From f52c9625e20fa632d12b921a1e5aa149d8d1ed48 Mon Sep 17 00:00:00 2001 From: mhoellein Date: Thu, 28 Apr 2022 11:11:29 +0200 Subject: [PATCH] saving uncommitted changes in /etc prior to apt run --- .etckeeper | 74 ++++- ImageMagick-6/type-urw-base35.xml | 50 ++++ apparmor.d/abstractions/dri-common | 14 + apparmor.d/abstractions/dri-enumerate | 8 + apparmor.d/abstractions/kde-globals-write | 10 + apparmor.d/abstractions/kde-icon-cache-write | 7 + apparmor.d/abstractions/kde-language-write | 12 + apparmor.d/abstractions/mesa | 17 ++ apparmor.d/abstractions/opencl | 9 + apparmor.d/abstractions/opencl-common | 10 + apparmor.d/abstractions/opencl-intel | 17 ++ apparmor.d/abstractions/opencl-mesa | 20 ++ apparmor.d/abstractions/opencl-nvidia | 30 ++ apparmor.d/abstractions/opencl-pocl | 76 +++++ apparmor.d/abstractions/qt5 | 22 ++ .../abstractions/qt5-compose-cache-write | 8 + apparmor.d/abstractions/qt5-settings-write | 11 + .../abstractions/recent-documents-write | 10 + apparmor.d/abstractions/vulkan | 15 + apparmor.d/local/lsb_release | 0 apparmor.d/local/nvidia_modprobe | 0 apparmor.d/lsb_release | 50 ++++ apparmor.d/nvidia_modprobe | 63 ++++ apparmor.d/tunables/share | 15 + apparmor.d/tunables/sys | 9 + apt/preferences.d/nosnap.pref | 7 + cups/printers.conf | 9 +- cups/printers.conf.O | 6 +- default/rpcbind | 12 + environment.d/90atk-adaptor.conf | 1 + environment.d/90qt-a11y.conf | 1 + ethertypes | 45 +++ fail2ban/action.d/nftables.conf | 203 +++++++++++++ fail2ban/filter.d/bitwarden.conf | 6 + fail2ban/filter.d/centreon.conf | 9 + fail2ban/filter.d/traefik-auth.conf | 56 ++++ fail2ban/filter.d/znc-adminlog.conf | 34 +++ fonts/conf.avail/56-language-selector-ar.conf | 28 ++ fonts/conf.d/56-language-selector-ar.conf | 1 + icinga2/init.conf | 7 + insserv.conf.d/mariadb | 1 + letsencrypt/csr/3430_csr-certbot.pem | 16 ++ letsencrypt/csr/3431_csr-certbot.pem | 16 ++ letsencrypt/keys/3431_key-certbot.pem | 28 ++ letsencrypt/keys/3432_key-certbot.pem | 28 ++ .../ignore.d.paranoid/mariadb-server-10_1 | 9 + logcheck/ignore.d.server/mariadb-server-10_1 | 32 +++ .../ignore.d.workstation/mariadb-server-10_1 | 32 +++ logrotate.d/btmp | 7 + logrotate.d/wtmp | 8 + lvm/backup/system | 10 +- mysql/debian.cnf-10.3 | 10 + mysql/mariadb.conf.d/50-client.cnf | 25 ++ mysql/mariadb.conf.d/50-mysql-clients.cnf | 24 ++ mysql/mariadb.conf.d/50-mysqld_safe.cnf | 30 ++ mysql/mariadb.conf.d/50-server.cnf | 134 +++++++++ profile.d/im-config_wayland.sh | 12 + rc0.d/K01quotarpc | 1 + rc0.d/K02quota | 1 + rc1.d/K01quotarpc | 1 + rc2.d/K01speech-dispatcher | 1 + rc2.d/S03quotarpc | 1 + rc3.d/K01speech-dispatcher | 1 + rc3.d/S03quotarpc | 1 + rc4.d/K01speech-dispatcher | 1 + rc4.d/S03quotarpc | 1 + rc5.d/K01speech-dispatcher | 1 + rc5.d/S03quotarpc | 1 + rc6.d/K01quotarpc | 1 + rc6.d/K02quota | 1 + rcS.d/S01quota | 1 + spamassassin/v343.pre | 25 ++ speech-dispatcher/modules/baratinoo.conf | 54 ++++ .../modules/espeak-ng-mbrola-generic.conf | 269 ++++++++++++++++++ speech-dispatcher/modules/kali.conf | 41 +++ speech-dispatcher/modules/mary-generic.conf | 82 ++++++ ssl/certs/1c7314a2.1 | 1 + systemd/networkd.conf | 20 ++ systemd/pstore.conf | 16 ++ systemd/sleep.conf | 25 ++ .../multi-user.target.wants/dmesg.service | 1 + .../multi-user.target.wants/etckeeper.timer | 1 + .../multi-user.target.wants/quotarpc.service | 1 + .../system/sysinit.target.wants/quota.service | 1 + .../systemd-pstore.service | 1 + .../timers.target.wants/logrotate.timer | 1 + x2go/Xresources | 1 + x2go/Xsession | 240 ++++++++++++++++ x2go/Xsession.d | 1 + x2go/Xsession.options | 0 xattr.conf | 21 ++ xdg/autostart/geoclue-demo-agent.desktop | 10 + xdg/autostart/im-launch.desktop | 5 + xdg/autostart/xapp-sn-watcher.desktop | 8 + 94 files changed, 2229 insertions(+), 14 deletions(-) create mode 100644 ImageMagick-6/type-urw-base35.xml create mode 100644 apparmor.d/abstractions/dri-common create mode 100644 apparmor.d/abstractions/dri-enumerate create mode 100644 apparmor.d/abstractions/kde-globals-write create mode 100644 apparmor.d/abstractions/kde-icon-cache-write create mode 100644 apparmor.d/abstractions/kde-language-write create mode 100644 apparmor.d/abstractions/mesa create mode 100644 apparmor.d/abstractions/opencl create mode 100644 apparmor.d/abstractions/opencl-common create mode 100644 apparmor.d/abstractions/opencl-intel create mode 100644 apparmor.d/abstractions/opencl-mesa create mode 100644 apparmor.d/abstractions/opencl-nvidia create mode 100644 apparmor.d/abstractions/opencl-pocl create mode 100644 apparmor.d/abstractions/qt5 create mode 100644 apparmor.d/abstractions/qt5-compose-cache-write create mode 100644 apparmor.d/abstractions/qt5-settings-write create mode 100644 apparmor.d/abstractions/recent-documents-write create mode 100644 apparmor.d/abstractions/vulkan create mode 100644 apparmor.d/local/lsb_release create mode 100644 apparmor.d/local/nvidia_modprobe create mode 100644 apparmor.d/lsb_release create mode 100644 apparmor.d/nvidia_modprobe create mode 100644 apparmor.d/tunables/share create mode 100644 apparmor.d/tunables/sys create mode 100644 apt/preferences.d/nosnap.pref create mode 100644 default/rpcbind create mode 100644 environment.d/90atk-adaptor.conf create mode 100644 environment.d/90qt-a11y.conf create mode 100644 ethertypes create mode 100644 fail2ban/action.d/nftables.conf create mode 100644 fail2ban/filter.d/bitwarden.conf create mode 100644 fail2ban/filter.d/centreon.conf create mode 100644 fail2ban/filter.d/traefik-auth.conf create mode 100644 fail2ban/filter.d/znc-adminlog.conf create mode 100644 fonts/conf.avail/56-language-selector-ar.conf create mode 120000 fonts/conf.d/56-language-selector-ar.conf create mode 100644 icinga2/init.conf create mode 100644 insserv.conf.d/mariadb create mode 100644 letsencrypt/csr/3430_csr-certbot.pem create mode 100644 letsencrypt/csr/3431_csr-certbot.pem create mode 100644 letsencrypt/keys/3431_key-certbot.pem create mode 100644 letsencrypt/keys/3432_key-certbot.pem create mode 100644 logcheck/ignore.d.paranoid/mariadb-server-10_1 create mode 100644 logcheck/ignore.d.server/mariadb-server-10_1 create mode 100644 logcheck/ignore.d.workstation/mariadb-server-10_1 create mode 100644 logrotate.d/btmp create mode 100644 logrotate.d/wtmp create mode 100644 mysql/debian.cnf-10.3 create mode 100644 mysql/mariadb.conf.d/50-client.cnf create mode 100644 mysql/mariadb.conf.d/50-mysql-clients.cnf create mode 100644 mysql/mariadb.conf.d/50-mysqld_safe.cnf create mode 100644 mysql/mariadb.conf.d/50-server.cnf create mode 100644 profile.d/im-config_wayland.sh create mode 120000 rc0.d/K01quotarpc create mode 120000 rc0.d/K02quota create mode 120000 rc1.d/K01quotarpc create mode 120000 rc2.d/K01speech-dispatcher create mode 120000 rc2.d/S03quotarpc create mode 120000 rc3.d/K01speech-dispatcher create mode 120000 rc3.d/S03quotarpc create mode 120000 rc4.d/K01speech-dispatcher create mode 120000 rc4.d/S03quotarpc create mode 120000 rc5.d/K01speech-dispatcher create mode 120000 rc5.d/S03quotarpc create mode 120000 rc6.d/K01quotarpc create mode 120000 rc6.d/K02quota create mode 120000 rcS.d/S01quota create mode 100644 spamassassin/v343.pre create mode 100644 speech-dispatcher/modules/baratinoo.conf create mode 100644 speech-dispatcher/modules/espeak-ng-mbrola-generic.conf create mode 100644 speech-dispatcher/modules/kali.conf create mode 100644 speech-dispatcher/modules/mary-generic.conf create mode 120000 ssl/certs/1c7314a2.1 create mode 100644 systemd/networkd.conf create mode 100644 systemd/pstore.conf create mode 100644 systemd/sleep.conf create mode 120000 systemd/system/multi-user.target.wants/dmesg.service create mode 120000 systemd/system/multi-user.target.wants/etckeeper.timer create mode 120000 systemd/system/multi-user.target.wants/quotarpc.service create mode 120000 systemd/system/sysinit.target.wants/quota.service create mode 120000 systemd/system/sysinit.target.wants/systemd-pstore.service create mode 120000 systemd/system/timers.target.wants/logrotate.timer create mode 120000 x2go/Xresources create mode 100755 x2go/Xsession create mode 120000 x2go/Xsession.d create mode 100644 x2go/Xsession.options create mode 100644 xattr.conf create mode 100644 xdg/autostart/geoclue-demo-agent.desktop create mode 100644 xdg/autostart/im-launch.desktop create mode 100644 xdg/autostart/xapp-sn-watcher.desktop diff --git a/.etckeeper b/.etckeeper index 0b7ef311..c8b49c10 100755 --- a/.etckeeper +++ b/.etckeeper @@ -45,7 +45,6 @@ mkdir -p './letsencrypt/renewal-hooks/pre' mkdir -p './libpaper.d' mkdir -p './monit/conf-available' mkdir -p './mono/certstore' -mkdir -p './mysql/mariadb.conf.d' mkdir -p './network/interfaces.d' mkdir -p './networkd-dispatcher/dormant.d' mkdir -p './networkd-dispatcher/no-carrier.d' @@ -70,9 +69,12 @@ mkdir -p './proftpd/conf.d' mkdir -p './samba/tls' mkdir -p './security/namespace.d' mkdir -p './smartmontools/smartd_warning.d' +mkdir -p './ssh/ssh_config.d' +mkdir -p './ssh/sshd_config.d' mkdir -p './systemd/system/systemd-networkd.service.d' mkdir -p './systemd/user' mkdir -p './udev/hwdb.d' +mkdir -p './ufw/applications.d/apache2' mkdir -p './update-notifier' mkdir -p './usb_modeswitch.d' maybe chmod 0755 '.' @@ -101,6 +103,7 @@ maybe chmod 0644 'ImageMagick-6/thresholds.xml' maybe chmod 0644 'ImageMagick-6/type-apple.xml' maybe chmod 0644 'ImageMagick-6/type-dejavu.xml' maybe chmod 0644 'ImageMagick-6/type-ghostscript.xml' +maybe chmod 0644 'ImageMagick-6/type-urw-base35.xml' maybe chmod 0644 'ImageMagick-6/type-windows.xml' maybe chmod 0644 'ImageMagick-6/type.xml' maybe chmod 0755 'NetworkManager' @@ -508,6 +511,8 @@ maybe chmod 0644 'apparmor.d/abstractions/dbus-session-strict' maybe chmod 0644 'apparmor.d/abstractions/dbus-strict' maybe chmod 0644 'apparmor.d/abstractions/dconf' maybe chmod 0644 'apparmor.d/abstractions/dovecot-common' +maybe chmod 0644 'apparmor.d/abstractions/dri-common' +maybe chmod 0644 'apparmor.d/abstractions/dri-enumerate' maybe chmod 0644 'apparmor.d/abstractions/enchant' maybe chmod 0644 'apparmor.d/abstractions/evince' maybe chmod 0644 'apparmor.d/abstractions/fcitx' @@ -518,6 +523,9 @@ maybe chmod 0644 'apparmor.d/abstractions/gnome' maybe chmod 0644 'apparmor.d/abstractions/gnupg' maybe chmod 0644 'apparmor.d/abstractions/ibus' maybe chmod 0644 'apparmor.d/abstractions/kde' +maybe chmod 0644 'apparmor.d/abstractions/kde-globals-write' +maybe chmod 0644 'apparmor.d/abstractions/kde-icon-cache-write' +maybe chmod 0644 'apparmor.d/abstractions/kde-language-write' maybe chmod 0644 'apparmor.d/abstractions/kerberosclient' maybe chmod 0644 'apparmor.d/abstractions/launchpad-integration' maybe chmod 0644 'apparmor.d/abstractions/ldapclient' @@ -526,12 +534,19 @@ maybe chmod 0644 'apparmor.d/abstractions/lightdm' maybe chmod 0644 'apparmor.d/abstractions/lightdm_chromium-browser' maybe chmod 0644 'apparmor.d/abstractions/likewise' maybe chmod 0644 'apparmor.d/abstractions/mdns' +maybe chmod 0644 'apparmor.d/abstractions/mesa' maybe chmod 0644 'apparmor.d/abstractions/mir' maybe chmod 0644 'apparmor.d/abstractions/mozc' maybe chmod 0644 'apparmor.d/abstractions/mysql' maybe chmod 0644 'apparmor.d/abstractions/nameservice' maybe chmod 0644 'apparmor.d/abstractions/nis' maybe chmod 0644 'apparmor.d/abstractions/nvidia' +maybe chmod 0644 'apparmor.d/abstractions/opencl' +maybe chmod 0644 'apparmor.d/abstractions/opencl-common' +maybe chmod 0644 'apparmor.d/abstractions/opencl-intel' +maybe chmod 0644 'apparmor.d/abstractions/opencl-mesa' +maybe chmod 0644 'apparmor.d/abstractions/opencl-nvidia' +maybe chmod 0644 'apparmor.d/abstractions/opencl-pocl' maybe chmod 0644 'apparmor.d/abstractions/openssl' maybe chmod 0644 'apparmor.d/abstractions/orbit2' maybe chmod 0644 'apparmor.d/abstractions/p11-kit' @@ -542,6 +557,10 @@ maybe chmod 0644 'apparmor.d/abstractions/postfix-common' maybe chmod 0644 'apparmor.d/abstractions/private-files' maybe chmod 0644 'apparmor.d/abstractions/private-files-strict' maybe chmod 0644 'apparmor.d/abstractions/python' +maybe chmod 0644 'apparmor.d/abstractions/qt5' +maybe chmod 0644 'apparmor.d/abstractions/qt5-compose-cache-write' +maybe chmod 0644 'apparmor.d/abstractions/qt5-settings-write' +maybe chmod 0644 'apparmor.d/abstractions/recent-documents-write' maybe chmod 0644 'apparmor.d/abstractions/ruby' maybe chmod 0644 'apparmor.d/abstractions/samba' maybe chmod 0644 'apparmor.d/abstractions/smbpass' @@ -581,6 +600,7 @@ maybe chmod 0644 'apparmor.d/abstractions/user-manpages' maybe chmod 0644 'apparmor.d/abstractions/user-tmp' maybe chmod 0644 'apparmor.d/abstractions/user-write' maybe chmod 0644 'apparmor.d/abstractions/video' +maybe chmod 0644 'apparmor.d/abstractions/vulkan' maybe chmod 0644 'apparmor.d/abstractions/wayland' maybe chmod 0644 'apparmor.d/abstractions/web-data' maybe chmod 0644 'apparmor.d/abstractions/winbind' @@ -593,6 +613,8 @@ maybe chmod 0755 'apparmor.d/force-complain' maybe chmod 0644 'apparmor.d/lightdm-guest-session' maybe chmod 0755 'apparmor.d/local' maybe chmod 0644 'apparmor.d/local/README' +maybe chmod 0644 'apparmor.d/local/lsb_release' +maybe chmod 0644 'apparmor.d/local/nvidia_modprobe' maybe chmod 0644 'apparmor.d/local/sbin.dhclient' maybe chmod 0644 'apparmor.d/local/system_tor' maybe chmod 0644 'apparmor.d/local/usr.bin.evince' @@ -611,6 +633,8 @@ maybe chmod 0644 'apparmor.d/local/usr.sbin.named' maybe chmod 0644 'apparmor.d/local/usr.sbin.ntpd' maybe chmod 0644 'apparmor.d/local/usr.sbin.rsyslogd' maybe chmod 0644 'apparmor.d/local/usr.sbin.tcpdump' +maybe chmod 0644 'apparmor.d/lsb_release' +maybe chmod 0644 'apparmor.d/nvidia_modprobe' maybe chmod 0644 'apparmor.d/sbin.dhclient' maybe chmod 0755 'apparmor.d/snap' maybe chmod 0755 'apparmor.d/snap/abstractions' @@ -720,6 +744,8 @@ maybe chmod 0755 'apparmor.d/tunables/multiarch.d' maybe chmod 0644 'apparmor.d/tunables/multiarch.d/site.local' maybe chmod 0644 'apparmor.d/tunables/ntpd' maybe chmod 0644 'apparmor.d/tunables/securityfs' +maybe chmod 0644 'apparmor.d/tunables/share' +maybe chmod 0644 'apparmor.d/tunables/sys' maybe chmod 0644 'apparmor.d/tunables/xdg-user-dirs' maybe chmod 0755 'apparmor.d/tunables/xdg-user-dirs.d' maybe chmod 0644 'apparmor.d/tunables/xdg-user-dirs.d/site.local' @@ -784,6 +810,7 @@ maybe chmod 0644 'apt/apt.conf.d/99update-notifier' maybe chmod 0755 'apt/auth.conf.d' maybe chmod 0755 'apt/preferences.d' maybe chmod 0644 'apt/preferences.d/fglrx.13.350.pref' +maybe chmod 0644 'apt/preferences.d/nosnap.pref' maybe chmod 0644 'apt/preferences.d/official-extra-repositories.pref' maybe chmod 0644 'apt/preferences.d/official-package-repositories.pref' maybe chmod 0664 'apt/sources.list' @@ -2244,6 +2271,7 @@ maybe chmod 0644 'default/proftpd' maybe chmod 0644 'default/quota' maybe chmod 0644 'default/rcS' maybe chmod 0644 'default/redis-server' +maybe