From 71128722b2ba571cd89e0d9d98a3fc8ead0f6dc4 Mon Sep 17 00:00:00 2001
From: anomen <ludek.h@gmail.com>
Date: Sat, 25 Feb 2012 22:12:20 +0100
Subject: [PATCH] savara - customs - etc

---
 savara/customs/etc/etc-update.conf |  84 ++++++++++++++++
 savara/customs/etc/ssh/sshd_config | 200 +++++++++++++++++++++++++++++++++++++
 2 files changed, 284 insertions(+)
 create mode 100644 savara/customs/etc/etc-update.conf
 create mode 100644 savara/customs/etc/ssh/sshd_config

diff --git a/savara/customs/etc/etc-update.conf b/savara/customs/etc/etc-update.conf
new file mode 100644
index 0000000..4826361
--- /dev/null
+++ b/savara/customs/etc/etc-update.conf
@@ -0,0 +1,84 @@
+# /etc/etc-update.conf: config file for `etc-update` utility
+# edit the lines below to your liking
+
+# mode - 0 for text, 1 for menu (support incomplete)
+# note that you need dev-util/dialog installed
+mode="0"
+
+# Whether to clear the term prior to each display
+#clear_term="yes"
+clear_term="no"
+
+# Whether trivial/comment changes should be automerged
+eu_automerge="yes"
+
+# arguments used whenever rm is called
+rm_opts=""
+
+# arguments used whenever mv is called
+mv_opts=""
+
+# arguments used whenever cp is called
+cp_opts=""
+
+# set the pager for use with diff commands (this will
+# cause the PAGER environment variable to be ignored)
+#pager="less"
+
+# For emacs-users (see NOTE_2)
+# diff_command="eval emacs -nw --eval=\'\(ediff\ \"%file1\"\ \"%file2\"\)\'"
+#using_editor=1
+
+# vim-users: you CAN use vimdiff for diff_command. (see NOTE_1 and NOTE_2)
+#diff_command="vim -d %file1 %file2"
+#using_editor=1
+
+# If using colordiff instead of diff, the less -R option may be required
+# for correct display (see 'pager' setting above).
+#diff_command="diff -uN %file1 %file2"
+diff_command="colordiff -uN %file1 %file2"
+
+using_editor=0
+
+
+# vim-users: don't use vimdiff for merging (see NOTE_1)
+merge_command="sdiff -s -o %merged %orig %new"
+
+# EXPLANATION
+#
+# pager:
+#
+# Examples of pager usage:
+#	pager="cat"     # don't use a pager
+#	pager="less -E" # less
+#	pager="more"    # more
+#
+#
+# diff_command:
+#
+# Arguments:
+#	%file1	[REQUIRED]
+#	%file2	[REQUIRED]
+#
+# Examples of diff_command:
+#	diff_command="diff -uN %file1 %file2"	# diff
+#	diff_command="vim -d %file1 %file2"		# vimdiff
+#
+#
+# merge_command:
+#
+# Arguments:
+#	%orig	[REQUIRED]
+#   %new    [REQUIRED]
+#	%merged	[REQUIRED]
+#
+# Examples of merge_command:
+#	merge_command="sdiff -s -o %merged %old %new"	# sdiff
+#
+
+# NOTE_1: Editors such as vim/vimdiff are not usable for the merge_command
+# because it is not known what filenames the produced files have (the user can
+# choose while using those programs)
+
+# NOTE_2: Make sure using_editor is set to "1" when using an editor as
+# diff_command!
diff --git a/savara/customs/etc/ssh/sshd_config b/savara/customs/etc/ssh/sshd_config
new file mode 100644
index 0000000..997afd4
--- /dev/null
+++ b/savara/customs/etc/ssh/sshd_config
@@ -0,0 +1,200 @@
+#	$OpenBSD$
+
+# This is the sshd server system-wide configuration file.  See
+# sshd_config(5) for more information.
+
+# This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin
+
+# The strategy used for options in the default sshd_config shipped with
+# OpenSSH is to specify options with their default value where
+# possible, but leave them commented.  Uncommented options change a
+# default value.
+
+Port 10022
+#Port 22
+#AddressFamily any
+#ListenAddress 0.0.0.0
+#ListenAddress ::
+
+# The default requires explicit activation of protocol 1
+#Protocol 2
+
+# HostKey for protocol version 1
+#HostKey /etc/ssh/ssh_host_key
+# HostKeys for protocol version 2
+#HostKey /etc/ssh/ssh_host_rsa_key
+#HostKey /etc/ssh/ssh_host_dsa_key
+#HostKey /etc/ssh/ssh_host_ecdsa_key
+
+# "key type names" for X.509 certificates with RSA key
+# Note first defined is used in signature operations!
+#X509KeyAlgorithm x509v3-sign-rsa,rsa-md5
+#X509KeyAlgorithm x509v3-sign-rsa,rsa-sha1
+
+# "key type names" for X.509 certificates with DSA key
+# Note first defined is used in signature operations!
+#X509KeyAlgorithm x509v3-sign-dss,dss-asn1
+#X509KeyAlgorithm x509v3-sign-dss,dss-raw
+
+# The intended use for the X509 client certificate. Without this option
+# no chain verification will be done. Currently accepted uses are case
+# insensitive:
+#  - "sslclient", "SSL client", "SSL_client" or "client"
+#  - "any", "Any Purpose", "Any_Purpose" or "AnyPurpose"
+#  - "skip" or ""(empty): don`t check purpose.
