saving uncommitted changes in /etc prior to dnf run
This commit is contained in:
@@ -269,10 +269,14 @@ maybe chmod 0644 'clamd.conf.rpmnew'
|
||||
maybe chown 'amavis' 'clamd.conf.rpmsave'
|
||||
maybe chgrp 'amavis' 'clamd.conf.rpmsave'
|
||||
maybe chmod 0644 'clamd.conf.rpmsave'
|
||||
maybe chown 'amavis' 'clamd.d'
|
||||
maybe chgrp 'amavis' 'clamd.d'
|
||||
maybe chmod 0755 'clamd.d'
|
||||
maybe chown 'amavis' 'clamd.d/amavisd.conf'
|
||||
maybe chgrp 'amavis' 'clamd.d/amavisd.conf'
|
||||
maybe chmod 0644 'clamd.d/amavisd.conf'
|
||||
maybe chown 'amavis' 'clamd.d/scan.conf'
|
||||
maybe chgrp 'amavis' 'clamd.d/scan.conf'
|
||||
maybe chmod 0644 'clamd.d/scan.conf'
|
||||
maybe chown 'amavis' 'clamd.d/scan.conf.rpmnew'
|
||||
maybe chgrp 'amavis' 'clamd.d/scan.conf.rpmnew'
|
||||
@@ -924,7 +928,6 @@ maybe chmod 0644 'httpd/conf.d/perl.conf.rpmnew'
|
||||
maybe chmod 0644 'httpd/conf.d/php.conf'
|
||||
maybe chmod 0644 'httpd/conf.d/phpmyadmin.conf'
|
||||
maybe chmod 0644 'httpd/conf.d/squid.conf'
|
||||
maybe chmod 0644 'httpd/conf.d/ssl.conf'
|
||||
maybe chmod 0644 'httpd/conf.d/ssl.conf_disabled'
|
||||
maybe chmod 0644 'httpd/conf.d/userdir.conf'
|
||||
maybe chmod 0644 'httpd/conf.d/welcome.conf'
|
||||
@@ -3776,6 +3779,7 @@ maybe chmod 0644 'nginx/conf.d/php-fpm.conf'
|
||||
maybe chown 'nginx' 'nginx/conf.d/rspamd.club3d.ro.conf'
|
||||
maybe chgrp 'nginx' 'nginx/conf.d/rspamd.club3d.ro.conf'
|
||||
maybe chmod 0644 'nginx/conf.d/rspamd.club3d.ro.conf'
|
||||
maybe chmod 0640 'nginx/conf.d/savu.conf'
|
||||
maybe chown 'nginx' 'nginx/conf.d/storm.club3d.ro.conf'
|
||||
maybe chgrp 'nginx' 'nginx/conf.d/storm.club3d.ro.conf'
|
||||
maybe chmod 0640 'nginx/conf.d/storm.club3d.ro.conf'