chmod 0644 'default/rpcbind' maybe chmod 0644 'default/rsync' maybe chmod 0644 'default/rsyslog' maybe chmod 0644 'default/saned' @@ -2390,6 +2418,9 @@ maybe chmod 0644 'emacs/site-start.d/50autoconf.el' maybe chmod 0644 'emacs/site-start.d/50dictionaries-common.el' maybe chmod 0644 'emacs/site-start.el' maybe chmod 0644 'environment' +maybe chmod 0755 'environment.d' +maybe chmod 0644 'environment.d/90atk-adaptor.conf' +maybe chmod 0644 'environment.d/90qt-a11y.conf' maybe chmod 0755 'esound' maybe chmod 0644 'esound/esd.conf' maybe chmod 0755 'etckeeper' @@ -2440,6 +2471,7 @@ maybe chmod 0755 'etckeeper/update-ignore.d/01update-ignore' maybe chmod 0644 'etckeeper/update-ignore.d/README' maybe chmod 0755 'etckeeper/vcs.d' maybe chmod 0755 'etckeeper/vcs.d/50vcs-cmd' +maybe chmod 0644 'ethertypes' maybe chmod 0644 'exports' maybe chmod 0755 'fail2ban' maybe chmod 0755 'fail2ban/action.d' @@ -2484,6 +2516,7 @@ maybe chmod 0644 'fail2ban/action.d/netscaler.conf' maybe chmod 0644 'fail2ban/action.d/nftables-allports.conf' maybe chmod 0644 'fail2ban/action.d/nftables-common.conf' maybe chmod 0644 'fail2ban/action.d/nftables-multiport.conf' +maybe chmod 0644 'fail2ban/action.d/nftables.conf' maybe chmod 0644 'fail2ban/action.d/nginx-block-map.conf' maybe chmod 0644 'fail2ban/action.d/npf.conf' maybe chmod 0644 'fail2ban/action.d/nsupdate.conf' @@ -2523,7 +2556,9 @@ maybe chmod 0644 'fail2ban/filter.d/apache-pass.conf' maybe chmod 0644 'fail2ban/filter.d/apache-shellshock.conf' maybe chmod 0644 'fail2ban/filter.d/assp.conf' maybe chmod 0644 'fail2ban/filter.d/asterisk.conf' +maybe chmod 0644 'fail2ban/filter.d/bitwarden.conf' maybe chmod 0644 'fail2ban/filter.d/botsearch-common.conf' +maybe chmod 0644 'fail2ban/filter.d/centreon.conf' maybe chmod 0644 'fail2ban/filter.d/common.conf' maybe chmod 0644 'fail2ban/filter.d/counter-strike.conf' maybe chmod 0644 'fail2ban/filter.d/courier-auth.conf' @@ -2588,11 +2623,13 @@ maybe chmod 0644 'fail2ban/filter.d/sshd.conf' maybe chmod 0644 'fail2ban/filter.d/stunnel.conf' maybe chmod 0644 'fail2ban/filter.d/suhosin.conf' maybe chmod 0644 'fail2ban/filter.d/tine20.conf' +maybe chmod 0644 'fail2ban/filter.d/traefik-auth.conf' maybe chmod 0644 'fail2ban/filter.d/uwimap-auth.conf' maybe chmod 0644 'fail2ban/filter.d/vsftpd.conf' maybe chmod 0644 'fail2ban/filter.d/webmin-auth.conf' maybe chmod 0644 'fail2ban/filter.d/wuftpd.conf' maybe chmod 0644 'fail2ban/filter.d/xinetd-fail.conf' +maybe chmod 0644 'fail2ban/filter.d/znc-adminlog.conf' maybe chmod 0644 'fail2ban/filter.d/zoneminder.conf' maybe chmod 0644 'fail2ban/jail.conf' maybe chmod 0755 'fail2ban/jail.d' @@ -2663,6 +2700,7 @@ maybe chmod 0644 'fonts/conf.avail/49-sansserif.conf' maybe chmod 0644 'fonts/conf.avail/50-user.conf' maybe chmod 0644 'fonts/conf.avail/51-local.conf' maybe chmod 0644 'fonts/conf.avail/53-monospace-lcd-filter.conf' +maybe chmod 0644 'fonts/conf.avail/56-language-selector-ar.conf' maybe chmod 0644 'fonts/conf.avail/57-dejavu-sans-mono.conf' maybe chmod 0644 'fonts/conf.avail/57-dejavu-sans.conf' maybe chmod 0644 'fonts/conf.avail/57-dejavu-serif.conf' @@ -3215,6 +3253,7 @@ maybe chmod 0640 'icinga2/icinga2.conf' maybe chown 'nagios' 'icinga2/icinga2.conf.orig' maybe chgrp 'nagios' 'icinga2/icinga2.conf.orig' maybe chmod 0640 'icinga2/icinga2.conf.orig' +maybe chmod 0644 'icinga2/init.conf' maybe chown 'nagios' 'icinga2/pki' maybe chgrp 'nagios' 'icinga2/pki' maybe chmod 0700 'icinga2/pki' @@ -3507,6 +3546,7 @@ maybe chmod 0755 'insserv' maybe chmod 0644 'insserv.conf' maybe chmod 0755 'insserv.conf.d' maybe chmod 0644 'insserv.conf.d/bind9' +maybe chmod 0644 'insserv.conf.d/mariadb' maybe chmod 0644 'insserv.conf.d/postfix' maybe chmod 0644 'insserv.conf.d/rpcbind' maybe chmod 0755 'insserv/overrides' @@ -7655,6 +7695,8 @@ maybe chmod 0644 'letsencrypt/csr/3426_csr-certbot.pem' maybe chmod 0644 'letsencrypt/csr/3427_csr-certbot.pem' maybe chmod 0644 'letsencrypt/csr/3428_csr-certbot.pem' maybe chmod 0644 'letsencrypt/csr/3429_csr-certbot.pem' +maybe chmod 0644 'letsencrypt/csr/3430_csr-certbot.pem' +maybe chmod 0644 'letsencrypt/csr/3431_csr-certbot.pem' maybe chmod 0700 'letsencrypt/keys' maybe chmod 0600 'letsencrypt/keys/0000_key-certbot.pem' maybe chmod 0600 'letsencrypt/keys/0001_key-certbot.pem' @@ -11087,6 +11129,8 @@ maybe chmod 0600 'letsencrypt/keys/3427_key-certbot.pem' maybe chmod 0600 'letsencrypt/keys/3428_key-certbot.pem' maybe chmod 0600 'letsencrypt/keys/3429_key-certbot.pem' maybe chmod 0600 'letsencrypt/keys/3430_key-certbot.pem' +maybe chmod 0600 'letsencrypt/keys/3431_key-certbot.pem' +maybe chmod 0600 'letsencrypt/keys/3432_key-certbot.pem' maybe chmod 0755 'letsencrypt/live' maybe chmod 0755 'letsencrypt/live/ccu.hoellein.online' maybe chmod 0644 'letsencrypt/live/ccu.hoellein.online/README' @@ -11171,6 +11215,7 @@ maybe chmod 0644 'locale.gen' maybe chmod 0755 'logcheck' maybe chmod 0755 'logcheck/ignore.d.paranoid' maybe chmod 0644 'logcheck/ignore.d.paranoid/cracklib-runtime' +maybe chmod 0644 'logcheck/ignore.d.paranoid/mariadb-server-10_1' maybe chmod 0644 'logcheck/ignore.d.paranoid/mariadb-server-10_3' maybe chmod 0644 'logcheck/ignore.d.paranoid/mysql-server-5_5' maybe chmod 0644 'logcheck/ignore.d.paranoid/mysql-server-5_7' @@ -11180,6 +11225,7 @@ maybe chmod 0644 'logcheck/ignore.d.server/gpg-agent' maybe chmod 0644 'logcheck/ignore.d.server/hddtemp' maybe chmod 0644 'logcheck/ignore.d.server/iodined' maybe chmod 0644 'logcheck/ignore.d.server/libsasl2-modules' +maybe chmod 0644 'logcheck/ignore.d.server/mariadb-server-10_1' maybe chmod 0644 'logcheck/ignore.d.server/mariadb-server-10_3' maybe chmod 0644 'logcheck/ignore.d.server/mysql-server-5_5' maybe chmod 0644 'logcheck/ignore.d.server/mysql-server-5_7' @@ -11189,6 +11235,7 @@ maybe chmod 0644 'logcheck/ignore.d.server/x2goserver' maybe chmod 0755 'logcheck/ignore.d.workstation' maybe chmod 0644 'logcheck/ignore.d.workstation/autossh' maybe chmod 0644 'logcheck/ignore.d.workstation/fetchmail' +maybe chmod 0644 'logcheck/ignore.d.workstation/mariadb-server-10_1' maybe chmod 0644 'logcheck/ignore.d.workstation/mariadb-server-10_3' maybe chmod 0644 'logcheck/ignore.d.workstation/mysql-server-5_5' maybe chmod 0644 'logcheck/ignore.d.workstation/mysql-server-5_7' @@ -11202,6 +11249,7 @@ maybe chmod 0644 'logrotate.d/apport' maybe chmod 0644 'logrotate.d/apt' maybe chmod 0644 'logrotate.d/aptitude' maybe chmod 0644 'logrotate.d/asterisk' +maybe chmod 0644 'logrotate.d/btmp' maybe chmod 0644 'logrotate.d/certbot' maybe chmod 0644 'logrotate.d/consolekit' maybe chmod 0644 'logrotate.d/cups-daemon' @@ -11236,6 +11284,7 @@ maybe chmod 0644 'logrotate.d/ufw' maybe chmod 0644 'logrotate.d/unattended-upgrades' maybe chmod 0644 'logrotate.d/unifi' maybe chmod 0644 'logrotate.d/upstart' +maybe chmod 0644 'logrotate.d/wtmp' maybe chmod 0644 'logrotate.d/zoneminder' maybe chmod 0755 'loolwsd' maybe chmod 0644 'loolwsd/loolkitconfig.xcu' @@ -11354,8 +11403,13 @@ maybe chmod 0644 'mysql/conf.d/mysqld_safe_syslog.cnf' maybe chmod 0644 'mysql/conf.d/mysqldump.cnf' maybe chmod 0755 'mysql/debian-start' maybe chmod 0600 'mysql/debian.cnf' +maybe chmod 0600 'mysql/debian.cnf-10.3' maybe chmod 0644 'mysql/mariadb.cnf' maybe chmod 0755 'mysql/mariadb.conf.d' +maybe chmod 0644 'mysql/mariadb.conf.d/50-client.cnf' +maybe chmod 0644 'mysql/mariadb.conf.d/50-mysql-clients.cnf' +maybe chmod 0644 'mysql/mariadb.conf.d/50-mysqld_safe.cnf' +maybe chmod 0644 'mysql/mariadb.conf.d/50-server.cnf' maybe chmod 0644 'mysql/my.cnf.bak' maybe chmod 0644 'mysql/my.cnf.fallback' maybe chmod 0644 'mysql/my.cnf.migrated' @@ -12046,6 +12100,7 @@ maybe chmod 0644 'profile.d/01-locale-fix.sh' maybe chmod 0644 'profile.d/bash_completion.sh' maybe chmod 0644 'profile.d/cedilla-portuguese.sh' maybe chmod 0644 'profile.d/flatpak.sh' +maybe chmod 0644 'profile.d/im-config_wayland.sh' maybe chmod 0644 'profile.d/input-method-config.sh' maybe chmod 0644 'profile.d/ssh_mail.sh' maybe chmod 0644 'profile.d/vte-2.91.sh' @@ -12420,28 +12475,34 @@ maybe chmod 0644 'spamassassin/v330.pre' maybe chmod 0644 'spamassassin/v340.pre' maybe chmod 0644 'spamassassin/v341.pre' maybe chmod 0644 'spamassassin/v342.pre' +maybe chmod 0644 'spamassassin/v343.pre' maybe chmod 0755 'speech-dispatcher' maybe chmod 0755 'speech-dispatcher/clients' maybe chmod 0644 'speech-dispatcher/clients/emacs.conf' maybe chmod 0755 'speech-dispatcher/modules' +maybe chmod 0644 'speech-dispatcher/modules/baratinoo.conf' maybe chmod 0644 'speech-dispatcher/modules/cicero.conf' maybe chmod 0644 'speech-dispatcher/modules/dtk-generic.conf' maybe chmod 0644 'speech-dispatcher/modules/epos-generic.conf' maybe chmod 0644 'speech-dispatcher/modules/espeak-generic.conf' maybe chmod 0644 'speech-dispatcher/modules/espeak-mbrola-generic.conf' +maybe chmod 0644 'speech-dispatcher/modules/espeak-ng-mbrola-generic.conf' maybe chmod 0644 'speech-dispatcher/modules/espeak-ng.conf' maybe chmod 0644 'speech-dispatcher/modules/espeak.conf' maybe chmod 0644 'speech-dispatcher/modules/festival.conf' maybe chmod 0644 'speech-dispatcher/modules/flite.conf' maybe chmod 0644 'speech-dispatcher/modules/ibmtts.conf' maybe chmod 0644 'speech-dispatcher/modules/ivona.conf' +maybe chmod 0644 'speech-dispatcher/modules/kali.conf' maybe chmod 0644 'speech-dispatcher/modules/llia_phon-generic.conf' +maybe chmod 0644 'speech-dispatcher/modules/mary-generic.conf' maybe chmod 0644 'speech-dispatcher/modules/pico-generic.conf' maybe chmod 0644 'speech-dispatcher/modules/swift-generic.conf' maybe chmod 0644 'speech-dispatcher/speechd.conf' maybe chmod 0755 'ssh' maybe chmod 0644 'ssh/moduli' maybe chmod 0644 'ssh/ssh_config' +maybe chmod 0755 'ssh/ssh_config.d' maybe chmod 0600 'ssh/ssh_host_dsa_key' maybe chmod 0644 'ssh/ssh_host_dsa_key.pub' maybe chmod 0600 'ssh/ssh_host_ecdsa_key' @@ -12451,6 +12512,7 @@ maybe chmod 0644 'ssh/ssh_host_ed25519_key.pub' maybe chmod 0600 'ssh/ssh_host_rsa_key' maybe chmod 0644 'ssh/ssh_host_rsa_key.pub' maybe chmod 0644 'ssh/sshd_config' +maybe chmod 0755 'ssh/sshd_config.d' maybe chmod 0755 'ssl' maybe chmod 0755 'ssl/certs' maybe chmod 0644 'ssl/certs/UbuntuOne-Go_Daddy_CA.pem' @@ -12507,7 +12569,10 @@ maybe chmod 0644 'systemd/journald.conf' maybe chmod 0644 'systemd/logind.conf' maybe chmod 0755 'systemd/network' maybe chmod 0644 'systemd/network/wired.network' +maybe chmod 0644 'systemd/networkd.conf' +maybe chmod 0644 'systemd/pstore.conf' maybe chmod 0644 'systemd/resolved.conf' +maybe chmod 0644 'systemd/sleep.conf' maybe chmod 0755 'systemd/system' maybe chmod 0644 'systemd/system.conf' maybe chmod 0755 'systemd/system.conf.d' @@ -12583,6 +12648,7 @@ maybe chmod 0640 'ufw/after.init' maybe chmod 0640 'ufw/after.rules' maybe chmod 0640 'ufw/after6.rules' maybe chmod 0755 'ufw/applications.d' +maybe chmod 0755 'ufw/applications.d/apache2' maybe chmod 0644 'ufw/applications.d/apache2-utils.ufw.profile' maybe chmod 0644 'ufw/applications.d/bind9' maybe chmod 0644 'ufw/applications.d/cups' @@ -12649,6 +12715,8 @@ maybe chmod 0755 'wpa_supplicant/action_wpa.sh' maybe chmod 0755 'wpa_supplicant/functions.sh' maybe chmod 0755 'wpa_supplicant/ifupdown.sh' maybe chmod 0755 'x2go' +maybe chmod 0755 'x2go/Xsession' +maybe chmod 0644 'x2go/Xsession.options' maybe chmod 0644 'x2go/keystrokes.cfg' maybe chmod 0755 'x2go/plugin-provider' maybe chmod 0644 'x2go/plugin-provider/x2goplugin.html' @@ -12664,6 +12732,7 @@ maybe chmod 0700 'x2go/x2gosql/passwords' maybe chmod 0600 'x2go/x2gosql/passwords/mysqladmin' maybe chmod 0600 'x2go/x2gosql/passwords/pgadmin' maybe chmod 0644 'x2go/x2gosql/sql' +maybe chmod 0644 'xattr.conf' maybe chmod 0755 'xdg' maybe chmod 0644 'xdg/Trolltech.conf' maybe chmod 0755 'xdg/autostart' @@ -12692,6 +12761,7 @@ maybe chmod 0644 'xdg/autostart/cinnamon-settings-daemon-wacom.desktop' maybe chmod 0644 'xdg/autostart/cinnamon-settings-daemon-xrandr.desktop' maybe chmod 0644 'xdg/autostart/cinnamon-settings-daemon-xsettings.desktop' maybe chmod 0644 'xdg/autostart/cinnamon-sound-applet.desktop' +maybe chmod 0644 'xdg/autostart/geoclue-demo-agent.desktop' maybe chmod 0644 'xdg/autostart/gnome-keyring-pkcs11.desktop' maybe chmod 0644 'xdg/autostart/gnome-keyring-secrets.desktop' maybe chmod 0644 'xdg/autostart/gnome-keyring-ssh.desktop' @@ -12699,6 +12769,7 @@ maybe chmod 0644 'xdg/autostart/gnome-settings-daemon.desktop' maybe chmod 0644 'xdg/autostart/gnome-user-share-obexpush.desktop' maybe chmod 0644 'xdg/autostart/gnome-user-share-webdav.desktop' maybe chmod 0644 'xdg/autostart/gsettings-data-convert.desktop' +maybe chmod 0644 'xdg/autostart/im-launch.desktop' maybe chmod 0644 'xdg/autostart/mint-ctrl-alt-backspace.desktop' maybe chmod 0644 'xdg/autostart/mintinstall-update-flatpak.desktop' maybe chmod 0644 'xdg/autostart/mintreport.desktop' @@ -12733,6 +12804,7 @@ maybe chmod 0644 'xdg/autostart/print-applet.desktop' maybe chmod 0644 'xdg/autostart/pulseaudio.desktop' maybe chmod 0644 'xdg/autostart/user-dirs-update-gtk.desktop' maybe chmod 0644 'xdg/autostart/vino-server.desktop' +maybe chmod 0644 'xdg/autostart/xapp-sn-watcher.desktop' maybe chmod 0644 'xdg/autostart/xdg-user-dirs.desktop' maybe chmod 0644 'xdg/karchive.categories' maybe chmod 0644 'xdg/kauth.categories' diff --git a/ImageMagick-6/type-urw-base35.xml b/ImageMagick-6/type-urw-base35.xml new file mode 100644 index 00000000..2f70e723 --- /dev/null +++ b/ImageMagick-6/type-urw-base35.xml @@ -0,0 +1,50 @@ + + + + + +]> + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/apparmor.d/abstractions/dri-common b/apparmor.d/abstractions/dri-common new file mode 100644 index 00000000..b5e0a5c5 --- /dev/null +++ b/apparmor.d/abstractions/dri-common @@ -0,0 +1,14 @@ +# vim:syntax=apparmor + +# This file contains common DRI-specific rules useful for GUI applications +# (needed by libdrm and similar). + + /usr/lib{,32,64}/dri/** mr, + /usr/lib/@{multiarch}/dri/** mr, + /usr/lib/fglrx/dri/** mr, + /dev/dri/ r, + /dev/dri/** rw, + /etc/drirc r, + /usr/share/drirc.d/{,*.conf} r, + owner @{HOME}/.drirc r, + diff --git a/apparmor.d/abstractions/dri-enumerate b/apparmor.d/abstractions/dri-enumerate new file mode 100644 index 00000000..e101be5c --- /dev/null +++ b/apparmor.d/abstractions/dri-enumerate @@ -0,0 +1,8 @@ +# vim:syntax=apparmor + +# This file contains common DRI-specific rules useful for GUI applications that +# needs to enumerate graphic devices (as with drmParsePciDeviceInfo() from +# libdrm). + + @{sys}/devices/pci[0-9]*/**/{device,subsystem_device,subsystem_vendor,uevent,vendor} r, + diff --git a/apparmor.d/abstractions/kde-globals-write b/apparmor.d/abstractions/kde-globals-write new file mode 100644 index 00000000..5f878e84 --- /dev/null +++ b/apparmor.d/abstractions/kde-globals-write @@ -0,0 +1,10 @@ +# vim:syntax=apparmor +# Rules for changing KDE settings (for KFileDialog and other). + + # User files + + owner @{HOME}/.config/#[0-9]* rw, + owner @{HOME}/.config/kdeglobals rw, + owner @{HOME}/.config/kdeglobals.?????? rwl -> @{HOME}/.config/#[0-9]*, + owner @{HOME}/.config/kdeglobals.lock rwk, + diff --git a/apparmor.d/abstractions/kde-icon-cache-write b/apparmor.d/abstractions/kde-icon-cache-write new file mode 100644 index 00000000..d37fb3b8 --- /dev/null +++ b/apparmor.d/abstractions/kde-icon-cache-write @@ -0,0 +1,7 @@ +# vim:syntax=apparmor +# Rules for writing KDE icon cache + + # User files + + owner @{HOME}/.cache/icon-cache.kcache rw, # for KIconLoader + diff --git a/apparmor.d/abstractions/kde-language-write b/apparmor.d/abstractions/kde-language-write new file mode 100644 index 00000000..8e953992 --- /dev/null +++ b/apparmor.d/abstractions/kde-language-write @@ -0,0 +1,12 @@ +# vim:syntax=apparmor +# Rules for changing per-application language settings on KDE. Some KDE +# applications have "Help -> Switch Application Language..." option, that needs +# write access to language settings file. + + # User files + + owner @{HOME}/.config/#[0-9]* rw, + owner @{HOME}/.config/klanguageoverridesrc rw, + owner @{HOME}/.config/klanguageoverridesrc.?????? rwl -> @{HOME}/.config/#[0-9]*, + owner @{HOME}/.config/klanguageoverridesrc.lock rwk, + diff --git a/apparmor.d/abstractions/mesa b/apparmor.d/abstractions/mesa new file mode 100644 index 00000000..be699c77 --- /dev/null +++ b/apparmor.d/abstractions/mesa @@ -0,0 +1,17 @@ +# vim:syntax=apparmor +# Rules for Mesa implementation of the OpenGL API + + # System files + /dev/dri/ r, # libGLX_mesa.so calls drmGetDevice2() + + # Needed to check if the kernel supports the i915 perf interface + # (src/intel/perf/gen_perf.c, load_oa_metrics()) + @{PROC}/sys/dev/i915/perf_stream_paranoid r, + + # User files + owner @{HOME}/.cache/ w, # if user clears all caches + owner @{HOME}/.cache/mesa_shader_cache/ w, + owner @{HOME}/.cache/mesa_shader_cache/index rw, + owner @{HOME}/.cache/mesa_shader_cache/??