From: Frank Brehm Date: Sat, 5 Apr 2014 06:41:09 +0000 (+0200) Subject: Current state X-Git-Url: https://git.uhu-banane.org/?a=commitdiff_plain;h=8ac3f723629ed476f46f2ec569e6daaee79eb050;p=config%2Fbruni%2Fetc.git Current state --- diff --git a/ca-certificates.conf b/ca-certificates.conf index e20b338c..20163d4d 100644 --- a/ca-certificates.conf +++ b/ca-certificates.conf @@ -1,5 +1,5 @@ -# Automatically generated by app-misc/ca-certificates-20130906 -# Fr 14. Mär 20:53:31 UTC 2014 +# Automatically generated by app-misc/ca-certificates-20130906-r1 +# Di 1. Apr 20:52:14 UTC 2014 # Do not edit. cacert.org/cacert.org_class3.crt cacert.org/cacert.org_root.crt diff --git a/config-archive/etc/ssh/sshd_config b/config-archive/etc/ssh/sshd_config index fac258de..75517570 100644 --- a/config-archive/etc/ssh/sshd_config +++ b/config-archive/etc/ssh/sshd_config @@ -27,8 +27,8 @@ # "key type names" for X.509 certificates with RSA key # Note first defined is used in signature operations! -#X509KeyAlgorithm x509v3-sign-rsa,rsa-md5 #X509KeyAlgorithm x509v3-sign-rsa,rsa-sha1 +#X509KeyAlgorithm x509v3-sign-rsa,rsa-md5 # "key type names" for X.509 certificates with DSA key # Note first defined is used in signature operations! @@ -95,6 +95,9 @@ #KeyRegenerationInterval 1h #ServerKeyBits 1024 +# Ciphers and keying +#RekeyLimit default none + # Logging # obsoletes QuietMode and FascistLogging #SyslogFacility AUTH @@ -116,6 +119,11 @@ PermitRootLogin yes # but this is overridden so installations will only check .ssh/authorized_keys #AuthorizedKeysFile .ssh/authorized_keys +#AuthorizedPrincipalsFile none + +#AuthorizedKeysCommand none +#AuthorizedKeysCommandUser nobody + # For this to work you will also need host keys in /etc/ssh/ssh_known_hosts #RhostsRSAAuthentication no # similar for protocol version 2 @@ -166,16 +174,17 @@ PrintMotd no PrintLastLog no #TCPKeepAlive yes #UseLogin no -#UsePrivilegeSeparation yes +UsePrivilegeSeparation sandbox # Default for new installations. #PermitUserEnvironment no #Compression delayed #ClientAliveInterval 0 #ClientAliveCountMax 3 #UseDNS yes #PidFile /var/run/sshd.pid -#MaxStartups 10 +#MaxStartups 10:30:100 #PermitTunnel no #ChrootDirectory none +#VersionAddendum none # no default banner path #Banner none @@ -190,18 +199,21 @@ Subsystem sftp /usr/lib64/misc/sftp-server # tcp receive buffer polling. disable in non autotuning kernels #TcpRcvBufPoll yes -# allow the use of the none cipher -#NoneEnabled no - -# disable hpn performance boosts. +# disable hpn performance boosts #HPNDisabled no # buffer size for hpn to non-hpn connections #HPNBufferSize 2048 +# allow the use of the none cipher +#NoneEnabled no + # Example of overriding settings on a per-user basis #Match User anoncvs # X11Forwarding no # AllowTcpForwarding no # ForceCommand cvs server + +# Allow client to pass locale environment variables #367017 +AcceptEnv LANG LC_* diff --git a/config-archive/etc/ssh/sshd_config.1 b/config-archive/etc/ssh/sshd_config.1 index 176bf48d..fac258de 100644 --- a/config-archive/etc/ssh/sshd_config.1 +++ b/config-archive/etc/ssh/sshd_config.1 @@ -7,7 +7,7 @@ # The strategy used for options in the default sshd_config shipped with # OpenSSH is to specify options with their