From 0dd4884522d3593c8ba52309a8202d7fdc3e72e1 Mon Sep 17 00:00:00 2001 From: Matthias Blankertz Date: Sat, 5 Apr 2014 15:21:55 +0200 Subject: [PATCH] Buildroot-based VPN server --- .gitmodules | 4 + build.sh | 6 + buildroot | 1 + buildroot.config | 41 + busybox-1.22.1.panda.config | 1034 ++++++++++++++++++++++++++ fakeroot.fs | 7 + linux-3.12.16.config | 299 ++++++++ openvpn-test/ca.crt | 29 + openvpn-test/client.conf | 123 +++ overlay/etc/firewall.sh | 118 +++ overlay/etc/group | 29 + overlay/etc/init.d/S41firewall | 3 + overlay/etc/login.defs | 1 + overlay/etc/network/interfaces | 9 + overlay/etc/openvpn/ca.crt | 29 + overlay/etc/openvpn/dh2048.pem | 8 + overlay/etc/openvpn/panda.crt | 98 +++ overlay/etc/openvpn/panda.key | 28 + overlay/etc/openvpn/vpn.conf | 299 ++++++++ overlay/etc/passwd | 18 + overlay/etc/shadow | 15 + overlay/etc/ssh_host_dsa_key | 12 + overlay/etc/ssh_host_dsa_key.pub | 1 + overlay/etc/ssh_host_ecdsa_key | 5 + overlay/etc/ssh_host_ecdsa_key.pub | 1 + overlay/etc/ssh_host_ed25519_key | 7 + overlay/etc/ssh_host_ed25519_key.pub | 1 + overlay/etc/ssh_host_key | Bin 0 -> 976 bytes overlay/etc/ssh_host_key.pub | 1 + overlay/etc/ssh_host_rsa_key | 27 + overlay/etc/ssh_host_rsa_key.pub | 1 + overlay/etc/sudoers | 90 +++ overlay/home/matthias/.nodelete | 0 overlay/home/pan/.nodelete | 0 qemu.sh | 3 + uClibc-0.9.33.panda.config | 273 +++++++ 36 files changed, 2621 insertions(+) create mode 100644 .gitmodules create mode 100755 build.sh create mode 160000 buildroot create mode 100644 buildroot.config create mode 100644 busybox-1.22.1.panda.config create mode 100644 fakeroot.fs create mode 100644 linux-3.12.16.config create mode 100644 openvpn-test/ca.crt create mode 100644 openvpn-test/client.conf create mode 100755 overlay/etc/firewall.sh create mode 100644 overlay/etc/group create mode 100755 overlay/etc/init.d/S41firewall create mode 100644 overlay/etc/login.defs create mode 100644 overlay/etc/network/interfaces create mode 100644 overlay/etc/openvpn/ca.crt create mode 100644 overlay/etc/openvpn/dh2048.pem create mode 100644 overlay/etc/openvpn/panda.crt create mode 100644 overlay/etc/openvpn/panda.key create mode 100644 overlay/etc/openvpn/vpn.conf create mode 100644 overlay/etc/passwd create mode 100644 overlay/etc/shadow create mode 100644 overlay/etc/ssh_host_dsa_key create mode 100644 overlay/etc/ssh_host_dsa_key.pub create mode 100644 overlay/etc/ssh_host_ecdsa_key create mode 100644 overlay/etc/ssh_host_ecdsa_key.pub create mode 100644 overlay/etc/ssh_host_ed25519_key create mode 100644 overlay/etc/ssh_host_ed25519_key.pub create mode 100644 overlay/etc/ssh_host_key create mode 100644 overlay/etc/ssh_host_key.pub create mode 100644 overlay/etc/ssh_host_rsa_key create mode 100644 overlay/etc/ssh_host_rsa_key.pub create mode 100644 overlay/etc/sudoers create mode 100644 overlay/home/matthias/.nodelete create mode 100644 overlay/home/pan/.nodelete create mode 100755 qemu.sh create mode 100644 uClibc-0.9.33.panda.config diff --git a/.gitmodules b/.gitmodules new file mode 100644 index 0000000..f017598 --- /dev/null +++ b/.gitmodules @@ -0,0 +1,4 @@ +[submodule "buildroot"] + path = buildroot + url = http://blankertz.org/~matthias/git/buildroot.git + branch = 2014.02_panda diff --git a/build.sh b/build.sh new file mode 100755 index 0000000..77f84c3 --- /dev/null +++ b/build.sh @@ -0,0 +1,6 @@ +#!/bin/sh +( + cd buildroot + BR2_DEFCONFIG=../buildroot.config make defconfig && + make +) diff --git a/buildroot b/buildroot new file mode 160000 index 0000000..a28022d --- /dev/null +++ b/buildroot @@ -0,0 +1 @@ +Subproject commit a28022dbe666298463edb1a3fbe06a6ba64bc231 diff --git a/buildroot.config b/buildroot.config new file mode 100644 index 0000000..1c54e1f --- /dev/null +++ b/buildroot.config @@ -0,0 +1,41 @@ +BR2_x86_athlon_4=y +BR2_KERNEL_HEADERS_VERSION=y +BR2_DEFAULT_KERNEL_VERSION="3.12.16" +BR2_UCLIBC_CONFIG="$(TOPDIR)/../uClibc-0.9.33.panda.config" +BR2_TOOLCHAIN_BUILDROOT_LARGEFILE=y +BR2_TOOLCHAIN_BUILDROOT_INET_IPV6=y +BR2_TOOLCHAIN_BUILDROOT_LOCALE=y +BR2_TOOLCHAIN_BUILDROOT_USE_SSP=y +BR2_BINUTILS_VERSION_2_24=y +BR2_GCC_VERSION_4_8_X=y +BR2_TOOLCHAIN_BUILDROOT_CXX=y +BR2_GENERATE_LOCALE="en_US.UTF-8 de_DE.UTF-8" +BR2_TARGET_GENERIC_HOSTNAME="panda" +BR2_TARGET_GENERIC_PASSWD_SHA256=y +BR2_ROOTFS_DEVICE_CREATION_DYNAMIC_MDEV=y +BR2_ROOTFS_OVERLAY="$(TOPDIR)/../overlay" +BR2_ROOTFS_CUSTOM_FAKEROOT="$(TOPDIR)/../fakeroot.fs" +BR2_LINUX_KERNEL=y +BR2_LINUX_KERNEL_CUSTOM_VERSION=y +BR2_LINUX_KERNEL_CUSTOM_VERSION_VALUE="3.12.16" +BR2_LINUX_KERNEL_USE_CUSTOM_CONFIG=y +BR2_LINUX_KERNEL_CUSTOM_CONFIG_FILE="$(TOPDIR)/../linux-3.12.16.config" +BR2_LINUX_KERNEL_INSTALL_TARGET=y +BR2_PACKAGE_BUSYBOX_SHOW_OTHERS=y +BR2_PACKAGE_XZ=y +BR2_PACKAGE_DOSFSTOOLS=y +BR2_PACKAGE_LINUX_FIRMWARE=y +BR2_PACKAGE_CA_CERTIFICATES=y +BR2_PACKAGE_DHCPCD=y +BR2_PACKAGE_IPROUTE2=y +BR2_PACKAGE_IPTABLES=y +BR2_PACKAGE_IPUTILS=y +BR2_PACKAGE_OPENSSH=y +BR2_PACKAGE_OPENVPN=y +BR2_PACKAGE_BASH=y +BR2_PACKAGE_SUDO=y +BR2_TARGET_ROOTFS_CPIO=y +BR2_TARGET_ROOTFS_CPIO_XZ=y +BR2_TARGET_SYSLINUX=y +# BR2_TARGET_SYSLINUX_ISOLINUX is not set +# BR2_TARGET_SYSLINUX_PXELINUX is not set diff --git a/busybox-1.22.1.panda.config b/busybox-1.22.1.panda.config new file mode 100644 index 0000000..0270510 --- /dev/null +++ b/busybox-1.22.1.panda.config @@ -0,0 +1,1034 @@ +# +# Automatically generated make config: don't edit +# Busybox version: 1.22.1 +# Sat Apr 5 13:33:39 2014 +# +CONFIG_HAVE_DOT_CONFIG=y + +# +# Busybox Settings +# + +# +# General Configuration +# +CONFIG_DESKTOP=y +# CONFIG_EXTRA_COMPAT is not set +CONFIG_INCLUDE_SUSv2=y +# CONFIG_USE_PORTABLE_CODE is not set +CONFIG_PLATFORM_LINUX=y +CONFIG_FEATURE_BUFFERS_USE_MALLOC=y +# CONFIG_FEATURE_BUFFERS_GO_ON_STACK is not set +# CONFIG_FEATURE_BUFFERS_GO_IN_BSS is not set +CONFIG_SHOW_USAGE=y +CONFIG_FEATURE_VERBOSE_USAGE=y +# CONFIG_FEATURE_COMPRESS_USAGE is not set +CONFIG_FEATURE_INSTALLER=y +# CONFIG_INSTALL_NO_USR is not set +# CONFIG_LOCALE_SUPPORT is not set +# CONFIG_UNICODE_SUPPORT is not set +# CONFIG_UNICODE_USING_LOCALE is not set +# CONFIG_FEATURE_CHECK_UNICODE_IN_ENV is not set +CONFIG_SUBST_WCHAR=0 +CONFIG_LAST_SUPPORTED_WCHAR=0 +# CONFIG_UNICODE_COMBINING_WCHARS is not set +# CONFIG_UNICODE_WIDE_WCHARS is not set +# CONFIG_UNICODE_BIDI_SUPPORT is not set +# CONFIG_UNICODE_NEUTRAL_TABLE is not set +# CONFIG_UNICODE_PRESERVE_BROKEN is not set +CONFIG_LONG_OPTS=y +CONFIG_FEATURE_DEVPTS=y +CONFIG_FEATURE_CLEAN_UP=y +CONFIG_FEATURE_UTMP=y +CONFIG_FEATURE_WTMP=y +# CONFIG_FEATURE_PIDFILE is not set +CONFIG_PID_FILE_PATH="" +CONFIG_FEATURE_SUID=y +# CONFIG_FEATURE_SUID_CONFIG is not set +# CONFIG_FEATURE_SUID_CONFIG_QUIET is not set +# CONFIG_SELINUX is not set +# CONFIG_FEATURE_PREFER_APPLETS is not set +CONFIG_BUSYBOX_EXEC_PATH="/proc/self/exe" +CONFIG_FEATURE_SYSLOG=y +# CONFIG_FEATURE_HAVE_RPC is not set + +# +# Build Options +# +# CONFIG_STATIC is not set +# CONFIG_PIE is not set +# CONFIG_NOMMU is not set +# CONFIG_BUILD_LIBBUSYBOX is not set +# CONFIG_FEATURE_INDIVIDUAL is not set +# CONFIG_FEATURE_SHARED_BUSYBOX is not set +CONFIG_LFS=y +CONFIG_CROSS_COMPILER_PREFIX="" +CONFIG_SYSROOT="" +CONFIG_EXTRA_CFLAGS="" +CONFIG_EXTRA_LDFLAGS="" +CONFIG_EXTRA_LDLIBS="" + +# +# Debugging Options +# +# CONFIG_DEBUG is not set +# CONFIG_DEBUG_PESSIMIZE is not set +# CONFIG_WERROR is not set +CONFIG_NO_DEBUG_LIB=y +# CONFIG_DMALLOC is not set +# CONFIG_EFENCE is not set + +# +# Installation Options ("make install" behavior) +# +CONFIG_INSTALL_APPLET_SYMLINKS=y +# CONFIG_INSTALL_APPLET_HARDLINKS is not set +# CONFIG_INSTALL_APPLET_SCRIPT_WRAPPERS is not set +# CONFIG_INSTALL_APPLET_DONT is not set +# CONFIG_INSTALL_SH_APPLET_SYMLINK is not set +# CONFIG_INSTALL_SH_APPLET_HARDLINK is not set +# CONFIG_INSTALL_SH_APPLET_SCRIPT_WRAPPER is not set +CONFIG_PREFIX="./_install" + +# +# Busybox Library Tuning +# +# CONFIG_FEATURE_SYSTEMD is not set +CONFIG_FEATURE_RTMINMAX=y +CONFIG_PASSWORD_MINLEN=6 +CONFIG_MD5_SMALL=1 +CONFIG_SHA3_SMALL=1 +# CONFIG_FEATURE_FAST_TOP is not set +# CONFIG_FEATURE_ETC_NETWORKS is not set +CONFIG_FEATURE_USE_TERMIOS=y +CONFIG_FEATURE_EDITING=y +CONFIG_FEATURE_EDITING_MAX_LEN=1024 +CONFIG_FEATURE_EDITING_VI=y +CONFIG_FEATURE_EDITING_HISTORY=999 +CONFIG_FEATURE_EDITING_SAVEHISTORY=y +# CONFIG_FEATURE_EDITING_SAVE_ON_EXIT is not set +CONFIG_FEATURE_REVERSE_SEARCH=y +CONFIG_FEATURE_TAB_COMPLETION=y +# CONFIG_FEATURE_USERNAME_COMPLETION is not set +CONFIG_FEATURE_EDITING_FANCY_PROMPT=y +# CONFIG_FEATURE_EDITING_ASK_TERMINAL is not set +CONFIG_FEATURE_NON_POSIX_CP=y +# CONFIG_FEATURE_VERBOSE_CP_MESSAGE is not set +CONFIG_FEATURE_COPYBUF_KB=4 +CONFIG_FEATURE_SKIP_ROOTFS=y +CONFIG_MONOTONIC_SYSCALL=y +CONFIG_IOCTL_HEX2STR_ERROR=y +CONFIG_FEATURE_HWIB=y + +# +# Applets +# + +# +# Archival Utilities +# +# CONFIG_FEATURE_SEAMLESS_XZ is not set +# CONFIG_FEATURE_SEAMLESS_LZMA is not set +# CONFIG_FEATURE_SEAMLESS_BZ2 is not set +# CONFIG_FEATURE_SEAMLESS_GZ is not set +# CONFIG_FEATURE_SEAMLESS_Z is not set +CONFIG_AR=y +# CONFIG_FEATURE_AR_LONG_FILENAMES is not set +CONFIG_FEATURE_AR_CREATE=y +# CONFIG_UNCOMPRESS is not set +CONFIG_GUNZIP=y +CONFIG_BUNZIP2=y +CONFIG_UNLZMA=y +# CONFIG_FEATURE_LZMA_FAST is not set +CONFIG_LZMA=y +CONFIG_UNXZ=y +CONFIG_XZ=y +# CONFIG_BZIP2 is not set +CONFIG_CPIO=y +# CONFIG_FEATURE_CPIO_O is not set +# CONFIG_FEATURE_CPIO_P is not set +# CONFIG_DPKG is not set +# CONFIG_DPKG_DEB is not set +# CONFIG_FEATURE_DPKG_DEB_EXTRACT_ONLY is not set +CONFIG_GZIP=y +# CONFIG_FEATURE_GZIP_LONG_OPTIONS is not set +CONFIG_GZIP_FAST=0 +# CONFIG_LZOP is not set +# CONFIG_LZOP_COMPR_HIGH is not set +# CONFIG_RPM2CPIO is not set +# CONFIG_RPM is not set +CONFIG_TAR=y +CONFIG_FEATURE_TAR_CREATE=y +# CONFIG_FEATURE_TAR_AUTODETECT is not set +CONFIG_FEATURE_TAR_FROM=y +# CONFIG_FEATURE_TAR_OLDGNU_COMPATIBILITY is not set +# CONFIG_FEATURE_TAR_OLDSUN_COMPATIBILITY is not set +CONFIG_FEATURE_TAR_GNU_EXTENSIONS=y +CONFIG_FEATURE_TAR_LONG_OPTIONS=y +CONFIG_FEATURE_TAR_TO_COMMAND=y +# CONFIG_FEATURE_TAR_UNAME_GNAME is not set +# CONFIG_FEATURE_TAR_NOPRESERVE_TIME is not set +# CONFIG_FEATURE_TAR_SELINUX is not set +CONFIG_UNZIP=y + +# +# Coreutils +# +CONFIG_BASENAME=y +CONFIG_CAT=y +CONFIG_DATE=y +CONFIG_FEATURE_DATE_ISOFMT=y +# CONFIG_FEATURE_DATE_NANO is not set +CONFIG_FEATURE_DATE_COMPAT=y +CONFIG_HOSTID=y +CONFIG_ID=y +# CONFIG_GROUPS is not set +CONFIG_TEST=y +CONFIG_FEATURE_TEST_64=y +CONFIG_TOUCH=y +# CONFIG_FEATURE_TOUCH_NODEREF is not set +CONFIG_FEATURE_TOUCH_SUSV3=y +CONFIG_TR=y +CONFIG_FEATURE_TR_CLASSES=y +CONFIG_FEATURE_TR_EQUIV=y +# CONFIG_BASE64 is not set +CONFIG_WHO=y +# CONFIG_USERS is not set +# CONFIG_CAL is not set +CONFIG_CATV=y +CONFIG_CHGRP=y +CONFIG_CHMOD=y +CONFIG_CHOWN=y +# CONFIG_FEATURE_CHOWN_LONG_OPTIONS is not set +CONFIG_CHROOT=y +CONFIG_CKSUM=y +# CONFIG_COMM is not set +CONFIG_CP=y +# CONFIG_FEATURE_CP_LONG_OPTIONS is not set +CONFIG_CUT=y +CONFIG_DD=y +CONFIG_FEATURE_DD_SIGNAL_HANDLING=y +# CONFIG_FEATURE_DD_THIRD_STATUS_LINE is not set +CONFIG_FEATURE_DD_IBS_OBS=y +CONFIG_DF=y +# CONFIG_FEATURE_DF_FANCY is not set +CONFIG_DIRNAME=y +CONFIG_DOS2UNIX=y +CONFIG_UNIX2DOS=y +CONFIG_DU=y +CONFIG_FEATURE_DU_DEFAULT_BLOCKSIZE_1K=y +CONFIG_ECHO=y +CONFIG_FEATURE_FANCY_ECHO=y +CONFIG_ENV=y +# CONFIG_FEATURE_ENV_LONG_OPTIONS is not set +# CONFIG_EXPAND is not set +# CONFIG_FEATURE_EXPAND_LONG_OPTIONS is not set +CONFIG_EXPR=y +CONFIG_EXPR_MATH_SUPPORT_64=y +CONFIG_FALSE=y +CONFIG_FOLD=y +# CONFIG_FSYNC is not set +CONFIG_HEAD=y +CONFIG_FEATURE_FANCY_HEAD=y +CONFIG_INSTALL=y +CONFIG_FEATURE_INSTALL_LONG_OPTIONS=y +CONFIG_LN=y +CONFIG_LOGNAME=y +CONFIG_LS=y +CONFIG_FEATURE_LS_FILETYPES=y +CONFIG_FEATURE_LS_FOLLOWLINKS=y +CONFIG_FEATURE_LS_RECURSIVE=y +CONFIG_FEATURE_LS_SORTFILES=y +CONFIG_FEATURE_LS_TIMESTAMPS=y +CONFIG_FEATURE_LS_USERNAME=y +CONFIG_FEATURE_LS_COLOR=y +CONFIG_FEATURE_LS_COLOR_IS_DEFAULT=y +CONFIG_MD5SUM=y +CONFIG_MKDIR=y +CONFIG_FEATURE_MKDIR_LONG_OPTIONS=y +CONFIG_MKFIFO=y +CONFIG_MKNOD=y +CONFIG_MV=y +CONFIG_FEATURE_MV_LONG_OPTIONS=y +CONFIG_NICE=y +CONFIG_NOHUP=y +CONFIG_OD=y +CONFIG_PRINTENV=y +CONFIG_PRINTF=y +CONFIG_PWD=y +CONFIG_READLINK=y +CONFIG_FEATURE_READLINK_FOLLOW=y +CONFIG_REALPATH=y +CONFIG_RM=y +CONFIG_RMDIR=y +# CONFIG_FEATURE_RMDIR_LONG_OPTIONS is not set +CONFIG_SEQ=y +CONFIG_SHA1SUM=y +CONFIG_SHA256SUM=y +CONFIG_SHA512SUM=y +CONFIG_SHA3SUM=y +CONFIG_SLEEP=y +# CONFIG_FEATURE_FANCY_SLEEP is not set +# CONFIG_FEATURE_FLOAT_SLEEP is not set +CONFIG_SORT=y +CONFIG_FEATURE_SORT_BIG=y +# CONFIG_SPLIT is not set +# CONFIG_FEATURE_SPLIT_FANCY is not set +# CONFIG_STAT is not set +# CONFIG_FEATURE_STAT_FORMAT is not set +CONFIG_STTY=y +# CONFIG_SUM is not set +CONFIG_SYNC=y +# CONFIG_TAC is not set +CONFIG_TAIL=y +CONFIG_FEATURE_FANCY_TAIL=y +CONFIG_TEE=y +CONFIG_FEATURE_TEE_USE_BLOCK_IO=y +CONFIG_TRUE=y +CONFIG_TTY=y +CONFIG_UNAME=y +# CONFIG_UNEXPAND is not set +# CONFIG_FEATURE_UNEXPAND_LONG_OPTIONS is not set +CONFIG_UNIQ=y +CONFIG_USLEEP=y +CONFIG_UUDECODE=y +CONFIG_UUENCODE=y +CONFIG_WC=y +# CONFIG_FEATURE_WC_LARGE is not set +CONFIG_WHOAMI=y +CONFIG_YES=y + +# +# Common options for cp and mv +# +CONFIG_FEATURE_PRESERVE_HARDLINKS=y + +# +# Common options for ls, more and telnet +# +CONFIG_FEATURE_AUTOWIDTH=y + +# +# Common options for df, du, ls +# +CONFIG_FEATURE_HUMAN_READABLE=y + +# +# Common options for md5sum, sha1sum, sha256sum, sha512sum, sha3sum +# +CONFIG_FEATURE_MD5_SHA1_SUM_CHECK=y + +# +# Console Utilities +# +CONFIG_CHVT=y +# CONFIG_FGCONSOLE is not set +CONFIG_CLEAR=y +CONFIG_DEALLOCVT=y +CONFIG_DUMPKMAP=y +# CONFIG_KBD_MODE is not set +CONFIG_LOADFONT=y +CONFIG_LOADKMAP=y +CONFIG_OPENVT=y +CONFIG_RESET=y +CONFIG_RESIZE=y +CONFIG_FEATURE_RESIZE_PRINT=y +CONFIG_SETCONSOLE=y +# CONFIG_FEATURE_SETCONSOLE_LONG_OPTIONS is not set +# CONFIG_SETFONT is not set +# CONFIG_FEATURE_SETFONT_TEXTUAL_MAP is not set +CONFIG_DEFAULT_SETFONT_DIR="" +CONFIG_SETKEYCODES=y +CONFIG_SETLOGCONS=y +# CONFIG_SHOWKEY is not set + +# +# Common options for loadfont and setfont +# +CONFIG_FEATURE_LOADFONT_PSF2=y +CONFIG_FEATURE_LOADFONT_RAW=y + +# +# Debian Utilities +# +CONFIG_MKTEMP=y +CONFIG_PIPE_PROGRESS=y +CONFIG_RUN_PARTS=y +CONFIG_FEATURE_RUN_PARTS_LONG_OPTIONS=y +# CONFIG_FEATURE_RUN_PARTS_FANCY is not set +CONFIG_START_STOP_DAEMON=y +CONFIG_FEATURE_START_STOP_DAEMON_FANCY=y +CONFIG_FEATURE_START_STOP_DAEMON_LONG_OPTIONS=y +CONFIG_WHICH=y + +# +# Editors +# +CONFIG_AWK=y +# CONFIG_FEATURE_AWK_LIBM is not set +CONFIG_FEATURE_AWK_GNU_EXTENSIONS=y +CONFIG_CMP=y +CONFIG_DIFF=y +# CONFIG_FEATURE_DIFF_LONG_OPTIONS is not set +CONFIG_FEATURE_DIFF_DIR=y +# CONFIG_ED is not set +CONFIG_PATCH=y +CONFIG_SED=y +CONFIG_VI=y +CONFIG_FEATURE_VI_MAX_LEN=4096 +CONFIG_FEATURE_VI_8BIT=y +CONFIG_FEATURE_VI_COLON=y +CONFIG_FEATURE_VI_YANKMARK=y +CONFIG_FEATURE_VI_SEARCH=y +# CONFIG_FEATURE_VI_REGEX_SEARCH is not set +CONFIG_FEATURE_VI_USE_SIGNALS=y +CONFIG_FEATURE_VI_DOT_CMD=y +CONFIG_FEATURE_VI_READONLY=y +CONFIG_FEATURE_VI_SETOPTS=y +CONFIG_FEATURE_VI_SET=y +CONFIG_FEATURE_VI_WIN_RESIZE=y +CONFIG_FEATURE_VI_ASK_TERMINAL=y +CONFIG_FEATURE_ALLOW_EXEC=y + +# +# Finding Utilities +# +CONFIG_FIND=y +CONFIG_FEATURE_FIND_PRINT0=y +CONFIG_FEATURE_FIND_MTIME=y +CONFIG_FEATURE_FIND_MMIN=y +CONFIG_FEATURE_FIND_PERM=y +CONFIG_FEATURE_FIND_TYPE=y +CONFIG_FEATURE_FIND_XDEV=y +CONFIG_FEATURE_FIND_MAXDEPTH=y +CONFIG_FEATURE_FIND_NEWER=y +# CONFIG_FEATURE_FIND_INUM is not set +CONFIG_FEATURE_FIND_EXEC=y +CONFIG_FEATURE_FIND_USER=y +CONFIG_FEATURE_FIND_GROUP=y +CONFIG_FEATURE_FIND_NOT=y +CONFIG_FEATURE_FIND_DEPTH=y +CONFIG_FEATURE_FIND_PAREN=y +CONFIG_FEATURE_FIND_SIZE=y +CONFIG_FEATURE_FIND_PRUNE=y +# CONFIG_FEATURE_FIND_DELETE is not set +CONFIG_FEATURE_FIND_PATH=y +CONFIG_FEATURE_FIND_REGEX=y +# CONFIG_FEATURE_FIND_CONTEXT is not set +# CONFIG_FEATURE_FIND_LINKS is not set +CONFIG_GREP=y +CONFIG_FEATURE_GREP_EGREP_ALIAS=y +CONFIG_FEATURE_GREP_FGREP_ALIAS=y +CONFIG_FEATURE_GREP_CONTEXT=y +CONFIG_XARGS=y +# CONFIG_FEATURE_XARGS_SUPPORT_CONFIRMATION is not set +CONFIG_FEATURE_XARGS_SUPPORT_QUOTES=y +CONFIG_FEATURE_XARGS_SUPPORT_TERMOPT=y +CONFIG_FEATURE_XARGS_SUPPORT_ZERO_TERM=y + +# +# Init Utilities +# +# CONFIG_BOOTCHARTD is not set +# CONFIG_FEATURE_BOOTCHARTD_BLOATED_HEADER is not set +# CONFIG_FEATURE_BOOTCHARTD_CONFIG_FILE is not set +CONFIG_HALT=y +# CONFIG_FEATURE_CALL_TELINIT is not set +CONFIG_TELINIT_PATH="" +CONFIG_INIT=y +CONFIG_FEATURE_USE_INITTAB=y +CONFIG_FEATURE_KILL_REMOVED=y +CONFIG_FEATURE_KILL_DELAY=0 +CONFIG_FEATURE_INIT_SCTTY=y +CONFIG_FEATURE_INIT_SYSLOG=y +CONFIG_FEATURE_EXTRA_QUIET=y +# CONFIG_FEATURE_INIT_COREDUMPS is not set +CONFIG_FEATURE_INITRD=y +CONFIG_INIT_TERMINAL_TYPE="linux" +CONFIG_MESG=y +CONFIG_FEATURE_MESG_ENABLE_ONLY_GROUP=y + +# +# Login/Password Management Utilities +# +# CONFIG_ADD_SHELL is not set +# CONFIG_REMOVE_SHELL is not set +CONFIG_FEATURE_SHADOWPASSWDS=y +# CONFIG_USE_BB_PWD_GRP is not set +# CONFIG_USE_BB_SHADOW is not set +# CONFIG_USE_BB_CRYPT is not set +# CONFIG_USE_BB_CRYPT_SHA is not set +CONFIG_ADDUSER=y +# CONFIG_FEATURE_ADDUSER_LONG_OPTIONS is not set +# CONFIG_FEATURE_CHECK_NAMES is not set +CONFIG_FIRST_SYSTEM_ID=100 +CONFIG_LAST_SYSTEM_ID=999 +CONFIG_ADDGROUP=y +# CONFIG_FEATURE_ADDGROUP_LONG_OPTIONS is not set +# CONFIG_FEATURE_ADDUSER_TO_GROUP is not set +CONFIG_DELUSER=y +CONFIG_DELGROUP=y +# CONFIG_FEATURE_DEL_USER_FROM_GROUP is not set +CONFIG_GETTY=y +CONFIG_LOGIN=y +# CONFIG_LOGIN_SESSION_AS_CHILD is not set +# CONFIG_PAM is not set +# CONFIG_LOGIN_SCRIPTS is not set +CONFIG_FEATURE_NOLOGIN=y +CONFIG_FEATURE_SECURETTY=y +CONFIG_PASSWD=y +CONFIG_FEATURE_PASSWD_WEAK_CHECK=y +# CONFIG_CRYPTPW is not set +# CONFIG_CHPASSWD is not set +CONFIG_FEATURE_DEFAULT_PASSWD_ALGO="sha256" +CONFIG_SU=y +CONFIG_FEATURE_SU_SYSLOG=y +CONFIG_FEATURE_SU_CHECKS_SHELLS=y +CONFIG_SULOGIN=y +CONFIG_VLOCK=y + +# +# Linux Ext2 FS Progs +# +CONFIG_CHATTR=y +CONFIG_FSCK=y +CONFIG_LSATTR=y +# CONFIG_TUNE2FS is not set + +# +# Linux Module Utilities +# +# CONFIG_MODINFO is not set +# CONFIG_MODPROBE_SMALL is not set +# CONFIG_FEATURE_MODPROBE_SMALL_OPTIONS_ON_CMDLINE is not set +# CONFIG_FEATURE_MODPROBE_SMALL_CHECK_ALREADY_LOADED is not set +CONFIG_INSMOD=y +CONFIG_RMMOD=y +CONFIG_LSMOD=y +CONFIG_FEATURE_LSMOD_PRETTY_2_6_OUTPUT=y +CONFIG_MODPROBE=y +# CONFIG_FEATURE_MODPROBE_BLACKLIST is not set +# CONFIG_DEPMOD is not set + +# +# Options common to multiple modutils +# +# CONFIG_FEATURE_2_4_MODULES is not set +# CONFIG_FEATURE_INSMOD_TRY_MMAP is not set +# CONFIG_FEATURE_INSMOD_VERSION_CHECKING is not set +# CONFIG_FEATURE_INSMOD_KSYMOOPS_SYMBOLS is not set +# CONFIG_FEATURE_INSMOD_LOADINKMEM is not set +# CONFIG_FEATURE_INSMOD_LOAD_MAP is not set +# CONFIG_FEATURE_INSMOD_LOAD_MAP_FULL is not set +CONFIG_FEATURE_CHECK_TAINTED_MODULE=y +CONFIG_FEATURE_MODUTILS_ALIAS=y +CONFIG_FEATURE_MODUTILS_SYMBOLS=y +CONFIG_DEFAULT_MODULES_DIR="/lib/modules" +CONFIG_DEFAULT_DEPMOD_FILE="modules.dep" + +# +# Linux System Utilities +# +# CONFIG_BLOCKDEV is not set +CONFIG_FSTRIM=y +CONFIG_MDEV=y +CONFIG_FEATURE_MDEV_CONF=y +CONFIG_FEATURE_MDEV_RENAME=y +# CONFIG_FEATURE_MDEV_RENAME_REGEXP is not set +CONFIG_FEATURE_MDEV_EXEC=y +# CONFIG_FEATURE_MDEV_LOAD_FIRMWARE is not set +# CONFIG_REV is not set +# CONFIG_ACPID is not set +# CONFIG_FEATURE_ACPID_COMPAT is not set +CONFIG_BLKID=y +# CONFIG_FEATURE_BLKID_TYPE is not set +CONFIG_DMESG=y +CONFIG_FEATURE_DMESG_PRETTY=y +# CONFIG_FBSET is not set +# CONFIG_FEATURE_FBSET_FANCY is not set +# CONFIG_FEATURE_FBSET_READMODE is not set +CONFIG_FDFLUSH=y +CONFIG_FDFORMAT=y +# CONFIG_FDISK is not set +# CONFIG_FDISK_SUPPORT_LARGE_DISKS is not set +# CONFIG_FEATURE_FDISK_WRITABLE is not set +# CONFIG_FEATURE_AIX_LABEL is not set +# CONFIG_FEATURE_SGI_LABEL is not set +# CONFIG_FEATURE_SUN_LABEL is not set +# CONFIG_FEATURE_OSF_LABEL is not set +# CONFIG_FEATURE_GPT_LABEL is not set +# CONFIG_FEATURE_FDISK_ADVANCED is not set +# CONFIG_FINDFS is not set +# CONFIG_FLOCK is not set +CONFIG_FREERAMDISK=y +# CONFIG_FSCK_MINIX is not set +# CONFIG_MKFS_EXT2 is not set +# CONFIG_MKFS_MINIX is not set +# CONFIG_FEATURE_MINIX2 is not set +# CONFIG_MKFS_REISER is not set +# CONFIG_MKFS_VFAT is not set +CONFIG_GETOPT=y +CONFIG_FEATURE_GETOPT_LONG=y +CONFIG_HEXDUMP=y +# CONFIG_FEATURE_HEXDUMP_REVERSE is not set +# CONFIG_HD is not set +CONFIG_HWCLOCK=y +CONFIG_FEATURE_HWCLOCK_LONG_OPTIONS=y +CONFIG_FEATURE_HWCLOCK_ADJTIME_FHS=y +CONFIG_IPCRM=y +CONFIG_IPCS=y +CONFIG_LOSETUP=y +CONFIG_LSPCI=y +CONFIG_LSUSB=y +CONFIG_MKSWAP=y +# CONFIG_FEATURE_MKSWAP_UUID is not set +CONFIG_MORE=y +CONFIG_MOUNT=y +# CONFIG_FEATURE_MOUNT_FAKE is not set +# CONFIG_FEATURE_MOUNT_VERBOSE is not set +# CONFIG_FEATURE_MOUNT_HELPERS is not set +# CONFIG_FEATURE_MOUNT_LABEL is not set +# CONFIG_FEATURE_MOUNT_NFS is not set +CONFIG_FEATURE_MOUNT_CIFS=y +CONFIG_FEATURE_MOUNT_FLAGS=y +CONFIG_FEATURE_MOUNT_FSTAB=y +CONFIG_PIVOT_ROOT=y +CONFIG_RDATE=y +# CONFIG_RDEV is not set +CONFIG_READPROFILE=y +# CONFIG_RTCWAKE is not set +# CONFIG_SCRIPT is not set +# CONFIG_SCRIPTREPLAY is not set +CONFIG_SETARCH=y +CONFIG_SWAPONOFF=y +# CONFIG_FEATURE_SWAPON_PRI is not set +CONFIG_SWITCH_ROOT=y +CONFIG_UMOUNT=y +CONFIG_FEATURE_UMOUNT_ALL=y + +# +# Common options for mount/umount +# +CONFIG_FEATURE_MOUNT_LOOP=y +CONFIG_FEATURE_MOUNT_LOOP_CREATE=y +# CONFIG_FEATURE_MTAB_SUPPORT is not set +CONFIG_VOLUMEID=y + +# +# Filesystem/Volume identification +# +# CONFIG_FEATURE_VOLUMEID_BTRFS is not set +# CONFIG_FEATURE_VOLUMEID_CRAMFS is not set +CONFIG_FEATURE_VOLUMEID_EXFAT=y +CONFIG_FEATURE_VOLUMEID_EXT=y +CONFIG_FEATURE_VOLUMEID_F2FS=y +CONFIG_FEATURE_VOLUMEID_FAT=y +# CONFIG_FEATURE_VOLUMEID_HFS is not set +# CONFIG_FEATURE_VOLUMEID_ISO9660 is not set +# CONFIG_FEATURE_VOLUMEID_JFS is not set +# CONFIG_FEATURE_VOLUMEID_LINUXRAID is not set +# CONFIG_FEATURE_VOLUMEID_LINUXSWAP is not set +# CONFIG_FEATURE_VOLUMEID_LUKS is not set +# CONFIG_FEATURE_VOLUMEID_NILFS is not set +# CONFIG_FEATURE_VOLUMEID_NTFS is not set +# CONFIG_FEATURE_VOLUMEID_OCFS2 is not set +# CONFIG_FEATURE_VOLUMEID_REISERFS is not set +# CONFIG_FEATURE_VOLUMEID_ROMFS is not set +# CONFIG_FEATURE_VOLUMEID_SQUASHFS is not set +# CONFIG_FEATURE_VOLUMEID_SYSV is not set +# CONFIG_FEATURE_VOLUMEID_UDF is not set +# CONFIG_FEATURE_VOLUMEID_XFS is not set + +# +# Miscellaneous Utilities +# +# CONFIG_CONSPY is not set +CONFIG_LESS=y +CONFIG_FEATURE_LESS_MAXLINES=9999999 +CONFIG_FEATURE_LESS_BRACKETS=y +CONFIG_FEATURE_LESS_FLAGS=y +# CONFIG_FEATURE_LESS_MARKS is not set +CONFIG_FEATURE_LESS_REGEXP=y +# CONFIG_FEATURE_LESS_WINCH is not set +# CONFIG_FEATURE_LESS_ASK_TERMINAL is not set +# CONFIG_FEATURE_LESS_DASHCMD is not set +# CONFIG_FEATURE_LESS_LINENUMS is not set +# CONFIG_NANDWRITE is not set +# CONFIG_NANDDUMP is not set +# CONFIG_RFKILL is not set +CONFIG_SETSERIAL=y +# CONFIG_UBIATTACH is not set +# CONFIG_UBIDETACH is not set +# CONFIG_UBIMKVOL is not set +# CONFIG_UBIRMVOL is not set +# CONFIG_UBIRSVOL is not set +# CONFIG_UBIUPDATEVOL is not set +# CONFIG_WALL is not set +# CONFIG_ADJTIMEX is not set +# CONFIG_BBCONFIG is not set +# CONFIG_FEATURE_COMPRESS_BBCONFIG is not set +# CONFIG_BEEP is not set +CONFIG_FEATURE_BEEP_FREQ=0 +CONFIG_FEATURE_BEEP_LENGTH_MS=0 +# CONFIG_CHAT is not set +# CONFIG_FEATURE_CHAT_NOFAIL is not set +# CONFIG_FEATURE_CHAT_TTY_HIFI is not set +# CONFIG_FEATURE_CHAT_IMPLICIT_CR is not set +# CONFIG_FEATURE_CHAT_SWALLOW_OPTS is not set +# CONFIG_FEATURE_CHAT_SEND_ESCAPES is not set +# CONFIG_FEATURE_CHAT_VAR_ABORT_LEN is not set +# CONFIG_FEATURE_CHAT_CLR_ABORT is not set +CONFIG_CHRT=y +CONFIG_CROND=y +# CONFIG_FEATURE_CROND_D is not set +# CONFIG_FEATURE_CROND_CALL_SENDMAIL is not set +CONFIG_FEATURE_CROND_DIR="/var/spool/cron" +CONFIG_CRONTAB=y +CONFIG_DC=y +# CONFIG_FEATURE_DC_LIBM is not set +# CONFIG_DEVFSD is not set +# CONFIG_DEVFSD_MODLOAD is not set +# CONFIG_DEVFSD_FG_NP is not set +# CONFIG_DEVFSD_VERBOSE is not set +# CONFIG_FEATURE_DEVFS is not set +CONFIG_DEVMEM=y +CONFIG_EJECT=y +# CONFIG_FEATURE_EJECT_SCSI is not set +# CONFIG_FBSPLASH is not set +# CONFIG_FLASHCP is not set +# CONFIG_FLASH_LOCK is not set +# CONFIG_FLASH_UNLOCK is not set +# CONFIG_FLASH_ERASEALL is not set +# CONFIG_IONICE is not set +# CONFIG_INOTIFYD is not set +CONFIG_LAST=y +CONFIG_FEATURE_LAST_SMALL=y +# CONFIG_FEATURE_LAST_FANCY is not set +CONFIG_HDPARM=y +CONFIG_FEATURE_HDPARM_GET_IDENTITY=y +# CONFIG_FEATURE_HDPARM_HDIO_SCAN_HWIF is not set +# CONFIG_FEATURE_HDPARM_HDIO_UNREGISTER_HWIF is not set +# CONFIG_FEATURE_HDPARM_HDIO_DRIVE_RESET is not set +# CONFIG_FEATURE_HDPARM_HDIO_TRISTATE_HWIF is not set +# CONFIG_FEATURE_HDPARM_HDIO_GETSET_DMA is not set +CONFIG_MAKEDEVS=y +# CONFIG_FEATURE_MAKEDEVS_LEAF is not set +CONFIG_FEATURE_MAKEDEVS_TABLE=y +# CONFIG_MAN is not set +CONFIG_MICROCOM=y +CONFIG_MOUNTPOINT=y +CONFIG_MT=y +# CONFIG_RAIDAUTORUN is not set +# CONFIG_READAHEAD is not set +CONFIG_RUNLEVEL=y +# CONFIG_RX is not set +CONFIG_SETSID=y +CONFIG_STRINGS=y +# CONFIG_TASKSET is not set +# CONFIG_FEATURE_TASKSET_FANCY is not set +CONFIG_TIME=y +# CONFIG_TIMEOUT is not set +# CONFIG_TTYSIZE is not set +# CONFIG_VOLNAME is not set +CONFIG_WATCHDOG=y + +# +# Networking Utilities +# +CONFIG_NAMEIF=y +# CONFIG_FEATURE_NAMEIF_EXTENDED is not set +# CONFIG_NBDCLIENT is not set +# CONFIG_NC is not set +# CONFIG_NC_SERVER is not set +# CONFIG_NC_EXTRA is not set +# CONFIG_NC_110_COMPAT is not set +CONFIG_PING=y +# CONFIG_PING6 is not set +CONFIG_FEATURE_FANCY_PING=y +# CONFIG_WHOIS is not set +CONFIG_FEATURE_IPV6=y +# CONFIG_FEATURE_UNIX_LOCAL is not set +# CONFIG_FEATURE_PREFER_IPV4_ADDRESS is not set +# CONFIG_VERBOSE_RESOLUTION_ERRORS is not set +# CONFIG_ARP is not set +CONFIG_ARPING=y +# CONFIG_BRCTL is not set +# CONFIG_FEATURE_BRCTL_FANCY is not set +# CONFIG_FEATURE_BRCTL_SHOW is not set +CONFIG_DNSD=y +CONFIG_ETHER_WAKE=y +# CONFIG_FAKEIDENTD is not set +# CONFIG_FTPD is not set +# CONFIG_FEATURE_FTP_WRITE is not set +# CONFIG_FEATURE_FTPD_ACCEPT_BROKEN_LIST is not set +# CONFIG_FTPGET is not set +# CONFIG_FTPPUT is not set +# CONFIG_FEATURE_FTPGETPUT_LONG_OPTIONS is not set +CONFIG_HOSTNAME=y +# CONFIG_HTTPD is not set +# CONFIG_FEATURE_HTTPD_RANGES is not set +# CONFIG_FEATURE_HTTPD_USE_SENDFILE is not set +# CONFIG_FEATURE_HTTPD_SETUID is not set +# CONFIG_FEATURE_HTTPD_BASIC_AUTH is not set +# CONFIG_FEATURE_HTTPD_AUTH_MD5 is not set +# CONFIG_FEATURE_HTTPD_CGI is not set +# CONFIG_FEATURE_HTTPD_CONFIG_WITH_SCRIPT_INTERPR is not set +# CONFIG_FEATURE_HTTPD_SET_REMOTE_PORT_TO_ENV is not set +# CONFIG_FEATURE_HTTPD_ENCODE_URL_STR is not set +# CONFIG_FEATURE_HTTPD_ERROR_PAGES is not set +# CONFIG_FEATURE_HTTPD_PROXY is not set +# CONFIG_FEATURE_HTTPD_GZIP is not set +CONFIG_IFCONFIG=y +CONFIG_FEATURE_IFCONFIG_STATUS=y +CONFIG_FEATURE_IFCONFIG_SLIP=y +CONFIG_FEATURE_IFCONFIG_MEMSTART_IOADDR_IRQ=y +CONFIG_FEATURE_IFCONFIG_HW=y +# CONFIG_FEATURE_IFCONFIG_BROADCAST_PLUS is not set +# CONFIG_IFENSLAVE is not set +# CONFIG_IFPLUGD is not set +CONFIG_IFUPDOWN=y +CONFIG_IFUPDOWN_IFSTATE_PATH="/var/run/ifstate" +CONFIG_FEATURE_IFUPDOWN_IP=y +# CONFIG_FEATURE_IFUPDOWN_IP_BUILTIN is not set +# CONFIG_FEATURE_IFUPDOWN_IFCONFIG_BUILTIN is not set +CONFIG_FEATURE_IFUPDOWN_IPV4=y +CONFIG_FEATURE_IFUPDOWN_IPV6=y +CONFIG_FEATURE_IFUPDOWN_MAPPING=y +# CONFIG_FEATURE_IFUPDOWN_EXTERNAL_DHCP is not set +CONFIG_INETD=y +CONFIG_FEATURE_INETD_SUPPORT_BUILTIN_ECHO=y +CONFIG_FEATURE_INETD_SUPPORT_BUILTIN_DISCARD=y +CONFIG_FEATURE_INETD_SUPPORT_BUILTIN_TIME=y +CONFIG_FEATURE_INETD_SUPPORT_BUILTIN_DAYTIME=y +CONFIG_FEATURE_INETD_SUPPORT_BUILTIN_CHARGEN=y +# CONFIG_FEATURE_INETD_RPC is not set +CONFIG_IP=y +CONFIG_FEATURE_IP_ADDRESS=y +CONFIG_FEATURE_IP_LINK=y +CONFIG_FEATURE_IP_ROUTE=y +CONFIG_FEATURE_IP_TUNNEL=y +CONFIG_FEATURE_IP_RULE=y +CONFIG_FEATURE_IP_SHORT_FORMS=y +# CONFIG_FEATURE_IP_RARE_PROTOCOLS is not set +CONFIG_IPADDR=y +CONFIG_IPLINK=y +CONFIG_IPROUTE=y +CONFIG_IPTUNNEL=y +CONFIG_IPRULE=y +# CONFIG_IPCALC is not set +# CONFIG_FEATURE_IPCALC_FANCY is not set +# CONFIG_FEATURE_IPCALC_LONG_OPTIONS is not set +CONFIG_NETSTAT=y +# CONFIG_FEATURE_NETSTAT_WIDE is not set +# CONFIG_FEATURE_NETSTAT_PRG is not set +CONFIG_NSLOOKUP=y +# CONFIG_NTPD is not set +# CONFIG_FEATURE_NTPD_SERVER is not set +# CONFIG_PSCAN is not set +CONFIG_ROUTE=y +# CONFIG_SLATTACH is not set +# CONFIG_TCPSVD is not set +CONFIG_TELNET=y +CONFIG_FEATURE_TELNET_TTYPE=y +CONFIG_FEATURE_TELNET_AUTOLOGIN=y +# CONFIG_TELNETD is not set +# CONFIG_FEATURE_TELNETD_STANDALONE is not set +# CONFIG_FEATURE_TELNETD_INETD_WAIT is not set +CONFIG_TFTP=y +# CONFIG_TFTPD is not set + +# +# Common options for tftp/tftpd +# +CONFIG_FEATURE_TFTP_GET=y +CONFIG_FEATURE_TFTP_PUT=y +CONFIG_FEATURE_TFTP_BLOCKSIZE=y +# CONFIG_FEATURE_TFTP_PROGRESS_BAR is not set +# CONFIG_TFTP_DEBUG is not set +CONFIG_TRACEROUTE=y +# CONFIG_TRACEROUTE6 is not set +# CONFIG_FEATURE_TRACEROUTE_VERBOSE is not set +# CONFIG_FEATURE_TRACEROUTE_SOURCE_ROUTE is not set +# CONFIG_FEATURE_TRACEROUTE_USE_ICMP is not set +# CONFIG_TUNCTL is not set +# CONFIG_FEATURE_TUNCTL_UG is not set +# CONFIG_UDHCPC6 is not set +# CONFIG_UDHCPD is not set +# CONFIG_DHCPRELAY is not set +# CONFIG_DUMPLEASES is not set +# CONFIG_FEATURE_UDHCPD_WRITE_LEASES_EARLY is not set +# CONFIG_FEATURE_UDHCPD_BASE_IP_ON_MAC is not set +CONFIG_DHCPD_LEASES_FILE="" +CONFIG_UDHCPC=y +CONFIG_FEATURE_UDHCPC_ARPING=y +# CONFIG_FEATURE_UDHCP_PORT is not set +CONFIG_UDHCP_DEBUG=0 +# CONFIG_FEATURE_UDHCP_RFC3397 is not set +CONFIG_FEATURE_UDHCP_8021Q=y +CONFIG_UDHCPC_DEFAULT_SCRIPT="/usr/share/udhcpc/default.script" +CONFIG_UDHCPC_SLACK_FOR_BUGGY_SERVERS=80 +CONFIG_IFUPDOWN_UDHCPC_CMD_OPTIONS="-R -n" +# CONFIG_UDPSVD is not set +CONFIG_VCONFIG=y +CONFIG_WGET=y +CONFIG_FEATURE_WGET_STATUSBAR=y +CONFIG_FEATURE_WGET_AUTHENTICATION=y +CONFIG_FEATURE_WGET_LONG_OPTIONS=y +CONFIG_FEATURE_WGET_TIMEOUT=y +# CONFIG_ZCIP is not set + +# +# Print Utilities +# +# CONFIG_LPD is not set +# CONFIG_LPR is not set +# CONFIG_LPQ is not set + +# +# Mail Utilities +# +# CONFIG_MAKEMIME is not set +CONFIG_FEATURE_MIME_CHARSET="" +# CONFIG_POPMAILDIR is not set +# CONFIG_FEATURE_POPMAILDIR_DELIVERY is not set +# CONFIG_REFORMIME is not set +# CONFIG_FEATURE_REFORMIME_COMPAT is not set +# CONFIG_SENDMAIL is not set + +# +# Process Utilities +# +# CONFIG_IOSTAT is not set +CONFIG_LSOF=y +# CONFIG_MPSTAT is not set +# CONFIG_NMETER is not set +# CONFIG_PMAP is not set +# CONFIG_POWERTOP is not set +# CONFIG_PSTREE is not set +# CONFIG_PWDX is not set +# CONFIG_SMEMCAP is not set +CONFIG_TOP=y +CONFIG_FEATURE_TOP_CPU_USAGE_PERCENTAGE=y +CONFIG_FEATURE_TOP_CPU_GLOBAL_PERCENTS=y +# CONFIG_FEATURE_TOP_SMP_CPU is not set +# CONFIG_FEATURE_TOP_DECIMALS is not set +# CONFIG_FEATURE_TOP_SMP_PROCESS is not set +# CONFIG_FEATURE_TOPMEM is not set +CONFIG_UPTIME=y +# CONFIG_FEATURE_UPTIME_UTMP_SUPPORT is not set +CONFIG_FREE=y +CONFIG_FUSER=y +CONFIG_KILL=y +CONFIG_KILLALL=y +CONFIG_KILLALL5=y +# CONFIG_PGREP is not set +CONFIG_PIDOF=y +CONFIG_FEATURE_PIDOF_SINGLE=y +CONFIG_FEATURE_PIDOF_OMIT=y +# CONFIG_PKILL is not set +CONFIG_PS=y +# CONFIG_FEATURE_PS_WIDE is not set +# CONFIG_FEATURE_PS_LONG is not set +# CONFIG_FEATURE_PS_TIME is not set +# CONFIG_FEATURE_PS_ADDITIONAL_COLUMNS is not set +# CONFIG_FEATURE_PS_UNUSUAL_SYSTEMS is not set +CONFIG_RENICE=y +CONFIG_BB_SYSCTL=y +# CONFIG_FEATURE_SHOW_THREADS is not set +CONFIG_WATCH=y + +# +# Runit Utilities +# +# CONFIG_RUNSV is not set +# CONFIG_RUNSVDIR is not set +# CONFIG_FEATURE_RUNSVDIR_LOG is not set +# CONFIG_SV is not set +CONFIG_SV_DEFAULT_SERVICE_DIR="" +# CONFIG_SVLOGD is not set +# CONFIG_CHPST is not set +# CONFIG_SETUIDGID is not set +# CONFIG_ENVUIDGID is not set +# CONFIG_ENVDIR is not set +# CONFIG_SOFTLIMIT is not set +# CONFIG_CHCON is not set +# CONFIG_FEATURE_CHCON_LONG_OPTIONS is not set +# CONFIG_GETENFORCE is not set +# CONFIG_GETSEBOOL is not set +# CONFIG_LOAD_POLICY is not set +# CONFIG_MATCHPATHCON