From: Frank Brehm Date: Fri, 17 Jun 2016 01:10:05 +0000 (+0200) Subject: daily autocommit X-Git-Url: https://git.uhu-banane.org/?a=commitdiff_plain;h=c6aea2cf210f94c03a216c476f84afbde8e435ba;p=config%2Fbruni%2Fetc.git daily autocommit --- diff --git a/config-archive/etc/cups/cupsd.conf b/config-archive/etc/cups/cupsd.conf index e91ae0fa..07df1c0d 100644 --- a/config-archive/etc/cups/cupsd.conf +++ b/config-archive/etc/cups/cupsd.conf @@ -1,13 +1,12 @@ # -# "$Id: cupsd.conf.in 11025 2013-06-07 01:00:33Z msweet $" -# -# Sample configuration file for the CUPS scheduler. See "man cupsd.conf" for a +# Configuration file for the CUPS scheduler. See "man cupsd.conf" for a # complete description of this file. # # Log general information in error_log - change "warn" to "debug" # for troubleshooting... LogLevel warn +PageLogFormat # Only listen for connections from the local machine. Listen localhost:631 @@ -132,7 +131,3 @@ WebInterface Yes Order deny,allow - -# -# End of "$Id: cupsd.conf.in 11025 2013-06-07 01:00:33Z msweet $". -# diff --git a/config-archive/etc/cups/cupsd.conf.1 b/config-archive/etc/cups/cupsd.conf.1 index 6eb9901d..e91ae0fa 100644 --- a/config-archive/etc/cups/cupsd.conf.1 +++ b/config-archive/etc/cups/cupsd.conf.1 @@ -1,87 +1,138 @@ -# Show general information in error_log. +# +# "$Id: cupsd.conf.in 11025 2013-06-07 01:00:33Z msweet $" +# +# Sample configuration file for the CUPS scheduler. See "man cupsd.conf" for a +# complete description of this file. +# + +# Log general information in error_log - change "warn" to "debug" +# for troubleshooting... LogLevel warn + +# Only listen for connections from the local machine. Listen localhost:631 Listen 10.12.11.2:631 Listen /var/run/cups/cups.sock Browsing On BrowseLocalProtocols CUPS dnssd +#BrowseLocalProtocols dnssd + +# Default authentication type, when authentication is required... DefaultAuthType Basic + +# Web interface setting... WebInterface Yes + +# Restrict access to the server... Order allow,deny Allow @LOCAL + +# Restrict access to the admin pages... Encryption Required Order allow,deny Allow @LOCAL + +# Restrict access to configuration files... AuthType Default Require user @SYSTEM Order allow,deny Allow @LOCAL + +# Set the default printer/job policies... + # Job/subscription privacy... JobPrivateAccess default JobPrivateValues default SubscriptionPrivateAccess default SubscriptionPrivateValues default + + # Job-related operations must be done by the owner or an administrator... Order deny,allow + Require user @OWNER @SYSTEM Order deny,allow + + # All administration operations require an administrator to authenticate... AuthType Default Require user @SYSTEM Order deny,allow + + # All printer operations require a printer operator to authenticate... AuthType Default Require user @SYSTEM Order deny,allow + + # Only the owner or an administrator can cancel or authenticate a job... Require user @OWNER @SYSTEM Order deny,allow + Order deny,allow + +# Set the authenticated printer/job policies... + # Job/subscription privacy... JobPrivateAccess default JobPrivateValues default SubscriptionPrivateAccess default SubscriptionPrivateValues default + + # Job-related operations must be done by the owner or an administrator... AuthType Default Order deny,allow + AuthType Default Require user @OWNER @SYSTEM Order deny,allow + + # All administration operations require an administrator to authenticate... AuthType Default Require user @SYSTEM Order deny,allow + + # All printer operations require a printer operator to authenticate... AuthType Default Require user @SYSTEM Order deny,allow + + # Only the owner or an administrator can cancel or authenticate a job... AuthType Default Require user @OWNER @SYSTEM Order deny,allow + Order deny,allow + +# +# End of "$Id: cupsd.conf.in 11025 2013-06-07 01:00:33Z msweet $". +# diff --git a/config-archive/etc/cups/cupsd.conf.2 b/config-archive/etc/cups/cupsd.conf.2 index b03f1ffa..6eb9901d 100644 --- a/config-archive/etc/cups/cupsd.conf.2 +++ b/config-archive/etc/cups/cupsd.conf.2 @@ -1,151 +1,87 @@ -# -# "$Id: cupsd.conf.in 10710 2012-11-26 18:26:01Z mike $" -# -# Sample configuration file for the CUPS scheduler. See "man cupsd.conf" for a -# complete description of this file. -# - -# Log general information in error_log - change "warn" to "debug" -# for troubleshooting... -LogLevel debug - -# Administrator user group... -SystemGroup lpadmin - - -# Only listen for connections from the local machine. +# Show general information in error_log. +LogLevel warn Listen localhost:631 Listen 10.12.11.2:631 -# Port 631 Listen /var/run/cups/cups.sock -AccessLog /var/log/cups/access.log -ErrorLog /var/log/cups/error.log -PageLog /var/log/cups/page.log -# Show shared printers on the local network. Browsing On -# We switch this off by default in Gentoo, to avoid an unnecessary open port. -#Browsing Off -BrowseOrder allow,deny -BrowseAllow all -# BrowseLocalProtocols CUPS BrowseLocalProtocols CUPS dnssd - -# Default authentication type, when authentication is required... DefaultAuthType Basic - -# Web interface setting... WebInterface Yes - -# Restrict access to the server... Order allow,deny Allow @LOCAL - -# Restrict access to the admin pages... Encryption Required Order allow,deny Allow @LOCAL - -# Restrict access to configuration files... AuthType Default Require user @SYSTEM Order allow,deny Allow @LOCAL - -# Set the default printer/job policies... - # Job/subscription privacy... JobPrivateAccess default JobPrivateValues default SubscriptionPrivateAccess default SubscriptionPrivateValues default - - # Job-related operations must be done by the owner or an administrator... Order deny,allow - Require user @OWNER @SYSTEM Order deny,allow - - # All administration operations require an administrator to authenticate... AuthType Default Require user @SYSTEM Order deny,allow - - # All printer operations require a printer operator to authenticate... AuthType Default Require user @SYSTEM Order deny,allow - - # Only the owner or an administrator can cancel or authenticate a job... Require user @OWNER @SYSTEM Order deny,allow - Order deny,allow - -# Set the authenticated printer/job policies... - # Job/subscription privacy... JobPrivateAccess default JobPrivateValues default SubscriptionPrivateAccess default SubscriptionPrivateValues default - - # Job-related operations must be done by the owner or an administrator... AuthType Default Order deny,allow - AuthType Default Require user @OWNER @SYSTEM Order deny,allow - - # All administration operations require an administrator to authenticate... AuthType Default Require user @SYSTEM Order deny,allow - - # All printer operations require a printer operator to authenticate... AuthType