From: Frank Brehm Date: Wed, 14 Aug 2013 20:21:48 +0000 (+0200) Subject: Current state X-Git-Url: https://git.uhu-banane.net/?a=commitdiff_plain;h=c93fc49cba9715a772377a066aec17671e059050;p=config%2Fuhu1%2Fetc.git Current state --- diff --git a/.etckeeper b/.etckeeper index 470b1be..9474414 100755 --- a/.etckeeper +++ b/.etckeeper @@ -225,6 +225,8 @@ maybe chmod 0644 './config-archive/etc/ImageMagick/policy.xml.1' maybe chmod 0644 './config-archive/etc/ImageMagick/policy.xml.dist' maybe chmod 0644 './config-archive/etc/ImageMagick/type-ghostscript.xml' maybe chmod 0644 './config-archive/etc/ImageMagick/type-ghostscript.xml.dist' +maybe chmod 0600 './config-archive/etc/aiccu.conf' +maybe chmod 0600 './config-archive/etc/aiccu.conf.dist.new' maybe chmod 0640 './config-archive/etc/amavisd.conf' maybe chmod 0640 './config-archive/etc/amavisd.conf.dist' maybe chmod 0755 './config-archive/etc/apache2' @@ -232,6 +234,7 @@ maybe chmod 0755 './config-archive/etc/apache2/modules.d' maybe chmod 0644 './config-archive/etc/apache2/modules.d/00_apache_manual.conf' maybe chmod 0644 './config-archive/etc/apache2/modules.d/00_apache_manual.conf.1' maybe chmod 0644 './config-archive/etc/apache2/modules.d/00_apache_manual.conf.2' +maybe chmod 0644 './config-archive/etc/apache2/modules.d/00_apache_manual.conf.3' maybe chmod 0644 './config-archive/etc/apache2/modules.d/00_apache_manual.conf.dist' maybe chmod 0755 './config-archive/etc/bash' maybe chmod 0644 './config-archive/etc/bash/bashrc' @@ -362,7 +365,9 @@ maybe chmod 0755 './config-archive/etc/logrotate.d' maybe chmod 0644 './config-archive/etc/logrotate.d/clamav' maybe chmod 0644 './config-archive/etc/logrotate.d/clamav.dist' maybe chmod 0644 './config-archive/etc/logrotate.d/ulogd' +maybe chmod 0644 './config-archive/etc/logrotate.d/ulogd.1' maybe chmod 0644 './config-archive/etc/logrotate.d/ulogd.dist' +maybe chmod 0644 './config-archive/etc/logrotate.d/ulogd.dist.new' maybe chmod 0755 './config-archive/etc/lvm' maybe chmod 0644 './config-archive/etc/lvm/lvm.conf' maybe chmod 0644 './config-archive/etc/lvm/lvm.conf.dist' @@ -522,6 +527,7 @@ maybe chmod 0644 './config-archive/etc/postfix/main.cf.1' maybe chmod 0644 './config-archive/etc/postfix/main.cf.2' maybe chmod 0644 './config-archive/etc/postfix/main.cf.3' maybe chmod 0644 './config-archive/etc/postfix/main.cf.4' +maybe chmod 0644 './config-archive/etc/postfix/main.cf.5' maybe chmod 0644 './config-archive/etc/postfix/main.cf.dist' maybe chmod 0644 './config-archive/etc/profile' maybe chmod 0644 './config-archive/etc/profile.dist' @@ -541,10 +547,14 @@ maybe chmod 0644 './config-archive/etc/ssh/ssh_config.dist' maybe chmod 0600 './config-archive/etc/ssh/sshd_config' maybe chmod 0600 './config-archive/etc/ssh/sshd_config.1' maybe chmod 0600 './config-archive/etc/ssh/sshd_config.dist' +maybe chmod 0755 './config-archive/etc/stunnel' +maybe chmod 0644 './config-archive/etc/stunnel/stunnel.conf' +maybe chmod 0644 './config-archive/etc/stunnel/stunnel.conf.dist.new' maybe chmod 0440 './config-archive/etc/sudoers' maybe chmod 0440 './config-archive/etc/sudoers.dist.new' maybe chmod 0755 './config-archive/etc/syslog-ng' maybe chmod 0644 './config-archive/etc/syslog-ng/syslog-ng.conf' +maybe chmod 0644 './config-archive/etc/syslog-ng/syslog-ng.conf.1' maybe chmod 0644 './config-archive/etc/syslog-ng/syslog-ng.conf.dist.new' maybe chmod 0644 './config-archive/etc/sysstat' maybe chmod 0644 './config-archive/etc/sysstat.dist' @@ -726,6 +736,7 @@ maybe chmod 0644 './env.d/60python-docs-3.2' maybe chmod 0644 './env.d/70less' maybe chmod 0644 './env.d/80mercurial' maybe chmod 0644 './env.d/80subversion-extras' +maybe chmod 0644 './env.d/90nss' maybe chmod 0644 './env.d/90xdg-data-base' maybe chmod 0644 './env.d/98ca-certificates' maybe chmod 0644 './env.d/98texlive' @@ -733,7 +744,7 @@ maybe chmod 0644 './env.d/99editor' maybe chmod 0644 './env.d/99gentoolkit-env' maybe chmod 0755 './env.d/binutils' maybe chmod 0644 './env.d/binutils/config-x86_64-pc-linux-gnu' -maybe chmod 0644 './env.d/binutils/x86_64-pc-linux-gnu-2.22' +maybe chmod 0644 './env.d/binutils/x86_64-pc-linux-gnu-2.23.1' maybe chmod 0755 './env.d/gcc' maybe chmod 0644 './env.d/gcc/config-x86_64-pc-linux-gnu' maybe chmod 0644 './env.d/gcc/x86_64-pc-linux-gnu-4.6.3' @@ -762,6 +773,7 @@ maybe chmod 0755 './etckeeper/commit.d/30darcs-add' maybe chmod 0755 './etckeeper/commit.d/30git-add' maybe chmod 0755 './etckeeper/commit.d/30hg-addremove' maybe chmod 0755 './etckeeper/commit.d/50vcs-commit' +maybe chmod 0755 './etckeeper/commit.d/99push' maybe chmod 0644 './etckeeper/commit.d/README' maybe chmod 0644 './etckeeper/etckeeper.conf' maybe chmod 0755 './etckeeper/init.d' @@ -964,8 +976,6 @@ maybe chmod 0755 './init.d/reboot.sh' maybe chmod 0755 './init.d/root' maybe chmod 0755 './init.d/rpc.rquotad' maybe chmod 0755 './init.d/rsyncd' -maybe chmod 0755 './init.d/salt.master' -maybe chmod 0755 './init.d/salt.minion' maybe chmod 0755 './init.d/samba' maybe chmod 0755 './init.d/saslauthd' maybe chmod 0755 './init.d/savecache' @@ -1442,8 +1452,6 @@ maybe chmod 0755 './runlevels/shutdown' maybe chmod 0755 './runlevels/sysinit' maybe chmod 0755 './salt' maybe chmod 0644 './salt/master' -maybe chmod 0644 './salt/master.template' -maybe chmod 0644 './salt/minion.template' maybe chmod 0700 './salt/pki' maybe chmod 0400 './salt/pki/master.pem' maybe chmod 0644 './salt/pki/master.pub' @@ -1505,6 +1513,7 @@ maybe chmod 0644 './skel/.bashrc' maybe chmod 0700 './skel/.ssh' maybe chmod 0644 './slsh.rc' maybe chmod 0644 './smartd.conf' +maybe chmod 0755 './smartd_warning.sh' maybe chmod 0755 './snmp' maybe chmod 0644 './snmp/snmpd.conf.example' maybe chmod 0755 './ssh' @@ -1594,7 +1603,9 @@ maybe chown stunnel './stunnel/old/stunnel.pem' maybe chgrp stunnel './stunnel/old/stunnel.pem' maybe chmod 0640 './stunnel/old/stunnel.pem' maybe chmod 0644 './stunnel/stunnel.conf' -maybe chmod 0644 './stunnel/stunnel.pem' +maybe chown stunnel './stunnel/stunnel.pem' +maybe chgrp stunnel './stunnel/stunnel.pem' +maybe chmod 0640 './stunnel/stunnel.pem' maybe chmod 0440 './sudoers' maybe chmod 0750 './sudoers.d' maybe chmod 0440 './sudoers.d/50nagios-plugins' @@ -1602,7 +1613,6 @@ maybe chmod 0644 './sysctl.conf' maybe chmod 0755 './sysctl.d' maybe chmod 0644 './sysctl.d/README' maybe chmod 0755 './syslog-ng' -maybe chmod 0644 './syslog-ng/modules.conf' maybe chmod 0755 './syslog-ng/patterndb.d' maybe chmod 0644 './syslog-ng/patterndb.d/.keep_app-admin_syslog-ng-0' maybe chmod 0644 './syslog-ng/scl.conf' diff --git a/apache2/modules.d/00_apache_manual.conf b/apache2/modules.d/00_apache_manual.conf index f43bf59..33ae915 100644 --- a/apache2/modules.d/00_apache_manual.conf +++ b/apache2/modules.d/00_apache_manual.conf @@ -3,9 +3,9 @@ # The documentation is always available at # http://httpd.apache.org/docs/2.2/ -AliasMatch ^/manual(?:/(?:de|en|es|fr|ja|ko|pt-br))?(/.*)?$ "/usr/share/doc/apache-2.2.24/manual$1" +AliasMatch ^/manual(?:/(?:de|en|es|fr|ja|ko|pt-br))?(/.*)?$ "/usr/share/doc/apache-2.2.25/manual$1" - + Options Indexes AllowOverride None Order allow,deny diff --git a/conf.d/saslauthd b/conf.d/saslauthd index 3f2653c..1eeaa48 100644 --- a/conf.d/saslauthd +++ b/conf.d/saslauthd @@ -1,25 +1,21 @@ -# $Header: /var/cvsroot/gentoo-x86/dev-libs/cyrus-sasl/files/saslauthd-2.1.21.conf,v 1.2 2007/04/07 13:03:55 chtekk Exp $ +# $Header: /var/cvsroot/gentoo-x86/dev-libs/cyrus-sasl/files/saslauthd-2.1.26.conf,v 1.1 2013/07/13 12:01:10 pacho Exp $ -# Config file for /etc/init.d/saslauthd +# Config file for /etc/init.d/saslauthd and systemd unit -# Initial (empty) options. -SASLAUTHD_OPTS="" +# PLEASE READ THIS IF YOU ARE USING SYSTEMD +# Please note that systemd does not expand shell variables +# thus, something like FOO="${FOO} bar" won't work. # Specify the authentications mechanism. # **NOTE** For a list see: saslauthd -v # Since 2.1.19, add "-r" to options for old behavior, # ie. reassemble user and realm to user@realm form. -#SASLAUTHD_OPTS="${SASLAUTHD_OPTS} -a pam -r" -SASLAUTHD_OPTS="${SASLAUTHD_OPTS} -a pam" - -# Specify the hostname for remote IMAP server. -# **NOTE** Only needed if rimap auth mechanism is used. -#SASLAUTHD_OPTS="${SASLAUTHD_OPTS} -O localhost" - -# Specify the number of worker processes to create. -#SASLAUTHD_OPTS="${SASLAUTHD_OPTS} -n 5" - -# Enable credential cache, set cache size and timeout. -# **NOTE** Size is measured in kilobytes. -# Timeout is measured in seconds. -#SASLAUTHD_OPTS="${SASLAUTHD_OPTS} -c -s 128 -t 30" +# +# Specify the hostname for remote IMAP server using: +# "-O localhost". +# Specify the number of worker processes to create using: +# "-n ". +# Enable credential cache, set cache size and timeout using: +# "-c -s -t ". +# +SASLAUTHD_OPTS="-a pam" diff --git a/conf.d/syslog-ng b/conf.d/syslog-ng index 170862f..6a437d1 100644 --- a/conf.d/syslog-ng +++ b/conf.d/syslog-ng @@ -1,5 +1,41 @@ # Config file for /etc/init.d/syslog-ng +# If you are not using network logging, this entire section should be +# commented out. Otherwise, choose one of the settings below based on +# how you are configuring your network. +# +# If you are using the net.* scripts to configure your network, you should +# set rc_need to match the interface through which your logging server +# can be reached. +#rc_need="net.eth0" +# +# If you are using an interface manager like wicd, dhcpcd in standalone +# mode, networkmanager, etc to control your interfaces, set rc_need to +# the name of that service. +# rc_need="dhcpcd" +#rc_need="networkmanager" +# +# If you are using newnet and configuring your interface statically with +# the network script, you should use this setting. +#rc_need="network" +# +# You can use this setting, but I do not recommend relying on it. +#rc_need="net" +# +# You may also want to uncomment the following if you are using network +# logging. +#rc_use="stunnel" + +# For very customized setups these variables can be adjusted as needed +# but for most situations they should remain commented: +# SYSLOG_NG_CONFIGFILE=/etc/syslog-ng/syslog-ng.conf +# SYSLOG_NG_STATEFILE_DIR=/var/lib/syslog-ng +# SYSLOG_NG_STATEFILE=${SYSLOG_NG_STATEFILE_DIR}/syslog-ng.persist +# SYSLOG_NG_PIDFILE_DIR=/var/run +# SYSLOG_NG_PIDFILE=${SYSLOG_NG_PIDFILE_DIR}/syslog-ng.pid +# SYSLOG_NG_GROUP=root +# SYSLOG_NG_USER=root + # Put any additional options for syslog-ng here. # See syslog-ng(8) for more information. diff --git a/config-archive/etc/aiccu.conf b/config-archive/etc/aiccu.conf new file mode 100644 index 0000000..86c1714 --- /dev/null +++ b/config-archive/etc/aiccu.conf @@ -0,0 +1,83 @@ +# AICCU Configuration + +# Login information (defaults: none) +#username +#password +username FBT6-SIXXS +password EMsiWgsus + +# Protocol and server to use for setting up the tunnel (defaults: none) +#protocol +#server +protocol tic +server tic.sixxs.net + +# Interface names to use (default: aiccu) +# ipv6_interface is the name of the interface that will be used as a tunnel interface. +# On *BSD the ipv6_interface should be set to gifX (eg gif0) for proto-41 tunnels +# or tunX (eg tun0) for AYIYA tunnels. +ipv6_interface sixxs + +# The tunnel_id to use (default: none) +# (only required when there are multiple tunnels in the list) +#tunnel_id Txxxx +tunnel_id T84158 + +# Be verbose? (default: false) +verbose false + +# Daemonize? (default: true) +# Set to false if you want to see any output +# When true output goes to syslog +# +# WARNING: never run AICCU from DaemonTools or a similar automated +# 'restart' tool/script. When AICCU does not start, it has a reason +# not to start which it gives on either the stdout or in the (sys)log +# file. The TIC server *will* automatically disable accounts which +# are detected to run in this mode. +# +daemonize true + +# Automatic Login and Tunnel activation? +automatic true + +# Require TLS? +# When set to true, if TLS is not supported on the server +# the TIC transaction will fail. +# When set to false, it will try a starttls, when that is +# not supported it will continue. +# In any case if AICCU is build with TLS support it will +# try to do a 'starttls' to the TIC server to see if that +# is supported. +requiretls false + +# PID File +#pidfile /var/run/aiccu.pid + +# Add a default route (default: true) +defaultroute true + +# Script to run after setting up the interfaces (default: none) +#setupscript /usr/local/etc/aiccu-subnets.sh + +# Make heartbeats (default true) +# In general you don't want to turn this off +# Of course only applies to AYIYA and heartbeat tunnels not to static ones +#makebeats true + +# Don't configure anything (default: false) +#noconfigure true + +# Behind NAT (default: false) +# Notify the user that a NAT-kind network is detected +#behindnat true + +# Local IPv4 Override (default: none) +# Overrides the IPv4 parameter received from TIC +# This allows one to configure a NAT into "DMZ" mode and then +# forwarding the proto-41 packets to an internal host. +# +# This is only needed for static proto-41 tunnels! +# AYIYA and heartbeat tunnels don't require this. +#local_ipv4_override + diff --git a/config-archive/etc/aiccu.conf.dist.new b/config-archive/etc/aiccu.conf.dist.new new file mode 100644 index 0000000..71e8c6c --- /dev/null +++ b/config-archive/etc/aiccu.conf.dist.new @@ -0,0 +1,78 @@ +# AICCU Configuration + +# Login information (defaults: none) +#username +#password + +# Protocol and server to use for setting up the tunnel (defaults: none) +#protocol +#server + +# Interface names to use (default: aiccu) +# ipv6_interface is the name of the interface that will be used as a tunnel interface. +# On *BSD the ipv6_interface should be set to gifX (eg gif0) for proto-41 tunnels +# or tunX (eg tun0) for AYIYA tunnels. +ipv6_interface sixxs + +# The tunnel_id to use (default: none) +# (only required when there are multiple tunnels in the list) +#tunnel_id Txxxx + +# Be verbose? (default: false) +verbose false + +# Daemonize? (default: true) +# Set to false if you want to see any output +# When true output goes to syslog +# +# WARNING: never run AICCU from DaemonTools or a similar automated +# 'restart' tool/script. When AICCU does not start, it has a reason +# not to start which it gives on either the stdout or in the (sys)log +# file. The TIC server *will* automatically disable accounts which +# are detected to run in this mode. +# +daemonize true + +# Automatic Login and Tunnel activation? +automatic true + +# Require TLS? +# When set to true, if TLS is not supported on the server +# the TIC transaction will fail. +# When set to false, it will try a starttls, when that is +# not supported it will continue. +# In any case if AICCU is build with TLS support it will +# try to do a 'starttls' to the TIC server to see if that +# is supported. +requiretls false + +# PID File +#pidfile /var/run/aiccu.pid + +# Add a default route (default: true) +#defaultroute true + +# Script to run after setting up the interfaces (default: none) +#setupscript /usr/local/etc/aiccu-subnets.sh + +# Make heartbeats (default true) +# In general you don't want to turn this off +# Of course only applies to AYIYA and heartbeat tunnels not to static ones +#makebeats true + +# Don't configure anything (default: false) +#noconfigure true + +# Behind NAT (default: false) +# Notify the user that a NAT-kind network is detected +#behindnat true + +# Local IPv4 Override (default: none) +# Overrides the IPv4 parameter received from TIC +# This allows one to configure a NAT into "DMZ" mode and then +# forwarding the proto-41 packets to an internal host. +# +# This is only needed for static proto-41 tunnels! +# AYIYA and heartbeat tunnels don't require this. +#local_ipv4_override + diff --git a/config-archive/etc/apache2/modules.d/00_apache_manual.conf b/config-archive/etc/apache2/modules.d/00_apache_manual.conf index 240d6b4..f43bf59 100644 --- a/config-archive/etc/apache2/modules.d/00_apache_manual.conf +++ b/config-archive/etc/apache2/modules.d/00_apache_manual.conf @@ -3,9 +3,9 @@ # The documentation is always available at # http://httpd.apache.org/docs/2.2/ -AliasMatch ^/manual(?:/(?:de|en|es|fr|ja|ko|pt-br))?(/.*)?$ "/usr/share/doc/apache-2.2.23/manual$1" +AliasMatch ^/manual(?:/(?:de|en|es|fr|ja|ko|pt-br))?(/.*)?$ "/usr/share/doc/apache-2.2.24/manual$1" - + Options Indexes AllowOverride None Order allow,deny diff --git a/config-archive/etc/apache2/modules.d/00_apache_manual.conf.1 b/config-archive/etc/apache2/modules.d/00_apache_manual.conf.1 index 25de5d1..240d6b4 100644 --- a/config-archive/etc/apache2/modules.d/00_apache_manual.conf.1 +++ b/config-archive/etc/apache2/modules.d/00_apache_manual.conf.1 @@ -3,9 +3,9 @@ # The documentation is always available at # http://httpd.apache.org/docs/2.2/ -AliasMatch ^/manual(?:/(?:de|en|es|fr|ja|ko|pt-br))?(/.*)?$ "/usr/share/doc/apache-2.2.22/manual$1" +AliasMatch ^/manual(?:/(?:de|en|es|fr|ja|ko|pt-br))?(/.*)?$ "/usr/share/doc/apache-2.2.23/manual$1" - + Options Indexes AllowOverride None Order allow,deny @@ -18,7 +18,7 @@ AliasMatch ^/manual(?:/(?:de|en|es|fr|ja|ko|pt-br))?(/.*)?$ "/usr/share/doc/apac SetEnvIf Request_URI ^/manual/(de|en|es|fr|ja|ko|pt-br)/ prefer-language=$1 RedirectMatch 301 ^/manual(?:/(de|en|es|fr|ja|ko|pt-br)){2,}(/.*)?$ /manual/$1$2 - LanguagePriority en de es fr ja ko pt-br + LanguagePriority de en es fr ja ko pt-br ForceLanguagePriority Prefer Fallback diff --git a/config-archive/etc/apache2/modules.d/00_apache_manual.conf.2 b/config-archive/etc/apache2/modules.d/00_apache_manual.conf.2 index a1bfed2..25de5d1 100644 --- a/config-archive/etc/apache2/modules.d/00_apache_manual.conf.2 +++ b/config-archive/etc/apache2/modules.d/00_apache_manual.conf.2 @@ -3,9 +3,9 @@ # The documentation is always available at # http://httpd.apache.org/docs/2.2/ -AliasMatch ^/manual(?:/(?:de|en|es|fr|ja|ko|pt-br))?(/.*)?$ "/usr/share/doc/apache-2.2.21-r1/manual$1" +AliasMatch ^/manual(?:/(?:de|en|es|fr|ja|ko|pt-br))?(/.*)?$ "/usr/share/doc/apache-2.2.22/manual$1" - + Options Indexes AllowOverride None Order allow,deny diff --git a/config-archive/etc/apache2/modules.d/00_apache_manual.conf.3 b/config-archive/etc/apache2/modules.d/00_apache_manual.conf.3 new file mode 100644 index 0000000..a1bfed2 --- /dev/null +++ b/config-archive/etc/apache2/modules.d/00_apache_manual.conf.3 @@ -0,0 +1,26 @@ +# Provide access to the documentation on your server as +# http://yourserver.example.com/manual/ +# The documentation is always available at +# http://httpd.apache.org/docs/2.2/ + +AliasMatch ^/manual(?:/(?:de|en|es|fr|ja|ko|pt-br))?(/.*)?$ "/usr/share/doc/apache-2.2.21-r1/manual$1" + + + Options Indexes + AllowOverride None + Order allow,deny + Allow from all + + + SetHandler type-map + + + SetEnvIf Request_URI ^/manual/(de|en|es|fr|ja|ko|pt-br)/ prefer-language=$1 + RedirectMatch 301 ^/manual(?:/(de|en|es|fr|ja|ko|pt-br)){2,}(/.*)?$ /manual/$1$2 + + LanguagePriority en de es fr ja ko pt-br + ForceLanguagePriority Prefer Fallback + + + +# vim: ts=4 filetype=apache diff --git a/config-archive/etc/apache2/modules.d/00_apache_manual.conf.dist b/config-archive/etc/apache2/modules.d/00_apache_manual.conf.dist index a0e5c83..d1f1140 100644 --- a/config-archive/etc/apache2/modules.d/00_apache_manual.conf.dist +++ b/config-archive/etc/apache2/modules.d/00_apache_manual.conf.dist @@ -3,9 +3,9 @@ # The documentation is always available at # http://httpd.apache.org/docs/2.2/ -AliasMatch ^/manual(?:/(?:de|en|es|fr|ja|ko|pt-br))?(/.*)?$ "/usr/share/doc/apache-2.2.24/manual$1" +AliasMatch ^/manual(?:/(?:de|en|es|fr|ja|ko|pt-br))?(/.*)?$ "/usr/share/doc/apache-2.2.25/manual$1" - + Options Indexes AllowOverride None Order allow,deny diff --git a/config-archive/etc/logrotate.d/ulogd b/config-archive/etc/logrotate.d/ulogd index 52a5d76..0c9874f 100644 --- a/config-archive/etc/logrotate.d/ulogd +++ b/config-archive/etc/logrotate.d/ulogd @@ -14,8 +14,7 @@ size 4M sharedscripts postrotate - /etc/init.d/ulogd restart - #/bin/killall -HUP ulogd 2> /dev/null || true + /etc/init.d/ulogd reopen_logs > /dev/null endscript } diff --git a/config-archive/etc/logrotate.d/ulogd.1 b/config-archive/etc/logrotate.d/ulogd.1 new file mode 100644 index 0000000..52a5d76 --- /dev/null +++ b/config-archive/etc/logrotate.d/ulogd.1 @@ -0,0 +1,23 @@ +#/var/log/ulogd.log /var/log/ulogd.syslogemu /var/log/ulogd.pktlog /var/log/ulogd.pcap { +# missingok +# sharedscripts +# postrotate +# /bin/killall -HUP ulogd 2> /dev/null || true +# endscript +#} + +/var/log/ulogd/*.log { + daily + maxage 2y + rotate 999 + olddir /var/log/ulogd/%Y-%m + size 4M + sharedscripts + postrotate + /etc/init.d/ulogd restart + #/bin/killall -HUP ulogd 2> /dev/null || true + endscript +} + + +# vim: ts=4 filetype=conf diff --git a/config-archive/etc/logrotate.d/ulogd.dist.new b/config-archive/etc/logrotate.d/ulogd.dist.new new file mode 100644 index 0000000..c57583c --- /dev/null +++ b/config-archive/etc/logrotate.d/ulogd.dist.new @@ -0,0 +1,20 @@ +/var/log/ulogd/ulogd.log { + notifempty + missingok + size 1M + create 0640 ulogd + postrotate + /etc/init.d/ulogd reopen_logs > /dev/null + endscript +} + +/var/log/ulogd/ulogd_syslogemu.log { + rotate 12 + size 5M + notifempty + missingok + create 0640 ulogd + postrotate + /etc/init.d/ulogd reopen_logs > /dev/null + endscript +} diff --git a/config-archive/etc/postfix/main.cf b/config-archive/etc/postfix/main.cf index f0345ad..a3de299 100644 --- a/config-archive/etc/postfix/main.cf +++ b/config-archive/etc/postfix/main.cf @@ -640,7 +640,7 @@ setgid_group = postdrop # html_directory: The location of the Postfix HTML documentation. # -html_directory = /usr/share/doc/postfix-2.9.5/html +html_directory = /usr/share/doc/postfix-2.10.0/html # manpage_directory: The location of the Postfix on-line manual pages. # @@ -653,7 +653,7 @@ sample_directory = /etc/postfix # readme_directory: The location of the Postfix README files. # -readme_directory = /usr/share/doc/postfix-2.9.5/readme +readme_directory = /usr/share/doc/postfix-2.10.0/readme home_mailbox = .maildir/ broken_sasl_auth_clients = yes diff --git a/config-archive/etc/postfix/main.cf.1 b/config-archive/etc/postfix/main.cf.1 index d148c85..f0345ad 100644 --- a/config-archive/etc/postfix/main.cf.1 +++ b/config-archive/etc/postfix/main.cf.1 @@ -640,7 +640,7 @@ setgid_group = postdrop # html_directory: The location of the Postfix HTML documentation. # -html_directory = /usr/share/doc/postfix-2.9.4/html +html_directory = /usr/share/doc/postfix-2.9.5/html # manpage_directory: The location of the Postfix on-line manual pages. # @@ -653,7 +653,7 @@ sample_directory = /etc/postfix # readme_directory: The location of the Postfix README files. # -readme_directory = /usr/share/doc/postfix-2.9.4/readme +readme_directory = /usr/share/doc/postfix-2.9.5/readme home_mailbox = .maildir/ broken_sasl_auth_clients = yes diff --git a/config-archive/etc/postfix/main.cf.2 b/config-archive/etc/postfix/main.cf.2 index fb2117d..d148c85 100644 --- a/config-archive/etc/postfix/main.cf.2 +++ b/config-archive/etc/postfix/main.cf.2 @@ -640,7 +640,7 @@ setgid_group = postdrop # html_directory: The location of the Postfix HTML documentation. # -html_directory = /usr/share/doc/postfix-2.9.3/html +html_directory = /usr/share/doc/postfix-2.9.4/html # manpage_directory: The location of the Postfix on-line manual pages. # @@ -653,7 +653,7 @@ sample_directory = /etc/postfix # readme_directory: The location of the Postfix README files. # -readme_directory = /usr/share/doc/postfix-2.9.3/readme +readme_directory = /usr/share/doc/postfix-2.9.4/readme home_mailbox = .maildir/ broken_sasl_auth_clients = yes diff --git a/config-archive/etc/postfix/main.cf.3 b/config-archive/etc/postfix/main.cf.3 index 95061cd..fb2117d 100644 --- a/config-archive/etc/postfix/main.cf.3 +++ b/config-archive/etc/postfix/main.cf.3 @@ -39,7 +39,7 @@ command_directory = /usr/sbin # daemon programs (i.e. programs listed in the master.cf file). This # directory must be owned by root. # -daemon_directory = /usr/lib64/postfix +daemon_directory = /usr/libexec/postfix # The data_directory parameter specifies the location of Postfix-writable # data files (caches, random numbers). This directory must be owned @@ -458,7 +458,12 @@ unknown_local_recipient_reject_code = 550 # the main.cf file, otherwise the SMTP server will reject mail for # non-UNIX accounts with "User unknown in local recipient table". # -#mailbox_transport = lmtp:unix:/file/name +# Cyrus IMAP over LMTP. Specify ``lmtpunix cmd="lmtpd" +# listen="/var/imap/socket/lmtp" prefork=0'' in cyrus.conf. +#mailbox_transport = lmtp:unix:/var/imap/socket/lmtp +# +# Cyrus IMAP via command line. Uncomment the "cyrus...pipe" and +# subsequent line in master.cf. #mailbox_transport = cyrus # The fallback_transport specifies the optional transport in master.cf @@ -635,7 +640,7 @@ setgid_group = postdrop # html_directory: The location of the Postfix HTML documentation. # -html_directory = /usr/share/doc/postfix-2.8.9/html +html_directory = /usr/share/doc/postfix-2.9.3/html # manpage_directory: The location of the Postfix on-line manual pages. # @@ -648,7 +653,7 @@ sample_directory = /etc/postfix # readme_directory: The location of the Postfix README files. # -readme_directory = /usr/share/doc/postfix-2.8.9/readme +readme_directory = /usr/share/doc/postfix-2.9.3/readme home_mailbox = .maildir/ broken_sasl_auth_clients = yes diff --git a/config-archive/etc/postfix/main.cf.4 b/config-archive/etc/postfix/main.cf.4 index 2d40235..95061cd 100644 --- a/config-archive/etc/postfix/main.cf.4 +++ b/config-archive/etc/postfix/main.cf.4 @@ -635,7 +635,7 @@ setgid_group = postdrop # html_directory: The location of the Postfix HTML documentation. # -html_directory = /usr/share/doc/postfix-2.8.7/html +html_directory = /usr/share/doc/postfix-2.8.9/html # manpage_directory: The location of the Postfix on-line manual pages. # @@ -648,7 +648,7 @@ sample_directory = /etc/postfix # readme_directory: The location of the Postfix README files. # -readme_directory = /usr/share/doc/postfix-2.8.7/readme +readme_directory = /usr/share/doc/postfix-2.8.9/readme home_mailbox = .maildir/ broken_sasl_auth_clients = yes diff --git a/config-archive/etc/postfix/main.cf.5 b/config-archive/etc/postfix/main.cf.5 new file mode 100644 index 0000000..2d40235 --- /dev/null +++ b/config-archive/etc/postfix/main.cf.5 @@ -0,0 +1,681 @@ +# Global Postfix configuration file. This file lists only a subset +# of all parameters. For the syntax, and for a complete parameter +# list, see the postconf(5) manual page (command: "man 5 postconf"). +# +# For common configuration examples, see BASIC_CONFIGURATION_README +# and STANDARD_CONFIGURATION_README. To find these documents, use +# the command "postconf html_directory readme_directory", or go to +# http://www.postfix.org/. +# +# For best results, change no more than 2-3 parameters at a time, +# and test if Postfix still works after every change. + +# SOFT BOUNCE +# +# The soft_bounce parameter provides a limited safety net for +# testing. When soft_bounce is enabled, mail will remain queued that +# would otherwise bounce. This parameter disables locally-generated +# bounces, and prevents the SMTP server from rejecting mail permanently +# (by changing 5xx replies into 4xx replies). However, soft_bounce +# is no cure for address rewriting mistakes or mail routing mistakes. +# +#soft_bounce = no + +# LOCAL PATHNAME INFORMATION +# +# The queue_directory specifies the location of the Postfix queue. +# This is also the root directory of Postfix daemons that run chrooted. +# See the files in examples/chroot-setup for setting up Postfix chroot +# environments on different UNIX systems. +# +queue_directory = /var/spool/postfix + +# The command_directory parameter specifies the location of all +# postXXX commands. +# +command_directory = /usr/sbin + +# The daemon_directory parameter specifies the location of all Postfix +# daemon programs (i.e. programs listed in the master.cf file). This +# directory must be owned by root. +# +daemon_directory = /usr/lib64/postfix + +# The data_directory parameter specifies the location of Postfix-writable +# data files (caches, random numbers). This directory must be owned +# by the mail_owner account (see below). +# +data_directory = /var/lib/postfix + +# QUEUE AND PROCESS OWNERSHIP +# +# The mail_owner parameter specifies the owner of the Postfix queue +# and of most Postfix daemon processes. Specify the name of a user +# account THAT DOES NOT SHARE ITS USER OR GROUP ID WITH OTHER ACCOUNTS +# AND THAT OWNS NO OTHER FILES OR PROCESSES ON THE SYSTEM. In +# particular, don't specify nobody or daemon. PLEASE USE A DEDICATED +# USER. +# +mail_owner = postfix + +# The default_privs parameter specifies the default rights used by +# the local delivery agent for delivery to external file or command. +# These rights are used in the absence of a recipient user context. +# DO NOT SPECIFY A PRIVILEGED USER OR THE POSTFIX OWNER. +# +#default_privs = nobody + +# INTERNET HOST AND DOMAIN NAMES +# +# The myhostname parameter specifies the internet hostname of this +# mail system. The default is to use the fully-qualified domain name +# from gethostname(). $myhostname is used as a default value for many +# other configuration parameters. +# +#myhostname = host.domain.tld +#myhostname = virtual.domain.tld + +# The mydomain parameter specifies the local internet domain name. +# The default is to use $myhostname minus the first component. +# $mydomain is used as a default value for many other configuration +# parameters. +# +#mydomain = domain.tld + +# SENDING MAIL +# +# The myorigin parameter specifies the domain that locally-posted +# mail appears to come from. The default is to append $myhostname, +# which is fine for small sites. If you run a domain with multiple +# machines, you should (1) change this to $mydomain and (2) set up +# a domain-wide alias database that aliases each user to +# user@that.users.mailhost. +# +# For the sake of consistency between sender and recipient addresses, +# myorigin also specifies the default domain name that is appended +# to recipient addresses that have no @domain part. +# +#myorigin = $myhostname +#myorigin = $mydomain + +# RECEIVING MAIL + +# The inet_interfaces parameter specifies the network interface +# addresses that this mail system receives mail on. By default, +# the software claims all active interfaces on the machine. The +# parameter also controls delivery of mail to user@[ip.address]. +# +# See also the proxy_interfaces parameter, for network addresses that +# are forwarded to us via a proxy or network address translator. +# +# Note: you need to stop/start Postfix when this parameter changes. +# +#inet_interfaces = all +#inet_interfaces = $myhostname +#inet_interfaces = $myhostname, localhost + +# The proxy_interfaces parameter specifies the network interface +# addresses that this mail system receives mail on by way of a +# proxy or network address translation unit. This setting extends +# the address list specified with the inet_interfaces parameter. +# +# You must specify your proxy/NAT addresses when your system is a +# backup MX host for other domains, otherwise mail delivery loops +# will happen when the primary MX host is down. +# +#proxy_interfaces = +#proxy_interfaces = 1.2.3.4 + +# The mydestination parameter specifies the list of domains that this +# machine considers itself the final destination for. +# +# These domains are routed to the delivery agent specified with the +# local_transport parameter setting. By default, that is the UNIX +# compatible delivery agent that lookups all recipients in /etc/passwd +# and /etc/aliases or their equivalent. +# +# The default is $myhostname + localhost.$mydomain. On a mail domain +# gateway, you should also include $mydomain. +# +# Do not specify the names of virtual domains - those domains are +# specified elsewhere (see VIRTUAL_README). +# +# Do not specify the names of domains that this machine is backup MX +# host for. Specify those names via the relay_domains settings for +# the SMTP server, or use permit_mx_backup if you are lazy (see +# STANDARD_CONFIGURATION_README). +# +# The local machine is always the final destination for mail addressed +# to user@[the.net.work.address] of an interface that the mail system +# receives mail on (see the inet_interfaces parameter). +# +# Specify a list of host or domain names, /file/name or type:table +# patterns, separated by commas and/or whitespace. A /file/name +# pattern is replaced by its contents; a type:table is matched when +# a name matches a lookup key (the right-hand side is ignored). +# Continue long lines by starting the next line with whitespace. +# +# See also below, section "REJECTING MAIL FOR UNKNOWN LOCAL USERS". +# +#mydestination = $myhostname, localhost.$mydomain, localhost +#mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain +#mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain, +# mail.$mydomain, www.$mydomain, ftp.$mydomain + +# REJECTING MAIL FOR UNKNOWN LOCAL USERS +# +# The local_recipient_maps parameter specifies optional lookup tables +# with all names or addresses of users that are local with respect +# to $mydestination, $inet_interfaces or $proxy_interfaces. +# +# If this parameter is defined, then the SMTP server will reject +# mail for unknown local users. This parameter is defined by default. +# +# To turn off local recipient checking in the SMTP server, specify +# local_recipient_maps = (i.e. empty). +# +# The default setting assumes that you use the default Postfix local +# delivery agent for local delivery. You need to update the +# local_recipient_maps setting if: +# +# - You define $mydestination domain recipients in files other than +# /etc/passwd, /etc/aliases, or the $virtual_alias_maps files. +# For example, you define $mydestination domain recipients in +# the $virtual_mailbox_maps files. +# +# - You redefine the local delivery agent in master.cf. +# +# - You redefine the "local_transport" setting in main.cf. +# +# - You use the "luser_relay", "mailbox_transport", or "fallback_transport" +# feature of the Postfix local delivery agent (see local(8)). +# +# Details are described in the LOCAL_RECIPIENT_README file. +# +# Beware: if the Postfix SMTP server runs chrooted, you probably have +# to access the passwd file via the proxymap service, in order to +# overcome chroot restrictions. The alternative, having a copy of +# the system passwd file in the chroot jail is just not practical. +# +# The right-hand side of the lookup tables is conveniently ignored. +# In the left-hand side, specify a bare username, an @domain.tld +# wild-card, or specify a user@domain.tld address. +# +#local_recipient_maps = unix:passwd.byname $alias_maps +#local_recipient_maps = proxy:unix:passwd.byname $alias_maps +#local_recipient_maps = + +# The unknown_local_recipient_reject_code specifies the SMTP server +# response code when a recipient domain matches $mydestination or +# ${proxy,inet}_interfaces, while $local_recipient_maps is non-empty +# and the recipient address or address local-part is not found. +# +# The default setting is 550 (reject mail) but it is safer to start +# with 450 (try again later) until you are certain that your +# local_recipient_maps settings are OK. +# +unknown_local_recipient_reject_code = 550 + +# TRUST AND RELAY CONTROL + +# The mynetworks parameter specifies the list of "trusted" SMTP +# clients that have more privileges than "strangers". +# +# In particular, "trusted" SMTP clients are allowed to relay mail +# through Postfix. See the smtpd_recipient_restrictions parameter +# in postconf(5). +# +# You can specify the list of "trusted" network addresses by hand +# or you can let Postfix do it for you (which is the default). +# +# By default (mynetworks_style = subnet), Postfix "trusts" SMTP +# clients in the same IP subnetworks as the local machine. +# On Linux, this does works correctly only with interfaces specified +# with the "ifconfig" command. +# +# Specify "mynetworks_style = class" when Postfix should "trust" SMTP +# clients in the same IP class A/B/C networks as the local machine. +# Don't do this with a dialup site - it would cause Postfix to "trust" +# your entire provider's network. Instead, specify an explicit +# mynetworks list by hand, as described below. +# +# Specify "mynetworks_style = host" when Postfix should "trust" +# only the local machine. +# +#mynetworks_style = class +#mynetworks_style = subnet +#mynetworks_style = host + +# Alternatively, you can specify the mynetworks list by hand, in +# which case Postfix ignores the mynetworks_style setting. +# +# Specify an explicit list of network/netmask patterns, where the +# mask specifies the number of bits in the network part of a host +# address. +# +# You can also specify the absolute pathname of a pattern file instead +# of listing the patterns here. Specify type:table for table-based lookups +# (the value on the table right-hand side is not used). +# +#mynetworks = 168.100.189.0/28, 127.0.0.0/8 +#mynetworks = $config_directory/mynetworks +#mynetworks = hash:/etc/postfix/network_table + +# The relay_domains parameter restricts what destinations this system will +# relay mail to. See the smtpd_recipient_restrictions description in +# postconf(5) for detailed information. +# +# By default, Postfix relays mail +# - from "trusted" clients (IP address matches $mynetworks) to any destination, +# - from "untrusted" clients to destinations that match $relay_domains or +# subdomains thereof, except addresses with sender-specified routing. +# The default relay_domains value is $mydestination. +# +# In addition to the above, the Postfix SMTP server by default accepts mail +# that Postfix is final destination for: +# - destinations that match $inet_interfaces or $proxy_interfaces, +# - destinations that match $mydestination +# - destinations that match $virtual_alias_domains, +# - destinations that match $virtual_mailbox_domains. +# These destinations do not need to be listed in $relay_domains. +# +# Specify a list of hosts or domains, /file/name patterns or type:name +# lookup tables, separated by commas and/or whitespace. Continue +# long lines by starting the next line with whitespace. A file name +# is replaced by its contents; a type:name table is matched when a +# (parent) domain appears as lookup key. +# +# NOTE: Postfix will not automatically forward mail for domains that +# list this system as their primary or backup MX host. See the +# permit_mx_backup