diff options
| -rw-r--r-- | etc/apache/httpd-dev.conf | 61 | ||||
| -rw-r--r-- | etc/apache/httpd.conf | 86 | ||||
| -rw-r--r-- | etc/dhcp/backup.conf | 47 | ||||
| -rw-r--r-- | etc/dhcp/primary.conf | 56 | ||||
| -rw-r--r-- | etc/dns/backup.conf | 171 | ||||
| -rw-r--r-- | etc/dns/primary.conf | 172 | ||||
| -rw-r--r-- | etc/env/00proxy | 3 | ||||
| -rwxr-xr-x | etc/env/aliases.sh | 2 | ||||
| -rw-r--r-- | etc/freshclam.conf | 136 | ||||
| -rw-r--r-- | etc/ldap.conf | 2 | ||||
| -rw-r--r-- | etc/ntp/conf.d | 8 | ||||
| -rw-r--r-- | etc/ntp/ntp-client.conf | 8 | ||||
| -rw-r--r-- | etc/squid/squid.conf | 19 | ||||
| -rwxr-xr-x | scripts/backup.cron | 35 | ||||
| -rwxr-xr-x | scripts/backup.home.cron | 1 | ||||
| -rwxr-xr-x | scripts/backup.mysql.cron | 1 | ||||
| -rwxr-xr-x | scripts/backup.web.cron | 1 | ||||
| -rwxr-xr-x | scripts/checkMySQLrepl | 5 | ||||
| -rwxr-xr-x | scripts/checkPostgreSQLrepl | 2 | ||||
| -rwxr-xr-x | scripts/drbd.status | 3 | ||||
| -rwxr-xr-x | scripts/mail-logger.sh | 29 | ||||
| -rwxr-xr-x | scripts/sa-learn | 4 | ||||
| -rw-r--r-- | scripts/update-world | 4 |
23 files changed, 542 insertions, 314 deletions
diff --git a/etc/apache/httpd-dev.conf b/etc/apache/httpd-dev.conf new file mode 100644 index 0000000..6c51a9b --- /dev/null +++ b/etc/apache/httpd-dev.conf @@ -0,0 +1,61 @@ +ServerRoot /usr/lib/apache2 +ServerName www.randomdan.homeip.net +ServerAdmin dan.goodliffe@randomdan.homeip.net +PidFile /var/run/apache2.pid + +ErrorLog /var/log/apache2/error.log +LogFormat "%V %h %l %u %t \"%r\" %>s %b %Dus" common +LogFormat "%V %h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-agent}i\"" ncsa +CustomLog /var/log/apache2/access.log common +CustomLog /var/log/apache2/ncsa.log ncsa + +LogLevel warn +User apache +Group web +Listen 80 +Timeout 300 +KeepAlive On +MaxKeepAliveRequests 100 +KeepAliveTimeout 15 +ServerSignature On + +LoadModule authz_core_module modules/mod_authz_core.so +LoadModule authz_host_module modules/mod_authz_host.so +LoadModule mime_magic_module modules/mod_mime_magic.so +LoadModule mime_module modules/mod_mime.so +LoadModule autoindex_module modules/mod_autoindex.so +LoadModule cgid_module modules/mod_cgid.so +LoadModule vhost_alias_module modules/mod_vhost_alias.so +LoadModule dir_module modules/mod_dir.so +LoadModule deflate_module modules/mod_deflate.so +LoadModule ldap_module modules/mod_ldap.so +LoadModule authnz_ldap_module modules/mod_authnz_ldap.so +LoadModule log_config_module modules/mod_log_config.so +LoadModule env_module modules/mod_env.so +LoadModule rewrite_module modules/mod_rewrite.so +LoadModule unixd_module modules/mod_unixd.so +LoadModule fcgid_module modules/mod_fcgid.so +LoadModule filter_module modules/mod_filter.so + +<Directory /> + Options FollowSymLinks Indexes ExecCGI + AllowOverride All +</Directory> + +DirectoryIndex index.php index.html +VirtualDocumentRoot /home/randomdan/dev/%2/%1 +AccessFileName .htaccess +UseCanonicalName Off +HostnameLookups Off + +ScriptLog /var/www/files/script.log +AddType application/x-httpd-php .php +AddType text/xsl .xsl +AddType text/xml .xml + +FilterDeclare COMPRESS CONTENT_SET +FilterProvider COMPRESS DEFLATE %{CONTENT_TYPE}=~/^text/ +FilterProvider COMPRESS DEFLATE %{CONTENT_TYPE}='application/x-javascript' +FilterProvider COMPRESS DEFLATE %{CONTENT_TYPE}='application/xml' +FilterProtocol COMPRESS DEFLATE change=yes;byteranges=no +FilterChain COMPRESS diff --git a/etc/apache/httpd.conf b/etc/apache/httpd.conf index 19c28d5..82a3a0b 100644 --- a/etc/apache/httpd.conf +++ b/etc/apache/httpd.conf @@ -2,9 +2,13 @@ ServerRoot /usr/lib/apache2 ServerName www.randomdan.homeip.net ServerAdmin dan.goodliffe@randomdan.homeip.net PidFile /var/run/apache2.pid + ErrorLog /var/log/apache2/error.log -LogFormat "%h %u %t %V \"%r\" %>s %b" common +LogFormat "%V %h %l %u %t \"%r\" %>s %b %Dus" common +LogFormat "%V %h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-agent}i\"" ncsa CustomLog /var/log/apache2/access.log common +CustomLog /var/log/apache2/ncsa.log ncsa + LogLevel warn User apache Group web @@ -15,40 +19,90 @@ MaxKeepAliveRequests 100 KeepAliveTimeout 15 ServerSignature On -LoadModule access_module modules/mod_access.so +LoadModule authz_core_module modules/mod_authz_core.so +Include /etc/apache2/modules.d/75_mod_perl.conf +PerlSwitches -w -T -I/var/www/localhost/htdocs/bugzilla +LoadModule authz_host_module modules/mod_authz_host.so LoadModule mime_magic_module modules/mod_mime_magic.so LoadModule mime_module modules/mod_mime.so LoadModule autoindex_module modules/mod_autoindex.so -LoadModule cgi_module modules/mod_cgi.so LoadModule cgid_module modules/mod_cgid.so LoadModule vhost_alias_module modules/mod_vhost_alias.so LoadModule dir_module modules/mod_dir.so -LoadModule php5_module modules/libphp5.so -LoadModule mod_xslt modules/mod_xslt.so LoadModule deflate_module modules/mod_deflate.so LoadModule ldap_module modules/mod_ldap.so -LoadModule auth_ldap_module modules/mod_auth_ldap.so +LoadModule authnz_ldap_module modules/mod_authnz_ldap.so LoadModule log_config_module modules/mod_log_config.so LoadModule env_module modules/mod_env.so LoadModule rewrite_module modules/mod_rewrite.so +LoadModule unixd_module modules/mod_unixd.so +LoadModule fcgid_module modules/mod_fcgid.so +LoadModule filter_module modules/mod_filter.so +LoadModule php5_module /usr/lib/php5.6/apache2/libphp5.so +LoadModule alias_module modules/mod_alias.so +LoadModule cache_module modules/mod_cache.so +LoadModule cache_disk_module modules/mod_cache_disk.so +LoadModule status_module modules/mod_status.so + +CacheRoot "/var/cache/apache2/" +CacheEnable disk / +CacheDirLevels 2 +CacheDirLength 1 <Directory /> - Options FollowSymLinks Indexes ExecCGI - AllowOverride All + Options FollowSymLinks Indexes ExecCGI + AllowOverride All </Directory> -DirectoryIndex index.php index.html index.xml index.htm index.xphp index.cgi +<Location /server-status> + SetHandler server-status +</Location> +ExtendedStatus On + +DirectoryIndex index.php index.html VirtualDocumentRoot /var/www/vhosts/%0/ AccessFileName .htaccess -AddOutputFilterByType DEFLATE text/html text/plain text/xml UseCanonicalName Off -DefaultType text/plain HostnameLookups Off -AddHandler cgi-script .cgi -AddOutputFilterByType mod_xslt text/xml -ScriptLog /var/www/files/script.log AddType application/x-httpd-php .php -AddType application/x-httpd-php .xphp AddType text/xsl .xsl -AddType text/xml .xml + +# Compress output +FilterDeclare COMPRESS CONTENT_SET +FilterProvider COMPRESS DEFLATE %{CONTENT_TYPE}=~/^text/ +FilterProvider COMPRESS DEFLATE %{CONTENT_TYPE}='application/x-javascript' +FilterProvider COMPRESS DEFLATE %{CONTENT_TYPE}='application/xml' +FilterProtocol COMPRESS DEFLATE change=yes;byteranges=no +FilterChain COMPRESS + +# Minify CSS and JS +PerlModule Apache2::Filter::Minifier::CSS +PerlSetVar CssMinifier CSS::Minifier::XS +PerlModule Apache2::Filter::Minifier::JavaScript +PerlSetVar JavaScriptMinifier JavaScript::Minifier::XS +<LocationMatch "\.css$"> + PerlOutputFilterHandler Apache2::Filter::Minifier::CSS +</LocationMatch> +<LocationMatch "\.js$"> + PerlOutputFilterHandler Apache2::Filter::Minifier::JavaScript +</LocationMatch> +<LocationMatch "^/js/"> + PerlOutputFilterHandler Apache2::Filter::Minifier::JavaScript +</LocationMatch> + +# Host specific stuff +<VirtualHost *> + # Needed to stop whatever is first from being the default +</VirtualHost> +<VirtualHost *> + ServerName bugzilla.randomdan.homeip.net + <FilesMatch \.cgi$> + SetHandler perl-script + PerlHandler ModPerl::Registry + Options ExecCGI + </FilesMatch> + PerlModule ModPerl::Registry + PerlModule CGI + PerlSendHeader On +</VirtualHost> diff --git a/etc/dhcp/backup.conf b/etc/dhcp/backup.conf new file mode 100644 index 0000000..6d543aa --- /dev/null +++ b/etc/dhcp/backup.conf @@ -0,0 +1,47 @@ +option domain-name "random.lan"; +option domain-name-servers dns1.random.lan, dns2.random.lan; +option ntp-servers firebrand.random.lan, defiant.random.lan; +option smtp-server smtp.random.lan; +option routers gateway.random.lan; +default-lease-time 172800; +max-lease-time 172800; +ddns-update-style interim; + +failover peer "foo" { + secondary; + address defiant.random.lan; + port 519; + peer address firebrand.random.lan; + peer port 519; + max-response-delay 60; + max-unacked-updates 10; + mclt 3600; + load balance max seconds 3; +} + +host ps3 { + hardware ethernet 00:1d:0d:f8:a5:80; + fixed-address 10.10.0.4; + option domain-name-servers 8.8.8.8, 8.8.4.4; +} + +subnet 10.10.0.0 netmask 255.255.255.0 { + pool { + failover peer "foo"; + range 10.10.0.128 10.10.0.254; + } + + key updatekey { + algorithm hmac-md5; + secret "df61eb0aa23833c56751a6c8f579f695"; + } + + zone 10.10.in-addr.arpa { + primary dns1.random.lan; + key updatekey; + } + zone random.lan { + primary dns1.random.lan; + key updatekey; + } +} diff --git a/etc/dhcp/primary.conf b/etc/dhcp/primary.conf index ac9f31e..69458ee 100644 --- a/etc/dhcp/primary.conf +++ b/etc/dhcp/primary.conf @@ -1,30 +1,48 @@ option domain-name "random.lan"; option domain-name-servers dns1.random.lan, dns2.random.lan; +option ntp-servers firebrand.random.lan, defiant.random.lan; +option smtp-server smtp.random.lan; option routers gateway.random.lan; -default-lease-time 7200; -max-lease-time 7200; +default-lease-time 172800; +max-lease-time 172800; ddns-update-style interim; -subnet 192.168.0.0 netmask 255.255.255.0 { - range 192.168.0.100 192.168.0.250; +failover peer "foo" { + primary; + address firebrand.random.lan; + port 519; + peer address defiant.random.lan; + peer port 519; + max-response-delay 60; + max-unacked-updates 10; + mclt 3600; + split 64; + load balance max seconds 3; } -host defiant { - hardware ethernet 00:30:84:9E:B1:73; - fixed-address 192.168.0.2; +host ps3 { + hardware ethernet 00:1d:0d:f8:a5:80; + fixed-address 10.10.0.4; + option domain-name-servers 8.8.8.8, 8.8.4.4; } -key updatekey { - algorithm hmac-md5; - secret "df61eb0aa23833c56751a6c8f579f695"; -}; +subnet 10.10.0.0 netmask 255.255.255.0 { + pool { + failover peer "foo"; + range 10.10.0.128 10.10.0.254; + } -zone 0.168.192.in-addr.arpa. { - primary dns1.random.lan; - key updatekey; -} -zone random.lan. { - primary dns1.random.lan; - key updatekey; -} + key updatekey { + algorithm hmac-md5; + secret "df61eb0aa23833c56751a6c8f579f695"; + } + zone 10.10.in-addr.arpa { + primary dns1.random.lan; + key updatekey; + } + zone random.lan { + primary dns1.random.lan; + key updatekey; + } +} diff --git a/etc/dns/backup.conf b/etc/dns/backup.conf index 1f58dac..fd7b81d 100644 --- a/etc/dns/backup.conf +++ b/etc/dns/backup.conf @@ -1,43 +1,160 @@ +/* + * Refer to the named.conf(5) and named(8) man pages, and the documentation + * in /usr/share/doc/bind-9 for more details. + * Online versions of the documentation can be found here: + * http://www.isc.org/software/bind/documentation + * + * If you are going to set up an authoritative server, make sure you + * understand the hairy details of how DNS works. Even with simple mistakes, + * you can break connectivity for affected parties, or cause huge amounts of + * useless Internet traffic. + */ + +acl "xfer" { + 10.10.0.0/24; + fdc7:602:e9c5:b8f0::/64; +}; + +acl "trusted" { + 127.0.0.0/8; + ::1/128; + 10.10.0.0/16; + fdc7:602:e9c5:b8f0::/64; +}; + options { directory "/var/bind"; pid-file "/var/run/named/named.pid"; -}; -zone "." IN { - type hint; - file "named.ca"; -}; + /* https://www.isc.org/solutions/dlv */ + bindkeys-file "/etc/bind/bind.keys"; + + listen-on-v6 { any; }; + listen-on { any; }; + + allow-query { + trusted; + }; + + allow-query-cache { + trusted; + }; + + allow-transfer { + xfer; + }; + +/* + * If you've got a DNS server around