From: Frank Brehm Date: Mon, 2 Mar 2015 13:35:48 +0000 (+0100) Subject: Current state X-Git-Url: https://git.uhu-banane.net/?a=commitdiff_plain;h=23beaf8c5927a1e4ea55798745198dfa5b7bd3f4;p=config%2Fhelga%2Fetc.git Current state --- diff --git a/ImageMagick-6/delegates.xml b/ImageMagick-6/delegates.xml index 855352e..f838a0e 100644 --- a/ImageMagick-6/delegates.xml +++ b/ImageMagick-6/delegates.xml @@ -69,6 +69,8 @@ --> + + @@ -121,7 +123,7 @@ - + diff --git a/ImageMagick-6/policy.xml b/ImageMagick-6/policy.xml index e4908b1..16e2790 100644 --- a/ImageMagick-6/policy.xml +++ b/ImageMagick-6/policy.xml @@ -39,15 +39,17 @@ - Define arguments for the memory, map, area, and disk resources with - SI prefixes (.e.g 100MB). In addition, resource policies are maximums for - each instance of ImageMagick (e.g. policy memory limit 1GB, -limit 2GB + Define arguments for the memory, map, area, width, height, and disk resources + with SI prefixes (.e.g 100MB). In addition, resource policies are maximums + for each instance of ImageMagick (e.g. policy memory limit 1GB, -limit 2GB exceeds policy maximum so memory limit is 1GB). --> + + diff --git a/ImageMagick-6/type.xml b/ImageMagick-6/type.xml index 9197be4..6a8ee9d 100644 --- a/ImageMagick-6/type.xml +++ b/ImageMagick-6/type.xml @@ -17,5 +17,5 @@ ]> - + diff --git a/bind/named-acl.conf b/bind/named-acl.conf index 5f722d5..b4bfa10 100644 --- a/bind/named-acl.conf +++ b/bind/named-acl.conf @@ -17,13 +17,14 @@ acl common-allow-transfer { 213.20.92.7; 80.154.16.7; - 85.199.64.7; - 46.16.73.175; + 85.199.64.7; // ns3.boreus.de + 195.50.185.7; // ns1.boreus.de + 46.16.73.175; // uhu1 + 46.189.56.7; // ns2.boreus.de 85.214.43.33; 85.214.134.152; // helga 85.214.147.150; // leela 144.76.221.169; // maria.acwain.net - 195.50.185.7; 2a01:238:4239:8a00:d4da:215d:3d01:f9b9; // leela 127.0.0.1; ::1; @@ -32,6 +33,7 @@ acl common-allow-transfer { 2a01:4f8:200:94a8::2; // maria.acwain.net 2001:6f8:1db7::1; 2001:6f8:1c00:365::2; + }; acl allow-dyn-update { diff --git a/bind/named-pri.conf b/bind/named-pri.conf index fea0692..90f7dc5 100644 --- a/bind/named-pri.conf +++ b/bind/named-pri.conf @@ -30,6 +30,11 @@ zone "brehm-online.com" { allow-transfer { common-allow-transfer; }; + also-notify { + 195.50.185.7; + 46.189.56.7; + 85.199.64.7; + }; }; //zone "brehm-online.eu" { @@ -62,6 +67,11 @@ zone "hennig-berlin.org" { allow-transfer { common-allow-transfer; }; + also-notify { + 195.50.185.7; + 46.189.56.7; + 85.199.64.7; + }; }; //zone "uhu-banane.com" IN { @@ -80,6 +90,11 @@ zone "uhu-banane.de" IN { allow-transfer { common-allow-transfer; }; + also-notify { + 195.50.185.7; + 46.189.56.7; + 85.199.64.7; + }; }; //zone "uhu-banane.net" IN { diff --git a/conf.d/devfs b/conf.d/devfs new file mode 100644 index 0000000..51f8037 --- /dev/null +++ b/conf.d/devfs @@ -0,0 +1,8 @@ +# OpenRC will attempt each of the following in succession to mount /dev. +# +# 1. If there is an entry for /dev in fstab, it will be used. +# 2. If devtmpfs is defined in the kernel, it will be used. +# 3. If tmpfs is defined in the kernel, it will be used. +# +# Set this to yes if you do not want OpenRC to attempt to mount /dev. +# skip_mount_dev="NO" diff --git a/conf.d/hwclock b/conf.d/hwclock index 59bb732..ce9b40a 100644 --- a/conf.d/hwclock +++ b/conf.d/hwclock @@ -7,8 +7,8 @@ clock="UTC" # If you want the hwclock script to set the system time (software clock) # to match the current hardware clock during bootup, leave this # commented out. -# However, you can set this to "NO" ifyou are running a modern kernel -# with CONFIG_RTC_HCTOSYS set to y and your hardware clock set to UTC. +# However, you can set this to "NO" if you are running a modern kernel +# and using NTP to synchronize your system clock. #clock_hctosys="YES" # If you do not want to set the hardware clock to the current system diff --git a/conf.d/keymaps b/conf.d/keymaps index 6debfc9..227d3b9 100644 --- a/conf.d/keymaps +++ b/conf.d/keymaps @@ -19,6 +19,6 @@ extended_keymaps="" # For a list of valid sets, run `dumpkeys --help` dumpkeys_charset="" -# Some fonts map AltGr-E to the currency symbol ¤ instead of the Euro € +# Some fonts map AltGr-E to the currency symbol instead of the Euro. # To fix this, set to "yes" fix_euro="NO" diff --git a/config-archive/etc/conf.d/keymaps b/config-archive/etc/conf.d/keymaps index 52bd111..6debfc9 100644 --- a/config-archive/etc/conf.d/keymaps +++ b/config-archive/etc/conf.d/keymaps @@ -13,7 +13,7 @@ windowkeys="YES" extended_keymaps="" #extended_keymaps="backspace keypad euro2" -# Tell dumpkeys(1) to interpret character action codes to be +# Tell dumpkeys(1) to interpret character action codes to be # from the specified character set. # This only matters if you set unicode="yes" in /etc/rc.conf. # For a list of valid sets, run `dumpkeys --help` @@ -22,4 +22,3 @@ dumpkeys_charset="" # Some fonts map AltGr-E to the currency symbol ¤ instead of the Euro € # To fix this, set to "yes" fix_euro="NO" - diff --git a/config-archive/etc/conf.d/keymaps.1 b/config-archive/etc/conf.d/keymaps.1 new file mode 100644 index 0000000..52bd111 --- /dev/null +++ b/config-archive/etc/conf.d/keymaps.1 @@ -0,0 +1,25 @@ +# Use keymap to specify the default console keymap. There is a complete tree +# of keymaps in /usr/share/keymaps to choose from. +#keymap="us" +keymap="de-latin1-nodeadkeys" + +# Should we first load the 'windowkeys' console keymap? Most x86 users will +# say "yes" here. Note that non-x86 users should leave it as "no". +# Loading this keymap will enable VT switching (like ALT+Left/Right) +# using the special windows keys on the linux console. +windowkeys="YES" + +# The maps to load for extended keyboards. Most users will leave this as is. +extended_keymaps="" +#extended_keymaps="backspace keypad euro2" + +# Tell dumpkeys(1) to interpret character action codes to be +# from the specified character set. +# This only matters if you set unicode="yes" in /etc/rc.conf. +# For a list of valid sets, run `dumpkeys --help` +dumpkeys_charset="" + +# Some fonts map AltGr-E to the currency symbol ¤ instead of the Euro € +# To fix this, set to "yes" +fix_euro="NO" + diff --git a/config-archive/etc/conf.d/keymaps.dist b/config-archive/etc/conf.d/keymaps.dist index 35d5b89..e454433 100644 --- a/config-archive/etc/conf.d/keymaps.dist +++ b/config-archive/etc/conf.d/keymaps.dist @@ -18,6 +18,6 @@ extended_keymaps="" # For a list of valid sets, run `dumpkeys --help` dumpkeys_charset="" -# Some fonts map AltGr-E to the currency symbol ¤ instead of the Euro € +# Some fonts map AltGr-E to the currency symbol instead of the Euro. # To fix this, set to "yes" fix_euro="NO" diff --git a/config-archive/etc/mysql/my.cnf.dist b/config-archive/etc/mysql/my.cnf.dist new file mode 100644 index 0000000..dcd08b3 --- /dev/null +++ b/config-archive/etc/mysql/my.cnf.dist @@ -0,0 +1,141 @@ +# /etc/mysql/my.cnf: The global mysql configuration file. +# $Header: /var/cvsroot/gentoo-x86/dev-db/mysql/files/my.cnf-5.6,v 1.1 2014/10/08 16:42:41 grknight Exp $ + +# The following options will be passed to all MySQL clients +[client] +#password = your_password +port = 3306 +socket = /var/run/mysqld/mysqld.sock + +[mysql] +character-sets-dir=/usr/share/mysql/charsets +default-character-set=utf8 + +[mysqladmin] +character-sets-dir=/usr/share/mysql/charsets +default-character-set=utf8 + +[mysqlcheck] +character-sets-dir=/usr/share/mysql/charsets +default-character-set=utf8 + +[mysqldump] +character-sets-dir=/usr/share/mysql/charsets +default-character-set=utf8 + +[mysqlimport] +character-sets-dir=/usr/share/mysql/charsets +default-character-set=utf8 + +[mysqlshow] +character-sets-dir=/usr/share/mysql/charsets +default-character-set=utf8 + +[myisamchk] +character-sets-dir=/usr/share/mysql/charsets + +[myisampack] +character-sets-dir=/usr/share/mysql/charsets + +# use [safe_mysqld] with mysql-3 +[mysqld_safe] +err-log = /var/log/mysql/mysql.err + +# add a section [mysqld-4.1] or [mysqld-5.0] for specific configurations +[mysqld] +character-set-server = utf8 +user = mysql +port = 3306 +socket = /var/run/mysqld/mysqld.sock +pid-file = /var/run/mysqld/mysqld.pid +log-error = /var/log/mysql/mysqld.err +basedir = /usr +datadir = /var/lib/mysql +skip-external-locking +key_buffer_size = 16M +max_allowed_packet = 4M +table_open_cache = 400 +sort_buffer_size = 512K +net_buffer_length = 16K +read_buffer_size = 256K +read_rnd_buffer_size = 512K +myisam_sort_buffer_size = 8M +lc_messages_dir = /usr/share/mysql +#Set this to your desired error message language +lc_messages = en_US + +# security: +# using "localhost" in connects uses sockets by default +# skip-networking +bind-address = 127.0.0.1 + +log-bin +server-id = 1 + +# point the following paths to different dedicated disks +tmpdir = /tmp/ +#log-update = /path-to-dedicated-directory/hostname + +# you need the debug USE flag enabled to use the following directives, +# if needed, uncomment them, start the server and issue +# #tail -f /tmp/mysqld.sql /tmp/mysqld.trace +# this will show you *exactly* what's happening in your server ;) + +#log = /tmp/mysqld.sql +#gdb +#debug = d:t:i:o,/tmp/mysqld.trace +#one-thread + +# the rest of the innodb config follows: +# don't eat too much memory, we're trying to be safe on 64Mb boxes +# you might want to bump this up a bit on boxes with more RAM +innodb_buffer_pool_size = 128M +# +# i'd like to use /var/lib/mysql/innodb, but that is seen as a database :-( +# and upstream wants things to be under /var/lib/mysql/, so that's the route +# we have to take for the moment +#innodb_data_home_dir = /var/lib/mysql/ +#innodb_log_arch_dir = /var/lib/mysql/ +#innodb_log_group_home_dir = /var/lib/mysql/ +# you may wish to change this size to be more suitable for your system +# the max is there to avoid run-away growth on your machine +innodb_data_file_path = ibdata1:10M:autoextend:max:128M +# we keep this at around 25% of of innodb_buffer_pool_size +# sensible values range from 1MB to (1/innodb_log_files_in_group*innodb_buffer_pool_size) +innodb_log_file_size = 48M +# this is the default, increase it if you have very large transactions going on +innodb_log_buffer_size = 8M +# this is the default and won't hurt you +# you shouldn't need to tweak it +innodb_log_files_in_group=2 +# see the innodb