bogdan/zira-etc
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

committing changes in /etc made by "-bash"

Browse Source 
Package changes:
This commit is contained in:
Bogdan Stoica
2021-06-09 00:33:58 +03:00
parent d42ab03d35
commit 2ed007934d
110 changed files with 3132 additions and 135 deletions
Download Patch File Download Diff File Expand all files Collapse all files

91
.etckeeper
View File

@@ -298,7 +298,7 @@ maybe chmod 0644 'cron.d/csf-cron'
maybe chmod 0600 'cron.d/csf_update'
maybe chmod 0644 'cron.d/lfd-cron'
maybe chmod 0644 'cron.d/maldet_pub'
maybe chmod 0700 'cron.daily'
maybe chmod 0755 'cron.daily'
maybe chmod 0750 'cron.daily/aide'
maybe chmod 0700 'cron.daily/csget'
maybe chmod 0755 'cron.daily/etckeeper'
@@ -306,12 +306,12 @@ maybe chmod 0755 'cron.daily/logrotate'
maybe chmod 0755 'cron.daily/maldet'
maybe chmod 0755 'cron.daily/rkhunter'
maybe chmod 0600 'cron.deny'
maybe chmod 0700 'cron.hourly'
maybe chmod 0755 'cron.hourly'
maybe chmod 0755 'cron.hourly/0anacron'
maybe chmod 0700 'cron.monthly'
maybe chmod 0755 'cron.monthly'
maybe chmod 0755 'cron.monthly/psacct'
maybe chmod 0700 'cron.weekly'
maybe chmod 0600 'crontab'
maybe chmod 0755 'cron.weekly'
maybe chmod 0644 'crontab'
maybe chmod 0755 'crypto-policies'
maybe chmod 0755 'crypto-policies/back-ends'
maybe chmod 0644 'crypto-policies/back-ends/nss.config'
@@ -933,6 +933,7 @@ maybe chmod 0644 'httpd/conf.d/perl.conf'
maybe chmod 0644 'httpd/conf.d/perl.conf.rpmnew'
maybe chmod 0644 'httpd/conf.d/php.conf'
maybe chmod 0644 'httpd/conf.d/phpmyadmin.conf'
maybe chmod 0644 'httpd/conf.d/ssl.conf'
maybe chmod 0644 'httpd/conf.d/ssl.conf_disabled'
maybe chmod 0644 'httpd/conf.d/userdir.conf'
maybe chmod 0644 'httpd/conf.d/welcome.conf'
@@ -977,23 +978,23 @@ maybe chmod 0644 'issue.net'
maybe chmod 0644 'issue.rpmnew'
maybe chmod 0755 'java'
maybe chmod 0755 'java/java-1.8.0-openjdk'
maybe chmod 0755 'java/java-1.8.0-openjdk/java-1.8.0-openjdk-1.8.0.292.b10-0.el8_3.x86_64'
maybe chmod 0755 'java/java-1.8.0-openjdk/java-1.8.0-openjdk-1.8.0.292.b10-0.el8_3.x86_64/lib'
maybe chmod 0644 'java/java-1.8.0-openjdk/java-1.8.0-openjdk-1.8.0.292.b10-0.el8_3.x86_64/lib/calendars.properties'
maybe chmod 0644 'java/java-1.8.0-openjdk/java-1.8.0-openjdk-1.8.0.292.b10-0.el8_3.x86_64/lib/logging.properties'
maybe chmod 0755 'java/java-1.8.0-openjdk/java-1.8.0-openjdk-1.8.0.292.b10-0.el8_3.x86_64/lib/security'
maybe chmod 0644 'java/java-1.8.0-openjdk/java-1.8.0-openjdk-1.8.0.292.b10-0.el8_3.x86_64/lib/security/blacklisted.certs'
maybe chmod 0644 'java/java-1.8.0-openjdk/java-1.8.0-openjdk-1.8.0.292.b10-0.el8_3.x86_64/lib/security/java.policy'
maybe chmod 0644 'java/java-1.8.0-openjdk/java-1.8.0-openjdk-1.8.0.292.b10-0.el8_3.x86_64/lib/security/java.security'
maybe chmod 0644 'java/java-1.8.0-openjdk/java-1.8.0-openjdk-1.8.0.292.b10-0.el8_3.x86_64/lib/security/nss.cfg'
maybe chmod 0644 'java/java-1.8.0-openjdk/java-1.8.0-openjdk-1.8.0.292.b10-0.el8_3.x86_64/lib/security/nss.fips.cfg'
maybe chmod 0755 'java/java-1.8.0-openjdk/java-1.8.0-openjdk-1.8.0.292.b10-0.el8_3.x86_64/lib/security/policy'
maybe chmod 0755 'java/java-1.8.0-openjdk/java-1.8.0-openjdk-1.8.0.292.b10-0.el8_3.x86_64/lib/security/policy/limited'
maybe chmod 0644 'java/java-1.8.0-openjdk/java-1.8.0-openjdk-1.8.0.292.b10-0.el8_3.x86_64/lib/security/policy/limited/US_export_policy.jar'
maybe chmod 0644 'java/java-1.8.0-openjdk/java-1.8.0-openjdk-1.8.0.292.b10-0.el8_3.x86_64/lib/security/policy/limited/local_policy.jar'
maybe chmod 0755 'java/java-1.8.0-openjdk/java-1.8.0-openjdk-1.8.0.292.b10-0.el8_3.x86_64/lib/security/policy/unlimited'
maybe chmod 0644 'java/java-1.8.0-openjdk/java-1.8.0-openjdk-1.8.0.292.b10-0.el8_3.x86_64/lib/security/policy/unlimited/US_export_policy.jar'
maybe chmod 0644 'java/java-1.8.0-openjdk/java-1.8.0-openjdk-1.8.0.292.b10-0.el8_3.x86_64/lib/security/policy/unlimited/local_policy.jar'
maybe chmod 0755 'java/java-1.8.0-openjdk/java-1.8.0-openjdk-1.8.0.292.b10-1.el8_4.x86_64'
maybe chmod 0755 'java/java-1.8.0-openjdk/java-1.8.0-openjdk-1.8.0.292.b10-1.el8_4.x86_64/lib'
maybe chmod 0644 'java/java-1.8.0-openjdk/java-1.8.0-openjdk-1.8.0.292.b10-1.el8_4.x86_64/lib/calendars.properties'
maybe chmod 0644 'java/java-1.8.0-openjdk/java-1.8.0-openjdk-1.8.0.292.b10-1.el8_4.x86_64/lib/logging.properties'
maybe chmod 0755 'java/java-1.8.0-openjdk/java-1.8.0-openjdk-1.8.0.292.b10-1.el8_4.x86_64/lib/security'
maybe chmod 0644 'java/java-1.8.0-openjdk/java-1.8.0-openjdk-1.8.0.292.b10-1.el8_4.x86_64/lib/security/blacklisted.certs'
maybe chmod 0644 'java/java-1.8.0-openjdk/java-1.8.0-openjdk-1.8.0.292.b10-1.el8_4.x86_64/lib/security/java.policy'
maybe chmod 0644 'java/java-1.8.0-openjdk/java-1.8.0-openjdk-1.8.0.292.b10-1.el8_4.x86_64/lib/security/java.security'
maybe chmod 0644 'java/java-1.8.0-openjdk/java-1.8.0-openjdk-1.8.0.292.b10-1.el8_4.x86_64/lib/security/nss.cfg'
maybe chmod 0644 'java/java-1.8.0-openjdk/java-1.8.0-openjdk-1.8.0.292.b10-1.el8_4.x86_64/lib/security/nss.fips.cfg'
maybe chmod 0755 'java/java-1.8.0-openjdk/java-1.8.0-openjdk-1.8.0.292.b10-1.el8_4.x86_64/lib/security/policy'
maybe chmod 0755 'java/java-1.8.0-openjdk/java-1.8.0-openjdk-1.8.0.292.b10-1.el8_4.x86_64/lib/security/policy/limited'
maybe chmod 0644 'java/java-1.8.0-openjdk/java-1.8.0-openjdk-1.8.0.292.b10-1.el8_4.x86_64/lib/security/policy/limited/US_export_policy.jar'
maybe chmod 0644 'java/java-1.8.0-openjdk/java-1.8.0-openjdk-1.8.0.292.b10-1.el8_4.x86_64/lib/security/policy/limited/local_policy.jar'
maybe chmod 0755 'java/java-1.8.0-openjdk/java-1.8.0-openjdk-1.8.0.292.b10-1.el8_4.x86_64/lib/security/policy/unlimited'
maybe chmod 0644 'java/java-1.8.0-openjdk/java-1.8.0-openjdk-1.8.0.292.b10-1.el8_4.x86_64/lib/security/policy/unlimited/US_export_policy.jar'
maybe chmod 0644 'java/java-1.8.0-openjdk/java-1.8.0-openjdk-1.8.0.292.b10-1.el8_4.x86_64/lib/security/policy/unlimited/local_policy.jar'
maybe chmod 0755 'java/security'
maybe chmod 0755 'java/security/security.d'
maybe chmod 0755 'jvm'
@@ -1014,9 +1015,9 @@ maybe chmod 0755 'ld.so.conf.d'
maybe chmod 0644 'ld.so.conf.d/bind-export-x86_64.conf'
maybe chmod 0644 'ld.so.conf.d/dyninst-x86_64.conf'
maybe chmod 0444 'ld.so.conf.d/kernel-4.18.0-193.6.3.el8_2.x86_64.conf'
maybe chmod 0444 'ld.so.conf.d/kernel-4.18.0-240.10.1.el8_3.x86_64.conf'
maybe chmod 0444 'ld.so.conf.d/kernel-4.18.0-240.15.1.el8_3.x86_64.conf'
maybe chmod 0444 'ld.so.conf.d/kernel-4.18.0-240.22.1.el8_3.x86_64.conf'
maybe chmod 0444 'ld.so.conf.d/kernel-4.18.0-305.3.1.el8.x86_64.conf'
maybe chmod 0755 'letsencrypt'
maybe chown 'setroubleshoot' 'letsencrypt/.updated-options-ssl-apache-conf-digest.txt'
maybe chgrp 'setroubleshoot' 'letsencrypt/.updated-options-ssl-apache-conf-digest.txt'
@@ -2426,6 +2427,19 @@ maybe chmod 0640 'letsencrypt/renewal/zira.898.ro.conf'
maybe chmod 0644 'letsencrypt/renewal/zira.go.ro.conf'
maybe chmod 0640 'letsencrypt/ssl-dhparams.pem'
maybe chmod 0640 'libaudit.conf'
maybe chmod 0755 'libibverbs.d'
maybe chmod 0644 'libibverbs.d/bnxt_re.driver'
maybe chmod 0644 'libibverbs.d/cxgb4.driver'
maybe chmod 0644 'libibverbs.d/efa.driver'
maybe chmod 0644 'libibverbs.d/hfi1verbs.driver'
maybe chmod 0644 'libibverbs.d/hns.driver'
maybe chmod 0644 'libibverbs.d/i40iw.driver'
maybe chmod 0644 'libibverbs.d/mlx4.driver'
maybe chmod 0644 'libibverbs.d/mlx5.driver'
maybe chmod 0644 'libibverbs.d/qedr.driver'
maybe chmod 0644 'libibverbs.d/rxe.driver'
maybe chmod 0644 'libibverbs.d/siw.driver'
maybe chmod 0644 'libibverbs.d/vmw_pvrdma.driver'
maybe chmod 0755 'libnl'
maybe chmod 0644 'libnl/classid'
maybe chmod 0644 'libnl/pktloc'
@@ -2454,6 +2468,7 @@ maybe chmod 0644 'logrotate.d/fail2ban'
maybe chmod 0644 'logrotate.d/firewalld'
maybe chmod 0644 'logrotate.d/httpd'
maybe chmod 0644 'logrotate.d/iptraf-ng'
maybe chmod 0644 'logrotate.d/kvm_stat'
maybe chmod 0644 'logrotate.d/lfd'
maybe chmod 0644 'logrotate.d/mysql'
maybe chgrp 'named' 'logrotate.d/named'
@@ -2631,6 +2646,7 @@ maybe chmod 0644 'mail/spamassassin/v330.pre'
maybe chmod 0644 'mail/spamassassin/v340.pre'
maybe chmod 0644 'mail/spamassassin/v341.pre'
maybe chmod 0644 'mail/spamassassin/v342.pre'
maybe chmod 0644 'mail/spamassassin/v343.pre'
maybe chmod 0644 'mail/spamassassin/wrongmx.pm'
maybe chmod 0644 'mailcap'
maybe chmod 0644 'man_db.conf'
@@ -3075,11 +3091,13 @@ maybe chmod 0644 'modprobe.d/blacklist-firewire.conf'
maybe chmod 0640 'modprobe.d/cramfs.conf'
maybe chmod 0644 'modprobe.d/firewalld-sysctls.conf'
maybe chmod 0644 'modprobe.d/lockd.conf'
maybe chmod 0644 'modprobe.d/mlx4.conf'
maybe chmod 0644 'modprobe.d/nodccp.conf'
maybe chmod 0644 'modprobe.d/rds.conf'
maybe chmod 0644 'modprobe.d/sctp.conf'
maybe chmod 0640 'modprobe.d/squashfs.conf'
maybe chmod 0644 'modprobe.d/tipc.conf'
maybe chmod 0644 'modprobe.d/truescale.conf'
maybe chmod 0644 'modprobe.d/tuned.conf'
maybe chmod 0640 'modprobe.d/udf.conf'
maybe chmod 0640 'modprobe.d/vfat.conf'
@@ -3591,8 +3609,6 @@ maybe chmod 0644 'nginx/conf.d/mail.club3d.ro.conf'
maybe chown 'nginx' 'nginx/conf.d/padmin.club3d.ro.conf'
maybe chgrp 'nginx' 'nginx/conf.d/padmin.club3d.ro.conf'
maybe chmod 0640 'nginx/conf.d/padmin.club3d.ro.conf'
maybe chown 'nginx' 'nginx/conf.d/php-fpm.conf'
maybe chgrp 'nginx' 'nginx/conf.d/php-fpm.conf'
maybe chmod 0644 'nginx/conf.d/php-fpm.conf'
maybe chown 'nginx' 'nginx/conf.d/rspamd.club3d.ro.conf'
maybe chgrp 'nginx' 'nginx/conf.d/rspamd.club3d.ro.conf'
@@ -4028,6 +4044,7 @@ maybe chmod 0640 'postfix/_sql/mysql_virtual_mailbox_maps.cf'
maybe chmod 0644 'postfix/access'
maybe chgrp 'postfix' 'postfix/access.db'
maybe chmod 0640 'postfix/access.db'
maybe chmod 0644 'postfix/access.rpmnew'
maybe chgrp 'postfix' 'postfix/blacklist'
maybe chmod 0640 'postfix/blacklist'
maybe chgrp 'postfix' 'postfix/blacklist.db'
@@ -4038,6 +4055,7 @@ maybe chgrp 'postfix' 'postfix/body_checks.db'
maybe chmod 0640 'postfix/body_checks.db'
maybe chmod 0640 'postfix/ca-certificates-2019.2.32-76.el7_7.noarch.rpm'
maybe chmod 0644 'postfix/canonical'
maybe chmod 0644 'postfix/canonical.rpmnew'
maybe chgrp 'postfix' 'postfix/check_client_access'
maybe chmod 0640 'postfix/check_client_access'
maybe chgrp 'postfix' 'postfix/check_client_access.db'
@@ -4069,9 +4087,11 @@ maybe chgrp 'postfix' 'postfix/helo_access.pcre.db'
maybe chmod 0640 'postfix/helo_access.pcre.db'
maybe chmod 0644 'postfix/main.cf'
maybe chmod 0644 'postfix/main.cf.proto'
maybe chmod 0644 'postfix/main.cf.rpmnew'
maybe chmod 0644 'postfix/master.cf'
maybe chmod 0644 'postfix/master.cf.bkp'
maybe chmod 0644 'postfix/master.cf.proto'
maybe chmod 0644 'postfix/master.cf.rpmnew'
maybe chgrp 'postfix' 'postfix/mime_header_checks'
maybe chmod 0640 'postfix/mime_header_checks'
maybe chgrp 'postfix' 'postfix/mynetworks'
@@ -4152,9 +4172,11 @@ maybe chmod 0640 'postfix/submission_header_cleanup'
maybe chmod 0644 'postfix/transport'
maybe chgrp 'postfix' 'postfix/transport.db'
maybe chmod 0640 'postfix/transport.db'
maybe chmod 0644 'postfix/transport.rpmnew'
maybe chmod 0644 'postfix/virtual'
maybe chgrp 'postfix' 'postfix/virtual.db'
maybe chmod 0640 'postfix/virtual.db'
maybe chmod 0644 'postfix/virtual.rpmnew'
maybe chgrp 'postfix' 'postfix/virtual_regexp'
maybe chmod 0640 'postfix/virtual_regexp'
maybe chmod 0755 'ppp'
@@ -4286,6 +4308,7 @@ maybe chmod 0755 'pyzor'
maybe chmod 0755 'qemu-ga'
maybe chmod 0755 'qemu-ga/fsfreeze-hook'
maybe chmod 0755 'qemu-ga/fsfreeze-hook.d'
maybe chmod 0755 'qemu-kvm'
maybe chmod 0755 'rc.d'
maybe chmod 0755 'rc.d/init.d'
maybe chmod 0644 'rc.d/init.d/README'
@@ -4303,6 +4326,14 @@ maybe chmod 0755 'rc.d/rc3.d'
maybe chmod 0755 'rc.d/rc4.d'
maybe chmod 0755 'rc.d/rc5.d'
maybe chmod 0755 'rc.d/rc6.d'
maybe chmod 0755 'rdma'
maybe chmod 0644 'rdma/mlx4.conf'
maybe chmod 0755 'rdma/modules'
maybe chmod 0644 'rdma/modules/infiniband.conf'
maybe chmod 0644 'rdma/modules/iwarp.conf'
maybe chmod 0644 'rdma/modules/opa.conf'
maybe chmod 0644 'rdma/modules/rdma.conf'
maybe chmod 0644 'rdma/modules/roce.conf'
maybe chmod 0644 'rearj.cfg'
maybe chmod 0755 'redhat-lsb'
maybe chmod 0755 'redhat-lsb/lsb_killproc'
@@ -4684,9 +4715,6 @@ maybe chmod 0644 'sysconfig/anaconda'
maybe chmod 0644 'sysconfig/arpwatch'
maybe chmod 0644 'sysconfig/atd'
maybe chmod 0644 'sysconfig/authconfig'
maybe chmod 0755 'sysconfig/cbq'
maybe chmod 0644 'sysconfig/cbq/avpkt'
maybe chmod 0644 'sysconfig/cbq/cbq-0000.example'
maybe chmod 0644 'sysconfig/certbot'
maybe chmod 0644 'sysconfig/chronyd'
maybe chmod 0755 'sysconfig/console'
@@ -4811,9 +4839,8 @@ maybe chmod 0755 'systemd/system/vmtoolsd.service.requires'
maybe chmod 0755 'systemd/user'
maybe chmod 0644 'systemd/user.conf'
maybe chmod 0755 'systemd/user/sockets.target.wants'
maybe chown 'tss' 'tcsd.conf'
maybe chgrp 'tss' 'tcsd.conf'
maybe chmod 0600 'tcsd.conf'
maybe chmod 0640 'tcsd.conf'
maybe chmod 0755 'terminfo'
maybe chmod 0755 'tmpfiles.d'
maybe chmod 0644 'tmpfiles.d/clamav.conf'
@@ -4830,11 +4857,15 @@ maybe chmod 0755 'udev'
maybe chmod 0444 'udev/hwdb.bin'
maybe chmod 0755 'udev/hwdb.d'
maybe chmod 0755 'udev/rules.d'
maybe chmod 0644 'udev/rules.d/70-persistent-ipoib.rules'
maybe chmod 0644 'udev/rules.d/70-snap.snapd.rules'
maybe chmod 0644 'udev/rules.d/75-cd-aliases-generator.rules'
maybe chmod 0644 'udev/rules.d/75-persistent-net-generator.rules'
maybe chmod 0644 'udev/rules.d/90-bcrypt-device-permissions.rules'
maybe chmod 0644 'udev/udev.conf'
maybe chmod 0755 'unbound'
maybe chmod 0644 'unbound/icannbundle.pem'
maybe chmod 0644 'unbound/root.key'
maybe chmod 0644 'updatedb.conf'
maybe chmod 0644 'vconsole.conf'
maybe chmod 0644 'vimrc'