+#AllowedCertPurpose sslclient
+
+# Specifies whether self-issued(self-signed) X.509 certificate can be
+# allowed only by entry in AutorizedKeysFile that contain matching
+# public key or certificate blob.
+#KeyAllowSelfIssued no
+
+# Specifies whether CRL must present in store for all certificates in
+# certificate chain with atribute "cRLDistributionPoints"
+#MandatoryCRL no
+
+# A file with multiple certificates of certificate signers
+# in PEM format concatenated together.
+#CACertificateFile /etc/ssh/ca/ca-bundle.crt
+
+# A directory with certificates of certificate signers.
+# The certificates should have name of the form: [HASH].[NUMBER]
+# or have symbolic links to them of this form.
+#CACertificatePath /etc/ssh/ca/crt
+
+# A file with multiple CRL of certificate signers
+# in PEM format concatenated together.
+#CARevocationFile /etc/ssh/ca/ca-bundle.crl
+
+# A directory with CRL of certificate signers. 
+# The CRL should have name of the form: [HASH].r[NUMBER]
+# or have symbolic links to them of this form.
+#CARevocationPath /etc/ssh/ca/crl
+
+# LDAP protocol version.
+# Example:
+# CAldapVersion 2
+
+# Note because of OpenSSH options parser limitation
+# use %3D instead of = !
+# LDAP initialization may require URL to be escaped, i.e.
+# use %2C instead of ,(comma). Escaped URL don't depend from
+# LDAP initialization method.
+# Example:
+# CAldapURL ldap://localhost:389/dc%3Dexample%2Cdc%3Dcom
+
+# SSH can use "Online Certificate Status Protocol"(OCSP)
+# to validate certificate. Set VAType to
+#  - none    : do not use OCSP to validate certificates;
+#  - ocspcert: validate only certificates that specify `OCSP
+#      Service Locator' URL;
+#  - ocspspec: use specified in the configuration 'OCSP Responder'
+#      to validate all certificates.
+#VAType none
+
+# Lifetime and size of ephemeral version 1 server key
+#KeyRegenerationInterval 1h
+#ServerKeyBits 1024
+
+# Logging
+# obsoletes QuietMode and FascistLogging
+SyslogFacility AUTH
+LogLevel INFO
+
+# Authentication:
+
+#LoginGraceTime 2m
+PermitRootLogin no
+#StrictModes yes
+#MaxAuthTries 6
+#MaxSessions 10
+
+#RSAAuthentication yes
+#PubkeyAuthentication yes
+#AuthorizedKeysFile	.ssh/authorized_keys
+
+# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
+#RhostsRSAAuthentication no
+# similar for protocol version 2
+#HostbasedAuthentication no
+# Change to yes if you don't trust ~/.ssh/known_hosts for
+# RhostsRSAAuthentication and HostbasedAuthentication
+#IgnoreUserKnownHosts no
+# Don't read the user's ~/.rhosts and ~/.shosts files
+#IgnoreRhosts yes
+
+# To disable tunneled clear text passwords, change to no here!
+PasswordAuthentication no
+#PermitEmptyPasswords no
+
+# Change to no to disable s/key passwords
+#ChallengeResponseAuthentication yes
+
+# Kerberos options
+#KerberosAuthentication no
+#KerberosOrLocalPasswd yes
+#KerberosTicketCleanup yes
+#KerberosGetAFSToken no
+
+# GSSAPI options
+#GSSAPIAuthentication no
+#GSSAPICleanupCredentials yes
+
+# Set this to 'yes' to enable PAM authentication, account processing, 
+# and session processing. If this is enabled, PAM authentication will 
+# be allowed through the ChallengeResponseAuthentication and
+# PasswordAuthentication.  Depending on your PAM configuration,
+# PAM authentication via ChallengeResponseAuthentication may bypass
+# the setting of "PermitRootLogin without-password".
+# If you just want the PAM account and session checks to run without
+# PAM authentication, then enable this but set PasswordAuthentication
+# and ChallengeResponseAuthentication to 'no'.
+UsePAM yes
+
+#AllowAgentForwarding yes
+AllowTcpForwarding yes
+GatewayPorts yes
+#X11Forwarding no
+#X11DisplayOffset 10
+#X11UseLocalhost yes
+TCPKeepAlive yes
+PrintMotd no
+PrintLastLog no
+#TCPKeepAlive yes
+#UseLogin no
+#UsePrivilegeSeparation yes
+#PermitUserEnvironment no
+#Compression delayed
+#ClientAliveInterval 0
+#ClientAliveCountMax 3
+#UseDNS yes
+#PidFile /var/run/sshd.pid
+#MaxStartups 10
+#PermitTunnel no
+#ChrootDirectory none
+
+# no default banner path
+#Banner none
+
+# override default of no subsystems
+Subsystem	sftp	/usr/lib64/misc/sftp-server
+
+# the following are HPN related configuration options
+# tcp receive buffer polling. disable in non autotuning kernels
+#TcpRcvBufPoll yes
+ 
+# allow the use of the none cipher
+#NoneEnabled no
+
+# disable hpn performance boosts. 
+#HPNDisabled no
+
+# buffer size for hpn to non-hpn connections
+#HPNBufferSize 2048
+
+
+# Example of overriding settings on a per-user basis
+#Match User anoncvs
+#	X11Forwarding no
+#	AllowTcpForwarding no
+#	ForceCommand cvs server
-- 
2.11.4.GIT