config docs, the other options are not always safe +innodb_flush_log_at_trx_commit = 1 +innodb_lock_wait_timeout = 50 +innodb_file_per_table + +# Uncomment this to get FEDERATED engine support +#plugin-load=federated=ha_federated.so +loose-federated + +[mysqldump] +quick +max_allowed_packet = 16M + +[mysql] +# uncomment the next directive if you are not familiar with SQL +#safe-updates + +[isamchk] +key_buffer_size = 20M +sort_buffer_size = 20M +read_buffer = 2M +write_buffer = 2M + +[myisamchk] +key_buffer_size = 20M +sort_buffer_size = 20M +read_buffer_size = 2M +write_buffer_size = 2M + +[mysqlhotcopy] +interactive-timeout diff --git a/config-archive/etc/mysql/my.cnf.dist.new b/config-archive/etc/mysql/my.cnf.dist.new deleted file mode 100644 index 4829b67..0000000 --- a/config-archive/etc/mysql/my.cnf.dist.new +++ /dev/null @@ -1,149 +0,0 @@ -# /etc/mysql/my.cnf: The global mysql configuration file. -# $Header: /var/cvsroot/gentoo-x86/dev-db/mysql/files/my.cnf-5.5,v 1.4 2014/08/28 14:06:54 grknight Exp $ - -# The following options will be passed to all MySQL clients -[client] -#password = your_password -port = 3306 -socket = /var/run/mysqld/mysqld.sock - -[mysql] -character-sets-dir=/usr/share/mysql/charsets -default-character-set=utf8 - -[mysqladmin] -character-sets-dir=/usr/share/mysql/charsets -default-character-set=utf8 - -[mysqlcheck] -character-sets-dir=/usr/share/mysql/charsets -default-character-set=utf8 - -[mysqldump] -character-sets-dir=/usr/share/mysql/charsets -default-character-set=utf8 - -[mysqlimport] -character-sets-dir=/usr/share/mysql/charsets -default-character-set=utf8 - -[mysqlshow] -character-sets-dir=/usr/share/mysql/charsets -default-character-set=utf8 - -[myisamchk] -character-sets-dir=/usr/share/mysql/charsets - -[myisampack] -character-sets-dir=/usr/share/mysql/charsets - -# use [safe_mysqld] with mysql-3 -[mysqld_safe] -err-log = /var/log/mysql/mysql.err - -# add a section [mysqld-4.1] or [mysqld-5.0] for specific configurations -[mysqld] -character-set-server = utf8 -user = mysql -port = 3306 -socket = /var/run/mysqld/mysqld.sock -pid-file = /var/run/mysqld/mysqld.pid -log-error = /var/log/mysql/mysqld.err -basedir = /usr -datadir = /var/lib/mysql -skip-external-locking -key_buffer_size = 16M -max_allowed_packet = 1M -table_open_cache = 64 -sort_buffer_size = 512K -net_buffer_length = 8K -read_buffer_size = 256K -read_rnd_buffer_size = 512K -myisam_sort_buffer_size = 8M -lc_messages_dir = /usr/share/mysql -#Set this to your desired error message language -lc_messages = en_US - -# security: -# using "localhost" in connects uses sockets by default -# skip-networking -bind-address = 127.0.0.1 - -log-bin -server-id = 1 - -# point the following paths to different dedicated disks -tmpdir = /tmp/ -#log-update = /path-to-dedicated-directory/hostname - -# you need the debug USE flag enabled to use the following directives, -# if needed, uncomment them, start the server and issue -# #tail -f /tmp/mysqld.sql /tmp/mysqld.trace -# this will show you *exactly* what's happening in your server ;) - -#log = /tmp/mysqld.sql -#gdb -#debug = d:t:i:o,/tmp/mysqld.trace -#one-thread - -# the following is the InnoDB configuration -# if you wish to disable innodb instead -# uncomment just the next line -#skip-innodb -# -# the rest of the innodb config follows: -# don't eat too much memory, we're trying to be safe on 64Mb boxes -# you might want to bump this up a bit on boxes with more RAM -innodb_buffer_pool_size = 16M -# this is the default, increase it if you have lots of tables -innodb_additional_mem_pool_size = 2M -# -# i'd like to use /var/lib/mysql/innodb, but that is seen as a database :-( -# and upstream wants things to be under /var/lib/mysql/, so that's the route -# we have to take for the moment -#innodb_data_home_dir = /var/lib/mysql/ -#innodb_log_arch_dir = /var/lib/mysql/ -#innodb_log_group_home_dir = /var/lib/mysql/ -# you may wish to change this size to be more suitable for your system -# the max is there to avoid run-away growth on your machine -innodb_data_file_path = ibdata1:10M:autoextend:max:128M -# we keep this at around 25% of of innodb_buffer_pool_size -# sensible values range from 1MB to (1/innodb_log_files_in_group*innodb_buffer_pool_size) -innodb_log_file_size = 5M -# this is the default, increase it if you have very large transactions going on -innodb_log_buffer_size = 8M -# this is the default and won't hurt you -# you shouldn't need to tweak it -innodb_log_files_in_group=2 -# see the innodb config docs, the other options are not always safe -innodb_flush_log_at_trx_commit = 1 -innodb_lock_wait_timeout = 50 -innodb_file_per_table - -# Uncomment this to get FEDERATED engine support -#plugin-load=federated=ha_federated.so -#loose-federated - -[mysqldump] -quick -max_allowed_packet = 16M - -[mysql] -# uncomment the next directive if you are not familiar with SQL -#safe-updates - -[isamchk] -key_buffer_size = 20M -sort_buffer_size = 20M -read_buffer = 2M -write_buffer = 2M - -[myisamchk] -key_buffer_size = 20M -sort_buffer_size = 20M -read_buffer_size = 2M -write_buffer_size = 2M - -[mysqlhotcopy] -interactive-timeout - diff --git a/config-archive/etc/rc.conf b/config-archive/etc/rc.conf index b9a9d6d..42b7dfd 100644 --- a/config-archive/etc/rc.conf +++ b/config-archive/etc/rc.conf @@ -80,6 +80,10 @@ rc_log_path="/var/log/rc.log" # Set unicode to YES to turn on unicode support for keyboards and screens. unicode="YES" +# This is how long fuser should wait for a remote server to respond. The +# default is 60 seconds, but it can be adjusted here. +#rc_fuser_timeout=60 + # Below is the default list of network fstypes. # # afs cifs coda davfs fuse fuse.sshfs gfs glusterfs lustre ncpfs @@ -101,7 +105,7 @@ unicode="YES" # Some daemons are started and stopped via start-stop-daemon. # We can set some things on a per service basis, like the nicelevel. -#export SSD_NICELEVEL="-19" +#SSD_NICELEVEL="-19" # Pass ulimit parameters #rc_ulimit="-u 30" @@ -153,10 +157,59 @@ rc_sys="" # consolefont, numlock, etc ...) rc_tty_number=12 +############################################################################## +# CGROUPS RESOURCE MANAGEMENT + # If you have cgroups turned on in your kernel, this switch controls # whether or not a group for each controller is mounted under # /sys/fs/cgroup. -# Support for process management by cgroups is planned in the future, -# so if you turn this off, be aware that you may not be able to use that -# feature. +# None of the other options in this section work if this is set to "NO". #rc_controller_cgroups="YES" + +# The following settings allow you to set up values for the cgroup +# controllers for your services. +# They can be set in this file;, however, if you do this, the settings +# will apply to all of your services. +# If you want different settings for each service, place the settings in +# /etc/conf.d/foo for service foo. +# The format is to specify the names of the settings followed by their +# values. Each variable can hold multiple settings. +# For example, you would use this to set the cpu.shares setting in the +# cpu controller to 512 for your service. +# rc_cgroup_cpu=" +# cpu.shares 512 +# " +# +#For more information about the adjustments that can be made with +#cgroups, see Documentation/cgroups/* in the linux kernel source tree. + +# Set the blkio controller settings for this service. +#rc_cgroup_blkio="" + +# Set the cpu controller settings for this service. +#rc_cgroup_cpu="" + +# Add this service to the cpuacct controller (any value means yes). +#rc_cgroup_cpuacct="" + +# Set the cpuset controller settings for this service. +#rc_cgroup_cpuset="" + +# Set the devices controller settings for this service. +#rc_cgroup_devices="" + +# Set the memory controller settings for this service. +#rc_cgroup_memory="" + +# Set the net_prio controller settings for this service. +#rc_cgroup_net_prio="" + +# Set this to YES if yu want all of the processes in a service's cgroup +# killed when the service is stopped or restarted. +# This should not be set globally because it kills all of the service's +# child processes, and most of the time this is undesirable. Please set +# it in /etc/conf.d/. +# To perform this cleanup manually for a stopped service, you can +# execute cgroup_cleanup with /etc/init.d/ cgroup_cleanup or +# rc-service cgroup_cleanup. +# rc_cgroup_cleanup="NO" diff --git a/config-archive/etc/rc.conf.1 b/config-archive/etc/rc.conf.1 index ae9e0cf..b9a9d6d 100644 --- a/config-archive/etc/rc.conf.1 +++ b/config-archive/etc/rc.conf.1 @@ -154,7 +154,7 @@ rc_sys="" rc_tty_number=12 # If you have cgroups turned on in your kernel, this switch controls -# whether or not a group for each controler is mounted under +# whether or not a group for each controller is mounted under # /sys/fs/cgroup. # Support for process management by cgroups is planned in the future, # so if you turn this off, be aware that you may not be able to use that diff --git a/config-archive/etc/rc.conf.2 b/config-archive/etc/rc.conf.2 index e0be8cb..ae9e0cf 100644 --- a/config-archive/etc/rc.conf.2 +++ b/config-archive/etc/rc.conf.2 @@ -1,8 +1,18 @@ # Global OpenRC configuration settings +# Set to "YES" if you want the rc system to try and start services +# in parallel for a slight speed improvement. When running in parallel we +# prefix the service output with its name as the output will get +# jumbled up. +# WARNING: whilst we have improved parallel, it can still potentially lock +# the boot process. Don't file bugs about this unless you can supply +# patches that fix it without breaking other things! +#rc_parallel="NO" + # Set rc_interactive to "YES" and you'll be able to press the I key during # boot so you can choose to start specific services. Set to "NO" to disable -# this feature. +# this feature. This feature is automatically disabled if rc_parallel is +# set to YES. #rc_interactive="YES" # If we need to drop to a shell, you can specify it here. @@ -84,6 +94,10 @@ unicode="YES" # These variables are documented here, but should be configured in # /etc/conf.d/foo for service foo and NOT enabled here unless you # really want them to work on a global basis. +# If your service has characters in its name which are not legal in +# shell variable names and you