From: Frank Brehm Date: Tue, 10 Apr 2012 17:08:58 +0000 (+0200) Subject: Current state X-Git-Url: https://git.uhu-banane.de/?a=commitdiff_plain;h=4d233104e35e160b57d8aba6b1c8f2af955761ba;p=config%2Fuhu1%2Fetc.git Current state --- diff --git a/.etckeeper b/.etckeeper index 3db0457..587dcf1 100755 --- a/.etckeeper +++ b/.etckeeper @@ -28,9 +28,6 @@ maybe chmod 0600 './.pwd.lock' maybe chmod 0644 './DIR_COLORS' maybe chmod 0644 './GeoIP.conf' maybe chmod 0755 './ImageMagick' -maybe chmod 0644 './ImageMagick/._cfg0000_delegates.xml' -maybe chmod 0644 './ImageMagick/._cfg0000_policy.xml' -maybe chmod 0644 './ImageMagick/._cfg0000_type-ghostscript.xml' maybe chmod 0644 './ImageMagick/coder.xml' maybe chmod 0644 './ImageMagick/colors.xml' maybe chmod 0644 './ImageMagick/delegates.xml' @@ -59,7 +56,6 @@ maybe chmod 0755 './apache2' maybe chmod 0644 './apache2/httpd.conf' maybe chmod 0644 './apache2/magic' maybe chmod 0755 './apache2/modules.d' -maybe chmod 0644 './apache2/modules.d/._cfg0000_00_apache_manual.conf' maybe chmod 0644 './apache2/modules.d/.keep_dev-vcs_subversion-0' maybe chmod 0644 './apache2/modules.d/.keep_www-servers_apache-2' maybe chmod 0644 './apache2/modules.d/00_apache_manual.conf' @@ -201,9 +197,17 @@ maybe chmod 0755 './config-archive/etc' maybe chmod 0755 './config-archive/etc/ImageMagick' maybe chmod 0644 './config-archive/etc/ImageMagick/delegates.xml' maybe chmod 0644 './config-archive/etc/ImageMagick/delegates.xml.1' +maybe chmod 0644 './config-archive/etc/ImageMagick/delegates.xml.2' maybe chmod 0644 './config-archive/etc/ImageMagick/delegates.xml.dist' maybe chmod 0644 './config-archive/etc/ImageMagick/policy.xml' +maybe chmod 0644 './config-archive/etc/ImageMagick/policy.xml.1' maybe chmod 0644 './config-archive/etc/ImageMagick/policy.xml.dist' +maybe chmod 0644 './config-archive/etc/ImageMagick/type-ghostscript.xml' +maybe chmod 0644 './config-archive/etc/ImageMagick/type-ghostscript.xml.dist' +maybe chmod 0755 './config-archive/etc/apache2' +maybe chmod 0755 './config-archive/etc/apache2/modules.d' +maybe chmod 0644 './config-archive/etc/apache2/modules.d/00_apache_manual.conf' +maybe chmod 0644 './config-archive/etc/apache2/modules.d/00_apache_manual.conf.dist' maybe chmod 0755 './config-archive/etc/bash' maybe chmod 0644 './config-archive/etc/bash/bashrc' maybe chmod 0644 './config-archive/etc/bash/bashrc.dist.new' @@ -248,6 +252,8 @@ maybe chmod 0644 './config-archive/etc/eselect/postgresql/slots/9.1/server.dist' maybe chmod 0644 './config-archive/etc/hosts' maybe chmod 0644 './config-archive/etc/hosts.dist.new' maybe chmod 0755 './config-archive/etc/init.d' +maybe chmod 0755 './config-archive/etc/init.d/apache2' +maybe chmod 0755 './config-archive/etc/init.d/apache2.dist' maybe chmod 0755 './config-archive/etc/init.d/bootmisc' maybe chmod 0755 './config-archive/etc/init.d/bootmisc.dist' maybe chmod 0755 './config-archive/etc/init.d/consolefont' @@ -273,6 +279,8 @@ maybe chmod 0755 './config-archive/etc/init.d/postgresql-9.1' maybe chmod 0755 './config-archive/etc/init.d/postgresql-9.1.dist' maybe chmod 0755 './config-archive/etc/init.d/slapd' maybe chmod 0755 './config-archive/etc/init.d/slapd.dist' +maybe chmod 0755 './config-archive/etc/init.d/sshd' +maybe chmod 0755 './config-archive/etc/init.d/sshd.dist' maybe chmod 0755 './config-archive/etc/init.d/staticroute' maybe chmod 0755 './config-archive/etc/init.d/staticroute.dist' maybe chmod 0755 './config-archive/etc/init.d/sysfs' @@ -427,6 +435,7 @@ maybe chmod 0755 './config-archive/etc/ssh' maybe chmod 0644 './config-archive/etc/ssh/ssh_config' maybe chmod 0644 './config-archive/etc/ssh/ssh_config.dist' maybe chmod 0600 './config-archive/etc/ssh/sshd_config' +maybe chmod 0600 './config-archive/etc/ssh/sshd_config.1' maybe chmod 0600 './config-archive/etc/ssh/sshd_config.dist' maybe chmod 0440 './config-archive/etc/sudoers' maybe chmod 0440 './config-archive/etc/sudoers.dist.new' @@ -716,8 +725,6 @@ maybe chmod 0644 './idn.conf.sample' maybe chmod 0644 './idnalias.conf' maybe chmod 0644 './idnalias.conf.sample' maybe chmod 0755 './init.d' -maybe chmod 0755 './init.d/._cfg0000_apache2' -maybe chmod 0755 './init.d/._cfg0000_sshd' maybe chmod 0755 './init.d/acpid' maybe chmod 0755 './init.d/amavisd' maybe chmod 0755 './init.d/apache2' @@ -1293,7 +1300,6 @@ maybe chmod 0755 './snmp' maybe chmod 0644 './snmp/.keep_net-analyzer_net-snmp-0' maybe chmod 0644 './snmp/snmpd.conf.example' maybe chmod 0755 './ssh' -maybe chmod 0600 './ssh/._cfg0000_sshd_config' maybe chmod 0755 './ssh/ca' maybe chmod 0644 './ssh/moduli' maybe chmod 0644 './ssh/ssh_config' diff --git a/ImageMagick/._cfg0000_delegates.xml b/ImageMagick/._cfg0000_delegates.xml deleted file mode 100644 index a21e0e7..0000000 --- a/ImageMagick/._cfg0000_delegates.xml +++ /dev/null @@ -1,112 +0,0 @@ - - - - - - - - - - -]> - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - diff --git a/ImageMagick/._cfg0000_policy.xml b/ImageMagick/._cfg0000_policy.xml deleted file mode 100644 index 3be0a4b..0000000 --- a/ImageMagick/._cfg0000_policy.xml +++ /dev/null @@ -1,58 +0,0 @@ - - - - - - - - -]> - - - - - - - - - - - - - diff --git a/ImageMagick/._cfg0000_type-ghostscript.xml b/ImageMagick/._cfg0000_type-ghostscript.xml deleted file mode 100644 index 213cb31..0000000 --- a/ImageMagick/._cfg0000_type-ghostscript.xml +++ /dev/null @@ -1,54 +0,0 @@ - - - - - - - - - - - - - - - - -]> - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - diff --git a/ImageMagick/delegates.xml b/ImageMagick/delegates.xml index b186532..a21e0e7 100644 --- a/ImageMagick/delegates.xml +++ b/ImageMagick/delegates.xml @@ -102,7 +102,7 @@ - + diff --git a/ImageMagick/policy.xml b/ImageMagick/policy.xml index 19e9796..3be0a4b 100644 --- a/ImageMagick/policy.xml +++ b/ImageMagick/policy.xml @@ -39,9 +39,10 @@ - Note, resource policies are maximums for each instance of ImageMagick (e.g. - policy memory limit 1GB, -limit 2GB exceeds policy maximum so memory limit - is 1GB). + Define arguments for the memory, map, area, and disk resources with + SI prefixes (.e.g 100MB). In addition, resource policies are maximums for + each instance of ImageMagick (e.g. policy memory limit 1GB, -limit 2GB + exceeds policy maximum so memory limit is 1GB). --> diff --git a/ImageMagick/type-ghostscript.xml b/ImageMagick/type-ghostscript.xml index 30182b8..213cb31 100644 --- a/ImageMagick/type-ghostscript.xml +++ b/ImageMagick/type-ghostscript.xml @@ -17,38 +17,38 @@ ]> - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/apache2/modules.d/._cfg0000_00_apache_manual.conf b/apache2/modules.d/._cfg0000_00_apache_manual.conf deleted file mode 100644 index 25de5d1..0000000 --- a/apache2/modules.d/._cfg0000_00_apache_manual.conf +++ /dev/null @@ -1,26 +0,0 @@ -# Provide access to the documentation on your server as -# http://yourserver.example.com/manual/ -# The documentation is always available at -# http://httpd.apache.org/docs/2.2/ - -AliasMatch ^/manual(?:/(?:de|en|es|fr|ja|ko|pt-br))?