From: ms Date: Mon, 18 Sep 2006 19:05:20 +0000 (+0000) Subject: Hinzugefuegt: X-Git-Tag: v2.3-beta1~971 X-Git-Url: http://git.ipfire.org/?p=people%2Fpmueller%2Fipfire-2.x.git;a=commitdiff_plain;h=90c973a6a7ce2efae9f96d7bde8f7c438ab52602 Hinzugefuegt: * Konfiguration fuer Apache2 Kernelupgrade auf 2.4.33.3 Syslinux-Upgrade Gefixt: * /tmp/ROOTFILES hat nichts in der ISO zu suchen. * Fehler im Installer wegen Apache2. git-svn-id: http://svn.ipfire.org/svn/ipfire/trunk@283 ea5c0bd1-69bd-2848-81d8-4f18e57aeed8 --- diff --git a/config/httpd/conf.d/php5.conf b/config/httpd/conf.d/php5.conf new file mode 100644 index 0000000000..5136b15d3b --- /dev/null +++ b/config/httpd/conf.d/php5.conf @@ -0,0 +1,14 @@ + + AddType application/x-httpd-php .php3 + AddType application/x-httpd-php .php4 + AddType application/x-httpd-php .php5 + AddType application/x-httpd-php .php + AddType application/x-httpd-php-source .php3s + AddType application/x-httpd-php-source .php4s + AddType application/x-httpd-php-source .php5s + AddType application/x-httpd-php-source .phps + DirectoryIndex index.php3 + DirectoryIndex index.php4 + DirectoryIndex index.php5 + DirectoryIndex index.php + diff --git a/config/httpd/default-server.conf b/config/httpd/default-server.conf new file mode 100644 index 0000000000..824176fa61 --- /dev/null +++ b/config/httpd/default-server.conf @@ -0,0 +1,8 @@ +# +# Global configuration that will be applicable for all virtual hosts, unless +# deleted here, or overriden elswhere. +# + +DocumentRoot /home/httpd/html + +#Include /etc/httpd/conf/conf.d/*.conf diff --git a/config/httpd/global.conf b/config/httpd/global.conf new file mode 100644 index 0000000000..42bfaf37cb --- /dev/null +++ b/config/httpd/global.conf @@ -0,0 +1,9 @@ +Timeout 300 +ServerSignature on +UseCanonicalName off +ServerTokens OS +LogLevel warn +CustomLog /var/log/httpd/access_log combined +Include /etc/httpd/conf/hostname.conf +HostnameLookups off +AddHandler cgi-script .cgi diff --git a/config/httpd/httpd.conf b/config/httpd/httpd.conf index 9422040eb5..7e00b88268 100644 --- a/config/httpd/httpd.conf +++ b/config/httpd/httpd.conf @@ -1,159 +1,120 @@ -## -## httpd.conf -- Apache HTTP server configuration file -## -ServerType standalone -ServerRoot /etc/httpd - -LockFile /var/lock/httpd.lock -PidFile /var/run/httpd.pid -ScoreBoardFile /var/run/httpd.scoreboard -Timeout 900 -KeepAlive On -MaxKeepAliveRequests 100 -KeepAliveTimeout 15 -MinSpareServers 1 -MaxSpareServers 2 -StartServers 2 -MaxClients 10 -MaxRequestsPerChild 100 -Port 81 -Listen 81 -Listen 444 -User nobody -Group nobody -ServerAdmin root@localhost -ServerTokens Prod -DocumentRoot /home/httpd/html -# Limit track/trace requests -RewriteEngine on -RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK|OPTIONS) -RewriteRule .* - [F] - - - Options None - AllowOverride None - - - Options ExecCGI - AllowOverride None - Order allow,deny - Allow from all - - - AuthName "IPFire - Restricted" - AuthType Basic - AuthUserFile /var/ipfire/auth/users - Require user admin - -ScriptAlias /cgi-bin/ /home/httpd/cgi-bin/ - - AllowOverride None - Options None - AuthName "IPFire - Restricted" - AuthType Basic - AuthUserFile /var/ipfire/auth/users - Require user admin - - Satisfy Any - Allow from All - - - Satisfy Any - Allow from All - - - Satisfy Any - Allow from All - - - Require user admin - - - - AllowOverride None - Options None - AuthName "IPFire - Restricted" - AuthType Basic - AuthUserFile /var/ipfire/auth/users - Require user dial admin - - - DirectoryIndex index.html index.htm index.shtml index.cgi - -AccessFileName .htaccess - - Order allow,deny - Deny from all - - - TypesConfig /etc/mime.types - -DefaultType text/plain - -HostnameLookups Off -ErrorLog /var/log/httpd/error_log -LogLevel warn -LogFormat "%h %l %u %t \"%r\" %>s %b" common -CustomLog /var/log/httpd/access_log common -ServerSignature Off -AddHandler cgi-script .cgi - - BrowserMatch "Mozilla/2" nokeepalive - BrowserMatch "MSIE 4\.0b2;" nokeepalive downgrade-1.0 force-response-1.0 - BrowserMatch "RealPlayer 4\.0" force-response-1.0 - BrowserMatch "Java/1\.0" force-response-1.0 - BrowserMatch "JDK/1\.0" force-response-1.0 - - -### -### SSL Configuration -### -AddType application/x-x509-ca-cert .crt -AddType application/x-pkcs7-crl .crl - -SSLPassPhraseDialog builtin -SSLSessionCache dbm:/var/log/httpd/ssl_scache -SSLSessionCacheTimeout 900 -SSLMutex file:/var/log/httpd/ssl_mutex -SSLRandomSeed startup builtin -SSLRandomSeed connect builtin -SSLLog /var/log/httpd/ssl_engine_log -SSLLogLevel info - - - RewriteEngine on - RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK|OPTIONS) - RewriteRule .* - [F] - DocumentRoot /home/httpd/html - ServerAdmin root@localhost - ErrorLog /var/log/httpd/error_log - TransferLog /var/log/httpd/access_log - SSLEngine on - SSLProtocol all -SSLv2 - SSLCipherSuite ALL:!ADH:!EXPORT56:!eNULL:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW:+EXP - SSLCertificateFile /etc/httpd/server.crt - SSLCertificateKeyFile /etc/httpd/server.key - - SSLOptions +StdEnvVars - - - SSLOptions +StdEnvVars - - SetEnv HOME /home/nobody - SetEnvIf User-Agent ".*MSIE.*" \ - nokeepalive ssl-unclean-shutdown \ - downgrade-1.0 force-response-1.0 - CustomLog /var/log/httpd/ssl_request_log \ - "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b" - - - - Options None - AllowOverride None - AuthName "IPFire - Restricted" - AuthType Basic - AuthUserFile /var/ipfire/auth/users - require user admin - - -include /etc/httpd/conf/hostname.conf +# +# /etc/httpd/conf/httpd.conf +# +# This is the main Apache2 server configuration file for IPFire. +# Plese do not change this file! + +# Overview of include files, chronologically: +# +# httpd.conf +# | +# |-- uid.conf . . . . . . . . . . . . . . UserID/GroupID to run under +# |-- server-tuning.conf . . . . . . . . . sizing of the server (how many processes to start, ...) +# |-- loadmodule.conf . . . . . . . . . . . load these modules +# |-- listen.conf . . . . . . . . . . . . . IP adresses / ports to listen on +# |-- mod_log_config.conf . . . . . . . . . define logging formats +# |-- sysconfig.d/global.conf . . . . . . . server-wide general settings +# |-- mod_status.conf . . . . . . . . . . . restrict access to mod_status (server monitoring) +# |-- mod_info.conf . . . . . . . . . . . . restrict access to mod_info +# |-- mod_usertrack.conf . . . . . . . . . defaults for cookie-based user tracking +# |-- mod_autoindex-defaults.conf . . . . . defaults for displaying of server-generated directory listings +# |-- mod_mime-defaults.conf . . . . . . . defaults for mod_mime configuration +# |-- errors.conf . . . . . . . . . . . . . customize error responses +# |-- ssl-global.conf . . . . . . . . . . . SSL conf that applies to default server _and all_ virtual hosts +# | +# |-- default-server.conf . . . . . . . . . set up the default server that replies to non-virtual-host requests +# | +# `-- vhosts.d/ . . . . . . . . . . . . . . for each virtual host, place one file here +# `-- *.conf . . . . . . . . . . . . . (*.conf is automatically included) +# + +### Global Environment ###################################################### +# +# The directives in this section affect the overall operation of Apache, +# such as the number of concurrent requests. + +# run under this user/group id +Include /etc/httpd/conf/uid.conf + +# - how many server processes to start (server pool regulation) +# - usage of KeepAlive +Include /etc/httpd/conf/server-tuning.conf + +# ErrorLog: The location of the error log file. +# If you do not specify an ErrorLog directive within a +# container, error messages relating to that virtual host will be +# logged here. If you *do* define an error logfile for a +# container, that host's errors will be logged there and not here. +ErrorLog /var/log/httpd/error_log + +# Load Modules here +Include /etc/httpd/conf/loadmodule.conf + +# IP addresses / ports to listen on +Include /etc/httpd/conf/listen.conf + +# predefined logging formats +Include /etc/httpd/conf/mod_log_config.conf + +# global settings +Include /etc/httpd/conf/global.conf + +# optional mod_status, mod_info +#Include /etc/httpd/conf/mod_status.conf +#Include /etc/httpd/conf/mod_info.conf + +# associate MIME types with filename extensions +TypesConfig /etc/mime.types +DefaultType text/plain + +# global (server-wide) SSL configuration, that is not specific to +# any virtual host +Include /etc/httpd/conf/ssl-global.conf + + + Options None + AllowOverride None + + +# use .htaccess files for overriding, +AccessFileName .htaccess +# and never show them + + Order allow,deny + Deny from all + + +# List of resources to look for when the client requests a directory +DirectoryIndex index.html index.htm index.shtml index.cgi + +### 'Main' server configuration ############################################# +# +# The directives