From: Frank Brehm Date: Tue, 8 Aug 2017 19:27:46 +0000 (+0200) Subject: Current state X-Git-Url: https://git.uhu-banane.de/?a=commitdiff_plain;h=3731996d3261e39530e5efe54b47d8d5010130a9;p=config%2Fns2%2Fetc.git Current state --- diff --git a/apt/apt.conf.d/01autoremove-kernels b/apt/apt.conf.d/01autoremove-kernels index fd7609c..6a84261 100644 --- a/apt/apt.conf.d/01autoremove-kernels +++ b/apt/apt.conf.d/01autoremove-kernels @@ -1,54 +1,36 @@ // DO NOT EDIT! File autogenerated by /etc/kernel/postinst.d/apt-auto-removal APT::NeverAutoRemove { - "^linux-image-4\.9\.0-0\.bpo\.3-amd64$"; "^linux-image-4\.9\.0-3-amd64$"; - "^linux-headers-4\.9\.0-0\.bpo\.3-amd64$"; "^linux-headers-4\.9\.0-3-amd64$"; - "^linux-image-extra-4\.9\.0-0\.bpo\.3-amd64$"; "^linux-image-extra-4\.9\.0-3-amd64$"; - "^linux-signed-image-4\.9\.0-0\.bpo\.3-amd64$"; "^linux-signed-image-4\.9\.0-3-amd64$"; - "^kfreebsd-image-4\.9\.0-0\.bpo\.3-amd64$"; "^kfreebsd-image-4\.9\.0-3-amd64$"; - "^kfreebsd-headers-4\.9\.0-0\.bpo\.3-amd64$"; "^kfreebsd-headers-4\.9\.0-3-amd64$"; - "^gnumach-image-4\.9\.0-0\.bpo\.3-amd64$"; "^gnumach-image-4\.9\.0-3-amd64$"; - "^.*-modules-4\.9\.0-0\.bpo\.3-amd64$"; "^.*-modules-4\.9\.0-3-amd64$"; - "^.*-kernel-4\.9\.0-0\.bpo\.3-amd64$"; "^.*-kernel-4\.9\.0-3-amd64$"; - "^linux-backports-modules-.*-4\.9\.0-0\.bpo\.3-amd64$"; "^linux-backports-modules-.*-4\.9\.0-3-amd64$"; - "^linux-tools-4\.9\.0-0\.bpo\.3-amd64$"; "^linux-tools-4\.9\.0-3-amd64$"; }; /* Debug information: # dpkg list: -rc linux-image-4.7.0-0.bpo.1-amd64 4.7.8-1~bpo8+1 amd64 Linux 4.7 for 64-bit PCs (signed) -rc linux-image-4.8.0-0.bpo.2-amd64 4.8.15-2~bpo8+2 amd64 Linux 4.8 for 64-bit PCs (signed) -rc linux-image-4.9.0-0.bpo.1-amd64 4.9.2-2~bpo8+1 amd64 Linux 4.9 for 64-bit PCs (signed) -ii linux-image-4.9.0-0.bpo.2-amd64 4.9.18-1~bpo8+1 amd64 Linux 4.9 for 64-bit PCs (signed) -ii linux-image-4.9.0-0.bpo.3-amd64 4.9.30-2+deb9u2~bpo8+1 amd64 Linux 4.9 for 64-bit PCs -iF linux-image-4.9.0-3-amd64 4.9.30-2+deb9u2 amd64 Linux 4.9 for 64-bit PCs -iU linux-image-amd64 4.9+80 amd64 Linux for 64-bit PCs (meta-package) +rc linux-image-4.7.0-0.bpo.1-amd64 4.7.8-1~bpo8+1 amd64 Linux 4.7 for 64-bit PCs (signed) +rc linux-image-4.8.0-0.bpo.2-amd64 4.8.15-2~bpo8+2 amd64 Linux 4.8 for 64-bit PCs (signed) +rc linux-image-4.9.0-0.bpo.1-amd64 4.9.2-2~bpo8+1 amd64 Linux 4.9 for 64-bit PCs (signed) +rc linux-image-4.9.0-0.bpo.2-amd64 4.9.18-1~bpo8+1 amd64 Linux 4.9 for 64-bit PCs (signed) +iF linux-image-4.9.0-3-amd64 4.9.30-2+deb9u3 amd64 Linux 4.9 for 64-bit PCs +ii linux-image-amd64 4.9+80+deb9u1 amd64 Linux for 64-bit PCs (meta-package) # list of installed kernel packages: -4.9.0-0.bpo.2-amd64 4.9.18-1~bpo8+1 -4.9.0-0.bpo.3-amd64 4.9.30-2+deb9u2~bpo8+1 -4.9.0-3-amd64 4.9.30-2+deb9u2 +4.9.0-3-amd64 4.9.30-2+deb9u3 # list of different kernel versions: -4.9.30-2+deb9u2 -4.9.30-2+deb9u2~bpo8+1 -4.9.18-1~bpo8+1 -# Installing kernel: 4.9.30-2+deb9u2 (4.9.0-3-amd64) -# Running kernel: 4.9.30-2+deb9u2~bpo8+1 (4.9.0-0.bpo.3-amd64) -# Last kernel: 4.9.30-2+deb9u2 -# Previous kernel: 4.9.30-2+deb9u2~bpo8+1 +4.9.30-2+deb9u3 +# Installing kernel: 4.9.30-2+deb9u3 (4.9.0-3-amd64) +# Running kernel: 4.9.30-2+deb9u3 (4.9.0-3-amd64) +# Last kernel: 4.9.30-2+deb9u3 +# Previous kernel: # Kernel versions list to keep: -4.9.30-2+deb9u2 -4.9.30-2+deb9u2~bpo8+1 +4.9.30-2+deb9u3 # Kernel packages (version part) to protect: -4\.9\.0-0\.bpo\.3-amd64 4\.9\.0-3-amd64 */ diff --git a/bind/db.root b/bind/db.root index 6c19741..f0b79d2 100644 --- a/bind/db.root +++ b/bind/db.root @@ -9,30 +9,32 @@ ; on server FTP.INTERNIC.NET ; -OR- RS.INTERNIC.NET ; -; last update: Jan 3, 2013 -; related version of root zone: 2013010300 +; last update: February 17, 2016 +; related version of root zone: 2016021701 ; ; formerly NS.INTERNIC.NET ; -. 