconds.
+# Set to zero if the minion should shutdown and not retry.
+# retry_dns: 30
+
+# Set the port used by the master reply and authentication server.
+#master_port: 4506
+
+# The user to run salt.
+#user: root
+
+# The user to run salt remote execution commands as via sudo. If this option is
+# enabled then sudo will be used to change the active user executing the remote
+# command. If enabled the user will need to be allowed access via the sudoers
+# file for the user that the salt minion is configured to run as. The most
+# common option would be to use the root user. If this option is set the user
+# option should also be set to a non-root user. If migrating from a root minion
+# to a non root minion the minion cache should be cleared and the minion pki
+# directory will need to be changed to the ownership of the new user.
+#sudo_user: root
+
+# Specify the location of the daemon process ID file.
+#pidfile: /var/run/salt-minion.pid
+
+# The root directory prepended to these options: pki_dir, cachedir, log_file,
+# sock_dir, pidfile.
+#root_dir: /
+
+# The path to the minion's configuration file.
+#conf_file: /etc/salt/minion
+
+# The directory to store the pki information in
+#pki_dir: /etc/salt/pki/minion
+
+# Explicitly declare the id for this minion to use, if left commented the id
+# will be the hostname as returned by the python call: socket.getfqdn()
+# Since salt uses detached ids it is possible to run multiple minions on the
+# same machine but with different ids, this can be useful for salt compute
+# clusters.
+#id:
+
+# Cache the minion id to a file when the minion's id is not statically defined
+# in the minion config. Defaults to "True". This setting prevents potential
+# problems when automatic minion id resolution changes, which can cause the
+# minion to lose connection with the master. To turn off minion id caching,
+# set this config to ``False``.
+#minion_id_caching: True
+
+# Append a domain to a hostname in the event that it does not exist. This is
+# useful for systems where socket.getfqdn() does not actually result in a
+# FQDN (for instance, Solaris).
+#append_domain:
+
+# Custom static grains for this minion can be specified here and used in SLS
+# files just like all other grains. This example sets 4 custom grains, with
+# the 'roles' grain having two values that can be matched against.
+#grains:
+# roles:
+# - webserver
+# - memcache
+# deployment: datacenter4
+# cabinet: 13
+# cab_u: 14-15
+#
+# Where cache data goes.
+# This data may contain sensitive data and should be protected accordingly.
+#cachedir: /var/cache/salt/minion
+
+# Append minion_id to these directories. Helps with
+# multiple proxies and minions running on the same machine.
+# Allowed elements in the list: pki_dir, cachedir, extension_modules
+# Normally not needed unless running several proxies and/or minions on the same machine
+# Defaults to ['cachedir'] for proxies, [] (empty list) for regular minions
+#append_minionid_config_dirs:
+
+# Verify and set permissions on configuration directories at startup.
+#verify_env: True
+
+# The minion can locally cache the return data from jobs sent to it, this
+# can be a good way to keep track of jobs the minion has executed
+# (on the minion side). By default this feature is disabled, to enable, set
+# cache_jobs to True.
+#cache_jobs: False
+
+# Set the directory used to hold unix sockets.
+#sock_dir: /var/run/salt/minion
+
+# Set the default outputter used by the salt-call command. The default is
+# "nested".
+#output: nested
+#
+# By default output is colored. To disable colored output, set the color value
+# to False.
+#color: True
+
+# Do not strip off the colored output from nested results and state outputs
+# (true by default).
+# strip_colors: False
+
+# Backup files that are replaced by file.managed and file.recurse under
+# 'cachedir'/file_backups relative to their original location and appended
+# with a timestamp. The only valid setting is "minion". Disabled by default.
+#
+# Alternatively this can be specified for each file in state files:
+# /etc/ssh/sshd_config:
+# file.managed:
+# - source: salt://ssh/sshd_config
+# - backup: minion
+#
+#backup_mode: minion
+
+# When waiting for a master to accept the minion's public key, salt will
+# continuously attempt to reconnect until successful. This is the time, in
+# seconds, between those reconnection attempts.
+#acceptance_wait_time: 10
+
+# If this is nonzero, the time between reconnection attempts will increase by
+# acceptance_wait_time seconds per iteration, up to this maximum. If this is
+# set to zero, the time between reconnection attempts will stay constant.
+#acceptance_wait_time_max: 0
+
+# If the master rejects the minion's public key, retry instead of exiting.
+# Rejected keys will be handled the same as waiting on acceptance.
+#rejected_retry: False
+
+# When the master key changes, the minion will try to re-auth itself to receive
+# the new master key. In larger environments this can cause a SYN flood on the
+# master because all minions try to re-auth immediately. To prevent this and
+# have a minion wait for a random amount of time, use this optional parameter.
+# The wait-time will be a random number of seconds between 0 and the defined value.
+#random_reauth_delay: 60
+
+# When waiting for a master to accept the minion's public key, salt will
+# continuously attempt to reconnect until successful. This is the timeout value,
+# in seconds, for each individual attempt. After this timeout expires, the minion
+# will wait for acceptance_wait_time seconds before trying again. Unless your master
+# is under unusually heavy load, this should be left at the default.
+#auth_timeout: 60
+
+# Number of consecutive SaltReqTimeoutError that are acceptable when trying to
+# authenticate.
+#auth_tries: 7
+
+# The number of attempts to connect to a master before giving up.
+# Set this to -1 for unlimited attempts. This allows for a master to have
+# downtime and the minion to reconnect to it later when it comes back up.
+# In 'failover' mode, it is the number of attempts for each set of masters.
+# In this mode, it will cycle through the list of masters for each attempt.
+#
+# This is different than auth_tries because auth_tries attempts to
+# retry auth attempts with a single master. auth_tries is under the
+# assumption that you can connect to the master but not gain
+# authorization from it. master_tries will still cycle through all
+# the masters in a given try, so it is appropriate if you expect
+# occasional downtime from the master(s).
+#master_tries: 1
+
+# If authentication fails due to SaltReqTimeoutError during a ping_interval,
+# cause sub minion process to restart.
+#auth_safemode: False
+
+# Ping Master to ensure connection is alive (minutes).
+#ping_interval: 0
+
+# To auto recover minions if master changes IP address (DDNS)
+# auth_tries: 10
+# auth_safemode: False
+# ping_interval: 90
+#
+# Minions won't know master is missing until a ping fails. After the ping fail,
+# the minion will attempt authentication and likely fails out and cause a restart.
+# When the minion restarts it will resolve the masters IP and attempt to reconnect.
+
+# If you don't have any problems with syn-floods, don't bother with the
+# three recon_* settings described below, just leave the defaults!
+#
+# The ZeroMQ pull-socket that binds to the masters publishing interface tries
+# to reconnect immediately, if the socket is disconnected (for example if
+# the master processes are restarted). In large setups this will have all
+# minions reconnect immediately which might flood the master (the ZeroMQ-default
+# is usually a 100ms delay). To prevent this, these three recon_* settings
+# can be used.
+# recon_default: the interval in milliseconds that the socket should wait before
+# trying to reconnect to the master (1000ms = 1 second)
+#
+# recon_max: the maximum time a socket should wait. each interval the time to wait
+# is calculated by doubling the previous time. if recon_max is reached,
+# it starts again at recon_default. Short example:
+#
+# reconnect 1: the socket will wait 'recon_default' milliseconds
+# reconnect 2: 'recon_default' * 2
+# reconnect 3: ('recon_default' * 2) * 2
+# reconnect 4: value from previous interval * 2
+# reconnect 5: value from previous interval * 2
+# reconnect x: if value >= recon_max, it starts again with recon_default
+#
+# recon_randomize: generate a random wait time on minion start. The wait time will
+# be a random value between recon_default and recon_default +
+# recon_max. Having all minions reconnect with the same recon_default
+# and recon_max value kind of defeats the purpose of being able to
+# change these settings. If all minions have the same values and your
+# setup is quite large (several thousand minions), they will still
+# flood the master. The desired behavior is to have timeframe within
+# all minions try to reconnect.
+#
+# Example on how to use these settings. The goal: have all minions reconnect within a
+# 60 second timeframe on a disconnect.
+# recon_default: 1000
+# recon_max: 59000
+# recon_randomize: True
+#
+# Each minion will have a randomized reconnect value between 'recon_default'
+# and 'recon_default + recon_max', which in this example means between 1000ms
+# 60000ms (or between 1 and 60 seconds). The generated random-value will be
+# doubled after each attempt to reconnect. Lets say the generated random
+# value is 11 seconds (or 11000ms).
+# reconnect 1: wait 11 seconds
+# reconnect 2: wait 22 seconds
+# reconnect 3: wait 33 seconds
+# reconnect 4: wait 44 seconds
+# reconnect 5: wait 55 seconds
+# reconnect 6: wait time is bigger than 60 seconds (recon_default + recon_max)
+# reconnect 7: wait 11 seconds
+# reconnect 8: wait 22 seconds
+# reconnect 9: wait 33 seconds
+# reconnect x: etc.
+#
+# In a setup with ~6000 thousand hosts these settings would average the reconnects
+# to about 100 per second and all hosts would be reconnected within 60 seconds.
+# recon_default: 100
+# recon_max: 5000
+# recon_randomize: False
+#
+#
+# The loop_interval sets how long in seconds the minion will wait between
+# evaluating the scheduler and running cleanup tasks. This defaults to a
+# sane 60 seconds, but if the minion scheduler needs to be evaluated more
+# often lower this value
+#loop_interval: 60
+
+# The grains can be merged, instead of overridden, using this option.
+# This allows custom grains to defined different subvalues of a dictionary
+# grain. By default this feature is disabled, to enable set grains_deep_merge
+# to ``True``.
+#grains_deep_merge: False
+
+# The grains_refresh_every setting allows for a minion to periodically check
+# its grains to see if they have changed and, if so, to inform the master
+# of the new grains. This operation is moderately expensive, therefore
+# care should be taken not to set this value too low.
+#
+# Note: This value is expressed in __minutes__!
+#
+# A value of 10 minutes is a reasonable default.
+#
+# If the value is set to zero, this check is disabled.
+#grains_refresh_every: 1
+
+# Cache grains on the minion. Default is False.
+#grains_cache: False
+
+# Cache rendered pillar data on the minion. Default is False.
+# This may cause 'cachedir'/pillar to contain sensitive data that should be
+# protected accordingly.
+#minion_pillar_cache: False
+
+# Grains cache expiration, in seconds. If the cache file is older than this
+# number of seconds then the grains cache will be dumped and fully re-populated
+# with fresh data. Defaults to 5 minutes. Will have no effect if 'grains_cache'
+# is not enabled.
+# grains_cache_expiration: 300
+
+# Determines whether or not the salt minion should run scheduled mine updates.
+# Defaults to "True". Set to "False" to disable the scheduled mine updates
+# (this essentially just does not add the mine update function to the minion's
+# scheduler).
+#mine_enabled: True
+
+# Determines whether or not scheduled mine updates should be accompanied by a job
+# return for the job cache. Defaults to "False". Set to "True" to include job
+# returns in the job cache for mine updates.
+#mine_return_job: False
+
+# Example functions that can be run via the mine facility
+# NO mine functions are established by default.
+# Note these can be defined in the minion's pillar as well.
+#mine_functions:
+# test.ping: []
+# network.ip_addrs:
+# interface: eth0
+# cidr: '10.0.0.0/8'
+
+# Windows platforms lack posix IPC and must rely on slower TCP based inter-
+# process communications. Set ipc_mode to 'tcp' on such systems
+#ipc_mode: ipc
+
+# Overwrite the default tcp ports used by the minion when in tcp mode
+#tcp_pub_port: 4510
+#tcp_pull_port: 4511
+
+# Passing very large events can cause the minion to consume large amounts of
+# memory. This value tunes the maximum size of a message allowed onto the
+# minion event bus. The value is expressed in bytes.
+#max_event_size: 1048576
+
+# To detect failed master(s) and fire events on connect/disconnect, set
+# master_alive_interval to the number of seconds to poll the masters for
+# connection events.
+#
+#master_alive_interval: 30
+
+# The minion can include configuration from other files. To enable this,
+# pass a list of paths to this option. The paths can be either relative or
+# absolute; if relative, they are considered to be relative to the directory
+# the main minion configuration file lives in (this file). Paths can make use
+# of shell-style globbing. If no files are matched by a path passed to this
+# option then the minion will log a warning message.
+#
+# Include a config file from some other path:
+# include: /etc/salt/extra_config
+#
+# Include config from several files and directories:
+#include:
+# - /etc/salt/extra_config
+# - /etc/roles/webserver
+
+# The syndic minion can verify that it is talking to the correct master via the
+# key fingerprint of the higher-level master with the "syndic_finger" config.
+#syndic_finger: ''
+#
+#
+#
+##### Minion module management #####
+##########################################
+# Disable specific modules. This allows the admin to limit the level of
+# access the master has to the minion.
+#disable_modules: [cmd,test]
+#disable_returners: []
+
+# This is the reverse of disable_modules. The default, like disable_modules, is the empty list,
+# but if this option is set to *anything* then *only* those modules will load.
+# Note that this is a very large hammer and it can be quite difficult to keep the minion working
+# the way you think it should since Salt uses many modules internally itself. At a bare minimum
+# you need the following enabled or else the minion won't start.
+#whitelist_modules:
+# - cmdmod
+# - test
+# - config
+
+# Modules can be loaded from arbitrary paths. This enables the easy deployment
+# of third party modules. Modules for returners and minions can be loaded.
+# Specify a list of extra directories to search for minion modules and
+# returners. These paths must be fully qualified!
+#module_dirs: []
+#returner_dirs: []
+#states_dirs: []
+#render_dirs: []
+#utils_dirs: []
+#
+# A module provider can be statically overwritten or extended for the minion
+# via the providers option, in this case the default module will be
+# overwritten by the specified module. In this example the pkg module will
+# be provided by the yumpkg5 module instead of the system default.
+#providers:
+# pkg: yumpkg5
+#
+# Enable Cython modules searching and loading. (Default: False)
+#cython_enable: False
+#
+# Specify a max size (in bytes) for modules on import. This feature is currently
+# only supported on *nix operating systems and requires psutil.
+# modules_max_memory: -1
+
+
+##### State Management Settings #####
+###########################################
+# The state management system executes all of the state templates on the minion
+# to enable more granular control of system state management. The type of
+# template and serialization used for state management needs to be configured
+# on the minion, the default renderer is yaml_jinja. This is a yaml file
+# rendered from a jinja template, the available options are:
+# yaml_jinja
+# yaml_mako
+# yaml_wempy
+# json_jinja
+# json_mako
+# json_wempy
+#
+#renderer: yaml_jinja
+#
+# The failhard option tells the minions to stop immediately after the first
+# failure detected in the state execution. Defaults to False.
+#failhard: False
+#
+# Reload the modules prior to a highstate run.
+#autoload_dynamic_modules: True
+#
+# clean_dynamic_modules keeps the dynamic modules on the minion in sync with
+# the dynamic modules on the master, this means that if a dynamic module is
+# not on the master it will be deleted from the minion. By default, this is
+# enabled and can be disabled by changing this value to False.
+#clean_dynamic_modules: True
+#
+# Normally, the minion is not isolated to any single environment on the master
+# when running states, but the environment can be isolated on the minion side
+# by statically setting it. Remember that the recommended way to manage
+# environments is to isolate via the top file.
+#environment: None
+#
+# Isolates the pillar environment on the minion side. This functions the same
+# as the environment setting, but for pillar instead of states.
+#pillarenv: None
+#
+# If using the local file directory, then the state top file name needs to be
+# defined, by default this is top.sls.
+#state_top: top.sls
+#
+# Run states when the minion daemon starts. To enable, set startup_states to:
+# 'highstate' -- Execute state.highstate
+# 'sls' -- Read in the sls_list option and execute the named sls files
+# 'top' -- Read top_file option and execute based on that file on the Master
+#startup_states: ''
+#
+# List of states to run when the minion starts up if startup_states is 'sls':
+#sls_list:
+# - edit.vim
+# - hyper
+#
+# Top file to execute if startup_states is 'top':
+#top_file: ''
+
+# Automatically aggregate all states that have support for mod_aggregate by
+# setting to True. Or pass a list of state module names to automatically
+# aggregate just those types.
+#
+# state_aggregate:
+# - pkg
+#
+#state_aggregate: False
+
+##### File Directory Settings #####
+##########################################
+# The Salt Minion can redirect all file server operations to a local directory,
+# this allows for the same state tree that is on the master to be used if
+# copied completely onto the minion. This is a literal copy of the settings on
+# the master but used to reference a local directory on the minion.
+
+# Set the file client. The client defaults to looking on the master server for
+# files, but can be directed to look at the local file directory setting
+# defined below by setting it to "local". Setting a local file_client runs the
+# minion in masterless mode.
+#file_client: remote
+
+# The file directory works on environments passed to the minion, each environment
+# can have multiple root directories, the subdirectories in the multiple file
+# roots cannot match, otherwise the downloaded files will not be able to be
+# reliably ensured. A base environment is required to house the top file.
+# Example:
+# file_roots:
+# base:
+# - /srv/salt/
+# dev:
+# - /srv/salt/dev/services
+# - /srv/salt/dev/states
+# prod:
+# - /srv/salt/prod/services
+# - /srv/salt/prod/states
+#
+#file_roots:
+# base:
+# - /srv/salt
+
+# Uncomment the line below if you do not want the file_server to follow
+# symlinks when walking the filesystem tree. This is set to True
+# by default. Currently this only applies to the default roots
+# fileserver_backend.
+#fileserver_followsymlinks: False
+#
+# Uncomment the line below if you do not want symlinks to be
+# treated as the files they are pointing to. By default this is set to
+# False. By uncommenting the line below, any detected symlink while listing
+# files on the Master will not be returned to the Minion.
+#fileserver_ignoresymlinks: True
+#
+# By default, the Salt fileserver recurses fully into all defined environments
+# to attempt to find files. To limit this behavior so that the fileserver only
+# traverses directories with SLS files and special Salt directories like _modules,
+# enable the option below. This might be useful for installations where a file root
+# has a very large number of files and performance is negatively impacted. Default
+# is False.
+#fileserver_limit_traversal: False
+
+# The hash_type is the hash to use when discovering the hash of a file in
+# the local fileserver. The default is sha256, sha224, sha384 and sha512 are also supported.
+#
+# WARNING: While md5 and sha1 are also supported, do not use it due to the high chance
+# of possible collisions and thus security breach.
+#
+# Warning: Prior to changing this value, the minion should be stopped and all
+# Salt caches should be cleared.
+#hash_type: sha256
+
+# The Salt pillar is searched for locally if file_client is set to local. If
+# this is the case, and pillar data is defined, then the pillar_roots need to
+# also be configured on the minion:
+#pillar_roots:
+# base:
+# - /srv/pillar
+
+# Set a hard-limit on the size of the files that can be pushed to the master.
+# It will be interpreted as megabytes. Default: 100
+#file_recv_max_size: 100
+#
+#
+###### Security settings #####
+###########################################
+# Enable "open mode", this mode still maintains encryption, but turns off
+# authentication, this is only intended for highly secure environments or for
+# the situation where your keys end up in a bad state. If you run in open mode
+# you do so at your own risk!
+#open_mode: False
+
+# Enable permissive access to the salt keys. This allows you to run the
+# master or minion as root, but have a non-root group be given access to
+# your pki_dir. To make the access explicit, root must belong to the group
+# you've given access to. This is potentially quite insecure.
+#permissive_pki_access: False
+
+# The state_verbose and state_output settings can be used to change the way
+# state system data is printed to the display. By default all data is printed.
+# The state_verbose setting can be set to True or False, when set to False
+# all data that has a result of True and no changes will be suppressed.
+#state_verbose: True
+
+# The state_output setting changes if the output is the full multi line
+# output for each changed state if set to 'full', but if set to 'terse'
+# the output will be shortened to a single line.
+#state_output: full
+
+# The state_output_diff setting changes whether or not the output from
+# successful states is returned. Useful when even the terse output of these
+# states is cluttering the logs. Set it to True to ignore them.
+#state_output_diff: False
+
+# The state_output_profile setting changes whether profile information
+# will be shown for each state run.
+#state_output_profile: True
+
+# Fingerprint of the master public key to validate the identity of your Salt master
+# before the initial key exchange. The master fingerprint can be found by running
+# "salt-key -F master" on the Salt master.
+#master_finger: ''
+
+
+###### Thread settings #####
+###########################################
+# Disable multiprocessing support, by default when a minion receives a
+# publication a new process is spawned and the command is executed therein.
+#multiprocessing: True
+
+
+##### Logging settings #####
+##########################################
+# The location of the minion log file
+# The minion log can be sent to a regular file, local path name, or network
+# location. Remote logging works best when configured to use rsyslogd(8) (e.g.:
+# ``file:///dev/log``), with rsyslogd(8) configured for network logging. The URI
+# format is: <file|udp|tcp>://<host|socketpath>:<port-if-required>/<log-facility>
+#log_file: /var/log/salt/minion
+#log_file: file:///dev/log
+#log_file: udp://loghost:10514
+#
+#log_file: /var/log/salt/minion
+#key_logfile: /var/log/salt/key
+
+# The level of messages to send to the console.
+# One of 'garbage', 'trace', 'debug', info', 'warning', 'error', 'critical'.
+#
+# The following log levels are considered INSECURE and may log sensitive data:
+# ['garbage', 'trace', 'debug']
+#
+# Default: 'warning'
+#log_level: warning
+
+# The level of messages to send to the log file.
+# One of 'garbage', 'trace', 'debug', info', 'warning', 'error', 'critical'.
+# If using 'log_granular_levels' this must be set to the highest desired level.
