diff --git a/.etckeeper b/.etckeeper index 9a06a67..df8183e 100755 --- a/.etckeeper +++ b/.etckeeper @@ -23,6 +23,7 @@ mkdir -p './cxs/newusers' mkdir -p './dbus-1/session.d' mkdir -p './dconf/db/local.d/locks' mkdir -p './dconf/db/site.d/locks' +mkdir -p './debuginfod' mkdir -p './dkms/framework.conf.d' mkdir -p './dnf/aliases.d' mkdir -p './dnf/modules.defaults.d' @@ -252,6 +253,7 @@ maybe chmod 0644 'authselect/postlogin' maybe chmod 0644 'authselect/smartcard-auth' maybe chmod 0644 'authselect/system-auth' maybe chmod 0644 'authselect/user-nsswitch.conf' +maybe chmod 0644 'authselect/user-nsswitch.conf.save_by_rpm' maybe chmod 0755 'awstats' maybe chmod 0644 'awstats/awstats.192.168.1.2.conf' maybe chmod 0644 'awstats/awstats.club3d.ro.conf' @@ -518,7 +520,6 @@ maybe chmod 0755 'dconf/db/site.d/locks' maybe chmod 0755 'dconf/profile' maybe chmod 0644 'dconf/profile/user' maybe chmod 0755 'debuginfod' -maybe chmod 0644 'debuginfod/elfutils.urls' maybe chmod 0755 'default' maybe chmod 0640 'default/color' maybe chmod 0644 'default/grub' @@ -997,6 +998,7 @@ maybe chmod 0644 'httpd/conf.d/perl.conf.rpmnew' maybe chmod 0644 'httpd/conf.d/php.conf' maybe chmod 0644 'httpd/conf.d/phpmyadmin.conf' maybe chmod 0644 'httpd/conf.d/squid.conf' +maybe chmod 0644 'httpd/conf.d/ssl.conf' maybe chmod 0644 'httpd/conf.d/ssl.conf_disabled' maybe chmod 0644 'httpd/conf.d/userdir.conf' maybe chmod 0644 'httpd/conf.d/welcome.conf' @@ -1148,23 +1150,23 @@ maybe chmod 0644 'issue.rpmnew' maybe chmod 0644 'issue.rpmsave' maybe chmod 0755 'java' maybe chmod 0755 'java/java-1.8.0-openjdk' -maybe chmod 0755 'java/java-1.8.0-openjdk/java-1.8.0-openjdk-1.8.0.372.b07-1.el8_7.x86_64' -maybe chmod 0755 'java/java-1.8.0-openjdk/java-1.8.0-openjdk-1.8.0.372.b07-1.el8_7.x86_64/lib' -maybe chmod 0644 'java/java-1.8.0-openjdk/java-1.8.0-openjdk-1.8.0.372.b07-1.el8_7.x86_64/lib/calendars.properties' -maybe chmod 0644 'java/java-1.8.0-openjdk/java-1.8.0-openjdk-1.8.0.372.b07-1.el8_7.x86_64/lib/logging.properties' -maybe chmod 0755 'java/java-1.8.0-openjdk/java-1.8.0-openjdk-1.8.0.372.b07-1.el8_7.x86_64/lib/security' -maybe chmod 0644 'java/java-1.8.0-openjdk/java-1.8.0-openjdk-1.8.0.372.b07-1.el8_7.x86_64/lib/security/blacklisted.certs' -maybe chmod 0644 'java/java-1.8.0-openjdk/java-1.8.0-openjdk-1.8.0.372.b07-1.el8_7.x86_64/lib/security/java.policy' -maybe chmod 0644 'java/java-1.8.0-openjdk/java-1.8.0-openjdk-1.8.0.372.b07-1.el8_7.x86_64/lib/security/java.security' -maybe chmod 0644 'java/java-1.8.0-openjdk/java-1.8.0-openjdk-1.8.0.372.b07-1.el8_7.x86_64/lib/security/nss.cfg' -maybe chmod 0644 'java/java-1.8.0-openjdk/java-1.8.0-openjdk-1.8.0.372.b07-1.el8_7.x86_64/lib/security/nss.fips.cfg' -maybe chmod 0755 'java/java-1.8.0-openjdk/java-1.8.0-openjdk-1.8.0.372.b07-1.el8_7.x86_64/lib/security/policy' -maybe chmod 0755 'java/java-1.8.0-openjdk/java-1.8.0-openjdk-1.8.0.372.b07-1.el8_7.x86_64/lib/security/policy/limited' -maybe chmod 0644 'java/java-1.8.0-openjdk/java-1.8.0-openjdk-1.8.0.372.b07-1.el8_7.x86_64/lib/security/policy/limited/US_export_policy.jar' -maybe chmod 0644 'java/java-1.8.0-openjdk/java-1.8.0-openjdk-1.8.0.372.b07-1.el8_7.x86_64/lib/security/policy/limited/local_policy.jar' -maybe chmod 0755 'java/java-1.8.0-openjdk/java-1.8.0-openjdk-1.8.0.372.b07-1.el8_7.x86_64/lib/security/policy/unlimited' -maybe chmod 0644 'java/java-1.8.0-openjdk/java-1.8.0-openjdk-1.8.0.372.b07-1.el8_7.x86_64/lib/security/policy/unlimited/US_export_policy.jar' -maybe chmod 0644 'java/java-1.8.0-openjdk/java-1.8.0-openjdk-1.8.0.372.b07-1.el8_7.x86_64/lib/security/policy/unlimited/local_policy.jar' +maybe chmod 0755 'java/java-1.8.0-openjdk/java-1.8.0-openjdk-1.8.0.372.b07-4.el8.x86_64' +maybe chmod 0755 'java/java-1.8.0-openjdk/java-1.8.0-openjdk-1.8.0.372.b07-4.el8.x86_64/lib' +maybe chmod 0644 'java/java-1.8.0-openjdk/java-1.8.0-openjdk-1.8.0.372.b07-4.el8.x86_64/lib/calendars.properties' +maybe chmod 0644 'java/java-1.8.0-openjdk/java-1.8.0-openjdk-1.8.0.372.b07-4.el8.x86_64/lib/logging.properties' +maybe chmod 0755 'java/java-1.8.0-openjdk/java-1.8.0-openjdk-1.8.0.372.b07-4.el8.x86_64/lib/security' +maybe chmod 0644 'java/java-1.8.0-openjdk/java-1.8.0-openjdk-1.8.0.372.b07-4.el8.x86_64/lib/security/blacklisted.certs' +maybe chmod 0644 'java/java-1.8.0-openjdk/java-1.8.0-openjdk-1.8.0.372.b07-4.el8.x86_64/lib/security/java.policy' +maybe chmod 0644 'java/java-1.8.0-openjdk/java-1.8.0-openjdk-1.8.0.372.b07-4.el8.x86_64/lib/security/java.security' +maybe chmod 0644 'java/java-1.8.0-openjdk/java-1.8.0-openjdk-1.8.0.372.b07-4.el8.x86_64/lib/security/nss.cfg' +maybe chmod 0644 'java/java-1.8.0-openjdk/java-1.8.0-openjdk-1.8.0.372.b07-4.el8.x86_64/lib/security/nss.fips.cfg' +maybe chmod 0755 'java/java-1.8.0-openjdk/java-1.8.0-openjdk-1.8.0.372.b07-4.el8.x86_64/lib/security/policy' +maybe chmod 0755 'java/java-1.8.0-openjdk/java-1.8.0-openjdk-1.8.0.372.b07-4.el8.x86_64/lib/security/policy/limited' +maybe chmod 0644 'java/java-1.8.0-openjdk/java-1.8.0-openjdk-1.8.0.372.b07-4.el8.x86_64/lib/security/policy/limited/US_export_policy.jar' +maybe chmod 0644 'java/java-1.8.0-openjdk/java-1.8.0-openjdk-1.8.0.372.b07-4.el8.x86_64/lib/security/policy/limited/local_policy.jar' +maybe chmod 0755 'java/java-1.8.0-openjdk/java-1.8.0-openjdk-1.8.0.372.b07-4.el8.x86_64/lib/security/policy/unlimited' +maybe chmod 0644 'java/java-1.8.0-openjdk/java-1.8.0-openjdk-1.8.0.372.b07-4.el8.x86_64/lib/security/policy/unlimited/US_export_policy.jar' +maybe chmod 0644 'java/java-1.8.0-openjdk/java-1.8.0-openjdk-1.8.0.372.b07-4.el8.x86_64/lib/security/policy/unlimited/local_policy.jar' maybe chmod 0755 'java/security' maybe chmod 0755 'java/security/security.d' maybe chmod 0755 'jvm' @@ -4173,7 +4175,6 @@ maybe chmod 0644 'modprobe.d/rds.conf' maybe chmod 0644 'modprobe.d/sctp.conf' maybe chmod 0640 'modprobe.d/squashfs.conf' maybe chmod 0644 'modprobe.d/tipc.conf' -maybe chmod 0644 'modprobe.d/truescale.conf' maybe chmod 0644 'modprobe.d/tuned.conf' maybe chmod 0640 'modprobe.d/udf.conf' maybe chmod 0640 'modprobe.d/vfat.conf' @@ -4844,6 +4845,7 @@ maybe chmod 0644 'nginx/uwsgi_params' maybe chmod 0644 'npmrc' maybe chmod 0755 'nrpe.d' maybe chmod 0644 'nsswitch.conf' +maybe chmod 0644 'nsswitch.conf.save_by_rpm' maybe chmod 0755 'oddjob' maybe chmod 0644 'oddjobd.conf' maybe chmod 0755 'oddjobd.conf.d' @@ -5410,8 +5412,6 @@ maybe chmod 0644 'profile.d/colorxzgrep.sh' maybe chmod 0644 'profile.d/colorzgrep.csh' maybe chmod 0644 'profile.d/colorzgrep.sh' maybe chmod 0644 'profile.d/csh.local' -maybe chmod 0644 'profile.d/debuginfod.csh' -maybe chmod 0644 'profile.d/debuginfod.sh' maybe chmod 0644 'profile.d/gawk.csh' maybe chmod 0644 'profile.d/gawk.sh' maybe chmod 0640 'profile.d/grc.sh' @@ -5679,6 +5679,7 @@ maybe chmod 0755 'security/namespace.d' maybe chmod 0755 'security/namespace.init' maybe chmod 0600 'security/opasswd' maybe chmod 0644 'security/pam_env.conf' +maybe chmod 0644 'security/pwhistory.conf' maybe chmod 0644 'security/pwquality.conf' maybe chmod 0755 'security/pwquality.conf.d' maybe