mirror of
https://github.com/edu4rdshl/linuxscripts.git
synced 2026-07-17 23:24:52 +00:00
.
This commit is contained in:
parent
434b709681
commit
7420fcb66f
11 changed files with 54 additions and 1174 deletions
|
|
@ -1,398 +0,0 @@
|
||||||
|
|
||||||
##############################################
|
|
||||||
# #
|
|
||||||
# dnscrypt-proxy configuration #
|
|
||||||
# #
|
|
||||||
##############################################
|
|
||||||
|
|
||||||
## This is an example configuration file.
|
|
||||||
## You should adjust it to your needs, and save it as "dnscrypt-proxy.toml"
|
|
||||||
##
|
|
||||||
## Online documentation is available here: https://dnscrypt.info/doc
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
##################################
|
|
||||||
# Global settings #
|
|
||||||
##################################
|
|
||||||
|
|
||||||
## List of servers to use
|
|
||||||
## If this line is commented, all registered servers matching the require_* filters
|
|
||||||
## will be used
|
|
||||||
## The proxy will automatically pick the fastest, working servers from the list.
|
|
||||||
## Remove the leading # first to enable this; lines starting with # are ignored.
|
|
||||||
|
|
||||||
server_names = ['dnscrypt']
|
|
||||||
|
|
||||||
|
|
||||||
## List of local addresses and ports to listen to. Can be IPv4 and/or IPv6.
|
|
||||||
## To only use systemd activation sockets, use an empty set: []
|
|
||||||
|
|
||||||
listen_addresses = []
|
|
||||||
|
|
||||||
|
|
||||||
## Maximum number of simultaneous client connections to accept
|
|
||||||
|
|
||||||
max_clients = 250
|
|
||||||
|
|
||||||
|
|
||||||
## Require servers (from static + remote sources) to satisfy specific properties
|
|
||||||
|
|
||||||
# Use servers reachable over IPv4
|
|
||||||
ipv4_servers = true
|
|
||||||
|
|
||||||
# Use servers reachable over IPv6 -- Do not enable if you don't have IPv6 connectivity
|
|
||||||
ipv6_servers = false
|
|
||||||
|
|
||||||
# Use servers implementing the DNSCrypt protocol
|
|
||||||
dnscrypt_servers = true
|
|
||||||
|
|
||||||
# Use servers implementing the DNS-over-HTTPS protocol
|
|
||||||
doh_servers = true
|
|
||||||
|
|
||||||
|
|
||||||
## Require servers defined by remote sources to satisfy specific properties
|
|
||||||
|
|
||||||
# Server must support DNS security extensions (DNSSEC)
|
|
||||||
require_dnssec = false
|
|
||||||
|
|
||||||
# Server must not log user queries (declarative)
|
|
||||||
require_nolog = true
|
|
||||||
|
|
||||||
# Server must not enforce its own blacklist (for parental control, ads blocking...)
|
|
||||||
require_nofilter = true
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
## Always use TCP to connect to upstream servers
|
|
||||||
|
|
||||||
force_tcp = false
|
|
||||||
|
|
||||||
|
|
||||||
## How long a DNS query will wait for a response, in milliseconds
|
|
||||||
|
|
||||||
timeout = 2500
|
|
||||||
|
|
||||||
|
|
||||||
## Load-balancing strategy: 'p2' (default), 'ph', 'fastest' or 'random'
|
|
||||||
|
|
||||||
# lb_strategy = 'p2'
|
|
||||||
|
|
||||||
|
|
||||||
## Log level (0-6, default: 2 - 0 is very verbose, 6 only contains fatal errors)
|
|
||||||
|
|
||||||
# log_level = 2
|
|
||||||
|
|
||||||
|
|
||||||
## log file for the application
|
|
||||||
|
|
||||||
# log_file = '/var/log/dnscrypt-proxy/dnscrypt-proxy.log'
|
|
||||||
|
|
||||||
|
|
||||||
## Use the system logger (syslog on Unix, Event Log on Windows)
|
|
||||||
|
|
||||||
# use_syslog = true
|
|
||||||
|
|
||||||
|
|
||||||
## Delay, in minutes, after which certificates are reloaded
|
|
||||||
|
|
||||||
cert_refresh_delay = 240
|
|
||||||
|
|
||||||
|
|
||||||
## Fallback resolver
|
|
||||||
## This is a normal, non-encrypted DNS resolver, that will be only used
|
|
||||||
## for one-shot queries when retrieving the initial resolvers list, and
|
|
||||||
## only if the system DNS configuration doesn't work.
|
|
||||||
## No user application queries will ever be leaked through this resolver,
|
|
||||||
## and it will not be used after IP addresses of resolvers URLs have been found.
|
|
||||||
## It will never be used if lists have already been cached, and if stamps
|
|
||||||
## don't include host names without IP addresses.
|
|
||||||
## It will not be used if the configured system DNS works.
|
|
||||||
## A resolver supporting DNSSEC is recommended. This may become mandatory.
|
|
||||||
|
|
||||||
fallback_resolver = '9.9.9.9:53'
|
|
||||||
|
|
||||||
|
|
||||||
## Never try to use the system DNS settings; unconditionally use the
|
|
||||||
## fallback resolver.
|
|
||||||
|
|
||||||
ignore_system_dns = false
|
|
||||||
|
|
||||||
|
|
||||||
## Automatic log files rotation
|
|
||||||
|
|
||||||
# Maximum log files size in MB
|
|
||||||
log_files_max_size = 10
|
|
||||||
|
|
||||||
# Maximum log files age in days
|
|
||||||
log_files_max_age = 7
|
|
||||||
|
|
||||||
# Maximum log files backups to keep
|
|
||||||
log_files_max_backups = 1
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
#########################
|
|
||||||
# Filters #
|
|
||||||
#########################
|
|
||||||
|
|
||||||
## Immediately respond to IPv6-related queries with an empty response
|
|
||||||
## This makes things faster when there is no IPv6 connectivity, but can
|
|
||||||
## also cause reliability issues with some stub resolvers. In
|
|
||||||
## particular, enabling this on macOS is not recommended.
|
|
||||||
|
|
||||||
block_ipv6 = false
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
##################################################################################
|
|
||||||
# Route queries for specific domains to a dedicated set of servers #
|
|
||||||
##################################################################################