|
||||
|
||||
@@ -26,6 +26,6 @@
|
||||
# 60 - 600 seconds. To Adjust the cron values, edit your configs and run
|
||||
# bash clamav-unofficial-sigs.sh --install-cron to generate a new file.
|
||||
MAILTO=root
|
||||
1 0 * * * amavis [ -x /usr/local/sbin/clamav-unofficial-sigs.sh ] && /usr/bin/bash /usr/local/sbin/clamav-unofficial-sigs.sh --force && /usr/bin/bash /usr/local/sbin/clamav-unofficial-sigs.sh --update && chown amavis:amavis /etc/clamd.d/ -R && chown amavis:amavis /etc/clamd.conf && sudo systemctl restart clamd
|
||||
1 0 * * * root [ -x /usr/local/sbin/clamav-unofficial-sigs.sh ] && /usr/bin/bash /usr/local/sbin/clamav-unofficial-sigs.sh --force && /usr/bin/bash /usr/local/sbin/clamav-unofficial-sigs.sh --update && chown amavis:amavis /etc/clamd.d/ -R && chown amavis:amavis /etc/clamd.conf && sudo systemctl restart clamd
|
||||
# https://eXtremeSHOK.com ######################################################
|
||||
|
||||
|
||||
@@ -1,5 +1,18 @@
|
||||
ChangeLog:
|
||||
|
||||
14.15 - Fixed regression issue with logfile regexes
|
||||
|
||||
Implemented an improved email wrapper
|
||||
|
||||
14.14 - Fixed issue with using Text::Wrap
|
||||
|
||||
14.13 - Added inline pid match to all system regexes to cater for logging
|
||||
changes
|
||||
|
||||
Use Text::Wrap to ensure email line lengths are within specifications
|
||||
|
||||
Updated dovecot log regexes to support the changed format in v2.3.15+
|
||||
|
||||
14.12 - Added cPanel SaaS servers to cpanel.allow
|
||||
|
||||
Added a fix for RHEL v8 processes that were reporting excessive null or
|
||||
|
||||
35
csf/csf.deny
35
csf/csf.deny
@@ -16,38 +16,3 @@
|
||||
#
|
||||
# See readme.txt for more information regarding advanced port filtering
|
||||
#
|
||||
185.244.41.0/24 # lfd: (NETBLOCK) 185.244.41.0/24 (RU/Russia/-/-/-) has had more than 2 blocks in the last 86400 secs - Fri Dec 11 12:00:59 2020
|
||||
78.128.113.67 # lfd: (PERMBLOCK) 78.128.113.67 (BG/Bulgaria/-/-/ip-113-67.4vendeta.com) has had more than 2 temp blocks in the last 86400 secs - Fri Dec 18 02:27:48 2020
|
||||
212.70.149.54 # lfd: (PERMBLOCK) 212.70.149.54 (BG/Bulgaria/-/-/-) has had more than 2 temp blocks in the last 86400 secs - Sat Dec 19 14:14:00 2020
|
||||
178.176.174.0/24 # lfd: (NETBLOCK) 178.176.174.0/24 (RU/Russia/Tatarstan Republic/Kazan’/-) has had more than 2 blocks in the last 86400 secs - Thu Dec 24 05:43:47 2020
|
||||
77.40.3.116 # lfd: (PERMBLOCK) 77.40.3.116 (RU/Russia/Mariy-El Republic/Yoshkar-Ola/116.3.dialup.mari-el.ru) has had more than 2 temp blocks in the last 86400 secs - Thu Dec 24 15:37:37 2020
|
||||
193.56.28.214 # lfd: (PERMBLOCK) 193.56.28.214 (GB/United Kingdom/-/-/-) has had more than 2 temp blocks in the last 86400 secs - Mon Dec 28 19:32:33 2020
|
||||
78.128.113.66 # lfd: (PERMBLOCK) 78.128.113.66 (BG/Bulgaria/-/-/ip-113-66.4vendeta.com) has had more than 2 temp blocks in the last 86400 secs - Mon Jan 11 18:33:10 2021
|
||||
216.118.251.2 # lfd: (PERMBLOCK) 216.118.251.2 (HK/Hong Kong/-/-/-) has had more than 2 temp blocks in the last 86400 secs - Fri Jan 15 18:55:23 2021
|
||||
212.70.149.85 # lfd: (PERMBLOCK) 212.70.149.85 (BG/Bulgaria/-/-/-) has had more than 2 temp blocks in the last 86400 secs - Mon Jan 18 23:35:05 2021
|
||||
87.246.7.0/24 # lfd: (NETBLOCK) 87.246.7.0/24 (BG/Bulgaria/-/-/-) has had more than 2 blocks in the last 86400 secs - Sun Jan 24 11:52:11 2021
|
||||
141.98.80.102 # lfd: (PERMBLOCK) 141.98.80.102 (PA/Panama/-/-/-) has had more than 2 temp blocks in the last 86400 secs - Sun Jan 24 19:36:50 2021
|
||||
186.216.69.0/24 # lfd: (NETBLOCK) 186.216.69.0/24 (BR/Brazil/Minas Gerais/Unai/-) has had more than 2 blocks in the last 86400 secs - Sun Jan 24 23:23:15 2021
|
||||
177.21.213.0/24 # lfd: (NETBLOCK) 177.21.213.0/24 (BR/Brazil/Rio Grande do Sul/Veranopolis/-) has had more than 2 blocks in the last 86400 secs - Mon Jan 25 13:29:27 2021
|
||||
177.87.68.0/24 # lfd: (NETBLOCK) 177.87.68.0/24 (BR/Brazil/Parana/Tres Barras do Parana/-) has had more than 2 blocks in the last 86400 secs - Mon Jan 25 20:14:03 2021
|
||||
91.243.45.40 # lfd: (PERMBLOCK) 91.243.45.40 (RU/Russia/-/-/-) has had more than 2 temp blocks in the last 86400 secs - Mon Jan 25 21:37:29 2021
|
||||
177.129.206.0/24 # lfd: (NETBLOCK) 177.129.206.0/24 (BR/Brazil/Minas Gerais/Itapagipe/-) has had more than 2 blocks in the last 86400 secs - Tue Jan 26 16:24:41 2021
|
||||
77.40.3.0/24 # lfd: (NETBLOCK) 77.40.3.0/24 (RU/Russia/Mariy-El Republic/Yoshkar-Ola/-) has had more than 2 blocks in the last 86400 secs - Sat Jan 30 09:20:59 2021
|
||||
77.40.2.37 # lfd: (PERMBLOCK) 77.40.2.37 (RU/Russia/Mariy-El Republic/Yoshkar-Ola/37.2.dialup.mari-el.ru) has had more than 2 temp blocks in the last 86400 secs - Sun Jan 31 15:19:42 2021
|
||||
187.87.2.0/24 # lfd: (NETBLOCK) 187.87.2.0/24 (BR/Brazil/Rio Grande do Norte/Caico/-) has had more than 2 blocks in the last 86400 secs - Wed Feb 3 22:16:42 2021
|
||||
186.250.205.0/24 # lfd: (NETBLOCK) 186.250.205.0/24 (BR/Brazil/Sao Paulo/Guaratingueta/-) has had more than 2 blocks in the last 86400 secs - Thu Feb 4 02:23:00 2021
|
||||
45.167.8.0/24 # lfd: (NETBLOCK) 45.167.8.0/24 (BR/Brazil/-/-/-) has had more than 2 blocks in the last 86400 secs - Fri Feb 5 08:32:05 2021
|
||||
141.98.80.130 # lfd: (PERMBLOCK) 141.98.80.130 (PA/Panama/-/-/-) has had more than 2 temp blocks in the last 86400 secs - Sun Feb 7 08:09:42 2021
|
||||
77.40.13.142 # lfd: (PERMBLOCK) 77.40.13.142 (RU/Russia/Mariy-El Republic/Yoshkar-Ola/142.13.pppoe.mari-el.ru) has had more than 2 temp blocks in the last 86400 secs - Mon Feb 8 02:34:44 2021
|
||||
77.40.2.22 # lfd: (PERMBLOCK) 77.40.2.22 (RU/Russia/Mariy-El Republic/Yoshkar-Ola/-) has had more than 2 temp blocks in the last 86400 secs - Mon Feb 8 20:13:38 2021
|
||||
77.40.40.20 # lfd: (PERMBLOCK) 77.40.40.20 (RU/Russia/Mariy-El Republic/Yoshkar-Ola/20.40.pppoe.mari-el.ru) has had more than 2 temp blocks in the last 86400 secs - Tue Feb 9 02:16:44 2021
|
||||
77.40.23.10 # lfd: (PERMBLOCK) 77.40.23.10 (RU/Russia/Mariy-El Republic/Yoshkar-Ola/10.23.pppoe.mari-el.ru) has had more than 2 temp blocks in the last 86400 secs - Wed Feb 10 12:01:31 2021
|
||||
77.247.110.130 # lfd: (PERMBLOCK) 77.247.110.130 (BZ/Belize/-/-/-) has had more than 2 temp blocks in the last 86400 secs - Sun Feb 14 01:02:38 2021
|
||||
77.247.110.132 # lfd: (PERMBLOCK) 77.247.110.132 (BZ/Belize/-/-/-) has had more than 2 temp blocks in the last 86400 secs - Mon Feb 15 03:26:39 2021
|
||||
77.40.80.168 # lfd: (PERMBLOCK) 77.40.80.168 (RU/Russia/Mariy-El Republic/Yoshkar-Ola/-) has had more than 2 temp blocks in the last 86400 secs - Wed Feb 17 08:24:55 2021
|
||||
5.188.206.234 # lfd: (PERMBLOCK) 5.188.206.234 (US/United States/-/-/-) has had more than 2 temp blocks in the last 86400 secs - Thu Feb 18 11:13:03 2021
|
||||
141.98.80.133 # lfd: (PERMBLOCK) 141.98.80.133 (PA/Panama/-/-/-) has had more than 2 temp blocks in the last 86400 secs - Sat Feb 20 09:26:44 2021
|
||||
2.57.122.32 # lfd: (PERMBLOCK) 2.57.122.32 (RO/Romania/-/-/-) has had more than 2 temp blocks in the last 86400 secs - Sun Feb 21 20:57:17 2021
|
||||
168.61.18.166 # lfd: (PERMBLOCK) 168.61.18.166 (US/United States/California/San Jose/-) has had more than 2 temp blocks in the last 86400 secs - Mon Feb 22 02:07:08 2021
|
||||
77.40.62.96 # lfd: (PERMBLOCK) 77.40.62.96 (RU/Russia/Mariy-El Republic/Yoshkar-Ola/96.62.pppoe.mari-el.ru) has had more than 2 temp blocks in the last 86400 secs - Wed Feb 24 13:05:28 2021
|
||||
77.40.2.171 # lfd: (PERMBLOCK) 77.40.2.171 (RU/Russia/Mariy-El Republic/Yoshkar-Ola/171.2.dialup.mari-el.ru) has had more than 2 temp blocks in the last 86400 secs - Thu Feb 25 15:43:13 2021
|
||||
|
||||
@@ -1 +1 @@
|
||||
14.12
|
||||
14.15
|
||||
1
group
1
group
@@ -103,3 +103,4 @@ rundeck:x:1018:
|
||||
litecoin:x:1019:
|
||||
bogdan:x:1020:
|
||||
squid:x:23:
|
||||
laser:x:1021:
|
||||
|
||||
1
group-
1
group-
@@ -102,3 +102,4 @@ mailcow:x:1017:
|
||||
rundeck:x:1018:
|
||||
litecoin:x:1019:
|
||||
bogdan:x:1020:
|
||||
squid:x:23:
|
||||
|
||||
3
hosts
3
hosts
@@ -1,5 +1,8 @@
|
||||
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
|
||||
|
||||
134.122.29.182 consul1
|
||||
|
||||
|
||||
###
|
||||
192.168.1.2 linux.vrem.ro linux
|
||||
192.168.1.1 speedport.lan
|
||||
|
||||
@@ -1,203 +0,0 @@
|
||||
#
|
||||
# When we also provide SSL we have to listen to the
|
||||
# standard HTTPS port in addition.
|
||||
#
|
||||
Listen 443 https
|
||||
|
||||
##
|
||||
## SSL Global Context
|
||||
##
|
||||
## All SSL configuration in this context applies both to
|
||||
## the main server and all SSL-enabled virtual hosts.
|
||||
##
|
||||
|
||||
# Pass Phrase Dialog:
|
||||
# Configure the pass phrase gathering process.
|
||||
# The filtering dialog program (`builtin' is a internal
|
||||
# terminal dialog) has to provide the pass phrase on stdout.
|
||||
SSLPassPhraseDialog exec:/usr/libexec/httpd-ssl-pass-dialog
|
||||
|
||||
# Inter-Process Session Cache:
|
||||
# Configure the SSL Session Cache: First the mechanism
|
||||
# to use and second the expiring timeout (in seconds).
|
||||
SSLSessionCache shmcb:/run/httpd/sslcache(512000)
