CVE-2018-6360

commit 78be8efdce64dbefe2ec3e8c7a255f2bce9fea96 from: Isabella date: Tue May 13 23:04:27 2025 UTC Remove a lot of junk-code and non-OpenBSD compatible code commit - 5e928dc3ed3f69caf83fcd799b82b55805e6a3e1 commit + 78be8efdce64dbefe2ec3e8c7a255f2bce9fea96 blob - 09651360590d575f8c95efb75a03dfff1b3b54fd (mode 644) blob + /dev/null --- .bash_profile +++ /dev/null @@ -1,7 +0,0 @@ -# -# ~/.bash_profile -# - -[[ -f ~/.bashrc ]] && . ~/.bashrc - -startx blob - 44fbcdb2f9f559325af64ac97a946577de812355 (mode 644) blob + /dev/null --- .bashrc +++ /dev/null @@ -1,37 +0,0 @@ -# _ _ -# | | | | -# | |__ __ _ ___| |__ _ __ ___ -# | '_ \ / _` / __| '_ \| '__/ __| -# _| |_) | (_| \__ \ | | | | | (__ -# (_)_.__/ \__,_|___/_| |_|_| \___| - -# REMINDER: Use ' for strings and " for programming. - -# Source global definitions -if [ -f /etc/bashrc ]; then - . /etc/bashrc -fi - -# Exports. -# root: PS1='\033[01;33m\]\h\033[00m\]:\033[01;34m\]\w\033[01;31m\]\$\033[00m\] ' -export PS1='\033[01;33m\]\h\033[00m\]:\033[01;34m\]\w\033[01;32m\]\$\033[00m\] ' -export EDITOR="/usr/bin/vim" -# export PATH="/folder/bin:$PATH" - -# Functions. -filesize () { - name=$1 - - if [[ -n "$name" ]]; then - ls -aGhl $name | awk -F " " {'print $4'} - stat -c%s $name - wc -c $name | awk -F " " {'print $1'} - - else - echo "Argument error!" - fi -} - -# Aliases. -alias emacs='emacs -nw' -alias ls='exa' blob - a9e738f075f962fa9ff71cbfd53402eb9728abd0 (mode 644) blob + /dev/null --- .zshrc +++ /dev/null @@ -1,45 +0,0 @@ -# _ -# | | -# _______| |__ _ __ ___ -# |_ / __| '_ \| '__/ __| -# _ / /\__ \ | | | | | (__ -# (_)___|___/_| |_|_| \___| - -# Lines configured by zsh-newuser-install -HISTFILE=~/.histfile -HISTSIZE=1000 -SAVEHIST=1000 -bindkey -e -# End of lines configured by zsh-newuser-install -# The following lines were added by compinstall -zstyle :compinstall filename '/home/matthew/.zshrc' - -autoload -Uz compinit -compinit -# End of lines added by compinstall - -# key bindings -bindkey "e[1~" beginning-of-line -bindkey "e[4~" end-of-line -bindkey "e[5~" beginning-of-history -bindkey "e[6~" end-of-history -bindkey "e[3~" delete-char -bindkey "e[2~" quoted-insert -bindkey "e[5C" forward-word -bindkey "eOc" emacs-forward-word -bindkey "e[5D" backward-word -bindkey "eOd" emacs-backward-word -bindkey "ee[C" forward-word -bindkey "ee[D" backward-word -bindkey "^H" backward-delete-word -# for rxvt -bindkey "e[8~" end-of-line -bindkey "e[7~" beginning-of-line -# for non RH/Debian xterm, can't hurt for RH/DEbian xterm -bindkey "eOH" beginning-of-line -bindkey "eOF" end-of-line -# for freebsd console -bindkey "e[H" beginning-of-line -bindkey "e[F" end-of-line -# completion in the middle of a line -bindkey '^i' expand-or-complete-prefix blob - 90c5cd763f55d57e2be642e7e94ef7ca84669418 (mode 644) blob + /dev/null --- Documentation/install/install_tmp.md +++ /dev/null @@ -1,126 +0,0 @@ -TODO: Convert to either HTML or Markdown and update. - -## Partitioning. - -Wipe hard drive. - -`wipefs -a /dev/sda` - -Add GPT partition table to hard drive. - -`fdisk /dev/sda` - 1. g - 2. w - -Partition disk. - -`cgdisk /dev/sda` - 1. 512 MiB - sda1 - 2. 