2
alternatives/alt-java
View File

@@ -1 +1 @@
/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.292.b10-0.el8_3.x86_64/jre/bin/alt-java
/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.292.b10-1.el8_4.x86_64/jre/bin/alt-java

2
alternatives/alt-java.1.gz
View File

@@ -1 +1 @@
/usr/share/man/man1/alt-java-java-1.8.0-openjdk-1.8.0.292.b10-0.el8_3.x86_64.1.gz
/usr/share/man/man1/alt-java-java-1.8.0-openjdk-1.8.0.292.b10-1.el8_4.x86_64.1.gz

2
alternatives/java
View File

@@ -1 +1 @@
/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.292.b10-0.el8_3.x86_64/jre/bin/java
/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.292.b10-1.el8_4.x86_64/jre/bin/java

2
alternatives/java.1.gz
View File

@@ -1 +1 @@
/usr/share/man/man1/java-java-1.8.0-openjdk-1.8.0.292.b10-0.el8_3.x86_64.1.gz
/usr/share/man/man1/java-java-1.8.0-openjdk-1.8.0.292.b10-1.el8_4.x86_64.1.gz

2
alternatives/jjs
View File

@@ -1 +1 @@
/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.292.b10-0.el8_3.x86_64/jre/bin/jjs
/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.292.b10-1.el8_4.x86_64/jre/bin/jjs

2
alternatives/jjs.1.gz
View File

@@ -1 +1 @@
/usr/share/man/man1/jjs-java-1.8.0-openjdk-1.8.0.292.b10-0.el8_3.x86_64.1.gz
/usr/share/man/man1/jjs-java-1.8.0-openjdk-1.8.0.292.b10-1.el8_4.x86_64.1.gz

2
alternatives/jre
View File

@@ -1 +1 @@
/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.292.b10-0.el8_3.x86_64/jre
/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.292.b10-1.el8_4.x86_64/jre

2
alternatives/jre_1.8.0
View File

@@ -1 +1 @@
/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.292.b10-0.el8_3.x86_64/jre
/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.292.b10-1.el8_4.x86_64/jre

2
alternatives/jre_1.8.0_openjdk
View File

@@ -1 +1 @@
/usr/lib/jvm/jre-1.8.0-openjdk-1.8.0.292.b10-0.el8_3.x86_64
/usr/lib/jvm/jre-1.8.0-openjdk-1.8.0.292.b10-1.el8_4.x86_64

2
alternatives/jre_openjdk
View File

@@ -1 +1 @@
/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.292.b10-0.el8_3.x86_64/jre
/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.292.b10-1.el8_4.x86_64/jre

2
alternatives/keytool
View File

@@ -1 +1 @@
/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.292.b10-0.el8_3.x86_64/jre/bin/keytool
/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.292.b10-1.el8_4.x86_64/jre/bin/keytool

2
alternatives/keytool.1.gz
View File

@@ -1 +1 @@
/usr/share/man/man1/keytool-java-1.8.0-openjdk-1.8.0.292.b10-0.el8_3.x86_64.1.gz
/usr/share/man/man1/keytool-java-1.8.0-openjdk-1.8.0.292.b10-1.el8_4.x86_64.1.gz

2
alternatives/orbd
View File

@@ -1 +1 @@
/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.292.b10-0.el8_3.x86_64/jre/bin/orbd
/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.292.b10-1.el8_4.x86_64/jre/bin/orbd

2
alternatives/orbd.1.gz
View File

@@ -1 +1 @@
/usr/share/man/man1/orbd-java-1.8.0-openjdk-1.8.0.292.b10-0.el8_3.x86_64.1.gz
/usr/share/man/man1/orbd-java-1.8.0-openjdk-1.8.0.292.b10-1.el8_4.x86_64.1.gz

2
alternatives/pack200
View File

@@ -1 +1 @@
/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.292.b10-0.el8_3.x86_64/jre/bin/pack200
/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.292.b10-1.el8_4.x86_64/jre/bin/pack200

2
alternatives/pack200.1.gz
View File

@@ -1 +1 @@
/usr/share/man/man1/pack200-java-1.8.0-openjdk-1.8.0.292.b10-0.el8_3.x86_64.1.gz
/usr/share/man/man1/pack200-java-1.8.0-openjdk-1.8.0.292.b10-1.el8_4.x86_64.1.gz

2
alternatives/policytool
View File

@@ -1 +1 @@
/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.292.b10-0.el8_3.x86_64/jre/bin/policytool
/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.292.b10-1.el8_4.x86_64/jre/bin/policytool

2
alternatives/policytool.1.gz
View File

@@ -1 +1 @@
/usr/share/man/man1/policytool-java-1.8.0-openjdk-1.8.0.292.b10-0.el8_3.x86_64.1.gz
/usr/share/man/man1/policytool-java-1.8.0-openjdk-1.8.0.292.b10-1.el8_4.x86_64.1.gz

2
alternatives/rmid
View File

@@ -1 +1 @@
/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.292.b10-0.el8_3.x86_64/jre/bin/rmid
/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.292.b10-1.el8_4.x86_64/jre/bin/rmid

2
alternatives/rmid.1.gz
View File

@@ -1 +1 @@
/usr/share/man/man1/rmid-java-1.8.0-openjdk-1.8.0.292.b10-0.el8_3.x86_64.1.gz
/usr/share/man/man1/rmid-java-1.8.0-openjdk-1.8.0.292.b10-1.el8_4.x86_64.1.gz

2
alternatives/rmiregistry
View File

@@ -1 +1 @@
/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.292.b10-0.el8_3.x86_64/jre/bin/rmiregistry
/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.292.b10-1.el8_4.x86_64/jre/bin/rmiregistry

2
alternatives/rmiregistry.1.gz
View File

@@ -1 +1 @@
/usr/share/man/man1/rmiregistry-java-1.8.0-openjdk-1.8.0.292.b10-0.el8_3.x86_64.1.gz
/usr/share/man/man1/rmiregistry-java-1.8.0-openjdk-1.8.0.292.b10-1.el8_4.x86_64.1.gz

2
alternatives/servertool
View File

@@ -1 +1 @@
/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.292.b10-0.el8_3.x86_64/jre/bin/servertool
/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.292.b10-1.el8_4.x86_64/jre/bin/servertool

2
alternatives/servertool.1.gz
View File

@@ -1 +1 @@
/usr/share/man/man1/servertool-java-1.8.0-openjdk-1.8.0.292.b10-0.el8_3.x86_64.1.gz
/usr/share/man/man1/servertool-java-1.8.0-openjdk-1.8.0.292.b10-1.el8_4.x86_64.1.gz

2
alternatives/tnameserv
View File

@@ -1 +1 @@
/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.292.b10-0.el8_3.x86_64/jre/bin/tnameserv
/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.292.b10-1.el8_4.x86_64/jre/bin/tnameserv

2
alternatives/tnameserv.1.gz
View File

@@ -1 +1 @@
/usr/share/man/man1/tnameserv-java-1.8.0-openjdk-1.8.0.292.b10-0.el8_3.x86_64.1.gz
/usr/share/man/man1/tnameserv-java-1.8.0-openjdk-1.8.0.292.b10-1.el8_4.x86_64.1.gz

2
alternatives/unpack200
View File

@@ -1 +1 @@
/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.292.b10-0.el8_3.x86_64/jre/bin/unpack200
/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.292.b10-1.el8_4.x86_64/jre/bin/unpack200

2
alternatives/unpack200.1.gz
View File

@@ -1 +1 @@
/usr/share/man/man1/unpack200-java-1.8.0-openjdk-1.8.0.292.b10-0.el8_3.x86_64.1.gz
/usr/share/man/man1/unpack200-java-1.8.0-openjdk-1.8.0.292.b10-1.el8_4.x86_64.1.gz

2
centos-release
View File

@@ -1 +1 @@
CentOS Linux release 8.3.2011
CentOS Linux release 8.4.2105

2
centos-release-upstream
View File

@@ -1 +1 @@
Derived from Red Hat Enterprise Linux 8.3
Derived from Red Hat Enterprise Linux 8.4

203
httpd/conf.d/ssl.conf Normal file
View File

@@ -0,0 +1,203 @@
#
# When we also provide SSL we have to listen to the
# standard HTTPS port in addition.
#
Listen 443 https
##
## SSL Global Context
##
## All SSL configuration in this context applies both to
## the main server and all SSL-enabled virtual hosts.
##
# Pass Phrase Dialog:
# Configure the pass phrase gathering process.
# The filtering dialog program (`builtin' is a internal
# terminal dialog) has to provide the pass phrase on stdout.
SSLPassPhraseDialog exec:/usr/libexec/httpd-ssl-pass-dialog
# Inter-Process Session Cache:
# Configure the SSL Session Cache: First the mechanism
# to use and second the expiring timeout (in seconds).
SSLSessionCache shmcb:/run/httpd/sslcache(512000)
SSLSessionCacheTimeout 300
#
# Use "SSLCryptoDevice" to enable any supported hardware
# accelerators. Use "openssl engine -v" to list supported
# engine names. NOTE: If you enable an accelerator and the
# server does not start, consult the error logs and ensure
# your accelerator is functioning properly.
#
SSLCryptoDevice builtin
#SSLCryptoDevice ubsec
##
## SSL Virtual Host Context
##
<VirtualHost _default_:443>
# General setup for the virtual host, inherited from global configuration
#DocumentRoot "/var/www/html"
#ServerName www.example.com:443
# Use separate log files for the SSL virtual host; note that LogLevel
# is not inherited from httpd.conf.
ErrorLog logs/ssl_error_log
TransferLog logs/ssl_access_log
LogLevel warn
# SSL Engine Switch:
# Enable/Disable SSL for this virtual host.
SSLEngine on
# List the protocol versions which clients are allowed to connect with.
# The OpenSSL system profile is used by default. See
# update-crypto-policies(8) for more details.
#SSLProtocol all -SSLv3
#SSLProxyProtocol all -SSLv3
# User agents such as web browsers are not configured for the user's
# own preference of either security or performance, therefore this
# must be the prerogative of the web server administrator who manages
# cpu load versus confidentiality, so enforce the server's cipher order.
SSLHonorCipherOrder on
# SSL Cipher Suite:
# List the ciphers that the client is permitted to negotiate.
# See the mod_ssl documentation for a complete list.
# The OpenSSL system profile is configured by default. See
# update-crypto-policies(8) for more details.
SSLCipherSuite PROFILE=SYSTEM
SSLProxyCipherSuite PROFILE=SYSTEM
# Point SSLCertificateFile at a PEM encoded certificate. If
# the certificate is encrypted, then you will be prompted for a
# pass phrase. Note that restarting httpd will prompt again. Keep
# in mind that if you have both an RSA and a DSA certificate you
# can configure both in parallel (to also allow the use of DSA
# ciphers, etc.)
# Some ECC cipher suites (http://www.ietf.org/rfc/rfc4492.txt)
# require an ECC certificate which can also be configured in
# parallel.
SSLCertificateFile /etc/pki/tls/certs/localhost.crt
# Server Private Key:
# If the key is not combined with the certificate, use this
# directive to point at the key file. Keep in mind that if
# you've both a RSA and a DSA private key you can configure
# both in parallel (to also allow the use of DSA ciphers, etc.)
# ECC keys, when in use, can also be configured in parallel
SSLCertificateKeyFile /etc/pki/tls/private/localhost.key
# Server Certificate Chain:
# Point SSLCertificateChainFile at a file containing the
# concatenation of PEM encoded CA certificates which form the
# certificate chain for the server certificate. Alternatively
# the referenced file can be the same as SSLCertificateFile
# when the CA certificates are directly appended to the server
# certificate for convenience.
#SSLCertificateChainFile /etc/pki/tls/certs/server-chain.crt
# Certificate Authority (CA):
# Set the CA certificate verification path where to find CA
# certificates for client authentication or alternatively one
# huge file containing all of them (file must be PEM encoded)
#SSLCACertificateFile /etc/pki/tls/certs/ca-bundle.crt
# Client Authentication (Type):
# Client certificate verification type and depth. Types are
# none, optional, require and optional_no_ca. Depth is a
# number which specifies how deeply to verify the certificate
# issuer chain before deciding the certificate is not valid.
#SSLVerifyClient require
#SSLVerifyDepth 10
# Access Control:
# With SSLRequire you can do per-directory access control based
# on arbitrary complex boolean expressions containing server
# variable checks and other lookup directives. The syntax is a
# mixture between C and Perl. See the mod_ssl documentation
# for more details.
#<Location />
#SSLRequire ( %{SSL_CIPHER} !~ m/^(EXP|NULL)/ \
# and %{SSL_CLIENT_S_DN_O} eq "Snake Oil, Ltd." \
# and %{SSL_CLIENT_S_DN_OU} in {"Staff", "CA", "Dev"} \
# and %{TIME_WDAY} >= 1 and %{TIME_WDAY} <= 5 \
# and %{TIME_HOUR} >= 8 and %{TIME_HOUR} <= 20 ) \
# or %{REMOTE_ADDR} =~ m/^192\.76\.162\.[0-9]+$/
#</Location>
# SSL Engine Options:
# Set various options for the SSL engine.
# o FakeBasicAuth:
# Translate the client X.509 into a Basic Authorisation. This means that
# the standard Auth/DBMAuth methods can be used for access control. The
# user name is the `one line' version of the client's X.509 certificate.
# Note that no password is obtained from the user. Every entry in the user
# file needs this password: `xxj31ZMTZzkVA'.
# o ExportCertData:
# This exports two additional environment variables: SSL_CLIENT_CERT and
# SSL_SERVER_CERT. These contain the PEM-encoded certificates of the
# server (always existing) and the client (only existing when client
# authentication is used). This can be used to import the certificates
# into CGI scripts.
# o StdEnvVars:
# This exports the standard SSL/TLS related `SSL_*' environment variables.
# Per default this exportation is switched off for performance reasons,
# because the extraction step is an expensive operation and is usually
# useless for serving static content. So one usually enables the
# exportation for CGI and SSI requests only.
# o StrictRequire:
# This denies access when "SSLRequireSSL" or "SSLRequire" applied even
# under a "Satisfy any" situation, i.e. when it applies access is denied
# and no other module can change it.
# o OptRenegotiate:
# This enables optimized SSL connection renegotiation handling when SSL
# directives are used in per-directory context.
#SSLOptions +FakeBasicAuth +ExportCertData +StrictRequire
<FilesMatch "\.(cgi|shtml|phtml|php)$">
SSLOptions +StdEnvVars
</FilesMatch>
<Directory "/var/www/cgi-bin">
SSLOptions +StdEnvVars
</Directory>
# SSL Protocol Adjustments:
# The safe and default but still SSL/TLS standard compliant shutdown
# approach is that mod_ssl sends the close notify alert but doesn't wait for
# the close notify alert from client. When you need a different shutdown
# approach you can use one of the following variables:
# o ssl-unclean-shutdown:
# This forces an unclean shutdown when the connection is closed, i.e. no
# SSL close notify alert is sent or allowed to be received. This violates
# the SSL/TLS standard but is needed for some brain-dead browsers. Use
# this when you receive I/O errors because of the standard approach where
# mod_ssl sends the close notify alert.
# o ssl-accurate-shutdown:
# This forces an accurate shutdown when the connection is closed, i.e. a
# SSL close notify alert is sent and mod_ssl waits for the close notify
# alert of the client. This is 100% SSL/TLS standard compliant, but in
# practice often causes hanging connections with brain-dead browsers. Use
# this only for browsers where you know that their SSL implementation
# works correctly.
# Notice: Most problems of broken clients are also related to the HTTP
# keep-alive facility, so you usually additionally want to disable
# keep-alive for those clients, too. Use variable "nokeepalive" for this.
# Similarly, one has to force some clients to use HTTP/1.0 to workaround
# their broken HTTP/1.1 implementation. Use variables "downgrade-1.0" and
# "force-response-1.0" for this.
BrowserMatch "MSIE [2-5]" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
# Per-Server Logging:
# The home of a custom SSL log file. Use this when you want a
# compact non-error SSL logfile on a virtual host basis.
CustomLog logs/ssl_request_log \
"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
</VirtualHost>

17
httpd/conf.d/welcome.conf.rpmnew
View File

@@ -7,24 +7,13 @@
#
<LocationMatch "^/+$">
Options -Indexes
ErrorDocument 403 /noindex/index.html
ErrorDocument 403 /.noindex.html
</LocationMatch>
<Directory /usr/share/httpd/noindex>
Options MultiViews
DirectoryIndex index.html
AddLanguage en-US .en-US
AddLanguage es-ES .es-ES
AddLanguage zh-CN .zh-CN
AddLanguage zh-HK .zh-HK
AddLanguage zh-TW .zh-TW
LanguagePriority en
ForceLanguagePriority Fallback
AllowOverride None
Require all granted
</Directory>
Alias /noindex /usr/share/httpd/noindex
Alias /.noindex.html /usr/share/httpd/noindex/index.html
Alias /poweredby.png /usr/share/httpd/icons/apache_pb2.png

1
iproute2/rt_protos
View File

@@ -15,6 +15,7 @@
14 xorp
15 ntk
16 dhcp
18 keepalived
42 babel
186 bgp
187 isis

0
java/java-1.8.0-openjdk/java-1.8.0-openjdk-1.8.0.292.b10-0.el8_3.x86_64/lib/calendars.properties → java/java-1.8.0-openjdk/java-1.8.0-openjdk-1.8.0.292.b10-1.el8_4.x86_64/lib/calendars.properties
View File

0
java/java-1.8.0-openjdk/java-1.8.0-openjdk-1.8.0.292.b10-0.el8_3.x86_64/lib/logging.properties → java/java-1.8.0-openjdk/java-1.8.0-openjdk-1.8.0.292.b10-1.el8_4.x86_64/lib/logging.properties
View File

0
java/java-1.8.0-openjdk/java-1.8.0-openjdk-1.8.0.292.b10-0.el8_3.x86_64/lib/security/blacklisted.certs → java/java-1.8.0-openjdk/java-1.8.0-openjdk-1.8.0.292.b10-1.el8_4.x86_64/lib/security/blacklisted.certs
View File

0
java/java-1.8.0-openjdk/java-1.8.0-openjdk-1.8.0.292.b10-0.el8_3.x86_64/lib/security/cacerts → java/java-1.8.0-openjdk/java-1.8.0-openjdk-1.8.0.292.b10-1.el8_4.x86_64/lib/security/cacerts
View File

