From: Frank Brehm Date: Tue, 22 Apr 2014 14:12:04 +0000 (+0200) Subject: Current state X-Git-Url: https://git.uhu-banane.net/?a=commitdiff_plain;h=478466d0c5300c9eb6adbdb7cf6acfc9a99bc2af;p=config%2Fuhu1%2Fetc.git Current state --- diff --git a/.etckeeper b/.etckeeper index dbfe4b3..16cda4f 100755 --- a/.etckeeper +++ b/.etckeeper @@ -240,6 +240,7 @@ maybe chmod 0644 './config-archive/etc/apache2/modules.d/00_apache_manual.conf' maybe chmod 0644 './config-archive/etc/apache2/modules.d/00_apache_manual.conf.1' maybe chmod 0644 './config-archive/etc/apache2/modules.d/00_apache_manual.conf.2' maybe chmod 0644 './config-archive/etc/apache2/modules.d/00_apache_manual.conf.3' +maybe chmod 0644 './config-archive/etc/apache2/modules.d/00_apache_manual.conf.4' maybe chmod 0644 './config-archive/etc/apache2/modules.d/00_apache_manual.conf.dist' maybe chmod 0755 './config-archive/etc/bash' maybe chmod 0644 './config-archive/etc/bash/bashrc' @@ -371,6 +372,8 @@ maybe chmod 0644 './config-archive/etc/logrotate.conf.dist' maybe chmod 0755 './config-archive/etc/logrotate.d' maybe chmod 0644 './config-archive/etc/logrotate.d/clamav' maybe chmod 0644 './config-archive/etc/logrotate.d/clamav.dist' +maybe chmod 0644 './config-archive/etc/logrotate.d/syslog-ng' +maybe chmod 0644 './config-archive/etc/logrotate.d/syslog-ng.dist.new' maybe chmod 0644 './config-archive/etc/logrotate.d/ulogd' maybe chmod 0644 './config-archive/etc/logrotate.d/ulogd.1' maybe chmod 0644 './config-archive/etc/logrotate.d/ulogd.dist' @@ -540,6 +543,7 @@ maybe chmod 0644 './config-archive/etc/postfix/main.cf.3' maybe chmod 0644 './config-archive/etc/postfix/main.cf.4' maybe chmod 0644 './config-archive/etc/postfix/main.cf.5' maybe chmod 0644 './config-archive/etc/postfix/main.cf.6' +maybe chmod 0644 './config-archive/etc/postfix/main.cf.7' maybe chmod 0644 './config-archive/etc/postfix/main.cf.dist' maybe chmod 0644 './config-archive/etc/profile' maybe chmod 0755 './config-archive/etc/profile.d' @@ -566,6 +570,7 @@ maybe chmod 0644 './config-archive/etc/ssh/ssh_config.dist' maybe chmod 0600 './config-archive/etc/ssh/sshd_config' maybe chmod 0600 './config-archive/etc/ssh/sshd_config.1' maybe chmod 0600 './config-archive/etc/ssh/sshd_config.2' +maybe chmod 0600 './config-archive/etc/ssh/sshd_config.3' maybe chmod 0600 './config-archive/etc/ssh/sshd_config.dist' maybe chmod 0755 './config-archive/etc/stunnel' maybe chmod 0644 './config-archive/etc/stunnel/stunnel.conf' @@ -914,6 +919,7 @@ maybe chmod 0755 './highlight' maybe chmod 0644 './highlight/filetypes.conf' maybe chmod 0644 './host.conf' maybe chmod 0644 './hosts' +maybe chmod 0644 './hosts.allow' maybe chmod 0644 './idn.conf' maybe chmod 0644 './idn.conf.sample' maybe chmod 0644 './idnalias.conf' @@ -1569,6 +1575,8 @@ maybe chmod 0600 './ssh/ssh_host_dsa_key' maybe chmod 0644 './ssh/ssh_host_dsa_key.pub' maybe chmod 0600 './ssh/ssh_host_ecdsa_key' maybe chmod 0644 './ssh/ssh_host_ecdsa_key.pub' +maybe chmod 0600 './ssh/ssh_host_ed25519_key' +maybe chmod 0644 './ssh/ssh_host_ed25519_key.pub' maybe chmod 0600 './ssh/ssh_host_key' maybe chmod 0644 './ssh/ssh_host_key.pub' maybe chmod 0600 './ssh/ssh_host_rsa_key' diff --git a/ImageMagick-6/delegates.xml b/ImageMagick-6/delegates.xml index 035f4cc..77d1ae6 100644 --- a/ImageMagick-6/delegates.xml +++ b/ImageMagick-6/delegates.xml @@ -87,7 +87,7 @@ - + diff --git a/apache2/modules.d/00_apache_manual.conf b/apache2/modules.d/00_apache_manual.conf index 33ae915..391c2e6 100644 --- a/apache2/modules.d/00_apache_manual.conf +++ b/apache2/modules.d/00_apache_manual.conf @@ -3,9 +3,9 @@ # The documentation is always available at # http://httpd.apache.org/docs/2.2/ -AliasMatch ^/manual(?:/(?:de|en|es|fr|ja|ko|pt-br))?(/.*)?$ "/usr/share/doc/apache-2.2.25/manual$1" +AliasMatch ^/manual(?:/(?:de|en|es|fr|ja|ko|pt-br))?(/.*)?$ "/usr/share/doc/apache-2.2.27/manual$1" - + Options Indexes AllowOverride None Order allow,deny diff --git a/ca-certificates.conf b/ca-certificates.conf index 7bc7c0b..51d6687 100644 --- a/ca-certificates.conf +++ b/ca-certificates.conf @@ -1,5 +1,5 @@ -# Automatically generated by app-misc/ca-certificates-20130906 -# Mon Feb 24 09:10:38 UTC 2014 +# Automatically generated by app-misc/ca-certificates-20130906-r1 +# Tue Apr 1 20:45:18 UTC 2014 # Do not edit. cacert.org/cacert.org_class3.crt cacert.org/cacert.org_root.crt diff --git a/config-archive/etc/apache2/modules.d/00_apache_manual.conf b/config-archive/etc/apache2/modules.d/00_apache_manual.conf index f43bf59..33ae915 100644 --- a/config-archive/etc/apache2/modules.d/00_apache_manual.conf +++ b/config-archive/etc/apache2/modules.d/00_apache_manual.conf @@ -3,9 +3,9 @@ # The documentation is always available at # http://httpd.apache.org/docs/2.2/ -AliasMatch ^/manual(?:/(?:de|en|es|fr|ja|ko|pt-br))?(/.*)?$ "/usr/share/doc/apache-2.2.24/manual$1" +AliasMatch ^/manual(?:/(?:de|en|es|fr|ja|ko|pt-br))?(/.*)?$ "/usr/share/doc/apache-2.2.25/manual$1" - + Options Indexes AllowOverride None Order allow,deny diff --git a/config-archive/etc/apache2/modules.d/00_apache_manual.conf.1 b/config-archive/etc/apache2/modules.d/00_apache_manual.conf.1 index 240d6b4..f43bf59 100644 --- a/config-archive/etc/apache2/modules.d/00_apache_manual.conf.1 +++ b/config-archive/etc/apache2/modules.d/00_apache_manual.conf.1 @@ -3,9 +3,9 @@ # The documentation is always available at # http://httpd.apache.org/docs/2.2/ -AliasMatch ^/manual(?:/(?:de|en|es|fr|ja|ko|pt-br))?(/.*)?$ "/usr/share/doc/apache-2.2.23/manual$1" +AliasMatch ^/manual(?:/(?:de|en|es|fr|ja|ko|pt-br))?(/.*)?$ "/usr/share/doc/apache-2.2.24/manual$1" - + Options Indexes AllowOverride None Order allow,deny diff --git a/config-archive/etc/apache2/modules.d/00_apache_manual.conf.2 b/config-archive/etc/apache2/modules.d/00_apache_manual.conf.2 index 25de5d1..240d6b4 100644 --- a/config-archive/etc/apache2/modules.d/00_apache_manual.conf.2 +++ b/config-archive/etc/apache2/modules.d/00_apache_manual.conf.2 @@ -3,9 +3,9 @@ # The documentation is always available at # http://httpd.apache.org/docs/2.2/ -AliasMatch ^/manual(?:/(?:de|en|es|fr|ja|ko|pt-br))?(/.*)?$ "/usr/share/doc/apache-2.2.22/manual$1" +AliasMatch ^/manual(?:/(?:de|en|es|fr|ja|ko|pt-br))?(/.*)?$ "/usr/share/doc/apache-2.2.23/manual$1" - + Options Indexes AllowOverride None Order allow,deny @@ -18,7 +18,7 @@ AliasMatch ^/manual(?:/(?:de|en|es|fr|ja|ko|pt-br))?(/.*)?$ "/usr/share/doc/apac SetEnvIf Request_URI ^/manual/(de|en|es|fr|ja|ko|pt-br)/ prefer-language=$1 RedirectMatch 301 ^/manual(?:/(de|en|es|fr|ja|ko|pt-br)){2,}(/.*)?$ /manual/$1$2 - LanguagePriority en de es fr ja ko pt-br + LanguagePriority de en es fr ja ko pt-br ForceLanguagePriority Prefer Fallback diff --git a/config-archive/etc/apache2/modules.d/00_apache_manual.conf.3 b/config-archive/etc/apache2/modules.d/00_apache_manual.conf.3 index a1bfed2..25de5d1 100644 --- a/config-archive/etc/apache2/modules.d/00_apache_manual.conf.3 +++ b/config-archive/etc/apache2/modules.d/00_apache_manual.conf.3 @@ -3,9 +3,9 @@ # The documentation is always available at # http://httpd.apache.org/docs/2.2/ -AliasMatch ^/manual(?:/(?:de|en|es|fr|ja|ko|pt-br))?(/.*)?$ "/usr/share/doc/apache-2.2.21-r1/manual$1" +AliasMatch ^/manual(?:/(?:de|en|es|fr|ja|ko|pt-br))?(/.*)?$ "/usr/share/doc/apache-2.2.22/manual$1" - + Options Indexes AllowOverride None Order allow,deny diff --git a/config-archive/etc/apache2/modules.d/00_apache_manual.conf.4 b/config-archive/etc/apache2/modules.d/00_apache_manual.conf.4 new file mode 100644 index 0000000..a1bfed2 --- /dev/null +++ b/config-archive/etc/apache2/modules.d/00_apache_manual.conf.4 @@ -0,0 +1,26 @@ +# Provide access to the documentation on your server as +# http://yourserver.example.com/manual/ +# The documentation is always available at +# http://httpd.apache.org/docs/2.2/ + +AliasMatch ^/manual(?:/(?:de|en|es|fr|ja|ko|pt-br))?(/.*)?$ "/usr/share/doc/apache-2.2.21-r1/manual$1" + + + Options Indexes + AllowOverride None + Order allow,deny + Allow from all + + + SetHandler type-map + + + SetEnvIf Request_URI ^/manual/(de|en|es|fr|ja|ko|pt-br)/ prefer-language=$1 + RedirectMatch 301 ^/manual(?:/(de|en|es|fr|ja|ko|pt-br)){2,}(/.*)?$ /manual/$1$2 + + LanguagePriority en de es fr ja ko pt-br + ForceLanguagePriority Prefer Fallback + + + +# vim: ts=4 filetype=apache diff --git a/config-archive/etc/apache2/modules.d/00_apache_manual.conf.dist b/config-archive/etc/apache2/modules.d/00_apache_manual.conf.dist index d1f1140..4f6ae4f 100644 --- a/config-archive/etc/apache2/modules.d/00_apache_manual.conf.dist +++ b/config-archive/etc/apache2/modules.d/00_apache_manual.conf.dist @@ -3,9 +3,9 @@ # The documentation is always available at # http://httpd.apache.org/docs/2.2/ -AliasMatch ^/manual(?:/(?:de|en|es|fr|ja|ko|pt-br))?(/.*)?$ "/usr/share/doc/apache-2.2.25/manual$1" +AliasMatch ^/manual(?:/(?:de|en|es|fr|ja|ko|pt-br))?(/.*)?$ "/usr/share/doc/apache-2.2.27/manual$1" - + Options Indexes AllowOverride None Order allow,deny diff --git a/config-archive/etc/logrotate.d/syslog-ng b/config-archive/etc/logrotate.d/syslog-ng new file mode 100644 index 0000000..5c94da4 --- /dev/null +++ b/config-archive/etc/logrotate.d/syslog-ng @@ -0,0 +1,58 @@ +# $Header: /var/cvsroot/gentoo-x86/app-admin/syslog-ng/files/syslog-ng.logrotate,v 1.3 2008/10/15 20:46:12 mr_bones_ Exp $ +# +# Syslog-ng logrotate snippet for Gentoo Linux +# contributed by Michael Sterrett +# + +#/var/log/messages { +# missingok +# sharedscripts +# postrotate +# /etc/init.d/syslog-ng reload > /dev/null 2>&1 || true +# endscript +#} + +script syslog-reload + /etc/init.d/syslog-ng reload >/dev/null || true +endscript + +/var/log/messages { + daily + olddir /var/log/.old/%Y-%m + size 1024K + postrotate syslog-reload +} + +/var/log/syslog.d/* { + daily + olddir /var/log/syslog.d/.old/%Y-%m + size 1024K + postrotate syslog-reload + maxage 1y +} + +/var/log/debug.log { + daily + olddir /var/log/.old/%Y-%m + size 4M + postrotate syslog-reload + maxage 6m +} + +/var/log/mail/authdaemond /var/log/mail/amavis* /var/log/mail/imapd* /var/log/mail/pop3d* /var/log/mail/postgrey /var/log/mail/spam* { + daily + olddir /var/log/mail/.old/%Y-%m + size 1024K + postrotate syslog-reload + maxage 1y +} + +/var/log/mail/postfix/* { + daily + olddir /var/log/mail/.old/postfix/%Y-%m + size 1024K + postrotate syslog-reload + maxage 1y +} + +# vim: ts=4 filetype=conf diff --git a/config-archive/etc/logrotate.d/syslog-ng.dist.new b/config-archive/etc/logrotate.d/syslog-ng.dist.new new file mode 100644 index 0000000..ad07969 --- /dev/null +++ b/config-archive/etc/logrotate.d/syslog-ng.dist.new @@ -0,0 +1,13 @@ +# $Header: /var/cvsroot/gentoo-x86/app-admin/syslog-ng/files/syslog-ng.logrotate.in,v 1.1 2014/01/22 04:25:35 mr_bones_ Exp $ +# +# Syslog-ng logrotate snippet for Gentoo Linux +# contributed by Michael Sterrett +# + +/var/log/messages { + missingok + sharedscripts + postrotate + /etc/init.d/syslog-ng reload > /dev/null 2>&1 || true + endscript +} diff --git a/config-archive/etc/postfix/main.cf b/config-archive/etc/postfix/main.cf index b47d5a0..b155ad2 100644 --- a/config-archive/etc/postfix/main.cf +++ b/config-archive/etc/postfix/main.cf @@ -640,7 +640,7 @@ setgid_group = postdrop # html_directory: The location of the Postfix HTML documentation. # -html_directory = /usr/share/doc/postfix-2.10.1/html +html_directory = /usr/share/doc/postfix-2.10.2/html # manpage_directory: The location of the Postfix on-line manual pages. # @@ -653,7 +653,7 @@ sample_directory = /etc/postfix # readme_directory: The location of the Postfix README files. # -readme_directory = /usr/share/doc/postfix-2.10.1/readme +readme_directory = /usr/share/doc/postfix-2.10.2/readme home_mailbox = .maildir/ broken_sasl_auth_clients = yes diff --git a/config-archive/etc/postfix/main.cf.1 b/config-archive/etc/postfix/main.cf.1 index a3de299..b47d5a0 100644 --- a/config-archive/etc/postfix/main.cf.1 +++ b/config-archive/etc/postfix/main.cf.1 @@ -640,7 +640,7 @@ setgid_group = postdrop # html_directory: The location of the Postfix HTML documentation. # -html_directory = /usr/share/doc/postfix-2.10.0/html +html_directory = /usr/share/doc/postfix-2.10.1/html # manpage_directory: The location of the Postfix on-line manual pages. # @@ -653,7 +653,7 @@ sample_directory = /etc/postfix # readme_directory: The location of the Postfix README files. # -readme_directory = /usr/share/doc/postfix-2.10.0/readme +readme_directory = /usr/share/doc/postfix-2.10.1/readme home_mailbox = .maildir/ broken_sasl_auth_clients = yes diff --git a/config-archive/etc/postfix/main.cf.2 b/config-archive/etc/postfix/main.cf.2 index f0345ad..a3de299 100644 --- a/config-archive/etc/postfix/main.cf.2 +++ b/config-archive/etc/postfix/main.cf.2 @@ -640,7 +640,7 @@ setgid_group = postdrop # html_directory: The location of the Postfix HTML documentation. # -html_directory = /usr/share/doc/postfix-2.9.5/html +html_directory = /usr/share/doc/postfix-2.10.0/html # manpage_directory: The location of the Postfix on-line manual pages. # @@ -653,7 +653,7 @@ sample_directory = /etc/postfix # readme_directory: The location of the Postfix README files. # -readme_directory = /usr/share/doc/postfix-2.9.5/readme +readme_directory = /usr/share/doc/postfix-2.10.0/readme home_mailbox = .maildir/ broken_sasl_auth_clients = yes diff --git a/config-archive/etc/postfix/main.cf.3 b/config-archive/etc/postfix/main.cf.3 index d148c85..f0345ad 100644 --- a/config-archive/etc/postfix/main.cf.3 +++ b/config-archive/etc/postfix/main.cf.3 @@ -640,7 +640,7 @@ setgid_group = postdrop # html_directory: The location of the Postfix HTML documentation. # -html_directory = /usr/share/doc/postfix-2.9.4/html +html_directory = /usr/share/doc/postfix-2.9.5/html # manpage_directory: The location of the Postfix on-line manual pages. # @@ -653,7 +653,7 @@ sample_directory = /etc/postfix # readme_directory: The location of the Postfix README files. # -readme_directory = /usr/share/doc/postfix-2.9.4/readme +readme_directory = /usr/share/doc/postfix-2.9.5/readme home_mailbox = .maildir/ broken_sasl_auth_clients = yes diff --git a/config-archive/etc/postfix/main.cf.4 b/config-archive/etc/postfix/main.cf.4 index fb2117d..d148c85 100644 --- a/config-archive/etc/postfix/main.cf.4 +++ b/config-archive/etc/postfix/main.cf.4 @@ -640,7 +640,7 @@ setgid_group = postdrop # html_directory: The location of the Postfix HTML documentation. # -html_directory = /usr/share/doc/postfix-2.9.3/html +html_directory = /usr/share/doc/postfix-2.9.4/html # manpage_directory: The location of the Postfix on-line manual pages. # @@ -653,7 +653,7 @@ sample_directory = /etc/postfix # readme_directory: The location of the Postfix README files. # -readme_directory = /usr/share/doc/postfix-2.9.3/readme +readme_directory = /usr/share/doc/postfix-2.9.4/readme home_mailbox = .maildir/ broken_sasl_auth_clients = yes diff --git a/config-archive/etc/postfix/main.cf.5 b/config-archive/etc/postfix/main.cf.5 index 95061cd..fb2117d 100644 --- a/config-archive/etc/postfix/main.cf.5 +++ b/config-archive/etc/postfix/main.cf.5 @@ -39,7 +39,7 @@ command_directory = /usr/sbin # daemon programs (i.e. programs listed in the master.cf file). This # directory must be owned by root. # -daemon_directory = /usr/lib64/postfix +daemon_directory = /usr/libexec/postfix # The data_directory parameter specifies the location of Postfix-writable # data files (caches, random numbers). This directory must be owned @@ -458,7 +458,12 @@ unknown_local_recipient_reject_code = 550 # the main.cf file, otherwise the SMTP server will reject mail for # non-UNIX accounts with "User unknown in local recipient table". # -#mailbox_transport = lmtp:unix:/file/name +# Cyrus IMAP over LMTP. Specify ``lmtpunix cmd="lmtpd" +# listen="/var/imap/socket/lmtp" prefork=0'' in cyrus.conf. +#mailbox_transport = lmtp:unix:/var/imap/socket/lmtp +# +# Cyrus IMAP via command line. Uncomment the "cyrus...pipe" and +# subsequent line in master.cf. #mailbox_transport = cyrus # The fallback_transport specifies the optional transport in master.cf @@ -635,7 +640,7 @@ setgid_group = postdrop # html_directory: The location of the Postfix HTML documentation. # -html_directory = /usr/share/doc/postfix-2.8.9/html +html_directory = /usr/share/doc/postfix-2.9.3/html # manpage_directory: The location of the Postfix on-line manual pages. # @@ -648,7 +653,7 @@ sample_directory = /etc/postfix # readme_directory: The location of the Postfix README files. # -readme_directory = /usr/share/doc/postfix-2.8.9/readme +readme_directory = /usr/share/doc/postfix-2.9.3/readme home_mailbox = .maildir/ broken_sasl_auth_clients = yes diff --git a/config-archive/etc/postfix/main.cf.6 b/config-archive/etc/postfix/main.cf.6 index 2d40235..95061cd 100644 --- a/config-archive/etc/postfix/main.cf.6 +++ b/config-archive/etc/postfix/main.cf.6 @@ -635,7 +635,7 @@ setgid_group = postdrop # html_directory: The location of the Postfix HTML documentation. # -html_directory = /usr/share/doc/postfix-2.8.7/html +html_directory = /usr/share/doc/postfix-2.8.9/html # manpage_directory: The location of the Postfix on-line manual pages. # @@ -648,7 +648,7 @@ sample_directory = /etc/postfix # readme_directory: The location of the Postfix README files. # -readme_directory = /usr/share/doc/postfix-2.8.7/readme +readme_directory = /usr/share/doc/postfix-2.8.9/readme home_mailbox = .maildir/ broken_sasl_auth_clients = yes diff --git a/config-archive/etc/postfix/main.cf.7 b/config-archive/etc/postfix/main.cf.7 new file mode 100644 index 0000000..2d40235 --- /dev/null +++ b/config-archive/etc/postfix/main.cf.7 @@ -0,0 +1,681 @@ +# Global Postfix configuration file. This file lists only a subset +# of all parameters. For the syntax, and for a complete parameter +# list, see the postconf(5) manual page (command: "man 5 postconf"). +# +# For common configuration examples, see BASIC_CONFIGURATION_README +# and STANDARD_CONFIGURATION_README. To find these documents, use +# the command "postconf html_directory readme_directory", or go to +# http://www.postfix.org/. +# +# For best results, change no more than 2-3 parameters at a time, +# and test if Postfix still works after every change. + +# SOFT BOUNCE +# +# The soft_bounce parameter provides a limited safety net for +# testing. When soft_bounce is enabled, mail will remain queued that +# would otherwise bounce. This parameter disables locally-generated +# bounces, and prevents the SMTP server from rejecting mail permanently +# (by changing 5xx replies into 4xx replies). However, soft_bounce +# is no cure for address rewriting mistakes or mail routing mistakes. +# +#soft_bounce = no + +# LOCAL PATHNAME INFORMATION +# +# The queue_directory specifies the location of the Postfix queue. +# This is also the root directory of Postfix daemons that run chrooted. +# See the files in examples/chroot-setup for setting up Postfix chroot +# environments on different UNIX systems. +# +queue_directory = /var/spool/postfix + +# The command_directory parameter specifies the location of all +# postXXX commands. +# +command_directory = /usr/sbin + +# The daemon_directory parameter specifies the location of all Postfix +# daemon programs (i.e. programs listed in the master.cf file). This +# directory must be owned by root. +# +daemon_directory = /usr/lib64/postfix + +# The data_directory parameter specifies the location of Postfix-writable +# data files (caches, random numbers). This directory must be owned +# by the mail_owner account (see below). +# +data_directory = /var/lib/postfix + +# QUEUE AND PROCESS OWNERSHIP +# +# The mail_owner parameter specifies the owner of the Postfix queue +# and of most Postfix daemon processes. Specify the name of a user +# account THAT DOES NOT SHARE ITS USER OR GROUP ID WITH OTHER ACCOUNTS +# AND THAT OWNS NO OTHER FILES OR PROCESSES ON THE SYSTEM. In +# particular, don't specify nobody or daemon. PLEASE USE A DEDICATED +# USER. +# +mail_owner = postfix + +# The default_privs parameter specifies the default rights used by +# the local delivery agent for delivery to external file or command. +# These rights are used in the absence of a recipient user context. +# DO NOT SPECIFY A PRIVILEGED USER OR THE POSTFIX OWNER. +# +#default_privs = nobody + +# INTERNET HOST AND DOMAIN NAMES +# +# The myhostname parameter specifies the internet hostname of this +# mail system. The default is to use the fully-qualified domain name +# from gethostname(). $myhostname is used as a default value for many +# other configuration parameters. +# +#myhostname = host.domain.tld +#myhostname = virtual.domain.tld + +# The mydomain parameter specifies the local internet domain name. +# The default is to use $myhostname minus the first component. +# $mydomain is used as a default value for many other configuration +# parameters. +# +#mydomain = domain.tld + +# SENDING MAIL +# +# The myorigin parameter specifies the domain that locally-posted +# mail appears to come from. The default is to append $myhostname, +# which is fine for small sites. If you run a domain with multiple +# machines, you should (1) change this to $mydomain and (2) set up +# a domain-wide alias database that aliases each user to +# user@that.users.mailhost. +# +# For the sake of consistency between sender and recipient addresses, +# myorigin also specifies the default domain name that is appended +# to recipient addresses that have no @domain part. +# +#myorigin = $myhostname +#myorigin = $mydomain + +# RECEIVING MAIL + +# The inet_interfaces parameter specifies the network interface +# addresses that this mail system receives mail on. By default, +# the software claims all active interfaces on the machine. The +# parameter also controls delivery of mail to user@[ip.address]. +# +# See also the proxy_interfaces parameter, for network addresses that +# are forwarded to us via a proxy or network address translator. +# +# Note: you need to stop/start Postfix when this parameter changes. +# +#inet_interfaces = all +#inet_interfaces = $myhostname +#inet_interfaces = $myhostname, localhost + +# The proxy_interfaces parameter specifies the network interface +# addresses that this mail system receives mail on by way of a +# proxy or network address translation unit. This setting extends +# the address list specified with the inet_interfaces parameter. +# +# You must specify your proxy/NAT addresses when your system is a +# backup MX host for other domains, otherwise mail delivery loops +# will happen when the primary MX host is down. +# +#proxy_interfaces = +#proxy_interfaces = 1.2.3.4 + +# The mydestination parameter specifies the list of domains that this +# machine considers itself the final destination for. +# +# These domains are routed to the delivery agent specified with the +# local_transport parameter setting. By default, that is the UNIX +# compatible delivery agent that lookups all recipients in /etc/passwd +# and /etc/aliases or their equivalent. +# +# The default is $myhostname + localhost.$mydomain. On a mail domain +# gateway, you should also include $mydomain. +# +# Do not specify the names of virtual domains - those domains are +# specified elsewhere (see VIRTUAL_README). +# +# Do not specify the names of domains that this machine is backup MX +# host for. Specify those names via the relay_domains settings for +# the SMTP server, or use permit_mx_backup if you are lazy (see +# STANDARD_CONFIGURATION_README). +# +# The local machine is always the final destination for mail addressed +# to user@[the.net.work.address] of an interface that the mail system +# receives mail on (see the inet_interfaces parameter). +# +# Specify a list of host or domain names, /file/name or type:table +# patterns, separated by commas and/or whitespace. A /file/name +# pattern is replaced by its contents; a type:table is matched when +# a name matches a lookup key (the right-hand side is ignored). +# Continue long lines by starting the next line with whitespace. +# +# See also below, section "REJECTING MAIL FOR UNKNOWN LOCAL USERS". +# +#mydestination = $myhostname, localhost.$mydomain, localhost +#mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain +#mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain, +# mail.$mydomain, www.$mydomain, ftp.$mydomain + +# REJECTING MAIL FOR UNKNOWN LOCAL USERS +# +# The local_recipient_maps parameter specifies optional lookup tables +# with all names or addresses of users that are local with respect +# to $mydestination, $inet_interfaces or $proxy_interfaces. +# +# If this parameter is defined, then the SMTP server will reject +# mail for unknown local users. This parameter is defined by default. +# +# To turn off local recipient checking in the SMTP server, specify +# local_recipient_maps = (i.e. empty). +# +# The default setting assumes that you use the default Postfix local +# delivery agent for local delivery. You need to update the +# local_recipient_maps setting if: +# +# - You define $mydestination domain recipients in files other than +# /etc/passwd, /etc/aliases, or the $virtual_alias_maps files. +# For example, you define $mydestination domain recipients in +# the $virtual_mailbox_maps files. +# +# - You redefine the local delivery agent in master.cf. +# +# - You redefine the "local_transport" setting in main.cf. +# +# - You use the "luser_relay", "mailbox_transport", or "fallback_transport" +# feature of the Postfix local delivery agent (see local(8)). +# +# Details are described in the LOCAL_RECIPIENT_README file. +# +# Beware: if the Postfix SMTP server runs chrooted, you probably have +# to access the passwd file via the proxymap service, in order to +# overcome chroot restrictions. The alternative, having a copy of +# the system passwd file in the chroot jail is just not practical. +# +# The right-hand side of the lookup tables is conveniently ignored. +# In the left-hand side, specify a bare username, an @domain.tld +# wild-card, or specify a user@domain.tld address. +# +#local_recipient_maps = unix:passwd.byname $alias_maps +#local_recipient_maps = proxy:unix:passwd.byname $alias_maps +#local_recipient_maps = + +# The unknown_local_recipient_reject_code specifies the SMTP server +# response code when a recipient domain matches $mydestination or +# ${proxy,inet}_interfaces, while $local_recipient_maps is non-empty +# and the recipient address or address local-part is not found. +# +# The default setting is 550 (reject mail) but it is safer to start +# with 450 (try again later) until you are certain that your +# local_recipient_maps settings are OK. +# +unknown_local_recipient_reject_code = 550 + +# TRUST AND RELAY CONTROL + +# The mynetworks parameter specifies the list of "trusted" SMTP +# clients that have more privileges than "strangers". +# +# In particular, "trusted" SMTP clients are allowed to relay mail +# through Postfix. See the smtpd_recipient_restrictions parameter +# in postconf(5). +# +# You can specify the list of "trusted" network addresses by hand +# or you can let Postfix do it for you (which is the default). +# +# By default (mynetworks_style = subnet), Postfix "trusts" SMTP +# clients in the same IP subnetworks as the local machine. +# On Linux, this does works correctly only with interfaces specified +# with the "ifconfig" command. +# +# Specify "mynetworks_style = class" when Postfix should "trust" SMTP +# clients in the same IP class A/B/C networks as the local machine. +# Don't do this with a dialup site - it would cause Postfix