512 MiB - sda2 - 3. Rest - sda3 - -Format partitions. - -`mkfs.fat -F32 /dev/sda1 -n 'efi'` -`mkfs.ext4 -jv /dev/sda2 -L 'boot'` - -Create and open LUKS encryption partition. - -`cryptsetup -v -c aes-xts-plain64 -s 512 -h sha512 -i 4000 --use-urandom -y luksFormat /dev/sda3` -`cryptsetup luksOpen /dev/sda3 crypt` - -Create LVM2 logical volumes and do a volume change sync. - -`pvcreate /dev/mapper/crypt` -`vgcreate vgroot /dev/mapper/crypt` -`lvcreate -L 8GiB -n swap vgroot` -`lvcreate -l100%FREE -n root vgroot` -`vgscan --mknodes` -`vgchange -ay` - -Format partitions of LVM2 logical partitions. - -`mkswap /dev/vgroot/swap -L 'swap'` -`mkfs.ext4 -jv /dev/vgroot/root -L 'root'` - -Mount partitions. - -`swapon /dev/vgroot/swap` -`mount /dev/vgroot/root /mnt` -`mkdir /mnt/boot` -`mount /dev/sda2 /mnt/boot` -`mkdir /mnt/boot/efi` -`mount /dev/sda1 /mnt/boot/efi` - -Install base packages to drive. - -`pacstrap /mnt base base-devel linux linux-firmware grub lvm2 emacs dhcpcd wpa_supplicant` - -Generate fstab to help bootloader and kernel auto-mount stuff. - -`genfstab -U /mnt >> /mnt/etc/fstab` - -Chroot into nearly created install. - -`arch-chroot /mnt` - -Configure timezone. - -`ln -sf /usr/share/zoneinfo/Europe/London /etc/localtime` - -Generate `/etc/adjtime`. - -`hwclock --systohc` - -Comment out `en_GB.UTF-8 UTF-8` in `/etc/locale.gen`. - -Run `locale-gen`. - -Change `/etc/locale.conf`. - -Add `LANG=en_GB.UTF-8` to `/etc/locale.conf`. - -Change `/etc/vconsole.conf`. - -Add `KEYMAP=uk` to `/etc/vconsole.conf`. - -Set hostname. - -Add a hostname to `/etc/hostname`. - -Add these lines into `/etc/hosts` (replacing `myhostname` with your hostname and `localdomain` with your local domain name). - -``` -127.0.0.1 localhost -::1 localhost -127.0.1.1 myhostname.localdomain myhostname -``` - -Edit `/etc/mkinitcpio.conf`. - -``` -Add 'ext4' to MODULES. -Add 'encrypt' and 'lvm2' to HOOKS before 'filesystems' -``` - -Generate initramfs. - -`mkinitcpio -P` - -Install GRUB. - -`grub-install --target=i386-pc --recheck /dev/sda` - -Edit `GRUB_CMDLINE_LINUX=""` to `GRUB_CMDLINE_LINUX="cryptdevice=/dev/sda3:luks:allow-discards"` in `/etc/defualt/grub`. - -Generate GRUB config. - -`grub-mkconfig -o /boot/grub/grub.cfg` - -Set a root password. - -`passwd` - -Enable dhcpcd. - -`systemctl enable dhcpcd` blob - baee2efac835aea1309f48dc2021f092d56c265d (mode 644) blob + /dev/null --- Documentation/kdenlive/1-profile.md +++ /dev/null @@ -1,38 +0,0 @@ -## WebM. - -#### Summary: Added 'frame_rate_num=60 frame_rate_den=1' to Parameters to change video from 25fps to 60fps. - -Group `Custom` - -Profile name `WebM - the widespread free format (VP8/Vorbis)` - -Extention `webm` - -Parameters (see [MLT documentation](https://www.mltframework.org/plugins/ConsumerAvformat/)) - - ``` - f=webm vcodec=libvpx acodec=libvorbis crf=%quality vb=0 quality=good aq=%audioquality max-intra-rate=1000 frame_rate_num=60 frame_rate_den=1 - ``` - -Video - - * Qualities `15,45` - - * Default quality `0` - -Audio - - * Qualities `7,3` - - * Default quality `0` - -Speed options - - ``` - cpu-used=2 - cpu-used=3 - cpu-used=4 - cpu-used=5 - ``` - -#### More [MLT documentation](https://www.mltframework.org/docs/profiles/) blob - 8e6a26ff7eefa3e3f569ab4f7d4d3af0888904a9 (mode 644) blob + /dev/null --- Documentation/kdenlive/2-stop.md +++ /dev/null @@ -1,19 +0,0 @@ -# Stop Kdenlive on Windows - -## How to stop all Kdenlive processes on Windows, thanks to Matthew Moore. - -### [Kill Script for Kdenlive - YouTube](https://www.youtube.com/watch?v=7nRe_48vgRs) - -Save as 'kdenlive_stop.bat': - -``` -@echo off -color f0 - -taskkill /IM "kioslave.exe" /T /F -taskkill /IM "kdenlive.exe" /T /F -taskkill /IM "dbus-daemon.exe" /T /F -wmic process where name='kdenlive.exe' delete -wmic process where