From 6aed46ac8736e3165b4471192a677d418edf9281 Mon Sep 17 00:00:00 2001 From: Frank Brehm Date: Wed, 26 Oct 2016 21:03:59 +0200 Subject: [PATCH] saving uncommitted changes in /etc prior to emerge run --- bash/bashrc | 9 +- bash/bashrc.orig | 54 +++-- config-archive/etc/bash/bashrc | 28 ++- config-archive/etc/bash/bashrc.1 | 21 +- config-archive/etc/bash/bashrc.2 | 8 +- config-archive/etc/bash/bashrc.3 | 12 +- config-archive/etc/bash/bashrc.4 | 150 +++++++++++++ config-archive/etc/bash/bashrc.5 | 152 +++++++++++++ config-archive/etc/bash/bashrc.dist.new | 54 +++-- .../etc/cron.daily/logrotate.dist.new | 2 +- .../etc/libvirt/nwfilter/allow-arp.xml | 11 + .../etc/libvirt/nwfilter/allow-arp.xml.dist | 3 + .../libvirt/nwfilter/allow-dhcp-server.xml | 16 ++ .../nwfilter/allow-dhcp-server.xml.dist | 24 +++ .../etc/libvirt/nwfilter/allow-dhcp.xml | 16 ++ .../etc/libvirt/nwfilter/allow-dhcp.xml.dist | 21 ++ .../libvirt/nwfilter/allow-incoming-ipv4.xml | 11 + .../nwfilter/allow-incoming-ipv4.xml.dist | 3 + .../etc/libvirt/nwfilter/allow-ipv4.xml | 11 + .../etc/libvirt/nwfilter/allow-ipv4.xml.dist | 3 + .../etc/libvirt/nwfilter/clean-traffic.xml | 22 ++ .../libvirt/nwfilter/clean-traffic.xml.dist | 30 +++ .../libvirt/nwfilter/no-arp-ip-spoofing.xml | 14 ++ .../nwfilter/no-arp-ip-spoofing.xml.dist | 9 + .../libvirt/nwfilter/no-arp-mac-spoofing.xml | 14 ++ .../nwfilter/no-arp-mac-spoofing.xml.dist | 7 + .../etc/libvirt/nwfilter/no-arp-spoofing.xml | 12 ++ .../libvirt/nwfilter/no-arp-spoofing.xml.dist | 4 + .../etc/libvirt/nwfilter/no-ip-multicast.xml | 13 ++ .../libvirt/nwfilter/no-ip-multicast.xml.dist | 9 + .../etc/libvirt/nwfilter/no-ip-spoofing.xml | 17 ++ .../libvirt/nwfilter/no-ip-spoofing.xml.dist | 14 ++ .../etc/libvirt/nwfilter/no-mac-broadcast.xml | 13 ++ .../nwfilter/no-mac-broadcast.xml.dist | 8 + .../etc/libvirt/nwfilter/no-mac-spoofing.xml | 16 ++ .../libvirt/nwfilter/no-mac-spoofing.xml.dist | 10 + .../libvirt/nwfilter/no-other-l2-traffic.xml | 11 + .../nwfilter/no-other-l2-traffic.xml.dist | 7 + .../nwfilter/no-other-rarp-traffic.xml | 11 + .../nwfilter/no-other-rarp-traffic.xml.dist | 3 + .../nwfilter/qemu-announce-self-rarp.xml | 16 ++ .../nwfilter/qemu-announce-self-rarp.xml.dist | 14 ++ .../libvirt/nwfilter/qemu-announce-self.xml | 15 ++ .../nwfilter/qemu-announce-self.xml.dist | 13 ++ config-archive/etc/ssh/sshd_config | 18 +- config-archive/etc/ssh/sshd_config.1 | 3 +- config-archive/etc/ssh/sshd_config.2 | 7 +- config-archive/etc/ssh/sshd_config.3 | 87 ++------ config-archive/etc/ssh/sshd_config.4 | 7 +- config-archive/etc/ssh/sshd_config.5 | 26 ++- config-archive/etc/ssh/sshd_config.6 | 12 +- config-archive/etc/ssh/sshd_config.7 | 18 +- config-archive/etc/ssh/sshd_config.8 | 20 +- config-archive/etc/ssh/sshd_config.9 | 199 ++++++++++++++++++ config-archive/etc/ssh/sshd_config.dist | 17 +- libvirt/nwfilter/allow-arp.xml | 12 +- libvirt/nwfilter/allow-dhcp-server.xml | 36 ++-- libvirt/nwfilter/allow-dhcp.xml | 33 +-- libvirt/nwfilter/allow-incoming-ipv4.xml | 12 +- libvirt/nwfilter/allow-ipv4.xml | 12 +- libvirt/nwfilter/clean-traffic.xml | 48 +++-- libvirt/nwfilter/no-arp-ip-spoofing.xml | 17 +- libvirt/nwfilter/no-arp-mac-spoofing.xml | 17 +- libvirt/nwfilter/no-arp-spoofing.xml | 8 - libvirt/nwfilter/no-ip-multicast.xml | 18 +- libvirt/nwfilter/no-ip-spoofing.xml | 17 +- libvirt/nwfilter/no-mac-broadcast.xml | 17 +- libvirt/nwfilter/no-mac-spoofing.xml | 14 +- libvirt/nwfilter/no-other-l2-traffic.xml | 14 +- libvirt/nwfilter/no-other-rarp-traffic.xml | 12 +- libvirt/nwfilter/qemu-announce-self-rarp.xml | 20 +- libvirt/nwfilter/qemu-announce-self.xml | 24 +-- ssh/sshd_config | 17 +- 73 files changed, 1290 insertions(+), 383 deletions(-) create mode 100644 config-archive/etc/bash/bashrc.4 create mode 100644 config-archive/etc/bash/bashrc.5 create mode 100644 config-archive/etc/libvirt/nwfilter/allow-arp.xml create mode 100644 config-archive/etc/libvirt/nwfilter/allow-arp.xml.dist create mode 100644 config-archive/etc/libvirt/nwfilter/allow-dhcp-server.xml create mode 100644 config-archive/etc/libvirt/nwfilter/allow-dhcp-server.xml.dist create mode 100644 config-archive/etc/libvirt/nwfilter/allow-dhcp.xml create mode 100644 config-archive/etc/libvirt/nwfilter/allow-dhcp.xml.dist create mode 100644 config-archive/etc/libvirt/nwfilter/allow-incoming-ipv4.xml create mode 100644 config-archive/etc/libvirt/nwfilter/allow-incoming-ipv4.xml.dist create mode 100644 config-archive/etc/libvirt/nwfilter/allow-ipv4.xml create mode 100644 config-archive/etc/libvirt/nwfilter/allow-ipv4.xml.dist create mode 100644 config-archive/etc/libvirt/nwfilter/clean-traffic.xml create mode 100644 config-archive/etc/libvirt/nwfilter/clean-traffic.xml.dist create mode 100644 config-archive/etc/libvirt/nwfilter/no-arp-ip-spoofing.xml create mode 100644 config-archive/etc/libvirt/nwfilter/no-arp-ip-spoofing.xml.dist create mode 100644 config-archive/etc/libvirt/nwfilter/no-arp-mac-spoofing.xml create mode 100644 config-archive/etc/libvirt/nwfilter/no-arp-mac-spoofing.xml.dist create mode 100644 config-archive/etc/libvirt/nwfilter/no-arp-spoofing.xml create mode 100644 config-archive/etc/libvirt/nwfilter/no-arp-spoofing.xml.dist create mode 100644 config-archive/etc/libvirt/nwfilter/no-ip-multicast.xml create mode 100644 config-archive/etc/libvirt/nwfilter/no-ip-multicast.xml.dist create mode 100644 config-archive/etc/libvirt/nwfilter/no-ip-spoofing.xml create mode 100644 config-archive/etc/libvirt/nwfilter/no-ip-spoofing.xml.dist create mode 100644 config-archive/etc/libvirt/nwfilter/no-mac-broadcast.xml create mode 100644 config-archive/etc/libvirt/nwfilter/no-mac-broadcast.xml.dist create mode 100644 config-archive/etc/libvirt/nwfilter/no-mac-spoofing.xml create mode 100644 config-archive/etc/libvirt/nwfilter/no-mac-spoofing.xml.dist create mode 100644 config-archive/etc/libvirt/nwfilter/no-other-l2-traffic.xml create mode 100644 config-archive/etc/libvirt/nwfilter/no-other-l2-traffic.xml.dist create mode 100644 config-archive/etc/libvirt/nwfilter/no-other-rarp-traffic.xml create mode 100644 config-archive/etc/libvirt/nwfilter/no-other-rarp-traffic.xml.dist create mode 100644 config-archive/etc/libvirt/nwfilter/qemu-announce-self-rarp.xml create mode 100644 config-archive/etc/libvirt/nwfilter/qemu-announce-self-rarp.xml.dist create mode 100644 config-archive/etc/libvirt/nwfilter/qemu-announce-self.xml create mode 100644 config-archive/etc/libvirt/nwfilter/qemu-announce-self.xml.dist create mode 100644 config-archive/etc/ssh/sshd_config.9 diff --git a/bash/bashrc b/bash/bashrc index fcf508b7..1f12e578 100644 --- a/bash/bashrc +++ b/bash/bashrc @@ -24,7 +24,7 @@ shopt -s checkwinsize # and waiting a long time for bash to expand all of $PATH. shopt -s no_empty_cmd_completion -# Enable history appending instead of overwriting. #139609 +# Enable history appending instead of overwriting when exiting. #139609 shopt -s histappend # Save each command to the history file as it's executed. #517342 @@ -38,7 +38,7 @@ shopt -s histappend # Change the window title of X terminals case ${TERM} in - xterm*|rxvt*|Eterm*|aterm|kterm|gnome*|interix|konsole*) + [aEkx]term*|rxvt*|gnome*|konsole*|interix) PROMPT_COMMAND='echo -ne "\033]0;${USER}@${HOSTNAME%%.*}:${PWD/#$HOME/~}\007"' ;; screen*) @@ -51,8 +51,9 @@ use_color=false # Set colorful PS1 only on colorful terminals. # dircolors --print-database uses its own built-in database # instead of using /etc/DIR_COLORS. Try to use the external file -# first to take advantage of user additions. Use internal bash -# globbing instead of external grep binary. +# first to take advantage of user additions. +# We run dircolors directly due to its changes in file syntax and +# terminal name patching. safe_term=${TERM//[^[:alnum:]]/?} # sanitize TERM match_lhs="" [[ -f ~/.dir_colors ]] && match_lhs="${match_lhs}$(<~/.dir_colors)" diff --git a/bash/bashrc.orig b/bash/bashrc.orig index 7006bf9f..89848361 100644 --- a/bash/bashrc.orig +++ b/bash/bashrc.orig @@ -38,7 +38,7 @@ shopt -s histappend # Change the window title of X terminals case ${TERM} in - xterm*|rxvt*|Eterm*|aterm|kterm|gnome*|interix|konsole*) + [aEkx]term*|rxvt*|gnome*|konsole*|interix) PS1='\[\033]0;\u@\h:\w\007\]' ;; screen*) @@ -49,32 +49,42 @@ case ${TERM} in ;; esac -use_color=false - # Set colorful PS1 only on colorful terminals. # dircolors --print-database uses its own built-in database # instead of using /etc/DIR_COLORS. Try to use the external file -# first to take advantage of user additions. Use internal bash -# globbing instead of external grep binary. -safe_term=${TERM//[^[:alnum:]]/?