restriction description in postconf(5). +# +#relay_domains = $mydestination + +# INTERNET OR INTRANET + +# The relayhost parameter specifies the default host to send mail to +# when no entry is matched in the optional transport(5) table. When +# no relayhost is given, mail is routed directly to the destination. +# +# On an intranet, specify the organizational domain name. If your +# internal DNS uses no MX records, specify the name of the intranet +# gateway host instead. +# +# In the case of SMTP, specify a domain, host, host:port, [host]:port, +# [address] or [address]:port; the form [host] turns off MX lookups. +# +# If you're connected via UUCP, see also the default_transport parameter. +# +#relayhost = $mydomain +#relayhost = [gateway.my.domain] +#relayhost = [mailserver.isp.tld] +#relayhost = uucphost +#relayhost = [an.ip.add.ress] + +# REJECTING UNKNOWN RELAY USERS +# +# The relay_recipient_maps parameter specifies optional lookup tables +# with all addresses in the domains that match $relay_domains. +# +# If this parameter is defined, then the SMTP server will reject +# mail for unknown relay users. This feature is off by default. +# +# The right-hand side of the lookup tables is conveniently ignored. +# In the left-hand side, specify an @domain.tld wild-card, or specify +# a user@domain.tld address. +# +#relay_recipient_maps = hash:/etc/postfix/relay_recipients + +# INPUT RATE CONTROL +# +# The in_flow_delay configuration parameter implements mail input +# flow control. This feature is turned on by default, although it +# still needs further development (it's disabled on SCO UNIX due +# to an SCO bug). +# +# A Postfix process will pause for $in_flow_delay seconds before +# accepting a new message, when the message arrival rate exceeds the +# message delivery rate. With the default 100 SMTP server process +# limit, this limits the mail inflow to 100 messages a second more +# than the number of messages delivered per second. +# +# Specify 0 to disable the feature. Valid delays are 0..10. +# +#in_flow_delay = 1s + +# ADDRESS REWRITING +# +# The ADDRESS_REWRITING_README document gives information about +# address masquerading or other forms of address rewriting including +# username->Firstname.Lastname mapping. + +# ADDRESS REDIRECTION (VIRTUAL DOMAIN) +# +# The VIRTUAL_README document gives information about the many forms +# of domain hosting that Postfix supports. + +# "USER HAS MOVED" BOUNCE MESSAGES +# +# See the discussion in the ADDRESS_REWRITING_README document. + +# TRANSPORT MAP +# +# See the discussion in the ADDRESS_REWRITING_README document. + +# ALIAS DATABASE +# +# The alias_maps parameter specifies the list of alias databases used +# by the local delivery agent. The default list is system dependent. +# +# On systems with NIS, the default is to search the local alias +# database, then the NIS alias database. See aliases(5) for syntax +# details. +# +# If you change the alias database, run "postalias /etc/aliases" (or +# wherever your system stores the mail alias file), or simply run +# "newaliases" to build the necessary DBM or DB file. +# +# It will take a minute or so before changes become visible. Use +# "postfix reload" to eliminate the delay. +# +#alias_maps = dbm:/etc/aliases +#alias_maps = hash:/etc/aliases +#alias_maps = hash:/etc/aliases, nis:mail.aliases +#alias_maps = netinfo:/aliases + +# The alias_database parameter specifies the alias database(s) that +# are built with "newaliases" or "sendmail -bi". This is a separate +# configuration parameter, because alias_maps (see above) may specify +# tables that are not necessarily all under control by Postfix. +# +#alias_database = dbm:/etc/aliases +#alias_database = dbm:/etc/mail/aliases +#alias_database = hash:/etc/aliases +#alias_database = hash:/etc/aliases, hash:/opt/majordomo/aliases + +# ADDRESS EXTENSIONS (e.g., user+foo) +# +# The recipient_delimiter parameter specifies the separator between +# user names and address extensions (user+foo). See canonical(5), +# local(8), relocated(5) and virtual(5) for the effects this has on +# aliases, canonical, virtual, relocated and .forward file lookups. +# Basically, the software tries user+foo and .forward+foo before +# trying user and .forward. +# +#recipient_delimiter = + + +# DELIVERY TO MAILBOX +# +# The home_mailbox parameter specifies the optional pathname of a +# mailbox file relative to a user's home directory. The default +# mailbox file is /var/spool/mail/user or /var/mail/user. Specify +# "Maildir/" for qmail-style delivery (the / is required). +# +#home_mailbox = Mailbox +#home_mailbox = Maildir/ + +# The mail_spool_directory parameter specifies the directory where +# UNIX-style mailboxes are kept. The default setting depends on the +# system type. +# +#mail_spool_directory = /var/mail +#mail_spool_directory = /var/spool/mail + +# The mailbox_command parameter specifies the optional external +# command to use instead of mailbox delivery. The command is run as +# the recipient with proper HOME, SHELL and LOGNAME environment settings. +# Exception: delivery for root is done as $default_user. +# +# Other environment variables of interest: USER (recipient username), +# EXTENSION (address extension), DOMAIN (domain part of address), +# and LOCAL (the address localpart). +# +# Unlike other Postfix configuration parameters, the mailbox_command +# parameter is not subjected to $parameter substitutions. This is to +# make it easier to specify shell syntax (see example below). +# +# Avoid shell meta characters because they will force Postfix to run +# an expensive shell process. Procmail alone is expensive enough. +# +# IF YOU USE THIS TO DELIVER MAIL SYSTEM-WIDE, YOU MUST SET UP AN +# ALIAS THAT FORWARDS MAIL FOR ROOT TO A REAL USER. +# +#mailbox_command = /some/where/procmail +#mailbox_command = /some/where/procmail -a "$EXTENSION" + +# The mailbox_transport specifies the optional transport in master.cf +# to use after processing aliases and .forward files. This parameter +# has precedence over the mailbox_command, fallback_transport and +# luser_relay parameters. +# +# Specify a string of the form transport:nexthop, where transport is +# the name of a mail delivery transport defined in master.cf. The +# :nexthop part is optional. For more details see the sample transport +# configuration file. +# +# NOTE: if you use this feature for accounts not in the UNIX password +# file, then you must update the "local_recipient_maps" setting in +# the main.cf file, otherwise the SMTP server will reject mail for +# non-UNIX accounts with "User unknown in local recipient table". +# +#mailbox_transport = lmtp:unix:/file/name +#mailbox_transport = cyrus + +# The fallback_transport specifies the optional transport in master.cf +# to use for recipients that are not found in the UNIX passwd database. +# This parameter has precedence over the luser_relay parameter. +# +# Specify a string of the form transport:nexthop, where transport is +# the name of a mail delivery transport defined in master.cf. The +# :nexthop part is optional. For more details see the sample transport +# configuration file. +# +# NOTE: if you use this feature for accounts not in the UNIX password +# file, then you must update the "local_recipient_maps" setting in +# the main.cf file, otherwise the SMTP server will reject mail for +# non-UNIX accounts with "User unknown in local recipient table". +# +#fallback_transport = lmtp:unix:/file/name +#fallback_transport = cyrus +#fallback_transport = + +# The luser_relay parameter specifies an optional destination address +# for unknown recipients. By default, mail for unknown@$mydestination, +# unknown@[$inet_interfaces] or unknown@[$proxy_interfaces] is returned +# as undeliverable. +# +# The following expansions are done on luser_relay: $user (recipient +# username), $shell (recipient shell), $home (recipient home directory), +# $recipient (full recipient address), $extension (recipient address +# extension), $domain (recipient domain), $local (entire recipient +# localpart), $recipient_delimiter. Specify ${name?value} or +# ${name:value} to expand value only when $name does (does not) exist. +# +# luser_relay works only for the default Postfix local delivery agent. +# +# NOTE: if you use this feature for accounts not in the UNIX password +# file, then you must specify "local_recipient_maps =" (i.e. empty) in +# the main.cf file, otherwise the SMTP server will reject mail for +# non-UNIX accounts with "User unknown in local recipient table". +# +#luser_relay = $user@other.host +#luser_relay = $local@other.host +#luser_relay = admin+$local + +# JUNK MAIL CONTROLS +# +# The controls listed here are only a very small subset. The file +# SMTPD_ACCESS_README provides an overview. + +# The header_checks parameter specifies an optional table with patterns +# that each logical message header is matched against, including +# headers that span multiple physical lines. +# +# By default, these patterns also apply to MIME headers and to the +# headers of attached messages. With older Postfix versions, MIME and +# attached message headers were treated as body text. +# +# For details, see "man header_checks". +# +#header_checks = regexp:/etc/postfix/header_checks + +# FAST ETRN SERVICE +# +# Postfix maintains per-destination logfiles with information about +# deferred mail, so that mail can be flushed quickly with the SMTP +# "ETRN domain.tld" command, or by executing "sendmail -qRdomain.tld". +# See the ETRN_README document for a detailed description. +# +# The fast_flush_domains parameter controls what destinations are +# eligible for this service. By default, they are all domains that +# this server is willing to relay mail to. +# +#fast_flush_domains = $relay_domains + +# SHOW SOFTWARE VERSION OR NOT +# +# The smtpd_banner parameter specifies the text that follows the 220 +# code in the SMTP server's greeting banner. Some people like to see +# the mail version advertised. By default, Postfix shows no version. +# +# You MUST specify $myhostname at the start of the text. That is an +# RFC requirement. Postfix itself does not care. +# +#smtpd_banner = $myhostname ESMTP $mail_name +#smtpd_banner = $myhostname ESMTP $mail_name ($mail_version) + +# PARALLEL DELIVERY TO THE SAME DESTINATION +# +# How many parallel deliveries to the same user or domain? With local +# delivery, it does not make sense to do massively parallel delivery +# to the same user, because mailbox updates must happen sequentially, +# and expensive pipelines in .forward files can cause disasters when +# too many are run at the same time. With SMTP deliveries, 10 +# simultaneous connections to the same domain could be sufficient to +# raise eyebrows. +# +# Each message delivery transport has its XXX_destination_concurrency_limit +# parameter. The default is $default_destination_concurrency_limit for +# most delivery transports. For the local delivery agent the default is 2. + +#local_destination_concurrency_limit = 2 +#default_destination_concurrency_limit = 20 + +# DEBUGGING CONTROL +# +# The debug_peer_level parameter specifies the increment in verbose +# logging level when an SMTP client or server host name or address +# matches a pattern in the debug_peer_list parameter. +# +debug_peer_level = 2 + +# The debug_peer_list parameter specifies an optional list of domain +# or network patterns, /file/name patterns or type:name tables. When +# an SMTP client or server host name or address matches a pattern, +# increase the verbose logging level by the amount specified in the +# debug_peer_level parameter. +# +#debug_peer_list = 127.0.0.1 +#debug_peer_list = some.domain + +# The debugger_command specifies the external command that is executed +# when a Postfix daemon program is run with the -D option. +# +# Use "command .. & sleep 5" so that the debugger can attach before +# the process marches on. If you use an X-based debugger, be sure to +# set up your XAUTHORITY environment variable before starting Postfix. +# +debugger_command = + PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin + ddd $daemon_directory/$process_name $process_id & sleep 5 + +# If you can't use X, use this to capture the call stack when a +# daemon crashes. The result is in a file in the configuration +# directory, and is named after the process name and the process ID. +# +# debugger_command = +# PATH=/bin:/usr/bin:/usr/local/bin; export PATH; (echo cont; +# echo where) | gdb $daemon_directory/$process_name $process_id 2>&1 +# >$config_directory/$process_name.