committing changes in /etc made by "-bash"

Package changes:

.etckeeper

@@ -79,6 +79,7 @@ mkdir -p './polkit-1/localauthority/50-local.d'
 mkdir -p './polkit-1/localauthority/90-mandatory.d'
 mkdir -p './pyzor'
 mkdir -p './qemu-ga/fsfreeze-hook.d'
+mkdir -p './rhsm/ca'
 mkdir -p './rhsm/facts'
 mkdir -p './rhsm/pluginconf.d'
 mkdir -p './rspamd/override.d'
@@ -247,6 +248,7 @@ maybe chmod 0755 'binfmt.d'
 maybe chmod 0644 'cczerc'
 maybe chmod 0755 'chkconfig.d'
 maybe chmod 0644 'chrony.conf'
+maybe chmod 0644 'chrony.conf.rpmnew'
 maybe chgrp 'chrony' 'chrony.keys'
 maybe chmod 0640 'chrony.keys'
 maybe chmod 0755 'cifs-utils'
@@ -944,6 +946,7 @@ maybe chmod 0644 'httpd/conf.d/perl.conf.rpmnew'
 maybe chmod 0644 'httpd/conf.d/php.conf'
 maybe chmod 0644 'httpd/conf.d/phpmyadmin.conf'
 maybe chmod 0644 'httpd/conf.d/squid.conf'
+maybe chmod 0644 'httpd/conf.d/ssl.conf'
 maybe chmod 0644 'httpd/conf.d/ssl.conf_disabled'
 maybe chmod 0644 'httpd/conf.d/userdir.conf'
 maybe chmod 0644 'httpd/conf.d/welcome.conf'
@@ -991,23 +994,23 @@ maybe chmod 0644 'issue.rpmnew'
 maybe chmod 0644 'issue.rpmsave'
 maybe chmod 0755 'java'
 maybe chmod 0755 'java/java-1.8.0-openjdk'
-maybe chmod 0755 'java/java-1.8.0-openjdk/java-1.8.0-openjdk-1.8.0.322.b06-11.el8.x86_64'
-maybe chmod 0755 'java/java-1.8.0-openjdk/java-1.8.0-openjdk-1.8.0.322.b06-11.el8.x86_64/lib'
-maybe chmod 0644 'java/java-1.8.0-openjdk/java-1.8.0-openjdk-1.8.0.322.b06-11.el8.x86_64/lib/calendars.properties'
-maybe chmod 0644 'java/java-1.8.0-openjdk/java-1.8.0-openjdk-1.8.0.322.b06-11.el8.x86_64/lib/logging.properties'
-maybe chmod 0755 'java/java-1.8.0-openjdk/java-1.8.0-openjdk-1.8.0.322.b06-11.el8.x86_64/lib/security'
-maybe chmod 0644 'java/java-1.8.0-openjdk/java-1.8.0-openjdk-1.8.0.322.b06-11.el8.x86_64/lib/security/blacklisted.certs'
-maybe chmod 0644 'java/java-1.8.0-openjdk/java-1.8.0-openjdk-1.8.0.322.b06-11.el8.x86_64/lib/security/java.policy'
-maybe chmod 0644 'java/java-1.8.0-openjdk/java-1.8.0-openjdk-1.8.0.322.b06-11.el8.x86_64/lib/security/java.security'
-maybe chmod 0644 'java/java-1.8.0-openjdk/java-1.8.0-openjdk-1.8.0.322.b06-11.el8.x86_64/lib/security/nss.cfg'
-maybe chmod 0644 'java/java-1.8.0-openjdk/java-1.8.0-openjdk-1.8.0.322.b06-11.el8.x86_64/lib/security/nss.fips.cfg'
-maybe chmod 0755 'java/java-1.8.0-openjdk/java-1.8.0-openjdk-1.8.0.322.b06-11.el8.x86_64/lib/security/policy'
-maybe chmod 0755 'java/java-1.8.0-openjdk/java-1.8.0-openjdk-1.8.0.322.b06-11.el8.x86_64/lib/security/policy/limited'
-maybe chmod 0644 'java/java-1.8.0-openjdk/java-1.8.0-openjdk-1.8.0.322.b06-11.el8.x86_64/lib/security/policy/limited/US_export_policy.jar'
-maybe chmod 0644 'java/java-1.8.0-openjdk/java-1.8.0-openjdk-1.8.0.322.b06-11.el8.x86_64/lib/security/policy/limited/local_policy.jar'
-maybe chmod 0755 'java/java-1.8.0-openjdk/java-1.8.0-openjdk-1.8.0.322.b06-11.el8.x86_64/lib/security/policy/unlimited'
-maybe chmod 0644 'java/java-1.8.0-openjdk/java-1.8.0-openjdk-1.8.0.322.b06-11.el8.x86_64/lib/security/policy/unlimited/US_export_policy.jar'
-maybe chmod 0644 'java/java-1.8.0-openjdk/java-1.8.0-openjdk-1.8.0.322.b06-11.el8.x86_64/lib/security/policy/unlimited/local_policy.jar'
+maybe chmod 0755 'java/java-1.8.0-openjdk/java-1.8.0-openjdk-1.8.0.332.b09-2.el8_6.x86_64'
+maybe chmod 0755 'java/java-1.8.0-openjdk/java-1.8.0-openjdk-1.8.0.332.b09-2.el8_6.x86_64/lib'
+maybe chmod 0644 'java/java-1.8.0-openjdk/java-1.8.0-openjdk-1.8.0.332.b09-2.el8_6.x86_64/lib/calendars.properties'
+maybe chmod 0644 'java/java-1.8.0-openjdk/java-1.8.0-openjdk-1.8.0.332.b09-2.el8_6.x86_64/lib/logging.properties'
+maybe chmod 0755 'java/java-1.8.0-openjdk/java-1.8.0-openjdk-1.8.0.332.b09-2.el8_6.x86_64/lib/security'
+maybe chmod 0644 'java/java-1.8.0-openjdk/java-1.8.0-openjdk-1.8.0.332.b09-2.el8_6.x86_64/lib/security/blacklisted.certs'
+maybe chmod 0644 'java/java-1.8.0-openjdk/java-1.8.0-openjdk-1.8.0.332.b09-2.el8_6.x86_64/lib/security/java.policy'
+maybe chmod 0644 'java/java-1.8.0-openjdk/java-1.8.0-openjdk-1.8.0.332.b09-2.el8_6.x86_64/lib/security/java.security'
+maybe chmod 0644 'java/java-1.8.0-openjdk/java-1.8.0-openjdk-1.8.0.332.b09-2.el8_6.x86_64/lib/security/nss.cfg'
+maybe chmod 0644 'java/java-1.8.0-openjdk/java-1.8.0-openjdk-1.8.0.332.b09-2.el8_6.x86_64/lib/security/nss.fips.cfg'
+maybe chmod 0755 'java/java-1.8.0-openjdk/java-1.8.0-openjdk-1.8.0.332.b09-2.el8_6.x86_64/lib/security/policy'
+maybe chmod 0755 'java/java-1.8.0-openjdk/java-1.8.0-openjdk-1.8.0.332.b09-2.el8_6.x86_64/lib/security/policy/limited'
+maybe chmod 0644 'java/java-1.8.0-openjdk/java-1.8.0-openjdk-1.8.0.332.b09-2.el8_6.x86_64/lib/security/policy/limited/US_export_policy.jar'
+maybe chmod 0644 'java/java-1.8.0-openjdk/java-1.8.0-openjdk-1.8.0.332.b09-2.el8_6.x86_64/lib/security/policy/limited/local_policy.jar'
+maybe chmod 0755 'java/java-1.8.0-openjdk/java-1.8.0-openjdk-1.8.0.332.b09-2.el8_6.x86_64/lib/security/policy/unlimited'
+maybe chmod 0644 'java/java-1.8.0-openjdk/java-1.8.0-openjdk-1.8.0.332.b09-2.el8_6.x86_64/lib/security/policy/unlimited/US_export_policy.jar'
+maybe chmod 0644 'java/java-1.8.0-openjdk/java-1.8.0-openjdk-1.8.0.332.b09-2.el8_6.x86_64/lib/security/policy/unlimited/local_policy.jar'
 maybe chmod 0755 'java/security'
 maybe chmod 0755 'java/security/security.d'
 maybe chmod 0755 'jvm'
@@ -4821,8 +4824,6 @@ maybe chmod 0644 'resolv.conf'
 maybe chmod 0644 'resolv.conf.save'
 maybe chmod 0755 'rhsm'
 maybe chmod 0755 'rhsm/ca'
-maybe chmod 0644 'rhsm/ca/redhat-entitlement-authority.pem'
-maybe chmod 0644 'rhsm/ca/redhat-uep.pem'
 maybe chmod 0755 'rhsm/facts'
 maybe chmod 0644 'rhsm/logging.conf'
 maybe chmod 0755 'rhsm/pluginconf.d'
@@ -5152,12 +5153,16 @@ maybe chmod 0640 'sqlgrey/sqlgrey.sql'
 maybe chmod 0755 'squid'
 maybe chgrp 'squid' 'squid/cachemgr.conf'
 maybe chmod 0644 'squid/cachemgr.conf'
+maybe chmod 0644 'squid/cachemgr.conf.default'
 maybe chmod 0644 'squid/errorpage.css'
+maybe chmod 0644 'squid/errorpage.css.default'
 maybe chmod 0644 'squid/mime.conf'
+maybe chmod 0644 'squid/mime.conf.default'
 maybe chgrp 'squid' 'squid/passwords'
 maybe chmod 0640 'squid/passwords'
 maybe chgrp 'squid' 'squid/squid.conf'
 maybe chmod 0640 'squid/squid.conf'
+maybe chmod 0644 'squid/squid.conf.default'
 maybe chmod 0640 'squid/userip.conf'
 maybe chmod 0755 'ssh'
 maybe chmod 0644 'ssh/moduli'

alternatives/alt-java

@@ -1 +1 @@
-/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.322.b06-11.el8.x86_64/jre/bin/alt-java
+/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.332.b09-2.el8_6.x86_64/jre/bin/alt-java

alternatives/alt-java.1.gz

@@ -1 +1 @@
-/usr/share/man/man1/alt-java-java-1.8.0-openjdk-1.8.0.322.b06-11.el8.x86_64.1.gz
+/usr/share/man/man1/alt-java-java-1.8.0-openjdk-1.8.0.332.b09-2.el8_6.x86_64.1.gz

alternatives/java

@@ -1 +1 @@
-/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.322.b06-11.el8.x86_64/jre/bin/java
+/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.332.b09-2.el8_6.x86_64/jre/bin/java

alternatives/java.1.gz

@@ -1 +1 @@
-/usr/share/man/man1/java-java-1.8.0-openjdk-1.8.0.322.b06-11.el8.x86_64.1.gz
+/usr/share/man/man1/java-java-1.8.0-openjdk-1.8.0.332.b09-2.el8_6.x86_64.1.gz

alternatives/jjs

@@ -1 +1 @@
-/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.322.b06-11.el8.x86_64/jre/bin/jjs
+/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.332.b09-2.el8_6.x86_64/jre/bin/jjs

alternatives/jjs.1.gz

@@ -1 +1 @@
-/usr/share/man/man1/jjs-java-1.8.0-openjdk-1.8.0.322.b06-11.el8.x86_64.1.gz
+/usr/share/man/man1/jjs-java-1.8.0-openjdk-1.8.0.332.b09-2.el8_6.x86_64.1.gz

alternatives/jre

@@ -1 +1 @@
-/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.322.b06-11.el8.x86_64/jre
+/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.332.b09-2.el8_6.x86_64/jre

alternatives/jre_1.8.0

@@ -1 +1 @@
-/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.322.b06-11.el8.x86_64/jre
+/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.332.b09-2.el8_6.x86_64/jre

alternatives/jre_1.8.0_openjdk

@@ -1 +1 @@
-/usr/lib/jvm/jre-1.8.0-openjdk-1.8.0.322.b06-11.el8.x86_64
+/usr/lib/jvm/jre-1.8.0-openjdk-1.8.0.332.b09-2.el8_6.x86_64

alternatives/jre_openjdk

@@ -1 +1 @@
-/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.322.b06-11.el8.x86_64/jre
+/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.332.b09-2.el8_6.x86_64/jre

alternatives/keytool

@@ -1 +1 @@
-/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.322.b06-11.el8.x86_64/jre/bin/keytool
+/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.332.b09-2.el8_6.x86_64/jre/bin/keytool

alternatives/keytool.1.gz

@@ -1 +1 @@
-/usr/share/man/man1/keytool-java-1.8.0-openjdk-1.8.0.322.b06-11.el8.x86_64.1.gz
+/usr/share/man/man1/keytool-java-1.8.0-openjdk-1.8.0.332.b09-2.el8_6.x86_64.1.gz

alternatives/orbd

@@ -1 +1 @@
-/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.322.b06-11.el8.x86_64/jre/bin/orbd
+/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.332.b09-2.el8_6.x86_64/jre/bin/orbd

alternatives/orbd.1.gz

@@ -1 +1 @@
-/usr/share/man/man1/orbd-java-1.8.0-openjdk-1.8.0.322.b06-11.el8.x86_64.1.gz
+/usr/share/man/man1/orbd-java-1.8.0-openjdk-1.8.0.332.b09-2.el8_6.x86_64.1.gz

alternatives/pack200

@@ -1 +1 @@
-/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.322.b06-11.el8.x86_64/jre/bin/pack200
+/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.332.b09-2.el8_6.x86_64/jre/bin/pack200

alternatives/pack200.1.gz

@@ -1 +1 @@
-/usr/share/man/man1/pack200-java-1.8.0-openjdk-1.8.0.322.b06-11.el8.x86_64.1.gz
+/usr/share/man/man1/pack200-java-1.8.0-openjdk-1.8.0.332.b09-2.el8_6.x86_64.1.gz

alternatives/policytool

@@ -1 +1 @@
-/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.322.b06-11.el8.x86_64/jre/bin/policytool
+/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.332.b09-2.el8_6.x86_64/jre/bin/policytool

alternatives/policytool.1.gz

@@ -1 +1 @@
-/usr/share/man/man1/policytool-java-1.8.0-openjdk-1.8.0.322.b06-11.el8.x86_64.1.gz
+/usr/share/man/man1/policytool-java-1.8.0-openjdk-1.8.0.332.b09-2.el8_6.x86_64.1.gz

alternatives/rmid

@@ -1 +1 @@
-/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.322.b06-11.el8.x86_64/jre/bin/rmid
+/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.332.b09-2.el8_6.x86_64/jre/bin/rmid

alternatives/rmid.1.gz

@@ -1 +1 @@
-/usr/share/man/man1/rmid-java-1.8.0-openjdk-1.8.0.322.b06-11.el8.x86_64.1.gz
+/usr/share/man/man1/rmid-java-1.8.0-openjdk-1.8.0.332.b09-2.el8_6.x86_64.1.gz

alternatives/rmiregistry

@@ -1 +1 @@
-/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.322.b06-11.el8.x86_64/jre/bin/rmiregistry
+/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.332.b09-2.el8_6.x86_64/jre/bin/rmiregistry

alternatives/rmiregistry.1.gz

@@ -1 +1 @@
-/usr/share/man/man1/rmiregistry-java-1.8.0-openjdk-1.8.0.322.b06-11.el8.x86_64.1.gz
+/usr/share/man/man1/rmiregistry-java-1.8.0-openjdk-1.8.0.332.b09-2.el8_6.x86_64.1.gz

alternatives/servertool

@@ -1 +1 @@
-/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.322.b06-11.el8.x86_64/jre/bin/servertool
+/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.332.b09-2.el8_6.x86_64/jre/bin/servertool

alternatives/servertool.1.gz

@@ -1 +1 @@
-/usr/share/man/man1/servertool-java-1.8.0-openjdk-1.8.0.322.b06-11.el8.x86_64.1.gz
+/usr/share/man/man1/servertool-java-1.8.0-openjdk-1.8.0.332.b09-2.el8_6.x86_64.1.gz

alternatives/tnameserv

@@ -1 +1 @@
-/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.322.b06-11.el8.x86_64/jre/bin/tnameserv
+/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.332.b09-2.el8_6.x86_64/jre/bin/tnameserv

alternatives/tnameserv.1.gz

@@ -1 +1 @@
-/usr/share/man/man1/tnameserv-java-1.8.0-openjdk-1.8.0.322.b06-11.el8.x86_64.1.gz
+/usr/share/man/man1/tnameserv-java-1.8.0-openjdk-1.8.0.332.b09-2.el8_6.x86_64.1.gz

alternatives/unpack200

@@ -1 +1 @@
-/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.322.b06-11.el8.x86_64/jre/bin/unpack200
+/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.332.b09-2.el8_6.x86_64/jre/bin/unpack200

alternatives/unpack200.1.gz

@@ -1 +1 @@
-/usr/share/man/man1/unpack200-java-1.8.0-openjdk-1.8.0.322.b06-11.el8.x86_64.1.gz
+/usr/share/man/man1/unpack200-java-1.8.0-openjdk-1.8.0.332.b09-2.el8_6.x86_64.1.gz

chrony.conf.rpmnew

@@ -0,0 +1,38 @@
+# Use public servers from the pool.ntp.org project.
+# Please consider joining the pool (http://www.pool.ntp.org/join.html).
+pool 2.cloudlinux.pool.ntp.org iburst
+
+# Record the rate at which the system clock gains/losses time.
+driftfile /var/lib/chrony/drift
+
+# Allow the system clock to be stepped in the first three updates
+# if its offset is larger than 1 second.
+makestep 1.0 3
+
+# Enable kernel synchronization of the real-time clock (RTC).
+rtcsync
+
+# Enable hardware timestamping on all interfaces that support it.
+#hwtimestamp *
+
+# Increase the minimum number of selectable sources required to adjust
+# the system clock.
+#minsources 2
+
+# Allow NTP client access from local network.
+#allow 192.168.0.0/16
+
+# Serve time even if not synchronized to a time source.
+#local stratum 10
+
+# Specify file containing keys for NTP authentication.
+keyfile /etc/chrony.keys
+
+# Get TAI-UTC offset and leap seconds from the system tz database.
+leapsectz right/UTC
+
+# Specify directory for log files.
+logdir /var/log/chrony
+
+# Select which information is logged.
+#log measurements statistics tracking

httpd/conf.d/ssl.conf

@@ -0,0 +1,203 @@
+#
+# When we also provide SSL we have to listen to the 
+# standard HTTPS port in addition.
+#
+Listen 443 https
+
+##
+##  SSL Global Context
+##
+##  All SSL configuration in this context applies both to
+##  the main server and all SSL-enabled virtual hosts.
+##
+
+#   Pass Phrase Dialog:
+#   Configure the pass phrase gathering process.
+#   The filtering dialog program (`builtin' is a internal
+#   terminal dialog) has to provide the pass phrase on stdout.
+SSLPassPhraseDialog exec:/usr/libexec/httpd-ssl-pass-dialog
+
+#   Inter-Process Session Cache:
+#   Configure the SSL Session Cache: First the mechanism 
+#   to use and second the expiring timeout (in seconds).
+SSLSessionCache         shmcb:/run/httpd/sslcache(512000)
+SSLSessionCacheTimeout  300
+
+#
+# Use "SSLCryptoDevice" to enable any supported hardware
+# accelerators. Use "openssl engine -v" to list supported
+# engine names.  NOTE: If you enable an accelerator and the
+# server does not start, consult the error logs and ensure
+# your accelerator is functioning properly. 
+#
+SSLCryptoDevice builtin
+#SSLCryptoDevice ubsec
+
+##
+## SSL Virtual Host Context
+##
+
+<VirtualHost _default_:443>
+
+# General setup for the virtual host, inherited from global configuration
+#DocumentRoot "/var/www/html"
+#ServerName www.example.com:443
+
+# Use separate log files for the SSL virtual host; note that LogLevel
+# is not inherited from httpd.conf.
+ErrorLog logs/ssl_error_log
+TransferLog logs/ssl_access_log
+LogLevel warn
+
+#   SSL Engine Switch:
+#   Enable/Disable SSL for this virtual host.
+SSLEngine on
+
+#   List the protocol versions which clients are allowed to connect with.
+#   The OpenSSL system profile is used by default.  See
+#   update-crypto-policies(8) for more details.
+#SSLProtocol all -SSLv3
+#SSLProxyProtocol all -SSLv3
+
+#   User agents such as web browsers are not configured for the user's
+#   own preference of either security or performance, therefore this
+#   must be the prerogative of the web server administrator who manages
+#   cpu load versus confidentiality, so enforce the server's cipher order.
+SSLHonorCipherOrder on
+
+#   SSL Cipher Suite:
+#   List the ciphers that the client is permitted to negotiate.
+#   See the mod_ssl documentation for a complete list.
+#   The OpenSSL system profile is configured by default.  See
+#   update-crypto-policies(8) for more details.
+SSLCipherSuite PROFILE=SYSTEM
+SSLProxyCipherSuite PROFILE=SYSTEM
+
+#   Point SSLCertificateFile at a PEM encoded certificate.  If
+#   the certificate is encrypted, then you will be prompted for a
+#   pass phrase.  Note that restarting httpd will prompt again.  Keep
+#   in mind that if you have both an RSA and a DSA certificate you
+#   can configure both in parallel (to also allow the use of DSA
+#   ciphers, etc.)
+#   Some ECC cipher suites (http://www.ietf.org/rfc/rfc4492.txt)
+#   require an ECC certificate which can also be configured in
+#   parallel.
+SSLCertificateFile /etc/pki/tls/certs/localhost.crt
+
+#   Server Private Key:
+#   If the key is not combined with the certificate, use this
+#   directive to point at the key file.  Keep in mind that if
+#   you've both a RSA and a DSA private key you can configure
+#   both in parallel (to also allow the use of DSA ciphers, etc.)
+#   ECC keys, when in use, can also be configured in parallel
+SSLCertificateKeyFile /etc/pki/tls/private/localhost.key
+
+#   Server Certificate Chain:
+#   Point SSLCertificateChainFile at a file containing the
+#   concatenation of PEM encoded CA certificates which form the
+#   certificate chain for the server certificate. Alternatively
+#   the referenced file can be the same as SSLCertificateFile
+#   when the CA certificates are directly appended to the server
+#   certificate for convenience.
+#SSLCertificateChainFile /etc/pki/tls/certs/server-chain.crt
+
+#   Certificate Authority (CA):
+#   Set the CA certificate verification path where to find CA
+#   certificates for client authentication or alternatively one
+#   huge file containing all of them (file must be PEM encoded)
+#SSLCACertificateFile /etc/pki/tls/certs/ca-bundle.crt
+
+#   Client Authentication (Type):
+#   Client certificate verification type and depth.  Types are
+#   none, optional, require and optional_no_ca.  Depth is a
+#   number which specifies how deeply to verify the certificate
+#   issuer chain before deciding the certificate is not valid.
+#SSLVerifyClient require
+#SSLVerifyDepth  10
+
+#   Access Control:
+#   With SSLRequire you can do per-directory access control based
+#   on arbitrary complex boolean expressions containing server
+#   variable checks and other lookup directives.  The syntax is a
+#   mixture between C and Perl.  See the mod_ssl documentation
+#   for more details.
+#<Location />
+#SSLRequire (    %{SSL_CIPHER} !~ m/^(EXP|NULL)/ \
+#            and %{SSL_CLIENT_S_DN_O} eq "Snake Oil, Ltd." \
+#            and %{SSL_CLIENT_S_DN_OU} in {"Staff", "CA", "Dev"} \
+#            and %{TIME_WDAY} >= 1 and %{TIME_WDAY} <= 5 \
+#            and %{TIME_HOUR} >= 8 and %{TIME_HOUR} <= 20       ) \
+#           or %{REMOTE_ADDR} =~ m/^192\.76\.162\.[0-9]+$/
+#</Location>
+
+#   SSL Engine Options:
+#   Set various options for the SSL engine.
+#   o FakeBasicAuth:
+#     Translate the client X.509 into a Basic Authorisation.  This means that
+#     the standard Auth/DBMAuth methods can be used for access control.  The
+#     user name is the `one line' version of the client's X.509 certificate.
+#     Note that no password is obtained from the user. Every entry in the user
+#     file needs this password: `xxj31ZMTZzkVA'.
+#   o ExportCertData:
+#     This exports two additional environment variables: SSL_CLIENT_CERT and
+#     SSL_SERVER_CERT. These contain the PEM-encoded certificates of the
+#     server (always existing) and the client (only existing when client
+#     authentication is used). This can be used to import the certificates
+#     into CGI scripts.
+#   o StdEnvVars:
+#     This exports the standard SSL/TLS related `SSL_*' environment variables.
+#     Per default this exportation is switched off for performance reasons,
+#     because the extraction step is an expensive operation and is usually
+#     useless for serving static content. So one usually enables the
+#     exportation for CGI and SSI requests only.
+#   o StrictRequire:
+#     This denies access when "SSLRequireSSL" or "SSLRequire" applied even
+#     under a "Satisfy any" situation, i.e. when it applies access is denied
+#     and no other module can change it.
+#   o OptRenegotiate:
+#     This enables optimized SSL connection renegotiation handling when SSL
+#     directives are used in per-directory context. 
+#SSLOptions +FakeBasicAuth +ExportCertData +StrictRequire
+<FilesMatch "\.(cgi|shtml|phtml|php)$">
+    SSLOptions +StdEnvVars
+</FilesMatch>
+<Directory "/var/www/cgi-bin">
+    SSLOptions +StdEnvVars
+</Directory>
+
+#   SSL Protocol Adjustments:
+#   The safe and default but still SSL/TLS standard compliant shutdown
+#   approach is that mod_ssl sends the close notify alert but doesn't wait for
+#   the close notify alert from client. When you need a different shutdown
+#   approach you can use one of the following variables:
+#   o ssl-unclean-shutdown:
+#     This forces an unclean shutdown when the connection is closed, i.e. no
+#     SSL close notify alert is sent or allowed to be received.  This violates
+#     the SSL/TLS standard but is needed for some brain-dead browsers. Use
+#     this when you receive I/O errors because of the standard approach where
+#     mod_ssl sends the close notify alert.
+#   o ssl-accurate-shutdown:
+#     This forces an accurate shutdown when the connection is closed, i.e. a
+#     SSL close notify alert is sent and mod_ssl waits for the close notify
+#     alert of the client. This is 100% SSL/TLS standard compliant, but in
+#     practice often causes hanging connections with brain-dead browsers. Use
+#     this only for browsers where you know that their SSL implementation
+#     works correctly. 
+#   Notice: Most problems of broken clients are also related to the HTTP
+#   keep-alive facility, so you usually additionally want to disable
+#   keep-alive for those clients, too. Use variable "nokeepalive" for this.
+#   Similarly, one has to force some clients to use HTTP/1.0 to workaround
+#   their broken HTTP/1.1 implementation. Use variables "downgrade-1.0" and
+#   "force-response-1.0" for this.
+BrowserMatch "MSIE [2-5]" \
+         nokeepalive ssl-unclean-shutdown \
+         downgrade-1.0 force-response-1.0
+
+#   Per-Server Logging:
+#   The home of a custom SSL log file. Use this when you want a
+#   compact non-error SSL logfile on a virtual host basis.
+CustomLog logs/ssl_request_log \
+          "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
+
+</VirtualHost>
+

rhsm/ca/redhat-entitlement-authority.pem

@@ -1,37 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIGejCCBGKgAwIBAgIJAJGKz8qFAAAIMA0GCSqGSIb3DQEBDAUAMIGwMQswCQYD
-VQQGEwJVUzEXMBUGA1UECAwOTm9ydGggQ2Fyb2xpbmExEDAOBgNVBAcMB1JhbGVp
-Z2gxFjAUBgNVBAoMDVJlZCBIYXQsIEluYy4xGDAWBgNVBAsMD1JlZCBIYXQgTmV0
-d29yazEeMBwGA1UEAwwVRW50aXRsZW1lbnQgTWFzdGVyIENBMSQwIgYJKoZIhvcN
-AQkBFhVjYS1zdXBwb3J0QHJlZGhhdC5jb20wHhcNMTgwOTEyMTgxMzIxWhcNMzAw
-MzE1MTgxMzIxWjCBsTELMAkGA1UEBhMCVVMxFzAVBgNVBAgMDk5vcnRoIENhcm9s
-aW5hMRYwFAYDVQQKDA1SZWQgSGF0LCBJbmMuMRgwFgYDVQQLDA9SZWQgSGF0IE5l
-dHdvcmsxMTAvBgNVBAMMKFJlZCBIYXQgRW50aXRsZW1lbnQgT3BlcmF0aW9ucyBB
-dXRob3JpdHkxJDAiBgkqhkiG9w0BCQEWFWNhLXN1cHBvcnRAcmVkaGF0LmNvbTCC
-AiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBALsmiohDnNvIpBMZVJR5pbP6
-GrE5B4doUmvTeR4XJ5C66uvFTwuGTVigNXAL+0UWf9r2AwxKEPCy65h7fLbyK4W7
-/xEZPVsamQYDHpyBwlkPkJ3WhHneqQWC8bKkv8Iqu08V+86biCDDAh6uP0SiAz7a
-NGaLEnOe5L9WNfsYyNwrG+2AfiLy/1LUtmmg5dc6Ln7R+uv0PZJ5J2iUbiT6lMz3
-v73zAxuEjiDNurZzxzHSSEYzw0W1eO6zM4F26gcOuH2BHemPMjHi+c1OnheaafDE
-HQJTNgECz5Xe7WGdZwOyn9a8GtMvm0PAhGVyp7RAWxxfoU1B794cBb66IKKjliJQ
-5DKoqyxD9qJbMF8U4Kd1ZIVB0Iy2WEaaqCFMIi3xtlWVUNku5x21ewMmJvwjnWZA
-tUeKQUFwIXqSjuOoZDu80H6NQb+4dnRSjWlx/m7HPk75m0zErshpB2HSKUnrs4wR
-i7GsWDDcqBus7eLMwUZPvDNVcLQu/2Y4DUHNbJbn7+DwEqi5D0heC+dyY8iS45gp
-I/yhVvq/GfKL+dqjaNaE4CorJJA5qJ9f383Ol/aub+aJeBahCBNuVa2daA9Bo3BA
-dnL7KkILPFyCcEhQITnu70Qn9sQlwYcRoYF2LWAm9DtLrBT0Y0w7wQHh8vNhwEQ7
-k5G87WpwzcC8y6ePR0vFAgMBAAGjgZMwgZAwHQYDVR0OBBYEFMRJeFZFnR4sYWDD
-ZktYBTcvAyJ7MB8GA1UdIwQYMBaAFIhLpkXERuyP1s+m9hrPJjyQzH8XMAwGA1Ud
-EwQFMAMBAf8wCwYDVR0PBAQDAgEGMBEGCWCGSAGG+EIBAQQEAwIBBjAgBgNVHREE
-GTAXgRVjYS1zdXBwb3J0QHJlZGhhdC5jb20wDQYJKoZIhvcNAQEMBQADggIBAGKk
-q5Ab0AC7SOCYq9up5z0twbe+gI72cm854+VhcxafnLP2/4nH6nQauKLKEFLI8+fV
-RAwYxm1f5nuEiaTvjPE0umYdgMlpEJQeGdW/+/DotDaOon1G6bSMEKFvaKcBHKqa
-kBxQ29trwMG2WN8qZ7/H3XzBvLZ+JrYr01vDSV0P4tcBFOytbMZeJr4xmfxiqWxp
-VUM9eGf6z+ngXyth8lohxGd9MMXwsaPdvM+wptp3AQpq5wFPWyfJqCd6uBxu09k1
-ns3Y/sya2GHqDK4bUW6gCHO13gkYviTCIBLAlX7PDeK5nYVcq8HvTLU9+H9BFGix
-YGDdHphz7i5qO/gLLLcfKhENP6jtbe8i6nwqeDzj+DMy38iMWNYFVWn1OrBaQMtf
-wlVfyRJij9SfyiUAVFld1RoPAN/haf1VmF/0dGrOigibYijqnHvDJffMUND/sbk8
-df6O6VYjvLLlwry4W4dHiLLA7NAHGtkUv2g1+oH1lQIfRG+PvZhWz4pGT1AlzfwD
-aXUfX2X+Bo9tYr9BGy5Li1pLGLvfw+an7cBAbBaw8+HhAHt+Vm4F03KX/bHlge0a
-fMYK6FoA/xQSaZ6IPm4HfPSMvhboguVG+/AZQN4/UxjDleoEz8b0CWYafcJRRZch
-BdxBjTy7JLf3j0HCbenZQF83wwtrSmiTOTK1tLsm
------END CERTIFICATE-----

rhsm/ca/redhat-uep.pem

@@ -1,119 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIG/TCCBOWgAwIBAgIBNzANBgkqhkiG9w0BAQUFADCBsTELMAkGA1UEBhMCVVMx
-FzAVBgNVBAgMDk5vcnRoIENhcm9saW5hMRYwFAYDVQQKDA1SZWQgSGF0LCBJbmMu
-MRgwFgYDVQQLDA9SZWQgSGF0IE5ldHdvcmsxMTAvBgNVBAMMKFJlZCBIYXQgRW50
-aXRsZW1lbnQgT3BlcmF0aW9ucyBBdXRob3JpdHkxJDAiBgkqhkiG9w0BCQEWFWNh
-LXN1cHBvcnRAcmVkaGF0LmNvbTAeFw0xMDEwMDQxMzI3NDhaFw0zMDA5MjkxMzI3
-NDhaMIGuMQswCQYDVQQGEwJVUzEXMBUGA1UECAwOTm9ydGggQ2Fyb2xpbmExFjAU
-BgNVBAoMDVJlZCBIYXQsIEluYy4xGDAWBgNVBAsMD1JlZCBIYXQgTmV0d29yazEu
-MCwGA1UEAwwlUmVkIEhhdCBFbnRpdGxlbWVudCBQcm9kdWN0IEF1dGhvcml0eTEk
-MCIGCSqGSIb3DQEJARYVY2Etc3VwcG9ydEByZWRoYXQuY29tMIICIjANBgkqhkiG
-9w0BAQEFAAOCAg8AMIICCgKCAgEA2QurMeAVnCHVsuZNQzciWMdpd4LAVk2eGugN
-0cxmBpzoVI8lIsJOmJkpOAuFOQMX9CBr8RuQyg4r1/OH/rfhm6FgGIw8TGKZoWC/
-1B9teZqTiM85k6/1GRNxdk6dUK77HVO0PMIKtNBHRxIsXcRzJ1q+u5WPBes9pEVG
-nbidTNUkknrSIdynTJcqAI/I0VAsqLqX87XJSzXKvRilE+p/fLHmVTAffl1Cn/Dy
-KULxna7ooyrKKnfqeQ5dK8aMr1ASQ1wphWohLjegly9V0amEi+HHWnOL8toxJy8v
-WUTUzzAvZ4ZTtTV26xGetZZWEaNyv7YCv2AexjcBQ2x+ejrFJrVNo9jizHS06HK8
-UgHVDKhmVcAe2/5yrJCjKDLwg1FJfjKwhzhLYdNVCejpy8CHQndwO0EX1hHv/AfP
-RTAmr5qPhHFD+uuIrYrSLUpgMLmWa9dinJcGeKlA1KJvG5emGMM3k64Xr7dJToXo
-5loGyZ6lvKPIKLmfeXMRW/4+BqyzwbO1i4aIHAZcSPDFGKWwuvF0iVUYUUVxw0nv
-qPZA4roq5+j/YSz0q5XGVgiIt34htlvunLp/ICGYJBR6zEHcB9aZGJdDcJvoYZjw
-7Gphw6lFF6Ta4imoyhGECWKjd1ips3opcN+DlU0yCUrcIXVIXAnkTwu5ocOgAkxr
-f/6FjqcCAwEAAaOCAR8wggEbMB0GA1UdDgQWBBSW/bscQED/QIStsh8LJsHDam/W
-fDCB5QYDVR0jBIHdMIHagBTESXhWRZ0eLGFgw2ZLWAU3LwMie6GBtqSBszCBsDEL
-MAkGA1UEBhMCVVMxFzAVBgNVBAgMDk5vcnRoIENhcm9saW5hMRAwDgYDVQQHDAdS
-YWxlaWdoMRYwFAYDVQQKDA1SZWQgSGF0LCBJbmMuMRgwFgYDVQQLDA9SZWQgSGF0
-IE5ldHdvcmsxHjAcBgNVBAMMFUVudGl0bGVtZW50IE1hc3RlciBDQTEkMCIGCSqG
-SIb3DQEJARYVY2Etc3VwcG9ydEByZWRoYXQuY29tggkAkYrPyoUAAAAwEgYDVR0T
-AQH/BAgwBgEB/wIBADANBgkqhkiG9w0BAQUFAAOCAgEArWBznYWKpY4LqAzhOSop
-t30D2/UlCSr50l33uUCNYD4D4nTr/pyX3AR6P3JcOCz0t22pVCg8D3DZc5VlzY7y
-P5RD3KbLxFNJTloclMG0n6aIN7baA4b8zwkduMQvKZnA/YNR5xE7V7J2WJHCEBBB
-Z+ZFwGpGsoZpPZP4hHLVke3xHm6A5F5SzP1Ug0T9W80VLK4jtgyGs8l1R7rXiOIt
-Nik8317KGq7DU8TI2Rw/9Gc8FKNfUYcVD7uC/MMQXJTRvkADmNLtZM63nhzpg1Hr
-hA6U5YcDCBKsPA43/wsPOONYtrAlToD5hJhU+1Rhmwcw3qvWBO3NkdilqGFOTc2K
-50PQrqoRTCZFS41nv2WqZFfbvSq4dZRJl8xpB4LAHSspsMrbr9WZHX5fbggf6ixw
-S9KDqQbM7asP0FEKBFXJV1rE8P/oSK6yVWQyigTsNcdGR4AUzDsTO9udcwoM2Ed4
-XdakVkF+dXm9ZBwv5UBf5ITSyMXL3qlusIOblJVGUQizumoq0LiSnjwbkxh2XHhd
-XD/B/qax7FnaNg+TfujR/kk3kF1OpqWx/wC/qPR+zho1+35Al31gZOfNIn/sReoM
-tcci9LFHGvijIy4VUDQK8HmGjIxJPrIIe1nB5BkiGyjwn00D5q+BwYVst1C68Rwx
-iRZpyzOZmeineJvhrJZ4Tvs=
------END CERTIFICATE-----
------BEGIN CERTIFICATE-----
-MIIGejCCBGKgAwIBAgIJAJGKz8qFAAAIMA0GCSqGSIb3DQEBDAUAMIGwMQswCQYD
-VQQGEwJVUzEXMBUGA1UECAwOTm9ydGggQ2Fyb2xpbmExEDAOBgNVBAcMB1JhbGVp
-Z2gxFjAUBgNVBAoMDVJlZCBIYXQsIEluYy4xGDAWBgNVBAsMD1JlZCBIYXQgTmV0
-d29yazEeMBwGA1UEAwwVRW50aXRsZW1lbnQgTWFzdGVyIENBMSQwIgYJKoZIhvcN
-AQkBFhVjYS1zdXBwb3J0QHJlZGhhdC5jb20wHhcNMTgwOTEyMTgxMzIxWhcNMzAw
-MzE1MTgxMzIxWjCBsTELMAkGA1UEBhMCVVMxFzAVBgNVBAgMDk5vcnRoIENhcm9s
-aW5hMRYwFAYDVQQKDA1SZWQgSGF0LCBJbmMuMRgwFgYDVQQLDA9SZWQgSGF0IE5l
-dHdvcmsxMTAvBgNVBAMMKFJlZCBIYXQgRW50aXRsZW1lbnQgT3BlcmF0aW9ucyBB
-dXRob3JpdHkxJDAiBgkqhkiG9w0BCQEWFWNhLXN1cHBvcnRAcmVkaGF0LmNvbTCC
-AiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBALsmiohDnNvIpBMZVJR5pbP6
-GrE5B4doUmvTeR4XJ5C66uvFTwuGTVigNXAL+0UWf9r2AwxKEPCy65h7fLbyK4W7
-/xEZPVsamQYDHpyBwlkPkJ3WhHneqQWC8bKkv8Iqu08V+86biCDDAh6uP0SiAz7a
-NGaLEnOe5L9WNfsYyNwrG+2AfiLy/1LUtmmg5dc6Ln7R+uv0PZJ5J2iUbiT6lMz3
-v73zAxuEjiDNurZzxzHSSEYzw0W1eO6zM4F26gcOuH2BHemPMjHi+c1OnheaafDE
-HQJTNgECz5Xe7WGdZwOyn9a8GtMvm0PAhGVyp7RAWxxfoU1B794cBb66IKKjliJQ
-5DKoqyxD9qJbMF8U4Kd1ZIVB0Iy2WEaaqCFMIi3xtlWVUNku5x21ewMmJvwjnWZA
-tUeKQUFwIXqSjuOoZDu80H6NQb+4dnRSjWlx/m7HPk75m0zErshpB2HSKUnrs4wR
-i7GsWDDcqBus7eLMwUZPvDNVcLQu/2Y4DUHNbJbn7+DwEqi5D0heC+dyY8iS45gp
-I/yhVvq/GfKL+dqjaNaE4CorJJA5qJ9f383Ol/aub+aJeBahCBNuVa2daA9Bo3BA
-dnL7KkILPFyCcEhQITnu70Qn9sQlwYcRoYF2LWAm9DtLrBT0Y0w7wQHh8vNhwEQ7
-k5G87WpwzcC8y6ePR0vFAgMBAAGjgZMwgZAwHQYDVR0OBBYEFMRJeFZFnR4sYWDD
-ZktYBTcvAyJ7MB8GA1UdIwQYMBaAFIhLpkXERuyP1s+m9hrPJjyQzH8XMAwGA1Ud
-EwQFMAMBAf8wCwYDVR0PBAQDAgEGMBEGCWCGSAGG+EIBAQQEAwIBBjAgBgNVHREE
-GTAXgRVjYS1zdXBwb3J0QHJlZGhhdC5jb20wDQYJKoZIhvcNAQEMBQADggIBAGKk
-q5Ab0AC7SOCYq9up5z0twbe+gI72cm854+VhcxafnLP2/4nH6nQauKLKEFLI8+fV
-RAwYxm1f5nuEiaTvjPE0umYdgMlpEJQeGdW/+/DotDaOon1G6bSMEKFvaKcBHKqa
-kBxQ29trwMG2WN8qZ7/H3XzBvLZ+JrYr01vDSV0P4tcBFOytbMZeJr4xmfxiqWxp
-VUM9eGf6z+ngXyth8lohxGd9MMXwsaPdvM+wptp3AQpq5wFPWyfJqCd6uBxu09k1
-ns3Y/sya2GHqDK4bUW6gCHO13gkYviTCIBLAlX7PDeK5nYVcq8HvTLU9+H9BFGix
-YGDdHphz7i5qO/gLLLcfKhENP6jtbe8i6nwqeDzj+DMy38iMWNYFVWn1OrBaQMtf
-wlVfyRJij9SfyiUAVFld1RoPAN/haf1VmF/0dGrOigibYijqnHvDJffMUND/sbk8
-df6O6VYjvLLlwry4W4dHiLLA7NAHGtkUv2g1+oH1lQIfRG+PvZhWz4pGT1AlzfwD
-aXUfX2X+Bo9tYr9BGy5Li1pLGLvfw+an7cBAbBaw8+HhAHt+Vm4F03KX/bHlge0a
-fMYK6FoA/xQSaZ6IPm4HfPSMvhboguVG+/AZQN4/UxjDleoEz8b0CWYafcJRRZch
-BdxBjTy7JLf3j0HCbenZQF83wwtrSmiTOTK1tLsm
------END CERTIFICATE-----
------BEGIN CERTIFICATE-----
-MIIHZDCCBUygAwIBAgIJAOb+QiglyeZeMA0GCSqGSIb3DQEBBQUAMIGwMQswCQYD
-VQQGEwJVUzEXMBUGA1UECAwOTm9ydGggQ2Fyb2xpbmExEDAOBgNVBAcMB1JhbGVp
-Z2gxFjAUBgNVBAoMDVJlZCBIYXQsIEluYy4xGDAWBgNVBAsMD1JlZCBIYXQgTmV0
-d29yazEeMBwGA1UEAwwVRW50aXRsZW1lbnQgTWFzdGVyIENBMSQwIgYJKoZIhvcN
-AQkBFhVjYS1zdXBwb3J0QHJlZGhhdC5jb20wHhcNMTAwMzE3MTkwMDQ0WhcNMzAw
-MzEyMTkwMDQ0WjCBsDELMAkGA1UEBhMCVVMxFzAVBgNVBAgMDk5vcnRoIENhcm9s
-aW5hMRAwDgYDVQQHDAdSYWxlaWdoMRYwFAYDVQQKDA1SZWQgSGF0LCBJbmMuMRgw
-FgYDVQQLDA9SZWQgSGF0IE5ldHdvcmsxHjAcBgNVBAMMFUVudGl0bGVtZW50IE1h
-c3RlciBDQTEkMCIGCSqGSIb3DQEJARYVY2Etc3VwcG9ydEByZWRoYXQuY29tMIIC
-IjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA2Z+mW7OYcBcGxWS+RSKG2GJ2
-csMXiGGfEp36vKVsIvypmNS60SkicKENMYREalbdSjrgfXxPJygZWsVWJ5lHPfBV
-o3WkFrFHTIXd/R6LxnaHD1m8Cx3GwEeuSlE/ASjc1ePtMnsHH7xqZ9wdl85b1C8O
-scgO7fwuM192kvv/veI/BogIqUQugtG6szXpV8dp4ml029LXFoNIy2lfFoa2wKYw
-MiUHwtYgAz7TDY63e8qGhd5PoqTv9XKQogo2ze9sF9y/npZjliNy5qf6bFE+24oW
-E8pGsp3zqz8h5mvw4v+tfIx5uj7dwjDteFrrWD1tcT7UmNrBDWXjKMG81zchq3h4
-etgF0iwMHEuYuixiJWNzKrLNVQbDmcLGNOvyJfq60tM8AUAd72OUQzivBegnWMit
-CLcT5viCT1AIkYXt7l5zc/duQWLeAAR2FmpZFylSukknzzeiZpPclRziYTboDYHq
-revM97eER1xsfoSYp4mJkBHfdlqMnf3CWPcNgru8NbEPeUGMI6+C0YvknPlqDDtU
-ojfl4qNdf6nWL+YNXpR1YGKgWGWgTU6uaG8Sc6qGfAoLHh6oGwbuz102j84OgjAJ
-DGv/S86svmZWSqZ5UoJOIEqFYrONcOSgztZ5tU+gP4fwRIkTRbTEWSgudVREOXhs
-bfN1YGP7HYvS0OiBKZUCAwEAAaOCAX0wggF5MB0GA1UdDgQWBBSIS6ZFxEbsj9bP
-pvYazyY8kMx/FzCB5QYDVR0jBIHdMIHagBSIS6ZFxEbsj9bPpvYazyY8kMx/F6GB
-tqSBszCBsDELMAkGA1UEBhMCVVMxFzAVBgNVBAgMDk5vcnRoIENhcm9saW5hMRAw
-DgYDVQQHDAdSYWxlaWdoMRYwFAYDVQQKDA1SZWQgSGF0LCBJbmMuMRgwFgYDVQQL
-DA9SZWQgSGF0IE5ldHdvcmsxHjAcBgNVBAMMFUVudGl0bGVtZW50IE1hc3RlciBD
-QTEkMCIGCSqGSIb3DQEJARYVY2Etc3VwcG9ydEByZWRoYXQuY29tggkA5v5CKCXJ
-5l4wDAYDVR0TBAUwAwEB/zALBgNVHQ8EBAMCAQYwEQYJYIZIAYb4QgEBBAQDAgEG
-MCAGA1UdEQQZMBeBFWNhLXN1cHBvcnRAcmVkaGF0LmNvbTAgBgNVHRIEGTAXgRVj
-YS1zdXBwb3J0QHJlZGhhdC5jb20wDQYJKoZIhvcNAQEFBQADggIBAJ1hEdNBDTRr
-6kI6W6stoogSUwjuiWPDY8DptwGhdpyIfbCoxvBR7F52DlwyXOpCunogfKMRklnE
-gH1Wt66RYkgNuJcenKHAhR5xgSLoPCOVF9rDjMunyyBuxjIbctM21R7BswVpsEIE
-OpV5nlJ6wkHsrn0/E+Zk5UJdCzM+Fp4hqHtEn/c97nvRspQcpWeDg6oUvaJSZTGM
-8yFpzR90X8ZO4rOgpoERukvYutUfJUzZuDyS3LLc6ysamemH93rZXr52zc4B+C9G
-Em8zemDgIPaH42ce3C3TdVysiq/yk+ir7pxW8toeavFv75l1UojFSjND+Q2AlNQn
-pYkmRznbD5TZ3yDuPFQG2xYKnMPACepGgKZPyErtOIljQKCdgcvb9EqNdZaJFz1+
-/iWKYBL077Y0CKwb+HGIDeYdzrYxbEd95YuVU0aStnf2Yii2tLcpQtK9cC2+DXjL
-Yf3kQs4xzH4ZejhG9wzv8PGXOS8wHYnfVNA3+fclDEQ1mEBKWHHmenGI6QKZUP8f
-g0SQ3PNRnSZu8R+rhABOEuVFIBRlaYijg2Pxe0NgL9FlHsNyRfo6EUrB2QFRKACW
-3Mo6pZyDjQt7O8J7l9B9IIURoJ1niwygf7VSJTMl2w3fFleNJlZTGgdXw0V+5g+9
-Kg6Ay0rrsi4nw1JHue2GvdjdfVOaWSWC
------END CERTIFICATE-----

rhsm/syspurpose/valid_fields.json

@@ -1,12 +1,10 @@
 {
     "role": [
-      "Red Hat Enterprise Linux Server",
-      "Red Hat Enterprise Linux Workstation",
-      "Red Hat Enterprise Linux Compute Node"
+      "AlmaLinux Server",
+      "AlmaLinux Workstation",
+      "AlmaLinux Compute Node"
     ],
     "service_level_agreement": [
-      "Premium",
-      "Standard",
       "Self-Support"
     ],
     "usage": [

squid/cachemgr.conf.default

@@ -0,0 +1,21 @@
+## Copyright (C) 1996-2021 The Squid Software Foundation and contributors
+##
+## Squid software is distributed under GPLv2+ license and includes
+## contributions from numerous individuals and organizations.
+## Please see the COPYING and CONTRIBUTORS files for details.
+##
+
+# This file controls which servers may be managed by
+# the cachemgr.cgi script
+#
+# The file consists of one server per line on the format
+#   hostname:port  description
+#
+# Specifying :port is optional. If not specified then
+# the default proxy port is assumed. :* or :any matches
+# any port on the target server.
+#
+# hostname is matched using shell filename matching, allowing
+# * and other shell wildcards.
+
+localhost

squid/errorpage.css.default

@@ -0,0 +1,104 @@
+/*
+ * Copyright (C) 1996-2021 The Squid Software Foundation and contributors
+ *
+ * Squid software is distributed under GPLv2+ license and includes
+ * contributions from numerous individuals and organizations.
+ * Please see the COPYING and CONTRIBUTORS files for details.
+ */
+
+/*
+ Stylesheet for Squid Error pages
+ Adapted from design by Free CSS Templates
+ http://www.freecsstemplates.org
+ Released for free under a Creative Commons Attribution 2.5 License
+*/
+
+/* Page basics */
+* {
+	font-family: verdana, sans-serif;
+}
+
+html body {
+	margin: 0;
+	padding: 0;
+	background: #efefef;
+	font-size: 12px;
+	color: #1e1e1e;
+}
+
+/* Page displayed title area */
+#titles {
+	margin-left: 15px;
+	padding: 10px;
+	padding-left: 100px;
+	background: url('/squid-internal-static/icons/SN.png') no-repeat left;
+}
+
+/* initial title */
+#titles h1 {
+	color: #000000;
+}
+#titles h2 {
+	color: #000000;
+}
+
+/* special event: FTP success page titles */
+#titles ftpsuccess {
+	background-color:#00ff00;
+	width:100%;
+}
+
+/* Page displayed body content area */
+#content {
+	padding: 10px;
+	background: #ffffff;
+}
+
+/* General text */
+p {
+}
+
+/* error brief description */
+#error p {
+}
+
+/* some data which may have caused the problem */
+#data {
+}
+
+/* the error message received from the system or other software */
+#sysmsg {
+}
+
+pre {
+}
+
+/* special event: FTP / Gopher directory listing */
+#dirmsg {
+    font-family: courier, monospace;
+    color: black;
+    font-size: 10pt;
+}
+#dirlisting {
+    margin-left: 2%;
+    margin-right: 2%;
+}
+#dirlisting tr.entry td.icon,td.filename,td.size,td.date {
+    border-bottom: groove;
+}
+#dirlisting td.size {
+    width: 50px;
+    text-align: right;
+    padding-right: 5px;
+}
+
+/* horizontal lines */
+hr {
+	margin: 0;
+}
+
+/* page displayed footer area */
+#footer {
+	font-size: 9px;
+	padding-left: 10px;
+}

squid/mime.conf.default

@@ -0,0 +1,196 @@
+## Copyright (C) 1996-2021 The Squid Software Foundation and contributors
+##
+## Squid software is distributed under GPLv2+ license and includes
+## contributions from numerous individuals and organizations.
+## Please see the COPYING and CONTRIBUTORS files for details.
+##
+#
+# This file associates URL patterns for servers or services
+# that don't automatically include Content-Type (like ftp) with a mime type
+# and a graphical icon.
+#
+# Content-Encodings are taken from section 3.1 of RFC2068 (HTTP/1.1)
+#
+# This file has the format :
+#
+# regexp	content-type			icon				encoding mode	actions
+#--------------------------------------------------------------------------------------------------------
+\.gif$			image/gif		silk/image.png			-	image	+download
+\.mime$			www/mime		silk/page_white_text.png	-	ascii	+download
+^internal-dirup$	-			silk/arrow_up.png		-	-
+^internal-dir$		-			silk/folder.png			-	-
+^internal-link$		-			silk/link.png			-	-
+^internal-logo$		-			SN.png				-	-
+^internal-menu$		-			silk/folder_table.png		-	-
+^internal-text$		-			silk/page_white_text.png	-	-
+^internal-index$	-			silk/folder_table.png		-	-
+^internal-image$	-			silk/image.png			-	-
+^internal-sound$	-			silk/music.png			-	-
+^internal-movie$	-			silk/film.png			-	-
+^internal-telnet$	-			silk/computer_link.png		-	-
+^internal-binary$	-			silk/application.png		-	-
+^internal-unknown$	-			silk/bullet_red.png		-	-
+^internal-view$		-			silk/page_white.png		-	-
+^internal-download$	-			silk/package_go.png		-	-
+\.bin$		application/macbinary		silk/application.png		-	image	+download
+\.oda$		application/oda			silk/application.png		-	image	+download
+\.exe$		application/octet-stream	silk/application.png		-	image	+download
+\.pdf$		application/pdf			silk/page_white_acrobat.png	-	image	+download
+\.ai$		application/postscript		silk/page_green.png		-	image	+download +view
+\.eps$		application/postscript		silk/page_green.png		-	image	+download +view
+\.ps$		application/postscript		silk/page_green.png		-	image	+download +view
+\.rtf$		text/rtf			silk/page_white_picture.png	-	ascii	+download +view
+\.Z$		-				silk/compress.png		compress image	+download
+\.gz$		-				silk/compress.png		gzip	image	+download
+\.bz2$		application/octet-stream	silk/compress.png		-	image	+download
+\.bz$		application/octet-stream	silk/compress.png		-	image	+download
+\.tgz$		application/x-tar		silk/compress.png		gzip	image	+download
+\.csh$		application/x-csh		silk/script.png			-	ascii	+download +view
+\.dvi$		application/x-dvi		silk/page_white_text.png	-	image	+download
+\.hdf$		application/x-hdf		silk/database.png		-	image	+download
+\.latex$	application/x-latex		silk/page_white_text.png	-	ascii	+download +view
+\.lsm$		text/plain			silk/page_white_text.png	-	ascii	+download +view
+\.nc$		application/x-netcdf		silk/cd.png			-	image	+download
+\.cdf$		application/x-netcdf		silk/cd.png			-	ascii	+download
+\.sh$		application/x-sh		silk/script.png			-	ascii	+download +view
+\.tcl$		application/x-tcl		silk/script.png			-	ascii	+download +view
+\.tex$		application/x-tex		silk/page_white_text.png	-	ascii	+download +view
+\.texi$		application/x-texinfo		silk/page_white_text.png	-	ascii	+download +view
+\.texinfo$	application/x-texinfo		silk/page_white_text.png	-	ascii	+download +view
+\.t$		application/x-troff		silk/page_white_text.png	-	ascii	+download +view
+\.roff$		application/x-troff		silk/page_white_text.png	-	ascii	+download +view
+\.tr$		application/x-troff		silk/page_white_text.png	-	ascii	+download +view
+\.man$		application/x-troff-man		silk/page_white_magnify.png	-	ascii	+download +view
+\.me$		application/x-troff-me		silk/page_white_text.png	-	ascii	+download +view
+\.ms$		application/x-troff-ms		silk/page_white_text.png	-	ascii	+download +view
+\.src$		application/x-wais-source	silk/script.png			-	ascii	+download
+\.zip$		application/zip			silk/compress.png		-	image	+download
+\.bcpio$	application/x-bcpio		silk/box.png			-	image	+download
+\.cpio$		application/x-cpio		silk/box.png			-	image	+download
+\.gtar$		application/x-gtar		silk/page_white_stack.png	-	image	+download
+\.rpm$		application/x-rpm		silk/package.png		-	image	+download
+\.shar$		application/x-shar		silk/script.png			-	image	+download +view
+\.sv4cpio$	application/x-sv4cpio		silk/box.png			-	image	+download
+\.sv4crc$	application/x-sv4crc		silk/box.png			-	image	+download
+\.tar$		application/x-tar		silk/page_white_stack.png	-	image	+download
+\.ustar$	application/x-ustar		silk/page_white_stack.png	-	image	+download
+\.au$		audio/basic			silk/music.png			-	image	+download
+\.snd$		audio/basic			silk/music.png			-	image	+download
+\.mp2$		audio/mpeg			silk/music.png			-	image	+download
+\.mp3$		audio/mpeg			silk/music.png			-	image	+download
+\.mpga$		audio/mpeg			silk/music.png			-	image	+download
+\.aif$		audio/x-aiff			silk/music.png			-	image	+download
+\.aiff$		audio/x-aiff			silk/music.png			-	image	+download
+\.aifc$		audio/x-aiff			silk/music.png			-	image	+download
+\.wav$		audio/x-wav			silk/music.png			-	image	+download
+\.bmp$		image/bmp			silk/image.png			-	image	+download
+\.ief$		image/ief			silk/image.png			-	image	+download
+\.jpeg$		image/jpeg			silk/photo.png			-	image	+download
+\.jpg$		image/jpeg			silk/photo.png			-	image	+download
+\.jpe$		image/jpeg			silk/photo.png			-	image	+download
+\.tiff$		image/tiff			silk/photo.png			-	image	+download
+\.tif$		image/tiff			silk/image.png			-	image	+download
+\.ras$		image/x-cmu-raster		silk/image.png			-	image	+download
+\.pnm$		image/x-portable-anymap		silk/image.png			-	image	+download
+\.pbm$		image/x-portable-bitmap		silk/image.png			-	image	+download
+\.pgm$		image/x-portable-graymap	silk/image.png			-	image	+download
+\.ppm$		image/x-portable-pixmap		silk/image.png			-	image	+download
+\.rgb$		image/x-rgb			silk/image.png			-	image	+download
+\.xbm$		image/x-xbitmap			silk/image.png			-	image	+download
+\.xpm$		image/x-xpixmap			silk/image.png			-	image	+download
+\.xwd$		image/x-xwindowdump		silk/image.png			-	image	+download
+\.html$		text/html			silk/page_world.png		-	ascii	+download +view
+\.htm$		text/html			silk/page_world.png		-	ascii	+download +view
+\.css$		text/css			silk/css.png			-	ascii	+download +view
+\.js$		application/x-javascript	silk/script.png			-	ascii	+download +view
+\.c$		text/plain			silk/page_white_c.png		-	ascii	+download
+\.h$		text/plain			silk/page_white_c.png		-	ascii	+download
+\.cc$		text/plain			silk/page_white_cplusplus.png	-	ascii	+download
+\.cpp$		text/plain			silk/page_white_cplusplus.png	-	ascii	+download
+\.hh$		text/plain			silk/page_white_c.png		-	ascii	+download
+\.m$		text/plain			silk/script.png			-	ascii	+download
+\.f90$		text/plain			silk/page_code.png		-	ascii	+download
+\.txt$		text/plain			silk/page_white_text.png	-	ascii	+download
+\.asc$		text/plain			silk/page_white_text.png	-	ascii	+download
+\.rtx$		text/richtext			silk/page_white_picture.png	-	ascii	+download +view
+\.tsv$		text/tab-separated-values	silk/script.png			-	ascii	+download +view
+\.etx$		text/x-setext			silk/page_white_text.png	-	ascii	+download +view
+\.mpeg$		video/mpeg			silk/film.png			-	image	+download
+\.mpg$		video/mpeg			silk/film.png			-	image	+download
+\.mpe$		video/mpeg			silk/film.png			-	image	+download
+\.qt$		video/quicktime			silk/film.png			-	image	+download
+\.mov$		video/quicktime			silk/film.png			-	image	+download
+\.avi$		video/x-msvideo			silk/film.png			-	image	+download
+\.movie$	video/x-sgi-movie		silk/film.png			-	image	+download
+\.cpt$		application/mac-compactpro	silk/compress.png		-	image	+download
+\.hqx$		application/mac-binhex40	silk/page_white_zip.png		-	image	+download
+\.mwrt$		application/macwriteii		silk/page_white_text.png	-	image	+download
+\.msw$		application/msword		silk/script.png			-	image	+download
+\.doc$		application/msword		silk/page_white_word.png	-	image	+download +view
+\.xls$		application/vnd.ms-excel	silk/page_excel.png		-	image	+download
+\.ppt$		application/vnd.ms-powerpoint	silk/page_white_powerpoint.png	-	image	+download
+\.wk[s1234]$	application/vnd.lotus-1-2-3	silk/script.png			-	image	+download
+\.mif$		application/vnd.mif		silk/page_white_text.png	-	image	+download
+\.sit$		application/x-stuffit		silk/compress.png		-	image	+download
+\.pict$		application/pict		silk/picture.png		-	image	+download
+\.pic$		application/pict		silk/picture.png		-	image	+download
+\.arj$		application/x-arj-compressed	silk/compress.png		-	image	+download
+\.lzh$		application/x-lha-compressed	silk/compress.png		-	image	+download
+\.lha$		application/x-lha-compressed	silk/compress.png		-	image	+download
+\.zlib$		application/x-deflate		silk/compress.png		deflate	image	+download
+README		text/plain			silk/information.png		-	ascii	+download
+^core$		application/octet-stream	silk/bomb.png			-	image	+download
+\.core$		application/octet-stream	silk/bomb.png			-	image	+download
+\.png$		image/png			silk/image.png			-	image	+download
+\.cab$		application/octet-stream	silk/compress.png		-	image	+download +view
+\.xpi$		application/x-xpinstall		silk/plugin_add.png		-	image	+download
+\.class$	application/octet-stream	silk/script_gear.png		-	image	+download
+\.java$		text/plain			silk/cup.png			-	ascii	+download
+\.dcr$		application/x-director		silk/script_palette.png		-	image	+download
+\.dir$		application/x-director		silk/film.png			-	image	+download
+\.dxr$		application/x-director		silk/film_key.png		-	image	+download
+\.djv$		image/vnd.djvu			silk/image.png			-	image	+download
+\.djvu$		image/vnd.djvu			silk/image.png			-	image	+download
+\.dll$		application/octet-stream	silk/plugin.png			-	image	+download
+\.dms$		application/octet-stream	silk/drive_disk.png		-	image	+download
+\.ez$		application/andrew-inset	silk/bullet_red.png		-	image	+download
+\.ice$		x-conference/x-cooltalk		silk/compress.png		-	image	+download
+\.iges$		model/iges			silk/image.png			-	image	+download
+\.igs$		model/iges			silk/image.png			-	image	+download
+\.kar$		audio/midi			silk/music.png			-	image	+download
+\.mid$		audio/midi			silk/music.png			-	image	+download
+\.midi$		audio/midi			silk/music.png			-	image	+download
+\.mesh$		model/mesh			silk/image.png			-	image	+download
+\.silo$		model/mesh			silk/image.png			-	image	+download
+\.mxu$		video/vnd.mpegurl		silk/film.png			-	image	+download
+\.pdb$		chemical/x-pdb			silk/chart_line.png		-	image	+download
+\.pgn$		application/x-chess-pgn		silk/bricks.png			-	image	+download
+\.ra$		audio/x-realaudio		silk/music.png			-	image	+download
+\.ram$		audio/x-pn-realaudio		silk/music.png			-	image	+download
+\.rm$		audio/x-pn-realaudio		silk/music.png			-	image	+download
+\.sgml$		text/sgml			silk/page_code.png		-	ascii	+download
+\.sgm$		text/sgml			silk/page_code.png		-	ascii	+download
+\.skd$		application/x-koan		silk/music.png			-	image	+download
+\.skm$		application/x-koan		silk/music.png			-	image	+download
+\.skp$		application/x-koan		silk/music.png			-	image	+download
+\.skt$		application/x-koan		silk/music.png			-	image	+download
+\.smi$		application/smil		silk/layers.png			-	image	+download
+\.smil$		application/smil		silk/layers.png			-	image	+download
+\.so$		application/octet-stream	silk/plugin.png			-	image	+download
+\.spl$		application/x-futuresplash	silk/page_white_flash.png	-	image	+download
+\.swf$		application/x-shockwave-flash	silk/page_white_flash.png	-	image	+download
+\.vcd$		application/x-cdlink		silk/cd.png			-	image	+download
+\.vrml$		model/vrml			silk/image.png			-	image	+download
+\.wbmp$		image/vnd.wap.wbmp		silk/image.png			-	image	+download
+\.wbxml$	application/vnd.wap.wbxml	silk/database_table.png		-	image	+download
+\.wmlc$		application/vnd.wap.wmlc	silk/database_table.png		-	image	+download
+\.wmlsc$	application/vnd.wap.wmlscriptc	silk/script.png			-	image	+download
+\.wmls$		application/vnd.wap.wmlscript	silk/script.png			-	image	+download
+\.xht$		application/xhtml		silk/page_world.png		-	ascii	+download
+\.xhtml$	application/xhtml		silk/page_world.png		-	ascii	+download
+\.xml$		text/xml			silk/page_world.png		-	ascii	+download
+\.xsl$		text/xml			silk/layout.png			-	ascii	+download
+\.xyz$		chemical/x-xyz			silk/chart_line.png		-	image	+download
+#
+# the default
+.		text/plain			silk/bullet_red.png		-	image	+download +view

squid/squid.conf.default

@@ -0,0 +1,76 @@
+#
+# Recommended minimum configuration:
+#
+
+# Example rule allowing access from your local networks.
+# Adapt to list your (internal) IP networks from where browsing
+# should be allowed
+acl localnet src 0.0.0.1-0.255.255.255	# RFC 1122 "this" network (LAN)
+acl localnet src 10.0.0.0/8		# RFC 1918 local private network (LAN)
+acl localnet src 100.64.0.0/10		# RFC 6598 shared address space (CGN)
+acl localnet src 169.254.0.0/16 	# RFC 3927 link-local (directly plugged) machines
+acl localnet src 172.16.0.0/12		# RFC 1918 local private network (LAN)
+acl localnet src 192.168.0.0/16		# RFC 1918 local private network (LAN)
+acl localnet src fc00::/7       	# RFC 4193 local private network range
+acl localnet src fe80::/10      	# RFC 4291 link-local (directly plugged) machines
+
+acl SSL_ports port 443
+acl Safe_ports port 80		# http
+acl Safe_ports port 21		# ftp
+acl Safe_ports port 443		# https
+acl Safe_ports port 70		# gopher
+acl Safe_ports port 210		# wais
+acl Safe_ports port 1025-65535	# unregistered ports
+acl Safe_ports port 280		# http-mgmt
+acl Safe_ports port 488		# gss-http
+acl Safe_ports port 591		# filemaker
+acl Safe_ports port 777		# multiling http
+acl CONNECT method CONNECT
+
+#
+# Recommended minimum Access Permission configuration:
+#
+# Deny requests to certain unsafe ports
+http_access deny !Safe_ports
+
+# Deny CONNECT to other than secure SSL ports
+http_access deny CONNECT !SSL_ports
+
+# Only allow cachemgr access from localhost
+http_access allow localhost manager
+http_access deny manager
+
+# We strongly recommend the following be uncommented to protect innocent
+# web applications running on the proxy server who think the only
+# one who can access services on "localhost" is a local user
+#http_access deny to_localhost
+
+#
+# INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS
+#
+
+# Example rule allowing access from your local networks.
+# Adapt localnet in the ACL section to list your (internal) IP networks
+# from where browsing should be allowed
+http_access allow localnet
+http_access allow localhost
+
+# And finally deny all other access to this proxy
+http_access deny all
+
+# Squid normally listens to port 3128
+http_port 3128
+
+# Uncomment and adjust the following to add a disk cache directory.
+#cache_dir ufs /var/spool/squid 100 16 256
+
+# Leave coredumps in the first cache dir
+coredump_dir /var/spool/squid
+
+#
+# Add any of your own refresh_pattern entries above these.
+#
+refresh_pattern ^ftp:		1440	20%	10080
+refresh_pattern ^gopher:	1440	0%	1440
+refresh_pattern -i (/cgi-bin/|\?) 0	0%	0
+refresh_pattern .		0	20%	4320