From: frank Date: Mon, 16 Jan 2012 08:23:33 +0000 (+0100) Subject: saving uncommitted changes in /etc prior to emerge run X-Git-Url: https://git.uhu-banane.de/?a=commitdiff_plain;h=16baf5132ce48f1aa8d4945657863c33560bea02;p=config%2Fbruni%2Fetc.git saving uncommitted changes in /etc prior to emerge run --- diff --git a/._cfg0000_sudoers b/._cfg0000_sudoers deleted file mode 100644 index 0d7760be..00000000 --- a/._cfg0000_sudoers +++ /dev/null @@ -1,90 +0,0 @@ -## sudoers file. -## -## This file MUST be edited with the 'visudo' command as root. -## Failure to use 'visudo' may result in syntax or file permission errors -## that prevent sudo from running. -## -## See the sudoers man page for the details on how to write a sudoers file. -## - -## -## Host alias specification -## -## Groups of machines. These may include host names (optionally with wildcards), -## IP addresses, network numbers or netgroups. -# Host_Alias WEBSERVERS = www1, www2, www3 - -## -## User alias specification -## -## Groups of users. These may consist of user names, uids, Unix groups, -## or netgroups. -# User_Alias ADMINS = millert, dowdy, mikef - -## -## Cmnd alias specification -## -## Groups of commands. Often used to group related commands together. -# Cmnd_Alias PROCESSES = /usr/bin/nice, /bin/kill, /usr/bin/renice, \ -# /usr/bin/pkill, /usr/bin/top - -## -## Defaults specification -## -## You may wish to keep some of the following environment variables -## when running commands via sudo. -## -## Locale settings -# Defaults env_keep += "LANG LANGUAGE LINGUAS LC_* _XKB_CHARSET" -## -## Run X applications through sudo; HOME is used to find the -## .Xauthority file. Note that other programs use HOME to find -## configuration files and this may lead to privilege escalation! -# Defaults env_keep += "HOME" -## -## X11 resource path settings -# Defaults env_keep += "XAPPLRESDIR XFILESEARCHPATH XUSERFILESEARCHPATH" -## -## Desktop path settings -# Defaults env_keep += "QTDIR KDEDIR" -## -## Allow sudo-run commands to inherit the callers' ConsoleKit session -# Defaults env_keep += "XDG_SESSION_COOKIE" -## -## Uncomment to enable special input methods. Care should be taken as -## this may allow users to subvert the command being run via sudo. -# Defaults env_keep += "XMODIFIERS GTK_IM_MODULE QT_IM_MODULE QT_IM_SWITCHER" -## -## Uncomment to enable logging of a command's output, except for -## sudoreplay and reboot. Use sudoreplay to play back logged sessions. -# Defaults log_output -# Defaults!/usr/bin/sudoreplay !log_output -# Defaults!/usr/local/bin/sudoreplay !log_output -# Defaults!/sbin/reboot !log_output - -## -## Runas alias specification -## - -## -## User privilege specification -## -root ALL=(ALL) ALL - -## Uncomment to allow members of group wheel to execute any command -# %wheel ALL=(ALL) ALL - -## Same thing without a password -# %wheel ALL=(ALL) NOPASSWD: ALL - -## Uncomment to allow members of group sudo to execute any command -# %sudo ALL=(ALL) ALL - -## Uncomment to allow any user to run sudo if they know the password -## of the user they are running the command as (root by default). -# Defaults targetpw # Ask for the password of the target user -# ALL ALL=(ALL) ALL # WARNING: only use this together with 'Defaults targetpw' - -## Read drop-in files from /etc/sudoers.d -## (the '#' here does not indicate a comment) -#includedir /etc/sudoers.d diff --git a/._cfg0000_ulogd.conf b/._cfg0000_ulogd.conf deleted file mode 100644 index 234ee5d6..00000000 --- a/._cfg0000_ulogd.conf +++ /dev/null @@ -1,82 +0,0 @@ -# Example configuration for ulogd -# $Id: ulogd.conf.in 714 2005-02-19 21:33:43Z laforge $ -# - -[global] -###################################################################### -# GLOBAL OPTIONS -###################################################################### - -# netlink multicast group (the same as the iptables --ulog-nlgroup param) -nlgroup=1 - -# logfile for status messages -logfile="/var/log/ulogd.log" - -# loglevel: debug(1), info(3), notice(5), error(7) or fatal(8) -loglevel=5 - -# socket receive buffer size (should be at least the size of the -# in-kernel buffer (ipt_ULOG.o 'nlbufsiz' parameter) -rmem=131071 - -# libipulog/ulogd receive buffer size, should be > rmem -bufsize=150000 - -###################################################################### -# PLUGIN OPTIONS -###################################################################### - -# We have to configure and load all the plugins we want to use - -# general rules: -# 1. load the plugins _first_ from the global section -# 2. options for each plugin in seperate section below - - -# -# ulogd_BASE.so - interpreter plugin for basic IPv4 header fields -# you will always need this -plugin="/usr/lib64/ulogd/ulogd_BASE.so" - - -# output plugins. -plugin="/usr/lib64/ulogd/ulogd_LOGEMU.so" -#plugin="/usr/lib64/ulogd/ulogd_OPRINT.so" -#plugin="/usr/lib64/ulogd/ulogd_MYSQL.so" -#plugin="/usr/lib64/ulogd/ulogd_PGSQL.so" -#plugin="/usr/lib64/ulogd/ulogd_SQLITE3.so" -#plugin="/usr/lib64/ulogd/ulogd_PCAP.so" - - -[LOGEMU] -file="/var/log/ulogd.syslogemu" -sync=1 - -[OPRINT] -file="/var/log/ulogd.pktlog" - -[MYSQL] -table="ulog" -pass="changeme" -user="laforge" -db="ulogd" -host="localhost" - -[PGSQL] -table="ulog" -schema="public" -pass="changeme" -user="postgres" -db="ulogd" -host="localhost" - -[SQLITE3] -table="ulog" -db="/path/to/sqlite/db" -buffer=200 - -[PCAP] -file="/var/log/ulogd.pcap" -sync=1 - diff --git a/.etckeeper b/.etckeeper index be1b2609..e1a3c673 100755 --- a/.etckeeper +++ b/.etckeeper @@ -14,8 +14,6 @@ mkdir -p './skel/.ssh' mkdir -p './sudoers.d' mkdir -p './unixODBC/ODBCDataSources' maybe chmod 0755 '.' -maybe chmod 0440 './._cfg0000_sudoers' -maybe chmod 0600 './._cfg0000_ulogd.conf' maybe chmod 0700 './.etckeeper' maybe chmod 0644 './.gitignore' maybe chmod 0600 './.pwd.lock' @@ -59,7 +57,6 @@ maybe chmod 0755 './ca-certificates/update.d' maybe chmod 0644 './colordiffrc' maybe chmod 0644 './colordiffrc-lightbg' maybe chmod 0755 './conf.d' -maybe chmod 0644 './conf.d/._cfg0000_ntpd' maybe chmod 0644 './conf.d/bluetooth' maybe chmod 0644 './conf.d/bootmisc' maybe chmod 0644 './conf.d/consolefont' @@ -107,11 +104,29 @@ maybe chmod 0755 './config-archive/etc' maybe chmod 0755 './config-archive/etc/bash' maybe chmod 0644 './config-archive/etc/bash/bashrc' maybe chmod 0644 './config-archive/etc/bash/bashrc.dist.new' +maybe chmod 0755 './config-archive/etc/conf.d' +maybe chmod 0644 './config-archive/etc/conf.d/ntpd' +maybe chmod 0644 './config-archive/etc/conf.d/ntpd.dist.new' +maybe chmod 0755 './config-archive/etc/etckeeper' +maybe chmod 0644 './config-archive/etc/etckeeper/etckeeper.conf' +maybe chmod 0644 './config-archive/etc/etckeeper/etckeeper.conf.dist.new' maybe chmod 0644 './config-archive/etc/man.conf' maybe chmod 0644 './config-archive/etc/man.conf.dist' maybe