0
java/java-1.8.0-openjdk/java-1.8.0-openjdk-1.8.0.292.b10-0.el8_3.x86_64/lib/security/java.policy → java/java-1.8.0-openjdk/java-1.8.0-openjdk-1.8.0.292.b10-1.el8_4.x86_64/lib/security/java.policy
View File

0
java/java-1.8.0-openjdk/java-1.8.0-openjdk-1.8.0.292.b10-0.el8_3.x86_64/lib/security/java.security → java/java-1.8.0-openjdk/java-1.8.0-openjdk-1.8.0.292.b10-1.el8_4.x86_64/lib/security/java.security
View File

0
java/java-1.8.0-openjdk/java-1.8.0-openjdk-1.8.0.292.b10-0.el8_3.x86_64/lib/security/nss.cfg → java/java-1.8.0-openjdk/java-1.8.0-openjdk-1.8.0.292.b10-1.el8_4.x86_64/lib/security/nss.cfg
View File

0
java/java-1.8.0-openjdk/java-1.8.0-openjdk-1.8.0.292.b10-0.el8_3.x86_64/lib/security/nss.fips.cfg → java/java-1.8.0-openjdk/java-1.8.0-openjdk-1.8.0.292.b10-1.el8_4.x86_64/lib/security/nss.fips.cfg
View File

0
java/java-1.8.0-openjdk/java-1.8.0-openjdk-1.8.0.292.b10-0.el8_3.x86_64/lib/security/policy/limited/US_export_policy.jar → java/java-1.8.0-openjdk/java-1.8.0-openjdk-1.8.0.292.b10-1.el8_4.x86_64/lib/security/policy/limited/US_export_policy.jar
View File

0
java/java-1.8.0-openjdk/java-1.8.0-openjdk-1.8.0.292.b10-0.el8_3.x86_64/lib/security/policy/limited/local_policy.jar → java/java-1.8.0-openjdk/java-1.8.0-openjdk-1.8.0.292.b10-1.el8_4.x86_64/lib/security/policy/limited/local_policy.jar
View File

0
java/java-1.8.0-openjdk/java-1.8.0-openjdk-1.8.0.292.b10-0.el8_3.x86_64/lib/security/policy/unlimited/US_export_policy.jar → java/java-1.8.0-openjdk/java-1.8.0-openjdk-1.8.0.292.b10-1.el8_4.x86_64/lib/security/policy/unlimited/US_export_policy.jar
View File

0
java/java-1.8.0-openjdk/java-1.8.0-openjdk-1.8.0.292.b10-0.el8_3.x86_64/lib/security/policy/unlimited/local_policy.jar → java/java-1.8.0-openjdk/java-1.8.0-openjdk-1.8.0.292.b10-1.el8_4.x86_64/lib/security/policy/unlimited/local_policy.jar
View File

0
ld.so.conf.d/kernel-4.18.0-240.10.1.el8_3.x86_64.conf → ld.so.conf.d/kernel-4.18.0-305.3.1.el8.x86_64.conf
View File

1
libibverbs.d/bnxt_re.driver Normal file
View File

@@ -0,0 +1 @@
driver bnxt_re

1
libibverbs.d/cxgb4.driver Normal file
View File

@@ -0,0 +1 @@
driver cxgb4

1
libibverbs.d/efa.driver Normal file
View File

@@ -0,0 +1 @@
driver efa

1
libibverbs.d/hfi1verbs.driver Normal file
View File

@@ -0,0 +1 @@
driver hfi1verbs

1
libibverbs.d/hns.driver Normal file
View File

@@ -0,0 +1 @@
driver hns

1
libibverbs.d/i40iw.driver Normal file
View File

@@ -0,0 +1 @@
driver i40iw

1
libibverbs.d/mlx4.driver Normal file
View File

@@ -0,0 +1 @@
driver mlx4

1
libibverbs.d/mlx5.driver Normal file
View File

@@ -0,0 +1 @@
driver mlx5

1
libibverbs.d/qedr.driver Normal file
View File

@@ -0,0 +1 @@
driver qedr

1
libibverbs.d/rxe.driver Normal file
View File

@@ -0,0 +1 @@
driver rxe

1
libibverbs.d/siw.driver Normal file
View File

@@ -0,0 +1 @@
driver siw

1
libibverbs.d/vmw_pvrdma.driver Normal file
View File

@@ -0,0 +1 @@
driver vmw_pvrdma

10
logrotate.d/dnf
View File

@@ -1,15 +1,7 @@
/var/log/dnf.librepo.log {
missingok
notifempty
rotate 4
weekly
create 0600 root root
}
/var/log/hawkey.log {
missingok
notifempty
rotate 4
weekly
create 0600 root root
create
}

11
logrotate.d/kvm_stat Normal file
View File

@@ -0,0 +1,11 @@
/var/log/kvm_stat.csv {
size 10M
missingok
compress
maxage 30
rotate 5
nodateext
postrotate
/usr/bin/systemctl try-restart kvm_stat.service
endscript
}

4
mail/spamassassin/init.pre.rpmnew
View File

@@ -19,10 +19,6 @@
#
loadplugin Mail::SpamAssassin::Plugin::URIDNSBL
# Hashcash - perform hashcash verification.
#
loadplugin Mail::SpamAssassin::Plugin::Hashcash
# SPF - perform SPF verification.
#
loadplugin Mail::SpamAssassin::Plugin::SPF

7
mail/spamassassin/v342.pre
View File

@@ -3,7 +3,7 @@
# See 'perldoc Mail::SpamAssassin::Conf' for details of what can be
# tweaked.
#
# This file was installed during the installation of SpamAssassin 3.4.1,
# This file was installed during the installation of SpamAssassin 3.4.2,
# and contains plugin loading commands for the new plugins added in that
# release. It will not be overwritten during future SpamAssassin installs,
# so you can modify it to enable some disabled-by-default plugins below,
@@ -16,10 +16,9 @@
# added to new files, named according to the release they're added in.
###########################################################################
# HashBL - Use EBL email blocklist
# HashBL - Query hashed/unhashed strings, emails, uris etc from DNS lists
# loadplugin Mail::SpamAssassin::Plugin::HashBL
# FromNameSpoof - help stop spam that tries to spoof other domains using
# the from name
# loadplugin Mail::SpamAssassin::Plugin::FromNameSpoof
@@ -28,5 +27,3 @@
# OpenPhish or PhishTank feeds.
# loadplugin Mail::SpamAssassin::Plugin::Phishing
# allow URI rules to look at DKIM headers if they exist
parse_dkim_uris 1

25
mail/spamassassin/v343.pre Normal file
View File

@@ -0,0 +1,25 @@
# This is the right place to customize your installation of SpamAssassin.
#
# See 'perldoc Mail::SpamAssassin::Conf' for details of what can be
# tweaked.
#
# This file was installed during the installation of SpamAssassin 4.0.0,
# and contains plugin loading commands for the new plugins added in that
# release. It will not be overwritten during future SpamAssassin installs,
# so you can modify it to enable some disabled-by-default plugins below,
# if you so wish.
#
# There are now multiple files read to enable plugins in the
# /etc/mail/spamassassin directory; previously only one, "init.pre" was
# read. Now both "init.pre", "v310.pre", and any other files ending in
# ".pre" will be read. As future releases are made, new plugins will be
# added to new files, named according to the release they're added in.
###########################################################################
# OLEVBMacro - Detects both OLE macros and VB code inside Office documents
#
# It tries to discern between safe and malicious code but due to the threat
# macros present to security, many places block these type of documents outright.
#
# For this plugin to work, Archive::Zip and IO::String modules are required.
# loadplugin Mail::SpamAssassin::Plugin::OLEVBMacro

21
modprobe.d/mlx4.conf Normal file
View File

@@ -0,0 +1,21 @@
# This file is intended for users to select the various module options
# they need for the mlx4 driver. On upgrade of the rdma package,
# any user made changes to this file are preserved. Any changes made
# to the libmlx4.conf file in this directory are overwritten on
# pacakge upgrade.
#
# Some sample options and what they would do
# Enable debugging output, device managed flow control, and disable SRIOV
#options mlx4_core debug_level=1 log_num_mgm_entry_size=-1 probe_vf=0 num_vfs=0
#
# Enable debugging output and create SRIOV devices, but don't attach any of
# the child devices to the host, only the parent device
#options mlx4_core debug_level=1 probe_vf=0 num_vfs=7
#
# Enable debugging output, SRIOV, and attach one of the SRIOV child devices
# in addition to the parent device to the host
#options mlx4_core debug_level=1 probe_vf=1 num_vfs=7
#
# Enable per priority flow control for send and receive, setting both priority
# 1 and 2 as no drop priorities
#options mlx4_en pfctx=3 pfcrx=3

1
modprobe.d/truescale.conf Normal file
View File

@@ -0,0 +1 @@
install ib_qib modprobe -i ib_qib $CMDLINE_OPTS && /usr/libexec/truescale-serdes.cmds start

484
postfix/access.rpmnew Normal file
View File

@@ -0,0 +1,484 @@
# ACCESS(5) ACCESS(5)
#
# NAME
# access - Postfix SMTP server access table
#
# SYNOPSIS
# postmap /etc/postfix/access
#
# postmap -q "string" /etc/postfix/access
#
# postmap -q - /etc/postfix/access <inputfile
#
# DESCRIPTION
# This document describes access control on remote SMTP
# client information: host names, network addresses, and
# envelope sender or recipient addresses; it is implemented
# by the Postfix SMTP server. See header_checks(5) or
# body_checks(5) for access control on the content of email
# messages.
#
# Normally, the access(5) table is specified as a text file
# that serves as input to the postmap(1) command. The
# result, an indexed file in dbm or db format, is used for
# fast searching by the mail system. Execute the command
# "postmap /etc/postfix/access" to rebuild an indexed file
# after changing the corresponding text file.
#
# When the table is provided via other means such as NIS,
# LDAP or SQL, the same lookups are done as for ordinary
# indexed files.
#
# Alternatively, the table can be provided as a regu-
# lar-expression map where patterns are given as regular
# expressions, or lookups can be directed to TCP-based
# server. In those cases, the lookups are done in a slightly
# different way as described below under "REGULAR EXPRESSION
# TABLES" or "TCP-BASED TABLES".
#
# CASE FOLDING
# The search string is folded to lowercase before database
# lookup. As of Postfix 2.3, the search string is not case
# folded with database types such as regexp: or pcre: whose
# lookup fields can match both upper and lower case.
#
# TABLE FORMAT
# The input format for the postmap(1) command is as follows:
#
# pattern action
# When pattern matches a mail address, domain or host
# address, perform the corresponding action.
#
# blank lines and comments
# Empty lines and whitespace-only lines are ignored,
# as are lines whose first non-whitespace character
# is a `#'.
#
# multi-line text
# A logical line starts with non-whitespace text. A
# line that starts with whitespace continues a logi-
# cal line.
#
# EMAIL ADDRESS PATTERNS
# With lookups from indexed files such as DB or DBM, or from
# networked tables such as NIS, LDAP or SQL, patterns are
# tried in the order as listed below:
#
# user@domain
# Matches the specified mail address.
#
# domain.tld
# Matches domain.tld as the domain part of an email
# address.
#
# The pattern domain.tld also matches subdomains, but
# only when the string smtpd_access_maps is listed in
# the Postfix parent_domain_matches_subdomains con-
# figuration setting.
#
# .domain.tld
# Matches subdomains of domain.tld, but only when the
# string smtpd_access_maps is not listed in the Post-
# fix parent_domain_matches_subdomains configuration
# setting.
#
# user@ Matches all mail addresses with the specified user
# part.
#
# Note: lookup of the null sender address is not possible
# with some types of lookup table. By default, Postfix uses
# <> as the lookup key for such addresses. The value is
# specified with the smtpd_null_access_lookup_key parameter
# in the Postfix main.cf file.
#
# EMAIL ADDRESS EXTENSION
# When a mail address localpart contains the optional recip-
# ient delimiter (e.g., user+foo@domain), the lookup order
# becomes: user+foo@domain, user@domain, domain, user+foo@,
# and user@.
#
# HOST NAME/ADDRESS PATTERNS
# With lookups from indexed files such as DB or DBM, or from
# networked tables such as NIS, LDAP or SQL, the following
# lookup patterns are examined in the order as listed:
#
# domain.tld
# Matches domain.tld.
#
# The pattern domain.tld also matches subdomains, but
# only when the string smtpd_access_maps is listed in
# the Postfix parent_domain_matches_subdomains con-
# figuration setting.
#
# .domain.tld
# Matches subdomains of domain.tld, but only when the
# string smtpd_access_maps is not listed in the Post-
# fix parent_domain_matches_subdomains configuration
# setting.
#
# net.work.addr.ess
#
# net.work.addr
#
# net.work
#
# net Matches a remote IPv4 host address or network
# address range. Specify one to four decimal octets
# separated by ".". Do not specify "[]" , "/", lead-
# ing zeros, or hexadecimal forms.
#
# Network ranges are matched by repeatedly truncating
# the last ".octet" from a remote IPv4 host address
# string, until a match is found in the access table,
# or until further truncation is not possible.
#
# NOTE: use the cidr lookup table type to specify
# network/netmask patterns. See cidr_table(5) for
# details.
#
# net:work:addr:ess
#
# net:work:addr
#
# net:work
#
# net Matches a remote IPv6 host address or network
# address range. Specify three to eight hexadecimal
# octet pairs separated by ":", using the compressed
# form "::" for a sequence of zero-valued octet
# pairs. Do not specify "[]", "/", leading zeros, or
# non-compressed forms.
#
# A network range is matched by repeatedly truncating
# the last ":octetpair" from the compressed-form
# remote IPv6 host address string, until a match is
# found in the access table, or until further trunca-
# tion is not possible.
#
# NOTE: use the cidr lookup table type to specify
# network/netmask patterns. See cidr_table(5) for
# details.
#
# IPv6 support is available in Postfix 2.2 and later.
#
# ACCEPT ACTIONS
# OK Accept the address etc. that matches the pattern.
#
# all-numerical
# An all-numerical result is treated as OK. This for-
# mat is generated by address-based relay authoriza-
# tion schemes such as pop-before-smtp.
#
# For other accept actions, see "OTHER ACTIONS" below.
#
# REJECT ACTIONS
# Postfix version 2.3 and later support enhanced status
# codes as defined in RFC 3463. When no code is specified
# at the beginning of the text below, Postfix inserts a
# default enhanced status code of "5.7.1" in the case of
# reject actions, and "4.7.1" in the case of defer actions.
# See "ENHANCED STATUS CODES" below.
#
# 4NN text
#
# 5NN text
# Reject the address etc. that matches the pattern,
# and respond with the numerical three-digit code and
# text. 4NN means "try again later", while 5NN means
# "do not try again".
#
# The following responses have special meaning for
# the Postfix SMTP server:
#
# 421 text (Postfix 2.3 and later)
#
# 521 text (Postfix 2.6 and later)
# After responding with the numerical
# three-digit code and text, disconnect imme-
# diately from the SMTP client. This frees up
# SMTP server resources so that they can be
# made available to another SMTP client.
#
# Note: The "521" response should be used only
# with botnets and other malware where inter-
# operability is of no concern. The "send 521
# and disconnect" behavior is NOT defined in
# the SMTP standard.
#
# REJECT optional text...
# Reject the address etc. that matches the pattern.
# Reply with "$access_map_reject_code optional
# text..." when the optional text is specified, oth-
# erwise reply with a generic error response message.
#
# DEFER optional text...
# Reject the address etc. that matches the pattern.
# Reply with "$access_map_defer_code optional
# text..." when the optional text is specified, oth-
# erwise reply with a generic error response message.
#
# This feature is available in Postfix 2.6 and later.
#
# DEFER_IF_REJECT optional text...
# Defer the request if some later restriction would
# result in a REJECT action. Reply with
# "$access_map_defer_code 4.7.1 optional text..."
# when the optional text is specified, otherwise
# reply with a generic error response message.
#
# Prior to Postfix 2.6, the SMTP reply code is 450.
#
# This feature is available in Postfix 2.1 and later.
#
# DEFER_IF_PERMIT optional text...
# Defer the request if some later restriction would
# result in a an explicit or implicit PERMIT action.
# Reply with "$access_map_defer_code 4.7.1 optional
# text..." when the optional text is specified, oth-
# erwise reply with a generic error response message.
#
# Prior to Postfix 2.6, the SMTP reply code is 450.
#
# This feature is available in Postfix 2.1 and later.
#
# For other reject actions, see "OTHER ACTIONS" below.
#
# OTHER ACTIONS
# restriction...
# Apply the named UCE restriction(s) (permit, reject,
# reject_unauth_destination, and so on).
#
# BCC user@domain
# Send one copy of the message to the specified
# recipient.
#
# If multiple BCC actions are specified within the
# same SMTP MAIL transaction, with Postfix 3.0 only
# the last action will be used.
#
# This feature is available in Postfix 3.0 and later.
#
# DISCARD optional text...
# Claim successful delivery and silently discard the
# message. Log the optional text if specified, oth-
# erwise log a generic message.
#
# Note: this action currently affects all recipients
# of the message. To discard only one recipient
# without discarding the entire message, use the
# transport(5) table to direct mail to the discard(8)
# service.
#
# This feature is available in Postfix 2.0 and later.
#
# DUNNO Pretend that the lookup key was not found. This
# prevents Postfix from trying substrings of the
# lookup key (such as a subdomain name, or a network
# address subnetwork).
#
# This feature is available in Postfix 2.0 and later.
#
# FILTER transport:destination
# After the message is queued, send the entire mes-
# sage through the specified external content filter.
# The transport name specifies the first field of a
# mail delivery agent definition in master.cf; the
# syntax of the next-hop destination is described in
# the manual page of the corresponding delivery
# agent. More information about external content
# filters is in the Postfix FILTER_README file.
#
# Note 1: do not use $number regular expression sub-
# stitutions for transport or destination unless you
# know that the information has a trusted origin.
#
# Note 2: this action overrides the main.cf con-
# tent_filter setting, and affects all recipients of
# the message. In the case that multiple FILTER
# actions fire, only the last one is executed.
#
# Note 3: the purpose of the FILTER command is to
# override message routing. To override the recipi-
# ent's transport but not the next-hop destination,
# specify an empty filter destination (Postfix 2.7
# and later), or specify a transport:destination that
# delivers through a different Postfix instance
# (Postfix 2.6 and earlier). Other options are using
# the recipient-dependent transport_maps or the sen-
# der-dependent sender_dependent_default_transport-
# _maps features.
#
# This feature is available in Postfix 2.0 and later.
#
# HOLD optional text...
# Place the message on the hold queue, where it will
# sit until someone either deletes it or releases it
# for delivery. Log the optional text if specified,
# otherwise log a generic message.
#
# Mail that is placed on hold can be examined with
# the postcat(1) command, and can be destroyed or
# released with the postsuper(1) command.
#
# Note: use "postsuper -r" to release mail that was
# kept on hold for a significant fraction of $maxi-
# mal_queue_lifetime or $bounce_queue_lifetime, or
# longer. Use "postsuper -H" only for mail that will
# not expire within a few delivery attempts.
#
# Note: this action currently affects all recipients
# of the message.
#
# This feature is available in Postfix 2.0 and later.
#
# PREPEND headername: headervalue
# Prepend the specified message header to the mes-
# sage. When more than one PREPEND action executes,
# the first prepended header appears before the sec-
# ond etc. prepended header.
#
# Note: this action must execute before the message
# content is received; it cannot execute in the con-
# text of smtpd_end_of_data_restrictions.
#
# This feature is available in Postfix 2.1 and later.
#
# REDIRECT user@domain
# After the message is queued, send the message to
# the specified address instead of the intended
# recipient(s). When multiple REDIRECT actions fire,
# only the last one takes effect.
#
# Note: this action overrides the FILTER action, and
# currently overrides all recipients of the message.
#
# This feature is available in Postfix 2.1 and later.
#
# INFO optional text...
# Log an informational record with the optional text,
# together with client information and if available,
# with helo, sender, recipient and protocol informa-
# tion.
#
# This feature is available in Postfix 3.0 and later.
#
# WARN optional text...
# Log a warning with the optional text, together with
# client information and if available, with helo,
# sender, recipient and protocol information.
#
# This feature is available in Postfix 2.1 and later.
#
# ENHANCED STATUS CODES
# Postfix version 2.3 and later support enhanced status
# codes as defined in RFC 3463. When an enhanced status
# code is specified in an access table, it is subject to
# modification. The following transformations are needed
# when the same access table is used for client, helo,
# sender, or recipient access restrictions; they happen
# regardless of whether Postfix replies to a MAIL FROM, RCPT
# TO or other SMTP command.
#
# o When a sender address matches a REJECT action, the
# Postfix SMTP server will transform a recipient DSN
# status (e.g., 4.1.1-4.1.6) into the corresponding
# sender DSN status, and vice versa.
#
# o When non-address information matches a REJECT
# action (such as the HELO command argument or the
# client hostname/address), the Postfix SMTP server
# will transform a sender or recipient DSN status
# into a generic non-address DSN status (e.g.,
# 4.0.0).
#
# REGULAR EXPRESSION TABLES
# This section describes how the table lookups change when
# the table is given in the form of regular expressions. For
# a description of regular expression lookup table syntax,
# see regexp_table(5) or pcre_table(5).
#
# Each pattern is a regular expression that is applied to
# the entire string being looked up. Depending on the appli-
# cation, that string is an entire client hostname, an
# entire client IP address, or an entire mail address. Thus,
# no parent domain or parent network search is done,
# user@domain mail addresses are not broken up into their
# user@ and domain constituent parts, nor is user+foo broken
# up into user and foo.
#
# Patterns are applied in the order as specified in the ta-
# ble, until a pattern is found that matches the search
# string.
#
# Actions are the same as with indexed file lookups, with
# the additional feature that parenthesized substrings from
# the pattern can be interpolated as $1, $2 and so on.
#
# TCP-BASED TABLES
# This section describes how the table lookups change when
# lookups are directed to a TCP-based server. For a descrip-
# tion of the TCP client/server lookup protocol, see tcp_ta-
# ble(5). This feature is not available up to and including
# Postfix version 2.4.
#
# Each lookup operation uses the entire query string once.
# Depending on the application, that string is an entire
# client hostname, an entire client IP address, or an entire
# mail address. Thus, no parent domain or parent network
# search is done, user@domain mail addresses are not broken
# up into their user@ and domain constituent parts, nor is
# user+foo broken up into user and foo.
#
# Actions are the same as with indexed file lookups.
#
# EXAMPLE
# The following example uses an indexed file, so that the
# order of table entries does not matter. The example per-
# mits access by the client at address 1.2.3.4 but rejects
# all other clients in 1.2.3.0/24. Instead of hash lookup
# tables, some systems use dbm. Use the command "postconf
# -m" to find out what lookup tables Postfix supports on
# your system.
#
# /etc/postfix/main.cf:
# smtpd_client_restrictions =
# check_client_access hash:/etc/postfix/access
#
# /etc/postfix/access:
# 1.2.3 REJECT
# 1.2.3.4 OK
#
# Execute the command "postmap /etc/postfix/access" after
# editing the file.
#
# BUGS
# The table format does not understand quoting conventions.
#
# SEE ALSO
# postmap(1), Postfix lookup table manager
# smtpd(8), SMTP server
# postconf(5), configuration parameters
# transport(5), transport:nexthop syntax
#
# README FILES
# Use "postconf readme_directory" or "postconf html_direc-
# tory" to locate this information.
# SMTPD_ACCESS_README, built-in SMTP server access control
# DATABASE_README, Postfix lookup table overview
#
# LICENSE
# The Secure Mailer license must be distributed with this
# software.
#
# AUTHOR(S)
# Wietse Venema
# IBM T.J. Watson Research
# P.O. Box 704
# Yorktown Heights, NY 10598, USA
#
# Wietse Venema
# Google, Inc.
# 111 8th Avenue
# New York, NY 10011, USA
#
# ACCESS(5)

