'update to latest config status'

2024-09-19 19:40:37 +02:00 · 2009-03-28 13:51:40 +01:00 · 2009-03-28 13:51:40 +01:00 · 2d98d589a6
commit 2d98d589a6
parent 67991b55ea
2 changed files with 158 additions and 64 deletions
--- a/usr/share/archboot/base/etc/syslog-ng.conf
+++ b/usr/share/archboot/base/etc/syslog-ng.conf
@ -1,9 +1,11 @@
+@version: 3.0
 #
 # /etc/syslog-ng.conf
 #

 options {
-  sync (0);
+  stats_freq (0);
+  flush_lines (0);
  time_reopen (10);
  log_fifo_size (1000);
  long_hostnames(off); 
@ -21,24 +23,24 @@ source src {
  file("/proc/kmsg");
 };

-destination authlog { file("/var/log/auth.log"); };
-destination syslog { file("/var/log/syslog.log"); };
-destination cron { file("/var/log/crond.log"); };
-destination daemon { file("/var/log/daemon.log"); };
-destination kernel { file("/var/log/kernel.log"); };
-destination lpr { file("/var/log/lpr.log"); };
-destination user { file("/var/log/user.log"); };
-destination uucp { file("/var/log/uucp.log"); };
-destination mail { file("/var/log/mail.log"); };
-destination news { file("/var/log/news.log"); };
-destination ppp { file("/var/log/ppp.log"); };
-#destination debug { file("/var/log/debug.log"); };
-destination messages { file("/var/log/messages.log"); };
-destination errors { file("/var/log/errors.log"); };
-destination everything { file("/var/log/everything.log"); };
-destination iptables { file("/var/log/iptables.log"); };
-destination acpid { file("/var/log/acpid.log"); };
-destination console { usertty("root"); };
+destination d_authlog { file("/var/log/auth.log"); };
+destination d_syslog { file("/var/log/syslog.log"); };
+destination d_cron { file("/var/log/crond.log"); };
+destination d_daemon { file("/var/log/daemon.log"); };
+destination d_kernel { file("/var/log/kernel.log"); };
+destination d_lpr { file("/var/log/lpr.log"); };
+destination d_user { file("/var/log/user.log"); };
+destination d_uucp { file("/var/log/uucp.log"); };
+destination d_mail { file("/var/log/mail.log"); };
+destination d_news { file("/var/log/news.log"); };
+destination d_ppp { file("/var/log/ppp.log"); };
+destination d_debug { file("/var/log/debug.log"); };
+destination d_messages { file("/var/log/messages.log"); };
+destination d_errors { file("/var/log/errors.log"); };
+destination d_everything { file("/var/log/everything.log"); };
+destination d_iptables { file("/var/log/iptables.log"); };
+destination d_acpid { file("/var/log/acpid.log"); };
+destination d_console { usertty("root"); };

 # Log everything to vc12
 destination console_all { file("/dev/vc/12"); };
@ -56,7 +58,7 @@ filter f_user { facility(user); };
 filter f_uucp { facility(cron); };
 filter f_news { facility(news); };
 filter f_ppp { facility(local2); };
-#filter f_debug { not facility(auth, authpriv, news, mail); };
+filter f_debug { not facility(auth, authpriv, news, mail); };
 filter f_messages { level(info..warn) and not facility(auth, authpriv, mail, news, cron) and not program(syslog-ng) and not filter(f_iptables); };
 filter f_everything { level(debug..emerg) and not facility(auth, authpriv); };
 filter f_emergency { level(emerg); };
@ -65,27 +67,27 @@ filter f_notice { level(notice); };
 filter f_warn { level(warn); };
 filter f_crit { level(crit); };
 filter f_err { level(err); };
-filter f_iptables { match("IN=.*OUT="); };
-filter f_acpid { match("acpid"); };
+filter f_iptables { match("IN=" value("MESSAGE")) and match("OUT=" value("MESSAGE")); };
+filter f_acpid { program("acpid"); };

-log { source(src); filter(f_acpid); destination(acpid); flags(final); };
-log { source(src); filter(f_authpriv); destination(authlog); };
-log { source(src); filter(f_syslog); destination(syslog); };
-log { source(src); filter(f_cron); destination(cron); };
-log { source(src); filter(f_daemon); destination(daemon); };
-log { source(src); filter(f_kernel); destination(kernel); };
-log { source(src); filter(f_lpr); destination(lpr); };
-log { source(src); filter(f_mail); destination(mail); };
-log { source(src); filter(f_news); destination(news); };
-log { source(src); filter(f_ppp); destination(ppp); };
-log { source(src); filter(f_user); destination(user); };
-log { source(src); filter(f_uucp); destination(uucp); };
-#log { source(src); filter(f_debug); destination(debug); };
-log { source(src); filter(f_messages); destination(messages); };
-log { source(src); filter(f_err); destination(errors); };
-log { source(src); filter(f_emergency); destination(console); };
-log { source(src); filter(f_everything); destination(everything); };
-log { source(src); filter(f_iptables); destination(iptables); };
+log { source(src); filter(f_acpid); destination(d_acpid); };
+log { source(src); filter(f_authpriv); destination(d_authlog); };
+log { source(src); filter(f_syslog); destination(d_syslog); };
+log { source(src); filter(f_cron); destination(d_cron); };
+log { source(src); filter(f_daemon); destination(d_daemon); };
+log { source(src); filter(f_kernel); destination(d_kernel); };
+log { source(src); filter(f_lpr); destination(d_lpr); };
+log { source(src); filter(f_mail); destination(d_mail); };
+log { source(src); filter(f_news); destination(d_news); };
+log { source(src); filter(f_ppp); destination(d_ppp); };
+log { source(src); filter(f_user); destination(d_user); };
+log { source(src); filter(f_uucp); destination(d_uucp); };
+#log { source(src); filter(f_debug); destination(d_debug); };
+log { source(src); filter(f_messages); destination(d_messages); };
+log { source(src); filter(f_err); destination(d_errors); };
+log { source(src); filter(f_emergency); destination(d_console); };
+log { source(src); filter(f_everything); destination(d_everything); };
+log { source(src); filter(f_iptables); destination(d_iptables); };

 # Log everything to vc12
 log { source(src); destination(console_all); };
--- a/usr/share/archboot/wireless/etc/wpa_supplicant.conf
+++ b/usr/share/archboot/wireless/etc/wpa_supplicant.conf
@ -135,6 +135,11 @@ fast_reauth=1
 # in most cases.
 #driver_param="field=value"

+# Country code
+# The ISO/IEC alpha2 country code for the country in which this device is
+# currently operating.
+#country=US
+
 # Maximum lifetime for PMKSA in seconds; default 43200
 #dot11RSNAConfigPMKLifetime=43200
 # Threshold for reauthentication (percentage of PMK lifetime); default 70
@ -142,6 +147,57 @@ fast_reauth=1
 # Timeout for security association negotiation in seconds; default 60
 #dot11RSNAConfigSATimeout=60

+# Wi-Fi Protected Setup (WPS) parameters
+
+# Universally Unique IDentifier (UUID; see RFC 4122) of the device
+# If not configured, UUID will be generated based on the local MAC address.
+#uuid=12345678-9abc-def0-1234-56789abcdef0
+
+# Device Name
+# User-friendly description of device; up to 32 octets encoded in UTF-8
+#device_name=Wireless Client
+
+# Manufacturer
+# The manufacturer of the device (up to 64 ASCII characters)
+#manufacturer=Company
+
+# Model Name
+# Model of the device (up to 32 ASCII characters)
+#model_name=cmodel
+
+# Model Number
+# Additional device description (up to 32 ASCII characters)
+#model_number=123
+
+# Serial Number
+# Serial number of the device (up to 32 characters)
+#serial_number=12345
+
+# Primary Device Type
+# Used format: <categ>-<OUI>-<subcateg>
+# categ = Category as an integer value
+# OUI = OUI and type octet as a 4-octet hex-encoded value; 0050F204 for
+#       default WPS OUI
+# subcateg = OUI-specific Sub Category as an integer value
+# Examples:
+#   1-0050F204-1 (Computer / PC)
+#   1-0050F204-2 (Computer / Server)
+#   5-0050F204-1 (Storage / NAS)
+#   6-0050F204-1 (Network Infrastructure / AP)
+#device_type=1-0050F204-1
+
+# OS Version
+# 4-octet operating system version number (hex string)
+#os_version=01020300
+
+# Credential processing
+#   0 = process received credentials internally (default)
+#   1 = do not process received credentials; just pass them over ctrl_iface to
+#	external program(s)
+#   2 = process received credentials internally and pass them over ctrl_iface
+#	to external program(s)
+#wps_cred_processing=0
+
 # network block
 #
 # Each network (usually AP's sharing the same SSID) is configured as a separate
@ -206,11 +262,12 @@ fast_reauth=1
 #
 # key_mgmt: list of accepted authenticated key management protocols
 # WPA-PSK = WPA pre-shared key (this requires 'psk' field)
-# WPA-EAP = WPA using EAP authentication (this can use an external
-#	program, e.g., Xsupplicant, for IEEE 802.1X EAP Authentication
+# WPA-EAP = WPA using EAP authentication
 # IEEE8021X = IEEE 802.1X using EAP authentication and (optionally) dynamically
 #	generated WEP keys
 # NONE = WPA is not used; plaintext or static WEP could be used
+# WPA-PSK-SHA256 = Like WPA-PSK but using stronger SHA256-based algorithms
+# WPA-EAP-SHA256 = Like WPA-EAP but using stronger SHA256-based algorithms
 # If not set, this defaults to: WPA-PSK WPA-EAP
 #
 # auth_alg: list of allowed IEEE 802.11 authentication algorithms
@ -274,6 +331,9 @@ fast_reauth=1
 # 1 = enabled
 #peerkey=1
 #
+# wpa_ptk_rekey: Maximum lifetime for PTK in seconds. This can be used to
+# enforce rekeying of PTK to mitigate some attacks against TKIP deficiencies.
+#
 # Following fields are only used with internal EAP implementation.
 # eap: space-separated list of accepted EAP methods
 #	MD5 = EAP-MD5 (unsecure and does not generate keying material ->
@ -292,10 +352,19 @@ fast_reauth=1
 #	If not set, all compiled in methods are allowed.
 #
 # identity: Identity string for EAP
+#	This field is also used to configure user NAI for
+#	EAP-PSK/PAX/SAKE/GPSK.
 # anonymous_identity: Anonymous identity string for EAP (to be used as the
 #	unencrypted identity with EAP types that support different tunnelled
 #	identity, e.g., EAP-TTLS)
-# password: Password string for EAP
+# password: Password string for EAP. This field can include either the
+#	plaintext password (using ASCII or hex string) or a NtPasswordHash
+#	(16-byte MD4 hash of password) in hash:<32 hex digits> format.
+#	NtPasswordHash can only be used when the password is for MSCHAPv2 or
+#	MSCHAP (EAP-MSCHAPv2, EAP-TTLS/MSCHAPv2, EAP-TTLS/MSCHAP, LEAP).
+#	EAP-PSK (128-bit PSK), EAP-PAX (128-bit PSK), and EAP-SAKE (256-bit
+#	PSK) is also configured using this field. For EAP-GPSK, this is a
+#	variable length PSK.
 # ca_cert: File path to CA certificate file (PEM/DER). This file can have one
 #	or more trusted CA certificates. If ca_cert and ca_path are not
 #	included, server certificate will not be verified. This is insecure and
@ -376,6 +445,15 @@ fast_reauth=1
 #	fragmented.
 #	sim_min_num_chal=3 can be used to configure EAP-SIM to require three
 #	challenges (by default, it accepts 2 or 3)
+#	result_ind=1 can be used to enable EAP-SIM and EAP-AKA to use
+#	protected result indication.
+#	'crypto_binding' option can be used to control PEAPv0 cryptobinding
+#	behavior:
+#	 * 0 = do not use cryptobinding (default)
+#	 * 1 = use cryptobinding if server supports it
+#	 * 2 = require cryptobinding
+#	EAP-WSC (WPS) uses following options: pin=<Device Password> or
+#	pbc=1.
 # phase2: Phase2 (inner authentication with TLS tunnel) parameters
 #	(string with field-value pairs, e.g., "auth=MSCHAPV2" for EAP-PEAP or
 #	"autheap=MSCHAPV2 autheap=MD5" for EAP-TTLS)
@ -402,22 +480,6 @@ fast_reauth=1
 #	interface used for EAPOL. The default value is suitable for most
 #	cases.
 #
-# EAP-PSK variables:
-# eappsk: 16-byte (128-bit, 32 hex digits) pre-shared key in hex format
-# nai: user NAI
-#
-# EAP-PAX variables:
-# eappsk: 16-byte (128-bit, 32 hex digits) pre-shared key in hex format
-#
-# EAP-SAKE variables:
-# eappsk: 32-byte (256-bit, 64 hex digits) pre-shared key in hex format
-#	(this is concatenation of Root-Secret-A and Root-Secret-B)
-# nai: user NAI (PEERID)
-#
-# EAP-GPSK variables:
-# eappsk: Pre-shared key in hex format (at least 128 bits, i.e., 32 hex digits)
-# nai: user NAI (ID_Client)
-#
 # EAP-FAST variables:
 # pac_file: File path for the PAC entries. wpa_supplicant will need to be able
 #	to create this file and write updates to it when PAC is being
@ -425,8 +487,18 @@ fast_reauth=1
 #	working directory may change when wpa_supplicant is run in the
 #	background. Alternatively, a named configuration blob can be used by
 #	setting this to blob://<blob name>
-# phase1: fast_provisioning=1 option enables in-line provisioning of EAP-FAST
-#	credentials (PAC)
+# phase1: fast_provisioning option can be used to enable in-line provisioning
+#         of EAP-FAST credentials (PAC):
+#         0 = disabled,
+#         1 = allow unauthenticated provisioning,
+#         2 = allow authenticated provisioning,
+#         3 = allow both unauthenticated and authenticated provisioning
+#	fast_max_pac_list_len=<num> option can be used to set the maximum
+#		number of PAC entries to store in a PAC list (default: 10)
+#	fast_pac_format=binary option can be used to select binary format for
+#		storing PAC entries in order to save some space (the default
+#		text format uses about 2.5 times the size of minimal binary
+#		format)
 #
 # wpa_supplicant supports number of "EAP workarounds" to work around
 # interoperability issues with incorrectly behaving authentication servers.
@ -463,6 +535,17 @@ network={
 	priority=2
 }

+# WPA-Personal(PSK) with TKIP and enforcement for frequent PTK rekeying
+network={
+	ssid="example"
+	proto=WPA
+	key_mgmt=WPA-PSK
+	pairwise=TKIP
+	group=TKIP
+	psk="not so secure passphrase"
+	wpa_ptk_rekey=600
+}
+
 # Only WPA-EAP is used. Both CCMP and TKIP is accepted. An AP that used WEP104
 # or WEP40 as the group cipher will not be accepted.
 network={
@ -573,9 +656,9 @@ network={
 	ssid="eap-psk-test"
 	key_mgmt=WPA-EAP
 	eap=PSK
-	identity="eap_psk_user"
-	eappsk=06b4be19da289f475aa46a33cb793029
-	nai="eap_psk_user@example.com"
+	anonymous_identity="eap_psk_user"
+	password=06b4be19da289f475aa46a33cb793029
+	identity="eap_psk_user@example.com"
 }


@ -604,6 +687,15 @@ network={
 	password="foobar"
 }

+# EAP-IKEv2 using shared secrets for both server and peer authentication
+network={
+	ssid="ikev2-example"
+	key_mgmt=WPA-EAP
+	eap=IKEV2
+	identity="user"
+	password="foobar"
+}
+
 # EAP-FAST with WPA (WPA or WPA2)
 network={
 	ssid="eap-fast-test"