diff options
Diffstat (limited to 'core/conf')
| -rw-r--r-- | core/conf/exim/exim.conf | 4 | ||||
| -rw-r--r-- | core/conf/fstab | 47 | ||||
| -rw-r--r-- | core/conf/ports/6c37.httpup | 5 | ||||
| -rw-r--r-- | core/conf/rc.conf | 2 | ||||
| -rwxr-xr-x | core/conf/rc.d/net | 18 | ||||
| -rwxr-xr-x | core/conf/rc.d/wlan | 57 | ||||
| -rw-r--r-- | core/conf/resolv.conf | 9 | ||||
| -rw-r--r-- | core/conf/sysctl.conf | 29 |
8 files changed, 72 insertions, 99 deletions
diff --git a/core/conf/exim/exim.conf b/core/conf/exim/exim.conf index 47a6094..074c8af 100644 --- a/core/conf/exim/exim.conf +++ b/core/conf/exim/exim.conf @@ -539,7 +539,9 @@ acl_check_data: # Deny if the message contains an overlong line. Per the standards # we should never receive one such via SMTP. # - deny condition = ${if > {$max_received_linelength}{998}} + deny message = maximum allowed line length is 998 octets, \ + got $max_received_linelength + condition = ${if > {$max_received_linelength}{998}} # Deny if the message contains a virus. Before enabling this check, you # must install a virus scanner and set the av_scanner option above. diff --git a/core/conf/fstab b/core/conf/fstab index 67bc4e4..da3c9dd 100644 --- a/core/conf/fstab +++ b/core/conf/fstab @@ -13,52 +13,9 @@ #/dev/cdrom /cdrom iso9660 ro,user,noauto,unhide 0 0 #/dev/dvd /dvd udf ro,user,noauto,unhide 0 0 #/dev/floppy/0 /floppy vfat user,noauto,unhide 0 0 -#devpts /dev/pts devpts noexec,nosuid,gid=tty,mode=0620 0 0 +devpts /dev/pts devpts noexec,nosuid,gid=tty,mode=0620 0 0 #tmp /tmp tmpfs defaults 0 0 -shm /dev/shm tmpfs defaults 0 0 +#shm /dev/shm tmpfs defaults 0 0 #usb /proc/bus/usb usbfs defaults 0 0 -devpts /dev/pts devpts noexec,nosuid,gid=tty,mode=0620 0 0 - -#/ -#/dev/sda3: -UUID=c8776551-2a98-4335-9fcd-e337331216dd / ext4 defaults 0 0 - -#/boot -#/dev/sda2: -UUID=3b408790-65e1-4638-9591-7ba61f266913 /boot ext4 defaults,nodev,noexec,nosuid 0 0 - -#/boot/efi -#/dev/sda1: -UUID=962D-0DE1 /boot/efi vfat umask=0077 0 0 - -#/var -#/dev/sda4: -UUID=f0b112e2-6761-472f-b41e-e9c8ccd27702 /var ext4 defaults,nodev,noexec,nosuid 0 0 - -#/usr -#/dev/sda6: -UUID=35755a81-89b2-4f84-a945-5185d1d3b10b /usr ext4 defaults,nodev 0 0 - -#/tmp -#/dev/sda5: -UUID=1325ee41-27c9-4621-ab69-125bb6e1c63b /tmp ext4 defaults,nodev,nosuid,noexec 0 0 - -#/home -#/dev/sda7 -UUID=0ccd903c-b9e2-425f-bd30-78682ffce361 /home ext4 defaults,nodev,nosuid 0 0 - - -#/usr/ports -#/dev/sda8 -#UUID=d1df6743-d3cb-4d5a-badb-96cef3181095 /usr/ports ext4 defaults,nodev,nosuid,noexec 0 0 - -#/usr/ports/work -pkgmk /usr/ports/work tmpfs size=30G,gid=101,uid=101,defaults 0 0 - - -#swap -#/dev/sda9: -UUID=2925bf9d-6111-43cb-ab3f-2d95c55e40ca none swap sw 0 0 - # End of file diff --git a/core/conf/ports/6c37.httpup b/core/conf/ports/6c37.httpup deleted file mode 100644 index dbc9422..0000000 --- a/core/conf/ports/6c37.httpup +++ /dev/null @@ -1,5 +0,0 @@ -# Collection 6c37, by kori at openmailbox dot org -# File generated by the CRUX portdb http://crux.nu/portdb/ - -ROOT_DIR=/usr/ports/6c37 -URL=https://raw.githubusercontent.com/6c37/crux-ports/3.2/ diff --git a/core/conf/rc.conf b/core/conf/rc.conf index 661500c..ef31a33 100644 --- a/core/conf/rc.conf +++ b/core/conf/rc.conf @@ -7,6 +7,6 @@ KEYMAP=dvorak TIMEZONE="Europe/Lisbon" HOSTNAME=c9 SYSLOG=sysklogd -SERVICES=(lo iptables wlan crond) +SERVICES=(lo iptables net crond) # End of file diff --git a/core/conf/rc.d/net b/core/conf/rc.d/net index e512dc7..07c46a5 100755 --- a/core/conf/rc.d/net +++ b/core/conf/rc.d/net @@ -4,18 +4,18 @@ # # Connection type: "DHCP" or "static" -#TYPE="static" TYPE="DHCP" # For "static" connections, specify your settings here: # To see your available devices run "ip link". -DEV=enp8s0 -ADDR=192.168.1.9 +DEV=enp11s0 +ADDR=192.168.1.100 MASK=24 -GW=192.168.1.254 +GW=192.168.1.1 # Optional settings: -DHCPOPTS="-h $(/bin/hostname) -C resolv.conf $DEV" +#DHCPOPTS="-h $(/bin/hostname) -C resolv.conf $DEV" +DHCPOPTS="-t 10" case $1 in start) @@ -29,13 +29,17 @@ case $1 in ;; stop) if [ "${TYPE}" = "DHCP" ]; then - /usr/bin/pkill -F /var/run/dhcpcd-${DEV}.pid - + /sbin/dhcpcd -x else + #/sbin/ip route del default + #/sbin/ip link set ${DEV} down + #/sbin/ip addr del ${ADDR}/${MASK} dev ${DEV} + /sbin/ip route del default dev ${DEV} /sbin/ip route flush dev ${DEV} /sbin/ip link set ${DEV} down /sbin/ip addr flush dev ${DEV} + fi ;; restart) diff --git a/core/conf/rc.d/wlan b/core/conf/rc.d/wlan index d009c1c..8800148 100755 --- a/core/conf/rc.d/wlan +++ b/core/conf/rc.d/wlan @@ -17,40 +17,39 @@ OPTS_WIFI="-B -P $PID_WIFI -D nl80211,wext -c /etc/wpa_supplicant.conf -i $DEV" print_status() { - $SSD --status --pidfile $2 - case $? in - 0) echo "$1 is running with pid $(cat $2)" ;; - 1) echo "$1 is not running but the pid file $2 exists" ;; - 3) echo "$1 is not running" ;; - 4) echo "Unable to determine the program status" ;; - esac + $SSD --status --pidfile $2 + case $? in + 0) echo "$1 is running with pid $(cat $2)" ;; + 1) echo "$1 is not running but the pid file $2 exists" ;; + 3) echo "$1 is not running" ;; + 4) echo "Unable to determine the program status" ;; + esac } case $1 in - start) - $SSD --start --pidfile $PID_WIFI --exec $PROG_WIFI -- $OPTS_WIFI && \ - $SSD --start --pidfile $PID_DHCP --exec $PROG_DHCP -- $OPTS_DHCP - RETVAL=$? - ;; - stop) - ( $SSD --stop --retry 10 --pidfile $PID_DHCP - $SSD --stop --retry 10 --pidfile $PID_WIFI ) - RETVAL=$? - ;; - restart) - $0 