$process_id.log & sleep 5 +# +# Another possibility is to run gdb under a detached screen session. +# To attach to the screen sesssion, su root and run "screen -r +# " where uniquely matches one of the detached +# sessions (from "screen -list"). +# +# debugger_command = +# PATH=/bin:/usr/bin:/sbin:/usr/sbin; export PATH; screen +# -dmS $process_name gdb $daemon_directory/$process_name +# $process_id & sleep 1 + +# INSTALL-TIME CONFIGURATION INFORMATION +# +# The following parameters are used when installing a new Postfix version. +# +# sendmail_path: The full pathname of the Postfix sendmail command. +# This is the Sendmail-compatible mail posting interface. +# +sendmail_path = /usr/sbin/sendmail + +# newaliases_path: The full pathname of the Postfix newaliases command. +# This is the Sendmail-compatible command to build alias databases. +# +newaliases_path = /usr/bin/newaliases + +# mailq_path: The full pathname of the Postfix mailq command. This +# is the Sendmail-compatible mail queue listing command. +# +mailq_path = /usr/bin/mailq + +# setgid_group: The group for mail submission and queue management +# commands. This must be a group name with a numerical group ID that +# is not shared with other accounts, not even with the Postfix account. +# +setgid_group = postdrop + +# html_directory: The location of the Postfix HTML documentation. +# +html_directory = /usr/share/doc/postfix-2.8.7/html + +# manpage_directory: The location of the Postfix on-line manual pages. +# +manpage_directory = /usr/share/man + +# sample_directory: The location of the Postfix sample configuration files. +# This parameter is obsolete as of Postfix 2.1. +# +sample_directory = /etc/postfix + +# readme_directory: The location of the Postfix README files. +# +readme_directory = /usr/share/doc/postfix-2.8.7/readme +home_mailbox = .maildir/ +broken_sasl_auth_clients = yes + +inet_protocols = all + +mydomain = uhu-banane.de + +# default: mynetworks = 127.0.0.0/8 46.16.73.175/32 [::1]/128 [fe80::%eth0]/64 +mynetworks = 127.0.0.0/8 46.16.73.175/32 [::1]/128 + +myorigin = $mydomain +recipient_delimiter = + +relayhost = [mail.brehm-online.com] +smtp_sasl_auth_enable = yes +smtp_sasl_password_maps = hash:/etc/postfix/smtp_auth +smtp_sasl_security_options = noanonymous +smtp_tls_cert_file = /etc/postfix/postfix.pem +smtp_tls_enforce_peername = no +smtp_tls_key_file = /etc/postfix/postfix.pem +smtp_use_tls = yes +smtpd_sasl_auth_enable = yes +smtpd_sasl_local_domain = $myhostname +smtpd_sasl_security_options = noanonymous +smtpd_tls_cert_file = /etc/postfix/postfix.pem +smtpd_tls_key_file = /etc/postfix/postfix.pem +smtpd_tls_loglevel = 1 +smtpd_tls_received_header = yes +smtpd_tls_session_cache_timeout = 3600s +smtpd_use_tls = yes +tls_random_source = dev:/dev/urandom diff --git a/config-archive/etc/postfix/main.cf.dist b/config-archive/etc/postfix/main.cf.dist index 3dc5304..849ec43 100644 --- a/config-archive/etc/postfix/main.cf.dist +++ b/config-archive/etc/postfix/main.cf.dist @@ -640,7 +640,7 @@ setgid_group = postdrop # html_directory: The location of the Postfix HTML documentation. # -html_directory = /usr/share/doc/postfix-2.10.0/html +html_directory = /usr/share/doc/postfix-2.10.1/html # manpage_directory: The location of the Postfix on-line manual pages. # @@ -653,6 +653,5 @@ sample_directory = /etc/postfix # readme_directory: The location of the Postfix README files. # -readme_directory = /usr/share/doc/postfix-2.10.0/readme +readme_directory = /usr/share/doc/postfix-2.10.1/readme home_mailbox = .maildir/ -smtpd_relay_restrictions = permit_mynetworks,permit_sasl_authenticated,defer_unauth_destination diff --git a/config-archive/etc/stunnel/stunnel.conf b/config-archive/etc/stunnel/stunnel.conf new file mode 100644 index 0000000..20709b7 --- /dev/null +++ b/config-archive/etc/stunnel/stunnel.conf @@ -0,0 +1,65 @@ +# Sample stunnel configuration file by Michal Trojnara 2002-2005 +# Some options used here may not be adequate for your particular configuration +# Please make sure you understand them (especially the effect of chroot jail) + +# Certificate/key is needed in server mode and optional in client mode +cert = /etc/stunnel/stunnel.pem +key = /etc/stunnel/stunnel.pem + +# Some security enhancements for UNIX systems - comment them out on Win32 +# chroot = /chroot/stunnel/ +setuid = stunnel +setgid = stunnel +# PID is created inside chroot jail +pid = /var/run/stunnel/stunnel.pid + +# Some performance tunings +socket = l:TCP_NODELAY=1 +socket = r:TCP_NODELAY=1 +#compression = rle + +# Workaround for Eudora bug +#options = DONT_INSERT_EMPTY_FRAGMENTS + +# Authentication stuff +#verify = 2 +# Don't forget to c_rehash CApath +# CApath is located inside chroot jail: +#CApath = /certs +# It's often easier to use CAfile: +#CAfile = /etc/stunnel/certs.pem +# Don't forget to c_rehash CRLpath +# CRLpath is located inside chroot jail: +#CRLpath = /crls +# Alternatively you can use CRLfile: +#CRLfile = /etc/stunnel/crls.pem + +# Some debugging stuff useful for troubleshooting +#debug = 7 +#output = stunnel.log + +# Use it for client mode +#client = yes + +# Service-level configuration + +[postgres] +accept = 5442 +connect = 5432 + +#[pop3s] +#accept = 995 +#connect = 110 + +#[imaps] +#accept = 993 +#connect = 143 + +#[ssmtp] +#accept = 465 +#connect = 25 + +#[https] +#accept = 443 +#connect = 80 +#TIMEOUTclose = 0 diff --git a/config-archive/etc/stunnel/stunnel.conf.dist.new b/config-archive/etc/stunnel/stunnel.conf.dist.new new file mode 100644 index 0000000..4aa8b8c --- /dev/null +++ b/config-archive/etc/stunnel/stunnel.conf.dist.new @@ -0,0 +1,61 @@ +# Sample stunnel configuration file by Michal Trojnara 2002-2005 +# Some options used here may not be adequate for your particular configuration +# Please make sure you understand them (especially the effect of chroot jail) + +# Certificate/key is needed in server mode and optional in client mode +# cert = /etc/stunnel/stunnel.pem +# key = /etc/stunnel/stunnel.pem + +# Some security enhancements for UNIX systems - comment them out on Win32 +# chroot = /chroot/stunnel/ +setuid = stunnel +setgid = stunnel +# PID is created inside chroot jail +pid = /var/run/stunnel/stunnel.pid + +# Some performance tunings +socket = l:TCP_NODELAY=1 +socket = r:TCP_NODELAY=1 +#compression = rle + +# Workaround for Eudora bug +#options = DONT_INSERT_EMPTY_FRAGMENTS + +# Authentication stuff +#verify = 2 +# Don't forget to c_rehash CApath +# CApath is located inside chroot jail: +#CApath = /certs +# It's often easier to use CAfile: +#CAfile = /etc/stunnel/certs.pem +# Don't forget to c_rehash CRLpath +# CRLpath is located inside chroot jail: +#CRLpath = /crls +# Alternatively you can use CRLfile: +#CRLfile = /etc/stunnel/crls.pem + +# Some debugging stuff useful for troubleshooting +#debug = 7 +#output = stunnel.log + +# Use it for client mode +#client = yes + +# Service-level configuration + +#[pop3s] +#accept = 995 +#connect = 110 + +#[imaps] +#accept = 993 +#connect = 143 + +#[ssmtp] +#accept = 465 +#connect = 25 + +#[https] +#accept = 443 +#connect = 80 +#TIMEOUTclose = 0 diff --git a/config-archive/etc/syslog-ng/syslog-ng.conf b/config-archive/etc/syslog-ng/syslog-ng.conf index cd61378..2286f6d 100644 --- a/config-archive/etc/syslog-ng/syslog-ng.conf +++ b/config-archive/etc/syslog-ng/syslog-ng.conf @@ -15,6 +15,8 @@ options { # people so turn it down to once an hour. Set it to zero # if you don't want the functionality at all. mark_freq(3600); + frac_digits(3); + ts_format(iso); }; source src { diff --git a/config-archive/etc/syslog-ng/syslog-ng.conf.1 b/config-archive/etc/syslog-ng/syslog-ng.conf.1 new file mode 100644 index 0000000..cd61378 --- /dev/null +++ b/config-archive/etc/syslog-ng/syslog-ng.conf.1 @@ -0,0 +1,93 @@ +@version: 3.2 + +options { + long_hostnames(off); + chain_hostnames(no); + flush_lines(0); + + # The default action of syslog-ng is to log a STATS line + # to the file every 10 minutes. That's pretty ugly after a while. + # Change it to every 12 hours so you get a nice daily update of + # how many messages syslog-ng missed (0). + stats_freq(43200); + # The default action of syslog-ng is to log a MARK line + # to the file every 20 minutes. That's seems high for most + # people so turn it down to once an hour. Set it to zero + # if you don't want the functionality at all. + mark_freq(3600); +}; + +source src { + unix-stream("/dev/log" max-connections(256)); + internal(); + file("/proc/kmsg"); + #udp(); +}; + +######################################################### +# Logging-Ziele + +destination d_syslog { file("/var/log/syslog"); }; +destination d_fac { file("/var/log/syslog.d/$FACILITY"); }; +destination d_debug { file("/var/log/debug"); }; +destination d_all { file("/var/log/all"); }; +destination d_messages { file("/var/log/messages"); }; + +destination d_console { usertty("root"); }; +destination d_console_all { usertty("*"); }; +#destination loghost { udp("loghost" port(999)); }; + +# By default messages are logged to tty12... +destination d_console_12 { file("/dev/tty12"); }; +# ...if you intend to use /dev/console for programs like xconsole +# you can comment out the destination line above that references /dev/tty12 +# and uncomment the line below. +#destination console_all { file("/dev/console"); }; + +#destination d_xconsole { pipe("/dev/xconsole"); }; +destination d_xconsole { pipe("/dev/console"); }; + +######################################################### +# Filter-Definitionen + +filter f_syslog { not facility(authpriv, mail); }; +filter f_debug { not facility(auth, authpriv, news, mail); }; +filter f_messages { level(info..emerg) + and not facility(auth, authpriv, mail, news); }; +filter f_emergency { level(emerg); }; + +filter f_warnings { level(warn..emerg) + and not facility( mail, news); }; + +filter f_info { level(info); }; +filter f_notice { level(notice); }; +filter f_warn { level(warn); }; +filter f_crit { level(crit); }; +filter f_err { level(err); }; +filter f_alarm { level(crit, alert); }; + +######################################################## +# Log-Definitionen + +log { source(src); destination(d_fac); }; + +log { source(src); filter(f_messages); destination(d_messages); }; +#log { source(src); filter(f_messages); destination(d_xconsole); }; +log { source(src); filter(f_warnings); destination(d_console_12); }; +log { source(src); filter(f_alarm); destination(d_console); }; +log { source(src); filter(f_emergency); destination(d_console_all); }; +log { source(src); filter(f_syslog); destination(d_syslog); }; +log { source(src); filter(f_debug); destination(d_debug); }; +log { source(src); destination(d_all); }; + +# By default messages are logged to tty12... +#destination console_all { file("/dev/tty12"); }; +# ...if you intend to use /dev/console for programs like xconsole +# you can comment out the destination line above that references /dev/tty12 +# and uncomment the line below. +#destination console_all { file("/dev/console"); }; + +#log { source(src); destination(messages); }; +#log { source(src); destination(console_all); }; + + diff --git a/config-archive/etc/syslog-ng/syslog-ng.conf.dist.new b/config-archive/etc/syslog-ng/syslog-ng.conf.dist.new index 2589f2f..e8d3b4f 100644 --- a/config-archive/etc/syslog-ng/syslog-ng.conf.dist.new +++ b/config-archive/etc/syslog-ng/syslog-ng.conf.dist.new @@ -1,9 +1,13 @@ -@version: 3.2 -# $Header: /var/cvsroot/gentoo-x86/app-admin/syslog-ng/files/syslog-ng.conf.gentoo.3.2,v 1.1 2011/01/18 17:44:14 mr_bones_ Exp $ +@version: 3.4 +# $Header: /var/cvsroot/gentoo-x86/app-admin/syslog-ng/files/3.4/syslog-ng.conf.gentoo,v 1.2 2013/06/02 01:18:35 mr_bones_ Exp $ # # Syslog-ng default configuration file for Gentoo Linux +# https://bugs.gentoo.org/show_bug.cgi?id=426814 +@include "scl.conf" + options { + threaded(yes); chain_hostnames(no); # The default action of syslog-ng is to log a STATS line @@ -18,11 +22,7 @@ options { mark_freq(3600); }; -source src { - unix-stream("/dev/log" max-connections(256)); - internal(); - file("/proc/kmsg"); -}; +source src { system(); internal(); }; destination messages { file("/var/log/messages"); }; diff --git a/csh.env b/csh.env index 6d332ee..cd17ee9 100644 --- a/csh.env +++ b/csh.env @@ -9,7 +9,7 @@ setenv GCC_SPECS '' setenv GSETTINGS_BACKEND 'gconf' setenv GUILE_LOAD_PATH '/usr/share/guile/1.8' setenv HG '/usr/bin/hg' -setenv INFOPATH '/usr/share/info:/usr/share/gcc-data/x86_64-pc-linux-gnu/4.6.3/info:/usr/share/binutils-data/x86_64-pc-linux-gnu/2.22/info' +setenv INFOPATH '/usr/share/info:/usr/share/gcc-data/x86_64-pc-linux-gnu/4.6.3/info:/usr/share/binutils-data/x86_64-pc-linux-gnu/2.23.1/info' setenv LANG 'de_DE.UTF-8' setenv LC_ADDRESS 'de_DE.utf8' setenv LC_COLLATE 'de_DE.utf8' @@ -25,10 +25,11 @@ setenv LC_TELEPHONE 'de_DE.utf8' setenv LC_TIME 'de_DE.utf8' setenv LESS '-R -M --shift 5' setenv LESSOPEN '|lesspipe %s' -setenv MANPATH '/usr/local/share/man:/usr/share/man:/usr/share/gcc-data/x86_64-pc-linux-gnu/4.6.3/man:/usr/share/binutils-data/x86_64-pc-linux-gnu/2.22/man:/etc/java-config-2/current-system-vm/man/:/usr/lib64/php5.3/man/:/usr/lib64/php5.4/man/:/usr/share/postgresql/man/:/usr/share/postgresql-9.2/man/' +setenv MANPATH '/usr/local/share/man:/usr/share/man:/usr/share/gcc-data/x86_64-pc-linux-gnu/4.6.3/man:/usr/share/binutils-data/x86_64-pc-linux-gnu/2.23.1/man:/etc/java-config-2/current-system-vm/man/:/usr/lib64/php5.3/man/:/usr/lib64/php5.4/man/:/usr/share/postgresql/man/:/usr/share/postgresql-9.2/man/' setenv MULTIOSDIRS '../lib64:../lib32' setenv OPENGL_PROFILE 'xorg-x11' setenv PATH '/opt/bin:/usr/x86_64-pc-linux-gnu/gcc-bin/4.6.3:/usr/lib64/subversion/bin' +setenv PRELINK_PATH_MASK '/usr/lib64/libfreebl3.so:/usr/lib64/libnssdbm3.so:/usr/lib64/libsoftokn3.so' setenv PYTHONDOCS_2_7 '/usr/share/doc/python-docs-2.7.3/html/library' setenv PYTHONDOCS_3_2 '/usr/share/doc/python-docs-3.2.3/html/library' setenv ROOTPATH '/opt/bin:/usr/x86_64-pc-linux-gnu/gcc-bin/4.6.3:/usr/lib64/subversion/bin' diff --git a/env.d/05binutils b/env.d/05binutils index bf004d1..40c7c1f 100644 --- a/env.d/05binutils +++ b/env.d/05binutils @@ -1,2 +1,2 @@ -MANPATH=/usr/share/binutils-data/x86_64-pc-linux-gnu/2.22/man -INFOPATH=/usr/share/binutils-data/x86_64-pc-linux-gnu/2.22/info +MANPATH=/usr/share/binutils-data/x86_64-pc-linux-gnu/2.23.1/man +INFOPATH=/usr/share/binutils-data/x86_64-pc-linux-gnu/2.23.1/info diff --git a/env.d/90nss b/env.d/90nss new file mode 100644 index 0000000..fbade16 --- /dev/null +++ b/env.d/90nss @@ -0,0 +1 @@ +PRELINK_PATH_MASK=/usr/lib64/libfreebl3.so:/usr/lib64/libnssdbm3.so:/usr/lib64/libsoftokn3.so diff --git a/env.d/binutils/config-x86_64-pc-linux-gnu b/env.d/binutils/config-x86_64-pc-linux-gnu index 11427ca..930d9b8 100644 --- a/env.d/binutils/config-x86_64-pc-linux-gnu +++ b/env.d/binutils/config-x86_64-pc-linux-gnu @@ -1 +1 @@ -CURRENT=2.22 +CURRENT=2.23.1 diff --git a/env.d/binutils/x86_64-pc-linux-gnu-2.22 b/env.d/binutils/x86_64-pc-linux-gnu-2.22 deleted file mode 100644 index aac9c13..0000000 --- a/env.d/binutils/x86_64-pc-linux-gnu-2.22 +++ /dev/null @@ -1,4 +0,0 @@ -TARGET="x86_64-pc-linux-gnu" -VER="2.22" -LIBPATH="/usr/lib64/binutils/x86_64-pc-linux-gnu/2.22" -FAKE_TARGETS="x86_64-pc-linux-gnu" diff --git a/env.d/binutils/x86_64-pc-linux-gnu-2.23.1 b/env.d/binutils/x86_64-pc-linux-gnu-2.23.1 new file mode 100644 index 0000000..d9ce38f --- /dev/null +++ b/env.d/binutils/x86_64-pc-linux-gnu-2.23.1 @@ -0,0 +1,4 @@ +TARGET="x86_64-pc-linux-gnu" +VER="2.23.1" +LIBPATH="/usr/lib64/binutils/x86_64-pc-linux-gnu/2.23.1" +FAKE_TARGETS="x86_64-pc-linux-gnu" diff --git a/etckeeper/commit.d/99push b/etckeeper/commit.d/99push new file mode 100755 index 0000000..9a5d81e --- /dev/null +++ b/etckeeper/commit.d/99push @@ -0,0 +1,8 @@ +#!/bin/sh +if [ -n "$PUSH_REMOTE" ]; then + if [ "$VCS" = git ] && [ -d .git ]; then + git push "$PUSH_REMOTE" master || true + else + echo "PUSH_REMOTE not yet supported for $VCS" >&2 + fi +fi diff --git a/etckeeper/etckeeper.conf b/etckeeper/etckeeper.conf index b910c8a..9492c8f 100644 --- a/etckeeper/etckeeper.conf +++ b/etckeeper/etckeeper.conf @@ -30,7 +30,7 @@ DARCS_COMMIT_OPTIONS="-a" #AVOID_COMMIT_BEFORE_INSTALL=1 # The high-level package manager that's being used. -# (apt, pacman-g2, yum etc) +# (apt, pacman-g2, yum, zypper etc) # For gentoo this is emerge HIGHLEVEL_PACKAGE_MANAGER=emerge @@ -38,3 +38,7 @@ HIGHLEVEL_PACKAGE_MANAGER=emerge # (dpkg, rpm, pacman-g2, etc) # For gentoo this is qlist LOWLEVEL_PACKAGE_MANAGER=qlist + +# To push each commit to a remote, put the name of the remote here. +# (eg, "origin" for git). +PUSH_REMOTE="" diff --git a/etckeeper/pre-commit.d/30store-metadata b/etckeeper/pre-commit.d/30store-metadata index 455429a..d445db1 100755 --- a/etckeeper/pre-commit.d/30store-metadata +++ b/etckeeper/pre-commit.d/30store-metadata @@ -81,14 +81,16 @@ generate_metadata() { if (exists $uidcache{$want}) { return $uidcache{$want}; } - return $uidcache{$want}=scalar getpwuid($want); + my $name=scalar getpwuid($want); + return $uidcache{$want}=defined $name ? $name : $want; } sub gidname { my $want=shift; if (exists $gidcache{$want}) { return $gidcache{$want}; } - return $gidcache{$want}=scalar getgrgid($want); + my $name=scalar getgrgid($want); + return $gidcache{$want}=defined $name ? $name : $want; } chomp; my @stat=stat($_); diff --git a/etckeeper/uninit.d/50vcs-uninit b/etckeeper/uninit.d/50vcs-uninit index 803b0b5..b61abfd 100755 --- a/etckeeper/uninit.d/50vcs-uninit +++ b/etckeeper/uninit.d/50vcs-uninit @@ -21,9 +21,9 @@ if ! grep -q "$managed_by_etckeeper" "$file"; then exit 0 else realfile="$file" - if [ -n "`type -p tempfile`" ]; then + if which tempfile >/dev/null 2>&1 || type -p tempfile >/dev/null 2>&1; then tempfile="tempfile" - elif [ -n "`type -p mktemp`" ]; then + elif which mktemp >/dev/null 2>&1 || type -p mktemp >/dev/null 2>&1; then tempfile="mktemp" else echo "etckeeper warning: can't find tempfile or mktemp" >&2 diff --git a/etckeeper/update-ignore.d/01update-ignore b/etckeeper/update-ignore.d/01update-ignore index 46d8162..d59ad14 100755 --- a/etckeeper/update-ignore.d/01update-ignore +++ b/etckeeper/update-ignore.d/01update-ignore @@ -149,6 +149,7 @@ writefile () { ignore "openvpn/openvpn-status.log" ignore "cups/subscriptions.conf" ignore "cups/subscriptions.conf.O" + ignore "fake-hwclock.data" nl comment "editor temp files" @@ -174,9 +175,9 @@ if [ -e "$file" ]; then fi fi realfile="$file" - if [ -n "`type -p tempfile`" ]; then + if which tempfile >/dev/null 2>&1 || type -p tempfile >/dev/null 2>&1; then tempfile="tempfile" - elif [ -n "`type -p mktemp`" ]; then + elif which mktemp >/dev/null 2>&1 || type -p mktemp >/dev/null 2>&1; then tempfile="mktemp" else echo "etckeeper warning: can't find tempfile or mktemp" >&2 diff --git a/init.d/memcached b/init.d/memcached index 6c9d2a6..facaf5c 100755 --- a/init.d/memcached +++ b/init.d/memcached @@ -1,17 +1,17 @@ #!/sbin/runscript -# $Header: /var/cvsroot/gentoo-x86/net-misc/memcached/files/1.3.3/init,v 1.2 2011/12/31 20:36:20 idl0r Exp $ +# $Header: /var/cvsroot/gentoo-x86/net-misc/memcached/files/1.3.3/init,v 1.3 2012/12/23 18:05:21 robbat2 Exp $ CONF="${SVCNAME#*.}" CONFBASE="/etc/conf.d/memcached" [ -z "${PIDBASE}" ] && PIDBASE="/var/run/memcached/memcached" -[ "${CONF}" == "memcached" ] && CONF='' +[ "${CONF}" = "memcached" ] && CONF='' if [ -n "${CONF}" ]; then PIDFILE="${PIDBASE}-${PORT}.${CONF}.pid" CONFSRC="${CONFBASE}.${CONF}" if [ -f "${CONFSRC}" ]; then - source "${CONFSRC}" + . "${CONFSRC}" else eerror "The configuration file $CONFSRC was not found!" fi diff --git a/init.d/salt.master b/init.d/salt.master deleted file mode 100755 index 47470d2..0000000 --- a/init.d/salt.master +++ /dev/null @@ -1,19 +0,0 @@ -#!/sbin/runscript - -depend() { - use clock - need net netmount -} - -start() { - ebegin "Starting salt master" - start-stop-daemon --start --pidfile /var/run/salt-master.pid --exec /usr/bin/salt-master -- --daemon ${SALT_MASTER_OPTIONS} - eend $? "Failed to start salt master" -} - -stop() { - ebegin "Stopping salt master" - start-stop-daemon --stop --pidfile /var/run/salt-master.pid - eend $? "Failed to stop salt master" -} - diff --git a/init.d/salt.minion b/init.d/salt.minion deleted file mode 100755 index 6e10fac..0000000 --- a/init.d/salt.minion +++ /dev/null @@ -1,19 +0,0 @@ -#!/sbin/runscript - -depend() { - use clock - need net netmount -} - -start() { - ebegin "Starting salt minion" - start-stop-daemon --start --pidfile /var/run/salt-minion.pid --exec /usr/bin/salt-minion -- --daemon ${SALT_MINION_OPTIONS} - eend $? "Failed to start salt minion" -} - -stop() { - ebegin "Stopping salt minion" - start-stop-daemon --stop --pidfile /var/run/salt-minion.pid - eend $? "Failed to stop salt minion" -} - diff --git a/init.d/saslauthd b/init.d/saslauthd index a5e9a44..d6b453e 100755 --- a/init.d/saslauthd +++ b/init.d/saslauthd @@ -1,7 +1,7 @@ #!/sbin/runscript -# Copyright 1999-2007 Gentoo Foundation +# Copyright 1999-2013 Gentoo Foundation # Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/dev-libs/cyrus-sasl/files/saslauthd2.rc6,v 1.7 2007/04/07 13:03:55 chtekk Exp $ +# $Header: /var/cvsroot/gentoo-x86/dev-libs/cyrus-sasl/files/saslauthd2.rc7,v 1.1 2013/07/13 12:01:10 pacho Exp $ depend() { need net @@ -16,6 +16,6 @@ start() { stop() { ebegin "Stopping saslauthd" - start-stop-daemon --stop --quiet --pidfile /var/lib/sasl2/saslauthd.pid + start-stop-daemon --stop --quiet --pidfile /run/saslauthd/saslauthd.pid eend $? } diff --git a/init.d/stunnel b/init.d/stunnel index cf33c04..4d3202b 100755 --- a/init.d/stunnel +++ b/init.d/stunnel @@ -1,73 +1,43 @@ #!/sbin/runscript -# Copyright 1999-2009 Gentoo Foundation +# Copyright 1999-2013 Gentoo Foundation # Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/net-misc/stunnel/files/stunnel.initd-start-stop-daemon,v 1.3 2013/06/16 16:04:11 blueness Exp $ -# Default pidfile location -DEFAULT_PIDFILE="/var/run/stunnel/stunnel.pid" -FILES="/etc/stunnel/*.conf" -DAEMON="/usr/sbin/stunnel" +SERVICENAME=${SVCNAME#*.} +SERVICENAME=${SERVICENAME:-stunnel} +STUNNEL_CONFIGFILE=${STUNNEL_CONFIGFILE:-/etc/stunnel/${SERVICENAME}.conf} depend() { - need net + need net before logger } -get_pids() { - local file=${1} - if test -f ${file} ; then - CHROOT=$(grep "^chroot" ${file} | sed "s;.*= *;;") - PIDFILE=$(grep "^pid" ${file} | sed "s;.*= *;;") - if [ "${PIDFILE}" == "" ] ; then - PIDFILE="${DEFAULT_PIDFILE}" - fi - if test -f ${CHROOT}/${PIDFILE} ; then - cat ${CHROOT}/${PIDFILE} - fi - fi +get_config() { + if [ ! -e ${STUNNEL_CONFIGFILE} ] ; then + eerror "You need to create ${STUNNEL_CONFIGFILE} first." + return 1 + fi + CHROOT=$(grep "^chroot" ${STUNNEL_CONFIGFILE} | sed "s;.*= *;;") + [ -n "${CHROOT}" ] && CHROOT="--chroot ${CHROOT}" + PIDFILE=$(grep "^pid" ${STUNNEL_CONFIGFILE} | sed "s;.*= *;;") + PIDFILE=${PIDFILE:-/var/run/stunnel/${SERVICENAME}.pid} } start() { - rm -rf /var/run/stunnel/*.pid - ebegin "Starting stunnel" - for file in ${FILES} ; do - if test -f "${file}" ; then - ARGS="${file} ${STUNNEL_OPTIONS}" - PROCLIST="$(get_pids ${file})" - CHROOT=$(grep "^chroot" ${file} | sed "s;.*= *;;") - PIDFILE=$(grep "^pid" ${file} | sed "s;.*= *;;") - if [ "${PROCLIST}" ] && kill -0 ${PROCLIST} 2> /dev/null ; then - ewarn " already running: ${file} " - elif ${DAEMON} ${ARGS} ; then - if ! test -f ${CHROOT}/${PIDFILE} ; then - # give the daemon time to create the pid file - # See bug #308931 for more details - sleep 0.5s - fi - if test -f ${CHROOT}/${PIDFILE} ; then - einfo " ${file}" - else - eerror " error starting: ${file}" - fi - fi - fi - done - eend $? + get_config || return 1 + checkpath -d -m 0775 -o root:stunnel /var/run/stunnel + if [ "$(dirname ${PIDFILE})" != "/var/run" ]; then + checkpath -d -m 0755 -o stunnel:stunnel -q $(dirname ${PIDFILE}) + fi + ebegin "Starting ${SVCNAME}" + start-stop-daemon --start --pidfile "${PIDFILE}" ${CHROOT} \ + --exec /usr/bin/stunnel -- ${STUNNEL_CONFIGFILE} ${STUNNEL_OPTIONS} + eend $? "Failed to start ${SVCNAME}" } stop() { - ebegin "Stopping stunnel" - for file in ${FILES} ; do - PROCLIST=$(get_pids ${file}) - if [ "${PROCLIST}" ] && kill -0 ${PROCLIST} 2> /dev/null ; then - kill ${PROCLIST} - einfo " ${file} " - fi - done - eend $? -} - -restart() { - svc_stop - sleep 1 - svc_start + get_config || return 1 + ebegin "Stopping ${SVCNAME}" + start-stop-daemon --stop --quiet --pidfile ${PIDFILE} + eend $? "Failed to stop ${SVCNAME}" } diff --git a/init.d/syslog-ng b/init.d/syslog-ng index e41d874..318b3a8 100755 --- a/init.d/syslog-ng +++ b/init.d/syslog-ng @@ -1,61 +1,59 @@ #!/sbin/runscript -# Copyright 1999-2011 Gentoo Foundation +# Copyright 1999-2013 Gentoo Foundation # Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/app-admin/syslog-ng/files/syslog-ng.rc6.3,v 1.5 2011/12/04 09:53:39 swegener Exp $ +# $Header: /var/cvsroot/gentoo-x86/app-admin/syslog-ng/files/3.4/syslog-ng.rc6,v 1.5 2013/05/08 20:12:59 mr_bones_ Exp $ +SYSLOG_NG_CONFIGFILE=${SYSLOG_NG_CONFIGFILE:-/etc/syslog-ng/${RC_SVCNAME}.conf} +SYSLOG_NG_STATEFILE_DIR=${SYSLOG_NG_STATEFILE_DIR:-/var/lib/syslog-ng} +SYSLOG_NG_STATEFILE=${SYSLOG_NG_STATEFILE:-${SYSLOG_NG_STATEFILE_DIR}/syslog-ng.persist} +SYSLOG_NG_PIDFILE_DIR=${SYSLOG_NG_PIDFILE_DIR:-/var/run} +SYSLOG_NG_PIDFILE=${SYSLOG_NG_PIDFILE:-${SYSLOG_NG_PIDFILE_DIR}/${RC_SVCNAME}.pid} + +SYSLOG_NG_GROUP=${SYSLOG_NG_GROUP:-root} +SYSLOG_NG_USER=${SYSLOG_NG_USER:-root} + +command="syslog-ng" +command_args="--persist-file \"${SYSLOG_NG_STATEFILE}\" --cfgfile \"${SYSLOG_NG_CONFIGFILE}\" --pidfile \"${SYSLOG_NG_PIDFILE}\" ${SYSLOG_NG_OPTS}" extra_commands="checkconfig" extra_started_commands="reload" +pidfile="${SYSLOG_NG_PIDFILE}" +start_stop_daemon_args="--user \"${SYSLOG_NG_USER}\":\"${SYSLOG_NG_GROUP}\"" +description="Syslog-ng is a syslog replacement with advanced filtering features." +description_checkconfig="Check the configuration file that will be used by \"start\"" +description_reload="Reload the configuration without exiting" +required_files="${SYSLOG_NG_CONFIGFILE}" +required_dirs="${SYSLOG_NG_PIDFILE_DIR}" depend() { - # Make networking dependency conditional on configuration - case $(sed 's/#.