about summary refs log tree commit diff stats
path: root/core/conf
diff options
context:
space:
mode:
authorSilvino Silva <silvino@bk.ru>2017-02-18 06:59:21 +0000
committerSilvino Silva <silvino@bk.ru>2017-02-18 06:59:21 +0000
commitbb078eb6dcd67616e4e57b8df7cf8bc0dbd8ffa9 (patch)
treecb88b7d25e1cc8b4a727443bad339ef2692de542 /core/conf
parentd11608eafc201f6fc5e6fad86eb76908f489deda (diff)
downloaddoc-bb078eb6dcd67616e4e57b8df7cf8bc0dbd8ffa9.tar.gz
install update to crux 3.3
Diffstat (limited to 'core/conf')
-rw-r--r--core/conf/exim/exim.conf4


-rw-r--r--core/conf/fstab47


-rw-r--r--core/conf/ports/6c37.httpup5


-rw-r--r--core/conf/rc.conf2


-rwxr-xr-xcore/conf/rc.d/net18


-rwxr-xr-xcore/conf/rc.d/wlan57


-rw-r--r--core/conf/resolv.conf9


-rw-r--r--core/conf/sysctl.conf29


8 files changed, 72 insertions, 99 deletions
diff --git a/core/conf/exim/exim.conf b/core/conf/exim/exim.conf
index 47a6094..074c8af 100644
--- a/core/conf/exim/exim.conf
+++ b/core/conf/exim/exim.conf
@@ -539,7 +539,9 @@ acl_check_data:
   # Deny if the message contains an overlong line.  Per the standards
   # we should never receive one such via SMTP.
   #
-  deny    condition  = ${if > {$max_received_linelength}{998}}
+  deny    message    = maximum allowed line length is 998 octets, \
+                       got $max_received_linelength
+          condition  = ${if > {$max_received_linelength}{998}}
 
   # Deny if the message contains a virus. Before enabling this check, you
   # must install a virus scanner and set the av_scanner option above.
diff --git a/core/conf/fstab b/core/conf/fstab
index 67bc4e4..da3c9dd 100644
--- a/core/conf/fstab
+++ b/core/conf/fstab
@@ -13,52 +13,9 @@
 #/dev/cdrom            /cdrom    iso9660   ro,user,noauto,unhide            0      0
 #/dev/dvd              /dvd      udf       ro,user,noauto,unhide            0      0
 #/dev/floppy/0         /floppy   vfat      user,noauto,unhide               0      0
-#devpts                 /dev/pts  devpts    noexec,nosuid,gid=tty,mode=0620  0      0
+devpts                 /dev/pts  devpts    noexec,nosuid,gid=tty,mode=0620  0      0
 #tmp                   /tmp      tmpfs     defaults                         0      0
-shm                   /dev/shm  tmpfs     defaults                         0      0
+#shm                   /dev/shm  tmpfs     defaults                         0      0
 #usb                   /proc/bus/usb usbfs defaults                         0      0
 
-devpts                 /dev/pts  devpts    noexec,nosuid,gid=tty,mode=0620  0      0
-
-#/
-#/dev/sda3:
-UUID=c8776551-2a98-4335-9fcd-e337331216dd	/		ext4	defaults			0	0
-
-#/boot
-#/dev/sda2:
-UUID=3b408790-65e1-4638-9591-7ba61f266913	/boot		ext4	defaults,nodev,noexec,nosuid	0	0
-
-#/boot/efi
-#/dev/sda1:
-UUID=962D-0DE1					/boot/efi	vfat    umask=0077			0       0
-
-#/var
-#/dev/sda4:
-UUID=f0b112e2-6761-472f-b41e-e9c8ccd27702	/var            ext4    defaults,nodev,noexec,nosuid	0       0
-
-#/usr
-#/dev/sda6:
-UUID=35755a81-89b2-4f84-a945-5185d1d3b10b	/usr            ext4    defaults,nodev			0       0
-
-#/tmp
-#/dev/sda5:
-UUID=1325ee41-27c9-4621-ab69-125bb6e1c63b	/tmp            ext4    defaults,nodev,nosuid,noexec	0	0
-
-#/home
-#/dev/sda7
-UUID=0ccd903c-b9e2-425f-bd30-78682ffce361   	/home           ext4    defaults,nodev,nosuid		0       0
-
-
-#/usr/ports
-#/dev/sda8
-#UUID=d1df6743-d3cb-4d5a-badb-96cef3181095   	/usr/ports       ext4    defaults,nodev,nosuid,noexec	0       0
-
-#/usr/ports/work
-pkgmk   					/usr/ports/work tmpfs size=30G,gid=101,uid=101,defaults 0 	0
-
-
-#swap
-#/dev/sda9:
-UUID=2925bf9d-6111-43cb-ab3f-2d95c55e40ca  none            	swap    sw              		0       0
-
 # End of file
diff --git a/core/conf/ports/6c37.httpup b/core/conf/ports/6c37.httpup
deleted file mode 100644
index dbc9422..0000000
--- a/core/conf/ports/6c37.httpup
+++ /dev/null
@@ -1,5 +0,0 @@
-# Collection 6c37, by kori at openmailbox dot org
-# File generated by the CRUX portdb http://crux.nu/portdb/
-
-ROOT_DIR=/usr/ports/6c37
-URL=https://raw.githubusercontent.com/6c37/crux-ports/3.2/
diff --git a/core/conf/rc.conf b/core/conf/rc.conf
index 661500c..ef31a33 100644
--- a/core/conf/rc.conf
+++ b/core/conf/rc.conf
@@ -7,6 +7,6 @@ KEYMAP=dvorak
 TIMEZONE="Europe/Lisbon"
 HOSTNAME=c9
 SYSLOG=sysklogd
-SERVICES=(lo iptables wlan crond)
+SERVICES=(lo iptables net crond)
 
