mkdir -p './dovecot/private'
mkdir -p './dpkg/dpkg.cfg.d'
mkdir -p './fail2ban/fail2ban.d'
-mkdir -p './icinga2/pki'
mkdir -p './initramfs-tools/conf.d'
mkdir -p './initramfs-tools/hooks'
mkdir -p './initramfs-tools/scripts/init-bottom'
maybe chmod 0644 'icinga2/conf.d/timeperiods.conf'
maybe chmod 0644 'icinga2/conf.d/users.conf'
maybe chmod 0644 'icinga2/constants.conf'
+maybe chmod 0644 'icinga2/constants.conf.orig'
maybe chmod 0755 'icinga2/features-available'
maybe chmod 0644 'icinga2/features-available/api.conf'
+maybe chmod 0644 'icinga2/features-available/api.conf.orig'
maybe chmod 0644 'icinga2/features-available/checker.conf'
maybe chmod 0644 'icinga2/features-available/command.conf'
maybe chmod 0644 'icinga2/features-available/compatlog.conf'
maybe chown 'nagios' 'icinga2/pki'
maybe chgrp 'nagios' 'icinga2/pki'
maybe chmod 0700 'icinga2/pki'
+maybe chmod 0644 'icinga2/pki/ca.crt'
+maybe chown 'nagios' 'icinga2/pki/sarah.uhu-banane.de.crt'
+maybe chgrp 'nagios' 'icinga2/pki/sarah.uhu-banane.de.crt'
+maybe chmod 0644 'icinga2/pki/sarah.uhu-banane.de.crt'
+maybe chmod 0644 'icinga2/pki/sarah.uhu-banane.de.crt.orig'
+maybe chown 'nagios' 'icinga2/pki/sarah.uhu-banane.de.key'
+maybe chgrp 'nagios' 'icinga2/pki/sarah.uhu-banane.de.key'
+maybe chmod 0600 'icinga2/pki/sarah.uhu-banane.de.key'
maybe chmod 0755 'icinga2/repository.d'
maybe chmod 0644 'icinga2/repository.d/README'
maybe chmod 0755 'icinga2/scripts'
maybe chmod 0755 'icinga2/scripts/mail-host-notification.sh'
maybe chmod 0755 'icinga2/scripts/mail-service-notification.sh'
maybe chmod 0644 'icinga2/zones.conf'
+maybe chmod 0644 'icinga2/zones.conf.orig'
maybe chmod 0755 'icinga2/zones.d'
maybe chmod 0644 'icinga2/zones.d/README'
maybe chmod 0755 'init'
/* Our local instance name. By default this is the server's hostname as returned by `hostname --fqdn`.
* This should be the common name from the API certificate.
*/
-//const NodeName = "localhost"
+const NodeName = "sarah.uhu-banane.de"
/* Our local zone name. */
-const ZoneName = NodeName
+const ZoneName = "sarah.uhu-banane.de"
/* Secret key for remote node tickets */
const TicketSalt = ""
--- /dev/null
+/**
+ * This file defines global constants which can be used in
+ * the other configuration files.
+ */
+
+/* The directory which contains the plugins from the Monitoring Plugins project. */
+const PluginDir = "/usr/lib/nagios/plugins"
+
+/* The directory which contains the Manubulon plugins.
+ * Check the documentation, chapter "SNMP Manubulon Plugin Check Commands", for details.
+ */
+const ManubulonPluginDir = "/usr/lib/nagios/plugins"
+
+/* The directory which you use to store additional plugins which ITL provides user contributed command definitions for.
+ * Check the documentation, chapter "Plugins Contribution", for details.
+ */
+const PluginContribDir = "/usr/lib/nagios/plugins"
+
+/* Our local instance name. By default this is the server's hostname as returned by `hostname --fqdn`.
+ * This should be the common name from the API certificate.
+ */
+//const NodeName = "localhost"
+
+/* Our local zone name. */
+const ZoneName = NodeName
+
+/* Secret key for remote node tickets */
+const TicketSalt = ""
/**
* The API listener is used for distributed monitoring setups.
*/
-
object ApiListener "api" {
cert_path = SysconfDir + "/icinga2/pki/" + NodeName + ".crt"
key_path = SysconfDir + "/icinga2/pki/" + NodeName + ".key"
ca_path = SysconfDir + "/icinga2/pki/ca.crt"
+ accept_config = true
+ accept_commands = true
+
ticket_salt = TicketSalt
}
--- /dev/null
+/**
+ * The API listener is used for distributed monitoring setups.
+ */
+
+object ApiListener "api" {
+ cert_path = SysconfDir + "/icinga2/pki/" + NodeName + ".crt"
+ key_path = SysconfDir + "/icinga2/pki/" + NodeName + ".key"
+ ca_path = SysconfDir + "/icinga2/pki/ca.crt"
+
+ ticket_salt = TicketSalt
+}
--- /dev/null
+../features-available/api.conf
\ No newline at end of file
+++ /dev/null
-../features-available/notification.conf
\ No newline at end of file
* the preferred way is to create separate directories and files in the conf.d
* directory. Each of these files must have the file extension ".conf".
