mkdir -p './kernel/install.d'
mkdir -p './libpaper.d'
mkdir -p './lightdm/lightdm.conf.d'
+mkdir -p './logcheck/violations.ignore.d'
mkdir -p './netplan'
mkdir -p './network/interfaces.d'
mkdir -p './networkd-dispatcher/carrier.d'
maybe chmod 0644 'dbus-1/system.d/net.hadess.SensorProxy.conf'
maybe chmod 0644 'dbus-1/system.d/net.hadess.SwitcherooControl.conf'
maybe chmod 0644 'dbus-1/system.d/net.reactivated.Fprint.conf'
+maybe chmod 0644 'dbus-1/system.d/nm-strongswan-service.conf'
maybe chmod 0644 'dbus-1/system.d/org.debian.apt.conf'
maybe chmod 0644 'dbus-1/system.d/org.freedesktop.Accounts.conf'
maybe chmod 0644 'dbus-1/system.d/org.freedesktop.DisplayManager.conf'
maybe chmod 0644 'logcheck/ignore.d.server/rsyslog'
maybe chmod 0755 'logcheck/ignore.d.workstation'
maybe chmod 0644 'logcheck/ignore.d.workstation/mariadb-server-10_3'
+maybe chmod 0755 'logcheck/violations.ignore.d'
maybe chmod 0644 'login.defs'
maybe chmod 0644 'logrotate.conf'
maybe chmod 0755 'logrotate.d'
maybe chmod 0644 'ssl/server/server.crt'
maybe chmod 0644 'ssl/server/server.csr'
maybe chmod 0600 'ssl/server/server.key'
+maybe chmod 0644 'strongswan.conf'
+maybe chmod 0755 'strongswan.d'
+maybe chmod 0755 'strongswan.d/charon'
+maybe chmod 0644 'strongswan.d/charon/aes.conf'
+maybe chmod 0644 'strongswan.d/charon/aesni.conf'
+maybe chmod 0644 'strongswan.d/charon/agent.conf'
+maybe chmod 0644 'strongswan.d/charon/attr.conf'
+maybe chmod 0644 'strongswan.d/charon/bypass-lan.conf'
+maybe chmod 0644 'strongswan.d/charon/connmark.conf'
+maybe chmod 0644 'strongswan.d/charon/constraints.conf'
+maybe chmod 0644 'strongswan.d/charon/counters.conf'
+maybe chmod 0644 'strongswan.d/charon/dnskey.conf'
+maybe chmod 0644 'strongswan.d/charon/eap-mschapv2.conf'
+maybe chmod 0644 'strongswan.d/charon/fips-prf.conf'
+maybe chmod 0644 'strongswan.d/charon/gcm.conf'
+maybe chmod 0644 'strongswan.d/charon/gmp.conf'
+maybe chmod 0644 'strongswan.d/charon/hmac.conf'
+maybe chmod 0644 'strongswan.d/charon/kernel-netlink.conf'
+maybe chmod 0644 'strongswan.d/charon/md4.conf'
+maybe chmod 0644 'strongswan.d/charon/md5.conf'
+maybe chmod 0644 'strongswan.d/charon/mgf1.conf'
+maybe chmod 0644 'strongswan.d/charon/nonce.conf'
+maybe chmod 0644 'strongswan.d/charon/openssl.conf'
+maybe chmod 0644 'strongswan.d/charon/pem.conf'
+maybe chmod 0644 'strongswan.d/charon/pgp.conf'
+maybe chmod 0644 'strongswan.d/charon/pkcs1.conf'
+maybe chmod 0644 'strongswan.d/charon/pkcs12.conf'
+maybe chmod 0644 'strongswan.d/charon/pkcs7.conf'
+maybe chmod 0644 'strongswan.d/charon/pkcs8.conf'
+maybe chmod 0644 'strongswan.d/charon/pubkey.conf'
+maybe chmod 0644 'strongswan.d/charon/random.conf'
+maybe chmod 0644 'strongswan.d/charon/rc2.conf'
+maybe chmod 0644 'strongswan.d/charon/resolve.conf'
+maybe chmod 0644 'strongswan.d/charon/revocation.conf'
+maybe chmod 0644 'strongswan.d/charon/sha1.conf'
+maybe chmod 0644 'strongswan.d/charon/sha2.conf'
+maybe chmod 0644 'strongswan.d/charon/socket-default.conf'
+maybe chmod 0644 'strongswan.d/charon/sshkey.conf'
+maybe chmod 0644 'strongswan.d/charon/updown.conf'
+maybe chmod 0644 'strongswan.d/charon/x509.conf'
+maybe chmod 0644 'strongswan.d/charon/xauth-generic.conf'
+maybe chmod 0644 'strongswan.d/charon/xcbc.conf'
maybe chmod 0644 'su-to-rootrc'
