From: Frank Brehm Date: Wed, 15 Jul 2015 20:41:39 +0000 (+0200) Subject: Current state X-Git-Url: https://git.uhu-banane.org/?a=commitdiff_plain;h=88c707259c77fab68c61cab8a78172664c123246;p=config%2Fbruni%2Fetc.git Current state --- diff --git a/conf.d/rsyslog b/conf.d/rsyslog new file mode 100644 index 00000000..d8cbe875 --- /dev/null +++ b/conf.d/rsyslog @@ -0,0 +1,30 @@ +# /etc/conf.d/rsyslog + +# Configuration file +RSYSLOG_CONFIGFILE="/etc/rsyslog.conf" + +# PID file +# If you should ever change this, remember to update +# "/etc/logrotate.d/rsyslog", too. +RSYSLOG_PIDFILE="/run/rsyslogd.pid" + +# You can use this configuration option to pass additional options to the +# start-stop-daemon, see start-stop-daemon(8) for more details. +# Per default we wait 1000ms after we have started the service to ensure +# that the daemon is really up and running. +RSYSLOG_SSDARGS="--wait 1000" + +# The termination timeout (start-stop-daemon parameter "retry") ensures +# that the service will be terminated within a given time (60 + 5 seconds +# per default) when you are stopping the service. +# You need to increase the value when you are working with a large queue. +# See http://www.rsyslog.com/doc/queues.html for further information. +RSYSLOG_TERMTIMEOUT="TERM/60/KILL/5" + + +# Options to rsyslogd +# See rsyslogd(8) for more details +# Notes: +# * Do not specify another PIDFILE but use the variable above to change the location +# * Do not specify another CONFIGFILE but use the variable above to change the location +RSYSLOG_OPTS="" diff --git a/conf.d/snmpd b/conf.d/snmpd new file mode 100644 index 00000000..97a1d705 --- /dev/null +++ b/conf.d/snmpd @@ -0,0 +1,17 @@ +# Copyright 1999-2004 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/net-analyzer/net-snmp/files/snmpd.conf,v 1.8 2006/11/26 21:37:22 cedk Exp $ + +# Initial (empty) options. +SNMPD_FLAGS="" + +# Enable connection logging. +#SNMPD_FLAGS="${SNMPD_FLAGS} -a" + +# Enable syslog and disable file log. +#SNMPD_FLAGS="${SNMPD_FLAGS} -Lsd -Lf /dev/null" + +# Enable agentx socket as /var/agentx/master +# *NOTE* Before uncommenting this, make sure +# the /var/agentx directory exists. +#SNMPD_FLAGS="${SNMPD_FLAGS} -x /var/agentx/master" diff --git a/conf.d/snmptrapd b/conf.d/snmptrapd new file mode 100644 index 00000000..b6259fcf --- /dev/null +++ b/conf.d/snmptrapd @@ -0,0 +1,16 @@ +# Copyright 1999-2005 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/net-analyzer/net-snmp/files/snmptrapd.conf,v 1.1 2005/01/28 11:19:25 ka0ttic Exp $ + +# extra flags to pass to snmptrapd +SNMPTRAPD_FLAGS="" + +# ignore authentication failure traps +#SNMPTRAPD_FLAGS="${SNMPTRAPD_FLAGS} -a" + +# log messages to specified file +#SNMPTRAPD_FLAGS="${SNMPTRAPD_FLAGS} -Lf /var/log/snmptrapd.log" + +# log messages to syslog with the specified facility +# where facility is: 'd' = LOG_DAEMON, 'u' = LOG_USER, [0-7] = LOG_LOCAL[0-7] +#SNMPTRAPD_FLAGS="${SNMPTRAPD_FLAGS} -Ls d" diff --git a/init.d/rsyslog b/init.d/rsyslog new file mode 100755 index 00000000..ec831d7f --- /dev/null +++ b/init.d/rsyslog @@ -0,0 +1,69 @@ +#!