mirror of
https://gitlab.archlinux.org/tpowa/archboot.git
synced 2024-09-19 11:30:37 +02:00
'update to latest config status'
This commit is contained in:
parent
67991b55ea
commit
2d98d589a6
2 changed files with 158 additions and 64 deletions
|
@ -1,9 +1,11 @@
|
|||
@version: 3.0
|
||||
#
|
||||
# /etc/syslog-ng.conf
|
||||
#
|
||||
|
||||
options {
|
||||
sync (0);
|
||||
stats_freq (0);
|
||||
flush_lines (0);
|
||||
time_reopen (10);
|
||||
log_fifo_size (1000);
|
||||
long_hostnames(off);
|
||||
|
@ -21,24 +23,24 @@ source src {
|
|||
file("/proc/kmsg");
|
||||
};
|
||||
|
||||
destination authlog { file("/var/log/auth.log"); };
|
||||
destination syslog { file("/var/log/syslog.log"); };
|
||||
destination cron { file("/var/log/crond.log"); };
|
||||
destination daemon { file("/var/log/daemon.log"); };
|
||||
destination kernel { file("/var/log/kernel.log"); };
|
||||
destination lpr { file("/var/log/lpr.log"); };
|
||||
destination user { file("/var/log/user.log"); };
|
||||
destination uucp { file("/var/log/uucp.log"); };
|
||||
destination mail { file("/var/log/mail.log"); };
|
||||
destination news { file("/var/log/news.log"); };
|
||||
destination ppp { file("/var/log/ppp.log"); };
|
||||
#destination debug { file("/var/log/debug.log"); };
|
||||
destination messages { file("/var/log/messages.log"); };
|
||||
destination errors { file("/var/log/errors.log"); };
|
||||
destination everything { file("/var/log/everything.log"); };
|
||||
destination iptables { file("/var/log/iptables.log"); };
|
||||
destination acpid { file("/var/log/acpid.log"); };
|
||||
destination console { usertty("root"); };
|
||||
destination d_authlog { file("/var/log/auth.log"); };
|
||||
destination d_syslog { file("/var/log/syslog.log"); };
|
||||
destination d_cron { file("/var/log/crond.log"); };
|
||||
destination d_daemon { file("/var/log/daemon.log"); };
|
||||
destination d_kernel { file("/var/log/kernel.log"); };
|
||||
destination d_lpr { file("/var/log/lpr.log"); };
|
||||
destination d_user { file("/var/log/user.log"); };
|
||||
destination d_uucp { file("/var/log/uucp.log"); };
|
||||
destination d_mail { file("/var/log/mail.log"); };
|
||||
destination d_news { file("/var/log/news.log"); };
|
||||
destination d_ppp { file("/var/log/ppp.log"); };
|
||||
destination d_debug { file("/var/log/debug.log"); };
|
||||
destination d_messages { file("/var/log/messages.log"); };
|
||||
destination d_errors { file("/var/log/errors.log"); };
|
||||
destination d_everything { file("/var/log/everything.log"); };
|
||||
destination d_iptables { file("/var/log/iptables.log"); };
|
||||
destination d_acpid { file("/var/log/acpid.log"); };
|
||||
destination d_console { usertty("root"); };
|
||||
|
||||
# Log everything to vc12
|
||||
destination console_all { file("/dev/vc/12"); };
|
||||
|
@ -56,7 +58,7 @@ filter f_user { facility(user); };
|
|||
filter f_uucp { facility(cron); };
|
||||
filter f_news { facility(news); };
|
||||
filter f_ppp { facility(local2); };
|
||||
#filter f_debug { not facility(auth, authpriv, news, mail); };
|
||||
filter f_debug { not facility(auth, authpriv, news, mail); };
|
||||
filter f_messages { level(info..warn) and not facility(auth, authpriv, mail, news, cron) and not program(syslog-ng) and not filter(f_iptables); };