default value where -# possible, but leave them commented. Uncommented options change a +# possible, but leave them commented. Uncommented options override the # default value. #Port 22 @@ -103,13 +103,17 @@ # Authentication: #LoginGraceTime 2m -PermitRootLogin no +#PermitRootLogin no +PermitRootLogin yes #StrictModes yes #MaxAuthTries 6 #MaxSessions 10 #RSAAuthentication yes #PubkeyAuthentication yes + +# The default is to check both .ssh/authorized_keys and .ssh/authorized_keys2 +# but this is overridden so installations will only check .ssh/authorized_keys #AuthorizedKeysFile .ssh/authorized_keys # For this to work you will also need host keys in /etc/ssh/ssh_known_hosts @@ -139,6 +143,7 @@ PasswordAuthentication no # GSSAPI options #GSSAPIAuthentication no #GSSAPICleanupCredentials yes +#GSSAPIStrictAcceptorCheck yes # Set this to 'yes' to enable PAM authentication, account processing, # and session processing. If this is enabled, PAM authentication will @@ -175,6 +180,9 @@ PrintLastLog no # no default banner path #Banner none +# Allow client to pass locale environment variables +AcceptEnv LANG LC_* + # override default of no subsystems Subsystem sftp /usr/lib64/misc/sftp-server diff --git a/config-archive/etc/ssh/sshd_config.2 b/config-archive/etc/ssh/sshd_config.2 index 9f5583ea..176bf48d 100644 --- a/config-archive/etc/ssh/sshd_config.2 +++ b/config-archive/etc/ssh/sshd_config.2 @@ -1,4 +1,4 @@ -# $OpenBSD: sshd_config,v 1.82 2010/09/06 17:10:19 naddy Exp $ +# $OpenBSD$ # This is the sshd server system-wide configuration file. See # sshd_config(5) for more information. @@ -175,22 +175,6 @@ PrintLastLog no # no default banner path #Banner none -# here are the new patched ldap related tokens -# entries in your LDAP must have posixAccount & ldapPublicKey objectclass -#UseLPK yes -#LpkLdapConf /etc/ldap.conf -#LpkServers ldap://10.1.7.1/ ldap://10.1.7.2/ -#LpkUserDN ou=users,dc=phear,dc=org -#LpkGroupDN ou=groups,dc=phear,dc=org -#LpkBindDN cn=Manager,dc=phear,dc=org -#LpkBindPw secret -#LpkServerGroup mail -#LpkFilter (hostAccess=master.phear.org) -#LpkForceTLS no -#LpkSearchTimelimit 3 -#LpkBindTimelimit 3 -#LpkPubKeyAttr sshPublicKey - # override default of no subsystems Subsystem sftp /usr/lib64/misc/sftp-server diff --git a/config-archive/etc/ssh/sshd_config.3 b/config-archive/etc/ssh/sshd_config.3 index f3c6c252..9f5583ea 100644 --- a/config-archive/etc/ssh/sshd_config.3 +++ b/config-archive/etc/ssh/sshd_config.3 @@ -1,4 +1,4 @@ -# $OpenBSD$ +# $OpenBSD: sshd_config,v 1.82 2010/09/06 17:10:19 naddy Exp $ # This is the sshd server system-wide configuration file. See # sshd_config(5) for more information. @@ -175,8 +175,24 @@ PrintLastLog no # no default banner path #Banner none +# here are the new patched ldap related tokens +# entries in your LDAP must have posixAccount & ldapPublicKey objectclass +#UseLPK yes +#LpkLdapConf /etc/ldap.conf +#LpkServers ldap://10.1.7.1/ ldap://10.1.7.2/ +#LpkUserDN ou=users,dc=phear,dc=org +#LpkGroupDN ou=groups,dc=phear,dc=org +#LpkBindDN cn=Manager,dc=phear,dc=org +#LpkBindPw secret +#LpkServerGroup mail +#LpkFilter (hostAccess=master.phear.org) +#LpkForceTLS no +#LpkSearchTimelimit 3 +#LpkBindTimelimit 3 +#LpkPubKeyAttr sshPublicKey + # override default of no subsystems -Subsystem sftp /usr/lib/misc/sftp-server +Subsystem sftp /usr/lib64/misc/sftp-server # the following are HPN related configuration options # tcp receive buffer polling. disable in non autotuning kernels diff --git a/config-archive/etc/ssh/sshd_config.dist b/config-archive/etc/ssh/sshd_config.dist index e8186236..c76351aa 100644 --- a/config-archive/etc/ssh/sshd_config.dist +++ b/config-archive/etc/ssh/sshd_config.dist @@ -24,6 +24,7 @@ #HostKey /etc/ssh/ssh_host_rsa_key #HostKey /etc/ssh/ssh_host_dsa_key #HostKey /etc/ssh/ssh_host_ecdsa_key +#HostKey /etc/ssh/ssh_host_ed25519_key # "key type names" for X.509 certificates with RSA key # Note first defined is used in signature operations! @@ -151,8 +152,8 @@ PasswordAuthentication no #GSSAPICleanupCredentials yes #GSSAPIStrictAcceptorCheck yes -# Set this to 'yes' to enable PAM authentication, account processing, -# and session processing. If this is enabled, PAM authentication will +# Set this to 'yes' to enable PAM authentication, account processing, +# and session processing. If this is enabled, PAM authentication will # be allowed through the ChallengeResponseAuthentication and # PasswordAuthentication. Depending on your PAM configuration, # PAM authentication via ChallengeResponseAuthentication may bypass @@ -168,6 +169,7 @@ UsePAM yes #X11Forwarding no #X11DisplayOffset 10 #X11UseLocalhost yes +#PermitTTY yes PrintMotd no PrintLastLog no #TCPKeepAlive yes @@ -208,6 +210,7 @@ Subsystem sftp /usr/lib64/misc/sftp-server #Match User anoncvs # X11Forwarding no # AllowTcpForwarding no +# PermitTTY no # ForceCommand cvs server # Allow client to pass locale environment variables #367017 diff --git a/drirc b/drirc index a13941f6..ebc04cd9 100644 --- a/drirc +++ b/drirc @@ -1,29 +1,77 @@ + + - + + + + + + + + + + + + + + diff --git a/group b/group index ee06b050..fd630fe5 100644 --- a/group +++ b/group @@ -72,3 +72,4 @@ qemu:x:77: systemd-journal:x:984: colord:x:983: geoclue:x:982: +samba:x:981: diff --git a/group- b/group- index f429f411..ee06b050 100644 --- a/group- +++ b/group- @@ -71,3 +71,4 @@ kvm:x:78:qemu qemu:x:77: systemd-journal:x:984: colord:x:983: +geoclue:x:982: diff --git a/gshadow b/gshadow index c0095c26..214156e3 100644 --- a/gshadow +++ b/gshadow @@ -70,3 +70,4 @@ qemu:!:: systemd-journal:!:: colord:!:: geoclue:!:: +samba:!:: diff --git a/gshadow- b/gshadow- index a372a8d7..c0095c26 100644 --- a/gshadow- +++ b/gshadow- @@ -69,3 +69,4 @@ kvm:!::qemu qemu:!:: systemd-journal:!:: colord:!:: +geoclue:!:: diff --git a/init.d/samba b/init.d/samba index 779ec09b..96bb94ec 100755 --- a/init.d/samba +++ b/init.d/samba @@ -1,9 +1,10 @@ #!/sbin/runscript -# Copyright 1999-2011 Gentoo Foundation +# Copyright 1999-2014 Gentoo Foundation # Distributed under the terms of the GNU General Public License, v2 or later -# $Header: /var/cvsroot/gentoo-x86/net-fs/samba/files/3.6/samba.initd,v 1.3 2011/09/14 22:52:33 polynomial-c Exp $ +# $Header: /var/cvsroot/gentoo-x86/net-fs/samba/files/3.6/samba.initd,v 1.4 2014/03/14 09:30:41 polynomial-c Exp $ extra_started_commands="reload" +piddir="/var/run/samba" depend() { after slapd @@ -34,7 +35,7 @@ signal_do() { } mkdir_sambadirs() { - [ -d /var/run/samba ] || mkdir -p /var/run/samba + [ -d "${piddir}" ] || mkdir -p ${piddir} } start() { diff --git a/portage/package.keywords b/portage/package.keywords index ce687b6d..bacc7fef 100644 --- a/portage/package.keywords +++ b/portage/package.keywords @@ -7,7 +7,9 @@ # ~app-admin/openrc-settingsd-1.0.1 ~app-arch/mate-file-archiver-1.6.0 +~app-arch/mate-file-archiver-1.6.1 +~app-editors/mate-text-editor-1.6.2 ~app-editors/mate-text-editor-1.6.2 ~app-emulation/emul-linux-x86-baselibs-20120520 @@ -29,6 +31,7 @@ app-emulation/virtualbox-modules ~app-misc/g15mpd-1.0.0 ~app-text/mate-document-viewer-1.6.1 +~app-text/mate-document-viewer-1.6.2 ~app-text/mate-doc-utils-1.6.2 ~dev-db/virtuoso-odbc-6.1.4 @@ -48,9 +51,12 @@ app-emulation/virtualbox-modules # ~dev-libs/folks-0.8.0 # ~dev-libs/gjs-1.34.0 ~dev-libs/icu-51.1 -# ~dev-libs/libzeitgeist-0.3.18 +~dev-libs/libappindicator-12.10.0 +~dev-libs/libdbusmenu-12.10.2 ~dev-libs/libgcrypt-1.5.0 +~dev-libs/libindicator-12.10.1 ~dev-libs/libmateweather-1.6.2 +# ~dev-libs/libzeitgeist-0.3.18 ~dev-libs/nspr-4.9.1 ~dev-libs/nspr-4.9.6 ~dev-libs/nspr-4.10 @@ -126,12 +132,18 @@ mail-client/thunderbird ~mate-base/mate-settings-daemon-1.6.2 ~mate-extra/mate-calc-1.6.0 +~mate-extra/mate-calc-1.6.1 ~mate-extra/mate-character-map-1.6.0 ~mate-extra/mate-dialogs-1.6.2 +~mate-extra/mate-file-manager-image-converter-1.6.0 +~mate-extra/mate-file-manager-open-terminal-1.6.0 +~mate-extra/mate-file-manager-sendto-1.6.0 +~mate-extra/mate-file-manager-share-1.6.0 ~mate-extra/mate-media-1.6.1 ~mate-extra/mate-polkit-1.6.1 ~mate-extra/mate-power-manager-1.6.3 ~mate-extra/mate-screensaver-1.6.1 +~mate-extra/mate-sensors-applet-1.6.1 ~mate-extra/mate-system-monitor-1.6.1 ~mate-extra/mate-utils-1.6.1 diff --git a/ssh/sshd_config b/ssh/sshd_config index 75517570..7bbd37f7 100644 --- a/ssh/sshd_config +++ b/ssh/sshd_config @@ -24,6 +24,7 @@ #HostKey /etc/ssh/ssh_host_rsa_key #HostKey /etc/ssh/ssh_host_dsa_key #HostKey /etc/ssh/ssh_host_ecdsa_key +#HostKey /etc/ssh/ssh_host_ed25519_key # "key type names" for X.509 certificates with RSA key # Note first defined is used in signature operations! @@ -153,8 +154,8 @@ PasswordAuthentication no #GSSAPICleanupCredentials yes #GSSAPIStrictAcceptorCheck yes -# Set this to 'yes' to enable PAM authentication, account processing, -# and session processing. If this is enabled, PAM authentication will +# Set this to 'yes' to enable PAM authentication, account processing, +# and session processing. If this is enabled, PAM authentication will # be allowed through the ChallengeResponseAuthentication and # PasswordAuthentication. Depending on your PAM configuration, # PAM authentication via ChallengeResponseAuthentication may bypass @@ -170,6 +171,7 @@ UsePAM yes X11Forwarding yes #X11DisplayOffset 10 #X11UseLocalhost yes +#PermitTTY yes PrintMotd no PrintLastLog no #TCPKeepAlive yes @@ -213,6 +215,7 @@ Subsystem sftp /usr/lib64/misc/sftp-server #Match User anoncvs # X11Forwarding no # AllowTcpForwarding no +# PermitTTY no # ForceCommand cvs server # Allow client to pass locale environment variables #367017 diff --git a/udev/hwdb.bin b/udev/hwdb.bin index fab0c348..c7be4096 100644 Binary files a/udev/hwdb.bin and b/udev/hwdb.bin differ