3600000 IN NS A.ROOT-SERVERS.NET. +. 3600000 NS A.ROOT-SERVERS.NET. A.ROOT-SERVERS.NET. 3600000 A 198.41.0.4 -A.ROOT-SERVERS.NET. 3600000 AAAA 2001:503:BA3E::2:30 +A.ROOT-SERVERS.NET. 3600000 AAAA 2001:503:ba3e::2:30 ; ; FORMERLY NS1.ISI.EDU ; . 3600000 NS B.ROOT-SERVERS.NET. B.ROOT-SERVERS.NET. 3600000 A 192.228.79.201 +B.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:84::b ; ; FORMERLY C.PSI.NET ; . 3600000 NS C.ROOT-SERVERS.NET. C.ROOT-SERVERS.NET. 3600000 A 192.33.4.12 +C.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:2::c ; ; FORMERLY TERP.UMD.EDU ; . 3600000 NS D.ROOT-SERVERS.NET. D.ROOT-SERVERS.NET. 3600000 A 199.7.91.13 -D.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:2D::D +D.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:2d::d ; ; FORMERLY NS.NASA.GOV ; @@ -43,7 +45,7 @@ E.ROOT-SERVERS.NET. 3600000 A 192.203.230.10 ; . 3600000 NS F.ROOT-SERVERS.NET. F.ROOT-SERVERS.NET. 3600000 A 192.5.5.241 -F.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:2F::F +F.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:2f::f ; ; FORMERLY NS.NIC.DDN.MIL ; @@ -53,26 +55,26 @@ G.ROOT-SERVERS.NET. 3600000 A 192.112.36.4 ; FORMERLY AOS.ARL.ARMY.MIL ; . 3600000 NS H.ROOT-SERVERS.NET. -H.ROOT-SERVERS.NET. 3600000 A 128.63.2.53 -H.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:1::803F:235 +H.ROOT-SERVERS.NET. 3600000 A 198.97.190.53 +H.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:1::53 ; ; FORMERLY NIC.NORDU.NET ; . 3600000 NS I.ROOT-SERVERS.NET. I.ROOT-SERVERS.NET. 3600000 A 192.36.148.17 -I.ROOT-SERVERS.NET. 3600000 AAAA 2001:7FE::53 +I.ROOT-SERVERS.NET. 3600000 AAAA 2001:7fe::53 ; ; OPERATED BY VERISIGN, INC. ; . 3600000 NS J.ROOT-SERVERS.NET. J.ROOT-SERVERS.NET. 3600000 A 192.58.128.30 -J.ROOT-SERVERS.NET. 3600000 AAAA 2001:503:C27::2:30 +J.ROOT-SERVERS.NET. 3600000 AAAA 2001:503:c27::2:30 ; ; OPERATED BY RIPE NCC ; . 3600000 NS K.ROOT-SERVERS.NET. K.ROOT-SERVERS.NET. 3600000 A 193.0.14.129 -K.ROOT-SERVERS.NET. 3600000 AAAA 2001:7FD::1 +K.ROOT-SERVERS.NET. 3600000 AAAA 2001:7fd::1 ; ; OPERATED BY ICANN ; @@ -84,5 +86,5 @@ L.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:3::42 ; . 3600000 NS M.ROOT-SERVERS.NET. M.ROOT-SERVERS.NET. 3600000 A 202.12.27.33 -M.ROOT-SERVERS.NET. 3600000 AAAA 2001:DC3::35 -; End of File +M.ROOT-SERVERS.NET. 3600000 AAAA 2001:dc3::35 +; End of file diff --git a/debian_version b/debian_version index dd98ee6..28a2186 100644 --- a/debian_version +++ b/debian_version @@ -1 +1 @@ -9.0 +9.1 diff --git a/iptables/rules.v4 b/iptables/rules.v4 index 786bfc4..8d7386c 100644 --- a/iptables/rules.v4 +++ b/iptables/rules.v4 @@ -1,24 +1,9 @@ -# Generated by iptables-save v1.6.0 on Tue Jul 18 13:43:18 2017 +# Generated by iptables-save v1.6.0 on Thu Jul 20 11:01:12 2017 *filter :INPUT ACCEPT [0:0] :FORWARD ACCEPT [0:0] -:OUTPUT ACCEPT [152:55101] -:f2b-apache - [0:0] -:f2b-apache-modsecurity - [0:0] -:f2b-apache-nohome - [0:0] -:f2b-apache-noscript - [0:0] -:f2b-apache-overflows - [0:0] -:f2b-postfix - [0:0] -:f2b-ssh - [0:0] -:f2b-sshd - [0:0] --A INPUT -p tcp -m multiport --dports 22 -j f2b-ssh --A INPUT -p tcp -m multiport --dports 25,465,587 -j f2b-postfix --A INPUT -p tcp -m multiport --dports 0:65535 -j f2b-sshd --A INPUT -p tcp -m multiport --dports 80,443 -j f2b-apache-nohome --A INPUT -p tcp -m multiport --dports 80,443 -j