name='kioslave.exe' delete -wmic process where name='dbus-daemon.exe' delete -``` blob - 9372df3ea6c7a1f8ca4ddd48b37f517279f80134 (mode 644) blob + /dev/null --- Documentation/partitioning/1-partitioning.md +++ /dev/null @@ -1,55 +0,0 @@ -# Partitioning. - -## EFI and boot filesystems. -EFI partition. - -`mkfs.vfat -F 32 /dev/sda1 -n 'efi'` - -Boot partition. - -`mkfs.ext4 -jv /dev/sda2 -L 'boot'` - -## cryptsetup. - -`cryptsetup -v -c aes-xts-plain64 -s 512 -h sha512 -i 4000 --use-urandom -y luksFormat /dev/sda3` - -(cryptsetup -v --cipher aes-xts-plain64 --key-size 512 --hash sha512 --iter-time 4000 --use-urandom --verify-passphrase luksFormat /dev/sda3) - -then - -`cryptsetup luksOpen /dev/sda3 crypt` - -to view cryptsetup header: `cryptsetup luksDump /dev/sda3` - -## LVM2. - -Create physical volume. - -`pvcreate /dev/mapper/crypt` - -Create volume group. - -`vgcreate vgroot /dev/mapper/crypt` - -Create logical volume partitions. - -``` -lvcreate -L 8GiB -n swap vgroot -lvcreate -L 40GiB -n root vgroot -lvcreate -l100%FREE -n home vgroot -``` - -Rescan LVM. - -``` -vgscan --mknodes -vgchange -ay -``` - -## Create filesystems. - -Swap: `mkswap /dev/vgroot/swap -L 'swap' && swapon /dev/vgroot/swap` - -Root: `mkfs.xfs -f /dev/vgroot/root -L 'root'` - -Home: `mkfs.xfs -f /dev/vgroot/home -L 'home'` blob - 226814c6b943535f09d131e4bd7eabfc45117c9a (mode 644) blob + /dev/null --- Documentation/partitioning/2-fstab.md +++ /dev/null @@ -1,59 +0,0 @@ -# Filesystems table. -## Location: /etc/fstab - -# EXT4 or XFS. -``` - - -UUID= /boot/efi vfat defaults,noatime 0 2 -UUID= /boot ext4 defaults,noatime 0 2 -UUID= / ext4 defaults,noatime 0 1 -UUID= none swap sw 0 0 - -/dev/cdrom /mnt/cdrom auto noauto,ro 0 0 -``` - -# BTRFS. -``` - - -UUID= /boot/efi vfat defaults,noatime 0 2 -UUID= /boot btrfs defaults,noatime,subvol=boot 0 2 -UUID= / btrfs defaults,compress=lzo,noatime,autodefrag,subvol=root 0 1 -UUID= none swap sw 0 0 - -/dev/cdrom /mnt/cdrom auto noauto,ro 0 0 -``` - -## Notes: -### Options. -`autodefrag` Specific to btrfs. Enable automatic file defragmentation. When enabled, small random writes into files (in a range of tens of kilobytes, currently it’s 64K) are detected and queued up for the defragmentation process. Not well suited for large database workloads. - -[Why autodefrag should still be enabled on SSDs.](https://www.spinics.net/lists/linux-btrfs/msg31028.html) - -`defaults` Use default options: rw, suid, dev, exec, auto, nouser, and async. - -`discard` Enables TRIM (for SSDs). - -`noauto` Does not automatically mount at boot. Can still be mounted via the `mount -a` command. - -`compress=lzo` Specific to btrfs. (See 'compression' below.) - -`sw` Specific to swap. - -## Pass (fsck). -The 6th column (in bold) is the fsck option. - - 0 = Do not check. - 1 = First file system (partition) to check; / (root partition) should be set to 1. - 2 = All other filesystems to be checked. - -## Compression. -### What are the differences between compression methods? -There's a speed/ratio trade-off: - - ZLIB -- slower, higher compression ratio (uses zlib level 3 setting, you can see the zlib level difference between 1 and 6 in zlib sources). - LZO -- faster compression and decompression than zlib, worse compression ratio, designed to be fast - ZSTD -- (since v4.14) compression comparable to zlib with higher compression/decompression speeds and different ratio levels (details) - -The differences depend on the actual data set and cannot