From 75da882f81cab0482eb259677cdc2de232add811 Mon Sep 17 00:00:00 2001 From: Frank Brehm Date: Sat, 8 Jun 2019 21:21:23 +0200 Subject: [PATCH] committing changes in /etc after apt run Package changes: -apt 1.6.10 amd64 +apt 1.6.11 amd64 -apt-utils 1.6.10 amd64 +apt-utils 1.6.11 amd64 -db5.3-util 5.3.28-13.1ubuntu1 amd64 +db5.3-util 5.3.28-13.1ubuntu1.1 amd64 -google-chrome-stable 74.0.3729.169-1 amd64 +google-chrome-stable 75.0.3770.80-1 amd64 -iptables-persistent 1.0.4+nmu2 all +iptables-persistent 1.0.4+nmu2ubuntu1 all -libapt-inst2.0 1.6.10 amd64 +libapt-inst2.0 1.6.11 amd64 -libapt-pkg5.0 1.6.10 amd64 +libapt-pkg5.0 1.6.11 amd64 -libdb5.3 5.3.28-13.1ubuntu1 amd64 +libdb5.3 5.3.28-13.1ubuntu1.1 amd64 -libegl1 1.0.0-2ubuntu2.2 amd64 +libegl1 1.0.0-2ubuntu2.3 amd64 -libgeocode-glib0 3.25.4.1-4 amd64 +libgeocode-glib0 3.25.4.1-4ubuntu0.18.04.1 amd64 -libgl1 1.0.0-2ubuntu2.2 amd64 -libgl1 1.0.0-2ubuntu2.2 i386 +libgl1 1.0.0-2ubuntu2.3 amd64 +libgl1 1.0.0-2ubuntu2.3 i386 -libgles2 1.0.0-2ubuntu2.2 amd64 +libgles2 1.0.0-2ubuntu2.3 amd64 -libglvnd0 1.0.0-2ubuntu2.2 amd64 -libglvnd0 1.0.0-2ubuntu2.2 i386 +libglvnd0 1.0.0-2ubuntu2.3 amd64 +libglvnd0 1.0.0-2ubuntu2.3 i386 -libglx0 1.0.0-2ubuntu2.2 amd64 -libglx0 1.0.0-2ubuntu2.2 i386 +libglx0 1.0.0-2ubuntu2.3 amd64 +libglx0 1.0.0-2ubuntu2.3 i386 -libqt5core5a 5.9.5+dfsg-0ubuntu2 amd64 -libqt5dbus5 5.9.5+dfsg-0ubuntu2 amd64 -libqt5gui5 5.9.5+dfsg-0ubuntu2 amd64 +libqt5core5a 5.9.5+dfsg-0ubuntu2.1 amd64 +libqt5dbus5 5.9.5+dfsg-0ubuntu2.1 amd64 +libqt5gui5 5.9.5+dfsg-0ubuntu2.1 amd64 -libqt5network5 5.9.5+dfsg-0ubuntu2 amd64 -libqt5opengl5 5.9.5+dfsg-0ubuntu2 amd64 +libqt5network5 5.9.5+dfsg-0ubuntu2.1 amd64 +libqt5opengl5 5.9.5+dfsg-0ubuntu2.1 amd64 -libqt5printsupport5 5.9.5+dfsg-0ubuntu2 amd64 +libqt5printsupport5 5.9.5+dfsg-0ubuntu2.1 amd64 -libqt5widgets5 5.9.5+dfsg-0ubuntu2 amd64 +libqt5widgets5 5.9.5+dfsg-0ubuntu2.1 amd64 -libqt5xml5 5.9.5+dfsg-0ubuntu2 amd64 +libqt5xml5 5.9.5+dfsg-0ubuntu2.1 amd64 -libseccomp2 2.3.1-2.1ubuntu4.1 amd64 +libseccomp2 2.4.1-0ubuntu0.18.04.2 amd64 -linux-generic 4.15.0.50.52 amd64 +linux-generic 4.15.0.51.53 amd64 -linux-headers-generic 4.15.0.50.52 amd64 +linux-headers-4.15.0-51 4.15.0-51.55 all +linux-headers-4.15.0-51-generic 4.15.0-51.55 amd64 +linux-headers-generic 4.15.0.51.53 amd64 -linux-image-generic 4.15.0.50.52 amd64 +linux-image-4.15.0-51-generic 4.15.0-51.55 amd64 +linux-image-generic 4.15.0.51.53 amd64 -linux-libc-dev 4.15.0-50.54 amd64 +linux-libc-dev 4.15.0-51.55 amd64 +linux-modules-4.15.0-51-generic 4.15.0-51.55 amd64 +linux-modules-extra-4.15.0-51-generic 4.15.0-51.55 amd64 -mariadb-client-10.1 1:10.1.38-0ubuntu0.18.04.2 amd64 -mariadb-client-core-10.1 1:10.1.38-0ubuntu0.18.04.2 amd64 -mariadb-common 1:10.1.38-0ubuntu0.18.04.2 all -mariadb-server 1:10.1.38-0ubuntu0.18.04.2 all -mariadb-server-10.1 1:10.1.38-0ubuntu0.18.04.2 amd64 -mariadb-server-core-10.1 