From: Frank Brehm Date: Wed, 5 Apr 2017 07:59:53 +0000 (+0200) Subject: committing changes in /etc after apt run X-Git-Url: https://git.uhu-banane.org/?a=commitdiff_plain;h=43c811f173d90972a9459aa36d4c102e51837062;p=config%2Fsarah%2Fetc.git committing changes in /etc after apt run Package changes: +liblua5.1-0 5.1.5-7.1 +libmemcached11 1.0.18-4 +libmemcachedutil2 1.0.18-4 +libmilter1.0.1 8.14.4-8+deb8u1 +libopendbx1 1.4.6-8 +libopendbx1-mysql 1.4.6-8 +libopendbx1-pgsql 1.4.6-8 +libopendbx1-sqlite3 1.4.6-8 +libopendkim9 2.9.2-2+deb8u1 +librbl1 2.9.2-2+deb8u1 +libunbound2 1.4.22-3+deb8u2 +libvbr2 2.9.2-2+deb8u1 +opendbx-utils 1.4.6-8 +opendkim 2.9.2-2+deb8u1 +opendkim-tools 2.9.2-2+deb8u1 --- diff --git a/.etckeeper b/.etckeeper index 81684bf..7826b37 100755 --- a/.etckeeper +++ b/.etckeeper @@ -258,6 +258,7 @@ maybe chmod 0644 'default/netfilter-persistent' maybe chmod 0644 'default/networking' maybe chmod 0644 'default/nginx' maybe chmod 0644 'default/nss' +maybe chmod 0644 'default/opendkim' maybe chmod 0644 'default/rcS' maybe chmod 0644 'default/rsync' maybe chmod 0644 'default/rsyslog' @@ -584,6 +585,7 @@ maybe chmod 0755 'init.d/mysql' maybe chmod 0755 'init.d/netfilter-persistent' maybe chmod 0755 'init.d/networking' maybe chmod 0755 'init.d/nginx' +maybe chmod 0755 'init.d/opendkim' maybe chmod 0755 'init.d/php5-fpm' maybe chmod 0755 'init.d/postfix' maybe chmod 0755 'init.d/procps' @@ -813,6 +815,7 @@ maybe chmod 0644 'nginx/templates/sogo.tmpl' maybe chmod 0644 'nginx/uwsgi_params' maybe chmod 0644 'nginx/win-utf' maybe chmod 0644 'nsswitch.conf' +maybe chmod 0644 'opendkim.conf' maybe chmod 0755 'opt' maybe chmod 0644 'pam.conf' maybe chmod 0755 'pam.d' diff --git a/default/opendkim b/default/opendkim new file mode 100644 index 0000000..7ab3d24 --- /dev/null +++ b/default/opendkim @@ -0,0 +1,10 @@ +# Command-line options specified here will override the contents of +# /etc/opendkim.conf. See opendkim(8) for a complete list of options. +#DAEMON_OPTS="" +# +# Uncomment to specify an alternate socket +# Note that setting this will override any Socket value in opendkim.conf +#SOCKET="local:/var/run/opendkim/opendkim.sock" # default +#SOCKET="inet:54321" # listen on all interfaces on port 54321 +#SOCKET="inet:12345@localhost" # listen on loopback on port 12345 +#SOCKET="inet:12345@192.0.2.1" # listen on 192.0.2.1 on port 12345 diff --git a/group b/group index 7c5f424..03f3a50 100644 --- a/group +++ b/group @@ -62,3 +62,4 @@ iredadmin:x:2001: iredapd:x:2002: ulog:x:121: wireshark:x:122: +opendkim:x:123: diff --git a/group- b/group- index e723d8a..7c5f424 100644 --- a/group- +++ b/group- @@ -1,15 +1,15 @@ -root:x:0:frank -daemon:x:1:frank -bin:x:2:frank -sys:x:3:frank +root:x:0:frank,taurec +daemon:x:1:frank,taurec +bin:x:2:frank,taurec +sys:x:3:frank,taurec adm:x:4: -tty:x:5:frank -disk:x:6:frank -lp:x:7:frank -mail:x:8:frank +tty:x:5:frank,taurec +disk:x:6:frank,taurec +lp:x:7:frank,taurec +mail:x:8:frank,taurec news:x:9: uucp:x:10: -man:x:12:frank +man:x:12:frank,taurec proxy:x:13: kmem:x:15: dialout:x:20: @@ -18,23 +18,23 @@ voice:x:22: cdrom:x:24: floppy:x:25: tape:x:26: -sudo:x:27:frank -audio:x:29:frank +sudo:x:27:frank,taurec +audio:x:29:frank,taurec dip:x:30: www-data:x:33: backup:x:34: -operator:x:37:frank +operator:x:37:frank,taurec list:x:38: irc:x:39: src:x:40: gnats:x:41: shadow:x:42: utmp:x:43: -video:x:44:frank +video:x:44:frank,taurec sasl:x:45: plugdev:x:46: -staff:x:50:frank -games:x:60:frank +staff:x:50:frank,taurec +games:x:60:frank,taurec users:x:100: nogroup:x:65534: input:x:101: @@ -43,11 +43,11 @@ systemd-timesync:x:103: systemd-network:x:104: systemd-resolve:x:105: systemd-bus-proxy:x:106: -crontab:x:107:frank +crontab:x:107:frank,taurec netdev:x:108: ssh:x:109: messagebus:x:110: -mlocate:x:111:frank +mlocate:x:111:frank,taurec mysql:x:112: ssl-cert:x:113: postfix:x:114: diff --git a/gshadow b/gshadow index ec555ec..7d69447 100644 --- a/gshadow +++ b/gshadow @@ -62,3 +62,4 @@ iredadmin:!:: iredapd:!:: ulog:!:: wireshark:!:: +opendkim:!:: diff --git a/gshadow- b/gshadow- index 399218d..ec555ec 100644 --- a/gshadow- +++ b/gshadow- @@ -1,15 +1,15 @@ -root:*::frank -daemon:*::frank -bin:*::frank -sys:*::frank +root:*::frank,taurec +daemon:*::frank,taurec +bin:*::frank,taurec +sys:*::frank,taurec adm:*:: -tty:*::frank -disk:*::frank -lp:*::frank -mail:*::frank +tty:*::frank,taurec +disk:*::frank,taurec +lp:*::frank,taurec +mail:*::frank,taurec news:*:: uucp:*:: -man:*::frank +man:*::frank,taurec proxy:*:: kmem:*:: dialout:*:: @@ -18,23 +18,23 @@ voice:*:: cdrom:*:: floppy:*:: tape:*:: -sudo:*::frank -audio:*::frank +sudo:*::frank,taurec +audio:*::frank,taurec dip:*:: www-data:*:: backup:*:: -operator:*::frank +operator:*::frank,taurec list:*:: irc:*:: src:*:: gnats:*:: shadow:*:: utmp:*:: -video:*::frank +video:*::frank,taurec sasl:*:: plugdev:*:: -staff:*::frank -games:*::frank +staff:*::frank,taurec +games:*::frank,taurec users:*:: nogroup:*:: input:!:: @@ -43,11 +43,11 @@ systemd-timesync:!:: systemd-network:!:: systemd-resolve:!:: systemd-bus-proxy:!:: -crontab:!::frank +crontab:!::frank,taurec netdev:!:: ssh:!:: messagebus:!:: -mlocate:!::frank +mlocate:!::frank,taurec mysql:!:: ssl-cert:!:: postfix:!:: diff --git a/init.d/opendkim b/init.d/opendkim new file mode 100755 index 0000000..83d38fb --- /dev/null +++ b/init.d/opendkim @@ -0,0 +1,162 @@ +#! /bin/sh +# +### BEGIN INIT INFO +# Provides: opendkim +# Required-Start: $syslog $time $local_fs $remote_fs $named $network +# Required-Stop: $syslog $time $local_fs $remote_fs +# Default-Start: 2 3 4 5 +# Default-Stop: 0 1 6 +# Short-Description: Start the OpenDKIM service +# Description: Enable DKIM signing and verification provided by OpenDKIM +### END INIT INFO + +PATH=/sbin:/bin:/usr/sbin:/usr/bin +DAEMON=/usr/sbin/opendkim +NAME=opendkim +DESC="OpenDKIM" +RUNDIR=/var/run/$NAME +USER=opendkim +GROUP=opendkim +SOCKET=local:$RUNDIR/$NAME.sock +PIDFILE=$RUNDIR/$NAME.pid + +# How long to wait for the process to die on stop/restart +stoptimeout=5 + +test -x $DAEMON || exit 0 + +# Include LSB provided init functions +. /lib/lsb/init-functions + +# Include opendkim defaults if available +if [ -f /etc/default/opendkim ] ; then + . /etc/default/opendkim +fi + +if [ -f /etc/opendkim.conf ]; then + CONFIG_SOCKET=`awk '$1 == "Socket" { print $2 }' /etc/opendkim.conf` +fi + +# This can be set via Socket option in config file, so it's not required +if [ -n "$SOCKET" -a -z "$CONFIG_SOCKET" ]; then + DAEMON_OPTS="-p $SOCKET $DAEMON_OPTS" +fi + +DAEMON_OPTS="-x /etc/opendkim.conf -u $USER -P $PIDFILE $DAEMON_OPTS" + +start() { + # Create the run directory if it doesn't exist + if [ ! -d "$RUNDIR" ]; then + install -o "$USER" -g "$GROUP" -m 755 -d "$RUNDIR" || return 2 + [ -x /sbin/restorecon ] && /sbin/restorecon "$RUNDIR" + fi + # Clean up stale sockets + if [ -f "$PIDFILE" ]; then + pid=`cat $PIDFILE` + if ! ps -C "$DAEMON" -s "$pid" >/dev/null; then + rm "$PIDFILE" + TMPSOCKET="" + if [ -n "$SOCKET" ]; then + TMPSOCKET="$SOCKET" + elif [ -n "$CONFIG_SOCKET" ]; then + TMPSOCKET="$CONFIG_SOCKET" + fi + if [ -n "$TMPSOCKET" ]; then + # UNIX sockets may be specified with or without the + # local: prefix; handle both + t=`echo $SOCKET | cut -d: -f1` + s=`echo $SOCKET | cut -d: -f2` + if [ -e "$s" -a -S "$s" ]; then + if [ "$t" = "$s" -o "$t" = "local" ]; then + rm "$s" + fi + fi + fi + fi + fi + start-stop-daemon --start --quiet --pidfile "$PIDFILE" --exec "$DAEMON" --test -- $DAEMON_OPTS || return 1 + start-stop-daemon --start --quiet --pidfile "$PIDFILE" --exec "$DAEMON" -- $DAEMON_OPTS || return 2 + # Detect exit status 78 (configuration error) + ret=$? + if [ $ret -eq 78 ]; then + echo "See /usr/share/doc/opendkim/README.Debian for help" + echo "Starting for DKIM verification only" + DAEMON_OPTS="-b v $DAEMON_OPTS" + start-stop-daemon --start --quiet --pidfile "$PIDFILE" --exec "$DAEMON" -- $DAEMON_OPTS + exit 0 + elif [ $ret -ne 0 ]; then + exit $ret + fi +} + +stop() { + start-stop-daemon --stop --retry "$stoptimeout" --exec "$DAEMON" + [ "$?" = 2 ] && return 2 +} + +reload() { + start-stop-daemon --stop --signal USR1 --exec "$DAEMON" +} + +status() { + local pidfile daemon name status + + pidfile= + OPTIND=1 + while getopts p: opt ; do + case "$opt" in + p) pidfile="$OPTARG";; + esac + done + shift $(($OPTIND - 1)) + + if [ -n "$pidfile" ]; then + pidfile="-p $pidfile" + fi + daemon="$1" + name="$2" + + status="0" + pidofproc $pidfile $daemon >/dev/null || status="$?" + if [ "$status" = 0 ]; then + log_success_msg "$name is running" + return 0 + else + log_failure_msg "$name is not running" + return $status + fi +} + +case "$1" in + start) + echo -n "Starting $DESC: " + start + echo "$NAME." + ;; + stop) + echo -n "Stopping $DESC: " + stop + echo "$NAME." + ;; + restart) + echo -n "Restarting $DESC: " + stop + start + echo "$NAME." + ;; + reload|force-reload) + echo -n "Restarting $DESC: " + reload + echo "$NAME." + ;; + status) + status $DAEMON $NAME + ;; + *) + N=/etc/init.d/$NAME + echo "Usage: $N {start|stop|restart|reload|force-reload|status}" >&2 + exit 1 + ;; +esac + +exit 0 diff --git a/opendkim.conf b/opendkim.conf new file mode 100644 index 0000000..46cff22 --- /dev/null +++ b/opendkim.conf @@ -0,0 +1,33 @@ +# This is a basic configuration that can easily be adapted to suit a standard +# installation. For more advanced options, see opendkim.conf(5) and/or +# /usr/share/doc/opendkim/examples/opendkim.conf.sample. + +# Log to syslog +Syslog yes +# Required to use local socket with MTAs that access the socket as a non- +# privileged user (e.g. Postfix) +UMask 002 + +# Sign for example.com with key in /etc/mail/dkim.key using +# selector '2007' (e.g. 2007._domainkey.example.com) +#Domain example.com +#KeyFile /etc/mail/dkim.key +#Selector 2007 + +# Commonly-used options; the commented-out versions show the defaults. +#Canonicalization simple +#Mode sv +#SubDomains no +#ADSPAction continue + +# Always oversign From (sign using actual From and a null From to prevent +# malicious signatures header fields (From and/or others) between the signer +# and the verifier. From is oversigned by default in the Debian pacakge +# because it is often the identity key used by reputation systems and thus +# somewhat security sensitive. +OversignHeaders From + +# List domains to use for RFC 6541 DKIM Authorized Third-Party Signatures +# (ATPS) (experimental) + +#ATPSDomains example.com diff --git a/passwd b/passwd index 5c7c1ba..1b72f76 100644 --- a/passwd +++ b/passwd @@ -35,3 +35,4 @@ iredapd:x:2002:2002::/home/iredapd:/usr/sbin/nologin ulog:x:113:121::/var/log/ulog:/bin/false frank:x:1017:100:Frank Brehm:/home/frank:/bin/bash taurec:x:1000:100:Jörn Valentin:/home/taurec:/bin/bash +opendkim:x:114:123::/var/run/opendkim:/bin/false diff --git a/passwd- b/passwd- index 7f2e12d..1b72f76 100644 --- a/passwd- +++ b/passwd- @@ -34,3 +34,5 @@ iredadmin:x:2001:2001::/home/iredadmin:/usr/sbin/nologin iredapd:x:2002:2002::/home/iredapd:/usr/sbin/nologin ulog:x:113:121::/var/log/ulog:/bin/false frank:x:1017:100:Frank Brehm:/home/frank:/bin/bash +taurec:x:1000:100:Jörn Valentin:/home/taurec:/bin/bash +opendkim:x:114:123::/var/run/opendkim:/bin/false diff --git a/rc0.d/K01opendkim b/rc0.d/K01opendkim new file mode 120000 index 0000000..9ade01c --- /dev/null +++ b/rc0.d/K01opendkim @@ -0,0 +1 @@ +../init.d/opendkim \ No newline at end of file diff --git a/rc1.d/K01opendkim b/rc1.d/K01opendkim new file mode 120000 index 0000000..9ade01c --- /dev/null +++ b/rc1.d/K01opendkim @@ -0,0 +1 @@ +../init.d/opendkim \ No newline at end of file diff --git a/rc2.d/S02opendkim b/rc2.d/S02opendkim new file mode 120000 index 0000000..9ade01c --- /dev/null +++ b/rc2.d/S02opendkim @@ -0,0 +1 @@ +../init.d/opendkim \ No newline at end of file diff --git a/rc3.d/S02opendkim b/rc3.d/S02opendkim new file mode 120000 index 0000000..9ade01c --- /dev/null +++ b/rc3.d/S02opendkim @@ -0,0 +1 @@ +../init.d/opendkim \ No newline at end of file diff --git a/rc4.d/S02opendkim b/rc4.d/S02opendkim new file mode 120000 index 0000000..9ade01c --- /dev/null +++ b/rc4.d/S02opendkim @@ -0,0 +1 @@ +../init.d/opendkim \ No newline at end of file diff --git a/rc5.d/S02opendkim b/rc5.d/S02opendkim new file mode 120000 index 0000000..9ade01c --- /dev/null +++ b/rc5.d/S02opendkim @@ -0,0 +1 @@ +../init.d/opendkim \ No newline at end of file diff --git a/rc6.d/K01opendkim b/rc6.d/K01opendkim new file mode 120000 index 0000000..9ade01c --- /dev/null +++ b/rc6.d/K01opendkim @@ -0,0 +1 @@ +../init.d/opendkim \ No newline at end of file diff --git a/shadow b/shadow index 6c51ba0..f07f342 100644 --- a/shadow +++ b/shadow @@ -35,3 +35,4 @@ iredapd:!:17002:0:99999:7::: ulog:*:17003:0:99999:7::: frank:$6$XvWKCqsO$ilXvfnvvIT/ot91lmWUlX.crje8qP/jQvAh9r1XTUJFWKKM9mx5YdCOpBBBjqJ/vqrBo2tqTo5LpLKNAv1F241:17007:0:99999:7::: taurec:!:17026:0:99999:7::: +opendkim:*:17261:0:99999:7::: diff --git a/shadow- b/shadow- index f509284..f07f342 100644 --- a/shadow- +++ b/shadow- @@ -34,3 +34,5 @@ iredadmin:!:17002:0:99999:7::: iredapd:!:17002:0:99999:7::: ulog:*:17003:0:99999:7::: frank:$6$XvWKCqsO$ilXvfnvvIT/ot91lmWUlX.crje8qP/jQvAh9r1XTUJFWKKM9mx5YdCOpBBBjqJ/vqrBo2tqTo5LpLKNAv1F241:17007:0:99999:7::: +taurec:!:17026:0:99999:7::: +opendkim:*:17261:0:99999:7::: diff --git a/subgid b/subgid index c62e21f..16dfda0 100644 --- a/subgid +++ b/subgid @@ -17,3 +17,4 @@ iredapd:1083040:65536 ulog:1148576:65536 frank:1214112:65536 taurec:1279648:65536 +opendkim:1345184:65536 diff --git a/subgid- b/subgid- index 971757e..c62e21f 100644 --- a/subgid- +++ b/subgid- @@ -16,3 +16,4 @@ iredadmin:1017504:65536 iredapd:1083040:65536 ulog:1148576:65536 frank:1214112:65536 +taurec:1279648:65536 diff --git a/subuid b/subuid index c62e21f..16dfda0 100644 --- a/subuid +++ b/subuid @@ -17,3 +17,4 @@ iredapd:1083040:65536 ulog:1148576:65536 frank:1214112:65536 taurec:1279648:65536 +opendkim:1345184:65536 diff --git a/subuid- b/subuid- index 971757e..c62e21f 100644 --- a/subuid- +++ b/subuid- @@ -16,3 +16,4 @@ iredadmin:1017504:65536 iredapd:1083040:65536 ulog:1148576:65536 frank:1214112:65536 +taurec:1279648:65536