From: Frank Brehm Date: Fri, 13 Oct 2017 14:17:59 +0000 (+0200) Subject: saving uncommitted changes in /etc prior to apt run X-Git-Url: https://git.uhu-banane.org/?a=commitdiff_plain;h=65b421ffdc7f745035ce30fa9bfdb0ec783fdf3a;p=config%2Fsarah%2Fetc.git saving uncommitted changes in /etc prior to apt run --- diff --git a/.etckeeper b/.etckeeper index 31a30a4..31e568b 100755 --- a/.etckeeper +++ b/.etckeeper @@ -14,7 +14,6 @@ mkdir -p './dbus-1/session.d' mkdir -p './dovecot/private' mkdir -p './dpkg/dpkg.cfg.d' mkdir -p './fail2ban/fail2ban.d' -mkdir -p './icinga2/pki' mkdir -p './initramfs-tools/conf.d' mkdir -p './initramfs-tools/hooks' mkdir -p './initramfs-tools/scripts/init-bottom' @@ -640,8 +639,10 @@ maybe chmod 0644 'icinga2/conf.d/templates.conf' maybe chmod 0644 'icinga2/conf.d/timeperiods.conf' maybe chmod 0644 'icinga2/conf.d/users.conf' maybe chmod 0644 'icinga2/constants.conf' +maybe chmod 0644 'icinga2/constants.conf.orig' maybe chmod 0755 'icinga2/features-available' maybe chmod 0644 'icinga2/features-available/api.conf' +maybe chmod 0644 'icinga2/features-available/api.conf.orig' maybe chmod 0644 'icinga2/features-available/checker.conf' maybe chmod 0644 'icinga2/features-available/command.conf' maybe chmod 0644 'icinga2/features-available/compatlog.conf' @@ -662,12 +663,21 @@ maybe chmod 0644 'icinga2/init.conf' maybe chown 'nagios' 'icinga2/pki' maybe chgrp 'nagios' 'icinga2/pki' maybe chmod 0700 'icinga2/pki' +maybe chmod 0644 'icinga2/pki/ca.crt' +maybe chown 'nagios' 'icinga2/pki/sarah.uhu-banane.de.crt' +maybe chgrp 'nagios' 'icinga2/pki/sarah.uhu-banane.de.crt' +maybe chmod 0644 'icinga2/pki/sarah.uhu-banane.de.crt' +maybe chmod 0644 'icinga2/pki/sarah.uhu-banane.de.crt.orig' +maybe chown 'nagios' 'icinga2/pki/sarah.uhu-banane.de.key' +maybe chgrp 'nagios' 'icinga2/pki/sarah.uhu-banane.de.key' +maybe chmod 0600 'icinga2/pki/sarah.uhu-banane.de.key' maybe chmod 0755 'icinga2/repository.d' maybe chmod 0644 'icinga2/repository.d/README' maybe chmod 0755 'icinga2/scripts' maybe chmod 0755 'icinga2/scripts/mail-host-notification.sh' maybe chmod 0755 'icinga2/scripts/mail-service-notification.sh' maybe chmod 0644 'icinga2/zones.conf' +maybe chmod 0644 'icinga2/zones.conf.orig' maybe chmod 0755 'icinga2/zones.d' maybe chmod 0644 'icinga2/zones.d/README' maybe chmod 0755 'init' diff --git a/icinga2/constants.conf b/icinga2/constants.conf index 29232d6..f904327 100644 --- a/icinga2/constants.conf +++ b/icinga2/constants.conf @@ -19,10 +19,10 @@ const PluginContribDir = "/usr/lib/nagios/plugins" /* Our local instance name. By default this is the server's hostname as returned by `hostname --fqdn`. * This should be the common name from the API certificate. */ -//const NodeName = "localhost" +const NodeName = "sarah.uhu-banane.de" /* Our local zone name. */ -const ZoneName = NodeName +const ZoneName = "sarah.uhu-banane.de" /* Secret key for remote node tickets */ const TicketSalt = "" diff --git a/icinga2/constants.conf.orig b/icinga2/constants.conf.orig new file mode 100644 index 0000000..29232d6 --- /dev/null +++ b/icinga2/constants.conf.orig @@ -0,0 +1,28 @@ +/** + * This file defines global constants which can be used in + * the other configuration files. + */ + +/* The directory which contains the plugins from the Monitoring Plugins project. */ +const PluginDir = "/usr/lib/nagios/plugins" + +/* The directory which contains the Manubulon plugins. + * Check the documentation, chapter "SNMP Manubulon Plugin Check Commands", for details. + */ +const ManubulonPluginDir = "/usr/lib/nagios/plugins" + +/* The directory which you use to store additional plugins which ITL provides user contributed command definitions for. + * Check the