webadmin/bpfire
1
0
Fork 0
mirror of https://github.com/vincentmli/bpfire.git synced 2026-04-09 18:45:54 +02:00
Code Issues Packages Projects Releases Wiki Activity

Hinzugefuegt:

Browse Source 
* Konfiguration fuer Apache2
Kernelupgrade auf 2.4.33.3
Syslinux-Upgrade
Gefixt:
  * /tmp/ROOTFILES hat nichts in der ISO zu suchen.
  * Fehler im Installer wegen Apache2.


git-svn-id: http://svn.ipfire.org/svn/ipfire/trunk@283 ea5c0bd1-69bd-2848-81d8-4f18e57aeed8
This commit is contained in:
ms
2006-09-18 19:05:20 +00:00
parent ab8d2c724e
commit 90c973a6a7
21 changed files with 657 additions and 300 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
config/httpd/conf.d/php5.conf Normal file
View File

@@ -0,0 +1,14 @@
<IfModule mod_php5.c>
AddType application/x-httpd-php .php3
AddType application/x-httpd-php .php4
AddType application/x-httpd-php .php5
AddType application/x-httpd-php .php
AddType application/x-httpd-php-source .php3s
AddType application/x-httpd-php-source .php4s
AddType application/x-httpd-php-source .php5s
AddType application/x-httpd-php-source .phps
DirectoryIndex index.php3
DirectoryIndex index.php4
DirectoryIndex index.php5
DirectoryIndex index.php
</IfModule>

8
config/httpd/default-server.conf Normal file
View File

@@ -0,0 +1,8 @@
#
# Global configuration that will be applicable for all virtual hosts, unless
# deleted here, or overriden elswhere.
#
DocumentRoot /home/httpd/html
#Include /etc/httpd/conf/conf.d/*.conf

9
config/httpd/global.conf Normal file
View File

@@ -0,0 +1,9 @@
Timeout 300
ServerSignature on
UseCanonicalName off
ServerTokens OS
LogLevel warn
CustomLog /var/log/httpd/access_log combined
Include /etc/httpd/conf/hostname.conf
HostnameLookups off
AddHandler cgi-script .cgi