f2b-apache-modsecurity --A INPUT -p tcp -m multiport --dports 80,443 -j f2b-apache-overflows --A INPUT -p tcp -m multiport --dports 80,443 -j f2b-apache-noscript --A INPUT -p tcp -m multiport --dports 80,443 -j f2b-apache +:OUTPUT ACCEPT [52:6001] +:rejects - [0:0] -A INPUT -s 220.192.0.0/12 -p tcp -m multiport --dports 22 -j REJECT --reject-with icmp-port-unreachable -A INPUT -s 222.184.0.0/13 -p tcp -m multiport --dports 22 -j REJECT --reject-with icmp-port-unreachable -A INPUT -m conntrack --ctstate ESTABLISHED -j ACCEPT @@ -30,17 +15,20 @@ -A INPUT -p tcp -m tcp --dport 53 -j ACCEPT -A INPUT -p tcp -m tcp --dport 22 -j ACCEPT -A INPUT -p tcp -m multiport --dports 80,443 -j ACCEPT --A INPUT -p tcp -m multiport --dports 445 -j REJECT --reject-with icmp-port-unreachable --A INPUT -p tcp -m multiport --dports 23 -j REJECT --reject-with icmp-port-unreachable +-A INPUT -j rejects -A INPUT -j NFLOG --nflog-prefix "INPUT Reject " --nflog-threshold 1 -A INPUT -j REJECT --reject-with icmp-port-unreachable --A f2b-apache -j RETURN --A f2b-apache-modsecurity -j RETURN --A f2b-apache-nohome -j RETURN --A f2b-apache-noscript -j RETURN --A f2b-apache-overflows -j RETURN --A f2b-postfix -j RETURN --A f2b-ssh -j RETURN --A f2b-sshd -j RETURN +-A rejects -s 134.119.179.226/32 -j REJECT --reject-with icmp-port-unreachable +-A rejects -p tcp -m tcp --dport 23 -j REJECT --reject-with icmp-port-unreachable +-A rejects -p udp -m udp --dport 137 -j REJECT --reject-with icmp-port-unreachable +-A rejects -p tcp -m tcp --dport 137 -j REJECT --reject-with icmp-port-unreachable +-A rejects -p tcp -m tcp --dport 445 -j REJECT --reject-with icmp-port-unreachable +-A rejects -p tcp -m tcp --dport 1433 -j REJECT --reject-with icmp-port-unreachable +-A rejects -p tcp -m tcp --dport 1900 -j REJECT --reject-with icmp-port-unreachable +-A rejects -p tcp -m tcp --dport 2323 -j REJECT --reject-with icmp-port-unreachable +-A rejects -p tcp -m tcp --dport 3389 -j REJECT --reject-with icmp-port-unreachable +-A rejects -p udp -m udp --dport 5060 -j REJECT --reject-with icmp-port-unreachable +-A rejects -p tcp -m tcp --dport 5060 -j REJECT --reject-with icmp-port-unreachable +-A rejects -p tcp -m tcp --dport 8080 -j REJECT --reject-with icmp-port-unreachable COMMIT -# Completed on Tue Jul 18 13:43:18 2017 +# Completed on Thu Jul 20 11:01:12 2017 diff --git a/iptables/rules.v6 b/iptables/rules.v6 index a87d240..09ed4ab 100644 --- a/iptables/rules.v6 +++ b/iptables/rules.v6 @@ -1,7 +1,7 @@ -# Generated by ip6tables-save v1.6.0 on Tue Jul 18 13:43:18 2017 +# Generated by ip6tables-save v1.6.0 on Thu Jul 20 11:01:12 2017 *filter :INPUT ACCEPT [1:49] :FORWARD ACCEPT [0:0] -:OUTPUT ACCEPT [13:721] +:OUTPUT ACCEPT [57:3185] COMMIT -# Completed on Tue Jul 18 13:43:18 2017 +# Completed on Thu Jul 20 11:01:12 2017 diff --git a/logwatch/conf/logfiles/cron.conf b/logwatch/conf/logfiles/cron.conf new file mode 100644 index 0000000..4549bbd --- /dev/null +++ b/logwatch/conf/logfiles/cron.conf @@ -0,0 +1,21 @@ +########################################################################## +# $Id: cron.conf 149 2013-06-18 22:18:12Z mtremaine $ +########################################################################## + +# What actual file? Defaults to LogPath if not absolute path.... +#Solaris is /var/cron/log -mgt +LogFile = syslog.d/cron.log +LogFile = syslog.d/.old/cron.log-*[0-9] + +# If the archives are searched, here is one or more line +# (optionally containing wildcards) that tell where they are... +Archive = syslog.d/.old/cron.