|
||||
filter f_everything { level(debug..emerg) and not facility(auth, authpriv); };
|
||||
filter f_emergency { level(emerg); };
|
||||
|
@ -65,27 +67,27 @@ filter f_notice { level(notice); };
|
|||
filter f_warn { level(warn); };
|
||||
filter f_crit { level(crit); };
|
||||
filter f_err { level(err); };
|
||||
filter f_iptables { match("IN=.*OUT="); };
|
||||
filter f_acpid { match("acpid"); };
|
||||
filter f_iptables { match("IN=" value("MESSAGE")) and match("OUT=" value("MESSAGE")); };
|
||||
filter f_acpid { program("acpid"); };
|
||||
|
||||
log { source(src); filter(f_acpid); destination(acpid); flags(final); };
|
||||
log { source(src); filter(f_authpriv); destination(authlog); };
|
||||
log { source(src); filter(f_syslog); destination(syslog); };
|
||||
log { source(src); filter(f_cron); destination(cron); };
|
||||
log { source(src); filter(f_daemon); destination(daemon); };
|
||||
log { source(src); filter(f_kernel); destination(kernel); };
|
||||
log { source(src); filter(f_lpr); destination(lpr); };
|
||||
log { source(src); filter(f_mail); destination(mail); };
|
||||
log { source(src); filter(f_news); destination(news); };
|
||||
log { source(src); filter(f_ppp); destination(ppp); };
|
||||
log { source(src); filter(f_user); destination(user); };
|
||||
log { source(src); filter(f_uucp); destination(uucp); };
|
||||
#log { source(src); filter(f_debug); destination(debug); };
|
||||
log { source(src); filter(f_messages); destination(messages); };
|
||||
log { source(src); filter(f_err); destination(errors); };
|
||||
log { source(src); filter(f_emergency); destination(console); };
|
||||
log { source(src); filter(f_everything); destination(everything); };
|
||||
log { source(src); filter(f_iptables); destination(iptables); };
|
||||
log { source(src); filter(f_acpid); destination(d_acpid); };
|
||||
log { source(src); filter(f_authpriv); destination(d_authlog); };
|
||||
log { source(src); filter(f_syslog); destination(d_syslog); };
|
||||
log { source(src); filter(f_cron); destination(d_cron); };
|
||||
log { source(src); filter(f_daemon); destination(d_daemon); };
|
||||
log { source(src); filter(f_kernel); destination(d_kernel); };
|
||||
log { source(src); filter(f_lpr); destination(d_lpr); };
|
||||
log { source(src); filter(f_mail); destination(d_mail); };
|
||||
log { source(src); filter(f_news); destination(d_news); };
|
||||
log { source(src); filter(f_ppp); destination(d_ppp); };
|
||||
log { source(src); filter(f_user); destination(d_user); };
|
||||
log { source(src); filter(f_uucp); destination(d_uucp); };
|
||||
#log { source(src); filter(f_debug); destination(d_debug); };
|
||||
log { source(src); filter(f_messages); destination(d_messages); };
|
||||
log { source(src); filter(f_err); destination(d_errors); };
|
||||
log { source(src); filter(f_emergency); destination(d_console); };
|
||||
log { source(src); filter(f_everything); destination(d_everything); };
|
||||
log { source(src); filter(f_iptables); destination(d_iptables); };
|
||||
|
||||
# Log everything to vc12
|
||||
log { source(src); destination(console_all); };
|
||||
|
|
|
@ -135,6 +135,11 @@ fast_reauth=1
|
|||
# in most cases.
|
||||
#driver_param="field=value"
|
||||
|
||||
# Country code
|
||||
# The ISO/IEC alpha2 country code for the country in which this device is
|
||||
# currently operating.
|
||||
#country=US
|
||||
|
||||
# Maximum lifetime for PMKSA in seconds; default 43200
|
||||
#dot11RSNAConfigPMKLifetime=43200
|
||||
# Threshold for reauthentication (percentage of PMK lifetime); default 70
|
||||
|
@ -142,6 +147,57 @@ fast_reauth=1
|
|||
# Timeout for security association negotiation in seconds; default 60
|
||||
#dot11RSNAConfigSATimeout=60
|
||||
|
||||
# Wi-Fi Protected Setup (WPS) parameters
|
||||
|
||||
# Universally Unique IDentifier (UUID; see RFC 4122) of the device
|
||||
# If not configured, UUID will be generated based on the local MAC address.
|
||||
#uuid=12345678-9abc-def0-1234-56789abcdef0
|
||||
|
||||
# Device Name
|
||||
# User-friendly description of device; up to 32 octets encoded in UTF-8
|
||||
#device_name=Wireless Client
|
||||
|
||||
# Manufacturer
|
||||
# The manufacturer of the device (up to 64 ASCII characters)
|
||||
#manufacturer=Company
|
||||
|
||||
# Model Name
|
||||
# Model of the device (up to 32 ASCII characters)
|
||||
#model_name=cmodel
|
||||
|
||||
# Model Number
|
||||
# Additional device description (up to 32 ASCII characters)
|
||||
#model_number=123
|
||||
|
||||
# Serial Number
|
||||
# Serial number of the device (up to 32 characters)
|
||||
#serial_number=12345
|
||||
|
||||
# Primary Device Type
|
||||
# Used format: <categ>-<OUI>-<subcateg>
|
||||
# categ = Category as an integer value
|
||||
# OUI = OUI and type octet as a 4-octet hex-encoded value; 0050F204 for
|
||||
# default WPS OUI
|
||||
# subcateg = OUI-specific Sub Category as an integer value
|
||||
# Examples:
|
||||
# 1-0050F204-1 (Computer / PC)
|
||||
# 1-0050F204-2 (Computer / Server)
|
||||
# 5-0050F204-1 (Storage / NAS)
|
||||
# 6-0050F204-1 (Network Infrastructure / AP)
|
||||
#device_type=1-0050F204-1
|
||||
|
||||
# OS Version
|
||||
# 4-octet operating system version number (hex string)
|
||||
#os_version=01020300
|
||||
|
||||
# Credential processing
|
||||
# 0 = process received credentials internally (default)
|
||||
# 1 = do not process received credentials; just pass them over ctrl_iface to
|
||||
# external program(s)
|
||||
# 2 = process received credentials internally and pass them over ctrl_iface
|
||||
# to external program(s)
|
||||
#wps_cred_processing=0
|
||||
|
||||
# network block
|
||||
#
|
||||
# Each network (usually AP's sharing the same SSID) is configured as a separate
|
||||
|
@ -206,11 +262,12 @@ fast_reauth=1
|
|||
#
|
||||
# key_mgmt: list of accepted authenticated key management protocols
|
||||
# WPA-PSK = WPA pre-shared key (this requires 'psk' field)
|
||||
# WPA-EAP = WPA using EAP authentication (this can use an external
|
||||
# program, e.g., Xsupplicant, for IEEE 802.1X EAP Authentication
|
||||
# WPA-EAP = WPA using EAP authentication
|
||||
# IEEE8021X = IEEE 802.1X using EAP authentication and (optionally) dynamically
|
||||
# generated WEP keys
|
||||
# NONE = WPA is not used; plaintext or static WEP could be used
|
||||
# WPA-PSK-SHA256 = Like WPA-PSK but using stronger SHA256-based algorithms
|
||||
# WPA-EAP-SHA256 = Like WPA-EAP but using stronger SHA256-based algorithms
|
||||
# If not set, this defaults to: WPA-PSK WPA-EAP
|
||||
#
|
||||
# auth_alg: list of allowed IEEE 802.11 authentication algorithms
|
||||
|
@ -274,6 +331,9 @@ fast_reauth=1
|
|||
# 1 = enabled
|
||||
#peerkey=1
|
||||
#
|
||||
# wpa_ptk_rekey: Maximum lifetime for PTK in seconds. This can be used to
|
||||
# enforce rekeying of PTK to mitigate some attacks against TKIP deficiencies.
|
||||
#
|
||||
# Following fields are only used with internal EAP implementation.
|
||||
# eap: space-separated list of accepted EAP methods
|
||||
# MD5 = EAP-MD5 (unsecure and does not generate keying material ->
|
||||
|
@ -292,10 +352,19 @@ fast_reauth=1
|
|||
# If not set, all compiled in methods are allowed.
|
||||
#
|
||||
# identity: Identity string for EAP
|
||||
# This field is also used to configure user NAI for
|
||||
# EAP-PSK/PAX/SAKE/GPSK.
|
||||
# anonymous_identity: Anonymous identity string for EAP (to be used as the
|
||||
# unencrypted identity with EAP types that support different tunnelled
|
||||
# identity, e.g., EAP-TTLS)
|
||||
# password: Password string for EAP
|
||||
# password: Password string for EAP. This field can include either the
|
||||
# plaintext password (using ASCII or hex string) or a NtPasswordHash
|
||||
# (16-byte MD4 hash of password) in hash:<32 hex digits> format.
|
||||
# NtPasswordHash can only be used when the password is for MSCHAPv2 or
|
||||
# MSCHAP (EAP-MSCHAPv2, EAP-TTLS/MSCHAPv2, EAP-TTLS/MSCHAP, LEAP).
|
||||
# EAP-PSK (128-bit PSK), EAP-PAX (128-bit PSK), and EAP-SAKE (256-bit
|
||||
# PSK) is also configured using this field. For EAP-GPSK, this is a
|
||||
# variable length PSK.
|
||||
# ca_cert: File path to CA certificate file (PEM/DER). This file can have one
|
||||
# or more trusted CA certificates. If ca_cert and ca_path are not
|
||||
# included, server certificate will not be verified. This is insecure and
|
||||
|
@ -376,6 +445,15 @@ fast_reauth=1
|
|||
# fragmented.
|
||||
# sim_min_num_chal=3 can be used to configure EAP-SIM to require three
|
||||
# challenges (by default, it accepts 2 or 3)
|
||||
# result_ind=1 can be used to enable EAP-SIM and EAP-AKA to use
|
||||
# protected result indication.
|
||||
# 'crypto_binding' option can be used to control PEAPv0 cryptobinding
|
||||
# behavior:
|
||||
# * 0 = do not use cryptobinding (default)
|
||||
# * 1 = use cryptobinding if server supports it
|
||||
# * 2 = require cryptobinding
|
||||
# EAP-WSC (WPS) uses following options: pin=<Device Password> or
|
||||
# pbc=1.
|
||||
# phase2: Phase2 (inner authentication with TLS tunnel) parameters
|
||||
# (string with field-value pairs, e.g., "auth=MSCHAPV2" for EAP-PEAP or
|
||||
# "autheap=MSCHAPV2 autheap=MD5" for EAP-TTLS)
|
||||
|
@ -402,22 +480,6 @@ fast_reauth=1
|
|||
# interface used for EAPOL. The default value is suitable for most
|
||||
# cases.
|
||||
#
|
||||
# EAP-PSK variables:
|
||||
# eappsk: 16-byte (128-bit, 32 hex digits) pre-shared key in hex format
|
||||
# nai: user NAI
|
||||
#
|
||||
# EAP-PAX variables:
|
||||
# eappsk: 16-byte (128-bit, 32 hex digits) pre-shared key in hex format
|
||||
#
|
||||
# EAP-SAKE variables:
|
||||
# eappsk: 32-byte (256-bit, 64 hex digits) pre-shared key in hex format
|
||||
# (this is concatenation of Root-Secret-A and Root-Secret-B)
|
||||
# nai: user NAI (PEERID)
|
||||
#
|
||||
# EAP-GPSK variables:
|
||||
# eappsk: Pre-shared key in hex format (at least 128 bits, i.e., 32 hex digits)
|
||||
# nai: user NAI (ID_Client)
|
||||
#
|
||||
# EAP-FAST variables:
|
||||
# pac_file: File path for the PAC entries. wpa_supplicant will need to be able
|
||||
# to create this file and write updates to it when PAC is being
|
||||
|
@ -425,8 +487,18 @@ fast_reauth=1
|
|||
# working directory may change when wpa_supplicant is run in the
|
||||
# background. Alternatively, a named configuration blob can be used by
|
||||
# setting this to blob://<blob name>
|
||||
# phase1: fast_provisioning=1 option enables in-line provisioning of EAP-FAST
|
||||
# credentials (PAC)
|
||||
# phase1: fast_provisioning option can be used to enable in-line provisioning
|
||||
# of EAP-FAST credentials (PAC):
|
||||
# 0 = disabled,
|
||||
# 1 = allow unauthenticated provisioning,
|
||||
# 2 = allow authenticated provisioning,
|
||||
# 3 = allow both unauthenticated and authenticated provisioning
|
||||
# fast_max_pac_list_len=<num> option can be used to set the maximum
|
||||
# number of PAC entries to store in a PAC list (default: 10)
|
||||
# fast_pac_format=binary option can be used to select binary format for
|
||||
# storing PAC entries in order to save some space (the default
|
||||
# text format uses about 2.5 times the size of minimal binary
|
||||
# format)
|
||||
#
|
||||
# wpa_supplicant supports number of "EAP workarounds" to work around
|
||||
# interoperability issues with incorrectly behaving authentication servers.
|
||||
|
@ -463,6 +535,17 @@ network={
|
|||
priority=2
|
||||
}
|
||||
|
||||
# WPA-Personal(PSK) with TKIP and enforcement for frequent PTK rekeying
|
||||
network={
|
||||
ssid="example"
|
||||
proto=WPA
|
||||
key_mgmt=WPA-PSK
|
||||
pairwise=TKIP
|
||||
group=TKIP
|
||||
psk="not so secure passphrase"
|
||||
wpa_ptk_rekey=600
|
||||
}
|
||||
|
||||
# Only WPA-EAP is used. Both CCMP and TKIP is accepted. An AP that used WEP104
|
||||
# or WEP40 as the group cipher will not be accepted.
|
||||
network={
|
||||
|
@ -573,9 +656,9 @@ network={
|
|||
ssid="eap-psk-test"
|
||||
key_mgmt=WPA-EAP
|
||||
eap=PSK
|
||||
identity="eap_psk_user"
|
||||
eappsk=06b4be19da289f475aa46a33cb793029
|
||||
nai="eap_psk_user@example.com"
|
||||
anonymous_identity="eap_psk_user"
|
||||
password=06b4be19da289f475aa46a33cb793029
|
||||
identity="eap_psk_user@example.com"
|
||||
}
|
||||
|
||||
|
||||
|
@ -604,6 +687,15 @@ network={
|
|||
password="foobar"
|
||||
}
|
||||
|
||||
# EAP-IKEv2 using shared secrets for both server and peer authentication
|
||||
network={
|
||||
ssid="ikev2-example"
|
||||
key_mgmt=WPA-EAP
|
||||
eap=IKEV2
|
||||
identity="user"
|
||||
password="foobar"
|
||||
}
|
||||
|
||||
# EAP-FAST with WPA (WPA or WPA2)
|
||||
network={
|
||||
ssid="eap-fast-test"
|
||||
|
|
Loading…
Reference in a new issue