diff options
| author | Xiao Pan <gky44px1999@gmail.com> | 2023-10-25 06:45:08 +0000 |
|---|---|---|
| committer | Xiao Pan <gky44px1999@gmail.com> | 2023-10-25 06:45:08 +0000 |
| commit | e4db0b25bf6540386e737594a47cb92a83c0cbea (patch) | |
| tree | 70f85967663aa539fabe40e40803fa638acfae00 /etc | |
| parent | 12bda1ac3390f2d16a401d895faf0ef2418f874c (diff) | |
update
Diffstat (limited to 'etc')
| -rw-r--r-- | etc/.cfgl/config | 6 | ||||
| -rw-r--r-- | etc/locale.conf | 2 | ||||
| -rw-r--r-- | etc/locale.gen | 13 | ||||
| -rw-r--r-- | etc/nftables.conf | 6 | ||||
| -rw-r--r-- | etc/pacman.conf | 10 | ||||
| l--------- | etc/resolv.conf | 1 | ||||
| -rw-r--r-- | etc/services | 82 | ||||
| -rw-r--r-- | etc/ssh/sshd_config | 25 | ||||
| -rw-r--r-- | etc/sudoers | 9 |
9 files changed, 103 insertions, 51 deletions
diff --git a/etc/.cfgl/config b/etc/.cfgl/config index 905f17be..ca4ebfad 100644 --- a/etc/.cfgl/config +++ b/etc/.cfgl/config @@ -11,12 +11,6 @@ fetch = +refs/heads/*:refs/remotes/origin/* [commit] gpgsign = false -[branch "master"] - remote = origin - merge = refs/heads/master -[remote "usb"] - url = /run/media/xyz/Ventoy/git_bare_repos/config_local_arch - fetch = +refs/heads/*:refs/remotes/usb/* [branch "studio"] remote = origin merge = refs/heads/studio diff --git a/etc/locale.conf b/etc/locale.conf index 6737e875..01ec548f 100644 --- a/etc/locale.conf +++ b/etc/locale.conf @@ -1 +1 @@ -LANG=en_US.utf8 +LANG=en_US.UTF-8 diff --git a/etc/locale.gen b/etc/locale.gen index a094efe7..a4e3c9f3 100644 --- a/etc/locale.gen +++ b/etc/locale.gen @@ -9,17 +9,11 @@ # where <locale> is one of the locales given in /usr/share/i18n/locales # and <charset> is one of the character sets listed in /usr/share/i18n/charmaps # -# Examples: -# en_US ISO-8859-1 -# en_US.UTF-8 UTF-8 -# de_DE ISO-8859-1 -# de_DE@euro ISO-8859-15 -# # The locale-gen command will generate all the locales, # placing them in /usr/lib/locale. # -# A list of supported locales is included in this file. -# Uncomment the ones you need. +# A list of supported locales is given in /usr/share/i18n/SUPPORTED +# and is included in this file. Uncomment the needed locales below. # #aa_DJ.UTF-8 UTF-8 #aa_DJ ISO-8859-1 @@ -99,7 +93,6 @@ #bs_BA.UTF-8 UTF-8 #bs_BA ISO-8859-2 #byn_ER UTF-8 -C.UTF-8 UTF-8 #ca_AD.UTF-8 UTF-8 #ca_AD ISO-8859-15 #ca_ES.UTF-8 UTF-8 @@ -398,6 +391,7 @@ en_US ISO-8859-1 #pt_PT@euro ISO-8859-15 #quz_PE UTF-8 #raj_IN UTF-8 +#rif_MA UTF-8 #ro_RO.UTF-8 UTF-8 #ro_RO ISO-8859-2 #ru_RU.KOI8-R KOI8-R @@ -446,6 +440,7 @@ en_US ISO-8859-1 #sv_SE ISO-8859-1 #sw_KE UTF-8 #sw_TZ UTF-8 +#syr UTF-8 #szl_PL UTF-8 #ta_IN UTF-8 #ta_LK UTF-8 diff --git a/etc/nftables.conf b/etc/nftables.conf index 47605bfb..999b91ac 100644 --- a/etc/nftables.conf +++ b/etc/nftables.conf @@ -6,8 +6,7 @@ # some codes from https://wiki.archlinux.org/title/Nftables # needed for reload config using `sudo systemctl restart nftables` or `sudo nft -f /etc/nftables.conf` -table inet my_table -delete table inet my_table +flush ruleset table inet my_table { @@ -22,9 +21,8 @@ table inet my_table { meta l4proto ipv6-icmp accept tcp dport ssh accept - #tcp dport searx accept - tcp dport qrcp accept udp dport mdns accept + #tcp dport iperf3 accept pkttype host limit rate 5/second counter reject with icmpx type admin-prohibited counter comment "count any other traffic" diff --git a/etc/pacman.conf b/etc/pacman.conf index 49ff54d0..293be916 100644 --- a/etc/pacman.conf +++ b/etc/pacman.conf @@ -34,7 +34,7 @@ Color #NoProgressBar CheckSpace #VerbosePkgLists -ParallelDownloads = 5 +ParallelDownloads = 8 # By default, pacman accepts packages signed by keys that its local keyring # trusts (see pacman-key and its man page), as well as unsigned packages. @@ -69,11 +69,11 @@ LocalFileSigLevel = Optional # repo name header and Include lines. You can add preferred servers immediately # after the header, and they will be used before the default mirrors. -[fly] -Server = file:///home/xyz/programs/repos/fly/$arch +#[fly] +#Server = file:///home/xyz/programs/repos/fly/$arch -#[fly-any] -#Server = file:///home/xyz/programs/repos/fly/any +[fly-any] +Server = file:///home/xyz/programs/repos/fly/any #[core-testing] #Include = /etc/pacman.d/mirrorlist diff --git a/etc/resolv.conf b/etc/resolv.conf new file mode 120000 index 00000000..36396629 --- /dev/null +++ b/etc/resolv.conf @@ -0,0 +1 @@ +/run/systemd/resolve/stub-resolv.conf
\ No newline at end of file diff --git a/etc/services b/etc/services index 4bbdc73e..32ae60c0 100644 --- a/etc/services +++ b/etc/services @@ -1366,6 +1366,8 @@ apex-mesh 912/tcp apex-mesh 912/udp apex-edge 913/tcp apex-edge 913/udp +rift-lies 914/udp +rift-ties 915/udp rndc 953/tcp ftps-data 989/tcp ftps-data 989/udp @@ -3848,6 +3850,8 @@ simple-tx-rx 2257/tcp simple-tx-rx 2257/udp rcts 2258/tcp rcts 2258/udp +bid-serv 2259/tcp +bid-serv 2259/udp apc-2260 2260/tcp apc-2260 2260/udp comotionmaster 2261/tcp @@ -4066,6 +4070,8 @@ service-ctrl 2367/tcp service-ctrl 2367/udp opentable 2368/tcp opentable 2368/udp +bif-p2p 2369/tcp +bif-p2p 2369/udp l3-hbmon 2370/tcp l3-hbmon 2370/udp rda 2371/tcp @@ -5901,6 +5907,8 @@ deskview 3298/udp pdrncs 3299/tcp pdrncs 3299/udp ceph 3300/tcp +tarantool 3301/tcp +tarantool 3301/udp mcs-fastmail 3302/tcp mcs-fastmail 3302/udp opsession-clnt 3303/tcp @@ -7217,8 +7225,8 @@ iconp 3972/tcp iconp 3972/udp progistics 3973/tcp progistics 3973/udp -citysearch 3974/tcp -citysearch 3974/udp +xk22 3974/tcp +xk22 3974/udp airshot 3975/tcp airshot 3975/udp opswagent 3976/tcp @@ -7677,7 +7685,7 @@ trim-event 4322/tcp trim-event 4322/udp trim-ice 4323/tcp trim-ice 4323/udp -geognosisman 4325/tcp +geognosisadmin 4325/tcp geognosisman 4325/udp geognosis 4326/tcp geognosis 4326/udp @@ -8084,6 +8092,8 @@ xmcp 4788/tcp vxlan 4789/udp vxlan-gpe 4790/udp roce 4791/udp +unified-bus 4792/tcp +unified-bus 4792/udp iims 4800/tcp iims 4800/udp iwec 4801/tcp @@ -8450,6 +8460,8 @@ padl2sim 5236/tcp padl2sim 5236/udp mnet-discovery 5237/tcp mnet-discovery 5237/udp +attune 5242/tcp +xycstatus 5243/tcp downtools 5245/tcp downtools-disc 5245/udp capwap-control 5246/udp @@ -8890,6 +8902,7 @@ icmpd 5813/tcp icmpd 5813/udp spt-automation 5814/tcp spt-automation 5814/udp +autopassdaemon 5820/tcp shiprush-d-ch 5841/tcp reversion 5842/tcp wherehoo 5859/tcp @@ -8901,17 +8914,38 @@ diameters 5868/sctp jute 5883/tcp rfb 5900/tcp rfb 5900/udp -cm 5910/tcp -cm 5910/udp +ff-ice 5903/tcp +ff-ice 5903/udp +ff-ice 5903/sctp +ag-swim 5904/tcp +ag-swim 5904/udp +ag-swim 5904/sctp +asmgcs 5905/tcp +asmgcs 5905/udp +asmgcs 5905/sctp +rpas-c2 5906/tcp +rpas-c2 5906/udp +rpas-c2 5906/sctp +dsd 5907/tcp +dsd 5907/udp +dsd 5907/sctp +ipsma 5908/tcp +ipsma 5908/udp +ipsma 5908/sctp +agma 5909/tcp +agma 5909/udp +agma 5909/sctp +ats-atn 5910/tcp +ats-atn 5910/udp cm 5910/sctp -cpdlc 5911/tcp -cpdlc 5911/udp +ats-acars 5911/tcp +ats-acars 5911/udp cpdlc 5911/sctp -fis 5912/tcp -fis 5912/udp +ais-met 5912/tcp +ais-met 5912/udp fis 5912/sctp -ads-c 5913/tcp -ads-c 5913/udp +aoc-acars 5913/tcp +aoc-acars 5913/udp ads-c 5913/sctp indy 5963/tcp indy 5963/udp @@ -9365,6 +9399,7 @@ acmsoda 6969/tcp acmsoda 6969/udp conductor 6970/tcp conductor-mpx 6970/sctp +qolyester 6980/udp MobilitySrv 6997/tcp MobilitySrv 6997/udp iatp-highpri 6998/tcp @@ -9640,12 +9675,13 @@ imqbrokerd 7676/tcp imqbrokerd 7676/udp sun-user-https 7677/tcp sun-user-https 7677/udp -pando-pub 7680/tcp -pando-pub 7680/udp +ms-do 7680/tcp +ms-do 7680/udp dmt 7683/tcp bolt 7687/tcp collaber 7689/tcp collaber 7689/udp +sovd 7690/tcp klio 7697/tcp klio 7697/udp em7-secom 7700/tcp @@ -9822,6 +9858,7 @@ senomix07 8058/udp senomix08 8059/tcp senomix08 8059/udp aero 8060/udp +nikatron-dev 8061/tcp toad-bi-appsrvr 8066/tcp infi-async 8067/tcp ucs-isc 8070/tcp @@ -9923,8 +9960,8 @@ synapse-nhttps 8243/tcp synapse-nhttps 8243/udp espeasy-p2p 8266/udp robot-remote 8270/tcp -pando-sec 8276/tcp -pando-sec 8276/udp +ms-mcc 8276/tcp +ms-mcc 8276/udp synapse-nhttp 8280/tcp synapse-nhttp 8280/udp libelle 8282/tcp @@ -9977,6 +10014,7 @@ espeech-rtp 8417/tcp espeech-rtp 8417/udp aritts 8423/tcp pgbackrest 8432/tcp +aws-as2 8433/udp cybro-a-bus 8442/tcp cybro-a-bus 8442/udp pcsync-https 8443/tcp @@ -9985,6 +10023,7 @@ pcsync-http 8444/tcp pcsync-http 8444/udp copy 8445/tcp copy-disc 8445/udp +matrix-fed 8448/tcp npmp 8450/tcp npmp 8450/udp nexentamv 8457/tcp @@ -10289,6 +10328,7 @@ secure-ts 9318/udp guibase 9321/tcp guibase 9321/udp gnmi-gnoi 9339/tcp +gribi 9340/tcp mpidcmgr 9343/tcp mpidcmgr 9343/udp mphlpdmc 9344/tcp @@ -10675,6 +10715,7 @@ warehouse 12322/tcp warehouse 12322/udp italk 12345/tcp italk 12345/udp +carb-repl-ctrl 12546/tcp tsaf 12753/tcp tsaf 12753/udp netperf 12865/tcp @@ -10719,6 +10760,7 @@ dsmcc-download 13821/udp dsmcc-ccp 13822/tcp dsmcc-ccp 13822/udp bmdss 13823/tcp +a-trust-rpc 13832/tcp ucontrol 13894/tcp ucontrol 13894/udp dta-systems 13929/tcp @@ -10817,6 +10859,7 @@ amt-redir-tls 16995/tcp amt-redir-tls 16995/udp isode-dua 17007/tcp isode-dua 17007/udp +ncpu 17010/tcp vestasdlp 17184/tcp soundsvirtual 17185/tcp soundsvirtual 17185/udp @@ -10920,8 +10963,10 @@ faircom-db 19790/tcp iec-104-sec 19998/tcp dnp-sec 19999/tcp dnp-sec 19999/udp +dnp-sec 19999/sctp dnp 20000/tcp dnp 20000/udp +dnp 20000/sctp microsan 20001/tcp microsan 20001/udp commtact-http 20002/tcp @@ -10970,6 +11015,7 @@ vofr-gateway 21590/tcp vofr-gateway 21590/udp tvpm 21800/tcp tvpm 21800/udp +sal 21801/tcp webphone 21845/tcp webphone 21845/udp netspeak-is 21846/tcp @@ -11333,6 +11379,7 @@ ng-control 38412/sctp xn-control 38422/sctp e1-interface 38462/sctp f1-control 38472/sctp +psqlmws 38638/tcp sruth 38800/tcp secrmmsafecopya 38865/tcp vroa 39063/tcp @@ -11366,6 +11413,7 @@ candrp 42509/tcp candrp 42509/udp caerpc 42510/tcp caerpc 42510/udp +curiosity 42999/tcp recvr-rc 43000/tcp recvr-rc-disc 43000/udp reachout 43188/tcp @@ -11461,6 +11509,4 @@ nusrp 49001/tcp nusdp-disc 49001/udp inspider 49150/tcp # my services -jackett 9117/tcp -searx 49152/tcp -qrcp 49153/tcp +iperf3 53497/tcp diff --git a/etc/ssh/sshd_config b/etc/ssh/sshd_config index ad7e1f20..1438778c 100644 --- a/etc/ssh/sshd_config +++ b/etc/ssh/sshd_config @@ -1,4 +1,15 @@ -# $OpenBSD: sshd_config,v 1.104 2021/07/02 05:11:21 dtucker Exp $ +# `man sshd_config` says "for each keyword, the first obtained value will be used". So I decided to put my configs before all others to override them all. +# Based on manpage, setting PasswordAuthentication no, and Arch Linux default KbdInteractiveAuthentication no, with other defaults seems already equivalent to AuthenticationMethods publickey, but I still put it here for redundancy. +# https://wiki.archlinux.org/title/OpenSSH#Force_public_key_authentication +AuthenticationMethods publickey +PermitRootLogin no +PasswordAuthentication no +# KbdInteractiveAuthentication no and UsePAM yes are Arch Linux default settings see /etc/ssh/sshd_config.d/00-archlinux.conf, I need these configs, I put them here just in case Arch Linux change the defaults in the future. +KbdInteractiveAuthentication no +UsePAM yes + +# Include