From 8d015ab2dfd94543989cb8b11743ae61084c6e8f Mon Sep 17 00:00:00 2001 From: Wvader <34067397+wvader@users.noreply.github.com> Date: Fri, 4 Nov 2022 00:15:28 +0000 Subject: [PATCH] refactor --- .gitignore | 2 +- CMakeLists.txt | 9 +- README.md | 2 +- include/AugSettings.cpp | 0 include/AugSettings.h | 4 - include/augSettings.cpp | 1 + include/augSettings.h | 4 + main.cpp | 60 +- main.h | 28 +- root/boot/grub/grub.conf | 31 - root/boot/grub/menu.lst | 31 - root/etc/aliases | 29 - root/etc/apt/apt.conf.d/01autoremove | 40 - root/etc/apt/apt.conf.d/01autoremove-kernels | 15 - root/etc/apt/apt.conf.d/50unattended-upgrades | 92 - root/etc/apt/apt.conf.d/70debconf | 3 - .../apt/apt.conf.d/90cloud-init-pipelining | 2 - root/etc/apt/sources.list | 6 - root/etc/ceph/ceph.conf | 536 -- root/etc/crontab | 3 - root/etc/default/im-config | 6 - root/etc/dput.cf | 46 - root/etc/exports | 4 - root/etc/fstab | 10 - root/etc/group | 26 - root/etc/grub.conf | 31 - root/etc/gshadow | 26 - root/etc/hosts | 6 - root/etc/httpd/conf.d/ssl.conf | 222 - root/etc/httpd/conf.modules.d/00-base.conf | 67 - root/etc/httpd/conf.modules.d/00-dav.conf | 3 - root/etc/httpd/conf.modules.d/00-lua.conf | 1 - root/etc/httpd/conf.modules.d/00-mpm.conf | 23 - .../etc/httpd/conf.modules.d/00-optional.conf | 18 - root/etc/httpd/conf.modules.d/00-proxy.conf | 17 - root/etc/httpd/conf.modules.d/00-systemd.conf | 2 - root/etc/httpd/conf.modules.d/01-cgi.conf | 14 - root/etc/httpd/conf.modules.d/10-h2.conf | 1 - .../httpd/conf.modules.d/10-mod_dnssd.conf | 1 - .../etc/httpd/conf.modules.d/10-proxy_h2.conf | 1 - root/etc/httpd/conf.modules.d/README | 9 - root/etc/inittab | 53 - root/etc/kdump.conf | 192 - root/etc/krb5.conf | 31 - root/etc/logrotate.d/acpid | 8 - root/etc/logrotate.d/rpm | 6 - root/etc/modules.conf | 353 -- root/etc/multipath.conf | 97 - root/etc/network/interfaces | 39 - root/etc/nginx/nginx.conf | 117 - root/etc/nrpe.cfg | 1 - root/etc/nslcd.conf | 126 - root/etc/ntp.conf | 50 - root/etc/pam.d/login | 15 - root/etc/pam.d/newrole | 5 - root/etc/pam.d/postgresql | 3 - root/etc/passwd | 19 - root/etc/php.ini | 1221 ----- root/etc/puppet/puppet.conf | 29 - root/etc/resolv.conf | 6 - root/etc/samba/smb.conf | 288 - root/etc/security/limits.conf | 58 - root/etc/selinux/semanage.conf | 60 - root/etc/services | 387 -- root/etc/shadow | 19 - root/etc/squid/squid.conf | 4725 ----------------- root/etc/ssh/ssh_config | 66 - root/etc/ssh/sshd_config | 131 - root/etc/sudoers | 95 - root/etc/sysconfig/anaconda | 5 - root/etc/sysconfig/atd | 9 - root/etc/sysconfig/authconfig | 17 - root/etc/sysconfig/autofs | 91 - root/etc/sysconfig/clock | 5 - root/etc/sysconfig/cpuspeed | 72 - root/etc/sysconfig/crond | 9 - root/etc/sysconfig/crontab | 6 - root/etc/sysconfig/firstboot | 1 - root/etc/sysconfig/grub | 2 - root/etc/sysconfig/hsqldb | 128 - root/etc/sysconfig/httpd | 22 - root/etc/sysconfig/hw-uuid | 1 - root/etc/sysconfig/hwconf | 672 --- root/etc/sysconfig/i18n | 2 - root/etc/sysconfig/init | 25 - root/etc/sysconfig/iptables | 48 - root/etc/sysconfig/iptables-config | 48 - root/etc/sysconfig/irda | 4 - root/etc/sysconfig/irqbalance | 18 - root/etc/sysconfig/kdump | 32 - root/etc/sysconfig/kernel | 6 - root/etc/sysconfig/keyboard | 2 - root/etc/sysconfig/kudzu | 6 - root/etc/sysconfig/libvirtd | 9 - root/etc/sysconfig/lircd | 2 - root/etc/sysconfig/lm_sensors | 2 - root/etc/sysconfig/nasd | 10 - root/etc/sysconfig/netconsole | 20 - root/etc/sysconfig/netdump_id_dsa.pub | 1 - root/etc/sysconfig/network | 3 - root/etc/sysconfig/network-scripts/ifcfg-br0 | 5 - root/etc/sysconfig/network-scripts/ifcfg-eth0 | 7 - root/etc/sysconfig/network-scripts/ifcfg-lo | 9 - .../network-scripts/ifcfg-lo.rpmsave | 9 - .../ifcfg-weird [!] (used to fail) | 4 - .../etc/sysconfig/network-scripts/ifcfg-wlan0 | 5 - root/etc/sysconfig/nfs | 69 - root/etc/sysconfig/ntpd | 8 - root/etc/sysconfig/prelink | 37 - root/etc/sysconfig/puppet | 11 - root/etc/sysconfig/readonly-root | 17 - root/etc/sysconfig/rsyslog | 16 - root/etc/sysconfig/samba | 6 - root/etc/sysconfig/saslauthd | 11 - root/etc/sysconfig/smartmontools | 4 - root/etc/sysconfig/spamassassin | 2 - root/etc/sysconfig/sysstat | 2 - root/etc/sysconfig/sysstat.ioconf | 240 - root/etc/sysconfig/system-config-firewall | 1 - .../etc/sysconfig/system-config-securitylevel | 5 - root/etc/sysconfig/system-config-users | 10 - root/etc/sysconfig/vncservers | 21 - root/etc/sysconfig/wpa_supplicant | 6 - root/etc/sysconfig/xend | 16 - root/etc/sysconfig/xendomains | 137 - root/etc/sysctl.conf | 20 - root/etc/syslog.conf | 38 - root/etc/vsftpd.conf | 29 - root/etc/xinetd.conf | 50 - root/etc/xinetd.d/cvs | 19 - root/etc/xinetd.d/rsync | 14 - root/etc/yum.conf | 15 - root/etc/yum.repos.d/fedora-updates.repo | 26 - root/etc/yum.repos.d/fedora.repo | 26 - root/etc/yum.repos.d/remi.repo | 16 - root/pairs.txt | 3 - root/var/spool/cron/root | 4 - 137 files changed, 52 insertions(+), 11776 deletions(-) delete mode 100644 include/AugSettings.cpp delete mode 100644 include/AugSettings.h create mode 100644 include/augSettings.cpp create mode 100644 include/augSettings.h delete mode 100644 root/boot/grub/grub.conf delete mode 100644 root/boot/grub/menu.lst delete mode 100644 root/etc/aliases delete mode 100644 root/etc/apt/apt.conf.d/01autoremove delete mode 100644 root/etc/apt/apt.conf.d/01autoremove-kernels delete mode 100644 root/etc/apt/apt.conf.d/50unattended-upgrades delete mode 100644 root/etc/apt/apt.conf.d/70debconf delete mode 100644 root/etc/apt/apt.conf.d/90cloud-init-pipelining delete mode 100644 root/etc/apt/sources.list delete mode 100644 root/etc/ceph/ceph.conf delete mode 100644 root/etc/crontab delete mode 100644 root/etc/default/im-config delete mode 100644 root/etc/dput.cf delete mode 100644 root/etc/exports delete mode 100644 root/etc/fstab delete mode 100644 root/etc/group delete mode 100644 root/etc/grub.conf delete mode 100644 root/etc/gshadow delete mode 100644 root/etc/hosts delete mode 100644 root/etc/httpd/conf.d/ssl.conf delete mode 100644 root/etc/httpd/conf.modules.d/00-base.conf delete mode 100644 root/etc/httpd/conf.modules.d/00-dav.conf delete mode 100644 root/etc/httpd/conf.modules.d/00-lua.conf delete mode 100644 root/etc/httpd/conf.modules.d/00-mpm.conf delete mode 100644 root/etc/httpd/conf.modules.d/00-optional.conf delete mode 100644 root/etc/httpd/conf.modules.d/00-proxy.conf delete mode 100644 root/etc/httpd/conf.modules.d/00-systemd.conf delete mode 100644 root/etc/httpd/conf.modules.d/01-cgi.conf delete mode 100644 root/etc/httpd/conf.modules.d/10-h2.conf delete mode 100644 root/etc/httpd/conf.modules.d/10-mod_dnssd.conf delete mode 100644 root/etc/httpd/conf.modules.d/10-proxy_h2.conf delete mode 100644 root/etc/httpd/conf.modules.d/README delete mode 100644 root/etc/inittab delete mode 100644 root/etc/kdump.conf delete mode 100644 root/etc/krb5.conf delete mode 100644 root/etc/logrotate.d/acpid delete mode 100644 root/etc/logrotate.d/rpm delete mode 100644 root/etc/modules.conf delete mode 100644 root/etc/multipath.conf delete mode 100644 root/etc/network/interfaces delete mode 100644 root/etc/nginx/nginx.conf delete mode 100644 root/etc/nrpe.cfg delete mode 100644 root/etc/nslcd.conf delete mode 100644 root/etc/ntp.conf delete mode 100644 root/etc/pam.d/login delete mode 100644 root/etc/pam.d/newrole delete mode 100644 root/etc/pam.d/postgresql delete mode 100644 root/etc/passwd delete mode 100644 root/etc/php.ini delete mode 100644 root/etc/puppet/puppet.conf delete mode 100644 root/etc/resolv.conf delete mode 100644 root/etc/samba/smb.conf delete mode 100644 root/etc/security/limits.conf delete mode 100644 root/etc/selinux/semanage.conf delete mode 100644 root/etc/services delete mode 100644 root/etc/shadow delete mode 100644 root/etc/squid/squid.conf delete mode 100644 root/etc/ssh/ssh_config delete mode 100644 root/etc/ssh/sshd_config delete mode 100644 root/etc/sudoers delete mode 100644 root/etc/sysconfig/anaconda delete mode 100644 root/etc/sysconfig/atd delete mode 100644 root/etc/sysconfig/authconfig delete mode 100644 root/etc/sysconfig/autofs delete mode 100644 root/etc/sysconfig/clock delete mode 100644 root/etc/sysconfig/cpuspeed delete mode 100644 root/etc/sysconfig/crond delete mode 100644 root/etc/sysconfig/crontab delete mode 100644 root/etc/sysconfig/firstboot delete mode 100644 root/etc/sysconfig/grub delete mode 100644 root/etc/sysconfig/hsqldb delete mode 100644 root/etc/sysconfig/httpd delete mode 100644 root/etc/sysconfig/hw-uuid delete mode 100644 root/etc/sysconfig/hwconf delete mode 100644 root/etc/sysconfig/i18n delete mode 100644 root/etc/sysconfig/init delete mode 100644 root/etc/sysconfig/iptables delete mode 100644 root/etc/sysconfig/iptables-config delete mode 100644 root/etc/sysconfig/irda delete mode 100644 root/etc/sysconfig/irqbalance delete mode 100644 root/etc/sysconfig/kdump delete mode 100644 root/etc/sysconfig/kernel delete mode 100644 root/etc/sysconfig/keyboard delete mode 100644 root/etc/sysconfig/kudzu delete mode 100644 root/etc/sysconfig/libvirtd delete mode 100644 root/etc/sysconfig/lircd delete mode 100644 root/etc/sysconfig/lm_sensors delete mode 100644 root/etc/sysconfig/nasd delete mode 100644 root/etc/sysconfig/netconsole delete mode 100644 root/etc/sysconfig/netdump_id_dsa.pub delete mode 100644 root/etc/sysconfig/network delete mode 100644 root/etc/sysconfig/network-scripts/ifcfg-br0 delete mode 100644 root/etc/sysconfig/network-scripts/ifcfg-eth0 delete mode 100644 root/etc/sysconfig/network-scripts/ifcfg-lo delete mode 100644 root/etc/sysconfig/network-scripts/ifcfg-lo.rpmsave delete mode 100644 root/etc/sysconfig/network-scripts/ifcfg-weird [!] (used to fail) delete mode 100644 root/etc/sysconfig/network-scripts/ifcfg-wlan0 delete mode 100644 root/etc/sysconfig/nfs delete mode 100644 root/etc/sysconfig/ntpd delete mode 100644 root/etc/sysconfig/prelink delete mode 100644 root/etc/sysconfig/puppet delete mode 100644 root/etc/sysconfig/readonly-root delete mode 100644 root/etc/sysconfig/rsyslog delete mode 100644 root/etc/sysconfig/samba delete mode 100644 root/etc/sysconfig/saslauthd delete mode 100644 root/etc/sysconfig/smartmontools delete mode 100644 root/etc/sysconfig/spamassassin delete mode 100644 root/etc/sysconfig/sysstat delete mode 100644 root/etc/sysconfig/sysstat.ioconf delete mode 100644 root/etc/sysconfig/system-config-firewall delete mode 100644 root/etc/sysconfig/system-config-securitylevel delete mode 100644 root/etc/sysconfig/system-config-users delete mode 100644 root/etc/sysconfig/vncservers delete mode 100644 root/etc/sysconfig/wpa_supplicant delete mode 100644 root/etc/sysconfig/xend delete mode 100644 root/etc/sysconfig/xendomains delete mode 100644 root/etc/sysctl.conf delete mode 100644 root/etc/syslog.conf delete mode 100644 root/etc/vsftpd.conf delete mode 100644 root/etc/xinetd.conf delete mode 100644 root/etc/xinetd.d/cvs delete mode 100644 root/etc/xinetd.d/rsync delete mode 100644 root/etc/yum.conf delete mode 100644 root/etc/yum.repos.d/fedora-updates.repo delete mode 100644 root/etc/yum.repos.d/fedora.repo delete mode 100644 root/etc/yum.repos.d/remi.repo delete mode 100644 root/pairs.txt delete mode 100644 root/var/spool/cron/root diff --git a/.gitignore b/.gitignore index bace7d5..cf3d777 100644 --- a/.gitignore +++ b/.gitignore @@ -65,7 +65,7 @@ DerivedData Pods *.xcodeproj - +.idea /xproj.screenflow /xproj.mp4 /xproj-narc.psd diff --git a/CMakeLists.txt b/CMakeLists.txt index 1566cb3..a8881ec 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -1,5 +1,5 @@ cmake_minimum_required(VERSION 3.21) -project(CAug VERSION 1.0.1 DESCRIPTION "CAug description") +project(clAugeas VERSION 1.0.1 DESCRIPTION "clAugeas description") include_directories(/opt/homebrew/opt/augeas/include/) link_directories(/opt/homebrew/opt/augeas/lib) @@ -8,9 +8,12 @@ set(CMAKE_CXX_STANDARD 14) set(GCC_COVERAGE_COMPILE_FLAGS "-fdeclspec") set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} ${GCC_COVERAGE_COMPILE_FLAGS}") -add_library(CAug SHARED include/AugSettings.cpp main.cpp main.h) +add_library(clAugeas SHARED + include/augSettings.cpp + include/augSettings.h + main.cpp main.h) -target_link_libraries(CAug augeas) +target_link_libraries(clAugeas augeas) diff --git a/README.md b/README.md index 506bd91..5073f68 100644 --- a/README.md +++ b/README.md @@ -1,4 +1,4 @@ -# CodeLiturgy.Augeas +# clAugeas This project contains the performant part of the CodeLiturgy.Dashboard project. A library of functions for editing of relevant files to manage development environments. diff --git a/include/AugSettings.cpp b/include/AugSettings.cpp deleted file mode 100644 index e69de29..0000000 diff --git a/include/AugSettings.h b/include/AugSettings.h deleted file mode 100644 index cd53d0c..0000000 --- a/include/AugSettings.h +++ /dev/null @@ -1,4 +0,0 @@ -struct AugSettings { - const char *root; - const char *loadPath; -}; diff --git a/include/augSettings.cpp b/include/augSettings.cpp new file mode 100644 index 0000000..28263f4 --- /dev/null +++ b/include/augSettings.cpp @@ -0,0 +1 @@ +#include "augSettings.h" \ No newline at end of file diff --git a/include/augSettings.h b/include/augSettings.h new file mode 100644 index 0000000..4ab5772 --- /dev/null +++ b/include/augSettings.h @@ -0,0 +1,4 @@ +struct augSettings { + char *root; + char *loadPath; +}; diff --git a/main.cpp b/main.cpp index e5ac083..2488a4a 100644 --- a/main.cpp +++ b/main.cpp @@ -1,31 +1,14 @@ -#include "iostream" -#include "augeas.h" -#include "include/AugSettings.h" -#include "map" #include "main.h" +#include extern "C" { -RMDEF int32_t getFour() { - - return 4; - +inline bool path_exists (const std::string& name) { + struct stat buffer; + return (stat (name.c_str(), &buffer) == 0); } -// Testing interop -RMDEF int32_t getThree() { - - return 3333; - -} - -// Testing interop -RMDEF void printStringExample(char* someString) { - std::cout << someString << std::endl; -} - - -RMDEF void testSource(const AugSettings& settings) { +CLAPI void testSource(const augSettings settings) { int r; struct augeas *aug; char *s; @@ -40,7 +23,7 @@ RMDEF void testSource(const AugSettings& settings) { aug_close(aug); } // This prints the actual file -RMDEF void printPreview(const AugSettings& settings, const std::string& matchPath, const std::string& filePath) { +CLAPI void printPreview(const augSettings settings, const char* matchPath, const char* filePath) { struct augeas *aug; int r; char *s; @@ -50,8 +33,8 @@ RMDEF void printPreview(const AugSettings& settings, const std::string& matchPat aug = aug_init(settings.root, settings.loadPath, AUG_NO_STDINC | AUG_NO_LOAD); - r = aug_load_file(aug, filePath.c_str()); - r = aug_preview(aug, matchPath.c_str(), &s); + r = aug_load_file(aug, filePath); + r = aug_preview(aug, matchPath, &s); std::cout << s << std::endl; @@ -61,10 +44,10 @@ RMDEF void printPreview(const AugSettings& settings, const std::string& matchPat } -RMDEF void printAugTree( - const AugSettings& settings, - const std::string& matchPath, - const std::string& filePath +CLAPI void printAugTree( + const augSettings settings, + const char* matchPath, + const char* filePath ) { struct augeas *aug; int r; @@ -72,23 +55,29 @@ RMDEF void printAugTree( aug = aug_init(settings.root, settings.loadPath, AUG_NO_STDINC | AUG_NO_LOAD); - r = aug_load_file(aug, filePath.c_str()); - r = aug_print(aug, out,matchPath.c_str()); + if(!path_exists(std::string(settings.root))) { + std::cout << "ERROR Path is invalid: " << settings.root << std::endl; + } + std::cout << settings.root<< std::endl; + std::cout << settings.loadPath<< std::endl; + + r = aug_load_file(aug, filePath); + r = aug_print(aug, out,matchPath); std::map stdBindList; - std::map ::iterator pos; + std::map ::iterator pos; char line[256]; rewind(out); while (fgets(line, 256, out) != nullptr) { // remove end of line line[strlen(line) - 1] = '\0'; + std::string str_matchPath = matchPath; std::string s = line; - // skip comments if (s.find("#comment") != std::string::npos) continue; - s = s.substr(matchPath.length() - 1); + s = s.substr(str_matchPath.length() - 1); // split by '=' sign size_t eqpos = s.find(" = "); if (eqpos == std::string::npos) @@ -111,7 +100,6 @@ RMDEF void printAugTree( } aug_close(aug); -} - +}; } diff --git a/main.h b/main.h index dd251ba..a0273e5 100644 --- a/main.h +++ b/main.h @@ -1,22 +1,24 @@ +#include +#include "iostream" +#include "augeas.h" +#include "map" +#include +#include "include/augSettings.h" + #if defined(_WIN32) -#define RMDEF __declspec(dllexport) extern "C" inline +#define CLAPI __declspec(dllexport) #else -#define RMDEF +#define CLAPI #endif extern "C" { -RMDEF int getThree (); -RMDEF int getFour (); -RMDEF void testSource (const AugSettings& settings); +CLAPI void printPreview (augSettings settings, + const char* matchPath, + const char* filePath); -RMDEF void printPreview (const AugSettings& settings, - const std::string& matchPath, - const std::string& filePath); -RMDEF void printStringExample (char* someString); - -RMDEF void printAugTree (const AugSettings& settings, - const std::string& matchPath, - const std::string& filePath); +CLAPI void printAugTree (augSettings settings, + const char* matchPath, + const char* filePath); } diff --git a/root/boot/grub/grub.conf b/root/boot/grub/grub.conf deleted file mode 100644 index adb02f5..0000000 --- a/root/boot/grub/grub.conf +++ /dev/null @@ -1,31 +0,0 @@ -# grub.conf generated by anaconda -# -# Note that you do not have to rerun grub after making changes to this file -# NOTICE: You have a /boot partition. This means that -# all kernel and initrd paths are relative to /boot/, eg. -# root (hd0,0) -# kernel /vmlinuz-version ro root=/dev/vg00/lv00 -# initrd /initrd-version.img -#boot=/dev/sda -default=0 -timeout=5 -splashimage=(hd0,0)/grub/splash.xpm.gz -hiddenmenu -title Fedora (2.6.24.4-64.fc8) - root (hd0,0) - kernel /vmlinuz-2.6.24.4-64.fc8 ro root=/dev/vg00/lv00 - initrd /initrd-2.6.24.4-64.fc8.img -title Fedora (2.6.24.3-50.fc8) - root (hd0,0) - kernel /vmlinuz-2.6.24.3-50.fc8 ro root=/dev/vg00/lv00 - initrd /initrd-2.6.24.3-50.fc8.img -title Fedora (2.6.21.7-3.fc8xen) - root (hd0,0) - kernel /xen.gz-2.6.21.7-3.fc8 - module /vmlinuz-2.6.21.7-3.fc8xen ro root=/dev/vg00/lv00 - module /initrd-2.6.21.7-3.fc8xen.img -title Fedora (2.6.24.3-34.fc8) - root (hd0,0) - kernel /vmlinuz-2.6.24.3-34.fc8 ro root=/dev/vg00/lv00 - initrd /initrd-2.6.24.3-34.fc8.img - savedefault diff --git a/root/boot/grub/menu.lst b/root/boot/grub/menu.lst deleted file mode 100644 index adb02f5..0000000 --- a/root/boot/grub/menu.lst +++ /dev/null @@ -1,31 +0,0 @@ -# grub.conf generated by anaconda -# -# Note that you do not have to rerun grub after making changes to this file -# NOTICE: You have a /boot partition. This means that -# all kernel and initrd paths are relative to /boot/, eg. -# root (hd0,0) -# kernel /vmlinuz-version ro root=/dev/vg00/lv00 -# initrd /initrd-version.img -#boot=/dev/sda -default=0 -timeout=5 -splashimage=(hd0,0)/grub/splash.xpm.gz -hiddenmenu -title Fedora (2.6.24.4-64.fc8) - root (hd0,0) - kernel /vmlinuz-2.6.24.4-64.fc8 ro root=/dev/vg00/lv00 - initrd /initrd-2.6.24.4-64.fc8.img -title Fedora (2.6.24.3-50.fc8) - root (hd0,0) - kernel /vmlinuz-2.6.24.3-50.fc8 ro root=/dev/vg00/lv00 - initrd /initrd-2.6.24.3-50.fc8.img -title Fedora (2.6.21.7-3.fc8xen) - root (hd0,0) - kernel /xen.gz-2.6.21.7-3.fc8 - module /vmlinuz-2.6.21.7-3.fc8xen ro root=/dev/vg00/lv00 - module /initrd-2.6.21.7-3.fc8xen.img -title Fedora (2.6.24.3-34.fc8) - root (hd0,0) - kernel /vmlinuz-2.6.24.3-34.fc8 ro root=/dev/vg00/lv00 - initrd /initrd-2.6.24.3-34.fc8.img - savedefault diff --git a/root/etc/aliases b/root/etc/aliases deleted file mode 100644 index 7bdb9ba..0000000 --- a/root/etc/aliases +++ /dev/null @@ -1,29 +0,0 @@ -# -# Aliases in this file will NOT be expanded in the header from -# Mail, but WILL be visible over networks or from /bin/mail. -# -# >>>>>>>>>> The program "newaliases" must be run after -# >> NOTE >> this file is updated for any changes to -# >>>>>>>>>> show through to sendmail. -# - -# Basic system aliases -- these MUST be present. -mailer-daemon: postmaster -postmaster: root - -# General redirections for pseudo accounts. -bin: root, adm -daemon: root -adm: root - -# mailman aliases -mailman: postmaster -mailman-owner: mailman - -# Person who should get root's mail -mrepo: root -root: realroot@example.com -root+special: realroot+other@example.com - -include: :include:/etc/morealiases -command: |/usr/local/bin/procmail diff --git a/root/etc/apt/apt.conf.d/01autoremove b/root/etc/apt/apt.conf.d/01autoremove deleted file mode 100644 index fc02350..0000000 --- a/root/etc/apt/apt.conf.d/01autoremove +++ /dev/null @@ -1,40 +0,0 @@ -APT -{ - NeverAutoRemove - { - "^firmware-linux.*"; - "^linux-firmware$"; - }; - - VersionedKernelPackages - { - # linux kernels - "linux-image"; - "linux-headers"; - "linux-image-extra"; - "linux-signed-image"; - # kfreebsd kernels - "kfreebsd-image"; - "kfreebsd-headers"; - # hurd kernels - "gnumach-image"; - # (out-of-tree) modules - ".*-modules"; - ".*-kernel"; - "linux-backports-modules-.*"; - # tools - "linux-tools"; - }; - - Never-MarkAuto-Sections - { - "metapackages"; - "restricted/metapackages"; - "universe/metapackages"; - "multiverse/metapackages"; - "oldlibs"; - "restricted/oldlibs"; - "universe/oldlibs"; - "multiverse/oldlibs"; - }; -}; diff --git a/root/etc/apt/apt.conf.d/01autoremove-kernels b/root/etc/apt/apt.conf.d/01autoremove-kernels deleted file mode 100644 index 4c86c0a..0000000 --- a/root/etc/apt/apt.conf.d/01autoremove-kernels +++ /dev/null @@ -1,15 +0,0 @@ -// DO NOT EDIT! File autogenerated by /etc/kernel/postinst.d/apt-auto-removal -APT::NeverAutoRemove -{ - "^linux-image-3\.16\.0-4-amd64$"; - "^linux-headers-3\.16\.0-4-amd64$"; - "^linux-image-extra-3\.16\.0-4-amd64$"; - "^linux-signed-image-3\.16\.0-4-amd64$"; - "^kfreebsd-image-3\.16\.0-4-amd64$"; - "^kfreebsd-headers-3\.16\.0-4-amd64$"; - "^gnumach-image-3\.16\.0-4-amd64$"; - "^.*-modules-3\.16\.0-4-amd64$"; - "^.*-kernel-3\.16\.0-4-amd64$"; - "^linux-backports-modules-.*-3\.16\.0-4-amd64$"; - "^linux-tools-3\.16\.0-4-amd64$"; -}; diff --git a/root/etc/apt/apt.conf.d/50unattended-upgrades b/root/etc/apt/apt.conf.d/50unattended-upgrades deleted file mode 100644 index 3961cd8..0000000 --- a/root/etc/apt/apt.conf.d/50unattended-upgrades +++ /dev/null @@ -1,92 +0,0 @@ -// Unattended-Upgrade::Origins-Pattern controls which packages are -// upgraded. -// -// Lines below have the format format is "keyword=value,...". A -// package will be upgraded only if the values in its metadata match -// all the supplied keywords in a line. (In other words, omitted -// keywords are wild cards.) The keywords originate from the Release -// file, but several aliases are accepted. The accepted keywords are: -// a,archive,suite (eg, "stable") -// c,component (eg, "main", "crontrib", "non-free") -// l,label (eg, "Debian", "Debian-Security") -// o,origin (eg, "Debian", "Unofficial Multimedia Packages") -// n,codename (eg, "jessie", "jessie-updates") -// site (eg, "http.debian.net") -// The available values on the system are printed by the command -// "apt-cache policy", and can be debugged by running -// "unattended-upgrades -d" and looking at the log file. -// -// Within lines unattended-upgrades allows 2 macros whose values are -// derived from /etc/debian_version: -// ${distro_id} Installed origin. -// ${distro_codename} Installed codename (eg, "jessie") -Unattended-Upgrade::Origins-Pattern { - // Codename based matching: - // This will follow the migration of a release through different - // archives (e.g. from testing to stable and later oldstable). -// "o=Debian,n=jessie"; -// "o=Debian,n=jessie-updates"; -// "o=Debian,n=jessie-proposed-updates"; -// "o=Debian,n=jessie,l=Debian-Security"; - - // Archive or Suite based matching: - // Note that this will silently match a different release after - // migration to the specified archive (e.g. testing becomes the - // new stable). -// "o=Debian,a=stable"; -// "o=Debian,a=stable-updates"; -// "o=Debian,a=proposed-updates"; - "origin=Debian,codename=${distro_codename},label=Debian-Security"; -}; - -// List of packages to not update (regexp are supported) -Unattended-Upgrade::Package-Blacklist { -// "vim"; -// "libc6"; -// "libc6-dev"; -// "libc6-i686"; -}; - -// This option allows you to control if on a unclean dpkg exit -// unattended-upgrades will automatically run -// dpkg --force-confold --configure -a -// The default is true, to ensure updates keep getting installed -//Unattended-Upgrade::AutoFixInterruptedDpkg "false"; - -// Split the upgrade into the smallest possible chunks so that -// they can be interrupted with SIGUSR1. This makes the upgrade -// a bit slower but it has the benefit that shutdown while a upgrade -// is running is possible (with a small delay) -//Unattended-Upgrade::MinimalSteps "true"; - -// Install all unattended-upgrades when the machine is shuting down -// instead of doing it in the background while the machine is running -// This will (obviously) make shutdown slower -//Unattended-Upgrade::InstallOnShutdown "true"; - -// Send email to this address for problems or packages upgrades -// If empty or unset then no email is sent, make sure that you -// have a working mail setup on your system. A package that provides -// 'mailx' must be installed. E.g. "user@example.com" -//Unattended-Upgrade::Mail "root"; - -// Set this value to "true" to get emails only on errors. Default -// is to always send a mail if Unattended-Upgrade::Mail is set -//Unattended-Upgrade::MailOnlyOnError "true"; - -// Do automatic removal of new unused dependencies after the upgrade -// (equivalent to apt-get autoremove) -//Unattended-Upgrade::Remove-Unused-Dependencies "false"; - -// Automatically reboot *WITHOUT CONFIRMATION* if -// the file /var/run/reboot-required is found after the upgrade -//Unattended-Upgrade::Automatic-Reboot "false"; - -// If automatic reboot is enabled and needed, reboot at the specific -// time instead of immediately -// Default: "now" -//Unattended-Upgrade::Automatic-Reboot-Time "02:00"; - -// Use apt bandwidth limit feature, this example limits the download -// speed to 70kb/sec -//Acquire::http::Dl-Limit "70"; diff --git a/root/etc/apt/apt.conf.d/70debconf b/root/etc/apt/apt.conf.d/70debconf deleted file mode 100644 index 0c8b4ca..0000000 --- a/root/etc/apt/apt.conf.d/70debconf +++ /dev/null @@ -1,3 +0,0 @@ -// Pre-configure all packages with debconf before they are installed. -// If you don't like it, comment it out. -DPkg::Pre-Install-Pkgs {"/usr/sbin/dpkg-preconfigure --apt || true";}; diff --git a/root/etc/apt/apt.conf.d/90cloud-init-pipelining b/root/etc/apt/apt.conf.d/90cloud-init-pipelining deleted file mode 100644 index bbea353..0000000 --- a/root/etc/apt/apt.conf.d/90cloud-init-pipelining +++ /dev/null @@ -1,2 +0,0 @@ -//Written by cloud-init per 'apt_pipelining' -Acquire::http::Pipeline-Depth "0"; diff --git a/root/etc/apt/sources.list b/root/etc/apt/sources.list deleted file mode 100644 index e6391f5..0000000 --- a/root/etc/apt/sources.list +++ /dev/null @@ -1,6 +0,0 @@ -#deb http://www.backports.org/debian/ sarge postfix -# deb http://people.debian.org/~adconrad sarge subversion - -deb ftp://mirror.bytemark.co.uk/debian/ etch main non-free contrib -deb http://security.debian.org/ etch/updates main contrib non-free # security line -deb-src http://mirror.bytemark.co.uk/debian etch main contrib non-free diff --git a/root/etc/ceph/ceph.conf b/root/etc/ceph/ceph.conf deleted file mode 100644 index e2fdb6e..0000000 --- a/root/etc/ceph/ceph.conf +++ /dev/null @@ -1,536 +0,0 @@ -## -# Sample ceph ceph.conf file. -## -# This file defines cluster membership, the various locations -# that Ceph stores data, and any other runtime options. - -# If a 'host' is defined for a daemon, the init.d start/stop script will -# verify that it matches the hostname (or else ignore it). If it is -# not defined, it is assumed that the daemon is intended to start on -# the current host (e.g., in a setup with a startup.conf on each -# node). - -## Metavariables -# $cluster ; Expands to the Ceph Storage Cluster name. Useful -# ; when running multiple Ceph Storage Clusters -# ; on the same hardware. -# ; Example: /etc/ceph/$cluster.keyring -# ; (Default: ceph) -# -# $type ; Expands to one of mds, osd, or mon, depending on -# ; the type of the instant daemon. -# ; Example: /var/lib/ceph/$type -# -# $id ; Expands to the daemon identifier. For osd.0, this -# ; would be 0; for mds.a, it would be a. -# ; Example: /var/lib/ceph/$type/$cluster-$id -# -# $host ; Expands to the host name of the instant daemon. -# -# $name ; Expands to $type.$id. -# ; Example: /var/run/ceph/$cluster-$name.asok - -[global] -### http://ceph.com/docs/master/rados/configuration/general-config-ref/ - - fsid = b4b2e571-fbbf-4ff3-a9f8-ab80f08b7fe6 # use `uuidgen` to generate your own UUID - public network = 192.168.0.0/24 - cluster network = 192.168.0.0/24 - - # Each running Ceph daemon has a running process identifier (PID) file. - # The PID file is generated upon start-up. - # Type: String (optional) - # (Default: N/A). The default path is /var/run/$cluster/$name.pid. - pid file = /var/run/ceph/$name.pid - - # If set, when the Ceph Storage Cluster starts, Ceph sets the max open fds - # at the OS level (i.e., the max # of file descriptors). - # It helps prevents Ceph OSD Daemons from running out of file descriptors. - # Type: 64-bit Integer (optional) - # (Default: 0) - max open files = 131072 - - -### http://ceph.com/docs/master/rados/operations/authentication -### http://ceph.com/docs/master/rados/configuration/auth-config-ref/ - - # If enabled, the Ceph Storage Cluster daemons (i.e., ceph-mon, ceph-osd, - # and ceph-mds) must authenticate with each other. - # Type: String (optional); Valid settings are "cephx" or "none". - # (Default: cephx) - auth cluster required = cephx - - # If enabled, the Ceph Storage Cluster daemons require Ceph Clients to - # authenticate with the Ceph Storage Cluster in order to access Ceph - # services. - # Type: String (optional); Valid settings are "cephx" or "none". - # (Default: cephx) - auth service required = cephx - - # If enabled, the Ceph Client requires the Ceph Storage Cluster to - # authenticate with the Ceph Client. - # Type: String (optional); Valid settings are "cephx" or "none". - # (Default: cephx) - auth client required = cephx - - # If set to true, Ceph requires signatures on all message traffic between - # the Ceph Client and the Ceph Storage Cluster, and between daemons - # comprising the Ceph Storage Cluster. - # Type: Boolean (optional) - # (Default: false) - cephx require signatures = true - - # kernel RBD client do not support authentication yet: - cephx cluster require signatures = true - cephx service require signatures = false - - # The path to the keyring file. - # Type: String (optional) - # Default: /etc/ceph/$cluster.$name.keyring,/etc/ceph/$cluster.keyring,/etc/ceph/keyring,/etc/ceph/keyring.bin - keyring = /etc/ceph/$cluster.$name.keyring - - -### http://ceph.com/docs/master/rados/configuration/pool-pg-config-ref/ - - - ## Replication level, number of data copies. - # Type: 32-bit Integer - # (Default: 3) - osd pool default size = 3 - - ## Replication level in degraded state, less than 'osd pool default size' value. - # Sets the minimum number of written replicas for objects in the - # pool in order to acknowledge a write operation to the client. If - # minimum is not met, Ceph will not acknowledge the write to the - # client. This setting ensures a minimum number of replicas when - # operating in degraded mode. - # Type: 32-bit Integer - # (Default: 0), which means no particular minimum. If 0, minimum is size - (size / 2). - osd pool default min size = 2 - - ## Ensure you have a realistic number of placement groups. We recommend - ## approximately 100 per OSD. E.g., total number of OSDs multiplied by 100 - ## divided by the number of replicas (i.e., osd pool default size). So for - ## 10 OSDs and osd pool default size = 3, we'd recommend approximately - ## (100 * 10) / 3 = 333 - - # Description: The default number of placement groups for a pool. The - # default value is the same as pg_num with mkpool. - # Type: 32-bit Integer - # (Default: 8) - osd pool default pg num = 128 - - # Description: The default number of placement groups for placement for a - # pool. The default value is the same as pgp_num with mkpool. - # PG and PGP should be equal (for now). - # Type: 32-bit Integer - # (Default: 8) - osd pool default pgp num = 128 - - # The default CRUSH ruleset to use when creating a pool - # Type: 32-bit Integer - # (Default: 0) - osd pool default crush rule = 0 - - # The bucket type to use for chooseleaf in a CRUSH rule. - # Uses ordinal rank rather than name. - # Type: 32-bit Integer - # (Default: 1) Typically a host containing one or more Ceph OSD Daemons. - osd crush chooseleaf type = 1 - - -### http://ceph.com/docs/master/rados/troubleshooting/log-and-debug/ - - # The location of the logging file for your cluster. - # Type: String - # Required: No - # Default: /var/log/ceph/$cluster-$name.log - log file = /var/log/ceph/$cluster-$name.log - - # Determines if logging messages should appear in syslog. - # Type: Boolean - # Required: No - # (Default: false) - log to syslog = true - - -### http://ceph.com/docs/master/rados/configuration/ms-ref/ - - # Enable if you want your daemons to bind to IPv6 address instead of - # IPv4 ones. (Not required if you specify a daemon or cluster IP.) - # Type: Boolean - # (Default: false) - ms bind ipv6 = true - -################## -## Monitors -## You need at least one. You need at least three if you want to -## tolerate any node failures. Always create an odd number. -[mon] -### http://ceph.com/docs/master/rados/configuration/mon-config-ref/ -### http://ceph.com/docs/master/rados/configuration/mon-osd-interaction/ - - # The IDs of initial monitors in a cluster during startup. - # If specified, Ceph requires an odd number of monitors to form an - # initial quorum (e.g., 3). - # Type: String - # (Default: None) - mon initial members = mycephhost - - mon host = cephhost01,cephhost02 - mon addr = 192.168.0.101,192.168.0.102 - - # The monitor's data location - # Default: /var/lib/ceph/mon/$cluster-$id - mon data = /var/lib/ceph/mon/$name - - # The clock drift in seconds allowed between monitors. - # Type: Float - # (Default: .050) - mon clock drift allowed = .15 - - # Exponential backoff for clock drift warnings - # Type: Float - # (Default: 5) - mon clock drift warn backoff = 30 # Tell the monitor to backoff from this warning for 30 seconds - - # The percentage of disk space used before an OSD is considered full. - # Type: Float - # (Default: .95) - mon osd full ratio = .95 - - # The percentage of disk space used before an OSD is considered nearfull. - # Type: Float - # (Default: .85) - mon osd nearfull ratio = .85 - - # The number of seconds Ceph waits before marking a Ceph OSD - # Daemon "down" and "out" if it doesn't respond. - # Type: 32-bit Integer - # (Default: 300) - mon osd down out interval = 300 - - # The grace period in seconds before declaring unresponsive Ceph OSD - # Daemons "down". - # Type: 32-bit Integer - # (Default: 900) - mon osd report timeout = 300 - -### http://ceph.com/docs/master/rados/troubleshooting/log-and-debug/ - - # logging, for debugging monitor crashes, in order of - # their likelihood of being helpful :) - debug ms = 1 - debug mon = 20 - debug paxos = 20 - debug auth = 20 - - -[mon.alpha] - host = alpha - mon addr = 192.168.0.10:6789 - -[mon.beta] - host = beta - mon addr = 192.168.0.11:6789 - -[mon.gamma] - host = gamma - mon addr = 192.168.0.12:6789 - - -################## -## Metadata servers -# You must deploy at least one metadata server to use CephFS. There is -# experimental support for running multiple metadata servers. Do not run -# multiple metadata servers in production. -[mds] -### http://ceph.com/docs/master/cephfs/mds-config-ref/ - - # where the mds keeps it's secret encryption keys - keyring = /var/lib/ceph/mds/$name/keyring - - # Determines whether a 'ceph-mds' daemon should poll and - # replay the log of an active MDS (hot standby). - # Type: Boolean - # (Default: false) - mds standby replay = true - - # mds logging to debug issues. - debug ms = 1 - debug mds = 20 - debug journaler = 20 - - # The number of inodes to cache. - # Type: 32-bit Integer - # (Default: 100000) - mds cache size = 250000 - -[mds.alpha] - host = alpha - -[mds.beta] - host = beta - -################## -## osd -# You need at least one. Two or more if you want data to be replicated. -# Define as many as you like. -[osd] -### http://ceph.com/docs/master/rados/configuration/osd-config-ref/ - - # The path to the OSDs data. - # You must create the directory when deploying Ceph. - # You should mount a drive for OSD data at this mount point. - # We do not recommend changing the default. - # Type: String - # Default: /var/lib/ceph/osd/$cluster-$id - osd data = /var/lib/ceph/osd/$name - - ## You can change the number of recovery operations to speed up recovery - ## or slow it down if your machines can't handle it - - # The number of active recovery requests per OSD at one time. - # More requests will accelerate recovery, but the requests - # places an increased load on the cluster. - # Type: 32-bit Integer - # (Default: 5) - osd recovery max active = 3 - - # The maximum number of backfills allowed to or from a single OSD. - # Type: 64-bit Integer - # (Default: 10) - osd max backfills = 5 - - # The maximum number of simultaneous scrub operations for a Ceph OSD Daemon. - # Type: 32-bit Int - # (Default: 1) - osd max scrubs = 2 - - # You may add settings for ceph-deploy so that it will create and mount - # the correct type of file system. Remove the comment `#` character for - # the following settings and replace the values in parenthesis - # with appropriate values, or leave the following settings commented - # out to accept the default values. - - #osd mkfs type = {fs-type} - #osd mkfs options {fs-type} = {mkfs options} # default for xfs is "-f" - #osd mount options {fs-type} = {mount options} # default mount option is "rw, noatime" - osd mkfs type = btrfs - osd mount options btrfs = noatime,nodiratime - - ## Ideally, make this a separate disk or partition. A few - ## hundred MB should be enough; more if you have fast or many - ## disks. You can use a file under the osd data dir if need be - ## (e.g. /data/$name/journal), but it will be slower than a - ## separate disk or partition. - # The path to the OSD's journal. This may be a path to a file or a block - # device (such as a partition of an SSD). If it is a file, you must - # create the directory to contain it. - # We recommend using a drive separate from the osd data drive. - # Type: String - # Default: /var/lib/ceph/osd/$cluster-$id/journal - osd journal = /var/lib/ceph/osd/$name/journal - - # Check log files for corruption. Can be computationally expensive. - # Type: Boolean - # (Default: false) - osd check for log corruption = true - -### http://ceph.com/docs/master/rados/configuration/journal-ref/ - - # The size of the journal in megabytes. If this is 0, - # and the journal is a block device, the entire block device is used. - # Since v0.54, this is ignored if the journal is a block device, - # and the entire block device is used. - # Type: 32-bit Integer - # (Default: 5120) - # Recommended: Begin with 1GB. Should be at least twice the product - # of the expected speed multiplied by "filestore max sync interval". - osd journal size = 2048 ; journal size, in megabytes - - ## If you want to run the journal on a tmpfs, disable DirectIO - # Enables direct i/o to the journal. - # Requires "journal block align" set to "true". - # Type: Boolean - # Required: Yes when using aio. - # (Default: true) - journal dio = false - - # osd logging to debug osd issues, in order of likelihood of being helpful - debug ms = 1 - debug osd = 20 - debug filestore = 20 - debug journal = 20 - -### http://ceph.com/docs/master/rados/configuration/filestore-config-ref/ - - # The maximum interval in seconds for synchronizing the filestore. - # Type: Double (optional) - # (Default: 5) - filestore max sync interval = 5 - - # Enable snapshots for a btrfs filestore. - # Type: Boolean - # Required: No. Only used for btrfs. - # (Default: true) - filestore btrfs snap = false - - # Enables the filestore flusher. - # Type: Boolean - # Required: No - # (Default: false) - filestore flusher = true - - # Defines the maximum number of in progress operations the file store - # accepts before blocking on queuing new operations. - # Type: Integer - # Required: No. Minimal impact on performance. - # (Default: 500) - filestore queue max ops = 500 - - ## Filestore and OSD settings can be tweak to achieve better performance - -### http://ceph.com/docs/master/rados/configuration/filestore-config-ref/#misc - - # Min number of files in a subdir before merging into parent NOTE: A negative value means to disable subdir merging - # Type: Integer - # Required: No - # Default: 10 - filestore merge threshold = 10 - - # filestore_split_multiple * abs(filestore_merge_threshold) * 16 is the maximum number of files in a subdirectory before splitting into child directories. - # Type: Integer - # Required: No - # Default: 2 - filestore split multiple = 2 - - # The number of filesystem operation threads that execute in parallel. - # Type: Integer - # Required: No - # Default: 2 - filestore op threads = 4 - - # The number of threads to service Ceph OSD Daemon operations. Set to 0 to disable it. Increasing the number may increase the request processing rate. - # Type: 32-bit Integer - # Default: 2 - osd op threads = 2 - - ## CRUSH - - # By default OSDs update their details (location, weight and root) on the CRUSH map during startup - # Type: Boolean - # Required: No; - # (Default: true) - osd crush update on start = false - -[osd.0] - host = delta - -[osd.1] - host = epsilon - -[osd.2] - host = zeta - -[osd.3] - host = eta - - -################## -## client settings -[client] - -### http://ceph.com/docs/master/rbd/rbd-config-ref/ - - # Enable caching for RADOS Block Device (RBD). - # Type: Boolean - # Required: No - # (Default: true) - rbd cache = true - - # The RBD cache size in bytes. - # Type: 64-bit Integer - # Required: No - # (Default: 32 MiB) - ;rbd cache size = 33554432 - - # The dirty limit in bytes at which the cache triggers write-back. - # If 0, uses write-through caching. - # Type: 64-bit Integer - # Required: No - # Constraint: Must be less than rbd cache size. - # (Default: 24 MiB) - rbd cache max dirty = 25165824 - - # The dirty target before the cache begins writing data to the data storage. - # Does not block writes to the cache. - # Type: 64-bit Integer - # Required: No - # Constraint: Must be less than rbd cache max dirty. - # (Default: 16 MiB) - rbd cache target dirty = 16777216 - - # The number of seconds dirty data is in the cache before writeback starts. - # Type: Float - # Required: No - # (Default: 1.0) - rbd cache max dirty age = 1.0 - - # Start out in write-through mode, and switch to write-back after the - # first flush request is received. Enabling this is a conservative but - # safe setting in case VMs running on rbd are too old to send flushes, - # like the virtio driver in Linux before 2.6.32. - # Type: Boolean - # Required: No - # (Default: true) - rbd cache writethrough until flush = true - - # The Ceph admin socket allows you to query a daemon via a socket interface - # From a client perspective this can be a virtual machine using librbd - # Type: String - # Required: No - admin socket = /var/run/ceph/$cluster-$type.$id.$pid.$cctid.asok - - -################## -## radosgw client settings -[client.radosgw.gateway] - -### http://ceph.com/docs/master/radosgw/config-ref/ - - # Sets the location of the data files for Ceph Object Gateway. - # You must create the directory when deploying Ceph. - # We do not recommend changing the default. - # Type: String - # Default: /var/lib/ceph/radosgw/$cluster-$id - rgw data = /var/lib/ceph/radosgw/$name - - # Client's hostname - host = ceph-radosgw - - # where the radosgw keeps it's secret encryption keys - keyring = /etc/ceph/ceph.client.radosgw.keyring - - # FastCgiExternalServer uses this socket. - # If you do not specify a socket path, Ceph Object Gateway will not run as an external server. - # The path you specify here must be the same as the path specified in the rgw.conf file. - # Type: String - # Default: None - rgw socket path = /var/run/ceph/ceph.radosgw.gateway.fastcgi.sock - - # The location of the logging file for your radosgw. - # Type: String - # Required: No - # Default: /var/log/ceph/$cluster-$name.log - log file = /var/log/ceph/client.radosgw.gateway.log - - # Enable 100-continue if it is operational. - # Type: Boolean - # Default: true - rgw print continue = false - - # The DNS name of the served domain. - # Type: String - # Default: None - rgw dns name = radosgw.ceph.internal diff --git a/root/etc/crontab b/root/etc/crontab deleted file mode 100644 index f166343..0000000 --- a/root/etc/crontab +++ /dev/null @@ -1,3 +0,0 @@ -MAILTO=cron@example.com -42 * * * * lutter /usr/local/bin/backup -54 16 * * * lutter /usr/sbin/stuff diff --git a/root/etc/default/im-config b/root/etc/default/im-config deleted file mode 100644 index 11a48f7..0000000 --- a/root/etc/default/im-config +++ /dev/null @@ -1,6 +0,0 @@ -# This somewhat nonsensical file used to segfault in test-api.c -if [ 1 ]; then -# K -else -# I -fi diff --git a/root/etc/dput.cf b/root/etc/dput.cf deleted file mode 100644 index ba56316..0000000 --- a/root/etc/dput.cf +++ /dev/null @@ -1,46 +0,0 @@ -# Example dput.cf that defines the host that can be used -# with dput for uploading. - -[DEFAULT] -login = username -method = ftp -hash = md5 -allow_unsigned_uploads = 0 -run_lintian = 0 -run_dinstall = 0 -check_version = 0 -scp_compress = 0 -post_upload_command = -pre_upload_command = -passive_ftp = 1 -default_host_non-us = -default_host_main = hebex - -[hebex] -fqdn = condor.infra.s1.p.fti.net -login = anonymous -method = ftp -incoming = /incoming/hebex -passive_ftp = 0 - -[dop/desktop] -fqdn = condor.infra.s1.p.fti.net -login = anonymous -method = ftp -incoming = /incoming/dop/desktop -passive_ftp = 0 - -[dop/experimental] -fqdn = condor.infra.s1.p.fti.net -login = anonymous -method = ftp -incoming = /incoming/dop/experimental -passive_ftp = 0 - -[dop/test] -fqdn = condor.infra.s1.p.fti.net -login = anonymous -method = ftp -incoming = /incoming/dop/test -passive_ftp = 0 - diff --git a/root/etc/exports b/root/etc/exports deleted file mode 100644 index 129645a..0000000 --- a/root/etc/exports +++ /dev/null @@ -1,4 +0,0 @@ -/local 207.46.0.0/16(rw,sync) -/home 207.46.0.0/16(rw,root_squash,sync) 192.168.50.2/32(rw,root_squash,sync) -/tmp 207.46.0.0/16(rw,root_squash,sync) -/pub *(ro,insecure,all_squash) diff --git a/root/etc/fstab b/root/etc/fstab deleted file mode 100644 index ddbd8ff..0000000 --- a/root/etc/fstab +++ /dev/null @@ -1,10 +0,0 @@ -/dev/vg00/lv00 / ext3 defaults 1 1 -LABEL=/boot /boot ext3 defaults 1 2 -devpts /dev/pts devpts gid=5,mode=620 0 0 -tmpfs /dev/shm tmpfs defaults 0 0 -/dev/vg00/home /home ext3 defaults 1 2 -proc /proc proc defaults 0 0 -sysfs /sys sysfs defaults 0 0 -/dev/vg00/local /local ext3 defaults 1 2 -/dev/vg00/images /var/lib/xen/images ext3 defaults 1 2 -/dev/vg00/swap swap swap defaults 0 0 diff --git a/root/etc/group b/root/etc/group deleted file mode 100644 index 500b1d7..0000000 --- a/root/etc/group +++ /dev/null @@ -1,26 +0,0 @@ -root:x:0:root -bin:x:1:root,bin,daemon -daemon:x:2:root,bin,daemon -sys:x:3:root,bin,adm -adm:x:4:root,adm,daemon -tty:x:5: -disk:x:6:root -lp:x:7:daemon,lp -mem:x:8: -kmem:x:9: -wheel:x:10:root -mail:x:12:mail,postfix -uucp:x:14:uucp -man:x:15: -games:x:20: -gopher:x:30: -dip:x:40: -ftp:x:50: -lock:x:54: -nobody:x:99: -users:x:100: -floppy:x:19: -vcsa:x:69: -rpc:x:32: -rpcuser:x:29: -nfsnobody:x:499: \ No newline at end of file diff --git a/root/etc/grub.conf b/root/etc/grub.conf deleted file mode 100644 index adb02f5..0000000 --- a/root/etc/grub.conf +++ /dev/null @@ -1,31 +0,0 @@ -# grub.conf generated by anaconda -# -# Note that you do not have to rerun grub after making changes to this file -# NOTICE: You have a /boot partition. This means that -# all kernel and initrd paths are relative to /boot/, eg. -# root (hd0,0) -# kernel /vmlinuz-version ro root=/dev/vg00/lv00 -# initrd /initrd-version.img -#boot=/dev/sda -default=0 -timeout=5 -splashimage=(hd0,0)/grub/splash.xpm.gz -hiddenmenu -title Fedora (2.6.24.4-64.fc8) - root (hd0,0) - kernel /vmlinuz-2.6.24.4-64.fc8 ro root=/dev/vg00/lv00 - initrd /initrd-2.6.24.4-64.fc8.img -title Fedora (2.6.24.3-50.fc8) - root (hd0,0) - kernel /vmlinuz-2.6.24.3-50.fc8 ro root=/dev/vg00/lv00 - initrd /initrd-2.6.24.3-50.fc8.img -title Fedora (2.6.21.7-3.fc8xen) - root (hd0,0) - kernel /xen.gz-2.6.21.7-3.fc8 - module /vmlinuz-2.6.21.7-3.fc8xen ro root=/dev/vg00/lv00 - module /initrd-2.6.21.7-3.fc8xen.img -title Fedora (2.6.24.3-34.fc8) - root (hd0,0) - kernel /vmlinuz-2.6.24.3-34.fc8 ro root=/dev/vg00/lv00 - initrd /initrd-2.6.24.3-34.fc8.img - savedefault diff --git a/root/etc/gshadow b/root/etc/gshadow deleted file mode 100644 index 2b11f30..0000000 --- a/root/etc/gshadow +++ /dev/null @@ -1,26 +0,0 @@ -root:x::root -bin:x::root,bin,daemon -daemon:x::root,bin,daemon -sys:x::root,bin,adm -adm:x:root,adm:root,adm,daemon -tty:x:: -disk:x::root -lp:x::daemon,lp -mem:x:: -kmem:x:: -wheel:x::root -mail:x::mail,postfix -uucp:x::uucp -man:x:: -games:x:: -gopher:x:: -dip:x:: -ftp:x:: -lock:x:: -nobody:x:: -users:x:: -floppy:x:: -vcsa:x:: -rpc:x:: -rpcuser:x:: -nfsnobody:x:: diff --git a/root/etc/hosts b/root/etc/hosts deleted file mode 100644 index 44cd9da..0000000 --- a/root/etc/hosts +++ /dev/null @@ -1,6 +0,0 @@ -# Do not remove the following line, or various programs -# that require network functionality will fail. -127.0.0.1 localhost.localdomain localhost galia.watzmann.net galia -#172.31.122.254 granny.watzmann.net granny puppet -#172.31.122.1 galia.watzmann.net galia -172.31.122.14 orange.watzmann.net orange diff --git a/root/etc/httpd/conf.d/ssl.conf b/root/etc/httpd/conf.d/ssl.conf deleted file mode 100644 index 9c8db1a..0000000 --- a/root/etc/httpd/conf.d/ssl.conf +++ /dev/null @@ -1,222 +0,0 @@ -# -# This is the Apache server configuration file providing SSL support. -# It contains the configuration directives to instruct the server how to -# serve pages over an https connection. For detailing information about these -# directives see -# -# Do NOT simply read the instructions in here without understanding -# what they do. They're here only as hints or reminders. If you are unsure -# consult the online docs. You have been warned. -# - -LoadModule ssl_module modules/mod_ssl.so - -# -# When we also provide SSL we have to listen to the -# the HTTPS port in addition. -# -Listen 443 - -## -## SSL Global Context -## -## All SSL configuration in this context applies both to -## the main server and all SSL-enabled virtual hosts. -## - -# Pass Phrase Dialog: -# Configure the pass phrase gathering process. -# The filtering dialog program (`builtin' is a internal -# terminal dialog) has to provide the pass phrase on stdout. -SSLPassPhraseDialog builtin - -# Inter-Process Session Cache: -# Configure the SSL Session Cache: First the mechanism -# to use and second the expiring timeout (in seconds). -SSLSessionCache shmcb:/var/cache/mod_ssl/scache(512000) -SSLSessionCacheTimeout 300 - -# Semaphore: -# Configure the path to the mutual exclusion semaphore the -# SSL engine uses internally for inter-process synchronization. -SSLMutex default - -# Pseudo Random Number Generator (PRNG): -# Configure one or more sources to seed the PRNG of the -# SSL library. The seed data should be of good random quality. -# WARNING! On some platforms /dev/random blocks if not enough entropy -# is available. This means you then cannot use the /dev/random device -# because it would lead to very long connection times (as long as -# it requires to make more entropy available). But usually those -# platforms additionally provide a /dev/urandom device which doesn't -# block. So, if available, use this one instead. Read the mod_ssl User -# Manual for more details. -SSLRandomSeed startup file:/dev/urandom 256 -SSLRandomSeed connect builtin -#SSLRandomSeed startup file:/dev/random 512 -#SSLRandomSeed connect file:/dev/random 512 -#SSLRandomSeed connect file:/dev/urandom 512 - -# -# Use "SSLCryptoDevice" to enable any supported hardware -# accelerators. Use "openssl engine -v" to list supported -# engine names. NOTE: If you enable an accelerator and the -# server does not start, consult the error logs and ensure -# your accelerator is functioning properly. -# -SSLCryptoDevice builtin -#SSLCryptoDevice ubsec - -## -## SSL Virtual Host Context -## - - - -# General setup for the virtual host, inherited from global configuration -#DocumentRoot "/var/www/html" -#ServerName www.example.com:443 - -# Use separate log files for the SSL virtual host; note that LogLevel -# is not inherited from httpd.conf. -ErrorLog logs/ssl_error_log -TransferLog logs/ssl_access_log -LogLevel warn - -# SSL Engine Switch: -# Enable/Disable SSL for this virtual host. -SSLEngine on - -# SSL Protocol support: -# List the enable protocol levels with which clients will be able to -# connect. Disable SSLv2 access by default: -SSLProtocol all -SSLv2 - -# SSL Cipher Suite: -# List the ciphers that the client is permitted to negotiate. -# See the mod_ssl documentation for a complete list. -SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW - -# Server Certificate: -# Point SSLCertificateFile at a PEM encoded certificate. If -# the certificate is encrypted, then you will be prompted for a -# pass phrase. Note that a kill -HUP will prompt again. A new -# certificate can be generated using the genkey(1) command. -SSLCertificateFile /etc/pki/tls/certs/localhost.crt - -# Server Private Key: -# If the key is not combined with the certificate, use this -# directive to point at the key file. Keep in mind that if -# you've both a RSA and a DSA private key you can configure -# both in parallel (to also allow the use of DSA ciphers, etc.) -SSLCertificateKeyFile /etc/pki/tls/private/localhost.key - -# Server Certificate Chain: -# Point SSLCertificateChainFile at a file containing the -# concatenation of PEM encoded CA certificates which form the -# certificate chain for the server certificate. Alternatively -# the referenced file can be the same as SSLCertificateFile -# when the CA certificates are directly appended to the server -# certificate for convinience. -#SSLCertificateChainFile /etc/pki/tls/certs/server-chain.crt - -# Certificate Authority (CA): -# Set the CA certificate verification path where to find CA -# certificates for client authentication or alternatively one -# huge file containing all of them (file must be PEM encoded) -#SSLCACertificateFile /etc/pki/tls/certs/ca-bundle.crt - -# Client Authentication (Type): -# Client certificate verification type and depth. Types are -# none, optional, require and optional_no_ca. Depth is a -# number which specifies how deeply to verify the certificate -# issuer chain before deciding the certificate is not valid. -#SSLVerifyClient require -#SSLVerifyDepth 10 - -# Access Control: -# With SSLRequire you can do per-directory access control based -# on arbitrary complex boolean expressions containing server -# variable checks and other lookup directives. The syntax is a -# mixture between C and Perl. See the mod_ssl documentation -# for more details. -# -#SSLRequire ( %{SSL_CIPHER} !~ m/^(EXP|NULL)/ \ -# and %{SSL_CLIENT_S_DN_O} eq "Snake Oil, Ltd." \ -# and %{SSL_CLIENT_S_DN_OU} in {"Staff", "CA", "Dev"} \ -# and %{TIME_WDAY} >= 1 and %{TIME_WDAY} <= 5 \ -# and %{TIME_HOUR} >= 8 and %{TIME_HOUR} <= 20 ) \ -# or %{REMOTE_ADDR} =~ m/^192\.76\.162\.[0-9]+$/ -# - -# SSL Engine Options: -# Set various options for the SSL engine. -# o FakeBasicAuth: -# Translate the client X.509 into a Basic Authorisation. This means that -# the standard Auth/DBMAuth methods can be used for access control. The -# user name is the `one line' version of the client's X.509 certificate. -# Note that no password is obtained from the user. Every entry in the user -# file needs this password: `xxj31ZMTZzkVA'. -# o ExportCertData: -# This exports two additional environment variables: SSL_CLIENT_CERT and -# SSL_SERVER_CERT. These contain the PEM-encoded certificates of the -# server (always existing) and the client (only existing when client -# authentication is used). This can be used to import the certificates -# into CGI scripts. -# o StdEnvVars: -# This exports the standard SSL/TLS related `SSL_*' environment variables. -# Per default this exportation is switched off for performance reasons, -# because the extraction step is an expensive operation and is usually -# useless for serving static content. So one usually enables the -# exportation for CGI and SSI requests only. -# o StrictRequire: -# This denies access when "SSLRequireSSL" or "SSLRequire" applied even -# under a "Satisfy any" situation, i.e. when it applies access is denied -# and no other module can change it. -# o OptRenegotiate: -# This enables optimized SSL connection renegotiation handling when SSL -# directives are used in per-directory context. -#SSLOptions +FakeBasicAuth +ExportCertData +StrictRequire - - SSLOptions +StdEnvVars - - - SSLOptions +StdEnvVars - - -# SSL Protocol Adjustments: -# The safe and default but still SSL/TLS standard compliant shutdown -# approach is that mod_ssl sends the close notify alert but doesn't wait for -# the close notify alert from client. When you need a different shutdown -# approach you can use one of the following variables: -# o ssl-unclean-shutdown: -# This forces an unclean shutdown when the connection is closed, i.e. no -# SSL close notify alert is send or allowed to received. This violates -# the SSL/TLS standard but is needed for some brain-dead browsers. Use -# this when you receive I/O errors because of the standard approach where -# mod_ssl sends the close notify alert. -# o ssl-accurate-shutdown: -# This forces an accurate shutdown when the connection is closed, i.e. a -# SSL close notify alert is send and mod_ssl waits for the close notify -# alert of the client. This is 100% SSL/TLS standard compliant, but in -# practice often causes hanging connections with brain-dead browsers. Use -# this only for browsers where you know that their SSL implementation -# works correctly. -# Notice: Most problems of broken clients are also related to the HTTP -# keep-alive facility, so you usually additionally want to disable -# keep-alive for those clients, too. Use variable "nokeepalive" for this. -# Similarly, one has to force some clients to use HTTP/1.0 to workaround -# their broken HTTP/1.1 implementation. Use variables "downgrade-1.0" and -# "force-response-1.0" for this. -SetEnvIf User-Agent ".*MSIE.*" \ - nokeepalive ssl-unclean-shutdown \ - downgrade-1.0 force-response-1.0 - -# Per-Server Logging: -# The home of a custom SSL log file. Use this when you want a -# compact non-error SSL logfile on a virtual host basis. -CustomLog logs/ssl_request_log \ - "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b" - - - diff --git a/root/etc/httpd/conf.modules.d/00-base.conf b/root/etc/httpd/conf.modules.d/00-base.conf deleted file mode 100644 index ec9acf1..0000000 --- a/root/etc/httpd/conf.modules.d/00-base.conf +++ /dev/null @@ -1,67 +0,0 @@ -# -# This file loads most of the modules included with the Apache HTTP -# Server itself. -# - -LoadModule access_compat_module modules/mod_access_compat.so -LoadModule actions_module modules/mod_actions.so -LoadModule alias_module modules/mod_alias.so -LoadModule allowmethods_module modules/mod_allowmethods.so -LoadModule auth_basic_module modules/mod_auth_basic.so -LoadModule auth_digest_module modules/mod_auth_digest.so -LoadModule authn_anon_module modules/mod_authn_anon.so -LoadModule authn_core_module modules/mod_authn_core.so -LoadModule authn_dbd_module modules/mod_authn_dbd.so -LoadModule authn_dbm_module modules/mod_authn_dbm.so -LoadModule authn_file_module modules/mod_authn_file.so -LoadModule authn_socache_module modules/mod_authn_socache.so -LoadModule authz_core_module modules/mod_authz_core.so -LoadModule authz_dbd_module modules/mod_authz_dbd.so -LoadModule authz_dbm_module modules/mod_authz_dbm.so -LoadModule authz_groupfile_module modules/mod_authz_groupfile.so -LoadModule authz_host_module modules/mod_authz_host.so -LoadModule authz_owner_module modules/mod_authz_owner.so -LoadModule authz_user_module modules/mod_authz_user.so -LoadModule autoindex_module modules/mod_autoindex.so -LoadModule cache_module modules/mod_cache.so -LoadModule cache_disk_module modules/mod_cache_disk.so -LoadModule cache_socache_module modules/mod_cache_socache.so -LoadModule data_module modules/mod_data.so -LoadModule dbd_module modules/mod_dbd.so -LoadModule deflate_module modules/mod_deflate.so -LoadModule dir_module modules/mod_dir.so -LoadModule dumpio_module modules/mod_dumpio.so -LoadModule echo_module modules/mod_echo.so -LoadModule env_module modules/mod_env.so -LoadModule expires_module modules/mod_expires.so -LoadModule ext_filter_module modules/mod_ext_filter.so -LoadModule filter_module modules/mod_filter.so -LoadModule headers_module modules/mod_headers.so -LoadModule include_module modules/mod_include.so -LoadModule info_module modules/mod_info.so -LoadModule log_config_module modules/mod_log_config.so -LoadModule logio_module modules/mod_logio.so -LoadModule macro_module modules/mod_macro.so -LoadModule mime_magic_module modules/mod_mime_magic.so -LoadModule mime_module modules/mod_mime.so -LoadModule negotiation_module modules/mod_negotiation.so -LoadModule remoteip_module modules/mod_remoteip.so -LoadModule reqtimeout_module modules/mod_reqtimeout.so -LoadModule request_module modules/mod_request.so -LoadModule rewrite_module modules/mod_rewrite.so -LoadModule setenvif_module modules/mod_setenvif.so -LoadModule slotmem_plain_module modules/mod_slotmem_plain.so -LoadModule slotmem_shm_module modules/mod_slotmem_shm.so -LoadModule socache_dbm_module modules/mod_socache_dbm.so -LoadModule socache_memcache_module modules/mod_socache_memcache.so -LoadModule socache_shmcb_module modules/mod_socache_shmcb.so -LoadModule status_module modules/mod_status.so -LoadModule substitute_module modules/mod_substitute.so -LoadModule suexec_module modules/mod_suexec.so -LoadModule unique_id_module modules/mod_unique_id.so -LoadModule unixd_module modules/mod_unixd.so -LoadModule userdir_module modules/mod_userdir.so -LoadModule version_module modules/mod_version.so -LoadModule vhost_alias_module modules/mod_vhost_alias.so -LoadModule watchdog_module modules/mod_watchdog.so - diff --git a/root/etc/httpd/conf.modules.d/00-dav.conf b/root/etc/httpd/conf.modules.d/00-dav.conf deleted file mode 100644 index e6af8de..0000000 --- a/root/etc/httpd/conf.modules.d/00-dav.conf +++ /dev/null @@ -1,3 +0,0 @@ -LoadModule dav_module modules/mod_dav.so -LoadModule dav_fs_module modules/mod_dav_fs.so -LoadModule dav_lock_module modules/mod_dav_lock.so diff --git a/root/etc/httpd/conf.modules.d/00-lua.conf b/root/etc/httpd/conf.modules.d/00-lua.conf deleted file mode 100644 index 9e0d0db..0000000 --- a/root/etc/httpd/conf.modules.d/00-lua.conf +++ /dev/null @@ -1 +0,0 @@ -LoadModule lua_module modules/mod_lua.so diff --git a/root/etc/httpd/conf.modules.d/00-mpm.conf b/root/etc/httpd/conf.modules.d/00-mpm.conf deleted file mode 100644 index dcfd4d3..0000000 --- a/root/etc/httpd/conf.modules.d/00-mpm.conf +++ /dev/null @@ -1,23 +0,0 @@ -# Select the MPM module which should be used by uncommenting exactly -# one of the following LoadModule lines. See the httpd.service(8) man -# page for more information on changing the MPM. - -# prefork MPM: Implements a non-threaded, pre-forking web server -# See: http://httpd.apache.org/docs/2.4/mod/prefork.html -# -# NOTE: If enabling prefork, the httpd_graceful_shutdown SELinux -# boolean should be enabled, to allow graceful stop/shutdown. -# -#LoadModule mpm_prefork_module modules/mod_mpm_prefork.so - -# worker MPM: Multi-Processing Module implementing a hybrid -# multi-threaded multi-process web server -# See: http://httpd.apache.org/docs/2.4/mod/worker.html -# -#LoadModule mpm_worker_module modules/mod_mpm_worker.so - -# event MPM: A variant of the worker MPM with the goal of consuming -# threads only for connections with active processing -# See: http://httpd.apache.org/docs/2.4/mod/event.html -# -LoadModule mpm_event_module modules/mod_mpm_event.so diff --git a/root/etc/httpd/conf.modules.d/00-optional.conf b/root/etc/httpd/conf.modules.d/00-optional.conf deleted file mode 100644 index ef584ec..0000000 --- a/root/etc/httpd/conf.modules.d/00-optional.conf +++ /dev/null @@ -1,18 +0,0 @@ -# -# This file lists modules included with the Apache HTTP Server -# which are not enabled by default. -# - -#LoadModule asis_module modules/mod_asis.so -#LoadModule buffer_module modules/mod_buffer.so -#LoadModule heartbeat_module modules/mod_heartbeat.so -#LoadModule heartmonitor_module modules/mod_heartmonitor.so -#LoadModule usertrack_module modules/mod_usertrack.so -#LoadModule dialup_module modules/mod_dialup.so -#LoadModule charset_lite_module modules/mod_charset_lite.so -#LoadModule log_debug_module modules/mod_log_debug.so -#LoadModule log_forensic_module modules/mod_log_forensic.so -#LoadModule ratelimit_module modules/mod_ratelimit.so -#LoadModule reflector_module modules/mod_reflector.so -#LoadModule sed_module modules/mod_sed.so -#LoadModule speling_module modules/mod_speling.so diff --git a/root/etc/httpd/conf.modules.d/00-proxy.conf b/root/etc/httpd/conf.modules.d/00-proxy.conf deleted file mode 100644 index 448eb63..0000000 --- a/root/etc/httpd/conf.modules.d/00-proxy.conf +++ /dev/null @@ -1,17 +0,0 @@ -# This file configures all the proxy modules: -LoadModule proxy_module modules/mod_proxy.so -LoadModule lbmethod_bybusyness_module modules/mod_lbmethod_bybusyness.so -LoadModule lbmethod_byrequests_module modules/mod_lbmethod_byrequests.so -LoadModule lbmethod_bytraffic_module modules/mod_lbmethod_bytraffic.so -LoadModule lbmethod_heartbeat_module modules/mod_lbmethod_heartbeat.so -LoadModule proxy_ajp_module modules/mod_proxy_ajp.so -LoadModule proxy_balancer_module modules/mod_proxy_balancer.so -LoadModule proxy_connect_module modules/mod_proxy_connect.so -LoadModule proxy_express_module modules/mod_proxy_express.so -LoadModule proxy_fcgi_module modules/mod_proxy_fcgi.so -LoadModule proxy_fdpass_module modules/mod_proxy_fdpass.so -LoadModule proxy_ftp_module modules/mod_proxy_ftp.so -LoadModule proxy_http_module modules/mod_proxy_http.so -LoadModule proxy_hcheck_module modules/mod_proxy_hcheck.so -LoadModule proxy_scgi_module modules/mod_proxy_scgi.so -LoadModule proxy_wstunnel_module modules/mod_proxy_wstunnel.so diff --git a/root/etc/httpd/conf.modules.d/00-systemd.conf b/root/etc/httpd/conf.modules.d/00-systemd.conf deleted file mode 100644 index b208c97..0000000 --- a/root/etc/httpd/conf.modules.d/00-systemd.conf +++ /dev/null @@ -1,2 +0,0 @@ -# This file configures systemd module: -LoadModule systemd_module modules/mod_systemd.so diff --git a/root/etc/httpd/conf.modules.d/01-cgi.conf b/root/etc/httpd/conf.modules.d/01-cgi.conf deleted file mode 100644 index 5b8b936..0000000 --- a/root/etc/httpd/conf.modules.d/01-cgi.conf +++ /dev/null @@ -1,14 +0,0 @@ -# This configuration file loads a CGI module appropriate to the MPM -# which has been configured in 00-mpm.conf. mod_cgid should be used -# with a threaded MPM; mod_cgi with the prefork MPM. - - - LoadModule cgid_module modules/mod_cgid.so - - - LoadModule cgid_module modules/mod_cgid.so - - - LoadModule cgi_module modules/mod_cgi.so - - diff --git a/root/etc/httpd/conf.modules.d/10-h2.conf b/root/etc/httpd/conf.modules.d/10-h2.conf deleted file mode 100644 index 12c28aa..0000000 --- a/root/etc/httpd/conf.modules.d/10-h2.conf +++ /dev/null @@ -1 +0,0 @@ -LoadModule http2_module modules/mod_http2.so diff --git a/root/etc/httpd/conf.modules.d/10-mod_dnssd.conf b/root/etc/httpd/conf.modules.d/10-mod_dnssd.conf deleted file mode 100644 index 9a9d48d..0000000 --- a/root/etc/httpd/conf.modules.d/10-mod_dnssd.conf +++ /dev/null @@ -1 +0,0 @@ -LoadModule dnssd_module modules/mod_dnssd.so diff --git a/root/etc/httpd/conf.modules.d/10-proxy_h2.conf b/root/etc/httpd/conf.modules.d/10-proxy_h2.conf deleted file mode 100644 index 61dc6d0..0000000 --- a/root/etc/httpd/conf.modules.d/10-proxy_h2.conf +++ /dev/null @@ -1 +0,0 @@ -LoadModule proxy_http2_module modules/mod_proxy_http2.so diff --git a/root/etc/httpd/conf.modules.d/README b/root/etc/httpd/conf.modules.d/README deleted file mode 100644 index d33d1d4..0000000 --- a/root/etc/httpd/conf.modules.d/README +++ /dev/null @@ -1,9 +0,0 @@ - -This directory holds configuration files for the Apache HTTP Server; -any files in this directory which have the ".conf" extension will be -processed as httpd configuration files. This directory contains -configuration fragments necessary only to load modules. -Administrators should use the directory "/etc/httpd/conf.d" to modify -the configuration of httpd, or any modules. - -Files are processed in alphanumeric order. diff --git a/root/etc/inittab b/root/etc/inittab deleted file mode 100644 index 049d298..0000000 --- a/root/etc/inittab +++ /dev/null @@ -1,53 +0,0 @@ -# -# inittab This file describes how the INIT process should set up -# the system in a certain run-level. -# -# Author: Miquel van Smoorenburg, -# Modified for RHS Linux by Marc Ewing and Donnie Barnes -# - -# Default runlevel. The runlevels used by RHS are: -# 0 - halt (Do NOT set initdefault to this) -# 1 - Single user mode -# 2 - Multiuser, without NFS (The same as 3, if you do not have networking) -# 3 - Full multiuser mode -# 4 - unused -# 5 - X11 -# 6 - reboot (Do NOT set initdefault to this) -# -id:5:initdefault: - -# System initialization. -si::sysinit:/etc/rc.d/rc.sysinit - -l0:0:wait:/etc/rc.d/rc 0 -l1:1:wait:/etc/rc.d/rc 1 -l2:2:wait:/etc/rc.d/rc 2 -l3:3:wait:/etc/rc.d/rc 3 -l4:4:wait:/etc/rc.d/rc 4 -l5:5:wait:/etc/rc.d/rc 5 -l6:6:wait:/etc/rc.d/rc 6 - -# Trap CTRL-ALT-DELETE -ca::ctrlaltdel:/sbin/shutdown -t3 -r now - -# When our UPS tells us power has failed, assume we have a few minutes -# of power left. Schedule a shutdown for 2 minutes from now. -# This does, of course, assume you have powerd installed and your -# UPS connected and working correctly. -pf::powerfail:/sbin/shutdown -f -h +2 "Power Failure; System Shutting Down" - -# If power was restored before the shutdown kicked in, cancel it. -pr:12345:powerokwait:/sbin/shutdown -c "Power Restored; Shutdown Cancelled" - - -# Run gettys in standard runlevels -1:2345:respawn:/sbin/mingetty tty1 -2:2345:respawn:/sbin/mingetty tty2 -3:2345:respawn:/sbin/mingetty tty3 -4:2345:respawn:/sbin/mingetty tty4 -5:2345:respawn:/sbin/mingetty tty5 -6:2345:respawn:/sbin/mingetty tty6 - -# Run xdm in runlevel 5 -x:5:respawn:/etc/X11/prefdm -nodaemon diff --git a/root/etc/kdump.conf b/root/etc/kdump.conf deleted file mode 100644 index d4fc78b..0000000 --- a/root/etc/kdump.conf +++ /dev/null @@ -1,192 +0,0 @@ -# This file contains a series of commands to perform (in order) in the kdump -# kernel after a kernel crash in the crash kernel(1st kernel) has happened. -# -# Directives in this file are only applicable to the kdump initramfs, and have -# no effect once the root filesystem is mounted and the normal init scripts are -# processed. -# -# Currently, only one dump target and path can be specified. If the dumping to -# the configured target fails, the failure action which can be configured via -# the "failure_action" directive will be performed. -# -# Supported options: -# -# auto_reset_crashkernel -# - whether to reset kernel crashkernel to new default value -# or not when kexec-tools updates the default crashkernel value and -# existing kernels using the old default kernel crashkernel value. -# The default value is yes. -# -# raw -# - Will dd /proc/vmcore into . -# Use persistent device names for partition devices, -# such as /dev/vg/. -# -# nfs -# - Will mount nfs to , and copy /proc/vmcore to -# //%HOST-%DATE/, supports DNS. -# -# ssh -# - Will save /proc/vmcore to :/%HOST-%DATE/, -# supports DNS. -# NOTE: make sure the user has write permissions on the server. -# -# sshkey -# - Will use the sshkey to do ssh dump. -# Specify the path of the ssh key to use when dumping -# via ssh. The default value is /root/.ssh/kdump_id_rsa. -# -# -# - Will mount -t , and copy -# /proc/vmcore to //%HOST_IP-%DATE/. -# NOTE: can be a device node, label or uuid. -# It's recommended to use persistent device names -# such as /dev/vg/. -# Otherwise it's suggested to use label or uuid. -# -# path -# - "path" represents the file system path in which vmcore -# will be saved. If a dump target is specified in -# kdump.conf, then "path" is relative to the specified -# dump target. -# -# Interpretation of "path" changes a bit if the user didn't -# specify any dump target explicitly in kdump.conf. In this -# case, "path" represents the absolute path from root. The -# dump target and adjusted path are arrived at automatically -# depending on what's mounted in the current system. -# -# Ignored for raw device dumps. If unset, will use the default -# "/var/crash". -# -# core_collector -# - This allows you to specify the command to copy -# the vmcore. The default is makedumpfile, which on -# some architectures can drastically reduce vmcore size. -# See /sbin/makedumpfile --help for a list of options. -# Note that the -i and -g options are not needed here, -# as the initrd will automatically be populated with a -# config file appropriate for the running kernel. -# The default core_collector for raw/ssh dump is: -# "makedumpfile -F -l --message-level 7 -d 31". -# The default core_collector for other targets is: -# "makedumpfile -l --message-level 7 -d 31". -# -# "makedumpfile -F" will create a flattened vmcore. -# You need to use "makedumpfile -R" to rearrange the dump data to -# a normal dumpfile readable with analysis tools. For example: -# "makedumpfile -R vmcore < vmcore.flat". -# -# For core_collector format details, you can refer to -# kexec-kdump-howto.txt or kdump.conf manpage. -# -# kdump_post -# - This directive allows you to run a executable binary -# or script after the vmcore dump process terminates. -# The exit status of the current dump process is fed to -# the executable binary or script as its first argument. -# All files under /etc/kdump/post.d are collectively sorted -# and executed in lexical order, before binary or script -# specified kdump_post parameter is executed. -# -# kdump_pre -# - Works like the "kdump_post" directive, but instead of running -# after the dump process, runs immediately before it. -# Exit status of this binary is interpreted as follows: -# 0 - continue with dump process as usual -# non 0 - run the final action (reboot/poweroff/halt) -# All files under /etc/kdump/pre.d are collectively sorted and -# executed in lexical order, after binary or script specified -# kdump_pre parameter is executed. -# Even if the binary or script in /etc/kdump/pre.d directory -# returns non 0 exit status, the processing is continued. -# -# extra_bins -# - This directive allows you to specify additional binaries or -# shell scripts to be included in the kdump initrd. -# Generally they are useful in conjunction with a kdump_post -# or kdump_pre binary or script which depends on these extra_bins. -# -# extra_modules -# - This directive allows you to specify extra kernel modules -# that you want to be loaded in the kdump initrd. -# Multiple modules can be listed, separated by spaces, and any -# dependent modules will automatically be included. -# -# failure_action -# - Action to perform in case dumping fails. -# reboot: Reboot the system. -# halt: Halt the system. -# poweroff: Power down the system. -# shell: Drop to a bash shell. -# Exiting the shell reboots the system by default, -# or perform "final_action". -# dump_to_rootfs: Dump vmcore to rootfs from initramfs context and -# reboot by default or perform "final_action". -# Useful when non-root dump target is specified. -# The default option is "reboot". -# -# default -# - Same as the "failure_action" directive above, but this directive -# is obsolete and will be removed in the future. -# -# final_action -# - Action to perform in case dumping succeeds. Also performed -# when "shell" or "dump_to_rootfs" failure action finishes. -# Each action is same as the "failure_action" directive above. -# The default is "reboot". -# -# force_rebuild <0 | 1> -# - By default, kdump initrd will only be rebuilt when necessary. -# Specify 1 to force rebuilding kdump initrd every time when kdump -# service starts. -# -# force_no_rebuild <0 | 1> -# - By default, kdump initrd will be rebuilt when necessary. -# Specify 1 to bypass rebuilding of kdump initrd. -# -# force_no_rebuild and force_rebuild options are mutually -# exclusive and they should not be set to 1 simultaneously. -# -# override_resettable <0 | 1> -# - Usually an unresettable block device can't be a dump target. -# Specifying 1 when you want to dump even though the block -# target is unresettable -# By default, it is 0, which will not try dumping destined to fail. -# -# dracut_args -# - Pass extra dracut options when rebuilding kdump initrd. -# -# fence_kdump_args -# - Command line arguments for fence_kdump_send (it can contain -# all valid arguments except hosts to send notification to). -# -# fence_kdump_nodes -# - List of cluster node(s) except localhost, separated by spaces, -# to send fence_kdump notifications to. -# (this option is mandatory to enable fence_kdump). -# - -#raw /dev/vg/lv_kdump -#ext4 /dev/vg/lv_kdump -#ext4 LABEL=/boot -#ext4 UUID=03138356-5e61-4ab3-b58e-27507ac41937 -#nfs my.server.com:/export/tmp -#nfs [2001:db8::1:2:3:4]:/export/tmp -#ssh user@my.server.com -#ssh user@2001:db8::1:2:3:4 -#sshkey /root/.ssh/kdump_id_rsa -auto_reset_crashkernel yes -path /var/crash -core_collector makedumpfile -l --message-level 7 -d 31 -#core_collector scp -#kdump_post /var/crash/scripts/kdump-post.sh -#kdump_pre /var/crash/scripts/kdump-pre.sh -#extra_bins /usr/bin/lftp -#extra_modules gfs2 -#failure_action shell -#force_rebuild 1 -#force_no_rebuild 1 -#dracut_args --omit-drivers "cfg80211 snd" --add-drivers "ext2 ext3" -#fence_kdump_args -p 7410 -f auto -c 0 -i 10 -#fence_kdump_nodes node1 node2 diff --git a/root/etc/krb5.conf b/root/etc/krb5.conf deleted file mode 100644 index e57cf45..0000000 --- a/root/etc/krb5.conf +++ /dev/null @@ -1,31 +0,0 @@ -[logging] - default = FILE:/var/log/krb5libs.log - kdc = FILE:/var/log/krb5kdc.log - admin_server = FILE:/var/log/kadmind.log - -[libdefaults] - default_realm = EXAMPLE.COM - dns_lookup_realm = false - dns_lookup_kdc = false - ticket_lifetime = 24h - forwardable = yes - -[realms] - EXAMPLE.COM = { - kdc = kerberos.example.com:88 - admin_server = kerberos.example.com:749 - default_domain = example.com - } - -[domain_realm] - .example.com = EXAMPLE.COM - example.com = EXAMPLE.COM - -[appdefaults] - pam = { - debug = false - ticket_lifetime = 36000 - renew_lifetime = 36000 - forwardable = true - krb4_convert = false - } diff --git a/root/etc/logrotate.d/acpid b/root/etc/logrotate.d/acpid deleted file mode 100644 index cc44813..0000000 --- a/root/etc/logrotate.d/acpid +++ /dev/null @@ -1,8 +0,0 @@ -/var/log/acpid { - missingok - notifempty - size=64k - postrotate - /etc/init.d/acpid condrestart >/dev/null || : - endscript - } diff --git a/root/etc/logrotate.d/rpm b/root/etc/logrotate.d/rpm deleted file mode 100644 index ba3b29d..0000000 --- a/root/etc/logrotate.d/rpm +++ /dev/null @@ -1,6 +0,0 @@ -/var/log/rpmpkgs { - weekly - notifempty - missingok - create 0640 root root -} diff --git a/root/etc/modules.conf b/root/etc/modules.conf deleted file mode 100644 index f435b47..0000000 --- a/root/etc/modules.conf +++ /dev/null @@ -1,353 +0,0 @@ -### This file is automatically generated by update-modules" -# -# Please do not edit this file directly. If you want to change or add -# anything please take a look at the files in /etc/modutils and read -# the manpage for update-modules. -# -### update-modules: start processing /etc/modutils/0keep -# DO NOT MODIFY THIS FILE! -# This file is not marked as conffile to make sure if you upgrade modutils -# it will be restored in case some modifications have been made. -# -# The keep command is necessary to prevent insmod and friends from ignoring -# the builtin defaults of a path-statement is encountered. Until all other -# packages use the new `add path'-statement this keep-statement is essential -# to keep your system working -keep - -### update-modules: end processing /etc/modutils/0keep - -### update-modules: start processing /etc/modutils/1devfsd -# /etc/modules.devfs -# Richard Gooch 24-MAR-2002 -# -# THIS IS AN AUTOMATICALLY GENERATED FILE. DO NOT EDIT!!! -# THIS FILE WILL BE OVERWRITTEN EACH TIME YOU INSTALL DEVFSD!!! -# Modify /etc/modules.conf instead. -# This file comes with devfsd-vDEVFSD-VERSION which is available from: -# http://www.atnf.csiro.au/~rgooch/linux/ -# or directly from: -# ftp://ftp.atnf.csiro.au/pub/people/rgooch/linux/daemons/devfsd-vDEVFSD-VERSION.tar.gz - -############################################################################### -# Sample configurations that you may want to place in /etc/modules.conf -# -#alias sound-slot-0 sb -#alias /dev/v4l bttv -#alias /dev/misc/watchdog pcwd -#alias gen-md raid0 -#alias /dev/joysticks joystick -#probeall scsi_hostadapter sym53c8xx - -############################################################################### -# Generic section: do not change or copy -# -# All HDDs -probeall /dev/discs scsi_hostadapter sd_mod ide-probe-mod ide-disk ide-floppy DAC960 -alias /dev/discs/* /dev/discs - -# All CD-ROMs -probeall /dev/cdroms scsi_hostadapter sr_mod ide-probe-mod ide-cd cdrom -alias /dev/cdroms/* /dev/cdroms -alias /dev/cdrom /dev/cdroms - -# All tapes -probeall /dev/tapes scsi_hostadapter st ide-probe-mod ide-tape -alias /dev/tapes/* /dev/tapes - -# All SCSI devices -probeall /dev/scsi scsi_hostadapter sd_mod sr_mod st sg - -# All IDE devices -alias /dev/hd* /dev/ide -alias /dev/ide/host*/bus*/target*/lun*/* /dev/ide -probeall /dev/ide ide-probe-mod ide-disk ide-cd ide-tape ide-floppy - -# IDE CD-ROMs -alias /dev/ide/*/cd ide-cd - -# SCSI HDDs -probeall /dev/sd scsi_hostadapter sd_mod -alias /dev/sd* /dev/sd - -# SCSI CD-ROMs -probeall /dev/sr scsi_hostadapter sr_mod -alias /dev/sr* /dev/sr -alias /dev/scsi/*/cd sr_mod - -# SCSI tapes -probeall /dev/st scsi_hostadapter st -alias /dev/st* /dev/st -alias /dev/nst* /dev/st - -# SCSI generic -probeall /dev/sg scsi_hostadapter sg -alias /dev/sg* /dev/sg -alias /dev/scsi/*/generic /dev/sg -alias /dev/pg /dev/sg -alias /dev/pg* /dev/sg - -# Floppies -alias /dev/floppy floppy -alias /dev/fd* floppy - -# RAMDISCs -alias /dev/rd rd -alias /dev/ram* rd - -# Loop devices -alias /dev/loop* loop - -# Meta devices -alias /dev/md* gen-md - -# Parallel port printers -alias /dev/printers* lp -alias /dev/lp* /dev/printers - -# Soundcard -alias /dev/sound sound-slot-0 -alias /dev/audio /dev/sound -alias /dev/mixer /dev/sound -alias /dev/dsp /dev/sound -alias /dev/dspW /dev/sound -alias /dev/midi /dev/sound - -# Joysticks -alias /dev/js* /dev/joysticks - -# Serial ports -alias /dev/tts* serial -alias /dev/ttyS* /dev/tts -alias /dev/cua* /dev/tts - -# Input devices -alias /dev/input/mouse* mousedev - -# Miscellaneous devices -alias /dev/misc/atibm atixlmouse -alias /dev/misc/inportbm msbusmouse -alias /dev/misc/logibm busmouse -alias /dev/misc/rtc rtc -alias /dev/misc/agpgart agpgart -alias /dev/rtc /dev/misc/rtc - -# PPP devices -alias /dev/ppp* ppp_generic - -# Video capture devices -alias /dev/video* /dev/v4l -alias /dev/vbi* /dev/v4l - -# agpgart -alias /dev/agpgart agpgart -alias /dev/dri* agpgart - -# Irda devices -alias /dev/ircomm ircomm-tty -alias /dev/ircomm* /dev/ircomm - -# Raw I/O devices -alias /dev/rawctl /dev/raw - - -# Pull in the configuration file. Do this last because modprobe(8) processes in -# per^H^H^Hreverse order and the sysadmin may want to over-ride what is in the -# generic file -#include /etc/modules.conf - -### update-modules: end processing /etc/modutils/1devfsd - -### update-modules: start processing /etc/modutils/actions -# Special actions that are needed for some modules - -# The BTTV module does not load the tuner module automatically, -# so do that in here -post-install bttv insmod tuner -post-remove bttv rmmod tuner - - -### update-modules: end processing /etc/modutils/actions - -### update-modules: start processing /etc/modutils/aliases -# Aliases to tell insmod/modprobe which modules to use - -# Uncomment the network protocols you don't want loaded: -# alias net-pf-1 off # Unix -# alias net-pf-2 off # IPv4 -# alias net-pf-3 off # Amateur Radio AX.25 -# alias net-pf-4 off # IPX -# alias net-pf-5 off # DDP / appletalk -# alias net-pf-6 off # Amateur Radio NET/ROM -# alias net-pf-9 off # X.25 -# alias net-pf-10 off # IPv6 -# alias net-pf-11 off # ROSE / Amateur Radio X.25 PLP -# alias net-pf-19 off # Acorn Econet - -alias char-major-10-175 agpgart -alias char-major-10-200 tun -alias char-major-81 bttv -alias char-major-108 ppp_generic -alias /dev/ppp ppp_generic -alias tty-ldisc-3 ppp_async -alias tty-ldisc-14 ppp_synctty -alias ppp-compress-21 bsd_comp -alias ppp-compress-24 ppp_deflate -alias ppp-compress-26 ppp_deflate - -# Crypto modules (see http://www.kerneli.org/) -alias loop-xfer-gen-0 loop_gen -alias loop-xfer-3 loop_fish2 -alias loop-xfer-gen-10 loop_gen -alias cipher-2 des -alias cipher-3 fish2 -alias cipher-4 blowfish -alias cipher-6 idea -alias cipher-7 serp6f -alias cipher-8 mars6 -alias cipher-11 rc62 -alias cipher-15 dfc2 -alias cipher-16 rijndael -alias cipher-17 rc5 - -alias char-major-195 NVdriver - -### update-modules: end processing /etc/modutils/aliases - -### update-modules: start processing /etc/modutils/alsa-path -# Debian ALSA modules path -# Do not edit this unless you understand what you're doing. -path=/lib/modules/`uname -r`/alsa - -### update-modules: end processing /etc/modutils/alsa-path - -### update-modules: start processing /etc/modutils/apm -alias char-major-10-134 apm -alias /dev/apm_bios /dev/misc/apm_bios -alias /dev/misc/apm_bios apm - -### update-modules: end processing /etc/modutils/apm - -### update-modules: start processing /etc/modutils/cdrw -options ide-cd ignore=hdc # tell the ide-cd module to ignore hdb -alias scd0 sr_mod # load sr_mod upon access of scd0 -#pre-install ide-scsi modprobe imm # uncomment for some ZIP drives only -pre-install sg modprobe ide-scsi # load ide-scsi before sg -pre-install sr_mod modprobe ide-scsi # load ide-scsi before sr_mod -pre-install ide-scsi modprobe ide-cd # load ide-cd before ide-scsi - -### update-modules: end processing /etc/modutils/cdrw - -### update-modules: start processing /etc/modutils/irda -alias tty-ldisc-11 irtty -alias char-major-161 ircomm-tty -alias char-major-60 ircomm_tty - -# for dongle -alias irda-dongle-0 tekram -alias irda-dongle-1 esi -alias irda-dongle-2 actisys -alias irda-dongle-3 actisys -alias irda-dongle-4 girbil -alias irda-dongle-5 litelink -alias irda-dongle-6 airport -alias irda-dongle-7 old_belkin - -# for FIR device -alias irda0 smc-ircc -#dongle_id=0x09 -pre-install smc-ircc /usr/local/sbin/tosh5100-smcinit - -### update-modules: end processing /etc/modutils/irda - -### update-modules: start processing /etc/modutils/paths -# This file contains a list of paths that modprobe should scan, -# beside the once that are compiled into the modutils tools -# themselves. - - -### update-modules: end processing /etc/modutils/paths - -### update-modules: start processing /etc/modutils/pcmcia -pre-install ide-cs /etc/init.d/irda stop -post-remove ide-cs /etc/init.d/irda start - - - -### update-modules: end processing /etc/modutils/pcmcia - -### update-modules: start processing /etc/modutils/ppp -alias /dev/ppp ppp_generic -alias char-major-108 ppp_generic -alias tty-ldisc-3 ppp_async -alias tty-ldisc-14 ppp_synctty -alias ppp-compress-21 bsd_comp -alias ppp-compress-24 ppp_deflate -alias ppp-compress-26 ppp_deflate - -### update-modules: end processing /etc/modutils/ppp - -### update-modules: start processing /etc/modutils/setserial -# -# This is what I wanted to do, but logger is in /usr/bin, which isn't loaded -# when the module is first loaded into the kernel at boot time! -# -#post-install serial /etc/init.d/setserial start | logger -p daemon.info -t "setserial-module reload" -#pre-remove serial /etc/init.d/setserial stop | logger -p daemon.info -t "setserial-module uload" -# -alias /dev/tts serial -alias /dev/tts/0 serial -alias /dev/tts/1 serial -alias /dev/tts/2 serial -alias /dev/tts/3 serial -post-install serial /etc/init.d/setserial modload > /dev/null 2> /dev/null -pre-remove serial /etc/init.d/setserial modsave > /dev/null 2> /dev/null - -### update-modules: end processing /etc/modutils/setserial - -### update-modules: start processing /etc/modutils/sound -# ALSA portion -alias char-major-116 snd -# OSS/Free portion -alias char-major-14 soundcore -alias snd-card-0 snd-intel8x0 -alias sound-slot-0 snd-card-0 -# OSS/Free portion - card #1 -alias sound-service-0-0 snd-mixer-oss -alias sound-service-0-1 snd-seq-oss -alias sound-service-0-3 snd-pcm-oss -alias sound-service-0-8 snd-seq-oss -alias sound-service-0-12 snd-pcm-oss -alias sound-service-1-0 off -alias sound-slot-1 off -#gentoo suggestion -alias /dev/dsp snd-pcm-oss -alias /dev/mixer snd-mixer-oss -alias /dev/midi snd-seq-oss - - -### update-modules: end processing /etc/modutils/sound - -### update-modules: start processing /etc/modutils/toshutils -alias char-major-10-181 toshiba -options toshiba tosh_fn=0x62 -### update-modules: end processing /etc/modutils/toshutils - -### update-modules: start processing /etc/modutils/usb -options usb-uhci debug 3 -post-install belkin_sa /usr/local/sbin/belkin-usb-serial - - -### update-modules: end processing /etc/modutils/usb - -### update-modules: start processing /etc/modutils/arch/i386 -#alias parport_lowlevel parport_pc -alias char-major-10-144 nvram -alias binfmt-0064 binfmt_aout -alias char-major-10-135 rtc - -alias parport_lowlevel off -alias char-major-6 off - -### update-modules: end processing /etc/modutils/arch/i386 - diff --git a/root/etc/multipath.conf b/root/etc/multipath.conf deleted file mode 100644 index fa2017b..0000000 --- a/root/etc/multipath.conf +++ /dev/null @@ -1,97 +0,0 @@ -# This is a basic configuration file with some examples, for device mapper -# multipath. -# For a complete list of the default configuration values, see -# /usr/share/doc/device-mapper-multipath-0.4.8/multipath.conf.defaults -# For a list of configuration options with descriptions, see -# /usr/share/doc/device-mapper-multipath-0.4.8/multipath.conf.annotated - - -# Blacklist all devices by default. Remove this to enable multipathing -# on the default devices. -blacklist { - devnode "*" -} - -# By default, devices with vendor = "IBM" and product = "S/390.*" are -# blacklisted. To enable mulitpathing on these devies, uncomment the -# following lines. -blacklist_exceptions { - device { - vendor "IBM" - product "S/390.*" - } -} - -## Use user friendly names, instead of using WWIDs as names. -defaults { - user_friendly_names yes -} -# -# Here is an example of how to configure some standard options. -# - -defaults { - udev_dir /dev - polling_interval 10 - selector "round-robin 0" - path_grouping_policy multibus - getuid_callout "/sbin/scsi_id --whitelisted /dev/%n" - prio alua - path_checker readsector0 - rr_min_io 100 - max_fds 8192 - rr_weight priorities - failback immediate - no_path_retry fail - user_friendly_names yes -} -# -# The wwid line in the following blacklist section is shown as an example -# of how to blacklist devices by wwid. The 2 devnode lines are the -# compiled in default blacklist. If you want to blacklist entire types -# of devices, such as all scsi devices, you should use a devnode line. -# However, if you want to blacklist specific devices, you should use -# a wwid line. Since there is no guarantee that a specific device will -# not change names on reboot (from /dev/sda to /dev/sdb for example) -# devnode lines are not recommended for blacklisting specific devices. -# -blacklist { - wwid 26353900f02796769 - devnode "^(ram|raw|loop|fd|md|dm-|sr|scd|st)[0-9]*" - devnode "^hd[a-z]" -} -multipaths { - multipath { - wwid 3600508b4000156d700012000000b0000 - alias yellow - path_grouping_policy multibus - path_checker readsector0 - path_selector "round-robin 0" - failback manual - rr_weight priorities - no_path_retry 5 - } - multipath { - wwid 1DEC_____321816758474 - alias red - } -} -devices { - device { - vendor "COMPAQ " - product "HSV110 (C)COMPAQ" - path_grouping_policy multibus - getuid_callout "/sbin/scsi_id --whitelisted /dev/%n" - path_checker readsector0 - path_selector "round-robin 0" - hardware_handler "0" - failback 15 - rr_weight priorities - no_path_retry queue - } - device { - vendor "COMPAQ " - product "MSA1000 " - path_grouping_policy multibus - } -} diff --git a/root/etc/network/interfaces b/root/etc/network/interfaces deleted file mode 100644 index c1dc7a7..0000000 --- a/root/etc/network/interfaces +++ /dev/null @@ -1,39 +0,0 @@ -# /etc/network/interfaces -- configuration file for ifup(8), ifdown(8) - -# The loopback interface -auto lo -iface lo inet loopback - -# The first network card - this entry was created during the Debian installation -## auto eth0 -iface eth0 inet dhcp - pre-up /etc/init.d/ntp-server stop || true - up /etc/init.d/ntpdate restart || true - up /etc/init.d/ntp-server start || true - -iface eth0-0 inet static - address 134.158.129.99 - netmask 255.255.254.0 - network 134.158.128.0 - broadcast 134.158.129.255 - gateway 134.158.128.1 - -iface eth0-2 inet static - address 192.168.1.160 - netmask 255.255.255.0 - network 192.168.1.0 - broadcast 192.168.1.255 - gateway 192.168.1.1 - -iface eth0-3 inet static - address 192.168.1.7 - netmask 255.255.255.0 - network 192.168.1.0 - broadcast 192.168.1.255 - -iface adsl0 inet dhcp - pre-up /sbin/modprobe adiusbadsl - pre-up /usr/sbin/adictrl -i - pre-up /usr/sbin/adictrl -f - pre-up /usr/sbin/adictrl -d - pre-up /usr/sbin/adictrl -s diff --git a/root/etc/nginx/nginx.conf b/root/etc/nginx/nginx.conf deleted file mode 100644 index 684ebe0..0000000 --- a/root/etc/nginx/nginx.conf +++ /dev/null @@ -1,117 +0,0 @@ - -user nobody; -worker_processes 1; - -error_log logs/error.log; -error_log logs/error.log notice; -error_log logs/error.log info; - -pid logs/nginx.pid; - - -events { - worker_connections 1024; -} - - -http { - include mime.types; - default_type application/octet-stream; - - log_format main '$remote_addr - $remote_user [$time_local] "$request" ' - '$status $body_bytes_sent "$http_referer" ' - '"$http_user_agent" "$http_x_forwarded_for"'; - - access_log logs/access.log main; - - sendfile on; - tcp_nopush on; - - keepalive_timeout 0; - keepalive_timeout 65; - - gzip on; - - server { - listen 80; - server_name localhost; - - charset koi8-r; - - access_log logs/host.access.log main; - - location / { - root html; - index index.html index.htm; - } - - error_page 404 /404.html; - - # redirect server error pages to the static page /50x.html - # - error_page 500 502 503 504 /50x.html; - location = /50x.html { - root html; - } - - # proxy the PHP scripts to Apache listening on 127.0.0.1:80 - - location ~ \.php$ { - proxy_pass http://127.0.0.1; - } - - # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000 - # - location ~ \.php$ { - root html; - fastcgi_pass 127.0.0.1:9000; - fastcgi_index index.php; - fastcgi_param SCRIPT_FILENAME /scripts$fastcgi_script_name; - include fastcgi_params; - } - - # deny access to .htaccess files, if Apache's document root - # concurs with nginx's one - # - location ~ /\.ht { - deny all; - } - } - - - # another virtual host using mix of IP-, name-, and port-based configuration - - server { - listen 8000; - listen somename:8080; - server_name somename alias another.alias; - - location / { - root html; - index index.html index.htm; - } - } - - - # HTTPS server - # - server { - listen 443 ssl; - server_name localhost; - - ssl_certificate cert.pem; - ssl_certificate_key cert.key; - - ssl_session_cache shared:SSL:1m; - ssl_session_timeout 5m; - - ssl_ciphers HIGH:!aNULL:!MD5; - ssl_prefer_server_ciphers on; - - location / { - root html; - index index.html index.htm; - } - } - -} diff --git a/root/etc/nrpe.cfg b/root/etc/nrpe.cfg deleted file mode 100644 index 792d600..0000000 --- a/root/etc/nrpe.cfg +++ /dev/null @@ -1 +0,0 @@ -# diff --git a/root/etc/nslcd.conf b/root/etc/nslcd.conf deleted file mode 100644 index 0714e7d..0000000 --- a/root/etc/nslcd.conf +++ /dev/null @@ -1,126 +0,0 @@ -# /etc/nslcd.conf -# nslcd configuration file. See nslcd.conf(5) -# for details. - -# Specifies the number of threads to start that can handle requests and perform LDAP queries. -threads 5 - -# The user and group nslcd should run as. -uid nslcd -gid nslcd - -# This option controls the way logging is done. -log syslog info - -# The location at which the LDAP server(s) should be reachable. -uri ldaps://XXX.XXX.XXX - -# The search base that will be used for all queries. -base dc=XXX,dc=XXX - -# The LDAP protocol version to use. -ldap_version 3 - -# The DN to bind with for normal lookups. -binddn cn=annonymous,dc=example,dc=net -bindpw secret - - -# The DN used for password modifications by root. -rootpwmoddn cn=admin,dc=example,dc=com - -# The password used for password modifications by root. -rootpwmodpw XXXXXX - - -# SASL authentication options -sasl_mech OTP -sasl_realm realm -sasl_authcid authcid -sasl_authzid dn:cn=annonymous,dc=example,dc=net -sasl_secprops noanonymous,noplain,minssf=0,maxssf=2,maxbufsize=65535 -sasl_canonicalize yes - -# Kerberos authentication options -krb5_ccname ccname - -# Search/mapping options - -# Specifies the base distinguished name (DN) to use as search base. -base dc=people,dc=example,dc=com -base dc=morepeople,dc=example,dc=com -base alias dc=aliases,dc=example,dc=com -base alias dc=morealiases,dc=example,dc=com -base group dc=group,dc=example,dc=com -base group dc=moregroup,dc=example,dc=com -base passwd dc=users,dc=example,dc=com - -# Specifies the search scope (subtree, onelevel, base or children). -scope sub -scope passwd sub -scope aliases sub - -# Specifies the policy for dereferencing aliases. -deref never - -# Specifies whether automatic referral chasing should be enabled. -referrals yes - -# The FILTER is an LDAP search filter to use for a specific map. -filter passwd (objectClass=posixAccount) - -# This option allows for custom attributes to be looked up instead of the default RFC 2307 attributes. -map passwd homeDirectory \"${homeDirectory:-/home/$uid}\" -map passwd loginShell \"${loginShell:-/bin/bash}\" -map shadow userPassword myPassword - -# Timing/reconnect options - -# Specifies the time limit (in seconds) to use when connecting to the directory server. -bind_timelimit 30 - -# Specifies the time limit (in seconds) to wait for a response from the LDAP server. -timelimit 5 - -# Specifies the period if inactivity (in seconds) after which the connection to the LDAP server will be closed. -idle_timelimit 10 - -# Specifies the number of seconds to sleep when connecting to all LDAP servers fails. -reconnect_sleeptime 10 - -# Specifies the time after which the LDAP server is considered to be permanently unavailable. -reconnect_retrytime 10 - -# SSL/TLS options - -# Specifies whether to use SSL/TLS or not (the default is not to). -ssl start_tls -# Specifies what checks to perform on a server-supplied certificate. -tls_reqcert never -# Specifies the directory containing X.509 certificates for peer authentication. -tls_cacertdir /etc/ssl/ca -# Specifies the path to the X.509 certificate for peer authentication. -tls_cacertfile /etc/ssl/certs/ca-certificates.crt -# Specifies the path to an entropy source. -tls_randfile /dev/random -# Specifies the ciphers to use for TLS. -tls_ciphers TLSv1 -# Specifies the path to the file containing the local certificate for client TLS authentication. -tls_cert /etc/ssl/certs/cert.pem -# Specifies the path to the file containing the private key for client TLS authentication. -tls_key /etc/ssl/private/cert.pem - -# Other options -pagesize 100 -nss_initgroups_ignoreusers user1,user2,user3 -nss_min_uid 1000 -nss_nested_groups yes -nss_getgrent_skipmembers yes -nss_disable_enumeration yes -validnames /^[a-z0-9._@$()]([a-z0-9._@$() \\~-]*[a-z0-9._@$()~-])?$/i -ignorecase yes -pam_authc_ppolicy yes -pam_authz_search (&(objectClass=posixAccount)(uid=$username)(|(authorizedService=$service)(!