maybe chmod 0644 'alternatives/README'
maybe chmod 0755 'apache2'
maybe chmod 0644 'apache2/apache2.conf'
-maybe chmod 0644 'apache2/apache2.conf.dpkg-dist'
maybe chmod 0755 'apache2/conf-available'
maybe chmod 0644 'apache2/conf-available/charset.conf'
maybe chmod 0644 'apache2/conf-available/custom-log.conf'
maybe chmod 0644 'apache2/sites-available/000-default.conf'
maybe chmod 0644 'apache2/sites-available/default-include.conf'
maybe chmod 0644 'apache2/sites-available/default-ssl.conf'
-maybe chmod 0644 'apache2/sites-available/default-ssl.conf.dpkg-dist'
maybe chmod 0644 'apache2/sites-available/gitweb-le-ssl.conf'
maybe chmod 0644 'apache2/sites-available/gitweb.conf'
maybe chmod 0755 'apache2/sites-enabled'
maybe chmod 0755 'binfmt.d'
maybe chmod 0755 'ca-certificates'
maybe chmod 0644 'ca-certificates.conf'
-maybe chmod 0644 'ca-certificates.conf.dpkg-old'
maybe chmod 0755 'ca-certificates/update.d'
maybe chmod 0755 'calendar'
maybe chmod 0644 'calendar/default'
maybe chmod 0644 'dhcp/dhclient-exit-hooks.d/chrony'
maybe chmod 0644 'dhcpcd.conf'
maybe chmod 0644 'dhcpcd.conf.bak'
-maybe chmod 0644 'dhcpcd.conf.dpkg-dist'
maybe chmod 0644 'dhcpcd.duid'
maybe chmod 0400 'dhcpcd.secret'
maybe chmod 0755 'dictionaries-common'
maybe chmod 0755 'logrotate.d'
maybe chmod 0755 'logrotate.d/.from-pkg'
maybe chmod 0755 'logrotate.d/.from-pkg/2021-02-03'
+maybe chmod 0644 'logrotate.d/.from-pkg/2021-02-03/apache2'
+maybe chmod 0644 'logrotate.d/.from-pkg/2021-02-03/chrony'
+maybe chmod 0644 'logrotate.d/.from-pkg/2021-02-03/dpkg'
+maybe chmod 0644 'logrotate.d/.from-pkg/2021-02-03/rsyslog'
+maybe chmod 0644 'logrotate.d/.from-pkg/2021-02-03/ulogd2'
+maybe chmod 0755 'logrotate.d/.from-pkg/2021-09-15'
+maybe chmod 0644 'logrotate.d/.from-pkg/2021-09-15/apache2'
+maybe chmod 0644 'logrotate.d/.from-pkg/2021-09-15/fail2ban'
+maybe chmod 0644 'logrotate.d/.from-pkg/2021-09-15/logrotate.conf'
+maybe chmod 0644 'logrotate.d/.from-pkg/2021-09-15/rsyslog'
maybe chmod 0644 'logrotate.d/alternatives'
maybe chmod 0644 'logrotate.d/apache2'
maybe chmod 0644 'logrotate.d/apt'
#
Mutex file:${APACHE_LOCK_DIR} default
+#
+# The directory where shm and other runtime files will be stored.
+#
+
+DefaultRuntimeDir ${APACHE_RUN_DIR}
+
#
# PidFile: The file in which the server should record its process
# identification number when it starts.
+++ /dev/null
-# This is the main Apache server configuration file. It contains the
-# configuration directives that give the server its instructions.
-# See http://httpd.apache.org/docs/2.4/ for detailed information about
-# the directives and /usr/share/doc/apache2/README.Debian about Debian specific
-# hints.
-#
-#
-# Summary of how the Apache 2 configuration works in Debian:
-# The Apache 2 web server configuration in Debian is quite different to
-# upstream's suggested way to configure the web server. This is because Debian's
-# default Apache2 installation attempts to make adding and removing modules,
-# virtual hosts, and extra configuration directives as flexible as possible, in
-# order to make automating the changes and administering the server as easy as
-# possible.
-
-# It is split into several files forming the configuration hierarchy outlined
-# below, all located in the /etc/apache2/ directory:
-#
-# /etc/apache2/
-# |-- apache2.conf
-# | `-- ports.conf
-# |-- mods-enabled
-# | |-- *.load
-# | `-- *.conf
-# |-- conf-enabled
-# | `-- *.conf
-# `-- sites-enabled
-# `-- *.conf
-#
-#
-# * apache2.conf is the main configuration file (this file). It puts the pieces
-# together by including all remaining configuration files when starting up the
-# web server.
-#
-# * ports.conf is always included from the main configuration file. It is
-# supposed to determine listening ports for incoming connections which can be
-# customized anytime.
-#
-# * Configuration files in the mods-enabled/, conf-enabled/ and sites-enabled/
-# directories contain particular configuration snippets which manage modules,
-# global configuration fragments, or virtual host configurations,
-# respectively.
-#
-# They are activated by symlinking available configuration files from their
-# respective *-available/ counterparts. These should be managed by using our
-# helpers a2enmod/a2dismod, a2ensite/a2dissite and a2enconf/a2disconf. See
-# their respective man pages for detailed information.
-#
-# * The binary is called apache2. Due to the use of environment variables, in
-# the default configuration, apache2 needs to be started/stopped with
-# /etc/init.d/apache2 or apache2ctl. Calling /usr/bin/apache2 directly will not
-# work with the default configuration.