Default Require user @SYSTEM Order deny,allow - - # Only the owner or an administrator can cancel or authenticate a job... AuthType Default Require user @OWNER @SYSTEM Order deny,allow - Order deny,allow - -# -# End of "$Id: cupsd.conf.in 10710 2012-11-26 18:26:01Z mike $". -# diff --git a/config-archive/etc/cups/cupsd.conf.3 b/config-archive/etc/cups/cupsd.conf.3 index e460ebec..b03f1ffa 100644 --- a/config-archive/etc/cups/cupsd.conf.3 +++ b/config-archive/etc/cups/cupsd.conf.3 @@ -1,5 +1,5 @@ # -# "$Id: cupsd.conf.in 9407 2010-12-09 21:24:51Z mike $" +# "$Id: cupsd.conf.in 10710 2012-11-26 18:26:01Z mike $" # # Sample configuration file for the CUPS scheduler. See "man cupsd.conf" for a # complete description of this file. @@ -7,7 +7,7 @@ # Log general information in error_log - change "warn" to "debug" # for troubleshooting... -LogLevel info +LogLevel debug # Administrator user group... SystemGroup lpadmin @@ -147,5 +147,5 @@ WebInterface Yes # -# End of "$Id: cupsd.conf.in 9407 2010-12-09 21:24:51Z mike $". +# End of "$Id: cupsd.conf.in 10710 2012-11-26 18:26:01Z mike $". # diff --git a/config-archive/etc/cups/cupsd.conf.4 b/config-archive/etc/cups/cupsd.conf.4 index 936099fc..e460ebec 100644 --- a/config-archive/etc/cups/cupsd.conf.4 +++ b/config-archive/etc/cups/cupsd.conf.4 @@ -1,5 +1,5 @@ # -# "$Id: cupsd.conf.in 9310 2010-09-21 22:34:57Z mike $" +# "$Id: cupsd.conf.in 9407 2010-12-09 21:24:51Z mike $" # # Sample configuration file for the CUPS scheduler. See "man cupsd.conf" for a # complete description of this file. @@ -23,16 +23,21 @@ ErrorLog /var/log/cups/error.log PageLog /var/log/cups/page.log # Show shared printers on the local network. Browsing On +# We switch this off by default in Gentoo, to avoid an unnecessary open port. +#Browsing Off BrowseOrder allow,deny BrowseAllow all -BrowseLocalProtocols CUPS +# BrowseLocalProtocols CUPS +BrowseLocalProtocols CUPS dnssd # Default authentication type, when authentication is required... DefaultAuthType Basic +# Web interface setting... +WebInterface Yes + # Restrict access to the server... - # Allow remote administration... Order allow,deny Allow @LOCAL @@ -54,12 +59,18 @@ DefaultAuthType Basic # Set the default printer/job policies... + # Job/subscription privacy... + JobPrivateAccess default + JobPrivateValues default + SubscriptionPrivateAccess default + SubscriptionPrivateValues default + # Job-related operations must be done by the owner or an administrator... Order deny,allow - + Require user @OWNER @SYSTEM Order deny,allow @@ -72,7 +83,7 @@ DefaultAuthType Basic # All printer operations require a printer operator to authenticate... - + AuthType Default Require user @SYSTEM Order deny,allow @@ -91,13 +102,19 @@ DefaultAuthType Basic # Set the authenticated printer/job policies... + # Job/subscription privacy... + JobPrivateAccess default + JobPrivateValues default + SubscriptionPrivateAccess default + SubscriptionPrivateValues default + # Job-related operations must be done by the owner or an administrator... AuthType Default Order deny,allow - + AuthType Default Require user @OWNER @SYSTEM Order deny,allow @@ -111,7 +128,7 @@ DefaultAuthType Basic # All printer operations require a printer operator to authenticate... - + AuthType Default Require user @SYSTEM Order deny,allow @@ -130,5 +147,5 @@ DefaultAuthType Basic # -# End of "$Id: cupsd.conf.in 9310 2010-09-21 22:34:57Z mike $". +# End of "$Id: cupsd.conf.in 9407 2010-12-09 21:24:51Z mike $". # diff --git a/config-archive/etc/cups/cupsd.conf.5 b/config-archive/etc/cups/cupsd.conf.5 new file mode 100644 index 00000000..936099fc --- /dev/null +++ b/config-archive/etc/cups/cupsd.conf.5 @@ -0,0 +1,134 @@ +# +# "$Id: cupsd.conf.in 9310 2010-09-21 22:34:57Z mike $" +# +# Sample configuration file for the CUPS scheduler. See "man cupsd.conf" for a +# complete description of this file. +# + +# Log general information in error_log - change "warn" to "debug" +# for troubleshooting... +LogLevel info + +# Administrator user group... +SystemGroup lpadmin + + +# Only listen for connections from the local machine. +Listen localhost:631 +Listen 10.12.11.2:631 +# Port 631 +Listen /var/run/cups/cups.sock +AccessLog /var/log/cups/access.log +ErrorLog /var/log/cups/error.log +PageLog /var/log/cups/page.log +# Show shared printers on the local network. +Browsing On +BrowseOrder allow,deny +BrowseAllow all +BrowseLocalProtocols CUPS + +# Default authentication type, when authentication is required... +DefaultAuthType Basic + +# Restrict access to the server... + + # Allow remote administration... + Order allow,deny + Allow @LOCAL + + +# Restrict access to the admin pages... + + Encryption Required + Order allow,deny + Allow @LOCAL + + +# Restrict access to configuration files... + + AuthType Default + Require user @SYSTEM + Order allow,deny + Allow @LOCAL + + +# Set the default printer/job policies... + + # Job-related operations must be done by the owner or an administrator... + + Order deny,allow + + + + Require user @OWNER @SYSTEM + Order deny,allow + + + # All administration operations require an administrator to authenticate... + + AuthType Default + Require user @SYSTEM + Order deny,allow + + + # All printer operations require a printer operator to authenticate... + + AuthType Default + Require user @SYSTEM + Order deny,allow + + + # Only the owner or an administrator can cancel or authenticate a job... + + Require user @OWNER @SYSTEM + Order deny,allow + + + + Order deny,allow + + + +# Set the authenticated printer/job policies... + + # Job-related operations must be done by the owner or an administrator... + + AuthType Default + Order deny,allow + + + + AuthType Default + Require user @OWNER @SYSTEM + Order deny,allow + + + # All administration operations require an administrator to authenticate... + + AuthType Default + Require user @SYSTEM + Order deny,allow + + + # All printer operations require a printer operator to authenticate... + + AuthType Default + Require user @SYSTEM + Order deny,allow + + + # Only the owner or an administrator can cancel or authenticate a job... + + AuthType Default + Require user @OWNER @SYSTEM + Order deny,allow + + + + Order deny,allow + + + +# +# End of "$Id: cupsd.conf.in 9310 2010-09-21 22:34:57Z mike $". +# diff --git a/config-archive/etc/cups/cupsd.conf.dist b/config-archive/etc/cups/cupsd.conf.dist index e4282156..c1c57701 100644 --- a/config-archive/etc/cups/cupsd.conf.dist +++ b/config-archive/etc/cups/cupsd.conf.dist @@ -39,6 +39,13 @@ WebInterface Yes Order allow,deny +# Restrict access to log files... + + AuthType Default + Require user @SYSTEM + Order allow,deny + + # Set the default printer/job policies... # Job/subscription