From: mhoellein Date: Sun, 15 Aug 2021 18:33:14 +0000 (+0200) Subject: committing changes in /etc made by "apt-get install icingacli icingaweb2 icingaweb2... X-Git-Url: https://git.hoellein.online/?a=commitdiff_plain;h=b85e61a29675a54351600cdf48ff30adac6264cf;p=vserver committing changes in /etc made by "apt-get install icingacli icingaweb2 icingaweb2-common icingaweb2-module-doc icingaweb2-module-monitoring libgl1-mesa-dri libglapi-mesa linux-generic linux-headers-generic linux-image-generic mesa-vulkan-drivers php-icinga ubuntu-advantage-tools" Package changes: +distro-info 0.23ubuntu1 amd64 +icinga-php-common 1.0.0-1.focal all +icinga-php-library 0.6.1-1.focal all +icinga-php-thirdparty 0.10.0-2.focal all -icingacli 2.8.2-1.focal all -icingaweb2 2.8.2-1.focal all -icingaweb2-common 2.8.2-1.focal all -icingaweb2-module-doc 2.8.2-1.focal all +icingacli 2.9.3-1.focal all +icingaweb2 2.9.3-1.focal all +icingaweb2-common 2.9.3-1.focal all +icingaweb2-module-doc 2.9.3-1.focal all -icingaweb2-module-monitoring 2.8.2-1.focal all +icingaweb2-module-monitoring 2.9.3-1.focal all -libgl1-mesa-dri 20.0.8-0ubuntu1~20.04.1 amd64 -libglapi-mesa 20.0.8-0ubuntu1~20.04.1 amd64 +libgl1-mesa-dri 21.0.3-0ubuntu0.2~20.04.1 amd64 +libglapi-mesa 21.0.3-0ubuntu0.2~20.04.1 amd64 +libllvm12 1:12.0.0-3ubuntu1~20.04.3 amd64 -linux-generic 5.4.0.52.55 amd64 +linux-generic 5.4.0.81.85 amd64 -linux-headers-generic 5.4.0.52.55 amd64 +linux-headers-5.4.0-81 5.4.0-81.91 all +linux-headers-5.4.0-81-generic 5.4.0-81.91 amd64 +linux-headers-generic 5.4.0.81.85 amd64 -linux-image-generic 5.4.0.52.55 amd64 +linux-image-5.4.0-81-generic 5.4.0-81.91 amd64 +linux-image-generic 5.4.0.81.85 amd64 +linux-modules-5.4.0-81-generic 5.4.0-81.91 amd64 +linux-modules-extra-5.4.0-81-generic 5.4.0-81.91 amd64 -mesa-vulkan-drivers 20.0.8-0ubuntu1~20.04.1 amd64 +mesa-vulkan-drivers 21.0.3-0ubuntu0.2~20.04.1 amd64 -php-icinga 2.8.2-1.focal all +php-icinga 2.9.3-1.focal all +php-soap 2:7.4+75 all +php7.4-soap 7.4.3-4ubuntu2.5 amd64 -ubuntu-advantage-tools 20.3 amd64 +ubuntu-advantage-tools 27.2.2~20.04.1 amd64 --- diff --git a/.etckeeper b/.etckeeper index fb330ab14..d6124bcee 100755 --- a/.etckeeper +++ b/.etckeeper @@ -64,7 +64,6 @@ mkdir -p './ssh/sshd_config.d' mkdir -p './systemd/network' mkdir -p './udev/hwdb.d' mkdir -p './udev/rules.d' -mkdir -p './update-manager/release-upgrades.d' mkdir -p './vulkan/explicit_layer.d' mkdir -p './vulkan/icd.d' mkdir -p './vulkan/implicit_layer.d' @@ -673,6 +672,7 @@ maybe chmod 0644 'apt/apt.conf.d/01-vendor-ubuntu' maybe chmod 0644 'apt/apt.conf.d/01autoremove' maybe chmod 0444 'apt/apt.conf.d/01autoremove-kernels' maybe chmod 0644 'apt/apt.conf.d/05etckeeper' +maybe chmod 0644 'apt/apt.conf.d/20apt-esm-hook.conf' maybe chmod 0644 'apt/apt.conf.d/20apt-show-versions' maybe chmod 0644 'apt/apt.conf.d/25loolwsd' maybe chmod 0644 'apt/apt.conf.d/50command-not-found' @@ -8213,6 +8213,7 @@ maybe chmod 0644 'php/7.4/mods-available/readline.ini' maybe chmod 0644 'php/7.4/mods-available/redis.ini' maybe chmod 0644 'php/7.4/mods-available/shmop.ini' maybe