be expressed by a single number or recommendation. Do your own benchmarks. LZO seems to give satisfying results for general use. blob - 4479b8394efb4b2e5201e8ef5ba40586ac77e2f3 (mode 644) blob + /dev/null --- Documentation/partitioning/3-mkinitcpio.md +++ /dev/null @@ -1,79 +0,0 @@ -# mkinitcpio.conf - -## Location: `/etc/mkinitcpio.conf`. - -## Example mkinitcpio config (for LVM2 + LUKS encryption). -``` -# vim:set ft=sh -# MODULES -# The following modules are loaded before any boot hooks are -# run. Advanced users may wish to specify all system modules -# in this array. For instance: -# MODULES=(piix ide_disk reiserfs) -MODULES=(ext4 ext2) - -# BINARIES -# This setting includes any additional binaries a given user may -# wish into the CPIO image. This is run last, so it may be used to -# override the actual binaries included by a given hook -# BINARIES are dependency parsed, so you may safely ignore libraries -BINARIES=() - -# FILES -# This setting is similar to BINARIES above, however, files are added -# as-is and are not parsed in any way. This is useful for config files. -FILES=() - -# HOOKS -# This is the most important setting in this file. The HOOKS control the -# modules and scripts added to the image, and what happens at boot time. -# Order is important, and it is recommended that you do not change the -# order in which HOOKS are added. Run 'mkinitcpio -H ' for -# help on a given hook. -# 'base' is _required_ unless you know precisely what you are doing. -# 'udev' is _required_ in order to automatically load modules -# 'filesystems' is _required_ unless you specify your fs modules in MODULES -# Examples: -## This setup specifies all modules in the MODULES setting above. -## No raid, lvm2, or encrypted root is needed. -# HOOKS=(base) -# -## This setup will autodetect all modules for your system and should -## work as a sane default -# HOOKS=(base udev autodetect block filesystems) -# -## This setup will generate a 'full' image which supports most systems. -## No autodetection is done. -# HOOKS=(base udev block filesystems) -# -## This setup assembles a pata mdadm array with an encrypted root FS. -## Note: See 'mkinitcpio -H mdadm' for more information on raid devices. -# HOOKS=(base udev block mdadm encrypt filesystems) -# -## This setup loads an lvm2 volume group on a usb device. -# HOOKS=(base udev block lvm2 filesystems) -# -## NOTE: If you have /usr on a separate partition, you MUST include the -# usr, fsck and shutdown hooks. -HOOKS=(base udev autodetect modconf block encrypt lvm2 filesystems keyboard fsck) - -# COMPRESSION -# Use this to compress the initramfs image. By default, gzip compression -# is used. Use 'cat' to create an uncompressed image. -#COMPRESSION="gzip" -#COMPRESSION="bzip2" -#COMPRESSION="lzma" -#COMPRESSION="xz" -#COMPRESSION="lzop" -#COMPRESSION="lz4" - -# COMPRESSION_OPTIONS -# Additional options for the compressor -#COMPRESSION_OPTIONS=() -``` - -### NOTE: - -`ext4` and `ext2` are added onto `MODULES()`. - -`encrypt` and `lvm2` are addded onto `HOOKS=()`. blob - 320eb6707aba01ac3e40d9f761a03c7f36fc019f (mode 644) blob + /dev/null --- Documentation/partitioning/4-grub.md +++ /dev/null @@ -1,68 +0,0 @@ -# GNU GRand Unified Bootloader. -### (GRUB.) - -## Location: `/etc/default/grub`. - -## Example default grub config (for LVM2 + LUKS encryption). -``` -# GRUB boot loader configuration - -GRUB_DEFAULT=0 -GRUB_TIMEOUT=5 -GRUB_DISTRIBUTOR="Gentoo" -GRUB_CMDLINE_LINUX_DEFAULT="quiet" -GRUB_CMDLINE_LINUX="root=/dev/mapper/vg01-root cryptdevice=/dev/sda3:crypt" - -# Preload both GPT and MBR modules so that they are not missed -GRUB_PRELOAD_MODULES="part_gpt part_msdos" - -# Uncomment to enable booting from LUKS encrypted devices -GRUB_ENABLE_CRYPTODISK=y - -# Uncomment to enable Hidden Menu, and optionally hide the timeout count -#GRUB_HIDDEN_TIMEOUT=5 -#GRUB_HIDDEN_TIMEOUT_QUIET=true - -# Uncomment to use basic console -GRUB_TERMINAL_INPUT=console - -# Uncomment to disable graphical terminal -#GRUB_TERMINAL_OUTPUT=console - -# The resolution used on graphical terminal -# note that you can use only modes which your graphic card supports via VBE -# you can see them in real GRUB with the command `vbeinfo' -GRUB_GFXMODE=auto - -# Uncomment to allow the kernel use the same resolution used by grub -GRUB_GFXPAYLOAD_LINUX=keep - -# Uncomment if you want GRUB to pass to the Linux kernel the old parameter -# format "root=/dev/xxx" instead of "root=/dev/disk/by-uuid/xxx" -#GRUB_DISABLE_LINUX_UUID=true - -# Uncomment to disable generation of recovery mode menu entries -GRUB_DISABLE_RECOVERY=true - -# Uncomment and set to the desired menu colors. Used by normal and wallpaper -# modes only. Entries specified as foreground/background. -#GRUB_COLOR_NORMAL="light-blue/black" -#GRUB_COLOR_HIGHLIGHT="light-cyan/blue" - -# Uncomment one of them for the gfx desired, a image background or a gfxtheme -#GRUB_BACKGROUND="/path/to/wallpaper" -#GRUB_THEME="/path/to/gfxtheme" - -# Uncomment to get a beep at GRUB start -#GRUB_INIT_TUNE="480 440 1" - -# Uncomment to make GRUB remember the last selection. This requires to -# set 'GRUB_DEFAULT=saved' above. -#GRUB_SAVEDEFAULT="true" -``` - -### NOTE: - -`root=/dev/mapper/vg01-root cryptdevice=/dev/sda3:crypt` is added to `GRUB_CMDLINE_LINUX=""`. - -`#GRUB_ENABLE_CRYPTODISK=y` has been uncommented to `GRUB_ENABLE_CRYPTODISK=y`. blob - 6da7e0d1d0e754d8da3d487182d8aca42816fa1e (mode 644) blob + /dev/null --- Documentation/partitioning/readme.md +++ /dev/null @@ -1,7 +0,0 @@ -## This subdirectory will teach you some advanced techniques when it comes to partitioning during manual Linux installation. - -### Links to online guides: - -[Gentoo guide](https://wiki.gentoo.org/wiki/Dm-crypt_full_disk_encryption) - -[Gentoo guide (simplified)](https://wiki.gentoo.org/wiki/Full_Disk_Encryption_From_Scratch_Simplified) blob - bb380532f9b24a71b8a111a47128250ede993f01 (mode 644) blob + /dev/null --- Documentation/readme.md +++ /dev/null @@ -1,19 +0,0 @@ -# This directory contains documentation written in Markdown. - -## Contents: - -### partitioning/1-partitioning.md - -How to setup partitions for LVM2 + LUKS properly (imo). - -### partitioning/2-fstab.md - -Example fstab. - -### partitioning/3-mkinitcpio.md - -Example mkinitcpio config. - -### partitioning/4-grub.md - -Example default grub config. blob - 9dc61b59d5153554d56c102b41df374508fe9926 (mode 644) blob + /dev/null --- Security/CVE-2018-6360/compile.sh +++ /dev/null @@ -1,3 +0,0 @@ -#!/bin/bash - -gcc -shared -o libexploit.so -fPIC exploit.c blob - b4736620720d4684aeac6306b27907d4297409e7 (mode 644) blob + /dev/null --- Security/CVE-2018-6360/exploit.c +++ /dev/null @@ -1,10 +0,0 @@ -#include - -int main(void) { - /* Add code you want, here. - Does not have root permissions, - unless launched as root. */ - printf("Exploit worked!"); - - return 0; -} blob - 82d378fb1bb0d9cff969f42b5d3707230e0b1021 (mode 644) blob + /dev/null --- Security/CVE-2018-6360/readme.md +++ /dev/null @@ -1,18 +0,0 @@ -# CVE-2018-6360 - -## CVEs. - -[MITRE](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6360) - -[CVE Details](https://www.cvedetails.com/cve-details.php?t=1&cve_id=CVE-2018-6360) - -## Details. - -mpv through 0.28.0 allows remote attackers to execute arbitrary code via a crafted web site, because it reads HTML documents containing VIDEO elements, and accepts arbitrary URLs in a src attribute without a protocol whitelist in player/lua/ytdl_hook.lua. For example, an av://lavfi:ladspa=file= URL signifies that the product should call dlopen on a shared object file located at an arbitrary local pathname. The issue exists because the product does not consider that youtube-dl can provide a potentially unsafe URL. - -`av://lavfi:ladspa=file= URL` - -## Discussion. -[Discussion](https://github.com/mpv-player/mpv/issues/5456) -## Fix. -[Fix](https://github.com/mpv-player/mpv/commit/e6e6b0dcc7e9b0dbf35154a179b3dc1fcfcaff43) blob - b098a20e05c688fe1cc0488b908bf921fa94e035 (mode 644) blob + /dev/null --- Security/CVE-2018-6360/url.htm +++ /dev/null @@ -1,11 +0,0 @@ - - - - - CVE-2018-6360 - - - -

Redirect

- - blob - d38145cf1a9df42735cb1a6cd9711d2b51d5133a (mode 644) blob + /dev/null --- Security/CVE-2018-6791/exploit1.sh +++ /dev/null @@ -1,3 +0,0 @@ -#!/bin/bash - -mkfs.vfat -F 32 /dev/sdb1 -L '`touch hello`' blob - 691c213f099ecc2846a428f38b5352fa9ff4120b (mode 644) blob + /dev/null --- Security/CVE-2018-6791/exploit2.sh +++ /dev/null @@ -1,3 +0,0 @@ -#!/bin/bash - -mkfs.vfat -F 32 /dev/sdb1 -L '$(touch hello)' blob - b5a09f03fa30ee521ecbe6bfc08122225f8f3025 (mode 644) blob + /dev/null --- Security/CVE-2018-6791/readme.md +++ /dev/null @@ -1,47 +0,0 @@ -# CVE-2018-6791 - -## CVEs. - -[KDE](https://www.kde.org/info/security/advisory-20180208-2.txt) - -[MITRE](https://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-6791) - -[CVE Details](https://www.cvedetails.com/cve/CVE-2018-6791/) - -## Details. - -KDE Project Security Advisory -============================= - -Title: Plasma Desktop: Arbitrary command execution in the removable device notifier -Risk Rating: High -CVE: CVE-2018-6791 -Versions: Plasma < 5.12.0 -Date: 8 February 2018 - - -Overview -======== -When a vfat thumbdrive which contains `` or $() in its volume label is plugged -and mounted trough the device notifier, it's interpreted as a shell command, -leaving a possibility of arbitrary commands execution. an example of offending -volume label is "$(touch b)" which will create a file called b in the -home folder. - -Workaround -========== -Mount removable devices with Dolphin instead of the device notifier. - -Solution -======== -Update to Plasma >= 5.12.0 or Plasma >= 5.8.9 - -Or apply the following patches: -Plasma 5.8: - https://commits.kde.org/plasma-workspace/9db872df82c258315c6ebad800af59e81ffb9212 -Plasma 5.9/5.10/5.11: - https://commits.kde.org/plasma-workspace/f32002ce50edc3891f1fa41173132c820b917d57 - -Credits -======= -Thanks to ksieluzyckih for the report and to Marco Martin for the fix. blob - 420512786b4eda28635e62c482b03c355f1a25ec (mode 644) blob + /dev/null --- Security/firewalld/services/ssh.xml +++ /dev/null @@ -1,6 +0,0 @@ - - - SSH - Secure Shell (SSH) is a protocol for logging into and executing commands on remote machines. It provides secure encrypted communications. If you plan on accessing your machine remotely via SSH over a firewalled interface, enable this option. You need the openssh-server package installed for this option to be useful. - - blob - 64417dec87bbe66f3a6ec9f01369eca98a417e83 (mode 644) blob + /dev/null --- Security/firewalld/zones/openSUSE-Server.xml +++ /dev/null @@ -1,12 +0,0 @@ - - - - openSUSE-Server - For use as an openSUSE-Server. - - - - - blob - 252d17de550ebdd5dd8a17385f13e0f5fcdcaf75 (mode 644) blob + /dev/null --- Security/firewalld.sh +++ /dev/null @@ -1,11 +0,0 @@ -#!