From: root Date: Tue, 15 Mar 2016 09:44:54 +0000 (+0100) Subject: saving uncommitted changes in /etc prior to emerge run X-Git-Url: https://git.uhu-banane.de/?a=commitdiff_plain;h=88d1da7425030448490e52c1ad44398c0627656c;p=config%2Fhelga%2Fetc.git saving uncommitted changes in /etc prior to emerge run --- diff --git a/.etckeeper b/.etckeeper index dca5e55..e070667 100755 --- a/.etckeeper +++ b/.etckeeper @@ -119,7 +119,6 @@ maybe chmod 0644 'apache2/info_users_passwd' maybe chmod 0644 'apache2/magic' maybe chmod 0755 'apache2/modules.d' maybe chmod 0755 'apache2/modules.d.old' -maybe chmod 0644 'apache2/modules.d/._mrg0000_00_mod_autoindex.conf' maybe chmod 0700 'apache2/modules.d/.rcs' maybe chmod 0444 'apache2/modules.d/.rcs/00_apache_manual.conf,v' maybe chmod 0444 'apache2/modules.d/.rcs/00_default_settings.conf,v' @@ -485,17 +484,16 @@ maybe chmod 0640 'config-archive/etc/amavisd.conf.dist' maybe chmod 0755 'config-archive/etc/apache2' maybe chmod 0644 'config-archive/etc/apache2/httpd.conf' maybe chmod 0644 'config-archive/etc/apache2/httpd.conf,v' -maybe chmod 0644 'config-archive/etc/apache2/httpd.conf.dist.new' +maybe chmod 0644 'config-archive/etc/apache2/httpd.conf.dist' maybe chmod 0755 'config-archive/etc/apache2/modules.d' maybe chmod 0644 'config-archive/etc/apache2/modules.d/00_apache_manual.conf,v' maybe chmod 0644 'config-archive/etc/apache2/modules.d/00_default_settings.conf' maybe chmod 0644 'config-archive/etc/apache2/modules.d/00_default_settings.conf,v' maybe chmod 0644 'config-archive/etc/apache2/modules.d/00_default_settings.conf.1' maybe chmod 0644 'config-archive/etc/apache2/modules.d/00_default_settings.conf.dist' -maybe chmod 0644 'config-archive/etc/apache2/modules.d/00_default_settings.conf.dist.new' maybe chmod 0644 'config-archive/etc/apache2/modules.d/00_error_documents.conf' maybe chmod 0644 'config-archive/etc/apache2/modules.d/00_error_documents.conf,v' -maybe chmod 0644 'config-archive/etc/apache2/modules.d/00_error_documents.conf.dist.new' +maybe chmod 0644 'config-archive/etc/apache2/modules.d/00_error_documents.conf.dist' maybe chmod 0644 'config-archive/etc/apache2/modules.d/00_languages.conf' maybe chmod 0644 'config-archive/etc/apache2/modules.d/00_languages.conf,v' maybe chmod 0644 'config-archive/etc/apache2/modules.d/00_languages.conf.dist.new' @@ -503,22 +501,21 @@ maybe chmod 0644 'config-archive/etc/apache2/modules.d/00_mod_autoindex.conf' maybe chmod 0644 'config-archive/etc/apache2/modules.d/00_mod_autoindex.conf,v' maybe chmod 0644 'config-archive/etc/apache2/modules.d/00_mod_autoindex.conf.1' maybe chmod 0644 'config-archive/etc/apache2/modules.d/00_mod_autoindex.conf.dist' -maybe chmod 0644 'config-archive/etc/apache2/modules.d/00_mod_autoindex.conf.dist.new' maybe chmod 0644 'config-archive/etc/apache2/modules.d/00_mod_info.conf' maybe chmod 0644 'config-archive/etc/apache2/modules.d/00_mod_info.conf,v' -maybe chmod 0644 'config-archive/etc/apache2/modules.d/00_mod_info.conf.dist.new' +maybe chmod 0644 'config-archive/etc/apache2/modules.d/00_mod_info.conf.dist' maybe chmod 0644 'config-archive/etc/apache2/modules.d/00_mod_log_config.conf' maybe chmod 0644 'config-archive/etc/apache2/modules.d/00_mod_log_config.conf,v' maybe chmod 0644 'config-archive/etc/apache2/modules.d/00_mod_log_config.conf.dist.new' maybe chmod 0644 'config-archive/etc/apache2/modules.d/00_mod_mime.conf' maybe chmod 0644 'config-archive/etc/apache2/modules.d/00_mod_mime.conf,v' -maybe chmod 0644 'config-archive/etc/apache2/modules.d/00_mod_mime.conf.dist.new' +maybe chmod 0644 'config-archive/etc/apache2/modules.d/00_mod_mime.conf.dist' maybe chmod 0644 'config-archive/etc/apache2/modules.d/00_mod_status.conf' maybe chmod 0644 'config-archive/etc/apache2/modules.d/00_mod_status.conf,v' -maybe chmod 0644 'config-archive/etc/apache2/modules.d/00_mod_status.conf.dist.new' +maybe chmod 0644 'config-archive/etc/apache2/modules.d/00_mod_status.conf.dist' maybe chmod 0644 'config-archive/etc/apache2/modules.d/00_mpm.conf' maybe chmod 0644 'config-archive/etc/apache2/modules.d/00_mpm.conf,v' -maybe chmod 0644 'config-archive/etc/apache2/modules.d/00_mpm.conf.dist.new' +maybe chmod 0644 'config-archive/etc/apache2/modules.d/00_mpm.conf.dist' maybe chmod 0644 'config-archive/etc/apache2/modules.d/20_mod_fastcgi.conf' maybe chmod 0644 'config-archive/etc/apache2/modules.d/20_mod_fastcgi.conf.dist.new' maybe chmod 0644 'config-archive/etc/apache2/modules.d/20_mod_fcgid.conf' @@ -538,10 +535,10 @@ maybe chmod 0644 'config-archive/etc/apache2/vhosts.d/00_default_ssl_vhost.conf, maybe chmod 0644 'config-archive/etc/apache2/vhosts.d/00_default_ssl_vhost.conf.dist' maybe chmod 0644 'config-archive/etc/apache2/vhosts.d/00_default_vhost.conf' maybe chmod 0644 'config-archive/etc/apache2/vhosts.d/00_default_vhost.conf,v' -maybe chmod 0644 'config-archive/etc/apache2/vhosts.d/00_default_vhost.conf.dist.new' +maybe chmod 0644 'config-archive/etc/apache2/vhosts.d/00_default_vhost.conf.dist' maybe chmod 0644 'config-archive/etc/apache2/vhosts.d/default_vhost.include' maybe chmod 0644 'config-archive/etc/apache2/vhosts.d/default_vhost.include,v' -maybe chmod 0644 'config-archive/etc/apache2/vhosts.d/default_vhost.include.dist.new' +maybe chmod 0644 'config-archive/etc/apache2/vhosts.d/default_vhost.include.dist' maybe chmod 0644 'config-archive/etc/auto.master,v' maybe chmod 0644 'config-archive/etc/auto.misc,v' maybe chmod 0644 'config-archive/etc/auto.misc.dist.new' @@ -672,7 +669,7 @@ maybe chmod 0644 'config-archive/etc/elinks/elinks.conf,v' maybe chmod 0644 'config-archive/etc/etc-update.conf,v' maybe chmod 0755 'config-archive/etc/etckeeper' maybe chmod 0644 'config-archive/etc/etckeeper/etckeeper.conf' -maybe chmod 0644 'config-archive/etc/etckeeper/etckeeper.conf.dist.new' +maybe chmod 0644 'config-archive/etc/etckeeper/etckeeper.conf.dist' maybe chmod 0755 'config-archive/etc/fonts' maybe chmod 0755 'config-archive/etc/fonts/conf.avail' maybe chmod 0644 'config-archive/etc/fonts/conf.avail/30-urw-aliases.conf,v' @@ -991,7 +988,6 @@ maybe chmod 0600 'config-archive/etc/ssh/sshd_config.3' maybe chmod 0600 'config-archive/etc/ssh/sshd_config.4' maybe chmod 0600 'config-archive/etc/ssh/sshd_config.5' maybe chmod 0600 'config-archive/etc/ssh/sshd_config.dist' -maybe chmod 0600 'config-archive/etc/ssh/sshd_config.dist.new' maybe chmod 0755 'config-archive/etc/ssl' maybe chmod 0755 'config-archive/etc/ssl/certs' maybe chmod 0644 'config-archive/etc/ssl/certs/ca-certificates.crt,v' @@ -2822,7 +2818,6 @@ maybe chmod 0755 'smartd_warning.sh' maybe chmod 0755 'snmp' maybe chmod 0644 'snmp/snmpd.conf.example' maybe chmod 0755 'ssh' -maybe chmod 0600 'ssh/._mrg0000_sshd_config' maybe chmod 0644 'ssh/moduli' maybe chmod 0644 'ssh/ssh_config' maybe chmod 0600 'ssh/ssh_host_dsa_key' diff --git a/apache2/httpd.conf b/apache2/httpd.conf index 31eb439..0494b0f 100644 --- a/apache2/httpd.conf +++ b/apache2/httpd.conf @@ -1,4 +1,4 @@ -# This is a modification of the default Apache 2.2 configuration file +# This is a modification of the default Apache 2.4 configuration file # for Gentoo Linux. # # Support: @@ -13,9 +13,9 @@ # # This is the main Apache HTTP server configuration file. It contains the # configuration directives that give the server its instructions. -# See for detailed information. +# See for detailed information. # In particular, see -# +# # for a discussion of each configuration directive. # # Do NOT simply read the instructions in here without understanding @@ -36,6 +36,7 @@ # ServerRoot at a non-local disk, be sure to point the LockFile directive # at a local disk. If you wish to share the same ServerRoot for multiple # httpd daemons, you will need to change at least LockFile and PidFile. +# Comment: The LockFile directive has been replaced by the Mutex directive ServerRoot "/usr/lib64/apache2" # Dynamic Shared Object (DSO) Support @@ -58,6 +59,7 @@ ServerRoot "/usr/lib64/apache2" # # Change these at your own risk! +LoadModule access_compat_module modules/mod_access_compat.so LoadModule actions_module modules/mod_actions.so LoadModule alias_module modules/mod_alias.so LoadModule asis_module modules/mod_asis.so @@ -65,17 +67,17 @@ LoadModule auth_basic_module modules/mod_auth_basic.so LoadModule auth_digest_module modules/mod_auth_digest.so -LoadModule authn_alias_module modules/mod_authn_alias.so LoadModule authn_anon_module modules/mod_authn_anon.so +LoadModule authn_core_module modules/mod_authn_core.so LoadModule authn_dbd_module modules/mod_authn_dbd.so LoadModule authn_dbm_module modules/mod_authn_dbm.so -LoadModule authn_default_module modules/mod_authn_default.so LoadModule authn_file_module modules/mod_authn_file.so LoadModule authnz_ldap_module modules/mod_authnz_ldap.so +LoadModule authz_core_module modules/mod_authz_core.so +LoadModule authz_dbd_module modules/mod_authz_dbd.so LoadModule authz_dbm_module modules/mod_authz_dbm.so -LoadModule authz_default_module modules/mod_authz_default.so LoadModule authz_groupfile_module modules/mod_authz_groupfile.so LoadModule authz_host_module modules/mod_authz_host.so LoadModule authz_owner_module modules/mod_authz_owner.so @@ -84,9 +86,12 @@ LoadModule autoindex_module modules/mod_autoindex.so LoadModule cache_module modules/mod_cache.so -#LoadModule cern_meta_module modules/mod_cern_meta.so + +LoadModule cache_disk_module modules/mod_cache_disk.so + +LoadModule cern_meta_module modules/mod_cern_meta.so LoadModule cgi_module modules/mod_cgi.so -#LoadModule cgid_module modules/mod_cgid.so +LoadModule cgid_module modules/mod_cgid.so LoadModule charset_lite_module modules/mod_charset_lite.so LoadModule dav_module modules/mod_dav.so @@ -100,10 +105,7 @@ LoadModule dav_lock_module modules/mod_dav_lock.so LoadModule dbd_module modules/mod_dbd.so LoadModule deflate_module modules/mod_deflate.so LoadModule dir_module modules/mod_dir.so - -LoadModule disk_cache_module modules/mod_disk_cache.so - -#LoadModule dumpio_module modules/mod_dumpio.so +LoadModule dumpio_module modules/mod_dumpio.so LoadModule env_module modules/mod_env.so LoadModule expires_module modules/mod_expires.so LoadModule ext_filter_module modules/mod_ext_filter.so @@ -112,6 +114,9 @@ LoadModule file_cache_module modules/mod_file_cache.so LoadModule filter_module modules/mod_filter.so LoadModule headers_module modules/mod_headers.so + +LoadModule http2_module modules/mod_http2.so + LoadModule ident_module modules/mod_ident.so LoadModule imagemap_module modules/mod_imagemap.so LoadModule include_module modules/mod_include.so @@ -124,9 +129,7 @@ LoadModule ldap_module modules/mod_ldap.so LoadModule log_config_module modules/mod_log_config.so LoadModule log_forensic_module modules/mod_log_forensic.so LoadModule logio_module modules/mod_logio.so - -LoadModule mem_cache_module modules/mod_mem_cache.so - +LoadModule macro_module modules/mod_macro.so LoadModule mime_module modules/mod_mime.so LoadModule mime_magic_module modules/mod_mime_magic.so LoadModule negotiation_module modules/mod_negotiation.so @@ -143,15 +146,32 @@ LoadModule proxy_balancer_module modules/mod_proxy_balancer.so LoadModule proxy_connect_module modules/mod_proxy_connect.so +LoadModule proxy_fcgi_module modules/mod_proxy_fcgi.so + + LoadModule proxy_ftp_module modules/mod_proxy_ftp.so +LoadModule proxy_html_module modules/mod_proxy_html.so + + LoadModule proxy_http_module modules/mod_proxy_http.so -#LoadModule proxy_scgi_module modules/mod_proxy_scgi.so -#LoadModule reqtimeout_module modules/mod_reqtimeout.so + +LoadModule proxy_scgi_module modules/mod_proxy_scgi.so + + +LoadModule proxy_wstunnel_module modules/mod_proxy_wstunnel.so + +LoadModule ratelimit_module modules/mod_ratelimit.so +LoadModule remoteip_module modules/mod_remoteip.so +LoadModule reqtimeout_module modules/mod_reqtimeout.so LoadModule rewrite_module modules/mod_rewrite.so LoadModule setenvif_module modules/mod_setenvif.so +LoadModule slotmem_shm_module modules/mod_slotmem_shm.so + +LoadModule socache_shmcb_module modules/mod_socache_shmcb.so + LoadModule speling_module modules/mod_speling.so LoadModule ssl_module modules/mod_ssl.so @@ -164,6 +184,7 @@ LoadModule substitute_module modules/mod_substitute.so LoadModule suexec_module modules/mod_suexec.so LoadModule unique_id_module modules/mod_unique_id.so +LoadModule unixd_module modules/mod_unixd.so LoadModule userdir_module modules/mod_userdir.so diff --git a/apache2/modules.d/._mrg0000_00_mod_autoindex.conf b/apache2/modules.d/._mrg0000_00_mod_autoindex.conf deleted file mode 100644 index dedf060..0000000 --- a/apache2/modules.d/._mrg0000_00_mod_autoindex.conf +++ /dev/null @@ -1,93 +0,0 @@ - - - - -# We include the /icons/ alias for FancyIndexed directory listings. If -# you do not use FancyIndexing, you may comment this out. -Alias /icons/ "/usr/share/apache2/icons/" - - - Options Indexes MultiViews - AllowOverride None - Require all granted - - - -# Directives controlling the display of server-generated directory listings. -# -# To see the listing of a directory, the Options directive for the -# directory must include "Indexes", and the directory must not contain -# a file matching those listed in the DirectoryIndex directive. - -# IndexOptions: Controls the appearance of server-generated directory -# listings. -#IndexOptions FancyIndexing VersionSort -IndexOptions FancyIndexing VersionSort FoldersFirst HTMLTable IgnoreCase NameWidth=50 - -# AddIcon* directives tell the server which icon to show for different -# files or filename extensions. These are only displayed for -# FancyIndexed directories. -AddIconByEncoding (CMP,/icons/compressed.gif) x-compress x-gzip - -AddIconByType (CDR,/icons/corel-document.png) image/x-coreldraw - -AddIconByType (TXT,/icons/text.gif) text/* -AddIconByType (IMG,/icons/image2.gif) image/* -AddIconByType (SND,/icons/sound2.gif) audio/* -AddIconByType (VID,/icons/movie.gif) video/* - -AddIcon /icons/binary.gif .bin .exe -AddIcon /icons/binhex.gif .hqx -AddIcon /icons/tar.gif .tar -AddIcon /icons/world2.gif .wrl .wrl.gz .vrml .vrm .iv -AddIcon /icons/compressed.gif .Z .z .tgz .gz .zip -AddIcon /icons/a.gif .ps .ai .eps -AddIcon /icons/layout.gif .html .shtml .htm .pdf -AddIcon /icons/text.gif .txt -AddIcon /icons/c.gif .c -AddIcon /icons/p.gif .pl .py -AddIcon /icons/f.gif .for -AddIcon /icons/dvi.gif .dvi -AddIcon /icons/uuencoded.gif .uu -AddIcon /icons/script.gif .conf .sh .shar .csh .ksh .tcl -AddIcon /icons/tex.gif .tex -AddIcon /icons/bomb.gif core - -AddIcon /icons/corel-document.png .cdr - -AddIcon /icons/back.gif .. -AddIcon /icons/hand.right.gif README -AddIcon /icons/folder.gif ^^DIRECTORY^^ -AddIcon /icons/blank.gif ^^BLANKICON^^ - -# DefaultIcon is which icon to show for files which do not have an icon -# explicitly set. -DefaultIcon /icons/unknown.gif - -# AddDescription allows you to place a short description after a file in -# server-generated indexes. These are only displayed for FancyIndexed -# directories. -# Format: AddDescription "description" filename - -AddDescription "GZIP-komprimiertes Tar-Archiv" .tar.gz -AddDescription "GZIP-komprimiertes Dokument" .gz -AddDescription "Tar-Archive" .tar -AddDescription "GZIP-komprimiertes Tar-Archiv" .tgz -AddDescription "PDF-Dokument" .pdf -AddDescription "CorelDraw-Zeichnung" .cdr - -# ReadmeName is the name of the README file the server will look for by -# default, and append to directory listings. - -# HeaderName is the name of a file which should be prepended to -# directory indexes. -ReadmeName README.html -HeaderName HEADER.html - -# IndexIgnore is a set of filenames which directory indexing should ignore -# and not include in the listing. Shell-style wildcarding is permitted. -IndexIgnore .??* *~ *# HEADER* README* RCS CVS *,v *,t - - - -# vim: ts=4 filetype=apache diff --git a/apache2/modules.d/00_default_settings.conf b/apache2/modules.d/00_default_settings.conf index 9d1862a..f7d2874 100644 --- a/apache2/modules.d/00_default_settings.conf +++ b/apache2/modules.d/00_default_settings.conf @@ -68,12 +68,10 @@ HostnameLookups Off # be turned off when serving from networked-mounted # filesystems or if support for these functions is otherwise # broken on your system. -EnableMMAP off -EnableSendfile off -#EnableMMAP On -#EnableSendfile On +EnableMMAP On +EnableSendfile Off -# FileEtag: Configures the file attributes that are used to create +# FileETag: Configures the file attributes that are used to create # the ETag (entity tag) response header field when the document is # based on a static file. (The ETag value is used in cache management # to save network bandwidth.) @@ -109,8 +107,7 @@ LogLevel info Options FollowSymLinks AllowOverride None - Order deny,allow - Deny from all + Require all denied # DirectoryIndex: sets the file that Apache will serve if a directory @@ -128,8 +125,7 @@ LogLevel info # The following lines prevent .htaccess and .htpasswd files from being # viewed by Web clients. - Order allow,deny - Deny from all + Require all denied # vim: ts=4 filetype=apache diff --git a/apache2/modules.d/00_error_documents.conf b/apache2/modules.d/00_error_documents.conf index 90c6b0a..79cf538 100644 --- a/apache2/modules.d/00_error_documents.conf +++ b/apache2/modules.d/00_error_documents.conf @@ -30,8 +30,7 @@ Alias /error/ "/usr/share/apache2/error/" Options IncludesNoExec AddOutputFilter Includes html AddHandler type-map var - Order allow,deny - Allow from all + Require all granted LanguagePriority de en cs es fr it ja ko nl pl pt-br ro sv tr ForceLanguagePriority Prefer Fallback diff --git a/apache2/modules.d/00_mod_autoindex.conf b/apache2/modules.d/00_mod_autoindex.conf index f03f25c..dedf060 100644 --- a/apache2/modules.d/00_mod_autoindex.conf +++ b/apache2/modules.d/00_mod_autoindex.conf @@ -9,8 +9,7 @@ Alias /icons/ "/usr/share/apache2/icons/" Options Indexes MultiViews AllowOverride None - Order allow,deny - Allow from all + Require all granted diff --git a/apache2/modules.d/00_mod_info.conf b/apache2/modules.d/00_mod_info.conf index 44379d1..039e3c0 100644 --- a/apache2/modules.d/00_mod_info.conf +++ b/apache2/modules.d/00_mod_info.conf @@ -3,13 +3,10 @@ # http://servername/server-info SetHandler server-info - Order deny,allow - Deny from all - Allow from 127.0.0.1 - Allow from localhost AuthName "Server Status Access" AuthType Basic AuthUserFile /etc/apache2/info_users_passwd + Require local Require valid-user Satisfy Any diff --git a/apache2/modules.d/00_mod_mime.conf b/apache2/modules.d/00_mod_mime.conf index 6229e61..3940107 100644 --- a/apache2/modules.d/00_mod_mime.conf +++ b/apache2/modules.d/00_mod_mime.conf @@ -1,12 +1,3 @@ -# DefaultType: the default MIME type the server will use for a document -# if it cannot otherwise determine one, such as from filename extensions. -# If your server contains mostly text or HTML documents, "text/plain" is -# a good value. If most of your content is binary, such as applications -# or images, you may want to use "application/octet-stream" instead to -# keep browsers from trying to display binary files as though they are -# text. -DefaultType text/plain - # TypesConfig points to the file containing the list of mappings from # filename extension to MIME-type. diff --git a/apache2/modules.d/00_mod_status.conf b/apache2/modules.d/00_mod_status.conf index 9ebd91f..f7e81db 100644 --- a/apache2/modules.d/00_mod_status.conf +++ b/apache2/modules.d/00_mod_status.conf @@ -3,13 +3,10 @@ # with the URL of http://servername/server-status SetHandler server-status - Order deny,allow - Deny from all - Allow from 127.0.0.1 - Allow from localhost AuthName "Server Status Access" AuthType Basic AuthUserFile /etc/apache2/info_users_passwd + Require local Require valid-user Satisfy Any diff --git a/apache2/modules.d/00_mpm.conf b/apache2/modules.d/00_mpm.conf index 27dc24d..23c56fa 100644 --- a/apache2/modules.d/00_mpm.conf +++ b/apache2/modules.d/00_mpm.conf @@ -4,10 +4,10 @@ # identification number when it starts. # # DO NOT CHANGE UNLESS YOU KNOW WHAT YOU ARE DOING -PidFile /var/run/apache2.pid +PidFile /run/apache2.pid # The accept serialization lock file MUST BE STORED ON A LOCAL DISK. -#LockFile /var/run/apache2.lock +# Mutex file:/run/apache_mpm_mutex # Only one of the below sections will be relevant on your # installed httpd. Use "/usr/sbin/apache2 -l" to find out the @@ -17,9 +17,9 @@ PidFile /var/run/apache2.pid # These configuration directives apply to all MPMs # # StartServers: Number of child server processes created at startup -# MaxClients: Maximum number of child processes to serve requests -# MaxRequestsPerChild: Limit on the number of requests that an individual child -# server will handle during its life +# MaxRequestWorkers: Maximum number of child processes to serve requests +# MaxConnectionsPerChild: Limit on the number of connections that an individual +# child server will handle during its life # prefork MPM @@ -31,8 +31,8 @@ PidFile /var/run/apache2.pid StartServers 2 MinSpareServers 2 MaxSpareServers 10 - MaxClients 150 - MaxRequestsPerChild 10000 + MaxRequestWorkers 150 + MaxConnectionsPerChild 10000 # worker MPM @@ -46,8 +46,8 @@ PidFile /var/run/apache2.pid MinSpareThreads 25 MaxSpareThreads 75 ThreadsPerChild 25 - MaxClients 150 - MaxRequestsPerChild 10000 + MaxRequestWorkers 150 + MaxConnectionsPerChild 10000 # event MPM @@ -60,8 +60,8 @@ PidFile /var/run/apache2.pid MinSpareThreads 25 MaxSpareThreads 75 ThreadsPerChild 25 - MaxClients 150 - MaxRequestsPerChild 10000 + MaxRequestWorkers 150 + MaxConnectionsPerChild 10000 # peruser MPM @@ -76,8 +76,8 @@ PidFile /var/run/apache2.pid MinSpareProcessors 2 MinProcessors 2 MaxProcessors 10 - MaxClients 150 - MaxRequestsPerChild 1000 + MaxRequestWorkers 150 + MaxConnectionsPerChild 1000 ExpireTimeout 1800 Multiplexer nobody nobody @@ -92,8 +92,8 @@ PidFile /var/run/apache2.pid StartServers 5 MinSpareServers 5 MaxSpareServers 10 - MaxClients 150 - MaxRequestsPerChild 10000 + MaxRequestWorkers 150 + MaxConnectionsPerChild 10000 # vim: ts=4 filetype=apache diff --git a/apache2/modules.d/47_mod_dav_svn.conf b/apache2/modules.d/47_mod_dav_svn.conf index ab8906c..ef77e8a 100644 --- a/apache2/modules.d/47_mod_dav_svn.conf +++ b/apache2/modules.d/47_mod_dav_svn.conf @@ -6,12 +6,12 @@ # Example configuration: # -# DAV svn -# SVNPath ${SVN_REPOS_LOC}/repos -# AuthType Basic -# AuthName "Subversion repository" -# AuthUserFile ${SVN_REPOS_LOC}/conf/svnusers -# Require valid-user +# DAV svn +# SVNPath ${SVN_REPOS_LOC}/repos +# AuthType Basic +# AuthName "Subversion repository" +# AuthUserFile ${SVN_REPOS_LOC}/conf/svnusers +# Require valid-user # diff --git a/apache2/vhosts.d/00_default_vhost.conf b/apache2/vhosts.d/00_default_vhost.conf index cb477ea..0c4aaf3 100644 --- a/apache2/vhosts.d/00_default_vhost.conf +++ b/apache2/vhosts.d/00_default_vhost.conf @@ -6,7 +6,7 @@ # IP addresses. This is indicated by the asterisks in the directives below. # # Please see the documentation at -# +# # for further details before you try to setup virtual hosts. # # You may use the command line option '-S' to verify your virtual host diff --git a/apache2/vhosts.d/default_vhost.include b/apache2/vhosts.d/default_vhost.include index c6eb4e3..c989fcf 100644 --- a/apache2/vhosts.d/default_vhost.include +++ b/apache2/vhosts.d/default_vhost.include @@ -14,50 +14,49 @@ DocumentRoot "/var/www/localhost/htdocs" # This should be changed to whatever you set DocumentRoot to. - # Possible values for the Options directive are "None", "All", - # or any combination of: - # Indexes Includes FollowSymLinks SymLinksifOwnerMatch ExecCGI MultiViews - # - # Note that "MultiViews" must be named *explicitly* --- "Options All" - # doesn't give it to you. - # - # The Options directive is both complicated and important. Please see - # http://httpd.apache.org/docs/2.2/mod/core.html#options - # for more information. - Options Indexes FollowSymLinks - - # AllowOverride controls what directives may be placed in .htaccess files. - # It can be "All", "None", or any combination of the keywords: - # Options FileInfo AuthConfig Limit - AllowOverride All - - # Controls who can get stuff from this server. - Order allow,deny - Allow from all + # Possible values for the Options directive are "None", "All", + # or any combination of: + # Indexes Includes