From 3f1bd1646f6838fb4aa1b74b34b1932cc4634d3c Mon Sep 17 00:00:00 2001 From: Frank Brehm Date: Thu, 29 Jun 2017 07:21:01 +0200 Subject: [PATCH] saving uncommitted changes in /etc prior to emerge run --- .../etc/cron.daily/logrotate.dist.new | 2 +- config-archive/etc/default/grub | 2 +- config-archive/etc/default/grub.1 | 15 +++- config-archive/etc/default/grub.2 | 30 +++++-- config-archive/etc/default/grub.3 | 47 ++++++++++ config-archive/etc/default/grub.dist | 1 - config-archive/etc/logrotate.conf | 18 ++-- config-archive/etc/logrotate.conf.1 | 4 +- config-archive/etc/logrotate.conf.2 | 53 +++++++++++ config-archive/etc/logrotate.conf.dist | 1 - config-archive/etc/postfix/main.cf | 4 +- config-archive/etc/postfix/main.cf.1 | 4 +- config-archive/etc/postfix/main.cf.2 | 4 +- config-archive/etc/postfix/main.cf.3 | 11 ++- config-archive/etc/postfix/main.cf.4 | 5 +- config-archive/etc/postfix/main.cf.5 | 4 +- config-archive/etc/postfix/main.cf.6 | 5 +- config-archive/etc/postfix/main.cf.7 | 25 +++++- config-archive/etc/postfix/main.cf.8 | 6 +- config-archive/etc/postfix/main.cf.9 | 4 +- config-archive/etc/postfix/main.cf.dist | 4 +- config-archive/etc/ssh/sshd_config | 17 +++- config-archive/etc/ssh/sshd_config.1 | 18 +--- config-archive/etc/ssh/sshd_config.2 | 3 +- config-archive/etc/ssh/sshd_config.3 | 7 +- config-archive/etc/ssh/sshd_config.4 | 87 ++++--------------- config-archive/etc/ssh/sshd_config.5 | 7 +- config-archive/etc/ssh/sshd_config.6 | 26 ++++-- config-archive/etc/ssh/sshd_config.7 | 12 ++- config-archive/etc/ssh/sshd_config.8 | 18 +--- config-archive/etc/ssh/sshd_config.9 | 20 ++++- config-archive/etc/ssh/sshd_config.dist | 19 +--- default/grub | 1 - logrotate.conf | 1 - portage/package.use | 1 + postfix/main.cf | 4 +- ssh/sshd_config | 19 +--- 37 files changed, 298 insertions(+), 211 deletions(-) create mode 100644 config-archive/etc/default/grub.3 create mode 100644 config-archive/etc/logrotate.conf.2 diff --git a/config-archive/etc/cron.daily/logrotate.dist.new b/config-archive/etc/cron.daily/logrotate.dist.new index 67ff6265..4a026a73 100755 --- a/config-archive/etc/cron.daily/logrotate.dist.new +++ b/config-archive/etc/cron.daily/logrotate.dist.new @@ -5,4 +5,4 @@ EXITVALUE=$? if [ $EXITVALUE != 0 ]; then /usr/bin/logger -t logrotate "ALERT exited abnormally with [$EXITVALUE]" fi -exit 0 +exit $EXITVALUE diff --git a/config-archive/etc/default/grub b/config-archive/etc/default/grub index f9801015..c3872038 100644 --- a/config-archive/etc/default/grub +++ b/config-archive/etc/default/grub @@ -1,6 +1,6 @@ # Copyright 1999-2015 Gentoo Foundation # Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/sys-boot/grub/files/grub.default-3,v 1.5 2015/03/25 01:58:00 floppym Exp $ +# $Id$ # # To populate all changes in this file you need to regenerate your # grub configuration file afterwards: diff --git a/config-archive/etc/default/grub.1 b/config-archive/etc/default/grub.1 index c4b11376..f9801015 100644 --- a/config-archive/etc/default/grub.1 +++ b/config-archive/etc/default/grub.1 @@ -1,6 +1,6 @@ -# Copyright 1999-2014 Gentoo Foundation +# Copyright 1999-2015 Gentoo Foundation # Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/sys-boot/grub/files/grub.default-3,v 1.4 2014/10/16 04:04:02 floppym Exp $ +# $Header: /var/cvsroot/gentoo-x86/sys-boot/grub/files/grub.default-3,v 1.5 2015/03/25 01:58:00 floppym Exp $ # # To populate all changes in this file you need to regenerate your # grub configuration file afterwards: @@ -63,3 +63,14 @@ GRUB_DISABLE_LINUX_UUID=true # Uncomment to disable generation of recovery mode menu entries #GRUB_DISABLE_RECOVERY=true + +# Uncomment to disable generation of the submenu and put all choices on +# the top-level menu. +# Besides the visual affect of no sub menu, this makes navigation of the +# menu easier for a user who can't see the screen. +#GRUB_DISABLE_SUBMENU=y + +# Uncomment to play a tone when the main menu is displayed. +# This is useful, for example, to allow users who can't see the screen +# to know when they can make a choice on the menu. +#GRUB_INIT_TUNE="60 800 1" diff --git a/config-archive/etc/default/grub.2 b/config-archive/etc/default/grub.2 index 321487b3..c4b11376 100644 --- a/config-archive/etc/default/grub.2 +++ b/config-archive/etc/default/grub.2 @@ -1,23 +1,34 @@ -# Copyright 1999-2013 Gentoo Foundation +# Copyright 1999-2014 Gentoo Foundation # Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/sys-boot/grub/files/grub.default-2,v 1.4 2013/09/21 18:10:55 floppym Exp $ +# $Header: /var/cvsroot/gentoo-x86/sys-boot/grub/files/grub.default-3,v 1.4 2014/10/16 04:04:02 floppym Exp $ # # To populate all changes in this file you need to regenerate your # grub configuration file afterwards: # 'grub2-mkconfig -o /boot/grub/grub.cfg' # # See the grub info page for documentation on possible variables and -# their associated values. +# their associated values. GRUB_DISTRIBUTOR="Bruni (Gentoo)" +# Default menu entry GRUB_DEFAULT=0 -GRUB_HIDDEN_TIMEOUT=5 -GRUB_HIDDEN_TIMEOUT_QUIET=true + +# Boot the default entry this many seconds after the menu is displayed +#GRUB_TIMEOUT=5 GRUB_TIMEOUT=10 +#GRUB_TIMEOUT_STYLE=menu # Append parameters to the linux kernel command line -# GRUB_CMDLINE_LINUX="" +#GRUB_CMDLINE_LINUX="" +# +# Examples: +# +# Boot with network interface renaming disabled +# GRUB_CMDLINE_LINUX="net.ifnames=0" +# +# Boot with systemd instead of sysvinit (openrc) +# GRUB_CMDLINE_LINUX="init=/usr/lib/systemd/systemd" # Append parameters to the linux kernel command line for non-recovery entries #GRUB_CMDLINE_LINUX_DEFAULT="" @@ -31,6 +42,13 @@ GRUB_TIMEOUT=10 #GRUB_GFXMODE=640x480 GRUB_GFXMODE=800x600 +# Set to 'text' to force the Linux kernel to boot in normal text +# mode, 'keep' to preserve the graphics mode set using +# 'GRUB_GFXMODE', 'WIDTHxHEIGHT'['xDEPTH'] to set a particular +# graphics mode, or a sequence of these separated by commas or +# semicolons to try several modes in sequence. +#GRUB_GFXPAYLOAD_LINUX= + # Path to theme spec txt file. # The starfield is by default provided with use truetype. # NOTE: when enabling custom theme, ensure you have required font/etc. diff --git a/config-archive/etc/default/grub.3 b/config-archive/etc/default/grub.3 new file mode 100644 index 00000000..321487b3 --- /dev/null +++ b/config-archive/etc/default/grub.3 @@ -0,0 +1,47 @@ +# Copyright 1999-2013 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/sys-boot/grub/files/grub.default-2,v 1.4 2013/09/21 18:10:55 floppym Exp $ +# +# To populate all changes in this file you need to regenerate your +# grub configuration file afterwards: +# 'grub2-mkconfig -o /boot/grub/grub.cfg' +# +# See the grub info page for documentation on possible variables and +# their associated values. + +GRUB_DISTRIBUTOR="Bruni (Gentoo)" + +GRUB_DEFAULT=0 +GRUB_HIDDEN_TIMEOUT=5 +GRUB_HIDDEN_TIMEOUT_QUIET=true +GRUB_TIMEOUT=10 + +# Append parameters to the linux kernel command line +# GRUB_CMDLINE_LINUX="" + +# Append parameters to the linux kernel command line for non-recovery entries +#GRUB_CMDLINE_LINUX_DEFAULT="" + +# Uncomment to disable graphical terminal (grub-pc only) +#GRUB_TERMINAL=console + +# The resolution used on graphical terminal. +# Note that you can use only modes which your graphic card supports via VBE. +# You can see them in real GRUB with the command `vbeinfo'. +#GRUB_GFXMODE=640x480 +GRUB_GFXMODE=800x600 + +# Path to theme spec txt file. +# The starfield is by default provided with use truetype. +# NOTE: when enabling custom theme, ensure you have required font/etc. +#GRUB_THEME="/boot/grub/themes/starfield/theme.txt" + +# Background image used on graphical terminal. +# Can be in various bitmap formats. +#GRUB_BACKGROUND="/boot/grub/mybackground.png" + +# Uncomment if you don't want GRUB to pass "root=UUID=xxx" parameter to kernel +GRUB_DISABLE_LINUX_UUID=true + +# Uncomment to disable generation of recovery mode menu entries +#GRUB_DISABLE_RECOVERY=true diff --git a/config-archive/etc/default/grub.dist b/config-archive/etc/default/grub.dist index 35ab767b..593b019d 100644 --- a/config-archive/etc/default/grub.dist +++ b/config-archive/etc/default/grub.dist @@ -1,6 +1,5 @@ # Copyright 1999-2015 Gentoo Foundation # Distributed under the terms of the GNU General Public License v2 -# $Id$ # # To populate all changes in this file you need to regenerate your # grub configuration file afterwards: diff --git a/config-archive/etc/logrotate.conf b/config-archive/etc/logrotate.conf index b6b141a4..dae12730 100644 --- a/config-archive/etc/logrotate.conf +++ b/config-archive/etc/logrotate.conf @@ -1,10 +1,9 @@ -# $Header: /var/cvsroot/gentoo-x86/app-admin/logrotate/files/logrotate.conf,v 1.5 2013/05/18 09:41:04 nimiux Exp $ +# $Id$ # -# Logrotate default configuration file for Gentoo Linux -# -# See "man logrotate" for details +# Default logrotate(8) configuration file for Gentoo Linux. +# See "man logrotate" for details. -# rotate log files weekly +# rotate log files weekly. weekly #daily @@ -12,12 +11,12 @@ weekly rotate 10 maxage 2y -# create new (empty) log files after rotating old ones +# create new (empty) log files after rotating old ones. create tabooprefix \. -# use date as a suffix of the rotated file +# use date as a suffix of the rotated file. dateext # do not rotate, if the file is empty @@ -32,17 +31,16 @@ missingok #nomail noolddir -# packages can drop log rotation information into this directory +# packages can drop log rotation information into this directory. include /etc/logrotate.d -# no packages own wtmp and btmp -- we'll rotate them here +# no packages own wtmp and btmp -- we'll rotate them here. /var/log/wtmp { monthly create 0664 root utmp rotate 12 size=4096K } - /var/log/btmp { missingok monthly diff --git a/config-archive/etc/logrotate.conf.1 b/config-archive/etc/logrotate.conf.1 index b6162de9..b6b141a4 100644 --- a/config-archive/etc/logrotate.conf.1 +++ b/config-archive/etc/logrotate.conf.1 @@ -1,4 +1,4 @@ -# $Header: /var/cvsroot/gentoo-x86/app-admin/logrotate/files/logrotate.conf,v 1.3 2008/12/24 20:49:10 dang Exp $ +# $Header: /var/cvsroot/gentoo-x86/app-admin/logrotate/files/logrotate.conf,v 1.5 2013/05/18 09:41:04 nimiux Exp $ # # Logrotate default configuration file for Gentoo Linux # @@ -35,7 +35,7 @@ noolddir # packages can drop log rotation information into this directory include /etc/logrotate.d -# no packages own lastlog or wtmp -- we'll rotate them here +# no packages own wtmp and btmp -- we'll rotate them here /var/log/wtmp { monthly create 0664 root utmp diff --git a/config-archive/etc/logrotate.conf.2 b/config-archive/etc/logrotate.conf.2 new file mode 100644 index 00000000..b6162de9 --- /dev/null +++ b/config-archive/etc/logrotate.conf.2 @@ -0,0 +1,53 @@ +# $Header: /var/cvsroot/gentoo-x86/app-admin/logrotate/files/logrotate.conf,v 1.3 2008/12/24 20:49:10 dang Exp $ +# +# Logrotate default configuration file for Gentoo Linux +# +# See "man logrotate" for details + +# rotate log files weekly +weekly +#daily + +# keep 4 weeks worth of backlogs +rotate 10 +maxage 2y + +# create new (empty) log files after rotating old ones +create + +tabooprefix \. + +# use date as a suffix of the rotated file +dateext + +# do not rotate, if the file is empty +notifempty + +# uncomment this if you want your log files compressed +compress + +# is it okay, if a logfile doesn't exists ? +missingok + +#nomail +noolddir + +# packages can drop log rotation information into this directory +include /etc/logrotate.d + +# no packages own lastlog or wtmp -- we'll rotate them here +/var/log/wtmp { + monthly + create 0664 root utmp + rotate 12 + size=4096K +} + +/var/log/btmp { + missingok + monthly + create 0600 root utmp + rotate 1 +} + +# system-specific logs may be also be configured here. diff --git a/config-archive/etc/logrotate.conf.dist b/config-archive/etc/logrotate.conf.dist index b6292ec1..ff3319fd 100644 --- a/config-archive/etc/logrotate.conf.dist +++ b/config-archive/etc/logrotate.conf.dist @@ -1,4 +1,3 @@ -# $Id$ # # Default logrotate(8) configuration file for Gentoo Linux. # See "man logrotate" for details. diff --git a/config-archive/etc/postfix/main.cf b/config-archive/etc/postfix/main.cf index 54ce017a..dc930f8c 100644 --- a/config-archive/etc/postfix/main.cf +++ b/config-archive/etc/postfix/main.cf @@ -664,7 +664,7 @@ setgid_group = postdrop # html_directory: The location of the Postfix HTML documentation. # -html_directory = /usr/share/doc/postfix-3.1.2-r1/html +html_directory = /usr/share/doc/postfix-3.1.2-r2/html # manpage_directory: The location of the Postfix on-line manual pages. # @@ -677,7 +677,7 @@ sample_directory = /etc/postfix # readme_directory: The location of the Postfix README files. # -readme_directory = /usr/share/doc/postfix-3.1.2-r1/readme +readme_directory = /usr/share/doc/postfix-3.1.2-r2/readme # inet_protocols = ipv4 meta_directory = /etc/postfix shlib_directory = /usr/lib64/postfix/${mail_version} diff --git a/config-archive/etc/postfix/main.cf.1 b/config-archive/etc/postfix/main.cf.1 index 1cc3c1a5..54ce017a 100644 --- a/config-archive/etc/postfix/main.cf.1 +++ b/config-archive/etc/postfix/main.cf.1 @@ -664,7 +664,7 @@ setgid_group = postdrop # html_directory: The location of the Postfix HTML documentation. # -html_directory = /usr/share/doc/postfix-3.1.0-r1/html +html_directory = /usr/share/doc/postfix-3.1.2-r1/html # manpage_directory: The location of the Postfix on-line manual pages. # @@ -677,7 +677,7 @@ sample_directory = /etc/postfix # readme_directory: The location of the Postfix README files. # -readme_directory = /usr/share/doc/postfix-3.1.0-r1/readme +readme_directory = /usr/share/doc/postfix-3.1.2-r1/readme # inet_protocols = ipv4 meta_directory = /etc/postfix shlib_directory = /usr/lib64/postfix/${mail_version} diff --git a/config-archive/etc/postfix/main.cf.2 b/config-archive/etc/postfix/main.cf.2 index 7329883d..1cc3c1a5 100644 --- a/config-archive/etc/postfix/main.cf.2 +++ b/config-archive/etc/postfix/main.cf.2 @@ -664,7 +664,7 @@ setgid_group = postdrop # html_directory: The location of the Postfix HTML documentation. # -html_directory = /usr/share/doc/postfix-3.1.0/html +html_directory = /usr/share/doc/postfix-3.1.0-r1/html # manpage_directory: The location of the Postfix on-line manual pages. # @@ -677,7 +677,7 @@ sample_directory = /etc/postfix # readme_directory: The location of the Postfix README files. # -readme_directory = /usr/share/doc/postfix-3.1.0/readme +readme_directory = /usr/share/doc/postfix-3.1.0-r1/readme # inet_protocols = ipv4 meta_directory = /etc/postfix shlib_directory = /usr/lib64/postfix/${mail_version} diff --git a/config-archive/etc/postfix/main.cf.3 b/config-archive/etc/postfix/main.cf.3 index 2b6cf73c..7329883d 100644 --- a/config-archive/etc/postfix/main.cf.3 +++ b/config-archive/etc/postfix/main.cf.3 @@ -157,8 +157,8 @@ inet_interfaces = 10.12.11.2, localhost # compatible delivery agent that lookups all recipients in /etc/passwd # and /etc/aliases or their equivalent. # -# The default is $myhostname + localhost.$mydomain. On a mail domain -# gateway, you should also include $mydomain. +# The default is $myhostname + localhost.$mydomain + localhost. On +# a mail domain gateway, you should also include $mydomain. # # Do not specify the names of virtual domains - those domains are # specified elsewhere (see VIRTUAL_README). @@ -664,7 +664,7 @@ setgid_group = postdrop # html_directory: The location of the Postfix HTML documentation. # -html_directory = /usr/share/doc/postfix-3.0.3-r1/html +html_directory = /usr/share/doc/postfix-3.1.0/html # manpage_directory: The location of the Postfix on-line manual pages. # @@ -677,8 +677,7 @@ sample_directory = /etc/postfix # readme_directory: The location of the Postfix README files. # -readme_directory = /usr/share/doc/postfix-3.0.3-r1/readme - +readme_directory = /usr/share/doc/postfix-3.1.0/readme # inet_protocols = ipv4 meta_directory = /etc/postfix shlib_directory = /usr/lib64/postfix/${mail_version} @@ -694,7 +693,7 @@ smtpd_sasl_local_domain = $myhostname smtp_sasl_auth_enable = yes smtp_sasl_password_maps = hash:/etc/postfix/smtp_auth smtp_sasl_security_options = noanonymous -relayhost = [mail.brehm-online.com] +relayhost = [mail.uhu-banane.net]:submission #relayhost = [helga-six.brehm-online.com] smtpd_use_tls = yes diff --git a/config-archive/etc/postfix/main.cf.4 b/config-archive/etc/postfix/main.cf.4 index 6b000688..2b6cf73c 100644 --- a/config-archive/etc/postfix/main.cf.4 +++ b/config-archive/etc/postfix/main.cf.4 @@ -664,7 +664,7 @@ setgid_group = postdrop # html_directory: The location of the Postfix HTML documentation. # -html_directory = /usr/share/doc/postfix-3.0.2/html +html_directory = /usr/share/doc/postfix-3.0.3-r1/html # manpage_directory: The location of the Postfix on-line manual pages. # @@ -677,7 +677,8 @@ sample_directory = /etc/postfix # readme_directory: The location of the Postfix README files. # -readme_directory = /usr/share/doc/postfix-3.0.2/readme +readme_directory = /usr/share/doc/postfix-3.0.3-r1/readme + # inet_protocols = ipv4 meta_directory = /etc/postfix shlib_directory = /usr/lib64/postfix/${mail_version} diff --git a/config-archive/etc/postfix/main.cf.5 b/config-archive/etc/postfix/main.cf.5 index 38714de1..6b000688 100644 --- a/config-archive/etc/postfix/main.cf.5 +++ b/config-archive/etc/postfix/main.cf.5 @@ -664,7 +664,7 @@ setgid_group = postdrop # html_directory: The location of the Postfix HTML documentation. # -html_directory = /usr/share/doc/postfix-3.0.1-r1/html +html_directory = /usr/share/doc/postfix-3.0.2/html # manpage_directory: The location of the Postfix on-line manual pages. # @@ -677,7 +677,7 @@ sample_directory = /etc/postfix # readme_directory: The location of the Postfix README files. # -readme_directory = /usr/share/doc/postfix-3.0.1-r1/readme +readme_directory = /usr/share/doc/postfix-3.0.2/readme # inet_protocols = ipv4 meta_directory = /etc/postfix shlib_directory = /usr/lib64/postfix/${mail_version} diff --git a/config-archive/etc/postfix/main.cf.6 b/config-archive/etc/postfix/main.cf.6 index 2da72a08..38714de1 100644 --- a/config-archive/etc/postfix/main.cf.6 +++ b/config-archive/etc/postfix/main.cf.6 @@ -664,7 +664,7 @@ setgid_group = postdrop # html_directory: The location of the Postfix HTML documentation. # -html_directory = /usr/share/doc/postfix-3.0.0/html +html_directory = /usr/share/doc/postfix-3.0.1-r1/html # manpage_directory: The location of the Postfix on-line manual pages. # @@ -677,7 +677,8 @@ sample_directory = /etc/postfix # readme_directory: The location of the Postfix README files. # -readme_directory = /usr/share/doc/postfix-3.0.0/readme +readme_directory = /usr/share/doc/postfix-3.0.1-r1/readme +# inet_protocols = ipv4 meta_directory = /etc/postfix shlib_directory = /usr/lib64/postfix/${mail_version} home_mailbox = .maildir/ diff --git a/config-archive/etc/postfix/main.cf.7 b/config-archive/etc/postfix/main.cf.7 index 6ffa90b0..2da72a08 100644 --- a/config-archive/etc/postfix/main.cf.7 +++ b/config-archive/etc/postfix/main.cf.7 @@ -10,6 +10,25 @@ # For best results, change no more than 2-3 parameters at a time, # and test if Postfix still works after every change. +# COMPATIBILITY +# +# The compatibility_level determines what default settings Postfix +# will use for main.cf and master.cf settings. These defaults will +# change over time. +# +# To avoid breaking things, Postfix will use backwards-compatible +# default settings and log where it uses those old backwards-compatible +# default settings, until the system administrator has determined +# if any backwards-compatible default settings need to be made +# permanent in main.cf or master.cf. +# +# When this review is complete, update the compatibility_level setting +# below as recommended in the RELEASE_NOTES file. +# +# The level below is what should be used with new (not upgrade) installs. +# +#compatibility_level = 2 + # SOFT BOUNCE # # The soft_bounce parameter provides a limited safety net for @@ -645,7 +664,7 @@ setgid_group = postdrop # html_directory: The location of the Postfix HTML documentation. # -html_directory = /usr/share/doc/postfix-2.11.3/html +html_directory = /usr/share/doc/postfix-3.0.0/html # manpage_directory: The location of the Postfix on-line manual pages. # @@ -658,7 +677,9 @@ sample_directory = /etc/postfix # readme_directory: The location of the Postfix README files. # -readme_directory = /usr/share/doc/postfix-2.11.3/readme +readme_directory = /usr/share/doc/postfix-3.0.0/readme +meta_directory = /etc/postfix +shlib_directory = /usr/lib64/postfix/${mail_version} home_mailbox = .maildir/ smtpd_sasl_auth_enable = yes diff --git a/config-archive/etc/postfix/main.cf.8 b/config-archive/etc/postfix/main.cf.8 index 5e3d60fd..6ffa90b0 100644 --- a/config-archive/etc/postfix/main.cf.8 +++ b/config-archive/etc/postfix/main.cf.8 @@ -5,7 +5,7 @@ # For common configuration examples, see BASIC_CONFIGURATION_README # and STANDARD_CONFIGURATION_README. To find these documents, use # the command "postconf html_directory readme_directory", or go to -# http://www.postfix.org/. +# http://www.postfix.org/BASIC_CONFIGURATION_README.html etc. # # For best results, change no more than 2-3 parameters at a time, # and test if Postfix still works after every change. @@ -645,7 +645,7 @@ setgid_group = postdrop # html_directory: The location of the Postfix HTML documentation. # -html_directory = /usr/share/doc/postfix-2.10.3/html +html_directory = /usr/share/doc/postfix-2.11.3/html # manpage_directory: The location of the Postfix on-line manual pages. # @@ -658,7 +658,7 @@ sample_directory = /etc/postfix # readme_directory: The location of the Postfix README files. # -readme_directory = /usr/share/doc/postfix-2.10.3/readme +readme_directory = /usr/share/doc/postfix-2.11.3/readme home_mailbox = .maildir/ smtpd_sasl_auth_enable = yes diff --git a/config-archive/etc/postfix/main.cf.9 b/config-archive/etc/postfix/main.cf.9 index 0436c1c4..5e3d60fd 100644 --- a/config-archive/etc/postfix/main.cf.9 +++ b/config-archive/etc/postfix/main.cf.9 @@ -645,7 +645,7 @@ setgid_group = postdrop # html_directory: The location of the Postfix HTML documentation. # -html_directory = /usr/share/doc/postfix-2.10.2/html +html_directory = /usr/share/doc/postfix-2.10.3/html # manpage_directory: The location of the Postfix on-line manual pages. # @@ -658,7 +658,7 @@ sample_directory = /etc/postfix # readme_directory: The location of the Postfix README files. # -readme_directory = /usr/share/doc/postfix-2.10.2/readme +readme_directory = /usr/share/doc/postfix-2.10.3/readme home_mailbox = .maildir/ smtpd_sasl_auth_enable = yes diff --git a/config-archive/etc/postfix/main.cf.dist b/config-archive/etc/postfix/main.cf.dist index fe515de0..f94b4838 100644 --- a/config-archive/etc/postfix/main.cf.dist +++ b/config-archive/etc/postfix/main.cf.dist @@ -659,7 +659,7 @@ setgid_group = postdrop # html_directory: The location of the Postfix HTML documentation. # -html_directory = /usr/share/doc/postfix-3.1.2-r2/html +html_directory = /usr/share/doc/postfix-3.1.6/html # manpage_directory: The location of the Postfix on-line manual pages. # @@ -672,7 +672,7 @@ sample_directory = /etc/postfix # readme_directory: The location of the Postfix README files. # -readme_directory = /usr/share/doc/postfix-3.1.2-r2/readme +readme_directory = /usr/share/doc/postfix-3.1.6/readme inet_protocols = ipv4 meta_directory = /etc/postfix shlib_directory = /usr/lib64/postfix/${mail_version} diff --git a/config-archive/etc/ssh/sshd_config b/config-archive/etc/ssh/sshd_config index bc9f32ba..0dea0929 100644 --- a/config-archive/etc/ssh/sshd_config +++ b/config-archive/etc/ssh/sshd_config @@ -1,4 +1,4 @@ -# $OpenBSD: sshd_config,v 1.98 2016/02/17 05:29:04 djm Exp $ +# $OpenBSD: sshd_config,v 1.99 2016/07/11 03:19:44 tedu Exp $ # This is the sshd server system-wide configuration file. See # sshd_config(5) for more information. @@ -34,7 +34,6 @@ #RekeyLimit default none # Logging -# obsoletes QuietMode and FascistLogging #SyslogFacility AUTH #LogLevel INFO @@ -146,6 +145,20 @@ AcceptEnv LANG LC_* # override default of no subsystems Subsystem sftp /usr/lib64/misc/sftp-server +# the following are HPN related configuration options +# tcp receive buffer polling. disable in non autotuning kernels +#TcpRcvBufPoll yes + +# disable hpn performance boosts +#HPNDisabled no + +# buffer size for hpn to non-hpn connections +#HPNBufferSize 2048 + + +# allow the use of the none cipher +#NoneEnabled no + # Example of overriding settings on a per-user basis #Match User anoncvs # X11Forwarding no diff --git a/config-archive/etc/ssh/sshd_config.1 b/config-archive/etc/ssh/sshd_config.1 index 4db817fc..bc9f32ba 100644 --- a/config-archive/etc/ssh/sshd_config.1 +++ b/config-archive/etc/ssh/sshd_config.1 @@ -1,4 +1,4 @@ -# $OpenBSD: sshd_config,v 1.97 2015/08/06 14:53:21 deraadt Exp $ +# $OpenBSD: sshd_config,v 1.98 2016/02/17 05:29:04 djm Exp $ # This is the sshd server system-wide configuration file. See # sshd_config(5) for more information. @@ -109,7 +109,7 @@ PrintMotd no PrintLastLog no #TCPKeepAlive yes #UseLogin no -UsePrivilegeSeparation sandbox # Default for new installations. +#UsePrivilegeSeparation sandbox #PermitUserEnvironment no #Compression delayed #ClientAliveInterval 0 @@ -146,20 +146,6 @@ AcceptEnv LANG LC_* # override default of no subsystems Subsystem sftp /usr/lib64/misc/sftp-server -# the following are HPN related configuration options -# tcp receive buffer polling. disable in non autotuning kernels -#TcpRcvBufPoll yes - -# disable hpn performance boosts -#HPNDisabled no - -# buffer size for hpn to non-hpn connections -#HPNBufferSize 2048 - - -# allow the use of the none cipher -#NoneEnabled no - # Example of overriding settings on a per-user basis #Match User anoncvs # X11Forwarding no diff --git a/config-archive/etc/ssh/sshd_config.2 b/config-archive/etc/ssh/sshd_config.2 index 9c2183fd..4db817fc 100644 --- a/config-archive/etc/ssh/sshd_config.2 +++ b/config-archive/etc/ssh/sshd_config.2 @@ -1,4 +1,4 @@ -# $OpenBSD: sshd_config,v 1.95 2015/04/27 21:42:48 djm Exp $ +# $OpenBSD: sshd_config,v 1.97 2015/08/06 14:53:21 deraadt Exp $ # This is the sshd server system-wide configuration file. See # sshd_config(5) for more information. @@ -42,6 +42,7 @@ #LoginGraceTime 2m #PermitRootLogin no +#PermitRootLogin prohibit-password PermitRootLogin yes #StrictModes yes #MaxAuthTries 6 diff --git a/config-archive/etc/ssh/sshd_config.3 b/config-archive/etc/ssh/sshd_config.3 index f6717754..9c2183fd 100644 --- a/config-archive/etc/ssh/sshd_config.3 +++ b/config-archive/etc/ssh/sshd_config.3 @@ -1,4 +1,4 @@ -# $OpenBSD: sshd_config,v 1.93 2014/01/10 05:59:19 djm Exp $ +# $OpenBSD: sshd_config,v 1.95 2015/04/27 21:42:48 djm Exp $ # This is the sshd server system-wide configuration file. See # sshd_config(5) for more information. @@ -85,7 +85,6 @@ PasswordAuthentication no # GSSAPI options #GSSAPIAuthentication no #GSSAPICleanupCredentials yes -#GSSAPIStrictAcceptorCheck yes # Set this to 'yes' to enable PAM authentication, account processing, # and session processing. If this is enabled, PAM authentication will @@ -114,8 +113,8 @@ UsePrivilegeSeparation sandbox # Default for new installations. #Compression delayed #ClientAliveInterval 0 #ClientAliveCountMax 3 -#UseDNS yes -#PidFile /var/run/sshd.pid +#UseDNS no +#PidFile /run/sshd.pid #MaxStartups 10:30:100 #PermitTunnel no #ChrootDirectory none diff --git a/config-archive/etc/ssh/sshd_config.4 b/config-archive/etc/ssh/sshd_config.4 index 7bbd37f7..f6717754 100644 --- a/config-archive/etc/ssh/sshd_config.4 +++ b/config-archive/etc/ssh/sshd_config.4 @@ -1,4 +1,4 @@ -# $OpenBSD$ +# $OpenBSD: sshd_config,v 1.93 2014/01/10 05:59:19 djm Exp $ # This is the sshd server system-wide configuration file. See # sshd_config(5) for more information. @@ -26,72 +26,6 @@ #HostKey /etc/ssh/ssh_host_ecdsa_key #HostKey /etc/ssh/ssh_host_ed25519_key -# "key type names" for X.509 certificates with RSA key -# Note first defined is used in signature operations! -#X509KeyAlgorithm x509v3-sign-rsa,rsa-sha1 -#X509KeyAlgorithm x509v3-sign-rsa,rsa-md5 - -# "key type names" for X.509 certificates with DSA key -# Note first defined is used in signature operations! -#X509KeyAlgorithm x509v3-sign-dss,dss-asn1 -#X509KeyAlgorithm x509v3-sign-dss,dss-raw - -# The intended use for the X509 client certificate. Without this option -# no chain verification will be done. Currently accepted uses are case -# insensitive: -# - "sslclient", "SSL client", "SSL_client" or "client" -# - "any", "Any Purpose", "Any_Purpose" or "AnyPurpose" -# - "skip" or ""(empty): don`t check purpose. -#AllowedCertPurpose sslclient - -# Specifies whether self-issued(self-signed) X.509 certificate can be -# allowed only by entry in AutorizedKeysFile that contain matching -# public key or certificate blob. -#KeyAllowSelfIssued no - -# Specifies whether CRL must present in store for all certificates in -# certificate chain with atribute "cRLDistributionPoints" -#MandatoryCRL no - -# A file with multiple certificates of certificate signers -# in PEM format concatenated together. -#CACertificateFile /etc/ssh/ca/ca-bundle.crt - -# A directory with certificates of certificate signers. -# The certificates should have name of the form: [HASH].[NUMBER] -# or have symbolic links to them of this form. -#CACertificatePath /etc/ssh/ca/crt - -# A file with multiple CRL of certificate signers -# in PEM format concatenated together. -#CARevocationFile /etc/ssh/ca/ca-bundle.crl - -# A directory with CRL of certificate signers. -# The CRL should have name of the form: [HASH].r[NUMBER] -# or have symbolic links to them of this form. -#CARevocationPath /etc/ssh/ca/crl - -# LDAP protocol version. -# Example: -# CAldapVersion 2 - -# Note because of OpenSSH options parser limitation -# use %3D instead of = ! -# LDAP initialization may require URL to be escaped, i.e. -# use %2C instead of ,(comma). Escaped URL don't depend from -# LDAP initialization method. -# Example: -# CAldapURL ldap://localhost:389/dc%3Dexample%2Cdc%3Dcom - -# SSH can use "Online Certificate Status Protocol"(OCSP) -# to validate certificate. Set VAType to -# - none : do not use OCSP to validate certificates; -# - ocspcert: validate only certificates that specify `OCSP -# Service Locator' URL; -# - ocspspec: use specified in the configuration 'OCSP Responder' -# to validate all certificates. -#VAType none - # Lifetime and size of ephemeral version 1 server key #KeyRegenerationInterval 1h #ServerKeyBits 1024 @@ -137,7 +71,6 @@ PermitRootLogin yes # To disable tunneled clear text passwords, change to no here! PasswordAuthentication no -#PasswordAuthentication yes #PermitEmptyPasswords no # Change to no to disable s/key passwords @@ -194,13 +127,29 @@ UsePrivilegeSeparation sandbox # Default for new installations. # Allow client to pass locale environment variables AcceptEnv LANG LC_* +# here are the new patched ldap related tokens +# entries in your LDAP must have posixAccount & ldapPublicKey objectclass +#UseLPK yes +#LpkLdapConf /etc/ldap.conf +#LpkServers ldap://10.1.7.1/ ldap://10.1.7.2/ +#LpkUserDN ou=users,dc=phear,dc=org +#LpkGroupDN ou=groups,dc=phear,dc=org +#LpkBindDN cn=Manager,dc=phear,dc=org +#LpkBindPw secret +#LpkServerGroup mail +#LpkFilter (hostAccess=master.phear.org) +#LpkForceTLS no +#LpkSearchTimelimit 3 +#LpkBindTimelimit 3 +#LpkPubKeyAttr sshPublicKey + # override default of no subsystems Subsystem sftp /usr/lib64/misc/sftp-server # the following are HPN related configuration options # tcp receive buffer polling. disable in non autotuning kernels #TcpRcvBufPoll yes - + # disable hpn performance boosts #HPNDisabled no diff --git a/config-archive/etc/ssh/sshd_config.5 b/config-archive/etc/ssh/sshd_config.5 index 75517570..7bbd37f7 100644 --- a/config-archive/etc/ssh/sshd_config.5 +++ b/config-archive/etc/ssh/sshd_config.5 @@ -24,6 +24,7 @@ #HostKey /etc/ssh/ssh_host_rsa_key #HostKey /etc/ssh/ssh_host_dsa_key #HostKey /etc/ssh/ssh_host_ecdsa_key +#HostKey /etc/ssh/ssh_host_ed25519_key # "key type names" for X.509 certificates with RSA key # Note first defined is used in signature operations! @@ -153,8 +154,8 @@ PasswordAuthentication no #GSSAPICleanupCredentials yes #GSSAPIStrictAcceptorCheck yes -# Set this to 'yes' to enable PAM authentication, account processing, -# and session processing. If this is enabled, PAM authentication will +# Set this to 'yes' to enable PAM authentication, account processing, +# and session processing. If this is enabled, PAM authentication will # be allowed through the ChallengeResponseAuthentication and # PasswordAuthentication. Depending on your PAM configuration, # PAM authentication via ChallengeResponseAuthentication may bypass @@ -170,6 +171,7 @@ UsePAM yes X11Forwarding yes #X11DisplayOffset 10 #X11UseLocalhost yes +#PermitTTY yes PrintMotd no PrintLastLog no #TCPKeepAlive yes @@ -213,6 +215,7 @@ Subsystem sftp /usr/lib64/misc/sftp-server #Match User anoncvs # X11Forwarding no # AllowTcpForwarding no +# PermitTTY no # ForceCommand cvs server # Allow client to pass locale environment variables #367017 diff --git a/config-archive/etc/ssh/sshd_config.6 b/config-archive/etc/ssh/sshd_config.6 index fac258de..75517570 100644 --- a/config-archive/etc/ssh/sshd_config.6 +++ b/config-archive/etc/ssh/sshd_config.6 @@ -27,8 +27,8 @@ # "key type names" for X.509 certificates with RSA key # Note first defined is used in signature operations! -#X509KeyAlgorithm x509v3-sign-rsa,rsa-md5 #X509KeyAlgorithm x509v3-sign-rsa,rsa-sha1 +#X509KeyAlgorithm x509v3-sign-rsa,rsa-md5 # "key type names" for X.509 certificates with DSA key # Note first defined is used in signature operations! @@ -95,6 +95,9 @@ #KeyRegenerationInterval 1h #ServerKeyBits 1024 +# Ciphers and keying +#RekeyLimit default none + # Logging # obsoletes QuietMode and FascistLogging #SyslogFacility AUTH @@ -116,6 +119,11 @@ PermitRootLogin yes # but this is overridden so installations will only check .ssh/authorized_keys #AuthorizedKeysFile .ssh/authorized_keys +#AuthorizedPrincipalsFile none + +#AuthorizedKeysCommand none +#AuthorizedKeysCommandUser nobody + # For this to work you will also need host keys in /etc/ssh/ssh_known_hosts #RhostsRSAAuthentication no # similar for protocol version 2 @@ -166,16 +174,17 @@ PrintMotd no PrintLastLog no #TCPKeepAlive yes #UseLogin no -#UsePrivilegeSeparation yes +UsePrivilegeSeparation sandbox # Default for new installations. #PermitUserEnvironment no #Compression delayed #ClientAliveInterval 0 #ClientAliveCountMax 3 #UseDNS yes #PidFile /var/run/sshd.pid -#MaxStartups 10 +#MaxStartups 10:30:100 #PermitTunnel no #ChrootDirectory none +#VersionAddendum none # no default banner path #Banner none @@ -190,18 +199,21 @@ Subsystem sftp /usr/lib64/misc/sftp-server # tcp receive buffer polling. disable in non autotuning kernels #TcpRcvBufPoll yes -# allow the use of the none cipher -#NoneEnabled no - -# disable hpn performance boosts. +# disable hpn performance boosts #HPNDisabled no # buffer size for hpn to non-hpn connections #HPNBufferSize 2048 +# allow the use of the none cipher +#NoneEnabled no + # Example of overriding settings on a per-user basis #Match User anoncvs # X11Forwarding no # AllowTcpForwarding no # ForceCommand cvs server + +# Allow client to pass locale environment variables #367017 +AcceptEnv LANG LC_* diff --git a/config-archive/etc/ssh/sshd_config.7 b/config-archive/etc/ssh/sshd_config.7 index 176bf48d..fac258de 100644 --- a/config-archive/etc/ssh/sshd_config.7 +++ b/config-archive/etc/ssh/sshd_config.7 @@ -7,7 +7,7 @@ # The strategy used for options in the default sshd_config shipped with # OpenSSH is to specify options with their default value where -# possible, but leave them commented. Uncommented options change a +# possible, but leave them commented. Uncommented options override the # default value. #Port 22 @@ -103,13 +103,17 @@ # Authentication: #LoginGraceTime 2m -PermitRootLogin no +#PermitRootLogin no +PermitRootLogin yes #StrictModes yes #MaxAuthTries 6 #MaxSessions 10 #RSAAuthentication yes #PubkeyAuthentication yes + +# The default is to check both .ssh/authorized_keys and .ssh/authorized_keys2 +# but this is overridden so installations will only check .ssh/authorized_keys #AuthorizedKeysFile .ssh/authorized_keys # For this to work you will also need host keys in /etc/ssh/ssh_known_hosts @@ -139,6 +143,7 @@ PasswordAuthentication no # GSSAPI options #GSSAPIAuthentication no #GSSAPICleanupCredentials yes +#GSSAPIStrictAcceptorCheck yes # Set this to 'yes' to enable PAM authentication, account processing, # and session processing. If this is enabled, PAM authentication will @@ -175,6 +180,9 @@ PrintLastLog no # no default banner path #Banner none +# Allow client to pass locale environment variables +AcceptEnv LANG LC_* + # override default of no subsystems Subsystem sftp /usr/lib64/misc/sftp-server diff --git a/config-archive/etc/ssh/sshd_config.8 b/config-archive/etc/ssh/sshd_config.8 index 9f5583ea..176bf48d 100644 --- a/config-archive/etc/ssh/sshd_config.8 +++ b/config-archive/etc/ssh/sshd_config.8 @@ -1,4 +1,4 @@ -# $OpenBSD: sshd_config,v 1.82 2010/09/06 17:10:19 naddy Exp $ +# $OpenBSD$ # This is the sshd server system-wide configuration file. See # sshd_config(5) for more information. @@ -175,22 +175,6 @@ PrintLastLog no # no default banner path #Banner none -# here are the new patched ldap related tokens -# entries in your LDAP must have posixAccount & ldapPublicKey objectclass -#UseLPK yes -#LpkLdapConf /etc/ldap.conf -#LpkServers ldap://10.1.7.1/ ldap://10.1.7.2/ -#LpkUserDN ou=users,dc=phear,dc=org -#LpkGroupDN ou=groups,dc=phear,dc=org -#LpkBindDN cn=Manager,dc=phear,dc=org -#LpkBindPw secret -#LpkServerGroup mail -#LpkFilter (hostAccess=master.phear.org) -#LpkForceTLS no -#LpkSearchTimelimit 3 -#LpkBindTimelimit 3 -#LpkPubKeyAttr sshPublicKey - # override default of no subsystems Subsystem sftp /usr/lib64/misc/sftp-server diff --git a/config-archive/etc/ssh/sshd_config.9 b/config-archive/etc/ssh/sshd_config.9 index f3c6c252..9f5583ea 100644 --- a/config-archive/etc/ssh/sshd_config.9 +++ b/config-archive/etc/ssh/sshd_config.9 @@ -1,4 +1,4 @@ -# $OpenBSD$ +# $OpenBSD: sshd_config,v 1.82 2010/09/06 17:10:19 naddy Exp $ # This is the sshd server system-wide configuration file. See # sshd_config(5) for more information. @@ -175,8 +175,24 @@ PrintLastLog no # no default banner path #Banner none +# here are the new patched ldap related tokens +# entries in your LDAP must have posixAccount & ldapPublicKey objectclass +#UseLPK yes +#LpkLdapConf /etc/ldap.conf +#LpkServers ldap://10.1.7.1/ ldap://10.1.7.2/ +#LpkUserDN ou=users,dc=phear,dc=org +#LpkGroupDN ou=groups,dc=phear,dc=org +#LpkBindDN cn=Manager,dc=phear,dc=org +#LpkBindPw secret +#LpkServerGroup mail +#LpkFilter (hostAccess=master.phear.org) +#LpkForceTLS no +#LpkSearchTimelimit 3 +#LpkBindTimelimit 3 +#LpkPubKeyAttr sshPublicKey + # override default of no subsystems -Subsystem sftp /usr/lib/misc/sftp-server +Subsystem sftp /usr/lib64/misc/sftp-server # the following are HPN related configuration options # tcp receive buffer polling. disable in non autotuning kernels diff --git a/config-archive/etc/ssh/sshd_config.dist b/config-archive/etc/ssh/sshd_config.dist index 4251be27..cb5ecada 100644 --- a/config-archive/etc/ssh/sshd_config.dist +++ b/config-archive/etc/ssh/sshd_config.dist @@ -1,4 +1,4 @@ -# $OpenBSD: sshd_config,v 1.99 2016/07/11 03:19:44 tedu Exp $ +# $OpenBSD: sshd_config,v 1.101 2017/03/14 07:19:07 djm Exp $ # This is the sshd server system-wide configuration file. See # sshd_config(5) for more information. @@ -15,21 +15,11 @@ #ListenAddress 0.0.0.0 #ListenAddress :: -# The default requires explicit activation of protocol 1 -#Protocol 2 - -# HostKey for protocol version 1 -#HostKey /etc/ssh/ssh_host_key -# HostKeys for protocol version 2 #HostKey /etc/ssh/ssh_host_rsa_key #HostKey /etc/ssh/ssh_host_dsa_key #HostKey /etc/ssh/ssh_host_ecdsa_key #HostKey /etc/ssh/ssh_host_ed25519_key -# Lifetime and size of ephemeral version 1 server key -#KeyRegenerationInterval 1h -#ServerKeyBits 1024 - # Ciphers and keying #RekeyLimit default none @@ -45,7 +35,6 @@ #MaxAuthTries 6 #MaxSessions 10 -#RSAAuthentication yes #PubkeyAuthentication yes # The default is to check both .ssh/authorized_keys and .ssh/authorized_keys2 @@ -58,11 +47,9 @@ #AuthorizedKeysCommandUser nobody # For this to work you will also need host keys in /etc/ssh/ssh_known_hosts -#RhostsRSAAuthentication no -# similar for protocol version 2 #HostbasedAuthentication no # Change to yes if you don't trust ~/.ssh/known_hosts for -# RhostsRSAAuthentication and HostbasedAuthentication +# HostbasedAuthentication #IgnoreUserKnownHosts no # Don't read the user's ~/.rhosts and ~/.shosts files #IgnoreRhosts yes @@ -106,7 +93,6 @@ PrintMotd no PrintLastLog no #TCPKeepAlive yes #UseLogin no -#UsePrivilegeSeparation sandbox #PermitUserEnvironment no #Compression delayed #ClientAliveInterval 0 @@ -150,7 +136,6 @@ Subsystem sftp /usr/lib64/misc/sftp-server # buffer size for hpn to non-hpn connections #HPNBufferSize 2048 - # allow the use of the none cipher #NoneEnabled no diff --git a/default/grub b/default/grub index c3872038..b3121b10 100644 --- a/default/grub +++ b/default/grub @@ -1,6 +1,5 @@ # Copyright 1999-2015 Gentoo Foundation # Distributed under the terms of the GNU General Public License v2 -# $Id$ # # To populate all changes in this file you need to regenerate your # grub configuration file afterwards: diff --git a/logrotate.conf b/logrotate.conf index dae12730..7f3de59e 100644 --- a/logrotate.conf +++ b/logrotate.conf @@ -1,4 +1,3 @@ -# $Id$ # # Default logrotate(8) configuration file for Gentoo Linux. # See "man logrotate" for details. diff --git a/portage/package.use b/portage/package.use index 1afeff4a..90744f24 100644 --- a/portage/package.use +++ b/portage/package.use @@ -115,6 +115,7 @@ dev-perl/Sysadm-Install hammer dev-perl/Task-Moose cli async declare instancetype logging other strict traits types utilroles utils dev-perl/Template-Toolkit latex +dev-python/backports-functools-lru-cache -doc dev-python/cffi -doc dev-python/ipython -doc gnuplot smp wxwidgets dev-python/jinja -doc i18n diff --git a/postfix/main.cf b/postfix/main.cf index dc930f8c..7293b3bb 100644 --- a/postfix/main.cf +++ b/postfix/main.cf @@ -664,7 +664,7 @@ setgid_group = postdrop # html_directory: The location of the Postfix HTML documentation. # -html_directory = /usr/share/doc/postfix-3.1.2-r2/html +html_directory = /usr/share/doc/postfix-3.1.6/html # manpage_directory: The location of the Postfix on-line manual pages. # @@ -677,8 +677,8 @@ sample_directory = /etc/postfix # readme_directory: The location of the Postfix README files. # -readme_directory = /usr/share/doc/postfix-3.1.2-r2/readme # inet_protocols = ipv4 +readme_directory = /usr/share/doc/postfix-3.1.6/readme meta_directory = /etc/postfix shlib_directory = /usr/lib64/postfix/${mail_version} home_mailbox = .maildir/ diff --git a/ssh/sshd_config b/ssh/sshd_config index 0dea0929..bf43fc76 100644 --- a/ssh/sshd_config +++ b/ssh/sshd_config @@ -1,4 +1,4 @@ -# $OpenBSD: sshd_config,v 1.99 2016/07/11 03:19:44 tedu Exp $ +# $OpenBSD: sshd_config,v 1.101 2017/03/14 07:19:07 djm Exp $ # This is the sshd server system-wide configuration file. See # sshd_config(5) for more information. @@ -15,21 +15,11 @@ #ListenAddress 0.0.0.0 #ListenAddress :: -# The default requires explicit activation of protocol 1 -#Protocol 2 - -# HostKey for protocol version 1 -#HostKey /etc/ssh/ssh_host_key -# HostKeys for protocol version 2 #HostKey /etc/ssh/ssh_host_rsa_key #HostKey /etc/ssh/ssh_host_dsa_key #HostKey /etc/ssh/ssh_host_ecdsa_key #HostKey /etc/ssh/ssh_host_ed25519_key -# Lifetime and size of ephemeral version 1 server key -#KeyRegenerationInterval 1h -#ServerKeyBits 1024 - # Ciphers and keying #RekeyLimit default none @@ -47,7 +37,6 @@ PermitRootLogin yes #MaxAuthTries 6 #MaxSessions 10 -#RSAAuthentication yes #PubkeyAuthentication yes # The default is to check both .ssh/authorized_keys and .ssh/authorized_keys2 @@ -60,11 +49,9 @@ PermitRootLogin yes #AuthorizedKeysCommandUser nobody # For this to work you will also need host keys in /etc/ssh/ssh_known_hosts -#RhostsRSAAuthentication no -# similar for protocol version 2 #HostbasedAuthentication no # Change to yes if you don't trust ~/.ssh/known_hosts for -# RhostsRSAAuthentication and HostbasedAuthentication +# HostbasedAuthentication #IgnoreUserKnownHosts no # Don't read the user's ~/.rhosts and ~/.shosts files #IgnoreRhosts yes @@ -108,7 +95,6 @@ PrintMotd no PrintLastLog no #TCPKeepAlive yes #UseLogin no -#UsePrivilegeSeparation sandbox #PermitUserEnvironment no #Compression delayed #ClientAliveInterval 0 @@ -155,7 +141,6 @@ Subsystem sftp /usr/lib64/misc/sftp-server # buffer size for hpn to non-hpn connections #HPNBufferSize 2048 - # allow the use of the none cipher #NoneEnabled no -- 2.39.5