From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from pigeon.gentoo.org ([208.92.234.80] helo=lists.gentoo.org) by finch.gentoo.org with esmtp (Exim 4.60) (envelope-from ) id 1RDLXk-0004bf-1V for garchives@archives.gentoo.org; Mon, 10 Oct 2011 19:29:44 +0000 Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 4446021C1E7; Mon, 10 Oct 2011 19:29:30 +0000 (UTC) Received: from mail-wy0-f181.google.com (mail-wy0-f181.google.com [74.125.82.181]) by pigeon.gentoo.org (Postfix) with ESMTP id 1F8FF21C100 for ; Mon, 10 Oct 2011 19:28:21 +0000 (UTC) Received: by wyf19 with SMTP id 19so8228751wyf.40 for ; Mon, 10 Oct 2011 12:28:21 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type:content-transfer-encoding; bh=+x8Q3yiyyhjBOQOC9rvnJyhbHrNJztTC/T4tQBEyPxc=; b=eKn4wXqwaQOk034bQDNGTUz4wGLzKXjWzC7Ju5yj6DkbcPTZf3i1ILfIHw8sfuIG0J E2TujTF6GZMOIup4QtT56nISRNJY4iAYHrN1I4w9gn+0JCr1Drn3Vav9bu3feH9G+ON6 7LA7uU2AdyHhsfk9YMcxMcQA5vsrt751rNr1g= Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-user@lists.gentoo.org Reply-to: gentoo-user@lists.gentoo.org MIME-Version: 1.0 Received: by 10.216.183.70 with SMTP id p48mr6324568wem.109.1318274901248; Mon, 10 Oct 2011 12:28:21 -0700 (PDT) Received: by 10.216.234.130 with HTTP; Mon, 10 Oct 2011 12:28:21 -0700 (PDT) In-Reply-To: <20111010191322.GA4152@solfire> References: <20111010173352.GA2844@solfire> <20111010184517.GB2844@solfire> <20111010191322.GA4152@solfire> Date: Mon, 10 Oct 2011 12:28:21 -0700 Message-ID: Subject: Re: [gentoo-user] Re: transferring contents of /etc/conf.d to the config files From: =?UTF-8?B?Q2FuZWsgUGVsw6FleiBWYWxkw6lz?= To: gentoo-user@lists.gentoo.org Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable X-Archives-Salt: X-Archives-Hash: ae28d73e5debef7056a378109f0936aa On Mon, Oct 10, 2011 at 12:13 PM, wrote: > Nikos Chantziaras [11-10-10 20:56]: >> On 10/10/2011 09:45 PM, meino.cramer@gmx.de wrote: >> >Nikos Chantziaras =C2=A0[11-10-10 19:52]: >> >>On 10/10/2011 08:33 PM, meino.cramer@gmx.de wrote: >> >>>Hi, >> >>> >> >>>I have read several docs to figure out this...all docs do changes >> >>>in /etc/conf.d but I found no hint how to transfer that settings >> >>>to the "real" configuration files of the according programs. >> >> >> >>These *are* real configuration files and you don't need to transfer >> >>anything. >> >> >> >> >> > >> >The reason I thought, that those settings in /etc/conf.d is due >> >to a warning of the rkhunter tool: >> > >> >[03:23:21] Performing system configuration file checks >> >[03:23:21] Info: Starting test name 'system_configs' >> >[03:23:21] =C2=A0 Checking for SSH configuration file =C2=A0 =C2=A0 =C2= =A0 =C2=A0 =C2=A0 =C2=A0 [ Found ] >> >[03:23:21] Info: Found SSH configuration file: /etc/ssh/sshd_config >> >[03:23:21] Info: Rkhunter option ALLOW_SSH_ROOT_USER set to 'no'. >> >[03:23:21] Info: Rkhunter option ALLOW_SSH_PROT_V1 set to '0'. >> >[03:23:21] =C2=A0 Checking if SSH root access is allowed =C2=A0 =C2=A0 = =C2=A0 =C2=A0 =C2=A0[ Warning >> >] >> >[03:23:21] Warning: The SSH configuration option 'PermitRootLogin' has >> >not been set. >> > =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0The default value may be 'yes= ', to allow root access. >> >[03:23:21] =C2=A0 Checking if SSH protocol v1 is allowed =C2=A0 =C2=A0 = =C2=A0 =C2=A0 =C2=A0[ Warning >> >] >> >[03:23:21] Warning: The SSH configuration option 'Protocol' has not >> >been set. >> > =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0The default value may be '2,1= ', to allow the use of >> >protocol version 1. >> >[03:23:22] =C2=A0 Checking for running syslog daemon =C2=A0 =C2=A0 =C2= =A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0[ Not >> >found ] >> >[03:23:22] Info: The syslog daemon is not running, but a metalog >> >daemon has been found. >> >[03:23:22] =C2=A0 Checking for syslog configuration file =C2=A0 =C2=A0 = =C2=A0 =C2=A0 =C2=A0[ Not >> >found ] >> > >> >Now I see, that it seems to check simply the wrong file. >> > >> >I think it would be an idea to patch rkhunter to be more compliant to >> >the setup of the gentoo system ?! >> > From own experience I know that a lot false warnings of such tools >> >dull the sigth on to the real threads... >> >> It's checking the correct file. =C2=A0Simply edit /etc/ssh/sshd_config t= o >> your liking. =C2=A0/etc/conf.d/ is not for those kind of settings; it's >> read-in by Gentoo's init system and other infrastructure. >> >> > > Now I am a little more confused... > > What is the purpose of this file? =C2=A0: > > =C2=A0 =C2=A0/etc/conf.d/sshd > > with this contents: > > > =C2=A0 =C2=A0# /etc/conf.d/sshd: config file for /etc/init.d/sshd > > =C2=A0 =C2=A0# Where is your sshd_config file stored? > > =C2=A0 =C2=A0SSHD_CONFDIR=3D"/etc/ssh" > > > =C2=A0 =C2=A0# Any random options you want to pass to sshd. > =C2=A0 =C2=A0# See the sshd(8) manpage for more info. > > =C2=A0 =C2=A0SSHD_OPTS=3D"" > > > =C2=A0 =C2=A0# Pid file to use (needs to be absolute path). > > =C2=A0 =C2=A0#SSHD_PIDFILE=3D"/var/run/sshd.pid" > > > =C2=A0 =C2=A0# Path to the sshd binary (needs to be absolute path). > > =C2=A0 =C2=A0#SSHD_BINARY=3D"/usr/sbin/sshd" > > > if /etc/ssh/sshd_config is for configuration of sshd's options...for > what purpose is /etc/conf.d/sshd then ? It's a Gentoo-ism. It's for the (highly unlikely) case of you having your sshd_config file in a directory different from /etc/ssh, and to pass other arguments to the sshd daemon. It's completely redundant and innecessary, but it was the way different distros dealed with the shortcomings of SysV (OpenRC, the Gentoo init systems, works on top of SysV). > And what files gets overwritten when installing a new version of sshd? All of them :D Of course they are overwritten with ._cfg000* backups, but anyway is ridiculous. As you say, the only config sshd would need to look for should be in /etc/ssh. With systemd, there is no need for a /etc/conf.d (or /etc/sysconfig) dir. Regards. --=20 Canek Pel=C3=A1ez Vald=C3=A9s Posgrado en Ciencia e Ingenier=C3=ADa de la Computaci=C3=B3n Universidad Nacional Aut=C3=B3noma de M=C3=A9xico