307
postfix/canonical.rpmnew Normal file
View File

@@ -0,0 +1,307 @@
# CANONICAL(5) CANONICAL(5)
#
# NAME
# canonical - Postfix canonical table format
#
# SYNOPSIS
# postmap /etc/postfix/canonical
#
# postmap -q "string" /etc/postfix/canonical
#
# postmap -q - /etc/postfix/canonical <inputfile
#
# DESCRIPTION
# The optional canonical(5) table specifies an address map-
# ping for local and non-local addresses. The mapping is
# used by the cleanup(8) daemon, before mail is stored into
# the queue. The address mapping is recursive.
#
# Normally, the canonical(5) table is specified as a text
# file that serves as input to the postmap(1) command. The
# result, an indexed file in dbm or db format, is used for
# fast searching by the mail system. Execute the command
# "postmap /etc/postfix/canonical" to rebuild an indexed
# file after changing the corresponding text file.
#
# When the table is provided via other means such as NIS,
# LDAP or SQL, the same lookups are done as for ordinary
# indexed files.
#
# Alternatively, the table can be provided as a regu-
# lar-expression map where patterns are given as regular
# expressions, or lookups can be directed to TCP-based
# server. In those cases, the lookups are done in a slightly
# different way as described below under "REGULAR EXPRESSION
# TABLES" or "TCP-BASED TABLES".
#
# By default the canonical(5) mapping affects both message
# header addresses (i.e. addresses that appear inside mes-
# sages) and message envelope addresses (for example, the
# addresses that are used in SMTP protocol commands). This
# is controlled with the canonical_classes parameter.
#
# NOTE: Postfix versions 2.2 and later rewrite message head-
# ers from remote SMTP clients only if the client matches
# the local_header_rewrite_clients parameter, or if the
# remote_header_rewrite_domain configuration parameter spec-
# ifies a non-empty value. To get the behavior before Post-
# fix 2.2, specify "local_header_rewrite_clients =
# static:all".
#
# Typically, one would use the canonical(5) table to replace
# login names by Firstname.Lastname, or to clean up
# addresses produced by legacy mail systems.
#
# The canonical(5) mapping is not to be confused with vir-
# tual alias support or with local aliasing. To change the
# destination but not the headers, use the virtual(5) or
# aliases(5) map instead.
#
# CASE FOLDING
# The search string is folded to lowercase before database
# lookup. As of Postfix 2.3, the search string is not case
# folded with database types such as regexp: or pcre: whose
# lookup fields can match both upper and lower case.
#
# TABLE FORMAT
# The input format for the postmap(1) command is as follows:
#
# pattern address
# When pattern matches a mail address, replace it by
# the corresponding address.
#
# blank lines and comments
# Empty lines and whitespace-only lines are ignored,
# as are lines whose first non-whitespace character
# is a `#'.
#
# multi-line text
# A logical line starts with non-whitespace text. A
# line that starts with whitespace continues a logi-
# cal line.
#
# TABLE SEARCH ORDER
# With lookups from indexed files such as DB or DBM, or from
# networked tables such as NIS, LDAP or SQL, each
# user@domain query produces a sequence of query patterns as
# described below.
#
# Each query pattern is sent to each specified lookup table
# before trying the next query pattern, until a match is
# found.
#
# user@domain address
# Replace user@domain by address. This form has the
# highest precedence.
#
# This is useful to clean up addresses produced by
# legacy mail systems. It can also be used to pro-
# duce Firstname.Lastname style addresses, but see
# below for a simpler solution.
#
# user address
# Replace user@site by address when site is equal to
# $myorigin, when site is listed in $mydestination,
# or when it is listed in $inet_interfaces or
# $proxy_interfaces.
#
# This form is useful for replacing login names by
# Firstname.Lastname.
#
# @domain address
# Replace other addresses in domain by address. This
# form has the lowest precedence.
#
# Note: @domain is a wild-card. When this form is
# applied to recipient addresses, the Postfix SMTP
# server accepts mail for any recipient in domain,
# regardless of whether that recipient exists. This
# may turn your mail system into a backscatter
# source: Postfix first accepts mail for non-existent
# recipients and then tries to return that mail as
# "undeliverable" to the often forged sender address.
#
# To avoid backscatter with mail for a wild-card
# domain, replace the wild-card mapping with explicit
# 1:1 mappings, or add a reject_unverified_recipient
# restriction for that domain:
#
# smtpd_recipient_restrictions =
# ...
# reject_unauth_destination
# check_recipient_access
# inline:{example.com=reject_unverified_recipient}
# unverified_recipient_reject_code = 550
#
# In the above example, Postfix may contact a remote
# server if the recipient is rewritten to a remote
# address.
#
# RESULT ADDRESS REWRITING
# The lookup result is subject to address rewriting:
#
# o When the result has the form @otherdomain, the
# result becomes the same user in otherdomain.
#
# o When "append_at_myorigin=yes", append "@$myorigin"
# to addresses without "@domain".
#
# o When "append_dot_mydomain=yes", append ".$mydomain"
# to addresses without ".domain".
#
# ADDRESS EXTENSION
# When a mail address localpart contains the optional recip-
# ient delimiter (e.g., user+foo@domain), the lookup order
# becomes: user+foo@domain, user@domain, user+foo, user, and
# @domain.
#
# The propagate_unmatched_extensions parameter controls
# whether an unmatched address extension (+foo) is propa-
# gated to the result of table lookup.
#
# REGULAR EXPRESSION TABLES
# This section describes how the table lookups change when
# the table is given in the form of regular expressions. For
# a description of regular expression lookup table syntax,
# see regexp_table(5) or pcre_table(5).
#
# Each pattern is a regular expression that is applied to
# the entire address being looked up. Thus, user@domain mail
# addresses are not broken up into their user and @domain
# constituent parts, nor is user+foo broken up into user and
# foo.
#
# Patterns are applied in the order as specified in the ta-
# ble, until a pattern is found that matches the search
# string.
#
# Results are the same as with indexed file lookups, with
# the additional feature that parenthesized substrings from
# the pattern can be interpolated as $1, $2 and so on.
#
# TCP-BASED TABLES
# This section describes how the table lookups change when
# lookups are directed to a TCP-based server. For a descrip-
# tion of the TCP client/server lookup protocol, see tcp_ta-
# ble(5). This feature is not available up to and including
# Postfix version 2.4.
#
# Each lookup operation uses the entire address once. Thus,
# user@domain mail addresses are not broken up into their
# user and @domain constituent parts, nor is user+foo broken
# up into user and foo.
#
# Results are the same as with indexed file lookups.
#
# BUGS
# The table format does not understand quoting conventions.
#
# CONFIGURATION PARAMETERS
# The following main.cf parameters are especially relevant.
# The text below provides only a parameter summary. See
# postconf(5) for more details including examples.
#
# canonical_classes (envelope_sender, envelope_recipient,
# header_sender, header_recipient)
# What addresses are subject to canonical_maps
# address mapping.
#
# canonical_maps (empty)
# Optional address mapping lookup tables for message
# headers and envelopes.
#
# recipient_canonical_maps (empty)
# Optional address mapping lookup tables for envelope
# and header recipient addresses.
#
# sender_canonical_maps (empty)
# Optional address mapping lookup tables for envelope
# and header sender addresses.
#
# propagate_unmatched_extensions (canonical, virtual)
# What address lookup tables copy an address exten-
# sion from the lookup key to the lookup result.
#
# Other parameters of interest:
#
# inet_interfaces (all)
# The network interface addresses that this mail sys-
# tem receives mail on.
#
# local_header_rewrite_clients (permit_inet_interfaces)
# Rewrite message header addresses in mail from these
# clients and update incomplete addresses with the
# domain name in $myorigin or $mydomain; either don't
# rewrite message headers from other clients at all,
# or rewrite message headers and update incomplete
# addresses with the domain specified in the
# remote_header_rewrite_domain parameter.
#
# proxy_interfaces (empty)
# The network interface addresses that this mail sys-
# tem receives mail on by way of a proxy or network
# address translation unit.
#
# masquerade_classes (envelope_sender, header_sender,
# header_recipient)
# What addresses are subject to address masquerading.
#
# masquerade_domains (empty)
# Optional list of domains whose subdomain structure
# will be stripped off in email addresses.
#
# masquerade_exceptions (empty)
# Optional list of user names that are not subjected
# to address masquerading, even when their address
# matches $masquerade_domains.
#
# mydestination ($myhostname, localhost.$mydomain, local-
# host)
# The list of domains that are delivered via the
# $local_transport mail delivery transport.
#
# myorigin ($myhostname)
# The domain name that locally-posted mail appears to
# come from, and that locally posted mail is deliv-
# ered to.
#
# owner_request_special (yes)
# Enable special treatment for owner-listname entries
# in the aliases(5) file, and don't split owner-list-
# name and listname-request address localparts when
# the recipient_delimiter is set to "-".
#
# remote_header_rewrite_domain (empty)
# Don't rewrite message headers from remote clients
# at all when this parameter is empty; otherwise, re-
# write message headers and append the specified
# domain name to incomplete addresses.
#
# SEE ALSO
# cleanup(8), canonicalize and enqueue mail
# postmap(1), Postfix lookup table manager
# postconf(5), configuration parameters
# virtual(5), virtual aliasing
#
# README FILES
# Use "postconf readme_directory" or "postconf html_direc-
# tory" to locate this information.
# DATABASE_README, Postfix lookup table overview
# ADDRESS_REWRITING_README, address rewriting guide
#
# LICENSE
# The Secure Mailer license must be distributed with this
# software.
#
# AUTHOR(S)
# Wietse Venema
# IBM T.J. Watson Research
# P.O. Box 704
# Yorktown Heights, NY 10598, USA
#
# Wietse Venema
# Google, Inc.
# 111 8th Avenue
# New York, NY 10011, USA
#
# CANONICAL(5)

6
postfix/main.cf
View File

@@ -440,10 +440,12 @@ data_directory = /var/lib/postfix
#shlib_directory = no
#smtputf8_enable = yes
postscreen_dnsbl_reply_map = texthash:/etc/postfix/postscreen_dnsbl_reply
readme_directory = /usr/share/doc/postfix-2.10.1/README_FILES
sample_directory = /usr/share/doc/postfix-2.10.1/samples
readme_directory = /usr/share/doc/postfix/README_FILES
sample_directory = /usr/share/doc/postfix/samples
newaliases_path = /usr/bin/newaliases
smtp_tls_loglevel = 1
compatibility_level = 2
smtputf8_enable = no
meta_directory = /etc/postfix
shlib_directory = /usr/lib64/postfix

2
postfix/main.cf.proto
View File

@@ -253,7 +253,7 @@ unknown_local_recipient_reject_code = 550
#
# By default (mynetworks_style = subnet), Postfix "trusts" SMTP
# clients in the same IP subnetworks as the local machine.
# On Linux, this does works correctly only with interfaces specified
# On Linux, this works correctly only with interfaces specified
# with the "ifconfig" command.
#
# Specify "mynetworks_style = class" when Postfix should "trust" SMTP

