From: mhoellein Date: Fri, 28 May 2021 19:16:07 +0000 (+0200) Subject: committing changes in /etc after apt run X-Git-Url: https://git.hoellein.online/?a=commitdiff_plain;h=e13a1c5425a15a3614a8002f6f85096458dbc7a5;p=homeserver committing changes in /etc after apt run Package changes: -code-brand 6.4-15 all +code-brand 6.4-16 all -collaboraoffice6.4 6.4.10.38-38 amd64 -collaboraoffice6.4-ure 6.4.10.38-38 amd64 +collaboraoffice6.4 6.4.10.39-39 amd64 +collaboraoffice6.4-ure 6.4.10.39-39 amd64 -collaboraofficebasis6.4-calc 6.4.10.38-38 amd64 -collaboraofficebasis6.4-core 6.4.10.38-38 amd64 -collaboraofficebasis6.4-draw 6.4.10.38-38 amd64 -collaboraofficebasis6.4-en-us 6.4.10.38-38 amd64 -collaboraofficebasis6.4-extension-pdf-import 6.4.10.38-38 amd64 -collaboraofficebasis6.4-graphicfilter 6.4.10.38-38 amd64 -collaboraofficebasis6.4-images 6.4.10.38-38 amd64 -collaboraofficebasis6.4-impress 6.4.10.38-38 amd64 -collaboraofficebasis6.4-ooofonts 6.4.10.38-38 amd64 -collaboraofficebasis6.4-ooolinguistic 6.4.10.38-38 amd64 -collaboraofficebasis6.4-writer 6.4.10.38-38 amd64 +collaboraofficebasis6.4-calc 6.4.10.39-39 amd64 +collaboraofficebasis6.4-core 6.4.10.39-39 amd64 +collaboraofficebasis6.4-draw 6.4.10.39-39 amd64 +collaboraofficebasis6.4-en-us 6.4.10.39-39 amd64 +collaboraofficebasis6.4-extension-pdf-import 6.4.10.39-39 amd64 +collaboraofficebasis6.4-graphicfilter 6.4.10.39-39 amd64 +collaboraofficebasis6.4-images 6.4.10.39-39 amd64 +collaboraofficebasis6.4-impress 6.4.10.39-39 amd64 +collaboraofficebasis6.4-ooofonts 6.4.10.39-39 amd64 +collaboraofficebasis6.4-ooolinguistic 6.4.10.39-39 amd64 +collaboraofficebasis6.4-writer 6.4.10.39-39 amd64 -icinga2 2.12.3-1.bionic amd64 -icinga2-bin 2.12.3-1.bionic amd64 -icinga2-common 2.12.3-1.bionic all -icinga2-ido-mysql 2.12.3-1.bionic amd64 +icinga2 2.12.4-1.bionic amd64 +icinga2-bin 2.12.4-1.bionic amd64 +icinga2-common 2.12.4-1.bionic all +icinga2-ido-mysql 2.12.4-1.bionic amd64 -isc-dhcp-client 4.3.5-3ubuntu7.2 amd64 -isc-dhcp-common 4.3.5-3ubuntu7.2 amd64 +isc-dhcp-client 4.3.5-3ubuntu7.3 amd64 +isc-dhcp-common 4.3.5-3ubuntu7.3 amd64 -liblz4-1 0.0~r131-2ubuntu3 amd64 -liblz4-1 0.0~r131-2ubuntu3 i386 +liblz4-1 0.0~r131-2ubuntu3.1 amd64 +liblz4-1 0.0~r131-2ubuntu3.1 i386 -libpam-modules 1.1.8-3.6ubuntu2.18.04.2 amd64 -libpam-modules-bin 1.1.8-3.6ubuntu2.18.04.2 amd64 -libpam-runtime 1.1.8-3.6ubuntu2.18.04.2 all +libpam-modules 1.1.8-3.6ubuntu2.18.04.3 amd64 +libpam-modules-bin 1.1.8-3.6ubuntu2.18.04.3 amd64 +libpam-runtime 1.1.8-3.6ubuntu2.18.04.3 all -libpam0g 1.1.8-3.6ubuntu2.18.04.2 amd64 +libpam0g 1.1.8-3.6ubuntu2.18.04.3 amd64 -loolwsd 6.4.8-6 amd64 +loolwsd 6.4.9-1 amd64 -vim-icinga2 2.12.3-1.bionic all +vim-icinga2 2.12.4-1.bionic all --- diff --git a/.etckeeper b/.etckeeper index b01bc92f..61f90db8 100755 --- a/.etckeeper +++ b/.etckeeper @@ -2774,7 +2774,7 @@ maybe chgrp 'nagios' 'icinga2/conf.d/users.conf' maybe chmod 0644 'icinga2/conf.d/users.conf' maybe chown 'nagios' 'icinga2/constants.conf' maybe chgrp 'nagios' 'icinga2/constants.conf' -maybe chmod 0644 'icinga2/constants.conf' +maybe chmod 0640 'icinga2/constants.conf' maybe chown 'nagios' 'icinga2/constants.conf.orig' maybe chgrp 'nagios' 'icinga2/constants.conf.orig' maybe chmod 0640 'icinga2/constants.conf.orig' @@ -2843,7 +2843,7 @@ maybe chgrp 'nagios' 'icinga2/features-enabled' maybe chmod 0750 'icinga2/features-enabled' maybe chown 'nagios' 'icinga2/icinga2.conf' maybe chgrp 'nagios' 'icinga2/icinga2.conf' -maybe chmod 0644 'icinga2/icinga2.conf' +maybe chmod 0640 'icinga2/icinga2.conf' maybe chown 'nagios' 'icinga2/icinga2.conf.orig' maybe chgrp 'nagios' 'icinga2/icinga2.conf.orig' maybe chmod 0640 'icinga2/icinga2.conf.orig' @@ -2855,7 +2855,7 @@ maybe chmod 0755 'icinga2/scripts/mail-host-notification.sh' maybe chmod 0755 