From 1bfc033259cebfaa0ca3dec10fbbf1ca450d44f1 Mon Sep 17 00:00:00 2001 From: Valentin Vidic Date: Thu, 14 May 2009 12:35:44 +0200 Subject: [PATCH] Remove unused configs. --- files/etc/default/ntpdate | 6 - files/etc/default/oidentd | 17 -- files/etc/default/postgrey | 10 - files/etc/default/slapd | 33 --- files/etc/dovecot/dovecot.conf | 500 ------------------------------------ files/etc/init.d/mysql | 163 ------------ files/etc/init.d/slapd | 256 ------------------ files/etc/logrotate.d/mysql-server | 34 --- files/etc/mysql/my.cnf | 115 --------- files/etc/pam.d/login | 75 ------ files/etc/squirrelmail/apache.conf | 39 --- files/etc/vsftpd.conf | 139 ---------- files/etc/xinetd.conf | 11 - src/functions.sh | 43 ---- 14 files changed, 1441 deletions(-) delete mode 100644 files/etc/default/ntpdate delete mode 100644 files/etc/default/oidentd delete mode 100644 files/etc/default/postgrey delete mode 100644 files/etc/default/slapd delete mode 100644 files/etc/dovecot/dovecot.conf delete mode 100755 files/etc/init.d/mysql delete mode 100755 files/etc/init.d/slapd delete mode 100644 files/etc/logrotate.d/mysql-server delete mode 100644 files/etc/mysql/my.cnf delete mode 100644 files/etc/pam.d/login delete mode 100644 files/etc/squirrelmail/apache.conf delete mode 100644 files/etc/vsftpd.conf delete mode 100644 files/etc/xinetd.conf diff --git a/files/etc/default/ntpdate b/files/etc/default/ntpdate deleted file mode 100644 index 80d8608..0000000 --- a/files/etc/default/ntpdate +++ /dev/null @@ -1,6 +0,0 @@ -# servers to check. (Separate multiple servers with spaces.) -NTPSERVERS="pool.ntp.org" -# -# additional options for ntpdate -#NTPOPTIONS="-v" -NTPOPTIONS="-u" diff --git a/files/etc/default/oidentd b/files/etc/default/oidentd deleted file mode 100644 index d0904de..0000000 --- a/files/etc/default/oidentd +++ /dev/null @@ -1,17 +0,0 @@ -# options to use when starting oidentd as daemon: -# -m lookup masquaraded connections in /etc/oidentd_masq.users -# -f forward requests for masquaraded connections to real host -# -q don't log connections to oidentd -# see oidentd(8) for detailed list -OIDENT_OPTIONS="-mf" - -# user / group -OIDENT_USER=nobody -OIDENT_GROUP=nogroup - -# Allow the default router to act as an oidentd proxy? (yes/no) -# this is needed behind a masquarading router that runs oidentd -f -# if your identd proxy is not the default router, you have to -# manually specify it via -P -OIDENT_BEHIND_PROXY=yes - diff --git a/files/etc/default/postgrey b/files/etc/default/postgrey deleted file mode 100644 index 07ba6bc..0000000 --- a/files/etc/default/postgrey +++ /dev/null @@ -1,10 +0,0 @@ -# postgrey startup options, created for Debian -# (c)2004 Adrian von Bidder -# Distribute and/or modify at will. - -# you may want to set -# --delay=N how long to greylist, seconds (default: 300) -# --max-age=N delete old entries after N days (default: 30) -# see also the postgrey(8) manpage - -POSTGREY_OPTS="--inet=127.0.0.1:60000" diff --git a/files/etc/default/slapd b/files/etc/default/slapd deleted file mode 100644 index fe7568e..0000000 --- a/files/etc/default/slapd +++ /dev/null @@ -1,33 +0,0 @@ -# Default location of the slapd.conf file -SLAPD_CONF= - -# System account to run the slapd server under. If empty the server -# will run as root. -SLAPD_USER= - -# System group to run the slapd server under. If empty the server will -# run in the primary group of its user. -SLAPD_GROUP= - -# Path to the pid file of the slapd server. If not set the init.d script -# will try to figure it out from $SLAPD_CONF (/etc/ldap/slapd.conf) -SLAPD_PIDFILE= - -# Configure if db_recover should be called before starting slapd -TRY_BDB_RECOVERY=yes - -# Configure if the slurpd daemon should be started. Possible values: -# - yes: Always start slurpd -# - no: Never start slurpd -# - auto: Start slurpd if a replica option is found in slapd.conf (default) -SLURPD_START=auto - -# slapd normally serves ldap only on all TCP-ports 389. slapd can also -# service requests on TCP-port 636 (ldaps) and requests via unix -# sockets. -# Example usage: -# SLAPD_SERVICES="ldap://127.0.0.1:389/ ldaps:/// ldapi:///" - -# Additional options to pass to slapd and slurpd -SLAPD_OPTIONS="" -SLURPD_OPTIONS="" diff --git a/files/etc/dovecot/dovecot.conf b/files/etc/dovecot/dovecot.conf deleted file mode 100644 index 98a46f6..0000000 --- a/files/etc/dovecot/dovecot.conf +++ /dev/null @@ -1,500 +0,0 @@ -## Dovecot 1.0 configuration file - -# Default values are shown after each value, it's not required to uncomment -# any of the lines. Exception to this are paths, they're just examples -# with real defaults being based on configure options. The paths listed here -# are for configure --prefix=/usr --sysconfdir=/etc/dovecot -# --localstatedir=/var --with-ssldir=/etc/ssl - -# Base directory where to store runtime data. -#base_dir = /var/run/dovecot/ - -# Protocols we want to be serving: -# imap imaps pop3 pop3s -protocols = - -# IP or host address where to listen in for connections. It's not currently -# possible to specify multiple addresses. "*" listens in all IPv4 interfaces. -# "[::]" listens in all IPv6 interfaces, but may also listen in all IPv4 -# interfaces depending on the operating system. You can specify ports with -# "host:port". -#imap_listen = * -#pop3_listen = * - -# IP or host address where to listen in for SSL connections. Defaults -# to above non-SSL equilevants if not specified. -#imaps_listen = -#pop3s_listen = - -# Disable SSL/TLS support. -#ssl_disable = no - -# PEM encoded X.509 SSL/TLS certificate and private key. They're opened before -# dropping root privileges, so keep the key file unreadable by anyone but -# root. -#ssl_cert_file = /etc/ssl/certs/dovecot.pem -#ssl_key_file = /etc/ssl/private/dovecot.pem - -# SSL parameter file. Master process generates this file for login processes. -# It contains Diffie Hellman and RSA parameters. -#ssl_parameters_file = /var/run/dovecot/ssl-parameters.dat - -# How often to regenerate the SSL parameters file. Generation is quite CPU -# intensive operation. The value is in hours, 0 disables regeneration -# entirely. -#ssl_parameters_regenerate = 24 - -# Disable LOGIN command and all other plaintext authentications unless -# SSL/TLS is used (LOGINDISABLED capability). Note that 127.*.*.