*/
-include_recursive "conf.d"
+#include_recursive "conf.d"
--- /dev/null
+-----BEGIN CERTIFICATE-----
+MIIEyjCCArKgAwIBAgIVAKijaxOh/7oUys2n+iw+GHS+hLDbMA0GCSqGSIb3DQEB
+CwUAMBQxEjAQBgNVBAMMCUljaW5nYSBDQTAeFw0xNzA5MjEyMDUxMjFaFw0zMjA5
+MTcyMDUxMjFaMBQxEjAQBgNVBAMMCUljaW5nYSBDQTCCAiIwDQYJKoZIhvcNAQEB
+BQADggIPADCCAgoCggIBALH5Dn55tfqcZejKiu+g/Bd+Nm3I6Maa7iAskg9C9HEM
+rg2FvJmJi+gSO25amjsZGTC+TnYxIwsWsIPYfDOsfrfkhb1uz5d+7jpJf9aEgVgW
+LZXXxL27rAEnACIHZDdQVLiz3SGSFiiXvYWEatfzfZk47IHLA4aYwnCwW9+QI5q1
+a+M+IfdQPR3CLHCYy4H5v9OUNv2qD3zkA50xO9QPt/DVtOx0n2CrmOjUOSC62sNE
+jEZ0QJM+rRT21Jf+EwcDJVu+QTGceu8/aQ2vjy24OGksPDufcLha5fkYmKghBFRV
+5jXr5NAoYhwMiZNPaLE+Rj8Sz+pHB83yVgBupHrD5sRbuz706mMftCDr3HNuDi/K
+NtNujYwbBTWufNYJE4u4tBnrmhZvJjOhhU6x0jRG1Sh75U/JICbgAAYvSZcNAU5/
+OxiUmgJsKk24M+6+lqnkBlhsPoK40U9zhGhO52ATVdfrrwV6PpPw+oepZm1HWfze
+E09lLC7GgBedbHuVS2xQ/C1L0vAZYfuiUyYMmpw33pX5EpAsDeu2kPWLKC3QjUJH
+GetmJZNypFUWFDkORRJZGq4hj3QeETJKGzU4++XzmMdAnUbDrg33zX+HwOTU1kJL
+W/hQCamzeai2whNSSnfConObXQ/zLqn9pE5ZrGTdQPIGerzzxSJm3PXu6zqxMVZt
+AgMBAAGjEzARMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggIBAEtp
+xft6IvJgJNxHM1tIUAmbijmcu+Y4HGEZaAX4u18i7y/exXHTBbeqJ1dztLy/VSVa
+At94TcdZyewnHa0BsRNILI52qXlcoPBV57RzV+0jTfkK9L9FnuaDDaAYI8vHAxsL
+b0/wieQ3SCLtoJfVRGr3FObz0EtmedKGHpc7sPGYM88QY4iTYVKSFCvYvG4PpZAq
+K+EIn/sRcm6RdfnQwZ8dZ5zNeeZ1DmKlre0+pxwzXDgbTX+eC5CRqKKEknraYIX6
+F1GVEmNUXt5hN4je9Blqfp4e1mbArqXarJtxF5srqI7Dc877dXI//dokC5sivThK
+7pgpH9uaXv8QTUPEsQAAvra1thfPO3I8mrli/CrRThg6AoxMo2PeHu6nbkV4KGpj
+UXSg2gxR4+xoezuuSnnl0rBKLhrSFfEAyzR7hdSlBCgthLnpH7AMRxbosaYHziqQ
+DxZefpiF1vy2og+clbmrW0vyPdt6Bia2SDptWkdZWOG4vJzXqvGToaaaDpA4rrtY
+B3Xuhqyoa+Qq0NXBBpQUwPRceGrtehNgTGDokl6LExjI7h075TrWqTg3cc9LCmWf
+ShJpM5SpZxcGnHZTpZ5Sm4CatSPOy+GGGp64uCrr1vX3BVloQGeIphzupOJ7aIvr
+ZSAH/ibF9WkItQ5XGSgmCZyPL5KnI76jT7BQNi0m
+-----END CERTIFICATE-----
--- /dev/null
+-----BEGIN CERTIFICATE-----
+MIIE8DCCAtigAwIBAgIUbwQ0nCPD4Qb9lTcgdRG+Lq+2mi4wDQYJKoZIhvcNAQEL
+BQAwFDESMBAGA1UEAwwJSWNpbmdhIENBMB4XDTE3MTAxMzEzNTU0MVoXDTMyMTAw
+OTEzNTU0MVowHjEcMBoGA1UEAwwTc2FyYWgudWh1LWJhbmFuZS5kZTCCAiIwDQYJ
+KoZIhvcNAQEBBQADggIPADCCAgoCggIBANE7TTJu6Tlrreyexiu9mS+ILsk4aVvK
+j67HCO6CEKHwOsIrVDIV5h9JAgtOf4Uo7FzcUKFj5L7+jE8Y/fnkLViXUn7iKKx9
+ZMi5MB6+mnrJXGZKQ2hnT6BhbBX+pWzdkWkREHP18wK4PeasBr5DOuTC2qHVGcda
+2MuhzuWfZ5/mEB9lbZg/sUafb0CaxdKRGy+YXkysYA1Mx7thg7lCZ7ruWgJ3GDc3
+Vtc2fyOmFdm2uEzvsl1t1r7obk0YOaF/oT7sms8tTOBtCgOgduddcOTtOXNT/otr
+21MfaQU7nzT6S6bADqTMGR+2fP3ACvcyevvSMgkVBFKbLZoeKpeIT5YjQewDMAZe
+ikWDKboDvSN86QG1IFIZbYE2cZhfPhTaHSRLhOTNw0WRJNAGNbI8Ic2QZUjXJASu
+tWgf36sJpFUMP5eUdHntxXERTl2sEUpQzkGdxLSfrOJXt1vzml+HKwNqGcLOmIQK
+vVdpatS2ihUW+pa7A82qh21s/WiSZj123uw60131OsKM7eh9WX6A/hgwrXkBUQSd
