From: Frank Brehm Date: Tue, 23 Feb 2016 16:49:18 +0000 (+0100) Subject: Current state X-Git-Url: https://git.uhu-banane.org/?a=commitdiff_plain;h=278d9b0f5a196503f14fea5b3b44520db35127d9;p=config%2Fns3%2Fetc.git Current state --- diff --git a/alternatives/lzcat b/alternatives/lzcat new file mode 120000 index 0000000..1482e0d --- /dev/null +++ b/alternatives/lzcat @@ -0,0 +1 @@ +/usr/bin/xzcat \ No newline at end of file diff --git a/alternatives/lzcat.1.gz b/alternatives/lzcat.1.gz new file mode 120000 index 0000000..c078545 --- /dev/null +++ b/alternatives/lzcat.1.gz @@ -0,0 +1 @@ +/usr/share/man/man1/xzcat.1.gz \ No newline at end of file diff --git a/alternatives/lzcmp b/alternatives/lzcmp new file mode 120000 index 0000000..5cdef99 --- /dev/null +++ b/alternatives/lzcmp @@ -0,0 +1 @@ +/usr/bin/xzcmp \ No newline at end of file diff --git a/alternatives/lzcmp.1.gz b/alternatives/lzcmp.1.gz new file mode 120000 index 0000000..f0bafbe --- /dev/null +++ b/alternatives/lzcmp.1.gz @@ -0,0 +1 @@ +/usr/share/man/man1/xzcmp.1.gz \ No newline at end of file diff --git a/alternatives/lzdiff b/alternatives/lzdiff new file mode 120000 index 0000000..0e42921 --- /dev/null +++ b/alternatives/lzdiff @@ -0,0 +1 @@ +/usr/bin/xzdiff \ No newline at end of file diff --git a/alternatives/lzdiff.1.gz b/alternatives/lzdiff.1.gz new file mode 120000 index 0000000..5687b0a --- /dev/null +++ b/alternatives/lzdiff.1.gz @@ -0,0 +1 @@ +/usr/share/man/man1/xzdiff.1.gz \ No newline at end of file diff --git a/alternatives/lzegrep b/alternatives/lzegrep new file mode 120000 index 0000000..5fee024 --- /dev/null +++ b/alternatives/lzegrep @@ -0,0 +1 @@ +/usr/bin/xzegrep \ No newline at end of file diff --git a/alternatives/lzegrep.1.gz b/alternatives/lzegrep.1.gz new file mode 120000 index 0000000..c9ad6de --- /dev/null +++ b/alternatives/lzegrep.1.gz @@ -0,0 +1 @@ +/usr/share/man/man1/xzegrep.1.gz \ No newline at end of file diff --git a/alternatives/lzfgrep b/alternatives/lzfgrep new file mode 120000 index 0000000..1b64c1b --- /dev/null +++ b/alternatives/lzfgrep @@ -0,0 +1 @@ +/usr/bin/xzfgrep \ No newline at end of file diff --git a/alternatives/lzfgrep.1.gz b/alternatives/lzfgrep.1.gz new file mode 120000 index 0000000..b292ba9 --- /dev/null +++ b/alternatives/lzfgrep.1.gz @@ -0,0 +1 @@ +/usr/share/man/man1/xzfgrep.1.gz \ No newline at end of file diff --git a/alternatives/lzgrep b/alternatives/lzgrep new file mode 120000 index 0000000..05ef59b --- /dev/null +++ b/alternatives/lzgrep @@ -0,0 +1 @@ +/usr/bin/xzgrep \ No newline at end of file diff --git a/alternatives/lzgrep.1.gz b/alternatives/lzgrep.1.gz new file mode 120000 index 0000000..8ccd2c5 --- /dev/null +++ b/alternatives/lzgrep.1.gz @@ -0,0 +1 @@ +/usr/share/man/man1/xzgrep.1.gz \ No newline at end of file diff --git a/alternatives/lzless b/alternatives/lzless new file mode 120000 index 0000000..5415736 --- /dev/null +++ b/alternatives/lzless @@ -0,0 +1 @@ +/usr/bin/xzless \ No newline at end of file diff --git a/alternatives/lzless.1.gz b/alternatives/lzless.1.gz new file mode 120000 index 0000000..bc81750 --- /dev/null +++ b/alternatives/lzless.1.gz @@ -0,0 +1 @@ +/usr/share/man/man1/xzless.1.gz \ No newline at end of file diff --git a/alternatives/lzma b/alternatives/lzma new file mode 120000 index 0000000..cdc9bb5 --- /dev/null +++ b/alternatives/lzma @@ -0,0 +1 @@ +/usr/bin/xz \ No newline at end of file diff --git a/alternatives/lzma.1.gz b/alternatives/lzma.1.gz new file mode 120000 index 0000000..16e4bcc --- /dev/null +++ b/alternatives/lzma.1.gz @@ -0,0 +1 @@ +/usr/share/man/man1/xz.1.gz \ No newline at end of file diff --git a/alternatives/lzmore b/alternatives/lzmore new file mode 120000 index 0000000..1fad361 --- /dev/null +++ b/alternatives/lzmore @@ -0,0 +1 @@ +/usr/bin/xzmore \ No newline at end of file diff --git a/alternatives/lzmore.1.gz b/alternatives/lzmore.1.gz new file mode 120000 index 0000000..e79dfa4 --- /dev/null +++ b/alternatives/lzmore.1.gz @@ -0,0 +1 @@ +/usr/share/man/man1/xzmore.1.gz \ No newline at end of file diff --git a/alternatives/unlzma b/alternatives/unlzma new file mode 120000 index 0000000..c730a4a --- /dev/null +++ b/alternatives/unlzma @@ -0,0 +1 @@ +/usr/bin/unxz \ No newline at end of file diff --git a/alternatives/unlzma.1.gz b/alternatives/unlzma.1.gz new file mode 120000 index 0000000..c772f41 --- /dev/null +++ b/alternatives/unlzma.1.gz @@ -0,0 +1 @@ +/usr/share/man/man1/unxz.1.gz \ No newline at end of file diff --git a/apt/apt.conf.d/00recommends b/apt/apt.conf.d/00recommends new file mode 100644 index 0000000..7fecedc --- /dev/null +++ b/apt/apt.conf.d/00recommends @@ -0,0 +1,2 @@ +APT::Install-Recommends "false"; +Aptitude::Recommends-Important "false"; diff --git a/apt/apt.conf.d/01autoremove-kernels b/apt/apt.conf.d/01autoremove-kernels index 3fb87d3..3555efb 100644 --- a/apt/apt.conf.d/01autoremove-kernels +++ b/apt/apt.conf.d/01autoremove-kernels @@ -1,37 +1,26 @@ // DO NOT EDIT! File autogenerated by /etc/kernel/postinst.d/apt-auto-removal APT::NeverAutoRemove { - "^linux-image-3\.16\.0-30-generic$"; "^linux-image-3\.16\.0-4-amd64$"; "^linux-image-4\.1\.6-gridscale$"; - "^linux-headers-3\.16\.0-30-generic$"; "^linux-headers-3\.16\.0-4-amd64$"; "^linux-headers-4\.1\.6-gridscale$"; - "^linux-image-extra-3\.16\.0-30-generic$"; "^linux-image-extra-3\.16\.0-4-amd64$"; "^linux-image-extra-4\.1\.6-gridscale$"; - "^linux-signed-image-3\.16\.0-30-generic$"; "^linux-signed-image-3\.16\.0-4-amd64$"; "^linux-signed-image-4\.1\.6-gridscale$"; - "^kfreebsd-image-3\.16\.0-30-generic$"; "^kfreebsd-image-3\.16\.0-4-amd64$"; "^kfreebsd-image-4\.1\.6-gridscale$"; - "^kfreebsd-headers-3\.16\.0-30-generic$"; "^kfreebsd-headers-3\.16\.0-4-amd64$"; "^kfreebsd-headers-4\.1\.6-gridscale$"; - "^gnumach-image-3\.16\.0-30-generic$"; "^gnumach-image-3\.16\.0-4-amd64$"; "^gnumach-image-4\.1\.6-gridscale$"; - "^.*-modules-3\.16\.0-30-generic$"; "^.*-modules-3\.16\.0-4-amd64$"; "^.