mirror of
https://gitlab.archlinux.org/tpowa/archboot.git
synced 2024-09-19 19:40:37 +02:00
'update to latest config status'
This commit is contained in:
parent
67991b55ea
commit
2d98d589a6
2 changed files with 158 additions and 64 deletions
|
@ -1,9 +1,11 @@
|
||||||
|
@version: 3.0
|
||||||
#
|
#
|
||||||
# /etc/syslog-ng.conf
|
# /etc/syslog-ng.conf
|
||||||
#
|
#
|
||||||
|
|
||||||
options {
|
options {
|
||||||
sync (0);
|
stats_freq (0);
|
||||||
|
flush_lines (0);
|
||||||
time_reopen (10);
|
time_reopen (10);
|
||||||
log_fifo_size (1000);
|
log_fifo_size (1000);
|
||||||
long_hostnames(off);
|
long_hostnames(off);
|
||||||
|
@ -21,24 +23,24 @@ source src {
|
||||||
file("/proc/kmsg");
|
file("/proc/kmsg");
|
||||||
};
|
};
|
||||||
|
|
||||||
destination authlog { file("/var/log/auth.log"); };
|
destination d_authlog { file("/var/log/auth.log"); };
|
||||||
destination syslog { file("/var/log/syslog.log"); };
|
destination d_syslog { file("/var/log/syslog.log"); };
|
||||||
destination cron { file("/var/log/crond.log"); };
|
destination d_cron { file("/var/log/crond.log"); };
|
||||||
destination daemon { file("/var/log/daemon.log"); };
|
destination d_daemon { file("/var/log/daemon.log"); };
|
||||||
destination kernel { file("/var/log/kernel.log"); };
|
destination d_kernel { file("/var/log/kernel.log"); };
|
||||||
destination lpr { file("/var/log/lpr.log"); };
|
destination d_lpr { file("/var/log/lpr.log"); };
|
||||||
destination user { file("/var/log/user.log"); };
|
destination d_user { file("/var/log/user.log"); };
|
||||||
destination uucp { file("/var/log/uucp.log"); };
|
destination d_uucp { file("/var/log/uucp.log"); };
|
||||||
destination mail { file("/var/log/mail.log"); };
|
destination d_mail { file("/var/log/mail.log"); };
|
||||||
destination news { file("/var/log/news.log"); };
|
destination d_news { file("/var/log/news.log"); };
|
||||||
destination ppp { file("/var/log/ppp.log"); };
|
destination d_ppp { file("/var/log/ppp.log"); };
|
||||||
#destination debug { file("/var/log/debug.log"); };
|
destination d_debug { file("/var/log/debug.log"); };
|
||||||
destination messages { file("/var/log/messages.log"); };
|
destination d_messages { file("/var/log/messages.log"); };
|
||||||
destination errors { file("/var/log/errors.log"); };
|
destination d_errors { file("/var/log/errors.log"); };
|
||||||
destination everything { file("/var/log/everything.log"); };
|
destination d_everything { file("/var/log/everything.log"); };
|
||||||
destination iptables { file("/var/log/iptables.log"); };
|
destination d_iptables { file("/var/log/iptables.log"); };
|
||||||
destination acpid { file("/var/log/acpid.log"); };
|
destination d_acpid { file("/var/log/acpid.log"); };
|
||||||
destination console { usertty("root"); };
|
destination d_console { usertty("root"); };
|
||||||
|
|
||||||
# Log everything to vc12
|
# Log everything to vc12
|
||||||
destination console_all { file("/dev/vc/12"); };
|
destination console_all { file("/dev/vc/12"); };
|
||||||
|
@ -56,7 +58,7 @@ filter f_user { facility(user); };
|
||||||
filter f_uucp { facility(cron); };
|
filter f_uucp { facility(cron); };
|
||||||
filter f_news { facility(news); };
|
filter f_news { facility(news); };
|
||||||
filter f_ppp { facility(local2); };
|
filter f_ppp { facility(local2); };
|
||||||
#filter f_debug { not facility(auth, authpriv, news, mail); };
|
filter f_debug { not facility(auth, authpriv, news, mail); };
|
||||||
filter f_messages { level(info..warn) and not facility(auth, authpriv, mail, news, cron) and not program(syslog-ng) and not filter(f_iptables); };