+BazmAmtcE4X9pm+bjK2mXJkqhLME9yhoDE/QNoECJAYeYLSiW4VEZGb0Jesio04J
+s2tS+lfm0JQ77NL/s6c1/m+dGxquWo/3z5brYnv/IlQWPYLoZTYqdT9jGsVgoIv3
+QfN0BWqd5fwtAgMBAAGjMDAuMAwGA1UdEwEB/wQCMAAwHgYDVR0RBBcwFYITc2Fy
+YWgudWh1LWJhbmFuZS5kZTANBgkqhkiG9w0BAQsFAAOCAgEAFPONyX9XBkeT91DR
+UQ8Qg+flMIkSL0HeT1yekHN76ww2SaRPtv8uVKgJZhUw4FMQIhkqU8iNAPFUG/du
+fIWOqffvBjrFzR8kxFo63OR8AXX7sZ7SB6EYe9uGMaQQ7nE89hHjImtJeyvCZXFh
+b0obWZLPaiqXIPFxF4eK7qfVZjXhhP2Y5bdq6C+zSgCr/VNxUTvjyyxKMuy0vicO
+G+s5LH4czuCGUbbjt6ITHvjyAageyBFiI94+Tc+SHpcFIcQg2RaddfG+nlTfZb5w
+OxFiVDLTEk1fMboBWSl/f1H6QTUpMimkFYv2i8qs2qUmUzZd6tLCo/aHZyd9KoR3
+S/rEHU9N5lpc+ZhVsLVRd+iHIjIWUwFKDE4cXinc5f7OEUikApRgJ3bcPPEEiHZv
+EYfPXSPT+Hgy8Sa6tWToClUrrtroNJkqR3jBLrTLVmde9IGrPKWf0Zz6OlTEeLY3
+r6Vj+1t088ozdv/6hoMBkaeD4gXNYY1vS65Pq3AQJ8XEMLxsWtLKVn9Nk6b4mDp7
+4cueZWKe+6R47UYfMbv9TXqvIVzN3Wh1iSzMibh7qS1nF0ZZ5DwAAM69yxvr2O2b
+HtxBAl/HlYCqRlP/A7m2d89A+2I1Wt4hYh4xlg2uhJcAXZCpKBbVl0AaCJIWD6gB
+ROxrUz3tvy25Cx9+lHKPy0yHaYY=
+-----END CERTIFICATE-----
--- /dev/null
+-----BEGIN CERTIFICATE-----
+MIIE+jCCAuKgAwIBAgIUZmMSHqqvg9vYAzP+rBPK/rTOGsAwDQYJKoZIhvcNAQEL
+BQAwHjEcMBoGA1UEAwwTc2FyYWgudWh1LWJhbmFuZS5kZTAeFw0xNzEwMTMxMzU1
+MjJaFw0zMjEwMDkxMzU1MjJaMB4xHDAaBgNVBAMME3NhcmFoLnVodS1iYW5hbmUu
+ZGUwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDRO00ybuk5a63snsYr
+vZkviC7JOGlbyo+uxwjughCh8DrCK1QyFeYfSQILTn+FKOxc3FChY+S+/oxPGP35
+5C1Yl1J+4iisfWTIuTAevpp6yVxmSkNoZ0+gYWwV/qVs3ZFpERBz9fMCuD3mrAa+
+Qzrkwtqh1RnHWtjLoc7ln2ef5hAfZW2YP7FGn29AmsXSkRsvmF5MrGANTMe7YYO5
+Qme67loCdxg3N1bXNn8jphXZtrhM77Jdbda+6G5NGDmhf6E+7JrPLUzgbQoDoHbn
+XXDk7TlzU/6La9tTH2kFO580+kumwA6kzBkftnz9wAr3Mnr70jIJFQRSmy2aHiqX
+iE+WI0HsAzAGXopFgym6A70jfOkBtSBSGW2BNnGYXz4U2h0kS4TkzcNFkSTQBjWy
+PCHNkGVI1yQErrVoH9+rCaRVDD+XlHR57cVxEU5drBFKUM5BncS0n6ziV7db85pf
+hysDahnCzpiECr1XaWrUtooVFvqWuwPNqodtbP1okmY9dt7sOtNd9TrCjO3ofVl+
+gP4YMK15AVEEnQWs5gJrXBOF/aZvm4ytplyZKoSzBPcoaAxP0DaBAiQGHmC0oluF
+RGRm9CXrIqNOCbNrUvpX5tCUO+zS/7OnNf5vnRsarlqP98+W62J7/yJUFj2C6GU2
+KnU/YxrFYKCL90HzdAVqneX8LQIDAQABozAwLjAMBgNVHRMBAf8EAjAAMB4GA1Ud
+EQQXMBWCE3NhcmFoLnVodS1iYW5hbmUuZGUwDQYJKoZIhvcNAQELBQADggIBAMEQ
+9Qe/MdFseETKWRTaW3WCxE0im6Dk50uvwTj0QslodoYKrvUSWtGEr65Z2klFLrH0
+xaotCYdmqVY0mb1tl7InjWJcISOOn56eZE+T6xV5Cc7I+YIHCoSEcU1BD14SRTVN
+oVnigQ2gL5Da+sOxsOnIgRpQJMdlM4vo2RoS4rW670x1q9a+vlD+FRpLDVLrAP48
+sTfRo2dA4qc2YXGHn72PV4PFjG1DdLu6jxwRFyNRDt7GOa8Xu7Qy0HMIYS4FPpqD
+oiBSXEwDgI6goOyMe5ggmUDL/KoutAAoKTgwoGmtnbBIONPNa+NydjW0CRGY9w++
+O+9f1yPmc9hZnp1NkX78rGwV1wM+kJg5lbUWyFfwcMrqOc3m+FzKf61v/5lpgOIm
+VwRAzVrtV3gi68ILe59VemK0mVHDybXBvn41BOt4Q3evCEfO3u9zADTfJ7U3iFHI
+a+lVo6992LEkr2P5YAnylwHPSq7KjwJbzxdlAMwPrCdXRKqMrIBjYLC6OYl+t6fU