* and -# IPv6 ::1 addresses are considered secure, this setting has no effect if -# you connect from those addresses. -#disable_plaintext_auth = yes - -# Use this logfile instead of syslog(). /dev/stderr can be used if you want to -# use stderr for logging (ONLY /dev/stderr - otherwise it is closed). -#log_path = - -# For informational messages, use this logfile instead of the default -#info_log_path = - -# Prefix for each line written to log file. % codes are in strftime(3) -# format. -#log_timestamp = "%b %d %H:%M:%S " - -## -## Login processes -## - -# Directory where authentication process places authentication UNIX sockets -# which login needs to be able to connect to. The sockets are created when -# running as root, so you don't have to worry about permissions. Note that -# everything in this directory is deleted when Dovecot is started. -#login_dir = /var/run/dovecot/login - -# chroot login process to the login_dir. Only reason not to do this is if you -# wish to run the whole Dovecot without roots. -# http://wiki.dovecot.org/Rootless -#login_chroot = yes - - -## -## IMAP login process -## - -login = imap - -# Executable location. -#login_executable = /usr/lib/dovecot/imap-login - -# User to use for the login process. Create a completely new user for this, -# and don't use it anywhere else. The user must also belong to a group where -# only it has access, it's used to control access for authentication process. -# Note that this user is NOT used to access mails. -# http://wiki.dovecot.org/UserIds -#login_user = dovecot - -# Set max. process size in megabytes. If you don't use -# login_process_per_connection you might need to grow this. -#login_process_size = 32 - -# Should each login be processed in it's own process (yes), or should one -# login process be allowed to process multiple connections (no)? Yes is more -# secure, espcially with SSL/TLS enabled. No is faster since there's no need -# to create processes all the time. -#login_process_per_connection = yes - -# Number of login processes to create. If login_process_per_user is -# yes, this is the number of extra processes waiting for users to log in. -#login_processes_count = 3 - -# Maximum number of extra login processes to create. The extra process count -# usually stays at login_processes_count, but when multiple users start logging -# in at the same time more extra processes are created. To prevent fork-bombing -# we check only once in a second if new processes should be created - if all -# of them are used at the time, we double their amount until limit set by this -# setting is reached. This setting is used only if login_process_per_use is yes. -#login_max_processes_count = 128 - -# Maximum number of connections allowed in login state. When this limit is -# reached, the oldest connections are dropped. If login_process_per_user -# is no, this is a per-process value, so the absolute maximum number of users -# logging in actually login_processes_count * max_logging_users. -#login_max_logging_users = 256 - -## -## POP3 login process -## - -# Settings default to same as above, so you don't have to set anything -# unless you want to override them. - -login = pop3 - -# Exception to above rule being the executable location. -#login_executable = /usr/lib/dovecot/pop3-login - -## -## Mail processes -## - -# Maximum number of running mail processes. When this limit is reached, -# new users aren't allowed to log in. -#max_mail_processes = 1024 - -# Show more verbose process titles (in ps). Currently shows user name and -# IP address. Useful for seeing who are actually using the IMAP processes -# (eg. shared mailboxes or if same uid is used for multiple accounts). -#verbose_proctitle = no - -# Show protocol level SSL errors. -#verbose_ssl = no - -# Valid UID range for users, defaults to 500 and above. This is mostly -# to make sure that users can't log in as daemons or other system users. -# Note that denying root logins is hardcoded to dovecot binary and can't -# be done even if first_valid_uid is set to 0. -#first_valid_uid = 500 -#last_valid_uid = 0 - -# Valid GID range for users, defaults to non-root/wheel. Users having -# non-valid GID as primary group ID aren't allowed to log in. If user -# belongs to supplementary groups with non-valid GIDs, those groups are -# not set. -#first_valid_gid = 1 -#last_valid_gid = 0 - -# Grant access to these extra groups for mail processes. Typical use would be -# to give "mail" group write access to /var/mail to be able to create dotlocks. -mail_extra_groups = mail - -# ':' separated list of directories under which chrooting is allowed for mail -# processes (ie. /var/mail will allow chrooting to /var/mail/foo/bar too). -# This setting doesn't affect login_chroot or auth_chroot variables. -# WARNING: Never add directories here which local users can modify, that -# may lead to root exploit. Usually this should be done only if you don't -# allow shell access for users. See -# /usr/share/doc/dovecot-common/configuration.txt for more information. -#valid_chroot_dirs = - -# Default chroot directory for mail processes. This can be overridden by -# giving /./ in user's home directory (eg. /home/./user chroots into /home). -#mail_chroot = - -# Default MAIL environment to use when it's not set. By leaving this empty -# dovecot tries to do some automatic detection as described in -# /usr/share/doc/dovecot-common/mail-storages.txt. There's a few special -# variables you can use: -# -# %u - username -# %n - user part in user@domain, same as %u if there's no domain -# %d - domain part in user@domain, empty if user there's no domain -# %h - home directory -# -# You can also limit a width of string by giving the number of max. characters -# after the '%' character. For example %1u gives the first character of -# username. Some examples: -# -# default_mail_env = maildir:/var/mail/%1u/%u/Maildir -# default_mail_env = mbox:~/mail/:INBOX=/var/mail/%u -# default_mail_env = mbox:/var/mail/%d/%n/:INDEX=/var/indexes/%d/%n -# -#default_mail_env = - -# Space-separated list of fields to cache for all mails. Currently these -# fields are allowed followed by a list of commands they speed up: -# -# Envelope - FETCH ENVELOPE and SEARCH FROM, TO, CC, BCC, SUBJECT, -# SENTBEFORE, SENTON, SENTSINCE, HEADER MESSAGE-ID, -# HEADER IN-REPLY-TO -# Body - FETCH BODY -# Bodystructure - FETCH BODY, BODYSTRUCTURE -# MessagePart - FETCH BODY[1.2.3] (ie. body parts), RFC822.SIZE, -# SEARCH SMALLER, LARGER, also speeds up BODY/BODYSTRUCTURE -# generation. This is always set with mbox mailboxes, and -# also default with Maildir. -# -# Different IMAP clients work in different ways, that's why Dovecot by default -# only caches MessagePart which speeds up most operations. Whenever client -# does something where caching could be used, the field is automatically marked -# to be cached later. For example after FETCH BODY the BODY will be cached -# for all new messages. Normally you should leave this alone, unless you know -# what most of your IMAP clients are. Caching more fields than needed makes -# the index files larger and generate useless I/O. -# -# With maildir there's one extra optimization - if nothing is cached, indexing -# the maildir becomes much faster since it's not opening any of the mail files. -# This could be useful if your IMAP clients access only new mails. - -#mail_cache_fields = MessagePart - -# Space-separated list of fields that Dovecot should never set to be cached. -# Useful if you want to save disk space at the cost of more I/O when the fields -# needed. -#mail_never_cache_fields = - -# Workarounds for various client bugs: -# oe6-fetch-no-newmail: -# Never send EXISTS/RECENT when replying to FETCH command. Outlook Express -# seems to think they are FETCH replies and gives user "Message no longer -# in server" error. Note that OE6 still breaks even with this workaround -# if synchronization is set to "Headers Only". -# outlook-idle: -# Outlook and Outlook Express never abort IDLE command, so if no mail -# arrives in half a hour, Dovecot closes the connection. This is still -# fine, except Outlook doesn't connect back so you don't see if new mail -# arrives. -# outlook-pop3-no-nuls: -# Outlook and Outlook Express hang if mails contain NUL characters. -# This setting replaces them with 0x80 character. -#client_workarounds = - -# Dovecot can notify client of new mail in selected mailbox soon after it's -# received. This setting specifies the minimum interval in seconds between -# new mail notifications to client - internally they may be checked more or -# less often. Setting this to 0 disables the checking. -# NOTE: Evolution client breaks with this option when it's trying to APPEND. -#mailbox_check_interval = 0 - -# Like mailbox_check_interval, but used for IDLE command. -#mailbox_idle_check_interval = 30 - -# Allow full filesystem access to clients. There's no access checks other than -# what the operating system does for the active UID/GID. It works with both -# maildir and mboxes, allowing you to prefix mailboxes names with eg. /path/ -# or ~user/. -#mail_full_filesystem_access = no - -# Maximum allowed length for custom flag name. It's only forced when trying -# to create new flags. -#mail_max_flag_length = 50 - -# Save mails with CR+LF instead of plain LF. This makes sending those mails -# take less CPU, especially with sendfile() syscall with Linux and FreeBSD. -# But it also creates a bit more disk I/O which may just make it slower. -#mail_save_crlf = no - -# Use mmap() instead of read() to read mail files. read() seems to be a bit -# faster with my Linux/x86 and it's better with NFS, so that's the default. -#mail_read_mmaped = no - -# By default LIST command returns all entries in maildir beginning with dot. -# Enabling this option makes Dovecot return only entries which are directories. -# This is done by stat()ing each entry, so it causes more disk I/O. -# (For systems setting struct dirent->d_type, this check is free and it's -# done always regardless of this setting) -#maildir_stat_dirs = no - -# Copy mail to another folders using hard links. This is much faster than -# actually copying the file. This is problematic only if something modifies -# the mail in one folder but doesn't want it modified in the others. I don't -# know any MUA which would modify mail files directly. IMAP protocol also -# requires that the mails don't change, so it would be problematic in any case. -# If you care about performance, enable it. -#maildir_copy_with_hardlinks = no - -# Check if mails' content has been changed by external programs. This slows -# down things as extra stat() needs to be called for each file. If changes are -# noticed, the message is treated as a new message, since IMAP protocol -# specifies that existing messages are immutable. -#maildir_check_content_changes = no - -# Which locking methods to use for locking mbox. There's three available: -# dotlock: Create .lock file. This is the oldest and most NFS-safe -# solution. If you want to use /var/mail/ like directory, the users -# will need write access to that directory. -# fcntl : Use this if possible. Works with NFS too if lockd is used. -# flock : May not exist in all systems. Doesn't work with NFS. -# -# You can use both fcntl and flock too; if you do the order they're declared -# with is important to avoid deadlocks if other MTAs/MUAs are using both fcntl -# and flock. Some operating systems don't allow using both of them -# simultaneously, eg. BSDs. If dotlock is used, it's always created first. -#mbox_locks = dotlock fcntl - -# Should we create dotlock file even when we want only a read-lock? Setting -# this to yes hurts the performance when the mailbox is accessed simultaneously -# by multiple processes, but it's needed for reliable reading if no other -# locking methods are available. -#mbox_read_dotlock = no - -# Maximum time in seconds to wait for lock (all of them) before aborting. -#mbox_lock_timeout = 300 - -# If dotlock exists but the mailbox isn't modified in any way, override the -# lock file after this many seconds. -#mbox_dotlock_change_timeout = 30 - -# umask to use for mail files and directories -#umask = 0077 - -# Drop all privileges before exec()ing the mail process. This is mostly -# meant for debugging, otherwise you don't get core dumps. Note that setting -# this to yes means that log file is opened as the logged in user, which -# might not work. It could also be a small security risk if you use single UID -# for multiple users, as the users could ptrace() each others processes then. -#mail_drop_priv_before_exec = no - -## -## IMAP process -## - -# Executable location -#imap_executable = /usr/lib/dovecot/imap - -# Set max. process size in megabytes. Most of the memory goes to mmap()ing -# files, so it shouldn't harm much even if this limit is set pretty high. -#imap_process_size = 256 - -# Support for dynamically loadable modules. -#imap_use_modules = no -#imap_modules = /usr/lib/dovecot/imap - -## -## POP3 process -## - -# Executable location -#pop3_executable = /usr/lib/dovecot/pop3 - -# Set max. process size in megabytes. Most of the memory goes to mmap()ing -# files, so it shouldn't harm much even if this limit is set pretty high. -#pop3_process_size = 256 - -# Support for dynamically loadable modules. -#pop3_use_modules = no -#pop3_modules = /usr/lib/dovecot/pop3 - -## -## Authentication processes -## - -# An Authentication process is a child process used by Dovecot that -# handles the authentication steps. The steps cover an authentication -# mechanism (auth_mechanisms, how the client authenticates in the IMAP or -# POP3 protocol), which password database should be queried (auth_passdb), -# and which user database should be queried (auth_userdb, to obtain -# UID, GID, and location of the user's mailbox/home directory). -# -# You can have multiple processes, though a typical configuration will -# have only one. Each time "auth = xx" is seen, a new process -# definition is started. The point of multiple processes is to be able -# to set stricter permissions. (See auth_user below.) -# -# Just remember that only one Authentication process is asked for the -# password, so you can't have different passwords accessible through -# different process definitions (unless they have different -# auth_mechanisms, and you're ok with having different password for -# each mechanisms). - -# Authentication process name. -auth = default - -# Specifies how the client authenticates in the IMAP protocol. -# Space separated list of permitted authentication mechanisms: -# anonymous plain digest-md5 cram-md5 -# -# anonymous - No authentication required. -# plain - The password is sent as plain text. All IMAP/POP3 clients -# support this, and the password can be encrypted by Dovecot to match -# any of the encryption schemes used in password databases. -# digest-md5 and cram-md5 - both encrypt the password so it is more -# secure in transit, but are not well supported by clients, and -# require that the password database use a matching encryption -# scheme (or be in plaintext). -# -# See auth.txt for more details. -# -# If you are using SSL there is less benefit to digest-md5 and -# cram-md5 as the communication is already encrypted. -auth_mechanisms = plain - -# Space separated list of realms for SASL authentication mechanisms that need -# them. You can leave it empty if you don't want to support multiple realms. -# Many clients simply use the first one listed here, so keep the default realm -# first. -#auth_realms = - -# Default realm/domain to use if none was specified. This is used for both -# SASL realms and appending @domain to username in plaintext logins. -#auth_default_realm = - -# User database specifies where mails are located and what user/group IDs -# own them. For single-UID configuration use "static". -# http://wiki.dovecot.org/Authentication -# http://wiki.dovecot.org/VirtualUsers -# passwd: /etc/passwd or similiar, using getpwnam() -# passwd-file : passwd-like file with specified location -# static uid= gid= home=: static settings -# vpopmail: vpopmail library -# ldap : LDAP, see /etc/dovecot/dovecot-ldap.conf -# mysql : a MySQL database, see /etc/dovecot/dovecot-mysql.conf -# pgsql : a PostgreSQL database, see -# /etc/dovecot/dovecot-pgsql.conf -auth_userdb = passwd - -# Password database specifies only the passwords for users. -# http://wiki.dovecot.org/Authentication -# passwd: /etc/passwd or similiar, using getpwnam() -# shadow: /etc/shadow or similiar, using getspnam() -# pam [ | *]: PAM authentication -# passwd-file : passwd-like file with specified location -# vpopmail: vpopmail authentication -# ldap : LDAP, see /etc/dovecot/dovecot-ldap.conf -# mysql : a MySQL database, see /etc/dovecot/dovecot-mysql.conf -# pgsql : a PostgreSQL database, see -# /etc/dovecot/dovecot-pgsql.conf -auth_passdb = pam - -#auth_executable = /usr/lib/dovecot/dovecot-auth - -# Set max. process size in megabytes. -#auth_process_size = 256 - -# User to use for the process. This user needs access to only user and -# password databases, nothing else. Only shadow and pam authentication -# requires roots, so use something else if possible. Note that passwd -# authentication with BSDs internally accesses shadow files, which also -# requires roots. Note that this user is NOT used to access mails. -# That user is specified by auth_userdb above. -auth_user = root - -# Directory where to chroot the process. Most authentication backends don't -# work if this is set, and there's no point chrooting if auth_user is root. -#auth_chroot = - -# Number of authentication processes to create -#auth_count = 1 - -# List of allowed characters in username. If the user-given username contains -# a character not listed in here, the login automatically fails. This is just -# an extra check to make sure user can't exploit any potential quote escaping -# vulnerabilities with SQL/LDAP databases. If you want to allow all characters, -# set this value to empty. -#auth_username_chars = abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ01234567890.-_@ - -# Username to use for users logging in with ANONYMOUS SASL mechanism -#auth_anonymous_username = anonymous - -# More verbose logging. Useful for figuring out why authentication isn't -# working. -#auth_verbose = no - -# Even more verbose logging for debugging purposes. Shows for example SQL -# queries. -#auth_debug = no - -# digest-md5 authentication process. It requires special MD5 passwords which -# /etc/shadow and PAM doesn't support, so we never need roots to handle it. -# Note that the passwd-file is opened before chrooting and dropping root -# privileges, so it may be 0600-root owned file. - -#auth = digest_md5 -#auth_mechanisms = digest-md5 -#auth_realms = -#auth_userdb = passwd-file /etc/passwd.imap -#auth_passdb = passwd-file /etc/passwd.imap -#auth_user = imapauth -#auth_chroot = - -# if you plan to use only passwd-file, you don't need the two auth processes, -# simply set "auth_methods = plain digest-md5" diff --git a/files/etc/init.d/mysql b/files/etc/init.d/mysql deleted file mode 100755 index 3f41118..0000000 --- a/files/etc/init.d/mysql +++ /dev/null @@ -1,163 +0,0 @@ -#!