chmod 0755 './config-archive/etc/pam.d' maybe chmod 0644 './config-archive/etc/pam.d/system-login' maybe chmod 0644 './config-archive/etc/pam.d/system-login.dist' +maybe chmod 0755 './config-archive/etc/ssh' +maybe chmod 0644 './config-archive/etc/ssh/ssh_config' +maybe chmod 0644 './config-archive/etc/ssh/ssh_config.dist.new' +maybe chmod 0600 './config-archive/etc/ssh/sshd_config' +maybe chmod 0600 './config-archive/etc/ssh/sshd_config.dist' +maybe chmod 0440 './config-archive/etc/sudoers' +maybe chmod 0440 './config-archive/etc/sudoers.dist.new' +maybe chmod 0755 './config-archive/etc/syslog-ng' +maybe chmod 0644 './config-archive/etc/syslog-ng/syslog-ng.conf' +maybe chmod 0644 './config-archive/etc/syslog-ng/syslog-ng.conf.dist.new' +maybe chmod 0600 './config-archive/etc/ulogd.conf' +maybe chmod 0600 './config-archive/etc/ulogd.conf.dist.new' maybe chmod 0755 './cron.d' maybe chmod 0644 './cron.d/.keep_sys-process_vixie-cron-0' maybe chmod 0750 './cron.daily' @@ -206,7 +221,6 @@ maybe chmod 0644 './env.d/python/config' maybe chmod 0644 './environment' maybe chmod 0644 './etc-update.conf' maybe chmod 0755 './etckeeper' -maybe chmod 0644 './etckeeper/._cfg0000_etckeeper.conf' maybe chmod 0755 './etckeeper/commit.d' maybe chmod 0755 './etckeeper/commit.d/10vcs-test' maybe chmod 0755 './etckeeper/commit.d/30bzr-add' @@ -694,8 +708,6 @@ maybe chmod 0755 './sound/events' maybe chmod 0644 './sound/events/gnome-2.soundlist' maybe chmod 0644 './sound/events/gtk-events-2.soundlist' maybe chmod 0755 './ssh' -maybe chmod 0644 './ssh/._cfg0000_ssh_config' -maybe chmod 0600 './ssh/._cfg0000_sshd_config' maybe chmod 0644 './ssh/moduli' maybe chmod 0644 './ssh/ssh_config' maybe chmod 0644 './ssh/ssh_config.orig' @@ -732,7 +744,6 @@ maybe chmod 0440 './sudoers' maybe chmod 0750 './sudoers.d' maybe chmod 0644 './sysctl.conf' maybe chmod 0755 './syslog-ng' -maybe chmod 0644 './syslog-ng/._cfg0000_syslog-ng.conf' maybe chmod 0644 './syslog-ng/modules.conf' maybe chmod 0755 './syslog-ng/patterndb.d' maybe chmod 0644 './syslog-ng/patterndb.d/.keep_app-admin_syslog-ng-0' diff --git a/conf.d/._cfg0000_ntpd b/conf.d/._cfg0000_ntpd deleted file mode 100644 index c651e80d..00000000 --- a/conf.d/._cfg0000_ntpd +++ /dev/null @@ -1,6 +0,0 @@ -# /etc/conf.d/ntpd - -# Options to pass to the ntpd process -# Most people should leave this line alone ... -# however, if you know what you're doing, feel free to tweak -NTPD_OPTS="-u ntp:ntp" diff --git a/config-archive/etc/conf.d/ntpd b/config-archive/etc/conf.d/ntpd new file mode 100644 index 00000000..6b86e9f5 --- /dev/null +++ b/config-archive/etc/conf.d/ntpd @@ -0,0 +1,6 @@ +# /etc/conf.d/ntpd + +# Options to pass to the ntpd process +# Most people should leave this line alone ... +# however, if you know what you're doing, feel free to tweak +NTPD_OPTS="" diff --git a/config-archive/etc/conf.d/ntpd.dist.new b/config-archive/etc/conf.d/ntpd.dist.new new file mode 100644 index 00000000..c651e80d --- /dev/null +++ b/config-archive/etc/conf.d/ntpd.dist.new @@ -0,0 +1,6 @@ +# /etc/conf.d/ntpd + +# Options to pass to the ntpd process +# Most people should leave this line alone ... +# however, if you know what you're doing, feel free to tweak +NTPD_OPTS="-u ntp:ntp" diff --git a/config-archive/etc/etckeeper/etckeeper.conf b/config-archive/etc/etckeeper/etckeeper.conf new file mode 100644 index 00000000..d346d21d --- /dev/null +++ b/config-archive/etc/etckeeper/etckeeper.conf @@ -0,0 +1,42 @@ +# The VCS to use. +#VCS="hg" +VCS="git" +#VCS="bzr" +#VCS="darcs" + +# Options passed to git commit when run by etckeeper. +GIT_COMMIT_OPTIONS="" + +# Options passed to hg commit when run by etckeeper. +HG_COMMIT_OPTIONS="" + +# Options passed to bzr commit when run by etckeeper. +BZR_COMMIT_OPTIONS="" + +# Options passed to darcs record when run by etckeeper. +DARCS_COMMIT_OPTIONS="-a" + +# Uncomment to avoid etckeeper committing existing changes +# to /etc automatically once per day. +#AVOID_DAILY_AUTOCOMMITS=1 + +# Uncomment the following to avoid special file warning +# (the option is enabled automatically by cronjob regardless). +#AVOID_SPECIAL_FILE_WARNING=1 + +# Uncomment to avoid etckeeper committing existing changes to +# /etc before installation. It will cancel the installation, +# so you can commit the changes by hand. +#AVOID_COMMIT_BEFORE_INSTALL=1 + +# The high-level package manager that's being used. +# (apt, pacman-g2, yum etc) +# For gentoo this is emerge +#HIGHLEVEL_PACKAGE_MANAGER=apt +HIGHLEVEL_PACKAGE_MANAGER=emerge + +# The low-level package manager that's being used. +# (dpkg, rpm, pacman-g2, etc) +# For gentoo this is equery +#LOWLEVEL_PACKAGE_MANAGER=dpkg +LOWLEVEL_PACKAGE_MANAGER=equery diff --git a/config-archive/etc/etckeeper/etckeeper.conf.dist.new b/config-archive/etc/etckeeper/etckeeper.conf.dist.new new file mode 100644 index 00000000..24c180ce --- /dev/null +++ b/config-archive/etc/etckeeper/etckeeper.conf.dist.new @@ -0,0 +1,42 @@ +# The VCS to use. +#VCS="hg" +VCS="git" +#VCS="bzr" +#VCS="darcs" + +# Options passed to git commit when run by etckeeper. +GIT_COMMIT_OPTIONS="" + +# Options passed to hg commit when run by etckeeper. +HG_COMMIT_OPTIONS="" + +# Options passed to bzr commit when run by etckeeper. +BZR_COMMIT_OPTIONS="" + +# Options passed to darcs record when run by etckeeper. +DARCS_COMMIT_OPTIONS="-a" + +# Uncomment to avoid etckeeper committing existing changes +# to /etc automatically once per day. +#AVOID_DAILY_AUTOCOMMITS=1 + +# Uncomment the following to avoid special file warning +# (the option is enabled automatically by cronjob regardless). +#AVOID_SPECIAL_FILE_WARNING=1 + +# Uncomment to avoid etckeeper committing existing changes to +# /etc before installation. It will cancel the installation, +# so you can commit the changes by hand. +#AVOID_COMMIT_BEFORE_INSTALL=1 + +# The high-level package manager that's being used. +# (apt, pacman-g2, yum etc) +# For gentoo this is emerge +#HIGHLEVEL_PACKAGE_MANAGER=apt +HIGHLEVEL_PACKAGE_MANAGER=emerge + +# The low-level package manager that's being used. +# (dpkg, rpm, pacman-g2, etc) +# For gentoo this is portage +#LOWLEVEL_PACKAGE_MANAGER=dpkg +LOWLEVEL_PACKAGE_MANAGER=portage diff --git a/config-archive/etc/ssh/ssh_config b/config-archive/etc/ssh/ssh_config new file mode 100644 index 00000000..cc30b7b7 --- /dev/null +++ b/config-archive/etc/ssh/ssh_config @@ -0,0 +1,58 @@ +# $OpenBSD$ + +# This is the ssh client system-wide configuration file. See +# ssh_config(5) for more information. This file provides defaults for +# users, and the values can be changed in per-user configuration files +# or on the command line. + +# Configuration data is parsed as follows: +# 1. command line options +# 2. user-specific file +# 3. system-wide file +# Any configuration value is only changed the first time it is set. +# Thus, host-specific