chmod 0644 'security/sepermit.conf' @@ -5967,6 +5968,7 @@ maybe chmod 0644 'systemd/coredump.conf' maybe chmod 0644 'systemd/journald.conf' maybe chmod 0644 'systemd/logind.conf' maybe chmod 0644 'systemd/logind.conf.rpmnew' +maybe chmod 0644 'systemd/pstore.conf' maybe chmod 0644 'systemd/resolved.conf' maybe chmod 0755 'systemd/system' maybe chmod 0644 'systemd/system.conf' @@ -6022,7 +6024,6 @@ maybe chmod 0755 'udev' maybe chmod 0444 'udev/hwdb.bin' maybe chmod 0755 'udev/hwdb.d' maybe chmod 0755 'udev/rules.d' -maybe chmod 0644 'udev/rules.d/70-persistent-ipoib.rules' maybe chmod 0644 'udev/rules.d/70-snap.snapd.rules' maybe chmod 0644 'udev/rules.d/75-cd-aliases-generator.rules' maybe chmod 0644 'udev/rules.d/75-persistent-net-generator.rules' diff --git a/aliases.db b/aliases.db index c0c476a..d09db35 100644 Binary files a/aliases.db and b/aliases.db differ diff --git a/almalinux-release b/almalinux-release index 435b57e..1e5acad 100644 --- a/almalinux-release +++ b/almalinux-release @@ -1 +1 @@ -AlmaLinux release 8.7 (Stone Smilodon) +AlmaLinux release 8.8 (Sapphire Caracal) diff --git a/almalinux-release-upstream b/almalinux-release-upstream index dc7a1a6..3c51791 100644 --- a/almalinux-release-upstream +++ b/almalinux-release-upstream @@ -1 +1 @@ -Derived from Red Hat Enterprise Linux 8.7 (Source) +Derived from Red Hat Enterprise Linux 8.8 (Source) diff --git a/alternatives/alt-java b/alternatives/alt-java index 69ef780..f866157 120000 --- a/alternatives/alt-java +++ b/alternatives/alt-java @@ -1 +1 @@ -/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.372.b07-1.el8_7.x86_64/jre/bin/alt-java \ No newline at end of file +/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.372.b07-4.el8.x86_64/jre/bin/alt-java \ No newline at end of file diff --git a/alternatives/alt-java.1.gz b/alternatives/alt-java.1.gz index b9151fb..78818c2 120000 --- a/alternatives/alt-java.1.gz +++ b/alternatives/alt-java.1.gz @@ -1 +1 @@ -/usr/share/man/man1/alt-java-java-1.8.0-openjdk-1.8.0.372.b07-1.el8_7.x86_64.1.gz \ No newline at end of file +/usr/share/man/man1/alt-java-java-1.8.0-openjdk-1.8.0.372.b07-4.el8.x86_64.1.gz \ No newline at end of file diff --git a/alternatives/java b/alternatives/java index 5ebce97..4aa0b15 120000 --- a/alternatives/java +++ b/alternatives/java @@ -1 +1 @@ -/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.372.b07-1.el8_7.x86_64/jre/bin/java \ No newline at end of file +/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.372.b07-4.el8.x86_64/jre/bin/java \ No newline at end of file diff --git a/alternatives/java.1.gz b/alternatives/java.1.gz index fa1e4f0..9b50ccb 120000 --- a/alternatives/java.1.gz +++ b/alternatives/java.1.gz @@ -1 +1 @@ -/usr/share/man/man1/java-java-1.8.0-openjdk-1.8.0.372.b07-1.el8_7.x86_64.1.gz \ No newline at end of file +/usr/share/man/man1/java-java-1.8.0-openjdk-1.8.0.372.b07-4.el8.x86_64.1.gz \ No newline at end of file diff --git a/alternatives/jjs b/alternatives/jjs index d81da6f..229d23f 120000 --- a/alternatives/jjs +++ b/alternatives/jjs @@ -1 +1 @@ -/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.372.b07-1.el8_7.x86_64/jre/bin/jjs \ No newline at end of file +/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.372.b07-4.el8.x86_64/jre/bin/jjs \ No newline at end of file diff --git a/alternatives/jjs.1.gz b/alternatives/jjs.1.gz index 638725b..2e229a6 120000 --- a/alternatives/jjs.1.gz +++ b/alternatives/jjs.1.gz @@ -1 +1 @@ -/usr/share/man/man1/jjs-java-1.8.0-openjdk-1.8.0.372.b07-1.el8_7.x86_64.1.gz \ No newline at end of file +/usr/share/man/man1/jjs-java-1.8.0-openjdk-1.8.0.372.b07-4.el8.x86_64.1.gz \ No newline at end of file diff --git a/alternatives/jre b/alternatives/jre index 3ad516c..fc85740 120000 --- a/alternatives/jre +++ b/alternatives/jre @@ -1 +1 @@ -/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.372.b07-1.el8_7.x86_64/jre \ No newline at end of file +/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.372.b07-4.el8.x86_64/jre \ No newline at end of file diff --git a/alternatives/jre_1.8.0 b/alternatives/jre_1.8.0 index 3ad516c..fc85740 120000 --- a/alternatives/jre_1.8.0 +++ b/alternatives/jre_1.8.0 @@ -1 +1 @@ -/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.372.b07-1.el8_7.x86_64/jre \ No newline at end of file +/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.372.b07-4.el8.x86_64/jre \ No newline at end of file diff --git a/alternatives/jre_1.8.0_openjdk b/alternatives/jre_1.8.0_openjdk index fa55eee..c9f8301 120000 --- a/alternatives/jre_1.8.0_openjdk +++ b/alternatives/jre_1.8.0_openjdk @@ -1 +1 @@ -/usr/lib/jvm/jre-1.8.0-openjdk-1.8.0.372.b07-1.el8_7.x86_64 \ No newline at end of file +/usr/lib/jvm/jre-1.8.0-openjdk-1.8.0.372.b07-4.el8.x86_64 \ No newline at end of file diff --git a/alternatives/jre_openjdk b/alternatives/jre_openjdk index 3ad516c..fc85740 120000 --- a/alternatives/jre_openjdk +++ b/alternatives/jre_openjdk @@ -1 +1 @@ -/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.372.b07-1.el8_7.x86_64/jre \ No newline at end of file +/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.372.b07-4.el8.x86_64/jre \ No newline at end of file diff --git a/alternatives/keytool b/alternatives/keytool index 509a878..3a2784a 120000 --- a/alternatives/keytool +++ b/alternatives/keytool @@ -1 +1 @@ -/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.372.b07-1.el8_7.x86_64/jre/bin/keytool \ No newline at end of file +/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.372.b07-4.el8.x86_64/jre/bin/keytool \ No newline at end of file diff --git a/alternatives/keytool.1.gz b/alternatives/keytool.1.gz index 56b72d2..dd45a57 120000 --- a/alternatives/keytool.1.gz +++ b/alternatives/keytool.1.gz @@ -1 +1 @@ -/usr/share/man/man1/keytool-java-1.8.0-openjdk-1.8.0.372.b07-1.el8_7.x86_64.1.gz \ No newline at end of file +/usr/share/man/man1/keytool-java-1.8.0-openjdk-1.8.0.372.b07-4.el8.x86_64.1.gz \ No newline at end of file diff --git a/alternatives/orbd b/alternatives/orbd index 093191f..d3f89f9 120000 --- a/alternatives/orbd +++ b/alternatives/orbd @@ -1 +1 @@ -/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.372.b07-1.el8_7.x86_64/jre/bin/orbd \ No newline at end of file +/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.372.b07-4.el8.x86_64/jre/bin/orbd \ No newline at end of file diff --git a/alternatives/orbd.1.gz b/alternatives/orbd.1.gz index 5541449..b1b4327 120000 --- a/alternatives/orbd.1.gz +++ b/alternatives/orbd.1.gz @@ -1 +1 @@ -/usr/share/man/man1/orbd-java-1.8.0-openjdk-1.8.0.372.b07-1.el8_7.x86_64.1.gz \ No newline at end of file +/usr/share/man/man1/orbd-java-1.8.0-openjdk-1.8.0.372.b07-4.el8.x86_64.1.gz \ No newline at end of file diff --git a/alternatives/pack200 b/alternatives/pack200 index 6315c4e..7b27ca8 120000 --- a/alternatives/pack200 +++ b/alternatives/pack200 @@ -1 +1 @@ -/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.372.b07-1.el8_7.x86_64/jre/bin/pack200 \ No newline at end of file +/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.372.b07-4.el8.x86_64/jre/bin/pack200 \ No newline at end of file diff --git a/alternatives/pack200.1.gz b/alternatives/pack200.1.gz index f4b71d1..bb25af3 120000 --- a/alternatives/pack200.1.gz +++ b/alternatives/pack200.1.gz @@ -1 +1 @@ -/usr/share/man/man1/pack200-java-1.8.0-openjdk-1.8.0.372.b07-1.el8_7.x86_64.1.gz \ No newline at end of file +/usr/share/man/man1/pack200-java-1.8.0-openjdk-1.8.0.372.b07-4.el8.x86_64.1.gz \ No newline at end of file diff --git a/alternatives/policytool b/alternatives/policytool index d3d61b6..ba06812 120000 --- a/alternatives/policytool +++ b/alternatives/policytool @@ -1 +1 @@ -/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.372.b07-1.el8_7.x86_64/jre/bin/policytool \ No newline at end of file +/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.372.b07-4.el8.x86_64/jre/bin/policytool \ No newline at end of file diff --git a/alternatives/policytool.1.gz b/alternatives/policytool.1.gz index 94f9ce0..bd79f84 120000 --- a/alternatives/policytool.1.gz +++ b/alternatives/policytool.1.gz @@ -1 +1 @@ -/usr/share/man/man1/policytool-java-1.8.0-openjdk-1.8.0.372.b07-1.el8_7.x86_64.1.gz \ No newline at end of file +/usr/share/man/man1/policytool-java-1.8.0-openjdk-1.8.0.372.b07-4.el8.x86_64.1.gz \ No newline at end of file diff --git a/alternatives/rmid b/alternatives/rmid index 59b6ad9..482ffbe 120000 --- a/alternatives/rmid +++ b/alternatives/rmid @@ -1 +1 @@ -/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.372.b07-1.el8_7.x86_64/jre/bin/rmid \ No newline at end of file +/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.372.b07-4.el8.x86_64/jre/bin/rmid \ No newline at end of file diff --git a/alternatives/rmid.1.gz b/alternatives/rmid.1.gz index fabb6e1..dd7b7d3 120000 --- a/alternatives/rmid.1.gz +++ b/alternatives/rmid.1.gz @@ -1 +1 @@ -/usr/share/man/man1/rmid-java-1.8.0-openjdk-1.8.0.372.b07-1.el8_7.x86_64.1.gz \ No newline at end of file +/usr/share/man/man1/rmid-java-1.8.0-openjdk-1.8.0.372.b07-4.el8.x86_64.1.gz \ No newline at end of file diff --git a/alternatives/rmiregistry b/alternatives/rmiregistry index c6c0e4e..fa10308 120000 --- a/alternatives/rmiregistry +++ b/alternatives/rmiregistry @@ -1 +1 @@ -/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.372.b07-1.el8_7.x86_64/jre/bin/rmiregistry \ No newline at end of file +/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.372.b07-4.el8.x86_64/jre/bin/rmiregistry \ No newline at end of file diff --git a/alternatives/rmiregistry.1.gz b/alternatives/rmiregistry.1.gz index 03021da..a5e2464 120000 --- a/alternatives/rmiregistry.1.gz +++ b/alternatives/rmiregistry.1.gz @@ -1 +1 @@ -/usr/share/man/man1/rmiregistry-java-1.8.0-openjdk-1.8.0.372.b07-1.el8_7.x86_64.1.gz \ No newline at end of file +/usr/share/man/man1/rmiregistry-java-1.8.0-openjdk-1.8.0.372.b07-4.el8.x86_64.1.gz \ No newline at end of file diff --git a/alternatives/servertool b/alternatives/servertool index 64b21e5..ce19ae8 120000 --- a/alternatives/servertool +++ b/alternatives/servertool @@ -1 +1 @@ -/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.372.b07-1.el8_7.x86_64/jre/bin/servertool \ No newline at end of file +/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.372.b07-4.el8.x86_64/jre/bin/servertool \ No newline at end of file diff --git a/alternatives/servertool.1.gz b/alternatives/servertool.1.gz index 964bdee..79f3deb 120000 --- a/alternatives/servertool.1.gz +++ b/alternatives/servertool.1.gz @@ -1 +1 @@ -/usr/share/man/man1/servertool-java-1.8.0-openjdk-1.8.0.372.b07-1.el8_7.x86_64.1.gz \ No newline at end of file +/usr/share/man/man1/servertool-java-1.8.0-openjdk-1.8.0.372.b07-4.el8.x86_64.1.gz \ No newline at end of file diff --git a/alternatives/tnameserv b/alternatives/tnameserv index 4bd0106..2cfe200 120000 --- a/alternatives/tnameserv +++ b/alternatives/tnameserv @@ -1 +1 @@ -/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.372.b07-1.el8_7.x86_64/jre/bin/tnameserv \ No newline at end of file +/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.372.b07-4.el8.x86_64/jre/bin/tnameserv \ No newline at end of file diff --git a/alternatives/tnameserv.1.gz b/alternatives/tnameserv.1.gz index 1626ee6..5c52809 120000 --- a/alternatives/tnameserv.1.gz +++ b/alternatives/tnameserv.1.gz @@ -1 +1 @@ -/usr/share/man/man1/tnameserv-java-1.8.0-openjdk-1.8.0.372.b07-1.el8_7.x86_64.1.gz \ No newline at end of file +/usr/share/man/man1/tnameserv-java-1.8.0-openjdk-1.8.0.372.b07-4.el8.x86_64.1.gz \ No newline at end of file diff --git a/alternatives/unpack200 b/alternatives/unpack200 index 82ddf71..a983872 120000 --- a/alternatives/unpack200 +++ b/alternatives/unpack200 @@ -1 +1 @@ -/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.372.b07-1.el8_7.x86_64/jre/bin/unpack200 \ No newline at end of file +/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.372.b07-4.el8.x86_64/jre/bin/unpack200 \ No newline at end of file diff --git a/alternatives/unpack200.1.gz b/alternatives/unpack200.1.gz index fada10e..4ef4625 120000 --- a/alternatives/unpack200.1.gz +++ b/alternatives/unpack200.1.gz @@ -1 +1 @@ -/usr/share/man/man1/unpack200-java-1.8.0-openjdk-1.8.0.372.b07-1.el8_7.x86_64.1.gz \ No newline at end of file +/usr/share/man/man1/unpack200-java-1.8.0-openjdk-1.8.0.372.b07-4.el8.x86_64.1.gz \ No newline at end of file diff --git a/authselect/user-nsswitch.conf b/authselect/user-nsswitch.conf index 59829b3..be3a4af 100644 --- a/authselect/user-nsswitch.conf +++ b/authselect/user-nsswitch.conf @@ -35,8 +35,6 @@ # # Notes: # -# 'sssd' performs its own 'files'-based caching, so it should generally -# come before 'files'. # # WARNING: Running nscd with a secondary caching service like sssd may # lead to unexpected behaviour, especially with how long @@ -53,9 +51,9 @@ # group: db files # In order of likelihood of use to accelerate lookup. -passwd: sss files systemd +passwd: files sss systemd shadow: files sss -group: sss files systemd +group: files sss systemd hosts: files dns myhostname services: files sss netgroup: sss diff --git a/authselect/user-nsswitch.conf.save_by_rpm b/authselect/user-nsswitch.conf.save_by_rpm new file mode 100644 index 0000000..59829b3 --- /dev/null +++ b/authselect/user-nsswitch.conf.save_by_rpm @@ -0,0 +1,72 @@ +# +# /etc/nsswitch.conf +# +# Name Service Switch config file. This file should be +# sorted with the most-used services at the beginning. +# +# Valid databases are: aliases, ethers, group, gshadow, hosts, +# initgroups, netgroup, networks, passwd, protocols, publickey, +# rpc, services, and shadow. +# +# Valid service provider entries include (in alphabetical order): +# +# compat Use /etc files plus *_compat pseudo-db +# db Use the pre-processed /var/db files +# dns Use DNS (Domain Name Service) +# files Use the local files in /etc +# hesiod Use Hesiod (DNS) for user lookups +# nis Use NIS (NIS version 2), also called YP +# nisplus Use NIS+ (NIS version 3) +# +# See `info libc 'NSS Basics'` for more information. +# +# Commonly used alternative service providers (may need installation): +# +# ldap Use LDAP directory server +# myhostname Use systemd host names +# mymachines Use systemd machine names +# mdns*, mdns*_minimal Use Avahi mDNS/DNS-SD +# resolve Use systemd resolved resolver +# sss Use System Security Services Daemon (sssd) +# systemd Use systemd for dynamic user option +# winbind Use Samba winbind support +# wins Use Samba wins support +# wrapper Use wrapper module for testing +# +# Notes: +# +# 'sssd' performs its own 'files'-based caching, so it should generally +# come before 'files'. +# +# WARNING: Running nscd with a secondary caching service like sssd may +# lead to unexpected behaviour, especially with how long +# entries are cached. +# +# Installation instructions: +# +# To use 'db', install the appropriate package(s) (provide 'makedb' and +# libnss_db.so.