+# Default: 'warning'
+#log_level_logfile:
+
+# The date and time format used in log messages. Allowed date/time formatting
+# can be seen here: http://docs.python.org/library/time.html#time.strftime
+#log_datefmt: '%H:%M:%S'
+#log_datefmt_logfile: '%Y-%m-%d %H:%M:%S'
+
+# The format of the console logging messages. Allowed formatting options can
+# be seen here: http://docs.python.org/library/logging.html#logrecord-attributes
+#
+# Console log colors are specified by these additional formatters:
+#
+# %(colorlevel)s
+# %(colorname)s
+# %(colorprocess)s
+# %(colormsg)s
+#
+# Since it is desirable to include the surrounding brackets, '[' and ']', in
+# the coloring of the messages, these color formatters also include padding as
+# well. Color LogRecord attributes are only available for console logging.
+#
+#log_fmt_console: '%(colorlevel)s %(colormsg)s'
+#log_fmt_console: '[%(levelname)-8s] %(message)s'
+#
+#log_fmt_logfile: '%(asctime)s,%(msecs)03.0f [%(name)-17s][%(levelname)-8s] %(message)s'
+
+# This can be used to control logging levels more specificically. This
+# example sets the main salt library at the 'warning' level, but sets
+# 'salt.modules' to log at the 'debug' level:
+# log_granular_levels:
+# 'salt': 'warning'
+# 'salt.modules': 'debug'
+#
+#log_granular_levels: {}
+
+# To diagnose issues with minions disconnecting or missing returns, ZeroMQ
+# supports the use of monitor sockets to log connection events. This
+# feature requires ZeroMQ 4.0 or higher.
+#
+# To enable ZeroMQ monitor sockets, set 'zmq_monitor' to 'True' and log at a
+# debug level or higher.
+#
+# A sample log event is as follows:
+#
+# [DEBUG ] ZeroMQ event: {'endpoint': 'tcp://127.0.0.1:4505', 'event': 512,
+# 'value': 27, 'description': 'EVENT_DISCONNECTED'}
+#
+# All events logged will include the string 'ZeroMQ event'. A connection event
+# should be logged as the minion starts up and initially connects to the
+# master. If not, check for debug log level and that the necessary version of
+# ZeroMQ is installed.
+#
+#zmq_monitor: False
+
+###### Module configuration #####
+###########################################
+# Salt allows for modules to be passed arbitrary configuration data, any data
+# passed here in valid yaml format will be passed on to the salt minion modules
+# for use. It is STRONGLY recommended that a naming convention be used in which
+# the module name is followed by a . and then the value. Also, all top level
+# data must be applied via the yaml dict construct, some examples:
+#
+# You can specify that all modules should run in test mode:
+#test: True
+#
+# A simple value for the test module:
+#test.foo: foo
+#
+# A list for the test module:
+#test.bar: [baz,quo]
+#
+# A dict for the test module:
+#test.baz: {spam: sausage, cheese: bread}
+#
+#
+###### Update settings ######
+###########################################
+# Using the features in Esky, a salt minion can both run as a frozen app and
+# be updated on the fly. These options control how the update process
+# (saltutil.update()) behaves.
+#
+# The url for finding and downloading updates. Disabled by default.
+#update_url: False
+#
+# The list of services to restart after a successful update. Empty by default.
+#update_restart_services: []
+
+
+###### Keepalive settings ######
+############################################
+# ZeroMQ now includes support for configuring SO_KEEPALIVE if supported by
+# the OS. If connections between the minion and the master pass through
+# a state tracking device such as a firewall or VPN gateway, there is
+# the risk that it could tear down the connection the master and minion
+# without informing either party that their connection has been taken away.
+# Enabling TCP Keepalives prevents this from happening.
+
+# Overall state of TCP Keepalives, enable (1 or True), disable (0 or False)
+# or leave to the OS defaults (-1), on Linux, typically disabled. Default True, enabled.
+#tcp_keepalive: True
+
+# How long before the first keepalive should be sent in seconds. Default 300
+# to send the first keepalive after 5 minutes, OS default (-1) is typically 7200 seconds
+# on Linux see /proc/sys/net/ipv4/tcp_keepalive_time.
+#tcp_keepalive_idle: 300
+
+# How many lost probes are needed to consider the connection lost. Default -1
+# to use OS defaults, typically 9 on Linux, see /proc/sys/net/ipv4/tcp_keepalive_probes.
+#tcp_keepalive_cnt: -1
+
+# How often, in seconds, to send keepalives after the first one. Default -1 to
+# use OS defaults, typically 75 seconds on Linux, see
+# /proc/sys/net/ipv4/tcp_keepalive_intvl.
+#tcp_keepalive_intvl: -1
+
+
+###### Windows Software settings ######
+############################################
+# Location of the repository cache file on the master:
+#win_repo_cachefile: 'salt://win/repo/winrepo.p'
+
+
+###### Returner settings ######
+############################################
+# Which returner(s) will be used for minion's result:
+#return: mysql
+
+
+###### Miscellaneous settings ######
+############################################
+# Default match type for filtering events tags: startswith, endswith, find, regex, fnmatch
+#event_match_type: startswith
--- /dev/null
+schedule:
+ __mine_interval: {enabled: true, function: mine.update, jid_include: true, maxrunning: 2,
+ minutes: 60, return_job: false}
--- /dev/null
+ns2.uhu-banane.de
\ No newline at end of file
--- /dev/null
+-----BEGIN RSA PRIVATE KEY-----
+MIIEpQIBAAKCAQEAtmZt+k+dcN+sYElPfzKwzrxiLpyk3h2i5c0SRmaFNXVDcBC5
+mN/Xvpuv0yxQ/z1D4GXDyLkiXM+49eXEPlgoiQ9lRtBf3kLG8cOjIbNOioAyAnUH
+ZNwT5iHdRPL2aAu/WFk4fZet9j6w0aeXJoZnL07WxhzJ5kHNB9LEF9H4mGpBi6D/
+s+xmP6to4zaIOCoa9NRhUf/LiU0oAvhoxyOUMXjzutnCIW+ixJTu6an95n4Ybp+p
+EkXvgfRaVenfysMONx/98Ay9moI5xZB7VEGeC9SO5E4YsqCN0VZcVrzrjVsJYKYk
+0rtsN6vLRgi4zMoRt+wqxZfz8qJQmwsKVNmjfwIDAQABAoIBAQCwekB0TG2nVTKh
+4qyBBFmfXROdx7+YjJIcx6Kj7PN7up5qIjSAnitO57Fhn2Iq4mr3BV89qSp/JBfw
+CsQqEf/+RKAXuOrY0EFOj5wZsjQOu2QnjnV995VlN2SwHmecWalj4MdQdN5C/3rz
+DrSm+KmDU0NoYVhTaVzn8dv6tBRT2e/FezVdRJ2EbxzHM41m/y47MpVs+Ye9fl88
+B3TIqWWF5Fz/z9zcotsuso31AdBFMmb0N6fVE/lBVFn4fnfmPeK9WUzJAK50zZkN
+OPxA50qNFa+UfqDjnie87/+A1znZFkl4JRA80ce150gIRf8CVrW1KptmOiKr3Dg8
+c1KC/lnhAoGBAMogi+RJcXZQtAHLKnxyKA5HLbxMiDeRyE4n0+ytGEVez1aomXqG
+2d8J8Oc8wFpGfFpmHSQbq+cObpyVZz+i763+VI3Gp0OAmy2mL/aUqslv6F7wJbuQ
+W4b+Umyxhq2ZJujUeaX2ubSMvYwbpkVLvafJ4TPMZ08OUlS4O6uO/LSRAoGBAOcD
+4KOizOYigPnssHlVwtpgVW6jDOsPG7u/lt2iSBF4oKnQ+AOAPzbMJLc33V1dOjox
+fFzBz5xFZN9b5C9XzTPzvaiJfnIY6s6AlBa/wrW6/RCDw1ApPODDsvFCy9EEytIK
+dj0ubolEvCcELwb13k3GO+TxjajR9JJHtBgwFZ8PAoGBAIEztLhESga7J5VN7OaH
+ghs+XHnU4e3DfiqXQtwy+SS+qgJW22R69qGflSH6r2oFTE/sngwKtCOKEiJ9TfZb
+jKHHxPyrUxfPCWJwrJAOD+2bXwnwr+3pJNhxkPZxtAkbsMd7qhbwU1yZ6j+5HNuG
+wsCSRyX5LsBWA0KsUVgkmlxBAoGBAIe/AYtmKJy6fateZ7yEpoEHxmvCp96f/B3w
+0MffihWqGk5vGq2D+KFMh+6ZhxxLoeF8HqWqxUIAjOuq5YTkRRJYEYQtdv24opFB
+gMN1XwbGn9nKc0RxVvKETGv0YiuqczvFJgGBfTZwC1ep37BpXX26FIvNXP5skRg7
+xhnId4wFAoGAMdhwwvcxMYd/e5nZ6ULTbwRU5G7bPCEkWEFjj3GfnukV0Oy29qhO
+lNSmviFuoki19DD+dGWDXcqz5CAXcosiKR6XuiEEyobvuECBgFhuOv5R7gO6gWSD
+voeZdj3u0cEvsoABoMycUXOLOhebXU5ULi4lWT9bB7HOBXNJNA4Tvj0=
+-----END RSA PRIVATE KEY-----
\ No newline at end of file
--- /dev/null
+-----BEGIN PUBLIC KEY-----
+MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtmZt+k+dcN+sYElPfzKw
+zrxiLpyk3h2i5c0SRmaFNXVDcBC5mN/Xvpuv0yxQ/z1D4GXDyLkiXM+49eXEPlgo
+iQ9lRtBf3kLG8cOjIbNOioAyAnUHZNwT5iHdRPL2aAu/WFk4fZet9j6w0aeXJoZn
+L07WxhzJ5kHNB9LEF9H4mGpBi6D/s+xmP6to4zaIOCoa9NRhUf/LiU0oAvhoxyOU
+MXjzutnCIW+ixJTu6an95n4Ybp+pEkXvgfRaVenfysMONx/98Ay9moI5xZB7VEGe
+C9SO5E4YsqCN0VZcVrzrjVsJYKYk0rtsN6vLRgi4zMoRt+wqxZfz8qJQmwsKVNmj
+fwIDAQAB
+-----END PUBLIC KEY-----
\ No newline at end of file
--- /dev/null
+-----BEGIN PUBLIC KEY-----
+MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwUbxQYMDoCPQTWHREbbu
+lTBJ+BNLjeUalhTgXjaR7uNiGryiOoLGtSiQFwiYClJ/7QqUoSG7A9c5Xw1Qv6CI
+H73sBAdniAFaC9jeY+4Pe22QlrIuE9AoWGNw9X2gDQ1/9MHGaFnlumDW5pLNvP+i
+nd3DRVNuhSR+S0/sTJUbFpzXXIzN0WijIBLA+oqlR/ANPc89Y+XhXUaVje48yW0l
+oEiedhRzHPGS5mGwyDs9MqLano1LeRdu4kdyhboljqX3c/SsVgc/Q3oD42+XerI1
+rz+mkLBNzHhNQWn6k6W8PdiYTnRXH6WUyMMxniBR/5QPWx3Owu5aeSy23Dhl6SRc
+EQIDAQAB
+-----END PUBLIC KEY-----
\ No newline at end of file
--- /dev/null
+##### Primary configuration settings #####
+##########################################
+# This configuration file is used to manage the behavior of all Salt Proxy
+# Minions on this host.