drop-in configurations +Include /etc/ssh/sshd_config.d/*.conf # This is the sshd server system-wide configuration file. See # sshd_config(5) for more information. @@ -29,7 +40,7 @@ # Authentication: #LoginGraceTime 2m -PermitRootLogin no +#PermitRootLogin prohibit-password #StrictModes yes #MaxAuthTries 6 #MaxSessions 10 @@ -54,11 +65,11 @@ AuthorizedKeysFile .ssh/authorized_keys #IgnoreRhosts yes # To disable tunneled clear text passwords, change to no here! -PasswordAuthentication no +#PasswordAuthentication yes #PermitEmptyPasswords no # Change to no to disable s/key passwords -KbdInteractiveAuthentication no +#KbdInteractiveAuthentication yes # Kerberos options #KerberosAuthentication no @@ -75,11 +86,11 @@ KbdInteractiveAuthentication no # be allowed through the KbdInteractiveAuthentication and # PasswordAuthentication. Depending on your PAM configuration, # PAM authentication via KbdInteractiveAuthentication may bypass -# the setting of "PermitRootLogin without-password". +# the setting of "PermitRootLogin prohibit-password". # If you just want the PAM account and session checks to run without # PAM authentication, then enable this but set PasswordAuthentication # and KbdInteractiveAuthentication to 'no'. -UsePAM yes +#UsePAM no #AllowAgentForwarding yes #AllowTcpForwarding yes @@ -88,7 +99,7 @@ UsePAM yes #X11DisplayOffset 10 #X11UseLocalhost yes #PermitTTY yes -PrintMotd no # pam does that +#PrintMotd yes #PrintLastLog yes #TCPKeepAlive yes #PermitUserEnvironment no diff --git a/etc/sudoers b/etc/sudoers index 65cd7ca1..cfd22989 100644 --- a/etc/sudoers +++ b/etc/sudoers @@ -59,15 +59,22 @@ ## Uncomment to use a hard-coded PATH instead of the user's to find commands # Defaults secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" ## +## Uncomment to restore the historic behavior where a command is run in +## the user's own terminal. +# Defaults !use_pty +## ## Uncomment to send mail if the user does not enter the correct password. # Defaults mail_badpass ## ## Uncomment to enable logging of a command's output, except for ## sudoreplay and reboot. Use sudoreplay to play back logged sessions. +## Sudo will create up to 2,176,782,336 I/O logs before recycling them. +## Set maxseq to a smaller number if you don't have unlimited disk space. # Defaults log_output # Defaults!/usr/bin/sudoreplay !log_output # Defaults!/usr/local/bin/sudoreplay !log_output # Defaults!REBOOT !log_output +# Defaults maxseq = 1000 ## ## Runas alias specification @@ -82,7 +89,7 @@ root ALL=(ALL:ALL) ALL %wheel ALL=(ALL:ALL) ALL ## Same thing without a password -#%wheel ALL=(ALL:ALL) NOPASSWD: ALL +# %wheel ALL=(ALL:ALL) NOPASSWD: ALL ## Uncomment to allow members of group sudo to execute any command # %sudo ALL=(ALL:ALL) ALL |