privacy... diff --git a/config-archive/etc/inittab b/config-archive/etc/inittab index fe9bd62d..ab61c630 100644 --- a/config-archive/etc/inittab +++ b/config-archive/etc/inittab @@ -9,7 +9,7 @@ # Modified by: Mike Frysinger, # Modified by: Robin H. Johnson, # -# $Header: /var/cvsroot/gentoo-x86/sys-apps/sysvinit/files/inittab-2.87,v 1.1 2010/01/08 16:55:07 williamh Exp $ +# $Header: /var/cvsroot/gentoo-x86/sys-apps/sysvinit/files/inittab-2.87,v 1.2 2013/04/20 03:51:26 vapier Exp $ # Default runlevel. id:3:initdefault: @@ -44,8 +44,8 @@ c5:2345:respawn:/sbin/agetty 38400 tty5 linux c6:2345:respawn:/sbin/agetty 38400 tty6 linux # SERIAL CONSOLES -#s0:12345:respawn:/sbin/agetty 9600 ttyS0 vt100 -#s1:12345:respawn:/sbin/agetty 9600 ttyS1 vt100 +#s0:12345:respawn:/sbin/agetty -L 115200 ttyS0 vt100 +#s1:12345:respawn:/sbin/agetty -L 115200 ttyS1 vt100 # What to do at the "Three Finger Salute". ca:12345:ctrlaltdel:/sbin/shutdown -r now @@ -56,4 +56,3 @@ ca:12345:ctrlaltdel:/sbin/shutdown -r now # extra at boot if /etc/init.d/xdm is not added # to the "default" runlevel. x:a:once:/etc/X11/startDM.sh - diff --git a/config-archive/etc/inittab.1 b/config-archive/etc/inittab.1 new file mode 100644 index 00000000..fe9bd62d --- /dev/null +++ b/config-archive/etc/inittab.1 @@ -0,0 +1,59 @@ +# +# /etc/inittab: This file describes how the INIT process should set up +# the system in a certain run-level. +# +# Author: Miquel van Smoorenburg, +# Modified by: Patrick J. Volkerding, +# Modified by: Daniel Robbins, +# Modified by: Martin Schlemmer, +# Modified by: Mike Frysinger, +# Modified by: Robin H. Johnson, +# +# $Header: /var/cvsroot/gentoo-x86/sys-apps/sysvinit/files/inittab-2.87,v 1.1 2010/01/08 16:55:07 williamh Exp $ + +# Default runlevel. +id:3:initdefault: + +# System initialization, mount local filesystems, etc. +si::sysinit:/sbin/rc sysinit + +# Further system initialization, brings up the boot runlevel. +rc::bootwait:/sbin/rc boot + +l0:0:wait:/sbin/rc shutdown +l0s:0:wait:/sbin/halt -dhp +l1:1:wait:/sbin/rc single +l2:2:wait:/sbin/rc nonetwork +l3:3:wait:/sbin/rc default +l4:4:wait:/sbin/rc default +l5:5:wait:/sbin/rc default +l6:6:wait:/sbin/rc reboot +l6r:6:wait:/sbin/reboot -dk +#z6:6:respawn:/sbin/sulogin + +# new-style single-user +su0:S:wait:/sbin/rc single +su1:S:wait:/sbin/sulogin + +# TERMINALS +c1:12345:respawn:/sbin/agetty --noclear 38400 tty1 linux +c2:2345:respawn:/sbin/agetty 38400 tty2 linux +c3:2345:respawn:/sbin/agetty 38400 tty3 linux +c4:2345:respawn:/sbin/agetty 38400 tty4 linux +c5:2345:respawn:/sbin/agetty 38400 tty5 linux +c6:2345:respawn:/sbin/agetty 38400 tty6 linux + +# SERIAL CONSOLES +#s0:12345:respawn:/sbin/agetty 9600 ttyS0 vt100 +#s1:12345:respawn:/sbin/agetty 9600 ttyS1 vt100 + +# What to do at the "Three Finger Salute". +ca:12345:ctrlaltdel:/sbin/shutdown -r now + +# Used by /etc/init.d/xdm to control DM startup. +# Read the comments in /etc/init.d/xdm for more +# info. Do NOT remove, as this will start nothing +# extra at boot if /etc/init.d/xdm is not added +# to the "default" runlevel. +x:a:once:/etc/X11/startDM.sh + diff --git a/config-archive/etc/inittab.dist b/config-archive/etc/inittab.dist index aa588b6a..689bbc47 100644 --- a/config-archive/etc/inittab.dist +++ b/config-archive/etc/inittab.dist @@ -8,34 +8,36 @@ # Modified by: Martin Schlemmer, # Modified by: Mike Frysinger, # Modified by: Robin H. Johnson, +# Modified by: William Hubbs, # -# $Header: /var/cvsroot/gentoo-x86/sys-apps/sysvinit/files/inittab-2.87,v 1.2 2013/04/20 03:51:26 vapier Exp $ +# $Id$ # Default runlevel. id:3:initdefault: # System initialization, mount local filesystems, etc. -si::sysinit:/sbin/rc sysinit +si::sysinit:/sbin/openrc sysinit # Further system initialization, brings up the boot runlevel. -rc::bootwait:/sbin/rc boot - -l0:0:wait:/sbin/rc shutdown -l0s:0:wait:/sbin/halt -dhp -l1:1:wait:/sbin/rc single -l2:2:wait:/sbin/rc nonetwork -l3:3:wait:/sbin/rc default -l4:4:wait:/sbin/rc default -l5:5:wait:/sbin/rc default -l6:6:wait:/sbin/rc reboot -l6r:6:wait:/sbin/reboot -dk +rc::bootwait:/sbin/openrc boot + +l0:0:wait:/sbin/openrc shutdown +l0s:0:wait:/sbin/halt -dhnp +l1:1:wait:/sbin/openrc single +l2:2:wait:/sbin/openrc nonetwork +l3:3:wait:/sbin/openrc default +l4:4:wait:/sbin/openrc default +l5:5:wait:/sbin/openrc default +l6:6:wait:/sbin/openrc reboot +l6r:6:wait:/sbin/reboot -dkn #z6:6:respawn:/sbin/sulogin # new-style single-user -su0:S:wait:/sbin/rc single +su0:S:wait:/sbin/openrc single su1:S:wait:/sbin/sulogin # TERMINALS +#x1:12345:respawn:/sbin/agetty 38400 console linux c1:12345:respawn:/sbin/agetty 38400 tty1 linux c2:2345:respawn:/sbin/agetty 38400 tty2 linux c3:2345:respawn:/sbin/agetty 38400 tty3 linux diff --git a/config-archive/etc/libvirt/libvirtd.conf b/config-archive/etc/libvirt/libvirtd.conf index f0611c98..1e8367f4 100644 --- a/config-archive/etc/libvirt/libvirtd.conf +++ b/config-archive/etc/libvirt/libvirtd.conf @@ -347,10 +347,16 @@ log_level = 2 # The format for a filter is one of: # x:name # x:+name -# where name is a string which is matched against source file name, -# e.g., "remote", "qemu", or "util/json", the optional "+" prefix -# tells libvirt to log stack trace for each message matching name, -# and x is the minimal level where matching messages should be logged: + +# where name is a string which is matched against the category +# given in the VIR_LOG_INIT() at the top of each libvirt source +# file, e.g., "remote", "qemu", or "util.json" (the name in the +# filter can be a substring of the full category name, in order +# to match multiple similar categories), the optional "+" prefix +# tells libvirt to log stack trace for each message matching +# name, and x is the minimal level where matching messages should +# be logged: + # 1: DEBUG # 2: INFO # 3: WARNING diff --git a/config-archive/etc/libvirt/libvirtd.conf.1 b/config-archive/etc/libvirt/libvirtd.conf.1 index 3fd232d1..f0611c98 100644 --- a/config-archive/etc/libvirt/libvirtd.conf.1 +++ b/config-archive/etc/libvirt/libvirtd.conf.1 @@ -445,14 +445,15 @@ host_uuid = "56a41aab-92b8-4840-b9ef-39a41c8d6b01" # #keepalive_interval = 5 #keepalive_count = 5 + # -# If set to 1, libvirtd will refuse to talk to clients that do not -# support keepalive protocol. Defaults to 0. +# These configuration options are no longer used. There is no way to +# restrict such clients from connecting since they first need to +# connect in order to ask for keepalive. # #keepalive_required = 1 +#admin_keepalive_required = 1 # Keepalive settings for the admin interface #admin_keepalive_interval = 5 #admin_keepalive_count = 5 -# -#admin_keepalive_required = 1 diff --git a/config-archive/etc/libvirt/libvirtd.conf.2 