+# With the exception of the location of the Salt Master Server, values that are
+# commented out but have an empty line after the comment are defaults that need
+# not be set in the config. If there is no blank line after the comment, the
+# value is presented as an example and is not the default.
+
+# Per default the minion will automatically include all config files
+# from minion.d/*.conf (minion.d is a directory in the same directory
+# as the main minion config file).
+#default_include: minion.d/*.conf
+
+# Backwards compatibility option for proxymodules created before 2015.8.2
+# This setting will default to 'False' in the 2016.3.0 release
+# Setting this to True adds proxymodules to the __opts__ dictionary.
+# This breaks several Salt features (basically anything that serializes
+# __opts__ over the wire) but retains backwards compatibility.
+#add_proxymodule_to_opts: True
+
+# Set the location of the salt master server. If the master server cannot be
+# resolved, then the minion will fail to start.
+#master: salt
+
+# If a proxymodule has a function called 'grains', then call it during
+# regular grains loading and merge the results with the proxy's grains
+# dictionary. Otherwise it is assumed that the module calls the grains
+# function in a custom way and returns the data elsewhere
+#
+# Default to False for 2016.3 and Carbon. Switch to True for Nitrogen.
+# proxy_merge_grains_in_module: False
+
+# If multiple masters are specified in the 'master' setting, the default behavior
+# is to always try to connect to them in the order they are listed. If random_master is
+# set to True, the order will be randomized instead. This can be helpful in distributing
+# the load of many minions executing salt-call requests, for example, from a cron job.
+# If only one master is listed, this setting is ignored and a warning will be logged.
+#random_master: False
+
+# Minions can connect to multiple masters simultaneously (all masters
+# are "hot"), or can be configured to failover if a master becomes
+# unavailable. Multiple hot masters are configured by setting this
+# value to "str". Failover masters can be requested by setting
+# to "failover". MAKE SURE TO SET master_alive_interval if you are
+# using failover.
+# master_type: str
+
+# Poll interval in seconds for checking if the master is still there. Only
+# respected if master_type above is "failover".
+# master_alive_interval: 30
+
+# Set whether the minion should connect to the master via IPv6:
+#ipv6: False
+
+# Set the number of seconds to wait before attempting to resolve
+# the master hostname if name resolution fails. Defaults to 30 seconds.
+# Set to zero if the minion should shutdown and not retry.
+# retry_dns: 30
+
+# Set the port used by the master reply and authentication server.
+#master_port: 4506
+
+# The user to run salt.
+#user: root
+
+# Setting sudo_user will cause salt to run all execution modules under an sudo
+# to the user given in sudo_user. The user under which the salt minion process
+# itself runs will still be that provided in the user config above, but all
+# execution modules run by the minion will be rerouted through sudo.
+#sudo_user: saltdev
+
+# Specify the location of the daemon process ID file.
+#pidfile: /var/run/salt-minion.pid
+
+# The root directory prepended to these options: pki_dir, cachedir, log_file,
+# sock_dir, pidfile.
+#root_dir: /
+
+# The directory to store the pki information in
+#pki_dir: /etc/salt/pki/minion
+
+# Where cache data goes.
+# This data may contain sensitive data and should be protected accordingly.
+#cachedir: /var/cache/salt/minion
+
+# Append minion_id to these directories. Helps with
+# multiple proxies and minions running on the same machine.
+# Allowed elements in the list: pki_dir, cachedir, extension_modules
+# Normally not needed unless running several proxies and/or minions on the same machine
+# Defaults to ['cachedir'] for proxies, [] (empty list) for regular minions
+# append_minionid_config_dirs:
+# - cachedir
+
+
+
+# Verify and set permissions on configuration directories at startup.
+#verify_env: True
+
+# The minion can locally cache the return data from jobs sent to it, this
+# can be a good way to keep track of jobs the minion has executed
+# (on the minion side). By default this feature is disabled, to enable, set
+# cache_jobs to True.
+#cache_jobs: False
+
+# Set the directory used to hold unix sockets.
+#sock_dir: /var/run/salt/minion
+
+# Set the default outputter used by the salt-call command. The default is
+# "nested".
+#output: nested
+#
+# By default output is colored. To disable colored output, set the color value
+# to False.
+#color: True
+
+# Do not strip off the colored output from nested results and state outputs
+# (true by default).
+# strip_colors: False
+
+# Backup files that are replaced by file.managed and file.recurse under
+# 'cachedir'/file_backups relative to their original location and appended
+# with a timestamp. The only valid setting is "minion". Disabled by default.
+#
+# Alternatively this can be specified for each file in state files:
+# /etc/ssh/sshd_config:
+# file.managed:
+# - source: salt://ssh/sshd_config
+# - backup: minion
+#
+#backup_mode: minion
+
+# When waiting for a master to accept the minion's public key, salt will
+# continuously attempt to reconnect until successful. This is the time, in
+# seconds, between those reconnection attempts.
+#acceptance_wait_time: 10
+
+# If this is nonzero, the time between reconnection attempts will increase by
+# acceptance_wait_time seconds per iteration, up to this maximum. If this is
+# set to zero, the time between reconnection attempts will stay constant.
+#acceptance_wait_time_max: 0
+
+# If the master rejects the minion's public key, retry instead of exiting.
+# Rejected keys will be handled the same as waiting on acceptance.
+#rejected_retry: False
+
+# When the master key changes, the minion will try to re-auth itself to receive
+# the new master key. In larger environments this can cause a SYN flood on the
+# master because all minions try to re-auth immediately. To prevent this and
+# have a minion wait for a random amount of time, use this optional parameter.
+# The wait-time will be a random number of seconds between 0 and the defined value.
+#random_reauth_delay: 60
+
+# When waiting for a master to accept the minion's public key, salt will
+# continuously attempt to reconnect until successful. This is the timeout value,
+# in seconds, for each individual attempt. After this timeout expires, the minion
+# will wait for acceptance_wait_time seconds before trying again. Unless your master
+# is under unusually heavy load, this should be left at the default.
+#auth_timeout: 60
+
+# Number of consecutive SaltReqTimeoutError that are acceptable when trying to
+# authenticate.
+#auth_tries: 7
+
+# If authentication fails due to SaltReqTimeoutError during a ping_interval,
+# cause sub minion process to restart.
+#auth_safemode: False
+
+# Ping Master to ensure connection is alive (minutes).
+#ping_interval: 0
+
+# To auto recover minions if master changes IP address (DDNS)
+# auth_tries: 10
+# auth_safemode: False
+# ping_interval: 90
+#
+# Minions won't know master is missing until a ping fails. After the ping fail,
+# the minion will attempt authentication and likely fails out and cause a restart.
+# When the minion restarts it will resolve the masters IP and attempt to reconnect.
+
+# If you don't have any problems with syn-floods, don't bother with the
+# three recon_* settings described below, just leave the defaults!
+#
+# The ZeroMQ pull-socket that binds to the masters publishing interface tries
+# to reconnect immediately, if the socket is disconnected (for example if
+# the master processes are restarted). In large setups this will have all
+# minions reconnect immediately which might flood the master (the ZeroMQ-default
+# is usually a 100ms delay). To prevent this, these three recon_* settings
+# can be used.
+# recon_default: the interval in milliseconds that the socket should wait before
+# trying to reconnect to the master (1000ms = 1 second)
+#
+# recon_max: the maximum time a socket should wait. each interval the time to wait
+# is calculated by doubling the previous time. if recon_max is reached,
+# it starts again at recon_default. Short example:
+#
+# reconnect 1: the socket will wait 'recon_default' milliseconds
+# reconnect 2: 'recon_default' * 2
+# reconnect 3: ('recon_default' * 2) * 2
+# reconnect 4: value from previous interval * 2
+# reconnect 5: value from previous interval * 2
+# reconnect x: if value >= recon_max, it starts again with recon_default
+#
+# recon_randomize: generate a random wait time on minion start. The wait time will
+# be a random value between recon_default and recon_default +
+# recon_max. Having all minions reconnect with the same recon_default
+# and recon_max value kind of defeats the purpose of being able to
+# change these settings. If all minions have the same values and your
+# setup is quite large (several thousand minions), they will still
+# flood the master. The desired behavior is to have timeframe within
+# all minions try to reconnect.
+#
+# Example on how to use these settings. The goal: have all minions reconnect within a
+# 60 second timeframe on a disconnect.
+# recon_default: 1000
+# recon_max: 59000
+# recon_randomize: True
+#
+# Each minion will have a randomized reconnect value between 'recon_default'
+# and 'recon_default + recon_max', which in this example means between 1000ms
+# 60000ms (or between 1 and 60 seconds). The generated random-value will be
+# doubled after each attempt to reconnect. Lets say the generated random
+# value is 11 seconds (or 11000ms).
+# reconnect 1: wait 11 seconds
+# reconnect 2: wait 22 seconds
+# reconnect 3: wait 33 seconds
+# reconnect 4: wait 44 seconds
+# reconnect 5: wait 55 seconds
+# reconnect 6: wait time is bigger than 60 seconds (recon_default + recon_max)
+# reconnect 7: wait 11 seconds
+# reconnect 8: wait 22 seconds
+# reconnect 9: wait 33 seconds
+# reconnect x: etc.
+#
+# In a setup with ~6000 thousand hosts these settings would average the reconnects
+# to about 100 per second and all hosts would be reconnected within 60 seconds.
+# recon_default: 100
+# recon_max: 5000
+# recon_randomize: False
+#
+#
+# The loop_interval sets how long in seconds the minion will wait between
+# evaluating the scheduler and running cleanup tasks. This defaults to a
+# sane 60 seconds, but if the minion scheduler needs to be evaluated more
+# often lower this value
+#loop_interval: 60
+
+# The grains_refresh_every setting allows for a minion to periodically check
+# its grains to see if they have changed and, if so, to inform the master
+# of the new grains. This operation is moderately expensive, therefore
+# care should be taken not to set this value too low.
+#
+# Note: This value is expressed in __minutes__!
+#
+# A value of 10 minutes is a reasonable default.
+#
+# If the value is set to zero, this check is disabled.
+#grains_refresh_every: 1
+
+# Cache grains on the minion. Default is False.
+#grains_cache: False
+
+# Grains cache expiration, in seconds. If the cache file is older than this
+# number of seconds then the grains cache will be dumped and fully re-populated
+# with fresh data. Defaults to 5 minutes. Will have no effect if 'grains_cache'
+# is not enabled.
