diff options
Diffstat (limited to 'tools/conf')
-rw-r--r-- | tools/conf/etc/dnsmasq.conf | 26 | ||||
-rw-r--r-- | tools/conf/etc/hosts.dnsmasq | 138 | ||||
-rwxr-xr-x | tools/conf/etc/rc.d/git-daemon | 5 | ||||
-rw-r--r-- | tools/conf/etc/ssh/sshd_config | 21 |
4 files changed, 174 insertions, 16 deletions
diff --git a/tools/conf/etc/dnsmasq.conf b/tools/conf/etc/dnsmasq.conf index b8da62e..0bf96af 100644 --- a/tools/conf/etc/dnsmasq.conf +++ b/tools/conf/etc/dnsmasq.conf @@ -69,7 +69,9 @@ no-poll #server=127.0.0.1#40 #server=213.73.91.35 #server=37.235.1.174 -server=84.200.69.80 +#server=84.200.69.80 +#sapo +server=212.55.154.174 # Example of routing PTR queries to nameservers: this will send all # address->name queries for 192.168.3/24 to nameserver 10.1.2.3 @@ -77,12 +79,12 @@ server=84.200.69.80 # Add local-only domains here, queries in these domains are answered # from /etc/hosts or DHCP only. -local=/c9/ +local=/ank/ # Add domains which you want to force to an IP address here. # The example below send any host in double-click.net to a local # web-server. -#address=/double-click.net/127.0.0.1 +address=/hive.gnu.systems/10.0.0.4 # --address (and --server) work with IPv6 addresses too. #address=/www.thekelleys.org.uk/fe80::20d:60ff:fe36:f83 @@ -160,8 +162,8 @@ expand-hosts # 2) Sets the "domain" DHCP option thereby potentially setting the # domain of all systems configured by DHCP # 3) Provides the domain part for "expand-hosts" -domain=c9,10.0.0.0/8 -dhcp-option=15,c9 +domain=ank,10.0.0.0/8 +dhcp-option=15,ank # Set a different domain for a particular subnet #domain=wireless.thekelleys.org.uk,192.168.2.0/24 @@ -169,6 +171,12 @@ dhcp-option=15,c9 # Same idea, but range rather then subnet #domain=reserved.thekelleys.org.uk,192.68.3.100,192.168.3.200 +address=/.akamai.net/127.0.0.1 +address=/.firefox.com/127.0.0.1 +address=/.google.com/127.0.0.1 +address=/.stripe.com/127.0.0.1 +address=/.mozilla.com/127.0.0.1 + # Uncomment this to enable the integrated DHCP server, you need # to supply the range of addresses available for lease and optionally # a lease time. If you have more than one network, you will need to @@ -249,9 +257,11 @@ dhcp-range=10.0.0.100,10.0.0.200,255.0.0.0,2h #dhcp-host=11:22:33:44:55:66,192.168.0.60 #dhcp-host=54:60:BE:EF:5C:72,10.0.0.2 -dhcp-host=50:67:f0:a1:bc:ab,cr1,10.0.0.1,infinite -dhcp-host=00:14:BF:6E:61:21,cr2,10.0.0.2,infinite -dhcp-host=54:60:BE:EF:5C:64,c14,10.0.0.4,infinite +dhcp-host=50:67:f0:a1:bc:ab,router,10.0.0.1,infinite +dhcp-host=00:14:BF:6E:61:21,lan,10.0.0.2,infinite +dhcp-host=54:60:be:ef:5c:54,c1,10.0.0.3,infinite +dhcp-host=54:60:be:ef:5c:14,c2,10.0.0.4,infinite +dhcp-host=54:60:be:ef:5c:a1,c18,10.0.0.5,infinite # Always set the name of the host with hardware address # 11:22:33:44:55:66 to be "fred" #dhcp-host=11:22:33:44:55:66,fred diff --git a/tools/conf/etc/hosts.dnsmasq b/tools/conf/etc/hosts.dnsmasq index bff9703..839863a 100644 --- a/tools/conf/etc/hosts.dnsmasq +++ b/tools/conf/etc/hosts.dnsmasq @@ -15,9 +15,147 @@ #255.255.255.255 broadcasthost #::1 localhost #fe80::1%lo0 localhost +103.5.149.90 rt.com # Custom host records are listed here. +0.0.0.0 firefox.com + +0.0.0.0 google.com +0.0.0.0 