} # sanitize TERM -match_lhs="" -[[ -f ~/.dir_colors ]] && match_lhs="${match_lhs}$(<~/.dir_colors)" -[[ -f /etc/DIR_COLORS ]] && match_lhs="${match_lhs}$(/dev/null \ - && match_lhs=$(dircolors --print-database) -[[ $'\n'${match_lhs} == *$'\n'"TERM "${safe_term}* ]] && use_color=true - -if ${use_color} ; then +# first to take advantage of user additions. +# We run dircolors directly due to its changes in file syntax and +# terminal name patching. +use_color=false +if type -P dircolors >/dev/null ; then # Enable colors for ls, etc. Prefer ~/.dir_colors #64489 - if type -P dircolors >/dev/null ; then - if [[ -f ~/.dir_colors ]] ; then - eval $(dircolors -b ~/.dir_colors) - elif [[ -f /etc/DIR_COLORS ]] ; then - eval $(dircolors -b /etc/DIR_COLORS) - fi + LS_COLORS= + if [[ -f ~/.dir_colors ]] ; then + eval "$(dircolors -b ~/.dir_colors)" + elif [[ -f /etc/DIR_COLORS ]] ; then + eval "$(dircolors -b /etc/DIR_COLORS)" + else + eval "$(dircolors -b)" fi + # Note: We always evaluate the LS_COLORS setting even when it's the + # default. If it isn't set, then `ls` will only colorize by default + # based on file attributes and ignore extensions (even the compiled + # in defaults of dircolors). #583814 + if [[ -n ${LS_COLORS:+set} ]] ; then + use_color=true + else + # Delete it if it's empty as it's useless in that case. + unset LS_COLORS + fi +else + # Some systems (e.g. BSD & embedded) don't typically come with + # dircolors so we need to hardcode some terminals in here. + case ${TERM} in + [aEkx]term*|rxvt*|gnome*|konsole*|screen|cons25|*color) use_color=true;; + esac +fi +if ${use_color} ; then if [[ ${EUID} == 0 ]] ; then PS1+='\[\033[01;31m\]\h\[\033[01;34m\] \W \$\[\033[00m\] ' else @@ -99,4 +109,4 @@ for sh in /etc/bash/bashrc.d/* ; do done # Try to keep environment pollution down, EPA loves us. -unset use_color safe_term match_lhs sh +unset use_color sh diff --git a/config-archive/etc/bash/bashrc b/config-archive/etc/bash/bashrc index b52cbd59..1f12e578 100644 --- a/config-archive/etc/bash/bashrc +++ b/config-archive/etc/bash/bashrc @@ -20,12 +20,25 @@ fi # http://cnswww.cns.cwru.edu/~chet/bash/FAQ (E11) shopt -s checkwinsize -# Enable history appending instead of overwriting. #139609 +# Disable completion when the input buffer is empty. i.e. Hitting tab +# and waiting a long time for bash to expand all of $PATH. +shopt -s no_empty_cmd_completion + +# Enable history appending instead of overwriting when exiting. #139609 shopt -s histappend +# Save each command to the history file as it's executed. #517342 +# This does mean sessions get interleaved when reading later on, but this +# way the history is always up to date. History is not synced across live +# sessions though; that is what `history -n` does. +# Disabled by default due to concerns related to system recovery when $HOME +# is under duress, or lives somewhere flaky (like NFS). Constantly syncing +# the history will halt the shell prompt until it's finished. +#PROMPT_COMMAND='history -a' + # Change the window title of X terminals case ${TERM} in - xterm*|rxvt*|Eterm*|aterm|kterm|gnome*|interix|konsole*) + [aEkx]term*|rxvt*|gnome*|konsole*|interix) PROMPT_COMMAND='echo -ne "\033]0;${USER}@${HOSTNAME%%.*}:${PWD/#$HOME/~}\007"' ;; screen*) @@ -38,8 +51,9 @@ use_color=false # Set colorful PS1 only on colorful terminals. # dircolors --print-database uses its own built-in database # instead of using /etc/DIR_COLORS. Try to use the external file -# first to take advantage of user additions. Use internal bash -# globbing instead of external grep binary. +# first to take advantage of user additions. +# We run dircolors directly due to its changes in file syntax and +# terminal name patching. safe_term=${TERM//[^[:alnum:]]/?} # sanitize TERM match_lhs="" [[ -f ~/.dir_colors ]] && match_lhs="${match_lhs}$(<~/.dir_colors)" @@ -80,6 +94,10 @@ else fi fi +for sh in /etc/bash/bashrc.d/* ; do + [[ -r ${sh} ]] && source "${sh}" +done + # Try to keep environment pollution down, EPA loves us. unset use_color safe_term match_lhs @@ -141,7 +159,7 @@ if [ -f /usr/share/mc/mc.gentoo ]; then . /usr/share/mc/mc.gentoo fi -if [ -e /etc/bash_completion.d/git ] ; then +if type -t __git_ps1 >/dev/null ; then if [[ ${EUID} == 0 ]] ; then PS1='$? \[\033[01;31m\]\h\[\033[01;30m\]:\[\033[01;34m\]\w\[\033[01;31m\]$(__git_ps1)\[\033[01;34m\] \$ \[\033[00m\]' else diff --git a/config-archive/etc/bash/bashrc.1 b/config-archive/etc/bash/bashrc.1 index 856e9e4d..fcf508b7 100644 --- a/config-archive/etc/bash/bashrc.1 +++ b/config-archive/etc/bash/bashrc.1 @@ -20,12 +20,25 @@ fi # http://cnswww.cns.cwru.edu/~chet/bash/FAQ (E11) shopt -s checkwinsize +# Disable completion when the input buffer is empty. i.e. Hitting tab +# and waiting a long time for bash to expand all of $PATH. +shopt -s no_empty_cmd_completion + # Enable history appending instead of overwriting. #139609 shopt -s histappend +# Save each command to the history file as it's executed. #517342 +# This does mean sessions get interleaved when reading later on, but this +# way the history is always up to date. History is not synced across live +# sessions though; that is what `history -n` does. +# Disabled by default due to concerns related to system recovery when $HOME +# is under duress, or lives somewhere flaky (like NFS). Constantly syncing +# the history will halt the shell prompt until it's finished. +#PROMPT_COMMAND='history -a' + # Change the window title of X terminals case ${TERM} in - xterm*|rxvt*|Eterm*|aterm|kterm|gnome*|interix) + xterm*|rxvt*|Eterm*|aterm|kterm|gnome*|interix|konsole*) PROMPT_COMMAND='echo -ne "\033]0;${USER}@${HOSTNAME%%.*}:${PWD/#$HOME/~}\007"' ;; screen*) @@ -80,6 +93,10 @@ else fi fi +for sh in /etc/bash/bashrc.d/* ; do + [[ -r ${sh} ]] && source "${sh}" +done + # Try to keep environment pollution down, EPA loves us. unset use_color safe_term match_lhs @@ -141,7 +158,7 @@ if [ -f /usr/share/mc/mc.gentoo ]; then . /usr/share/mc/mc.gentoo fi -if [ -e /etc/bash_completion.d/git ] ; then +if type -t __git_ps1 >/dev/null ; then if [[ ${EUID} == 0 ]] ; then PS1='$? \[\033[01;31m\]\h\[\033[01;30m\]:\[\033[01;34m\]\w\[\033[01;31m\]$(__git_ps1)\[\033[01;34m\] \$ \[\033[00m\]' else diff --git a/config-archive/etc/bash/bashrc.2 b/config-archive/etc/bash/bashrc.2 index 3ac0859a..b52cbd59 100644 --- a/config-archive/etc/bash/bashrc.2 +++ b/config-archive/etc/bash/bashrc.2 @@ -25,10 +25,10 @@ shopt -s histappend # Change the window title of X terminals case ${TERM} in - xterm*|rxvt*|Eterm|aterm|kterm|gnome*|interix) + xterm*|rxvt*|Eterm*|aterm|kterm|gnome*|interix|konsole*) PROMPT_COMMAND='echo -ne "\033]0;${USER}@${HOSTNAME%%.*}:${PWD/#$HOME/~}\007"' ;; - screen) + screen*) PROMPT_COMMAND='echo -ne "\033_${USER}@${HOSTNAME%%.*}:${PWD/#$HOME/~}\033\\"' ;; esac @@ -68,7 +68,9 @@ if ${use_color} ; then fi alias ls='ls --color=auto' - #alias grep='grep --colour=auto' + alias grep='grep --colour=auto' + alias egrep='egrep --colour=auto' + alias fgrep='fgrep --colour=auto' else if [[ ${EUID} == 0 ]] ; then # show root@ when we don't have colors diff --git a/config-archive/etc/bash/bashrc.3 b/config-archive/etc/bash/bashrc.3 index d1281e35..856e9e4d 100644 --- a/config-archive/etc/bash/bashrc.3 +++ b/config-archive/etc/bash/bashrc.3 @@ -25,10 +25,10 @@ shopt -s histappend # Change the window title of X terminals case ${TERM} in - xterm*|rxvt*|Eterm|aterm|kterm|gnome*|interix) + xterm*|rxvt*|Eterm*|aterm|kterm|gnome*|interix) PROMPT_COMMAND='echo -ne "\033]0;${USER}@${HOSTNAME%%.*}:${PWD/#$HOME/~}\007"' ;; - screen) + screen*) PROMPT_COMMAND='echo -ne "\033_${USER}@${HOSTNAME%%.