 # End of file
diff --git a/core/conf/rc.d/net b/core/conf/rc.d/net
index e512dc7..07c46a5 100755
--- a/core/conf/rc.d/net
+++ b/core/conf/rc.d/net
@@ -4,18 +4,18 @@
 #
 
 # Connection type: "DHCP" or "static"
-#TYPE="static"
 TYPE="DHCP"
 
 # For "static" connections, specify your settings here:
 # To see your available devices run "ip link".
-DEV=enp8s0
-ADDR=192.168.1.9
+DEV=enp11s0
+ADDR=192.168.1.100
 MASK=24
-GW=192.168.1.254
+GW=192.168.1.1
 
 # Optional settings:
-DHCPOPTS="-h $(/bin/hostname) -C resolv.conf $DEV"
+#DHCPOPTS="-h $(/bin/hostname) -C resolv.conf $DEV"
+DHCPOPTS="-t 10"
 
 case $1 in
 	start)
@@ -29,13 +29,17 @@ case $1 in
 		;;
 	stop)
 		if [ "${TYPE}" = "DHCP" ]; then
-			/usr/bin/pkill -F /var/run/dhcpcd-${DEV}.pid
-
+			/sbin/dhcpcd -x
 		else
+			#/sbin/ip route del default
+			#/sbin/ip link set ${DEV} down
+			#/sbin/ip addr del ${ADDR}/${MASK} dev ${DEV}
+
                         /sbin/ip route del default dev ${DEV}
                         /sbin/ip route flush dev ${DEV}
                         /sbin/ip link set ${DEV} down
                         /sbin/ip addr flush dev ${DEV}
+
 		fi
 		;;
 	restart)
diff --git a/core/conf/rc.d/wlan b/core/conf/rc.d/wlan
index d009c1c..8800148 100755
--- a/core/conf/rc.d/wlan
+++ b/core/conf/rc.d/wlan
@@ -17,40 +17,39 @@ OPTS_WIFI="-B -P $PID_WIFI -D nl80211,wext -c /etc/wpa_supplicant.conf -i $DEV"
 
 
 print_status() {
-    $SSD --status --pidfile $2
-    case $? in
-        0) echo "$1 is running with pid $(cat $2)" ;;
-        1) echo "$1 is not running but the pid file $2 exists" ;;
-        3) echo "$1 is not running" ;;
-        4) echo "Unable to determine the program status" ;;
-    esac
+	$SSD --status --pidfile $2
+	case $? in
+	0) echo "$1 is running with pid $(cat $2)" ;;
+	1) echo "$1 is not running but the pid file $2 exists" ;;
+	3) echo "$1 is not running" ;;
+	4) echo "Unable to determine the program status" ;;
+	esac
 }
 