|
|
||||||
|
|
||||||
## Example map entries (one entry per line):
|
|
||||||
## example.com 9.9.9.9
|
|
||||||
## example.net 9.9.9.9,8.8.8.8
|
|
||||||
|
|
||||||
# forwarding_rules = '/etc/dnscrypt-proxy/forwarding-rules.txt'
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
###############################
|
|
||||||
# Cloaking rules #
|
|
||||||
###############################
|
|
||||||
|
|
||||||
## Cloaking returns a predefined address for a specific name.
|
|
||||||
## In addition to acting as a HOSTS file, it can also return the IP address
|
|
||||||
## of a different name. It will also do CNAME flattening.
|
|
||||||
##
|
|
||||||
## Example map entries (one entry per line)
|
|
||||||
## example.com 10.1.1.1
|
|
||||||
## www.google.com forcesafesearch.google.com
|
|
||||||
|
|
||||||
# cloaking_rules = '/etc/dnscrypt-proxy/cloaking-rules.txt'
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
###########################
|
|
||||||
# DNS cache #
|
|
||||||
###########################
|
|
||||||
|
|
||||||
## Enable a DNS cache to reduce latency and outgoing traffic
|
|
||||||
|
|
||||||
cache = true
|
|
||||||
|
|
||||||
|
|
||||||
## Cache size
|
|
||||||
|
|
||||||
cache_size = 256
|
|
||||||
|
|
||||||
|
|
||||||
## Minimum TTL for cached entries
|
|
||||||
|
|
||||||
cache_min_ttl = 600
|
|
||||||
|
|
||||||
|
|
||||||
## Maximum TTL for cached entries
|
|
||||||
|
|
||||||
cache_max_ttl = 86400
|
|
||||||
|
|
||||||
|
|
||||||
## TTL for negatively cached entries
|
|
||||||
|
|
||||||
cache_neg_ttl = 60
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
###############################
|
|
||||||
# Query logging #
|
|
||||||
###############################
|
|
||||||
|
|
||||||
## Log client queries to a file
|
|
||||||
|
|
||||||
[query_log]
|
|
||||||
|
|
||||||
## Path to the query log file (absolute, or relative to the same directory as the executable file)
|
|
||||||
|
|
||||||
# file = '/var/log/dnscrypt-proxy/query.log'
|
|
||||||
|
|
||||||
|
|
||||||
## Query log format (currently supported: tsv and ltsv)
|
|
||||||
|
|
||||||
format = 'tsv'
|
|
||||||
|
|
||||||
|
|
||||||
## Do not log these query types, to reduce verbosity. Keep empty to log everything.
|
|
||||||
|
|
||||||
# ignored_qtypes = ['DNSKEY', 'NS']
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
############################################
|
|
||||||
# Suspicious queries logging #
|
|
||||||
############################################
|
|
||||||
|
|
||||||
## Log queries for nonexistent zones
|
|
||||||
## These queries can reveal the presence of malware, broken/obsolete applications,
|
|
||||||
## and devices signaling their presence to 3rd parties.
|
|
||||||
|
|
||||||
[nx_log]
|
|
||||||
|
|
||||||
## Path to the query log file (absolute, or relative to the same directory as the executable file)
|
|
||||||
|
|
||||||
# file = '/var/log/dnscrypt-proxy/nx.log'
|
|
||||||
|
|
||||||
|
|
||||||
## Query log format (currently supported: tsv and ltsv)
|
|
||||||
|
|
||||||
format = 'tsv'
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
######################################################
|
|
||||||
# Pattern-based blocking (blacklists) #
|
|
||||||
######################################################
|
|
||||||
|
|
||||||
## Blacklists are made of one pattern per line. Example of valid patterns:
|
|
||||||
##
|
|
||||||
## example.com
|
|
||||||
## *sex*
|
|
||||||
## ads.*
|
|
||||||
## ads*.example.*
|
|
||||||
## ads*.example[0-9]*.com
|
|
||||||
##
|
|
||||||
## Example blacklist files can be found at https://download.dnscrypt.info/blacklists/
|
|
||||||
## A script to build blacklists from public feeds can be found in the
|
|
||||||
## `utils/generate-domains-blacklists` directory of the dnscrypt-proxy source code.
|
|
||||||
|
|
||||||
[blacklist]
|
|
||||||
|
|
||||||
## Path to the file of blocking rules (absolute, or relative to the same directory as the executable file)
|
|
||||||
|
|
||||||
# blacklist_file = '/etc/dnscrypt-proxy/blacklist.txt'
|
|
||||||
|
|
||||||
|
|
||||||
## Optional path to a file logging blocked queries
|
|
||||||
|
|
||||||
# log_file = '/var/log/dnscrypt-proxy/blocked.log'
|
|
||||||
|
|
||||||
|
|
||||||
## Optional log format: tsv or ltsv (default: tsv)
|
|
||||||
|
|
||||||
# log_format = 'tsv'
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
###########################################################
|
|
||||||
# Pattern-based IP blocking (IP blacklists) #
|
|
||||||
###########################################################
|
|
||||||
|
|
||||||
## IP blacklists are made of one pattern per line. Example of valid patterns:
|
|
||||||
##
|
|
||||||
## 127.*
|
|
||||||
## fe80:abcd:*
|
|
||||||
## 192.168.1.4
|
|
||||||
|
|
||||||
[ip_blacklist]
|
|
||||||
|
|
||||||
## Path to the file of blocking rules (absolute, or relative to the same directory as the executable file)
|
|
||||||
|
|
||||||
# blacklist_file = '/etc/dnscrypt-proxy/ip-blacklist.txt'
|
|
||||||
|
|
||||||
|
|
||||||
## Optional path to a file logging blocked queries
|
|
||||||
|
|
||||||
# log_file = '/var/log/dnscrypt-proxy/ip-blocked.log'
|
|
||||||
|
|
||||||
|
|
||||||
## Optional log format: tsv or ltsv (default: tsv)
|
|
||||||
|
|
||||||
# log_format = 'tsv'
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
##########################################
|
|
||||||
# Time access restrictions #
|
|
||||||
##########################################
|
|
||||||
|
|
||||||
## One or more weekly schedules can be defined here.
|
|
||||||
## Patterns in the name-based blocklist can optionally be followed with @schedule_name
|
|
||||||
## to apply the pattern 'schedule_name' only when it matches a time range of that schedule.
|
|
||||||
##
|
|
||||||
## For example, the following rule in a blacklist file:
|
|
||||||
## *.youtube.* @time-to-sleep
|
|
||||||
## would block access to Youtube only during the days, and period of the days
|
|
||||||
## define by the 'time-to-sleep' schedule.
|
|
||||||
##
|
|
||||||
## {after='21:00', before= '7:00'} matches 0:00-7:00 and 21:00-0:00
|
|
||||||
## {after= '9:00', before='18:00'} matches 9:00-18:00
|
|
||||||
|
|
||||||
[schedules]