*//' /etc/syslog-ng/syslog-ng.conf) in - *source*tcp*|*source*udp*|*destination*tcp*|*destination*udp*) - need net - use stunnel ;; - esac - - config /etc/syslog-ng/syslog-ng.conf use clock need hostname localmount + after bootmisc provide logger } checkconfig() { - if [ ! -e /etc/syslog-ng/syslog-ng.conf ] ; then - eerror "You need to create /etc/syslog-ng/syslog-ng.conf first." - eerror "An example can be found in /etc/syslog-ng/syslog-ng.conf.sample" - return 1 - fi - syslog-ng -s -f /etc/syslog-ng/syslog-ng.conf - - # the start and reload functions have their own eends so - # avoid calling this twice when there are no problems - [ $? -eq 0 ] || eend $? "Configuration error. Please fix your configfile (/etc/syslog-ng/syslog-ng.conf)" + ebegin "Checking your configfile (${SYSLOG_NG_CONFIGFILE})" + syslog-ng -s -f "${SYSLOG_NG_CONFIGFILE}" + eend $? "Configuration error. Please fix your configfile (${SYSLOG_NG_CONFIGFILE})" } -start() { - checkconfig || return 1 - ebegin "Starting syslog-ng" - [ -n "${SYSLOG_NG_OPTS}" ] && SYSLOG_NG_OPTS="-- ${SYSLOG_NG_OPTS}" - start-stop-daemon --start --pidfile /var/run/syslog-ng.pid --exec /usr/sbin/syslog-ng ${SYSLOG_NG_OPTS} - eend $? "Failed to start syslog-ng" +start_pre() { + checkconfig || return 1 + checkpath \ + -d \ + --mode 0700 \ + --owner "${SYSLOG_NG_OWNER}:${SYSLOG_NG_GROUP}" \ + "${SYSLOG_NG_STATEFILE_DIR}" } -stop() { - ebegin "Stopping syslog-ng" - start-stop-daemon --stop --pidfile /var/run/syslog-ng.pid - eend $? "Failed to stop syslog-ng" - sleep 1 # needed for syslog-ng to stop in case we're restarting +stop_pre() { + [ "$RC_CMD" = restart ] && sleep 1 + return 0 } reload() { - if [ ! -f /var/run/syslog-ng.pid ]; then - eerror "syslog-ng isn't running" - return 1 - fi checkconfig || return 1 ebegin "Reloading configuration and re-opening log files" - start-stop-daemon --signal HUP \ - --pidfile /var/run/syslog-ng.pid + start-stop-daemon --signal HUP --pidfile "${pidfile}" eend $? } diff --git a/portage/make.conf b/portage/make.conf index 2e2a5dd..59cf115 100644 --- a/portage/make.conf +++ b/portage/make.conf @@ -70,7 +70,7 @@ USE="3dnow X acl apache2 audit bash-completion bazaar bzip2 caps cgi cvs curl \ gnutls gpg gpm graphviz gs gsl gsm gtk guile hscolour html i18n icu idn imagemagick imap ipv6 ithreads \ jadetex java javascript jbig jpeg jpeg2k json kerberos lasi ldap libwww lua \ lzma lzo maildir mailwrapper mercurial mmx mmxext modperl modplug motif mp3 mysql \ - nis numpy odbc ogg openexr openldap pam pch pcre pdf perl pic png php postgres postscript python rar samba sasl \ + nis nss numpy odbc ogg openexr openldap openssl pam pch pcre pdf perl pic png php postgres postscript python rar samba sasl \ session smtp snmp soap spamassassin speex spell sqlite sqlite3 sse sse2 ssh \ subversion svg syslog theora tiff tk truetype unicode vhosts vim-syntax \ vorbis wmf x264 xattr xml xmlrpc xpm xsl xslt xvid zlib diff --git a/portage/package.keywords b/portage/package.keywords index 0700972..642e7d9 100644 --- a/portage/package.keywords +++ b/portage/package.keywords @@ -217,7 +217,9 @@ ~dev-php/PEAR-XML_Feed_Parser-1.0.5 dev-python/fbrehm-libs +~dev-python/jinja-2.7.1 ~dev-python/msgpack-0.1.12 +~dev-python/sphinx-1.1.3 ~dev-python/sphinxcontrib-googleanalytics-0.1 ~dev-python/stevedore-0.8 ~dev-python/virtualenv-clone-0.2.4 diff --git a/portage/package.use b/portage/package.use index cf60e27..5184386 100644 --- a/portage/package.use +++ b/portage/package.use @@ -1,7 +1,7 @@ app-admin/eselect-php fpm app-admin/sysstat cron app-admin/syslog-ng dbi spoof-source sql -app-admin/ulogd -doc +app-admin/ulogd -doc nfacct app-admin/webalizer geoip xtended app-antivirus/clamav clamdtop @@ -129,6 +129,7 @@ net-firewall/iptables extensions net-fs/samba oav quotas syslog +net-ftp/lftp -gnutls # net-ftp/proftpd authfile ifsession rewrite shaper sitemisc softquota vroot net-ftp/proftpd authfile ban case copy ctrls deflate diskuse dso exec ident ifsession ifversion -kerberos memcache openssl qos ratio readme rewrite sftp shaper sitemisc softquota vroot diff --git a/postfix/main.cf b/postfix/main.cf index a3de299..b47d5a0 100644 --- a/postfix/main.cf +++ b/postfix/main.cf @@ -640,7 +640,7 @@ setgid_group = postdrop # html_directory: The location of the Postfix HTML documentation. # -html_directory = /usr/share/doc/postfix-2.10.0/html +html_directory = /usr/share/doc/postfix-2.10.1/html # manpage_directory: The location of the Postfix on-line manual pages. # @@ -653,7 +653,7 @@ sample_directory = /etc/postfix # readme_directory: The location of the Postfix README files. # -readme_directory = /usr/share/doc/postfix-2.10.0/readme +readme_directory = /usr/share/doc/postfix-2.10.1/readme home_mailbox = .maildir/ broken_sasl_auth_clients = yes diff --git a/profile.env b/profile.env index 1928fd2..f3a3a9a 100644 --- a/profile.env +++ b/profile.env @@ -9,7 +9,7 @@ export GCC_SPECS='' export GSETTINGS_BACKEND='gconf' export GUILE_LOAD_PATH='/usr/share/guile/1.8' export HG='/usr/bin/hg' -export INFOPATH='/usr/share/info:/usr/share/gcc-data/x86_64-pc-linux-gnu/4.6.3/info:/usr/share/binutils-data/x86_64-pc-linux-gnu/2.22/info' +export INFOPATH='/usr/share/info:/usr/share/gcc-data/x86_64-pc-linux-gnu/4.6.3/info:/usr/share/binutils-data/x86_64-pc-linux-gnu/2.23.1/info' export LANG='de_DE.UTF-8' export LC_ADDRESS='de_DE.utf8' export LC_COLLATE='de_DE.utf8' @@ -25,10 +25,11 @@ export LC_TELEPHONE='de_DE.utf8' export LC_TIME='de_DE.utf8' export LESS='-R -M --shift 5' export LESSOPEN='|lesspipe %s' -export MANPATH='/usr/local/share/man:/usr/share/man:/usr/share/gcc-data/x86_64-pc-linux-gnu/4.6.3/man:/usr/share/binutils-data/x86_64-pc-linux-gnu/2.22/man:/etc/java-config-2/current-system-vm/man/:/usr/lib64/php5.3/man/:/usr/lib64/php5.4/man/:/usr/share/postgresql/man/:/usr/share/postgresql-9.2/man/' +export MANPATH='/usr/local/share/man:/usr/share/man:/usr/share/gcc-data/x86_64-pc-linux-gnu/4.6.3/man:/usr/share/binutils-data/x86_64-pc-linux-gnu/2.23.1/man:/etc/java-config-2/current-system-vm/man/:/usr/lib64/php5.3/man/:/usr/lib64/php5.4/man/:/usr/share/postgresql/man/:/usr/share/postgresql-9.2/man/' export MULTIOSDIRS='../lib64:../lib32' export OPENGL_PROFILE='xorg-x11' export PATH='/opt/bin:/usr/x86_64-pc-linux-gnu/gcc-bin/4.6.3:/usr/lib64/subversion/bin' +export PRELINK_PATH_MASK='/usr/lib64/libfreebl3.so:/usr/lib64/libnssdbm3.so:/usr/lib64/libsoftokn3.so' export PYTHONDOCS_2_7='/usr/share/doc/python-docs-2.7.3/html/library' export PYTHONDOCS_3_2='/usr/share/doc/python-docs-3.2.3/html/library' export ROOTPATH='/opt/bin:/usr/x86_64-pc-linux-gnu/gcc-bin/4.6.3:/usr/lib64/subversion/bin' diff --git a/revdep-rebuild/61-icedtea-bin-6 b/revdep-rebuild/61-icedtea-bin-6 index c0eed0b..6aa5fac 100644 --- a/revdep-rebuild/61-icedtea-bin-6 +++ b/revdep-rebuild/61-icedtea-bin-6 @@ -1 +1 @@ -SEARCH_DIRS_MASK="/opt/icedtea-bin-6.1.12.5" +SEARCH_DIRS_MASK="/opt/icedtea-bin-6.1.12.6" diff --git a/salt/master.template b/salt/master.template deleted file mode 100644 index 6105a89..0000000 --- a/salt/master.template +++ /dev/null @@ -1,204 +0,0 @@ -# DO NOT MODIFY THIS FILE. Copy it to: /etc/salt/master -##### Primary configuration settings ##### -########################################## -# The address of the interface to bind to -#interface: 0.0.0.0 - -# The port used by the publisher -#publish_port: 4505 - -# The user to run salt -#user: root - -# The number of worker threads to start, these threads are used to manage -# return calls made from minions to the master, if the master seems to be -# running slowly, increase the number of threads -#worker_threads: 5 - -# The port used by the communication interface -#ret_port: 4506 - -# The root directory prepended to these options: pki_dir, cachedir, -# sock_dir, log_file. -#root_dir: / - -# Directory used to store public key data -#pki_dir: /etc/salt/pki - -# Directory to store job and cache data -#cachedir: /var/cache/salt - -# Set the number of hours to keep old job information -#keep_jobs: 24 - -# Set the default timeout for the salt command and api, the default is 5 -# seconds -#timeout: 5 - -# Set the directory used to hold unix sockets -#sock_dir: /tmp/salt-unix - -# Set the acceptance level for serialization of messages. This should only be -# set if the master is newer than 0.9.5 and the minion are older. This option -# allows a 0.9.5 and newer master to communicate with minions 0.9.4 and -# earlier. It is not recommended to keep this setting on if the minions are -# all 0.9.5 or higher, as leaving pickle as the serialization medium is slow -# and opens up security risks -# -#serial: msgpack - -##### Security settings ##### -########################################## -# Enable "open mode", this mode still maintains encryption, but turns off -# authentication, this is only intended for highly secure environments or for -# the situation where your keys end up in a bad state. If you run in open mode -# you do so at your own risk! -#open_mode: False - -# Enable auto_accept, this setting will automatically accept all incoming -# public keys from the minions. Note that this is insecure. -#auto_accept: False - -##### State System settings ##### -########################################## -# The state system uses a "top" file to tell the minions what environment to -# use and what modules to use. The state_top file is defined relative to the -# root of the base environment. -#state_top: top.sls -# -# The external_nodes option allows Salt to gather data that would normally be -# placed in a top file. The external_nodes option is the executable that will -# return the ENC data. Remember that Salt will look for external nodes AND top -# files and combine the results if both are enabled! -#external_nodes: None -# -# The renderer to use on the minions to render the state data -#renderer: yaml_jinja -# -# The failhard option tells the minions to stop immediately after the first -# failure detected in the state execution, defaults to False -#failhard: False - -##### File Server settings ##### -########################################## -# Salt runs a lightweight file server written in zeromq to deliver files to -# minions. This file server is built into the master daemon and does not -# require a dedicated port. - -# The file server works on environments passed to the master, each environment -# can have multiple root directories, the subdirectories in the multiple file -# roots cannot match, otherwise the downloaded files will not be able to be -# reliably ensured. A base environment is required to house the top file. -# Example: -# file_roots: -# base: -# - /srv/salt/ -# dev: -# - /srv/salt/dev/services -# - /srv/salt/dev/states -# prod: -# - /srv/salt/prod/services -# - /srv/salt/prod/states -# -# Default: -#file_roots: -# base: -# - /srv/salt - -# The hash_type is the hash to use when discovering the hash of a file on -# the master server, the default is md5, but sha1, sha224, sha256, sha384 -# and sha512 are also supported. -#hash_type: md5 - -# The buffer size in the file server can be adjusted here: -#file_buffer_size: 1048576 - -##### Syndic settings ##### -########################################## -# The Salt syndic is used to pass commands through a master from a higher -# master. Using the syndic is simple, if this is a master that will have -# syndic servers(s) below it set the "order_masters" setting to True, if this -# is a master that will be running a syndic daemon for passthrough the -# "syndic_master" setting needs to be set to the location of the master server -# to recieve commands from. -# -# Set the order_masters setting to True if this master will command lower -# masters' syndic interfaces. -#order_masters: False -# -# If this master will be running a salt syndic daemon, syndic_master tells -# this master where to recieve commands from. -#syndic_master: masterofmaster - -##### Peer Publish settings ##### -########################################## -# Salt minions can send commands to other minions, but only if the minion is -# allowed to. By default "Peer Publication" is disabled, and when enabled it -# is enabled for specific minions and specific commands. This allows secure -# compartmentalization of commands based on individual minions. -# -# The configuration uses regular expressions to match minions and then a list -# of regular expressions to match functions. The following will allow the -# minion authenticated as foo.example.com to execute functions from the test -# and pkg modules. -# peer: -# foo.example.com: -# - test.* -# - pkg.* -# -# This will allow all minions to execute all commands: -# peer: -# .*: -# - .