saving uncommitted changes in /etc prior to dnf run
This commit is contained in:
@@ -2468,6 +2468,7 @@ maybe chmod 0644 'logrotate.d/httpd'
|
||||
maybe chmod 0644 'logrotate.d/iptraf-ng'
|
||||
maybe chmod 0644 'logrotate.d/kvm_stat'
|
||||
maybe chmod 0644 'logrotate.d/lfd'
|
||||
maybe chmod 0644 'logrotate.d/mysecureshell'
|
||||
maybe chmod 0644 'logrotate.d/mysql'
|
||||
maybe chgrp 'named' 'logrotate.d/named'
|
||||
maybe chmod 0640 'logrotate.d/named'
|
||||
@@ -4671,6 +4672,7 @@ maybe chgrp 'sqlgrey' 'sqlgrey/sqlgrey.sql'
|
||||
maybe chmod 0640 'sqlgrey/sqlgrey.sql'
|
||||
maybe chmod 0755 'ssh'
|
||||
maybe chmod 0644 'ssh/moduli'
|
||||
maybe chmod 0644 'ssh/sftp_config'
|
||||
maybe chmod 0644 'ssh/ssh_config'
|
||||
maybe chmod 0755 'ssh/ssh_config.d'
|
||||
maybe chmod 0644 'ssh/ssh_config.d/05-redhat.conf'
|
||||
|
||||
1
group
1
group
@@ -101,3 +101,4 @@ cfb:x:1016:
|
||||
mailcow:x:1017:
|
||||
rundeck:x:1018:
|
||||
litecoin:x:1019:
|
||||
bogdan:x:1020:
|
||||
|
||||
1
group-
1
group-
@@ -100,3 +100,4 @@ _AodQqBu:x:1015:
|
||||
cfb:x:1016:
|
||||
mailcow:x:1017:
|
||||
rundeck:x:1018:
|
||||
litecoin:x:1019:
|
||||
|
||||
9
logrotate.d/mysecureshell
Normal file
9
logrotate.d/mysecureshell
Normal file
@@ -0,0 +1,9 @@
|
||||
/var/log/sftp-server.log {
|
||||
weekly
|
||||
size=500k
|
||||
rotate 10
|
||||
compress
|
||||
delaycompress
|
||||
missingok
|
||||
notifempty
|
||||
}
|
||||
1
passwd
1
passwd
@@ -72,3 +72,4 @@ cfb:x:1015:1016::/home/cfb:/bin/bash
|
||||
mailcow:x:1016:1017::/home/mailcow:/bin/bash
|
||||
rundeck:x:1017:1018::/var/lib/rundeck:/bin/bash
|
||||
litecoin:x:1018:1019::/opt/litecoin:/bin/bash
|
||||
bogdan:x:1019:1020::/home/bogdan:/usr/bin/mysecureshell
|
||||
|
||||
1
passwd-
1
passwd-
@@ -71,3 +71,4 @@ _AodQqBu:x:1014:1015:_AodQqBu:/mnt/volume-fra1-01/backup2021:/sbin/nologin
|
||||
cfb:x:1015:1016::/home/cfb:/bin/bash
|
||||
mailcow:x:1016:1017::/home/mailcow:/bin/bash
|
||||
rundeck:x:1017:1018::/var/lib/rundeck:/bin/bash
|
||||
litecoin:x:1018:1019::/opt/litecoin:/bin/bash
|
||||
|
||||
1
shadow
1
shadow
@@ -72,3 +72,4 @@ cfb:$6$qp3Fo53PpelMFPxu$kpw4lw/ODVjqSnohBn7MeduZuorwzWLD5QQGiZ5ARhGylK.56a7FswSh
|
||||
mailcow:$6$7vT203MTlIc8ROf0$VxXn56jKN5.UAPyXsgvv4r2XQDaL5yjo8Tk1We6rPS1eB7fRxbmIRMt8n4irsVtV4zhCwECzlZN8Q6kKezmwp0:18768:0:99999:7:30::
|
||||
rundeck:!!:18772:0:99999:7:30::
|
||||
litecoin:!!:18775:0:99999:7:30::
|
||||
bogdan:mCxaxi7Ck2FlI:18822:0:99999:7:30::
|
||||
|
||||
1
shadow-
1
shadow-
@@ -71,3 +71,4 @@ _AodQqBu:$1$SrfZx/5I$Xw.KOzTE2gE7eBTcbP7sB.:18658:0:99999:7:30::
|
||||
cfb:$6$qp3Fo53PpelMFPxu$kpw4lw/ODVjqSnohBn7MeduZuorwzWLD5QQGiZ5ARhGylK.56a7FswSh/OaN/LcXYR3I92ZUshb9vgsOoksSr0:18731:0:99999:7:30::
|
||||
mailcow:$6$7vT203MTlIc8ROf0$VxXn56jKN5.UAPyXsgvv4r2XQDaL5yjo8Tk1We6rPS1eB7fRxbmIRMt8n4irsVtV4zhCwECzlZN8Q6kKezmwp0:18768:0:99999:7:30::
|
||||
rundeck:!!:18772:0:99999:7:30::
|
||||
litecoin:!!:18775:0:99999:7:30::
|
||||
|
||||
91
ssh/sftp_config
Normal file
91
ssh/sftp_config
Normal file
@@ -0,0 +1,91 @@
|
||||
## MySecureShell Configuration File ##
|
||||
#Default rules for everybody
|
||||
<Default>
|
||||
GlobalDownload 0 #total speed download for all clients
|
||||
# o -> bytes k -> kilo bytes m -> mega bytes
|
||||
GlobalUpload 0 #total speed download for all clients (0 for unlimited)
|
||||
Download 0 #limit speed download for each connection
|
||||
Upload 0 #unlimit speed upload for each connection
|
||||
StayAtHome true #limit client to his home
|
||||
VirtualChroot true #fake a chroot to the home account
|
||||
LimitConnection 30 #max connection for the server sftp
|
||||
LimitConnectionByUser 10 #max connection for the account
|
||||
LimitConnectionByIP 10 #max connection by ip for the account
|
||||
# Home /var/www/ #overrite home of the user but if you want you can use
|
||||
# environment variable (ie: Home /home/$USER)
|
||||
