diff --git a/mailgw/Makefile b/mailgw/Makefile index f9720b3..9c34c09 100644 --- a/mailgw/Makefile +++ b/mailgw/Makefile @@ -1,9 +1,9 @@ -OT_VER ?= 0.54.2 -OT_SUBVER ?= b +OT_VER ?= 0.55 +OT_SUBVER ?= OT_TARBALL = oletools-$(OT_VER).tar.gz OT_URL = https://github.com/decalage2/oletools/releases/download/v$(OT_VER)$(OT_SUBVER)/$(OT_TARBALL) -OF_COMMIT ?= 7929bd927eaa93d1d67a0cfa6da7bed2be57ca15 +OF_COMMIT ?= d66e8aeda9b906e0af946218c7460161aa094f61 OF_TARBALL = $(OF_COMMIT).tar.gz OF_URL = https://github.com/HeinleinSupport/olefy/archive/$(OF_TARBALL) @@ -22,12 +22,6 @@ preinstall: $(inroot) $(EMERGE) $(USEPKG) --emptytree @world $(inroot) bash -c 'yes YES | etc-update --automode -9' - # Unitas-Portage-Overlay einbinden - $(inroot) $(EMERGE) -n $(USEPKG) app-portage/layman - sed -i 's/check_official : Yes/check_official : No/' $(CHROOT)/etc/layman/layman.cfg - wget -P $(CHROOT)/etc/layman/overlays http://dev.unitas-network.de/raw/Gentoo/Unitas.git/master/unitas-overlays.xml - $(inroot) layman -l | grep -q unitas || $(inroot) layman -La unitas - install_oletools: $(inroot) test -f /usr/portage/distfiles/$(OT_TARBALL) || \ $(inroot) wget -P /usr/portage/distfiles $(OT_URL) @@ -37,23 +31,38 @@ install_olefy: $(inroot) test -f /usr/portage/distfiles/$(OF_TARBALL) || \ $(inroot) wget -P /usr/portage/distfiles $(OF_URL) $(inroot) sh -c 'tar xf /usr/portage/distfiles/$(OF_TARBALL) -C /tmp && cd /tmp/olefy-$(OF_COMMIT) && cp olefy.py /usr/bin && cp olefy.conf /etc && cp olefy.service /etc/systemd/system' + sed -i 's#/usr/local/bin/#/usr/bin/#' $(CHROOT)/usr/bin/olefy.py + sed -i 's#/usr/local/bin/#/usr/bin/#' $(CHROOT)/etc/olefy.conf + sed -i 's#/usr/local/bin/#/usr/bin/#' $(CHROOT)/etc/systemd/system/olefy.service -postinstall: timesyncd.conf firstboot.start +postinstall: base/timesyncd.conf base/firstboot.start # Konfigurationen anpassen - cp timesyncd.conf $(CHROOT)/etc/systemd/timesyncd.conf + cp base/timesyncd.conf $(CHROOT)/etc/systemd/timesyncd.conf mkdir -p $(CHROOT)/etc/local.d - cp firstboot.start $(CHROOT)/etc/local.d/firstboot.start + cp base/firstboot.start $(CHROOT)/etc/local.d/firstboot.start touch $(CHROOT)/firstboot sed -i 's/# %wheel ALL=(ALL) ALL/%wheel ALL=(ALL) ALL/' $(CHROOT)/etc/sudoers - $(inroot) useradd -m -G users,wheel -s /bin/bash admin + sed -i 's#^auth.*$$#auth [success=2 default=ignore] pam_ssh_agent_auth.so file=~/.ssh/authorized_keys\nauth include system-auth#' $(CHROOT)/etc/pam.d/sudo + echo "Defaults env_keep += SSH_AUTH_SOCK" > $(CHROOT)/etc/sudoers.d/ssh_auth_sock + $(inroot) useradd -m -G users,wheel -s /bin/bash --comment="virtual appliance admin" --uid 2000 admin $(inroot) passwd -d admin; $(inroot) passwd -e admin $(inroot) systemctl enable tmux@root.service + cp base/tmux.conf $(CHROOT)/root/.tmux.conf # Beispiel feste IP-Adresse - cp 00-eth0.network $(CHROOT)/00-eth0.network.example + cp base/00-eth0.network $(CHROOT)/00-eth0.network.example # MariaDB-Konfiguration - cp mariadb/my.cnf $(CHROOT)/etc/mysql/my.cnf + # MariaDB-Konfiguration ($$, weil make ein $ entfernt) + sed -i "s/^character-set-server.