bogdan/zira-etc
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

committing changes in /etc made by "-bash"

Browse Source 
Package changes:
This commit is contained in:
Bogdan Stoica
2022-11-12 19:11:07 +02:00
parent 5037c51b34
commit 4e7bd584fa
41 changed files with 854 additions and 526 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
.etckeeper
View File

@@ -18,7 +18,6 @@ mkdir -p './cron.weekly'
mkdir -p './crypto-policies/policies/modules'
mkdir -p './cxs/newusers'
mkdir -p './dbus-1/session.d'
mkdir -p './debuginfod'
mkdir -p './dkms/framework.conf.d'
mkdir -p './dnf/aliases.d'
mkdir -p './dnf/modules.defaults.d'
@@ -249,6 +248,7 @@ maybe chmod 0644 'bash_completion.d/python-argcomplete.sh'
maybe chmod 0644 'bash_completion.d/redefine_filedir'
maybe chmod 0644 'bash_completion.d/scl'
maybe chmod 0644 'bashrc'
maybe chmod 0644 'bashrc.rpmnew'
maybe chmod 0644 'bindresvport.blacklist'
maybe chmod 0755 'binfmt.d'
maybe chmod 0644 'cczerc'
@@ -486,6 +486,7 @@ maybe chmod 0755 'dconf/db/distro.d/locks'
maybe chmod 0644 'dconf/db/local'
maybe chmod 0644 'dconf/db/site'
maybe chmod 0755 'debuginfod'
maybe chmod 0644 'debuginfod/elfutils.urls'
maybe chmod 0755 'default'
maybe chmod 0644 'default/grub'
maybe chmod 0600 'default/useradd'
@@ -522,6 +523,7 @@ maybe chmod 0640 'dnf/modules.d/postgresql.module'
maybe chmod 0644 'dnf/modules.d/python27.module'
maybe chmod 0644 'dnf/modules.d/python36.module'
maybe chmod 0640 'dnf/modules.d/python38.module'
maybe chmod 0640 'dnf/modules.d/python39.module'
maybe chmod 0644 'dnf/modules.d/redis.module'
maybe chmod 0644 'dnf/modules.d/ruby.module'
maybe chmod 0644 'dnf/modules.d/rust-toolset.module'
@@ -547,6 +549,7 @@ maybe chmod 0755 'dnf/vars'
maybe chmod 0644 'dnf/vars/contentdir'
maybe chmod 0644 'dnf/vars/infra'
maybe chmod 0644 'dnf/vars/infra.rpmsave'
maybe chmod 0644 'dnf/vars/stream'
maybe chmod 0755 'docker'
maybe chmod 0640 'docker/daemon.json'
maybe chmod 0600 'docker/key.json'
@@ -957,6 +960,7 @@ maybe chmod 0644 'httpd/conf.d/perl.conf.rpmnew'
maybe chmod 0644 'httpd/conf.d/php.conf'
maybe chmod 0644 'httpd/conf.d/phpmyadmin.conf'
maybe chmod 0644 'httpd/conf.d/squid.conf'
maybe chmod 0644 'httpd/conf.d/ssl.conf'
maybe chmod 0644 'httpd/conf.d/ssl.conf_disabled'
maybe chmod 0644 'httpd/conf.d/userdir.conf'
maybe chmod 0644 'httpd/conf.d/welcome.conf'
@@ -4901,6 +4905,8 @@ maybe chmod 0644 'profile.d/colorxzgrep.sh'
maybe chmod 0644 'profile.d/colorzgrep.csh'
maybe chmod 0644 'profile.d/colorzgrep.sh'
maybe chmod 0644 'profile.d/csh.local'
maybe chmod 0644 'profile.d/debuginfod.csh'
maybe chmod 0644 'profile.d/debuginfod.sh'
maybe chmod 0644 'profile.d/gawk.csh'
maybe chmod 0644 'profile.d/gawk.sh'
maybe chmod 0640 'profile.d/grc.sh'
@@ -5515,6 +5521,7 @@ maybe chmod 0755 'systemd'
maybe chmod 0644 'systemd/coredump.conf'
maybe chmod 0644 'systemd/journald.conf'
maybe chmod 0644 'systemd/logind.conf'
maybe chmod 0644 'systemd/logind.conf.rpmnew'
maybe chmod 0644 'systemd/resolved.conf'
maybe chmod 0755 'systemd/system'
maybe chmod 0644 'systemd/system.conf'
@@ -5654,6 +5661,8 @@ maybe chmod 0644 'yum.repos.d/almalinux-plus.repo'
maybe chmod 0644 'yum.repos.d/almalinux-powertools.repo'
maybe chmod 0644 'yum.repos.d/almalinux-resilientstorage.repo'
maybe chmod 0644 'yum.repos.d/almalinux-rt.repo'
maybe chmod 0644 'yum.repos.d/almalinux-sap.repo'
maybe chmod 0644 'yum.repos.d/almalinux-saphana.repo'
maybe chmod 0644 'yum.repos.d/almalinux.repo'
maybe chmod 0640 'yum.repos.d/atomic.repo'
maybe chmod 0640 'yum.repos.d/bestcrypt.repo'

BIN
aliases.db
View File

Binary file not shown.

2
almalinux-release
View File

@@ -1 +1 @@
AlmaLinux release 8.6 (Sky Tiger)
AlmaLinux release 8.7 (Stone Smilodon)

2
almalinux-release-upstream
View File

@@ -1 +1 @@
Derived from Red Hat Enterprise Linux 8.6 (Source)
Derived from Red Hat Enterprise Linux 8.7 (Source)

96
bashrc.rpmnew Normal file
View File

@@ -0,0 +1,96 @@
# /etc/bashrc
# System wide functions and aliases
# Environment stuff goes in /etc/profile
# It's NOT a good idea to change this file unless you know what you
# are doing. It's much better to create a custom.sh shell script in
# /etc/profile.d/ to make custom changes to your environment, as this
# will prevent the need for merging in future updates.
# Prevent doublesourcing
if [ -z "$BASHRCSOURCED" ]; then
BASHRCSOURCED="Y"
# are we an interactive shell?
if [ "$PS1" ]; then
if [ -z "$PROMPT_COMMAND" ]; then
case $TERM in
xterm*|vte*)
if [ -e /etc/sysconfig/bash-prompt-xterm ]; then
PROMPT_COMMAND=/etc/sysconfig/bash-prompt-xterm
else
PROMPT_COMMAND='printf "\033]0;%s@%s:%s\007" "${USER}" "${HOSTNAME%%.*}" "${PWD/#$HOME/\~}"'
fi
;;
screen*)
if [ -e /etc/sysconfig/bash-prompt-screen ]; then
PROMPT_COMMAND=/etc/sysconfig/bash-prompt-screen
else
PROMPT_COMMAND='printf "\033k%s@%s:%s\033\\" "${USER}" "${HOSTNAME%%.*}" "${PWD/#$HOME/\~}"'
fi
;;
*)
[ -e /etc/sysconfig/bash-prompt-default ] && PROMPT_COMMAND=/etc/sysconfig/bash-prompt-default
;;
esac
fi
# Turn on parallel history
shopt -s histappend
history -a
# Turn on checkwinsize
shopt -s checkwinsize
[ "$PS1" = "\\s-\\v\\\$ " ] && PS1="[\u@\h \W]\\$ "
# You might want to have e.g. tty in prompt (e.g. more virtual machines)
# and console windows
# If you want to do so, just add e.g.
# if [ "$PS1" ]; then
# PS1="[\u@\h:\l \W]\\$ "
# fi
# to your custom modification shell script in /etc/profile.d/ directory
fi
if ! shopt -q login_shell ; then # We're not a login shell
# Need to redefine pathmunge, it gets undefined at the end of /etc/profile
pathmunge () {
case ":${PATH}:" in
*:"$1":*)
;;
*)
if [ "$2" = "after" ] ; then
PATH=$PATH:$1
else
PATH=$1:$PATH
fi
esac
}
# By default, we want umask to get set. This sets it for non-login shell.
# Current threshold for system reserved uid/gids is 200
# You could check uidgid reservation validity in
# /usr/share/doc/setup-*/uidgid file
if [ $UID -gt 199 ] && [ "`/usr/bin/id -gn`" = "`/usr/bin/id -un`" ]; then
umask 002
else
umask 022
fi
SHELL=/bin/bash
# Only display echos from profile.d scripts if we are no login shell
# and interactive - otherwise just process them to set envvars
for i in /etc/profile.d/*.sh; do
if [ -r "$i" ]; then
if [ "$PS1" ]; then
. "$i"
else
. "$i" >/dev/null
fi
fi
done
unset i
unset -f pathmunge
fi
fi
# vim:ts=4:sw=4

2
chrony.conf.rpmnew
View File

@@ -1,6 +1,6 @@
# Use public servers from the pool.ntp.org project.
# Please consider joining the pool (http://www.pool.ntp.org/join.html).
pool 2.cloudlinux.pool.ntp.org iburst
pool 2.almalinux.pool.ntp.org iburst
# Record the rate at which the system clock gains/losses time.
driftfile /var/lib/chrony/drift

1
csh.login
View File

@@ -23,6 +23,7 @@ else
breaksw
endsw
end
unset p
endif
setenv HOSTNAME `/usr/bin/hostname`

1
debuginfod/elfutils.urls Normal file
View File

@@ -0,0 +1 @@
https://debuginfod.centos.org/

5
dkms/framework.conf
View File

@@ -28,7 +28,10 @@
# Location of the sign-file kernel binary (default: depends on distribution):
# sign_file="/path/to/sign-file"
# Location of the key and certificate used for Secure boot (default: /var/lib/dkms):
# Location of the key and certificate files used for Secure boot.
# mok_signing_key can also be a "pkcs11:..." string for PKCS#11 engine, as
# long as the sign_file program supports it.
# (default: /var/lib/dkms):
# mok_signing_key=/var/lib/dkms/mok.key
# mok_certificate=/var/lib/dkms/mok.pub

5
dnf/modules.d/python39.module Normal file
View File

@@ -0,0 +1,5 @@
[python39]
name=python39
stream=3.9
profiles=
state=enabled

1
dnf/vars/stream Normal file
View File

@@ -0,0 +1 @@
8-stream

1
group
View File

@@ -43,7 +43,6 @@ cockpit-ws:x:991:
cockpit-wsinstance:x:990:
sshd:x:74:
chrony:x:989:
rngd:x:988:
slocate:x:21:
named:x:25:
redis:x:987:

2
group-
View File

@@ -50,7 +50,7 @@ redis:x:987:
memcached:x:986:
nginx:x:985:madalin,smiti
apache:x:48:
docker:x:984:
docker:x:984:sftp
cgred:x:983:
dovecot:x:97:
dovenull:x:982:

1
gshadow
View File

@@ -43,7 +43,6 @@ cockpit-ws:!::
cockpit-wsinstance:!::
sshd:!::
chrony:!::
rngd:!::
slocate:!::
named:!::
redis:!::

2
gshadow-
View File

@@ -50,7 +50,7 @@ redis:!::
memcached:!::
nginx:!::madalin,smiti
apache:!::
docker:!::
docker:!::sftp
cgred:!::
dovecot:!::
dovenull:!::

203
httpd/conf.d/ssl.conf Normal file
View File

@@ -0,0 +1,203 @@
#
# When we also provide SSL we have to listen to the
# standard HTTPS port in addition.
#
Listen 443 https
##
## SSL Global Context
##
## All SSL configuration in this context applies both to
## the main server and all SSL-enabled virtual hosts.
##
# Pass Phrase Dialog:
# Configure the pass phrase gathering process.
# The filtering dialog program (`builtin' is a internal
# terminal dialog) has to provide the pass phrase on stdout.
SSLPassPhraseDialog exec:/usr/libexec/httpd-ssl-pass-dialog
# Inter-Process Session Cache:
# Configure the SSL Session Cache: First the mechanism
# to use and second the expiring timeout (in seconds).
SSLSessionCache shmcb:/run/httpd/sslcache(512000)
SSLSessionCacheTimeout 300
#
# Use "SSLCryptoDevice" to enable any supported hardware
# accelerators. Use "openssl engine -v" to list supported
# engine names. NOTE: If you enable an accelerator and the
# server does not start, consult the error logs and ensure
# your accelerator is functioning properly.
#
SSLCryptoDevice builtin
#SSLCryptoDevice ubsec
##
## SSL Virtual Host Context
##
<VirtualHost _default_:443>
# General setup for the virtual host, inherited from global configuration
#DocumentRoot "/var/www/html"
#ServerName www.example.com:443
# Use separate log files for the SSL virtual host; note that LogLevel
# is not inherited from httpd.conf.
ErrorLog logs/ssl_error_log
TransferLog logs/ssl_access_log
LogLevel warn
# SSL Engine Switch:
# Enable/Disable SSL for this virtual host.
SSLEngine on
# List the protocol versions which clients are allowed to connect with.
# The OpenSSL system profile is used by default. See
# update-crypto-policies(8) for more details.
#SSLProtocol all -SSLv3
#SSLProxyProtocol all -SSLv3
# User agents such as web browsers are not configured for the user's
# own preference of either security or performance, therefore this
# must be the prerogative of the web server administrator who manages
# cpu load versus confidentiality, so enforce the server's cipher order.
SSLHonorCipherOrder on
# SSL Cipher Suite:
# List the ciphers that the client is permitted to negotiate.
# See the mod_ssl documentation for a complete list.
# The OpenSSL system profile is configured by default. See
# update-crypto-policies(8) for more details.
SSLCipherSuite PROFILE=SYSTEM
SSLProxyCipherSuite PROFILE=SYSTEM
# Point SSLCertificateFile at a PEM encoded certificate. If
# the certificate is encrypted, then you will be prompted for a
# pass phrase. Note that restarting httpd will prompt again. Keep
# in mind that if you have both an RSA and a DSA certificate you
# can configure both in parallel (to also allow the use of DSA
# ciphers, etc.)
# Some ECC cipher suites (http://www.ietf.org/rfc/rfc4492.txt)
# require an ECC certificate which can also be configured in
# parallel.
SSLCertificateFile /etc/pki/tls/certs/localhost.crt
# Server Private Key:
# If the key is not combined with the certificate, use this
# directive to point at the key file. Keep in mind that if
# you've both a RSA and a DSA private key you can configure
# both in parallel (to also allow the use of DSA ciphers, etc.)
# ECC keys, when in use, can also be configured in parallel
SSLCertificateKeyFile /etc/pki/tls/private/localhost.key
# Server Certificate Chain:
# Point SSLCertificateChainFile at a file containing the
# concatenation of PEM encoded CA certificates which form the
# certificate chain for the server certificate. Alternatively
# the referenced file can be the same as SSLCertificateFile
# when the CA certificates are directly appended to the server
# certificate for convenience.
#SSLCertificateChainFile /etc/pki/tls/certs/server-chain.crt
# Certificate Authority (CA):
# Set the CA certificate verification path where to find CA
# certificates for client authentication or alternatively one
# huge file containing all of them (file must be PEM encoded)
#SSLCACertificateFile /etc/pki/tls/certs/ca-bundle.crt
# Client Authentication (Type):
# Client certificate verification type and depth. Types are
# none, optional, require and optional_no_ca. Depth is a
# number which specifies how deeply to verify the certificate
# issuer chain before deciding the certificate is not valid.
#SSLVerifyClient require
#SSLVerifyDepth 10
# Access Control:
# With SSLRequire you can do per-directory access control based
# on arbitrary complex boolean expressions containing server
# variable checks and other lookup directives. The syntax is a
# mixture between C and Perl. See the mod_ssl documentation
# for more details.
#<Location />
#SSLRequire ( %{SSL_CIPHER} !~ m/^(EXP|NULL)/ \
# and %{SSL_CLIENT_S_DN_O} eq "Snake Oil, Ltd." \
# and %{SSL_CLIENT_S_DN_OU} in {"Staff", "CA", "Dev"} \
# and %{TIME_WDAY} >= 1 and %{TIME_WDAY} <= 5 \
# and %{TIME_HOUR} >= 8 and %{TIME_HOUR} <= 20 ) \
# or %{REMOTE_ADDR} =~ m/^192\.76\.162\.[0-9]+$/
#</Location>
# SSL Engine Options:
# Set various options for the SSL engine.
# o FakeBasicAuth:
# Translate the client X.509 into a Basic Authorisation. This means that
# the standard Auth/DBMAuth methods can be used for access control. The
# user name is the `one line' version of the client's X.509 certificate.
# Note that no password is obtained from the user. Every entry in the user
# file needs this password: `xxj31ZMTZzkVA'.
# o ExportCertData:
# This exports two additional environment variables: SSL_CLIENT_CERT and
# SSL_SERVER_CERT. These contain the PEM-encoded certificates of the
# server (always existing) and the client (only existing when client
# authentication is used). This can be used to import the certificates
# into CGI scripts.
# o StdEnvVars:
# This exports the standard SSL/TLS related `SSL_*' environment variables.
# Per default this exportation is switched off for performance reasons,
# because the extraction step is an expensive operation and is usually
# useless for serving static content. So one usually enables the
# exportation for CGI and SSI requests only.
# o StrictRequire:
# This denies access when "SSLRequireSSL" or "SSLRequire" applied even
# under a "Satisfy any" situation, i.e. when it applies access is denied
# and no other module can change it.
# o OptRenegotiate:
# This enables optimized SSL connection renegotiation handling when SSL
# directives are used in per-directory context.
#SSLOptions +FakeBasicAuth +ExportCertData +StrictRequire
<FilesMatch "\.(cgi|shtml|phtml|php)$">
SSLOptions +StdEnvVars
</FilesMatch>
<Directory "/var/www/cgi-bin">
SSLOptions +StdEnvVars
</Directory>
# SSL Protocol Adjustments:
# The safe and default but still SSL/TLS standard compliant shutdown
# approach is that mod_ssl sends the close notify alert but doesn't wait for
# the close notify alert from client. When you need a different shutdown
# approach you can use one of the following variables:
# o ssl-unclean-shutdown:
# This forces an unclean shutdown when the connection is closed, i.e. no
# SSL close notify alert is sent or allowed to be received. This violates
# the SSL/TLS standard but is needed for some brain-dead browsers. Use
# this when you receive I/O errors because of the standard approach where
# mod_ssl sends the close notify alert.
# o ssl-accurate-shutdown:
# This forces an accurate shutdown when the connection is closed, i.e. a
# SSL close notify alert is sent and mod_ssl waits for the close notify
# alert of the client. This is 100% SSL/TLS standard compliant, but in
# practice often causes hanging connections with brain-dead browsers. Use
# this only for browsers where you know that their SSL implementation
# works correctly.
# Notice: Most problems of broken clients are also related to the HTTP
# keep-alive facility, so you usually additionally want to disable
# keep-alive for those clients, too. Use variable "nokeepalive" for this.
# Similarly, one has to force some clients to use HTTP/1.0 to workaround
# their broken HTTP/1.1 implementation. Use variables "downgrade-1.0" and
# "force-response-1.0" for this.
BrowserMatch "MSIE [2-5]" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
# Per-Server Logging:
# The home of a custom SSL log file. Use this when you want a
# compact non-error SSL logfile on a virtual host basis.
CustomLog logs/ssl_request_log \
"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
</VirtualHost>

4
nfs.conf
View File

@@ -5,6 +5,10 @@
[general]
# pipefs-directory=/var/lib/nfs/rpc_pipefs
#
[nfsrahead]
# nfs=15000
# nfs4=16000
#
[exportfs]
# debug=0
#

1
pam.d/systemd-user
View File

@@ -2,6 +2,7 @@
#
# Used by systemd --user instances.
account sufficient pam_unix.so no_pass_expiry
account include system-auth
session required pam_selinux.so close

1
passwd
View File

@@ -25,7 +25,6 @@ cockpit-ws:x:994:991:User for cockpit web service:/nonexisting:/sbin/nologin
cockpit-wsinstance:x:993:990:User for cockpit-ws instances:/nonexisting:/sbin/nologin
sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin
chrony:x:992:989::/var/lib/chrony:/sbin/nologin
rngd:x:991:988:Random Number Generator Daemon:/var/lib/rngd:/sbin/nologin
named:x:25:25:Named:/var/named:/bin/false
redis:x:990:987:Redis Database Server:/var/lib/redis:/sbin/nologin
memcached:x:989:986:Memcached daemon:/run/memcached:/sbin/nologin

1
passwd-
View File

@@ -76,3 +76,4 @@ bogdan:x:1019:1020::/home/bogdan:/bin/bash
squid:x:23:23::/var/spool/squid:/sbin/nologin
laser:x:1020:1021::/home/laser:/bin/bash
pydio:x:1021:1022::/home/pydio:/bin/bash
sftp:x:1023:1023::/home/sftp:/bin/bash

16
profile.d/debuginfod.csh Normal file
View File

@@ -0,0 +1,16 @@
# $HOME/.login* or similar files may first set $DEBUGINFOD_URLS.
# If $DEBUGINFOD_URLS is not set there, we set it from system *.url files.
# $HOME/.*rc or similar files may then amend $DEBUGINFOD_URLS.
# See also [man debuginfod-client-config] for other environment variables
# such as $DEBUGINFOD_MAXSIZE, $DEBUGINFOD_MAXTIME, $DEBUGINFOD_PROGRESS.
if (! $?DEBUGINFOD_URLS) then
set prefix="/usr"
set DEBUGINFOD_URLS=`sh -c 'cat "$0"/*.urls 2>/dev/null; :' "/etc/debuginfod" | tr '\n' ' '`
if ( "$DEBUGINFOD_URLS" != "" ) then
setenv DEBUGINFOD_URLS "$DEBUGINFOD_URLS"
else
unset DEBUGINFOD_URLS
endif
unset prefix
endif

12
profile.d/debuginfod.sh Normal file
View File

@@ -0,0 +1,12 @@
# $HOME/.profile* or similar files may first set $DEBUGINFOD_URLS.
# If $DEBUGINFOD_URLS is not set there, we set it from system *.url files.
# $HOME/.*rc or similar files may then amend $DEBUGINFOD_URLS.
# See also [man debuginfod-client-config] for other environment variables
# such as $DEBUGINFOD_MAXSIZE, $DEBUGINFOD_MAXTIME, $DEBUGINFOD_PROGRESS.
if [ -z "$DEBUGINFOD_URLS" ]; then
prefix="/usr"
DEBUGINFOD_URLS=$(cat "/etc/debuginfod"/*.urls 2>/dev/null | tr '\n' ' ')
[ -n "$DEBUGINFOD_URLS" ] && export DEBUGINFOD_URLS || unset DEBUGINFOD_URLS
unset prefix
fi

2
profile.d/which2.sh
View File

@@ -20,7 +20,7 @@ bash|sh)
;;
esac
which () {
function which {
(alias; eval ${which_declare}) | /usr/bin/which --tty-only --read-alias --read-functions --show-tilde --show-dot $@
}

19
rspamd/composites.conf
View File

@@ -53,7 +53,17 @@ composites {
expression = "R_DKIM_NA & R_SPF_NA & DMARC_NA & ARC_NA";
score = 1.0;
policy = "remove_weight";
description = "Authenticating message via SPF/DKIM/DMARC/ARC not possible";
description = "Authenticating message via SPF/DKIM/DMARC/ARC not available";
}
AUTH_NA_OR_FAIL {
expression = "!(R_DKIM_NA & R_SPF_NA & DMARC_NA & ARC_NA) & (R_DKIM_NA | R_DKIM_TEMPFAIL | R_DKIM_PERMFAIL) & (R_SPF_NA | R_SPF_DNSFAIL) & DMARC_NA & (ARC_NA | ARC_DNSFAIL)";
score = 1.0;
policy = "remove_weight";
description = "No authenticating method SPF/DKIM/DMARC/ARC was successful";
}
BOUNCE_NO_AUTH {
expression = "(AUTH_NA | AUTH_NA_OR_FAIL) & (BOUNCE | SUBJ_BOUNCE_WORDS)";
score = 1.0;
}
DKIM_MIXED {
expression = "-R_DKIM_ALLOW & (R_DKIM_TEMPFAIL | R_DKIM_PERMFAIL | R_DKIM_REJECT)"
@@ -154,6 +164,13 @@ composites {
score = 7.0;
group = "scams";
}
FREEMAIL_AFF {
expression = "(FREEMAIL_FROM | FREEMAIL_ENVFROM | FREEMAIL_REPLYTO) & R_UNDISC_RCPT & (INTRODUCTION | FROM_NAME_HAS_TITLE | FREEMAIL_REPLYTO_NEQ_FROM_DOM)";
score = 4.0;
policy = "leave";
description = "Message exhibits strong characteristics of advance fee fraud (AFF a/k/a '419' spam) involving freemail addresses";
}
.include(try=true; priority=1; duplicate=merge) "$LOCAL_CONFDIR/local.d/composites.conf"
.include(try=true; priority=10) "$LOCAL_CONFDIR/override.d/composites.conf"

2
selinux/targeted/.policy.sha512
View File

@@ -1 +1 @@
9fe72523a1a52ad8db6852cfa216b14f18e3ea0c50d5059245a744898c086c55c645bd656aff473a20bf5827b92135b0b07c0d41915e237d3564371bec868156
57a40f0b00b666b2b42c16c54b8626e0c7729e48adf14e7451f99fe7b2a9faa8b6dfb4bfee4b09eb157013cc85229b19a2a8a107d102d1743103eb7cd7f83aef

13
selinux/targeted/contexts/files/file_contexts
View File

@@ -2129,6 +2129,7 @@
/var/log/turboprint.* system_u:object_r:cupsd_log_t:s0
/var/run/certmaster.* system_u:object_r:certmaster_var_run_t:s0
/var/run/certmonger.* system_u:object_r:certmonger_var_run_t:s0
/var/run/irqbalance.* system_u:object_r:irqbalance_var_run_t:s0
/var/run/keepalived.* system_u:object_r:keepalived_var_run_t:s0
/opt/google/chrome/.*\.so -- system_u:object_r:textrel_shlib_t:s0
/usr/share/sectool/.*\.py -- system_u:object_r:bin_t:s0
@@ -2783,7 +2784,6 @@
/var/spool/postfix/bounce(/.*)? system_u:object_r:postfix_spool_bounce_t:s0
/var/spool/postfix/public(/.*)? system_u:object_r:postfix_public_t:s0
/var/spool/retrace-server(/.*)? system_u:object_r:abrt_retrace_spool_t:s0
/var/tmp/insights-archive(/.*)? system_u:object_r:insights_client_tmp_t:s0
/var/www/cgi-bin/keystone(/.*)? system_u:object_r:keystone_cgi_script_exec_t:s0
/var/spool/postfix/lib/ld.*\.so.* -- system_u:object_r:ld_so_t:s0
/usr/share/selinux-policy[^/]*/html(/.*)? system_u:object_r:httpd_sys_content_t:s0
@@ -3250,6 +3250,7 @@
/usr/lib/systemd/system/openstack-nova-* -- system_u:object_r:nova_unit_file_t:s0
/usr/lib/systemd/system-generators/lvm2.* -- system_u:object_r:lvm_exec_t:s0
/usr/lib/systemd/system/dnssec-triggerd.* -- system_u:object_r:dnssec_trigger_unit_file_t:s0
/usr/lib/systemd/system/insights-client.* -- system_u:object_r:insights_client_unit_file_t:s0
/usr/lib/systemd/system/openstack-swift.* -- system_u:object_r:swift_unit_file_t:s0
/usr/lib/systemd/system/rabbitmq-server.* -- system_u:object_r:rabbitmq_unit_file_t:s0
/etc/boinc-client/global_prefs_override.xml -- system_u:object_r:boinc_var_lib_t:s0
@@ -5313,7 +5314,6 @@
/var/qmail/bin/sendmail -- system_u:object_r:sendmail_exec_t:s0
/var/qmail/bin/splogger -- system_u:object_r:qmail_splogger_exec_t:s0
/var/run/consolekit\.pid -- system_u:object_r:consolekit_var_run_t:s0
/var/run/irqbalance\.pid -- system_u:object_r:irqbalance_var_run_t:s0
/var/run/powersaved\.pid -- system_u:object_r:apmd_var_run_t:s0
/var/run/rpc\.statd\.lock -- system_u:object_r:rpcd_lock_t:s0
/var/run/samba/nmbd\.pid -- system_u:object_r:nmbd_var_run_t:s0
@@ -5501,6 +5501,7 @@
/opt/likewise/sbin/lwregd -- system_u:object_r:lwregd_exec_t:s0
/sbin/pam_timestamp_check -- system_u:object_r:pam_timestamp_exec_t:s0
/sys/kernel/uevent_helper -- system_u:object_r:usermodehelper_t:s0
/tmp/insights-client\.ppid -- system_u:object_r:insights_client_tmp_t:s0
/usr/afs/bin/dafileserver -- system_u:object_r:afs_fsserver_exec_t:s0
/usr/bin/cinder-scheduler -- system_u:object_r:cinder_scheduler_exec_t:s0
/usr/bin/cpufreq-selector -- system_u:object_r:cpufreqselector_exec_t:s0
@@ -5835,6 +5836,7 @@
/usr/libexec/pcp/lib/pmproxy -- system_u:object_r:pcp_pmproxy_initrc_exec_t:s0
/usr/libexec/postfix/cleanup -- system_u:object_r:postfix_cleanup_exec_t:s0
/usr/libexec/postfix/virtual -- system_u:object_r:postfix_virtual_exec_t:s0
/usr/libexec/samba/rpcd_lsad -- system_u:object_r:winbind_rpcd_exec_t:s0
/usr/libexec/telepathy-rakia -- system_u:object_r:telepathy_sofiasip_exec_t:s0
/usr/libexec/telepathy-salut -- system_u:object_r:telepathy_salut_exec_t:s0
/usr/libexec/udisks2/udisksd -- system_u:object_r:devicekit_disk_exec_t:s0
@@ -5930,6 +5932,7 @@
/var/run/samba/namelist\.debug -- system_u:object_r:nmbd_var_run_t:s0
/var/run/samba/share_info\.tdb -- system_u:object_r:smbd_var_run_t:s0
/var/run/samba/unexpected\.tdb -- system_u:object_r:nmbd_var_run_t:s0
/var/tmp/insights-client\.ppid -- system_u:object_r:insights_client_tmp_t:s0
/var/www/apcupsd/multimon\.cgi -- system_u:object_r:apcupsd_cgi_script_exec_t:s0
/var/www/apcupsd/upsimage\.cgi -- system_u:object_r:apcupsd_cgi_script_exec_t:s0
/var/www/apcupsd/upsstats\.cgi -- system_u:object_r:apcupsd_cgi_script_exec_t:s0
@@ -6078,6 +6081,7 @@
/usr/libexec/openssh/sftp-server -- system_u:object_r:bin_t:s0
/usr/libexec/openssh/ssh-keysign -- system_u:object_r:ssh_keysign_exec_t:s0
/usr/libexec/openssh/sshd-keygen -- system_u:object_r:sshd_keygen_exec_t:s0
/usr/libexec/samba/samba-dcerpcd -- system_u:object_r:winbind_rpcd_exec_t:s0
/usr/libexec/squid/cache_swap\.sh -- system_u:object_r:squid_exec_t:s0
/usr/libexec/telepathy-butterfly -- system_u:object_r:telepathy_msn_exec_t:s0
/usr/sbin/abrt-install-ccpp-hook -- system_u:object_r:abrt_exec_t:s0
@@ -6153,6 +6157,7 @@
/var/lib/likewise-open/rpc/socket -s system_u:object_r:eventlogd_var_socket_t:s0
/var/run/\.heim_org\.h5l\.kcm-socket -s system_u:object_r:sssd_var_run_t:s0
/etc/Pegasus/pegasus_current\.conf system_u:object_r:pegasus_data_t:s0
/etc/insights-client/\.unregistered -- system_u:object_r:insights_client_etc_rw_t:s0
/etc/named\.caching-nameserver\.conf -- system_u:object_r:named_conf_t:s0
/etc/pki/tls/certs/make-dummy-cert -- system_u:object_r:bin_t:s0
/etc/sysconfig/update_spamassassin -- system_u:object_r:mscan_etc_t:s0
@@ -6276,6 +6281,7 @@
/usr/lib/systemd/system/cgdcbxd\.service -- system_u:object_r:cgdcbxd_unit_file_t:s0
/usr/lib/systemd/system/ipmievd\.service -- system_u:object_r:ipmievd_unit_file_t:s0
/usr/lib/systemd/system/rpcbind\.service -- system_u:object_r:rpcbind_unit_file_t:s0
/usr/lib/systemd/system/sa-update\.timer -- system_u:object_r:spamd_update_unit_file_t:s0
/usr/lib/systemd/system/sanlock\.service -- system_u:object_r:sanlock_unit_file_t:s0
/usr/lib/systemd/systemd-fence_sanlockd -- system_u:object_r:fenced_exec_t:s0
/usr/lib/systemd/systemd-journal-upload -- system_u:object_r:systemd_journal_upload_exec_t:s0
@@ -6307,6 +6313,7 @@
/etc/sysconfig/network-scripts/ifup-ipsec -- system_u:object_r:initrc_exec_t:s0
/usr/bin/systemd-gnome-ask-password-agent -- system_u:object_r:systemd_passwd_agent_exec_t:s0
/usr/lib/dbus-1/dbus-daemon-launch-helper -- system_u:object_r:dbusd_exec_t:s0
/usr/lib/systemd/system/sa-update\.service -- system_u:object_r:spamd_update_unit_file_t:s0
/usr/lib/systemd/systemd-user-runtime-dir -- system_u:object_r:systemd_logind_exec_t:s0
/usr/lib/vlc/codec/librealaudio_plugin\.so -- system_u:object_r:textrel_shlib_t:s0
/usr/lib/vlc/codec/librealvideo_plugin\.so -- system_u:object_r:textrel_shlib_t:s0
@@ -6332,11 +6339,13 @@
/usr/libexec/microcode_ctl/reload_microcode -- system_u:object_r:cpucontrol_exec_t:s0
/usr/libexec/pegasus/cmpiLMI_Fan-cimprovagt -- system_u:object_r:pegasus_openlmi_system_exec_t:s0
/usr/libexec/polkit-1/polkit-agent-helper-1 -- system_u:object_r:policykit_auth_exec_t:s0
/usr/libexec/rhc/rhc-package-manager-worker -- system_u:object_r:rpm_exec_t:s0
/usr/libexec/selinux/semanage_migrate_store -- system_u:object_r:semanage_exec_t:s0
/usr/share/system-config-netboot/pxeboot\.py -- system_u:object_r:bin_t:s0
/usr/lib/systemd/system/boinc-client\.service -- system_u:object_r:boinc_unit_file_t:s0
/usr/lib/systemd/system/dirsrv-admin\.service -- system_u:object_r:dirsrvadmin_unit_file_t:s0
/usr/lib/systemd/system/sanlk-resetd\.service -- system_u:object_r:sanlk_resetd_unit_file_t:s0
/usr/lib/systemd/system/spamassassin\.service -- system_u:object_r:spamd_unit_file_t:s0
/usr/share/rhn/rhn_applet/needed-packages\.py -- system_u:object_r:bin_t:s0
/etc/dnssec-trigger/dnssec_trigger_server\.key -- system_u:object_r:dnssec_t:s0
/usr/libexec/dbus-1/dbus-daemon-launch-helper -- system_u:object_r:dbusd_exec_t:s0

BIN
selinux/targeted/contexts/files/file_contexts.bin
View File

Binary file not shown.

BIN
selinux/targeted/policy/policy.31
View File

Binary file not shown.

1
shadow
View File

@@ -25,7 +25,6 @@ cockpit-ws:!!:18424::::::
cockpit-wsinstance:!!:18424::::::
sshd:!!:18424::::::
chrony:!!:18424::::::
rngd:!!:18424::::::
named:!!:18526::::::
redis:!!:18526::::::
memcached:!!:18526::::::

3
shadow-
View File

@@ -35,7 +35,7 @@ dovecot:!!:18526::::::
dovenull:!!:18526::::::
postfix:!!:18526::::::
mysql:!!:18526::::::
madalin:$6$EiMxEtxQguelfC4J$gD2fVn5XDfgJG.50Stc9/tZtL2VxJNBmAklHZj2k9nIzQRuU.rzEwf5ktDUy/4f/..R5AUvE3Q2IWnniZ7xIZ0:18764:0:99999:7:::
madalin:$6$o5gdTOT7LTSGwvLw$RWG5G9gx7lGmA7yqkTYueqZcm.5C5tUmngV01pmiqWpfFkH9uUoJMx1p3lZUP8R.h43NYIiH7IePvP1sHd4aN/:19296:0:99999:7:::
sslh:!!:18527::::::
vampi:$6$tRIULiDksEzmp1/r$0wXDJUfPNaUIio90.hQrQy10943EpXazN7GdVxo1ZFh3hWfHaw.X3uWl6UVTBZgWfgmk3719HzfnoYNwHhpfb.:18639:0:99999:7:::
_rspamd:!!:18527::::::
@@ -76,3 +76,4 @@ bogdan:mCxaxi7Ck2FlI:18822:0:99999:7:30::
squid:!!:18921::::::
laser:$6$3IDnJkLhNhDa5MUg$ysajgR6P3uElTVSBuLJbix4lHHNheJ.JBIrGFRvUPsY2/265PmO3vjgWTculxKkywvas0vcVrX3Q4QQZ/qufR.:18954:0:99999:7:30::
pydio:!!:19102:0:99999:7:30::
sftp:!!:19193:0:99999:7:30::

2
ssh/sshd_config.rpmnew
View File

@@ -96,7 +96,7 @@ GSSAPICleanupCredentials no
# If you just want the PAM account and session checks to run without
# PAM authentication, then enable this but set PasswordAuthentication
# and ChallengeResponseAuthentication to 'no'.
# WARNING: 'UsePAM no' is not supported in Fedora and may cause several
# WARNING: 'UsePAM no' is not supported in RHEL and may cause several
# problems.
UsePAM yes

2
sysconfig/rngd
View File

@@ -1,3 +1,3 @@
# Optional arguments passed to rngd. See rngd(8) and
# https://bugzilla.redhat.com/show_bug.cgi?id=1252175#c21
RNGD_ARGS="--fill-watermark=0 -x pkcs11 -x nist"
RNGD_ARGS="--fill-watermark=0 -x pkcs11 -x nist -D daemon:daemon"

38
systemd/logind.conf.rpmnew Normal file
View File

@@ -0,0 +1,38 @@
# This file is part of systemd.
#
# systemd is free software; you can redistribute it and/or modify it
# under the terms of the GNU Lesser General Public License as published by
# the Free Software Foundation; either version 2.1 of the License, or
# (at your option) any later version.
#
# Entries in this file show the compile time defaults.
# You can change settings by editing this file.
# Defaults can be restored by simply deleting this file.
#
# See logind.conf(5) for details.
[Login]
#NAutoVTs=6
#ReserveVT=6
#KillUserProcesses=no
#KillOnlyUsers=
#KillExcludeUsers=root
#InhibitDelayMaxSec=5
#HandlePowerKey=poweroff
#HandleSuspendKey=suspend
#HandleHibernateKey=hibernate
#HandleLidSwitch=suspend
#HandleLidSwitchExternalPower=suspend
#HandleLidSwitchDocked=ignore
#PowerKeyIgnoreInhibited=no
#SuspendKeyIgnoreInhibited=no
#HibernateKeyIgnoreInhibited=no
#LidSwitchIgnoreInhibited=yes
#HoldoffTimeoutSec=30s
#IdleAction=ignore
#IdleActionSec=30min
#RuntimeDirectorySize=10%
#RemoveIPC=no
#InhibitorsMax=8192
#SessionsMax=8192
#StopIdleSessionSec=infinity

1
systemd/system.conf
View File

@@ -37,6 +37,7 @@
#DefaultStandardError=inherit
#DefaultTimeoutStartSec=90s
#DefaultTimeoutStopSec=90s
#DefaultDeviceTimeoutSec=90s
#DefaultRestartSec=100ms
#DefaultStartLimitIntervalSec=10s
#DefaultStartLimitBurst=5

216
unbound/icannbundle.pem
View File

@@ -1,59 +1,3 @@
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 1 (0x1)
Signature Algorithm: sha256WithRSAEncryption
Issuer: O=ICANN, OU=ICANN Certification Authority, CN=ICANN Root CA, C=US
Validity
Not Before: Dec 23 04:19:12 2009 GMT
Not After : Dec 18 04:19:12 2029 GMT
Subject: O=ICANN, OU=ICANN Certification Authority, CN=ICANN Root CA, C=US
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public Key: (2048 bit)
Modulus (2048 bit):
00:a0:db:70:b8:4f:34:da:9c:d4:d0:7e:bb:ea:15:
bc:e9:c9:11:2a:1f:61:2f:6a:b9:bd:3f:3d:76:a0:
9a:0a:f7:ee:93:6e:6e:55:53:84:8c:f2:2c:f1:82:
27:c8:0f:9a:cf:52:1b:54:da:28:d2:2c:30:8e:dd:
fb:92:20:33:2d:d6:c8:f1:0e:10:21:88:71:fa:84:
22:4b:5d:47:56:16:7c:9b:9f:5d:c3:11:79:9c:14:
e2:ff:c0:74:ac:dd:39:d7:e0:38:d8:b0:73:aa:fb:
d1:db:84:af:52:22:a8:f6:d5:9b:94:f4:e6:5d:5e:
e8:3f:87:90:0b:c7:1a:77:f5:2e:d3:8f:1a:ce:02:
1d:07:69:21:47:32:da:46:ae:00:4c:b6:a5:a2:9c:
39:c1:c0:4a:f6:d3:1c:ae:d3:6d:bb:c7:18:f0:7e:
ed:f6:80:ce:d0:01:2e:89:de:12:ba:ee:11:cb:a6:
7a:d7:0d:7c:f3:08:8d:72:9d:bf:55:75:13:70:bb:
31:22:4a:cb:e8:c0:aa:a4:09:aa:36:68:40:60:74:
9d:e7:19:81:43:22:52:fe:c9:2b:52:0f:41:13:36:
09:72:65:95:cc:89:ae:6f:56:17:16:34:73:52:a3:
04:ed:bd:88:82:8a:eb:d7:dc:82:52:9c:06:e1:52:
85:41
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints: critical
CA:TRUE
X509v3 Key Usage: critical
Digital Signature, Non Repudiation, Key Encipherment, Data Encipherment, Key Agreement, Certificate Sign, CRL Sign
X509v3 Subject Key Identifier:
BA:52:E9:49:83:24:86:52:2F:C7:99:CD:FC:8D:6B:69:08:4D:C0:50
Signature Algorithm: sha256WithRSAEncryption
0f:f1:e9:82:a2:0a:87:9f:2d:94:60:5a:b2:c0:4b:a1:2f:2b:
3b:47:d5:0a:99:86:38:b2:ec:c6:3b:89:e4:6e:07:cf:14:c7:
c7:e8:cf:99:8f:aa:30:c3:19:70:b9:e6:6d:d6:3f:c8:68:26:
b2:a0:a5:37:42:ca:d8:62:80:d1:a2:5a:48:2e:1f:85:3f:0c:
7b:c2:c7:94:11:5f:19:2a:95:ac:a0:3a:03:d8:91:5b:2e:0d:
9c:7c:1f:2e:fc:e9:44:e1:16:26:73:1c:45:4a:65:c1:83:4c:
90:f3:f2:28:42:df:db:c4:e7:04:12:18:62:43:5e:bc:1f:6c:
84:e6:bc:49:32:df:61:d7:99:ee:e4:90:52:7b:0a:c2:91:8a:
98:62:66:b1:c8:e0:b7:5a:b5:46:7c:76:71:54:8e:cc:a4:81:
5c:19:db:d2:6f:66:b5:bb:2b:ae:6b:c9:74:04:a8:24:de:e8:
c5:d3:fc:2c:1c:d7:8f:db:6a:8d:c9:53:be:5d:50:73:ac:cf:
1f:93:c0:52:50:5b:a2:4f:fe:ad:65:36:17:46:d1:2d:e5:a2:
90:66:05:db:29:4e:5d:50:5d:e3:4f:da:a0:8f:f0:6b:e4:16:
70:dd:7f:f3:77:7d:b9:4e:f9:ec:c3:33:02:d7:e9:63:2f:31:
e7:40:61:a4
-----BEGIN CERTIFICATE-----
MIIDdzCCAl+gAwIBAgIBATANBgkqhkiG9w0BAQsFADBdMQ4wDAYDVQQKEwVJQ0FO
TjEmMCQGA1UECxMdSUNBTk4gQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkxFjAUBgNV
@@ -75,163 +19,3 @@ DQEBCwUAA4IBAQAP8emCogqHny2UYFqywEuhLys7R9UKmYY4suzGO4nkbgfPFMfH
0/wsHNeP22qNyVO+XVBzrM8fk8BSUFuiT/6tZTYXRtEt5aKQZgXbKU5dUF3jT9qg
j/Br5BZw3X/zd325TvnswzMC1+ljLzHnQGGk
-----END CERTIFICATE-----
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 11 (0xb)
Signature Algorithm: sha256WithRSAEncryption
Issuer: O=ICANN, OU=ICANN Certification Authority, CN=ICANN Root CA, C=US
Validity
Not Before: Nov 8 23:39:47 2016 GMT
Not After : Nov 6 23:39:47 2026 GMT
Subject: O=ICANN, CN=ICANN EMAIL CA
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public Key: (2048 bit)
Modulus (2048 bit):
00:d2:19:1e:22:69:33:f6:a4:d2:76:c5:80:11:75:
8e:d0:e8:6f:bf:89:f8:2a:6a:da:8a:85:28:40:ba:
c5:23:5f:47:ed:72:e2:8e:d3:5c:c8:8a:3a:99:a9:
57:2c:0a:2b:22:f3:54:7b:8b:f7:8c:21:a2:50:01:
4f:8b:af:34:df:72:fc:78:31:d0:1d:eb:bc:9b:e6:
fa:c1:84:d0:05:07:8a:74:53:a5:60:9e:eb:75:9e:
a8:5d:32:c8:02:32:e4:bf:cb:97:9b:7a:fa:2c:f6:
6a:1d:b8:57:ad:e3:03:22:93:d0:f4:4f:a8:b8:01:
db:82:33:98:b6:87:ed:3d:67:40:00:27:2e:d5:95:
d2:ad:36:46:14:c6:17:79:65:7f:65:f3:88:80:65:
7c:22:67:08:23:3c:cf:a5:10:38:72:30:97:92:6f:
20:4a:ba:24:4c:4a:c8:4a:a5:dc:2a:44:a1:29:78:
b4:9f:fe:84:ff:27:5b:3a:72:ea:31:c1:ad:06:22:
d6:44:a0:4a:57:32:9c:f2:46:47:d0:89:6e:20:23:
2c:ea:b0:83:7e:c1:f3:ea:da:dd:e3:63:59:97:21:
fa:1b:11:39:27:cf:82:8b:56:15:d4:36:92:0c:a5:
7e:80:e0:18:c9:50:08:42:0a:df:97:3c:9c:b8:0a:
4d:b1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints: critical
CA:TRUE
X509v3 Key Usage: critical
Certificate Sign, CRL Sign
X509v3 Authority Key Identifier:
keyid:BA:52:E9:49:83:24:86:52:2F:C7:99:CD:FC:8D:6B:69:08:4D:C0:50
X509v3 Subject Key Identifier:
7B:3F:BA:CE:A1:B3:A6:13:2E:5A:82:84:D4:D2:EA:A5:24:F1:CD:B4
Signature Algorithm: sha256WithRSAEncryption
0e:8a:c9:ea:6f:9c:e9:23:b6:9c:a6:a4:c2:d1:b1:ee:25:18:
24:2b:79:d4:a8:f2:99:b9:5c:91:4d:e6:2b:32:2e:01:f5:87:
95:64:fc:6d:f1:87:fa:24:b4:43:4b:49:f3:84:54:44:eb:af:
41:ab:49:ab:c8:b7:32:6c:14:83:5b:d7:2c:41:f9:89:d5:c4:
2b:9a:55:c5:b6:ad:17:d5:4d:bc:41:58:56:72:0d:db:b7:7d:
57:c6:a2:9c:7e:6b:67:ae:26:f8:26:45:bb:c4:95:2e:ea:71:
e3:b4:7a:69:95:a4:8a:80:f8:59:dc:88:6e:e1:a7:fc:bb:8e:
b2:aa:a8:b6:1b:2f:2c:97:a5:12:d5:82:ae:a0:e8:a6:15:fd:
d1:e0:5d:e4:84:b1:76:db:0a:e2:ca:58:2e:d3:df:48:4e:46:
ac:c6:35:79:17:99:ce:e9:be:2c:e4:c2:50:ff:5b:96:15:cd:
64:ac:1b:db:fe:d2:ac:43:61:c8:5f:ee:24:b6:a4:3b:d2:ff:
0a:f4:0c:88:58:a1:9d:a4:c1:1f:6a:6c:67:90:98:e8:1f:5e:
2d:55:60:91:26:2a:b1:66:80:e4:e6:0e:05:2c:75:a9:ca:0b:
e4:a0:8f:e1:47:a8:8f:61:5d:7c:ce:09:60:88:48:c3:46:bf:
be:7e:36:be
-----BEGIN CERTIFICATE-----
MIIDZDCCAkygAwIBAgIBCzANBgkqhkiG9w0BAQsFADBdMQ4wDAYDVQQKEwVJQ0FO
TjEmMCQGA1UECxMdSUNBTk4gQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkxFjAUBgNV
BAMTDUlDQU5OIFJvb3QgQ0ExCzAJBgNVBAYTAlVTMB4XDTE2MTEwODIzMzk0N1oX
DTI2MTEwNjIzMzk0N1owKTEOMAwGA1UEChMFSUNBTk4xFzAVBgNVBAMTDklDQU5O
IEVNQUlMIENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0hkeImkz
9qTSdsWAEXWO0Ohvv4n4KmraioUoQLrFI19H7XLijtNcyIo6malXLAorIvNUe4v3
jCGiUAFPi68033L8eDHQHeu8m+b6wYTQBQeKdFOlYJ7rdZ6oXTLIAjLkv8uXm3r6
LPZqHbhXreMDIpPQ9E+ouAHbgjOYtoftPWdAACcu1ZXSrTZGFMYXeWV/ZfOIgGV8
ImcIIzzPpRA4cjCXkm8gSrokTErISqXcKkShKXi0n/6E/ydbOnLqMcGtBiLWRKBK
VzKc8kZH0IluICMs6rCDfsHz6trd42NZlyH6GxE5J8+Ci1YV1DaSDKV+gOAYyVAI
QgrflzycuApNsQIDAQABo2MwYTAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQE
AwIBBjAfBgNVHSMEGDAWgBS6UulJgySGUi/Hmc38jWtpCE3AUDAdBgNVHQ4EFgQU
ez+6zqGzphMuWoKE1NLqpSTxzbQwDQYJKoZIhvcNAQELBQADggEBAA6KyepvnOkj
tpympMLRse4lGCQredSo8pm5XJFN5isyLgH1h5Vk/G3xh/oktENLSfOEVETrr0Gr
SavItzJsFINb1yxB+YnVxCuaVcW2rRfVTbxBWFZyDdu3fVfGopx+a2euJvgmRbvE
lS7qceO0emmVpIqA+FnciG7hp/y7jrKqqLYbLyyXpRLVgq6g6KYV/dHgXeSEsXbb
CuLKWC7T30hORqzGNXkXmc7pvizkwlD/W5YVzWSsG9v+0qxDYchf7iS2pDvS/wr0
DIhYoZ2kwR9qbGeQmOgfXi1VYJEmKrFmgOTmDgUsdanKC+Sgj+FHqI9hXXzOCWCI
SMNGv75+Nr4=
-----END CERTIFICATE-----
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 10 (0xa)
Signature Algorithm: sha256WithRSAEncryption
Issuer: O=ICANN, OU=ICANN Certification Authority, CN=ICANN Root CA, C=US
Validity
Not Before: Nov 8 23:38:16 2016 GMT
Not After : Nov 6 23:38:16 2026 GMT
Subject: O=ICANN, CN=ICANN SSL CA
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public Key: (2048 bit)
Modulus (2048 bit):
00:dd:c6:ab:bf:7c:66:9d:b3:2b:96:00:14:c7:60:
7a:8d:62:5b:26:4b:30:d7:b3:4c:82:69:c6:4d:4d:
73:f3:d4:91:21:5d:ab:35:f0:c8:04:0e:f4:a3:35:
e2:e1:18:a9:98:12:03:58:f8:9f:eb:77:54:5b:89:
81:26:c9:aa:c2:f4:c9:0c:82:57:2a:5e:05:e9:61:
17:cc:19:18:71:eb:35:83:c1:86:9d:ec:f1:6b:ca:
dd:a1:96:0b:95:d4:e1:0f:9e:24:6f:dc:3c:d0:28:
9e:f2:53:47:2b:a1:ad:32:03:c8:3f:0d:80:80:7d:
f0:02:d2:6e:5a:2c:44:21:9b:09:50:15:3f:a1:3d:
d3:c9:c8:24:e7:ea:4e:92:2f:94:90:2e:de:e7:68:
f6:c6:b3:90:1f:bc:c9:7b:a2:65:d7:11:e9:8b:f0:
3a:5a:b7:17:07:df:69:e3:6e:b9:54:6a:8e:3a:aa:
94:7f:2c:0a:a1:ad:ba:b7:d9:60:62:27:a7:71:40:
3b:8e:b0:84:7b:b8:c8:67:ef:66:ba:3d:ac:c3:85:
e5:86:bb:a7:9c:fd:b6:e1:c0:10:53:3d:d4:7e:1b:
09:e6:9f:22:5c:a7:27:09:7e:27:12:33:fa:df:9b:
20:2f:14:f7:17:c0:e4:1e:07:91:1f:f9:9a:cd:a8:
e2:c5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints: critical
CA:TRUE
X509v3 Key Usage: critical
Certificate Sign, CRL Sign
X509v3 Authority Key Identifier:
keyid:BA:52:E9:49:83:24:86:52:2F:C7:99:CD:FC:8D:6B:69:08:4D:C0:50
X509v3 Subject Key Identifier:
6E:77:A8:40:10:4A:D8:9C:0C:F2:B7:5A:3A:A5:2F:79:4A:61:14:D8
Signature Algorithm: sha256WithRSAEncryption
47:46:4f:c7:5f:46:e3:d1:dc:fc:2b:f8:fc:65:ce:36:b1:f4:
5f:ee:14:75:a3:d9:5f:de:75:4b:fa:7b:88:9f:10:8c:2e:97:
cc:35:1b:ce:24:d3:36:60:95:d5:ae:11:b6:3f:8b:f4:12:69:
85:b5:3b:2a:b6:ab:7a:81:85:c2:55:57:ed:d0:b5:e7:4f:54:
37:51:24:c9:d5:07:3a:ef:b6:c5:1a:3e:14:29:a7:a6:f8:08:
2a:0b:26:79:f9:62:85:4a:e5:ea:90:ca:71:38:16:91:4e:7e:
fd:e3:b3:f3:55:8f:5a:d0:86:cf:33:94:88:f1:90:99:cb:81:
e2:81:92:68:2f:c3:61:d5:52:8d:e6:9a:5b:00:83:42:27:88:
f6:d9:fa:d1:bc:bb:b0:bc:b5:14:0b:4e:1a:54:ef:fa:d6:9d:
c4:0c:fc:ed:15:ab:21:4b:45:b5:d9:3b:ed:3c:d5:1e:2e:7a:
83:6f:24:45:d4:4c:b4:ef:60:43:18:d0:84:5d:16:7b:f5:50:
80:b1:a9:c2:8f:3b:c8:90:08:fd:aa:17:13:19:38:19:d1:8e:
85:7c:1e:57:16:8c:f9:8a:e8:29:25:38:cd:bb:55:8e:4a:6a:
6f:e5:7d:fc:d7:55:d6:ae:38:07:96:c1:97:ff:e5:2b:4f:99:
2d:70:f2:08
-----BEGIN CERTIFICATE-----
MIIDYjCCAkqgAwIBAgIBCjANBgkqhkiG9w0BAQsFADBdMQ4wDAYDVQQKEwVJQ0FO
TjEmMCQGA1UECxMdSUNBTk4gQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkxFjAUBgNV
BAMTDUlDQU5OIFJvb3QgQ0ExCzAJBgNVBAYTAlVTMB4XDTE2MTEwODIzMzgxNloX
DTI2MTEwNjIzMzgxNlowJzEOMAwGA1UEChMFSUNBTk4xFTATBgNVBAMTDElDQU5O
IFNTTCBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAN3Gq798Zp2z
K5YAFMdgeo1iWyZLMNezTIJpxk1Nc/PUkSFdqzXwyAQO9KM14uEYqZgSA1j4n+t3
VFuJgSbJqsL0yQyCVypeBelhF8wZGHHrNYPBhp3s8WvK3aGWC5XU4Q+eJG/cPNAo
nvJTRyuhrTIDyD8NgIB98ALSblosRCGbCVAVP6E908nIJOfqTpIvlJAu3udo9saz
kB+8yXuiZdcR6YvwOlq3FwffaeNuuVRqjjqqlH8sCqGturfZYGInp3FAO46whHu4
yGfvZro9rMOF5Ya7p5z9tuHAEFM91H4bCeafIlynJwl+JxIz+t+bIC8U9xfA5B4H
kR/5ms2o4sUCAwEAAaNjMGEwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMC
AQYwHwYDVR0jBBgwFoAUulLpSYMkhlIvx5nN/I1raQhNwFAwHQYDVR0OBBYEFG53
qEAQSticDPK3WjqlL3lKYRTYMA0GCSqGSIb3DQEBCwUAA4IBAQBHRk/HX0bj0dz8
K/j8Zc42sfRf7hR1o9lf3nVL+nuInxCMLpfMNRvOJNM2YJXVrhG2P4v0EmmFtTsq
tqt6gYXCVVft0LXnT1Q3USTJ1Qc677bFGj4UKaem+AgqCyZ5+WKFSuXqkMpxOBaR
Tn7947PzVY9a0IbPM5SI8ZCZy4HigZJoL8Nh1VKN5ppbAINCJ4j22frRvLuwvLUU
C04aVO/61p3EDPztFashS0W12TvtPNUeLnqDbyRF1Ey072BDGNCEXRZ79VCAsanC
jzvIkAj9qhcTGTgZ0Y6FfB5XFoz5iugpJTjNu1WOSmpv5X3811XWrjgHlsGX/+Ur
T5ktcPII
-----END CERTIFICATE-----

69
vmware-tools/tools.conf.example
View File

@@ -1,4 +1,4 @@
# Copyright (c) 2019-2021 VMware, Inc. All rights reserved.
# Copyright (c) 2019-2022 VMware, Inc. All rights reserved.
# "CAUTION: tools.conf is highly syntax sensitive file. Use extreme caution
# while editing it. If modified, it is automatically re-loaded by
@@ -245,6 +245,44 @@
# whether to include reserved space in diskInfo space metrics on Linux
#diskinfo-include-reserved=false
[globalconf]
# The GlobalConf feature provides an ability for the vSphere administrators
# to distribute a 'VMware Tools Configuration File' (tools.conf) via the
# GuestStore for multiple VMs at scale.
# Defines the configuration to enable/disable the GlobalConf module.
# Set to true to enable the module.
# Set to false to disable the module. Default false.
#enabled=false
# Defines a custom GlobalConf poll interval (in seconds).
# Default 3600 seconds. Minimum 1800 seconds.
#poll-interval=3600
# Defines the global configuration resource in GuestStore.
# Windows guests
#resource=/vmware/configurations/vmtools/windows/tools.conf
#
# Linux guests
#resource=/vmware/configurations/vmtools/linux/tools.conf
[componentmgr]
# This plugin manages the known and enabled components add/remove status.
# The plugin polls at regular interval and triggers action add/remove for
# all the known and enabled components in the componentMgr plugin.
# Default and minimum polling interval in seconds (0 => polling disabled)
#poll-interval=180
# Comma separated list of components managed by the plugin. If not specified,
# default value is all, which means all components are enabled by default.
# A special value of none means no component, which is equivalent to disabling
# the plugin completely. Value is parsed left to right and parsing stops at
# first occurrence of all or none or end of line.
#included=all
[appinfo]
# This plugin collects info about running applications in guest OS.
@@ -259,6 +297,35 @@
# version info, otherwise native Win32 API is used.
#useWMI=false
# Whether to remove the duplicate applications information in the
# guestinfo variable.
#remove-duplicates=true
[containerinfo]
# This plugin collects info about running containers in guest OS.
# User-defined poll interval in seconds. Set to 0 to disable the plugin.
#poll-interval=21600
# Maximum number of containers to be retrieved per namespace.
#max-containers=256
# Whether to remove the duplicate containers information in the
# guestinfo variable.
#remove-duplicates=true
# Unix socket to use to communicate with the docker daemon.
#docker-unix-socket=/var/run/docker.sock
# The unix socket to connect to communicate with containerd grpc server
# for retrieving the list of running containers.
#containerd-unix-socket=/run/containerd/containerd.sock
# List of namespaces to be queried for the running containers.
# The value for this key is a comman separated list.
#allowed-namespaces=moby,k8s.io,default
[servicediscovery]
# This plugin provides admins with additional info for better VM management.

566
vmware-tools/vgauth/schemas/saml-schema-assertion-2.0.xsd
View File

@@ -1,283 +1,283 @@
<?xml version="1.0" encoding="US-ASCII"?>
<schema
targetNamespace="urn:oasis:names:tc:SAML:2.0:assertion"
xmlns="http://www.w3.org/2001/XMLSchema"
xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"
elementFormDefault="unqualified"
attributeFormDefault="unqualified"
blockDefault="substitution"
version="2.0">
<import namespace="http://www.w3.org/2000/09/xmldsig#"
schemaLocation="http://www.w3.org/TR/2002/REC-xmldsig-core-20020212/xmldsig-core-schema.xsd"/>
<import namespace="http://www.w3.org/2001/04/xmlenc#"
schemaLocation="http://www.w3.org/TR/2002/REC-xmlenc-core-20021210/xenc-schema.xsd"/>
<annotation>
<documentation>
Document identifier: saml-schema-assertion-2.0
Location: http://docs.oasis-open.org/security/saml/v2.0/
Revision history:
V1.0 (November, 2002):
Initial Standard Schema.
V1.1 (September, 2003):
Updates within the same V1.0 namespace.
V2.0 (March, 2005):
New assertion schema for SAML V2.0 namespace.
</documentation>
</annotation>
<attributeGroup name="IDNameQualifiers">
<attribute name="NameQualifier" type="string" use="optional"/>
<attribute name="SPNameQualifier" type="string" use="optional"/>
</attributeGroup>
<element name="BaseID" type="saml:BaseIDAbstractType"/>
<complexType name="BaseIDAbstractType" abstract="true">
<attributeGroup ref="saml:IDNameQualifiers"/>
</complexType>
<element name="NameID" type="saml:NameIDType"/>
<complexType name="NameIDType">
<simpleContent>
<extension base="string">
<attributeGroup ref="saml:IDNameQualifiers"/>
<attribute name="Format" type="anyURI" use="optional"/>
<attribute name="SPProvidedID" type="string" use="optional"/>
</extension>
</simpleContent>
</complexType>
<complexType name="EncryptedElementType">
<sequence>
<element ref="xenc:EncryptedData"/>
<element ref="xenc:EncryptedKey" minOccurs="0" maxOccurs="unbounded"/>
</sequence>
</complexType>
<element name="EncryptedID" type="saml:EncryptedElementType"/>
<element name="Issuer" type="saml:NameIDType"/>
<element name="AssertionIDRef" type="NCName"/>
<element name="AssertionURIRef" type="anyURI"/>
<element name="Assertion" type="saml:AssertionType"/>
<complexType name="AssertionType">
<sequence>
<element ref="saml:Issuer"/>
<element ref="ds:Signature" minOccurs="0"/>
<element ref="saml:Subject" minOccurs="0"/>
<element ref="saml:Conditions" minOccurs="0"/>
<element ref="saml:Advice" minOccurs="0"/>
<choice minOccurs="0" maxOccurs="unbounded">
<element ref="saml:Statement"/>
<element ref="saml:AuthnStatement"/>
<element ref="saml:AuthzDecisionStatement"/>
<element ref="saml:AttributeStatement"/>
</choice>
</sequence>
<attribute name="Version" type="string" use="required"/>
<attribute name="ID" type="ID" use="required"/>
<attribute name="IssueInstant" type="dateTime" use="required"/>
</complexType>
<element name="Subject" type="saml:SubjectType"/>
<complexType name="SubjectType">
<choice>
<sequence>
<choice>
<element ref="saml:BaseID"/>
<element ref="saml:NameID"/>
<element ref="saml:EncryptedID"/>
</choice>
<element ref="saml:SubjectConfirmation" minOccurs="0" maxOccurs="unbounded"/>
</sequence>
<element ref="saml:SubjectConfirmation" maxOccurs="unbounded"/>
</choice>
</complexType>
<element name="SubjectConfirmation" type="saml:SubjectConfirmationType"/>
<complexType name="SubjectConfirmationType">
<sequence>
<choice minOccurs="0">
<element ref="saml:BaseID"/>
<element ref="saml:NameID"/>
<element ref="saml:EncryptedID"/>
</choice>
<element ref="saml:SubjectConfirmationData" minOccurs="0"/>
</sequence>
<attribute name="Method" type="anyURI" use="required"/>
</complexType>
<element name="SubjectConfirmationData" type="saml:SubjectConfirmationDataType"/>
<complexType name="SubjectConfirmationDataType" mixed="true">
<complexContent>
<restriction base="anyType">
<sequence>
<any namespace="##any" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
</sequence>
<attribute name="NotBefore" type="dateTime" use="optional"/>
<attribute name="NotOnOrAfter" type="dateTime" use="optional"/>
<attribute name="Recipient" type="anyURI" use="optional"/>
<attribute name="InResponseTo" type="NCName" use="optional"/>
<attribute name="Address" type="string" use="optional"/>
<anyAttribute namespace="##other" processContents="lax"/>
</restriction>
</complexContent>
</complexType>
<complexType name="KeyInfoConfirmationDataType" mixed="false">
<complexContent>
<restriction base="saml:SubjectConfirmationDataType">
<sequence>
<element ref="ds:KeyInfo" maxOccurs="unbounded"/>
</sequence>
</restriction>
</complexContent>
</complexType>
<element name="Conditions" type="saml:ConditionsType"/>
<complexType name="ConditionsType">
<choice minOccurs="0" maxOccurs="unbounded">
<element ref="saml:Condition"/>
<element ref="saml:AudienceRestriction"/>
<element ref="saml:OneTimeUse"/>
<element ref="saml:ProxyRestriction"/>
</choice>
<attribute name="NotBefore" type="dateTime" use="optional"/>
<attribute name="NotOnOrAfter" type="dateTime" use="optional"/>
</complexType>
<element name="Condition" type="saml:ConditionAbstractType"/>
<complexType name="ConditionAbstractType" abstract="true"/>
<element name="AudienceRestriction" type="saml:AudienceRestrictionType"/>
<complexType name="AudienceRestrictionType">
<complexContent>
<extension base="saml:ConditionAbstractType">
<sequence>
<element ref="saml:Audience" maxOccurs="unbounded"/>
</sequence>
</extension>
</complexContent>
</complexType>
<element name="Audience" type="anyURI"/>
<element name="OneTimeUse" type="saml:OneTimeUseType" />
<complexType name="OneTimeUseType">
<complexContent>
<extension base="saml:ConditionAbstractType"/>
</complexContent>
</complexType>
<element name="ProxyRestriction" type="saml:ProxyRestrictionType"/>
<complexType name="ProxyRestrictionType">
<complexContent>
<extension base="saml:ConditionAbstractType">
<sequence>
<element ref="saml:Audience" minOccurs="0" maxOccurs="unbounded"/>
</sequence>
<attribute name="Count" type="nonNegativeInteger" use="optional"/>
</extension>
</complexContent>
</complexType>
<element name="Advice" type="saml:AdviceType"/>
<complexType name="AdviceType">
<choice minOccurs="0" maxOccurs="unbounded">
<element ref="saml:AssertionIDRef"/>
<element ref="saml:AssertionURIRef"/>
<element ref="saml:Assertion"/>
<element ref="saml:EncryptedAssertion"/>
<any namespace="##other" processContents="lax"/>
</choice>
</complexType>
<element name="EncryptedAssertion" type="saml:EncryptedElementType"/>
<element name="Statement" type="saml:StatementAbstractType"/>
<complexType name="StatementAbstractType" abstract="true"/>
<element name="AuthnStatement" type="saml:AuthnStatementType"/>
<complexType name="AuthnStatementType">
<complexContent>
<extension base="saml:StatementAbstractType">
<sequence>
<element ref="saml:SubjectLocality" minOccurs="0"/>
<element ref="saml:AuthnContext"/>
</sequence>
<attribute name="AuthnInstant" type="dateTime" use="required"/>
<attribute name="SessionIndex" type="string" use="optional"/>
<attribute name="SessionNotOnOrAfter" type="dateTime" use="optional"/>
</extension>
</complexContent>
</complexType>
<element name="SubjectLocality" type="saml:SubjectLocalityType"/>
<complexType name="SubjectLocalityType">
<attribute name="Address" type="string" use="optional"/>
<attribute name="DNSName" type="string" use="optional"/>
</complexType>
<element name="AuthnContext" type="saml:AuthnContextType"/>
<complexType name="AuthnContextType">
<sequence>
<choice>
<sequence>
<element ref="saml:AuthnContextClassRef"/>
<choice minOccurs="0">
<element ref="saml:AuthnContextDecl"/>
<element ref="saml:AuthnContextDeclRef"/>
</choice>
</sequence>
<choice>
<element ref="saml:AuthnContextDecl"/>
<element ref="saml:AuthnContextDeclRef"/>
</choice>
</choice>
<element ref="saml:AuthenticatingAuthority" minOccurs="0" maxOccurs="unbounded"/>
</sequence>
</complexType>
<element name="AuthnContextClassRef" type="anyURI"/>
<element name="AuthnContextDeclRef" type="anyURI"/>
<element name="AuthnContextDecl" type="anyType"/>
<element name="AuthenticatingAuthority" type="anyURI"/>
<element name="AuthzDecisionStatement" type="saml:AuthzDecisionStatementType"/>
<complexType name="AuthzDecisionStatementType">
<complexContent>
<extension base="saml:StatementAbstractType">
<sequence>
<element ref="saml:Action" maxOccurs="unbounded"/>
<element ref="saml:Evidence" minOccurs="0"/>
</sequence>
<attribute name="Resource" type="anyURI" use="required"/>
<attribute name="Decision" type="saml:DecisionType" use="required"/>
</extension>
</complexContent>
</complexType>
<simpleType name="DecisionType">
<restriction base="string">
<enumeration value="Permit"/>
<enumeration value="Deny"/>
<enumeration value="Indeterminate"/>
</restriction>
</simpleType>
<element name="Action" type="saml:ActionType"/>
<complexType name="ActionType">
<simpleContent>
<extension base="string">
<attribute name="Namespace" type="anyURI" use="required"/>
</extension>
</simpleContent>
</complexType>
<element name="Evidence" type="saml:EvidenceType"/>
<complexType name="EvidenceType">
<choice maxOccurs="unbounded">
<element ref="saml:AssertionIDRef"/>
<element ref="saml:AssertionURIRef"/>
<element ref="saml:Assertion"/>
<element ref="saml:EncryptedAssertion"/>
</choice>
</complexType>
<element name="AttributeStatement" type="saml:AttributeStatementType"/>
<complexType name="AttributeStatementType">
<complexContent>
<extension base="saml:StatementAbstractType">
<choice maxOccurs="unbounded">
<element ref="saml:Attribute"/>
<element ref="saml:EncryptedAttribute"/>
</choice>
</extension>
</complexContent>
</complexType>
<element name="Attribute" type="saml:AttributeType"/>
<complexType name="AttributeType">
<sequence>
<element ref="saml:AttributeValue" minOccurs="0" maxOccurs="unbounded"/>
</sequence>
<attribute name="Name" type="string" use="required"/>
<attribute name="NameFormat" type="anyURI" use="optional"/>
<attribute name="FriendlyName" type="string" use="optional"/>
<anyAttribute namespace="##other" processContents="lax"/>
</complexType>
<element name="AttributeValue" type="anyType" nillable="true"/>
<element name="EncryptedAttribute" type="saml:EncryptedElementType"/>
</schema>
<?xml version="1.0" encoding="US-ASCII"?>
<schema
targetNamespace="urn:oasis:names:tc:SAML:2.0:assertion"
xmlns="http://www.w3.org/2001/XMLSchema"
xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"
elementFormDefault="unqualified"
attributeFormDefault="unqualified"
blockDefault="substitution"
version="2.0">
<import namespace="http://www.w3.org/2000/09/xmldsig#"
schemaLocation="http://www.w3.org/TR/2002/REC-xmldsig-core-20020212/xmldsig-core-schema.xsd"/>
<import namespace="http://www.w3.org/2001/04/xmlenc#"
schemaLocation="http://www.w3.org/TR/2002/REC-xmlenc-core-20021210/xenc-schema.xsd"/>
<annotation>
<documentation>
Document identifier: saml-schema-assertion-2.0
Location: http://docs.oasis-open.org/security/saml/v2.0/
Revision history:
V1.0 (November, 2002):
Initial Standard Schema.
V1.1 (September, 2003):
Updates within the same V1.0 namespace.
V2.0 (March, 2005):
New assertion schema for SAML V2.0 namespace.
</documentation>
</annotation>
<attributeGroup name="IDNameQualifiers">
<attribute name="NameQualifier" type="string" use="optional"/>
<attribute name="SPNameQualifier" type="string" use="optional"/>
</attributeGroup>
<element name="BaseID" type="saml:BaseIDAbstractType"/>
<complexType name="BaseIDAbstractType" abstract="true">
<attributeGroup ref="saml:IDNameQualifiers"/>
</complexType>
<element name="NameID" type="saml:NameIDType"/>
<complexType name="NameIDType">
<simpleContent>
<extension base="string">
<attributeGroup ref="saml:IDNameQualifiers"/>
<attribute name="Format" type="anyURI" use="optional"/>
<attribute name="SPProvidedID" type="string" use="optional"/>
</extension>
</simpleContent>
</complexType>
<complexType name="EncryptedElementType">
<sequence>
<element ref="xenc:EncryptedData"/>
<element ref="xenc:EncryptedKey" minOccurs="0" maxOccurs="unbounded"/>
</sequence>
</complexType>
<element name="EncryptedID" type="saml:EncryptedElementType"/>
<element name="Issuer" type="saml:NameIDType"/>
<element name="AssertionIDRef" type="NCName"/>
<element name="AssertionURIRef" type="anyURI"/>
<element name="Assertion" type="saml:AssertionType"/>
<complexType name="AssertionType">
<sequence>
<element ref="saml:Issuer"/>
<element ref="ds:Signature" minOccurs="0"/>
<element ref="saml:Subject" minOccurs="0"/>
<element ref="saml:Conditions" minOccurs="0"/>
<element ref="saml:Advice" minOccurs="0"/>
<choice minOccurs="0" maxOccurs="unbounded">
<element ref="saml:Statement"/>
<element ref="saml:AuthnStatement"/>
<element ref="saml:AuthzDecisionStatement"/>
<element ref="saml:AttributeStatement"/>
</choice>
</sequence>
<attribute name="Version" type="string" use="required"/>
<attribute name="ID" type="ID" use="required"/>
<attribute name="IssueInstant" type="dateTime" use="required"/>
</complexType>
<element name="Subject" type="saml:SubjectType"/>
<complexType name="SubjectType">
<choice>
<sequence>
<choice>
<element ref="saml:BaseID"/>
<element ref="saml:NameID"/>
<element ref="saml:EncryptedID"/>
</choice>
<element ref="saml:SubjectConfirmation" minOccurs="0" maxOccurs="unbounded"/>
</sequence>
<element ref="saml:SubjectConfirmation" maxOccurs="unbounded"/>
</choice>
</complexType>
<element name="SubjectConfirmation" type="saml:SubjectConfirmationType"/>
<complexType name="SubjectConfirmationType">
<sequence>
<choice minOccurs="0">
<element ref="saml:BaseID"/>
<element ref="saml:NameID"/>
<element ref="saml:EncryptedID"/>
</choice>
<element ref="saml:SubjectConfirmationData" minOccurs="0"/>
</sequence>
<attribute name="Method" type="anyURI" use="required"/>
</complexType>
<element name="SubjectConfirmationData" type="saml:SubjectConfirmationDataType"/>
<complexType name="SubjectConfirmationDataType" mixed="true">
<complexContent>
<restriction base="anyType">
<sequence>
<any namespace="##any" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
</sequence>
<attribute name="NotBefore" type="dateTime" use="optional"/>
<attribute name="NotOnOrAfter" type="dateTime" use="optional"/>
<attribute name="Recipient" type="anyURI" use="optional"/>
<attribute name="InResponseTo" type="NCName" use="optional"/>
<attribute name="Address" type="string" use="optional"/>
<anyAttribute namespace="##other" processContents="lax"/>
</restriction>
</complexContent>
</complexType>
<complexType name="KeyInfoConfirmationDataType" mixed="false">
<complexContent>
<restriction base="saml:SubjectConfirmationDataType">
<sequence>
<element ref="ds:KeyInfo" maxOccurs="unbounded"/>
</sequence>
</restriction>
</complexContent>
</complexType>
<element name="Conditions" type="saml:ConditionsType"/>
<complexType name="ConditionsType">
<choice minOccurs="0" maxOccurs="unbounded">
<element ref="saml:Condition"/>
<element ref="saml:AudienceRestriction"/>
<element ref="saml:OneTimeUse"/>
<element ref="saml:ProxyRestriction"/>
</choice>
<attribute name="NotBefore" type="dateTime" use="optional"/>
<attribute name="NotOnOrAfter" type="dateTime" use="optional"/>
</complexType>
<element name="Condition" type="saml:ConditionAbstractType"/>
<complexType name="ConditionAbstractType" abstract="true"/>
<element name="AudienceRestriction" type="saml:AudienceRestrictionType"/>
<complexType name="AudienceRestrictionType">
<complexContent>
<extension base="saml:ConditionAbstractType">
<sequence>
<element ref="saml:Audience" maxOccurs="unbounded"/>
</sequence>
</extension>
</complexContent>
</complexType>
<element name="Audience" type="anyURI"/>
<element name="OneTimeUse" type="saml:OneTimeUseType" />
<complexType name="OneTimeUseType">
<complexContent>
<extension base="saml:ConditionAbstractType"/>
</complexContent>
</complexType>
<element name="ProxyRestriction" type="saml:ProxyRestrictionType"/>
<complexType name="ProxyRestrictionType">
<complexContent>
<extension base="saml:ConditionAbstractType">
<sequence>
<element ref="saml:Audience" minOccurs="0" maxOccurs="unbounded"/>
</sequence>
<attribute name="Count" type="nonNegativeInteger" use="optional"/>
</extension>
</complexContent>
</complexType>
<element name="Advice" type="saml:AdviceType"/>
<complexType name="AdviceType">
<choice minOccurs="0" maxOccurs="unbounded">
<element ref="saml:AssertionIDRef"/>
<element ref="saml:AssertionURIRef"/>
<element ref="saml:Assertion"/>
<element ref="saml:EncryptedAssertion"/>
<any namespace="##other" processContents="lax"/>
</choice>
</complexType>
<element name="EncryptedAssertion" type="saml:EncryptedElementType"/>
<element name="Statement" type="saml:StatementAbstractType"/>
<complexType name="StatementAbstractType" abstract="true"/>
<element name="AuthnStatement" type="saml:AuthnStatementType"/>
<complexType name="AuthnStatementType">
<complexContent>
<extension base="saml:StatementAbstractType">
<sequence>
<element ref="saml:SubjectLocality" minOccurs="0"/>
<element ref="saml:AuthnContext"/>
</sequence>
<attribute name="AuthnInstant" type="dateTime" use="required"/>
<attribute name="SessionIndex" type="string" use="optional"/>
<attribute name="SessionNotOnOrAfter" type="dateTime" use="optional"/>
</extension>
</complexContent>
</complexType>
<element name="SubjectLocality" type="saml:SubjectLocalityType"/>
<complexType name="SubjectLocalityType">
<attribute name="Address" type="string" use="optional"/>
<attribute name="DNSName" type="string" use="optional"/>
</complexType>
<element name="AuthnContext" type="saml:AuthnContextType"/>
<complexType name="AuthnContextType">
<sequence>
<choice>
<sequence>
<element ref="saml:AuthnContextClassRef"/>
<choice minOccurs="0">
<element ref="saml:AuthnContextDecl"/>
<element ref="saml:AuthnContextDeclRef"/>
</choice>
</sequence>
<choice>
<element ref="saml:AuthnContextDecl"/>
<element ref="saml:AuthnContextDeclRef"/>
</choice>
</choice>
<element ref="saml:AuthenticatingAuthority" minOccurs="0" maxOccurs="unbounded"/>
</sequence>
</complexType>
<element name="AuthnContextClassRef" type="anyURI"/>
<element name="AuthnContextDeclRef" type="anyURI"/>
<element name="AuthnContextDecl" type="anyType"/>
<element name="AuthenticatingAuthority" type="anyURI"/>
<element name="AuthzDecisionStatement" type="saml:AuthzDecisionStatementType"/>
<complexType name="AuthzDecisionStatementType">
<complexContent>
<extension base="saml:StatementAbstractType">
<sequence>
<element ref="saml:Action" maxOccurs="unbounded"/>
<element ref="saml:Evidence" minOccurs="0"/>
</sequence>
<attribute name="Resource" type="anyURI" use="required"/>
<attribute name="Decision" type="saml:DecisionType" use="required"/>
</extension>
</complexContent>
</complexType>
<simpleType name="DecisionType">
<restriction base="string">
<enumeration value="Permit"/>
<enumeration value="Deny"/>
<enumeration value="Indeterminate"/>
</restriction>
</simpleType>
<element name="Action" type="saml:ActionType"/>
<complexType name="ActionType">
<simpleContent>
<extension base="string">
<attribute name="Namespace" type="anyURI" use="required"/>
</extension>
</simpleContent>
</complexType>
<element name="Evidence" type="saml:EvidenceType"/>
<complexType name="EvidenceType">
<choice maxOccurs="unbounded">
<element ref="saml:AssertionIDRef"/>
<element ref="saml:AssertionURIRef"/>
<element ref="saml:Assertion"/>
<element ref="saml:EncryptedAssertion"/>
</choice>
</complexType>
<element name="AttributeStatement" type="saml:AttributeStatementType"/>
<complexType name="AttributeStatementType">
<complexContent>
<extension base="saml:StatementAbstractType">
<choice maxOccurs="unbounded">
<element ref="saml:Attribute"/>
<element ref="saml:EncryptedAttribute"/>
</choice>
</extension>
</complexContent>
</complexType>
<element name="Attribute" type="saml:AttributeType"/>
<complexType name="AttributeType">
<sequence>
<element ref="saml:AttributeValue" minOccurs="0" maxOccurs="unbounded"/>
</sequence>
<attribute name="Name" type="string" use="required"/>
<attribute name="NameFormat" type="anyURI" use="optional"/>
<attribute name="FriendlyName" type="string" use="optional"/>
<anyAttribute namespace="##other" processContents="lax"/>
</complexType>
<element name="AttributeValue" type="anyType" nillable="true"/>
<element name="EncryptedAttribute" type="saml:EncryptedElementType"/>
</schema>

28
yum.repos.d/almalinux-sap.repo Normal file
View File

@@ -0,0 +1,28 @@
# almalinux-sap.repo
[sap]
name=AlmaLinux $releasever - SAP
mirrorlist=https://mirrors.almalinux.org/mirrorlist/$releasever/sap
# baseurl=https://repo.almalinux.org/almalinux/$releasever/SAP/$basearch/os/
enabled=0
gpgcheck=1
countme=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-AlmaLinux
## Sources
[sap-source]
name=AlmaLinux $releasever - SAP Sources
mirrorlist=https://mirrors.almalinux.org/mirrorlist/$releasever/sap-source
# baseurl=https://repo.almalinux.org/vault/$releasever/SAP/Source/
enabled=0
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-AlmaLinux
## Debuginfo
[sap-debuginfo]
name=AlmaLinux $releasever - SAP Debuginfo
mirrorlist=https://mirrors.almalinux.org/mirrorlist/$releasever/sap-debuginfo
# baseurl=https://repo.almalinux.org/vault/$releasever/SAP/debug/$basearch/
enabled=0
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-AlmaLinux

28
yum.repos.d/almalinux-saphana.repo Normal file
View File

@@ -0,0 +1,28 @@
# almalinux-saphana.repo
[saphana]
name=AlmaLinux $releasever - SAP HANA
mirrorlist=https://mirrors.almalinux.org/mirrorlist/$releasever/saphana
# baseurl=https://repo.almalinux.org/almalinux/$releasever/SAPHANA/$basearch/os/
enabled=0
gpgcheck=1
countme=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-AlmaLinux
## Sources
[saphana-source]
name=AlmaLinux $releasever - SAP HANA Sources
mirrorlist=https://mirrors.almalinux.org/mirrorlist/$releasever/saphana-source
# baseurl=https://repo.almalinux.org/vault/$releasever/SAPHANA/Source/
enabled=0
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-AlmaLinux
## Debuginfo
[saphana-debuginfo]
name=AlmaLinux $releasever - SAP HANA Debuginfo
mirrorlist=https://mirrors.almalinux.org/mirrorlist/$releasever/saphana-debuginfo
# baseurl=https://repo.almalinux.org/vault/$releasever/SAPHANA/debug/$basearch/
enabled=0
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-AlmaLinux

11
yum.repos.d/epel-modular.repo
View File

@@ -1,16 +1,18 @@
[epel-modular]
name=Extra Packages for Enterprise Linux Modular 8 - $basearch
# This repo has been DEPRECATED, see https://pagure.io/epel/issue/198 for more details.
name=Extra Packages for Enterprise Linux Modular 8 - $basearch - DEPRECATED
# It is much more secure to use the metalink, but if you wish to use a local mirror
# place its address here.
#baseurl=https://download.example/pub/epel/8/Modular/$basearch
metalink=https://mirrors.fedoraproject.org/metalink?repo=epel-modular-8&arch=$basearch&infra=$infra&content=$contentdir
enabled=1
enabled=0
gpgcheck=1
countme=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-8
[epel-modular-debuginfo]
name=Extra Packages for Enterprise Linux Modular 8 - $basearch - Debug
# This repo has been DEPRECATED, see https://pagure.io/epel/issue/198 for more details.
name=Extra Packages for Enterprise Linux Modular 8 - $basearch - Debug - DEPRECATED
# It is much more secure to use the metalink, but if you wish to use a local mirror
# place its address here.
#baseurl=https://download.example/pub/epel/8/Modular/$basearch/debug
@@ -20,7 +22,8 @@ gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-8
gpgcheck=1
[epel-modular-source]
name=Extra Packages for Enterprise Linux Modular 8 - $basearch - Source
# This repo has been DEPRECATED, see https://pagure.io/epel/issue/198 for more details.
name=Extra Packages for Enterprise Linux Modular 8 - $basearch - Source - DEPRECATED
# It is much more secure to use the metalink, but if you wish to use a local mirror
# place it's address here.
#baseurl=https://download.example/pub/epel/8/Modular/source/tree/

9
yum.repos.d/epel-testing-modular.repo
View File

@@ -1,5 +1,6 @@
[epel-testing-modular]
name=Extra Packages for Enterprise Linux Modular 8 - Testing - $basearch
# This repo has been DEPRECATED, see https://pagure.io/epel/issue/198 for more details.
name=Extra Packages for Enterprise Linux Modular 8 - Testing - $basearch - DEPRECATED
# It is much more secure to use the metalink, but if you wish to use a local mirror
# place its address here.
#baseurl=https://download.example/pub/epel/testing/8/Modular/$basearch
@@ -10,7 +11,8 @@ countme=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-8
[epel-testing-modular-debuginfo]
name=Extra Packages for Enterprise Linux Modular 8 - Testing - $basearch - Debug
# This repo has been DEPRECATED, see https://pagure.io/epel/issue/198 for more details.
name=Extra Packages for Enterprise Linux Modular 8 - Testing - $basearch - Debug - DEPRECATED
# It is much more secure to use the metalink, but if you wish to use a local mirror
# place its address here.
#baseurl=https://download.example/pub/epel/testing/8/Modular/$basearch/debug
@@ -20,7 +22,8 @@ gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-8
gpgcheck=1
[epel-testing-modular-source]
name=Extra Packages for Enterprise Linux Modular 8 - Testing - $basearch - Source
# This repo has been DEPRECATED, see https://pagure.io/epel/issue/198 for more details.
name=Extra Packages for Enterprise Linux Modular 8 - Testing - $basearch - Source - DEPRECATED
# It is much more secure to use the metalink, but if you wish to use a local mirror
# place it's address here.
#baseurl=https://download.example/pub/epel/testing/8/Modular/source/tree/