diff --git a/.etckeeper b/.etckeeper index e5c1217..db063ea 100755 --- a/.etckeeper +++ b/.etckeeper @@ -18,6 +18,7 @@ mkdir -p './cron.weekly' mkdir -p './crypto-policies/policies/modules' mkdir -p './cxs/newusers' mkdir -p './dbus-1/session.d' +mkdir -p './debuginfod' mkdir -p './dnf/aliases.d' mkdir -p './dnf/modules.defaults.d' mkdir -p './dnf/plugins/copr.d' @@ -479,7 +480,6 @@ maybe chmod 0755 'dconf/db' maybe chmod 0755 'dconf/db/distro.d' maybe chmod 0755 'dconf/db/distro.d/locks' maybe chmod 0755 'debuginfod' -maybe chmod 0644 'debuginfod/elfutils.urls' maybe chmod 0755 'default' maybe chmod 0644 'default/grub' maybe chmod 0600 'default/useradd' @@ -1027,6 +1027,7 @@ maybe chmod 0644 'ld.so.conf' maybe chmod 0755 'ld.so.conf.d' maybe chmod 0644 'ld.so.conf.d/bind-export-x86_64.conf' maybe chmod 0444 'ld.so.conf.d/kernel-4.18.0-193.6.3.el8_2.x86_64.conf' +maybe chmod 0444 'ld.so.conf.d/kernel-4.18.0-372.13.1.el8_6.x86_64.conf' maybe chmod 0444 'ld.so.conf.d/kernel-4.18.0-383.el8.x86_64.conf' maybe chmod 0644 'ld.so.conf.d/llvm-compat-x86_64.conf' maybe chmod 0755 'letsencrypt' @@ -4680,8 +4681,6 @@ maybe chmod 0644 'profile.d/colorxzgrep.sh' maybe chmod 0644 'profile.d/colorzgrep.csh' maybe chmod 0644 'profile.d/colorzgrep.sh' maybe chmod 0644 'profile.d/csh.local' -maybe chmod 0644 'profile.d/debuginfod.csh' -maybe chmod 0644 'profile.d/debuginfod.sh' maybe chmod 0644 'profile.d/gawk.csh' maybe chmod 0644 'profile.d/gawk.sh' maybe chmod 0640 'profile.d/grc.sh' diff --git a/aliases.db b/aliases.db index 4917640..d29131a 100644 Binary files a/aliases.db and b/aliases.db differ diff --git a/csf/csf.pignore b/csf/csf.pignore index 538bad7..c97118e 100644 --- a/csf/csf.pignore +++ b/csf/csf.pignore @@ -70,6 +70,7 @@ user:netdata user:postgres user:sqlgrey user:polkitd +user:daemon #executables exe:/usr/lib/polkit-1/polkitd diff --git a/debuginfod/elfutils.urls b/debuginfod/elfutils.urls deleted file mode 100644 index 1f54c3c..0000000 --- a/debuginfod/elfutils.urls +++ /dev/null @@ -1 +0,0 @@ -https://debuginfod.centos.org/ diff --git a/ld.so.conf.d/kernel-4.18.0-372.13.1.el8_6.x86_64.conf b/ld.so.conf.d/kernel-4.18.0-372.13.1.el8_6.x86_64.conf new file mode 100644 index 0000000..e4b9dd6 --- /dev/null +++ b/ld.so.conf.d/kernel-4.18.0-372.13.1.el8_6.x86_64.conf @@ -0,0 +1 @@ + # Placeholder file, no vDSO hwcap entries used in this kernel. diff --git a/modprobe.d/firewalld-sysctls.conf b/modprobe.d/firewalld-sysctls.conf index db9a743..e0bcecf 100644 --- a/modprobe.d/firewalld-sysctls.conf +++ b/modprobe.d/firewalld-sysctls.conf @@ -1 +1 @@ -install nf_conntrack /sbin/modprobe --ignore-install nf_conntrack $CMDLINE_OPTS && /sbin/sysctl --quiet --pattern 'net[.]netfilter[.]nf_conntrack.*' --system +install nf_conntrack /sbin/modprobe --ignore-install nf_conntrack $CMDLINE_OPTS && /usr/sbin/sysctl --quiet --pattern 'net[.]netfilter[.]nf_conntrack.*' --system diff --git a/pam.d/systemd-user b/pam.d/systemd-user index 8607d4f..2725df9 100644 --- a/pam.d/systemd-user +++ b/pam.d/systemd-user @@ -2,7 +2,6 @@ # # Used by systemd --user instances. -account sufficient pam_unix.so no_pass_expiry account include system-auth session required pam_selinux.so close diff --git a/pki/ca-trust/extracted/java/cacerts b/pki/ca-trust/extracted/java/cacerts index 18bb9fb..5139d7b 100644 Binary files a/pki/ca-trust/extracted/java/cacerts and b/pki/ca-trust/extracted/java/cacerts differ diff --git a/profile.d/debuginfod.csh b/profile.d/debuginfod.csh deleted file mode 100644 index c01f682..0000000 --- a/profile.d/debuginfod.csh +++ /dev/null @@ -1,16 +0,0 @@ -# $HOME/.login* or similar files may first set $DEBUGINFOD_URLS. -# If $DEBUGINFOD_URLS is not set there, we set it from system *.url files. -# $HOME/.*rc or similar files may then amend $DEBUGINFOD_URLS. -# See also [man debuginfod-client-config] for other environment variables -# such as $DEBUGINFOD_MAXSIZE, $DEBUGINFOD_MAXTIME, $DEBUGINFOD_PROGRESS. - -if (! $?DEBUGINFOD_URLS) then - set prefix="/usr" - set DEBUGINFOD_URLS=`sh -c 'cat "$0"/*.urls 2>/dev/null; :' "/etc/debuginfod" | tr '\n' ' '` - if ( "$DEBUGINFOD_URLS" != "" ) then - setenv DEBUGINFOD_URLS "$DEBUGINFOD_URLS" - else - unset DEBUGINFOD_URLS - endif - unset prefix -endif diff --git a/profile.d/debuginfod.sh b/profile.d/debuginfod.sh deleted file mode 100644 index 8f94ca4..0000000 --- a/profile.d/debuginfod.sh +++ /dev/null @@ -1,12 +0,0 @@ -# $HOME/.profile* or similar files may first set $DEBUGINFOD_URLS. -# If $DEBUGINFOD_URLS is not set there, we set it from system *.url files. -# $HOME/.*rc or similar files may then amend $DEBUGINFOD_URLS. -# See also [man debuginfod-client-config] for other environment variables -# such as $DEBUGINFOD_MAXSIZE, $DEBUGINFOD_MAXTIME, $DEBUGINFOD_PROGRESS. - -if [ -z "$DEBUGINFOD_URLS" ]; then - prefix="/usr" - DEBUGINFOD_URLS=$(cat "/etc/debuginfod"/*.urls 2>/dev/null | tr '\n' ' ') - [ -n "$DEBUGINFOD_URLS" ] && export DEBUGINFOD_URLS || unset DEBUGINFOD_URLS - unset prefix -fi diff --git a/profile.d/which2.sh b/profile.d/which2.sh index bca5347..0f47f9e 100644 --- a/profile.d/which2.sh +++ b/profile.d/which2.sh @@ -20,7 +20,7 @@ bash|sh) ;; esac -function which { +which () { (alias; eval ${which_declare}) | /usr/bin/which --tty-only --read-alias --read-functions --show-tilde --show-dot $@ } diff --git a/selinux/targeted/.policy.sha512 b/selinux/targeted/.policy.sha512 index af9b14d..b0dfc2c 100644 --- a/selinux/targeted/.policy.sha512 +++ b/selinux/targeted/.policy.sha512 @@ -1 +1 @@ -d4fd17421900e5952bfdc4d465cc49f7947b18125eaffc27862e0024c386b792c8da1f3e7c1697ab9b923e4d392afcf01e7f7d07f65480c7c7fdc051ccc2c0e0 +3529f6e114cca0bd7360d6774096502304ff52b0724a6a58a28bfaa1ffd7d9623f12eb993d8cb0cc0c8116eb3e6a460deb1ce019825989a52ba1769324433777 diff --git a/selinux/targeted/contexts/files/file_contexts b/selinux/targeted/contexts/files/file_contexts index 0187c38..cbcff4b 100644 --- a/selinux/targeted/contexts/files/file_contexts +++ b/selinux/targeted/contexts/files/file_contexts @@ -2161,7 +2161,6 @@ /var/cache/cracklib(/.*)? system_u:object_r:crack_db_t:s0 /var/cache/ddclient(/.*)? system_u:object_r:ddclient_var_t:s0 /var/cache/foomatic(/.*)? system_u:object_r:cupsd_rw_etc_t:s0 -/var/cache/insights(/.*)? system_u:object_r:insights_client_cache_t:s0 /var/cache/ipmiseld(/.*)? system_u:object_r:freeipmi_var_cache_t:s0 /var/cache/ldconfig(/.*)? system_u:object_r:ldconfig_cache_t:s0 /var/cache/lighttpd(/.*)? system_u:object_r:httpd_cache_t:s0 @@ -5277,7 +5276,6 @@ /usr/libexec/news/inndf -- system_u:object_r:innd_exec_t:s0 /usr/libexec/news/nnrpd -- system_u:object_r:innd_exec_t:s0 /usr/libexec/news/rnews -- system_u:object_r:innd_exec_t:s0 -/usr/libexec/vdsm/vdsmd -- system_u:object_r:virtd_exec_t:s0 /usr/sbin/audisp-remote -- system_u:object_r:audisp_remote_exec_t:s0 /usr/sbin/avahi-autoipd -- system_u:object_r:avahi_exec_t:s0 /usr/sbin/clamav-milter -- system_u:object_r:antivirus_exec_t:s0 @@ -5544,7 +5542,6 @@ /usr/libexec/rtkit-daemon -- system_u:object_r:rtkit_daemon_exec_t:s0 /usr/libexec/tangd-keygen -- system_u:object_r:tangd_exec_t:s0 /usr/libexec/tangd-update -- system_u:object_r:tangd_exec_t:s0 -/usr/libexec/vdsm/respawn -- system_u:object_r:virtd_exec_t:s0 /usr/sbin/dnssec-triggerd -- system_u:object_r:dnssec_trigger_exec_t:s0 /usr/sbin/init_repository -- system_u:object_r:pegasus_exec_t:s0 /usr/sbin/ipvsadm-restore -- system_u:object_r:iptables_exec_t:s0 @@ -5833,11 +5830,9 @@ /usr/libexec/pcp/lib/pmproxy -- system_u:object_r:pcp_pmproxy_initrc_exec_t:s0 /usr/libexec/postfix/cleanup -- system_u:object_r:postfix_cleanup_exec_t:s0 /usr/libexec/postfix/virtual -- system_u:object_r:postfix_virtual_exec_t:s0 -/usr/libexec/samba/rpcd_lsad -- system_u:object_r:winbind_rpcd_exec_t:s0 /usr/libexec/telepathy-rakia -- system_u:object_r:telepathy_sofiasip_exec_t:s0 /usr/libexec/telepathy-salut -- system_u:object_r:telepathy_salut_exec_t:s0 /usr/libexec/udisks2/udisksd -- system_u:object_r:devicekit_disk_exec_t:s0 -/usr/libexec/vdsm/supervdsmd -- system_u:object_r:virtd_exec_t:s0 /usr/sbin/audispd-zos-remote -- system_u:object_r:zos_remote_exec_t:s0 /usr/sbin/console-kit-daemon -- system_u:object_r:consolekit_exec_t:s0 /usr/sbin/nm-system-settings -- system_u:object_r:NetworkManager_exec_t:s0 @@ -6030,7 +6025,6 @@ /usr/libexec/sssd/selinux_child -- system_u:object_r:sssd_selinux_manager_exec_t:s0 /usr/libexec/telepathy-sofiasip -- system_u:object_r:telepathy_sofiasip_exec_t:s0 /usr/libexec/telepathy-sunshine -- system_u:object_r:telepathy_sunshine_exec_t:s0 -/usr/libexec/vdsm/daemonAdapter -- system_u:object_r:virtd_exec_t:s0 /usr/sbin/insmod_ksymoops_clean -- system_u:object_r:bin_t:s0 /usr/sbin/zabbix_server_sqlite3 -- system_u:object_r:zabbix_exec_t:s0 /usr/share/ajaxterm/ajaxterm\.py -- system_u:object_r:ajaxterm_exec_t:s0 @@ -6074,7 +6068,6 @@ /usr/libexec/openssh/sftp-server -- system_u:object_r:bin_t:s0 /usr/libexec/openssh/ssh-keysign -- system_u:object_r:ssh_keysign_exec_t:s0 /usr/libexec/openssh/sshd-keygen -- system_u:object_r:sshd_keygen_exec_t:s0 -/usr/libexec/samba/samba-dcerpcd -- system_u:object_r:winbind_rpcd_exec_t:s0 /usr/libexec/squid/cache_swap\.sh -- system_u:object_r:squid_exec_t:s0 /usr/libexec/telepathy-butterfly -- system_u:object_r:telepathy_msn_exec_t:s0 /usr/sbin/abrt-install-ccpp-hook -- system_u:object_r:abrt_exec_t:s0 diff --git a/selinux/targeted/contexts/files/file_contexts.bin b/selinux/targeted/contexts/files/file_contexts.bin index 68d42aa..d54fd3c 100644 Binary files a/selinux/targeted/contexts/files/file_contexts.bin and b/selinux/targeted/contexts/files/file_contexts.bin differ diff --git a/selinux/targeted/policy/policy.31 b/selinux/targeted/policy/policy.31 index 9c142ed..c2bfd7b 100644 Binary files a/selinux/targeted/policy/policy.31 and b/selinux/targeted/policy/policy.31 differ diff --git a/sgml/catalog b/sgml/catalog index 4d9ea8f..8ee3d21 100644 --- a/sgml/catalog +++ b/sgml/catalog @@ -1,13 +1,13 @@ -CATALOG "/etc/sgml/sgml-docbook-4.1.cat" -CATALOG "/etc/sgml/sgml-docbook-3.0.cat" CATALOG "/etc/sgml/sgml-docbook-4.0.cat" -CATALOG "/etc/sgml/sgml-docbook-4.2.cat" -CATALOG "/etc/sgml/sgml-docbook-4.3.cat" -CATALOG "/etc/sgml/sgml-docbook-4.4.cat" CATALOG "/etc/sgml/sgml-docbook-4.5.cat" +CATALOG "/etc/sgml/sgml-docbook-3.0.cat" +CATALOG "/etc/sgml/sgml-docbook-4.2.cat" CATALOG "/etc/sgml/sgml-docbook-3.1.cat" -CATALOG "/etc/sgml/xml-docbook-4.1.2.cat" -CATALOG "/etc/sgml/xml-docbook-4.2.cat" -CATALOG "/etc/sgml/xml-docbook-4.4.cat" -CATALOG "/etc/sgml/xml-docbook-4.5.cat" +CATALOG "/etc/sgml/sgml-docbook-4.4.cat" +CATALOG "/etc/sgml/sgml-docbook-4.1.cat" +CATALOG "/etc/sgml/sgml-docbook-4.3.cat" CATALOG "/etc/sgml/xml-docbook-4.3.cat" +CATALOG "/etc/sgml/xml-docbook-4.1.2.cat" +CATALOG "/etc/sgml/xml-docbook-4.4.cat" +CATALOG "/etc/sgml/xml-docbook-4.2.cat" +CATALOG "/etc/sgml/xml-docbook-4.5.cat" diff --git a/sgml/sgml-docbook-3.1.cat b/sgml/sgml-docbook-3.1.cat index 597a3ee..73a0c64 100644 --- a/sgml/sgml-docbook-3.1.cat +++ b/sgml/sgml-docbook-3.1.cat @@ -1,2 +1,2 @@ -CATALOG "/usr/share/sgml/docbook/sgml-dtd-3.1/catalog" CATALOG "/usr/share/sgml/sgml-iso-entities-8879.1986/catalog" +CATALOG "/usr/share/sgml/docbook/sgml-dtd-3.1/catalog" diff --git a/sgml/sgml-docbook-4.0.cat b/sgml/sgml-docbook-4.0.cat index cd61bdf..c8511d0 100644 --- a/sgml/sgml-docbook-4.0.cat +++ b/sgml/sgml-docbook-4.0.cat @@ -1,2 +1,2 @@ -CATALOG "/usr/share/sgml/sgml-iso-entities-8879.1986/catalog" CATALOG "/usr/share/sgml/docbook/sgml-dtd-4.0/catalog" +CATALOG "/usr/share/sgml/sgml-iso-entities-8879.1986/catalog" diff --git a/sgml/sgml-docbook-4.2.cat b/sgml/sgml-docbook-4.2.cat index c5e1b3c..1018cde 100644 --- a/sgml/sgml-docbook-4.2.cat +++ b/sgml/sgml-docbook-4.2.cat @@ -1,2 +1,2 @@ -CATALOG "/usr/share/sgml/docbook/sgml-dtd-4.2/catalog" CATALOG "/usr/share/sgml/sgml-iso-entities-8879.1986/catalog" +CATALOG "/usr/share/sgml/docbook/sgml-dtd-4.2/catalog" diff --git a/sgml/sgml-docbook-4.5.cat b/sgml/sgml-docbook-4.5.cat index 3a67c97..4f8db25 100644 --- a/sgml/sgml-docbook-4.5.cat +++ b/sgml/sgml-docbook-4.5.cat @@ -1,2 +1,2 @@ -CATALOG "/usr/share/sgml/docbook/sgml-dtd-4.5/catalog" CATALOG "/usr/share/sgml/sgml-iso-entities-8879.1986/catalog" +CATALOG "/usr/share/sgml/docbook/sgml-dtd-4.5/catalog" diff --git a/sysconfig/network-scripts/ifup-routes b/sysconfig/network-scripts/ifup-routes index 45fd125..517c2bb 100755 --- a/sysconfig/network-scripts/ifup-routes +++ b/sysconfig/network-scripts/ifup-routes @@ -2,8 +2,6 @@ # # adds static routes which go through device $1 -. /etc/sysconfig/network-scripts/network-functions - if [ -z "$1" ]; then echo $"usage: ifup-routes []" exit 1 @@ -21,12 +19,7 @@ handle_file () { line="$line via $(eval echo '$'GATEWAY$routenum)" fi line="$line dev $2" - - /sbin/ip route add $line || { - net_log $"Failed to add route ${line}, using ip route replace instead." warning - /sbin/ip route replace $line - } - + /sbin/ip route add $line routenum=$(($routenum+1)) done } @@ -42,11 +35,6 @@ handle_ip_file() { { cat "$file" ; echo ; } | while read line; do if [[ ! "$line" =~ $MATCH ]]; then /sbin/ip $proto $type add $line - - if [ $? != 0 ] && [ "$type" == "route" ] ; then - net_log $"Failed to add route ${line}, using ip route replace instead." warning - /sbin/ip $proto route replace $line - fi fi done } diff --git a/sysconfig/rngd b/sysconfig/rngd index dbb6f7a..f0da1d9 100644 --- a/sysconfig/rngd +++ b/sysconfig/rngd @@ -1,3 +1,3 @@ # Optional arguments passed to rngd. See rngd(8) and # https://bugzilla.redhat.com/show_bug.cgi?id=1252175#c21 -RNGD_ARGS="--fill-watermark=0 -x pkcs11 -x nist -D daemon:daemon" +RNGD_ARGS="--fill-watermark=0 -x pkcs11 -x nist" diff --git a/vmware-tools/tools.conf.example b/vmware-tools/tools.conf.example index bfcf952..1682c3c 100644 --- a/vmware-tools/tools.conf.example +++ b/vmware-tools/tools.conf.example @@ -1,4 +1,4 @@ -# Copyright (c) 2019-2022 VMware, Inc. All rights reserved. +# Copyright (c) 2019-2021 VMware, Inc. All rights reserved. # "CAUTION: tools.conf is highly syntax sensitive file. Use extreme caution # while editing it. If modified, it is automatically re-loaded by @@ -245,44 +245,6 @@ # whether to include reserved space in diskInfo space metrics on Linux #diskinfo-include-reserved=false -[globalconf] - -# The GlobalConf feature provides an ability for the vSphere administrators -# to distribute a 'VMware Tools Configuration File' (tools.conf) via the -# GuestStore for multiple VMs at scale. - -# Defines the configuration to enable/disable the GlobalConf module. -# Set to true to enable the module. -# Set to false to disable the module. Default false. -#enabled=false - -# Defines a custom GlobalConf poll interval (in seconds). -# Default 3600 seconds. Minimum 1800 seconds. -#poll-interval=3600 - -# Defines the global configuration resource in GuestStore. -# Windows guests -#resource=/vmware/configurations/vmtools/windows/tools.conf -# -# Linux guests -#resource=/vmware/configurations/vmtools/linux/tools.conf - -[componentmgr] - -# This plugin manages the known and enabled components add/remove status. -# The plugin polls at regular interval and triggers action add/remove for -# all the known and enabled components in the componentMgr plugin. - -# Default and minimum polling interval in seconds (0 => polling disabled) -#poll-interval=180 - -# Comma separated list of components managed by the plugin. If not specified, -# default value is all, which means all components are enabled by default. -# A special value of none means no component, which is equivalent to disabling -# the plugin completely. Value is parsed left to right and parsing stops at -# first occurrence of all or none or end of line. -#included=all - [appinfo] # This plugin collects info about running applications in guest OS. @@ -297,35 +259,6 @@ # version info, otherwise native Win32 API is used. #useWMI=false -# Whether to remove the duplicate applications information in the -# guestinfo variable. -#remove-duplicates=true - -[containerinfo] - -# This plugin collects info about running containers in guest OS. - -# User-defined poll interval in seconds. Set to 0 to disable the plugin. -#poll-interval=21600 - -# Maximum number of containers to be retrieved per namespace. -#max-containers=256 - -# Whether to remove the duplicate containers information in the -# guestinfo variable. -#remove-duplicates=true - -# Unix socket to use to communicate with the docker daemon. -#docker-unix-socket=/var/run/docker.sock - -# The unix socket to connect to communicate with containerd grpc server -# for retrieving the list of running containers. -#containerd-unix-socket=/run/containerd/containerd.sock - -# List of namespaces to be queried for the running containers. -# The value for this key is a comman separated list. -#allowed-namespaces=moby,k8s.io,default - [servicediscovery] # This plugin provides admins with additional info for better VM management. diff --git a/vmware-tools/vgauth/schemas/saml-schema-assertion-2.0.xsd b/vmware-tools/vgauth/schemas/saml-schema-assertion-2.0.xsd index 9bbfa26..6aa3b27 100644 --- a/vmware-tools/vgauth/schemas/saml-schema-assertion-2.0.xsd +++ b/vmware-tools/vgauth/schemas/saml-schema-assertion-2.0.xsd @@ -1,283 +1,283 @@ - - - - - - - Document identifier: saml-schema-assertion-2.0 - Location: http://docs.oasis-open.org/security/saml/v2.0/ - Revision history: - V1.0 (November, 2002): - Initial Standard Schema. - V1.1 (September, 2003): - Updates within the same V1.0 namespace. - V2.0 (March, 2005): - New assertion schema for SAML V2.0 namespace. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - + + + + + + + Document identifier: saml-schema-assertion-2.0 + Location: http://docs.oasis-open.org/security/saml/v2.0/ + Revision history: + V1.0 (November, 2002): + Initial Standard Schema. + V1.1 (September, 2003): + Updates within the same V1.0 namespace. + V2.0 (March, 2005): + New assertion schema for SAML V2.0 namespace. + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +