From: Frank Brehm Date: Tue, 23 Feb 2016 16:22:04 +0000 (+0100) Subject: Current state X-Git-Url: https://git.uhu-banane.net/?a=commitdiff_plain;h=48f41f7f216ca795838c4ad598f0d662437fa16b;p=config%2Fns3%2Fetc.git Current state --- diff --git a/aliases b/aliases index 93a3249..a0f99a5 100644 --- a/aliases +++ b/aliases @@ -1,2 +1,49 @@ # See man 5 aliases for format -postmaster: root +MAILER-DAEMON: postmaster +postmaster: root +root: frank + +# General redirections for pseudo accounts. +adm: root +bin: root +daemon: root +exim: root +lp: root +mail: root +named: root +nobody: root +postfix: root + +# Well-known aliases -- these should be filled in! +# root: +# operator: + +# Standard RFC2142 aliases +abuse: postmaster +ftp: root +hostmaster: root +news: usenet +noc: root +security: root +usenet: root +uucp: root +webmaster: root +www: webmaster + +# trap decode to catch security attacks +# decode: /dev/null + +# Persönliche Aliase + +# Frank Brehm +frank: frank@brehm-online.com +fbr: frank +brehm: frank +fbrehm: frank +f.brehm: frank +f-brehm: frank +frank.brehm: frank +frank-brehm: frank + + + diff --git a/aliases.db b/aliases.db index f4498e9..049d727 100644 Binary files a/aliases.db and b/aliases.db differ diff --git a/alternatives/Mail b/alternatives/Mail new file mode 120000 index 0000000..3d47966 --- /dev/null +++ b/alternatives/Mail @@ -0,0 +1 @@ +/usr/bin/heirloom-mailx \ No newline at end of file diff --git a/alternatives/Mail.1.gz b/alternatives/Mail.1.gz new file mode 120000 index 0000000..1917ecf --- /dev/null +++ b/alternatives/Mail.1.gz @@ -0,0 +1 @@ +/usr/share/man/man1/heirloom-mailx.1.gz \ No newline at end of file diff --git a/alternatives/editor b/alternatives/editor index 7a06612..1d112da 120000 --- a/alternatives/editor +++ b/alternatives/editor @@ -1 +1 @@ -/bin/nano \ No newline at end of file +/usr/bin/vim.basic \ No newline at end of file diff --git a/alternatives/editor.1.gz b/alternatives/editor.1.gz index bb2d082..e02a6af 120000 --- a/alternatives/editor.1.gz +++ b/alternatives/editor.1.gz @@ -1 +1 @@ -/usr/share/man/man1/nano.1.gz \ No newline at end of file +/usr/share/man/man1/vim.1.gz \ No newline at end of file diff --git a/alternatives/editor.fr.1.gz b/alternatives/editor.fr.1.gz new file mode 120000 index 0000000..af52858 --- /dev/null +++ b/alternatives/editor.fr.1.gz @@ -0,0 +1 @@ +/usr/share/man/fr/man1/vim.1.gz \ No newline at end of file diff --git a/alternatives/editor.it.1.gz b/alternatives/editor.it.1.gz new file mode 120000 index 0000000..4498a3d --- /dev/null +++ b/alternatives/editor.it.1.gz @@ -0,0 +1 @@ +/usr/share/man/it/man1/vim.1.gz \ No newline at end of file diff --git a/alternatives/editor.ja.1.gz b/alternatives/editor.ja.1.gz new file mode 120000 index 0000000..071acfb --- /dev/null +++ b/alternatives/editor.ja.1.gz @@ -0,0 +1 @@ +/usr/share/man/ja/man1/vim.1.gz \ No newline at end of file diff --git a/alternatives/editor.pl.1.gz b/alternatives/editor.pl.1.gz new file mode 120000 index 0000000..345590a --- /dev/null +++ b/alternatives/editor.pl.1.gz @@ -0,0 +1 @@ +/usr/share/man/pl/man1/vim.1.gz \ No newline at end of file diff --git a/alternatives/editor.ru.1.gz b/alternatives/editor.ru.1.gz new file mode 120000 index 0000000..ea9aa16 --- /dev/null +++ b/alternatives/editor.ru.1.gz @@ -0,0 +1 @@ +/usr/share/man/ru/man1/vim.1.gz \ No newline at end of file diff --git a/alternatives/figlet b/alternatives/figlet new file mode 120000 index 0000000..28ec836 --- /dev/null +++ b/alternatives/figlet @@ -0,0 +1 @@ +/usr/bin/figlet-figlet \ No newline at end of file diff --git a/alternatives/figlet.6.gz b/alternatives/figlet.6.gz new file mode 120000 index 0000000..550fbfc --- /dev/null +++ b/alternatives/figlet.6.gz @@ -0,0 +1 @@ +/usr/share/man/man6/figlet-figlet.6.gz \ No newline at end of file diff --git a/alternatives/mail b/alternatives/mail new file mode 120000 index 0000000..3d47966 --- /dev/null +++ b/alternatives/mail @@ -0,0 +1 @@ +/usr/bin/heirloom-mailx \ No newline at end of file diff --git a/alternatives/mail.1.gz b/alternatives/mail.1.gz new file mode 120000 index 0000000..1917ecf --- /dev/null +++ b/alternatives/mail.1.gz @@ -0,0 +1 @@ +/usr/share/man/man1/heirloom-mailx.1.gz \ No newline at end of file diff --git a/alternatives/mailx b/alternatives/mailx new file mode 120000 index 0000000..3d47966 --- /dev/null +++ b/alternatives/mailx @@ -0,0 +1 @@ +/usr/bin/heirloom-mailx \ No newline at end of file diff --git a/alternatives/mailx.1.gz b/alternatives/mailx.1.gz new file mode 120000 index 0000000..1917ecf --- /dev/null +++ b/alternatives/mailx.1.gz @@ -0,0 +1 @@ +/usr/share/man/man1/heirloom-mailx.1.gz \ No newline at end of file diff --git a/default/haveged b/default/haveged new file mode 100644 index 0000000..77b6941 --- /dev/null +++ b/default/haveged @@ -0,0 +1,5 @@ +# Configuration file for haveged + +# Options to pass to haveged: +# -w sets low entropy watermark (in bits) +DAEMON_ARGS="-w 1024" diff --git a/dhcp/dhclient-enter-hooks.d/nodnsupdate b/dhcp/dhclient-enter-hooks.d/nodnsupdate new file mode 100644 index 0000000..9f5c98d --- /dev/null +++ b/dhcp/dhclient-enter-hooks.d/nodnsupdate @@ -0,0 +1,6 @@ +#!/bin/sh + +# Don't overwrite /etc/resolv.conf +make_resolv_conf() { + : +} diff --git a/init.d/haveged b/init.d/haveged new file mode 100755 index 0000000..e03a517 --- /dev/null +++ b/init.d/haveged @@ -0,0 +1,100 @@ +#! /bin/sh +### BEGIN INIT INFO +# Provides: haveged +# Required-Start: $remote_fs +# Required-Stop: $remote_fs +# Should-Start: $syslog +# Should-Stop: $syslog +# Default-Start: 2 3 4 5 +# Default-Stop: 0 1 6 +# Short-Description: Entropy daemon using the HAVEGE algorithm +# Description: haveged uses HAVEGE (HArdware Volatile Entropy Gathering +# and Expansion) to maintain a pool of random bytes used +# to fill /dev/random whenever necessary. +### END INIT INFO + +# Do NOT "set -e" + +PATH=/sbin:/usr/sbin:/bin:/usr/bin +DESC="entropy daemon" +NAME=haveged +DAEMON=/usr/sbin/$NAME +DAEMON_ARGS="" +PIDFILE=/var/run/$NAME.pid +SCRIPTNAME=/etc/init.d/$NAME + +# Exit if the package is not installed +[ -x "$DAEMON" ] || exit 0 + +# Read configuration variable file if it is present +[ -r /etc/default/$NAME ] && . /etc/default/$NAME + +# Load the VERBOSE setting and other rcS variables +. /lib/init/vars.sh + +# Define LSB log_* functions. +. /lib/lsb/init-functions + +do_start() +{ + start-stop-daemon --start --quiet --pidfile $PIDFILE --exec $DAEMON --test > /dev/null \ + || return 1 + start-stop-daemon --start --quiet --pidfile $PIDFILE --exec $DAEMON -- \ + $DAEMON_ARGS \ + || return 2 +} + +do_stop() +{ + start-stop-daemon --stop --quiet --retry=TERM/30/KILL/5 --pidfile $PIDFILE --name $NAME + RETVAL="$?" + [ "$RETVAL" = 2 ] && return 2 + rm -f $PIDFILE + return "$RETVAL" +} + +case "$1" in + start) + [ "$VERBOSE" != no ] && log_daemon_msg "Starting $DESC" "$NAME" + do_start + case "$?" in + 0|1) [ "$VERBOSE" != no ] && log_end_msg 0 ;; + 2) [ "$VERBOSE" != no ] && log_end_msg 1 ;; + esac + ;; + stop) + [ "$VERBOSE" != no ] && log_daemon_msg "Stopping $DESC" "$NAME" + do_stop + case "$?" in + 0|1) [ "$VERBOSE" != no ] && log_end_msg 0 ;; + 2) [ "$VERBOSE" != no ] && log_end_msg 1 ;; + esac + ;; + status) + status_of_proc "$DAEMON" "$NAME" && exit 0 || exit $? + ;; + restart|force-reload) + log_daemon_msg "Restarting $DESC" "$NAME" + do_stop + case "$?" in + 0|1) + do_start + case "$?" in + 0) log_end_msg 0 ;; + 1) log_end_msg 1 ;; # Old process is still running + *) log_end_msg 1 ;; # Failed to start + esac + ;; + *) + # Failed to stop + log_end_msg 1 + ;; + esac + ;; + *) + echo "Usage: $SCRIPTNAME {start|stop|status|restart|force-reload}" >&2 + exit 3 + ;; +esac + +: diff --git a/motd.tail b/motd.tail new file mode 100644 index 0000000..11f994a --- /dev/null +++ b/motd.tail @@ -0,0 +1,6 @@ + _ _ _____ +| \ | |___|___ / +| \| / __| |_ \ +| |\ \__ \___) | +|_| \_|___/____/ + diff --git a/nail.rc b/nail.rc new file mode 100644 index 0000000..c74862c --- /dev/null +++ b/nail.rc @@ -0,0 +1,66 @@ +# This is the configuration file for Heirloom mailx (formerly +# known under the name "nail". +# See mailx(1) for further options. +# This file is not overwritten when 'make install' is run in +# the mailx build process again. + +# Sccsid @(#)nail.rc 2.11 (gritter) 8/2/08 + +# Do not forward to mbox by default since this is likely to be +# irritating for most users today. +set hold + +# Append rather than prepend when writing to mbox automatically. +# This has no effect unless 'hold' is unset again. +set append + +# Ask for a message subject. +set ask + +# Assume a CRT-like terminal and invoke a pager. +set crt + +# Messages may be terminated by a dot. +set dot + +# Do not remove empty mail folders in the spool directory. +# This may be relevant for privacy since other users could +# otherwise create them with different permissions. +set keep + +# Do not remove empty private mail folders. +set emptybox + +# Quote the original message in replies by "> " as usual on the Internet. +set indentprefix="> " + +# Automatically quote the text of the message that is responded to. +set quote + +# Outgoing messages are sent in