'icinga2/scripts/mail-service-notification.sh' maybe chown 'nagios' 'icinga2/zones.conf' maybe chgrp 'nagios' 'icinga2/zones.conf' -maybe chmod 0644 'icinga2/zones.conf' +maybe chmod 0640 'icinga2/zones.conf' maybe chown 'nagios' 'icinga2/zones.conf.orig' maybe chgrp 'nagios' 'icinga2/zones.conf.orig' maybe chmod 0640 'icinga2/zones.conf.orig' @@ -10174,6 +10174,7 @@ maybe chmod 0644 'securetty' maybe chmod 0755 'security' maybe chmod 0644 'security/access.conf' maybe chmod 0644 'security/capability.conf' +maybe chmod 0644 'security/faillock.conf' maybe chmod 0644 'security/group.conf' maybe chmod 0644 'security/limits.conf' maybe chmod 0755 'security/limits.d' diff --git a/apt/apt.conf.d/25loolwsd b/apt/apt.conf.d/25loolwsd index de34164e..48a12763 100644 --- a/apt/apt.conf.d/25loolwsd +++ b/apt/apt.conf.d/25loolwsd @@ -1,2 +1,2 @@ // Rebuild systemplate of Collabora Online Development Edition -DPkg::Post-Invoke { "echo Updating loolwsd systemplate;loolwsd-systemplate-setup /opt/lool/systemplate /opt/collaboraoffice6.4 >/dev/null 2>&1"; }; +DPkg::Post-Invoke { "echo Updating loolwsd systemplate;loolwsd-systemplate-setup /opt/lool/systemplate /opt/collaboraoffice6.4 >/dev/null 2>&1 || true"; }; diff --git a/loolwsd/loolkitconfig.xcu b/loolwsd/loolkitconfig.xcu index 86696a88..bb9ed68f 100644 --- a/loolwsd/loolkitconfig.xcu +++ b/loolwsd/loolkitconfig.xcu @@ -25,10 +25,8 @@ true - + collabora_svg - - 2 diff --git a/security/faillock.conf b/security/faillock.conf new file mode 100644 index 00000000..16d93df7 --- /dev/null +++ b/security/faillock.conf @@ -0,0 +1,62 @@ +# Configuration for locking the user after multiple failed +# authentication attempts. +# +# The directory where the user files with the failure records are kept. +# The default is /var/run/faillock. +# dir = /var/run/faillock +# +# Will log the user name into the system log if the user is not found. +# Enabled if option is present. +# audit +# +# Don't print informative messages. +# Enabled if option is present. +# silent +# +# Don't log informative messages via syslog. +# Enabled if option is present. +# no_log_info +# +# Only track failed user authentications attempts for local users +# in /etc/passwd and ignore centralized (AD, IdM, LDAP, etc.) users. +# The `faillock` command will also no longer track user failed +# authentication attempts. Enabling this option will prevent a +# double-lockout scenario where a user is locked out locally and +# in the centralized mechanism. +# Enabled if option is present. +# local_users_only +# +# Deny access if the number of consecutive authentication failures +# for this user during the recent interval exceeds n tries. +# The default is 3. +# deny = 3 +# +# The length of the interval during which the consecutive +# authentication failures must happen for the user account +# lock out is n seconds. +# The default is 900 (15 minutes). +# fail_interval = 900 +# +# The access will be re-enabled after n seconds after the lock out. +# The value 0 has the same meaning as value `never` - the access +# will not be re-enabled without resetting the faillock +# entries by the `faillock` command. +# The default is 600 (10 minutes). +# unlock_time = 600 +# +# Root account can become locked as well as regular accounts. +# Enabled if option is present. +# even_deny_root +# +# This option implies the `even_deny_root` option. +# Allow access after n seconds to root account after the +# account is locked. In case the option is not specified +# the value is the same as of the `unlock_time` option. +# root_unlock_time = 900 +# +# If a group name is specified with this option, members +# of the group will be handled by this module the same as +# the root account (the options `even_deny_root>` and +# `root_unlock_time` will apply to them. +# By default, the option is not set. +# admin_group =