1:10.1.38-0ubuntu0.18.04.2 amd64 +mariadb-client-10.1 1:10.1.40-0ubuntu0.18.04.1 amd64 +mariadb-client-core-10.1 1:10.1.40-0ubuntu0.18.04.1 amd64 +mariadb-common 1:10.1.40-0ubuntu0.18.04.1 all +mariadb-server 1:10.1.40-0ubuntu0.18.04.1 all +mariadb-server-10.1 1:10.1.40-0ubuntu0.18.04.1 amd64 +mariadb-server-core-10.1 1:10.1.40-0ubuntu0.18.04.1 amd64 -netfilter-persistent 1.0.4+nmu2 all +netfilter-persistent 1.0.4+nmu2ubuntu1 all -openvpn 2.4.4-2ubuntu1.1 amd64 +openvpn 2.4.4-2ubuntu1.2 amd64 -python-jinja2 2.10-1 all +python-jinja2 2.10-1ubuntu0.18.04.1 all -qt5-gtk-platformtheme 5.9.5+dfsg-0ubuntu2 amd64 +qt5-gtk-platformtheme 5.9.5+dfsg-0ubuntu2.1 amd64 -update-notifier-common 3.192.1.5 all +update-notifier-common 3.192.1.7 all --- apt/apt.conf.d/01autoremove | 5 ++ apt/apt.conf.d/01autoremove-kernels | 58 +++++++++++---------- iptables/rules.v4 | 78 ++++++++++++++--------------- iptables/rules.v6 | 24 ++++----- 4 files changed, 88 insertions(+), 77 deletions(-) diff --git a/apt/apt.conf.d/01autoremove b/apt/apt.conf.d/01autoremove index f7775b1..f9d9e85 100644 --- a/apt/apt.conf.d/01autoremove +++ b/apt/apt.conf.d/01autoremove @@ -17,6 +17,7 @@ APT "linux-modules"; "linux-modules-extra"; "linux-signed-image"; + "linux-image-unsigned"; # kfreebsd kernels "kfreebsd-image"; "kfreebsd-headers"; @@ -30,6 +31,10 @@ APT # tools "linux-tools"; "linux-cloud-tools"; + # build info + "linux-buildinfo"; + # source code + "linux-source"; }; Never-MarkAuto-Sections diff --git a/apt/apt.conf.d/01autoremove-kernels b/apt/apt.conf.d/01autoremove-kernels index e907472..42b9ea9 100644 --- a/apt/apt.conf.d/01autoremove-kernels +++ b/apt/apt.conf.d/01autoremove-kernels @@ -1,65 +1,71 @@ // DO NOT EDIT! File autogenerated by /etc/kernel/postinst.d/apt-auto-removal APT::NeverAutoRemove { - "^linux-image-4\.15\.0-48-generic$"; "^linux-image-4\.15\.0-50-generic$"; - "^linux-headers-4\.15\.0-48-generic$"; + "^linux-image-4\.15\.0-51-generic$"; "^linux-headers-4\.15\.0-50-generic$"; - "^linux-image-extra-4\.15\.0-48-generic$"; + "^linux-headers-4\.15\.0-51-generic$"; "^linux-image-extra-4\.15\.0-50-generic$"; - "^linux-modules-4\.15\.0-48-generic$"; + "^linux-image-extra-4\.15\.0-51-generic$"; "^linux-modules-4\.15\.0-50-generic$"; - "^linux-modules-extra-4\.15\.0-48-generic$"; + "^linux-modules-4\.15\.0-51-generic$"; "^linux-modules-extra-4\.15\.0-50-generic$"; - "^linux-signed-image-4\.15\.0-48-generic$"; + "^linux-modules-extra-4\.15\.0-51-generic$"; "^linux-signed-image-4\.15\.0-50-generic$"; - "^kfreebsd-image-4\.15\.0-48-generic$"; + "^linux-signed-image-4\.15\.0-51-generic$"; + "^linux-image-unsigned-4\.15\.0-50-generic$"; + "^linux-image-unsigned-4\.15\.0-51-generic$"; "^kfreebsd-image-4\.15\.0-50-generic$"; - "^kfreebsd-headers-4\.15\.0-48-generic$"; + "^kfreebsd-image-4\.15\.0-51-generic$"; "^kfreebsd-headers-4\.15\.0-50-generic$"; - "^gnumach-image-4\.15\.0-48-generic$"; + "^kfreebsd-headers-4\.15\.0-51-generic$"; "^gnumach-image-4\.15\.0-50-generic$"; - "^.*-modules-4\.15\.0-48-generic$"; + "^gnumach-image-4\.15\.0-51-generic$"; "^.*-modules-4\.15\.0-50-generic$"; - "^.*-kernel-4\.15\.0-48-generic$"; + "^.*-modules-4\.15\.0-51-generic$"; "^.*-kernel-4\.15\.0-50-generic$"; - "^linux-backports-modules-.*-4\.15\.0-48-generic$"; + "^.*-kernel-4\.15\.0-51-generic$"; "^linux-backports-modules-.*-4\.15\.0-50-generic$"; - "^linux-modules-.*-4\.15\.0-48-generic$"; + "^linux-backports-modules-.*-4\.15\.0-51-generic$"; "^linux-modules-.*-4\.15\.0-50-generic$"; - "^linux-tools-4\.15\.0-48-generic$"; + "^linux-modules-.*-4\.15\.0-51-generic$"; "^linux-tools-4\.15\.0-50-generic$"; - "^linux-cloud-tools-4\.15\.0-48-generic$"; + "^linux-tools-4\.15\.0-51-generic$"; "^linux-cloud-tools-4\.15\.0-50-generic$"; + "^linux-cloud-tools-4\.15\.0-51-generic$"; + "^linux-buildinfo-4\.15\.0-50-generic$"; + "^linux-buildinfo-4\.15\.0-51-generic$"; + "^linux-source-4\.15\.0-50-generic$"; + "^linux-source-4\.15\.0-51-generic$"; }; /* Debug information: # dpkg list: ii linux-image-4.15.0-20-generic 4.15.0-20.21 amd64 Signed kernel image generic ii linux-image-4.15.0-24-generic 4.15.0-24.26 amd64 Signed kernel image generic -ii linux-image-4.15.0-47-generic 4.15.0-47.50 amd64 Signed kernel image generic ii linux-image-4.15.0-48-generic 4.15.0-48.51 amd64 Signed kernel image generic -iF linux-image-4.15.0-50-generic 4.15.0-50.54 amd64 Signed kernel image generic -ii linux-image-generic 4.15.0.50.52 amd64 Generic Linux kernel image +ii linux-image-4.15.0-50-generic 4.15.0-50.54 amd64 Signed kernel image generic +iF linux-image-4.15.0-51-generic 4.15.0-51.55 amd64 Signed kernel image generic +ii linux-image-generic 4.15.0.51.53 amd64 Generic Linux kernel image # list of installed kernel packages: 4.15.0-20-generic 4.15.0-20.21 4.15.0-24-generic 4.15.0-24.26 -4.15.0-47-generic 4.15.0-47.50 4.15.0-48-generic 4.15.0-48.51 4.15.0-50-generic 4.15.0-50.54 +4.15.0-51-generic 4.15.0-51.55 # list of different kernel versions: +4.15.0-51.55 4.15.0-50.54 4.15.0-48.51 -4.15.0-47.50 4.15.0-24.26 4.15.0-20.21 -# Installing kernel: 4.15.0-50.54 (4.15.0-50-generic) -# Running kernel: 4.15.0-48.51 (4.15.0-48-generic) -# Last kernel: 4.15.0-50.54 -# Previous kernel: 4.15.0-48.51 +# Installing kernel: 4.15.0-51.55 (4.15.0-51-generic) +# Running kernel: 4.15.0-50.54 (4.15.0-50-generic) +# Last kernel: 4.15.0-51.55 +# Previous kernel: 4.15.0-50.54 # Kernel versions list to keep: -4.15.0-48.51 4.15.0-50.54 +4.15.0-51.55 # Kernel packages (version part) to protect: -4\.15\.0-48-generic 4\.15\.0-50-generic +4\.15\.0-51-generic */ diff --git a/iptables/rules.v4 b/iptables/rules.v4 index 5d06d4a..db5433c 100644 --- a/iptables/rules.v4 +++ b/iptables/rules.v4 @@ -1,8 +1,44 @@ -# Generated by iptables-save v1.6.1 on Tue Oct 16 00:21:02 2018 +# Generated by iptables-save v1.6.1 on Sat Jun 8 21:20:42 2019 +*nat +:PREROUTING ACCEPT [8:3793] +:INPUT ACCEPT [8:3793] +:OUTPUT ACCEPT [5:1368] +:POSTROUTING ACCEPT [5:1368] +-A POSTROUTING -s 192.168.122.0/24 -d 224.0.0.0/24 -j RETURN +-A POSTROUTING -s 192.168.122.0/24 -d 255.255.255.255/32 -j RETURN +-A POSTROUTING -s 192.168.122.0/24 ! -d 192.168.122.0/24 -p tcp -j MASQUERADE --to-ports 1024-65535 +-A POSTROUTING -s 192.168.122.0/24 ! -d 192.168.122.0/24 -p udp -j MASQUERADE --to-ports 1024-65535 +-A POSTROUTING -s 192.168.122.0/24 ! -d 192.168.122.0/24 -j MASQUERADE +-A POSTROUTING -s 192.168.122.0/24 -d 224.0.0.0/24 -j RETURN +-A POSTROUTING -s 192.168.122.0/24 -d 255.255.255.255/32 -j RETURN +-A POSTROUTING -s 192.168.122.0/24 ! -d 192.168.122.0/24 -p tcp -j MASQUERADE --to-ports 1024-65535 +-A POSTROUTING -s 192.168.122.0/24 ! -d 192.168.122.0/24 -p udp -j MASQUERADE --to-ports 1024-65535 +-A POSTROUTING -s 192.168.122.0/24 ! -d 192.168.122.0/24 -j MASQUERADE +-A POSTROUTING -s 192.168.122.0/24 -d 224.0.0.0/24 -j RETURN +-A POSTROUTING -s 192.168.122.0/24 -d 255.255.255.255/32 -j RETURN +-A POSTROUTING -s 192.168.122.0/24 ! -d 192.168.122.0/24 -p tcp -j MASQUERADE --to-ports 1024-65535 +-A POSTROUTING -s 192.168.122.0/24 ! -d 192.168.122.0/24 -p udp -j MASQUERADE --to-ports 1024-65535 +-A POSTROUTING -s 192.168.122.0/24 ! -d 192.168.122.0/24 -j MASQUERADE +-A POSTROUTING -o eth1 -j MASQUERADE +COMMIT +# Completed on Sat Jun 8 21:20:42 2019 +# Generated by iptables-save v1.6.1 on Sat Jun 8 21:20:42 2019 +*mangle +:PREROUTING ACCEPT [145:50193] +:INPUT ACCEPT [145:50193] +:FORWARD ACCEPT [0:0] +:OUTPUT ACCEPT [35:9742] +:POSTROUTING ACCEPT [40:10364] +-A POSTROUTING -o virbr0 -p udp -m udp --dport 68 -j CHECKSUM --checksum-fill +-A POSTROUTING -o virbr0 -p udp -m udp --dport 68 -j CHECKSUM --checksum-fill +-A POSTROUTING -o virbr0 -p udp -m udp --dport 68 -j CHECKSUM --checksum-fill +COMMIT +# Completed on Sat Jun 8 21:20:42 2019 +# Generated by iptables-save v1.6.1 on Sat Jun 8 21:20:42 2019 *filter :INPUT DROP [0:0] :FORWARD DROP [0:0] -:OUTPUT ACCEPT [281:62474] +:OUTPUT ACCEPT [35:9742] :ssh_spam - [0:0] -A INPUT -i virbr0 -p udp -m udp --dport 53 -j ACCEPT -A INPUT -i virbr0 -p tcp -m tcp --dport 53 -j ACCEPT @@ -78,40 +114,4 @@ -A ssh_spam -s 118.120.0.0/14 -m comment --comment CHINANET-SC -j DROP -A ssh_spam -s 122.226.181.160/27 -m comment --comment HANGZHOU-TIANJIAN -j DROP COMMIT -# Completed on Tue Oct 16 00:21:02 2018 -# Generated by iptables-save v1.6.1 on Tue Oct 16 00:21:02 2018 -*mangle -:PREROUTING ACCEPT [2426663:969162713] -:INPUT ACCEPT [2422166:968945708] -:FORWARD ACCEPT [515:38948] -:OUTPUT ACCEPT [1282552:212894303] -:POSTROUTING ACCEPT [1364970:222520227] --A POSTROUTING -o virbr0 -p udp -m udp --dport 68 -j CHECKSUM --checksum-fill --A POSTROUTING -o virbr0 -p udp -m udp --dport 68 -j CHECKSUM --checksum-fill --A POSTROUTING -o virbr0 -p udp -m