*-modules-4\.1\.6-gridscale$"; - "^.*-kernel-3\.16\.0-30-generic$"; "^.*-kernel-3\.16\.0-4-amd64$"; "^.*-kernel-4\.1\.6-gridscale$"; - "^linux-backports-modules-.*-3\.16\.0-30-generic$"; "^linux-backports-modules-.*-3\.16\.0-4-amd64$"; "^linux-backports-modules-.*-4\.1\.6-gridscale$"; - "^linux-tools-3\.16\.0-30-generic$"; "^linux-tools-3\.16\.0-4-amd64$"; "^linux-tools-4\.1\.6-gridscale$"; }; diff --git a/apt/repo.uhu-deb8-1.PublicKey b/apt/repo.uhu-deb8-1.PublicKey new file mode 100644 index 0000000..02152c5 --- /dev/null +++ b/apt/repo.uhu-deb8-1.PublicKey @@ -0,0 +1,52 @@ +-----BEGIN PGP PUBLIC KEY BLOCK----- +Version: GnuPG v1 + +mQINBFavlWMBEAC+YKENyf64sRtMCDUmbe14mY+35YHaXDLZfM73DXf/ueQawY2U +hUEcG9adiGP/n7f5E2UMckWc21TqwM5ALXhUcdnFbkpayyPTMLrp3/2SsBVVTOO5 +j+RVrAEuVl7dBwcrcN51n3Q5E1rsBnVX+5kZ+B1wCSpk7kY8j2T7Ou+79HjBwEfQ +X04nFIvpPZnM1Hq4ZYpomynADarWLu16WS86LkumC9Fs35bDmtQGEifDuEG8yr9k +E0ocmNZMLfOS6OaHQMN6RYBsnF8nSrGznXvp0KQYs86YPdbjoZKpRUq3zqSsaJqv +HgJzonZuadHI6A5Yj5CBsTwneMR3X5RPXtGmiHO/PG+G0c9ZtC5T0pTMvEx5q/o1 +HW8HilGboFxIz01Lf783F82GLA2rwGdeig4hrtgkdBddZCm5GOev7PvhTgnQ5Koc +llUhxiyh0YlrkM1Mv7Q76lWRX3z0UtzrMDdMNt52DnO8vkm0RMYvRWeebTA74N7j +n0/Oh8LjVh8lTdTdxruviV6+8hxDHcUy3T2Nc2knasxRdxcJ5hlwuKJ9YCeb5Pya +LFW6e+KrdxlYnsnYBnpmbi2fFZtLEXv1q7L9wfC37BT6AQNFgjgd8lgVsnQJOTsm +oexUinvzpuc5m/N9z9Pt6Wr4KYZ/Kh4l39Lzjlssn+I+VlXrp3ql/DRK6QARAQAB +tDxSZXBvc2l0b3J5IEFkbWluIGZvciBGcmFuayBCcmVobSA8cGFja2FnZXNAYnJl +aG0tb25saW5lLmNvbT6JAj4EEwECACgFAlavlWMCGwMFCRLMAwAGCwkIBwMCBhUI +AgkKCwQWAgMBAh4BAheAAAoJELqtpQR6P8vU0GIQAKp/pJ4ArqnHoaP2OGG14B8P +ivh7YaeZRx5HmZyJdsXLbdMJ8FM/dLvx0wqNM7HtzN11zEqroLeULPJcURiwavF0 +RndFkS9+0QIxCCYZrgpSyR+2UJgGeSzbOipND71elZQ3U6QlDJT/90XsZQwfJNUh +Ibd3SeT1iW6ARvvZucFmcqgla67IG88Hq80RyZGoepqb73jGDsgw9/3c+Qtv7VBt +lOZ+pgQksZHMhTWOpQ/JqOocDk6vfqzHOs+0QwbdaBxdBmRtLkBf0/uvkFvqC/R8 +JANdWvoCJqFnnI8QskbtvcnPiSLjqLtxcL+VGn5PjLD6cU8L+WyXfHMiBRZMetuw +PFlo+Apz9o6Nh7Pg6N875zVSoJFko/w5hTqUBVIFGKCypLJEhOXfFMbTTx/b1/Gi +yP6vp3V+n3QoxMt99THXSGOrzMu3TfDyNZGDgcq8N6T0MvOM0H0iMIZga6gbqgIm +qPz2pSpAvZxe5/T48JpYOKiLqTd+Abx6I2scx5VqKrS9tINJWXEwAL0/oR8hcEzO +QFgFwjwaj7RD3WSLWKy+dwhGVguLKGdPqkOuHj0yl/S6Wcfc3tNZZIm2kauvLI1l +qp7qk+qMqeJVD0zqL1SyGSNT9YCndCewuso5VMKHyvTVL62X/xGhwAFgsK7qLFj/ +7sftZtXBk8CMv6UvxF0ouQINBFavlWMBEAC4P5+Miz+VbsFss0RHKiSs/+PgusQg +85lk4J7zQj2S2MseJ35sJSqNX0MUSQ6BCoem+nQSwa1P4enCVonBRyWGRSbUurG/ +ip+WfrsFzHMZmr0JXw8gh/a3Zt9qwz5irERX0p6EDvwPwY411aCm4o+vdj0dPV/T +CUX6s2dbrl2E2SAsjTzNi7bvKrPPUlufPHVp9o/LZolW40BL4C3r+1PwQFJN/0Np +DMoKKIVdpmQcz/Ndz7+vFg4YlaeGfIOBt3kzcjt+AiSv+8L0XmtkM/W498VwkSzv +rqUafJYPK+JtnWxgA7VyGj2fG9BncLONSAs+L1bSKKVQAt8G0H92MWIIUGDNry0b +fM33xspNmB/7a3Bb9Cfq9eH3FWcMnBjZTGuPbKUEgVRUjyXCqIaDVvrGZBp8MLzZ +Rg8qybxXMe9liwGdbytf34LMczO1rJN/zDkGf4mIx9LbaNFgcYCRXcb2SIpoW9F6 +hjKPf0+pRQmrelh8KMIevR1MJka3mV0tTN26gG+NBVkR8JjR766VOr5N/ebOAkcP +GB/oBvmR4TEcqVZnYcDxmhr3Wvv4JjzbwNf0B+TYemq/9w1/IxCsNmx6WoJrdldO +vk/iZrcF0qCTPeY0i8p+TorZfXkE6lzBqOg6YlTERPdbF1erXPkloRe7fp2iiHTF +HVTe+0SOhSYUDwARAQABiQIlBBgBAgAPBQJWr5VjAhsMBQkSzAMAAAoJELqtpQR6 +P8vUwLsP+wcduVskRjvL5GzFoYv1fvq/V63x66s3ujWYkxYL0l5VVkcoavNl9BN8 +Ob8G1tfbSazODO8BQchqDxoD0RjZuR3E1AM8Qxx9UEP6jqhGYVAuutesRHeotkua +QZOcpnVZ5E9SrBTt9xNu6IN8aOMN5TSwqvJsnCLQYUJtluM9luawO7d7ByGWWCpT +oVjZ2hs4tqZXYz44pCj+TKfRZ1trYdEiQmv3hTY/LhZN3OszZZ/U7ED7UGPxdZ/D +yCfNRIwhsTeGhB/JnxgamMShcV6p6VJWO3d2ST5wmTV+hgc12EDonAcOaL1W4gM+ +agmxoSg4utzNRK5yxBdIG/cwSeaGhvVK/PVAnfyeckm4esdgvFX0+lYbq58g/c0n +VmVsy8sTCK7bWzw83CqQ8a4AydjGKQ5Y8aV87IyDsKnxM57l5+/bjL/eCOAolzFO +hdoNuTkC94vB6WmIqN1FlvL9aSYpUtu+UxiF301t7WmBkuMatCvlqk4gikkY55dh +oNAuJQCnlv5eqTJzHm41Xc0mPxVuy9shCXY3okuCPoub1pZOGtpDYaoEha34sHLl +Iqnb4/+OaY2g4pJzevoQzRDPlPI0knUk0LRtjTyt1JpMgfr2+3EF/oFEyd4nPpgx +EbsYN/rGbaX6tQzDFkFrUA61rjn9C2vr+LYoGcHmWX1oeyVV2OS5 +=1kpZ +-----END PGP PUBLIC KEY BLOCK----- diff --git a/apt/sources.list.d/fbrehm.list b/apt/sources.list.d/fbrehm.list new file mode 100644 index 0000000..59d6e17 --- /dev/null +++ b/apt/sources.list.d/fbrehm.list @@ -0,0 +1,6 @@ +# Packages Frank Brehm +# --------------------- + +#deb http://www.brehm-online.com/debian/jessie ./ +deb http://uhu8.uhu-banane.de/Debian/jessie ./ +deb-src http://uhu8.uhu-banane.de/Sources ./ diff --git a/apt/trusted.gpg b/apt/trusted.gpg new file mode 100644 index 0000000..c907e57 Binary files /dev/null and b/apt/trusted.gpg differ diff --git a/apticron/apticron.conf b/apticron/apticron.conf new file mode 100644 index 0000000..07b3bcc --- /dev/null +++ b/apticron/apticron.conf @@ -0,0 +1,100 @@ +# apticron.conf +# +# set EMAIL to a space separated list of addresses which will be notified of +# impending updates +# +EMAIL="root" + +# +# Set DIFF_ONLY to "1" to only output the difference of the current run +# compared to the last run (ie. only new upgrades since the last run). If there +# are no differences, no output/email will be generated. By default, apticron +# will output everything that needs to be upgraded. +# +# DIFF_ONLY="1" + +# +# Set LISTCHANGES_PROFILE if you would like apticron to invoke apt-listchanges +# with the --profile option. You should add a corresponding profile to +# /etc/apt/listchanges.conf +# +# LISTCHANGES_PROFILE="apticron" + +# +# From hostname manpage: "Displays all FQDNs of the machine. This option +# enumerates all configured network addresses on all configured network inter‐ +# faces, and translates them to DNS domain names. Addresses that cannot be +# translated (i.e. because they do not have an appro‐ priate reverse DNS +# entry) are skipped. Note that different addresses may resolve to the same +# name, therefore the output may contain duplicate entries. Do not make any +# assumptions about the order of the output." +# +# ALL_FQDNS="1" + +# +# Set SYSTEM if you would like apticron to use something other than the output +# of "hostname -f" for the system name in the mails it generates. This option +# overrides the ALL_FQDNS above. +# +# SYSTEM="foobar.example.com" + +# +# Set IPADDRESSNUM if you would like to configure the maximal number