-
-
-# Global configuration
-#
-
-#
-# ServerRoot: The top of the directory tree under which the server's
-# configuration, error, and log files are kept.
-#
-# NOTE! If you intend to place this on an NFS (or otherwise network)
-# mounted filesystem then please read the Mutex documentation (available
-# at <URL:http://httpd.apache.org/docs/2.4/mod/core.html#mutex>);
-# you will save yourself a lot of trouble.
-#
-# Do NOT add a slash at the end of the directory path.
-#
-#ServerRoot "/etc/apache2"
-
-#
-# The accept serialization lock file MUST BE STORED ON A LOCAL DISK.
-#
-#Mutex file:${APACHE_LOCK_DIR} default
-
-#
-# The directory where shm and other runtime files will be stored.
-#
-
-DefaultRuntimeDir ${APACHE_RUN_DIR}
-
-#
-# PidFile: The file in which the server should record its process
-# identification number when it starts.
-# This needs to be set in /etc/apache2/envvars
-#
-PidFile ${APACHE_PID_FILE}
-
-#
-# Timeout: The number of seconds before receives and sends time out.
-#
-Timeout 300
-
-#
-# KeepAlive: Whether or not to allow persistent connections (more than
-# one request per connection). Set to "Off" to deactivate.
-#
-KeepAlive On
-
-#
-# MaxKeepAliveRequests: The maximum number of requests to allow
-# during a persistent connection. Set to 0 to allow an unlimited amount.
-# We recommend you leave this number high, for maximum performance.
-#
-MaxKeepAliveRequests 100
-
-#
-# KeepAliveTimeout: Number of seconds to wait for the next request from the
-# same client on the same connection.
-#
-KeepAliveTimeout 5
-
-
-# These need to be set in /etc/apache2/envvars
-User ${APACHE_RUN_USER}
-Group ${APACHE_RUN_GROUP}
-
-#
-# HostnameLookups: Log the names of clients or just their IP addresses
-# e.g., www.apache.org (on) or 204.62.129.132 (off).
-# The default is off because it'd be overall better for the net if people
-# had to knowingly turn this feature on, since enabling it means that
-# each client request will result in AT LEAST one lookup request to the
-# nameserver.
-#
-HostnameLookups Off
-
-# ErrorLog: The location of the error log file.
-# If you do not specify an ErrorLog directive within a <VirtualHost>
-# container, error messages relating to that virtual host will be
-# logged here. If you *do* define an error logfile for a <VirtualHost>
-# container, that host's errors will be logged there and not here.
-#
-ErrorLog ${APACHE_LOG_DIR}/error.log
-
-#
-# LogLevel: Control the severity of messages logged to the error_log.
-# Available values: trace8, ..., trace1, debug, info, notice, warn,
-# error, crit, alert, emerg.
-# It is also possible to configure the log level for particular modules, e.g.
-# "LogLevel info ssl:warn"
-#
-LogLevel warn
-
-# Include module configuration:
-IncludeOptional mods-enabled/*.load
-IncludeOptional mods-enabled/*.conf
-
-# Include list of ports to listen on
-Include ports.conf
-
-
-# Sets the default security model of the Apache2 HTTPD server. It does
-# not allow access to the root filesystem outside of /usr/share and /var/www.
-# The former is used by web applications packaged in Debian,
-# the latter may be used for local directories served by the web server. If
-# your system is serving content from a sub-directory in /srv you must allow
-# access here, or in any related virtual host.
-<Directory />
- Options FollowSymLinks
- AllowOverride None
- Require all denied
-</Directory>
-
-<Directory /usr/share>
- AllowOverride None
- Require all granted
-</Directory>
-
-<Directory /var/www/>
- Options Indexes FollowSymLinks
- AllowOverride None
- Require all granted
-</Directory>
-
-#<Directory /srv/>
-# Options Indexes FollowSymLinks
-# AllowOverride None
-# Require all granted
-#</Directory>
-
-
-
-
-# AccessFileName: The name of the file to look for in each directory
-# for additional configuration directives. See also the AllowOverride
-# directive.
-#
-AccessFileName .htaccess
-
-#
-# The following lines prevent .htaccess and .htpasswd files from being
-# viewed by Web clients.
-#
-<FilesMatch "^\.ht">
- Require all denied
-</FilesMatch>
-
-
-#
-# The following directives define some format nicknames for use with
-# a CustomLog directive.
-#
-# These deviate from the Common Log Format definitions in that they use %O
-# (the actual bytes sent including headers) instead of %b (the size of the
-# requested file), because the latter makes it impossible to detect partial
-# requests.
-#
-# Note that the use of %{X-Forwarded-For}i instead of %h is not recommended.
-# Use mod_remoteip instead.
-#
-LogFormat "%v:%p %h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" vhost_combined
-LogFormat "%h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" combined
-LogFormat "%h %l %u %t \"%r\" %>s %O" common
-LogFormat "%{Referer}i -> %U" referer
-LogFormat "%{User-agent}i" agent
-
-# Include of directories ignores editors' and dpkg's backup files,
-# see README.Debian for details.
-
-# Include generic snippets of statements
-IncludeOptional conf-enabled/*.conf
-
-# Include the virtual host configurations:
-IncludeOptional sites-enabled/*.conf
-
-# vim: syntax=apache ts=4 sw=4 sts=4 sr noet
+++ /dev/null
-<IfModule mod_ssl.c>
- <VirtualHost _default_:443>
- ServerAdmin webmaster@localhost
-
- DocumentRoot /var/www/html
-
- # Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
- # error, crit, alert, emerg.
- # It is also possible to configure the loglevel for particular
- # modules, e.g.
- #LogLevel info ssl:warn
-
- ErrorLog ${APACHE_LOG_DIR}/error.log
- CustomLog ${APACHE_LOG_DIR}/access.log combined
-
- # For most configuration files from conf-available/, which are
- # enabled or disabled at a global level, it is possible to
- # include a line for only one particular virtual host. For example the
- # following line enables the CGI configuration for this host only
- # after it has been globally disabled with "a2disconf".
- #Include conf-available/serve-cgi-bin.conf
-
- # SSL Engine Switch:
- # Enable/Disable SSL for this virtual host.
- SSLEngine on
-
- # A self-signed (snakeoil) certificate can be created by installing
- # the ssl-cert package. See
- # /usr/share/doc/apache2/README.Debian.gz for more info.
- # If both key and certificate are stored in the same file, only the
- # SSLCertificateFile directive is needed.
- SSLCertificateFile /etc/ssl/certs/ssl-cert-snakeoil.pem
- SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key
-
- # Server Certificate Chain:
- # Point SSLCertificateChainFile at a file containing the
- # concatenation of PEM encoded CA certificates which form the
- # certificate chain for the server certificate. Alternatively
- # the referenced file can be the same as SSLCertificateFile
- # when the CA certificates are directly appended to the server
- # certificate for convinience.
- #SSLCertificateChainFile /etc/apache2/ssl.crt/server-ca.crt
-
- # Certificate Authority (CA):
- # Set the CA certificate verification path where to find CA
- # certificates for client authentication or alternatively one
- # huge file containing all of them (file must be PEM encoded)
- # Note: Inside SSLCACertificatePath you need hash symlinks
- # to point to the certificate files. Use the provided
- # Makefile to update the hash symlinks after changes.
- #SSLCACertificatePath /etc/ssl/certs/
- #SSLCACertificateFile /etc/apache2/ssl.crt/ca-bundle.crt
-
- # Certificate Revocation Lists (CRL):
- # Set the CA revocation path where to find CA CRLs for client
- # authentication or alternatively one huge file containing all
- # of them (file must be PEM encoded)
- # Note: Inside SSLCARevocationPath you need hash symlinks
- # to point to the certificate files. Use the provided
- # Makefile to update the hash symlinks after changes.
- #SSLCARevocationPath /etc/apache2/ssl.crl/
- #SSLCARevocationFile /etc/apache2/ssl.crl/ca-bundle.crl
-
- # Client Authentication (Type):
- # Client certificate verification type and depth. Types are
- # none, optional, require and optional_no_ca. Depth is a
- # number which specifies how deeply to verify the certificate
- # issuer chain before deciding the certificate is not valid.
- #SSLVerifyClient require
- #SSLVerifyDepth 10
-
- # SSL Engine Options:
- # Set various options for the SSL engine.
- # o FakeBasicAuth:
- # Translate the client X.509 into a Basic Authorisation. This means that
- # the standard Auth/DBMAuth methods can be used for access control. The
- # user name is the `one line' version of the client's X.509 certificate.
- # Note that no password is obtained from the user. Every entry in the user
- # file needs this password: `xxj31ZMTZzkVA'.
- # o ExportCertData:
- # This exports two additional environment variables: SSL_CLIENT_CERT and
- # SSL_SERVER_CERT. These contain the PEM-encoded certificates of the
- # server (always existing) and the client (only existing when client
- # authentication is used). This can be used to import the certificates
- # into CGI scripts.
- # o StdEnvVars:
- # This exports the standard SSL/TLS related `SSL_*' environment variables.
- # Per default this exportation is switched off for performance reasons,
- # because the extraction step is an expensive operation and is usually
- # useless for serving static content. So one usually enables the
- # exportation for CGI and SSI requests only.
- # o OptRenegotiate:
- # This enables optimized SSL connection renegotiation handling when SSL
- # directives are used in per-directory context.
- #SSLOptions +FakeBasicAuth +ExportCertData +StrictRequire
- <FilesMatch "\.(cgi|shtml|phtml|php)$">
- SSLOptions +StdEnvVars
- </FilesMatch>
- <Directory /usr/lib/cgi-bin>
- SSLOptions +StdEnvVars
- </Directory>
-
- # SSL Protocol Adjustments:
- # The safe and default but still SSL/TLS standard compliant shutdown
- # approach is that mod_ssl sends the close notify alert but doesn't wait for
- # the close notify alert from client. When you need a different shutdown
- # approach you can use one of the following variables:
- # o ssl-unclean-shutdown:
- # This forces an unclean shutdown when the connection is closed, i.e. no
- # SSL close notify alert is send or allowed to received. This violates
- # the SSL/TLS standard but is needed for some brain-dead browsers. Use
- # this when you receive I/O errors because of the standard approach where
- # mod_ssl sends the close notify alert.
- # o ssl-accurate-shutdown:
- # This forces an accurate shutdown when the connection is closed, i.e. a
- # SSL close notify alert is send and mod_ssl waits for the close notify
- # alert of the client. This is 100% SSL/TLS standard compliant, but in
- # practice often causes hanging connections with brain-dead browsers. Use
- # this only for browsers where you know that their SSL implementation
- # works correctly.
- # Notice: Most problems of broken clients are also related to the HTTP
- # keep-alive facility, so you usually additionally want to disable
- # keep-alive for those clients, too. Use variable "nokeepalive" for this.
- # Similarly, one has to force some clients to use HTTP/1.0 to workaround
- # their broken HTTP/1.1 implementation. Use variables "downgrade-1.0" and
- # "force-response-1.0" for this.
- # BrowserMatch "MSIE [2-6]" \
- # nokeepalive ssl-unclean-shutdown \
- # downgrade-1.0 force-response-1.0
-
- </VirtualHost>
-</IfModule>
-
-# vim: syntax=apache ts=4 sw=4 sts=4 sr noet
// prime the server with knowledge of the root servers
zone "." {
type hint;
- file "/etc/bind/db.root";
+ file "/usr/share/dns/root.hints";
};
// be authoritative for the localhost forward and reverse zones, and for
// to talk to, you may need to fix the firewall to allow multiple
// ports to talk. See http://www.kb.cert.org/vuls/id/800113
- // If your ISP provided one or more IP addresses for stable
- // nameservers, you probably want to use them as forwarders.
- // Uncomment the following block, and insert the addresses replacing
+ // If your ISP provided one or more IP addresses for stable
+ // nameservers, you probably want to use them as forwarders.
+ // Uncomment the following block, and insert the addresses replacing
// the all-0's placeholder.
// forwarders {
+++ /dev/null
-# This file lists certificates that you wish to use or to ignore to be
-# installed in /etc/ssl/certs.
-# update-ca-certificates(8) will update /etc/ssl/certs by reading this file.
-#
-# This is autogenerated by dpkg-reconfigure ca-certificates.
-# Certificates should be installed under /usr/share/ca-certificates
-# and files with extension '.crt' is recognized as available certs.
-#
-# line begins with # is comment.
-# line begins with ! is certificate filename to be deselected.
-#
-mozilla/ACCVRAIZ1.crt
-!mozilla/ACEDICOM_Root.crt
-!mozilla/AC_Raíz_Certicámara_S.A..crt
-mozilla/Actalis_Authentication_Root_CA.crt
-!mozilla/AddTrust_External_Root.crt
-!mozilla/AddTrust_Low-Value_Services_Root.crt
-!mozilla/AddTrust_Public_Services_Root.crt
-!mozilla/AddTrust_Qualified_Certificates_Root.crt
-mozilla/AffirmTrust_Commercial.crt
-mozilla/AffirmTrust_Networking.crt
-mozilla/AffirmTrust_Premium.crt
-mozilla/AffirmTrust_Premium_ECC.crt
-!mozilla/America_Online_Root_Certification_Authority_1.crt
-!mozilla/America_Online_Root_Certification_Authority_2.crt
-!mozilla/ApplicationCA_-_Japanese_Government.crt
-mozilla/Atos_TrustedRoot_2011.crt
-!mozilla/A-Trust-nQual-03.crt
-mozilla/Autoridad_de_Certificacion_Firmaprofesional_CIF_A62634068.crt
-mozilla/Baltimore_CyberTrust_Root.crt
-!mozilla/Buypass_Class_2_CA_1.crt
-mozilla/Buypass_Class_2_Root_CA.crt
-!mozilla/Buypass_Class_3_CA_1.crt
-mozilla/Buypass_Class_3_Root_CA.crt
-!mozilla/CA_Disig.crt
-!mozilla/CA_Disig_Root_R1.crt
-mozilla/CA_Disig_Root_R2.crt
-!mozilla/Camerfirma_Chambers_of_Commerce_Root.crt
-!mozilla/Camerfirma_Global_Chambersign_Root.crt
-mozilla/Certigna.crt
-!mozilla/Certinomis_-_Autorité_Racine.crt
-!mozilla/Certplus_Class_2_Primary_CA.crt
-mozilla/certSIGN_ROOT_CA.crt
-!mozilla/Certum_Root_CA.crt
-mozilla/Certum_Trusted_Network_CA.crt
-mozilla/Chambers_of_Commerce_Root_-_2008.crt
-!mozilla/China_Internet_Network_Information_Center_EV_Certificates_Root.crt
-!mozilla/CNNIC_ROOT.crt
-mozilla/Comodo_AAA_Services_root.crt
-mozilla/COMODO_Certification_Authority.crt
-mozilla/COMODO_ECC_Certification_Authority.crt
-!mozilla/Comodo_Secure_Services_root.crt
-!mozilla/Comodo_Trusted_Services_root.crt
-!mozilla/ComSign_CA.crt
-!mozilla/ComSign_Secured_CA.crt
-mozilla/Cybertrust_Global_Root.crt
-!mozilla/Deutsche_Telekom_Root_CA_2.crt
-mozilla/DigiCert_Assured_ID_Root_CA.crt
-mozilla/DigiCert_Assured_ID_Root_G2.crt
-mozilla/DigiCert_Assured_ID_Root_G3.crt
-mozilla/DigiCert_Global_Root_CA.crt
-mozilla/DigiCert_Global_Root_G2.crt
-mozilla/DigiCert_Global_Root_G3.crt
-mozilla/DigiCert_High_Assurance_EV_Root_CA.crt
-mozilla/DigiCert_Trusted_Root_G4.crt
-!mozilla/Digital_Signature_Trust_Co._Global_CA_1.crt
-!mozilla/Digital_Signature_Trust_Co._Global_CA_3.crt
-!mozilla/DST_ACES_CA_X6.crt
-mozilla/DST_Root_CA_X3.crt
-mozilla/D-TRUST_Root_Class_3_CA_2_2009.crt
-mozilla/D-TRUST_Root_Class_3_CA_2_EV_2009.crt
-!mozilla/EBG_Elektronik_Sertifika_Hizmet_Sağlayıcısı.crt
-mozilla/EC-ACC.crt
-mozilla/EE_Certification_Centre_Root_CA.crt
-!mozilla/E-Guven_Kok_Elektronik_Sertifika_Hizmet_Saglayicisi.crt
-mozilla/Entrust.net_Premium_2048_Secure_Server_CA.crt
-mozilla/Entrust_Root_Certification_Authority.crt
-mozilla/ePKI_Root_Certification_Authority.crt
-!mozilla/Equifax_Secure_CA.crt
-!mozilla/Equifax_Secure_eBusiness_CA_1.crt
-!mozilla/Equifax_Secure_Global_eBusiness_CA.crt
-mozilla/E-Tugra_Certification_Authority.crt
-!mozilla/GeoTrust_Global_CA_2.crt
-!mozilla/GeoTrust_Global_CA.crt
-!mozilla/GeoTrust_Primary_Certification_Authority.crt
-!mozilla/GeoTrust_Primary_Certification_Authority_-_G2.crt
-!mozilla/GeoTrust_Primary_Certification_Authority_-_G3.crt
-mozilla/GeoTrust_Universal_CA_2.crt
-!mozilla/GeoTrust_Universal_CA.crt
-mozilla/Global_Chambersign_Root_-_2008.crt
-mozilla/GlobalSign_Root_CA.crt
-mozilla/GlobalSign_Root_CA_-_R2.crt
-mozilla/GlobalSign_Root_CA_-_R3.crt
-mozilla/Go_Daddy_Class_2_CA.crt
-mozilla/Go_Daddy_Root_Certificate_Authority_-_G2.crt
-!mozilla/GTE_CyberTrust_Global_Root.crt
-mozilla/Hellenic_Academic_and_Research_Institutions_RootCA_2011.crt
-mozilla/Hongkong_Post_Root_CA_1.crt
-!mozilla/IGC_A.crt
-mozilla/Izenpe.com.crt
-!mozilla/Juur-SK.crt
-mozilla/Microsec_e-Szigno_Root_CA_2009.crt
-!mozilla/Microsec_e-Szigno_Root_CA.crt
-mozilla/NetLock_Arany_=Class_Gold=_Főtanúsítvány.crt
-!mozilla/NetLock_Business_=Class_B=_Root.crt
-!mozilla/NetLock_Express_=Class_C=_Root.crt
-!mozilla/NetLock_Notary_=Class_A=_Root.crt
-!mozilla/NetLock_Qualified_=Class_QA=_Root.crt
-mozilla/Network_Solutions_Certificate_Authority.crt
-mozilla/OISTE_WISeKey_Global_Root_GA_CA.crt
-!mozilla/PSCProcert.crt
-mozilla/QuoVadis_Root_CA_1_G3.crt
-mozilla/QuoVadis_Root_CA_2.crt
-mozilla/QuoVadis_Root_CA_2_G3.crt
-mozilla/QuoVadis_Root_CA_3.crt
-mozilla/QuoVadis_Root_CA_3_G3.crt
-mozilla/QuoVadis_Root_CA.crt
-!mozilla/Root_CA_Generalitat_Valenciana.crt
-!mozilla/RSA_Security_2048_v3.crt
-mozilla/Secure_Global_CA.crt
-mozilla/SecureSign_RootCA11.crt
-mozilla/SecureTrust_CA.crt
-!mozilla/Security_Communication_EV_RootCA1.crt
-mozilla/Security_Communication_RootCA2.crt
-mozilla/Security_Communication_Root_CA.crt
-!mozilla/SG_TRUST_SERVICES_RACINE.crt
-!mozilla/Sonera_Class_1_Root_CA.crt
-mozilla/Sonera_Class_2_Root_CA.crt
-!mozilla/Staat_der_Nederlanden_Root_CA.crt
-mozilla/Staat_der_Nederlanden_Root_CA_-_G2.crt
-mozilla/Starfield_Class_2_CA.crt
-mozilla/Starfield_Root_Certificate_Authority_-_G2.crt
-mozilla/Starfield_Services_Root_Certificate_Authority_-_G2.crt
-!mozilla/StartCom_Certification_Authority_2.crt
-!mozilla/StartCom_Certification_Authority.crt
-!mozilla/StartCom_Certification_Authority_G2.crt
-!mozilla/S-TRUST_Authentication_and_Encryption_Root_CA_2005_PN.crt
-!mozilla/Swisscom_Root_CA_1.crt
-!mozilla/Swisscom_Root_CA_2.crt
-!mozilla/Swisscom_Root_EV_CA_2.crt
-mozilla/SwissSign_Gold_CA_-_G2.crt
-!mozilla/SwissSign_Platinum_CA_-_G2.crt
-mozilla/SwissSign_Silver_CA_-_G2.crt
-mozilla/Taiwan_GRCA.crt
-!mozilla/TC_TrustCenter_Class_2_CA_II.crt
-!mozilla/TC_TrustCenter_Class_3_CA_II.crt
-!mozilla/TC_TrustCenter_Universal_CA_I.crt