udp --dport 68 -j CHECKSUM --checksum-fill -COMMIT -# Completed on Tue Oct 16 00:21:02 2018 -# Generated by iptables-save v1.6.1 on Tue Oct 16 00:21:02 2018 -*nat -:PREROUTING ACCEPT [159533:49771092] -:INPUT ACCEPT [154283:49490424] -:OUTPUT ACCEPT [120844:17566238] -:POSTROUTING ACCEPT [119159:17155954] --A POSTROUTING -s 192.168.122.0/24 -d 224.0.0.0/24 -j RETURN --A POSTROUTING -s 192.168.122.0/24 -d 255.255.255.255/32 -j RETURN --A POSTROUTING -s 192.168.122.0/24 ! -d 192.168.122.0/24 -p tcp -j MASQUERADE --to-ports 1024-65535 --A POSTROUTING -s 192.168.122.0/24 ! -d 192.168.122.0/24 -p udp -j MASQUERADE --to-ports 1024-65535 --A POSTROUTING -s 192.168.122.0/24 ! -d 192.168.122.0/24 -j MASQUERADE --A POSTROUTING -s 192.168.122.0/24 -d 224.0.0.0/24 -j RETURN --A POSTROUTING -s 192.168.122.0/24 -d 255.255.255.255/32 -j RETURN --A POSTROUTING -s 192.168.122.0/24 ! -d 192.168.122.0/24 -p tcp -j MASQUERADE --to-ports 1024-65535 --A POSTROUTING -s 192.168.122.0/24 ! -d 192.168.122.0/24 -p udp -j MASQUERADE --to-ports 1024-65535 --A POSTROUTING -s 192.168.122.0/24 ! -d 192.168.122.0/24 -j MASQUERADE --A POSTROUTING -s 192.168.122.0/24 -d 224.0.0.0/24 -j RETURN --A POSTROUTING -s 192.168.122.0/24 -d 255.255.255.255/32 -j RETURN --A POSTROUTING -s 192.168.122.0/24 ! -d 192.168.122.0/24 -p tcp -j MASQUERADE --to-ports 1024-65535 --A POSTROUTING -s 192.168.122.0/24 ! -d 192.168.122.0/24 -p udp -j MASQUERADE --to-ports 1024-65535 --A POSTROUTING -s 192.168.122.0/24 ! -d 192.168.122.0/24 -j MASQUERADE --A POSTROUTING -o eth1 -j MASQUERADE -COMMIT -# Completed on Tue Oct 16 00:21:02 2018 +# Completed on Sat Jun 8 21:20:42 2019 diff --git a/iptables/rules.v6 b/iptables/rules.v6 index 8448f35..a701e34 100644 --- a/iptables/rules.v6 +++ b/iptables/rules.v6 @@ -1,8 +1,17 @@ -# Generated by ip6tables-save v1.6.1 on Tue Oct 16 00:21:02 2018 +# Generated by ip6tables-save v1.6.1 on Sat Jun 8 21:20:42 2019 +*mangle +:PREROUTING ACCEPT [0:0] +:INPUT ACCEPT [0:0] +:FORWARD ACCEPT [0:0] +:OUTPUT ACCEPT [0:0] +:POSTROUTING ACCEPT [0:0] +COMMIT +# Completed on Sat Jun 8 21:20:42 2019 +# Generated by ip6tables-save v1.6.1 on Sat Jun 8 21:20:42 2019 *filter :INPUT DROP [0:0] :FORWARD DROP [0:0] -:OUTPUT ACCEPT [695:85927] +:OUTPUT ACCEPT [0:0] :f_mail - [0:0] -A INPUT -m conntrack --ctstate ESTABLISHED -j ACCEPT -A INPUT -m conntrack --ctstate RELATED -j ACCEPT @@ -51,13 +60,4 @@ -A f_mail -j NFLOG --nflog-prefix "IPv6 F_MAIL Reject " --nflog-threshold 1 -A f_mail -j REJECT --reject-with icmp6-port-unreachable COMMIT -# Completed on Tue Oct 16 00:21:02 2018 -# Generated by ip6tables-save v1.6.1 on Tue Oct 16 00:21:02 2018 -*mangle -:PREROUTING ACCEPT [11374:3621678] -:INPUT ACCEPT [2040:328327] -:FORWARD ACCEPT [0:0] -:OUTPUT ACCEPT [695:85927] -:POSTROUTING ACCEPT [1276:164781] -COMMIT -# Completed on Tue Oct 16 00:21:02 2018 +# Completed on Sat Jun 8 21:20:42 2019 -- 2.39.5