/ w, + owner @{HOME}/.cache/mesa_shader_cache/??/* rwk, + diff --git a/apparmor.d/abstractions/opencl b/apparmor.d/abstractions/opencl new file mode 100644 index 00000000..32a21b2a --- /dev/null +++ b/apparmor.d/abstractions/opencl @@ -0,0 +1,9 @@ +# vim:syntax=apparmor +# OpenCL access requirements + + # TODO: use conditionals to select allowed implementations + #include + #include + #include + #include + diff --git a/apparmor.d/abstractions/opencl-common b/apparmor.d/abstractions/opencl-common new file mode 100644 index 00000000..0ad3d559 --- /dev/null +++ b/apparmor.d/abstractions/opencl-common @@ -0,0 +1,10 @@ +# vim:syntax=apparmor +# implementation-independent OpenCL access requirements + + # System files + + /etc/OpenCL/** r, + @{sys}/bus/pci/devices/ r, # libpocl.so -> libhwlock.so, libnvidia-opencl.so, beignet/libcl.so -> libdrm_intel.so + @{sys}/devices/system/node/ r, # for clGetPlatformIDs() from libOpenCL.so + @{sys}/devices/system/node/node[0-9]*/meminfo r, # for clGetPlatformIDs() from libOpenCL.so + diff --git a/apparmor.d/abstractions/opencl-intel b/apparmor.d/abstractions/opencl-intel new file mode 100644 index 00000000..353eeca2 --- /dev/null +++ b/apparmor.d/abstractions/opencl-intel @@ -0,0 +1,17 @@ +# vim:syntax=apparmor +# OpenCL access requirements for Intel implementation + + #include + + # for libcl.so (libOpenCL.so -> beignet/libcl.so calls XOpenDisplay()) + #include + + # for libOpenCL.so -> beignet/libcl.so -> libpciaccess.so + #include + + # System files + + /dev/dri/card[0-9]* rw, # beignet/libcl.so + @{sys}/devices/pci[0-9]*/**/{class,config,resource,revision} r, # libcl.so -> libdrm_intel.so -> libpciaccess.so (move to dri-enumerate ?) + /usr/lib/@{multiarch}/beignet/** r, + diff --git a/apparmor.d/abstractions/opencl-mesa b/apparmor.d/abstractions/opencl-mesa new file mode 100644 index 00000000..9d7f82b2 --- /dev/null +++ b/apparmor.d/abstractions/opencl-mesa @@ -0,0 +1,20 @@ +# vim:syntax=apparmor +# OpenCL access requirements for Mesa implementation + + #include + + # Additional libraries + + /usr/lib/@{multiarch}/gallium-pipe/*.so mr, # libMesaOpenCL.so + /usr/lib{,64}/gallium-pipe/*.so mr, # libMesaOpenCL.so on openSUSE + + # System files + + /dev/dri/ r, # libMesaOpenCL.so -> libdrm.so + /dev/dri/render* rw, # libMesaOpenCL.so + /etc/drirc r, # libMesaOpenCL.so + + # User files + + owner @{HOME}/.cache/mesa_shader_cache/{,**} rw, # libMesaOpenCL.so -> pipe_nouveau.so + diff --git a/apparmor.d/abstractions/opencl-nvidia b/apparmor.d/abstractions/opencl-nvidia new file mode 100644 index 00000000..8a4764ec --- /dev/null +++ b/apparmor.d/abstractions/opencl-nvidia @@ -0,0 +1,30 @@ +# vim:syntax=apparmor +# OpenCL access requirements for NVIDIA implementation + + #include + #include + + # Executables + + # https://github.com/NVIDIA/nvidia-modprobe + # This setuid executable is used to create various device files and load the + # the nvidia kernel module. + /usr/bin/nvidia-modprobe Px -> nvidia_modprobe, + + # System files + + # libnvidia-opencl.so rules: + /dev/nvidia-uvm rw, + /dev/nvidia-uvm-tools rw, + @{sys}/devices/pci[0-9]*/**/config r, + @{sys}/devices/system/memory/block_size_bytes r, + /usr/share/nvidia/** r, + @{PROC}/devices r, + @{PROC}/sys/vm/mmap_min_addr r, + + # User files + + owner @{HOME}/.nv/ComputeCache/ w, + owner @{HOME}/.nv/ComputeCache/** rw, + owner @{HOME}/.nv/ComputeCache/index rwk, + diff --git a/apparmor.d/abstractions/opencl-pocl b/apparmor.d/abstractions/opencl-pocl new file mode 100644 index 00000000..054689ab --- /dev/null +++ b/apparmor.d/abstractions/opencl-pocl @@ -0,0 +1,76 @@ +# vim:syntax=apparmor +# OpenCL access requirements for POCL implementation + + #include + + # Executables + + /usr/bin/{,@{multiarch}-}ld.bfd Cx -> opencl_pocl_ld, + /usr/lib/llvm-[0-9]*.[0-9]*/bin/clang Cx -> opencl_pocl_clang, + + # System files + + / r, # libpocl.so -> libhwloc.so + @{sys}/bus/pci/slots/ r, # libpocl.so -> hwloc_topology_load() from libhwloc.so + @{sys}/bus/{cpu,node}/devices/ r, # libpocl.so -> libhwlock.so + @{sys}/class/net/ r, # libpocl.so -> hwloc_pci_traverse_lookuposdevices_cb() from libhwloc.so + @{sys}/devices/pci[0-9]*/**/ r, # for libpocl -> hwloc_linux_lookup_block_class() from libhwloc.so + @{sys}/devices/pci[0-9]*/**/block/*/dev r, # libpocl.so -> hwloc_linux_lookup_host_block_class() from libhwloc.so + @{sys}/devices/pci[0-9]*/**/{class,local_cpus} r, # libpocl.so -> libhwlock.so + @{sys}/devices/pci[0-9]*/*/net/*/address r, # libpocl.so -> hwloc_pci_traverse_lookuposdevices_cb() from libhwloc.so + @{sys}/devices/system/cpu/ r, # libpocl.so -> libnuma.so + @{sys}/devices/system/cpu/cpu[0-9]*/cache/index[0-9]*/* r, # libpocl.so -> libhwloc.so + @{sys}/devices/system/cpu/cpu[0-9]*/online r, # libpocl.so -> libhwlock.so + @{sys}/devices/system/cpu/cpu[0-9]*/topology/* r, # *_siblings, physical_package_id and lot's of others, for libpocl.so -> libhwloc.so + @{sys}/devices/system/cpu/cpufreq/policy[0-9]*/* r, # for clGetPlatformIDs() from libpocl.so + @{sys}/devices/system/cpu/possible r, # libpocl.so -> libhwloc.so + @{sys}/devices/virtual/dmi/id/{,*} r, # libpocl.so -> libhwloc.so + @{sys}/fs/cgroup/cpuset/cpuset.{cpus,mems} r, # libpocl.so -> libhwloc.so + @{sys}/kernel/mm/hugepages{/,/**} r, # libpocl.so -> libhwloc.so + /usr/share/pocl/** r, + /{,var/}run/udev/data/*:* r, # libpocl.so -> hwloc_linux_block_class_fillinfos() from libhwloc.so + + # User files + + owner @{HOME}/.cache/pocl/ w, + owner @{HOME}/.cache/pocl/kcache/ w, + owner @{HOME}/.cache/pocl/kcache/** rw, + owner @{HOME}/.cache/pocl/kcache/**.so mrw, # dangerous! + owner @{PROC}/@{pid}/{cgroup,cpuset,status} r, # libpocl.so -> libhwloc.so, status for libpocl.so -> libnuma.so + + # Child profiles + + profile opencl_pocl_ld { + #include + + # Main executables + + /usr/bin/{,@{multiarch}-}ld.bfd mr, + + # User files + + owner @{HOME}/.cache/pocl/kcache/tempfile*.so rw, + owner @{HOME}/.cache/pocl/kcache/**.so.o r, + } + + profile opencl_pocl_clang { + #include + + # Main executables + + /usr/lib/llvm-[0-9]*.[0-9]*/bin/clang mr, + + # Additional executables + + /usr/bin/{,@{multiarch}-}ld.bfd ix, # TODO: transfer to opencl_ld child profile? + + # System files + + /etc/debian-version r, + /etc/lsb-release r, + + # User files + + owner @{HOME}/.cache/pocl/kcache/*/*/*/*/*.so{,.o} rw, + } + diff --git a/apparmor.d/abstractions/qt5 b/apparmor.d/abstractions/qt5 new file mode 100644 index 00000000..66a574bf --- /dev/null +++ b/apparmor.d/abstractions/qt5 @@ -0,0 +1,22 @@ +# vim:syntax=apparmor +# Common rules for Qt5-based applications + + # Additional libraries + + /usr/lib{,64,/@{multiarch}}/qt5/plugins/**.so mr, + /usr/lib{,64,/@{multiarch}}/qt5/qml/**.so mr, + /usr/lib{,64,/@{multiarch}}/qt5/qml/**.{qmlc,jsc} mr, # Precompiled QML/JavaScript modules + + # System files + + /etc/xdg/QtProject/qtlogging.ini r, + /usr/share/qt5/translations/*.qm r, + /usr/lib{,64,/@{multiarch}}/qt5/plugins/** r, + /usr/lib{,64,/@{multiarch}}/qt5/qml/** r, + + # User files + + owner @{HOME}/.config/QtProject/qtlogging.ini r, + owner @{HOME}/.config/QtProject.conf r, # common settings for QFileDialog, etc (application might need write access) + owner @{HOME}/.cache/qt_compose_cache_{little,big}_endian_* r, # for "platforminputcontexts" plugins + diff --git a/apparmor.d/abstractions/qt5-compose-cache-write b/apparmor.d/abstractions/qt5-compose-cache-write new file mode 100644 index 00000000..38cb2348 --- /dev/null +++ b/apparmor.d/abstractions/qt5-compose-cache-write @@ -0,0 +1,8 @@ +# vim:syntax=apparmor +# Allow writing cache for Qt5 "platforminputcontexts" plugins + + # User files + + owner @{HOME}/.cache/qt_compose_cache_{little,big}_endian_* rwl -> @{HOME}/.cache/#[0-9]*[0-9], + owner @{HOME}/.cache/#[0-9]*[0-9] rw, # QSaveFile (anonymous shared memory) + diff --git a/apparmor.d/abstractions/qt5-settings-write b/apparmor.d/abstractions/qt5-settings-write new file mode 100644 index 00000000..07d10972 --- /dev/null +++ b/apparmor.d/abstractions/qt5-settings-write @@ -0,0 +1,11 @@ +# vim:syntax=apparmor +# Allow writing shared settings for Qt-based applications + + # User files + + owner @{HOME}/.config/#[0-9]*[0-9] rw, + owner @{HOME}/.config/QtProject.conf rwl -> @{HOME}/.config/#[0-9]*[0-9], + # for temporary files like QtProject.conf.Aqrgeb + owner @{HOME}/.config/QtProject.conf.?????? rwl -> @{HOME}/.config/#[0-9]*[0-9], + owner @{HOME}/.config/QtProject.conf.lock rwk, + diff --git a/apparmor.d/abstractions/recent-documents-write b/apparmor.d/abstractions/recent-documents-write new file mode 100644 index 00000000..d95febb8 --- /dev/null +++ b/apparmor.d/abstractions/recent-documents-write @@ -0,0 +1,10 @@ +# vim:syntax=apparmor +# Allow updating recent documents + + # User files + + owner @{HOME}/.local/share/RecentDocuments/ rw, + owner @{HOME}/.local/share/RecentDocuments/#[0-9]* rw, + owner @{HOME}/.local/share/RecentDocuments/*.desktop rwl -> @{HOME}/.local/share/RecentDocuments/#[0-9]*, + owner @{HOME}/.local/share/RecentDocuments/*.lock rwk, + diff --git a/apparmor.d/abstractions/vulkan b/apparmor.d/abstractions/vulkan new file mode 100644 index 00000000..7f0d8cb9 --- /dev/null +++ b/apparmor.d/abstractions/vulkan @@ -0,0 +1,15 @@ +# vim:syntax=apparmor +# Vulkan access requirements + + # System files + /dev/dri/ r, # libvulkan_radeon.so, libvulkan_intel.so (Mesa) + /etc/vulkan/icd.d/{,*.json} r, + /etc/vulkan/{explicit,implicit}_layer.d/{,*.json} r, + # for drmGetMinorNameForFD() from libvulkan_intel.so (Mesa) + @{sys}/devices/pci[0-9]*/*/drm/ r, + /usr/share/vulkan/icd.d/{,*.json} r, + /usr/share/vulkan/{explicit,implicit}_layer.d/{,*.json} r, + + # User files + owner @{HOME}/.local/share/vulkan/implicit_layer.d/{,*.json} r, + diff --git a/apparmor.d/local/lsb_release b/apparmor.d/local/lsb_release new file mode 100644 index 00000000..e69de29b diff --git a/apparmor.d/local/nvidia_modprobe b/apparmor.d/local/nvidia_modprobe new file mode 100644 index 00000000..e69de29b diff --git a/apparmor.d/lsb_release b/apparmor.d/lsb_release new file mode 100644 index 00000000..5c05ba4d --- /dev/null +++ b/apparmor.d/lsb_release @@ -0,0 +1,50 @@ +# Note: This profile does not specify an attachment path because it is +# intended to be used only via "Px -> lsb_release" exec transitions from +# other profiles. We want to confine the lsb_release(1) utility when it +# is invoked from other confined applications, but not when it is used +# in regular (unconfined) shell scripts or run directly by the user. + +#include + +# Do not attach to /usr/bin/lsb_release by default +profile lsb_release { + #include + #include + + owner @{PROC}/@{pid}/fd/ r, + + /dev/tty rw, + + /usr/bin/lsb_release r, + /usr/bin/python3.