* -# This is not recomanded, since it would allow anyone who gets root on any -# single minion to instantly have root on all of the minions! -# - -##### Cluster settings ##### -########################################## -# Salt supports automatic clustering, salt creates a single ip address which -# is shared among the individual salt components using ucarp. The private key -# and all of the minion keys are maintained across the defined cluster masters. -# The failover service is automatically managed via these settings - -# List the identifiers for the other cluster masters in this manner: -# [saltmaster-01.foo.com,saltmaster-02.foo.com,saltmaster-03.foo.com] -# The members of this master array must be running as salt minions to -# facilitate the distribution of cluster information -#cluster_masters: [] - -# The cluster modes are "paranoid" and "full" -# paranoid will only distribute the accepted minion public keys. -# full will also distribute the master private key. -#cluster_mode: paranoid - - -##### Logging settings ##### -########################################## -# The location of the master log file -#log_file: /var/log/salt/master -# -# The level of messages to send to the log file. -# One of 'info', 'quiet', 'critical', 'error', 'debug', 'warning'. -# Default: 'warning' -#log_level: warning -# -# Logger levels can be used to tweak specific loggers logging levels. -# For example, if you want to have the salt library at the 'warning' level, -# but you still wish to have 'salt.modules' at the 'debug' level: -# log_granular_levels: -# 'salt': 'warning', -# 'salt.modules': 'debug' -# -#log_granular_levels: {} - - -##### Node Groups ##### -########################################## -# Node groups allow for logical groupings of minion nodes. -# A group consists of a group name and a compound target. -# -# nodegroups: -# group1: 'L@foo.domain.com,bar.domain.com,baz.domain.com and bl*.domain.com', -# group2: 'G@os:Debian and foo.domain.com', - diff --git a/salt/minion.template b/salt/minion.template deleted file mode 100644 index 59c5700..0000000 --- a/salt/minion.template +++ /dev/null @@ -1,155 +0,0 @@ -# DO NOT MODIFY THIS FILE. Copy it to: /etc/salt/minion -##### Primary configuration settings ##### -########################################## -# Set the location of the salt master server, if the master server cannot be -# resolved, then the minion will fail to start. -#master: salt - -# Set the port used by the master reply and authentication server -#master_port: 4506 - -# The user to run salt -#user: root - -# The root directory prepended to these options: pki_dir, cachedir, log_file. -#root_dir: / - -# The directory to store the pki information in -#pki_dir: /etc/salt/pki - -# Explicitly declare the id for this minion to use, if left commented the id -# will be the hostname as returned by the python call: socket.getfqdn() -# Since salt uses detached ids it is possible to run multiple minions on the -# same machine but with different ids, this can be useful for salt compute -# clusters. -#id: - -# If the the connection to the server is interrupted, the minion will -# attempt to reconnect. sub_timeout allows you to control the rate -# of reconnection attempts (in seconds). To disable reconnects, set -# this value to 0. -#sub_timeout: 60 - -# Where cache data goes -#cachedir: /var/cache/salt - -# The minion can locally cache the return data from jobs sent to it, this -# can be a good way to keep track of jobs the minion has executed -# (on the minion side). By default this feature is disabled, to enable -# set cache_jobs to True -#cache_jobs: False - -# When waiting for a master to accept the minion's public key, salt will -# continuously attempt to reconnect until successful. This is the time, in -# seconds, between those reconnection attempts. -#acceptance_wait_time = 10 - - - -##### Minion module management ##### -########################################## -# Disable specific modules. This allows the admin to limit the level of -# access the master has to the minion -#disable_modules: [cmd,test] -#disable_returners: [] -# -# Modules can be loaded from arbitrary paths. This enables the easy deployment -# of third party modules. Modules for returners and minions can be loaded. -# Specify a list of extra directories to search for minion modules and -# returners. These paths must be fully qualified! -#module_dirs: [] -#returner_dirs: [] -#states_dirs: [] -#render_dirs: [] -# -# Enable Cython modules searching and loading. (Default: False) -#cython_enable: False - -##### State Management Settings ##### -########################################### -# The state management system executes all of the state templates on the minion -# to enable more granular control of system state management. The type of -# template and serialization used for state management needs to be configured -# on the minion, the default renderer is yaml_jinja. This is a yaml file -# rendered from a jinja template, the available options are: -# yaml_jinja -# yaml_mako -# json_jinja -# json_mako -# -#renderer: yaml_jinja -# -# state_verbose allows for the data returned from the minion to be more -# verbose. Normaly only states that fail or states that have changes are -# returned, but setting state_verbose to True will return all states that -# were checked -#state_verbose: False -# -# autoload_dynamic_modules Turns on automatic loading of modules found in the -# environments on the master. This is turned on by default, to turn of -# autoloading modules when states run set this value to False -#autoload_dynamic_modules: True -# -# clean_dynamic_modules keeps the dynamic modules on the minion in sync with -# the dynamic modules on the master, this means that if a dynamic module is -# not on the master it will be deleted from the minion. By default this is -# enabled and can be disabled by changing this value to False -#clean_dynamic_modules: True -# -# Normally the minion is not isolated to any single environment on the master -# when running states, but the environment can be isolated on the minion side -# by statically setting it. Remember that the recommended way to manage -# environments is to issolate via the top file. -#environment: None - -###### Security settings ##### -########################################### -# Enable "open mode", this mode still maintains encryption, but turns off -# authentication, this is only intended for highly secure environments or for -# the situation where your keys end up in a bad state. If you run in open mode -# you do so at your own risk! -#open_mode: False - - -###### Thread settings ##### -########################################### -# Disable multiprocessing support, by default when a minion receives a -# publication a new process is spawned and the command is executed therein. -#multiprocessing: True - -###### Logging settings ##### -########################################### -# The location of the minion log file -#log_file: /var/log/salt/minion -# -# The level of messages to send to the log file. -# One of 'info', 'quiet', 'critical', 'error', 'debug', 'warning'. -# Default: 'warning' -#log_level: warning -# -# Logger levels can be used to tweak specific loggers logging levels. -# For example, if you want to have the salt library at the 'warning' level, -# but you still wish to have 'salt.modules' at the 'debug' level: -# log_granular_levels: { -# 'salt': 'warning', -# 'salt.modules': 'debug' -# } -# -#log_granular_levels: {} - -###### Module configuration ##### -########################################### -# Salt allows for modules to be passed arbitrary configuration data, any data -# passed here in valid yaml format will be passed on to the salt minion modules -# for use. It is STRONGLY recommended that a naming convention be used in which -# the module name is followed by a . and then the value. Also, all top level -# data must be applied via the yaml dict construct, some examples: -# -# A simple value for the test module: -#test.foo: foo -# -# A list for the test module: -#test.bar: [baz,quo] -# -# A dict for the test module: -#test.baz: {spam: sausage, cheese: bread} diff --git a/smartd.conf b/smartd.conf index 7605d5c..5ef85b1 100644 --- a/smartd.conf +++ b/smartd.conf @@ -2,7 +2,7 @@ # Home page is: http://smartmontools.sourceforge.net -# $Id: smartd.conf 3128 2010-07-27 13:08:31Z chrfranke $ +# $Id: smartd.conf 3651 2012-10-18 15:11:36Z samm2 $ # smartd will re-read the configuration file if it receives a HUP # signal @@ -83,10 +83,11 @@ DEVICESCAN #/dev/twa0 -d 3ware,1 -a -s L/../../2/03 # Monitor 2 SATA (not SAS) disks connected to a 3ware 9000 controller which -# uses the 3w-sas driver (Linux, FreeBSD). Start long self-tests Tuesdays +# uses the 3w-sas driver (Linux). Start long self-tests Tuesdays # between 1-2 and 3-4 am. +# On FreeBSD /dev/tws0 should be used instead #/dev/twl0 -d 3ware,0 -a -s L/../../2/01 -#/dev/twa0 -d 3ware,1 -a -s L/../../2/03 +#/dev/twl0 -d 3ware,1 -a -s L/../../2/03 # Same as above for Windows. Option '-d 3ware,N' is not necessary, # disk (port) number is specified in device name. diff --git a/smartd_warning.sh b/smartd_warning.sh new file mode 100755 index 0000000..91f4f89 --- /dev/null +++ b/smartd_warning.sh @@ -0,0 +1,214 @@ +#! /bin/sh +# +# smartd warning script +# +# Copyright (C) 2012-13 Christian Franke +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2, or (at your option) +# any later version. +# +# You should have received a copy of the GNU General Public License +# (for example COPYING); If not, see . +# +# $Id: smartd_warning.sh.in 3784 2013-03-06 22:02:54Z chrfranke $ +# + +set -e + +# Set by config.status +PACKAGE="smartmontools" +VERSION="6.1" +prefix="/usr" +sysconfdir="/etc" + +# Default mailer +os_mailer="mail" + +# Plugin directory +plugindir="$sysconfdir/smartd_warning.d" + +# Parse options +dryrun= +case $1 in + --dryrun) dryrun=t; shift ;; +esac + +if [ $# != 0 ]; then + cat <&2 + exit 1 +fi + +# Get host and domain names +for cmd in 'hostname' 'uname -n' 'echo "${HOSTNAME?unset}"' 'echo "[Unknown]"'; do + hostname=`eval $cmd 2>/dev/null` || continue + test -n "$hostname" || continue + break +done + +dnsdomain=${hostname#*.} +if [ "$dnsdomain" != "$hostname" ]; then + # BSD 'hostname' prints FQDN + hostname=${hostname%%.*} +else + # Linux Cygwin + for cmd in 'dnsdomainname' 'echo "${USERDNSDOMAIN?unset}"' 'echo'; do + dnsdomain=`eval $cmd 2>/dev/null` || continue + break + done +fi + +for cmd in 'nisdomainname' 'ypdomainname' 'domainname' 'echo'; do + nisdomain=`eval $cmd 2>/dev/null` || continue + break +done +test "$nisdomain" != "(none)" || nisdomain= + +case $OS in + Windows*) windomain=$USERDOMAIN ;; + *) windomain= ;; +esac + +# Format subject +export SMARTD_SUBJECT="SMART error (${SMARTD_FAILTYPE-[SMARTD_FAILTYPE]}) detected on host: $hostname" + +# Format message +fullmessage=` + echo "This message was generated by the smartd daemon running on:" + echo + echo " host name: $hostname" + echo " DNS domain: ${dnsdomain:-[Empty]}" + test -z "$nisdomain" || + echo " NIS domain: $nisdomain" + test -z "$windomain" || + echo " Win domain: $windomain" + echo + echo "The following warning/error was logged by the smartd daemon:" + echo + echo "${SMARTD_MESSAGE-[SMARTD_MESSAGE]}" + echo + echo "Device info:" + echo "${SMARTD_DEVICEINFO-[SMARTD_DEVICEINFO]}" + echo + echo "For details see host's SYSLOG." + if [ "$SMARTD_FAILTYPE" != "EmailTest" ]; then + echo + echo "You can also use the smartctl utility for further investigation." + test "$SMARTD_PREVCNT" = "0" || + echo "The original message about this issue was sent at ${SMARTD_TFIRST-[SMARTD_TFIRST]}" + case $SMARTD_NEXTDAYS in + '') echo "No additional messages about this problem will be sent." ;; + 1) echo "Another message will be sent in 24 hours if the problem persists." ;; + *) echo "Another message will be sent in $SMARTD_NEXTDAYS days if the problem persists." ;; + esac + fi +` + +# Export message with trailing newline +export SMARTD_FULLMESSAGE="$fullmessage +" + +# Run plugin scripts if requested +case " $SMARTD_ADDRESS" in + *\ @*) + if [ -n "$dryrun" ]; then + echo "export SMARTD_SUBJECT='$SMARTD_SUBJECT'" + echo "export SMARTD_FULLMESSAGE='$SMARTD_FULLMESSAGE'" + fi + + # Run ALL scripts if requested + case " $SMARTD_ADDRESS " in + *\ @ALL\ *) + for cmd in "$plugindir"/*; do + if [ -f "$cmd" ] && [ -x "$cmd" ]; then + if [ -n "$dryrun" ]; then + echo "$cmd &2 + fi + ;; + *) + SMARTD_ADDRESS="${SMARTD_ADDRESS:+ }$ad" + ;; + esac + done + + # Send email to remaining addresses + test -n "$SMARTD_ADDRESS" || exit 0 + ;; +esac + +# Send mail or run command +if [ -n "$SMARTD_ADDRESS" ]; then + + # Send mail, use platform mailer by default + test -n "$SMARTD_MAILER" || SMARTD_MAILER=$os_mailer + if [ -n "$dryrun" ]; then + echo "exec '$SMARTD_MAILER' -s '$SMARTD_SUBJECT' $SMARTD_ADDRESS <