FollowSymLinks SymLinksifOwnerMatch ExecCGI MultiViews + # + # Note that "MultiViews" must be named *explicitly* --- "Options All" + # doesn't give it to you. + # + # The Options directive is both complicated and important. Please see + # http://httpd.apache.org/docs/2.4/mod/core.html#options + # for more information. + Options Indexes FollowSymLinks + + # AllowOverride controls what directives may be placed in .htaccess files. + # It can be "All", "None", or any combination of the keywords: + # Options FileInfo AuthConfig Limit + AllowOverride All + + # Controls who can get stuff from this server. + Require all granted - # Redirect: Allows you to tell clients about documents that used to - # exist in your server's namespace, but do not anymore. The client - # will make a new request for the document at its new location. - # Example: - # Redirect permanent /foo http://www.example.com/bar - - # Alias: Maps web paths into filesystem paths and is used to - # access content that does not live under the DocumentRoot. - # Example: - # Alias /webpath /full/filesystem/path - # - # If you include a trailing / on /webpath then the server will - # require it to be present in the URL. You will also likely - # need to provide a section to allow access to - # the filesystem path. - - Alias /distfiles/ /usr/portage/distfiles/ - - - Options Indexes FollowSymLinks - AllowOverride All + # Redirect: Allows you to tell clients about documents that used to + # exist in your server's namespace, but do not anymore. The client + # will make a new request for the document at its new location. + # Example: + # Redirect permanent /foo http://www.example.com/bar + + # Alias: Maps web paths into filesystem paths and is used to + # access content that does not live under the DocumentRoot. + # Example: + # Alias /webpath /full/filesystem/path + # + # If you include a trailing / on /webpath then the server will + # require it to be present in the URL. You will also likely + # need to provide a section to allow access to + # the filesystem path. + + Alias /distfiles/ /usr/portage/distfiles/ + + + Options Indexes FollowSymLinks + AllowOverride All Order allow,deny Allow from all @@ -128,8 +127,7 @@ DocumentRoot "/var/www/localhost/htdocs" AllowOverride None Options None - Order allow,deny - Allow from all + Require all granted -# vim: filetype=apache ts=4 expandtab fileencoding=utf-8 +# vim: ts=4 filetype=apache diff --git a/config-archive/etc/apache2/httpd.conf.dist b/config-archive/etc/apache2/httpd.conf.dist new file mode 100644 index 0000000..0494b0f --- /dev/null +++ b/config-archive/etc/apache2/httpd.conf.dist @@ -0,0 +1,222 @@ +# This is a modification of the default Apache 2.4 configuration file +# for Gentoo Linux. +# +# Support: +# http://www.gentoo.org/main/en/lists.xml [mailing lists] +# http://forums.gentoo.org/ [web forums] +# irc://irc.freenode.net#gentoo-apache [irc chat] +# +# Bug Reports: +# http://bugs.gentoo.org [gentoo related bugs] +# http://httpd.apache.org/bug_report.html [apache httpd related bugs] +# +# +# This is the main Apache HTTP server configuration file. It contains the +# configuration directives that give the server its instructions. +# See for detailed information. +# In particular, see +# +# for a discussion of each configuration directive. +# +# Do NOT simply read the instructions in here without understanding +# what they do. They're here only as hints or reminders. If you are unsure +# consult the online docs. You have been warned. +# +# Configuration and logfile names: If the filenames you specify for many +# of the server's control files begin with "/" (or "drive:/" for Win32), the +# server will use that explicit path. If the filenames do *not* begin +# with "/", the value of ServerRoot is prepended -- so "var/log/apache2/foo_log" +# with ServerRoot set to "/usr" will be interpreted by the +# server as "/usr/var/log/apache2/foo.log". + +# ServerRoot: The top of the directory tree under which the server's +# configuration, error, and log files are kept. +# +# Do not add a slash at the end of the directory path. If you point +# ServerRoot at a non-local disk, be sure to point the LockFile directive +# at a local disk. If you wish to share the same ServerRoot for multiple +# httpd daemons, you will need to change at least LockFile and PidFile. +# Comment: The LockFile directive has been replaced by the Mutex directive +ServerRoot "/usr/lib64/apache2" + +# Dynamic Shared Object (DSO) Support +# +# To be able to use the functionality of a module which was built as a DSO you +# have to place corresponding `LoadModule' lines at this location so the +# directives contained in it are actually available _before_ they are used. +# Statically compiled modules (those listed by `httpd -l') do not need +# to be loaded here. +# +# Example: +# LoadModule foo_module modules/mod_foo.so +# +# GENTOO: Automatically defined based on APACHE2_MODULES USE_EXPAND variable. +# Do not change manually, it will be overwritten on upgrade. +# +# The following modules are considered as the default configuration. +# If you wish to disable one of them, you may have to alter other +# configuration directives. +# +# Change these at your own risk! + +LoadModule access_compat_module modules/mod_access_compat.so +LoadModule actions_module modules/mod_actions.so +LoadModule alias_module modules/mod_alias.so +LoadModule asis_module modules/mod_asis.so +LoadModule auth_basic_module modules/mod_auth_basic.so + +LoadModule auth_digest_module modules/mod_auth_digest.so + +LoadModule authn_anon_module modules/mod_authn_anon.so +LoadModule authn_core_module modules/mod_authn_core.so +LoadModule authn_dbd_module modules/mod_authn_dbd.so +LoadModule authn_dbm_module modules/mod_authn_dbm.so +LoadModule authn_file_module modules/mod_authn_file.so + +LoadModule authnz_ldap_module modules/mod_authnz_ldap.so + +LoadModule authz_core_module modules/mod_authz_core.so +LoadModule authz_dbd_module modules/mod_authz_dbd.so +LoadModule authz_dbm_module modules/mod_authz_dbm.so +LoadModule authz_groupfile_module modules/mod_authz_groupfile.so +LoadModule authz_host_module modules/mod_authz_host.so +LoadModule authz_owner_module modules/mod_authz_owner.so +LoadModule authz_user_module modules/mod_authz_user.so +LoadModule autoindex_module modules/mod_autoindex.so + +LoadModule cache_module modules/mod_cache.so + + +LoadModule cache_disk_module modules/mod_cache_disk.so + +LoadModule cern_meta_module modules/mod_cern_meta.so +LoadModule cgi_module modules/mod_cgi.so +LoadModule cgid_module modules/mod_cgid.so +LoadModule charset_lite_module modules/mod_charset_lite.so + +LoadModule dav_module modules/mod_dav.so + + +LoadModule dav_fs_module modules/mod_dav_fs.so + + +LoadModule dav_lock_module modules/mod_dav_lock.so + +LoadModule dbd_module modules/mod_dbd.so +LoadModule deflate_module modules/mod_deflate.so +LoadModule dir_module modules/mod_dir.so +LoadModule dumpio_module modules/mod_dumpio.so +LoadModule env_module modules/mod_env.so +LoadModule expires_module modules/mod_expires.so +LoadModule ext_filter_module modules/mod_ext_filter.so + +LoadModule file_cache_module modules/mod_file_cache.so + +LoadModule filter_module modules/mod_filter.so +LoadModule headers_module modules/mod_headers.so + +LoadModule http2_module modules/mod_http2.so + +LoadModule ident_module modules/mod_ident.so +LoadModule imagemap_module modules/mod_imagemap.so +LoadModule include_module modules/mod_include.so + +LoadModule info_module modules/mod_info.so + + +LoadModule ldap_module modules/mod_ldap.so + +LoadModule log_config_module modules/mod_log_config.so +LoadModule log_forensic_module modules/mod_log_forensic.so +LoadModule logio_module modules/mod_logio.so +LoadModule macro_module modules/mod_macro.so +LoadModule mime_module modules/mod_mime.so +LoadModule mime_magic_module modules/mod_mime_magic.so +LoadModule negotiation_module modules/mod_negotiation.so + +LoadModule proxy_module modules/mod_proxy.so + + +LoadModule proxy_ajp_module modules/mod_proxy_ajp.so + + +LoadModule proxy_balancer_module modules/mod_proxy_balancer.so + + +LoadModule proxy_connect_module modules/mod_proxy_connect.so + + +LoadModule proxy_fcgi_module modules/mod_proxy_fcgi.so + + +LoadModule proxy_ftp_module modules/mod_proxy_ftp.so + + +LoadModule proxy_html_module modules/mod_proxy_html.so + + +LoadModule proxy_http_module modules/mod_proxy_http.so + + +LoadModule proxy_scgi_module modules/mod_proxy_scgi.so + + +LoadModule proxy_wstunnel_module modules/mod_proxy_wstunnel.so + +LoadModule ratelimit_module modules/mod_ratelimit.so +LoadModule remoteip_module modules/mod_remoteip.so +LoadModule reqtimeout_module modules/mod_reqtimeout.so +LoadModule rewrite_module modules/mod_rewrite.so +LoadModule setenvif_module modules/mod_setenvif.so +LoadModule slotmem_shm_module modules/mod_slotmem_shm.so + +LoadModule socache_shmcb_module modules/mod_socache_shmcb.so + +LoadModule speling_module modules/mod_speling.so + +LoadModule ssl_module modules/mod_ssl.so + + +LoadModule status_module modules/mod_status.so + +LoadModule substitute_module modules/mod_substitute.so + +LoadModule suexec_module modules/mod_suexec.so + +LoadModule unique_id_module modules/mod_unique_id.so +LoadModule unixd_module modules/mod_unixd.so + +LoadModule userdir_module modules/mod_userdir.so + +LoadModule usertrack_module modules/mod_usertrack.so +LoadModule version_module modules/mod_version.so +LoadModule vhost_alias_module modules/mod_vhost_alias.so + +# If you wish httpd to run as a different user or group, you must run +# httpd as root initially and it will switch. +# +# User/Group: The name (or #number) of the user/group to run httpd as. +# It is usually good practice to create a dedicated user and group for +# running httpd, as with most system services. +User apache +Group apache + +# Supplemental configuration +# +# Most of the configuration files in the /etc/apache2/modules.d/ directory can +# be turned on using APACHE2_OPTS in /etc/conf.d/apache2 to add extra features +# or to modify the default configuration of the server. +# +# To know which flag to add to APACHE2_OPTS, look at the first line of the +# the file, which will usually be an where OPTION is the +# flag to use. +Include /etc/apache2/modules.d/*.conf + +# Virtual-host support +# +# Gentoo has made using virtual-hosts easy. In /etc/apache2/vhosts.d/ we +# include a default vhost (enabled by adding -D DEFAULT_VHOST to +# APACHE2_OPTS in /etc/conf.d/apache2). +Include /etc/apache2/vhosts.d/*.conf + +# vim: ts=4 filetype=apache diff --git a/config-archive/etc/apache2/httpd.conf.dist.new b/config-archive/etc/apache2/httpd.conf.dist.new deleted file mode 100644 index 0494b0f..0000000 --- a/config-archive/etc/apache2/httpd.conf.dist.new +++ /dev/null @@ -1,222 +0,0 @@ -# This is a modification of the default Apache 2.4 configuration file -# for Gentoo Linux. -# -# Support: -# http://www.gentoo.org/main/en/lists.xml [mailing lists] -# http://forums.gentoo.org/ [web forums] -# irc://irc.freenode.net#gentoo-apache [irc chat] -# -# Bug Reports: -# http://bugs.gentoo.org [gentoo related bugs] -# http://httpd.apache.org/bug_report.html [apache httpd related bugs] -# -# -# This is the main Apache HTTP server configuration file. It contains the -# configuration directives that give the server its instructions. -# See for detailed information. -# In particular, see -# -# for a discussion of each configuration directive. -# -# Do NOT simply read the instructions in here without understanding -# what they do. They're here only as hints or reminders. If you are unsure -# consult the online docs. You have been warned. -# -# Configuration and logfile names: If the filenames you specify for many -# of the server's control files begin with "/" (or "drive:/" for Win32), the -# server will use that explicit path. If the filenames do *not* begin -# with "/", the value of ServerRoot is prepended -- so "var/log/apache2/foo_log" -# with ServerRoot set to "/usr" will be interpreted by the -# server as "/usr/var/log/apache2/foo.log". - -# ServerRoot: The top of the directory tree under which