documentation, chapter "Plugins Contribution", for details. + */ +const PluginContribDir = "/usr/lib/nagios/plugins" + +/* Our local instance name. By default this is the server's hostname as returned by `hostname --fqdn`. + * This should be the common name from the API certificate. + */ +//const NodeName = "localhost" + +/* Our local zone name. */ +const ZoneName = NodeName + +/* Secret key for remote node tickets */ +const TicketSalt = "" diff --git a/icinga2/features-available/api.conf b/icinga2/features-available/api.conf index 0136de0..be8acf3 100644 --- a/icinga2/features-available/api.conf +++ b/icinga2/features-available/api.conf @@ -1,11 +1,13 @@ /** * The API listener is used for distributed monitoring setups. */ - object ApiListener "api" { cert_path = SysconfDir + "/icinga2/pki/" + NodeName + ".crt" key_path = SysconfDir + "/icinga2/pki/" + NodeName + ".key" ca_path = SysconfDir + "/icinga2/pki/ca.crt" + accept_config = true + accept_commands = true + ticket_salt = TicketSalt } diff --git a/icinga2/features-available/api.conf.orig b/icinga2/features-available/api.conf.orig new file mode 100644 index 0000000..0136de0 --- /dev/null +++ b/icinga2/features-available/api.conf.orig @@ -0,0 +1,11 @@ +/** + * The API listener is used for distributed monitoring setups. + */ + +object ApiListener "api" { + cert_path = SysconfDir + "/icinga2/pki/" + NodeName + ".crt" + key_path = SysconfDir + "/icinga2/pki/" + NodeName + ".key" + ca_path = SysconfDir + "/icinga2/pki/ca.crt" + + ticket_salt = TicketSalt +} diff --git a/icinga2/features-enabled/api.conf b/icinga2/features-enabled/api.conf new file mode 120000 index 0000000..8cdce62 --- /dev/null +++ b/icinga2/features-enabled/api.conf @@ -0,0 +1 @@ +../features-available/api.conf \ No newline at end of file diff --git a/icinga2/features-enabled/notification.conf b/icinga2/features-enabled/notification.conf deleted file mode 120000 index c31d3b4..0000000 --- a/icinga2/features-enabled/notification.conf +++ /dev/null @@ -1 +0,0 @@ -../features-available/notification.conf \ No newline at end of file diff --git a/icinga2/icinga2.conf b/icinga2/icinga2.conf index a809b96..019072f 100644 --- a/icinga2/icinga2.conf +++ b/icinga2/icinga2.conf @@ -60,4 +60,4 @@ include_recursive "repository.d" * the preferred way is to create separate directories and files in the conf.d * directory. Each of these files must have the file extension ".conf". */ -include_recursive "conf.d" +#include_recursive "conf.d" diff --git a/icinga2/pki/ca.crt b/icinga2/pki/ca.crt new file mode 100644 index 0000000..486532f --- /dev/null +++ b/icinga2/pki/ca.crt @@ -0,0 +1,28 @@ +-----BEGIN CERTIFICATE----- +MIIEyjCCArKgAwIBAgIVAKijaxOh/7oUys2n+iw+GHS+hLDbMA0GCSqGSIb3DQEB +CwUAMBQxEjAQBgNVBAMMCUljaW5nYSBDQTAeFw0xNzA5MjEyMDUxMjFaFw0zMjA5 +MTcyMDUxMjFaMBQxEjAQBgNVBAMMCUljaW5nYSBDQTCCAiIwDQYJKoZIhvcNAQEB +BQADggIPADCCAgoCggIBALH5Dn55tfqcZejKiu+g/Bd+Nm3I6Maa7iAskg9C9HEM +rg2FvJmJi+gSO25amjsZGTC+TnYxIwsWsIPYfDOsfrfkhb1uz5d+7jpJf9aEgVgW +LZXXxL27rAEnACIHZDdQVLiz3SGSFiiXvYWEatfzfZk47IHLA4aYwnCwW9+QI5q1 +a+M+IfdQPR3CLHCYy4H5v9OUNv2qD3zkA50xO9QPt/DVtOx0n2CrmOjUOSC62sNE +jEZ0QJM+rRT21Jf+EwcDJVu+QTGceu8/aQ2vjy24OGksPDufcLha5fkYmKghBFRV +5jXr5NAoYhwMiZNPaLE+Rj8Sz+pHB83yVgBupHrD5sRbuz706mMftCDr3HNuDi/K +NtNujYwbBTWufNYJE4u4tBnrmhZvJjOhhU6x0jRG1Sh75U/JICbgAAYvSZcNAU5/ +OxiUmgJsKk24M+6+lqnkBlhsPoK40U9zhGhO52ATVdfrrwV6PpPw+oepZm1HWfze +E09lLC7GgBedbHuVS2xQ/C1L0vAZYfuiUyYMmpw33pX5EpAsDeu2kPWLKC3QjUJH +GetmJZNypFUWFDkORRJZGq4hj3QeETJKGzU4++XzmMdAnUbDrg33zX+HwOTU1kJL +W/hQCamzeai2whNSSnfConObXQ/zLqn9pE5ZrGTdQPIGerzzxSJm3PXu6zqxMVZt +AgMBAAGjEzARMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggIBAEtp +xft6IvJgJNxHM1tIUAmbijmcu+Y4HGEZaAX4u18i7y/exXHTBbeqJ1dztLy/VSVa +At94TcdZyewnHa0BsRNILI52qXlcoPBV57RzV+0jTfkK9L9FnuaDDaAYI8vHAxsL +b0/wieQ3SCLtoJfVRGr3FObz0EtmedKGHpc7sPGYM88QY4iTYVKSFCvYvG4PpZAq +K+EIn/sRcm6RdfnQwZ8dZ5zNeeZ1DmKlre0+pxwzXDgbTX+eC5CRqKKEknraYIX6 +F1GVEmNUXt5hN4je9Blqfp4e1mbArqXarJtxF5srqI7Dc877dXI//dokC5sivThK +7pgpH9uaXv8QTUPEsQAAvra1thfPO3I8mrli/CrRThg6AoxMo2PeHu6nbkV4KGpj +UXSg2gxR4+xoezuuSnnl0rBKLhrSFfEAyzR7hdSlBCgthLnpH7AMRxbosaYHziqQ +DxZefpiF1vy2og+clbmrW0vyPdt6Bia2SDptWkdZWOG4vJzXqvGToaaaDpA4rrtY +B3Xuhqyoa+Qq0NXBBpQUwPRceGrtehNgTGDokl6LExjI7h075TrWqTg3cc9LCmWf +ShJpM5SpZxcGnHZTpZ5Sm4CatSPOy+GGGp64uCrr1vX3BVloQGeIphzupOJ7aIvr +ZSAH/ibF9WkItQ5XGSgmCZyPL5KnI76jT7BQNi0m +-----END CERTIFICATE----- diff --git a/icinga2/pki/sarah.uhu-banane.de.crt b/icinga2/pki/sarah.uhu-banane.de.crt new file mode 100644 index 0000000..371654c --- /dev/null +++ b/icinga2/pki/sarah.uhu-banane.de.crt @@ -0,0 +1,29 @@ +-----BEGIN CERTIFICATE----- +MIIE8DCCAtigAwIBAgIUbwQ0nCPD4Qb9lTcgdRG+Lq+2mi4wDQYJKoZIhvcNAQEL +BQAwFDESMBAGA1UEAwwJSWNpbmdhIENBMB4XDTE3MTAxMzEzNTU0MVoXDTMyMTAw +OTEzNTU0MVowHjEcMBoGA1UEAwwTc2FyYWgudWh1LWJhbmFuZS5kZTCCAiIwDQYJ +KoZIhvcNAQEBBQADggIPADCCAgoCggIBANE7TTJu6Tlrreyexiu9mS+ILsk4aVvK +j67HCO6CEKHwOsIrVDIV5h9JAgtOf4Uo7FzcUKFj5L7+jE8Y/fnkLViXUn7iKKx9 +ZMi5MB6+mnrJXGZKQ2hnT6BhbBX+pWzdkWkREHP18wK4PeasBr5DOuTC2qHVGcda +2MuhzuWfZ5/mEB9lbZg/sUafb0CaxdKRGy+YXkysYA1Mx7thg7lCZ7ruWgJ3GDc3 +Vtc2fyOmFdm2uEzvsl1t1r7obk0YOaF/oT7sms8tTOBtCgOgduddcOTtOXNT/otr +21MfaQU7nzT6S6bADqTMGR+2fP3ACvcyevvSMgkVBFKbLZoeKpeIT5YjQewDMAZe +ikWDKboDvSN86QG1IFIZbYE2cZhfPhTaHSRLhOTNw0WRJNAGNbI8Ic2QZUjXJASu +tWgf36sJpFUMP5eUdHntxXERTl2sEUpQzkGdxLSfrOJXt1vzml+HKwNqGcLOmIQK +vVdpatS2ihUW+pa7A82qh21s/WiSZj123uw60131OsKM7eh9WX6A/hgwrXkBUQSd +BazmAmtcE4X9pm+bjK2mXJkqhLME9yhoDE/QNoECJAYeYLSiW4VEZGb0Jesio04J +s2tS+lfm0JQ77NL/s6c1/m+dGxquWo/3z5brYnv/IlQWPYLoZTYqdT9jGsVgoIv3 +QfN0BWqd5fwtAgMBAAGjMDAuMAwGA1UdEwEB/wQCMAAwHgYDVR0RBBcwFYITc2Fy +YWgudWh1LWJhbmFuZS5kZTANBgkqhkiG9w0BAQsFAAOCAgEAFPONyX9XBkeT91DR +UQ8Qg+flMIkSL0HeT1yekHN76ww2SaRPtv8uVKgJZhUw4FMQIhkqU8iNAPFUG/du +fIWOqffvBjrFzR8kxFo63OR8AXX7sZ7SB6EYe9uGMaQQ7nE89hHjImtJeyvCZXFh +b0obWZLPaiqXIPFxF4eK7qfVZjXhhP2Y5bdq6C+zSgCr/VNxUTvjyyxKMuy0vicO +G+s5LH4czuCGUbbjt6ITHvjyAageyBFiI94+Tc+SHpcFIcQg2RaddfG+nlTfZb5w +OxFiVDLTEk1fMboBWSl/f1H6QTUpMimkFYv2i8qs2qUmUzZd6tLCo/aHZyd9KoR3 +S/rEHU9N5lpc+ZhVsLVRd+iHIjIWUwFKDE4cXinc5f7OEUikApRgJ3bcPPEEiHZv +EYfPXSPT+Hgy8Sa6tWToClUrrtroNJkqR3jBLrTLVmde9IGrPKWf0Zz6OlTEeLY3 +r6Vj+1t088ozdv/6hoMBkaeD4gXNYY1vS65Pq3AQJ8XEMLxsWtLKVn9Nk6b4mDp7 +4cueZWKe+6R47UYfMbv9TXqvIVzN3Wh1iSzMibh7qS1nF0ZZ5DwAAM69yxvr2O2b +HtxBAl/HlYCqRlP/A7m2d89A+2I1Wt4hYh4xlg2uhJcAXZCpKBbVl0AaCJIWD6gB +ROxrUz3tvy25Cx9+lHKPy0yHaYY= +-----END CERTIFICATE----- diff --git a/icinga2/pki/sarah.uhu-banane.de.crt.orig b/icinga2/pki/sarah.uhu-banane.de.crt.orig new file mode 100644 index 0000000..bb06755 --- /dev/null +++ b/icinga2/pki/sarah.uhu-banane.de.crt.orig @@ -0,0 +1,29 @@ +-----BEGIN CERTIFICATE----- +MIIE+jCCAuKgAwIBAgIUZmMSHqqvg9vYAzP+rBPK/rTOGsAwDQYJKoZIhvcNAQEL +BQAwHjEcMBoGA1UEAwwTc2FyYWgudWh1LWJhbmFuZS5kZTAeFw0xNzEwMTMxMzU1 +MjJaFw0zMjEwMDkxMzU1MjJaMB4xHDAaBgNVBAMME3NhcmFoLnVodS1iYW5hbmUu +ZGUwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDRO00ybuk5a63snsYr +vZkviC7JOGlbyo+uxwjughCh8DrCK1QyFeYfSQILTn+FKOxc3FChY+S+/oxPGP35 +5C1Yl1J+4iisfWTIuTAevpp6yVxmSkNoZ0+gYWwV/qVs3ZFpERBz9fMCuD3mrAa+ +Qzrkwtqh1RnHWtjLoc7ln2ef5hAfZW2YP7FGn29AmsXSkRsvmF5MrGANTMe7YYO5 +Qme67loCdxg3N1bXNn8jphXZtrhM77Jdbda+6G5NGDmhf6E+7JrPLUzgbQoDoHbn +XXDk7TlzU/6La9tTH2kFO580+kumwA6kzBkftnz9wAr3Mnr70jIJFQRSmy2aHiqX +iE+WI0HsAzAGXopFgym6A70jfOkBtSBSGW2BNnGYXz4U2h0kS4TkzcNFkSTQBjWy +PCHNkGVI1yQErrVoH9+rCaRVDD+XlHR57cVxEU5drBFKUM5BncS0n6ziV7db85pf +hysDahnCzpiECr1XaWrUtooVFvqWuwPNqodtbP1okmY9dt7sOtNd9TrCjO3ofVl+ +gP4YMK15AVEEnQWs5gJrXBOF/aZvm4ytplyZKoSzBPcoaAxP0DaBAiQGHmC0oluF +RGRm9CXrIqNOCbNrUvpX5tCUO+zS/7OnNf5vnRsarlqP98+W62J7/yJUFj2C6GU2 +KnU/YxrFYKCL90HzdAVqneX8LQIDAQABozAwLjAMBgNVHRMBAf8EAjAAMB4GA1Ud +EQQXMBWCE3NhcmFoLnVodS1iYW5hbmUuZGUwDQYJKoZIhvcNAQELBQADggIBAMEQ +9Qe/MdFseETKWRTaW3WCxE0im6Dk50uvwTj0QslodoYKrvUSWtGEr65Z2klFLrH0 +xaotCYdmqVY0mb1tl7InjWJcISOOn56eZE+T6xV5Cc7I+YIHCoSEcU1BD14SRTVN +oVnigQ2gL5Da+sOxsOnIgRpQJMdlM4vo2RoS4rW670x1q9a+vlD+FRpLDVLrAP48 +sTfRo2dA4qc2YXGHn72PV4PFjG1DdLu6jxwRFyNRDt7GOa8Xu7Qy0HMIYS4FPpqD +oiBSXEwDgI6goOyMe5ggmUDL/KoutAAoKTgwoGmtnbBIONPNa+NydjW0CRGY9w++ +O+9f1yPmc9hZnp1NkX78rGwV1wM+kJg5lbUWyFfwcMrqOc3m+FzKf61v/5lpgOIm +VwRAzVrtV3gi68ILe59VemK0mVHDybXBvn41BOt4Q3evCEfO3u9zADTfJ7U3iFHI +a+lVo6992LEkr2P5YAnylwHPSq7KjwJbzxdlAMwPrCdXRKqMrIBjYLC6OYl+t6fU +ABOausVR1ga4dVVHP2rK+WweobWsF9LIQMr05xjVe9OC2/LHTscZpfwxGJeACqpg +bPXHkj/g4/f7kUDFYnFIJ60X0Vj13ZuXz6lyBX8CSxtCZUvPY2RHykvHur05HYrH +t8gZN7G/3Xk2utOYRb9gpfPolJIrQgyU6lwXILwC +-----END CERTIFICATE----- diff --git a/icinga2/pki/sarah.uhu-banane.de.key b/icinga2/pki/sarah.uhu-banane.de.key new file mode 100644 index 0000000..bd47bc0 --- /dev/null +++ b/icinga2/pki/sarah.uhu-banane.de.key @@ -0,0 +1,51 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIJKQIBAAKCAgEA0TtNMm7pOWut7J7GK72ZL4guyThpW8qPrscI7oIQofA6witU +MhXmH0kCC05/hSjsXNxQoWPkvv6MTxj9+eQtWJdSfuIorH1kyLkwHr6aeslcZkpD +aGdPoGFsFf6lbN2RaREQc/XzArg95qwGvkM65MLaodUZx1rYy6HO5Z9nn+YQH2Vt +mD+xRp9vQJrF0pEbL5heTKxgDUzHu2GDuUJnuu5aAncYNzdW1zZ/I6YV2ba4TO+y +XW3WvuhuTRg5oX+hPuyazy1M4G0KA6B2511w5O05c1P+i2vbUx9pBTufNPpLpsAO +pMwZH7Z8/cAK9zJ6+9IyCRUEUpstmh4ql4hPliNB7AMwBl6KRYMpugO9I3zpAbUg +UhltgTZxmF8+FNodJEuE5M3DRZEk0AY1sjwhzZBlSNckBK61aB/fqwmkVQw/l5R0 +ee3FcRFOXawRSlDOQZ3EtJ+s4le3W/OaX4crA2oZws6YhAq9V2lq1LaKFRb6lrsD +zaqHbWz9aJJmPXbe7DrTXfU6wozt6H1ZfoD+GDCteQFRBJ0FrOYCa1wThf2mb5uM +raZcmSqEswT3KGgMT9A2gQIkBh5gtKJbhURkZvQl6yKjTgmza1L6V+bQlDvs0v+z +pzX+b50bGq5aj/fPlutie/8iVBY9guhlNip1P2MaxWCgi/dB83QFap3l/C0CAwEA +AQKCAgAcHsQ5Sv69YON3Mb+gkVLNOJhRIuvGEmtNKiLhK0ng+dBr2DbwpFDRU5aa +vmoVE3Lw6AtOJYbQxJVG7Cz2MNyHU48aznp49EFfWMRG3YcViYqJlOGKXpgtDerg +6eCBySWJ4Wk8rImEjA6FugkN+SspI6cOqP1V9be9ZnnQEqRysRDpp1AbbjP9MeBZ +5nM/4ZCtzOSfmWsvXmpZnLl/ZJVcYjxmqGrwwNdDBWgA+ollQVFzxaNLOz/pWIO6 +iM72DZk2Q8ZqocP7Raxa4G4amkxZ+CgIf/lt84j+mvIaafDzxc/1EUrmiye1Q2l5 +ER5oKrisr4tZ/SEfmQt/8x32T7OiU9PF4xKE2jMS71xY7p9Jq9MNj3TKO1UEYtiw +lysDUHMj+QoLJqRUKtODLwUyGs63VaTB2uZSpS6QcMhIxpsoMaia3WiP5+6TWksT +AjyiZLNyNXEyk2LByQsziZrLj/Wc1yB9Lm1cTuF9b8ky7f9VVMHkD0uUwM9pBckJ +inPtov5ZRsLimALnUgsV2Ny8qJxTCfRPbwGImKyDTedbzFic7vYDFZx5XUrpi9BG +ngBXHKeUAyTXOj6rbHOdb2GAtc6BMW9MAptFWBMWcCgbZskBJeWjgbEVBiKx3rHk +kdAln9pgJpwDwfxdjB6xMys9M5bZqUO33vN+SY/oClsf0iP4YQKCAQEA6kfsTjoM +n60ckW7LzkpQm+uDZiEox4O8II4MB5jxTEvfd/V5AmnRAn3beR1CMEfG3VAioTWs ++JqEGL/WefJbufnqYdOUa/JqYzn47ZTr+USZBGE8GfGjigXuMIXvGtmp+PEZa0xy +DN0M+oTQuApEtMf17WB+RGbsTKQL1NLNYd6PcnWDkG+XJ+FiChzCTIwzoFhiA025 +tUrcF1Rtf89JaAt7L5HXJPtdxhiLatNdi4EKsE+ANLtY4Hlie6azL8XN1NwJWRbg +Fsgn6gbl/2yV77HiTIOI4Ly6QZF/x0REtnvj4fTOSpH/OKounMRZhRN+RDMGhinq +3l1D/I/GTfSHOwKCAQEA5KDlO87qQyrnTdPNGu9xmMXhwKDxgzp2CLhu0SVqXuTn +d08f+WcXk0/R1SoTgT+Sx6hYrTTdxWp68xteAq0gPnwvsmmiwr2KBrbEnmiz3nWx +pDfB3TwkL6t7ksPWpmmfwa/cVyHnyHYjVVyFEFZUVW6X7uXsrz+btvWh7cfAVNPT +6jFnNtQGR+odtAi5Ql4F3RTgBahj8+eTWlgk0L68P30iH0MuHM8DZJofSBeNkIyl +Tpz+gPjngziliY5z7oJ+JvKHv5I+ax3+uTYS1kn0GVgySfUYxoAFxIZ8zOiBMuk0 +/A3QLQDh/RMO85u8XEEMr1+w0yhaCG/qdb1tDZDjtwKCAQEAwT72UkhbpVI7oFKN +1elCuHn5dsKfSoMFKK1CivnC/7YN7HsUh8MU3kNGR460y/JIvMCe7+7AcIezsl56 +4TfiJXNZu7u0T54z1wk4pXATfRbySMSTuKqyxOTDZk7zvWgRZgApgXIbGTU0wWfQ +ah4+MghGeLkBLhbfjxA5miEPvEzCch0wmnERc5nbLpAuTMnQw9BjeGoiZsIK7Ut8 +ztICsMnXoJNhrWWSIhaY2VLjdHDKikfpbpWiZ/Z4H5qPbzZv48ZkB5Jw4RnUopty +F9BPlNlb2tUckJPb5r3HcmyDaSqj+/vcNXJb3TezHyhu1vAPVN3p4bytuSGhNLC7 +WA39hQKCAQEA5EXNe5DWD+hXeDqgUGOAvXPeOrG3UjpdvclARCyib0sH3PUwzJjl +Th1lOfu/682o5RauK4pcX484YWES1YM8bYcbLH0SmHQcyyVTXYLXDKfgjUFqnFU/ +ICWMxXYp7JALhZzsWEcvINTr5H/zD+PSYlaA9nO1hSjydZP9cOd/nnK95Ngc4P6D +ouwbajVHm/86xYnhP2TpH485bfwSDiZS2OU824/9C6CaF6lW0GlL3GbBaqOP7QAY +T8mQZq7IC/1YrdR8O4duMQ+K1CwsVK8UPPX1iChi61bJ63YIR6Nh1I5Ka9vy3exC +t6d+xzbYtBfy7WuSptJkSoZLx/ExYFkpMwKCAQBlNbAEW5iwRT43XII+/mHHZK6A +esMSowUYV/8F2XSBDxd5Ch4dWuvIq9+XGGqmkWwlqegrOFxz+sNDU1/yW9NQnVY5 +pPFgDxBv79iCIiiHwdHzy7j1xo6nf/Y3nPywiE7BWwBpaZ2CACRjRGUwucXwS0FD +wNck1BgsaYfnvpDdnVJFdmQUJIrdPDHwy4ylpqBZoLafyabAezJYsc6n8VLltXwm +TdoWuoyvZD5JbOrCbJ3K1xFQPBUd5ARO0U44L2Wx9HVyYVmsUPIt0rxjgegbSIRb +eq3pWtjOLk2ZyfCFFd1DNcNwSZ+89vFNC47X6Vmd3l6md9RP/dSi1LkVheXf +-----END RSA PRIVATE KEY----- diff --git a/icinga2/zones.conf b/icinga2/zones.conf index 9c76de7..0879957 100644 --- a/icinga2/zones.conf +++ b/icinga2/zones.conf @@ -1,51 +1,23 @@ /* - * Endpoint and Zone configuration for a cluster setup - * This local example requires `NodeName` defined in - * constants.conf. + * Generated by Icinga 2 node setup commands + * on 2017-10-13 15:55:47 +0200 */ -object Endpoint NodeName { - host = NodeName -} - -object Zone ZoneName { - endpoints = [ NodeName ] -} - -/* - * Defines a global zone containing templates, - * etc. synced to all nodes, if they accept - * configuration. All remote nodes need - * this zone configured too. - */ - -/* -object Zone "global-templates" { - global = true +object Endpoint "ns1.uhu-banane.de" { + host = "ns1.uhu-banane.de" + port = "5665" } -*/ -/* - * Read the documentation on how to configure - * a cluster setup with multiple zones. - */ - -/* -object Endpoint "master.example.org" { - host = "master.example.org" +object Zone "master" { + endpoints = [ "ns1.uhu-banane.de" ] } -object Endpoint "satellite.example.org" { - host = "satellite.example.org" +object Endpoint NodeName { } -object Zone "master" { - endpoints = [ "master.example.org" ] +object Zone ZoneName { + endpoints = [ NodeName ] + parent = "master" } -object Zone "satellite" { - parent = "master" - endpoints = [ "satellite.example.org" ] -} -*/ diff --git a/icinga2/zones.conf.orig b/icinga2/zones.conf.orig new file mode 100644 index 0000000..9c76de7 --- /dev/null +++ b/icinga2/zones.conf.orig @@ -0,0 +1,51 @@ +/* + * Endpoint and Zone configuration for a cluster setup + * This local example requires `NodeName` defined in + * constants.conf. + */ + +object Endpoint NodeName { + host = NodeName +} + +object Zone ZoneName { + endpoints = [ NodeName ] +} + +/* + * Defines a global zone containing templates, + * etc. synced to all nodes, if they accept + * configuration. All remote nodes need + * this zone configured too. + */ + +/* +object Zone "global-templates" { + global = true +} +*/ + +/* + * Read the documentation on how to configure + * a cluster setup with multiple zones. + */ + +/* +object Endpoint "master.example.org" { + host = "master.example.org" +} + +object Endpoint "satellite.example.org" { + host = "satellite.example.org" +} + +object Zone "master" { + endpoints = [ "master.example.org" ] +} + +object Zone "satellite" { + parent = "master" + endpoints = [ "satellite.example.org" ] +} +*/ + diff --git a/iptables/rules.v4 b/iptables/rules.v4 index 8576690..07ad151 100644 --- a/iptables/rules.v4 +++ b/iptables/rules.v4 @@ -1,18 +1,24 @@ -# Generated by iptables-save v1.6.0 on Thu Jul 20 10:13:13 2017 -*nat -:PREROUTING ACCEPT [7691:490389] -:INPUT ACCEPT [1504:145068] -:OUTPUT ACCEPT [9822:727415] -:POSTROUTING ACCEPT [9822:727415] -COMMIT -# Completed on Thu Jul 20 10:13:13 2017 -# Generated by iptables-save v1.6.0 on Thu Jul 20 10:13:13 2017 +# Generated by iptables-save