|
filter f_messages { level(info..warn) and not facility(auth, authpriv, mail, news, cron) and not program(syslog-ng) and not filter(f_iptables); };
|
||||||
filter f_everything { level(debug..emerg) and not facility(auth, authpriv); };
|
filter f_everything { level(debug..emerg) and not facility(auth, authpriv); };
|
||||||
filter f_emergency { level(emerg); };
|
filter f_emergency { level(emerg); };
|
||||||
|
@ -65,27 +67,27 @@ filter f_notice { level(notice); };
|
||||||
filter f_warn { level(warn); };
|
filter f_warn { level(warn); };
|
||||||
filter f_crit { level(crit); };
|
filter f_crit { level(crit); };
|
||||||
filter f_err { level(err); };
|
filter f_err { level(err); };
|
||||||
filter f_iptables { match("IN=.*OUT="); };
|
filter f_iptables { match("IN=" value("MESSAGE")) and match("OUT=" value("MESSAGE")); };
|
||||||
filter f_acpid { match("acpid"); };
|
filter f_acpid { program("acpid"); };
|
||||||
|
|
||||||
log { source(src); filter(f_acpid); destination(acpid); flags(final); };
|
log { source(src); filter(f_acpid); destination(d_acpid); };
|
||||||
log { source(src); filter(f_authpriv); destination(authlog); };
|
log { source(src); filter(f_authpriv); destination(d_authlog); };
|
||||||
log { source(src); filter(f_syslog); destination(syslog); };
|
log { source(src); filter(f_syslog); destination(d_syslog); };
|
||||||
log { source(src); filter(f_cron); destination(cron); };
|
log { source(src); filter(f_cron); destination(d_cron); };
|
||||||
log { source(src); filter(f_daemon); destination(daemon); };
|
log { source(src); filter(f_daemon); destination(d_daemon); };
|
||||||
log { source(src); filter(f_kernel); destination(kernel); };
|
log { source(src); filter(f_kernel); destination(d_kernel); };
|
||||||
log { source(src); filter(f_lpr); destination(lpr); };
|
log { source(src); filter(f_lpr); destination(d_lpr); };
|
||||||
log { source(src); filter(f_mail); destination(mail); };
|
log { source(src); filter(f_mail); destination(d_mail); };
|
||||||
log { source(src); filter(f_news); destination(news); };
|
log { source(src); filter(f_news); destination(d_news); };
|
||||||
log { source(src); filter(f_ppp); destination(ppp); };
|
log { source(src); filter(f_ppp); destination(d_ppp); };
|
||||||
log { source(src); filter(f_user); destination(user); };
|
log { source(src); filter(f_user); destination(d_user); };
|
||||||
log { source(src); filter(f_uucp); destination(uucp); };
|
log { source(src); filter(f_uucp); destination(d_uucp); };
|
||||||
#log { source(src); filter(f_debug); destination(debug); };
|
#log { source(src); filter(f_debug); destination(d_debug); };
|
||||||
log { source(src); filter(f_messages); destination(messages); };
|
log { source(src); filter(f_messages); destination(d_messages); };
|
||||||
log { source(src); filter(f_err); destination(errors); };
|
log { source(src); filter(f_err); destination(d_errors); };
|
||||||
log { source(src); filter(f_emergency); destination(console); };
|
log { source(src); filter(f_emergency); destination(d_console); };
|
||||||
log { source(src); filter(f_everything); destination(everything); };
|
log { source(src); filter(f_everything); destination(d_everything); };
|
||||||
log { source(src); filter(f_iptables); destination(iptables); };
|
log { source(src); filter(f_iptables); destination(d_iptables); };
|
||||||
|
|
||||||
# Log everything to vc12
|
# Log everything to vc12
|
||||||
log { source(src); destination(console_all); };
|
log { source(src); destination(console_all); };