279
config/httpd/httpd.conf
View File

@@ -1,159 +1,120 @@
##
## httpd.conf -- Apache HTTP server configuration file
##
ServerType standalone
ServerRoot /etc/httpd
LockFile /var/lock/httpd.lock
PidFile /var/run/httpd.pid
ScoreBoardFile /var/run/httpd.scoreboard
Timeout 900
KeepAlive On
MaxKeepAliveRequests 100
KeepAliveTimeout 15
MinSpareServers 1
MaxSpareServers 2
StartServers 2
MaxClients 10
MaxRequestsPerChild 100
Port 81
Listen 81
Listen 444
User nobody
Group nobody
ServerAdmin root@localhost
ServerTokens Prod
DocumentRoot /home/httpd/html
# Limit track/trace requests
RewriteEngine on
RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK|OPTIONS)
RewriteRule .* - [F]
<Directory />
Options None
AllowOverride None
</Directory>
<Directory /home/httpd/html>
Options ExecCGI
AllowOverride None
Order allow,deny
Allow from all
</Directory>
<DirectoryMatch "/home/httpd/html/(graphs|sgraph)">
AuthName "IPFire - Restricted"
AuthType Basic
AuthUserFile /var/ipfire/auth/users
Require user admin
</DirectoryMatch>
ScriptAlias /cgi-bin/ /home/httpd/cgi-bin/
<Directory /home/httpd/cgi-bin>
AllowOverride None
Options None
AuthName "IPFire - Restricted"
AuthType Basic
AuthUserFile /var/ipfire/auth/users
Require user admin
<Files chpasswd.cgi>
Satisfy Any
Allow from All
</Files>
<Files webaccess.cgi>
Satisfy Any
Allow from All
</Files>
<Files credits.cgi>
Satisfy Any
Allow from All
</Files>
<Files dial.cgi>
Require user admin
</Files>
</Directory>
<Directory /home/httpd/cgi-bin/dial>
AllowOverride None
Options None
AuthName "IPFire - Restricted"
AuthType Basic
AuthUserFile /var/ipfire/auth/users
Require user dial admin
</Directory>
<IfModule mod_dir.c>
DirectoryIndex index.html index.htm index.shtml index.cgi
</IfModule>
AccessFileName .htaccess
<Files ~ "^\.ht">
Order allow,deny
Deny from all
</Files>
<IfModule mod_mime.c>
TypesConfig /etc/mime.types
</IfModule>
DefaultType text/plain
HostnameLookups Off
ErrorLog /var/log/httpd/error_log
LogLevel warn
LogFormat "%h %l %u %t \"%r\" %>s %b" common
CustomLog /var/log/httpd/access_log common
ServerSignature Off
AddHandler cgi-script .cgi
<IfModule mod_setenvif.c>
BrowserMatch "Mozilla/2" nokeepalive
BrowserMatch "MSIE 4\.0b2;" nokeepalive downgrade-1.0 force-response-1.0
BrowserMatch "RealPlayer 4\.0" force-response-1.0
BrowserMatch "Java/1\.0" force-response-1.0
BrowserMatch "JDK/1\.0" force-response-1.0
</IfModule>
###
### SSL Configuration
###
AddType application/x-x509-ca-cert .crt
AddType application/x-pkcs7-crl .crl
SSLPassPhraseDialog builtin
SSLSessionCache dbm:/var/log/httpd/ssl_scache
SSLSessionCacheTimeout 900
SSLMutex file:/var/log/httpd/ssl_mutex
SSLRandomSeed startup builtin
SSLRandomSeed connect builtin
SSLLog /var/log/httpd/ssl_engine_log
SSLLogLevel info
<VirtualHost _default_:444>
RewriteEngine on
RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK|OPTIONS)
RewriteRule .* - [F]
DocumentRoot /home/httpd/html
ServerAdmin root@localhost
ErrorLog /var/log/httpd/error_log
TransferLog /var/log/httpd/access_log
SSLEngine on
SSLProtocol all -SSLv2
SSLCipherSuite ALL:!ADH:!EXPORT56:!eNULL:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW:+EXP
SSLCertificateFile /etc/httpd/server.crt
SSLCertificateKeyFile /etc/httpd/server.key
<Files ~ "\.(cgi|shtml?)$">
SSLOptions +StdEnvVars
</Files>
<Directory /home/httpd/cgi-bin>
SSLOptions +StdEnvVars
</Directory>
SetEnv HOME /home/nobody
SetEnvIf User-Agent ".*MSIE.*" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
CustomLog /var/log/httpd/ssl_request_log \
"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
</VirtualHost>
<Directory /home/httpd/html/backup>
Options None
AllowOverride None
AuthName "IPFire - Restricted"
AuthType Basic
AuthUserFile /var/ipfire/auth/users
require user admin
</Directory>
include /etc/httpd/conf/hostname.conf
#
# /etc/httpd/conf/httpd.conf
#
# This is the main Apache2 server configuration file for IPFire.
# Plese do not change this file!
# Overview of include files, chronologically:
#
# httpd.conf
# |
# |-- uid.conf . . . . . . . . . . . . . . UserID/GroupID to run under
# |-- server-tuning.conf . . . . . . . . . sizing of the server (how many processes to start, ...)
# |-- loadmodule.conf . . . . . . . . . . . load these modules
# |-- listen.conf . . . . . . . . . . . . . IP adresses / ports to listen on
# |-- mod_log_config.conf . . . . . . . . . define logging formats
# |-- sysconfig.d/global.conf . . . . . . . server-wide general settings
# |-- mod_status.conf . . . . . . . . . . . restrict access to mod_status (server monitoring)
# |-- mod_info.conf . . . . . . . . . . . . restrict access to mod_info
# |-- mod_usertrack.conf . . . . . . . . . defaults for cookie-based user tracking
# |-- mod_autoindex-defaults.conf . . . . . defaults for displaying of server-generated directory listings
# |-- mod_mime-defaults.conf . . . . . . . defaults for mod_mime configuration
# |-- errors.conf . . . . . . . . . . . . . customize error responses
# |-- ssl-global.conf . . . . . . . . . . . SSL conf that applies to default server _and all_ virtual hosts
# |
# |-- default-server.conf . . . . . . . . . set up the default server that replies to non-virtual-host requests
# |
# `-- vhosts.d/ . . . . . . . . . . . . . . for each virtual host, place one file here
# `-- *.conf . . . . . . . . . . . . . (*.conf is automatically included)
#
### Global Environment ######################################################
#
# The directives in this section affect the overall operation of Apache,
# such as the number of concurrent requests.
# run under this user/group id
Include /etc/httpd/conf/uid.conf
# - how many server processes to start (server pool regulation)
# - usage of KeepAlive
Include /etc/httpd/conf/server-tuning.conf
# ErrorLog: The location of the error log file.
# If you do not specify an ErrorLog directive within a <VirtualHost>
# container, error messages relating to that virtual host will be
# logged here. If you *do* define an error logfile for a <VirtualHost>
# container, that host's errors will be logged there and not here.
ErrorLog /var/log/httpd/error_log
# Load Modules here
Include /etc/httpd/conf/loadmodule.conf
# IP addresses / ports to listen on
Include /etc/httpd/conf/listen.conf
# predefined logging formats
Include /etc/httpd/conf/mod_log_config.conf
# global settings
Include /etc/httpd/conf/global.conf
# optional mod_status, mod_info
#Include /etc/httpd/conf/mod_status.conf
#Include /etc/httpd/conf/mod_info.conf
# associate MIME types with filename extensions
TypesConfig /etc/mime.types
DefaultType text/plain
# global (server-wide) SSL configuration, that is not specific to
# any virtual host
Include /etc/httpd/conf/ssl-global.conf
<Directory />
Options None
AllowOverride None
</Directory>
# use .htaccess files for overriding,
AccessFileName .htaccess
# and never show them
<Files ~ "^\.ht">
Order allow,deny
Deny from all
</Files>
# List of resources to look for when the client requests a directory
DirectoryIndex index.html index.htm index.shtml index.cgi
### 'Main' server configuration #############################################
#
# The directives in this section set up the values used by the 'main'
# server, which responds to any requests that aren't handled by a
# <VirtualHost> definition. These values also provide defaults for
# any <VirtualHost> containers you may define later in the file.
#
# All of these directives may appear inside <VirtualHost> containers,
# in which case these default settings will be overridden for the
# virtual host being defined.
#
Include /etc/httpd/conf/default-server.conf
### Virtual server configuration ############################################
#
# VirtualHost: If you want to maintain multiple domains/hostnames on your
# machine you can setup VirtualHost containers for them. Most configurations
# use only name-based virtual hosts so the server doesn't need to worry about
# IP addresses. This is indicated by the asterisks in the directives below.
#
# Please see the documentation at
# <URL:http://httpd.apache.org/docs-2.0/vhosts/>
# for further details before you try to setup virtual hosts.
#
# You may use the command line option '-S' to verify your virtual host
# configuration.
#
Include /etc/httpd/conf/vhosts.d/*.conf