*), and place the 'db' in front of 'files' for entries +# you want to be looked up first in the databases, like this: +# +# passwd: db files +# shadow: db files +# group: db files + +# In order of likelihood of use to accelerate lookup. +passwd: sss files systemd +shadow: files sss +group: sss files systemd +hosts: files dns myhostname +services: files sss +netgroup: sss +automount: files sss + +aliases: files +ethers: files +gshadow: files +# Allow initgroups to default to the setting for group. +# initgroups: files +networks: files dns +protocols: files +publickey: files +rpc: files diff --git a/debuginfod/elfutils.urls b/debuginfod/elfutils.urls deleted file mode 100644 index 1f54c3c..0000000 --- a/debuginfod/elfutils.urls +++ /dev/null @@ -1 +0,0 @@ -https://debuginfod.centos.org/ diff --git a/httpd/conf.d/ssl.conf b/httpd/conf.d/ssl.conf new file mode 100644 index 0000000..d28adf3 --- /dev/null +++ b/httpd/conf.d/ssl.conf @@ -0,0 +1,203 @@ +# +# When we also provide SSL we have to listen to the +# standard HTTPS port in addition. +# +Listen 443 https + +## +## SSL Global Context +## +## All SSL configuration in this context applies both to +## the main server and all SSL-enabled virtual hosts. +## + +# Pass Phrase Dialog: +# Configure the pass phrase gathering process. +# The filtering dialog program (`builtin' is a internal +# terminal dialog) has to provide the pass phrase on stdout. +SSLPassPhraseDialog exec:/usr/libexec/httpd-ssl-pass-dialog + +# Inter-Process Session Cache: +# Configure the SSL Session Cache: First the mechanism +# to use and second the expiring timeout (in seconds). +SSLSessionCache shmcb:/run/httpd/sslcache(512000) +SSLSessionCacheTimeout 300 + +# +# Use "SSLCryptoDevice" to enable any supported hardware +# accelerators. Use "openssl engine -v" to list supported +# engine names. NOTE: If you enable an accelerator and the +# server does not start, consult the error logs and ensure +# your accelerator is functioning properly. +# +SSLCryptoDevice builtin +#SSLCryptoDevice ubsec + +## +## SSL Virtual Host Context +## + + + +# General setup for the virtual host, inherited from global configuration +#DocumentRoot "/var/www/html" +#ServerName www.example.com:443 + +# Use separate log files for the SSL virtual host; note that LogLevel +# is not inherited from httpd.conf. +ErrorLog logs/ssl_error_log +TransferLog logs/ssl_access_log +LogLevel warn + +# SSL Engine Switch: +# Enable/Disable SSL for this virtual host. +SSLEngine on + +# List the protocol versions which clients are allowed to connect with. +# The OpenSSL system profile is used by default. See +# update-crypto-policies(8) for more details. +#SSLProtocol all -SSLv3 +#SSLProxyProtocol all -SSLv3 + +# User agents such as web browsers are not configured for the user's +# own preference of either security or performance, therefore this +# must be the prerogative of the web server administrator who manages +# cpu load versus confidentiality, so enforce the server's cipher order. +SSLHonorCipherOrder on + +# SSL Cipher Suite: +# List the ciphers that the client is permitted to negotiate. +# See the mod_ssl documentation for a complete list. +# The OpenSSL system profile is configured by default. See +# update-crypto-policies(8) for more details. +SSLCipherSuite PROFILE=SYSTEM +SSLProxyCipherSuite PROFILE=SYSTEM + +# Point SSLCertificateFile at a PEM encoded certificate. If +# the certificate is encrypted, then you will be prompted for a +# pass phrase. Note that restarting httpd will prompt again. Keep +# in mind that if you have both an RSA and a DSA certificate you +# can configure both in parallel (to also allow the use of DSA +# ciphers, etc.) +# Some ECC cipher suites (http://www.ietf.org/rfc/rfc4492.txt) +# require an ECC certificate which can also be configured in +# parallel. +SSLCertificateFile /etc/pki/tls/certs/localhost.crt + +# Server Private Key: +# If the key is not combined with the certificate, use this +# directive to point at the key file. Keep in mind that if +# you've both a RSA and a DSA private key you can configure +# both in parallel (to also allow the use of DSA ciphers, etc.) +# ECC keys, when in use, can also be configured in parallel +SSLCertificateKeyFile /etc/pki/tls/private/localhost.key + +# Server Certificate Chain: +# Point SSLCertificateChainFile at a file containing the +# concatenation of PEM encoded CA certificates which form the +# certificate chain for the server certificate. Alternatively +# the referenced file can be the same as SSLCertificateFile +# when the CA certificates are directly appended to the server +# certificate for convenience. +#SSLCertificateChainFile /etc/pki/tls/certs/server-chain.crt + +# Certificate Authority (CA): +# Set the CA certificate verification path where to find CA +# certificates for client authentication or alternatively one +# huge file containing all of them (file must be PEM encoded) +#SSLCACertificateFile /etc/pki/tls/certs/ca-bundle.crt + +# Client Authentication (Type): +# Client certificate verification type and depth. Types are +# none, optional, require and optional_no_ca. Depth is a +# number which specifies how deeply to verify the certificate +# issuer chain before deciding the certificate is not valid. +#SSLVerifyClient require +#SSLVerifyDepth 10 + +# Access Control: +# With SSLRequire you can do per-directory access control based +# on arbitrary complex boolean expressions containing server +# variable checks and other lookup directives. The syntax is a +# mixture between C and Perl. See the mod_ssl documentation +# for more details. +# +#SSLRequire ( %{SSL_CIPHER} !~ m/^(EXP|NULL)/ \ +# and %{SSL_CLIENT_S_DN_O} eq "Snake Oil, Ltd." \ +# and %{SSL_CLIENT_S_DN_OU} in {"Staff", "CA", "Dev"} \ +# and %{TIME_WDAY} >= 1 and %{TIME_WDAY} <= 5 \ +# and %{TIME_HOUR} >= 8 and %{TIME_HOUR} <= 20 ) \ +# or %{REMOTE_ADDR} =~ m/^192\.76\.162\.