of IP +# addresses apticron displays. The default is to display 1 address of each +# family type (inet, inet6), if available. +# +# IPADDRESSNUM="1" + +# +# Set IPADDRESSES to a whitespace separated list of reachable addresses for +# this system. By default, apticron will try to work these out using the +# "ip" command +# +# IPADDRESSES="192.0.2.1 2001:db8:1:2:3::1" + +# +# Set NOTIFY_HOLDS="0" if you don't want to be notified about new versions of +# packages on hold in your system. The default behavior is downloading and +# listing them as any other package. +# +# NOTIFY_HOLDS="0" + +# +# Set NOTIFY_NEW="0" if you don't want to be notified about packages which +# are not installed in your system. Yes, it's possible! There are some issues +# related to systems which have mixed stable/unstable sources. In these cases +# apt-get will consider for example that packages with "Priority: +# required"/"Essential: yes" in unstable but not in stable should be installed, +# so they will be listed in dist-upgrade output. Please take a look at +# http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=531002#44 +# +# NOTIFY_NEW="0" + +# +# Set NOTIFY_NO_UPDATES="0" if you don't want to be notified when there is no +# new versions. Set to 1 could assure you that apticron works well. +# +# NOTIFY_NO_UPDATES="0" + +# +# Set CUSTOM_SUBJECT if you want to replace the default subject used in +# the notification e-mails. This may help filtering/sorting client-side e-mail. +# If you want to use internal vars please use single quotes here. Ex: +# $CUSTOM_SUBJECT='[apticron] $SYSTEM: $NUM_PACKAGES package update(s)' +# +# CUSTOM_SUBJECT="" + +# Set CUSTOM_NO_UPDATES_SUBJECT if you want to replace the default subject used +# in the no update notification e-mails. This may help filtering/sorting +# client-side e-mail. +# If you want to use internal vars please use single quotes here. Ex: +# $CUSTOM_NO_UPDATES_SUBJECT='[apticron] $SYSTEM: no updates' +# +# CUSTOM_NO_UPDATES_SUBJECT="" + +# +# Set CUSTOM_FROM if you want to replace the default sender by changing the +# 'From:' field used in the notification e-mails. Your default sender will +# be something like root@ns3.uhu-banane.de. +# +# CUSTOM_FROM="" diff --git a/bash_completion.d/fail2ban b/bash_completion.d/fail2ban new file mode 100644 index 0000000..7a42bd1 --- /dev/null +++ b/bash_completion.d/fail2ban @@ -0,0 +1,149 @@ +# fail2ban bash-completion -*- shell-script -*- +# +# This file is part of Fail2Ban. +# +# Fail2Ban is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# Fail2Ban is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Fail2Ban; if not, write to the Free Software +# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. + +__fail2ban_jails () { + "$1" status 2>/dev/null | awk -F"\t+" '/Jail list/{print $2}' | sed 's/, / /g' +} + +_fail2ban () { + local cur prev words cword + _init_completion || return + + case $prev in + -V|--version|-h|--help) + return 0 # No further completion valid + ;; + -c) + _filedir -d # Directories + return 0 + ;; + -s|-p) + _filedir # Files + return 0 + ;; + *) + if [[ "$cur" == "-"* ]];then + COMPREPLY=( $( compgen -W \ + "$( _parse_help "$1" --help 2>/dev/null) -V" \ + -- "$cur") ) + return 0 + fi + ;; + esac + + if [[ "$1" == *"fail2ban-regex" ]];then + _filedir + return 0 + elif [[ "$1" == *"fail2ban-client" ]];then + local cmd jail + case $prev in + "$1") + COMPREPLY=( $( compgen -W \ + "$( "$1" --help 2>/dev/null | awk '/^ [a-z]+/{print $1}')" \ + -- "$cur") ) + return 0 + ;; + start|reload|stop|status) + COMPREPLY=( $(compgen -W "$(__fail2ban_jails "$1")" -- "$cur" ) ) + return 0 + ;; + set|get) + COMPREPLY=( $( compgen -W \ + "$( "$1" --help 2>/dev/null | awk '/^ '$prev' [^<]/{print $2}')" \ + -- "$cur") ) + COMPREPLY+=( $(compgen -W "$(__fail2ban_jails "$1")" -- "$cur" ) ) + return 0 + ;; + *) + if [[ "${words[$cword-2]}" == "add" ]];then + COMPREPLY=( $( compgen -W "auto polling gamin pyinotify" -- "$cur" ) ) + return 0 + elif [[ "${words[$cword-2]}" == "set" || "${words[$cword-2]}" == "get" ]];then + cmd="${words[cword-2]}" + # Handle in section below + elif [[ "${words[$cword-3]}" == "set" || "${words[$cword-3]}" == "get" ]];then + cmd="${words[$cword-3]}" + jail="${words[$cword-2]}" + # Handle in section below + fi + ;; + esac + + if [[ -z "$jail" && -n "$cmd" ]];then + case $prev in + loglevel) + if [[ "$cmd" == "set" ]];then + COMPREPLY=( $( compgen -W "0 1 2 3 4" -- "$cur" ) ) + fi + return 0 + ;; + logtarget) + if [[ "$cmd" == "set" ]];then + COMPREPLY=( $( compgen -W "STDOUT STDERR SYSLOG" -- "$cur" ) ) + _filedir # And files + fi + return 0 + ;; + *) # Jail name + COMPREPLY=( $( compgen -W \ + "$( "$1" --help 2>/dev/null | awk '/^ '${cmd}' /{print $3}')" \ + -- "$cur") ) + return 0 + ;; + esac + elif [[ -n "$jail" && "$cmd" == "set" ]];then + case $prev in + addlogpath) + _filedir + return 0 + ;; + dellogpath|delignoreip) + COMPREPLY=( $( compgen -W \ + "$( "$1" get "$jail" "${prev/del/}" 2>/dev/null | awk -F- '{print $2}')" \ + -- "$cur" ) ) + if [[ -z "$COMPREPLY" && "$prev" == "dellogpath" ]];then + _filedir + fi + return 0 + ;; + delfailregex|delignoregex) + COMPREPLY=( $( compgen -W \ + "$( "$1" get "$jail" "${prev/del/}" 2>/dev/null | awk -F"[][]" '{print $2}')" \ + -- "$cur" ) ) + return 0 + ;; + unbanip) + COMPREPLY=( $( compgen -W \ + "$( "$1" status "$jail" 2>/dev/null | awk -F"\t+" '/IP list:/{print $2}')" \ + -- "$cur" ) ) + return 0 + ;; + idle) + COMPREPLY=( $( compgen -W "on off" -- "$cur" ) ) + return 0 + ;; + usedns) + COMPREPLY=( $( compgen -W "yes no warn" -- "$cur" ) ) + return 0 + ;; + esac + fi + + fi # fail2ban-client +} && +complete -F _fail2ban fail2ban-client fail2ban-server fail2ban-regex diff --git a/bash_completion.d/isoquery b/bash_completion.d/isoquery new file mode 100644 index 0000000..c27ed05 --- /dev/null +++ b/bash_completion.d/isoquery @@ -0,0 +1,45 @@ +# /etc/bash_completion.d/isoquery +# Programmable Bash command