(/.*)?$ "/usr/share/doc/apache-2.2.22/manual$1" - - - Options Indexes - AllowOverride None - Order allow,deny - Allow from all - - - SetHandler type-map - - - SetEnvIf Request_URI ^/manual/(de|en|es|fr|ja|ko|pt-br)/ prefer-language=$1 - RedirectMatch 301 ^/manual(?:/(de|en|es|fr|ja|ko|pt-br)){2,}(/.*)?$ /manual/$1$2 - - LanguagePriority en de es fr ja ko pt-br - ForceLanguagePriority Prefer Fallback - - - -# vim: ts=4 filetype=apache diff --git a/apache2/modules.d/00_apache_manual.conf b/apache2/modules.d/00_apache_manual.conf index a1bfed2..25de5d1 100644 --- a/apache2/modules.d/00_apache_manual.conf +++ b/apache2/modules.d/00_apache_manual.conf @@ -3,9 +3,9 @@ # The documentation is always available at # http://httpd.apache.org/docs/2.2/ -AliasMatch ^/manual(?:/(?:de|en|es|fr|ja|ko|pt-br))?(/.*)?$ "/usr/share/doc/apache-2.2.21-r1/manual$1" +AliasMatch ^/manual(?:/(?:de|en|es|fr|ja|ko|pt-br))?(/.*)?$ "/usr/share/doc/apache-2.2.22/manual$1" - + Options Indexes AllowOverride None Order allow,deny diff --git a/config-archive/etc/ImageMagick/delegates.xml b/config-archive/etc/ImageMagick/delegates.xml index 1fefa70..b186532 100644 --- a/config-archive/etc/ImageMagick/delegates.xml +++ b/config-archive/etc/ImageMagick/delegates.xml @@ -68,8 +68,8 @@ - - + + @@ -85,18 +85,18 @@ - - + + - - + + - - + + - + diff --git a/config-archive/etc/ImageMagick/delegates.xml.1 b/config-archive/etc/ImageMagick/delegates.xml.1 index f671293..1fefa70 100644 --- a/config-archive/etc/ImageMagick/delegates.xml.1 +++ b/config-archive/etc/ImageMagick/delegates.xml.1 @@ -68,8 +68,8 @@ - - + + @@ -80,31 +80,31 @@ - + - + - - - + + + - - + + - - + + - + - + - + diff --git a/config-archive/etc/ImageMagick/delegates.xml.2 b/config-archive/etc/ImageMagick/delegates.xml.2 new file mode 100644 index 0000000..f671293 --- /dev/null +++ b/config-archive/etc/ImageMagick/delegates.xml.2 @@ -0,0 +1,112 @@ + + + + + + + + + + +]> + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/config-archive/etc/ImageMagick/delegates.xml.dist b/config-archive/etc/ImageMagick/delegates.xml.dist index b186532..a21e0e7 100644 --- a/config-archive/etc/ImageMagick/delegates.xml.dist +++ b/config-archive/etc/ImageMagick/delegates.xml.dist @@ -102,7 +102,7 @@ - + diff --git a/config-archive/etc/ImageMagick/policy.xml b/config-archive/etc/ImageMagick/policy.xml index 28eda17..19e9796 100644 --- a/config-archive/etc/ImageMagick/policy.xml +++ b/config-archive/etc/ImageMagick/policy.xml @@ -37,7 +37,7 @@ Any large image is cached to disk rather than memory: - + Note, resource policies are maximums for each instance of ImageMagick (e.g. policy memory limit 1GB, -limit 2GB exceeds policy maximum so memory limit @@ -48,8 +48,8 @@ - - + + diff --git a/config-archive/etc/ImageMagick/policy.xml.1 b/config-archive/etc/ImageMagick/policy.xml.1 new file mode 100644 index 0000000..28eda17 --- /dev/null +++ b/config-archive/etc/ImageMagick/policy.xml.1 @@ -0,0 +1,57 @@ + + + + + + + + +]> + + + + + + + + + + + + + diff --git a/config-archive/etc/ImageMagick/policy.xml.dist b/config-archive/etc/ImageMagick/policy.xml.dist index 19e9796..3be0a4b 100644 --- a/config-archive/etc/ImageMagick/policy.xml.dist +++ b/config-archive/etc/ImageMagick/policy.xml.dist @@ -39,9 +39,10 @@ - Note, resource policies are maximums for each instance of ImageMagick (e.g. - policy memory limit 1GB, -limit 2GB exceeds policy maximum so memory limit - is 1GB). + Define arguments for the memory, map, area, and disk resources with + SI prefixes (.e.g 100MB). In addition, resource policies are maximums for + each instance of ImageMagick (e.g. policy memory limit 1GB, -limit 2GB + exceeds policy maximum so memory limit is 1GB). --> diff --git a/config-archive/etc/ImageMagick/type-ghostscript.xml b/config-archive/etc/ImageMagick/type-ghostscript.xml new file mode 100644 index 0000000..30182b8 --- /dev/null +++ b/config-archive/etc/ImageMagick/type-ghostscript.xml @@ -0,0 +1,54 @@ + + + + + + + + + + + + + + + + +]> + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/config-archive/etc/ImageMagick/type-ghostscript.xml.dist b/config-archive/etc/ImageMagick/type-ghostscript.xml.dist new file mode 100644 index 0000000..213cb31 --- /dev/null +++ b/config-archive/etc/ImageMagick/type-ghostscript.xml.dist @@ -0,0 +1,54 @@ + + + + + + + + + + + + + + + + +]> + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/config-archive/etc/apache2/modules.d/00_apache_manual.conf b/config-archive/etc/apache2/modules.d/00_apache_manual.conf new file mode 100644 index 0000000..a1bfed2 --- /dev/null +++ b/config-archive/etc/apache2/modules.d/00_apache_manual.conf @@ -0,0 +1,26 @@ +# Provide access to the documentation on your server as +# http://yourserver.example.com/manual/ +# The documentation is always available at +# http://httpd.apache.org/docs/2.2/ + +AliasMatch ^/manual(?:/(?:de|en|es|fr|ja|ko|pt-br))?(/.*)?$ "/usr/share/doc/apache-2.2.21-r1/manual$1" + + + Options Indexes + AllowOverride None + Order allow,deny + Allow from all + + + SetHandler type-map + + + SetEnvIf Request_URI ^/manual/(de|en|es|fr|ja|ko|pt-br)/ prefer-language=$1 + RedirectMatch 301 ^/manual(?:/(de|en|es|fr|ja|ko|pt-br)){2,}(/.*)?$ /manual/$1$2 + + LanguagePriority en de es fr ja ko pt-br + ForceLanguagePriority Prefer Fallback + + + +# vim: ts=4 filetype=apache diff --git a/config-archive/etc/apache2/modules.d/00_apache_manual.conf.dist b/config-archive/etc/apache2/modules.d/00_apache_manual.conf.dist new file mode 100644 index 0000000..25de5d1 --- /dev/null +++ b/config-archive/etc/apache2/modules.d/00_apache_manual.conf.dist @@ -0,0 +1,26 @@ +# Provide access to the documentation on your server as +# http://yourserver.example.com/manual/ +# The documentation is always available at +# http://httpd.apache.org/docs/2.2/ + +AliasMatch ^/manual(?:/(?:de|en|es|fr|ja|ko|pt-br))?(/.*)?$ "/usr/share/doc/apache-2.2.22/manual$1" + + + Options Indexes + AllowOverride None + Order allow,deny + Allow from all + + + SetHandler type-map + + + SetEnvIf Request_URI ^/manual/(de|en|es|fr|ja|ko|pt-br)/ prefer-language=$1 + RedirectMatch 301 ^/manual(?:/(de|en|es|fr|ja|ko|pt-br)){2,}(/.