+ABOausVR1ga4dVVHP2rK+WweobWsF9LIQMr05xjVe9OC2/LHTscZpfwxGJeACqpg
+bPXHkj/g4/f7kUDFYnFIJ60X0Vj13ZuXz6lyBX8CSxtCZUvPY2RHykvHur05HYrH
+t8gZN7G/3Xk2utOYRb9gpfPolJIrQgyU6lwXILwC
+-----END CERTIFICATE-----
--- /dev/null
+-----BEGIN RSA PRIVATE KEY-----
+MIIJKQIBAAKCAgEA0TtNMm7pOWut7J7GK72ZL4guyThpW8qPrscI7oIQofA6witU
+MhXmH0kCC05/hSjsXNxQoWPkvv6MTxj9+eQtWJdSfuIorH1kyLkwHr6aeslcZkpD
+aGdPoGFsFf6lbN2RaREQc/XzArg95qwGvkM65MLaodUZx1rYy6HO5Z9nn+YQH2Vt
+mD+xRp9vQJrF0pEbL5heTKxgDUzHu2GDuUJnuu5aAncYNzdW1zZ/I6YV2ba4TO+y
+XW3WvuhuTRg5oX+hPuyazy1M4G0KA6B2511w5O05c1P+i2vbUx9pBTufNPpLpsAO
+pMwZH7Z8/cAK9zJ6+9IyCRUEUpstmh4ql4hPliNB7AMwBl6KRYMpugO9I3zpAbUg
+UhltgTZxmF8+FNodJEuE5M3DRZEk0AY1sjwhzZBlSNckBK61aB/fqwmkVQw/l5R0
+ee3FcRFOXawRSlDOQZ3EtJ+s4le3W/OaX4crA2oZws6YhAq9V2lq1LaKFRb6lrsD
+zaqHbWz9aJJmPXbe7DrTXfU6wozt6H1ZfoD+GDCteQFRBJ0FrOYCa1wThf2mb5uM
+raZcmSqEswT3KGgMT9A2gQIkBh5gtKJbhURkZvQl6yKjTgmza1L6V+bQlDvs0v+z
+pzX+b50bGq5aj/fPlutie/8iVBY9guhlNip1P2MaxWCgi/dB83QFap3l/C0CAwEA
+AQKCAgAcHsQ5Sv69YON3Mb+gkVLNOJhRIuvGEmtNKiLhK0ng+dBr2DbwpFDRU5aa
+vmoVE3Lw6AtOJYbQxJVG7Cz2MNyHU48aznp49EFfWMRG3YcViYqJlOGKXpgtDerg
+6eCBySWJ4Wk8rImEjA6FugkN+SspI6cOqP1V9be9ZnnQEqRysRDpp1AbbjP9MeBZ
+5nM/4ZCtzOSfmWsvXmpZnLl/ZJVcYjxmqGrwwNdDBWgA+ollQVFzxaNLOz/pWIO6
+iM72DZk2Q8ZqocP7Raxa4G4amkxZ+CgIf/lt84j+mvIaafDzxc/1EUrmiye1Q2l5
+ER5oKrisr4tZ/SEfmQt/8x32T7OiU9PF4xKE2jMS71xY7p9Jq9MNj3TKO1UEYtiw
+lysDUHMj+QoLJqRUKtODLwUyGs63VaTB2uZSpS6QcMhIxpsoMaia3WiP5+6TWksT
+AjyiZLNyNXEyk2LByQsziZrLj/Wc1yB9Lm1cTuF9b8ky7f9VVMHkD0uUwM9pBckJ
+inPtov5ZRsLimALnUgsV2Ny8qJxTCfRPbwGImKyDTedbzFic7vYDFZx5XUrpi9BG
+ngBXHKeUAyTXOj6rbHOdb2GAtc6BMW9MAptFWBMWcCgbZskBJeWjgbEVBiKx3rHk
+kdAln9pgJpwDwfxdjB6xMys9M5bZqUO33vN+SY/oClsf0iP4YQKCAQEA6kfsTjoM
+n60ckW7LzkpQm+uDZiEox4O8II4MB5jxTEvfd/V5AmnRAn3beR1CMEfG3VAioTWs
++JqEGL/WefJbufnqYdOUa/JqYzn47ZTr+USZBGE8GfGjigXuMIXvGtmp+PEZa0xy
+DN0M+oTQuApEtMf17WB+RGbsTKQL1NLNYd6PcnWDkG+XJ+FiChzCTIwzoFhiA025
+tUrcF1Rtf89JaAt7L5HXJPtdxhiLatNdi4EKsE+ANLtY4Hlie6azL8XN1NwJWRbg
+Fsgn6gbl/2yV77HiTIOI4Ly6QZF/x0REtnvj4fTOSpH/OKounMRZhRN+RDMGhinq
+3l1D/I/GTfSHOwKCAQEA5KDlO87qQyrnTdPNGu9xmMXhwKDxgzp2CLhu0SVqXuTn
+d08f+WcXk0/R1SoTgT+Sx6hYrTTdxWp68xteAq0gPnwvsmmiwr2KBrbEnmiz3nWx
+pDfB3TwkL6t7ksPWpmmfwa/cVyHnyHYjVVyFEFZUVW6X7uXsrz+btvWh7cfAVNPT
+6jFnNtQGR+odtAi5Ql4F3RTgBahj8+eTWlgk0L68P30iH0MuHM8DZJofSBeNkIyl
+Tpz+gPjngziliY5z7oJ+JvKHv5I+ax3+uTYS1kn0GVgySfUYxoAFxIZ8zOiBMuk0
+/A3QLQDh/RMO85u8XEEMr1+w0yhaCG/qdb1tDZDjtwKCAQEAwT72UkhbpVI7oFKN
+1elCuHn5dsKfSoMFKK1CivnC/7YN7HsUh8MU3kNGR460y/JIvMCe7+7AcIezsl56
+4TfiJXNZu7u0T54z1wk4pXATfRbySMSTuKqyxOTDZk7zvWgRZgApgXIbGTU0wWfQ
+ah4+MghGeLkBLhbfjxA5miEPvEzCch0wmnERc5nbLpAuTMnQw9BjeGoiZsIK7Ut8
+ztICsMnXoJNhrWWSIhaY2VLjdHDKikfpbpWiZ/Z4H5qPbzZv48ZkB5Jw4RnUopty
