about summary refs log tree commit diff stats
path: root/tools/conf
diff options
context:
space:
mode:
Diffstat (limited to 'tools/conf')
-rw-r--r--tools/conf/etc/dnsmasq.conf26
-rw-r--r--tools/conf/etc/hosts.dnsmasq138
-rwxr-xr-xtools/conf/etc/rc.d/git-daemon5
-rw-r--r--tools/conf/etc/ssh/sshd_config21
4 files changed, 174 insertions, 16 deletions
diff --git a/tools/conf/etc/dnsmasq.conf b/tools/conf/etc/dnsmasq.conf
index b8da62e..0bf96af 100644
--- a/tools/conf/etc/dnsmasq.conf
+++ b/tools/conf/etc/dnsmasq.conf
@@ -69,7 +69,9 @@ no-poll
 #server=127.0.0.1#40
 #server=213.73.91.35
 #server=37.235.1.174
-server=84.200.69.80
+#server=84.200.69.80
+#sapo
+server=212.55.154.174
 
 # Example of routing PTR queries to nameservers: this will send all
 # address->name queries for 192.168.3/24 to nameserver 10.1.2.3
@@ -77,12 +79,12 @@ server=84.200.69.80
 
 # Add local-only domains here, queries in these domains are answered
 # from /etc/hosts or DHCP only.
-local=/c9/
+local=/ank/
 
 # Add domains which you want to force to an IP address here.
 # The example below send any host in double-click.net to a local
 # web-server.
-#address=/double-click.net/127.0.0.1
+address=/hive.gnu.systems/10.0.0.4
 
 # --address (and --server) work with IPv6 addresses too.
 #address=/www.thekelleys.org.uk/fe80::20d:60ff:fe36:f83
@@ -160,8 +162,8 @@ expand-hosts
 # 2) Sets the "domain" DHCP option thereby potentially setting the
 #    domain of all systems configured by DHCP
 # 3) Provides the domain part for "expand-hosts"
-domain=c9,10.0.0.0/8
-dhcp-option=15,c9
+domain=ank,10.0.0.0/8
+dhcp-option=15,ank
 
 # Set a different domain for a particular subnet
 #domain=wireless.thekelleys.org.uk,192.168.2.0/24
@@ -169,6 +171,12 @@ dhcp-option=15,c9
 # Same idea, but range rather then subnet
 #domain=reserved.thekelleys.org.uk,192.68.3.100,192.168.3.200
 
+address=/.akamai.net/127.0.0.1
+address=/.firefox.com/127.0.0.1
+address=/.google.com/127.0.0.1
+address=/.stripe.com/127.0.0.1
+address=/.mozilla.com/127.0.0.1
+
 # Uncomment this to enable the integrated DHCP server, you need
 # to supply the range of addresses available for lease and optionally
 # a lease time. If you have more than one network, you will need to
@@ -249,9 +257,11 @@ dhcp-range=10.0.0.100,10.0.0.200,255.0.0.0,2h
 #dhcp-host=11:22:33:44:55:66,192.168.0.60
 #dhcp-host=54:60:BE:EF:5C:72,10.0.0.2
 
-dhcp-host=50:67:f0:a1:bc:ab,cr1,10.0.0.1,infinite
-dhcp-host=00:14:BF:6E:61:21,cr2,10.0.0.2,infinite
-dhcp-host=54:60:BE:EF:5C:64,c14,10.0.0.4,infinite
+dhcp-host=50:67:f0:a1:bc:ab,router,10.0.0.1,infinite
+dhcp-host=00:14:BF:6E:61:21,lan,10.0.0.2,infinite
+dhcp-host=54:60:be:ef:5c:54,c1,10.0.0.3,infinite
+dhcp-host=54:60:be:ef:5c:14,c2,10.0.0.4,infinite
+dhcp-host=54:60:be:ef:5c:a1,c18,10.0.0.5,infinite
 # Always set the name of the host with hardware address
 # 11:22:33:44:55:66 to be "fred"
 #dhcp-host=11:22:33:44:55:66,fred
diff --git a/tools/conf/etc/hosts.dnsmasq b/tools/conf/etc/hosts.dnsmasq
index bff9703..839863a 100644
--- a/tools/conf/etc/hosts.dnsmasq
+++ b/tools/conf/etc/hosts.dnsmasq
@@ -15,9 +15,147 @@
 #255.255.255.255 broadcasthost
 #::1 localhost
 #fe80::1%lo0 localhost
+103.5.149.90 rt.com
 
 # Custom host records are listed here.
 
+0.0.0.0 firefox.com
+
+0.0.0.0 google.com
+0.0.0.0 google.pt
+0.0.0.0 google-analytics.com
+0.0.0.0 www.google-analytics.com
+0.0.0.0 ssl.google-analytics.com
+0.0.0.0 www.ssl.google-analytics.com
+0.0.0.0 statcounter.com
+0.0.0.0 www.statcounter.com
+0.0.0.0 c.statcounter.com
+0.0.0.0 www.c.statcounter.com
+
+0.0.0.0 akamai.net
+0.0.0.0 api.ak.facebook.com
+0.0.0.0 api.connect.facebook.com
+0.0.0.0 api.facebook.com
+0.0.0.0 app.facebook.com
+0.0.0.0 apps.facebook.com
+0.0.0.0 ar-ar.facebook.com
+0.0.0.0 badge.facebook.com
+0.0.0.0 blog.facebook.com
+0.0.0.0 connect.facebook.com
+0.0.0.0 connect.facebook.net
+0.0.0.0 de-de.facebook.com
+0.0.0.0 developers.facebook.com
+0.0.0.0 es-la.facebook.com
+0.0.0.0 external.ak.fbcdn.net
+0.0.0.0 facebook.com
+0.0.0.0 facebook.de
+0.0.0.0 facebook.fr
+0.0.0.0 fb.me
+0.0.0.0 fbcdn.net
+0.0.0.0 fr-fr.facebook.com
+0.0.0.0 hi-in.facebook.com
+0.0.0.0 it-it.facebook.com
+0.0.0.0 ja-jp.facebook.com
+0.0.0.0 login.facebook.com
+0.0.0.0 profile.ak.fbcdn.net
+0.0.0.0 pt-br.facebook.com
+0.0.0.0 ssl.connect.facebook.com
+0.0.0.0 static.ak.connect.facebook.com
+0.0.0.0 static.ak.fbcdn.net
+0.0.0.0 www.facebook.com
+0.0.0.0 www.facebook.de
+0.0.0.0 www.facebook.fr
+0.0.0.0 zh-cn.facebook.com
+0.0.0.0 connectivitycheck.gstatic.com
+0.0.0.0 api.matchinguu.com
+0.0.0.0 graph.facebook.com
+0.0.0.0 moto-cds.appspot.com
+0.0.0.0 edge-mqtt.facebook.com
+0.0.0.0 android.clients.google.com
+0.0.0.0 graph.instagram.com
+0.0.0.0 alt5-mtalk.google.com
+0.0.0.0 e16.whatsapp.net
+
+# End of custom host records.
+# AdAway default blocklist
+# Blocking mobile ad providers and some analytics providers
+#
+# Contribute:
+# Create an issue at https://github.com/AdAway/AdAway/issues
+#
+# Changelog:
+# 2016-07-18 Now hosted on GitHub + Cloudflare
+# 2014-05-18 Now with a valid SSL certificate available at https://adaway.org/hosts.txt
+# 2013-03-29 Integrated some hosts from
+#            http://adblock.gjtech.net/?format=hostfile
+# 2013-03-14 Back from the dead
+#
+# License:
+# CC Attribution 3.0 (http://creativecommons.org/licenses/by/3.0/)
+#
+# Contributions by:
+# Kicelo, Dominik Schuermann
+#
+
+
+# [General]
+0.0.0.0 lb.usemaxserver.de
+0.0.0.0 tracking.klickthru.com
+0.0.0.0 gsmtop.net
+0.0.0.0 click.buzzcity.net
+0.0.0.0 ads.admoda.com
+0.0.0.0 stats.pflexads.com
+0.0.0.0 a.glcdn.co
+0.0.0.0 wwww.adleads.com
+0.0.0.0 ad.madvertise.de
+0.0.0.0 apps.buzzcity.net
+0.0.0.0 ads.mobgold.com
+0.0.0.0 android.bcfads.com
+0.0.0.0 show.buzzcity.net
+0.0.0.0 api.analytics.omgpop.com
+0.0.0.0 r.edge.inmobicdn.net
+0.0.0.0 www.mmnetwork.mobi
+0.0.0.0 img.ads.huntmad.com
+0.0.0.0 creative1cdn.mobfox.com
+0.0.0.0 admicro2.vcmedia.vn
+0.0.0.0 admicro1.vcmedia.vn
+0.0.0.0 s3.phluant.com
+0.0.0.0 c.vrvm.com
+0.0.0.0 go.vrvm.com
+0.0.0.0 static.estebull.com
+0.0.0.0 mobile.banzai.it
+0.0.0.0 ads.xxxad.net
+0.0.0.0 img.ads.mojiva.com
+0.0.0.0 adcontent.saymedia.com
+0.0.0.0 ads.saymedia.com
+0.0.0.0 ftpcontent.worldnow.com
+0.0.0.0 s0.2mdn.net
+0.0.0.0 img.ads.mocean.mobi
+0.0.0.0 bigmobileads.com
+0.0.0.0 banners.bigmobileads.com
+0.0.0.0 ads.mopub.com
+0.0.0.0 images.mpression.net
+0.0.0.0 images.millennialmedia.com
+0.0.0.0 oasc04012.247realmedia.com
+0.0.0.0 assets.cntdy.mobi
+0.0.0.0 ad.leadboltapps.net
+0.0.0.0 api.airpush.com
+0.0.0.0 ad.where.com
+0.0.0.0 i.tapit.com
+0.0.0.0 cdn1.crispadvertising.com
+0.0.0.0   google-analytics.com
+0.0.0.0   www.google-analytics.com
+0.0.0.0   ssl.google-analytics.com
+0.0.0.0   www.ssl.google-analytics.com
+0.0.0.0   statcounter.com
+0.0.0.0   www.statcounter.com
+0.0.0.0   c.statcounter.com
+0.0.0.0   www.c.statcounter.com
+
+
+
+
+
 0.0.0.0 api.ak.facebook.com
 0.0.0.0 api.connect.facebook.com
 0.0.0.0 api.facebook.com
diff --git a/tools/conf/etc/rc.d/git-daemon b/tools/conf/etc/rc.d/git-daemon
index 8aa9d81..fc43cbf 100755
--- a/tools/conf/etc/rc.d/git-daemon
+++ b/tools/conf/etc/rc.d/git-daemon
@@ -4,9 +4,10 @@ SSD=/sbin/start-stop-daemon
 NAME=git-daemon
 PROG=$(git --exec-path)/${NAME}
 USER=www
-GROUP=www
+GROUP=gitolite
 PIDFILE=/var/run/git-daemon.pid
-OPTS="--verbose --reuseaddr --base-path=/srv/gitolite/repositories"
+REPOS=/srv/gitolite/repositories
+OPTS="--verbose --reuseaddr --base-path=${REPOS}"
 
 case $1 in
     start)
diff --git a/tools/conf/etc/ssh/sshd_config b/tools/conf/etc/ssh/sshd_config
index cba9be5..6fd955a 100644
--- a/tools/conf/etc/ssh/sshd_config
+++ b/tools/conf/etc/ssh/sshd_config
@@ -1,4 +1,4 @@
-#	$OpenBSD: sshd_config,v 1.101 2017/03/14 07:19:07 djm Exp $
+#	$OpenBSD: sshd_config,v 1.100 2016/08/15 12:32:04 naddy Exp $
 
 # This is the sshd server system-wide configuration file.  See
 # sshd_config(5) for more information.
@@ -16,6 +16,10 @@ AddressFamily inet
 #ListenAddress 0.0.0.0
 #ListenAddress ::
 
+
+# The default requires explicit activation of protocol 1
+Protocol 2
+
 #HostKey /etc/ssh/ssh_host_rsa_key
 #HostKey /etc/ssh/ssh_host_dsa_key
 #HostKey /etc/ssh/ssh_host_ecdsa_key
@@ -27,17 +31,18 @@ AddressFamily inet
 # Logging
 #SyslogFacility AUTH
 #LogLevel INFO
-LogLevel VERBOSE
 
 # Authentication:
 
-#LoginGraceTime 2m
+LoginGraceTime 1m
 #PermitRootLogin prohibit-password
+PermitRootLogin no
 #StrictModes yes
-#MaxAuthTries 6
+MaxAuthTries 3
 #MaxSessions 10
+MaxSessions 3
 
-#PubkeyAuthentication yes
+PubkeyAuthentication yes
 
 # The default is to check both .ssh/authorized_keys and .ssh/authorized_keys2
 # but this is overridden so installations will only check .ssh/authorized_keys
@@ -58,10 +63,12 @@ AuthorizedKeysFile	.ssh/authorized_keys
 
 # To disable tunneled clear text passwords, change to no here!
 #PasswordAuthentication yes
+PasswordAuthentication no
 #PermitEmptyPasswords no
 
 # Change to no to disable s/key passwords
 #ChallengeResponseAuthentication yes
+ChallengeResponseAuthentication no
 
 # Kerberos options
 #KerberosAuthentication no
@@ -83,6 +90,7 @@ AuthorizedKeysFile	.ssh/authorized_keys
 # PAM authentication, then enable this but set PasswordAuthentication
 # and ChallengeResponseAuthentication to 'no'.
 #UsePAM no
+#UsePAM no
 
 #AllowAgentForwarding yes
 #AllowTcpForwarding yes
@@ -95,6 +103,7 @@ AuthorizedKeysFile	.ssh/authorized_keys
 #PrintLastLog yes
 #TCPKeepAlive yes
 #UseLogin no
+#UsePrivilegeSeparation sandbox
 #PermitUserEnvironment no
 #Compression delayed
 #ClientAliveInterval 0
@@ -107,7 +116,7 @@ AuthorizedKeysFile	.ssh/authorized_keys
 #VersionAddendum none
 
 # no default banner path
-Banner /etc/issues
+Banner /etc/issue
 
 # override default of no subsystems
 Subsystem	sftp	/usr/lib/ssh/sftp-server