*)?$ /manual/$1$2 + + LanguagePriority en de es fr ja ko pt-br + ForceLanguagePriority Prefer Fallback + + + +# vim: ts=4 filetype=apache diff --git a/config-archive/etc/init.d/apache2 b/config-archive/etc/init.d/apache2 new file mode 100755 index 0000000..6d22ce8 --- /dev/null +++ b/config-archive/etc/init.d/apache2 @@ -0,0 +1,182 @@ +#!/sbin/runscript +# Copyright 1999-2011 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +extra_commands="configtest modules virtualhosts" +extra_started_commands="configdump fullstatus graceful gracefulstop reload" + +description_configdump="Dumps the configuration of the runing apache server. Requires server-info to be enabled and www-client/lynx." +description_configtest="Run syntax tests for configuration files." +description_fullstatus="Gives the full status of the server. Requires lynx and server-status to be enabled." +description_graceful="A graceful restart advises the children to exit after the current request and reloads the configuration." +description_gracefulstop="A graceful stop advises the children to exit after the current request and stops the server." +description_modules="Dump a list of loaded Static and Shared Modules." +description_reload="Kills all children and reloads the configuration." +description_virtualhosts="Show the settings as parsed from the config file (currently only shows the virtualhost settings)." +description_stop="Kills all children and stops the server." + +depend() { + need net + use mysql dns logger netmount postgresql + after sshd +} + +configtest() { + ebegin "Checking ${SVCNAME} configuration" + checkconfig + eend $? +} + +checkconfd() { + if [ ! -f /etc/init.d/sysfs ]; then + eerror "This init script works only with openrc (baselayout-2)." + eerror "If you still need baselayout-1.x, please, use" + eerror "apache2.initd-baselayout-1 from /usr/share/doc/apache2-*/" + fi + + PIDFILE="${PIDFILE:-/var/run/apache2.pid}" + TIMEOUT=${TIMEOUT:-15} + + SERVERROOT="${SERVERROOT:-/usr/lib64/apache2}" + if [ ! -d ${SERVERROOT} ]; then + eerror "SERVERROOT does not exist: ${SERVERROOT}" + return 1 + fi + + CONFIGFILE="${CONFIGFILE:-/etc/apache2/httpd.conf}" + [ "${CONFIGFILE#/}" = "${CONFIGFILE}" ] && CONFIGFILE="${SERVERROOT}/${CONFIGFILE}" + if [ ! -r "${CONFIGFILE}" ]; then + eerror "Unable to read configuration file: ${CONFIGFILE}" + return 1 + fi + + APACHE2_OPTS="${APACHE2_OPTS} -d ${SERVERROOT}" + APACHE2_OPTS="${APACHE2_OPTS} -f ${CONFIGFILE}" + [ -n "${STARTUPERRORLOG}" ] && APACHE2_OPTS="${APACHE2_OPTS} -E ${STARTUPERRORLOG}" + + APACHE2="/usr/sbin/apache2" +} + +checkconfig() { + checkconfd || return 1 + + ${APACHE2} ${APACHE2_OPTS} -t 1>/dev/null 2>&1 + ret=$? + if [ $ret -ne 0 ]; then + eerror "${SVCNAME} has detected an error in your setup:" + ${APACHE2} ${APACHE2_OPTS} -t + fi + + return $ret +} + +start() { + checkconfig || return 1 + + ebegin "Starting ${SVCNAME}" + # Use start stop daemon to apply system limits #347301 + start-stop-daemon --start -- ${APACHE2} ${APACHE2_OPTS} -k start + + i=0 + while [ ! -e "${PIDFILE}" ] && [ $i -lt ${TIMEOUT} ]; do + sleep 1 && i=$(expr $i + 1) + done + + eend $(test $i -lt ${TIMEOUT}) +} + +stop() { + if [ "${RC_CMD}" = "restart" ]; then + checkconfig || return 1 + else + checkconfd || return 1 + fi + + PID=$(cat "${PIDFILE}" 2>/dev/null) + if [ -z "${PID}" ]; then + einfo "${SVCNAME} not running (no pid file)" + return 0 + fi + + ebegin "Stopping ${SVCNAME}" + ${APACHE2} ${APACHE2_OPTS} -k stop + + i=0 + while ( ! test -f "${PIDFILE}" && pgrep -P ${PID} apache2 >/dev/null ) \ + && [ $i -lt ${TIMEOUT} ]; do + sleep 1 && i=$(expr $i + 1) + done + + eend $(test $i -lt ${TIMEOUT}) +} + +reload() { + RELOAD_TYPE="${RELOAD_TYPE:-graceful}" + + checkconfig || return 1 + + if [ "${RELOAD_TYPE}" = "restart" ]; then + ebegin "Restarting ${SVCNAME}" + ${APACHE2} ${APACHE2_OPTS} -k restart + eend $? + elif [ "${RELOAD_TYPE}" = "graceful" ]; then + ebegin "Gracefully restarting ${SVCNAME}" + ${APACHE2} ${APACHE2_OPTS} -k graceful + eend $? + else + eerror "${RELOAD_TYPE} is not a valid RELOAD_TYPE. Please edit /etc/conf.d/${SVCNAME}" + fi +} + +graceful() { + checkconfig || return 1 + ebegin "Gracefully restarting ${SVCNAME}" + ${APACHE2} ${APACHE2_OPTS} -k graceful + eend $? +} + +gracefulstop() { + checkconfig || return 1 + ebegin "Gracefully stopping ${SVCNAME}" + ${APACHE2} ${APACHE2_OPTS} -k graceful-stop + eend $? +} + +modules() { + checkconfig || return 1 + ${APACHE2} ${APACHE2_OPTS} -M 2>&1 +} + +fullstatus() { + LYNX="${LYNX:-lynx -dump}" + STATUSURL="${STATUSURL:-http://localhost/server-status}" + + if ! type -p $(set -- ${LYNX}; echo $1) 2>&1 >/dev/null; then + eerror "lynx not found! you need to emerge www-client/lynx" + else + ${LYNX} ${STATUSURL} + fi +} + +virtualhosts() { + checkconfig || return 1 + ${APACHE2} ${APACHE2_OPTS} -S +} + +configdump() { + LYNX="${LYNX:-lynx -dump}" + INFOURL="${INFOURL:-http://localhost/server-info}" + + checkconfd || return 1 + + if ! type -p $(set -- ${LYNX}; echo $1) 2>&1 >/dev/null; then + eerror "lynx not found! you need to emerge www-client/lynx" + else + echo "${APACHE2} started with '${APACHE2_OPTS}'" + for i in config server list; do + ${LYNX} "${INFOURL}/?${i}" | sed '/Apache Server Information/d;/^[[:space:]]\+[_]\+$/Q' + done + fi +} + +# vim: ts=4 filetype=gentoo-init-d diff --git a/config-archive/etc/init.d/apache2.dist b/config-archive/etc/init.d/apache2.dist new file mode 100755 index 0000000..c3ce4e7 --- /dev/null +++ b/config-archive/etc/init.d/apache2.dist @@ -0,0 +1,182 @@ +#!