b/config-archive/etc/libvirt/libvirtd.conf.2 index a0f0bb4b..3fd232d1 100644 --- a/config-archive/etc/libvirt/libvirtd.conf.2 +++ b/config-archive/etc/libvirt/libvirtd.conf.2 @@ -107,9 +107,17 @@ unix_sock_group = "libvirt" # control, then you may want to relax this too. #unix_sock_rw_perms = "0770" +# Set the UNIX socket permissions for the admin interface socket. +# +# Default allows only owner (root), do not change it unless you are +# sure to whom you are exposing the access to. +#unix_sock_admin_perms = "0700" + # Set the name of the directory in which sockets will be found/created. #unix_sock_dir = "/var/run/libvirt" + + ################################################################# # # Authentication. @@ -310,6 +318,16 @@ auth_unix_rw = "polkit" # and max_workers parameter #max_client_requests = 5 +# Same processing controls, but this time for the admin interface. +# For description of each option, be so kind to scroll few lines +# upwards. + +#admin_min_workers = 1 +#admin_max_workers = 5 +#admin_max_clients = 5 +#admin_max_queued_clients = 5 +#admin_max_client_requests = 5 + ################################################################# # # Logging controls @@ -432,3 +450,9 @@ host_uuid = "56a41aab-92b8-4840-b9ef-39a41c8d6b01" # support keepalive protocol. Defaults to 0. # #keepalive_required = 1 + +# Keepalive settings for the admin interface +#admin_keepalive_interval = 5 +#admin_keepalive_count = 5 +# +#admin_keepalive_required = 1 diff --git a/config-archive/etc/libvirt/libvirtd.conf.3 b/config-archive/etc/libvirt/libvirtd.conf.3 new file mode 100644 index 00000000..a0f0bb4b --- /dev/null +++ b/config-archive/etc/libvirt/libvirtd.conf.3 @@ -0,0 +1,434 @@ +# Master libvirt daemon configuration file +# +# For further information consult http://libvirt.org/format.html +# +# NOTE: the tests/daemon-conf regression test script requires +# that each "PARAMETER = VALUE" line in this file have the parameter +# name just after a leading "#". + +################################################################# +# +# Network connectivity controls +# + +# Flag listening for secure TLS connections on the public TCP/IP port. +# NB, must pass the --listen flag to the libvirtd process for this to +# have any effect. +# +# It is necessary to setup a CA and issue server certificates before +# using this capability. +# +# This is enabled by default, uncomment this to disable it +#listen_tls = 0 + +# Listen for unencrypted TCP connections on the public TCP/IP port. +# NB, must pass the --listen flag to the libvirtd process for this to +# have any effect. +# +# Using the TCP socket requires SASL authentication by default. Only +# SASL mechanisms which support data encryption are allowed. This is +# DIGEST_MD5 and GSSAPI (Kerberos5) +# +# This is disabled by default, uncomment this to enable it. +listen_tcp = 1 + + + +# Override the port for accepting secure TLS connections +# This can be a port number, or service name +# +#tls_port = "16514" + +# Override the port for accepting insecure TCP connections +# This can be a port number, or service name +# +tcp_port = "1611" + + +# Override the default configuration which binds to all network +# interfaces. This can be a numeric IPv4/6 address, or hostname +# +# If the libvirtd service is started in parallel with network +# startup (e.g. with systemd), binding to addresses other than +# the wildcards (0.0.0.0/::) might not be available yet. +# +#listen_addr = "192.168.0.1" +listen_addr = "127.0.0.1" + + +# Flag toggling mDNS advertizement of the libvirt service. +# +# Alternatively can disable for all services on a host by +# stopping the Avahi daemon +# +# This is disabled by default, uncomment this to enable it +#mdns_adv = 1 + +# Override the default mDNS advertizement name. This must be +# unique on the immediate broadcast network. +# +# The default is "Virtualization Host HOSTNAME", where HOSTNAME +# is substituted for the short hostname of the machine (without domain) +# +#mdns_name = "Virtualization Host Joe Demo" + + +################################################################# +# +# UNIX socket access controls +# + +# Beware that if you are changing *any* of these options, and you use +# socket activation with systemd, you need to adjust the settings in +# the libvirtd.socket file as well since it could impose a security +# risk if you rely on file permission checking only. + +# Set the UNIX domain socket group ownership. This can be used to +# allow a 'trusted' set of users access to management capabilities +# without becoming root. +# +# This is restricted to 'root' by default. +unix_sock_group = "libvirt" + +# Set the UNIX socket permissions for the R/O socket. This is used +# for monitoring VM status only +# +# Default allows any user. If setting group ownership, you may want to +# restrict this too. +#unix_sock_ro_perms = "0777" + +# Set the UNIX socket permissions for the R/W socket. This is used +# for full management of VMs +# +# Default allows only root. If PolicyKit is enabled on the socket, +# the default will change to allow everyone (eg, 0777) +# +# If not using PolicyKit and setting group ownership for access +# control, then you may want to relax this too. +#unix_sock_rw_perms = "0770" + +# Set the name of the directory in which sockets will be found/created. +#unix_sock_dir = "/var/run/libvirt" + +################################################################# +# +# Authentication. +# +# - none: do not perform auth checks. If you can connect to the +# socket you are allowed. This is suitable if there are +# restrictions on connecting to the socket (eg, UNIX +# socket permissions), or if there is a lower layer in +# the network providing auth (eg, TLS/x509 certificates) +# +# - sasl: use SASL infrastructure. The actual auth scheme is then +# controlled from /etc/sasl2/libvirt.conf. For the TCP +# socket only GSSAPI & DIGEST-MD5 mechanisms will be used. +# For non-TCP or TLS sockets, any scheme is allowed. +# +# - polkit: use PolicyKit to authenticate. This is only suitable +# for use on the UNIX sockets. The default policy will +# require a user to supply their own password to gain +# full read/write access (aka sudo like), while anyone +# is allowed read/only access. +# +# Set an authentication scheme for UNIX read-only sockets +# By default socket permissions allow anyone to connect +# +# To restrict monitoring of domains you may wish to enable +# an authentication mechanism here +#auth_unix_ro = "none" + +# Set an authentication scheme for UNIX read-write sockets +# By default socket permissions only allow root. If PolicyKit +# support was compiled into libvirt, the default will be to +# use 'polkit' auth. +# +# If the unix_sock_rw_perms are changed you may wish to enable +# an authentication mechanism here +#auth_unix_rw = "none" +auth_unix_rw = "polkit" +#auth_unix_rw = "sasl" + +# Change the authentication scheme for TCP sockets. +# +# If you don't enable SASL, then all TCP traffic is cleartext. +# Don't do this outside of a dev/test scenario. For real world +# use, always enable SASL and use the GSSAPI or DIGEST-MD5 +# mechanism in /etc/sasl2/libvirt.conf +#auth_tcp = "sasl" + +# Change the authentication scheme for TLS sockets. +# +# TLS sockets already have encryption provided by the TLS +# layer, and limited authentication is done by certificates +# +# It is possible to make use of any SASL authentication +# mechanism as well, by using 'sasl' for this option +#auth_tls = "none" + + +# Change the API access control scheme +# +# By default an authenticated user is allowed access +# to all APIs. Access drivers can place restrictions +# on this. By default the 'nop' driver is enabled, +# meaning no access control checks are done once a +# client has authenticated with libvirtd +# +#access_drivers = [ "polkit" ] + +################################################################# +# +# TLS x509 certificate configuration +# + + +# Override the default server key file path +# +#key_file = "/etc/pki/libvirt/private/serverkey.pem" + +# Override the default server certificate file path +# +#cert_file = "/etc/pki/libvirt/servercert.pem" + +# Override the default CA certificate path +# +#ca_file = "/etc/pki/CA/cacert.pem" + +# Specify a certificate revocation list. +# +# Defaults to not using a CRL, uncomment to enable it +#crl_file = "/etc/pki/CA/crl.pem" + + + +################################################################# +# +# Authorization controls +# + + +# Flag to disable verification of our own server certificates +# +# When libvirtd starts it performs some sanity checks against +# its own certificates. +# +# Default is to always run sanity checks. Uncommenting this +# will disable sanity checks which is not a good idea +#tls_no_sanity_certificate = 1 + +# Flag to disable verification of client certificates +# +# Client certificate verification is the primary authentication mechanism. +# Any client which does not present a certificate signed by the CA +# will be rejected. +# +# Default is to always verify. Uncommenting this will disable +# verification - make sure an IP whitelist is set +#tls_no_verify_certificate = 1 + + +# A whitelist of allowed x509 Distinguished Names +# This list may contain wildcards such as +# +# "C=GB,ST=London,L=London,O=Red Hat,CN=*" +# +# See the POSIX fnmatch function for the format of the wildcards. +# +# NB If this is an empty list, no client can connect, so comment out +# entirely rather than using empty list to disable these checks +# +# By default, no DN's are checked +#tls_allowed_dn_list = ["DN1", "DN2"] + + +# A whitelist of allowed SASL usernames. The format for usernames +# depends on the SASL authentication mechanism. Kerberos usernames +# look like username@REALM +# +# This list may contain wildcards such as +# +# "*@EXAMPLE.COM" +# +# See the POSIX fnmatch function for the format of the wildcards. +# +# NB If this is an empty list, no client can connect, so comment out +# entirely rather than using empty list to disable these checks +# +# By default, no Username's are checked +#sasl_allowed_username_list = ["joe@EXAMPLE.COM", "fred@EXAMPLE.COM" ] + + + +################################################################# +# +# Processing controls +# + +# The maximum number of concurrent client connections to allow +# over all sockets combined. +#max_clients = 5000 + +# The maximum length of queue of connections waiting to be +# accepted by the daemon. Note, that some protocols supporting +# retransmission may obey this so that a later reattempt at +# connection succeeds. +#max_queued_clients = 1000 + +# The maximum length of queue of accepted but not yet +# authenticated clients. The default value is zero, meaning +# the feature is disabled. +#max_anonymous_clients = 20 + +# The minimum limit sets the number of workers to start up +# initially. If the number of active clients exceeds this, +# then more threads are spawned, up to max_workers limit. +# Typically you'd want max_workers to equal maximum number +# of clients allowed +#min_workers = 5 +#max_workers = 20 + + +# The number of priority workers. If all workers from above +# pool are stuck, some calls marked as high priority +# (notably domainDestroy) can be executed in this pool. +#prio_workers = 5 + +# Total global limit on concurrent RPC calls. Should be +# at least as large as max_workers. Beyond this, RPC requests +# will be read into memory and queued. This directly impacts +# memory usage, currently each request requires 256 KB of +# memory. So by default up to 5 MB of memory is used +# +# XXX this isn't actually enforced yet, only the per-client +# limit is used so far +#max_requests = 20 + +# Limit on concurrent requests from a single client +# connection. To avoid one client monopolizing the server +# this should be a small fraction of the global max_requests +# and max_workers parameter +#max_client_requests = 5 + +################################################################# +# +# Logging controls +# + +# Logging level: 4 errors, 3 warnings, 2 information, 1 debug +# basically 1 will log everything possible +# Note: Journald may employ rate limiting of the messages logged +# and thus lock up the libvirt daemon. To use the debug level with +# journald you have to specify it explicitly in 'log_outputs', otherwise +# only information level messages will be logged. +log_level = 2 + +# Logging filters: +# A filter allows to select a different logging level for a given category +# of logs +# The format for a filter is one of: +# x:name +# x:+name +# where name is a string which is matched against source file name, +# e.g., "remote", "qemu", or "util/json", the optional "+" prefix +# tells libvirt to log stack trace for each message matching name, +# and x is the minimal level where matching messages should be logged: +# 1: DEBUG +# 2: INFO +# 3: WARNING +# 4: ERROR +# +# Multiple filters can be defined in a single @filters, they just need to be +# separated by spaces. +# +# e.g. to only get warning or errors from the remote layer and only errors +# from the event layer: +#log_filters="3:remote 4:event" + +# Logging outputs: +# An output is one of the places to save logging information +# The format for an output can be: +# x:stderr +# output goes to stderr +# x:syslog:name +# use syslog for the output and use the given name as the ident +# x:file:file_path +# output to a file, with the given filepath +# x:journald +# output to journald logging system +# In all case the x prefix is the minimal level, acting as a filter +# 1: DEBUG +# 2: INFO +# 3: WARNING +# 4: ERROR +# +# Multiple outputs can be defined, they just need to be separated by spaces. +# e.g. to log all warnings and errors to syslog under the libvirtd ident: +#log_outputs="3:syslog:libvirtd" +log_outputs="2:syslog:libvirtd" +# + +# Log debug buffer size: +# +# This configuration option is no longer used, since the global +# log buffer functionality has been removed. Please configure +# suitable log_outputs/log_filters settings to obtain logs. +#log_buffer_size = 64 + + +################################################################## +# +# Auditing +# +# This setting allows usage of the auditing subsystem to be altered: +# +# audit_level == 0 -> disable all auditing +# audit_level == 1 -> enable auditing, only if enabled on host (default) +# audit_level == 2 -> enable auditing, and exit if disabled on host +# +#audit_level = 2 +# +# If set to 1, then audit messages will also be sent +# via libvirt logging infrastructure. Defaults to 0 +# +#audit_logging = 1 + +################################################################### +# UUID of the host: +# Provide the UUID of the host here in case the command +# 'dmidecode -s system-uuid' does not provide a valid uuid. In case +# 'dmidecode' does not provide a valid UUID and none is provided here, a +# temporary UUID will be generated. +# Keep the format of the example UUID below. UUID must not have all digits +# be the same. + +# NB This default all-zeros UUID will not work. Replace +# it with the output of the 'uuidgen' command and then +# uncomment this entry +#host_uuid = "00000000-0000-0000-0000-000000000000" +host_uuid = "56a41aab-92b8-4840-b9ef-39a41c8d6b01" + +################################################################### +# Keepalive protocol: +# This allows libvirtd to detect broken client connections or even +# dead clients. A keepalive message is sent to a client after +# keepalive_interval seconds of inactivity to check if the client is +# still responding; keepalive_count is a maximum number of keepalive +# messages that are allowed to be sent to the client without getting +# any response before the connection is considered broken. In other +# words, the connection is automatically closed approximately after +# keepalive_interval * (keepalive_count + 1) seconds since the last +# message received from the client. If keepalive_interval is set to +# -1, libvirtd will never send keepalive requests; however clients +# can still send them and the daemon will send responses. When +# keepalive_count is set to 0, connections will be automatically +# closed after keepalive_interval seconds of inactivity without +# sending any keepalive messages. +# +#keepalive_interval = 5 +#keepalive_count = 5 +# +# If set to 1, libvirtd will refuse to talk to clients that do not +# support keepalive protocol. Defaults to 0. +# +#keepalive_required = 1 diff --git a/config-archive/etc/libvirt/libvirtd.conf.dist b/config-archive/etc/libvirt/libvirtd.conf.dist index 5485f985..d2c439c7 100644 --- a/config-archive/etc/libvirt/libvirtd.conf.dist +++ b/config-archive/etc/libvirt/libvirtd.conf.dist @@ -77,11 +77,6 @@ # UNIX socket access controls # -# Beware that if you are changing *any* of these options, and you use -# socket activation with systemd, you need to adjust the settings in -# the libvirtd.socket file as well since it could impose a security -# risk if you rely on file permission checking only. - # Set the UNIX domain socket group ownership. This can be used to # allow a 'trusted' set of users access to management capabilities # without becoming root. diff --git a/config-archive/etc/postfix/main.cf b/config-archive/etc/postfix/main.cf index 6b000688..2b6cf73c 100644 --- a/config-archive/etc/postfix/main.cf +++ b/config-archive/etc/postfix/main.cf @@ -664,7 +664,7 @@ setgid_group = postdrop # html_directory: The location of the Postfix HTML documentation. # -html_directory = /usr/share/doc/postfix-3.0.2/html +html_directory = /usr/share/doc/postfix-3.0.3-r1/html # manpage_directory: The location of the Postfix on-line manual pages. # @@ -677,7 +677,8 @@ sample_directory = /etc/postfix # readme_directory: The location of the Postfix README files. # -readme_directory = /usr/share/doc/postfix-3.0.2/readme +readme_directory = /usr/share/doc/postfix-3.0.3-r1/readme + # inet_protocols = ipv4 meta_directory = /etc/postfix shlib_directory = /usr/lib64/postfix/${mail_version} diff --git a/config-archive/etc/postfix/main.cf.1 b/config-archive/etc/postfix/main.cf.1 index 38714de1..6b000688 100644 --- a/config-archive/etc/postfix/main.cf.1 +++ b/config-archive/etc/postfix/main.cf.1 @@ -664,7 +664,7 @@ setgid_group = postdrop # html_directory: The location of the Postfix HTML documentation. # -html_directory = /usr/share/doc/postfix-3.0.1-r1/html +html_directory = /usr/share/doc/postfix-3.0.2/html # manpage_directory: The location of the Postfix on-line manual pages. # @@ -677,7 +677,7 @@ sample_directory = /etc/postfix # readme_directory: The location of the Postfix README files. # -readme_directory = /usr/share/doc/postfix-3.0.1-r1/readme +readme_directory = /usr/share/doc/postfix-3.0.2/readme # inet_protocols = ipv4 meta_directory = /etc/postfix shlib_directory = /usr/lib64/postfix/${mail_version} diff --git a/config-archive/etc/postfix/main.cf.2 b/config-archive/etc/postfix/main.cf.2 index 2da72a08..38714de1 100644 --- a/config-archive/etc/postfix/main.cf.2 +++ b/config-archive/etc/postfix/main.cf.2 @@ -664,7 +664,7 @@ setgid_group = postdrop # html_directory: The location of the Postfix HTML documentation. # -html_directory = /usr/share/doc/postfix-3.0.0/html +html_directory = /usr/share/doc/postfix-3.0.1-r1/html # manpage_directory: The location of the Postfix on-line manual pages. # @@ -677,7 +677,8 @@ sample_directory = /etc/postfix # readme_directory: The location of the Postfix README files. # -readme_directory = /usr/share/doc/postfix-3.0.0/readme +readme_directory = /usr/share/doc/postfix-3.0.1-r1/readme +# inet_protocols = ipv4 meta_directory = /etc/postfix shlib_directory = /usr/lib64/postfix/${mail_version} home_mailbox = .maildir/ diff --git a/config-archive/etc/postfix/main.cf.3 b/config-archive/etc/postfix/main.cf.3 index 6ffa90b0..2da72a08 100644 --- a/config-archive/etc/postfix/main.cf.3 +++ b/config-archive/etc/postfix/main.cf.3 @@ -10,6 +10,25 @@ # For best results, change no more than 2-3 parameters at a time, # and test if Postfix still works after every change. +# COMPATIBILITY +# +# The compatibility_level determines what default settings Postfix +# will use for main.cf and master.cf settings. These defaults will +# change over time. +# +# To avoid breaking things, Postfix will use backwards-compatible +# default settings and log where it uses those old backwards-compatible +# default settings, until the system administrator has determined +# if any backwards-compatible default settings need to be made +# permanent in main.cf or master.cf. +# +# When this review is complete, update the compatibility_level setting +# below as recommended in the RELEASE_NOTES file. +# +# The level below is what should be used with new (not upgrade) installs. +# +#compatibility_level = 2 + # SOFT BOUNCE # # The soft_bounce parameter provides a limited safety net for @@ -645,7 +664,7 @@ setgid_group = postdrop # html_directory: The location of the Postfix HTML documentation. # -html_directory = /usr/share/doc/postfix-2.11.3/html +html_directory = /usr/share/doc/postfix-3.0.0/html # manpage_directory: The location of the Postfix on-line manual pages. # @@ -658,7 +677,9 @@ sample_directory = /etc/postfix # readme_directory: The location of the Postfix README files. # -readme_directory = /usr/share/doc/postfix-2.11.3/readme +readme_directory = /usr/share/doc/postfix-3.0.0/readme +meta_directory = /etc/postfix +shlib_directory = /usr/lib64/postfix/${mail_version} home_mailbox = .maildir/ smtpd_sasl_auth_enable = yes diff --git a/config-archive/etc/postfix/main.cf.4 b/config-archive/etc/postfix/main.cf.4 index 5e3d60fd..6ffa90b0 100644 --- a/config-archive/etc/postfix/main.cf.4 +++ b/config-archive/etc/postfix/main.cf.4 @@ -5,7 +5,7 @@ # For common configuration examples, see BASIC_CONFIGURATION_README # and STANDARD_CONFIGURATION_README. To find these documents, use # the command "postconf html_directory readme_directory", or go to -# http://www.postfix.org/. +# http://www.postfix.org/BASIC_CONFIGURATION_README.html etc. # # For best results, change no more than 2-3 parameters at a time, # and test if Postfix still works after every change. @@ -645,7 +645,7 @@ setgid_group = postdrop # html_directory: The location of the Postfix HTML documentation. # -html_directory = /usr/share/doc/postfix-2.10.3/html +html_directory = /usr/share/doc/postfix-2.11.3/html # manpage_directory: The location of the Postfix on-line manual pages. # @@ -658,7 +658,7 @@ sample_directory = /etc/postfix # readme_directory: The location of the Postfix README files. # -readme_directory = /usr/share/doc/postfix-2.10.3/readme +readme_directory = /usr/share/doc/postfix-2.11.3/readme home_mailbox = .maildir/ smtpd_sasl_auth_enable = yes diff --git a/config-archive/etc/postfix/main.cf.5 b/config-archive/etc/postfix/main.cf.5 index 0436c1c4..5e3d60fd 100644 --- a/config-archive/etc/postfix/main.cf.5 +++ b/config-archive/etc/postfix/main.cf.5 @@ -645,7 +645,7 @@ setgid_group = postdrop # html_directory: The location of the Postfix HTML documentation. # -html_directory = /usr/share/doc/postfix-2.10.2/html +html_directory = /usr/share/doc/postfix-2.10.3/html # manpage_directory: The location of the Postfix on-line manual pages. # @@ -658,7 +658,7 @@ sample_directory = /etc/postfix # readme_directory: The location of the Postfix README files. # -readme_directory = /usr/share/doc/postfix-2.10.2/readme +readme_directory = /usr/share/doc/postfix-2.10.3/readme home_mailbox = .maildir/ smtpd_sasl_auth_enable = yes diff --git a/config-archive/etc/postfix/main.cf.6 b/config-archive/etc/postfix/main.cf.6 index f7e2a6a6..0436c1c4 100644 --- a/config-archive/etc/postfix/main.cf.6 +++ b/config-archive/etc/postfix/main.cf.6 @@ -645,7 +645,7 @@ setgid_group = postdrop # html_directory: The location of the Postfix HTML documentation. # -html_directory = /usr/share/doc/postfix-2.10.1/html +html_directory = /usr/share/doc/postfix-2.10.2/html # manpage_directory: The location of the Postfix on-line manual pages. # @@ -658,7 +658,7 @@ sample_directory = /etc/postfix # readme_directory: The location of the Postfix README files. # -readme_directory = /usr/share/doc/postfix-2.10.1/readme +readme_directory = /usr/share/doc/postfix-2.10.2/readme home_mailbox = .maildir/ smtpd_sasl_auth_enable = yes diff --git a/config-archive/etc/postfix/main.cf.7 b/config-archive/etc/postfix/main.cf.7 index 1232f478..f7e2a6a6 100644 --- a/config-archive/etc/postfix/main.cf.7 +++ b/config-archive/etc/postfix/main.cf.7 @@ -645,7 +645,7 @@ setgid_group = postdrop # html_directory: The location of the Postfix HTML documentation. # -html_directory = /usr/share/doc/postfix-2.10.0/html +html_directory = /usr/share/doc/postfix-2.10.1/html # manpage_directory: The location of the Postfix on-line manual pages. # @@ -658,7 +658,7 @@ sample_directory = /etc/postfix # readme_directory: The location of the Postfix README files. # -readme_directory = /usr/share/doc/postfix-2.10.0/readme +readme_directory = /usr/share/doc/postfix-2.10.1/readme home_mailbox = .maildir/ smtpd_sasl_auth_enable = yes diff --git a/config-archive/etc/postfix/main.cf.8 b/config-archive/etc/postfix/main.cf.8 index c438ed09..1232f478 100644 --- a/config-archive/etc/postfix/main.cf.8 +++ b/config-archive/etc/postfix/main.cf.8 @@ -645,7 +645,7 @@ setgid_group = postdrop # html_directory: The location of the Postfix HTML documentation. # -html_directory = /usr/share/doc/postfix-2.9.5/html +html_directory = /usr/share/doc/postfix-2.10.0/html # manpage_directory: The location of the Postfix on-line manual pages. # @@ -658,7 +658,7 @@ sample_directory = /etc/postfix # readme_directory: The location of the Postfix README files. # -readme_directory = /usr/share/doc/postfix-2.9.5/readme +readme_directory = /usr/share/doc/postfix-2.10.0/readme home_mailbox = .maildir/ smtpd_sasl_auth_enable = yes diff --git a/config-archive/etc/postfix/main.cf.9 b/config-archive/etc/postfix/main.cf.9 index c1606d6e..c438ed09 100644 --- a/config-archive/etc/postfix/main.cf.9 +++ b/config-archive/etc/postfix/main.cf.9 @@ -645,7 +645,7 @@ setgid_group = postdrop # html_directory: The location of the Postfix HTML documentation. # -html_directory = /usr/share/doc/postfix-2.9.4/html +html_directory = /usr/share/doc/postfix-2.9.5/html # manpage_directory: The location of the Postfix on-line manual pages. # @@ -658,11 +658,11 @@ sample_directory = /etc/postfix # readme_directory: The location of the Postfix README files. # -readme_directory = /usr/share/doc/postfix-2.9.4/readme +readme_directory = /usr/share/doc/postfix-2.9.5/readme home_mailbox = .maildir/ smtpd_sasl_auth_enable = yes -smtpd_sasl2_auth_enable = yes +#smtpd_sasl2_auth_enable = yes smtpd_sasl_security_options = noanonymous broken_sasl_auth_clients = yes smtpd_sasl_local_domain = $myhostname diff --git a/config-archive/etc/postfix/main.cf.dist b/config-archive/etc/postfix/main.cf.dist index fc1a8819..6576169b 100644 --- a/config-archive/etc/postfix/main.cf.dist +++ b/config-archive/etc/postfix/main.cf.dist @@ -153,8 +153,8 @@ mail_owner = postfix # compatible delivery agent that lookups all recipients in /etc/passwd # and /etc/aliases or their equivalent. # -# The default is $myhostname + localhost.$mydomain. On a mail domain -# gateway, you should also include $mydomain. +# The default is $myhostname + localhost.$mydomain + localhost. On +# a mail domain gateway, you should also include $mydomain. # # Do not specify the names of virtual domains - those domains are # specified elsewhere (see VIRTUAL_README). @@ -659,7 +659,7 @@ setgid_group = postdrop # html_directory: The location of the Postfix HTML documentation. # -html_directory = /usr/share/doc/postfix-3.0.3-r1/html +html_directory = /usr/share/doc/postfix-3.1.0/html # manpage_directory: The location of the Postfix on-line manual pages. # @@ -672,7 +672,7 @@ sample_directory = /etc/postfix # readme_directory: The location of the Postfix README files. # -readme_directory = /usr/share/doc/postfix-3.0.3-r1/readme +readme_directory = /usr/share/doc/postfix-3.1.0/readme inet_protocols = ipv4 meta_directory = /etc/postfix shlib_directory = /usr/lib64/postfix/${mail_version} diff --git a/cups/cupsd.conf b/cups/cupsd.conf index 07df1c0d..514ad670 100644 --- a/cups/cupsd.conf +++ b/cups/cupsd.conf @@ -43,6 +43,13 @@ WebInterface Yes Allow @LOCAL +# Restrict access to log files... + + AuthType Default + Require user @SYSTEM + Order allow,deny + + # Set the default printer/job policies... # Job/subscription privacy... diff --git a/cups/printers.conf b/cups/printers.conf index d609b8a1..3fe368a2 100644 --- a/cups/printers.conf +++ b/cups/printers.conf @@ -1,13 +1,15 @@ -# Printer configuration file for CUPS v2.0.3 -# Written by cupsd on 2016-05-29 11:38 +# Printer configuration file for CUPS v2.1.3 +# Written by cupsd on 2016-06-16 20:50 # DO NOT EDIT THIS FILE WHEN CUPSD IS RUNNING UUID urn:uuid:37ccb9f9-f39f-3442-414c-7de19e42748d Info blubber blub Location hier +MakeModel Kyocera FS-1020D - CUPS+Gutenprint v5.2.9 DeviceURI lpd://10.12.11.32/lp State Idle StateTime 1388061630 +ConfigTime 1466102983 Type 8392724 Accepting Yes Shared No @@ -22,9 +24,11 @@ ErrorPolicy stop-printer UUID urn:uuid:539ead49-b7d1-3af8-69d7-7f753e43178a Info Kyocera FS-1020D Location Arbeitszimmer +MakeModel Kyocera FS-1020D - CUPS+Gutenprint v5.2.9 DeviceURI usb://Kyocera/FS-1020D?serial=XAX5991704 State Idle StateTime 1388067872 +ConfigTime 1466102983 Type 8392724 Accepting Yes Shared Yes @@ -42,6 +46,7 @@ Location Local Printer DeviceURI cups-pdf:/ State Idle StateTime 1264666962 +ConfigTime 1466102983 Type 8388612 Accepting Yes Shared Yes diff --git a/cups/subscriptions.conf b/cups/subscriptions.conf index ffff3a60..043134ef 100644 --- a/cups/subscriptions.conf +++ b/cups/subscriptions.conf @@ -1,5 +1,5 @@ -# Subscription configuration file for CUPS v2.0.3 -# Written by cupsd on 2016-06-16 11:20 +# Subscription configuration file for CUPS v2.1.3 +# Written by cupsd on 2016-06-16 20:50 NextSubscriptionId 280 Events all @@ -8,5 +8,5 @@ Recipient dbus:// LeaseDuration 86400 Interval 0 ExpirationTime 1466155203 -NextEventId 1 +NextEventId 3 diff --git a/inittab b/inittab index ab61c630..4ccffc80 100644 --- a/inittab +++ b/inittab @@ -8,34 +8,36 @@ # Modified by: Martin Schlemmer, # Modified by: Mike Frysinger, # Modified by: Robin H. Johnson, +# Modified by: William Hubbs, # -# $Header: /var/cvsroot/gentoo-x86/sys-apps/sysvinit/files/inittab-2.87,v 1.2 2013/04/20 03:51:26 vapier Exp $ +# $Id$ # Default runlevel. id:3:initdefault: # System initialization, mount local filesystems, etc. -si::sysinit:/sbin/rc sysinit +si::sysinit:/sbin/openrc sysinit # Further system initialization, brings up the boot runlevel. -rc::bootwait:/sbin/rc boot - -l0:0:wait:/sbin/rc shutdown -l0s:0:wait:/sbin/halt -dhp -l1:1:wait:/sbin/rc single -l2:2:wait:/sbin/rc nonetwork -l3:3:wait:/sbin/rc default -l4:4:wait:/sbin/rc default -l5:5:wait:/sbin/rc default -l6:6:wait:/sbin/rc reboot -l6r:6:wait:/sbin/reboot -dk +rc::bootwait:/sbin/openrc boot + +l0:0:wait:/sbin/openrc shutdown +l0s:0:wait:/sbin/halt -dhnp +l1:1:wait:/sbin/openrc single +l2:2:wait:/sbin/openrc nonetwork +l3:3:wait:/sbin/openrc default +l4:4:wait:/sbin/openrc default +l5:5:wait:/sbin/openrc default +l6:6:wait:/sbin/openrc reboot +l6r:6:wait:/sbin/reboot -dkn #z6:6:respawn:/sbin/sulogin # new-style single-user -su0:S:wait:/sbin/rc single +su0:S:wait:/sbin/openrc single su1:S:wait:/sbin/sulogin # TERMINALS +#x1:12345:respawn:/sbin/agetty 38400 console linux c1:12345:respawn:/sbin/agetty --noclear 38400 tty1 linux c2:2345:respawn:/sbin/agetty 38400 tty2 linux c3:2345:respawn:/sbin/agetty 38400 tty3 linux diff --git a/libvirt/libvirtd.conf b/libvirt/libvirtd.conf index 1e8367f4..c85cdaf1 100644 --- a/libvirt/libvirtd.conf +++ b/libvirt/libvirtd.conf @@ -78,11 +78,6 @@ listen_addr = "127.0.0.1" # UNIX socket access controls # -# Beware that if you are changing *any* of these options, and you use -# socket activation with systemd, you need to adjust the settings in -# the libvirtd.socket file as well since it could impose a security -# risk if you rely on file permission checking only. - # Set the UNIX domain socket group ownership. This can be used to # allow a 'trusted' set of users access to management capabilities # without becoming root. diff --git a/postfix/main.cf b/postfix/main.cf index 2b6cf73c..eaba5a03 100644 --- a/postfix/main.cf +++ b/postfix/main.cf @@ -157,8 +157,8 @@ inet_interfaces = 10.12.11.2, localhost # compatible delivery agent that lookups all recipients in /etc/passwd # and /etc/aliases or their equivalent. # -# The default is $myhostname + localhost.$mydomain. On a mail domain -# gateway, you should also include $mydomain. +# The default is $myhostname + localhost.$mydomain + localhost. On +# a mail domain gateway, you should also include $mydomain. # # Do not specify the names of virtual domains - those domains are # specified elsewhere (see VIRTUAL_README). @@ -664,7 +664,7 @@ setgid_group = postdrop # html_directory: The location of the Postfix HTML documentation. # -html_directory = /usr/share/doc/postfix-3.0.3-r1/html +html_directory = /usr/share/doc/postfix-3.1.0/html # manpage_directory: The location of the Postfix on-line manual pages. # @@ -677,8 +677,7 @@ sample_directory = /etc/postfix # readme_directory: The location of the Postfix README files. # -readme_directory = /usr/share/doc/postfix-3.0.3-r1/readme - +readme_directory = /usr/share/doc/postfix-3.1.0/readme # inet_protocols = ipv4 meta_directory = /etc/postfix shlib_directory = /usr/lib64/postfix/${mail_version}