chmod 0644 'php/7.4/mods-available/simplexml.ini' +maybe chmod 0644 'php/7.4/mods-available/soap.ini' maybe chmod 0644 'php/7.4/mods-available/sockets.ini' maybe chmod 0644 'php/7.4/mods-available/sysvmsg.ini' maybe chmod 0644 'php/7.4/mods-available/sysvsem.ini' @@ -8494,6 +8495,7 @@ maybe chmod 0644 'timezone' maybe chmod 0755 'tmpfiles.d' maybe chmod 0644 'tmpfiles.d/screen-cleanup.conf' maybe chmod 0755 'ubuntu-advantage' +maybe chmod 0644 'ubuntu-advantage/help_data.yaml' maybe chmod 0644 'ubuntu-advantage/uaclient.conf' maybe chmod 0644 'ucf.conf' maybe chmod 0755 'udev' @@ -8521,10 +8523,13 @@ maybe chmod 0755 'update-manager' maybe chmod 0644 'update-manager/meta-release' maybe chmod 0644 'update-manager/release-upgrades' maybe chmod 0755 'update-manager/release-upgrades.d' +maybe chmod 0644 'update-manager/release-upgrades.d/ubuntu-advantage-upgrades.cfg' maybe chmod 0755 'update-motd.d' maybe chmod 0755 'update-motd.d/00-header' maybe chmod 0755 'update-motd.d/10-help-text' maybe chmod 0755 'update-motd.d/50-motd-news' +maybe chmod 0755 'update-motd.d/88-esm-announce' +maybe chmod 0755 'update-motd.d/91-contract-ua-esm-status' maybe chmod 0755 'update-motd.d/91-release-upgrade' maybe chmod 0644 'updatedb.conf' maybe chmod 0755 'vim' diff --git a/apt/apt.conf.d/01autoremove-kernels b/apt/apt.conf.d/01autoremove-kernels index 73341a989..a2473f77b 100644 --- a/apt/apt.conf.d/01autoremove-kernels +++ b/apt/apt.conf.d/01autoremove-kernels @@ -1,49 +1,45 @@ // DO NOT EDIT! File autogenerated by /etc/kernel/postinst.d/apt-auto-removal APT::NeverAutoRemove { - "^linux-.*-5\.4\.0-40-generic$"; - "^linux-.*-5\.4\.0-48-generic$"; "^linux-.*-5\.4\.0-52-generic$"; - "^kfreebsd-.*-5\.4\.0-40-generic$"; - "^kfreebsd-.*-5\.4\.0-48-generic$"; + "^linux-.*-5\.4\.0-81-generic$"; "^kfreebsd-.*-5\.4\.0-52-generic$"; - "^gnumach-.*-5\.4\.0-40-generic$"; - "^gnumach-.*-5\.4\.0-48-generic$"; + "^kfreebsd-.*-5\.4\.0-81-generic$"; "^gnumach-.*-5\.4\.0-52-generic$"; - "^.*-modules-5\.4\.0-40-generic$"; - "^.*-modules-5\.4\.0-48-generic$"; + "^gnumach-.*-5\.4\.0-81-generic$"; "^.*-modules-5\.4\.0-52-generic$"; - "^.*-kernel-5\.4\.0-40-generic$"; - "^.*-kernel-5\.4\.0-48-generic$"; + "^.*-modules-5\.4\.0-81-generic$"; "^.*-kernel-5\.4\.0-52-generic$"; + "^.*-kernel-5\.4\.0-81-generic$"; }; /* Debug information: # dpkg list: -rc linux-image-4.15.0-109-generic 4.15.0-109.110 amd64 Signed kernel image generic -rc linux-image-4.15.0-38-generic 4.15.0-38.41 amd64 Signed kernel image generic -rc linux-image-4.15.0-64-generic 4.15.0-64.73 amd64 Signed kernel image generic -ii linux-image-5.4.0-40-generic 5.4.0-40.44 amd64 Signed kernel image generic -ii linux-image-5.4.0-48-generic 5.4.0-48.52 amd64 Signed kernel image generic -iF linux-image-5.4.0-52-generic 5.4.0-52.57 amd64 Signed kernel image generic -ii linux-image-generic 5.4.0.52.55 amd64 Generic Linux kernel image +rc linux-image-4.15.0-109-generic 4.15.0-109.110 amd64 Signed kernel image generic +rc linux-image-4.15.0-38-generic 4.15.0-38.41 amd64 Signed kernel