diff --git a/.etckeeper b/.etckeeper index 13a9e53..56dfd23 100755 --- a/.etckeeper +++ b/.etckeeper @@ -972,23 +972,23 @@ maybe chmod 0644 'issue.net' maybe chmod 0644 'issue.rpmnew' maybe chmod 0755 'java' maybe chmod 0755 'java/java-1.8.0-openjdk' -maybe chmod 0755 'java/java-1.8.0-openjdk/java-1.8.0-openjdk-1.8.0.322.b06-2.el8_5.x86_64' -maybe chmod 0755 'java/java-1.8.0-openjdk/java-1.8.0-openjdk-1.8.0.322.b06-2.el8_5.x86_64/lib' -maybe chmod 0644 'java/java-1.8.0-openjdk/java-1.8.0-openjdk-1.8.0.322.b06-2.el8_5.x86_64/lib/calendars.properties' -maybe chmod 0644 'java/java-1.8.0-openjdk/java-1.8.0-openjdk-1.8.0.322.b06-2.el8_5.x86_64/lib/logging.properties' -maybe chmod 0755 'java/java-1.8.0-openjdk/java-1.8.0-openjdk-1.8.0.322.b06-2.el8_5.x86_64/lib/security' -maybe chmod 0644 'java/java-1.8.0-openjdk/java-1.8.0-openjdk-1.8.0.322.b06-2.el8_5.x86_64/lib/security/blacklisted.certs' -maybe chmod 0644 'java/java-1.8.0-openjdk/java-1.8.0-openjdk-1.8.0.322.b06-2.el8_5.x86_64/lib/security/java.policy' -maybe chmod 0644 'java/java-1.8.0-openjdk/java-1.8.0-openjdk-1.8.0.322.b06-2.el8_5.x86_64/lib/security/java.security' -maybe chmod 0644 'java/java-1.8.0-openjdk/java-1.8.0-openjdk-1.8.0.322.b06-2.el8_5.x86_64/lib/security/nss.cfg' -maybe chmod 0644 'java/java-1.8.0-openjdk/java-1.8.0-openjdk-1.8.0.322.b06-2.el8_5.x86_64/lib/security/nss.fips.cfg' -maybe chmod 0755 'java/java-1.8.0-openjdk/java-1.8.0-openjdk-1.8.0.322.b06-2.el8_5.x86_64/lib/security/policy' -maybe chmod 0755 'java/java-1.8.0-openjdk/java-1.8.0-openjdk-1.8.0.322.b06-2.el8_5.x86_64/lib/security/policy/limited' -maybe chmod 0644 'java/java-1.8.0-openjdk/java-1.8.0-openjdk-1.8.0.322.b06-2.el8_5.x86_64/lib/security/policy/limited/US_export_policy.jar' -maybe chmod 0644 'java/java-1.8.0-openjdk/java-1.8.0-openjdk-1.8.0.322.b06-2.el8_5.x86_64/lib/security/policy/limited/local_policy.jar' -maybe chmod 0755 'java/java-1.8.0-openjdk/java-1.8.0-openjdk-1.8.0.322.b06-2.el8_5.x86_64/lib/security/policy/unlimited' -maybe chmod 0644 'java/java-1.8.0-openjdk/java-1.8.0-openjdk-1.8.0.322.b06-2.el8_5.x86_64/lib/security/policy/unlimited/US_export_policy.jar' -maybe chmod 0644 'java/java-1.8.0-openjdk/java-1.8.0-openjdk-1.8.0.322.b06-2.el8_5.x86_64/lib/security/policy/unlimited/local_policy.jar' +maybe chmod 0755 'java/java-1.8.0-openjdk/java-1.8.0-openjdk-1.8.0.322.b06-11.el8.x86_64' +maybe chmod 0755 'java/java-1.8.0-openjdk/java-1.8.0-openjdk-1.8.0.322.b06-11.el8.x86_64/lib' +maybe chmod 0644 'java/java-1.8.0-openjdk/java-1.8.0-openjdk-1.8.0.322.b06-11.el8.x86_64/lib/calendars.properties' +maybe chmod 0644 'java/java-1.8.0-openjdk/java-1.8.0-openjdk-1.8.0.322.b06-11.el8.x86_64/lib/logging.properties' +maybe chmod 0755 'java/java-1.8.0-openjdk/java-1.8.0-openjdk-1.8.0.322.b06-11.el8.x86_64/lib/security' +maybe chmod 0644 'java/java-1.8.0-openjdk/java-1.8.0-openjdk-1.8.0.322.b06-11.el8.x86_64/lib/security/blacklisted.certs' +maybe chmod 0644 'java/java-1.8.0-openjdk/java-1.8.0-openjdk-1.8.0.322.b06-11.el8.x86_64/lib/security/java.policy' +maybe chmod 0644 'java/java-1.8.0-openjdk/java-1.8.0-openjdk-1.8.0.322.b06-11.el8.x86_64/lib/security/java.security' +maybe chmod 0644 'java/java-1.8.0-openjdk/java-1.8.0-openjdk-1.8.0.322.b06-11.el8.x86_64/lib/security/nss.cfg' +maybe chmod 0644 'java/java-1.8.0-openjdk/java-1.8.0-openjdk-1.8.0.322.b06-11.el8.x86_64/lib/security/nss.fips.cfg' +maybe chmod 0755 'java/java-1.8.0-openjdk/java-1.8.0-openjdk-1.8.0.322.b06-11.el8.x86_64/lib/security/policy' +maybe chmod 0755 'java/java-1.8.0-openjdk/java-1.8.0-openjdk-1.8.0.322.b06-11.el8.x86_64/lib/security/policy/limited' +maybe chmod 0644 'java/java-1.8.0-openjdk/java-1.8.0-openjdk-1.8.0.322.b06-11.el8.x86_64/lib/security/policy/limited/US_export_policy.jar' +maybe chmod 0644 'java/java-1.8.0-openjdk/java-1.8.0-openjdk-1.8.0.322.b06-11.el8.x86_64/lib/security/policy/limited/local_policy.jar' +maybe chmod 0755 'java/java-1.8.0-openjdk/java-1.8.0-openjdk-1.8.0.322.b06-11.el8.x86_64/lib/security/policy/unlimited' +maybe chmod 0644 'java/java-1.8.0-openjdk/java-1.8.0-openjdk-1.8.0.322.b06-11.el8.x86_64/lib/security/policy/unlimited/US_export_policy.jar' +maybe chmod 0644 'java/java-1.8.0-openjdk/java-1.8.0-openjdk-1.8.0.322.b06-11.el8.x86_64/lib/security/policy/unlimited/local_policy.jar' maybe chmod 0755 'java/security' maybe chmod 0755 'java/security/security.d' maybe chmod 0755 'jvm' @@ -1011,6 +1011,7 @@ maybe chmod 0755 'ld.so.conf.d' maybe chmod 0644 'ld.so.conf.d/bind-export-x86_64.conf' maybe chmod 0444 'ld.so.conf.d/kernel-4.18.0-193.6.3.el8_2.x86_64.conf' maybe chmod 0444 'ld.so.conf.d/kernel-4.18.0-365.el8.x86_64.conf' +maybe chmod 0444 'ld.so.conf.d/kernel-4.18.0-373.el8.x86_64.conf' maybe chmod 0755 'letsencrypt' maybe chown 'setroubleshoot' 'letsencrypt/.updated-options-ssl-apache-conf-digest.txt' maybe chgrp 'setroubleshoot' 'letsencrypt/.updated-options-ssl-apache-conf-digest.txt' @@ -4265,6 +4266,7 @@ maybe chmod 0660 'pki/pesign/secmod.db' maybe chmod 0755 'pki/product' maybe chmod 0755 'pki/product-default' maybe chmod 0755 'pki/rpm-gpg' +maybe chmod 0644 'pki/rpm-gpg/RPM-GPG-KEY-CentOS-SIG-Extras' maybe chmod 0644 'pki/rpm-gpg/RPM-GPG-KEY-EPEL-8' maybe chmod 0644 'pki/rpm-gpg/RPM-GPG-KEY-Jetico' maybe chmod 0644 'pki/rpm-gpg/RPM-GPG-KEY-centosofficial' @@ -4676,6 +4678,7 @@ maybe chmod 0644 'rspamd/modules.d/antivirus.conf' maybe chmod 0644 'rspamd/modules.d/arc.conf' maybe chmod 0644 'rspamd/modules.d/asn.conf' maybe chmod 0644 'rspamd/modules.d/aws_s3.conf' +maybe chmod 0644 'rspamd/modules.d/bimi.conf' maybe chmod 0644 'rspamd/modules.d/chartable.conf' maybe chmod 0644 'rspamd/modules.d/clickhouse.conf' maybe chmod 0644 'rspamd/modules.d/dcc.conf' diff --git a/alternatives/alt-java b/alternatives/alt-java index a97de37..3d7b565 120000 --- a/alternatives/alt-java +++ b/alternatives/alt-java @@ -1 +1 @@ -/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.322.b06-2.el8_5.x86_64/jre/bin/alt-java \ No newline at end of file +/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.322.b06-11.el8.x86_64/jre/bin/alt-java \ No newline at end of file diff --git a/alternatives/alt-java.1.gz b/alternatives/alt-java.1.gz index ce6fe80..a5665c7 120000 --- a/alternatives/alt-java.1.gz +++ b/alternatives/alt-java.1.gz @@ -1 +1 @@ -/usr/share/man/man1/alt-java-java-1.8.0-openjdk-1.8.0.322.b06-2.el8_5.x86_64.1.gz \ No newline at end of file +/usr/share/man/man1/alt-java-java-1.8.0-openjdk-1.8.0.322.b06-11.el8.x86_64.1.gz \ No newline at end of file diff --git a/alternatives/java b/alternatives/java index 4eed62c..e6869e1 120000 --- a/alternatives/java +++ b/alternatives/java @@ -1 +1 @@ -/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.322.b06-2.el8_5.x86_64/jre/bin/java \ No newline at end of file +/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.322.b06-11.el8.x86_64/jre/bin/java \ No newline at end of file diff --git a/alternatives/java.1.gz b/alternatives/java.1.gz index cfeedb2..105b32b 120000 --- a/alternatives/java.1.gz +++ b/alternatives/java.1.gz @@ -1 +1 @@ -/usr/share/man/man1/java-java-1.8.0-openjdk-1.8.0.322.b06-2.el8_5.x86_64.1.gz \ No newline at end of file +/usr/share/man/man1/java-java-1.8.0-openjdk-1.8.0.322.b06-11.el8.x86_64.1.gz \ No newline at end of file diff --git a/alternatives/jjs b/alternatives/jjs index 19b639d..64cd494 120000 --- a/alternatives/jjs +++ b/alternatives/jjs @@ -1 +1 @@ -/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.322.b06-2.el8_5.x86_64/jre/bin/jjs \ No newline at end of file +/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.322.b06-11.el8.x86_64/jre/bin/jjs \ No newline at end of file diff --git a/alternatives/jjs.1.gz b/alternatives/jjs.1.gz index e371275..2f74234 120000 --- a/alternatives/jjs.1.gz +++ b/alternatives/jjs.1.gz @@ -1 +1 @@ -/usr/share/man/man1/jjs-java-1.8.0-openjdk-1.8.0.322.b06-2.el8_5.x86_64.1.gz \ No newline at end of file +/usr/share/man/man1/jjs-java-1.8.0-openjdk-1.8.0.322.b06-11.el8.x86_64.1.gz \ No newline at end of file diff --git a/alternatives/jre b/alternatives/jre index 3db9807..b5613db 120000 --- a/alternatives/jre +++ b/alternatives/jre @@ -1 +1 @@ -/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.322.b06-2.el8_5.x86_64/jre \ No newline at end of file +/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.322.b06-11.el8.x86_64/jre \ No newline at end of file diff --git a/alternatives/jre_1.8.0 b/alternatives/jre_1.8.0 index 3db9807..b5613db 120000 --- a/alternatives/jre_1.8.0 +++ b/alternatives/jre_1.8.0 @@ -1 +1 @@ -/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.322.b06-2.el8_5.x86_64/jre \ No newline at end of file +/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.322.b06-11.el8.x86_64/jre \ No newline at end of file diff --git a/alternatives/jre_1.8.0_openjdk b/alternatives/jre_1.8.0_openjdk index 53f2d84..8bfd0d5 120000 --- a/alternatives/jre_1.8.0_openjdk +++ b/alternatives/jre_1.8.0_openjdk @@ -1 +1 @@ -/usr/lib/jvm/jre-1.8.0-openjdk-1.8.0.322.b06-2.el8_5.x86_64 \ No newline at end of file +/usr/lib/jvm/jre-1.8.0-openjdk-1.8.0.322.b06-11.el8.x86_64 \ No newline at end of file diff --git a/alternatives/jre_openjdk b/alternatives/jre_openjdk index 3db9807..b5613db 120000 --- a/alternatives/jre_openjdk +++ b/alternatives/jre_openjdk @@ -1 +1 @@ -/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.322.b06-2.el8_5.x86_64/jre \ No newline at end of file +/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.322.b06-11.el8.x86_64/jre \ No newline at end of file diff --git a/alternatives/keytool b/alternatives/keytool index 9be3c75..4230e1e 120000 --- a/alternatives/keytool +++ b/alternatives/keytool @@ -1 +1 @@ -/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.322.b06-2.el8_5.x86_64/jre/bin/keytool \ No newline at end of file +/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.322.b06-11.el8.x86_64/jre/bin/keytool \ No newline at end of file diff --git a/alternatives/keytool.1.gz b/alternatives/keytool.1.gz index 2d2c900..1aef7b1 120000 --- a/alternatives/keytool.1.gz +++ b/alternatives/keytool.1.gz @@ -1 +1 @@ -/usr/share/man/man1/keytool-java-1.8.0-openjdk-1.8.0.322.b06-2.el8_5.x86_64.1.gz \ No newline at end of file +/usr/share/man/man1/keytool-java-1.8.0-openjdk-1.8.0.322.b06-11.el8.x86_64.1.gz \ No newline at end of file diff --git a/alternatives/orbd b/alternatives/orbd index f22f06e..402d16a 120000 --- a/alternatives/orbd +++ b/alternatives/orbd @@ -1 +1 @@ -/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.322.b06-2.el8_5.x86_64/jre/bin/orbd \ No newline at end of file +/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.322.b06-11.el8.x86_64/jre/bin/orbd \ No newline at end of file diff --git a/alternatives/orbd.1.gz b/alternatives/orbd.1.gz index e260b02..4f4263b 120000 --- a/alternatives/orbd.1.gz +++ b/alternatives/orbd.1.gz @@ -1 +1 @@ -/usr/share/man/man1/orbd-java-1.8.0-openjdk-1.8.0.322.b06-2.el8_5.x86_64.1.gz \ No newline at end of file +/usr/share/man/man1/orbd-java-1.8.0-openjdk-1.8.0.322.b06-11.el8.x86_64.1.gz \ No newline at end of file diff --git a/alternatives/pack200 b/alternatives/pack200 index 86178f2..4279ffe 120000 --- a/alternatives/pack200 +++ b/alternatives/pack200 @@ -1 +1 @@ -/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.322.b06-2.el8_5.x86_64/jre/bin/pack200 \ No newline at end of file +/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.322.b06-11.el8.x86_64/jre/bin/pack200 \ No newline at end of file diff --git a/alternatives/pack200.1.gz b/alternatives/pack200.1.gz index 314081f..31c4706 120000 --- a/alternatives/pack200.1.gz +++ b/alternatives/pack200.1.gz @@ -1 +1 @@ -/usr/share/man/man1/pack200-java-1.8.0-openjdk-1.8.0.322.b06-2.el8_5.x86_64.1.gz \ No newline at end of file +/usr/share/man/man1/pack200-java-1.8.0-openjdk-1.8.0.322.b06-11.el8.x86_64.1.gz \ No newline at end of file diff --git a/alternatives/policytool b/alternatives/policytool index 730f718..95335d0 120000 --- a/alternatives/policytool +++ b/alternatives/policytool @@ -1 +1 @@ -/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.322.b06-2.el8_5.x86_64/jre/bin/policytool \ No newline at end of file +/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.322.b06-11.el8.x86_64/jre/bin/policytool \ No newline at end of file diff --git a/alternatives/policytool.1.gz b/alternatives/policytool.1.gz index e7d9e6b..fc714a4 120000 --- a/alternatives/policytool.1.gz +++ b/alternatives/policytool.1.gz @@ -1 +1 @@ -/usr/share/man/man1/policytool-java-1.8.0-openjdk-1.8.0.322.b06-2.el8_5.x86_64.1.gz \ No newline at end of file +/usr/share/man/man1/policytool-java-1.8.0-openjdk-1.8.0.322.b06-11.el8.x86_64.1.gz \ No newline at end of file diff --git a/alternatives/rmid b/alternatives/rmid index 99e58e8..e686113 120000 --- a/alternatives/rmid +++ b/alternatives/rmid @@ -1 +1 @@ -/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.322.b06-2.el8_5.x86_64/jre/bin/rmid \ No newline at end of file +/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.322.b06-11.el8.x86_64/jre/bin/rmid \ No newline at end of file diff --git a/alternatives/rmid.1.gz b/alternatives/rmid.1.gz index 9371320..5cc1ea2 120000 --- a/alternatives/rmid.1.gz +++ b/alternatives/rmid.1.gz @@ -1 +1 @@ -/usr/share/man/man1/rmid-java-1.8.0-openjdk-1.8.0.322.b06-2.el8_5.x86_64.1.gz \ No newline at end of file +/usr/share/man/man1/rmid-java-1.8.0-openjdk-1.8.0.322.b06-11.el8.x86_64.1.gz \ No newline at end of file diff --git a/alternatives/rmiregistry b/alternatives/rmiregistry index e151712..5a3ac70 120000 --- a/alternatives/rmiregistry +++ b/alternatives/rmiregistry @@ -1 +1 @@ -/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.322.b06-2.el8_5.x86_64/jre/bin/rmiregistry \ No newline at end of file +/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.322.b06-11.el8.x86_64/jre/bin/rmiregistry \ No newline at end of file diff --git a/alternatives/rmiregistry.1.gz b/alternatives/rmiregistry.1.gz index 22a6829..c4f9378 120000 --- a/alternatives/rmiregistry.1.gz +++ b/alternatives/rmiregistry.1.gz @@ -1 +1 @@ -/usr/share/man/man1/rmiregistry-java-1.8.0-openjdk-1.8.0.322.b06-2.el8_5.x86_64.1.gz \ No newline at end of file +/usr/share/man/man1/rmiregistry-java-1.8.0-openjdk-1.8.0.322.b06-11.el8.x86_64.1.gz \ No newline at end of file diff --git a/alternatives/servertool b/alternatives/servertool index 14f6163..597791b 120000 --- a/alternatives/servertool +++ b/alternatives/servertool @@ -1 +1 @@ -/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.322.b06-2.el8_5.x86_64/jre/bin/servertool \ No newline at end of file +/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.322.b06-11.el8.x86_64/jre/bin/servertool \ No newline at end of file diff --git a/alternatives/servertool.1.gz b/alternatives/servertool.1.gz index a4b8322..d6b4fdd 120000 --- a/alternatives/servertool.1.gz +++ b/alternatives/servertool.1.gz @@ -1 +1 @@ -/usr/share/man/man1/servertool-java-1.8.0-openjdk-1.8.0.322.b06-2.el8_5.x86_64.1.gz \ No newline at end of file +/usr/share/man/man1/servertool-java-1.8.0-openjdk-1.8.0.322.b06-11.el8.x86_64.1.gz \ No newline at end of file diff --git a/alternatives/tnameserv b/alternatives/tnameserv index c58186d..8beab5a 120000 --- a/alternatives/tnameserv +++ b/alternatives/tnameserv @@ -1 +1 @@ -/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.322.b06-2.el8_5.x86_64/jre/bin/tnameserv \ No newline at end of file +/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.322.b06-11.el8.x86_64/jre/bin/tnameserv \ No newline at end of file diff --git a/alternatives/tnameserv.1.gz b/alternatives/tnameserv.1.gz index 101b6cd..7256495 120000 --- a/alternatives/tnameserv.1.gz +++ b/alternatives/tnameserv.1.gz @@ -1 +1 @@ -/usr/share/man/man1/tnameserv-java-1.8.0-openjdk-1.8.0.322.b06-2.el8_5.x86_64.1.gz \ No newline at end of file +/usr/share/man/man1/tnameserv-java-1.8.0-openjdk-1.8.0.322.b06-11.el8.x86_64.1.gz \ No newline at end of file diff --git a/alternatives/unpack200 b/alternatives/unpack200 index 6ead4f6..d536e9f 120000 --- a/alternatives/unpack200 +++ b/alternatives/unpack200 @@ -1 +1 @@ -/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.322.b06-2.el8_5.x86_64/jre/bin/unpack200 \ No newline at end of file +/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.322.b06-11.el8.x86_64/jre/bin/unpack200 \ No newline at end of file diff --git a/alternatives/unpack200.1.gz b/alternatives/unpack200.1.gz index 4987f21..62c533f 120000 --- a/alternatives/unpack200.1.gz +++ b/alternatives/unpack200.1.gz @@ -1 +1 @@ -/usr/share/man/man1/unpack200-java-1.8.0-openjdk-1.8.0.322.b06-2.el8_5.x86_64.1.gz \ No newline at end of file +/usr/share/man/man1/unpack200-java-1.8.0-openjdk-1.8.0.322.b06-11.el8.x86_64.1.gz \ No newline at end of file diff --git a/java/java-1.8.0-openjdk/java-1.8.0-openjdk-1.8.0.322.b06-2.el8_5.x86_64/lib/calendars.properties b/java/java-1.8.0-openjdk/java-1.8.0-openjdk-1.8.0.322.b06-11.el8.x86_64/lib/calendars.properties similarity index 100% rename from java/java-1.8.0-openjdk/java-1.8.0-openjdk-1.8.0.322.b06-2.el8_5.x86_64/lib/calendars.properties rename to java/java-1.8.0-openjdk/java-1.8.0-openjdk-1.8.0.322.b06-11.el8.x86_64/lib/calendars.properties diff --git a/java/java-1.8.0-openjdk/java-1.8.0-openjdk-1.8.0.322.b06-2.el8_5.x86_64/lib/logging.properties b/java/java-1.8.0-openjdk/java-1.8.0-openjdk-1.8.0.322.b06-11.el8.x86_64/lib/logging.properties similarity index 100% rename from java/java-1.8.0-openjdk/java-1.8.0-openjdk-1.8.0.322.b06-2.el8_5.x86_64/lib/logging.properties rename to java/java-1.8.0-openjdk/java-1.8.0-openjdk-1.8.0.322.b06-11.el8.x86_64/lib/logging.properties diff --git a/java/java-1.8.0-openjdk/java-1.8.0-openjdk-1.8.0.322.b06-2.el8_5.x86_64/lib/security/blacklisted.certs b/java/java-1.8.0-openjdk/java-1.8.0-openjdk-1.8.0.322.b06-11.el8.x86_64/lib/security/blacklisted.certs similarity index 100% rename from java/java-1.8.0-openjdk/java-1.8.0-openjdk-1.8.0.322.b06-2.el8_5.x86_64/lib/security/blacklisted.certs rename to java/java-1.8.0-openjdk/java-1.8.0-openjdk-1.8.0.322.b06-11.el8.x86_64/lib/security/blacklisted.certs diff --git a/java/java-1.8.0-openjdk/java-1.8.0-openjdk-1.8.0.322.b06-2.el8_5.x86_64/lib/security/cacerts b/java/java-1.8.0-openjdk/java-1.8.0-openjdk-1.8.0.322.b06-11.el8.x86_64/lib/security/cacerts similarity index 100% rename from java/java-1.8.0-openjdk/java-1.8.0-openjdk-1.8.0.322.b06-2.el8_5.x86_64/lib/security/cacerts rename to java/java-1.8.0-openjdk/java-1.8.0-openjdk-1.8.0.322.b06-11.el8.x86_64/lib/security/cacerts diff --git a/java/java-1.8.0-openjdk/java-1.8.0-openjdk-1.8.0.322.b06-2.el8_5.x86_64/lib/security/java.policy b/java/java-1.8.0-openjdk/java-1.8.0-openjdk-1.8.0.322.b06-11.el8.x86_64/lib/security/java.policy similarity index 100% rename from java/java-1.8.0-openjdk/java-1.8.0-openjdk-1.8.0.322.b06-2.el8_5.x86_64/lib/security/java.policy rename to java/java-1.8.0-openjdk/java-1.8.0-openjdk-1.8.0.322.b06-11.el8.x86_64/lib/security/java.policy diff --git a/java/java-1.8.0-openjdk/java-1.8.0-openjdk-1.8.0.322.b06-2.el8_5.x86_64/lib/security/java.security b/java/java-1.8.0-openjdk/java-1.8.0-openjdk-1.8.0.322.b06-11.el8.x86_64/lib/security/java.security similarity index 100% rename from java/java-1.8.0-openjdk/java-1.8.0-openjdk-1.8.0.322.b06-2.el8_5.x86_64/lib/security/java.security rename to java/java-1.8.0-openjdk/java-1.8.0-openjdk-1.8.0.322.b06-11.el8.x86_64/lib/security/java.security diff --git a/java/java-1.8.0-openjdk/java-1.8.0-openjdk-1.8.0.322.b06-2.el8_5.x86_64/lib/security/nss.cfg b/java/java-1.8.0-openjdk/java-1.8.0-openjdk-1.8.0.322.b06-11.el8.x86_64/lib/security/nss.cfg similarity index 100% rename from java/java-1.8.0-openjdk/java-1.8.0-openjdk-1.8.0.322.b06-2.el8_5.x86_64/lib/security/nss.cfg rename to java/java-1.8.0-openjdk/java-1.8.0-openjdk-1.8.0.322.b06-11.el8.x86_64/lib/security/nss.cfg diff --git a/java/java-1.8.0-openjdk/java-1.8.0-openjdk-1.8.0.322.b06-2.el8_5.x86_64/lib/security/nss.fips.cfg b/java/java-1.8.0-openjdk/java-1.8.0-openjdk-1.8.0.322.b06-11.el8.x86_64/lib/security/nss.fips.cfg similarity index 68% rename from java/java-1.8.0-openjdk/java-1.8.0-openjdk-1.8.0.322.b06-2.el8_5.x86_64/lib/security/nss.fips.cfg rename to java/java-1.8.0-openjdk/java-1.8.0-openjdk-1.8.0.322.b06-11.el8.x86_64/lib/security/nss.fips.cfg index 65a03f0..6e8b538 100644 --- a/java/java-1.8.0-openjdk/java-1.8.0-openjdk-1.8.0.322.b06-2.el8_5.x86_64/lib/security/nss.fips.cfg +++ b/java/java-1.8.0-openjdk/java-1.8.0-openjdk-1.8.0.322.b06-11.el8.x86_64/lib/security/nss.fips.cfg @@ -1,6 +1,6 @@ name = NSS-FIPS nssLibraryDirectory = /usr/lib64 -nssSecmodDirectory = /etc/pki/nssdb +nssSecmodDirectory = sql:/etc/pki/nssdb nssDbMode = readOnly nssModule = fips diff --git a/java/java-1.8.0-openjdk/java-1.8.0-openjdk-1.8.0.322.b06-2.el8_5.x86_64/lib/security/policy/limited/US_export_policy.jar b/java/java-1.8.0-openjdk/java-1.8.0-openjdk-1.8.0.322.b06-11.el8.x86_64/lib/security/policy/limited/US_export_policy.jar similarity index 100% rename from java/java-1.8.0-openjdk/java-1.8.0-openjdk-1.8.0.322.b06-2.el8_5.x86_64/lib/security/policy/limited/US_export_policy.jar rename to java/java-1.8.0-openjdk/java-1.8.0-openjdk-1.8.0.322.b06-11.el8.x86_64/lib/security/policy/limited/US_export_policy.jar diff --git a/java/java-1.8.0-openjdk/java-1.8.0-openjdk-1.8.0.322.b06-2.el8_5.x86_64/lib/security/policy/limited/local_policy.jar b/java/java-1.8.0-openjdk/java-1.8.0-openjdk-1.8.0.322.b06-11.el8.x86_64/lib/security/policy/limited/local_policy.jar similarity index 100% rename from java/java-1.8.0-openjdk/java-1.8.0-openjdk-1.8.0.322.b06-2.el8_5.x86_64/lib/security/policy/limited/local_policy.jar rename to java/java-1.8.0-openjdk/java-1.8.0-openjdk-1.8.0.322.b06-11.el8.x86_64/lib/security/policy/limited/local_policy.jar diff --git a/java/java-1.8.0-openjdk/java-1.8.0-openjdk-1.8.0.322.b06-2.el8_5.x86_64/lib/security/policy/unlimited/US_export_policy.jar b/java/java-1.8.0-openjdk/java-1.8.0-openjdk-1.8.0.322.b06-11.el8.x86_64/lib/security/policy/unlimited/US_export_policy.jar similarity index 100% rename from java/java-1.8.0-openjdk/java-1.8.0-openjdk-1.8.0.322.b06-2.el8_5.x86_64/lib/security/policy/unlimited/US_export_policy.jar rename to java/java-1.8.0-openjdk/java-1.8.0-openjdk-1.8.0.322.b06-11.el8.x86_64/lib/security/policy/unlimited/US_export_policy.jar diff --git a/java/java-1.8.0-openjdk/java-1.8.0-openjdk-1.8.0.322.b06-2.el8_5.x86_64/lib/security/policy/unlimited/local_policy.jar b/java/java-1.8.0-openjdk/java-1.8.0-openjdk-1.8.0.322.b06-11.el8.x86_64/lib/security/policy/unlimited/local_policy.jar similarity index 100% rename from java/java-1.8.0-openjdk/java-1.8.0-openjdk-1.8.0.322.b06-2.el8_5.x86_64/lib/security/policy/unlimited/local_policy.jar rename to java/java-1.8.0-openjdk/java-1.8.0-openjdk-1.8.0.322.b06-11.el8.x86_64/lib/security/policy/unlimited/local_policy.jar diff --git a/ld.so.conf.d/kernel-4.18.0-373.el8.x86_64.conf b/ld.so.conf.d/kernel-4.18.0-373.el8.x86_64.conf new file mode 100644 index 0000000..e4b9dd6 --- /dev/null +++ b/ld.so.conf.d/kernel-4.18.0-373.el8.x86_64.conf @@ -0,0 +1 @@ + # Placeholder file, no vDSO hwcap entries used in this kernel. diff --git a/pki/rpm-gpg/RPM-GPG-KEY-CentOS-SIG-Extras b/pki/rpm-gpg/RPM-GPG-KEY-CentOS-SIG-Extras new file mode 100644 index 0000000..f49a9e1 --- /dev/null +++ b/pki/rpm-gpg/RPM-GPG-KEY-CentOS-SIG-Extras @@ -0,0 +1,38 @@ +-----BEGIN PGP PUBLIC KEY BLOCK----- +Version: GnuPG v2.0.22 (GNU/Linux) + +mQENBGG65jsBCADef7Fspss6f2PKrlrxufWlBaQI+kcdSDbY7o/dyyjpT7dcX8t8 +Ou73irjiShK3q0pdrh1Wy/mXc7RIJwAbCt9OVgyx4PV6AW5LfU7P7xyEAbTgLhz9 +lLPjBGhBvfRpW+7naPqkTcIKxpVR8Khq6fsvThGCNzNkGa46F1srE3mf1zC9wdVR +VtXO7gHEZ2LrNcl195jZkBQOLcXANcSOFh5eRfhumULmk4XgCGmZQT5UNFofqOmn +aWQGBq3XaU7RWjl7RH+IS2EW0rAtz9Le+cH+j0aFhzo7jBMOxGYG62rUaHdxssjV +S1CrfpYT6NeG5i/1hiP4hO9suezJw4yuXNZ3ABEBAAG0VkNlbnRPUyBFeHRyYXMg +U0lHIChodHRwczovL3dpa2kuY2VudG9zLm9yZy9TcGVjaWFsSW50ZXJlc3RHcm91 +cCkgPHNlY3VyaXR5QGNlbnRvcy5vcmc+iQE5BBMBCgAjAhsvBwsJCAcDAgEGFQgC +CQoLBBYCAwECHgECF4AFAmIePKwACgkQH/aiFx2ZdmgUpAgAt1Y139EUQOLd013m +jZx3shUVHRWCU0SaWLuXLupdxqhe/Iygen48aiDWfAtWr9neAJKKZFboDXXPyxDy +9529aDgJnjwGRSFAcmvsuMaEMse6PZepTFtwhg2A/N0sDLVJSWagbQmTHdpkgEwn +rrwO/TEaqjJ2+vZG67IIvw2rgtF3sQC28I1z7c1cPH5/NNf7dOZ29vtn44juMFFs +o2Kd2FjZ0WP4wRmFF646nS5S1WHGS32K0xvDJMXO3MBXhaATVg+5i5ICA6fx6F3Y +FFLJrXjx/LBtsY3EbJ0OddeZQtaAHFM1Xm6e0UHpnfjG9EGl9QrC5qzLSng0YMrG +emhIy7kBDQRhuuY7AQgAs+enJDbwE/Iln3BnxodDQ3/1t9ULlMLJLiV+FgS7yREZ +QvhVQxFWaJqbiPV6EJVxEP5lUHND2DAE2ZTr60y0rI3ZAY52go+QYHXb+M5HC12H +HbhIDTWaETNo5heq/qyVSRT1u0g/yKCxQdyqnVsL86bro0wgrpj7XuApQifFhy16 +AkDjhcB0C0dXkfvEnHJylWiHpp7upfSgOcGwQ+yRHOZWJnyF+OMrFfNiwD74/zEN +4RoNFgpqJZ81TF0qCdllTYGAXXUdYsJlg64dH0u84naTOFIuInywCmNyPmC8e8/0 +g56hCV2L7bRJGjBCa6VH+TgvVGnkFsoMM9ijhuTIIQARAQABiQI+BBgBCgAJAhsu +BQJiHjnNASnAXSAEGQECAAYFAmG65jsACgkQi1yBEfyl0P9m/QgAh2KmBA4h/slx +aZeWLb2cV53B1jVElsrEAE/a8yKhhcNeNOQsEWwT2/i6mdWchnIQzojKs3ypoRUY +xsICIb4b4AFzc//aYhaOWThNRHh0UwaueNu0YBqVF3URUlf/Hw1Wv16v4QwkNhHQ ++EohCRltR2PBjAHRHXDImy9OxV/uTnZjTXegj2Jl3ueQ5nF4pleqUctt/V9JjqzO +YcQZW78s1jyBRzefbPxQHKKp4na6etTmIvgVDjkMChRZPRjZYEVZNi8kJM0aaK4q +ugGoL6cWBR6RYka+/eEFMd3kSrng9ahbNX0F4ztdZ2alPrrE6BvJ7n/Mt6tZKgL7 +x9V0GpbstAkQH/aiFx2ZdmgN/gf+PEUa1LT98RS28fyNPaXYGx5vLWYxUtAdeN9a +TfugGHCVhVsowbIEnuFUHE1JmTJ1hDaFYXqkgG9zDo81JVz/yCHpNIQO0YF2h+qX +BXiKP7PQ+iT/PjQHidlYUuz73hjDwRl3AhLafcwVHeD3cCgo/ZP/Vi9Y9iBFVZDl +jGHxAIe0PWbEAUuqNJOgrlVmmCtSqVkN1Neihx1zjpw3rqfUQzwvhvcsOfkKfnBs +Boc66IZ0J5pmSzgJnSbLrr2dv1/jYHaolA24vkMqMxKzJbz+GeQ/SqBZ5/rA37VL +x90Tu9UVSfbyEbwS9Zj1sVmc3mdm1kn6dmTlOfTDIqehfHBlnQ== +=jx2B +-----END PGP PUBLIC KEY BLOCK----- + diff --git a/resolv.conf b/resolv.conf index 1ea217a..dc29b37 100644 --- a/resolv.conf +++ b/resolv.conf @@ -1 +1,5 @@ +nameserver 192.168.1.2 nameserver 192.168.1.1 +options rotate +options timeout:3 + diff --git a/rspamd/composites.conf b/rspamd/composites.conf index def043f..c750be3 100644 --- a/rspamd/composites.conf +++ b/rspamd/composites.conf @@ -56,7 +56,7 @@ composites { description = "Authenticating message via SPF/DKIM/DMARC/ARC not possible"; } DKIM_MIXED { - expression = "-R_DKIM_ALLOW & (R_DKIM_DNSFAIL | R_DKIM_PERMFAIL | R_DKIM_REJECT)" + expression = "-R_DKIM_ALLOW & (R_DKIM_TEMPFAIL | R_DKIM_PERMFAIL | R_DKIM_REJECT)" policy = "remove_weight"; } MAIL_RU_MAILER_BASE64 { diff --git a/rspamd/groups.conf b/rspamd/groups.conf index dcea1bc..2aeb4ed 100644 --- a/rspamd/groups.conf +++ b/rspamd/groups.conf @@ -88,7 +88,7 @@ group "mime_types" { .include(try=true; priority=10) "$LOCAL_CONFDIR/override.d/mime_types_group.conf" } -# Used to limit maximium score +# Used to limit maximum score group "excessqp" { max_score = 2.4; .include(try=true; priority=1; duplicate=merge) "$LOCAL_CONFDIR/local.d/excessqp_group.conf" diff --git a/rspamd/maps.d/mime_types.inc b/rspamd/maps.d/mime_types.inc index c4f158d..7dd5d89 100644 --- a/rspamd/maps.d/mime_types.inc +++ b/rspamd/maps.d/mime_types.inc @@ -199,6 +199,7 @@ application/p2p-overlay+xml 0 application/patch-ops-error+xml 0 application/pdf 0 application/pgp-encrypted 0 +application/pgp-keys 0 application/pgp-signature 0 application/pidf+xml 0 application/pidf-diff+xml 0 diff --git a/rspamd/modules.d/aws_s3.conf b/rspamd/modules.d/aws_s3.conf index 2dd9663..bef592a 100644 --- a/rspamd/modules.d/aws_s3.conf +++ b/rspamd/modules.d/aws_s3.conf @@ -16,6 +16,7 @@ aws_s3 { # Required attributes #s3_bucket = 'xxx'; s3_region = 'us-east-1'; + s3_host = 's3.amazonaws.com'; #s3_secret_key = 'xxx'; #s3_key_id = 'xxx'; # Enable in local.d/aws_s3.conf diff --git a/rspamd/modules.d/bimi.conf b/rspamd/modules.d/bimi.conf new file mode 100644 index 0000000..63c0f71 --- /dev/null +++ b/rspamd/modules.d/bimi.conf @@ -0,0 +1,29 @@ +# Please don't modify this file as your changes might be overwritten with +# the next update. +# +# You can modify 'local.d/asn.conf' to add and merge +# parameters defined inside this section +# +# You can modify 'override.d/asn.conf' to strictly override all +# parameters defined inside this section +# +# See https://rspamd.com/doc/faq.html#what-are-the-locald-and-overrided-directories +# for details +# +# Module documentation can be found at https://rspamd.com/doc/modules/asn.html + +bimi { + # Required attributes + #helper_url = "http://127.0.0.1:3030", + helper_timeout = 5s; + helper_sync = true; + vmc_only = true; + redis_prefix = 'rs_bimi'; + redis_min_expiry = 24h; + + # Enable in local.d/bimi.conf + enabled = false; + .include(try=true,priority=5) "${DBDIR}/dynamic/bimi.conf" + .include(try=true,priority=1,duplicate=merge) "$LOCAL_CONFDIR/local.d/bimi.conf" + .include(try=true,priority=10) "$LOCAL_CONFDIR/override.d/bimi.conf" +} \ No newline at end of file diff --git a/rspamd/modules.d/mime_types.conf b/rspamd/modules.d/mime_types.conf index 376b701..1f67595 100644 --- a/rspamd/modules.d/mime_types.conf +++ b/rspamd/modules.d/mime_types.conf @@ -30,7 +30,8 @@ mime_types { ]; pdf = [ "application/octet-stream", - "application/pdf" + "application/pdf", + "application/x-pdf" ]; } diff --git a/rspamd/modules.d/rbl.conf b/rspamd/modules.d/rbl.conf index b8ef44c..dd3c0f5 100644 --- a/rspamd/modules.d/rbl.conf +++ b/rspamd/modules.d/rbl.conf @@ -238,7 +238,7 @@ rbl { ignore_defaults = true; rbl = "dbl.spamhaus.org"; no_ip = true; - checks = ['emails', 'dkim', 'urls']; + checks = ['emails', 'dkim', 'helo', 'rdns', 'replyto', 'urls']; emails_domainonly = true; returncodes = { @@ -269,18 +269,19 @@ rbl { } # Not enabled by default due to privacy concerns! (see also groups.d/surbl_group.conf) - #"SPAMHAUS_ZEN_URIBL" { - # suffix = "zen.spamhaus.org"; - # resolve_ip = true; - # check_emails = true; - # ips { - # URIBL_SBL = "127.0.0.2"; - # URIBL_SBL_CSS = "127.0.0.3"; - # URIBL_XBL = ["127.0.0.4", "127.0.0.5", "127.0.0.6", "127.0.0.7"]; - # URIBL_PBL = ["127.0.0.10", "127.0.0.11"]; - # URIBL_DROP = "127.0.0.9"; - # } - #} + "SPAMHAUS_ZEN_URIBL" { + enabled = false; + rbl = "zen.spamhaus.org"; + checks = ['emails']; + resolve_ip = true; + returncodes = { + URIBL_SBL = "127.0.0.2"; + URIBL_SBL_CSS = "127.0.0.3"; + URIBL_XBL = ["127.0.0.4", "127.0.0.5", "127.0.0.6", "127.0.0.7"]; + URIBL_PBL = ["127.0.0.10", "127.0.0.11"]; + URIBL_DROP = "127.0.0.9"; + } + } "SEM_URIBL_UNKNOWN" { ignore_defaults = true; diff --git a/rspamd/scores.d/headers_group.conf b/rspamd/scores.d/headers_group.conf index 83048ea..56a8f7f 100644 --- a/rspamd/scores.d/headers_group.conf +++ b/rspamd/scores.d/headers_group.conf @@ -16,6 +16,7 @@ # See https://rspamd.com/doc/tutorials/writing_rules.html for details description = "Various headers checks"; +max_score = 8.0; symbols = { "FORGED_SENDER" { diff --git a/rspamd/scores.d/mime_types_group.conf b/rspamd/scores.d/mime_types_group.conf index b9e3736..2453ba6 100644 --- a/rspamd/scores.d/mime_types_group.conf +++ b/rspamd/scores.d/mime_types_group.conf @@ -16,6 +16,9 @@ # See https://rspamd.com/doc/tutorials/writing_rules.html for details description = "Mime attachments rules"; +# Define some limit for this group +max_score = 10.0; + symbols = { "MIME_GOOD" { @@ -43,6 +46,11 @@ symbols = { description = "Encrypted archive in a message"; one_shot = true; } + "MIME_OBFUSCATED_ARCHIVE" { + weight = 8.0; + description = "Archive has files with clear obfuscation signs"; + one_shot = true; + } "MIME_EXE_IN_GEN_SPLIT_RAR" { weight = 5.0; description = "EXE file in RAR archive with generic split extension (e.g. .001)"; diff --git a/rspamd/scores.d/rbl_group.conf b/rspamd/scores.d/rbl_group.conf index 690d0ee..6b3f04d 100644 --- a/rspamd/scores.d/rbl_group.conf +++ b/rspamd/scores.d/rbl_group.conf @@ -117,14 +117,14 @@ symbols = { groups = ["spamhaus"]; } "RBL_SPAMHAUS_BLOCKED_OPENRESOLVER" { - weight = 0.0; - description = "You are querying Spamhaus from an open resolver, please see https://www.spamhaus.org/returnc/pub/"; - groups = ["spamhaus"]; + weight = 0.0; + description = "You are querying Spamhaus from an open resolver, please see https://www.spamhaus.org/returnc/pub/"; + groups = ["spamhaus"]; } "RBL_SPAMHAUS_BLOCKED" { - weight = 0.0; - description = "You are exceeding the query limit, please see https://www.spamhaus.org/returnc/vol/"; - groups = ["spamhaus"]; + weight = 0.0; + description = "You are exceeding the query limit, please see https://www.spamhaus.org/returnc/vol/"; + groups = ["spamhaus"]; } "RECEIVED_SPAMHAUS_SBL" { weight = 1.0; @@ -157,14 +157,14 @@ symbols = { one_shot = true; } "RECEIVED_SPAMHAUS_BLOCKED_OPENRESOLVER" { - weight = 0.0; - description = "You are querying Spamhaus from an open resolver, please see https://www.spamhaus.org/returnc/pub/"; - groups = ["spamhaus"]; + weight = 0.0; + description = "You are querying Spamhaus from an open resolver, please see https://www.spamhaus.org/returnc/pub/"; + groups = ["spamhaus"]; } "RECEIVED_SPAMHAUS_BLOCKED" { - weight = 0.0; - description = "You are exceeding the query limit, please see https://www.spamhaus.org/returnc/vol/"; - groups = ["spamhaus"]; + weight = 0.0; + description = "You are exceeding the query limit, please see https://www.spamhaus.org/returnc/vol/"; + groups = ["spamhaus"]; } "RBL_SENDERSCORE" { @@ -202,17 +202,17 @@ symbols = { groups = ["mailspike"]; } "RWL_MAILSPIKE_GOOD" { - weight = 0.0; + weight = -0.1; description = "From address is listed in RWL - good reputation"; groups = ["mailspike"]; } "RWL_MAILSPIKE_VERYGOOD" { - weight = 0.0; + weight = -0.2; description = "From address is listed in RWL - very good reputation"; groups = ["mailspike"]; } "RWL_MAILSPIKE_EXCELLENT" { - weight = 0.0; + weight = -0.4; description = "From address is listed in RWL - excellent reputation"; groups = ["mailspike"]; } diff --git a/rspamd/scores.d/surbl_group.conf b/rspamd/scores.d/surbl_group.conf index b4e5b6b..34064a1 100644 --- a/rspamd/scores.d/surbl_group.conf +++ b/rspamd/scores.d/surbl_group.conf @@ -23,26 +23,31 @@ symbols = { "SURBL_BLOCKED" { weight = 0.0; description = "SURBL: blocked by policy/overusage"; + one_shot = true; groups = ["surblorg", "blocked"]; } "PH_SURBL_MULTI" { weight = 5.5; description = "SURBL: Phishing sites"; + one_shot = true; groups = ["surblorg", "phishing"]; } "MW_SURBL_MULTI" { weight = 5.5; description = "SURBL: Malware sites"; + one_shot = true; groups = ["surblorg"]; } "ABUSE_SURBL" { weight = 5.5; description = "SURBL: ABUSE"; + one_shot = true; groups = ["surblorg"]; } "CRACKED_SURBL" { weight = 4.0; description = "SURBL: cracked site"; + one_shot = true; groups = ["surblorg"]; } "RSPAMD_URIBL" { @@ -76,108 +81,129 @@ symbols = { "SEM_URIBL_UNKNOWN" { weight = 0.0; description = "Spameatingmonkey uribl: unknown result"; + one_shot = true; groups = ["sem"]; } "SEM_URIBL" { weight = 3.5; description = "Spameatingmonkey uribl"; + one_shot = true; groups = ["sem"]; } "SEM_URIBL_FRESH15_UNKNOWN" { weight = 0.0; description = "Spameatingmonkey Fresh15 uribl: unknown result"; + one_shot = true; groups = ["sem"]; } "SEM_URIBL_FRESH15" { weight = 3.0; description = "Spameatingmonkey uribl. Domains registered in the last 15 days (.AERO,.BIZ,.COM,.INFO,.NAME,.NET,.PRO,.SK,.TEL,.US)"; + one_shot = true; groups = ["sem"]; } "DBL" { weight = 0.0; description = "DBL unknown result"; + one_shot = true; groups = ["spamhaus"]; } "DBL_SPAM" { weight = 6.5; description = "DBL uribl spam"; + one_shot = true; groups = ["spamhaus"]; } "DBL_PHISH" { weight = 6.5; description = "DBL uribl phishing"; + one_shot = true; groups = ["spamhaus"]; } "DBL_MALWARE" { weight = 6.5; description = "DBL uribl malware"; + one_shot = true; groups = ["spamhaus"]; } "DBL_BOTNET" { weight = 5.5; description = "DBL uribl botnet C&C domain"; + one_shot = true; groups = ["spamhaus"]; } "DBL_ABUSE" { weight = 6.5; description = "DBL uribl abused legit spam"; + one_shot = true; groups = ["spamhaus"]; } "DBL_ABUSE_REDIR" { weight = 1.5; description = "DBL uribl abused spammed redirector domain"; + one_shot = true; groups = ["spamhaus"]; } "DBL_ABUSE_PHISH" { weight = 7.5; description = "DBL uribl abused legit phish"; + one_shot = true; groups = ["spamhaus"]; } "DBL_ABUSE_MALWARE" { weight = 7.5; description = "DBL uribl abused legit malware"; + one_shot = true; groups = ["spamhaus"]; } "DBL_ABUSE_BOTNET" { weight = 5.5; description = "DBL uribl abused legit botnet C&C"; + one_shot = true; groups = ["spamhaus"]; } "DBL_PROHIBIT" { weight = 0.0; description = "DBL uribl IP queries prohibited!"; + one_shot = true; groups = ["spamhaus"]; } "DBL_BLOCKED_OPENRESOLVER" { - weight = 0.0; - description = "You are querying Spamhaus from an open resolver, please see https://www.spamhaus.org/returnc/pub/"; - groups = ["spamhaus"]; + weight = 0.0; + description = "You are querying Spamhaus from an open resolver, please see https://www.spamhaus.org/returnc/pub/"; + one_shot = true; + groups = ["spamhaus"]; } "DBL_BLOCKED" { - weight = 0.0; - description = "You are exceeding the query limit, please see https://www.spamhaus.org/returnc/vol/"; - groups = ["spamhaus"]; + weight = 0.0; + description = "You are exceeding the query limit, please see https://www.spamhaus.org/returnc/vol/"; + one_shot = true; + groups = ["spamhaus"]; } "URIBL_MULTI" { weight = 0.0; description = "uribl.com: unrecognised result"; + one_shot = true; groups = ["uribl"]; } "URIBL_BLOCKED" { weight = 0.0; description = "uribl.com: query refused"; + one_shot = true; groups = ["uribl", "blocked"]; } "URIBL_BLACK" { weight = 7.5; description = "uribl.com black url"; + one_shot = true; groups = ["uribl"]; } "URIBL_RED" { weight = 3.5; description = "uribl.com red url"; + one_shot = true; groups = ["uribl"]; } "URIBL_GREY" { @@ -186,40 +212,48 @@ symbols = { one_shot = true; groups = ["uribl"]; } - #"SPAMHAUS_ZEN_URIBL" { - # weight = 0.0; - # description = "Spamhaus ZEN URIBL: Filtered result"; - # groups = ["spamhaus"]; - #} - #"URIBL_SBL" { - # weight = 6.5; - # description = "A domain in the message body resolves to an IP listed in Spamhaus SBL"; - # one_shot = true; - # groups = ["v"]; - #} - #"URIBL_SBL_CSS" { - # weight = 6.5; - # description = "A domain in the message body resolves to an IP listed in Spamhaus SBL CSS"; - # one_shot = true; - # groups = ["spamhaus"]; - #} - #"URIBL_XBL" { - # weight = 1.5; - # description = "A domain in the message body resolves to an IP listed in Spamhaus XBL"; - # one_shot = true; - # groups = ["spamhaus"]; - #} - #"URIBL_PBL" { - # weight = 0.01; - # description = "A domain in the message body resolves to an IP listed in Spamhaus PBL"; - # groups = ["spamhaus"]; - #} - #"URIBL_DROP" { - # weight = 5.0; - # description = "A domain in the message body resolves to an IP listed in Spamhaus DROP"; - # one_shot = true; - # groups = ["spamhaus"]; - #} + "SPAMHAUS_ZEN_URIBL" { + ignore = true; + weight = 0.0; + description = "Spamhaus ZEN URIBL: Filtered result"; + one_shot = true; + groups = ["spamhaus"]; + } + "URIBL_SBL" { + ignore = true; + weight = 6.5; + description = "A domain in the message body resolves to an IP listed in Spamhaus SBL"; + one_shot = true; + groups = ["spamhaus"]; + } + "URIBL_SBL_CSS" { + ignore = true; + weight = 6.5; + description = "A domain in the message body resolves to an IP listed in Spamhaus SBL CSS"; + one_shot = true; + groups = ["spamhaus"]; + } + "URIBL_XBL" { + ignore = true; + weight = 1.5; + description = "A domain in the message body resolves to an IP listed in Spamhaus XBL"; + one_shot = true; + groups = ["spamhaus"]; + } + "URIBL_PBL" { + ignore = true; + weight = 0.01; + description = "A domain in the message body resolves to an IP listed in Spamhaus PBL"; + one_shot = true; + groups = ["spamhaus"]; + } + "URIBL_DROP" { + ignore = true; + weight = 5.0; + description = "A domain in the message body resolves to an IP listed in Spamhaus DROP"; + one_shot = true; + groups = ["spamhaus"]; + } #"RBL_SARBL_BAD" { # weight = 2.5; # description = "A domain in the message body is blacklisted in SARBL"; diff --git a/yum.repos.d/CentOS-Stream-Extras.repo b/yum.repos.d/CentOS-Stream-Extras.repo index a2012bd..124f9ae 100644 --- a/yum.repos.d/CentOS-Stream-Extras.repo +++ b/yum.repos.d/CentOS-Stream-Extras.repo @@ -15,3 +15,12 @@ mirrorlist=http://mirrorlist.centos.org/?release=$stream&arch=$basearch&repo=ext gpgcheck=1 enabled=1 gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-centosofficial + +[extras-common] +name=CentOS Stream $releasever - Extras common packages +mirrorlist=http://mirrorlist.centos.org/?release=$stream&arch=$basearch&repo=extras-extras-common +#baseurl=http://mirror.centos.org/$contentdir/$stream/extras/$basearch/extras-common/ +gpgcheck=1 +enabled=1 +gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-SIG-Extras + diff --git a/yum.repos.d/epel-modular.repo b/yum.repos.d/epel-modular.repo index 3ac79cc..98f41c6 100644 --- a/yum.repos.d/epel-modular.repo +++ b/yum.repos.d/epel-modular.repo @@ -1,30 +1,30 @@ [epel-modular] -name=Extra Packages for Enterprise Linux Modular $releasever - $basearch +name=Extra Packages for Enterprise Linux Modular 8 - $basearch # It is much more secure to use the metalink, but if you wish to use a local mirror # place its address here. -#baseurl=https://download.example/pub/epel/$releasever/Modular/$basearch -metalink=https://mirrors.fedoraproject.org/metalink?repo=epel-modular-$releasever&arch=$basearch&infra=$infra&content=$contentdir +#baseurl=https://download.example/pub/epel/8/Modular/$basearch +metalink=https://mirrors.fedoraproject.org/metalink?repo=epel-modular-8&arch=$basearch&infra=$infra&content=$contentdir enabled=1 gpgcheck=1 countme=1 gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-8 [epel-modular-debuginfo] -name=Extra Packages for Enterprise Linux Modular $releasever - $basearch - Debug +name=Extra Packages for Enterprise Linux Modular 8 - $basearch - Debug # It is much more secure to use the metalink, but if you wish to use a local mirror # place its address here. -#baseurl=https://download.example/pub/epel/$releasever/Modular/$basearch/debug -metalink=https://mirrors.fedoraproject.org/metalink?repo=epel-modular-debug-$releasever&arch=$basearch&infra=$infra&content=$contentdir +#baseurl=https://download.example/pub/epel/8/Modular/$basearch/debug +metalink=https://mirrors.fedoraproject.org/metalink?repo=epel-modular-debug-8&arch=$basearch&infra=$infra&content=$contentdir enabled=0 gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-8 gpgcheck=1 [epel-modular-source] -name=Extra Packages for Enterprise Linux Modular $releasever - $basearch - Source +name=Extra Packages for Enterprise Linux Modular 8 - $basearch - Source # It is much more secure to use the metalink, but if you wish to use a local mirror # place it's address here. -#baseurl=https://download.example/pub/epel/$releasever/Modular/source/tree/ -metalink=https://mirrors.fedoraproject.org/metalink?repo=epel-modular-source-$releasever&arch=$basearch&infra=$infra&content=$contentdir +#baseurl=https://download.example/pub/epel/8/Modular/source/tree/ +metalink=https://mirrors.fedoraproject.org/metalink?repo=epel-modular-source-8&arch=$basearch&infra=$infra&content=$contentdir enabled=0 gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-8 gpgcheck=1 diff --git a/yum.repos.d/epel-next-testing.repo b/yum.repos.d/epel-next-testing.repo index 4581dfc..ce3dfbe 100644 --- a/yum.repos.d/epel-next-testing.repo +++ b/yum.repos.d/epel-next-testing.repo @@ -1,30 +1,30 @@ [epel-next-testing] -name=Extra Packages for Enterprise Linux $releasever - Next - Testing - $basearch +name=Extra Packages for Enterprise Linux 8 - Next - Testing - $basearch # It is much more secure to use the metalink, but if you wish to use a local mirror # place its address here. -#baseurl=https://download.example/pub/epel/testing/next/$releasever/Everything/$basearch/ -metalink=https://mirrors.fedoraproject.org/metalink?repo=epel-testing-next-$releasever&arch=$basearch&infra=$infra&content=$contentdir +#baseurl=https://download.example/pub/epel/testing/next/8/Everything/$basearch/ +metalink=https://mirrors.fedoraproject.org/metalink?repo=epel-testing-next-8&arch=$basearch&infra=$infra&content=$contentdir enabled=0 gpgcheck=1 countme=1 gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-8 [epel-next-testing-debuginfo] -name=Extra Packages for Enterprise Linux $releasever - Next - Testing - $basearch - Debug +name=Extra Packages for Enterprise Linux 8 - Next - Testing - $basearch - Debug # It is much more secure to use the metalink, but if you wish to use a local mirror # place its address here. -#baseurl=https://download.example/pub/epel/testing/next/$releasever/Everything/$basearch/debug/ -metalink=https://mirrors.fedoraproject.org/metalink?repo=epel-testing-next-debug-$releasever&arch=$basearch&infra=$infra&content=$contentdir +#baseurl=https://download.example/pub/epel/testing/next/8/Everything/$basearch/debug/ +metalink=https://mirrors.fedoraproject.org/metalink?repo=epel-testing-next-debug-8&arch=$basearch&infra=$infra&content=$contentdir enabled=0 gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-8 gpgcheck=1 [epel-next-testing-source] -name=Extra Packages for Enterprise Linux $releasever - Next - Testing - $basearch - Source +name=Extra Packages for Enterprise Linux 8 - Next - Testing - $basearch - Source # It is much more secure to use the metalink, but if you wish to use a local mirror # place it's address here. -#baseurl=https://download.example/pub/epel/testing/next/$releasever/Everything/source/tree/ -metalink=https://mirrors.fedoraproject.org/metalink?repo=epel-testing-next-source-$releasever&arch=$basearch&infra=$infra&content=$contentdir +#baseurl=https://download.example/pub/epel/testing/next/8/Everything/source/tree/ +metalink=https://mirrors.fedoraproject.org/metalink?repo=epel-testing-next-source-8&arch=$basearch&infra=$infra&content=$contentdir enabled=0 gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-8 gpgcheck=1 diff --git a/yum.repos.d/epel-next.repo b/yum.repos.d/epel-next.repo index 49601ab..f665d29 100644 --- a/yum.repos.d/epel-next.repo +++ b/yum.repos.d/epel-next.repo @@ -1,30 +1,30 @@ [epel-next] -name=Extra Packages for Enterprise Linux $releasever - Next - $basearch +name=Extra Packages for Enterprise Linux 8 - Next - $basearch # It is much more secure to use the metalink, but if you wish to use a local mirror # place its address here. -#baseurl=https://download.example/pub/epel/next/$releasever/Everything/$basearch/ -metalink=https://mirrors.fedoraproject.org/metalink?repo=epel-next-$releasever&arch=$basearch&infra=$infra&content=$contentdir +#baseurl=https://download.example/pub/epel/next/8/Everything/$basearch/ +metalink=https://mirrors.fedoraproject.org/metalink?repo=epel-next-8&arch=$basearch&infra=$infra&content=$contentdir enabled=1 gpgcheck=1 countme=1 gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-8 [epel-next-debuginfo] -name=Extra Packages for Enterprise Linux $releasever - Next - $basearch - Debug +name=Extra Packages for Enterprise Linux 8 - Next - $basearch - Debug # It is much more secure to use the metalink, but if you wish to use a local mirror # place its address here. -#baseurl=https://download.example/pub/epel/next/$releasever/Everything/$basearch/debug/ -metalink=https://mirrors.fedoraproject.org/metalink?repo=epel-next-debug-$releasever&arch=$basearch&infra=$infra&content=$contentdir +#baseurl=https://download.example/pub/epel/next/8/Everything/$basearch/debug/ +metalink=https://mirrors.fedoraproject.org/metalink?repo=epel-next-debug-8&arch=$basearch&infra=$infra&content=$contentdir enabled=0 gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-8 gpgcheck=1 [epel-next-source] -name=Extra Packages for Enterprise Linux $releasever - Next - $basearch - Source +name=Extra Packages for Enterprise Linux 8 - Next - $basearch - Source # It is much more secure to use the metalink, but if you wish to use a local mirror # place it's address here. -#baseurl=https://download.example/pub/epel/next/$releasever/Everything/source/tree/ -metalink=https://mirrors.fedoraproject.org/metalink?repo=epel-next-source-$releasever&arch=$basearch&infra=$infra&content=$contentdir +#baseurl=https://download.example/pub/epel/next/8/Everything/source/tree/ +metalink=https://mirrors.fedoraproject.org/metalink?repo=epel-next-source-8&arch=$basearch&infra=$infra&content=$contentdir enabled=0 gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-8 gpgcheck=1 diff --git a/yum.repos.d/epel-testing-modular.repo b/yum.repos.d/epel-testing-modular.repo index 494b84a..cb0f517 100644 --- a/yum.repos.d/epel-testing-modular.repo +++ b/yum.repos.d/epel-testing-modular.repo @@ -1,30 +1,30 @@ [epel-testing-modular] -name=Extra Packages for Enterprise Linux Modular $releasever - Testing - $basearch +name=Extra Packages for Enterprise Linux Modular 8 - Testing - $basearch # It is much more secure to use the metalink, but if you wish to use a local mirror # place its address here. -#baseurl=https://download.example/pub/epel/testing/$releasever/Modular/$basearch -metalink=https://mirrors.fedoraproject.org/metalink?repo=testing-modular-epel$releasever&arch=$basearch&infra=$infra&content=$contentdir +#baseurl=https://download.example/pub/epel/testing/8/Modular/$basearch +metalink=https://mirrors.fedoraproject.org/metalink?repo=testing-modular-epel8&arch=$basearch&infra=$infra&content=$contentdir enabled=0 gpgcheck=1 countme=1 gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-8 [epel-testing-modular-debuginfo] -name=Extra Packages for Enterprise Linux Modular $releasever - Testing - $basearch - Debug +name=Extra Packages for Enterprise Linux Modular 8 - Testing - $basearch - Debug # It is much more secure to use the metalink, but if you wish to use a local mirror # place its address here. -#baseurl=https://download.example/pub/epel/testing/$releasever/Modular/$basearch/debug -metalink=https://mirrors.fedoraproject.org/metalink?repo=testing-modular-debug-epel$releasever&arch=$basearch&infra=$infra&content=$contentdir +#baseurl=https://download.example/pub/epel/testing/8/Modular/$basearch/debug +metalink=https://mirrors.fedoraproject.org/metalink?repo=testing-modular-debug-epel8&arch=$basearch&infra=$infra&content=$contentdir enabled=0 gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-8 gpgcheck=1 [epel-testing-modular-source] -name=Extra Packages for Enterprise Linux Modular $releasever - Testing - $basearch - Source +name=Extra Packages for Enterprise Linux Modular 8 - Testing - $basearch - Source # It is much more secure to use the metalink, but if you wish to use a local mirror # place it's address here. -#baseurl=https://download.example/pub/epel/testing/$releasever/Modular/source/tree/ -metalink=https://mirrors.fedoraproject.org/metalink?repo=testing-modular-source-epel$releasever&arch=$basearch&infra=$infra&content=$contentdir +#baseurl=https://download.example/pub/epel/testing/8/Modular/source/tree/ +metalink=https://mirrors.fedoraproject.org/metalink?repo=testing-modular-source-epel8&arch=$basearch&infra=$infra&content=$contentdir enabled=0 gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-8 gpgcheck=1 diff --git a/yum.repos.d/epel-testing.repo b/yum.repos.d/epel-testing.repo index a21a806..5fd8943 100644 --- a/yum.repos.d/epel-testing.repo +++ b/yum.repos.d/epel-testing.repo @@ -1,30 +1,30 @@ [epel-testing] -name=Extra Packages for Enterprise Linux $releasever - Testing - $basearch +name=Extra Packages for Enterprise Linux 8 - Testing - $basearch # It is much more secure to use the metalink, but if you wish to use a local mirror # place its address here. -#baseurl=https://download.example/pub/epel/testing/$releasever/Everything/$basearch -metalink=https://mirrors.fedoraproject.org/metalink?repo=testing-epel$releasever&arch=$basearch&infra=$infra&content=$contentdir +#baseurl=https://download.example/pub/epel/testing/8/Everything/$basearch +metalink=https://mirrors.fedoraproject.org/metalink?repo=testing-epel8&arch=$basearch&infra=$infra&content=$contentdir enabled=0 gpgcheck=1 countme=1 gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-8 [epel-testing-debuginfo] -name=Extra Packages for Enterprise Linux $releasever - Testing - $basearch - Debug +name=Extra Packages for Enterprise Linux 8 - Testing - $basearch - Debug # It is much more secure to use the metalink, but if you wish to use a local mirror # place its address here. -#baseurl=https://download.example/pub/epel/testing/$releasever/Everything/$basearch/debug -metalink=https://mirrors.fedoraproject.org/metalink?repo=testing-debug-epel$releasever&arch=$basearch&infra=$infra&content=$contentdir +#baseurl=https://download.example/pub/epel/testing/8/Everything/$basearch/debug +metalink=https://mirrors.fedoraproject.org/metalink?repo=testing-debug-epel8&arch=$basearch&infra=$infra&content=$contentdir enabled=0 gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-8 gpgcheck=1 [epel-testing-source] -name=Extra Packages for Enterprise Linux $releasever - Testing - $basearch - Source +name=Extra Packages for Enterprise Linux 8 - Testing - $basearch - Source # It is much more secure to use the metalink, but if you wish to use a local mirror # place it's address here. -#baseurl=https://download.example/pub/epel/testing/$releasever/Everything/source/tree/ -metalink=https://mirrors.fedoraproject.org/metalink?repo=testing-source-epel$releasever&arch=$basearch&infra=$infra&content=$contentdir +#baseurl=https://download.example/pub/epel/testing/8/Everything/source/tree/ +metalink=https://mirrors.fedoraproject.org/metalink?repo=testing-source-epel8&arch=$basearch&infra=$infra&content=$contentdir enabled=0 gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-8 gpgcheck=1 diff --git a/yum.repos.d/epel.repo b/yum.repos.d/epel.repo index eb3208d..f50e424 100644 --- a/yum.repos.d/epel.repo +++ b/yum.repos.d/epel.repo @@ -1,30 +1,30 @@ [epel] -name=Extra Packages for Enterprise Linux $releasever - $basearch +name=Extra Packages for Enterprise Linux 8 - $basearch # It is much more secure to use the metalink, but if you wish to use a local mirror # place its address here. -#baseurl=https://download.example/pub/epel/$releasever/Everything/$basearch -metalink=https://mirrors.fedoraproject.org/metalink?repo=epel-$releasever&arch=$basearch&infra=$infra&content=$contentdir +#baseurl=https://download.example/pub/epel/8/Everything/$basearch +metalink=https://mirrors.fedoraproject.org/metalink?repo=epel-8&arch=$basearch&infra=$infra&content=$contentdir enabled=1 gpgcheck=1 countme=1 gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-8 [epel-debuginfo] -name=Extra Packages for Enterprise Linux $releasever - $basearch - Debug +name=Extra Packages for Enterprise Linux 8 - $basearch - Debug # It is much more secure to use the metalink, but if you wish to use a local mirror # place its address here. -#baseurl=https://download.example/pub/epel/$releasever/Everything/$basearch/debug -metalink=https://mirrors.fedoraproject.org/metalink?repo=epel-debug-$releasever&arch=$basearch&infra=$infra&content=$contentdir +#baseurl=https://download.example/pub/epel/8/Everything/$basearch/debug +metalink=https://mirrors.fedoraproject.org/metalink?repo=epel-debug-8&arch=$basearch&infra=$infra&content=$contentdir enabled=0 gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-8 gpgcheck=1 [epel-source] -name=Extra Packages for Enterprise Linux $releasever - $basearch - Source +name=Extra Packages for Enterprise Linux 8 - $basearch - Source # It is much more secure to use the metalink, but if you wish to use a local mirror # place it's address here. -#baseurl=https://download.example/pub/epel/$releasever/Everything/source/tree/ -metalink=https://mirrors.fedoraproject.org/metalink?repo=epel-source-$releasever&arch=$basearch&infra=$infra&content=$contentdir +#baseurl=https://download.example/pub/epel/8/Everything/source/tree/ +metalink=https://mirrors.fedoraproject.org/metalink?repo=epel-source-8&arch=$basearch&infra=$infra&content=$contentdir enabled=0 gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-8 gpgcheck=1