-mozilla/TeliaSonera_Root_CA_v1.crt
-!mozilla/Thawte_Premium_Server_CA.crt
-!mozilla/thawte_Primary_Root_CA.crt
-!mozilla/thawte_Primary_Root_CA_-_G2.crt
-!mozilla/thawte_Primary_Root_CA_-_G3.crt
-!mozilla/Thawte_Server_CA.crt
-mozilla/Trustis_FPS_Root_CA.crt
-mozilla/T-TeleSec_GlobalRoot_Class_2.crt
-mozilla/T-TeleSec_GlobalRoot_Class_3.crt
-!mozilla/TÜBİTAK_UEKAE_Kök_Sertifika_Hizmet_Sağlayıcısı_-_Sürüm_3.crt
-!mozilla/TURKTRUST_Certificate_Services_Provider_Root_1.crt
-!mozilla/TURKTRUST_Certificate_Services_Provider_Root_2007.crt
-!mozilla/TURKTRUST_Certificate_Services_Provider_Root_2.crt
-mozilla/TWCA_Global_Root_CA.crt
-mozilla/TWCA_Root_Certification_Authority.crt
-!mozilla/UTN_DATACorp_SGC_Root_CA.crt
-!mozilla/UTN_USERFirst_Email_Root_CA.crt
-!mozilla/UTN_USERFirst_Hardware_Root_CA.crt
-!mozilla/Verisign_Class_1_Public_Primary_Certification_Authority.crt
-!mozilla/Verisign_Class_1_Public_Primary_Certification_Authority_-_G2.crt
-!mozilla/Verisign_Class_1_Public_Primary_Certification_Authority_-_G3.crt
-!mozilla/Verisign_Class_2_Public_Primary_Certification_Authority_-_G2.crt
-!mozilla/Verisign_Class_2_Public_Primary_Certification_Authority_-_G3.crt
-!mozilla/Verisign_Class_3_Public_Primary_Certification_Authority_2.crt
-!mozilla/Verisign_Class_3_Public_Primary_Certification_Authority.crt
-!mozilla/Verisign_Class_3_Public_Primary_Certification_Authority_-_G2.crt
-mozilla/Verisign_Class_3_Public_Primary_Certification_Authority_-_G3.crt
-!mozilla/VeriSign_Class_3_Public_Primary_Certification_Authority_-_G4.crt
-!mozilla/VeriSign_Class_3_Public_Primary_Certification_Authority_-_G5.crt
-!mozilla/Verisign_Class_4_Public_Primary_Certification_Authority_-_G3.crt
-!mozilla/VeriSign_Universal_Root_Certification_Authority.crt
-!mozilla/Visa_eCommerce_Root.crt
-!mozilla/WellsSecure_Public_Root_Certificate_Authority.crt
-!mozilla/WoSign_China.crt
-!mozilla/WoSign.crt
-mozilla/XRamp_Global_CA_Root.crt
-!spi-inc.org/spi-cacert-2008.crt
-!mozilla/CA_WoSign_ECC_Root.crt
-!mozilla/Certification_Authority_of_WoSign_G2.crt
-!mozilla/Certinomis_-_Root_CA.crt
-mozilla/CFCA_EV_ROOT.crt
-mozilla/COMODO_RSA_Certification_Authority.crt
-mozilla/Entrust_Root_Certification_Authority_-_EC1.crt
-mozilla/Entrust_Root_Certification_Authority_-_G2.crt
-mozilla/GlobalSign_ECC_Root_CA_-_R4.crt
-mozilla/GlobalSign_ECC_Root_CA_-_R5.crt
-mozilla/IdenTrust_Commercial_Root_CA_1.crt
-mozilla/IdenTrust_Public_Sector_Root_CA_1.crt
-mozilla/OISTE_WISeKey_Global_Root_GB_CA.crt
-mozilla/Staat_der_Nederlanden_EV_Root_CA.crt
-mozilla/Staat_der_Nederlanden_Root_CA_-_G3.crt
-!mozilla/S-TRUST_Universal_Root_CA.crt
-!mozilla/TÜRKTRUST_Elektronik_Sertifika_Hizmet_Sağlayıcısı_H5.crt
-!mozilla/TÜRKTRUST_Elektronik_Sertifika_Hizmet_Sağlayıcısı_H6.crt
-mozilla/USERTrust_ECC_Certification_Authority.crt
-mozilla/USERTrust_RSA_Certification_Authority.crt
-!mozilla/Certplus_Root_CA_G1.crt
-!mozilla/Certplus_Root_CA_G2.crt
-mozilla/Certum_Trusted_Network_CA_2.crt
-mozilla/Hellenic_Academic_and_Research_Institutions_ECC_RootCA_2015.crt
-mozilla/Hellenic_Academic_and_Research_Institutions_RootCA_2015.crt
-mozilla/ISRG_Root_X1.crt
-!mozilla/OpenTrust_Root_CA_G1.crt
-!mozilla/OpenTrust_Root_CA_G2.crt
-!mozilla/OpenTrust_Root_CA_G3.crt
-mozilla/SZAFIR_ROOT_CA2.crt
-mozilla/AC_RAIZ_FNMT-RCM.crt
-mozilla/Amazon_Root_CA_1.crt
-mozilla/Amazon_Root_CA_2.crt
-mozilla/Amazon_Root_CA_3.crt
-mozilla/Amazon_Root_CA_4.crt
-!mozilla/D-TRUST_Root_CA_3_2013.crt
-mozilla/GDCA_TrustAUTH_R5_ROOT.crt
-mozilla/LuxTrust_Global_Root_2.crt
-mozilla/SSL.com_EV_Root_Certification_Authority_ECC.crt
-mozilla/SSL.com_EV_Root_Certification_Authority_RSA_R2.crt
-mozilla/SSL.com_Root_Certification_Authority_ECC.crt