|
||||
SSLSessionCacheTimeout 300
|
||||
|
||||
#
|
||||
# Use "SSLCryptoDevice" to enable any supported hardware
|
||||
# accelerators. Use "openssl engine -v" to list supported
|
||||
# engine names. NOTE: If you enable an accelerator and the
|
||||
# server does not start, consult the error logs and ensure
|
||||
# your accelerator is functioning properly.
|
||||
#
|
||||
SSLCryptoDevice builtin
|
||||
#SSLCryptoDevice ubsec
|
||||
|
||||
##
|
||||
## SSL Virtual Host Context
|
||||
##
|
||||
|
||||
<VirtualHost _default_:443>
|
||||
|
||||
# General setup for the virtual host, inherited from global configuration
|
||||
#DocumentRoot "/var/www/html"
|
||||
#ServerName www.example.com:443
|
||||
|
||||
# Use separate log files for the SSL virtual host; note that LogLevel
|
||||
# is not inherited from httpd.conf.
|
||||
ErrorLog logs/ssl_error_log
|
||||
TransferLog logs/ssl_access_log
|
||||
LogLevel warn
|
||||
|
||||
# SSL Engine Switch:
|
||||
# Enable/Disable SSL for this virtual host.
|
||||
SSLEngine on
|
||||
|
||||
# List the protocol versions which clients are allowed to connect with.
|
||||
# The OpenSSL system profile is used by default. See
|
||||
# update-crypto-policies(8) for more details.
|
||||
#SSLProtocol all -SSLv3
|
||||
#SSLProxyProtocol all -SSLv3
|
||||
|
||||
# User agents such as web browsers are not configured for the user's
|
||||
# own preference of either security or performance, therefore this
|
||||
# must be the prerogative of the web server administrator who manages
|
||||
# cpu load versus confidentiality, so enforce the server's cipher order.
|
||||
SSLHonorCipherOrder on
|
||||
|
||||
# SSL Cipher Suite:
|
||||
# List the ciphers that the client is permitted to negotiate.
|
||||
# See the mod_ssl documentation for a complete list.
|
||||
# The OpenSSL system profile is configured by default. See
|
||||
# update-crypto-policies(8) for more details.
|
||||
SSLCipherSuite PROFILE=SYSTEM
|
||||
SSLProxyCipherSuite PROFILE=SYSTEM
|
||||
|
||||
# Point SSLCertificateFile at a PEM encoded certificate. If
|
||||
# the certificate is encrypted, then you will be prompted for a
|
||||
# pass phrase. Note that restarting httpd will prompt again. Keep
|
||||
# in mind that if you have both an RSA and a DSA certificate you
|
||||
# can configure both in parallel (to also allow the use of DSA
|
||||
# ciphers, etc.)
|
||||
# Some ECC cipher suites (http://www.ietf.org/rfc/rfc4492.txt)
|
||||
# require an ECC certificate which can also be configured in
|
||||
# parallel.
|
||||
SSLCertificateFile /etc/pki/tls/certs/localhost.crt
|
||||
|
||||
# Server Private Key:
|
||||
# If the key is not combined with the certificate, use this
|
||||
# directive to point at the key file. Keep in mind that if
|
||||
# you've both a RSA and a DSA private key you can configure
|
||||
# both in parallel (to also allow the use of DSA ciphers, etc.)
|
||||
# ECC keys, when in use, can also be configured in parallel
|
||||
SSLCertificateKeyFile /etc/pki/tls/private/localhost.key
|
||||
|
||||
# Server Certificate Chain:
|
||||
# Point SSLCertificateChainFile at a file containing the
|
||||
# concatenation of PEM encoded CA certificates which form the
|
||||
# certificate chain for the server certificate. Alternatively
|
||||
# the referenced file can be the same as SSLCertificateFile
|
||||
