daily autocommit

diff --git a/.etckeeper b/.etckeeper
index de7b9b0758fa1cea93d83070a5e76f6f5acfa9eb..ac3d09a3cc73ba5bbb09420c799a6cc5918238f8 100755 (executable)
--- a/.etckeeper
+++ b/.etckeeper
@@ -2149,6 +2149,7 @@ maybe chmod 0644 'logrotate.d/apport'
 maybe chmod 0644 'logrotate.d/apt'
 maybe chmod 0644 'logrotate.d/aptitude'
 maybe chmod 0644 'logrotate.d/bind'
+maybe chmod 0644 'logrotate.d/btmp'
 maybe chmod 0644 'logrotate.d/chrony'
 maybe chmod 0644 'logrotate.d/ctdb'
 maybe chmod 0644 'logrotate.d/cups-daemon'
@@ -2167,6 +2168,7 @@ maybe chmod 0644 'logrotate.d/samba'
 maybe chmod 0644 'logrotate.d/speech-dispatcher'
 maybe chmod 0644 'logrotate.d/ufw'
 maybe chmod 0644 'logrotate.d/winbind'
+maybe chmod 0644 'logrotate.d/wtmp'
 maybe chmod 0644 'lsb-release'
 maybe chmod 0644 'ltrace.conf'
 maybe chmod 0755 'lvm'

diff --git a/cron.daily/logrotate b/cron.daily/logrotate
index 0f188645936e65c7fb4d6cbe7b0e5a780af0bffa..7cd40406b6f436f48f8eea416d71f7affdea9e0e 100755 (executable)
--- a/cron.daily/logrotate
+++ b/cron.daily/logrotate
@@ -11,4 +11,14 @@ done >> status.clean
 mv status.clean status
 
 test -x /usr/sbin/logrotate || exit 0
-/usr/sbin/logrotate /etc/logrotate.conf
+LOG=/var/log/logrotate.log
+echo >> ${LOG}
+echo "################################################" >> ${LOG}
+echo "[$(date --rfc-3339=seconds )]: Start Logrotating" >> ${LOG}
+/usr/sbin/logrotate /etc/logrotate.conf >> ${LOG} 2>&1
+EXITVALUE=$?
+if [ $EXITVALUE != 0 ]; then
+    /usr/bin/logger -t logrotate "ALERT exited abnormally with [$EXITVALUE]"
+fi
+echo "[$(date --rfc-3339=seconds )]: End Logrotating" >> ${LOG}
+exit $EXITVALUE

diff --git a/iptables/rules.v4 b/iptables/rules.v4
index c5dc7b7caf509478e7c2820f087ce9a98ce60d8c..087e5ee219cd15d8b2cf44e6a9938fa0fda7e111 100644 (file)
--- a/iptables/rules.v4
+++ b/iptables/rules.v4
@@ -1,28 +1,18 @@
-# Generated by iptables-save v1.6.1 on Mon Jul  9 18:37:19 2018
-*nat
-:PREROUTING ACCEPT [1722:94287]
-:INPUT ACCEPT [587:43491]
-:OUTPUT ACCEPT [999:73894]
-:POSTROUTING ACCEPT [999:73894]
--A POSTROUTING -o eth1 -j MASQUERADE
-COMMIT
-# Completed on Mon Jul  9 18:37:19 2018
-# Generated by iptables-save v1.6.1 on Mon Jul  9 18:37:19 2018
-*mangle
-:PREROUTING ACCEPT [78783:21431779]
-:INPUT ACCEPT [77648:21380983]
-:FORWARD ACCEPT [0:0]
-:OUTPUT ACCEPT [112963:69035449]
-:POSTROUTING ACCEPT [112984:69037785]
-COMMIT
-# Completed on Mon Jul  9 18:37:19 2018
-# Generated by iptables-save v1.6.1 on Mon Jul  9 18:37:19 2018
+# Generated by iptables-save v1.6.1 on Fri Sep  7 10:33:38 2018
 *filter
 :INPUT DROP [0:0]
 :FORWARD DROP [0:0]
-:OUTPUT ACCEPT [112596:68974784]
+:OUTPUT ACCEPT [514:97020]
+-A INPUT -i virbr0 -p udp -m udp --dport 53 -j ACCEPT
+-A INPUT -i virbr0 -p tcp -m tcp --dport 53 -j ACCEPT
+-A INPUT -i virbr0 -p udp -m udp --dport 67 -j ACCEPT
+-A INPUT -i virbr0 -p tcp -m tcp --dport 67 -j ACCEPT
 -A INPUT -m conntrack --ctstate ESTABLISHED -j ACCEPT
 -A INPUT -m conntrack --ctstate RELATED -j ACCEPT
+-A INPUT -s 221.232.0.0/14 -p tcp -m tcp --dport 22 -j DROP
+-A INPUT -s 61.183.0.0/16 -p tcp -m tcp --dport 22 -j DROP
+-A INPUT -s 61.184.0.0/16 -p tcp -m tcp --dport 22 -j DROP
+-A INPUT -s 125.65.42.0/24 -p tcp -m tcp --dport 22 -j DROP
 -A INPUT -s 133.9.187.135/32 -p tcp -m tcp --dport 22 -j DROP
 -A INPUT -s 216.32.92.138/32 -p tcp -m tcp --dport 22 -j DROP
 -A INPUT -i lo -j ACCEPT
@@ -49,6 +39,11 @@ COMMIT
 -A INPUT -i eth1 -p udp -m udp --dport 631 -j DROP
 -A INPUT -j NFLOG --nflog-prefix  "INPUT Drop " --nflog-threshold 1
 -A INPUT -j DROP
+-A FORWARD -d 192.168.122.0/24 -o virbr0 -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
+-A FORWARD -s 192.168.122.0/24 -i virbr0 -j ACCEPT
+-A FORWARD -i virbr0 -o virbr0 -j ACCEPT
+-A FORWARD -o virbr0 -j REJECT --reject-with icmp-port-unreachable
+-A FORWARD -i virbr0 -j REJECT --reject-with icmp-port-unreachable
 -A FORWARD -m conntrack --ctstate ESTABLISHED -j ACCEPT
 -A FORWARD -m conntrack --ctstate RELATED -j ACCEPT
 -A FORWARD -p icmp -j ACCEPT
@@ -58,5 +53,30 @@ COMMIT
 -A FORWARD -i lo -j ACCEPT
 -A FORWARD -j NFLOG --nflog-prefix  "FORWARD Drop " --nflog-threshold 1
 -A FORWARD -j DROP
+-A OUTPUT -o virbr0 -p udp -m udp --dport 68 -j ACCEPT
+COMMIT
+# Completed on Fri Sep  7 10:33:38 2018
+# Generated by iptables-save v1.6.1 on Fri Sep  7 10:33:38 2018
+*mangle
+:PREROUTING ACCEPT [2780971:1073916911]
+:INPUT ACCEPT [2775019:1073614296]
+:FORWARD ACCEPT [530:60638]
+:OUTPUT ACCEPT [981171:208638362]
+:POSTROUTING ACCEPT [1124728:225421903]
+-A POSTROUTING -o virbr0 -p udp -m udp --dport 68 -j CHECKSUM --checksum-fill
+COMMIT
+# Completed on Fri Sep  7 10:33:38 2018
+# Generated by iptables-save v1.6.1 on Fri Sep  7 10:33:38 2018
+*nat
+:PREROUTING ACCEPT [175037:83596528]
+:INPUT ACCEPT [169380:83319440]
+:OUTPUT ACCEPT [115353:23384772]
+:POSTROUTING ACCEPT [111775:22620528]
+-A POSTROUTING -s 192.168.122.0/24 -d 224.0.0.0/24 -j RETURN
+-A POSTROUTING -s 192.168.122.0/24 -d 255.255.255.255/32 -j RETURN
+-A POSTROUTING -s 192.168.122.0/24 ! -d 192.168.122.0/24 -p tcp -j MASQUERADE --to-ports 1024-65535
+-A POSTROUTING -s 192.168.122.0/24 ! -d 192.168.122.0/24 -p udp -j MASQUERADE --to-ports 1024-65535
+-A POSTROUTING -s 192.168.122.0/24 ! -d 192.168.122.0/24 -j MASQUERADE
+-A POSTROUTING -o eth1 -j MASQUERADE
 COMMIT
-# Completed on Mon Jul  9 18:37:19 2018
+# Completed on Fri Sep  7 10:33:38 2018

diff --git a/iptables/rules.v6 b/iptables/rules.v6
index 5391572284e77c9f046b3dfc975b5b7f2832ab57..405ca19003a2a6209a5a14944310a0ff141ff09c 100644 (file)
--- a/iptables/rules.v6
+++ b/iptables/rules.v6
@@ -1,17 +1,8 @@
-# Generated by ip6tables-save v1.6.1 on Mon Jul  9 18:37:19 2018
-*mangle
-:PREROUTING ACCEPT [2772:1042808]
-:INPUT ACCEPT [128:18749]
-:FORWARD ACCEPT [0:0]
-:OUTPUT ACCEPT [28:3099]
-:POSTROUTING ACCEPT [49:5855]
-COMMIT
-# Completed on Mon Jul  9 18:37:19 2018
-# Generated by ip6tables-save v1.6.1 on Mon Jul  9 18:37:19 2018
+# Generated by ip6tables-save v1.6.1 on Fri Sep  7 10:33:38 2018
 *filter
 :INPUT DROP [0:0]
 :FORWARD DROP [0:0]
-:OUTPUT ACCEPT [28:3099]
+:OUTPUT ACCEPT [705:86754]
 :f_mail - [0:0]
 -A INPUT -m conntrack --ctstate ESTABLISHED -j ACCEPT
 -A INPUT -m conntrack --ctstate RELATED -j ACCEPT
@@ -60,4 +51,13 @@ COMMIT
 -A f_mail -j NFLOG --nflog-prefix  "IPv6 F_MAIL Reject " --nflog-threshold 1
 -A f_mail -j REJECT --reject-with icmp6-port-unreachable
 COMMIT
-# Completed on Mon Jul  9 18:37:19 2018
+# Completed on Fri Sep  7 10:33:38 2018
+# Generated by ip6tables-save v1.6.1 on Fri Sep  7 10:33:38 2018
+*mangle
+:PREROUTING ACCEPT [13771:4996662]
+:INPUT ACCEPT [1513:206900]
+:FORWARD ACCEPT [0:0]
+:OUTPUT ACCEPT [705:86754]
+:POSTROUTING ACCEPT [1228:161933]
+COMMIT
+# Completed on Fri Sep  7 10:33:38 2018

diff --git a/logrotate.conf b/logrotate.conf
index 7f50acbfa6371b9063ac6f783c61febaa8c4de57..2e7887ee2de65d3c105977e9921e560cc9374e82 100644 (file)
--- a/logrotate.conf
+++ b/logrotate.conf
@@ -32,20 +32,4 @@ noolddir
 # packages drop log rotation information into this directory
 include /etc/logrotate.d
 
-# no packages own wtmp, or btmp -- we'll rotate them here
-/var/log/wtmp {
-    missingok
-    monthly
-    create 0664 root utmp
-    rotate 12
-    minsize 4M
-}
-
-/var/log/btmp {
-    missingok
-    monthly
-    create 0660 root utmp
-    rotate 1
-}
-
 # system-specific logs may be configured here

diff --git a/logrotate.d/btmp b/logrotate.d/btmp
new file mode 100644 (file)
index 0000000..2e5f092
--- /dev/null
+++ b/logrotate.d/btmp
@@ -0,0 +1,11 @@
+# no packages own btmp -- we'll rotate it here
+/var/log/btmp {
+    missingok
+    weekly
+    create 0660 root utmp
+    minsize 4M
+    rotate 12
+    dateext
+    dateformat -%Y-%m-%d
+}
+

diff --git a/logrotate.d/wtmp b/logrotate.d/wtmp
new file mode 100644 (file)
index 0000000..9f89f5e
--- /dev/null
+++ b/logrotate.d/wtmp
@@ -0,0 +1,12 @@
+# no packages own wtmp, or btmp -- we'll rotate them here
+/var/log/wtmp {
+    missingok
+    weekly
+    create 0664 root utmp
+    rotate 12
+    minsize 4M
+    dateext
+    dateformat -%Y-%m-%d
+}
+
+