*$$/character-set-server = utf8mb4/" $(CHROOT)/etc/mysql/mariadb.d/50-distro-server.cnf + echo >> $(CHROOT)/etc/mysql/mariadb.d/50-distro-server.cnf + echo "collation-server = utf8mb4_general_ci" >> $(CHROOT)/etc/mysql/mariadb.d/50-distro-server.cnf + echo "transaction_isolation = READ-COMMITTED" >> $(CHROOT)/etc/mysql/mariadb.d/50-distro-server.cnf + echo "binlog_format = ROW" >> $(CHROOT)/etc/mysql/mariadb.d/50-distro-server.cnf + echo "expire_logs_days = 3" >> $(CHROOT)/etc/mysql/mariadb.d/50-distro-server.cnf + echo "innodb_buffer_pool_size = 256M" >> $(CHROOT)/etc/mysql/mariadb.d/50-distro-server.cnf + echo "innodb_file_per_table = 1" >> $(CHROOT)/etc/mysql/mariadb.d/50-distro-server.cnf + echo "innodb_large_prefix = on" >> $(CHROOT)/etc/mysql/mariadb.d/50-distro-server.cnf cp mariadb/my.cnf.root $(CHROOT)/root/.my.cnf chmod 0600 $(CHROOT)/root/.my.cnf rm -rf $(CHROOT)/var/lib/mysql/* diff --git a/mailgw/00-eth0.network b/mailgw/base/00-eth0.network similarity index 100% rename from mailgw/00-eth0.network rename to mailgw/base/00-eth0.network diff --git a/mailgw/firstboot.start b/mailgw/base/firstboot.start similarity index 100% rename from mailgw/firstboot.start rename to mailgw/base/firstboot.start diff --git a/mailgw/timesyncd.conf b/mailgw/base/timesyncd.conf similarity index 100% rename from mailgw/timesyncd.conf rename to mailgw/base/timesyncd.conf diff --git a/mailgw/base/tmux.conf b/mailgw/base/tmux.conf new file mode 100644 index 0000000..58a02ef --- /dev/null +++ b/mailgw/base/tmux.conf @@ -0,0 +1,3 @@ +set -g mouse on +set-option -g set-titles on +set-option -g set-titles-string "#S / #T" diff --git a/mailgw/kernel.config b/mailgw/kernel.config index 3ff6bf2..5da9c5f 100644 --- a/mailgw/kernel.config +++ b/mailgw/kernel.config @@ -1,14 +1,15 @@ # # Automatically generated file; DO NOT EDIT. -# Linux/x86 4.19.44-gentoo Kernel Configuration +# Linux/x86 4.19.97-gentoo Kernel Configuration # # -# Compiler: gcc (Gentoo Hardened 8.3.0-r1 p1.1) 8.3.0 +# Compiler: gcc (Gentoo 9.2.0-r2 p3) 9.2.0 # CONFIG_CC_IS_GCC=y -CONFIG_GCC_VERSION=80300 +CONFIG_GCC_VERSION=90200 CONFIG_CLANG_VERSION=0 +CONFIG_CC_HAS_ASM_GOTO=y CONFIG_IRQ_WORK=y CONFIG_BUILDTIME_EXTABLE_SORT=y CONFIG_THREAD_INFO_IN_TASK=y @@ -337,6 +338,9 @@ CONFIG_X86_SMAP=y CONFIG_X86_INTEL_UMIP=y # CONFIG_X86_INTEL_MPX is not set CONFIG_X86_INTEL_MEMORY_PROTECTION_KEYS=y +CONFIG_X86_INTEL_TSX_MODE_OFF=y +# CONFIG_X86_INTEL_TSX_MODE_ON is not set +# CONFIG_X86_INTEL_TSX_MODE_AUTO is not set # CONFIG_EFI is not set CONFIG_SECCOMP=y # CONFIG_HZ_100 is not set @@ -557,7 +561,7 @@ CONFIG_FIRMWARE_MEMMAP=y CONFIG_DMIID=y # CONFIG_DMI_SYSFS is not set CONFIG_DMI_SCAN_MACHINE_NON_EFI_FALLBACK=y -# CONFIG_ISCSI_IBFT_FIND is not set +# CONFIG_ISCSI_IBFT is not set CONFIG_FW_CFG_SYSFS=y # CONFIG_FW_CFG_SYSFS_CMDLINE is not set # CONFIG_GOOGLE_FIRMWARE is not set @@ -1157,7 +1161,7 @@ CONFIG_BLK_DEV_LOOP_MIN_COUNT=8 CONFIG_XEN_BLKDEV_FRONTEND=y # CONFIG_XEN_BLKDEV_BACKEND is not set CONFIG_VIRTIO_BLK=y -# CONFIG_VIRTIO_BLK_SCSI is not set +CONFIG_VIRTIO_BLK_SCSI=y # CONFIG_BLK_DEV_RBD is not set # CONFIG_BLK_DEV_RSXX is not set @@ -1477,6 +1481,7 @@ CONFIG_NET_CORE=y # CONFIG_MACVLAN is not set # CONFIG_IPVLAN is not set # CONFIG_VXLAN is not set +# CONFIG_GENEVE is not set # CONFIG_GTP is not set # CONFIG_MACSEC is not set # CONFIG_NETCONSOLE is not set @@ -1600,7 +1605,7 @@ CONFIG_PHYLIB=y # # CONFIG_AMD_PHY is not set # CONFIG_AQUANTIA_PHY is not set -# CONFIG_ASIX_PHY is not set +# CONFIG_AX88796B_PHY is not set # CONFIG_AT803X_PHY is not set # CONFIG_BCM7XXX_PHY is not set # CONFIG_BCM87XX_PHY is not set @@ -1799,14 +1804,14 @@ CONFIG_HVC_DRIVER=y CONFIG_HVC_IRQ=y CONFIG_HVC_XEN=y CONFIG_HVC_XEN_FRONTEND=y -# CONFIG_VIRTIO_CONSOLE is not set +CONFIG_VIRTIO_CONSOLE=y # CONFIG_IPMI_HANDLER is not set CONFIG_HW_RANDOM=y # CONFIG_HW_RANDOM_TIMERIOMEM is not set CONFIG_HW_RANDOM_INTEL=y # CONFIG_HW_RANDOM_AMD is not set # CONFIG_HW_RANDOM_VIA is not set -CONFIG_HW_RANDOM_VIRTIO=y +# CONFIG_HW_RANDOM_VIRTIO is not set # CONFIG_NVRAM is not set # CONFIG_APPLICOM is not set # CONFIG_MWAVE is not set @@ -1966,7 +1971,6 @@ CONFIG_BCMA_POSSIBLE=y # CONFIG_MFD_INTEL_QUARK_I2C_GPIO is not set # CONFIG_LPC_ICH is not set # CONFIG_LPC_SCH is not set -# CONFIG_INTEL_SOC_PMIC_CHTWC is not set # CONFIG_MFD_INTEL_LPSS_ACPI is not set # CONFIG_MFD_INTEL_LPSS_PCI is not set # CONFIG_MFD_JANZ_CMODIO is not set @@ -2004,7 +2008,6 @@ CONFIG_BCMA_POSSIBLE=y # CONFIG_TPS6507X is not set # CONFIG_MFD_TPS65086 is not set # CONFIG_MFD_TPS65090 is not set -# CONFIG_MFD_TPS68470 is not set # CONFIG_MFD_TI_LP873X is not set # CONFIG_MFD_TPS6586X is not set # CONFIG_MFD_TPS65912_I2C is not set diff --git a/mailgw/mailgw.cfg b/mailgw/mailgw.cfg index 1eb96de..19c49d1 100644 --- a/mailgw/mailgw.cfg +++ b/mailgw/mailgw.cfg @@ -16,3 +16,5 @@ KERNEL_CONFIG = appliances/$(APPLIANCE)/kernel.config ENABLE_SSHD = YES TIMEZONE=Europe/Berlin LOCALE=de_DE.utf8 +REPO_NAMES = unitas +REPO_URI_unitas = https://dev.unitas-network.de/r/Gentoo/Unitas.git diff --git a/mailgw/make.conf b/mailgw/make.conf index 7473a6d..0ff26f0 100644 --- a/mailgw/make.conf +++ b/mailgw/make.conf @@ -1,6 +1,6 @@ CFLAGS="-O2 -pipe" CXXFLAGS="-O2 -pipe" -USE="hardened justify pie ssp urandom xattr xtpax -fortran -pch -pic -prelink -profile -tcc" +USE="hardened justify pie ssp urandom xattr -fortran -pch -pic -prelink -profile -tcc" MAKEOPTS="-j5" ACCEPT_LICENSE="*" PYTHON_TARGETS="python3_6" diff --git a/mailgw/mariadb/my.cnf b/mailgw/mariadb/my.cnf deleted file mode 100644 index 0f18944..0000000 --- a/mailgw/mariadb/my.cnf +++ /dev/null @@ -1,142 +0,0 @@ -# /etc/mysql/my.cnf: The global mysql configuration file. - -# The following options will be passed to all MySQL clients -[client] -#password = your_password -port = 3306 -socket = /var/run/mysqld/mysqld.sock - -[mysql] -character-sets-dir=/usr/share/mariadb/charsets -default-character-set=utf8 - -[mysqladmin] -character-sets-dir=/usr/share/mariadb/charsets -default-character-set=utf8 - -[mysqlcheck] -character-sets-dir=/usr/share/mariadb/charsets -default-character-set=utf8 - -[mysqldump] -character-sets-dir=/usr/share/mariadb/charsets -default-character-set=utf8 - -[mysqlimport] -character-sets-dir=/usr/share/mariadb/charsets -default-character-set=utf8 - -[mysqlshow] -character-sets-dir=/usr/share/mariadb/charsets -default-character-set=utf8 - -[myisamchk] -character-sets-dir=/usr/share/mariadb/charsets - -[myisampack] -character-sets-dir=/usr/share/mariadb/charsets - -# use [safe_mysqld] with mysql-3 -[mysqld_safe] -err-log = /var/log/mysql/mysql.err - -# add a section [mysqld-4.1] or [mysqld-5.0] for specific configurations -[mysqld] -character-set-server = utf8 -user = mysql -port = 3306 -socket = /var/run/mysqld/mysqld.sock -pid-file = /var/run/mysqld/mysqld.pid -log-error = /var/log/mysql/mysqld.err -basedir = /usr -datadir = /var/lib/mysql -skip-external-locking -key_buffer_size = 16M -max_allowed_packet = 4M -table_open_cache = 400 -sort_buffer_size = 512K -net_buffer_length = 16K -read_buffer_size = 256K -read_rnd_buffer_size = 512K -myisam_sort_buffer_size = 8M -lc_messages_dir = /usr/share/mariadb -#Set this to your desired error message language -lc_messages = en_US - -# security: -# using "localhost" in connects uses sockets by default -# skip-networking -bind-address = 127.0.0.1 - -##log-bin -server-id = 1 - -# point the following paths to different dedicated disks -tmpdir = /tmp/ -#log-update = /path-to-dedicated-directory/hostname - -# you need the debug USE flag enabled to use the following directives, -# if needed, uncomment them, start the server and issue -# #tail -f /tmp/mysqld.sql /tmp/mysqld.trace -# this will show you *exactly* what's happening in your server ;) - -#log = /tmp/mysqld.sql -#gdb -#debug = d:t:i:o,/tmp/mysqld.trace -#one-thread - -# the rest of the innodb config follows: -# don't eat too much memory, we're trying to be safe on 64Mb boxes -# you might want to bump this up a bit on boxes with more RAM -innodb_buffer_pool_size = 128M -# -# i'd like to use /var/lib/mysql/innodb, but that is seen as a database :-( -# and upstream wants things to be under /var/lib/mysql/, so that's the route -# we have to take for the moment -#innodb_data_home_dir = /var/lib/mysql/ -#innodb_log_arch_dir = /var/lib/mysql/ -#innodb_log_group_home_dir = /var/lib/mysql/ -# you may wish to change this size to be more suitable for your system -# the max is there to avoid run-away growth on your machine -innodb_data_file_path = ibdata1:10M:autoextend:max:128M -# we keep this at around 25% of of innodb_buffer_pool_size -# sensible values range from 1MB to (1/innodb_log_files_in_group*innodb_buffer_pool_size) -innodb_log_file_size = 48M -# this is the default, increase it if you have very large transactions going on -innodb_log_buffer_size = 8M -# this is the default and won't hurt you -# you shouldn't need to tweak it -innodb_log_files_in_group=2 -# see the innodb config docs, the other options are not always safe -innodb_flush_log_at_trx_commit = 1 -innodb_lock_wait_timeout = 50 -innodb_file_per_table - -# Uncomment this to get FEDERATED engine support -#plugin-load=federated=ha_federated.so -loose-federated - -[mysqldump] -quick -max_allowed_packet = 16M - -[mysql] -# uncomment the next directive if you are not familiar with SQL -#safe-updates - -[isamchk] -key_buffer_size = 20M -sort_buffer_size = 20M -read_buffer = 2M -write_buffer = 2M - -[myisamchk] -key_buffer_size = 20M -sort_buffer_size = 20M -read_buffer_size = 2M -write_buffer_size = 2M - -[mysqlhotcopy] -interactive-timeout - -[mariadb] diff --git a/mailgw/world b/mailgw/world index cc22769..51faccb 100644 --- a/mailgw/world +++ b/mailgw/world @@ -1,6 +1,7 @@ app-admin/logrotate app-admin/sudo app-emulation/open-vm-tools +app-emulation/qemu-guest-agent app-misc/mc app-misc/tmuxservice net-analyzer/zabbix