# when the CA certificates are directly appended to the server
|
||||
# certificate for convenience.
|
||||
#SSLCertificateChainFile /etc/pki/tls/certs/server-chain.crt
|
||||
|
||||
# Certificate Authority (CA):
|
||||
# Set the CA certificate verification path where to find CA
|
||||
# certificates for client authentication or alternatively one
|
||||
# huge file containing all of them (file must be PEM encoded)
|
||||
#SSLCACertificateFile /etc/pki/tls/certs/ca-bundle.crt
|
||||
|
||||
# Client Authentication (Type):
|
||||
# Client certificate verification type and depth. Types are
|
||||
# none, optional, require and optional_no_ca. Depth is a
|
||||
# number which specifies how deeply to verify the certificate
|
||||
# issuer chain before deciding the certificate is not valid.
|
||||
#SSLVerifyClient require
|
||||
#SSLVerifyDepth 10
|
||||
|
||||
# Access Control:
|
||||
# With SSLRequire you can do per-directory access control based
|
||||
# on arbitrary complex boolean expressions containing server
|
||||
# variable checks and other lookup directives. The syntax is a
|
||||
# mixture between C and Perl. See the mod_ssl documentation
|
||||
# for more details.
|
||||
#<Location />
|
||||
#SSLRequire ( %{SSL_CIPHER} !~ m/^(EXP|NULL)/ \
|
||||
# and %{SSL_CLIENT_S_DN_O} eq "Snake Oil, Ltd." \
|
||||
# and %{SSL_CLIENT_S_DN_OU} in {"Staff", "CA", "Dev"} \
|
||||
# and %{TIME_WDAY} >= 1 and %{TIME_WDAY} <= 5 \
|
||||
# and %{TIME_HOUR} >= 8 and %{TIME_HOUR} <= 20 ) \
|
||||
# or %{REMOTE_ADDR} =~ m/^192\.76\.162\.[0-9]+$/
|
||||
#</Location>
|
||||
|
||||
# SSL Engine Options:
|
||||
# Set various options for the SSL engine.
|
||||
# o FakeBasicAuth:
|
||||
# Translate the client X.509 into a Basic Authorisation. This means that
|
||||
# the standard Auth/DBMAuth methods can be used for access control. The
|
||||
# user name is the `one line' version of the client's X.509 certificate.
|
||||
# Note that no password is obtained from the user. Every entry in the user
|
||||
# file needs this password: `xxj31ZMTZzkVA'.
|
||||
# o ExportCertData:
|
||||
# This exports two additional environment variables: SSL_CLIENT_CERT and
|
||||
# SSL_SERVER_CERT. These contain the PEM-encoded certificates of the
|
||||
# server (always existing) and the client (only existing when client
|
||||
# authentication is used). This can be used to import the certificates
|
||||
# into CGI scripts.
|
||||
# o StdEnvVars:
|
||||
# This exports the standard SSL/TLS related `SSL_*' environment variables.
|
||||
# Per default this exportation is switched off for performance reasons,
|
||||
# because the extraction step is an expensive operation and is usually
|
||||
# useless for serving static content. So one usually enables the
|
||||
# exportation for CGI and SSI requests only.
|
||||
# o StrictRequire:
|
||||
# This denies access when "SSLRequireSSL" or "SSLRequire" applied even
|
||||
# under a "Satisfy any" situation, i.e. when it applies access is denied
|
||||
# and no other module can change it.
|
||||
# o OptRenegotiate:
|
||||
# This enables optimized SSL connection renegotiation handling when SSL
|
||||
# directives are used in per-directory context.
|
||||
#SSLOptions +FakeBasicAuth +ExportCertData +StrictRequire
|
||||
<FilesMatch "\.(cgi|shtml|phtml|php)$">
|
||||
SSLOptions +StdEnvVars
|
||||
</FilesMatch>
|
||||
<Directory "/var/www/cgi-bin">