to "trust" +# your entire provider's network. Instead, specify an explicit +# mynetworks list by hand, as described below. +# +# Specify "mynetworks_style = host" when Postfix should "trust" +# only the local machine. +# +#mynetworks_style = class +#mynetworks_style = subnet +#mynetworks_style = host + +# Alternatively, you can specify the mynetworks list by hand, in +# which case Postfix ignores the mynetworks_style setting. +# +# Specify an explicit list of network/netmask patterns, where the +# mask specifies the number of bits in the network part of a host +# address. +# +# You can also specify the absolute pathname of a pattern file instead +# of listing the patterns here. Specify type:table for table-based lookups +# (the value on the table right-hand side is not used). +# +#mynetworks = 168.100.189.0/28, 127.0.0.0/8 +#mynetworks = $config_directory/mynetworks +#mynetworks = hash:/etc/postfix/network_table + +# The relay_domains parameter restricts what destinations this system will +# relay mail to. See the smtpd_recipient_restrictions description in +# postconf(5) for detailed information. +# +# By default, Postfix relays mail +# - from "trusted" clients (IP address matches $mynetworks) to any destination, +# - from "untrusted" clients to destinations that match $relay_domains or +# subdomains thereof, except addresses with sender-specified routing. +# The default relay_domains value is $mydestination. +# +# In addition to the above, the Postfix SMTP server by default accepts mail +# that Postfix is final destination for: +# - destinations that match $inet_interfaces or $proxy_interfaces, +# - destinations that match $mydestination +# - destinations that match $virtual_alias_domains, +# - destinations that match $virtual_mailbox_domains. +# These destinations do not need to be listed in $relay_domains. +# +# Specify a list of hosts or domains, /file/name patterns or type:name +# lookup tables, separated by commas and/or whitespace. Continue +# long lines by starting the next line with whitespace. A file name +# is replaced by its contents; a type:name table is matched when a +# (parent) domain appears as lookup key. +# +# NOTE: Postfix will not automatically forward mail for domains that +# list this system as their primary or backup MX host. See the +# permit_mx_backup restriction description in postconf(5). +# +#relay_domains = $mydestination + +# INTERNET OR INTRANET + +# The relayhost parameter specifies the default host to send mail to +# when no entry is matched in the optional transport(5) table. When +# no relayhost is given, mail is routed directly to the destination. +# +# On an intranet, specify the organizational domain name. If your +# internal DNS uses no MX records, specify the name of the intranet +# gateway host instead. +# +# In the case of SMTP, specify a domain, host, host:port, [host]:port, +# [address] or [address]:port; the form [host] turns off MX lookups. +# +# If you're connected via UUCP, see also the default_transport parameter. +# +#relayhost = $mydomain +#relayhost = [gateway.my.domain] +#relayhost = [mailserver.isp.tld] +#relayhost = uucphost +#relayhost = [an.ip.add.ress] + +# REJECTING UNKNOWN RELAY USERS +# +# The relay_recipient_maps parameter specifies optional lookup tables +# with all addresses in the domains that match $relay_domains. +# +# If this parameter is defined, then the SMTP server will reject +# mail for unknown relay users. This feature is off by default. +# +# The right-hand side of the lookup tables is conveniently ignored. +# In the left-hand side, specify an @domain.tld wild-card, or specify +# a user@domain.tld address. +# +#relay_recipient_maps = hash:/etc/postfix/relay_recipients + +# INPUT RATE CONTROL +# +# The in_flow_delay configuration parameter implements mail input +# flow control. This feature is turned on by default, although it +# still needs further development (it's disabled on SCO UNIX due +# to an SCO bug). +# +# A Postfix process will pause for $in_flow_delay seconds before +# accepting a new message, when the message arrival rate exceeds the +# message delivery rate. With the default 100 SMTP server process +# limit, this limits the mail inflow to 100 messages a second more +# than the number of messages delivered per second. +# +# Specify 0 to disable the feature. Valid delays are 0..10. +# +#in_flow_delay = 1s + +# ADDRESS REWRITING +# +# The ADDRESS_REWRITING_README document gives information about +# address masquerading or other forms of address rewriting including +# username->Firstname.Lastname mapping. + +# ADDRESS REDIRECTION (VIRTUAL DOMAIN) +# +# The VIRTUAL_README document gives information about the many forms +# of domain hosting that Postfix supports. + +# "USER HAS MOVED" BOUNCE MESSAGES +# +# See the discussion in the ADDRESS_REWRITING_README document. + +# TRANSPORT MAP +# +# See the discussion in the ADDRESS_REWRITING_README document. + +# ALIAS DATABASE +# +# The alias_maps parameter specifies the list of alias databases used +# by the local delivery agent. The default list is system dependent. +# +# On systems with NIS, the default is to search the local alias +# database, then the NIS alias database. See aliases(5) for syntax +# details. +# +# If you change the alias database, run "postalias /etc/aliases" (or +# wherever your system stores the mail alias file), or simply run +# "newaliases" to build the necessary DBM or DB file. +# +# It will take a minute or so before changes become visible. Use +# "postfix reload" to eliminate the delay. +# +#alias_maps = dbm:/etc/aliases +#alias_maps = hash:/etc/aliases +#alias_maps = hash:/etc/aliases, nis:mail.aliases +#alias_maps = netinfo:/aliases + +# The alias_database parameter specifies the alias database(s) that +# are built with "newaliases" or "sendmail -bi". This is a separate +# configuration parameter, because alias_maps (see above) may specify +# tables that are not necessarily all under control by Postfix. +# +#alias_database = dbm:/etc/aliases +#alias_database = dbm:/etc/mail/aliases +#alias_database = hash:/etc/aliases +#alias_database = hash:/etc/aliases, hash:/opt/majordomo/aliases + +# ADDRESS EXTENSIONS (e.g., user+foo) +# +# The recipient_delimiter parameter specifies the separator between +# user names and address extensions (user+foo). See canonical(5), +# local(8), relocated(5) and virtual(5) for the effects this has on +# aliases, canonical, virtual, relocated and .forward file lookups. +# Basically, the software tries user+foo and .forward+foo before +# trying user and .forward. +# +#recipient_delimiter = + + +# DELIVERY TO MAILBOX +# +# The home_mailbox parameter specifies the optional pathname of a +# mailbox file relative to a user's home directory. The default +# mailbox file is /var/spool/mail/user or /var/mail/user. Specify +# "Maildir/" for qmail-style delivery (the / is required). +# +#home_mailbox = Mailbox +#home_mailbox = Maildir/ + +# The mail_spool_directory parameter specifies the directory where +# UNIX-style mailboxes are kept. The default setting depends on the +# system type. +# +#mail_spool_directory = /var/mail +#mail_spool_directory = /var/spool/mail + +# The mailbox_command parameter specifies the optional external +# command to use instead of mailbox delivery. The command is run as +# the recipient with proper HOME, SHELL and LOGNAME environment settings. +# Exception: delivery for root is done as $default_user. +# +# Other environment variables of interest: USER (recipient username), +# EXTENSION (address extension), DOMAIN (domain part of address), +# and LOCAL (the address localpart). +# +# Unlike other Postfix configuration parameters, the mailbox_command +# parameter is not subjected to $parameter substitutions. This is to +# make it easier to specify shell syntax (see example below). +# +# Avoid shell meta characters because they will force Postfix to run +# an expensive shell process. Procmail alone is expensive enough. +# +# IF YOU USE THIS TO DELIVER MAIL SYSTEM-WIDE, YOU MUST SET UP AN +# ALIAS THAT FORWARDS MAIL FOR ROOT TO A REAL USER. +# +#mailbox_command = /some/where/procmail +#mailbox_command = /some/where/procmail -a "$EXTENSION" + +# The mailbox_transport specifies the optional transport in master.cf +# to use after processing aliases and .forward files. This parameter +# has precedence over the mailbox_command, fallback_transport and +# luser_relay parameters. +# +# Specify a string of the form transport:nexthop, where transport is +# the name of a mail delivery transport defined in master.cf. The +# :nexthop part is optional. For more details see the sample transport +# configuration file. +# +# NOTE: if you use this feature for accounts not in the UNIX password +# file, then you must update the "local_recipient_maps" setting in +# the main.cf file, otherwise the SMTP server will reject mail for +# non-UNIX accounts with "User unknown in local recipient table". +# +#mailbox_transport = lmtp:unix:/file/name +#mailbox_transport = cyrus + +# The fallback_transport specifies the optional transport in master.cf +# to use for recipients that are not found in the UNIX passwd database. +# This