2
config/httpd/listen.conf Normal file
View File

@@ -0,0 +1,2 @@
Listen 81
Listen 444

51
config/httpd/loadmodule.conf Normal file
View File

@@ -0,0 +1,51 @@
LoadModule authn_file_module /usr/lib/apache/mod_authn_file.so
LoadModule authn_dbm_module /usr/lib/apache/mod_authn_dbm.so
LoadModule authn_anon_module /usr/lib/apache/mod_authn_anon.so
LoadModule authn_dbd_module /usr/lib/apache/mod_authn_dbd.so
LoadModule authn_default_module /usr/lib/apache/mod_authn_default.so
LoadModule authz_host_module /usr/lib/apache/mod_authz_host.so
LoadModule authz_groupfile_module /usr/lib/apache/mod_authz_groupfile.so
LoadModule authz_user_module /usr/lib/apache/mod_authz_user.so
LoadModule authz_dbm_module /usr/lib/apache/mod_authz_dbm.so
LoadModule authz_owner_module /usr/lib/apache/mod_authz_owner.so
LoadModule authz_default_module /usr/lib/apache/mod_authz_default.so
LoadModule auth_basic_module /usr/lib/apache/mod_auth_basic.so
LoadModule auth_digest_module /usr/lib/apache/mod_auth_digest.so
#LoadModule dbd_module /usr/lib/apache/mod_dbd.so
LoadModule dumpio_module /usr/lib/apache/mod_dumpio.so
LoadModule ext_filter_module /usr/lib/apache/mod_ext_filter.so
LoadModule include_module /usr/lib/apache/mod_include.so
LoadModule filter_module /usr/lib/apache/mod_filter.so
LoadModule deflate_module /usr/lib/apache/mod_deflate.so
LoadModule log_config_module /usr/lib/apache/mod_log_config.so
LoadModule log_forensic_module /usr/lib/apache/mod_log_forensic.so
LoadModule logio_module /usr/lib/apache/mod_logio.so
LoadModule env_module /usr/lib/apache/mod_env.so
LoadModule mime_magic_module /usr/lib/apache/mod_mime_magic.so
LoadModule cern_meta_module /usr/lib/apache/mod_cern_meta.so
LoadModule expires_module /usr/lib/apache/mod_expires.so
LoadModule headers_module /usr/lib/apache/mod_headers.so
LoadModule ident_module /usr/lib/apache/mod_ident.so
LoadModule usertrack_module /usr/lib/apache/mod_usertrack.so
LoadModule unique_id_module /usr/lib/apache/mod_unique_id.so
LoadModule setenvif_module /usr/lib/apache/mod_setenvif.so
LoadModule version_module /usr/lib/apache/mod_version.so
LoadModule mime_module /usr/lib/apache/mod_mime.so
LoadModule dav_module /usr/lib/apache/mod_dav.so
LoadModule status_module /usr/lib/apache/mod_status.so
LoadModule autoindex_module /usr/lib/apache/mod_autoindex.so
LoadModule asis_module /usr/lib/apache/mod_asis.so
LoadModule info_module /usr/lib/apache/mod_info.so
LoadModule cgi_module /usr/lib/apache/mod_cgi.so
LoadModule dav_fs_module /usr/lib/apache/mod_dav_fs.so
LoadModule vhost_alias_module /usr/lib/apache/mod_vhost_alias.so
LoadModule negotiation_module /usr/lib/apache/mod_negotiation.so
LoadModule dir_module /usr/lib/apache/mod_dir.so
LoadModule imagemap_module /usr/lib/apache/mod_imagemap.so
LoadModule actions_module /usr/lib/apache/mod_actions.so
LoadModule speling_module /usr/lib/apache/mod_speling.so
LoadModule userdir_module /usr/lib/apache/mod_userdir.so
LoadModule alias_module /usr/lib/apache/mod_alias.so
LoadModule rewrite_module /usr/lib/apache/mod_rewrite.so
LoadModule ssl_module /usr/lib/apache/mod_ssl.so
LoadModule php5_module /usr/lib/apache/libphp5.so

14
config/httpd/mod_info.conf Normal file
View File

@@ -0,0 +1,14 @@
#
# Allow remote server configuration reports, with the URL of
# http://servername/server-info (requires that mod_info.c be loaded).
#
# see http://httpd.apache.org/docs-2.0/mod/mod_info.html
#
<IfModule mod_info.c>
<Location /server-info>
SetHandler server-info
Order deny,allow
Deny from all
Allow from localhost
</Location>
</IfModule>