|
|
||||||
|
|
||||||
# [schedules.'time-to-sleep']
|
|
||||||
# mon = [{after='21:00', before='7:00'}]
|
|
||||||
# tue = [{after='21:00', before='7:00'}]
|
|
||||||
# wed = [{after='21:00', before='7:00'}]
|
|
||||||
# thu = [{after='21:00', before='7:00'}]
|
|
||||||
# fri = [{after='23:00', before='7:00'}]
|
|
||||||
# sat = [{after='23:00', before='7:00'}]
|
|
||||||
# sun = [{after='21:00', before='7:00'}]
|
|
||||||
|
|
||||||
# [schedules.'work']
|
|
||||||
# mon = [{after='9:00', before='18:00'}]
|
|
||||||
# tue = [{after='9:00', before='18:00'}]
|
|
||||||
# wed = [{after='9:00', before='18:00'}]
|
|
||||||
# thu = [{after='9:00', before='18:00'}]
|
|
||||||
# fri = [{after='9:00', before='17:00'}]
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
#########################
|
|
||||||
# Servers #
|
|
||||||
#########################
|
|
||||||
|
|
||||||
## Remote lists of available servers
|
|
||||||
## Multiple sources can be used simultaneously, but every source
|
|
||||||
## requires a dedicated cache file.
|
|
||||||
##
|
|
||||||
## Refer to the documentation for URLs of public sources.
|
|
||||||
##
|
|
||||||
## A prefix can be prepended to server names in order to
|
|
||||||
## avoid collisions if different sources share the same for
|
|
||||||
## different servers. In that case, names listed in `server_names`
|
|
||||||
## must include the prefixes.
|
|
||||||
##
|
|
||||||
## If the `url` property is missing, cache files and valid signatures
|
|
||||||
## must be already present; This doesn't prevent these cache files from
|
|
||||||
## expiring after `refresh_delay` hours.
|
|
||||||
|
|
||||||
[sources]
|
|
||||||
|
|
||||||
## An example of a remote source
|
|
||||||
|
|
||||||
#[sources.'public-resolvers']
|
|
||||||
#url = 'https://download.dnscrypt.info/resolvers-list/v2/public-resolvers.md'
|
|
||||||
#cache_file = '/var/cache/dnscrypt-proxy/public-resolvers.md'
|
|
||||||
#minisign_key = 'RWQf6LRCGA9i53mlYecO4IzT51TGPpvWucNSCh1CBM0QTaLn73Y7GFO3'
|
|
||||||
#refresh_delay = 72
|
|
||||||
#prefix = ''
|
|
||||||
|
|
||||||
## Another example source, with resolvers censoring some websites not appropriate for children
|
|
||||||
## This is a subset of the `public-resolvers` list, so enabling both is useless
|
|
||||||
|
|
||||||
# [sources.'parental-control']
|
|
||||||
# url = 'https://download.dnscrypt.info/resolvers-list/v2/parental-control.md'
|
|
||||||
# cache_file = '/var/cache/dnscrypt-proxy/parental-control.md'
|
|
||||||
# minisign_key = 'RWQf6LRCGA9i53mlYecO4IzT51TGPpvWucNSCh1CBM0QTaLn73Y7GFO3'
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
## Optional, local, static list of additional servers
|
|
||||||
## Mostly useful for testing your own servers.
|
|
||||||
|
|
||||||
[static]
|
|
||||||
|
|
||||||
[static.'dnscrypt']
|
|
||||||
stamp = 'sdns://AQcAAAAAAAAAEzE0Ni4xODUuMTY3LjQzOjUzNTMgs6WXaRRXWwSJ4Z-unEPmefryjFcYlwAxf3u0likfsJUcMi5kbnNjcnlwdC1jZXJ0LnNlY3VyZWRucy5ldQ'
|
|
||||||
|
|
||||||
[static.'cisco']
|
|
||||||
stamp = 'sdns://AQAAAAAAAAAADjIwOC42Ny4yMjAuMjIwILc1EUAgbyJdPivYItf9aR6hwzzI1maNDL4Ev6vKQ_t5GzIuZG5zY3J5cHQtY2VydC5vcGVuZG5zLmNvbQ'
|
|
||||||
|
|
@ -1,395 +0,0 @@
|
||||||
|
|
||||||
##############################################
|
|
||||||
# #
|
|
||||||
# dnscrypt-proxy configuration #
|
|
||||||
# #
|
|
||||||
##############################################
|
|
||||||
|
|
||||||
## This is an example configuration file.
|
|
||||||
## You should adjust it to your needs, and save it as "dnscrypt-proxy.toml"
|
|
||||||
##
|
|
||||||
## Online documentation is available here: https://dnscrypt.info/doc
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
##################################
|
|
||||||
# Global settings #
|
|
||||||
##################################
|
|
||||||
|
|
||||||
## List of servers to use
|
|
||||||
## If this line is commented, all registered servers matching the require_* filters
|
|
||||||
## will be used
|
|
||||||
## The proxy will automatically pick the fastest, working servers from the list.
|
|
||||||
## Remove the leading # first to enable this; lines starting with # are ignored.
|
|
||||||
|
|
||||||
# server_names = ['scaleway-fr', 'google', 'yandex']
|
|
||||||
|
|
||||||
|
|
||||||
## List of local addresses and ports to listen to. Can be IPv4 and/or IPv6.
|
|
||||||
## To only use systemd activation sockets, use an empty set: []
|
|
||||||
|
|
||||||
listen_addresses = []
|
|
||||||
|
|
||||||
|
|
||||||
## Maximum number of simultaneous client connections to accept
|
|
||||||
|
|
||||||
max_clients = 250
|
|
||||||
|
|
||||||
|
|
||||||
## Require servers (from static + remote sources) to satisfy specific properties
|
|
||||||
|
|
||||||
# Use servers reachable over IPv4
|
|
||||||
ipv4_servers = true
|
|
||||||
|
|
||||||
# Use servers reachable over IPv6 -- Do not enable if you don't have IPv6 connectivity
|
|
||||||
ipv6_servers = false
|
|
||||||
|
|
||||||
# Use servers implementing the DNSCrypt protocol
|
|
||||||
dnscrypt_servers = true
|
|
||||||
|
|
||||||
# Use servers implementing the DNS-over-HTTPS protocol
|
|
||||||
doh_servers = true
|
|
||||||
|
|
||||||
|
|
||||||
## Require servers defined by remote sources to satisfy specific properties
|
|
||||||
|
|
||||||
# Server must support DNS security extensions (DNSSEC)
|
|
||||||
require_dnssec = false
|
|
||||||
|
|
||||||
# Server must not log user queries (declarative)
|
|
||||||
require_nolog = true
|
|
||||||
|
|
||||||
# Server must not enforce its own blacklist (for parental control, ads blocking...)
|
|
||||||
require_nofilter = true
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
## Always use TCP to connect to upstream servers
|
|
||||||
|
|
||||||
force_tcp = false
|
|
||||||
|
|
||||||
|
|
||||||
## How long a DNS query will wait for a response, in milliseconds
|
|
||||||
|
|
||||||
timeout = 2500
|
|
||||||
|
|
||||||
|
|
||||||
## Load-balancing strategy: 'p2' (default), 'ph', 'fastest' or 'random'
|
|
||||||
|
|
||||||
# lb_strategy = 'p2'
|
|
||||||
|
|
||||||
|
|
||||||
## Log level (0-6, default: 2 - 0 is very verbose, 6 only contains fatal errors)
|
|
||||||
|
|
||||||
# log_level = 2
|
|
||||||
|
|
||||||
|
|
||||||
## log file for the application
|
|
||||||
|
|
||||||
# log_file = '/var/log/dnscrypt-proxy/dnscrypt-proxy.log'
|
|
||||||
|
|
||||||
|
|
||||||
## Use the system logger (syslog on Unix, Event Log on Windows)
|
|
||||||
|
|
||||||
# use_syslog = true
|
|
||||||
|
|
||||||
|
|
||||||
## Delay, in minutes, after which certificates are reloaded
|
|
||||||
|
|
||||||
cert_refresh_delay = 240
|
|
||||||
|
|
||||||
|
|
||||||
## Fallback resolver
|
|
||||||
## This is a normal, non-encrypted DNS resolver, that will be only used
|
|
||||||
## for one-shot queries when retrieving the initial resolvers list, and
|
|
||||||
## only if the system DNS configuration doesn't work.
|
|
||||||
## No user application queries will ever be leaked through this resolver,
|
|
||||||
## and it will not be used after IP addresses of resolvers URLs have been found.
|
|
||||||
## It will never be used if lists have already been cached, and if stamps
|
|
||||||
## don't include host names without IP addresses.
|
|
||||||
## It will not be used if the configured system DNS works.
|
|
||||||
## A resolver supporting DNSSEC is recommended. This may become mandatory.
|
|
||||||
|
|
||||||
fallback_resolver = '9.9.9.9:53'