the server's -# configuration, error, and log files are kept. -# -# Do not add a slash at the end of the directory path. If you point -# ServerRoot at a non-local disk, be sure to point the LockFile directive -# at a local disk. If you wish to share the same ServerRoot for multiple -# httpd daemons, you will need to change at least LockFile and PidFile. -# Comment: The LockFile directive has been replaced by the Mutex directive -ServerRoot "/usr/lib64/apache2" - -# Dynamic Shared Object (DSO) Support -# -# To be able to use the functionality of a module which was built as a DSO you -# have to place corresponding `LoadModule' lines at this location so the -# directives contained in it are actually available _before_ they are used. -# Statically compiled modules (those listed by `httpd -l') do not need -# to be loaded here. -# -# Example: -# LoadModule foo_module modules/mod_foo.so -# -# GENTOO: Automatically defined based on APACHE2_MODULES USE_EXPAND variable. -# Do not change manually, it will be overwritten on upgrade. -# -# The following modules are considered as the default configuration. -# If you wish to disable one of them, you may have to alter other -# configuration directives. -# -# Change these at your own risk! - -LoadModule access_compat_module modules/mod_access_compat.so -LoadModule actions_module modules/mod_actions.so -LoadModule alias_module modules/mod_alias.so -LoadModule asis_module modules/mod_asis.so -LoadModule auth_basic_module modules/mod_auth_basic.so - -LoadModule auth_digest_module modules/mod_auth_digest.so - -LoadModule authn_anon_module modules/mod_authn_anon.so -LoadModule authn_core_module modules/mod_authn_core.so -LoadModule authn_dbd_module modules/mod_authn_dbd.so -LoadModule authn_dbm_module modules/mod_authn_dbm.so -LoadModule authn_file_module modules/mod_authn_file.so - -LoadModule authnz_ldap_module modules/mod_authnz_ldap.so - -LoadModule authz_core_module modules/mod_authz_core.so -LoadModule authz_dbd_module modules/mod_authz_dbd.so -LoadModule authz_dbm_module modules/mod_authz_dbm.so -LoadModule authz_groupfile_module modules/mod_authz_groupfile.so -LoadModule authz_host_module modules/mod_authz_host.so -LoadModule authz_owner_module modules/mod_authz_owner.so -LoadModule authz_user_module modules/mod_authz_user.so -LoadModule autoindex_module modules/mod_autoindex.so - -LoadModule cache_module modules/mod_cache.so - - -LoadModule cache_disk_module modules/mod_cache_disk.so - -LoadModule cern_meta_module modules/mod_cern_meta.so -LoadModule cgi_module modules/mod_cgi.so -LoadModule cgid_module modules/mod_cgid.so -LoadModule charset_lite_module modules/mod_charset_lite.so - -LoadModule dav_module modules/mod_dav.so - - -LoadModule dav_fs_module modules/mod_dav_fs.so - - -LoadModule dav_lock_module modules/mod_dav_lock.so - -LoadModule dbd_module modules/mod_dbd.so -LoadModule deflate_module modules/mod_deflate.so -LoadModule dir_module modules/mod_dir.so -LoadModule dumpio_module modules/mod_dumpio.so -LoadModule env_module modules/mod_env.so -LoadModule expires_module modules/mod_expires.so -LoadModule ext_filter_module modules/mod_ext_filter.so - -LoadModule file_cache_module modules/mod_file_cache.so - -LoadModule filter_module modules/mod_filter.so -LoadModule headers_module modules/mod_headers.so - -LoadModule http2_module modules/mod_http2.so - -LoadModule ident_module modules/mod_ident.so -LoadModule imagemap_module modules/mod_imagemap.so -LoadModule include_module modules/mod_include.so - -LoadModule info_module modules/mod_info.so - - -LoadModule ldap_module modules/mod_ldap.so - -LoadModule log_config_module modules/mod_log_config.so -LoadModule log_forensic_module modules/mod_log_forensic.so -LoadModule logio_module modules/mod_logio.so -LoadModule macro_module modules/mod_macro.so -LoadModule mime_module modules/mod_mime.so -LoadModule mime_magic_module modules/mod_mime_magic.so -LoadModule negotiation_module modules/mod_negotiation.so - -LoadModule proxy_module modules/mod_proxy.so - - -LoadModule proxy_ajp_module modules/mod_proxy_ajp.so - - -LoadModule proxy_balancer_module modules/mod_proxy_balancer.so - - -LoadModule proxy_connect_module modules/mod_proxy_connect.so - - -LoadModule proxy_fcgi_module modules/mod_proxy_fcgi.so - - -LoadModule proxy_ftp_module modules/mod_proxy_ftp.so - - -LoadModule proxy_html_module modules/mod_proxy_html.so - - -LoadModule proxy_http_module modules/mod_proxy_http.so - - -LoadModule proxy_scgi_module modules/mod_proxy_scgi.so - - -LoadModule proxy_wstunnel_module modules/mod_proxy_wstunnel.so - -LoadModule ratelimit_module modules/mod_ratelimit.so -LoadModule remoteip_module modules/mod_remoteip.so -LoadModule reqtimeout_module modules/mod_reqtimeout.so -LoadModule rewrite_module modules/mod_rewrite.so -LoadModule setenvif_module modules/mod_setenvif.so -LoadModule slotmem_shm_module modules/mod_slotmem_shm.so - -LoadModule socache_shmcb_module modules/mod_socache_shmcb.so - -LoadModule speling_module modules/mod_speling.so - -LoadModule ssl_module modules/mod_ssl.so - - -LoadModule status_module modules/mod_status.so - -LoadModule substitute_module modules/mod_substitute.so - -LoadModule suexec_module modules/mod_suexec.so - -LoadModule unique_id_module modules/mod_unique_id.so -LoadModule unixd_module modules/mod_unixd.so - -LoadModule userdir_module modules/mod_userdir.so - -LoadModule usertrack_module modules/mod_usertrack.so -LoadModule version_module modules/mod_version.so -LoadModule vhost_alias_module modules/mod_vhost_alias.so - -# If you wish httpd to run as a different user or group, you must run -# httpd as root initially and it will switch. -# -# User/Group: The name (or #number) of the user/group to run httpd as. -# It is usually good practice to create a dedicated user and group for -# running httpd, as with most system services. -User apache -Group apache - -# Supplemental configuration -# -# Most of the configuration files in the /etc/apache2/modules.d/ directory can -# be turned on using APACHE2_OPTS in /etc/conf.d/apache2 to add extra features -# or to modify the default configuration of the server. -# -# To know which flag to add to APACHE2_OPTS, look at the first line of the -# the file, which will usually be an where OPTION is the -# flag to use. -Include /etc/apache2/modules.d/*.conf - -# Virtual-host support -# -# Gentoo has made using virtual-hosts easy. In /etc/apache2/vhosts.d/ we -# include a default vhost (enabled by adding -D DEFAULT_VHOST to -# APACHE2_OPTS in /etc/conf.d/apache2). -Include /etc/apache2/vhosts.d/*.conf - -# vim: ts=4 filetype=apache diff --git a/config-archive/etc/apache2/modules.d/00_default_settings.conf.dist b/config-archive/etc/apache2/modules.d/00_default_settings.conf.dist index afa8d91..38635aa 100644 --- a/config-archive/etc/apache2/modules.d/00_default_settings.conf.dist +++ b/config-archive/etc/apache2/modules.d/00_default_settings.conf.dist @@ -69,13 +69,13 @@ HostnameLookups Off # filesystems or if support for these functions is otherwise # broken on your system. EnableMMAP On -EnableSendfile On +EnableSendfile Off -# FileEtag: Configures the file attributes that are used to create +# FileETag: Configures the file attributes that are used to create # the ETag (entity tag) response header field when the document is # based on a static file. (The ETag value is used in cache management # to save network bandwidth.) -FileEtag INode MTime Size +FileETag MTime Size # ContentDigest: This directive enables the generation of Content-MD5 # headers as defined in RFC1864 respectively RFC2616. @@ -107,8 +107,7 @@ LogLevel warn Options FollowSymLinks AllowOverride None - Order deny,allow - Deny from all + Require all denied # DirectoryIndex: sets the file that Apache will serve if a directory @@ -126,8 +125,7 @@ LogLevel warn # The following lines prevent .htaccess and .htpasswd files from being # viewed by Web clients. - Order allow,deny - Deny from all + Require all denied # vim: ts=4 filetype=apache diff --git a/config-archive/etc/apache2/modules.d/00_default_settings.conf.dist.new b/config-archive/etc/apache2/modules.d/00_default_settings.conf.dist.new deleted file mode 100644 index 38635aa..0000000 --- a/config-archive/etc/apache2/modules.d/00_default_settings.conf.dist.new +++ /dev/null @@ -1,131 +0,0 @@ -# This configuration file reflects default settings for Apache HTTP Server. -# You may change these, but chances are that you may not need to. - -# Timeout: The number of seconds before receives and sends time out. -Timeout 300 - -# KeepAlive: Whether or not to allow persistent connections (more than -# one request per connection). Set to "Off" to deactivate. -KeepAlive On - -# MaxKeepAliveRequests: The maximum number of requests to allow -# during a persistent connection. Set to 0 to allow an unlimited amount. -# We recommend you leave this number high, for maximum performance. -MaxKeepAliveRequests 100 - -# KeepAliveTimeout: Number of seconds to wait for the next request from the -# same client on the same connection. -KeepAliveTimeout 15 - -# UseCanonicalName: Determines how Apache constructs self-referencing -# URLs and the SERVER_NAME and SERVER_PORT variables. -# When set "Off", Apache will use the Hostname and Port supplied -# by the client. When set "On", Apache will use the value of the -# ServerName directive. -UseCanonicalName Off - -# AccessFileName: The name of the file to look for in each directory -# for additional configuration directives. See also the AllowOverride -# directive. -AccessFileName .htaccess - -# ServerTokens -# This directive configures what you return as the Server HTTP response -# Header. The default is 'Full' which sends information about the OS-Type -# and compiled in modules. -# Set to one of: Full | OS | Minor | Minimal | Major | Prod -# where Full conveys the most information, and Prod the least. -ServerTokens Prod - -# TraceEnable -# This directive overrides the behavior of TRACE for both the core server and -# mod_proxy. The default TraceEnable on permits TRACE requests per RFC 2616, -# which disallows any request body to accompany the request. TraceEnable off -# causes the core server and mod_proxy to return a 405 (Method not allowed) -# error to the client. -# For security reasons this is turned off by default. (bug #240680) -TraceEnable off - -# Optionally add a line containing the server version and virtual host -# name to server-generated pages (internal error documents, FTP directory -# listings, mod_status and mod_info output etc., but not CGI generated -# documents or custom error documents). -# Set to "EMail" to also include a mailto: link to the ServerAdmin. -# Set to one of: On | Off | EMail -ServerSignature On - -# HostnameLookups: Log the names of clients or just their IP addresses -# e.g., www.apache.org (on) or 204.62.129.132 (off). -# The default is off because it'd be overall better for the net if people -# had to knowingly turn this feature on, since enabling it means that -# each client request will result in AT LEAST one lookup request to the -# nameserver. -HostnameLookups Off - -# EnableMMAP and EnableSendfile: On systems that support it, -# memory-mapping or the sendfile syscall is used to deliver -# files. This usually improves server performance, but must -# be turned off when serving from networked-mounted -# filesystems or if support for these functions is otherwise -# broken on your system. -EnableMMAP On -EnableSendfile Off - -# FileETag: Configures the file attributes that are used to create -# the ETag (entity tag) response header field when the document is -# based on a static file. (The ETag value is used in cache management -# to save network bandwidth.) -FileETag MTime Size - -# ContentDigest: This directive enables the generation of Content-MD5 -# headers as defined in RFC1864 respectively RFC2616. -# The Content-MD5 header provides an end-to-end message integrity -# check (MIC) of the entity-body. A proxy or client may check this -# header for detecting accidental modification of the entity-body -# in transit. -# Note that this can cause performance problems on your server