/sbin/runscript +# Copyright 1999-2011 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +extra_commands="configtest modules virtualhosts" +extra_started_commands="configdump fullstatus graceful gracefulstop reload" + +description_configdump="Dumps the configuration of the runing apache server. Requires server-info to be enabled and www-client/lynx." +description_configtest="Run syntax tests for configuration files." +description_fullstatus="Gives the full status of the server. Requires lynx and server-status to be enabled." +description_graceful="A graceful restart advises the children to exit after the current request and reloads the configuration." +description_gracefulstop="A graceful stop advises the children to exit after the current request and stops the server." +description_modules="Dump a list of loaded Static and Shared Modules." +description_reload="Kills all children and reloads the configuration." +description_virtualhosts="Show the settings as parsed from the config file (currently only shows the virtualhost settings)." +description_stop="Kills all children and stops the server." + +depend() { + need net + use mysql dns logger netmount postgresql + after sshd +} + +configtest() { + ebegin "Checking ${SVCNAME} configuration" + checkconfig + eend $? +} + +checkconfd() { + if [ ! -f /etc/init.d/sysfs ]; then + eerror "This init script works only with openrc (baselayout-2)." + eerror "If you still need baselayout-1.x, please, use" + eerror "apache2.initd-baselayout-1 from /usr/share/doc/apache2-*/" + fi + + PIDFILE="${PIDFILE:-/var/run/apache2.pid}" + TIMEOUT=${TIMEOUT:-15} + + SERVERROOT="${SERVERROOT:-/usr/lib64/apache2}" + if [ ! -d ${SERVERROOT} ]; then + eerror "SERVERROOT does not exist: ${SERVERROOT}" + return 1 + fi + + CONFIGFILE="${CONFIGFILE:-/etc/apache2/httpd.conf}" + [ "${CONFIGFILE#/}" = "${CONFIGFILE}" ] && CONFIGFILE="${SERVERROOT}/${CONFIGFILE}" + if [ ! -r "${CONFIGFILE}" ]; then + eerror "Unable to read configuration file: ${CONFIGFILE}" + return 1 + fi + + APACHE2_OPTS="${APACHE2_OPTS} -d ${SERVERROOT}" + APACHE2_OPTS="${APACHE2_OPTS} -f ${CONFIGFILE}" + [ -n "${STARTUPERRORLOG}" ] && APACHE2_OPTS="${APACHE2_OPTS} -E ${STARTUPERRORLOG}" + + APACHE2="/usr/sbin/apache2" +} + +checkconfig() { + checkconfd || return 1 + + ${APACHE2} ${APACHE2_OPTS} -t 1>/dev/null 2>&1 + ret=$? + if [ $ret -ne 0 ]; then + eerror "${SVCNAME} has detected an error in your setup:" + ${APACHE2} ${APACHE2_OPTS} -t + fi + + return $ret +} + +start() { + checkconfig || return 1 + + ebegin "Starting ${SVCNAME}" + # Use start stop daemon to apply system limits #347301 + start-stop-daemon --start -- ${APACHE2} ${APACHE2_OPTS} -k start + + i=0 + while [ ! -e "${PIDFILE}" ] && [ $i -lt ${TIMEOUT} ]; do + sleep 1 && i=$(expr $i + 1) + done + + eend $(test $i -lt ${TIMEOUT}) +} + +stop() { + if [ "${RC_CMD}" = "restart" ]; then + checkconfig || return 1 + else + checkconfd || return 1 + fi + + PID=$(cat "${PIDFILE}" 2>/dev/null) + if [ -z "${PID}" ]; then + einfo "${SVCNAME} not running (no pid file)" + return 0 + fi + + ebegin "Stopping ${SVCNAME}" + ${APACHE2} ${APACHE2_OPTS} -k stop + + i=0 + while ( test -f "${PIDFILE}" && pgrep -P ${PID} apache2 >/dev/null ) \ + && [ $i -lt ${TIMEOUT} ]; do + sleep 1 && i=$(expr $i + 1) + done + + eend $(test $i -lt ${TIMEOUT}) +} + +reload() { + RELOAD_TYPE="${RELOAD_TYPE:-graceful}" + + checkconfig || return 1 + + if [ "${RELOAD_TYPE}" = "restart" ]; then + ebegin "Restarting ${SVCNAME}" + ${APACHE2} ${APACHE2_OPTS} -k restart + eend $? + elif [ "${RELOAD_TYPE}" = "graceful" ]; then + ebegin "Gracefully restarting ${SVCNAME}" + ${APACHE2} ${APACHE2_OPTS} -k graceful + eend $? + else + eerror "${RELOAD_TYPE} is not a valid RELOAD_TYPE. Please edit /etc/conf.d/${SVCNAME}" + fi +} + +graceful() { + checkconfig || return 1 + ebegin "Gracefully restarting ${SVCNAME}" + ${APACHE2} ${APACHE2_OPTS} -k graceful + eend $? +} + +gracefulstop() { + checkconfig || return 1 + ebegin "Gracefully stopping ${SVCNAME}" + ${APACHE2} ${APACHE2_OPTS} -k graceful-stop + eend $? +} + +modules() { + checkconfig || return 1 + ${APACHE2} ${APACHE2_OPTS} -M 2>&1 +} + +fullstatus() { + LYNX="${LYNX:-lynx -dump}" + STATUSURL="${STATUSURL:-http://localhost/server-status}" + + if ! type -p $(set -- ${LYNX}; echo $1) 2>&1 >/dev/null; then + eerror "lynx not found! you need to emerge www-client/lynx" + else + ${LYNX} ${STATUSURL} + fi +} + +virtualhosts() { + checkconfig || return 1 + ${APACHE2} ${APACHE2_OPTS} -S +} + +configdump() { + LYNX="${LYNX:-lynx -dump}" + INFOURL="${INFOURL:-http://localhost/server-info}" + + checkconfd || return 1 + + if ! type -p $(set -- ${LYNX}; echo $1) 2>&1 >/dev/null; then + eerror "lynx not found! you need to emerge www-client/lynx" + else + echo "${APACHE2} started with '${APACHE2_OPTS}'" + for i in config server list; do + ${LYNX} "${INFOURL}/?${i}" | sed '/Apache Server Information/d;/^[[:space:]]\+[_]\+$/Q' + done + fi +} + +# vim: ts=4 filetype=gentoo-init-d diff --git a/config-archive/etc/init.d/sshd b/config-archive/etc/init.d/sshd new file mode 100755 index 0000000..22aaaad --- /dev/null +++ b/config-archive/etc/init.d/sshd @@ -0,0 +1,85 @@ +#!/sbin/runscript +# Copyright 1999-2011 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/net-misc/openssh/files/sshd.rc6.2,v 1.3 2011/12/04 10:08:19 swegener Exp $ + +extra_commands="checkconfig gen_keys" +extra_started_commands="reload" + +depend() { + use logger dns + need net +} + +SSHD_CONFDIR=${SSHD_CONFDIR:-/etc/ssh} +SSHD_PIDFILE=${SSHD_PIDFILE:-/var/run/${SVCNAME}.pid} +SSHD_BINARY=${SSHD_BINARY:-/usr/sbin/sshd} + +checkconfig() { + if [ ! -d /var/empty ] ; then + mkdir -p /var/empty || return 1 + fi + + if [ ! -e "${SSHD_CONFDIR}"/sshd_config ] ; then + eerror "You need an ${SSHD_CONFDIR}/sshd_config file to run sshd" + eerror "There is a sample file in /usr/share/doc/openssh" + return 1 + fi + + gen_keys || return 1 + + [ "${SSHD_PIDFILE}" != "/var/run/sshd.pid" ] \ + && SSHD_OPTS="${SSHD_OPTS} -o PidFile=${SSHD_PIDFILE}" + [ "${SSHD_CONFDIR}" != "/etc/ssh" ] \ + && SSHD_OPTS="${SSHD_OPTS} -f ${SSHD_CONFDIR}/sshd_config" + + "${SSHD_BINARY}" -t ${SSHD_OPTS} || return 1 +} + +gen_key() { + local type=$1 key ks + [ $# -eq 1 ] && ks="${type}_" + key="${SSHD_CONFDIR}/ssh_host_${ks}key" + if [ ! -e "${key}" ] ; then + ebegin "Generating ${type} host key" + ssh-keygen -t ${type} -f "${key}" -N '' + eend $? || return $? + fi +} + +gen_keys() { + if egrep -q '^[[:space:]]*Protocol[[:space:]]+.*1' "${SSHD_CONFDIR}"/sshd_config ; then + gen_key rsa1 "" || return 1 + fi + gen_key dsa && gen_key rsa && gen_key ecdsa + return $? +} + +start() { + checkconfig || return 1 + + ebegin "Starting ${SVCNAME}" + start-stop-daemon --start --exec "${SSHD_BINARY}" \ + --pidfile "${SSHD_PIDFILE}" \ + -- ${SSHD_OPTS} + eend $? +} + +stop() { + if [ "${RC_CMD}" = "restart" ] ; then + checkconfig || return 1 + fi + + ebegin "Stopping ${SVCNAME}" + start-stop-daemon --stop --exec "${SSHD_BINARY}" \ + --pidfile "${SSHD_PIDFILE}" --quiet + eend $? +} + +reload() { + checkconfig || return 1 + ebegin "Reloading ${SVCNAME}" + start-stop-daemon --stop --signal HUP --oknodo \ + --exec "${SSHD_BINARY}" --pidfile "${SSHD_PIDFILE}" + eend $? +} diff --git a/config-archive/etc/init.d/sshd.dist b/config-archive/etc/init.d/sshd.dist new file mode 100755 index 0000000..c55116e --- /dev/null +++ b/config-archive/etc/init.d/sshd.dist @@ -0,0 +1,85 @@ +#!