From: root Date: Mon, 27 Jun 2016 07:10:01 +0000 (+0200) Subject: saving uncommitted changes in /etc prior to emerge run X-Git-Url: https://git.uhu-banane.org/?a=commitdiff_plain;h=0b069fca1f0b6ec39417d9678af652286095418f;p=config%2Fhelga%2Fetc.git saving uncommitted changes in /etc prior to emerge run --- diff --git a/.etckeeper b/.etckeeper index cb5bcf6..1ef269b 100755 --- a/.etckeeper +++ b/.etckeeper @@ -697,6 +697,7 @@ maybe chmod 0755 'config-archive/etc/init.d/sysfs,v' maybe chmod 0755 'config-archive/etc/init.d/ulogd,v' maybe chmod 0644 'config-archive/etc/inittab' maybe chmod 0644 'config-archive/etc/inittab,v' +maybe chmod 0644 'config-archive/etc/inittab.1' maybe chmod 0644 'config-archive/etc/inittab.dist' maybe chmod 0644 'config-archive/etc/inputrc,v' maybe chmod 0644 'config-archive/etc/krb5.conf.example,v' @@ -1024,6 +1025,7 @@ maybe chmod 0640 'config-archive/etc/ulogd.conf' maybe chmod 0644 'config-archive/etc/ulogd.conf,v' maybe chmod 0640 'config-archive/etc/ulogd.conf.1' maybe chmod 0640 'config-archive/etc/ulogd.conf.2' +maybe chmod 0640 'config-archive/etc/ulogd.conf.3' maybe chmod 0640 'config-archive/etc/ulogd.conf.dist' maybe chmod 0644 'config-archive/etc/updatedb.conf,v' maybe chmod 0755 'config-archive/usr' diff --git a/config-archive/etc/inittab b/config-archive/etc/inittab index 3d50dac..a6f1a04 100644 --- a/config-archive/etc/inittab +++ b/config-archive/etc/inittab @@ -9,7 +9,7 @@ # Modified by: Mike Frysinger, # Modified by: Robin H. Johnson, # -# $Header: /var/cvsroot/gentoo-x86/sys-apps/sysvinit/files/inittab-2.87,v 1.1 2010/01/08 16:55:07 williamh Exp $ +# $Header: /var/cvsroot/gentoo-x86/sys-apps/sysvinit/files/inittab-2.87,v 1.2 2013/04/20 03:51:26 vapier Exp $ # Default runlevel. id:3:initdefault: @@ -44,8 +44,8 @@ c5:2345:respawn:/sbin/agetty 38400 tty5 linux c6:2345:respawn:/sbin/agetty 38400 tty6 linux # SERIAL CONSOLES -#s0:12345:respawn:/sbin/agetty 115200 ttyS0 vt100 -#s1:12345:respawn:/sbin/agetty 115200 ttyS1 vt100 +#s0:12345:respawn:/sbin/agetty -L 115200 ttyS0 vt100 +#s1:12345:respawn:/sbin/agetty -L 115200 ttyS1 vt100 s0:12345:respawn:/sbin/agetty -L ttyS0 57600 vt100 # What to do at the "Three Finger Salute". @@ -57,4 +57,3 @@ ca:12345:ctrlaltdel:/sbin/shutdown -r now # extra at boot if /etc/init.d/xdm is not added # to the "default" runlevel. x:a:once:/etc/X11/startDM.sh - diff --git a/config-archive/etc/inittab.1 b/config-archive/etc/inittab.1 new file mode 100644 index 0000000..3d50dac --- /dev/null +++ b/config-archive/etc/inittab.1 @@ -0,0 +1,60 @@ +# +# /etc/inittab: This file describes how the INIT process should set up +# the system in a certain run-level. +# +# Author: Miquel van Smoorenburg, +# Modified by: Patrick J. Volkerding, +# Modified by: Daniel Robbins, +# Modified by: Martin Schlemmer, +# Modified by: Mike Frysinger, +# Modified by: Robin H. Johnson, +# +# $Header: /var/cvsroot/gentoo-x86/sys-apps/sysvinit/files/inittab-2.87,v 1.1 2010/01/08 16:55:07 williamh Exp $ + +# Default runlevel. +id:3:initdefault: + +# System initialization, mount local filesystems, etc. +si::sysinit:/sbin/rc sysinit + +# Further system initialization, brings up the boot runlevel. +rc::bootwait:/sbin/rc boot + +l0:0:wait:/sbin/rc shutdown +l0s:0:wait:/sbin/halt -dhp +l1:1:wait:/sbin/rc single +l2:2:wait:/sbin/rc nonetwork +l3:3:wait:/sbin/rc default +l4:4:wait:/sbin/rc default +l5:5:wait:/sbin/rc default +l6:6:wait:/sbin/rc reboot +l6r:6:wait:/sbin/reboot -dk +#z6:6:respawn:/sbin/sulogin + +# new-style single-user +su0:S:wait:/sbin/rc single +su1:S:wait:/sbin/sulogin + +# TERMINALS +c1:12345:respawn:/sbin/agetty --noclear 38400 tty1 linux +c2:2345:respawn:/sbin/agetty 38400 tty2 linux +c3:2345:respawn:/sbin/agetty 38400 tty3 linux +c4:2345:respawn:/sbin/agetty 38400 tty4 linux +c5:2345:respawn:/sbin/agetty 38400 tty5 linux +c6:2345:respawn:/sbin/agetty 38400 tty6 linux + +# SERIAL CONSOLES +#s0:12345:respawn:/sbin/agetty 115200 ttyS0 vt100 +#s1:12345:respawn:/sbin/agetty 115200 ttyS1 vt100 +s0:12345:respawn:/sbin/agetty -L ttyS0 57600 vt100 + +# What to do at the "Three Finger Salute". +ca:12345:ctrlaltdel:/sbin/shutdown -r now + +# Used by /etc/init.d/xdm to control DM startup. +# Read the comments in /etc/init.d/xdm for more +# info. Do NOT remove, as this will start nothing +# extra at boot if /etc/init.d/xdm is not added +# to the "default" runlevel. +x:a:once:/etc/X11/startDM.sh + diff --git a/config-archive/etc/inittab.dist b/config-archive/etc/inittab.dist index aa588b6..689bbc4 100644 --- a/config-archive/etc/inittab.dist +++ b/config-archive/etc/inittab.dist @@ -8,34 +8,36 @@ # Modified by: Martin Schlemmer, # Modified by: Mike Frysinger, # Modified by: Robin H. Johnson, +# Modified by: William Hubbs, # -# $Header: /var/cvsroot/gentoo-x86/sys-apps/sysvinit/files/inittab-2.87,v 1.2 2013/04/20 03:51:26 vapier Exp $ +# $Id$ # Default runlevel. id:3:initdefault: # System initialization, mount local filesystems, etc. -si::sysinit:/sbin/rc