completion for the ‘isoquery’ command. + +shopt -s progcomp + +_isoquery_completion () { + local cur prev opts + + COMPREPLY=() + cur="${COMP_WORDS[COMP_CWORD]}" + prev="${COMP_WORDS[COMP_CWORD-1]}" + + opts="-h --help -v --version" + opts="${opts} -i --iso -x --xmlfile -l --locale -0 --null" + opts="${opts} -n --name -o --official_name -c --common_name" + + case "${prev}" in + -i|--iso) + local standards=(639 639-3 639-5 3166 3166-2 4217 15924) + COMPREPLY=( $(compgen -W "${standards[*]}" -- ${cur}) ) + ;; + + -x|--xmlfile) + COMPREPLY=( $(compgen -A file -- ${cur}) ) + ;; + + -l|--locale) + local locale_names=$(locale --all-locales) + COMPREPLY=( $(compgen -W "${locale_names}" -- ${cur}) ) + ;; + + *) + COMPREPLY=($(compgen -W "${opts}" -- ${cur})) + ;; + esac +} + +complete -F _isoquery_completion isoquery + + +# Local variables: +# coding: utf-8 +# mode: shell-script +# End: +# vim: fileencoding=utf-8 filetype=bash : diff --git a/ca-certificates.conf b/ca-certificates.conf index 9e08541..8bad138 100644 --- a/ca-certificates.conf +++ b/ca-certificates.conf @@ -21,16 +21,16 @@ mozilla/AffirmTrust_Commercial.crt mozilla/AffirmTrust_Networking.crt mozilla/AffirmTrust_Premium.crt mozilla/AffirmTrust_Premium_ECC.crt -mozilla/America_Online_Root_Certification_Authority_1.crt -mozilla/America_Online_Root_Certification_Authority_2.crt +!mozilla/America_Online_Root_Certification_Authority_1.crt +!mozilla/America_Online_Root_Certification_Authority_2.crt mozilla/ApplicationCA_-_Japanese_Government.crt mozilla/Atos_TrustedRoot_2011.crt -mozilla/A-Trust-nQual-03.crt +!mozilla/A-Trust-nQual-03.crt mozilla/Autoridad_de_Certificacion_Firmaprofesional_CIF_A62634068.crt mozilla/Baltimore_CyberTrust_Root.crt mozilla/Buypass_Class_2_CA_1.crt mozilla/Buypass_Class_2_Root_CA.crt -mozilla/Buypass_Class_3_CA_1.crt +!mozilla/Buypass_Class_3_CA_1.crt mozilla/Buypass_Class_3_Root_CA.crt mozilla/CA_Disig.crt mozilla/CA_Disig_Root_R1.crt @@ -52,7 +52,7 @@ mozilla/COMODO_ECC_Certification_Authority.crt mozilla/Comodo_Secure_Services_root.crt mozilla/Comodo_Trusted_Services_root.crt mozilla/ComSign_CA.crt -mozilla/ComSign_Secured_CA.crt +!mozilla/ComSign_Secured_CA.crt mozilla/Cybertrust_Global_Root.crt mozilla/Deutsche_Telekom_Root_CA_2.crt mozilla/DigiCert_Assured_ID_Root_CA.crt @@ -63,8 +63,8 @@ mozilla/DigiCert_Global_Root_G2.crt mozilla/DigiCert_Global_Root_G3.crt mozilla/DigiCert_High_Assurance_EV_Root_CA.crt mozilla/DigiCert_Trusted_Root_G4.crt -mozilla/Digital_Signature_Trust_Co._Global_CA_1.crt -mozilla/Digital_Signature_Trust_Co._Global_CA_3.crt +!mozilla/Digital_Signature_Trust_Co._Global_CA_1.crt +!mozilla/Digital_Signature_Trust_Co._Global_CA_3.crt mozilla/DST_ACES_CA_X6.crt mozilla/DST_Root_CA_X3.crt mozilla/D-TRUST_Root_Class_3_CA_2_2009.crt @@ -72,7 +72,7 @@ mozilla/D-TRUST_Root_Class_3_CA_2_EV_2009.crt mozilla/EBG_Elektronik_Sertifika_Hizmet_Sağlayıcısı.crt mozilla/EC-ACC.crt mozilla/EE_Certification_Centre_Root_CA.crt -mozilla/E-Guven_Kok_Elektronik_Sertifika_Hizmet_Saglayicisi.crt +!mozilla/E-Guven_Kok_Elektronik_Sertifika_Hizmet_Saglayicisi.crt mozilla/Entrust.net_Premium_2048_Secure_Server_CA.crt mozilla/Entrust_Root_Certification_Authority.crt mozilla/ePKI_Root_Certification_Authority.crt @@ -93,7 +93,7 @@ mozilla/GlobalSign_Root_CA_-_R2.crt mozilla/GlobalSign_Root_CA_-_R3.crt mozilla/Go_Daddy_Class_2_CA.crt mozilla/Go_Daddy_Root_Certificate_Authority_-_G2.crt -mozilla/GTE_CyberTrust_Global_Root.crt +!mozilla/GTE_CyberTrust_Global_Root.crt mozilla/Hellenic_Academic_and_Research_Institutions_RootCA_2011.crt mozilla/Hongkong_Post_Root_CA_1.crt mozilla/IGC_A.crt @@ -123,7 +123,7 @@ mozilla/SecureTrust_CA.crt mozilla/Security_Communication_EV_RootCA1.crt mozilla/Security_Communication_RootCA2.crt mozilla/Security_Communication_Root_CA.crt -mozilla/SG_TRUST_SERVICES_RACINE.crt +!mozilla/SG_TRUST_SERVICES_RACINE.crt mozilla/Sonera_Class_1_Root_CA.crt mozilla/Sonera_Class_2_Root_CA.crt mozilla/Staat_der_Nederlanden_Root_CA.crt @@ -142,25 +142,25 @@ mozilla/SwissSign_Gold_CA_-_G2.crt mozilla/SwissSign_Platinum_CA_-_G2.crt mozilla/SwissSign_Silver_CA_-_G2.crt mozilla/Taiwan_GRCA.crt -mozilla/TC_TrustCenter_Class_2_CA_II.crt +!mozilla/TC_TrustCenter_Class_2_CA_II.crt mozilla/TC_TrustCenter_Class_3_CA_II.crt -mozilla/TC_TrustCenter_Universal_CA_I.crt +!mozilla/TC_TrustCenter_Universal_CA_I.crt mozilla/TeliaSonera_Root_CA_v1.crt -mozilla/Thawte_Premium_Server_CA.crt +!mozilla/Thawte_Premium_Server_CA.crt mozilla/thawte_Primary_Root_CA.crt mozilla/thawte_Primary_Root_CA_-_G2.crt mozilla/thawte_Primary_Root_CA_-_G3.crt -mozilla/Thawte_Server_CA.crt +!mozilla/Thawte_Server_CA.crt mozilla/Trustis_FPS_Root_CA.crt mozilla/T-TeleSec_GlobalRoot_Class_2.crt mozilla/T-TeleSec_GlobalRoot_Class_3.crt mozilla/TÜBİTAK_UEKAE_Kök_Sertifika_Hizmet_Sağlayıcısı_-_Sürüm_3.crt -mozilla/TURKTRUST_Certificate_Services_Provider_Root_1.crt +!mozilla/TURKTRUST_Certificate_Services_Provider_Root_1.crt mozilla/TURKTRUST_Certificate_Services_Provider_Root_2007.crt -mozilla/TURKTRUST_Certificate_Services_Provider_Root_2.crt +!mozilla/TURKTRUST_Certificate_Services_Provider_Root_2.crt mozilla/TWCA_Global_Root_CA.crt mozilla/TWCA_Root_Certification_Authority.crt -mozilla/UTN_DATACorp_SGC_Root_CA.crt +!mozilla/UTN_DATACorp_SGC_Root_CA.crt mozilla/UTN_USERFirst_Email_Root_CA.crt mozilla/UTN_USERFirst_Hardware_Root_CA.crt mozilla/Verisign_Class_1_Public_Primary_Certification_Authority.crt @@ -174,7 +174,7 @@ mozilla/Verisign_Class_3_Public_Primary_Certification_Authority_-_G2.crt mozilla/Verisign_Class_3_Public_Primary_Certification_Authority_-_G3.crt mozilla/VeriSign_Class_3_Public_Primary_Certification_Authority_-_G4.crt mozilla/VeriSign_Class_3_Public_Primary_Certification_Authority_-_G5.crt -mozilla/Verisign_Class_4_Public_Primary_Certification_Authority_-_G3.crt +!mozilla/Verisign_Class_4_Public_Primary_Certification_Authority_-_G3.crt mozilla/VeriSign_Universal_Root_Certification_Authority.crt