From: Frank Brehm Date: Thu, 3 Sep 2015 12:15:53 +0000 (+0200) Subject: Current state X-Git-Url: https://git.uhu-banane.org/?a=commitdiff_plain;h=e7aa004a6e674014741789f23bf7c79f2c4b0cfc;p=config%2Fhelga%2Fetc.git Current state --- diff --git a/apache2/info_users_passwd b/apache2/info_users_passwd index c8c2fad..dde8639 100644 --- a/apache2/info_users_passwd +++ b/apache2/info_users_passwd @@ -1 +1,2 @@ monitoring:$apr1$TqC87rAF$vXWiZcbRZMQIfC9XAVUgM. +uhu:$apr1$YDvmWkSk$hBCVtCkgYCtpk0nBafCJW0 diff --git a/apache2/modules.d/75_mod_perl.conf b/apache2/modules.d/75_mod_perl.conf deleted file mode 100644 index 4915cb6..0000000 --- a/apache2/modules.d/75_mod_perl.conf +++ /dev/null @@ -1,56 +0,0 @@ - -LoadModule perl_module modules/mod_perl.so - -#PerlTrace all -PerlRequire "/etc/apache2/modules.d/apache2-mod_perl-startup.pl" -PerlModule ModPerl::Registry - -# Provide two aliases to the same cgi-bin directory, to see the effects of the -# 2 different mod_perl modes for Apache2::Registry Mode -Alias /perl/ /var/www/localhost/perl/ -# for Apache2::Perlrun Mode -Alias /cgi-perl/ /var/www/localhost/perl/ - - - SetHandler perl-script - PerlResponseHandler Apache2::Status - Order deny,allow - Deny from all - Allow from 127.0.0.1 - Allow from localhost - AuthName "Server Status Access" - AuthType Basic - AuthUserFile /etc/apache2/info_users_passwd - Require valid-user - Satisfy Any - - - - SetHandler perl-script - PerlResponseHandler ModPerl::PerlRun - Options -Indexes ExecCGI - PerlOptions +ParseHeaders - - -# set Apache::Registry Mode for /perl Alias - - SetHandler perl-script - PerlResponseHandler ModPerl::Registry - Options -Indexes ExecCGI - PerlSendHeader On - Order allow,deny - Allow from all - - -# set Apache::PerlRun Mode for /cgi-perl Alias - - SetHandler perl-script - PerlResponseHandler ModPerl::PerlRun - Options -Indexes ExecCGI - PerlSendHeader On - Order allow,deny - Allow from all - - - -# vim: ts=4 filetype=apache diff --git a/apache2/vhosts.d/02_morph.conf b/apache2/vhosts.d/02_morph.conf deleted file mode 100644 index d3fd2ce..0000000 --- a/apache2/vhosts.d/02_morph.conf +++ /dev/null @@ -1,20 +0,0 @@ - - - ServerName test.morph-bonehunter.de - - DocumentRoot /home/morph/htdocs/test.morph-bonehunter.de - - ErrorLog /var/log/apache2/morph-error.log - LogLevel warn - CustomLog /var/log/apache2/morph-access.log full - - - Options -Indexes FollowSymLinks - AllowOverride None - Order allow,deny - Allow from all - - - - -# vim: ts=4 filetype=apache diff --git a/bash/bashrc b/bash/bashrc index 7b7aa6e..5fedb29 100644 --- a/bash/bashrc +++ b/bash/bashrc @@ -25,8 +25,8 @@ fi # past this point for scp and rcp, and it's important to refrain from # outputting anything in those cases. if [[ $- != *i* ]] ; then - # Shell is non-interactive. Be done now! - return + # Shell is non-interactive. Be done now! + return fi # Bash won't get SIGWINCH if another process is in the foreground. @@ -35,16 +35,29 @@ fi # http://cnswww.cns.cwru.edu/~chet/bash/FAQ (E11) shopt -s checkwinsize -# Enable history appending instead of overwriting. #139609 +# Disable completion when the input buffer is empty. i.e. Hitting tab +# and waiting a long time for bash to expand all of $PATH. +shopt -s no_empty_cmd_completion + +# Enable history appending instead of overwriting when exiting. #139609 shopt -s histappend +# Save each command to the history file as it's executed. #517342 +# This does mean sessions get interleaved when reading later on, but this +# way the history is always up to date. History is not synced across live +# sessions though; that is what `history -n` does. +# Disabled by default due to concerns related to system recovery when $HOME +# is under duress, or lives somewhere flaky (like NFS). Constantly syncing +# the history will halt the shell prompt until it's finished. +PROMPT_COMMAND='history -a' + # Change the window title of X terminals case ${TERM} in xterm*|rxvt*|Eterm*|aterm|kterm|gnome*|interix|konsole*) - PROMPT_COMMAND='echo -ne "\033]0;${USER}@${HOSTNAME%%.*}:${PWD/#$HOME/~}\007"' + PROMPT_COMMAND='history -a; echo -ne "\033]0;${USER}@${HOSTNAME%%.*}:${PWD/#$HOME/~}\007"' ;; screen*) - PROMPT_COMMAND='echo -ne "\033_${USER}@${HOSTNAME%%.*}:${PWD/#$HOME/~}\033\\"' + PROMPT_COMMAND='history -a; echo -ne "\033_${USER}@${HOSTNAME%%.*}:${PWD/#$HOME/~}\033\\"' ;; esac @@ -137,26 +150,15 @@ HISTTIMEFORMAT='%Y-%m-%d %H:%M:%S ' export LESSCOLOR=yes export LESSCHARSET="utf-8" -# Change the window title of X terminals -case $TERM in - xterm*|rxvt|Eterm|eterm) - PROMPT_COMMAND='echo -ne "\033]0;${USER}@${HOSTNAME%%.*}:${PWD/$HOME/~}\007"' - ;; - screen) - PROMPT_COMMAND='echo -ne "\033_${USER}@${HOSTNAME%%.*}:${PWD/$HOME/~}\033\\"' - ;; -esac - if [ -f /usr/share/mc/mc.gentoo ]; then . /usr/share/mc/mc.gentoo fi -#if [ -f /etc/profile.d/bash-completion ]; then -# . /etc/profile.d/bash-completion -#fi +for sh in /etc/bash/bashrc.d/* ; do + [[ -r ${sh} ]] && source "${sh}" +done -if [ -e /etc/bash_completion.d/git -o "${HOME}"/.bash_completion.d/git ] ; then - #echo "/etc/bash_completion.d/git or ${HOME}/.bash_completion.d/git exists ..." +if type -t __git_ps1 >/dev/null ; then if ${use_color} ; then if [ "$UID" = 0 ]; then PS1='$? \[\033[01;31m\]\h\[\033[01;30m\]:\[\033[01;34m\]\w\[\033[01;31m\]$(__git_ps1)\[\033[01;34m\] \$ \[\033[00m\]' @@ -175,6 +177,6 @@ fi # Try to keep environment pollution down, EPA loves us. -unset use_color safe_term match_lhs +unset use_color safe_term match_lhs sh # vim: ts=4 expandtab diff --git a/bash/bashrc.d/bash_completion.sh b/bash/bashrc.d/bash_completion.sh new file mode 100644 index 0000000..ae6756f --- /dev/null +++ b/bash/bashrc.d/bash_completion.sh @@ -0,0 +1,16 @@ +# Check for interactive bash and that we haven't already been sourced. +if [ -n "$BASH_VERSION" -a -n "$PS1" -a -z "$BASH_COMPLETION_COMPAT_DIR" ]; then + + # Check for recent enough version of bash. + if [ ${BASH_VERSINFO[0]} -gt 4 ] || \ + [ ${BASH_VERSINFO[0]} -eq 4 -a ${BASH_VERSINFO[1]} -ge 1 ]; then + [ -r "${XDG_CONFIG_HOME:-$HOME/.config}/bash_completion" ] && \ + . "${XDG_CONFIG_HOME:-$HOME/.config}/bash_completion" + if shopt -q progcomp && [ -r /usr/share/bash-completion/bash_completion ]; then + # Source completion code. + BASH_COMPLETION_COMPAT_DIR=/usr/share/bash-completion/completions + . /usr/share/bash-completion/bash_completion + fi + fi + +fi diff --git a/bash/bashrc.orig b/bash/bashrc.orig index d46cd1e..7006bf9 100644 --- a/bash/bashrc.orig +++ b/bash/bashrc.orig @@ -20,16 +20,32 @@ fi # http://cnswww.cns.cwru.edu/~chet/bash/FAQ (E11) shopt -s checkwinsize -# Enable history appending instead of overwriting. #139609 +# Disable completion when the input buffer is empty. i.e. Hitting tab +# and waiting a long time for bash to expand all of $PATH. +shopt -s no_empty_cmd_completion + +# Enable history appending instead of overwriting when exiting. #139609 shopt -s histappend +# Save each command to the history file as it's executed. #517342 +# This does mean sessions get interleaved when reading later on, but this +# way the history is always up to date. History is not synced across live +# sessions though; that is what `history -n` does. +# Disabled by default due to concerns related to system recovery when $HOME +# is under duress, or lives somewhere flaky (like NFS). Constantly syncing +# the history will halt the shell prompt until it's finished. +#PROMPT_COMMAND='history -a' + # Change the window title of X terminals case ${TERM} in - xterm*|rxvt*|Eterm|aterm|kterm|gnome*|interix) - PROMPT_COMMAND='echo -ne "\033]0;${USER}@${HOSTNAME%%.*}:${PWD/#$HOME/~}\007"' + xterm*|rxvt*|Eterm*|aterm|kterm|gnome*|interix|konsole*) + PS1='\[\033]0;\u@\h:\w\007\]' ;; - screen) - PROMPT_COMMAND='echo -ne "\033_${USER}@${HOSTNAME%%.*}:${PWD/#$HOME/~}\033\\"' + screen*) + PS1='\[\033k\u@\h:\w\033\\\]' + ;; + *) + unset PS1 ;; esac @@ -60,21 +76,27 @@ if ${use_color} ; then fi if [[ ${EUID} == 0 ]] ; then - PS1='\[\033[01;31m\]\h\[\033[01;34m\] \W \$\[\033[00m\] ' + PS1+='\[\033[01;31m\]\h\[\033[01;34m\] \W \$\[\033[00m\] ' else - PS1='\[\033[01;32m\]\u@\h\[\033[01;34m\] \w \$\[\033[00m\] ' + PS1+='\[\033[01;32m\]\u@\h\[\033[01;34m\] \w \$\[\033[00m\] ' fi alias ls='ls --color=auto' alias grep='grep --colour=auto' + alias egrep='egrep --colour=auto' + alias fgrep='fgrep --colour=auto' else if [[ ${EUID} == 0 ]] ; then # show root@ when we don't have colors - PS1='\u@\h \W \$ ' + PS1+='\u@\h \W \$ ' else - PS1='\u@\h \w \$ ' + PS1+='\u@\h \w \$ ' fi fi +for sh in /etc/bash/bashrc.d/* ; do + [[ -r ${sh} ]] && source "${sh}" +done + # Try to keep environment pollution down, EPA loves us. -unset use_color safe_term match_lhs +unset use_color safe_term match_lhs sh diff --git a/bash_completion.d/gentoo-style-init b/bash_completion.d/gentoo-style-init new file mode 100644 index 0000000..8545692 --- /dev/null +++ b/bash_completion.d/gentoo-style-init @@ -0,0 +1,27 @@ +# Gentoo init.d completion +# +# $Id$ +# +# Copyright 1999-2009 Gentoo Foundation +# Distributed under the terms of the GNU General Public License, v2 or later + +_gentoo_style_init() +{ + local script="${COMP_WORDS[0]}" + local cur="${COMP_WORDS[$COMP_CWORD]}" + + if [[ ( -f "${script}" || -h "${script}" ) && -r "${script}" ]] \ + && [[ "${script}" != *.sh ]] \ + && [[ "$(head -n 1 "${script}")" = "#!/sbin/runscript" ]] + then + [[ $COMP_CWORD -gt 1 ]] && return 1 + COMPREPLY=($(opts="start stop status restart pause zap ineed needsme iuse usesme broken"; \ + eval "$(grep '^opts=' "${script}")"; echo "${opts}")) + [[ -n "$COMPREPLY" ]] || COMPREPLY=(start stop restart zap) + COMPREPLY=($(compgen -W "${COMPREPLY[*]}" -- "${cur}")) + else + COMPREPLY=($(compgen -o default -- "${cur}")) + fi + return 0 +} +complete -F _gentoo_style_init /etc/init.d/* diff --git a/conf.d/cronie b/conf.d/cronie new file mode 100644 index 0000000..ee23703 --- /dev/null +++ b/conf.d/cronie @@ -0,0 +1,3 @@ +# Settings for the CRON daemon. +# CRONDARGS= : any extra command-line startup arguments for crond +CRONDARGS= diff --git a/config-archive/etc/bash/bashrc b/config-archive/etc/bash/bashrc index df6b0b8..a11a788 100644 --- a/config-archive/etc/bash/bashrc +++ b/config-archive/etc/bash/bashrc @@ -40,7 +40,7 @@ shopt -s histappend # Change the window title of X terminals case ${TERM} in - xterm*|rxvt*|Eterm*|aterm|kterm|gnome*|interix) + xterm*|rxvt*|Eterm*|aterm|kterm|gnome*|interix|konsole*) PROMPT_COMMAND='echo -ne "\033]0;${USER}@${HOSTNAME%%.*}:${PWD/#$HOME/~}\007"' ;; screen*) @@ -155,8 +155,7 @@ fi # . /etc/profile.d/bash-completion #fi -if [ -e /etc/bash_completion.d/git -o "${HOME}"/.bash_completion.d/git ] ; then - #echo "/etc/bash_completion.d/git or ${HOME}/.bash_completion.d/git exists ..." +if type -t __git_ps1 >/dev/null ; then if ${use_color} ; then if [ "$UID" = 0 ]; then PS1='$? \[\033[01;31m\]\h\[\033[01;30m\]:\[\033[01;34m\]\w\[\033[01;31m\]$(__git_ps1)\[\033[01;34m\] \$ \[\033[00m\]' diff --git a/config-archive/etc/bash/bashrc.1 b/config-archive/etc/bash/bashrc.1 index fc0515b..df6b0b8 100644 --- a/config-archive/etc/bash/bashrc.1 +++ b/config-archive/etc/bash/bashrc.1 @@ -40,12 +40,12 @@ shopt -s histappend # Change the window title of X terminals case ${TERM} in - xterm*|rxvt*|Eterm|aterm|kterm|gnome*|interix) - PROMPT_COMMAND='echo -ne "\033]0;${USER}@${HOSTNAME%%.*}:${PWD/#$HOME/~}\007"' - ;; - screen) - PROMPT_COMMAND='echo -ne "\033_${USER}@${HOSTNAME%%.*}:${PWD/#$HOME/~}\033\\"' - ;; + xterm*|rxvt*|Eterm*|aterm|kterm|gnome*|interix) + PROMPT_COMMAND='echo -ne "\033]0;${USER}@${HOSTNAME%%.*}:${PWD/#$HOME/~}\007"' + ;; + screen*) + PROMPT_COMMAND='echo -ne "\033_${USER}@${HOSTNAME%%.*}:${PWD/#$HOME/~}\033\\"' + ;; esac use_color=false @@ -60,8 +60,8 @@ match_lhs="" [[ -f ~/.dir_colors ]] && match_lhs="${match_lhs}$(<~/.dir_colors)" [[ -f /etc/DIR_COLORS ]] && match_lhs="${match_lhs}$(/dev/null \ - && match_lhs=$(dircolors --print-database) + && type -P dircolors >/dev/null \ + && match_lhs=$(dircolors --print-database) [[ $'\n'${match_lhs} == *$'\n'"TERM "${safe_term}* ]] && use_color=true if ${use_color} ; then @@ -85,6 +85,8 @@ if ${use_color} ; then alias ls='ls --color=auto' alias grep='grep --colour=auto' + alias egrep='egrep --colour=auto' + alias fgrep='fgrep --colour=auto' else if [[ ${EUID} == 0 ]] ; then # show root@ when we don't have colors @@ -99,6 +101,7 @@ if [[ ${EUID} == 0 ]] ; then else alias ll="ls -l" fi +alias l="ls -l" alias la="ls -la" alias md=mkdir alias rd=rmdir diff --git a/config-archive/etc/bash/bashrc.2 b/config-archive/etc/bash/bashrc.2 index 6262977..fc0515b 100644 --- a/config-archive/etc/bash/bashrc.2 +++ b/config-archive/etc/bash/bashrc.2 @@ -7,26 +7,26 @@ if [ -d /usr/scripts ] ; then - PATH=/usr/scripts:$PATH - export PATH + PATH=/usr/scripts:$PATH + export PATH fi if [ -d $HOME/bin ] ; then - PATH=$PATH:$HOME/bin - export PATH + PATH=$PATH:$HOME/bin + export PATH fi if [ -d $HOME/lib ] ; then - PERL5LIB=$HOME/lib - export PERL5LIB + PERL5LIB=$HOME/lib + export PERL5LIB fi # Test for an interactive shell. There is no need to set anything # past this point for scp and rcp, and it's important to refrain from # outputting anything in those cases. if [[ $- != *i* ]] ; then - # Shell is non-interactive. Be done now! - return + # Shell is non-interactive. Be done now! + return fi # Bash won't get SIGWINCH if another process is in the foreground. @@ -40,12 +40,12 @@ shopt -s histappend # Change the window title of X terminals case ${TERM} in - xterm*|rxvt*|Eterm|aterm|kterm|gnome*|interix) - PROMPT_COMMAND='echo -ne "\033]0;${USER}@${HOSTNAME%%.*}:${PWD/#$HOME/~}\007"' - ;; - screen) - PROMPT_COMMAND='echo -ne "\033_${USER}@${HOSTNAME%%.*}:${PWD/#$HOME/~}\033\\"' - ;; + xterm*|rxvt*|Eterm|aterm|kterm|gnome*|interix) + PROMPT_COMMAND='echo -ne "\033]0;${USER}@${HOSTNAME%%.*}:${PWD/#$HOME/~}\007"' + ;; + screen) + PROMPT_COMMAND='echo -ne "\033_${USER}@${HOSTNAME%%.