google.pt +0.0.0.0 google-analytics.com +0.0.0.0 www.google-analytics.com +0.0.0.0 ssl.google-analytics.com +0.0.0.0 www.ssl.google-analytics.com +0.0.0.0 statcounter.com +0.0.0.0 www.statcounter.com +0.0.0.0 c.statcounter.com +0.0.0.0 www.c.statcounter.com + +0.0.0.0 akamai.net +0.0.0.0 api.ak.facebook.com +0.0.0.0 api.connect.facebook.com +0.0.0.0 api.facebook.com +0.0.0.0 app.facebook.com +0.0.0.0 apps.facebook.com +0.0.0.0 ar-ar.facebook.com +0.0.0.0 badge.facebook.com +0.0.0.0 blog.facebook.com +0.0.0.0 connect.facebook.com +0.0.0.0 connect.facebook.net +0.0.0.0 de-de.facebook.com +0.0.0.0 developers.facebook.com +0.0.0.0 es-la.facebook.com +0.0.0.0 external.ak.fbcdn.net +0.0.0.0 facebook.com +0.0.0.0 facebook.de +0.0.0.0 facebook.fr +0.0.0.0 fb.me +0.0.0.0 fbcdn.net +0.0.0.0 fr-fr.facebook.com +0.0.0.0 hi-in.facebook.com +0.0.0.0 it-it.facebook.com +0.0.0.0 ja-jp.facebook.com +0.0.0.0 login.facebook.com +0.0.0.0 profile.ak.fbcdn.net +0.0.0.0 pt-br.facebook.com +0.0.0.0 ssl.connect.facebook.com +0.0.0.0 static.ak.connect.facebook.com +0.0.0.0 static.ak.fbcdn.net +0.0.0.0 www.facebook.com +0.0.0.0 www.facebook.de +0.0.0.0 www.facebook.fr +0.0.0.0 zh-cn.facebook.com +0.0.0.0 connectivitycheck.gstatic.com +0.0.0.0 api.matchinguu.com +0.0.0.0 graph.facebook.com +0.0.0.0 moto-cds.appspot.com +0.0.0.0 edge-mqtt.facebook.com +0.0.0.0 android.clients.google.com +0.0.0.0 graph.instagram.com +0.0.0.0 alt5-mtalk.google.com +0.0.0.0 e16.whatsapp.net + +# End of custom host records. +# AdAway default blocklist +# Blocking mobile ad providers and some analytics providers +# +# Contribute: +# Create an issue at https://github.com/AdAway/AdAway/issues +# +# Changelog: +# 2016-07-18 Now hosted on GitHub + Cloudflare +# 2014-05-18 Now with a valid SSL certificate available at https://adaway.org/hosts.txt +# 2013-03-29 Integrated some hosts from +# http://adblock.gjtech.net/?format=hostfile +# 2013-03-14 Back from the dead +# +# License: +# CC Attribution 3.0 (http://creativecommons.org/licenses/by/3.0/) +# +# Contributions by: +# Kicelo, Dominik Schuermann +# + + +# [General] +0.0.0.0 lb.usemaxserver.de +0.0.0.0 tracking.klickthru.com +0.0.0.0 gsmtop.net +0.0.0.0 click.buzzcity.net +0.0.0.0 ads.admoda.com +0.0.0.0 stats.pflexads.com +0.0.0.0 a.glcdn.co +0.0.0.0 wwww.adleads.com +0.0.0.0 ad.madvertise.de +0.0.0.0 apps.buzzcity.net +0.0.0.0 ads.mobgold.com +0.0.0.0 android.bcfads.com +0.0.0.0 show.buzzcity.net +0.0.0.0 api.analytics.omgpop.com +0.0.0.0 r.edge.inmobicdn.net +0.0.0.0 www.mmnetwork.mobi +0.0.0.0 img.ads.huntmad.com +0.0.0.0 creative1cdn.mobfox.com +0.0.0.0 admicro2.vcmedia.vn +0.0.0.0 admicro1.vcmedia.vn +0.0.0.0 s3.phluant.com +0.0.0.0 c.vrvm.com +0.0.0.0 go.vrvm.com +0.0.0.0 static.estebull.com +0.0.0.0 mobile.banzai.it +0.0.0.0 ads.xxxad.net +0.0.0.0 img.ads.mojiva.com +0.0.0.0 adcontent.saymedia.com +0.0.0.0 ads.saymedia.com +0.0.0.0 ftpcontent.worldnow.com +0.0.0.0 s0.2mdn.net +0.0.0.0 img.ads.mocean.mobi +0.0.0.0 bigmobileads.com +0.0.0.0 banners.bigmobileads.com +0.0.0.0 ads.mopub.com +0.0.0.0 images.mpression.net +0.0.0.0 images.millennialmedia.com +0.0.0.0 oasc04012.247realmedia.com +0.0.0.0 assets.cntdy.mobi +0.0.0.0 ad.leadboltapps.net +0.0.0.0 api.airpush.com +0.0.0.0 ad.where.com +0.0.0.0 i.tapit.com +0.0.0.0 cdn1.crispadvertising.com +0.0.0.0 google-analytics.com +0.0.0.0 www.google-analytics.com +0.0.0.0 ssl.google-analytics.com +0.0.0.0 www.ssl.google-analytics.com +0.0.0.0 statcounter.com +0.0.0.0 www.statcounter.com +0.0.0.0 c.statcounter.com +0.0.0.0 www.c.statcounter.com + + + + + 0.0.0.0 api.ak.facebook.com 0.0.0.0 api.connect.facebook.com 0.0.0.0 api.facebook.com diff --git a/tools/conf/etc/rc.d/git-daemon b/tools/conf/etc/rc.d/git-daemon index 8aa9d81..fc43cbf 100755 --- a/tools/conf/etc/rc.d/git-daemon +++ b/tools/conf/etc/rc.d/git-daemon @@ -4,9 +4,10 @@ SSD=/sbin/start-stop-daemon NAME=git-daemon PROG=$(git --exec-path)/${NAME} USER=www -GROUP=www +GROUP=gitolite PIDFILE=/var/run/git-daemon.pid -OPTS="--verbose --reuseaddr --base-path=/srv/gitolite/repositories" +REPOS=/srv/gitolite/repositories +OPTS="--verbose --reuseaddr --base-path=${REPOS}" case $1 in start) diff --git a/tools/conf/etc/ssh/sshd_config b/tools/conf/etc/ssh/sshd_config index cba9be5..6fd955a 100644 --- a/tools/conf/etc/ssh/sshd_config +++ b/tools/conf/etc/ssh/sshd_config @@ -1,4 +1,4 @@ -# $OpenBSD: sshd_config,v 1.101 2017/03/14 07:19:07 djm Exp $ +# $OpenBSD: sshd_config,v 1.100 2016/08/15 12:32:04 naddy Exp $ # This is the sshd server system-wide configuration file. See # sshd_config(5) for more information. @@ -16,6 +16,10 @@ AddressFamily inet #ListenAddress 0.0.0.0 #ListenAddress :: + +# The default requires explicit activation of protocol 1 +Protocol 2 + #HostKey /etc/ssh/ssh_host_rsa_key #HostKey /etc/ssh/ssh_host_dsa_key #HostKey /etc/ssh/ssh_host_ecdsa_key @@ -27,17 +31,18 @@ AddressFamily inet # Logging #SyslogFacility AUTH #LogLevel INFO -LogLevel VERBOSE # Authentication: -#LoginGraceTime 2m +LoginGraceTime 1m #PermitRootLogin prohibit-password +PermitRootLogin no #StrictModes yes -#MaxAuthTries 6 +MaxAuthTries 3 #MaxSessions 10 +MaxSessions 3 -#PubkeyAuthentication yes +PubkeyAuthentication yes # The default is to check both .ssh/authorized_keys and .ssh/authorized_keys2 # but this is overridden so installations will only check .ssh/authorized_keys @@ -58,10 +63,12 @@ AuthorizedKeysFile .ssh/authorized_keys # To disable tunneled clear text passwords, change to no here! #PasswordAuthentication yes +PasswordAuthentication no #PermitEmptyPasswords no # Change to no to disable s/key passwords #ChallengeResponseAuthentication yes +ChallengeResponseAuthentication no # Kerberos options #KerberosAuthentication no @@ -83,6 +90,7 @@ AuthorizedKeysFile .ssh/authorized_keys # PAM authentication, then enable this but set PasswordAuthentication # and ChallengeResponseAuthentication to 'no'. #UsePAM no +#UsePAM no #AllowAgentForwarding yes #AllowTcpForwarding yes @@ -95,6 +103,7 @@ AuthorizedKeysFile .ssh/authorized_keys #PrintLastLog yes #TCPKeepAlive yes #UseLogin no +#UsePrivilegeSeparation sandbox #PermitUserEnvironment no #Compression delayed #ClientAliveInterval 0 @@ -107,7 +116,7 @@ AuthorizedKeysFile .ssh/authorized_keys #VersionAddendum none # no default banner path -Banner /etc/issues +Banner /etc/issue # override default of no subsystems Subsystem sftp /usr/lib/ssh/sftp-server |