mozilla/Visa_eCommerce_Root.crt mozilla/WellsSecure_Public_Root_Certificate_Authority.crt @@ -182,3 +182,22 @@ mozilla/WoSign_China.crt mozilla/WoSign.crt mozilla/XRamp_Global_CA_Root.crt spi-inc.org/spi-cacert-2008.crt +mozilla/CA_WoSign_ECC_Root.crt +mozilla/Certification_Authority_of_WoSign_G2.crt +mozilla/Certinomis_-_Root_CA.crt +mozilla/CFCA_EV_ROOT.crt +mozilla/COMODO_RSA_Certification_Authority.crt +mozilla/Entrust_Root_Certification_Authority_-_EC1.crt +mozilla/Entrust_Root_Certification_Authority_-_G2.crt +mozilla/GlobalSign_ECC_Root_CA_-_R4.crt +mozilla/GlobalSign_ECC_Root_CA_-_R5.crt +mozilla/IdenTrust_Commercial_Root_CA_1.crt +mozilla/IdenTrust_Public_Sector_Root_CA_1.crt +mozilla/OISTE_WISeKey_Global_Root_GB_CA.crt +mozilla/Staat_der_Nederlanden_EV_Root_CA.crt +mozilla/Staat_der_Nederlanden_Root_CA_-_G3.crt +mozilla/S-TRUST_Universal_Root_CA.crt +mozilla/TÜRKTRUST_Elektronik_Sertifika_Hizmet_Sağlayıcısı_H5.crt +mozilla/TÜRKTRUST_Elektronik_Sertifika_Hizmet_Sağlayıcısı_H6.crt +mozilla/USERTrust_ECC_Certification_Authority.crt +mozilla/USERTrust_RSA_Certification_Authority.crt diff --git a/ca-certificates.conf.dpkg-old b/ca-certificates.conf.dpkg-old new file mode 100644 index 0000000..9e08541 --- /dev/null +++ b/ca-certificates.conf.dpkg-old @@ -0,0 +1,184 @@ +# This file lists certificates that you wish to use or to ignore to be +# installed in /etc/ssl/certs. +# update-ca-certificates(8) will update /etc/ssl/certs by reading this file. +# +# This is autogenerated by dpkg-reconfigure ca-certificates. +# Certificates should be installed under /usr/share/ca-certificates +# and files with extension '.crt' is recognized as available certs. +# +# line begins with # is comment. +# line begins with ! is certificate filename to be deselected. +# +mozilla/ACCVRAIZ1.crt +mozilla/ACEDICOM_Root.crt +mozilla/AC_Raíz_Certicámara_S.A..crt +mozilla/Actalis_Authentication_Root_CA.crt +mozilla/AddTrust_External_Root.crt +mozilla/AddTrust_Low-Value_Services_Root.crt +mozilla/AddTrust_Public_Services_Root.crt +mozilla/AddTrust_Qualified_Certificates_Root.crt +mozilla/AffirmTrust_Commercial.crt +mozilla/AffirmTrust_Networking.crt +mozilla/AffirmTrust_Premium.crt +mozilla/AffirmTrust_Premium_ECC.crt +mozilla/America_Online_Root_Certification_Authority_1.crt +mozilla/America_Online_Root_Certification_Authority_2.crt +mozilla/ApplicationCA_-_Japanese_Government.crt +mozilla/Atos_TrustedRoot_2011.crt +mozilla/A-Trust-nQual-03.crt +mozilla/Autoridad_de_Certificacion_Firmaprofesional_CIF_A62634068.crt +mozilla/Baltimore_CyberTrust_Root.crt +mozilla/Buypass_Class_2_CA_1.crt +mozilla/Buypass_Class_2_Root_CA.crt +mozilla/Buypass_Class_3_CA_1.crt +mozilla/Buypass_Class_3_Root_CA.crt +mozilla/CA_Disig.crt +mozilla/CA_Disig_Root_R1.crt +mozilla/CA_Disig_Root_R2.crt +mozilla/Camerfirma_Chambers_of_Commerce_Root.crt +mozilla/Camerfirma_Global_Chambersign_Root.crt +mozilla/Certigna.crt +mozilla/Certinomis_-_Autorité_Racine.crt +mozilla/Certplus_Class_2_Primary_CA.crt +mozilla/certSIGN_ROOT_CA.crt +mozilla/Certum_Root_CA.crt +mozilla/Certum_Trusted_Network_CA.crt +mozilla/Chambers_of_Commerce_Root_-_2008.crt +mozilla/China_Internet_Network_Information_Center_EV_Certificates_Root.crt +mozilla/CNNIC_ROOT.crt +mozilla/Comodo_AAA_Services_root.crt +mozilla/COMODO_Certification_Authority.crt +mozilla/COMODO_ECC_Certification_Authority.crt +mozilla/Comodo_Secure_Services_root.crt +mozilla/Comodo_Trusted_Services_root.crt +mozilla/ComSign_CA.crt +mozilla/ComSign_Secured_CA.crt +mozilla/Cybertrust_Global_Root.crt +mozilla/Deutsche_Telekom_Root_CA_2.crt +mozilla/DigiCert_Assured_ID_Root_CA.crt +mozilla/DigiCert_Assured_ID_Root_G2.crt +mozilla/DigiCert_Assured_ID_Root_G3.crt +mozilla/DigiCert_Global_Root_CA.crt +mozilla/DigiCert_Global_Root_G2.crt +mozilla/DigiCert_Global_Root_G3.crt +mozilla/DigiCert_High_Assurance_EV_Root_CA.crt +mozilla/DigiCert_Trusted_Root_G4.crt +mozilla/Digital_Signature_Trust_Co._Global_CA_1.crt +mozilla/Digital_Signature_Trust_Co._Global_CA_3.crt +mozilla/DST_ACES_CA_X6.crt +mozilla/DST_Root_CA_X3.crt +mozilla/D-TRUST_Root_Class_3_CA_2_2009.crt +mozilla/D-TRUST_Root_Class_3_CA_2_EV_2009.crt +mozilla/EBG_Elektronik_Sertifika_Hizmet_Sağlayıcısı.crt +mozilla/EC-ACC.crt +mozilla/EE_Certification_Centre_Root_CA.crt +mozilla/E-Guven_Kok_Elektronik_Sertifika_Hizmet_Saglayicisi.crt +mozilla/Entrust.net_Premium_2048_Secure_Server_CA.crt +mozilla/Entrust_Root_Certification_Authority.crt +mozilla/ePKI_Root_Certification_Authority.crt +mozilla/Equifax_Secure_CA.crt +mozilla/Equifax_Secure_eBusiness_CA_1.crt +mozilla/Equifax_Secure_Global_eBusiness_CA.crt +mozilla/E-Tugra_Certification_Authority.crt +mozilla/GeoTrust_Global_CA_2.crt +mozilla/GeoTrust_Global_CA.crt +mozilla/GeoTrust_Primary_Certification_Authority.crt +mozilla/GeoTrust_Primary_Certification_Authority_-_G2.crt +mozilla/GeoTrust_Primary_Certification_Authority_-_G3.crt +mozilla/GeoTrust_Universal_CA_2.crt +mozilla/GeoTrust_Universal_CA.crt +mozilla/Global_Chambersign_Root_-_2008.crt +mozilla/GlobalSign_Root_CA.crt +mozilla/GlobalSign_Root_CA_-_R2.crt +mozilla/GlobalSign_Root_CA_-_R3.crt +mozilla/Go_Daddy_Class_2_CA.crt +mozilla/Go_Daddy_Root_Certificate_Authority_-_G2.crt +mozilla/GTE_CyberTrust_Global_Root.crt +mozilla/Hellenic_Academic_and_Research_Institutions_RootCA_2011.crt +mozilla/Hongkong_Post_Root_CA_1.crt +mozilla/IGC_A.crt +mozilla/Izenpe.com.crt +mozilla/Juur-SK.crt +mozilla/Microsec_e-Szigno_Root_CA_2009.crt +mozilla/Microsec_e-Szigno_Root_CA.crt +mozilla/NetLock_Arany_=Class_Gold=_Főtanúsítvány.crt +mozilla/NetLock_Business_=Class_B=_Root.crt +mozilla/NetLock_Express_=Class_C=_Root.crt +mozilla/NetLock_Notary_=Class_A=_Root.crt +mozilla/NetLock_Qualified_=Class_QA=_Root.crt +mozilla/Network_Solutions_Certificate_Authority.crt +mozilla/OISTE_WISeKey_Global_Root_GA_CA.crt +mozilla/PSCProcert.crt +mozilla/QuoVadis_Root_CA_1_G3.crt +mozilla/QuoVadis_Root_CA_2.crt +mozilla/QuoVadis_Root_CA_2_G3.crt +mozilla/QuoVadis_Root_CA_3.crt +mozilla/QuoVadis_Root_CA_3_G3.crt +mozilla/QuoVadis_Root_CA.crt +mozilla/Root_CA_Generalitat_Valenciana.crt +mozilla/RSA_Security_2048_v3.crt +mozilla/Secure_Global_CA.crt +mozilla/SecureSign_RootCA11.crt +mozilla/SecureTrust_CA.crt +mozilla/Security_Communication_EV_RootCA1.crt +mozilla/Security_Communication_RootCA2.crt +mozilla/Security_Communication_Root_CA.crt +mozilla/SG_TRUST_SERVICES_RACINE.crt +mozilla/Sonera_Class_1_Root_CA.crt +mozilla/Sonera_Class_2_Root_CA.crt +mozilla/Staat_der_Nederlanden_Root_CA.crt +mozilla/Staat_der_Nederlanden_Root_CA_-_G2.crt +mozilla/Starfield_Class_2_CA.crt +mozilla/Starfield_Root_Certificate_Authority_-_G2.crt +mozilla/Starfield_Services_Root_Certificate_Authority_-_G2.crt +mozilla/StartCom_Certification_Authority_2.crt +mozilla/StartCom_Certification_Authority.crt +mozilla/StartCom_Certification_Authority_G2.crt +mozilla/S-TRUST_Authentication_and_Encryption_Root_CA_2005_PN.crt +mozilla/Swisscom_Root_CA_1.crt +mozilla/Swisscom_Root_CA_2.crt +mozilla/Swisscom_Root_EV_CA_2.crt +mozilla/SwissSign_Gold_CA_-_G2.crt +mozilla/SwissSign_Platinum_CA_-_G2.crt +mozilla/SwissSign_Silver_CA_-_G2.crt +mozilla/Taiwan_GRCA.crt +mozilla/TC_TrustCenter_Class_2_CA_II.crt +mozilla/TC_TrustCenter_Class_3_CA_II.crt +mozilla/TC_TrustCenter_Universal_CA_I.crt +mozilla/TeliaSonera_Root_CA_v1.crt +mozilla/Thawte_Premium_Server_CA.crt +mozilla/thawte_Primary_Root_CA.crt +mozilla/thawte_Primary_Root_CA_-_G2.crt +mozilla/thawte_Primary_Root_CA_-_G3.crt +mozilla/Thawte_Server_CA.crt +mozilla/Trustis_FPS_Root_CA.crt +mozilla/T-TeleSec_GlobalRoot_Class_2.crt +mozilla/T-TeleSec_GlobalRoot_Class_3.crt +mozilla/TÜBİTAK_UEKAE_Kök_Sertifika_Hizmet_Sağlayıcısı_-_Sürüm_3.crt +mozilla/TURKTRUST_Certificate_Services_Provider_Root_1.crt +mozilla/TURKTRUST_Certificate_Services_Provider_Root_2007.crt +mozilla/TURKTRUST_Certificate_Services_Provider_Root_2.crt +mozilla/TWCA_Global_Root_CA.crt +mozilla/TWCA_Root_Certification_Authority.crt +mozilla/UTN_DATACorp_SGC_Root_CA.crt +mozilla/UTN_USERFirst_Email_Root_CA.crt +mozilla/UTN_USERFirst_Hardware_Root_CA.crt +mozilla/Verisign_Class_1_Public_Primary_Certification_Authority.crt +mozilla/Verisign_Class_1_Public_Primary_Certification_Authority_-_G2.crt +mozilla/Verisign_Class_1_Public_Primary_Certification_Authority_-_G3.crt +mozilla/Verisign_Class_2_Public_Primary_Certification_Authority_-_G2.crt +mozilla/Verisign_Class_2_Public_Primary_Certification_Authority_-_G3.crt +mozilla/Verisign_Class_3_Public_Primary_Certification_Authority_2.crt +mozilla/Verisign_Class_3_Public_Primary_Certification_Authority.crt +mozilla/Verisign_Class_3_Public_Primary_Certification_Authority_-_G2.crt +mozilla/Verisign_Class_3_Public_Primary_Certification_Authority_-_G3.crt +mozilla/VeriSign_Class_3_Public_Primary_Certification_Authority_-_G4.crt +mozilla/VeriSign_Class_3_Public_Primary_Certification_Authority_-_G5.crt +mozilla/Verisign_Class_4_Public_Primary_Certification_Authority_-_G3.crt +mozilla/VeriSign_Universal_Root_Certification_Authority.crt +mozilla/Visa_eCommerce_Root.crt +mozilla/WellsSecure_Public_Root_Certificate_Authority.crt +mozilla/WoSign_China.crt +mozilla/WoSign.crt +mozilla/XRamp_Global_CA_Root.crt +spi-inc.org/spi-cacert-2008.crt diff --git a/cron.d/apticron b/cron.d/apticron new file mode 100644 index 0000000..09d7072 --- /dev/null +++ b/cron.d/apticron @@ -0,0 +1,3 @@ +# cron entry for apticron + +49 * * * * root if test -x /usr/sbin/apticron; then /usr/sbin/apticron --cron; else true; fi diff --git a/debian_version b/debian_version index 2983cad..cf02201 100644 --- a/debian_version +++ b/debian_version @@ -1 +1 @@ -8.2 +8.3 diff --git a/default/fail2ban b/default/fail2ban new file mode 100644 index 0000000..35bb377 --- /dev/null +++ b/default/fail2ban @@ -0,0 +1,39 @@ +# This file is part of Fail2Ban. +# +# Fail2Ban is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# Fail2Ban is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Fail2Ban; if not, write to the Free Software +# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA +# +# Author: Cyril Jaquier +# +# $Revision$ + +# Command line options for Fail2Ban. Refer to "fail2ban-client -h" for +# valid options. +FAIL2BAN_OPTS="" + +# Run fail2ban as a different user. If not set, fail2ban +# will run as root. +# +# The user is not created automatically. +# The user can be created e.g. with +# useradd --system --no-create-home --home-dir / --groups adm fail2ban +# Log files are readable by group adm by default. Adding the fail2ban +# user to this group allows it to read the logfiles. +# +# Another manual step that needs to be taken is to allow write access +# for fail2ban user to fail2ban log files. The /etc/init.d/fail2ban +# script will change the ownership when starting fail2ban. Logrotate +# needs to be configured separately, see /etc/logrotate.d/fail2ban. +# +# FAIL2BAN_USER="fail2ban" diff --git a/fail2ban/action.d/apf.conf b/fail2ban/action.d/apf.conf new file mode 100644 index 0000000..5c4a261 --- /dev/null +++ b/fail2ban/action.d/apf.conf @@ -0,0 +1,25 @@ +# Fail2Ban configuration file +# https://www.rfxn.com/projects/advanced-policy-firewall/ +# +# Note: APF doesn't play nicely with other actions. It has been observed to +# remove bans created by other iptables based actions. If you are going to use +# this action, use it for all of your jails. +# +# DON'T MIX APF and other IPTABLES based actions +[Definition] + +actionstart = +actionstop = +actioncheck = +actionban = apf --deny "banned by Fail2Ban " +actionunban = apf --remove + +[Init] + +# Name used in APF configuration +# +name = default + +# DEV NOTES: +# +# Author: Mark McKinstry diff --git a/fail2ban/action.d/badips.conf b/fail2ban/action.d/badips.conf new file mode 100644 index 0000000..4a5c0f9 --- /dev/null +++ b/fail2ban/action.d/badips.conf @@ -0,0 +1,19 @@ +# Fail2ban reporting to badips.com +# +# Note: This reports and IP only and does not actually