+# grains_cache_expiration: 300
+
+# Windows platforms lack posix IPC and must rely on slower TCP based inter-
+# process communications. Set ipc_mode to 'tcp' on such systems
+#ipc_mode: ipc
+
+# Overwrite the default tcp ports used by the minion when in tcp mode
+#tcp_pub_port: 4510
+#tcp_pull_port: 4511
+
+# Passing very large events can cause the minion to consume large amounts of
+# memory. This value tunes the maximum size of a message allowed onto the
+# minion event bus. The value is expressed in bytes.
+#max_event_size: 1048576
+
+# To detect failed master(s) and fire events on connect/disconnect, set
+# master_alive_interval to the number of seconds to poll the masters for
+# connection events.
+#
+#master_alive_interval: 30
+
+# The minion can include configuration from other files. To enable this,
+# pass a list of paths to this option. The paths can be either relative or
+# absolute; if relative, they are considered to be relative to the directory
+# the main minion configuration file lives in (this file). Paths can make use
+# of shell-style globbing. If no files are matched by a path passed to this
+# option then the minion will log a warning message.
+#
+# Include a config file from some other path:
+# include: /etc/salt/extra_config
+#
+# Include config from several files and directories:
+#include:
+# - /etc/salt/extra_config
+# - /etc/roles/webserver
+#
+#
+#
+##### Minion module management #####
+##########################################
+# Disable specific modules. This allows the admin to limit the level of
+# access the master has to the minion.
+#disable_modules: [cmd,test]
+#disable_returners: []
+#
+# Modules can be loaded from arbitrary paths. This enables the easy deployment
+# of third party modules. Modules for returners and minions can be loaded.
+# Specify a list of extra directories to search for minion modules and
+# returners. These paths must be fully qualified!
+#module_dirs: []
+#returner_dirs: []
+#states_dirs: []
+#render_dirs: []
+#utils_dirs: []
+#
+# A module provider can be statically overwritten or extended for the minion
+# via the providers option, in this case the default module will be
+# overwritten by the specified module. In this example the pkg module will
+# be provided by the yumpkg5 module instead of the system default.
+#providers:
+# pkg: yumpkg5
+#
+# Enable Cython modules searching and loading. (Default: False)
+#cython_enable: False
+#
+# Specify a max size (in bytes) for modules on import. This feature is currently
+# only supported on *nix operating systems and requires psutil.
+# modules_max_memory: -1
+
+
+##### State Management Settings #####
+###########################################
+# The state management system executes all of the state templates on the minion
+# to enable more granular control of system state management. The type of
+# template and serialization used for state management needs to be configured
+# on the minion, the default renderer is yaml_jinja. This is a yaml file
+# rendered from a jinja template, the available options are:
+# yaml_jinja
+# yaml_mako
+# yaml_wempy
+# json_jinja
+# json_mako
+# json_wempy
+#
+#renderer: yaml_jinja
+#
+# The failhard option tells the minions to stop immediately after the first
+# failure detected in the state execution. Defaults to False.
+#failhard: False
+#
+# Reload the modules prior to a highstate run.
+#autoload_dynamic_modules: True
+#
+# clean_dynamic_modules keeps the dynamic modules on the minion in sync with
+# the dynamic modules on the master, this means that if a dynamic module is
+# not on the master it will be deleted from the minion. By default, this is
+# enabled and can be disabled by changing this value to False.
+#clean_dynamic_modules: True
+#
+# Normally, the minion is not isolated to any single environment on the master
+# when running states, but the environment can be isolated on the minion side
+# by statically setting it. Remember that the recommended way to manage
+# environments is to isolate via the top file.
+#environment: None
+#
+# If using the local file directory, then the state top file name needs to be
+# defined, by default this is top.sls.
+#state_top: top.sls
+#
+# Run states when the minion daemon starts. To enable, set startup_states to:
+# 'highstate' -- Execute state.highstate
+# 'sls' -- Read in the sls_list option and execute the named sls files
+# 'top' -- Read top_file option and execute based on that file on the Master
+#startup_states: ''
+#
+# List of states to run when the minion starts up if startup_states is 'sls':
+#sls_list:
+# - edit.vim
+# - hyper
+#
+# Top file to execute if startup_states is 'top':
+#top_file: ''
+
+# Automatically aggregate all states that have support for mod_aggregate by
+# setting to True. Or pass a list of state module names to automatically
+# aggregate just those types.
+#
+# state_aggregate:
+# - pkg
+#
+#state_aggregate: False
+
+##### File Directory Settings #####
+##########################################
+# The Salt Minion can redirect all file server operations to a local directory,
+# this allows for the same state tree that is on the master to be used if
+# copied completely onto the minion. This is a literal copy of the settings on
+# the master but used to reference a local directory on the minion.
+
+# Set the file client. The client defaults to looking on the master server for
+# files, but can be directed to look at the local file directory setting
+# defined below by setting it to "local". Setting a local file_client runs the
+# minion in masterless mode.
+#file_client: remote
+
+# The file directory works on environments passed to the minion, each environment
+# can have multiple root directories, the subdirectories in the multiple file
+# roots cannot match, otherwise the downloaded files will not be able to be
+# reliably ensured. A base environment is required to house the top file.
+# Example:
+# file_roots:
+# base:
+# - /srv/salt/
+# dev:
+# - /srv/salt/dev/services
+# - /srv/salt/dev/states
+# prod:
+# - /srv/salt/prod/services
+# - /srv/salt/prod/states
+#
+#file_roots:
+# base:
+# - /srv/salt
+
+# By default, the Salt fileserver recurses fully into all defined environments
+# to attempt to find files. To limit this behavior so that the fileserver only
+# traverses directories with SLS files and special Salt directories like _modules,
+# enable the option below. This might be useful for installations where a file root
+# has a very large number of files and performance is negatively impacted. Default
+# is False.
+#fileserver_limit_traversal: False
+
+# The hash_type is the hash to use when discovering the hash of a file in
+# the local fileserver. The default is sha256 but sha224, sha384 and sha512
+# are also supported.
+#
+# WARNING: While md5 and sha1 are also supported, do not use it due to the high chance
+# of possible collisions and thus security breach.
+#
+# Warning: Prior to changing this value, the minion should be stopped and all
+# Salt caches should be cleared.
+#hash_type: sha256
+
+# The Salt pillar is searched for locally if file_client is set to local. If
+# this is the case, and pillar data is defined, then the pillar_roots need to
+# also be configured on the minion:
+#pillar_roots:
+# base:
+# - /srv/pillar
+#
+#
+###### Security settings #####
+###########################################
+# Enable "open mode", this mode still maintains encryption, but turns off
+# authentication, this is only intended for highly secure environments or for
+# the situation where your keys end up in a bad state. If you run in open mode
+# you do so at your own risk!
+#open_mode: False
+
+# Enable permissive access to the salt keys. This allows you to run the
+# master or minion as root, but have a non-root group be given access to
+# your pki_dir. To make the access explicit, root must belong to the group
+# you've given access to. This is potentially quite insecure.
+#permissive_pki_access: False
+
+# The state_verbose and state_output settings can be used to change the way
+# state system data is printed to the display. By default all data is printed.
+# The state_verbose setting can be set to True or False, when set to False
+# all data that has a result of True and no changes will be suppressed.
+#state_verbose: True
+
+# The state_output setting changes if the output is the full multi line
+# output for each changed state if set to 'full', but if set to 'terse'
+# the output will be shortened to a single line.
+#state_output: full
+
+# The state_output_diff setting changes whether or not the output from
+# successful states is returned. Useful when even the terse output of these
+# states is cluttering the logs. Set it to True to ignore them.
+#state_output_diff: False
+
+# The state_output_profile setting changes whether profile information
+# will be shown for each state run.
+#state_output_profile: True
+
+# Fingerprint of the master public key to validate the identity of your Salt master
+# before the initial key exchange. The master fingerprint can be found by running
+# "salt-key -F master" on the Salt master.
+#master_finger: ''
+
+
+###### Thread settings #####
+###########################################
+# Disable multiprocessing support, by default when a minion receives a
+# publication a new process is spawned and the command is executed therein.
+#multiprocessing: True
+
+
+##### Logging settings #####
+##########################################
+# The location of the minion log file
+# The minion log can be sent to a regular file, local path name, or network
+# location. Remote logging works best when configured to use rsyslogd(8) (e.g.:
+# ``file:///dev/log``), with rsyslogd(8) configured for network logging. The URI
+# format is: <file|udp|tcp>://<host|socketpath>:<port-if-required>/<log-facility>
+#log_file: /var/log/salt/minion
+#log_file: file:///dev/log
+#log_file: udp://loghost:10514
+#
+#log_file: /var/log/salt/minion
+#key_logfile: /var/log/salt/key
+
+# The level of messages to send to the console.
+# One of 'garbage', 'trace', 'debug', info', 'warning', 'error', 'critical'.
+#
+# The following log levels are considered INSECURE and may log sensitive data:
+# ['garbage', 'trace', 'debug']
+#
+# Default: 'warning'
+#log_level: warning
+
+# The level of messages to send to the log file.
+# One of 'garbage', 'trace', 'debug', info', 'warning', 'error', 'critical'.
+# If using 'log_granular_levels' this must be set to the highest desired level.
+# Default: 'warning'
+#log_level_logfile:
+
+# The date and time format used in log messages. Allowed date/time formatting
+# can be seen here: http://docs.python.org/library/time.html#time.strftime
+#log_datefmt: '%H:%M:%S'
+#log_datefmt_logfile: '%Y-%m-%d %H:%M:%S'
+
+# The format of the console logging messages. Allowed formatting options can
+# be seen here: http://docs.python.org/library/logging.html#logrecord-attributes
+#
+# Console log colors are specified by these additional formatters:
+#
+# %(colorlevel)s
+# %(colorname)s
+# %(colorprocess)s
+# %(colormsg)s
+#
+# Since it is desirable to include the surrounding brackets, '[' and ']', in
+# the coloring of the messages, these color formatters also include padding as
+# well. Color LogRecord attributes are only available for console logging.
+#
+#log_fmt_console: '%(colorlevel)s %(colormsg)s'
+#log_fmt_console: '[%(levelname)-8s] %(message)s'
+#
+#log_fmt_logfile: '%(asctime)s,%(msecs)03.0f [%(name)-17s][%(levelname)-8s] %(message)s'
+
+# This can be used to control logging levels more specificically. This
+# example sets the main salt library at the 'warning' level, but sets
+# 'salt.modules' to log at the 'debug' level:
+# log_granular_levels:
+# 'salt': 'warning'
+# 'salt.modules': 'debug'
+#
+#log_granular_levels: {}
+
+# To diagnose issues with minions disconnecting or missing returns, ZeroMQ
+# supports the use of monitor sockets # to log connection events. This
+# feature requires ZeroMQ 4.0 or higher.
+#
+# To enable ZeroMQ monitor sockets, set 'zmq_monitor' to 'True' and log at a
+# debug level or higher.