v1.6.0 on Fri Oct 13 16:05:30 2017 *filter :INPUT DROP [0:0] :FORWARD DROP [0:0] -:OUTPUT ACCEPT [120:16499] +:OUTPUT ACCEPT [89:42172] +:f2b-dovecot - [0:0] +:f2b-postfix - [0:0] +:f2b-roundcube - [0:0] +:f2b-ssh - [0:0] +:f2b-sshd - [0:0] +:f2b-sshd-ddos - [0:0] +:icinga2 - [0:0] :mysql - [0:0] :rejects - [0:0] +-A INPUT -p tcp -m multiport --dports 22 -j f2b-ssh +-A INPUT -p tcp -m multiport --dports 80,443,25,587,110,995,143,993,4190 -j f2b-postfix +-A INPUT -p tcp -m multiport --dports 80,443,25,587,110,995,143,993,4190 -j f2b-dovecot +-A INPUT -p tcp -m multiport --dports 80,443,25,587,110,995,143,993,4190 -j f2b-roundcube +-A INPUT -p tcp -m multiport --dports 22 -j f2b-sshd-ddos +-A INPUT -p tcp -m multiport --dports 25,465,587 -j f2b-postfix +-A INPUT -p tcp -m multiport --dports 22 -j f2b-sshd -A INPUT -s 220.192.0.0/12 -p tcp -m multiport --dports 80,443,25,587,110,995,143,993,4190 -j REJECT --reject-with icmp-port-unreachable -A INPUT -s 222.184.0.0/13 -p tcp -m multiport --dports 22 -j REJECT --reject-with icmp-port-unreachable -A INPUT -s 220.192.0.0/12 -p tcp -m multiport --dports 22 -j REJECT --reject-with icmp-port-unreachable @@ -32,9 +38,116 @@ COMMIT -A INPUT -p tcp -m tcp --dport 993 -j ACCEPT -A INPUT -p tcp -m tcp --dport 4190 -j ACCEPT -A INPUT -p tcp -m tcp --dport 3306 -j mysql +-A INPUT -p tcp -m tcp --dport 5665 -j icinga2 -A INPUT -j rejects -A INPUT -j NFLOG --nflog-prefix "INPUT Reject " --nflog-threshold 1 -A INPUT -j REJECT --reject-with icmp-port-unreachable +-A f2b-dovecot -j RETURN +-A f2b-postfix -s 93.107.109.90/32 -j REJECT --reject-with icmp-port-unreachable +-A f2b-postfix -s 144.76.221.187/32 -j REJECT --reject-with icmp-port-unreachable +-A f2b-postfix -j RETURN +-A f2b-postfix -j RETURN +-A f2b-roundcube -j RETURN +-A f2b-ssh -s 112.216.20.126/32 -j REJECT --reject-with icmp-port-unreachable +-A f2b-ssh -s 192.169.231.194/32 -j REJECT --reject-with icmp-port-unreachable +-A f2b-ssh -s 103.215.24.251/32 -j REJECT --reject-with icmp-port-unreachable +-A f2b-ssh -s 204.12.217.242/32 -j REJECT --reject-with icmp-port-unreachable +-A f2b-ssh -s 58.242.83.8/32 -j REJECT --reject-with icmp-port-unreachable +-A f2b-ssh -s 200.115.134.237/32 -j REJECT --reject-with icmp-port-unreachable +-A f2b-ssh -s 181.51.187.91/32 -j REJECT --reject-with icmp-port-unreachable +-A f2b-ssh -s 77.72.85.100/32 -j REJECT --reject-with icmp-port-unreachable +-A f2b-ssh -s 142.54.101.146/32 -j REJECT --reject-with icmp-port-unreachable +-A f2b-ssh -s 202.29.39.242/32 -j REJECT --reject-with icmp-port-unreachable +-A f2b-ssh -s 208.184.100.106/32 -j REJECT --reject-with icmp-port-unreachable +-A f2b-ssh -s 41.208.150.114/32 -j REJECT --reject-with icmp-port-unreachable +-A f2b-ssh -s 190.110.90.34/32 -j REJECT --reject-with icmp-port-unreachable +-A f2b-ssh -s 192.210.192.172/32 -j REJECT --reject-with icmp-port-unreachable +-A f2b-ssh -s 190.95.162.186/32 -j REJECT --reject-with icmp-port-unreachable +-A f2b-ssh -s 45.4.148.12/32 -j REJECT --reject-with icmp-port-unreachable +-A f2b-ssh -s 61.147.125.175/32 -j REJECT --reject-with icmp-port-unreachable +-A f2b-ssh -s 117.239.246.55/32 -j REJECT --reject-with icmp-port-unreachable +-A f2b-ssh -s 175.207.13.114/32 -j REJECT --reject-with icmp-port-unreachable +-A f2b-ssh -s 201.149.99.162/32 -j REJECT --reject-with icmp-port-unreachable +-A f2b-ssh -s 187.216.113.99/32 -j REJECT --reject-with icmp-port-unreachable +-A f2b-ssh -s 190.205.54.150/32 -j REJECT --reject-with icmp-port-unreachable +-A f2b-ssh -s 82.49.158.38/32 -j REJECT --reject-with icmp-port-unreachable +-A f2b-ssh -s 121.156.65.122/32 -j REJECT --reject-with icmp-port-unreachable +-A f2b-ssh -s 118.193.178.203/32 -j REJECT --reject-with icmp-port-unreachable +-A f2b-ssh -s 75.127.147.2/32 -j REJECT --reject-with icmp-port-unreachable +-A f2b-ssh -s 220.118.150.190/32 -j REJECT --reject-with icmp-port-unreachable +-A f2b-ssh -s 122.228.158.54/32 -j REJECT --reject-with icmp-port-unreachable +-A f2b-ssh -s 187.85.207.19/32 -j REJECT --reject-with icmp-port-unreachable +-A f2b-ssh -s 201.102.183.87/32 -j REJECT --reject-with icmp-port-unreachable +-A f2b-ssh -s 118.47.51.57/32 -j REJECT --reject-with icmp-port-unreachable +-A f2b-ssh -s 117.149.135.245/32 -j REJECT --reject-with icmp-port-unreachable +-A f2b-ssh -s 182.254.146.248/32 -j REJECT --reject-with icmp-port-unreachable +-A f2b-ssh -s 178.219.174.77/32 -j REJECT --reject-with icmp-port-unreachable +-A f2b-ssh -s 96.88.170.121/32 -j REJECT --reject-with icmp-port-unreachable +-A f2b-ssh -s 114.113.69.226/32 -j REJECT --reject-with icmp-port-unreachable +-A f2b-ssh -s 68.83.223.19/32 -j REJECT --reject-with icmp-port-unreachable +-A f2b-ssh -s 118.122.114.217/32 -j REJECT --reject-with icmp-port-unreachable +-A f2b-ssh -s 59.126.254.98/32 -j REJECT --reject-with icmp-port-unreachable +-A f2b-ssh -s 200.57.117.119/32 -j REJECT --reject-with icmp-port-unreachable +-A f2b-ssh -s 118.89.238.120/32 -j REJECT --reject-with icmp-port-unreachable +-A f2b-ssh -s 110.45.146.187/32 -j REJECT --reject-with icmp-port-unreachable +-A f2b-ssh -s 183.134.99.50/32 -j REJECT --reject-with icmp-port-unreachable +-A f2b-ssh -s 201.20.116.124/32 -j REJECT --reject-with icmp-port-unreachable +-A f2b-ssh -s 115.248.66.139/32 -j REJECT --reject-with icmp-port-unreachable +-A f2b-ssh -j RETURN +-A f2b-sshd -s 112.216.20.126/32 -j REJECT --reject-with icmp-port-unreachable +-A f2b-sshd -s 192.169.231.194/32 -j REJECT --reject-with icmp-port-unreachable +-A f2b-sshd -s 103.215.24.251/32 -j REJECT --reject-with icmp-port-unreachable +-A f2b-sshd -s 204.12.217.242/32 -j REJECT --reject-with icmp-port-unreachable +-A f2b-sshd -s 58.242.83.8/32 -j REJECT --reject-with icmp-port-unreachable +-A f2b-sshd -s 113.195.145.79/32 -j REJECT --reject-with icmp-port-unreachable +-A f2b-sshd -s 200.115.134.237/32 -j REJECT --reject-with icmp-port-unreachable +-A f2b-sshd -s 181.51.187.91/32 -j REJECT --reject-with icmp-port-unreachable +-A f2b-sshd -s 77.72.85.100/32 -j REJECT --reject-with icmp-port-unreachable +-A f2b-sshd -s 142.54.101.146/32 -j REJECT --reject-with icmp-port-unreachable +-A f2b-sshd -s 202.29.39.242/32 -j REJECT --reject-with icmp-port-unreachable +-A f2b-sshd -s 208.184.100.106/32 -j REJECT --reject-with icmp-port-unreachable +-A f2b-sshd -s 41.208.150.114/32 -j REJECT --reject-with icmp-port-unreachable +-A f2b-sshd -s 190.110.90.34/32 -j REJECT --reject-with icmp-port-unreachable +-A f2b-sshd -s 192.210.192.172/32 -j REJECT --reject-with icmp-port-unreachable +-A f2b-sshd -s 190.95.162.186/32 -j REJECT --reject-with icmp-port-unreachable +-A f2b-sshd -s 45.4.148.12/32 -j REJECT --reject-with icmp-port-unreachable +-A f2b-sshd -s 61.147.125.175/32 -j REJECT --reject-with icmp-port-unreachable +-A f2b-sshd -s 117.239.246.55/32 -j REJECT --reject-with icmp-port-unreachable +-A f2b-sshd -s 175.207.13.114/32 -j REJECT --reject-with icmp-port-unreachable +-A f2b-sshd -s 201.149.99.162/32 -j REJECT --reject-with icmp-port-unreachable +-A f2b-sshd -s 187.216.113.99/32 -j REJECT --reject-with icmp-port-unreachable +-A f2b-sshd -s 190.205.54.150/32 -j REJECT --reject-with icmp-port-unreachable +-A f2b-sshd -s 82.49.158.38/32 -j REJECT --reject-with icmp-port-unreachable +-A f2b-sshd -s 121.156.65.122/32 -j REJECT --reject-with icmp-port-unreachable +-A f2b-sshd -s 118.193.178.203/32 -j REJECT --reject-with icmp-port-unreachable +-A f2b-sshd -s 