*.gz +Archive = syslog.d/.old/cron-*.gz + +# Expand the repeats (actually just removes them now) +*ExpandRepeats + +# Keep only the lines in the proper date range... +*ApplyStdDate + +# vi: shiftwidth=3 tabstop=3 et diff --git a/logwatch/conf/logfiles/daemon.conf b/logwatch/conf/logfiles/daemon.conf new file mode 100644 index 0000000..d5c34fe --- /dev/null +++ b/logwatch/conf/logfiles/daemon.conf @@ -0,0 +1,18 @@ +########################################################################### +# $Id: daemon.conf 149 2013-06-18 22:18:12Z mtremaine $ +########################################################################### + +# daemon log file for debian-based systems + +LogFile = syslog.d/daemon.log +LogFile = syslog.d/.old/daemon.log-*[0-9] +Archive = syslog.d/.old/daemon.log.*.gz +Archive = syslog.d/.old/daemon.log-*.gz + +*ExpandRepeats +*ApplyStdDate + +########################################################################### +# Please send all comments, suggestions, bug reports, +# etc, to logwatch-devel@lists.sourceforge.net +########################################################################### diff --git a/logwatch/conf/logfiles/fail2ban.conf b/logwatch/conf/logfiles/fail2ban.conf new file mode 100644 index 0000000..377e264 --- /dev/null +++ b/logwatch/conf/logfiles/fail2ban.conf @@ -0,0 +1,32 @@ +########################################################################### +# $Id: fail2ban.conf 149 2013-06-18 22:18:12Z mtremaine $ +########################################################################### +# $Log: fail2ban.conf,v $ +# Revision 1.2 2006/12/15 04:53:39 bjorn +# Now using ApplyEuroDate, by Willi Mann. +# +# Revision 1.1 2006/05/30 19:04:26 bjorn +# Added fail2ban service, written by Yaroslav Halchenko. +# +########################################################################### + +# You can put comments anywhere you want to. They are effective for the +# rest of the line. + +# this is in the format of = . Whitespace at the beginning +# and end of the lines is removed. Whitespace before and after the = sign +# is removed. Everything is case *insensitive*. + +# Yes = True = On = 1 +# No = False = Off = 0 + + +*ApplyEuroDate + + +LogFile = fail2ban.log +LogFile = .old/fail2ban.log-*[0-9] + +Archive = .old/fail2ban.*.gz +Archive = .old/fail2ban-*.gz + diff --git a/logwatch/conf/logfiles/iptables.conf b/logwatch/conf/logfiles/iptables.conf new file mode 100644 index 0000000..3826d98 --- /dev/null +++ b/logwatch/conf/logfiles/iptables.conf @@ -0,0 +1,24 @@ +########################################################################## +# $Id$ +########################################################################## + +######################################################## +# This was written and is maintained by: +# Kirk Bauer +# +# Please send all comments, suggestions, bug reports, +# etc, to kirk@kaybee.org. +######################################################## + +# What actual file? Defaults to LogPath if not absolute path.... +LogFile = ulog/syslogemu.log + +# If the archives are searched, here is one or more line +# (optionally containing wildcards) that tell where they are... +Archive = ulog/syslogemu.log.* +Archive = ulog/syslogemu.log-* + +# Keep only the lines in the proper date range... +*ApplyStdDate + +# vi: shiftwidth=3 tabstop=3 et diff --git a/logwatch/conf/logfiles/maillog.conf b/logwatch/conf/logfiles/maillog.conf new file mode 100644 index 0000000..eff8d51 --- /dev/null +++ b/logwatch/conf/logfiles/maillog.conf @@ -0,0 +1,23 @@ +########################################################################## +# $Id: maillog.conf,v 1.14 2007/10/01 16:55:18 mike Exp $ +########################################################################## + +# What actual file? Defaults to LogPath if not absolute path.... +LogFile = syslog.d/mail.log +LogFile = syslog.d/.old/mail.log-*[0-9] + + +# If the archives are searched, here is one or more line +# (optionally containing wildcards) that tell where they are... +#If you use a "-" in naming add that as well -mgt +Archive = syslog.d/.old/mail.*.gz +Archive = syslog.d/.old/mail-*.gz + + +# Expand the repeats (actually just removes them now) +*ExpandRepeats + +# Keep only the lines in the proper date range... +*ApplyStdDate + +# vi: shiftwidth=3 tabstop=3 et diff --git a/logwatch/conf/logfiles/named.conf b/logwatch/conf/logfiles/named.conf new file mode 100644 index 0000000..90bbd17 --- /dev/null +++ b/logwatch/conf/logfiles/named.conf @@ -0,0 +1,24 @@ +########################################################################## +# $Id$ +########################################################################## + +######################################################## +# This was written and is maintained by: +# Frank Brehm +######################################################## + +# What actual file? Defaults to LogPath if not absolute path.... +LogFile = bind/named.log +LogFile = bind/security.log + +# If the archives are searched, here is one or more line +# (optionally containing wildcards) that tell where they are... +Archive = bind/named.log.* +Archive = bind/named.log-* +Archive = bind/.old/named.log.* +Archive = bind/.old/named.log-* + +# Keep only the lines in the proper date range... +*ApplyBindDate + +# vi: filetype=conf shiftwidth=3 tabstop=3 et diff --git a/logwatch/conf/logfiles/secure.conf b/logwatch/conf/logfiles/secure.conf new file mode 100644 index 0000000..5e9bf27 --- /dev/null +++ b/logwatch/conf/logfiles/secure.conf @@ -0,0 +1,26 @@ +########################################################################## +# $Id: secure.conf 149 2013-06-18 22:18:12Z mtremaine $ +########################################################################## + +# What actual file? Defaults to LogPath if not absolute path.... +LogFile = syslog.d/auth.log +LogFile = syslog.d/authpriv.log +LogFile = syslog.d/.old/auth.log-*[0-9] +LogFile = syslog.d/.old/authpriv.log-*[0-9] + +# If the archives are searched, here is one or more line +# (optionally containing wildcards) that tell where they are... +#If you use a "-" in naming add that as well -mgt +Archive = syslog.d/.old/auth.*.gz +Archive = syslog.d/.old/auth-*.gz +Archive = syslog.d/.old/authpriv.*.gz +Archive = syslog.d/.old/authpriv-*.gz + + +# Expand the repeats (actually just removes them now) +*ExpandRepeats + +# Keep only the lines in the proper date range... +*ApplyStdDate + +# vi: shiftwidth=3 tabstop=3 et diff --git a/logwatch/conf/logfiles/syslog.conf b/logwatch/conf/logfiles/syslog.conf new file mode 100644 index 0000000..89a8570 --- /dev/null +++ b/logwatch/conf/logfiles/syslog.conf @@ -0,0 +1,19 @@ +########################################################################### +# $Id: syslog.conf 149 2013-06-18 22:18:12Z mtremaine $ +########################################################################### + +# Syslog file for debian-based systems + +Logfile = +Archive = +LogFile = syslog +LogFile = .old/syslog-*[0-9] +Archive = .old/syslog.