[0-9]+$/ +# + +# SSL Engine Options: +# Set various options for the SSL engine. +# o FakeBasicAuth: +# Translate the client X.509 into a Basic Authorisation. This means that +# the standard Auth/DBMAuth methods can be used for access control. The +# user name is the `one line' version of the client's X.509 certificate. +# Note that no password is obtained from the user. Every entry in the user +# file needs this password: `xxj31ZMTZzkVA'. +# o ExportCertData: +# This exports two additional environment variables: SSL_CLIENT_CERT and +# SSL_SERVER_CERT. These contain the PEM-encoded certificates of the +# server (always existing) and the client (only existing when client +# authentication is used). This can be used to import the certificates +# into CGI scripts. +# o StdEnvVars: +# This exports the standard SSL/TLS related `SSL_*' environment variables. +# Per default this exportation is switched off for performance reasons, +# because the extraction step is an expensive operation and is usually +# useless for serving static content. So one usually enables the +# exportation for CGI and SSI requests only. +# o StrictRequire: +# This denies access when "SSLRequireSSL" or "SSLRequire" applied even +# under a "Satisfy any" situation, i.e. when it applies access is denied +# and no other module can change it. +# o OptRenegotiate: +# This enables optimized SSL connection renegotiation handling when SSL +# directives are used in per-directory context. +#SSLOptions +FakeBasicAuth +ExportCertData +StrictRequire + + SSLOptions +StdEnvVars + + + SSLOptions +StdEnvVars + + +# SSL Protocol Adjustments: +# The safe and default but still SSL/TLS standard compliant shutdown +# approach is that mod_ssl sends the close notify alert but doesn't wait for +# the close notify alert from client. When you need a different shutdown +# approach you can use one of the following variables: +# o ssl-unclean-shutdown: +# This forces an unclean shutdown when the connection is closed, i.e. no +# SSL close notify alert is sent or allowed to be received. This violates +# the SSL/TLS standard but is needed for some brain-dead browsers. Use +# this when you receive I/O errors because of the standard approach where +# mod_ssl sends the close notify alert. +# o ssl-accurate-shutdown: +# This forces an accurate shutdown when the connection is closed, i.e. a +# SSL close notify alert is sent and mod_ssl waits for the close notify +# alert of the client. This is 100% SSL/TLS standard compliant, but in +# practice often causes hanging connections with brain-dead browsers. Use +# this only for browsers where you know that their SSL implementation +# works correctly. +# Notice: Most problems of broken clients are also related to the HTTP +# keep-alive facility, so you usually additionally want to disable +# keep-alive for those clients, too. Use variable "nokeepalive" for this. +# Similarly, one has to force some clients to use HTTP/1.0 to workaround +# their broken HTTP/1.1 implementation. Use variables "downgrade-1.0" and +# "force-response-1.0" for this. +BrowserMatch "MSIE [2-5]" \ + nokeepalive ssl-unclean-shutdown \ + downgrade-1.0 force-response-1.0 + +# Per-Server Logging: +# The home of a custom SSL log file. Use this when you want a +# compact non-error SSL logfile on a virtual host basis. +CustomLog logs/ssl_request_log \ + "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b" + + + diff --git a/java/java-1.8.0-openjdk/java-1.8.0-openjdk-1.8.0.372.b07-1.el8_7.x86_64/lib/calendars.properties b/java/java-1.8.0-openjdk/java-1.8.0-openjdk-1.8.0.372.b07-4.el8.x86_64/lib/calendars.properties similarity index 100% rename from java/java-1.8.0-openjdk/java-1.8.0-openjdk-1.8.0.372.b07-1.el8_7.x86_64/lib/calendars.properties rename to java/java-1.8.0-openjdk/java-1.8.0-openjdk-1.8.0.372.b07-4.el8.x86_64/lib/calendars.properties diff --git a/java/java-1.8.0-openjdk/java-1.8.0-openjdk-1.8.0.372.b07-1.el8_7.x86_64/lib/logging.properties b/java/java-1.8.0-openjdk/java-1.8.0-openjdk-1.8.0.372.b07-4.el8.x86_64/lib/logging.properties similarity index 100% rename from java/java-1.8.0-openjdk/java-1.8.0-openjdk-1.8.0.372.b07-1.el8_7.x86_64/lib/logging.properties rename to java/java-1.8.0-openjdk/java-1.8.0-openjdk-1.8.0.372.b07-4.el8.x86_64/lib/logging.properties diff --git a/java/java-1.8.0-openjdk/java-1.8.0-openjdk-1.8.0.372.b07-1.el8_7.x86_64/lib/security/blacklisted.certs b/java/java-1.8.0-openjdk/java-1.8.0-openjdk-1.8.0.372.b07-4.el8.x86_64/lib/security/blacklisted.certs similarity index 100% rename from java/java-1.8.0-openjdk/java-1.8.0-openjdk-1.8.0.372.b07-1.el8_7.x86_64/lib/security/blacklisted.certs rename to java/java-1.8.0-openjdk/java-1.8.0-openjdk-1.8.0.372.b07-4.el8.x86_64/lib/security/blacklisted.certs diff --git a/java/java-1.8.0-openjdk/java-1.8.0-openjdk-1.8.0.372.b07-1.el8_7.x86_64/lib/security/cacerts b/java/java-1.8.0-openjdk/java-1.8.0-openjdk-1.8.0.372.b07-4.el8.x86_64/lib/security/cacerts similarity index 100% rename from java/java-1.8.0-openjdk/java-1.8.0-openjdk-1.8.0.372.b07-1.el8_7.x86_64/lib/security/cacerts rename to java/java-1.8.0-openjdk/java-1.8.0-openjdk-1.8.0.372.b07-4.el8.x86_64/lib/security/cacerts diff --git a/java/java-1.8.0-openjdk/java-1.8.0-openjdk-1.8.0.372.b07-1.el8_7.x86_64/lib/security/java.policy b/java/java-1.8.0-openjdk/java-1.8.0-openjdk-1.8.0.372.b07-4.el8.x86_64/lib/security/java.policy similarity index 100% rename from java/java-1.8.0-openjdk/java-1.8.0-openjdk-1.8.0.372.b07-1.el8_7.x86_64/lib/security/java.policy rename to java/java-1.8.0-openjdk/java-1.8.0-openjdk-1.8.0.372.b07-4.el8.x86_64/lib/security/java.policy diff --git a/java/java-1.8.0-openjdk/java-1.8.0-openjdk-1.8.0.372.b07-1.el8_7.x86_64/lib/security/java.security b/java/java-1.8.0-openjdk/java-1.8.0-openjdk-1.8.0.372.b07-4.el8.x86_64/lib/security/java.security similarity index 99% rename from java/java-1.8.0-openjdk/java-1.8.0-openjdk-1.8.0.372.b07-1.el8_7.x86_64/lib/security/java.security rename to java/java-1.8.0-openjdk/java-1.8.0-openjdk-1.8.0.372.b07-4.el8.x86_64/lib/security/java.security index a9bf8bc..89138b8 100644 --- a/java/java-1.8.0-openjdk/java-1.8.0-openjdk-1.8.0.372.b07-1.el8_7.x86_64/lib/security/java.security +++ b/java/java-1.8.0-openjdk/java-1.8.0-openjdk-1.8.0.372.b07-4.el8.x86_64/lib/security/java.security @@ -240,9 +240,7 @@ package.access=sun.,\ com.sun.activation.registries.,\ jdk.jfr.events.,\ jdk.jfr.internal.,\ - jdk.management.jfr.internal.,\ - org.GNOME.Accessibility.,\ - org.GNOME.Bonobo. + jdk.management.jfr.internal. # # List of comma-separated packages that start with or equal this string @@ -295,9 +293,7 @@ package.definition=sun.,\ com.sun.activation.registries.,\ jdk.jfr.events.,\ jdk.jfr.internal.,\ - jdk.management.jfr.internal.,\ - org.GNOME.Accessibility.,\ - org.GNOME.Bonobo. + jdk.management.jfr.internal. # # Determines whether this properties file can be appended to @@ -316,7 +312,7 @@ security.useSystemPropertiesFile=true # Specifies the system certificate store # This property may be disabled using an empty value # -security.systemCACerts=/etc/pki/java/cacerts +security.systemCACerts=${java.home}/lib/security/cacerts # # Determines the default key and trust manager factory algorithms for diff --git a/java/java-1.8.0-openjdk/java-1.8.0-openjdk-1.8.0.372.b07-1.el8_7.x86_64/lib/security/nss.cfg