75.127.147.2/32 -j REJECT --reject-with icmp-port-unreachable +-A f2b-sshd -s 220.118.150.190/32 -j REJECT --reject-with icmp-port-unreachable +-A f2b-sshd -s 122.228.158.54/32 -j REJECT --reject-with icmp-port-unreachable +-A f2b-sshd -s 58.242.83.25/32 -j REJECT --reject-with icmp-port-unreachable +-A f2b-sshd -s 187.85.207.19/32 -j REJECT --reject-with icmp-port-unreachable +-A f2b-sshd -s 201.102.183.87/32 -j REJECT --reject-with icmp-port-unreachable +-A f2b-sshd -s 118.47.51.57/32 -j REJECT --reject-with icmp-port-unreachable +-A f2b-sshd -s 117.149.135.245/32 -j REJECT --reject-with icmp-port-unreachable +-A f2b-sshd -s 182.254.146.248/32 -j REJECT --reject-with icmp-port-unreachable +-A f2b-sshd -s 178.219.174.77/32 -j REJECT --reject-with icmp-port-unreachable +-A f2b-sshd -s 96.88.170.121/32 -j REJECT --reject-with icmp-port-unreachable +-A f2b-sshd -s 114.113.69.226/32 -j REJECT --reject-with icmp-port-unreachable +-A f2b-sshd -s 68.83.223.19/32 -j REJECT --reject-with icmp-port-unreachable +-A f2b-sshd -s 118.122.114.217/32 -j REJECT --reject-with icmp-port-unreachable +-A f2b-sshd -s 59.126.254.98/32 -j REJECT --reject-with icmp-port-unreachable +-A f2b-sshd -s 200.57.117.119/32 -j REJECT --reject-with icmp-port-unreachable +-A f2b-sshd -s 118.89.238.120/32 -j REJECT --reject-with icmp-port-unreachable +-A f2b-sshd -s 110.45.146.187/32 -j REJECT --reject-with icmp-port-unreachable +-A f2b-sshd -s 183.134.99.50/32 -j REJECT --reject-with icmp-port-unreachable +-A f2b-sshd -s 201.20.116.124/32 -j REJECT --reject-with icmp-port-unreachable +-A f2b-sshd -s 115.248.66.139/32 -j REJECT --reject-with icmp-port-unreachable +-A f2b-sshd -j RETURN +-A f2b-sshd-ddos -j RETURN +-A icinga2 -s 185.102.95.107/32 -j ACCEPT +-A icinga2 -s 162.254.24.33/32 -j ACCEPT +-A icinga2 -s 185.48.118.128/32 -j ACCEPT +-A icinga2 -s 185.48.118.130/32 -j ACCEPT +-A icinga2 -j REJECT --reject-with icmp-port-unreachable -A mysql -s 127.0.0.1/32 -j ACCEPT -A mysql -s 185.48.118.130/32 -j ACCEPT -A mysql -s 10.12.20.5/32 -j ACCEPT @@ -54,4 +167,12 @@ COMMIT -A rejects -p tcp -m tcp --dport 5060 -j REJECT --reject-with icmp-port-unreachable -A rejects -p tcp -m tcp --dport 8080 -j REJECT --reject-with icmp-port-unreachable COMMIT -# Completed on Thu Jul 20 10:13:13 2017 +# Completed on Fri Oct 13 16:05:30 2017 +# Generated by iptables-save v1.6.0 on Fri Oct 13 16:05:30 2017 +*nat +:PREROUTING ACCEPT [22475:1674801] +:INPUT ACCEPT [8440:806301] +:OUTPUT ACCEPT [41015:3061282] +:POSTROUTING ACCEPT [41015:3061282] +COMMIT +# Completed on Fri Oct 13 16:05:30 2017 diff --git a/iptables/rules.v6 b/iptables/rules.v6 index 26f60a1..208245f 100644 --- a/iptables/rules.v6 +++ b/iptables/rules.v6 @@ -1,8 +1,8 @@ -# Generated by ip6tables-save v1.6.0 on Thu Jul 20 10:13:13 2017 +# Generated by ip6tables-save v1.6.0 on Fri Oct 13 16:05:30 2017 *filter :INPUT DROP [0:0] :FORWARD ACCEPT [0:0] -:OUTPUT ACCEPT [67:4588] +:OUTPUT ACCEPT [126:8052] :mysql - [0:0] -A INPUT -m conntrack --ctstate ESTABLISHED -j ACCEPT -A INPUT -m conntrack --ctstate RELATED -j ACCEPT @@ -25,4 +25,4 @@ -A mysql -j NFLOG --nflog-prefix "IPv6 MySQL Reject " --nflog-threshold 1 -A mysql -j REJECT --reject-with icmp6-port-unreachable COMMIT -# Completed on Thu Jul 20 10:13:13 2017 +# Completed on Fri Oct 13 16:05:30 2017 diff --git a/motd b/motd index e136d30..bf9172f 100644 --- a/motd +++ b/motd @@ -6,8 +6,9 @@ Debian GNU/Linux 9.2 (stretch) |____/ \__,_|_| \__,_|_| |_| -Der Bildschirm ist das Präservativ der Realität. - -- Werner Schneyder +An einem Verrückten erschrickt uns am meisten die vernünftige Art, auf +die er sich unterhält. + -- Anatole France Today is Sweetmorn, the 67th day of Bureaucracy in the YOLD 3183