Die hier aufgeführten Beschreibungen beziehen sich auf Debian, sollten sich aber auch relativ leicht auf andere Distributionen anwenden lassen. Angaben zu einem lokalen LAN beziehen sich auf 192.168.57.0.
# $HOME/.procmailrc SHELL=/bin/sh PATH=/bin:/usr/bin MAILDIR=$HOME/Maildir/ LOGFILE=/var/log/procmail.log LOGABSTRACT="all" VERBOSE="off" # SYSTEM :0 * ^From:.*hostname.my.dyndns.domain|^From:.*@localhost .system/ # debian-security :0 * ^List-Id: <debian-security-announce.lists.debian.org> .debian_security/ # SPAM :0 * ^X-Spam-Status: Yes .SPAM/ # .... # REST: was bis hier nicht gefiltert wurde landet in der inbox :0 * $HOME/Maildir/
# /etc/fetchmailrc # Dienst prüft alle 900 Sekunden nach Mail set daemon 900 # user/password - Nutzername/Passwort auf dem MailServer # linuxuser - durch lokalen Nutzernamen ersetzen # keep - Mails auf dem Server lassen (optional) # ssl - ssl für die Kommunikation verwenden (optional) poll pop3.mailserver.linux protocol POP3 user "benutzername" password "geheim" is linuxuser keep ssl # Server Zertifikate überprüfen - falls ssl genutzt wird sslcertck sslcertpath /etc/ssl/certs
# /etc/samba/smb.conf
[global]
panic action = /usr/share/samba/panic-action %d
workgroup = myworkgroup
server string = be nice
load printers = no # dafür gibt es cups ;)
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
large readwrite = yes
unix extensions = no
follow symlinks = yes
wide links = yes
# charset
unix charset = ISO8859-15
dos charset = CP850
display charset = ISO8859-15
# log
log file = /var/log/samba/log.%m
max log size = 1000
syslog = 0
# security/user
security = user
guest account = nobody
map to guest = Bad User
invalid users = root
encrypt passwords = true
passdb backend = tdbsam guest
# interfaces/listen
interfaces = 192.168.57.2
bind interfaces only = yes
hosts allow = 192.168.57.0/255.255.255.0
hosts deny = 0.0.0.0/0
# browsing - Konfiguration als wins und so, dass möglichst immer master browser
local master = yes
os level = 254
domain master = yes
preferred master = yes
wins support = yes
wins proxy = yes
dns proxy = yes
name resolve order = wins bcast host
message command = /bin/mail -s 'message from %f on %m' frank < %s; rm %s
obey pam restrictions = yes
time server = yes
[homes]
comment = Home Directories
browseable = no
writable = yes
create mask = 0640
directory mask = 0750
[files]
path = /home/share/files
comment = verschiedenes
browseable = yes
read only = yes
public = yes
write list = @users
create mask = 0644
max connections = 10
# /etc/exports /home/share/upload 192.168.57.0/255.255.255.0(rw,async,all_squash) \ 192.168.57.111(rw,async,anonuid=1000,anongid=1000) /home/share/download 192.168.57.0/255.255.255.0(ro,sync,all_squash)
# /etc/cups/cupsd.conf AccessLog /var/log/cups/access.log DefaultCharset notused DefaultLanguage de ErrorLog /var/log/cups/error.log LogLevel info Printcap /var/run/cups/printcap #ServerCertificate /etc/ssl/CAcert/server.crt #ServerKey /etc/ssl/CAcert/server.key Listen 192.168.57.2:631 Listen 127.0.0.1:631 Browsing Off <Location /> Order Deny,Allow Deny From All Allow From 127.0.0.1 Allow From 192.168.57.0/24 </Location> <Location /jobs> Allow From 192.168.57.111 </Location> <Location /admin> AuthType Basic AuthClass System </Location>
redirect_program /usr/local/bannerfilter/redirector.plDetails zur Konfiguration gibts es auf http://phroggy.com/bannerfilter/
http_port 192.168.57.3:3128 icp_port 0 htcp_port 0 hierarchy_stoplist cgi-bin ? acl QUERY urlpath_regex cgi-bin \? acl localnet dst 192.168.57.0/24 no_cache deny QUERY no_cache deny localnet no_cache deny uninet cache_mem 32 MB maximum_object_size 32768 KB cache_dir ufs /var/spool/squid 1000 16 256 ftp_user anonymous@guest ftp_passive on hosts_file /etc/hosts redirect_program /usr/local/bannerfilter/redirector.pl redirect_children 6 refresh_pattern ^ftp: 1440 20% 10080 refresh_pattern ^gopher: 1440 0% 1440 refresh_pattern . 0 20% 4320 acl all src 0.0.0.0/0.0.0.0 acl manager proto cache_object acl localhost src 127.0.0.1/255.255.255.255 acl to_localhost dst 127.0.0.0/8 acl purge method PURGE acl CONNECT method CONNECT http_access allow manager localhost http_access deny manager http_access allow purge localhost http_access deny purge http_access deny !Safe_ports http_access deny CONNECT !SSL_ports http_access allow localhost acl client1 src 192.168.57.111 acl client2 src 192.168.57.112 http_access allow client1 http_access allow client2 http_access deny all http_reply_access allow all icp_access deny all miss_access allow client1 miss_access allow client2 miss_access deny all cache_mgr proxy@domain.tld forwarded_for off cachemgr_passwd disable all coredump_dir /var/spool/squid
# dircproxyrc
# beispielconfig für freenode und #lugum
connection {
password "-dircproxy-crpyted-password-"
server "kornbluth.freenode.net"
server "irc.freenode.net"
server_port 6667
join "#lugum"
#from "192.168.57.0/24"
away_message "nicht da, keine zeit, zu genervt ..."
chan_log_recall 256
chan_log_timestamp yes
server_throttle 1024:10
server_autoconnect yes
initial_modes "eiw"
drop_modes "oOws"
quit_message "over and out"
ctcp_replies no
}
# This is the main slapd configuration file. See slapd.conf(5) for more
# info on the configuration options.
# /etc/ldap/slapd.conf
#######################################################################
# Global Directives:
# Features to permit
# Allow LDAPv2 binds
#allow bind_v2
# Schema and objectClass definitions
include /etc/ldap/schema/core.schema
include /etc/ldap/schema/cosine.schema
include /etc/ldap/schema/inetorgperson.schema
# Schema check allows for forcing entries to
# match schemas for their objectClasses's
schemacheck on
# Where the pid file is put. The init.d script
# will not stop the server if you change this.
pidfile /var/run/slapd/slapd.pid
# List of arguments that were passed to the server
argsfile /var/run/slapd.args
# Read slapd.conf(5) for possible values
loglevel 0
# Where the dynamically loaded modules are stored
modulepath /usr/lib/ldap
moduleload back_bdb
#password-hash {MD5}
#password-hash {CLEARTEXT}
sasl-host my.dyndns.domain
sasl-realm hostname.my.dyndns.domain
sasl-regexp uid=(.*),cn=hostname.my.dyndns.domain,cn=DIGEST-MD5,cn=auth uid=$1,ou=staff,o=people
#disallow bind_anon
# TLS
TLSCipherSuite HIGH:MEDIUM:+SSLv2
TLSCertificateFile /etc/ssl/CAcert/server.crt
TLSCertificateKeyFile /etc/ssl/CAcert/server.key
TLSCACertificateFile /etc/ssl/CAcert/CAcert.crt
TLSVerifyClient try
#######################################################################
# Specific Directives for database #1, of type bdb:
# Database specific directives apply to this databasse until another
# 'database' directive occurs
database bdb
# The base of your directory in database #1
suffix "o=people"
# Where the database file are physically stored for database #1
directory "/var/lib/ldap"
# Indexing options for database #1
index objectClass eq
# indexed attribute definitions
#index cn,sn,uid pres,eq,sub
index cn,sn,mail pres,eq,approx,sub
# Save the time that the entry gets modified, for database #1
lastmod on
# Where to store the replica logs for database #1
# replogfile /var/lib/ldap/replog
#rootdn "uid=admin,cn=hostname.my.dyndns.domain,cn=digest-md5,cn=auth"
#rootpw {SSHA}ssha-crypted-pw
# The userPassword by default can be changed
# by the entry owning it if they are authenticated.
# Others should not be able to see it, except the
# admin entry below
# These access lines apply to database #1 only
access to attrs=userPassword
by dn="cn=admin,o=people" write
by anonymous auth
by self write
by * none
# Ensure read access to the base for things like
# supportedSASLMechanisms. Without this you may
# have problems with SASL not knowing what
# mechanisms are available and the like.
# Note that this is covered by the 'access to *'
# ACL below too but if you change that as people
# are wont to do you'll still need this if you
# want SASL (and possible other things) to work
# happily.
access to dn.base=""
by * read
# additional access rules
access to dn.subtree="ou=friends,o=people"
by dn="cn=*,ou=staff,o=people" write
by self write
by * read
access to dn.subtree="ou=others,o=people"
by dn="uid=sasluser,ou=staff,o=people" write
by * auth
access to dn.subtree="ou=staff,o=people"
by dn="cn=*,ou=staff,o=people" read
by self write
by * auth
# admin has full access, sasluser can read
# everyone else do not have access
access to *
by dn="cn=admin,o=people" write
by dn="uid=sasluser,ou=staff,o=people" read
by self write
by * auth
# /etc/apcupsd/apcupsd.conf UPSNAME Back-UPS_RS_500 UPSCABLE usb UPSTYPE usb DEVICE /dev/usb/hiddev[0-15] LOCKFILE /var/lock ONBATTERYDELAY 6 BATTERYLEVEL 5 MINUTES 3 TIMEOUT 0 ANNOY 300 ANNOYDELAY 60 NOLOGON disable KILLDELAY 0 NETSERVER on NISIP 127.0.0.1 NISPORT 3551 EVENTSFILE /var/log/apcupsd.events EVENTSFILEMAX 10 UPSCLASS standalone UPSMODE disable STATTIME 0 STATFILE /var/log/apcupsd.status LOGSTATS off DATATIME 0
# /etc/analog.cfg LOGFORMAT COMBINED LOGFILE /var/log/apache2/access.log HOSTNAME "my.dyndns.domain" HOSTURL http://my.dyndns.domain/ OUTFILE /home/www/user/analog/webstat_%Y%M%D.html IMAGEDIR /analog/ PNGIMAGES OFF CHARTDIR /user/analog/images/%Y%M%D_ LOCALCHARTDIR /home/www/user/analog/images/%Y%M%D_ STYLESHEET /includes/css/analog.css DIRSUFFIX index.html UNCOMPRESS *.gz "gzip -cd" CACHEFILE /var/cache/analog/stats_* CACHEOUTFILE /var/cache/analog/stats_%Y%M%D #....
resolve_hosts = no resolve_services = no # bei Verwendung von ulogd input = /var/log/ulog/syslogemu.log # n = netfilter, iptables parser = n pidfile = /var/run/fwlogwatch.pid
# /etc/smartd.conf /dev/hda -a -I 194 /dev/hdc -a -I 194 /dev/hde -a -I 194
$ hdparm -I /dev/hdaAnschliessend könnte eine Konfiguration folgendermassen aussehen:
# /etc/hdparm.conf
command_line {
hdparm -q -m16 -q -F -q -W1 -q -c1 -q -d1 /dev/hda
hdparm -q -m16 -q -F -q -W1 -q -c1 -q -d1 /dev/hdc
hdparm -q -m16 -q -F -q -W1 -q -c1 -q -d1 /dev/hde
}