b/java/java-1.8.0-openjdk/java-1.8.0-openjdk-1.8.0.372.b07-4.el8.x86_64/lib/security/nss.cfg similarity index 100% rename from java/java-1.8.0-openjdk/java-1.8.0-openjdk-1.8.0.372.b07-1.el8_7.x86_64/lib/security/nss.cfg rename to java/java-1.8.0-openjdk/java-1.8.0-openjdk-1.8.0.372.b07-4.el8.x86_64/lib/security/nss.cfg diff --git a/java/java-1.8.0-openjdk/java-1.8.0-openjdk-1.8.0.372.b07-1.el8_7.x86_64/lib/security/nss.fips.cfg b/java/java-1.8.0-openjdk/java-1.8.0-openjdk-1.8.0.372.b07-4.el8.x86_64/lib/security/nss.fips.cfg similarity index 100% rename from java/java-1.8.0-openjdk/java-1.8.0-openjdk-1.8.0.372.b07-1.el8_7.x86_64/lib/security/nss.fips.cfg rename to java/java-1.8.0-openjdk/java-1.8.0-openjdk-1.8.0.372.b07-4.el8.x86_64/lib/security/nss.fips.cfg diff --git a/java/java-1.8.0-openjdk/java-1.8.0-openjdk-1.8.0.372.b07-1.el8_7.x86_64/lib/security/policy/limited/US_export_policy.jar b/java/java-1.8.0-openjdk/java-1.8.0-openjdk-1.8.0.372.b07-4.el8.x86_64/lib/security/policy/limited/US_export_policy.jar similarity index 100% rename from java/java-1.8.0-openjdk/java-1.8.0-openjdk-1.8.0.372.b07-1.el8_7.x86_64/lib/security/policy/limited/US_export_policy.jar rename to java/java-1.8.0-openjdk/java-1.8.0-openjdk-1.8.0.372.b07-4.el8.x86_64/lib/security/policy/limited/US_export_policy.jar diff --git a/java/java-1.8.0-openjdk/java-1.8.0-openjdk-1.8.0.372.b07-1.el8_7.x86_64/lib/security/policy/limited/local_policy.jar b/java/java-1.8.0-openjdk/java-1.8.0-openjdk-1.8.0.372.b07-4.el8.x86_64/lib/security/policy/limited/local_policy.jar similarity index 100% rename from java/java-1.8.0-openjdk/java-1.8.0-openjdk-1.8.0.372.b07-1.el8_7.x86_64/lib/security/policy/limited/local_policy.jar rename to java/java-1.8.0-openjdk/java-1.8.0-openjdk-1.8.0.372.b07-4.el8.x86_64/lib/security/policy/limited/local_policy.jar diff --git a/java/java-1.8.0-openjdk/java-1.8.0-openjdk-1.8.0.372.b07-1.el8_7.x86_64/lib/security/policy/unlimited/US_export_policy.jar b/java/java-1.8.0-openjdk/java-1.8.0-openjdk-1.8.0.372.b07-4.el8.x86_64/lib/security/policy/unlimited/US_export_policy.jar similarity index 100% rename from java/java-1.8.0-openjdk/java-1.8.0-openjdk-1.8.0.372.b07-1.el8_7.x86_64/lib/security/policy/unlimited/US_export_policy.jar rename to java/java-1.8.0-openjdk/java-1.8.0-openjdk-1.8.0.372.b07-4.el8.x86_64/lib/security/policy/unlimited/US_export_policy.jar diff --git a/java/java-1.8.0-openjdk/java-1.8.0-openjdk-1.8.0.372.b07-1.el8_7.x86_64/lib/security/policy/unlimited/local_policy.jar b/java/java-1.8.0-openjdk/java-1.8.0-openjdk-1.8.0.372.b07-4.el8.x86_64/lib/security/policy/unlimited/local_policy.jar similarity index 100% rename from java/java-1.8.0-openjdk/java-1.8.0-openjdk-1.8.0.372.b07-1.el8_7.x86_64/lib/security/policy/unlimited/local_policy.jar rename to java/java-1.8.0-openjdk/java-1.8.0-openjdk-1.8.0.372.b07-4.el8.x86_64/lib/security/policy/unlimited/local_policy.jar diff --git a/logrotate.d/btmp b/logrotate.d/btmp index 393ead5..0aa1ae1 100644 --- a/logrotate.d/btmp +++ b/logrotate.d/btmp @@ -2,6 +2,6 @@ /var/log/btmp { missingok monthly - create 0600 root utmp + create 0660 root utmp rotate 1 } diff --git a/logrotate.d/syslog b/logrotate.d/syslog index b101e32..db85401 100644 --- a/logrotate.d/syslog +++ b/logrotate.d/syslog @@ -7,6 +7,6 @@ missingok sharedscripts postrotate - /usr/bin/systemctl kill -s HUP rsyslog.service >/dev/null 2>&1 || true + /usr/bin/systemctl -s HUP kill rsyslog.service >/dev/null 2>&1 || true endscript } diff --git a/modprobe.d/truescale.conf b/modprobe.d/truescale.conf deleted file mode 100644 index eced349..0000000 --- a/modprobe.d/truescale.conf +++ /dev/null @@ -1 +0,0 @@ -install ib_qib modprobe -i ib_qib $CMDLINE_OPTS && /usr/libexec/truescale-serdes.cmds start diff --git a/nsswitch.conf b/nsswitch.conf index cf877c2..864e8e1 100644 --- a/nsswitch.conf +++ b/nsswitch.conf @@ -46,8 +46,6 @@ session include system-auth # # Notes: # -# 'sssd' performs its own 'files'-based caching, so it should generally -# come before 'files'. # # WARNING: Running nscd with a secondary caching service like sssd may # lead to unexpected behaviour, especially with how long @@ -64,9 +62,9 @@ session include system-auth # group: db files # In order of likelihood of use to accelerate lookup. -passwd: sss files systemd +passwd: files sss systemd shadow: files sss -group: sss files systemd +group: files sss systemd hosts: files dns myhostname services: files sss netgroup: sss diff --git a/nsswitch.conf.save_by_rpm b/nsswitch.conf.save_by_rpm new file mode 100644 index 0000000..cf877c2 --- /dev/null +++ b/nsswitch.conf.save_by_rpm @@ -0,0 +1,83 @@ +# This file is part of systemd. +# +# Used by systemd --user instances. + +account include system-auth + +session required pam_selinux.so close +session required pam_selinux.so nottys open +session required pam_loginuid.so +session include system-auth +[root@mail pam.d]# cat /etc/nsswitch.conf +# +# /etc/nsswitch.conf +# +# Name Service Switch config file. This file should be +# sorted with the most-used services at the beginning. +# +# Valid databases are: aliases, ethers, group, gshadow, hosts, +# initgroups, netgroup, networks, passwd, protocols, publickey, +# rpc, services, and shadow. +# +# Valid service provider entries include (in alphabetical order): +# +# compat Use /etc files plus *_compat pseudo-db +# db Use the pre-processed /var/db files +# dns Use DNS (Domain Name Service) +# files Use the local files in /etc +# hesiod Use Hesiod (DNS) for user lookups +# nis Use NIS (NIS version 2), also called YP +# nisplus Use NIS+ (NIS version 3) +# +# See `info libc 'NSS Basics'` for more information. +# +# Commonly used alternative service providers (may need installation): +# +# ldap Use LDAP directory server +# myhostname Use systemd host names +# mymachines Use systemd machine names +# mdns*, mdns*_minimal Use Avahi mDNS/DNS-SD +# resolve Use systemd resolved resolver +# sss Use System Security Services Daemon (sssd) +# systemd Use systemd for dynamic user option +# winbind Use Samba winbind support +# wins Use Samba wins support +# wrapper Use wrapper module for testing +# +# Notes: +# +# 'sssd' performs its own 'files'-based caching, so it should generally +# come before 'files'. +# +# WARNING: Running nscd with a secondary caching service like sssd may +# lead to unexpected behaviour, especially with how long +# entries are cached. +# +# Installation instructions: +# +# To use 'db', install the appropriate package(s) (provide 'makedb' and +# libnss_db.so.