since -# the message digest is computed on every request (the values are -# not cached). -# Content-MD5 is only sent for documents served by the core, and not -# by any module. For example, SSI documents, output from CGI scripts, -# and byte range responses do not have this header. -ContentDigest Off - -# ErrorLog: The location of the error log file. -# If you do not specify an ErrorLog directive within a -# container, error messages relating to that virtual host will be -# logged here. If you *do* define an error logfile for a -# container, that host's errors will be logged there and not here. -ErrorLog /var/log/apache2/error_log - -# LogLevel: Control the number of messages logged to the error_log. -# Possible values include: debug, info, notice, warn, error, crit, -# alert, emerg. -LogLevel warn - -# We configure the "default" to be a very restrictive set of features. - - Options FollowSymLinks - AllowOverride None - Require all denied - - -# DirectoryIndex: sets the file that Apache will serve if a directory -# is requested. -# -# The index.html.var file (a type-map) is used to deliver content- -# negotiated documents. The MultiViews Options can be used for the -# same purpose, but it is much slower. -# -# Do not change this entry unless you know what you are doing. - - DirectoryIndex index.html index.html.var - - -# The following lines prevent .htaccess and .htpasswd files from being -# viewed by Web clients. - - Require all denied - - -# vim: ts=4 filetype=apache diff --git a/config-archive/etc/apache2/modules.d/00_error_documents.conf.dist b/config-archive/etc/apache2/modules.d/00_error_documents.conf.dist new file mode 100644 index 0000000..61479fa --- /dev/null +++ b/config-archive/etc/apache2/modules.d/00_error_documents.conf.dist @@ -0,0 +1,57 @@ +# The configuration below implements multi-language error documents through +# content-negotiation. + +# Customizable error responses come in three flavors: +# 1) plain text 2) local redirects 3) external redirects +# Some examples: +#ErrorDocument 500 "The server made a boo boo." +#ErrorDocument 404 /missing.html +#ErrorDocument 404 "/cgi-bin/missing_handler.pl" +#ErrorDocument 402 http://www.example.com/subscription_info.html + +# Required modules: mod_alias, mod_include, mod_negotiation +# We use Alias to redirect any /error/HTTP_.html.var response to +# our collection of by-error message multi-language collections. We use +# includes to substitute the appropriate text. +# You can modify the messages' appearance without changing any of the +# default HTTP_.html.var files by adding the line: +# Alias /error/include/ "/your/include/path/" +# which allows you to create your own set of files by starting with the +# /var/www/localhost/error/include/ files and copying them to /your/include/path/, +# even on a per-VirtualHost basis. The default include files will display +# your Apache version number and your ServerAdmin email address regardless +# of the setting of ServerSignature. + + +Alias /error/ "/usr/share/apache2/error/" + + + AllowOverride None + Options IncludesNoExec + AddOutputFilter Includes html + AddHandler type-map var + Require all granted + LanguagePriority en cs de es fr it ja ko nl pl pt-br ro sv tr + ForceLanguagePriority Prefer Fallback + + +ErrorDocument 400 /error/HTTP_BAD_REQUEST.html.var +ErrorDocument 401 /error/HTTP_UNAUTHORIZED.html.var +ErrorDocument 403 /error/HTTP_FORBIDDEN.html.var +ErrorDocument 404 /error/HTTP_NOT_FOUND.html.var +ErrorDocument 405 /error/HTTP_METHOD_NOT_ALLOWED.html.var +ErrorDocument 408 /error/HTTP_REQUEST_TIME_OUT.html.var +ErrorDocument 410 /error/HTTP_GONE.html.var +ErrorDocument 411 /error/HTTP_LENGTH_REQUIRED.html.var +ErrorDocument 412 /error/HTTP_PRECONDITION_FAILED.html.var +ErrorDocument 413 /error/HTTP_REQUEST_ENTITY_TOO_LARGE.html.var +ErrorDocument 414 /error/HTTP_REQUEST_URI_TOO_LARGE.html.var +ErrorDocument 415 /error/HTTP_UNSUPPORTED_MEDIA_TYPE.html.var +ErrorDocument 500 /error/HTTP_INTERNAL_SERVER_ERROR.html.var +ErrorDocument 501 /error/HTTP_NOT_IMPLEMENTED.html.var +ErrorDocument 502 /error/HTTP_BAD_GATEWAY.html.var +ErrorDocument 503 /error/HTTP_SERVICE_UNAVAILABLE.html.var +ErrorDocument 506 /error/HTTP_VARIANT_ALSO_VARIES.html.var + + +# vim: ts=4 filetype=apache diff --git a/config-archive/etc/apache2/modules.d/00_error_documents.conf.dist.new b/config-archive/etc/apache2/modules.d/00_error_documents.conf.dist.new deleted file mode 100644 index 61479fa..0000000 --- a/config-archive/etc/apache2/modules.d/00_error_documents.conf.dist.new +++ /dev/null @@ -1,57 +0,0 @@ -# The configuration below implements multi-language error documents through -# content-negotiation. - -# Customizable error responses come in three flavors: -# 1) plain text 2) local redirects 3) external redirects -# Some examples: -#ErrorDocument 500 "The server made a boo boo." -#ErrorDocument 404 /missing.html -#ErrorDocument 404 "/cgi-bin/missing_handler.pl" -#ErrorDocument 402 http://www.example.com/subscription_info.html - -# Required modules: mod_alias, mod_include, mod_negotiation -# We use Alias to redirect any /error/HTTP_.html.var response to -# our collection of by-error message multi-language collections. We use -# includes to substitute the appropriate text. -# You can modify the messages' appearance without changing any of the -# default HTTP_.html.var files by adding the line: -# Alias /error/include/ "/your/include/path/" -# which allows you to create your own set of files by starting with the -# /var/www/localhost/error/include/ files and copying them to /your/include/path/, -# even on a per-VirtualHost basis. The default include files will display -# your Apache version number and your ServerAdmin email address regardless -# of the setting of ServerSignature. - - -Alias /error/ "/usr/share/apache2/error/" - - - AllowOverride None - Options IncludesNoExec - AddOutputFilter Includes html - AddHandler type-map var - Require all granted - LanguagePriority en cs de es fr it ja ko nl pl pt-br ro sv tr - ForceLanguagePriority Prefer Fallback - - -ErrorDocument 400 /error/HTTP_BAD_REQUEST.html.var -ErrorDocument 401 /error/HTTP_UNAUTHORIZED.html.var -ErrorDocument 403 /error/HTTP_FORBIDDEN.html.var -ErrorDocument 404 /error/HTTP_NOT_FOUND.html.var -ErrorDocument 405 /error/HTTP_METHOD_NOT_ALLOWED.html.var -ErrorDocument 408 /error/HTTP_REQUEST_TIME_OUT.html.var -ErrorDocument 410 /error/HTTP_GONE.html.var -ErrorDocument 411 /error/HTTP_LENGTH_REQUIRED.html.var -ErrorDocument 412 /error/HTTP_PRECONDITION_FAILED.html.var -ErrorDocument 413 /error/HTTP_REQUEST_ENTITY_TOO_LARGE.html.var -ErrorDocument 414 /error/HTTP_REQUEST_URI_TOO_LARGE.html.var -ErrorDocument 415 /error/HTTP_UNSUPPORTED_MEDIA_TYPE.html.var -ErrorDocument 500 /error/HTTP_INTERNAL_SERVER_ERROR.html.var -ErrorDocument 501 /error/HTTP_NOT_IMPLEMENTED.html.var -ErrorDocument 502 /error/HTTP_BAD_GATEWAY.html.var -ErrorDocument 503 /error/HTTP_SERVICE_UNAVAILABLE.html.var -ErrorDocument 506 /error/HTTP_VARIANT_ALSO_VARIES.html.var - - -# vim: ts=4 filetype=apache diff --git a/config-archive/etc/apache2/modules.d/00_mod_autoindex.conf.dist b/config-archive/etc/apache2/modules.d/00_mod_autoindex.conf.dist index 097410a..10bf483 100644 --- a/config-archive/etc/apache2/modules.d/00_mod_autoindex.conf.dist +++ b/config-archive/etc/apache2/modules.d/00_mod_autoindex.conf.dist @@ -9,8 +9,7 @@ Alias /icons/ "/usr/share/apache2/icons/" Options Indexes MultiViews AllowOverride None - Order allow,deny - Allow from all + Require all granted diff --git a/config-archive/etc/apache2/modules.d/00_mod_autoindex.conf.dist.new b/config-archive/etc/apache2/modules.d/00_mod_autoindex.conf.dist.new deleted file mode 100644 index 10bf483..0000000 --- a/config-archive/etc/apache2/modules.d/00_mod_autoindex.conf.dist.new +++ /dev/null @@ -1,85 +0,0 @@ - - - - -# We include the /icons/ alias for FancyIndexed directory listings. If -# you do not use FancyIndexing, you may comment this out. -Alias /icons/ "/usr/share/apache2/icons/" - - - Options Indexes MultiViews - AllowOverride None - Require all granted - - - -# Directives controlling the display of server-generated directory listings. -# -# To see the listing of a directory, the Options directive for the -# directory must include "Indexes", and the directory must not contain -# a file matching those listed in the DirectoryIndex directive. - -# IndexOptions: Controls the appearance of server-generated directory -# listings. -IndexOptions FancyIndexing VersionSort - -# AddIcon* directives tell the server which icon to show for different -# files or filename extensions. These are only displayed for -# FancyIndexed directories. -AddIconByEncoding (CMP,/icons/compressed.gif) x-compress x-gzip - -AddIconByType (TXT,/icons/text.gif) text/* -AddIconByType (IMG,/icons/image2.gif) image/* -AddIconByType (SND,/icons/sound2.gif) audio/* -AddIconByType (VID,/icons/movie.gif) video/* - -AddIcon /icons/binary.gif .bin .exe -AddIcon /icons/binhex.gif .hqx -AddIcon /icons/tar.gif .tar -AddIcon /icons/world2.gif .wrl .wrl.gz .vrml .vrm .iv -AddIcon /icons/compressed.gif .Z .z .tgz .gz .zip -AddIcon /icons/a.gif .ps .ai .eps -AddIcon /icons/layout.gif .html .shtml .htm .pdf -AddIcon /icons/text.gif .txt -AddIcon /icons/c.gif .c -AddIcon /icons/p.gif .pl .py -AddIcon /icons/f.gif .for -AddIcon /icons/dvi.gif .dvi -AddIcon /icons/uuencoded.gif .uu -AddIcon /icons/script.gif .conf .sh .shar .csh .ksh .tcl -AddIcon /icons/tex.gif .tex -AddIcon /icons/bomb.gif core - -AddIcon /icons/back.gif .. -AddIcon /icons/hand.right.gif README -AddIcon /icons/folder.gif ^^DIRECTORY^^ -AddIcon /icons/blank.gif ^^BLANKICON^^ - -# DefaultIcon is which icon to show for files which do not have an icon -# explicitly set. -DefaultIcon /icons/unknown.gif - -# AddDescription allows you to place a short description after a file in -# server-generated indexes. These are only displayed for FancyIndexed -# directories. -# Format: AddDescription "description" filename - -#AddDescription "GZIP compressed document" .gz -#AddDescription "tar archive" .tar -#AddDescription "GZIP compressed tar archive" .tgz - -# ReadmeName is the name of the README file the server will look for by -# default, and append to directory listings. - -# HeaderName is the name of a file which should be prepended to -# directory indexes. -ReadmeName README.html -HeaderName HEADER.html - -# IndexIgnore is a set of filenames which directory indexing should ignore -# and not include in the listing. Shell-style wildcarding is permitted. -IndexIgnore .??