31
config/httpd/mod_log_config.conf Normal file
View File

@@ -0,0 +1,31 @@
#
# The following directives define some format nicknames for use with
# a CustomLog directive.
#
#
# Format string: Nickname:
#
LogFormat "%h %l %u %t \"%r\" %>s %b" common
LogFormat "%v %h %l %u %t \"%r\" %>s %b" vhost_common
LogFormat "%{Referer}i -> %U" referer
LogFormat "%{User-agent}i" agent
LogFormat "%h %l %u %t \"%r\" %>s %b \
\"%{Referer}i\" \"%{User-Agent}i\"" combined
LogFormat "%v %h %l %u %t \"%r\" %>s %b \
\"%{Referer}i\" \"%{User-Agent}i\"" vhost_combined
# To use %I and %O, you need to enable mod_logio
<IfModule mod_logio.c>
LogFormat "%h %l %u %t \"%r\" %>s %b \
\"%{Referer}i\" \"%{User-Agent}i\" %I %O" combinedio
</IfModule>
# Use one of these when you want a compact non-error SSL logfile on a virtual
# host basis:
<IfModule mod_ssl.c>
Logformat "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \
\"%r\" %b" ssl_common
Logformat "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \
\"%r\" %b \"%{Referer}i\" \"%{User-Agent}i\"" ssl_combined
</IfModule>

14
config/httpd/mod_status.conf Normal file
View File

@@ -0,0 +1,14 @@
#
# Allow server status reports generated by mod_status,
# with the URL of http://servername/server-status
#
# see http://httpd.apache.org/docs-2.0/mod/mod_status.html
#
<IfModule mod_status.c>
<Location /server-status>
SetHandler server-status
Order deny,allow
Deny from all
Allow from localhost
</Location>
</IfModule>

34
config/httpd/server-tuning.conf Normal file
View File

@@ -0,0 +1,34 @@
#
# KeepAlive: Whether or not to allow persistent connections (more than
# one request per connection). Set to "Off" to deactivate.
#
KeepAlive On
#
# MaxKeepAliveRequests: The maximum number of requests to allow
# during a persistent connection. Set to 0 to allow an unlimited amount.
# We recommend you leave this number high, for maximum performance.
#
MaxKeepAliveRequests 100
#
# KeepAliveTimeout: Number of seconds to wait for the next request from the
# same client on the same connection.
#
KeepAliveTimeout 15
MinSpareServers 1
MaxSpareServers 2
StartServers 2
MaxClients 10
MaxRequestsPerChild 100
#
# The following directives modify normal HTTP response behavior to
# handle known problems with browser implementations.
#
BrowserMatch "Mozilla/2" nokeepalive
BrowserMatch "MSIE 4\.0b2;" nokeepalive downgrade-1.0 force-response-1.0
BrowserMatch "RealPlayer 4\.0" force-response-1.0
BrowserMatch "Java/1\.0" force-response-1.0
BrowserMatch "JDK/1\.0" force-response-1.0

69
config/httpd/ssl-global.conf Normal file
View File

@@ -0,0 +1,69 @@
##
## SSL Global Context
##
## All SSL configuration in this context applies both to
## the main server and all SSL-enabled virtual hosts.
##
# These are the configuration directives to instruct the server how to
# serve pages over an https connection. For detailing information about these
# directives see <URL:http://httpd.apache.org/docs-2.0/mod/mod_ssl.html>
#
# Do NOT simply read the instructions in here without understanding
# what they do. They're here only as hints or reminders. If you are unsure
# consult the online docs. You have been warned.
# This global SSL configuration is ignored if
# "SSL" is not defined, or if "NOSSL" is defined.
<IfDefine SSL>
<IfDefine !NOSSL>
<IfModule mod_ssl.c>
#
# Some MIME-types for downloading Certificates and CRLs
#
AddType application/x-x509-ca-cert .crt
AddType application/x-pkcs7-crl .crl
# Pass Phrase Dialog:
# Configure the pass phrase gathering process.
# The filtering dialog program (`builtin' is a internal
# terminal dialog) has to provide the pass phrase on stdout.
SSLPassPhraseDialog builtin
# Inter-Process Session Cache:
# Configure the SSL Session Cache: First the mechanism
# to use and second the expiring timeout (in seconds).
# shm means the same as shmht.
# Note that on most platforms shared memory segments are not allowed to be on
# network-mounted drives, so in that case you need to use the dbm method.
#SSLSessionCache none
#SSLSessionCache dbm:/var/log/httpd/ssl_scache
#SSLSessionCache shmht:/var/log/httpd/ssl_scache(512000)
SSLSessionCache shmcb:/var/log/httpd/ssl_scache(512000)
SSLSessionCacheTimeout 900
# Semaphore:
# Configure the path to the mutual exclusion semaphore the
# SSL engine uses internally for inter-process synchronization.
SSLMutex file:/var/log/httpd/ssl_mutex
# Pseudo Random Number Generator (PRNG):
# Configure one or more sources to seed the PRNG of the
# SSL library. The seed data should be of good random quality.
# WARNING! On some platforms /dev/random blocks if not enough entropy
# is available. This means you then cannot use the /dev/random device
# because it would lead to very long connection times (as long as
# it requires to make more entropy available). But usually those
# platforms additionally provide a /dev/urandom device which doesn't
# block. So, if available, use this one instead. Read the mod_ssl User
# Manual for more details.
SSLRandomSeed startup builtin
SSLRandomSeed connect builtin
SSLLog /var/log/httpd/ssl_engine_log
SSLLogLevel info
</IfModule>
</IfDefine>
</IfDefine>