ISO-8859-1 if all their characters are +# representable in it, otherwise in UTF-8. +set sendcharsets=iso-8859-1,utf-8 + +# Display sender's real names in header summaries. +set showname + +# Display the recipients of messages sent by the user himself in +# header summaries. +set showto + +# Automatically check for new messages at each prompt, but avoid polling +# of IMAP servers or maildir folders. +set newmail=nopoll + +# If threaded mode is activated, automatically collapse thread. +set autocollapse + +# Mark messages that have been answered. +set markanswered + +# Hide some header fields which are uninteresting for most human readers. +ignore received in-reply-to message-id references +ignore mime-version content-transfer-encoding + +# Only include selected header fields when forwarding messages. +fwdretain subject date from to diff --git a/postfix/main.cf b/postfix/main.cf index 88d36ac..9c72183 100644 --- a/postfix/main.cf +++ b/postfix/main.cf @@ -10,7 +10,7 @@ smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU) biff = no # appending .domain is the MUA's job. -append_dot_mydomain = no +append_dot_mydomain = yes # Uncomment the next line to generate "delayed mail" warnings #delay_warning_time = 4h @@ -18,8 +18,8 @@ append_dot_mydomain = no readme_directory = no # TLS parameters -smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem -smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key +smtpd_tls_cert_file = /etc/postfix/postfix.pem +smtpd_tls_key_file = /etc/postfix/postfix.pem smtpd_use_tls=yes smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache @@ -28,14 +28,30 @@ smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache # information on enabling SSL in the smtp client. smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination -myhostname = ns3.gridserver.io +myhostname = ns3.uhu-banane.de alias_maps = hash:/etc/aliases alias_database = hash:/etc/aliases myorigin = /etc/mailname -mydestination = ns3.uhu-banane.de, ns3.gridserver.io, localhost.gridserver.io, localhost -relayhost = mail.brehm-online.com -mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 +mydestination = ns3.uhu-banane.de, ns3.brehm-online.com, localhost.uhu-banane.de, localhost +relayhost = [mail.brehm-online.com] +mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 185.102.95.107/32 2a06:2380:0:1::3a/128 mailbox_command = procmail -a "$EXTENSION" mailbox_size_limit = 0 recipient_delimiter = + -inet_interfaces = loopback-only +# inet_interfaces = loopback-only +inet_protocols = all +mydomain = uhu-banane.de +smtp_sasl_auth_enable = yes +smtp_sasl_password_maps = hash:/etc/postfix/smtp_auth +smtp_sasl_security_options = noanonymous +smtp_tls_cert_file = /etc/postfix/postfix.pem +smtp_tls_enforce_peername = no +smtp_tls_key_file = /etc/postfix/postfix.pem +smtp_use_tls = yes +smtpd_sasl_auth_enable = yes +smtpd_sasl_local_domain = $myhostname +smtpd_sasl_security_options = noanonymous +smtpd_tls_loglevel = 1 +smtpd_tls_received_header = yes +smtpd_tls_session_cache_timeout = 3600s +unknown_local_recipient_reject_code = 550 diff --git a/postfix/mkpostfixcert b/postfix/mkpostfixcert new file mode 100755 index 0000000..9a2522b --- /dev/null +++ b/postfix/mkpostfixcert @@ -0,0 +1,40 @@ +#! /bin/sh +# +# This is a short script to quickly generate a self-signed X.509 key for +# Postfix over SSL. Normally this script would get called by an automatic +# package installation routine. + +test -x /usr/bin/openssl || exit 0 + +prefix="/usr" +pemfile="/etc/postfix/postfix.pem" +randfile="/etc/postfix/postfix.rand" +conffile="/etc/postfix/postfix-cert.cnf" + +if [ -f $pemfile ]; then + echo "$pemfile already exists." + exit 1 +fi + +if [ ! -f $conffile ] ; then + echo "$conffile does not exists!" + exit 2 +fi + +cp /dev/null $pemfile +chmod 600 $pemfile +chown root $pemfile + +cleanup() { + rm -f $pemfile + rm -f $randfile + exit 1 +} + +dd if=/dev/urandom of=$randfile count=1 2>/dev/null +/usr/bin/openssl req -new -x509 -days 3650 -nodes \ + -config $conffile -out $pemfile -keyout $pemfile || cleanup +/usr/bin/openssl gendh -rand $randfile 512 >> $pemfile || cleanup +/usr/bin/openssl x509 -subject -dates -fingerprint -noout -in $pemfile || cleanup +rm -f $randfile + diff --git a/postfix/postfix-cert.cnf b/postfix/postfix-cert.cnf new file mode 100644 index 0000000..c0f0cfc --- /dev/null +++ b/postfix/postfix-cert.cnf @@ -0,0 +1,23 @@ + +RANDFILE = /usr/share/postfix.rand + +[ req ] +default_bits = 1024 +encrypt_key = yes +distinguished_name = req_dn +x509_extensions = cert_type +prompt = no + +[ req_dn ] +C=DE +ST=Berlin +L=Berlin +O=Frank Brehm +OU=Mail Server Postfix SSL key +CN=ns3.uhu-banane.de +emailAddress=postmaster@brehm-online.com + + +[ cert_type ] +nsCertType = server + diff --git a/postfix/postfix.pem b/postfix/postfix.pem new file mode 100644 index 0000000..50075a9 --- /dev/null +++ b/postfix/postfix.pem @@ -0,0 +1,38 @@ +-----BEGIN PRIVATE KEY----- +MIICeAIBADANBgkqhkiG9w0BAQEFAASCAmIwggJeAgEAAoGBAMKacWkkXUoNw8me +nKBn7yta5j1hIihGkodHInxWm/NrcseF/kIke8Q8mIokaloIfhl8mLkMXkluifya +sC7k3BbI8UGkfU0B9Q+xDr1LftYdPTouLTt/ViRwtvnIKZRmwA9qp4DADzM6v1ZU +KTolcqOAoYTLi/jqeLEaxCQtIxwVAgMBAAECgYEAsQTKS0k/7yAMTDgS47sHjZmX +PJhB+P8RRSsJDK/AFrJT63lQqxwC1aQFYgv0DkgRZN+5EQNWNVfu/zA7Ob0HEcDP +McmVfdS+E3g21t7+oIHAouoeQSoI1IKsSPIpBowdgCnaSosn/gugLu7nkVB9hHTc +90DDlE3ayY7x6aZ+WdUCQQDgHJC6eGFRHeIJjm+LbkbT57mpSlRMcaJDlr1typ6d +NFGhG3BrEv/Y+Ksw15f4VWPAUnNmpXtlM/g8dsBomaWfAkEA3ksECc/76LekAqhX +uN6mbkFNrkyQxaXMMql8KK/aAvwzltJjeHCzurDzQk/6snI9kFYXwUqO6iOp2BLb +X3fZywJBALnqGIoIWTrwnlYtKg2yAuHBpvxwY/QyhFirkSOmZeSlxV3wJFc/IK1+ +xI01HKXvOFwQShmKCA6RiUmnfcCITaMCQC6vipWU/M8PYn68ZFALUuDtDieBJRad +j5lERzM0W5Es7pjKbuGoqdaXuz8+FOTNYWii7DJIOmOqQc2DiFcwkKkCQQDfHrGW +dPsJoELtiUi6vO874/JH2xkmocDo7V6JvYWwPZE27ElDqwpizVzaM9oJUL9Ljm1r +LREfGAWKHFWqY7eR +-----END PRIVATE KEY----- +-----BEGIN CERTIFICATE----- +MIIC+zCCAmSgAwIBAgIJANcwFtzgJkZ4MA0GCSqGSIb3DQEBCwUAMIGzMQswCQYD +VQQGEwJERTEPMA0GA1UECAwGQmVybGluMQ8wDQYDVQQHDAZCZXJsaW4xFDASBgNV +BAoMC0ZyYW5rIEJyZWhtMSQwIgYDVQQLDBtNYWlsIFNlcnZlciBQb3N0Zml4IFNT +TCBrZXkxGjAYBgNVBAMMEW5zMy51aHUtYmFuYW5lLmRlMSowKAYJKoZIhvcNAQkB +Fhtwb3N0bWFzdGVyQGJyZWhtLW9ubGluZS5jb20wHhcNMTYwMjIzMTQxMjA1WhcN +MjYwMjIwMTQxMjA1WjCBszELMAkGA1UEBhMCREUxDzANBgNVBAgMBkJlcmxpbjEP +MA0GA1UEBwwGQmVybGluMRQwEgYDVQQKDAtGcmFuayBCcmVobTEkMCIGA1UECwwb +TWFpbCBTZXJ2ZXIgUG9zdGZpeCBTU0wga2V5MRowGAYDVQQDDBFuczMudWh1LWJh +bmFuZS5kZTEqMCgGCSqGSIb3DQEJARYbcG9zdG1hc3RlckBicmVobS1vbmxpbmUu +Y29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDCmnFpJF1KDcPJnpygZ+8r +WuY9YSIoRpKHRyJ8Vpvza3LHhf5CJHvEPJiKJGpaCH4ZfJi5DF5Jbon8mrAu5NwW +yPFBpH1NAfUPsQ69S37WHT06Li07f1YkcLb5yCmUZsAPaqeAwA8zOr9WVCk6JXKj +gKGEy4v46nixGsQkLSMcFQIDAQABoxUwEzARBglghkgBhvhCAQEEBAMCBkAwDQYJ +KoZIhvcNAQELBQADgYEAJQxNsyzNw34aE/kiIAJuumRPyRacICQkv1CQWU2yqcbk +b2ALb7HMY/Lb1VLKumIwQ5VSvlVF/581FI1a2jrUr9P3g48hbRtvgkdE6b2WSO8c +EQHbRlh+NxFImjNfymTf+lMUhdHMQEtBV8aPpKuKTmoDC8luS937d3zT0Sq3JR8= +-----END CERTIFICATE----- +-----BEGIN DH PARAMETERS----- +MEYCQQCNGvWurAMo3wZ1Ct3yZhQGWz3dHN2RRebBp7BbBNMt0Bk6tSnR7DNgDsxz +uBLV0cJAaqK9ocL0vA/z23fv8kHTAgEC +-----END DH PARAMETERS----- diff --git a/postfix/smtp_auth b/postfix/smtp_auth new file mode 100644 index 0000000..8d104f5 --- /dev/null +++ b/postfix/smtp_auth @@ -0,0 +1,2 @@ +mail.brehm-online.com vmail:uhu +helga-six.brehm-online.com vmail:uhu diff --git a/postfix/smtp_auth.db b/postfix/smtp_auth.db new file mode 100644 index 0000000..76e88dc Binary files /dev/null and b/postfix/smtp_auth.db differ diff --git a/rc0.d/K01haveged b/rc0.d/K01haveged new file mode 120000 index 0000000..52dc0e1 --- /dev/null +++ b/rc0.d/K01haveged @@ -0,0 +1 @@ +../init.d/haveged \ No newline at end of file diff --git a/rc1.d/K01haveged b/rc1.d/K01haveged new file mode 120000 index 0000000..52dc0e1 --- /dev/null +++ b/rc1.d/K01haveged @@ -0,0 +1 @@ +../init.d/haveged \ No newline at end of file diff --git a/rc2.d/S02haveged b/rc2.d/S02haveged new file mode 120000 index 0000000..52dc0e1 --- /dev/null +++ b/rc2.d/S02haveged @@ -0,0 +1 @@ +../init.d/haveged \ No newline at end of file diff --git a/rc3.d/S02haveged b/rc3.d/S02haveged new file mode 120000 index 0000000..52dc0e1 --- /dev/null +++ b/rc3.d/S02haveged @@ -0,0 +1 @@ +../init.d/haveged \ No newline at end of file diff --git a/rc4.d/S02haveged b/rc4.d/S02haveged new file mode 120000 index 0000000..52dc0e1 --- /dev/null +++ b/rc4.d/S02haveged @@ -0,0 +1 @@ +../init.d/haveged \ No newline at end of file diff --git a/rc5.d/S02haveged b/rc5.d/S02haveged new file mode 120000 index 0000000..52dc0e1 --- /dev/null +++ b/rc5.d/S02haveged @@ -0,0 +1 @@ +../init.d/haveged \ No newline at end of file diff --git a/rc6.d/K01haveged b/rc6.d/K01haveged new file mode 120000 index 0000000..52dc0e1 --- /dev/null +++ b/rc6.d/K01haveged @@ -0,0 +1 @@ +../init.d/haveged \ No newline at end of file diff --git a/systemd/system/default.target.wants/haveged.service b/systemd/system/default.target.wants/haveged.service new file mode 120000 index 0000000..caa7bd7 --- /dev/null +++ b/systemd/system/default.target.wants/haveged.service @@ -0,0 +1 @@ +/lib/systemd/system/haveged.service \ No newline at end of file