*}:${PWD/#$HOME/~}\033\\"' ;; esac @@ -68,7 +68,9 @@ if ${use_color} ; then fi alias ls='ls --color=auto' - #alias grep='grep --colour=auto' + alias grep='grep --colour=auto' + alias egrep='egrep --colour=auto' + alias fgrep='fgrep --colour=auto' else if [[ ${EUID} == 0 ]] ; then # show root@ when we don't have colors @@ -139,8 +141,7 @@ if [ -f /usr/share/mc/mc.gentoo ]; then . /usr/share/mc/mc.gentoo fi -if [ -f /etc/profile.d/bash-completion ]; then - . /etc/profile.d/bash-completion +if [ -e /etc/bash_completion.d/git ] ; then if [[ ${EUID} == 0 ]] ; then PS1='$? \[\033[01;31m\]\h\[\033[01;30m\]:\[\033[01;34m\]\w\[\033[01;31m\]$(__git_ps1)\[\033[01;34m\] \$ \[\033[00m\]' else @@ -148,5 +149,4 @@ if [ -f /etc/profile.d/bash-completion ]; then fi fi - # vim: ts=4 expandtab diff --git a/config-archive/etc/bash/bashrc.4 b/config-archive/etc/bash/bashrc.4 new file mode 100644 index 00000000..3ac0859a --- /dev/null +++ b/config-archive/etc/bash/bashrc.4 @@ -0,0 +1,150 @@ +# /etc/bash/bashrc +# +# This file is sourced by all *interactive* bash shells on startup, +# including some apparently interactive shells such as scp and rcp +# that can't tolerate any output. So make sure this doesn't display +# anything or bad things will happen ! + + +# Test for an interactive shell. There is no need to set anything +# past this point for scp and rcp, and it's important to refrain from +# outputting anything in those cases. +if [[ $- != *i* ]] ; then + # Shell is non-interactive. Be done now! + return +fi + +# Bash won't get SIGWINCH if another process is in the foreground. +# Enable checkwinsize so that bash will check the terminal size when +# it regains control. #65623 +# http://cnswww.cns.cwru.edu/~chet/bash/FAQ (E11) +shopt -s checkwinsize + +# Enable history appending instead of overwriting. #139609 +shopt -s histappend + +# Change the window title of X terminals +case ${TERM} in + xterm*|rxvt*|Eterm|aterm|kterm|gnome*|interix) + PROMPT_COMMAND='echo -ne "\033]0;${USER}@${HOSTNAME%%.*}:${PWD/#$HOME/~}\007"' + ;; + screen) + PROMPT_COMMAND='echo -ne "\033_${USER}@${HOSTNAME%%.*}:${PWD/#$HOME/~}\033\\"' + ;; +esac + +use_color=false + +# Set colorful PS1 only on colorful terminals. +# dircolors --print-database uses its own built-in database +# instead of using /etc/DIR_COLORS. Try to use the external file +# first to take advantage of user additions. Use internal bash +# globbing instead of external grep binary. +safe_term=${TERM//[^[:alnum:]]/?} # sanitize TERM +match_lhs="" +[[ -f ~/.dir_colors ]] && match_lhs="${match_lhs}$(<~/.dir_colors)" +[[ -f /etc/DIR_COLORS ]] && match_lhs="${match_lhs}$(/dev/null \ + && match_lhs=$(dircolors --print-database) +[[ $'\n'${match_lhs} == *$'\n'"TERM "${safe_term}* ]] && use_color=true + +if ${use_color} ; then + # Enable colors for ls, etc. Prefer ~/.dir_colors #64489 + if type -P dircolors >/dev/null ; then + if [[ -f ~/.dir_colors ]] ; then + eval $(dircolors -b ~/.dir_colors) + elif [[ -f /etc/DIR_COLORS ]] ; then + eval $(dircolors -b /etc/DIR_COLORS) + fi + fi + + if [[ ${EUID} == 0 ]] ; then + #PS1='\[\033[01;31m\]\h\[\033[01;34m\] \W \$\[\033[00m\] ' + PS1='$? \[\033[01;31m\]\h\[\033[01;30m\]:\[\033[01;34m\]\w \$ \[\033[00m\]' + else + #PS1='\[\033[01;32m\]\u@\h\[\033[01;34m\] \w \$\[\033[00m\] ' + PS1='$? \[\033[01;32m\]\u@\h\[\033[01;30m\]:\[\033[01;34m\]\w > \[\033[00m\]' + fi + + alias ls='ls --color=auto' + #alias grep='grep --colour=auto' +else + if [[ ${EUID} == 0 ]] ; then + # show root@ when we don't have colors + PS1='\u@\h \W \$ ' + else + PS1='\u@\h \w \$ ' + fi +fi + +# Try to keep environment pollution down, EPA loves us. +unset use_color safe_term match_lhs + +if [ -d /usr/scripts ] ; then + PATH=/usr/scripts:$PATH + export PATH +fi + +if [ -d $HOME/bin ] ; then + PATH=$PATH:$HOME/bin + export PATH +fi + +if [ -d $HOME/lib ] ; then + PERL5LIB=$HOME/lib + export PERL5LIB +fi + +#if [[ ${EUID} == 0 ]] ; then +# alias ll="ls -lA" +#else +# alias ll="ls -l" +#fi +alias l="ls -l" +alias ll="ls -lA" +alias la="ls -la" +alias md=mkdir +alias rd=rmdir +alias ..='cd ..' +alias ...='cd ../..' +alias cd..='cd ..' +alias cd...='cd ../..' +alias pl="ps -fu $USER" + +lcd() { + cd $( perl -e ' +use strict; +use Cwd; +my $new = shift; +my $cwd = Cwd::abs_path(getcwd()); +my $newa = $cwd; +if ($new){ + $newa = Cwd::abs_path($new); + $newa = $cwd unless $newa; +}; +printf("%s\n", $newa); +' $1 ) +} + +export LESS="-R -M -I --shift 5" +export LESSCHARSET="utf-8" + +HISTCONTROL=ignoreboth +HISTSIZE=50000 +HISTFILESIZE=50000 +HISTTIMEFORMAT='%Y-%m-%d %H:%M:%S ' + +if [ -f /usr/share/mc/mc.gentoo ]; then + . /usr/share/mc/mc.gentoo +fi + +if [ -e /etc/bash_completion.d/git ] ; then + if [[ ${EUID} == 0 ]] ; then + PS1='$? \[\033[01;31m\]\h\[\033[01;30m\]:\[\033[01;34m\]\w\[\033[01;31m\]$(__git_ps1)\[\033[01;34m\] \$ \[\033[00m\]' + else + PS1='$? \[\033[01;32m\]\u@\h\[\033[01;30m\]:\[\033[01;34m\]\w\[\033[01;31m\]$(__git_ps1)\[\033[01;34m\] > \[\033[00m\]' + fi +fi + +# vim: ts=4 expandtab diff --git a/config-archive/etc/bash/bashrc.5 b/config-archive/etc/bash/bashrc.5 new file mode 100644 index 00000000..d1281e35 --- /dev/null +++ b/config-archive/etc/bash/bashrc.5 @@ -0,0 +1,152 @@ +# /etc/bash/bashrc +# +# This file is sourced by all *interactive* bash shells on startup, +# including some apparently interactive shells such as scp and rcp +# that can't tolerate any output. So make sure this doesn't display +# anything or bad things will happen ! + + +# Test for an interactive shell. There is no need to set anything +# past this point for scp and rcp, and it's important to refrain from +# outputting anything in those cases. +if [[ $- != *i* ]] ; then + # Shell is non-interactive. Be done now! + return +fi + +# Bash won't get SIGWINCH if another process is in the foreground. +# Enable checkwinsize so that bash will check the terminal size when +# it regains control. #65623 +# http://cnswww.cns.cwru.edu/~chet/bash/FAQ (E11) +shopt -s checkwinsize + +# Enable history appending instead of overwriting. #139609 +shopt -s histappend + +# Change the window title of X terminals +case ${TERM} in + xterm*|rxvt*|Eterm|aterm|kterm|gnome*|interix) + PROMPT_COMMAND='echo -ne "\033]0;${USER}@${HOSTNAME%%.*}:${PWD/#$HOME/~}\007"' + ;; + screen) + PROMPT_COMMAND='echo -ne "\033_${USER}@${HOSTNAME%%.*}:${PWD/#$HOME/~}\033\\"' + ;; +esac + +use_color=false + +# Set colorful PS1 only on colorful terminals. +# dircolors --print-database uses its own built-in database +# instead of using /etc/DIR_COLORS. Try to use the external file +# first to take advantage of user additions. Use internal bash +# globbing instead of external grep binary. +safe_term=${TERM//[^[:alnum:]]/?} # sanitize TERM +match_lhs="" +[[ -f ~/.dir_colors ]] && match_lhs="${match_lhs}$(<~/.dir_colors)" +[[ -f /etc/DIR_COLORS ]] && match_lhs="${match_lhs}$(/dev/null \ + && match_lhs=$(dircolors --print-database) +[[ $'\n'${match_lhs} == *$'\n'"TERM "${safe_term}* ]] && use_color=true + +if ${use_color} ; then + # Enable colors for ls, etc. Prefer ~/.dir_colors #64489 + if type -P dircolors >/dev/null ; then + if [[ -f ~/.dir_colors ]] ; then + eval $(dircolors -b ~/.dir_colors) + elif [[ -f /etc/DIR_COLORS ]] ; then + eval $(dircolors -b /etc/DIR_COLORS) + fi + fi + + if [[ ${EUID} == 0 ]] ; then + #PS1='\[\033[01;31m\]\h\[\033[01;34m\] \W \$\[\033[00m\] ' + PS1='$? \[\033[01;31m\]\h\[\033[01;30m\]:\[\033[01;34m\]\w \$ \[\033[00m\]' + else + #PS1='\[\033[01;32m\]\u@\h\[\033[01;34m\] \w \$\[\033[00m\] ' + PS1='$? \[\033[01;32m\]\u@\h\[\033[01;30m\]:\[\033[01;34m\]\w > \[\033[00m\]' + fi + + alias ls='ls --color=auto' + #alias grep='grep --colour=auto' +else + if [[ ${EUID} == 0 ]] ; then + # show root@ when we don't have colors + PS1='\u@\h \W \$ ' + else + PS1='\u@\h \w \$ ' + fi +fi + +# Try to keep environment pollution down, EPA loves us. +unset use_color safe_term match_lhs + +if [ -d /usr/scripts ] ; then + PATH=/usr/scripts:$PATH + export PATH +fi + +if [ -d $HOME/bin ] ; then + PATH=$PATH:$HOME/bin + export PATH +fi + +if [ -d $HOME/lib ] ; then + PERL5LIB=$HOME/lib + export PERL5LIB +fi + +#if [[ ${EUID} == 0 ]] ; then +# alias ll="ls -lA" +#else +# alias ll="ls -l" +#fi +alias l="ls -l" +alias ll="ls -lA" +alias la="ls -la" +alias md=mkdir +alias rd=rmdir +alias ..='cd ..' +alias ...='cd ../..' +alias cd..='cd ..' +alias cd...='cd ../..' +alias pl="ps -fu $USER" + +lcd() { + cd $( perl -e ' +use strict; +use Cwd; +my $new = shift; +my $cwd = Cwd::abs_path(getcwd()); +my $newa = $cwd; +if ($new){ + $newa = Cwd::abs_path($new); + $newa = $cwd unless $newa; +}; +printf("%s\n", $newa); +' $1 ) +} + +export LESS="-R -M -I --shift 5" +export LESSCHARSET="utf-8" + +HISTCONTROL=ignoreboth +HISTSIZE=50000 +HISTFILESIZE=50000 +HISTTIMEFORMAT='%Y-%m-%d %H:%M:%S ' + +if [ -f /usr/share/mc/mc.gentoo ]; then + . /usr/share/mc/mc.gentoo +fi + +if [ -f /etc/profile.d/bash-completion ]; then + . /etc/profile.d/bash-completion + if [[ ${EUID} == 0 ]] ; then + PS1='$? \[\033[01;31m\]\h\[\033[01;30m\]:\[\033[01;34m\]\w\[\033[01;31m\]$(__git_ps1)\[\033[01;34m\] \$ \[\033[00m\]' + else + PS1='$? \[\033[01;32m\]\u@\h\[\033[01;30m\]:\[\033[01;34m\]\w\[\033[01;31m\]$(__git_ps1)\[\033[01;34m\] > \[\033[00m\]' + fi +fi + + +# vim: ts=4 expandtab diff --git a/config-archive/etc/bash/bashrc.dist.new b/config-archive/etc/bash/bashrc.dist.new index 7006bf9f..89848361 100644 --- a/config-archive/etc/bash/bashrc.dist.new +++ b/config-archive/etc/bash/bashrc.dist.new @@ -38,7 +38,7 @@ shopt -s histappend # Change the window title of X terminals case ${TERM} in - xterm*|rxvt*|Eterm*|aterm|kterm|gnome*|interix|konsole*) + [aEkx]term*|rxvt*|gnome*|konsole*|interix) PS1='\[\033]0;\u@\h:\w\007\]' ;; screen*) @@ -49,32 +49,42 @@ case ${TERM} in ;; esac -use_color=false - # Set colorful PS1 only on colorful terminals. # dircolors --print-database uses its own built-in database # instead of using /etc/DIR_COLORS. Try to use the external file -# first to take advantage of user additions. Use internal bash -# globbing instead of external grep binary. -safe_term=${TERM//[^[:alnum:]]/?} # sanitize TERM -match_lhs="" -[[ -f ~/.dir_colors ]] && match_lhs="${match_lhs}$(<~/.dir_colors)" -[[ -f /etc/DIR_COLORS ]] && match_lhs="${match_lhs}$(/dev/null \ - && match_lhs=$(dircolors --print-database) -[[ $'\n'${match_lhs} == *$'\n'"TERM "${safe_term}* ]] && use_color=true - -if ${use_color} ; then +# first to take advantage of user additions. +# We run dircolors directly due to its changes in file syntax and +# terminal name patching. +use_color=false +if type -P dircolors >/dev/null ; then # Enable colors for ls, etc. Prefer ~/.dir_colors #64489 - if type -P dircolors >/dev/null ; then - if [[ -f ~/.dir_colors ]] ; then - eval $(dircolors -b ~/.dir_colors) - elif [[ -f /etc/DIR_COLORS ]] ; then - eval $(dircolors -b /etc/DIR_COLORS) - fi + LS_COLORS= + if [[ -f ~/.dir_colors ]] ; then + eval "$(dircolors -b ~/.dir_colors)" + elif [[ -f /etc/DIR_COLORS ]] ; then + eval "$(dircolors -b /etc/DIR_COLORS)" + else + eval "$(dircolors -b)" fi + # Note: We always evaluate the LS_COLORS setting even when it's the + # default. If it isn't set, then `ls` will only colorize by default + # based on file attributes and ignore extensions (even the compiled + # in defaults of dircolors). #583814 + if [[ -n ${LS_COLORS:+set} ]] ; then + use_color=true + else + # Delete it if it's empty as it's useless in that case. + unset LS_COLORS + fi +else + # Some systems (e.g. BSD & embedded) don't typically come with + # dircolors so we need to hardcode some terminals in here. + case ${TERM} in + [aEkx]term*|rxvt*|gnome*|konsole*|screen|cons25|*color) use_color=true;; + esac +fi +if ${use_color} ; then if [[ ${EUID} == 0 ]] ; then PS1+='\[\033[01;31m\]\h\[\033[01;34m\] \W \$\[\033[00m\] ' else @@ -99,4 +109,4 @@ for sh in /etc/bash/bashrc.d/* ; do done # Try to keep environment pollution down, EPA loves us. -unset use_color safe_term match_lhs sh +unset use_color sh diff --git a/config-archive/etc/cron.daily/logrotate.dist.new b/config-archive/etc/cron.daily/logrotate.dist.new index c6d50d4a..67ff6265 100755 --- a/config-archive/etc/cron.daily/logrotate.dist.new +++ b/config-archive/etc/cron.daily/logrotate.dist.new @@ -1,6 +1,6 @@ #!/bin/sh -/usr/sbin/logrotate /etc/logrotate.conf +/usr/bin/logrotate /etc/logrotate.conf EXITVALUE=$? if [ $EXITVALUE != 0 ]; then /usr/bin/logger -t logrotate "ALERT exited abnormally with [$EXITVALUE]" diff --git a/config-archive/etc/libvirt/nwfilter/allow-arp.xml b/config-archive/etc/libvirt/nwfilter/allow-arp.xml new file mode 100644 index 00000000..fef7891c --- /dev/null +++ b/config-archive/etc/libvirt/nwfilter/allow-arp.xml @@ -0,0 +1,11 @@ + + + + cba5ee05-dfa7-4a27-9c3d-4e18bf826170 + + diff --git a/config-archive/etc/libvirt/nwfilter/allow-arp.xml.dist b/config-archive/etc/libvirt/nwfilter/allow-arp.xml.dist new file mode 100644 index 00000000..63a92b25 --- /dev/null +++ b/config-archive/etc/libvirt/nwfilter/allow-arp.xml.dist @@ -0,0 +1,3 @@ + + + diff --git a/config-archive/etc/libvirt/nwfilter/allow-dhcp-server.xml b/config-archive/etc/libvirt/nwfilter/allow-dhcp-server.xml new file mode 100644 index 00000000..3bd452bf --- /dev/null +++ b/config-archive/etc/libvirt/nwfilter/allow-dhcp-server.xml @@ -0,0 +1,16 @@ + + + + 7c952b52-7cc4-4f0b-8703-7ce4b08e7025 + + + + + + + diff --git a/config-archive/etc/libvirt/nwfilter/allow-dhcp-server.xml.dist b/config-archive/etc/libvirt/nwfilter/allow-dhcp-server.xml.dist new file mode 100644 index 00000000..37e708ed --- /dev/null +++ b/config-archive/etc/libvirt/nwfilter/allow-dhcp-server.xml.dist @@ -0,0 +1,24 @@ + + + + + + + + + + + + + + diff --git a/config-archive/etc/libvirt/nwfilter/allow-dhcp.xml b/config-archive/etc/libvirt/nwfilter/allow-dhcp.xml new file mode 100644 index 00000000..15dd89dd --- /dev/null +++ b/config-archive/etc/libvirt/nwfilter/allow-dhcp.xml @@ -0,0 +1,16 @@ + + + + 5462a023-54da-4611-b98e-96aa600c451b + + + + + + + diff --git a/config-archive/etc/libvirt/nwfilter/allow-dhcp.xml.dist b/config-archive/etc/libvirt/nwfilter/allow-dhcp.xml.dist new file mode 100644 index 00000000..d66d2b66 --- /dev/null +++ b/config-archive/etc/libvirt/nwfilter/allow-dhcp.xml.dist @@ -0,0 +1,21 @@ + + + + + + + + + + + + + + diff --git a/config-archive/etc/libvirt/nwfilter/allow-incoming-ipv4.xml b/config-archive/etc/libvirt/nwfilter/allow-incoming-ipv4.xml new file mode 100644 index 00000000..653fd219 --- /dev/null +++ b/config-archive/etc/libvirt/nwfilter/allow-incoming-ipv4.xml @@ -0,0 +1,11 @@ + + + + 8cd418be-ad3b-4ac0-87e8-5a49029d4a72 + + diff --git a/config-archive/etc/libvirt/nwfilter/allow-incoming-ipv4.xml.dist b/config-archive/etc/libvirt/nwfilter/allow-incoming-ipv4.xml.dist new file mode 100644 index 00000000..dd1e50d0 --- /dev/null +++ b/config-archive/etc/libvirt/nwfilter/allow-incoming-ipv4.xml.dist @@ -0,0 +1,3 @@ + + + diff --git a/config-archive/etc/libvirt/nwfilter/allow-ipv4.xml b/config-archive/etc/libvirt/nwfilter/allow-ipv4.xml new file mode 100644 index 00000000..c377e64f --- /dev/null +++ b/config-archive/etc/libvirt/nwfilter/allow-ipv4.xml @@ -0,0 +1,11 @@ + + + + 4ec48445-d431-4917-b632-4fbaa50e1707 + + diff --git a/config-archive/etc/libvirt/nwfilter/allow-ipv4.xml.dist b/config-archive/etc/libvirt/nwfilter/allow-ipv4.xml.dist new file mode 100644 index 00000000..28e930a7 --- /dev/null +++ b/config-archive/etc/libvirt/nwfilter/allow-ipv4.xml.dist @@ -0,0 +1,3 @@ + + + diff --git a/config-archive/etc/libvirt/nwfilter/clean-traffic.xml b/config-archive/etc/libvirt/nwfilter/clean-traffic.xml new file mode 100644 index 00000000..3455cdb6 --- /dev/null +++ b/config-archive/etc/libvirt/nwfilter/clean-traffic.xml @@ -0,0 +1,22 @@ + + + + 65aedbee-e026-4f03-ad32-9d5b8364898b + + + + + + + + + + + + + diff --git a/config-archive/etc/libvirt/nwfilter/clean-traffic.xml.dist b/config-archive/etc/libvirt/nwfilter/clean-traffic.xml.dist new file mode 100644 index 00000000..b8cde9c5 --- /dev/null +++ b/config-archive/etc/libvirt/nwfilter/clean-traffic.xml.dist @@ -0,0 +1,30 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/config-archive/etc/libvirt/nwfilter/no-arp-ip-spoofing.xml b/config-archive/etc/libvirt/nwfilter/no-arp-ip-spoofing.xml new file mode 100644 index 00000000..0bf2c976 --- /dev/null +++ b/config-archive/etc/libvirt/nwfilter/no-arp-ip-spoofing.xml @@ -0,0 +1,14 @@ + + + + 473cb31d-d866-4693-9a65-4ae26d4a5940 + + + + + diff --git a/config-archive/etc/libvirt/nwfilter/no-arp-ip-spoofing.xml.dist b/config-archive/etc/libvirt/nwfilter/no-arp-ip-spoofing.xml.dist new file mode 100644 index 00000000..7365298f --- /dev/null +++ b/config-archive/etc/libvirt/nwfilter/no-arp-ip-spoofing.xml.dist @@ -0,0 +1,9 @@ + + + + + + + + + diff --git a/config-archive/etc/libvirt/nwfilter/no-arp-mac-spoofing.xml b/config-archive/etc/libvirt/nwfilter/no-arp-mac-spoofing.xml new file mode 100644 index 00000000..75eff5e5 --- /dev/null +++ b/config-archive/etc/libvirt/nwfilter/no-arp-mac-spoofing.xml @@ -0,0 +1,14 @@ + + + + 86ef4129-25df-4c34-968f-140e25c72bfb + + + + + diff --git a/config-archive/etc/libvirt/nwfilter/no-arp-mac-spoofing.xml.dist b/config-archive/etc/libvirt/nwfilter/no-arp-mac-spoofing.xml.dist new file mode 100644 index 00000000..71482bb5 --- /dev/null +++ b/config-archive/etc/libvirt/nwfilter/no-arp-mac-spoofing.xml.dist @@ -0,0 +1,7 @@ + + + + + + + diff --git a/config-archive/etc/libvirt/nwfilter/no-arp-spoofing.xml b/config-archive/etc/libvirt/nwfilter/no-arp-spoofing.xml new file mode 100644 index 00000000..596a6d34 --- /dev/null +++ b/config-archive/etc/libvirt/nwfilter/no-arp-spoofing.xml @@ -0,0 +1,12 @@ + + + + 58266155-6808-481d-a9d2-483912c8847d + + + diff --git a/config-archive/etc/libvirt/nwfilter/no-arp-spoofing.xml.dist b/config-archive/etc/libvirt/nwfilter/no-arp-spoofing.xml.dist new file mode 100644 index 00000000..23f2d3cd --- /dev/null +++ b/config-archive/etc/libvirt/nwfilter/no-arp-spoofing.xml.dist @@ -0,0 +1,4 @@ + + + + diff --git a/config-archive/etc/libvirt/nwfilter/no-ip-multicast.xml b/config-archive/etc/libvirt/nwfilter/no-ip-multicast.xml new file mode 100644 index 00000000..1b6e7cbd --- /dev/null +++ b/config-archive/etc/libvirt/nwfilter/no-ip-multicast.xml @@ -0,0 +1,13 @@ + + + + c5f9e818-0c58-4890-9306-2c74e426f128 + + + + diff --git a/config-archive/etc/libvirt/nwfilter/no-ip-multicast.xml.dist b/config-archive/etc/libvirt/nwfilter/no-ip-multicast.xml.dist new file mode 100644 index 00000000..edcf03f6 --- /dev/null +++ b/config-archive/etc/libvirt/nwfilter/no-ip-multicast.xml.dist @@ -0,0 +1,9 @@ + + + + + + + + + diff --git a/config-archive/etc/libvirt/nwfilter/no-ip-spoofing.xml b/config-archive/etc/libvirt/nwfilter/no-ip-spoofing.xml new file mode 100644 index 00000000..08377b2a --- /dev/null +++ b/config-archive/etc/libvirt/nwfilter/no-ip-spoofing.xml @@ -0,0 +1,17 @@ + + + + 5b48767b-c7a2-4542-af68-33e1f52da2f3 + + + + + + + + diff --git a/config-archive/etc/libvirt/nwfilter/no-ip-spoofing.xml.dist b/config-archive/etc/libvirt/nwfilter/no-ip-spoofing.xml.dist new file mode 100644 index 00000000..f8c95733 --- /dev/null +++ b/config-archive/etc/libvirt/nwfilter/no-ip-spoofing.xml.dist @@ -0,0 +1,14 @@ + + + + + + + + + + + + + + diff --git a/config-archive/etc/libvirt/nwfilter/no-mac-broadcast.xml b/config-archive/etc/libvirt/nwfilter/no-mac-broadcast.xml new file mode 100644 index 00000000..1faa4b23 --- /dev/null +++ b/config-archive/etc/libvirt/nwfilter/no-mac-broadcast.xml @@ -0,0 +1,13 @@ + + + + e13e3fdf-cf39-493b-8fef-63fd732e5e88 + + + + diff --git a/config-archive/etc/libvirt/nwfilter/no-mac-broadcast.xml.dist b/config-archive/etc/libvirt/nwfilter/no-mac-broadcast.xml.dist new file mode 100644 index 00000000..74e65bf7 --- /dev/null +++ b/config-archive/etc/libvirt/nwfilter/no-mac-broadcast.xml.dist @@ -0,0 +1,8 @@ + + + + + + + + diff --git a/config-archive/etc/libvirt/nwfilter/no-mac-spoofing.xml b/config-archive/etc/libvirt/nwfilter/no-mac-spoofing.xml new file mode 100644 index 00000000..eb90e57d --- /dev/null +++ b/config-archive/etc/libvirt/nwfilter/no-mac-spoofing.xml @@ -0,0 +1,16 @@ + + + + ac0d6631-ea39-4ee9-8004-552ae50ba8ab + + + + + + + diff --git a/config-archive/etc/libvirt/nwfilter/no-mac-spoofing.xml.dist b/config-archive/etc/libvirt/nwfilter/no-mac-spoofing.xml.dist new file mode 100644 index 00000000..2d0468ff --- /dev/null +++ b/config-archive/etc/libvirt/nwfilter/no-mac-spoofing.xml.dist @@ -0,0 +1,10 @@ + + + + + + + + + + diff --git a/config-archive/etc/libvirt/nwfilter/no-other-l2-traffic.xml b/config-archive/etc/libvirt/nwfilter/no-other-l2-traffic.xml new file mode 100644 index 00000000..1835e3f9 --- /dev/null +++ b/config-archive/etc/libvirt/nwfilter/no-other-l2-traffic.xml @@ -0,0 +1,11 @@ + + + + c831aa08-e503-4b2a-a6f7-84647ec9a9c6 + + diff --git a/config-archive/etc/libvirt/nwfilter/no-other-l2-traffic.xml.dist b/config-archive/etc/libvirt/nwfilter/no-other-l2-traffic.xml.dist new file mode 100644 index 00000000..8bad86ef --- /dev/null +++ b/config-archive/etc/libvirt/nwfilter/no-other-l2-traffic.xml.dist @@ -0,0 +1,7 @@ + + + + + + diff --git a/config-archive/etc/libvirt/nwfilter/no-other-rarp-traffic.xml b/config-archive/etc/libvirt/nwfilter/no-other-rarp-traffic.xml new file mode 100644 index 00000000..f9c0c964 --- /dev/null +++ b/config-archive/etc/libvirt/nwfilter/no-other-rarp-traffic.xml @@ -0,0 +1,11 @@ + + + + 15155842-ed37-46e4-8bda-8e0017ea65f2 + + diff --git a/config-archive/etc/libvirt/nwfilter/no-other-rarp-traffic.xml.dist b/config-archive/etc/libvirt/nwfilter/no-other-rarp-traffic.xml.dist new file mode 100644 index 00000000..7729996e --- /dev/null +++ b/config-archive/etc/libvirt/nwfilter/no-other-rarp-traffic.xml.dist @@ -0,0 +1,3 @@ + + + diff --git a/config-archive/etc/libvirt/nwfilter/qemu-announce-self-rarp.xml b/config-archive/etc/libvirt/nwfilter/qemu-announce-self-rarp.xml new file mode 100644 index 00000000..e1bc04cd --- /dev/null +++ b/config-archive/etc/libvirt/nwfilter/qemu-announce-self-rarp.xml @@ -0,0 +1,16 @@ + + + + e24f3768-5db4-418e-a0ed-6f8e8bae55ff + + + + + + + diff --git a/config-archive/etc/libvirt/nwfilter/qemu-announce-self-rarp.xml.dist b/config-archive/etc/libvirt/nwfilter/qemu-announce-self-rarp.xml.dist new file mode 100644 index 00000000..b7a848ad --- /dev/null +++ b/config-archive/etc/libvirt/nwfilter/qemu-announce-self-rarp.xml.dist @@ -0,0 +1,14 @@ + + + + + + + + diff --git a/config-archive/etc/libvirt/nwfilter/qemu-announce-self.xml b/config-archive/etc/libvirt/nwfilter/qemu-announce-self.xml new file mode 100644 index 00000000..7e839655 --- /dev/null +++ b/config-archive/etc/libvirt/nwfilter/qemu-announce-self.xml @@ -0,0 +1,15 @@ + + + + 247832ba-d1ba-4cd7-8988-2d5e51575c88 + + + + + + diff --git a/config-archive/etc/libvirt/nwfilter/qemu-announce-self.xml.dist b/config-archive/etc/libvirt/nwfilter/qemu-announce-self.xml.dist new file mode 100644 index 00000000..352db500 --- /dev/null +++ b/config-archive/etc/libvirt/nwfilter/qemu-announce-self.xml.dist @@ -0,0 +1,13 @@ + + + + + + + + + + + + diff --git a/config-archive/etc/ssh/sshd_config b/config-archive/etc/ssh/sshd_config index 4db817fc..bc9f32ba 100644 --- a/config-archive/etc/ssh/sshd_config +++ b/config-archive/etc/ssh/sshd_config @@ -1,4 +1,4 @@ -# $OpenBSD: sshd_config,v 1.97 2015/08/06 14:53:21 deraadt Exp $ +# $OpenBSD: sshd_config,v 1.98 2016/02/17 05:29:04 djm Exp $ # This is the sshd server system-wide configuration file. See # sshd_config(5) for more information. @@ -109,7 +109,7 @@ PrintMotd no PrintLastLog no #TCPKeepAlive yes #UseLogin no -UsePrivilegeSeparation sandbox # Default for new installations. +#UsePrivilegeSeparation sandbox #PermitUserEnvironment no #Compression delayed #ClientAliveInterval 0 @@ -146,20 +146,6 @@ AcceptEnv LANG LC_* # override default of no subsystems Subsystem sftp /usr/lib64/misc/sftp-server -# the following are HPN related configuration options -# tcp receive buffer polling. disable in non autotuning kernels -#TcpRcvBufPoll yes - -# disable hpn performance boosts -#HPNDisabled no - -# buffer size for hpn to non-hpn connections -#HPNBufferSize 2048 - - -# allow the use of the none cipher -#NoneEnabled no - # Example of overriding settings on a per-user basis #Match User anoncvs # X11Forwarding no diff --git a/config-archive/etc/ssh/sshd_config.1 b/config-archive/etc/ssh/sshd_config.1 index 9c2183fd..4db817fc 100644 --- a/config-archive/etc/ssh/sshd_config.1 +++ b/config-archive/etc/ssh/sshd_config.1 @@ -1,4 +1,4 @@ -# $OpenBSD: sshd_config,v 1.95 2015/04/27 21:42:48 djm Exp $ +# $OpenBSD: sshd_config,v 1.97 2015/08/06 14:53:21 deraadt Exp $ # This is the sshd server system-wide configuration file. See # sshd_config(5) for more information. @@ -42,6 +42,7 @@ #LoginGraceTime 2m #PermitRootLogin no +#PermitRootLogin prohibit-password PermitRootLogin yes #StrictModes yes #MaxAuthTries 6 diff --git a/config-archive/etc/ssh/sshd_config.2 b/config-archive/etc/ssh/sshd_config.2 index f6717754..9c2183fd 100644 --- a/config-archive/etc/ssh/sshd_config.2 +++ b/config-archive/etc/ssh/sshd_config.2 @@ -1,4 +1,4 @@ -# $OpenBSD: sshd_config,v 1.93 2014/01/10 05:59:19 djm Exp $ +# $OpenBSD: sshd_config,v 1.95 2015/04/27 21:42:48 djm Exp $ # This is the sshd server system-wide configuration file. See # sshd_config(5) for more information. @@ -85,7 +85,6 @@ PasswordAuthentication no # GSSAPI options #GSSAPIAuthentication no #GSSAPICleanupCredentials yes -#GSSAPIStrictAcceptorCheck yes # Set this to 'yes' to enable PAM authentication, account processing, # and session processing. If this is enabled, PAM authentication will @@ -114,8 +113,8 @@ UsePrivilegeSeparation sandbox # Default for new installations. #Compression delayed #ClientAliveInterval 0 #ClientAliveCountMax 3 -#UseDNS yes -#PidFile /var/run/sshd.pid +#UseDNS no +#PidFile /run/sshd.pid #MaxStartups 10:30:100 #PermitTunnel no #ChrootDirectory none diff --git a/config-archive/etc/ssh/sshd_config.3 b/config-archive/etc/ssh/sshd_config.3 index 7bbd37f7..f6717754 100644 --- a/config-archive/etc/ssh/sshd_config.3 +++ b/config-archive/etc/ssh/sshd_config.3 @@ -1,4 +1,4 @@ -# $OpenBSD$ +# $OpenBSD: sshd_config,v 1.93 2014/01/10 05:59:19 djm Exp $ # This is the sshd server system-wide configuration file. See # sshd_config(5) for more information. @@ -26,72 +26,6 @@ #HostKey /etc/ssh/ssh_host_ecdsa_key #HostKey /etc/ssh/ssh_host_ed25519_key -# "key type names" for X.509 certificates with RSA key -# Note first defined is used in signature operations! -#X509KeyAlgorithm x509v3-sign-rsa,rsa-sha1 -#X509KeyAlgorithm x509v3-sign-rsa,rsa-md5 - -# "key type names" for X.509 certificates with DSA key -# Note first defined is used in signature operations! -#X509KeyAlgorithm x509v3-sign-dss,dss-asn1 -#X509KeyAlgorithm x509v3-sign-dss,dss-raw - -# The intended use for the X509 client certificate. Without this option -# no chain verification will be done. Currently accepted uses are case -# insensitive: -# - "sslclient", "SSL client", "SSL_client" or "client" -# - "any", "Any Purpose", "Any_Purpose" or "AnyPurpose" -# - "skip" or ""(empty): don`t check purpose. -#AllowedCertPurpose sslclient - -# Specifies whether self-issued(self-signed) X.509 certificate can be -# allowed only by entry in AutorizedKeysFile that contain matching -# public key or certificate blob. -#KeyAllowSelfIssued no - -# Specifies whether CRL must present in store for all certificates in -# certificate chain with atribute "cRLDistributionPoints" -#MandatoryCRL no - -# A file with multiple certificates of certificate signers -# in PEM format concatenated together. -#CACertificateFile /etc/ssh/ca/ca-bundle.crt - -# A directory with certificates of certificate signers. -# The certificates should have name of the form: [HASH].[NUMBER] -# or have symbolic links to them of this form. -#CACertificatePath /etc/ssh/ca/crt - -# A file with multiple CRL of certificate signers -# in PEM format concatenated together. -#CARevocationFile /etc/ssh/ca/ca-bundle.crl - -# A directory with CRL of certificate signers. -# The CRL should have name of the form: [HASH].r[NUMBER] -# or have symbolic links to them of this form. -#CARevocationPath /etc/ssh/ca/crl - -# LDAP protocol version. -# Example: -# CAldapVersion 2 - -# Note because of OpenSSH options parser limitation -# use %3D instead of = ! -# LDAP initialization may require URL to be escaped, i.e. -# use %2C instead of ,(comma). Escaped URL don't depend from -# LDAP initialization method. -# Example: -# CAldapURL ldap://localhost:389/dc%3Dexample%2Cdc%3Dcom - -# SSH can use "Online Certificate Status Protocol"(OCSP) -# to validate certificate. Set VAType to -# - none : do not use OCSP to validate certificates; -# - ocspcert: validate only certificates that specify `OCSP -# Service Locator' URL; -# - ocspspec: use specified in the configuration 'OCSP Responder' -# to validate all certificates. -#VAType none - # Lifetime and size of ephemeral version 1 server key #KeyRegenerationInterval 1h #ServerKeyBits 1024 @@ -137,7 +71,6 @@ PermitRootLogin yes # To disable tunneled clear text passwords, change to no here! PasswordAuthentication no -#PasswordAuthentication yes #PermitEmptyPasswords no # Change to no to disable s/key passwords @@ -194,13 +127,29 @@ UsePrivilegeSeparation sandbox # Default for new installations. # Allow client to pass locale environment variables AcceptEnv LANG LC_* +# here are the new patched ldap related tokens +# entries in your LDAP must have posixAccount & ldapPublicKey objectclass +#UseLPK yes +#LpkLdapConf /etc/ldap.conf +#LpkServers ldap://10.1.7.1/ ldap://10.1.7.2/ +#LpkUserDN ou=users,dc=phear,dc=org +#LpkGroupDN ou=groups,dc=phear,dc=org +#LpkBindDN cn=Manager,dc=phear,dc=org +#LpkBindPw secret +#LpkServerGroup mail +#LpkFilter (hostAccess=master.phear.org) +#LpkForceTLS no +#LpkSearchTimelimit 3 +#LpkBindTimelimit 3 +#LpkPubKeyAttr sshPublicKey + # override default of no subsystems Subsystem sftp /usr/lib64/misc/sftp-server # the following are HPN related configuration options # tcp receive buffer polling. disable in non autotuning kernels #TcpRcvBufPoll yes - + # disable hpn performance boosts #HPNDisabled no diff --git a/config-archive/etc/ssh/sshd_config.4 b/config-archive/etc/ssh/sshd_config.4 index 75517570..7bbd37f7 100644 --- a/config-archive/etc/ssh/sshd_config.4 +++ b/config-archive/etc/ssh/sshd_config.4 @@ -24,6 +24,7 @@ #HostKey /etc/ssh/ssh_host_rsa_key #HostKey /etc/ssh/ssh_host_dsa_key #HostKey /etc/ssh/ssh_host_ecdsa_key +#HostKey /etc/ssh/ssh_host_ed25519_key # "key type names" for X.509 certificates with RSA key # Note first defined is used in signature operations! @@ -153,8 +154,8 @@ PasswordAuthentication no #GSSAPICleanupCredentials yes #GSSAPIStrictAcceptorCheck yes -# Set this to 'yes' to enable PAM authentication, account processing, -# and session processing. If this is enabled, PAM authentication will +# Set this to 'yes' to enable PAM authentication, account processing, +# and session processing. If this is enabled, PAM authentication will # be allowed through the ChallengeResponseAuthentication and # PasswordAuthentication. Depending on your PAM configuration, # PAM authentication via ChallengeResponseAuthentication may bypass @@ -170,6 +171,7 @@ UsePAM yes X11Forwarding yes #X11DisplayOffset 10 #X11UseLocalhost yes +#PermitTTY yes PrintMotd no PrintLastLog no #TCPKeepAlive yes @@ -213,6 +215,7 @@ Subsystem sftp /usr/lib64/misc/sftp-server #Match User anoncvs # X11Forwarding no # AllowTcpForwarding no +# PermitTTY no # ForceCommand cvs server # Allow client to pass locale environment variables #367017 diff --git a/config-archive/etc/ssh/sshd_config.5 b/config-archive/etc/ssh/sshd_config.5 index fac258de..75517570 100644 --- a/config-archive/etc/ssh/sshd_config.5 +++ b/config-archive/etc/ssh/sshd_config.5 @@ -27,8 +27,8 @@ # "key type names" for X.509 certificates with RSA key # Note first defined is used in signature operations! -#X509KeyAlgorithm x509v3-sign-rsa,rsa-md5 #X509KeyAlgorithm x509v3-sign-rsa,rsa-sha1 +#X509KeyAlgorithm x509v3-sign-rsa,rsa-md5 # "key type names" for X.509 certificates with DSA key # Note first defined is used in signature operations! @@ -95,6 +95,9 @@ #KeyRegenerationInterval 1h #ServerKeyBits 1024 +# Ciphers and keying +#RekeyLimit default none + # Logging # obsoletes QuietMode and FascistLogging #SyslogFacility AUTH @@ -116,6 +119,11 @@ PermitRootLogin yes # but this is overridden so installations will only check .ssh/authorized_keys #AuthorizedKeysFile .ssh/authorized_keys +#AuthorizedPrincipalsFile none + +#AuthorizedKeysCommand none +#AuthorizedKeysCommandUser nobody + # For this to work you will also need host keys in /etc/ssh/ssh_known_hosts #RhostsRSAAuthentication no # similar for protocol version 2 @@ -166,16 +174,17 @@ PrintMotd no PrintLastLog no #TCPKeepAlive yes #UseLogin no -#UsePrivilegeSeparation yes +UsePrivilegeSeparation sandbox # Default for new installations. #PermitUserEnvironment no #Compression delayed #ClientAliveInterval 0 #ClientAliveCountMax 3 #UseDNS yes #PidFile /var/run/sshd.pid -#MaxStartups 10 +#MaxStartups 10:30:100 #PermitTunnel no #ChrootDirectory none +#VersionAddendum none # no default banner path #Banner none @@ -190,18 +199,21 @@ Subsystem sftp /usr/lib64/misc/sftp-server # tcp receive buffer polling. disable in non autotuning kernels #TcpRcvBufPoll yes -# allow the use of the none cipher -#NoneEnabled no - -# disable hpn performance boosts. +# disable hpn performance boosts #HPNDisabled no # buffer size for hpn to non-hpn connections #HPNBufferSize 2048 +# allow the use of the none cipher +#NoneEnabled no + # Example of overriding settings on a per-user basis #Match User anoncvs # X11Forwarding no # AllowTcpForwarding no # ForceCommand cvs server + +# Allow client to pass locale environment variables #367017 +AcceptEnv LANG LC_* diff --git a/config-archive/etc/ssh/sshd_config.6 b/config-archive/etc/ssh/sshd_config.6 index 176bf48d..fac258de 100644 --- a/config-archive/etc/ssh/sshd_config.6 +++ b/config-archive/etc/ssh/sshd_config.6 @@ -7,7 +7,7 @@ # The strategy used for options in the default sshd_config shipped with # OpenSSH is to specify options with their default value where -# possible, but leave them