/sbin/runscript +# Copyright 1999-2011 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/net-misc/openssh/files/sshd.rc6.3,v 1.2 2011/09/14 21:46:19 polynomial-c Exp $ + +extra_commands="checkconfig gen_keys" +extra_started_commands="reload" + +depend() { + use logger dns + need net +} + +SSHD_CONFDIR=${SSHD_CONFDIR:-/etc/ssh} +SSHD_PIDFILE=${SSHD_PIDFILE:-/var/run/${SVCNAME}.pid} +SSHD_BINARY=${SSHD_BINARY:-/usr/sbin/sshd} + +checkconfig() { + if [ ! -d /var/empty ] ; then + mkdir -p /var/empty || return 1 + fi + + if [ ! -e "${SSHD_CONFDIR}"/sshd_config ] ; then + eerror "You need an ${SSHD_CONFDIR}/sshd_config file to run sshd" + eerror "There is a sample file in /usr/share/doc/openssh" + return 1 + fi + + gen_keys || return 1 + + [ "${SSHD_PIDFILE}" != "/var/run/sshd.pid" ] \ + && SSHD_OPTS="${SSHD_OPTS} -o PidFile=${SSHD_PIDFILE}" + [ "${SSHD_CONFDIR}" != "/etc/ssh" ] \ + && SSHD_OPTS="${SSHD_OPTS} -f ${SSHD_CONFDIR}/sshd_config" + + "${SSHD_BINARY}" -t ${SSHD_OPTS} || return 1 +} + +gen_key() { + local type=$1 key ks + [ $# -eq 1 ] && ks="${type}_" + key="${SSHD_CONFDIR}/ssh_host_${ks}key" + if [ ! -e "${key}" ] ; then + ebegin "Generating ${type} host key" + ssh-keygen -t ${type} -f "${key}" -N '' + eend $? || return $? + fi +} + +gen_keys() { + if egrep -q '^[[:space:]]*Protocol[[:space:]]+.*1' "${SSHD_CONFDIR}"/sshd_config ; then + gen_key rsa1 "" || return 1 + fi + gen_key dsa && gen_key rsa && gen_key ecdsa + return $? +} + +start() { + checkconfig || return 1 + + ebegin "Starting ${SVCNAME}" + start-stop-daemon --start --exec "${SSHD_BINARY}" \ + --pidfile "${SSHD_PIDFILE}" \ + -- ${SSHD_OPTS} + eend $? +} + +stop() { + if [ "${RC_CMD}" = "restart" ] ; then + checkconfig || return 1 + fi + + ebegin "Stopping ${SVCNAME}" + start-stop-daemon --stop --exec "${SSHD_BINARY}" \ + --pidfile "${SSHD_PIDFILE}" --quiet + eend $? +} + +reload() { + checkconfig || return 1 + ebegin "Reloading ${SVCNAME}" + start-stop-daemon --signal HUP \ + --exec "${SSHD_BINARY}" --pidfile "${SSHD_PIDFILE}" + eend $? +} diff --git a/config-archive/etc/ssh/sshd_config b/config-archive/etc/ssh/sshd_config index ca72979..e686e9f 100644 --- a/config-archive/etc/ssh/sshd_config +++ b/config-archive/etc/ssh/sshd_config @@ -1,4 +1,4 @@ -# $OpenBSD: sshd_config,v 1.82 2010/09/06 17:10:19 naddy Exp $ +# $OpenBSD$ # This is the sshd server system-wide configuration file. See # sshd_config(5) for more information. @@ -25,6 +25,72 @@ #HostKey /etc/ssh/ssh_host_dsa_key #HostKey /etc/ssh/ssh_host_ecdsa_key +# "key type names" for X.509 certificates with RSA key +# Note first defined is used in signature operations! +#X509KeyAlgorithm x509v3-sign-rsa,rsa-md5 +#X509KeyAlgorithm x509v3-sign-rsa,rsa-sha1 + +# "key type names" for X.509 certificates with DSA key +# Note first defined is used in signature operations! +#X509KeyAlgorithm x509v3-sign-dss,dss-asn1 +#X509KeyAlgorithm x509v3-sign-dss,dss-raw + +# The intended use for the X509 client certificate. Without this option +# no chain verification will be done. Currently accepted uses are case +# insensitive: +# - "sslclient", "SSL client", "SSL_client" or "client" +# - "any", "Any Purpose", "Any_Purpose" or "AnyPurpose" +# - "skip" or ""(empty): don`t check purpose. +#AllowedCertPurpose sslclient + +# Specifies whether self-issued(self-signed) X.509 certificate can be +# allowed only by entry in AutorizedKeysFile that contain matching +# public key or certificate blob. +#KeyAllowSelfIssued no + +# Specifies whether CRL must present in store for all certificates in +# certificate chain with atribute "cRLDistributionPoints" +#MandatoryCRL no + +# A file with multiple certificates of certificate signers +# in PEM format concatenated together. +#CACertificateFile /etc/ssh/ca/ca-bundle.crt + +# A directory with certificates of certificate signers. +# The certificates should have name of the form: [HASH].[NUMBER] +# or have symbolic links to them of this form. +#CACertificatePath /etc/ssh/ca/crt + +# A file with multiple CRL of certificate signers +# in PEM format concatenated together. +#CARevocationFile /etc/ssh/ca/ca-bundle.crl + +# A directory with CRL of certificate signers. +# The CRL should have name of the form: [HASH].r[NUMBER] +# or have symbolic links to them of this form. +#CARevocationPath /etc/ssh/ca/crl + +# LDAP protocol version. +# Example: +# CAldapVersion 2 + +# Note because of OpenSSH options parser limitation +# use %3D instead of = ! +# LDAP initialization may require URL to be escaped, i.e. +# use %2C instead of ,(comma). Escaped URL don't depend from +# LDAP initialization method. +# Example: +# CAldapURL ldap://localhost:389/dc%3Dexample%2Cdc%3Dcom + +# SSH can use "Online Certificate Status Protocol"(OCSP) +# to validate certificate. Set VAType to +# - none : do not use OCSP to validate certificates; +# - ocspcert: validate only certificates that specify `OCSP +# Service Locator' URL; +# - ocspspec: use specified in the configuration 'OCSP Responder' +# to validate all certificates. +#VAType none + # Lifetime and size of ephemeral version 1 server key #KeyRegenerationInterval 1h #ServerKeyBits 1024 diff --git a/config-archive/etc/ssh/sshd_config.1 b/config-archive/etc/ssh/sshd_config.1 new file mode 100644 index 0000000..ca72979 --- /dev/null +++ b/config-archive/etc/ssh/sshd_config.1 @@ -0,0 +1,134 @@ +# $OpenBSD: sshd_config,v 1.82 2010/09/06 17:10:19 naddy Exp $ + +# This is the sshd server system-wide configuration file. See +# sshd_config(5) for more information. + +# This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin + +# The strategy used for options in the default sshd_config shipped with +# OpenSSH is to specify options with their default value where +# possible, but leave them commented. Uncommented options change a +# default value. + +#Port 22 +#AddressFamily any +#ListenAddress 0.0.0.0 +#ListenAddress :: + +# The default requires explicit activation of protocol 1 +#Protocol 2 + +# HostKey for protocol version 1 +#HostKey /etc/ssh/ssh_host_key +# HostKeys for protocol version 2 +#HostKey /etc/ssh/ssh_host_rsa_key +#HostKey /etc/ssh/ssh_host_dsa_key +#HostKey /etc/ssh/ssh_host_ecdsa_key + +# Lifetime and size of ephemeral version 1 server key +#KeyRegenerationInterval 1h +#ServerKeyBits 1024 + +# Logging +# obsoletes QuietMode and FascistLogging +#SyslogFacility AUTH +#LogLevel INFO + +# Authentication: + +#LoginGraceTime 2m +#PermitRootLogin yes +PermitRootLogin no +#StrictModes yes +#MaxAuthTries 6 +#MaxSessions 10 + +#RSAAuthentication yes +#PubkeyAuthentication yes +#AuthorizedKeysFile .ssh/authorized_keys + +# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts +#RhostsRSAAuthentication no +# similar for protocol version 2 +#HostbasedAuthentication no +# Change to yes if you don't trust ~/.ssh/known_hosts for +# RhostsRSAAuthentication and HostbasedAuthentication +#IgnoreUserKnownHosts no +# Don't read the user's ~/.rhosts and ~/.shosts files +#IgnoreRhosts yes + +# To disable tunneled clear text passwords, change to no here! +#PasswordAuthentication no +PasswordAuthentication no +#PermitEmptyPasswords no + +# Change to no to disable s/key passwords +#ChallengeResponseAuthentication yes + +# Kerberos options +#KerberosAuthentication no +#KerberosOrLocalPasswd yes +#KerberosTicketCleanup yes +#KerberosGetAFSToken no + +# GSSAPI options +#GSSAPIAuthentication no +#GSSAPICleanupCredentials yes + +# Set this to 'yes' to enable PAM authentication, account processing, +# and session processing. If this is enabled, PAM authentication will +# be allowed through the ChallengeResponseAuthentication and +# PasswordAuthentication. Depending on your PAM configuration, +# PAM authentication via ChallengeResponseAuthentication may bypass +# the setting of "PermitRootLogin without-password". +# If you just want the PAM account and session checks to run without +# PAM authentication, then enable this but set PasswordAuthentication +# and ChallengeResponseAuthentication to 'no'. +UsePAM yes + +#AllowAgentForwarding yes +#AllowTcpForwarding yes +#GatewayPorts no +#X11Forwarding no +#X11DisplayOffset 10 +#X11UseLocalhost yes +PrintMotd no +PrintLastLog no +#TCPKeepAlive yes +#UseLogin no +#UsePrivilegeSeparation yes +#PermitUserEnvironment no +#Compression delayed +#ClientAliveInterval 0 +#ClientAliveCountMax 3 +#UseDNS yes +#PidFile /var/run/sshd.pid +#MaxStartups 10 +#PermitTunnel no +#ChrootDirectory none + +# no default banner path +#Banner none + +# override default of no subsystems +Subsystem sftp /usr/lib64/misc/sftp-server + +# the following are HPN related configuration options +# tcp receive buffer polling. disable in non autotuning kernels +#TcpRcvBufPoll yes + +# allow the use of the none cipher +#NoneEnabled no + +# disable hpn performance boosts. +#HPNDisabled no + +# buffer size for hpn to non-hpn connections +#HPNBufferSize 2048 + + +# Example of overriding settings on a per-user basis +#Match User anoncvs +# X11Forwarding no +# AllowTcpForwarding no +# ForceCommand cvs server diff --git a/config-archive/etc/ssh/sshd_config.dist b/config-archive/etc/ssh/sshd_config.dist index 562d762..6a61721 100644 --- a/config-archive/etc/ssh/sshd_config.dist +++ b/config-archive/etc/ssh/sshd_config.dist @@ -7,7 +7,7 @@ # The strategy used for options in the default sshd_config shipped with # OpenSSH is to specify options with their default value where -# possible, but leave them commented. Uncommented options change a +# possible, but leave them commented. Uncommented options override the # default value. #Port 22 @@ -110,6 +110,9 @@ #RSAAuthentication yes #PubkeyAuthentication yes + +# The default is to check both .ssh/authorized_keys and .ssh/authorized_keys2 +# but this is overridden so installations will only check .ssh/authorized_keys #AuthorizedKeysFile .ssh/authorized_keys # For this to work you will also need host keys in /etc/ssh/ssh_known_hosts @@ -138,6 +141,7 @@ PasswordAuthentication no # GSSAPI options #GSSAPIAuthentication no #GSSAPICleanupCredentials yes +#GSSAPIStrictAcceptorCheck yes # Set this to 'yes' to enable PAM authentication, account processing, # and session processing. If this is enabled, PAM authentication will diff --git a/init.d/._cfg0000_apache2 b/init.d/._cfg0000_apache2 deleted file mode 100755 index c3ce4e7..0000000 --- a/init.d/._cfg0000_apache2 +++ /dev/null @@ -1,182 +0,0 @@ -#!/sbin/runscript -# Copyright 1999-2011 Gentoo Foundation -# Distributed under the terms of the GNU General Public License v2 - -extra_commands="configtest modules virtualhosts" -extra_started_commands="configdump fullstatus graceful gracefulstop reload" - -description_configdump="Dumps the configuration of the runing apache server. Requires server-info to be enabled and www-client/lynx." -description_configtest="Run syntax tests for configuration files." -description_fullstatus="Gives the full status of the server. Requires lynx and server-status to be enabled." -description_graceful="A graceful restart advises the children to exit after the current request and reloads the configuration." -description_gracefulstop="A graceful stop advises the children to exit after the current request and stops the server." -description_modules="Dump a list of loaded Static and Shared Modules." -description_reload="Kills all children and reloads the configuration." -description_virtualhosts="Show the settings as parsed from the config file (currently only shows the virtualhost settings)." -description_stop="Kills all children and stops the server." - -depend() { - need net - use mysql dns logger netmount postgresql - after sshd -} - -configtest() { - ebegin "Checking ${SVCNAME} configuration" - checkconfig - eend $? -} - -checkconfd() { - if [ ! -f /etc/init.d/sysfs ]; then - eerror "This init script works only with openrc (baselayout-2)." - eerror "If you still need baselayout-1.x, please, use" - eerror "apache2.initd-baselayout-1 from /usr/share/doc/apache2-*/" - fi - - PIDFILE="${PIDFILE:-/var/run/apache2.pid}" - TIMEOUT=${TIMEOUT:-15} - - SERVERROOT="${SERVERROOT:-/usr/lib64/apache2}" - if [ ! -d ${SERVERROOT} ]; then - eerror "SERVERROOT does not exist: ${SERVERROOT}" - return 1 - fi - - CONFIGFILE="${CONFIGFILE:-/etc/apache2/httpd.conf}" - [ "${CONFIGFILE#/}" = "${CONFIGFILE}" ] && CONFIGFILE="${SERVERROOT}/${CONFIGFILE}" - if [ ! -r "${CONFIGFILE}" ]; then - eerror "Unable to read configuration file: ${CONFIGFILE}" - return 1 - fi - - APACHE2_OPTS="${APACHE2_OPTS} -d ${SERVERROOT}" - APACHE2_OPTS="${APACHE2_OPTS} -f ${CONFIGFILE}" - [ -n "${STARTUPERRORLOG}" ] && APACHE2_OPTS="${APACHE2_OPTS} -E ${STARTUPERRORLOG}" - - APACHE2="/usr/sbin/apache2" -} - -checkconfig() { - checkconfd || return 1 - - ${APACHE2} ${APACHE2_OPTS} -t 1>/dev/null 2>&1 - ret=$? - if [ $ret -ne 0 ]; then - eerror "${SVCNAME} has detected an error in your setup:" - ${APACHE2} ${APACHE2_OPTS} -t - fi - - return $ret -} - -start() { - checkconfig || return 1 - - ebegin "Starting ${SVCNAME}" - # Use start stop daemon to apply system limits #347301 - start-stop-daemon --start -- ${APACHE2} ${APACHE2_OPTS} -k start - - i=0 - while [ ! -e "${PIDFILE}" ] && [ $i -lt ${TIMEOUT} ]; do - sleep 1 && i=$(expr $i + 1) - done - - eend $(test $i -lt ${TIMEOUT}) -} - -stop() { - if [ "${RC_CMD}" = "restart" ]; then - checkconfig || return 1 - else - checkconfd || return 1 - fi - - PID=$(cat "${PIDFILE}" 2>/dev/null) - if [ -z "${PID}" ]; then - einfo "${SVCNAME} not running (no pid file)" - return 0 - fi - - ebegin "Stopping ${SVCNAME}" - ${APACHE2} ${APACHE2_OPTS} -k stop - - i=0 - while ( test -f "${PIDFILE}" && pgrep -P ${PID} apache2 >/dev/null ) \ - && [ $i -lt ${TIMEOUT} ]; do - sleep 1 && i=$(expr $i + 1) - done - - eend $(test $i -lt ${TIMEOUT}) -} - -reload() { - RELOAD_TYPE="${RELOAD_TYPE:-graceful}" - - checkconfig || return 1 - - if [ "${RELOAD_TYPE}" = "restart" ]; then - ebegin "Restarting ${SVCNAME}" - ${APACHE2} ${APACHE2_OPTS} -k restart - eend $? - elif [ "${RELOAD_TYPE}" = "graceful" ]; then - ebegin "Gracefully restarting ${SVCNAME}" - ${APACHE2} ${APACHE2_OPTS} -k graceful - eend $? - else - eerror "${RELOAD_TYPE} is not a valid RELOAD_TYPE. Please edit /etc/conf.d/${SVCNAME}" - fi -} - -graceful() { - checkconfig || return 1 - ebegin "Gracefully restarting ${SVCNAME}" - ${APACHE2} ${APACHE2_OPTS} -k graceful - eend $? -} - -gracefulstop() { - checkconfig || return 1 - ebegin "Gracefully stopping ${SVCNAME}" - ${APACHE2} ${APACHE2_OPTS} -k graceful-stop - eend $? -} - -modules() { - checkconfig || return 1 - ${APACHE2} ${APACHE2_OPTS} -M 2>&1 -} - -fullstatus() { - LYNX="${LYNX:-lynx -dump}" - STATUSURL="${STATUSURL:-http://localhost/server-status}" - - if ! type -p $(set -- ${LYNX}; echo $1) 2>&1 >/dev/null; then - eerror "lynx not found! you need to emerge www-client/lynx" - else - ${LYNX} ${STATUSURL} - fi -} - -virtualhosts() { - checkconfig || return 1 - ${APACHE2} ${APACHE2_OPTS} -S -} - -configdump() { - LYNX="${LYNX:-lynx -dump}" - INFOURL="${INFOURL:-http://localhost/server-info}" - - checkconfd || return 1 - - if ! type -p $(set -- ${LYNX}; echo $1) 2>&1 >/dev/null; then - eerror "lynx not found! you need to emerge www-client/lynx" - else - echo "${APACHE2} started with '${APACHE2_OPTS}'" - for i in config server list; do - ${LYNX} "${INFOURL}/?${i}" | sed '/Apache Server Information/d;/^[[:space:]]\+[_]\+$/Q' - done - fi -} - -# vim: ts=4 filetype=gentoo-init-d diff --git a/init.d/._cfg0000_sshd b/init.d/._cfg0000_sshd deleted file mode 100755 index c55116e..0000000 --- a/init.d/._cfg0000_sshd +++ /dev/null @@ -1,85 +0,0 @@ -#!/sbin/runscript -# Copyright 1999-2011 Gentoo Foundation -# Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/net-misc/openssh/files/sshd.rc6.3,v 1.2 2011/09/14 21:46:19 polynomial-c Exp $ - -extra_commands="checkconfig gen_keys" -extra_started_commands="reload" - -depend() { - use logger dns - need net -} - -SSHD_CONFDIR=${SSHD_CONFDIR:-/etc/ssh} -SSHD_PIDFILE=${SSHD_PIDFILE:-/var/run/${SVCNAME}.pid} -SSHD_BINARY=${SSHD_BINARY:-/usr/sbin/sshd} - -checkconfig() { - if [ ! -d /var/empty ] ; then - mkdir -p /var/empty || return 1 - fi - - if [ ! -e "${SSHD_CONFDIR}"/sshd_config ] ; then - eerror "You need an ${SSHD_CONFDIR}/sshd_config file to run sshd" - eerror "There is a sample file in /usr/share/doc/openssh" - return 1 - fi - - gen_keys || return 1 - - [ "${SSHD_PIDFILE}" != "/var/run/sshd.pid" ] \ - && SSHD_OPTS="${SSHD_OPTS} -o PidFile=${SSHD_PIDFILE}" - [ "${SSHD_CONFDIR}" != "/etc/ssh" ] \ - && SSHD_OPTS="${SSHD_OPTS} -f ${SSHD_CONFDIR}/sshd_config" - - "${SSHD_BINARY}" -t ${SSHD_OPTS} || return 1 -} - -gen_key() { - local type=$1 key ks - [ $# -eq 1 ] && ks="${type}_" - key="${SSHD_CONFDIR}/ssh_host_${ks}key" - if [ ! -e "${key}" ] ; then - ebegin "Generating ${type} host key" - ssh-keygen -t ${type} -f "${key}" -N '' - eend $? || return $? - fi -} - -gen_keys() { - if egrep -q '^[[:space:]]*Protocol[[:space:]]+.*1' "${SSHD_CONFDIR}"/sshd_config ; then - gen_key rsa1 "" || return 1 - fi - gen_key dsa && gen_key rsa && gen_key ecdsa - return $? -} - -start() { - checkconfig || return 1 - - ebegin "Starting ${SVCNAME}" - start-stop-daemon --start --exec "${SSHD_BINARY}" \ - --pidfile "${SSHD_PIDFILE}" \ - -- ${SSHD_OPTS} - eend $? -} - -stop() { - if [ "${RC_CMD}" = "restart" ] ; then - checkconfig || return 1 - fi - - ebegin "Stopping ${SVCNAME}" - start-stop-daemon --stop --exec "${SSHD_BINARY}" \ - --pidfile "${SSHD_PIDFILE}" --quiet - eend $? -} - -reload() { - checkconfig || return 1 - ebegin "Reloading ${SVCNAME}" - start-stop-daemon --signal HUP \ - --exec "${SSHD_BINARY}" --pidfile "${SSHD_PIDFILE}" - eend $? -} diff --git a/init.d/apache2 b/init.d/apache2 index 6d22ce8..c3ce4e7 100755 --- a/init.d/apache2 +++ b/init.d/apache2 @@ -102,7 +102,7 @@ stop() { ${APACHE2} ${APACHE2_OPTS} -k stop i=0 - while ( ! test -f "${PIDFILE}" && pgrep -P ${PID} apache2 >/dev/null ) \ + while ( test -f "${PIDFILE}" && pgrep -P ${PID} apache2 >/dev/null ) \ && [ $i -lt ${TIMEOUT} ]; do sleep 1 && i=$(expr $i + 1) done diff --git a/init.d/sshd b/init.d/sshd index 22aaaad..c55116e 100755 --- a/init.d/sshd +++ b/init.d/sshd @@ -1,7 +1,7 @@ #!/sbin/runscript # Copyright 1999-2011 Gentoo Foundation # Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/net-misc/openssh/files/sshd.rc6.2,v 1.3 2011/12/04 10:08:19 swegener Exp $ +# $Header: /var/cvsroot/gentoo-x86/net-misc/openssh/files/sshd.rc6.3,v 1.2 2011/09/14 21:46:19 polynomial-c Exp $ extra_commands="checkconfig gen_keys" extra_started_commands="reload" @@ -79,7 +79,7 @@ stop() { reload() { checkconfig || return 1 ebegin "Reloading ${SVCNAME}" - start-stop-daemon --stop --signal HUP --oknodo \ + start-stop-daemon --signal HUP \ --exec "${SSHD_BINARY}" --pidfile "${SSHD_PIDFILE}" eend $? } diff --git a/ssh/._cfg0000_sshd_config b/ssh/._cfg0000_sshd_config deleted file mode 100644 index 6a61721..0000000 --- a/ssh/._cfg0000_sshd_config +++ /dev/null @@ -1,202 +0,0 @@ -# $OpenBSD$ - -# This is the sshd server system-wide configuration file. See -# sshd_config(5) for more information. - -# This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin - -# The strategy used for options in the default sshd_config shipped with -# OpenSSH is to specify options with their default value where -# possible, but leave them commented. Uncommented options override the -# default value. - -#Port 22 -#AddressFamily any -#ListenAddress 0.0.0.0 -#ListenAddress :: - -# The default requires explicit activation of protocol 1 -#Protocol 2 - -# HostKey for protocol version 1 -#HostKey /etc/ssh/ssh_host_key -# HostKeys for protocol version 2 -#HostKey /etc/ssh/ssh_host_rsa_key -#HostKey /etc/ssh/ssh_host_dsa_key -#HostKey /etc/ssh/ssh_host_ecdsa_key - -# "key type names" for X.509 certificates