configure the variables for it in this +# file, those characters should be replaced with underscores in the +# variable names as shown below. # Some daemons are started and stopped via start-stop-daemon. # We can set some things on a per service basis, like the nicelevel. @@ -106,6 +120,13 @@ unicode="YES" #rc_foo_need="openvpn" #rc_foo_after="clock" +# Below is an example for service foo-bar. Note that the '-' is illegal +# in a shell variable name, so we convert it to an underscore. +# example for service foo-bar. +#rc_foo_bar_config="/etc/foo-bar" +#rc_foo_bar_need="openvpn" +#rc_foo_bar_after="clock" + # You can also remove dependencies. # This is mainly used for saying which servies do NOT provide net. #rc_net_tap0_provide="!net" @@ -122,9 +143,7 @@ unicode="YES" # "vserver" - Linux vserver # "xen0" - Xen0 Domain # "xenU" - XenU Domain -# If this is commented out, automatic detection will be attempted. -# Note that autodetection will not work in a prefix environment or in a -# linux container. +# If this is commented out, automatic detection will be used. # # This should be set to the value representing the environment this file is # PRESENTLY in, not the virtualization the environment is capable of. @@ -133,3 +152,11 @@ rc_sys="" # This is the number of tty's used in most of the rc-scripts (like # consolefont, numlock, etc ...) rc_tty_number=12 + +# If you have cgroups turned on in your kernel, this switch controls +# whether or not a group for each controler is mounted under +# /sys/fs/cgroup. +# Support for process management by cgroups is planned in the future, +# so if you turn this off, be aware that you may not be able to use that +# feature. +#rc_controller_cgroups="YES" diff --git a/config-archive/etc/rc.conf.3 b/config-archive/etc/rc.conf.3 new file mode 100644 index 0000000..e0be8cb --- /dev/null +++ b/config-archive/etc/rc.conf.3 @@ -0,0 +1,135 @@ +# Global OpenRC configuration settings + +# Set rc_interactive to "YES" and you'll be able to press the I key during +# boot so you can choose to start specific services. Set to "NO" to disable +# this feature. +#rc_interactive="YES" + +# If we need to drop to a shell, you can specify it here. +# If not specified we use $SHELL, otherwise the one specified in /etc/passwd, +# otherwise /bin/sh +# Linux users could specify /sbin/sulogin +rc_shell=/sbin/sulogin + +# Do we allow any started service in the runlevel to satisfy the dependency +# or do we want all of them regardless of state? For example, if net.eth0 +# and net.eth1 are in the default runlevel then with rc_depend_strict="NO" +# both will be started, but services that depend on 'net' will work if either +# one comes up. With rc_depend_strict="YES" we would require them both to +# come up. +#rc_depend_strict="YES" + +# rc_hotplug is a list of services that we allow to be hotplugged. +# By default we do not allow hotplugging. +# A hotplugged service is one started by a dynamic dev manager when a matching +# hardware device is found. +# This service is intrinsically included in the boot runlevel. +# To disable services, prefix with a ! +# Example - rc_hotplug="net.wlan !net.*" +# This allows net.wlan and any service not matching net.* to be plugged. +# Example - rc_hotplug="*" +# This allows all services to be hotplugged +#rc_hotplug="*" + +# rc_logger launches a logging daemon to log the entire rc process to +# /var/log/rc.log +# NOTE: Linux systems require the devfs service to be started before +# logging can take place and as such cannot log the sysinit runlevel. +rc_logger="YES" + +# Through rc_log_path you can specify a custom log file. +# The default value is: /var/log/rc.log +rc_log_path="/var/log/rc.log" + +# By default we filter the environment for our running scripts. To allow other +# variables through, add them here. Use a * to allow all variables through. +#rc_env_allow="VAR1 VAR2" + +# By default we assume that all daemons will start correctly. +# However, some do not - a classic example is that they fork and return 0 AND +# then child barfs on a configuration error. Or the daemon has a bug and the +# child crashes. You can set the number of milliseconds start-stop-daemon +# waits to check that the daemon is still running after starting here. +# The default is 0 - no checking. +#rc_start_wait=100 + +# rc_nostop is a list of services which will not stop when changing runlevels. +# This still allows the service itself to be stopped when called directly. +#rc_nostop="" + +# rc will attempt to start crashed services by default. +# However, it will not stop them by default as that could bring down other +# critical services. +#rc_crashed_stop=NO +#rc_crashed_start=YES + +############################################################################## +# MISC CONFIGURATION VARIABLES +# There variables are shared between many init scripts + +# Set unicode to YES to turn on unicode support for keyboards and screens. +unicode="YES" + +# Below is the default list of network fstypes. +# +# afs cifs coda davfs fuse fuse.sshfs gfs glusterfs lustre ncpfs +# nfs nfs4 ocfs2 shfs smbfs +# +# If you would like to add to this list, you can do so by adding your +# own fstypes to the following variable. +#extra_net_fs_list="" + +############################################################################## +# SERVICE CONFIGURATION VARIABLES +# These variables are documented here, but should be configured in +# /etc/conf.d/foo for service foo and NOT enabled here unless you +# really want them to work on a global basis. + +# Some daemons are started and stopped via start-stop-daemon. +# We can set some things on a per service basis, like the nicelevel. +#export SSD_NICELEVEL="-19" + +# Pass ulimit parameters +#rc_ulimit="-u 30" + +# It's possible to define extra dependencies for services like so +#rc_config="/etc/foo" +#rc_need="openvpn" +#rc_use="net.eth0" +#rc_after="clock" +#rc_before="local" +#rc_provide="!net" + +# You can also enable the above commands here for each service. Below is an +# example for service foo. +#rc_foo_config="/etc/foo" +#rc_foo_need="openvpn" +#rc_foo_after="clock" + +# You can also remove dependencies. +# This is mainly used for saying which servies do NOT provide net. +#rc_net_tap0_provide="!net" + +############################################################################## +# LINUX SPECIFIC OPTIONS + +# This is the subsystem type. Valid options on Linux: +# "" - nothing special +# "lxc" - Linux Containers +# "openvz" - Linux OpenVZ +# "prefix" - Prefix +# "uml" - Usermode Linux +# "vserver" - Linux vserver +# "xen0" - Xen0 Domain +# "xenU" - XenU Domain +# If this is commented out, automatic detection will be attempted. +# Note that autodetection will not work in a prefix environment or in a +# linux container. +# +# This should be set to the value representing the environment this file is +# PRESENTLY in, not the virtualization the environment is capable of. +rc_sys="" + +# This is the number of tty's used in most of the rc-scripts (like +# consolefont, numlock, etc ...) +rc_tty_number=12 diff --git a/config-archive/etc/rc.conf.dist b/config-archive/etc/rc.conf.dist index ec1c4a4..0970fb9 100644 --- a/config-archive/etc/rc.conf.dist +++ b/config-archive/etc/rc.conf.dist @@ -51,6 +51,10 @@ rc_shell=/sbin/sulogin # The default value is: /var/log/rc.log #rc_log_path="/var/log/rc.log" +# If you want verbose output for OpenRC, set this to yes. If you want +# verbose output for service foo only, set it to yes in /etc/conf.d/foo. +#rc_verbose=no + # By default we filter the environment for our running scripts. To allow other # variables through, add them here. Use a * to allow all variables through. #rc_env_allow="VAR1 VAR2" @@ -73,6 +77,10 @@ rc_shell=/sbin/sulogin #rc_crashed_stop=NO #rc_crashed_start=YES +# Set rc_nocolor to yes if you do not want colors displayed in OpenRC +# output. +#rc_nocolor=NO + ############################################################################## # MISC CONFIGURATION VARIABLES # There variables are shared between many init scripts @@ -86,7 +94,7 @@ unicode="YES" # Below is the default list of network fstypes. # -# afs cifs coda davfs fuse fuse.sshfs gfs glusterfs lustre ncpfs +# afs ceph cifs coda davfs fuse fuse.sshfs gfs glusterfs lustre ncpfs # nfs nfs4 ocfs2 shfs smbfs # # If you would like to add to this list, you can do so by adding your diff --git a/config-archive/etc/ulogd.conf b/config-archive/etc/ulogd.conf index 599d49b..86c2d67 100644 --- a/config-archive/etc/ulogd.conf +++ b/config-archive/etc/ulogd.conf @@ -1,5 +1,4 @@ # Example configuration for ulogd -# $Id: ulogd.conf,v 1.3 2010/10/12 07:51:44 root Exp $ # Adapted to Debian by Achilleas Kotsis [global] @@ -198,7 +197,7 @@ sync=1 [pcap1] #default file is /var/log/ulogd/ulogd.pcap -#file=/var/log/ulogd/ulogd.pcap +#file="/var/log/ulogd/ulogd.pcap" sync=1 [mysql1] @@ -208,6 +207,13 @@ user="nupik" table="ulog" pass="changeme" procedure="INSERT_PACKET_FULL" +# backlog configuration: +# set backlog_memcap to the size of memory that will be +# allocated to store events in memory if data is temporary down +# and insert them when the database came back. +#backlog_memcap=1000000 +# number of events to insert at once when backlog is not empty +#backlog_oneshot_requests=10 [mysql2] db="nulog" @@ -225,6 +231,18 @@ table="ulog" #schema="public" pass="changeme" procedure="INSERT_PACKET_FULL" +# connstring can be used to define PostgreSQL connection string which +# contains all parameters of the connection. If set, this value has +# precedence on other variables used to build the connection string. +# See http://www.postgresql.org/docs/9.2/static/libpq-connect.html#LIBPQ-CONNSTRING +# for a complete description of options. +#connstring="host=localhost port=4321 dbname=nulog user=nupik password=changeme" +#backlog_memcap=1000000 +#backlog_oneshot_requests=10 +# If superior to 1 a thread dedicated to SQL request execution +# is created. The value stores the number of SQL request to keep +# in the ring buffer +#ring_buffer_size=1000 [pgsql2] db="nulog" @@ -277,6 +295,7 @@ facility=LOG_LOCAL2 [nacct1] sync = 1 +#file = /var/log/ulogd/ulogd_nacct.log [mark1] mark = 1 diff --git a/config-archive/etc/ulogd.conf.1 b/config-archive/etc/ulogd.conf.1 index ae01bd2..599d49b 100644 --- a/config-archive/etc/ulogd.conf.1 +++ b/config-archive/etc/ulogd.conf.1 @@ -11,7 +11,7 @@ # logfile for status messages logfile="/var/log/ulogd/daemon.log" -# loglevel: debug(1), info(3), notice(5), error(7) or fatal(8) +# loglevel: debug(1), info(3), notice(5), error(7) or fatal(8) (default 5) loglevel=3 ###################################################################### @@ -27,24 +27,29 @@ loglevel=3 plugin="/usr/lib64/ulogd/ulogd_inppkt_NFLOG.so" plugin="/usr/lib64/ulogd/ulogd_inppkt_ULOG.so" +#plugin="/usr/lib64/ulogd/ulogd_inppkt_UNIXSOCK.so" plugin="/usr/lib64/ulogd/ulogd_inpflow_NFCT.so" plugin="/usr/lib64/ulogd/ulogd_filter_IFINDEX.so" plugin="/usr/lib64/ulogd/ulogd_filter_IP2STR.so" plugin="/usr/lib64/ulogd/ulogd_filter_IP2BIN.so" +#plugin="/usr/lib64/ulogd/ulogd_filter_IP2HBIN.so" plugin="/usr/lib64/ulogd/ulogd_filter_PRINTPKT.so" plugin="/usr/lib64/ulogd/ulogd_filter_HWHDR.so" plugin="/usr/lib64/ulogd/ulogd_filter_PRINTFLOW.so" #plugin="/usr/lib64/ulogd/ulogd_filter_MARK.so" plugin="/usr/lib64/ulogd/ulogd_output_LOGEMU.so" -#plugin="/usr/lib64/ulogd/ulogd_output_SYSLOG.so" -#plugin="/usr/lib64/ulogd/ulogd_output_XML.so" -#plugin="/usr/lib64/ulogd/ulogd_output_OPRINT.so" +plugin="/usr/lib64/ulogd/ulogd_output_SYSLOG.so" +plugin="/usr/lib64/ulogd/ulogd_output_XML.so" +#plugin="/usr/lib64/ulogd/ulogd_output_SQLITE3.so" +plugin="/usr/lib64/ulogd/ulogd_output_GPRINT.so" #plugin="/usr/lib64/ulogd/ulogd_output_NACCT.so" #plugin="/usr/lib64/ulogd/ulogd_output_PCAP.so" #plugin="/usr/lib64/ulogd/ulogd_output_PGSQL.so" #plugin="/usr/lib64/ulogd/ulogd_output_MYSQL.so" #plugin="/usr/lib64/ulogd/ulogd_output_DBI.so" plugin="/usr/lib64/ulogd/ulogd_raw2packet_BASE.so" +plugin="/usr/lib64/ulogd/ulogd_inpflow_NFACCT.so" +plugin="/usr/lib64/ulogd/ulogd_output_GRAPHITE.so" # this is a stack for logging packet send by system via LOGEMU stack=log1:NFLOG,base1:BASE,ifi1:IFINDEX,ip2str1:IP2STR,print1:PRINTPKT,emu1:LOGEMU @@ -58,11 +63,14 @@ stack=ulog1:ULOG,base1:BASE,ip2str1:IP2STR,print1:PRINTPKT,emu1:LOGEMU # this is a stack for packet-based logging via LOGEMU with filtering on MARK #stack=log2:NFLOG,mark1:MARK,base1:BASE,ifi1:IFINDEX,ip2str1:IP2STR,print1:PRINTPKT,emu1:LOGEMU +# this is a stack for packet-based logging via GPRINT +#stack=log1:NFLOG,gp1:GPRINT + # this is a stack for flow-based logging via LOGEMU #stack=ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,emu1:LOGEMU -# this is a stack for flow-based logging via OPRINT -#stack=ct1:NFCT,op1:OPRINT +# this is a stack for flow-based logging via GPRINT +#stack=ct1:NFCT,gp1:GPRINT # this is a stack for flow-based logging via XML #stack=ct1:NFCT,xml1:XML @@ -70,6 +78,12 @@ stack=ulog1:ULOG,base1:BASE,ip2str1:IP2STR,print1:PRINTPKT,emu1:LOGEMU # this is a stack for logging in XML #stack=log1:NFLOG,xml1:XML +# this is a stack for accounting-based logging via XML +#stack=acct1:NFACCT,xml1:XML + +# this is a stack for accounting-based logging to a Graphite server +#stack=acct1:NFACCT,graphite1:GRAPHITE + # this is a stack for NFLOG packet-based logging to PCAP #stack=log2:NFLOG,base1:BASE,pcap1:PCAP @@ -82,6 +96,9 @@ stack=ulog1:ULOG,base1:BASE,ip2str1:IP2STR,print1:PRINTPKT,emu1:LOGEMU # this is a stack for logging packets to syslog after a collect via NFLOG #stack=log3:NFLOG,base1:BASE,ifi1:IFINDEX,ip2str1:IP2STR,print1:PRINTPKT,sys1:SYSLOG +# this is a stack for logging packets to syslog after a collect via NuFW +#stack=nuauth1:UNIXSOCK,base1:BASE,ip2str1:IP2STR,print1:PRINTPKT,sys1:SYSLOG + # this is a stack for flow-based logging to MySQL #stack=ct1:NFCT,ip2bin1:IP2BIN,mysql2:MYSQL @@ -91,19 +108,33 @@ stack=ulog1:ULOG,base1:BASE,ip2str1:IP2STR,print1:PRINTPKT,emu1:LOGEMU # this is a stack for flow-based logging to PGSQL without local hash #stack=ct1:NFCT,ip2str1:IP2STR,pgsql3:PGSQL +# this is a stack for flow-based logging to SQLITE3 +#stack=ct1:NFCT,sqlite3_ct:SQLITE3 + +# this is a stack for logging packet to SQLITE3 +#stack=log1:NFLOG,sqlite3_pkt:SQLITE3 # this is a stack for flow-based logging in NACCT compatible format #stack=ct1:NFCT,ip2str1:IP2STR,nacct1:NACCT +# this is a stack for accounting-based logging via GPRINT +#stack=acct1:NFACCT,gp1:GPRINT + [ct1] #netlink_socket_buffer_size=217088 #netlink_socket_buffer_maxsize=1085440 #netlink_resync_timeout=60 # seconds to wait to perform resynchronization #pollinterval=10 # use poll-based logging instead of event-driven +# If pollinterval is not set, NFCT plugin will work in event mode +# In this case, you can use the following filters on events: +#accept_src_filter=192.168.1.0/24,1:2::/64 # source ip of connection must belong to these networks +#accept_dst_filter=192.168.1.0/24 # destination ip of connection must belong to these networks +#accept_proto_filter=tcp,sctp # layer 4 proto of connections [ct2] #netlink_socket_buffer_size=217088 #netlink_socket_buffer_maxsize=1085440 +#reliable=1 # enable reliable flow-based logging (may drop packets) hash_enable=0 # Logging of system packet through NFLOG @@ -145,20 +176,29 @@ numeric_label=1 # you can label the log info based on the packet verdict nlgroup=1 #numeric_label=0 # optional argument +[nuauth1] +socket_path="/run/nuauth_ulogd2.sock" + [emu1] file="/var/log/ulogd/syslogemu.log" sync=1 [op1] file="/var/log/ulogd/oprint.log" -#file="/var/log/ulogd_oprint.log" sync=1 +[gp1] +file="/var/log/ulogd/gprint.log" +sync=1 +timestamp=1 + [xml1] directory="/var/log/ulogd/" sync=1 [pcap1] +#default file is /var/log/ulogd/ulogd.pcap +#file=/var/log/ulogd/ulogd.pcap sync=1 [mysql1] @@ -173,7 +213,7 @@ procedure="INSERT_PACKET_FULL" db="nulog" host="localhost" user="nupik" -table="ulog" +table="conntrack" pass="changeme" procedure="INSERT_CT" @@ -182,6 +222,7 @@ db="nulog" host="localhost" user="nupik" table="ulog" +#schema="public" pass="changeme" procedure="INSERT_PACKET_FULL" @@ -190,6 +231,7 @@ db="nulog" host="localhost" user="nupik" table="ulog2_ct" +#schema="public" pass="changeme" procedure="INSERT_CT" @@ -198,9 +240,19 @@ db="nulog" host="localhost" user="nupik" table="ulog2_ct" +#schema="public" pass="changeme" procedure="INSERT_OR_REPLACE_CT" +[pgsql4] +db="nulog" +host="localhost" +user="nupik" +table="nfacct" +#schema="public" +pass="changeme" +procedure="INSERT_NFACCT" + [dbi1] db="ulog2" dbtype="pgsql" @@ -210,6 +262,16 @@ table="ulog" pass="ulog2" procedure="INSERT_PACKET_FULL" +[sqlite3_ct] +table="ulog_ct" +db="/var/log/ulogd/ulogd.sqlite3db" +buffer=200 + +[sqlite3_pkt] +table="ulog_pkt" +db="/var/log/ulogd/ulogd.sqlite3db" +buffer=200 + [sys2] facility=LOG_LOCAL2 @@ -218,3 +280,17 @@ sync = 1 [mark1] mark = 1 + +[acct1] +pollinterval = 2 +# If set to 0, we don't reset the counters for each polling (default is 1). +#zerocounter = 0 +# Set timestamp (default is 0, which means not set). This timestamp can be +# interpreted by the output plugin. +#timestamp = 1 + +[graphite1] +host="127.0.0.1" +port="2003" +# Prefix of data name sent to graphite server +prefix="netfilter.nfacct" diff --git a/config-archive/etc/ulogd.conf.2 b/config-archive/etc/ulogd.conf.2 new file mode 100644 index 0000000..ae01bd2 --- /dev/null +++ b/config-archive/etc/ulogd.conf.2 @@ -0,0 +1,220 @@ +# Example configuration for ulogd +# $Id: ulogd.conf,v 1.3 2010/10/12 07:51:44 root Exp $ +# Adapted to Debian by Achilleas Kotsis + +[global] +###################################################################### +# GLOBAL OPTIONS +###################################################################### + + +# logfile for status messages +logfile="/var/log/ulogd/daemon.log" + +# loglevel: debug(1), info(3), notice(5), error(7) or fatal(8) +loglevel=3 + +###################################################################### +# PLUGIN OPTIONS +###################################################################### + +# We have to configure and load all the plugins we want to use + +# general rules: +# 1. load the plugins _first_ from the global section +# 2. options for each plugin in seperate section below + + +plugin="/usr/lib64/ulogd/ulogd_inppkt_NFLOG.so" +plugin="/usr/lib64/ulogd/ulogd_inppkt_ULOG.so" +plugin="/usr/lib64/ulogd/ulogd_inpflow_NFCT.so" +plugin="/usr/lib64/ulogd/ulogd_filter_IFINDEX.so" +plugin="/usr/lib64/ulogd/ulogd_filter_IP2STR.so" +plugin="/usr/lib64/ulogd/ulogd_filter_IP2BIN.so" +plugin="/usr/lib64/ulogd/ulogd_filter_PRINTPKT.so" +plugin="/usr/lib64/ulogd/ulogd_filter_HWHDR.so" +plugin="/usr/lib64/ulogd/ulogd_filter_PRINTFLOW.so" +#plugin="/usr/lib64/ulogd/ulogd_filter_MARK.so" +plugin="/usr/lib64/ulogd/ulogd_output_LOGEMU.so" +#plugin="/usr/lib64/ulogd/ulogd_output_SYSLOG.so" +#plugin="/usr/lib64/ulogd/ulogd_output_XML.so" +#plugin="/usr/lib64/ulogd/ulogd_output_OPRINT.so" +#plugin="/usr/lib64/ulogd/ulogd_output_NACCT.so" +#plugin="/usr/lib64/ulogd/ulogd_output_PCAP.so" +#plugin="/usr/lib64/ulogd/ulogd_output_PGSQL.so" +#plugin="/usr/lib64/ulogd/ulogd_output_MYSQL.so" +#plugin="/usr/lib64/ulogd/ulogd_output_DBI.so" +plugin="/usr/lib64/ulogd/ulogd_raw2packet_BASE.so" + +# this is a stack for logging packet send by system via LOGEMU +stack=log1:NFLOG,base1:BASE,ifi1:IFINDEX,ip2str1:IP2STR,print1:PRINTPKT,emu1:LOGEMU + +# this is a stack for packet-based logging via LOGEMU +stack=log2:NFLOG,base1:BASE,ifi1:IFINDEX,ip2str1:IP2STR,print1:PRINTPKT,emu1:LOGEMU + +# this is a stack for ULOG packet-based logging via LOGEMU +stack=ulog1:ULOG,base1:BASE,ip2str1:IP2STR,print1:PRINTPKT,emu1:LOGEMU + +# this is a stack for packet-based logging via LOGEMU with filtering on MARK +#stack=log2:NFLOG,mark1:MARK,base1:BASE,ifi1:IFINDEX,ip2str1:IP2STR,print1:PRINTPKT,emu1:LOGEMU + +# this is a stack for flow-based logging via LOGEMU +#stack=ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,emu1:LOGEMU + +# this is a stack for flow-based logging via OPRINT +#stack=ct1:NFCT,op1:OPRINT + +# this is a stack for flow-based logging via XML +#stack=ct1:NFCT,xml1:XML + +# this is a stack for logging in XML +#stack=log1:NFLOG,xml1:XML + +# this is a stack for NFLOG packet-based logging to PCAP +#stack=log2:NFLOG,base1:BASE,pcap1:PCAP + +# this is a stack for logging packet to MySQL +#stack=log2:NFLOG,base1:BASE,ifi1:IFINDEX,ip2bin1:IP2BIN,mac2str1:HWHDR,mysql1:MYSQL + +# this is a stack for logging packet to PGsql after a collect via NFLOG +#stack=log2:NFLOG,base1:BASE,ifi1:IFINDEX,ip2str1:IP2STR,mac2str1:HWHDR,pgsql1:PGSQL + +# this is a stack for logging packets to syslog after a collect via NFLOG +#stack=log3:NFLOG,base1:BASE,ifi1:IFINDEX,ip2str1:IP2STR,print1:PRINTPKT,sys1:SYSLOG + +# this is a stack for flow-based logging to MySQL +#stack=ct1:NFCT,ip2bin1:IP2BIN,mysql2:MYSQL + +# this is a stack for flow-based logging to PGSQL +#stack=ct1:NFCT,ip2str1:IP2STR,pgsql2:PGSQL + +# this is a stack for flow-based logging to PGSQL without local hash +#stack=ct1:NFCT,ip2str1:IP2STR,pgsql3:PGSQL + + +# this is a stack for flow-based logging in NACCT compatible format +#stack=ct1:NFCT,ip2str1:IP2STR,nacct1:NACCT + +[ct1] +#netlink_socket_buffer_size=217088 +#netlink_socket_buffer_maxsize=1085440 +#netlink_resync_timeout=60 # seconds to wait to perform resynchronization +#pollinterval=10 # use poll-based logging instead of event-driven + +[ct2] +#netlink_socket_buffer_size=217088 +#netlink_socket_buffer_maxsize=1085440 +hash_enable=0 + +# Logging of system packet through NFLOG +[log1] +# netlink multicast group (the same as the iptables --nflog-group param) +# Group O is used by the kernel to log connection tracking invalid message +group=0 +#netlink_socket_buffer_size=217088 +#netlink_socket_buffer_maxsize=1085440 +# set number of packet to queue inside kernel +#netlink_qthreshold=1 +# set the delay before flushing packet in the queue inside kernel (in 10ms) +#netlink_qtimeout=100 + +# packet logging through NFLOG for group 1 +[log2] +# netlink multicast group (the same as the iptables --nflog-group param) +group=1 # Group has to be different from the one use in log1 +#netlink_socket_buffer_size=217088 +#netlink_socket_buffer_maxsize=1085440 +# If your kernel is older than 2.6.29 and if a NFLOG input plugin with +# group 0 is not used by any stack, you need to have at least one NFLOG +# input plugin with bind set to 1. If you don't do that you may not +# receive any message from the kernel. +#bind=1 + +# packet logging through NFLOG for group 2, numeric_label is +# set to 1 +[log3] +# netlink multicast group (the same as the iptables --nflog-group param) +group=2 # Group has to be different from the one use in log1/log2 +numeric_label=1 # you can label the log info based on the packet verdict +#netlink_socket_buffer_size=217088 +#netlink_socket_buffer_maxsize=1085440 +#bind=1 + +[ulog1] +# netlink multicast group (the same as the iptables --ulog-nlgroup param) +nlgroup=1 +#numeric_label=0 # optional argument + +[emu1] +file="/var/log/ulogd/syslogemu.log" +sync=1 + +[op1] +file="/var/log/ulogd/oprint.log" +#file="/var/log/ulogd_oprint.log" +sync=1 + +[xml1] +directory="/var/log/ulogd/" +sync=1 + +[pcap1] +sync=1 + +[mysql1] +db="nulog" +host="localhost" +user="nupik" +table="ulog" +pass="changeme" +procedure="INSERT_PACKET_FULL" + +[mysql2] +db="nulog" +host="localhost" +user="nupik" +table="ulog" +pass="changeme" +procedure="INSERT_CT" + +[pgsql1] +db="nulog" +host="localhost" +user="nupik" +table="ulog" +pass="changeme" +procedure="INSERT_PACKET_FULL" + +[pgsql2] +db="nulog" +host="localhost" +user="nupik" +table="ulog2_ct" +pass="changeme" +procedure="INSERT_CT" + +[pgsql3] +db="nulog" +host="localhost" +user="nupik" +table="ulog2_ct" +pass="changeme" +procedure="INSERT_OR_REPLACE_CT" + +[dbi1] +db="ulog2" +dbtype="pgsql" +host="localhost" +user="ulog2" +table="ulog" +pass="ulog2" +procedure="INSERT_PACKET_FULL" + +[sys2] +facility=LOG_LOCAL2 + +[nacct1] +sync = 1 + +[mark1] +mark = 1 diff --git a/config-archive/etc/ulogd.conf.dist b/config-archive/etc/ulogd.conf.dist index b9e0a98..e5aad26 100644 --- a/config-archive/etc/ulogd.conf.dist +++ b/config-archive/etc/ulogd.conf.dist @@ -49,6 +49,7 @@ plugin="/usr/lib64/ulogd/ulogd_output_GPRINT.so" plugin="/usr/lib64/ulogd/ulogd_raw2packet_BASE.so" plugin="/usr/lib64/ulogd/ulogd_inpflow_NFACCT.so" plugin="/usr/lib64/ulogd/ulogd_output_GRAPHITE.so" +#plugin="/usr/lib64/ulogd/ulogd_output_JSON.so" # this is a stack for logging packet send by system via LOGEMU #stack=log1:NFLOG,base1:BASE,ifi1:IFINDEX,ip2str1:IP2STR,print1:PRINTPKT,emu1:LOGEMU @@ -92,6 +93,9 @@ plugin="/usr/lib64/ulogd/ulogd_output_GRAPHITE.so" # this is a stack for logging packet to PGsql after a collect via NFLOG #stack=log2:NFLOG,base1:BASE,ifi1:IFINDEX,ip2str1:IP2STR,mac2str1:HWHDR,pgsql1:PGSQL +# this is a stack for logging packet to JSON formatted file after a collect via NFLOG +#stack=log2:NFLOG,base1:BASE,ifi1:IFINDEX,ip2str1:IP2STR,mac2str1:HWHDR,json1:JSON + # this is a stack for logging packets to syslog after a collect via NFLOG #stack=log3:NFLOG,base1:BASE,ifi1:IFINDEX,ip2str1:IP2STR,print1:PRINTPKT,sys1:SYSLOG @@ -195,6 +199,17 @@ timestamp=1 directory="/var/log/ulogd/" sync=1 +[json1] +sync=1 +#file="/var/log/ulogd/ulogd.json" +#timestamp=0 +# device name to be used in JSON message +#device="My awesome Netfilter firewall" +# If boolean_label is set to 1 then the numeric_label put on packet +# by the input plugin is coding the action on packet: if 0, then +# packet has been blocked and if non null it has been accepted. +#boolean_label=1 + [pcap1] #default file is /var/log/ulogd/ulogd.pcap #file="/var/log/ulogd/ulogd.pcap" diff --git a/cups/cups-files.conf b/cups/cups-files.conf index e5f876e..9cbbad8 100644 --- a/cups/cups-files.conf +++ b/cups/cups-files.conf @@ -1,7 +1,5 @@ # -# "$Id: cups-files.conf.in 11201 2013-07-26 21:27:27Z msweet $" -# -# Sample file/directory/user/group configuration file for the CUPS scheduler. +# File/directory/user/group configuration file for the CUPS scheduler. # See "man cups-files.conf" for a complete description of this file. # @@ -17,6 +15,7 @@ #Group lp # Administrator user group, used to match @SYSTEM in cupsd.conf policy rules... +# This cannot contain the Group value for security reasons... SystemGroup lpadmin @@ -54,7 +53,7 @@ ErrorLog /var/log/cups/error_log #FontPath /usr/share/cups/fonts # Location of LPD configuration -#LPDConfigFile +#LPDConfigFile xinetd:///etc/xinetd.d/cups-lpd # Location of the file logging all pages printed by the scheduler and any # helper programs; may be the name "syslog". If not an absolute path, the value @@ -95,7 +94,3 @@ PageLog /var/log/cups/page_log # scheduler startup and cannot be one of the standard (public) temporary # directory locations for security reasons... #TempDir /var/spool/cups/tmp - -# -# End of "$Id: cups-files.conf.in 11201 2013-07-26 21:27:27Z msweet $". -# diff --git a/cups/cupsd.conf b/cups/cupsd.conf index 1ab109c..3d477a8 100644 --- a/cups/cupsd.conf +++ b/cups/cupsd.conf @@ -1,13 +1,12 @@ # -# "$Id: cupsd.conf.in 11025 2013-06-07 01:00:33Z msweet $" -# -# Sample configuration file for the CUPS scheduler. See "man cupsd.conf" for a +# Configuration file for the CUPS scheduler. See "man cupsd.conf" for a # complete description of this file. # # Log general information in error_log - change "warn" to "debug" # for troubleshooting... LogLevel warn +PageLogFormat # Only listen for connections from the local machine. Listen localhost:631 @@ -128,7 +127,3 @@ WebInterface Yes Order deny,allow - -# -# End of "$Id: cupsd.conf.in 11025 2013-06-07 01:00:33Z msweet $". -# diff --git a/cups/snmp.conf b/cups/snmp.conf index a672a80..a7d1e3b 100644 --- a/cups/snmp.conf +++ b/cups/snmp.conf @@ -1,13 +1,7 @@ # -# "$Id: snmp.conf.in 11025 2013-06-07 01:00:33Z msweet $" -# -# Sample SNMP configuration file for CUPS. See "man cups-snmp.conf" for a -# complete description of this file. +# SNMP configuration file for CUPS. See "man cups-snmp.conf" for a complete +# description of this file. # Address @LOCAL Community public - -# -# End of "$Id: snmp.conf.in 11025 2013-06-07 01:00:33Z msweet $". -# diff --git a/init.d/bootmisc b/init.d/bootmisc index d77c720..b079817 100755 --- a/init.d/bootmisc +++ b/init.d/bootmisc @@ -1,4 +1,4 @@ -#!/sbin/runscript +#!/sbin/openrc-run # Copyright (c) 2007-2009 Roy Marples # Released under the 2-clause BSD license. @@ -6,7 +6,7 @@ depend() { need localmount before logger - after clock sysctl + after clock root sysctl keyword -prefix -timeout } @@ -68,7 +68,7 @@ cleanup_var_run_dir() do # Clean stale sockets if [ -S "$x" ]; then - if type fuser >/dev/null 2>&1; then + if command -v fuser >/dev/null 2>&1; then fuser "$x" >/dev/null 2>&1 || rm -- "$x" else rm -- "$x" @@ -117,7 +117,7 @@ migrate_to_run() clean_run() { - [ "$RC_SYS" = VSERVER ] && return 0 + [ "$RC_SYS" = VSERVER -o "$RC_SYS" = LXC ] && return 0 local dir dir=$(mktemp -d) mount --bind / $dir @@ -129,7 +129,9 @@ clean_run() start() { # Remove any added console dirs - rm -rf "$RC_LIBEXECDIR"/console/* + if checkpath -W "$RC_LIBEXECDIR"; then + rm -rf "$RC_LIBEXECDIR"/console/* + fi local logw=false runw=false extra= # Ensure that our basic dirs exist diff --git a/init.d/consolefont b/init.d/consolefont index 2ef35e7..47bf2a4 100755 --- a/init.d/consolefont +++ b/init.d/consolefont @@ -1,4 +1,4 @@ -#!/sbin/runscript +#!/sbin/openrc-run # Copyright (c) 2007-2009 Roy Marples # Released under the 2-clause BSD license. diff --git a/init.d/devfs b/init.d/devfs index 4a6a7e8..6edcbe2 100755 --- a/init.d/devfs +++ b/init.d/devfs @@ -1,21 +1,86 @@ -#!/sbin/runscript +#!