image generic +rc linux-image-4.15.0-64-generic 4.15.0-64.73 amd64 Signed kernel image generic +ii linux-image-5.4.0-40-generic 5.4.0-40.44 amd64 Signed kernel image generic +ii linux-image-5.4.0-48-generic 5.4.0-48.52 amd64 Signed kernel image generic +ii linux-image-5.4.0-52-generic 5.4.0-52.57 amd64 Signed kernel image generic +iF linux-image-5.4.0-81-generic 5.4.0-81.91 amd64 Signed kernel image generic +ii linux-image-generic 5.4.0.81.85 amd64 Generic Linux kernel image # list of installed kernel packages: 5.4.0-40-generic 5.4.0-40.44 5.4.0-48-generic 5.4.0-48.52 5.4.0-52-generic 5.4.0-52.57 +5.4.0-81-generic 5.4.0-81.91 # list of different kernel versions: +5.4.0-81.91 5.4.0-52.57 5.4.0-48.52 5.4.0-40.44 -# Installing kernel: 5.4.0-52.57 (5.4.0-52-generic) -# Running kernel: 5.4.0-40.44 (5.4.0-40-generic) -# Last kernel: 5.4.0-52.57 -# Previous kernel: 5.4.0-48.52 +# Installing kernel: 5.4.0-81.91 (5.4.0-81-generic) +# Running kernel: 5.4.0-52.57 (5.4.0-52-generic) +# Last kernel: 5.4.0-81.91 +# Previous kernel: 5.4.0-52.57 # Kernel versions list to keep: -5.4.0-40.44 -5.4.0-48.52 5.4.0-52.57 +5.4.0-81.91 # Kernel packages (version part) to protect: -5\.4\.0-40-generic -5\.4\.0-48-generic 5\.4\.0-52-generic +5\.4\.0-81-generic */ diff --git a/apt/apt.conf.d/20apt-esm-hook.conf b/apt/apt.conf.d/20apt-esm-hook.conf new file mode 100644 index 000000000..0cc682391 --- /dev/null +++ b/apt/apt.conf.d/20apt-esm-hook.conf @@ -0,0 +1,15 @@ +APT::Update::Post-Invoke-Stats { + "[ ! -f /usr/lib/ubuntu-advantage/apt-esm-hook ] || /usr/lib/ubuntu-advantage/apt-esm-hook post-invoke-stats || true"; +}; + +APT::Install::Post-Invoke-Success { + "[ ! -f /usr/lib/ubuntu-advantage/apt-esm-hook ] || /usr/lib/ubuntu-advantage/apt-esm-hook post-invoke-success || true"; +}; + +APT::Install::Pre-Invoke { + "[ ! -f /usr/lib/ubuntu-advantage/apt-esm-hook ] || /usr/lib/ubuntu-advantage/apt-esm-hook pre-invoke || true"; +}; + +AptCli::Hooks::Upgrade { + "[ ! -f /usr/lib/ubuntu-advantage/apt-esm-json-hook ] || /usr/lib/ubuntu-advantage/apt-esm-json-hook || true"; +}; diff --git a/php/7.4/apache2/conf.d/20-soap.ini b/php/7.4/apache2/conf.d/20-soap.ini new file mode 120000 index 000000000..765e2fb45 --- /dev/null +++ b/php/7.4/apache2/conf.d/20-soap.ini @@ -0,0 +1 @@ +/etc/php/7.4/mods-available/soap.ini \ No newline at end of file diff --git a/php/7.4/cli/conf.d/20-soap.ini b/php/7.4/cli/conf.d/20-soap.ini new file mode 120000 index 000000000..765e2fb45 --- /dev/null +++ b/php/7.4/cli/conf.d/20-soap.ini @@ -0,0 +1 @@ +/etc/php/7.4/mods-available/soap.ini \ No newline at end of file diff --git a/php/7.4/mods-available/soap.ini b/php/7.4/mods-available/soap.ini new file mode 100644 index 000000000..d545dfb69 --- /dev/null +++ b/php/7.4/mods-available/soap.ini @@ -0,0 +1,3 @@ +; configuration for php soap module +; priority=20 +extension=soap.so diff --git a/php/7.4/phpdbg/conf.d/20-soap.ini b/php/7.4/phpdbg/conf.d/20-soap.ini new file mode 120000 index 000000000..765e2fb45 --- /dev/null +++ b/php/7.4/phpdbg/conf.d/20-soap.ini @@ -0,0 +1 @@ +/etc/php/7.4/mods-available/soap.ini \ No newline at end of file diff --git a/systemd/system/multi-user.target.wants/ua-reboot-cmds.service b/systemd/system/multi-user.target.wants/ua-reboot-cmds.service new file mode 120000 index 000000000..e2ace0ae3 --- /dev/null +++ b/systemd/system/multi-user.target.wants/ua-reboot-cmds.service @@ -0,0 +1 @@ +/lib/systemd/system/ua-reboot-cmds.service \ No newline at end of file diff --git a/systemd/system/timers.target.wants/ua-messaging.timer b/systemd/system/timers.target.wants/ua-messaging.timer new file mode 120000 index 000000000..a9be21a6c --- /dev/null +++ b/systemd/system/timers.target.wants/ua-messaging.timer @@ -0,0 +1 @@ +/lib/systemd/system/ua-messaging.timer \ No newline at end of file diff --git a/ubuntu-advantage/help_data.yaml b/ubuntu-advantage/help_data.yaml new file mode 100644 index 000000000..da222a3ac --- /dev/null +++ b/ubuntu-advantage/help_data.yaml @@ -0,0 +1,68 @@ +cc-eal: + help: | + Common Criteria is an Information Technology Security Evaluation standard + (ISO/IEC IS 15408) for computer security certification. Ubuntu 16.04 has + been evaluated to assurance level EAL2 through CSEC. The evaluation was + performed on Intel x86_64, IBM Power8 and IBM Z hardware platforms. + +cis: + help: | + CIS benchmarks locks down your systems by removing non-secure programs, + disabling unused filesystems, disabling unnecessary ports or services to + prevent cyber attacks and malware, auditing privileged operations and + restricting administrative privileges. The cis command installs + tooling needed to automate audit and hardening according to a desired + CIS profile - level 1 or level 2 for server or workstation on + Ubuntu 18.04 LTS or 16.04 LTS. The audit tooling uses OpenSCAP libraries + to do a scan of the system. The tool provides options to generate a + report in XML or a html format. The report shows compliance for all the + rules against the profile selected during the scan. You can find out + more at https://ubuntu.com/security/certifications#cis + +esm-apps: + help: | + UA Apps: Extended Security Maintenance is enabled by default on entitled + workloads. It provides access to a private PPA which includes available + high and critical CVE fixes for Ubuntu LTS packages in the Ubuntu Main + and Ubuntu Universe repositories from the Ubuntu LTS release date until + its end of life. You can find out more about the esm service at + https://ubuntu.com/security/esm + +esm-infra: + help: | + esm-infra provides access to a private ppa which includes available high + and critical CVE fixes for Ubuntu LTS packages in the Ubuntu Main + repository between the end of the standard Ubuntu LTS security + maintenance and its end of life. It is enabled by default with + Extended Security Maintenance (ESM) for UA Apps and UA Infra. + You can find our more about the esm service at + https://ubuntu.com/security/esm + +fips: + help: | + FIPS 140-2 is a set of publicly announced cryptographic standards + developed by the National Institute of Standards and Technology + applicable