VA
/
appliances-old
Archived
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

lamp: use gentoo kernel (hardened is unsupported), updates

This commit is contained in:
Joerg Deckert 2018-09-08 18:44:08 +02:00
parent dda36ca375
commit 5672dd82e1
10 changed files with 360 additions and 274 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
lamp/Makefile
View File

@ -17,6 +17,7 @@ preinstall:
postinstall: timesyncd.conf firstboot.start postinstall: timesyncd.conf firstboot.start
# Konfigurationen anpassen # Konfigurationen anpassen
cp timesyncd.conf $(CHROOT)/etc/systemd/timesyncd.conf cp timesyncd.conf $(CHROOT)/etc/systemd/timesyncd.conf
mkdir -p $(CHROOT)/etc/local.d
cp firstboot.start $(CHROOT)/etc/local.d/firstboot.start cp firstboot.start $(CHROOT)/etc/local.d/firstboot.start
touch $(CHROOT)/firstboot touch $(CHROOT)/firstboot
sed -i 's/# %wheel ALL=(ALL) ALL/%wheel ALL=(ALL) ALL/' $(CHROOT)/etc/sudoers sed -i 's/# %wheel ALL=(ALL) ALL/%wheel ALL=(ALL) ALL/' $(CHROOT)/etc/sudoers

4
lamp/firstboot.start Executable file → Normal file
View File

@ -11,10 +11,6 @@ localectl --no-convert set-keymap de-latin1-nodeadkeys
echo 'Activate services...' echo 'Activate services...'
timedatectl set-ntp true timedatectl set-ntp true
echo 'Setting hardened...'
paxctl-ng -m /usr/bin/python2.7
# variables # variables
LABEL="DATA" LABEL="DATA"
DATABASE_PASS="Di1sgMySQLPwd." DATABASE_PASS="Di1sgMySQLPwd."

574
lamp/kernel.config
View File

File diff suppressed because it is too large Load Diff

4
lamp/lamp.cfg
View File

@ -1,6 +1,6 @@
##HOSTNAME = $(APPLIANCE) ##HOSTNAME = $(APPLIANCE)
##TIMEZONE = UTC ##TIMEZONE = UTC
##DISK_SIZE = 6.0G DISK_SIZE = 8.0G
##SWAP_SIZE = 30 ##SWAP_SIZE = 30
##SWAP_FILE = $(CHROOT)/.swap ##SWAP_FILE = $(CHROOT)/.swap
##ARCH = amd64-hardened ##ARCH = amd64-hardened
@ -11,7 +11,7 @@
##SOFTWARE = 1 ##SOFTWARE = 1
##PKGLIST = 0 ##PKGLIST = 0
##RSYNC_MIRROR = rsync://rsync15.de.gentoo.org/gentoo/ ##RSYNC_MIRROR = rsync://rsync15.de.gentoo.org/gentoo/
KERNEL_PKG = hardened-sources ##KERNEL_PKG = gentoo-sources
KERNEL_CONFIG = appliances/$(APPLIANCE)/kernel.config KERNEL_CONFIG = appliances/$(APPLIANCE)/kernel.config
ENABLE_SSHD = YES ENABLE_SSHD = YES
TIMEZONE=Europe/Berlin TIMEZONE=Europe/Berlin

6
lamp/make.conf
View File

@ -1,6 +1,6 @@
CFLAGS="-O2 -pipe" CFLAGS="-O2 -pipe"
CXXFLAGS="-O2 -pipe" CXXFLAGS="-O2 -pipe"
USE="hardened justify pax_kernel pie ssp urandom xattr xtpax -fortran -jit -orc -pch -pic -prelink -profile -tcc" USE="hardened justify pie ssp urandom xattr -fortran -jit -orc -pch -pic -prelink -profile -tcc"
MAKEOPTS="-j5" MAKEOPTS="-j5"
PYTHON_TARGETS="python2_7" PYTHON_TARGETS="python2_7 python3_6"
PHP_TARGETS="php7-0 php7-1" PHP_TARGETS="php7-1"

23
lamp/mariadb/my.cnf
View File

@ -1,5 +1,4 @@
# /etc/mysql/my.cnf: The global mysql configuration file. # /etc/mysql/my.cnf: The global mysql configuration file.
# $Id$
# The following options will be passed to all MySQL clients # The following options will be passed to all MySQL clients
[client] [client]
@ -8,34 +7,38 @@ port = 3306
socket = /var/run/mysqld/mysqld.sock socket = /var/run/mysqld/mysqld.sock
[mysql] [mysql]
character-sets-dir=/usr/share/mysql/charsets character-sets-dir=/usr/share/mariadb/charsets
default-character-set=utf8 default-character-set=utf8
[mysqladmin] [mysqladmin]
character-sets-dir=/usr/share/mysql/charsets character-sets-dir=/usr/share/mariadb/charsets
default-character-set=utf8 default-character-set=utf8
[mysqlcheck] [mysqlcheck]
character-sets-dir=/usr/share/mysql/charsets character-sets-dir=/usr/share/mariadb/charsets
default-character-set=utf8 default-character-set=utf8
[mysqldump] [mysqldump]
character-sets-dir=/usr/share/mysql/charsets character-sets-dir=/usr/share/mariadb/charsets
default-character-set=utf8 default-character-set=utf8
[mysqlimport] [mysqlimport]
character-sets-dir=/usr/share/mysql/charsets character-sets-dir=/usr/share/mariadb/charsets
default-character-set=utf8 default-character-set=utf8
[mysqlshow] [mysqlshow]
character-sets-dir=/usr/share/mysql/charsets character-sets-dir=/usr/share/mariadb/charsets
default-character-set=utf8 default-character-set=utf8
[myisamchk] [myisamchk]
character-sets-dir=/usr/share/mysql/charsets character-sets-dir=/usr/share/mariadb/charsets
[myisampack] [myisampack]
character-sets-dir=/usr/share/mysql/charsets character-sets-dir=/usr/share/mariadb/charsets
# use [safe_mysqld] with mysql-3
[mysqld_safe]
err-log = /var/log/mysql/mysql.err
# add a section [mysqld-4.1] or [mysqld-5.0] for specific configurations # add a section [mysqld-4.1] or [mysqld-5.0] for specific configurations
[mysqld] [mysqld]
@ -56,7 +59,7 @@ net_buffer_length = 16K
read_buffer_size = 256K read_buffer_size = 256K
read_rnd_buffer_size = 512K read_rnd_buffer_size = 512K
myisam_sort_buffer_size = 8M myisam_sort_buffer_size = 8M
lc_messages_dir = /usr/share/mysql lc_messages_dir = /usr/share/mariadb
#Set this to your desired error message language #Set this to your desired error message language
lc_messages = en_US lc_messages = en_US

7
lamp/package.keywords
View File

@ -1,12 +1,9 @@
# Grundsystem # Grundsystem
app-admin/paxtest ~amd64 ~x86
app-emulation/open-vm-tools ~amd64 ~x86 app-emulation/open-vm-tools ~amd64 ~x86
sys-auth/pam_ssh_agent_auth ~amd64 ~x86 sys-auth/pam_ssh_agent_auth ~amd64 ~x86
sys-kernel/gentoo-sources ~amd64 ~x86
sys-kernel/hardened-sources ~amd64 ~x86
# LAMP # GeoIP
dev-db/mariadb ~amd64 ~x86 dev-php/maxmind-db-reader ~amd64 ~x86
# LetsEncrypt # LetsEncrypt
app-crypt/acme ~amd64 ~x86 app-crypt/acme ~amd64 ~x86

1
lamp/package.unmask
View File

@ -1 +0,0 @@
sys-kernel/hardened-sources

7
lamp/package.use
View File

@ -3,7 +3,8 @@ app-editors/nano ncurses
app-emulation/open-vm-tools pic -modules app-emulation/open-vm-tools pic -modules
app-misc/mc -slang app-misc/mc -slang
dev-lang/python ssl threads xml dev-lang/python ssl threads xml
dev-libs/libpcre cxx dev-libs/libpcre cxx jit
dev-libs/libpcre2 jit
dev-util/pkgconfig internal-glib dev-util/pkgconfig internal-glib
net-misc/openssh ssl net-misc/openssh ssl
net-misc/wget ssl net-misc/wget ssl
@ -14,11 +15,13 @@ sys-apps/portage ipc
sys-auth/pambase nullok sha512 sys-auth/pambase nullok sha512
sys-devel/gcc cxx nptl sys-devel/gcc cxx nptl
sys-kernel/gentoo-sources symlink sys-kernel/gentoo-sources symlink
sys-kernel/hardened-sources symlink
# Monitoring # Monitoring
net-analyzer/zabbix agent net-analyzer/zabbix agent
# GeoIP
dev-php/maxmind-db-reader extension
# LAMP # LAMP
app-eselect/eselect-php apache2 fpm app-eselect/eselect-php apache2 fpm
dev-lang/php apache2 bcmath curl gd imap ldap ldap-sasl mysql mysqli pdo sockets sqlite sysvipc truetype xmlreader xmlrpc xmlwriter zip dev-lang/php apache2 bcmath curl gd imap ldap ldap-sasl mysql mysqli pdo sockets sqlite sysvipc truetype xmlreader xmlrpc xmlwriter zip

7
lamp/world
View File

@ -1,17 +1,16 @@
app-admin/logrotate app-admin/logrotate
app-admin/paxtest
app-admin/sudo app-admin/sudo
app-emulation/open-vm-tools app-emulation/open-vm-tools
app-misc/mc app-misc/mc
app-misc/screenservice app-misc/screenservice
net-analyzer/zabbix net-analyzer/zabbix
sys-apps/elfix
sys-apps/gradm
sys-apps/paxctl
sys-auth/pam_ssh_agent_auth sys-auth/pam_ssh_agent_auth
sys-power/acpid sys-power/acpid
app-crypt/certbot-apache app-crypt/certbot-apache
dev-db/mariadb dev-db/mariadb
dev-db/phpmyadmin dev-db/phpmyadmin
dev-libs/libmaxminddb
dev-php/maxmind-db-reader
dev-php/pecl-apcu dev-php/pecl-apcu
net-misc/geoipupdate
www-servers/apache www-servers/apache