at your upstream provider, enter its + * IP address here, and enable the line below. This will make you benefit + * from its cache, thus reduce overall DNS traffic in the Internet. + * + * Uncomment the following lines to turn on DNS forwarding, and change + * and/or update the forwarding ip address(es): + */ + forward first; + forwarders { + 212.159.13.49; // Plus.net primary + 212.159.13.50; // Plus.net secondary + 4.2.2.1; // Level3 Public DNS + 4.2.2.2; // Level3 Public DNS + 8.8.8.8; // Google Open DNS + 8.8.4.4; // Google Open DNS + }; -zone "randomdan.homeip.net" IN { - type slave; - masters { 192.168.0.3; }; + + dnssec-enable yes; + + /* if you have problems and are behind a firewall: */ + //query-source address * port 53; }; -zone "random.lan" IN { - type slave; - masters { 192.168.0.3; }; +logging { + channel default_log { + file "/var/log/named/named.log" versions 5 size 50M; + print-time yes; + print-severity yes; + print-category yes; + }; + category default { default_log; }; + category general { default_log; }; }; -zone "randomdan.lan" IN { - type slave; - masters { 192.168.0.3; }; +include "/etc/bind/rndc.key"; +controls { + inet 127.0.0.1 port 953 allow { 127.0.0.1/32; ::1/128; } keys { "rndc-key"; }; }; -zone "localhost" IN { - type master; - file "pri/localhost.zone"; - allow-update { none; }; - notify no; + +view "internal" in { + match-clients { trusted; }; + recursion yes; + additional-from-auth yes; + additional-from-cache yes; + + zone "." in { + type hint; + file "/var/bind/root.cache"; + }; + + zone "localhost" IN { + type master; + file "pri/localhost.zone"; + allow-update { none; }; + notify no; + }; + + zone "127.in-addr.arpa" IN { + type master; + file "pri/localhost.zone"; + allow-update { none; }; + notify no; + }; + + zone "randomdan.homeip.net" IN { + type slave; + file "sec/randomdan.homeip.net.zone"; + masters { 10.10.0.3; fdc7:602:e9c5:b8f0::3; }; + }; + + zone "random.lan" IN { + type slave; + file "sec/random.lan.zone"; + masters { 10.10.0.3; fdc7:602:e9c5:b8f0::3; }; + }; + + zone "10.10.in-addr.arpa" IN { + type slave; + file "sec/10.10.zone"; + masters { 10.10.0.3; fdc7:602:e9c5:b8f0::3; }; + }; + + zone "0.f.8.b.5.c.9.e.2.0.6.0.7.c.d.f.ip6.apra" IN { + type slave; + file "sec/fdc7:602:e9c5:b8f0.zone"; + masters { 10.10.0.3; fdc7:602:e9c5:b8f0::3; }; + }; }; -zone "0.168.192.in-addr.arpa" IN { - type slave; - masters { 192.168.0.3; }; +view "public" in { + match-clients { any; }; + recursion no; + additional-from-auth no; + additional-from-cache no; + + zone "." in { + type hint; + file "/var/bind/root.cache"; + }; + + zone "randomdan.homeip.net" IN { + type slave; + file "sec/randomdan.homeip.net.zone"; + masters { 10.10.0.3; fdc7:602:e9c5:b8f0::3; }; + }; }; -zone "127.in-addr.arpa" IN { - type master; - file "pri/127.zone"; - allow-update { none; }; - notify no; +key updatekey { + algorithm hmac-md5; + secret "df61eb0aa23833c56751a6c8f579f695"; }; diff --git a/etc/dns/primary.conf b/etc/dns/primary.conf index d9892f0..36ca595 100644 --- a/etc/dns/primary.conf +++ b/etc/dns/primary.conf @@ -1,46 +1,158 @@ +/* + * Refer to the named.conf(5) and named(8) man pages, and the documentation + * in /usr/share/doc/bind-9 for more details. + * Online versions of the documentation can be found here: + * http://www.isc.org/software/bind/documentation + * + * If you are going to set up an authoritative server, make sure you + * understand the hairy details of how DNS works. Even with simple mistakes, + * you can break connectivity for affected parties, or cause huge amounts of + * useless Internet traffic. + */ + +acl "xfer" { + 10.10.0.0/24; +}; + +acl "trusted" { + 127.0.0.0/8; + ::1/128; + 10.10.0.0/16; +}; + options { directory "/var/bind"; pid-file "/var/run/named/named.pid"; -}; -zone "." IN { - type hint; - file "named.ca"; -}; + /* https://www.isc.org/solutions/dlv */ + bindkeys-file "/etc/bind/bind.keys"; + + #listen-on-v6 { none; }; + #listen-on { 10.10.0.3; 127.0.0.1; }; + + allow-query { + trusted; + }; + + allow-query-cache { + trusted; + }; + + allow-transfer { + xfer; + }; + +/* + * If you've got a DNS server around at your upstream provider, enter its + * IP address here, and enable the line below. This will make you benefit + * from its cache, thus reduce overall DNS traffic in the Internet. + * + * Uncomment the following lines to turn on DNS forwarding, and change + * and/or update the forwarding ip address(es): + */ + forward first; + forwarders { + 212.159.13.49; // Plus.net primary + 212.159.13.50; // Plus.net secondary + 4.2.2.1; // Level3 Public DNS + 4.2.2.2; // Level3 Public DNS + 8.8.8.8; // Google Open DNS + 8.8.4.4; // Google Open DNS + }; -zone "randomdan.homeip.net" IN { - type master; - file "pri/randomdan.homeip.net.zone"; - also-notify { 192.168.0.2; }; - allow-update { key updatekey; }; + + dnssec-enable yes; + + /* if you have problems and are behind a firewall: */ + //query-source address * port 53; }; -zone "random.lan" IN { - type master; - file "pri/random.lan.zone"; - also-notify { 192.168.0.2; }; - allow-update { key updatekey; }; +logging { + channel default_log { + file "/var/log/named/named.log" versions 5 size 50M; + print-time yes; + print-severity yes; + print-category yes; + }; + category default { default_log; }; + category general { default_log; }; }; -zone "0.168.192.in-addr.arpa" IN { - type master; - file "pri/0.168.192.zone"; - also-notify { 192.168.0.2; }; - allow-update { key updatekey; }; +include "/etc/bind/rndc.key"; +controls { + inet 127.0.0.1 port 953 allow { 127.0.0.1/32; 10.10.0.0/16; fdc7:602:e9c5:b8f0::0/64; ::1/128; } keys { "rndc-key"; }; }; -zone "localhost" IN { - type master; - file "pri/localhost.zone"; - allow-update { none; }; - notify no; + +view "internal" in { + match-clients { trusted; }; + recursion yes; + additional-from-auth yes; + additional-from-cache yes; + + zone "." in { + type hint; + file "/var/bind/root.cache"; + }; + + zone "localhost" IN { + type master; + file "pri/localhost.zone"; + allow-update { none; }; + notify no; + }; + + zone "127.in-addr.arpa" IN { + type master; + file "pri/127.zone"; + allow-update { none; }; + notify no; + }; + + zone "randomdan.homeip.net" IN { + type master; + file "pri/randomdan.homeip.net.zone"; + also-notify { 10.10.0.2; }; + allow-update { key updatekey; }; + }; + + zone "random.lan" IN { + type master; + file "pri/random.lan.zone"; + also-notify { 10.10.0.2; }; + allow-update { key updatekey; }; + }; + + zone "10.10.in-addr.arpa" IN { + type master; + file "pri/10.10.zone"; + also-notify { 10.10.0.2; }; + allow-update { key updatekey; }; + }; + + zone "0.f.8.b.5.c.9.e.2.0.6.0.7.c.d.f.ip6.apra" IN { + type master; + file "pri/fdc7:602:e9c5:b8f0.zone"; + also-notify { 10.10.0.2; }; + allow-update { key updatekey; }; + }; }; -zone "127.in-addr.arpa" IN { - type master; - file "pri/127.zone"; - allow-update { none; }; - notify no; +view "public" in { + match-clients { any; }; + recursion no; + additional-from-auth no; + additional-from-cache no; + + zone "." in { + type hint; + file "/var/bind/root.cache"; + }; + + zone "randomdan.homeip.net" IN { + type master; + file "pri/randomdan.homeip.net.zone"; + }; }; key updatekey { diff --git a/etc/env/00proxy b/etc/env/00proxy deleted file mode 100644 index be34ca1..0000000 --- a/etc/env/00proxy +++ /dev/null @@ -1,3 +0,0 @@ -http_proxy="http://cache.random.lan:8080" -https_proxy="http://cache.random.lan:8080" -ftp_proxy="http://cache.random.lan:8080" diff --git a/etc/env/aliases.sh b/etc/env/aliases.sh deleted file mode 100755 index 6b83775..0000000 --- a/etc/env/aliases.sh +++ /dev/null @@ -1,2 +0,0 @@ -alias l="/bin/ls -lh --color" - diff --git a/etc/freshclam.conf b/etc/freshclam.conf deleted file mode 100644 index 0351f1b..0000000 --- a/etc/freshclam.conf +++ /dev/null @@ -1,136 +0,0 @@ -## -## Example config file for freshclam -## Please read the freshclam.conf(5) manual before editing this file. -## - - -# Comment or remove the line below. -# Example - -# Path to the database directory. -# WARNING: It must match clamd.conf's directive! -# Default: hardcoded (depends on installation options) -#DatabaseDirectory /var/lib/clamav - -# Path to the log file (make sure it has proper permissions) -# Default: disabled -UpdateLogFile /var/log/clamav/freshclam.log - -# Maximum size of the log file. -# Value of 0 disables the limit. -# You may use 'M' or 'm' for megabytes (1M = 1m = 1048576 bytes) -# and 'K' or 'k' for kilobytes (1K = 1k = 1024 bytes). -# in bytes just don't use modifiers. -# Default: 1M -#LogFileMaxSize 2M - -# Log time with each message. -# Default: no -#LogTime yes - -# Enable verbose logging. -# Default: no -#LogVerbose yes - -# Use system logger (can work together with UpdateLogFile). -# Default: no -#LogSyslog yes - -# Specify the type of syslog messages - please refer to 'man syslog' -# for facility names. -# Default: LOG_LOCAL6 -#LogFacility LOG_MAIL - -# This option allows you to save the process identifier of the daemon -# Default: disabled -PidFile /var/run/clamav/freshclam.pid - -# By default when started freshclam drops privileges and switches to the -# "clamav" user. This directive allows you to change the database owner. -# Default: clamav (may depend on installation options) -DatabaseOwner clamav - -# Initialize supplementary group access (freshclam must be started by root). -# Default: no -AllowSupplementaryGroups yes - -# Use DNS to verify virus database version. Freshclam uses DNS TXT records -# to verify database and software versions. With this directive you can change -# the database verification domain. -# WARNING: Do not touch it unless you're configuring freshclam to use your -# own database verification domain. -# Default: current.cvd.clamav.net -#DNSDatabaseInfo current.cvd.clamav.net - -# Uncomment the following line and replace XY with your country -# code. See http://www.iana.org/cctld/cctld-whois.htm for the full list. -#DatabaseMirror db.XY.clamav.net - -# database.clamav.net is a round-robin record which points to our most -# reliable mirrors. It's used as a fall back in case db.XY.clamav.net is -# not working. DO NOT TOUCH the following line unless you know what you -# are doing. -DatabaseMirror database.clamav.net - -# How many attempts to make before giving up. -# Default: 3 (per mirror) -#MaxAttempts 5 - -# With this option you can control scripted updates. It's highly recommended -# to keep it enabled. -ScriptedUpdates yes - -# Number of database checks per day. -# Default: 12 (every two hours) -#Checks 24 - -# Proxy settings -# Default: disabled -HTTPProxyServer cache.random.lan -HTTPProxyPort 8080 -#HTTPProxyUsername myusername -#HTTPProxyPassword mypass - -# If your servers are behind a firewall/proxy which applies User-Agent -# filtering you can use this option to force the use of a different -# User-Agent header. -# Default: clamav/version_number -#HTTPUserAgent SomeUserAgentIdString - -# Use aaa.bbb.ccc.ddd as client address for downloading databases. Useful for -# multi-homed systems. -# Default: Use OS'es default outgoing IP address. -#LocalIPAddress aaa.bbb.ccc.ddd - -# Send the RELOAD command to clamd. -# Default: no -#NotifyClamd /etc/clamd.conf - -# Run command after successful database update. -# Default: disabled -#OnUpdateExecute command - -# Run command when database update process fails. -# Default: disabled -#OnErrorExecute command - -# Run command when freshclam reports outdated version. -# In the command string %v will be replaced by the new version number. -# Default: disabled -#OnOutdatedExecute command - -# Don't fork into background. -# Default: no -#Foreground yes - -# Enable debug messages in libclamav. -# Default: no -#Debug yes - -# Timeout in seconds when connecting to database server. -# Default: 30 -#ConnectTimeout 60 - -# Timeout in seconds when reading from database server. -# Default: 30 -#ReceiveTimeout 60 diff --git a/etc/ldap.conf b/etc/ldap.conf index d537774..b8ebb21 100644 --- a/etc/ldap.conf +++ b/etc/ldap.conf @@ -1,5 +1,5 @@ base dc=random,dc=lan -uri ldap://auth1.random.lan/ ldap://auth2.random.lan/ +uri ldap://auth1.random.lan/ ldap://auth2.random.lan/ scope two bind_policy soft diff --git a/etc/ntp/conf.d b/etc/ntp/conf.d deleted file mode 100644 index d05897b..0000000 --- a/etc/ntp/conf.d +++ /dev/null @@ -1,8 +0,0 @@ -# Copyright 1999-2004 Gentoo Foundation -# Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvs/config/etc/ntp/conf.d,v 1.1 2005-08-14 14:55:56 randomdan Exp $ - -# Options to pass to the ntpd process -# Most people should leave this line alone ... -# however, if you know what you're doing, feel free to tweak -NTPD_OPTS="-gu ntp:ntp" diff --git a/etc/ntp/ntp-client.conf b/etc/ntp/ntp-client.conf deleted file mode 100644 index bfc53da..0000000 --- a/etc/ntp/ntp-client.conf +++ /dev/null @@ -1,8 +0,0 @@ -# generated automatically by net-scripts -restrict default noquery notrust nomodify -restrict 127.0.0.1 -driftfile /var/lib/ntp/ntp.drift -restrict 192.168.0.3 nomodify notrap noquery -server 192.168.0.3 -restrict 192.168.0.2 nomodify notrap noquery -server 192.168.0.2 diff --git a/etc/squid/squid.conf b/etc/squid/squid.conf index dc0522c..2e2b15f 100644 --- a/etc/squid/squid.conf +++ b/etc/squid/squid.conf @@ -3,27 +3,14 @@ acl QUERY urlpath_regex cgi-bin \? no_cache deny QUERY cache_mem 90 MB cache_dir ufs /var/cache/squid/ 260 64 64 -acl manager proto cache_object -acl localhost src 127.0.0.1/255.255.255.255 -acl all src 0.0.0.0/0.0.0.0 -acl allowed_hosts src 192.168.0.0/255.255.255.0 -acl workstation src 194.34.98.65/255.255.255.255 -acl ad_block dstdomain "/etc/squid/ad.sites" -#acl alt_proxy dstdomain "/etc/squid/alt.proxy" -cache_peer proxy.servers.dot parent 8080 0 no-query +#acl manager proto cache_object +#acl localhost src 127.0.0.0/24 +acl allowed_hosts src 10.10.0.0/16 cache_peer localhost parent 8081 0 no-query -cache_peer_domain proxy.servers.dot .dot -cache_peer_access proxy.servers.dot allow all -#cache_peer_access localhost allow alt_proxy -#cache_peer_access proxy.servers.dot deny alt_proxy http_access deny manager all -http_access deny ad_block http_access allow allowed_hosts -http_access allow workstation http_access allow localhost http_access deny all -#never_direct allow alt_proxy -#always_direct deny alt_proxy cache_mgr randomdan@randomdan.homeip.net cache_effective_user squid cache_effective_group web diff --git a/scripts/backup.cron b/scripts/backup.cron index 0f12cab..408ea32 100755 --- a/scripts/backup.cron +++ b/scripts/backup.cron @@ -5,12 +5,14 @@ prefix="daily" count="25" list="dirs.list" -echo mount -o remount,rw ${basedir} -mount -o remount,rw ${basedir} +mountpoint -q $basedir && umount $basedir + +fsck -y /dev/data/backup +mount ${basedir} +echo "Start @ `date`" > ${basedir}/time last=${basedir}/${prefix}.${count} if [ -d ${last} ]; then - echo rm -r ${last} rm -r ${last} fi @@ -20,28 +22,37 @@ for n in `seq ${count} -1 1`; do dest=${basedir}/${prefix}.$n if [ -d ${src} ]; then if [ ${m} -eq 0 ]; then - echo cp -rl ${src} ${dest} cp -rl ${src} ${dest} else - echo mv ${src} ${dest} mv ${src} ${dest} fi else - echo mkdir ${dest} mkdir ${dest} fi done for src in `cat ${basedir}/${list}`; do - dest=${basedir}/${prefix}.0${src} + dest=${basedir}/${prefix}.0/${src} if [ ! -d ${dest} ]; then - echo mkdir -p ${dest} mkdir -p ${dest} fi - echo rsync -avx --delete ${src} ${dest} - rsync -avx --delete ${src} ${dest} + rsync -ax --delete ${src} ${dest} done -echo mount -o remount,ro ${basedir} -mount -o remount,ro ${basedir} +echo "Begin MySQL @ `date`" >> ${basedir}/time +rm -f ${basedir}/${prefix}.0/mysql.sql.xz +mysqldump -uroot -pne65dq -xA | xz > ${basedir}/${prefix}.0/mysql.sql.xz + +echo "Begin LDAP @ `date`" >> ${basedir}/time +rm -f ${basedir}/${prefix}.0/ldap.ldif.xz +ldapsearch | xz > ${basedir}/${prefix}.0/ldap.ldif.xz + +echo "Begin PostgreSQL @ `date`" >> ${basedir}/time +rm -f ${basedir}/${prefix}.0/postgresql-gentoo.sql.xz +pg_dump -Upostgres gentoo -N _gentoo | xz > ${basedir}/${prefix}.0/postgresql-gentoo.sql.xz +rm -f ${basedir}/${prefix}.0/postgresql-bugzilla.sql.xz +pg_dump -Upostgres bugzilla | xz > ${basedir}/${prefix}.0/postgresql-bugzilla.sql.xz + +echo "End @ `date`" >> ${basedir}/time +umount ${basedir} diff --git a/scripts/backup.home.cron b/scripts/backup.home.cron deleted file mode 100755 index b6a19c4..0000000 --- a/scripts/backup.home.cron +++ /dev/null @@ -1 +0,0 @@ -rsync --delete -ax profiles:/home/ /home/ diff --git a/scripts/backup.mysql.cron b/scripts/backup.mysql.cron deleted file mode 100755 index 7f78eb1..0000000 --- a/scripts/backup.mysql.cron +++ /dev/null @@ -1 +0,0 @@ -rsync --delete -ax sql:/var/lib/mysql/ /var/lib/mysql/ diff --git a/scripts/backup.web.cron b/scripts/backup.web.cron deleted file mode 100755 index e34fb3d..0000000 --- a/scripts/backup.web.cron +++ /dev/null @@ -1 +0,0 @@ -rsync --delete -ax www:/var/www/ /var/www/ diff --git a/scripts/checkMySQLrepl b/scripts/checkMySQLrepl new file mode 100755 index 0000000..b9081f8 --- /dev/null +++ b/scripts/checkMySQLrepl @@ -0,0 +1,5 @@ +mysql -uroot -pne65dq mysql -hdefiant -e 'show master status' +mysql -uroot -pne65dq mysql -hfirebrand -e 'show master status' + +mysql -uroot -pne65dq mysql -hdefiant -e 'show slave status' --vertical +mysql -uroot -pne65dq mysql -hfirebrand -e 'show slave status' --vertical diff --git a/scripts/checkPostgreSQLrepl b/scripts/checkPostgreSQLrepl new file mode 100755 index 0000000..19e2615 --- /dev/null +++ b/scripts/checkPostgreSQLrepl @@ -0,0 +1,2 @@ +echo "select st_received as n, date_trunc('second', st_last_received_event_ts) as effective_db_time, date_trunc('second', st_last_received_ts) as last_heard_from, date_trunc('second', st_lag_time) as lagged_by from _gentoo.sl_status order by st_received;" | psql -Upostgres gentoo -hfirebrand +echo "select st_received as n, date_trunc('second', st_last_received_event_ts) as effective_db_time, date_trunc('second', st_last_received_ts) as last_heard_from, date_trunc('second', st_lag_time) as lagged_by from _gentoo.sl_status order by st_received;" | psql -Upostgres gentoo -hdefiant diff --git a/scripts/drbd.status b/scripts/drbd.status new file mode 100755 index 0000000..3a5a61d --- /dev/null +++ b/scripts/drbd.status @@ -0,0 +1,3 @@ +#!/bin/bash + +cat /proc/drbd | grep cs: | grep -v cs:Connected diff --git a/scripts/mail-logger.sh b/scripts/mail-logger.sh deleted file mode 100755 index 5734a28..0000000 --- a/scripts/mail-logger.sh +++ /dev/null @@ -1,29 +0,0 @@ -# Script mailer - -if [ "$1" = "" -o "$2" = "" ] ; then - echo "Usage" - echo "$0 <mailto> <script> [<script_args> ...]" - exit 1 -fi - -MAILTO="$1"; -BASE="/tmp/$$" -LOGO="${BASE}o"; -LOGE="${BASE}e"; -SCRIPT="${BASE}s"; -shift; - -# Execute the script -echo "$@" > "${SCRIPT}"; -chmod +x "${SCRIPT}" -"${SCRIPT}" > "${LOGO}" 2> "${LOGE}"; - -if [ -s "${LOGE}" ] ; then - mailx -s "Errors from ${1}" "${MAILTO}" < "${LOGE}"; -fi -if [ -s "${LOGO}" ] ; then - mailx -s "Output from ${1}" "${MAILTO}" < "${LOGO}"; -fi -rm "${LOGO}" "${LOGE}" "${SCRIPT}" - - diff --git a/scripts/sa-learn b/scripts/sa-learn new file mode 100755 index 0000000..72200b5 --- /dev/null +++ b/scripts/sa-learn @@ -0,0 +1,4 @@ +#!/bin/bash + +sa-learn --spam /home/*/.maildir/.Junk/{cur,new}/* > /dev/null + diff --git a/scripts/update-world b/scripts/update-world deleted file mode 100644 index ea57c70..0000000 --- a/scripts/update-world +++ /dev/null @@ -1,4 +0,0 @@ -#!/bin/bash - -mail-logger.sh dan@randomdan.homeip.net emerge -uDN world - |