* *~ *# HEADER* README* RCS CVS *,v *,t - - - -# vim: ts=4 filetype=apache diff --git a/config-archive/etc/apache2/modules.d/00_mod_info.conf.dist b/config-archive/etc/apache2/modules.d/00_mod_info.conf.dist new file mode 100644 index 0000000..2cd32c4 --- /dev/null +++ b/config-archive/etc/apache2/modules.d/00_mod_info.conf.dist @@ -0,0 +1,10 @@ + +# Allow remote server configuration reports, with the URL of +# http://servername/server-info + + SetHandler server-info + Require local + + + +# vim: ts=4 filetype=apache diff --git a/config-archive/etc/apache2/modules.d/00_mod_info.conf.dist.new b/config-archive/etc/apache2/modules.d/00_mod_info.conf.dist.new deleted file mode 100644 index 2cd32c4..0000000 --- a/config-archive/etc/apache2/modules.d/00_mod_info.conf.dist.new +++ /dev/null @@ -1,10 +0,0 @@ - -# Allow remote server configuration reports, with the URL of -# http://servername/server-info - - SetHandler server-info - Require local - - - -# vim: ts=4 filetype=apache diff --git a/config-archive/etc/apache2/modules.d/00_mod_mime.conf.dist b/config-archive/etc/apache2/modules.d/00_mod_mime.conf.dist new file mode 100644 index 0000000..fb8a9a5 --- /dev/null +++ b/config-archive/etc/apache2/modules.d/00_mod_mime.conf.dist @@ -0,0 +1,46 @@ + +# TypesConfig points to the file containing the list of mappings from +# filename extension to MIME-type. +TypesConfig /etc/mime.types + +# AddType allows you to add to or override the MIME configuration +# file specified in TypesConfig for specific file types. +#AddType application/x-gzip .tgz + +# AddEncoding allows you to have certain browsers uncompress +# information on the fly. Note: Not all browsers support this. +#AddEncoding x-compress .Z +#AddEncoding x-gzip .gz .tgz + +# If the AddEncoding directives above are commented-out, then you +# probably should define those extensions to indicate media types: +AddType application/x-compress .Z +AddType application/x-gzip .gz .tgz + +# AddHandler allows you to map certain file extensions to "handlers": +# actions unrelated to filetype. These can be either built into the server +# or added with the Action directive (see below) + +# To use CGI scripts outside of ScriptAliased directories: +# (You will also need to add "ExecCGI" to the "Options" directive.) +#AddHandler cgi-script .cgi + +# For type maps (negotiated resources): +#AddHandler type-map var + +# Filters allow you to process content before it is sent to the client. +# +# To parse .shtml files for server-side includes (SSI): +# (You will also need to add "Includes" to the "Options" directive.) +#AddType text/html .shtml +#AddOutputFilter INCLUDES .shtml + + + +# The mod_mime_magic module allows the server to use various hints from the +# contents of the file itself to determine its type. The MIMEMagicFile +# directive tells the module where the hint definitions are located. +MIMEMagicFile /etc/apache2/magic + + +# vim: ts=4 filetype=apache diff --git a/config-archive/etc/apache2/modules.d/00_mod_mime.conf.dist.new b/config-archive/etc/apache2/modules.d/00_mod_mime.conf.dist.new deleted file mode 100644 index fb8a9a5..0000000 --- a/config-archive/etc/apache2/modules.d/00_mod_mime.conf.dist.new +++ /dev/null @@ -1,46 +0,0 @@ - -# TypesConfig points to the file containing the list of mappings from -# filename extension to MIME-type. -TypesConfig /etc/mime.types - -# AddType allows you to add to or override the MIME configuration -# file specified in TypesConfig for specific file types. -#AddType application/x-gzip .tgz - -# AddEncoding allows you to have certain browsers uncompress -# information on the fly. Note: Not all browsers support this. -#AddEncoding x-compress .Z -#AddEncoding x-gzip .gz .tgz - -# If the AddEncoding directives above are commented-out, then you -# probably should define those extensions to indicate media types: -AddType application/x-compress .Z -AddType application/x-gzip .gz .tgz - -# AddHandler allows you to map certain file extensions to "handlers": -# actions unrelated to filetype. These can be either built into the server -# or added with the Action directive (see below) - -# To use CGI scripts outside of ScriptAliased directories: -# (You will also need to add "ExecCGI" to the "Options" directive.) -#AddHandler cgi-script .cgi - -# For type maps (negotiated resources): -#AddHandler type-map var - -# Filters allow you to process content before it is sent to the client. -# -# To parse .shtml files for server-side includes (SSI): -# (You will also need to add "Includes" to the "Options" directive.) -#AddType text/html .shtml -#AddOutputFilter INCLUDES .shtml - - - -# The mod_mime_magic module allows the server to use various hints from the -# contents of the file itself to determine its type. The MIMEMagicFile -# directive tells the module where the hint definitions are located. -MIMEMagicFile /etc/apache2/magic - - -# vim: ts=4 filetype=apache diff --git a/config-archive/etc/apache2/modules.d/00_mod_status.conf.dist b/config-archive/etc/apache2/modules.d/00_mod_status.conf.dist new file mode 100644 index 0000000..ed8b3c7 --- /dev/null +++ b/config-archive/etc/apache2/modules.d/00_mod_status.conf.dist @@ -0,0 +1,15 @@ + +# Allow server status reports generated by mod_status, +# with the URL of http://servername/server-status + + SetHandler server-status + Require local + + +# ExtendedStatus controls whether Apache will generate "full" status +# information (ExtendedStatus On) or just basic information (ExtendedStatus +# Off) when the "server-status" handler is called. +ExtendedStatus On + + +# vim: ts=4 filetype=apache diff --git a/config-archive/etc/apache2/modules.d/00_mod_status.conf.dist.new b/config-archive/etc/apache2/modules.d/00_mod_status.conf.dist.new deleted file mode 100644 index ed8b3c7..0000000 --- a/config-archive/etc/apache2/modules.d/00_mod_status.conf.dist.new +++ /dev/null @@ -1,15 +0,0 @@ - -# Allow server status reports generated by mod_status, -# with the URL of http://servername/server-status - - SetHandler server-status - Require local - - -# ExtendedStatus controls whether Apache will generate "full" status -# information (ExtendedStatus On) or just basic information (ExtendedStatus -# Off) when the "server-status" handler is called. -ExtendedStatus On - - -# vim: ts=4 filetype=apache diff --git a/config-archive/etc/apache2/modules.d/00_mpm.conf.dist b/config-archive/etc/apache2/modules.d/00_mpm.conf.dist new file mode 100644 index 0000000..bcb9b6b --- /dev/null +++ b/config-archive/etc/apache2/modules.d/00_mpm.conf.dist @@ -0,0 +1,99 @@ +# Server-Pool Management (MPM specific) + +# PidFile: The file in which the server should record its process +# identification number when it starts. +# +# DO NOT CHANGE UNLESS YOU KNOW WHAT YOU ARE DOING +PidFile /run/apache2.pid + +# The accept serialization lock file MUST BE STORED ON A LOCAL DISK. +# Mutex file:/run/apache_mpm_mutex + +# Only one of the below sections will be relevant on your +# installed httpd. Use "/usr/sbin/apache2 -l" to find out the +# active mpm. + +# common MPM configuration +# These configuration directives apply to all MPMs +# +# StartServers: Number of child server processes created at startup +# MaxRequestWorkers: Maximum number of child processes to serve requests +# MaxConnectionsPerChild: Limit on the number of connections that an individual +# child server will handle during its life + + +# prefork MPM +# This is the default MPM if USE=-threads +# +# MinSpareServers: Minimum number of idle child server processes +# MaxSpareServers: Maximum number of idle child server processes + + StartServers 5 + MinSpareServers 5 + MaxSpareServers 10 + MaxRequestWorkers 150 + MaxConnectionsPerChild 10000 + + +# worker MPM +# This is the default MPM if USE=threads +# +# MinSpareThreads: Minimum number of idle threads available to handle request spikes +# MaxSpareThreads: Maximum number of idle threads +# ThreadsPerChild: Number of threads created by each child process + + StartServers 2 + MinSpareThreads 25 + MaxSpareThreads 75 + ThreadsPerChild 25 + MaxRequestWorkers 150 + MaxConnectionsPerChild 10000 + + +# event MPM +# +# MinSpareThreads: Minimum number of idle threads available to handle request spikes +# MaxSpareThreads: Maximum number of idle threads +# ThreadsPerChild: Number of threads created by each child process + + StartServers 2 + MinSpareThreads 25 + MaxSpareThreads 75 + ThreadsPerChild 25 + MaxRequestWorkers 150 + MaxConnectionsPerChild 10000 + + +# peruser MPM +# +# MinSpareProcessors: Minimum number of idle child server processes +# MinProcessors: Minimum number of processors per virtual host +# MaxProcessors: Maximum number of processors per virtual host +# ExpireTimeout: Maximum idle time before a child is killed, 0 to disable +# Multiplexer: Specify a Multiplexer child configuration. +# Processor: Specify a user and group for a specific child process + + MinSpareProcessors 2 + MinProcessors 2 + MaxProcessors 10 + MaxRequestWorkers 150 + MaxConnectionsPerChild 1000 + ExpireTimeout 1800 + + Multiplexer nobody nobody + Processor apache apache + + +# itk MPM +# +# MinSpareServers: Minimum number of idle child server processes +# MaxSpareServers: Maximum number of idle child server processes + + StartServers 5 + MinSpareServers 5 + MaxSpareServers 10 + MaxRequestWorkers 150 + MaxConnectionsPerChild 10000 + + +# vim: ts=4 filetype=apache diff --git a/config-archive/etc/apache2/modules.d/00_mpm.conf.dist.new b/config-archive/etc/apache2/modules.d/00_mpm.conf.dist.new deleted file mode 100644 index bcb9b6b..0000000 --- a/config-archive/etc/apache2/modules.d/00_mpm.conf.dist.new +++ /dev/null @@ -1,99 +0,0 @@ -# Server-Pool Management (MPM specific) - -# PidFile: The file in which the server should record its process -# identification number when it starts. -# -# DO NOT CHANGE UNLESS YOU KNOW WHAT YOU ARE DOING -PidFile /run/apache2.pid - -# The accept serialization lock file MUST BE STORED ON A LOCAL DISK. -# Mutex file:/run/apache_mpm_mutex - -# Only one of the below sections will be relevant on your -# installed httpd. Use "/usr/sbin/apache2 -l" to find out the -# active mpm. - -# common MPM configuration -# These configuration directives apply to all MPMs -# -# StartServers: Number of child server processes created at startup -# MaxRequestWorkers: Maximum number of child processes to serve requests -# MaxConnectionsPerChild: Limit on the number of connections that an individual -# child server will handle during its life - - -# prefork MPM -# This is the default MPM if USE=-threads -# -# MinSpareServers: Minimum number of idle child server processes -# MaxSpareServers: Maximum number of idle child server processes - - StartServers 5 - MinSpareServers 5 - MaxSpareServers 10 - MaxRequestWorkers 150 - MaxConnectionsPerChild 10000 - - -# worker MPM -# This is the default MPM if USE=threads -# -# MinSpareThreads: Minimum number of idle threads available to handle request spikes -# MaxSpareThreads: Maximum number of idle threads -# ThreadsPerChild: Number of threads created by each child process - - StartServers 2 - MinSpareThreads 25 - MaxSpareThreads 75 - ThreadsPerChild 25 - MaxRequestWorkers 150 - MaxConnectionsPerChild 10000 - - -# event MPM -# -# MinSpareThreads: Minimum number of idle threads available to handle request spikes -# MaxSpareThreads: Maximum number of idle threads -# ThreadsPerChild: Number of threads created by each child process - - StartServers 2 - MinSpareThreads 25 - MaxSpareThreads 75 - ThreadsPerChild 25 - MaxRequestWorkers 150 - MaxConnectionsPerChild 10000 - - -# peruser MPM -# -# MinSpareProcessors: Minimum number of idle child server processes -# MinProcessors: Minimum number of processors per virtual host -# MaxProcessors: Maximum number of processors per virtual host -# ExpireTimeout: Maximum idle time before a child is killed, 0 to disable -# Multiplexer: Specify a Multiplexer child configuration. -# Processor: Specify a user and group for a specific child process - - MinSpareProcessors 2 - MinProcessors 2 - MaxProcessors 10 - MaxRequestWorkers 150 - MaxConnectionsPerChild 1000 - ExpireTimeout 1800 - - Multiplexer nobody nobody - Processor apache apache - - -# itk MPM -# -# MinSpareServers: Minimum number of idle child server processes -# MaxSpareServers: Maximum number of idle child server processes - - StartServers 5 - MinSpareServers 5 - MaxSpareServers 10 - MaxRequestWorkers 150 - MaxConnectionsPerChild 10000 - - -# vim: ts=4 filetype=apache diff --git a/config-archive/etc/apache2/vhosts.d/00_default_vhost.conf.dist b/config-archive/etc/apache2/vhosts.d/00_default_vhost.conf.dist new file mode 100644 index 0000000..b9766b5 --- /dev/null +++ b/config-archive/etc/apache2/vhosts.d/00_default_vhost.conf.dist @@ -0,0 +1,45 @@ +# Virtual Hosts +# +# If you want to maintain multiple domains/hostnames on your +# machine you can setup VirtualHost containers for them. Most configurations +# use only name-based virtual hosts so the server doesn't need to worry about +# IP addresses. This is indicated by the asterisks in the directives below. +# +# Please see the documentation at +# +# for further details before you try to setup virtual hosts. +# +# You may use the command line option '-S' to verify your virtual host +# configuration. + + +# see bug #178966 why this is in here + +# Listen: Allows you to bind Apache to specific IP addresses and/or +# ports, instead of the default. See also the +# directive. +# +# Change this to Listen on specific IP addresses as shown below to +# prevent Apache from glomming onto all bound IP addresses. +# +#Listen 12.34.56.78:80 +Listen 80 + +# When virtual hosts are enabled, the main host defined in the default +# httpd.conf