definitions should be at the beginning of the +# configuration file, and defaults at the end. + +# Site-wide defaults for some commonly used options. For a comprehensive +# list of available options, their meanings and defaults, please see the +# ssh_config(5) man page. + +# Host * + ForwardAgent yes + ForwardX11 yes +# RhostsRSAAuthentication no +# RSAAuthentication yes +# PasswordAuthentication yes +# HostbasedAuthentication no +# GSSAPIAuthentication no +# GSSAPIDelegateCredentials no +# BatchMode no +# CheckHostIP yes +# AddressFamily any +# ConnectTimeout 0 +# StrictHostKeyChecking ask +# IdentityFile ~/.ssh/identity +# IdentityFile ~/.ssh/id_rsa +# IdentityFile ~/.ssh/id_dsa +# Port 22 +# Protocol 2,1 +# Cipher 3des +# Ciphers aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc +# MACs hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160 +# EscapeChar ~ +# AllowedCertPurpose sslserver +# MandatoryCRL no +# CACertificateFile /etc/ssh/ca/ca-bundle.crt +# CACertificatePath /etc/ssh/ca/crt +# CARevocationFile /etc/ssh/ca/ca-bundle.crl +# CARevocationPath /etc/ssh/ca/crl +# UserCACertificateFile ~/.ssh/ca-bundle.crt +# UserCACertificatePath ~/.ssh/crt +# UserCARevocationFile ~/.ssh/ca-bundle.crl +# UserCARevocationPath ~/.ssh/crl +# VAType none +# Tunnel no +# TunnelDevice any:any +# PermitLocalCommand no +# VisualHostKey no +# ProxyCommand ssh -q -W %h:%p gateway.example.com diff --git a/config-archive/etc/ssh/ssh_config.dist.new b/config-archive/etc/ssh/ssh_config.dist.new new file mode 100644 index 00000000..18936740 --- /dev/null +++ b/config-archive/etc/ssh/ssh_config.dist.new @@ -0,0 +1,47 @@ +# $OpenBSD: ssh_config,v 1.26 2010/01/11 01:39:46 dtucker Exp $ + +# This is the ssh client system-wide configuration file. See +# ssh_config(5) for more information. This file provides defaults for +# users, and the values can be changed in per-user configuration files +# or on the command line. + +# Configuration data is parsed as follows: +# 1. command line options +# 2. user-specific file +# 3. system-wide file +# Any configuration value is only changed the first time it is set. +# Thus, host-specific definitions should be at the beginning of the +# configuration file, and defaults at the end. + +# Site-wide defaults for some commonly used options. For a comprehensive +# list of available options, their meanings and defaults, please see the +# ssh_config(5) man page. + +# Host * +# ForwardAgent no +# ForwardX11 no +# RhostsRSAAuthentication no +# RSAAuthentication yes +# PasswordAuthentication yes +# HostbasedAuthentication no +# GSSAPIAuthentication no +# GSSAPIDelegateCredentials no +# BatchMode no +# CheckHostIP yes +# AddressFamily any +# ConnectTimeout 0 +# StrictHostKeyChecking ask +# IdentityFile ~/.ssh/identity +# IdentityFile ~/.ssh/id_rsa +# IdentityFile ~/.ssh/id_dsa +# Port 22 +# Protocol 2,1 +# Cipher 3des +# Ciphers aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc +# MACs hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160 +# EscapeChar ~ +# Tunnel no +# TunnelDevice any:any +# PermitLocalCommand no +# VisualHostKey no +# ProxyCommand ssh -q -W %h:%p gateway.example.com diff --git a/config-archive/etc/ssh/sshd_config b/config-archive/etc/ssh/sshd_config new file mode 100644 index 00000000..f3c6c252 --- /dev/null +++ b/config-archive/etc/ssh/sshd_config @@ -0,0 +1,199 @@ +# $OpenBSD$ + +# This is the sshd server system-wide configuration file. See +# sshd_config(5) for more information. + +# This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin + +# The strategy used for options in the default sshd_config shipped with +# OpenSSH is to specify options with their default value where +# possible, but leave them commented. Uncommented options change a +# default value. + +#Port 22 +#AddressFamily any +#ListenAddress 0.0.0.0 +#ListenAddress :: + +# The default requires explicit activation of protocol 1 +#Protocol 2 + +# HostKey for protocol version 1 +#HostKey /etc/ssh/ssh_host_key +# HostKeys for protocol version 2 +#HostKey /etc/ssh/ssh_host_rsa_key +#HostKey /etc/ssh/ssh_host_dsa_key +#HostKey /etc/ssh/ssh_host_ecdsa_key + +# "key type names" for X.509 certificates with RSA key +# Note first defined is used in signature operations! +#X509KeyAlgorithm x509v3-sign-rsa,rsa-md5 +#X509KeyAlgorithm x509v3-sign-rsa,rsa-sha1 + +# "key type names" for X.509 certificates with DSA key +# Note first defined is used in signature operations! +#X509KeyAlgorithm x509v3-sign-dss,dss-asn1 +#X509KeyAlgorithm x509v3-sign-dss,dss-raw + +# The intended use for the X509 client certificate. Without this option +# no chain verification will be done. Currently accepted uses are case +# insensitive: +# - "sslclient", "SSL client", "SSL_client" or "client" +# - "any", "Any Purpose", "Any_Purpose" or "AnyPurpose" +# - "skip" or ""(empty): don`t check purpose. +#AllowedCertPurpose sslclient + +# Specifies whether self-issued(self-signed) X.509 certificate can be +# allowed only by entry in AutorizedKeysFile that contain matching +# public key or certificate blob. +#KeyAllowSelfIssued no + +# Specifies whether CRL must present in store for all certificates in +# certificate chain with atribute "cRLDistributionPoints" +#MandatoryCRL no + +# A file with multiple certificates of certificate signers +# in PEM format concatenated together. +#CACertificateFile /etc/ssh/ca/ca-bundle.crt + +# A directory with certificates of certificate signers. +# The certificates should have name of the form: [HASH].[NUMBER] +# or have symbolic links to them of this form. +#CACertificatePath /etc/ssh/ca/crt + +# A file with multiple CRL of certificate signers +# in PEM format concatenated together. +#CARevocationFile /etc/ssh/ca/ca-bundle.crl + +# A directory with CRL of certificate signers. +# The CRL should have name of the form: [HASH].r[NUMBER] +# or have symbolic links to them of this form. +#CARevocationPath /etc/ssh/ca/crl + +# LDAP protocol version. +# Example: +# CAldapVersion 2 + +# Note because of OpenSSH options parser limitation +# use %3D instead of = ! +# LDAP initialization may require URL to be escaped, i.e. +# use %2C instead of ,(comma). Escaped URL don't depend from +# LDAP initialization method. +# Example: +# CAldapURL ldap://localhost:389/dc%3Dexample%2Cdc%3Dcom + +# SSH can use "Online Certificate Status Protocol"(OCSP) +# to validate certificate. Set VAType to +# - none : do not use OCSP to validate certificates; +# - ocspcert: validate only certificates that specify `OCSP +# Service Locator' URL; +# - ocspspec: use specified in the configuration 'OCSP Responder' +# to validate all certificates. +#VAType none + +# Lifetime and size of ephemeral version 1 server key +#KeyRegenerationInterval 1h +#ServerKeyBits 1024 + +# Logging +# obsoletes QuietMode and FascistLogging +#SyslogFacility AUTH +#LogLevel