|
||||
SSLOptions +StdEnvVars
|
||||
</Directory>
|
||||
|
||||
# SSL Protocol Adjustments:
|
||||
# The safe and default but still SSL/TLS standard compliant shutdown
|
||||
# approach is that mod_ssl sends the close notify alert but doesn't wait for
|
||||
# the close notify alert from client. When you need a different shutdown
|
||||
# approach you can use one of the following variables:
|
||||
# o ssl-unclean-shutdown:
|
||||
# This forces an unclean shutdown when the connection is closed, i.e. no
|
||||
# SSL close notify alert is sent or allowed to be received. This violates
|
||||
# the SSL/TLS standard but is needed for some brain-dead browsers. Use
|
||||
# this when you receive I/O errors because of the standard approach where
|
||||
# mod_ssl sends the close notify alert.
|
||||
# o ssl-accurate-shutdown:
|
||||
# This forces an accurate shutdown when the connection is closed, i.e. a
|
||||
# SSL close notify alert is sent and mod_ssl waits for the close notify
|
||||
# alert of the client. This is 100% SSL/TLS standard compliant, but in
|
||||
# practice often causes hanging connections with brain-dead browsers. Use
|
||||
# this only for browsers where you know that their SSL implementation
|
||||
# works correctly.
|
||||
# Notice: Most problems of broken clients are also related to the HTTP
|
||||
# keep-alive facility, so you usually additionally want to disable
|
||||
# keep-alive for those clients, too. Use variable "nokeepalive" for this.
|
||||
# Similarly, one has to force some clients to use HTTP/1.0 to workaround
|
||||
# their broken HTTP/1.1 implementation. Use variables "downgrade-1.0" and
|
||||
# "force-response-1.0" for this.
|
||||
BrowserMatch "MSIE [2-5]" \
|
||||
nokeepalive ssl-unclean-shutdown \
|
||||
downgrade-1.0 force-response-1.0
|
||||
|
||||
# Per-Server Logging:
|
||||
# The home of a custom SSL log file. Use this when you want a
|
||||
# compact non-error SSL logfile on a virtual host basis.
|
||||
CustomLog logs/ssl_request_log \
|
||||
"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
|
||||
|
||||
</VirtualHost>
|
||||
|
||||
24
nginx/conf.d/savu.conf
Normal file
24
nginx/conf.d/savu.conf
Normal file
@@ -0,0 +1,24 @@
|
||||
server {
|
||||
listen 192.168.1.2:80;
|
||||
server_name savudrivenschool.co.uk www.savudrivenschool.co.uk;
|
||||
charset utf-8;
|
||||
root /var/www/html/vhosts/club3d.ro/savu;
|
||||
index index.php index.html index.htm;
|
||||
|
||||
access_log /var/log/nginx/savu.access.log;
|
||||
error_log /var/log/nginx/savu.error.log;
|
||||
|
||||
location ~* \.php$ {
|
||||
fastcgi_split_path_info ^(.+\.php)(/.+)$;
|
||||
include fastcgi_params;
|
||||
fastcgi_pass unix:/var/run/php-fpm.sock;
|
||||
fastcgi_index index.php;
|
||||
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
|
||||
fastcgi_buffer_size 16k;
|
||||
fastcgi_buffers 4 16k;
|
||||
}
|
||||
|
||||
# gzip should not be used with SSL
|
||||
gzip off;
|
||||
|
||||
}
|
||||
1
passwd
1
passwd
@@ -74,3 +74,4 @@ rundeck:x:1017:1018::/var/lib/rundeck:/bin/bash
|
||||
litecoin:x:1018:1019::/opt/litecoin:/bin/bash
|
||||
bogdan:x:1019:1020::/home/bogdan:/bin/bash
|
||||
squid:x:23:23::/var/spool/squid:/sbin/nologin
|
||||
laser:x:1020:1021::/home/laser:/bin/bash
|
||||
|
||||
3
passwd-
3
passwd-
@@ -72,4 +72,5 @@ cfb:x:1015:1016::/home/cfb:/bin/bash
|
||||