2
config/httpd/uid.conf Normal file
View File

@@ -0,0 +1,2 @@
User nobody
Group nobody

71
config/httpd/vhosts.d/ipfire-interface-ssl.conf Normal file
View File

@@ -0,0 +1,71 @@
<VirtualHost *:444>
RewriteEngine on
RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK|OPTIONS)
RewriteRule .* - [F]
DocumentRoot /home/httpd/html
ServerAdmin root@localhost
ErrorLog /var/log/httpd/error_log
TransferLog /var/log/httpd/access_log
SSLEngine on
SSLProtocol all -SSLv2
SSLCipherSuite ALL:!ADH:!EXPORT56:!eNULL:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW:+EXP
SSLCertificateFile /etc/httpd/server.crt
SSLCertificateKeyFile /etc/httpd/server.key
<Directory /home/httpd/html>
Options ExecCGI
AllowOverride None
Order allow,deny
Allow from all
</Directory>
<DirectoryMatch "/home/httpd/html/(graphs|sgraph)">
AuthName "IPFire - Restricted"
AuthType Basic
AuthUserFile /var/ipfire/auth/users
Require user admin
</DirectoryMatch>
ScriptAlias /cgi-bin/ /home/httpd/cgi-bin/
<Directory /home/httpd/cgi-bin>
AllowOverride None
Options None
AuthName "IPFire - Restricted"
AuthType Basic
AuthUserFile /var/ipfire/auth/users
Require user admin
<Files chpasswd.cgi>
Satisfy Any
Allow from All
</Files>
<Files webaccess.cgi>
Satisfy Any
Allow from All
</Files>
<Files credits.cgi>
Satisfy Any
Allow from All
</Files>
<Files dial.cgi>
Require user admin
</Files>
</Directory>
<Directory /home/httpd/cgi-bin/dial>
AllowOverride None
Options None
AuthName "IPFire - Restricted"
AuthType Basic
AuthUserFile /var/ipfire/auth/users
Require user dial admin
</Directory>
<Files ~ "\.(cgi|shtml?)$">
SSLOptions +StdEnvVars
</Files>
<Directory /home/httpd/cgi-bin>
SSLOptions +StdEnvVars
</Directory>
SetEnv HOME /home/nobody
SetEnvIf User-Agent ".*MSIE.*" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
CustomLog /var/log/httpd/ssl_request_log \
"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
</VirtualHost>

54
config/httpd/vhosts.d/ipfire-interface.conf Normal file
View File

@@ -0,0 +1,54 @@
<VirtualHost *:81>
DocumentRoot /home/httpd/html
RewriteEngine on
RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK|OPTIONS)
RewriteRule .* - [F]
<Directory /home/httpd/html>
Options ExecCGI
AllowOverride None
Order allow,deny
Allow from all
</Directory>
<DirectoryMatch "/home/httpd/html/(graphs|sgraph)">
AuthName "IPFire - Restricted"
AuthType Basic
AuthUserFile /var/ipfire/auth/users
Require user admin
</DirectoryMatch>
ScriptAlias /cgi-bin/ /home/httpd/cgi-bin/
<Directory /home/httpd/cgi-bin>
AllowOverride None
Options None
AuthName "IPFire - Restricted"
AuthType Basic
AuthUserFile /var/ipfire/auth/users
Require user admin
<Files chpasswd.cgi>
Satisfy Any
Allow from All
</Files>
<Files webaccess.cgi>
Satisfy Any
Allow from All
</Files>
<Files credits.cgi>
Satisfy Any
Allow from All
</Files>
<Files dial.cgi>
Require user admin
</Files>
</Directory>
<Directory /home/httpd/cgi-bin/dial>
AllowOverride None
Options None
AuthName "IPFire - Restricted"
AuthType Basic
AuthUserFile /var/ipfire/auth/users
Require user dial admin
</Directory>
</VirtualHost>

2
lfs/apache2
View File

@@ -117,7 +117,7 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
/usr/share/man/man8/{ab,apachectl,apxs,htcacheclean,httpd}.8 \
/usr/share/man/man8/{logresolve,rotatelogs,suexec}.8
sed 's+CONFIG_ROOT+$(CONFIG_ROOT)+g' $(DIR_SRC)/config/httpd/httpd.conf > /etc/httpd/conf/httpd.conf
cp -rf $(DIR_CONF)/httpd/* /etc/httpd/conf
ln -sf $(CONFIG_ROOT)/main/hostname.conf /etc/httpd/conf/
# Copy all html/cgi-bin files

4
lfs/cdrom
View File

@@ -89,8 +89,8 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
mkdir -p /install/cdrom/{doc,dosutils,images}
sed -e "s/KVER/$(KVER)/g" $(DIR_SRC)/src/ROOTFILES.$(MACHINE) > /tmp/ROOTFILES
tar -c -C / --files-from=/tmp/ROOTFILES \
-f /$(SNAME).tar --exclude='#*' --exclude='dev/pts/*' \
--exclude='proc/*'
-f /$(SNAME).tar --exclude='#*' --exclude='dev/pts/*' \
--exclude='proc/*' --exclude='tmp/ROOTFILES'
rm -f /tmp/ROOTFILES
tar -x -C /tmp -f /$(SNAME).tar
rm -f /$(SNAME).tar

23
lfs/linux
View File

@@ -27,6 +27,7 @@
include Config
VER = 2.4.33
PATCHLEVEL = 2.4.33.3
THISAPP = linux-$(VER)
DL_FILE = $(THISAPP).tar.gz
@@ -40,19 +41,19 @@ CXXFLAGS =
ifeq "$(ROOT)" ""
ifeq "$(LFS_PASS)" "ipfire"
ifeq "$(SMP)" ""
TARGET = $(DIR_INFO)/$(THISAPP)-ipfire
TARGET = $(DIR_INFO)/linux-$(PATCHLEVEL)-ipfire
endif
ifeq "$(SMP)" "1"
TARGET = $(DIR_INFO)/$(THISAPP)-ipfire-smp
TARGET = $(DIR_INFO)/linux-$(PATCHLEVEL)-ipfire-smp
endif
ifeq "$(SMP)" "installer"
TARGET = $(DIR_INFO)/$(THISAPP)-ipfire-installer
TARGET = $(DIR_INFO)/linux-$(PATCHLEVEL)-ipfire-installer
endif
else
TARGET = $(DIR_INFO)/$(THISAPP)
TARGET = $(DIR_INFO)/linux-$(PATCHLEVEL)
endif
else
TARGET = $(DIR_INFO)/$(THISAPP)-tools
TARGET = $(DIR_INFO)/linux-$(PATCHLEVEL)-tools
endif
###############################################################################
@@ -64,25 +65,26 @@ objects =$(DL_FILE) \
patch-o-matic-ng-20060206.tar.bz2 \
kbc_option_2420.patch \
net4801.kernel.patch_2.4.31 \
netfilter-layer7-v2.1.tar.gz
netfilter-layer7-v2.1.tar.gz \
patch-$(PATCHLEVEL).bz2
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
patch-$(PATCHLEVEL).bz2 = $(DL_FROM)/patch-$(PATCHLEVEL).bz2
openswan-1.0.10rc2.tar.gz = $(URL_IPFIRE)/openswan-1.0.10rc2.tar.gz
patch-o-matic-ng-20060206.tar.bz2 = $(URL_IPFIRE)/patch-o-matic-ng-20060206.tar.bz2
iptables-1.3.5.tar.bz2 = $(URL_IPFIRE)/iptables-1.3.5.tar.bz2
kbc_option_2420.patch = $(URL_IPFIRE)/kbc_option_2420.patch
net4801.kernel.patch_2.4.31 = $(URL_IPFIRE)/net4801.kernel.patch_2.4.31
netfilter-layer7-v2.1.tar.gz = $(URL_IPFIRE)/netfilter-layer7-v2.1.tar.gz
#bootsplash-3.0.7-2.4.31-vanilla.diff = $(URL_IPFIRE)/bootsplash-3.0.7-2.4.31-vanilla.diff
$(DL_FILE)_MD5 = 4d258d4267de64f0a22e23f6ab026990
patch-$(PATCHLEVEL).bz2_MD5 = 3597da59e82a495d97e1f0ecd8fc5d4d
openswan-1.0.10rc2.tar.gz_MD5 = 20d51ff963da78f826f4e0f0ebc4bcef
patch-o-matic-ng-20060206.tar.bz2_MD5 = eca9893afb753e331caddfe63142b566
iptables-1.3.5.tar.bz2_MD5 = 00fb916fa8040ca992a5ace56d905ea5
kbc_option_2420.patch_MD5 = 6d37870344f7fcf97ace1fbf43323c60
net4801.kernel.patch_2.4.31_MD5 = c7d64e3caedb2f2b10e1c11db7f73a04
netfilter-layer7-v2.1.tar.gz_MD5 = 551626a158c2a2cbfd937d27ecc7fac1
#bootsplash-3.0.7-2.4.31-vanilla.diff = 767c263d1d28827d51abc83945e4b893
install : $(TARGET)
@@ -112,6 +114,11 @@ $(subst %,%_MD5,$(objects)) :
$(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
@$(PREBUILD)
@rm -rf $(DIR_APP) $(DIR_SRC)/linux && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE)
cd $(DIR_APP) && bzcat $(DIR_DL)/patch-$(PATCHLEVEL).bz2 | patch -p1
# Remove patch level in EXTRAVERSION.
# We want to avoid the need to supply a full kernel
# (installed in a different place) if only one part could be updated
cd $(DIR_APP) && sed -i -e 's/EXTRAVERSION\ =.*/EXTRAVERSION\ =/' Makefile
cd $(DIR_SRC) && ln -sf linux-$(VER) linux
cd $(DIR_APP) && sed -i -e 's/-Werror//' drivers/scsi/aic7xxx/Makefile

3
lfs/openssl
View File

@@ -72,11 +72,12 @@ $(subst %,%_MD5,$(objects)) :
$(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
@$(PREBUILD)
@rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE)
@rm -rf /etc/ssl
cd $(DIR_APP) && sed -i -e 's/-O3/-O2/' -e 's/-m486/-mcpu=i386/' Configure
cd $(DIR_APP) && chmod 755 Configure
cd $(DIR_APP) && ./config --openssldir=/etc/ssl --prefix=/usr 386 \
no-idea no-threads no-mdc2 no-rc5 no-ec zlib-dynamic shared
cd $(DIR_APP) && sed -i 's%SHLIBDIRS= fips crypto ssl%SHLIBDIRS= crypto ssl%g' Makefile
cd $(DIR_APP) && sed -i 's/^PROCESSOR= 386/PROCESSOR=386/g' Makefile
cd $(DIR_APP) && make depend
cd $(DIR_APP) && make MANDIR=/usr/share/man
cd $(DIR_APP) && make MANDIR=/usr/share/man install

11
lfs/syslinux
View File

@@ -22,7 +22,7 @@
# ??-12-2003 Mark Wormgoor < mark@wormgoor.com> #
# - Modified Makefile for IPCop build #
# #
# $Id: syslinux,v 1.6.2.9 2005/02/05 15:38:16 gespinasse Exp $
# $Id: syslinux,v 1.6.2.11 2006/09/18 06:23:26 gespinasse Exp $
# #
###############################################################################
@@ -32,11 +32,11 @@
include Config
VER = 2.11
VER = 3.20
THISAPP = syslinux-$(VER)
DL_FILE = $(THISAPP).tar.gz
DL_FROM = $(URL_KERNEL)/linux/utils/boot/syslinux/Old
DL_FROM = $(URL_IPFIRE)
DIR_APP = $(DIR_SRC)/$(THISAPP)
TARGET = $(DIR_INFO)/$(THISAPP)
@@ -48,7 +48,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
$(DL_FILE)_MD5 = a73c4b32629c925676660c468ef3cf1a
$(DL_FILE)_MD5 = dbb7c5acfa58220a158cd67854ef4625
install : $(TARGET)
@@ -78,8 +78,7 @@ $(subst %,%_MD5,$(objects)) :
$(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
@$(PREBUILD)
@rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE)
cd $(DIR_APP)/sample && sed -i 's%^CFLAGS.*$$%CFLAGS = $(CFLAGS) -fno-stack-protector -fomit-frame-pointer -I../com32/include%' Makefile
cd $(DIR_APP) && sed -i 's%^CFLAGS.*$$%CFLAGS = $(CFLAGS) -fno-stack-protector -fomit-frame-pointer -D_FILE_OFFSET_BITS=64%' Makefile
cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/syslinux-3.11-nossp.patch
cd $(DIR_APP) && make install
@rm -rf $(DIR_APP)
@$(POSTBUILD)

16
src/ROOTFILES.i386
View File

@@ -20995,6 +20995,22 @@ usr/sbin/Fw-usb_A.bin
#etc/httpd/conf/extra/httpd-userdir.conf
#etc/httpd/conf/extra/httpd-vhosts.conf
etc/httpd/conf/httpd.conf
etc/httpd/conf/conf.d
etc/httpd/conf/default-server.conf
etc/httpd/conf/global.conf
etc/httpd/conf/hostname.conf
etc/httpd/conf/httpd.conf
etc/httpd/conf/listen.conf
etc/httpd/conf/loadmodule.conf
etc/httpd/conf/mod_info.conf
etc/httpd/conf/mod_log_config.conf
etc/httpd/conf/mod_status.conf
etc/httpd/conf/server-tuning.conf
etc/httpd/conf/ssl-global.conf
etc/httpd/conf/uid.conf
#etc/httpd/conf/vhosts.d
etc/httpd/conf/vhosts.d/ipfire-interface.conf
etc/httpd/conf/vhosts.d/ipfire-interface-ssl.conf
#etc/httpd/conf/magic
#etc/httpd/conf/mime.types
#etc/httpd/conf/original

246
src/install+setup/setup/passwords.c
View File

@@ -1,123 +1,123 @@
/* SmoothWall setup program.
*
* This program is distributed under the terms of the GNU General Public
* Licence. See the file COPYING for details.
*
* (c) Lawrence Manning, 2001
* Password stuff.
*
* $Id: passwords.c,v 1.5.2.1 2004/04/14 22:05:41 gespinasse Exp $
*
*/
#include "setup.h"
extern FILE *flog;
extern char *mylog;
extern char **ctr;
extern int automode;
int getpassword(char *password, char *text);
/* Root password. */
int handlerootpassword(void)
{
char password[STRING_SIZE];
char commandstring[STRING_SIZE];
/* Root password. */
if (getpassword(password, ctr[TR_ENTER_ROOT_PASSWORD]) == 2)
return 0;
snprintf(commandstring, STRING_SIZE,
"/bin/echo 'root:%s' | /usr/sbin/chpasswd", password);
if (runhiddencommandwithstatus(commandstring, ctr[TR_SETTING_ROOT_PASSWORD]))
{
errorbox(ctr[TR_PROBLEM_SETTING_ROOT_PASSWORD]);
return 0;
}
return 1;
}
int handleadminpassword(void)
{
char password[STRING_SIZE];
char commandstring[STRING_SIZE];
char message[1000];
/* web interface admin password. */
sprintf(message, ctr[TR_ENTER_ADMIN_PASSWORD], NAME, NAME);
if (getpassword(password, message) == 2)
return 0;
snprintf(commandstring, STRING_SIZE,
"/usr/bin/htpasswd -c -m -b " CONFIG_ROOT "/auth/users admin '%s'", password);
sprintf(message, ctr[TR_SETTING_ADMIN_PASSWORD], NAME);
if (runhiddencommandwithstatus(commandstring, message))
{
sprintf(message, ctr[TR_PROBLEM_SETTING_ADMIN_PASSWORD], NAME);
errorbox(message);
return 0;
}
return 1;
}
/* Taken from the cdrom one. */
int getpassword(char *password, char *text)
{
char *values[] = { NULL, NULL, NULL }; /* pointers for the values. */
struct newtWinEntry entries[] =
{
{ ctr[TR_PASSWORD_PROMPT], &values[0], 2 },
{ ctr[TR_AGAIN_PROMPT], &values[1], 2 },
{ NULL, NULL, 0 }
};
char title[STRING_SIZE];
int rc;
int done;
do
{
done = 1;
sprintf (title, "%s v%s - %s", NAME, VERSION, SLOGAN);
rc = newtWinEntries(title, text,
50, 5, 5, 20, entries, ctr[TR_OK], ctr[TR_CANCEL], NULL);
if (rc != 2)
{
if (strlen(values[0]) == 0 || strlen(values[1]) == 0)
{
errorbox(ctr[TR_PASSWORD_CANNOT_BE_BLANK]);
done = 0;
strcpy(values[0], "");
strcpy(values[1], "");
}
else if (strcmp(values[0], values[1]) != 0)
{
errorbox(ctr[TR_PASSWORDS_DO_NOT_MATCH]);
done = 0;
strcpy(values[0], "");
strcpy(values[1], "");
}
else if (strchr(values[0], ' '))
{
errorbox(ctr[TR_PASSWORD_CANNOT_CONTAIN_SPACES]);
done = 0;
strcpy(values[0], "");
strcpy(values[1], "");
}
}
}
while (!done);
strncpy(password, values[0], STRING_SIZE);
if (values[0]) free(values[0]);
if (values[1]) free(values[1]);
return rc;
}
/* SmoothWall setup program.
*
* This program is distributed under the terms of the GNU General Public
* Licence. See the file COPYING for details.
*
* (c) Lawrence Manning, 2001
* Password stuff.
*
* $Id: passwords.c,v 1.5.2.1 2004/04/14 22:05:41 gespinasse Exp $
*
*/
#include "setup.h"
extern FILE *flog;
extern char *mylog;
extern char **ctr;
extern int automode;
int getpassword(char *password, char *text);
/* Root password. */
int handlerootpassword(void)
{
char password[STRING_SIZE];
char commandstring[STRING_SIZE];
/* Root password. */
if (getpassword(password, ctr[TR_ENTER_ROOT_PASSWORD]) == 2)
return 0;
snprintf(commandstring, STRING_SIZE,
"/bin/echo 'root:%s' | /usr/sbin/chpasswd", password);
if (runhiddencommandwithstatus(commandstring, ctr[TR_SETTING_ROOT_PASSWORD]))
{
errorbox(ctr[TR_PROBLEM_SETTING_ROOT_PASSWORD]);
return 0;
}
return 1;
}
int handleadminpassword(void)
{
char password[STRING_SIZE];
char commandstring[STRING_SIZE];
char message[1000];
/* web interface admin password. */
sprintf(message, ctr[TR_ENTER_ADMIN_PASSWORD], NAME, NAME);
if (getpassword(password, message) == 2)
return 0;
snprintf(commandstring, STRING_SIZE,
"/usr/sbin/htpasswd -c -m -b " CONFIG_ROOT "/auth/users admin '%s'", password);
sprintf(message, ctr[TR_SETTING_ADMIN_PASSWORD], NAME);
if (runhiddencommandwithstatus(commandstring, message))
{
sprintf(message, ctr[TR_PROBLEM_SETTING_ADMIN_PASSWORD], NAME);
errorbox(message);
return 0;
}
return 1;
}
/* Taken from the cdrom one. */
int getpassword(char *password, char *text)
{
char *values[] = { NULL, NULL, NULL }; /* pointers for the values. */
struct newtWinEntry entries[] =
{
{ ctr[TR_PASSWORD_PROMPT], &values[0], 2 },
{ ctr[TR_AGAIN_PROMPT], &values[1], 2 },
{ NULL, NULL, 0 }
};
char title[STRING_SIZE];
int rc;
int done;
do
{
done = 1;
sprintf (title, "%s v%s - %s", NAME, VERSION, SLOGAN);
rc = newtWinEntries(title, text,
50, 5, 5, 20, entries, ctr[TR_OK], ctr[TR_CANCEL], NULL);
if (rc != 2)
{
if (strlen(values[0]) == 0 || strlen(values[1]) == 0)
{
errorbox(ctr[TR_PASSWORD_CANNOT_BE_BLANK]);
done = 0;
strcpy(values[0], "");
strcpy(values[1], "");
}
else if (strcmp(values[0], values[1]) != 0)
{
errorbox(ctr[TR_PASSWORDS_DO_NOT_MATCH]);
done = 0;
strcpy(values[0], "");
strcpy(values[1], "");
}
else if (strchr(values[0], ' '))
{
errorbox(ctr[TR_PASSWORD_CANNOT_CONTAIN_SPACES]);
done = 0;
strcpy(values[0], "");
strcpy(values[1], "");
}
}
}
while (!done);
strncpy(password, values[0], STRING_SIZE);
if (values[0]) free(values[0]);
if (values[1]) free(values[1]);
return rc;
}