INFO + +# Authentication: + +#LoginGraceTime 2m +PermitRootLogin no +#StrictModes yes +#MaxAuthTries 6 +#MaxSessions 10 + +#RSAAuthentication yes +#PubkeyAuthentication yes +#AuthorizedKeysFile .ssh/authorized_keys + +# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts +#RhostsRSAAuthentication no +# similar for protocol version 2 +#HostbasedAuthentication no +# Change to yes if you don't trust ~/.ssh/known_hosts for +# RhostsRSAAuthentication and HostbasedAuthentication +#IgnoreUserKnownHosts no +# Don't read the user's ~/.rhosts and ~/.shosts files +#IgnoreRhosts yes + +# To disable tunneled clear text passwords, change to no here! +PasswordAuthentication no +#PasswordAuthentication yes +#PermitEmptyPasswords no + +# Change to no to disable s/key passwords +#ChallengeResponseAuthentication yes + +# Kerberos options +#KerberosAuthentication no +#KerberosOrLocalPasswd yes +#KerberosTicketCleanup yes +#KerberosGetAFSToken no + +# GSSAPI options +#GSSAPIAuthentication no +#GSSAPICleanupCredentials yes + +# Set this to 'yes' to enable PAM authentication, account processing, +# and session processing. If this is enabled, PAM authentication will +# be allowed through the ChallengeResponseAuthentication and +# PasswordAuthentication. Depending on your PAM configuration, +# PAM authentication via ChallengeResponseAuthentication may bypass +# the setting of "PermitRootLogin without-password". +# If you just want the PAM account and session checks to run without +# PAM authentication, then enable this but set PasswordAuthentication +# and ChallengeResponseAuthentication to 'no'. +UsePAM yes + +#AllowAgentForwarding yes +#AllowTcpForwarding yes +#GatewayPorts no +X11Forwarding yes +#X11DisplayOffset 10 +#X11UseLocalhost yes +PrintMotd no +PrintLastLog no +#TCPKeepAlive yes +#UseLogin no +#UsePrivilegeSeparation yes +#PermitUserEnvironment no +#Compression delayed +#ClientAliveInterval 0 +#ClientAliveCountMax 3 +#UseDNS yes +#PidFile /var/run/sshd.pid +#MaxStartups 10 +#PermitTunnel no +#ChrootDirectory none + +# no default banner path +#Banner none + +# override default of no subsystems +Subsystem sftp /usr/lib/misc/sftp-server + +# the following are HPN related configuration options +# tcp receive buffer polling. disable in non autotuning kernels +#TcpRcvBufPoll yes + +# allow the use of the none cipher +#NoneEnabled no + +# disable hpn performance boosts. +#HPNDisabled no + +# buffer size for hpn to non-hpn connections +#HPNBufferSize 2048 + + +# Example of overriding settings on a per-user basis +#Match User anoncvs +# X11Forwarding no +# AllowTcpForwarding no +# ForceCommand cvs server diff --git a/config-archive/etc/ssh/sshd_config.dist b/config-archive/etc/ssh/sshd_config.dist new file mode 100644 index 00000000..abf35679 --- /dev/null +++ b/config-archive/etc/ssh/sshd_config.dist @@ -0,0 +1,148 @@ +# $OpenBSD: sshd_config,v 1.82 2010/09/06 17:10:19 naddy Exp $ + +# This is the sshd server system-wide configuration file. See +# sshd_config(5) for more information. + +# This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin + +# The strategy used for options in the default sshd_config shipped with +# OpenSSH is to specify options with their default value where +# possible, but leave them commented. Uncommented options change a +# default value. + +#Port 22 +#AddressFamily any +#ListenAddress 0.0.0.0 +#ListenAddress :: + +# The default requires explicit activation of protocol 1 +#Protocol 2 + +# HostKey for protocol version 1 +#HostKey /etc/ssh/ssh_host_key +# HostKeys for protocol version 2 +#HostKey /etc/ssh/ssh_host_rsa_key +#HostKey /etc/ssh/ssh_host_dsa_key +#HostKey /etc/ssh/ssh_host_ecdsa_key + +# Lifetime and size of ephemeral version 1 server key +#KeyRegenerationInterval 1h +#ServerKeyBits 1024 + +# Logging +# obsoletes QuietMode and FascistLogging +#SyslogFacility AUTH +#LogLevel INFO + +# Authentication: + +#LoginGraceTime 2m +#PermitRootLogin yes +#StrictModes yes +#MaxAuthTries 6 +#MaxSessions 10 + +#RSAAuthentication yes +#PubkeyAuthentication yes +#AuthorizedKeysFile .ssh/authorized_keys + +# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts +#RhostsRSAAuthentication no +# similar for protocol version 2 +#HostbasedAuthentication no +# Change to yes if you don't trust ~/.ssh/known_hosts for +# RhostsRSAAuthentication and HostbasedAuthentication +#IgnoreUserKnownHosts no +# Don't read the user's ~/.rhosts and ~/.shosts files +#IgnoreRhosts yes + +# To disable tunneled clear text passwords, change to no here! +PasswordAuthentication no +#PermitEmptyPasswords no + +# Change to no to disable s/key passwords +#ChallengeResponseAuthentication yes + +# Kerberos options +#KerberosAuthentication no +#KerberosOrLocalPasswd yes +#KerberosTicketCleanup yes +#KerberosGetAFSToken no + +# GSSAPI options +#GSSAPIAuthentication no +#GSSAPICleanupCredentials yes + +# Set this to 'yes' to enable PAM authentication, account processing, +# and session processing. If this is enabled, PAM authentication will +# be allowed through the ChallengeResponseAuthentication and +# PasswordAuthentication. Depending on your PAM configuration, +# PAM authentication via ChallengeResponseAuthentication may bypass +# the setting of "PermitRootLogin without-password". +# If you just want the PAM account and session checks to run without +# PAM authentication, then enable this but set PasswordAuthentication +# and ChallengeResponseAuthentication to 'no'. +UsePAM yes + +#AllowAgentForwarding yes +#AllowTcpForwarding yes +#GatewayPorts no +#X11Forwarding no +#X11DisplayOffset 10 +#X11UseLocalhost yes +PrintMotd no +PrintLastLog no +#TCPKeepAlive yes +#UseLogin no +#UsePrivilegeSeparation yes +#PermitUserEnvironment no +#Compression delayed +#ClientAliveInterval 0 +#ClientAliveCountMax 3 +#UseDNS yes +#PidFile /var/run/sshd.pid +#MaxStartups 10 +#PermitTunnel no +#ChrootDirectory none + +# no default banner path +#Banner none + +# here are the new patched ldap related tokens +# entries in your LDAP must have posixAccount & ldapPublicKey objectclass +#UseLPK yes +#LpkLdapConf /etc/ldap.conf +#LpkServers ldap://10.1.7.1/ ldap://10.1.7.2/ +#LpkUserDN ou=users,dc=phear,dc=org +#LpkGroupDN ou=groups,dc=phear,dc=org +#LpkBindDN cn=Manager,dc=phear,dc=org +#LpkBindPw secret +#LpkServerGroup mail +#LpkFilter (hostAccess=master.phear.org) +#LpkForceTLS no +#LpkSearchTimelimit 3 +#LpkBindTimelimit 3 +#LpkPubKeyAttr sshPublicKey + +# override default of no subsystems +Subsystem sftp /usr/lib64/misc/sftp-server + +# the following are HPN related configuration options +# tcp receive buffer polling. disable in non autotuning kernels +#TcpRcvBufPoll yes + +# allow the use of the none cipher +#NoneEnabled no + +# disable hpn performance boosts. +#HPNDisabled no + +# buffer size for hpn to non-hpn connections +#HPNBufferSize 2048 + + +# Example of overriding