stop - $0 start - ;; - status) - print_status $PROG_WIFI $PID_WIFI - print_status $PROG_DHCP $PID_DHCP - ;; - *) - echo "Usage: $0 [start|stop|restart|status]" - ;; + start) + $SSD --start --pidfile $PID_WIFI --exec $PROG_WIFI -- $OPTS_WIFI && \ + $SSD --start --pidfile $PID_DHCP --exec $PROG_DHCP -- $OPTS_DHCP + RETVAL=$? + ;; + stop) + ( $SSD --stop --retry 10 --pidfile $PID_DHCP + $SSD --stop --retry 10 --pidfile $PID_WIFI ) + RETVAL=$? + ;; + restart) + $0 stop + $0 start + ;; + status) + print_status $PROG_WIFI $PID_WIFI + print_status $PROG_DHCP $PID_DHCP + ;; + *) + echo "Usage: $0 [start|stop|restart|status]" + ;; esac exit $RETVAL # End of file - diff --git a/core/conf/resolv.conf b/core/conf/resolv.conf index 8a85b42..4c22142 100644 --- a/core/conf/resolv.conf +++ b/core/conf/resolv.conf @@ -1,3 +1,8 @@ -# /etc/resolv.conf.head can replace this line +# +# /etc/resolv.conf: resolver configuration file +# + +#search <domain.org> +#nameserver <ip-address> nameserver 213.73.91.35 -# /etc/resolv.conf.tail can replace this line +# End of file diff --git a/core/conf/sysctl.conf b/core/conf/sysctl.conf index b74243b..b419628 100644 --- a/core/conf/sysctl.conf +++ b/core/conf/sysctl.conf @@ -2,7 +2,7 @@ # /etc/sysctl.conf: configuration for system variables, see sysctl.conf(5) # -kernel.printk = 1 4 1 7 +kernel.printk = 15 1 1 4 # Disable ipv6 net.ipv6.conf.all.disable_ipv6 = 1 @@ -10,13 +10,13 @@ net.ipv6.conf.default.disable_ipv6 = 1 net.ipv6.conf.lo.disable_ipv6 = 1 # Tuen IPv6 -# net.ipv6.conf.default.router_solicitations = 0 -# net.ipv6.conf.default.accept_ra_rtr_pref = 0 -# net.ipv6.conf.default.accept_ra_pinfo = 0 -# net.ipv6.conf.default.accept_ra_defrtr = 0 -# net.ipv6.conf.default.autoconf = 0 -# net.ipv6.conf.default.dad_transmits = 0 -# net.ipv6.conf.default.max_addresses = 0 +net.ipv6.conf.default.router_solicitations = 0 +net.ipv6.conf.default.accept_ra_rtr_pref = 0 +net.ipv6.conf.default.accept_ra_pinfo = 0 +net.ipv6.conf.default.accept_ra_defrtr = 0 +net.ipv6.conf.default.autoconf = 0 +net.ipv6.conf.default.dad_transmits = 0 +net.ipv6.conf.default.max_addresses = 0 # Avoid a smurf attack net.ipv4.icmp_echo_ignore_broadcasts = 1 @@ -98,5 +98,16 @@ net.core.wmem_max = 8388608 net.core.netdev_max_backlog = 5000 net.ipv4.tcp_window_scaling = 1 -# End of file +# Grsecurity stuff + +# cant chroot to outside chroot used to break chroot +kernel.grsecurity.chroot_deny_chroot = 1 +# function related to filesystems used to exploit +kernel.grsecurity.chroot_deny_pivot = 1 +# enforce current directory to chroot +kernel.grsecurity.chroot_enforce_chdir = 1 +# cant chmod inside chroot used to break chroot +kernel.grsecurity.chroot_deny_chmod = 0 + +# End of file |