(authorizedService=*)))) -pam_password_prohibit_message "MESSAGE LONG AND WITH SPACES" -reconnect_invalidate nfsidmap,db2,db3 -cache dn2uid 1s 2h diff --git a/root/etc/ntp.conf b/root/etc/ntp.conf deleted file mode 100644 index 8a375db..0000000 --- a/root/etc/ntp.conf +++ /dev/null @@ -1,50 +0,0 @@ -# Permit time synchronization with our time source, but do not -# permit the source to query or modify the service on this system. -restrict default kod nomodify notrap nopeer noquery -restrict -6 default kod nomodify notrap nopeer noquery - -# Permit all access over the loopback interface. This could -# be tightened as well, but to do so would effect some of -# the administrative functions. -restrict 127.0.0.1 -restrict -6 ::1 - -# Hosts on local network are less restricted. -restrict 192.168.1.0 mask 255.255.255.0 nomodify notrap - -# Use public servers from the pool.ntp.org project. -# Please consider joining the pool (http://www.pool.ntp.org/join.html). -server 0.centos.pool.ntp.org -server 1.centos.pool.ntp.org -server 2.centos.pool.ntp.org - -broadcast 192.168.1.255 key 42 # broadcast server -broadcastclient # broadcast client -broadcast 224.0.1.1 key 42 # multicast server -multicastclient 224.0.1.1 # multicast client -manycastserver 239.255.254.254 # manycast server -manycastclient 239.255.254.254 key 42 # manycast client - -# Undisciplined Local Clock. This is a fake driver intended for backup -# and when no outside source of synchronized time is available. -server 127.127.1.0 # local clock -fudge 127.127.1.0 stratum 10 - -# Drift file. Put this in a directory which the daemon can write to. -# No symbolic links allowed, either, since the daemon updates the file -# by creating a temporary in the same directory and then rename()'ing -# it to the file. -driftfile /var/lib/ntp/drift - -# Key file containing the keys and key identifiers used when operating -# with symmetric key cryptography. -keys /etc/ntp/keys - -# Specify the key identifiers which are trusted. -trustedkey 4 8 42 - -# Specify the key identifier to use with the ntpdc utility. -requestkey 8 - -# Specify the key identifier to use with the ntpq utility. -controlkey 8 diff --git a/root/etc/pam.d/login b/root/etc/pam.d/login deleted file mode 100644 index 9e8ca3b..0000000 --- a/root/etc/pam.d/login +++ /dev/null @@ -1,15 +0,0 @@ -#%PAM-1.0 -auth [user_unknown=ignore success=ok ignore=ignore default=bad] pam_securetty.so -auth include system-auth -account required pam_nologin.so -account include system-auth -password include system-auth -# pam_selinux.so close should be the first session rule -session required pam_selinux.so close -session optional pam_keyinit.so force revoke -session include system-auth -session required pam_loginuid.so -session optional pam_console.so -# pam_selinux.so open should only be followed by sessions to be executed in the user context -session required pam_selinux.so open -session optional pam_ck_connector.so diff --git a/root/etc/pam.d/newrole b/root/etc/pam.d/newrole deleted file mode 100644 index 836b689..0000000 --- a/root/etc/pam.d/newrole +++ /dev/null @@ -1,5 +0,0 @@ -#%PAM-1.0 -auth include system-auth -account include system-auth -password include system-auth -session required pam_namespace.so unmnt_remnt no_unmount_on_close diff --git a/root/etc/pam.d/postgresql b/root/etc/pam.d/postgresql deleted file mode 100644 index 40bfa6f..0000000 --- a/root/etc/pam.d/postgresql +++ /dev/null @@ -1,3 +0,0 @@ -#%PAM-1.0 -auth include system-auth -account include system-auth diff --git a/root/etc/passwd b/root/etc/passwd deleted file mode 100644 index 9cefbfe..0000000 --- a/root/etc/passwd +++ /dev/null @@ -1,19 +0,0 @@ -root:x:0:0:root:/root:/bin/bash -bin:x:1:1:bin:/bin:/sbin/nologin -daemon:x:2:2:daemon:/sbin:/sbin/nologin -adm:x:3:4:adm:/var/adm:/sbin/nologin -lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin -sync:x:5:0:sync:/sbin:/bin/sync -shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown -halt:x:7:0:halt:/sbin:/sbin/halt -mail:x:8:12:mail:/var/spool/mail:/sbin/nologin -uucp:x:10:14:uucp:/var/spool/uucp:/sbin/nologin -operator:x:11:0:operator:/root:/sbin/nologin -games:x:12:100:games:/usr/games:/sbin/nologin -gopher:x:13:30:gopher:/var/gopher:/sbin/nologin -ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin -nobody:x:99:99:Nobody:/:/sbin/nologin -vcsa:x:69:69:virtual console memory owner:/dev:/sbin/nologin -rpc:x:32:32:Rpcbind Daemon:/var/lib/rpcbind:/sbin/nologin -rpcuser:x:29:29:RPC Service User:/var/lib/nfs:/sbin/nologin -nfsnobody:x:4294967294:499:Anonymous NFS User:/var/lib/nfs:/sbin/nologin diff --git a/root/etc/php.ini b/root/etc/php.ini deleted file mode 100644 index 0135141..0000000 --- a/root/etc/php.ini +++ /dev/null @@ -1,1221 +0,0 @@ -[PHP] - -;;;;;;;;;;;;;;;;;;; -; About php.ini ; -;;;;;;;;;;;;;;;;;;; -; This file controls many aspects of PHP's behavior. In order for PHP to -; read it, it must be named 'php.ini'. PHP looks for it in the current -; working directory, in the path designated by the environment variable -; PHPRC, and in the path that was defined in compile time (in that order). -; Under Windows, the compile-time path is the Windows directory. The -; path in which the php.ini file is looked for can be overridden using -; the -c argument in command line mode. -; -; The syntax of the file is extremely simple. Whitespace and Lines -; beginning with a semicolon are silently ignored (as you probably guessed). -; Section headers (e.g. [Foo]) are also silently ignored, even though -; they might mean something in the future. -; -; Directives are specified using the following syntax: -; directive = value -; Directive names are *case sensitive* - foo=bar is different from FOO=bar. -; -; The value can be a string, a number, a PHP constant (e.g. E_ALL or M_PI), one -; of the INI constants (On, Off, True, False, Yes, No and None) or an expression -; (e.g. E_ALL & ~E_NOTICE), or a quoted string ("foo"). -; -; Expressions in the INI file are limited to bitwise operators and parentheses: -; | bitwise OR -; & bitwise AND -; ~ bitwise NOT -; ! boolean NOT -; -; Boolean flags can be turned on using the values 1, On, True or Yes. -; They can be turned off using the values 0, Off, False or No. -; -; An empty string can be denoted by simply not writing anything after the equal -; sign, or by using the None keyword: -; -; foo = ; sets foo to an empty string -; foo = none ; sets foo to an empty string -; foo = "none" ; sets foo to the string 'none' -; -; If you use constants in your value, and these constants belong to a -; dynamically loaded extension (either a PHP extension or a Zend extension), -; you may only use these constants *after* the line that loads the extension. -; -; -;;;;;;;;;;;;;;;;;;; -; About this file ; -;;;;;;;;;;;;;;;;;;; -; This is the recommended, PHP 5-style version of the php.ini-dist file. It -; sets some non standard settings, that make PHP more efficient, more secure, -; and encourage cleaner coding. -; -; The price is that with these settings, PHP may be incompatible with some -; applications, and sometimes, more difficult to develop with. Using this -; file is warmly recommended for production sites. As all of the changes from -; the standard settings are thoroughly documented, you can go over each one, -; and decide whether you want to use it or not. -; -; For general information about the php.ini file, please consult the php.ini-dist -; file, included in your PHP distribution. -; -; This file is different from the php.ini-dist file in the fact that it features -; different values for several directives, in order to improve performance, while -; possibly breaking compatibility with the standard out-of-the-box behavior of -; PHP. Please make sure you read what's different, and modify your scripts -; accordingly, if you decide to use this file instead. -; -; - register_globals = Off [Security, Performance] -; Global variables are no longer registered for input data (POST, GET, cookies, -; environment and other server variables). Instead of using $foo, you must use -; you can use $_REQUEST["foo"] (includes any variable that arrives through the -; request, namely, POST, GET and cookie variables), or use one of the specific -; $_GET["foo"], $_POST["foo"], $_COOKIE["foo"] or $_FILES["foo"], depending -; on where the input originates. Also, you can look at the -; import_request_variables() function. -; Note that register_globals is going to be depracated (i.e., turned off by -; default) in the next version of PHP, because it often leads to security bugs. -; Read http://php.net/manual/en/security.registerglobals.php for further -; information. -; - register_long_arrays = Off [Performance] -; Disables registration of the older (and deprecated) long predefined array -; variables ($HTTP_*_VARS). Instead, use the superglobals that were -; introduced in PHP 4.1.0 -; - display_errors = Off [Security] -; With this directive set to off, errors that occur during the execution of -; scripts will no longer be displayed as a part of the script output, and thus, -; will no longer be exposed to remote users. With some errors, the error message -; content may expose information about your script, web server, or database -; server that may be exploitable for hacking. Production sites should have this -; directive set to off. -; - log_errors = On [Security] -; This directive complements the above one. Any errors that occur during the -; execution of your script will be logged (typically, to your server's error log, -; but can be configured in several ways). Along with setting display_errors to off, -; this setup gives you the ability to fully understand what may have gone wrong, -; without exposing any sensitive information to remote users. -; - output_buffering = 4096 [Performance] -; Set a 4KB output buffer. Enabling output buffering typically results in less -; writes, and sometimes less packets sent on the wire, which can often lead to -; better performance. The gain this directive actually yields greatly depends -; on which Web server you're working with, and what kind of scripts you're using. -; - register_argc_argv = Off [Performance] -; Disables registration of the somewhat redundant $argv and $argc global -; variables. -; - magic_quotes_gpc = Off [Performance] -; Input data is no longer escaped with slashes so that it can be sent into -; SQL databases without further manipulation. Instead, you should use the -; function addslashes() on each input element you wish to send to a database. -; - variables_order = "GPCS" [Performance] -; The environment variables are not hashed into the $_ENV. To access -; environment variables, you can use getenv() instead. -; - error_reporting = E_ALL [Code Cleanliness, Security(?)] -; By default, PHP surpresses errors of type E_NOTICE. These error messages -; are emitted for non-critical errors, but that could be a symptom of a bigger -; problem. Most notably, this will cause error messages about the use -; of uninitialized variables to be displayed. -; - allow_call_time_pass_reference = Off [Code cleanliness] -; It's not possible to decide to force a variable to be passed by reference -; when calling a function. The PHP 4 style to do this is by making the -; function require the relevant argument by reference. - - -;;;;;;;;;;;;;;;;;;;; -; Language Options ; -;;;;;;;;;;;;;;;;;;;; - -; Enable the PHP scripting language engine under Apache. -engine = On - -; Enable compatibility mode with Zend Engine 1 (PHP 4.x) -zend.ze1_compatibility_mode = Off - -; Allow the tags are recognized. -; NOTE: Using short tags should be avoided when developing applications or -; libraries that are meant for redistribution, or deployment on PHP -; servers which are not under your control, because short tags may not -; be supported on the target server. For portable, redistributable code, -; be sure not to use short tags. -short_open_tag = On - -; Allow ASP-style <% %> tags. -asp_tags = Off - -; The number of significant digits displayed in floating point numbers. -precision = 14 - -; Enforce year 2000 compliance (will cause problems with non-compliant browsers) -y2k_compliance = On - -; Output buffering allows you to send header lines (including cookies) even -; after you send body content, at the price of slowing PHP's output layer a -; bit. You can enable output buffering during runtime by calling the output -; buffering functions. You can also enable output buffering for all files by -; setting this directive to On. If you wish to limit the size of the buffer -; to a certain size - you can use a maximum number of bytes instead of 'On', as -; a value for this directive (e.g., output_buffering=4096). -output_buffering = 4096 - -; You can redirect all of the output of your scripts to a function. For -; example, if you set output_handler to "mb_output_handler", character -; encoding will be transparently converted to the specified encoding. -; Setting any output handler automatically turns on output buffering. -; Note: People who wrote portable scripts should not depend on this ini -; directive. Instead, explicitly set the output handler using ob_start(). -; Using this ini directive may cause problems unless you know what script -; is doing. -; Note: You cannot use both "mb_output_handler" with "ob_iconv_handler" -; and you cannot use both "ob_gzhandler" and "zlib.output_compression". -; Note: output_handler must be empty if this is set 'On' !!!! -; Instead you must use zlib.output_handler. -;output_handler = - -; Transparent output compression using the zlib library -; Valid values for this option are 'off', 'on', or a specific buffer size -; to be used for compression (default is 4KB) -; Note: Resulting chunk size may vary due to nature of compression. PHP -; outputs chunks that are few hundreds bytes each as a result of -; compression. If you prefer a larger chunk size for better -; performance, enable output_buffering in addition. -; Note: You need to use zlib.output_handler instead of the standard -; output_handler, or otherwise the output will be corrupted. -zlib.output_compression = Off - -; You cannot specify additional output handlers if zlib.output_compression -; is activated here. This setting does the same as output_handler but in -; a different order. -;zlib.output_handler = - -; Implicit flush tells PHP to tell the output layer to flush itself -; automatically after every output block. This is equivalent to calling the -; PHP function flush() after each and every call to print() or echo() and each -; and every HTML block. Turning this option on has serious performance -; implications and is generally recommended for debugging purposes only. -implicit_flush = Off - -; The unserialize callback function will be called (with the undefined class' -; name as parameter), if the unserializer finds an undefined class -; which should be instantiated. -; A warning appears if the specified function is not defined, or if the -; function doesn't include/implement the missing class. -; So only set this entry, if you really want to implement such a -; callback-function. -unserialize_callback_func= - -; When floats & doubles are serialized store serialize_precision significant -; digits after the floating point. The default value ensures that when floats -; are decoded with unserialize, the data will remain the same. -serialize_precision = 100 - -; Whether to enable the ability to force arguments to be passed by reference -; at function call time. This method is deprecated and is likely to be -; unsupported in future versions of PHP/Zend. The encouraged method of -; specifying which arguments should be passed by reference is in the function -; declaration. You're encouraged to try and turn this option Off and make -; sure your scripts work properly with it in order to ensure they will work -; with future versions of the language (you will receive a warning each time -; you use this feature, and the argument will be passed by value instead of by -; reference). -allow_call_time_pass_reference = Off - -; -; Safe Mode -; -safe_mode = Off - -; By default, Safe Mode does a UID compare check when -; opening files. If you want to relax this to a GID compare, -; then turn on safe_mode_gid. -safe_mode_gid = Off - -; When safe_mode is on, UID/GID checks are bypassed when -; including files from this directory and its subdirectories. -; (directory must also be in include_path or full path must -; be used when including) -safe_mode_include_dir = - -; When safe_mode is on, only executables located in the safe_mode_exec_dir -; will be allowed to be executed via the exec family of functions. -safe_mode_exec_dir = - -; Setting certain environment variables may be a potential security breach. -; This directive contains a comma-delimited list of prefixes. In Safe Mode, -; the user may only alter environment variables whose names begin with the -; prefixes supplied here. By default, users will only be able to set -; environment variables that begin with PHP_ (e.g. PHP_FOO=BAR). -; -; Note: If this directive is empty, PHP will let the user modify ANY -; environment variable! -safe_mode_allowed_env_vars = PHP_ - -; This directive contains a comma-delimited list of environment variables that -; the end user won't be able to change using putenv(). These variables will be -; protected even if safe_mode_allowed_env_vars is set to allow to change them. -safe_mode_protected_env_vars = LD_LIBRARY_PATH - -; open_basedir, if set, limits all file operations to the defined directory -; and below. This directive makes most sense if used in a per-directory -; or per-virtualhost web server configuration file. This directive is -; *NOT* affected by whether Safe Mode is turned On or Off. -;open_basedir = - -; This directive allows you to disable certain functions for security reasons. -; It receives a comma-delimited list of function names. This directive is -; *NOT* affected by whether Safe Mode is turned On or Off. -disable_functions = - -; This directive allows you to disable certain classes for security reasons. -; It receives a comma-delimited list of class names. This directive is -; *NOT* affected by whether Safe Mode is turned On or Off. -disable_classes = - -; Colors for Syntax Highlighting mode. Anything that's acceptable in -; would work. -;highlight.string = #DD0000 -;highlight.comment = #FF9900 -;highlight.keyword = #007700 -;highlight.bg = #FFFFFF -;highlight.default = #0000BB -;highlight.html = #000000 - -; If enabled, the request will be allowed to complete even if the user aborts -; the request. Consider enabling it if executing long request, which may end up -; being interrupted by the user or a browser timing out. -; ignore_user_abort = On - -; Determines the size of the realpath cache to be used by PHP. This value should -; be increased on systems where PHP opens many files to reflect the quantity of -; the file operations performed. -; realpath_cache_size=16k - -; Duration of time, in seconds for which to cache realpath information for a given -; file or directory. For systems with rarely changing files, consider increasing this -; value. -; realpath_cache_ttl=120 - -; -; Misc -; -; Decides whether PHP may expose the fact that it is installed on the server -; (e.g. by adding its signature to the Web server header). It is no security -; threat in any way, but it makes it possible to determine whether you use PHP -; on your server or not. -expose_php = On - - -;;;;;;;;;;;;;;;;;;; -; Resource Limits ; -;;;;;;;;;;;;;;;;;;; - -max_execution_time = 30 ; Maximum execution time of each script, in seconds -max_input_time = 60 ; Maximum amount of time each script may spend parsing request data -memory_limit = 16M ; Maximum amount of memory a script may consume - - -;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; -; Error handling and logging ; -;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; - -; error_reporting is a bit-field. Or each number up to get desired error -; reporting level -; E_ALL - All errors and warnings (doesn't include E_STRICT) -; E_ERROR - fatal run-time errors -; E_WARNING - run-time warnings (non-fatal errors) -; E_PARSE - compile-time parse errors -; E_NOTICE - run-time notices (these are warnings which often result -; from a bug in your code, but it's possible that it was -; intentional (e.g., using an uninitialized variable and -; relying on the fact it's automatically initialized to an -; empty string) -; E_STRICT - run-time notices, enable to have PHP suggest changes -; to your code which will ensure the best interoperability -; and forward compatibility of your code -; E_CORE_ERROR - fatal errors that occur during PHP's initial startup -; E_CORE_WARNING - warnings (non-fatal errors) that occur during PHP's -; initial startup -; E_COMPILE_ERROR - fatal compile-time errors -; E_COMPILE_WARNING - compile-time warnings (non-fatal errors) -; E_USER_ERROR - user-generated error message -; E_USER_WARNING - user-generated warning message -; E_USER_NOTICE - user-generated notice message -; -; Examples: -; -; - Show all errors, except for notices and coding standards warnings -; -;error_reporting = E_ALL & ~E_NOTICE -; -; - Show all errors, except for notices -; -;error_reporting = E_ALL & ~E_NOTICE | E_STRICT -; -; - Show only errors -; -;error_reporting = E_COMPILE_ERROR|E_ERROR|E_CORE_ERROR -; -; - Show all errors, except coding standards warnings -; -error_reporting = E_ALL - -; Print out errors (as a part of the output). For production web sites, -; you're strongly encouraged to turn this feature off, and use error logging -; instead (see below). Keeping display_errors enabled on a production web site -; may reveal security information to end users, such as file paths on your Web -; server, your database schema or other information. -display_errors = Off - -; Even when display_errors is on, errors that occur during PHP's startup -; sequence are not displayed. It's strongly recommended to keep -; display_startup_errors off, except for when debugging. -display_startup_errors = Off - -; Log errors into a log file (server-specific log, stderr, or error_log (below)) -; As stated above, you're strongly advised to use error logging in place of -; error displaying on production web sites. -log_errors = On - -; Set maximum length of log_errors. In error_log information about the source is -; added. The default is 1024 and 0 allows to not apply any maximum length at all. -log_errors_max_len = 1024 - -; Do not log repeated messages. Repeated errors must occur in same file on same -; line until ignore_repeated_source is set true. -ignore_repeated_errors = Off - -; Ignore source of message when ignoring repeated messages. When this setting -; is On you will not log errors with repeated messages from different files or -; sourcelines. -ignore_repeated_source = Off - -; If this parameter is set to Off, then memory leaks will not be shown (on -; stdout or in the log). This has only effect in a debug compile, and if -; error reporting includes E_WARNING in the allowed list -report_memleaks = On - -; Store the last error/warning message in $php_errormsg (boolean). -track_errors = Off - -; Disable the inclusion of HTML tags in error messages. -; Note: Never use this feature for production boxes. -;html_errors = Off - -; If html_errors is set On PHP produces clickable error messages that direct -; to a page describing the error or function causing the error in detail. -; You can download a copy of the PHP manual from http://www.php.net/docs.php -; and change docref_root to the base URL of your local copy including the -; leading '/'. You must also specify the file extension being used including -; the dot. -; Note: Never use this feature for production boxes. -;docref_root = "/phpmanual/" -;docref_ext = .html - -; String to output before an error message. -;error_prepend_string = "" - -; String to output after an error message. -;error_append_string = "" - -; Log errors to specified file. -;error_log = filename - -; Log errors to syslog (Event Log on NT, not valid in Windows 95). -;error_log = syslog - - -;;;;;;;;;;;;;;;;; -; Data Handling ; -;;;;;;;;;;;;;;;;; -; -; Note - track_vars is ALWAYS enabled as of PHP 4.0.3 - -; The separator used in PHP generated URLs to separate arguments. -; Default is "&". -;arg_separator.output = "&" - -; List of separator(s) used by PHP to parse input URLs into variables. -; Default is "&". -; NOTE: Every character in this directive is considered as separator! -;arg_separator.input = ";&" - -; This directive describes the order in which PHP registers GET, POST, Cookie, -; Environment and Built-in variables (G, P, C, E & S respectively, often -; referred to as EGPCS or GPC). Registration is done from left to right, newer -; values override older values. -variables_order = "EGPCS" - -; Whether or not to register the EGPCS variables as global variables. You may -; want to turn this off if you don't want to clutter your scripts' global scope -; with user data. This makes most sense when coupled with track_vars - in which -; case you can access all of the GPC variables through the $HTTP_*_VARS[], -; variables. -; -; You should do your best to write your scripts so that they do not require -; register_globals to be on; Using form variables as globals can easily lead -; to possible security problems, if the code is not very well thought of. -register_globals = Off - -; Whether or not to register the old-style input arrays, HTTP_GET_VARS -; and friends. If you're not using them, it's recommended to turn them off, -; for performance reasons. -register_long_arrays = Off - -; This directive tells PHP whether to declare the argv&argc variables (that -; would contain the GET information). If you don't use these variables, you -; should turn it off for increased performance. -register_argc_argv = Off - -; When enabled, the SERVER and ENV variables are created when they're first -; used (Just In Time) instead of when the script starts. If these variables -; are not used within a script, having this directive on will result in a -; performance gain. The PHP directives register_globals, register_long_arrays, -; and register_argc_argv must be disabled for this directive to have any affect. -auto_globals_jit = On - -; Maximum size of POST data that PHP will accept. -post_max_size = 8M - -; Magic quotes -; - -; Magic quotes for incoming GET/POST/Cookie data. -magic_quotes_gpc = Off - -; Magic quotes for runtime-generated data, e.g. data from SQL, from exec(), etc. -magic_quotes_runtime = Off - -; Use Sybase-style magic quotes (escape ' with '' instead of \'). -magic_quotes_sybase = Off - -; Automatically add files before or after any PHP document. -auto_prepend_file = -auto_append_file = - -; As of 4.0b4, PHP always outputs a character encoding by default in -; the Content-type: header. To disable sending of the charset, simply -; set it to be empty. -; -; PHP's built-in default is text/html -default_mimetype = "text/html" -;default_charset = "iso-8859-1" - -; Always populate the $HTTP_RAW_POST_DATA variable. -;always_populate_raw_post_data = On - - -;;;;;;;;;;;;;;;;;;;;;;;;; -; Paths and Directories ; -;;;;;;;;;;;;;;;;;;;;;;;;; - -; UNIX: "/path1:/path2" -;include_path = ".:/php/includes" -; -; Windows: "\path1;\path2" -;include_path = ".;c:\php\includes" - -; The root of the PHP pages, used only if nonempty. -; if PHP was not compiled with FORCE_REDIRECT, you SHOULD set doc_root -; if you are running php as a CGI under any web server (other than IIS) -; see documentation for security issues. The alternate is to use the -; cgi.force_redirect configuration below -doc_root = - -; The directory under which PHP opens the script using /~username used only -; if nonempty. -user_dir = - -; Directory in which the loadable extensions (modules) reside. -extension_dir = "/usr/lib/php/modules" - -; Whether or not to enable the dl() function. The dl() function does NOT work -; properly in multithreaded servers, such as IIS or Zeus, and is automatically -; disabled on them. -enable_dl = On - -; cgi.force_redirect is necessary to provide security running PHP as a CGI under -; most web servers. Left undefined, PHP turns this on by default. You can -; turn it off here AT YOUR OWN RISK -; **You CAN safely turn this off for IIS, in fact, you MUST.** -; cgi.force_redirect = 1 - -; if cgi.nph is enabled it will force cgi to always sent Status: 200 with -; every request. -; cgi.nph = 1 - -; if cgi.force_redirect is turned on, and you are not running under Apache or Netscape -; (iPlanet) web servers, you MAY need to set an environment variable name that PHP -; will look for to know it is OK to continue execution. Setting this variable MAY -; cause security issues, KNOW WHAT YOU ARE DOING FIRST. -; cgi.redirect_status_env = ; - -; FastCGI under IIS (on WINNT based OS) supports the ability to impersonate -; security tokens of the calling client. This allows IIS to define the -; security context that the request runs under. mod_fastcgi under Apache -; does not currently support this feature (03/17/2002) -; Set to 1 if running under IIS. Default is zero. -; fastcgi.impersonate = 1; - -; Disable logging through FastCGI connection -; fastcgi.log = 0 - -; cgi.rfc2616_headers configuration option tells PHP what type of headers to -; use when sending HTTP response code. If it's set 0 PHP sends Status: header that -; is supported by Apache. When this option is set to 1 PHP will send -; RFC2616 compliant header. -; Default is zero. -;cgi.rfc2616_headers = 0 - - -;;;;;;;;;;;;;;;; -; File Uploads ; -;;;;;;;;;;;;;;;; - -; Whether to allow HTTP file uploads. -file_uploads = On - -; Temporary directory for HTTP uploaded files (will use system default if not -; specified). -;upload_tmp_dir = - -; Maximum allowed size for uploaded files. -upload_max_filesize = 2M - - -;;;;;;;;;;;;;;;;;; -; Fopen wrappers ; -;;;;;;;;;;;;;;;;;; - -; Whether to allow the treatment of URLs (like http:// or ftp://) as files. -allow_url_fopen = On - -; Define the anonymous ftp password (your email address) -;from="john@doe.com" - -; Define the User-Agent string -; user_agent="PHP" - -; Default timeout for socket based streams (seconds) -default_socket_timeout = 60 - -; If your scripts have to deal with files from Macintosh systems, -; or you are running on a Mac and need to deal with files from -; unix or win32 systems, setting this flag will cause PHP to -; automatically detect the EOL character in those files so that -; fgets() and file() will work regardless of the source of the file. -; auto_detect_line_endings = Off - - -;;;;;;;;;;;;;;;;;;;;;; -; Dynamic Extensions ; -;;;;;;;;;;;;;;;;;;;;;; -; -; If you wish to have an extension loaded automatically, use the following -; syntax: -; -; extension=modulename.extension -; -; For example: -; -; extension=msql.so -; -; Note that it should be the name of the module only; no directory information -; needs to go here. Specify the location of the extension with the -; extension_dir directive above. - - -;;;; -; Note: packaged extension modules are now loaded via the .ini files -; found in the directory /etc/php.d; these are loaded by default. -;;;; - - -;;;;;;;;;;;;;;;;;;; -; Module Settings ; -;;;;;;;;;;;;;;;;;;; - -[Date] -; Defines the default timezone used by the date functions -;date.timezone = - -[Syslog] -; Whether or not to define the various syslog variables (e.g. $LOG_PID, -; $LOG_CRON, etc.). Turning it off is a good idea performance-wise. In -; runtime, you can define these variables by calling define_syslog_variables(). -define_syslog_variables = Off - -[mail function] -; For Win32 only. -SMTP = localhost -smtp_port = 25 - -; For Win32 only. -;sendmail_from = me@example.com - -; For Unix only. You may supply arguments as well (default: "sendmail -t -i"). -sendmail_path = /usr/sbin/sendmail -t -i - -; Force the addition of the specified parameters to be passed as extra parameters -; to the sendmail binary. These parameters will always replace the value of -; the 5th parameter to mail(), even in safe mode. -;mail.force_extra_parameters = - -[SQL] -sql.safe_mode = Off - -[ODBC] -;odbc.default_db = Not yet implemented -;odbc.default_user = Not yet implemented -;odbc.default_pw = Not yet implemented - -; Allow or prevent persistent links. -odbc.allow_persistent = On - -; Check that a connection is still valid before reuse. -odbc.check_persistent = On - -; Maximum number of persistent links. -1 means no limit. -odbc.max_persistent = -1 - -; Maximum number of links (persistent + non-persistent). -1 means no limit. -odbc.max_links = -1 - -; Handling of LONG fields. Returns number of bytes to variables. 0 means -; passthru. -odbc.defaultlrl = 4096 - -; Handling of binary data. 0 means passthru, 1 return as is, 2 convert to char. -; See the documentation on odbc_binmode and odbc_longreadlen for an explanation -; of uodbc.defaultlrl and uodbc.defaultbinmode -odbc.defaultbinmode = 1 - -[MySQL] -; Allow or prevent persistent links. -mysql.allow_persistent = On - -; Maximum number of persistent links. -1 means no limit. -mysql.max_persistent = -1 - -; Maximum number of links (persistent + non-persistent). -1 means no limit. -mysql.max_links = -1 - -; Default port number for mysql_connect(). If unset, mysql_connect() will use -; the $MYSQL_TCP_PORT or the mysql-tcp entry in /etc/services or the -; compile-time value defined MYSQL_PORT (in that order). Win32 will only look -; at MYSQL_PORT. -mysql.default_port = - -; Default socket name for local MySQL connects. If empty, uses the built-in -; MySQL defaults. -mysql.default_socket = - -; Default host for mysql_connect() (doesn't apply in safe mode). -mysql.default_host = - -; Default user for mysql_connect() (doesn't apply in safe mode). -mysql.default_user = - -; Default password for mysql_connect() (doesn't apply in safe mode). -; Note that this is generally a *bad* idea to store passwords in this file. -; *Any* user with PHP access can run 'echo get_cfg_var("mysql.default_password") -; and reveal this password! And of course, any users with read access to this -; file will be able to reveal the password as well. -mysql.default_password = - -; Maximum time (in secondes) for connect timeout. -1 means no limit -mysql.connect_timeout = 60 - -; Trace mode. When trace_mode is active (=On), warnings for table/index scans and -; SQL-Errors will be displayed. -mysql.trace_mode = Off - -[MySQLi] - -; Maximum number of links. -1 means no limit. -mysqli.max_links = -1 - -; Default port number for mysqli_connect(). If unset, mysqli_connect() will use -; the $MYSQL_TCP_PORT or the mysql-tcp entry in /etc/services or the -; compile-time value defined MYSQL_PORT (in that order). Win32 will only look -; at MYSQL_PORT. -mysqli.default_port = 3306 - -; Default socket name for local MySQL connects. If empty, uses the built-in -; MySQL defaults. -mysqli.default_socket = - -; Default host for mysql_connect() (doesn't apply in safe mode). -mysqli.default_host = - -; Default user for mysql_connect() (doesn't apply in safe mode). -mysqli.default_user = - -; Default password for mysqli_connect() (doesn't apply in safe mode). -; Note that this is generally a *bad* idea to store passwords in this file. -; *Any* user with PHP access can run 'echo get_cfg_var("mysqli.default_pw") -; and reveal this password! And of course, any users with read access to this -; file will be able to reveal the password as well. -mysqli.default_pw = - -; Allow or prevent reconnect -mysqli.reconnect = Off - -[mSQL] -; Allow or prevent persistent links. -msql.allow_persistent = On - -; Maximum number of persistent links. -1 means no limit. -msql.max_persistent = -1 - -; Maximum number of links (persistent+non persistent). -1 means no limit. -msql.max_links = -1 - -[PostgresSQL] -; Allow or prevent persistent links. -pgsql.allow_persistent = On - -; Detect broken persistent links always with pg_pconnect(). -; Auto reset feature requires a little overheads. -pgsql.auto_reset_persistent = Off - -; Maximum number of persistent links. -1 means no limit. -pgsql.max_persistent = -1 - -; Maximum number of links (persistent+non persistent). -1 means no limit. -pgsql.max_links = -1 - -; Ignore PostgreSQL backends Notice message or not. -; Notice message logging require a little overheads. -pgsql.ignore_notice = 0 - -; Log PostgreSQL backends Noitce message or not. -; Unless pgsql.ignore_notice=0, module cannot log notice message. -pgsql.log_notice = 0 - -[Sybase] -; Allow or prevent persistent links. -sybase.allow_persistent = On - -; Maximum number of persistent links. -1 means no limit. -sybase.max_persistent = -1 - -; Maximum number of links (persistent + non-persistent). -1 means no limit. -sybase.max_links = -1 - -;sybase.interface_file = "/usr/sybase/interfaces" - -; Minimum error severity to display. -sybase.min_error_severity = 10 - -; Minimum message severity to display. -sybase.min_message_severity = 10 - -; Compatability mode with old versions of PHP 3.0. -; If on, this will cause PHP to automatically assign types to results according -; to their Sybase type, instead of treating them all as strings. This -; compatability mode will probably not stay around forever, so try applying -; whatever necessary changes to your code, and turn it off. -sybase.compatability_mode = Off - -[Sybase-CT] -; Allow or prevent persistent links. -sybct.allow_persistent = On - -; Maximum number of persistent links. -1 means no limit. -sybct.max_persistent = -1 - -; Maximum number of links (persistent + non-persistent). -1 means no limit. -sybct.max_links = -1 - -; Minimum server message severity to display. -sybct.min_server_severity = 10 - -; Minimum client message severity to display. -sybct.min_client_severity = 10 - -[bcmath] -; Number of decimal digits for all bcmath functions. -bcmath.scale = 0 - -[browscap] -;browscap = extra/browscap.ini - -[Informix] -; Default host for ifx_connect() (doesn't apply in safe mode). -ifx.default_host = - -; Default user for ifx_connect() (doesn't apply in safe mode). -ifx.default_user = - -; Default password for ifx_connect() (doesn't apply in safe mode). -ifx.default_password = - -; Allow or prevent persistent links. -ifx.allow_persistent = On - -; Maximum number of persistent links. -1 means no limit. -ifx.max_persistent = -1 - -; Maximum number of links (persistent + non-persistent). -1 means no limit. -ifx.max_links = -1 - -; If on, select statements return the contents of a text blob instead of its id. -ifx.textasvarchar = 0 - -; If on, select statements return the contents of a byte blob instead of its id. -ifx.byteasvarchar = 0 - -; Trailing blanks are stripped from fixed-length char columns. May help the -; life of Informix SE users. -ifx.charasvarchar = 0 - -; If on, the contents of text and byte blobs are dumped to a file instead of -; keeping them in memory. -ifx.blobinfile = 0 - -; NULL's are returned as empty strings, unless this is set to 1. In that case, -; NULL's are returned as string 'NULL'. -ifx.nullformat = 0 - -[Session] -; Handler used to store/retrieve data. -session.save_handler = files - -; Argument passed to save_handler. In the case of files, this is the path -; where data files are stored. Note: Windows users have to change this -; variable in order to use PHP's session functions. -; -; As of PHP 4.0.1, you can define the path as: -; -; session.save_path = "N;/path" -; -; where N is an integer. Instead of storing all the session files in -; /path, what this will do is use subdirectories N-levels deep, and -; store the session data in those directories. This is useful if you -; or your OS have problems with lots of files in one directory, and is -; a more efficient layout for servers that handle lots of sessions. -; -; NOTE 1: PHP will not create this directory structure automatically. -; You can use the script in the ext/session dir for that purpose. -; NOTE 2: See the section on garbage collection below if you choose to -; use subdirectories for session storage -; -; The file storage module creates files using mode 600 by default. -; You can change that by using -; -; session.save_path = "N;MODE;/path" -; -; where MODE is the octal representation of the mode. Note that this -; does not overwrite the process's umask. -session.save_path = "/var/lib/php/session" - -; Whether to use cookies. -session.use_cookies = 1 - -; This option enables administrators to make their users invulnerable to -; attacks which involve passing session ids in URLs; defaults to 0. -; session.use_only_cookies = 1 - -; Name of the session (used as cookie name). -session.name = PHPSESSID - -; Initialize session on request startup. -session.auto_start = 0 - -; Lifetime in seconds of cookie or, if 0, until browser is restarted. -session.cookie_lifetime = 0 - -; The path for which the cookie is valid. -session.cookie_path = / - -; The domain for which the cookie is valid. -session.cookie_domain = - -; Handler used to serialize data. php is the standard serializer of PHP. -session.serialize_handler = php - -; Define the probability that the 'garbage collection' process is started -; on every session initialization. -; The probability is calculated by using gc_probability/gc_divisor, -; e.g. 1/100 means there is a 1% chance that the GC process starts -; on each request. - -session.gc_probability = 1 -session.gc_divisor = 1000 - -; After this number of seconds, stored data will be seen as 'garbage' and -; cleaned up by the garbage collection process. -session.gc_maxlifetime = 1440 - -; NOTE: If you are using the subdirectory option for storing session files -; (see session.save_path above), then garbage collection does *not* -; happen automatically. You will need to do your own garbage -; collection through a shell script, cron entry, or some other method. -; For example, the following script would is the equivalent of -; setting session.gc_maxlifetime to 1440 (1440 seconds = 24 minutes): -; cd /path/to/sessions; find -cmin +24 | xargs rm - -; PHP 4.2 and less have an undocumented feature/bug that allows you to -; to initialize a session variable in the global scope, albeit register_globals -; is disabled. PHP 4.3 and later will warn you, if this feature is used. -; You can disable the feature and the warning separately. At this time, -; the warning is only displayed, if bug_compat_42 is enabled. - -session.bug_compat_42 = 0 -session.bug_compat_warn = 1 - -; Check HTTP Referer to invalidate externally stored URLs containing ids. -; HTTP_REFERER has to contain this substring for the session to be -; considered as valid. -session.referer_check = - -; How many bytes to read from the file. -session.entropy_length = 0 - -; Specified here to create the session id. -session.entropy_file = - -;session.entropy_length = 16 - -;session.entropy_file = /dev/urandom - -; Set to {nocache,private,public,} to determine HTTP caching aspects -; or leave this empty to avoid sending anti-caching headers. -session.cache_limiter = nocache - -; Document expires after n minutes. -session.cache_expire = 180 - -; trans sid support is disabled by default. -; Use of trans sid may risk your users security. -; Use this option with caution. -; - User may send URL contains active session ID -; to other person via. email/irc/etc. -; - URL that contains active session ID may be stored -; in publically accessible computer. -; - User may access your site with the same session ID -; always using URL stored in browser's history or bookmarks. -session.use_trans_sid = 0 - -; Select a hash function -; 0: MD5 (128 bits) -; 1: SHA-1 (160 bits) -session.hash_function = 0 - -; Define how many bits are stored in each character when converting -; the binary hash data to something readable. -; -; 4 bits: 0-9, a-f -; 5 bits: 0-9, a-v -; 6 bits: 0-9, a-z, A-Z, "-", "," -session.hash_bits_per_character = 5 - -; The URL rewriter will look for URLs in a defined set of HTML tags. -; form/fieldset are special; if you include them here, the rewriter will -; add a hidden field with the info which is otherwise appended -; to URLs. If you want XHTML conformity, remove the form entry. -; Note that all valid entries require a "=", even if no value follows. -url_rewriter.tags = "a=href,area=href,frame=src,input=src,form=fakeentry" - -[MSSQL] -; Allow or prevent persistent links. -mssql.allow_persistent = On - -; Maximum number of persistent links. -1 means no limit. -mssql.max_persistent = -1 - -; Maximum number of links (persistent+non persistent). -1 means no limit. -mssql.max_links = -1 - -; Minimum error severity to display. -mssql.min_error_severity = 10 - -; Minimum message severity to display. -mssql.min_message_severity = 10 - -; Compatability mode with old versions of PHP 3.0. -mssql.compatability_mode = Off - -; Connect timeout -;mssql.connect_timeout = 5 - -; Query timeout -;mssql.timeout = 60 - -; Valid range 0 - 2147483647. Default = 4096. -;mssql.textlimit = 4096 - -; Valid range 0 - 2147483647. Default = 4096. -;mssql.textsize = 4096 - -; Limits the number of records in each batch. 0 = all records in one batch. -;mssql.batchsize = 0 - -; Specify how datetime and datetim4 columns are returned -; On => Returns data converted to SQL server settings -; Off => Returns values as YYYY-MM-DD hh:mm:ss -;mssql.datetimeconvert = On - -; Use NT authentication when connecting to the server -mssql.secure_connection = Off - -; Specify max number of processes. -1 = library default -; msdlib defaults to 25 -; FreeTDS defaults to 4096 -;mssql.max_procs = -1 - -; Specify client character set. -; If empty or not set the client charset from freetds.comf is used -; This is only used when compiled with FreeTDS -;mssql.charset = "ISO-8859-1" - -[Assertion] -; Assert(expr); active by default. -;assert.active = On - -; Issue a PHP warning for each failed assertion. -;assert.warning = On - -; Don't bail out by default. -;assert.bail = Off - -; User-function to be called if an assertion fails. -;assert.callback = 0 - -; Eval the expression with current error_reporting(). Set to true if you want -; error_reporting(0) around the eval(). -;assert.quiet_eval = 0 - -[Verisign Payflow Pro] -; Default Payflow Pro server. -pfpro.defaulthost = "test-payflow.verisign.com" - -; Default port to connect to. -pfpro.defaultport = 443 - -; Default timeout in seconds. -pfpro.defaulttimeout = 30 - -; Default proxy IP address (if required). -;pfpro.proxyaddress = - -; Default proxy port. -;pfpro.proxyport = - -; Default proxy logon. -;pfpro.proxylogon = - -; Default proxy password. -;pfpro.proxypassword = - -[COM] -; path to a file containing GUIDs, IIDs or filenames of files with TypeLibs -;com.typelib_file = -; allow Distributed-COM calls -;com.allow_dcom = true -; autoregister constants of a components typlib on com_load() -;com.autoregister_typelib = true -; register constants casesensitive -;com.autoregister_casesensitive = false -; show warnings on duplicate constat registrations -;com.autoregister_verbose = true - -[mbstring] -; language for internal character representation. -;mbstring.language = Japanese - -; internal/script encoding. -; Some encoding cannot work as internal encoding. -; (e.g. SJIS, BIG5, ISO-2022-*) -;mbstring.internal_encoding = EUC-JP - -; http input encoding. -;mbstring.http_input = auto - -; http output encoding. mb_output_handler must be -; registered as output buffer to function -;mbstring.http_output = SJIS - -; enable automatic encoding translation according to -; mbstring.internal_encoding setting. Input chars are -; converted to internal encoding by setting this to On. -; Note: Do _not_ use automatic encoding translation for -; portable libs/applications. -;mbstring.encoding_translation = Off - -; automatic encoding detection order. -; auto means -;mbstring.detect_order = auto - -; substitute_character used when character cannot be converted -; one from another -;mbstring.substitute_character = none; - -; overload(replace) single byte functions by mbstring functions. -; mail(), ereg(), etc are overloaded by mb_send_mail(), mb_ereg(), -; etc. Possible values are 0,1,2,4 or combination of them. -; For example, 7 for overload everything. -; 0: No overload -; 1: Overload mail() function -; 2: Overload str*() functions -; 4: Overload ereg*() functions -;mbstring.func_overload = 0 - -; enable strict encoding detection. -;mbstring.strict_encoding = Off - -[FrontBase] -;fbsql.allow_persistent = On -;fbsql.autocommit = On -;fbsql.default_database = -;fbsql.default_database_password = -;fbsql.default_host = -;fbsql.default_password = -;fbsql.default_user = "_SYSTEM" -;fbsql.generate_warnings = Off -;fbsql.max_connections = 128 -;fbsql.max_links = 128 -;fbsql.max_persistent = -1 -;fbsql.max_results = 128 -;fbsql.batchSize = 1000 - -[gd] -; Tell the jpeg decode to libjpeg warnings and try to create -; a gd image. The warning will then be displayed as notices -; disabled by default -;gd.jpeg_ignore_warning = 0 - -[exif] -; Exif UNICODE user comments are handled as UCS-2BE/UCS-2LE and JIS as JIS. -; With mbstring support this will automatically be converted into the encoding -; given by corresponding encode setting. When empty mbstring.internal_encoding -; is used. For the decode settings you can distinguish between motorola and -; intel byte order. A decode setting cannot be empty. -;exif.encode_unicode = ISO-8859-15 -;exif.decode_unicode_motorola = UCS-2BE -;exif.decode_unicode_intel = UCS-2LE -;exif.encode_jis = -;exif.decode_jis_motorola = JIS -;exif.decode_jis_intel = JIS - -[Tidy] -; The path to a default tidy configuration file to use when using tidy -;tidy.default_config = /usr/local/lib/php/default.tcfg - -; Should tidy clean and repair output automatically? -; WARNING: Do not use this option if you are generating non-html content -; such as dynamic images -tidy.clean_output = Off - -[soap] -; Enables or disables WSDL caching feature. -soap.wsdl_cache_enabled=1 -; Sets the directory name where SOAP extension will put cache files. -soap.wsdl_cache_dir="/tmp" -; (time to live) Sets the number of second while cached file will be used -; instead of original one. -soap.wsdl_cache_ttl=86400 - -; Local Variables: -; tab-width: 4 -; End: diff --git a/root/etc/puppet/puppet.conf b/root/etc/puppet/puppet.conf deleted file mode 100644 index 70dcb02..0000000 --- a/root/etc/puppet/puppet.conf +++ /dev/null @@ -1,29 +0,0 @@ -[main] - # Where Puppet stores dynamic and growing data. - # The default value is '/var/puppet'. - vardir = /var/lib/puppet - - # The Puppet log directory. - # The default value is '$vardir/log'. - logdir = /var/log/puppet - - # Where Puppet PID files are kept. - # The default value is '$vardir/run'. - rundir = /var/run/puppet - - # Where SSL certificates are kept. - # The default value is '$confdir/ssl'. - ssldir = $vardir/ssl - -[puppetd] - # The file in which puppetd stores a list of the classes - # associated with the retrieved configuratiion. Can be loaded in - # the separate ``puppet`` executable using the ``--loadclasses`` - # option. - # The default value is '$confdir/classes.txt'. - classfile = $vardir/classes.txt - - # Where puppetd caches the local configuration. An - # extension indicating the cache format is added automatically. - # The default value is '$confdir/localconfig'. - localconfig = $vardir/localconfig diff --git a/root/etc/resolv.conf b/root/etc/resolv.conf deleted file mode 100644 index b0fc624..0000000 --- a/root/etc/resolv.conf +++ /dev/null @@ -1,6 +0,0 @@ -; Created by cloud-init on instance boot automatically, do not edit. -; -search awsqualif.net aws.eu-west-1.censured_here -nameserver 192.168.0.1 -nameserver 192.168.0.2 -options timeout:2 rotate diff --git a/root/etc/samba/smb.conf b/root/etc/samba/smb.conf deleted file mode 100644 index d8f5237..0000000 --- a/root/etc/samba/smb.conf +++ /dev/null @@ -1,288 +0,0 @@ -# This is the main Samba configuration file. You should read the -# smb.conf(5) manual page in order to understand the options listed -# here. Samba has a huge number of configurable options (perhaps too -# many!) most of which are not shown in this example -# -# For a step to step guide on installing, configuring and using samba, -# read the Samba-HOWTO-Collection. This may be obtained from: -# http://www.samba.org/samba/docs/Samba-HOWTO-Collection.pdf -# -# Many working examples of smb.conf files can be found in the -# Samba-Guide which is generated daily and can be downloaded from: -# http://www.samba.org/samba/docs/Samba-Guide.pdf -# -# Any line which starts with a ; (semi-colon) or a # (hash) -# is a comment and is ignored. In this example we will use a # -# for commentry and a ; for parts of the config file that you -# may wish to enable -# -# NOTE: Whenever you modify this file you should run the command "testparm" -# to check that you have not made any basic syntactic errors. -# -#--------------- -# SELINUX NOTES: -# -# If you want to use the useradd/groupadd family of binaries please run: -# setsebool -P samba_domain_controller on -# -# If you want to share home directories via samba please run: -# setsebool -P samba_enable_home_dirs on -# -# If you create a new directory you want to share you should mark it as -# "samba-share_t" so that selinux will let you write into it. -# Make sure not to do that on system directories as they may already have -# been marked with othe SELinux labels. -# -# Use ls -ldZ /path to see which context a directory has -# -# Set labels only on directories you created! -# To set a label use the following: chcon -t samba_share_t /path -# -# If you need to share a system created directory you can use one of the -# following (read-only/read-write): -# setsebool -P samba_export_all_ro on -# or -# setsebool -P samba_export_all_rw on -# -# If you want to run scripts (preexec/root prexec/print command/...) please -# put them into the /var/lib/samba/scripts directory so that smbd will be -# allowed to run them. -# Make sure you COPY them and not MOVE them so that the right SELinux context -# is applied, to check all is ok use restorecon -R -v /var/lib/samba/scripts -# -#-------------- -# -#======================= Global Settings ===================================== - -[global] - -# ----------------------- Netwrok Related Options ------------------------- -# -# workgroup = NT-Domain-Name or Workgroup-Name, eg: MIDEARTH -# -# server string is the equivalent of the NT Description field -# -# netbios name can be used to specify a server name not tied to the hostname -# -# Interfaces lets you configure Samba to use multiple interfaces -# If you have multiple network interfaces then you can list the ones -# you want to listen on (never omit localhost) -# -# Hosts Allow/Hosts Deny lets you restrict who can connect, and you can -# specify it as a per share option as well -# - workgroup = MYGROUP - server string = Samba Server Version %v - -; netbios name = MYSERVER - -; interfaces = lo eth0 192.168.12.2/24 192.168.13.2/24 -; hosts allow = 127. 192.168.12. 192.168.13. - -# --------------------------- Logging Options ----------------------------- -# -# Log File let you specify where to put logs and how to split them up. -# -# Max Log Size let you specify the max size log files should reach - - # logs split per machine - log file = /var/log/samba/log.