commented. Uncommented options change a +# possible, but leave them commented. Uncommented options override the # default value. #Port 22 @@ -103,13 +103,17 @@ # Authentication: #LoginGraceTime 2m -PermitRootLogin no +#PermitRootLogin no +PermitRootLogin yes #StrictModes yes #MaxAuthTries 6 #MaxSessions 10 #RSAAuthentication yes #PubkeyAuthentication yes + +# The default is to check both .ssh/authorized_keys and .ssh/authorized_keys2 +# but this is overridden so installations will only check .ssh/authorized_keys #AuthorizedKeysFile .ssh/authorized_keys # For this to work you will also need host keys in /etc/ssh/ssh_known_hosts @@ -139,6 +143,7 @@ PasswordAuthentication no # GSSAPI options #GSSAPIAuthentication no #GSSAPICleanupCredentials yes +#GSSAPIStrictAcceptorCheck yes # Set this to 'yes' to enable PAM authentication, account processing, # and session processing. If this is enabled, PAM authentication will @@ -175,6 +180,9 @@ PrintLastLog no # no default banner path #Banner none +# Allow client to pass locale environment variables +AcceptEnv LANG LC_* + # override default of no subsystems Subsystem sftp /usr/lib64/misc/sftp-server diff --git a/config-archive/etc/ssh/sshd_config.7 b/config-archive/etc/ssh/sshd_config.7 index 9f5583ea..176bf48d 100644 --- a/config-archive/etc/ssh/sshd_config.7 +++ b/config-archive/etc/ssh/sshd_config.7 @@ -1,4 +1,4 @@ -# $OpenBSD: sshd_config,v 1.82 2010/09/06 17:10:19 naddy Exp $ +# $OpenBSD$ # This is the sshd server system-wide configuration file. See # sshd_config(5) for more information. @@ -175,22 +175,6 @@ PrintLastLog no # no default banner path #Banner none -# here are the new patched ldap related tokens -# entries in your LDAP must have posixAccount & ldapPublicKey objectclass -#UseLPK yes -#LpkLdapConf /etc/ldap.conf -#LpkServers ldap://10.1.7.1/ ldap://10.1.7.2/ -#LpkUserDN ou=users,dc=phear,dc=org -#LpkGroupDN ou=groups,dc=phear,dc=org -#LpkBindDN cn=Manager,dc=phear,dc=org -#LpkBindPw secret -#LpkServerGroup mail -#LpkFilter (hostAccess=master.phear.org) -#LpkForceTLS no -#LpkSearchTimelimit 3 -#LpkBindTimelimit 3 -#LpkPubKeyAttr sshPublicKey - # override default of no subsystems Subsystem sftp /usr/lib64/misc/sftp-server diff --git a/config-archive/etc/ssh/sshd_config.8 b/config-archive/etc/ssh/sshd_config.8 index f3c6c252..9f5583ea 100644 --- a/config-archive/etc/ssh/sshd_config.8 +++ b/config-archive/etc/ssh/sshd_config.8 @@ -1,4 +1,4 @@ -# $OpenBSD$ +# $OpenBSD: sshd_config,v 1.82 2010/09/06 17:10:19 naddy Exp $ # This is the sshd server system-wide configuration file. See # sshd_config(5) for more information. @@ -175,8 +175,24 @@ PrintLastLog no # no default banner path #Banner none +# here are the new patched ldap related tokens +# entries in your LDAP must have posixAccount & ldapPublicKey objectclass +#UseLPK yes +#LpkLdapConf /etc/ldap.conf +#LpkServers ldap://10.1.7.1/ ldap://10.1.7.2/ +#LpkUserDN ou=users,dc=phear,dc=org +#LpkGroupDN ou=groups,dc=phear,dc=org +#LpkBindDN cn=Manager,dc=phear,dc=org +#LpkBindPw secret +#LpkServerGroup mail +#LpkFilter (hostAccess=master.phear.org) +#LpkForceTLS no +#LpkSearchTimelimit 3 +#LpkBindTimelimit 3 +#LpkPubKeyAttr sshPublicKey + # override default of no subsystems -Subsystem sftp /usr/lib/misc/sftp-server +Subsystem sftp /usr/lib64/misc/sftp-server # the following are HPN related configuration options # tcp receive buffer polling. disable in non autotuning kernels diff --git a/config-archive/etc/ssh/sshd_config.9 b/config-archive/etc/ssh/sshd_config.9 new file mode 100644 index 00000000..f3c6c252 --- /dev/null +++ b/config-archive/etc/ssh/sshd_config.9 @@ -0,0 +1,199 @@ +# $OpenBSD$ + +# This is the sshd server system-wide configuration file. See +# sshd_config(5) for more information. + +# This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin + +# The strategy used for options in the default sshd_config shipped with +# OpenSSH is to specify options with their default value where +# possible, but leave them commented. Uncommented options change a +# default value. + +#Port 22 +#AddressFamily any +#ListenAddress 0.0.0.0 +#ListenAddress :: + +# The default requires explicit activation of protocol 1 +#Protocol 2 + +# HostKey for protocol version 1 +#HostKey /etc/ssh/ssh_host_key +# HostKeys for protocol version 2 +#HostKey /etc/ssh/ssh_host_rsa_key +#HostKey /etc/ssh/ssh_host_dsa_key +#HostKey /etc/ssh/ssh_host_ecdsa_key + +# "key type names" for X.509 certificates with RSA key +# Note first defined is used in signature operations! +#X509KeyAlgorithm x509v3-sign-rsa,rsa-md5 +#X509KeyAlgorithm x509v3-sign-rsa,rsa-sha1 + +# "key type names" for X.509 certificates with DSA key +# Note first defined is used in signature operations! +#X509KeyAlgorithm x509v3-sign-dss,dss-asn1 +#X509KeyAlgorithm x509v3-sign-dss,dss-raw + +# The intended use for the X509 client certificate. Without this option +# no chain verification will be done. Currently accepted uses are case +# insensitive: +# - "sslclient", "SSL client", "SSL_client" or "client" +# - "any", "Any Purpose", "Any_Purpose" or "AnyPurpose" +# - "skip" or ""(empty): don`t check purpose. +#AllowedCertPurpose sslclient + +# Specifies whether self-issued(self-signed) X.509 certificate can be +# allowed only by entry in AutorizedKeysFile that contain matching +# public key or certificate blob. +#KeyAllowSelfIssued no + +# Specifies whether CRL must present in store for all certificates in +# certificate chain with atribute "cRLDistributionPoints" +#MandatoryCRL no + +# A file with multiple certificates of certificate signers +# in PEM format concatenated together. +#CACertificateFile /etc/ssh/ca/ca-bundle.crt + +# A directory with certificates of certificate signers. +# The certificates should have name of the form: [HASH].[NUMBER] +# or have symbolic links to them of this form. +#CACertificatePath /etc/ssh/ca/crt + +# A file with multiple CRL of certificate signers +# in PEM format concatenated together. +#CARevocationFile /etc/ssh/ca/ca-bundle.crl + +# A directory with CRL of certificate signers. +# The CRL should have name of the form: [HASH].r[NUMBER] +# or have symbolic links to them of this form. +#CARevocationPath /etc/ssh/ca/crl + +# LDAP protocol version. +# Example: +# CAldapVersion 2 + +# Note because of OpenSSH options parser limitation +# use %3D instead of = ! +# LDAP initialization may require URL to be escaped, i.e. +# use %2C instead of ,(comma). Escaped URL don't depend from +# LDAP initialization method. +# Example: +# CAldapURL ldap://localhost:389/dc%3Dexample%2Cdc%3Dcom + +# SSH can use "Online Certificate Status Protocol"(OCSP) +# to validate certificate. Set VAType to +# - none : do not use OCSP to validate certificates; +# - ocspcert: validate only certificates that specify `OCSP +# Service Locator' URL; +# - ocspspec: use specified in the configuration 'OCSP Responder' +# to validate all certificates. +#VAType none + +# Lifetime and size of ephemeral version 1 server key +#KeyRegenerationInterval 1h +#ServerKeyBits 1024 + +# Logging +# obsoletes QuietMode and FascistLogging +#SyslogFacility AUTH +#LogLevel INFO + +# Authentication: + +#LoginGraceTime 2m +PermitRootLogin no +#StrictModes yes +#MaxAuthTries 6 +#MaxSessions 10 + +#RSAAuthentication yes +#PubkeyAuthentication yes +#AuthorizedKeysFile .ssh/authorized_keys + +# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts +#RhostsRSAAuthentication no +# similar for protocol version 2 +#HostbasedAuthentication no +# Change to yes if you don't trust ~/.ssh/known_hosts for +# RhostsRSAAuthentication and HostbasedAuthentication +#IgnoreUserKnownHosts no +# Don't read the user's ~/.rhosts and ~/.shosts files +#IgnoreRhosts yes + +# To disable tunneled clear text passwords, change to no here! +PasswordAuthentication no +#PasswordAuthentication yes +#PermitEmptyPasswords no + +# Change to no to disable s/key passwords +#ChallengeResponseAuthentication yes + +# Kerberos options +#KerberosAuthentication no +#KerberosOrLocalPasswd yes +#KerberosTicketCleanup yes +#KerberosGetAFSToken no + +# GSSAPI options +#GSSAPIAuthentication no +#GSSAPICleanupCredentials yes + +# Set this to 'yes' to enable PAM authentication, account processing, +# and session processing. If this is enabled, PAM authentication will +# be allowed through the ChallengeResponseAuthentication and +# PasswordAuthentication. Depending on your PAM configuration, +# PAM authentication