settings on a per-user basis +#Match User anoncvs +# X11Forwarding no +# AllowTcpForwarding no +# ForceCommand cvs server diff --git a/config-archive/etc/sudoers b/config-archive/etc/sudoers new file mode 100644 index 00000000..35c422c1 --- /dev/null +++ b/config-archive/etc/sudoers @@ -0,0 +1,92 @@ +## sudoers file. +## +## This file MUST be edited with the 'visudo' command as root. +## Failure to use 'visudo' may result in syntax or file permission errors +## that prevent sudo from running. +## +## See the sudoers man page for the details on how to write a sudoers file. +## + +## +## Host alias specification +## +## Groups of machines. These may include host names (optionally with wildcards), +## IP addresses, network numbers or netgroups. +# Host_Alias WEBSERVERS = www1, www2, www3 + +## +## User alias specification +## +## Groups of users. These may consist of user names, uids, Unix groups, +## or netgroups. +# User_Alias ADMINS = millert, dowdy, mikef + +## +## Cmnd alias specification +## +## Groups of commands. Often used to group related commands together. +# Cmnd_Alias PROCESSES = /usr/bin/nice, /bin/kill, /usr/bin/renice, \ +# /usr/bin/pkill, /usr/bin/top + +## +## Defaults specification +## +## You may wish to keep some of the following environment variables +## when running commands via sudo. +## +## Locale settings +# Defaults env_keep += "LANG LANGUAGE LINGUAS LC_* _XKB_CHARSET" +## +## Run X applications through sudo; HOME is used to find the +## .Xauthority file. Note that other programs use HOME to find +## configuration files and this may lead to privilege escalation! +# Defaults env_keep += "HOME" +## +## X11 resource path settings +# Defaults env_keep += "XAPPLRESDIR XFILESEARCHPATH XUSERFILESEARCHPATH" +## +## Desktop path settings +# Defaults env_keep += "QTDIR KDEDIR" +## +## Allow sudo-run commands to inherit the callers' ConsoleKit session +# Defaults env_keep += "XDG_SESSION_COOKIE" +## +## Uncomment to enable special input methods. Care should be taken as +## this may allow users to subvert the command being run via sudo. +# Defaults env_keep += "XMODIFIERS GTK_IM_MODULE QT_IM_MODULE QT_IM_SWITCHER" +## +## Uncomment to enable logging of a command's output, except for +## sudoreplay and reboot. Use sudoreplay to play back logged sessions. +# Defaults log_output +# Defaults!/usr/bin/sudoreplay !log_output +# Defaults!/usr/local/bin/sudoreplay !log_output +# Defaults!/sbin/reboot !log_output + +## +## Runas alias specification +## + +## +## User privilege specification +## +root ALL=(ALL) ALL + +## Uncomment to allow members of group wheel to execute any command +# %wheel ALL=(ALL) ALL + +## Same thing without a password +# %wheel ALL=(ALL) NOPASSWD: ALL + +## Uncomment to allow members of group sudo to execute any command +# %sudo ALL=(ALL) ALL + +frank ALL=(ALL) NOPASSWD: ALL + +## Uncomment to allow any user to run sudo if they know the password +## of the user they are running the command as (root by default). +# Defaults targetpw # Ask for the password of the target user +# ALL ALL=(ALL) ALL # WARNING: only use this together with 'Defaults targetpw' + +## Read drop-in files from /etc/sudoers.d +## (the '#' here does not indicate a comment) +#includedir /etc/sudoers.d diff --git a/config-archive/etc/sudoers.dist.new b/config-archive/etc/sudoers.dist.new new file mode 100644 index 00000000..0d7760be --- /dev/null +++ b/config-archive/etc/sudoers.dist.new @@ -0,0 +1,90 @@ +## sudoers file. +## +## This file MUST be edited with the 'visudo' command as root. +## Failure to use 'visudo' may result in syntax or file permission errors +## that prevent sudo from running. +## +## See the sudoers man page for the details on how to write a sudoers file. +## + +## +## Host alias specification +## +## Groups of machines. These may include host names (optionally with wildcards), +## IP addresses, network numbers or netgroups. +# Host_Alias WEBSERVERS = www1, www2, www3 + +## +## User alias specification +## +## Groups of users. These may consist of user names, uids, Unix groups, +## or netgroups. +# User_Alias ADMINS = millert, dowdy, mikef + +## +## Cmnd alias specification +## +## Groups of commands. Often used to group related commands together. +# Cmnd_Alias PROCESSES = /usr/bin/nice, /bin/kill, /usr/bin/renice, \ +# /usr/bin/pkill, /usr/bin/top + +## +## Defaults specification +## +## You may wish to keep some of the following environment variables +## when running commands via sudo. +## +## Locale settings +# Defaults env_keep += "LANG LANGUAGE LINGUAS LC_* _XKB_CHARSET" +## +## Run X applications through sudo; HOME is used to find the +## .Xauthority file. Note that other programs use HOME to find +## configuration files and this may lead to privilege escalation! +# Defaults env_keep += "HOME" +## +## X11 resource path settings +# Defaults env_keep += "XAPPLRESDIR XFILESEARCHPATH XUSERFILESEARCHPATH" +## +## Desktop path settings +# Defaults env_keep += "QTDIR KDEDIR" +## +## Allow sudo-run commands to inherit the callers' ConsoleKit session +# Defaults env_keep += "XDG_SESSION_COOKIE" +## +## Uncomment to enable special input methods. Care should be taken as +## this may allow users to subvert the command being run via sudo. +# Defaults env_keep += "XMODIFIERS GTK_IM_MODULE QT_IM_MODULE QT_IM_SWITCHER" +## +## Uncomment to enable logging of a command's output, except for +## sudoreplay and reboot. Use sudoreplay to play back logged sessions. +# Defaults log_output +# Defaults!/usr/bin/sudoreplay !log_output +# Defaults!/usr/local/bin/sudoreplay !log_output +# Defaults!/sbin/reboot !log_output + +## +## Runas alias specification +## + +## +## User privilege specification +## +root ALL=(ALL) ALL + +## Uncomment to allow members of group wheel to execute any command +# %wheel ALL=(ALL) ALL + +## Same thing without a password +# %wheel ALL=(ALL) NOPASSWD: ALL + +## Uncomment to allow members of group sudo to execute any command +# %sudo ALL=(ALL) ALL + +## Uncomment to allow any user to run sudo if they know the password +## of the user they are running the command as (root by default). +# Defaults targetpw # Ask for the password of the target user +# ALL ALL=(ALL) ALL # WARNING: only use this together with 'Defaults targetpw' + +## Read drop-in files from /etc/sudoers.d +## (the '#' here does not indicate a comment) +#includedir /etc/sudoers.d diff --git a/config-archive/etc/syslog-ng/syslog-ng.conf b/config-archive/etc/syslog-ng/syslog-ng.conf new file mode 100644 index 00000000..45827938 --- /dev/null +++ b/config-archive/etc/syslog-ng/syslog-ng.conf @@ -0,0 +1,94 @@ +@version: 3.2 +# $Header: /etc/syslog-ng/.rcs/syslog-ng.conf,v 1.3 2011/07/11 07:20:59 root Exp $ +# +# Syslog-ng default configuration file for Gentoo Linux + +options { + long_hostnames(off); + chain_hostnames(no); + flush_lines(0); + + # The