maybe chmod 0644 'subgid'
maybe chmod 0644 'subgid-'
--- /dev/null
+<!DOCTYPE busconfig PUBLIC
+ "-//freedesktop//DTD D-BUS Bus Configuration 1.0//EN"
+ "http://www.freedesktop.org/standards/dbus/1.0/busconfig.dtd">
+<busconfig>
+ <policy user="root">
+ <allow own="org.freedesktop.NetworkManager.strongswan"/>
+ <allow send_destination="org.freedesktop.NetworkManager.strongswan"/>
+ <allow send_interface="org.freedesktop.NetworkManager.strongswan"/>
+ </policy>
+ <policy context="default">
+ <deny own="org.freedesktop.NetworkManager.strongswan"/>
+ <deny send_destination="org.freedesktop.NetworkManager.strongswan"/>
+ </policy>
+</busconfig>
+
--- /dev/null
+# strongswan.conf - strongSwan configuration file
+#
+# Refer to the strongswan.conf(5) manpage for details
+#
+# Configuration changes should be made in the included files
+
+charon {
+ load_modular = yes
+ plugins {
+ include strongswan.d/charon/*.conf
+ }
+}
+
+include strongswan.d/*.conf
--- /dev/null
+aes {
+
+ # Whether to load the plugin. Can also be an integer to increase the
+ # priority of this plugin.
+ load = yes
+
+}
+
--- /dev/null
+aesni {
+
+ # Whether to load the plugin. Can also be an integer to increase the
+ # priority of this plugin.
+ load = yes
+
+}
+
--- /dev/null
+agent {
+
+ # Whether to load the plugin. Can also be an integer to increase the
+ # priority of this plugin.
+ load = yes
+
+}
+
--- /dev/null
+# Section to specify arbitrary attributes that are assigned to a peer via
+# configuration payload (CP).
+attr {
+
+ # <attr> is an attribute name or an integer, values can be an IP address,
+ # subnet or arbitrary value.
+ # <attr> =
+
+ # Whether to load the plugin. Can also be an integer to increase the
+ # priority of this plugin.
+ load = yes
+
+}
+
--- /dev/null
+bypass-lan {
+
+ # A comma-separated list of network interfaces for which connected subnets
+ # should be ignored, if interfaces_use is specified this option has no
+ # effect.
+ # interfaces_ignore =
+
+ # A comma-separated list of network interfaces for which connected subnets
+ # should be considered. All other interfaces are ignored.
+ # interfaces_use =
+
+ # Whether to load the plugin. Can also be an integer to increase the
+ # priority of this plugin.
+ load = no
+
+}
+
--- /dev/null
+connmark {
+
+ # Whether to load the plugin. Can also be an integer to increase the
+ # priority of this plugin.
+ load = yes
+
+}
+
--- /dev/null
+constraints {
+
+ # Whether to load the plugin. Can also be an integer to increase the
+ # priority of this plugin.
+ load = yes
+
+}
+
--- /dev/null
+counters {
+
+ # Whether to load the plugin. Can also be an integer to increase the
+ # priority of this plugin.
+ load = yes
+
+}
+
--- /dev/null
+dnskey {
+
+ # Whether to load the plugin. Can also be an integer to increase the
+ # priority of this plugin.
+ load = yes
+
+}
+
--- /dev/null
+eap-mschapv2 {
+
+ # Whether to load the plugin. Can also be an integer to increase the
+ # priority of this plugin.
+ load = yes
+
+}
+
--- /dev/null
+fips-prf {
+
+ # Whether to load the plugin. Can also be an integer to increase the
+ # priority of this plugin.
+ load = yes
+
+}
+
--- /dev/null
+gcm {
+
+ # Whether to load the plugin. Can also be an integer to increase the
+ # priority of this plugin.