sysinit +si::sysinit:/sbin/openrc sysinit # Further system initialization, brings up the boot runlevel. -rc::bootwait:/sbin/rc boot - -l0:0:wait:/sbin/rc shutdown -l0s:0:wait:/sbin/halt -dhp -l1:1:wait:/sbin/rc single -l2:2:wait:/sbin/rc nonetwork -l3:3:wait:/sbin/rc default -l4:4:wait:/sbin/rc default -l5:5:wait:/sbin/rc default -l6:6:wait:/sbin/rc reboot -l6r:6:wait:/sbin/reboot -dk +rc::bootwait:/sbin/openrc boot + +l0:0:wait:/sbin/openrc shutdown +l0s:0:wait:/sbin/halt -dhnp +l1:1:wait:/sbin/openrc single +l2:2:wait:/sbin/openrc nonetwork +l3:3:wait:/sbin/openrc default +l4:4:wait:/sbin/openrc default +l5:5:wait:/sbin/openrc default +l6:6:wait:/sbin/openrc reboot +l6r:6:wait:/sbin/reboot -dkn #z6:6:respawn:/sbin/sulogin # new-style single-user -su0:S:wait:/sbin/rc single +su0:S:wait:/sbin/openrc single su1:S:wait:/sbin/sulogin # TERMINALS +#x1:12345:respawn:/sbin/agetty 38400 console linux c1:12345:respawn:/sbin/agetty 38400 tty1 linux c2:2345:respawn:/sbin/agetty 38400 tty2 linux c3:2345:respawn:/sbin/agetty 38400 tty3 linux diff --git a/config-archive/etc/postfix/main.cf b/config-archive/etc/postfix/main.cf index e551205..6b136f4 100644 --- a/config-archive/etc/postfix/main.cf +++ b/config-archive/etc/postfix/main.cf @@ -662,7 +662,7 @@ setgid_group = postdrop # html_directory: The location of the Postfix HTML documentation. # -html_directory = /usr/share/doc/postfix-3.0.2/html +html_directory = /usr/share/doc/postfix-3.0.3-r1/html # manpage_directory: The location of the Postfix on-line manual pages. # @@ -675,8 +675,9 @@ sample_directory = /etc/postfix # readme_directory: The location of the Postfix README files. # -readme_directory = /usr/share/doc/postfix-3.0.2/readme +readme_directory = /usr/share/doc/postfix-3.0.3-r1/readme +#inet_protocols = ipv4 meta_directory = /etc/postfix shlib_directory = /usr/lib64/postfix/${mail_version} home_mailbox = .maildir/ @@ -700,7 +701,7 @@ message_size_limit = 51200000 mydestination = $myhostname, $mydomain, hash:/etc/postfix/maps/mydomains mydomain = brehm-online.com myhostname = helga.brehm-online.com -mynetworks = 127.0.0.0/8 85.214.134.152/32 85.214.109.1/32 [::1]/128 [2a01:238:4225:6e00:8f8c:808a:7fb8:88df]/128 +mynetworks = 127.0.0.0/8 85.214.134.152/32 [::1]/128 [2a01:238:4225:6e00:8f8c:808a:7fb8:88df]/128 138.201.28.135/32 [2a01:4f8:171:3006::2]/128 mynetworks_style = host myorigin = $mydomain #recipient_bcc_maps = mysql:/etc/postfix/mysql-recipient_bcc.cf diff --git a/config-archive/etc/postfix/main.cf.1 b/config-archive/etc/postfix/main.cf.1 index c8dd848..e551205 100644 --- a/config-archive/etc/postfix/main.cf.1 +++ b/config-archive/etc/postfix/main.cf.1 @@ -662,7 +662,7 @@ setgid_group = postdrop # html_directory: The location of the Postfix HTML documentation. # -html_directory = /usr/share/doc/postfix-3.0.1-r1/html +html_directory = /usr/share/doc/postfix-3.0.2/html # manpage_directory: The location of the Postfix on-line manual pages. # @@ -675,7 +675,8 @@ sample_directory = /etc/postfix # readme_directory: The location of the Postfix README files. # -readme_directory = /usr/share/doc/postfix-3.0.1-r1/readme +readme_directory = /usr/share/doc/postfix-3.0.2/readme + meta_directory = /etc/postfix shlib_directory = /usr/lib64/postfix/${mail_version} home_mailbox = .maildir/ diff --git a/config-archive/etc/postfix/main.cf.2 b/config-archive/etc/postfix/main.cf.2 index 2a7bdde..c8dd848 100644 --- a/config-archive/etc/postfix/main.cf.2 +++ b/config-archive/etc/postfix/main.cf.2 @@ -662,7 +662,7 @@ setgid_group = postdrop # html_directory: The location of the Postfix HTML documentation. # -html_directory = /usr/share/doc/postfix-3.0.0/html +html_directory = /usr/share/doc/postfix-3.0.1-r1/html # manpage_directory: The location of the Postfix on-line manual pages. # @@ -675,7 +675,7 @@ sample_directory = /etc/postfix # readme_directory: The location of the Postfix README files. # -readme_directory = /usr/share/doc/postfix-3.0.0/readme +readme_directory = /usr/share/doc/postfix-3.0.1-r1/readme meta_directory = /etc/postfix shlib_directory = /usr/lib64/postfix/${mail_version} home_mailbox = .maildir/ diff --git a/config-archive/etc/postfix/main.cf.3 b/config-archive/etc/postfix/main.cf.3 index a5d06c4..2a7bdde 100644 --- a/config-archive/etc/postfix/main.cf.3 +++ b/config-archive/etc/postfix/main.cf.3 @@ -12,6 +12,26 @@ # For best results, change no more than 2-3 parameters at a time, # and test if Postfix still works after every change. +# COMPATIBILITY +# +# The compatibility_level determines what default settings Postfix +# will use for main.cf and master.cf settings. These defaults will +# change over time. +# +# To avoid breaking things, Postfix will use backwards-compatible +# default settings and log where it uses those old backwards-compatible +# default settings, until the system administrator has determined +# if any backwards-compatible default settings need to be made +# permanent in main.cf or master.cf. +# +# When this