mailcow:x:1016:1017::/home/mailcow:/bin/bash
|
||||
rundeck:x:1017:1018::/var/lib/rundeck:/bin/bash
|
||||
litecoin:x:1018:1019::/opt/litecoin:/bin/bash
|
||||
bogdan:x:1019:1020::/home/bogdan:/usr/bin/mysecureshell
|
||||
bogdan:x:1019:1020::/home/bogdan:/bin/bash
|
||||
squid:x:23:23::/var/spool/squid:/sbin/nologin
|
||||
|
||||
1
shadow
1
shadow
@@ -74,3 +74,4 @@ rundeck:!!:18772:0:99999:7:30::
|
||||
litecoin:!!:18775:0:99999:7:30::
|
||||
bogdan:mCxaxi7Ck2FlI:18822:0:99999:7:30::
|
||||
squid:!!:18921::::::
|
||||
laser:$6$3IDnJkLhNhDa5MUg$ysajgR6P3uElTVSBuLJbix4lHHNheJ.JBIrGFRvUPsY2/265PmO3vjgWTculxKkywvas0vcVrX3Q4QQZ/qufR.:18954:0:99999:7:30::
|
||||
|
||||
1
shadow-
1
shadow-
@@ -73,3 +73,4 @@ mailcow:$6$7vT203MTlIc8ROf0$VxXn56jKN5.UAPyXsgvv4r2XQDaL5yjo8Tk1We6rPS1eB7fRxbmI
|
||||
rundeck:!!:18772:0:99999:7:30::
|
||||
litecoin:!!:18775:0:99999:7:30::
|
||||
bogdan:mCxaxi7Ck2FlI:18822:0:99999:7:30::
|
||||
squid:!!:18921::::::
|
||||
|
||||
@@ -26,13 +26,13 @@
|
||||
# MaxOpenFilesForUser 20 #limit user to open x files on same time
|
||||
# MaxWriteFilesForUser 10 #limit user to x upload on same time
|
||||
# MaxReadFilesForUser 10 #limit user to x download on same time
|
||||
DefaultRights 0664 0775 #Set default rights for new file and new directory
|
||||
DefaultRights 0640 0770 #Set default rights for new file and new directory
|
||||
# MinimumRights 0400 0700 #Set minimum rights for files and dirs
|
||||
|
||||
# PathDenyFilter "^\." #deny upload of directory/file which match this extented POSIX regex
|
||||
|
||||
ShowLinksAsLinks false #show links as their destinations
|
||||
# ConnectionMaxLife 1d #limits connection lifetime to 1 day
|
||||
ConnectionMaxLife 1d #limits connection lifetime to 1 day
|
||||
|
||||
# Charset "ISO-8859-15" #set charset of computer
|
||||
# GMTTime +1 #set GMT Time (change if necessary)
|
||||
|
||||
@@ -109,7 +109,7 @@ PermitTunnel no
|
||||
ChrootDirectory none
|
||||
VersionAddendum Fuck_Off!
|
||||
|
||||
AllowUsers root vampi madalin sonykss smiti sara
|
||||
AllowUsers root vampi madalin smiti sara laser
|
||||
Banner /etc/issue.net
|
||||
|
||||
# Accept locale-related environment variables
|
||||
@@ -120,6 +120,7 @@ AcceptEnv XMODIFIERS
|
||||
|
||||
# override default of no subsystems
|
||||
Subsystem sftp /usr/libexec/openssh/sftp-server -f AUTHPRIV -l INFO
|
||||
#Subsystem sftp internal-sftp
|
||||
|
||||
### Example of overriding settings on a per-user basis
|
||||
Match User root
|
||||
@@ -134,11 +135,11 @@ Match User vampi
|
||||
Match User madalin
|
||||
PermitTTY yes
|
||||
|
||||
Match User sonykss
|
||||
PermitTTY yes
|
||||
|
||||
Match User smiti
|
||||
PermitTTY yes
|
||||
|
||||
Match user sara
|
||||
PermitTTY yes
|
||||
|
||||
Match user laser
|
||||
PermitTTY yes
|
||||
|
||||
1
subgid
1
subgid
@@ -17,3 +17,4 @@ mailcow:1083040:65536
|
||||
rundeck:1148576:65536
|
||||
litecoin:1214112:65536
|
||||
bogdan:1279648:65536
|
||||
laser:1345184:65536
|
||||
|
||||
1
subgid-
1
subgid-
@@ -16,3 +16,4 @@ cfb:1017504:65536
|
||||
mailcow:1083040:65536
|
||||
rundeck:1148576:65536
|
||||
litecoin:1214112:65536
|
||||
bogdan:1279648:65536
|
||||
|
||||
1
subuid
1
subuid
@@ -17,3 +17,4 @@ mailcow:1083040:65536
|
||||
rundeck:1148576:65536
|
||||
litecoin:1214112:65536
|
||||
bogdan:1279648:65536
|
||||
laser:1345184:65536
|
||||
|
||||
Reference in New Issue
Block a user