+ load = yes
+
+}
+
--- /dev/null
+gmp {
+
+ # Whether to load the plugin. Can also be an integer to increase the
+ # priority of this plugin.
+ load = yes
+
+}
+
--- /dev/null
+hmac {
+
+ # Whether to load the plugin. Can also be an integer to increase the
+ # priority of this plugin.
+ load = yes
+
+}
+
--- /dev/null
+kernel-netlink {
+
+ # Buffer size for received Netlink messages.
+ # buflen = <min(PAGE_SIZE, 8192)>
+
+ # Force maximum Netlink receive buffer on Netlink socket.
+ # force_receive_buffer_size = no
+
+ # Firewall mark to set on the routing rule that directs traffic to our
+ # routing table.
+ # fwmark =
+
+ # Whether to ignore errors potentially resulting from a retransmission.
+ # ignore_retransmit_errors = no
+
+ # Whether to load the plugin. Can also be an integer to increase the
+ # priority of this plugin.
+ load = yes
+
+ # MSS to set on installed routes, 0 to disable.
+ # mss = 0
+
+ # MTU to set on installed routes, 0 to disable.
+ # mtu = 0
+
+ # Whether to perform concurrent Netlink ROUTE queries on a single socket.
+ # parallel_route = no
+
+ # Whether to perform concurrent Netlink XFRM queries on a single socket.
+ # parallel_xfrm = no
+
+ # Whether to always use XFRM_MSG_UPDPOLICY to install policies.
+ # policy_update = no
+
+ # Whether to use port or socket based IKE XFRM bypass policies.
+ # port_bypass = no
+
+ # Whether to process changes in routing rules to trigger roam events.
+ # process_rules = no
+
+ # Maximum Netlink socket receive buffer in bytes.
+ # receive_buffer_size = 0
+
+ # Number of Netlink message retransmissions to send on timeout.
+ # retries = 0
+
+ # Whether to trigger roam events when interfaces, addresses or routes
+ # change.
+ # roam_events = yes
+
+ # Whether to set protocol and ports in the selector installed on transport
+ # mode IPsec SAs in the kernel.
+ # set_proto_port_transport_sa = no
+
+ # Netlink message retransmission timeout, 0 to disable retransmissions.
+ # timeout = 0
+
+ # Lifetime of XFRM acquire state and allocated SPIs in kernel.
+ # xfrm_acq_expires = 165
+
+ # XFRM policy hashing threshold configuration for IPv4 and IPv6.
+ spdh_thresh {
+
+ ipv4 {
+
+ # Local subnet XFRM policy hashing threshold for IPv4.
+ # lbits = 32
+
+ # Remote subnet XFRM policy hashing threshold for IPv4.
+ # rbits = 32
+
+ }
+
+ ipv6 {
+
+ # Local subnet XFRM policy hashing threshold for IPv6.
+ # lbits = 128
+
+ # Remote subnet XFRM policy hashing threshold for IPv6.
+ # rbits = 128
+
+ }
+
+ }
+
+}
+
--- /dev/null
+md4 {
+
+ # Whether to load the plugin. Can also be an integer to increase the
+ # priority of this plugin.
+ load = yes
+
+}
+
--- /dev/null
+md5 {
+
+ # Whether to load the plugin. Can also be an integer to increase the
+ # priority of this plugin.
+ load = yes
+
+}
+
--- /dev/null
+mgf1 {
+
+ # Whether to load the plugin. Can also be an integer to increase the
+ # priority of this plugin.
+ load = yes
+
+}
+
--- /dev/null
+nonce {
+
+ # Whether to load the plugin. Can also be an integer to increase the
+ # priority of this plugin.
+ load = yes
+
+}
+
--- /dev/null
+openssl {
+
+ # ENGINE ID to use in the OpenSSL plugin.
+ # engine_id = pkcs11
+
+ # Set OpenSSL FIPS mode: disabled(0), enabled(1), Suite B enabled(2).
+ # fips_mode = 0
+
+ # Whether to load the plugin. Can also be an integer to increase the
+ # priority of this plugin.
+ load = yes
+
+}
+
--- /dev/null
+pem {
+
+ # Whether to load the plugin. Can also be an integer to increase the
+ # priority of this plugin.
+ load = yes
+
+}
+
--- /dev/null
+pgp {
+
+ # Whether to load the plugin. Can also be an integer to increase the
+ # priority of this plugin.