%m - # max 50KB per log file, then rotate - max log size = 50 - -# ----------------------- Standalone Server Options ------------------------ -# -# Scurity can be set to user, share(deprecated) or server(deprecated) -# -# Backend to store user information in. New installations should -# use either tdbsam or ldapsam. smbpasswd is available for backwards -# compatibility. tdbsam requires no further configuration. - - security = user - passdb backend = tdbsam - - -# ----------------------- Domain Members Options ------------------------ -# -# Security must be set to domain or ads -# -# Use the realm option only with security = ads -# Specifies the Active Directory realm the host is part of -# -# Backend to store user information in. New installations should -# use either tdbsam or ldapsam. smbpasswd is available for backwards -# compatibility. tdbsam requires no further configuration. -# -# Use password server option only with security = server or if you can't -# use the DNS to locate Domain Controllers -# The argument list may include: -# password server = My_PDC_Name [My_BDC_Name] [My_Next_BDC_Name] -# or to auto-locate the domain controller/s -# password server = * - - -; security = domain -; passdb backend = tdbsam -; realm = MY_REALM - -; password server = - -# ----------------------- Domain Controller Options ------------------------ -# -# Security must be set to user for domain controllers -# -# Backend to store user information in. New installations should -# use either tdbsam or ldapsam. smbpasswd is available for backwards -# compatibility. tdbsam requires no further configuration. -# -# Domain Master specifies Samba to be the Domain Master Browser. This -# allows Samba to collate browse lists between subnets. Don't use this -# if you already have a Windows NT domain controller doing this job -# -# Domain Logons let Samba be a domain logon server for Windows workstations. -# -# Logon Scrpit let yuou specify a script to be run at login time on the client -# You need to provide it in a share called NETLOGON -# -# Logon Path let you specify where user profiles are stored (UNC path) -# -# Various scripts can be used on a domain controller or stand-alone -# machine to add or delete corresponding unix accounts -# -; security = user -; passdb backend = tdbsam - -; domain master = yes -; domain logons = yes - - # the login script name depends on the machine name -; logon script = %m.bat - # the login script name depends on the unix user used -; logon script = %u.bat -; logon path = \\%L\Profiles\%u - # disables profiles support by specifying an empty path -; logon path = - -; add user script = /usr/sbin/useradd "%u" -n -g users -; add group script = /usr/sbin/groupadd "%g" -; add machine script = /usr/sbin/useradd -n -c "Workstation (%u)" -M -d /nohome -s /bin/false "%u" -; delete user script = /usr/sbin/userdel "%u" -; delete user from group script = /usr/sbin/userdel "%u" "%g" -; delete group script = /usr/sbin/groupdel "%g" - - -# ----------------------- Browser Control Options ---------------------------- -# -# set local master to no if you don't want Samba to become a master -# browser on your network. Otherwise the normal election rules apply -# -# OS Level determines the precedence of this server in master browser -# elections. The default value should be reasonable -# -# Preferred Master causes Samba to force a local browser election on startup -# and gives it a slightly higher chance of winning the election -; local master = no -; os level = 33 -; preferred master = yes - -#----------------------------- Name Resolution ------------------------------- -# Windows Internet Name Serving Support Section: -# Note: Samba can be either a WINS Server, or a WINS Client, but NOT both -# -# - WINS Support: Tells the NMBD component of Samba to enable it's WINS Server -# -# - WINS Server: Tells the NMBD components of Samba to be a WINS Client -# -# - WINS Proxy: Tells Samba to answer name resolution queries on -# behalf of a non WINS capable client, for this to work there must be -# at least one WINS Server on the network. The default is NO. -# -# DNS Proxy - tells Samba whether or not to try to resolve NetBIOS names -# via DNS nslookups. - -; wins support = yes -; wins server = w.x.y.z -; wins proxy = yes - -; dns proxy = yes - -# --------------------------- Printing Options ----------------------------- -# -# Load Printers let you load automatically the list of printers rather -# than setting them up individually -# -# Cups Options let you pass the cups libs custom options, setting it to raw -# for example will let you use drivers on your Windows clients -# -# Printcap Name let you specify an alternative printcap file -# -# You can choose a non default printing system using the Printing option - - load printers = yes - cups options = raw - -; printcap name = /etc/printcap - #obtain list of printers automatically on SystemV -; printcap name = lpstat -; printing = cups - -# --------------------------- Filesystem Options --------------------------- -# -# The following options can be uncommented if the filesystem supports -# Extended Attributes and they are enabled (usually by the mount option -# user_xattr). Thess options will let the admin store the DOS attributes -# in an EA and make samba not mess with the permission bits. -# -# Note: these options can also be set just per share, setting them in global -# makes them the default for all shares - -; map archive = no -; map hidden = no -; map read only = no -; map system = no -; store dos attributes = yes - - -#============================ Share Definitions ============================== - -[homes] - comment = Home Directories - browseable = no - writable = yes -; valid users = %S -; valid users = MYDOMAIN\%S - -[printers] - comment = All Printers - path = /var/spool/samba - browseable = no - guest ok = no - writable = no - printable = yes - -# Un-comment the following and create the netlogon directory for Domain Logons -; [netlogon] -; comment = Network Logon Service -; path = /var/lib/samba/netlogon -; guest ok = yes -; writable = no -; share modes = no - - -# Un-comment the following to provide a specific roving profile share -# the default is to use the user's home directory -; [Profiles] -; path = /var/lib/samba/profiles -; browseable = no -; guest ok = yes - - -# A publicly accessible directory, but read only, except for people in -# the "staff" group -; [public] -; comment = Public Stuff -; path = /home/samba -; public = yes -; writable = yes -; printable = no -; write list = +staff diff --git a/root/etc/security/limits.conf b/root/etc/security/limits.conf deleted file mode 100644 index 740c77e..0000000 --- a/root/etc/security/limits.conf +++ /dev/null @@ -1,58 +0,0 @@ -# /etc/security/limits.conf -# -#Each line describes a limit for a user in the form: -# -# -# -#Where: -# can be: -# - an user name -# - a group name, with @group syntax -# - the wildcard *, for default entry -# - the wildcard %, can be also used with %group syntax, -# for maxlogin limit -# -# can have the two values: -# - "soft" for enforcing the soft limits -# - "hard" for enforcing hard limits -# -# can be one of the following: -# - core - limits the core file size (KB) -# - data - max data size (KB) -# - fsize - maximum filesize (KB) -# - memlock - max locked-in-memory address space (KB) -# - nofile - max number of open files -# - rss - max resident set size (KB) -# - stack - max stack size (KB) -# - cpu - max CPU time (MIN) -# - nproc - max number of processes -# - as - address space limit -# - maxlogins - max number of logins for this user -# - maxsyslogins - max number of logins on the system -# - priority - the priority to run user process with -# - locks - max number of file locks the user can hold -# - sigpending - max number of pending signals -# - msgqueue - max memory used by POSIX message queues (bytes) -# - nice - max nice priority allowed to raise to -# - rtprio - max realtime priority -# -# -# - -#* soft core 0 -#* hard rss 10000 -#@student hard nproc 20 -#@faculty soft nproc 20 -#@faculty hard nproc 50 -#ftp hard nproc 0 -#@student - maxlogins 4 - -# End of file - -## Automatically appended by jack-audio-connection-kit -@jackuser - rtprio 20 -@jackuser - memlock 4194304 - -## Automatically appended by jack-audio-connection-kit -@pulse-rt - rtprio 20 -@pulse-rt - nice -20 diff --git a/root/etc/selinux/semanage.conf b/root/etc/selinux/semanage.conf deleted file mode 100644 index 406f16f..0000000 --- a/root/etc/selinux/semanage.conf +++ /dev/null @@ -1,60 +0,0 @@ -# Authors: Jason Tang -# -# Copyright (C) 2004-2005 Tresys Technology, LLC -# -# This library is free software; you can redistribute it and/or -# modify it under the terms of the GNU Lesser General Public -# License as published by the Free Software Foundation; either -# version 2.1 of the License, or (at your option) any later version. -# -# This library is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU -# Lesser General Public License for more details. -# -# You should have received a copy of the GNU Lesser General Public -# License along with this library; if not, write to the Free Software -# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA -# -# Specify how libsemanage will interact with a SELinux policy manager. -# The four options are: -# -# "source" - libsemanage manipulates a source SELinux policy -# "direct" - libsemanage will write directly to a module store. -# /foo/bar - Write by way of a policy management server, whose -# named socket is at /foo/bar. The path must begin -# with a '/'. -# foo.com:4242 - Establish a TCP connection to a remote policy -# management server at foo.com. If there is a colon -# then the remainder is interpreted as a port number; -# otherwise default to port 4242. -module-store = direct - -# When generating the final linked and expanded policy, by default -# semanage will set the policy version to POLICYDB_VERSION_MAX, as -# given in . Change this setting if a different -# version is necessary. -#policy-version = 19 - -# expand-check check neverallow rules when executing all semanage -# commands. There might be a penalty in execution time if this -# option is enabled. -expand-check=0 - -# usepasswd check tells semanage to scan all pass word records for home directories -# and setup the labeling correctly. If this is turned off, SELinux will label only /home -# and home directories of users with SELinux login mappings defined, see -# semanage login -l for the list of such users. -# If you want to use a different home directory, you will need to use semanage fcontext command. -# For example, if you had home dirs in /althome directory you would have to execute -# semanage fcontext -a -e /home /althome -usepasswd=False -bzip-small=true -bzip-blocksize=5 -ignoredirs=/root;/bin;/boot;/dev;/etc;/lib;/lib64;/proc;/run;/sbin;/sys;/tmp;/usr;/var -optimize-policy=true - -[sefcontext_compile] -path = /usr/sbin/sefcontext_compile -args = -r $@ -[end] diff --git a/root/etc/services b/root/etc/services deleted file mode 100644 index 0f57519..0000000 --- a/root/etc/services +++ /dev/null @@ -1,387 +0,0 @@ -# /etc/services: -# $Id: services,v 1.44 2008/04/07 21:30:33 pknirsch Exp $ -# -# -# Truncated version of Fedora's /etc/services, the original is gigantic -# -# Network services, Internet style -# -# Note that it is presently the policy of IANA to assign a single well-known -# port number for both TCP and UDP; hence, most entries here have two entries -# even if the protocol doesn't support UDP operations. -# Updated from RFC 1700, ``Assigned Numbers'' (October 1994). Not all ports -# are included, only the more common ones. -# -# The latest IANA port assignments can be gotten from -# http://www.iana.org/assignments/port-numbers -# The Well Known Ports are those from 0 through 1023. -# The Registered Ports are those from 1024 through 49151 -# The Dynamic and/or Private Ports are those from 49152 through 65535 -# -# Each line describes one service, and is of the form: -# -# service-name port/protocol [aliases ...] [# comment] - -tcpmux 1/tcp # TCP port service multiplexer -tcpmux 1/udp # TCP port service multiplexer -rje 5/tcp # Remote Job Entry -rje 5/udp # Remote Job Entry -echo 7/tcp -echo 7/udp -discard 9/tcp sink null -discard 9/udp sink null -systat 11/tcp users -systat 11/udp users -daytime 13/tcp -daytime 13/udp -qotd 17/tcp quote -qotd 17/udp quote -msp 18/tcp # message send protocol -msp 18/udp # message send protocol -chargen 19/tcp ttytst source -chargen 19/udp ttytst source -ftp-data 20/tcp -ftp-data 20/udp -# 21 is registered to ftp, but also used by fsp -ftp 21/tcp -ftp 21/udp fsp fspd -ssh 22/tcp # SSH Remote Login Protocol -ssh 22/udp # SSH Remote Login Protocol -telnet 23/tcp -telnet 23/udp -# 24 - private mail system -lmtp 24/tcp # LMTP Mail Delivery -lmtp 24/udp # LMTP Mail Delivery -smtp 25/tcp mail -smtp 25/udp mail -time 37/tcp timserver -time 37/udp timserver -rlp 39/tcp resource # resource location -rlp 39/udp resource # resource location -nameserver 42/tcp name # IEN 116 -nameserver 42/udp name # IEN 116 -nicname 43/tcp whois -nicname 43/udp whois -tacacs 49/tcp # Login Host Protocol (TACACS) -tacacs 49/udp # Login Host Protocol (TACACS) -re-mail-ck 50/tcp # Remote Mail Checking Protocol -re-mail-ck 50/udp # Remote Mail Checking Protocol -domain 53/tcp # name-domain server -domain 53/udp -whois++ 63/tcp -whois++ 63/udp -bootps 67/tcp # BOOTP server -bootps 67/udp -bootpc 68/tcp dhcpc # BOOTP client -bootpc 68/udp dhcpc -tftp 69/tcp -tftp 69/udp -gopher 70/tcp # Internet Gopher -gopher 70/udp -netrjs-1 71/tcp # Remote Job Service -netrjs-1 71/udp # Remote Job Service -netrjs-2 72/tcp # Remote Job Service -netrjs-2 72/udp # Remote Job Service -netrjs-3 73/tcp # Remote Job Service -netrjs-3 73/udp # Remote Job Service -netrjs-4 74/tcp # Remote Job Service -netrjs-4 74/udp # Remote Job Service -finger 79/tcp -finger 79/udp -http 80/tcp www www-http # WorldWideWeb HTTP -http 80/udp www www-http # HyperText Transfer Protocol -kerberos 88/tcp kerberos5 krb5 # Kerberos v5 -kerberos 88/udp kerberos5 krb5 # Kerberos v5 -supdup 95/tcp -supdup 95/udp -hostname 101/tcp hostnames # usually from sri-nic -hostname 101/udp hostnames # usually from sri-nic -iso-tsap 102/tcp tsap # part of ISODE. -csnet-ns 105/tcp cso # also used by CSO name server -csnet-ns 105/udp cso -# unfortunately the poppassd (Eudora) uses a port which has already -# been assigned to a different service. We list the poppassd as an -# alias here. This should work for programs asking for this service. -# (due to a bug in inetd the 3com-tsmux line is disabled) -#3com-tsmux 106/tcp poppassd -#3com-tsmux 106/udp poppassd -rtelnet 107/tcp # Remote Telnet -rtelnet 107/udp -pop2 109/tcp pop-2 postoffice # POP version 2 -pop2 109/udp pop-2 -pop3 110/tcp pop-3 # POP version 3 -pop3 110/udp pop-3 -sunrpc 111/tcp portmapper rpcbind # RPC 4.0 portmapper TCP -sunrpc 111/udp portmapper rpcbind # RPC 4.0 portmapper UDP -auth 113/tcp authentication tap ident -auth 113/udp authentication tap ident -sftp 115/tcp -sftp 115/udp -uucp-path 117/tcp -uucp-path 117/udp -nntp 119/tcp readnews untp # USENET News Transfer Protocol -nntp 119/udp readnews untp # USENET News Transfer Protocol -ntp 123/tcp -ntp 123/udp # Network Time Protocol -netbios-ns 137/tcp # NETBIOS Name Service -netbios-ns 137/udp -netbios-dgm 138/tcp # NETBIOS Datagram Service -netbios-dgm 138/udp -netbios-ssn 139/tcp # NETBIOS session service -netbios-ssn 139/udp -imap 143/tcp imap2 # Interim Mail Access Proto v2 -imap 143/udp imap2 -snmp 161/tcp # Simple Net Mgmt Proto -snmp 161/udp # Simple Net Mgmt Proto -snmptrap 162/tcp # SNMPTRAP -snmptrap 162/udp snmp-trap # Traps for SNMP -cmip-man 163/tcp # ISO mgmt over IP (CMOT) -cmip-man 163/udp -cmip-agent 164/tcp -cmip-agent 164/udp -mailq 174/tcp # MAILQ -mailq 174/udp # MAILQ -xdmcp 177/tcp # X Display Mgr. Control Proto -xdmcp 177/udp -nextstep 178/tcp NeXTStep NextStep # NeXTStep window -nextstep 178/udp NeXTStep NextStep # server -bgp 179/tcp # Border Gateway Proto. -bgp 179/udp -prospero 191/tcp # Cliff Neuman's Prospero -prospero 191/udp -irc 194/tcp # Internet Relay Chat -irc 194/udp -smux 199/tcp # SNMP Unix Multiplexer -smux 199/udp -at-rtmp 201/tcp # AppleTalk routing -at-rtmp 201/udp -at-nbp 202/tcp # AppleTalk name binding -at-nbp 202/udp -at-echo 204/tcp # AppleTalk echo -at-echo 204/udp -at-zis 206/tcp # AppleTalk zone information -at-zis 206/udp -qmtp 209/tcp # Quick Mail Transfer Protocol -qmtp 209/udp # Quick Mail Transfer Protocol -z39.50 210/tcp z3950 wais # NISO Z39.50 database -z39.50 210/udp z3950 wais -ipx 213/tcp # IPX -ipx 213/udp -imap3 220/tcp # Interactive Mail Access -imap3 220/udp # Protocol v3 -link 245/tcp ttylink -link 245/udp ttylink -fatserv 347/tcp # Fatmen Server -fatserv 347/udp # Fatmen Server -rsvp_tunnel 363/tcp -rsvp_tunnel 363/udp -odmr 366/tcp # odmr required by fetchmail -odmr 366/udp # odmr required by fetchmail -rpc2portmap 369/tcp -rpc2portmap 369/udp # Coda portmapper -codaauth2 370/tcp -codaauth2 370/udp # Coda authentication server -ulistproc 372/tcp ulistserv # UNIX Listserv -ulistproc 372/udp ulistserv -ldap 389/tcp -ldap 389/udp -svrloc 427/tcp # Server Location Protocl -svrloc 427/udp # Server Location Protocl -mobileip-agent 434/tcp -mobileip-agent 434/udp -mobilip-mn 435/tcp -mobilip-mn 435/udp -https 443/tcp # MCom -https 443/udp # MCom -snpp 444/tcp # Simple Network Paging Protocol -snpp 444/udp # Simple Network Paging Protocol -microsoft-ds 445/tcp -microsoft-ds 445/udp -kpasswd 464/tcp kpwd # Kerberos "passwd" -kpasswd 464/udp kpwd # Kerberos "passwd" -photuris 468/tcp -photuris 468/udp -saft 487/tcp # Simple Asynchronous File Transfer -saft 487/udp # Simple Asynchronous File Transfer -gss-http 488/tcp -gss-http 488/udp -pim-rp-disc 496/tcp -pim-rp-disc 496/udp -isakmp 500/tcp -isakmp 500/udp -gdomap 538/tcp # GNUstep distributed objects -gdomap 538/udp # GNUstep distributed objects -iiop 535/tcp -iiop 535/udp -dhcpv6-client 546/tcp -dhcpv6-client 546/udp -dhcpv6-server 547/tcp -dhcpv6-server 547/udp -rtsp 554/tcp # Real Time Stream Control Protocol -rtsp 554/udp # Real Time Stream Control Protocol -nntps 563/tcp # NNTP over SSL -nntps 563/udp # NNTP over SSL -whoami 565/tcp -whoami 565/udp -submission 587/tcp msa # mail message submission -submission 587/udp msa # mail message submission -npmp-local 610/tcp dqs313_qmaster # npmp-local / DQS -npmp-local 610/udp dqs313_qmaster # npmp-local / DQS -npmp-gui 611/tcp dqs313_execd # npmp-gui / DQS -npmp-gui 611/udp dqs313_execd # npmp-gui / DQS -hmmp-ind 612/tcp dqs313_intercell # HMMP Indication / DQS -hmmp-ind 612/udp dqs313_intercell # HMMP Indication / DQS -ipp 631/tcp # Internet Printing Protocol -ipp 631/udp # Internet Printing Protocol -ldaps 636/tcp # LDAP over SSL -ldaps 636/udp # LDAP over SSL -acap 674/tcp -acap 674/udp -ha-cluster 694/tcp # Heartbeat HA-cluster -ha-cluster 694/udp # Heartbeat HA-cluster -kerberos-adm 749/tcp # Kerberos `kadmin' (v5) -kerberos-adm 749/udp # kerberos administration -kerberos-iv 750/udp kerberos4 kerberos-sec kdc loadav -kerberos-iv 750/tcp kerberos4 kerberos-sec kdc rfile -webster 765/tcp # Network dictionary -webster 765/udp -phonebook 767/tcp # Network phonebook -phonebook 767/udp -rsync 873/tcp # rsync -rsync 873/udp # rsync -rquotad 875/tcp # rquota daemon -rquotad 875/udp # rquota daemon -telnets 992/tcp -telnets 992/udp -imaps 993/tcp # IMAP over SSL -imaps 993/udp # IMAP over SSL -ircs 994/tcp -ircs 994/udp -pop3s 995/tcp # POP-3 over SSL -pop3s 995/udp # POP-3 over SSL - -# -# UNIX specific services -# -exec 512/tcp -biff 512/udp comsat -login 513/tcp -who 513/udp whod -shell 514/tcp cmd # no passwords used -syslog 514/udp -printer 515/tcp spooler # line printer spooler -printer 515/udp spooler # line printer spooler -talk 517/udp -ntalk 518/udp -utime 519/tcp unixtime -utime 519/udp unixtime -efs 520/tcp -router 520/udp route routed # RIP -ripng 521/tcp -ripng 521/udp -timed 525/tcp timeserver -timed 525/udp timeserver -tempo 526/tcp newdate -courier 530/tcp rpc -conference 531/tcp chat -netnews 532/tcp -netwall 533/udp # -for emergency broadcasts -uucp 540/tcp uucpd # uucp daemon -klogin 543/tcp # Kerberized `rlogin' (v5) -kshell 544/tcp krcmd # Kerberized `rsh' (v5) -afpovertcp 548/tcp # AFP over TCP -afpovertcp 548/udp # AFP over TCP -remotefs 556/tcp rfs_server rfs # Brunhoff remote filesystem - -# -# From ``PORT NUMBERS'': -# -#>REGISTERED PORT NUMBERS -#> -#>The Registered Ports are listed by the IANA and on most systems can be -#>used by ordinary user processes or programs executed by ordinary -#>users. -#> -#>Ports are used in the TCP [RFC793] to name the ends of logical -#>connections which carry long term conversations. For the purpose of -#>providing services to unknown callers, a service contact port is -#>defined. This list specifies the port used by the server process as -#>its contact port. -#> -#>The IANA registers uses of these ports as a convienence to the -#>community. -# -socks 1080/tcp # socks proxy server -socks 1080/udp # socks proxy server - -# Port 1236 is registered as `bvcontrol', but is also used by the -# Gracilis Packeten remote config server. The official name is listed as -# the primary name, with the unregistered name as an alias. -bvcontrol 1236/tcp rmtcfg # Daniel J. Walsh, Gracilis Packeten remote config server -bvcontrol 1236/udp # Daniel J. Walsh - -h323hostcallsc 1300/tcp # H323 Host Call Secure -h323hostcallsc 1300/udp # H323 Host Call Secure -ms-sql-s 1433/tcp # Microsoft-SQL-Server -ms-sql-s 1433/udp # Microsoft-SQL-Server -ms-sql-m 1434/tcp # Microsoft-SQL-Monitor -ms-sql-m 1434/udp # Microsoft-SQL-Monitor -ica 1494/tcp # Citrix ICA Client -ica 1494/udp # Citrix ICA Client -wins 1512/tcp # Microsoft's Windows Internet Name Service -wins 1512/udp # Microsoft's Windows Internet Name Service -ingreslock 1524/tcp -ingreslock 1524/udp -prospero-np 1525/tcp orasrv # Prospero non-privileged/oracle -prospero-np 1525/udp orasrv -datametrics 1645/tcp old-radius sightline # datametrics / old radius entry -datametrics 1645/udp old-radius sightline # datametrics / old radius entry -sa-msg-port 1646/tcp old-radacct # sa-msg-port / old radacct entry -sa-msg-port 1646/udp old-radacct # sa-msg-port / old radacct entry -kermit 1649/tcp -kermit 1649/udp -l2tp 1701/tcp l2f -l2tp 1701/udp l2f -h323gatedisc 1718/tcp -h323gatedisc 1718/udp -h323gatestat 1719/tcp -h323gatestat 1719/udp -h323hostcall 1720/tcp -h323hostcall 1720/udp -tftp-mcast 1758/tcp -tftp-mcast 1758/udp -mtftp 1759/udp spss-lm -hello 1789/tcp -hello 1789/udp -radius 1812/tcp # Radius -radius 1812/udp # Radius -radius-acct 1813/tcp radacct # Radius Accounting -radius-acct 1813/udp radacct # Radius Accounting -mtp 1911/tcp # -mtp 1911/udp # -hsrp 1985/tcp # Cisco Hot Standby Router Protocol -hsrp 1985/udp # Cisco Hot Standby Router Protocol -licensedaemon 1986/tcp -licensedaemon 1986/udp -gdp-port 1997/tcp # Cisco Gateway Discovery Protocol -gdp-port 1997/udp # Cisco Gateway Discovery Protocol -sieve 2000/tcp cisco-sccp # Sieve Mail Filter Daemon -sieve 2000/udp cisco-sccp # Sieve Mail Filter Daemon -nfs 2049/tcp nfsd shilp -nfs 2049/udp nfsd shilp -zephyr-srv 2102/tcp # Zephyr server -zephyr-srv 2102/udp # Zephyr server -zephyr-clt 2103/tcp # Zephyr serv-hm connection -zephyr-clt 2103/udp # Zephyr serv-hm connection -zephyr-hm 2104/tcp # Zephyr hostmanager -zephyr-hm 2104/udp # Zephyr hostmanager -cvspserver 2401/tcp # CVS client/server operations -cvspserver 2401/udp # CVS client/server operations -venus 2430/tcp # codacon port -venus 2430/udp # Venus callback/wbc interface -venus-se 2431/tcp # tcp side effects -venus-se 2431/udp # udp sftp side effect -codasrv 2432/tcp # not used -codasrv 2432/udp # server port -codasrv-se 2433/tcp # tcp side effects -codasrv-se 2433/udp # udp sftp side effectQ diff --git a/root/etc/shadow b/root/etc/shadow deleted file mode 100644 index fe6fd3f..0000000 --- a/root/etc/shadow +++ /dev/null @@ -1,19 +0,0 @@ -root:$5$rounds=1000$TMTRLLOM$h24vGZsHaf6aNdz3dsUuE4z/fy5at1Luuu.FBI6D6M:16200::999999:7::: -bin:x:16200::999999:7::: -daemon:x:16200::999999:7::: -adm:x:16200::999999:7::: -lp:x:16200::999999:7::: -sync:x:16200::999999:7::: -shutdown:x:16200::999999:7::: -halt:x:16200::999999:7::: -mail:x:16200::999999:7::: -uucp:x:16200::999999:7::: -operator:x:16200::999999:7::: -games:x:16200::999999:7::: -gopher:x:16200::999999:7::: -ftp:x:16200::999999:7::: -nobody:x:16200::999999:7::: -vcsa:x:16200::999999:7::: -rpc:x:16200::999999:7::: -rpcuser:x:16200::999999:7::: -nfsnobody:x:16200::999999:7::: diff --git a/root/etc/squid/squid.conf b/root/etc/squid/squid.conf deleted file mode 100644 index 92d4871..0000000 --- a/root/etc/squid/squid.conf +++ /dev/null @@ -1,4725 +0,0 @@ - -# WELCOME TO SQUID 3.0.STABLE13 -# ---------------------------- -# -# This is the default Squid configuration file. You may wish -# to look at the Squid home page (http://www.squid-cache.org/) -# for the FAQ and other documentation. -# -# The default Squid config file shows what the defaults for -# various options happen to be. If you don't need to change the -# default, you shouldn't uncomment the line. Doing so may cause -# run-time problems. In some cases "none" refers to no default -# setting at all, while in other cases it refers to a valid -# option - the comments for that keyword indicate if this is the -# case. -# - - -# Configuration options can be included using the "include" directive. -# Include takes a list of files to include. Quoting and wildcards is -# supported. -# -# For example, -# -# include /path/to/included/file/squid.acl.config -# -# Includes can be nested up to a hard-coded depth of 16 levels. -# This arbitrary restriction is to prevent recursive include references -# from causing Squid entering an infinite loop whilst trying to load -# configuration files. - - -# OPTIONS FOR AUTHENTICATION -# ----------------------------------------------------------------------------- - -# TAG: auth_param -# This is used to define parameters for the various authentication -# schemes supported by Squid. -# -# format: auth_param scheme parameter [setting] -# -# The order in which authentication schemes are presented to the client is -# dependent on the order the scheme first appears in config file. IE -# has a bug (it's not RFC 2617 compliant) in that it will use the basic -# scheme if basic is the first entry presented, even if more secure -# schemes are presented. For now use the order in the recommended -# settings section below. If other browsers have difficulties (don't -# recognize the schemes offered even if you are using basic) either -# put basic first, or disable the other schemes (by commenting out their -# program entry). -# -# Once an authentication scheme is fully configured, it can only be -# shutdown by shutting squid down and restarting. Changes can be made on -# the fly and activated with a reconfigure. I.E. You can change to a -# different helper, but not unconfigure the helper completely. -# -# Please note that while this directive defines how Squid processes -# authentication it does not automatically activate authentication. -# To use authentication you must in addition make use of ACLs based -# on login name in http_access (proxy_auth, proxy_auth_regex or -# external with %LOGIN used in the format tag). The browser will be -# challenged for authentication on the first such acl encountered -# in http_access processing and will also be re-challenged for new -# login credentials if the request is being denied by a proxy_auth -# type acl. -# -# WARNING: authentication can't be used in a transparently intercepting -# proxy as the client then thinks it is talking to an origin server and -# not the proxy. This is a limitation of bending the TCP/IP protocol to -# transparently intercepting port 80, not a limitation in Squid. -# Ports flagged 'transparent' or 'tproxy' have authentication disabled. -# -# === Parameters for the basic scheme follow. === -# -# "program" cmdline -# Specify the command for the external authenticator. Such a program -# reads a line containing "username password" and replies "OK" or -# "ERR" in an endless loop. "ERR" responses may optionally be followed -# by a error description available as %m in the returned error page. -# If you use an authenticator, make sure you have 1 acl of type proxy_auth. -# -# By default, the basic authentication scheme is not used unless a -# program is specified. -# -# If you want to use the traditional NCSA proxy authentication, set -# this line to something like -# -# auth_param basic program /usr/libexec/ncsa_auth /usr/etc/passwd -# -# "children" numberofchildren -# The number of authenticator processes to spawn. If you start too few -# Squid will have to wait for them to process a backlog of credential -# verifications, slowing it down. When password verifications are -# done via a (slow) network you are likely to need lots of -# authenticator processes. -# auth_param basic children 5 -# -# "concurrency" concurrency -# The number of concurrent requests the helper can process. -# The default of 0 is used for helpers who only supports -# one request at a time. Setting this changes the protocol used to -# include a channel number first on the request/response line, allowing -# multiple requests to be sent to the same helper in parallel without -# wating for the response. -# Must not be set unless it's known the helper supports this. -# auth_param basic concurrency 0 -# -# "realm" realmstring -# Specifies the realm name which is to be reported to the -# client for the basic proxy authentication scheme (part of -# the text the user will see when prompted their username and -# password). There is no default. -# auth_param basic realm Squid proxy-caching web server -# -# "credentialsttl" timetolive -# Specifies how long squid assumes an externally validated -# username:password pair is valid for - in other words how -# often the helper program is called for that user. Set this -# low to force revalidation with short lived passwords. Note -# setting this high does not impact your susceptibility -# to replay attacks unless you are using an one-time password -# system (such as SecureID). If you are using such a system, -# you will be vulnerable to replay attacks unless you also -# use the max_user_ip ACL in an http_access rule. -# -# "casesensitive" on|off -# Specifies if usernames are case sensitive. Most user databases are -# case insensitive allowing the same username to be spelled using both -# lower and upper case letters, but some are case sensitive. This -# makes a big difference for user_max_ip ACL processing and similar. -# auth_param basic casesensitive off -# -# === Parameters for the digest scheme follow === -# -# "program" cmdline -# Specify the command for the external authenticator. Such -# a program reads a line containing "username":"realm" and -# replies with the appropriate H(A1) value hex encoded or -# ERR if the user (or his H(A1) hash) does not exists. -# See rfc 2616 for the definition of H(A1). -# "ERR" responses may optionally be followed by a error description -# available as %m in the returned error page. -# -# By default, the digest authentication scheme is not used unless a -# program is specified. -# -# If you want to use a digest authenticator, set this line to -# something like -# -# auth_param digest program /usr/bin/digest_auth_pw /usr/etc/digpass -# -# "children" numberofchildren -# The number of authenticator processes to spawn (no default). -# If you start too few Squid will have to wait for them to -# process a backlog of H(A1) calculations, slowing it down. -# When the H(A1) calculations are done via a (slow) network -# you are likely to need lots of authenticator processes. -# auth_param digest children 5 -# -# "realm" realmstring -# Specifies the realm name which is to be reported to the -# client for the digest proxy authentication scheme (part of -# the text the user will see when prompted their username and -# password). There is no default. -# auth_param digest realm Squid proxy-caching web server -# -# "nonce_garbage_interval" timeinterval -# Specifies the interval that nonces that have been issued -# to client_agent's are checked for validity. -# -# "nonce_max_duration" timeinterval -# Specifies the maximum length of time a given nonce will be -# valid for. -# -# "nonce_max_count" number -# Specifies the maximum number of times a given nonce can be -# used. -# -# "nonce_strictness" on|off -# Determines if squid requires strict increment-by-1 behavior -# for nonce counts, or just incrementing (off - for use when -# useragents generate nonce counts that occasionally miss 1 -# (ie, 1,2,4,6)). Default off. -# -# "check_nonce_count" on|off -# This directive if set to off can disable the nonce count check -# completely to work around buggy digest qop implementations in -# certain mainstream browser versions. Default on to check the -# nonce count to protect from authentication replay attacks. -# -# "post_workaround" on|off -# This is a workaround to certain buggy browsers who sends -# an incorrect request digest in POST requests when reusing -# the same nonce as acquired earlier on a GET request. -# -# === NTLM scheme options follow === -# -# "program" cmdline -# Specify the command for the external NTLM authenticator. -# Such a program reads exchanged NTLMSSP packets with -# the browser via Squid until authentication is completed. -# If you use an NTLM authenticator, make sure you have 1 acl -# of type proxy_auth. By default, the NTLM authenticator_program -# is not used. -# -# auth_param ntlm program /usr/bin/ntlm_auth -# -# "children" numberofchildren -# The number of authenticator processes to spawn (no default). -# If you start too few Squid will have to wait for them to -# process a backlog of credential verifications, slowing it -# down. When credential verifications are done via a (slow) -# network you are likely to need lots of authenticator -# processes. -# -# auth_param ntlm children 5 -# -# "keep_alive" on|off -# If you experience problems with PUT/POST requests when using the -# Negotiate authentication scheme then you can try setting this to -# off. This will cause Squid to forcibly close the connection on -# the initial requests where the browser asks which schemes are -# supported by the proxy. -# -# auth_param ntlm keep_alive on -# -# === Options for configuring the NEGOTIATE auth-scheme follow === -# -# "program" cmdline -# Specify the command for the external Negotiate authenticator. -# This protocol is used in Microsoft Active-Directory enabled setups with -# the Microsoft Internet Explorer or Mozilla Firefox browsers. -# Its main purpose is to exchange credentials with the Squid proxy -# using the Kerberos mechanisms. -# If you use a Negotiate authenticator, make sure you have at least one acl -# of type proxy_auth active. By default, the negotiate authenticator_program -# is not used. -# The only supported program for this role is the ntlm_auth -# program distributed as part of Samba, version 4 or later. -# -# auth_param negotiate program /usr/bin/ntlm_auth --helper-protocol=gss-spnego -# -# "children" numberofchildren -# The number of authenticator processes to spawn (no default). -# If you start too few Squid will have to wait for them to -# process a backlog of credential verifications, slowing it -# down. When crendential verifications are done via a (slow) -# network you are likely to need lots of authenticator -# processes. -# auth_param negotiate children 5 -# -# "keep_alive" on|off -# If you experience problems with PUT/POST requests when using the -# Negotiate authentication scheme then you can try setting this to -# off. This will cause Squid to forcibly close the connection on -# the initial requests where the browser asks which schemes are -# supported by the proxy. -# -# auth_param negotiate keep_alive on -# -#Recommended minimum configuration per scheme: -#auth_param negotiate program -#auth_param negotiate children 5 -#auth_param negotiate keep_alive on -#auth_param ntlm program -#auth_param ntlm children 5 -#auth_param ntlm keep_alive on -#auth_param digest program -#auth_param digest children 5 -#auth_param digest realm Squid proxy-caching web server -#auth_param digest nonce_garbage_interval 5 minutes -#auth_param digest nonce_max_duration 30 minutes -#auth_param digest nonce_max_count 50 -#auth_param basic program -#auth_param basic children 5 -#auth_param basic realm Squid proxy-caching web server -#auth_param basic credentialsttl 2 hours - -# TAG: authenticate_cache_garbage_interval -# The time period between garbage collection across the username cache. -# This is a tradeoff between memory utilization (long intervals - say -# 2 days) and CPU (short intervals - say 1 minute). Only change if you -# have good reason to. -# -#Default: -# authenticate_cache_garbage_interval 1 hour - -# TAG: authenticate_ttl -# The time a user & their credentials stay in the logged in -# user cache since their last request. When the garbage -# interval passes, all user credentials that have passed their -# TTL are removed from memory. -# -#Default: -# authenticate_ttl 1 hour - -# TAG: authenticate_ip_ttl -# If you use proxy authentication and the 'max_user_ip' ACL, -# this directive controls how long Squid remembers the IP -# addresses associated with each user. Use a small value -# (e.g., 60 seconds) if your users might change addresses -# quickly, as is the case with dialups. You might be safe -# using a larger value (e.g., 2 hours) in a corporate LAN -# environment with relatively static address assignments. -# -#Default: -# authenticate_ip_ttl 0 seconds - - -# ACCESS CONTROLS -# ----------------------------------------------------------------------------- - -# TAG: external_acl_type -# This option defines external acl classes using a helper program -# to look up the status -# -# external_acl_type name [options] FORMAT.. /path/to/helper [helper arguments..] -# -# Options: -# -# ttl=n TTL in seconds for cached results (defaults to 3600 -# for 1 hour) -# negative_ttl=n -# TTL for cached negative lookups (default same -# as ttl) -# children=n Number of acl helper processes spawn to service -# external acl lookups of this type. (default 5) -# concurrency=n concurrency level per process. Only used with helpers -# capable of processing more than one query at a time. -# cache=n result cache size, 0 is unbounded (default) -# grace=n Percentage remaining of TTL where a refresh of a -# cached entry should be initiated without needing to -# wait for a new reply. (default 0 for no grace period) -# protocol=2.5 Compatibility mode for Squid-2.5 external acl helpers -# -# FORMAT specifications -# -# %LOGIN Authenticated user login name -# %EXT_USER Username from external acl -# %IDENT Ident user name -# %SRC Client IP -# %SRCPORT Client source port -# %URI Requested URI -# %DST Requested host -# %PROTO Requested protocol -# %PORT Requested port -# %PATH Requested URL path -# %METHOD Request method -# %MYADDR Squid interface address -# %MYPORT Squid http_port number -# %PATH Requested URL-path (including query-string if any) -# %USER_CERT SSL User certificate in PEM format -# %USER_CERTCHAIN SSL User certificate chain in PEM format -# %USER_CERT_xx SSL User certificate subject attribute xx -# %USER_CA_xx SSL User certificate issuer attribute xx -# %{Header} HTTP request header -# %{Hdr:member} HTTP request header list member -# %{Hdr:;member} -# HTTP request header list member using ; as -# list separator. ; can be any non-alphanumeric -# character. -# -# In addition to the above, any string specified in the referencing -# acl will also be included in the helper request line, after the -# specified formats (see the "acl external" directive) -# -# The helper receives lines per the above format specification, -# and returns lines starting with OK or ERR indicating the validity -# of the request and optionally followed by additional keywords with -# more details. -# -# General result syntax: -# -# OK/ERR keyword=value ... -# -# Defined keywords: -# -# user= The users name (login) -# password= The users password (for login= cache_peer option) -# message= Message describing the reason. Available as %o -# in error pages -# tag= Apply a tag to a request (for both ERR and OK results) -# Only sets a tag, does not alter existing tags. -# log= String to be logged in access.log. Available as -# %ea in logformat specifications -# -# If protocol=3.0 (the default) then URL escaping is used to protect -# each value in both requests and responses. -# -# If using protocol=2.5 then all values need to be enclosed in quotes -# if they may contain whitespace, or the whitespace escaped using \. -# And quotes or \ characters within the keyword value must be \ escaped. -# -# When using the concurrency= option the protocol is changed by -# introducing a query channel tag infront of the request/response. -# The query channel tag is a number between 0 and concurrency-1. -# -#Default: -# none - -# TAG: acl -# Defining an Access List -# -# Every access list definition must begin with an aclname and acltype, -# followed by either type-specific arguments or a quoted filename that -# they are read from. -# -# acl aclname acltype argument ... -# acl aclname acltype "file" ... -# -# When using "file", the file should contain one item per line. -# -# By default, regular expressions are CASE-SENSITIVE. To make -# them case-insensitive, use the -i option. -# -# -# ***** ACL TYPES AVAILABLE ***** -# -# acl aclname src ip-address/netmask ... # clients IP address -# acl aclname src addr1-addr2/netmask ... # range of addresses -# acl aclname dst ip-address/netmask ... # URL host's IP address -# acl aclname myip ip-address/netmask ... # local socket IP address -# -# acl aclname arp mac-address ... (xx:xx:xx:xx:xx:xx notation) -# # The arp ACL requires the special configure option --enable-arp-acl. -# # Furthermore, the ARP ACL code is not portable to all operating systems. -# # It works on Linux, Solaris, Windows, FreeBSD, and some other *BSD variants. -# # -# # NOTE: Squid can only determine the MAC address for clients that are on -# # the same subnet. If the client is on a different subnet, then Squid cannot -# # find out its MAC address. -# -# acl aclname srcdomain .foo.com ... # reverse lookup, from client IP -# acl aclname dstdomain .foo.com ... # Destination server from URL -# acl aclname srcdom_regex [-i] \.foo\.com ... # regex matching client name -# acl aclname dstdom_regex [-i] \.foo\.com ... # regex matching server -# # For dstdomain and dstdom_regex a reverse lookup is tried if a IP -# # based URL is used and no match is found. The name "none" is used -# # if the reverse lookup fails. -# -# acl aclname src_as number ... -# acl aclname dst_as number ... -# # Except for access control, AS numbers can be used for -# # routing of requests to specific caches. Here's an -# # example for routing all requests for AS#1241 and only -# # those to mycache.mydomain.net: -# # acl asexample dst_as 1241 -# # cache_peer_access mycache.mydomain.net allow asexample -# # cache_peer_access mycache_mydomain.net deny all -# -# acl aclname time [day-abbrevs] [h1:m1-h2:m2] -# # day-abbrevs: -# # S - Sunday -# # M - Monday -# # T - Tuesday -# # W - Wednesday -# # H - Thursday -# # F - Friday -# # A - Saturday -# # h1:m1 must be less than h2:m2 -# -# acl aclname url_regex [-i] ^http:// ... # regex matching on whole URL -# acl aclname urlpath_regex [-i] \.gif$ ... # regex matching on URL path -# -# acl aclname port 80 70 21 ... -# acl aclname port 0-1024 ... # ranges allowed -# acl aclname myport 3128 ... # (local socket TCP port) -# acl aclname myportname 3128 ... # http(s)_port name -# -# acl aclname proto HTTP FTP ... -# -# acl aclname method GET POST ... -# -# acl aclname http_status 200 301 500- 400-403 ... # status code in reply -# -# acl aclname browser [-i] regexp ... -# # pattern match on User-Agent header (see also req_header below) -# -# acl aclname referer_regex [-i] regexp ... -# # pattern match on Referer header -# # Referer is highly unreliable, so use with care -# -# acl aclname ident username ... -# acl aclname ident_regex [-i] pattern ... -# # string match on ident output. -# # use REQUIRED to accept any non-null ident. -# -# acl aclname proxy_auth [-i] username ... -# acl aclname proxy_auth_regex [-i] pattern ... -# # list of valid usernames -# # use REQUIRED to accept any valid username. -# # -# # NOTE: when a Proxy-Authentication header is sent but it is not -# # needed during ACL checking the username is NOT logged -# # in access.log. -# # -# # NOTE: proxy_auth requires a EXTERNAL authentication program -# # to check username/password combinations (see -# # auth_param directive). -# # -# # NOTE: proxy_auth can't be used in a transparent/intercepting proxy -# # as the browser needs to be configured for using a proxy in order -# # to respond to proxy authentication. -# -# acl aclname snmp_community string ... -# # A community string to limit access to your SNMP Agent -# # Example: -# # -# # acl snmppublic snmp_community public -# -# acl aclname maxconn number -# # This will be matched when the client's IP address has -# # more than HTTP connections established. -# -# acl aclname max_user_ip [-s] number -# # This will be matched when the user attempts to log in from more -# # than different ip addresses. The authenticate_ip_ttl -# # parameter controls the timeout on the ip entries. -# # If -s is specified the limit is strict, denying browsing -# # from any further IP addresses until the ttl has expired. Without -# # -s Squid will just annoy the user by "randomly" denying requests. -# # (the counter is reset each time the limit is reached and a -# # request is denied) -# # NOTE: in acceleration mode or where there is mesh of child proxies, -# # clients may appear to come from multiple addresses if they are -# # going through proxy farms, so a limit of 1 may cause user problems. -# -# acl aclname req_mime_type [-i] mime-type ... -# # regex match against the mime type of the request generated -# # by the client. Can be used to detect file upload or some -# # types HTTP tunneling requests. -# # NOTE: This does NOT match the reply. You cannot use this -# # to match the returned file type. -# -# acl aclname req_header header-name [-i] any\.regex\.here -# # regex match against any of the known request headers. May be -# # thought of as a superset of "browser", "referer" and "mime-type" -# # ACLs. -# -# acl aclname rep_mime_type [-i] mime-type ... -# # regex match against the mime type of the reply received by -# # squid. Can be used to detect file download or some -# # types HTTP tunneling requests. -# # NOTE: This has no effect in http_access rules. It only has -# # effect in rules that affect the reply data stream such as -# # http_reply_access. -# -# acl aclname rep_header header-name [-i] any\.regex\.here -# # regex match against any of the known reply headers. May be -# # thought of as a superset of "browser", "referer" and "mime-type" -# # ACLs. -# -# acl aclname external class_name [arguments...] -# # external ACL lookup via a helper class defined by the -# # external_acl_type directive. -# -# acl aclname user_cert attribute values... -# # match against attributes in a user SSL certificate -# # attribute is one of DN/C/O/CN/L/ST -# -# acl aclname ca_cert attribute values... -# # match against attributes a users issuing CA SSL certificate -# # attribute is one of DN/C/O/CN/L/ST -# -# acl aclname ext_user username ... -# acl aclname ext_user_regex [-i] pattern ... -# # string match on username returned by external acl helper -# # use REQUIRED to accept any non-null user name. -# -#Examples: -#acl macaddress arp 09:00:2b:23:45:67 -#acl myexample dst_as 1241 -#acl password proxy_auth REQUIRED -#acl fileupload req_mime_type -i ^multipart/form-data$ -#acl javascript rep_mime_type -i ^application/x-javascript$ -# -#Default: -# acl all src all -# -#Recommended minimum configuration: -acl manager proto cache_object -acl localhost src 127.0.0.1/32 -acl to_localhost dst 127.0.0.0/8 -# -# Example rule allowing access from your local networks. -# Adapt to list your (internal) IP networks from where browsing -# should be allowed -acl localnet src 10.0.0.0/8 # RFC1918 possible internal network -acl localnet src 172.16.0.0/12 # RFC1918 possible internal network -acl localnet src 192.168.0.0/16 # RFC1918 possible internal network -# -acl SSL_ports port 443 -acl Safe_ports port 80 # http -acl Safe_ports port 21 # ftp -acl Safe_ports port 443 # https -acl Safe_ports port 70 # gopher -acl Safe_ports port 210 # wais -acl Safe_ports port 1025-65535 # unregistered ports -acl Safe_ports port 280 # http-mgmt -acl Safe_ports port 488 # gss-http -acl Safe_ports port 591 # filemaker -acl Safe_ports port 777 # multiling http -acl CONNECT method CONNECT - -# TAG: http_access -# Allowing or Denying access based on defined access lists -# -# Access to the HTTP port: -# http_access allow|deny [!]aclname ... -# -# NOTE on default values: -# -# If there are no "access" lines present, the default is to deny -# the request. -# -# If none of the "access" lines cause a match, the default is the -# opposite of the last line in the list. If the last line was -# deny, the default is allow. Conversely, if the last line -# is allow, the default will be deny. For these reasons, it is a -# good idea to have an "deny all" or "allow all" entry at the end -# of your access lists to avoid potential confusion. -# -#Default: -# http_access deny all -# -#Recommended minimum configuration: -# -# Only allow cachemgr access from localhost -http_access allow manager localhost -http_access deny manager -# Deny requests to unknown ports -http_access deny !Safe_ports -# Deny CONNECT to other than SSL ports -http_access deny CONNECT !SSL_ports -# -# We strongly recommend the following be uncommented to protect innocent -# web applications running on the proxy server who think the only -# one who can access services on "localhost" is a local user -#http_access deny to_localhost -# -# INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS - -# Example rule allowing access from your local networks. -# Adapt localnet in the ACL section to list your (internal) IP networks -# from where browsing should be allowed -http_access allow localnet - -# And finally deny all other access to this proxy -http_access allow localhost -http_access deny all - -# TAG: http_reply_access -# Allow replies to client requests. This is complementary to http_access. -# -# http_reply_access allow|deny [!] aclname ... -# -# NOTE: if there are no access lines present, the default is to allow -# all replies -# -# If none of the access lines cause a match the opposite of the -# last line will apply. Thus it is good practice to end the rules -# with an "allow all" or "deny all" entry. -# -#Default: -# none - -# TAG: icp_access -# Allowing or Denying access to the ICP port based on defined -# access lists -# -# icp_access allow|deny [!]aclname ... -# -# See http_access for details -# -#Default: -# icp_access deny all -# -#Allow ICP queries from local networks only -icp_access allow localnet -icp_access deny all - -# TAG: htcp_access -# Allowing or Denying access to the HTCP port based on defined -# access lists -# -# htcp_access allow|deny [!]aclname ... -# -# See http_access for details -# -# NOTE: The default if no htcp_access lines are present is to -# deny all traffic. This default may cause problems with peers -# using the htcp or htcp-oldsquid options. -# -#Default: -# htcp_access deny all -# -#Allow HTCP queries from local networks only -htcp_access allow localnet -htcp_access deny all - -# TAG: htcp_clr_access -# Allowing or Denying access to purge content using HTCP based -# on defined access lists -# -# htcp_clr_access allow|deny [!]aclname ... -# -# See http_access for details -# -##Allow HTCP CLR requests from trusted peers -#acl htcp_clr_peer src 172.16.1.2 -#htcp_clr_access allow htcp_clr_peer -# -#Default: -# htcp_clr_access deny all - -# TAG: miss_access -# Use to force your neighbors to use you as a sibling instead of -# a parent. For example: -# -# acl localclients src 172.16.0.0/16 -# miss_access allow localclients -# miss_access deny !localclients -# -# This means only your local clients are allowed to fetch -# MISSES and all other clients can only fetch HITS. -# -# By default, allow all clients who passed the http_access rules -# to fetch MISSES from us. -# -#Default setting: -# miss_access allow all - -# TAG: ident_lookup_access -# A list of ACL elements which, if matched, cause an ident -# (RFC 931) lookup to be performed for this request. For -# example, you might choose to always perform ident lookups -# for your main multi-user Unix boxes, but not for your Macs -# and PCs. By default, ident lookups are not performed for -# any requests. -# -# To enable ident lookups for specific client addresses, you -# can follow this example: -# -# acl ident_aware_hosts src 198.168.1.0/255.255.255.0 -# ident_lookup_access allow ident_aware_hosts -# ident_lookup_access deny all -# -# Only src type ACL checks are fully supported. A src_domain -# ACL might work at times, but it will not always provide -# the correct result. -# -#Default: -# ident_lookup_access deny all - -# TAG: reply_body_max_size size [acl acl...] -# This option specifies the maximum size of a reply body. It can be -# used to prevent users from downloading very large files, such as -# MP3's and movies. When the reply headers are received, the -# reply_body_max_size lines are processed, and the first line where -# all (if any) listed ACLs are true is used as the maximum body size -# for this reply. -# -# This size is checked twice. First when we get the reply headers, -# we check the content-length value. If the content length value exists -# and is larger than the allowed size, the request is denied and the -# user receives an error message that says "the request or reply -# is too large." If there is no content-length, and the reply -# size exceeds this limit, the client's connection is just closed -# and they will receive a partial reply. -# -# WARNING: downstream caches probably can not detect a partial reply -# if there is no content-length header, so they will cache -# partial responses and give them out as hits. You should NOT -# use this option if you have downstream caches. -# -# WARNING: A maximum size smaller than the size of squid's error messages -# will cause an infinite loop and crash squid. Ensure that the smallest -# non-zero value you use is greater that the maximum header size plus -# the size of your largest error page. -# -# If you set this parameter none (the default), there will be -# no limit imposed. -# -# Configuration Format is: -# reply_body_max_size SIZE UNITS [acl ...] -# ie. -# reply_body_max_size 10 MB -# -# -#Default: -# none - - -# NETWORK OPTIONS -# ----------------------------------------------------------------------------- - -# TAG: http_port -# Usage: port [options] -# hostname:port [options] -# 1.2.3.4:port [options] -# -# The socket addresses where Squid will listen for HTTP client -# requests. You may specify multiple socket addresses. -# There are three forms: port alone, hostname with port, and -# IP address with port. If you specify a hostname or IP -# address, Squid binds the socket to that specific -# address. This replaces the old 'tcp_incoming_address' -# option. Most likely, you do not need to bind to a specific -# address, so you can use the port number alone. -# -# If you are running Squid in accelerator mode, you -# probably want to listen on port 80 also, or instead. -# -# The -a command line option may be used to specify additional -# port(s) where Squid listens for proxy request. Such ports will -# be plain proxy ports with no options. -# -# You may specify multiple socket addresses on multiple lines. -# -# Options: -# -# transparent Support for transparent interception of -# outgoing requests without browser settings. -# NP: disables authentication on the port. -# -# tproxy Support Linux TPROXY for spoofing outgoing -# connections using the client IP address. -# NP: disables authentication on the port. -# -# accel Accelerator mode. Also needs at least one of -# vhost / vport / defaultsite. -# -# defaultsite=domainname -# What to use for the Host: header if it is not present -# in a request. Determines