/sbin/runscript +# Copyright 1999-2014 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/app-admin/rsyslog/files/8-stable/rsyslog.initd,v 1.1 2014/09/30 13:09:39 polynomial-c Exp $ + +RSYSLOG_CONFIGFILE=${RSYSLOG_CONFIGFILE:-"/etc/rsyslog.conf"} +RSYSLOG_PIDFILE=${RSYSLOG_PIDFILE:-"/run/rsyslogd.pid"} + +command="/usr/sbin/rsyslogd" +command_args="${RSYSLOG_OPTS} -f ${RSYSLOG_CONFIGFILE} -i ${RSYSLOG_PIDFILE}" +start_stop_daemon_args="${RSYSLOG_SSDARGS}" +pidfile="${RSYSLOG_PIDFILE}" +retry="${RSYSLOG_TERMTIMEOUT}" + +required_files="${RSYSLOG_CONFIGFILE}" + +description="RSYSLOG is the rocket-fast system for log processing (syslog replacement)." + +extra_commands="configtest" +extra_started_commands="rotate" + +description_configtest="Run rsyslogd's internal config check." + +description_rotate="Sends rsyslogd a signal to re-open its log files." + +depend() { + need clock hostname localmount + provide logger +} + +start_pre() { + if [ "${RC_CMD}" != "restart" ]; then + configtest || return 1 + fi +} + +stop_pre() { + if [ "${RC_CMD}" = "restart" ]; then + configtest || return 1 + fi +} + +stop_post() { + rm -f ${RSYSLOG_PIDFILE} +} + +configtest() { + # This will currently only detect fatal errors + # See https://github.com/rsyslog/rsyslog/issues/79 + + local _test_command="${command} -N 999 -f ${RSYSLOG_CONFIGFILE}" + local _retval=0 + + ebegin "Checking rsyslogd's configuration" + ${_test_command} >/dev/null 2>&1 + _retval=$? + + if [ ${_retval} -ne 0 ]; then + ${_test_command} + fi + + eend ${_retval} "failed, please correct errors above" +} + +rotate() { + ebegin "Re-opening rsyslogd logs" + start-stop-daemon --signal SIGHUP --pidfile "${RSYSLOG_PIDFILE}" + eend $? +} diff --git a/init.d/snmpd b/init.d/snmpd new file mode 100755 index 00000000..6b0ca74a --- /dev/null +++ b/init.d/snmpd @@ -0,0 +1,35 @@ +#!/sbin/runscript +# Copyright 1999-2012 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/net-analyzer/net-snmp/files/snmpd.init.2,v 1.3 2012/10/22 02:57:05 flameeyes Exp $ + +SNMPD_PIDFILE="${SNMPD_PIDFILE:-/var/run/snmpd.pid}" + +extra_started_commands="reload" + +command="/usr/sbin/snmpd" +command_args="-p ${SNMPD_PIDFILE} ${SNMPD_FLAGS}" +pidfile="${SNMPD_PIDFILE}" + +depend() { + use logger +} + +checkconfig() { + if [ ! -e /etc/snmp/snmpd.conf ] ; then + eerror "${SVCNAME} requires an /etc/snmp/snmpd.conf configuration file" + return 1 + fi +} + +start_pre() { + checkconfig || return 1 +} + +reload() { + checkconfig || return 1 + + ebegin "Reloading ${SVCNAME} configuration" + kill -HUP $(cat ${SNMPD_PIDFILE}) 2>&1 > /dev/null + eend $? +} diff --git a/init.d/snmptrapd b/init.d/snmptrapd new file mode 100755 index 00000000..fa0f807e --- /dev/null +++ b/init.d/snmptrapd @@ -0,0 +1,14 @@ +#!/sbin/runscript +# Copyright 1999-2012 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/net-analyzer/net-snmp/files/snmptrapd.init.2,v 1.2 2012/10/22 02:57:05 flameeyes Exp $ + +SNMPTRAPD_PIDFILE="${SNMPTRAPD_PIDFILE:-/var/run/snmptrapd.pid}" + +command="/usr/sbin/snmptrapd" +command_args="-p ${SNMPTRAPD_PIDFILE} ${SNMPTRAPD_FLAGS}" +pidfile="${SNMPTRAPD_PIDFILE}" + +depend() { + use logger +} diff --git a/logrotate.d/rsyslog b/logrotate.d/rsyslog new file mode 100644 index 00000000..d7706480 --- /dev/null +++ b/logrotate.d/rsyslog @@ -0,0 +1,66 @@ +# Uncomment the following directive if you have re-enabled +# "/var/log/syslog" in "/etc/rsyslog.d/50-default.conf" +#/var/log/syslog +#{ +# rotate 7 +# daily +# missingok +# notifempty +# delaycompress +# compress +# postrotate +# test -r /run/rsyslogd.pid && kill -HUP $(cat /run/rsyslogd.pid) &>/dev/null +# endscript +#} + +#/var/log/auth.log +#/var/log/cron.log +#/var/log/daemon.log +#/var/log/kern.log +#/var/log/lpr.log +#/var/log/mail.log +#/var/log/news.log +#/var/log/user.log +#/var/log/debug.log +#/var/log/messages +#{ +# rotate 4 +# weekly +# missingok +# notifempty +# compress +# delaycompress +# sharedscripts +# postrotate +# test -r /run/rsyslogd.pid && kill -HUP $(cat /run/rsyslogd.pid) &>/dev/null +# endscript +#} + +script syslog-reload + test -r /run/rsyslogd.pid && kill -HUP $(cat /run/rsyslogd.pid) &>/dev/null || true +endscript + +/var/log/messages /var/log/syslog { + daily + olddir /var/log/.old/%Y-%m + size 1024K + postrotate syslog-reload +} + +/var/log/syslog.d/* { + daily + olddir /var/log/syslog.d/.old/%Y-%m + size 1024K + postrotate syslog-reload + maxage 1y +} + +/var/log/debug.log /var/log/debug /var/log/all /var/log/all.log { + daily + olddir /var/log/.old/%Y-%m + size 4M + postrotate syslog-reload + maxage 6m +} + + diff --git a/logrotate.d/syslog-ng b/logrotate.d/syslog-ng deleted file mode 100644 index f169c733..00000000 --- a/logrotate.d/syslog-ng +++ /dev/null @@ -1,35 +0,0 @@ -# $Header: /var/cvsroot/gentoo-x86/app-admin/syslog-ng/files/syslog-ng.logrotate.in,v 1.1 2014/01/22 04:25:35 mr_bones_ Exp $ -# -# Syslog-ng logrotate snippet for Gentoo Linux -# contributed by Michael Sterrett -# - -script syslog-reload - /etc/init.d/syslog-ng reload >/dev/null || true -endscript - -rotate 10 - -/var/log/messages { - daily - olddir /var/log/old/%Y-%m - size 1024K - postrotate syslog-reload -} - -/var/log/all /var/log/debug /var/log/syslog { - daily - olddir /var/log/old/%Y-%m - size 4M - maxage 6m - postrotate syslog-reload -} - -/var/log/syslog.d/* { - daily - olddir /var/log/syslog.d/old/%Y-%m - size 1024K - maxage 1y - postrotate syslog-reload -} - diff --git a/resolv.conf b/resolv.conf index 8a53d6bf..7a104c01 100644 --- a/resolv.conf +++ b/resolv.conf @@ -1,5 +1,7 @@ -# Generated by net-scripts for interface eth0 -domain brehm-online.com -search home.brehm-online.com home.hennig-berlin.org brehm-online.com hennig-berlin.org uhu-banane.de -nameserver 10.12.11.254 -#nameserver 127.0.0.1 +# Hand made by Frank Brehm +domain home.brehm-online.com +#search home.brehm-online.com brehm-online.com hennig-berlin.org uhu-banane.de pb.local dc1.pb.local dc2.pb.local +search home.brehm-online.com brehm-online.com uhu-banane.de pb.local dc1.de.profitbricks.net dc2.us.profitbricks.net dc3.de.profitbricks.net +#nameserver 10.12.11.1 +nameserver 192.168.178.30 +nameserver 192.168.178.89 diff --git a/rsyslog.conf b/rsyslog.conf new file mode 100644 index 00000000..da484598 --- /dev/null +++ b/rsyslog.conf @@ -0,0 +1,61 @@ +# /etc/rsyslog.conf +# +# This configuration is based on RainerScript, the new recommended syntax +# for RSYSLOG. See http://www.rsyslog.com/doc/rainerscript.html for further +# details. +# +# But if you don't want to learn something new at moment, don't worry: The +# legacy syntax is still supported. +# +# You may want to use the new RSYSLOG configuration builder to create your +# own more advanced configuration: http://www.rsyslog.com/rsyslog-configuration-builder/ + +# Check config syntax on startup and abort if unclean (default: off) +#$AbortOnUncleanConfig on + + +############### +### MODULES ### +############### + +# Read syslog messages from default Unix socket /dev/log (e.g. via logger command) +module(load="imuxsock") + +# Read messages from the kernel log and submits them to the syslog engine +module(load="imklog") + +# Inject "--MARK--" messages every $Interval (seconds) +#module(load="immark" Interval="600") + +# Read syslog messages from UDP +#module(load="imudp") +#input(type="imudp" port="514") + +# Read syslog messages from TCP +#module(load="imtcp") +#input(type="imtcp" port="514") + + +######################### +### GLOBAL DIRECTIVES ### +######################### + +# Where to place spool and state files +$WorkDirectory /var/spool/rsyslog + +# Reduce repeating messages (default: off) +#$RepeatedMsgReduction on + +# Set defaults for every output file +$Umask 0022 + +module( + load="builtin:omfile" + Template="RSYSLOG_TraditionalFileFormat" + FileCreateMode="0644" + DirCreateMode="0755" +) + + +# Include all conf files in /etc/rsyslog.d/ +$IncludeConfig /etc/rsyslog.d/*.conf diff --git a/rsyslog.d/.keep_app-admin_rsyslog-0 b/rsyslog.d/.keep_app-admin_rsyslog-0 new file mode 100644 index 00000000..e69de29b diff --git a/rsyslog.d/50-default.conf b/rsyslog.d/50-default.conf new file mode 100644 index 00000000..de5767c6 --- /dev/null +++ b/rsyslog.d/50-default.conf @@ -0,0 +1,95 @@ +####################### +### DEFAULT ACTIONS ### +####################### + +#auth,authpriv.* action( +# type="omfile" +# File="/var/log/auth.log" +# FileCreateMode="0600" +# FileOwner="root" +# FileGroup="adm" +# Sync="off" +#) + +#cron.* action( +# type="omfile" +# File="/var/log/cron.log" +# FileOwner="root" +# FileGroup="adm" +#) + +#daemon.* action( +# type="omfile" +# File="/var/log/daemon.log" +# FileOwner="root" +# FileGroup="adm" +#) + +#kern.* action( +# type="omfile" +# File="/var/log/kern.log" +# FileOwner="root" +# FileGroup="adm" +#) + +#lpr.* action( +# type="omfile" +# File="/var/log/lpr.log" +# FileOwner="root" +# FileGroup="adm" +#) + +#mail.* action( +# type="omfile" +# File="/var/log/mail.log" +# FileOwner="root" +# FileGroup="adm" +#) + +#news.* action( +# type="omfile" +# File="/var/log/news.log" +# FileOwner="root" +# FileGroup="adm" +#) + +#user.* action( +# type="omfile" +# File="/var/log/user.log" +# FileOwner="root" +# FileGroup="adm" +#) + +*.=debug;auth,authpriv,news,mail.none action( + type="omfile" + File="/var/log/debug.log" + FileOwner="root" + FileGroup="adm" +) + +*.info;auth,authpriv,cron,daemon,lpr,mail,news.none action( + type="omfile" + File="/var/log/messages" + FileOwner="root" + FileGroup="adm" +) + +# Uncomment the following directive to re-enable the +# deprecated "/var/log/syslog" log file (don't forget to re-enable log +# rotation in "/etc/logrotate.d/rsyslog" if you do that!) +*.*;auth,authpriv.none,mail.none action( + type="omfile" + File="/var/log/syslog" + FileOwner="root" + FileGroup="adm" +) + +*.emerg action( + type="omusrmsg" + Users="*" + action.execOnlyOnceEveryInterval="10" +) + +# Create an additional socket for the default chroot location +# (used by net-misc/openssh[hpn], see https://bugs.gentoo.org/490744) +input(type="imuxsock" Socket="/var/empty/dev/log") diff --git a/rsyslog.d/60-fb.conf b/rsyslog.d/60-fb.conf new file mode 100644 index 00000000..ce22dd5d --- /dev/null +++ b/rsyslog.d/60-fb.conf @@ -0,0 +1,32 @@ + +template ( + name="facility" + type="string" + string="/var/log/syslog.d/%syslogfacility-text%.log" +) + +*.* action( + type="omfile" + DynaFile="facility" + DirCreateMode="0755" + FileCreateMode="0644" + FileOwner="root" + FileGroup="adm" +) + +*.