configuration will go away. We redefine it here so that it is +# still available. +# +# If you disable this vhost by removing -D DEFAULT_VHOST from +# /etc/conf.d/apache2, the first defined virtual host elsewhere will be +# the default. + + ServerName localhost + Include /etc/apache2/vhosts.d/default_vhost.include + + + ServerEnvironment apache apache + + + + +# vim: ts=4 filetype=apache diff --git a/config-archive/etc/apache2/vhosts.d/00_default_vhost.conf.dist.new b/config-archive/etc/apache2/vhosts.d/00_default_vhost.conf.dist.new deleted file mode 100644 index b9766b5..0000000 --- a/config-archive/etc/apache2/vhosts.d/00_default_vhost.conf.dist.new +++ /dev/null @@ -1,45 +0,0 @@ -# Virtual Hosts -# -# If you want to maintain multiple domains/hostnames on your -# machine you can setup VirtualHost containers for them. Most configurations -# use only name-based virtual hosts so the server doesn't need to worry about -# IP addresses. This is indicated by the asterisks in the directives below. -# -# Please see the documentation at -# -# for further details before you try to setup virtual hosts. -# -# You may use the command line option '-S' to verify your virtual host -# configuration. - - -# see bug #178966 why this is in here - -# Listen: Allows you to bind Apache to specific IP addresses and/or -# ports, instead of the default. See also the -# directive. -# -# Change this to Listen on specific IP addresses as shown below to -# prevent Apache from glomming onto all bound IP addresses. -# -#Listen 12.34.56.78:80 -Listen 80 - -# When virtual hosts are enabled, the main host defined in the default -# httpd.conf configuration will go away. We redefine it here so that it is -# still available. -# -# If you disable this vhost by removing -D DEFAULT_VHOST from -# /etc/conf.d/apache2, the first defined virtual host elsewhere will be -# the default. - - ServerName localhost - Include /etc/apache2/vhosts.d/default_vhost.include - - - ServerEnvironment apache apache - - - - -# vim: ts=4 filetype=apache diff --git a/config-archive/etc/apache2/vhosts.d/default_vhost.include.dist b/config-archive/etc/apache2/vhosts.d/default_vhost.include.dist new file mode 100644 index 0000000..af6ece8 --- /dev/null +++ b/config-archive/etc/apache2/vhosts.d/default_vhost.include.dist @@ -0,0 +1,71 @@ +# ServerAdmin: Your address, where problems with the server should be +# e-mailed. This address appears on some server-generated pages, such +# as error documents. e.g. admin@your-domain.com +ServerAdmin root@localhost + +# DocumentRoot: The directory out of which you will serve your +# documents. By default, all requests are taken from this directory, but +# symbolic links and aliases may be used to point to other locations. +# +# If you change this to something that isn't under /var/www then suexec +# will no longer work. +DocumentRoot "/var/www/localhost/htdocs" + +# This should be changed to whatever you set DocumentRoot to. + + # Possible values for the Options directive are "None", "All", + # or any combination of: + # Indexes Includes FollowSymLinks SymLinksifOwnerMatch ExecCGI MultiViews + # + # Note that "MultiViews" must be named *explicitly* --- "Options All" + # doesn't give it to you. + # + # The Options directive is both complicated and important. Please see + # http://httpd.apache.org/docs/2.4/mod/core.html#options + # for more information. + Options Indexes FollowSymLinks + + # AllowOverride controls what directives may be placed in .htaccess files. + # It can be "All", "None", or any combination of the keywords: + # Options FileInfo AuthConfig Limit + AllowOverride All + + # Controls who can get stuff from this server. + Require all granted + + + + # Redirect: Allows you to tell clients about documents that used to + # exist in your server's namespace, but do not anymore. The client + # will make a new request for the document at its new location. + # Example: + # Redirect permanent /foo http://www.example.com/bar + + # Alias: Maps web paths into filesystem paths and is used to + # access content that does not live under the DocumentRoot. + # Example: + # Alias /webpath /full/filesystem/path + # + # If you include a trailing / on /webpath then the server will + # require it to be present in the URL. You will also likely + # need to provide a section to allow access to + # the filesystem path. + + # ScriptAlias: This controls which directories contain server scripts. + # ScriptAliases are essentially the same as Aliases, except that + # documents in the target directory are treated as applications and + # run by the server when requested rather than as documents sent to the + # client. The same rules about trailing "/" apply to ScriptAlias + # directives as to Alias. + ScriptAlias /cgi-bin/ "/var/www/localhost/cgi-bin/" + + +# "/var/www/localhost/cgi-bin" should be changed to whatever your ScriptAliased +# CGI directory exists, if you have that configured. + + AllowOverride None + Options None + Require all granted + + +# vim: ts=4 filetype=apache diff --git a/config-archive/etc/apache2/vhosts.d/default_vhost.include.dist.new b/config-archive/etc/apache2/vhosts.d/default_vhost.include.dist.new deleted file mode 100644 index af6ece8..0000000 --- a/config-archive/etc/apache2/vhosts.d/default_vhost.include.dist.new +++ /dev/null @@ -1,71 +0,0 @@ -# ServerAdmin: Your address, where problems with the server should be -# e-mailed. This address appears on some server-generated pages, such -# as error documents. e.g. admin@your-domain.com -ServerAdmin root@localhost - -# DocumentRoot: The directory out of which you will serve your -# documents. By default, all requests are taken from this directory, but -# symbolic links and aliases may be used to point to other locations. -# -# If you change this to something that isn't under /var/www then suexec -# will no longer work. -DocumentRoot "/var/www/localhost/htdocs" - -# This should be changed to whatever you set DocumentRoot to. - - # Possible values for the Options directive are "None", "All", - # or any combination of: - # Indexes Includes FollowSymLinks SymLinksifOwnerMatch ExecCGI MultiViews - # - # Note that "MultiViews" must be named *explicitly* --- "Options All" - # doesn't give it to you. - # - # The Options directive is both complicated and important. Please see - # http://httpd.apache.org/docs/2.4/mod/core.html#options - # for more information. - Options Indexes FollowSymLinks - - # AllowOverride controls what directives may be placed in .htaccess files. - # It can be "All", "None", or any combination of the keywords: - # Options FileInfo AuthConfig Limit - AllowOverride All - - # Controls who can get stuff from this server. - Require all granted - - - - # Redirect: Allows you to tell clients about documents that used to - # exist in your server's namespace, but do not anymore. The client - # will make a new request for the document at its new location. - # Example: - # Redirect permanent /foo http://www.example.com/bar - - # Alias: Maps web paths into filesystem paths and is used to - # access content that does not live under the DocumentRoot. - # Example: - # Alias /webpath /full/filesystem/path - # - # If you include a trailing / on /webpath then the server will - # require it to be present in the URL. You will also likely - # need to provide a section to allow access to - # the filesystem path. - - # ScriptAlias: This controls which directories contain server scripts. - # ScriptAliases are essentially the same as Aliases, except that - # documents in the target directory are treated as applications and - # run by the server when requested rather than as documents sent to the - # client. The same rules about trailing "/" apply to ScriptAlias - # directives as to Alias. - ScriptAlias /cgi-bin/ "/var/www/localhost/cgi-bin/" - - -# "/var/www/localhost/cgi-bin" should be changed to whatever your ScriptAliased -# CGI directory exists, if you have that configured. - - AllowOverride None - Options None - Require all granted - - -# vim: ts=4 filetype=apache diff --git a/config-archive/etc/etckeeper/etckeeper.conf.dist b/config-archive/etc/etckeeper/etckeeper.conf.dist new file mode 100644 index 0000000..0a9c88b --- /dev/null +++ b/config-archive/etc/etckeeper/etckeeper.conf.dist @@ -0,0 +1,53 @@ +# The VCS to use. +#VCS="hg" +VCS="git" +#VCS="bzr" +#VCS="darcs" + +# Options passed to git commit when run by etckeeper. +GIT_COMMIT_OPTIONS="" + +# Options passed to hg commit when run by etckeeper. +HG_COMMIT_OPTIONS="" + +# Options passed to bzr commit when run by etckeeper. +BZR_COMMIT_OPTIONS="" + +# Options passed to darcs record when run by etckeeper. +DARCS_COMMIT_OPTIONS="-a" + +# Uncomment to avoid etckeeper committing existing changes +# to /etc automatically once per day. +#AVOID_DAILY_AUTOCOMMITS=1 + +# Uncomment the following to avoid special file warning +# (the option is enabled automatically by cronjob regardless). +#AVOID_SPECIAL_FILE_WARNING=1 + +# Uncomment to avoid etckeeper committing existing changes to +# /etc before installation. It will cancel the installation, +# so you can commit the changes by hand. +#AVOID_COMMIT_BEFORE_INSTALL=1 + +# The high-level package manager that's being used. +# (apt, pacman-g2, yum, dnf, zypper etc) +#HIGHLEVEL_PACKAGE_MANAGER=apt + +# Gentoo specific: +# For portage this is emerge +# For paludis this is cave +HIGHLEVEL_PACKAGE_MANAGER=emerge + +# The low-level package manager that's being used. +# (dpkg, rpm, pacman, pacman-g2, etc) +#LOWLEVEL_PACKAGE_MANAGER=dpkg + +# Gentoo specific: +# For portage this is qlist +# For paludis this is cave +LOWLEVEL_PACKAGE_MANAGER=qlist + +# To push each commit to a remote, put the name of the remote here. +# (eg, "origin" for git). Space-separated lists of multiple remotes +# also work (eg, "origin gitlab github" for git). +PUSH_REMOTE="" diff --git a/config-archive/etc/etckeeper/etckeeper.conf.dist.new b/config-archive/etc/etckeeper/etckeeper.conf.dist.new deleted file mode 100644 index 0a9c88b..0000000 --- a/config-archive/etc/etckeeper/etckeeper.conf.dist.new +++ /dev/null @@ -1,53 +0,0 @@ -# The VCS to use. -#VCS="hg" -VCS="git" -#VCS="bzr" -#VCS="darcs" - -# Options passed to git commit when run by etckeeper. -GIT_COMMIT_OPTIONS="" - -# Options passed to hg commit when run by etckeeper. -HG_COMMIT_OPTIONS="" - -# Options passed to bzr commit when run by etckeeper. -BZR_COMMIT_OPTIONS="" - -# Options passed to darcs record when run by etckeeper. -DARCS_COMMIT_OPTIONS="-a" - -# Uncomment to avoid etckeeper committing existing changes -# to /etc automatically once per day. -#AVOID_DAILY_AUTOCOMMITS=1 - -# Uncomment the following to avoid special file warning -# (the option is enabled automatically by cronjob regardless). -#AVOID_SPECIAL_FILE_WARNING=1 - -# Uncomment to avoid etckeeper committing existing changes to -# /etc before installation. It will cancel the installation, -# so you can commit the changes by hand. -#AVOID_COMMIT_BEFORE_INSTALL=1 - -# The high-level package manager that's being used. -# (apt, pacman-g2, yum, dnf, zypper etc) -#HIGHLEVEL_PACKAGE_MANAGER=apt - -# Gentoo specific: -# For portage this is emerge -# For paludis this is cave -HIGHLEVEL_PACKAGE_MANAGER=emerge - -# The low-level package manager that's being used. -# (dpkg, rpm, pacman, pacman-g2, etc) -#LOWLEVEL_PACKAGE_MANAGER=dpkg - -# Gentoo specific: -# For portage this is qlist -# For paludis this is cave -LOWLEVEL_PACKAGE_MANAGER=qlist - -# To push each commit to a remote, put the name of the remote here. -# (eg, "origin" for git). Space-separated lists of multiple remotes -# also work (eg, "origin gitlab github" for git). -PUSH_REMOTE="" diff --git a/config-archive/etc/ssh/sshd_config.dist b/config-archive/etc/ssh/sshd_config.dist index 1647cbe..20d455d 100644 --- a/config-archive/etc/ssh/sshd_config.dist +++ b/config-archive/etc/ssh/sshd_config.dist @@ -1,4 +1,4 @@ -# $OpenBSD: sshd_config,v 1.97 2015/08/06 14:53:21 deraadt Exp $ +# $OpenBSD: sshd_config,v 1.98 2016/02/17 05:29:04 djm Exp $ # This is the sshd server system-wide configuration file. See # sshd_config(5) for more information. @@ -107,7 +107,7 @@ PrintMotd no PrintLastLog no #TCPKeepAlive yes #UseLogin no -UsePrivilegeSeparation sandbox # Default for new installations. +#UsePrivilegeSeparation sandbox #PermitUserEnvironment no #Compression delayed #ClientAliveInterval 0 @@ -141,20 +141,6 @@ UsePrivilegeSeparation sandbox # Default for new installations. # override default of no subsystems Subsystem sftp /usr/lib64/misc/sftp-server -# the following are HPN related configuration options -# tcp receive buffer polling. disable in non autotuning kernels -#TcpRcvBufPoll yes - -# disable hpn performance boosts -#HPNDisabled no - -# buffer size for hpn to non-hpn connections -#HPNBufferSize 2048 - - -# allow the use of the none cipher -#NoneEnabled no - # Example of overriding settings on a per-user basis #Match User anoncvs # X11Forwarding no diff --git a/config-archive/etc/ssh/sshd_config.dist.new b/config-archive/etc/ssh/sshd_config.dist.new deleted file mode 100644 index 20d455d..0000000 --- a/config-archive/etc/ssh/sshd_config.dist.new +++ /dev/null @@ -1,152 +0,0 @@ -# $OpenBSD: sshd_config,v 1.98 2016/02/17 05:29:04 djm Exp $ - -# This is the sshd server system-wide configuration file. See -# sshd_config(5) for more information. - -# This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin - -# The strategy used for options in the default sshd_config shipped with -# OpenSSH is to specify options with their default value where -# possible, but leave them commented. Uncommented options override the -# default value. - -#Port 22 -#AddressFamily any -#ListenAddress 0.0.0.0 -#ListenAddress :: - -# The default requires explicit activation of protocol 1 -#Protocol 2 - -# HostKey for protocol version 1 -#HostKey /etc/ssh/ssh_host_key -# HostKeys for protocol version 2 -#HostKey /etc/ssh/ssh_host_rsa_key -#HostKey /etc/ssh/ssh_host_dsa_key -#HostKey /etc/ssh/ssh_host_ecdsa_key -#HostKey /etc/ssh/ssh_host_ed25519_key - -# Lifetime and size of ephemeral version 1 server key -#KeyRegenerationInterval 1h -#ServerKeyBits 1024 - -# Ciphers and keying -#RekeyLimit default none - -# Logging -# obsoletes QuietMode and FascistLogging -#SyslogFacility AUTH -#LogLevel INFO - -# Authentication: - -#LoginGraceTime 2m -#PermitRootLogin prohibit-password -#StrictModes yes -#MaxAuthTries 6 -#MaxSessions 10 - -#RSAAuthentication yes -#PubkeyAuthentication yes - -# The default is to check both .ssh/authorized_keys and .ssh/authorized_keys2 -# but this is overridden so installations will only check .ssh/authorized_keys -#AuthorizedKeysFile .ssh/authorized_keys - -#AuthorizedPrincipalsFile none - -#AuthorizedKeysCommand none -#AuthorizedKeysCommandUser nobody - -# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts -#RhostsRSAAuthentication no -# similar for protocol version 2 -#HostbasedAuthentication no -# Change to yes if you don't trust ~/.ssh/known_hosts for -# RhostsRSAAuthentication and HostbasedAuthentication -#IgnoreUserKnownHosts no -# Don't read the user's ~/.rhosts and ~/.shosts files -#IgnoreRhosts yes - -# To disable tunneled clear text passwords, change to no here! -PasswordAuthentication no -#PermitEmptyPasswords no - -# Change to no to disable s/key passwords -#ChallengeResponseAuthentication yes - -# Kerberos options -#KerberosAuthentication no -#KerberosOrLocalPasswd yes -#KerberosTicketCleanup yes -#KerberosGetAFSToken no - -# GSSAPI options -#GSSAPIAuthentication no -#GSSAPICleanupCredentials yes - -# Set this to 'yes' to enable PAM authentication, account processing, -# and session processing. If this is enabled, PAM authentication will -# be allowed through the ChallengeResponseAuthentication and -# PasswordAuthentication. Depending on your PAM configuration, -# PAM authentication via ChallengeResponseAuthentication may bypass -# the setting of "PermitRootLogin without-password". -# If you just want the PAM account and session checks to run without -# PAM authentication, then enable this but set PasswordAuthentication -# and ChallengeResponseAuthentication to 'no'. -UsePAM yes - -#AllowAgentForwarding yes -#AllowTcpForwarding yes -#GatewayPorts no -#X11Forwarding no -#X11DisplayOffset 10 -#X11UseLocalhost yes -#PermitTTY yes -PrintMotd no -PrintLastLog no -#TCPKeepAlive yes -#UseLogin no -#UsePrivilegeSeparation sandbox -#PermitUserEnvironment no -#Compression delayed -#ClientAliveInterval 0 -#ClientAliveCountMax 3 -#UseDNS no -#PidFile /run/sshd.pid -#MaxStartups 10:30:100 -#PermitTunnel no -#ChrootDirectory none -#VersionAddendum none - -# no default banner path -#Banner none - -# here are the new patched ldap related tokens -# entries in your LDAP must have posixAccount & ldapPublicKey objectclass -#UseLPK yes -#LpkLdapConf /etc/ldap.conf -#LpkServers ldap://10.1.7.1/ ldap://10.1.7.2/ -#LpkUserDN ou=users,dc=phear,dc=org -#LpkGroupDN ou=groups,dc=phear,dc=org -#LpkBindDN cn=Manager,dc=phear,dc=org -#LpkBindPw secret -#LpkServerGroup mail -#LpkFilter (hostAccess=master.phear.org) -#LpkForceTLS no -#LpkSearchTimelimit 3 -#LpkBindTimelimit 3 -#LpkPubKeyAttr sshPublicKey - -# override default of no subsystems -Subsystem sftp /usr/lib64/misc/sftp-server - -# Example of overriding settings on a per-user basis -#Match User anoncvs -# X11Forwarding no -# AllowTcpForwarding no -# PermitTTY no -# ForceCommand cvs server - -# Allow client to pass locale environment variables #367017 -AcceptEnv LANG LC_* diff --git a/etckeeper/etckeeper.conf b/etckeeper/etckeeper.conf index a5983d9..8134bfb 100644 --- a/etckeeper/etckeeper.conf +++ b/etckeeper/etckeeper.conf @@ -30,15 +30,24 @@ DARCS_COMMIT_OPTIONS="-a" #AVOID_COMMIT_BEFORE_INSTALL=1 # The high-level package manager that's being used. -# (apt, pacman-g2, yum, zypper etc) -# For gentoo this is emerge +# (apt, pacman-g2, yum, dnf, zypper etc) +#HIGHLEVEL_PACKAGE_MANAGER=apt + +# Gentoo specific: +# For portage this is emerge +# For paludis this is cave HIGHLEVEL_PACKAGE_MANAGER=emerge # The low-level package manager that's being used. # (dpkg, rpm, pacman, pacman-g2, etc) -# For gentoo this is qlist +#LOWLEVEL_PACKAGE_MANAGER=dpkg + +# Gentoo specific: +# For portage this is qlist +# For paludis this is cave LOWLEVEL_PACKAGE_MANAGER=qlist # To push each commit to a remote, put the name of the remote here. -# (eg, "origin" for git). +# (eg, "origin" for git). Space-separated lists of multiple remotes +# also work (eg, "origin gitlab github" for git). PUSH_REMOTE="origin" diff --git a/ssh/._mrg0000_sshd_config b/ssh/._mrg0000_sshd_config deleted file mode 100644 index 62e82fe..0000000 --- a/ssh/._mrg0000_sshd_config +++ /dev/null @@ -1,155 +0,0 @@ -# $OpenBSD: sshd_config,v 1.98 2016/02/17 05:29:04 djm Exp $ - -# This is the sshd server system-wide configuration file. See -# sshd_config(5) for more information. - -# This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin - -# The strategy used for options in the default sshd_config shipped with -# OpenSSH is to specify options with their default value where -# possible, but leave them commented. Uncommented options override the -# default value. - -#Port 22 -#AddressFamily any -#ListenAddress 0.0.0.0 -#ListenAddress :: - -# The default requires explicit activation of protocol 1 -#Protocol 2 - -# HostKey for protocol version 1 -#HostKey /etc/ssh/ssh_host_key -# HostKeys for protocol version 2 -#HostKey /etc/ssh/ssh_host_rsa_key -#HostKey /etc/ssh/ssh_host_dsa_key -#HostKey /etc/ssh/ssh_host_ecdsa_key -#HostKey /etc/ssh/ssh_host_ed25519_key - -# Lifetime and size of ephemeral version 1 server key -#KeyRegenerationInterval 1h -#ServerKeyBits 1024 - -# Ciphers and keying -#RekeyLimit default none - -# Logging -# obsoletes QuietMode and FascistLogging -#SyslogFacility AUTH -#LogLevel INFO - -# Authentication: - -#LoginGraceTime 2m -#PermitRootLogin no -#PermitRootLogin prohibit-password -PermitRootLogin yes -#StrictModes yes -#MaxAuthTries 6 -#MaxSessions 10 - -#RSAAuthentication yes -#PubkeyAuthentication yes - -# The default is to check both .ssh/authorized_keys and .ssh/authorized_keys2 -# but this is overridden so installations will only check .ssh/authorized_keys -#AuthorizedKeysFile .ssh/authorized_keys - -#AuthorizedPrincipalsFile none - -#AuthorizedKeysCommand none -#AuthorizedKeysCommandUser nobody - -# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts -#RhostsRSAAuthentication no -# similar for protocol version 2 -#HostbasedAuthentication no -# Change to yes if you don't trust ~/.ssh/known_hosts for -# RhostsRSAAuthentication and HostbasedAuthentication -#IgnoreUserKnownHosts no -# Don't read the user's ~/.rhosts and ~/.shosts files -#IgnoreRhosts yes - -# To disable tunneled clear text passwords, change to no here! -PasswordAuthentication no -#PermitEmptyPasswords no - -# Change to no to disable s/key passwords -#ChallengeResponseAuthentication yes - -# Kerberos options -#KerberosAuthentication no -#KerberosOrLocalPasswd yes -#KerberosTicketCleanup yes -#KerberosGetAFSToken no - -# GSSAPI options -#GSSAPIAuthentication no -#GSSAPICleanupCredentials yes - -# Set this to 'yes' to enable PAM authentication, account processing, -# and session processing. If this is enabled, PAM authentication will -# be allowed through the ChallengeResponseAuthentication and -# PasswordAuthentication. Depending on your PAM configuration, -# PAM authentication via ChallengeResponseAuthentication may bypass -# the setting of "PermitRootLogin without-password". -# If you just want the PAM account and session checks to run without -# PAM authentication, then enable this but set PasswordAuthentication -# and ChallengeResponseAuthentication to 'no'. -UsePAM yes - -#AllowAgentForwarding yes -#AllowTcpForwarding yes -#GatewayPorts no -#X11Forwarding no -X11Forwarding yes -#X11DisplayOffset 10 -#X11UseLocalhost yes -#PermitTTY yes -PrintMotd no -PrintLastLog no -#TCPKeepAlive yes -#UseLogin no -#UsePrivilegeSeparation sandbox -#PermitUserEnvironment no -#Compression delayed -#ClientAliveInterval 0 -#ClientAliveCountMax 3 -#UseDNS no -#PidFile /run/sshd.pid -#MaxStartups 10:30:100 -#PermitTunnel no -#ChrootDirectory none -#VersionAddendum none - -# no default banner path -#Banner none - -# here are the new patched ldap related tokens -# entries in your LDAP must have posixAccount & ldapPublicKey objectclass -#UseLPK yes -#LpkLdapConf /etc/ldap.conf -#LpkServers ldap://10.1.7.1/ ldap://10.1.7.2/ -#LpkUserDN ou=users,dc=phear,dc=org -#LpkGroupDN ou=groups,dc=phear,dc=org -#LpkBindDN cn=Manager,dc=phear,dc=org -#LpkBindPw secret -#LpkServerGroup mail -#LpkFilter (hostAccess=master.phear.org) -#LpkForceTLS no -#LpkSearchTimelimit 3 -#LpkBindTimelimit 3 -#LpkPubKeyAttr sshPublicKey - -# override default of no subsystems -Subsystem sftp /usr/lib64/misc/sftp-server - -# Example of overriding settings on a per-user basis -#Match User anoncvs -# X11Forwarding no -# AllowTcpForwarding no -# PermitTTY no -# ForceCommand cvs server - -# Allow client to pass locale environment variables #367017 -AcceptEnv LANG LC_* diff --git a/ssh/sshd_config b/ssh/sshd_config index 3df38eb..62e82fe 100644 --- a/ssh/sshd_config +++ b/ssh/sshd_config @@ -1,4 +1,4 @@ -# $OpenBSD: sshd_config,v 1.97 2015/08/06 14:53:21 deraadt Exp $ +# $OpenBSD: sshd_config,v 1.98 2016/02/17 05:29:04 djm Exp $ # This is the sshd server system-wide configuration file. See # sshd_config(5) for more information. @@ -110,7 +110,7 @@ PrintMotd no PrintLastLog no #TCPKeepAlive yes #UseLogin no -UsePrivilegeSeparation sandbox # Default for new installations. +#UsePrivilegeSeparation sandbox #PermitUserEnvironment no #Compression delayed #ClientAliveInterval 0 @@ -144,20 +144,6 @@ UsePrivilegeSeparation sandbox # Default for new installations. # override default of no subsystems Subsystem sftp /usr/lib64/misc/sftp-server -# the following are HPN related configuration options -# tcp receive buffer polling. disable in non autotuning kernels -#TcpRcvBufPoll yes - -# disable hpn performance boosts -#HPNDisabled no - -# buffer size for hpn to non-hpn connections -#HPNBufferSize 2048 - - -# allow the use of the none cipher -#NoneEnabled no - # Example of overriding settings on a per-user basis #Match User anoncvs # X11Forwarding no