saving uncommitted changes in /etc prior to dnf run

2022-06-24 13:49:33 +03:00
parent cc38403914
commit f3aa21d388
6 changed files with 38 additions and 5 deletions
--- a/.etckeeper
+++ b/.etckeeper
@@ -534,6 +534,7 @@ maybe chmod 0644 'dnf/vars/contentdir'
 maybe chmod 0644 'dnf/vars/infra'
 maybe chmod 0644 'dnf/vars/stream'
 maybe chmod 0755 'docker'
+maybe chmod 0640 'docker/daemon.json'
 maybe chmod 0600 'docker/key.json'
 maybe chmod 0755 'dovecot'
 maybe chmod 0755 'dovecot/conf.d'
@@ -4926,6 +4927,7 @@ maybe chmod 0644 'rspamd/worker-proxy.inc'
 maybe chmod 0644 'rsyslog.conf'
 maybe chmod 0755 'rsyslog.d'
 maybe chmod 0640 'rsyslog.d/00-backup.conf'
+maybe chmod 0640 'rsyslog.d/docker.conf'
 maybe chmod 0640 'rsyslog.d/filecreatemode.conf'
 maybe chmod 0644 'rsyslog.d/ignore-systemd-session-slice.conf'
 maybe chown 'rundeck' 'rundeck'
--- a/csf/csf.conf
+++ b/csf/csf.conf
@@ -142,7 +142,7 @@ TCP_IN = "20,21,22,25,26,53,80,88,110,143,443,465,587,873,904,953,992,993,995,19
 TCP_OUT = "1:65535"

 # Allow incoming UDP ports
-UDP_IN = "20,21,53,67,68,123,161,500,514,517,518,1194,1514,1701,1981,4500,33434:33523"
+UDP_IN = "20,21,53,67,68,123,161,500,514,517,518,1027,1194,1514,1701,1981,4500,33434:33523"

 # Allow outgoing UDP ports
 # To allow outgoing traceroute add 33434:33523 to this list 
--- a/csf/csf.ignore
+++ b/csf/csf.ignore
@@ -33,3 +33,4 @@
 84.117.190.166

 ;; connection timed out; no servers could be reached
+188.25.145.85
--- a/docker/daemon.json
+++ b/docker/daemon.json
@@ -0,0 +1,8 @@
+{
+  "selinux-enabled": false,
+  "log-driver": "syslog",
+  "log-opts": {
+    "syslog-address": "unixgram:///dev/log",
+    "tag": "docker/{{.Name}}"
+  }
+}
--- a/postfix/master.cf
+++ b/postfix/master.cf
@@ -16,10 +16,10 @@ smtp_enforced_tls      unix  -       -       n       -       -       smtp
  -o syslog_name=enforced-tls-smtp
  #-o smtp_delivery_status_filter=pcre:/etc/postfix/smtp_dsn_filter

-#smtp      inet  n       -       n       -       -       smtpd
-#   #-o content_filter=spamcheck:dummy
-#   -o receive_override_options=no_address_mappings
-#   #-o content_filter=spamfilter:dummy
+smtp      inet  n       -       n       -       -       smtpd
+   #-o content_filter=spamcheck:dummy
+   -o receive_override_options=no_address_mappings
+   #-o content_filter=spamfilter:dummy

 26	inet  n       -       n       -       -       smtpd
        -o smtpd_tls_wrappermode=yes
--- a/rsyslog.d/docker.conf
+++ b/rsyslog.d/docker.conf
@@ -0,0 +1,22 @@
+$FileCreateMode 0644
+$template DockerDaemonLogFileName,"/var/log/docker/docker.log"
+$template DockerContainerLogFileName,"/var/log/docker/%SYSLOGTAG:R,ERE,1,FIELD:docker/(.*)\[--end:secpath-replace%.log"
+
+if $programname == 'dockerd' then {
+  ?DockerDaemonLogFileName
+  stop
+}
+
+if $programname == 'containerd' then {
+  ?DockerDaemonLogFileName
+  stop
+}
+
+if $programname == 'docker' then {
+  if $syslogtag contains 'docker/' then {
+  ?DockerContainerLogFileName
+  stop
+  }
+}
+$FileCreateMode 0600
+