*.gz +Archive = .old/syslog-*.gz +*ExpandRepeats +#Comma separated list works best -mgt +*RemoveService = talkd,telnetd,inetd,nfsd,/sbin/mingetty +*applystddate +# *ApplyStdDate + +# vi: shiftwidth=3 tabstop=3 et diff --git a/logwatch/conf/logwatch.conf b/logwatch/conf/logwatch.conf new file mode 100644 index 0000000..b382226 --- /dev/null +++ b/logwatch/conf/logwatch.conf @@ -0,0 +1,24 @@ +# Local configuration options go here (defaults are in /usr/share/logwatch/default.conf/logwatch.conf) + +#Output/Format Options +#By default Logwatch will print to stdout in text with no encoding. +#To make email Default set Output = mail to save to file set Output = file +Output = stdout +#To make Html the default formatting Format = html +Format = text +#To make Base64 [aka uuencode] Encode = base64 +Encode = none + +# Default person to mail reports to. Can be a local account or a +# complete email address. Variable Output should be set to mail, or +# --output mail should be passed on command line to enable mail feature. +MailTo = frank@brehm-online.com + + +# The default detail level for the report. +# This can either be Low, Med, High or a number. +# Low = 0 +# Med = 5 +# High = 10 +Detail = High + diff --git a/logwatch/conf/services/iptables.conf b/logwatch/conf/services/iptables.conf new file mode 100644 index 0000000..36d66da --- /dev/null +++ b/logwatch/conf/services/iptables.conf @@ -0,0 +1,41 @@ +########################################################################### +# $Id$ +########################################################################### + +# You can put comments anywhere you want to. They are effective for the +# rest of the line. + +# this is in the format of = . Whitespace at the beginning +# and end of the lines is removed. Whitespace before and after the = sign +# is removed. Everything is case *insensitive*. + +# Yes = True = On = 1 +# No = False = Off = 0 + +Title = "iptables firewall" + +# Which logfile group... +#LogFile = messages +LogFile = iptables + +# Set this to yes to lookup IPs in kernel firewall report +$iptables_ip_lookup = Yes + +# Set this to enable a filter on iptables/ipchains displays +# This will block out hosts who have less than the specified +# number of hits between all ports. Defaults to 0. +$iptables_host_min_count = 5 + +# If both of the following settings are enabled, two output lists +# will be produced. If none is set, the old style output is prduced. +# Set this to generate old style output (sorted by source hosts) +$iptables_list_by_host = 1 +# Set this to generate new style output (sorted by targeted service) +$iptables_list_by_service = 1 + +######################################################## +# Please send all comments, suggestions, bug reports, +# etc, to logwatch-devel@lists.sourceforge.net +######################################################## + +# vi: shiftwidth=3 tabstop=3 et diff --git a/logwatch/conf/services/named.conf b/logwatch/conf/services/named.conf new file mode 100644 index 0000000..5e7b27b --- /dev/null +++ b/logwatch/conf/services/named.conf @@ -0,0 +1,37 @@ +########################################################################### +# $Id$ +########################################################################### + +# You can put comments anywhere you want to. They are effective for the +# rest of the line. + +# this is in the format of = . Whitespace at the beginning +# and end of the lines is removed. Whitespace before and after the = sign +# is removed. Everything is case *insensitive*. + +# Yes = True = On = 1 +# No = False = Off = 0 + +Title = "Named" + +# Which logfile group... +#LogFile = messages +LogFile = named + +# Whether or not to lookup the IPs into hostnames... +# Setting this to Yes will significantly increase runtime +$named_ip_lookup = No + +# Only give lines pertaining to the named service... +#*OnlyService = named +*RemoveHeaders + +######################################################## +# This was written and is maintained by: +# Kirk Bauer +# +# Please send all comments, suggestions, bug reports, +# etc, to kirk@kaybee.org. +######################################################## + +# vi: filetype=conf shiftwidth=3 tabstop=3 et diff --git a/salt/minion b/salt/minion index 44e5f4e..b1122c9 100644 --- a/salt/minion +++ b/salt/minion @@ -165,7 +165,7 @@ # strip_colors: False # Backup files that are replaced by file.managed and file.recurse under -# 'cachedir'/file_backups relative to their original location and appended +# 'cachedir'/file_backup relative to their original location and appended # with a timestamp. The only valid setting is "minion". Disabled by default. # # Alternatively this can be specified for each file in state files: @@ -500,6 +500,11 @@ # as the environment setting, but for pillar instead of states. #pillarenv: None # +# Set this option to True to force the pillarenv to be the same as the +# effective saltenv when running states. Note that if pillarenv is specified, +# this option will be ignored. +#pillarenv_from_saltenv: False +# # Set this option to 'True' to force a 'KeyError' to be raised whenever an # attempt to retrieve a named value from pillar fails. When this option is set # to 'False', the failed attempt returns an empty string. Default is 'False'. diff --git a/salt/proxy b/salt/proxy index bfd4358..f81dc32 100644 --- a/salt/proxy +++ b/salt/proxy @@ -28,8 +28,28 @@ # dictionary. Otherwise it is assumed that the module calls the grains # function in a custom way and returns the data elsewhere # -# Default to False for 2016.3 and 2016.11. Switch to True for Nitrogen. -# proxy_merge_grains_in_module: False +# Default to False for 2016.3 and 2016.11. Switch to True for 2017.7.0. +# proxy_merge_grains_in_module: True + +# If a proxymodule has a function called 'alive' returning a boolean +# flag reflecting the state of the connection with the remove device, +# when this option is set as True, a scheduled job on the proxy will +# try restarting the connection. The polling frequency depends on the +# next option, 'proxy_keep_alive_interval'. Added in 2017.7.0. +# proxy_keep_alive: True + +# The polling interval (in minutes) to check if the underlying connection +# with the remote device is still alive. This option requires +# 'proxy_keep_alive' to be configured as True and the proxymodule to +# implement the 'alive' function. Added in 2017.7.0. +# proxy_keep_alive_interval: 1 + +# By default, any proxy opens the connection with the remote device when +# initialized. Some proxymodules allow through this option to open/close +# the session per command. This requires the proxymodule to have this +# capability. Please consult the documentation to see if the proxy type +# used can be that flexible. Added in 2017.7.0. +# proxy_always_alive: True # If multiple masters are specified in the 'master' setting, the default behavior # is to always try to connect to them in the order they are listed. If random_master is @@ -119,7 +139,7 @@ # strip_colors: False # Backup files that are replaced by file.managed and file.recurse under -# 'cachedir'/file_backups relative to their original location and appended +# 'cachedir'/file_backup relative to their original location and appended # with a timestamp. The only valid setting is "minion". Disabled by default. # # Alternatively this can be specified for each file in state files: