diff options
| author | Daniil Baturin <daniil@baturin.org> | 2018-06-24 12:50:17 +0200 |
|---|---|---|
| committer | Daniil Baturin <daniil@baturin.org> | 2018-06-24 12:50:17 +0200 |
| commit | bacecf80ea16d3cd30dc7c98c98af013b2adc258 (patch) | |
| tree | 2b1d6f48708ace28ae4f6c9893ee50f6f390c6b7 /sysconf | |
| parent | 0d8e75e2e808ccf366a1527647a6353c09d92237 (diff) | |
| parent | 0f19dc57ed6588c083eee8aa9aee09b92b441b08 (diff) | |
| download | vyatta-cfg-system-lithium.tar.gz vyatta-cfg-system-lithium.zip | |
Merge branch 'current' into lithiumlithium
Conflicts:
debian/changelog
scripts/snmp/vyatta-snmp-v3.pl
scripts/snmp/vyatta-snmp.pl
templates/interfaces/tunnel/node.def
templates/system/sysctl/custom/node.def
Diffstat (limited to 'sysconf')
| -rw-r--r-- | sysconf/filecaps | 6 | ||||
| -rw-r--r-- | sysconf/level | 2 | ||||
| -rw-r--r-- | sysconf/netdevice | 1 | ||||
| -rw-r--r-- | sysconf/pam_radius.cfg | 15 | ||||
| -rw-r--r-- | sysconf/rsyslog.conf | 8 | ||||
| -rw-r--r-- | sysconf/sudoers | 2 | ||||
| -rw-r--r-- | sysconf/vyatta-sysctl.conf | 4 |
7 files changed, 25 insertions, 13 deletions
diff --git a/sysconf/filecaps b/sysconf/filecaps index 98ada7a3..96eadff4 100644 --- a/sysconf/filecaps +++ b/sysconf/filecaps @@ -9,10 +9,9 @@ cap_net_admin=pe /sbin/xtables-multi cap_net_admin=pe /usr/sbin/ipset cap_net_admin=pe /usr/sbin/conntrack cap_net_admin=pe /usr/sbin/arp -cap_net_admin=pe /usr/sbin/brctl +cap_net_admin=pe /sbin/brctl # Raw sockets -cap_net_raw=pe /usr/bin/tshark cap_net_raw=pe /usr/sbin/tcpdump cap_net_raw,cap_net_admin=eip /usr/bin/dumpcap @@ -20,8 +19,7 @@ cap_net_raw,cap_net_admin=eip /usr/bin/dumpcap cap_net_admin,cap_sys_admin=pe /sbin/sysctl # Module install -cap_sys_module=pe /sbin/modprobe -cap_sys_module=pe /sbin/rmmod +cap_sys_module=pe /bin/kmod # Set time cap_sys_time=pe /bin/date diff --git a/sysconf/level b/sysconf/level index 83c60e05..9da13bf5 100644 --- a/sysconf/level +++ b/sysconf/level @@ -1,2 +1,2 @@ -admin:quaggavty,vyattacfg,sudo,adm,dip,disk,fuse +admin:quaggavty,vyattacfg,sudo,adm,dip,disk operator:quaggavty,vyattaop,operator,adm,dip diff --git a/sysconf/netdevice b/sysconf/netdevice index 71fc310d..43634748 100644 --- a/sysconf/netdevice +++ b/sysconf/netdevice @@ -1,6 +1,7 @@ # device name to CLI path matching lo loopback eth ethernet +lan ethernet ifb input peth pseudo-ethernet br bridge diff --git a/sysconf/pam_radius.cfg b/sysconf/pam_radius.cfg index 02ffc1c8..ba3037ea 100644 --- a/sysconf/pam_radius.cfg +++ b/sysconf/pam_radius.cfg @@ -1,11 +1,14 @@ -Name: Radius client +Name: RADIUS authentication Default: yes -Priority: 512 +Priority: 257 Auth-Type: Primary Auth: - sufficient pam_radius_auth.so try_first_pass -Auth-Initial: - sufficient pam_radius_auth.so + [authinfo_unavail=ignore success=end default=ignore] /lib/security/pam_radius_auth.so + Account-Type: Primary Account: - sufficient pam_radius_auth.so + [authinfo_unavail=ignore success=end perm_denied=bad default=ignore] /lib/security/pam_radius_auth.so + +Session-Type: Additional +Session: + [authinfo_unavail=ignore success=ok default=ignore] /lib/security/pam_radius_auth.so diff --git a/sysconf/rsyslog.conf b/sysconf/rsyslog.conf index 56c7e15c..7db872bf 100644 --- a/sysconf/rsyslog.conf +++ b/sysconf/rsyslog.conf @@ -12,6 +12,9 @@ $ModLoad imuxsock # provides support for local system logging $ModLoad imklog # provides kernel logging support (previously done by rklogd) #$ModLoad immark # provides --MARK-- message capability +$OmitLocalLogging no +$SystemLogSocketName /run/systemd/journal/syslog + $KLogPath /proc/kmsg # provides UDP syslog reception @@ -54,8 +57,11 @@ $IncludeConfig /etc/rsyslog.d/*.conf #### RULES #### ############### +daemon.* /var/log/messages + # Log authorization failure messages auth,authpriv.* /var/log/auth.log # Emergencies are sent to everybody logged in. -*.emerg * +*.emerg :omusrmsg:* + diff --git a/sysconf/sudoers b/sysconf/sudoers index b6c50423..998e7083 100644 --- a/sysconf/sudoers +++ b/sysconf/sudoers @@ -36,7 +36,7 @@ Cmnd_Alias DMIDECODE = /usr/sbin/dmidecode Cmnd_Alias DISK = /usr/bin/lsof, /sbin/fdisk -l *, /sbin/sfdisk -d * Cmnd_Alias DATE = /bin/date, /usr/sbin/ntpdate Cmnd_Alias PPPOE_CMDS = /sbin/pppd, /sbin/poff, /usr/sbin/pppstats -Cmnd_Alias PCAPTURE = /usr/bin/tshark, /usr/bin/tcpdump +Cmnd_Alias PCAPTURE = /usr/bin/tcpdump Cmnd_Alias HWINFO = /usr/bin/lspci Cmnd_Alias FORCE_CLUSTER = /usr/share/heartbeat/hb_takeover, \ /usr/share/heartbeat/hb_standby diff --git a/sysconf/vyatta-sysctl.conf b/sysconf/vyatta-sysctl.conf index 3fe560b6..3e5717f1 100644 --- a/sysconf/vyatta-sysctl.conf +++ b/sysconf/vyatta-sysctl.conf @@ -67,3 +67,7 @@ net.ipv4.conf.all.send_redirects=1 # Increase size of buffer for netlink net.core.rmem_max=2097152 + +# Do not forget IPv6 addresses when a link goes down +net.ipv6.conf.default.keep_addr_on_down=1 +net.ipv6.conf.all.keep_addr_on_down=1 |