|
||||||
|
|
|
@ -135,6 +135,11 @@ fast_reauth=1
|
||||||
# in most cases.
|
# in most cases.
|
||||||
#driver_param="field=value"
|
#driver_param="field=value"
|
||||||
|
|
||||||
|
# Country code
|
||||||
|
# The ISO/IEC alpha2 country code for the country in which this device is
|
||||||
|
# currently operating.
|
||||||
|
#country=US
|
||||||
|
|
||||||
# Maximum lifetime for PMKSA in seconds; default 43200
|
# Maximum lifetime for PMKSA in seconds; default 43200
|
||||||
#dot11RSNAConfigPMKLifetime=43200
|
#dot11RSNAConfigPMKLifetime=43200
|
||||||
# Threshold for reauthentication (percentage of PMK lifetime); default 70
|
# Threshold for reauthentication (percentage of PMK lifetime); default 70
|
||||||
|
@ -142,6 +147,57 @@ fast_reauth=1
|
||||||
# Timeout for security association negotiation in seconds; default 60
|
# Timeout for security association negotiation in seconds; default 60
|
||||||
#dot11RSNAConfigSATimeout=60
|
#dot11RSNAConfigSATimeout=60
|
||||||
|
|
||||||
|
# Wi-Fi Protected Setup (WPS) parameters
|
||||||
|
|
||||||
|
# Universally Unique IDentifier (UUID; see RFC 4122) of the device
|
||||||
|
# If not configured, UUID will be generated based on the local MAC address.
|
||||||
|
#uuid=12345678-9abc-def0-1234-56789abcdef0
|
||||||
|
|
||||||
|
# Device Name
|
||||||
|
# User-friendly description of device; up to 32 octets encoded in UTF-8
|
||||||
|
#device_name=Wireless Client
|
||||||
|
|
||||||
|
# Manufacturer
|
||||||
|
# The manufacturer of the device (up to 64 ASCII characters)
|
||||||
|
#manufacturer=Company
|
||||||
|
|
||||||
|
# Model Name
|
||||||
|
# Model of the device (up to 32 ASCII characters)
|
||||||
|
#model_name=cmodel
|
||||||
|
|
||||||
|
# Model Number
|
||||||
|
# Additional device description (up to 32 ASCII characters)
|
||||||
|
#model_number=123
|
||||||
|
|
||||||
|
# Serial Number
|
||||||
|
# Serial number of the device (up to 32 characters)
|
||||||
|
#serial_number=12345
|
||||||
|
|
||||||
|
# Primary Device Type
|
||||||
|
# Used format: <categ>-<OUI>-<subcateg>
|
||||||
|
# categ = Category as an integer value
|
||||||
|
# OUI = OUI and type octet as a 4-octet hex-encoded value; 0050F204 for
|
||||||
|
# default WPS OUI
|
||||||
|
# subcateg = OUI-specific Sub Category as an integer value
|
||||||
|
# Examples:
|
||||||
|
# 1-0050F204-1 (Computer / PC)
|
||||||
|
# 1-0050F204-2 (Computer / Server)
|
||||||
|
# 5-0050F204-1 (Storage / NAS)
|
||||||
|
# 6-0050F204-1 (Network Infrastructure / AP)
|
||||||
|
#device_type=1-0050F204-1
|
||||||
|
|
||||||
|
# OS Version
|
||||||
|
# 4-octet operating system version number (hex string)
|
||||||
|
#os_version=01020300
|
||||||
|
|
||||||
|
# Credential processing
|
||||||
|
# 0 = process received credentials internally (default)
|
||||||
|
# 1 = do not process received credentials; just pass them over ctrl_iface to
|
||||||
|
# external program(s)
|
||||||
|
# 2 = process received credentials internally and pass them over ctrl_iface
|
||||||
|
# to external program(s)
|
||||||
|
#wps_cred_processing=0
|
||||||
|
|
||||||
# network block
|
# network block
|
||||||
#
|
#
|
||||||
# Each network (usually AP's sharing the same SSID) is configured as a separate
|
# Each network (usually AP's sharing the same SSID) is configured as a separate
|
||||||
|
@ -206,11 +262,12 @@ fast_reauth=1
|
||||||
#
|
#
|
||||||
# key_mgmt: list of accepted authenticated key management protocols
|
# key_mgmt: list of accepted authenticated key management protocols
|
||||||
# WPA-PSK = WPA pre-shared key (this requires 'psk' field)
|
# WPA-PSK = WPA pre-shared key (this requires 'psk' field)
|
||||||
# WPA-EAP = WPA using EAP authentication (this can use an external
|
# WPA-EAP = WPA using EAP authentication
|
||||||
# program, e.g., Xsupplicant, for IEEE 802.1X EAP Authentication
|
|
||||||
# IEEE8021X = IEEE 802.1X using EAP authentication and (optionally) dynamically
|
# IEEE8021X = IEEE 802.1X using EAP authentication and (optionally) dynamically
|
||||||
# generated WEP keys
|
# generated WEP keys
|
||||||
# NONE = WPA is not used; plaintext or static WEP could be used
|
# NONE = WPA is not used; plaintext or static WEP could be used
|
||||||
|
# WPA-PSK-SHA256 = Like WPA-PSK but using stronger SHA256-based algorithms
|
||||||
|
# WPA-EAP-SHA256 = Like WPA-EAP but using stronger SHA256-based algorithms
|
||||||
# If not set, this defaults to: WPA-PSK WPA-EAP
|
# If not set, this defaults to: WPA-PSK WPA-EAP
|
||||||
#
|
#
|
||||||
# auth_alg: list of allowed IEEE 802.11 authentication algorithms
|
# auth_alg: list of allowed IEEE 802.11 authentication algorithms
|
||||||
|
@ -274,6 +331,9 @@ fast_reauth=1
|
||||||
# 1 = enabled
|
# 1 = enabled
|
||||||
#peerkey=1
|
#peerkey=1
|
||||||
#
|
#
|
||||||
|
# wpa_ptk_rekey: Maximum lifetime for PTK in seconds. This can be used to
|
||||||
|
# enforce rekeying of PTK to mitigate some attacks against TKIP deficiencies.
|
||||||
|
#
|
||||||
# Following fields are only used with internal EAP implementation.
|
# Following fields are only used with internal EAP implementation.
|
||||||
# eap: space-separated list of accepted EAP methods
|
# eap: space-separated list of accepted EAP methods
|
||||||
# MD5 = EAP-MD5 (unsecure and does not generate keying material ->
|
# MD5 = EAP-MD5 (unsecure and does not generate keying material ->
|
||||||
|
@ -292,10 +352,19 @@ fast_reauth=1
|
||||||
# If not set, all compiled in methods are allowed.
|
# If not set, all compiled in methods are allowed.
|
||||||
#
|
#
|
||||||
# identity: Identity string for EAP
|
# identity: Identity string for EAP
|
||||||
|
# This field is also used to configure user NAI for
|
||||||
|
# EAP-PSK/PAX/SAKE/GPSK.
|
||||||
# anonymous_identity: Anonymous identity string for EAP (to be used as the
|
# anonymous_identity: Anonymous identity string for EAP (to be used as the
|
||||||
# unencrypted identity with EAP types that support different tunnelled
|
# unencrypted identity with EAP types that support different tunnelled
|
||||||
# identity, e.g., EAP-TTLS)
|
# identity, e.g., EAP-TTLS)
|
||||||
# password: Password string for EAP
|
# password: Password string for EAP. This field can include either the
|
||||||
|
# plaintext password (using ASCII or hex string) or a NtPasswordHash
|
||||||
|
# (16-byte MD4 hash of password) in hash:<32 hex digits> format.
|
||||||
|
# NtPasswordHash can only be used when the password is for MSCHAPv2 or
|
||||||
|
# MSCHAP (EAP-MSCHAPv2, EAP-TTLS/MSCHAPv2, EAP-TTLS/MSCHAP, LEAP).
|
||||||
|
# EAP-PSK (128-bit PSK), EAP-PAX (128-bit PSK), and EAP-SAKE (256-bit
|
||||||
|
# PSK) is also configured using this field. For EAP-GPSK, this is a
|
||||||
|
# variable length PSK.
|
||||||
# ca_cert: File path to CA certificate file (PEM/DER). This file can have one
|
# ca_cert: File path to CA certificate file (PEM/DER). This file can have one
|
||||||
# or more trusted CA certificates. If ca_cert and ca_path are not
|
# or more trusted CA certificates. If ca_cert and ca_path are not
|
||||||
# included, server certificate will not be verified. This is insecure and
|
# included, server certificate will not be verified. This is insecure and
|
||||||
|
@ -376,6 +445,15 @@ fast_reauth=1
|
||||||
# fragmented.
|
# fragmented.
|
||||||
# sim_min_num_chal=3 can be used to configure EAP-SIM to require three
|
# sim_min_num_chal=3 can be used to configure EAP-SIM to require three
|
||||||
# challenges (by default, it accepts 2 or 3)
|
# challenges (by default, it accepts 2 or 3)
|
||||||
|
# result_ind=1 can be used to enable EAP-SIM and EAP-AKA to use
|
||||||
|
# protected result indication.
|
||||||
|
# 'crypto_binding' option can be used to control PEAPv0 cryptobinding
|
||||||
|
# behavior:
|
||||||
|
# * 0 = do not use cryptobinding (default)
|
||||||
|
# * 1 = use cryptobinding if server supports it
|
||||||
|
# * 2 = require cryptobinding
|
||||||
|
# EAP-WSC (WPS) uses following options: pin=<Device Password> or
|
||||||
|
# pbc=1.
|
||||||
# phase2: Phase2 (inner authentication with TLS tunnel) parameters
|
# phase2: Phase2 (inner authentication with TLS tunnel) parameters
|
||||||
# (string with field-value pairs, e.g., "auth=MSCHAPV2" for EAP-PEAP or
|
# (string with field-value pairs, e.g., "auth=MSCHAPV2" for EAP-PEAP or
|
||||||
# "autheap=MSCHAPV2 autheap=MD5" for EAP-TTLS)
|
# "autheap=MSCHAPV2 autheap=MD5" for EAP-TTLS)
|
||||||
|
@ -402,22 +480,6 @@ fast_reauth=1
|
||||||
# interface used for EAPOL. The default value is suitable for most
|
# interface used for EAPOL. The default value is suitable for most
|
||||||
# cases.
|
# cases.
|
||||||
#
|
#
|
||||||
# EAP-PSK variables:
|
|
||||||
# eappsk: 16-byte (128-bit, 32 hex digits) pre-shared key in hex format
|
|
||||||
# nai: user NAI
|
|
||||||
#
|
|
||||||
# EAP-PAX variables:
|
|
||||||
# eappsk: 16-byte (128-bit, 32 hex digits) pre-shared key in hex format
|
|
||||||
#
|
|
||||||
# EAP-SAKE variables:
|
|
||||||
# eappsk: 32-byte (256-bit, 64 hex digits) pre-shared key in hex format
|
|
||||||
# (this is concatenation of Root-Secret-A and Root-Secret-B)
|
|
||||||
# nai: user NAI (PEERID)
|
|
||||||
#
|
|
||||||
# EAP-GPSK variables:
|
|
||||||
# eappsk: Pre-shared key in hex format (at least 128 bits, i.e., 32 hex digits)
|
|
||||||
# nai: user NAI (ID_Client)
|
|
||||||
#
|
|
||||||
# EAP-FAST variables:
|
# EAP-FAST variables:
|
||||||
# pac_file: File path for the PAC entries. wpa_supplicant will need to be able
|
# pac_file: File path for the PAC entries. wpa_supplicant will need to be able
|
||||||
# to create this file and write updates to it when PAC is being
|
# to create this file and write updates to it when PAC is being
|
||||||
|
@ -425,8 +487,18 @@ fast_reauth=1
|
||||||
# working directory may change when wpa_supplicant is run in the
|
# working directory may change when wpa_supplicant is run in the
|
||||||
# background. Alternatively, a named configuration blob can be used by
|
# background. Alternatively, a named configuration blob can be used by
|
||||||
# setting this to blob://<blob name>
|
# setting this to blob://<blob name>
|
||||||
# phase1: fast_provisioning=1 option enables in-line provisioning of EAP-FAST
|
# phase1: fast_provisioning option can be used to enable in-line provisioning
|
||||||
# credentials (PAC)
|
# of EAP-FAST credentials (PAC):
|
||||||
|
# 0 = disabled,
|
||||||
|
# 1 = allow unauthenticated provisioning,
|
||||||
|
# 2 = allow authenticated provisioning,
|
||||||
|
# 3 = allow both unauthenticated and authenticated provisioning
|
||||||
|
# fast_max_pac_list_len=<num> option can be used to set the maximum
|
||||||
|
# number of PAC entries to store in a PAC list (default: 10)
|
||||||
|
# fast_pac_format=binary option can be used to select binary format for
|
||||||
|
# storing PAC entries in order to save some space (the default
|
||||||
|
# text format uses about 2.5 times the size of minimal binary
|
||||||
|
# format)
|
||||||
#
|
#
|
||||||
# wpa_supplicant supports number of "EAP workarounds" to work around
|
# wpa_supplicant supports number of "EAP workarounds" to work around
|
||||||
# interoperability issues with incorrectly behaving authentication servers.
|
# interoperability issues with incorrectly behaving authentication servers.
|
||||||
|
@ -463,6 +535,17 @@ network={
|
||||||
priority=2
|
priority=2
|
||||||
}
|
}
|
||||||
|
|
||||||
|
# WPA-Personal(PSK) with TKIP and enforcement for frequent PTK rekeying
|
||||||
|
network={
|
||||||
|
ssid="example"
|
||||||
|
proto=WPA
|
||||||
|
key_mgmt=WPA-PSK
|
||||||
|
pairwise=TKIP
|
||||||
|
group=TKIP
|
||||||
|
psk="not so secure passphrase"
|
||||||
|
wpa_ptk_rekey=600
|
||||||
|
}
|
||||||
|
|
||||||
# Only WPA-EAP is used. Both CCMP and TKIP is accepted. An AP that used WEP104
|
# Only WPA-EAP is used. Both CCMP and TKIP is accepted. An AP that used WEP104
|
||||||
# or WEP40 as the group cipher will not be accepted.
|
# or WEP40 as the group cipher will not be accepted.
|
||||||
network={
|
network={
|
||||||
|
@ -573,9 +656,9 @@ network={
|
||||||
ssid="eap-psk-test"
|
ssid="eap-psk-test"
|
||||||
key_mgmt=WPA-EAP
|
key_mgmt=WPA-EAP
|
||||||
eap=PSK
|
eap=PSK
|
||||||
identity="eap_psk_user"
|
anonymous_identity="eap_psk_user"
|
||||||
eappsk=06b4be19da289f475aa46a33cb793029
|
password=06b4be19da289f475aa46a33cb793029
|
||||||
nai="eap_psk_user@example.com"
|
identity="eap_psk_user@example.com"
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
@ -604,6 +687,15 @@ network={
|
||||||
password="foobar"
|
password="foobar"
|
||||||
}
|
}
|
||||||
|
|
||||||
|
# EAP-IKEv2 using shared secrets for both server and peer authentication
|
||||||
|
network={
|
||||||
|
ssid="ikev2-example"
|
||||||
|
key_mgmt=WPA-EAP
|
||||||
|
eap=IKEV2
|
||||||
|
identity="user"
|
||||||
|
password="foobar"
|
||||||
|
}
|
||||||
|
|
||||||
# EAP-FAST with WPA (WPA or WPA2)
|
# EAP-FAST with WPA (WPA or WPA2)
|
||||||
network={
|
network={
|
||||||
ssid="eap-fast-test"
|
ssid="eap-fast-test"
|
||||||
|
|
Loading…
Reference in a new issue