|
|
||||||
|
|
||||||
|
|
||||||
## Never try to use the system DNS settings; unconditionally use the
|
|
||||||
## fallback resolver.
|
|
||||||
|
|
||||||
ignore_system_dns = false
|
|
||||||
|
|
||||||
|
|
||||||
## Automatic log files rotation
|
|
||||||
|
|
||||||
# Maximum log files size in MB
|
|
||||||
log_files_max_size = 10
|
|
||||||
|
|
||||||
# How long to keep backup files, in days
|
|
||||||
log_files_max_age = 7
|
|
||||||
|
|
||||||
# Maximum log files backups to keep
|
|
||||||
log_files_max_backups = 1
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
#########################
|
|
||||||
# Filters #
|
|
||||||
#########################
|
|
||||||
|
|
||||||
## Immediately respond to IPv6-related queries with an empty response
|
|
||||||
## This makes things faster when there is no IPv6 connectivity, but can
|
|
||||||
## also cause reliability issues with some stub resolvers. In
|
|
||||||
## particular, enabling this on macOS is not recommended.
|
|
||||||
|
|
||||||
block_ipv6 = false
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
##################################################################################
|
|
||||||
# Route queries for specific domains to a dedicated set of servers #
|
|
||||||
##################################################################################
|
|
||||||
|
|
||||||
## Example map entries (one entry per line):
|
|
||||||
## example.com 9.9.9.9
|
|
||||||
## example.net 9.9.9.9,8.8.8.8
|
|
||||||
|
|
||||||
# forwarding_rules = '/etc/dnscrypt-proxy/forwarding-rules.txt'
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
###############################
|
|
||||||
# Cloaking rules #
|
|
||||||
###############################
|
|
||||||
|
|
||||||
## Cloaking returns a predefined address for a specific name.
|
|
||||||
## In addition to acting as a HOSTS file, it can also return the IP address
|
|
||||||
## of a different name. It will also do CNAME flattening.
|
|
||||||
##
|
|
||||||
## Example map entries (one entry per line)
|
|
||||||
## example.com 10.1.1.1
|
|
||||||
## www.google.com forcesafesearch.google.com
|
|
||||||
|
|
||||||
# cloaking_rules = '/etc/dnscrypt-proxy/cloaking-rules.txt'
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
###########################
|
|
||||||
# DNS cache #
|
|
||||||
###########################
|
|
||||||
|
|
||||||
## Enable a DNS cache to reduce latency and outgoing traffic
|
|
||||||
|
|
||||||
cache = true
|
|
||||||
|
|
||||||
|
|
||||||
## Cache size
|
|
||||||
|
|
||||||
cache_size = 256
|
|
||||||
|
|
||||||
|
|
||||||
## Minimum TTL for cached entries
|
|
||||||
|
|
||||||
cache_min_ttl = 600
|
|
||||||
|
|
||||||
|
|
||||||
## Maximum TTL for cached entries
|
|
||||||
|
|
||||||
cache_max_ttl = 86400
|
|
||||||
|
|
||||||
|
|
||||||
## TTL for negatively cached entries
|
|
||||||
|
|
||||||
cache_neg_ttl = 60
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
###############################
|
|
||||||
# Query logging #
|
|
||||||
###############################
|
|
||||||
|
|
||||||
## Log client queries to a file
|
|
||||||
|
|
||||||
[query_log]
|
|
||||||
|
|
||||||
## Path to the query log file (absolute, or relative to the same directory as the executable file)
|
|
||||||
|
|
||||||
# file = '/var/log/dnscrypt-proxy/query.log'
|
|
||||||
|
|
||||||
|
|
||||||
## Query log format (currently supported: tsv and ltsv)
|
|
||||||
|
|
||||||
format = 'tsv'
|
|
||||||
|
|
||||||
|
|
||||||
## Do not log these query types, to reduce verbosity. Keep empty to log everything.
|
|
||||||
|
|
||||||
# ignored_qtypes = ['DNSKEY', 'NS']
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
############################################
|
|
||||||
# Suspicious queries logging #
|
|
||||||
############################################
|
|
||||||
|
|
||||||
## Log queries for nonexistent zones
|
|
||||||
## These queries can reveal the presence of malware, broken/obsolete applications,
|
|
||||||
## and devices signaling their presence to 3rd parties.
|
|
||||||
|
|
||||||
[nx_log]
|
|
||||||
|
|
||||||
## Path to the query log file (absolute, or relative to the same directory as the executable file)
|
|
||||||
|
|
||||||
# file = '/var/log/dnscrypt-proxy/nx.log'
|
|
||||||
|
|
||||||
|
|
||||||
## Query log format (currently supported: tsv and ltsv)
|
|
||||||
|
|
||||||
format = 'tsv'
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
######################################################
|
|
||||||
# Pattern-based blocking (blacklists) #
|
|
||||||
######################################################
|
|
||||||
|
|
||||||
## Blacklists are made of one pattern per line. Example of valid patterns:
|
|
||||||
##
|
|
||||||
## example.com
|
|
||||||
## *sex*
|
|
||||||
## ads.*
|
|
||||||
## ads*.example.*
|
|
||||||
## ads*.example[0-9]*.com
|
|
||||||
##
|
|
||||||
## Example blacklist files can be found at https://download.dnscrypt.info/blacklists/
|
|
||||||
## A script to build blacklists from public feeds can be found in the
|
|
||||||
## `utils/generate-domains-blacklists` directory of the dnscrypt-proxy source code.
|
|
||||||
|
|
||||||
[blacklist]
|
|
||||||
|
|
||||||
## Path to the file of blocking rules (absolute, or relative to the same directory as the executable file)
|
|
||||||
|
|
||||||
# blacklist_file = '/etc/dnscrypt-proxy/blacklist.txt'
|
|
||||||
|
|
||||||
|
|
||||||
## Optional path to a file logging blocked queries
|
|
||||||
|
|
||||||
# log_file = '/var/log/dnscrypt-proxy/blocked.log'
|
|
||||||
|
|
||||||
|
|
||||||
## Optional log format: tsv or ltsv (default: tsv)
|
|
||||||
|
|
||||||
# log_format = 'tsv'
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
###########################################################
|
|
||||||
# Pattern-based IP blocking (IP blacklists) #
|
|
||||||
###########################################################
|
|
||||||
|
|
||||||
## IP blacklists are made of one pattern per line. Example of valid patterns:
|
|
||||||
##
|
|
||||||
## 127.*
|
|
||||||
## fe80:abcd:*
|
|
||||||
## 192.168.1.4
|
|
||||||
|
|
||||||
[ip_blacklist]
|
|
||||||
|
|
||||||
## Path to the file of blocking rules (absolute, or relative to the same directory as the executable file)
|
|
||||||
|
|
||||||
# blacklist_file = '/etc/dnscrypt-proxy/ip-blacklist.txt'
|
|
||||||
|
|
||||||
|
|
||||||
## Optional path to a file logging blocked queries
|
|
||||||
|
|
||||||
# log_file = '/var/log/dnscrypt-proxy/ip-blocked.log'
|
|
||||||
|
|
||||||
|
|
||||||
## Optional log format: tsv or ltsv (default: tsv)
|
|
||||||
|
|
||||||
# log_format = 'tsv'
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
##########################################
|
|
||||||
# Time access restrictions #
|
|
||||||
##########################################
|
|
||||||
|
|
||||||
## One or more weekly schedules can be defined here.
|
|
||||||
## Patterns in the name-based blocklist can optionally be followed with @schedule_name
|
|
||||||
## to apply the pattern 'schedule_name' only when it matches a time range of that schedule.
|
|
||||||
##
|
|
||||||
## For example, the following rule in a blacklist file:
|
|
||||||
## *.youtube.* @time-to-sleep
|
|
||||||
## would block access to Youtube only during the days, and period of the days
|
|
||||||
## define by the 'time-to-sleep' schedule.
|
|
||||||
##
|
|
||||||
## {after='21:00', before= '7:00'} matches 0:00-7:00 and 21:00-0:00
|
|
||||||
## {after= '9:00', before='18:00'} matches 9:00-18:00
|
|
||||||
|
|
||||||
[schedules]