via ChallengeResponseAuthentication may bypass +# the setting of "PermitRootLogin without-password". +# If you just want the PAM account and session checks to run without +# PAM authentication, then enable this but set PasswordAuthentication +# and ChallengeResponseAuthentication to 'no'. +UsePAM yes + +#AllowAgentForwarding yes +#AllowTcpForwarding yes +#GatewayPorts no +X11Forwarding yes +#X11DisplayOffset 10 +#X11UseLocalhost yes +PrintMotd no +PrintLastLog no +#TCPKeepAlive yes +#UseLogin no +#UsePrivilegeSeparation yes +#PermitUserEnvironment no +#Compression delayed +#ClientAliveInterval 0 +#ClientAliveCountMax 3 +#UseDNS yes +#PidFile /var/run/sshd.pid +#MaxStartups 10 +#PermitTunnel no +#ChrootDirectory none + +# no default banner path +#Banner none + +# override default of no subsystems +Subsystem sftp /usr/lib/misc/sftp-server + +# the following are HPN related configuration options +# tcp receive buffer polling. disable in non autotuning kernels +#TcpRcvBufPoll yes + +# allow the use of the none cipher +#NoneEnabled no + +# disable hpn performance boosts. +#HPNDisabled no + +# buffer size for hpn to non-hpn connections +#HPNBufferSize 2048 + + +# Example of overriding settings on a per-user basis +#Match User anoncvs +# X11Forwarding no +# AllowTcpForwarding no +# ForceCommand cvs server diff --git a/config-archive/etc/ssh/sshd_config.dist b/config-archive/etc/ssh/sshd_config.dist index 20d455d1..4251be27 100644 --- a/config-archive/etc/ssh/sshd_config.dist +++ b/config-archive/etc/ssh/sshd_config.dist @@ -1,4 +1,4 @@ -# $OpenBSD: sshd_config,v 1.98 2016/02/17 05:29:04 djm Exp $ +# $OpenBSD: sshd_config,v 1.99 2016/07/11 03:19:44 tedu Exp $ # This is the sshd server system-wide configuration file. See # sshd_config(5) for more information. @@ -34,7 +34,6 @@ #RekeyLimit default none # Logging -# obsoletes QuietMode and FascistLogging #SyslogFacility AUTH #LogLevel INFO @@ -141,6 +140,20 @@ PrintLastLog no # override default of no subsystems Subsystem sftp /usr/lib64/misc/sftp-server +# the following are HPN related configuration options +# tcp receive buffer polling. disable in non autotuning kernels +#TcpRcvBufPoll yes + +# disable hpn performance boosts +#HPNDisabled no + +# buffer size for hpn to non-hpn connections +#HPNBufferSize 2048 + + +# allow the use of the none cipher +#NoneEnabled no + # Example of overriding settings on a per-user basis #Match User anoncvs # X11Forwarding no diff --git a/libvirt/nwfilter/allow-arp.xml b/libvirt/nwfilter/allow-arp.xml index fef7891c..63a92b25 100644 --- a/libvirt/nwfilter/allow-arp.xml +++ b/libvirt/nwfilter/allow-arp.xml @@ -1,11 +1,3 @@ - - - - cba5ee05-dfa7-4a27-9c3d-4e18bf826170 - + + diff --git a/libvirt/nwfilter/allow-dhcp-server.xml b/libvirt/nwfilter/allow-dhcp-server.xml index 3bd452bf..37e708ed 100644 --- a/libvirt/nwfilter/allow-dhcp-server.xml +++ b/libvirt/nwfilter/allow-dhcp-server.xml @@ -1,16 +1,24 @@ - + + + + + + + + + + + + - - 7c952b52-7cc4-4f0b-8703-7ce4b08e7025 - - - - - - diff --git a/libvirt/nwfilter/allow-dhcp.xml b/libvirt/nwfilter/allow-dhcp.xml index 15dd89dd..d66d2b66 100644 --- a/libvirt/nwfilter/allow-dhcp.xml +++ b/libvirt/nwfilter/allow-dhcp.xml @@ -1,16 +1,21 @@ - + + + + + + + + + + + + - - 5462a023-54da-4611-b98e-96aa600c451b - - - - - - diff --git a/libvirt/nwfilter/allow-incoming-ipv4.xml b/libvirt/nwfilter/allow-incoming-ipv4.xml index 653fd219..dd1e50d0 100644 --- a/libvirt/nwfilter/allow-incoming-ipv4.xml +++ b/libvirt/nwfilter/allow-incoming-ipv4.xml @@ -1,11 +1,3 @@ - - - - 8cd418be-ad3b-4ac0-87e8-5a49029d4a72 - + + diff --git a/libvirt/nwfilter/allow-ipv4.xml b/libvirt/nwfilter/allow-ipv4.xml index c377e64f..28e930a7 100644 --- a/libvirt/nwfilter/allow-ipv4.xml +++ b/libvirt/nwfilter/allow-ipv4.xml @@ -1,11 +1,3 @@ - - - - 4ec48445-d431-4917-b632-4fbaa50e1707 - + + diff --git a/libvirt/nwfilter/clean-traffic.xml b/libvirt/nwfilter/clean-traffic.xml index 3455cdb6..b8cde9c5 100644 --- a/libvirt/nwfilter/clean-traffic.xml +++ b/libvirt/nwfilter/clean-traffic.xml @@ -1,22 +1,30 @@ - - - 65aedbee-e026-4f03-ad32-9d5b8364898b - - - - - - - - - - - - + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/libvirt/nwfilter/no-arp-ip-spoofing.xml b/libvirt/nwfilter/no-arp-ip-spoofing.xml index 0bf2c976..7365298f 100644 --- a/libvirt/nwfilter/no-arp-ip-spoofing.xml +++ b/libvirt/nwfilter/no-arp-ip-spoofing.xml @@ -1,14 +1,9 @@ - - - 473cb31d-d866-4693-9a65-4ae26d4a5940 - - + + + + - + + diff --git a/libvirt/nwfilter/no-arp-mac-spoofing.xml b/libvirt/nwfilter/no-arp-mac-spoofing.xml index 75eff5e5..71482bb5 100644 --- a/libvirt/nwfilter/no-arp-mac-spoofing.xml +++ b/libvirt/nwfilter/no-arp-mac-spoofing.xml @@ -1,14 +1,7 @@ - - - 86ef4129-25df-4c34-968f-140e25c72bfb - - - - + + + + + diff --git a/libvirt/nwfilter/no-arp-spoofing.xml b/libvirt/nwfilter/no-arp-spoofing.xml index 596a6d34..23f2d3cd 100644 --- a/libvirt/nwfilter/no-arp-spoofing.xml +++ b/libvirt/nwfilter/no-arp-spoofing.xml @@ -1,12 +1,4 @@ - - - 58266155-6808-481d-a9d2-483912c8847d diff --git a/libvirt/nwfilter/no-ip-multicast.xml b/libvirt/nwfilter/no-ip-multicast.xml index 1b6e7cbd..edcf03f6 100644 --- a/libvirt/nwfilter/no-ip-multicast.xml +++ b/libvirt/nwfilter/no-ip-multicast.xml @@ -1,13 +1,9 @@ - + - - c5f9e818-0c58-4890-9306-2c74e426f128 - - - + + + + + + diff --git a/libvirt/nwfilter/no-ip-spoofing.xml b/libvirt/nwfilter/no-ip-spoofing.xml index 08377b2a..f8c95733 100644 --- a/libvirt/nwfilter/no-ip-spoofing.xml +++ b/libvirt/nwfilter/no-ip-spoofing.xml @@ -1,17 +1,14 @@ - - - 5b48767b-c7a2-4542-af68-33e1f52da2f3 + - + + + - + + + diff --git a/libvirt/nwfilter/no-mac-broadcast.xml b/libvirt/nwfilter/no-mac-broadcast.xml index 1faa4b23..74e65bf7 100644 --- a/libvirt/nwfilter/no-mac-broadcast.xml +++ b/libvirt/nwfilter/no-mac-broadcast.xml @@ -1,13 +1,8 @@ - + + + + + - - e13e3fdf-cf39-493b-8fef-63fd732e5e88 - - - + diff --git a/libvirt/nwfilter/no-mac-spoofing.xml b/libvirt/nwfilter/no-mac-spoofing.xml index eb90e57d..2d0468ff 100644 --- a/libvirt/nwfilter/no-mac-spoofing.xml +++ b/libvirt/nwfilter/no-mac-spoofing.xml @@ -1,16 +1,10 @@ - - - ac0d6631-ea39-4ee9-8004-552ae50ba8ab - + + - + + diff --git a/libvirt/nwfilter/no-other-l2-traffic.xml b/libvirt/nwfilter/no-other-l2-traffic.xml index 1835e3f9..8bad86ef 100644 --- a/libvirt/nwfilter/no-other-l2-traffic.xml +++ b/libvirt/nwfilter/no-other-l2-traffic.xml @@ -1,11 +1,7 @@ - + + + + - - c831aa08-e503-4b2a-a6f7-84647ec9a9c6 - diff --git a/libvirt/nwfilter/no-other-rarp-traffic.xml b/libvirt/nwfilter/no-other-rarp-traffic.xml index f9c0c964..7729996e 100644 --- a/libvirt/nwfilter/no-other-rarp-traffic.xml +++ b/libvirt/nwfilter/no-other-rarp-traffic.xml @@ -1,11 +1,3 @@ - - - - 15155842-ed37-46e4-8bda-8e0017ea65f2 - + + diff --git a/libvirt/nwfilter/qemu-announce-self-rarp.xml b/libvirt/nwfilter/qemu-announce-self-rarp.xml index e1bc04cd..b7a848ad 100644 --- a/libvirt/nwfilter/qemu-announce-self-rarp.xml +++ b/libvirt/nwfilter/qemu-announce-self-rarp.xml @@ -1,16 +1,14 @@ - - - - e24f3768-5db4-418e-a0ed-6f8e8bae55ff + - + - + diff --git a/libvirt/nwfilter/qemu-announce-self.xml b/libvirt/nwfilter/qemu-announce-self.xml index 7e839655..352db500 100644 --- a/libvirt/nwfilter/qemu-announce-self.xml +++ b/libvirt/nwfilter/qemu-announce-self.xml @@ -1,15 +1,13 @@ - - - 247832ba-d1ba-4cd7-8988-2d5e51575c88 - - - - - + + + + + + + + + + diff --git a/ssh/sshd_config b/ssh/sshd_config index bc9f32ba..0dea0929 100644 --- a/ssh/sshd_config +++ b/ssh/sshd_config @@ -1,4 +1,4 @@ -# $OpenBSD: sshd_config,v 1.98 2016/02/17 05:29:04 djm Exp $ +# $OpenBSD: sshd_config,v 1.99 2016/07/11 03:19:44 tedu Exp $ # This is the sshd server system-wide configuration file. See # sshd_config(5) for more information. @@ -34,7 +34,6 @@ #RekeyLimit default none # Logging -# obsoletes QuietMode and FascistLogging #SyslogFacility AUTH #LogLevel INFO @@ -146,6 +145,20 @@ AcceptEnv LANG LC_* # override default of no subsystems Subsystem sftp /usr/lib64/misc/sftp-server +# the following are HPN related configuration options +# tcp receive buffer polling. disable in non autotuning kernels +#TcpRcvBufPoll yes + +# disable hpn performance boosts +#HPNDisabled no + +# buffer size for hpn to non-hpn connections +#HPNBufferSize 2048 + + +# allow the use of the none cipher +#NoneEnabled no + # Example of overriding settings on a per-user basis #Match User anoncvs # X11Forwarding no -- 2.39.5