*), and place the 'db' in front of 'files' for entries +# you want to be looked up first in the databases, like this: +# +# passwd: db files +# shadow: db files +# group: db files + +# In order of likelihood of use to accelerate lookup. +passwd: sss files systemd +shadow: files sss +group: sss files systemd +hosts: files dns myhostname +services: files sss +netgroup: sss +automount: files sss + +aliases: files +ethers: files +gshadow: files +# Allow initgroups to default to the setting for group. +# initgroups: files +networks: files dns +protocols: files +publickey: files +rpc: files diff --git a/pam.d/cockpit b/pam.d/cockpit index 9776e4b..1cf2c9f 100644 --- a/pam.d/cockpit +++ b/pam.d/cockpit @@ -3,6 +3,8 @@ auth required pam_sepermit.so auth substack password-auth auth include postlogin auth optional pam_ssh_add.so +# List of users to deny access to Cockpit, by default root is included. +auth required pam_listfile.so item=user sense=deny file=/etc/cockpit/disallowed-users onerr=succeed account required pam_nologin.so account include password-auth password include password-auth diff --git a/pam.d/systemd-user b/pam.d/systemd-user index 8607d4f..d1f64c1 100644 --- a/pam.d/systemd-user +++ b/pam.d/systemd-user @@ -8,4 +8,5 @@ account include system-auth session required pam_selinux.so close session required pam_selinux.so nottys open session required pam_loginuid.so +session required pam_namespace.so session include system-auth diff --git a/profile.d/debuginfod.csh b/profile.d/debuginfod.csh deleted file mode 100644 index c01f682..0000000 --- a/profile.d/debuginfod.csh +++ /dev/null @@ -1,16 +0,0 @@ -# $HOME/.login* or similar files may first set $DEBUGINFOD_URLS. -# If $DEBUGINFOD_URLS is not set there, we set it from system *.url files. -# $HOME/.*rc or similar files may then amend $DEBUGINFOD_URLS. -# See also [man debuginfod-client-config] for other environment variables -# such as $DEBUGINFOD_MAXSIZE, $DEBUGINFOD_MAXTIME, $DEBUGINFOD_PROGRESS. - -if (! $?DEBUGINFOD_URLS) then - set prefix="/usr" - set DEBUGINFOD_URLS=`sh -c 'cat "$0"/*.urls 2>/dev/null; :' "/etc/debuginfod" | tr '\n' ' '` - if ( "$DEBUGINFOD_URLS" != "" ) then - setenv DEBUGINFOD_URLS "$DEBUGINFOD_URLS" - else - unset DEBUGINFOD_URLS - endif - unset prefix -endif diff --git a/profile.d/debuginfod.sh b/profile.d/debuginfod.sh deleted file mode 100644 index 8f94ca4..0000000 --- a/profile.d/debuginfod.sh +++ /dev/null @@ -1,12 +0,0 @@ -# $HOME/.profile* or similar files may first set $DEBUGINFOD_URLS. -# If $DEBUGINFOD_URLS is not set there, we set it from system *.url files. -# $HOME/.*rc or similar files may then amend $DEBUGINFOD_URLS. -# See also [man debuginfod-client-config] for other environment variables -# such as $DEBUGINFOD_MAXSIZE, $DEBUGINFOD_MAXTIME, $DEBUGINFOD_PROGRESS. - -if [ -z "$DEBUGINFOD_URLS" ]; then - prefix="/usr" - DEBUGINFOD_URLS=$(cat "/etc/debuginfod"/*.urls 2>/dev/null | tr '\n' ' ') - [ -n "$DEBUGINFOD_URLS" ] && export DEBUGINFOD_URLS || unset DEBUGINFOD_URLS - unset prefix -fi diff --git a/profile.d/lang.csh b/profile.d/lang.csh index 94c4625..4e5f014 100644 --- a/profile.d/lang.csh +++ b/profile.d/lang.csh @@ -13,7 +13,7 @@ foreach config (/etc/locale.conf "${HOME}/.i18n") end if (${?LANG_backup}) then - set LANG="${LANG_backup}" + setenv LANG "${LANG_backup}" endif unset LANG_backup config diff --git a/security/pwhistory.conf b/security/pwhistory.conf new file mode 100644 index 0000000..070b719 --- /dev/null +++ b/security/pwhistory.conf @@ -0,0 +1,21 @@ +# Configuration for remembering the last passwords used by a user. +# +# Enable the debugging logs. +# Enabled if option is present. +# debug +# +# root account's passwords are also remembered. +# Enabled if option is present. +# enforce_for_root +# +# Number of passwords to remember. +# The default is 10. +# remember = 10 +# +# Number of times to prompt for the password. +# The default is 1. +# retry = 1 +# +# The directory where the last passwords are kept. +# The default is /etc/security/opasswd. +# file = /etc/security/opasswd diff --git a/selinux/targeted/.policy.sha512 b/selinux/targeted/.policy.sha512 index 814b844..70fba6a 100644 --- a/selinux/targeted/.policy.sha512 +++ b/selinux/targeted/.policy.sha512 @@ -1 +1 @@ -5020ff024b92d2d5d7a2b0066e3d83e856dfa88046c653658ee78523cb7cb82cc1ba0340b6c33d8a05bd0bc00c73843ee3c21bd8f02774c0117ee1a097701e10 +39819a81a29de9acf96a0e5b0509b4e45648c91f9c9db96e5345dd703622099dc0b0b2672071df7383f208fbd6fddee4f382f222874803430377bc522d200bfa diff --git a/selinux/targeted/contexts/files/file_contexts b/selinux/targeted/contexts/files/file_contexts index d63a92a..c4ce876 100644 --- a/selinux/targeted/contexts/files/file_contexts +++ b/selinux/targeted/contexts/files/file_contexts @@ -651,6 +651,7 @@ /usr/bin/gpg(2)? -- system_u:object_r:gpg_exec_t:s0 /dev/cdc-wdm[0-9] -c system_u:object_r:modem_device_t:s0 /dev/floppy/[^/]* -b system_u:object_r:removable_device_t:s0 +/dev/pktcdvd[0-7] -b system_u:object_r:removable_device_t:s0 /etc/rsyslog.conf system_u:object_r:syslog_conf_t:s0 /dev/raw/raw[0-9]+ -c system_u:object_r:fixed_disk_device_t:s0 /dev/stratis(/.*)? system_u:object_r:stratisd_data_t:s0 @@ -816,6 +817,7 @@ /dev/watchdog.* -c system_u:object_r:watchdog_device_t:s0 /dev/winradio.* -c system_u:object_r:v4l_device_t:s0 /dev/ataraid/.* -b system_u:object_r:fixed_disk_device_t:s0 +/dev/pktcdvd/.+ -b system_u:object_r:removable_device_t:s0 /var/run/wsgi.* -s system_u:object_r:httpd_var_run_t:s0 /dev/shm/mono.* system_u:object_r:user_tmp_t:s0 /var/log/cron.* system_u:object_r:cron_log_t:s0 @@ -4306,6 +4308,7 @@ /usr/sbin/lvmsadc -- system_u:object_r:lvm_exec_t:s0 /usr/sbin/metalog -- system_u:object_r:syslogd_exec_t:s0 /usr/sbin/mkdosfs -- system_u:object_r:fsadm_exec_t:s0 +/usr/sbin/mkudffs -- system_u:object_r:fsadm_exec_t:s0 /usr/sbin/nfsdcld -- system_u:object_r:rpcd_exec_t:s0 /usr/sbin/nologin -- system_u:object_r:shell_exec_t:s0 /usr/sbin/ntpdate -- system_u:object_r:ntpdate_exec_t:s0 @@ -4352,6 +4355,7 @@ /usr/sbin/vnstatd -- system_u:object_r:vnstatd_exec_t:s0 /usr/sbin/wpa_cli -- system_u:object_r:wpa_cli_exec_t:s0 /var/dnscache/run -- system_u:object_r:svc_run_exec_t:s0 +/var/log/sudo\.log -- system_u:object_r:sudo_log_t:s0 /var/run/abrt\.pid -- system_u:object_r:abrt_var_run_t:s0 /var/run/apmd\.pid -- system_u:object_r:apmd_var_run_t:s0 /var/run/gpsd\.pid -- system_u:object_r:gpsd_var_run_t:s0 @@ -4498,6 +4502,7 @@ /usr/sbin/ns-slapd -- system_u:object_r:dirsrv_exec_t:s0 /usr/sbin/opendkim -- system_u:object_r:dkim_milter_exec_t:s0 /usr/sbin/openhpid -- system_u:object_r:openhpid_exec_t:s0 +/usr/sbin/pktsetup -- system_u:object_r:fsadm_exec_t:s0 /usr/sbin/pmap_set -- system_u:object_r:portmap_helper_exec_t:s0 /usr/sbin/postdrop -- system_u:object_r:postfix_postdrop_exec_t:s0 /usr/sbin/postgrey -- system_u:object_r:postgrey_exec_t:s0 @@ -4521,6 +4526,7 @@ /usr/sbin/synaptic -- system_u:object_r:rpm_exec_t:s0 /usr/sbin/tmpwatch -- system_u:object_r:tmpreaper_exec_t:s0 /usr/sbin/udevsend -- system_u:object_r:udev_exec_t:s0 +/usr/sbin/udflabel -- system_u:object_r:fsadm_exec_t:s0 /usr/sbin/updfstab -- system_u:object_r:updfstab_exec_t:s0 /usr/sbin/utempter -- system_u:object_r:utempter_exec_t:s0 /usr/sbin/validate -- system_u:object_r:chkpwd_exec_t:s0 @@ -4875,6 +4881,7 @@ /var/run/\.iroha_unix -d system_u:object_r:canna_var_run_t:s0 /dev/cpu_dma_latency -c system_u:object_r:netcontrol_device_t:s0 /dev/network_latency -c system_u:object_r:netcontrol_device_t:s0 +/dev/pktcdvd/control -c system_u:object_r:pktcdvd_control_device_t:s0 /var/run/auditd_sock -s