/sbin/openrc-run # Copyright (c) 2007-2008 Roy Marples # Released under the 2-clause BSD license. -description="Mount system critical filesystems in /dev." +description="Set up the /dev directory" -depend() { - use dev-mount +depend() +{ + provide dev-mount before dev keyword -prefix -vserver -lxc } -start() { - # Mount required stuff as user may not have then in /etc/fstab +mount_dev() +{ + local action=--mount devfstype msg=Mounting + # Some devices require exec, Bug #92921 + local mountopts="exec,nosuid,mode=0755" + if yesno ${skip_mount_dev:-no} ; then + einfo "/dev will not be mounted due to user request" + return 0 + fi + if mountinfo -q /dev; then + action=--remount + mountopts="remount,$mountopts" + msg=Remounting + fi + if fstabinfo -q /dev; then + ebegin "$msg /dev according to /etc/fstab" + fstabinfo -q $action /dev + eend $? + return 0 + fi + if grep -q devtmpfs /proc/filesystems; then + devfstype=devtmpfs + mountopts="$mountopts,size=10M" + elif grep -q tmpfs /proc/filesystems; then + devfstype=tmpfs + mountopts="$mountopts,size=10M" + fi + if [ -n "$devfstype" ]; then + ebegin "$msg $devfstype on /dev" + mount -n -t $devfstype -o $mountopts dev /dev + eend $? + else + ewarn "This kernel does not have devtmpfs or tmpfs support, and there" + ewarn "is no entry for /dev in fstab." + ewarn "This means /dev will not be mounted." + ewarn "To avoid this message, set CONFIG_DEVTMPFS or CONFIG_TMPFS to y" + ewarn "in your kernel configuration or see /etc/conf.d/devfs" + fi + return 0 +} + +seed_dev() +{ + # Seed /dev with some things that we know we need + + # creating /dev/console, /dev/tty and /dev/tty1 to be able to write + # to $CONSOLE with/without bootsplash before udevd creates it + [ -c /dev/console ] || mknod -m 600 /dev/console c 5 1 + [ -c /dev/tty1 ] || mknod -m 620 /dev/tty1 c 4 1 + [ -c /dev/tty ] || mknod -m 666 /dev/tty c 5 0 + + # udevd will dup its stdin/stdout/stderr to /dev/null + # and we do not want a file which gets buffered in ram + [ -c /dev/null ] || mknod -m 666 /dev/null c 1 3 + + # so udev can add its start-message to dmesg + [ -c /dev/kmsg ] || mknod -m 660 /dev/kmsg c 1 11 + + # extra symbolic links not provided by default + [ -e /dev/fd ] || ln -snf /proc/self/fd /dev/fd + [ -e /dev/stdin ] || ln -snf /proc/self/fd/0 /dev/stdin + [ -e /dev/stdout ] || ln -snf /proc/self/fd/1 /dev/stdout + [ -e /dev/stderr ] || ln -snf /proc/self/fd/2 /dev/stderr + [ -e /proc/kcore ] && ln -snf /proc/kcore /dev/core + + # Mount required directories as user may not have them in /etc/fstab for x in \ "mqueue /dev/mqueue 1777 ,nodev mqueue" \ "devpts /dev/pts 0755 ,gid=5,mode=0620 devpts" \ - "tmpfs /dev/shm 1777 ,nodev shm" \ + "tmpfs /dev/shm 1777 ,nodev,mode=1777 shm" \ ; do set -- $x grep -Eq "[[:space:]]+$1$" /proc/filesystems || continue @@ -34,5 +99,23 @@ start() { eend $? fi done +} + +restorecon_dev() +{ + if [ -x /sbin/restorecon ]; then + ebegin "Restoring SELinux contexts in /dev" + restorecon -rF /dev >/dev/null 2>&1 + eend $? + fi + + return 0 +} + +start() +{ + mount_dev + seed_dev + restorecon_dev return 0 } diff --git a/init.d/dmesg b/init.d/dmesg index a4083d0..98c2c43 100755 --- a/init.d/dmesg +++ b/init.d/dmesg @@ -1,4 +1,4 @@ -#!/sbin/runscript +#!/sbin/openrc-run # Copyright (c) 2007-2008 Roy Marples # Released under the 2-clause BSD license. diff --git a/init.d/fsck b/init.d/fsck index c2e883d..0130376 100755 --- a/init.d/fsck +++ b/init.d/fsck @@ -1,4 +1,4 @@ -#!/sbin/runscript +#!/sbin/openrc-run # Copyright (c) 2007-2009 Roy Marples # Released under the 2-clause BSD license. diff --git a/init.d/hostname b/init.d/hostname index fb6260f..7d2a2d9 100755 --- a/init.d/hostname +++ b/init.d/hostname @@ -1,4 +1,4 @@ -#!/sbin/runscript +#!/sbin/openrc-run # Copyright (c) 2007-2009 Roy Marples # Released under the 2-clause BSD license. diff --git a/init.d/hwclock b/init.d/hwclock index 651590d..bc6aff9 100755 --- a/init.d/hwclock +++ b/init.d/hwclock @@ -1,4 +1,4 @@ -#!/sbin/runscript +#!/sbin/openrc-run # Copyright (c) 2007-2008 Roy Marples # Released under the 2-clause BSD license. @@ -83,22 +83,17 @@ start() fi fi + # Always set the kernel's time zone. + _hwclock --systz $utc_cmd $clock_args + : $(( retval += $? )) + if [ -e /etc/adjtime ] && yesno $clock_adjfile; then _hwclock --adjust $utc_cmd : $(( retval += $? )) fi - # If setting UTC, don't bother to run hwclock when first booting - # as that's the default - if [ "$PREVLEVEL" != N -o \ - "$utc_cmd" != --utc -o \ - -n "$clock_args" ]; - then - if yesno ${clock_hctosys:-YES}; then - _hwclock --hctosys $utc_cmd $clock_args - else - _hwclock --systz $utc_cmd $clock_args - fi + if yesno ${clock_hctosys:-YES}; then + _hwclock --hctosys $utc_cmd $clock_args : $(( retval += $? )) fi diff --git a/init.d/keymaps b/init.d/keymaps index 507424b..0cadd7d 100755 --- a/init.d/keymaps +++ b/init.d/keymaps @@ -1,4 +1,4 @@ -#!/sbin/runscript +#!/sbin/openrc-run # Copyright (c) 2007-2008 Roy Marples # Released under the 2-clause BSD license. diff --git a/init.d/killprocs b/init.d/killprocs index 5552b97..f07de69 100755 --- a/init.d/killprocs +++ b/init.d/killprocs @@ -1,4 +1,4 @@ -#!/sbin/runscript +#!/sbin/openrc-run # Copyright (c) 2007-2008 Roy Marples # Released under the 2-clause BSD license. diff --git a/init.d/local b/init.d/local index 6e4ddbf..c65e01e 100755 --- a/init.d/local +++ b/init.d/local @@ -1,4 +1,4 @@ -#!/sbin/runscript +#!/sbin/openrc-run # Copyright (c) 2007-2008 Roy Marples # Released under the 2-clause BSD license. @@ -12,40 +12,73 @@ depend() start() { - einfo "Starting local" + ebegin "Starting local" - local file - for file in /etc/local.d/*.start ; do - [ -x "$file" ] && "$file" + local file has_errors=0 retval + eindent + for file in /etc/local.d/*.start; do + if [ -x "${file}" ]; then + vebegin "Executing \"${file}\"" + "${file}" 2>&1 >/dev/null + retval=$? + if [ ${retval} -ne 0 ]; then + has_errors=1 + fi + veend ${retval} "Execution of \"${file}\" failed." + fi done + eoutdent - if type local_start >/dev/null 2>&1; then - ewarn "/etc/conf.d/local should be removed." + if command -v local_start >/dev/null 2>&1; then + ewarn "\"/etc/conf.d/local\" should be removed." ewarn "Please move the code from the local_start function" - ewarn "to scripts with an .start extension" - ewarn "in /etc/local.d" + ewarn "to executable scripts with an .start extension" + ewarn "in \"/etc/local.d\"" local_start fi - eend 0 + eend ${has_errors} + + # We have to end with a zero exit code, because a failed execution + # of an executable /etc/local.d/*.start file shouldn't result in + # marking the local service as failed. Otherwise we are unable to + # execute any executable /etc/local.d/*.stop file, because a failed + # marked service cannot be stopped (and the stop function would + # actually call the executable /etc/local.d/*.stop file(s)). + return 0 } stop() { - einfo "Stopping local" + ebegin "Stopping local" - local file + local file has_errors=0 retval + eindent for file in /etc/local.d/*.stop; do - [ -x "$file" ] && "$file" + if [ -x "${file}" ]; then + vebegin "Executing \"${file}\"" + "${file}" 2>&1 >/dev/null + retval=$? + if [ ${retval} -ne 0 ]; then + has_errors=1 + fi + veend ${retval} "Execution of \"${file}\" failed." + fi done + eoutdent - if type local_start >/dev/null 2>&1; then - ewarn "/etc/conf.d/local should be removed." + if command -v local_stop >/dev/null 2>&1; then + ewarn "\"/etc/conf.d/local\" should be removed." ewarn "Please move the code from the local_stop function" - ewarn "to scripts with an .stop extension" - ewarn "in /etc/local.d" + ewarn "to executable scripts with an .stop extension" + ewarn "in \"/etc/local.d\"" local_stop fi - eend 0 + eend ${has_errors} + + # An executable /etc/local.d/*.stop file which failed with a + # non-zero exit status is not a reason to mark this service + # as failed, therefore we have to end with a zero exit code. + return 0 } diff --git a/init.d/localmount b/init.d/localmount index 7974765..89f4008 100755 --- a/init.d/localmount +++ b/init.d/localmount @@ -1,4 +1,4 @@ -#!/sbin/runscript +#!/sbin/openrc-run # Copyright (c) 2007-2009 Roy Marples # Released under the 2-clause BSD license. @@ -59,10 +59,35 @@ stop() no_umounts_r="^($no_umounts_r)$" # Flush all pending disk writes now - sync; sync + sync . "$RC_LIBEXECDIR"/sh/rc-mount.sh + if [ "$RC_UNAME" = Linux ] && [ -d /sys/fs/aufs ] ; then + #if / is aufs we remount it noxino during shutdown + if mountinfo -q -f '^aufs$' / ; then + mount -o remount,noxino,rw / + sync + fi + + local aufs_branch aufs_mount_dir aufs_mount_point aufs_si_dir aufs_si_id + for aufs_si_dir in /sys/fs/aufs/*; do + aufs_mount_dir=${aufs_si_dir#/sys/fs/aufs/} + aufs_si_id="$(printf "%s" $aufs_mount_dir | sed 's/_/=/g')" + aufs_mount_point="$(mountinfo -o ${aufs_si_id})" + for x in $aufs_si_dir/br[0-9][0-9][0-9]; do + aufs_branch=$(sed 's/=.*//g' $x) + eindent + if ! mount -o "remount,del:$aufs_branch" "$aufs_mount_point" > /dev/null 2>&1; then + ewarn "Failed to remove branch $aufs_branch from aufs \ + $aufs_mount_point" + fi + eoutdent + sync + done + done + fi + # Umount loop devices einfo "Unmounting loop devices" eindent diff --git a/init.d/loopback b/init.d/loopback index 4c7e6e1..a80a54c 100755 --- a/init.d/loopback +++ b/init.d/loopback @@ -1,4 +1,4 @@ -#!/sbin/runscript +#!/sbin/openrc-run # Copyright (c) 2013 William Hubbs # Released under the 2-clause BSD license. @@ -13,7 +13,7 @@ start() { if [ "$RC_UNAME" = Linux ]; then ebegin "Bringing up network interface lo" - if type ip > /dev/null 2>&1; then + if command -v ip > /dev/null 2>&1; then ip addr add 127.0.0.1/8 dev lo brd + scope host ip route add 127.0.0.0/8 dev lo scope host ip link set lo up diff --git a/init.d/modules b/init.d/modules index 17f60ce..15f98b0 100755 --- a/init.d/modules +++ b/init.d/modules @@ -1,4 +1,4 @@ -#!/sbin/runscript +#!/sbin/openrc-run # Copyright (c) 2007-2009 Roy Marples # Released under the 2-clause BSD license. diff --git a/init.d/mount-ro b/init.d/mount-ro index 69e6483..8a0a23d 100755 --- a/init.d/mount-ro +++ b/init.d/mount-ro @@ -1,4 +1,4 @@ -#!/sbin/runscript +#!/sbin/openrc-run # Copyright (c) 2007-2009 Roy Marples # Released under the 2-clause BSD license. @@ -15,7 +15,7 @@ start() local ret=0 # Flush all pending disk writes now - sync; sync + sync ebegin "Remounting remaining filesystems read-only" # We need the do_unmount function diff --git a/init.d/mtab b/init.d/mtab index 2c04c6b..b67be3a 100755 --- a/init.d/mtab +++ b/init.d/mtab @@ -1,4 +1,4 @@ -#!/sbin/runscript +#!/sbin/openrc-run # Copyright (c) 2007-2008 Roy Marples # Released under the 2-clause BSD license. @@ -12,13 +12,16 @@ depend() start() { - if [ -L /etc/mtab ] - then - einfo "Skipping mtab update (mtab is a symbolic link)" + if [ -L /etc/mtab ]; then return 0 fi ebegin "Updating /etc/mtab" + vewarn "The support for updating /etc/mtab as a file is" + vewarn "deprecated and will be removed in the future." + vewarn "Please run the following command as root on your system." + vewarn + vewarn "ln -snf /proc/self/mounts /etc/mtab" if ! echo 2>/dev/null >/etc/mtab; then ewend 1 "/etc/mtab is not updateable" return 0 diff --git a/init.d/netmount b/init.d/netmount index be1a3ba..b085e86 100755 --- a/init.d/netmount +++ b/init.d/netmount @@ -1,11 +1,8 @@ -#!/sbin/runscript +#!