+F9BPlNlb2tUckJPb5r3HcmyDaSqj+/vcNXJb3TezHyhu1vAPVN3p4bytuSGhNLC7
+WA39hQKCAQEA5EXNe5DWD+hXeDqgUGOAvXPeOrG3UjpdvclARCyib0sH3PUwzJjl
+Th1lOfu/682o5RauK4pcX484YWES1YM8bYcbLH0SmHQcyyVTXYLXDKfgjUFqnFU/
+ICWMxXYp7JALhZzsWEcvINTr5H/zD+PSYlaA9nO1hSjydZP9cOd/nnK95Ngc4P6D
+ouwbajVHm/86xYnhP2TpH485bfwSDiZS2OU824/9C6CaF6lW0GlL3GbBaqOP7QAY
+T8mQZq7IC/1YrdR8O4duMQ+K1CwsVK8UPPX1iChi61bJ63YIR6Nh1I5Ka9vy3exC
+t6d+xzbYtBfy7WuSptJkSoZLx/ExYFkpMwKCAQBlNbAEW5iwRT43XII+/mHHZK6A
+esMSowUYV/8F2XSBDxd5Ch4dWuvIq9+XGGqmkWwlqegrOFxz+sNDU1/yW9NQnVY5
+pPFgDxBv79iCIiiHwdHzy7j1xo6nf/Y3nPywiE7BWwBpaZ2CACRjRGUwucXwS0FD
+wNck1BgsaYfnvpDdnVJFdmQUJIrdPDHwy4ylpqBZoLafyabAezJYsc6n8VLltXwm
+TdoWuoyvZD5JbOrCbJ3K1xFQPBUd5ARO0U44L2Wx9HVyYVmsUPIt0rxjgegbSIRb
+eq3pWtjOLk2ZyfCFFd1DNcNwSZ+89vFNC47X6Vmd3l6md9RP/dSi1LkVheXf
+-----END RSA PRIVATE KEY-----
/*
- * Endpoint and Zone configuration for a cluster setup
- * This local example requires `NodeName` defined in
- * constants.conf.
+ * Generated by Icinga 2 node setup commands
+ * on 2017-10-13 15:55:47 +0200
*/
-object Endpoint NodeName {
- host = NodeName
-}
-
-object Zone ZoneName {
- endpoints = [ NodeName ]
-}
-
-/*
- * Defines a global zone containing templates,
- * etc. synced to all nodes, if they accept
- * configuration. All remote nodes need
- * this zone configured too.
- */
-
-/*
-object Zone "global-templates" {
- global = true
+object Endpoint "ns1.uhu-banane.de" {
+ host = "ns1.uhu-banane.de"
+ port = "5665"
}
-*/
-/*
- * Read the documentation on how to configure
- * a cluster setup with multiple zones.
- */
-
-/*
-object Endpoint "master.example.org" {
- host = "master.example.org"
+object Zone "master" {
+ endpoints = [ "ns1.uhu-banane.de" ]
}
-object Endpoint "satellite.example.org" {
- host = "satellite.example.org"
+object Endpoint NodeName {
}
-object Zone "master" {
- endpoints = [ "master.example.org" ]
+object Zone ZoneName {
+ endpoints = [ NodeName ]
+ parent = "master"
}
-object Zone "satellite" {
- parent = "master"
- endpoints = [ "satellite.example.org" ]
-}
-*/
--- /dev/null
+/*
+ * Endpoint and Zone configuration for a cluster setup
+ * This local example requires `NodeName` defined in
+ * constants.conf.
+ */
+
+object Endpoint NodeName {
+ host = NodeName
+}
+
+object Zone ZoneName {
+ endpoints = [ NodeName ]
+}
+
+/*
+ * Defines a global zone containing templates,
+ * etc. synced to all nodes, if they accept
+ * configuration. All remote nodes need
+ * this zone configured too.
+ */
+
+/*
+object Zone "global-templates" {
+ global = true
+}
+*/
+
+/*
+ * Read the documentation on how to configure
+ * a cluster setup with multiple zones.