ban traffic. Use +# another action in the same jail if you want bans to occur. +# +# Set the category to the appropriate value before use. +# +# To get see register and optional key to get personalised graphs see: +# http://www.badips.com/blog/personalized-statistics-track-the-attackers-of-all-your-servers-with-one-key + +[Definition] + +actionban = curl --fail --user-agent "fail2ban v0.8.12" http://www.badips.com/add// + +[Init] + +# Option: category +# Notes.: Values are from the list here: http://www.badips.com/get/categories +category = diff --git a/fail2ban/action.d/blocklist_de.conf b/fail2ban/action.d/blocklist_de.conf new file mode 100644 index 0000000..d4170ca --- /dev/null +++ b/fail2ban/action.d/blocklist_de.conf @@ -0,0 +1,86 @@ +# Fail2Ban configuration file +# +# Author: Steven Hiscocks +# +# + +# Action to report IP address to blocklist.de +# Blocklist.de must be signed up to at www.blocklist.de +# Once registered, one or more servers can be added. +# This action requires the server 'email address' and the assoicate apikey. +# +# From blocklist.de: +# www.blocklist.de is a free and voluntary service provided by a +# Fraud/Abuse-specialist, whose servers are often attacked on SSH-, +# Mail-Login-, FTP-, Webserver- and other services. +# The mission is to report all attacks to the abuse deparments of the +# infected PCs/servers to ensure that the responsible provider can inform +# the customer about the infection and disable them +# +# IMPORTANT: +# +# Reporting an IP of abuse is a serious complaint. Make sure that it is +# serious. Fail2ban developers and network owners recommend you only use this +# action for: +# * The recidive where the IP has been banned multiple times +# * Where maxretry has been set quite high, beyond the normal user typing +# password incorrectly. +# * For filters that have a low likelyhood of receiving human errors +# + +[Definition] + +# Option: actionstart +# Notes.: command executed once at the start of Fail2Ban. +# Values: CMD +# +actionstart = + +# Option: actionstop +# Notes.: command executed once at the end of Fail2Ban +# Values: CMD +# +actionstop = + +# Option: actioncheck +# Notes.: command executed once before each actionban command +# Values: CMD +# +actioncheck = + +# Option: actionban +# Notes.: command executed when banning an IP. Take care that the +# command is executed with Fail2Ban user rights. +# Tags: See jail.conf(5) man page +# Values: CMD +# +actionban = curl --fail --data-urlencode 'server=' --data 'apikey=' --data 'service=' --data 'ip=' --data-urlencode 'logs=' --data 'format=text' --user-agent "fail2ban v0.8.12" "https://www.blocklist.de/en/httpreports.html" + +# Option: actionunban +# Notes.: command executed when unbanning an IP. Take care that the +# command is executed with Fail2Ban user rights. +# Tags: See jail.conf(5) man page +# Values: CMD +# +actionunban = + +[Init] + +# Option: email +# Notes server email address, as per blocklise.de account +# Values: STRING Default: None +# +#email = + +# Option: apikey +# Notes your user blocklist.de user account apikey +# Values: STRING Default: None +# +#apikey = + +# Option: service +# Notes service name you are reporting on, typically aligns with filter name +# see http://www.blocklist.de/en/httpreports.html for full list +# Values: STRING Default: None +# +#service = diff --git a/fail2ban/action.d/bsd-ipfw.conf b/fail2ban/action.d/bsd-ipfw.conf new file mode 100644 index 0000000..1285361 --- /dev/null +++ b/fail2ban/action.d/bsd-ipfw.conf @@ -0,0 +1,83 @@ +# Fail2Ban configuration file +# +# Author: Nick Munger +# Modified by: Ken Menzel +# Daniel Black (start/stop) +# Fabian Wenk (many ideas as per fail2ban users list) +# +# Ensure firewall_enable="YES" in the top of /etc/rc.conf +# + +[Definition] + +# Option: actionstart +# Notes.: command executed once at the start of Fail2Ban. +# Values: CMD +# +actionstart = ipfw show | fgrep -q 'table()' || ( ipfw show | awk 'BEGIN { b = 1 } { if ($1 <= b) { b = $1 + 1 } else { e = b } } END { if (e) exit e
else exit b }'; num=$?; ipfw -q add $num from table\(
\) to me ; echo $num > "" ) + + +# Option: actionstop +# Notes.: command executed once at the end of Fail2Ban +# Values: CMD +# +actionstop = [ ! -f ] || ( read num < ""
ipfw -q delete $num
rm "" ) + + +# Option: actioncheck +# Notes.: command executed once before each actionban command +# Values: CMD +# +actioncheck = + + +# Option: actionban +# Notes.: command executed when banning an IP. Take care that the +# command is executed with Fail2Ban user rights. +# Tags: See jail.conf(5) man page +# Values: CMD +# +# requires an ipfw rule like "deny ip from table(1) to me" +actionban = ipfw table
add + + +# Option: actionunban +# Notes.: command executed when unbanning an IP. Take care that the +# command is executed with Fail2Ban user rights. +# Tags: See jail.conf(5) man page +# Values: CMD +# +actionunban = ipfw table
delete + +[Init] +# Option: table +# Notes: The ipfw table to use. If a ipfw rule using this table already exists, +# this action will not create a ipfw rule to block it and the following +# options will have no effect. +# Values: NUM +table = 1 + +# Option: port +# Notes.: Specifies port to monitor. Blank indicate block all ports. +# Values: [ NUM | STRING ] +# +port = + +# Option: startstatefile +# Notes: A file to indicate that the table rule that was added. Ensure it is unique per table. +# Values: STRING +startstatefile = /var/run/fail2ban/ipfw-started-table_