with RSA key -# Note first defined is used in signature operations! -#X509KeyAlgorithm x509v3-sign-rsa,rsa-md5 -#X509KeyAlgorithm x509v3-sign-rsa,rsa-sha1 - -# "key type names" for X.509 certificates with DSA key -# Note first defined is used in signature operations! -#X509KeyAlgorithm x509v3-sign-dss,dss-asn1 -#X509KeyAlgorithm x509v3-sign-dss,dss-raw - -# The intended use for the X509 client certificate. Without this option -# no chain verification will be done. Currently accepted uses are case -# insensitive: -# - "sslclient", "SSL client", "SSL_client" or "client" -# - "any", "Any Purpose", "Any_Purpose" or "AnyPurpose" -# - "skip" or ""(empty): don`t check purpose. -#AllowedCertPurpose sslclient - -# Specifies whether self-issued(self-signed) X.509 certificate can be -# allowed only by entry in AutorizedKeysFile that contain matching -# public key or certificate blob. -#KeyAllowSelfIssued no - -# Specifies whether CRL must present in store for all certificates in -# certificate chain with atribute "cRLDistributionPoints" -#MandatoryCRL no - -# A file with multiple certificates of certificate signers -# in PEM format concatenated together. -#CACertificateFile /etc/ssh/ca/ca-bundle.crt - -# A directory with certificates of certificate signers. -# The certificates should have name of the form: [HASH].[NUMBER] -# or have symbolic links to them of this form. -#CACertificatePath /etc/ssh/ca/crt - -# A file with multiple CRL of certificate signers -# in PEM format concatenated together. -#CARevocationFile /etc/ssh/ca/ca-bundle.crl - -# A directory with CRL of certificate signers. -# The CRL should have name of the form: [HASH].r[NUMBER] -# or have symbolic links to them of this form. -#CARevocationPath /etc/ssh/ca/crl - -# LDAP protocol version. -# Example: -# CAldapVersion 2 - -# Note because of OpenSSH options parser limitation -# use %3D instead of = ! -# LDAP initialization may require URL to be escaped, i.e. -# use %2C instead of ,(comma). Escaped URL don't depend from -# LDAP initialization method. -# Example: -# CAldapURL ldap://localhost:389/dc%3Dexample%2Cdc%3Dcom - -# SSH can use "Online Certificate Status Protocol"(OCSP) -# to validate certificate. Set VAType to -# - none : do not use OCSP to validate certificates; -# - ocspcert: validate only certificates that specify `OCSP -# Service Locator' URL; -# - ocspspec: use specified in the configuration 'OCSP Responder' -# to validate all certificates. -#VAType none - -# Lifetime and size of ephemeral version 1 server key -#KeyRegenerationInterval 1h -#ServerKeyBits 1024 - -# Logging -# obsoletes QuietMode and FascistLogging -#SyslogFacility AUTH -#LogLevel INFO - -# Authentication: - -#LoginGraceTime 2m -#PermitRootLogin yes -#StrictModes yes -#MaxAuthTries 6 -#MaxSessions 10 - -#RSAAuthentication yes -#PubkeyAuthentication yes - -# The default is to check both .ssh/authorized_keys and .ssh/authorized_keys2 -# but this is overridden so installations will only check .ssh/authorized_keys -#AuthorizedKeysFile .ssh/authorized_keys - -# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts -#RhostsRSAAuthentication no -# similar for protocol version 2 -#HostbasedAuthentication no -# Change to yes if you don't trust ~/.ssh/known_hosts for -# RhostsRSAAuthentication and HostbasedAuthentication -#IgnoreUserKnownHosts no -# Don't read the user's ~/.rhosts and ~/.shosts files -#IgnoreRhosts yes - -# To disable tunneled clear text passwords, change to no here! -PasswordAuthentication no -#PermitEmptyPasswords no - -# Change to no to disable s/key passwords -#ChallengeResponseAuthentication yes - -# Kerberos options -#KerberosAuthentication no -#KerberosOrLocalPasswd yes -#KerberosTicketCleanup yes -#KerberosGetAFSToken no - -# GSSAPI options -#GSSAPIAuthentication no -#GSSAPICleanupCredentials yes -#GSSAPIStrictAcceptorCheck yes - -# Set this to 'yes' to enable PAM authentication, account processing, -# and session processing. If this is enabled, PAM authentication will -# be allowed through the ChallengeResponseAuthentication and -# PasswordAuthentication. Depending on your PAM configuration, -# PAM authentication via ChallengeResponseAuthentication may bypass -# the setting of "PermitRootLogin without-password". -# If you just want the PAM account and session checks to run without -# PAM authentication, then enable this but set PasswordAuthentication -# and ChallengeResponseAuthentication to 'no'. -UsePAM yes - -#AllowAgentForwarding yes -#AllowTcpForwarding yes -#GatewayPorts no -#X11Forwarding no -#X11DisplayOffset 10 -#X11UseLocalhost yes -PrintMotd no -PrintLastLog no -#TCPKeepAlive yes -#UseLogin no -#UsePrivilegeSeparation yes -#PermitUserEnvironment no -#Compression delayed -#ClientAliveInterval 0 -#ClientAliveCountMax 3 -#UseDNS yes -#PidFile /var/run/sshd.pid -#MaxStartups 10 -#PermitTunnel no -#ChrootDirectory none - -# no default banner path -#Banner none - -# override default of no subsystems -Subsystem sftp /usr/lib64/misc/sftp-server - -# the following are HPN related configuration options -# tcp receive buffer polling. disable in non autotuning kernels -#TcpRcvBufPoll yes - -# allow the use of the none cipher -#NoneEnabled no - -# disable hpn performance boosts. -#HPNDisabled no - -# buffer size for hpn to non-hpn connections -#HPNBufferSize 2048 - - -# Example of overriding settings on a per-user basis -#Match User anoncvs -# X11Forwarding no -# AllowTcpForwarding no -# ForceCommand cvs server diff --git a/ssh/sshd_config b/ssh/sshd_config index e686e9f..1df843e 100644 --- a/ssh/sshd_config +++ b/ssh/sshd_config @@ -7,7 +7,7 @@ # The strategy used for options in the default sshd_config shipped with # OpenSSH is to specify options with their default value where -# possible, but leave them commented. Uncommented options change a +# possible, but leave them commented. Uncommented options override the # default value. #Port 22 @@ -111,6 +111,9 @@ PermitRootLogin no #RSAAuthentication yes #PubkeyAuthentication yes + +# The default is to check both .ssh/authorized_keys and .ssh/authorized_keys2 +# but this is overridden so installations will only check .ssh/authorized_keys #AuthorizedKeysFile .ssh/authorized_keys # For this to work you will also need host keys in /etc/ssh/ssh_known_hosts @@ -140,6 +143,7 @@ PasswordAuthentication no # GSSAPI options #GSSAPIAuthentication no #GSSAPICleanupCredentials yes +#GSSAPIStrictAcceptorCheck yes # Set this to 'yes' to enable PAM authentication, account processing, # and session processing. If this is enabled, PAM authentication will