*}:${PWD/#$HOME/~}\033\\"' + ;; esac use_color=false @@ -60,8 +60,8 @@ match_lhs="" [[ -f ~/.dir_colors ]] && match_lhs="${match_lhs}$(<~/.dir_colors)" [[ -f /etc/DIR_COLORS ]] && match_lhs="${match_lhs}$(/dev/null \ - && match_lhs=$(dircolors --print-database) + && type -P dircolors >/dev/null \ + && match_lhs=$(dircolors --print-database) [[ $'\n'${match_lhs} == *$'\n'"TERM "${safe_term}* ]] && use_color=true if ${use_color} ; then @@ -127,11 +127,12 @@ printf("%s\n", $newa); HISTCONTROL=ignoreboth -HISTSIZE=5000 -HISTFILESIZE=5000 +HISTSIZE=50000 +HISTFILESIZE=50000 HISTTIMEFORMAT='%Y-%m-%d %H:%M:%S ' export LESSCOLOR=yes +export LESSCHARSET="utf-8" # Change the window title of X terminals case $TERM in @@ -147,11 +148,30 @@ if [ -f /usr/share/mc/mc.gentoo ]; then . /usr/share/mc/mc.gentoo fi -if [ -f /etc/profile.d/bash-completion ]; then - . /etc/profile.d/bash-completion +#if [ -f /etc/profile.d/bash-completion ]; then +# . /etc/profile.d/bash-completion +#fi + +if [ -e /etc/bash_completion.d/git -o "${HOME}"/.bash_completion.d/git ] ; then + #echo "/etc/bash_completion.d/git or ${HOME}/.bash_completion.d/git exists ..." + if ${use_color} ; then + if [ "$UID" = 0 ]; then + PS1='$? \[\033[01;31m\]\h\[\033[01;30m\]:\[\033[01;34m\]\w\[\033[01;31m\]$(__git_ps1)\[\033[01;34m\] \$ \[\033[00m\]' + else + PS1='$? \[\033[01;32m\]\u@\h\[\033[00m\]:\[\033[01;34m\]\w\[\033[01;31m\]$(__git_ps1)\[\033[01;34m\] > \[\033[00m\]' + fi + else + if [ "$UID" = 0 ]; then + PS1='$? \h:\w$(__git_ps1) \$ ' + else + PS1='$? \u@\h:\w$(__git_ps1) > ' + fi + fi fi # Try to keep environment pollution down, EPA loves us. unset use_color safe_term match_lhs + +# vim: ts=4 expandtab diff --git a/config-archive/etc/bash/bashrc.3 b/config-archive/etc/bash/bashrc.3 new file mode 100644 index 0000000..6262977 --- /dev/null +++ b/config-archive/etc/bash/bashrc.3 @@ -0,0 +1,157 @@ +# /etc/bash/bashrc +# +# This file is sourced by all *interactive* bash shells on startup, +# including some apparently interactive shells such as scp and rcp +# that can't tolerate any output. So make sure this doesn't display +# anything or bad things will happen ! + + +if [ -d /usr/scripts ] ; then + PATH=/usr/scripts:$PATH + export PATH +fi + +if [ -d $HOME/bin ] ; then + PATH=$PATH:$HOME/bin + export PATH +fi + +if [ -d $HOME/lib ] ; then + PERL5LIB=$HOME/lib + export PERL5LIB +fi + +# Test for an interactive shell. There is no need to set anything +# past this point for scp and rcp, and it's important to refrain from +# outputting anything in those cases. +if [[ $- != *i* ]] ; then + # Shell is non-interactive. Be done now! + return +fi + +# Bash won't get SIGWINCH if another process is in the foreground. +# Enable checkwinsize so that bash will check the terminal size when +# it regains control. #65623 +# http://cnswww.cns.cwru.edu/~chet/bash/FAQ (E11) +shopt -s checkwinsize + +# Enable history appending instead of overwriting. #139609 +shopt -s histappend + +# Change the window title of X terminals +case ${TERM} in + xterm*|rxvt*|Eterm|aterm|kterm|gnome*|interix) + PROMPT_COMMAND='echo -ne "\033]0;${USER}@${HOSTNAME%%.*}:${PWD/#$HOME/~}\007"' + ;; + screen) + PROMPT_COMMAND='echo -ne "\033_${USER}@${HOSTNAME%%.*}:${PWD/#$HOME/~}\033\\"' + ;; +esac + +use_color=false + +# Set colorful PS1 only on colorful terminals. +# dircolors --print-database uses its own built-in database +# instead of using /etc/DIR_COLORS. Try to use the external file +# first to take advantage of user additions. Use internal bash +# globbing instead of external grep binary. +safe_term=${TERM//[^[:alnum:]]/?} # sanitize TERM +match_lhs="" +[[ -f ~/.dir_colors ]] && match_lhs="${match_lhs}$(<~/.dir_colors)" +[[ -f /etc/DIR_COLORS ]] && match_lhs="${match_lhs}$(/dev/null \ + && match_lhs=$(dircolors --print-database) +[[ $'\n'${match_lhs} == *$'\n'"TERM "${safe_term}* ]] && use_color=true + +if ${use_color} ; then + # Enable colors for ls, etc. Prefer ~/.dir_colors #64489 + if type -P dircolors >/dev/null ; then + if [[ -f ~/.dir_colors ]] ; then + eval $(dircolors -b ~/.dir_colors) + elif [[ -f /etc/DIR_COLORS ]] ; then + eval $(dircolors -b /etc/DIR_COLORS) + fi + fi + + if [[ ${EUID} == 0 ]] ; then + #PS1='\[\033[01;31m\]\h\[\033[01;34m\] \W \$\[\033[00m\] ' + PS1='$? \[\033[01;31m\]\h\[\033[01;30m\]:\[\033[01;34m\]\w \$ \[\033[00m\]' + #PS1='$? \[\033[01;31m\]Gentoo (chroot)\[\033[01;30m\]:\[\033[01;34m\]\w \$ \[\033[00m\]' + else + #PS1='\[\033[01;32m\]\u@\h\[\033[01;34m\] \w \$\[\033[00m\] ' + PS1='$? \[\033[01;32m\]\u@\h\[\033[01;30m\]:\[\033[01;34m\]\w > \[\033[00m\]' + fi + + alias ls='ls --color=auto' + alias grep='grep --colour=auto' +else + if [[ ${EUID} == 0 ]] ; then + # show root@ when we don't have colors + PS1='\u@\h \W \$ ' + else + PS1='\u@\h \w \$ ' + fi +fi + +if [[ ${EUID} == 0 ]] ; then + alias ll="ls -lA" +else + alias ll="ls -l" +fi +alias la="ls -la" +alias md=mkdir +alias rd=rmdir +alias ..='cd ..' +alias ...='cd ../..' +alias cd..='cd ..' +alias cd...='cd ../..' +alias pl="ps -fu $USER" +grep='grep --colour=auto' +alias cpwd='cd `realpath .`' + +lcd() { + cd $( perl -e ' +use strict; +use Cwd; +my $new = shift; +my $cwd = Cwd::abs_path(getcwd()); +my $newa = $cwd; +if ($new){ + $newa = Cwd::abs_path($new); + $newa = $cwd unless $newa; +}; +printf("%s\n", $newa); +' $1 ) +} + + +HISTCONTROL=ignoreboth +HISTSIZE=5000 +HISTFILESIZE=5000 +HISTTIMEFORMAT='%Y-%m-%d %H:%M:%S ' + +export LESSCOLOR=yes + +# Change the window title of X terminals +case $TERM in + xterm*|rxvt|Eterm|eterm) + PROMPT_COMMAND='echo -ne "\033]0;${USER}@${HOSTNAME%%.*}:${PWD/$HOME/~}\007"' + ;; + screen) + PROMPT_COMMAND='echo -ne "\033_${USER}@${HOSTNAME%%.*}:${PWD/$HOME/~}\033\\"' + ;; +esac + +if [ -f /usr/share/mc/mc.gentoo ]; then + . /usr/share/mc/mc.gentoo +fi + +if [ -f /etc/profile.d/bash-completion ]; then + . /etc/profile.d/bash-completion +fi + + + +# Try to keep environment pollution down, EPA loves us. +unset use_color safe_term match_lhs diff --git a/config-archive/etc/bash/bashrc.dist.new b/config-archive/etc/bash/bashrc.dist.new new file mode 100644 index 0000000..7006bf9 --- /dev/null +++ b/config-archive/etc/bash/bashrc.dist.new @@ -0,0 +1,102 @@ +# /etc/bash/bashrc +# +# This file is sourced by all *interactive* bash shells on startup, +# including some apparently interactive shells such as scp and rcp +# that can't tolerate any output. So make sure this doesn't display +# anything or bad things will happen ! + + +# Test for an interactive shell. There is no need to set anything +# past this point for scp and rcp, and it's important to refrain from +# outputting anything in those cases. +if [[ $- != *i* ]] ; then + # Shell is non-interactive. Be done now! + return +fi + +# Bash won't get SIGWINCH if another process is in the foreground. +# Enable checkwinsize so that bash will check the terminal size when +# it regains control. #65623 +# http://cnswww.cns.cwru.edu/~chet/bash/FAQ (E11) +shopt -s checkwinsize + +# Disable completion when the input buffer is empty. i.e. Hitting tab +# and waiting a long time for bash to expand all of $PATH. +shopt -s no_empty_cmd_completion + +# Enable history appending instead of overwriting when exiting. #139609 +shopt -s histappend + +# Save each command to the history file as it's executed. #517342 +# This does mean sessions get interleaved when reading later on, but this +# way the history is always up to date. History is not synced across live +# sessions though; that is what `history -n` does. +# Disabled by default due to concerns related to system recovery when $HOME +# is under duress, or lives somewhere flaky (like NFS). Constantly syncing +# the history will halt the shell prompt until it's finished. +#PROMPT_COMMAND='history -a' + +# Change the window title of X terminals +case ${TERM} in + xterm*|rxvt*|Eterm*|aterm|kterm|gnome*|interix|konsole*) + PS1='\[\033]0;\u@\h:\w\007\]' + ;; + screen*) + PS1='\[\033k\u@\h:\w\033\\\]' + ;; + *) + unset PS1 + ;; +esac + +use_color=false + +# Set colorful PS1 only on colorful terminals. +# dircolors --print-database uses its own built-in database +# instead of using /etc/DIR_COLORS. Try to use the external file +# first to take advantage of user additions. Use internal bash +# globbing instead of external grep binary. +safe_term=${TERM//[^[:alnum:]]/?} # sanitize TERM +match_lhs="" +[[ -f ~/.dir_colors ]] && match_lhs="${match_lhs}$(<~/.dir_colors)" +[[ -f /etc/DIR_COLORS ]] && match_lhs="${match_lhs}$(/dev/null \ + && match_lhs=$(dircolors --print-database) +[[ $'\n'${match_lhs} == *$'\n'"TERM "${safe_term}* ]] && use_color=true + +if ${use_color} ; then + # Enable colors for ls, etc. Prefer ~/.dir_colors #64489 + if type -P dircolors >/dev/null ; then + if [[ -f ~/.dir_colors ]] ; then + eval $(dircolors -b ~/.dir_colors) + elif [[ -f /etc/DIR_COLORS ]] ; then + eval $(dircolors -b /etc/DIR_COLORS) + fi + fi + + if [[ ${EUID} == 0 ]] ; then + PS1+='\[\033[01;31m\]\h\[\033[01;34m\] \W \$\[\033[00m\] ' + else + PS1+='\[\033[01;32m\]\u@\h\[\033[01;34m\] \w \$\[\033[00m\] ' + fi + + alias ls='ls --color=auto' + alias grep='grep --colour=auto' + alias egrep='egrep --colour=auto' + alias fgrep='fgrep --colour=auto' +else + if [[ ${EUID} == 0 ]] ; then + # show root@ when we don't have colors + PS1+='\u@\h \W \$ ' + else + PS1+='\u@\h \w \$ ' + fi +fi + +for sh in /etc/bash/bashrc.d/* ; do + [[ -r ${sh} ]] && source "${sh}" +done + +# Try to keep environment pollution down, EPA loves us. +unset use_color safe_term match_lhs sh diff --git a/config-archive/etc/courier-imap/pop3d-ssl b/config-archive/etc/courier-imap/pop3d-ssl index 06a747f..21c2625 100644 --- a/config-archive/etc/courier-imap/pop3d-ssl +++ b/config-archive/etc/courier-imap/pop3d-ssl @@ -1,11 +1,11 @@ -##VERSION: $Id: pop3d-ssl,v 1.1 2009/11/12 16:55:53 root Exp $ +##VERSION: $Id: 2013-10-14 22:07:39 -0400 37a74ee0f736237b67330c620de7dc08232dec17$ # # pop3d-ssl created from pop3d-ssl.dist by sysconftool # # Do not alter lines that begin with ##, they are used when upgrading # this configuration. # -# Copyright 2000-2008 Double Precision, Inc. See COPYING for +# Copyright 2000-2013 Double Precision, Inc. See COPYING for # distribution information. # # This configuration file sets various options for the Courier-IMAP server @@ -89,42 +89,27 @@ POP3_TLS_REQUIRED=0 COURIERTLS=/usr/sbin/couriertls +##NAME: TLS_PRIORITY:0 +# +# Set TLS protocol priority settings (GnuTLS only) +# +# DEFAULT: NORMAL:-CTYPE-OPENPGP +# +# TLS_PRIORITY="NORMAL:-CTYPE-OPENPGP" + ##NAME: TLS_PROTOCOL:0 # # TLS_PROTOCOL sets the protocol version. The possible versions are: # # OpenSSL: # -# SSL2 - SSLv2 # SSL3 - SSLv3 -# SSL23 - either SSLv2 or SSLv3 (also TLS1, it seems) +# SSL23 - all protocols (including TLS 1.x protocols) # TLS1 - TLS1 +# TLSv1.1 - TLS1.1 +# TLSv1.2 - TLS1.2 # -# Note that this setting, with OpenSSL, is modified by the TLS_CIPHER_LIST -# setting, below. -# -# GnuTLS: -# -# SSL3 - SSLv3 -# TLS1 - TLS 1.0 -# TLS1_1 - TLS 1.1 -# -# When compiled against GnuTLS, multiple protocols can be selected as follows: -# -# TLS_PROTOCOL="TLS1_1:TLS1:SSL3" -# -# DEFAULT VALUES: -# -# SSL23 (OpenSSL), or "TLS_1:TLS1:SSL3" (GnuTLS) - -##NAME: TLS_STARTTLS_PROTOCOL:0 -# -# TLS_STARTTLS_PROTOCOL is used instead of TLS_PROTOCOL for the POP3 STARTTLS -# extension, as opposed to POP3 over SSL on port 995. -# -# It takes the same values for OpenSSL/GnuTLS as TLS_PROTOCOL - -TLS_STARTTLS_PROTOCOL=TLS1 +# Leave it unset to use any protocol except SSL 2. ##NAME: TLS_CIPHER_LIST:0 # @@ -134,10 +119,8 @@ TLS_STARTTLS_PROTOCOL=TLS1 # # OpenSSL: # -# TLS_CIPHER_LIST="SSLv3:TLSv1:!SSLv2:HIGH:!LOW:!MEDIUM:!EXP:!NULL@STRENGTH" -# -# To enable SSL2, remove the obvious "!SSLv2" part from the above list. -# +# TLS_CIPHER_LIST="SSLv3:TLSv1:HIGH:!LOW:!MEDIUM:!EXP:!NULL:!aNULL@STRENGTH" +TLS_CIPHER_LIST="HIGH:MEDIUM:!SSLv2:!LOW:!EXP:!aNULL:@STRENGTH" # # GnuTLS: # @@ -155,7 +138,9 @@ TLS_STARTTLS_PROTOCOL=TLS1 # LOW -- all ciphers that use fewer than a 128 bit key size, the NULL cipher # is not included # ALL -- all ciphers except the NULL cipher - +# +# See GnuTLS documentation, gnutls_priority_init(3) for additional +# documentation. ##NAME: TLS_MIN_DH_BITS:0 # @@ -169,53 +154,11 @@ TLS_STARTTLS_PROTOCOL=TLS1 # have been encountered that offer 512 bit keys. You may have to set # TLS_MIN_DH_BITS=512 here, if necessary. -##NAME: TLS_KX_LIST:0 -# -# GnuTLS only: -# -# Allowed key exchange protocols. The default of "ALL" should be sufficient. -# The list of supported key exchange protocols depends on the options GnuTLS -# was compiled against, but may include the following: -# -# DHERSA, DHEDSS, RSA, SRP, SRPRSA, SRPDSS, PSK, DHEPSK, ANONDH, RSAEXPORT - -TLS_KX_LIST=ALL - -##NAME: TLS_COMPRESSION:0 -# -# GnuTLS only: -# -# Optional compression. "ALL" selects all available compression methods. -# -# Available compression methods: DEFLATE, LZO, NULL - -TLS_COMPRESSION=ALL - -##NAME: TLS_CERTS:0 -# -# GnuTLS only: -# -# Supported certificate types are X509 and OPENPGP. -# -# OPENPGP has not been tested - -TLS_CERTS=X509 - ##NAME: TLS_TIMEOUT:0 # TLS_TIMEOUT is currently not implemented, and reserved for future use. # This is supposed to be an inactivity timeout, but its not yet implemented. # -##NAME: TLS_DHCERTFILE:0 -# -# TLS_DHCERTFILE - PEM file that stores a Diffie-Hellman -based certificate. -# When OpenSSL is compiled to use Diffie-Hellman ciphers instead of RSA -# you must generate a DH pair that will be used. In most situations the -# DH pair is to be treated as confidential, and the file specified by -# TLS_DHCERTFILE must not be world-readable. -# -# TLS_DHCERTFILE= - ##NAME: TLS_CERTFILE:0 # # TLS_CERTFILE - certificate to use. TLS_CERTFILE is required for SSL/TLS @@ -250,6 +193,12 @@ TLS_CERTS=X509 TLS_CERTFILE=/etc/courier-imap/pop3d.pem +##NAME: TLS_DHPARAMS:0 +# +# TLS_DHPARAMS - DH parameter file. +# +TLS_DHPARAMS=/etc/ssl/dhparams.pem + ##NAME: TLS_TRUSTCERTS:0 # # TLS_TRUSTCERTS=pathname - load trusted certificates from pathname. diff --git a/config-archive/etc/courier-imap/pop3d-ssl.1 b/config-archive/etc/courier-imap/pop3d-ssl.1 new file mode 100644 index 0000000..06a747f --- /dev/null +++ b/config-archive/etc/courier-imap/pop3d-ssl.1 @@ -0,0 +1,322 @@ +##VERSION: $Id: pop3d-ssl,v 1.1 2009/11/12 16:55:53 root Exp $ +# +# pop3d-ssl created from pop3d-ssl.dist by sysconftool +# +# Do not alter lines that begin with ##, they are used when upgrading +# this configuration. +# +# Copyright 2000-2008 Double Precision, Inc. See COPYING for +# distribution information. +# +# This configuration file sets various options for the Courier-IMAP server +# when used to handle SSL POP3 connections. +# +# SSL and non-SSL connections are handled by a dedicated instance of the +# couriertcpd daemon. If you are accepting both SSL and non-SSL POP3 +# connections, you will start two instances of couriertcpd, one on the +# POP3 port 110, and another one on the POP3-SSL port 995. +# +# Download OpenSSL from http://www.openssl.org/ +# +##NAME: SSLPORT:0 +# +# Options in the pop3d-ssl configuration file AUGMENT the options in the +# pop3d configuration file. First the pop3d configuration file is read, +# then the pop3d-ssl configuration file, so we do not have to redefine +# anything. +# +# However, some things do have to be redefined. The port number is +# specified by SSLPORT, instead of PORT. The default port is port 995. +# +# Multiple port numbers can be separated by commas. When multiple port +# numbers are used it is possibly to select a specific IP address for a +# given port as "ip.port". For example, "127.0.0.1.900,192.168.0.1.900" +# accepts connections on port 900 on IP addresses 127.0.0.1 and 192.168.0.1 +# The SSLADDRESS setting is a default for ports that do not have +# a specified IP address. + +SSLPORT=995 + +##NAME: SSLADDRESS:0 +# +# Address to listen on, can be set to a single IP address. +# +# SSLADDRESS=127.0.0.1 + +SSLADDRESS=0 + +##NAME: SSLPIDFILE:0 +# + +SSLPIDFILE=/var/run/pop3d-ssl.pid + +##NAME: SSLLOGGEROPTS:0 +# +# courierlogger(1) options. +# + +SSLLOGGEROPTS="-name=pop3d-ssl" + +##NAME: POP3DSSLSTART:0 +# +# Whether or not to start POP3 over SSL on spop3 port: + +POP3DSSLSTART=NO + +##NAME: POP3_STARTTLS:0 +# +# Whether or not to implement the POP3 STLS extension: + +POP3_STARTTLS=YES + +##NAME: POP3_TLS_REQUIRED:1 +# +# Set POP3_TLS_REQUIRED to 1 if you REQUIRE STARTTLS for everyone. +# (this option advertises the LOGINDISABLED POP3 capability, until STARTTLS +# is issued). + +POP3_TLS_REQUIRED=0 + +##NAME: COURIERTLS:0 +# +# The following variables configure POP3 over SSL. If OpenSSL or GnuTLS +# is available during configuration, the couriertls helper gets compiled, and +# upon installation a dummy TLS_CERTFILE gets generated. +# +# WARNING: Peer certificate verification has NOT yet been tested. Proceed +# at your own risk. Only the basic SSL/TLS functionality is known to be +# working. Keep this in mind as you play with the following variables. + +COURIERTLS=/usr/sbin/couriertls + +##NAME: TLS_PROTOCOL:0 +# +# TLS_PROTOCOL sets the protocol version. The possible versions are: +# +# OpenSSL: +# +# SSL2 - SSLv2 +# SSL3 - SSLv3 +# SSL23 - either SSLv2 or SSLv3 (also TLS1, it seems) +# TLS1 - TLS1 +# +# Note that this setting, with OpenSSL, is modified by the TLS_CIPHER_LIST +# setting, below. +# +# GnuTLS: +# +# SSL3 - SSLv3 +# TLS1 - TLS 1.0 +# TLS1_1 - TLS 1.1 +# +# When compiled against GnuTLS, multiple protocols can be selected as follows: +# +# TLS_PROTOCOL="TLS1_1:TLS1:SSL3" +# +# DEFAULT VALUES: +# +# SSL23 (OpenSSL), or "TLS_1:TLS1:SSL3" (GnuTLS) + +##NAME: TLS_STARTTLS_PROTOCOL:0 +# +# TLS_STARTTLS_PROTOCOL is used instead of TLS_PROTOCOL for the POP3 STARTTLS +# extension, as opposed to POP3 over SSL on port 995. +# +# It takes the same values for OpenSSL/GnuTLS as TLS_PROTOCOL + +TLS_STARTTLS_PROTOCOL=TLS1 + +##NAME: TLS_CIPHER_LIST:0 +# +# TLS_CIPHER_LIST optionally sets the list of ciphers to be used by the +# OpenSSL library. In most situations you can leave TLS_CIPHER_LIST +# undefined +# +# OpenSSL: +# +# TLS_CIPHER_LIST="SSLv3:TLSv1:!SSLv2:HIGH:!LOW:!MEDIUM:!EXP:!NULL@STRENGTH" +# +# To enable SSL2, remove the obvious "!SSLv2" part from the above list. +# +# +# GnuTLS: +# +# TLS_CIPHER_LIST="HIGH:MEDIUM" +# +# The actual list of available ciphers depend on the options GnuTLS was +# compiled against. The possible ciphers are: +# +# AES256, 3DES, AES128, ARC128, ARC40, RC2, DES, NULL +# +# Also, the following aliases: +# +# HIGH -- all ciphers that use more than a 128 bit key size +# MEDIUM -- all ciphers that use a 128 bit key size +# LOW -- all ciphers that use fewer than a 128 bit key size, the NULL cipher +# is not included +# ALL -- all ciphers except the NULL cipher + + +##NAME: TLS_MIN_DH_BITS:0 +# +# TLS_MIN_DH_BITS=n +# +# GnuTLS only: +# +# Set the minimum number of acceptable bits for a DH key exchange. +# +# GnuTLS's compiled-in default is 727 bits (as of GnuTLS 1.6.3). Some server +# have been encountered that offer 512 bit keys. You may have to set +# TLS_MIN_DH_BITS=512 here, if necessary. + +##NAME: TLS_KX_LIST:0 +# +# GnuTLS only: +# +# Allowed key exchange protocols. The default of "ALL" should be sufficient. +# The list of supported key exchange protocols depends on the options GnuTLS +# was compiled against, but may include the following: +# +# DHERSA, DHEDSS, RSA, SRP, SRPRSA, SRPDSS, PSK, DHEPSK, ANONDH, RSAEXPORT + +TLS_KX_LIST=ALL + +##NAME: TLS_COMPRESSION:0 +# +# GnuTLS only: +# +# Optional compression. "ALL" selects all available compression methods. +# +# Available compression methods: DEFLATE, LZO, NULL + +TLS_COMPRESSION=ALL + +##NAME: TLS_CERTS:0 +# +# GnuTLS only: +# +# Supported certificate types are X509 and OPENPGP. +# +# OPENPGP has not been tested + +TLS_CERTS=X509 + +##NAME: TLS_TIMEOUT:0 +# TLS_TIMEOUT is currently not implemented, and reserved for future use. +# This is supposed to be an inactivity timeout, but its not yet implemented. +# + +##NAME: TLS_DHCERTFILE:0 +# +# TLS_DHCERTFILE - PEM file that stores a Diffie-Hellman -based certificate. +# When OpenSSL is compiled to use Diffie-Hellman ciphers instead of RSA +# you must generate a DH pair that will be used. In most situations the +# DH pair is to be treated as confidential, and the file specified by +# TLS_DHCERTFILE must not be world-readable. +# +# TLS_DHCERTFILE= + +##NAME: TLS_CERTFILE:0 +# +# TLS_CERTFILE - certificate to use. TLS_CERTFILE is required for SSL/TLS +# servers, and is optional for SSL/TLS clients. TLS_CERTFILE is usually +# treated as confidential, and must not be world-readable. Set TLS_CERTFILE +# instead of TLS_DHCERTFILE if this is a garden-variety certificate +# +# VIRTUAL HOSTS (servers only): +# +# Due to technical limitations in the original SSL/TLS protocol, a dedicated +# IP address is required for each virtual host certificate. If you have +# multiple certificates, install each certificate file as +# $TLS_CERTFILE.aaa.bbb.ccc.ddd, where "aaa.bbb.ccc.ddd" is the IP address +# for the certificate's domain name. So, if TLS_CERTFILE is set to +# /etc/certificate.pem, then you'll need to install the actual certificate +# files as /etc/certificate.pem.192.168.0.2, /etc/certificate.pem.192.168.0.3 +# and so on, for each IP address. +# +# GnuTLS only (servers only): +# +# GnuTLS implements a new TLS extension that eliminates the need to have a +# dedicated IP address for each SSL/TLS domain name. Install each certificate +# as $TLS_CERTFILE.domain, so if TLS_CERTFILE is set to /etc/certificate.pem, +# then you'll need to install the actual certificate files as +# /etc/certificate.pem.host1.example.com, /etc/certificate.pem.host2.example.com +# and so on. +# +# Note that this TLS extension also requires a corresponding support in the +# client. Older SSL/TLS clients may not support this feature. +# +# This is an experimental feature. + +TLS_CERTFILE=/etc/courier-imap/pop3d.pem + +##NAME: TLS_TRUSTCERTS:0 +# +# TLS_TRUSTCERTS=pathname - load trusted certificates from pathname. +# pathname can be a file or a directory. If a file, the file should +# contain a list of trusted certificates, in PEM format. If a +# directory, the directory should contain the trusted certificates, +# in PEM format, one per file and hashed using OpenSSL's c_rehash +# script. TLS_TRUSTCERTS is used by SSL/TLS clients (by specifying +# the -domain option) and by SSL/TLS servers (TLS_VERIFYPEER is set +# to PEER or REQUIREPEER). +# + +TLS_TRUSTCERTS=/etc/ssl/certs + +##NAME: TLS_VERIFYPEER:0 +# +# TLS_VERIFYPEER - how to verify client certificates. The possible values of +# this setting are: +# +# NONE - do not verify anything +# +# PEER - verify the client certificate, if one's presented +# +# REQUIREPEER - require a client certificate, fail if one's not presented +# +# +TLS_VERIFYPEER=NONE + +##NAME: TLS_EXTERNAL:0 +# +# To enable SSL certificate-based authentication: +# +# 1) TLS_TRUSTCERTS must be set to a pathname that holds your certificate +# authority's SSL certificate +# +# 2) TLS_VERIFYPEER=PEER or TLS_VERIFYPEER=REQUIREPEER (the later settings +# requires all SSL clients to present a certificate, and rejects +# SSL/TLS connections without a valid cert). +# +# 3) Set TLS_EXTERNAL, below, to the subject field that holds the login ID. +# Example: +# +# TLS_EXTERNAL=emailaddress +# +# The above example retrieves the login ID from the "emailaddress" subject +# field. The certificate's emailaddress subject must match exactly the login +# ID in the courier-authlib database. + +##NAME: TLS_CACHE:0 +# +# A TLS/SSL session cache may slightly improve response for long-running +# POP3 clients. TLS_CACHEFILE will be automatically created, TLS_CACHESIZE +# bytes long, and used as a cache buffer. +# +# This is an experimental feature and should be disabled if it causes +# problems with SSL clients. Disable SSL caching by commenting out the +# following settings: + +TLS_CACHEFILE=/var/lib/courier-imap/couriersslcache +TLS_CACHESIZE=524288 + +##NAME: MAILDIRPATH:0 +# +# MAILDIRPATH - directory name of the maildir directory. +# +MAILDIRPATH=Maildir + +# Hardwire a value for ${MAILDIR} +MAILDIR=.maildir +MAILDIRPATH=.maildir diff --git a/config-archive/etc/courier-imap/pop3d-ssl.dist.new b/config-archive/etc/courier-imap/pop3d-ssl.dist.new new file mode 100644 index 0000000..8597a05 --- /dev/null +++ b/config-archive/etc/courier-imap/pop3d-ssl.dist.new @@ -0,0 +1,270 @@ +##VERSION: $Id: 2013-10-14 22:07:39 -0400 37a74ee0f736237b67330c620de7dc08232dec17$ +# +# pop3d-ssl created from pop3d-ssl.dist by sysconftool +# +# Do not alter lines that begin with ##, they are used when upgrading +# this configuration. +# +# Copyright 2000-2013 Double Precision, Inc. See COPYING for +# distribution information. +# +# This configuration file sets various options for the Courier-IMAP server +# when used to handle SSL POP3 connections. +# +# SSL and non-SSL connections are handled by a dedicated instance of the +# couriertcpd daemon. If you are accepting both SSL and non-SSL POP3 +# connections, you will start two instances of couriertcpd, one on the +# POP3 port 110, and another one on the POP3-SSL port 995. +# +# Download OpenSSL from http://www.openssl.org/ +# +##NAME: SSLPORT:0 +# +# Options in the pop3d-ssl configuration file AUGMENT the options in the +# pop3d configuration file. First the pop3d configuration file is read, +# then the pop3d-ssl configuration file, so we do not have to redefine +# anything. +# +# However, some things do have to be redefined. The port number is +# specified by SSLPORT, instead of PORT. The default port is port 995. +# +# Multiple port numbers can be separated by commas. When multiple port +# numbers are used it is possibly to select a specific IP address for a +# given port as "ip.port". For example, "127.0.0.1.900,192.168.0.1.900" +# accepts connections on port 900 on IP addresses 127.0.0.1 and 192.168.0.1 +# The SSLADDRESS setting is a default for ports that do not have +# a specified IP address. + +SSLPORT=995 + +##NAME: SSLADDRESS:0 +# +# Address to listen on, can be set to a single IP address. +# +# SSLADDRESS=127.0.0.1 + +SSLADDRESS=0 + +##NAME: SSLPIDFILE:0 +# + +SSLPIDFILE=/var/run/pop3d-ssl.pid + +##NAME: SSLLOGGEROPTS:0 +# +# courierlogger(1) options. +# + +SSLLOGGEROPTS="-name=pop3d-ssl" + +##NAME: POP3DSSLSTART:0 +# +# Whether or not to start POP3 over SSL on spop3 port: + +POP3DSSLSTART=NO + +##NAME: POP3_STARTTLS:0 +# +# Whether or not to implement the POP3 STLS extension: + +POP3_STARTTLS=YES + +##NAME: POP3_TLS_REQUIRED:1 +# +# Set POP3_TLS_REQUIRED to 1 if you REQUIRE STARTTLS for everyone. +# (this option advertises the LOGINDISABLED POP3 capability, until STARTTLS +# is issued). + +POP3_TLS_REQUIRED=0 + +##NAME: COURIERTLS:0 +# +# The following variables configure POP3 over SSL. If OpenSSL or GnuTLS +# is available during configuration, the couriertls helper gets compiled, and +# upon installation a dummy TLS_CERTFILE gets generated. +# +# WARNING: Peer certificate verification has NOT yet been tested. Proceed +# at your own risk. Only the basic SSL/TLS functionality is known to be +# working. Keep this in mind as you play with the following variables. + +COURIERTLS=/usr/sbin/couriertls + +##NAME: TLS_PRIORITY:0 +# +# Set TLS protocol priority settings (GnuTLS only) +# +# DEFAULT: NORMAL:-CTYPE-OPENPGP +# +# TLS_PRIORITY="NORMAL:-CTYPE-OPENPGP" + +##NAME: TLS_PROTOCOL:0 +# +# TLS_PROTOCOL sets the protocol version. The possible versions are: +# +# OpenSSL: +# +# SSL3 - SSLv3 +# SSL23 - all protocols (including TLS 1.x protocols) +# TLS1 - TLS1 +# TLSv1.1 - TLS1.1 +# TLSv1.2 - TLS1.2 +# +# Leave it unset to use any protocol except SSL 2. + +##NAME: TLS_CIPHER_LIST:0 +# +# TLS_CIPHER_LIST optionally sets the list of ciphers to be used by the +# OpenSSL library. In most situations you can leave TLS_CIPHER_LIST +# undefined +# +# OpenSSL: +# +# TLS_CIPHER_LIST="SSLv3:TLSv1:HIGH:!LOW:!MEDIUM:!EXP:!NULL:!aNULL@STRENGTH" +# +# GnuTLS: +# +# TLS_CIPHER_LIST="HIGH:MEDIUM" +# +# The actual list of available ciphers depend on the options GnuTLS was +# compiled against. The possible ciphers are: +# +# AES256, 3DES, AES128, ARC128, ARC40, RC2, DES, NULL +# +# Also, the following aliases: +# +# HIGH -- all ciphers that use more than a 128 bit key size +# MEDIUM -- all ciphers that use a 128 bit key size +# LOW -- all ciphers that use fewer than a 128 bit key size, the NULL cipher +# is not included +# ALL -- all ciphers except the NULL cipher +# +# See GnuTLS documentation, gnutls_priority_init(3) for additional +# documentation. + +##NAME: TLS_MIN_DH_BITS:0 +# +# TLS_MIN_DH_BITS=n +# +# GnuTLS only: +# +# Set the minimum number of acceptable bits for a DH key exchange. +# +# GnuTLS's compiled-in default is 727 bits (as of GnuTLS 1.6.3). Some server +# have been encountered that offer 512 bit keys. You may have to set +# TLS_MIN_DH_BITS=512 here, if necessary. + +##NAME: TLS_TIMEOUT:0 +# TLS_TIMEOUT is currently not implemented, and reserved for future use. +# This is supposed to be an inactivity timeout, but its not yet implemented. +# + +##NAME: TLS_CERTFILE:0 +# +# TLS_CERTFILE - certificate to use. TLS_CERTFILE is required for SSL/TLS +# servers, and is optional for SSL/TLS clients. TLS_CERTFILE is usually +# treated as confidential, and must not be world-readable. Set TLS_CERTFILE +# instead of TLS_DHCERTFILE if this is a garden-variety certificate +# +# VIRTUAL HOSTS (servers only): +# +# Due to technical limitations in the original SSL/TLS protocol, a dedicated +# IP address is required for each virtual host certificate. If you have +# multiple certificates, install each certificate file as +# $TLS_CERTFILE.aaa.bbb.ccc.ddd, where "aaa.bbb.ccc.ddd" is the IP address +# for the certificate's domain name. So, if TLS_CERTFILE is set to +# /etc/certificate.pem, then you'll need to install the actual certificate +# files as /etc/certificate.pem.192.168.0.2, /etc/certificate.pem.192.168.0.3 +# and so on, for each IP address. +# +# GnuTLS only (servers only): +# +# GnuTLS implements a new TLS extension that eliminates the need to have a +# dedicated IP address for each SSL/TLS domain name. Install each certificate +# as $TLS_CERTFILE.domain, so if TLS_CERTFILE is set to /etc/certificate.pem, +# then you'll need to install the actual certificate files as +# /etc/certificate.pem.host1.example.com, /etc/certificate.pem.host2.example.com +# and so on. +# +# Note that this TLS extension also requires a corresponding support in the +# client. Older SSL/TLS clients may not support this feature. +# +# This is an experimental feature. + +TLS_CERTFILE=/etc/courier-imap/pop3d.pem + +##NAME: TLS_DHPARAMS:0 +# +# TLS_DHPARAMS - DH parameter file. +# +TLS_DHPARAMS=/usr/share/dhparams.pem + +##NAME: TLS_TRUSTCERTS:0 +# +# TLS_TRUSTCERTS=pathname - load trusted certificates from pathname. +# pathname can be a file or a directory. If a file, the file should +# contain a list of trusted certificates, in PEM format. If a +# directory, the directory should contain the trusted certificates, +# in PEM format, one per file and hashed using OpenSSL's c_rehash +# script. TLS_TRUSTCERTS is used by SSL/TLS clients (by specifying +# the -domain option) and by SSL/TLS servers (TLS_VERIFYPEER is set +# to PEER or REQUIREPEER). +# + +TLS_TRUSTCERTS=/etc/ssl/certs + +##NAME: TLS_VERIFYPEER:0 +# +# TLS_VERIFYPEER - how to verify client certificates. The possible values of +# this setting are: +# +# NONE - do not verify anything +# +# PEER - verify the client certificate, if one's presented +# +# REQUIREPEER - require a client certificate, fail if one's not presented +# +# +TLS_VERIFYPEER=NONE + +##NAME: TLS_EXTERNAL:0 +# +# To enable SSL certificate-based authentication: +# +# 1) TLS_TRUSTCERTS must be set to a pathname that holds your certificate +# authority's SSL certificate +# +# 2) TLS_VERIFYPEER=PEER or TLS_VERIFYPEER=REQUIREPEER (the later settings +# requires all SSL clients to present a certificate, and rejects +# SSL/TLS connections without a valid cert). +# +# 3) Set TLS_EXTERNAL, below, to the subject field that holds the login ID. +# Example: +# +# TLS_EXTERNAL=emailaddress +# +# The above example retrieves the login ID from the "emailaddress" subject +# field. The certificate's emailaddress subject must match exactly the login +# ID in the courier-authlib database. + +##NAME: TLS_CACHE:0 +# +# A TLS/SSL session cache may slightly improve response for long-running +# POP3 clients. TLS_CACHEFILE will be automatically created, TLS_CACHESIZE +# bytes long, and used as a cache buffer. +# +# This is an experimental feature and should be disabled if it causes +# problems with SSL clients. Disable SSL caching by commenting out the +# following settings: + +TLS_CACHEFILE=/var/lib/courier-imap/couriersslcache +TLS_CACHESIZE=524288 + +##NAME: MAILDIRPATH:0 +# +# MAILDIRPATH - directory name of the maildir directory. +# +MAILDIRPATH=Maildir + +# Hardwire a value for ${MAILDIR} +MAILDIR=.maildir +MAILDIRPATH=.maildir diff --git a/config-archive/etc/courier/authlib/authdaemonrc b/config-archive/etc/courier/authlib/authdaemonrc index e36d896..cd1e743 100644 --- a/config-archive/etc/courier/authlib/authdaemonrc +++ b/config-archive/etc/courier/authlib/authdaemonrc @@ -1,4 +1,4 @@ -##VERSION: $Id: authdaemonrc.in 17 2011-04-04 02:07:37Z mrsam $ +##VERSION: $Id: authdaemonrc.in 239 2012-10-06 23:51:19Z mrsam $ # # Copyright 2000-2005 Double Precision, Inc. See COPYING for # distribution information. @@ -17,21 +17,21 @@ # fit on one line. Do not use any additional whitespace for indentation, # or anything else. -##NAME: authmodulelist:2 +##NAME: authmodulelist:3 # # The authentication modules that are linked into authdaemond. The # default list is installed. You may selectively disable modules simply # by removing them from the following list. The available modules you -# can use are: authuserdb authpam authshadow authpgsql authldap authmysql authcustom authpipe +# can use are: authuserdb authpam authshadow authpgsql authldap authmysql authsqlite authcustom authpipe authmodulelist="authmysql authpam" -##NAME: authmodulelistorig:3 +##NAME: authmodulelistorig:4 # # This setting is used by Courier's webadmin module, and should be left # alone -authmodulelistorig="authuserdb authpam authshadow authpgsql authldap authmysql authcustom authpipe" +authmodulelistorig="authuserdb authpam authshadow authpgsql authldap authmysql authsqlite authcustom authpipe" ##NAME: daemons:0 # @@ -90,7 +90,7 @@ DEFAULTOPTIONS="" # courierlogger(1) options, e.g. to set syslog facility # -LOGGEROPTS="" +LOGGEROPTS="-facility=auth" ##NAME: LDAP_TLS_OPTIONS:0 # diff --git a/config-archive/etc/courier/authlib/authdaemonrc.1 b/config-archive/etc/courier/authlib/authdaemonrc.1 index f11ec92..e36d896 100644 --- a/config-archive/etc/courier/authlib/authdaemonrc.1 +++ b/config-archive/etc/courier/authlib/authdaemonrc.1 @@ -1,4 +1,4 @@ -##VERSION: $Id: authdaemonrc.in,v 1.13 2005/10/05 00:07:32 mrsam Exp $ +##VERSION: $Id: authdaemonrc.in 17 2011-04-04 02:07:37Z mrsam $ # # Copyright 2000-2005 Double Precision, Inc. See COPYING for # distribution information. diff --git a/config-archive/etc/courier/authlib/authdaemonrc.2 b/config-archive/etc/courier/authlib/authdaemonrc.2 new file mode 100644 index 0000000..f11ec92 --- /dev/null +++ b/config-archive/etc/courier/authlib/authdaemonrc.2 @@ -0,0 +1,103 @@ +##VERSION: $Id: authdaemonrc.in,v 1.13 2005/10/05 00:07:32 mrsam Exp $ +# +# Copyright 2000-2005 Double Precision, Inc. See COPYING for +# distribution information. +# +# authdaemonrc created from authdaemonrc.dist by sysconftool +# +# Do not alter lines that begin with ##, they are used when upgrading +# this configuration. +# +# This file configures authdaemond, the resident authentication daemon. +# +# Comments in this file are ignored. Although this file is intended to +# be sourced as a shell script, authdaemond parses it manually, so +# the acceptable syntax is a bit limited. Multiline variable contents, +# with the \ continuation character, are not allowed. Everything must +# fit on one line. Do not use any additional whitespace for indentation, +# or anything else. + +##NAME: authmodulelist:2 +# +# The authentication modules that are linked into authdaemond. The +# default list is installed. You may selectively disable modules simply +# by removing them from the following list. The available modules you +# can use are: authuserdb authpam authshadow authpgsql authldap authmysql authcustom authpipe + +authmodulelist="authmysql authpam" + +##NAME: authmodulelistorig:3 +# +# This setting is used by Courier's webadmin module, and should be left +# alone + +authmodulelistorig="authuserdb authpam authshadow authpgsql authldap authmysql authcustom authpipe" + +##NAME: daemons:0 +# +# The number of daemon processes that are started. authdaemon is typically +# installed where authentication modules are relatively expensive: such +# as authldap, or authmysql, so it's better to have a number of them running. +# PLEASE NOTE: Some platforms may experience a problem if there's more than +# one daemon. Specifically, SystemV derived platforms that use TLI with +# socket emulation. I'm suspicious of TLI's ability to handle multiple +# processes accepting connections on the same filesystem domain socket. +# +# You may need to increase daemons if as your system load increases. Symptoms +# include sporadic authentication failures. If you start getting +# authentication failures, increase daemons. However, the default of 5 +# SHOULD be sufficient. Bumping up daemon count is only a short-term +# solution. The permanent solution is to add more resources: RAM, faster +# disks, faster CPUs... + +daemons=5 + +##NAME: authdaemonvar:2 +# +# authdaemonvar is here, but is not used directly by authdaemond. It's +# used by various configuration and build scripts, so don't touch it! + +authdaemonvar=/var/lib/courier/authdaemon + +##NAME: DEBUG_LOGIN:0 +# +# Dump additional diagnostics to syslog +# +# DEBUG_LOGIN=0 - turn off debugging +# DEBUG_LOGIN=1 - turn on debugging +# DEBUG_LOGIN=2 - turn on debugging + log passwords too +# +# ** YES ** - DEBUG_LOGIN=2 places passwords into syslog. +# +# Note that most information is sent to syslog at level 'debug', so +# you may need to modify your /etc/syslog.conf to be able to see it. + +DEBUG_LOGIN=0 + +##NAME: DEFAULTOPTIONS:0 +# +# A comma-separated list of option=value pairs. Each option is applied +# to an account if the account does not have its own specific value for +# that option. So for example, you can set +# DEFAULTOPTIONS="disablewebmail=1,disableimap=1" +# and then enable webmail and/or imap on individual accounts by setting +# disablewebmail=0 and/or disableimap=0 on the account. + +DEFAULTOPTIONS="" + +##NAME: LOGGEROPTS:0 +# +# courierlogger(1) options, e.g. to set syslog facility +# + +LOGGEROPTS="" + +##NAME: LDAP_TLS_OPTIONS:0 +# +# Options documented in ldap.conf(5) can be set here, prefixed with 'LDAP'. +# Examples: +# +#LDAPTLS_CACERT=/path/to/cacert.pem +#LDAPTLS_REQCERT=demand +#LDAPTLS_CERT=/path/to/clientcert.pem +#LDAPTLS_KEY=/path/to/clientkey.pem diff --git a/config-archive/etc/courier/authlib/authdaemonrc.dist b/config-archive/etc/courier/authlib/authdaemonrc.dist index 4b758be..5bd2a35 100644 --- a/config-archive/etc/courier/authlib/authdaemonrc.dist +++ b/config-archive/etc/courier/authlib/authdaemonrc.dist @@ -1,4 +1,4 @@ -##VERSION: $Id: authdaemonrc.in 239 2012-10-06 23:51:19Z mrsam $ +##VERSION: $Id: 2013-08-20 21:38:40 -0400 0404e6724c4edec3859842fb06d86c3ad52e8cc2$ # # Copyright 2000-2005 Double Precision, Inc. See COPYING for # distribution information. diff --git a/config-archive/etc/default/grub b/config-archive/etc/default/grub index f3be2eb..365e64c 100644 --- a/config-archive/etc/default/grub +++ b/config-archive/etc/default/grub @@ -1,6 +1,6 @@ # Copyright 1999-2014 Gentoo Foundation # Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/sys-boot/grub/files/grub.default-3,v 1.3 2014/09/10 14:38:39 floppym Exp $ +# $Header: /var/cvsroot/gentoo-x86/sys-boot/grub/files/grub.default-3,v 1.4 2014/10/16 04:04:02 floppym Exp $ # # To populate all changes in this file you need to regenerate your # grub configuration file afterwards: @@ -12,10 +12,8 @@ GRUB_DISTRIBUTOR="Gentoo (Helga)" # Default menu entry -GRUB_DEFAULT=0 +#GRUB_DEFAULT=0 -GRUB_HIDDEN_TIMEOUT=5 -GRUB_HIDDEN_TIMEOUT_QUIET=true # Boot the default entry this many seconds after the menu is displayed GRUB_TIMEOUT=10 #GRUB_TIMEOUT_STYLE=menu @@ -50,6 +48,13 @@ GRUB_SERIAL_COMMAND="serial --speed=57600 --unit=0 --word=8 --parity=no --stop=1 # You can see them in real GRUB with the command `vbeinfo'. #GRUB_GFXMODE=640x480 +# Set to 'text' to force the Linux kernel to boot in normal text +# mode, 'keep' to preserve the graphics mode set using +# 'GRUB_GFXMODE', 'WIDTHxHEIGHT'['xDEPTH'] to set a particular +# graphics mode, or a sequence of these separated by commas or +# semicolons to try several modes in sequence. +#GRUB_GFXPAYLOAD_LINUX= + # Path to theme spec txt file. # The starfield is by default provided with use truetype. # NOTE: when enabling custom theme, ensure you have required font/etc. diff --git a/config-archive/etc/default/grub.1 b/config-archive/etc/default/grub.1 index e810299..f3be2eb 100644 --- a/config-archive/etc/default/grub.1 +++ b/config-archive/etc/default/grub.1 @@ -1,22 +1,35 @@ -# Copyright 1999-2013 Gentoo Foundation +# Copyright 1999-2014 Gentoo Foundation # Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/sys-boot/grub/files/grub.default-2,v 1.4 2013/09/21 18:10:55 floppym Exp $ +# $Header: /var/cvsroot/gentoo-x86/sys-boot/grub/files/grub.default-3,v 1.3 2014/09/10 14:38:39 floppym Exp $ # # To populate all changes in this file you need to regenerate your # grub configuration file afterwards: # 'grub2-mkconfig -o /boot/grub/grub.cfg' # # See the grub info page for documentation on possible variables and -# their associated values. +# their associated values. -GRUB_DISTRIBUTOR="Gentoo" +GRUB_DISTRIBUTOR="Gentoo (Helga)" +# Default menu entry GRUB_DEFAULT=0 + GRUB_HIDDEN_TIMEOUT=5 GRUB_HIDDEN_TIMEOUT_QUIET=true +# Boot the default entry this many seconds after the menu is displayed GRUB_TIMEOUT=10 +#GRUB_TIMEOUT_STYLE=menu # Append parameters to the linux kernel command line +#GRUB_CMDLINE_LINUX="" +# +# Examples: +# +# Boot with network interface renaming disabled +# GRUB_CMDLINE_LINUX="net.ifnames=0" +# +# Boot with systemd instead of sysvinit (openrc) +# GRUB_CMDLINE_LINUX="init=/usr/lib/systemd/systemd" GRUB_CMDLINE_LINUX="console=tty0 console=ttyS0,57600n8 domdadm dolvm" GRUB_PRELOAD_MODULES=lvm diff --git a/config-archive/etc/default/grub.2 b/config-archive/etc/default/grub.2 new file mode 100644 index 0000000..e810299 --- /dev/null +++ b/config-archive/etc/default/grub.2 @@ -0,0 +1,53 @@ +# Copyright 1999-2013 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/sys-boot/grub/files/grub.default-2,v 1.4 2013/09/21 18:10:55 floppym Exp $ +# +# To populate all changes in this file you need to regenerate your +# grub configuration file afterwards: +# 'grub2-mkconfig -o /boot/grub/grub.cfg' +# +# See the grub info page for documentation on possible variables and +# their associated values. + +GRUB_DISTRIBUTOR="Gentoo" + +GRUB_DEFAULT=0 +GRUB_HIDDEN_TIMEOUT=5 +GRUB_HIDDEN_TIMEOUT_QUIET=true +GRUB_TIMEOUT=10 + +# Append parameters to the linux kernel command line +GRUB_CMDLINE_LINUX="console=tty0 console=ttyS0,57600n8 domdadm dolvm" + +GRUB_PRELOAD_MODULES=lvm + +# Append parameters to the linux kernel command line for non-recovery entries +#GRUB_CMDLINE_LINUX_DEFAULT="" +#GRUB_CMDLINE_LINUX_DEFAULT="console=tty0 console=ttyS0,57600n8" + +# Uncomment to disable graphical terminal (grub-pc only) +#GRUB_TERMINAL=console +# Serial console +GRUB_TERMINAL=serial +GRUB_SERIAL_COMMAND="serial --speed=57600 --unit=0 --word=8 --parity=no --stop=1" + + +# The resolution used on graphical terminal. +# Note that you can use only modes which your graphic card supports via VBE. +# You can see them in real GRUB with the command `vbeinfo'. +#GRUB_GFXMODE=640x480 + +# Path to theme spec txt file. +# The starfield is by default provided with use truetype. +# NOTE: when enabling custom theme, ensure you have required font/etc. +#GRUB_THEME="/boot/grub/themes/starfield/theme.txt" + +# Background image used on graphical terminal. +# Can be in various bitmap formats. +#GRUB_BACKGROUND="/boot/grub/mybackground.png" + +# Uncomment if you don't want GRUB to pass "root=UUID=xxx" parameter to kernel +GRUB_DISABLE_LINUX_UUID=true + +# Uncomment to disable generation of recovery mode menu entries +#GRUB_DISABLE_RECOVERY=true diff --git a/config-archive/etc/default/grub.dist b/config-archive/etc/default/grub.dist index f3f7e47..8ff053f 100644 --- a/config-archive/etc/default/grub.dist +++ b/config-archive/etc/default/grub.dist @@ -1,6 +1,6 @@ -# Copyright 1999-2014 Gentoo Foundation +# Copyright 1999-2015 Gentoo Foundation # Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/sys-boot/grub/files/grub.default-3,v 1.4 2014/10/16 04:04:02 floppym Exp $ +# $Header: /var/cvsroot/gentoo-x86/sys-boot/grub/files/grub.default-3,v 1.5 2015/03/25 01:58:00 floppym Exp $ # # To populate all changes in this file you need to regenerate your # grub configuration file afterwards: @@ -61,3 +61,14 @@ GRUB_DISTRIBUTOR="Gentoo" # Uncomment to disable generation of recovery mode menu entries #GRUB_DISABLE_RECOVERY=true + +# Uncomment to disable generation of the submenu and put all choices on +# the top-level menu. +# Besides the visual affect of no sub menu, this makes navigation of the +# menu easier for a user who can't see the screen. +#GRUB_DISABLE_SUBMENU=y + +# Uncomment to play a tone when the main menu is displayed. +# This is useful, for example, to allow users who can't see the screen +# to know when they can make a choice on the menu. +#GRUB_INIT_TUNE="60 800 1" diff --git a/config-archive/etc/logrotate.d/clamav.dist.new b/config-archive/etc/logrotate.d/clamav.dist.new index 12c77e0..7a81126 100644 --- a/config-archive/etc/logrotate.d/clamav.dist.new +++ b/config-archive/etc/logrotate.d/clamav.dist.new @@ -1,4 +1,5 @@ /var/log/clamav/clamd.log { + su clamav clamav missingok postrotate /etc/init.d/clamd logfix @@ -7,6 +8,7 @@ } /var/log/clamav/freshclam.log { + su clamav clamav missingok postrotate /etc/init.d/clamd logfix diff --git a/config-archive/etc/logrotate.d/ulogd.dist.new b/config-archive/etc/logrotate.d/ulogd.dist.new index 787f49b..777e400 100644 --- a/config-archive/etc/logrotate.d/ulogd.dist.new +++ b/config-archive/etc/logrotate.d/ulogd.dist.new @@ -1,9 +1,9 @@ -/var/log/ulogd/ulogd.log /var/log/ulogd/ulogd_syslogemu.log { +/var/log/ulogd/*.log { sharedscripts missingok notifempty create 0640 ulogd postrotate - /etc/init.d/ulogd reopen_logs > /dev/null + [ -f /run/ulogd.pid ] && /bin/kill -HUP $(cat /run/ulogd.pid) endscript } diff --git a/config-archive/etc/postfix/main.cf b/config-archive/etc/postfix/main.cf index a5d06c4..2a7bdde 100644 --- a/config-archive/etc/postfix/main.cf +++ b/config-archive/etc/postfix/main.cf @@ -12,6 +12,26 @@ # For best results, change no more than 2-3 parameters at a time, # and test if Postfix still works after every change. +# COMPATIBILITY +# +# The compatibility_level determines what default settings Postfix +# will use for main.cf and master.cf settings. These defaults will +# change over time. +# +# To avoid breaking things, Postfix will use backwards-compatible +# default settings and log where it uses those old backwards-compatible +# default settings, until the system administrator has determined +# if any backwards-compatible default settings need to be made +# permanent in main.cf or master.cf. +# +# When this review is complete, update the compatibility_level setting +# below as recommended in the RELEASE_NOTES file. +# +# The level below is what should be used with new (not upgrade) installs. +# +#compatibility_level = 2 +compatibility_level = 2 + # SOFT BOUNCE # # The soft_bounce parameter provides a limited safety net for @@ -642,7 +662,7 @@ setgid_group = postdrop # html_directory: The location of the Postfix HTML documentation. # -html_directory = /usr/share/doc/postfix-2.11.3/html +html_directory = /usr/share/doc/postfix-3.0.0/html # manpage_directory: The location of the Postfix on-line manual pages. # @@ -655,7 +675,9 @@ sample_directory = /etc/postfix # readme_directory: The location of the Postfix README files. # -readme_directory = /usr/share/doc/postfix-2.11.3/readme +readme_directory = /usr/share/doc/postfix-3.0.0/readme +meta_directory = /etc/postfix +shlib_directory = /usr/lib64/postfix/${mail_version} home_mailbox = .maildir/ #alias_maps = mysql:/etc/postfix/mysql-aliases.cf alias_maps = hash:/etc/postfix/maps/aliases @@ -739,3 +761,6 @@ virtual_mailbox_limit = 512000000 #virtual_mailbox_maps = mysql:/etc/postfix/mysql-virtual-maps.cf virtual_mailbox_maps = hash:/etc/postfix/maps/virtual_mailbox_maps virtual_uid_maps = static:1023 +append_dot_mydomain = yes +# smtputf8_enable = yes +smtputf8_enable = no diff --git a/config-archive/etc/postfix/main.cf.1 b/config-archive/etc/postfix/main.cf.1 index 9408611..a5d06c4 100644 --- a/config-archive/etc/postfix/main.cf.1 +++ b/config-archive/etc/postfix/main.cf.1 @@ -7,7 +7,7 @@ # For common configuration examples, see BASIC_CONFIGURATION_README # and STANDARD_CONFIGURATION_README. To find these documents, use # the command "postconf html_directory readme_directory", or go to -# http://www.postfix.org/. +# http://www.postfix.org/BASIC_CONFIGURATION_README.html etc. # # For best results, change no more than 2-3 parameters at a time, # and test if Postfix still works after every change. @@ -642,7 +642,7 @@ setgid_group = postdrop # html_directory: The location of the Postfix HTML documentation. # -html_directory = /usr/share/doc/postfix-2.10.3/html +html_directory = /usr/share/doc/postfix-2.11.3/html # manpage_directory: The location of the Postfix on-line manual pages. # @@ -655,7 +655,7 @@ sample_directory = /etc/postfix # readme_directory: The location of the Postfix README files. # -readme_directory = /usr/share/doc/postfix-2.10.3/readme +readme_directory = /usr/share/doc/postfix-2.11.3/readme home_mailbox = .maildir/ #alias_maps = mysql:/etc/postfix/mysql-aliases.cf alias_maps = hash:/etc/postfix/maps/aliases diff --git a/config-archive/etc/postfix/main.cf.2 b/config-archive/etc/postfix/main.cf.2 index 67ed344..9408611 100644 --- a/config-archive/etc/postfix/main.cf.2 +++ b/config-archive/etc/postfix/main.cf.2 @@ -642,7 +642,7 @@ setgid_group = postdrop # html_directory: The location of the Postfix HTML documentation. # -html_directory = /usr/share/doc/postfix-2.10.2/html +html_directory = /usr/share/doc/postfix-2.10.3/html # manpage_directory: The location of the Postfix on-line manual pages. # @@ -655,7 +655,7 @@ sample_directory = /etc/postfix # readme_directory: The location of the Postfix README files. # -readme_directory = /usr/share/doc/postfix-2.10.2/readme +readme_directory = /usr/share/doc/postfix-2.10.3/readme home_mailbox = .maildir/ #alias_maps = mysql:/etc/postfix/mysql-aliases.cf alias_maps = hash:/etc/postfix/maps/aliases diff --git a/config-archive/etc/postfix/main.cf.3 b/config-archive/etc/postfix/main.cf.3 index 508be66..67ed344 100644 --- a/config-archive/etc/postfix/main.cf.3 +++ b/config-archive/etc/postfix/main.cf.3 @@ -642,7 +642,7 @@ setgid_group = postdrop # html_directory: The location of the Postfix HTML documentation. # -html_directory = /usr/share/doc/postfix-2.10.1/html +html_directory = /usr/share/doc/postfix-2.10.2/html # manpage_directory: The location of the Postfix on-line manual pages. # @@ -655,7 +655,7 @@ sample_directory = /etc/postfix # readme_directory: The location of the Postfix README files. # -readme_directory = /usr/share/doc/postfix-2.10.1/readme +readme_directory = /usr/share/doc/postfix-2.10.2/readme home_mailbox = .maildir/ #alias_maps = mysql:/etc/postfix/mysql-aliases.cf alias_maps = hash:/etc/postfix/maps/aliases diff --git a/config-archive/etc/postfix/main.cf.4 b/config-archive/etc/postfix/main.cf.4 index f1639d8..508be66 100644 --- a/config-archive/etc/postfix/main.cf.4 +++ b/config-archive/etc/postfix/main.cf.4 @@ -642,7 +642,7 @@ setgid_group = postdrop # html_directory: The location of the Postfix HTML documentation. # -html_directory = /usr/share/doc/postfix-2.10.0/html +html_directory = /usr/share/doc/postfix-2.10.1/html # manpage_directory: The location of the Postfix on-line manual pages. # @@ -655,7 +655,7 @@ sample_directory = /etc/postfix # readme_directory: The location of the Postfix README files. # -readme_directory = /usr/share/doc/postfix-2.10.0/readme +readme_directory = /usr/share/doc/postfix-2.10.1/readme home_mailbox = .maildir/ #alias_maps = mysql:/etc/postfix/mysql-aliases.cf alias_maps = hash:/etc/postfix/maps/aliases diff --git a/config-archive/etc/postfix/main.cf.5 b/config-archive/etc/postfix/main.cf.5 index 0befb51..f1639d8 100644 --- a/config-archive/etc/postfix/main.cf.5 +++ b/config-archive/etc/postfix/main.cf.5 @@ -642,7 +642,7 @@ setgid_group = postdrop # html_directory: The location of the Postfix HTML documentation. # -html_directory = /usr/share/doc/postfix-2.9.5/html +html_directory = /usr/share/doc/postfix-2.10.0/html # manpage_directory: The location of the Postfix on-line manual pages. # @@ -655,7 +655,7 @@ sample_directory = /etc/postfix # readme_directory: The location of the Postfix README files. # -readme_directory = /usr/share/doc/postfix-2.9.5/readme +readme_directory = /usr/share/doc/postfix-2.10.0/readme home_mailbox = .maildir/ #alias_maps = mysql:/etc/postfix/mysql-aliases.cf alias_maps = hash:/etc/postfix/maps/aliases diff --git a/config-archive/etc/postfix/main.cf.6 b/config-archive/etc/postfix/main.cf.6 index e911f61..0befb51 100644 --- a/config-archive/etc/postfix/main.cf.6 +++ b/config-archive/etc/postfix/main.cf.6 @@ -642,7 +642,7 @@ setgid_group = postdrop # html_directory: The location of the Postfix HTML documentation. # -html_directory = /usr/share/doc/postfix-2.9.4/html +html_directory = /usr/share/doc/postfix-2.9.5/html # manpage_directory: The location of the Postfix on-line manual pages. # @@ -655,7 +655,7 @@ sample_directory = /etc/postfix # readme_directory: The location of the Postfix README files. # -readme_directory = /usr/share/doc/postfix-2.9.4/readme +readme_directory = /usr/share/doc/postfix-2.9.5/readme home_mailbox = .maildir/ #alias_maps = mysql:/etc/postfix/mysql-aliases.cf alias_maps = hash:/etc/postfix/maps/aliases diff --git a/config-archive/etc/postfix/main.cf.7 b/config-archive/etc/postfix/main.cf.7 index 044fe07..e911f61 100644 --- a/config-archive/etc/postfix/main.cf.7 +++ b/config-archive/etc/postfix/main.cf.7 @@ -642,7 +642,7 @@ setgid_group = postdrop # html_directory: The location of the Postfix HTML documentation. # -html_directory = /usr/share/doc/postfix-2.9.3/html +html_directory = /usr/share/doc/postfix-2.9.4/html # manpage_directory: The location of the Postfix on-line manual pages. # @@ -655,7 +655,7 @@ sample_directory = /etc/postfix # readme_directory: The location of the Postfix README files. # -readme_directory = /usr/share/doc/postfix-2.9.3/readme +readme_directory = /usr/share/doc/postfix-2.9.4/readme home_mailbox = .maildir/ #alias_maps = mysql:/etc/postfix/mysql-aliases.cf alias_maps = hash:/etc/postfix/maps/aliases diff --git a/config-archive/etc/postfix/main.cf.8 b/config-archive/etc/postfix/main.cf.8 index 6bac0c9..044fe07 100644 --- a/config-archive/etc/postfix/main.cf.8 +++ b/config-archive/etc/postfix/main.cf.8 @@ -41,7 +41,7 @@ command_directory = /usr/sbin # daemon programs (i.e. programs listed in the master.cf file). This # directory must be owned by root. # -daemon_directory = /usr/lib64/postfix +daemon_directory = /usr/libexec/postfix # The data_directory parameter specifies the location of Postfix-writable # data files (caches, random numbers). This directory must be owned @@ -460,7 +460,12 @@ unknown_local_recipient_reject_code = 550 # the main.cf file, otherwise the SMTP server will reject mail for # non-UNIX accounts with "User unknown in local recipient table". # -#mailbox_transport = lmtp:unix:/file/name +# Cyrus IMAP over LMTP. Specify ``lmtpunix cmd="lmtpd" +# listen="/var/imap/socket/lmtp" prefork=0'' in cyrus.conf. +#mailbox_transport = lmtp:unix:/var/imap/socket/lmtp +# +# Cyrus IMAP via command line. Uncomment the "cyrus...pipe" and +# subsequent line in master.cf. #mailbox_transport = cyrus # The fallback_transport specifies the optional transport in master.cf @@ -637,7 +642,7 @@ setgid_group = postdrop # html_directory: The location of the Postfix HTML documentation. # -html_directory = /usr/share/doc/postfix-2.8.9/html +html_directory = /usr/share/doc/postfix-2.9.3/html # manpage_directory: The location of the Postfix on-line manual pages. # @@ -650,7 +655,7 @@ sample_directory = /etc/postfix # readme_directory: The location of the Postfix README files. # -readme_directory = /usr/share/doc/postfix-2.8.9/readme +readme_directory = /usr/share/doc/postfix-2.9.3/readme home_mailbox = .maildir/ #alias_maps = mysql:/etc/postfix/mysql-aliases.cf alias_maps = hash:/etc/postfix/maps/aliases diff --git a/config-archive/etc/postfix/main.cf.9 b/config-archive/etc/postfix/main.cf.9 index 01dffb3..6bac0c9 100644 --- a/config-archive/etc/postfix/main.cf.9 +++ b/config-archive/etc/postfix/main.cf.9 @@ -41,7 +41,7 @@ command_directory = /usr/sbin # daemon programs (i.e. programs listed in the master.cf file). This # directory must be owned by root. # -daemon_directory = //usr/lib64/postfix +daemon_directory = /usr/lib64/postfix # The data_directory parameter specifies the location of Postfix-writable # data files (caches, random numbers). This directory must be owned diff --git a/config-archive/etc/postfix/main.cf.dist b/config-archive/etc/postfix/main.cf.dist index df2f3d0..b38876b 100644 --- a/config-archive/etc/postfix/main.cf.dist +++ b/config-archive/etc/postfix/main.cf.dist @@ -659,7 +659,7 @@ setgid_group = postdrop # html_directory: The location of the Postfix HTML documentation. # -html_directory = /usr/share/doc/postfix-3.0.0/html +html_directory = /usr/share/doc/postfix-3.0.1-r1/html # manpage_directory: The location of the Postfix on-line manual pages. # @@ -672,7 +672,7 @@ sample_directory = /etc/postfix # readme_directory: The location of the Postfix README files. # -readme_directory = /usr/share/doc/postfix-3.0.0/readme +readme_directory = /usr/share/doc/postfix-3.0.1-r1/readme inet_protocols = ipv4 meta_directory = /etc/postfix shlib_directory = /usr/lib64/postfix/${mail_version} diff --git a/config-archive/etc/rc.conf b/config-archive/etc/rc.conf index 42b7dfd..118530b 100644 --- a/config-archive/etc/rc.conf +++ b/config-archive/etc/rc.conf @@ -51,6 +51,10 @@ rc_logger="YES" # The default value is: /var/log/rc.log rc_log_path="/var/log/rc.log" +# If you want verbose output for OpenRC, set this to yes. If you want +# verbose output for service foo only, set it to yes in /etc/conf.d/foo. +#rc_verbose=no + # By default we filter the environment for our running scripts. To allow other # variables through, add them here. Use a * to allow all variables through. #rc_env_allow="VAR1 VAR2" @@ -73,6 +77,10 @@ rc_log_path="/var/log/rc.log" #rc_crashed_stop=NO #rc_crashed_start=YES +# Set rc_nocolor to yes if you do not want colors displayed in OpenRC +# output. +#rc_nocolor=NO + ############################################################################## # MISC CONFIGURATION VARIABLES # There variables are shared between many init scripts @@ -86,7 +94,7 @@ unicode="YES" # Below is the default list of network fstypes. # -# afs cifs coda davfs fuse fuse.sshfs gfs glusterfs lustre ncpfs +# afs ceph cifs coda davfs fuse fuse.sshfs gfs glusterfs lustre ncpfs # nfs nfs4 ocfs2 shfs smbfs # # If you would like to add to this list, you can do so by adding your diff --git a/config-archive/etc/rc.conf.1 b/config-archive/etc/rc.conf.1 index b9a9d6d..42b7dfd 100644 --- a/config-archive/etc/rc.conf.1 +++ b/config-archive/etc/rc.conf.1 @@ -80,6 +80,10 @@ rc_log_path="/var/log/rc.log" # Set unicode to YES to turn on unicode support for keyboards and screens. unicode="YES" +# This is how long fuser should wait for a remote server to respond. The +# default is 60 seconds, but it can be adjusted here. +#rc_fuser_timeout=60 + # Below is the default list of network fstypes. # # afs cifs coda davfs fuse fuse.sshfs gfs glusterfs lustre ncpfs @@ -101,7 +105,7 @@ unicode="YES" # Some daemons are started and stopped via start-stop-daemon. # We can set some things on a per service basis, like the nicelevel. -#export SSD_NICELEVEL="-19" +#SSD_NICELEVEL="-19" # Pass ulimit parameters #rc_ulimit="-u 30" @@ -153,10 +157,59 @@ rc_sys="" # consolefont, numlock, etc ...) rc_tty_number=12 +############################################################################## +# CGROUPS RESOURCE MANAGEMENT + # If you have cgroups turned on in your kernel, this switch controls # whether or not a group for each controller is mounted under # /sys/fs/cgroup. -# Support for process management by cgroups is planned in the future, -# so if you turn this off, be aware that you may not be able to use that -# feature. +# None of the other options in this section work if this is set to "NO". #rc_controller_cgroups="YES" + +# The following settings allow you to set up values for the cgroup +# controllers for your services. +# They can be set in this file;, however, if you do this, the settings +# will apply to all of your services. +# If you want different settings for each service, place the settings in +# /etc/conf.d/foo for service foo. +# The format is to specify the names of the settings followed by their +# values. Each variable can hold multiple settings. +# For example, you would use this to set the cpu.shares setting in the +# cpu controller to 512 for your service. +# rc_cgroup_cpu=" +# cpu.shares 512 +# " +# +#For more information about the adjustments that can be made with +#cgroups, see Documentation/cgroups/* in the linux kernel source tree. + +# Set the blkio controller settings for this service. +#rc_cgroup_blkio="" + +# Set the cpu controller settings for this service. +#rc_cgroup_cpu="" + +# Add this service to the cpuacct controller (any value means yes). +#rc_cgroup_cpuacct="" + +# Set the cpuset controller settings for this service. +#rc_cgroup_cpuset="" + +# Set the devices controller settings for this service. +#rc_cgroup_devices="" + +# Set the memory controller settings for this service. +#rc_cgroup_memory="" + +# Set the net_prio controller settings for this service. +#rc_cgroup_net_prio="" + +# Set this to YES if yu want all of the processes in a service's cgroup +# killed when the service is stopped or restarted. +# This should not be set globally because it kills all of the service's +# child processes, and most of the time this is undesirable. Please set +# it in /etc/conf.d/. +# To perform this cleanup manually for a stopped service, you can +# execute cgroup_cleanup with /etc/init.d/ cgroup_cleanup or +# rc-service cgroup_cleanup. +# rc_cgroup_cleanup="NO" diff --git a/config-archive/etc/rc.conf.2 b/config-archive/etc/rc.conf.2 index ae9e0cf..b9a9d6d 100644 --- a/config-archive/etc/rc.conf.2 +++ b/config-archive/etc/rc.conf.2 @@ -154,7 +154,7 @@ rc_sys="" rc_tty_number=12 # If you have cgroups turned on in your kernel, this switch controls -# whether or not a group for each controler is mounted under +# whether or not a group for each controller is mounted under # /sys/fs/cgroup. # Support for process management by cgroups is planned in the future, # so if you turn this off, be aware that you may not be able to use that diff --git a/config-archive/etc/rc.conf.3 b/config-archive/etc/rc.conf.3 index e0be8cb..ae9e0cf 100644 --- a/config-archive/etc/rc.conf.3 +++ b/config-archive/etc/rc.conf.3 @@ -1,8 +1,18 @@ # Global OpenRC configuration settings +# Set to "YES" if you want the rc system to try and start services +# in parallel for a slight speed improvement. When running in parallel we +# prefix the service output with its name as the output will get +# jumbled up. +# WARNING: whilst we have improved parallel, it can still potentially lock +# the boot process. Don't file bugs about this unless you can supply +# patches that fix it without breaking other things! +#rc_parallel="NO" + # Set rc_interactive to "YES" and you'll be able to press the I key during # boot so you can choose to start specific services. Set to "NO" to disable -# this feature. +# this feature. This feature is automatically disabled if rc_parallel is +# set to YES. #rc_interactive="YES" # If we need to drop to a shell, you can specify it here. @@ -84,6 +94,10 @@ unicode="YES" # These variables are documented here, but should be configured in # /etc/conf.d/foo for service foo and NOT enabled here unless you # really want them to work on a global basis. +# If your service has characters in its name which are not legal in +# shell variable names and you configure the variables for it in this +# file, those characters should be replaced with underscores in the +# variable names as shown below. # Some daemons are started and stopped via start-stop-daemon. # We can set some things on a per service basis, like the nicelevel. @@ -106,6 +120,13 @@ unicode="YES" #rc_foo_need="openvpn" #rc_foo_after="clock" +# Below is an example for service foo-bar. Note that the '-' is illegal +# in a shell variable name, so we convert it to an underscore. +# example for service foo-bar. +#rc_foo_bar_config="/etc/foo-bar" +#rc_foo_bar_need="openvpn" +#rc_foo_bar_after="clock" + # You can also remove dependencies. # This is mainly used for saying which servies do NOT provide net. #rc_net_tap0_provide="!net" @@ -122,9 +143,7 @@ unicode="YES" # "vserver" - Linux vserver # "xen0" - Xen0 Domain # "xenU" - XenU Domain -# If this is commented out, automatic detection will be attempted. -# Note that autodetection will not work in a prefix environment or in a -# linux container. +# If this is commented out, automatic detection will be used. # # This should be set to the value representing the environment this file is # PRESENTLY in, not the virtualization the environment is capable of. @@ -133,3 +152,11 @@ rc_sys="" # This is the number of tty's used in most of the rc-scripts (like # consolefont, numlock, etc ...) rc_tty_number=12 + +# If you have cgroups turned on in your kernel, this switch controls +# whether or not a group for each controler is mounted under +# /sys/fs/cgroup. +# Support for process management by cgroups is planned in the future, +# so if you turn this off, be aware that you may not be able to use that +# feature. +#rc_controller_cgroups="YES" diff --git a/config-archive/etc/rc.conf.4 b/config-archive/etc/rc.conf.4 new file mode 100644 index 0000000..e0be8cb --- /dev/null +++ b/config-archive/etc/rc.conf.4 @@ -0,0 +1,135 @@ +# Global OpenRC configuration settings + +# Set rc_interactive to "YES" and you'll be able to press the I key during +# boot so you can choose to start specific services. Set to "NO" to disable +# this feature. +#rc_interactive="YES" + +# If we need to drop to a shell, you can specify it here. +# If not specified we use $SHELL, otherwise the one specified in /etc/passwd, +# otherwise /bin/sh +# Linux users could specify /sbin/sulogin +rc_shell=/sbin/sulogin + +# Do we allow any started service in the runlevel to satisfy the dependency +# or do we want all of them regardless of state? For example, if net.eth0 +# and net.eth1 are in the default runlevel then with rc_depend_strict="NO" +# both will be started, but services that depend on 'net' will work if either +# one comes up. With rc_depend_strict="YES" we would require them both to +# come up. +#rc_depend_strict="YES" + +# rc_hotplug is a list of services that we allow to be hotplugged. +# By default we do not allow hotplugging. +# A hotplugged service is one started by a dynamic dev manager when a matching +# hardware device is found. +# This service is intrinsically included in the boot runlevel. +# To disable services, prefix with a ! +# Example - rc_hotplug="net.wlan !net.*" +# This allows net.wlan and any service not matching net.* to be plugged. +# Example - rc_hotplug="*" +# This allows all services to be hotplugged +#rc_hotplug="*" + +# rc_logger launches a logging daemon to log the entire rc process to +# /var/log/rc.log +# NOTE: Linux systems require the devfs service to be started before +# logging can take place and as such cannot log the sysinit runlevel. +rc_logger="YES" + +# Through rc_log_path you can specify a custom log file. +# The default value is: /var/log/rc.log +rc_log_path="/var/log/rc.log" + +# By default we filter the environment for our running scripts. To allow other +# variables through, add them here. Use a * to allow all variables through. +#rc_env_allow="VAR1 VAR2" + +# By default we assume that all daemons will start correctly. +# However, some do not - a classic example is that they fork and return 0 AND +# then child barfs on a configuration error. Or the daemon has a bug and the +# child crashes. You can set the number of milliseconds start-stop-daemon +# waits to check that the daemon is still running after starting here. +# The default is 0 - no checking. +#rc_start_wait=100 + +# rc_nostop is a list of services which will not stop when changing runlevels. +# This still allows the service itself to be stopped when called directly. +#rc_nostop="" + +# rc will attempt to start crashed services by default. +# However, it will not stop them by default as that could bring down other +# critical services. +#rc_crashed_stop=NO +#rc_crashed_start=YES + +############################################################################## +# MISC CONFIGURATION VARIABLES +# There variables are shared between many init scripts + +# Set unicode to YES to turn on unicode support for keyboards and screens. +unicode="YES" + +# Below is the default list of network fstypes. +# +# afs cifs coda davfs fuse fuse.sshfs gfs glusterfs lustre ncpfs +# nfs nfs4 ocfs2 shfs smbfs +# +# If you would like to add to this list, you can do so by adding your +# own fstypes to the following variable. +#extra_net_fs_list="" + +############################################################################## +# SERVICE CONFIGURATION VARIABLES +# These variables are documented here, but should be configured in +# /etc/conf.d/foo for service foo and NOT enabled here unless you +# really want them to work on a global basis. + +# Some daemons are started and stopped via start-stop-daemon. +# We can set some things on a per service basis, like the nicelevel. +#export SSD_NICELEVEL="-19" + +# Pass ulimit parameters +#rc_ulimit="-u 30" + +# It's possible to define extra dependencies for services like so +#rc_config="/etc/foo" +#rc_need="openvpn" +#rc_use="net.eth0" +#rc_after="clock" +#rc_before="local" +#rc_provide="!net" + +# You can also enable the above commands here for each service. Below is an +# example for service foo. +#rc_foo_config="/etc/foo" +#rc_foo_need="openvpn" +#rc_foo_after="clock" + +# You can also remove dependencies. +# This is mainly used for saying which servies do NOT provide net. +#rc_net_tap0_provide="!net" + +############################################################################## +# LINUX