[0-9] mr, + + /etc/debian_version r, + /etc/default/apport r, + /etc/dpkg/origins/** r, + /etc/lsb-release r, + /etc/lsb-release.d/ r, + + /{usr/,}bin/bash ixr, + /{usr/,}bin/dash ixr, + /usr/bin/basename ixr, + /usr/bin/dpkg-query ixr, + /usr/bin/getopt ixr, + /usr/bin/sed ixr, + /usr/bin/tr ixr, + + # TODO - many more permissions needed for this to work + deny /usr/bin/apt-cache x, + + /usr/bin/ r, + /usr/include/python*/pyconfig.h r, + /usr/share/distro-info/** r, + /usr/share/dpkg/** r, + /usr/share/terminfo/** r, + /var/lib/dpkg/** r, + + # file_inherit + deny /tmp/gtalkplugin.log w, + + # Site-specific additions and overrides. See local/README for details. + #include +} diff --git a/apparmor.d/nvidia_modprobe b/apparmor.d/nvidia_modprobe new file mode 100644 index 00000000..01f714ca --- /dev/null +++ b/apparmor.d/nvidia_modprobe @@ -0,0 +1,63 @@ +# vim:syntax=apparmor + +#include + +profile nvidia_modprobe { + #include + + # Capabilities + + capability chown, + capability mknod, + capability setuid, + capability sys_admin, + + # Main executable + + /usr/bin/nvidia-modprobe mr, + + # Other executables + + /usr/bin/kmod Cx -> kmod, + + # System files + + /dev/nvidia-uvm w, + /dev/nvidia-uvm-tools w, + @{sys}/bus/pci/devices/ r, + @{sys}/devices/pci[0-9]*/**/config r, + @{PROC}/devices r, + @{PROC}/modules r, + @{PROC}/sys/kernel/modprobe r, + + # Child profiles + + profile kmod { + #include + + # Capabilities + + capability sys_module, + + # Main executable + + /usr/bin/kmod mrix, + + # Other executables + + /{,usr/}bin/{,ba,da}sh ix, + + # System files + + /etc/modprobe.d/{,*.conf} r, + /etc/nvidia/current/*.conf r, + @{sys}/module/ipmi_devintf/initstate r, + @{sys}/module/ipmi_msghandler/initstate r, + @{sys}/module/nvidia/initstate r, + @{PROC}/cmdline r, + } + + # Site-specific additions and overrides. See local/README for details. + #include +} + diff --git a/apparmor.d/tunables/share b/apparmor.d/tunables/share new file mode 100644 index 00000000..f41121c8 --- /dev/null +++ b/apparmor.d/tunables/share @@ -0,0 +1,15 @@ +@{flatpak_exports_root} = {flatpak/exports,flatpak/{app,runtime}/*/*/*/*/export} + +# System-wide directories with behaviour analogous to /usr/share +# in patterns like the freedesktop.org basedir spec. These are +# owned by root or a system user, appear in XDG_DATA_DIRS, and +# are the parent directory for `applications`, `themes`, +# `dbus-1/services`, etc. +@{system_share_dirs} = /{usr,usr/local,var/lib/@{flatpak_exports_root}}/share + +# Per-user/personal directories with behaviour analogous to +# ~/.local/share in patterns like the freedesktop.org basedir spec. +# These are owned by the user running an application, appear in +# XDG_DATA_DIRS or XDG_DATA_HOME, and are the parent directory +# for the same subdirectories as @{system_share_dirs} +@{user_share_dirs} = @{HOME}/.local{,/share/@{flatpak_exports_root}}/share diff --git a/apparmor.d/tunables/sys b/apparmor.d/tunables/sys new file mode 100644 index 00000000..c5257e30 --- /dev/null +++ b/apparmor.d/tunables/sys @@ -0,0 +1,9 @@ +# Copyright (C) 2012 Canonical Ltd. +# +# This program is free software; you can redistribute it and/or +# modify it under the terms of version 2 of the GNU General Public +# License published by the Free Software Foundation. +# +# ------------------------------------------------------------------ + +#This file is DEPRECATED! @{sys} is defined in tunables/kernelvars now. diff --git a/apt/preferences.d/nosnap.pref b/apt/preferences.d/nosnap.pref new file mode 100644 index 00000000..6c5a93be --- /dev/null +++ b/apt/preferences.d/nosnap.pref @@ -0,0 +1,7 @@ +# To prevent repository packages from triggering the installation of Snap, +# this file forbids snapd from being installed by APT. +# For more information: https://linuxmint-user-guide.readthedocs.io/en/latest/snap.html + +Package: snapd +Pin: release a=* +Pin-Priority: -10 diff --git a/cups/printers.conf b/cups/printers.conf index e89b819b..845be671 100644 --- a/cups/printers.conf +++ b/cups/printers.conf @@ -2,14 +2,14 @@ # Written by cupsd # DO NOT EDIT THIS FILE WHEN CUPSD IS RUNNING -UUID urn:uuid:d9682c07-5793-3acb-62ff-09affed6ac13 +UUID urn:uuid:eb25fb10-fb06-3141-7db1-2a5d2b9246c2 Info Location MakeModel Color LaserJet MFP M277dw -DeviceURI ipp://NPI9D0E59.local:631/ipp/print +DeviceURI ipps://NPI9D0E59.local:443/ipp/print State Idle -StateTime 1651060888 -ConfigTime 1651060891 +StateTime 1651061482 +ConfigTime 1651137013 Type 4188 Accepting Yes Shared No @@ -19,5 +19,4 @@ PageLimit 0 KLimit 0 OpPolicy default ErrorPolicy retry-job -Option cups-browsed true diff --git a/cups/printers.conf.O b/cups/printers.conf.O index f5c161cf..1dcdab97 100644 --- a/cups/printers.conf.O +++ b/cups/printers.conf.O @@ -2,14 +2,14 @@ # Written by cupsd # DO NOT EDIT THIS FILE WHEN CUPSD IS RUNNING -UUID urn:uuid:62204677-8cbd-313c-49ec-18a22b4327c1 +UUID urn:uuid:eb25fb10-fb06-3141-7db1-2a5d2b9246c2 Info Location MakeModel Color LaserJet MFP M277dw DeviceURI ipp://NPI9D0E59.local:631/ipp/print State Idle -StateTime 1651059158 -ConfigTime 1651059162 +StateTime 1651061482 +ConfigTime 1651061485 Type 4188 Accepting Yes Shared No diff --git a/default/rpcbind b/default/rpcbind new file mode 100644 index 00000000..67a9654e --- /dev/null +++ b/default/rpcbind @@ -0,0 +1,12 @@ +# /etc/init.d/rpcbind + +OPTIONS="" + +# Cause rpcbind to do a "warm start" utilizing a state file (default) +OPTIONS="-w" + +# Uncomment the following line to restrict rpcbind to localhost only for UDP requests +# OPTIONS="${OPTIONS} -h 127.0.0.1 -h ::1" + +# Uncomment the following line to enable libwrap TCP-Wrapper connection logging +# OPTIONS="${OPTIONS} -l " diff --git a/environment.d/90atk-adaptor.conf b/environment.d/90atk-adaptor.conf new file mode 100644 index 00000000..67b1a357 --- /dev/null +++ b/environment.d/90atk-adaptor.conf @@ -0,0 +1 @@ +GTK_MODULES=${GTK_MODULES:+$GTK_MODULES:}gail:atk-bridge diff --git a/environment.d/90qt-a11y.conf b/environment.d/90qt-a11y.conf new file mode 100644 index 00000000..46a63b29 --- /dev/null +++ b/environment.d/90qt-a11y.conf @@ -0,0 +1 @@ +QT_ACCESSIBILITY=1 diff --git a/ethertypes b/ethertypes new file mode 100644 index 00000000..caa9f56b --- /dev/null +++ b/ethertypes @@ -0,0 +1,45 @@ +# Ethernet frame types +# +# The EtherType is a two-octet field of Ethernet frames used to indicate +# which protocol is contained in their payload. +# +# More entries, mostly historical, can be found on: +# https://www.iana.org/assignments/ieee-802-numbers/ +# http://standards-oui.ieee.org/ethertype/eth.txt +# +# ... # Comment +# +IPv4 0800 ip ip4 # IP (IPv4) +X25 0805 +ARP 0806 ether-arp # Address Resolution Protocol +FR_ARP 0808 # Frame Relay ARP [RFC1701] +BPQ 08FF # G8BPQ AX.25 over Ethernet +TRILL 22F3 # TRILL [RFC6325] +L2-IS-IS 22F4 # TRILL IS-IS [RFC6325] +TEB 6558 # Transparent Ethernet Bridging [RFC1701] +RAW_FR 6559 # Raw Frame Relay [RFC1701] +RARP 8035 # Reverse ARP [RFC903] +ATALK 809B # Appletalk +AARP 80F3 # Appletalk Address Resolution Protocol +802_1Q 8100 8021q 1q 802.1q dot1q # VLAN tagged frame [802.1q] +IPX 8137 # Novell IPX +NetBEUI 8191 # NetBEUI +IPv6 86DD ip6 # IP version 6 +PPP 880B # Point-to-Point Protocol +MPLS 8847 # MPLS [RFC5332] +MPLS_MULTI 8848 # MPLS with upstream-assigned label [RFC5332] +ATMMPOA 884C # MultiProtocol over ATM +PPP_DISC 8863 # PPP over Ethernet discovery stage +PPP_SES 8864 # PPP over Ethernet session stage +ATMFATE 8884 # Frame-based ATM Transport over Ethernet +EAPOL 888E # EAP over LAN [802.1x] +S-TAG 88A8 # QinQ Service VLAN tag identifier [802.1q] +EAP_PREAUTH 88C7 # EAPOL Pre-Authentication [802.11i] +LLDP 88CC # Link Layer Discovery Protocol [802.1ab] +MACSEC 88E5 # Media Access Control Security [802.1ae] +PBB 88E7 macinmac # Provider Backbone Bridging [802.1ah] +MVRP 88F5 # Multiple VLAN Registration Protocol [802.1q] +PTP 88F7 # Precision Time Protocol +FCOE 8906 # Fibre Channel over Ethernet +FIP 8914 # FCoE Initialization Protocol +ROCE 8915 # RDMA over Converged Ethernet diff --git a/fail2ban/action.d/nftables.conf b/fail2ban/action.d/nftables.conf new file mode 100644 index 00000000..c1fb8550 --- /dev/null +++ b/fail2ban/action.d/nftables.conf @@ -0,0 +1,203 @@ +# Fail2Ban configuration file +# +# Author: Daniel Black +# Author: Cyril Jaquier +# Modified: Yaroslav O. Halchenko +# made active on all ports from original iptables.conf +# Modified: Alexander Belykh +# adapted for nftables +# +# This is a included configuration file and includes the definitions for the nftables +# used in all nftables based actions by default. +# +# The user can override the defaults in nftables-common.local +# Example: redirect flow to honeypot +# +# [Init] +# table_family = ip +# chain_type = nat +# chain_hook = prerouting +# chain_priority = -50 +# blocktype = counter redirect to 2222 + +[INCLUDES] + +after = nftables-common.local + +[Definition] + +# Option: type +# Notes.: type of the action. +# Values: [ multiport | allports ] Default: multiport +# +type = multiport + +rule_match-custom = +rule_match-allports = meta l4proto \{ \} +rule_match-multiport = $proto dport \{ \} +match = > + +# Option: rule_stat +# Notes.: statement for nftables filter rule. +# leaving it empty will block all (include udp and icmp) +# Values: nftables statement +# +rule_stat = %(match)s saddr @ + +# optional interator over protocol's: +_nft_for_proto-custom-iter = +_nft_for_proto-custom-done = +_nft_for_proto-allports-iter = +_nft_for_proto-allports-done = +_nft_for_proto-multiport-iter = for proto in $(echo '' | sed 's/,/ /g'); do +_nft_for_proto-multiport-done = done + +_nft_list = -a list chain +_nft_get_handle_id = grep -oP '@\s+.*\s+\Khandle\s+(\d+)$' + +_nft_add_set = add set
\{ type \; \} + <_nft_for_proto--iter> + add rule
%(rule_stat)s + <_nft_for_proto--done> +_nft_del_set = { %(_nft_list)s | %(_nft_get_handle_id)s; } | while read -r hdl; do + delete rule
$hdl; done + delete set
+ +# Option: _nft_shutdown_table +# Notes.: command executed after the stop in order to delete table (it checks that no sets are available): +# Values: CMD +# +_nft_shutdown_table = { list table
| grep -qP '^\s+set\s+'; } || { + delete table
+ } + +# Option: actionstart +# Notes.: command executed on demand at the first ban (or at the start of Fail2Ban if actionstart_on_demand is set to false). +# Values: CMD +# +actionstart = add table
+ -- add chain
\{ type hook priority \; \} + %(_nft_add_set)s + +# Option: actionflush +# Notes.: command executed once to flush IPS, by shutdown (resp. by stop of the jail or this action); +# uses `nft flush set ...` and as fallback (e. g. unsupported) recreates the set (with references) +# Values: CMD +# +actionflush = { flush set
2> /dev/null; } || { + %(_nft_del_set)s + %(_nft_add_set)s + } + +# Option: actionstop +# Notes.: command executed at the stop of jail (or at the end of Fail2Ban) +# Values: CMD +# +actionstop = %(_nft_del_set)s + <_nft_shutdown_table> + +# Option: actioncheck +# Notes.: command executed once before each actionban command +# Values: CMD +# +actioncheck = list chain
| grep -q '@[ \t]' + +# Option: actionban +# Notes.: command executed when banning an IP. Take care that the +# command is executed with Fail2Ban user rights. +# Tags: See jail.conf(5) man page +# Values: CMD +# +actionban = add element
\{ \} + +# Option: actionunban +# Notes.: command executed when unbanning an IP. Take care that the +# command is executed with Fail2Ban user rights. +# Tags: See jail.conf(5) man page +# Values: CMD +# +actionunban = delete element
\{ \} + +[Init] + +# Option: table +# Notes.: main table to store chain and sets (automatically created on demand) +# Values: STRING Default: f2b-table +table = f2b-table + +# Option: table_family +# Notes.: address family to work in +# Values: [ip | ip6 | inet] Default: inet +table_family = inet + +# Option: chain +# Notes.: main chain to store rules +# Values: STRING Default: f2b-chain +chain = f2b-chain + +# Option: chain_type +# Notes.: refers to the kind of chain to be created +# Values: [filter | route | nat] Default: filter +# +chain_type = filter + +# Option: chain_hook +# Notes.: refers to the kind of chain to be created +# Values: [ prerouting | input | forward | output | postrouting ] Default: input +# +chain_hook = input + +# Option: chain_priority +# Notes.: priority in the chain. +# Values: NUMBER Default: -1 +# +chain_priority = -1 + +# Option: addr_type +# Notes.: address type to work with +# Values: [ipv4_addr | ipv6_addr] Default: ipv4_addr +# +addr_type = ipv4_addr + +# Default name of the filtering set +# +name = default + +# Option: port +# Notes.: specifies port to monitor +# Values: [ NUM | STRING ] Default: +# +port = ssh + +# Option: protocol +# Notes.: internally used by config reader for interpolations. +# Values: [ tcp | udp ] Default: tcp +# +protocol = tcp + +# Option: blocktype +# Note: This is what the action does with rules. This can be any jump target +# as per the nftables man page (section 8). Common values are drop, +# reject, reject with icmpx type host-unreachable, redirect to 2222 +# Values: STRING +blocktype = reject + +# Option: nftables +# Notes.: Actual command to be executed, including common to all calls options +# Values: STRING +nftables = nft + +# Option: addr_set +# Notes.: The name of the nft set used to store banned addresses +# Values: STRING +addr_set = addr-set- + +# Option: addr_family +# Notes.: The family of the banned addresses +# Values: [ ip | ip6 ] +addr_family = ip + +[Init?family=inet6] +addr_family = ip6 +addr_type = ipv6_addr +addr_set = addr6-set- diff --git a/fail2ban/filter.d/bitwarden.conf b/fail2ban/filter.d/bitwarden.conf new file mode 100644 index 00000000..29bd4be8 --- /dev/null +++ b/fail2ban/filter.d/bitwarden.conf @@ -0,0 +1,6 @@ +# Fail2Ban filter for Bitwarden +# Detecting failed login attempts +# Logged in bwdata/logs/identity/Identity/log.txt + +[Definition] +failregex = ^\s*\[WRN\]\s+Failed login attempt(?:, 2FA invalid)?\. $ diff --git a/fail2ban/filter.d/centreon.conf b/fail2ban/filter.d/centreon.conf new file mode 100644 index 00000000..fd3c8482 --- /dev/null +++ b/fail2ban/filter.d/centreon.conf @@ -0,0 +1,9 @@ +# Fail2Ban filter for Centreon Web +# Detecting unauthorized access to the Centreon Web portal +# typically logged in /var/log/centreon/login.log + +[Init] +datepattern = ^%%Y-%%m-%%d %%H:%%M:%%S + +[Definition] +failregex = ^(?:\|-?\d+){3}\|\[[^\]]*\] \[\] Authentication failed for '[^']+' diff --git a/fail2ban/filter.d/traefik-auth.conf b/fail2ban/filter.d/traefik-auth.conf new file mode 100644 index 00000000..8321a138 --- /dev/null +++ b/fail2ban/filter.d/traefik-auth.conf @@ -0,0 +1,56 @@ +# Fail2ban filter configuration for traefik :: auth +# used to ban hosts, that were failed through traefik +# +# Author: CrazyMax +# +# To use 'traefik-auth' filter you have to configure your Traefik instance to write +# the access logs as describe in https://docs.traefik.io/configuration/logs/#access-logs +# into a log file on host and specifiy users for Basic Authentication +# https://docs.traefik.io/configuration/entrypoints/#basic-authentication +# +# Example: +# +# version: "3.2" +# +# services: +# traefik: +# image: traefik:latest +# command: +# - "--loglevel=INFO" +# - "--accesslog=true" +# - "--accessLog.filePath=/var/log/access.log" +# # - "--accessLog.filters.statusCodes=400-499" +# - "--defaultentrypoints=http,https" +# - "--entryPoints=Name:http Address::80" +# - "--entryPoints=Name:https Address::443 TLS" +# - "--docker.domain=example.com" +# - "--docker.watch=true" +# - "--docker.exposedbydefault=false" +# - "--api=true" +# - "--api.dashboard=true" +# ports: +# - target: 80 +# published: 80 +# protocol: tcp +# mode: host +# - target: 443 +# published: 443 +# protocol: tcp +# mode: host +# labels: +# - "traefik.enable=true" +# - "traefik.port=8080" +# - "traefik.backend=traefik" +# - "traefik.frontend.rule=Host:traefik.example.com" +# - "traefik.frontend.auth.basic.users=test:$$apr1$$H6uskkkW$$IgXLP6ewTrSuBkTrqE8wj/" +# volumes: +# - "/var/log/traefik:/var/log" +# - "/var/run/docker.sock:/var/run/docker.sock" +# restart: always +# + +[Definition] + +failregex = ^ \- (?!- )\S+ \[\] \"(GET|POST|HEAD) [^\"]+\" 401\b + +ignoreregex = diff --git a/fail2ban/filter.d/znc-adminlog.conf b/fail2ban/filter.d/znc-adminlog.conf new file mode 100644 index 00000000..8faa25e3 --- /dev/null +++ b/fail2ban/filter.d/znc-adminlog.conf @@ -0,0 +1,34 @@ +# Fail2Ban filter for ZNC (requires adminlog module) +# +# to use this module, enable the adminlog module from within ZNC and point +# logpath to its logfile (e.g. /var/lib/znc/moddata/adminlog/znc.log). + +[DEFAULT] + +logtype = file + +[Definition] + +_daemon = znc + +# Prefix for different logtype (file, journal): +# +__prefix_file = (?:\[\]\s+)? +__prefix_short = (?:\S+\s+%(_daemon)s\[\d+\]:)\s+ +__prefix_journal = %(__prefix_short)s + +__prefix_line = <__prefix_> + +failregex = ^%(__prefix_line)s\[[^]]+\] failed to login from + +ignoreregex = + +journalmatch = _SYSTEMD_UNIT=znc.service + _COMM=znc + +# DEV Notes: +# Log format is: [] [] from +# [2018-10-27 01:40:17] [girst] connected to ZNC from 1.2.3.4 +# [2018-10-27 01:40:21] [girst] disconnected from ZNC from 1.2.3.4 +# [2018-10-27 01:40:55] [girst] failed to login from 1.2.3.4 +# +# Author: Tobias Girstmair (//gir.st/) diff --git a/fonts/conf.avail/56-language-selector-ar.conf b/fonts/conf.avail/56-language-selector-ar.conf new file mode 100644 index 00000000..6a1f3e76 --- /dev/null +++ b/fonts/conf.avail/56-language-selector-ar.conf @@ -0,0 +1,28 @@ + + + + + + ar + + + sans-serif + + + Noto Sans + Noto Sans Arabic UI + + + + + ar + + + serif + + + Noto Serif + Noto Naskh Arabic + + + diff --git a/fonts/conf.d/56-language-selector-ar.conf b/fonts/conf.d/56-language-selector-ar.conf new file mode 120000 index 00000000..c8a386b8 --- /dev/null +++ b/fonts/conf.d/56-language-selector-ar.conf @@ -0,0 +1 @@ +../conf.avail/56-language-selector-ar.conf \ No newline at end of file diff --git a/icinga2/init.conf b/icinga2/init.conf new file mode 100644 index 00000000..16a90419 --- /dev/null +++ b/icinga2/init.conf @@ -0,0 +1,7 @@ +/** + * This file is read by Icinga 2 before the main + * configuration file (icinga2.conf) is processed. + */ + +const RunAsUser = "nagios" +const RunAsGroup = "nagios" diff --git a/insserv.conf.d/mariadb b/insserv.conf.d/mariadb new file mode 100644 index 00000000..cb29a547 --- /dev/null +++ b/insserv.conf.d/mariadb @@ -0,0 +1 @@ +$database mysql diff --git a/letsencrypt/csr/3430_csr-certbot.pem b/letsencrypt/csr/3430_csr-certbot.pem new file mode 100644 index 00000000..5ac9440a --- /dev/null +++ b/letsencrypt/csr/3430_csr-certbot.pem @@ -0,0 +1,16 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIICdTCCAV0CAQIwADCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALFO +lXdEd27wSNbshxt0szWniDHtC2ayB8hRhew+SPALJoX0riLgCdW7JVcwnbWa5yyc +8qUiXC9vuVirUBaw6I28HCiwQquaB6i5qpBPeQF69aPoGdIqQTWEdSzzMAOnXEZ/ +veJfWg5Pdn6uvMF9xa3iMex9EMOsGribWFhWvw5E3wwOX1BRFZFrlsAR8C/F9ksr +ohCcu6k3VD7sgpk+a1BjbW/iI80B4ByZU+7VjhJhvWRuItcyBM+PxMw0orzo9yb9 +USZ0VvNDj44diPrEpaFdgTK2spu/Yii1jKyFrN8bM2Hle89SUIpT5R8u08KI7NzV +Si9UA0eaI+5NGeVgt3ECAwEAAaAwMC4GCSqGSIb3DQEJDjEhMB8wHQYDVR0RBBYw +FIISdHYuaG9lbGxlaW4ub25saW5lMA0GCSqGSIb3DQEBCwUAA4IBAQAEwBcZGGPO +eZ+AkbV3/ZJNmOwydpJ3QvGfREaY1jFhGD5QuiCnI87rE47z4xvwTHhvCHLhod10 +Aqp/pdegJSApFmTU9nK5zr/BJkEmp36EU5Yjnkq+mjC8aLzXT2G9GV0oIackDdep +xC+ZYlrxzHPa8WG1RRCX5iyBB4GIlEvq+k17PXhUq0670fEvD1YuLks8h/S0Agsy +MtcdHQ/EiAFVjlnxXgZ2/NL9pc9hjpzObk54ORGywOtBDe/RMMiyFzXhiJol/TcF +UdMBa7pNoZImtF2uLJNbAtDE/f7LJvMyLxiHdM8Lhd67s9Jm9g+w0ebXbet8/6C9 +luorFpAw5pSz +-----END CERTIFICATE REQUEST----- diff --git a/letsencrypt/csr/3431_csr-certbot.pem b/letsencrypt/csr/3431_csr-certbot.pem new file mode 100644 index 00000000..3bf7dea1 --- /dev/null +++ b/letsencrypt/csr/3431_csr-certbot.pem @@ -0,0 +1,16 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIICdTCCAV0CAQIwADCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAL+9 +CQ+IpXRN/x5to41JHeJqI0rGKTnSR3H7n4+t8+gi+3dGeRxV9uj5gi8fYghzccWi +7KPSTDWQ+KDHgQRe+TqGuaB9VnCgXoHh5aLbSDzpaphohS28bJCAHDuQpqZGz0oG +PwPjW21S0Z/ugrVOpTyE4RoSeyZq3UcBkbOT9HL3/00faz0b4iD7mN4aVsbA8hjl +jWIeWwLUtWfxSCJ+RR2Qyk8frY/7wekY8dAoNoc4rCVKgftkXE8K1nB9j1iwYoUT +MY47DWZ8VohbUQSB5m7avyuHXHdm1rU5gz39hEpBhhisw33bdg2dFY7LiDmqJnNz +ubZJK2LRB3tGChxSeCkCAwEAAaAwMC4GCSqGSIb3DQEJDjEhMB8wHQYDVR0RBBYw +FIISdHYuaG9lbGxlaW4ub25saW5lMA0GCSqGSIb3DQEBCwUAA4IBAQCdlXuHAHPe +SZ+a2vcV++MgSxyjSgrdV+q85tdr1EJ6DAdDNSaADZdQOdhdCjAkeQfuIf0hEXWA +JJEm9fRQGhmYYA/hAN9QfGmPbeo2w+zYFHJj+eX3OGV/j7xeZHHDz7H2mk8FzZOT +XnFrl1GUG/9gmEYAJYgwm2/3edsw3jX2eTal59AZt+ai01SAByXOqxVfXZYSylb9 +j8Oe0iqTm9bGNG3wHwkILW4IAk/x1gQcwlHHV5/CfzEzNfzGuHVI6LC1hKfpF9Iz +M1qnDMTZmEUJajyKP6qAWK1M+VsPwJcTEiY4QMQ7xHWb4fM01SvqlrCXm+0xaEnR +03CMnD+NNJDY +-----END CERTIFICATE REQUEST----- diff --git a/letsencrypt/keys/3431_key-certbot.pem b/letsencrypt/keys/3431_key-certbot.pem new file mode 100644 index 00000000..ac61ffbf --- /dev/null +++ b/letsencrypt/keys/3431_key-certbot.pem @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCxTpV3RHdu8EjW +7IcbdLM1p4gx7QtmsgfIUYXsPkjwCyaF9K4i4AnVuyVXMJ21mucsnPKlIlwvb7lY +q1AWsOiNvBwosEKrmgeouaqQT3kBevWj6BnSKkE1hHUs8zADp1xGf73iX1oOT3Z+ +rrzBfcWt4jHsfRDDrBq4m1hYVr8ORN8MDl9QURWRa5bAEfAvxfZLK6IQnLupN1Q+ +7IKZPmtQY21v4iPNAeAcmVPu1Y4SYb1kbiLXMgTPj8TMNKK86Pcm/VEmdFbzQ4+O +HYj6xKWhXYEytrKbv2IotYyshazfGzNh5XvPUlCKU+UfLtPCiOzc1UovVANHmiPu +TRnlYLdxAgMBAAECggEAT5z8igApLJwh6Ldt9wsQiO//vIM2klcwHWdVnf1dnMM0 ++gMiybAVWm3c12iR+ABk+uhCH5ntELO24rSRko6+7R1g+3ghh5HzDHTJvGCi8eI3 +N/C432BvxUsDnjpX/dwBF/q11VaBRlmx2DI3uR3zTB970Tda9rFpkijWo1vYD9xn +dhI+STKlVbFAj2UjHpfnflNTuqPB6KMw67KdC8HLukvyRK9PAjQBXEzxO3lrZgpu +w+MJ+242ct2i0EO0aCNkxNwxfGzr63DB/hyDhr09TFC3U6AhbtKpWk1Cbvv0UtTQ +ZejfIWFGXrQ++HUkkzdNaFitQTc+z5GzgKAYSxko0QKBgQDZ8DNAe0L2OnkDoFjr +M/jfuKqvpRwLL2o1QeW/OvaDiUF3qHC8WVRwErnXjNByEjDhapacx8qnWEKKLFim +r8J+hQIR3qxNlYKSLCOY/5Dhp1hTH4YZ1pgxOZnXYkqs9kCYUr2qc6DNSSjwFZ1i +BCAJlFUshjq1rp9Hna/ryIkwxQKBgQDQRcx8Grinagd1wesxlF0rHlUMgFVwfNGx +LzEWovk0nqOsXgR6/ImthiAOvVL9BJFzkg8Cm1Mhkb9Vl//JLZepQIM8Etdn1LRw ++5Qw+RThyy6Z9FQo51vSUZKN40k2QdcAiov7wd/HXyz6cT0wfpUlOnnj92hG4hg/ +Mv7m+ag+vQKBgGX1HcUY5WbUTDEKHw9KLTBc8F1j3Q7Oi92GirlAGHvJBru4LaWw +FPSpjg/tbMcxA3UxrGyEe6Z2gAqsXHz+1PrjtugtSGazf3Zq9+xoA5vN8mBQ6yfD +YUgGLpa5AT6Rpf6dFuZbWeswQtqvAgYM8AALSR2fXnAI1bNnbhnco3IRAoGASoXP +J1EAZZcA2Ffs6i6mL7mIwRJif/+JoJa8P9dMyFFDS3fQrpkSQm7NpbiEq1gpG2tV +x58AXfCiv+PFeJzBuaQF0UcEoHhxoEPEwMk/eZOUNy4/tush5d2eTPrYxXtFjUIF +2K2EfvhFRc+jD2kbwNhtqO5r94ELIAIFR2xpkRkCgYEAvEPOsrwKswLFjLrYsiGp +s+hrYU09/JdaXXCSAB9BIku81uh1DYM83Resy0gVdrwOZNbuJzF5pJzCiaNg4nSX +Sa3SP1eiLQFgfmb9e1a/FO94Onx75m+kj6RrE0GyskmS8XPQ500mCOJggWkEQtcr +3j6x8UNrzT+mj0LJuvQ7xAQ= +-----END PRIVATE KEY----- diff --git a/letsencrypt/keys/3432_key-certbot.pem b/letsencrypt/keys/3432_key-certbot.pem new file mode 100644 index 00000000..a32a9fbf --- /dev/null +++ b/letsencrypt/keys/3432_key-certbot.pem @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQC/vQkPiKV0Tf8e +baONSR3iaiNKxik50kdx+5+PrfPoIvt3RnkcVfbo+YIvH2IIc3HFouyj0kw1kPig +x4EEXvk6hrmgfVZwoF6B4eWi20g86WqYaIUtvGyQgBw7kKamRs9KBj8D41ttUtGf +7oK1TqU8hOEaEnsmat1HAZGzk/Ry9/9NH2s9G+Ig+5jeGlbGwPIY5Y1iHlsC1LVn +8UgifkUdkMpPH62P+8HpGPHQKDaHOKwlSoH7ZFxPCtZwfY9YsGKFEzGOOw1mfFaI +W1EEgeZu2r8rh1x3Zta1OYM9/YRKQYYYrMN923YNnRWOy4g5qiZzc7m2SSti0Qd7 +RgocUngpAgMBAAECggEBALVmL9NNcVN2kz4Ddm+t1CMoTVlp3wkAQ224JD530cE2 +j3hJ6T0Aq4fAvwS8CTB7oBDeUkmvJUCsdj0OYqZzABH58la/He+SGbeBs5L/KPnP +z3R/tjgOAxw2x/8mnDPF3ElpXWbdS9tDNmW77leAH14BTUIwZ+hxxAVwm5stCGFX +T7mAsvC8bDtmrJoqENJ0caDmhlJOr+Tcoo0bo0akDQOGGcX4AAPxAy+pR3XYXX/A +ankLchfzxxE86jscvBr1R4Q6KXvLn6fOH9yZuXiNbSUHTW6kMjw1QAGsWZn9vJxf +4TUAuzuykfAX1bD7zhMbddKu7bl3e3Zdowc8QkYYJT0CgYEA9ujylC5e7wcj8XFw +G4U2VFEWfN/yBjsjapkDn95rM39Js+IUcEx3gv/haqbVDBQ3Ive/QzAx1X8hOCd7 +daEKFXO6N6nve9Ym2s6iyN+gbdVcWDqCPIvVfMNJ1HQOs4uBmdv9VkTdQ6r2Ajro +VG9xQMDJkJA64o2KZ2IHjJD4r4cCgYEAxswc1br8wscfIu9eYGnSPjNjmjn0qlkL +wNPyvx4rowVfyPkP0oePQ9vTPxNcNe5Y0pQROr3g13oi2rgDEu9arwOTOhZIU1tn +N8+6rbLjY1vm8TdgecH+GHyjh4no6KA1+NOLd7l/4owqNDf9tpqly6YE4+CqcP2i +gsv79M/9ps8CgYAz9wj+2NeQFP+ilA5VLG8nxb0m4PcOCqpEiBm0Ltp/Bx4a5s0I +aX+JqZLmoGAcX7DPAjdVy7HhThVOvTiFpDP8GdQqXPCTLpoU2QJ3pmEcXJhH1WCN +n5x52pwSQ67IaOcI27zwyCONV1DZXU6CXsYGK80ASOqrvcBQS9hs5CICxwKBgEcd +NSNv5IN437aLkmNC96awk2zUVqWpfP7Z0vhzPoDupzkpf3N8cs9/j638qvvP645I +0XEGA6yRUG6VbOQVI4d/6+bXmb/X7rCUat9AIv+kHJUljimAL/lqfMU7nEm7JhOA ++V82yHyuT1qmvOfZon2bQhySfeY1lTDc76C/1qkZAoGAJRd6xUaBVKKAY4VtvUk2 +348RcjmMFKPyGhAHUzXi/i6BbHOTUDgVJ2jLMA+bpmCcogCaKAWwStHR/Ad4Ewhd +FWuiAAJb6klAiv31k969ydr37qk4xQ7i1hQxsGvw3v7Ap+DP5TiCXOcUNYuF9ZXR +hAnKG9e6hzr3dTgmvGyMEoQ= +-----END PRIVATE KEY----- diff --git a/logcheck/ignore.d.paranoid/mariadb-server-10_1 b/logcheck/ignore.d.paranoid/mariadb-server-10_1 new file mode 100644 index 00000000..00cc5c3e --- /dev/null +++ b/logcheck/ignore.d.paranoid/mariadb-server-10_1 @@ -0,0 +1,9 @@ +/etc/init.d/mysql\[[0-9]+\]: Check that mysqld is running and that the socket: '/var/run/mysqld/mysqld.sock' exists\!$ +/etc/init.d/mysql\[[0-9]+\]: '/usr/bin/mysqladmin --defaults-(extra-)?file=/etc/mysql/debian.cnf ping' resulted in$ +/etc/mysql/debian-start\[[0-9]+\]: Checking for crashed MySQL tables\.$ +mysqld\[[0-9]+\]: $ +mysqld\[[0-9]+\]: Version: .* socket: '/var/run/mysqld/mysqld.sock' port: 3306$ +mysqld\[[0-9]+\]: Warning: Ignoring user change to 'mysql' because the user was set to 'mysql' earlier on the command line$ +mysqld_safe\[[0-9]+\]: started$ +usermod\[[0-9]+\]: change user `mysql' GID from `([0-9]+)' to `\1'$ +usermod\[[0-9]+\]: change user `mysql' shell from `/bin/false' to `/bin/false'$ diff --git a/logcheck/ignore.d.server/mariadb-server-10_1 b/logcheck/ignore.d.server/mariadb-server-10_1 new file mode 100644 index 00000000..d6e7f902 --- /dev/null +++ b/logcheck/ignore.d.server/mariadb-server-10_1 @@ -0,0 +1,32 @@ +/etc/init.d/mysql\[[0-9]+\]: [0-9]+ processes alive and '/usr/bin/mysqladmin --defaults-(extra-)?file=/etc/mysql/debian.cnf ping' resulted in$ +/etc/init.d/mysql\[[0-9]+\]: Check that mysqld is running and that the socket: '/var/run/mysqld/mysqld.sock' exists\!$ +/etc/init.d/mysql\[[0-9]+\]: '/usr/bin/mysqladmin --defaults-(extra-)?file=/etc/mysql/debian.cnf ping' resulted in$ +/etc/mysql/debian-start\[[0-9]+\]: Checking for crashed MySQL tables\.$ +mysqld\[[0-9]+\]: ?$ +mysqld\[[0-9]+\]: .*InnoDB: Shutdown completed +mysqld\[[0-9]+\]: .*InnoDB: Started; +mysqld\[[0-9]+\]: .*InnoDB: Starting shutdown\.\.\.$ +mysqld\[[0-9]+\]: .*\[Note\] /usr/sbin/mysqld: Normal shutdown$ +mysqld\[[0-9]+\]: .*\[Note\] /usr/sbin/mysqld: ready for connections\.$ +mysqld\[[0-9]+\]: .*\[Note\] /usr/sbin/mysqld: Shutdown complete$ +mysqld\[[0-9]+\]: /usr/sbin/mysqld: ready for connections\.$ +mysqld\[[0-9]+\]: .*/usr/sbin/mysqld: Shutdown Complete$ +mysqld\[[0-9]+\]: Version: .* socket +mysqld\[[0-9]+\]: Warning: Ignoring user change to 'mysql' because the user was set to 'mysql' earlier on the command line$ +mysqld_safe\[[0-9]+\]: ?$ +mysqld_safe\[[0-9]+\]: able to use the new GRANT command!$ +mysqld_safe\[[0-9]+\]: ended$ +mysqld_safe\[[0-9]+\]: http://www.mysql.com$ +mysqld_safe\[[0-9]+\]: NOTE: If you are upgrading from a MySQL <= 3.22.10 you should run$ +mysqld_safe\[[0-9]+\]: PLEASE REMEMBER TO SET A PASSWORD FOR THE MySQL root USER !$ +mysqld_safe\[[0-9]+\]: Please report any problems at http://mariadb.org/jira$ +mysqld_safe\[[0-9]+\]: See the manual for more instructions.$ +mysqld_safe\[[0-9]+\]: started$ +mysqld_safe\[[0-9]+\]: Support MySQL by buying support/licenses at http://mariadb.org/jira$ +mysqld_safe\[[0-9]+\]: The latest information about MySQL is available on the web at$ +mysqld_safe\[[0-9]+\]: the /usr/bin/mysql_fix_privilege_tables. Otherwise you will not be$ +mysqld_safe\[[0-9]+\]: To do so, start the server, then issue the following commands:$ +mysqld_safe\[[0-9]+\]: /usr/bin/mysqladmin -u root -h app109 password 'new-password'$ +mysqld_safe\[[0-9]+\]: /usr/bin/mysqladmin -u root password 'new-password'$ +usermod\[[0-9]+\]: change user `mysql' GID from `([0-9]+)' to `\1'$ +usermod\[[0-9]+\]: change user `mysql' shell from `/bin/false' to `/bin/false'$ diff --git a/logcheck/ignore.d.workstation/mariadb-server-10_1 b/logcheck/ignore.d.workstation/mariadb-server-10_1 new file mode 100644 index 00000000..a0b4792e --- /dev/null +++ b/logcheck/ignore.d.workstation/mariadb-server-10_1 @@ -0,0 +1,32 @@ +/etc/init.d/mysql\[[0-9]+\]: [0-9]+ processes alive and '/usr/bin/mysqladmin --defaults-(extra-)?file=/etc/mysql/debian.cnf ping' resulted in$ +/etc/init.d/mysql\[[0-9]+\]: Check that mysqld is running and that the socket: '/var/run/mysqld/mysqld.sock' exists\!$ +/etc/init.d/mysql\[[0-9]+\]: '/usr/bin/mysqladmin --defaults-(extra-)?file=/etc/mysql/debian.cnf ping' resulted in$ +/etc/mysql/debian-start\[[0-9]+\]: Checking for crashed MySQL tables\.$ +mysqld\[[0-9]+\]: ?$ +mysqld\[[0-9]+\]: .*InnoDB: Shutdown completed +mysqld\[[0-9]+\]: .*InnoDB: Started; +mysqld\[[0-9]+\]: .*InnoDB: Starting shutdown\.\.\.$ +mysqld\[[0-9]+\]: .*\[Note\] /usr/sbin/mysqld: Normal shutdown$ +mysqld\[[0-9]+\]: .*\[Note\] /usr/sbin/mysqld: ready for connections\.$ +mysqld\[[0-9]+\]: .*\[Note\] /usr/sbin/mysqld: Shutdown complete$ +mysqld\[[0-9]+\]: /usr/sbin/mysqld: ready for connections\.$ +mysqld\[[0-9]+\]: .*/usr/sbin/mysqld: Shutdown Complete$ +mysqld\[[0-9]+\]: Version: .* socket +mysqld\[[0-9]+\]: Warning: Ignoring user change to 'mysql' because the user was set to 'mysql' earlier on the command line$ +mysqld_safe\[[0-9]+\]: ?$ +mysqld_safe\[[0-9]+\]: able to use the new GRANT command!$ +mysqld_safe\[[0-9]+\]: ended$ +mysqld_safe\[[0-9]+\]: http://www.mysql.com$ +mysqld_safe\[[0-9]+\]: NOTE: If you are upgrading from a MySQL <= 3.22.10 you should run$ +mysqld_safe\[[0-9]+\]: PLEASE REMEMBER TO SET A PASSWORD FOR THE MySQL root USER !$ +mysqld_safe\[[0-9]+\]: Please report any problems at http://mariadb.org/jira$ +mysqld_safe\[[0-9]+\]: See the manual for more instructions.$ +mysqld_safe\[[0-9]+\]: started$ +mysqld_safe\[[0-9]+\]: Support MySQL by buying support/licenses at https://order.mysql.com$ +mysqld_safe\[[0-9]+\]: The latest information about MySQL is available on the web at$ +mysqld_safe\[[0-9]+\]: the /usr/bin/mysql_fix_privilege_tables. Otherwise you will not be$ +mysqld_safe\[[0-9]+\]: To do so, start the server, then issue the following commands:$ +mysqld_safe\[[0-9]+\]: /usr/bin/mysqladmin -u root -h app109 password 'new-password'$ +mysqld_safe\[[0-9]+\]: /usr/bin/mysqladmin -u root password 'new-password'$ +usermod\[[0-9]+\]: change user `mysql' GID from `([0-9]+)' to `\1'$ +usermod\[[0-9]+\]: change user `mysql' shell from `/bin/false' to `/bin/false'$ diff --git a/logrotate.d/btmp b/logrotate.d/btmp new file mode 100644 index 00000000..0aa1ae1a --- /dev/null +++ b/logrotate.d/btmp @@ -0,0 +1,7 @@ +# no packages own btmp -- we'll rotate it here +/var/log/btmp { + missingok + monthly + create 0660 root utmp + rotate 1 +} diff --git a/logrotate.d/wtmp b/logrotate.d/wtmp new file mode 100644 index 00000000..cc8a151e --- /dev/null +++ b/logrotate.d/wtmp @@ -0,0 +1,8 @@ +# no packages own wtmp -- we'll rotate it here +/var/log/wtmp { + missingok + monthly + create 0664 root utmp + minsize 1M + rotate 1 +} diff --git a/lvm/backup/system b/lvm/backup/system index 4aa69274..8c886e79 100644 --- a/lvm/backup/system +++ b/lvm/backup/system @@ -1,16 +1,16 @@ -# Generated by LVM2 version 2.02.176(2) (2017-11-03): Wed Apr 27 00:21:51 2022 +# Generated by LVM2 version 2.02.176(2) (2017-11-03): Thu Apr 28 11:09:37 2022 contents = "Text Format Volume Group" version = 1 -description = "Created *after* executing '/sbin/lvremove -y /dev/system/var_backup'" +description = "Created *after* executing 'pvscan --cache --activate ay 253:0'" -creation_host = "homeserver" # Linux homeserver 4.15.0-20-generic #21-Ubuntu SMP Tue Apr 24 06:16:15 UTC 2018 x86_64 -creation_time = 1651011711 # Wed Apr 27 00:21:51 2022 +creation_host = "homeserver" # Linux homeserver 5.0.0-32-generic #34~18.04.2-Ubuntu SMP Thu Oct 10 10:36:02 UTC 2019 x86_64 +creation_time = 1651136977 # Thu Apr 28 11:09:37 2022 system { id = "5WJluU-PUGx-m4Am-4B5T-wooB-NUG3-dZj5zv" - seqno = 1295 + seqno = 1307 format = "lvm2" # informational status = ["RESIZEABLE", "READ", "WRITE"] flags = [] diff --git a/mysql/debian.cnf-10.3 b/mysql/debian.cnf-10.3 new file mode 100644 index 00000000..0ef9676d --- /dev/null +++ b/mysql/debian.cnf-10.3 @@ -0,0 +1,10 @@ +# Automatically generated for Debian scripts. DO NOT TOUCH! +[client] +host = localhost +user = debian-sys-maint +password = xBvOytMOj0Yx5Y29 +socket = /var/run/mysqld/mysqld.sock +[mysql_upgrade] +user = debian-sys-maint +password = xBvOytMOj0Yx5Y29 +socket = /var/run/mysqld/mysqld.sock diff --git a/mysql/mariadb.conf.d/50-client.cnf b/mysql/mariadb.conf.d/50-client.cnf new file mode 100644 index 00000000..b509f191 --- /dev/null +++ b/mysql/mariadb.conf.d/50-client.cnf @@ -0,0 +1,25 @@ +# +# This group is read by the client library +# Use it for options that affect all clients, but not the server +# + +[client] +# Default is Latin1, if you need UTF-8 set this (also in server section) +default-character-set = utf8mb4 + +# socket location +socket = /var/run/mysqld/mysqld.sock + +# Example of client certificate usage +# ssl-cert=/etc/mysql/client-cert.pem +# ssl-key=/etc/mysql/client-key.pem +# +# Allow only TLS encrypted connections +# ssl-verify-server-cert=on + +# This group is *never* read by mysql client library, though this +# /etc/mysql/mariadb.cnf.d/client.cnf file is not read by Oracle MySQL +# client anyway. +# If you use the same .cnf file for MySQL and MariaDB, +# use it for MariaDB-only client options +[client-mariadb] diff --git a/mysql/mariadb.conf.d/50-mysql-clients.cnf b/mysql/mariadb.conf.d/50-mysql-clients.cnf new file mode 100644 index 00000000..55cfda26 --- /dev/null +++ b/mysql/mariadb.conf.d/50-mysql-clients.cnf @@ -0,0 +1,24 @@ +# +# These groups are read by MariaDB command-line tools +# Use it for options that affect only one utility +# + +[mysql] +# Default is Latin1, if you need UTF-8 set this (also in server section) +default-character-set = utf8mb4 + +[mysql_upgrade] + +[mysqladmin] + +[mysqlbinlog] + +[mysqlcheck] + +[mysqldump] + +[mysqlimport] + +[mysqlshow] + +[mysqlslap] diff --git a/mysql/mariadb.conf.d/50-mysqld_safe.cnf b/mysql/mariadb.conf.d/50-mysqld_safe.cnf new file mode 100644 index 00000000..141d51f6 --- /dev/null +++ b/mysql/mariadb.conf.d/50-mysqld_safe.cnf @@ -0,0 +1,30 @@ +# NOTE: This file is read only by the traditional SysV init script, not systemd. +# MariaDB systemd does _not_ utilize mysqld_safe nor read this file. +# +# For similar behaviour, systemd users should create the following file: +# /etc/systemd/system/mariadb.service.d/migrated-from-my.cnf-settings.conf +# +# To achieve the same result as the default 50-mysqld_safe.cnf, please create +# /etc/systemd/system/mariadb.service.d/migrated-from-my.cnf-settings.conf +# with the following contents: +# +# [Service] +# User=mysql +# StandardOutput=syslog +# StandardError=syslog +# SyslogFacility=daemon +# SyslogLevel=err +# SyslogIdentifier=mysqld +# +# For more information, please read https://mariadb.com/kb/en/mariadb/systemd/ +# + +[mysqld_safe] +# This will be passed to all mysql clients +# It has been reported that passwords should be enclosed with ticks/quotes +# especially if they contain "#" chars... +# Remember to edit /etc/mysql/debian.cnf when changing the socket location. +socket = /var/run/mysqld/mysqld.sock +nice = 0 +skip_log_error +syslog diff --git a/mysql/mariadb.conf.d/50-server.cnf b/mysql/mariadb.conf.d/50-server.cnf new file mode 100644 index 00000000..ee30148f --- /dev/null +++ b/mysql/mariadb.conf.d/50-server.cnf @@ -0,0 +1,134 @@ +# +# These groups are read by MariaDB server. +# Use it for options that only the server (but not clients) should see +# +# See the examples of server my.cnf files in /usr/share/mysql/ +# + +# this is read by the standalone daemon and embedded servers +[server] + +# this is only for the mysqld standalone daemon +[mysqld] + +# +# * Basic Settings +# +user = mysql +pid-file = /var/run/mysqld/mysqld.pid +socket = /var/run/mysqld/mysqld.sock +port = 3306 +basedir = /usr +datadir = /var/lib/mysql +tmpdir = /tmp +lc-messages-dir = /usr/share/mysql +skip-external-locking + +# Instead of skip-networking the default is now to listen only on +# localhost which is more compatible and is not less secure. +bind-address = 127.0.0.1 + +# +# * Fine Tuning +# +key_buffer_size = 16M +max_allowed_packet = 16M +thread_stack = 192K +thread_cache_size = 8 +# This replaces the startup script and checks MyISAM tables if needed +# the first time they are touched +myisam_recover_options = BACKUP +#max_connections = 100 +#table_cache = 64 +#thread_concurrency = 10 + +# +# * Query Cache Configuration +# +query_cache_limit = 1M +query_cache_size = 16M + +# +# * Logging and Replication +# +# Both location gets rotated by the cronjob. +# Be aware that this log type is a performance killer. +# As of 5.1 you can enable the log at runtime! +#general_log_file = /var/log/mysql/mysql.log +#general_log = 1 +# +# Error log - should be very few entries. +# +log_error = /var/log/mysql/error.log +# +# Enable the slow query log to see queries with especially long duration +#slow_query_log_file = /var/log/mysql/mariadb-slow.log +#long_query_time = 10 +#log_slow_rate_limit = 1000 +#log_slow_verbosity = query_plan +#log-queries-not-using-indexes +# +# The following can be used as easy to replay backup logs or for replication. +# note: if you are setting up a replication slave, see README.Debian about +# other settings you may need to change. +#server-id = 1 +#log_bin = /var/log/mysql/mysql-bin.log +expire_logs_days = 10 +max_binlog_size = 100M +#binlog_do_db = include_database_name +#binlog_ignore_db = exclude_database_name + +# +# * InnoDB +# +# InnoDB is enabled by default with a 10MB datafile in /var/lib/mysql/. +# Read the manual for more InnoDB related options. There are many! + +# +# * Security Features +# +# Read the manual, too, if you want chroot! +# chroot = /var/lib/mysql/ +# +# For generating SSL certificates you can use for example the GUI tool "tinyca". +# +# ssl-ca=/etc/mysql/cacert.pem +# ssl-cert=/etc/mysql/server-cert.pem +# ssl-key=/etc/mysql/server-key.pem +# +# Accept only connections using the latest and most secure TLS protocol version. +# ..when MariaDB is compiled with OpenSSL: +# ssl-cipher=TLSv1.2 +# ..when MariaDB is compiled with YaSSL (default in Debian): +# ssl=on + +# +# * Character sets +# +# MySQL/MariaDB default is Latin1, but in Debian we rather default to the full +# utf8 4-byte character set. See also client.cnf +# +character-set-server = utf8mb4 +collation-server = utf8mb4_general_ci + +# +# * Unix socket authentication plugin is built-in since 10.0.22-6 +# +# Needed so the root database user can authenticate without a password but +# only when running as the unix root user. +# +# Also available for other users if required. +# See https://mariadb.com/kb/en/unix_socket-authentication-plugin/ + +# this is only for embedded server +[embedded] + +# This group is only read by MariaDB servers, not by MySQL. +# If you use the same .cnf file for MySQL and MariaDB, +# you can put MariaDB-only options here +[mariadb] + +# This group is only read by MariaDB-10.1 servers. +# If you use the same .cnf file for MariaDB of different versions, +# use this group for options that older servers don't understand +[mariadb-10.1] diff --git a/profile.d/im-config_wayland.sh b/profile.d/im-config_wayland.sh new file mode 100644 index 00000000..bdbf7098 --- /dev/null +++ b/profile.d/im-config_wayland.sh @@ -0,0 +1,12 @@ +# /etc/profile.d/im-config_wayland.sh +# +# This sets the IM variables on Wayland. + +test "$XDG_SESSION_TYPE" = 'wayland' || return + +# don't do anything if im-config was removed but not purged +test -r /usr/share/im-config/xinputrc.common || return + +if [ -r /etc/X11/Xsession.d/70im-config_launch ]; then + . /etc/X11/Xsession.d/70im-config_launch +fi diff --git a/rc0.d/K01quotarpc b/rc0.d/K01quotarpc new file mode 120000 index 00000000..a0c15767 --- /dev/null +++ b/rc0.d/K01quotarpc @@ -0,0 +1 @@ +../init.d/quotarpc \ No newline at end of file diff --git a/rc0.d/K02quota b/rc0.d/K02quota new file mode 120000 index 00000000..1234b3b9 --- /dev/null +++ b/rc0.d/K02quota @@ -0,0 +1 @@ +../init.d/quota \ No newline at end of file diff --git a/rc1.d/K01quotarpc b/rc1.d/K01quotarpc new file mode 120000 index 00000000..a0c15767 --- /dev/null +++ b/rc1.d/K01quotarpc @@ -0,0 +1 @@ +../init.d/quotarpc \ No newline at end of file diff --git a/rc2.d/K01speech-dispatcher b/rc2.d/K01speech-dispatcher new file mode 120000 index 00000000..ef1f4826 --- /dev/null +++ b/rc2.d/K01speech-dispatcher @@ -0,0 +1 @@ +../init.d/speech-dispatcher \ No newline at end of file diff --git a/rc2.d/S03quotarpc b/rc2.d/S03quotarpc new file mode 120000 index 00000000..a0c15767 --- /dev/null +++ b/rc2.d/S03quotarpc @@ -0,0 +1 @@ +../init.d/quotarpc \ No newline at end of file diff --git a/rc3.d/K01speech-dispatcher b/rc3.d/K01speech-dispatcher new file mode 120000 index 00000000..ef1f4826 --- /dev/null +++ b/rc3.d/K01speech-dispatcher @@ -0,0 +1 @@ +../init.d/speech-dispatcher \ No newline at end of file diff --git a/rc3.d/S03quotarpc b/rc3.d/S03quotarpc new file mode 120000 index 00000000..a0c15767 --- /dev/null +++ b/rc3.d/S03quotarpc @@ -0,0 +1 @@ +../init.d/quotarpc \ No newline at end of file diff --git a/rc4.d/K01speech-dispatcher b/rc4.d/K01speech-dispatcher new file mode 120000 index 00000000..ef1f4826 --- /dev/null +++ b/rc4.d/K01speech-dispatcher @@ -0,0 +1 @@ +../init.d/speech-dispatcher \ No newline at end of file diff --git a/rc4.d/S03quotarpc b/rc4.d/S03quotarpc new file mode 120000 index 00000000..a0c15767 --- /dev/null +++ b/rc4.d/S03quotarpc @@ -0,0 +1 @@ +../init.d/quotarpc \ No newline at end of file diff --git a/rc5.d/K01speech-dispatcher b/rc5.d/K01speech-dispatcher new file mode 120000 index 00000000..ef1f4826 --- /dev/null +++ b/rc5.d/K01speech-dispatcher @@ -0,0 +1 @@ +../init.d/speech-dispatcher \ No newline at end of file diff --git a/rc5.d/S03quotarpc b/rc5.d/S03quotarpc new file mode 120000 index 00000000..a0c15767 --- /dev/null +++ b/rc5.d/S03quotarpc @@ -0,0 +1 @@ +../init.d/quotarpc \ No newline at end of file diff --git a/rc6.d/K01quotarpc b/rc6.d/K01quotarpc new file mode 120000 index 00000000..a0c15767 --- /dev/null +++ b/rc6.d/K01quotarpc @@ -0,0 +1 @@ +../init.d/quotarpc \ No newline at end of file diff --git a/rc6.d/K02quota b/rc6.d/K02quota new file mode 120000 index 00000000..1234b3b9 --- /dev/null +++ b/rc6.d/K02quota @@ -0,0 +1 @@ +../init.d/quota \ No newline at end of file diff --git a/rcS.d/S01quota b/rcS.d/S01quota new file mode 120000 index 00000000..1234b3b9 --- /dev/null +++ b/rcS.d/S01quota @@ -0,0 +1 @@ +../init.d/quota \ No newline at end of file diff --git a/spamassassin/v343.pre b/spamassassin/v343.pre new file mode 100644 index 00000000..b33fe6dc --- /dev/null +++ b/spamassassin/v343.pre @@ -0,0 +1,25 @@ +# This is the right place to customize your installation of SpamAssassin. +# +# See 'perldoc Mail::SpamAssassin::Conf' for details of what can be +# tweaked. +# +# This file was installed during the installation of SpamAssassin 4.0.0, +# and contains plugin loading commands for the new plugins added in that +# release. It will not be overwritten during future SpamAssassin installs, +# so you can modify it to enable some disabled-by-default plugins below, +# if you so wish. +# +# There are now multiple files read to enable plugins in the +# /etc/mail/spamassassin directory; previously only one, "init.pre" was +# read. Now both "init.pre", "v310.pre", and any other files ending in +# ".pre" will be read. As future releases are made, new plugins will be +# added to new files, named according to the release they're added in. +########################################################################### + +# OLEVBMacro - Detects both OLE macros and VB code inside Office documents +# +# It tries to discern between safe and malicious code but due to the threat +# macros present to security, many places block these type of documents outright. +# +# For this plugin to work, Archive::Zip and IO::String modules are required. +# loadplugin Mail::SpamAssassin::Plugin::OLEVBMacro diff --git a/speech-dispatcher/modules/baratinoo.conf b/speech-dispatcher/modules/baratinoo.conf new file mode 100644 index 00000000..d0c23ad4 --- /dev/null +++ b/speech-dispatcher/modules/baratinoo.conf @@ -0,0 +1,54 @@ + +# Path to the Baratinoo configuration file. Defaults to $BARATINOO_CONFIG_PATH +# or XDG_CONFIG_HOME/baratinoo.cfg +BaratinooConfigPath "/etc/voxygen/baratinoo.cfg" + +# Characters to be spoken when punctuation setting is "some" +# Encoding is UTF-8. +BaratinooPunctuationList "@+_" +# Characters that should still influence intonation when punctuation is not "none" +# Encoding is UTF-8. +BaratinooIntonationList "?!;:,.…" +# Characters that should not be spoken when punctuation is "none" +# (i.e. Baratinoo would not use them for intonation so we have to explicitly +# drop them before giving text to it) +# Encoding is UTF-8. +BaratinooNoIntonationList "" + +# Sample rate, in Hz (in the 6000Hz-48000Hz range). Default to 16000Hz which +# is the actual voices rate, not requiring resampling. +#BaratinooSampleRate 16000 + +# Minimum rate (-100 in speech-dispatcher) +BaratinooMinRate -50 +# Normal rate (0 in speech-dispatcher) +BaratinooNormalRate 0 +# Maximum rate (100 in speech-dispatcher) +BaratinooMaxRate 150 + +# Debug turns debugging on or off +# See speechd.conf for information where debugging information is stored + +# Debug 0 + +# DebugFile specifies the file where the debugging information +# should be stored (note that the log is overwritten each time +# the module starts) +# DebugFile "/tmp/debug-baratinoo" + + +# Copyright (C) 2017 Colomban Wendling +# Copyright (C) 2018 Samuel Thibault +# +# This program is free software; you can redistribute it and/or modify it under +# the terms of the GNU General Public License as published by the Free Software +# Foundation; either version 2 of the License, or (at your option) any later +# version. +# +# This program is distributed in the hope that it will be useful, but WITHOUT ANY +# WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A +# PARTICULAR PURPOSE. See the GNU General Public License for more details (file +# COPYING in the root directory). +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . diff --git a/speech-dispatcher/modules/espeak-ng-mbrola-generic.conf b/speech-dispatcher/modules/espeak-ng-mbrola-generic.conf new file mode 100644 index 00000000..427e51bc --- /dev/null +++ b/speech-dispatcher/modules/espeak-ng-mbrola-generic.conf @@ -0,0 +1,269 @@ +# Espeak mbrola output module is based on the generic plugin for Speech +# Dispatcher. It means there is no code written explicitly for +# this plugin, all the specifics are handled in this configuration +# and we call a simple command line client to perform the actual +# synthesis. Use this config file with the sd_generic output module. +# +# IMPORTANT: The audio output method relies on an audio playback +# utility (play, aplay, paplay for OSS, ALSA or Pulse) +# being installed. If this is not the case, consider installing it +# or replace the $PLAY_COMMAND string in the GenericExecuteString below +# with play, paplay or similar. +# +# GenericExecuteSynth is the shell command that should be +# executed in order to say some message. This command must +# stop saying the message on SIGKILL, otherwise it's useless. +# You can use the variables $LANGUAGE, $VOICE, $PITCH and $RATE +# which will be substituted for the appropriate value (you +# can modify this value, see other parameters). +# The command can be split into more lines, if necessary, using '\'. +GenericExecuteSynth \ +"echo \'$DATA\' | espeak-ng -v mb-$VOICE -s $RATE -p $PITCH $PUNCT -q --stdin --pho | mbrola -v $VOLUME -e /usr/share/mbrola/$VOICE/$VOICE - -.au | $PLAY_COMMAND" + +# Alternatively you can shorten the command like below, which makes it +# work directly with any audio playback utility, but then you won't +# be able to change the volume from the client application: +# GenericExecuteSynth \ +# "echo \'$DATA\' | espeak-ng -v mb-$VOICE -s $RATE -p $PITCH $PUNCT -stdin" + +GenericCmdDependency "espeak-ng" +GenericCmdDependency "mbrola" + +# The following three items control punctuation levels None, Some, and All. +# Each of these values will be substituted into the $PUNCT variable depending +# on the value passed to speech dispatcher from applications. +# Note that if an empty string is specified, then $PUNCT will be blank +# which is a default situation for espeak. + +GenericPunctNone "" +GenericPunctSome "--punct=\"()[]{};:\"" +GenericPunctAll "--punct" + +# GenericStripPunctChars is a list (enclosed in doublequotes) of +# all the characters that should be replaced by whitespaces in +# order not to be badly handled by the output module or misinterpreted +# by shell. +# GenericStripPunctChars "" + +# If the language you need to pass in $LANG is different +# from the standard ISO language code, you can specify +# which string to use instead. If you wish to use +# other than ISO charset for the specified language, +# you can add it's name (as accepted by iconv) as a +# third parameter in doublequotes. + +# To be completed +GenericLanguage "af" "af" "utf-8" +GenericLanguage "cs" "cs" "utf-8" +GenericLanguage "de" "de" "utf-8" +GenericLanguage "el" "el" "utf-8" +GenericLanguage "en" "en" "utf-8" +GenericLanguage "es" "es" "utf-8" +GenericLanguage "et" "et" "utf-8" +GenericLanguage "fa" "fa" "utf-8" +GenericLanguage "fr" "fr" "utf-8" +GenericLanguage "hu" "hu" "utf-8" +GenericLanguage "hr" "hr" "utf-8" +GenericLanguage "id" "id" "utf-8" +GenericLanguage "is" "is" "utf-8" +GenericLanguage "it" "it" "utf-8" +GenericLanguage "la" "la" "utf-8" +GenericLanguage "lt" "lt" "utf-8" +GenericLanguage "nl" "nl" "utf-8" +GenericLanguage "pl" "pl" "utf-8" +GenericLanguage "pt" "pt" "utf-8" +GenericLanguage "ro" "ro" "utf-8" +GenericLanguage "sv" "sv" "utf-8" +GenericLanguage "tr" "tr" "utf-8" + +# Each voice is available if and only if the following files exist. +# These files must be listed *before* the voices. + +VoiceFileDependency "/usr/share/mbrola/$VOICE/$VOICE" +VoiceFileDependency "/usr/lib/x86_64-linux-gnu/espeak-ng-data/voices/mb/mb-$VOICE" + +# AddVoice specifies which $VOICE string should be assigned to +# each language and symbolic voice name. All the voices you want +# to use must be specified here. This list will likely not be +# up-to-date, please check eSpeak NG documentation and add the voices +# you want to use. +# All MBROLA voices for which a phoneme translation from espeak-ng to +# MBROLA as of 12 October 2018 are listed, some commented with the +# rationale to not include them by default. You still can ship or use +# the commented voices if you uncomment the corresponding line. + +# As of Friday 12 October 2018 theses mbrola voices not yet supported +# by espeak-ng's phonemes translation to mbrola in git are: +# bz1: Breton Female (25.0Mb) Jean Pierre Messager +# hb1: Hebrew Male (3.4Mb) Yoram Meron +# hb2: Hebrew Female (5.6Mb) Esther Raizen +# hn1: Korean Male (9.9Mb) Kyongsok Gim +# thus they are not listed below. +# The language code in this list is the ISO 639-1 code. + +AddVoice "af" "MALE1" "af1" + +AddVoice "ar" "MALE1" "ar1" +AddVoice "ar" "MALE2" "ar2" + +AddVoice "zh" "FEMALE1" "cn1" + +AddVoice "cs" "FEMALE1" "cz1" +AddVoice "cs" "MALE1" "cz2" + +AddVoice "de" "FEMALE1" "de1" +AddVoice "de" "MALE1" "de2" +AddVoice "de" "FEMALE2" "de3" +AddVoice "de" "MALE2" "de4" +AddVoice "de" "FEMALE3" "de5" +AddVoice "de" "MALE1" "de6" +AddVoice "de" "FEMALE3" "de7" +AddVoice "de" "MALE3" "de8" + +AddVoice "el" "MALE1" "gr1" +AddVoice "el" "MALE2" "gr2" + +AddVoice "en" "MALE1" "en1" +AddVoice "en" "FEMALE1" "us1" +AddVoice "en" "MALE2" "us2" +AddVoice "en" "MALE3" "us3" + +AddVoice "es" "MALE1" "es1" +AddVoice "es" "MALE2" "es2" +AddVoice "es" "FEMALE1" "es3" +AddVoice "es" "MALE3" "es4" +AddVoice "es" "MALE1" "mx1" +AddVoice "es" "MALE2" "mx2" +AddVoice "es" "MALE1" "vz1" + +AddVoice "et" "MALE1" "ee1" + +AddVoice "fa" "MALE1" "ir1" +AddVoice "fa" "FEMALE1" "ir2" + +AddVoice "fr" "MALE1" "ca1" +AddVoice "fr" "MALE2" "ca2" +AddVoice "fr" "MALE1" "fr1" +AddVoice "fr" "FEMALE1" "fr2" +AddVoice "fr" "MALE3" "fr3" +AddVoice "fr" "FEMALE2" "fr4" +AddVoice "fr" "MALE3" "fr5" +AddVoice "fr" "MALE3" "fr6" +AddVoice "fr" "MALE3" "fr7" + +AddVoice "hi" "MALE1" "in1" +AddVoice "hi" "MALE2" "in2" + +AddVoice "hu" "MALE1" "hu1" + +AddVoice "hr" "MALE1" "cr1" + +AddVoice "id" "MALE1" "id1" + +AddVoice "is" "MALE1" "ic1" + +AddVoice "it" "MALE1" "it1" +AddVoice "it" "FEMALE1" "it2" +AddVoice "it" "MALE2" "it3" +AddVoice "it" "FEMALE2" "it4" + +AddVoice "jp" "MALE1" "jp1" +AddVoice "jp" "FEMALE1" "jp2" +AddVoice "jp" "FEMALE2" "jp3" + +AddVoice "la" "MALE1" "la1" + +AddVoice "lt" "MALE1" "lt1" +AddVoice "lt" "MALE2" "lt2" + +Addvoice "ms" "FEMALE1" "ma1" + +# nl1 has a very limited set of diphones and is usable only for reading +# numbers. Uncomment the next line if you want it. +# AddVoice "nl" "CHILD-MALE" "nl1" +AddVoice "nl" "MALE1" "nl2" +AddVoice "nl" "FEMALE1" "nl3" + +AddVoice "mi" "MALE1" "nz1" + +AddVoice "pl" "FEMALE1" "pl1" + +AddVoice "pt" "MALE1" "br1" +AddVoice "pt" "MALE2" "br2" +AddVoice "pt" "MALE3" "br3" +AddVoice "pt" "FEMALE1" "br4" +AddVoice "pt" "FEMALE2" "pt1" + +AddVoice "ro" "MALE1" "ro1" + +AddVoice "sw" "MALE1" "sw1" +AddVoice "sw" "FEMALE1" "sw2" + +AddVoice "te" "FEMALE1" "tl1" + +AddVoice "tr" "MALE1" "tr1" +AddVoice "tr" "FEMALE1" "tr2" + +# These parameters set _rate_, _pitch_, and _volume_ conversion. This is +# part of the core of the definition of this generic output +# module for this concrete synthesizer, it's not intended to +# be modified by common users. +# The resulting rate (or pitch) has the form: +# (speechd_rate * GenericRateMultiply) + GenericRateAdd +# while speechd_rate is a value between -100 (lowest) and +100 (highest) +# You have to define some meaningful conversion for each synthesizer + +# Here's the mapping from SSIP (Speech Dispatcher) to ESpeak (v1.10): +# +# SSIP Range SSIP Default ESpeak/MBROLA Range ESpeak Default +# ----------- ------------ ------------ -------------- +# Rate -100 to 100 0 80 to 320 160 +# Pitch -100 to 100 0 0 to 99 50 +# Volume -100 to 100 0 0 to 2 -- +# +# The SSIP defaults are actually controlled via DefaultRate, DefaultPitch, and +# DefaultVolume in the speechd.conf file. + +GenericRateAdd 160 +GenericPitchAdd 50 +GenericVolumeAdd 1 + +# (These values are multiplied by 100, because DotConf currently +# doesn't support floats. So you can write 0.85 as 85 and so on.) + +GenericRateMultiply 160 +GenericPitchMultiply 50 +GenericVolumeMultiply 1 + +# If the client program can't handle floats, you will have to +# use these two options to force integers as the parameters +# 1 means force integers, 0 means do nothing (write floats). + +GenericRateForceInteger 1 +GenericPitchForceInteger 1 +GenericVolumeForceInteger 0 + +# Note that SSIP rates < -50 are spoken at -50. + +# Debug turns debugging on or off +# See speechd.conf for information where debugging information is stored +Debug 0 + + +# Copyright (C) 2008-2010 Brailcom, o.p.s +# Copyright (C) 2014 Luke Yelavich +# Copyright (C) 2018 Samuel Thibault +# Copyright (C) 2018 Didier Spaier +# +# This program is free software; you can redistribute it and/or modify it under +# the terms of the GNU General Public License as published by the Free Software +# Foundation; either version 2 of the License, or (at your option) any later +# version. +# +# This program is distributed in the hope that it will be useful, but WITHOUT ANY +# WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A +# PARTICULAR PURPOSE. See the GNU General Public License for more details (file +# COPYING in the root directory). +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . diff --git a/speech-dispatcher/modules/kali.conf b/speech-dispatcher/modules/kali.conf new file mode 100644 index 00000000..d047a07b --- /dev/null +++ b/speech-dispatcher/modules/kali.conf @@ -0,0 +1,41 @@ +# -- Kali parameters -- + +KaliMaxChunkLength 4999 +KaliDelimiters ".?!;" + +# -- Voices -- + +# 3 french voices, 2 english voices +KaliVoiceParameters "Patrick" # French male 1 +#KaliVoiceParameters "Michel" # French male 2 +#KaliVoiceParameters "Guillemette" # French female 1 +#KaliVoiceParameters "Tom" # English male 1 +#KaliVoiceParameters "Rosalind" # English female 2 + +# -- Rate control -- +# Normal rate (0 in speech-dispatcher) +KaliNormalRate 5 + +# -- Volume control -- +# Normal volume (0 in speech-dispatcher) +KaliNormalVolume 10 + +# -- Pitch control -- +# Normal pitch (0 in speech-dispatcher) +KaliNormalPitch 6 + + +# Copyright (C) 2018 Raphaël POITEVIN +# +# This program is free software; you can redistribute it and/or modify it under +# the terms of the GNU General Public License as published by the Free Software +# Foundation; either version 2 of the License, or (at your option) any later +# version. +# +# This program is distributed in the hope that it will be useful, but WITHOUT ANY +# WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A +# PARTICULAR PURPOSE. See the GNU General Public License for more details (file +# COPYING in the root directory). +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . diff --git a/speech-dispatcher/modules/mary-generic.conf b/speech-dispatcher/modules/mary-generic.conf new file mode 100644 index 00000000..93b05e09 --- /dev/null +++ b/speech-dispatcher/modules/mary-generic.conf @@ -0,0 +1,82 @@ +# The mary-generic output module is based on the generic plugin for Speech +# Dispatcher. It means there is no code written explicitly for +# this plugin, all the specifics are handled in this configuration +# and we call a simple command line client to perform the actual +# synthesis. Use this config file with the sd_generic output module. +# +# IMPORTANT: The audio output method relies on an audio playback +# utility (play, aplay, paplay for OSS, ALSA or Pulse) +# being installed. If this is not the case, consider installing it +# or replace the $PLAY_COMMAND string in the GenericExecuteString below +# with play, paplay or similar. +# +# GenericExecuteSynth is the shell command that should be +# executed in order to say some message. This command must +# stop saying the message on SIGKILL, otherwise it's useless. +# You can use the variables $LANGUAGE, $VOICE, $PITCH and $RATE +# which will be substituted for the appropriate value (you +# can modify this value, see other parameters). +# This line uses the command curl, so you might need to install +# curl if it isn't already installed. +# The command can be split into more lines, if necessary, using '\'. +GenericExecuteSynth \ +"curl \"http://localhost:59125/process?INPUT_TEXT=`echo \'$DATA\'| xxd -plain | tr -d '\\n' | sed 's/\\\(..