/bin/bash -# -# MySQL daemon start/stop script. -# -# Debian version. Based on the original by TcX. -# -set -e -set -u -${DEBIAN_SCRIPT_DEBUG:+ set -v -x} - -test -x /usr/sbin/mysqld || exit 0 - -SELF=$(cd $(dirname $0); pwd -P)/$(basename $0) -CONF=/etc/mysql/my.cnf -MYADMIN="/usr/bin/mysqladmin --defaults-file=/etc/mysql/debian.cnf" -RUNDIR=/var/run/mysqld/ - -# priority can be overriden and "-s" adds output to stderr -ERR_LOGGER="logger -p daemon.err -t /etc/init.d/mysql -i" - -# Safeguard (relative paths, core dumps..) -cd / -umask 077 -export PATH=/bin:/usr/bin - -# mysqladmin likes to read /root/.my.cnf. This is usually not what I want -# as many admins e.g. only store a password without a username there and -# so break my scripts. -export HOME=/etc/mysql/ - -## fetch a particular option from mysql's invocation -# -# usage: void mysqld_get_param option -mysqld_get_param() { - /usr/sbin/mysqld --print-defaults \ - | tr " " "\n" \ - | grep -- "--$1" \ - | tail -n 1 \ - | cut -d= -f2 -} - -## Checks if there is a server running and if so if it is accessible. -# -# check_alive insists on a pingable server -# check_dead also fails if there is a lost mysqld in the process list -# -# Usage: boolean mysqld_status [check_alive|check_dead] [warn|nowarn] -mysqld_status () { - ping_output=`$MYADMIN ping 2>&1`; ping_alive=$(( ! $? )) - - ps_alive=0 - pidfile=`mysqld_get_param pid-file` - if [ -f "$pidfile" ]; then - if ps `cat $pidfile` >/dev/null 2>&1; then ps_alive=1; fi - fi - - if [ "$1" = "check_alive" -a $ping_alive = 1 ] || - [ "$1" = "check_dead" -a $ping_alive = 0 -a $ps_alive = 0 ]; then - return 0 # EXIT_SUCCESS - else - if [ "$2" = "warn" ]; then - /bin/echo -e "$ps_alive processes alive and '$MYADMIN ping' resulted in\n$ping_output\n" | $ERR_LOGGER -p daemon.debug - fi - return 1 # EXIT_FAILURE - fi -} - -# -# main() -# - -case "${1:-''}" in - 'start') - # check for config file - if [ ! -r $CONF ]; then - /bin/echo -e "\nWARNING: $CONF cannot be read. See README.Debian." - fi - # check for /var/run/mysqld/ which maybe have only been on a tempfs - if [ ! -d $RUNDIR ]; then - install --directory --owner=mysql --mode=755 $RUNDIR - fi - # Start daemon - echo -n "Starting MySQL database server: mysqld" - if mysqld_status check_alive nowarn; then - echo "...already running." - else - /usr/bin/mysqld_safe > /dev/null 2>&1 & - for i in 1 2 3 4 5 6; do - sleep 1 - if mysqld_status check_alive nowarn ; then break; fi - done - if mysqld_status check_alive warn; then - echo "." - # Now start mysqlcheck or whatever the admin wants. - /etc/mysql/debian-start - else - echo "...failed." - /bin/echo -e "\tPlease take a look at the syslog." - fi - fi - - if $MYADMIN variables | egrep -q have_bdb.*YES; then - /bin/echo "BerkeleyDB is obsolete, see /usr/share/doc/mysql-server/README.Debian.gz" | $ERR_LOGGER -p daemon.info - fi - - ;; - - 'stop') - # * As a passwordless mysqladmin (e.g. via ~/.my.cnf) must be possible - # at least for cron, we can rely on it here, too. (although we have - # to specify it explicit as e.g. sudo environments points to the normal - # users home and not /root) - echo -n "Stopping MySQL database server: mysqld" - if ! mysqld_status check_dead nowarn; then - set +e - shutdown_out=`$MYADMIN shutdown 2>&1`; r=$? - set -e - if [ "$r" -ne 0 ]; then - /bin/echo -e -n "...failed.\n$shutdown_out\nKilling MySQL database server by signal: mysqld" - killall -15 mysqld - server_down= - for i in 1 2 3 4 5 6 7 8 9 10; do - sleep 1 - if mysqld_status check_dead nowarn; then server_down=1; break; fi - done - if test -z "$server_down"; then killall -9 mysqld; fi - fi - fi - - if ! mysqld_status check_dead warn; then - echo "...failed." - echo "Please stop MySQL manually and read /usr/share/doc/mysql-server/README.Debian!" - exit -1 - else - echo "." - fi - ;; - - 'restart') - set +e; $SELF stop; set -e - $SELF start - ;; - - 'reload'|'force-reload') - echo -n "Reloading MySQL database server: mysqld" - $MYADMIN reload - echo "." - ;; - - 'status') - if mysqld_status check_alive nowarn; then - $MYADMIN version - else - echo "MySQL is stopped." - fi - ;; - - *) - echo "Usage: $SELF start|stop|restart|reload|force-reload" - exit 1 - ;; -esac - diff --git a/files/etc/init.d/slapd b/files/etc/init.d/slapd deleted file mode 100755 index 53b18fc..0000000 --- a/files/etc/init.d/slapd +++ /dev/null @@ -1,256 +0,0 @@ -#! /bin/sh - -# Kill me on all errors -set -e - -# Stop processing if slapd is not there -[ -x /usr/sbin/slapd ] || exit 0 - -# Set default values -DB_RECOVER_CMD=db4.2_recover - -# Source the init script configuration -if [ -f "/etc/default/slapd" ]; then - . /etc/default/slapd -fi - -# Load the default location of the slapd config file -if [ -z "$SLAPD_CONF" ]; then - SLAPD_CONF="/etc/ldap/slapd.conf" -else - SLAPD_OPTIONS="-f $SLAPD_CONF $SLAPD_OPTIONS" - SLURPD_OPTIONS="-f $SLAPD_CONF $SLURPD_OPTIONS" -fi - -# Stop processing if the config file is not there -if [ ! -r "$SLAPD_CONF" ]; then - cat <&2 -No configuration file was found for slapd at $SLAPD_CONF. -If you have moved the slapd configuration file please modify -/etc/default/slapd to reflect this. If you chose to not -configure slapd during installation then you need to do so -prior to attempting to start slapd. -An example slapd.conf is in /usr/share/slapd -EOF - exit 0 # Should this be 1? -fi - -# Figure out some default settings -# Check wether slurpd should get started -if [ "$SLURPD_START" != "yes" ] && [ "$SLURPD_START" != "no" ]; then - if grep -q '^replica' "$SLAPD_CONF" > /dev/null 2>&1 ; then - SLURPD_START=yes - else - SLURPD_START=no - fi -fi - -# Find out the name of slapd's pid file -if [ -z "$SLAPD_PIDFILE" ]; then - SLAPD_PIDFILE=`sed -ne 's/^pidfile[[:space:]]\+\(.\+\)/\1/p' \ - "$SLAPD_CONF"` -fi - -# XXX: Breaks upgrading if there is no pidfile (invoke-rc.d stop will fail) -# -- Torsten -if [ -z "$SLAPD_PIDFILE" ]; then - cat <&2 -The pidfile for slapd is neither specified in "$SLAPD_CONF" nor -in /etc/default/slapd. Consequently, slapd will not be started. -EOF - exit 1 -fi - -# Pass the user and group to run under to slapd -if [ "$SLAPD_USER" ]; then - SLAPD_OPTIONS="-u $SLAPD_USER $SLAPD_OPTIONS" -fi - -if [ "$SLAPD_GROUP" ]; then - SLAPD_OPTIONS="-g $SLAPD_GROUP $SLAPD_OPTIONS" -fi - -# Tell the user that something went wrong and give some hints for -# resolving the problem. -report_failure() { - if [ -n "$reason" ]; then - echo " - failed: " - echo "$reason" - else - echo " - failed." - cat </dev/null 2>&1; then - echo -n " ($DB_RECOVER_CMD not found), " - return 0 - fi - - bdb_envs=`find_bdb_envs` - - # We care only about BDB environments - if [ -z "$bdb_envs" ]; then - return 0 - fi - - # Make sure there is no slapcat and no slapd running as we might - # break the DB in that case - if pidof /usr/lib/slapd >/dev/null; then - echo -n " (slapd running, no recovery), " - return 0 - fi - - echo -n " running BDB recovery" - for dbdir in $bdb_envs; do - reason="`$DB_RECOVER_CMD -eh $dbdir 2>&1`" || \ - db_recover_failed $dbdir - done - echo -n "," -} - -# Find bdb environment dirs -find_bdb_envs() { - local d - for d in `sed -ne 's/^directory[[:space:]]\+"*\([^"]\+\).*/\1/p' \ - < "$SLAPD_CONF"`; do - if [ -d "$d" -a -f "$d/objectClass.bdb" ]; then - echo $d - fi - done -} - -# Inform the user that BDB recovery failed -db_recover_failed() { - local dbdir - dbdir="$1" - - reason="`cat <&1`" - else - reason="`start-stop-daemon --start --quiet --oknodo \ - --pidfile "$SLAPD_PIDFILE" \ - --exec /usr/sbin/slapd -- -h "$SLAPD_SERVICES" $SLAPD_OPTIONS 2>&1`" - fi -} - -# Start the slurpd daemon and capture the error message if any to -# $reason. -start_slurpd() { - if [ "$SLURPD_START" != yes ]; then - return 0 - fi - echo -n " slurpd" - reason="`start-stop-daemon --start --quiet --oknodo \ - --exec /usr/sbin/slurpd -- $SLURPD_OPTIONS 2>&1`" -} - -# Stop the slapd daemon and capture the error message (if any) to -# $reason. -stop_slapd() { - echo -n " slapd" - reason="`start-stop-daemon --stop --quiet --oknodo --retry 10 \ - --pidfile "$SLAPD_PIDFILE" \ - --exec /usr/sbin/slapd 2>&1`" -} - -# Stop the slurpd daemon and capture the error message (if any) to -# $reason. -stop_slurpd() { - if [ "$SLURPD_START" != yes ]; then - return 0 - fi - echo -n " slurpd" - reason="`start-stop-daemon --stop --quiet --oknodo --retry 10 \ - --exec /usr/sbin/slurpd 2>&1`" -} - -# Start the OpenLDAP daemons -start() { - echo -n "Starting OpenLDAP:" - trap 'report_failure' 0 - if [ "$TRY_BDB_RECOVERY" = "yes" ]; then - try_fix_db - fi - start_slapd - start_slurpd - trap "-" 0 - echo . -} - -# Stop the OpenLDAP daemons -stop() { - echo -n "Stopping OpenLDAP:" - trap 'report_failure' 0 - stop_slurpd - stop_slapd - trap "-" 0 - echo . -} - -case "$1" in - start) - start ;; - stop) - stop ;; - restart|force-reload) - stop - start - ;; - *) - echo "Usage: $0 {start|stop|restart|force-reload}" - exit 1 - ;; -esac diff --git a/files/etc/logrotate.d/mysql-server b/files/etc/logrotate.d/mysql-server deleted file mode 100644 index 6d0f02d..0000000 --- a/files/etc/logrotate.d/mysql-server +++ /dev/null @@ -1,34 +0,0 @@ -# -# - This script rotates the normal query-log and the slow-log files. -# Binary-log rotation is configured in /etc/mysql/debian-log-rotate.conf -# - All files should be in one block so that only one flush-logs is neccessary. -# - The error log is obsolete, messages go to syslog now. -/var/log/mysql.log /var/log/mysql/mysql.log /var/log/mysql.err /var/log/mysql/mysql.err /var/log/mysql/mysql-slow.log { - daily - rotate 7 - missingok - create 640 mysql adm - compress - sharedscripts - postrotate - test -x /usr/bin/mysqladmin || exit 0 - - # If this fails, check debian.conf! - export HOME=/etc/mysql/my.cnf - MYADMIN="/usr/bin/mysqladmin --defaults-file=/etc/mysql/debian.cnf" - if [ -z "`$MYADMIN ping 2>/dev/null`" ]; then - # Really no mysqld or rather a missing debian-sys-maint user? - # If this occurs and is not a error please report a bug. - if ps cax | grep -q mysqld; then - exit 1 - fi - else - $MYADMIN flush-logs - fi - errlogs=`ls /var/log/mysql.err* /var/log/mysql/mysql.err* 2>/dev/null` - if [ -n "$errlogs" ]; then - chown root:adm $errlogs - chmod 640 $errlogs - fi - endscript -} diff --git a/files/etc/mysql/my.cnf b/files/etc/mysql/my.cnf deleted file mode 100644 index 7010eff..0000000 --- a/files/etc/mysql/my.cnf +++ /dev/null @@ -1,115 +0,0 @@ -# -# The MySQL database server configuration file. -# -# You can copy this to one of: -# - "/etc/mysql/my.cnf" to set global options, -# - "/var/lib/mysql/my.cnf" to set server-specific options or -# - "~/.my.cnf" to set user-specific options. -# -# One can use all long options that the program supports. -# Run program with --help to get a list of available options and with -# --print-defaults to see which it would actually understand and use. -# -# For explanations see -# http://dev.mysql.com/doc/mysql/en/server-system-variables.html - -# This will be passed to all mysql clients -# It has been reported that passwords should be enclosed with ticks/quotes -# escpecially if they contain "#" chars... -# Remember to edit /etc/mysql/debian.cnf when changing the socket location. -[client] -port = 3306 -socket = /var/run/mysqld/mysqld.sock - -# Here is entries for some specific programs -# The following values assume you have at least 32M ram - -# This was formally known as [safe_mysqld]. Both versions are currently parsed. -[mysqld_safe] -socket = /var/run/mysqld/mysqld.sock -nice = 0 - -[mysqld] -# -# * Basic Settings -# -user = mysql -pid-file = /var/run/mysqld/mysqld.pid -socket = /var/run/mysqld/mysqld.sock -port = 3306 -basedir = /usr -datadir = /var/lib/mysql -tmpdir = /tmp -language = /usr/share/mysql/english -skip-external-locking -# -# Instead of skip-networking the default is now to listen only on -# localhost which is more compatible and is not less secure. -bind-address = 127.0.0.1 -# -# * Fine Tuning -# -key_buffer = 16M -max_allowed_packet = 16M -thread_stack = 128K -# -# * Query Cache Configuration -# -query_cache_limit = 1048576 -query_cache_size = 16777216 -query_cache_type = 1 -# -# * Logging and Replication -# -# Both location gets rotated by the cronjob. -# Be aware that this log type is a performance killer. -#log = /var/log/mysql.log -#log = /var/log/mysql/mysql.log -# -# Error logging goes to syslog. This is a Debian improvement :) -# -# Here you can see queries with especially long duration -#log-slow-queries = /var/log/mysql/mysql-slow.log -# -# The following can be used as easy to replay backup logs or for replication. -#server-id = 1 -log-bin = /var/log/mysql/mysql-bin.log -# See /etc/mysql/debian-log-rotate.conf for the number of files kept. -max_binlog_size = 104857600 -#binlog-do-db = include_database_name -#binlog-ignore-db = include_database_name -# -# * BerkeleyDB -# -# The use of BerkeleyDB is now discouraged and support for it will probably -# cease in the next versions. -skip-bdb -# -# * InnoDB -# -# InnoDB is enabled by default with a 10MB datafile in /var/lib/mysql/. -# Read the manual for more InnoDB related options. There are many! -# -# * Security Feature -# -# Read the manual, too, if you want chroot! -# chroot = /var/lib/mysql/ -# -# If you want to enable SSL support (recommended) read the manual or my -# HOWTO in /usr/share/doc/mysql-server/SSL-MINI-HOWTO.txt.gz -# ssl-ca=/etc/mysql/cacert.pem -# ssl-cert=/etc/mysql/server-cert.pem -# ssl-key=/etc/mysql/server-key.pem - - - -[mysqldump] -quick -quote-names -max_allowed_packet = 16M - -[mysql] -#no-auto-rehash # faster start of mysql but no tab completition - -[isamchk] -key_buffer = 16M diff --git a/files/etc/pam.d/login b/files/etc/pam.d/login deleted file mode 100644 index 95e049d..0000000 --- a/files/etc/pam.d/login +++ /dev/null @@ -1,75 +0,0 @@ -# -# The PAM configuration file for the Shadow `login' service -# -# NOTE: If you use a session module (such as kerberos or NIS+) -# that retains persistent credentials (like key caches, etc), you -# need to enable the `CLOSE_SESSIONS' option in /etc/login.defs -# in order for login to stay around until after logout to call -# pam_close_session() and cleanup. -# - -# Outputs an issue file prior to each login prompt (Replaces the -# ISSUE_FILE option from login.defs). Uncomment for use -# auth required pam_issue.so issue=/etc/issue - -# Disallows root logins except on tty's listed in /etc/securetty -# (Replaces the `CONSOLE' setting from login.defs) -auth requisite pam_securetty.so - -# Disallows other than root logins when /etc/nologin exists -# (Replaces the `NOLOGINS_FILE' option from login.defs) -auth requisite pam_nologin.so - -# This module parses /etc/environment (the standard for setting -# environ vars) and also allows you to use an extended config -# file /etc/security/pam_env.conf. -# (Replaces the `ENVIRON_FILE' setting from login.defs) -auth required pam_env.so - -# Standard Un*x authentication. The "nullok" line allows passwordless -# accounts. -@include common-auth - -# This allows certain extra groups to be granted to a user -# based on things like time of day, tty, service, and user. -# Please uncomment and edit /etc/security/group.conf if you -# wish to use this. -# (Replaces the `CONSOLE_GROUPS' option in login.defs) -# auth optional pam_group.so - -# Uncomment and edit /etc/security/time.conf if you need to set -# time restrainst on logins. -# (Replaces the `PORTTIME_CHECKS_ENAB' option from login.defs -# as well as /etc/porttime) -# account requisite pam_time.so - -# Uncomment and edit /etc/security/access.conf if you need to -# set access limits. -# (Replaces /etc/login.access file) -# account required pam_access.so - -# Standard Un*x account and session -@include common-account -@include common-session - -# Sets up user limits, please uncomment and read /etc/security/limits.conf -# to enable this functionality. -# (Replaces the use of /etc/limits in old login) -session required pam_limits.so - -# Prints the last login info upon succesful login -# (Replaces the `LASTLOG_ENAB' option from login.defs) -session optional pam_lastlog.so - -# Prints the motd upon succesful login -# (Replaces the `MOTD_FILE' option in login.defs) -session optional pam_motd.so - -# Prints the status of the user's mailbox upon succesful login -# (Replaces the `MAIL_CHECK_ENAB' option from login.defs). You -# can also enable a MAIL environment variable from here, but it -# is better handled by /etc/login.defs, since userdel also uses -# it to make sure that removing a user, also removes their mail -# spool file. -session optional pam_mail.so standard noenv -@include common-password diff --git a/files/etc/squirrelmail/apache.conf b/files/etc/squirrelmail/apache.conf deleted file mode 100644 index 6c055b1..0000000 --- a/files/etc/squirrelmail/apache.conf +++ /dev/null @@ -1,39 +0,0 @@ -Alias /squirrelmail /usr/share/squirrelmail - - - php_flag register_globals off - Options Indexes FollowSymLinks - - DirectoryIndex index.php - - - # access to configtest is limited by default to prevent information leak - - order deny,allow - deny from all - allow from 127.0.0.1 - - - -# users will prefer a simple URL like http://webmail.example.com -# -# DocumentRoot /usr/share/squirrelmail -# ServerName webmail.example.com -# - -# redirect to https when available (thanks omen@descolada.dartmouth.edu) -# -# Note: There are multiple ways to do this, and which one is suitable for -# your site's configuration depends. Consult the apache documentation if -# you're unsure, as this example might not work everywhere. -# -# -# -# -# RewriteEngine on -# RewriteCond %{HTTPS} !^on$ [NC] -# RewriteRule . https://%{HTTP_HOST}%{REQUEST_URI} [L] -# -# -# - diff --git a/files/etc/vsftpd.conf b/files/etc/vsftpd.conf deleted file mode 100644 index ad86434..0000000 --- a/files/etc/vsftpd.conf +++ /dev/null @@ -1,139 +0,0 @@ -# Example config file /etc/vsftpd.conf -# -# The default compiled in settings are fairly paranoid. This sample file -# loosens things up a bit, to make the ftp daemon more usable. -# Please see vsftpd.conf.5 for all compiled in defaults. -# -# READ THIS: This example file is NOT an exhaustive list of vsftpd options. -# Please read the vsftpd.conf.5 manual page to get a full idea of vsftpd's -# capabilities. -# -# -# Run standalone? vsftpd can run either from an inetd or as a standalone -# daemon started from an initscript. -listen=YES -# -# Run standalone with IPv6? -# Like the listen parameter, except vsftpd will listen on an IPv6 socket -# instead of an IPv4 one. This parameter and the listen parameter are mutually -# exclusive. -#listen_ipv6=YES -# -# Allow anonymous FTP? (Beware - allowed by default if you comment this out). -anonymous_enable=YES -# -# Uncomment this to allow local users to log in. -#local_enable=YES -# -# Uncomment this to enable any form of FTP write command. -#write_enable=YES -# -# Default umask for local users is 077. You may wish to change this to 022, -# if your users expect that (022 is used by most other ftpd's) -#local_umask=022 -# -# Uncomment this to allow the anonymous FTP user to upload files. This only -# has an effect if the above global write enable is activated. Also, you will -# obviously need to create a directory writable by the FTP user. -#anon_upload_enable=YES -# -# Uncomment this if you want the anonymous FTP user to be able to create -# new directories. -#anon_mkdir_write_enable=YES -# -# Activate directory messages - messages given to remote users when they -# go into a certain directory. -dirmessage_enable=YES -# -# Activate logging of uploads/downloads. -xferlog_enable=YES -# -# Make sure PORT transfer connections originate from port 20 (ftp-data). -connect_from_port_20=YES -# -# If you want, you can arrange for uploaded anonymous files to be owned by -# a different user. Note! Using "root" for uploaded files is not -# recommended! -#chown_uploads=YES -#chown_username=whoever -# -# You may override where the log file goes if you like. The default is shown -# below. -#xferlog_file=/var/log/vsftpd.log -# -# If you want, you can have your log file in standard ftpd xferlog format -#xferlog_std_format=YES -# -# You may change the default value for timing out an idle session. -#idle_session_timeout=600 -# -# You may change the default value for timing out a data connection. -#data_connection_timeout=120 -# -# It is recommended that you define on your system a unique user which the -# ftp server can use as a totally isolated and unprivileged user. -#nopriv_user=ftpsecure -# -# Enable this and the server will recognise asynchronous ABOR requests. Not -# recommended for security (the code is non-trivial). Not enabling it, -# however, may confuse older FTP clients. -#async_abor_enable=YES -# -# By default the server will pretend to allow ASCII mode but in fact ignore -# the request. Turn on the below options to have the server actually do ASCII -# mangling on files when in ASCII mode. -# Beware that turning on ascii_download_enable enables malicious remote parties -# to consume your I/O resources, by issuing the command "SIZE /big/file" in -# ASCII mode. -# These ASCII options are split into upload and download because you may wish -# to enable ASCII uploads (to prevent uploaded scripts etc. from breaking), -# without the DoS risk of SIZE and ASCII downloads. ASCII mangling should be -# on the client anyway.. -#ascii_upload_enable=YES -#ascii_download_enable=YES -# -# You may fully customise the login banner string: -#ftpd_banner=Welcome to blah FTP service. -# -# You may specify a file of disallowed anonymous e-mail addresses. Apparently -# useful for combatting certain DoS attacks. -#deny_email_enable=YES -# (default follows) -#banned_email_file=/etc/vsftpd.banned_emails -# -# You may restrict local users to their home directories. See the FAQ for -# the possible risks in this before using chroot_local_user or -# chroot_list_enable below. -#chroot_local_user=YES -# -# You may specify an explicit list of local users to chroot() to their home -# directory. If chroot_local_user is YES, then this list becomes a list of -# users to NOT chroot(). -#chroot_list_enable=YES -# (default follows) -#chroot_list_file=/etc/vsftpd.chroot_list -# -# You may activate the "-R" option to the builtin ls. This is disabled by -# default to avoid remote users being able to cause excessive I/O on large -# sites. However, some broken FTP clients such as "ncftp" and "mirror" assume -# the presence of the "-R" option, so there is a strong case for enabling it. -#ls_recurse_enable=YES -# -# -# Debian customization -# -# Some of vsftpd's settings don't fit the Debian filesystem layout by -# default. These settings are more Debian-friendly. -# -# This option should be the name of a directory which is empty. Also, the -# directory should not be writable by the ftp user. This directory is used -# as a secure chroot() jail at times vsftpd does not require filesystem -# access. -secure_chroot_dir=/var/run/vsftpd -# -# This string is the name of the PAM service vsftpd will use. -pam_service_name=vsftpd -# -# This option specifies the location of the RSA certificate to use for SSL -# encrypted connections. -rsa_cert_file=/etc/ssl/certs/vsftpd.pem diff --git a/files/etc/xinetd.conf b/files/etc/xinetd.conf deleted file mode 100644 index 9e6ea25..0000000 --- a/files/etc/xinetd.conf +++ /dev/null @@ -1,11 +0,0 @@ -# Simple configuration file for xinetd -# -# Some defaults, and include /etc/xinetd.d/ - -defaults -{ - - -} - -includedir /etc/xinetd.d diff --git a/src/functions.sh b/src/functions.sh index 8a76e8b..6f16290 100644 --- a/src/functions.sh +++ b/src/functions.sh @@ -895,49 +895,6 @@ restore_configs () { restore_file /etc/monit/monitrc $config_new rm -f $config_new fi - -# restore_config login 1:4.0.18.1 /etc/pam.d/login -# restore_config mysql-server 5.0.3 /etc/init.d/mysql \ -# /etc/logrotate.d/mysql-server \ -# /etc/mysql/my.cnf -# restore_config ntpdate 1:4.2.2 /etc/default/ntpdate -# restore_config oidentd 2.0.8 /etc/default/oidentd -# restore_config slapd 2.3.30 /etc/default/slapd /etc/init.d/slapd -# restore_config squirrelmail 2:1.4.9a /etc/squirrelmail/apache.conf -# restore_config vsftpd 2.0.5 /etc/vsftpd.conf -# restore_config xinetd 1:2.3.14 /etc/xinetd.conf -# -# # orphaned config file - no owner -# if pkg logcheck-database lt 1.2.54; then -# rm -vf /etc/logcheck/ignore.d.server/imap -# fi -# -# # aide switched to ucf, move old configs aside -# if pkg aide lt 0.13.1; then -# for file in /etc/aide/aide.conf \ -# /etc/cron.daily/aide \ -# /etc/default/aide; -# do -# if [ ! -e "$file.$backup_ext" ]; then -# mv -v "$file" "$file.$backup_ext" -# fi -# -# rm -vf "$file" -# done -# fi -# -# # register cn changes in ucf managed files -# for config in /etc/apache/modules.conf \ -# /etc/clamav/clamd.conf \ -# /etc/clamav/freshclam.conf -# do -# config_backup=$config.$backup_ext -# if [ -e $config -a ! -e $config_backup ]; then -# log "Saving config file $config" -# cp -av $config $config_backup -# ucf $config_backup $config -# fi -# done } # temporary disable listchanges packages to reduce clutter during upgrade -- 1.7.10.4