parameter has precedence over the luser_relay parameter. +# +# Specify a string of the form transport:nexthop, where transport is +# the name of a mail delivery transport defined in master.cf. The +# :nexthop part is optional. For more details see the sample transport +# configuration file. +# +# NOTE: if you use this feature for accounts not in the UNIX password +# file, then you must update the "local_recipient_maps" setting in +# the main.cf file, otherwise the SMTP server will reject mail for +# non-UNIX accounts with "User unknown in local recipient table". +# +#fallback_transport = lmtp:unix:/file/name +#fallback_transport = cyrus +#fallback_transport = + +# The luser_relay parameter specifies an optional destination address +# for unknown recipients. By default, mail for unknown@$mydestination, +# unknown@[$inet_interfaces] or unknown@[$proxy_interfaces] is returned +# as undeliverable. +# +# The following expansions are done on luser_relay: $user (recipient +# username), $shell (recipient shell), $home (recipient home directory), +# $recipient (full recipient address), $extension (recipient address +# extension), $domain (recipient domain), $local (entire recipient +# localpart), $recipient_delimiter. Specify ${name?value} or +# ${name:value} to expand value only when $name does (does not) exist. +# +# luser_relay works only for the default Postfix local delivery agent. +# +# NOTE: if you use this feature for accounts not in the UNIX password +# file, then you must specify "local_recipient_maps =" (i.e. empty) in +# the main.cf file, otherwise the SMTP server will reject mail for +# non-UNIX accounts with "User unknown in local recipient table". +# +#luser_relay = $user@other.host +#luser_relay = $local@other.host +#luser_relay = admin+$local + +# JUNK MAIL CONTROLS +# +# The controls listed here are only a very small subset. The file +# SMTPD_ACCESS_README provides an overview. + +# The header_checks parameter specifies an optional table with patterns +# that each logical message header is matched against, including +# headers that span multiple physical lines. +# +# By default, these patterns also apply to MIME headers and to the +# headers of attached messages. With older Postfix versions, MIME and +# attached message headers were treated as body text. +# +# For details, see "man header_checks". +# +#header_checks = regexp:/etc/postfix/header_checks + +# FAST ETRN SERVICE +# +# Postfix maintains per-destination logfiles with information about +# deferred mail, so that mail can be flushed quickly with the SMTP +# "ETRN domain.tld" command, or by executing "sendmail -qRdomain.tld". +# See the ETRN_README document for a detailed description. +# +# The fast_flush_domains parameter controls what destinations are +# eligible for this service. By default, they are all domains that +# this server is willing to relay mail to. +# +#fast_flush_domains = $relay_domains + +# SHOW SOFTWARE VERSION OR NOT +# +# The smtpd_banner parameter specifies the text that follows the 220 +# code in the SMTP server's greeting banner. Some people like to see +# the mail version advertised. By default, Postfix shows no version. +# +# You MUST specify $myhostname at the start of the text. That is an +# RFC requirement. Postfix itself does not care. +# +#smtpd_banner = $myhostname ESMTP $mail_name +#smtpd_banner = $myhostname ESMTP $mail_name ($mail_version) + +# PARALLEL DELIVERY TO THE SAME DESTINATION +# +# How many parallel deliveries to the same user or domain? With local +# delivery, it does not make sense to do massively parallel delivery +# to the same user, because mailbox updates must happen sequentially, +# and expensive pipelines in .forward files can cause disasters when +# too many are run at the same time. With SMTP deliveries, 10 +# simultaneous connections to the same domain could be sufficient to +# raise eyebrows. +# +# Each message delivery transport has its XXX_destination_concurrency_limit +# parameter. The default is $default_destination_concurrency_limit for +# most delivery transports. For the local delivery agent the default is 2. + +#local_destination_concurrency_limit = 2 +#default_destination_concurrency_limit = 20 + +# DEBUGGING CONTROL +# +# The debug_peer_level parameter specifies the increment in verbose +# logging level when an SMTP client or server host name or address +# matches a pattern in the debug_peer_list parameter. +# +debug_peer_level = 2 + +# The debug_peer_list parameter specifies an optional list of domain +# or network patterns, /file/name patterns or type:name tables. When +# an SMTP client or server host name or address matches a pattern, +# increase the verbose logging level by the amount specified in the +# debug_peer_level parameter. +# +#debug_peer_list = 127.0.0.1 +#debug_peer_list = some.domain + +# The debugger_command specifies the external command that is executed +# when a Postfix daemon program is run with the -D option. +# +# Use "command .. & sleep 5" so that the debugger can attach before +# the process marches on. If you use an X-based debugger, be sure to +# set up your XAUTHORITY environment variable before starting Postfix. +# +debugger_command = + PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin + ddd $daemon_directory/$process_name $process_id & sleep 5 + +# If you can't use X, use this to capture the call stack when a +# daemon crashes. The result is in a file in the configuration +# directory, and is named after the process name and the process ID. +# +# debugger_command = +# PATH=/bin:/usr/bin:/usr/local/bin; export PATH; (echo cont; +# echo where) | gdb $daemon_directory/$process_name $process_id 2>&1 +# >$config_directory/$process_name.$process_id.log & sleep 5 +# +# Another possibility is to run gdb under a detached screen session. +# To attach to the screen sesssion, su root and run "screen -r +# " where uniquely matches one of the detached +# sessions (from "screen -list"). +# +# debugger_command = +# PATH=/bin:/usr/bin:/sbin:/usr/sbin; export PATH; screen +# -dmS $process_name gdb $daemon_directory/$process_name +# $process_id & sleep 1 + +# INSTALL-TIME CONFIGURATION INFORMATION +# +# The following parameters are used when installing a new Postfix version. +# +# sendmail_path: The full pathname of the Postfix sendmail command. +# This is the Sendmail-compatible mail posting interface. +# +sendmail_path = /usr/sbin/sendmail + +# newaliases_path: The full pathname of the Postfix newaliases command. +# This is the Sendmail-compatible command to build alias databases. +# +newaliases_path = /usr/bin/newaliases + +# mailq_path: The full pathname of the Postfix mailq command. This +# is the Sendmail-compatible mail queue listing command. +# +mailq_path = /usr/bin/mailq + +# setgid_group: The group for mail submission and queue management +# commands. This must be a group name with a numerical group ID that +# is not shared with other accounts, not even with the Postfix account. +# +setgid_group = postdrop + +# html_directory: The location of the Postfix HTML documentation. +# +html_directory = /usr/share/doc/postfix-2.8.7/html + +# manpage_directory: The location of the Postfix on-line manual pages. +# +manpage_directory = /usr/share/man + +# sample_directory: The location of the Postfix sample configuration files. +# This parameter is obsolete as of Postfix 2.1. +# +sample_directory = /etc/postfix + +# readme_directory: The location of the Postfix README files. +# +readme_directory = /usr/share/doc/postfix-2.8.7/readme +home_mailbox = .maildir/ +broken_sasl_auth_clients = yes + +inet_protocols = all + +mydomain = uhu-banane.de + +# default: mynetworks = 127.0.0.0/8 46.16.73.175/32 [::1]/128 [fe80::%eth0]/64 +mynetworks = 127.0.0.0/8 46.16.73.175/32 [::1]/128 + +myorigin = $mydomain +recipient_delimiter = + +relayhost = [mail.brehm-online.com] +smtp_sasl_auth_enable = yes +smtp_sasl_password_maps = hash:/etc/postfix/smtp_auth +smtp_sasl_security_options = noanonymous +smtp_tls_cert_file = /etc/postfix/postfix.pem +smtp_tls_enforce_peername = no +smtp_tls_key_file = /etc/postfix/postfix.pem +smtp_use_tls = yes +smtpd_sasl_auth_enable = yes +smtpd_sasl_local_domain = $myhostname +smtpd_sasl_security_options = noanonymous +smtpd_tls_cert_file = /etc/postfix/postfix.pem +smtpd_tls_key_file = /etc/postfix/postfix.pem +smtpd_tls_loglevel = 1 +smtpd_tls_received_header = yes +smtpd_tls_session_cache_timeout = 3600s +smtpd_use_tls = yes +tls_random_source = dev:/dev/urandom diff --git a/config-archive/etc/postfix/main.cf.dist b/config-archive/etc/postfix/main.cf.dist index e556e0c..f08724a 100644 --- a/config-archive/etc/postfix/main.cf.dist +++ b/config-archive/etc/postfix/main.cf.dist @@ -640,7 +640,7 @@ setgid_group = postdrop # html_directory: The location of the Postfix HTML documentation. # -html_directory = /usr/share/doc/postfix-2.10.2/html +html_directory = /usr/share/doc/postfix-2.10.3/html # manpage_directory: The location of the Postfix on-line manual pages. # @@ -653,5 +653,5 @@ sample_directory = /etc/postfix # readme_directory: The location of the Postfix README files. # -readme_directory = /usr/share/doc/postfix-2.10.2/readme +readme_directory = /usr/share/doc/postfix-2.10.3/readme home_mailbox = .maildir/ diff --git a/config-archive/etc/ssh/sshd_config b/config-archive/etc/ssh/sshd_config index e8168d6..6401926 100644 --- a/config-archive/etc/ssh/sshd_config +++ b/config-archive/etc/ssh/sshd_config @@ -27,8 +27,8 @@ # "key type names" for X.509 certificates with RSA key # Note first defined is used in signature operations! -#X509KeyAlgorithm x509v3-sign-rsa,rsa-md5 #X509KeyAlgorithm x509v3-sign-rsa,rsa-sha1 +#X509KeyAlgorithm x509v3-sign-rsa,rsa-md5 # "key type names" for X.509 certificates with DSA key # Note first defined is used in signature operations! @@ -95,6 +95,9 @@ #KeyRegenerationInterval 1h #ServerKeyBits 1024 +# Ciphers and keying +#RekeyLimit default none + # Logging # obsoletes QuietMode and FascistLogging #SyslogFacility AUTH @@ -116,6 +119,11 @@ PermitRootLogin yes # but this is overridden so installations will only check .ssh/authorized_keys #AuthorizedKeysFile .ssh/authorized_keys +#AuthorizedPrincipalsFile none + +#AuthorizedKeysCommand none +#AuthorizedKeysCommandUser nobody + # For this to work you will also need host keys in /etc/ssh/ssh_known_hosts #RhostsRSAAuthentication no # similar for protocol version 2 @@ -166,16 +174,17 @@ PrintMotd no PrintLastLog no #TCPKeepAlive yes #UseLogin no -#UsePrivilegeSeparation yes +UsePrivilegeSeparation sandbox # Default for new installations. #PermitUserEnvironment no #Compression delayed #ClientAliveInterval 0 #ClientAliveCountMax 3 #UseDNS yes #PidFile /var/run/sshd.pid -#MaxStartups 10 +#MaxStartups 10:30:100 #PermitTunnel no #ChrootDirectory none +#VersionAddendum none # no default banner path #Banner none @@ -190,18 +199,21 @@ Subsystem sftp /usr/lib64/misc/sftp-server # tcp receive buffer polling. disable in non autotuning kernels #TcpRcvBufPoll yes -# allow the use of the none cipher -#NoneEnabled no - -# disable hpn performance boosts. +# disable hpn performance boosts #HPNDisabled no # buffer size for hpn to non-hpn connections #HPNBufferSize 2048 +# allow the use of the none cipher +#NoneEnabled no + # Example of overriding settings on a per-user basis #Match User anoncvs # X11Forwarding no # AllowTcpForwarding no # ForceCommand cvs server + +# Allow client to pass locale environment variables #367017 +AcceptEnv LANG LC_* diff --git a/config-archive/etc/ssh/sshd_config.1 b/config-archive/etc/ssh/sshd_config.1 index e686e9f..e8168d6 100644 --- a/config-archive/etc/ssh/sshd_config.1 +++ b/config-archive/etc/ssh/sshd_config.1 @@ -7,7 +7,7 @@ # The strategy used for options in the default sshd_config shipped with # OpenSSH is to specify options with their default value where -# possible, but leave them commented. Uncommented options change a +# possible, but leave them commented. Uncommented options override the # default value. #Port 22 @@ -103,14 +103,17 @@ # Authentication: #LoginGraceTime 2m -#PermitRootLogin yes -PermitRootLogin no +PermitRootLogin yes +#PermitRootLogin no #StrictModes yes #MaxAuthTries 6 #MaxSessions 10 #RSAAuthentication yes #PubkeyAuthentication yes + +# The default is to check both .ssh/authorized_keys and .ssh/authorized_keys2 +# but this is overridden so installations will only check .ssh/authorized_keys #AuthorizedKeysFile .ssh/authorized_keys # For this to work you will also need host keys in /etc/ssh/ssh_known_hosts @@ -140,6 +143,7 @@ PasswordAuthentication no # GSSAPI options #GSSAPIAuthentication no #GSSAPICleanupCredentials yes +#GSSAPIStrictAcceptorCheck yes # Set this to 'yes' to enable PAM authentication, account processing, # and session processing. If this is enabled, PAM authentication will @@ -176,6 +180,9 @@ PrintLastLog no # no default banner path #Banner none +# Allow client to pass locale environment variables +AcceptEnv LANG LC_* + # override default of no subsystems Subsystem sftp /usr/lib64/misc/sftp-server diff --git a/config-archive/etc/ssh/sshd_config.2 b/config-archive/etc/ssh/sshd_config.2 index ca72979..e686e9f 100644 --- a/config-archive/etc/ssh/sshd_config.2 +++ b/config-archive/etc/ssh/sshd_config.2 @@ -1,4 +1,4 @@ -# $OpenBSD: sshd_config,v 1.82 2010/09/06 17:10:19 naddy Exp $ +# $OpenBSD$ # This is the sshd server system-wide configuration file. See # sshd_config(5) for more information. @@ -25,6 +25,72 @@ #HostKey /etc/ssh/ssh_host_dsa_key #HostKey /etc/ssh/ssh_host_ecdsa_key +# "key type names" for X.509 certificates with RSA key +# Note first defined is used in signature operations! +#X509KeyAlgorithm x509v3-sign-rsa,rsa-md5 +#X509KeyAlgorithm x509v3-sign-rsa,rsa-sha1 + +# "key type names" for X.509 certificates with DSA key +# Note first defined is used in signature operations! +#X509KeyAlgorithm x509v3-sign-dss,dss-asn1 +#X509KeyAlgorithm x509v3-sign-dss,dss-raw + +# The intended use for the X509 client certificate. Without this option +# no chain verification will be done. Currently accepted uses are case +# insensitive: +# - "sslclient", "SSL client", "SSL_client" or "client" +# - "any", "Any Purpose", "Any_Purpose" or "AnyPurpose" +# - "skip" or ""(empty): don`t check purpose. +#AllowedCertPurpose sslclient + +# Specifies whether self-issued(self-signed) X.509 certificate can be +# allowed only by entry in AutorizedKeysFile that contain matching +# public key or certificate blob. +#KeyAllowSelfIssued no + +# Specifies whether CRL must present in store for all certificates in +# certificate chain with atribute "cRLDistributionPoints" +#MandatoryCRL no + +# A file with multiple certificates of certificate signers +# in PEM format concatenated together. +#CACertificateFile /etc/ssh/ca/ca-bundle.crt + +# A directory with certificates of certificate signers. +# The certificates should have name of the form: [HASH].[NUMBER] +# or have symbolic links to them of this form. +#CACertificatePath /etc/ssh/ca/crt + +# A file with multiple CRL of certificate signers +# in PEM format concatenated together. +#CARevocationFile /etc/ssh/ca/ca-bundle.crl + +# A directory with CRL of certificate signers. +# The CRL should have name of the form: [HASH].r[NUMBER] +# or have symbolic links to them of this form. +#CARevocationPath /etc/ssh/ca/crl + +# LDAP protocol version. +# Example: +# CAldapVersion 2 + +# Note because of OpenSSH options parser limitation +# use %3D instead of = ! +# LDAP initialization may require URL to be escaped, i.e. +# use %2C instead of ,(comma). Escaped URL don't depend from +# LDAP initialization method. +# Example: +# CAldapURL ldap://localhost:389/dc%3Dexample%2Cdc%3Dcom + +# SSH can use "Online Certificate Status Protocol"(OCSP) +# to validate certificate. Set VAType to +# - none : do not use OCSP to validate certificates; +# - ocspcert: validate only certificates that specify `OCSP +# Service Locator' URL; +# - ocspspec: use specified in the configuration 'OCSP Responder' +# to validate all certificates. +#VAType none + # Lifetime and size of ephemeral version 1 server key #KeyRegenerationInterval 1h #ServerKeyBits 1024 diff --git a/config-archive/etc/ssh/sshd_config.3 b/config-archive/etc/ssh/sshd_config.3 new file mode 100644 index 0000000..ca72979 --- /dev/null +++ b/config-archive/etc/ssh/sshd_config.3 @@ -0,0 +1,134 @@ +# $OpenBSD: sshd_config,v 1.82 2010/09/06 17:10:19 naddy Exp $ + +# This is the sshd server system-wide configuration file. See +# sshd_config(5) for more information. + +# This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin + +# The strategy used for options in the default sshd_config shipped with +# OpenSSH is to specify options with their default value where +# possible, but leave them commented. Uncommented options change a +# default value. + +#Port 22 +#AddressFamily any +#ListenAddress 0.0.0.0 +#ListenAddress :: + +# The default requires explicit activation of protocol 1 +#Protocol 2 + +# HostKey for protocol version 1 +#HostKey /etc/ssh/ssh_host_key +# HostKeys for protocol version 2 +#HostKey /etc/ssh/ssh_host_rsa_key +#HostKey /etc/ssh/ssh_host_dsa_key +#HostKey /etc/ssh/ssh_host_ecdsa_key + +# Lifetime and size of ephemeral version 1 server key +#KeyRegenerationInterval 1h +#ServerKeyBits 1024 + +# Logging +# obsoletes QuietMode and FascistLogging +#SyslogFacility AUTH +#LogLevel INFO + +# Authentication: + +#LoginGraceTime 2m +#PermitRootLogin yes +PermitRootLogin no +#StrictModes yes +#MaxAuthTries 6 +#MaxSessions 10 + +#RSAAuthentication yes +#PubkeyAuthentication yes +#AuthorizedKeysFile .ssh/authorized_keys + +# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts +#RhostsRSAAuthentication no +# similar for protocol version 2 +#HostbasedAuthentication no +# Change to yes if you don't trust ~/.ssh/known_hosts for +# RhostsRSAAuthentication and HostbasedAuthentication +#IgnoreUserKnownHosts no +# Don't read the user's ~/.rhosts and ~/.shosts files +#IgnoreRhosts yes + +# To disable tunneled clear text passwords, change to no here! +#PasswordAuthentication no +PasswordAuthentication no +#PermitEmptyPasswords no + +# Change to no to disable s/key passwords +#ChallengeResponseAuthentication yes + +# Kerberos options +#KerberosAuthentication no +#KerberosOrLocalPasswd yes +#KerberosTicketCleanup yes +#KerberosGetAFSToken