+#
+# A sample log event is as follows:
+#
+# [DEBUG ] ZeroMQ event: {'endpoint': 'tcp://127.0.0.1:4505', 'event': 512,
+# 'value': 27, 'description': 'EVENT_DISCONNECTED'}
+#
+# All events logged will include the string 'ZeroMQ event'. A connection event
+# should be logged on the as the minion starts up and initially connects to the
+# master. If not, check for debug log level and that the necessary version of
+# ZeroMQ is installed.
+#
+#zmq_monitor: False
+
+###### Module configuration #####
+###########################################
+# Salt allows for modules to be passed arbitrary configuration data, any data
+# passed here in valid yaml format will be passed on to the salt minion modules
+# for use. It is STRONGLY recommended that a naming convention be used in which
+# the module name is followed by a . and then the value. Also, all top level
+# data must be applied via the yaml dict construct, some examples:
+#
+# You can specify that all modules should run in test mode:
+#test: True
+#
+# A simple value for the test module:
+#test.foo: foo
+#
+# A list for the test module:
+#test.bar: [baz,quo]
+#
+# A dict for the test module:
+#test.baz: {spam: sausage, cheese: bread}
+#
+#
+###### Update settings ######
+###########################################
+# Using the features in Esky, a salt minion can both run as a frozen app and
+# be updated on the fly. These options control how the update process
+# (saltutil.update()) behaves.
+#
+# The url for finding and downloading updates. Disabled by default.
+#update_url: False
+#
+# The list of services to restart after a successful update. Empty by default.
+#update_restart_services: []
+
+
+###### Keepalive settings ######
+############################################
+# ZeroMQ now includes support for configuring SO_KEEPALIVE if supported by
+# the OS. If connections between the minion and the master pass through
+# a state tracking device such as a firewall or VPN gateway, there is
+# the risk that it could tear down the connection the master and minion
+# without informing either party that their connection has been taken away.
+# Enabling TCP Keepalives prevents this from happening.
+
+# Overall state of TCP Keepalives, enable (1 or True), disable (0 or False)
+# or leave to the OS defaults (-1), on Linux, typically disabled. Default True, enabled.
+#tcp_keepalive: True
+
+# How long before the first keepalive should be sent in seconds. Default 300
+# to send the first keepalive after 5 minutes, OS default (-1) is typically 7200 seconds
+# on Linux see /proc/sys/net/ipv4/tcp_keepalive_time.
+#tcp_keepalive_idle: 300
+
+# How many lost probes are needed to consider the connection lost. Default -1
+# to use OS defaults, typically 9 on Linux, see /proc/sys/net/ipv4/tcp_keepalive_probes.
+#tcp_keepalive_cnt: -1
+
+# How often, in seconds, to send keepalives after the first one. Default -1 to
+# use OS defaults, typically 75 seconds on Linux, see
+# /proc/sys/net/ipv4/tcp_keepalive_intvl.
+#tcp_keepalive_intvl: -1
+
+
+###### Windows Software settings ######
+############################################
+# Location of the repository cache file on the master:
+#win_repo_cachefile: 'salt://win/repo/winrepo.p'
+
+
+###### Returner settings ######
+############################################
+# Which returner(s) will be used for minion's result:
+#return: mysql
systemd-bus-proxy:*:16832:0:99999:7:::
sshd:*:16832:0:99999:7:::
postfix:*:16856:0:99999:7:::
+bind:*:16869:0:99999:7:::
+ulog:*:17070:0:99999:7:::
+repo:!:17100:0:99999:7:::
systemd-bus-proxy:*:16832:0:99999:7:::
sshd:*:16832:0:99999:7:::
postfix:*:16856:0:99999:7:::
+bind:*:16869:0:99999:7:::
+ulog:*:17070:0:99999:7:::
/bin/dash
/bin/bash
/bin/rbash
+/bin/zsh
+/usr/bin/zsh
*) return;;
esac
-# don't put duplicate lines or lines starting with space in the history.
-# See bash(1) for more options
-HISTCONTROL=ignoreboth
-
-# append to the history file, don't overwrite it
-shopt -s histappend
-
-# for setting history length see HISTSIZE and HISTFILESIZE in bash(1)
-HISTSIZE=1000
-HISTFILESIZE=2000
-
-# check the window size after each command and, if necessary,
-# update the values of LINES and COLUMNS.
-shopt -s checkwinsize
-
# If set, the pattern "**" used in a pathname expansion context will
# match all files and zero or more directories and subdirectories.
#shopt -s globstar
# make less more friendly for non-text input files, see lesspipe(1)
#[ -x /usr/bin/lesspipe ] && eval "$(SHELL=/bin/sh lesspipe)"
-# set variable identifying the chroot you work in (used in the prompt below)
-if [ -z "${debian_chroot:-}" ] && [ -r /etc/debian_chroot ]; then
- debian_chroot=$(cat /etc/debian_chroot)
-fi
-
-# set a fancy prompt (non-color, unless we know we "want" color)
-case "$TERM" in
- xterm-color) color_prompt=yes;;
-esac
-
-# uncomment for a colored prompt, if the terminal has the capability; turned
-# off by default to not distract the user: the focus in a terminal window
-# should be on the output of commands, not on the prompt
-#force_color_prompt=yes
-
-if [ -n "$force_color_prompt" ]; then
- if [ -x /usr/bin/tput ] && tput setaf 1 >&/dev/null; then
- # We have color support; assume it's compliant with Ecma-48
- # (ISO/IEC-6429). (Lack of such support is extremely rare, and such
- # a case would tend to support setf rather than setaf.)
- color_prompt=yes
- else
- color_prompt=
- fi
-fi
-
-if [ "$color_prompt" = yes ]; then
- PS1='${debian_chroot:+($debian_chroot)}\[\033[01;32m\]\u@\h\[\033[00m\]:\[\033[01;34m\]\w\[\033[00m\]\$ '
-else
- PS1='${debian_chroot:+($debian_chroot)}\u@\h:\w\$ '
-fi
-unset color_prompt force_color_prompt
-
# If this is an xterm set the title to user@host:dir
-case "$TERM" in
-xterm*|rxvt*)
- PS1="\[\e]0;${debian_chroot:+($debian_chroot)}\u@\h: \w\a\]$PS1"
- ;;
-*)
- ;;
-esac
-
-# enable color support of ls and also add handy aliases
-if [ -x /usr/bin/dircolors ]; then
- test -r ~/.dircolors && eval "$(dircolors -b ~/.dircolors)" || eval "$(dircolors -b)"
- alias ls='ls --color=auto'
- #alias dir='dir --color=auto'
- #alias vdir='vdir --color=auto'
-
- #alias grep='grep --color=auto'
- #alias fgrep='fgrep --color=auto'
- #alias egrep='egrep --color=auto'
-fi
-
-# colored GCC warnings and errors
-#export GCC_COLORS='error=01;31:warning=01;35:note=01;36:caret=01;32:locus=01:quote=01'
-
-# some more ls aliases
-#alias ll='ls -l'
-#alias la='ls -A'
-#alias l='ls -CF'
+#case "$TERM" in
+#xterm*|rxvt*)
+# PS1="\[\e]0;${debian_chroot:+($debian_chroot)}\u@\h: \w\a\]$PS1"
+# ;;
+#*)
+# ;;
+#esac
# Alias definitions.
# You may want to put all your additions into a separate file like
. ~/.bash_aliases
fi
-# enable programmable completion features (you don't need to enable
-# this, if it's already enabled in /etc/bash.bashrc and /etc/profile
-# sources /etc/bash.bashrc).
-if ! shopt -oq posix; then
- if [ -f /usr/share/bash-completion/bash_completion ]; then
- . /usr/share/bash-completion/bash_completion
- elif [ -f /etc/bash_completion ]; then
- . /etc/bash_completion
- fi
-fi
# CheckHostIP yes
# AddressFamily any
# ConnectTimeout 0
-# StrictHostKeyChecking ask
+ StrictHostKeyChecking no
# IdentityFile ~/.ssh/identity
# IdentityFile ~/.ssh/id_rsa
# IdentityFile ~/.ssh/id_dsa
# ProxyCommand ssh -q -W %h:%p gateway.example.com
# RekeyLimit 1G 1h
SendEnv LANG LC_*
- HashKnownHosts yes
+ HashKnownHosts no
GSSAPIAuthentication yes
GSSAPIDelegateCredentials no
systemd-bus-proxy:296608:65536
sshd:362144:65536
postfix:427680:65536
+bind:493216:65536
+ulog:558752:65536
+repo:624288:65536
systemd-resolve:231072:65536
systemd-bus-proxy:296608:65536
sshd:362144:65536
+postfix:427680:65536
+bind:493216:65536
+ulog:558752:65536
systemd-bus-proxy:296608:65536
sshd:362144:65536
postfix:427680:65536
+bind:493216:65536
+ulog:558752:65536
+repo:624288:65536
systemd-resolve:231072:65536
systemd-bus-proxy:296608:65536
sshd:362144:65536
+postfix:427680:65536
+bind:493216:65536
+ulog:558752:65536
--- /dev/null
+#
+# This file MUST be edited with the 'visudo' command as root.
+#
+# Please consider adding local content in /etc/sudoers.d/ instead of
+# directly modifying this file.
+#
+# See the man page for details on how to write a sudoers file.
+#
+Defaults env_reset
+Defaults mail_badpass
+Defaults secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
+
+# Host alias specification
+
+# User alias specification
+
+# Cmnd alias specification
+
+# User privilege specification
+root ALL=(ALL:ALL) ALL
+
+# Allow members of group sudo to execute any command
+%sudo ALL=(ALL:ALL) ALL
+
+# See sudoers(5) for more information on "#include" directives:
+
+#includedir /etc/sudoers.d
--- /dev/null
+#
+# As of Debian version 1.7.2p1-1, the default /etc/sudoers file created on
+# installation of the package now includes the directive:
+#
+# #includedir /etc/sudoers.d
+#
+# This will cause sudo to read and parse any files in the /etc/sudoers.d
+# directory that do not end in '~' or contain a '.' character.
+#
+# Note that there must be at least one file in the sudoers.d directory (this
+# one will do), and all files in this directory should be mode 0440.
+#
+# Note also, that because sudoers contents can vary widely, no attempt is
+# made to add this directive to existing sudoers files on upgrade. Feel free
+# to add the above directive to the end of your /etc/sudoers file to enable
+# this functionality for existing installations if you wish!
+#
+# Finally, please note that using the visudo command is the recommended way
+# to update sudoers content, since it protects against many failure modes.
+# See the man page for visudo for more information.
+#
+++ /dev/null
-../sysctl.conf
\ No newline at end of file
--- /dev/null
+/lib/systemd/system/bind9.service
\ No newline at end of file
--- /dev/null
+/lib/systemd/system/netfilter-persistent.service
\ No newline at end of file
--- /dev/null
+/lib/systemd/system/salt-minion.service
\ No newline at end of file
--- /dev/null
+/lib/systemd/system/ulogd2.service
\ No newline at end of file
--- /dev/null
+/lib/systemd/system/certbot.timer
\ No newline at end of file
--- /dev/null
+/lib/systemd/system/ulogd2.service
\ No newline at end of file
--- /dev/null
+[Bind9]
+title=Internet Domain Name Server
+description=The Berkeley Internet Name Domain (BIND) implements an Internet domain name server.
+ports=53
+
--- /dev/null
+# Example configuration for ulogd
+# Adapted to Debian by Achilleas Kotsis <achille@debian.gr>
+
+[global]
+######################################################################
+# GLOBAL OPTIONS
+######################################################################
+
+
+# logfile for status messages
+logfile="syslog"
+
+# loglevel: debug(1), info(3), notice(5), error(7) or fatal(8) (default 5)
+loglevel=3
+
+######################################################################
+# PLUGIN OPTIONS
+######################################################################
+
+# We have to configure and load all the plugins we want to use
+
+# general rules:
+# 1. load the plugins _first_ from the global section
+# 2. options for each plugin in seperate section below
+
+
+plugin="/usr/lib/x86_64-linux-gnu/ulogd/ulogd_inppkt_NFLOG.so"
+#plugin="/usr/lib/x86_64-linux-gnu/ulogd/ulogd_inppkt_ULOG.so"
+#plugin="/usr/lib/x86_64-linux-gnu/ulogd/ulogd_inppkt_UNIXSOCK.so"
+plugin="/usr/lib/x86_64-linux-gnu/ulogd/ulogd_inpflow_NFCT.so"
+plugin="/usr/lib/x86_64-linux-gnu/ulogd/ulogd_filter_IFINDEX.so"
+plugin="/usr/lib/x86_64-linux-gnu/ulogd/ulogd_filter_IP2STR.so"
+plugin="/usr/lib/x86_64-linux-gnu/ulogd/ulogd_filter_IP2BIN.so"
+#plugin="/usr/lib/x86_64-linux-gnu/ulogd/ulogd_filter_IP2HBIN.so"
+plugin="/usr/lib/x86_64-linux-gnu/ulogd/ulogd_filter_PRINTPKT.so"
+plugin="/usr/lib/x86_64-linux-gnu/ulogd/ulogd_filter_HWHDR.so"
+plugin="/usr/lib/x86_64-linux-gnu/ulogd/ulogd_filter_PRINTFLOW.so"
+#plugin="/usr/lib/x86_64-linux-gnu/ulogd/ulogd_filter_MARK.so"
+plugin="/usr/lib/x86_64-linux-gnu/ulogd/ulogd_output_LOGEMU.so"
+plugin="/usr/lib/x86_64-linux-gnu/ulogd/ulogd_output_SYSLOG.so"
+plugin="/usr/lib/x86_64-linux-gnu/ulogd/ulogd_output_XML.so"
+#plugin="/usr/lib/x86_64-linux-gnu/ulogd/ulogd_output_SQLITE3.so"
+plugin="/usr/lib/x86_64-linux-gnu/ulogd/ulogd_output_GPRINT.so"
+#plugin="/usr/lib/x86_64-linux-gnu/ulogd/ulogd_output_NACCT.so"
+#plugin="/usr/lib/x86_64-linux-gnu/ulogd/ulogd_output_PCAP.so"
+#plugin="/usr/lib/x86_64-linux-gnu/ulogd/ulogd_output_PGSQL.so"
+#plugin="/usr/lib/x86_64-linux-gnu/ulogd/ulogd_output_MYSQL.so"
+#plugin="/usr/lib/x86_64-linux-gnu/ulogd/ulogd_output_DBI.so"
+plugin="/usr/lib/x86_64-linux-gnu/ulogd/ulogd_raw2packet_BASE.so"
+plugin="/usr/lib/x86_64-linux-gnu/ulogd/ulogd_inpflow_NFACCT.so"
+plugin="/usr/lib/x86_64-linux-gnu/ulogd/ulogd_output_GRAPHITE.so"
+#plugin="/usr/lib/x86_64-linux-gnu/ulogd/ulogd_output_JSON.so"
+
+# this is a stack for logging packet send by system via LOGEMU
+stack=log1:NFLOG,base1:BASE,ifi1:IFINDEX,ip2str1:IP2STR,print1:PRINTPKT,emu1:LOGEMU
+
+# this is a stack for packet-based logging via LOGEMU
+#stack=log2:NFLOG,base1:BASE,ifi1:IFINDEX,ip2str1:IP2STR,print1:PRINTPKT,emu1:LOGEMU
+
+# this is a stack for ULOG packet-based logging via LOGEMU
+#stack=ulog1:ULOG,base1:BASE,ip2str1:IP2STR,print1:PRINTPKT,emu1:LOGEMU
+
+# this is a stack for packet-based logging via LOGEMU with filtering on MARK
+#stack=log2:NFLOG,mark1:MARK,base1:BASE,ifi1:IFINDEX,ip2str1:IP2STR,print1:PRINTPKT,emu1:LOGEMU
+
+# this is a stack for packet-based logging via GPRINT
+#stack=log1:NFLOG,gp1:GPRINT
+
+# this is a stack for flow-based logging via LOGEMU
+#stack=ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,emu1:LOGEMU
+
+# this is a stack for flow-based logging via GPRINT
+#stack=ct1:NFCT,gp1:GPRINT
+
+# this is a stack for flow-based logging via XML
+#stack=ct1:NFCT,xml1:XML
+
+# this is a stack for logging in XML
+#stack=log1:NFLOG,xml1:XML
+
+# this is a stack for accounting-based logging via XML
+#stack=acct1:NFACCT,xml1:XML
+
+# this is a stack for accounting-based logging to a Graphite server
+#stack=acct1:NFACCT,graphite1:GRAPHITE
+
+# this is a stack for NFLOG packet-based logging to PCAP
+#stack=log2:NFLOG,base1:BASE,pcap1:PCAP
+
+# this is a stack for logging packet to MySQL
+#stack=log2:NFLOG,base1:BASE,ifi1:IFINDEX,ip2bin1:IP2BIN,mac2str1:HWHDR,mysql1:MYSQL
+
+# this is a stack for logging packet to PGsql after a collect via NFLOG
+#stack=log2:NFLOG,base1:BASE,ifi1:IFINDEX,ip2str1:IP2STR,mac2str1:HWHDR,pgsql1:PGSQL
+
+# this is a stack for logging packet to JSON formatted file after a collect via NFLOG
+#stack=log2:NFLOG,base1:BASE,ifi1:IFINDEX,ip2str1:IP2STR,mac2str1:HWHDR,json1:JSON
+
+# this is a stack for logging packets to syslog after a collect via NFLOG
+#stack=log3:NFLOG,base1:BASE,ifi1:IFINDEX,ip2str1:IP2STR,print1:PRINTPKT,sys1:SYSLOG
+
+# this is a stack for logging packets to syslog after a collect via NuFW
+#stack=nuauth1:UNIXSOCK,base1:BASE,ip2str1:IP2STR,print1:PRINTPKT,sys1:SYSLOG
+
+# this is a stack for flow-based logging to MySQL
+#stack=ct1:NFCT,ip2bin1:IP2BIN,mysql2:MYSQL
+
+# this is a stack for flow-based logging to PGSQL
+#stack=ct1:NFCT,ip2str1:IP2STR,pgsql2:PGSQL
+
+# this is a stack for flow-based logging to PGSQL without local hash
+#stack=ct1:NFCT,ip2str1:IP2STR,pgsql3:PGSQL
+
+# this is a stack for flow-based logging to SQLITE3
+#stack=ct1:NFCT,sqlite3_ct:SQLITE3
+
+# this is a stack for logging packet to SQLITE3
+#stack=log1:NFLOG,sqlite3_pkt:SQLITE3
+
+# this is a stack for flow-based logging in NACCT compatible format
+#stack=ct1:NFCT,ip2str1:IP2STR,nacct1:NACCT
+
+# this is a stack for accounting-based logging via GPRINT
+#stack=acct1:NFACCT,gp1:GPRINT
+
+[ct1]
+#netlink_socket_buffer_size=217088
+#netlink_socket_buffer_maxsize=1085440
+#netlink_resync_timeout=60 # seconds to wait to perform resynchronization
+#pollinterval=10 # use poll-based logging instead of event-driven
+# If pollinterval is not set, NFCT plugin will work in event mode
+# In this case, you can use the following filters on events:
+#accept_src_filter=192.168.1.0/24,1:2::/64 # source ip of connection must belong to these networks
+#accept_dst_filter=192.168.1.0/24 # destination ip of connection must belong to these networks
+#accept_proto_filter=tcp,sctp # layer 4 proto of connections
+
+[ct2]
+#netlink_socket_buffer_size=217088
+#netlink_socket_buffer_maxsize=1085440
+#reliable=1 # enable reliable flow-based logging (may drop packets)
+hash_enable=0
+
+# Logging of system packet through NFLOG
+[log1]
+# netlink multicast group (the same as the iptables --nflog-group param)
+# Group O is used by the kernel to log connection tracking invalid message
+group=0
+#netlink_socket_buffer_size=217088
+#netlink_socket_buffer_maxsize=1085440
+# set number of packet to queue inside kernel
+#netlink_qthreshold=1
+# set the delay before flushing packet in the queue inside kernel (in 10ms)
+#netlink_qtimeout=100
+
+# packet logging through NFLOG for group 1
+[log2]
+# netlink multicast group (the same as the iptables --nflog-group param)
+group=1 # Group has to be different from the one use in log1
+#netlink_socket_buffer_size=217088
+#netlink_socket_buffer_maxsize=1085440
+# If your kernel is older than 2.6.29 and if a NFLOG input plugin with
+# group 0 is not used by any stack, you need to have at least one NFLOG
+# input plugin with bind set to 1. If you don't do that you may not
+# receive any message from the kernel.
+#bind=1
+
+# packet logging through NFLOG for group 2, numeric_label is
+# set to 1
+[log3]
+# netlink multicast group (the same as the iptables --nflog-group param)
+group=2 # Group has to be different from the one use in log1/log2
+numeric_label=1 # you can label the log info based on the packet verdict
+#netlink_socket_buffer_size=217088
+#netlink_socket_buffer_maxsize=1085440
+#bind=1
+
+[ulog1]
+# netlink multicast group (the same as the iptables --ulog-nlgroup param)
+nlgroup=1
+#numeric_label=0 # optional argument
+
+[nuauth1]
+socket_path="/tmp/nuauth_ulogd2.sock"
+
+[emu1]
+file="/var/log/ulog/syslogemu.log"
+sync=1
+
+[op1]
+file="/var/log/ulog/oprint.log"
+sync=1
+
+[gp1]
+file="/var/log/ulog/gprint.log"
+sync=1
+timestamp=1
+
+[xml1]
+directory="/var/log/"
+sync=1
+
+[json1]
+sync=1
+#file="/var/log/ulog/ulogd.json"
+#timestamp=0
+# device name to be used in JSON message
+#device="My awesome Netfilter firewall"
+# If boolean_label is set to 1 then the numeric_label put on packet
+# by the input plugin is coding the action on packet: if 0, then
+# packet has been blocked and if non null it has been accepted.
+#boolean_label=1
+
+[pcap1]
+#default file is /var/log/ulogd.pcap
+#file="/var/log/ulog/ulogd.pcap"
+sync=1
+
+[mysql1]
+db="nulog"
+host="localhost"
+user="nupik"
+table="ulog"
+pass="changeme"
+procedure="INSERT_PACKET_FULL"
+# backlog configuration:
+# set backlog_memcap to the size of memory that will be
+# allocated to store events in memory if data is temporary down
+# and insert them when the database came back.
+#backlog_memcap=1000000
+# number of events to insert at once when backlog is not empty
+#backlog_oneshot_requests=10
+
+[mysql2]
+db="nulog"
+host="localhost"
+user="nupik"
+table="conntrack"
+pass="changeme"
+procedure="INSERT_CT"
+
+[pgsql1]
+db="nulog"
+host="localhost"
+user="nupik"
+table="ulog"
+#schema="public"
+pass="changeme"
+procedure="INSERT_PACKET_FULL"
+# connstring can be used to define PostgreSQL connection string which
+# contains all parameters of the connection. If set, this value has
+# precedence on other variables used to build the connection string.
+# See http://www.postgresql.org/docs/9.2/static/libpq-connect.html#LIBPQ-CONNSTRING
+# for a complete description of options.
+#connstring="host=localhost port=4321 dbname=nulog user=nupik password=changeme"
+#backlog_memcap=1000000
+#backlog_oneshot_requests=10
+# If superior to 1 a thread dedicated to SQL request execution
+# is created. The value stores the number of SQL request to keep
+# in the ring buffer
+#ring_buffer_size=1000
+
+[pgsql2]
+db="nulog"
+host="localhost"
+user="nupik"
+table="ulog2_ct"
+#schema="public"
+pass="changeme"
+procedure="INSERT_CT"
+
+[pgsql3]
+db="nulog"
+host="localhost"
+user="nupik"
+table="ulog2_ct"
+#schema="public"
+pass="changeme"
+procedure="INSERT_OR_REPLACE_CT"
+
+[pgsql4]
+db="nulog"
+host="localhost"
+user="nupik"
+table="nfacct"
+#schema="public"
+pass="changeme"
+procedure="INSERT_NFACCT"
+
+[dbi1]
+db="ulog2"
+dbtype="pgsql"
+host="localhost"
+user="ulog2"
+table="ulog"
+pass="ulog2"
+procedure="INSERT_PACKET_FULL"
+
+[sqlite3_ct]
+table="ulog_ct"
+db="/var/log/ulog/ulogd.sqlite3db"
+buffer=200
+
+[sqlite3_pkt]
+table="ulog_pkt"
+db="/var/log/ulog/ulogd.sqlite3db"
+buffer=200
+
+[sys2]
+facility=LOG_LOCAL2
+
+[nacct1]
+sync = 1
+#file = /var/log/ulog/nacct.log
+
+[mark1]
+mark = 1
+
+[acct1]
+pollinterval = 2
+# If set to 0, we don't reset the counters for each polling (default is 1).
+#zerocounter = 0
+# Set timestamp (default is 0, which means not set). This timestamp can be
+# interpreted by the output plugin.
+#timestamp = 1
+
+[graphite1]
+host="127.0.0.1"
+port="2003"
+# Prefix of data name sent to graphite server
+prefix="netfilter.nfacct"
--- /dev/null
+PRUNE_BIND_MOUNTS="yes"
+# PRUNENAMES=".git .bzr .hg .svn"
+PRUNEPATHS="/tmp /var/spool /media"
+PRUNEFS="NFS nfs nfs4 rpc_pipefs afs binfmt_misc proc smbfs autofs iso9660 ncpfs coda devpts ftpfs devfs mfs shfs sysfs cifs lustre tmpfs usbfs udf fuse.glusterfs fuse.sshfs curlftpfs"
+++ /dev/null
-../../systemd/user
\ No newline at end of file
--- /dev/null
+# Set up the prompt
+
+autoload -Uz promptinit
+promptinit
+prompt adam1
+
+setopt histignorealldups sharehistory
+
+# Use emacs keybindings even if our EDITOR is set to vi
+bindkey -e
+
+# Keep 1000 lines of history within the shell and save it to ~/.zsh_history:
+HISTSIZE=1000
+SAVEHIST=1000
+HISTFILE=~/.zsh_history
+
+# Use modern completion system
+autoload -Uz compinit
+compinit
+
+zstyle ':completion:*' auto-description 'specify: %d'
+zstyle ':completion:*' completer _expand _complete _correct _approximate
+zstyle ':completion:*' format 'Completing %d'
+zstyle ':completion:*' group-name ''
+zstyle ':completion:*' menu select=2
+eval "$(dircolors -b)"
+zstyle ':completion:*:default' list-colors ${(s.:.)LS_COLORS}
+zstyle ':completion:*' list-colors ''
+zstyle ':completion:*' list-prompt %SAt %p: Hit TAB for more, or the character to insert%s
+zstyle ':completion:*' matcher-list '' 'm:{a-z}={A-Z}' 'm:{a-zA-Z}={A-Za-z}' 'r:|[._-]=* r:|=* l:|=*'
+zstyle ':completion:*' menu select=long
+zstyle ':completion:*' select-prompt %SScrolling active: current selection at %p%s
+zstyle ':completion:*' use-compctl false
+zstyle ':completion:*' verbose true
+
+zstyle ':completion:*:*:kill:*:processes' list-colors '=(#b) #([0-9]#)*=0=01;31'
+zstyle ':completion:*:kill:*' command 'ps -u $USER -o pid,%cpu,tty,cputime,cmd'
--- /dev/null
+# /etc/zsh/zlogin: system-wide .zlogin file for zsh(1).
+#
+# This file is sourced only for login shells. It
+# should contain commands that should be executed only
+# in login shells. It should be used to set the terminal
+# type and run a series of external commands (fortune,
+# msgs, from, etc.)
+#
+# Global Order: zshenv, zprofile, zshrc, zlogin
--- /dev/null
+# /etc/zsh/zlogout: system-wide .zlogout file for zsh(1).
--- /dev/null
+# /etc/zsh/zprofile: system-wide .zprofile file for zsh(1).
+#
+# This file is sourced only for login shells (i.e. shells
+# invoked with "-" as the first character of argv[0], and
+# shells invoked with the -l flag.)
+#
+# Global Order: zshenv, zprofile, zshrc, zlogin
--- /dev/null
+# /etc/zsh/zshenv: system-wide .zshenv file for zsh(1).
+#
+# This file is sourced on all invocations of the shell.
+# If the -f flag is present or if the NO_RCS option is
+# set within this file, all other initialization files
+# are skipped.
+#
+# This file should contain commands to set the command
+# search path, plus other important environment variables.
+# This file should not contain commands that produce
+# output or assume the shell is attached to a tty.
+#
+# Global Order: zshenv, zprofile, zshrc, zlogin
+
+if [[ -z "$PATH" || "$PATH" == "/bin:/usr/bin" ]]
+then
+ export PATH="/usr/local/bin:/usr/bin:/bin:/usr/games"
+fi
--- /dev/null
+# /etc/zsh/zshrc: system-wide .zshrc file for zsh(1).
+#
+# This file is sourced only for interactive shells. It
+# should contain commands to set up aliases, functions,
+# options, key bindings, etc.
+#
+# Global Order: zshenv, zprofile, zshrc, zlogin
+
+READNULLCMD=${PAGER:-/usr/bin/pager}
+
+# An array to note missing features to ease diagnosis in case of problems.
+typeset -ga debian_missing_features
+
+if [[ -z "$DEBIAN_PREVENT_KEYBOARD_CHANGES" ]] &&
+ [[ "$TERM" != 'emacs' ]]
+then
+
+ typeset -A key
+ key=(
+ BackSpace "${terminfo[kbs]}"
+ Home "${terminfo[khome]}"
+ End "${terminfo[kend]}"
+ Insert "${terminfo[kich1]}"
+ Delete "${terminfo[kdch1]}"
+ Up "${terminfo[kcuu1]}"
+ Down "${terminfo[kcud1]}"
+ Left "${terminfo[kcub1]}"
+ Right "${terminfo[kcuf1]}"
+ PageUp "${terminfo[kpp]}"
+ PageDown "${terminfo[knp]}"
+ )
+
+ function bind2maps () {
+ local i sequence widget
+ local -a maps
+
+ while [[ "$1" != "--" ]]; do
+ maps+=( "$1" )
+ shift
+ done
+ shift
+
+ sequence="${key[$1]}"
+ widget="$2"
+
+ [[ -z "$sequence" ]] && return 1
+
+ for i in "${maps[@]}"; do
+ bindkey -M "$i" "$sequence" "$widget"
+ done
+ }
+
+ bind2maps emacs -- BackSpace backward-delete-char
+ bind2maps viins -- BackSpace vi-backward-delete-char
+ bind2maps vicmd -- BackSpace vi-backward-char
+ bind2maps emacs -- Home beginning-of-line
+ bind2maps viins vicmd -- Home vi-beginning-of-line
+ bind2maps emacs -- End end-of-line
+ bind2maps viins vicmd -- End vi-end-of-line
+ bind2maps emacs viins -- Insert overwrite-mode
+ bind2maps vicmd -- Insert vi-insert
+ bind2maps emacs -- Delete delete-char
+ bind2maps viins vicmd -- Delete vi-delete-char
+ bind2maps emacs viins vicmd -- Up up-line-or-history
+ bind2maps emacs viins vicmd -- Down down-line-or-history
+ bind2maps emacs -- Left backward-char
+ bind2maps viins vicmd -- Left vi-backward-char
+ bind2maps emacs -- Right forward-char
+ bind2maps viins vicmd -- Right vi-forward-char
+
+ # Make sure the terminal is in application mode, when zle is
+ # active. Only then are the values from $terminfo valid.
+ if (( ${+terminfo[smkx]} )) && (( ${+terminfo[rmkx]} )); then
+ function zle-line-init () {
+ emulate -L zsh
+ printf '%s' ${terminfo[smkx]}
+ }
+ function zle-line-finish () {
+ emulate -L zsh
+ printf '%s' ${terminfo[rmkx]}
+ }
+ zle -N zle-line-init
+ zle -N zle-line-finish
+ else
+ for i in {s,r}mkx; do
+ (( ${+terminfo[$i]} )) || debian_missing_features+=($i)
+ done
+ unset i
+ fi
+
+ unfunction bind2maps
+
+fi # [[ -z "$DEBIAN_PREVENT_KEYBOARD_CHANGES" ]] && [[ "$TERM" != 'emacs' ]]
+
+zstyle ':completion:*:sudo:*' command-path /usr/local/sbin \
+ /usr/local/bin \
+ /usr/sbin \
+ /usr/bin \
+ /sbin \
+ /bin \
+ /usr/X11R6/bin
+
+(( ${+aliases[run-help]} )) && unalias run-help
+autoload -Uz run-help
projects / config / ns2 / etc.git / commitdiff