default action of syslog-ng is to log a STATS line + # to the file every 10 minutes. That's pretty ugly after a while. + # Change it to every 12 hours so you get a nice daily update of + # how many messages syslog-ng missed (0). + stats_freq(43200); + # The default action of syslog-ng is to log a MARK line + # to the file every 20 minutes. That's seems high for most + # people so turn it down to once an hour. Set it to zero + # if you don't want the functionality at all. + mark_freq(3600); +}; + +source src { + unix-stream("/dev/log" max-connections(256)); + internal(); + file("/proc/kmsg"); + udp(); +}; + +######################################################### +# Logging-Ziele + +destination d_syslog { file("/var/log/syslog"); }; +destination d_fac { file("/var/log/facility/$FACILITY"); }; +destination d_debug { file("/var/log/debug"); }; +destination d_all { file("/var/log/all"); }; +destination d_messages { file("/var/log/messages"); }; + +destination d_console { usertty("root"); }; +destination d_console_all { usertty("*"); }; +#destination loghost { udp("loghost" port(999)); }; + +# By default messages are logged to tty12... +destination d_console_12 { file("/dev/tty12"); }; +# ...if you intend to use /dev/console for programs like xconsole +# you can comment out the destination line above that references /dev/tty12 +# and uncomment the line below. +#destination console_all { file("/dev/console"); }; + +#destination d_xconsole { pipe("/dev/xconsole"); }; +destination d_xconsole { pipe("/dev/console"); }; + +######################################################### +# Filter-Definitionen + +filter f_syslog { not facility(authpriv, mail); }; +filter f_debug { not facility(auth, authpriv, news, mail); }; +filter f_messages { level(info..emerg) + and not facility(auth, authpriv, mail, news); }; +filter f_emergency { level(emerg); }; + +filter f_warnings { level(warn..emerg) + and not facility( mail, news); }; + +filter f_info { level(info); }; +filter f_notice { level(notice); }; +filter f_warn { level(warn); }; +filter f_crit { level(crit); }; +filter f_err { level(err); }; +filter f_alarm { level(crit, alert); }; + +######################################################## +# Log-Definitionen + +log { source(src); destination(d_fac); }; + +log { source(src); filter(f_messages); destination(d_messages); }; +#log { source(src); filter(f_messages); destination(d_xconsole); }; +log { source(src); filter(f_warnings); destination(d_console_12); }; +log { source(src); filter(f_alarm); destination(d_console); }; +log { source(src); filter(f_emergency); destination(d_console_all); }; +log { source(src); filter(f_syslog); destination(d_syslog); }; +log { source(src); filter(f_debug); destination(d_debug); }; +log { source(src); destination(d_all); }; + +# By default messages are logged to tty12... +destination console_all { file("/dev/tty12"); }; +# ...if you intend to use /dev/console for programs like xconsole +# you can comment out the destination line above that references /dev/tty12 +# and uncomment the line below. +#destination console_all { file("/dev/console"); }; + +#log { source(src); destination(messages); }; +#log { source(src); destination(console_all); }; diff --git a/config-archive/etc/syslog-ng/syslog-ng.conf.dist.new b/config-archive/etc/syslog-ng/syslog-ng.conf.dist.new new file mode 100644 index 00000000..2589f2fb --- /dev/null +++ b/config-archive/etc/syslog-ng/syslog-ng.conf.dist.new @@ -0,0 +1,37 @@ +@version: 3.2 +# $Header: /var/cvsroot/gentoo-x86/app-admin/syslog-ng/files/syslog-ng.conf.gentoo.3.2,v 1.1 2011/01/18 17:44:14 mr_bones_ Exp $ +# +# Syslog-ng default configuration file for Gentoo Linux + +options { + chain_hostnames(no); + + # The default action of syslog-ng is to log a STATS line + # to the file every 10 minutes. That's pretty ugly after a while. + # Change it to every 12 hours so you get a nice daily update of + # how many messages syslog-ng missed (0). + stats_freq(43200); + # The default action of syslog-ng is to log a MARK line + # to the file every 20 minutes. That's seems high for most + # people so turn it down to once an hour. Set it to zero + # if you don't want the functionality at all. + mark_freq(3600); +}; + +source src { + unix-stream("/dev/log" max-connections(256)); + internal(); + file("/proc/kmsg"); +}; + +destination messages { file("/var/log/messages"); }; + +# By default messages are logged to tty12... +destination console_all { file("/dev/tty12"); }; +# ...if you intend to use /dev/console for programs like xconsole +# you can comment out the destination line above that references /dev/tty12 +# and uncomment the line below. +#destination console_all { file("/dev/console"); }; + +log { source(src); destination(messages); }; +log { source(src); destination(console_all); }; diff --git a/config-archive/etc/ulogd.conf b/config-archive/etc/ulogd.conf new file mode 100644 index 00000000..348e8007 --- /dev/null +++ b/config-archive/etc/ulogd.conf @@ -0,0 +1,84 @@ +# Example configuration for ulogd +# $Id: ulogd.conf.in 714 2005-02-19 21:33:43Z laforge $ +# + +[global] +###################################################################### +# GLOBAL OPTIONS +###################################################################### + +# netlink multicast group (the same as the iptables --ulog-nlgroup param) +nlgroup=1 + +# logfile for status messages +logfile="/var/log/fw/ulogd.log" + +# loglevel: debug(1), info(3), notice(5), error(7) or fatal(8) +loglevel=5 + +# socket receive buffer size (should be at least the size of the +# in-kernel buffer (ipt_ULOG.o 'nlbufsiz' parameter) +rmem=131071 + +# libipulog/ulogd receive buffer size, should be > rmem +bufsize=150000 + +###################################################################### +# PLUGIN OPTIONS +###################################################################### + +# We have to configure and load all the plugins we want to use + +# general rules: +# 1. load the plugins _first_ from the global section +# 2. options for each plugin in seperate section below + + +# +# ulogd_BASE.so - interpreter plugin for basic IPv4 header fields +# you will always need this +plugin="/usr/lib64/ulogd/ulogd_BASE.so" + + +# output plugins. +plugin="/usr/lib64/ulogd/ulogd_LOGEMU.so" +#plugin="/usr/lib64/ulogd/ulogd_OPRINT.so" +#plugin="/usr/lib64/ulogd/ulogd_MYSQL.so" +#plugin="/usr/lib64/ulogd/ulogd_PGSQL.so" +#plugin="/usr/lib64/ulogd/ulogd_SQLITE3.so" +#plugin="/usr/lib64/ulogd/ulogd_PCAP.so" + + +[LOGEMU] +#file="/var/log/ulogd.syslogemu" +file="/var/log/fw/iptables.log" +sync=1 + +[OPRINT] +#file="/var/log/ulogd.pktlog" +file="/var/log/fw/ulogd.pktlog" + +[MYSQL] +table="ulog" +pass="changeme" +user="laforge" +db="ulogd" +host="localhost" + +[PGSQL] +table="ulog" +schema="public" +pass="changeme" +user="postgres" +db="ulogd" +host="localhost" + +[SQLITE3] +table="ulog" +db="/path/to/sqlite/db" +buffer=200 + +[PCAP] +file="/var/log/ulogd.pcap" +sync=1 + diff --git a/config-archive/etc/ulogd.conf.dist.new b/config-archive/etc/ulogd.conf.dist.new new file mode 100644 index 00000000..234ee5d6 --- /dev/null +++ b/config-archive/etc/ulogd.conf.dist.new @@ -0,0 +1,82 @@ +# Example configuration for ulogd +# $Id: ulogd.conf.in 714 2005-02-19 21:33:43Z laforge $ +# + +[global] +###################################################################### +# GLOBAL OPTIONS +###################################################################### + +# netlink multicast group (the same as the iptables --ulog-nlgroup param) +nlgroup=1 + +# logfile for status messages +logfile="/var/log/ulogd.log" + +# loglevel: debug(1), info(3), notice(5), error(7) or fatal(8) +loglevel=5 + +# socket receive buffer size (should be at least the size of the +# in-kernel buffer (ipt_ULOG.o 'nlbufsiz' parameter) +rmem=131071 + +# libipulog/ulogd receive buffer size, should be > rmem +bufsize=150000 + +###################################################################### +# PLUGIN OPTIONS +###################################################################### + +# We have to configure and load all the plugins we want to use + +# general rules: +# 1. load the plugins _first_ from the global section +# 2. options for each plugin in seperate section below + + +# +# ulogd_BASE.so - interpreter plugin for basic IPv4 header fields +# you will always need this +plugin="/usr/lib64/ulogd/ulogd_BASE.so" + + +# output plugins. +plugin="/usr/lib64/ulogd/ulogd_LOGEMU.so" +#plugin="/usr/lib64/ulogd/ulogd_OPRINT.so" +#plugin="/usr/lib64/ulogd/ulogd_MYSQL.so" +#plugin="/usr/lib64/ulogd/ulogd_PGSQL.so" +#plugin="/usr/lib64/ulogd/ulogd_SQLITE3.so" +#plugin="/usr/lib64/ulogd/ulogd_PCAP.so" + + +[LOGEMU] +file="/var/log/ulogd.syslogemu" +sync=1 + +[OPRINT] +file="/var/log/ulogd.pktlog" + +[MYSQL] +table="ulog" +pass="changeme" +user="laforge" +db="ulogd" +host="localhost" + +[PGSQL] +table="ulog" +schema="public" +pass="changeme" +user="postgres" +db="ulogd" +host="localhost" + +[SQLITE3] +table="ulog" +db="/path/to/sqlite/db" +buffer=200 + +[PCAP] +file="/var/log/ulogd.pcap" +sync=1 + diff --git a/dispatch-conf.conf b/dispatch-conf.conf index d0e216ef..12e3eb16 100644 --- a/dispatch-conf.conf +++ b/dispatch-conf.conf @@ -23,7 +23,7 @@ use-rcs=no # If using colordiff instead of diff, the less -R option may be required # for correct display. #diff="diff -Nu '%s' '%s'" -diff="diff -Nu '%s' '%s'" | colordiff +diff="diff -Nu '%s' '%s' | colordiff" # Set the pager for use with diff commands (this will # cause the PAGER environment variable to be ignored). diff --git a/etckeeper/._cfg0000_etckeeper.conf b/etckeeper/._cfg0000_etckeeper.conf deleted file mode 100644 index 24c180ce..00000000 --- a/etckeeper/._cfg0000_etckeeper.conf +++ /dev/null @@ -1,42 +0,0 @@ -# The VCS to use. -#VCS="hg" -VCS="git" -#VCS="bzr" -#VCS="darcs" - -# Options passed to git commit when run by etckeeper. -GIT_COMMIT_OPTIONS="" - -# Options passed to hg commit when run by etckeeper. -HG_COMMIT_OPTIONS="" - -# Options passed to bzr commit when run by etckeeper. -BZR_COMMIT_OPTIONS="" - -# Options passed to darcs record when run by etckeeper. -DARCS_COMMIT_OPTIONS="-a" - -# Uncomment to avoid etckeeper committing existing changes -# to /etc automatically once per day. -#AVOID_DAILY_AUTOCOMMITS=1 - -# Uncomment the following to avoid special file warning -# (the option is enabled automatically by cronjob regardless). -#AVOID_SPECIAL_FILE_WARNING=1 - -# Uncomment to avoid etckeeper committing existing changes to -# /etc before installation. It will cancel the installation, -# so you can commit the changes by hand. -#AVOID_COMMIT_BEFORE_INSTALL=1 - -# The high-level package manager that's being used. -# (apt, pacman-g2, yum etc) -# For gentoo this is emerge -#HIGHLEVEL_PACKAGE_MANAGER=apt -HIGHLEVEL_PACKAGE_MANAGER=emerge - -# The low-level package manager that's being used. -# (dpkg, rpm, pacman-g2, etc) -# For gentoo this is portage -#LOWLEVEL_PACKAGE_MANAGER=dpkg -LOWLEVEL_PACKAGE_MANAGER=portage diff --git a/make.conf b/make.conf index fedba6b7..c4852d04 100644 --- a/make.conf +++ b/make.conf @@ -70,7 +70,7 @@ USE="3dnow 3dnowext X Xaw3d a52 aac aalib acl acpi ads aim alsa altnburgcards mhash mmx mmxext mng modperl modplug motif mp3 mp4 mpeg mplayer msn mtp musepack musicbrainz mysql mysqli nas nautilus ncurses next networkmanager nfs nis nptl nsplugin odbc ogg openal openexr opengl pango par pch pcntl pcre pdf perl - perlsuid plasma plotutils png policykit portage posix ppds projectm pulseaudio python quicktime real + perlsuid plasma plotutils png policykit posix ppds projectm pulseaudio python quicktime real rdesktop rle samba sdl semantic-desktop session sharedmem sid simplexml sip skype slang slp sndfile soap sockets sox spamassassin speex spell sqlite sqlite3 srtp sse sse2 ssh subversion svg sysvipc tetex theora thumbnail tidy timidity tiff diff --git a/ssh/._cfg0000_ssh_config b/ssh/._cfg0000_ssh_config deleted file mode 100644 index 18936740..00000000 --- a/ssh/._cfg0000_ssh_config +++ /dev/null @@ -1,47 +0,0 @@ -# $OpenBSD: ssh_config,v 1.26 2010/01/11 01:39:46 dtucker Exp $ - -# This is the ssh client system-wide configuration file. See -# ssh_config(5) for more information. This file provides defaults for -# users, and the values can be changed in per-user configuration files -# or on the command line. - -# Configuration data is parsed as follows: -# 1. command line options -# 2. user-specific file -# 3. system-wide file -# Any configuration value is only changed the first time it is set. -# Thus, host-specific definitions should be at the beginning of the -# configuration file, and defaults at the end. - -# Site-wide defaults for some commonly used options. For a comprehensive -# list of available options, their meanings and defaults, please see the -# ssh_config(5) man page. - -# Host * -# ForwardAgent no -# ForwardX11 no -# RhostsRSAAuthentication no -# RSAAuthentication yes -# PasswordAuthentication yes -# HostbasedAuthentication no -# GSSAPIAuthentication no -# GSSAPIDelegateCredentials no -# BatchMode no -# CheckHostIP yes -# AddressFamily any -# ConnectTimeout 0 -# StrictHostKeyChecking ask -# IdentityFile ~/.ssh/identity -# IdentityFile ~/.ssh/id_rsa -# IdentityFile ~/.ssh/id_dsa -# Port 22 -# Protocol 2,1 -# Cipher 3des -# Ciphers aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc -# MACs hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160 -# EscapeChar ~ -# Tunnel no -# TunnelDevice any:any -# PermitLocalCommand no -# VisualHostKey no -# ProxyCommand ssh -q -W %h:%p gateway.example.com diff --git a/ssh/._cfg0000_sshd_config b/ssh/._cfg0000_sshd_config deleted file mode 100644 index abf35679..00000000 --- a/ssh/._cfg0000_sshd_config +++ /dev/null @@ -1,148 +0,0 @@ -# $OpenBSD: sshd_config,v 1.82 2010/09/06 17:10:19 naddy Exp $ - -# This is the sshd server system-wide configuration file. See -# sshd_config(5) for more information. - -# This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin - -# The strategy used for options in the default sshd_config shipped with -# OpenSSH is to specify options with their default value where -# possible, but leave them commented. Uncommented options change a -# default value. - -#Port 22 -#AddressFamily any -#ListenAddress 0.0.0.0 -#ListenAddress :: - -# The default requires explicit activation of protocol 1 -#Protocol 2 - -# HostKey for protocol version 1 -#HostKey /etc/ssh/ssh_host_key -# HostKeys for protocol version 2 -#HostKey /etc/ssh/ssh_host_rsa_key -#HostKey /etc/ssh/ssh_host_dsa_key -#HostKey /etc/ssh/ssh_host_ecdsa_key - -# Lifetime and size of ephemeral version 1 server key -#KeyRegenerationInterval 1h -#ServerKeyBits 1024 - -# Logging -# obsoletes QuietMode and FascistLogging -#SyslogFacility AUTH -#LogLevel INFO - -# Authentication: - -#LoginGraceTime 2m -#PermitRootLogin yes -#StrictModes yes -#MaxAuthTries 6 -#MaxSessions 10 - -#RSAAuthentication yes -#PubkeyAuthentication yes -#AuthorizedKeysFile .ssh/authorized_keys - -# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts -#RhostsRSAAuthentication no -# similar for protocol version 2 -#HostbasedAuthentication no -# Change to yes if you don't trust ~/.ssh/known_hosts for -# RhostsRSAAuthentication and HostbasedAuthentication -#IgnoreUserKnownHosts no -# Don't read the user's ~/.rhosts and ~/.shosts files -#IgnoreRhosts yes - -# To disable tunneled clear text passwords, change to no here! -PasswordAuthentication no -#PermitEmptyPasswords no - -# Change to no to disable s/key passwords -#ChallengeResponseAuthentication yes - -# Kerberos options -#KerberosAuthentication no -#KerberosOrLocalPasswd yes -#KerberosTicketCleanup yes -#KerberosGetAFSToken no - -# GSSAPI options -#GSSAPIAuthentication no -#GSSAPICleanupCredentials yes - -# Set this to 'yes' to enable PAM authentication, account processing, -# and session processing. If this is enabled, PAM authentication will -# be allowed through the ChallengeResponseAuthentication and -# PasswordAuthentication. Depending on your PAM configuration, -# PAM authentication via ChallengeResponseAuthentication may bypass -# the setting of "PermitRootLogin without-password". -# If you just want the PAM account and session checks to run without -# PAM authentication, then enable this but set PasswordAuthentication -# and ChallengeResponseAuthentication to 'no'. -UsePAM yes - -#AllowAgentForwarding yes -#AllowTcpForwarding yes -#GatewayPorts no -#X11Forwarding no -#X11DisplayOffset 10 -#X11UseLocalhost yes -PrintMotd no -PrintLastLog no -#TCPKeepAlive yes -#UseLogin no -#UsePrivilegeSeparation yes -#PermitUserEnvironment no -#Compression delayed -#ClientAliveInterval 0 -#ClientAliveCountMax 3 -#UseDNS yes -#PidFile /var/run/sshd.pid -#MaxStartups 10 -#PermitTunnel no -#ChrootDirectory none - -# no default banner path -#Banner none - -# here are the new patched ldap related tokens -# entries in your LDAP must have posixAccount & ldapPublicKey objectclass -#UseLPK yes -#LpkLdapConf /etc/ldap.conf -#LpkServers ldap://10.1.7.1/ ldap://10.1.7.2/ -#LpkUserDN ou=users,dc=phear,dc=org -#LpkGroupDN ou=groups,dc=phear,dc=org -#LpkBindDN cn=Manager,dc=phear,dc=org -#LpkBindPw secret -#LpkServerGroup mail -#LpkFilter (hostAccess=master.phear.org) -#LpkForceTLS no -#LpkSearchTimelimit 3 -#LpkBindTimelimit 3 -#LpkPubKeyAttr sshPublicKey - -# override default of no subsystems -Subsystem sftp /usr/lib64/misc/sftp-server - -# the following are HPN related configuration options -# tcp receive buffer polling. disable in non autotuning kernels -#TcpRcvBufPoll yes - -# allow the use of the none cipher -#NoneEnabled no - -# disable hpn performance boosts. -#HPNDisabled no - -# buffer size for hpn to non-hpn connections -#HPNBufferSize 2048 - - -# Example of overriding settings on a per-user basis -#Match User anoncvs -# X11Forwarding no -# AllowTcpForwarding no -# ForceCommand cvs server diff --git a/ssh/sshd_config b/ssh/sshd_config index f3c6c252..9f5583ea 100644 --- a/ssh/sshd_config +++ b/ssh/sshd_config @@ -1,4 +1,4 @@ -# $OpenBSD$ +# $OpenBSD: sshd_config,v 1.82 2010/09/06 17:10:19 naddy Exp $ # This is the sshd server system-wide configuration file. See # sshd_config(5) for more information. @@ -175,8 +175,24 @@ PrintLastLog no # no default banner path #Banner none +# here are the new patched ldap related tokens +# entries in your LDAP must have posixAccount & ldapPublicKey objectclass +#UseLPK yes +#LpkLdapConf /etc/ldap.conf +#LpkServers ldap://10.1.7.1/ ldap://10.1.7.2/ +#LpkUserDN ou=users,dc=phear,dc=org +#LpkGroupDN ou=groups,dc=phear,dc=org +#LpkBindDN cn=Manager,dc=phear,dc=org +#LpkBindPw secret +#LpkServerGroup mail +#LpkFilter (hostAccess=master.phear.org) +#LpkForceTLS no +#LpkSearchTimelimit 3 +#LpkBindTimelimit 3 +#LpkPubKeyAttr sshPublicKey + # override default of no subsystems -Subsystem sftp /usr/lib/misc/sftp-server +Subsystem sftp /usr/lib64/misc/sftp-server # the following are HPN related configuration options # tcp receive buffer polling. disable in non autotuning kernels diff --git a/syslog-ng/._cfg0000_syslog-ng.conf b/syslog-ng/._cfg0000_syslog-ng.conf deleted file mode 100644 index 2589f2fb..00000000 --- a/syslog-ng/._cfg0000_syslog-ng.conf +++ /dev/null @@ -1,37 +0,0 @@ -@version: 3.2 -# $Header: /var/cvsroot/gentoo-x86/app-admin/syslog-ng/files/syslog-ng.conf.gentoo.3.2,v 1.1 2011/01/18 17:44:14 mr_bones_ Exp $ -# -# Syslog-ng default configuration file for Gentoo Linux - -options { - chain_hostnames(no); - - # The default action of syslog-ng is to log a STATS line - # to the file every 10 minutes. That's pretty ugly after a while. - # Change it to every 12 hours so you get a nice daily update of - # how many messages syslog-ng missed (0). - stats_freq(43200); - # The default action of syslog-ng is to log a MARK line - # to the file every 20 minutes. That's seems high for most - # people so turn it down to once an hour. Set it to zero - # if you don't want the functionality at all. - mark_freq(3600); -}; - -source src { - unix-stream("/dev/log" max-connections(256)); - internal(); - file("/proc/kmsg"); -}; - -destination messages { file("/var/log/messages"); }; - -# By default messages are logged to tty12... -destination console_all { file("/dev/tty12"); }; -# ...if you intend to use /dev/console for programs like xconsole -# you can comment out the destination line above that references /dev/tty12 -# and uncomment the line below. -#destination console_all { file("/dev/console"); }; - -log { source(src); destination(messages); }; -log { source(src); destination(console_all); };