no + +# GSSAPI options +#GSSAPIAuthentication no +#GSSAPICleanupCredentials yes + +# Set this to 'yes' to enable PAM authentication, account processing, +# and session processing. If this is enabled, PAM authentication will +# be allowed through the ChallengeResponseAuthentication and +# PasswordAuthentication. Depending on your PAM configuration, +# PAM authentication via ChallengeResponseAuthentication may bypass +# the setting of "PermitRootLogin without-password". +# If you just want the PAM account and session checks to run without +# PAM authentication, then enable this but set PasswordAuthentication +# and ChallengeResponseAuthentication to 'no'. +UsePAM yes + +#AllowAgentForwarding yes +#AllowTcpForwarding yes +#GatewayPorts no +#X11Forwarding no +#X11DisplayOffset 10 +#X11UseLocalhost yes +PrintMotd no +PrintLastLog no +#TCPKeepAlive yes +#UseLogin no +#UsePrivilegeSeparation yes +#PermitUserEnvironment no +#Compression delayed +#ClientAliveInterval 0 +#ClientAliveCountMax 3 +#UseDNS yes +#PidFile /var/run/sshd.pid +#MaxStartups 10 +#PermitTunnel no +#ChrootDirectory none + +# no default banner path +#Banner none + +# override default of no subsystems +Subsystem sftp /usr/lib64/misc/sftp-server + +# the following are HPN related configuration options +# tcp receive buffer polling. disable in non autotuning kernels +#TcpRcvBufPoll yes + +# allow the use of the none cipher +#NoneEnabled no + +# disable hpn performance boosts. +#HPNDisabled no + +# buffer size for hpn to non-hpn connections +#HPNBufferSize 2048 + + +# Example of overriding settings on a per-user basis +#Match User anoncvs +# X11Forwarding no +# AllowTcpForwarding no +# ForceCommand cvs server diff --git a/config-archive/etc/ssh/sshd_config.dist b/config-archive/etc/ssh/sshd_config.dist index e818623..c76351a 100644 --- a/config-archive/etc/ssh/sshd_config.dist +++ b/config-archive/etc/ssh/sshd_config.dist @@ -24,6 +24,7 @@ #HostKey /etc/ssh/ssh_host_rsa_key #HostKey /etc/ssh/ssh_host_dsa_key #HostKey /etc/ssh/ssh_host_ecdsa_key +#HostKey /etc/ssh/ssh_host_ed25519_key # "key type names" for X.509 certificates with RSA key # Note first defined is used in signature operations! @@ -151,8 +152,8 @@ PasswordAuthentication no #GSSAPICleanupCredentials yes #GSSAPIStrictAcceptorCheck yes -# Set this to 'yes' to enable PAM authentication, account processing, -# and session processing. If this is enabled, PAM authentication will +# Set this to 'yes' to enable PAM authentication, account processing, +# and session processing. If this is enabled, PAM authentication will # be allowed through the ChallengeResponseAuthentication and # PasswordAuthentication. Depending on your PAM configuration, # PAM authentication via ChallengeResponseAuthentication may bypass @@ -168,6 +169,7 @@ UsePAM yes #X11Forwarding no #X11DisplayOffset 10 #X11UseLocalhost yes +#PermitTTY yes PrintMotd no PrintLastLog no #TCPKeepAlive yes @@ -208,6 +210,7 @@ Subsystem sftp /usr/lib64/misc/sftp-server #Match User anoncvs # X11Forwarding no # AllowTcpForwarding no +# PermitTTY no # ForceCommand cvs server # Allow client to pass locale environment variables #367017 diff --git a/csh.env b/csh.env index fdee83f..6b23ee5 100644 --- a/csh.env +++ b/csh.env @@ -9,19 +9,19 @@ setenv GCC_SPECS '' setenv GUILE_LOAD_PATH '/usr/share/guile/1.8' setenv HG '/usr/bin/hg' setenv INFOPATH '/usr/share/info:/usr/share/gcc-data/x86_64-pc-linux-gnu/4.7.3/info:/usr/share/binutils-data/x86_64-pc-linux-gnu/2.23.2/info' -setenv LANG 'de_DE.UTF-8' -setenv LC_ADDRESS 'de_DE.utf8' -setenv LC_COLLATE 'de_DE.utf8' -setenv LC_CTYPE 'de_DE.utf8' -setenv LC_IDENTIFICATION 'de_DE.utf8' -setenv LC_MEASUREMENT 'de_DE.utf8' -setenv LC_MESSAGES 'de_DE.utf8' -setenv LC_MONETARY 'de_DE.utf8' -setenv LC_NAME 'de_DE.utf8' -setenv LC_NUMERIC 'de_DE.utf8' -setenv LC_PAPER 'de_DE.utf8' -setenv LC_TELEPHONE 'de_DE.utf8' -setenv LC_TIME 'de_DE.utf8' +setenv LANG 'en_US.UTF-8' +setenv LC_ADDRESS 'en_US.utf8' +setenv LC_COLLATE 'en_US.utf8' +setenv LC_CTYPE 'en_US.utf8' +setenv LC_IDENTIFICATION 'en_US.utf8' +setenv LC_MEASUREMENT 'en_US.utf8' +setenv LC_MESSAGES 'en_US.utf8' +setenv LC_MONETARY 'en_US.utf8' +setenv LC_NAME 'en_US.utf8' +setenv LC_NUMERIC 'en_US.utf8' +setenv LC_PAPER 'en_US.utf8' +setenv LC_TELEPHONE 'en_US.utf8' +setenv LC_TIME 'en_US.utf8' setenv LESS '-R -M --shift 5' setenv LESSOPEN '|lesspipe %s' setenv MANPATH '/usr/local/share/man:/usr/share/man:/usr/share/gcc-data/x86_64-pc-linux-gnu/4.7.3/man:/usr/share/binutils-data/x86_64-pc-linux-gnu/2.23.2/man:/etc/java-config-2/current-system-vm/man/:/usr/lib64/php5.3/man/:/usr/lib64/php5.5/man/:/usr/share/postgresql/man/:/usr/share/postgresql-9.3/man/' diff --git a/hosts.allow b/hosts.allow new file mode 100644 index 0000000..c473eb9 --- /dev/null +++ b/hosts.allow @@ -0,0 +1,17 @@ +# For more information, please see the hosts.allow(5) manpage + +# Rule format: +# daemon : client list +# The value for 'daemon' is determined by the name of the binary. +# OpenSSH runs as 'sshd' so you would use 'sshd' for 'daemon'. +# Client list can be a list of ip's or hostnames. + +# Allow only sshd connections from ips matching 192.168.0.* +#sshd: 192.168.0. + +# Only allow sendmail connections from the localhost +#sendmail: localhost + +# Allow everyone from foobar.edu to access everything except for +# the terminalserver +#ALL: .foobar.edu EXCEPT terminalserver.foobar.edu diff --git a/init.d/apache2 b/init.d/apache2 index c3ce4e7..76e2154 100755 --- a/init.d/apache2 +++ b/init.d/apache2 @@ -77,12 +77,16 @@ start() { # Use start stop daemon to apply system limits #347301 start-stop-daemon --start -- ${APACHE2} ${APACHE2_OPTS} -k start - i=0 - while [ ! -e "${PIDFILE}" ] && [ $i -lt ${TIMEOUT} ]; do + local i=0 retval=1 + while [ $i -lt ${TIMEOUT} ] ; do + if [ -e "${PIDFILE}" ] ; then + retval=0 + break + fi sleep 1 && i=$(expr $i + 1) done - eend $(test $i -lt ${TIMEOUT}) + eend ${retval} } stop() { @@ -101,13 +105,14 @@ stop() { ebegin "Stopping ${SVCNAME}" ${APACHE2} ${APACHE2_OPTS} -k stop - i=0 + local i=0 retval=0 while ( test -f "${PIDFILE}" && pgrep -P ${PID} apache2 >/dev/null ) \ && [ $i -lt ${TIMEOUT} ]; do sleep 1 && i=$(expr $i + 1) done + [ -e "${PIDFILE}" ] && retval=1 - eend $(test $i -lt ${TIMEOUT}) + eend ${retval} } reload() { diff --git a/init.d/nrpe b/init.d/nrpe index 21fa4f0..7dbbef6 100755 --- a/init.d/nrpe +++ b/init.d/nrpe @@ -1,7 +1,7 @@ #!/sbin/runscript -# Copyright 1999-2013 Gentoo Foundation +# Copyright 1999-2014 Gentoo Foundation # Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/net-analyzer/nrpe/files/nrpe.init,v 1.3 2013/01/25 17:43:36 flameeyes Exp $ +# $Header: /var/cvsroot/gentoo-x86/net-analyzer/nrpe/files/nrpe.init,v 1.4 2014/04/19 17:18:03 robbat2 Exp $ : ${CFGFILE:=/etc/nagios/nrpe.cfg} @@ -22,3 +22,24 @@ depend() { config ${CFGFILE} } + +start() +{ + mkdir -p $(dirname $pidfile) + local _background= + ebegin "Starting ${name:-$RC_SVCNAME}" + eval start-stop-daemon --start \ + --exec $command \ + ${procname:+--name} $procname \ + ${pidfile:+--pidfile} $pidfile \ + $_background $start_stop_daemon_args \ + -- $command_args + if eend $? "Failed to start $RC_SVCNAME"; then + service_set_value "command" "${command}" + [ -n "${pidfile}" ] && service_set_value "pidfile" "${pidfile}" + [ -n "${procname}" ] && service_set_value "procname" "${procname}" + return 0 + fi + return 1 +} + diff --git a/init.d/samba b/init.d/samba index 779ec09..96bb94e 100755 --- a/init.d/samba +++ b/init.d/samba @@ -1,9 +1,10 @@ #!/sbin/runscript -# Copyright 1999-2011 Gentoo Foundation +# Copyright 1999-2014 Gentoo Foundation # Distributed under the terms of the GNU General Public License, v2 or later -# $Header: /var/cvsroot/gentoo-x86/net-fs/samba/files/3.6/samba.initd,v 1.3 2011/09/14 22:52:33 polynomial-c Exp $ +# $Header: /var/cvsroot/gentoo-x86/net-fs/samba/files/3.6/samba.initd,v 1.4 2014/03/14 09:30:41 polynomial-c Exp $ extra_started_commands="reload" +piddir="/var/run/samba" depend() { after slapd @@ -34,7 +35,7 @@ signal_do() { } mkdir_sambadirs() { - [ -d /var/run/samba ] || mkdir -p /var/run/samba + [ -d "${piddir}" ] || mkdir -p ${piddir} } start() { diff --git a/mutt/Muttrc.dist b/mutt/Muttrc.dist index 89a5c4e..d60afdf 100644 --- a/mutt/Muttrc.dist +++ b/mutt/Muttrc.dist @@ -23,7 +23,7 @@ macro index,pager,attach,compose \cb "\ "call urlview to extract URLs out of a message" # Show documentation when pressing F1 -macro generic,pager " less /usr/share/doc/mutt-1.5.21-r12/manual.txt" "show Mutt documentation" +macro generic,pager " less /usr/share/doc/mutt-1.5.22-r3/manual.txt" "show Mutt documentation" # show the incoming mailboxes list (just like "mutt -y") and back when pressing "y" macro index,pager y "?" "show incoming mailboxes list" @@ -1025,6 +1025,15 @@ attachments -I message/external-body # It defaults to the value of the $VISUAL, or $EDITOR, environment # variable, or to the string ``vi'' if neither of those are set. # +# The $editor string may contain a %s escape, which will be replaced by the name +# of the file to be edited. If the %s escape does not appear in $editor, a +# space and the name to be