\\\)/%\\\1/g'`&INPUT_TYPE=TEXT&OUTPUT_TYPE=AUDIO&AUDIO=WAVE_FILE&LOCALE=$LANGUAGE&VOICE=$VOICE\" > $TMPDIR/mary-generic.wav && $PLAY_COMMAND $TMPDIR/mary-generic.wav" + +GenericCmdDependency "curl" + +# The following three items control punctuation levels None, Some, and All. +# Each of these values will be substituted into the $PUNCT variable depending +# on the value passed to speech dispatcher from applications. +# Note that if an empty string is specified, then $PUNCT will be blank +# which is a default situation for espeak. + +GenericPunctNone "" +GenericPunctSome "--punct=\"()[]{};:\"" +GenericPunctAll "--punct" + +# GenericStripPunctChars is a list (enclosed in doublequotes) of +# all the characters that should be replaced by whitespaces in +# order not to be badly handled by the output module or misinterpreted +# by shell. +#GenericStripPunctChars "" + +# If the language you need to pass in $LANG is different +# from the standard ISO language code, you can specify +# which string to use instead. If you wish to use +# other than ISO charset for the specified language, +# you can add it's name (as accepted by iconv) as a +# third parameter in doublequotes. + +GenericLanguage "en" "en_GB" "utf-8" +GenericLanguage "de" "de" "utf-8" + +# AddVoice specifies which $VOICE string should be assigned to +# each language and symbolic voice name. All the voices you want +# to use must be specified here. This list will likely not be +# up-to-date, please check your mary installation and add the voices +# you want to use. + +AddVoice "en" "MALE1" "dfki-spike" +AddVoice "en" "FEMALE1" "dfki-prudence" +AddVoice "en" "CHILD_FEMALE" "dfki-poppy" +AddVoice "de" "MALE1" "dfki-pavoque-styles" + +# Debug turns debugging on or off +# See speechd.conf for information where debugging information is stored +Debug 0 + + +# Copyright (C) 2018 Florian Steinhardt +# +# This program is free software; you can redistribute it and/or modify it under +# the terms of the GNU General Public License as published by the Free Software +# Foundation; either version 2 of the License, or (at your option) any later +# version. +# +# This program is distributed in the hope that it will be useful, but WITHOUT ANY +# WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A +# PARTICULAR PURPOSE. See the GNU General Public License for more details (file +# COPYING in the root directory). +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . diff --git a/ssl/certs/1c7314a2.1 b/ssl/certs/1c7314a2.1 new file mode 120000 index 00000000..23f56055 --- /dev/null +++ b/ssl/certs/1c7314a2.1 @@ -0,0 +1 @@ +ssl-mail.pem \ No newline at end of file diff --git a/systemd/networkd.conf b/systemd/networkd.conf new file mode 100644 index 00000000..c5667da9 --- /dev/null +++ b/systemd/networkd.conf @@ -0,0 +1,20 @@ +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. +# +# Entries in this file show the compile time defaults. +# You can change settings by editing this file. +# Defaults can be restored by simply deleting this file. +# +# See networkd.conf(5) for details + +[Network] +#SpeedMeter=no +#SpeedMeterIntervalSec=10sec + +[DHCP] +#DUIDType=vendor +#DUIDRawData= diff --git a/systemd/pstore.conf b/systemd/pstore.conf new file mode 100644 index 00000000..93a8b670 --- /dev/null +++ b/systemd/pstore.conf @@ -0,0 +1,16 @@ +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. +# +# Entries in this file show the compile time defaults. +# You can change settings by editing this file. +# Defaults can be restored by simply deleting this file. +# +# See pstore.conf(5) for details. + +[PStore] +#Storage=external +#Unlink=yes diff --git a/systemd/sleep.conf b/systemd/sleep.conf new file mode 100644 index 00000000..dc2ed37f --- /dev/null +++ b/systemd/sleep.conf @@ -0,0 +1,25 @@ +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. +# +# Entries in this file show the compile time defaults. +# You can change settings by editing this file. +# Defaults can be restored by simply deleting this file. +# +# See systemd-sleep.conf(5) for details + +[Sleep] +#AllowSuspend=yes +#AllowHibernation=yes +#AllowSuspendThenHibernate=yes +#AllowHybridSleep=yes +#SuspendMode= +#SuspendState=mem standby freeze +#HibernateMode=platform shutdown +#HibernateState=disk +#HybridSleepMode=suspend platform shutdown +#HybridSleepState=disk +#HibernateDelaySec=180min diff --git a/systemd/system/multi-user.target.wants/dmesg.service b/systemd/system/multi-user.target.wants/dmesg.service new file mode 120000 index 00000000..d5129ae4 --- /dev/null +++ b/systemd/system/multi-user.target.wants/dmesg.service @@ -0,0 +1 @@ +/lib/systemd/system/dmesg.service \ No newline at end of file diff --git a/systemd/system/multi-user.target.wants/etckeeper.timer b/systemd/system/multi-user.target.wants/etckeeper.timer new file mode 120000 index 00000000..67b75d6a --- /dev/null +++ b/systemd/system/multi-user.target.wants/etckeeper.timer @@ -0,0 +1 @@ +/lib/systemd/system/etckeeper.timer \ No newline at end of file diff --git a/systemd/system/multi-user.target.wants/quotarpc.service b/systemd/system/multi-user.target.wants/quotarpc.service new file mode 120000 index 00000000..3d0bec79 --- /dev/null +++ b/systemd/system/multi-user.target.wants/quotarpc.service @@ -0,0 +1 @@ +/lib/systemd/system/quotarpc.service \ No newline at end of file diff --git a/systemd/system/sysinit.target.wants/quota.service b/systemd/system/sysinit.target.wants/quota.service new file mode 120000 index 00000000..a891a22c --- /dev/null +++ b/systemd/system/sysinit.target.wants/quota.service @@ -0,0 +1 @@ +/lib/systemd/system/quota.service \ No newline at end of file diff --git a/systemd/system/sysinit.target.wants/systemd-pstore.service b/systemd/system/sysinit.target.wants/systemd-pstore.service new file mode 120000 index 00000000..06e55a6f --- /dev/null +++ b/systemd/system/sysinit.target.wants/systemd-pstore.service @@ -0,0 +1 @@ +/lib/systemd/system/systemd-pstore.service \ No newline at end of file diff --git a/systemd/system/timers.target.wants/logrotate.timer b/systemd/system/timers.target.wants/logrotate.timer new file mode 120000 index 00000000..90f5322e --- /dev/null +++ b/systemd/system/timers.target.wants/logrotate.timer @@ -0,0 +1 @@ +/lib/systemd/system/logrotate.timer \ No newline at end of file diff --git a/x2go/Xresources b/x2go/Xresources new file mode 120000 index 00000000..a151bb08 --- /dev/null +++ b/x2go/Xresources @@ -0,0 +1 @@ +../X11/Xresources \ No newline at end of file diff --git a/x2go/Xsession b/x2go/Xsession new file mode 100755 index 00000000..346d0046 --- /dev/null +++ b/x2go/Xsession @@ -0,0 +1,240 @@ +#!/bin/bash +# +# /etc/x2go/Xsession +# +# X2Go Xsession file -- used by x2goserver Xsession.d add-on. + +# This file has been derived from the global Xsession file in Debian squeeze + +set -e + +X2GO_LIBEXEC_PATH="$(x2gopath libexec)"; + +PROGNAME=XSession-x2go + +message () { + # pretty-print messages of arbitrary length; use xmessage if it + # is available and $DISPLAY is set + MESSAGE="$PROGNAME: $*" + echo "$MESSAGE" | fold -s -w ${COLUMNS:-80} >&2 + if [ -n "$DISPLAY" ] && which xmessage 1> /dev/null 2>&1; then + echo "$MESSAGE" | fold -s -w ${COLUMNS:-80} | xmessage -center -file - + fi +} + +message_nonl () { + # pretty-print messages of arbitrary length (no trailing newline); use + # xmessage if it is available and $DISPLAY is set + MESSAGE="$PROGNAME: $*" + printf '%s' "$MESSAGE" | fold -s -w ${COLUMNS:-80} >&2; + if [ -n "$DISPLAY" ] && which xmessage 1> /dev/null 2>&1; then + printf '%s' "$MESSAGE" | fold -s -w ${COLUMNS:-80} | xmessage -center -file - + fi +} + +errormsg () { + # exit script with error + message "$*" + exit 1 +} + +internal_errormsg () { + # exit script with error; essentially a "THIS SHOULD NEVER HAPPEN" message + # One big call to message() for the sake of xmessage; if we had two then + # the user would have dismissed the error we want reported before seeing the + # request to report it. + errormsg "$*" \ + "Please report the installed version of the \"X2Go Server\"" \ + "package and the complete text of this error message to" \ + "." +} + +# Load profile +for file in "/etc/profile" "$HOME/.profile" "/etc/xprofile" "$HOME/.xprofile"; do + if [ -f "$file" ]; then + echo "Loading profile from $file"; + set +e + . "$file" + set -e + fi +done + +cur_hostname="$(hostname)" +if [ -z "${cur_hostname}" ] || [ "${cur_hostname}" = "(none)" ] || [ "${cur_hostname}" = "localhost" ]; then + errormsg "Hostname not set correctly; aborting." +fi + +# initialize variables for use by all session scripts + +OPTIONFILE=/etc/x2go/Xsession.options + +SYSRESOURCES=/etc/x2go/Xresources +USRRESOURCES=$HOME/.Xresources-x2go + +SYSSESSIONDIR=/etc/x2go/Xsession.d +USERXSESSION=$HOME/.xsession-x2go +USERXSESSIONRC=$HOME/.xsessionrc-x2go +ALTUSERXSESSION=$HOME/.Xsession-x2go +ERRFILE="${HOME}/.xsession-x2go-${cur_hostname}-errors" + +# Move the old error log file away. +if [ -f "${ERRFILE}" ]; then + if [ -L "${ERRFILE}" ]; then + resolved_errfile="$(perl -e 'use Cwd qw (abs_path); print abs_path ("' "${ERRFILE}" '") . "\n";')" + mv "${resolved_errfile}" "${resolved_errfile}.old" || errormsg "Unable to move symlinked old log/error file '${resolved_errfile}'; aborting." + else + mv "${ERRFILE}" "${ERRFILE}.old" || errormsg "Unable to move old log/error file '${ERRFILE}'; aborting." + fi +fi + +# attempt to create an error file; abort if we cannot +if (umask 177 && touch "$ERRFILE") 2> /dev/null && [ -w "$ERRFILE" ] && [ ! -L "$ERRFILE" ]; then + chmod 600 "$ERRFILE" +elif ERRFILE=$(umask 077 && mktemp 2> /dev/null); then + if ! ln -sf "$ERRFILE" "${TMPDIR:=/tmp}/xsession-x2go-${cur_hostname}-$USER"; then + message "warning: unable to symlink \"$TMPDIR/xsession-x2go-${cur_hostname}-$USER\" to" \ + "\"$ERRFILE\"; look for session log/errors in" \ + "\"$TMPDIR/xsession-x2go-$USER\"." + fi +else + errormsg "unable to create X session (X2Go) log/error file; aborting." +fi + +exec >>"$ERRFILE" 2>&1 + +echo "$PROGNAME: X session started for $LOGNAME at $(date)" + + +# Attempt to create a file of non-zero length in /tmp; a full filesystem can +# cause mysterious X session failures. We do not use touch, :, or test -w +# because they won't actually create a file with contents. We also let standard +# error from mktemp and echo go to the error file to aid the user in +# determining what went wrong. +WRITE_TEST=$(mktemp) +if ! echo "*" >>"$WRITE_TEST"; then + message "warning: unable to write to ${WRITE_TEST%/*}; X session (X2Go) may" \ + "exit with an error" +fi +rm -f "$WRITE_TEST" + + +if [ -f /etc/debian_version ] || [ -f /etc/devuan_version ]; then + + # sanity check; is our session script directory present? + if [ ! -d "$SYSSESSIONDIR" ]; then + errormsg "no \"$SYSSESSIONDIR\" directory found; aborting." + fi + + # use run-parts to source every file in the session directory; we source + # instead of executing so that the variables and functions defined above + # are available to the scripts, and so that they can pass variables to each + # other + + SESSIONFILES=$(run-parts --list $SYSSESSIONDIR) + SYSSESSIONDIR=/etc/x2go/Xsession.d + + SESSIONFILES=$(run-parts --list $SYSSESSIONDIR) + + ### source Xsession files + if [ -n "$SESSIONFILES" ]; then + + set +e + for SESSIONFILE in $SESSIONFILES; do + "$X2GO_LIBEXEC_PATH/x2gosyslog" "$0" "info" "executing $SESSIONFILE" + . $SESSIONFILE + done + set -e + fi +elif [ -f /etc/redhat-release ] || [ -f /etc/gentoo-release ] || [ -f /etc/SUSE-brand ] || [ -f /etc/SuSE-release ] || [ -f /etc/os-rt-release ]; then + + # define a fallback... (should never be needed). The XSESSION_EXEC var gets set in + # X2Go's x2goruncommand script and can be used with obsolete switchdesk or with + # Xclients.d scripts (also rarely used, see below...). + XSESSION_EXEC=${XSESSION_EXEC:-xterm} + + # Set up i18n environment + if [ -r /etc/profile.d/lang.sh ]; then + set +e + . /etc/profile.d/lang.sh + set -e + fi + + # merge in defaults + [ -r "$SYSRESOURCES" ] && xrdb -nocpp -merge "$SYSRESOURCES" + [ -r "$USRRESOURCES" ] && xrdb -merge "$USRRESOURCES" + + # RHEL's Xsession file for X11 allows playing with setxkbmap / xmodmap + # We provide this for compat, but disrecommend using it. Make sure to + # disable any Keyboard setup in X2Go Client / PyHoca-GUI if you want to + # use server-side key mappings. + USRMODMAP=$HOME/.Xmodmap-x2go + USRXKBMAP=$HOME/.Xkbmap-x2go + + SYSMODMAP=/etc/x2go/Xmodmap + SYSXKBMAP=/etc/x2go/Xkbmap + + # merge in keymaps + if [ -r "$SYSXKBMAP" ]; then + setxkbmap $(cat "$SYSXKBMAP") + XKB_IN_USE=yes + fi + + if [ -r "$USRXKBMAP" ]; then + setxkbmap $(cat "$USRXKBMAP") + XKB_IN_USE=yes + fi + + # xkb and xmodmap don't play nice together + if [ -z "$XKB_IN_USE" ]; then + [ -r "$SYSMODMAP" ] && xmodmap "$SYSMODMAP" + [ -r "$USRMODMAP" ] && xmodmap "$USRMODMAP" + fi + + unset XKB_IN_USE + + # run all system xinitrc shell scripts. + for file in /etc/x2go/xinitrc.d/* ; do + set +e + [ -r "$file" ] && . $file + set -e + done + + # Prefix launch of session with ssh-agent if available and not already running. + SSH_AGENT= + if [ -x /usr/bin/ssh-agent -a -z "$SSH_AGENT_PID" ]; then + if [ "x$TMPDIR" != "x" ]; then + SSH_AGENT="/usr/bin/ssh-agent /bin/env TMPDIR=$TMPDIR" + else + SSH_AGENT="/usr/bin/ssh-agent" + fi + fi + + CK_XINIT_SESSION= + if [ -x /usr/bin/ck-xinit-session -a -z "$XDG_SESSION_COOKIE" ]; then + CK_XINIT_SESSION="/usr/bin/ck-xinit-session" + fi + + # At the time of integrating X2Go Xsession support for RHEL6 / Fedora + # the Xsession stuff in Fedora/RHEL6 seems to be a little mess. + # The proposed strategy is to have Xclients.$WM.sh files in + # /etc/X11/xinit/Xclients.d. Currently, only wmx uses this mechanism. + # As it is a described but rather unused ,,standard'' we will not support it + # in X2Go for now, but leave it here as a reminder... + + # XCLIENTS_D=/etc/x2go/Xclients.d + #if [ -d "$XCLIENTS_D" -a -x "$XCLIENTS_D/Xclients.${XSESSION_EXEC}.sh" ]; then + # exec /bin/bash -c "exec -l \"$SHELL\" -c \"$CK_XINIT_SESSION $SSH_AGENT $XCLIENTS_D/Xclients.$1.sh\"" + #fi + + # switchdesk support is also totally deprecated in RHEL, but we leave it here + # as a reminder, as well, in case we need it in the future for special setups... + #if [ -x "$SWITCHDESKPATH/Xclients.${XSESSION_EXEC}" ]; then + # exec /bin/bash -c "exec -l \"$SHELL\" -c \"$SWITCHDESKPATH/Xclients.${XSESSION_EXEC}\"" + #fi + + exec $CK_XINIT_SESSION $SSH_AGENT /bin/bash -c "exec -l \"$SHELL\" -c \"$STARTUP\"" +else + errormsg 'Unknown operating system, XSession startup not implemented!' +fi + +exit 0 diff --git a/x2go/Xsession.d b/x2go/Xsession.d new file mode 120000 index 00000000..98d9801d --- /dev/null +++ b/x2go/Xsession.d @@ -0,0 +1 @@ +../X11/Xsession.d \ No newline at end of file diff --git a/x2go/Xsession.options b/x2go/Xsession.options new file mode 100644 index 00000000..e69de29b diff --git a/xattr.conf b/xattr.conf new file mode 100644 index 00000000..dcbc12c2 --- /dev/null +++ b/xattr.conf @@ -0,0 +1,21 @@ +# /etc/xattr.conf +# +# Format: +# +# +# Actions: +# permissions - copy when trying to preserve permissions. +# skip - do not copy. + +system.nfs4_acl permissions +system.nfs4acl permissions +system.posix_acl_access permissions +system.posix_acl_default permissions +trusted.SGI_ACL_DEFAULT skip # xfs specific +trusted.SGI_ACL_FILE skip # xfs specific +trusted.SGI_CAP_FILE skip # xfs specific +trusted.SGI_DMI_* skip # xfs specific +trusted.SGI_MAC_FILE skip # xfs specific +xfsroot.* skip # xfs specific; obsolete +user.Beagle.* skip # ignore Beagle index data +security.evm skip # may only be written by kernel diff --git a/xdg/autostart/geoclue-demo-agent.desktop b/xdg/autostart/geoclue-demo-agent.desktop new file mode 100644 index 00000000..8b919261 --- /dev/null +++ b/xdg/autostart/geoclue-demo-agent.desktop @@ -0,0 +1,10 @@ +[Desktop Entry] +Name=Geoclue Demo agent +GenericName=Demo geoclue agent +Keywords=geolocation; +Exec=/usr/libexec/geoclue-2.0/demos/agent +Icon=mark-location-symbolic +NotShowIn=GNOME; +NoDisplay=true +Terminal=false +Type=Application diff --git a/xdg/autostart/im-launch.desktop b/xdg/autostart/im-launch.desktop new file mode 100644 index 00000000..055b2d2b --- /dev/null +++ b/xdg/autostart/im-launch.desktop @@ -0,0 +1,5 @@ +[Desktop Entry] +Name=im-launch +Exec=sh -c 'if [ "x$XDG_SESSION_TYPE" = "xwayland" ] ; then exec env IM_CONFIG_CHECK_ENV=1 im-launch true; fi' +TryExec=im-launch +Type=Application diff --git a/xdg/autostart/xapp-sn-watcher.desktop b/xdg/autostart/xapp-sn-watcher.desktop new file mode 100644 index 00000000..119cd717 --- /dev/null +++ b/xdg/autostart/xapp-sn-watcher.desktop @@ -0,0 +1,8 @@ +[Desktop Entry] +Type=Application +Name=xapp-sn-watcher +Comment=A service that provides the org.kde.StatusNotifierWatcher interface for XApps + +Exec=/usr/libexec/xapps/sn-watcher/xapp-sn-watcher + +X-GNOME-Autostart-Phase=Panel -- 2.43.0