what site (not origin server) -# accelerators should consider the default. -# Implies accel. -# -# vhost Accelerator mode using Host header for virtual -# domain support. Implies accel. -# -# vport Accelerator with IP based virtual host support. -# Implies accel. -# -# vport=NN As above, but uses specified port number rather -# than the http_port number. Implies accel. -# -# protocol= Protocol to reconstruct accelerated requests with. -# Defaults to http. -# -# disable-pmtu-discovery= -# Control Path-MTU discovery usage: -# off lets OS decide on what to do (default). -# transparent disable PMTU discovery when transparent -# support is enabled. -# always disable always PMTU discovery. -# -# In many setups of transparently intercepting proxies -# Path-MTU discovery can not work on traffic towards the -# clients. This is the case when the intercepting device -# does not fully track connections and fails to forward -# ICMP must fragment messages to the cache server. If you -# have such setup and experience that certain clients -# sporadically hang or never complete requests set -# disable-pmtu-discovery option to 'transparent'. -# -# name= Specifies a internal name for the port. Defaults to -# the port specification (port or addr:port) -# -# If you run Squid on a dual-homed machine with an internal -# and an external interface we recommend you to specify the -# internal address:port in http_port. This way Squid will only be -# visible on the internal address. -# -# Squid normally listens to port 3128 -http_port 3128 - -# TAG: https_port -# Usage: [ip:]port cert=certificate.pem [key=key.pem] [options...] -# -# The socket address where Squid will listen for HTTPS client -# requests. -# -# This is really only useful for situations where you are running -# squid in accelerator mode and you want to do the SSL work at the -# accelerator level. -# -# You may specify multiple socket addresses on multiple lines, -# each with their own SSL certificate and/or options. -# -# Options: -# -# accel Accelerator mode. Also needs at least one of -# defaultsite or vhost. -# -# defaultsite= The name of the https site presented on -# this port. Implies accel. -# -# vhost Accelerator mode using Host header for virtual -# domain support. Requires a wildcard certificate -# or other certificate valid for more than one domain. -# Implies accel. -# -# protocol= Protocol to reconstruct accelerated requests with. -# Defaults to https. -# -# cert= Path to SSL certificate (PEM format). -# -# key= Path to SSL private key file (PEM format) -# if not specified, the certificate file is -# assumed to be a combined certificate and -# key file. -# -# version= The version of SSL/TLS supported -# 1 automatic (default) -# 2 SSLv2 only -# 3 SSLv3 only -# 4 TLSv1 only -# -# cipher= Colon separated list of supported ciphers. -# -# options= Various SSL engine options. The most important -# being: -# NO_SSLv2 Disallow the use of SSLv2 -# NO_SSLv3 Disallow the use of SSLv3 -# NO_TLSv1 Disallow the use of TLSv1 -# SINGLE_DH_USE Always create a new key when using -# temporary/ephemeral DH key exchanges -# See src/ssl_support.c or OpenSSL SSL_CTX_set_options -# documentation for a complete list of options. -# -# clientca= File containing the list of CAs to use when -# requesting a client certificate. -# -# cafile= File containing additional CA certificates to -# use when verifying client certificates. If unset -# clientca will be used. -# -# capath= Directory containing additional CA certificates -# and CRL lists to use when verifying client certificates. -# -# crlfile= File of additional CRL lists to use when verifying -# the client certificate, in addition to CRLs stored in -# the capath. Implies VERIFY_CRL flag below. -# -# dhparams= File containing DH parameters for temporary/ephemeral -# DH key exchanges. -# -# sslflags= Various flags modifying the use of SSL: -# DELAYED_AUTH -# Don't request client certificates -# immediately, but wait until acl processing -# requires a certificate (not yet implemented). -# NO_DEFAULT_CA -# Don't use the default CA lists built in -# to OpenSSL. -# NO_SESSION_REUSE -# Don't allow for session reuse. Each connection -# will result in a new SSL session. -# VERIFY_CRL -# Verify CRL lists when accepting client -# certificates. -# VERIFY_CRL_ALL -# Verify CRL lists for all certificates in the -# client certificate chain. -# -# sslcontext= SSL session ID context identifier. -# -# vport Accelerator with IP based virtual host support. -# -# vport=NN As above, but uses specified port number rather -# than the https_port number. Implies accel. -# -# name= Specifies a internal name for the port. Defaults to -# the port specification (port or addr:port) -# -# -#Default: -# none - -# TAG: tcp_outgoing_tos -# Allows you to select a TOS/Diffserv value to mark outgoing -# connections with, based on the username or source address -# making the request. -# -# tcp_outgoing_tos ds-field [!]aclname ... -# -# Example where normal_service_net uses the TOS value 0x00 -# and normal_service_net uses 0x20 -# -# acl normal_service_net src 10.0.0.0/255.255.255.0 -# acl good_service_net src 10.0.1.0/255.255.255.0 -# tcp_outgoing_tos 0x00 normal_service_net -# tcp_outgoing_tos 0x20 good_service_net -# -# TOS/DSCP values really only have local significance - so you should -# know what you're specifying. For more information, see RFC2474 and -# RFC3260. -# -# The TOS/DSCP byte must be exactly that - a octet value 0 - 255, or -# "default" to use whatever default your host has. Note that in -# practice often only values 0 - 63 is usable as the two highest bits -# have been redefined for use by ECN (RFC3168). -# -# Processing proceeds in the order specified, and stops at first fully -# matching line. -# -# Note: The use of this directive using client dependent ACLs is -# incompatible with the use of server side persistent connections. To -# ensure correct results it is best to set server_persisten_connections -# to off when using this directive in such configurations. -# -#Default: -# none - -# TAG: clientside_tos -# Allows you to select a TOS/Diffserv value to mark client-side -# connections with, based on the username or source address -# making the request. -# -#Default: -# none - -# TAG: tcp_outgoing_address -# Allows you to map requests to different outgoing IP addresses -# based on the username or source address of the user making -# the request. -# -# tcp_outgoing_address ipaddr [[!]aclname] ... -# -# Example where requests from 10.0.0.0/24 will be forwarded -# with source address 10.1.0.1, 10.0.2.0/24 forwarded with -# source address 10.1.0.2 and the rest will be forwarded with -# source address 10.1.0.3. -# -# acl normal_service_net src 10.0.0.0/24 -# acl good_service_net src 10.0.2.0/24 -# tcp_outgoing_address 10.1.0.1 normal_service_net -# tcp_outgoing_address 10.1.0.2 good_service_net -# tcp_outgoing_address 10.1.0.3 -# -# Processing proceeds in the order specified, and stops at first fully -# matching line. -# -# Note: The use of this directive using client dependent ACLs is -# incompatible with the use of server side persistent connections. To -# ensure correct results it is best to set server_persistent_connections -# to off when using this directive in such configurations. -# -#Default: -# none - - -# SSL OPTIONS -# ----------------------------------------------------------------------------- - -# TAG: ssl_unclean_shutdown -# Some browsers (especially MSIE) bugs out on SSL shutdown -# messages. -# -#Default: -# ssl_unclean_shutdown off - -# TAG: ssl_engine -# The OpenSSL engine to use. You will need to set this if you -# would like to use hardware SSL acceleration for example. -# -#Default: -# none - -# TAG: sslproxy_client_certificate -# Client SSL Certificate to use when proxying https:// URLs -# -#Default: -# none - -# TAG: sslproxy_client_key -# Client SSL Key to use when proxying https:// URLs -# -#Default: -# none - -# TAG: sslproxy_version -# SSL version level to use when proxying https:// URLs -# -#Default: -# sslproxy_version 1 - -# TAG: sslproxy_options -# SSL engine options to use when proxying https:// URLs -# -#Default: -# none - -# TAG: sslproxy_cipher -# SSL cipher list to use when proxying https:// URLs -# -#Default: -# none - -# TAG: sslproxy_cafile -# file containing CA certificates to use when verifying server -# certificates while proxying https:// URLs -# -#Default: -# none - -# TAG: sslproxy_capath -# directory containing CA certificates to use when verifying -# server certificates while proxying https:// URLs -# -#Default: -# none - -# TAG: sslproxy_flags -# Various flags modifying the use of SSL while proxying https:// URLs: -# DONT_VERIFY_PEER Accept certificates even if they fail to -# verify. -# NO_DEFAULT_CA Don't use the default CA list built in -# to OpenSSL. -# -#Default: -# none - -# TAG: sslpassword_program -# Specify a program used for entering SSL key passphrases -# when using encrypted SSL certificate keys. If not specified -# keys must either be unencrypted, or Squid started with the -N -# option to allow it to query interactively for the passphrase. -# -#Default: -# none - - -# OPTIONS WHICH AFFECT THE NEIGHBOR SELECTION ALGORITHM -# ----------------------------------------------------------------------------- - -# TAG: cache_peer -# To specify other caches in a hierarchy, use the format: -# -# cache_peer hostname type http-port icp-port [options] -# -# For example, -# -# # proxy icp -# # hostname type port port options -# # -------------------- -------- ----- ----- ----------- -# cache_peer parent.foo.net parent 3128 3130 proxy-only default -# cache_peer sib1.foo.net sibling 3128 3130 proxy-only -# cache_peer sib2.foo.net sibling 3128 3130 proxy-only -# -# type: either 'parent', 'sibling', or 'multicast'. -# -# proxy-port: The port number where the cache listens for proxy -# requests. -# -# icp-port: Used for querying neighbor caches about -# objects. To have a non-ICP neighbor -# specify '7' for the ICP port and make sure the -# neighbor machine has the UDP echo port -# enabled in its /etc/inetd.conf file. -# NOTE: Also requires icp_port option enabled to send/receive -# requests via this method. -# -# options: proxy-only -# weight=n -# basetime=n -# ttl=n -# no-query -# background-ping -# default -# round-robin -# weighted-round-robin -# carp -# userhash -# sourcehash -# multicast-responder -# closest-only -# no-digest -# no-netdb-exchange -# no-delay -# login=user:password | PASS | *:password -# connect-timeout=nn -# digest-url=url -# allow-miss -# max-conn=n -# htcp -# htcp-oldsquid -# originserver -# name=xxx -# forceddomain=name -# ssl -# sslcert=/path/to/ssl/certificate -# sslkey=/path/to/ssl/key -# sslversion=1|2|3|4 -# sslcipher=... -# ssloptions=... -# front-end-https[=on|auto] -# -# use 'proxy-only' to specify objects fetched -# from this cache should not be saved locally. -# -# use 'weight=n' to affect the selection of a peer -# during any weighted peer-selection mechanisms. -# The weight must be an integer; default is 1, -# larger weights are favored more. -# This option does not affect parent selection if a peering -# protocol is not in use. -# -# use 'basetime=n' to specify a base amount to -# be subtracted from round trip times of parents. -# It is subtracted before division by weight in calculating -# which parent to fectch from. If the rtt is less than the -# base time the rtt is set to a minimal value. -# -# use 'ttl=n' to specify a IP multicast TTL to use -# when sending an ICP queries to this address. -# Only useful when sending to a multicast group. -# Because we don't accept ICP replies from random -# hosts, you must configure other group members as -# peers with the 'multicast-responder' option below. -# -# use 'no-query' to NOT send ICP queries to this -# neighbor. -# -# use 'background-ping' to only send ICP queries to this -# neighbor infrequently. This is used to keep the neighbor -# round trip time updated and is usually used in -# conjunction with weighted-round-robin. -# -# use 'default' if this is a parent cache which can -# be used as a "last-resort" if a peer cannot be located -# by any of the peer-selection mechanisms. -# If specified more than once, only the first is used. -# -# use 'round-robin' to define a set of parents which -# should be used in a round-robin fashion in the -# absence of any ICP queries. -# -# use 'weighted-round-robin' to define a set of parents -# which should be used in a round-robin fashion with the -# frequency of each parent being based on the round trip -# time. Closer parents are used more often. -# Usually used for background-ping parents. -# -# use 'carp' to define a set of parents which should -# be used as a CARP array. The requests will be -# distributed among the parents based on the CARP load -# balancing hash function based on their weight. -# -# use 'userhash' to load-balance amongst a set of parents -# based on the client proxy_auth or ident username. -# -# use 'sourcehash' to load-balance amongst a set of parents -# based on the client source ip. -# -# 'multicast-responder' indicates the named peer -# is a member of a multicast group. ICP queries will -# not be sent directly to the peer, but ICP replies -# will be accepted from it. -# -# 'closest-only' indicates that, for ICP_OP_MISS -# replies, we'll only forward CLOSEST_PARENT_MISSes -# and never FIRST_PARENT_MISSes. -# -# use 'no-digest' to NOT request cache digests from -# this neighbor. -# -# 'no-netdb-exchange' disables requesting ICMP -# RTT database (NetDB) from the neighbor. -# -# use 'no-delay' to prevent access to this neighbor -# from influencing the delay pools. -# -# use 'login=user:password' if this is a personal/workgroup -# proxy and your parent requires proxy authentication. -# Note: The string can include URL escapes (i.e. %20 for -# spaces). This also means % must be written as %%. -# -# use 'login=PASS' if users must authenticate against -# the upstream proxy or in the case of a reverse proxy -# configuration, the origin web server. This will pass -# the users credentials as they are to the peer. -# This only works for the Basic HTTP authentication scheme. -# Note: To combine this with proxy_auth both proxies must -# share the same user database as HTTP only allows for -# a single login (one for proxy, one for origin server). -# Also be warned this will expose your users proxy -# password to the peer. USE WITH CAUTION -# -# use 'login=*:password' to pass the username to the -# upstream cache, but with a fixed password. This is meant -# to be used when the peer is in another administrative -# domain, but it is still needed to identify each user. -# The star can optionally be followed by some extra -# information which is added to the username. This can -# be used to identify this proxy to the peer, similar to -# the login=username:password option above. -# -# use 'connect-timeout=nn' to specify a peer -# specific connect timeout (also see the -# peer_connect_timeout directive) -# -# use 'digest-url=url' to tell Squid to fetch the cache -# digest (if digests are enabled) for this host from -# the specified URL rather than the Squid default -# location. -# -# use 'allow-miss' to disable Squid's use of only-if-cached -# when forwarding requests to siblings. This is primarily -# useful when icp_hit_stale is used by the sibling. To -# extensive use of this option may result in forwarding -# loops, and you should avoid having two-way peerings -# with this option. (for example to deny peer usage on -# requests from peer by denying cache_peer_access if the -# source is a peer) -# -# use 'max-conn=n' to limit the amount of connections Squid -# may open to this peer. -# -# use 'htcp' to send HTCP, instead of ICP, queries -# to the neighbor. You probably also want to -# set the "icp port" to 4827 instead of 3130. -# You MUST also set htcp_access expicitly. The default of -# deny all will prevent peer traffic. -# -# use 'htcp-oldsquid' to send HTCP to old Squid versions -# You MUST also set htcp_access expicitly. The default of -# deny all will prevent peer traffic. -# -# 'originserver' causes this parent peer to be contacted as -# a origin server. Meant to be used in accelerator setups. -# -# use 'name=xxx' if you have multiple peers on the same -# host but different ports. This name can be used to -# differentiate the peers in cache_peer_access and similar -# directives. -# -# use 'forceddomain=name' to forcibly set the Host header -# of requests forwarded to this peer. Useful in accelerator -# setups where the server (peer) expects a certain domain -# name and using redirectors to feed this domain name -# is not feasible. -# -# use 'ssl' to indicate connections to this peer should -# be SSL/TLS encrypted. -# -# use 'sslcert=/path/to/ssl/certificate' to specify a client -# SSL certificate to use when connecting to this peer. -# -# use 'sslkey=/path/to/ssl/key' to specify the private SSL -# key corresponding to sslcert above. If 'sslkey' is not -# specified 'sslcert' is assumed to reference a -# combined file containing both the certificate and the key. -# -# use sslversion=1|2|3|4 to specify the SSL version to use -# when connecting to this peer -# 1 = automatic (default) -# 2 = SSL v2 only -# 3 = SSL v3 only -# 4 = TLS v1 only -# -# use sslcipher=... to specify the list of valid SSL ciphers -# to use when connecting to this peer. -# -# use ssloptions=... to specify various SSL engine options: -# NO_SSLv2 Disallow the use of SSLv2 -# NO_SSLv3 Disallow the use of SSLv3 -# NO_TLSv1 Disallow the use of TLSv1 -# See src/ssl_support.c or the OpenSSL documentation for -# a more complete list. -# -# use sslcafile=... to specify a file containing -# additional CA certificates to use when verifying the -# peer certificate. -# -# use sslcapath=... to specify a directory containing -# additional CA certificates to use when verifying the -# peer certificate. -# -# use sslcrlfile=... to specify a certificate revocation -# list file to use when verifying the peer certificate. -# -# use sslflags=... to specify various flags modifying the -# SSL implementation: -# DONT_VERIFY_PEER -# Accept certificates even if they fail to -# verify. -# NO_DEFAULT_CA -# Don't use the default CA list built in -# to OpenSSL. -# DONT_VERIFY_DOMAIN -# Don't verify the peer certificate -# matches the server name -# -# use ssldomain= to specify the peer name as advertised -# in it's certificate. Used for verifying the correctness -# of the received peer certificate. If not specified the -# peer hostname will be used. -# -# use front-end-https to enable the "Front-End-Https: On" -# header needed when using Squid as a SSL frontend in front -# of Microsoft OWA. See MS KB document Q307347 for details -# on this header. If set to auto the header will -# only be added if the request is forwarded as a https:// -# URL. -# -#Default: -# none - -# TAG: cache_peer_domain -# Use to limit the domains for which a neighbor cache will be -# queried. Usage: -# -# cache_peer_domain cache-host domain [domain ...] -# cache_peer_domain cache-host !domain -# -# For example, specifying -# -# cache_peer_domain parent.foo.net .edu -# -# has the effect such that UDP query packets are sent to -# 'bigserver' only when the requested object exists on a -# server in the .edu domain. Prefixing the domainname -# with '!' means the cache will be queried for objects -# NOT in that domain. -# -# NOTE: * Any number of domains may be given for a cache-host, -# either on the same or separate lines. -# * When multiple domains are given for a particular -# cache-host, the first matched domain is applied. -# * Cache hosts with no domain restrictions are queried -# for all requests. -# * There are no defaults. -# * There is also a 'cache_peer_access' tag in the ACL -# section. -# -#Default: -# none - -# TAG: cache_peer_access -# Similar to 'cache_peer_domain' but provides more flexibility by -# using ACL elements. -# -# cache_peer_access cache-host allow|deny [!]aclname ... -# -# The syntax is identical to 'http_access' and the other lists of -# ACL elements. See the comments for 'http_access' below, or -# the Squid FAQ (http://www.squid-cache.org/FAQ/FAQ-10.html). -# -#Default: -# none - -# TAG: neighbor_type_domain -# usage: neighbor_type_domain neighbor parent|sibling domain domain ... -# -# Modifying the neighbor type for specific domains is now -# possible. You can treat some domains differently than the the -# default neighbor type specified on the 'cache_peer' line. -# Normally it should only be necessary to list domains which -# should be treated differently because the default neighbor type -# applies for hostnames which do not match domains listed here. -# -#EXAMPLE: -# cache_peer cache.foo.org parent 3128 3130 -# neighbor_type_domain cache.foo.org sibling .com .net -# neighbor_type_domain cache.foo.org sibling .au .de -# -#Default: -# none - -# TAG: dead_peer_timeout (seconds) -# This controls how long Squid waits to declare a peer cache -# as "dead." If there are no ICP replies received in this -# amount of time, Squid will declare the peer dead and not -# expect to receive any further ICP replies. However, it -# continues to send ICP queries, and will mark the peer as -# alive upon receipt of the first subsequent ICP reply. -# -# This timeout also affects when Squid expects to receive ICP -# replies from peers. If more than 'dead_peer' seconds have -# passed since the last ICP reply was received, Squid will not -# expect to receive an ICP reply on the next query. Thus, if -# your time between requests is greater than this timeout, you -# will see a lot of requests sent DIRECT to origin servers -# instead of to your parents. -# -#Default: -# dead_peer_timeout 10 seconds - -# TAG: hierarchy_stoplist -# A list of words which, if found in a URL, cause the object to -# be handled directly by this cache. In other words, use this -# to not query neighbor caches for certain objects. You may -# list this option multiple times. -# Note: never_direct overrides this option. -#We recommend you to use at least the following line. -hierarchy_stoplist cgi-bin ? - - -# MEMORY CACHE OPTIONS -# ----------------------------------------------------------------------------- - -# TAG: cache_mem (bytes) -# NOTE: THIS PARAMETER DOES NOT SPECIFY THE MAXIMUM PROCESS SIZE. -# IT ONLY PLACES A LIMIT ON HOW MUCH ADDITIONAL MEMORY SQUID WILL -# USE AS A MEMORY CACHE OF OBJECTS. SQUID USES MEMORY FOR OTHER -# THINGS AS WELL. SEE THE SQUID FAQ SECTION 8 FOR DETAILS. -# -# 'cache_mem' specifies the ideal amount of memory to be used -# for: -# * In-Transit objects -# * Hot Objects -# * Negative-Cached objects -# -# Data for these objects are stored in 4 KB blocks. This -# parameter specifies the ideal upper limit on the total size of -# 4 KB blocks allocated. In-Transit objects take the highest -# priority. -# -# In-transit objects have priority over the others. When -# additional space is needed for incoming data, negative-cached -# and hot objects will be released. In other words, the -# negative-cached and hot objects will fill up any unused space -# not needed for in-transit objects. -# -# If circumstances require, this limit will be exceeded. -# Specifically, if your incoming request rate requires more than -# 'cache_mem' of memory to hold in-transit objects, Squid will -# exceed this limit to satisfy the new requests. When the load -# decreases, blocks will be freed until the high-water mark is -# reached. Thereafter, blocks will be used to store hot -# objects. -# -#Default: -# cache_mem 8 MB - -# TAG: maximum_object_size_in_memory (bytes) -# Objects greater than this size will not be attempted to kept in -# the memory cache. This should be set high enough to keep objects -# accessed frequently in memory to improve performance whilst low -# enough to keep larger objects from hoarding cache_mem. -# -#Default: -# maximum_object_size_in_memory 8 KB - -# TAG: memory_replacement_policy -# The memory replacement policy parameter determines which -# objects are purged from memory when memory space is needed. -# -# See cache_replacement_policy for details. -# -#Default: -# memory_replacement_policy lru - - -# DISK CACHE OPTIONS -# ----------------------------------------------------------------------------- - -# TAG: cache_replacement_policy -# The cache replacement policy parameter determines which -# objects are evicted (replaced) when disk space is needed. -# -# lru : Squid's original list based LRU policy -# heap GDSF : Greedy-Dual Size Frequency -# heap LFUDA: Least Frequently Used with Dynamic Aging -# heap LRU : LRU policy implemented using a heap -# -# Applies to any cache_dir lines listed below this. -# -# The LRU policies keeps recently referenced objects. -# -# The heap GDSF policy optimizes object hit rate by keeping smaller -# popular objects in cache so it has a better chance of getting a -# hit. It achieves a lower byte hit rate than LFUDA though since -# it evicts larger (possibly popular) objects. -# -# The heap LFUDA policy keeps popular objects in cache regardless of -# their size and thus optimizes byte hit rate at the expense of -# hit rate since one large, popular object will prevent many -# smaller, slightly less popular objects from being cached. -# -# Both policies utilize a dynamic aging mechanism that prevents -# cache pollution that can otherwise occur with frequency-based -# replacement policies. -# -# NOTE: if using the LFUDA replacement policy you should increase -# the value of maximum_object_size above its default of 4096 KB to -# to maximize the potential byte hit rate improvement of LFUDA. -# -# For more information about the GDSF and LFUDA cache replacement -# policies see http://www.hpl.hp.com/techreports/1999/HPL-1999-69.html -# and http://fog.hpl.external.hp.com/techreports/98/HPL-98-173.html. -# -#Default: -# cache_replacement_policy lru - -# TAG: cache_dir -# Usage: -# -# cache_dir Type Directory-Name Fs-specific-data [options] -# -# You can specify multiple cache_dir lines to spread the -# cache among different disk partitions. -# -# Type specifies the kind of storage system to use. Only "ufs" -# is built by default. To enable any of the other storage systems -# see the --enable-storeio configure option. -# -# 'Directory' is a top-level directory where cache swap -# files will be stored. If you want to use an entire disk -# for caching, this can be the mount-point directory. -# The directory must exist and be writable by the Squid -# process. Squid will NOT create this directory for you. -# -# The ufs store type: -# -# "ufs" is the old well-known Squid storage format that has always -# been there. -# -# cache_dir ufs Directory-Name Mbytes L1 L2 [options] -# -# 'Mbytes' is the amount of disk space (MB) to use under this -# directory. The default is 100 MB. Change this to suit your -# configuration. Do NOT put the size of your disk drive here. -# Instead, if you want Squid to use the entire disk drive, -# subtract 20% and use that value. -# -# 'Level-1' is the number of first-level subdirectories which -# will be created under the 'Directory'. The default is 16. -# -# 'Level-2' is the number of second-level subdirectories which -# will be created under each first-level directory. The default -# is 256. -# -# The aufs store type: -# -# "aufs" uses the same storage format as "ufs", utilizing -# POSIX-threads to avoid blocking the main Squid process on -# disk-I/O. This was formerly known in Squid as async-io. -# -# cache_dir aufs Directory-Name Mbytes L1 L2 [options] -# -# see argument descriptions under ufs above -# -# The diskd store type: -# -# "diskd" uses the same storage format as "ufs", utilizing a -# separate process to avoid blocking the main Squid process on -# disk-I/O. -# -# cache_dir diskd Directory-Name Mbytes L1 L2 [options] [Q1=n] [Q2=n] -# -# see argument descriptions under ufs above -# -# Q1 specifies the number of unacknowledged I/O requests when Squid -# stops opening new files. If this many messages are in the queues, -# Squid won't open new files. Default is 64 -# -# Q2 specifies the number of unacknowledged messages when Squid -# starts blocking. If this many messages are in the queues, -# Squid blocks until it receives some replies. Default is 72 -# -# When Q1 < Q2 (the default), the cache directory is optimized -# for lower response time at the expense of a decrease in hit -# ratio. If Q1 > Q2, the cache directory is optimized for -# higher hit ratio at the expense of an increase in response -# time. -# -# The coss store type: -# -# NP: COSS filesystem in 3.0 has been deemed too unstable for -# production use and has thus been removed from this 3.0 -# STABLE release. We hope that it can be made usable again -# in a future release. -# -# block-size=n defines the "block size" for COSS cache_dir's. -# Squid uses file numbers as block numbers. Since file numbers -# are limited to 24 bits, the block size determines the maximum -# size of the COSS partition. The default is 512 bytes, which -# leads to a maximum cache_dir size of 512<<24, or 8 GB. Note -# you should not change the coss block size after Squid -# has written some objects to the cache_dir. -# -# The coss file store has changed from 2.5. Now it uses a file -# called 'stripe' in the directory names in the config - and -# this will be created by squid -z. -# -# The null store type: -# -# no options are allowed or required -# -# Common options: -# -# no-store, no new objects should be stored to this cache_dir -# -# max-size=n, refers to the max object size this storedir supports. -# It is used to initially choose the storedir to dump the object. -# Note: To make optimal use of the max-size limits you should order -# the cache_dir lines with the smallest max-size value first and the -# ones with no max-size specification last. -# -# Note for coss, max-size must be less than COSS_MEMBUF_SZ, -# which can be changed with the --with-coss-membuf-size=N configure -# option. -# -#Default: -# cache_dir ufs /var/spool/squid 100 16 256 - -# TAG: store_dir_select_algorithm -# Set this to 'round-robin' as an alternative. -# -#Default: -# store_dir_select_algorithm least-load - -# TAG: max_open_disk_fds -# To avoid having disk as the I/O bottleneck Squid can optionally -# bypass the on-disk cache if more than this amount of disk file -# descriptors are open. -# -# A value of 0 indicates no limit. -# -#Default: -# max_open_disk_fds 0 - -# TAG: minimum_object_size (bytes) -# Objects smaller than this size will NOT be saved on disk. The -# value is specified in kilobytes, and the default is 0 KB, which -# means there is no minimum. -# -#Default: -# minimum_object_size 0 KB - -# TAG: maximum_object_size (bytes) -# Objects larger than this size will NOT be saved on disk. The -# value is specified in kilobytes, and the default is 4MB. If -# you wish to get a high BYTES hit ratio, you should probably -# increase this (one 32 MB object hit counts for 3200 10KB -# hits). If you wish to increase speed more than your want to -# save bandwidth you should leave this low. -# -# NOTE: if using the LFUDA replacement policy you should increase -# this value to maximize the byte hit rate improvement of LFUDA! -# See replacement_policy below for a discussion of this policy. -# -#Default: -# maximum_object_size 4096 KB - -# TAG: cache_swap_low (percent, 0-100) -# TAG: cache_swap_high (percent, 0-100) -# -# The low- and high-water marks for cache object replacement. -# Replacement begins when the swap (disk) usage is above the -# low-water mark and attempts to maintain utilization near the -# low-water mark. As swap utilization gets close to high-water -# mark object eviction becomes more aggressive. If utilization is -# close to the low-water mark less replacement is done each time. -# -# Defaults are 90% and 95%. If you have a large cache, 5% could be -# hundreds of MB. If this is the case you may wish to set these -# numbers closer together. -# -#Default: -# cache_swap_low 90 -# cache_swap_high 95 - - -# LOGFILE OPTIONS -# ----------------------------------------------------------------------------- - -# TAG: logformat -# Usage: -# -# logformat -# -# Defines an access log format. -# -# The is a string with embedded % format codes -# -# % format codes all follow the same basic structure where all but -# the formatcode is optional. Output strings are automatically escaped -# as required according to their context and the output format -# modifiers are usually not needed, but can be specified if an explicit -# output format is desired. -# -# % ["|[|'|#] [-] [[0]width] [{argument}] formatcode -# -# " output in quoted string format -# [ output in squid text log format as used by log_mime_hdrs -# # output in URL quoted format -# ' output as-is -# -# - left aligned -# width field width. If starting with 0 the -# output is zero padded -# {arg} argument such as header name etc -# -# Format codes: -# -# >a Client source IP address -# >A Client FQDN -# >p Client source port -# h Request header. Optional header name argument -# on the format header[:[separator]element] -# h -# un User name -# ul User name from authentication -# ui User name from ident -# us User name from SSL -# ue User name from external acl helper -# Hs HTTP status code -# Ss Squid request status (TCP_MISS etc) -# Sh Squid hierarchy status (DEFAULT_PARENT etc) -# mt MIME content type -# rm Request method (GET/POST etc) -# ru Request URL -# rp Request URL-Path excluding hostname -# rv Request protocol version -# et Tag returned by external acl -# ea Log string returned by external acl -# st Request size including HTTP headers -# st Request+Reply size including HTTP headers -# a %Ss/%03Hs %a %Ss/%03Hs %h] [%a %ui %un [%tl] "%rm %ru HTTP/%rv" %Hs %a %ui %un [%tl] "%rm %ru HTTP/%rv" %Hs %h" "%{User-Agent}>h" %Ss:%Sh -# -#Default: -# none - -# TAG: access_log -# These files log client request activities. Has a line every HTTP or -# ICP request. The format is: -# access_log [ [acl acl ...]] -# access_log none [acl acl ...]] -# -# Will log to the specified file using the specified format (which -# must be defined in a logformat directive) those entries which match -# ALL the acl's specified (which must be defined in acl clauses). -# If no acl is specified, all requests will be logged to this file. -# -# To disable logging of a request use the filepath "none", in which case -# a logformat name should not be specified. -# -# To log the request via syslog specify a filepath of "syslog": -# -# access_log syslog[:facility.priority] [format [acl1 [acl2 ....]]] -# where facility could be any of: -# authpriv, daemon, local0 .. local7 or user. -# -# And priority could be any of: -# err, warning, notice, info, debug. -access_log /var/log/squid/access.log squid - -# TAG: log_access allow|deny acl acl... -# This options allows you to control which requests gets logged -# to access.log (see access_log directive). Requests denied for -# logging will also not be accounted for in performance counters. -# -#Default: -# none - -# TAG: cache_log -# Cache logging file. This is where general information about -# your cache's behavior goes. You can increase the amount of data -# logged to this file with the "debug_options" tag below. -# -#Default: -# cache_log /var/log/squid/cache.log - -# TAG: cache_store_log -# Logs the activities of the storage manager. Shows which -# objects are ejected from the cache, and which objects are -# saved and for how long. To disable, enter "none". There are -# not really utilities to analyze this data, so you can safely -# disable it. -# -#Default: -# cache_store_log /var/log/squid/store.log - -# TAG: cache_swap_state -# Location for the cache "swap.state" file. This index file holds -# the metadata of objects saved on disk. It is used to rebuild -# the cache during startup. Normally this file resides in each -# 'cache_dir' directory, but you may specify an alternate -# pathname here. Note you must give a full filename, not just -# a directory. Since this is the index for the whole object -# list you CANNOT periodically rotate it! -# -# If %s can be used in the file name it will be replaced with a -# a representation of the cache_dir name where each / is replaced -# with '.'. This is needed to allow adding/removing cache_dir -# lines when cache_swap_log is being used. -# -# If have more than one 'cache_dir', and %s is not used in the name -# these swap logs will have names such as: -# -# cache_swap_log.00 -# cache_swap_log.01 -# cache_swap_log.02 -# -# The numbered extension (which is added automatically) -# corresponds to the order of the 'cache_dir' lines in this -# configuration file. If you change the order of the 'cache_dir' -# lines in this file, these index files will NOT correspond to -# the correct 'cache_dir' entry (unless you manually rename -# them). We recommend you do NOT use this option. It is -# better to keep these index files in each 'cache_dir' directory. -# -#Default: -# none - -# TAG: logfile_rotate -# Specifies the number of logfile rotations to make when you -# type 'squid -k rotate'. The default is 10, which will rotate -# with extensions 0 through 9. Setting logfile_rotate to 0 will -# disable the file name rotation, but the logfiles are still closed -# and re-opened. This will enable you to rename the logfiles -# yourself just before sending the rotate signal. -# -# Note, the 'squid -k rotate' command normally sends a USR1 -# signal to the running squid process. In certain situations -# (e.g. on Linux with Async I/O), USR1 is used for other -# purposes, so -k rotate uses another signal. It is best to get -# in the habit of using 'squid -k rotate' instead of 'kill -USR1 -# '. -#logfile_rotate 0 -# -#Default: -# logfile_rotate 0 - -# TAG: emulate_httpd_log on|off -# The Cache can emulate the log file format which many 'httpd' -# programs use. To disable/enable this emulation, set -# emulate_httpd_log to 'off' or 'on'. The default -# is to use the native log format since it includes useful -# information Squid-specific log analyzers use. -# -#Default: -# emulate_httpd_log off - -# TAG: log_ip_on_direct on|off -# Log the destination IP address in the hierarchy log tag when going -# direct. Earlier Squid versions logged the hostname here. If you -# prefer the old way set this to off. -# -#Default: -# log_ip_on_direct on - -# TAG: mime_table -# Pathname to Squid's MIME table. You shouldn't need to change -# this, but the default file contains examples and formatting -# information if you do. -# -#Default: -# mime_table /etc/squid/mime.conf - -# TAG: log_mime_hdrs on|off -# The Cache can record both the request and the response MIME -# headers for each HTTP transaction. The headers are encoded -# safely and will appear as two bracketed fields at the end of -# the access log (for either the native or httpd-emulated log -# formats). To enable this logging set log_mime_hdrs to 'on'. -# -#Default: -# log_mime_hdrs off - -# TAG: useragent_log -# Squid will write the User-Agent field from HTTP requests -# to the filename specified here. By default useragent_log -# is disabled. -# -#Default: -# none - -# TAG: referer_log -# Squid will write the Referer field from HTTP requests to the -# filename specified here. By default referer_log is disabled. -# Note that "referer" is actually a misspelling of "referrer" -# however the misspelt version has been accepted into the HTTP RFCs -# and we accept both. -# -#Default: -# none - -# TAG: pid_filename -# A filename to write the process-id to. To disable, enter "none". -# -#Default: -# pid_filename /var/run/squid.pid - -# TAG: debug_options -# Logging options are set as section,level where each source file -# is assigned a unique section. Lower levels result in less -# output, Full debugging (level 9) can result in a very large -# log file, so be careful. The magic word "ALL" sets debugging -# levels for all sections. We recommend normally running with -# "ALL,1". -# -#Default: -# debug_options ALL,1 - -# TAG: log_fqdn on|off -# Turn this on if you wish to log fully qualified domain names -# in the access.log. To do this Squid does a DNS lookup of all -# IP's connecting to it. This can (in some situations) increase -# latency, which makes your cache seem slower for interactive -# browsing. -# -#Default: -# log_fqdn off - -# TAG: client_netmask -# A netmask for client addresses in logfiles and cachemgr output. -# Change this to protect the privacy of your cache clients. -# A netmask of 255.255.255.0 will log all IP's in that range with -# the last digit set to '0'. -# -#Default: -# client_netmask 255.255.255.255 - -# TAG: forward_log -# Note: This option is only available if Squid is rebuilt with the -# -DWIP_FWD_LOG define -# -# Logs the server-side requests. -# -# This is currently work in progress. -# -#Default: -# none - -# TAG: strip_query_terms -# By default, Squid strips query terms from requested URLs before -# logging. This protects your user's privacy. -# -#Default: -# strip_query_terms on - -# TAG: buffered_logs on|off -# cache.log log file is written with stdio functions, and as such -# it can be buffered or unbuffered. By default it will be unbuffered. -# Buffering it can speed up the writing slightly (though you are -# unlikely to need to worry unless you run with tons of debugging -# enabled in which case performance will suffer badly anyway..). -# -#Default: -# buffered_logs off - - -# OPTIONS FOR FTP GATEWAYING -# ----------------------------------------------------------------------------- - -# TAG: ftp_user -# If you want the anonymous login password to be more informative -# (and enable the use of picky ftp servers), set this to something -# reasonable for your domain, like wwwuser@somewhere.net -# -# The reason why this is domainless by default is the -# request can be made on the behalf of a user in any domain, -# depending on how the cache is used. -# Some ftp server also validate the email address is valid -# (for example perl.com). -# -#Default: -# ftp_user Squid@ - -# TAG: ftp_list_width -# Sets the width of ftp listings. This should be set to fit in -# the width of a standard browser. Setting this too small -# can cut off long filenames when browsing ftp sites. -# -#Default: -# ftp_list_width 32 - -# TAG: ftp_passive -# If your firewall does not allow Squid to use passive -# connections, turn off this option. -# -#Default: -# ftp_passive on - -# TAG: ftp_sanitycheck -# For security and data integrity reasons Squid by default performs -# sanity checks of the addresses of FTP data connections ensure the -# data connection is to the requested server. If you need to allow -# FTP connections to servers using another IP address for the data -# connection turn this off. -# -#Default: -# ftp_sanitycheck on - -# TAG: ftp_telnet_protocol -# The FTP protocol is officially defined to use the telnet protocol -# as transport channel for the control connection. However, many -# implementations are broken and does not respect this aspect of -# the FTP protocol. -# -# If you have trouble accessing files with ASCII code 255 in the -# path or similar problems involving this ASCII code you can -# try setting this directive to off. If that helps, report to the -# operator of the FTP server in question that their FTP server -# is broken and does not follow the FTP standard. -# -#Default: -# ftp_telnet_protocol on - - -# OPTIONS FOR EXTERNAL SUPPORT PROGRAMS -# ----------------------------------------------------------------------------- - -# TAG: diskd_program -# Specify the location of the diskd executable. -# Note this is only useful if you have compiled in -# diskd as one of the store io modules. -# -#Default: -# diskd_program /usr/lib64/squid/diskd - -# TAG: unlinkd_program -# Specify the location of the executable for file deletion process. -# -#Default: -# unlinkd_program /usr/lib64/squid/unlinkd - -# TAG: pinger_program -# Note: This option is only available if Squid is rebuilt with the -# --enable-icmp option -# -# Specify the location of the executable for the pinger process. -# -#Default: -# pinger_program /usr/lib64/squid/pinger - - -# OPTIONS FOR URL REWRITING -# ----------------------------------------------------------------------------- - -# TAG: url_rewrite_program -# Specify the location of the executable for the URL rewriter. -# Since they can perform almost any function there isn't one included. -# -# For each requested URL rewriter will receive on line with the format -# -# URL client_ip "/" fqdn user method [ kvpairs] -# -# In the future, the rewriter interface will be extended with -# key=value pairs ("kvpairs" shown above). Rewriter programs -# should be prepared to receive and possibly ignore additional -# whitespace-separated tokens on each input line. -# -# And the rewriter may return a rewritten URL. The other components of -# the request line does not need to be returned (ignored if they are). -# -# The rewriter can also indicate that a client-side redirect should -# be performed to the new URL. This is done by prefixing the returned -# URL with "301:" (moved permanently) or 302: (moved temporarily). -# -# By default, a URL rewriter is not used. -# -#Default: -# none - -# TAG: url_rewrite_children -# The number of redirector processes to spawn. If you start -# too few Squid will have to wait for them to process a backlog of -# URLs, slowing it down. If you start too many they will use RAM -# and other system resources. -# -#Default: -# url_rewrite_children 5 - -# TAG: url_rewrite_concurrency -# The number of requests each redirector helper can handle in -# parallel. Defaults to 0 which indicates the redirector -# is a old-style single threaded redirector. -# -#Default: -# url_rewrite_concurrency 0 - -# TAG: url_rewrite_host_header -# By default Squid rewrites any Host: header in redirected -# requests. If you are running an accelerator this may -# not be a wanted effect of a redirector. -# -# WARNING: Entries are cached on the result of the URL rewriting -# process, so be careful if you have domain-virtual hosts. -# -#Default: -# url_rewrite_host_header on - -# TAG: url_rewrite_access -# If defined, this access list specifies which requests are -# sent to the redirector processes. By default all requests -# are sent. -# -#Default: -# none - -# TAG: url_rewrite_bypass -# When this is 'on', a request will not go through the -# redirector if all redirectors are busy. If this is 'off' -# and the redirector queue grows too large, Squid will exit -# with a FATAL error and ask you to increase the number of -# redirectors. You should only enable this if the redirectors -# are not critical to your caching system. If you use -# redirectors for access control, and you enable this option, -# users may have access to pages they should not -# be allowed to request. -# -#Default: -# url_rewrite_bypass off - - -# OPTIONS FOR TUNING THE CACHE -# ----------------------------------------------------------------------------- - -# TAG: cache -# A list of ACL elements which, if matched and denied, cause the request to -# not be satisfied from the cache and the reply to not be cached. -# In other words, use this to force certain objects to never be cached. -# -# You must use the words 'allow' or 'deny' to indicate whether items -# matching the ACL should be allowed or denied into the cache. -# -# Default is to allow all to be cached -# -#Default: -# none - -# TAG: refresh_pattern -# usage: refresh_pattern [-i] regex min percent max [options] -# -# By default, regular expressions are CASE-SENSITIVE. To make -# them case-insensitive, use the -i option. -# -# 'Min' is the time (in minutes) an object without an explicit -# expiry time should be considered fresh. The recommended -# value is 0, any higher values may cause dynamic applications -# to be erroneously cached unless the application designer -# has taken the appropriate actions. -# -# 'Percent' is a percentage of the objects age (time since last -# modification age) an object without explicit expiry time -# will be considered fresh. -# -# 'Max' is an upper limit on how long objects without an explicit -# expiry time will be considered fresh. -# -# options: override-expire -# override-lastmod -# reload-into-ims -# ignore-reload -# ignore-no-cache -# ignore-no-store -# ignore-private -# ignore-auth -# refresh-ims -# -# override-expire enforces min age even if the server -# sent an explicit expiry time (e.g., with the -# Expires: header or Cache-Control: max-age). Doing this -# VIOLATES the HTTP standard. Enabling this feature -# could make you liable for problems which it causes. -# -# override-lastmod enforces min age even on objects -# that were modified recently. -# -# reload-into-ims changes client no-cache or ``reload'' -# to If-Modified-Since requests. Doing this VIOLATES the -# HTTP standard. Enabling this feature could make you -# liable for problems which it causes. -# -# ignore-reload ignores a client no-cache or ``reload'' -# header. Doing this VIOLATES the HTTP standard. Enabling -# this feature could make you liable for problems which -# it causes. -# -# ignore-no-cache ignores any ``Pragma: no-cache'' and -# ``Cache-control: no-cache'' headers received from a server. -# The HTTP RFC never allows the use of this (Pragma) header -# from a server, only a client, though plenty of servers -# send it anyway. -# -# ignore-no-store ignores any ``Cache-control: no-store'' -# headers received from a server. Doing this VIOLATES -# the HTTP standard. Enabling this feature could make you -# liable for problems which it causes. -# -# ignore-private ignores any ``Cache-control: private'' -# headers received from a server. Doing this VIOLATES -# the HTTP standard. Enabling this feature could make you -# liable for problems which it causes. -# -# ignore-auth caches responses to requests with authorization, -# as if the originserver had sent ``Cache-control: public'' -# in the response header. Doing this VIOLATES the HTTP standard. -# Enabling this feature could make you liable for problems which -# it causes. -# -# refresh-ims causes squid to contact the origin server -# when a client issues an If-Modified-Since request. This -# ensures that the client will receive an updated version -# if one is available. -# -# Basically a cached object is: -# -# FRESH if expires < now, else STALE -# STALE if age > max -# FRESH if lm-factor < percent, else STALE -# FRESH if age < min -# else STALE -# -# The refresh_pattern lines are checked in the order listed here. -# The first entry which matches is used. If none of the entries -# match the default will be used. -# -# Note, you must uncomment all the default lines if you want -# to change one. The default setting is only active if none is -# used. -# -#Suggested default: -refresh_pattern ^ftp: 1440 20% 10080 -refresh_pattern ^gopher: 1440 0% 1440 -refresh_pattern (cgi-bin|\?) 0 0% 0 -refresh_pattern . 