IdleTimeOut 600 #(in second) deconnect client is idle too long time
|
||||
ResolveIP false #resolve ip to dns
|
||||
# IgnoreHidden true #treat all hidden files as if they don't exist
|
||||
# DirFakeUser true #Hide real file/directory owner (just change displayed permissions)
|
||||
# DirFakeGroup true #Hide real file/directory group (just change displayed permissions)
|
||||
# DirFakeMode 0400 #Hide real file/directory rights (just change displayed permissions)
|
||||
#Add execution right for directory if read right is set
|
||||
# HideFiles "^(lost\+found|public_html)$" #Hide file/directory which match
|
||||
#this extented POSIX regex
|
||||
HideNoAccess true #Hide file/directory which user has no access
|
||||
# MaxOpenFilesForUser 20 #limit user to open x files on same time
|
||||
# MaxWriteFilesForUser 10 #limit user to x upload on same time
|
||||
# MaxReadFilesForUser 10 #limit user to x download on same time
|
||||
DefaultRights 0664 0775 #Set default rights for new file and new directory
|
||||
# MinimumRights 0400 0700 #Set minimum rights for files and dirs
|
||||
|
||||
# PathDenyFilter "^\." #deny upload of directory/file which match this extented POSIX regex
|
||||
|
||||
ShowLinksAsLinks false #show links as their destinations
|
||||
# ConnectionMaxLife 1d #limits connection lifetime to 1 day
|
||||
|
||||
# Charset "ISO-8859-15" #set charset of computer
|
||||
# GMTTime +1 #set GMT Time (change if necessary)
|
||||
</Default>
|
||||
|
||||
#Rules only for group ftp
|
||||
#<Group ftp>
|
||||
# Download 25 k/s
|
||||
# LogFile /var/log/sftp-server_ftp.log #Change logfile
|
||||
# ExpireDate "2007-02-28 18:31:01"
|
||||
#</Group>
|
||||
|
||||
#<Group sftp_administrator>
|
||||
# IsAdmin true #can admin the server
|
||||
# VirtualChroot false #you must disable chroot to have a full support of admin
|
||||
# StayAtHome true
|
||||
# IdleTimeOut 0
|
||||
#</Group>
|
||||
|
||||
#<Group old_client>
|
||||
# SftpProtocol 3 #force protocol SFTP
|
||||
# DisableAccount true #disable account
|
||||
#</Group>
|
||||
|
||||
#Rules only for group ftpnolimit
|
||||
#<Group ftpnolimit>
|
||||
# Download 0 #0 = unlimited
|
||||
# IdleTimeOut 0 #no timeout
|
||||
# DirFakeUser false #show real user on file/directory
|
||||
# DirFakeGroup false #show real group on file/directory
|
||||
# DirFakeMode 0 #show real rights on file/directory
|
||||
# HideFiles "" #show all files
|
||||
# MaxReadFilesForUser 0 #0 = unlimited but still have the restriction MaxOpenFilesForUser
|
||||
#</Group>
|
||||
|
||||
#<IpRange 192.168.0.1-192.168.0.5>
|
||||
# ByPassGlobalDownload true #bypass GlobalDownload restriction
|
||||
# ByPassGlobalUpload true #bypass GlobalUpload restriction
|
||||
# Download 0
|
||||
# DisableAccount false #enable account
|
||||
# IdleTimeOut 0 #disable timeout
|
||||
# LimitConnectionByIP 0 #no limit
|
||||
#</IpRange>
|
||||
|
||||
#<Group trusted_users>
|
||||
# Shell /bin/tcsh #give a shell access to TRUSTED clients !!!
|
||||
#</Group>
|
||||
|
||||
#<VirtualHost *:22>
|
||||
# DirFakeUser false #show real user on file/directory
|
||||
# DirFakeGroup false #show real group on file/directory
|
||||
# DirFakeMode 0 #show real rights on file/directory
|
||||
# HideNoAccess false
|
||||
# IgnoreHidden false
|
||||
#</VirtualHost>
|
||||
|
||||
1
subgid
1
subgid
@@ -16,3 +16,4 @@ cfb:1017504:65536
|
||||
mailcow:1083040:65536
|
||||
rundeck:1148576:65536
|
||||
litecoin:1214112:65536
|
||||
bogdan:1279648:65536
|
||||
|
||||
1
subgid-
1
subgid-
@@ -15,3 +15,4 @@ _AodQqBu:951968:65536
|
||||
cfb:1017504:65536
|
||||
mailcow:1083040:65536
|
||||
rundeck:1148576:65536
|
||||
litecoin:1214112:65536
|
||||
|
||||
1
subuid
1
subuid
@@ -16,3 +16,4 @@ cfb:1017504:65536
|
||||
mailcow:1083040:65536
|
||||
rundeck:1148576:65536
|
||||
litecoin:1214112:65536
|
||||
bogdan:1279648:65536
|
||||
|
||||
Reference in New Issue
Block a user