review is complete, update the compatibility_level setting +# below as recommended in the RELEASE_NOTES file. +# +# The level below is what should be used with new (not upgrade) installs. +# +#compatibility_level = 2 +compatibility_level = 2 + # SOFT BOUNCE # # The soft_bounce parameter provides a limited safety net for @@ -642,7 +662,7 @@ setgid_group = postdrop # html_directory: The location of the Postfix HTML documentation. # -html_directory = /usr/share/doc/postfix-2.11.3/html +html_directory = /usr/share/doc/postfix-3.0.0/html # manpage_directory: The location of the Postfix on-line manual pages. # @@ -655,7 +675,9 @@ sample_directory = /etc/postfix # readme_directory: The location of the Postfix README files. # -readme_directory = /usr/share/doc/postfix-2.11.3/readme +readme_directory = /usr/share/doc/postfix-3.0.0/readme +meta_directory = /etc/postfix +shlib_directory = /usr/lib64/postfix/${mail_version} home_mailbox = .maildir/ #alias_maps = mysql:/etc/postfix/mysql-aliases.cf alias_maps = hash:/etc/postfix/maps/aliases @@ -739,3 +761,6 @@ virtual_mailbox_limit = 512000000 #virtual_mailbox_maps = mysql:/etc/postfix/mysql-virtual-maps.cf virtual_mailbox_maps = hash:/etc/postfix/maps/virtual_mailbox_maps virtual_uid_maps = static:1023 +append_dot_mydomain = yes +# smtputf8_enable = yes +smtputf8_enable = no diff --git a/config-archive/etc/postfix/main.cf.4 b/config-archive/etc/postfix/main.cf.4 index 9408611..a5d06c4 100644 --- a/config-archive/etc/postfix/main.cf.4 +++ b/config-archive/etc/postfix/main.cf.4 @@ -7,7 +7,7 @@ # For common configuration examples, see BASIC_CONFIGURATION_README # and STANDARD_CONFIGURATION_README. To find these documents, use # the command "postconf html_directory readme_directory", or go to -# http://www.postfix.org/. +# http://www.postfix.org/BASIC_CONFIGURATION_README.html etc. # # For best results, change no more than 2-3 parameters at a time, # and test if Postfix still works after every change. @@ -642,7 +642,7 @@ setgid_group = postdrop # html_directory: The location of the Postfix HTML documentation. # -html_directory = /usr/share/doc/postfix-2.10.3/html +html_directory = /usr/share/doc/postfix-2.11.3/html # manpage_directory: The location of the Postfix on-line manual pages. # @@ -655,7 +655,7 @@ sample_directory = /etc/postfix # readme_directory: The location of the Postfix README files. # -readme_directory = /usr/share/doc/postfix-2.10.3/readme +readme_directory = /usr/share/doc/postfix-2.11.3/readme home_mailbox = .maildir/ #alias_maps = mysql:/etc/postfix/mysql-aliases.cf alias_maps = hash:/etc/postfix/maps/aliases diff --git a/config-archive/etc/postfix/main.cf.5 b/config-archive/etc/postfix/main.cf.5 index 67ed344..9408611 100644 --- a/config-archive/etc/postfix/main.cf.5 +++ b/config-archive/etc/postfix/main.cf.5 @@ -642,7 +642,7 @@ setgid_group = postdrop # html_directory: The location of the Postfix HTML documentation. # -html_directory = /usr/share/doc/postfix-2.10.2/html +html_directory = /usr/share/doc/postfix-2.10.3/html # manpage_directory: The location of the Postfix on-line manual pages. # @@ -655,7 +655,7 @@ sample_directory = /etc/postfix # readme_directory: The location of the Postfix README files. # -readme_directory = /usr/share/doc/postfix-2.10.2/readme +readme_directory = /usr/share/doc/postfix-2.10.3/readme home_mailbox = .maildir/ #alias_maps = mysql:/etc/postfix/mysql-aliases.cf alias_maps = hash:/etc/postfix/maps/aliases diff --git a/config-archive/etc/postfix/main.cf.6 b/config-archive/etc/postfix/main.cf.6 index 508be66..67ed344 100644 --- a/config-archive/etc/postfix/main.cf.6 +++ b/config-archive/etc/postfix/main.cf.6 @@ -642,7 +642,7 @@ setgid_group = postdrop # html_directory: The location of the Postfix HTML documentation. # -html_directory = /usr/share/doc/postfix-2.10.1/html +html_directory = /usr/share/doc/postfix-2.10.2/html # manpage_directory: The location of the Postfix on-line manual pages. # @@ -655,7 +655,7 @@ sample_directory = /etc/postfix # readme_directory: The location of the Postfix README files. # -readme_directory = /usr/share/doc/postfix-2.10.1/readme +readme_directory = /usr/share/doc/postfix-2.10.2/readme home_mailbox = .maildir/ #alias_maps = mysql:/etc/postfix/mysql-aliases.cf alias_maps = hash:/etc/postfix/maps/aliases diff --git a/config-archive/etc/postfix/main.cf.7 b/config-archive/etc/postfix/main.cf.7 index f1639d8..508be66 100644 --- a/config-archive/etc/postfix/main.cf.7 +++ b/config-archive/etc/postfix/main.cf.7 @@ -642,7 +642,7 @@ setgid_group = postdrop # html_directory: The location of the Postfix HTML documentation. # -html_directory = /usr/share/doc/postfix-2.10.0/html +html_directory = /usr/share/doc/postfix-2.10.1/html # manpage_directory: The location of the Postfix on-line manual pages. # @@ -655,7 +655,7 @@ sample_directory = /etc/postfix # readme_directory: The location of the Postfix README files. # -readme_directory = /usr/share/doc/postfix-2.10.0/readme +readme_directory = /usr/share/doc/postfix-2.10.1/readme home_mailbox = .maildir/ #alias_maps = mysql:/etc/postfix/mysql-aliases.cf alias_maps = hash:/etc/postfix/maps/aliases diff --git a/config-archive/etc/postfix/main.cf.8 b/config-archive/etc/postfix/main.cf.8 index 0befb51..f1639d8 100644 --- a/config-archive/etc/postfix/main.cf.8 +++ b/config-archive/etc/postfix/main.cf.8 @@ -642,7 +642,7 @@ setgid_group = postdrop # html_directory: The location of the Postfix HTML documentation. # -html_directory = /usr/share/doc/postfix-2.9.5/html +html_directory = /usr/share/doc/postfix-2.10.0/html # manpage_directory: The location of the Postfix on-line manual pages. # @@ -655,7 +655,7 @@ sample_directory = /etc/postfix # readme_directory: The location of the Postfix README files. # -readme_directory = /usr/share/doc/postfix-2.9.5/readme +readme_directory = /usr/share/doc/postfix-2.10.0/readme home_mailbox = .maildir/ #alias_maps = mysql:/etc/postfix/mysql-aliases.cf alias_maps = hash:/etc/postfix/maps/aliases diff --git a/config-archive/etc/postfix/main.cf.9 b/config-archive/etc/postfix/main.cf.9 index e911f61..0befb51 100644 --- a/config-archive/etc/postfix/main.cf.9 +++ b/config-archive/etc/postfix/main.cf.9 @@ -642,7 +642,7 @@ setgid_group = postdrop # html_directory: The location of the Postfix HTML documentation. # -html_directory = /usr/share/doc/postfix-2.9.4/html +html_directory = /usr/share/doc/postfix-2.9.5/html # manpage_directory: The location of the Postfix on-line manual pages. # @@ -655,7 +655,7 @@ sample_directory = /etc/postfix # readme_directory: The location of the Postfix README files. # -readme_directory = /usr/share/doc/postfix-2.9.4/readme +readme_directory = /usr/share/doc/postfix-2.9.5/readme home_mailbox = .maildir/ #alias_maps = mysql:/etc/postfix/mysql-aliases.cf alias_maps = hash:/etc/postfix/maps/aliases diff --git a/config-archive/etc/postfix/main.cf.dist b/config-archive/etc/postfix/main.cf.dist index fc1a881..6576169 100644 --- a/config-archive/etc/postfix/main.cf.dist +++ b/config-archive/etc/postfix/main.cf.dist @@ -153,8 +153,8 @@ mail_owner = postfix # compatible delivery agent that lookups all recipients in /etc/passwd # and /etc/aliases or their equivalent. # -# The default is $myhostname + localhost.$mydomain. On a mail domain -# gateway, you should also include $mydomain. +# The default is $myhostname + localhost.$mydomain + localhost. On +# a mail domain gateway, you should also include $mydomain. # # Do not specify the names of virtual domains - those domains are # specified elsewhere (see VIRTUAL_README). @@ -659,7 +659,7 @@ setgid_group = postdrop # html_directory: The location of the Postfix HTML documentation. # -html_directory = /usr/share/doc/postfix-3.0.3-r1/html +html_directory = /usr/share/doc/postfix-3.1.0/html # manpage_directory: The location of the Postfix on-line manual pages. # @@ -672,7 +672,7 @@ sample_directory = /etc/postfix # readme_directory: The location of the Postfix README files. # -readme_directory = /usr/share/doc/postfix-3.0.3-r1/readme +readme_directory = /usr/share/doc/postfix-3.1.0/readme inet_protocols = ipv4 meta_directory = /etc/postfix shlib_directory = /usr/lib64/postfix/${mail_version} diff --git a/config-archive/etc/ulogd.conf b/config-archive/etc/ulogd.conf index 86c2d67..642b6e1 100644 --- a/config-archive/etc/ulogd.conf +++ b/config-archive/etc/ulogd.conf @@ -49,6 +49,7 @@ plugin="/usr/lib64/ulogd/ulogd_output_GPRINT.so" plugin="/usr/lib64/ulogd/ulogd_raw2packet_BASE.so" plugin="/usr/lib64/ulogd/ulogd_inpflow_NFACCT.so" plugin="/usr/lib64/ulogd/ulogd_output_GRAPHITE.so" +#plugin="/usr/lib64/ulogd/ulogd_output_JSON.so" # this is a stack for logging packet send by system via LOGEMU stack=log1:NFLOG,base1:BASE,ifi1:IFINDEX,ip2str1:IP2STR,print1:PRINTPKT,emu1:LOGEMU @@ -92,6 +93,9 @@ stack=ulog1:ULOG,base1:BASE,ip2str1:IP2STR,print1:PRINTPKT,emu1:LOGEMU # this is a stack for logging packet to PGsql after a collect via NFLOG #stack=log2:NFLOG,base1:BASE,ifi1:IFINDEX,ip2str1:IP2STR,mac2str1:HWHDR,pgsql1:PGSQL +# this is a stack for logging packet to JSON formatted file after a collect via NFLOG +#stack=log2:NFLOG,base1:BASE,ifi1:IFINDEX,ip2str1:IP2STR,mac2str1:HWHDR,json1:JSON + # this is a stack for logging packets to syslog after a collect via NFLOG #stack=log3:NFLOG,base1:BASE,ifi1:IFINDEX,ip2str1:IP2STR,print1:PRINTPKT,sys1:SYSLOG @@ -195,6 +199,17 @@ timestamp=1 directory="/var/log/ulogd/" sync=1 +[json1] +sync=1 +#file="/var/log/ulogd/ulogd.json" +#timestamp=0 +# device name to be used in JSON message +#device="My awesome Netfilter firewall" +# If boolean_label is set to 1 then the numeric_label put on packet +# by the input plugin is coding the action on packet: if 0, then +# packet has been blocked and if non null it has been accepted. +#boolean_label=1 + [pcap1] #default file is /var/log/ulogd/ulogd.pcap #file="/var/log/ulogd/ulogd.pcap" diff --git a/config-archive/etc/ulogd.conf.1 b/config-archive/etc/ulogd.conf.1 index 599d49b..86c2d67 100644 --- a/config-archive/etc/ulogd.conf.1 +++ b/config-archive/etc/ulogd.conf.1 @@ -1,5 +1,4 @@ # Example configuration for ulogd -# $Id: ulogd.conf,v 1.3 2010/10/12 07:51:44 root Exp $ # Adapted to Debian by Achilleas Kotsis [global] @@ -198,7 +197,7 @@ sync=1 [pcap1] #default file is /var/log/ulogd/ulogd.pcap -#file=/var/log/ulogd/ulogd.pcap +#file="/var/log/ulogd/ulogd.pcap" sync=1 [mysql1] @@ -208,6 +207,13 @@ user="nupik" table="ulog" pass="changeme" procedure="INSERT_PACKET_FULL" +# backlog configuration: +# set backlog_memcap to the size of memory that will be +# allocated to store events in memory if data is temporary down +# and insert them when the database came back. +#backlog_memcap=1000000 +# number of events to insert at once when backlog is not empty +#backlog_oneshot_requests=10 [mysql2] db="nulog" @@ -225,6 +231,18 @@ table="ulog" #schema="public" pass="changeme" procedure="INSERT_PACKET_FULL" +# connstring can be used to define PostgreSQL connection string which +# contains all parameters of the connection. If set, this value has +# precedence on other variables used to build the connection string. +# See http://www.postgresql.org/docs/9.2/static/libpq-connect.html#LIBPQ-CONNSTRING +# for a complete description of options. +#connstring="host=localhost port=4321 dbname=nulog user=nupik password=changeme" +#backlog_memcap=1000000 +#backlog_oneshot_requests=10 +# If superior to 1 a thread dedicated to SQL request execution +# is created. The value stores the number of SQL request to keep +# in the ring buffer +#ring_buffer_size=1000 [pgsql2] db="nulog" @@ -277,6 +295,7 @@ facility=LOG_LOCAL2 [nacct1] sync = 1 +#file = /var/log/ulogd/ulogd_nacct.log [mark1] mark = 1 diff --git a/config-archive/etc/ulogd.conf.2 b/config-archive/etc/ulogd.conf.2 index ae01bd2..599d49b 100644 --- a/config-archive/etc/ulogd.conf.2 +++ b/config-archive/etc/ulogd.conf.2 @@ -11,7 +11,7 @@ # logfile for status messages logfile="/var/log/ulogd/daemon.log" -# loglevel: debug(1), info(3), notice(5), error(7) or fatal(8) +# loglevel: debug(1), info(3), notice(5), error(7) or fatal(8) (default 5) loglevel=3 ###################################################################### @@ -27,24 +27,29 @@ loglevel=3 plugin="/usr/lib64/ulogd/ulogd_inppkt_NFLOG.so" plugin="/usr/lib64/ulogd/ulogd_inppkt_ULOG.so" +#plugin="/usr/lib64/ulogd/ulogd_inppkt_UNIXSOCK.so" plugin="/usr/lib64/ulogd/ulogd_inpflow_NFCT.so" plugin="/usr/lib64/ulogd/ulogd_filter_IFINDEX.so" plugin="/usr/lib64/ulogd/ulogd_filter_IP2STR.so" plugin="/usr/lib64/ulogd/ulogd_filter_IP2BIN.so" +#plugin="/usr/lib64/ulogd/ulogd_filter_IP2HBIN.so" plugin="/usr/lib64/ulogd/ulogd_filter_PRINTPKT.so" plugin="/usr/lib64/ulogd/ulogd_filter_HWHDR.so" plugin="/usr/lib64/ulogd/ulogd_filter_PRINTFLOW.so" #plugin="/usr/lib64/ulogd/ulogd_filter_MARK.so" plugin="/usr/lib64/ulogd/ulogd_output_LOGEMU.so" -#plugin="/usr/lib64/ulogd/ulogd_output_SYSLOG.so" -#plugin="/usr/lib64/ulogd/ulogd_output_XML.so" -#plugin="/usr/lib64/ulogd/ulogd_output_OPRINT.so" +plugin="/usr/lib64/ulogd/ulogd_output_SYSLOG.so" +plugin="/usr/lib64/ulogd/ulogd_output_XML.so" +#plugin="/usr/lib64/ulogd/ulogd_output_SQLITE3.so" +plugin="/usr/lib64/ulogd/ulogd_output_GPRINT.so" #plugin="/usr/lib64/ulogd/ulogd_output_NACCT.so" #plugin="/usr/lib64/ulogd/ulogd_output_PCAP.so" #plugin="/usr/lib64/ulogd/ulogd_output_PGSQL.so" #plugin="/usr/lib64/ulogd/ulogd_output_MYSQL.so" #plugin="/usr/lib64/ulogd/ulogd_output_DBI.so" plugin="/usr/lib64/ulogd/ulogd_raw2packet_BASE.so" +plugin="/usr/lib64/ulogd/ulogd_inpflow_NFACCT.so" +plugin="/usr/lib64/ulogd/ulogd_output_GRAPHITE.so" # this is a stack for logging packet send by system via LOGEMU stack=log1:NFLOG,base1:BASE,ifi1:IFINDEX,ip2str1:IP2STR,print1:PRINTPKT,emu1:LOGEMU @@ -58,11 +63,14 @@ stack=ulog1:ULOG,base1:BASE,ip2str1:IP2STR,print1:PRINTPKT,emu1:LOGEMU # this is a stack for packet-based logging via LOGEMU with filtering on MARK #stack=log2:NFLOG,mark1:MARK,base1:BASE,ifi1:IFINDEX,ip2str1:IP2STR,print1:PRINTPKT,emu1:LOGEMU +# this is a stack for packet-based logging via GPRINT +#stack=log1:NFLOG,gp1:GPRINT + # this is a stack for flow-based logging via LOGEMU #stack=ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,emu1:LOGEMU -# this is a stack for flow-based logging via OPRINT -#stack=ct1:NFCT,op1:OPRINT +# this is a stack for flow-based logging via GPRINT +#stack=ct1:NFCT,gp1:GPRINT # this is a stack for flow-based logging via XML #stack=ct1:NFCT,xml1:XML @@ -70,6 +78,12 @@ stack=ulog1:ULOG,base1:BASE,ip2str1:IP2STR,print1:PRINTPKT,emu1:LOGEMU # this is a stack for logging in XML #stack=log1:NFLOG,xml1:XML +# this is a stack for accounting-based logging via XML +#stack=acct1:NFACCT,xml1:XML + +# this is a stack for accounting-based logging to a Graphite server +#stack=acct1:NFACCT,graphite1:GRAPHITE + # this is a stack for NFLOG packet-based logging to PCAP #stack=log2:NFLOG,base1:BASE,pcap1:PCAP @@ -82,6 +96,9 @@ stack=ulog1:ULOG,base1:BASE,ip2str1:IP2STR,print1:PRINTPKT,emu1:LOGEMU # this is a stack for logging packets to syslog after a collect via NFLOG #stack=log3:NFLOG,base1:BASE,ifi1:IFINDEX,ip2str1:IP2STR,print1:PRINTPKT,sys1:SYSLOG +# this is a stack for logging packets to syslog after a collect via NuFW +#stack=nuauth1:UNIXSOCK,base1:BASE,ip2str1:IP2STR,print1:PRINTPKT,sys1:SYSLOG + # this is a stack for flow-based logging to MySQL #stack=ct1:NFCT,ip2bin1:IP2BIN,mysql2:MYSQL @@ -91,19 +108,33 @@ stack=ulog1:ULOG,base1:BASE,ip2str1:IP2STR,print1:PRINTPKT,emu1:LOGEMU # this is a stack for flow-based logging to PGSQL without local hash #stack=ct1:NFCT,ip2str1:IP2STR,pgsql3:PGSQL +# this is a stack for flow-based logging to SQLITE3 +#stack=ct1:NFCT,sqlite3_ct:SQLITE3 + +# this is a stack for logging packet to SQLITE3 +#stack=log1:NFLOG,sqlite3_pkt:SQLITE3 # this is a stack for flow-based logging in NACCT compatible format #stack=ct1:NFCT,ip2str1:IP2STR,nacct1:NACCT +# this is a stack for accounting-based logging via GPRINT +#stack=acct1:NFACCT,gp1:GPRINT + [ct1] #netlink_socket_buffer_size=217088 #netlink_socket_buffer_maxsize=1085440 #netlink_resync_timeout=60 # seconds to wait to perform resynchronization #pollinterval=10 # use poll-based logging instead of event-driven +# If pollinterval is not set, NFCT plugin will work in event mode +# In this case, you can use the following filters on events: +#accept_src_filter=192.168.1.0/24,1:2::/64 # source ip of connection must belong to these networks +#accept_dst_filter=192.168.1.0/24 # destination ip of connection must belong to these networks +#accept_proto_filter=tcp,sctp # layer 4 proto of connections [ct2] #netlink_socket_buffer_size=217088 #netlink_socket_buffer_maxsize=1085440 +#reliable=1 # enable reliable flow-based logging (may drop packets) hash_enable=0 # Logging of system packet through NFLOG @@ -145,20 +176,29 @@ numeric_label=1 # you can label the log info based on the packet verdict nlgroup=1 #numeric_label=0 # optional argument +[nuauth1] +socket_path="/run/nuauth_ulogd2.sock" + [emu1] file="/var/log/ulogd/syslogemu.log" sync=1 [op1] file="/var/log/ulogd/oprint.log" -#file="/var/log/ulogd_oprint.log" sync=1 +[gp1] +file="/var/log/ulogd/gprint.log" +sync=1 +timestamp=1 + [xml1] directory="/var/log/ulogd/" sync=1 [pcap1] +#default file is /var/log/ulogd/ulogd.pcap +#file=/var/log/ulogd/ulogd.pcap sync=1 [mysql1] @@ -173,7 +213,7 @@ procedure="INSERT_PACKET_FULL" db="nulog" host="localhost" user="nupik" -table="ulog" +table="conntrack" pass="changeme" procedure="INSERT_CT" @@ -182,6 +222,7 @@ db="nulog" host="localhost" user="nupik" table="ulog" +#schema="public" pass="changeme" procedure="INSERT_PACKET_FULL" @@ -190,6 +231,7 @@ db="nulog" host="localhost" user="nupik" table="ulog2_ct" +#schema="public" pass="changeme" procedure="INSERT_CT" @@ -198,9 +240,19 @@ db="nulog" host="localhost" user="nupik" table="ulog2_ct" +#schema="public" pass="changeme" procedure="INSERT_OR_REPLACE_CT" +[pgsql4] +db="nulog" +host="localhost" +user="nupik" +table="nfacct" +#schema="public" +pass="changeme" +procedure="INSERT_NFACCT" + [dbi1] db="ulog2" dbtype="pgsql" @@ -210,6 +262,16 @@ table="ulog" pass="ulog2" procedure="INSERT_PACKET_FULL" +[sqlite3_ct] +table="ulog_ct" +db="/var/log/ulogd/ulogd.sqlite3db" +buffer=200 + +[sqlite3_pkt] +table="ulog_pkt" +db="/var/log/ulogd/ulogd.sqlite3db" +buffer=200 + [sys2] facility=LOG_LOCAL2 @@ -218,3 +280,17 @@ sync = 1 [mark1] mark = 1 + +[acct1] +pollinterval = 2 +# If set to 0, we don't reset the counters for each polling (default is 1). +#zerocounter = 0 +# Set timestamp (default is 0, which means not set). This timestamp can be +# interpreted by the output plugin. +#timestamp = 1 + +[graphite1] +host="127.0.0.1" +port="2003" +# Prefix of data name sent to graphite server +prefix="netfilter.nfacct" diff --git a/config-archive/etc/ulogd.conf.3 b/config-archive/etc/ulogd.conf.3 new file mode 100644 index 0000000..ae01bd2 --- /dev/null +++ b/config-archive/etc/ulogd.conf.3 @@ -0,0 +1,220 @@ +# Example configuration for ulogd +# $Id: ulogd.conf,v 1.3 2010/10/12 07:51:44 root Exp $ +# Adapted to Debian by Achilleas Kotsis + +[global] +###################################################################### +# GLOBAL OPTIONS +###################################################################### + + +# logfile for status messages +logfile="/var/log/ulogd/daemon.log" + +# loglevel: debug(1), info(3), notice(5), error(7) or fatal(8) +loglevel=3 + +###################################################################### +# PLUGIN OPTIONS +###################################################################### + +# We have to configure and load all the plugins we want to use + +# general rules: +# 1. load the plugins _first_ from the global section +# 2. options for each plugin in seperate section below + + +plugin="/usr/lib64/ulogd/ulogd_inppkt_NFLOG.so" +plugin="/usr/lib64/ulogd/ulogd_inppkt_ULOG.so" +plugin="/usr/lib64/ulogd/ulogd_inpflow_NFCT.so" +plugin="/usr/lib64/ulogd/ulogd_filter_IFINDEX.so" +plugin="/usr/lib64/ulogd/ulogd_filter_IP2STR.so" +plugin="/usr/lib64/ulogd/ulogd_filter_IP2BIN.so" +plugin="/usr/lib64/ulogd/ulogd_filter_PRINTPKT.so" +plugin="/usr/lib64/ulogd/ulogd_filter_HWHDR.so" +plugin="/usr/lib64/ulogd/ulogd_filter_PRINTFLOW.so" +#plugin="/usr/lib64/ulogd/ulogd_filter_MARK.so" +plugin="/usr/lib64/ulogd/ulogd_output_LOGEMU.so" +#plugin="/usr/lib64/ulogd/ulogd_output_SYSLOG.so" +#plugin="/usr/lib64/ulogd/ulogd_output_XML.so" +#plugin="/usr/lib64/ulogd/ulogd_output_OPRINT.so" +#plugin="/usr/lib64/ulogd/ulogd_output_NACCT.so" +#plugin="/usr/lib64/ulogd/ulogd_output_PCAP.so" +#plugin="/usr/lib64/ulogd/ulogd_output_PGSQL.so" +#plugin="/usr/lib64/ulogd/ulogd_output_MYSQL.so" +#plugin="/usr/lib64/ulogd/ulogd_output_DBI.so" +plugin="/usr/lib64/ulogd/ulogd_raw2packet_BASE.so" + +# this is a stack for logging packet send by system via LOGEMU +stack=log1:NFLOG,base1:BASE,ifi1:IFINDEX,ip2str1:IP2STR,print1:PRINTPKT,emu1:LOGEMU + +# this is a stack for packet-based logging via LOGEMU +stack=log2:NFLOG,base1:BASE,ifi1:IFINDEX,ip2str1:IP2STR,print1:PRINTPKT,emu1:LOGEMU + +# this is a stack for ULOG packet-based logging via LOGEMU +stack=ulog1:ULOG,base1:BASE,ip2str1:IP2STR,print1:PRINTPKT,emu1:LOGEMU + +# this is a stack for packet-based logging via LOGEMU with filtering on MARK +#stack=log2:NFLOG,mark1:MARK,base1:BASE,ifi1:IFINDEX,ip2str1:IP2STR,print1:PRINTPKT,emu1:LOGEMU + +# this is a stack for flow-based logging via LOGEMU +#stack=ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,emu1:LOGEMU + +# this is a stack for flow-based logging via OPRINT +#stack=ct1:NFCT,op1:OPRINT + +# this is a stack for flow-based logging via XML +#stack=ct1:NFCT,xml1:XML + +# this is a stack for logging in XML +#stack=log1:NFLOG,xml1:XML + +# this is a stack for NFLOG packet-based logging to PCAP +#stack=log2:NFLOG,base1:BASE,pcap1:PCAP + +# this is a stack for logging packet to MySQL +#stack=log2:NFLOG,base1:BASE,ifi1:IFINDEX,ip2bin1:IP2BIN,mac2str1:HWHDR,mysql1:MYSQL + +# this is a stack for logging packet to PGsql after a collect via NFLOG +#stack=log2:NFLOG,base1:BASE,ifi1:IFINDEX,ip2str1:IP2STR,mac2str1:HWHDR,pgsql1:PGSQL + +# this is a stack for logging packets to syslog after a collect via NFLOG +#stack=log3:NFLOG,base1:BASE,ifi1:IFINDEX,ip2str1:IP2STR,print1:PRINTPKT,sys1:SYSLOG + +# this is a stack for flow-based logging to MySQL +#stack=ct1:NFCT,ip2bin1:IP2BIN,mysql2:MYSQL + +# this is a stack for flow-based logging to PGSQL +#stack=ct1:NFCT,ip2str1:IP2STR,pgsql2:PGSQL + +# this is a stack for flow-based logging to PGSQL without local hash +#stack=ct1:NFCT,ip2str1:IP2STR,pgsql3:PGSQL + + +# this is a stack for flow-based logging in NACCT compatible format +#stack=ct1:NFCT,ip2str1:IP2STR,nacct1:NACCT + +[ct1] +#netlink_socket_buffer_size=217088 +#netlink_socket_buffer_maxsize=1085440 +#netlink_resync_timeout=60 # seconds to wait to perform resynchronization +#pollinterval=10 # use poll-based logging instead of event-driven + +[ct2] +#netlink_socket_buffer_size=217088 +#netlink_socket_buffer_maxsize=1085440 +hash_enable=0 + +# Logging of system packet through NFLOG +[log1] +# netlink multicast group (the same as the iptables --nflog-group param) +# Group O is used by the kernel to log connection tracking invalid message +group=0 +#netlink_socket_buffer_size=217088 +#netlink_socket_buffer_maxsize=1085440 +# set number of packet to queue inside kernel +#netlink_qthreshold=1 +# set the delay before flushing packet in the queue inside kernel (in 10ms) +#netlink_qtimeout=100 + +# packet logging through NFLOG for group 1 +[log2] +# netlink multicast group (the same as the iptables --nflog-group param) +group=1 # Group has to be different from the one use in log1 +#netlink_socket_buffer_size=217088 +#netlink_socket_buffer_maxsize=1085440 +# If your kernel is older than 2.6.29 and if a NFLOG input plugin with +# group 0 is not used by any stack, you need to have at least one NFLOG +# input plugin with bind set to 1. If you don't do that you may not +# receive any message from the kernel. +#bind=1 + +# packet logging through NFLOG for group 2, numeric_label is +# set to 1 +[log3] +# netlink multicast group (the same as the iptables --nflog-group param) +group=2 # Group has to be different from the one use in log1/log2 +numeric_label=1 # you can label the log info based on the packet verdict +#netlink_socket_buffer_size=217088 +#netlink_socket_buffer_maxsize=1085440 +#bind=1 + +[ulog1] +# netlink multicast group (the same as the iptables --ulog-nlgroup param) +nlgroup=1 +#numeric_label=0 # optional argument + +[emu1] +file="/var/log/ulogd/syslogemu.log" +sync=1 + +[op1] +file="/var/log/ulogd/oprint.log" +#file="/var/log/ulogd_oprint.log" +sync=1 + +[xml1] +directory="/var/log/ulogd/" +sync=1 + +[pcap1] +sync=1 + +[mysql1] +db="nulog" +host="localhost" +user="nupik" +table="ulog" +pass="changeme" +procedure="INSERT_PACKET_FULL" + +[mysql2] +db="nulog" +host="localhost" +user="nupik" +table="ulog" +pass="changeme" +procedure="INSERT_CT" + +[pgsql1] +db="nulog" +host="localhost" +user="nupik" +table="ulog" +pass="changeme" +procedure="INSERT_PACKET_FULL" + +[pgsql2] +db="nulog" +host="localhost" +user="nupik" +table="ulog2_ct" +pass="changeme" +procedure="INSERT_CT" + +[pgsql3] +db="nulog" +host="localhost" +user="nupik" +table="ulog2_ct" +pass="changeme" +procedure="INSERT_OR_REPLACE_CT" + +[dbi1] +db="ulog2" +dbtype="pgsql" +host="localhost" +user="ulog2" +table="ulog" +pass="ulog2" +procedure="INSERT_PACKET_FULL" + +[sys2] +facility=LOG_LOCAL2 + +[nacct1] +sync = 1 + +[mark1] +mark = 1 diff --git a/config-archive/etc/ulogd.conf.dist b/config-archive/etc/ulogd.conf.dist index e5aad26..e272169 100644 --- a/config-archive/etc/ulogd.conf.dist +++ b/config-archive/etc/ulogd.conf.dist @@ -209,6 +209,9 @@ sync=1 # by the input plugin is coding the action on packet: if 0, then # packet has been blocked and if non null it has been accepted. #boolean_label=1 +# Uncomment the following line to use JSON v1 event format that +# can provide better compatility with some JSON file reader. +#eventv1=1 [pcap1] #default file is /var/log/ulogd/ulogd.pcap @@ -298,12 +301,10 @@ procedure="INSERT_PACKET_FULL" [sqlite3_ct] table="ulog_ct" db="/var/log/ulogd/ulogd.sqlite3db" -buffer=200 [sqlite3_pkt] table="ulog_pkt" db="/var/log/ulogd/ulogd.sqlite3db" -buffer=200 [sys2] facility=LOG_LOCAL2 diff --git a/inittab b/inittab index a6f1a04..85ba0c0 100644 --- a/inittab +++ b/inittab @@ -8,34 +8,36 @@ # Modified by: Martin Schlemmer, # Modified by: Mike Frysinger, # Modified by: Robin H. Johnson, +# Modified by: William Hubbs, # -# $Header: /var/cvsroot/gentoo-x86/sys-apps/sysvinit/files/inittab-2.87,v 1.2 2013/04/20 03:51:26 vapier Exp $ +# $Id$ # Default runlevel. id:3:initdefault: # System initialization, mount local filesystems, etc. -si::sysinit:/sbin/rc sysinit +si::sysinit:/sbin/openrc sysinit # Further system initialization, brings up the boot runlevel. -rc::bootwait:/sbin/rc boot - -l0:0:wait:/sbin/rc shutdown -l0s:0:wait:/sbin/halt -dhp -l1:1:wait:/sbin/rc single -l2:2:wait:/sbin/rc nonetwork -l3:3:wait:/sbin/rc default -l4:4:wait:/sbin/rc default -l5:5:wait:/sbin/rc default -l6:6:wait:/sbin/rc reboot -l6r:6:wait:/sbin/reboot -dk +rc::bootwait:/sbin/openrc boot + +l0:0:wait:/sbin/openrc shutdown +l0s:0:wait:/sbin/halt -dhnp +l1:1:wait:/sbin/openrc single +l2:2:wait:/sbin/openrc nonetwork +l3:3:wait:/sbin/openrc default +l4:4:wait:/sbin/openrc default +l5:5:wait:/sbin/openrc default +l6:6:wait:/sbin/openrc reboot +l6r:6:wait:/sbin/reboot -dkn #z6:6:respawn:/sbin/sulogin # new-style single-user -su0:S:wait:/sbin/rc single +su0:S:wait:/sbin/openrc single su1:S:wait:/sbin/sulogin # TERMINALS +#x1:12345:respawn:/sbin/agetty 38400 console linux c1:12345:respawn:/sbin/agetty --noclear 38400 tty1 linux c2:2345:respawn:/sbin/agetty 38400 tty2 linux c3:2345:respawn:/sbin/agetty 38400 tty3 linux diff --git a/postfix/main.cf b/postfix/main.cf index 6b136f4..a63dc90 100644 --- a/postfix/main.cf +++ b/postfix/main.cf @@ -156,8 +156,8 @@ mail_owner = postfix # compatible delivery agent that lookups all recipients in /etc/passwd # and /etc/aliases or their equivalent. # -# The default is $myhostname + localhost.$mydomain. On a mail domain -# gateway, you should also include $mydomain. +# The default is $myhostname + localhost.$mydomain + localhost. On +# a mail domain gateway, you should also include $mydomain. # # Do not specify the names of virtual domains - those domains are # specified elsewhere (see VIRTUAL_README). @@ -662,7 +662,7 @@ setgid_group = postdrop # html_directory: The location of the Postfix HTML documentation. # -html_directory = /usr/share/doc/postfix-3.0.3-r1/html +html_directory = /usr/share/doc/postfix-3.1.0/html # manpage_directory: The location of the Postfix on-line manual pages. # @@ -675,8 +675,7 @@ sample_directory = /etc/postfix # readme_directory: The location of the Postfix README files. # -readme_directory = /usr/share/doc/postfix-3.0.3-r1/readme - +readme_directory = /usr/share/doc/postfix-3.1.0/readme #inet_protocols = ipv4 meta_directory = /etc/postfix shlib_directory = /usr/lib64/postfix/${mail_version} diff --git a/ulogd.conf b/ulogd.conf index 642b6e1..4624487 100644 --- a/ulogd.conf +++ b/ulogd.conf @@ -209,6 +209,9 @@ sync=1 # by the input plugin is coding the action on packet: if 0, then # packet has been blocked and if non null it has been accepted. #boolean_label=1 +# Uncomment the following line to use JSON v1 event format that +# can provide better compatility with some JSON file reader. +#eventv1=1 [pcap1] #default file is /var/log/ulogd/ulogd.pcap @@ -298,12 +301,10 @@ procedure="INSERT_PACKET_FULL" [sqlite3_ct] table="ulog_ct" db="/var/log/ulogd/ulogd.sqlite3db" -buffer=200 [sqlite3_pkt] table="ulog_pkt" db="/var/log/ulogd/ulogd.sqlite3db" -buffer=200 [sys2] facility=LOG_LOCAL2