From f3aa21d388779310c8fb386c679be79cdb3f1b89 Mon Sep 17 00:00:00 2001
From: bms8197 <bogdan@898.ro>
Date: Fri, 24 Jun 2022 13:49:33 +0300
Subject: [PATCH] saving uncommitted changes in /etc prior to dnf run

---
 .etckeeper            |  2 ++
 csf/csf.conf          |  2 +-
 csf/csf.ignore        |  1 +
 docker/daemon.json    |  8 ++++++++
 postfix/master.cf     |  8 ++++----
 rsyslog.d/docker.conf | 22 ++++++++++++++++++++++
 6 files changed, 38 insertions(+), 5 deletions(-)
 create mode 100644 docker/daemon.json
 create mode 100644 rsyslog.d/docker.conf

diff --git a/.etckeeper b/.etckeeper
index a8a2165..39b95a9 100755
--- a/.etckeeper
+++ b/.etckeeper
@@ -534,6 +534,7 @@ maybe chmod 0644 'dnf/vars/contentdir'
 maybe chmod 0644 'dnf/vars/infra'
 maybe chmod 0644 'dnf/vars/stream'
 maybe chmod 0755 'docker'
+maybe chmod 0640 'docker/daemon.json'
 maybe chmod 0600 'docker/key.json'
 maybe chmod 0755 'dovecot'
 maybe chmod 0755 'dovecot/conf.d'
@@ -4926,6 +4927,7 @@ maybe chmod 0644 'rspamd/worker-proxy.inc'
 maybe chmod 0644 'rsyslog.conf'
 maybe chmod 0755 'rsyslog.d'
 maybe chmod 0640 'rsyslog.d/00-backup.conf'
+maybe chmod 0640 'rsyslog.d/docker.conf'
 maybe chmod 0640 'rsyslog.d/filecreatemode.conf'
 maybe chmod 0644 'rsyslog.d/ignore-systemd-session-slice.conf'
 maybe chown 'rundeck' 'rundeck'
diff --git a/csf/csf.conf b/csf/csf.conf
index 288df01..33af82a 100644
--- a/csf/csf.conf
+++ b/csf/csf.conf
@@ -142,7 +142,7 @@ TCP_IN = "20,21,22,25,26,53,80,88,110,143,443,465,587,873,904,953,992,993,995,19
 TCP_OUT = "1:65535"
 
 # Allow incoming UDP ports
-UDP_IN = "20,21,53,67,68,123,161,500,514,517,518,1194,1514,1701,1981,4500,33434:33523"
+UDP_IN = "20,21,53,67,68,123,161,500,514,517,518,1027,1194,1514,1701,1981,4500,33434:33523"
 
 # Allow outgoing UDP ports
 # To allow outgoing traceroute add 33434:33523 to this list 
diff --git a/csf/csf.ignore b/csf/csf.ignore
index 7feaf78..664094f 100644
--- a/csf/csf.ignore
+++ b/csf/csf.ignore
@@ -33,3 +33,4 @@
 84.117.190.166
 
 ;; connection timed out; no servers could be reached
+188.25.145.85
diff --git a/docker/daemon.json b/docker/daemon.json
new file mode 100644
index 0000000..f39baeb
--- /dev/null
+++ b/docker/daemon.json
@@ -0,0 +1,8 @@
+{
+  "selinux-enabled": false,
+  "log-driver": "syslog",
+  "log-opts": {
+    "syslog-address": "unixgram:///dev/log",
+    "tag": "docker/{{.Name}}"
+  }
+}
diff --git a/postfix/master.cf b/postfix/master.cf
index 96d9854..4381340 100644
--- a/postfix/master.cf
+++ b/postfix/master.cf
@@ -16,10 +16,10 @@ smtp_enforced_tls      unix  -       -       n       -       -       smtp
   -o syslog_name=enforced-tls-smtp
   #-o smtp_delivery_status_filter=pcre:/etc/postfix/smtp_dsn_filter
 
-#smtp      inet  n       -       n       -       -       smtpd
-#   #-o content_filter=spamcheck:dummy
-#   -o receive_override_options=no_address_mappings
-#   #-o content_filter=spamfilter:dummy
+smtp      inet  n       -       n       -       -       smtpd
+   #-o content_filter=spamcheck:dummy
+   -o receive_override_options=no_address_mappings
+   #-o content_filter=spamfilter:dummy
 
 26	inet  n       -       n       -       -       smtpd
         -o smtpd_tls_wrappermode=yes
diff --git a/rsyslog.d/docker.conf b/rsyslog.d/docker.conf
new file mode 100644
index 0000000..9f1a6cf
--- /dev/null
+++ b/rsyslog.d/docker.conf
@@ -0,0 +1,22 @@
+$FileCreateMode 0644
+$template DockerDaemonLogFileName,"/var/log/docker/docker.log"
+$template DockerContainerLogFileName,"/var/log/docker/%SYSLOGTAG:R,ERE,1,FIELD:docker/(.*)\[--end:secpath-replace%.log"
+
+if $programname == 'dockerd' then {
+  ?DockerDaemonLogFileName
+  stop
+}
+
+if $programname == 'containerd' then {
+  ?DockerDaemonLogFileName
+  stop
+}
+
+if $programname == 'docker' then {
+  if $syslogtag contains 'docker/' then {
+  ?DockerContainerLogFileName
+  stop
+  }
+}
+$FileCreateMode 0600
+