SPECIFIC OPTIONS + +# This is the subsystem type. Valid options on Linux: +# "" - nothing special +# "lxc" - Linux Containers +# "openvz" - Linux OpenVZ +# "prefix" - Prefix +# "uml" - Usermode Linux +# "vserver" - Linux vserver +# "xen0" - Xen0 Domain +# "xenU" - XenU Domain +# If this is commented out, automatic detection will be attempted. +# Note that autodetection will not work in a prefix environment or in a +# linux container. +# +# This should be set to the value representing the environment this file is +# PRESENTLY in, not the virtualization the environment is capable of. +rc_sys="" + +# This is the number of tty's used in most of the rc-scripts (like +# consolefont, numlock, etc ...) +rc_tty_number=12 diff --git a/config-archive/etc/rc.conf.dist b/config-archive/etc/rc.conf.dist index 0970fb9..5cef074 100644 --- a/config-archive/etc/rc.conf.dist +++ b/config-archive/etc/rc.conf.dist @@ -116,6 +116,9 @@ unicode="YES" #SSD_NICELEVEL="-19" # Pass ulimit parameters +# If you are using bash in POSIX mode for your shell, note that the +# ulimit command uses a block size of 512 bytes for the -c and -f +# options #rc_ulimit="-u 30" # It's possible to define extra dependencies for services like so @@ -147,14 +150,15 @@ unicode="YES" # LINUX SPECIFIC OPTIONS # This is the subsystem type. Valid options on Linux: -# "" - nothing special -# "lxc" - Linux Containers -# "openvz" - Linux OpenVZ -# "prefix" - Prefix -# "uml" - Usermode Linux -# "vserver" - Linux vserver -# "xen0" - Xen0 Domain -# "xenU" - XenU Domain +# "" - nothing special +# "lxc" - Linux Containers +# "openvz" - Linux OpenVZ +# "prefix" - Prefix +# "uml" - Usermode Linux +# "vserver" - Linux vserver +# "systemd-nspawn" - Container created by the systemd-nspawn utility +# "xen0" - Xen0 Domain +# "xenU" - XenU Domain # If this is commented out, automatic detection will be used. # # This should be set to the value representing the environment this file is diff --git a/courier/authlib/authdaemonrc b/courier/authlib/authdaemonrc index cd1e743..3b2f55c 100644 --- a/courier/authlib/authdaemonrc +++ b/courier/authlib/authdaemonrc @@ -1,4 +1,4 @@ -##VERSION: $Id: authdaemonrc.in 239 2012-10-06 23:51:19Z mrsam $ +##VERSION: $Id: 2013-08-20 21:38:40 -0400 0404e6724c4edec3859842fb06d86c3ad52e8cc2$ # # Copyright 2000-2005 Double Precision, Inc. See COPYING for # distribution information. diff --git a/courier/authlib/authdaemonrc.dist b/courier/authlib/authdaemonrc.dist index 4645640..abdebbd 100644 --- a/courier/authlib/authdaemonrc.dist +++ b/courier/authlib/authdaemonrc.dist @@ -1,4 +1,4 @@ -##VERSION: $Id: authdaemonrc.in 239 2012-10-06 23:51:19Z mrsam $ +##VERSION: $Id: 2013-08-20 21:38:40 -0400 0404e6724c4edec3859842fb06d86c3ad52e8cc2$ # # Copyright 2000-2005 Double Precision, Inc. See COPYING for # distribution information. diff --git a/courier/authlib/authldaprc b/courier/authlib/authldaprc index 6ff1d1b..812c6f9 100644 --- a/courier/authlib/authldaprc +++ b/courier/authlib/authldaprc @@ -1,4 +1,4 @@ -##VERSION: $Id: authldaprc 17 2011-04-04 02:07:37Z mrsam $ +##VERSION: $Id: authldaprc 265 2013-02-25 03:49:33Z mrsam $ # # Copyright 2000-2004 Double Precision, Inc. See COPYING for # distribution information. @@ -67,6 +67,15 @@ LDAP_TIMEOUT 5 # # LDAP_AUTHBIND 1 +##NAME: LDAP_INITBIND:1 +# +# Define this to do an initial bind to the adminstrator DN set in LDAP_BINDDN. +# If your LDAP server allows access without a bind, or you want to authenticate +# using a rebind (and have set LDAP_AUTHBIND to 1, you can set this to 0 and +# need not write the LDAP-Admin passwort into this file. +# +LDAP_INITBIND 1 + ##NAME: LDAP_MAIL:0 # # Here's the field on which we query diff --git a/courier/authlib/authldaprc.dist b/courier/authlib/authldaprc.dist index 6ff1d1b..812c6f9 100644 --- a/courier/authlib/authldaprc.dist +++ b/courier/authlib/authldaprc.dist @@ -1,4 +1,4 @@ -##VERSION: $Id: authldaprc 17 2011-04-04 02:07:37Z mrsam $ +##VERSION: $Id: authldaprc 265 2013-02-25 03:49:33Z mrsam $ # # Copyright 2000-2004 Double Precision, Inc. See COPYING for # distribution information. @@ -67,6 +67,15 @@ LDAP_TIMEOUT 5 # # LDAP_AUTHBIND 1 +##NAME: LDAP_INITBIND:1 +# +# Define this to do an initial bind to the adminstrator DN set in LDAP_BINDDN. +# If your LDAP server allows access without a bind, or you want to authenticate +# using a rebind (and have set LDAP_AUTHBIND to 1, you can set this to 0 and +# need not write the LDAP-Admin passwort into this file. +# +LDAP_INITBIND 1 + ##NAME: LDAP_MAIL:0 # # Here's the field on which we query diff --git a/cron.deny b/cron.deny index 3fae422..f909922 100644 --- a/cron.deny +++ b/cron.deny @@ -1,4 +1,4 @@ -# $Id: vixie-cron-4.1-cron.deny,v 1.1 2005/03/04 23:59:48 ciaranm Exp $ +# $Id: cronie-1.2-cron.deny,v 1.1 2009/02/17 22:09:35 bangert Exp $ # If for any reason you have users in the 'cron' group who should not # be allowed to run crontab, add them to this file (one username per # line) diff --git a/crontab b/crontab index bb7c4e7..b14eeda 100644 --- a/crontab +++ b/crontab @@ -1,5 +1,5 @@ -# for vixie cron -# $Header: /var/cvsroot/gentoo-x86/sys-process/vixie-cron/files/crontab-3.0.1-r4,v 1.3 2011/09/20 15:13:51 idl0r Exp $ +# for cronie +# $Header: /var/cvsroot/gentoo-x86/sys-process/cronie/files/cronie-1.3-crontab,v 1.2 2014/04/18 13:24:55 polynomial-c Exp $ # Global variables SHELL=/bin/bash @@ -8,8 +8,9 @@ MAILTO=root HOME=/ # check scripts in cron.hourly, cron.daily, cron.weekly and cron.monthly -59 * * * * root rm -f /var/spool/cron/lastrun/cron.hourly -9 3 * * * root rm -f /var/spool/cron/lastrun/cron.daily -19 4 * * 6 root rm -f /var/spool/cron/lastrun/cron.weekly -29 5 1 * * root rm -f /var/spool/cron/lastrun/cron.monthly -*/10 * * * * root test -x /usr/sbin/run-crons && /usr/sbin/run-crons +# if anacron is not present +59 * * * * root [ ! -x /etc/cron.hourly/0anacron ] && rm -f /var/spool/cron/lastrun/cron.hourly +9 3 * * * root [ ! -x /etc/cron.hourly/0anacron ] && rm -f /var/spool/cron/lastrun/cron.daily +19 4 * * 6 root [ ! -x /etc/cron.hourly/0anacron ] && rm -f /var/spool/cron/lastrun/cron.weekly +29 5 1 * * root [ ! -x /etc/cron.hourly/0anacron ] && rm -f /var/spool/cron/lastrun/cron.monthly +*/10 * * * * root [ ! -x /etc/cron.hourly/0anacron ] && { test -x /usr/sbin/run-crons && /usr/sbin/run-crons ; } diff --git a/csh.env b/csh.env index 1dde03f..54bb7c6 100644 --- a/csh.env +++ b/csh.env @@ -3,10 +3,9 @@ # GO INTO /etc/csh.cshrc NOT /etc/csh.env setenv CONFIG_PROTECT '/var/bind /usr/share/gnupg/qualified.txt' -setenv CONFIG_PROTECT_MASK '/etc/gentoo-release /etc/sandbox.d /etc/php/cli-php5.5/ext-active/ /etc/php/cgi-php5.5/ext-active/ /etc/php/apache2-php5.5/ext-active/ /etc/fonts/fonts.conf /etc/terminfo /etc/ca-certificates.conf /etc/texmf/web2c /etc/texmf/language.dat.d /etc/texmf/language.def.d /etc/texmf/updmap.d /etc/revdep-rebuild' +setenv CONFIG_PROTECT_MASK '/etc/gentoo-release /etc/sandbox.d /etc/php/cli-php5.5/ext-active/ /etc/php/cgi-php5.5/ext-active/ /etc/php/apache2-php5.5/ext-active/ /etc/php/cli-php5.6/ext-active/ /etc/php/cgi-php5.6/ext-active/ /etc/php/apache2-php5.6/ext-active/ /etc/fonts/fonts.conf /etc/terminfo /etc/ca-certificates.conf /etc/texmf/web2c /etc/texmf/language.dat.d /etc/texmf/language.def.d /etc/texmf/updmap.d /etc/revdep-rebuild' setenv CVS_RSH 'ssh' setenv EDITOR '/usr/bin/vim' -setenv ES_BASHCOMP_DIRS '/usr/share/bash-completion/completions' setenv GCC_SPECS '' setenv GUILE_LOAD_PATH '/usr/share/guile/1.8' setenv HG '/usr/bin/hg' @@ -14,7 +13,7 @@ setenv INFOPATH '/usr/share/info:/usr/share/gcc-data/x86_64-pc-linux-gnu/4.8.4/i setenv LADSPA_PATH '/usr/lib64/ladspa' setenv LESS '-R -M --shift 5' setenv LESSOPEN '|lesspipe %s' -setenv MANPATH '/usr/local/share/man:/usr/share/man:/usr/share/gcc-data/x86_64-pc-linux-gnu/4.8.4/man:/usr/share/binutils-data/x86_64-pc-linux-gnu/2.24/man:/etc/java-config-2/current-system-vm/man/:/usr/lib64/php5.5/man/:/usr/share/postgresql/man/:/usr/share/postgresql-9.4/man/' +setenv MANPATH '/usr/local/share/man:/usr/share/man:/usr/share/gcc-data/x86_64-pc-linux-gnu/4.8.4/man:/usr/share/binutils-data/x86_64-pc-linux-gnu/2.24/man:/etc/java-config-2/current-system-vm/man/:/usr/lib64/php5.5/man/:/usr/lib64/php5.6/man/:/usr/share/postgresql/man/:/usr/share/postgresql-9.4/man/' setenv MULTIOSDIRS '../lib64:../lib32' setenv OPENGL_PROFILE 'xorg-x11' setenv PAGER '/usr/bin/less' diff --git a/default/grub b/default/grub index 365e64c..2934b9a 100644 --- a/default/grub +++ b/default/grub @@ -1,6 +1,6 @@ -# Copyright 1999-2014 Gentoo Foundation +# Copyright 1999-2015 Gentoo Foundation # Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/sys-boot/grub/files/grub.default-3,v 1.4 2014/10/16 04:04:02 floppym Exp $ +# $Header: /var/cvsroot/gentoo-x86/sys-boot/grub/files/grub.default-3,v 1.5 2015/03/25 01:58:00 floppym Exp $ # # To populate all changes in this file you need to regenerate your # grub configuration file afterwards: @@ -69,3 +69,14 @@ GRUB_DISABLE_LINUX_UUID=true # Uncomment to disable generation of recovery mode menu entries #GRUB_DISABLE_RECOVERY=true + +# Uncomment to disable generation of the submenu and put all choices on +# the top-level menu. +# Besides the visual affect of no sub menu, this makes navigation of the +# menu easier for a user who can't see the screen. +#GRUB_DISABLE_SUBMENU=y + +# Uncomment to play a tone when the main menu is displayed. +# This is useful, for example, to allow users who can't see the screen +# to know when they can make a choice on the menu. +#GRUB_INIT_TUNE="60 800 1" diff --git a/dhcpcd.conf b/dhcpcd.conf index e905b34..e5a19cd 100644 --- a/dhcpcd.conf +++ b/dhcpcd.conf @@ -11,6 +11,8 @@ hostname #clientid # or # Use the same DUID + IAID as set in DHCPv6 for DHCPv4 ClientID as per RFC4361. +# Some non-RFC compliant DHCP servers do not reply with this set. +# In this case, comment out duid and enable clientid above. duid # Persist interface configuration when dhcpcd exits. diff --git a/env.d/20php5.6 b/env.d/20php5.6 new file mode 100644 index 0000000..ff7a0c4 --- /dev/null +++ b/env.d/20php5.6 @@ -0,0 +1,2 @@ +MANPATH="/usr/lib64/php5.6/man/" +CONFIG_PROTECT_MASK="/etc/php/cli-php5.6/ext-active/ /etc/php/cgi-php5.6/ext-active/ /etc/php/apache2-php5.6/ext-active/" diff --git a/env.d/50bash_completion b/env.d/50bash_completion deleted file mode 100644 index ef1d881..0000000 --- a/env.d/50bash_completion +++ /dev/null @@ -1 +0,0 @@ -ES_BASHCOMP_DIRS="/usr/share/bash-completion/completions" diff --git a/eselect/postgresql/slots/9.4/base b/eselect/postgresql/slots/9.4/base index 50337b4..a02c00d 100644 --- a/eselect/postgresql/slots/9.4/base +++ b/eselect/postgresql/slots/9.4/base @@ -1 +1 @@ -postgres_ebuilds="${postgres_ebuilds} postgresql-9.4.1" +postgres_ebuilds="${postgres_ebuilds} postgresql-9.4.3" diff --git a/fail2ban/action.d/badips.py b/fail2ban/action.d/badips.py index 250b1dc..c2a239f 100644 --- a/fail2ban/action.d/badips.py +++ b/fail2ban/action.d/badips.py @@ -111,6 +111,8 @@ class BadIPsAction(ActionBase): ------ HTTPError Any issues with badips.com request. + ValueError + If badips.com response didn't contain necessary information """ try: response = urlopen( @@ -122,7 +124,13 @@ class BadIPsAction(ActionBase): messages['err']) raise else: - categories = json.loads(response.read().decode('utf-8'))['categories'] + response_json = json.loads(response.read().decode('utf-8')) + if not 'categories' in response_json: + err = "badips.com response lacked categories specification. Response was: %s" \ + % (response_json,) + self._logSys.error(err) + raise ValueError(err) + categories = response_json['categories'] categories_names = set( value['Name'] for value in categories) if incParents: diff --git a/fail2ban/action.d/bsd-ipfw.conf b/fail2ban/action.d/bsd-ipfw.conf index 475d247..d7e5e1b 100644 --- a/fail2ban/action.d/bsd-ipfw.conf +++ b/fail2ban/action.d/bsd-ipfw.conf @@ -38,7 +38,7 @@ actioncheck = # Values: CMD # # requires an ipfw rule like "deny ip from table(1) to me" -actionban = ipfw table add +actionban = e=`ipfw table
add 2>&1`; x=$?; [ $x -eq 0 -o "$e" = 'ipfw: setsockopt(IP_FW_TABLE_XADD): File exists' ] || { echo "$e" 1>&2; exit $x; } # Option: actionunban @@ -47,7 +47,7 @@ actionban = ipfw table
add # Tags: See jail.conf(5) man page # Values: CMD # -actionunban = ipfw table
delete +actionunban = e=`ipfw table
delete 2>&1`; x=$?; [ $x -eq 0 -o "$e" = 'ipfw: setsockopt(IP_FW_TABLE_XDEL): No such process' ] || { echo "$e" 1>&2; exit $x; } [Init] # Option: table diff --git a/fail2ban/action.d/firewallcmd-allports.conf b/fail2ban/action.d/firewallcmd-allports.conf new file mode 100644 index 0000000..ec52bab --- /dev/null +++ b/fail2ban/action.d/firewallcmd-allports.conf @@ -0,0 +1,53 @@ +# Fail2Ban configuration file +# +# Author: Donald Yandt +# Because of the --remove-rules in stop this action requires firewalld-0.3.8+ + + +[INCLUDES] + +before = iptables-blocktype.conf + +[Definition] + +actionstart = firewall-cmd --direct --add-chain ipv4 filter f2b- + firewall-cmd --direct --add-rule ipv4 filter f2b- 1000 -j RETURN + firewall-cmd --direct --add-rule ipv4 filter 0 -j f2b- + +actionstop = firewall-cmd --direct --remove-rule ipv4 filter 0 -j f2b- + firewall-cmd --direct --remove-rules ipv4 filter f2b- + firewall-cmd --direct --remove-chain ipv4 filter f2b- + + +# Example actioncheck: firewall-cmd --direct --get-chains ipv4 filter | sed -e 's, ,\n,g' | grep -q '^f2b-recidive$' + +actioncheck = firewall-cmd --direct --get-chains ipv4 filter | sed -e 's, ,\n,g' | grep -q '^f2b-$' + +actionban = firewall-cmd --direct --add-rule ipv4 filter f2b- 0 -s -j + +actionunban = firewall-cmd --direct --remove-rule ipv4 filter f2b- 0 -s -j + +[Init] + +# Default name of the chain +# +name = default + +chain = INPUT_direct + +# DEV NOTES: +# +# Author: Donald Yandt +# Uses "FirewallD" instead of the "iptables daemon". +# +# +# Output: + +# actionstart: +# $ firewall-cmd --direct --add-chain ipv4 filter f2b-recidive +# success +# $ firewall-cmd --direct --add-rule ipv4 filter f2b-recidive 1000 -j RETURN +# success +# $ sudo firewall-cmd --direct --add-rule ipv4 filter INPUT_direct 0 -j f2b-recidive +# success + diff --git a/fail2ban/action.d/firewallcmd-multiport.conf b/fail2ban/action.d/firewallcmd-multiport.conf new file mode 100644 index 0000000..4d806e6 --- /dev/null +++ b/fail2ban/action.d/firewallcmd-multiport.conf @@ -0,0 +1,63 @@ +# Fail2Ban configuration file +# +# Author: Donald Yandt +# Because of the --remove-rules in stop this action requires firewalld-0.3.8+ + +[INCLUDES] + +before = iptables-blocktype.conf + +[Definition] + +actionstart = firewall-cmd --direct --add-chain ipv4 filter f2b- + firewall-cmd --direct --add-rule ipv4 filter f2b- 1000 -j RETURN + firewall-cmd --direct --add-rule ipv4 filter 0 -m state --state NEW -p -m multiport --dports -j f2b- + +actionstop = firewall-cmd --direct --remove-rule ipv4 filter 0 -m state --state NEW -p -m multiport --dports -j f2b- + firewall-cmd --direct --remove-rules ipv4 filter f2b- + firewall-cmd --direct --remove-chain ipv4 filter f2b- + +# Example actioncheck: firewall-cmd --direct --get-chains ipv4 filter | sed -e 's, ,\n,g' | grep -q '^f2b-apache-modsecurity$' + +actioncheck = firewall-cmd --direct --get-chains ipv4 filter | sed -e 's, ,\n,g' | grep -q '^f2b-$' + +actionban = firewall-cmd --direct --add-rule ipv4 filter f2b- 0 -s -j + +actionunban = firewall-cmd --direct --remove-rule ipv4 filter f2b- 0 -s -j + +[Init] + +# Default name of the chain +name = default + +chain = INPUT_direct + +# Could also use port numbers separated by a comma. +port = 1:65535 + + +# Option: protocol +# Values: [ tcp | udp | icmp | all ] + +protocol = tcp + + + +# DEV NOTES: +# +# Author: Donald Yandt +# Uses "FirewallD" instead of the "iptables daemon". +# +# +# Output: +# actionstart: +# $ firewall-cmd --direct --add-chain ipv4 filter f2b-apache-modsecurity +# success +# $ firewall-cmd --direct --add-rule ipv4 filter f2b-apache-modsecurity 1000 -j RETURN +# success +# $ sudo firewall-cmd --direct --add-rule ipv4 filter INPUT_direct 0 -m state --state NEW -p tcp -m multiport --dports 80,443 -j f2b-apache-modsecurity +# success +# actioncheck: +# $ firewall-cmd --direct --get-chains ipv4 filter f2b-apache-modsecurity | sed -e 's, ,\n,g' | grep -q '^f2b-apache-modsecurity$' +# f2b-apache-modsecurity + diff --git a/fail2ban/action.d/firewallcmd-new.conf b/fail2ban/action.d/firewallcmd-new.conf index 9754e3f..ac72a68 100644 --- a/fail2ban/action.d/firewallcmd-new.conf +++ b/fail2ban/action.d/firewallcmd-new.conf @@ -10,9 +10,9 @@ before = iptables-common.conf actionstart = firewall-cmd --direct --add-chain ipv4 filter f2b- firewall-cmd --direct --add-rule ipv4 filter f2b- 1000 -j RETURN - firewall-cmd --direct --add-rule ipv4 filter 0 -m state --state NEW -p --dport -j f2b- + firewall-cmd --direct --add-rule ipv4 filter 0 -m state --state NEW -p -m multiport --dports -j f2b- -actionstop = firewall-cmd --direct --remove-rule ipv4 filter 0 -m state --state NEW -p --dport -j f2b- +actionstop = firewall-cmd --direct --remove-rule ipv4 filter 0 -m state --state NEW -p -m multiport --dports -j f2b- firewall-cmd --direct --remove-rules ipv4 filter f2b- firewall-cmd --direct --remove-chain ipv4 filter f2b- @@ -43,7 +43,7 @@ chain = INPUT_direct # success # $ firewall-cmd --direct --add-rule ipv4 filter fail2ban-name 1000 -j RETURN # success -# $ sudo firewall-cmd --direct --add-rule ipv4 filter INPUT_direct 0 -m state --state NEW -p tcp --dport 22 -j fail2ban-name +# $ sudo firewall-cmd --direct --add-rule ipv4 filter INPUT_direct 0 -m state --state NEW -p tcp -m multiport --dports 22 -j fail2ban-name # success # $ firewall-cmd --direct --get-chains ipv4 filter # fail2ban-name diff --git a/fail2ban/action.d/mail-whois-lines.conf b/fail2ban/action.d/mail-whois-lines.conf index aa7d095..5f760ac 100644 --- a/fail2ban/action.d/mail-whois-lines.conf +++ b/fail2ban/action.d/mail-whois-lines.conf @@ -42,7 +42,7 @@ actionban = printf %%b "Hi,\n Here is more information about :\n `whois || echo missing whois program`\n\n Lines containing IP: in \n - `grep '[^0-9][^0-9]' `\n\n + `grep -E '(^|[^0-9])([^0-9]|$)' `\n\n Regards,\n Fail2Ban"|mail -s "[Fail2Ban] : banned from `uname -n`" diff --git a/fail2ban/action.d/nsupdate.conf b/fail2ban/action.d/nsupdate.conf new file mode 100644 index 0000000..7886825 --- /dev/null +++ b/fail2ban/action.d/nsupdate.conf @@ -0,0 +1,114 @@ +# Fail2Ban configuration file +# +# Author: Andrew St. Jean +# +# Use nsupdate to perform dynamic DNS updates on a BIND zone file. +# One may want to do this to update a local RBL with banned IP addresses. +# +# Options +# +# domain DNS domain that will appear in nsupdate add and delete +# commands. +# +# ttl The time to live (TTL) in seconds of the TXT resource +# record. +# +# rdata Data portion of the TXT resource record. +# +# nsupdatecmd Full path to the nsupdate command. +# +# keyfile Full path to TSIG key file used for authentication between +# nsupdate and BIND. +# +# Create an nsupdate.local to set at least the and +# options as they don't have default values. +# +# The ban and unban commands assume nsupdate will authenticate to the BIND +# server using a TSIG key. The full path to the key file must be specified +# in the parameter. Use this command to generate your TSIG key. +# +# dnssec-keygen -a HMAC-MD5 -b 256 -n HOST +# +# Replace with some meaningful name. +# +# This command will generate two files. Specify the .private file in the +# option. Note that the .key file must also be present in the same +# directory for nsupdate to use the key. +# +# Don't forget to add the key and appropriate allow-update or update-policy +# option to your named.conf file. +# + +[Definition] + +# Option: actionstart +# Notes.: command executed once at the start of Fail2Ban. +# Values: CMD +# +actionstart = + + +# Option: actionstop +# Notes.: command executed once at the end of Fail2Ban +# Values: CMD +# +actionstop = + + +# Option: actioncheck +# Notes.: command executed once before each actionban command +# Values: CMD +# +actioncheck = + +# Option: actionban +# Notes.: command executed when banning an IP. Take care that the +# command is executed with Fail2Ban user rights. +# Tags: See jail.conf(5) man page +# Values: CMD +# +actionban = echo | awk -F. '{print "prereq nxrrset "$4"."$3"."$2"."$1". TXT"; print "update add "$4"."$3"."$2"."$1". IN TXT \"\""; print "send"}' | -k + +# Option: actionunban +# Notes.: command executed when unbanning an IP. Take care that the +# command is executed with Fail2Ban user rights. +# Tags: See jail.conf(5) man page +# Values: CMD +# +actionunban = echo | awk -F. '{print "update delete "$4"."$3"."$2"."$1"."; print "send"}' | -k + +[Init] + +# Option: domain +# Notes.: DNS domain that nsupdate will update. +# Values: STRING +# +domain = + +# Option: ttl +# Notes.: time to live (TTL) in seconds of TXT resource record +# added by nsupdate. +# Values: NUM +# +ttl = 60 + +# Option: rdata +# Notes.: data portion of the TXT resource record added by nsupdate. +# Values: STRING +# +rdata = Your IP has been banned + +# Option: nsupdatecmd +# Notes.: specifies the full path to the nsupdate program that dynamically +# updates BIND zone files. +# Values: CMD +# +nsupdatecmd = /usr/bin/nsupdate + +# Option: keyfile +# Notes.: specifies the full path to the file containing the +# TSIG key for communicating with BIND. +# Values: STRING +# +keyfile = + diff --git a/fail2ban/action.d/sendmail-common.conf b/fail2ban/action.d/sendmail-common.conf index 26dcb4c..af0212b 100644 --- a/fail2ban/action.d/sendmail-common.conf +++ b/fail2ban/action.d/sendmail-common.conf @@ -15,7 +15,7 @@ after = sendmail-common.local # Values: CMD # actionstart = printf %%b "Subject: [Fail2Ban] : started on `uname -n` - Date: `LC_TIME=C date -u +"%%a, %%d %%h %%Y %%T +0000"` + Date: `LC_TIME=C date +"%%a, %%d %%h %%Y %%T %%z"` From: <> To: \n Hi,\n @@ -28,7 +28,7 @@ actionstart = printf %%b "Subject: [Fail2Ban] : started on `uname -n` # Values: CMD # actionstop = printf %%b "Subject: [Fail2Ban] : stopped on `uname -n` - Date: `LC_TIME=C date -u +"%%a, %%d %%h %%Y %%T +0000"` + Date: `LC_TIME=C date +"%%a, %%d %%h %%Y %%T %%z"` From: <> To: \n Hi,\n diff --git a/fail2ban/action.d/sendmail-geoip-lines.conf b/fail2ban/action.d/sendmail-geoip-lines.conf new file mode 100644 index 0000000..4225a3e --- /dev/null +++ b/fail2ban/action.d/sendmail-geoip-lines.conf @@ -0,0 +1,49 @@ +# Fail2Ban configuration file +# +# Author: Viktor Szépe +# +# + +[INCLUDES] + +before = sendmail-common.conf + +[Definition] + +# Option: actionban +# Notes.: Command executed when banning an IP. Take care that the +# command is executed with Fail2Ban user rights. +# You need to install geoiplookup and the GeoLite or GeoIP databases. +# (geoip-bin and geoip-database in Debian) +# The host command comes from bind9-host package. +# Tags: See jail.conf(5) man page +# Values: CMD +# +actionban = printf %%b "Subject: [Fail2Ban] : banned from `uname -n` + Date: `LC_TIME=C date +"%%a, %%d %%h %%Y %%T %%z"` + From: <> + To: \n + Hi,\n + The IP has just been banned by Fail2Ban after + attempts against .\n\n + Here is more information about :\n + http://bgp.he.net/ip/ + http://www.projecthoneypot.org/ip_ + http://whois.domaintools.com/\n\n + Country:`geoiplookup -f /usr/share/GeoIP/GeoIP.dat "" | cut -d':' -f2-` + AS:`geoiplookup -f /usr/share/GeoIP/GeoIPASNum.dat "" | cut -d':' -f2-` + hostname: `host -t A 2>&1`\n\n + Lines containing IP: in \n + `grep -E '(^|[^0-9])([^0-9]|$)' `\n\n + Regards,\n + Fail2Ban" | /usr/sbin/sendmail -f + +[Init] + +# Default name of the chain +# +name = default + +# Path to the log files which contain relevant lines for the abuser IP +# +logpath = /dev/null diff --git a/fail2ban/action.d/sendmail-whois-ipjailmatches.conf b/fail2ban/action.d/sendmail-whois-ipjailmatches.conf index 45b1f31..9c32f41 100644 --- a/fail2ban/action.d/sendmail-whois-ipjailmatches.conf +++ b/fail2ban/action.d/sendmail-whois-ipjailmatches.conf @@ -17,13 +17,13 @@ before = sendmail-common.conf # Values: CMD # actionban = printf %%b "Subject: [Fail2Ban] : banned from `uname -n` - Date: `LC_TIME=C date -u +"%%a, %%d %%h %%Y %%T +0000"` + Date: `LC_TIME=C date +"%%a, %%d %%h %%Y %%T %%z"` From: <> To: \n Hi,\n The IP has just been banned by Fail2Ban after attempts against .\n\n - Here are more information about :\n + Here is more information about :\n `/usr/bin/whois `\n\n Matches for with failures IP:\n \n\n diff --git a/fail2ban/action.d/sendmail-whois-ipmatches.conf b/fail2ban/action.d/sendmail-whois-ipmatches.conf index 8193fb0..8c07454 100644 --- a/fail2ban/action.d/sendmail-whois-ipmatches.conf +++ b/fail2ban/action.d/sendmail-whois-ipmatches.conf @@ -17,13 +17,13 @@ before = sendmail-common.conf # Values: CMD # actionban = printf %%b "Subject: [Fail2Ban] : banned from `uname -n` - Date: `LC_TIME=C date -u +"%%a, %%d %%h %%Y %%T +0000"` + Date: `LC_TIME=C date +"%%a, %%d %%h %%Y %%T %%z"` From: <> To: \n Hi,\n The IP has just been banned by Fail2Ban after attempts against .\n\n - Here are more information about :\n + Here is more information about :\n `/usr/bin/whois `\n\n Matches with failures IP:\n \n\n diff --git a/fail2ban/action.d/sendmail-whois-lines.conf b/fail2ban/action.d/sendmail-whois-lines.conf index 270373e..135632c 100644 --- a/fail2ban/action.d/sendmail-whois-lines.conf +++ b/fail2ban/action.d/sendmail-whois-lines.conf @@ -17,7 +17,7 @@ before = sendmail-common.conf # Values: CMD # actionban = printf %%b "Subject: [Fail2Ban] : banned from `uname -n` - Date: `LC_TIME=C date -u +"%%a, %%d %%h %%Y %%T +0000"` + Date: `LC_TIME=C date +"%%a, %%d %%h %%Y %%T %%z"` From: <> To: \n Hi,\n @@ -26,7 +26,7 @@ actionban = printf %%b "Subject: [Fail2Ban] : banned from `uname -n` Here is more information about :\n `/usr/bin/whois || echo missing whois program`\n\n Lines containing IP: in \n - `grep '[^0-9][^0-9]' `\n\n + `grep -E '(^|[^0-9])([^0-9]|$)' `\n\n Regards,\n Fail2Ban" | /usr/sbin/sendmail -f diff --git a/fail2ban/action.d/sendmail-whois-matches.conf b/fail2ban/action.d/sendmail-whois-matches.conf index ed66476..64bac3e 100644 --- a/fail2ban/action.d/sendmail-whois-matches.conf +++ b/fail2ban/action.d/sendmail-whois-matches.conf @@ -17,13 +17,13 @@ before = sendmail-common.conf # Values: CMD # actionban = printf %%b "Subject: [Fail2Ban] : banned from `uname -n` - Date: `LC_TIME=C date -u +"%%a, %%d %%h %%Y %%T +0000"` + Date: `LC_TIME=C date +"%%a, %%d %%h %%Y %%T %%z"` From: <> To: \n Hi,\n The IP has just been banned by Fail2Ban after attempts against .\n\n - Here are more information about :\n + Here is more information about :\n `/usr/bin/whois `\n\n Matches:\n \n\n diff --git a/fail2ban/action.d/sendmail-whois.conf b/fail2ban/action.d/sendmail-whois.conf index fc60127..9403a38 100644 --- a/fail2ban/action.d/sendmail-whois.conf +++ b/fail2ban/action.d/sendmail-whois.conf @@ -17,7 +17,7 @@ before = sendmail-common.conf # Values: CMD # actionban = printf %%b "Subject: [Fail2Ban] : banned from `uname -n` - Date: `LC_TIME=C date -u +"%%a, %%d %%h %%Y %%T +0000"` + Date: `LC_TIME=C date +"%%a, %%d %%h %%Y %%T %%z"` From: <> To: \n Hi,\n diff --git a/fail2ban/action.d/sendmail.conf b/fail2ban/action.d/sendmail.conf index 46050e1..4b088dc 100644 --- a/fail2ban/action.d/sendmail.conf +++ b/fail2ban/action.d/sendmail.conf @@ -17,7 +17,7 @@ before = sendmail-common.conf # Values: CMD # actionban = printf %%b "Subject: [Fail2Ban] : banned from `uname -n` - Date: `LC_TIME=C date -u +"%%a, %%d %%h %%Y %%T +0000"` + Date: `LC_TIME=C date +"%%a, %%d %%h %%Y %%T %%z"` From: <> To: \n Hi,\n diff --git a/fail2ban/action.d/ufw.conf b/fail2ban/action.d/ufw.conf index 04b8b32..d2f731f 100644 --- a/fail2ban/action.d/ufw.conf +++ b/fail2ban/action.d/ufw.conf @@ -13,9 +13,11 @@ actionstop = actioncheck = -actionban = [ -n "" ] && app="app " ; ufw insert from to $app +actionban = [ -n "" ] && app="app " + ufw insert from to $app -actionunban = [ -n "" ] && app="app " ; ufw delete from to $app +actionunban = [ -n "" ] && app="app " + ufw delete from to $app [Init] # Option: insertpos diff --git a/fail2ban/action.d/xarf-login-attack.conf b/fail2ban/action.d/xarf-login-attack.conf index 6d6a74f..19b3167 100644 --- a/fail2ban/action.d/xarf-login-attack.conf +++ b/fail2ban/action.d/xarf-login-attack.conf @@ -46,7 +46,7 @@ actionban = oifs=${IFS}; IFS=.;SEP_IP=( ); set -- ${SEP_IP}; ADDRESSES=$(di REPORTID=