/sbin/openrc-run # Copyright (c) 2007-2009 Roy Marples # Released under the 2-clause BSD license. -description="Mounts network shares, other than NFS, according to /etc/fstab." -# We skip all NFS shares in this script because they require extra -# daemons to be running on the client in order to work correctly. -# It is best to allow nfs-utils to handle all nfs shares. +description="Mounts network shares according to /etc/fstab." depend() { @@ -19,11 +16,6 @@ start() { local x= fs= rc= for x in $net_fs_list $extra_net_fs_list; do - case "$x" in - nfs|nfs4) - continue - ;; - esac fs="$fs${fs:+,}$x" done @@ -46,14 +38,7 @@ stop() . "$RC_LIBEXECDIR"/sh/rc-mount.sh for x in $net_fs_list $extra_net_fs_list; do - case "$x" in - nfs|nfs4) - continue - ;; - *) - fs="$fs${fs:+,}$x" - ;; - esac + fs="$fs${fs:+,}$x" done if [ -n "$fs" ]; then umount -at $fs || eerror "Failed to simply unmount filesystems" @@ -62,14 +47,7 @@ stop() eindent fs= for x in $net_fs_list $extra_net_fs_list; do - case "$x" in - nfs|nfs4) - continue - ;; - *) - fs="$fs${fs:+|}$x" - ;; - esac + fs="$fs${fs:+|}$x" done [ -n "$fs" ] && fs="^($fs)$" do_unmount umount ${fs:+--fstype-regex} $fs --netdev diff --git a/init.d/numlock b/init.d/numlock index e354dfd..4f7e830 100755 --- a/init.d/numlock +++ b/init.d/numlock @@ -1,4 +1,4 @@ -#!/sbin/runscript +#!/sbin/openrc-run # Copyright (c) 2007-2009 Roy Marples # Released under the 2-clause BSD license. diff --git a/init.d/procfs b/init.d/procfs index 6efa34f..98145e6 100755 --- a/init.d/procfs +++ b/init.d/procfs @@ -1,4 +1,4 @@ -#!/sbin/runscript +#!/sbin/openrc-run # Copyright (c) 2007-2009 Roy Marples # Released under the 2-clause BSD license. @@ -61,10 +61,10 @@ start() fi # Setup Kernel Support for SELinux - if [ -d /selinux ] && ! mountinfo -q /selinux; then + if [ -d /sys/fs/selinux ] && ! mountinfo -q /sys/fs/selinux; then if grep -qs selinuxfs /proc/filesystems; then ebegin "Mounting SELinux filesystem" - mount -t selinuxfs selinuxfs /selinux + mount -t selinuxfs selinuxfs /sys/fs/selinux eend $? fi fi diff --git a/init.d/root b/init.d/root index 04687c6..d431022 100755 --- a/init.d/root +++ b/init.d/root @@ -1,4 +1,4 @@ -#!/sbin/runscript +#!/sbin/openrc-run # Copyright (c) 2007-2009 Roy Marples # Released under the 2-clause BSD license. diff --git a/init.d/savecache b/init.d/savecache index 5e59b25..3eed432 100755 --- a/init.d/savecache +++ b/init.d/savecache @@ -1,4 +1,4 @@ -#!/sbin/runscript +#!/sbin/openrc-run # Copyright (c) 2007-2009 Roy Marples # Released under the 2-clause BSD license. @@ -13,8 +13,8 @@ start() return 1 fi fi - if ! checkpath -W "$RC_LIBEXECDIR"; then - ewarn "WARNING: ${RC_LIBEXECDIR} is not writable!" + if ! checkpath -W "$RC_LIBEXECDIR"/cache; then + ewarn "WARNING: ${RC_LIBEXECDIR}/cache is not writable!" if ! yesno "${RC_GOINGDOWN}"; then ewarn "Unable to save deptree cache" return 1 diff --git a/init.d/swap b/init.d/swap index 309d37b..5d68dd9 100755 --- a/init.d/swap +++ b/init.d/swap @@ -1,4 +1,4 @@ -#!/sbin/runscript +#!/sbin/openrc-run # Copyright (c) 2007-2009 Roy Marples # Released under the 2-clause BSD license. diff --git a/init.d/swapfiles b/init.d/swapfiles index 8a851fa..754ae1d 100755 --- a/init.d/swapfiles +++ b/init.d/swapfiles @@ -1,4 +1,4 @@ -#!/sbin/runscript +#!/sbin/openrc-run # Copyright (c) 2007-2009 Roy Marples # Released under the 2-clause BSD license. diff --git a/init.d/swclock b/init.d/swclock index ba9cd3d..b43819b 100755 --- a/init.d/swclock +++ b/init.d/swclock @@ -1,4 +1,4 @@ -#!/sbin/runscript +#!/sbin/openrc-run # Copyright (c) 2009 Roy Marples # Released under the 2-clause BSD license. @@ -17,7 +17,7 @@ start() { ebegin "Setting the local clock based on last shutdown time" if ! swclock 2> /dev/null; then - swclock --warn /sbin/runscript + swclock --warn /sbin/openrc-run fi eend $? } diff --git a/init.d/sysctl b/init.d/sysctl index b94dcc4..5a4159c 100755 --- a/init.d/sysctl +++ b/init.d/sysctl @@ -1,34 +1,16 @@ -#!/sbin/runscript +#!/sbin/openrc-run # Copyright (c) 2007-2008 Roy Marples # Released under the 2-clause BSD license. depend() { before bootmisc logger - keyword -lxc -prefix -vserver + keyword -prefix -vserver } start() { - local conf= retval=0 err errs - ebegin "Configuring kernel parameters" - eindent - - for conf in /etc/sysctl.conf /etc/sysctl.d/*.conf; do - if [ -r "$conf" ]; then - vebegin "applying $conf" - if ! err=$(sysctl -p "$conf" 2>&1 >/dev/null) ; then - errs="${errs} ${err}" - sysctl -e -p "${conf}" >/dev/null - fi - veend $? || retval=1 - fi - done - - eoutdent - if [ ${retval} -eq 0 ] && [ -n "${errs}" ] ; then - ewarn "Unknown keys:${errs}" - fi - eend $retval "Some errors were encountered: ${errs}" + sysctl --system + eend $? "Unable to configure some kernel parameters" } diff --git a/init.d/sysfs b/init.d/sysfs index ec88c6d..0f84bfb 100755 --- a/init.d/sysfs +++ b/init.d/sysfs @@ -1,4 +1,4 @@ -#!/sbin/runscript +#!/sbin/openrc-run # Copyright (c) 2007-2009 Roy Marples # Released under the 2-clause BSD license. @@ -99,19 +99,22 @@ mount_misc() mount_cgroups() { - mountinfo -q /sys/fs/cgroup || return 0 - - local agent="/lib64/rc/sh/cgroup-release-agent.sh" - mkdir /sys/fs/cgroup/openrc - mount -n -t cgroup \ - -o none,${sysfs_opts},name=openrc,release_agent="$agent" \ - openrc /sys/fs/cgroup/openrc - echo 1 > /sys/fs/cgroup/openrc/notify_on_release + mountinfo -q /sys/fs/cgroup || return 0 + + if ! mountinfo -q /sys/fs/cgroup/openrc; then + local agent="/lib64/rc/sh/cgroup-release-agent.sh" + mkdir /sys/fs/cgroup/openrc + mount -n -t cgroup \ + -o none,${sysfs_opts},name=openrc,release_agent="$agent" \ + openrc /sys/fs/cgroup/openrc + echo 1 > /sys/fs/cgroup/openrc/notify_on_release + fi yesno ${rc_controller_cgroups:-YES} && [ -e /proc/cgroups ] || return 0 while read name hier groups enabled rest; do case "${enabled}" in - 1) mkdir /sys/fs/cgroup/${name} + 1) mountinfo -q /sys/fs/cgroup/${name} && continue + mkdir /sys/fs/cgroup/${name} mount -n -t cgroup -o ${sysfs_opts},${name} \ ${name} /sys/fs/cgroup/${name} ;; @@ -119,18 +122,21 @@ mount_cgroups() done < /proc/cgroups } +restorecon_sys() +{ + if [ -x /sbin/restorecon ]; then + ebegin "Restoring SELinux contexts in /sys" + restorecon -F /sys/devices/system/cpu/online >/dev/null 2>&1 + restorecon -rF /sys/fs/cgroup >/dev/null 2>&1 + eend $? + fi +} + start() { - local retval mount_sys - retval=$? - if [ $retval -eq 0 ]; then - mount_misc - retval=$? - fi - if [ $retval -eq 0 ]; then - mount_cgroups - retval=$? - fi - return $retval + mount_misc + mount_cgroups + restorecon_sys + return 0 } diff --git a/init.d/termencoding b/init.d/termencoding index b949b76..ddd5bb0 100755 --- a/init.d/termencoding +++ b/init.d/termencoding @@ -1,4 +1,4 @@ -#!/sbin/runscript +#!/sbin/openrc-run # Copyright (c) 2008-2009 Roy Marples # Released under the 2-clause BSD license. diff --git a/init.d/tmpfiles.dev b/init.d/tmpfiles.dev index 058980e..06d3a17 100755 --- a/init.d/tmpfiles.dev +++ b/init.d/tmpfiles.dev @@ -1,4 +1,4 @@ -#!/sbin/runscript +#!/sbin/openrc-run # Copyright 1999-2012 Gentoo Foundation # Released under the 2-clause BSD license. @@ -14,8 +14,7 @@ depend() start() { ebegin "setting up tmpfiles.d entries for /dev" - /lib64/rc/sh/tmpfiles.sh --prefix=/dev --create --remove \ - ${tmpfiles_opts} + /lib64/rc/sh/tmpfiles.sh --prefix=/dev --create --boot ${tmpfiles_opts} eend $? return 0 } diff --git a/init.d/tmpfiles.setup b/init.d/tmpfiles.setup index 7772741..18af68e 100755 --- a/init.d/tmpfiles.setup +++ b/init.d/tmpfiles.setup @@ -1,4 +1,4 @@ -#!/sbin/runscript +#!/sbin/openrc-run # Copyright 1999-2012 Gentoo Foundation # Released under the 2-clause BSD license. @@ -12,7 +12,7 @@ depend() start() { ebegin "setting up tmpfiles.d entries" - /lib64/rc/sh/tmpfiles.sh --exclude-prefix=/dev --create --remove \ + /lib64/rc/sh/tmpfiles.sh --exclude-prefix=/dev --create --remove --boot \ ${tmpfiles_opts} eend $? return 0 diff --git a/init.d/udev b/init.d/udev index 0e9abfe..72b2be2 100755 --- a/init.d/udev +++ b/init.d/udev @@ -13,33 +13,34 @@ udevmonitor_pid=/run/udevmonitor.pid depend() { - # we depend on udev-mount explicitly, not dev-mount generic as we don't - # want mdev as a dev-mount provider to come in. provide dev - need sysfs udev-mount + need sysfs dev-mount before checkfs fsck # udev does not work inside vservers keyword -vserver -lxc } -disable_oldnet_hotplug() +start_pre() { - if is_service_enabled network; then - # disable network hotplugging - local d="/run/udev/rules.d" - mkdir -p "${d}" - local f="${d}/90-network.rules" - echo "# This file disables network hotplug events calling" >> "${f}" - echo "# old-style openrc net scripts" >> "${f}" - echo "# as we use /etc/init.d/network to set up our network" >> "${f}" + # make sure devtmpfs is in the kernel + if ! grep -qs devtmpfs /proc/filesystems; then + eerror "CONFIG_DEVTMPFS=y is required in your kernel configuration" + eerror "for this version of udev to run successfully." + eerror "This requires immediate attention." + if ! mountinfo -q /dev; then + mount -n -t tmpfs dev /dev + busybox mdev -s + mkdir /dev/pts + fi + return 1 fi -} -start_pre() -{ - if [ -e /proc/sys/kernel/hotplug ]; then - echo "" >/proc/sys/kernel/hotplug + # make sure /dev is a mounted devtmpfs + if ! mountinfo -q -f devtmpfs /dev; then + eerror "Udev requires /dev to be a mounted devtmpfs." + eerror "Please reconfigure your system." + return 1 fi # load unix domain sockets if built as module, Bug #221253 @@ -51,10 +52,6 @@ start_pre() fi fi - if yesno "${udev_debug:-NO}"; then - command_args="${command_args} --debug 2> /run/udevdebug.log" - fi - bins="/sbin/udevd /lib/systemd/systemd-udevd /usr/lib/systemd/systemd-udevd" for f in ${bins}; do if [ -x "$f" -a ! -L "$f" ]; then @@ -66,21 +63,15 @@ start_pre() return 1 fi - # Need to do this before starting udev so it will load the rules. - disable_oldnet_hotplug - - return 0 -} - -is_service_enabled() -{ - local svc="$1" + if [ -e /proc/sys/kernel/hotplug ]; then + echo "" >/proc/sys/kernel/hotplug + fi - [ ! -e "/etc/init.d/${svc}" ] && return 1 + if yesno "${udev_debug:-NO}"; then + command_args="${command_args} --debug 2> /run/udevdebug.log" + fi - [ -e "/etc/runlevels/${RC_BOOTLEVEL}/${svc}" ] && return 0 - [ -e "/etc/runlevels/${RC_DEFAULTLEVEL}/${svc}" ] && return 0 - return 1 + return 0 } start_udevmonitor() @@ -93,11 +84,28 @@ start_udevmonitor() --background --exec /bin/udevadm -- monitor ${udev_monitor_opts} } +# This is here because some software expects /dev/root to exist. +# For more information, see this bug: +# https://bugs.gentoo.org/show_bug.cgi?id=438380 +dev_root_link() +{ + local RULESDIR=/run/udev/rules.d + [ -d $RULESDIR ] || mkdir -p $RULESDIR + eval $(udevadm info --export --export-prefix=ROOT_ --device-id-of-file=/ || + true) + [ "$ROOT_MAJOR" -a "$ROOT_MINOR" ] || return 0 + + # btrfs filesystems have bogus major/minor numbers + [ "$ROOT_MAJOR" != 0 ] || return 0 + + echo 'ACTION=="add|change", SUBSYSTEM=="block", ENV{MAJOR}=="'$ROOT_MAJOR'", ENV{MINOR}=="'$ROOT_MINOR'", SYMLINK+="root"' > $RULESDIR/61-dev-root-link.rules +} + populate_dev() { if yesno ${rc_dev_root_symlink:-yes}; then ebegin "Generating a rule to create a /dev/root symlink" - /lib/udev/dev-root-link.sh + dev_root_link eend $? fi diff --git a/init.d/udev-mount b/init.d/udev-mount deleted file mode 100755 index a868340..0000000 --- a/init.d/udev-mount +++ /dev/null @@ -1,81 +0,0 @@ -#!/sbin/runscript -# Copyright 1999-2013 Gentoo Foundation -# Distributed under the terms of the GNU General Public License v2 - -description="mount devtmpfs on /dev" - -depend() -{ - provide dev-mount - keyword -vserver -lxc -} - -mount_dev_directory() -{ - local mounted=false fstab=false action=--mount msg=Mounting rc=0 - - if ! grep -qs devtmpfs /proc/filesystems; then - eerror "CONFIG_DEVTMPFS=y is required in your kernel configuration" - eerror "for this version of udev to run successfully." - eerror "This requires immediate attention." - if ! mountinfo -q /dev; then - mount -n -t tmpfs dev /dev - busybox mdev -s - mkdir /dev/pts - fi - return 1 - fi - - # Is /dev already a mounted devtmpfs? - mountinfo -q -f devtmpfs /dev && mounted=true - - # If an entry for /dev exists in fstab it must be a devtmpfs. - fstabinfo -q -t devtmpfs /dev && fstab=true - - # No options are processed here as they should all be in /etc/fstab - if $fstab; then - $mounted && action=--remount && msg=Remounting - ebegin "$msg /dev according to /etc/fstab" - fstabinfo $action /dev - rc=$? - elif ! $mounted; then - ebegin "Mounting /dev" - # Some devices require exec, Bug #92921 - mount -n -t devtmpfs -o "exec,nosuid,mode=0755,size=10M" udev /dev - rc=$? - else - ebegin "Using /dev mounted from kernel" - fi - - eend $rc -} - -seed_dev() -{ - # Seed /dev with some things that we know we need - - # creating /dev/console, /dev/tty and /dev/tty1 to be able to write - # to $CONSOLE with/without bootsplash before udevd creates it - [ -c /dev/console ] || mknod -m 600 /dev/console c 5 1 - [ -c /dev/tty1 ] || mknod -m 620 /dev/tty1 c 4 1 - [ -c /dev/tty ] || mknod -m 666 /dev/tty c 5 0 - - # udevd will dup its stdin/stdout/stderr to /dev/null - # and we do not want a file which gets buffered in ram - [ -c /dev/null ] || mknod -m 666 /dev/null c 1 3 - - # so udev can add its start-message to dmesg - [ -c /dev/kmsg ] || mknod -m 660 /dev/kmsg c 1 11 - - # Create problematic directories - mkdir -p /dev/pts /dev/shm - return 0 -} - -start() -{ - mount_dev_directory || return 1 - - seed_dev - return 0 -} diff --git a/init.d/urandom b/init.d/urandom index 4bfecab..780db12 100755 --- a/init.d/urandom +++ b/init.d/urandom @@ -1,4 +1,4 @@ -#!/sbin/runscript +#!/sbin/openrc-run # Copyright (c) 2007-2009 Roy Marples # Released under the 2-clause BSD license. diff --git a/iproute2/rt_dsfield b/iproute2/rt_dsfield index 496ef66..c0f3679 100644 --- a/iproute2/rt_dsfield +++ b/iproute2/rt_dsfield @@ -1,17 +1,6 @@ -0x00 default -0x10 lowdelay -0x08 throughput -0x04 reliability -# This value overlap with ECT, do not use it! -0x02 mincost -# These values seems do not want to die, Cisco likes them by a strange reason. -0x20 priority -0x40 immediate -0x60 flash -0x80 flash-override -0xa0 critical -0xc0 internet -0xe0 network +# Differentiated field values +# These include the DSCP and unused bits +0x0 default # Newer RFC2597 values 0x28 AF11 0x30 AF12 @@ -25,3 +14,12 @@ 0x88 AF41 0x90 AF42 0x98 AF43 +# Older values RFC2474 +0x20 CS1 +0x40 CS2 +0x60 CS3 +0x80 CS4 +0xA0 CS5 +0xC0 CS6 +0xE0 CS7 +0x5C EF diff --git a/mysql/my.cnf b/mysql/my.cnf index 0fedcb4..6408889 100644 --- a/mysql/my.cnf +++ b/mysql/my.cnf @@ -1,5 +1,5 @@ # /etc/mysql/my.cnf: The global mysql configuration file. -# $Header: /etc/mysql/.rcs/my.cnf,v 1.5 2010/11/30 08:33:13 root Exp $ +# $Header: /var/cvsroot/gentoo-x86/dev-db/mysql/files/my.cnf-5.6,v 1.1 2014/10/08 16:42:41 grknight Exp $ # The following options will be passed to all MySQL clients [client] @@ -55,14 +55,16 @@ datadir = /var/lib/mysql skip-external-locking key_buffer = 32M max_allowed_packet = 4M -table_cache = 64 +table_open_cache = 400 sort_buffer_size = 2M net_buffer_length = 8K read_buffer_size = 2M read_rnd_buffer_size = 4M myisam_sort_buffer_size = 32M #language = /usr/share/mysql/english -language = /usr/share/mysql/german +#language = /usr/share/mysql/german +lc_messages_dir = /usr/share/mysql +lc_messages = de_DE # security: # using "localhost" in connects uses sockets by default @@ -87,7 +89,7 @@ tmpdir = /tmp/ #log-update = /path-to-dedicated-directory/hostname # you need the debug USE flag enabled to use the following directives, -# if needed, uncomment them, start the server and issue +# if needed, uncomment them, start the server and issue # #tail -f /tmp/mysqld.sql /tmp/mysqld.trace # this will show you *exactly* what's happening in your server ;) @@ -96,15 +98,6 @@ tmpdir = /tmp/ #debug = d:t:i:o,/tmp/mysqld.trace #one-thread -# uncomment the following directives if you are using BDB tables -#bdb_cache_size = 4M -#bdb_max_lock = 10000 - -# the following is the InnoDB configuration -# if you wish to disable innodb instead -# uncomment just the next line -#skip-innodb -# # the rest of the innodb config follows: # don't eat too much memory, we're trying to be safe on 64Mb boxes # you might want to bump this up a bit on boxes with more RAM @@ -144,7 +137,7 @@ max_allowed_packet = 64M #safe-updates [isamchk] -key_buffer = 20M +key_buffer_size = 20M sort_buffer_size = 20M read_buffer = 2M write_buffer = 2M diff --git a/ntp.conf b/ntp.conf index ec7965c..e9666a0 100644 --- a/ntp.conf +++ b/ntp.conf @@ -11,10 +11,10 @@ #server pool.ntp.org # Pools for Gentoo users -server 0.gentoo.pool.ntp.org -server 1.gentoo.pool.ntp.org -server 2.gentoo.pool.ntp.org -server 3.gentoo.pool.ntp.org +server 0.debian.pool.ntp.org +server 1.debian.pool.ntp.org +server 2.debian.pool.ntp.org +server 3.debian.pool.ntp.org ## # A list of available servers can be found here: diff --git a/portage b/portage index 5bbd802..f27ca5b 160000 --- a/portage +++ b/portage @@ -1 +1 @@ -Subproject commit 5bbd80281061531b42cf4004af33ca95aab764f2 +Subproject commit f27ca5b113107ed31dc838b92c6efaccde2169fa diff --git a/rc.conf b/rc.conf index 42b7dfd..118530b 100644 --- a/rc.conf +++ b/rc.conf @@ -51,6 +51,10 @@ rc_logger="YES" # The default value is: /var/log/rc.log rc_log_path="/var/log/rc.log" +# If you want verbose output for OpenRC, set this to yes. If you want +# verbose output for service foo only, set it to yes in /etc/conf.d/foo. +#rc_verbose=no + # By default we filter the environment for our running scripts. To allow other # variables through, add them here. Use a * to allow all variables through. #rc_env_allow="VAR1 VAR2" @@ -73,6 +77,10 @@ rc_log_path="/var/log/rc.log" #rc_crashed_stop=NO #rc_crashed_start=YES +# Set rc_nocolor to yes if you do not want colors displayed in OpenRC +# output. +#rc_nocolor=NO + ############################################################################## # MISC CONFIGURATION VARIABLES # There variables are shared between many init scripts @@ -86,7 +94,7 @@ unicode="YES" # Below is the default list of network fstypes. # -# afs cifs coda davfs fuse fuse.sshfs gfs glusterfs lustre ncpfs +# afs ceph cifs coda davfs fuse fuse.sshfs gfs glusterfs lustre ncpfs # nfs nfs4 ocfs2 shfs smbfs # # If you would like to add to this list, you can do so by adding your diff --git a/texmf/ls-R b/texmf/ls-R index b3f2cd7..5045d34 100644 --- a/texmf/ls-R +++ b/texmf/ls-R @@ -46,8 +46,8 @@ format.texlive-latex.cnf 20sizes.cnf ./updmap.d: -.keep_app-text_texlive-core-0 00updmap.cfg +.keep_app-text_texlive-core-0 texlive-basic.cfg texlive-fontsrecommended.cfg texlive-latex.cfg @@ -55,8 +55,8 @@ texlive-latexextra.cfg texlive-pictures.cfg ./web2c: -.keep_app-text_texlive-core-0 fmtutil.cnf +.keep_app-text_texlive-core-0 texmf.cnf updmap.cfg diff --git a/ulogd.conf b/ulogd.conf index 86c2d67..642b6e1 100644 --- a/ulogd.conf +++ b/ulogd.conf @@ -49,6 +49,7 @@ plugin="/usr/lib64/ulogd/ulogd_output_GPRINT.so" plugin="/usr/lib64/ulogd/ulogd_raw2packet_BASE.so" plugin="/usr/lib64/ulogd/ulogd_inpflow_NFACCT.so" plugin="/usr/lib64/ulogd/ulogd_output_GRAPHITE.so" +#plugin="/usr/lib64/ulogd/ulogd_output_JSON.so" # this is a stack for logging packet send by system via LOGEMU stack=log1:NFLOG,base1:BASE,ifi1:IFINDEX,ip2str1:IP2STR,print1:PRINTPKT,emu1:LOGEMU @@ -92,6 +93,9 @@ stack=ulog1:ULOG,base1:BASE,ip2str1:IP2STR,print1:PRINTPKT,emu1:LOGEMU # this is a stack for logging packet to PGsql after a collect via NFLOG #stack=log2:NFLOG,base1:BASE,ifi1:IFINDEX,ip2str1:IP2STR,mac2str1:HWHDR,pgsql1:PGSQL +# this is a stack for logging packet to JSON formatted file after a collect via NFLOG +#stack=log2:NFLOG,base1:BASE,ifi1:IFINDEX,ip2str1:IP2STR,mac2str1:HWHDR,json1:JSON + # this is a stack for logging packets to syslog after a collect via NFLOG #stack=log3:NFLOG,base1:BASE,ifi1:IFINDEX,ip2str1:IP2STR,print1:PRINTPKT,sys1:SYSLOG @@ -195,6 +199,17 @@ timestamp=1 directory="/var/log/ulogd/" sync=1 +[json1] +sync=1 +#file="/var/log/ulogd/ulogd.json" +#timestamp=0 +# device name to be used in JSON message +#device="My awesome Netfilter firewall" +# If boolean_label is set to 1 then the numeric_label put on packet +# by the input plugin is coding the action on packet: if 0, then +# packet has been blocked and if non null it has been accepted. +#boolean_label=1 + [pcap1] #default file is /var/log/ulogd/ulogd.pcap #file="/var/log/ulogd/ulogd.pcap" diff --git a/xml/catalog b/xml/catalog index 95cd2b8..045e2da 100644 --- a/xml/catalog +++ b/xml/catalog @@ -3,14 +3,6 @@ - - - - - - - - @@ -25,4 +17,12 @@ + + + + + + + +