+ +# Option: block +# Notes: This is how much to block. +# Can be "ip", "tcp", "udp" or various other options. +# Values: STRING +block = ip + +# Option: blocktype +# Notes.: How to block the traffic. Use a action from man 5 ipfw +# Common values: deny, unreach port, reset +# ACTION defination at the top of man ipfw for allowed values. +# Values: STRING +# +blocktype = unreach port diff --git a/fail2ban/action.d/complain.conf b/fail2ban/action.d/complain.conf new file mode 100644 index 0000000..c017583 --- /dev/null +++ b/fail2ban/action.d/complain.conf @@ -0,0 +1,94 @@ +# Fail2Ban configuration file +# +# Author: Russell Odom , Daniel Black +# Sends a complaint e-mail to addresses listed in the whois record for an +# offending IP address. +# This uses the https://abusix.com/contactdb.html to lookup abuse contacts. +# +# DEPENDANCIES: +# This requires the dig command from bind-utils +# +# You should provide the in the jail config - lines from the log +# matching the given IP address will be provided in the complaint as evidence. +# +# WARNING +# ------- +# +# Please do not use this action unless you are certain that fail2ban +# does not result in "false positives" for your deployment. False +# positive reports could serve a mis-favor to the original cause by +# flooding corresponding contact addresses, and complicating the work +# of administration personnel responsible for handling (verified) legit +# complains. +# +# Please consider using e.g. sendmail-whois-lines.conf action which +# would send the reports with relevant information to you, so the +# report could be first reviewed and then forwarded to a corresponding +# contact if legit. +# + + +[Definition] + +# Option: actionstart +# Notes.: command executed once at the start of Fail2Ban. +# Values: CMD +# +actionstart = + +# Option: actionstop +# Notes.: command executed once at the end of Fail2Ban +# Values: CMD +# +actionstop = + +# Option: actioncheck +# Notes.: command executed once before each actionban command +# Values: CMD +# +actioncheck = + +# Option: actionban +# Notes.: command executed when banning an IP. Take care that the +# command is executed with Fail2Ban user rights. +# Tags: See jail.conf(5) man page +# Values: CMD +# +actionban = oifs=${IFS}; IFS=.;SEP_IP=( ); set -- ${SEP_IP}; ADDRESSES=$(dig +short -t txt -q $4.$3.$2.$1.abuse-contacts.abusix.org); IFS=${oifs} + IP= + if [ ! -z "$ADDRESSES" ]; then + (printf %%b "\n"; date '+Note: Local timezone is %%z (%%Z)'; grep -E '(^|[^0-9])([^0-9]|$)' ) | "Abuse from " ${ADDRESSES//,/\" \"} + fi + +# Option: actionunban +# Notes.: command executed when unbanning an IP. Take care that the +# command is executed with Fail2Ban user rights. +# Tags: See jail.conf(5) man page +# Values: CMD +# +actionunban = + +[Init] +message = Dear Sir/Madam,\n\nWe have detected abuse from the IP address $IP, which according to a abusix.com is on your network. We would appreciate if you would investigate and take action as appropriate.\n\nLog lines are given below, but please ask if you require any further information.\n\n(If you are not the correct person to contact about this please accept our apologies - your e-mail address was extracted from the whois record by an automated process.)\n\n This mail was generated by Fail2Ban.\nThe recipient address of this report was provided by the Abuse Contact DB by abusix.com. abusix.com does not maintain the content of the database. All information which we pass out, derives from the RIR databases and is processed for ease of use. If you want to change or report non working abuse contacts please contact the appropriate RIR. If you have any further question, contact abusix.com directly via email (info@abusix.com). Information about the Abuse Contact Database can be found here: https://abusix.com/global-reporting/abuse-contact-db\nabusix.com is neither responsible nor liable for the content or accuracy of this message.\n + +# Path to the log files which contain relevant lines for the abuser IP +# +logpath = /dev/null + +# Option: mailcmd +# Notes.: Your system mail command. Is passed 2 args: subject and recipient +# Values: CMD +# +mailcmd = mail -s + +# Option: mailargs +# Notes.: Additional arguments to mail command. e.g. for standard Unix mail: +# CC reports to another address: +# -c me@example.com +# Appear to come from a different address - the '--' indicates +# arguments to be passed to Sendmail: +# -- -f me@example.com +# Values: [ STRING ] +# +mailargs = + diff --git a/fail2ban/action.d/dshield.conf b/fail2ban/action.d/dshield.conf new file mode 100644 index 0000000..a004198 --- /dev/null +++ b/fail2ban/action.d/dshield.conf @@ -0,0 +1,204 @@ +# Fail2Ban configuration file +# +# Author: Russell Odom +# Submits attack reports to DShield (http://www.dshield.org/) +# +# You MUST configure at least: +# (the port that's being attacked - use number not name). +# +# You SHOULD also provide: +# (your public IP address, if it's not the address of eth0) +# (your DShield userID, if you have one - recommended, but reports will +# be used anonymously if not) +# (the protocol in use - defaults to tcp) +# +# Best practice is to provide and in jail.conf like this: +# action = dshield[port=1234,protocol=tcp] +# +# ...and create "dshield.local" with contents something like this: +# [Init] +# myip = 10.0.0.1 +# userid = 12345 +# +# Other useful configuration values are (you can use for specifying +# a different sender address for the report e-mails, which should match what is +# configured at DShield), and // (to +# configure how often the buffer is flushed). +# + +[Definition] + +# Option: actionstart +# Notes.: command executed once at the start of Fail2Ban. +# Values: CMD +# +actionstart = + +# Option: actionstop +# Notes.: command executed once at the end of Fail2Ban +# Values: CMD +# +actionstop = if [ -f .buffer ]; then + cat .buffer | "FORMAT DSHIELD USERID TZ `date +%%z | sed 's/\([+-]..\)\(..\)/\1:\2/'` Fail2Ban" + date +%%s > .lastsent + fi + rm -f .buffer .first + +# Option: actioncheck +# Notes.: command executed once before each actionban command +# Values: CMD +# +actioncheck = + +# Option: actionban +# Notes.: command executed when banning an IP. Take care that the +# command is executed with Fail2Ban user rights. +# Tags: See jail.conf(5) man page +# Values: CMD +# +# See http://www.dshield.org/specs.html for more on report format/notes +# +# Note: We are currently using