* action( + type="omfile" + File="/var/log/all.log" + FileOwner="root" + FileGroup="adm" + Sync="off" +) + +*.warn;news,mail.none action( + type="omfile" + File="/dev/tty12" + FileOwner="root" + FileGroup="root" +) + +# vim: filetype=conf diff --git a/runlevels/default/rsyslog b/runlevels/default/rsyslog new file mode 120000 index 00000000..c2a829bf --- /dev/null +++ b/runlevels/default/rsyslog @@ -0,0 +1 @@ +/etc/init.d/rsyslog \ No newline at end of file diff --git a/runlevels/default/syslog-ng b/runlevels/default/syslog-ng deleted file mode 120000 index 83ec2acf..00000000 --- a/runlevels/default/syslog-ng +++ /dev/null @@ -1 +0,0 @@ -/etc/init.d/syslog-ng \ No newline at end of file diff --git a/snmp/snmpd.conf.example b/snmp/snmpd.conf.example new file mode 100644 index 00000000..8f4a197d --- /dev/null +++ b/snmp/snmpd.conf.example @@ -0,0 +1,193 @@ +############################################################################### +# +# EXAMPLE.conf: +# An example configuration file for configuring the Net-SNMP agent ('snmpd') +# See the 'snmpd.conf(5)' man page for details +# +# Some entries are deliberately commented out, and will need to be explicitly activated +# +############################################################################### +# +# AGENT BEHAVIOUR +# + +# Listen for connections from the local system only +agentAddress udp:127.0.0.1:161 +# Listen for connections on all interfaces (both IPv4 *and* IPv6) +#agentAddress udp:161,udp6:[::1]:161 + + + +############################################################################### +# +# SNMPv3 AUTHENTICATION +# +# Note that these particular settings don't actually belong here. +# They should be copied to the file /var/net-snmp/snmpd.conf +# and the passwords changed, before being uncommented in that file *only*. +# Then restart the agent + +# createUser authOnlyUser MD5 "remember to change this password" +# createUser authPrivUser SHA "remember to change this one too" DES +# createUser internalUser MD5 "this is only ever used internally, but still change the password" + +# If you also change the usernames (which might be sensible), +# then remember to update the other occurances in this example config file to match. + + + +############################################################################### +# +# ACCESS CONTROL +# + + # system + hrSystem groups only +view systemonly included .1.3.6.1.2.1.1 +view systemonly included .1.3.6.1.2.1.25.1 + + # Full access from the local host +#rocommunity public localhost + # Default access to basic system info + rocommunity public default -V systemonly + + # Full access from an example network + # Adjust this network address to match your local + # settings, change the community string, + # and check the 'agentAddress' setting above +#rocommunity secret 10.0.0.0/16 + + # Full read-only access for SNMPv3 + rouser authOnlyUser + # Full write access for encrypted requests + # Remember to activate the 'createUser' lines above +#rwuser authPrivUser priv + +# It's no longer typically necessary to use the full 'com2sec/group/access' configuration +# r[ou]user and r[ow]community, together with suitable views, should cover most requirements + + + +############################################################################### +# +# SYSTEM INFORMATION +# + +# Note that setting these values here, results in the corresponding MIB objects being 'read-only' +# See snmpd.conf(5) for more details +sysLocation Sitting on the Dock of the Bay +sysContact