diff options
Diffstat (limited to 'tools/conf/etc')
21 files changed, 817 insertions, 445 deletions
diff --git a/tools/conf/etc/dnsmasq.conf b/tools/conf/etc/dnsmasq.conf index c7dd4cd..b6267fa 100644 --- a/tools/conf/etc/dnsmasq.conf +++ b/tools/conf/etc/dnsmasq.conf @@ -69,7 +69,7 @@ no-poll # Add other name servers here, with domain specs if they are for # non-public domains. #server=/localnet/192.168.0.1 -#server=127.0.0.1#40 +#server=10.0.0.4#40 #server=213.73.91.35 #server=37.235.1.174 #server=84.200.69.80 @@ -89,7 +89,6 @@ local=/ank/ # The example below send any host in double-click.net to a local # web-server. address=/tribu.semdestino.org/10.0.0.4 -#address=/tribu.semdestino.org/192.168.1.5 #host-record=tribu.semdestino.org,10.0.0.4 #host-record=tribu.semdestino.org,192.168.1.67 @@ -128,9 +127,9 @@ interface=wlp7s0 #except-interface=wlp7s0 #except-interface=enp8s0 -# Or which to listen on by address (remember to include 127.0.0.1 if +# Or which to listen on by address (remember to include 10.0.0.4 if # you use this.) -#listen-address=127.0.0.1 +#listen-address=10.0.0.4 #listen-address=10.0.0.254 #listen-address=192.168.1.33 @@ -178,11 +177,17 @@ dhcp-option=15,ank # Same idea, but range rather then subnet #domain=reserved.thekelleys.org.uk,192.68.3.100,192.168.3.200 -#address=/.akamai.net/127.0.0.1 -address=/.firefox.com/127.0.0.1 -#address=/.google.com/127.0.0.1 -address=/.stripe.com/127.0.0.1 -address=/.mozilla.com/127.0.0.1 +address=/.akamai.net/10.0.0.4 +address=/.akamaitechnologies.com/10.0.0.4 +address=/.firefox.com/10.0.0.4 +#address=/.google.com/10.0.0.4 +address=/.stripe.com/10.0.0.4 +address=/.mozilla.com/10.0.0.4 +address=/.amazonaws.com/10.0.0.4 +address=/.amazontrust.com/10.0.0.4 +address=/.1e100.net/10.0.0.4 +address=/.1e100.net/10.0.0.4 +address=/.ank.sec-t4net-srv/10.0.0.4 # Uncomment this to enable the integrated DHCP server, you need # to supply the range of addresses available for lease and optionally diff --git a/tools/conf/etc/logrotate.conf b/tools/conf/etc/logrotate.conf index 896b779..636dffb 100644 --- a/tools/conf/etc/logrotate.conf +++ b/tools/conf/etc/logrotate.conf @@ -9,13 +9,10 @@ rotate 4 create # uncomment this if you want your log files compressed -compress +#compress olddir /var/log/old - -notifempty - -maxsize 5M +maxsize 1M # some packages can drop log rotation information into # this directory @@ -23,111 +20,297 @@ include /etc/logrotate.d # few generic files to rotate /var/log/wtmp { + monthly create 0644 root root - rotate 5 + rotate 1 } /var/log/btmp { + monthly create 0600 root root - rotate 5 + rotate 1 } # system-specific logs may be also be configured here. -/var/log/faillog { - maxsize 5M +/var/log/auth { + missingok + notifempty + compress + delaycompress + sharedscripts + postrotate + /etc/init.d/syslog-ng reload + endscript } -/var/log/lastlog { - maxsize 5M +/var/log/sudo { + missingok + notifempty + compress + delaycompress + sharedscripts + postrotate + /etc/init.d/syslog-ng reload + endscript } -/var/log/auth { - create 0644 root root - rotate 5 - sharedscripts +/var/log/cron { + missingok + notifempty + compress + delaycompress + sharedscripts + postrotate + /etc/init.d/syslog-ng reload + endscript +} + +/var/log/daemon { + rotate 7 + missingok + notifempty + compress + delaycompress + sharedscripts + postrotate + /etc/init.d/syslog-ng reload + endscript +} + +/var/log/debug { + missingok + notifempty + compress + delaycompress + sharedscripts + postrotate + /etc/init.d/syslog-ng reload + endscript +} + +/var/log/error { + missingok + notifempty + compress + delaycompress + sharedscripts + postrotate + /etc/init.d/syslog-ng reload + endscript +} + +/var/log/iptables { + # uncomment this if you want your log files compressed + delaycompress + compress postrotate - if [ -f /var/run/syslog-ng.pid ]; then \ - kill -HUP `cat /var/run/syslog-ng.pid`; \ - fi; + /etc/rc.d/syslog-ng reload >/dev/null endscript } -/var/log/cron { - create 0644 root root - rotate 5 - sharedscripts +/var/log/kernel { + missingok + notifempty + compress + delaycompress + sharedscripts + postrotate + /etc/init.d/syslog-ng reload + endscript +} + +/var/log/lpr { + missingok + notifempty + compress + delaycompress + sharedscripts + postrotate + /etc/init.d/syslog-ng reload + endscript +} + +/var/log/mail.err { + missingok + notifempty + compress + delaycompress + sharedscripts + postrotate + /etc/init.d/syslog-ng reload + endscript +} + +/var/log/mail.info { + missingok + notifempty + compress + delaycompress + sharedscripts + postrotate + /etc/init.d/syslog-ng reload + endscript +} + +/var/log/mail { + missingok + notifempty + compress + delaycompress + sharedscripts + postrotate + /etc/init.d/syslog-ng reload + endscript +} + +/var/log/mail.warn { + missingok + notifempty + compress + delaycompress + sharedscripts + postrotate + /etc/init.d/syslog-ng reload + endscript +} + +/var/log/messages { + missingok + notifempty + compress + delaycompress + sharedscripts + postrotate + /etc/init.d/syslog-ng reload + endscript +} + + +/var/log/user { + missingok + notifempty + compress + delaycompress + sharedscripts + postrotate + /etc/init.d/syslog-ng reload + endscript +} + +/var/log/uucp { + missingok + notifempty + compress + delaycompress + sharedscripts + postrotate + /etc/init.d/syslog-ng reload + endscript +} + +/var/log/syslog-ng { + rotate 7 + daily + compress + delaycompress + sharedscripts + postrotate + /etc/init.d/syslog-ng reload + endscript +} + +/var/log/dnsmasq { + # uncomment this if you want your log files compressed + delaycompress + compress postrotate - if [ -f /var/run/syslog-ng.pid ]; then \ - kill -HUP `cat /var/run/syslog-ng.pid`; \ - fi; + /etc/rc.d/syslog-ng reload >/dev/null endscript } -/var/log/debug { +/var/log/pgsql { + # create new (empty) log files after rotating old ones create 0644 root root - rotate 5 - sharedscripts + # uncomment this if you want your log files compressed + delaycompress + compress + notifempty + maxsize 5M postrotate - if [ -f /var/run/syslog-ng.pid ]; then \ - kill -HUP `cat /var/run/syslog-ng.pid`; \ - fi; + /etc/rc.d/syslog-ng reload >/dev/null endscript } -/var/log/kernel { - rotate 5 - create 0644 root root - sharedscripts +/var/log/git-daemon { + # uncomment this if you want your log files compressed + delaycompress + compress postrotate - if [ -f /var/run/syslog-ng.pid ]; then \ - kill -HUP `cat /var/run/syslog-ng.pid`; \ - fi; + /etc/rc.d/syslog-ng reload >/dev/null endscript } -/var/log/daemon { +/var/log/gitolite { + # uncomment this if you want your log files compressed + delaycompress + compress + postrotate + /etc/rc.d/syslog-ng reload >/dev/null + endscript +} + +/var/log/php-fpm { + # uncomment this if you want your log files compressed + delaycompress compress - rotate 5 - create 644 root root - sharedscripts postrotate - if [ -f /var/run/syslog-ng.pid ]; then \ - kill -HUP `cat /var/run/syslog-ng.pid`; \ - fi; + /etc/rc.d/syslog-ng reload >/dev/null endscript +} +/var/log/php { + # uncomment this if you want your log files compressed + delaycompress + compress + postrotate + /etc/rc.d/syslog-ng reload >/dev/null + endscript } -/var/log/messages { - rotate 5 - create 0644 root root - sharedscripts +/var/log/nginx_access { + # uncomment this if you want your log files compressed + delaycompress + compress postrotate - if [ -f /var/run/syslog-ng.pid ]; then \ - kill -HUP `cat /var/run/syslog-ng.pid`; \ - fi; + /etc/rc.d/syslog-ng reload >/dev/null endscript } -/var/log/mail { - create 0644 root root - rotate 5 - sharedscripts +/var/log/nginx_error { + # uncomment this if you want your log files compressed + delaycompress + compress postrotate - if [ -f /var/run/syslog-ng.pid ]; then \ - kill -HUP `cat /var/run/syslog-ng.pid`; \ - fi; + /etc/rc.d/syslog-ng reload >/dev/null endscript } -/var/log/user { - create 0644 root root - rotate 5 - sharedscripts +/var/log/nginx/tribu_error.log { + # uncomment this if you want your log files compressed + delaycompress + compress + olddir /var/log/old/nginx postrotate - if [ -f /var/run/syslog-ng.pid ]; then \ - kill -HUP `cat /var/run/syslog-ng.pid`; \ - fi; + /etc/rc.d/syslog-ng reload >/dev/null endscript } +/var/log/nginx/tribu_access.log { + # uncomment this if you want your log files compressed + delaycompress + compress + olddir /var/log/old/nginx + postrotate + /etc/rc.d/syslog-ng reload >/dev/null + endscript +} diff --git a/tools/conf/etc/logrotate.d/dnsmasq b/tools/conf/etc/logrotate.d/dnsmasq deleted file mode 100644 index 3151ddc..0000000 --- a/tools/conf/etc/logrotate.d/dnsmasq +++ /dev/null @@ -1,11 +0,0 @@ -/var/log/dnsmasq { - weekly - create 0644 root root - rotate 5 - sharedscripts - postrotate - if [ -f /var/run/syslog-ng.pid ]; then \ - kill -HUP `cat /var/run/syslog-ng.pid`; \ - fi; - endscript -} diff --git a/tools/conf/etc/logrotate.d/gitolite b/tools/conf/etc/logrotate.d/gitolite deleted file mode 100644 index 547d6b6..0000000 --- a/tools/conf/etc/logrotate.d/gitolite +++ /dev/null @@ -1,12 +0,0 @@ -/var/log/gitolite { - rotate 5 - monthly - create 0644 root root - sharedscripts - postrotate - if [ -f /var/run/syslog-ng.pid ]; then \ - kill -HUP `cat /var/run/syslog-ng.pid`; \ - fi; - endscript - -} diff --git a/tools/conf/etc/logrotate.d/letsencrypt b/tools/conf/etc/logrotate.d/letsencrypt new file mode 100644 index 0000000..ce73ebc --- /dev/null +++ b/tools/conf/etc/logrotate.d/letsencrypt @@ -0,0 +1,7 @@ +/var/log/letsencrypt/*.log { + # uncomment this if you want your log files compressed + delaycompress + compress + olddir /var/log/old/letsencrypt + notifempty +} diff --git a/tools/conf/etc/logrotate.d/nginx b/tools/conf/etc/logrotate.d/nginx deleted file mode 100644 index ae05445..0000000 --- a/tools/conf/etc/logrotate.d/nginx +++ /dev/null @@ -1,23 +0,0 @@ -/var/log/nginx/access.log { - weekly - create 0664 root www - rotate 5 - sharedscripts - postrotate - if [ -f /var/run/syslog-ng.pid ]; then \ - kill -HUP `cat /var/run/syslog-ng.pid`; \ - fi; - endscript -} - -/var/log/nginx/error.log { - weekly - create 0644 root root - rotate 5 - sharedscripts - postrotate - if [ -f /var/run/syslog-ng.pid ]; then \ - kill -HUP `cat /var/run/syslog-ng.pid`; \ - fi; - endscript -} diff --git a/tools/conf/etc/logrotate.d/php-fpm b/tools/conf/etc/logrotate.d/php-fpm deleted file mode 100644 index c778658..0000000 --- a/tools/conf/etc/logrotate.d/php-fpm +++ /dev/null @@ -1,5 +0,0 @@ -/var/log/php-fpm.log { - rotate 5 - monthly - create 0644 root root -} diff --git a/tools/conf/etc/logrotate.d/postgres b/tools/conf/etc/logrotate.d/postgres deleted file mode 100644 index fc59aad..0000000 --- a/tools/conf/etc/logrotate.d/postgres +++ /dev/null @@ -1,17 +0,0 @@ -/var/log/pgsql { - weekly - compress - delaycompress - rotate 10 - notifempty - create 660 postgres postgres - sharedscripts - postrotate - if [ -f /var/run/syslog-ng.pid ]; then \ - kill -HUP `cat /var/run/syslog-ng.pid`; \ - fi; - endscript - -} - - diff --git a/tools/conf/etc/logrotate.d/postgresql b/tools/conf/etc/logrotate.d/postgresql new file mode 100644 index 0000000..8c16bfa --- /dev/null +++ b/tools/conf/etc/logrotate.d/postgresql @@ -0,0 +1,10 @@ +# this log is only used by postgresql at startup +# before start using syslog so there is no need +# to reload syslog-ng or syslog-ng +/var/log/postgresql { + # uncomment this if you want your log files compressed + delaycompress + compress + notifempty + create 664 postgres postgres +} diff --git a/tools/conf/etc/nginx/nginx.conf b/tools/conf/etc/nginx/nginx.conf index 8fca293..1339275 100644 --- a/tools/conf/etc/nginx/nginx.conf +++ b/tools/conf/etc/nginx/nginx.conf @@ -6,36 +6,36 @@ user www; worker_processes auto; -error_log /var/log/nginx/error.log; +error_log syslog:server=unix:/dev/log debug; pid /var/run/nginx.pid; - events { worker_connections 1024; } - http { include mime.types; default_type application/octet-stream; - #log_format main '$remote_addr - $remote_user [$time_local] "$request" ' - # '$status $body_bytes_sent "$http_referer" ' - # '"$http_user_agent" "$http_x_forwarded_for"'; - - access_log /var/log/nginx/access.log; - error_log /var/log/nginx/error.log; + log_format main '$remote_addr - $remote_user [$time_local] "$request" ' + '$status $body_bytes_sent "$http_referer" ' + '"$http_user_agent" "$http_x_forwarded_for"'; sendfile on; #tcp_nopush on; - client_max_body_size 8M; - keepalive_timeout 65; - client_body_timeout 12; - client_header_timeout 12; - send_timeout 65; + # Allow attach iso to wiki + #client_max_body_size 8M; + client_max_body_size 30M; + #keepalive_timeout 65; + keepalive_timeout 120; + #client_body_timeout 12; + client_body_timeout 24; + #client_header_timeout 12; + client_header_timeout 24; + send_timeout 65; gzip on; gzip_vary on; @@ -45,88 +45,6 @@ http { # gzip_http_version 1.1; gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript; - - include /etc/nginx/conf.d/*.conf; include /etc/nginx/sites-enabled/*.conf; - - #server { - # listen 80; - # server_name localhost; - # - # #charset koi8-r; - # - # location / { - # root html; - # index index.html index.htm; - # } - # - # error_page 404 /404.html; - # - # # redirect server error pages to the static page /50x.html - # # - # error_page 500 502 503 504 /50x.html; - # location = /50x.html { - # root html; - # } - # - # # proxy the PHP scripts to Apache listening on 127.0.0.1:80 - # # - # #location ~ \.php$ { - # # proxy_pass http://127.0.0.1; - # #} - # - # # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000 - # # - # #location ~ \.php$ { - # # root html; - # # fastcgi_pass 127.0.0.1:9000; - # # fastcgi_index index.php; - # # fastcgi_param SCRIPT_FILENAME /scripts$fastcgi_script_name; - # # include fastcgi_params; - # #} - # - # # deny access to .htaccess files, if Apache's document root - # # concurs with nginx's one - # # - # #location ~ /\.ht { - # # deny all; - # #} - #} - - - # another virtual host using mix of IP-, name-, and port-based configuration - # - #server { - # listen 8000; - # listen somename:8080; - # server_name somename alias another.alias; - - # location / { - # root html; - # index index.html index.htm; - # } - #} - - - # HTTPS server - # - #server { - # listen 443 ssl; - # server_name localhost; - - # ssl_certificate cert.pem; - # ssl_certificate_key cert.key; - - # ssl_session_cache shared:SSL:1m; - # ssl_session_timeout 5m; - - # ssl_ciphers HIGH:!aNULL:!MD5; - # ssl_prefer_server_ciphers on; - - # location / { - # root html; - # index index.html index.htm; - # } - #} - } +# End of file diff --git a/tools/conf/etc/nginx/sites-enabled/default.conf b/tools/conf/etc/nginx/sites-enabled/default.conf index c35b0cd..fb9fb8e 100644 --- a/tools/conf/etc/nginx/sites-enabled/default.conf +++ b/tools/conf/etc/nginx/sites-enabled/default.conf @@ -1,15 +1,13 @@ server { + server_name tribu.semdestino.org; -#listen 443 ssl http2; - listen 443 ssl; + listen 80 default_server; + listen 443 ssl default_server; -# listen 80; - server_name machine.example; + ssl_certificate /etc/letsencrypt/live/tribu.semdestino.org/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/tribu.semdestino.org/privkey.pem; + ssl_trusted_certificate /etc/letsencrypt/live/tribu.semdestino.org/chain.pem; -# listen [::]:443 ssl http2; - ssl_certificate /etc/letsencrypt/live/machine.example/fullchain.pem; - ssl_certificate_key /etc/letsencrypt/live/machine.example/privkey.pem; - ssl_trusted_certificate /etc/letsencrypt/live/machine.example/chain.pem; ssl_session_timeout 1d; ssl_session_cache shared:SSL:50m; ssl_session_tickets off; @@ -20,84 +18,62 @@ server { ssl_stapling on; ssl_stapling_verify on; - access_log /var/log/nginx/access.log; - error_log /var/log/nginx/error.log; + access_log syslog:server=unix:/dev/log,facility=daemon,tag=nginx_vhost,nohostname main; + error_log syslog:server=unix:/dev/log,facility=daemon,tag=nginx_vhost_err,nohostname debug; - - root /srv/www; - - location /ports/distfiles { - alias /usr/ports/distfiles; - } - - location /ports/packages { - alias /usr/ports/distfiles; - } + root /etc/html/; location /doc { alias /srv/www/doc; index index.html; } - location /git/static { -# static files (png/css) served from /usr/share/gitweb/static - alias /srv/www/gitweb/static; - expires 30d; + location /pub { + proxy_pass http://wiki.c2.ank:8080; + } + + location /wiki { + proxy_pass http://wiki.c2.ank:8080; } location /git { - alias /srv/www/gitweb; - index gitweb.cgi; - fastcgi_split_path_info ^/git()(/?.+)$; - fastcgi_param GITWEB_CONFIG /etc/gitweb.conf; - fastcgi_param DOCUMENT_ROOT /srv/www/gitweb; - fastcgi_param SCRIPT_NAME /gitweb.cgi$fastcgi_path_info; - - include fastcgi_params; - fastcgi_pass unix:/var/run/fcgiwrap.sock; + proxy_pass http://git.c2.ank:8080; + } + + location /forum { + proxy_pass http://forum.c2.ank:8080; } location /task { - index index.php; - alias /srv/www/flyspray; - try_files $uri $uri/ index.php$is_args$args; + proxy_pass http://task.c2.ank:8080; } - location ~ ^/task(.+\.php)$ { ### This location block was the solution - alias /srv/www/flyspray; - fastcgi_split_path_info ^(.+\.php)(/.+)$; - fastcgi_index index.php; - try_files $uri /index.php =404; - include /etc/nginx/fastcgi_params; - fastcgi_param SCRIPT_FILENAME $document_root$1; -# fastcgi_pass unix:/var/run/php5-fpm.sock; - fastcgi_pass 127.0.0.1:9000; + location /shop { + proxy_pass http://shop.c2.ank:8080; } - location / { - alias /srv/www/pmwiki/; - index pmwiki.php; - try_files $uri $uri/ /pmwiki.php$is_args$args; + location /email { + proxy_pass http://email.c2.ank:8080; } -# ACME challenge - location ^~ /.well-known { - allow all; - alias /srv/www/pmwiki/pub/cert/.well-known/; - default_type "text/plain"; - try_files $uri =404; + location /mirror { + proxy_pass http://c1.ank; } + location /awstats { + proxy_pass http://awstats.c2.ank:8080; + } + + location /stats { + proxy_pass http://stats.c2.ank:8080; + } - location ~ \.php$ { - alias /srv/www/pmwiki; - index pmwiki.php; - fastcgi_split_path_info ^(.+\.php)(/.+)$; - fastcgi_index pmwiki.php; - try_files $uri /pmwiki.php =404; - include /etc/nginx/fastcgi_params; - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; -# fastcgi_pass unix:/var/run/php5-fpm.sock; - fastcgi_pass 127.0.0.1:9000; + # ACME challenge + location ^~ /.well-known { + proxy_pass http://wiki.c2.ank; + } + + location / { + proxy_pass http://frontpage.c2.ank; } } diff --git a/tools/conf/etc/nginx/sites-enabled/email.c2.ank.conf b/tools/conf/etc/nginx/sites-enabled/email.c2.ank.conf new file mode 100644 index 0000000..3ae544c --- /dev/null +++ b/tools/conf/etc/nginx/sites-enabled/email.c2.ank.conf @@ -0,0 +1,61 @@ +server { + listen 8080; + server_name email.c2.ank; + +#access_log syslog:server=unix:/dev/log,facility=daemon,tag=nginx_git,nohostname main; +#error_log syslog:server=unix:/dev/log,facility=daemon,tag=nginx_git_err,nohostname debug; +#access_log /var/log/nginx/roundcube_access.log; +#error_log /var/log/nginx/roundcube_error.log; + + + + location /email { + alias /srv/www/email; + index index.php; + autoindex off; + } + +# Favicon + location ~ ^/email/favicon.ico$ { + root /srv/www/email/skins/classic/images; + log_not_found off; + access_log off; + expires max; + } +# Robots file + location ~ ^/email/robots.txt { + allow all; + log_not_found off; + access_log off; + } +# Deny Protected directories + location ~ ^/email/(config|temp|logs)/ { + deny all; + } + location ~ ^/email/(README|INSTALL|LICENSE|CHANGELOG|UPGRADING)$ { + deny all; + } + location ~ ^/email/(bin|SQL)/ { + deny all; + } +# Hide .md files + location ~ ^/email/(.+\.md)$ { + deny all; + } +# Hide all dot files + location ~ ^/email/\. { + deny all; + access_log off; + log_not_found off; + } + + location ~ /email/.*\.php { + alias /srv/www/email; + fastcgi_split_path_info ^(.+\.php)(/.+)$; + fastcgi_index index.php; + try_files $uri /index.php =404; + include /etc/nginx/fastcgi_params; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_pass 127.0.0.1:9000; + } +} diff --git a/tools/conf/etc/nginx/sites-enabled/forum.c2.ank.conf b/tools/conf/etc/nginx/sites-enabled/forum.c2.ank.conf new file mode 100644 index 0000000..2ed362a --- /dev/null +++ b/tools/conf/etc/nginx/sites-enabled/forum.c2.ank.conf @@ -0,0 +1,26 @@ +server { + listen 8080; + server_name forum.c2.ank; + + #access_log syslog:server=unix:/dev/log,facility=daemon,tag=nginx_forum,nohostname main; + #error_log syslog:server=unix:/dev/log,facility=daemon,tag=nginx_forum_err,nohostname debug; + + root /srv/www/; + + location /forum { + index index.php; + alias /srv/www/forum; + try_files $uri $uri/ index.php$is_args$args; + } + + location ~ ^/forum(.+\.php)$ { ### This location block was the solution + alias /srv/www/forum; + fastcgi_split_path_info ^(.+\.php)(/.+)$; + fastcgi_index index.php; + try_files $uri /index.php =404; + include /etc/nginx/fastcgi_params; + fastcgi_param SCRIPT_FILENAME $document_root$1; +# fastcgi_pass unix:/var/run/php5-fpm.sock; + fastcgi_pass 127.0.0.1:9000; + } +} diff --git a/tools/conf/etc/nginx/sites-enabled/git.c2.ank.conf b/tools/conf/etc/nginx/sites-enabled/git.c2.ank.conf new file mode 100644 index 0000000..56e6412 --- /dev/null +++ b/tools/conf/etc/nginx/sites-enabled/git.c2.ank.conf @@ -0,0 +1,28 @@ +server { + listen 8080; + server_name git.c2.ank; + + #access_log syslog:server=unix:/dev/log,facility=daemon,tag=nginx_git,nohostname main; + #error_log syslog:server=unix:/dev/log,facility=daemon,tag=nginx_git_err,nohostname debug; + + #access_log /var/log/nginx/git main; + #error_log /var/log/nginx/git_error debug; + + root /srv/www/; + + location /git/static { + # static files (png/css) served from /usr/share/gitweb/static + alias /srv/www/gitweb/static; + } + + location /git { + alias /srv/www/gitweb; + index gitweb.cgi; + fastcgi_split_path_info ^/git()(/?.+)$; + fastcgi_param GITWEB_CONFIG /etc/gitweb.conf; + fastcgi_param DOCUMENT_ROOT /srv/www/gitweb; + fastcgi_param SCRIPT_NAME /gitweb.cgi$fastcgi_path_info; + include fastcgi_params; + fastcgi_pass unix:/var/run/fcgiwrap.sock; + } +} diff --git a/tools/conf/etc/nginx/sites-enabled/git.localhost.conf b/tools/conf/etc/nginx/sites-enabled/git.localhost.conf deleted file mode 100644 index 910df66..0000000 --- a/tools/conf/etc/nginx/sites-enabled/git.localhost.conf +++ /dev/null @@ -1,25 +0,0 @@ -server { - listen 443 ssl; - - server_name git.localhost git.machine.example git.machine.example.org; - - root /srv/www/gitweb; - - location /static/ { - # static files (png/css) served from /usr/share/gitweb/static - root /usr/share/gitweb ; - expires 30d; - } - - location / { - index gitweb.cgi - fastcgi_param GITWEB_CONFIG /etc/gitweb.conf; - fastcgi_param DOCUMENT_ROOT /srv/www/gitweb/; - fastcgi_param SCRIPT_NAME /gitweb.cgi$fastcgi_path_info; - fastcgi_split_path_info ^()(/?.+)$; - - include fastcgi_params; - fastcgi_pass unix:/var/run/fcgiwrap.sock; - } - -} diff --git a/tools/conf/etc/nginx/sites-enabled/shop.c2.ank.conf b/tools/conf/etc/nginx/sites-enabled/shop.c2.ank.conf new file mode 100644 index 0000000..3a0aea1 --- /dev/null +++ b/tools/conf/etc/nginx/sites-enabled/shop.c2.ank.conf @@ -0,0 +1,84 @@ +server { + listen 8080; + server_name shop.c2.ank; + + + location ~ ^/shop/admin { + alias /srv/www/shop/upload/admin; + index index.php; + + location ~ ^/shop/admin/config.php { + deny all; + } + + location ~ \.php$ { + include /etc/nginx/fastcgi_params; + fastcgi_param SCRIPT_FILENAME $request_filename$1; + fastcgi_pass 127.0.0.1:9000; + } + } + + location ^~ /shop { + alias /srv/www/shop/upload; + index index.php; + #try_files $uri $uri/ index.php$is_args$args; + #try_files index.php @opencart; + + location ~ ^/shop/upload/image/data { + autoindex on; + } + + location ~ ^/shop/config.php { + deny all; + } + + + location ~ ^/shop/admin/config.php { + deny all; + } + +# Deny all attempts to access hidden files such as .htaccess, .htpasswd, .DS_Store (Mac). +# + location ~ ^/shop/\. { + deny all; + access_log off; + log_not_found off; + } + location ~ ^/shop/\.(jpg|jpeg|png|gif|css|js|ico)$ { + expires max; + log_not_found off; + } + + location ~ \.php$ { + include /etc/nginx/fastcgi_params; + fastcgi_param SCRIPT_FILENAME $request_filename$1; + fastcgi_pass 127.0.0.1:9000; + #fastcgi_split_path_info ^(.+\.php)(/.+)$; + #fastcgi_split_path_info ^(.+\.php)(.*)$; + #fastcgi_index index.php; + #try_files $uri /index.php =404; + # fastcgi_pass unix:/var/run/php5-fpm.sock; + } + + } + + +location @tribushop { + rewrite ^/shop/(.+)$ /shop/index.php?_route_=$1 last; + } + + location /shop/engine { + deny all; + } + + location ~ ^/shop/library { + deny all; + } + + # Make sure files with the following extensions do not + # get loaded by nginx because nginx would display the + # source code, and these files can contain PASSWORDS! + location ~ ^/shop/\.(engine|inc|info|install|make|module|profile|test|po|sh|.*sql|.*ini|theme|tpl(\.php)?|xtmpl)$|^(\..*|Entries.*|Repository|Root|Tag|Template)$|\.php_ { + deny all; + } +} diff --git a/tools/conf/etc/nginx/sites-enabled/task.c2.ank.conf b/tools/conf/etc/nginx/sites-enabled/task.c2.ank.conf new file mode 100644 index 0000000..2d62e96 --- /dev/null +++ b/tools/conf/etc/nginx/sites-enabled/task.c2.ank.conf @@ -0,0 +1,21 @@ +server { + listen 8080; + server_name task.c2.ank; + + location /task { + index index.php; + alias /srv/www/task; + try_files $uri $uri/ index.php$is_args$args; + } + + location ~ ^/task(.+\.php)$ { ### This location block was the solution + alias /srv/www/task; + fastcgi_split_path_info ^(.+\.php)(/.+)$; + fastcgi_index index.php; + try_files $uri /index.php =404; + include /etc/nginx/fastcgi_params; + fastcgi_param SCRIPT_FILENAME $document_root$1; +# fastcgi_pass unix:/var/run/php5-fpm.sock; + fastcgi_pass 127.0.0.1:9000; + } +} diff --git a/tools/conf/etc/nginx/sites-enabled/wiki.c2.ank.conf b/tools/conf/etc/nginx/sites-enabled/wiki.c2.ank.conf new file mode 100644 index 0000000..1504fa1 --- /dev/null +++ b/tools/conf/etc/nginx/sites-enabled/wiki.c2.ank.conf @@ -0,0 +1,43 @@ +server { + listen 8080; + server_name wiki.c2.ank; + + #access_log syslog:server=unix:/dev/log,facility=daemon,tag=vh_tribu,nohostname main; + #error_log syslog:server=unix:/dev/log,facility=daemon,tag=vh_tribu_err,nohostname debug; + + #access_log /var/log/nginx/wiki main; + #error_log /var/log/nginx/wiki_error debug; + + root /srv/www/; + + location /pub { + alias /srv/www/wiki/pub; + } + # ACME challenge + location ^~ /.well-known { + allow all; + alias /srv/www/wiki/pub/cert/.well-known/; + default_type "text/plain"; + try_files $uri =404; + } + + location @pmwiki { + rewrite ^/wiki/(.*) /wiki/pmwiki.php?n=$1; + } + + location /wiki { + index pmwiki.php; + try_files $uri $uri/ @pmwiki; + } + + location ~ ^\/wiki(.+\.php)$ { + index pmwiki.php; + fastcgi_split_path_info ^(.+\.php)(/.+)$; + fastcgi_index pmwiki.php; + try_files $uri /pmwiki.php =404; + include /etc/nginx/fastcgi_params; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; +# fastcgi_pass unix:/var/run/php5-fpm.sock; + fastcgi_pass 127.0.0.1:9000; + } +} diff --git a/tools/conf/etc/rc.conf b/tools/conf/etc/rc.conf index 2dbf272..192ef3e 100644 --- a/tools/conf/etc/rc.conf +++ b/tools/conf/etc/rc.conf @@ -5,8 +5,8 @@ FONT=default KEYMAP=dvorak TIMEZONE="Europe/Lisbon" -HOSTNAME=machine -SYSLOG=sysklogd -SERVICES=(lo iptables wlan blan crond) +HOSTNAME=c2 +SYSLOG=syslog-ng +SERVICES=(apparmor lo net iptables sshd ntpd postgresql exim dovecot git-daemon php-fpm fcgiwrap nginx crond) # End of file diff --git a/tools/conf/etc/ssh/sshd_config b/tools/conf/etc/ssh/sshd_config index 6fd955a..495d183 100644 --- a/tools/conf/etc/ssh/sshd_config +++ b/tools/conf/etc/ssh/sshd_config @@ -1,4 +1,4 @@ -# $OpenBSD: sshd_config,v 1.100 2016/08/15 12:32:04 naddy Exp $ +# $OpenBSD: sshd_config,v 1.103 2018/04/09 20:41:22 tj Exp $ # This is the sshd server system-wide configuration file. See # sshd_config(5) for more information. @@ -16,12 +16,7 @@ AddressFamily inet #ListenAddress 0.0.0.0 #ListenAddress :: - -# The default requires explicit activation of protocol 1 -Protocol 2 - #HostKey /etc/ssh/ssh_host_rsa_key -#HostKey /etc/ssh/ssh_host_dsa_key #HostKey /etc/ssh/ssh_host_ecdsa_key #HostKey /etc/ssh/ssh_host_ed25519_key @@ -29,8 +24,8 @@ Protocol 2 #RekeyLimit default none # Logging -#SyslogFacility AUTH -#LogLevel INFO +SyslogFacility AUTH +LogLevel INFO # Authentication: @@ -40,10 +35,11 @@ PermitRootLogin no #StrictModes yes MaxAuthTries 3 #MaxSessions 10 -MaxSessions 3 PubkeyAuthentication yes +AllowGroups admin users gitolite sshproxy + # The default is to check both .ssh/authorized_keys and .ssh/authorized_keys2 # but this is overridden so installations will only check .ssh/authorized_keys AuthorizedKeysFile .ssh/authorized_keys @@ -90,7 +86,6 @@ ChallengeResponseAuthentication no # PAM authentication, then enable this but set PasswordAuthentication # and ChallengeResponseAuthentication to 'no'. #UsePAM no -#UsePAM no #AllowAgentForwarding yes #AllowTcpForwarding yes @@ -102,8 +97,6 @@ ChallengeResponseAuthentication no #PrintMotd yes #PrintLastLog yes #TCPKeepAlive yes -#UseLogin no -#UsePrivilegeSeparation sandbox #PermitUserEnvironment no #Compression delayed #ClientAliveInterval 0 @@ -116,11 +109,25 @@ ChallengeResponseAuthentication no #VersionAddendum none # no default banner path -Banner /etc/issue +#Banner none # override default of no subsystems Subsystem sftp /usr/lib/ssh/sftp-server +Match Group gitolite + AllowAgentForwarding no + AllowTcpForwarding no + +Match Group sshproxy + AllowAgentForwarding no + PermitTTY no + PermitOpen 10.0.0.4:443 + PermitOpen 10.0.0.4:9418 + PermitOpen tribu.semdestino.org:443 + PermitOpen tribu.semdestino.org:9418 + ForceCommand echo 'This account can only be used for web proxy' + + # Example of overriding settings on a per-user basis #Match User anoncvs # X11Forwarding no diff --git a/tools/conf/etc/syslog-ng.conf b/tools/conf/etc/syslog-ng.conf index 16c1ddb..b6aa817 100644 --- a/tools/conf/etc/syslog-ng.conf +++ b/tools/conf/etc/syslog-ng.conf @@ -1,127 +1,223 @@ -@version: 3.17 +@version: 3.25 +@include "scl.conf" + +# Syslog-ng configuration file, compatible with default Debian syslogd +# installation. + +# First, set some global options. +options { chain_hostnames(off); flush_lines(0); use_dns(no); use_fqdn(no); + owner("root"); group("adm"); perm(0640); stats_freq(0); + bad_hostname("^gconfd$"); +}; + +######################## +# Sources +######################## +# This is the default behavior of sysklogd package +# Logs may come from unix stream, but not from another machine. # -# /etc/syslog-ng: syslog-ng(8) configration file -# based on a gentoo template added custom changes for crux +source s_src { + system(); + internal(); +}; -# on busy systems you may have to adjus flush_lines and suppress() to avoid -# heavy disc i/o -# to change default permissions/owner/group for newly created files add -# options like this: owner(root); group(sys); perm(0644); - -options { chain_hostnames(off); flush_lines(0); stats_freq(0); create_dirs(on); }; - -#source where to read log -source src { unix-stream("/dev/log"); internal(); }; -source kernsrc { file("/proc/kmsg"); }; - -#define templates -template t_debug { template("$DATE fac $FACILITY lvl $LEVEL prg $PROGRAM: $MSG\n"); }; - -#define destinations -destination authlog { file("/var/log/auth" suppress(5)); }; -destination sudo { file("/var/log/sudo" suppress(5)); }; -destination cron { file("/var/log/cron" suppress(5)); }; -destination kern { file("/var/log/kernel" suppress(5)); }; -destination mail { file("/var/log/mail" suppress(5)); }; - -destination mailinfo { file("/var/log/mail.info" suppress(5)); }; -destination mailwarn { file("/var/log/mail.warn" suppress(5)); }; -destination mailerr { file("/var/log/mail.err" suppress(5)); }; +# If you wish to get logs from remote machine you should uncomment +# this and comment the above source line. +# +#source s_net { tcp(ip(127.0.0.1) port(1000)); }; -#destination newscrit { file("/var/log/news/news.crit" suppress(5)); }; -#destination newserr { file("/var/log/news/news.err" suppress(5)); }; -#destination newsnotice { file("/var/log/news/news.notice" suppress(5)); }; +######################## +# Destinations +######################## +# First some standard logfile +# +destination d_auth { file("/var/log/auth"); }; +destination d_sudo { file("/var/log/sudo" ); }; +destination d_cron { file("/var/log/cron"); }; +destination d_daemon { file("/var/log/daemon"); }; +destination d_kern { file("/var/log/kernel"); }; +destination d_lpr { file("/var/log/lpr"); }; +destination d_mail { file("/var/log/mail"); }; +destination d_syslog { file("/var/log/syslog-ng"); }; +destination d_user { file("/var/log/user"); }; +destination d_uucp { file("/var/log/uucp"); }; + +# This files are the log come from the mail subsystem. +# +destination d_mailinfo { file("/var/log/mail.info"); }; +destination d_mailwarn { file("/var/log/mail.warn"); }; +destination d_mailerr { file("/var/log/mail.err"); }; -destination debug { file("/var/log/debug" template(t_debug) suppress(5)); }; -destination messages { file("/var/log/messages" suppress(5)); }; -destination errors { file("/var/log/error" suppress(5)); }; -destination console { usertty("root"); }; -destination console_all { file("/dev/tty12" suppress(5)); }; -destination xconsole { pipe("/dev/xconsole" suppress(5)); }; +# Logging for INN news system +# +destination d_newscrit { file("/var/log/news/news.crit"); }; +destination d_newserr { file("/var/log/news/news.err"); }; +destination d_newsnotice { file("/var/log/news/news.notice"); }; -############################################# -# custom destinations +# Some 'catch-all' logfiles. # +destination d_debug { file("/var/log/debug"); }; +destination d_error { file("/var/log/error"); }; +destination d_messages { file("/var/log/messages"); }; -destination d_shorewall_warn { file ("/var/log/shorewall/warn.log"); }; -destination d_shorewall_info { file ("/var/log/shorewall/info.log"); }; +# Custom destinations +destination d_shorewall_warn { file ("/var/log/shorewall/warn"); }; +destination d_shorewall_info { file ("/var/log/shorewall/info"); }; destination d_dnsmasq { file("/var/log/dnsmasq"); }; destination d_postgres { file("/var/log/pgsql"); }; +destination d_mysql { file("/var/log/pgsql"); }; destination d_iptables { file("/var/log/iptables"); }; destination d_sshd { file("/var/log/sshd"); }; destination d_gitolite { file("/var/log/gitolite"); }; -destination d_nginx_access { file("/var/log/nginx/access.log" owner(root) group(www) perm(0644)); }; -destination d_nginx_error { file("/var/log/nginx/error.log"); }; +destination d_git-daemon { file("/var/log/git-daemon"); }; +destination d_nginx_access { file("/var/log/nginx_access"); }; +destination d_nginx_error { file("/var/log/nginx_error"); }; +destination d_php_fpm { file("/var/log/php-fpm"); }; +destination d_php { file("/var/log/php"); }; +destination d_nginx_vhost { file("/var/log/nginx/vhost_access"); }; +destination d_nginx_vhost_err { file("/var/log/nginx/vhost_error"); }; + +# The root's console. +# +destination d_console { usertty("root"); }; + +# Virtual console. +# +#destination d_console_all { file(`tty10`); }; +destination console { usertty("root"); }; +destination d_console_all { file("/dev/tty12" suppress(5)); }; +destination xconsole { pipe("/dev/xconsole" suppress(5)); }; + + + +# The named pipe /dev/xconsole is for the nsole' utility. To use it, +# you must invoke nsole' with the -file' option: +# +# $ xconsole -file /dev/xconsole [...] +# +destination d_xconsole { pipe("/dev/xconsole"); }; +# Send the messages to an other host +# +#destination d_net { tcp("127.0.0.1" port(1000) log_fifo_size(1000)); }; -#create filters -filter f_authpriv { facility(auth, authpriv); }; -filter f_cron { facility(cron); }; -filter f_kern { facility(kern); }; -filter f_mail { facility(mail); }; -#filter f_debug { not facility(auth, authpriv, mail) and not program(sudo); }; -filter f_debug { not facility(mail) and not program(sudo); }; -filter f_messages { level(info..warn) - and not facility(auth, authpriv, mail) and not program(sudo); }; -filter f_sudo { program(sudo); }; -filter f_errors { level(err..emerg); }; +# Debian only +destination d_ppp { file("/var/log/ppp"); }; -filter f_emergency { level(emerg); }; +######################## +# Filters +######################## +# Here's come the filter options. With this rules, we can set which +# message go where. +filter f_dbg { level(debug); }; filter f_info { level(info); }; filter f_notice { level(notice); }; filter f_warn { level(warn); }; -filter f_crit { level(crit); }; filter f_err { level(err); }; +filter f_crit { level(crit .. emerg); }; + +filter f_debug { level(debug) and not facility(auth, authpriv, news, mail); }; +filter f_error { level(err .. emerg) ; }; +filter f_messages { level(info,notice,warn) + and not facility(auth,authpriv,cron,daemon,mail,news,local0); }; + +filter f_auth { facility(auth, authpriv) and not filter(f_debug); }; +filter f_sudo { facility(auth, authpriv) and program("^sudo$"); }; +filter f_cron { facility(cron) and not filter(f_debug);}; +filter f_daemon { facility(daemon, local0) + and not filter(f_debug) + and not program("^php$") + and not program("^nginx_vhost$") + and not program("^nginx_vhost_err$");}; +filter f_kern { facility(kern) and not filter(f_debug); }; +filter f_lpr { facility(lpr) and not filter(f_debug); }; +filter f_local { facility(local0, local1, local3, local4, local5, + local6, local7) and not filter(f_debug); }; +filter f_mail { facility(mail) and not filter(f_debug); }; +filter f_news { facility(news) and not filter(f_debug); }; +filter f_syslog3 { program("^syslog-ng$");}; +filter f_user { facility(user) and not filter(f_debug); }; +filter f_uucp { facility(uucp) and not filter(f_debug); }; + +filter f_cnews { level(notice, err, crit) and facility(news); }; +filter f_cother { level(debug, info, notice, warn) or facility(daemon, mail); }; + +filter f_ppp { facility(local2) and not filter(f_debug); }; +filter f_console { level(warn .. emerg); }; -############################################# # custom filters -# -filter f_dnsmasq { program("dnsmasq"); }; -filter f_postgres { facility(local0); }; -filter f_sshd { facility(local1); }; + +filter f_dnsmasq { program("^dnsmasq$"); }; +filter f_postgres { facility(local0) and program("^postgresql$"); }; +filter f_sshd { facility(auth) and program("^sshd$"); }; filter f_iptables { facility(kern) and match("iptables" value("MESSAGE")) }; filter f_shorewall_warn { level (warn) and match ("Shorewall" value("MESSAGE")); }; filter f_shorewall_info {level (info) and match ("Shorewall" value("MESSAGE")); }; -filter f_gitolite { program("gitolite"); }; -filter f_nginx_access { match("nginx_access:" value("MESSAGE")); }; -filter f_nginx_error { match("nginx_error:" value("MESSAGE")); }; - -# examples for text-matching (beware of performance issues) -#filter f_failed { match("failed"); }; -#filter f_denied { match("denied"); }; - -#connect filter and destination -log { source(src); filter(f_authpriv); destination(authlog); }; -log { source(src); filter(f_sudo); destination(sudo); }; -log { source(src); filter(f_cron); destination(cron); }; -log { source(kernsrc); filter(f_kern); destination(kern); }; -log { source(src); filter(f_mail); destination(mail); }; -log { source(src); filter(f_mail); filter(f_info); destination(mailinfo); }; -log { source(src); filter(f_mail); filter(f_warn); destination(mailwarn); }; -log { source(src); filter(f_mail); filter(f_err); destination(mailerr); }; - -#log { source(src); filter(f_debug); destination(debug); }; -log { source(src); filter(f_messages); destination(messages); }; -log { source(src); filter(f_errors); destination(errors); }; -log { source(src); filter(f_emergency); destination(console); }; - -#default log -#log { source(src); destination(console_all); }; - -############################################# -# custom -# - -log { source (kernsrc); filter (f_iptables); destination (d_iptables);}; -log { source (kernsrc); filter (f_shorewall_warn); destination (d_shorewall_warn);}; -log { source (kernsrc); filter (f_shorewall_info); destination (d_shorewall_info);}; -log { source(src); filter(f_dnsmasq); destination(d_dnsmasq);}; -log { source(src); filter(f_postgres); destination(d_postgres);}; -log { source(src); filter(f_sshd); destination(d_sshd);}; -log { source(src); filter(f_gitolite); destination(d_gitolite);}; -log { source(src); filter(f_nginx_error); destination(d_nginx_error);}; -log { source(src); filter(f_nginx_access); destination(d_nginx_access);}; +filter f_gitolite { program("^gitolite$"); }; +filter f_git-daemon { program("^git-daemon$"); }; +filter f_nginx_error { facility(daemon) and program("^nginx$"); }; +filter f_nginx_vhost { facility(daemon) and program("^nginx_vhost$");}; +filter f_nginx_vhost_err { facility(daemon) and program("^nginx_vhost_err$");}; +filter f_php_fpm { facility(daemon) and program("^php-fpm$");}; +filter f_php { facility(daemon) and program("^php$");}; + +# custom logs +log { source(s_src); filter(f_php_fpm); destination(d_php_fpm); }; +log { source(s_src); filter(f_php); destination(d_php); }; +log { source(s_src); filter(f_nginx_vhost); destination(d_nginx_vhost); }; +log { source(s_src); filter(f_nginx_vhost_err); destination(d_nginx_vhost_err); }; +log { source(s_src); filter(f_sshd); destination(d_sshd);}; +log { source (s_src); filter (f_iptables); destination (d_iptables);}; +log { source (s_src); filter (f_shorewall_warn); destination (d_shorewall_warn);}; +log { source (s_src); filter (f_shorewall_info); destination (d_shorewall_info);}; +log { source(s_src); filter(f_dnsmasq); destination(d_dnsmasq);}; +log { source(s_src); filter(f_postgres); destination(d_postgres);}; +log { source(s_src); filter(f_gitolite); destination(d_gitolite);}; +log { source(s_src); filter(f_git-daemon); destination(d_git-daemon);}; +log { source(s_src); filter(f_nginx_error); destination(d_nginx_error);}; + +######################## +# Log paths +######################## +log { source(s_src); filter(f_auth); destination(d_auth); }; +log { source(s_src); filter(f_sudo); destination(d_sudo); }; +log { source(s_src); filter(f_cron); destination(d_cron); }; +log { source(s_src); filter(f_daemon); destination(d_daemon); }; +log { source(s_src); filter(f_kern); destination(d_kern); }; +log { source(s_src); filter(f_lpr); destination(d_lpr); }; +log { source(s_src); filter(f_user); destination(d_user); }; +log { source(s_src); filter(f_uucp); destination(d_uucp); }; + +log { source(s_src); filter(f_mail); destination(d_mail); }; +log { source(s_src); filter(f_mail); filter(f_info); destination(d_mailinfo); }; +log { source(s_src); filter(f_mail); filter(f_warn); destination(d_mailwarn); }; +log { source(s_src); filter(f_mail); filter(f_err); destination(d_mailerr); }; + +log { source(s_src); filter(f_news); filter(f_crit); destination(d_newscrit); }; +log { source(s_src); filter(f_news); filter(f_err); destination(d_newserr); }; +log { source(s_src); filter(f_news); filter(f_notice); destination(d_newsnotice); }; +#log { source(s_src); filter(f_cnews); destination(d_console_all); }; +#log { source(s_src); filter(f_cother); destination(d_console_all); }; + +#log { source(s_src); filter(f_ppp); destination(d_ppp); }; + +log { source(s_src); filter(f_debug); destination(d_debug); }; +log { source(s_src); filter(f_error); destination(d_error); }; +log { source(s_src); filter(f_messages); destination(d_messages); }; +log { source(s_src); filter(f_syslog3); destination(d_syslog); }; +log { source(s_src); filter(f_console); destination(d_console_all); + destination(d_xconsole); }; +log { source(s_src); filter(f_crit); destination(d_console); }; +# +# +# All messages send to a remote site +# +#log { source(s_src); destination(d_net); }; +### +# Include all config files in /etc/syslog-ng/conf.d/ +### +@include "/etc/syslog-ng/conf.d/*.conf" |