system_u:object_r:auditd_var_run_t:s0 /var/run/charon\.vici -s system_u:object_r:ipsec_var_run_t:s0 /var/run/docker\.sock -s system_u:object_r:container_var_run_t:s0 @@ -5301,6 +5308,7 @@ /usr/sbin/nsd-checkzone -- system_u:object_r:nsd_exec_t:s0 /usr/sbin/ods-enforcerd -- system_u:object_r:opendnssec_exec_t:s0 /usr/sbin/open_init_pty -- system_u:object_r:initrc_exec_t:s0 +/usr/sbin/pktcdvd-check -- system_u:object_r:fsadm_exec_t:s0 /usr/sbin/puppetmasterd -- system_u:object_r:puppetmaster_exec_t:s0 /usr/sbin/rpc\.yppasswdd -- system_u:object_r:yppasswdd_exec_t:s0 /usr/sbin/stop-ds-admin -- system_u:object_r:dirsrvadmin_exec_t:s0 @@ -6266,6 +6274,7 @@ /usr/lib/nagios/plugins/check_file_age -- system_u:object_r:nagios_admin_plugin_exec_t:s0 /usr/lib/nspluginwrapper/plugin-config -- system_u:object_r:mozilla_plugin_config_exec_t:s0 /usr/lib/pgsql/test/regress/pg_regress -- system_u:object_r:postgresql_exec_t:s0 +/usr/lib/systemd/systemd-socket-proxyd -- system_u:object_r:systemd_socket_proxyd_exec_t:s0 /usr/share/cluster/fence_scsi_check\.pl -- system_u:object_r:fenced_exec_t:s0 /usr/share/gnucash/finance-quote-check -- system_u:object_r:bin_t:s0 /usr/share/munin/plugins/http_loadtime -- system_u:object_r:services_munin_plugin_exec_t:s0 @@ -6397,6 +6406,7 @@ /usr/share/doc/ghc/html/libraries/gen_contents_index -- system_u:object_r:bin_t:s0 /usr/share/gitolite/hooks/gitolite-admin/post-update -- system_u:object_r:bin_t:s0 /usr/lib/systemd/system/systemd-modules-load\.service system_u:object_r:systemd_modules_load_unit_file_t:s0 +/usr/lib/systemd/system/systemd-socket-proxyd\.service -- system_u:object_r:systemd_socket_proxyd_unit_file_t:s0 /usr/lib64/nagios/plugins/check_number_openshift_apps -- system_u:object_r:nagios_openshift_plugin_exec_t:s0 /usr/share/system-config-samba/system-config-samba\.py -- system_u:object_r:bin_t:s0 /usr/share/system-config-display/system-config-display -- system_u:object_r:bin_t:s0 diff --git a/selinux/targeted/contexts/files/file_contexts.bin b/selinux/targeted/contexts/files/file_contexts.bin index 4100177..811d138 100644 Binary files a/selinux/targeted/contexts/files/file_contexts.bin and b/selinux/targeted/contexts/files/file_contexts.bin differ diff --git a/selinux/targeted/policy/policy.31 b/selinux/targeted/policy/policy.31 index 169308e..96dfeaa 100644 Binary files a/selinux/targeted/policy/policy.31 and b/selinux/targeted/policy/policy.31 differ diff --git a/sysconfig/rngd b/sysconfig/rngd index dbb6f7a..cce3c6e 100644 --- a/sysconfig/rngd +++ b/sysconfig/rngd @@ -1,3 +1,3 @@ # Optional arguments passed to rngd. See rngd(8) and # https://bugzilla.redhat.com/show_bug.cgi?id=1252175#c21 -RNGD_ARGS="--fill-watermark=0 -x pkcs11 -x nist -D daemon:daemon" +RNGD_ARGS="--fill-watermark=0 -x pkcs11 -x nist -x qrypt -D daemon:daemon" diff --git a/systemd/pstore.conf b/systemd/pstore.conf new file mode 100644 index 0000000..93a8b67 --- /dev/null +++ b/systemd/pstore.conf @@ -0,0 +1,16 @@ +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. +# +# Entries in this file show the compile time defaults. +# You can change settings by editing this file. +# Defaults can be restored by simply deleting this file. +# +# See pstore.conf(5) for details. + +[PStore] +#Storage=external +#Unlink=yes diff --git a/tuned/tuned-main.conf b/tuned/tuned-main.conf index 7dfa6a5..54a0b3e 100644 --- a/tuned/tuned-main.conf +++ b/tuned/tuned-main.conf @@ -49,3 +49,29 @@ log_file_max_size = 1MB # It can be used to force tuning for specific architecture. # If commented, "/proc/cpuinfo" will be read to fill its content. # cpuinfo_string = Intel + +# Enable TuneD listening on dbus +# enable_dbus = 1 + +# Enable TuneD listening on unix domain socket +# As this functionality is not used commonly, we disable it by default +# and it is needed to allow it manually +# enable_unix_socket = 0 + +# Path to socket for TuneD to listen +# Existing files on given path will be removed +# unix_socket_path = /run/tuned/tuned.sock + +# Paths to sockets for TuneD to send signals to separated by , or ; +# unix_socket_signal_paths = + +# Default unix socket ownership +# Can be set as id or name, -1 or non-existing name leaves unchanged +# unix_socket_ownership = -1 -1 + +# Permissions for listening sockets +# unix_socket_permissions = 0o600 + +# Size of connections backlog for listen function on socket +# Higher value allows to process requests from more clients +# connections_backlog = 1024 diff --git a/udev/rules.d/70-persistent-ipoib.rules b/udev/rules.d/70-persistent-ipoib.rules deleted file mode 100644 index f8d700a..0000000 --- a/udev/rules.d/70-persistent-ipoib.rules +++ /dev/null @@ -1,12 +0,0 @@ -# This is a sample udev rules file that demonstrates how to get udev to -# set the name of IPoIB interfaces to whatever you wish. There is a -# 16 character limit on network device names. -# -# Important items to note: ATTR{type}=="32" is IPoIB interfaces, and the -# ATTR{address} match must start with ?* and only reference the last 8 -# bytes of the address or else the address might not match the variable QPN -# portion. -# -# Modern udev is case sensitive and all addresses need to be in lower case. -# -# ACTION=="add", SUBSYSTEM=="net", DRIVERS=="?*", ATTR{type}=="32", ATTR{address}=="?*00:02:c9:03:00:31:78:f2", NAME="mlx4_ib3" diff --git a/vmware-tools/tools.conf.example b/vmware-tools/tools.conf.example index bfcf952..a7d994c 100644 --- a/vmware-tools/tools.conf.example +++ b/vmware-tools/tools.conf.example @@ -436,22 +436,37 @@ [autoupgrade] -# The autoupgrade plugin is only available for Windows. - # The "allow-upgrade" option controls whether automatic upgrades (or reinstalls) -# are allowed. The two options "allow-add-feature" and "allow-remove-feature" -# control whether adding or removing a feature will be allowed. The two latter -# ones only affect Windows tools. - +# are allowed. #allow-upgrade=true + +# The autoupgrade plugin is only available for Windows. +# The "allow-add-feature" and "allow-remove-feature" control whether adding +# or removing a feature will be allowed. +# The allow-msi-transforms option controls whether TRANSFORMS property is +# allowed. + #allow-add-feature=true #allow-remove-feature=true +#allow-msi-transforms=false [deployPkg] # to disable guest customization #enable-customization=false +# This "wait-cloudinit-timeout" option controls how long does guest +# customization wait for cloud-init execution done when it detects cloud-init +# is available in guest. +# Guest customization will continue executing as soon as it detects cloud-init +# execution done within this option's value in seconds. +# If cloud-init is still running beyond this option's value in seconds, guest +# customization will continue executing regardless cloud-init execution status. +# Minimum valid value is 0 second, set to 0 to disable waiting. +# Maximum valid value is 1800 seconds (30 minutes). +# Default value is 30 seconds. +#wait-cloudinit-timeout=30 + [cbhelper] # The carbonblack helper plugin is only available for Windows.