in this section set up the values used by the 'main' +# server, which responds to any requests that aren't handled by a +# definition. These values also provide defaults for +# any containers you may define later in the file. +# +# All of these directives may appear inside containers, +# in which case these default settings will be overridden for the +# virtual host being defined. +# +Include /etc/httpd/conf/default-server.conf + + +### Virtual server configuration ############################################ +# +# VirtualHost: If you want to maintain multiple domains/hostnames on your +# machine you can setup VirtualHost containers for them. Most configurations +# use only name-based virtual hosts so the server doesn't need to worry about +# IP addresses. This is indicated by the asterisks in the directives below. +# +# Please see the documentation at +# +# for further details before you try to setup virtual hosts. +# +# You may use the command line option '-S' to verify your virtual host +# configuration. +# +Include /etc/httpd/conf/vhosts.d/*.conf + + diff --git a/config/httpd/listen.conf b/config/httpd/listen.conf new file mode 100644 index 0000000000..cefce53965 --- /dev/null +++ b/config/httpd/listen.conf @@ -0,0 +1,2 @@ +Listen 81 +Listen 444 diff --git a/config/httpd/loadmodule.conf b/config/httpd/loadmodule.conf new file mode 100644 index 0000000000..88112b44e1 --- /dev/null +++ b/config/httpd/loadmodule.conf @@ -0,0 +1,51 @@ +LoadModule authn_file_module /usr/lib/apache/mod_authn_file.so +LoadModule authn_dbm_module /usr/lib/apache/mod_authn_dbm.so +LoadModule authn_anon_module /usr/lib/apache/mod_authn_anon.so +LoadModule authn_dbd_module /usr/lib/apache/mod_authn_dbd.so +LoadModule authn_default_module /usr/lib/apache/mod_authn_default.so +LoadModule authz_host_module /usr/lib/apache/mod_authz_host.so +LoadModule authz_groupfile_module /usr/lib/apache/mod_authz_groupfile.so +LoadModule authz_user_module /usr/lib/apache/mod_authz_user.so +LoadModule authz_dbm_module /usr/lib/apache/mod_authz_dbm.so +LoadModule authz_owner_module /usr/lib/apache/mod_authz_owner.so +LoadModule authz_default_module /usr/lib/apache/mod_authz_default.so +LoadModule auth_basic_module /usr/lib/apache/mod_auth_basic.so +LoadModule auth_digest_module /usr/lib/apache/mod_auth_digest.so +#LoadModule dbd_module /usr/lib/apache/mod_dbd.so +LoadModule dumpio_module /usr/lib/apache/mod_dumpio.so +LoadModule ext_filter_module /usr/lib/apache/mod_ext_filter.so +LoadModule include_module /usr/lib/apache/mod_include.so +LoadModule filter_module /usr/lib/apache/mod_filter.so +LoadModule deflate_module /usr/lib/apache/mod_deflate.so +LoadModule log_config_module /usr/lib/apache/mod_log_config.so +LoadModule log_forensic_module /usr/lib/apache/mod_log_forensic.so +LoadModule logio_module /usr/lib/apache/mod_logio.so +LoadModule env_module /usr/lib/apache/mod_env.so +LoadModule mime_magic_module /usr/lib/apache/mod_mime_magic.so +LoadModule cern_meta_module /usr/lib/apache/mod_cern_meta.so +LoadModule expires_module /usr/lib/apache/mod_expires.so +LoadModule headers_module /usr/lib/apache/mod_headers.so +LoadModule ident_module /usr/lib/apache/mod_ident.so +LoadModule usertrack_module /usr/lib/apache/mod_usertrack.so +LoadModule unique_id_module /usr/lib/apache/mod_unique_id.so +LoadModule setenvif_module /usr/lib/apache/mod_setenvif.so +LoadModule version_module /usr/lib/apache/mod_version.so +LoadModule mime_module /usr/lib/apache/mod_mime.so +LoadModule dav_module /usr/lib/apache/mod_dav.so +LoadModule status_module /usr/lib/apache/mod_status.so +LoadModule autoindex_module /usr/lib/apache/mod_autoindex.so +LoadModule asis_module /usr/lib/apache/mod_asis.so +LoadModule info_module /usr/lib/apache/mod_info.so +LoadModule cgi_module /usr/lib/apache/mod_cgi.so +LoadModule dav_fs_module /usr/lib/apache/mod_dav_fs.so +LoadModule vhost_alias_module /usr/lib/apache/mod_vhost_alias.so +LoadModule negotiation_module /usr/lib/apache/mod_negotiation.so +LoadModule dir_module /usr/lib/apache/mod_dir.so +LoadModule imagemap_module /usr/lib/apache/mod_imagemap.so +LoadModule actions_module /usr/lib/apache/mod_actions.so +LoadModule speling_module /usr/lib/apache/mod_speling.so +LoadModule userdir_module /usr/lib/apache/mod_userdir.so +LoadModule alias_module /usr/lib/apache/mod_alias.so +LoadModule rewrite_module /usr/lib/apache/mod_rewrite.so +LoadModule ssl_module /usr/lib/apache/mod_ssl.so +LoadModule php5_module /usr/lib/apache/libphp5.so diff --git a/config/httpd/mod_info.conf b/config/httpd/mod_info.conf new file mode 100644 index 0000000000..f19885b73f --- /dev/null +++ b/config/httpd/mod_info.conf @@ -0,0 +1,14 @@ +# +# Allow remote server configuration reports, with the URL of +# http://servername/server-info (requires that mod_info.c be loaded). +# +# see http://httpd.apache.org/docs-2.0/mod/mod_info.html +# + + + SetHandler server-info + Order deny,allow + Deny from all + Allow from localhost + + diff --git a/config/httpd/mod_log_config.conf b/config/httpd/mod_log_config.conf new file mode 100644 index 0000000000..89ad09a805 --- /dev/null +++ b/config/httpd/mod_log_config.conf @@ -0,0 +1,31 @@ +# +# The following directives define some format nicknames for use with +# a CustomLog directive. +# + +# +# Format string: Nickname: +# +LogFormat "%h %l %u %t \"%r\" %>s %b" common +LogFormat "%v %h %l %u %t \"%r\" %>s %b" vhost_common +LogFormat "%{Referer}i -> %U" referer +LogFormat "%{User-agent}i" agent +LogFormat "%h %l %u %t \"%r\" %>s %b \ +\"%{Referer}i\" \"%{User-Agent}i\"" combined +LogFormat "%v %h %l %u %t \"%r\" %>s %b \ +\"%{Referer}i\" \"%{User-Agent}i\"" vhost_combined + +# To use %I and %O, you need to enable mod_logio + +LogFormat "%h %l %u %t \"%r\" %>s %b \ +\"%{Referer}i\" \"%{User-Agent}i\" %I %O" combinedio + + +# Use one of these when you want a compact non-error SSL logfile on a virtual +# host basis: + +Logformat "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \ +\"%r\" %b" ssl_common +Logformat "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \ +\"%r\" %b \"%{Referer}i\" \"%{User-Agent}i\"" ssl_combined + diff --git a/config/httpd/mod_status.conf b/config/httpd/mod_status.conf new file mode 100644 index 0000000000..dc7312227b --- /dev/null +++ b/config/httpd/mod_status.conf @@ -0,0 +1,14 @@ +# +# Allow server status reports generated by mod_status, +# with the URL of http://servername/server-status +# +# see http://httpd.apache.org/docs-2.0/mod/mod_status.html +# + + + SetHandler server-status + Order deny,allow + Deny from all + Allow from localhost + + diff --git a/config/httpd/server-tuning.conf b/config/httpd/server-tuning.conf new file mode 100644 index 0000000000..9cb7662327 --- /dev/null +++ b/config/httpd/server-tuning.conf @@ -0,0 +1,34 @@ +# +# KeepAlive: Whether or not to allow persistent connections (more than +# one request per connection). Set to "Off" to deactivate. +# +KeepAlive On + +# +# MaxKeepAliveRequests: The maximum number of requests to allow +# during a persistent connection. Set to 0 to allow an unlimited amount. +# We recommend you leave this number high, for maximum performance. +# +MaxKeepAliveRequests 100 + +# +# KeepAliveTimeout: Number of seconds to wait for the next request from the +# same client on the same connection. +# +KeepAliveTimeout 15 + +MinSpareServers 1 +MaxSpareServers 2 +StartServers 2 +MaxClients 10 +MaxRequestsPerChild 100 + +# +# The following directives modify normal HTTP response behavior to +# handle known problems with browser implementations. +# +BrowserMatch "Mozilla/2" nokeepalive +BrowserMatch "MSIE 4\.0b2;" nokeepalive downgrade-1.0 force-response-1.0 +BrowserMatch "RealPlayer 4\.0" force-response-1.0 +BrowserMatch "Java/1\.0" force-response-1.0 +BrowserMatch "JDK/1\.0" force-response-1.0 diff --git a/config/httpd/ssl-global.conf b/config/httpd/ssl-global.conf new file mode 100644 index 0000000000..458339add4 --- /dev/null +++ b/config/httpd/ssl-global.conf @@ -0,0 +1,69 @@ +## +## SSL Global Context +## +## All SSL configuration in this context applies both to +## the main server and all SSL-enabled virtual hosts. +## + +# These are the configuration directives to instruct the server how to +# serve pages over an https connection. For detailing information about these +# directives see +# +# Do NOT simply read the instructions in here without understanding +# what they do. They're here only as hints or reminders. If you are unsure +# consult the online docs. You have been warned. + +# This global SSL configuration is ignored if +# "SSL" is not defined, or if "NOSSL" is defined. + + + + + # + # Some MIME-types for downloading Certificates and CRLs + # + AddType application/x-x509-ca-cert .crt + AddType application/x-pkcs7-crl .crl + + # Pass Phrase Dialog: + # Configure the pass phrase gathering process. + # The filtering dialog program (`builtin' is a internal + # terminal dialog) has to provide the pass phrase on stdout. + SSLPassPhraseDialog builtin + + # Inter-Process Session Cache: + # Configure the SSL Session Cache: First the mechanism + # to use and second the expiring timeout (in seconds). + # shm means the same as shmht. + # Note that on most platforms shared memory segments are not allowed to be on + # network-mounted drives, so in that case you need to use the dbm method. + #SSLSessionCache none + #SSLSessionCache dbm:/var/log/httpd/ssl_scache + #SSLSessionCache shmht:/var/log/httpd/ssl_scache(512000) + SSLSessionCache shmcb:/var/log/httpd/ssl_scache(512000) + SSLSessionCacheTimeout 900 + + # Semaphore: + # Configure the path to the mutual exclusion semaphore the + # SSL engine uses internally for inter-process synchronization. + SSLMutex file:/var/log/httpd/ssl_mutex + + # Pseudo Random Number Generator (PRNG): + # Configure one or more sources to seed the PRNG of the + # SSL library. The seed data should be of good random quality. + # WARNING! On some platforms /dev/random blocks if not enough entropy + # is available. This means you then cannot use the /dev/random device + # because it would lead to very long connection times (as long as + # it requires to make more entropy available). But usually those + # platforms additionally provide a /dev/urandom device which doesn't + # block. So, if available, use this one instead. Read the mod_ssl User + # Manual for more details. + SSLRandomSeed startup builtin + SSLRandomSeed connect builtin + + SSLLog /var/log/httpd/ssl_engine_log + SSLLogLevel info + + + + diff --git a/config/httpd/uid.conf b/config/httpd/uid.conf new file mode 100644 index 0000000000..cb6963733d --- /dev/null +++ b/config/httpd/uid.conf @@ -0,0 +1,2 @@ +User nobody +Group nobody diff --git a/config/httpd/vhosts.d/ipfire-interface-ssl.conf b/config/httpd/vhosts.d/ipfire-interface-ssl.conf new file mode 100644 index 0000000000..830d3125c8 --- /dev/null +++ b/config/httpd/vhosts.d/ipfire-interface-ssl.conf @@ -0,0 +1,71 @@ + + + RewriteEngine on + RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK|OPTIONS) + RewriteRule .* - [F] + DocumentRoot /home/httpd/html + ServerAdmin root@localhost + ErrorLog /var/log/httpd/error_log + TransferLog /var/log/httpd/access_log + SSLEngine on + SSLProtocol all -SSLv2 + SSLCipherSuite ALL:!ADH:!EXPORT56:!eNULL:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW:+EXP + SSLCertificateFile /etc/httpd/server.crt + SSLCertificateKeyFile /etc/httpd/server.key + + Options ExecCGI + AllowOverride None + Order allow,deny + Allow from all + + + AuthName "IPFire - Restricted" + AuthType Basic + AuthUserFile /var/ipfire/auth/users + Require user admin + + ScriptAlias /cgi-bin/ /home/httpd/cgi-bin/ + + AllowOverride None + Options None + AuthName "IPFire - Restricted" + AuthType Basic + AuthUserFile /var/ipfire/auth/users + Require user admin + + Satisfy Any + Allow from All + + + Satisfy Any + Allow from All + + + Satisfy Any + Allow from All + + + Require user admin + + + + AllowOverride None + Options None + AuthName "IPFire - Restricted" + AuthType Basic + AuthUserFile /var/ipfire/auth/users + Require user dial admin + + + SSLOptions +StdEnvVars + + + SSLOptions +StdEnvVars + + SetEnv HOME /home/nobody + SetEnvIf User-Agent ".*MSIE.*" \ + nokeepalive ssl-unclean-shutdown \ + downgrade-1.0 force-response-1.0 + CustomLog /var/log/httpd/ssl_request_log \ + "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b" + diff --git a/config/httpd/vhosts.d/ipfire-interface.conf b/config/httpd/vhosts.d/ipfire-interface.conf new file mode 100644 index 0000000000..85dea4c72f --- /dev/null +++ b/config/httpd/vhosts.d/ipfire-interface.conf @@ -0,0 +1,54 @@ + + + DocumentRoot /home/httpd/html + + RewriteEngine on + RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK|OPTIONS) + RewriteRule .* - [F] + + + Options ExecCGI + AllowOverride None + Order allow,deny + Allow from all + + + AuthName "IPFire - Restricted" + AuthType Basic + AuthUserFile /var/ipfire/auth/users + Require user admin + + ScriptAlias /cgi-bin/ /home/httpd/cgi-bin/ + + AllowOverride None + Options None + AuthName "IPFire - Restricted" + AuthType Basic + AuthUserFile /var/ipfire/auth/users + Require user admin + + Satisfy Any + Allow from All + + + Satisfy Any + Allow from All + + + Satisfy Any + Allow from All + + + Require user admin + + + + AllowOverride None + Options None + AuthName "IPFire - Restricted" + AuthType Basic + AuthUserFile /var/ipfire/auth/users + Require user dial admin + + + \ No newline at end of file diff --git a/lfs/apache2 b/lfs/apache2 index aee81502c4..2e79faf85f 100644 --- a/lfs/apache2 +++ b/lfs/apache2 @@ -117,7 +117,7 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) /usr/share/man/man8/{ab,apachectl,apxs,htcacheclean,httpd}.8 \ /usr/share/man/man8/{logresolve,rotatelogs,suexec}.8 - sed 's+CONFIG_ROOT+$(CONFIG_ROOT)+g' $(DIR_SRC)/config/httpd/httpd.conf > /etc/httpd/conf/httpd.conf + cp -rf $(DIR_CONF)/httpd/* /etc/httpd/conf ln -sf $(CONFIG_ROOT)/main/hostname.conf /etc/httpd/conf/ # Copy all html/cgi-bin files diff --git a/lfs/cdrom b/lfs/cdrom index b346f10b8e..a94a739e3f 100644 --- a/lfs/cdrom +++ b/lfs/cdrom @@ -89,8 +89,8 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) mkdir -p /install/cdrom/{doc,dosutils,images} sed -e "s/KVER/$(KVER)/g" $(DIR_SRC)/src/ROOTFILES.$(MACHINE) > /tmp/ROOTFILES tar -c -C / --files-from=/tmp/ROOTFILES \ - -f /$(SNAME).tar --exclude='#*' --exclude='dev/pts/*' \ - --exclude='proc/*' + -f /$(SNAME).tar --exclude='#*' --exclude='dev/pts/*' \ + --exclude='proc/*' --exclude='tmp/ROOTFILES' rm -f /tmp/ROOTFILES tar -x -C /tmp -f /$(SNAME).tar rm -f /$(SNAME).tar diff --git a/lfs/linux b/lfs/linux index d6e227a4ab..59a0b9b314 100644 --- a/lfs/linux +++ b/lfs/linux @@ -27,6 +27,7 @@ include Config VER = 2.4.33 +PATCHLEVEL = 2.4.33.3 THISAPP = linux-$(VER) DL_FILE = $(THISAPP).tar.gz @@ -40,19 +41,19 @@ CXXFLAGS = ifeq "$(ROOT)" "" ifeq "$(LFS_PASS)" "ipfire" ifeq "$(SMP)" "" - TARGET = $(DIR_INFO)/$(THISAPP)-ipfire + TARGET = $(DIR_INFO)/linux-$(PATCHLEVEL)-ipfire endif ifeq "$(SMP)" "1" - TARGET = $(DIR_INFO)/$(THISAPP)-ipfire-smp + TARGET = $(DIR_INFO)/linux-$(PATCHLEVEL)-ipfire-smp endif ifeq "$(SMP)" "installer" - TARGET = $(DIR_INFO)/$(THISAPP)-ipfire-installer + TARGET = $(DIR_INFO)/linux-$(PATCHLEVEL)-ipfire-installer endif else - TARGET = $(DIR_INFO)/$(THISAPP) + TARGET = $(DIR_INFO)/linux-$(PATCHLEVEL) endif else - TARGET = $(DIR_INFO)/$(THISAPP)-tools + TARGET = $(DIR_INFO)/linux-$(PATCHLEVEL)-tools endif ############################################################################### @@ -64,25 +65,26 @@ objects =$(DL_FILE) \ patch-o-matic-ng-20060206.tar.bz2 \ kbc_option_2420.patch \ net4801.kernel.patch_2.4.31 \ - netfilter-layer7-v2.1.tar.gz + netfilter-layer7-v2.1.tar.gz \ + patch-$(PATCHLEVEL).bz2 $(DL_FILE) = $(DL_FROM)/$(DL_FILE) +patch-$(PATCHLEVEL).bz2 = $(DL_FROM)/patch-$(PATCHLEVEL).bz2 openswan-1.0.10rc2.tar.gz = $(URL_IPFIRE)/openswan-1.0.10rc2.tar.gz patch-o-matic-ng-20060206.tar.bz2 = $(URL_IPFIRE)/patch-o-matic-ng-20060206.tar.bz2 iptables-1.3.5.tar.bz2 = $(URL_IPFIRE)/iptables-1.3.5.tar.bz2 kbc_option_2420.patch = $(URL_IPFIRE)/kbc_option_2420.patch net4801.kernel.patch_2.4.31 = $(URL_IPFIRE)/net4801.kernel.patch_2.4.31 netfilter-layer7-v2.1.tar.gz = $(URL_IPFIRE)/netfilter-layer7-v2.1.tar.gz -#bootsplash-3.0.7-2.4.31-vanilla.diff = $(URL_IPFIRE)/bootsplash-3.0.7-2.4.31-vanilla.diff $(DL_FILE)_MD5 = 4d258d4267de64f0a22e23f6ab026990 +patch-$(PATCHLEVEL).bz2_MD5 = 3597da59e82a495d97e1f0ecd8fc5d4d openswan-1.0.10rc2.tar.gz_MD5 = 20d51ff963da78f826f4e0f0ebc4bcef patch-o-matic-ng-20060206.tar.bz2_MD5 = eca9893afb753e331caddfe63142b566 iptables-1.3.5.tar.bz2_MD5 = 00fb916fa8040ca992a5ace56d905ea5 kbc_option_2420.patch_MD5 = 6d37870344f7fcf97ace1fbf43323c60 net4801.kernel.patch_2.4.31_MD5 = c7d64e3caedb2f2b10e1c11db7f73a04 netfilter-layer7-v2.1.tar.gz_MD5 = 551626a158c2a2cbfd937d27ecc7fac1 -#bootsplash-3.0.7-2.4.31-vanilla.diff = 767c263d1d28827d51abc83945e4b893 install : $(TARGET) @@ -112,6 +114,11 @@ $(subst %,%_MD5,$(objects)) : $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) @$(PREBUILD) @rm -rf $(DIR_APP) $(DIR_SRC)/linux && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE) + cd $(DIR_APP) && bzcat $(DIR_DL)/patch-$(PATCHLEVEL).bz2 | patch -p1 + # Remove patch level in EXTRAVERSION. + # We want to avoid the need to supply a full kernel + # (installed in a different place) if only one part could be updated + cd $(DIR_APP) && sed -i -e 's/EXTRAVERSION\ =.*/EXTRAVERSION\ =/' Makefile cd $(DIR_SRC) && ln -sf linux-$(VER) linux cd $(DIR_APP) && sed -i -e 's/-Werror//' drivers/scsi/aic7xxx/Makefile diff --git a/lfs/openssl b/lfs/openssl index fe40b73565..5beb4a24ad 100644 --- a/lfs/openssl +++ b/lfs/openssl @@ -72,11 +72,12 @@ $(subst %,%_MD5,$(objects)) : $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) @$(PREBUILD) @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE) + @rm -rf /etc/ssl cd $(DIR_APP) && sed -i -e 's/-O3/-O2/' -e 's/-m486/-mcpu=i386/' Configure cd $(DIR_APP) && chmod 755 Configure cd $(DIR_APP) && ./config --openssldir=/etc/ssl --prefix=/usr 386 \ no-idea no-threads no-mdc2 no-rc5 no-ec zlib-dynamic shared - cd $(DIR_APP) && sed -i 's%SHLIBDIRS= fips crypto ssl%SHLIBDIRS= crypto ssl%g' Makefile + cd $(DIR_APP) && sed -i 's/^PROCESSOR= 386/PROCESSOR=386/g' Makefile cd $(DIR_APP) && make depend cd $(DIR_APP) && make MANDIR=/usr/share/man cd $(DIR_APP) && make MANDIR=/usr/share/man install diff --git a/lfs/syslinux b/lfs/syslinux index 94035d511b..a22f13f590 100644 --- a/lfs/syslinux +++ b/lfs/syslinux @@ -22,7 +22,7 @@ # ??-12-2003 Mark Wormgoor < mark@wormgoor.com> # # - Modified Makefile for IPCop build # # # -# $Id: syslinux,v 1.6.2.9 2005/02/05 15:38:16 gespinasse Exp $ +# $Id: syslinux,v 1.6.2.11 2006/09/18 06:23:26 gespinasse Exp $ # # ############################################################################### @@ -32,11 +32,11 @@ include Config -VER = 2.11 +VER = 3.20 THISAPP = syslinux-$(VER) DL_FILE = $(THISAPP).tar.gz -DL_FROM = $(URL_KERNEL)/linux/utils/boot/syslinux/Old +DL_FROM = $(URL_IPFIRE) DIR_APP = $(DIR_SRC)/$(THISAPP) TARGET = $(DIR_INFO)/$(THISAPP) @@ -48,7 +48,7 @@ objects = $(DL_FILE) $(DL_FILE) = $(DL_FROM)/$(DL_FILE) -$(DL_FILE)_MD5 = a73c4b32629c925676660c468ef3cf1a +$(DL_FILE)_MD5 = dbb7c5acfa58220a158cd67854ef4625 install : $(TARGET) @@ -78,8 +78,7 @@ $(subst %,%_MD5,$(objects)) : $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) @$(PREBUILD) @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE) - cd $(DIR_APP)/sample && sed -i 's%^CFLAGS.*$$%CFLAGS = $(CFLAGS) -fno-stack-protector -fomit-frame-pointer -I../com32/include%' Makefile - cd $(DIR_APP) && sed -i 's%^CFLAGS.*$$%CFLAGS = $(CFLAGS) -fno-stack-protector -fomit-frame-pointer -D_FILE_OFFSET_BITS=64%' Makefile + cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/syslinux-3.11-nossp.patch cd $(DIR_APP) && make install @rm -rf $(DIR_APP) @$(POSTBUILD) diff --git a/src/ROOTFILES.i386 b/src/ROOTFILES.i386 index 929ac2909a..2b101fe4e9 100644 --- a/src/ROOTFILES.i386 +++ b/src/ROOTFILES.i386 @@ -20995,6 +20995,22 @@ usr/sbin/Fw-usb_A.bin #etc/httpd/conf/extra/httpd-userdir.conf #etc/httpd/conf/extra/httpd-vhosts.conf etc/httpd/conf/httpd.conf +etc/httpd/conf/conf.d +etc/httpd/conf/default-server.conf +etc/httpd/conf/global.conf +etc/httpd/conf/hostname.conf +etc/httpd/conf/httpd.conf +etc/httpd/conf/listen.conf +etc/httpd/conf/loadmodule.conf +etc/httpd/conf/mod_info.conf +etc/httpd/conf/mod_log_config.conf +etc/httpd/conf/mod_status.conf +etc/httpd/conf/server-tuning.conf +etc/httpd/conf/ssl-global.conf +etc/httpd/conf/uid.conf +#etc/httpd/conf/vhosts.d +etc/httpd/conf/vhosts.d/ipfire-interface.conf +etc/httpd/conf/vhosts.d/ipfire-interface-ssl.conf #etc/httpd/conf/magic #etc/httpd/conf/mime.types #etc/httpd/conf/original diff --git a/src/install+setup/setup/passwords.c b/src/install+setup/setup/passwords.c index 37e855cc51..a2f28f97f3 100644 --- a/src/install+setup/setup/passwords.c +++ b/src/install+setup/setup/passwords.c @@ -1,123 +1,123 @@ -/* SmoothWall setup program. - * - * This program is distributed under the terms of the GNU General Public - * Licence. See the file COPYING for details. - * - * (c) Lawrence Manning, 2001 - * Password stuff. - * - * $Id: passwords.c,v 1.5.2.1 2004/04/14 22:05:41 gespinasse Exp $ - * - */ - -#include "setup.h" - -extern FILE *flog; -extern char *mylog; - -extern char **ctr; - -extern int automode; - -int getpassword(char *password, char *text); - -/* Root password. */ -int handlerootpassword(void) -{ - char password[STRING_SIZE]; - char commandstring[STRING_SIZE]; - - /* Root password. */ - if (getpassword(password, ctr[TR_ENTER_ROOT_PASSWORD]) == 2) - return 0; - - snprintf(commandstring, STRING_SIZE, - "/bin/echo 'root:%s' | /usr/sbin/chpasswd", password); - if (runhiddencommandwithstatus(commandstring, ctr[TR_SETTING_ROOT_PASSWORD])) - { - errorbox(ctr[TR_PROBLEM_SETTING_ROOT_PASSWORD]); - return 0; - } - - return 1; -} - -int handleadminpassword(void) -{ - char password[STRING_SIZE]; - char commandstring[STRING_SIZE]; - char message[1000]; - - /* web interface admin password. */ - sprintf(message, ctr[TR_ENTER_ADMIN_PASSWORD], NAME, NAME); - if (getpassword(password, message) == 2) - return 0; - - snprintf(commandstring, STRING_SIZE, - "/usr/bin/htpasswd -c -m -b " CONFIG_ROOT "/auth/users admin '%s'", password); - sprintf(message, ctr[TR_SETTING_ADMIN_PASSWORD], NAME); - if (runhiddencommandwithstatus(commandstring, message)) - { - sprintf(message, ctr[TR_PROBLEM_SETTING_ADMIN_PASSWORD], NAME); - errorbox(message); - return 0; - } - - return 1; -} - -/* Taken from the cdrom one. */ -int getpassword(char *password, char *text) -{ - char *values[] = { NULL, NULL, NULL }; /* pointers for the values. */ - struct newtWinEntry entries[] = - { - { ctr[TR_PASSWORD_PROMPT], &values[0], 2 }, - { ctr[TR_AGAIN_PROMPT], &values[1], 2 }, - { NULL, NULL, 0 } - }; - char title[STRING_SIZE]; - int rc; - int done; - - do - { - done = 1; - sprintf (title, "%s v%s - %s", NAME, VERSION, SLOGAN); - rc = newtWinEntries(title, text, - 50, 5, 5, 20, entries, ctr[TR_OK], ctr[TR_CANCEL], NULL); - - if (rc != 2) - { - if (strlen(values[0]) == 0 || strlen(values[1]) == 0) - { - errorbox(ctr[TR_PASSWORD_CANNOT_BE_BLANK]); - done = 0; - strcpy(values[0], ""); - strcpy(values[1], ""); - } - else if (strcmp(values[0], values[1]) != 0) - { - errorbox(ctr[TR_PASSWORDS_DO_NOT_MATCH]); - done = 0; - strcpy(values[0], ""); - strcpy(values[1], ""); - } - else if (strchr(values[0], ' ')) - { - errorbox(ctr[TR_PASSWORD_CANNOT_CONTAIN_SPACES]); - done = 0; - strcpy(values[0], ""); - strcpy(values[1], ""); - } - } - } - while (!done); - - strncpy(password, values[0], STRING_SIZE); - - if (values[0]) free(values[0]); - if (values[1]) free(values[1]); - - return rc; -} +/* SmoothWall setup program. + * + * This program is distributed under the terms of the GNU General Public + * Licence. See the file COPYING for details. + * + * (c) Lawrence Manning, 2001 + * Password stuff. + * + * $Id: passwords.c,v 1.5.2.1 2004/04/14 22:05:41 gespinasse Exp $ + * + */ + +#include "setup.h" + +extern FILE *flog; +extern char *mylog; + +extern char **ctr; + +extern int automode; + +int getpassword(char *password, char *text); + +/* Root password. */ +int handlerootpassword(void) +{ + char password[STRING_SIZE]; + char commandstring[STRING_SIZE]; + + /* Root password. */ + if (getpassword(password, ctr[TR_ENTER_ROOT_PASSWORD]) == 2) + return 0; + + snprintf(commandstring, STRING_SIZE, + "/bin/echo 'root:%s' | /usr/sbin/chpasswd", password); + if (runhiddencommandwithstatus(commandstring, ctr[TR_SETTING_ROOT_PASSWORD])) + { + errorbox(ctr[TR_PROBLEM_SETTING_ROOT_PASSWORD]); + return 0; + } + + return 1; +} + +int handleadminpassword(void) +{ + char password[STRING_SIZE]; + char commandstring[STRING_SIZE]; + char message[1000]; + + /* web interface admin password. */ + sprintf(message, ctr[TR_ENTER_ADMIN_PASSWORD], NAME, NAME); + if (getpassword(password, message) == 2) + return 0; + + snprintf(commandstring, STRING_SIZE, + "/usr/sbin/htpasswd -c -m -b " CONFIG_ROOT "/auth/users admin '%s'", password); + sprintf(message, ctr[TR_SETTING_ADMIN_PASSWORD], NAME); + if (runhiddencommandwithstatus(commandstring, message)) + { + sprintf(message, ctr[TR_PROBLEM_SETTING_ADMIN_PASSWORD], NAME); + errorbox(message); + return 0; + } + + return 1; +} + +/* Taken from the cdrom one. */ +int getpassword(char *password, char *text) +{ + char *values[] = { NULL, NULL, NULL }; /* pointers for the values. */ + struct newtWinEntry entries[] = + { + { ctr[TR_PASSWORD_PROMPT], &values[0], 2 }, + { ctr[TR_AGAIN_PROMPT], &values[1], 2 }, + { NULL, NULL, 0 } + }; + char title[STRING_SIZE]; + int rc; + int done; + + do + { + done = 1; + sprintf (title, "%s v%s - %s", NAME, VERSION, SLOGAN); + rc = newtWinEntries(title, text, + 50, 5, 5, 20, entries, ctr[TR_OK], ctr[TR_CANCEL], NULL); + + if (rc != 2) + { + if (strlen(values[0]) == 0 || strlen(values[1]) == 0) + { + errorbox(ctr[TR_PASSWORD_CANNOT_BE_BLANK]); + done = 0; + strcpy(values[0], ""); + strcpy(values[1], ""); + } + else if (strcmp(values[0], values[1]) != 0) + { + errorbox(ctr[TR_PASSWORDS_DO_NOT_MATCH]); + done = 0; + strcpy(values[0], ""); + strcpy(values[1], ""); + } + else if (strchr(values[0], ' ')) + { + errorbox(ctr[TR_PASSWORD_CANNOT_CONTAIN_SPACES]); + done = 0; + strcpy(values[0], ""); + strcpy(values[1], ""); + } + } + } + while (!done); + + strncpy(password, values[0], STRING_SIZE); + + if (values[0]) free(values[0]); + if (values[1]) free(values[1]); + + return rc; +}