738
postfix/main.cf.rpmnew Normal file
View File

@@ -0,0 +1,738 @@
# Global Postfix configuration file. This file lists only a subset
# of all parameters. For the syntax, and for a complete parameter
# list, see the postconf(5) manual page (command: "man 5 postconf").
#
# For common configuration examples, see BASIC_CONFIGURATION_README
# and STANDARD_CONFIGURATION_README. To find these documents, use
# the command "postconf html_directory readme_directory", or go to
# http://www.postfix.org/BASIC_CONFIGURATION_README.html etc.
#
# For best results, change no more than 2-3 parameters at a time,
# and test if Postfix still works after every change.
# COMPATIBILITY
#
# The compatibility_level determines what default settings Postfix
# will use for main.cf and master.cf settings. These defaults will
# change over time.
#
# To avoid breaking things, Postfix will use backwards-compatible
# default settings and log where it uses those old backwards-compatible
# default settings, until the system administrator has determined
# if any backwards-compatible default settings need to be made
# permanent in main.cf or master.cf.
#
# When this review is complete, update the compatibility_level setting
# below as recommended in the RELEASE_NOTES file.
#
# The level below is what should be used with new (not upgrade) installs.
#
compatibility_level = 2
# SOFT BOUNCE
#
# The soft_bounce parameter provides a limited safety net for
# testing. When soft_bounce is enabled, mail will remain queued that
# would otherwise bounce. This parameter disables locally-generated
# bounces, and prevents the SMTP server from rejecting mail permanently
# (by changing 5xx replies into 4xx replies). However, soft_bounce
# is no cure for address rewriting mistakes or mail routing mistakes.
#
#soft_bounce = no
# LOCAL PATHNAME INFORMATION
#
# The queue_directory specifies the location of the Postfix queue.
# This is also the root directory of Postfix daemons that run chrooted.
# See the files in examples/chroot-setup for setting up Postfix chroot
# environments on different UNIX systems.
#
queue_directory = /var/spool/postfix
# The command_directory parameter specifies the location of all
# postXXX commands.
#
command_directory = /usr/sbin
# The daemon_directory parameter specifies the location of all Postfix
# daemon programs (i.e. programs listed in the master.cf file). This
# directory must be owned by root.
#
daemon_directory = /usr/libexec/postfix
# The data_directory parameter specifies the location of Postfix-writable
# data files (caches, random numbers). This directory must be owned
# by the mail_owner account (see below).
#
data_directory = /var/lib/postfix
# QUEUE AND PROCESS OWNERSHIP
#
# The mail_owner parameter specifies the owner of the Postfix queue
# and of most Postfix daemon processes. Specify the name of a user
# account THAT DOES NOT SHARE ITS USER OR GROUP ID WITH OTHER ACCOUNTS
# AND THAT OWNS NO OTHER FILES OR PROCESSES ON THE SYSTEM. In
# particular, don't specify nobody or daemon. PLEASE USE A DEDICATED
# USER.
#
mail_owner = postfix
# The default_privs parameter specifies the default rights used by
# the local delivery agent for delivery to external file or command.
# These rights are used in the absence of a recipient user context.
# DO NOT SPECIFY A PRIVILEGED USER OR THE POSTFIX OWNER.
#
#default_privs = nobody
# INTERNET HOST AND DOMAIN NAMES
#
# The myhostname parameter specifies the internet hostname of this
# mail system. The default is to use the fully-qualified domain name
# from gethostname(). $myhostname is used as a default value for many
# other configuration parameters.
#
#myhostname = host.domain.tld
#myhostname = virtual.domain.tld
# The mydomain parameter specifies the local internet domain name.
# The default is to use $myhostname minus the first component.
# $mydomain is used as a default value for many other configuration
# parameters.
#
#mydomain = domain.tld
# SENDING MAIL
#
# The myorigin parameter specifies the domain that locally-posted
# mail appears to come from. The default is to append $myhostname,
# which is fine for small sites. If you run a domain with multiple
# machines, you should (1) change this to $mydomain and (2) set up
# a domain-wide alias database that aliases each user to
# user@that.users.mailhost.
#
# For the sake of consistency between sender and recipient addresses,
# myorigin also specifies the default domain name that is appended
# to recipient addresses that have no @domain part.
#
#myorigin = $myhostname
#myorigin = $mydomain
# RECEIVING MAIL
# The inet_interfaces parameter specifies the network interface
# addresses that this mail system receives mail on. By default,
# the software claims all active interfaces on the machine. The
# parameter also controls delivery of mail to user@[ip.address].
#
# See also the proxy_interfaces parameter, for network addresses that
# are forwarded to us via a proxy or network address translator.
#
# Note: you need to stop/start Postfix when this parameter changes.
#
#inet_interfaces = all
#inet_interfaces = $myhostname
#inet_interfaces = $myhostname, localhost
inet_interfaces = localhost
# Enable IPv4, and IPv6 if supported
inet_protocols = all
# The proxy_interfaces parameter specifies the network interface
# addresses that this mail system receives mail on by way of a
# proxy or network address translation unit. This setting extends
# the address list specified with the inet_interfaces parameter.
#
# You must specify your proxy/NAT addresses when your system is a
# backup MX host for other domains, otherwise mail delivery loops
# will happen when the primary MX host is down.
#
#proxy_interfaces =
#proxy_interfaces = 1.2.3.4
# The mydestination parameter specifies the list of domains that this
# machine considers itself the final destination for.
#
# These domains are routed to the delivery agent specified with the
# local_transport parameter setting. By default, that is the UNIX
# compatible delivery agent that lookups all recipients in /etc/passwd
# and /etc/aliases or their equivalent.
#
# The default is $myhostname + localhost.$mydomain + localhost. On
# a mail domain gateway, you should also include $mydomain.
#
# Do not specify the names of virtual domains - those domains are
# specified elsewhere (see VIRTUAL_README).
#
# Do not specify the names of domains that this machine is backup MX
# host for. Specify those names via the relay_domains settings for
# the SMTP server, or use permit_mx_backup if you are lazy (see
# STANDARD_CONFIGURATION_README).
#
# The local machine is always the final destination for mail addressed
# to user@[the.net.work.address] of an interface that the mail system
# receives mail on (see the inet_interfaces parameter).
#
# Specify a list of host or domain names, /file/name or type:table
# patterns, separated by commas and/or whitespace. A /file/name
# pattern is replaced by its contents; a type:table is matched when
# a name matches a lookup key (the right-hand side is ignored).
# Continue long lines by starting the next line with whitespace.
#
# See also below, section "REJECTING MAIL FOR UNKNOWN LOCAL USERS".
#
mydestination = $myhostname, localhost.$mydomain, localhost
#mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain
#mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain,
# mail.$mydomain, www.$mydomain, ftp.$mydomain
# REJECTING MAIL FOR UNKNOWN LOCAL USERS
#
# The local_recipient_maps parameter specifies optional lookup tables
# with all names or addresses of users that are local with respect
# to $mydestination, $inet_interfaces or $proxy_interfaces.
#
# If this parameter is defined, then the SMTP server will reject
# mail for unknown local users. This parameter is defined by default.
#
# To turn off local recipient checking in the SMTP server, specify
# local_recipient_maps = (i.e. empty).
#
# The default setting assumes that you use the default Postfix local
# delivery agent for local delivery. You need to update the
# local_recipient_maps setting if:
#
# - You define $mydestination domain recipients in files other than
# /etc/passwd, /etc/aliases, or the $virtual_alias_maps files.
# For example, you define $mydestination domain recipients in
# the $virtual_mailbox_maps files.
#
# - You redefine the local delivery agent in master.cf.
#
# - You redefine the "local_transport" setting in main.cf.
#
# - You use the "luser_relay", "mailbox_transport", or "fallback_transport"
# feature of the Postfix local delivery agent (see local(8)).
#
# Details are described in the LOCAL_RECIPIENT_README file.
#
# Beware: if the Postfix SMTP server runs chrooted, you probably have
# to access the passwd file via the proxymap service, in order to
# overcome chroot restrictions. The alternative, having a copy of
# the system passwd file in the chroot jail is just not practical.
#
# The right-hand side of the lookup tables is conveniently ignored.
# In the left-hand side, specify a bare username, an @domain.tld
# wild-card, or specify a user@domain.tld address.
#
#local_recipient_maps = unix:passwd.byname $alias_maps
#local_recipient_maps = proxy:unix:passwd.byname $alias_maps
#local_recipient_maps =
# The unknown_local_recipient_reject_code specifies the SMTP server
# response code when a recipient domain matches $mydestination or
# ${proxy,inet}_interfaces, while $local_recipient_maps is non-empty
# and the recipient address or address local-part is not found.
#
# The default setting is 550 (reject mail) but it is safer to start
# with 450 (try again later) until you are certain that your
# local_recipient_maps settings are OK.
#
unknown_local_recipient_reject_code = 550
# TRUST AND RELAY CONTROL
# The mynetworks parameter specifies the list of "trusted" SMTP
# clients that have more privileges than "strangers".
#
# In particular, "trusted" SMTP clients are allowed to relay mail
# through Postfix. See the smtpd_recipient_restrictions parameter
# in postconf(5).
#
# You can specify the list of "trusted" network addresses by hand
# or you can let Postfix do it for you (which is the default).
#
# By default (mynetworks_style = subnet), Postfix "trusts" SMTP
# clients in the same IP subnetworks as the local machine.
# On Linux, this works correctly only with interfaces specified
# with the "ifconfig" command.
#
# Specify "mynetworks_style = class" when Postfix should "trust" SMTP
# clients in the same IP class A/B/C networks as the local machine.
# Don't do this with a dialup site - it would cause Postfix to "trust"
# your entire provider's network. Instead, specify an explicit
# mynetworks list by hand, as described below.
#
# Specify "mynetworks_style = host" when Postfix should "trust"
# only the local machine.
#
#mynetworks_style = class
#mynetworks_style = subnet
#mynetworks_style = host
# Alternatively, you can specify the mynetworks list by hand, in
# which case Postfix ignores the mynetworks_style setting.
#
# Specify an explicit list of network/netmask patterns, where the
# mask specifies the number of bits in the network part of a host
# address.
#
# You can also specify the absolute pathname of a pattern file instead
# of listing the patterns here. Specify type:table for table-based lookups
# (the value on the table right-hand side is not used).
#
#mynetworks = 168.100.189.0/28, 127.0.0.0/8
#mynetworks = $config_directory/mynetworks
#mynetworks = hash:/etc/postfix/network_table
# The relay_domains parameter restricts what destinations this system will
# relay mail to. See the smtpd_recipient_restrictions description in
# postconf(5) for detailed information.
#
# By default, Postfix relays mail
# - from "trusted" clients (IP address matches $mynetworks) to any destination,
# - from "untrusted" clients to destinations that match $relay_domains or
# subdomains thereof, except addresses with sender-specified routing.
# The default relay_domains value is $mydestination.
#
# In addition to the above, the Postfix SMTP server by default accepts mail
# that Postfix is final destination for:
# - destinations that match $inet_interfaces or $proxy_interfaces,
# - destinations that match $mydestination
# - destinations that match $virtual_alias_domains,
# - destinations that match $virtual_mailbox_domains.
# These destinations do not need to be listed in $relay_domains.
#
# Specify a list of hosts or domains, /file/name patterns or type:name
# lookup tables, separated by commas and/or whitespace. Continue
# long lines by starting the next line with whitespace. A file name
# is replaced by its contents; a type:name table is matched when a
# (parent) domain appears as lookup key.
#
# NOTE: Postfix will not automatically forward mail for domains that
# list this system as their primary or backup MX host. See the
# permit_mx_backup restriction description in postconf(5).
#
#relay_domains = $mydestination
# INTERNET OR INTRANET
# The relayhost parameter specifies the default host to send mail to
# when no entry is matched in the optional transport(5) table. When
# no relayhost is given, mail is routed directly to the destination.
#
# On an intranet, specify the organizational domain name. If your
# internal DNS uses no MX records, specify the name of the intranet
# gateway host instead.
#
# In the case of SMTP, specify a domain, host, host:port, [host]:port,
# [address] or [address]:port; the form [host] turns off MX lookups.
#
# If you're connected via UUCP, see also the default_transport parameter.
#
#relayhost = $mydomain
#relayhost = [gateway.my.domain]
#relayhost = [mailserver.isp.tld]
#relayhost = uucphost
#relayhost = [an.ip.add.ress]
# REJECTING UNKNOWN RELAY USERS
#
# The relay_recipient_maps parameter specifies optional lookup tables
# with all addresses in the domains that match $relay_domains.
#
# If this parameter is defined, then the SMTP server will reject
# mail for unknown relay users. This feature is off by default.
#
# The right-hand side of the lookup tables is conveniently ignored.
# In the left-hand side, specify an @domain.tld wild-card, or specify
# a user@domain.tld address.
#
#relay_recipient_maps = hash:/etc/postfix/relay_recipients
# INPUT RATE CONTROL
#
# The in_flow_delay configuration parameter implements mail input
# flow control. This feature is turned on by default, although it
# still needs further development (it's disabled on SCO UNIX due
# to an SCO bug).
#
# A Postfix process will pause for $in_flow_delay seconds before
# accepting a new message, when the message arrival rate exceeds the
# message delivery rate. With the default 100 SMTP server process
# limit, this limits the mail inflow to 100 messages a second more
# than the number of messages delivered per second.
#
# Specify 0 to disable the feature. Valid delays are 0..10.
#
#in_flow_delay = 1s
# ADDRESS REWRITING
#
# The ADDRESS_REWRITING_README document gives information about
# address masquerading or other forms of address rewriting including
# username->Firstname.Lastname mapping.
# ADDRESS REDIRECTION (VIRTUAL DOMAIN)
#
# The VIRTUAL_README document gives information about the many forms
# of domain hosting that Postfix supports.
# "USER HAS MOVED" BOUNCE MESSAGES
#
# See the discussion in the ADDRESS_REWRITING_README document.
# TRANSPORT MAP
#
# See the discussion in the ADDRESS_REWRITING_README document.
# ALIAS DATABASE
#
# The alias_maps parameter specifies the list of alias databases used
# by the local delivery agent. The default list is system dependent.
#
# On systems with NIS, the default is to search the local alias
# database, then the NIS alias database. See aliases(5) for syntax
# details.
#
# If you change the alias database, run "postalias /etc/aliases" (or
# wherever your system stores the mail alias file), or simply run
# "newaliases" to build the necessary DBM or DB file.
#
# It will take a minute or so before changes become visible. Use
# "postfix reload" to eliminate the delay.
#
#alias_maps = dbm:/etc/aliases
alias_maps = hash:/etc/aliases
#alias_maps = hash:/etc/aliases, nis:mail.aliases
#alias_maps = netinfo:/aliases
# The alias_database parameter specifies the alias database(s) that
# are built with "newaliases" or "sendmail -bi". This is a separate
# configuration parameter, because alias_maps (see above) may specify
# tables that are not necessarily all under control by Postfix.
#
#alias_database = dbm:/etc/aliases
#alias_database = dbm:/etc/mail/aliases
alias_database = hash:/etc/aliases
#alias_database = hash:/etc/aliases, hash:/opt/majordomo/aliases
# ADDRESS EXTENSIONS (e.g., user+foo)
#
# The recipient_delimiter parameter specifies the separator between
# user names and address extensions (user+foo). See canonical(5),
# local(8), relocated(5) and virtual(5) for the effects this has on
# aliases, canonical, virtual, relocated and .forward file lookups.
# Basically, the software tries user+foo and .forward+foo before
# trying user and .forward.
#
#recipient_delimiter = +
# DELIVERY TO MAILBOX
#
# The home_mailbox parameter specifies the optional pathname of a
# mailbox file relative to a user's home directory. The default
# mailbox file is /var/spool/mail/user or /var/mail/user. Specify
# "Maildir/" for qmail-style delivery (the / is required).
#
#home_mailbox = Mailbox
#home_mailbox = Maildir/
# The mail_spool_directory parameter specifies the directory where
# UNIX-style mailboxes are kept. The default setting depends on the
# system type.
#
#mail_spool_directory = /var/mail
#mail_spool_directory = /var/spool/mail
# The mailbox_command parameter specifies the optional external
# command to use instead of mailbox delivery. The command is run as
# the recipient with proper HOME, SHELL and LOGNAME environment settings.
# Exception: delivery for root is done as $default_user.
#
# Other environment variables of interest: USER (recipient username),
# EXTENSION (address extension), DOMAIN (domain part of address),
# and LOCAL (the address localpart).
#
# Unlike other Postfix configuration parameters, the mailbox_command
# parameter is not subjected to $parameter substitutions. This is to
# make it easier to specify shell syntax (see example below).
#
# Avoid shell meta characters because they will force Postfix to run
# an expensive shell process. Procmail alone is expensive enough.
#
# IF YOU USE THIS TO DELIVER MAIL SYSTEM-WIDE, YOU MUST SET UP AN
# ALIAS THAT FORWARDS MAIL FOR ROOT TO A REAL USER.
#
#mailbox_command = /some/where/procmail
#mailbox_command = /some/where/procmail -a "$EXTENSION"
# The mailbox_transport specifies the optional transport in master.cf
# to use after processing aliases and .forward files. This parameter
# has precedence over the mailbox_command, fallback_transport and
# luser_relay parameters.
#
# Specify a string of the form transport:nexthop, where transport is
# the name of a mail delivery transport defined in master.cf. The
# :nexthop part is optional. For more details see the sample transport
# configuration file.
#
# NOTE: if you use this feature for accounts not in the UNIX password
# file, then you must update the "local_recipient_maps" setting in
# the main.cf file, otherwise the SMTP server will reject mail for
# non-UNIX accounts with "User unknown in local recipient table".
#
# Cyrus IMAP over LMTP. Specify ``lmtpunix cmd="lmtpd"
# listen="/var/imap/socket/lmtp" prefork=0'' in cyrus.conf.
#mailbox_transport = lmtp:unix:/var/lib/imap/socket/lmtp
# If using the cyrus-imapd IMAP server deliver local mail to the IMAP
# server using LMTP (Local Mail Transport Protocol), this is prefered
# over the older cyrus deliver program by setting the
# mailbox_transport as below:
#
# mailbox_transport = lmtp:unix:/var/lib/imap/socket/lmtp
#
# The efficiency of LMTP delivery for cyrus-imapd can be enhanced via
# these settings.
#
# local_destination_recipient_limit = 300
# local_destination_concurrency_limit = 5
#
# Of course you should adjust these settings as appropriate for the
# capacity of the hardware you are using. The recipient limit setting
# can be used to take advantage of the single instance message store
# capability of Cyrus. The concurrency limit can be used to control
# how many simultaneous LMTP sessions will be permitted to the Cyrus
# message store.
#
# Cyrus IMAP via command line. Uncomment the "cyrus...pipe" and
# subsequent line in master.cf.
#mailbox_transport = cyrus
# The fallback_transport specifies the optional transport in master.cf
# to use for recipients that are not found in the UNIX passwd database.
# This parameter has precedence over the luser_relay parameter.
#
# Specify a string of the form transport:nexthop, where transport is
# the name of a mail delivery transport defined in master.cf. The
# :nexthop part is optional. For more details see the sample transport
# configuration file.
#
# NOTE: if you use this feature for accounts not in the UNIX password
# file, then you must update the "local_recipient_maps" setting in
# the main.cf file, otherwise the SMTP server will reject mail for
# non-UNIX accounts with "User unknown in local recipient table".
#
#fallback_transport = lmtp:unix:/var/lib/imap/socket/lmtp
#fallback_transport =
# The luser_relay parameter specifies an optional destination address
# for unknown recipients. By default, mail for unknown@$mydestination,
# unknown@[$inet_interfaces] or unknown@[$proxy_interfaces] is returned
# as undeliverable.
#
# The following expansions are done on luser_relay: $user (recipient
# username), $shell (recipient shell), $home (recipient home directory),
# $recipient (full recipient address), $extension (recipient address
# extension), $domain (recipient domain), $local (entire recipient
# localpart), $recipient_delimiter. Specify ${name?value} or
# ${name:value} to expand value only when $name does (does not) exist.
#
# luser_relay works only for the default Postfix local delivery agent.
#
# NOTE: if you use this feature for accounts not in the UNIX password
# file, then you must specify "local_recipient_maps =" (i.e. empty) in
# the main.cf file, otherwise the SMTP server will reject mail for
# non-UNIX accounts with "User unknown in local recipient table".
#
#luser_relay = $user@other.host
#luser_relay = $local@other.host
#luser_relay = admin+$local
# JUNK MAIL CONTROLS
#
# The controls listed here are only a very small subset. The file
# SMTPD_ACCESS_README provides an overview.
# The header_checks parameter specifies an optional table with patterns
# that each logical message header is matched against, including
# headers that span multiple physical lines.
#
# By default, these patterns also apply to MIME headers and to the
# headers of attached messages. With older Postfix versions, MIME and
# attached message headers were treated as body text.
#
# For details, see "man header_checks".
#
#header_checks = regexp:/etc/postfix/header_checks
# FAST ETRN SERVICE
#
# Postfix maintains per-destination logfiles with information about
# deferred mail, so that mail can be flushed quickly with the SMTP
# "ETRN domain.tld" command, or by executing "sendmail -qRdomain.tld".
# See the ETRN_README document for a detailed description.
#
# The fast_flush_domains parameter controls what destinations are
# eligible for this service. By default, they are all domains that
# this server is willing to relay mail to.
#
#fast_flush_domains = $relay_domains
# SHOW SOFTWARE VERSION OR NOT
#
# The smtpd_banner parameter specifies the text that follows the 220
# code in the SMTP server's greeting banner. Some people like to see
# the mail version advertised. By default, Postfix shows no version.
#
# You MUST specify $myhostname at the start of the text. That is an
# RFC requirement. Postfix itself does not care.
#
#smtpd_banner = $myhostname ESMTP $mail_name
#smtpd_banner = $myhostname ESMTP $mail_name ($mail_version)
# PARALLEL DELIVERY TO THE SAME DESTINATION
#
# How many parallel deliveries to the same user or domain? With local
# delivery, it does not make sense to do massively parallel delivery
# to the same user, because mailbox updates must happen sequentially,
# and expensive pipelines in .forward files can cause disasters when
# too many are run at the same time. With SMTP deliveries, 10
# simultaneous connections to the same domain could be sufficient to
# raise eyebrows.
#
# Each message delivery transport has its XXX_destination_concurrency_limit
# parameter. The default is $default_destination_concurrency_limit for
# most delivery transports. For the local delivery agent the default is 2.
#local_destination_concurrency_limit = 2
#default_destination_concurrency_limit = 20
# DEBUGGING CONTROL
#
# The debug_peer_level parameter specifies the increment in verbose
# logging level when an SMTP client or server host name or address
# matches a pattern in the debug_peer_list parameter.
#
debug_peer_level = 2
# The debug_peer_list parameter specifies an optional list of domain
# or network patterns, /file/name patterns or type:name tables. When
# an SMTP client or server host name or address matches a pattern,
# increase the verbose logging level by the amount specified in the
# debug_peer_level parameter.
#
#debug_peer_list = 127.0.0.1
#debug_peer_list = some.domain
# The debugger_command specifies the external command that is executed
# when a Postfix daemon program is run with the -D option.
#
# Use "command .. & sleep 5" so that the debugger can attach before
# the process marches on. If you use an X-based debugger, be sure to
# set up your XAUTHORITY environment variable before starting Postfix.
#
debugger_command =
PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin
ddd $daemon_directory/$process_name $process_id & sleep 5
# If you can't use X, use this to capture the call stack when a
# daemon crashes. The result is in a file in the configuration
# directory, and is named after the process name and the process ID.
#
# debugger_command =
# PATH=/bin:/usr/bin:/usr/local/bin; export PATH; (echo cont;
# echo where) | gdb $daemon_directory/$process_name $process_id 2>&1
# >$config_directory/$process_name.$process_id.log & sleep 5
#
# Another possibility is to run gdb under a detached screen session.
# To attach to the screen session, su root and run "screen -r
# <id_string>" where <id_string> uniquely matches one of the detached
# sessions (from "screen -list").
#
# debugger_command =
# PATH=/bin:/usr/bin:/sbin:/usr/sbin; export PATH; screen
# -dmS $process_name gdb $daemon_directory/$process_name
# $process_id & sleep 1
# INSTALL-TIME CONFIGURATION INFORMATION
#
# The following parameters are used when installing a new Postfix version.
#
# sendmail_path: The full pathname of the Postfix sendmail command.
# This is the Sendmail-compatible mail posting interface.
#
sendmail_path = /usr/sbin/sendmail.postfix
# newaliases_path: The full pathname of the Postfix newaliases command.
# This is the Sendmail-compatible command to build alias databases.
#
newaliases_path = /usr/bin/newaliases.postfix
# mailq_path: The full pathname of the Postfix mailq command. This
# is the Sendmail-compatible mail queue listing command.
#
mailq_path = /usr/bin/mailq.postfix
# setgid_group: The group for mail submission and queue management
# commands. This must be a group name with a numerical group ID that
# is not shared with other accounts, not even with the Postfix account.
#
setgid_group = postdrop
# html_directory: The location of the Postfix HTML documentation.
#
html_directory = no
# manpage_directory: The location of the Postfix on-line manual pages.
#
manpage_directory = /usr/share/man
# sample_directory: The location of the Postfix sample configuration files.
# This parameter is obsolete as of Postfix 2.1.
#
sample_directory = /usr/share/doc/postfix/samples
# readme_directory: The location of the Postfix README files.
#
readme_directory = /usr/share/doc/postfix/README_FILES
# TLS CONFIGURATION
#
# Basic Postfix TLS configuration by default with self-signed certificate
# for inbound SMTP and also opportunistic TLS for outbound SMTP.
# The full pathname of a file with the Postfix SMTP server RSA certificate
# in PEM format. Intermediate certificates should be included in general,
# the server certificate first, then the issuing CA(s) (bottom-up order).
#
smtpd_tls_cert_file = /etc/pki/tls/certs/postfix.pem
# The full pathname of a file with the Postfix SMTP server RSA private key
# in PEM format. The private key must be accessible without a pass-phrase,
# i.e. it must not be encrypted.
#
smtpd_tls_key_file = /etc/pki/tls/private/postfix.key
# Announce STARTTLS support to remote SMTP clients, but do not require that
# clients use TLS encryption (opportunistic TLS inbound).
#
smtpd_tls_security_level = may
# Directory with PEM format Certification Authority certificates that the
# Postfix SMTP client uses to verify a remote SMTP server certificate.
#
smtp_tls_CApath = /etc/pki/tls/certs
# The full pathname of a file containing CA certificates of root CAs
# trusted to sign either remote SMTP server certificates or intermediate CA
# certificates.
#
smtp_tls_CAfile = /etc/pki/tls/certs/ca-bundle.crt
# Use TLS if this is supported by the remote SMTP server, otherwise use
# plaintext (opportunistic TLS outbound).
#
smtp_tls_security_level = may
meta_directory = /etc/postfix
shlib_directory = /usr/lib64/postfix

2
postfix/master.cf
View File

@@ -154,3 +154,5 @@ amavisfeed unix - - n - 2 lmtp
-o local_recipient_maps=
-o relay_recipient_maps=
#smtpd pass - - n - - smtpd
postlog unix-dgram n - n - 1 postlogd

7
postfix/master.cf.proto
View File

@@ -64,6 +64,7 @@ virtual unix - n n - - virtual
lmtp unix - - n - - lmtp
anvil unix - - n - 1 anvil
scache unix - - n - 1 scache
postlog unix-dgram n - n - 1 postlogd
#
# ====================================================================
# Interfaces to non-Postfix software. Be sure to examine the manual
@@ -78,7 +79,7 @@ scache unix - - n - 1 scache
# Also specify in main.cf: maildrop_destination_recipient_limit=1
#
#maildrop unix - n n - - pipe
# flags=DRhu user=vmail argv=/usr/local/bin/maildrop -d ${recipient}
# flags=DRXhu user=vmail argv=/usr/local/bin/maildrop -d ${recipient}
#
# ====================================================================
#
@@ -97,7 +98,7 @@ scache unix - - n - 1 scache
# Also specify in main.cf: cyrus_destination_recipient_limit=1
#
#cyrus unix - n n - - pipe
# user=cyrus argv=/usr/lib/cyrus-imapd/deliver -e -r ${sender} -m ${extension} ${user}
# flags=DRX user=cyrus argv=/usr/lib/cyrus-imapd/deliver -e -r ${sender} -m ${extension} ${user}
#
# ====================================================================
#
@@ -128,5 +129,5 @@ scache unix - - n - 1 scache
# ${nexthop} ${user} ${extension}
#
#mailman unix - n n - - pipe
# flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py
# flags=FRX user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py
# ${nexthop} ${user}

133
postfix/master.cf.rpmnew Normal file
View File

@@ -0,0 +1,133 @@
#
# Postfix master process configuration file. For details on the format
# of the file, see the master(5) manual page (command: "man 5 master" or
# on-line: http://www.postfix.org/master.5.html).
#
# Do not forget to execute "postfix reload" after editing this file.
#
# ==========================================================================
# service type private unpriv chroot wakeup maxproc command + args
# (yes) (yes) (no) (never) (100)
# ==========================================================================
smtp inet n - n - - smtpd
#smtp inet n - n - 1 postscreen
#smtpd pass - - n - - smtpd
#dnsblog unix - - n - 0 dnsblog
#tlsproxy unix - - n - 0 tlsproxy
#submission inet n - n - - smtpd
# -o syslog_name=postfix/submission
# -o smtpd_tls_security_level=encrypt
# -o smtpd_sasl_auth_enable=yes
# -o smtpd_tls_auth_only=yes
# -o smtpd_reject_unlisted_recipient=no
# -o smtpd_client_restrictions=$mua_client_restrictions
# -o smtpd_helo_restrictions=$mua_helo_restrictions
# -o smtpd_sender_restrictions=$mua_sender_restrictions
# -o smtpd_recipient_restrictions=
# -o smtpd_relay_restrictions=permit_sasl_authenticated,reject
# -o milter_macro_daemon_name=ORIGINATING
#smtps inet n - n - - smtpd
# -o syslog_name=postfix/smtps
# -o smtpd_tls_wrappermode=yes
# -o smtpd_sasl_auth_enable=yes
# -o smtpd_reject_unlisted_recipient=no
# -o smtpd_client_restrictions=$mua_client_restrictions
# -o smtpd_helo_restrictions=$mua_helo_restrictions
# -o smtpd_sender_restrictions=$mua_sender_restrictions
# -o smtpd_recipient_restrictions=
# -o smtpd_relay_restrictions=permit_sasl_authenticated,reject
# -o milter_macro_daemon_name=ORIGINATING
#628 inet n - n - - qmqpd
pickup unix n - n 60 1 pickup
cleanup unix n - n - 0 cleanup
qmgr unix n - n 300 1 qmgr
#qmgr unix n - n 300 1 oqmgr
tlsmgr unix - - n 1000? 1 tlsmgr
rewrite unix - - n - - trivial-rewrite
bounce unix - - n - 0 bounce
defer unix - - n - 0 bounce
trace unix - - n - 0 bounce
verify unix - - n - 1 verify
flush unix n - n 1000? 0 flush
proxymap unix - - n - - proxymap
proxywrite unix - - n - 1 proxymap
smtp unix - - n - - smtp
relay unix - - n - - smtp
-o syslog_name=postfix/$service_name
# -o smtp_helo_timeout=5 -o smtp_connect_timeout=5
showq unix n - n - - showq
error unix - - n - - error
retry unix - - n - - error
discard unix - - n - - discard
local unix - n n - - local
virtual unix - n n - - virtual
lmtp unix - - n - - lmtp
anvil unix - - n - 1 anvil
scache unix - - n - 1 scache
postlog unix-dgram n - n - 1 postlogd
#
# ====================================================================
# Interfaces to non-Postfix software. Be sure to examine the manual
# pages of the non-Postfix software to find out what options it wants.
#
# Many of the following services use the Postfix pipe(8) delivery
# agent. See the pipe(8) man page for information about ${recipient}
# and other message envelope options.
# ====================================================================
#
# maildrop. See the Postfix MAILDROP_README file for details.
# Also specify in main.cf: maildrop_destination_recipient_limit=1
#
#maildrop unix - n n - - pipe
# flags=DRXhu user=vmail argv=/usr/local/bin/maildrop -d ${recipient}
#
# ====================================================================
#
# Recent Cyrus versions can use the existing "lmtp" master.cf entry.
#
# Specify in cyrus.conf:
# lmtp cmd="lmtpd -a" listen="localhost:lmtp" proto=tcp4
#
# Specify in main.cf one or more of the following:
# mailbox_transport = lmtp:inet:localhost
# virtual_transport = lmtp:inet:localhost
#
# ====================================================================
#
# Cyrus 2.1.5 (Amos Gouaux)
# Also specify in main.cf: cyrus_destination_recipient_limit=1
#
#cyrus unix - n n - - pipe
# flags=DRX user=cyrus argv=/usr/lib/cyrus-imapd/deliver -e -r ${sender} -m ${extension} ${user}
#
# ====================================================================
#
# Old example of delivery via Cyrus.
#
#old-cyrus unix - n n - - pipe
# flags=R user=cyrus argv=/usr/lib/cyrus-imapd/deliver -e -m ${extension} ${user}
#
# ====================================================================
#
# See the Postfix UUCP_README file for configuration details.
#
#uucp unix - n n - - pipe
# flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
#
# ====================================================================
#
# Other external delivery methods.
#
#ifmail unix - n n - - pipe
# flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
#
#bsmtp unix - n n - - pipe
# flags=Fq. user=bsmtp argv=/usr/local/sbin/bsmtp -f $sender $nexthop $recipient
#
#scalemail-backend unix - n n - 2 pipe
# flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store
# ${nexthop} ${user} ${extension}
#
#mailman unix - n n - - pipe
# flags=FRX user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py
# ${nexthop} ${user}

5
postfix/postfix-files
View File

@@ -100,6 +100,7 @@ $daemon_directory/postfix-script:f:root:-:755
$daemon_directory/postfix-tls-script:f:root:-:755
$daemon_directory/postfix-wrapper:f:root:-:755
$daemon_directory/postmulti-script:f:root:-:755
$daemon_directory/postlogd:f:root:-:755
$daemon_directory/postscreen:f:root:-:755
$daemon_directory/proxymap:f:root:-:755
$daemon_directory/qmgr:f:root:-:755
@@ -175,7 +176,6 @@ $manpage_directory/man5/cidr_table.5.gz:f:root:-:644
$manpage_directory/man5/generics.5.gz:f:root:-:644:o
$manpage_directory/man5/generic.5.gz:f:root:-:644
$manpage_directory/man5/header_checks.5.gz:f:root:-:644
$manpage_directory/man5/lmdb_table.5.gz:f:root:-:644
$manpage_directory/man5/master.5.gz:f:root:-:644
$manpage_directory/man5/memcache_table.5.gz:f:root:-:644
$manpage_directory/man5/socketmap_table.5.gz:f:root:-:644
@@ -202,6 +202,7 @@ $manpage_directory/man8/nqmgr.8.gz:f:root:-:644:o
$manpage_directory/man8/oqmgr.8.gz:f:root:-:644:
$manpage_directory/man8/pickup.8.gz:f:root:-:644
$manpage_directory/man8/pipe.8.gz:f:root:-:644
$manpage_directory/man8/postlogd.8.gz:f:root:-:644
$manpage_directory/man8/postscreen.8.gz:f:root:-:644
$manpage_directory/man8/proxymap.8.gz:f:root:-:644
$manpage_directory/man8/qmgr.8.gz:f:root:-:644
@@ -270,7 +271,6 @@ $readme_directory/HOSTING_README:f:root:-:644:o
$readme_directory/INSTALL:f:root:-:644
$readme_directory/IPV6_README:f:root:-:644
$readme_directory/LINUX_README:f:root:-:644
$readme_directory/LMDB_README:f:root:-:644
$readme_directory/LOCAL_RECIPIENT_README:f:root:-:644
$readme_directory/MACOSX_README:f:root:-:644:o
$readme_directory/MAILDROP_README:f:root:-:644
@@ -403,6 +403,7 @@ $html_directory/postlock.1.html:f:root:-:644
$html_directory/postlog.1.html:f:root:-:644
$html_directory/postmap.1.html:f:root:-:644
$html_directory/postmulti.1.html:f:root:-:644
$html_directory/postlogd.8.html:f:root:-:644
$html_directory/postqueue.1.html:f:root:-:644
$html_directory/postscreen.8.html:f:root:-:644
$html_directory/postsuper.1.html:f:root:-:644

317
postfix/transport.rpmnew Normal file
View File

@@ -0,0 +1,317 @@
# TRANSPORT(5) TRANSPORT(5)
#
# NAME
# transport - Postfix transport table format
#
# SYNOPSIS
# postmap /etc/postfix/transport
#
# postmap -q "string" /etc/postfix/transport
#
# postmap -q - /etc/postfix/transport <inputfile
#
# DESCRIPTION
# The optional transport(5) table specifies a mapping from
# email addresses to message delivery transports and
# next-hop destinations. Message delivery transports such
# as local or smtp are defined in the master.cf file, and
# next-hop destinations are typically hosts or domain names.
# The table is searched by the trivial-rewrite(8) daemon.
#
# This mapping overrides the default transport:nexthop
# selection that is built into Postfix:
#
# local_transport (default: local:$myhostname)
# This is the default for final delivery to domains
# listed with mydestination, and for [ipaddress] des-
# tinations that match $inet_interfaces or
# $proxy_interfaces. The default nexthop destination
# is the MTA hostname.
#
# virtual_transport (default: virtual:)
# This is the default for final delivery to domains
# listed with virtual_mailbox_domains. The default
# nexthop destination is the recipient domain.
#
# relay_transport (default: relay:)
# This is the default for remote delivery to domains
# listed with relay_domains. In order of decreasing
# precedence, the nexthop destination is taken from
# relay_transport, sender_dependent_relayhost_maps,
# relayhost, or from the recipient domain.
#
# default_transport (default: smtp:)
# This is the default for remote delivery to other
# destinations. In order of decreasing precedence,
# the nexthop destination is taken from sender_depen-
# dent_default_transport_maps, default_transport,
# sender_dependent_relayhost_maps, relayhost, or from
# the recipient domain.
#
# Normally, the transport(5) table is specified as a text
# file that serves as input to the postmap(1) command. The
# result, an indexed file in dbm or db format, is used for
# fast searching by the mail system. Execute the command
# "postmap /etc/postfix/transport" to rebuild an indexed
# file after changing the corresponding transport table.
#
# When the table is provided via other means such as NIS,
# LDAP or SQL, the same lookups are done as for ordinary
# indexed files.
#
# Alternatively, the table can be provided as a regu-
# lar-expression map where patterns are given as regular
# expressions, or lookups can be directed to TCP-based
# server. In those case, the lookups are done in a slightly
# different way as described below under "REGULAR EXPRESSION
# TABLES" or "TCP-BASED TABLES".
#
# CASE FOLDING
# The search string is folded to lowercase before database
# lookup. As of Postfix 2.3, the search string is not case
# folded with database types such as regexp: or pcre: whose
# lookup fields can match both upper and lower case.
#
# TABLE FORMAT
# The input format for the postmap(1) command is as follows:
#
# pattern result
# When pattern matches the recipient address or
# domain, use the corresponding result.
#
# blank lines and comments
# Empty lines and whitespace-only lines are ignored,
# as are lines whose first non-whitespace character
# is a `#'.
#
# multi-line text
# A logical line starts with non-whitespace text. A
# line that starts with whitespace continues a logi-
# cal line.
#
# The pattern specifies an email address, a domain name, or
# a domain name hierarchy, as described in section "TABLE
# LOOKUP".
#
# The result is of the form transport:nexthop and specifies
# how or where to deliver mail. This is described in section
# "RESULT FORMAT".
#
# TABLE SEARCH ORDER
# With lookups from indexed files such as DB or DBM, or from
# networked tables such as NIS, LDAP or SQL, patterns are
# tried in the order as listed below:
#
# user+extension@domain transport:nexthop
# Deliver mail for user+extension@domain through
# transport to nexthop.
#
# user@domain transport:nexthop
# Deliver mail for user@domain through transport to
# nexthop.
#
# domain transport:nexthop
# Deliver mail for domain through transport to nex-
# thop.
#
# .domain transport:nexthop
# Deliver mail for any subdomain of domain through
# transport to nexthop. This applies only when the
# string transport_maps is not listed in the par-
# ent_domain_matches_subdomains configuration set-
# ting. Otherwise, a domain name matches itself and
# its subdomains.
#
# * transport:nexthop
# The special pattern * represents any address (i.e.
# it functions as the wild-card pattern, and is
# unique to Postfix transport tables).
#
# Note 1: the null recipient address is looked up as
# $empty_address_recipient@$myhostname (default: mailer-dae-
# mon@hostname).
#
# Note 2: user@domain or user+extension@domain lookup is
# available in Postfix 2.0 and later.
#
# RESULT FORMAT
# The lookup result is of the form transport:nexthop. The
# transport field specifies a mail delivery transport such
# as smtp or local. The nexthop field specifies where and
# how to deliver mail.
#
# The transport field specifies the name of a mail delivery
# transport (the first name of a mail delivery service entry
# in the Postfix master.cf file).
#
# The nexthop field usually specifies one recipient domain
# or hostname. In the case of the Postfix SMTP/LMTP client,
# the nexthop field may contain a list of nexthop destina-
# tions separated by comma or whitespace (Postfix 3.5 and
# later).
#
# The syntax of a nexthop destination is transport depen-
# dent. With SMTP, specify a service on a non-default port
# as host:service, and disable MX (mail exchanger) DNS
# lookups with [host] or [host]:port. The [] form is
# required when you specify an IP address instead of a host-
# name.
#
# A null transport and null nexthop field means "do not
# change": use the delivery transport and nexthop informa-
# tion that would be used when the entire transport table
# did not exist.
#
# A non-null transport field with a null nexthop field
# resets the nexthop information to the recipient domain.
#
# A null transport field with non-null nexthop field does
# not modify the transport information.
#
# EXAMPLES
# In order to deliver internal mail directly, while using a
# mail relay for all other mail, specify a null entry for
# internal destinations (do not change the delivery trans-
# port or the nexthop information) and specify a wildcard
# for all other destinations.
#
# my.domain :
# .my.domain :
# * smtp:outbound-relay.my.domain
#
# In order to send mail for example.com and its subdomains
# via the uucp transport to the UUCP host named example:
#
# example.com uucp:example
# .example.com uucp:example
#
# When no nexthop host name is specified, the destination
# domain name is used instead. For example, the following
# directs mail for user@example.com via the slow transport
# to a mail exchanger for example.com. The slow transport
# could be configured to run at most one delivery process at
# a time:
#
# example.com slow:
#
# When no transport is specified, Postfix uses the transport
# that matches the address domain class (see DESCRIPTION
# above). The following sends all mail for example.com and
# its subdomains to host gateway.example.com:
#
# example.com :[gateway.example.com]
# .example.com :[gateway.example.com]
#
# In the above example, the [] suppress MX lookups. This
# prevents mail routing loops when your machine is primary
# MX host for example.com.
#
# In the case of delivery via SMTP or LMTP, one may specify
# host:service instead of just a host:
#
# example.com smtp:bar.example:2025
#
# This directs mail for user@example.com to host bar.example
# port 2025. Instead of a numerical port a symbolic name may
# be used. Specify [] around the hostname if MX lookups must
# be disabled.
#
# Deliveries via SMTP or LMTP support multiple destinations
# (Postfix >= 3.5):
#
# example.com smtp:bar.example, foo.example
#
# This tries to deliver to bar.example before trying to
# deliver to foo.example.
#
# The error mailer can be used to bounce mail:
#
# .example.com error:mail for *.example.com is not deliverable
#
# This causes all mail for user@anything.example.com to be
# bounced.
#
# REGULAR EXPRESSION TABLES
# This section describes how the table lookups change when
# the table is given in the form of regular expressions. For
# a description of regular expression lookup table syntax,
# see regexp_table(5) or pcre_table(5).
#
# Each pattern is a regular expression that is applied to
# the entire address being looked up. Thus,
# some.domain.hierarchy is not looked up via its parent
# domains, nor is user+foo@domain looked up as user@domain.
#
# Patterns are applied in the order as specified in the ta-
# ble, until a pattern is found that matches the search
# string.
#
# The trivial-rewrite(8) server disallows regular expression
# substitution of $1 etc. in regular expression lookup
# tables, because that could open a security hole (Postfix
# version 2.3 and later).
#
# TCP-BASED TABLES
# This section describes how the table lookups change when
# lookups are directed to a TCP-based server. For a descrip-
# tion of the TCP client/server lookup protocol, see tcp_ta-
# ble(5). This feature is not available up to and including
# Postfix version 2.4.
#
# Each lookup operation uses the entire recipient address
# once. Thus, some.domain.hierarchy is not looked up via
# its parent domains, nor is user+foo@domain looked up as
# user@domain.
#
# Results are the same as with indexed file lookups.
#
# CONFIGURATION PARAMETERS
# The following main.cf parameters are especially relevant.
# The text below provides only a parameter summary. See
# postconf(5) for more details including examples.
#
# empty_address_recipient (MAILER-DAEMON)
# The recipient of mail addressed to the null
# address.
#
# parent_domain_matches_subdomains (see 'postconf -d' out-
# put)
# A list of Postfix features where the pattern "exam-
# ple.com" also matches subdomains of example.com,
# instead of requiring an explicit ".example.com"
# pattern.
#
# transport_maps (empty)
# Optional lookup tables with mappings from recipient
# address to (message delivery transport, next-hop
# destination).
#
# SEE ALSO
# trivial-rewrite(8), rewrite and resolve addresses
# master(5), master.cf file format
# postconf(5), configuration parameters
# postmap(1), Postfix lookup table manager
#
# README FILES
# Use "postconf readme_directory" or "postconf html_direc-
# tory" to locate this information.
# ADDRESS_REWRITING_README, address rewriting guide
# DATABASE_README, Postfix lookup table overview
# FILTER_README, external content filter
#
# LICENSE
# The Secure Mailer license must be distributed with this
# software.
#
# AUTHOR(S)
# Wietse Venema
# IBM T.J. Watson Research
# P.O. Box 704
# Yorktown Heights, NY 10598, USA
#
# Wietse Venema
# Google, Inc.
# 111 8th Avenue
# New York, NY 10011, USA
#
# TRANSPORT(5)

324
postfix/virtual.rpmnew Normal file
View File

@@ -0,0 +1,324 @@
# VIRTUAL(5) VIRTUAL(5)
#
# NAME
# virtual - Postfix virtual alias table format
#
# SYNOPSIS
# postmap /etc/postfix/virtual
#
# postmap -q "string" /etc/postfix/virtual
#
# postmap -q - /etc/postfix/virtual <inputfile
#
# DESCRIPTION
# The optional virtual(5) alias table rewrites recipient
# addresses for all local, all virtual, and all remote mail
# destinations. This is unlike the aliases(5) table which
# is used only for local(8) delivery. Virtual aliasing is
# recursive, and is implemented by the Postfix cleanup(8)
# daemon before mail is queued.
#
# The main applications of virtual aliasing are:
#
# o To redirect mail for one address to one or more
# addresses.
#
# o To implement virtual alias domains where all
# addresses are aliased to addresses in other
# domains.
#
# Virtual alias domains are not to be confused with
# the virtual mailbox domains that are implemented
# with the Postfix virtual(8) mail delivery agent.
# With virtual mailbox domains, each recipient
# address can have its own mailbox.
#
# Virtual aliasing is applied only to recipient envelope
# addresses, and does not affect message headers. Use
# canonical(5) mapping to rewrite header and envelope
# addresses in general.
#
# Normally, the virtual(5) alias table is specified as a
# text file that serves as input to the postmap(1) command.
# The result, an indexed file in dbm or db format, is used
# for fast searching by the mail system. Execute the command
# "postmap /etc/postfix/virtual" to rebuild an indexed file
# after changing the corresponding text file.
#
# When the table is provided via other means such as NIS,
# LDAP or SQL, the same lookups are done as for ordinary
# indexed files.
#
# Alternatively, the table can be provided as a regu-
# lar-expression map where patterns are given as regular
# expressions, or lookups can be directed to TCP-based
# server. In those case, the lookups are done in a slightly
# different way as described below under "REGULAR EXPRESSION
# TABLES" or "TCP-BASED TABLES".
#
# CASE FOLDING
# The search string is folded to lowercase before database
# lookup. As of Postfix 2.3, the search string is not case
# folded with database types such as regexp: or pcre: whose
# lookup fields can match both upper and lower case.
#
# TABLE FORMAT
# The input format for the postmap(1) command is as follows:
#
# pattern address, address, ...
# When pattern matches a mail address, replace it by
# the corresponding address.
#
# blank lines and comments
# Empty lines and whitespace-only lines are ignored,
# as are lines whose first non-whitespace character
# is a `#'.
#
# multi-line text
# A logical line starts with non-whitespace text. A
# line that starts with whitespace continues a logi-
# cal line.
#
# TABLE SEARCH ORDER
# With lookups from indexed files such as DB or DBM, or from
# networked tables such as NIS, LDAP or SQL, each
# user@domain query produces a sequence of query patterns as
# described below.
#
# Each query pattern is sent to each specified lookup table
# before trying the next query pattern, until a match is
# found.
#
# user@domain address, address, ...
# Redirect mail for user@domain to address. This
# form has the highest precedence.
#
# user address, address, ...
# Redirect mail for user@site to address when site is
# equal to $myorigin, when site is listed in $mydes-
# tination, or when it is listed in $inet_interfaces
# or $proxy_interfaces.
#
# This functionality overlaps with functionality of
# the local aliases(5) database. The difference is
# that virtual(5) mapping can be applied to non-local
# addresses.
#
# @domain address, address, ...
# Redirect mail for other users in domain to address.
# This form has the lowest precedence.
#
# Note: @domain is a wild-card. With this form, the
# Postfix SMTP server accepts mail for any recipient
# in domain, regardless of whether that recipient
# exists. This may turn your mail system into a
# backscatter source: Postfix first accepts mail for
# non-existent recipients and then tries to return
# that mail as "undeliverable" to the often forged
# sender address.
#
# To avoid backscatter with mail for a wild-card
# domain, replace the wild-card mapping with explicit
# 1:1 mappings, or add a reject_unverified_recipient
# restriction for that domain:
#
# smtpd_recipient_restrictions =
# ...
# reject_unauth_destination
# check_recipient_access
# inline:{example.com=reject_unverified_recipient}
# unverified_recipient_reject_code = 550
#
# In the above example, Postfix may contact a remote
# server if the recipient is aliased to a remote
# address.
#
# RESULT ADDRESS REWRITING
# The lookup result is subject to address rewriting:
#
# o When the result has the form @otherdomain, the
# result becomes the same user in otherdomain. This
# works only for the first address in a multi-address
# lookup result.
#
# o When "append_at_myorigin=yes", append "@$myorigin"
# to addresses without "@domain".
#
# o When "append_dot_mydomain=yes", append ".$mydomain"
# to addresses without ".domain".
#
# ADDRESS EXTENSION
# When a mail address localpart contains the optional recip-
# ient delimiter (e.g., user+foo@domain), the lookup order
# becomes: user+foo@domain, user@domain, user+foo, user, and
# @domain.
#
# The propagate_unmatched_extensions parameter controls
# whether an unmatched address extension (+foo) is propa-
# gated to the result of table lookup.
#
# VIRTUAL ALIAS DOMAINS
# Besides virtual aliases, the virtual alias table can also
# be used to implement virtual alias domains. With a virtual
# alias domain, all recipient addresses are aliased to
# addresses in other domains.
#
# Virtual alias domains are not to be confused with the vir-
# tual mailbox domains that are implemented with the Postfix
# virtual(8) mail delivery agent. With virtual mailbox
# domains, each recipient address can have its own mailbox.
#
# With a virtual alias domain, the virtual domain has its
# own user name space. Local (i.e. non-virtual) usernames
# are not visible in a virtual alias domain. In particular,
# local aliases(5) and local mailing lists are not visible
# as localname@virtual-alias.domain.
#
# Support for a virtual alias domain looks like:
#
# /etc/postfix/main.cf:
# virtual_alias_maps = hash:/etc/postfix/virtual
#
# Note: some systems use dbm databases instead of hash. See
# the output from "postconf -m" for available database
# types.
#
# /etc/postfix/virtual:
# virtual-alias.domain anything (right-hand content does not matter)
# postmaster@virtual-alias.domain postmaster
# user1@virtual-alias.domain address1
# user2@virtual-alias.domain address2, address3
#
# The virtual-alias.domain anything entry is required for a
# virtual alias domain. Without this entry, mail is rejected
# with "relay access denied", or bounces with "mail loops
# back to myself".
#
# Do not specify virtual alias domain names in the main.cf
# mydestination or relay_domains configuration parameters.
#
# With a virtual alias domain, the Postfix SMTP server
# accepts mail for known-user@virtual-alias.domain, and
# rejects mail for unknown-user@virtual-alias.domain as
# undeliverable.
#
# Instead of specifying the virtual alias domain name via
# the virtual_alias_maps table, you may also specify it via
# the main.cf virtual_alias_domains configuration parameter.
# This latter parameter uses the same syntax as the main.cf
# mydestination configuration parameter.
#
# REGULAR EXPRESSION TABLES
# This section describes how the table lookups change when
# the table is given in the form of regular expressions. For
# a description of regular expression lookup table syntax,
# see regexp_table(5) or pcre_table(5).
#
# Each pattern is a regular expression that is applied to
# the entire address being looked up. Thus, user@domain mail
# addresses are not broken up into their user and @domain
# constituent parts, nor is user+foo broken up into user and
# foo.
#
# Patterns are applied in the order as specified in the ta-
# ble, until a pattern is found that matches the search
# string.
#
# Results are the same as with indexed file lookups, with
# the additional feature that parenthesized substrings from
# the pattern can be interpolated as $1, $2 and so on.
#
# TCP-BASED TABLES
# This section describes how the table lookups change when
# lookups are directed to a TCP-based server. For a descrip-
# tion of the TCP client/server lookup protocol, see tcp_ta-
# ble(5). This feature is not available up to and including
# Postfix version 2.4.
#
# Each lookup operation uses the entire address once. Thus,
# user@domain mail addresses are not broken up into their
# user and @domain constituent parts, nor is user+foo broken
# up into user and foo.
#
# Results are the same as with indexed file lookups.
#
# BUGS
# The table format does not understand quoting conventions.
#
# CONFIGURATION PARAMETERS
# The following main.cf parameters are especially relevant
# to this topic. See the Postfix main.cf file for syntax
# details and for default values. Use the "postfix reload"
# command after a configuration change.
#
# virtual_alias_maps ($virtual_maps)
# Optional lookup tables that alias specific mail
# addresses or domains to other local or remote
# address.
#
# virtual_alias_domains ($virtual_alias_maps)
# Postfix is final destination for the specified list
# of virtual alias domains, that is, domains for
# which all addresses are aliased to addresses in
# other local or remote domains.
#
# propagate_unmatched_extensions (canonical, virtual)
# What address lookup tables copy an address exten-
# sion from the lookup key to the lookup result.
#
# Other parameters of interest:
#
# inet_interfaces (all)
# The network interface addresses that this mail sys-
# tem receives mail on.
#
# mydestination ($myhostname, localhost.$mydomain, local-
# host)
# The list of domains that are delivered via the
# $local_transport mail delivery transport.
#
# myorigin ($myhostname)
# The domain name that locally-posted mail appears to
# come from, and that locally posted mail is deliv-
# ered to.
#
# owner_request_special (yes)
# Enable special treatment for owner-listname entries
# in the aliases(5) file, and don't split owner-list-
# name and listname-request address localparts when
# the recipient_delimiter is set to "-".
#
# proxy_interfaces (empty)
# The network interface addresses that this mail sys-
# tem receives mail on by way of a proxy or network
# address translation unit.
#
# SEE ALSO
# cleanup(8), canonicalize and enqueue mail
# postmap(1), Postfix lookup table manager
# postconf(5), configuration parameters
# canonical(5), canonical address mapping
#
# README FILES
# Use "postconf readme_directory" or "postconf html_direc-
# tory" to locate this information.
# ADDRESS_REWRITING_README, address rewriting guide
# DATABASE_README, Postfix lookup table overview
# VIRTUAL_README, domain hosting guide
#
# LICENSE
# The Secure Mailer license must be distributed with this
# software.
#
# AUTHOR(S)
# Wietse Venema
# IBM T.J. Watson Research
# P.O. Box 704
# Yorktown Heights, NY 10598, USA
#
# Wietse Venema
# Google, Inc.
# 111 8th Avenue
# New York, NY 10011, USA
#
# VIRTUAL(5)

2
qemu-ga/fsfreeze-hook
View File

@@ -8,7 +8,7 @@
# request, it is issued with "thaw" argument after filesystem is thawed.
LOGFILE=/var/log/qga-fsfreeze-hook.log
FSFREEZE_D=$(dirname -- "$0")/fsfreeze-hook.d
FSFREEZE_D=$(dirname -- "$(realpath $0)")/fsfreeze-hook.d
# Check whether file $1 is a backup or rpm-generated file and should be ignored
is_ignored_file() {

1
qemu-kvm/fsfreeze-hook Symbolic link
View File

@@ -0,0 +1 @@
/etc/qemu-ga/fsfreeze-hook

2
rc.d/init.d/functions
View File

@@ -7,7 +7,7 @@
TEXTDOMAIN=initscripts
# Make sure umask is sane
umask 027
umask 022
# Set up a default search path.
PATH="/sbin:/usr/sbin:/bin:/usr/bin"

27
rdma/mlx4.conf Normal file
View File

@@ -0,0 +1,27 @@
# Config file for mlx4 hardware port settings
# This file is read when the mlx4_core module is loaded and used to
# set the port types for any hardware found. If a card is not listed
# in this file, then its port types are left alone.
#
# Format:
# <pci_device_of_card> <port1_type> [port2_type]
#
# @port1 and @port2:
# One of auto, ib, or eth. No checking is performed to make sure that
# combinations are valid. Invalid inputs will result in the driver
# not setting the port to the type requested. port1 is required at
# all times, port2 is required for dual port cards.
#
# Example:
# 0000:0b:00.0 eth eth
#
# You can find the right pci device to use for any given card by loading
# the mlx4_core module, then going to /sys/bus/pci/drivers/mlx4_core and
# seeing what possible PCI devices are listed there. The possible values
# for ports are: ib, eth, and auto. However, not all cards support all
# types, so if you get messages from the kernel that your selected port
# type isn't supported, there's nothing this script can do about it. Also,
# some cards don't support using different types on the two ports (aka,
# both ports must be either eth or ib). Again, we can't set what the kernel
# or hardware won't support.
#

12
rdma/modules/infiniband.conf Normal file
View File

@@ -0,0 +1,12 @@
# These modules are loaded by the system if any InfiniBand device is installed
# InfiniBand over IP netdevice
ib_ipoib
# Access to fabric management SMPs and GMPs from userspace.
ib_umad
# SCSI Remote Protocol target support
# ib_srpt
# ib_ucm provides the obsolete /dev/infiniband/ucm0
# ib_ucm

1
rdma/modules/iwarp.conf Normal file
View File

@@ -0,0 +1 @@
# These modules are loaded by the system if any iWarp device is installed

10
rdma/modules/opa.conf Normal file
View File

@@ -0,0 +1,10 @@
# These modules are loaded by the system if any OmniPath Architecture device
# is installed
# Infiniband over IP netdevice
ib_ipoib
# Access to fabric management SMPs and GMPs from userspace.
ib_umad
# Omnipath Ethernet Virtual NIC netdevice
opa_vnic

24
rdma/modules/rdma.conf Normal file
View File

@@ -0,0 +1,24 @@
# These modules are loaded by the system if any RDMA devices is installed
# iSCSI over RDMA client support
ib_iser
# iSCSI over RDMA target support
ib_isert
# SCSI RDMA Protocol target driver
ib_srpt
# User access to RDMA verbs (supports libibverbs)
ib_uverbs
# User access to RDMA connection management (supports librdmacm)
rdma_ucm
# RDS over RDMA support
# rds_rdma
# NFS over RDMA client support
xprtrdma
# NFS over RDMA server support
svcrdma

2
rdma/modules/roce.conf Normal file
View File

@@ -0,0 +1,2 @@
# These modules are loaded by the system if any RDMA over Converged Ethernet
# device is installed

6
rhsm/rhsm.conf
View File

@@ -94,6 +94,12 @@ autoAttachInterval = 1440
splay = 1
# If set to 1, rhsmcertd will not execute.
disable = 0
# Set to 1, when rhsmcerd will try to do automatic registration.
# Setting this option make sense only on machines running on public
# clouds. Currently only AWS, Azure and GCP are supported
auto_registration = 0
# Interval to run auto-registration (in minutes):
auto_registration_interval = 60
[logging]
default_log_level = INFO

16
security/pwquality.conf
View File

@@ -54,6 +54,10 @@
# The check is enabled if the value is not 0.
# usercheck = 1
#
# Length of substrings from the username to check for in the password
# The check is enabled if the value is greater than 0 and usercheck is enabled.
# usersubstr = 0
#
# Whether the check is enforced by the PAM module and possibly other
# applications.
# The new password is rejected if it fails the check and the value is not 0.
@@ -61,3 +65,15 @@
#
# Path to the cracklib dictionaries. Default is to use the cracklib default.
# dictpath =
#
# Prompt user at most N times before returning with error. The default is 1.
# retry = 3
#
# Enforces pwquality checks on the root user password.
# Enabled if the option is present.
# enforce_for_root
#
# Skip testing the password quality for users that are not present in the
# /etc/passwd file.
# Enabled if the option is present.
# local_users_only

8
selinux/semanage.conf
View File

@@ -42,14 +42,16 @@ module-store = direct
expand-check=0
# usepasswd check tells semanage to scan all pass word records for home directories
# and setup the labeling correctly. If this is turned off, SELinux will label /home
# correctly only. You will need to use semanage fcontext command.
# and setup the labeling correctly. If this is turned off, SELinux will label only /home
# and home directories of users with SELinux login mappings defined, see
# semanage login -l for the list of such users.
# If you want to use a different home directory, you will need to use semanage fcontext command.
# For example, if you had home dirs in /althome directory you would have to execute
# semanage fcontext -a -e /home /althome
usepasswd=False
bzip-small=true
bzip-blocksize=5
ignoredirs=/root
ignoredirs=/root;/bin;/boot;/dev;/etc;/lib;/lib64;/proc;/run;/sbin;/sys;/tmp;/usr;/var
[sefcontext_compile]
path = /usr/sbin/sefcontext_compile

2
selinux/targeted/.policy.sha512
View File

@@ -1 +1 @@
a22e33fcbb09d3c1722d49f584d554e7c9a887c3b1da8dc15f90e9d72884fd73191d410f6d4dbf9f0c7c99e8362393b218002ba9644eecb0d1e509bbc9132d04
a3901cc0dc86321934577ebddea6d769230a49a9899939b0c78d693b1b1dd8bbf53fba876ba3c8c08bf7fe910a1a8d760bcf812026b8edac95389f7e9a13b4bb

17
selinux/targeted/contexts/files/file_contexts
View File

@@ -530,6 +530,7 @@
/dev/usbmon.+ -c system_u:object_r:usbmon_device_t:s0
/dev/mmcblk.* -b system_u:object_r:removable_device_t:s0
/dev/mspblk.* -b system_u:object_r:removable_device_t:s0
/etc/httpd/.* -l system_u:object_r:etc_t:s0
/initrd\.img.* -l system_u:object_r:boot_t:s0
/etc/bacula.* system_u:object_r:bacula_etc_t:s0
/etc/drupal.* system_u:object_r:httpd_sys_rw_content_t:s0
@@ -1532,6 +1533,7 @@
/boot/System\.map(-.*)? -- system_u:object_r:system_map_t:s0
/usr/sbin/crack_[a-z]* -- system_u:object_r:crack_exec_t:s0
/var/cache/swift(/.*)? -- system_u:object_r:swift_var_cache_t:s0
/dev/vhost-vdpa-[0-9]+ -c system_u:object_r:vhost_device_t:s0
/etc/MailScanner(/.*)? system_u:object_r:mscan_etc_t:s0
/etc/WebCalendar(/.*)? system_u:object_r:httpd_sys_rw_content_t:s0
/etc/dirsrv/dsgw(/.*)? system_u:object_r:dirsrvadmin_config_t:s0
@@ -2068,6 +2070,7 @@
/opt/google-earth/.*\.so.* -- system_u:object_r:textrel_shlib_t:s0
/usr/google-earth/.*\.so.* -- system_u:object_r:textrel_shlib_t:s0
/var/run/nm-xl2tpd.conf.* -- system_u:object_r:NetworkManager_var_run_t:s0
/var/run/pcsd-ruby.socket -s system_u:object_r:cluster_var_run_t:s0
/etc/resolv-secure.conf.* system_u:object_r:net_conf_t:s0
/var/cache/tomcat6?(/.*)? system_u:object_r:tomcat_cache_t:s0
/var/lib/syslog-ng.persist -- system_u:object_r:syslogd_var_lib_t:s0
@@ -2213,6 +2216,7 @@
/var/run/postgresql(/.*)? system_u:object_r:postgresql_var_run_t:s0
/var/run/samba/nmbd(/.*)? system_u:object_r:nmbd_var_run_t:s0
/var/run/stickshift(/.*)? system_u:object_r:openshift_var_run_t:s0
/var/run/strongswan(/.*)? system_u:object_r:ipsec_var_run_t:s0
/var/run/timemaster(/.*)? system_u:object_r:timemaster_var_run_t:s0
/var/spool/asterisk(/.*)? system_u:object_r:asterisk_spool_t:s0
/var/spool/cups-pdf(/.*)? system_u:object_r:print_spool_t:s0
@@ -2746,6 +2750,7 @@
/var/spool/cron/crontabs/.* -- <<none>>
/etc/rc\.d/init\.d/dhcrelay(6)? -- system_u:object_r:dhcpd_initrc_exec_t:s0
/usr/share/awstats/tools/.+\.pl -- system_u:object_r:awstats_exec_t:s0
/var/run/systemd/machines.lock -- system_u:object_r:systemd_machined_var_run_t:s0
/etc/security/namespace\.d(/.*)? -- system_u:object_r:namespace_init_exec_t:s0
/usr/share/turboprint/lib(/.*)? -- system_u:object_r:bin_t:s0
/etc/pki/pki-tomcat/alias(/.*)? system_u:object_r:pki_tomcat_cert_t:s0
@@ -4023,7 +4028,6 @@
/var/run/\.zebra -s system_u:object_r:zebra_var_run_t:s0
/var/run/\.zserv -s system_u:object_r:zebra_var_run_t:s0
/var/run/zarafa -s system_u:object_r:zarafa_server_var_run_t:s0
/etc/httpd/logs system_u:object_r:httpd_log_t:s0
/bin/dbus-daemon -- system_u:object_r:dbusd_exec_t:s0
/etc/fetchmailrc -- system_u:object_r:fetchmail_etc_t:s0
/etc/ld\.so\.cache -- system_u:object_r:ld_so_cache_t:s0
@@ -4560,7 +4564,6 @@
/dev/device-mapper -c system_u:object_r:fixed_disk_device_t:s0
/dev/xen/hypercall -c system_u:object_r:xen_device_t:s0
/var/run/gpsd\.sock -s system_u:object_r:gpsd_var_run_t:s0
/etc/httpd/modules system_u:object_r:httpd_modules_t:s0
/usr/bin/pkidaemon system_u:object_r:pki_tomcat_exec_t:s0
/\.ismount-test-file -- system_u:object_r:sosreport_tmp_t:s0
/bin/systemd-notify -- system_u:object_r:systemd_notify_exec_t:s0
@@ -4710,6 +4713,7 @@
/var/log/lost\+found -d system_u:object_r:lost_found_t:s0
/var/tmp/lost\+found -d system_u:object_r:lost_found_t:s0
/var/tmp/vi\.recover -d system_u:object_r:tmp_t:s0
/dev/isst_interface -c system_u:object_r:cpu_device_t:s0
/dev/mapper/control -c system_u:object_r:lvm_control_t:s0
/var/run/charon\.ctl -s system_u:object_r:ipsec_var_run_t:s0
/var/run/dcc/dccifd -s system_u:object_r:dccifd_var_run_t:s0
@@ -5404,6 +5408,7 @@
/usr/sbin/audisp-prelude -- system_u:object_r:prelude_audisp_exec_t:s0
/usr/sbin/avahi-dnsconfd -- system_u:object_r:avahi_exec_t:s0
/usr/sbin/cgconfigparser -- system_u:object_r:cgconfig_exec_t:s0
/usr/sbin/charon-systemd -- system_u:object_r:ipsec_exec_t:s0
/usr/sbin/condor_starter -- system_u:object_r:condor_startd_exec_t:s0
/usr/sbin/condor_vm-gahp -- system_u:object_r:virtd_exec_t:s0
/usr/sbin/dmsetup\.static -- system_u:object_r:lvm_exec_t:s0
@@ -5525,6 +5530,8 @@
/usr/libexec/news/nntpget -- system_u:object_r:innd_exec_t:s0
/usr/libexec/pcp/bin/pmcd -- system_u:object_r:pcp_pmcd_exec_t:s0
/usr/libexec/pcp/bin/pmie -- system_u:object_r:pcp_pmie_exec_t:s0
/usr/libexec/pcp/lib/pmcd -- system_u:object_r:pcp_pmcd_initrc_exec_t:s0
/usr/libexec/pcp/lib/pmie -- system_u:object_r:pcp_pmie_initrc_exec_t:s0
/usr/libexec/postfix/lmtp -- system_u:object_r:postfix_smtp_exec_t:s0
/usr/libexec/postfix/pipe -- system_u:object_r:postfix_pipe_exec_t:s0
/usr/libexec/postfix/smtp -- system_u:object_r:postfix_smtp_exec_t:s0
@@ -5816,6 +5823,7 @@
/usr/libexec/ntpdate-wrapper -- system_u:object_r:ntpdate_exec_t:s0
/usr/libexec/openipmi-helper -- system_u:object_r:ipmievd_helper_exec_t:s0
/usr/libexec/pcp/bin/pmproxy -- system_u:object_r:pcp_pmproxy_exec_t:s0
/usr/libexec/pcp/lib/pmproxy -- system_u:object_r:pcp_pmproxy_initrc_exec_t:s0
/usr/libexec/postfix/cleanup -- system_u:object_r:postfix_cleanup_exec_t:s0
/usr/libexec/postfix/virtual -- system_u:object_r:postfix_virtual_exec_t:s0
/usr/libexec/telepathy-rakia -- system_u:object_r:telepathy_sofiasip_exec_t:s0
@@ -5870,6 +5878,7 @@
/usr/lib/libstdc\+\+\.so\.2\.7\.2\.8 -- system_u:object_r:textrel_shlib_t:s0
/usr/lib/mediawiki/math/texvc -- system_u:object_r:mediawiki_script_exec_t:s0
/usr/lib/systemd/systemd-fsck -- system_u:object_r:fsadm_exec_t:s0
/usr/lib/systemd/systemd-pull -- system_u:object_r:systemd_importd_exec_t:s0
/usr/lib/udisks/udisks-daemon -- system_u:object_r:devicekit_disk_exec_t:s0
/usr/lib/vmware/bin/vmware-ui -- system_u:object_r:vmware_exec_t:s0
/usr/lib/vte/gnome-pty-helper -- system_u:object_r:bin_t:s0
@@ -5886,6 +5895,7 @@
/usr/libexec/openafs/salvager -- system_u:object_r:afs_fsserver_exec_t:s0
/usr/libexec/openafs/vlserver -- system_u:object_r:afs_vlserver_exec_t:s0
/usr/libexec/pcp/bin/pmlogger -- system_u:object_r:pcp_pmlogger_exec_t:s0
/usr/libexec/pcp/lib/pmlogger -- system_u:object_r:pcp_pmlogger_initrc_exec_t:s0
/usr/libexec/ricci-modservice -- system_u:object_r:ricci_modservice_exec_t:s0
/usr/libexec/ricci-modstorage -- system_u:object_r:ricci_modstorage_exec_t:s0
/usr/libexec/sssd/sssd_autofs -- system_u:object_r:sssd_exec_t:s0
@@ -5971,6 +5981,7 @@
/var/run/pluto/ipsec_setup\.pid -- system_u:object_r:ipsec_mgmt_var_run_t:s0
/var/run/portmap\.upgrade-state -- system_u:object_r:portmap_var_run_t:s0
/var/run/samba/connections\.tdb -- system_u:object_r:smbd_var_run_t:s0
/var/spool/mail/\.fetchmail\.pid -- system_u:object_r:fetchmail_uidl_cache_t:s0
/var/www/apcupsd/upsfstats\.cgi -- system_u:object_r:apcupsd_cgi_script_exec_t:s0
/var/named/chroot_sdb/dev/null -c system_u:object_r:null_device_t:s0
/var/named/chroot_sdb/dev/zero -c system_u:object_r:zero_device_t:s0
@@ -6016,7 +6027,6 @@
/usr/share/texmf/web2c/mktexupd -- system_u:object_r:bin_t:s0
/usr/share/vdsm/supervdsmServer -- system_u:object_r:virtd_exec_t:s0
/var/lib/likewise/krb5ccr_lsass -- system_u:object_r:lsassd_var_lib_t:s0
/var/mail/\.fetchmail-UIDL-cache -- system_u:object_r:fetchmail_uidl_cache_t:s0
/var/named/chroot/etc/localtime -- system_u:object_r:locale_t:s0
/var/run/console-kit-daemon\.pid -- system_u:object_r:consolekit_var_run_t:s0
/var/www/nut-cgi-bin/upsset\.cgi -- system_u:object_r:nutups_cgi_script_exec_t:s0
@@ -6220,6 +6230,7 @@
/var/lib/likewise-open/db/registry\.db -- system_u:object_r:lwregd_var_lib_t:s0
/var/lib/likewise-open/run/rpcdep\.dat -- system_u:object_r:dcerpcd_var_lib_t:s0
/var/lib/likewise/db/lsass-adcache\.db -- system_u:object_r:lsassd_var_lib_t:s0
/var/spool/mail/\.fetchmail-UIDL-cache -- system_u:object_r:fetchmail_uidl_cache_t:s0
/usr/Zend/lib/ZendExtensionManager\.so system_u:object_r:textrel_shlib_t:s0
/etc/rc\.d/init\.d/mountall-bootclean\.sh -- system_u:object_r:tmpreaper_exec_t:s0
/etc/rc\.d/init\.d/mountnfs-bootclean\.sh -- system_u:object_r:tmpreaper_exec_t:s0

BIN
selinux/targeted/contexts/files/file_contexts.bin
View File

Binary file not shown.

BIN
selinux/targeted/policy/policy.31
View File

Binary file not shown.

1
sysconfig/cbq/avpkt
View File

@@ -1 +0,0 @@
AVPKT=3000

5
sysconfig/cbq/cbq-0000.example
View File

@@ -1,5 +0,0 @@
DEVICE=eth0,10Mbit,1Mbit
RATE=128Kbit
WEIGHT=10Kbit
PRIO=5
RULE=192.168.1.0/24

2
sysconfig/network-scripts/ifup
View File

@@ -122,7 +122,7 @@ if [ "${VLAN}" = "yes" ] && [ "$ISALIAS" = "no" ] && [ -n "$DEVICE" ]; then
}
# Link on Physical device needs to be up but no ip required
check_device_down ${PHYSDEV} && { ip -o link set dev ${PHYSDEV} up; }
check_device_down ${PHYSDEV} && set_link_up ${PHYSDEV}
if [ ! -f /proc/net/vlan/${DEVICE} ]; then
if [ "${REORDER_HDR}" = "no" -o "${REORDER_HDR}" = "0" ]; then

5
sysconfig/network-scripts/ifup-aliases
View File

@@ -280,8 +280,9 @@ function new_interface ()
# update ARP cache of neighboring computers:
if ! is_false "${ARPUPDATE}" && [ "${REALDEVICE}" != "lo" ]; then
/sbin/arping -q -A -c 1 -I ${parent_device} ${IPADDR}
( sleep 2; /sbin/arping -q -U -c 1 -I ${parent_device} ${IPADDR} ) > /dev/null 2>&1 < /dev/null &
/sbin/arping -q -A -c 1 -w ${ARPING_UPDATE_WAIT:-3} -I ${parent_device} ${IPADDR}
( sleep 2;
/sbin/arping -q -U -c 1 -w ${ARPING_UPDATE_WAIT:-3} -I ${parent_device} ${IPADDR} ) > /dev/null 2>&1 < /dev/null &
fi
! is_false "$IPV6INIT" && \

14
sysconfig/network-scripts/ifup-eth
View File

@@ -76,7 +76,7 @@ if [ "${TYPE}" = "Bridge" ]; then
# set LINKDELAY (used as timeout when calling check_link_down())
# to at least (${DELAY} * 2) + 7 if STP is enabled. This is the
# minimum time required for /sys/class/net/$REALDEVICE/carrier to
# become 1 after "ip link set dev $DEVICE up" is called.
# become 1 after "set_link_up $DEVICE" is called.
if is_true "${STP}"; then
if [ -n "${DELAY}" ]; then
forward_delay="${DELAY}"
@@ -164,7 +164,7 @@ fi
# so it can actually get an IP.
if [ "$ISALIAS" = no ] && is_bonding_device ${DEVICE} ; then
install_bonding_driver ${DEVICE}
/sbin/ip link set dev ${DEVICE} up
set_link_up ${DEVICE}
for device in $(LANG=C grep -l "^[[:space:]]*MASTER=['\"]\?${DEVICE}['\"]\?\([[:space:]#]\|$\)" /etc/sysconfig/network-scripts/ifcfg-*) ; do
is_ignored_file "$device" && continue
/sbin/ifup ${device##*/} || net_log "Unable to start slave device ${device##*/} for master ${DEVICE}." warning
@@ -188,7 +188,7 @@ if [ -n "${BRIDGE}" ]; then
ip link add ${BRIDGE} type bridge 2>/dev/null
fi
/sbin/ip addr flush dev ${DEVICE} 2>/dev/null
/sbin/ip link set dev ${DEVICE} up
set_link_up ${DEVICE}
ethtool_set
[ -n "${LINKDELAY}" ] && /bin/sleep ${LINKDELAY}
ip link set dev ${DEVICE} master ${BRIDGE}
@@ -243,7 +243,7 @@ if [ -n "${DYNCONFIG}" ] && [ -x /sbin/dhclient ]; then
else
if [ -z "${IPADDR}" -a -z "${IPADDR0}" -a -z "${IPADDR1}" -a -z "${IPADDR2}" ]; then
# enable device without IP, useful for e.g. PPPoE
ip link set dev ${REALDEVICE} up
set_link_up ${REALDEVICE}
ethtool_set
[ -n "${LINKDELAY}" ] && /bin/sleep ${LINKDELAY}
else
@@ -253,7 +253,7 @@ else
[ -n "${ARP}" ] && \
ip link set dev ${REALDEVICE} $(toggle_value arp $ARP)
if ! ip link set dev ${REALDEVICE} up ; then
if ! set_link_up ${REALDEVICE} ; then
net_log $"Failed to bring up ${DEVICE}."
exit 1
fi
@@ -302,9 +302,9 @@ else
# update ARP cache of neighboring computers
if ! is_false "${arpupdate[$idx]}" && [ "${REALDEVICE}" != "lo" ]; then
/sbin/arping -q -A -c 1 -I ${REALDEVICE} ${ipaddr[$idx]}
/sbin/arping -q -A -c 1 -w ${ARPING_UPDATE_WAIT:-3} -I ${REALDEVICE} ${ipaddr[$idx]}
( sleep 2;
/sbin/arping -q -U -c 1 -I ${REALDEVICE} ${ipaddr[$idx]} ) > /dev/null 2>&1 < /dev/null &
/sbin/arping -q -U -c 1 -w ${ARPING_UPDATE_WAIT:-3} -I ${REALDEVICE} ${ipaddr[$idx]} ) > /dev/null 2>&1 < /dev/null &
fi
# set lifetime of address to forever

2
sysconfig/network-scripts/ifup-ippp
View File

@@ -342,7 +342,7 @@ function addprovider()
# activate ISDN device
/usr/bin/logger -p daemon.info -t ifup-ippp "ip addr add $IPADDR peer $GATEWAY${pfx:/$pfx} dev $DEVICE"
ip addr add $IPADDR peer $GATEWAY${pfx:/$pfx} dev $DEVICE
ip link set dev $DEVICE up
set_link_up $DEVICE
if [ "$ENCAP" = "syncppp" ]; then
# start ipppd daemon

2
sysconfig/network-scripts/ifup-plip
View File

@@ -12,7 +12,7 @@ fi
[ -z "$PREFIX" ] && eval $(/bin/ipcalc --prefix ${IPADDR} ${NETMASK})
ip addr add ${IPADDR} peer ${REMIP}/${PREFIX} dev ${DEVICE}
ip link set up dev ${DEVICE}
set_link_up ${DEVICE}
ip route add ${NETWORK} dev ${DEVICE}
. /etc/sysconfig/network

Some files were not shown because too many files have changed in this diff Show More