+ load = yes
+
+}
+
--- /dev/null
+pkcs1 {
+
+ # Whether to load the plugin. Can also be an integer to increase the
+ # priority of this plugin.
+ load = yes
+
+}
+
--- /dev/null
+pkcs12 {
+
+ # Whether to load the plugin. Can also be an integer to increase the
+ # priority of this plugin.
+ load = yes
+
+}
+
--- /dev/null
+pkcs7 {
+
+ # Whether to load the plugin. Can also be an integer to increase the
+ # priority of this plugin.
+ load = yes
+
+}
+
--- /dev/null
+pkcs8 {
+
+ # Whether to load the plugin. Can also be an integer to increase the
+ # priority of this plugin.
+ load = yes
+
+}
+
--- /dev/null
+pubkey {
+
+ # Whether to load the plugin. Can also be an integer to increase the
+ # priority of this plugin.
+ load = yes
+
+}
+
--- /dev/null
+random {
+
+ # Whether to load the plugin. Can also be an integer to increase the
+ # priority of this plugin.
+ load = yes
+
+ # File to read random bytes from.
+ # random = ${random_device}
+
+ # If set to yes the RNG_STRONG class reads random bytes from the same source
+ # as the RNG_TRUE class.
+ # strong_equals_true = no
+
+ # File to read pseudo random bytes from.
+ # urandom = ${urandom_device}
+
+}
+
--- /dev/null
+rc2 {
+
+ # Whether to load the plugin. Can also be an integer to increase the
+ # priority of this plugin.
+ load = yes
+
+}
+
--- /dev/null
+resolve {
+
+ # File where to add DNS server entries.
+ # file = /etc/resolv.conf
+
+ # Whether to load the plugin. Can also be an integer to increase the
+ # priority of this plugin.
+ load = yes
+
+ resolvconf {
+
+ # Prefix used for interface names sent to resolvconf(8).
+ # iface_prefix = lo.inet.ipsec.
+
+ }
+
+}
+
--- /dev/null
+revocation {
+
+ # Whether CRL validation should be enabled.
+ # enable_crl = yes
+
+ # Whether OCSP validation should be enabled.
+ # enable_ocsp = yes
+
+ # Whether to load the plugin. Can also be an integer to increase the
+ # priority of this plugin.
+ load = yes
+
+}
+
--- /dev/null
+sha1 {
+
+ # Whether to load the plugin. Can also be an integer to increase the
+ # priority of this plugin.
+ load = yes
+
+}
+
--- /dev/null
+sha2 {
+
+ # Whether to load the plugin. Can also be an integer to increase the
+ # priority of this plugin.
+ load = yes
+
+}
+
--- /dev/null
+socket-default {
+
+ # Firewall mark to set on outbound packets.
+ # fwmark =
+
+ # Whether to load the plugin. Can also be an integer to increase the
+ # priority of this plugin.
+ load = yes
+
+ # Set source address on outbound packets, if possible.
+ # set_source = yes
+
+ # Force sending interface on outbound packets, if possible.
+ # set_sourceif = no
+
+ # Listen on IPv4, if possible.
+ # use_ipv4 = yes
+
+ # Listen on IPv6, if possible.
+ # use_ipv6 = yes
+
+}
+
--- /dev/null
+sshkey {
+
+ # Whether to load the plugin. Can also be an integer to increase the
+ # priority of this plugin.
+ load = yes
+
+}
+
--- /dev/null
+updown {
+
+ # Whether the updown script should handle assigned DNS servers (if enabled
+ # they can't be handled by other plugins, like resolve).
+ # dns_handler = no
+
+ # Whether to load the plugin. Can also be an integer to increase the
+ # priority of this plugin.
+ load = yes
+
+}
+
--- /dev/null
+x509 {
+
+ # Whether to load the plugin. Can also be an integer to increase the
+ # priority of this plugin.
+ load = yes
+
+}
+
--- /dev/null
+xauth-generic {
+
+ # Whether to load the plugin. Can also be an integer to increase the
+ # priority of this plugin.
+ load = yes
+
+}
+
--- /dev/null
+xcbc {
+
+ # Whether to load the plugin. Can also be an integer to increase the
+ # priority of this plugin.
+ load = yes
+
+}
+
projects / zenbook / commitdiff