edited are appended. +# +# The resulting string is then executed by running +# sh -c 'string' +# +# where string is the expansion of $editor described above. +# # # set encode_from=no # @@ -1669,11 +1678,11 @@ attachments -I message/external-body # up periodically, try unsetting this. # # -# set imap_keepalive=900 +# set imap_keepalive=300 # # Name: imap_keepalive # Type: number -# Default: 900 +# Default: 300 # # # This variable specifies the maximum amount of time in seconds that mutt @@ -2773,9 +2782,11 @@ attachments -I message/external-body # Default: "" # # -# This command is invoked whenever mutt will need public key information. -# Of the sequences supported by $pgp_decode_command, %r is the only -# printf(3)-like sequence used with this format. +# This command is invoked whenever Mutt needs to fetch the public key associated with +# an email address. Of the sequences supported by $pgp_decode_command, %r is +# the only printf(3)-like sequence used with this format. Note that +# in this case, %r expands to the email address, not the public key ID (the key ID is +# unknown, which is why Mutt is invoking this command). # (PGP only) # # @@ -2830,7 +2841,7 @@ attachments -I message/external-body # # This command is used to list the public key ring's contents. The # output format must be analogous to the one used by -# gpg --list-keys --with-colons. +# gpg --list-keys --with-colons # # This format is also generated by the pgpring utility which comes # with mutt. @@ -2849,7 +2860,7 @@ attachments -I message/external-body # # This command is used to list the secret key ring's contents. The # output format must be analogous to the one used by: -# gpg --list-keys --with-colons. +# gpg --list-keys --with-colons # # This format is also generated by the pgpring utility which comes # with mutt. @@ -3596,6 +3607,37 @@ attachments -I message/external-body # $save_name variables, and the ``fcc-hook'' command. # # +# set reflow_text=yes +# +# Name: reflow_text +# Type: boolean +# Default: yes +# +# +# When set, Mutt will reformat paragraphs in text/plain +# parts marked format=flowed. If unset, Mutt will display paragraphs +# unaltered from how they appear in the message body. See RFC3676 for +# details on the format=flowed format. +# +# Also see $reflow_wrap, and $wrap. +# +# +# set reflow_wrap=78 +# +# Name: reflow_wrap +# Type: number +# Default: 78 +# +# +# This variable controls the maximum paragraph width when reformatting text/plain +# parts when $reflow_text is set. When the value is 0, paragraphs will +# be wrapped at the terminal's right margin. A positive value sets the +# paragraph width relative to the left margin. A negative value set the +# paragraph width relative to the right margin. +# +# Also see $wrap. +# +# # set reply_regexp="^(re([\\[0-9\\]+])*|aw):[ \t]*" # # Name: reply_regexp @@ -4632,7 +4674,29 @@ attachments -I message/external-body # Default: yes # # -# This variable specifies whether to attempt to use TLSv1 in the +# This variable specifies whether to attempt to use TLSv1.0 in the +# SSL authentication process. +# +# +# set ssl_use_tlsv1_1=yes +# +# Name: ssl_use_tlsv1_1 +# Type: boolean +# Default: yes +# +# +# This variable specifies whether to attempt to use TLSv1.1 in the +# SSL authentication process. +# +# +# set ssl_use_tlsv1_2=yes +# +# Name: ssl_use_tlsv1_2 +# Type: boolean +# Default: yes +# +# +# This variable specifies whether to attempt to use TLSv1.2 in the # SSL authentication process. # # @@ -5165,6 +5229,8 @@ attachments -I message/external-body # characters of empty space on the right side of the terminal. Setting it # to zero makes mutt wrap at the terminal width. # +# Also see $reflow_wrap. +# # # set wrap_headers=78 # diff --git a/postfix/main.cf b/postfix/main.cf index b155ad2..2c7bd57 100644 --- a/postfix/main.cf +++ b/postfix/main.cf @@ -640,7 +640,7 @@ setgid_group = postdrop # html_directory: The location of the Postfix HTML documentation. # -html_directory = /usr/share/doc/postfix-2.10.2/html +html_directory = /usr/share/doc/postfix-2.10.3/html # manpage_directory: The location of the Postfix on-line manual pages. # @@ -653,7 +653,7 @@ sample_directory = /etc/postfix # readme_directory: The location of the Postfix README files. # -readme_directory = /usr/share/doc/postfix-2.10.2/readme +readme_directory = /usr/share/doc/postfix-2.10.3/readme home_mailbox = .maildir/ broken_sasl_auth_clients = yes diff --git a/profile.env b/profile.env index 3604cab..6ce9298 100644 --- a/profile.env +++ b/profile.env @@ -9,19 +9,19 @@ export GCC_SPECS='' export GUILE_LOAD_PATH='/usr/share/guile/1.8' export HG='/usr/bin/hg' export INFOPATH='/usr/share/info:/usr/share/gcc-data/x86_64-pc-linux-gnu/4.7.3/info:/usr/share/binutils-data/x86_64-pc-linux-gnu/2.23.2/info' -export LANG='de_DE.UTF-8' -export LC_ADDRESS='de_DE.utf8' -export LC_COLLATE='de_DE.utf8' -export LC_CTYPE='de_DE.utf8' -export LC_IDENTIFICATION='de_DE.utf8' -export LC_MEASUREMENT='de_DE.utf8' -export LC_MESSAGES='de_DE.utf8' -export LC_MONETARY='de_DE.utf8' -export LC_NAME='de_DE.utf8' -export LC_NUMERIC='de_DE.utf8' -export LC_PAPER='de_DE.utf8' -export LC_TELEPHONE='de_DE.utf8' -export LC_TIME='de_DE.utf8' +export LANG='en_US.UTF-8' +export LC_ADDRESS='en_US.utf8' +export LC_COLLATE='en_US.utf8' +export LC_CTYPE='en_US.utf8' +export LC_IDENTIFICATION='en_US.utf8' +export LC_MEASUREMENT='en_US.utf8' +export LC_MESSAGES='en_US.utf8' +export LC_MONETARY='en_US.utf8' +export LC_NAME='en_US.utf8' +export LC_NUMERIC='en_US.utf8' +export LC_PAPER='en_US.utf8' +export LC_TELEPHONE='en_US.utf8' +export LC_TIME='en_US.utf8' export LESS='-R -M --shift 5' export LESSOPEN='|lesspipe %s' export MANPATH='/usr/local/share/man:/usr/share/man:/usr/share/gcc-data/x86_64-pc-linux-gnu/4.7.3/man:/usr/share/binutils-data/x86_64-pc-linux-gnu/2.23.2/man:/etc/java-config-2/current-system-vm/man/:/usr/lib64/php5.3/man/:/usr/lib64/php5.5/man/:/usr/share/postgresql/man/:/usr/share/postgresql-9.3/man/' diff --git a/ssh/ssh_host_ed25519_key b/ssh/ssh_host_ed25519_key new file mode 100644 index 0000000..ccfb7b5 --- /dev/null +++ b/ssh/ssh_host_ed25519_key @@ -0,0 +1,7 @@ +-----BEGIN OPENSSH PRIVATE KEY----- +b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW +QyNTUxOQAAACCghQiD0zcCfpRlaOv7XFKCSuhPmI6+5HMtmhw6Qbso4AAAAJCKc6PbinOj +2wAAAAtzc2gtZWQyNTUxOQAAACCghQiD0zcCfpRlaOv7XFKCSuhPmI6+5HMtmhw6Qbso4A +AAAECk9Ixsrc/yV2TYlS9dX5YZoMSAlKMtYKuMQ6iQDTj5SqCFCIPTNwJ+lGVo6/tcUoJK +6E+Yjr7kcy2aHDpBuyjgAAAACXJvb3RAdWh1MQECAwQ= +-----END OPENSSH PRIVATE KEY----- diff --git a/ssh/ssh_host_ed25519_key.pub b/ssh/ssh_host_ed25519_key.pub new file mode 100644 index 0000000..c8dcb83 --- /dev/null +++ b/ssh/ssh_host_ed25519_key.pub @@ -0,0 +1 @@ +ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKCFCIPTNwJ+lGVo6/tcUoJK6E+Yjr7kcy2aHDpBuyjg root@uhu1 diff --git a/ssh/sshd_config b/ssh/sshd_config index 6401926..c7c3f62 100644 --- a/ssh/sshd_config +++ b/ssh/sshd_config @@ -24,6 +24,7 @@ #HostKey /etc/ssh/ssh_host_rsa_key #HostKey /etc/ssh/ssh_host_dsa_key #HostKey /etc/ssh/ssh_host_ecdsa_key +#HostKey /etc/ssh/ssh_host_ed25519_key # "key type names" for X.509 certificates with RSA key # Note first defined is used in signature operations! @@ -153,8 +154,8 @@ PasswordAuthentication no #GSSAPICleanupCredentials yes #GSSAPIStrictAcceptorCheck yes -# Set this to 'yes' to enable PAM authentication, account processing, -# and session processing. If this is enabled, PAM authentication will +# Set this to 'yes' to enable PAM authentication, account processing, +# and session processing. If this is enabled, PAM authentication will # be allowed through the ChallengeResponseAuthentication and # PasswordAuthentication. Depending on your PAM configuration, # PAM authentication via ChallengeResponseAuthentication may bypass @@ -170,6 +171,7 @@ UsePAM yes #X11Forwarding no #X11DisplayOffset 10 #X11UseLocalhost yes +#PermitTTY yes PrintMotd no PrintLastLog no #TCPKeepAlive yes @@ -213,6 +215,7 @@ Subsystem sftp /usr/lib64/misc/sftp-server #Match User anoncvs # X11Forwarding no # AllowTcpForwarding no +# PermitTTY no # ForceCommand cvs server # Allow client to pass locale environment variables #367017 diff --git a/ssl/certs/4597689c.0 b/ssl/certs/4597689c.0 deleted file mode 120000 index 9dbdcda..0000000 --- a/ssl/certs/4597689c.0 +++ /dev/null @@ -1 +0,0 @@ -Equifax_Secure_eBusiness_CA_2.pem \ No newline at end of file diff --git a/ssl/certs/656b3e35.0 b/ssl/certs/656b3e35.0 deleted file mode 120000 index e375f5a..0000000 --- a/ssl/certs/656b3e35.0 +++ /dev/null @@ -1 +0,0 @@ -ca.pem \ No newline at end of file diff --git a/ssl/certs/9818ca0b.0 b/ssl/certs/9818ca0b.0 deleted file mode 120000 index 7571d9b..0000000 --- a/ssl/certs/9818ca0b.0 +++ /dev/null @@ -1 +0,0 @@ -TC_TrustCenter_Universal_CA_III.pem \ No newline at end of file diff --git a/ssl/certs/b097d71d.0 b/ssl/certs/b097d71d.0 deleted file mode 120000 index ddcc2c5..0000000 --- a/ssl/certs/b097d71d.0 +++ /dev/null @@ -1 +0,0 @@ -spi-ca-2003.pem \ No newline at end of file diff --git a/udev/hwdb.bin b/udev/hwdb.bin index d4bafb1..d443d81 100644 Binary files a/udev/hwdb.bin and b/udev/hwdb.bin differ