for FedRAMP, HIPAA, PCI and ISO compliance use cases. + Note that ‘fips’ does not provide security patching. For fips certified + modules with security patches please refer to fips-updates. The modules + are certified on Intel x86_64 and IBM Z hardware platforms for Ubuntu + 18.04 and Intel x86_64, IBM Power8 and IBM Z hardware platforms for + Ubuntu 16.04. Below is the list of fips certified components per an + Ubuntu Version. You can find out more at + https://ubuntu.com/security/certifications#fips + +fips-updates: + help: | + fips-updates installs fips modules including all security patches + for those modules that have been provided since their certification date. + You can find out more at https://ubuntu.com/security/certifications#fips. + +livepatch: + help: | + Livepatch provides selected high and critical kernel CVE fixes and other + non-security bug fixes as kernel livepatches. Livepatches are applied + without rebooting a machine which drastically limits the need for + unscheduled system reboots. Due to the nature of fips compliance, + livepatches cannot be enabled on fips-enabled systems. You can find out + more about Ubuntu Kernel Livepatch service at + https://ubuntu.com/security/livepatch diff --git a/ubuntu-advantage/uaclient.conf b/ubuntu-advantage/uaclient.conf index 8dc2f1a5a..7bf292a31 100644 --- a/ubuntu-advantage/uaclient.conf +++ b/ubuntu-advantage/uaclient.conf @@ -1,5 +1,14 @@ # Ubuntu-Advantage client config file. -contract_url: 'https://contracts.canonical.com' +# If you modify this file, run "ua refresh config" to ensure changes are +# picked up by Ubuntu-Advantage client. + +contract_url: https://contracts.canonical.com data_dir: /var/lib/ubuntu-advantage -log_level: debug log_file: /var/log/ubuntu-advantage.log +log_level: debug +security_url: https://ubuntu.com/security +ua_config: + apt_http_proxy: null + apt_https_proxy: null + http_proxy: null + https_proxy: null diff --git a/update-manager/release-upgrades.d/ubuntu-advantage-upgrades.cfg b/update-manager/release-upgrades.d/ubuntu-advantage-upgrades.cfg new file mode 100644 index 000000000..c7da279af --- /dev/null +++ b/update-manager/release-upgrades.d/ubuntu-advantage-upgrades.cfg @@ -0,0 +1,4 @@ +[Sources] +Pockets=security,updates,proposed,backports,infra-security,infra-updates,apps-security,apps-updates +[Distro] +PostInstallScripts=./xorg_fix_proprietary.py, /usr/lib/ubuntu-advantage/upgrade_lts_contract.py diff --git a/update-motd.d/88-esm-announce b/update-motd.d/88-esm-announce new file mode 100755 index 000000000..44b521b43 --- /dev/null +++ b/update-motd.d/88-esm-announce @@ -0,0 +1,4 @@ +#!/bin/sh +stamp="/var/lib/ubuntu-advantage/messages/motd-esm-announce" + +[ ! -r "$stamp" ] || cat "$stamp" diff --git a/update-motd.d/91-contract-ua-esm-status b/update-motd.d/91-contract-ua-esm-status new file mode 100755 index 000000000..ceb22723c --- /dev/null +++ b/update-motd.d/91-contract-ua-esm-status @@ -0,0 +1,4 @@ +#!/bin/sh +stamp="/var/lib/ubuntu-advantage/messages/motd-esm-service-status" + +[ ! -r "$stamp" ] || cat "$stamp"