0 20% 4320 - -# TAG: quick_abort_min (KB) -# TAG: quick_abort_max (KB) -# TAG: quick_abort_pct (percent) -# The cache by default continues downloading aborted requests -# which are almost completed (less than 16 KB remaining). This -# may be undesirable on slow (e.g. SLIP) links and/or very busy -# caches. Impatient users may tie up file descriptors and -# bandwidth by repeatedly requesting and immediately aborting -# downloads. -# -# When the user aborts a request, Squid will check the -# quick_abort values to the amount of data transferred until -# then. -# -# If the transfer has less than 'quick_abort_min' KB remaining, -# it will finish the retrieval. -# -# If the transfer has more than 'quick_abort_max' KB remaining, -# it will abort the retrieval. -# -# If more than 'quick_abort_pct' of the transfer has completed, -# it will finish the retrieval. -# -# If you do not want any retrieval to continue after the client -# has aborted, set both 'quick_abort_min' and 'quick_abort_max' -# to '0 KB'. -# -# If you want retrievals to always continue if they are being -# cached set 'quick_abort_min' to '-1 KB'. -# -#Default: -# quick_abort_min 16 KB -# quick_abort_max 16 KB -# quick_abort_pct 95 - -# TAG: read_ahead_gap buffer-size -# The amount of data the cache will buffer ahead of what has been -# sent to the client when retrieving an object from another server. -# -#Default: -# read_ahead_gap 16 KB - -# TAG: negative_ttl time-units -# Time-to-Live (TTL) for failed requests. Certain types of -# failures (such as "connection refused" and "404 Not Found") are -# negatively-cached for a configurable amount of time. The -# default is 5 minutes. Note that this is different from -# negative caching of DNS lookups. -# -# WARNING: This setting VIOLATES RFC 2616 when non-zero. -# If you have problems with error pages caching, set to '0 seconds' -# -#Default: -# negative_ttl 5 minutes - -# TAG: positive_dns_ttl time-units -# Upper limit on how long Squid will cache positive DNS responses. -# Default is 6 hours (360 minutes). This directive must be set -# larger than negative_dns_ttl. -# -#Default: -# positive_dns_ttl 6 hours - -# TAG: negative_dns_ttl time-units -# Time-to-Live (TTL) for negative caching of failed DNS lookups. -# This also sets the lower cache limit on positive lookups. -# Minimum value is 1 second, and it is not recommendable to go -# much below 10 seconds. -# -#Default: -# negative_dns_ttl 1 minutes - -# TAG: range_offset_limit (bytes) -# Sets a upper limit on how far into the the file a Range request -# may be to cause Squid to prefetch the whole file. If beyond this -# limit Squid forwards the Range request as it is and the result -# is NOT cached. -# -# This is to stop a far ahead range request (lets say start at 17MB) -# from making Squid fetch the whole object up to that point before -# sending anything to the client. -# -# A value of -1 causes Squid to always fetch the object from the -# beginning so it may cache the result. (2.0 style) -# -# A value of 0 causes Squid to never fetch more than the -# client requested. (default) -# -#Default: -# range_offset_limit 0 KB - -# TAG: minimum_expiry_time (seconds) -# The minimum caching time according to (Expires - Date) -# Headers Squid honors if the object can't be revalidated -# defaults to 60 seconds. In reverse proxy environments it -# might be desirable to honor shorter object lifetimes. It -# is most likely better to make your server return a -# meaningful Last-Modified header however. In ESI environments -# where page fragments often have short lifetimes, this will -# often be best set to 0. -# -#Default: -# minimum_expiry_time 60 seconds - -# TAG: store_avg_object_size (kbytes) -# Average object size, used to estimate number of objects your -# cache can hold. The default is 13 KB. -# -#Default: -# store_avg_object_size 13 KB - -# TAG: store_objects_per_bucket -# Target number of objects per bucket in the store hash table. -# Lowering this value increases the total number of buckets and -# also the storage maintenance rate. The default is 20. -# -#Default: -# store_objects_per_bucket 20 - - -# HTTP OPTIONS -# ----------------------------------------------------------------------------- - -# TAG: request_header_max_size (KB) -# This specifies the maximum size for HTTP headers in a request. -# Request headers are usually relatively small (about 512 bytes). -# Placing a limit on the request header size will catch certain -# bugs (for example with persistent connections) and possibly -# buffer-overflow or denial-of-service attacks. -# -#Default: -# request_header_max_size 20 KB - -# TAG: reply_header_max_size (KB) -# This specifies the maximum size for HTTP headers in a reply. -# Reply headers are usually relatively small (about 512 bytes). -# Placing a limit on the reply header size will catch certain -# bugs (for example with persistent connections) and possibly -# buffer-overflow or denial-of-service attacks. -# -#Default: -# reply_header_max_size 20 KB - -# TAG: request_body_max_size (bytes) -# This specifies the maximum size for an HTTP request body. -# In other words, the maximum size of a PUT/POST request. -# A user who attempts to send a request with a body larger -# than this limit receives an "Invalid Request" error message. -# If you set this parameter to a zero (the default), there will -# be no limit imposed. -# -#Default: -# request_body_max_size 0 KB - -# TAG: broken_posts -# A list of ACL elements which, if matched, causes Squid to send -# an extra CRLF pair after the body of a PUT/POST request. -# -# Some HTTP servers has broken implementations of PUT/POST, -# and rely on an extra CRLF pair sent by some WWW clients. -# -# Quote from RFC2616 section 4.1 on this matter: -# -# Note: certain buggy HTTP/1.0 client implementations generate an -# extra CRLF's after a POST request. To restate what is explicitly -# forbidden by the BNF, an HTTP/1.1 client must not preface or follow -# a request with an extra CRLF. -# -#Example: -# acl buggy_server url_regex ^http://.... -# broken_posts allow buggy_server -# -#Default: -# none - -# TAG: via on|off -# If set (default), Squid will include a Via header in requests and -# replies as required by RFC2616. -# -#Default: -# via on - -# TAG: ie_refresh on|off -# Microsoft Internet Explorer up until version 5.5 Service -# Pack 1 has an issue with transparent proxies, wherein it -# is impossible to force a refresh. Turning this on provides -# a partial fix to the problem, by causing all IMS-REFRESH -# requests from older IE versions to check the origin server -# for fresh content. This reduces hit ratio by some amount -# (~10% in my experience), but allows users to actually get -# fresh content when they want it. Note because Squid -# cannot tell if the user is using 5.5 or 5.5SP1, the behavior -# of 5.5 is unchanged from old versions of Squid (i.e. a -# forced refresh is impossible). Newer versions of IE will, -# hopefully, continue to have the new behavior and will be -# handled based on that assumption. This option defaults to -# the old Squid behavior, which is better for hit ratios but -# worse for clients using IE, if they need to be able to -# force fresh content. -# -#Default: -# ie_refresh off - -# TAG: vary_ignore_expire on|off -# Many HTTP servers supporting Vary gives such objects -# immediate expiry time with no cache-control header -# when requested by a HTTP/1.0 client. This option -# enables Squid to ignore such expiry times until -# HTTP/1.1 is fully implemented. -# WARNING: This may eventually cause some varying -# objects not intended for caching to get cached. -# -#Default: -# vary_ignore_expire off - -# TAG: extension_methods -# Squid only knows about standardized HTTP request methods. -# You can add up to 20 additional "extension" methods here. -# -#Default: -# none - -# TAG: request_entities -# Squid defaults to deny GET and HEAD requests with request entities, -# as the meaning of such requests are undefined in the HTTP standard -# even if not explicitly forbidden. -# -# Set this directive to on if you have clients which insists -# on sending request entities in GET or HEAD requests. But be warned -# that there is server software (both proxies and web servers) which -# can fail to properly process this kind of request which may make you -# vulnerable to cache pollution attacks if enabled. -# -#Default: -# request_entities off - -# TAG: request_header_access -# Usage: request_header_access header_name allow|deny [!]aclname ... -# -# WARNING: Doing this VIOLATES the HTTP standard. Enabling -# this feature could make you liable for problems which it -# causes. -# -# This option replaces the old 'anonymize_headers' and the -# older 'http_anonymizer' option with something that is much -# more configurable. This new method creates a list of ACLs -# for each header, allowing you very fine-tuned header -# mangling. -# -# This option only applies to request headers, i.e., from the -# client to the server. -# -# You can only specify known headers for the header name. -# Other headers are reclassified as 'Other'. You can also -# refer to all the headers with 'All'. -# -# For example, to achieve the same behavior as the old -# 'http_anonymizer standard' option, you should use: -# -# request_header_access From deny all -# request_header_access Referer deny all -# request_header_access Server deny all -# request_header_access User-Agent deny all -# request_header_access WWW-Authenticate deny all -# request_header_access Link deny all -# -# Or, to reproduce the old 'http_anonymizer paranoid' feature -# you should use: -# -# request_header_access Allow allow all -# request_header_access Authorization allow all -# request_header_access WWW-Authenticate allow all -# request_header_access Proxy-Authorization allow all -# request_header_access Proxy-Authenticate allow all -# request_header_access Cache-Control allow all -# request_header_access Content-Encoding allow all -# request_header_access Content-Length allow all -# request_header_access Content-Type allow all -# request_header_access Date allow all -# request_header_access Expires allow all -# request_header_access Host allow all -# request_header_access If-Modified-Since allow all -# request_header_access Last-Modified allow all -# request_header_access Location allow all -# request_header_access Pragma allow all -# request_header_access Accept allow all -# request_header_access Accept-Charset allow all -# request_header_access Accept-Encoding allow all -# request_header_access Accept-Language allow all -# request_header_access Content-Language allow all -# request_header_access Mime-Version allow all -# request_header_access Retry-After allow all -# request_header_access Title allow all -# request_header_access Connection allow all -# request_header_access Proxy-Connection allow all -# request_header_access All deny all -# -# although many of those are HTTP reply headers, and so should be -# controlled with the reply_header_access directive. -# -# By default, all headers are allowed (no anonymizing is -# performed). -# -#Default: -# none - -# TAG: reply_header_access -# Usage: reply_header_access header_name allow|deny [!]aclname ... -# -# WARNING: Doing this VIOLATES the HTTP standard. Enabling -# this feature could make you liable for problems which it -# causes. -# -# This option only applies to reply headers, i.e., from the -# server to the client. -# -# This is the same as request_header_access, but in the other -# direction. -# -# This option replaces the old 'anonymize_headers' and the -# older 'http_anonymizer' option with something that is much -# more configurable. This new method creates a list of ACLs -# for each header, allowing you very fine-tuned header -# mangling. -# -# You can only specify known headers for the header name. -# Other headers are reclassified as 'Other'. You can also -# refer to all the headers with 'All'. -# -# For example, to achieve the same behavior as the old -# 'http_anonymizer standard' option, you should use: -# -# reply_header_access From deny all -# reply_header_access Referer deny all -# reply_header_access Server deny all -# reply_header_access User-Agent deny all -# reply_header_access WWW-Authenticate deny all -# reply_header_access Link deny all -# -# Or, to reproduce the old 'http_anonymizer paranoid' feature -# you should use: -# -# reply_header_access Allow allow all -# reply_header_access Authorization allow all -# reply_header_access WWW-Authenticate allow all -# reply_header_access Proxy-Authorization allow all -# reply_header_access Proxy-Authenticate allow all -# reply_header_access Cache-Control allow all -# reply_header_access Content-Encoding allow all -# reply_header_access Content-Length allow all -# reply_header_access Content-Type allow all -# reply_header_access Date allow all -# reply_header_access Expires allow all -# reply_header_access Host allow all -# reply_header_access If-Modified-Since allow all -# reply_header_access Last-Modified allow all -# reply_header_access Location allow all -# reply_header_access Pragma allow all -# reply_header_access Accept allow all -# reply_header_access Accept-Charset allow all -# reply_header_access Accept-Encoding allow all -# reply_header_access Accept-Language allow all -# reply_header_access Content-Language allow all -# reply_header_access Mime-Version allow all -# reply_header_access Retry-After allow all -# reply_header_access Title allow all -# reply_header_access Connection allow all -# reply_header_access Proxy-Connection allow all -# reply_header_access All deny all -# -# although the HTTP request headers won't be usefully controlled -# by this directive -- see request_header_access for details. -# -# By default, all headers are allowed (no anonymizing is -# performed). -# -#Default: -# none - -# TAG: header_replace -# Usage: header_replace header_name message -# Example: header_replace User-Agent Nutscrape/1.0 (CP/M; 8-bit) -# -# This option allows you to change the contents of headers -# denied with header_access above, by replacing them with -# some fixed string. This replaces the old fake_user_agent -# option. -# -# This only applies to request headers, not reply headers. -# -# By default, headers are removed if denied. -# -#Default: -# none - -# TAG: relaxed_header_parser on|off|warn -# In the default "on" setting Squid accepts certain forms -# of non-compliant HTTP messages where it is unambiguous -# what the sending application intended even if the message -# is not correctly formatted. The messages is then normalized -# to the correct form when forwarded by Squid. -# -# If set to "warn" then a warning will be emitted in cache.log -# each time such HTTP error is encountered. -# -# If set to "off" then such HTTP errors will cause the request -# or response to be rejected. -# -#Default: -# relaxed_header_parser on - - -# TIMEOUTS -# ----------------------------------------------------------------------------- - -# TAG: forward_timeout time-units -# This parameter specifies how long Squid should at most attempt in -# finding a forwarding path for the request before giving up. -# -#Default: -# forward_timeout 4 minutes - -# TAG: connect_timeout time-units -# This parameter specifies how long to wait for the TCP connect to -# the requested server or peer to complete before Squid should -# attempt to find another path where to forward the request. -# -#Default: -# connect_timeout 1 minute - -# TAG: peer_connect_timeout time-units -# This parameter specifies how long to wait for a pending TCP -# connection to a peer cache. The default is 30 seconds. You -# may also set different timeout values for individual neighbors -# with the 'connect-timeout' option on a 'cache_peer' line. -# -#Default: -# peer_connect_timeout 30 seconds - -# TAG: read_timeout time-units -# The read_timeout is applied on server-side connections. After -# each successful read(), the timeout will be extended by this -# amount. If no data is read again after this amount of time, -# the request is aborted and logged with ERR_READ_TIMEOUT. The -# default is 15 minutes. -# -#Default: -# read_timeout 15 minutes - -# TAG: request_timeout -# How long to wait for an HTTP request after initial -# connection establishment. -# -#Default: -# request_timeout 5 minutes - -# TAG: persistent_request_timeout -# How long to wait for the next HTTP request on a persistent -# connection after the previous request completes. -# -#Default: -# persistent_request_timeout 2 minutes - -# TAG: client_lifetime time-units -# The maximum amount of time a client (browser) is allowed to -# remain connected to the cache process. This protects the Cache -# from having a lot of sockets (and hence file descriptors) tied up -# in a CLOSE_WAIT state from remote clients that go away without -# properly shutting down (either because of a network failure or -# because of a poor client implementation). The default is one -# day, 1440 minutes. -# -# NOTE: The default value is intended to be much larger than any -# client would ever need to be connected to your cache. You -# should probably change client_lifetime only as a last resort. -# If you seem to have many client connections tying up -# filedescriptors, we recommend first tuning the read_timeout, -# request_timeout, persistent_request_timeout and quick_abort values. -# -#Default: -# client_lifetime 1 day - -# TAG: half_closed_clients -# Some clients may shutdown the sending side of their TCP -# connections, while leaving their receiving sides open. Sometimes, -# Squid can not tell the difference between a half-closed and a -# fully-closed TCP connection. -# -# By default, Squid will immediately close client connections when -# read(2) returns "no more data to read." -# -# Change this option to 'on' and Squid will keep open connections -# until a read(2) or write(2) on the socket returns an error. -# This may show some benefits for reverse proxies. But if not -# it is recommended to leave OFF. -# -#Default: -# half_closed_clients off - -# TAG: pconn_timeout -# Timeout for idle persistent connections to servers and other -# proxies. -# -#Default: -# pconn_timeout 1 minute - -# TAG: ident_timeout -# Maximum time to wait for IDENT lookups to complete. -# -# If this is too high, and you enabled IDENT lookups from untrusted -# users, you might be susceptible to denial-of-service by having -# many ident requests going at once. -# -#Default: -# ident_timeout 10 seconds - -# TAG: shutdown_lifetime time-units -# When SIGTERM or SIGHUP is received, the cache is put into -# "shutdown pending" mode until all active sockets are closed. -# This value is the lifetime to set for all open descriptors -# during shutdown mode. Any active clients after this many -# seconds will receive a 'timeout' message. -# -#Default: -# shutdown_lifetime 30 seconds - - -# ADMINISTRATIVE PARAMETERS -# ----------------------------------------------------------------------------- - -# TAG: cache_mgr -# Email-address of local cache manager who will receive -# mail if the cache dies. The default is "root." -# -#Default: -# cache_mgr root - -# TAG: mail_from -# From: email-address for mail sent when the cache dies. -# The default is to use 'appname@unique_hostname'. -# Default appname value is "squid", can be changed into -# src/globals.h before building squid. -# -#Default: -# none - -# TAG: mail_program -# Email program used to send mail if the cache dies. -# The default is "mail". The specified program must comply -# with the standard Unix mail syntax: -# mail-program recipient < mailfile -# -# Optional command line options can be specified. -# -#Default: -# mail_program mail - -# TAG: cache_effective_user -# If you start Squid as root, it will change its effective/real -# UID/GID to the user specified below. The default is to change -# to UID of squid. -# see also; cache_effective_group -# -#Default: -# cache_effective_user squid - -# TAG: cache_effective_group -# Squid sets the GID to the effective user's default group ID -# (taken from the password file) and supplementary group list -# from the groups membership. -# -# If you want Squid to run with a specific GID regardless of -# the group memberships of the effective user then set this -# to the group (or GID) you want Squid to run as. When set -# all other group privileges of the effective user are ignored -# and only this GID is effective. If Squid is not started as -# root the user starting Squid MUST be member of the specified -# group. -# -# This option is not recommended by the Squid Team. -# Our preference is for administrators to configure a secure -# user account for squid with UID/GID matching system policies. -# -#Default: -# none - -# TAG: httpd_suppress_version_string on|off -# Suppress Squid version string info in HTTP headers and HTML error pages. -# -#Default: -# httpd_suppress_version_string off - -# TAG: visible_hostname -# If you want to present a special hostname in error messages, etc, -# define this. Otherwise, the return value of gethostname() -# will be used. If you have multiple caches in a cluster and -# get errors about IP-forwarding you must set them to have individual -# names with this setting. -# -#Default: -# none - -# TAG: unique_hostname -# If you want to have multiple machines with the same -# 'visible_hostname' you must give each machine a different -# 'unique_hostname' so forwarding loops can be detected. -# -#Default: -# none - -# TAG: hostname_aliases -# A list of other DNS names your cache has. -# -#Default: -# none - -# TAG: umask -# Minimum umask which should be enforced while the proxy -# is running, in addition to the umask set at startup. -# -# For a traditional octal representation of umasks, start -# your value with 0. -# -#Default: -# umask 027 - - -# OPTIONS FOR THE CACHE REGISTRATION SERVICE -# ----------------------------------------------------------------------------- -# -# This section contains parameters for the (optional) cache -# announcement service. This service is provided to help -# cache administrators locate one another in order to join or -# create cache hierarchies. -# -# An 'announcement' message is sent (via UDP) to the registration -# service by Squid. By default, the announcement message is NOT -# SENT unless you enable it with 'announce_period' below. -# -# The announcement message includes your hostname, plus the -# following information from this configuration file: -# -# http_port -# icp_port -# cache_mgr -# -# All current information is processed regularly and made -# available on the Web at http://www.ircache.net/Cache/Tracker/. - -# TAG: announce_period -# This is how frequently to send cache announcements. The -# default is `0' which disables sending the announcement -# messages. -# -# To enable announcing your cache, just uncomment the line -# below. -# -#Default: -# announce_period 0 -# -#To enable announcing your cache, just uncomment the line below. -#announce_period 1 day - -# TAG: announce_host -# TAG: announce_file -# TAG: announce_port -# announce_host and announce_port set the hostname and port -# number where the registration message will be sent. -# -# Hostname will default to 'tracker.ircache.net' and port will -# default default to 3131. If the 'filename' argument is given, -# the contents of that file will be included in the announce -# message. -# -#Default: -# announce_host tracker.ircache.net -# announce_port 3131 - - -# HTTPD-ACCELERATOR OPTIONS -# ----------------------------------------------------------------------------- - -# TAG: httpd_accel_surrogate_id -# Note: This option is only available if Squid is rebuilt with the -# -DUSE_SQUID_ESI define -# -# Surrogates (http://www.esi.org/architecture_spec_1.0.html) -# need an identification token to allow control targeting. Because -# a farm of surrogates may all perform the same tasks, they may share -# an identification token. -# -#Default: -# httpd_accel_surrogate_id unset-id - -# TAG: http_accel_surrogate_remote on|off -# Note: This option is only available if Squid is rebuilt with the -# -DUSE_SQUID_ESI define -# -# Remote surrogates (such as those in a CDN) honour Surrogate-Control: no-store-remote. -# Set this to on to have squid behave as a remote surrogate. -# -#Default: -# http_accel_surrogate_remote off - -# TAG: esi_parser libxml2|expat|custom -# Note: This option is only available if Squid is rebuilt with the -# -DUSE_SQUID_ESI define -# -# ESI markup is not strictly XML compatible. The custom ESI parser -# will give higher performance, but cannot handle non ASCII character -# encodings. -# -#Default: -# esi_parser custom - - -# DELAY POOL PARAMETERS -# ----------------------------------------------------------------------------- - -# TAG: delay_pools -# This represents the number of delay pools to be used. For example, -# if you have one class 2 delay pool and one class 3 delays pool, you -# have a total of 2 delay pools. -# -#Default: -# delay_pools 0 - -# TAG: delay_class -# This defines the class of each delay pool. There must be exactly one -# delay_class line for each delay pool. For example, to define two -# delay pools, one of class 2 and one of class 3, the settings above -# and here would be: -# -#Example: -# delay_pools 4 # 4 delay pools -# delay_class 1 2 # pool 1 is a class 2 pool -# delay_class 2 3 # pool 2 is a class 3 pool -# delay_class 3 4 # pool 3 is a class 4 pool -# delay_class 4 5 # pool 4 is a class 5 pool -# -# The delay pool classes are: -# -# class 1 Everything is limited by a single aggregate -# bucket. -# -# class 2 Everything is limited by a single aggregate -# bucket as well as an "individual" bucket chosen -# from bits 25 through 32 of the IP address. -# -# class 3 Everything is limited by a single aggregate -# bucket as well as a "network" bucket chosen -# from bits 17 through 24 of the IP address and a -# "individual" bucket chosen from bits 17 through -# 32 of the IP address. -# -# class 4 Everything in a class 3 delay pool, with an -# additional limit on a per user basis. This -# only takes effect if the username is established -# in advance - by forcing authentication in your -# http_access rules. -# -# class 5 Requests are grouped according their tag (see -# external_acl's tag= reply). -# -# NOTE: If an IP address is a.b.c.d -# -> bits 25 through 32 are "d" -# -> bits 17 through 24 are "c" -# -> bits 17 through 32 are "c * 256 + d" -# -#Default: -# none - -# TAG: delay_access -# This is used to determine which delay pool a request falls into. -# -# delay_access is sorted per pool and the matching starts with pool 1, -# then pool 2, ..., and finally pool N. The first delay pool where the -# request is allowed is selected for the request. If it does not allow -# the request to any pool then the request is not delayed (default). -# -# For example, if you want some_big_clients in delay -# pool 1 and lotsa_little_clients in delay pool 2: -# -#Example: -# delay_access 1 allow some_big_clients -# delay_access 1 deny all -# delay_access 2 allow lotsa_little_clients -# delay_access 2 deny all -# delay_access 3 allow authenticated_clients -# -#Default: -# none - -# TAG: delay_parameters -# This defines the parameters for a delay pool. Each delay pool has -# a number of "buckets" associated with it, as explained in the -# description of delay_class. For a class 1 delay pool, the syntax is: -# -#delay_parameters pool aggregate -# -# For a class 2 delay pool: -# -#delay_parameters pool aggregate individual -# -# For a class 3 delay pool: -# -#delay_parameters pool aggregate network individual -# -# For a class 4 delay pool: -# -#delay_parameters pool aggregate network individual user -# -# For a class 5 delay pool: -# -#delay_parameters pool tag -# -# The variables here are: -# -# pool a pool number - ie, a number between 1 and the -# number specified in delay_pools as used in -# delay_class lines. -# -# aggregate the "delay parameters" for the aggregate bucket -# (class 1, 2, 3). -# -# individual the "delay parameters" for the individual -# buckets (class 2, 3). -# -# network the "delay parameters" for the network buckets -# (class 3). -# -# user the delay parameters for the user buckets -# (class 4). -# -# tag the delay parameters for the tag buckets -# (class 5). -# -# A pair of delay parameters is written restore/maximum, where restore is -# the number of bytes (not bits - modem and network speeds are usually -# quoted in bits) per second placed into the bucket, and maximum is the -# maximum number of bytes which can be in the bucket at any time. -# -# For example, if delay pool number 1 is a class 2 delay pool as in the -# above example, and is being used to strictly limit each host to 64kbps -# (plus overheads), with no overall limit, the line is: -# -#delay_parameters 1 -1/-1 8000/8000 -# -# Note that the figure -1 is used to represent "unlimited". -# -# And, if delay pool number 2 is a class 3 delay pool as in the above -# example, and you want to limit it to a total of 256kbps (strict limit) -# with each 8-bit network permitted 64kbps (strict limit) and each -# individual host permitted 4800bps with a bucket maximum size of 64kb -# to permit a decent web page to be downloaded at a decent speed -# (if the network is not being limited due to overuse) but slow down -# large downloads more significantly: -# -#delay_parameters 2 32000/32000 8000/8000 600/8000 -# -# There must be one delay_parameters line for each delay pool. -# -# Finally, for a class 4 delay pool as in the example - each user will -# be limited to 128Kb no matter how many workstations they are logged into.: -# -#delay_parameters 4 32000/32000 8000/8000 600/64000 16000/16000 -# -#Default: -# none - -# TAG: delay_initial_bucket_level (percent, 0-100) -# The initial bucket percentage is used to determine how much is put -# in each bucket when squid starts, is reconfigured, or first notices -# a host accessing it (in class 2 and class 3, individual hosts and -# networks only have buckets associated with them once they have been -# "seen" by squid). -# -#Default: -# delay_initial_bucket_level 50 - - -# WCCPv1 AND WCCPv2 CONFIGURATION OPTIONS -# ----------------------------------------------------------------------------- - -# TAG: wccp_router -# TAG: wccp2_router -# Use this option to define your WCCP ``home'' router for -# Squid. -# -# wccp_router supports a single WCCP(v1) router -# -# wccp2_router supports multiple WCCPv2 routers -# -# only one of the two may be used at the same time and defines -# which version of WCCP to use. -# -#Default: -# wccp_router 0.0.0.0 - -# TAG: wccp_version -# This directive is only relevant if you need to set up WCCP(v1) -# to some very old and end-of-life Cisco routers. In all other -# setups it must be left unset or at the default setting. -# It defines an internal version in the WCCP(v1) protocol, -# with version 4 being the officially documented protocol. -# -# According to some users, Cisco IOS 11.2 and earlier only -# support WCCP version 3. If you're using that or an earlier -# version of IOS, you may need to change this value to 3, otherwise -# do not specify this parameter. -# -#Default: -# wccp_version 4 - -# TAG: wccp2_rebuild_wait -# If this is enabled Squid will wait for the cache dir rebuild to finish -# before sending the first wccp2 HereIAm packet -# -#Default: -# wccp2_rebuild_wait on - -# TAG: wccp2_forwarding_method -# WCCP2 allows the setting of forwarding methods between the -# router/switch and the cache. Valid values are as follows: -# -# 1 - GRE encapsulation (forward the packet in a GRE/WCCP tunnel) -# 2 - L2 redirect (forward the packet using Layer 2/MAC rewriting) -# -# Currently (as of IOS 12.4) cisco routers only support GRE. -# Cisco switches only support the L2 redirect assignment method. -# -#Default: -# wccp2_forwarding_method 1 - -# TAG: wccp2_return_method -# WCCP2 allows the setting of return methods between the -# router/switch and the cache for packets that the cache -# decides not to handle. Valid values are as follows: -# -# 1 - GRE encapsulation (forward the packet in a GRE/WCCP tunnel) -# 2 - L2 redirect (forward the packet using Layer 2/MAC rewriting) -# -# Currently (as of IOS 12.4) cisco routers only support GRE. -# Cisco switches only support the L2 redirect assignment. -# -# If the "ip wccp redirect exclude in" command has been -# enabled on the cache interface, then it is still safe for -# the proxy server to use a l2 redirect method even if this -# option is set to GRE. -# -#Default: -# wccp2_return_method 1 - -# TAG: wccp2_assignment_method -# WCCP2 allows the setting of methods to assign the WCCP hash -# Valid values are as follows: -# -# 1 - Hash assignment -# 2 - Mask assignment -# -# As a general rule, cisco routers support the hash assignment method -# and cisco switches support the mask assignment method. -# -#Default: -# wccp2_assignment_method 1 - -# TAG: wccp2_service -# WCCP2 allows for multiple traffic services. There are two -# types: "standard" and "dynamic". The standard type defines -# one service id - http (id 0). The dynamic service ids can be from -# 51 to 255 inclusive. In order to use a dynamic service id -# one must define the type of traffic to be redirected; this is done -# using the wccp2_service_info option. -# -# The "standard" type does not require a wccp2_service_info option, -# just specifying the service id will suffice. -# -# MD5 service authentication can be enabled by adding -# "password=" to the end of this service declaration. -# -# Examples: -# -# wccp2_service standard 0 # for the 'web-cache' standard service -# wccp2_service dynamic 80 # a dynamic service type which will be -# # fleshed out with subsequent options. -# wccp2_service standard 0 password=foo -# -# -#Default: -# wccp2_service standard 0 - -# TAG: wccp2_service_info -# Dynamic WCCPv2 services require further information to define the -# traffic you wish to have diverted. -# -# The format is: -# -# wccp2_service_info protocol= flags=,.. -# priority= ports=,.. -# -# The relevant WCCPv2 flags: -# + src_ip_hash, dst_ip_hash -# + source_port_hash, dst_port_hash -# + src_ip_alt_hash, dst_ip_alt_hash -# + src_port_alt_hash, dst_port_alt_hash -# + ports_source -# -# The port list can be one to eight entries. -# -# Example: -# -# wccp2_service_info 80 protocol=tcp flags=src_ip_hash,ports_source -# priority=240 ports=80 -# -# Note: the service id must have been defined by a previous -# 'wccp2_service dynamic ' entry. -# -#Default: -# none - -# TAG: wccp2_weight -# Each cache server gets assigned a set of the destination -# hash proportional to their weight. -# -#Default: -# wccp2_weight 10000 - -# TAG: wccp_address -# TAG: wccp2_address -# Use this option if you require WCCP to use a specific -# interface address. -# -# The default behavior is to not bind to any specific address. -# -#Default: -# wccp_address 0.0.0.0 -# wccp2_address 0.0.0.0 - - -# PERSISTENT CONNECTION HANDLING -# ----------------------------------------------------------------------------- -# -# Also see "pconn_timeout" in the TIMEOUTS section - -# TAG: client_persistent_connections -# TAG: server_persistent_connections -# Persistent connection support for clients and servers. By -# default, Squid uses persistent connections (when allowed) -# with its clients and servers. You can use these options to -# disable persistent connections with clients and/or servers. -# -#Default: -# client_persistent_connections on -# server_persistent_connections on - -# TAG: persistent_connection_after_error -# With this directive the use of persistent connections after -# HTTP errors can be disabled. Useful if you have clients -# who fail to handle errors on persistent connections proper. -# -#Default: -# persistent_connection_after_error off - -# TAG: detect_broken_pconn -# Some servers have been found to incorrectly signal the use -# of HTTP/1.0 persistent connections even on replies not -# compatible, causing significant delays. This server problem -# has mostly been seen on redirects. -# -# By enabling this directive Squid attempts to detect such -# broken replies and automatically assume the reply is finished -# after 10 seconds timeout. -# -#Default: -# detect_broken_pconn off - - -# CACHE DIGEST OPTIONS -# ----------------------------------------------------------------------------- - -# TAG: digest_generation -# This controls whether the server will generate a Cache Digest -# of its contents. By default, Cache Digest generation is -# enabled if Squid is compiled with --enable-cache-digests defined. -# -#Default: -# digest_generation on - -# TAG: digest_bits_per_entry -# This is the number of bits of the server's Cache Digest which -# will be associated with the Digest entry for a given HTTP -# Method and URL (public key) combination. The default is 5. -# -#Default: -# digest_bits_per_entry 5 - -# TAG: digest_rebuild_period (seconds) -# This is the wait time between Cache Digest rebuilds. -# -#Default: -# digest_rebuild_period 1 hour - -# TAG: digest_rewrite_period (seconds) -# This is the wait time between Cache Digest writes to -# disk. -# -#Default: -# digest_rewrite_period 1 hour - -# TAG: digest_swapout_chunk_size (bytes) -# This is the number of bytes of the Cache Digest to write to -# disk at a time. It defaults to 4096 bytes (4KB), the Squid -# default swap page. -# -#Default: -# digest_swapout_chunk_size 4096 bytes - -# TAG: digest_rebuild_chunk_percentage (percent, 0-100) -# This is the percentage of the Cache Digest to be scanned at a -# time. By default it is set to 10% of the Cache Digest. -# -#Default: -# digest_rebuild_chunk_percentage 10 - - -# SNMP OPTIONS -# ----------------------------------------------------------------------------- - -# TAG: snmp_port -# The port number where Squid listens for SNMP requests. To enable -# SNMP support set this to a suitable port number. Port number -# 3401 is often used for the Squid SNMP agent. By default it's -# set to "0" (disabled) -#Default: -# snmp_port 0 -# -#snmp_port 3401 - -# TAG: snmp_access -# Allowing or denying access to the SNMP port. -# -# All access to the agent is denied by default. -# usage: -# -# snmp_access allow|deny [!]aclname ... -# -#Example: -# snmp_access allow snmppublic localhost -# snmp_access deny all -# -#Default: -# snmp_access deny all - -# TAG: snmp_incoming_address -# TAG: snmp_outgoing_address -# Just like 'udp_incoming_address' above, but for the SNMP port. -# -# snmp_incoming_address is used for the SNMP socket receiving -# messages from SNMP agents. -# snmp_outgoing_address is used for SNMP packets returned to SNMP -# agents. -# -# The default snmp_incoming_address (0.0.0.0) is to listen on all -# available network interfaces. -# -# If snmp_outgoing_address is set to 255.255.255.255 (the default) -# it will use the same socket as snmp_incoming_address. Only -# change this if you want to have SNMP replies sent using another -# address than where this Squid listens for SNMP queries. -# -# NOTE, snmp_incoming_address and snmp_outgoing_address can not have -# the same value since they both use port 3401. -# -#Default: -# snmp_incoming_address 0.0.0.0 -# snmp_outgoing_address 255.255.255.255 - - -# ICP OPTIONS -# ----------------------------------------------------------------------------- - -# TAG: icp_port -# The port number where Squid sends and receives ICP queries to -# and from neighbor caches. The standard UDP port for ICP is 3130. -# Default is disabled (0). -#Default: -# icp_port 0 -# -icp_port 3130 - -# TAG: htcp_port -# The port number where Squid sends and receives HTCP queries to -# and from neighbor caches. To turn it on you want to set it to -# 4827. By default it is set to "0" (disabled). -#Default: -# htcp_port 0 -# -#htcp_port 4827 - -# TAG: log_icp_queries on|off -# If set, ICP queries are logged to access.log. You may wish -# do disable this if your ICP load is VERY high to speed things -# up or to simplify log analysis. -# -#Default: -# log_icp_queries on - -# TAG: udp_incoming_address -# udp_incoming_address is used for UDP packets received from other -# caches. -# -# The default behavior is to not bind to any specific address. -# -# Only change this if you want to have all UDP queries received on -# a specific interface/address. -# -# NOTE: udp_incoming_address is used by the ICP, HTCP, and DNS -# modules. Altering it will affect all of them in the same manner. -# -# see also; udp_outgoing_address -# -# NOTE, udp_incoming_address and udp_outgoing_address can not -# have the same value since they both use the same port. -# -#Default: -# udp_incoming_address 0.0.0.0 - -# TAG: udp_outgoing_address -# udp_outgoing_address is used for UDP packets sent out to other -# caches. -# -# The default behavior is to not bind to any specific address. -# -# Instead it will use the same socket as udp_incoming_address. -# Only change this if you want to have UDP queries sent using another -# address than where this Squid listens for UDP queries from other -# caches. -# -# NOTE: udp_outgoing_address is used by the ICP, HTCP, and DNS -# modules. Altering it will affect all of them in the same manner. -# -# see also; udp_incoming_address -# -# NOTE, udp_incoming_address and udp_outgoing_address can not -# have the same value since they both use the same port. -# -#Default: -# udp_outgoing_address 255.255.255.255 - -# TAG: icp_hit_stale on|off -# If you want to return ICP_HIT for stale cache objects, set this -# option to 'on'. If you have sibling relationships with caches -# in other administrative domains, this should be 'off'. If you only -# have sibling relationships with caches under your control, -# it is probably okay to set this to 'on'. -# If set to 'on', your siblings should use the option "allow-miss" -# on their cache_peer lines for connecting to you. -# -#Default: -# icp_hit_stale off - -# TAG: minimum_direct_hops -# If using the ICMP pinging stuff, do direct fetches for sites -# which are no more than this many hops away. -# -#Default: -# minimum_direct_hops 4 - -# TAG: minimum_direct_rtt -# If using the ICMP pinging stuff, do direct fetches for sites -# which are no more than this many rtt milliseconds away. -# -#Default: -# minimum_direct_rtt 400 - -# TAG: netdb_low -# TAG: netdb_high -# The low and high water marks for the ICMP measurement -# database. These are counts, not percents. The defaults are -# 900 and 1000. When the high water mark is reached, database -# entries will be deleted until the low mark is reached. -# -#Default: -# netdb_low 900 -# netdb_high 1000 - -# TAG: netdb_ping_period -# The minimum period for measuring a site. There will be at -# least this much delay between successive pings to the same -# network. The default is five minutes. -# -#Default: -# netdb_ping_period 5 minutes - -# TAG: query_icmp on|off -# If you want to ask your peers to include ICMP data in their ICP -# replies, enable this option. -# -# If your peer has configured Squid (during compilation) with -# '--enable-icmp' that peer will send ICMP pings to origin server -# sites of the URLs it receives. If you enable this option the -# ICP replies from that peer will include the ICMP data (if available). -# Then, when choosing a parent cache, Squid will choose the parent with -# the minimal RTT to the origin server. When this happens, the -# hierarchy field of the access.log will be -# "CLOSEST_PARENT_MISS". This option is off by default. -# -#Default: -# query_icmp off - -# TAG: test_reachability on|off -# When this is 'on', ICP MISS replies will be ICP_MISS_NOFETCH -# instead of ICP_MISS if the target host is NOT in the ICMP -# database, or has a zero RTT. -# -#Default: -# test_reachability off - -# TAG: icp_query_timeout (msec) -# Normally Squid will automatically determine an optimal ICP -# query timeout value based on the round-trip-time of recent ICP -# queries. If you want to override the value determined by -# Squid, set this 'icp_query_timeout' to a non-zero value. This -# value is specified in MILLISECONDS, so, to use a 2-second -# timeout (the old default), you would write: -# -# icp_query_timeout 2000 -# -#Default: -# icp_query_timeout 0 - -# TAG: maximum_icp_query_timeout (msec) -# Normally the ICP query timeout is determined dynamically. But -# sometimes it can lead to very large values (say 5 seconds). -# Use this option to put an upper limit on the dynamic timeout -# value. Do NOT use this option to always use a fixed (instead -# of a dynamic) timeout value. To set a fixed timeout see the -# 'icp_query_timeout' directive. -# -#Default: -# maximum_icp_query_timeout 2000 - -# TAG: minimum_icp_query_timeout (msec) -# Normally the ICP query timeout is determined dynamically. But -# sometimes it can lead to very small timeouts, even lower than -# the normal latency variance on your link due to traffic. -# Use this option to put an lower limit on the dynamic timeout -# value. Do NOT use this option to always use a fixed (instead -# of a dynamic) timeout value. To set a fixed timeout see the -# 'icp_query_timeout' directive. -# -#Default: -# minimum_icp_query_timeout 5 - -# TAG: background_ping_rate time-units -# Controls how often the ICP pings are sent to siblings that -# have background-ping set. -# -#Default: -# background_ping_rate 10 seconds - - -# MULTICAST ICP OPTIONS -# ----------------------------------------------------------------------------- - -# TAG: mcast_groups -# This tag specifies a list of multicast groups which your server -# should join to receive multicasted ICP queries. -# -# NOTE! Be very careful what you put here! Be sure you -# understand the difference between an ICP _query_ and an ICP -# _reply_. This option is to be set only if you want to RECEIVE -# multicast queries. Do NOT set this option to SEND multicast -# ICP (use cache_peer for that). ICP replies are always sent via -# unicast, so this option does not affect whether or not you will -# receive replies from multicast group members. -# -# You must be very careful to NOT use a multicast address which -# is already in use by another group of caches. -# -# If you are unsure about multicast, please read the Multicast -# chapter in the Squid FAQ (http://www.squid-cache.org/FAQ/). -# -# Usage: mcast_groups 239.128.16.128 224.0.1.20 -# -# By default, Squid doesn't listen on any multicast groups. -# -#Default: -# none - -# TAG: mcast_miss_addr -# Note: This option is only available if Squid is rebuilt with the -# -DMULTICAST_MISS_STREAM define -# -# If you enable this option, every "cache miss" URL will -# be sent out on the specified multicast address. -# -# Do not enable this option unless you are are absolutely -# certain you understand what you are doing. -# -#Default: -# mcast_miss_addr 255.255.255.255 - -# TAG: mcast_miss_ttl -# Note: This option is only available if Squid is rebuilt with the -# -DMULTICAST_MISS_STREAM define -# -# This is the time-to-live value for packets multicasted -# when multicasting off cache miss URLs is enabled. By -# default this is set to 'site scope', i.e. 16. -# -#Default: -# mcast_miss_ttl 16 - -# TAG: mcast_miss_port -# Note: This option is only available if Squid is rebuilt with the -# -DMULTICAST_MISS_STREAM define -# -# This is the port number to be used in conjunction with -# 'mcast_miss_addr'. -# -#Default: -# mcast_miss_port 3135 - -# TAG: mcast_miss_encode_key -# Note: This option is only available if Squid is rebuilt with the -# -DMULTICAST_MISS_STREAM define -# -# The URLs that are sent in the multicast miss stream are -# encrypted. This is the encryption key. -# -#Default: -# mcast_miss_encode_key XXXXXXXXXXXXXXXX - -# TAG: mcast_icp_query_timeout (msec) -# For multicast peers, Squid regularly sends out ICP "probes" to -# count how many other peers are listening on the given multicast -# address. This value specifies how long Squid should wait to -# count all the replies. The default is 2000 msec, or 2 -# seconds. -# -#Default: -# mcast_icp_query_timeout 2000 - - -# INTERNAL ICON OPTIONS -# ----------------------------------------------------------------------------- - -# TAG: icon_directory -# Where the icons are stored. These are normally kept in -# /usr/share/squid/icons -# -#Default: -# icon_directory /usr/share/squid/icons - -# TAG: global_internal_static -# This directive controls is Squid should intercept all requests for -# /squid-internal-static/ no matter which host the URL is requesting -# (default on setting), or if nothing special should be done for -# such URLs (off setting). The purpose of this directive is to make -# icons etc work better in complex cache hierarchies where it may -# not always be possible for all corners in the cache mesh to reach -# the server generating a directory listing. -# -#Default: -# global_internal_static on - -# TAG: short_icon_urls -# If this is enabled Squid will use short URLs for icons. -# If disabled it will revert to the old behavior of including -# it's own name and port in the URL. -# -# If you run a complex cache hierarchy with a mix of Squid and -# other proxies you may need to disable this directive. -# -#Default: -# short_icon_urls on - - -# ERROR PAGE OPTIONS -# ----------------------------------------------------------------------------- - -# TAG: error_directory -# Directory where the error files are read from. -# /usr/lib/squid/errors contains sets of error files -# in different languages. The default error directory -# is /etc/squid/errors, which is a link to one of these -# error sets. -# -# If you wish to create your own versions of the error files, -# either to customize them to suit your language or company, -# copy the template English files to another directory and -# point this tag at them. -# -# Current Language updates can be downloaded from: -# http://www.squid-cache.org/Versions/langpack/ -# -# The squid developers are interested in making squid available in -# a wide variety of languages. If you are making translations for a -# language that Squid does not currently provide please consider -# contributing your translation back to the project. -# see http://wiki.squid-cache.org/Translations -# -#Default: -# error_directory /usr/share/squid/errors/templates - -# TAG: err_html_text -# HTML text to include in error messages. Make this a "mailto" -# URL to your admin address, or maybe just a link to your -# organizations Web page. -# -# To include this in your error messages, you must rewrite -# the error template files (found in the "errors" directory). -# Wherever you want the 'err_html_text' line to appear, -# insert a %L tag in the error template file. -# -#Default: -# none - -# TAG: email_err_data on|off -# If enabled, information about the occurred error will be -# included in the mailto links of the ERR pages (if %W is set) -# so that the email body contains the data. -# Syntax is %w -# -#Default: -# email_err_data on - -# TAG: deny_info -# Usage: deny_info err_page_name acl -# or deny_info http://... acl -# Example: deny_info ERR_CUSTOM_ACCESS_DENIED bad_guys -# -# This can be used to return a ERR_ page for requests which -# do not pass the 'http_access' rules. Squid remembers the last -# acl it evaluated in http_access, and if a 'deny_info' line exists -# for that ACL Squid returns a corresponding error page. -# -# The acl is typically the last acl on the http_access deny line which -# denied access. The exceptions to this rule are: -# - When Squid needs to request authentication credentials. It's then -# the first authentication related acl encountered -# - When none of the http_access lines matches. It's then the last -# acl processed on the last http_access line. -# -# You may use ERR_ pages that come with Squid or create your own pages -# and put them into the configured errors/ directory. -# -# Alternatively you can specify an error URL. The browsers will -# get redirected (302) to the specified URL. %s in the redirection -# URL will be replaced by the requested URL. -# -# Alternatively you can tell Squid to reset the TCP connection -# by specifying TCP_RESET. -# -#Default: -# none - - -# OPTIONS INFLUENCING REQUEST FORWARDING -# ----------------------------------------------------------------------------- - -# TAG: nonhierarchical_direct -# By default, Squid will send any non-hierarchical requests -# (matching hierarchy_stoplist or not cacheable request type) direct -# to origin servers. -# -# If you set this to off, Squid will prefer to send these -# requests to parents. -# -# Note that in most configurations, by turning this off you will only -# add latency to these request without any improvement in global hit -# ratio. -# -# If you are inside an firewall see never_direct instead of -# this directive. -# -#Default: -# nonhierarchical_direct on - -# TAG: prefer_direct -# Normally Squid tries to use parents for most requests. If you for some -# reason like it to first try going direct and only use a parent if -# going direct fails set this to on. -# -# By combining nonhierarchical_direct off and prefer_direct on you -# can set up Squid to use a parent as a backup path if going direct -# fails. -# -# Note: If you want Squid to use parents for all requests see -# the never_direct directive. prefer_direct only modifies how Squid -# acts on cacheable requests. -# -#Default: -# prefer_direct off - -# TAG: always_direct -# Usage: always_direct allow|deny [!]aclname ... -# -# Here you can use ACL elements to specify requests which should -# ALWAYS be forwarded by Squid to the origin servers without using -# any peers. For example, to always directly forward requests for -# local servers ignoring any parents or siblings you may have use -# something like: -# -# acl local-servers dstdomain my.domain.net -# always_direct allow local-servers -# -# To always forward FTP requests directly, use -# -# acl FTP proto FTP -# always_direct allow FTP -# -# NOTE: There is a similar, but opposite option named -# 'never_direct'. You need to be aware that "always_direct deny -# foo" is NOT the same thing as "never_direct allow foo". You -# may need to use a deny rule to exclude a more-specific case of -# some other rule. Example: -# -# acl local-external dstdomain external.foo.net -# acl local-servers dstdomain .foo.net -# always_direct deny local-external -# always_direct allow local-servers -# -# NOTE: If your goal is to make the client forward the request -# directly to the origin server bypassing Squid then this needs -# to be done in the client configuration. Squid configuration -# can only tell Squid how Squid should fetch the object. -# -# NOTE: This directive is not related to caching. The replies -# is cached as usual even if you use always_direct. To not cache -# the replies see no_cache. -# -# This option replaces some v1.1 options such as local_domain -# and local_ip. -# -#Default: -# none - -# TAG: never_direct -# Usage: never_direct allow|deny [!]aclname ... -# -# never_direct is the opposite of always_direct. Please read -# the description for always_direct if you have not already. -# -# With 'never_direct' you can use ACL elements to specify -# requests which should NEVER be forwarded directly to origin -# servers. For example, to force the use of a proxy for all -# requests, except those in your local domain use something like: -# -# acl local-servers dstdomain .foo.net -# never_direct deny local-servers -# never_direct allow all -# -# or if Squid is inside a firewall and there are local intranet -# servers inside the firewall use something like: -# -# acl local-intranet dstdomain .foo.net -# acl local-external dstdomain external.foo.net -# always_direct deny local-external -# always_direct allow local-intranet -# never_direct allow all -# -# This option replaces some v1.1 options such as inside_firewall -# and firewall_ip. -# -#Default: -# none - - -# ADVANCED NETWORKING OPTIONS -# ----------------------------------------------------------------------------- - -# TAG: incoming_icp_average -# TAG: incoming_http_average -# TAG: incoming_dns_average -# TAG: min_icp_poll_cnt -# TAG: min_dns_poll_cnt -# TAG: min_http_poll_cnt -# Heavy voodoo here. I can't even believe you are reading this. -# Are you crazy? Don't even think about adjusting these unless -# you understand the algorithms in comm_select.c first! -# -#Default: -# incoming_icp_average 6 -# incoming_http_average 4 -# incoming_dns_average 4 -# min_icp_poll_cnt 8 -# min_dns_poll_cnt 8 -# min_http_poll_cnt 8 - -# TAG: accept_filter -# FreeBSD: -# -# The name of an accept(2) filter to install on Squid's -# listen socket(s). This feature is perhaps specific to -# FreeBSD and requires support in the kernel. -# -# The 'httpready' filter delays delivering new connections -# to Squid until a full HTTP request has been received. -# See the accf_http(9) man page for details. -# -# The 'dataready' filter delays delivering new connections -# to Squid until there is some data to process. -# See the accf_dataready(9) man page for details. -# -# Linux: -# -# The 'data' filter delays delivering of new connections -# to Squid until there is some data to process by TCP_ACCEPT_DEFER. -# You may optionally specify a number of seconds to wait by -# 'data=N' where N is the number of seconds. Defaults to 30 -# if not specified. See the tcp(7) man page for details. -#EXAMPLE: -## FreeBSD -#accept_filter httpready -## Linux -#accept_filter data -# -#Default: -# none - -# TAG: tcp_recv_bufsize (bytes) -# Size of receive buffer to set for TCP sockets. Probably just -# as easy to change your kernel's default. Set to zero to use -# the default buffer size. -# -#Default: -# tcp_recv_bufsize 0 bytes - - -# ICAP OPTIONS -# ----------------------------------------------------------------------------- - -# TAG: icap_enable on|off -# If you want to enable the ICAP module support, set this to on. -# -#Default: -# icap_enable off - -# TAG: icap_connect_timeout -# This parameter specifies how long to wait for the TCP connect to -# the requested ICAP server to complete before giving up and either -# terminating the HTTP transaction or bypassing the failure. -# -# The default for optional services is peer_connect_timeout. -# The default for essential services is connect_timeout. -# If this option is explicitly set, its value applies to all services. -# -#Default: -# none - -# TAG: icap_io_timeout time-units -# This parameter specifies how long to wait for an I/O activity on -# an established, active ICAP connection before giving up and -# either terminating the HTTP transaction or bypassing the -# failure. -# -# The default is read_timeout. -# -#Default: -# none - -# TAG: icap_service_failure_limit -# The limit specifies the number of failures that Squid tolerates -# when establishing a new TCP connection with an ICAP service. If -# the number of failures exceeds the limit, the ICAP service is -# not used for new ICAP requests until it is time to refresh its -# OPTIONS. The per-service failure counter is reset to zero each -# time Squid fetches new service OPTIONS. -# -# A negative value disables the limit. Without the limit, an ICAP -# service will not be considered down due to connectivity failures -# between ICAP OPTIONS requests. -# -#Default: -# icap_service_failure_limit 10 - -# TAG: icap_service_revival_delay -# The delay specifies the number of seconds to wait after an ICAP -# OPTIONS request failure before requesting the options again. The -# failed ICAP service is considered "down" until fresh OPTIONS are -# fetched. -# -# The actual delay cannot be smaller than the hardcoded minimum -# delay of 30 seconds. -# -#Default: -# icap_service_revival_delay 180 - -# TAG: icap_preview_enable on|off -# The ICAP Preview feature allows the ICAP server to handle the -# HTTP message by looking only at the beginning of the message body -# or even without receiving the body at all. In some environments, -# previews greatly speedup ICAP processing. -# -# During an ICAP OPTIONS transaction, the server may tell Squid what -# HTTP messages should be previewed and how big the preview should be. -# Squid will not use Preview if the server did not request one. -# -# To disable ICAP Preview for all ICAP services, regardless of -# individual ICAP server OPTIONS responses, set this option to "off". -#Example: -#icap_preview_enable off -# -#Default: -# icap_preview_enable on - -# TAG: icap_preview_size -# The default size of preview data to be sent to the ICAP server. -# -1 means no preview. This value might be overwritten on a per server -# basis by OPTIONS requests. -# -#Default: -# icap_preview_size -1 - -# TAG: icap_default_options_ttl -# The default TTL value for ICAP OPTIONS responses that don't have -# an Options-TTL header. -# -#Default: -# icap_default_options_ttl 60 - -# TAG: icap_persistent_connections on|off -# Whether or not Squid should use persistent connections to -# an ICAP server. -# -#Default: -# icap_persistent_connections on - -# TAG: icap_send_client_ip on|off -# This adds the header "X-Client-IP" to ICAP requests. -# -#Default: -# icap_send_client_ip off - -# TAG: icap_send_client_username on|off -# This sends authenticated HTTP client username (if available) to -# the ICAP service. The username value is encoded based on the -# icap_client_username_encode option and is sent using the header -# specified by the icap_client_username_header option. -# -#Default: -# icap_send_client_username off - -# TAG: icap_client_username_header -# ICAP request header name to use for send_client_username. -# -#Default: -# icap_client_username_header X-Client-Username - -# TAG: icap_client_username_encode on|off -# Whether to base64 encode the authenticated client username. -# -#Default: -# icap_client_username_encode off - -# TAG: icap_service -# Defines a single ICAP service -# -# icap_service servicename vectoring_point bypass service_url -# -# vectoring_point = reqmod_precache|reqmod_postcache|respmod_precache|respmod_postcache -# This specifies at which point of transaction processing the -# ICAP service should be activated. *_postcache vectoring points -# are not yet supported. -# bypass = 1|0 -# If set to 1, the ICAP service is treated as optional. If the -# service cannot be reached or malfunctions, Squid will try to -# ignore any errors and process the message as if the service -# was not enabled. No all ICAP errors can be bypassed. -# If set to 0, the ICAP service is treated as essential and all -# ICAP errors will result in an error page returned to the -# HTTP client. -# service_url = icap://servername:port/service -# -#Example: -#icap_service service_1 reqmod_precache 0 icap://icap1.mydomain.net:1344/reqmod -#icap_service service_2 respmod_precache 0 icap://icap2.mydomain.net:1344/respmod -# -#Default: -# none - -# TAG: icap_class -# Defines an ICAP service chain. Eventually, multiple services per -# vectoring point will be supported. For now, please specify a single -# service per class: -# -# icap_class classname servicename -# -#Example: -#icap_class class_1 service_1 -#icap class class_2 service_1 -#icap class class_3 service_3 -# -#Default: -# none - -# TAG: icap_access -# Redirects a request through an ICAP service class, depending -# on given acls -# -# icap_access classname allow|deny [!]aclname... -# -# The icap_access statements are processed in the order they appear in -# this configuration file. If an access list matches, the processing stops. -# For an "allow" rule, the specified class is used for the request. A "deny" -# rule simply stops processing without using the class. You can also use the -# special classname "None". -# -# For backward compatibility, it is also possible to use services -# directly here. -#Example: -#icap_access class_1 allow all -# -#Default: -# none - - -# DNS OPTIONS -# ----------------------------------------------------------------------------- - -# TAG: check_hostnames -# For security and stability reasons Squid can check -# hostnames for Internet standard RFC compliance. If you want -# Squid to perform these checks turn this directive on. -# -#Default: -# check_hostnames off - -# TAG: allow_underscore -# Underscore characters is not strictly allowed in Internet hostnames -# but nevertheless used by many sites. Set this to off if you want -# Squid to be strict about the standard. -# This check is performed only when check_hostnames is set to on. -# -#Default: -# allow_underscore on - -# TAG: cache_dns_program -# Note: This option is only available if Squid is rebuilt with the -# --disable-internal-dns option -# -# Specify the location of the executable for dnslookup process. -# -#Default: -# cache_dns_program /usr/lib64/squid/dnsserver - -# TAG: dns_children -# Note: This option is only available if Squid is rebuilt with the -# --disable-internal-dns option -# -# The number of processes spawn to service DNS name lookups. -# For heavily loaded caches on large servers, you should -# probably increase this value to at least 10. The maximum -# is 32. The default is 5. -# -# You must have at least one dnsserver process. -# -#Default: -# dns_children 5 - -# TAG: dns_retransmit_interval -# Initial retransmit interval for DNS queries. The interval is -# doubled each time all configured DNS servers have been tried. -# -# -#Default: -# dns_retransmit_interval 5 seconds - -# TAG: dns_timeout -# DNS Query timeout. If no response is received to a DNS query -# within this time all DNS servers for the queried domain -# are assumed to be unavailable. -# -#Default: -# dns_timeout 2 minutes - -# TAG: dns_defnames on|off -# Normally the RES_DEFNAMES resolver option is disabled -# (see res_init(3)). This prevents caches in a hierarchy -# from interpreting single-component hostnames locally. To allow -# Squid to handle single-component names, enable this option. -# -#Default: -# dns_defnames off - -# TAG: dns_nameservers -# Use this if you want to specify a list of DNS name servers -# (IP addresses) to use instead of those given in your -# /etc/resolv.conf file. -# On Windows platforms, if no value is specified here or in -# the /etc/resolv.conf file, the list of DNS name servers are -# taken from the Windows registry, both static and dynamic DHCP -# configurations are supported. -# -# Example: dns_nameservers 10.0.0.1 192.172.0.4 -# -#Default: -# none - -# TAG: hosts_file -# Location of the host-local IP name-address associations -# database. Most Operating Systems have such a file on different -# default locations: -# - Un*X & Linux: /etc/hosts -# - Windows NT/2000: %SystemRoot%\system32\drivers\etc\hosts -# (%SystemRoot% value install default is c:\winnt) -# - Windows XP/2003: %SystemRoot%\system32\drivers\etc\hosts -# (%SystemRoot% value install default is c:\windows) -# - Windows 9x/Me: %windir%\hosts -# (%windir% value is usually c:\windows) -# - Cygwin: /etc/hosts -# -# The file contains newline-separated definitions, in the -# form ip_address_in_dotted_form name [name ...] names are -# whitespace-separated. Lines beginning with an hash (#) -# character are comments. -# -# The file is checked at startup and upon configuration. -# If set to 'none', it won't be checked. -# If append_domain is used, that domain will be added to -# domain-local (i.e. not containing any dot character) host -# definitions. -# -#Default: -# hosts_file /etc/hosts - -# TAG: dns_testnames -# The DNS tests exit as soon as the first site is successfully looked up -# -# This test can be disabled with the -D command line option. -# -#Default: -# dns_testnames netscape.com internic.net nlanr.net microsoft.com - -# TAG: append_domain -# Appends local domain name to hostnames without any dots in -# them. append_domain must begin with a period. -# -# Be warned there are now Internet names with no dots in -# them using only top-domain names, so setting this may -# cause some Internet sites to become unavailable. -# -#Example: -# append_domain .yourdomain.com -# -#Default: -# none - -# TAG: ignore_unknown_nameservers -# By default Squid checks that DNS responses are received -# from the same IP addresses they are sent to. If they -# don't match, Squid ignores the response and writes a warning -# message to cache.log. You can allow responses from unknown -# nameservers by setting this option to 'off'. -# -#Default: -# ignore_unknown_nameservers on - -# TAG: ipcache_size (number of entries) -# TAG: ipcache_low (percent) -# TAG: ipcache_high (percent) -# The size, low-, and high-water marks for the IP cache. -# -#Default: -# ipcache_size 1024 -# ipcache_low 90 -# ipcache_high 95 - -# TAG: fqdncache_size (number of entries) -# Maximum number of FQDN cache entries. -# -#Default: -# fqdncache_size 1024 - - -# MISCELLANEOUS -# ----------------------------------------------------------------------------- - -# TAG: memory_pools on|off -# If set, Squid will keep pools of allocated (but unused) memory -# available for future use. If memory is a premium on your -# system and you believe your malloc library outperforms Squid -# routines, disable this. -# -#Default: -# memory_pools on - -# TAG: memory_pools_limit (bytes) -# Used only with memory_pools on: -# memory_pools_limit 50 MB -# -# If set to a non-zero value, Squid will keep at most the specified -# limit of allocated (but unused) memory in memory pools. All free() -# requests that exceed this limit will be handled by your malloc -# library. Squid does not pre-allocate any memory, just safe-keeps -# objects that otherwise would be free()d. Thus, it is safe to set -# memory_pools_limit to a reasonably high value even if your -# configuration will use less memory. -# -# If set to zero, Squid will keep all memory it can. That is, there -# will be no limit on the total amount of memory used for safe-keeping. -# -# To disable memory allocation optimization, do not set -# memory_pools_limit to 0. Set memory_pools to "off" instead. -# -# An overhead for maintaining memory pools is not taken into account -# when the limit is checked. This overhead is close to four bytes per -# object kept. However, pools may actually _save_ memory because of -# reduced memory thrashing in your malloc library. -# -#Default: -# memory_pools_limit 5 MB - -# TAG: forwarded_for on|off -# If set, Squid will include your system's IP address or name -# in the HTTP requests it forwards. By default it looks like -# this: -# -# X-Forwarded-For: 192.1.2.3 -# -# If you disable this, it will appear as -# -# X-Forwarded-For: unknown -# -#Default: -# forwarded_for on - -# TAG: cachemgr_passwd -# Specify passwords for cachemgr operations. -# -# Usage: cachemgr_passwd password action action ... -# -# Some valid actions are (see cache manager menu for a full list): -# 5min -# 60min -# asndb -# authenticator -# cbdata -# client_list -# comm_incoming -# config * -# counters -# delay -# digest_stats -# dns -# events -# filedescriptors -# fqdncache -# histograms -# http_headers -# info -# io -# ipcache -# mem -# menu -# netdb -# non_peers -# objects -# offline_toggle * -# pconn -# peer_select -# reconfigure * -# redirector -# refresh -# server_list -# shutdown * -# store_digest -# storedir -# utilization -# via_headers -# vm_objects -# -# * Indicates actions which will not be performed without a -# valid password, others can be performed if not listed here. -# -# To disable an action, set the password to "disable". -# To allow performing an action without a password, set the -# password to "none". -# -# Use the keyword "all" to set the same password for all actions. -# -#Example: -# cachemgr_passwd secret shutdown -# cachemgr_passwd lesssssssecret info stats/objects -# cachemgr_passwd disable all -# -#Default: -# none - -# TAG: client_db on|off -# If you want to disable collecting per-client statistics, -# turn off client_db here. -# -#Default: -# client_db on - -# TAG: refresh_all_ims on|off -# When you enable this option, squid will always check -# the origin server for an update when a client sends an -# If-Modified-Since request. Many browsers use IMS -# requests when the user requests a reload, and this -# ensures those clients receive the latest version. -# -# By default (off), squid may return a Not Modified response -# based on the age of the cached version. -# -#Default: -# refresh_all_ims off - -# TAG: reload_into_ims on|off -# When you enable this option, client no-cache or ``reload'' -# requests will be changed to If-Modified-Since requests. -# Doing this VIOLATES the HTTP standard. Enabling this -# feature could make you liable for problems which it -# causes. -# -# see also refresh_pattern for a more selective approach. -# -#Default: -# reload_into_ims off - -# TAG: maximum_single_addr_tries -# This sets the maximum number of connection attempts for a -# host that only has one address (for multiple-address hosts, -# each address is tried once). -# -# The default value is one attempt, the (not recommended) -# maximum is 255 tries. A warning message will be generated -# if it is set to a value greater than ten. -# -# Note: This is in addition to the request re-forwarding which -# takes place if Squid fails to get a satisfying response. -# -#Default: -# maximum_single_addr_tries 1 - -# TAG: retry_on_error -# If set to on Squid will automatically retry requests when -# receiving an error response. This is mainly useful if you -# are in a complex cache hierarchy to work around access -# control errors. -# -#Default: -# retry_on_error off - -# TAG: as_whois_server -# WHOIS server to query for AS numbers. NOTE: AS numbers are -# queried only when Squid starts up, not for every request. -# -#Default: -# as_whois_server whois.ra.net -# as_whois_server whois.ra.net - -# TAG: offline_mode -# Enable this option and Squid will never try to validate cached -# objects. -# -#Default: -# offline_mode off - -# TAG: uri_whitespace -# What to do with requests that have whitespace characters in the -# URI. Options: -# -# strip: The whitespace characters are stripped out of the URL. -# This is the behavior recommended by RFC2396. -# deny: The request is denied. The user receives an "Invalid -# Request" message. -# allow: The request is allowed and the URI is not changed. The -# whitespace characters remain in the URI. Note the -# whitespace is passed to redirector processes if they -# are in use. -# encode: The request is allowed and the whitespace characters are -# encoded according to RFC1738. This could be considered -# a violation of the HTTP/1.1 -# RFC because proxies are not allowed to rewrite URI's. -# chop: The request is allowed and the URI is chopped at the -# first whitespace. This might also be considered a -# violation. -# -#Default: -# uri_whitespace strip - -# TAG: coredump_dir -# By default Squid leaves core files in the directory from where -# it was started. If you set 'coredump_dir' to a directory -# that exists, Squid will chdir() to that directory at startup -# and coredump files will be left there. -# -#Default: -# coredump_dir none -# -# Leave coredumps in the first cache dir -coredump_dir /var/spool/squid - -# TAG: chroot -# Use this to have Squid do a chroot() while initializing. This -# also causes Squid to fully drop root privileges after -# initializing. This means, for example, if you use a HTTP -# port less than 1024 and try to reconfigure, you will may get an -# error saying that Squid can not open the port. -# -#Default: -# none - -# TAG: balance_on_multiple_ip -# Some load balancing servers based on round robin DNS have been -# found not to preserve user session state across requests -# to different IP addresses. -# -# By default Squid rotates IP's per request. By disabling -# this directive only connection failure triggers rotation. -# -#Default: -# balance_on_multiple_ip on - -# TAG: pipeline_prefetch -# To boost the performance of pipelined requests to closer -# match that of a non-proxied environment Squid can try to fetch -# up to two requests in parallel from a pipeline. -# -# Defaults to off for bandwidth management and access logging -# reasons. -# -#Default: -# pipeline_prefetch off - -# TAG: high_response_time_warning (msec) -# If the one-minute median response time exceeds this value, -# Squid prints a WARNING with debug level 0 to get the -# administrators attention. The value is in milliseconds. -# -#Default: -# high_response_time_warning 0 - -# TAG: high_page_fault_warning -# If the one-minute average page fault rate exceeds this -# value, Squid prints a WARNING with debug level 0 to get -# the administrators attention. The value is in page faults -# per second. -# -#Default: -# high_page_fault_warning 0 - -# TAG: high_memory_warning -# If the memory usage (as determined by mallinfo) exceeds -# this amount, Squid prints a WARNING with debug level 0 to get -# the administrators attention. -# -#Default: -# high_memory_warning 0 KB - -# TAG: sleep_after_fork (microseconds) -# When this is set to a non-zero value, the main Squid process -# sleeps the specified number of microseconds after a fork() -# system call. This sleep may help the situation where your -# system reports fork() failures due to lack of (virtual) -# memory. Note, however, if you have a lot of child -# processes, these sleep delays will add up and your -# Squid will not service requests for some amount of time -# until all the child processes have been started. -# On Windows value less then 1000 (1 milliseconds) are -# rounded to 1000. -# -#Default: -# sleep_after_fork 0 - -# TAG: windows_ipaddrchangemonitor on|off -# On Windows Squid by default will monitor IP address changes and will -# reconfigure itself after any detected event. This is very useful for -# proxies connected to internet with dial-up interfaces. -# In some cases (a Proxy server acting as VPN gateway is one) it could be -# desiderable to disable this behaviour setting this to 'off'. -# Note: after changing this, Squid service must be restarted. -# -#Default: -# windows_ipaddrchangemonitor on - diff --git a/root/etc/ssh/ssh_config b/root/etc/ssh/ssh_config deleted file mode 100644 index 296eea1..0000000 --- a/root/etc/ssh/ssh_config +++ /dev/null @@ -1,66 +0,0 @@ -# $OpenBSD: ssh_config,v 1.28 2013/09/16 11:35:43 sthen Exp $ - -# This is the ssh client system-wide configuration file. See -# ssh_config(5) for more information. This file provides defaults for -# users, and the values can be changed in per-user configuration files -# or on the command line. - -# Configuration data is parsed as follows: -# 1. command line options -# 2. user-specific file -# 3. system-wide file -# Any configuration value is only changed the first time it is set. -# Thus, host-specific definitions should be at the beginning of the -# configuration file, and defaults at the end. - -# Site-wide defaults for some commonly used options. For a comprehensive -# list of available options, their meanings and defaults, please see the -# ssh_config(5) man page. - -# Host * -# ForwardAgent no -# ForwardX11 no -# RhostsRSAAuthentication no -# RSAAuthentication yes -# PasswordAuthentication yes -# HostbasedAuthentication no -# GSSAPIAuthentication no -# GSSAPIDelegateCredentials no -# GSSAPIKeyExchange no -# GSSAPITrustDNS no -# BatchMode no -# CheckHostIP yes -# AddressFamily any -# ConnectTimeout 0 -# StrictHostKeyChecking ask -# IdentityFile ~/.ssh/identity -# IdentityFile ~/.ssh/id_rsa -# IdentityFile ~/.ssh/id_dsa -# Port 22 -# Protocol 2,1 -# Cipher 3des -# Ciphers aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc -# MACs hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160 -# EscapeChar ~ -# Tunnel no -# TunnelDevice any:any -# PermitLocalCommand no -# VisualHostKey no -# ProxyCommand ssh -q -W %h:%p gateway.example.com -# RekeyLimit 1G 1h -# -# Uncomment this if you want to use .local domain -# Host *.local -# CheckHostIP no - -Host * - GSSAPIAuthentication no -# If this option is set to yes then remote X11 clients will have full access -# to the original X11 display. As virtually no X11 client supports the untrusted -# mode correctly we set this to yes. - ForwardX11Trusted = yes -# Send locale-related environment variables - SendEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES - SendEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT - SendEnv LC_IDENTIFICATION LC_ALL LANGUAGE - SendEnv XMODIFIERS diff --git a/root/etc/ssh/sshd_config b/root/etc/ssh/sshd_config deleted file mode 100644 index b5e8160..0000000 --- a/root/etc/ssh/sshd_config +++ /dev/null @@ -1,131 +0,0 @@ -# $OpenBSD: sshd_config,v 1.75 2007/03/19 01:01:29 djm Exp $ - -# This is the sshd server system-wide configuration file. See -# sshd_config(5) for more information. - -# This sshd was compiled with PATH=/usr/local/bin:/bin:/usr/bin - -# The strategy used for options in the default sshd_config shipped with -# OpenSSH is to specify options with their default value where -# possible, but leave them commented. Uncommented options change a -# default value. - -#Port 22 -#AddressFamily any -#ListenAddress 0.0.0.0 -#ListenAddress :: - -# Disable legacy (protocol version 1) support in the server for new -# installations. In future the default will change to require explicit -# activation of protocol 1 -Protocol 2 - -# HostKey for protocol version 1 -#HostKey /etc/ssh/ssh_host_key -# HostKeys for protocol version 2 -#HostKey /etc/ssh/ssh_host_rsa_key -#HostKey /etc/ssh/ssh_host_dsa_key - -# Lifetime and size of ephemeral version 1 server key -#KeyRegenerationInterval 1h -#ServerKeyBits 768 - -# Logging -# obsoletes QuietMode and FascistLogging -#SyslogFacility AUTH -SyslogFacility AUTHPRIV -#LogLevel INFO - -# Authentication: - -#LoginGraceTime 2m -#PermitRootLogin yes -#StrictModes yes -#MaxAuthTries 6 - -#RSAAuthentication yes -#PubkeyAuthentication yes -#AuthorizedKeysFile .ssh/authorized_keys - -# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts -#RhostsRSAAuthentication no -# similar for protocol version 2 -#HostbasedAuthentication no -# Change to yes if you don't trust ~/.ssh/known_hosts for -# RhostsRSAAuthentication and HostbasedAuthentication -#IgnoreUserKnownHosts no -# Don't read the user's ~/.rhosts and ~/.shosts files -#IgnoreRhosts yes - -# To disable tunneled clear text passwords, change to no here! -#PasswordAuthentication yes -#PermitEmptyPasswords no -PasswordAuthentication yes - -# Change to no to disable s/key passwords -#ChallengeResponseAuthentication yes -ChallengeResponseAuthentication no - -# Kerberos options -#KerberosAuthentication no -#KerberosOrLocalPasswd yes -#KerberosTicketCleanup yes -#KerberosGetAFSToken no - -# GSSAPI options -#GSSAPIAuthentication no -GSSAPIAuthentication yes -#GSSAPICleanupCredentials yes -GSSAPICleanupCredentials yes - -# Set this to 'yes' to enable PAM authentication, account processing, -# and session processing. If this is enabled, PAM authentication will -# be allowed through the ChallengeResponseAuthentication and -# PasswordAuthentication. Depending on your PAM configuration, -# PAM authentication via ChallengeResponseAuthentication may bypass -# the setting of "PermitRootLogin without-password". -# If you just want the PAM account and session checks to run without -# PAM authentication, then enable this but set PasswordAuthentication -# and ChallengeResponseAuthentication to 'no'. -#UsePAM no -UsePAM yes - -# Accept locale-related environment variables -AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES -AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT -AcceptEnv LC_IDENTIFICATION LC_ALL -#AllowTcpForwarding yes -#GatewayPorts no -#X11Forwarding no -X11Forwarding yes -#X11DisplayOffset 10 -#X11UseLocalhost yes -#PrintMotd yes -#PrintLastLog yes -#TCPKeepAlive yes -#UseLogin no -#UsePrivilegeSeparation yes -#PermitUserEnvironment no -#Compression delayed -#ClientAliveInterval 0 -#ClientAliveCountMax 3 -#ShowPatchLevel no -#UseDNS yes -#PidFile /var/run/sshd.pid -#MaxStartups 10 -#PermitTunnel no - -# no default banner path -#Banner /some/path - -# override default of no subsystems -Subsystem sftp /usr/libexec/openssh/sftp-server - -# Example of overriding settings on a per-user basis -Match User anoncvs - X11Forwarding no - AllowTcpForwarding no - ForceCommand cvs server - -Match Group restricted - ForceCommand /usr/local/bin/restricted_group_command diff --git a/root/etc/sudoers b/root/etc/sudoers deleted file mode 100644 index 78572b1..0000000 --- a/root/etc/sudoers +++ /dev/null @@ -1,95 +0,0 @@ -## Sudoers allows particular users to run various commands as -## the root user, without needing the root password. -## -## Examples are provided at the bottom of the file for collections -## of related commands, which can then be delegated out to particular -## users or groups. -## -## This file must be edited with the 'visudo' command. - -## Host Aliases -## Groups of machines. You may prefer to use hostnames (perhaps using -## wildcards for entire domains) or IP addresses instead. -# Host_Alias FILESERVERS = fs1, fs2 -# Host_Alias MAILSERVERS = smtp, smtp2 - -## User Aliases -## These aren't often necessary, as you can use regular groups -## (ie, from files, LDAP, NIS, etc) in this file - just use %groupname -## rather than USERALIAS -# User_Alias ADMINS = jsmith, mikem - - -## Command Aliases -## These are groups of related commands... - -## Networking -Cmnd_Alias NETWORKING = /sbin/route, /sbin/ifconfig, /bin/ping, /sbin/dhclient, /usr/bin/net, /sbin/iptables, /usr/bin/rfcomm, /usr/bin/wvdial, /sbin/iwconfig, /sbin/mii-tool - -## Installation and management of software -Cmnd_Alias SOFTWARE = /bin/rpm, /usr/bin/up2date, /usr/bin/yum - -## Services -Cmnd_Alias SERVICES = /sbin/service, /sbin/chkconfig - -## Updating the locate database -Cmnd_Alias LOCATE = /usr/bin/updatedb - -## Storage -Cmnd_Alias STORAGE = /sbin/fdisk, /sbin/sfdisk, /sbin/parted, /sbin/partprobe, /bin/mount, /bin/umount - -## Delegating permissions -Cmnd_Alias DELEGATING = /usr/sbin/visudo, /bin/chown, /bin/chmod, /bin/chgrp - -## Processes -Cmnd_Alias PROCESSES = /bin/nice, /bin/kill, /usr/bin/kill, /usr/bin/killall - -## Drivers -Cmnd_Alias DRIVERS = /sbin/modprobe - -# Defaults specification - -# -# Disable "ssh hostname sudo ", because it will show the password in clear. -# You have to run "ssh -t hostname sudo ". -# -Defaults requiretty - -Defaults env_reset -Defaults env_keep = "COLORS DISPLAY HOSTNAME HISTSIZE INPUTRC KDEDIR LS_COLORS" -Defaults env_keep += "MAIL PS1 PS2 QTDIR USERNAME LANG LC_ADDRESS LC_CTYPE" -Defaults env_keep += "LC_COLLATE LC_IDENTIFICATION LC_MEASUREMENT LC_MESSAGES" -Defaults env_keep += "LC_MONETARY LC_NAME LC_NUMERIC LC_PAPER LC_TELEPHONE" -Defaults env_keep += "LC_TIME LC_ALL LANGUAGE LINGUAS _XKB_CHARSET XAUTHORITY" - -Defaults secure_path = /sbin:/bin:/usr/sbin:/usr/bin - -## Next comes the main part: which users can run what software on -## which machines (the sudoers file can be shared between multiple -## systems). -## Syntax: -## -## user MACHINE=COMMANDS -## -## The COMMANDS section may have other options added to it. -## -## Allow root to run any commands anywhere -root ALL=(ALL) ALL - -## Allows members of the 'sys' group to run networking, software, -## service management apps and more. -# %sys ALL = NETWORKING, SOFTWARE, SERVICES, STORAGE, DELEGATING, PROCESSES, LOCATE, DRIVERS - -## Allows people in group wheel to run all commands -%wheel ALL=(ALL) ALL - -## Same thing without a password -# %wheel ALL=(ALL) NOPASSWD: ALL - -## Allows members of the users group to mount and unmount the -## cdrom as root -# %users ALL=/sbin/mount /mnt/cdrom, /sbin/umount /mnt/cdrom - -## Allows members of the users group to shutdown this system -# %users localhost=/sbin/shutdown -h now - diff --git a/root/etc/sysconfig/anaconda b/root/etc/sysconfig/anaconda deleted file mode 100644 index 73318cf..0000000 --- a/root/etc/sysconfig/anaconda +++ /dev/null @@ -1,5 +0,0 @@ -# This file has been generated by the Anaconda Installer 21.48.22.134-1 - -[ProgressSpoke] -visited = 1 - diff --git a/root/etc/sysconfig/atd b/root/etc/sysconfig/atd deleted file mode 100644 index db44f79..0000000 --- a/root/etc/sysconfig/atd +++ /dev/null @@ -1,9 +0,0 @@ -# specify additional command line arguments for atd -# -# -l Specifies a limiting load factor, over which batch jobs should not be run, instead of the compile-time -# choice of 0.8. For an SMP system with n CPUs, you will probably want to set this higher than n-1. -# -# -b Specify the minimum interval in seconds between the start of two batch jobs (60 default). - -#example: -#OPTS="-l 4 -b 120" diff --git a/root/etc/sysconfig/authconfig b/root/etc/sysconfig/authconfig deleted file mode 100644 index 30e7c8c..0000000 --- a/root/etc/sysconfig/authconfig +++ /dev/null @@ -1,17 +0,0 @@ -USEWINBINDAUTH=no -USEHESIOD=no -USESYSNETAUTH=no -USEKERBEROS=no -FORCESMARTCARD=no -USESMBAUTH=no -USESMARTCARD=no -USELDAPAUTH=no -USELOCAUTHORIZE=no -USEWINBIND=no -USESHADOW=yes -USEDB=no -USEPASSWDQC=no -USEMD5=yes -USELDAP=no -USECRACKLIB=yes -USENIS=no diff --git a/root/etc/sysconfig/autofs b/root/etc/sysconfig/autofs deleted file mode 100644 index 2130bba..0000000 --- a/root/etc/sysconfig/autofs +++ /dev/null @@ -1,91 +0,0 @@ -# -# Define default options for autofs. -# -# MASTER_MAP_NAME - default map name for the master map. -# -#MASTER_MAP_NAME="auto.master" -# -# TIMEOUT - set the default mount timeout (default 600). -# -TIMEOUT=3600 -# -# NEGATIVE_TIMEOUT - set the default negative timeout for -# failed mount attempts (default 60). -# -#NEGATIVE_TIMEOUT=60 -# -# BROWSE_MODE - maps are browsable by default. -# -BROWSE_MODE="yes" -# -# APPEND_OPTIONS - append to global options instead of replace. -# -#APPEND_OPTIONS="yes" -# -# LOGGING - set default log level "none", "verbose" or "debug" -# -#LOGGING="none" -# -# Define base dn for map dn lookup. -# -# Define server URIs -# -# LDAP_URI - space separated list of server uris of the form -# ://[/] where can be ldap -# or ldaps. The option can be given multiple times. -# Map entries that include a server name override -# this option. -# -#LDAP_URI="" -# -# LDAP__TIMEOUT - timeout value for the synchronous API calls -# (default is LDAP library default). -# -#LDAP_TIMEOUT=-1 -# -# LDAP_NETWORK_TIMEOUT - set the network response timeout (default 8). -# -#LDAP_NETWORK_TIMEOUT=8 -# -# SEARCH_BASE - base dn to use for searching for map search dn. -# Multiple entries can be given and they are checked -# in the order they occur here. -# -#SEARCH_BASE="" -# -# Define the LDAP schema to used for lookups -# -# If no schema is set autofs will check each of the schemas -# below in the order given to try and locate an appropriate -# basdn for lookups. If you want to minimize the number of -# queries to the server set the values here. -# -#MAP_OBJECT_CLASS="nisMap" -#ENTRY_OBJECT_CLASS="nisObject" -#MAP_ATTRIBUTE="nisMapName" -#ENTRY_ATTRIBUTE="cn" -#VALUE_ATTRIBUTE="nisMapEntry" -# -# Other common LDAP nameing -# -#MAP_OBJECT_CLASS="automountMap" -#ENTRY_OBJECT_CLASS="automount" -#MAP_ATTRIBUTE="ou" -#ENTRY_ATTRIBUTE="cn" -#VALUE_ATTRIBUTE="automountInformation" -# -#MAP_OBJECT_CLASS="automountMap" -#ENTRY_OBJECT_CLASS="automount" -#MAP_ATTRIBUTE="automountMapName" -#ENTRY_ATTRIBUTE="automountKey" -#VALUE_ATTRIBUTE="automountInformation" -# -# AUTH_CONF_FILE - set the default location for the SASL -# authentication configuration file. -# -#AUTH_CONF_FILE="/etc/autofs_ldap_auth.conf" -# -# General global options -# -#OPTIONS="" -# diff --git a/root/etc/sysconfig/clock b/root/etc/sysconfig/clock deleted file mode 100644 index ed58def..0000000 --- a/root/etc/sysconfig/clock +++ /dev/null @@ -1,5 +0,0 @@ -# The ZONE parameter is only evaluated by system-config-date. -# The timezone of the system is defined by the contents of /etc/localtime. -ZONE="America/Los Angeles" -UTC=true -ARC=false diff --git a/root/etc/sysconfig/cpuspeed b/root/etc/sysconfig/cpuspeed deleted file mode 100644 index f06f89c..0000000 --- a/root/etc/sysconfig/cpuspeed +++ /dev/null @@ -1,72 +0,0 @@ -# /etc/sysconfig/cpuspeed -# -# This configuration file controls the behavior of both the -# cpuspeed daemon and various cpufreq modules. -# For the vast majority of users, there shouldn't be any need to -# alter the contents of this file at all. By and large, frequency -# scaling should Just Work(tm) with the defaults. - -### DRIVER ### -# Your CPUFreq driver module -# Note that many drivers are now built-in, rather than built as modules, -# so its usually best not to specify one. The most commonly-needed driver -# module these days is 'p4-clockmod', however, in most cases, it is not -# recommended for use. See: http://lkml.org/lkml/2006/2/25/84 -# default value: empty (try to auto-detect/use built-in) -DRIVER= - -### GOVERNOR ### -# Which scaling governor to use -# Details on scaling governors for your cpu(s) can be found in -# cpu-freq/governors.txt, part of the kernel-doc package -# NOTES: -# - The GOVERNOR parameter is only valid on centrino, powernow-k8 (amd64) -# and p4-clockmod platforms, other platforms that support frequency -# scaling always use the 'userspace' governor. -# - Using the 'userspace' governor will trigger the cpuspeed daemon to run, -# which provides said user-space frequency scaling. -# default value: empty (defaults to ondemand on centrino, powernow-k8, -# and p4-clockmod systems, userspace on others) -GOVERNOR= - -### FREQUENCIES ### -# NOTE: valid max/min frequencies for your cpu(s) can be found in -# /sys/devices/system/cpu/cpu*/cpufreq/scaling_available_frequencies -# on systems that support frequency scaling (though only after the -# appropriate drivers have been loaded via the cpuspeed initscript). -# maximum speed to scale up to -# default value: empty (use cpu reported maximum) -MAX_SPEED= -# minimum speed to scale down to -# default value: empty (use cpu reported minimum) -MIN_SPEED= - -### SCALING THRESHOLDS ### -# Busy percentage threshold over which to scale up to max frequency -# default value: empty (use governor default) -UP_THRESHOLD= -# Busy percentage threshold under which to scale frequency down -# default value: empty (use governor default) -DOWN_THRESHOLD= - -### NICE PROCESS HANDLING ### -# Let background (nice) processes speed up the cpu -# default value: 0 (background process usage can speed up cpu) -# alternate value: 1 (background processes will be ignored) -IGNORE_NICE=0 - - -##################################################### -########## HISTORICAL CPUSPEED CONFIG BITS ########## -##################################################### -VMAJOR=1 -VMINOR=1 - -# Add your favorite options here -#OPTS="$OPTS -s 0 -i 10 -r" - -# uncomment and modify this to check the state of the AC adapter -#OPTS="$OPTS -a /proc/acpi/ac_adapter/*/state" - -# uncomment and modify this to check the system temperature -#OPTS="$OPTS -t /proc/acpi/thermal_zone/*/temperature 75" diff --git a/root/etc/sysconfig/crond b/root/etc/sysconfig/crond deleted file mode 100644 index 9e5819d..0000000 --- a/root/etc/sysconfig/crond +++ /dev/null @@ -1,9 +0,0 @@ -# Settings for the CRON daemon. -# CRONDARGS= : any extra command-line startup arguments for crond -# CRON_VALIDATE_MAILRCPTS=1:a non-empty value of this variable will -# enable vixie-cron-4.1's validation of -# mail recipient names, which would then be -# restricted to contain only the chars -# from this tr(1) set : [@!:%-_.,:alnum:] -# otherwise mailing is not attempted. -CRONDARGS= diff --git a/root/etc/sysconfig/crontab b/root/etc/sysconfig/crontab deleted file mode 100644 index 8341aa9..0000000 --- a/root/etc/sysconfig/crontab +++ /dev/null @@ -1,6 +0,0 @@ -# Possible values are 1, 2, ... or nothing -# Delay is determined using the hostname and the variable (Delay) from this configuration file. -# Bigger value means shorter delay. -# This delay could be switched off, but then you can have problems with network overload -# (for example yum updates in cron.daily run on all your computers etc.) -DELAY=1 diff --git a/root/etc/sysconfig/firstboot b/root/etc/sysconfig/firstboot deleted file mode 100644 index 78ef6a0..0000000 --- a/root/etc/sysconfig/firstboot +++ /dev/null @@ -1 +0,0 @@ -RUN_FIRSTBOOT=NO diff --git a/root/etc/sysconfig/grub b/root/etc/sysconfig/grub deleted file mode 100644 index c112ffc..0000000 --- a/root/etc/sysconfig/grub +++ /dev/null @@ -1,2 +0,0 @@ -boot=/dev/sda -forcelba=0 diff --git a/root/etc/sysconfig/hsqldb b/root/etc/sysconfig/hsqldb deleted file mode 100644 index abb7d14..0000000 --- a/root/etc/sysconfig/hsqldb +++ /dev/null @@ -1,128 +0,0 @@ -# $Id: hsqldb-1.73.0-standard.cfg,v 1.1 2004/12/23 22:21:08 fnasser Exp $ - -# Sample configuration file for HSQLDB database server. -# See the "UNIX Quick Start" chapter of the Hsqldb User Guide. - -# N.b.!!!! You must place this in the right location for your type of UNIX. -# See the init script "hsqldb" to see where this must be placed and -# what it should be renamed to. - -# This file is "sourced" by a Bourne shell, so use Bourne shell syntax. - -# This file WILL NOT WORK until you set (at least) the non-commented -# variables to the appropriate values for your system. -# Life will be easier if you avoid all filepaths with spaces or any other -# funny characters. Don't ask for support if you ignore this advice. - -# Thanks to Meikel Bisping for his contributions. -- Blaine - -# JPackage hsqldb home is /var/lib/hsqldb - -HSQLDB_HOME=/var/lib/hsqldb - -# JPackage source Java config - -. /etc/java/java.conf - -JAVA_EXECUTABLE=${JAVA_HOME}/bin/java - -# Unless you copied a hsqldb.jar file from another system, this typically -# resides at $HSQLDB_HOME/lib/hsqldb.jar, where $HSQLDB_HOME is your HSQLDB -# software base directory. -HSQLDB_JAR_PATH=${HSQLDB_HOME}/lib/hsqldb.jar - -# Where the file "server.properties" (or "webserver.properties") resides. -SERVER_HOME=${HSQLDB_HOME} - -# What UNIX user the Server/WebServer process will run as. -# (The shutdown client is always run as root or the invoker of the init script). -# Runs as root by default, but you should take the time to set database file -# ownerships to another user and set that user name here. -# You do need to run as root if your Server/WebServer will run on a privileged -# (< 1024) port. -# If you really do want to run as root, comment out the HSQLDB_OWNER setting -# completely. I.e., do not set it to root. This will run Server/Webserver -# without any "su" at all. -HSQLDB_OWNER=hsqldb - -# We require all Server/WebServer instances to be accessible within -# $MAX_START_SECS from when the Server/WebServer is started. -# Defaults to 60. -# Raise this is you are running lots of DB instances or have a slow server. -#MAX_START_SECS=200 -# Ditto for this one -#SU_ECHO_SECS=1 - -# Time to allow for JVM to die after all HSQLDB instances stopped. -# Defaults to 1. -#MAX_TERMINATE_SECS=0 - -# These are "urlid" values from a SqlTool authentication file -# ** IN ADDITION TO THOSE IN YOUR server.properties OR webserver.properties ** -# file. All server.urlid.X values from your properties file will automatically -# be started/stopped/tested. $SHUTDOWN_URLIDS is for additional urlids which -# will stopped. (Therefore, most users will not set this at all). -# Separate multiple values with white space. NO OTHER SPECIAL CHARACTERS! -# Make sure to quote the entire value if it contains white space separator(s). -# Defaults to none (i.e., only urlids set in properties file will be stopped). -#SHUTDOWN_URLIDS='sa mygms' - -# SqlTool authentication file used only for shutdown. -# The default value will be sqltool.rc in root's home directory, since it is -# root who runs the init script. -# (See the SqlTool chapter of the HSQLDB User Guide if you don't understand -# this). -AUTH_FILE=${HSQLDB_HOME}/sqltool.rc - -# Set to 'WebServer' to start a HSQLDB WebServer instead of a Server. -# Defaults to 'Server'. -#TARGET_CLASS=WebServer - -# Server-side classpath IN ADDITION TO the HSQLDB_JAR_PATH set above. -# The classpath here is *earlier* than HSQLDB_JAR_PATH, to allow you -# override classes in the HSQLDB_JAR_PATH jar file. -# In particular, you will want to add classpath elements to give access of -# all of your store procedures (store procedures are documented in the -# HSQLDB User Guide in the SQL Syntax chapter. -# -# N.B.! -# If you're adding files to the classpath in order to be able to call them -# from SQL queries, you will be unable to access them unless you adjust the -# value of the system property hsqldb.method_class_names. Please see the -# comments on SERVER_JVMARGS, at the end of this file. -# SERVER_ADDL_CLASSPATH=/home/blaine/storedprocs.jar:/usr/dev/dbutil/classes - -# For TLS encryption for your Server, set these two variables. -# N.b.: If you set these, then make this file unreadable to non-root users!!!! -# See the TLS chapter of the HSQLDB User Guide, paying attention to the -# security warning(s). -# If you are running with a private server cert, then you will also need to -# set "truststore" in the your SqlTool config file (location is set by the -# AUTH_FILE variable in this file, or it must be at the default location for -# HSQLDB_OWNER). -#TLS_KEYSTORE=/path/to/jks/server.store -#TLS_PASSWORD=password - -# Any JVM args for the invocation of the JDBC client used to verify DB -# instances and to shut them down (SqlToolSprayer). -# For multiple args, put quotes around entire value. -#CLIENT_JVMARGS=-Djavax.net.debug=ssl - -# Any JVM args for the server. -# For multiple args, put quotes around entire value. -# -# N.B.! -# The default value of SERVER_JVMARGS sets the system property -# hsqldb.method_class_names to be empty. This is in order to lessen the -# security risk posed by HSQLDB allowing Java method calls in SQL statements. -# The implications of changing this value (as explained by the authors of -# HSQLDB) are as follows: -# If [it] is not set, then static methods of all available Java classes -# can be accessed as functions in HSQLDB. If the property is set, then -# only the list of semicolon separated method names becomes accessible. -# An empty property value means no class is accessible. -# Regardless of the value of hsqldb.method_class_names, methods in -# org.hsqldb.Library will be accessible. -# Before making changes to the value below, please be advised of the possible -# dangers involved in allowing SQL queries to contain Java method calls. -SERVER_JVMARGS=-Dhsqldb.method_class_names=\"\" diff --git a/root/etc/sysconfig/httpd b/root/etc/sysconfig/httpd deleted file mode 100644 index 7102c61..0000000 --- a/root/etc/sysconfig/httpd +++ /dev/null @@ -1,22 +0,0 @@ -# Configuration file for the httpd service. - -# -# The default processing model (MPM) is the process-based -# 'prefork' model. A thread-based model, 'worker', is also -# available, but does not work with some modules (such as PHP). -# The service must be stopped before changing this variable. -# -#HTTPD=/usr/sbin/httpd.worker - -# -# To pass additional options (for instance, -D definitions) to the -# httpd binary at startup, set OPTIONS here. -# -#OPTIONS= - -# -# By default, the httpd process is started in the C locale; to -# change the locale in which the server runs, the HTTPD_LANG -# variable can be set. -# -#HTTPD_LANG=C diff --git a/root/etc/sysconfig/hw-uuid b/root/etc/sysconfig/hw-uuid deleted file mode 100644 index d60c740..0000000 --- a/root/etc/sysconfig/hw-uuid +++ /dev/null @@ -1 +0,0 @@ -9a1c565e-3b93-4e74-9611-2b71b9b84a05 diff --git a/root/etc/sysconfig/hwconf b/root/etc/sysconfig/hwconf deleted file mode 100644 index 1e9f79f..0000000 --- a/root/etc/sysconfig/hwconf +++ /dev/null @@ -1,672 +0,0 @@ -- -class: OTHER -bus: PCI -detached: 0 -desc: "Intel Corporation Mobile 945GM/PM/GMS, 943/940GML and 945GT Express Memory Controller Hub" -vendorId: 8086 -deviceId: 27a0 -subVendorId: 17aa -subDeviceId: 2017 -pciType: 1 -pcidom: 0 -pcibus: 0 -pcidev: 0 -pcifn: 0 -- -class: OTHER -bus: PCI -detached: 0 -driver: shpchp -desc: "Intel Corporation 82801G (ICH7 Family) PCI Express Port 1" -vendorId: 8086 -deviceId: 27d0 -subVendorId: 0000 -subDeviceId: 0000 -pciType: 1 -pcidom: 0 -pcibus: 0 -pcidev: 1c -pcifn: 0 -- -class: OTHER -bus: PCI -detached: 0 -driver: shpchp -desc: "Intel Corporation 82801G (ICH7 Family) PCI Express Port 2" -vendorId: 8086 -deviceId: 27d2 -subVendorId: 0000 -subDeviceId: 0000 -pciType: 1 -pcidom: 0 -pcibus: 0 -pcidev: 1c -pcifn: 1 -- -class: OTHER -bus: PCI -detached: 0 -driver: shpchp -desc: "Intel Corporation 82801G (ICH7 Family) PCI Express Port 3" -vendorId: 8086 -deviceId: 27d4 -subVendorId: 0000 -subDeviceId: 0000 -pciType: 1 -pcidom: 0 -pcibus: 0 -pcidev: 1c -pcifn: 2 -- -class: OTHER -bus: PCI -detached: 0 -driver: shpchp -desc: "Intel Corporation 82801G (ICH7 Family) PCI Express Port 4" -vendorId: 8086 -deviceId: 27d6 -subVendorId: 0000 -subDeviceId: 0000 -pciType: 1 -pcidom: 0 -pcibus: 0 -pcidev: 1c -pcifn: 3 -- -class: OTHER -bus: PCI -detached: 0 -desc: "Intel Corporation 82801 Mobile PCI Bridge" -vendorId: 8086 -deviceId: 2448 -subVendorId: 0000 -subDeviceId: 0000 -pciType: 1 -pcidom: 0 -pcibus: 0 -pcidev: 1e -pcifn: 0 -- -class: OTHER -bus: PCI -detached: 0 -driver: intel-rng -desc: "Intel Corporation 82801GBM (ICH7-M) LPC Interface Bridge" -vendorId: 8086 -deviceId: 27b9 -subVendorId: 17aa -subDeviceId: 2009 -pciType: 1 -pcidom: 0 -pcibus: 0 -pcidev: 1f -pcifn: 0 -- -class: OTHER -bus: PCI -detached: 0 -driver: i2c-i801 -desc: "Intel Corporation 82801G (ICH7 Family) SMBus Controller" -vendorId: 8086 -deviceId: 27da -subVendorId: 17aa -subDeviceId: 200f -pciType: 1 -pcidom: 0 -pcibus: 0 -pcidev: 1f -pcifn: 3 -- -class: OTHER -bus: ISAPNP -detached: 0 -desc: "ATM1200" -deviceId: ATM1200 -compat: PNP0c31 -- -class: OTHER -bus: USB -detached: 0 -driver: hci_usb -desc: "Broadcom Corp BCM2045B" -usbclass: 254 -usbsubclass: 1 -usbprotocol: 0 -usbbus: 5 -usblevel: 1 -usbport: 0 -usbdev: 2 -vendorId: 0a5c -deviceId: 2110 -usbmfr: Broadcom Corp -usbprod: BCM2045B -- -class: OTHER -bus: USB -detached: 0 -driver: hci_usb -desc: "Broadcom Corp BCM2045B" -usbclass: 255 -usbsubclass: 255 -usbprotocol: 255 -usbbus: 5 -usblevel: 1 -usbport: 0 -usbdev: 2 -vendorId: 0a5c -deviceId: 2110 -usbmfr: Broadcom Corp -usbprod: BCM2045B -- -class: OTHER -bus: USB -detached: 0 -driver: hci_usb -desc: "Broadcom Corp BCM2045B" -usbclass: 224 -usbsubclass: 1 -usbprotocol: 1 -usbbus: 5 -usblevel: 1 -usbport: 0 -usbdev: 2 -vendorId: 0a5c -deviceId: 2110 -usbmfr: Broadcom Corp -usbprod: BCM2045B -- -class: OTHER -bus: ISAPNP -detached: 0 -desc: "IBM0057" -deviceId: IBM0057 -compat: PNP0f13 -- -class: OTHER -bus: ISAPNP -detached: 0 -driver: nsc-ircc -desc: "IBM0071" -deviceId: IBM0071 -compat: PNP0511 -- -class: OTHER -bus: PSAUX -detached: 0 -desc: "Lid Switch" -- -class: OTHER -bus: USB -detached: 0 -desc: "Linux 2.6.24.4-64.fc8 ehci_hcd EHCI Host Controller" -usbclass: 9 -usbsubclass: 0 -usbprotocol: 0 -usbbus: 1 -usblevel: 0 -usbport: 0 -usbdev: 1 -vendorId: 0000 -deviceId: 0000 -usbmfr: Linux 2.6.24.4-64.fc8 ehci_hcd -usbprod: EHCI Host Controller -- -class: OTHER -bus: USB -detached: 0 -desc: "Linux 2.6.24.4-64.fc8 uhci_hcd UHCI Host Controller" -usbclass: 9 -usbsubclass: 0 -usbprotocol: 0 -usbbus: 5 -usblevel: 0 -usbport: 0 -usbdev: 1 -vendorId: 0000 -deviceId: 0000 -usbmfr: Linux 2.6.24.4-64.fc8 uhci_hcd -usbprod: UHCI Host Controller -- -class: OTHER -bus: USB -detached: 0 -desc: "Linux 2.6.24.4-64.fc8 uhci_hcd UHCI Host Controller" -usbclass: 9 -usbsubclass: 0 -usbprotocol: 0 -usbbus: 4 -usblevel: 0 -usbport: 0 -usbdev: 1 -vendorId: 0000 -deviceId: 0000 -usbmfr: Linux 2.6.24.4-64.fc8 uhci_hcd -usbprod: UHCI Host Controller -- -class: OTHER -bus: USB -detached: 0 -desc: "Linux 2.6.24.4-64.fc8 uhci_hcd UHCI Host Controller" -usbclass: 9 -usbsubclass: 0 -usbprotocol: 0 -usbbus: 3 -usblevel: 0 -usbport: 0 -usbdev: 1 -vendorId: 0000 -deviceId: 0000 -usbmfr: Linux 2.6.24.4-64.fc8 uhci_hcd -usbprod: UHCI Host Controller -- -class: OTHER -bus: USB -detached: 0 -desc: "Linux 2.6.24.4-64.fc8 uhci_hcd UHCI Host Controller" -usbclass: 9 -usbsubclass: 0 -usbprotocol: 0 -usbbus: 2 -usblevel: 0 -usbport: 0 -usbdev: 1 -vendorId: 0000 -deviceId: 0000 -usbmfr: Linux 2.6.24.4-64.fc8 uhci_hcd -usbprod: UHCI Host Controller -- -class: OTHER -bus: PSAUX -detached: 0 -driver: pcspkr -desc: "PC Speaker" -- -class: OTHER -bus: ISAPNP -detached: 0 -desc: "PNP0103" -deviceId: PNP0103 -- -class: OTHER -bus: ISAPNP -detached: 0 -desc: "PNP0200" -deviceId: PNP0200 -- -class: OTHER -bus: ISAPNP -detached: 0 -desc: "PNP0303" -deviceId: PNP0303 -- -class: OTHER -bus: ISAPNP -detached: 0 -desc: "PNP0800" -deviceId: PNP0800 -- -class: OTHER -bus: ISAPNP -detached: 0 -desc: "PNP0a08" -deviceId: PNP0a08 -compat: PNP0a03 -- -class: OTHER -bus: ISAPNP -detached: 0 -desc: "PNP0b00" -deviceId: PNP0b00 -- -class: OTHER -bus: ISAPNP -detached: 0 -desc: "PNP0c01" -deviceId: PNP0c01 -- -class: OTHER -bus: ISAPNP -detached: 0 -desc: "PNP0c02" -deviceId: PNP0c02 -- -class: OTHER -bus: ISAPNP -detached: 0 -desc: "PNP0c04" -deviceId: PNP0c04 -- -class: OTHER -bus: PSAUX -detached: 0 -desc: "Power Button (FF)" -- -class: OTHER -bus: USB -detached: 0 -desc: "STMicroelectronics Biometric Coprocessor" -usbclass: 255 -usbsubclass: 0 -usbprotocol: 0 -usbbus: 5 -usblevel: 1 -usbport: 1 -usbdev: 3 -vendorId: 0483 -deviceId: 2016 -usbmfr: STMicroelectronics -usbprod: Biometric Coprocessor -- -class: OTHER -bus: PSAUX -detached: 0 -desc: "Sleep Button (CM)" -- -class: OTHER -bus: PSAUX -detached: 0 -desc: "TPPS/2 IBM TrackPoint" -- -class: OTHER -bus: USB -detached: 0 -desc: "Unknown USB device 0x451:0x2046" -usbclass: 9 -usbsubclass: 0 -usbprotocol: 0 -usbbus: 1 -usblevel: 2 -usbport: 0 -usbdev: 5 -vendorId: 0451 -deviceId: 2046 -- -class: OTHER -bus: PSAUX -detached: 0 -desc: "Video Bus" -- -class: OTHER -bus: PSAUX -detached: 0 -desc: "Video Bus" -- -class: NETWORK -bus: PCI -detached: 0 -device: eth0 -driver: e1000 -desc: "Intel Corporation 82573L Gigabit Ethernet Controller" -network.hwaddr: 00:15:58:81:5b:0e -vendorId: 8086 -deviceId: 109a -subVendorId: 17aa -subDeviceId: 2001 -pciType: 1 -pcidom: 0 -pcibus: 2 -pcidev: 0 -pcifn: 0 -- -class: NETWORK -bus: PCI -detached: 0 -device: wlan0 -driver: iwl3945 -desc: "Intel Corporation PRO/Wireless 3945ABG Network Connection" -network.hwaddr: 00:19:d2:9f:88:96 -vendorId: 8086 -deviceId: 4227 -subVendorId: 8086 -subDeviceId: 1010 -pciType: 1 -pcidom: 0 -pcibus: 3 -pcidev: 0 -pcifn: 0 -- -class: MOUSE -bus: USB -detached: 0 -device: input/mice -driver: genericwheelusb -desc: "ATEN 4 Port USB KVM B V1.80" -usbclass: 3 -usbsubclass: 1 -usbprotocol: 2 -usbbus: 1 -usblevel: 3 -usbport: 0 -usbdev: 6 -vendorId: 0557 -deviceId: 2205 -usbmfr: ATEN -usbprod: 4 Port USB KVM B V1.80 -- -class: MOUSE -bus: PSAUX -detached: 0 -device: input/mice -driver: generic3ps/2 -desc: "Macintosh mouse button emulation" -- -class: MOUSE -bus: PSAUX -detached: 0 -device: input/mice -driver: synaptics -desc: "SynPS/2 Synaptics TouchPad" -- -class: MOUSE -bus: PSAUX -detached: 0 -device: input/mice -driver: generic3ps/2 -desc: "ThinkPad Extra Buttons" -- -class: AUDIO -bus: PCI -detached: 0 -driver: snd-hda-intel -desc: "Intel Corporation 82801G (ICH7 Family) High Definition Audio Controller" -vendorId: 8086 -deviceId: 27d8 -subVendorId: 17aa -subDeviceId: 2010 -pciType: 1 -pcidom: 0 -pcibus: 0 -pcidev: 1b -pcifn: 0 -- -class: CDROM -bus: SCSI -detached: 0 -device: scd0 -desc: "MATSHITA DVD-RAM UJ-842" -host: 4 -id: 0 -channel: 0 -lun: 0 -- -class: VIDEO -bus: PCI -detached: 0 -driver: intelfb -desc: "Intel Corporation Mobile 945GM/GMS, 943/940GML Express Integrated Graphics Controller" -video.xdriver: intel -vendorId: 8086 -deviceId: 27a2 -subVendorId: 17aa -subDeviceId: 201a -pciType: 1 -pcidom: 0 -pcibus: 0 -pcidev: 2 -pcifn: 0 -- -class: VIDEO -bus: PCI -detached: 0 -desc: "Intel Corporation Mobile 945GM/GMS/GME, 943/940GML Express Integrated Graphics Controller" -vendorId: 8086 -deviceId: 27a6 -subVendorId: 17aa -subDeviceId: 201a -pciType: 1 -pcidom: 0 -pcibus: 0 -pcidev: 2 -pcifn: 1 -- -class: HD -bus: SCSI -detached: 0 -device: sda -desc: "ATA HTS721010G9SA00" -host: 0 -id: 0 -channel: 0 -lun: 0 -- -class: KEYBOARD -bus: PSAUX -detached: 0 -desc: "AT Translated Set 2 keyboard" -- -class: KEYBOARD -bus: USB -detached: 0 -driver: keybdev -desc: "ATEN 4 Port USB KVM B V1.80" -usbclass: 3 -usbsubclass: 1 -usbprotocol: 1 -usbbus: 1 -usblevel: 3 -usbport: 0 -usbdev: 6 -vendorId: 0557 -deviceId: 2205 -usbmfr: ATEN -usbprod: 4 Port USB KVM B V1.80 -- -class: USB -bus: PCI -detached: 0 -driver: uhci-hcd -desc: "Intel Corporation 82801G (ICH7 Family) USB UHCI Controller #1" -vendorId: 8086 -deviceId: 27c8 -subVendorId: 17aa -subDeviceId: 200a -pciType: 1 -pcidom: 0 -pcibus: 0 -pcidev: 1d -pcifn: 0 -- -class: USB -bus: PCI -detached: 0 -driver: uhci-hcd -desc: "Intel Corporation 82801G (ICH7 Family) USB UHCI Controller #2" -vendorId: 8086 -deviceId: 27c9 -subVendorId: 17aa -subDeviceId: 200a -pciType: 1 -pcidom: 0 -pcibus: 0 -pcidev: 1d -pcifn: 1 -- -class: USB -bus: PCI -detached: 0 -driver: uhci-hcd -desc: "Intel Corporation 82801G (ICH7 Family) USB UHCI Controller #3" -vendorId: 8086 -deviceId: 27ca -subVendorId: 17aa -subDeviceId: 200a -pciType: 1 -pcidom: 0 -pcibus: 0 -pcidev: 1d -pcifn: 2 -- -class: USB -bus: PCI -detached: 0 -driver: uhci-hcd -desc: "Intel Corporation 82801G (ICH7 Family) USB UHCI Controller #4" -vendorId: 8086 -deviceId: 27cb -subVendorId: 17aa -subDeviceId: 200a -pciType: 1 -pcidom: 0 -pcibus: 0 -pcidev: 1d -pcifn: 3 -- -class: USB -bus: PCI -detached: 0 -driver: ehci-hcd -desc: "Intel Corporation 82801G (ICH7 Family) USB2 EHCI Controller" -vendorId: 8086 -deviceId: 27cc -subVendorId: 17aa -subDeviceId: 200b -pciType: 1 -pcidom: 0 -pcibus: 0 -pcidev: 1d -pcifn: 7 -- -class: SOCKET -bus: PCI -detached: 0 -driver: yenta_socket -desc: "Texas Instruments PCI1510 PC card Cardbus Controller" -vendorId: 104c -deviceId: ac56 -subVendorId: 17aa -subDeviceId: 2012 -pciType: 1 -pcidom: 0 -pcibus: 15 -pcidev: 0 -pcifn: 0 -- -class: IDE -bus: PCI -detached: 0 -driver: ata_piix -desc: "Intel Corporation 82801G (ICH7 Family) IDE Controller" -vendorId: 8086 -deviceId: 27df -subVendorId: 17aa -subDeviceId: 200c -pciType: 1 -pcidom: 0 -pcibus: 0 -pcidev: 1f -pcifn: 1 -- -class: SATA -bus: PCI -detached: 0 -driver: ahci -desc: "Intel Corporation 82801GBM/GHM (ICH7 Family) SATA AHCI Controller" -vendorId: 8086 -deviceId: 27c5 -subVendorId: 17aa -subDeviceId: 200d -pciType: 1 -pcidom: 0 -pcibus: 0 -pcidev: 1f -pcifn: 2 diff --git a/root/etc/sysconfig/i18n b/root/etc/sysconfig/i18n deleted file mode 100644 index 9dcb0b1..0000000 --- a/root/etc/sysconfig/i18n +++ /dev/null @@ -1,2 +0,0 @@ -LANG="en_US.UTF-8" -SYSFONT="latarcyrheb-sun16" diff --git a/root/etc/sysconfig/init b/root/etc/sysconfig/init deleted file mode 100644 index 117b6bc..0000000 --- a/root/etc/sysconfig/init +++ /dev/null @@ -1,25 +0,0 @@ -# color => new RH6.0 bootup -# verbose => old-style bootup -# anything else => new style bootup without ANSI colors or positioning -BOOTUP=color -# Turn on graphical boot -GRAPHICAL=yes -# column to start "[ OK ]" label in -RES_COL=60 -# terminal sequence to move to that column. You could change this -# to something like "tput hpa ${RES_COL}" if your terminal supports it -MOVE_TO_COL="echo -en \\033[${RES_COL}G" -# terminal sequence to set color to a 'success' color (currently: green) -SETCOLOR_SUCCESS="echo -en \\033[0;32m" -# terminal sequence to set color to a 'failure' color (currently: red) -SETCOLOR_FAILURE="echo -en \\033[0;31m" -# terminal sequence to set color to a 'warning' color (currently: yellow) -SETCOLOR_WARNING="echo -en \\033[0;33m" -# terminal sequence to reset to the default color. -SETCOLOR_NORMAL="echo -en \\033[0;39m" -# default kernel loglevel on boot (syslog will reset this) -LOGLEVEL=3 -# Set to anything other than 'no' to allow hotkey interactive startup... -PROMPT=yes -# Set to 'yes' to allow probing for devices with swap signatures -AUTOSWAP=no diff --git a/root/etc/sysconfig/iptables b/root/etc/sysconfig/iptables deleted file mode 100644 index 3c39d45..0000000 --- a/root/etc/sysconfig/iptables +++ /dev/null @@ -1,48 +0,0 @@ -# Firewall configuration written by system-config-firewall -# Manual customization of this file is not recommended. -*filter -:INPUT ACCEPT [0:0] -:FORWARD ACCEPT [0:0] -:OUTPUT ACCEPT [0:0] -:RH-Firewall-1-INPUT - [0:0] --A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT --A INPUT -p icmp -j ACCEPT --A INPUT -i lo -j ACCEPT --A INPUT -m state --state NEW -m tcp -p tcp --dport 53 -j ACCEPT --A INPUT -m state --state NEW -m udp -p udp --dport 53 -j ACCEPT --A INPUT -p ah -j ACCEPT --A INPUT -p esp -j ACCEPT --A INPUT -m state --state NEW -m udp -p udp --dport 5353 -d 224.0.0.251 -j ACCEPT --A INPUT -m state --state NEW -m tcp -p tcp --dport 631 -j ACCEPT --A INPUT -m state --state NEW -m udp -p udp --dport 631 -j ACCEPT --A INPUT -m state --state NEW -m tcp -p tcp --dport 2049 -j ACCEPT --A INPUT -m state --state NEW -m udp -p udp --dport 2049 -j ACCEPT --A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT --A INPUT -m state --state NEW -m tcp -p tcp --dport 111 -j ACCEPT --A INPUT -m state --state NEW -m udp -p udp --dport 111 -j ACCEPT --A INPUT -m state --state NEW -m tcp -p tcp --dport 2020 -j ACCEPT --A INPUT -m state --state NEW -m tcp -p tcp --dport 2049 -j ACCEPT --A INPUT -m state --state NEW -m udp -p udp --dport 2049 -j ACCEPT --A INPUT -m state --state NEW -m tcp -p tcp --dport 32769 -j ACCEPT --A INPUT -m state --state NEW -m tcp -p tcp --dport 32803 -j ACCEPT --A INPUT -m state --state NEW -m tcp -p tcp --dport 5900 -j ACCEPT --A INPUT -m state --state NEW -m udp -p udp --dport 5900 -j ACCEPT --A INPUT -m state --state NEW -m tcp -p tcp --dport 5901 -j ACCEPT --A INPUT -m state --state NEW -m udp -p udp --dport 5901 -j ACCEPT --A INPUT -m state --state NEW -m tcp -p tcp --dport 662 -j ACCEPT --A INPUT -m state --state NEW -m tcp -p tcp --dport 892 -j ACCEPT --A INPUT -m state --state NEW -m udp -p udp --dport 892 -j ACCEPT --A INPUT --tcp-flags SYN,RST,ACK,FIN SYN -j ACCEPT --I FORWARD -m physdev --physdev-is-bridged -j ACCEPT --A INPUT -j REJECT --reject-with icmp-host-prohibited --A FORWARD -j REJECT --reject-with icmp-host-prohibited --A INPUT -j RH-Firewall-1-INPUT --A FORWARD -j RH-Firewall-1-INPUT --A RH-Firewall-1-INPUT -i lo -j ACCEPT --A RH-Firewall-1-INPUT -p icmp --icmp-type any -j ACCEPT --A RH-Firewall-1-INPUT -p 50 -j ACCEPT --A RH-Firewall-1-INPUT -p 51 -j ACCEPT --A RH-Firewall-1-INPUT -p udp --dport 5353 -d 224.0.0.251 -j ACCEPT --A RH-Firewall-1-INPUT -p udp -m udp --dport 631 -j ACCEPT --A RH-Firewall-1-INPUT -p tcp -m tcp --dport 631 -j ACCEPT -COMMIT diff --git a/root/etc/sysconfig/iptables-config b/root/etc/sysconfig/iptables-config deleted file mode 100644 index 6402740..0000000 --- a/root/etc/sysconfig/iptables-config +++ /dev/null @@ -1,48 +0,0 @@ -# Load additional iptables modules (nat helpers) -# Default: -none- -# Space separated list of nat helpers (e.g. 'ip_nat_ftp ip_nat_irc'), which -# are loaded after the firewall rules are applied. Options for the helpers are -# stored in /etc/modprobe.conf. -IPTABLES_MODULES="ip_conntrack_netbios_ns" - -# Unload modules on restart and stop -# Value: yes|no, default: yes -# This option has to be 'yes' to get to a sane state for a firewall -# restart or stop. Only set to 'no' if there are problems unloading netfilter -# modules. -IPTABLES_MODULES_UNLOAD="yes" - -# Save current firewall rules on stop. -# Value: yes|no, default: no -# Saves all firewall rules to /etc/sysconfig/iptables if firewall gets stopped -# (e.g. on system shutdown). -IPTABLES_SAVE_ON_STOP="no" - -# Save current firewall rules on restart. -# Value: yes|no, default: no -# Saves all firewall rules to /etc/sysconfig/iptables if firewall gets -# restarted. -IPTABLES_SAVE_ON_RESTART="no" - -# Save (and restore) rule and chain counter. -# Value: yes|no, default: no -# Save counters for rules and chains to /etc/sysconfig/iptables if -# 'service iptables save' is called or on stop or restart if SAVE_ON_STOP or -# SAVE_ON_RESTART is enabled. -IPTABLES_SAVE_COUNTER="no" - -# Numeric status output -# Value: yes|no, default: yes -# Print IP addresses and port numbers in numeric format in the status output. -IPTABLES_STATUS_NUMERIC="yes" - -# Verbose status output -# Value: yes|no, default: yes -# Print info about the number of packets and bytes plus the "input-" and -# "outputdevice" in the status output. -IPTABLES_STATUS_VERBOSE="no" - -# Status output with numbered lines -# Value: yes|no, default: yes -# Print a counter/number for every rule in the status output. -IPTABLES_STATUS_LINENUMBERS="yes" diff --git a/root/etc/sysconfig/irda b/root/etc/sysconfig/irda deleted file mode 100644 index 7776c3b..0000000 --- a/root/etc/sysconfig/irda +++ /dev/null @@ -1,4 +0,0 @@ -IRDA=yes -DEVICE=/dev/ttyS2 -#DONGLE=actisys+ -DISCOVERY=yes diff --git a/root/etc/sysconfig/irqbalance b/root/etc/sysconfig/irqbalance deleted file mode 100644 index 0ff3939..0000000 --- a/root/etc/sysconfig/irqbalance +++ /dev/null @@ -1,18 +0,0 @@ -# irqbalance is a daemon process that distributes interrupts across -# CPUS on SMP systems. The default is to rebalance once every 10 -# seconds. There is one configuration option: -# -# ONESHOT=yes -# after starting, wait for a minute, then look at the interrupt -# load and balance it once; after balancing exit and do not change -# it again. -ONESHOT= - -# -# IRQ_AFFINITY_MASK -# 64 bit bitmask which allows you to indicate which cpu's should -# be skipped when reblancing irqs. Cpu numbers which have their -# corresponding bits set to zero in this mask will not have any -# irq's assigned to them on rebalance -# -#IRQ_AFFINITY_MASK= diff --git a/root/etc/sysconfig/kdump b/root/etc/sysconfig/kdump deleted file mode 100644 index 34b5f16..0000000 --- a/root/etc/sysconfig/kdump +++ /dev/null @@ -1,32 +0,0 @@ -# Kernel Version string for the -kdump kernel, such as 2.6.13-1544.FC5kdump -# If no version is specified, then the init script will try to find a -# kdump kernel with the same version number as the running kernel. -KDUMP_KERNELVER="" - -# The kdump commandline is the command line that needs to be passed off to -# the kdump kernel. This will likely match the contents of the grub kernel -# line. For example: -# KDUMP_COMMANDLINE="ro root=LABEL=/" -# If a command line is not specified, the default will be taken from -# /proc/cmdline -KDUMP_COMMANDLINE="" - -# This variable lets us append arguments to the current kdump commandline -# As taken from either KDUMP_COMMANDLINE above, or from /proc/cmdline -KDUMP_COMMANDLINE_APPEND="irqpoll maxcpus=1" - -# Any additional kexec arguments required. In most situations, this should -# be left empty -# -# Example: -# KEXEC_ARGS="--elf32-core-headers" -KEXEC_ARGS=" --args-linux" - -#Where to find the boot image -KDUMP_BOOTDIR="/boot" - -#What is the image type used for kdump -KDUMP_IMG="vmlinuz" - -#What is the images extension. Relocatable kernels don't have one -KDUMP_IMG_EXT="" diff --git a/root/etc/sysconfig/kernel b/root/etc/sysconfig/kernel deleted file mode 100644 index 77448aa..0000000 --- a/root/etc/sysconfig/kernel +++ /dev/null @@ -1,6 +0,0 @@ -# UPDATEDEFAULT specifies if new-kernel-pkg should make -# new kernels the default -UPDATEDEFAULT=yes - -# DEFAULTKERNEL specifies the default kernel package type -DEFAULTKERNEL=kernel-xen diff --git a/root/etc/sysconfig/keyboard b/root/etc/sysconfig/keyboard deleted file mode 100644 index 970189b..0000000 --- a/root/etc/sysconfig/keyboard +++ /dev/null @@ -1,2 +0,0 @@ -KEYBOARDTYPE="pc" -KEYTABLE="us" diff --git a/root/etc/sysconfig/kudzu b/root/etc/sysconfig/kudzu deleted file mode 100644 index 6156022..0000000 --- a/root/etc/sysconfig/kudzu +++ /dev/null @@ -1,6 +0,0 @@ -# Set to anything other than 'no' to force a 'safe' probe on startup. -# 'safe' probe disables: -# - serial port probing -# - DDC monitor probing -# - PS/2 probing -SAFE=no diff --git a/root/etc/sysconfig/libvirtd b/root/etc/sysconfig/libvirtd deleted file mode 100644 index fe4596a..0000000 --- a/root/etc/sysconfig/libvirtd +++ /dev/null @@ -1,9 +0,0 @@ -# Override the default config file -#LIBVIRTD_CONFIG=/etc/libvirt/libvirtd.conf - -# Listen for TCP/IP connections -# NB. must setup TLS/SSL keys prior to using this -#LIBVIRTD_ARGS="--listen" - -# Override Kerberos service keytab for SASL/GSSAPI -#KRB5_KTNAME=/etc/libvirt/krb5.tab diff --git a/root/etc/sysconfig/lircd b/root/etc/sysconfig/lircd deleted file mode 100644 index 749be17..0000000 --- a/root/etc/sysconfig/lircd +++ /dev/null @@ -1,2 +0,0 @@ -# Options to lircd -LIRCD_OPTIONS= diff --git a/root/etc/sysconfig/lm_sensors b/root/etc/sysconfig/lm_sensors deleted file mode 100644 index c1b5809..0000000 --- a/root/etc/sysconfig/lm_sensors +++ /dev/null @@ -1,2 +0,0 @@ -# /etc/sysconfig/sensors - Defines modules loaded by /etc/rc.d/init.d/lm_sensors -# Run sensors-detect to generate this config file diff --git a/root/etc/sysconfig/nasd b/root/etc/sysconfig/nasd deleted file mode 100644 index 240fab1..0000000 --- a/root/etc/sysconfig/nasd +++ /dev/null @@ -1,10 +0,0 @@ -# Options to nasd -# See nasd(1) for more details -# -aa allow any client to connect -# -local allow local clients only -# -b detach and run in background -# -v enable verbose messages -# -d enable debug messages at level -# -pn partial networking enabled -# -nopn partial networking disabled [default] -NASD_OPTIONS="-b -local" diff --git a/root/etc/sysconfig/netconsole b/root/etc/sysconfig/netconsole deleted file mode 100644 index 7b9d96e..0000000 --- a/root/etc/sysconfig/netconsole +++ /dev/null @@ -1,20 +0,0 @@ -# This is the configuration file for the netconsole service. By starting -# this service you allow a remote syslog daemon to record console output -# from this system. - -# The local port number that the netconsole module will use -# LOCALPORT=6666 - -# The ethernet device to send console messages out of (only set this if it -# can't be automatically determined) -# DEV= - -# The IP address of the remote syslog server to send messages to -# SYSLOGADDR= - -# The listening port of the remote syslog daemon -# SYSLOGPORT=514 - -# The MAC address of the remote syslog server (only set this if it can't -# be automatically determined) -# SYSLOGMACADDR= diff --git a/root/etc/sysconfig/netdump_id_dsa.pub b/root/etc/sysconfig/netdump_id_dsa.pub deleted file mode 100644 index 70ec26b..0000000 --- a/root/etc/sysconfig/netdump_id_dsa.pub +++ /dev/null @@ -1 +0,0 @@ -ssh-dss AAAAB3NzaC1kc3MAAACBAN4hXeRHrCzo+hdWYlXNK17bVODegv1x4HxDbrCZK92tRxHBsYFng1+oWTZs607LQ/dfcLxFRfPREuKLXiWFY6bDdJDfB5V5HzCBFCH+o5NQ48y8IcIpGic/5+cqWyY6pcxnwfzEQHtdLEeo93lRMzpMsFsbkST3qpBe8QJM3/gtAAAAFQDWWFFtL9NeP0zjhJv6FNDNfZ75CwAAAIAJansjnrRm3FKDxeFf6FuiBvioa4UJszeaSfoGpd6ugScfOyM/u1r08xPgn9ud5/kwRPxV56HWkqgxJQ0dChIMij3HiraZmyg5AY9i85ZW1ZUOEgMRDmWRTOMHK++u9Dmh1d1FtugrUeP6e4wP9nC2y/r+3qhsPTrqBUTXZikkFgAAAIA8Oue6cIFNZSzQRB4UM6hLwxfXAgWBHzoa7UxF7Zh6H65xnKswpIIcQHX77RFK0oF5Y4ks0Fjy5GLTlAGbSy2IcH9ecugRK6+bnEzO09NNO+yXzh/xahCX3ubOmdoFNm4dwdlQy7n3NgFqI99tHIvY/B1MCs7XkMKV4s6yzLVS4Q== root@localhost.localdomain diff --git a/root/etc/sysconfig/network b/root/etc/sysconfig/network deleted file mode 100644 index 9ae0d72..0000000 --- a/root/etc/sysconfig/network +++ /dev/null @@ -1,3 +0,0 @@ -NETWORKING=yes -NETWORKING_IPV6=no -HOSTNAME=galia.watzmann.net diff --git a/root/etc/sysconfig/network-scripts/ifcfg-br0 b/root/etc/sysconfig/network-scripts/ifcfg-br0 deleted file mode 100644 index f609e1d..0000000 --- a/root/etc/sysconfig/network-scripts/ifcfg-br0 +++ /dev/null @@ -1,5 +0,0 @@ -# Intel Corporation 82573L Gigabit Ethernet Controller -DEVICE=br0 -ONBOOT=yes -BOOTPROTO=dhcp -TYPE=Bridge diff --git a/root/etc/sysconfig/network-scripts/ifcfg-eth0 b/root/etc/sysconfig/network-scripts/ifcfg-eth0 deleted file mode 100644 index fddec4d..0000000 --- a/root/etc/sysconfig/network-scripts/ifcfg-eth0 +++ /dev/null @@ -1,7 +0,0 @@ -# Intel Corporation 82573L Gigabit Ethernet Controller -DEVICE=eth0 -#BOOTPROTO=dhcp -HWADDR=XX:YY:ZZ:81:5B:0E -ONBOOT=yes -#DHCP_HOSTNAME=dhcp.example.com -BRIDGE=br0 diff --git a/root/etc/sysconfig/network-scripts/ifcfg-lo b/root/etc/sysconfig/network-scripts/ifcfg-lo deleted file mode 100644 index cb4f3f9..0000000 --- a/root/etc/sysconfig/network-scripts/ifcfg-lo +++ /dev/null @@ -1,9 +0,0 @@ -DEVICE=lo -IPADDR=127.0.0.1 -NETMASK=255.0.0.0 -NETWORK=127.0.0.0 -# If you're having problems with gated making 127.0.0.0/8 a martian, -# you can change this to something else (255.255.255.255, for example) -BROADCAST=127.255.255.255 -ONBOOT=yes -NAME=loopback diff --git a/root/etc/sysconfig/network-scripts/ifcfg-lo.rpmsave b/root/etc/sysconfig/network-scripts/ifcfg-lo.rpmsave deleted file mode 100644 index cb4f3f9..0000000 --- a/root/etc/sysconfig/network-scripts/ifcfg-lo.rpmsave +++ /dev/null @@ -1,9 +0,0 @@ -DEVICE=lo -IPADDR=127.0.0.1 -NETMASK=255.0.0.0 -NETWORK=127.0.0.0 -# If you're having problems with gated making 127.0.0.0/8 a martian, -# you can change this to something else (255.255.255.255, for example) -BROADCAST=127.255.255.255 -ONBOOT=yes -NAME=loopback diff --git a/root/etc/sysconfig/network-scripts/ifcfg-weird [!] (used to fail) b/root/etc/sysconfig/network-scripts/ifcfg-weird [!] (used to fail) deleted file mode 100644 index 08cf100..0000000 --- a/root/etc/sysconfig/network-scripts/ifcfg-weird [!] (used to fail) +++ /dev/null @@ -1,4 +0,0 @@ -# This file is only here to make sure augeas handles truly bizarre -# file names gracefully. Looking this file up in the tree will require -# escaping all the special chars in the file name -DEVICE=weird diff --git a/root/etc/sysconfig/network-scripts/ifcfg-wlan0 b/root/etc/sysconfig/network-scripts/ifcfg-wlan0 deleted file mode 100644 index e20c26b..0000000 --- a/root/etc/sysconfig/network-scripts/ifcfg-wlan0 +++ /dev/null @@ -1,5 +0,0 @@ -# Intel Corporation PRO/Wireless 3945ABG Network Connection -DEVICE=wlan0 -BOOTPROTO=dhcp -ONBOOT=no -HWADDR=XX:XX:XX:9f:88:96 diff --git a/root/etc/sysconfig/nfs b/root/etc/sysconfig/nfs deleted file mode 100644 index 1325c06..0000000 --- a/root/etc/sysconfig/nfs +++ /dev/null @@ -1,69 +0,0 @@ -## Firewalling -STATD_PORT=662 -STATD_OUTGOING_PORT=2020 -LOCKD_TCPPORT=32803 -LOCKD_UDPPORT=32769 -MOUNTD_PORT=892 -## -# -# Define which protocol versions mountd -# will advertise. The values are "no" or "yes" -# with yes being the default -#MOUNTD_NFS_V1="no" -#MOUNTD_NFS_V2="no" -#MOUNTD_NFS_V3="no" -# -# -# Path to remote quota server. See rquotad(8) -#RQUOTAD="/usr/sbin/rpc.rquotad" -# Port rquotad should listen on. -#RQUOTAD_PORT=875 -# Optional options passed to rquotad -#RPCRQUOTADOPTS="" -# -# -# TCP port rpc.lockd should listen on. -#LOCKD_TCPPORT=32803 -# UDP port rpc.lockd should listen on. -#LOCKD_UDPPORT=32769 -# -# -# Optional arguments passed to rpc.nfsd. See rpc.nfsd(8) -#RPCNFSDARGS -# Number of nfs server processes to be started. -# The default is 8. -#RPCNFSDCOUNT=8 -# -# -# Optional arguments passed to rpc.mountd. See rpc.mountd(8) -#RPCMOUNTDOPTS="" -# Port rpc.mountd should listen on. -#MOUNTD_PORT=892 -# -# -# Optional arguments passed to rpc.statd. See rpc.statd(8) -#STATDARG="" -# Port rpc.statd should listen on. -#STATD_PORT=662 -# Outgoing port statd should used. The default is port -# is random -#STATD_OUTGOING_PORT=2020 -# Specify callout program -#STATD_HA_CALLOUT="/usr/local/bin/foo" -# -# -# Optional arguments passed to rpc.idmapd. See rpc.idmapd(8) -#RPCIDMAPDARGS="" -# -# Set to turn on Secure NFS mounts. -#SECURE_NFS="yes" -# Optional arguments passed to rpc.gssd. See rpc.gssd(8) -#RPCGSSDARGS="-vvv" -# Optional arguments passed to rpc.svcgssd. See rpc.svcgssd(8) -#RPCSVCGSSDARGS="-vvv" -# Don't load security modules in to the kernel -#SECURE_NFS_MODS="noload" -# -# Don't load sunrpc module. -#RPCMTAB="noload" -# diff --git a/root/etc/sysconfig/ntpd b/root/etc/sysconfig/ntpd deleted file mode 100644 index b9fd41f..0000000 --- a/root/etc/sysconfig/ntpd +++ /dev/null @@ -1,8 +0,0 @@ -# Drop root to id 'ntp:ntp' by default. -OPTIONS="-u ntp:ntp -p /var/run/ntpd.pid" - -# Set to 'yes' to sync hw clock after successful ntpdate -SYNC_HWCLOCK=no - -# Additional options for ntpdate -NTPDATE_OPTIONS="" diff --git a/root/etc/sysconfig/prelink b/root/etc/sysconfig/prelink deleted file mode 100644 index db8c22f..0000000 --- a/root/etc/sysconfig/prelink +++ /dev/null @@ -1,37 +0,0 @@ -# Set this to no to disable prelinking altogether -# (if you change this from yes to no prelink -ua -# will be run next night to undo prelinking) -PRELINKING=yes - -# Options to pass to prelink -# -m Try to conserve virtual memory by allowing overlapping -# assigned virtual memory slots for libraries which -# never appear together in one binary -# -R Randomize virtual memory slot assignments for libraries. -# This makes it slightly harder for various buffer overflow -# attacks, since library addresses will be different on each -# host using -R. -PRELINK_OPTS=-mR - -# How often should full prelink be run (in days) -# Normally, prelink will be run in quick mode, every -# $PRELINK_FULL_TIME_INTERVAL days it will be run -# in normal mode. Comment it out if it should be run -# in normal mode always. -PRELINK_FULL_TIME_INTERVAL=14 - -# How often should prelink run (in days) even if -# no packages have been upgraded via rpm. -# If $PRELINK_FULL_TIME_INTERVAL days have not elapsed -# yet since last normal mode prelinking, last -# quick mode prelinking happened less than -# $PRELINK_NONRPM_CHECK_INTERVAL days ago -# and no packages have been upgraded by rpm -# since last quick mode prelinking, prelink -# will not do anything. -# Change to -# PRELINK_NONRPM_CHECK_INTERVAL=0 -# if you want to disable the rpm database timestamp -# check (especially if you don't use rpm/up2date/yum/apt-rpm -# exclusively to upgrade system libraries and/or binaries). -PRELINK_NONRPM_CHECK_INTERVAL=7 diff --git a/root/etc/sysconfig/puppet b/root/etc/sysconfig/puppet deleted file mode 100644 index 3befdd4..0000000 --- a/root/etc/sysconfig/puppet +++ /dev/null @@ -1,11 +0,0 @@ -# The puppetmaster server -#PUPPET_SERVER=puppet - -# If you wish to specify the port to connect to do so here -#PUPPET_PORT=8140 - -# Where to log to. Specify syslog to send log messages to the system log. -#PUPPET_LOG=/var/log/puppet/puppet.log - -# You may specify other parameters to the puppet client here -#PUPPET_EXTRA_OPTS=--waitforcert=500 diff --git a/root/etc/sysconfig/readonly-root b/root/etc/sysconfig/readonly-root deleted file mode 100644 index a19f7ec..0000000 --- a/root/etc/sysconfig/readonly-root +++ /dev/null @@ -1,17 +0,0 @@ -# Set to 'yes' to mount the system filesystems read-only. -READONLY=no -# Set to 'yes' to mount various temporary state as either tmpfs -# or on the block device labelled RW_LABEL. Implied by READONLY -TEMPORARY_STATE=no -# Place to put a tmpfs for temporary scratch writable space -RW_MOUNT=/var/lib/stateless/writable -# Label on local filesystem which can be used for temporary scratch space -RW_LABEL=stateless-rw -# Options to use for temporary mount -RW_OPTIONS= -# Label for partition with persistent data -STATE_LABEL=stateless-state -# Where to mount to the persistent data -STATE_MOUNT=/var/lib/stateless/state -# Options to use for persistent mount -STATE_OPTIONS= diff --git a/root/etc/sysconfig/rsyslog b/root/etc/sysconfig/rsyslog deleted file mode 100644 index 6f6c147..0000000 --- a/root/etc/sysconfig/rsyslog +++ /dev/null @@ -1,16 +0,0 @@ -# Options to syslogd -# -m 0 disables 'MARK' messages. -# -r enables logging from remote machines -# -x disables DNS lookups on messages received with -r -# See syslogd(8) for more details -SYSLOGD_OPTIONS="-m 0" -# Options to klogd -# -2 prints all kernel oops messages twice; once for klogd to decode, and -# once for processing with 'ksymoops' -# -x disables all klogd processing of oops messages entirely -# See klogd(8) for more details -KLOGD_OPTIONS="-x" -# -SYSLOG_UMASK=077 -# set this to a umask value to use for all log files as in umask(1). -# By default, all permissions are removed for "group" and "other". diff --git a/root/etc/sysconfig/samba b/root/etc/sysconfig/samba deleted file mode 100644 index 944b72f..0000000 --- a/root/etc/sysconfig/samba +++ /dev/null @@ -1,6 +0,0 @@ -# Options to smbd -SMBDOPTIONS="-D" -# Options to nmbd -NMBDOPTIONS="-D" -# Options for winbindd -WINBINDOPTIONS="" diff --git a/root/etc/sysconfig/saslauthd b/root/etc/sysconfig/saslauthd deleted file mode 100644 index 08e4373..0000000 --- a/root/etc/sysconfig/saslauthd +++ /dev/null @@ -1,11 +0,0 @@ -# Directory in which to place saslauthd's listening socket, pid file, and so -# on. This directory must already exist. -SOCKETDIR=/var/run/saslauthd - -# Mechanism to use when checking passwords. Run "saslauthd -v" to get a list -# of which mechanism your installation was compiled with the ablity to use. -MECH=pam - -# Additional flags to pass to saslauthd on the command line. See saslauthd(8) -# for the list of accepted flags. -FLAGS= diff --git a/root/etc/sysconfig/smartmontools b/root/etc/sysconfig/smartmontools deleted file mode 100644 index 75d591c..0000000 --- a/root/etc/sysconfig/smartmontools +++ /dev/null @@ -1,4 +0,0 @@ -# command line options for smartd -smartd_opts="-q never" -# autogenerated config file options -# smartd_conf_opts="-H -m root" diff --git a/root/etc/sysconfig/spamassassin b/root/etc/sysconfig/spamassassin deleted file mode 100644 index 70b21ed..0000000 --- a/root/etc/sysconfig/spamassassin +++ /dev/null @@ -1,2 +0,0 @@ -# Options to spamd -SPAMDOPTIONS="-d -c -m5 -H" diff --git a/root/etc/sysconfig/sysstat b/root/etc/sysconfig/sysstat deleted file mode 100644 index 5aeb175..0000000 --- a/root/etc/sysconfig/sysstat +++ /dev/null @@ -1,2 +0,0 @@ -# How long to keep log files (days), maximum is a month -HISTORY=7 diff --git a/root/etc/sysconfig/sysstat.ioconf b/root/etc/sysconfig/sysstat.ioconf deleted file mode 100644 index cf3840e..0000000 --- a/root/etc/sysconfig/sysstat.ioconf +++ /dev/null @@ -1,240 +0,0 @@ -# -# sysstat.ioconf -# -# Copyright (C) 2004, Red Hat, Inc. -# -# This file gives iostat and sadc a clue about how to find whole -# disk devices in /proc/partitions and /proc/diskstats -# -# line format, general record: -# major:name:ctrlpre:ctrlno:devfmt:devcnt:partpre:partcnt:description -# -# major: major # for device -# name: base of device name -# ctrlpre: string to use in generating controller designators -# eg: the c in c0d2p6, decimal formatting implied -# '*' means none or irrelevant -# ctrlno: which controller of this type is this -# devfmt: type of device naming convention -# a: alpha: xxa, xxb, ... xxaa, xxab, ... xxzz -# x: exception... record contains a specific name -# for a specific minor #, stored in the devcnt field -# %string: string to use in generating drive designators, -# eg: the 'd' in c0d2p6 , decimal formatting implied -# d: no special translations (decimal formatting) -# devcnt: how many whole devs per major number -# partpre: appended to whole dev before part designator -# eg. the p in c0d2p6, decimal formatting implied -# '*' means none -# partcnt: number of partitions per volume -# or minor # for exception records -# description: informative text -# -# line format, indirect record: -# major:base_major:ctrlno[:[desc]] -# -# major: major number of the device -# base_major: major number of the template for this type, -# 0 for not supported -# ctrlno: controller number of this type -# desc: controller-specific description -# if absent the desc from base_major will be -# used in sprintf( buf, desc, ctrlno ) - - -1:ram:*:0:d:256:*:1:RAM disks (ram0..ram255) -1:initrd:x:250:d:256:*:1:Initial RAM Disk (initrd) - -#2:0:0:Floppy Devices -2:fd:*:0:d:4:*:1:Floppy Devices fd0,fd1,fd2,fd3 - -3:hd:*:0:a:2:*:64:IDE - Controller %d -22:3:1: -33:3:2: -34:3:3: -56:3:4: -57:3:5: -88:3:6: -89:3:7: -90:3:8: -91:3:9: - -#4:0:0:NODEV -#5:0:0:NODEV -#6:0:0:NODEV -7:loop:*:0:d:256:*:1:Loop Devices - -8:sd:*:0:a:16:*:16:SCSI - Controller %d -65:8:1: -66:8:2: -67:8:3: -68:8:4: -69:8:5: -70:8:6: -71:8:7: - -9:md:*:0:d:256:*:1:Metadisk (Software RAID) devices (md0..md255) - -#10:0:0:NODEV - -11:sr:*:0:d:256:*:1:CDROM - CDROM (sr0..sr255) - -#12:0:0:MSCDEX CD-ROM Callback - -13:xd:*:0:a:2:*:64:8-bit MFM/RLL/IDE controller (xda, xdb) - -#14:0:0:BIOS Hard Drive Callback -#15:0:0:CDROM - Sony CDU-31A/CDU-33A -#16:0:0:CDROM - Goldstar -#17:0:0:CDROM - Optics Storage -#18:0:0:CDROM - Sanyo - -19:double:*:0:d:256:*:1:Compressed Disk (double0..double255) - -#20:0:0:CDROM - Hitachi - -21:mfm:*:0:a:2:*:64:Acorn MFM Hard Drive (mfma, mfmb) - -# 22: see IDE, dev 3 - -#23:0:0:CDROM - Mistumi Proprietary -#24:0:0:CDROM - Sony CDU-535 -#25:0:0:CDROM - Matsushita (Panasonic/Soundblaster) #1 -#26:0:1:CDROM - Matsushita (Panasonic/Soundblaster) #2 -#27:0:2:CDROM - Matsushita (Panasonic/Soundblaster) #3 -#28:0:3:CDROM - Matsushita (Panasonic/Soundblaster) #4 -# 28:0:0:! ACSI (Atari) Disk Not Supported -#29:0:0:CDROM - Aztech/Orchid/Okano/Wearnes -#30:0:0:CDROM - Philips LMS CM-205 -#31:0:0:ROM/flash Memory Card -#32:0:0:CDROM - Phillips LMS CM-206 - -# 33: See IDE, dev 3 -# 34: See IDE, dev 3 - -#35:0:0:Slow Memory RAM Disk - -36:ed:*:0:a:2:*:64:MCA ESDI Hard Disk (eda, edb) - -#37:0:0:Zorro II Ram Disk -#38:0:0:Reserved For Linux/AP+ -#39:0:0:Reserved For Linux/AP+ -#40:0:0:Syquest EZ135 Parallel Port Drive -#41:0:0:CDROM - MicroSolutions Parallel Port BackPack -#42:0:0:For DEMO Use Only - -43:nb:*:0:d:256:*:1:Network Block devices (nb0..nb255) -44:ftl:*:0:a:16:*:16:Flash Translation Layer (ftla..ftlp) -45:pd:*:0:a:4:*:16:Parallel Port IDE (pda..pdd) - -#46:0:0:CDROM - Parallel Port ATAPI - -47:pf:*:0:d:256:*:1:Parallel Port ATAPI Disk Devices (pf0..pf255) - -48:rd:/c:0:%d:32:p:8:Mylex DAC960 RAID, Controller %d -49:48:1: -50:48:2: -51:48:3: -52:48:4: -53:48:5: -54:48:6: -55:48:7: - -# 56, 57: see IDE, dev 3: - -58:lvm:*:0:d:256:*:1:Logical Volume Manager (lvm0..lvm255) - -#59:0:0:PDA Filesystem Device -#60:0:0:Local/Experimental Use -#61:0:0:Local/Experimental Use -#62:0:0:Local/Experimental Use -#63:0:0:Local/Experimental Use -#64:0:0:NODEV - -# 65..71: See SCSI, dev 8: - -72:ida/:c:0:%d:16:p:16:Compaq Intelligent Drive Array - Controller %d -73:72:1: -74:72:2: -75:72:3: -76:72:4: -77:72:5: -78:72:6: -79:72:7: - -80:i2o/hd:*:0:a:16:*:16:I2O Disk - Controller %d -81:80:1: -82:80:2: -83:80:3: -84:80:4: -85:80:5: -86:80:6: -87:80:7: - -# 88..91: see IDE, dev 3: - -#92:0:0:PPDD Encrypted Disk -#93:0:0:NAND Flash Translation Layer not supported - -94:dasd:*:0:a:64:*:4:IBM S/390 DASD Block Storage (dasda, dasdb, ...) - -#95:0:0:IBM S/390 VM/ESA Minidisk -#96:0:0:NODEV -#97:0:0:CD/DVD packed writing devices not supported - -98:ubd:*:0:d:256:*:1:User-mode Virtual Block Devices (ubd0..ubd256) - -#99:0:0:JavaStation Flash Disk -#100:0:0:NODEV - -101:amiraid/ar:*:0:d:16:p:16:AMI HyperDisk RAID (amiraid/ar0 - amiraid/ar15) - -#102:0:0:Compressed Block Device -#103:0:0:Audit Block Device - -104:cciss:/c:0:%d:16:p:16:HP SA 5xxx/6xxx (cciss) Controller %d -105:104:1: -106:104:2: -107:104:3: -108:104:4: -109:104:5: -110:104:6: -111:104:7: - -112:iseries/vd:*:0:a:32:*:8:IBM iSeries Virtual Disk (.../vda - .../vdaf) - -#113:0:0:CDROM - IBM iSeries Virtual - -# 114..159 NODEV - -160:sx8/:*:0:d:8:p:32:Promise SATA SX8 Unit %d -161:160:1: - -# 162..198 UNUSED - -#199:0:0:Veritas Volume Manager (VxVM) Volumes -#200:0:0:NODEV -#201:0:0:Veritas VxVM Dynamic Multipathing Driver - -# 202..230: UNUSED - -232:emcpower:*:0:a:16:*:16:EMC PowerPath Unit %d -233:232:1: -234:232:2: -235:232:3: -236:232:4: -237:232:5: -238:232:6: -239:232:7: -240:232:8: -241:232:9: -242:232:10: -243:232:11: -244:232:12: -245:232:13: -246:232:14: -247:232:15: - -# 240..254: LOCAL/Experimental -# 255: reserved for big dev_t expansion - diff --git a/root/etc/sysconfig/system-config-firewall b/root/etc/sysconfig/system-config-firewall deleted file mode 100644 index 8b13789..0000000 --- a/root/etc/sysconfig/system-config-firewall +++ /dev/null @@ -1 +0,0 @@ - diff --git a/root/etc/sysconfig/system-config-securitylevel b/root/etc/sysconfig/system-config-securitylevel deleted file mode 100644 index 765169c..0000000 --- a/root/etc/sysconfig/system-config-securitylevel +++ /dev/null @@ -1,5 +0,0 @@ -# Configuration file for system-config-securitylevel - ---enabled ---port=22:tcp ---port=2049:tcp diff --git a/root/etc/sysconfig/system-config-users b/root/etc/sysconfig/system-config-users deleted file mode 100644 index a7d75b6..0000000 --- a/root/etc/sysconfig/system-config-users +++ /dev/null @@ -1,10 +0,0 @@ -# Configuration file for system-config-users - -# Filter out system users -FILTER=true -# Automatically assign highest UID for new users -ASSIGN_HIGHEST_UID=true -# Automatically assign highest GID for new groups -ASSIGN_HIGHEST_GID=true -# Prefer to have same UID and GID for new users -PREFER_SAME_UID_GID=true diff --git a/root/etc/sysconfig/vncservers b/root/etc/sysconfig/vncservers deleted file mode 100644 index 31536f6..0000000 --- a/root/etc/sysconfig/vncservers +++ /dev/null @@ -1,21 +0,0 @@ -# The VNCSERVERS variable is a list of display:user pairs. -# -# Uncomment the lines below to start a VNC server on display :2 -# as my 'myusername' (adjust this to your own). You will also -# need to set a VNC password; run 'man vncpasswd' to see how -# to do that. -# -# DO NOT RUN THIS SERVICE if your local area network is -# untrusted! For a secure way of using VNC, see -# . - -# Use "-nolisten tcp" to prevent X connections to your VNC server via TCP. - -# Use "-nohttpd" to prevent web-based VNC clients connecting. - -# Use "-localhost" to prevent remote VNC clients connecting except when -# doing so through a secure tunnel. See the "-via" option in the -# `man vncviewer' manual page. - -# VNCSERVERS="2:myusername" -# VNCSERVERARGS[2]="-geometry 800x600 -nolisten tcp -nohttpd -localhost" diff --git a/root/etc/sysconfig/wpa_supplicant b/root/etc/sysconfig/wpa_supplicant deleted file mode 100644 index 402bac1..0000000 --- a/root/etc/sysconfig/wpa_supplicant +++ /dev/null @@ -1,6 +0,0 @@ -# wlan0 and wifi0 -# INTERFACES="-iwlan0 -iwifi0" -INTERFACES="-iwlan0" -# ndiswrapper and prism -# DRIVERS="-Dndiswrapper -Dprism" -DRIVERS="-Dwext" diff --git a/root/etc/sysconfig/xend b/root/etc/sysconfig/xend deleted file mode 100644 index 19b82df..0000000 --- a/root/etc/sysconfig/xend +++ /dev/null @@ -1,16 +0,0 @@ - -#XENSTORED_PID="/var/run/xenstore.pid" -#XENSTORED_ARGS= - -# Log all hypervisor messages (cf xm dmesg) -#XENCONSOLED_LOG_HYPERVISOR=no - -# Log all guest console output (cf xm console) -#XENCONSOLED_LOG_GUESTS=no - -# Location to store guest & hypervisor logs -#XENCONSOLED_LOG_DIR=/var/log/xen/console - -#XENCONSOLED_ARGS= - -#BLKTAPCTRL_ARGS= diff --git a/root/etc/sysconfig/xendomains b/root/etc/sysconfig/xendomains deleted file mode 100644 index e93b1a4..0000000 --- a/root/etc/sysconfig/xendomains +++ /dev/null @@ -1,137 +0,0 @@ -## Path: System/xen -## Description: xen domain start/stop on boot -## Type: string -## Default: -# -# The xendomains script can send SysRq requests to domains on shutdown. -# If you don't want to MIGRATE, SAVE, or SHUTDOWN, this may be a possibility -# to do a quick and dirty shutdown ("s e i u o") or at least sync the disks -# of the domains ("s"). -# -XENDOMAINS_SYSRQ="" - -## Type: integer -## Default: 100000 -# -# If XENDOMAINS_SYSRQ is set, this variable determines how long to wait -# (in microseconds) after each SysRq, so the domain has a chance to react. -# If you want to a quick'n'dirty shutdown via SysRq, you may want to set -# it to a relatively high value (1200000). -# -XENDOMAINS_USLEEP=100000 - -## Type: integer -## Default: 5000000 -# -# When creating a guest domain, it is sensible to allow a little time for it -# to get started before creating another domain or proceeding through the -# boot process. Without this, the booting guests will thrash the disk as they -# start up. This timeout (in microseconds) specifies the delay after guest -# domain creation. -# -XENDOMAINS_CREATE_USLEEP=5000000 - -## Type: string -## Default: "" -# -# Set this to a non-empty string if you want to migrate virtual machines -# on shutdown. The string will be passed to the xm migrate DOMID command -# as is: It should contain the target IP address of the physical machine -# to migrate to and optionally parameters like --live. Leave empty if -# you don't want to try virtual machine relocation on shutdown. -# If migration succeeds, neither SAVE nor SHUTDOWN will be executed for -# that domain. -# -XENDOMAINS_MIGRATE="" - -## Type: string -## Default: /var/lib/xen/save -# -# Directory to save running domains to when the system (dom0) is -# shut down. Will also be used to restore domains from if # XENDOMAINS_RESTORE -# is set (see below). Leave empty to disable domain saving on shutdown -# (e.g. because you rather shut domains down). -# If domain saving does succeed, SHUTDOWN will not be executed. -# -XENDOMAINS_SAVE=/var/lib/xen/save - -## Type: string -## Default: "--halt --wait" -# -# If neither MIGRATE nor SAVE were enabled or if they failed, you can -# try to shut down a domain by sending it a shutdown request. To do this, -# set this to "--halt --wait". Omit the "--wait" flag to avoid waiting -# for the domain to be really down. Leave empty to skip domain shutdown. -# -XENDOMAINS_SHUTDOWN="--halt --wait" - -## Type: string -## Default: "--all --halt --wait" -# -# After we have gone over all virtual machines (resp. all automatically -# started ones, see XENDOMAINS_AUTO_ONLY below) in a loop and sent SysRq, -# migrated, saved and/or shutdown according to the settings above, we -# might want to shutdown the virtual machines that are still running -# for some reason or another. To do this, set this variable to -# "--all --halt --wait", it will be passed to xm shutdown. -# Leave it empty not to do anything special here. -# (Note: This will hit all virtual machines, even if XENDOMAINS_AUTO_ONLY -# is set.) -# -XENDOMAINS_SHUTDOWN_ALL="--all --halt --wait" - -## Type: boolean -## Default: true -# -# This variable determines whether saved domains from XENDOMAINS_SAVE -# will be restored on system startup. -# -XENDOMAINS_RESTORE=true - -## Type: string -## Default: /etc/xen/auto -# -# This variable sets the directory where domains configurations -# are stored that should be started on system startup automatically. -# Leave empty if you don't want to start domains automatically -# (or just don't place any xen domain config files in that dir). -# Note that the script tries to be clever if both RESTORE and AUTO are -# set: It will first restore saved domains and then only start domains -# in AUTO which are not running yet. -# Note that the name matching is somewhat fuzzy. -# -XENDOMAINS_AUTO=/etc/xen/auto - -## Type: boolean -## Default: false -# -# If this variable is set to "true", only the domains started via config -# files in XENDOMAINS_AUTO will be treated according to XENDOMAINS_SYSRQ, -# XENDOMAINS_MIGRATE, XENDOMAINS_SAVE, XENDMAINS_SHUTDOWN; otherwise -# all running domains will be. -# Note that the name matching is somewhat fuzzy. -# -XENDOMAINS_AUTO_ONLY=false - -## Type: integer -## Default: 300 -# -# On xendomains stop, a number of xm commands (xm migrate, save, shutdown, -# shutdown --all) may be executed. In the worst case, these commands may -# stall forever, which will prevent a successful shutdown of the machine. -# If this variable is non-zero, the script will set up a watchdog timer -# for every of these xm commands and time it out after the number of seconds -# specified by this variable. -# Note that SHUTDOWN_ALL will not be called if no virtual machines or only -# zombies are still running, so you don't need to enable this timeout just -# for the zombie case. -# The setting should be large enough to make sure that migrate/save/shutdown -# can succeed. If you do live migrations, keep in mind that live migration -# of a 1GB machine over Gigabit ethernet may actually take something like -# 100s (assuming that live migration uses 10% of the network # bandwidth). -# Depending on the virtual machine, a shutdown may also require a significant -# amount of time. So better setup this variable to a huge number and hope the -# watchdog never fires. -# -XENDOMAINS_STOP_MAXWAIT=300 - diff --git a/root/etc/sysctl.conf b/root/etc/sysctl.conf deleted file mode 100644 index db98922..0000000 --- a/root/etc/sysctl.conf +++ /dev/null @@ -1,20 +0,0 @@ -# Kernel sysctl configuration file for Red Hat Linux -# -# For binary values, 0 is disabled, 1 is enabled. See sysctl(8) and -# sysctl.conf(5) for more details. - -# Controls IP packet forwarding -net.ipv4.ip_forward = 0 - -# Controls source route verification -net.ipv4.conf.default.rp_filter = 1 - -# Do not accept source routing -net.ipv4.conf.default.accept_source_route = 0 - -# Controls the System Request debugging functionality of the kernel -kernel.sysrq = 0 - -# Controls whether core dumps will append the PID to the core filename. -# Useful for debugging multi-threaded applications. -kernel.core_uses_pid = 1 diff --git a/root/etc/syslog.conf b/root/etc/syslog.conf deleted file mode 100644 index a137bdc..0000000 --- a/root/etc/syslog.conf +++ /dev/null @@ -1,38 +0,0 @@ -# $FreeBSD$ -# -# Spaces ARE valid field separators in this file. However, -# other *nix-like systems still insist on using tabs as field -# separators. If you are sharing this file between systems, you -# may want to use only tabs as field separators here. -# Consult the syslog.conf(5) manpage. -*.err;kern.warning;auth.notice;mail.crit /dev/console -*.notice;authpriv.none;kern.debug;lpr.info;mail.crit;news.err /var/log/messages -security.* /var/log/security -auth.info;authpriv.info /var/log/auth.log -mail.info /var/log/maillog -lpr.info /var/log/lpd-errs -ftp.info /var/log/xferlog -cron.* /var/log/cron -!-devd -*.=debug /var/log/debug.log -*.emerg * -# uncomment this to log all writes to /dev/console to /var/log/console.log -# touch /var/log/console.log and chmod it to mode 600 before it will work -#console.info /var/log/console.log -# uncomment this to enable logging of all log messages to /var/log/all.log -# touch /var/log/all.log and chmod it to mode 600 before it will work -#*.* /var/log/all.log -# uncomment this to enable logging to a remote loghost named loghost -#*.* @loghost -# uncomment these if you're running inn -# news.crit /var/log/news/news.crit -# news.err /var/log/news/news.err -# news.notice /var/log/news/news.notice -# Uncomment this if you wish to see messages produced by devd -# !devd -# *.>=notice /var/log/devd.log -!ppp -*.* /var/log/ppp.log -!* -include /etc/syslog.d -include /usr/local/etc/syslog.d diff --git a/root/etc/vsftpd.conf b/root/etc/vsftpd.conf deleted file mode 100644 index 5470b6e..0000000 --- a/root/etc/vsftpd.conf +++ /dev/null @@ -1,29 +0,0 @@ -# Standalone mode -listen=YES -max_clients=200 -max_per_ip=4 -# Access rights -anonymous_enable=YES -local_enable=NO -write_enable=NO -anon_upload_enable=NO -anon_mkdir_write_enable=NO -anon_other_write_enable=NO -# Security -anon_world_readable_only=YES -connect_from_port_20=YES -hide_ids=YES -pasv_min_port=50000 -pasv_max_port=60000 -# Features -xferlog_enable=YES -ls_recurse_enable=NO -ascii_download_enable=NO -async_abor_enable=YES -# Performance -one_process_model=YES -idle_session_timeout=120 -data_connection_timeout=300 -accept_timeout=60 -connect_timeout=60 -anon_max_rate=50000 diff --git a/root/etc/xinetd.conf b/root/etc/xinetd.conf deleted file mode 100644 index 41904e0..0000000 --- a/root/etc/xinetd.conf +++ /dev/null @@ -1,50 +0,0 @@ -# -# This is the master xinetd configuration file. Settings in the -# default section will be inherited by all service configurations -# unless explicitly overridden in the service configuration. See -# xinetd.conf in the man pages for a more detailed explanation of -# these attributes. - -defaults -{ -# The next two items are intended to be a quick access place to -# temporarily enable or disable services. -# -# enabled = -# disabled = - -# Define general logging characteristics. - log_type = SYSLOG daemon info - log_on_failure = HOST - log_on_success = PID HOST DURATION EXIT - -# Define access restriction defaults -# -# no_access = -# only_from = -# max_load = 0 - cps = 50 10 - instances = 50 - per_source = 10 - -# Address and networking defaults -# -# bind = -# mdns = yes - v6only = no - -# setup environmental attributes -# -# passenv = - groups = yes - umask = 002 - -# Generally, banners are not used. This sets up their global defaults -# -# banner = -# banner_fail = -# banner_success = -} - -includedir /etc/xinetd.d - diff --git a/root/etc/xinetd.d/cvs b/root/etc/xinetd.d/cvs deleted file mode 100644 index 6c4984f..0000000 --- a/root/etc/xinetd.d/cvs +++ /dev/null @@ -1,19 +0,0 @@ -# default: off -# description: The CVS service can record the history of your source \ -# files. CVS stores all the versions of a file in a single \ -# file in a clever way that only stores the differences \ -# between versions. -service cvspserver -{ - disable = yes - port = 2401 - socket_type = stream - protocol = tcp - wait = no - user = root - passenv = PATH - server = /usr/bin/cvs - env = HOME=/var/cvs - server_args = -f --allow-root=/var/cvs pserver -# bind = 127.0.0.1 -} diff --git a/root/etc/xinetd.d/rsync b/root/etc/xinetd.d/rsync deleted file mode 100644 index d4b591e..0000000 --- a/root/etc/xinetd.d/rsync +++ /dev/null @@ -1,14 +0,0 @@ -# default: off -# description: The rsync server is a good addition to an ftp server, as it \ -# allows crc checksumming etc. -service rsync -{ - disable = yes - flags = IPv6 - socket_type = stream - wait = no - user = root - server = /usr/bin/rsync - server_args = --daemon - log_on_failure += USERID -} diff --git a/root/etc/yum.conf b/root/etc/yum.conf deleted file mode 100644 index 9660673..0000000 --- a/root/etc/yum.conf +++ /dev/null @@ -1,15 +0,0 @@ -[main] -cachedir=/var/cache/yum -keepcache=0 -debuglevel=2 -logfile=/var/log/yum.log -exactarch=1 -obsoletes=1 -gpgcheck=1 -plugins=1 -metadata_expire=1800 - -installonly_limit=100 - -# PUT YOUR REPOS HERE OR IN separate files named file.repo -# in /etc/yum.repos.d diff --git a/root/etc/yum.repos.d/fedora-updates.repo b/root/etc/yum.repos.d/fedora-updates.repo deleted file mode 100644 index f451ba7..0000000 --- a/root/etc/yum.repos.d/fedora-updates.repo +++ /dev/null @@ -1,26 +0,0 @@ -[updates] -name=Fedora $releasever - $basearch - Updates -failovermethod=priority -#baseurl=http://download.fedora.redhat.com/pub/fedora/linux/updates/$releasever/$basearch/ -mirrorlist=http://mirrors.fedoraproject.org/mirrorlist?repo=updates-released-f$releasever&arch=$basearch -enabled=1 -gpgcheck=1 -gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora - -[updates-debuginfo] -name=Fedora $releasever - $basearch - Updates - Debug -failovermethod=priority -#baseurl=http://download.fedora.redhat.com/pub/fedora/linux/updates/$releasever/$basearch/debug/ -mirrorlist=http://mirrors.fedoraproject.org/mirrorlist?repo=updates-released-debug-f$releasever&arch=$basearch -enabled=0 -gpgcheck=1 -gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora - -[updates-source] -name=Fedora $releasever - Updates Source -failovermethod=priority -#baseurl=http://download.fedora.redhat.com/pub/fedora/linux/updates/$releasever/SRPMS/ -mirrorlist=http://mirrors.fedoraproject.org/mirrorlist?repo=updates-released-source-f$releasever&arch=$basearch -enabled=0 -gpgcheck=1 -gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora diff --git a/root/etc/yum.repos.d/fedora.repo b/root/etc/yum.repos.d/fedora.repo deleted file mode 100644 index a8ce2c0..0000000 --- a/root/etc/yum.repos.d/fedora.repo +++ /dev/null @@ -1,26 +0,0 @@ -[fedora] -name=Fedora $releasever - $basearch -failovermethod=priority -#baseurl=http://download.fedora.redhat.com/pub/fedora/linux/releases/$releasever/Everything/$basearch/os/ -mirrorlist=http://mirrors.fedoraproject.org/mirrorlist?repo=fedora-$releasever&arch=$basearch -enabled=1 -gpgcheck=1 -gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora file:///etc/pki/rpm-gpg/RPM-GPG-KEY - -[fedora-debuginfo] -name=Fedora $releasever - $basearch - Debug -failovermethod=priority -#baseurl=http://download.fedora.redhat.com/pub/fedora/linux/releases/$releasever/Everything/$basearch/debug/ -mirrorlist=http://mirrors.fedoraproject.org/mirrorlist?repo=fedora-debug-$releasever&arch=$basearch -enabled=0 -gpgcheck=1 -gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora file:///etc/pki/rpm-gpg/RPM-GPG-KEY - -[fedora-source] -name=Fedora $releasever - Source -failovermethod=priority -#baseurl=http://download.fedora.redhat.com/pub/fedora/linux/releases/$releasever/Everything/source/SRPMS/ -mirrorlist=http://mirrors.fedoraproject.org/mirrorlist?repo=fedora-source-$releasever&arch=$basearch -enabled=0 -gpgcheck=1 -gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora file:///etc/pki/rpm-gpg/RPM-GPG-KEY diff --git a/root/etc/yum.repos.d/remi.repo b/root/etc/yum.repos.d/remi.repo deleted file mode 100644 index ea0eeee..0000000 --- a/root/etc/yum.repos.d/remi.repo +++ /dev/null @@ -1,16 +0,0 @@ -[remi] -name=Les RPM de remi pour FC$releasever - $basearch -baseurl=http://remi.collet.free.fr/rpms/fc$releasever.$basearch/ - http://iut-info.ens.univ-reims.fr/remirpms/fc$releasever.$basearch/ -enabled=0 -gpgcheck=1 -gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-remi - -[remi-test] -name=Les RPM de remi en test pour FC$releasever - $basearch -baseurl=http://remi.collet.free.fr/rpms/test-fc$releasever.$basearch/ - http://iut-info.ens.univ-reims.fr/remirpms/test-fc$releasever.$basearch/ -enabled=0 -gpgcheck=1 -gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-remi - diff --git a/root/pairs.txt b/root/pairs.txt deleted file mode 100644 index c00b6cb..0000000 --- a/root/pairs.txt +++ /dev/null @@ -1,3 +0,0 @@ -key1=value1 -key2 = value2 -key3= value3 diff --git a/root/var/spool/cron/root b/root/var/spool/cron/root deleted file mode 100644 index 96bbfc2..0000000 --- a/root/var/spool/cron/root +++ /dev/null @@ -1,4 +0,0 @@ -MAILTO=cron@example.com -RANDOM_DELAY=7 -17 12 */4 * * /usr/sbin/boom -@reboot /usr/sbin/boom