+ */
+
+/*
+object Endpoint "master.example.org" {
+ host = "master.example.org"
+}
+
+object Endpoint "satellite.example.org" {
+ host = "satellite.example.org"
+}
+
+object Zone "master" {
+ endpoints = [ "master.example.org" ]
+}
+
+object Zone "satellite" {
+ parent = "master"
+ endpoints = [ "satellite.example.org" ]
+}
+*/
+
-# Generated by iptables-save v1.6.0 on Thu Jul 20 10:13:13 2017
-*nat
-:PREROUTING ACCEPT [7691:490389]
-:INPUT ACCEPT [1504:145068]
-:OUTPUT ACCEPT [9822:727415]
-:POSTROUTING ACCEPT [9822:727415]
-COMMIT
-# Completed on Thu Jul 20 10:13:13 2017
-# Generated by iptables-save v1.6.0 on Thu Jul 20 10:13:13 2017
+# Generated by iptables-save v1.6.0 on Fri Oct 13 16:05:30 2017
*filter
:INPUT DROP [0:0]
:FORWARD DROP [0:0]
-:OUTPUT ACCEPT [120:16499]
+:OUTPUT ACCEPT [89:42172]
+:f2b-dovecot - [0:0]
+:f2b-postfix - [0:0]
+:f2b-roundcube - [0:0]
+:f2b-ssh - [0:0]
+:f2b-sshd - [0:0]
+:f2b-sshd-ddos - [0:0]
+:icinga2 - [0:0]
:mysql - [0:0]
:rejects - [0:0]
+-A INPUT -p tcp -m multiport --dports 22 -j f2b-ssh
+-A INPUT -p tcp -m multiport --dports 80,443,25,587,110,995,143,993,4190 -j f2b-postfix
+-A INPUT -p tcp -m multiport --dports 80,443,25,587,110,995,143,993,4190 -j f2b-dovecot
+-A INPUT -p tcp -m multiport --dports 80,443,25,587,110,995,143,993,4190 -j f2b-roundcube
+-A INPUT -p tcp -m multiport --dports 22 -j f2b-sshd-ddos
+-A INPUT -p tcp -m multiport --dports 25,465,587 -j f2b-postfix
+-A INPUT -p tcp -m multiport --dports 22 -j f2b-sshd
-A INPUT -s 220.192.0.0/12 -p tcp -m multiport --dports 80,443,25,587,110,995,143,993,4190 -j REJECT --reject-with icmp-port-unreachable
-A INPUT -s 222.184.0.0/13 -p tcp -m multiport --dports 22 -j REJECT --reject-with icmp-port-unreachable
-A INPUT -s 220.192.0.0/12 -p tcp -m multiport --dports 22 -j REJECT --reject-with icmp-port-unreachable
-A INPUT -p tcp -m tcp --dport 993 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 4190 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 3306 -j mysql
+-A INPUT -p tcp -m tcp --dport 5665 -j icinga2
-A INPUT -j rejects
-A INPUT -j NFLOG --nflog-prefix "INPUT Reject " --nflog-threshold 1
-A INPUT -j REJECT --reject-with icmp-port-unreachable
+-A f2b-dovecot -j RETURN
+-A f2b-postfix -s 93.107.109.90/32 -j REJECT --reject-with icmp-port-unreachable
+-A f2b-postfix -s 144.76.221.187/32 -j REJECT --reject-with icmp-port-unreachable
+-A f2b-postfix -j RETURN
+-A f2b-postfix -j RETURN
+-A f2b-roundcube -j RETURN
+-A f2b-ssh -s 112.216.20.126/32 -j REJECT --reject-with icmp-port-unreachable
+-A f2b-ssh -s 192.169.231.194/32 -j REJECT --reject-with icmp-port-unreachable
+-A f2b-ssh -s 103.215.24.251/32 -j REJECT --reject-with icmp-port-unreachable
+-A f2b-ssh -s 204.12.217.242/32 -j REJECT --reject-with icmp-port-unreachable
+-A f2b-ssh -s 58.242.83.8/32 -j REJECT --reject-with icmp-port-unreachable
+-A f2b-ssh -s 200.115.134.237/32 -j REJECT --reject-with icmp-port-unreachable
+-A f2b-ssh -s 181.51.187.91/32 -j REJECT --reject-with icmp-port-unreachable
+-A f2b-ssh -s 77.72.85.100/32 -j REJECT --reject-with icmp-port-unreachable
+-A f2b-ssh -s 142.54.101.146/32 -j REJECT --reject-with icmp-port-unreachable
+-A f2b-ssh -s 202.29.39.242/32 -j REJECT --reject-with icmp-port-unreachable
+-A f2b-ssh -s 208.184.100.106/32 -j REJECT --reject-with icmp-port-unreachable
+-A f2b-ssh -s 41.208.150.114/32 -j REJECT --reject-with icmp-port-unreachable
+-A f2b-ssh -s 190.110.90.34/32 -j REJECT --reject-with icmp-port-unreachable
+-A f2b-ssh -s 192.210.192.172/32 -j REJECT --reject-with icmp-port-unreachable
+-A f2b-ssh -s 190.95.162.186/32 -j REJECT --reject-with icmp-port-unreachable
+-A f2b-ssh -s 45.4.148.12/32 -j REJECT --reject-with icmp-port-unreachable
+-A f2b-ssh -s 61.147.125.175/32 -j REJECT --reject-with icmp-port-unreachable
+-A f2b-ssh -s 117.239.246.55/32 -j REJECT --reject-with icmp-port-unreachable
+-A f2b-ssh -s 175.207.13.114/32 -j REJECT --reject-with icmp-port-unreachable
+-A f2b-ssh -s 201.149.99.162/32 -j REJECT --reject-with icmp-port-unreachable
+-A f2b-ssh -s 187.216.113.99/32 -j REJECT --reject-with icmp-port-unreachable
+-A f2b-ssh -s 190.205.54.150/32 -j REJECT --reject-with icmp-port-unreachable
+-A f2b-ssh -s 82.49.158.38/32 -j REJECT --reject-with icmp-port-unreachable
+-A f2b-ssh -s 121.156.65.122/32 -j REJECT --reject-with icmp-port-unreachable
+-A f2b-ssh -s 118.193.178.203/32 -j REJECT --reject-with icmp-port-unreachable
+-A f2b-ssh -s 75.127.147.2/32 -j REJECT --reject-with icmp-port-unreachable
+-A f2b-ssh -s 220.118.150.190/32 -j REJECT --reject-with icmp-port-unreachable
+-A f2b-ssh -s 122.228.158.54/32 -j REJECT --reject-with icmp-port-unreachable
+-A f2b-ssh -s 187.85.207.19/32 -j REJECT --reject-with icmp-port-unreachable
+-A f2b-ssh -s 201.102.183.87/32 -j REJECT --reject-with icmp-port-unreachable
+-A f2b-ssh -s 118.47.51.57/32 -j REJECT --reject-with icmp-port-unreachable
+-A f2b-ssh -s 117.149.135.245/32 -j REJECT --reject-with icmp-port-unreachable
+-A f2b-ssh -s 182.254.146.248/32 -j REJECT --reject-with icmp-port-unreachable
+-A f2b-ssh -s 178.219.174.77/32 -j REJECT --reject-with icmp-port-unreachable
+-A f2b-ssh -s 96.88.170.121/32 -j REJECT --reject-with icmp-port-unreachable
+-A f2b-ssh -s 114.113.69.226/32 -j REJECT --reject-with icmp-port-unreachable
+-A f2b-ssh -s 68.83.223.19/32 -j REJECT --reject-with icmp-port-unreachable
+-A f2b-ssh -s 118.122.114.217/32 -j REJECT --reject-with icmp-port-unreachable
+-A f2b-ssh -s 59.126.254.98/32 -j REJECT --reject-with icmp-port-unreachable
+-A f2b-ssh -s 200.57.117.119/32 -j REJECT --reject-with icmp-port-unreachable
+-A f2b-ssh -s 118.89.238.120/32 -j REJECT --reject-with icmp-port-unreachable
+-A f2b-ssh -s 110.45.146.187/32 -j REJECT --reject-with icmp-port-unreachable
+-A f2b-ssh -s 183.134.99.50/32 -j REJECT --reject-with icmp-port-unreachable
+-A f2b-ssh -s 201.20.116.124/32 -j REJECT --reject-with icmp-port-unreachable
+-A f2b-ssh -s 115.248.66.139/32 -j REJECT --reject-with icmp-port-unreachable
+-A f2b-ssh -j RETURN
+-A f2b-sshd -s 112.216.20.126/32 -j REJECT --reject-with icmp-port-unreachable
+-A f2b-sshd -s 192.169.231.194/32 -j REJECT --reject-with icmp-port-unreachable
+-A f2b-sshd -s 103.215.24.251/32 -j REJECT --reject-with icmp-port-unreachable
+-A f2b-sshd -s 204.12.217.242/32 -j REJECT --reject-with icmp-port-unreachable
+-A f2b-sshd -s 58.242.83.8/32 -j REJECT --reject-with icmp-port-unreachable
+-A f2b-sshd -s 113.195.145.79/32 -j REJECT --reject-with icmp-port-unreachable
+-A f2b-sshd -s 200.115.134.237/32 -j REJECT --reject-with icmp-port-unreachable
+-A f2b-sshd -s 181.51.187.91/32 -j REJECT --reject-with icmp-port-unreachable
+-A f2b-sshd -s 77.72.85.100/32 -j REJECT --reject-with icmp-port-unreachable
+-A f2b-sshd -s 142.54.101.146/32 -j REJECT --reject-with icmp-port-unreachable
+-A f2b-sshd -s 202.29.39.242/32 -j REJECT --reject-with icmp-port-unreachable
+-A f2b-sshd -s 208.184.100.106/32 -j REJECT --reject-with icmp-port-unreachable
+-A f2b-sshd -s 41.208.150.114/32 -j REJECT --reject-with icmp-port-unreachable
+-A f2b-sshd -s 190.110.90.34/32 -j REJECT --reject-with icmp-port-unreachable
+-A f2b-sshd -s 192.210.192.172/32 -j REJECT --reject-with icmp-port-unreachable
+-A f2b-sshd -s 190.95.162.186/32 -j REJECT --reject-with icmp-port-unreachable
+-A f2b-sshd -s 45.4.148.12/32 -j REJECT --reject-with icmp-port-unreachable
+-A f2b-sshd -s 61.147.125.175/32 -j REJECT --reject-with icmp-port-unreachable
+-A f2b-sshd -s 117.239.246.55/32 -j REJECT --reject-with icmp-port-unreachable
+-A f2b-sshd -s 175.207.13.114/32 -j REJECT --reject-with icmp-port-unreachable
+-A f2b-sshd -s 201.149.99.162/32 -j REJECT --reject-with icmp-port-unreachable
+-A f2b-sshd -s 187.216.113.99/32 -j REJECT --reject-with icmp-port-unreachable
+-A f2b-sshd -s 190.205.54.150/32 -j REJECT --reject-with icmp-port-unreachable
+-A f2b-sshd -s 82.49.158.38/32 -j REJECT --reject-with icmp-port-unreachable
+-A f2b-sshd -s 121.156.65.122/32 -j REJECT --reject-with icmp-port-unreachable
+-A f2b-sshd -s 118.193.178.203/32 -j REJECT --reject-with icmp-port-unreachable
+-A f2b-sshd -s 75.127.147.2/32 -j REJECT --reject-with icmp-port-unreachable
+-A f2b-sshd -s 220.118.150.190/32 -j REJECT --reject-with icmp-port-unreachable
+-A f2b-sshd -s 122.228.158.54/32 -j REJECT --reject-with icmp-port-unreachable
+-A f2b-sshd -s 58.242.83.25/32 -j REJECT --reject-with icmp-port-unreachable
+-A f2b-sshd -s 187.85.207.19/32 -j REJECT --reject-with icmp-port-unreachable
+-A f2b-sshd -s 201.102.183.87/32 -j REJECT --reject-with icmp-port-unreachable
+-A f2b-sshd -s 118.47.51.57/32 -j REJECT --reject-with icmp-port-unreachable
+-A f2b-sshd -s 117.149.135.245/32 -j REJECT --reject-with icmp-port-unreachable
+-A f2b-sshd -s 182.254.146.248/32 -j REJECT --reject-with icmp-port-unreachable
+-A f2b-sshd -s 178.219.174.77/32 -j REJECT --reject-with icmp-port-unreachable
+-A f2b-sshd -s 96.88.170.121/32 -j REJECT --reject-with icmp-port-unreachable
+-A f2b-sshd -s 114.113.69.226/32 -j REJECT --reject-with icmp-port-unreachable
+-A f2b-sshd -s 68.83.223.19/32 -j REJECT --reject-with icmp-port-unreachable
+-A f2b-sshd -s 118.122.114.217/32 -j REJECT --reject-with icmp-port-unreachable
+-A f2b-sshd -s 59.126.254.98/32 -j REJECT --reject-with icmp-port-unreachable
+-A f2b-sshd -s 200.57.117.119/32 -j REJECT --reject-with icmp-port-unreachable
+-A f2b-sshd -s 118.89.238.120/32 -j REJECT --reject-with icmp-port-unreachable
+-A f2b-sshd -s 110.45.146.187/32 -j REJECT --reject-with icmp-port-unreachable
+-A f2b-sshd -s 183.134.99.50/32 -j REJECT --reject-with icmp-port-unreachable
+-A f2b-sshd -s 201.20.116.124/32 -j REJECT --reject-with icmp-port-unreachable
+-A f2b-sshd -s 115.248.66.139/32 -j REJECT --reject-with icmp-port-unreachable
+-A f2b-sshd -j RETURN
+-A f2b-sshd-ddos -j RETURN
+-A icinga2 -s 185.102.95.107/32 -j ACCEPT
+-A icinga2 -s 162.254.24.33/32 -j ACCEPT
+-A icinga2 -s 185.48.118.128/32 -j ACCEPT
+-A icinga2 -s 185.48.118.130/32 -j ACCEPT
+-A icinga2 -j REJECT --reject-with icmp-port-unreachable
-A mysql -s 127.0.0.1/32 -j ACCEPT
-A mysql -s 185.48.118.130/32 -j ACCEPT
-A mysql -s 10.12.20.5/32 -j ACCEPT
-A rejects -p tcp -m tcp --dport 5060 -j REJECT --reject-with icmp-port-unreachable
-A rejects -p tcp -m tcp --dport 8080 -j REJECT --reject-with icmp-port-unreachable
COMMIT
-# Completed on Thu Jul 20 10:13:13 2017
+# Completed on Fri Oct 13 16:05:30 2017
+# Generated by iptables-save v1.6.0 on Fri Oct 13 16:05:30 2017
+*nat
+:PREROUTING ACCEPT [22475:1674801]
+:INPUT ACCEPT [8440:806301]
+:OUTPUT ACCEPT [41015:3061282]
+:POSTROUTING ACCEPT [41015:3061282]
+COMMIT
+# Completed on Fri Oct 13 16:05:30 2017
-# Generated by ip6tables-save v1.6.0 on Thu Jul 20 10:13:13 2017
+# Generated by ip6tables-save v1.6.0 on Fri Oct 13 16:05:30 2017
*filter
:INPUT DROP [0:0]
:FORWARD ACCEPT [0:0]
-:OUTPUT ACCEPT [67:4588]
+:OUTPUT ACCEPT [126:8052]
:mysql - [0:0]
-A INPUT -m conntrack --ctstate ESTABLISHED -j ACCEPT
-A INPUT -m conntrack --ctstate RELATED -j ACCEPT
-A mysql -j NFLOG --nflog-prefix "IPv6 MySQL Reject " --nflog-threshold 1
-A mysql -j REJECT --reject-with icmp6-port-unreachable
COMMIT
-# Completed on Thu Jul 20 10:13:13 2017
+# Completed on Fri Oct 13 16:05:30 2017
|____/ \__,_|_| \__,_|_| |_|
-Der Bildschirm ist das Präservativ der Realität.
- -- Werner Schneyder
+An einem Verrückten erschrickt uns am meisten die vernünftige Art, auf
+die er sich unterhält.
+ -- Anatole France
Today is Sweetmorn, the 67th day of Bureaucracy in the YOLD 3183
projects / config / sarah / etc.git / commitdiff