-mozilla/SSL.com_Root_Certification_Authority_RSA.crt
-!mozilla/Symantec_Class_1_Public_Primary_Certification_Authority_-_G4.crt
-!mozilla/Symantec_Class_1_Public_Primary_Certification_Authority_-_G6.crt
-!mozilla/Symantec_Class_2_Public_Primary_Certification_Authority_-_G4.crt
-!mozilla/Symantec_Class_2_Public_Primary_Certification_Authority_-_G6.crt
-mozilla/TrustCor_ECA-1.crt
-mozilla/TrustCor_RootCert_CA-1.crt
-mozilla/TrustCor_RootCert_CA-2.crt
-mozilla/TUBITAK_Kamu_SM_SSL_Kok_Sertifikasi_-_Surum_1.crt
-mozilla/GlobalSign_Root_CA_-_R6.crt
-mozilla/OISTE_WISeKey_Global_Root_GC_CA.crt
-mozilla/Certigna_Root_CA.crt
-mozilla/emSign_ECC_Root_CA_-_C3.crt
-mozilla/emSign_ECC_Root_CA_-_G3.crt
-mozilla/emSign_Root_CA_-_C1.crt
-mozilla/emSign_Root_CA_-_G1.crt
-mozilla/Entrust_Root_Certification_Authority_-_G4.crt
-mozilla/GTS_Root_R1.crt
-mozilla/GTS_Root_R2.crt
-mozilla/GTS_Root_R3.crt
-mozilla/GTS_Root_R4.crt
-mozilla/Hongkong_Post_Root_CA_3.crt
-mozilla/UCA_Extended_Validation_Root.crt
-mozilla/UCA_Global_G2_Root.crt
SLAPD_GROUP="openldap"
# Path to the pid file of the slapd server. If not set the init.d script
-# will try to figure it out from $SLAPD_CONF (/etc/ldap/slapd.conf by
+# will try to figure it out from $SLAPD_CONF (/etc/ldap/slapd.d by
# default)
SLAPD_PIDFILE=
# A list of options to request from the DHCP server.
option domain_name_servers, domain_name, domain_search, host_name
option classless_static_routes
-# Most distributions have NTP support.
-option ntp_servers
# Respect the network MTU. This is applied to DHCP routes.
option interface_mtu
+# Most distributions have NTP support.
+option ntp_servers
+
# A ServerID is required by RFC2131.
require dhcp_server_identifier
-# Generate Stable Private IPv6 Addresses instead of hardware based ones
-#slaac private
+# Generate SLAAC address using the Hardware Address of the interface
slaac hwaddr
+# OR generate Stable Private IPv6 Addresses based from the DUID
+#slaac private
# A hook script is provided to lookup the hostname if not set by the DHCP
# server, but it should not be run by default.
+++ /dev/null
-# A sample configuration for dhcpcd.
-# See dhcpcd.conf(5) for details.
-
-# Allow users of this group to interact with dhcpcd via the control socket.
-#controlgroup wheel
-
-# Inform the DHCP server of our hostname for DDNS.
-hostname
-
-# Use the hardware address of the interface for the Client ID.
-#clientid
-# or
-# Use the same DUID + IAID as set in DHCPv6 for DHCPv4 ClientID as per RFC4361.
-# Some non-RFC compliant DHCP servers do not reply with this set.
-# In this case, comment out duid and enable clientid above.
-duid
-
-# Persist interface configuration when dhcpcd exits.
-persistent
-
-# Rapid commit support.
-# Safe to enable by default because it requires the equivalent option set
-# on the server to actually work.
-option rapid_commit
-
-# A list of options to request from the DHCP server.
-option domain_name_servers, domain_name, domain_search, host_name
-option classless_static_routes
-# Respect the network MTU. This is applied to DHCP routes.
-option interface_mtu
-
-# Most distributions have NTP support.
-#option ntp_servers
-
-# A ServerID is required by RFC2131.
-require dhcp_server_identifier
-
-# Generate SLAAC address using the Hardware Address of the interface
-#slaac hwaddr
-# OR generate Stable Private IPv6 Addresses based from the DUID
-slaac private
# see "man logrotate" for details
+
+# global options do not affect preceding include directives
+
# rotate log files weekly
weekly
# packages drop log rotation information into this directory
include /etc/logrotate.d
-# system-specific logs may be configured here
+# system-specific logs may also be configured here.
--- /dev/null
+/var/log/apache2/*.log {
+ daily
+ missingok
+ rotate 14
+ compress
+ delaycompress
+ notifempty
+ create 640 root adm
+ sharedscripts
+ postrotate
+ if invoke-rc.d apache2 status > /dev/null 2>&1; then \
+ invoke-rc.d apache2 reload > /dev/null 2>&1; \
+ fi;
+ endscript
+ prerotate
+ if [ -d /etc/logrotate.d/httpd-prerotate ]; then \
+ run-parts /etc/logrotate.d/httpd-prerotate; \
+ fi; \
+ endscript
+}
--- /dev/null
+/var/log/chrony/*.log {
+ missingok
+ nocreate
+ sharedscripts
+ postrotate
+ /usr/bin/chronyc cyclelogs > /dev/null 2>&1 || true
+ endscript
+}
--- /dev/null
+/var/log/dpkg.log {
+ monthly
+ rotate 12
+ compress
+ delaycompress
+ missingok
+ notifempty
+ create 644 root root
+}
--- /dev/null
+/var/log/syslog
+{
+ rotate 7
+ daily
+ missingok
+ notifempty
+ delaycompress
+ compress
+ postrotate
+ /usr/lib/rsyslog/rsyslog-rotate
+ endscript
+}
+
+/var/log/mail.info
+/var/log/mail.warn
+/var/log/mail.err
+/var/log/mail.log
+/var/log/daemon.log
+/var/log/kern.log
+/var/log/auth.log
+/var/log/user.log
+/var/log/lpr.log
+/var/log/cron.log
+/var/log/debug
+/var/log/messages
+{
+ rotate 4
+ weekly
+ missingok
+ notifempty
+ compress
+ delaycompress
+ sharedscripts
+ postrotate
+ /usr/lib/rsyslog/rsyslog-rotate
+ endscript
+}
--- /dev/null
+/var/log/ulog/*.log /var/log/ulog/*.pcap {
+ missingok
+ compress
+ delaycompress
+ sharedscripts
+ create 640 ulog adm
+ postrotate
+ if [ -d /run/systemd/system ] && command systemctl >/dev/null 2>&1 && systemctl is-active --quiet ulogd2.service; then
+ systemctl kill --kill-who main --signal=SIGHUP ulogd2.service
+ else
+ invoke-rc.d ulogd2 reload > /dev/null
+ fi
+ endscript
+}
--- /dev/null
+/var/log/apache2/*.log {
+ daily
+ missingok
+ rotate 14
+ compress
+ delaycompress
+ notifempty
+ create 640 root adm
+ sharedscripts
+ prerotate
+ if [ -d /etc/logrotate.d/httpd-prerotate ]; then
+ run-parts /etc/logrotate.d/httpd-prerotate
+ fi
+ endscript
+ postrotate
+ if pgrep -f ^/usr/sbin/apache2 > /dev/null; then
+ invoke-rc.d apache2 reload 2>&1 | logger -t apache2.logrotate
+ fi
+ endscript
+}
--- /dev/null
+/var/log/fail2ban.log {
+
+ weekly
+ rotate 4
+ compress
+ # Do not rotate if empty
+ notifempty
+
+ delaycompress
+ missingok
+ postrotate
+ fail2ban-client flushlogs 1>/dev/null
+ endscript
+
+ # If fail2ban runs as non-root it still needs to have write access
+ # to logfiles.
+ # create 640 fail2ban adm
+ create 640 root adm
+}
--- /dev/null
+# see "man logrotate" for details
+
+# global options do not affect preceding include directives
+
+# rotate log files weekly
+weekly
+
+# keep 4 weeks worth of backlogs
+rotate 4
+
+# create new (empty) log files after rotating old ones
+create
+
+# use date as a suffix of the rotated file
+#dateext
+
+# uncomment this if you want your log files compressed
+#compress
+
+# packages drop log rotation information into this directory
+include /etc/logrotate.d
+
+# system-specific logs may also be configured here.
--- /dev/null
+/var/log/syslog
+/var/log/mail.info
+/var/log/mail.warn
+/var/log/mail.err
+/var/log/mail.log
+/var/log/daemon.log
+/var/log/kern.log
+/var/log/auth.log
+/var/log/user.log
+/var/log/lpr.log
+/var/log/cron.log
+/var/log/debug
+/var/log/messages
+{
+ rotate 4
+ weekly
+ missingok
+ notifempty
+ compress
+ delaycompress
+ sharedscripts
+ postrotate
+ /usr/lib/rsyslog/rsyslog-rotate
+ endscript
+}
size 4M
create 640 root adm
sharedscripts
- postrotate
- if invoke-rc.d apache2 status > /dev/null 2>&1; then \
- invoke-rc.d apache2 reload > /dev/null 2>&1; \
- fi;
- endscript
prerotate
- if [ -d /etc/logrotate.d/httpd-prerotate ]; then \
- run-parts /etc/logrotate.d/httpd-prerotate; \
- fi; \
+ if [ -d /etc/logrotate.d/httpd-prerotate ]; then
+ run-parts /etc/logrotate.d/httpd-prerotate
+ fi
+ endscript
+ postrotate
+ if pgrep -f ^/usr/sbin/apache2 > /dev/null; then
+ invoke-rc.d apache2 reload 2>&1 | logger -t apache2.logrotate
+ fi
endscript
}
allow-hotplug eth0
iface eth0 inet dhcp
-iface eth0 inet6 dhcp
-#iface eth0 inet6 static
-# address 2a06:2380:0:1::3a/64
-# gateway 2a06:2380:0:1::1
+#iface eth0 inet6 dhcp
+iface eth0 inet6 static
+ address 2a06:2380:0:1::3a/64
+ # gateway 2a06:2380:0:1::1
+ gateway fe80::800:385:fe:1
projects / config / ns3 / etc.git / commitdiff