/bin/bash - -systemctl enable firewalld -systemctl start firewalld -systemctl restart firewalld - -firewall-cmd --complete-reload -firewall-cmd --set-default-zone=openSUSE-Server -firewall-cmd --complete-reload - -systemctl restart firewalld blob - a12ae003a84d34d069187547fccea0deb85fdbef (mode 644) blob + /dev/null --- Security/pf.conf +++ /dev/null @@ -1,45 +0,0 @@ -# With help from: 'http://srobb.net/pf.html' and 'https://www.purplehat.org/?page_id=566' - -ext_if="vmx0" -#int_if="int0" - -# TCP. -# 22 - SSH -# 25 - SMTP -# 80 - HTTP -# 110 - POP3 -# 123 - NTP -# 443 - HTTPS -# UDP. -# 110 - POP3 -# 631 - IPP - -#Logging. -pflog_enable="YES" -pflog_logfile="/var/log/pf.log" - -tcp_pass = "{ 22 25 80 110 123 443 }" -udp_pass = "{ 110 631 }" - -# Black holes. -table persist - -icmp_types = "echoreq" -allproto = "{ tcp, udp, ipv6, icmp, esp, ipencap }" -privnets = "{ 127.0.0.0/8, 192.168.0.0/16, 172.16.0.0/12, 10.0.0.0/8 }" - -set loginterface $ext_if - -# Normalizes packets and masks the OS's shortcomings such as SYN/FIN packets -# [scrub reassemble tcp](BID 10183) and sequence number approximation -# bugs (BID 7487). -scrub in on $ext_if no-df random-id - -# Block all input before processing rules. -block in - -pass in log on $ext_if proto icmp to ($ext_if) keep state (max-src-conn 80, max-src-conn-rate 200/5, overload flush) -pass in log on $ext_if proto tcp to ($ext_if) port $tcp_pass flags S/SA keep state (max-src-conn 80, max-src-conn-rate 200/5, overload flush - -# Anchor for fail2ban -anchor "f2b/*" blob - 511e647a4af1a0aafac305cc5a58bbb54def1481 (mode 644) blob + /dev/null --- xorg.conf +++ /dev/null @@ -1,59 +0,0 @@ -Section "ServerLayout" - Identifier "Layout0" - Screen 0 "Screen0" 0 0 - InputDevice "Keyboard0" "CoreKeyboard" - InputDevice "Mouse0" "CorePointer" - Option "Xinerama" "0" -EndSection - -Section "Files" -EndSection - -Section "InputDevice" - # generated from data in "/etc/sysconfig/mouse" - Identifier "Mouse0" - Driver "mouse" - Option "Protocol" "IMPS/2" - Option "Device" "/dev/input/mice" - Option "Emulate3Buttons" "yes" - Option "ZAxisMapping" "4 5" -EndSection - -Section "InputDevice" - # generated from default - Identifier "Keyboard0" - Driver "kbd" -EndSection - -Section "Monitor" - # HorizSync source: builtin, VertRefresh source: builtin - Identifier "Monitor0" - VendorName "Unknown" - ModelName "CRT-0" - HorizSync 28.0 - 55.0 - VertRefresh 43.0 - 72.0 - Option "DPMS" -EndSection - -Section "Device" - Identifier "Device0" - Driver "nvidia" - VendorName "NVIDIA Corporation" - BoardName "GeForce GTX 970" -EndSection - -Section "Screen" - Identifier "Screen0" - Device "Device0" - Monitor "Monitor0" - DefaultDepth 24 - Option "Stereo" "0" - Option "nvidiaXineramaInfoOrder" "DFP-4" - Option "metamodes" "DVI-I-0: 1368x768_60 +0+312 { ForceCompositionPipeline = On }, DVI-D-0: 1920x1080_60 +1368+0 { ForceCompositionPipeline = On }" - Option "SLI" "Off" - Option "MultiGPU" "Off" - Option "BaseMosaic" "off" - SubSection "Display" - Depth 24 - EndSubSection -EndSection