 case $1 in
-    start)
-        $SSD --start --pidfile $PID_WIFI --exec $PROG_WIFI -- $OPTS_WIFI && \
-            $SSD --start --pidfile $PID_DHCP --exec $PROG_DHCP -- $OPTS_DHCP
-        RETVAL=$?
-        ;;
-    stop)
-        ( $SSD --stop --retry 10 --pidfile $PID_DHCP
-        $SSD --stop --retry 10 --pidfile $PID_WIFI )
-        RETVAL=$?
-        ;;
-    restart)
-        $0 stop
-        $0 start
-        ;;
-    status)
-        print_status $PROG_WIFI $PID_WIFI
-        print_status $PROG_DHCP $PID_DHCP
-        ;;
-    *)
-        echo "Usage: $0 [start|stop|restart|status]"
-        ;;
+	start)
+		$SSD --start --pidfile $PID_WIFI --exec $PROG_WIFI -- $OPTS_WIFI && \
+		$SSD --start --pidfile $PID_DHCP --exec $PROG_DHCP -- $OPTS_DHCP
+		RETVAL=$?
+		;;
+	stop)
+		( $SSD --stop --retry 10 --pidfile $PID_DHCP 
+		  $SSD --stop --retry 10 --pidfile $PID_WIFI )
+		RETVAL=$?
+		;;
+	restart)
+		$0 stop
+		$0 start
+		;;
+	status)
+		print_status $PROG_WIFI $PID_WIFI
+		print_status $PROG_DHCP $PID_DHCP
+		;;
+	*)
+		echo "Usage: $0 [start|stop|restart|status]"
+		;;
 esac
 
 exit $RETVAL
 
 # End of file
-
diff --git a/core/conf/resolv.conf b/core/conf/resolv.conf
index 8a85b42..4c22142 100644
--- a/core/conf/resolv.conf
+++ b/core/conf/resolv.conf
@@ -1,3 +1,8 @@
-# /etc/resolv.conf.head can replace this line
+#
+# /etc/resolv.conf: resolver configuration file
+#
+
+#search <domain.org>
+#nameserver <ip-address>
 nameserver 213.73.91.35
-# /etc/resolv.conf.tail can replace this line
+# End of file
diff --git a/core/conf/sysctl.conf b/core/conf/sysctl.conf
index b74243b..b419628 100644
--- a/core/conf/sysctl.conf
+++ b/core/conf/sysctl.conf
@@ -2,7 +2,7 @@
 # /etc/sysctl.conf: configuration for system variables, see sysctl.conf(5)
 #
 
-kernel.printk = 1 4 1 7
+kernel.printk = 15 1 1 4
 
 # Disable ipv6
 net.ipv6.conf.all.disable_ipv6 = 1
@@ -10,13 +10,13 @@ net.ipv6.conf.default.disable_ipv6 = 1
 net.ipv6.conf.lo.disable_ipv6 = 1
 
 # Tuen IPv6
-# net.ipv6.conf.default.router_solicitations = 0
-# net.ipv6.conf.default.accept_ra_rtr_pref = 0
-# net.ipv6.conf.default.accept_ra_pinfo = 0
-# net.ipv6.conf.default.accept_ra_defrtr = 0
-# net.ipv6.conf.default.autoconf = 0
-# net.ipv6.conf.default.dad_transmits = 0
-# net.ipv6.conf.default.max_addresses = 0
+net.ipv6.conf.default.router_solicitations = 0
+net.ipv6.conf.default.accept_ra_rtr_pref = 0
+net.ipv6.conf.default.accept_ra_pinfo = 0
+net.ipv6.conf.default.accept_ra_defrtr = 0
+net.ipv6.conf.default.autoconf = 0
+net.ipv6.conf.default.dad_transmits = 0
+net.ipv6.conf.default.max_addresses = 0
 
 # Avoid a smurf attack
 net.ipv4.icmp_echo_ignore_broadcasts = 1
@@ -98,5 +98,16 @@ net.core.wmem_max = 8388608
 net.core.netdev_max_backlog = 5000
 net.ipv4.tcp_window_scaling = 1
 
-# End of file
+# Grsecurity stuff
+
+# cant chroot to outside chroot used to break chroot
+kernel.grsecurity.chroot_deny_chroot    = 1
+# function related to filesystems used to exploit
+kernel.grsecurity.chroot_deny_pivot     = 1
+# enforce current directory to chroot
+kernel.grsecurity.chroot_enforce_chdir  = 1
+# cant chmod inside chroot used to break chroot
+kernel.grsecurity.chroot_deny_chmod     = 0
 
+
+# End of file

 

generated by cgit-pink 1.4.1-2-gfad0 (git 2.36.2.497.gbbea4dcf42) at 2024-10-07 09:47:09 +0000