|
|
||||||
|
|
||||||
# [schedules.'time-to-sleep']
|
|
||||||
# mon = [{after='21:00', before='7:00'}]
|
|
||||||
# tue = [{after='21:00', before='7:00'}]
|
|
||||||
# wed = [{after='21:00', before='7:00'}]
|
|
||||||
# thu = [{after='21:00', before='7:00'}]
|
|
||||||
# fri = [{after='23:00', before='7:00'}]
|
|
||||||
# sat = [{after='23:00', before='7:00'}]
|
|
||||||
# sun = [{after='21:00', before='7:00'}]
|
|
||||||
|
|
||||||
# [schedules.'work']
|
|
||||||
# mon = [{after='9:00', before='18:00'}]
|
|
||||||
# tue = [{after='9:00', before='18:00'}]
|
|
||||||
# wed = [{after='9:00', before='18:00'}]
|
|
||||||
# thu = [{after='9:00', before='18:00'}]
|
|
||||||
# fri = [{after='9:00', before='17:00'}]
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
#########################
|
|
||||||
# Servers #
|
|
||||||
#########################
|
|
||||||
|
|
||||||
## Remote lists of available servers
|
|
||||||
## Multiple sources can be used simultaneously, but every source
|
|
||||||
## requires a dedicated cache file.
|
|
||||||
##
|
|
||||||
## Refer to the documentation for URLs of public sources.
|
|
||||||
##
|
|
||||||
## A prefix can be prepended to server names in order to
|
|
||||||
## avoid collisions if different sources share the same for
|
|
||||||
## different servers. In that case, names listed in `server_names`
|
|
||||||
## must include the prefixes.
|
|
||||||
##
|
|
||||||
## If the `url` property is missing, cache files and valid signatures
|
|
||||||
## must be already present; This doesn't prevent these cache files from
|
|
||||||
## expiring after `refresh_delay` hours.
|
|
||||||
|
|
||||||
[sources]
|
|
||||||
|
|
||||||
## An example of a remote source
|
|
||||||
|
|
||||||
[sources.'public-resolvers']
|
|
||||||
url = 'https://download.dnscrypt.info/resolvers-list/v2/public-resolvers.md'
|
|
||||||
cache_file = '/var/cache/dnscrypt-proxy/public-resolvers.md'
|
|
||||||
minisign_key = 'RWQf6LRCGA9i53mlYecO4IzT51TGPpvWucNSCh1CBM0QTaLn73Y7GFO3'
|
|
||||||
refresh_delay = 72
|
|
||||||
prefix = ''
|
|
||||||
|
|
||||||
## Another example source, with resolvers censoring some websites not appropriate for children
|
|
||||||
## This is a subset of the `public-resolvers` list, so enabling both is useless
|
|
||||||
|
|
||||||
# [sources.'parental-control']
|
|
||||||
# url = 'https://download.dnscrypt.info/resolvers-list/v2/parental-control.md'
|
|
||||||
# cache_file = '/var/cache/dnscrypt-proxy/parental-control.md'
|
|
||||||
# minisign_key = 'RWQf6LRCGA9i53mlYecO4IzT51TGPpvWucNSCh1CBM0QTaLn73Y7GFO3'
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
## Optional, local, static list of additional servers
|
|
||||||
## Mostly useful for testing your own servers.
|
|
||||||
|
|
||||||
[static]
|
|
||||||
|
|
||||||
# [static.'google']
|
|
||||||
# stamp = 'sdns://AgUAAAAAAAAAACDyXGrcc5eNecJ8nomJCJ-q6eCLTEn6bHic0hWGUwYQaA5kbnMuZ29vZ2xlLmNvbQ0vZXhwZXJpbWVudGFs'
|
|
||||||
12
etc/grub
12
etc/grub
|
|
@ -1,16 +1,16 @@
|
||||||
# GRUB boot loader configuration
|
# GRUB boot loader configuration
|
||||||
|
|
||||||
GRUB_DEFAULT=saved
|
GRUB_DEFAULT="1>2"
|
||||||
GRUB_TIMEOUT=5
|
GRUB_TIMEOUT=5
|
||||||
GRUB_DISTRIBUTOR="Arch"
|
GRUB_DISTRIBUTOR="Arch"
|
||||||
GRUB_CMDLINE_LINUX_DEFAULT="quiet zswap.compressor=lz4"
|
GRUB_CMDLINE_LINUX_DEFAULT="quiet"
|
||||||
GRUB_CMDLINE_LINUX=""
|
GRUB_CMDLINE_LINUX="cryptdevice=/dev/sda3:luks:allow-discards ipv6.disable_ipv6=1 zswap.zpool=z3fold zswap.enabled=1 zswap.max_pool_percent=25 zswap.compressor=lz4"
|
||||||
|
|
||||||
# Preload both GPT and MBR modules so that they are not missed
|
# Preload both GPT and MBR modules so that they are not missed
|
||||||
GRUB_PRELOAD_MODULES="part_gpt part_msdos"
|
GRUB_PRELOAD_MODULES="part_gpt part_msdos"
|
||||||
|
|
||||||
# Uncomment to enable booting from LUKS encrypted devices
|
# Uncomment to enable booting from LUKS encrypted devices
|
||||||
#GRUB_ENABLE_CRYPTODISK=y
|
GRUB_ENABLE_CRYPTODISK=y
|
||||||
|
|
||||||
# Uncomment to enable Hidden Menu, and optionally hide the timeout count
|
# Uncomment to enable Hidden Menu, and optionally hide the timeout count
|
||||||
#GRUB_HIDDEN_TIMEOUT=5
|
#GRUB_HIDDEN_TIMEOUT=5
|
||||||
|
|
@ -43,7 +43,7 @@ GRUB_DISABLE_RECOVERY=true
|
||||||
#GRUB_COLOR_HIGHLIGHT="light-cyan/blue"
|
#GRUB_COLOR_HIGHLIGHT="light-cyan/blue"
|
||||||
|
|
||||||
# Uncomment one of them for the gfx desired, a image background or a gfxtheme
|
# Uncomment one of them for the gfx desired, a image background or a gfxtheme
|
||||||
GRUB_BACKGROUND="/home/shl/Pictures/Images/archlinux.png"
|
GRUB_BACKGROUND="/home/sechacklabs/Pictures/SHL/sechacklabs-wallpaper-dark.jpg"
|
||||||
#GRUB_THEME="/path/to/gfxtheme"
|
#GRUB_THEME="/path/to/gfxtheme"
|
||||||
|
|
||||||
# Uncomment to get a beep at GRUB start
|
# Uncomment to get a beep at GRUB start
|
||||||
|
|
@ -51,4 +51,4 @@ GRUB_BACKGROUND="/home/shl/Pictures/Images/archlinux.png"
|
||||||
|
|
||||||
# Uncomment to make GRUB remember the last selection. This requires to
|
# Uncomment to make GRUB remember the last selection. This requires to
|
||||||
# set 'GRUB_DEFAULT=saved' above.
|
# set 'GRUB_DEFAULT=saved' above.
|
||||||
GRUB_SAVEDEFAULT="true"
|
#GRUB_SAVEDEFAULT="true"
|
||||||
|
|
|
||||||
|
|
@ -1,54 +0,0 @@
|
||||||
# GRUB boot loader configuration
|
|
||||||
|
|
||||||
GRUB_DEFAULT=0
|
|
||||||
GRUB_TIMEOUT=5
|
|
||||||
GRUB_DISTRIBUTOR="Arch"
|
|
||||||
GRUB_CMDLINE_LINUX_DEFAULT="quiet zswap.enabled=1 zswap.compressor=lz4"
|
|
||||||
GRUB_CMDLINE_LINUX=""
|
|
||||||
|
|
||||||
# Preload both GPT and MBR modules so that they are not missed
|
|
||||||
GRUB_PRELOAD_MODULES="part_gpt part_msdos"
|
|
||||||
|
|
||||||
# Uncomment to enable booting from LUKS encrypted devices
|
|
||||||
#GRUB_ENABLE_CRYPTODISK=y
|
|
||||||
|
|
||||||
# Uncomment to enable Hidden Menu, and optionally hide the timeout count
|
|
||||||
#GRUB_HIDDEN_TIMEOUT=5
|
|
||||||
#GRUB_HIDDEN_TIMEOUT_QUIET=true
|
|
||||||
|
|
||||||
# Uncomment to use basic console
|
|
||||||
GRUB_TERMINAL_INPUT=console
|
|
||||||
|
|
||||||
# Uncomment to disable graphical terminal
|
|
||||||
#GRUB_TERMINAL_OUTPUT=console
|
|
||||||
|
|
||||||
# The resolution used on graphical terminal
|
|
||||||
# note that you can use only modes which your graphic card supports via VBE
|
|
||||||
# you can see them in real GRUB with the command `vbeinfo'
|
|
||||||
GRUB_GFXMODE=auto
|
|
||||||
|
|
||||||
# Uncomment to allow the kernel use the same resolution used by grub
|
|
||||||
GRUB_GFXPAYLOAD_LINUX=keep
|
|
||||||
|
|
||||||
# Uncomment if you want GRUB to pass to the Linux kernel the old parameter
|
|
||||||
# format "root=/dev/xxx" instead of "root=/dev/disk/by-uuid/xxx"
|
|
||||||
#GRUB_DISABLE_LINUX_UUID=true
|
|
||||||
|
|
||||||
# Uncomment to disable generation of recovery mode menu entries
|
|
||||||
GRUB_DISABLE_RECOVERY=true
|
|
||||||
|
|
||||||
# Uncomment and set to the desired menu colors. Used by normal and wallpaper
|
|
||||||
# modes only. Entries specified as foreground/background.
|
|
||||||
#GRUB_COLOR_NORMAL="light-blue/black"
|
|
||||||
#GRUB_COLOR_HIGHLIGHT="light-cyan/blue"
|
|
||||||
|
|
||||||
# Uncomment one of them for the gfx desired, a image background or a gfxtheme
|
|
||||||
#GRUB_BACKGROUND="/path/to/wallpaper"
|
|
||||||
#GRUB_THEME="/path/to/gfxtheme"
|
|
||||||
|
|
||||||
# Uncomment to get a beep at GRUB start
|
|
||||||
#GRUB_INIT_TUNE="480 440 1"
|
|
||||||
|
|
||||||
# Uncomment to make GRUB remember the last selection. This requires to
|
|
||||||
# set 'GRUB_DEFAULT=saved' above.
|
|
||||||
#GRUB_SAVEDEFAULT="true"
|
|
||||||
|
|
@ -1,64 +0,0 @@
|
||||||
#!/bin/sh
|
|
||||||
#
|
|
||||||
# LightDM wrapper to run around X sessions.
|
|
||||||
|
|
||||||
echo "Running X session wrapper"
|
|
||||||
|
|
||||||
# Load profile
|
|
||||||
for file in "/etc/profile" "$HOME/.profile" "/etc/xprofile" "$HOME/.xprofile"; do
|
|
||||||
if [ -f "$file" ]; then
|
|
||||||
echo "Loading profile from $file";
|
|
||||||
. "$file"
|
|
||||||
fi
|
|
||||||
done
|
|
||||||
|
|
||||||
# Load resources
|
|
||||||
for file in "/etc/X11/Xresources" "$HOME/.Xresources"; do
|
|
||||||
if [ -f "$file" ]; then
|
|
||||||
echo "Loading resource: $file"
|
|
||||||
xrdb -merge "$file"
|
|
||||||
fi
|
|
||||||
done
|
|
||||||
|
|
||||||
# Load keymaps
|
|
||||||
for file in "/etc/X11/Xkbmap" "$HOME/.Xkbmap"; do
|
|
||||||
if [ -f "$file" ]; then
|
|
||||||
echo "Loading keymap: $file"
|
|
||||||
setxkbmap `cat "$file"`
|
|
||||||
XKB_IN_USE=yes
|
|
||||||
fi
|
|
||||||
done
|
|
||||||
|
|
||||||
# Load xmodmap if not using XKB
|
|
||||||
if [ -z "$XKB_IN_USE" ]; then
|
|
||||||
for file in "/etc/X11/Xmodmap" "$HOME/.Xmodmap"; do
|
|
||||||
if [ -f "$file" ]; then
|
|
||||||
echo "Loading modmap: $file"
|
|
||||||
xmodmap "$file"
|
|
||||||
fi
|
|
||||||
done
|
|
||||||
fi
|
|
||||||
|
|
||||||
unset XKB_IN_USE
|
|
||||||
|
|
||||||
# Run all system xinitrc shell scripts
|
|
||||||
xinitdir="/etc/X11/xinit/xinitrc.d"
|
|
||||||
if [ -d "$xinitdir" ]; then
|
|
||||||
for script in $xinitdir/*; do
|
|
||||||
echo "Loading xinit script $script"
|
|
||||||
if [ -x "$script" -a ! -d "$script" ]; then
|
|
||||||
. "$script"
|
|
||||||
fi
|
|
||||||
done
|
|
||||||
fi
|
|
||||||
|
|
||||||
# Run user xsession shell script
|
|
||||||
script="$HOME/.xsession"
|
|
||||||
if [ -x "$script" -a ! -d "$script" ]; then
|
|
||||||
echo "Loading xsession script $script"
|
|
||||||
. "$script"
|
|
||||||
fi
|
|
||||||
|
|
||||||
echo "X session wrapper complete, running session $@"
|
|
||||||
|
|
||||||
exec $@
|
|
||||||
|
|
@ -1,3 +0,0 @@
|
||||||
[keyring]
|
|
||||||
#a=0x0123456789ABCD
|
|
||||||
#b=secret
|
|
||||||
|
|
@ -1,62 +0,0 @@
|
||||||
# LightDM GTK+ Configuration
|
|
||||||
# Available configuration options listed below.
|
|
||||||
#
|
|
||||||
# Appearance:
|
|
||||||
# theme-name = GTK+ theme to use
|
|
||||||
# icon-theme-name = Icon theme to use
|
|
||||||
# background = Background file to use, either an image path or a color (e.g. #772953)
|
|
||||||
# user-background = false|true ("true" by default) Display user background (if available)
|
|
||||||
# transition-duration = Length of time (in milliseconds) to transition between background images ("500" by default)
|
|
||||||
# transition-type = ease-in-out|linear|none ("ease-in-out" by default)
|
|
||||||
#
|
|
||||||
# Fonts:
|
|
||||||
# font-name = Font to use
|
|
||||||
# xft-antialias = false|true Whether to antialias Xft fonts
|
|
||||||
# xft-dpi = Resolution for Xft in dots per inch (e.g. 96)
|
|
||||||
# xft-hintstyle = none|slight|medium|hintfull What degree of hinting to use
|
|
||||||
# xft-rgba = none|rgb|bgr|vrgb|vbgr Type of subpixel antialiasing
|
|
||||||
#
|
|
||||||
# Login window:
|
|
||||||
# active-monitor = Monitor to display greeter window (name or number). Use #cursor value to display greeter at monitor with cursor. Can be a semicolon separated list
|
|
||||||
# position = x y ("50% 50%" by default) Login window position
|
|
||||||
# default-user-image = Image used as default user icon, path or #icon-name
|
|
||||||
# hide-user-image = false|true ("false" by default)
|
|
||||||
#
|
|
||||||
# Panel:
|
|
||||||
# panel-position = top|bottom ("top" by default)
|
|
||||||
# clock-format = strftime-format string, e.g. %H:%M
|
|
||||||
# indicators = semi-colon ";" separated list of allowed indicator modules. Built-in indicators include "~a11y", "~language", "~session", "~power", "~clock", "~host", "~spacer". Unity indicators can be represented by short name (e.g. "sound", "power"), service file name, or absolute path
|
|
||||||
#
|
|
||||||
# Accessibility:
|
|
||||||
# a11y-states = states of accessibility features: "name" - save state on exit, "-name" - disabled at start (default value for unlisted), "+name" - enabled at start. Allowed names: contrast, font, keyboard, reader.
|
|
||||||
# keyboard = command to launch on-screen keyboard (e.g. "onboard")
|
|
||||||
# keyboard-position = x y[;width height] ("50%,center -0;50% 25%" by default) Works only for "onboard"
|
|
||||||
# reader = command to launch screen reader (e.g. "orca")
|
|
||||||
#
|
|
||||||
# Security:
|
|
||||||
# allow-debugging = false|true ("false" by default)
|
|
||||||
# screensaver-timeout = Timeout (in seconds) until the screen blanks when the greeter is called as lockscreen
|
|
||||||
#
|
|
||||||
# Template for per-monitor configuration:
|
|
||||||
# [monitor: name]
|
|
||||||
# background = overrides default value
|
|
||||||
# user-background = overrides default value
|
|
||||||
# laptop = false|true ("false" by default) Marks monitor as laptop display
|
|
||||||
# transition-duration = overrides default value
|
|
||||||
#
|
|
||||||
[greeter]
|
|
||||||
#background=
|
|
||||||
#user-background=
|
|
||||||
#theme-name=
|
|
||||||
#icon-theme-name=
|
|
||||||
#font-name=
|
|
||||||
#xft-antialias=
|
|
||||||
#xft-dpi=
|
|
||||||
#xft-hintstyle=
|
|
||||||
#xft-rgba=
|
|
||||||
#indicators=
|
|
||||||
#clock-format=
|
|
||||||
#keyboard=
|
|
||||||
#reader=
|
|
||||||
#position=
|
|
||||||
#screensaver-timeout=
|
|
||||||
|
|
@ -1,169 +0,0 @@
|
||||||
#
|
|
||||||
# General configuration
|
|
||||||
#
|
|
||||||
# start-default-seat = True to always start one seat if none are defined in the configuration
|
|
||||||
# greeter-user = User to run greeter as
|
|
||||||
# minimum-display-number = Minimum display number to use for X servers
|
|
||||||
# minimum-vt = First VT to run displays on
|
|
||||||
# lock-memory = True to prevent memory from being paged to disk
|
|
||||||
# user-authority-in-system-dir = True if session authority should be in the system location
|
|
||||||
# guest-account-script = Script to be run to setup guest account
|
|
||||||
# logind-check-graphical = True to on start seats that are marked as graphical by logind
|
|
||||||
# log-directory = Directory to log information to
|
|
||||||
# run-directory = Directory to put running state in
|
|
||||||
# cache-directory = Directory to cache to
|
|
||||||
# sessions-directory = Directory to find sessions
|
|
||||||
# remote-sessions-directory = Directory to find remote sessions
|
|
||||||
# greeters-directory = Directory to find greeters
|
|
||||||
# backup-logs = True to move add a .old suffix to old log files when opening new ones
|
|
||||||
# dbus-service = True if LightDM provides a D-Bus service to control it
|
|
||||||
#
|
|
||||||
[LightDM]
|
|
||||||
#start-default-seat=true
|
|
||||||
#greeter-user=lightdm
|
|
||||||
#minimum-display-number=0
|
|
||||||
#minimum-vt=7 # Setting this to a value < 7 implies security issues, see FS#46799
|
|
||||||
#lock-memory=true
|
|
||||||
#user-authority-in-system-dir=false
|
|
||||||
#guest-account-script=guest-account
|
|
||||||
#logind-check-graphical=false
|
|
||||||
#log-directory=/var/log/lightdm
|
|
||||||
run-directory=/run/lightdm
|
|
||||||
#cache-directory=/var/cache/lightdm
|
|
||||||
#sessions-directory=/usr/share/lightdm/sessions:/usr/share/xsessions:/usr/share/wayland-sessions
|
|
||||||
#remote-sessions-directory=/usr/share/lightdm/remote-sessions
|
|
||||||
#greeters-directory=$XDG_DATA_DIRS/lightdm/greeters:$XDG_DATA_DIRS/xgreeters
|
|
||||||
#backup-logs=true
|
|
||||||
#dbus-service=true
|
|
||||||
|
|
||||||
#
|
|
||||||
# Seat configuration
|
|
||||||
#
|
|
||||||
# Seat configuration is matched against the seat name glob in the section, for example:
|
|
||||||
# [Seat:*] matches all seats and is applied first.
|
|
||||||
# [Seat:seat0] matches the seat named "seat0".
|
|
||||||
# [Seat:seat-thin-client*] matches all seats that have names that start with "seat-thin-client".
|
|
||||||
#
|
|
||||||
# type = Seat type (local, xremote, unity)
|
|
||||||
# pam-service = PAM service to use for login
|
|
||||||
# pam-autologin-service = PAM service to use for autologin
|
|
||||||
# pam-greeter-service = PAM service to use for greeters
|
|
||||||
# xserver-backend = X backend to use (mir)
|
|
||||||
# xserver-command = X server command to run (can also contain arguments e.g. X -special-option)
|
|
||||||
# xmir-command = Xmir server command to run (can also contain arguments e.g. Xmir -special-option)
|
|
||||||
# xserver-config = Config file to pass to X server
|
|
||||||
# xserver-layout = Layout to pass to X server
|
|
||||||
# xserver-allow-tcp = True if TCP/IP connections are allowed to this X server
|
|
||||||
# xserver-share = True if the X server is shared for both greeter and session
|
|
||||||
# xserver-hostname = Hostname of X server (only for type=xremote)
|
|
||||||
# xserver-display-number = Display number of X server (only for type=xremote)
|
|
||||||
# xdmcp-manager = XDMCP manager to connect to (implies xserver-allow-tcp=true)
|
|
||||||
# xdmcp-port = XDMCP UDP/IP port to communicate on
|
|
||||||
# xdmcp-key = Authentication key to use for XDM-AUTHENTICATION-1 (stored in keys.conf)
|
|
||||||
# unity-compositor-command = Unity compositor command to run (can also contain arguments e.g. unity-system-compositor -special-option)
|
|
||||||
# unity-compositor-timeout = Number of seconds to wait for compositor to start
|
|
||||||
# greeter-session = Session to load for greeter
|
|
||||||
# greeter-hide-users = True to hide the user list
|
|
||||||
# greeter-allow-guest = True if the greeter should show a guest login option
|
|
||||||
# greeter-show-manual-login = True if the greeter should offer a manual login option
|
|
||||||
# greeter-show-remote-login = True if the greeter should offer a remote login option
|
|
||||||
# user-session = Session to load for users
|
|
||||||
# allow-user-switching = True if allowed to switch users
|
|
||||||
# allow-guest = True if guest login is allowed
|
|
||||||
# guest-session = Session to load for guests (overrides user-session)
|
|
||||||
# session-wrapper = Wrapper script to run session with
|
|
||||||
# greeter-wrapper = Wrapper script to run greeter with
|
|
||||||
# guest-wrapper = Wrapper script to run guest sessions with
|
|
||||||
# display-setup-script = Script to run when starting a greeter session (runs as root)
|
|
||||||
# display-stopped-script = Script to run after stopping the display server (runs as root)
|
|
||||||
# greeter-setup-script = Script to run when starting a greeter (runs as root)
|
|
||||||
# session-setup-script = Script to run when starting a user session (runs as root)
|
|
||||||
# session-cleanup-script = Script to run when quitting a user session (runs as root)
|
|
||||||
# autologin-guest = True to log in as guest by default
|
|
||||||
# autologin-user = User to log in with by default (overrides autologin-guest)
|
|
||||||
# autologin-user-timeout = Number of seconds to wait before loading default user
|
|
||||||
# autologin-session = Session to load for automatic login (overrides user-session)
|
|
||||||
# autologin-in-background = True if autologin session should not be immediately activated
|
|
||||||
# exit-on-failure = True if the daemon should exit if this seat fails
|
|
||||||
#
|
|
||||||
[Seat:*]
|
|
||||||
#type=local
|
|
||||||
#pam-service=lightdm
|
|
||||||
#pam-autologin-service=lightdm-autologin
|
|
||||||
#pam-greeter-service=lightdm-greeter
|
|
||||||
#xserver-backend=
|
|
||||||
#xserver-command=X
|
|
||||||
#xmir-command=Xmir
|
|
||||||
#xserver-config=
|
|
||||||
#xserver-layout=
|
|
||||||
#xserver-allow-tcp=false
|
|
||||||
#xserver-share=true
|
|
||||||
#xserver-hostname=
|
|
||||||
#xserver-display-number=
|
|
||||||
#xdmcp-manager=
|
|
||||||
#xdmcp-port=177
|
|
||||||
#xdmcp-key=
|
|
||||||
#unity-compositor-command=unity-system-compositor
|
|
||||||
#unity-compositor-timeout=60
|
|
||||||
#greeter-session=example-gtk-gnome
|
|
||||||
#greeter-hide-users=false
|
|
||||||
#greeter-allow-guest=true
|
|
||||||
#greeter-show-manual-login=false
|
|
||||||
#greeter-show-remote-login=true
|
|
||||||
#user-session=default
|
|
||||||
#allow-user-switching=true
|
|
||||||
#allow-guest=true
|
|
||||||
#guest-session=
|
|
||||||
session-wrapper=/etc/lightdm/Xsession
|
|
||||||
#greeter-wrapper=
|
|
||||||
#guest-wrapper=
|
|
||||||
#display-setup-script=
|
|
||||||
#display-stopped-script=
|
|
||||||
#greeter-setup-script=
|
|
||||||
#session-setup-script=
|
|
||||||
#session-cleanup-script=
|
|
||||||
#autologin-guest=false
|
|
||||||
#autologin-user=
|
|
||||||
#autologin-user-timeout=0
|
|
||||||
#autologin-in-background=false
|
|
||||||
#autologin-session=
|
|
||||||
#exit-on-failure=false
|
|
||||||
|
|
||||||
#
|
|
||||||
# XDMCP Server configuration
|
|
||||||
#
|
|
||||||
# enabled = True if XDMCP connections should be allowed
|
|
||||||
# port = UDP/IP port to listen for connections on
|
|
||||||
# listen-address = Host/address to listen for XDMCP connections (use all addresses if not present)
|
|
||||||
# key = Authentication key to use for XDM-AUTHENTICATION-1 or blank to not use authentication (stored in keys.conf)
|
|
||||||
# hostname = Hostname to report to XDMCP clients (defaults to system hostname if unset)
|
|
||||||
#
|
|
||||||
# The authentication key is a 56 bit DES key specified in hex as 0xnnnnnnnnnnnnnn. Alternatively
|
|
||||||
# it can be a word and the first 7 characters are used as the key.
|
|
||||||
#
|
|
||||||
[XDMCPServer]
|
|
||||||
#enabled=false
|
|
||||||
#port=177
|
|
||||||
#listen-address=
|
|
||||||
#key=
|
|
||||||
#hostname=
|
|
||||||
|
|
||||||
#
|
|
||||||
# VNC Server configuration
|
|
||||||
#
|
|
||||||
# enabled = True if VNC connections should be allowed
|
|
||||||
# command = Command to run Xvnc server with
|
|
||||||
# port = TCP/IP port to listen for connections on
|
|
||||||
# listen-address = Host/address to listen for VNC connections (use all addresses if not present)
|
|
||||||
# width = Width of display to use
|
|
||||||
# height = Height of display to use
|
|
||||||
# depth = Color depth of display to use
|
|
||||||
#
|
|
||||||
[VNCServer]
|
|
||||||
#enabled=false
|
|
||||||
#command=Xvnc
|
|
||||||
#port=5900
|
|
||||||
#listen-address=
|
|
||||||
#width=1024
|
|
||||||
#height=768
|
|
||||||
#depth=8
|
|
||||||
|
|
@ -1,14 +0,0 @@
|
||||||
#
|
|
||||||
# User accounts configuration
|
|
||||||
#
|
|
||||||
# NOTE: If you have AccountsService installed on your system, then LightDM will
|
|
||||||
# use this instead and these settings will be ignored
|
|
||||||
#
|
|
||||||
# minimum-uid = Minimum UID required to be shown in greeter
|
|
||||||
# hidden-users = Users that are not shown to the user
|
|
||||||
# hidden-shells = Shells that indicate a user cannot login
|
|
||||||
#
|
|
||||||
[UserList]
|
|
||||||
minimum-uid=1000
|
|
||||||
hidden-users=nobody nobody4 noaccess
|
|
||||||
hidden-shells=/bin/false /usr/bin/nologin
|
|
||||||
|
|
@ -1,9 +0,0 @@
|
||||||
production:
|
|
||||||
adapter: postgresql
|
|
||||||
database: msfdb
|
|
||||||
username: msf
|
|
||||||
password: msftest123
|
|
||||||
host: 127.0.0.1
|
|
||||||
port: 5432
|
|
||||||
pool: 75
|
|
||||||
timeout: 5
|
|
||||||
48
version-check.sh
Executable file
48
version-check.sh
Executable file
|
|
@ -0,0 +1,48 @@
|
||||||
|
#!/bin/bash
|
||||||
|
# Simple script to list version numbers of critical development tools
|
||||||
|
export LC_ALL=C
|
||||||
|
bash --version | head -n1 | cut -d" " -f2-4
|
||||||
|
MYSH=$(readlink -f /bin/sh)
|
||||||
|
echo "/bin/sh -> $MYSH"
|
||||||
|
echo $MYSH | grep -q bash || echo "ERROR: /bin/sh does not point to bash"
|
||||||
|
unset MYSH
|
||||||
|
echo -n "Binutils: "; ld --version | head -n1 | cut -d" " -f3-
|
||||||
|
bison --version | head -n1
|
||||||
|
if [ -h /usr/bin/yacc ]; then
|
||||||
|
echo "/usr/bin/yacc -> `readlink -f /usr/bin/yacc`";
|
||||||
|
elif [ -x /usr/bin/yacc ]; then
|
||||||
|
echo yacc is `/usr/bin/yacc --version | head -n1`
|
||||||
|
else
|
||||||
|
echo "yacc not found"
|
||||||
|
fi
|
||||||
|
bzip2 --version 2>&1 < /dev/null | head -n1 | cut -d" " -f1,6-
|
||||||
|
echo -n "Coreutils: "; chown --version | head -n1 | cut -d")" -f2
|
||||||
|
diff --version | head -n1
|
||||||
|
find --version | head -n1
|
||||||
|
gawk --version | head -n1
|
||||||
|
if [ -h /usr/bin/awk ]; then
|
||||||
|
echo "/usr/bin/awk -> `readlink -f /usr/bin/awk`";
|
||||||
|
elif [ -x /usr/bin/awk ]; then
|
||||||
|
echo awk is `/usr/bin/awk --version | head -n1`
|
||||||
|
else
|
||||||
|
echo "awk not found"
|
||||||
|
fi
|
||||||
|
gcc --version | head -n1
|
||||||
|
g++ --version | head -n1
|
||||||
|
ldd --version | head -n1 | cut -d" " -f2- # glibc version
|
||||||
|
grep --version | head -n1
|
||||||
|
gzip --version | head -n1
|
||||||
|
cat /proc/version
|
||||||
|
m4 --version | head -n1
|
||||||
|
make --version | head -n1
|
||||||
|
patch --version | head -n1
|
||||||
|
echo Perl `perl -V:version`
|
||||||
|
sed --version | head -n1
|
||||||
|
tar --version | head -n1
|
||||||
|
makeinfo --version | head -n1
|
||||||
|
xz --version | head -n1
|
||||||
|
echo 'int main(){}' > dummy.c && g++ -o dummy dummy.c
|
||||||
|
if [ -x dummy ]
|
||||||
|
then echo "g++ compilation OK";
|
||||||
|
else echo "g++ compilation failed"; fi
|
||||||
|
rm -f dummy.c dummy
|
||||||
Loading…
Add table
Add a link
Reference in a new issue