Me + # Application + End-to-End layers +sysServices 72 + + +# +# Process Monitoring +# + # At least one 'mountd' process +proc mountd + # No more than 4 'ntalkd' processes - 0 is OK +proc ntalkd 4 + # At least one 'sendmail' process, but no more than 10 +proc sendmail 10 1 + +# Walk the UCD-SNMP-MIB::prTable to see the resulting output +# Note that this table will be empty if there are no "proc" entries in the snmpd.conf file + + +# +# Disk Monitoring +# + # 10MBs required on root disk, 5% free on /var, 10% free on all other disks +disk / 10000 +disk /var 5% +includeAllDisks 10% + +# Walk the UCD-SNMP-MIB::dskTable to see the resulting output +# Note that this table will be empty if there are no "disk" entries in the snmpd.conf file + + +# +# System Load +# + # Unacceptable 1-, 5-, and 15-minute load averages +load 12 10 5 + +# Walk the UCD-SNMP-MIB::laTable to see the resulting output +# Note that this table *will* be populated, even without a "load" entry in the snmpd.conf file + + + +############################################################################### +# +# ACTIVE MONITORING +# + + # send SNMPv1 traps + trapsink localhost public + # send SNMPv2c traps +#trap2sink localhost public + # send SNMPv2c INFORMs +#informsink localhost public + +# Note that you typically only want *one* of these three lines +# Uncommenting two (or all three) will result in multiple copies of each notification. + + +# +# Event MIB - automatically generate alerts +# + # Remember to activate the 'createUser' lines above +iquerySecName internalUser +rouser internalUser + # generate traps on UCD error conditions +defaultMonitors yes + # generate traps on linkUp/Down +linkUpDownNotifications yes + + + +############################################################################### +# +# EXTENDING THE AGENT +# + +# +# Arbitrary extension commands +# + extend test1 /bin/echo Hello, world! + extend-sh test2 echo Hello, world! ; echo Hi there ; exit 35 +#extend-sh test3 /bin/sh /tmp/shtest + +# Note that this last entry requires the script '/tmp/shtest' to be created first, +# containing the same three shell commands, before the line is uncommented + +# Walk the NET-SNMP-EXTEND-MIB tables (nsExtendConfigTable, nsExtendOutput1Table +# and nsExtendOutput2Table) to see the resulting output + +# Note that the "extend" directive supercedes the previous "exec" and "sh" directives +# However, walking the UCD-SNMP-MIB::extTable should still returns the same output, +# as well as the fuller results in the above tables. + + +# +# "Pass-through" MIB extension command +# +#pass .1.3.6.1.4.1.8072.2.255 /bin/sh PREFIX/local/passtest +#pass .1.3.6.1.4.1.8072.2.255 /usr/bin/perl PREFIX/local/passtest.pl + +# Note that this requires one of the two 'passtest' scripts to be installed first, +# before the appropriate line is uncommented. +# These scripts can be found in the 'local' directory of the source distribution, +# and are not installed automatically. + +# Walk the NET-SNMP-PASS-MIB::netSnmpPassExamples subtree to see the resulting output + + +# +# AgentX Sub-agents +# + # Run as an AgentX master agent + master agentx + # Listen for network connections (from localhost) + # rather than the default named socket /var/agentx/master +#agentXSocket tcp:localhost:705 diff --git a/ssl/rsyslog/.keep_app-admin_rsyslog-0 b/ssl/rsyslog/.keep_app-admin_rsyslog-0 new file mode 100644 index 00000000..e69de29b