is not set +# CONFIG_RESTORECON is not set +# CONFIG_RUNCON is not set +# CONFIG_FEATURE_RUNCON_LONG_OPTIONS is not set +# CONFIG_SELINUXENABLED is not set +# CONFIG_SETENFORCE is not set +# CONFIG_SETFILES is not set +# CONFIG_FEATURE_SETFILES_CHECK_OPTION is not set +# CONFIG_SETSEBOOL is not set +# CONFIG_SESTATUS is not set + +# +# Shells +# +CONFIG_ASH=y +CONFIG_ASH_BASH_COMPAT=y +CONFIG_ASH_IDLE_TIMEOUT=y +CONFIG_ASH_JOB_CONTROL=y +CONFIG_ASH_ALIAS=y +# CONFIG_ASH_GETOPTS is not set +CONFIG_ASH_BUILTIN_ECHO=y +CONFIG_ASH_BUILTIN_PRINTF=y +CONFIG_ASH_BUILTIN_TEST=y +CONFIG_ASH_CMDCMD=y +# CONFIG_ASH_MAIL is not set +CONFIG_ASH_OPTIMIZE_FOR_SIZE=y +CONFIG_ASH_RANDOM_SUPPORT=y +CONFIG_ASH_EXPAND_PRMT=y +# CONFIG_CTTYHACK is not set +# CONFIG_HUSH is not set +# CONFIG_HUSH_BASH_COMPAT is not set +# CONFIG_HUSH_BRACE_EXPANSION is not set +# CONFIG_HUSH_HELP is not set +# CONFIG_HUSH_INTERACTIVE is not set +# CONFIG_HUSH_SAVEHISTORY is not set +# CONFIG_HUSH_JOB is not set +# CONFIG_HUSH_TICK is not set +# CONFIG_HUSH_IF is not set +# CONFIG_HUSH_LOOPS is not set +# CONFIG_HUSH_CASE is not set +# CONFIG_HUSH_FUNCTIONS is not set +# CONFIG_HUSH_LOCAL is not set +# CONFIG_HUSH_RANDOM_SUPPORT is not set +# CONFIG_HUSH_EXPORT_N is not set +# CONFIG_HUSH_MODE_X is not set +# CONFIG_MSH is not set +CONFIG_FEATURE_SH_IS_ASH=y +# CONFIG_FEATURE_SH_IS_HUSH is not set +# CONFIG_FEATURE_SH_IS_NONE is not set +# CONFIG_FEATURE_BASH_IS_ASH is not set +# CONFIG_FEATURE_BASH_IS_HUSH is not set +CONFIG_FEATURE_BASH_IS_NONE=y +CONFIG_SH_MATH_SUPPORT=y +# CONFIG_SH_MATH_SUPPORT_64 is not set +CONFIG_FEATURE_SH_EXTRA_QUIET=y +# CONFIG_FEATURE_SH_STANDALONE is not set +# CONFIG_FEATURE_SH_NOFORK is not set +# CONFIG_FEATURE_SH_HISTFILESIZE is not set + +# +# System Logging Utilities +# +CONFIG_SYSLOGD=y +CONFIG_FEATURE_ROTATE_LOGFILE=y +CONFIG_FEATURE_REMOTE_LOG=y +# CONFIG_FEATURE_SYSLOGD_DUP is not set +# CONFIG_FEATURE_SYSLOGD_CFG is not set +CONFIG_FEATURE_SYSLOGD_READ_BUFFER_SIZE=256 +# CONFIG_FEATURE_IPC_SYSLOG is not set +CONFIG_FEATURE_IPC_SYSLOG_BUFFER_SIZE=0 +# CONFIG_LOGREAD is not set +# CONFIG_FEATURE_LOGREAD_REDUCED_LOCKING is not set +# CONFIG_FEATURE_KMSG_SYSLOG is not set +CONFIG_KLOGD=y +CONFIG_FEATURE_KLOGD_KLOGCTL=y +CONFIG_LOGGER=y diff --git a/fakeroot.fs b/fakeroot.fs new file mode 100644 index 0000000..b09b376 --- /dev/null +++ b/fakeroot.fs @@ -0,0 +1,7 @@ +echo "Hello, fake" `pwd` +( + cd output/target + chown -R 1001:100 home/matthias + chown -R 1002:100 home/pan +) + diff --git a/linux-3.12.16.config b/linux-3.12.16.config new file mode 100644 index 0000000..627f1b8 --- /dev/null +++ b/linux-3.12.16.config @@ -0,0 +1,299 @@ +# CONFIG_64BIT is not set +# CONFIG_LOCALVERSION_AUTO is not set +CONFIG_DEFAULT_HOSTNAME="panda" +CONFIG_SYSVIPC=y +CONFIG_POSIX_MQUEUE=y +CONFIG_AUDIT=y +CONFIG_AUDITSYSCALL=y +CONFIG_NO_HZ=y +CONFIG_HIGH_RES_TIMERS=y +CONFIG_BSD_PROCESS_ACCT=y +CONFIG_TASKSTATS=y +CONFIG_TASK_DELAY_ACCT=y +CONFIG_TASK_XACCT=y +CONFIG_TASK_IO_ACCOUNTING=y +CONFIG_LOG_BUF_SHIFT=18 +CONFIG_CGROUPS=y +CONFIG_CGROUP_FREEZER=y +CONFIG_CPUSETS=y +CONFIG_CGROUP_CPUACCT=y +CONFIG_RESOURCE_COUNTERS=y +CONFIG_CGROUP_SCHED=y +CONFIG_NAMESPACES=y +CONFIG_RELAY=y +CONFIG_BLK_DEV_INITRD=y +CONFIG_RD_XZ=y +CONFIG_CC_OPTIMIZE_FOR_SIZE=y +CONFIG_EMBEDDED=y +# CONFIG_COMPAT_BRK is not set +CONFIG_PROFILING=y +CONFIG_PARTITION_ADVANCED=y +# CONFIG_EFI_PARTITION is not set +CONFIG_DEFAULT_DEADLINE=y +# CONFIG_X86_MPPARSE is not set +# CONFIG_X86_EXTENDED_PLATFORM is not set +CONFIG_MK7=y +CONFIG_PROCESSOR_SELECT=y +# CONFIG_CPU_SUP_INTEL is not set +# CONFIG_CPU_SUP_CYRIX_32 is not set +# CONFIG_CPU_SUP_CENTAUR is not set +# CONFIG_CPU_SUP_TRANSMETA_32 is not set +# CONFIG_CPU_SUP_UMC_32 is not set +CONFIG_HPET_TIMER=y +CONFIG_PREEMPT_VOLUNTARY=y +CONFIG_X86_REROUTE_FOR_BROKEN_BOOT_IRQS=y +# CONFIG_X86_MCE_INTEL is not set +CONFIG_X86_REBOOTFIXUPS=y +CONFIG_MICROCODE=y +# CONFIG_MICROCODE_INTEL is not set +CONFIG_MICROCODE_AMD=y +CONFIG_X86_MSR=y +CONFIG_X86_CPUID=y +CONFIG_NOHIGHMEM=y +CONFIG_X86_CHECK_BIOS_CORRUPTION=y +CONFIG_CC_STACKPROTECTOR=y +# CONFIG_RELOCATABLE is not set +# CONFIG_SUSPEND is not set +CONFIG_PM_RUNTIME=y +CONFIG_ACPI_PROCFS=y +# CONFIG_ACPI_BATTERY is not set +CONFIG_ACPI_DOCK=y +CONFIG_ACPI_CONTAINER=y +CONFIG_CPU_FREQ=y +# CONFIG_CPU_FREQ_STAT is not set +CONFIG_CPU_FREQ_DEFAULT_GOV_ONDEMAND=y +CONFIG_CPU_FREQ_GOV_USERSPACE=y +CONFIG_X86_ACPI_CPUFREQ=y +CONFIG_X86_POWERNOW_K7=y +CONFIG_PCI_MSI=y +CONFIG_PCI_IOAPIC=y +CONFIG_BINFMT_MISC=y +CONFIG_NET=y +CONFIG_PACKET=y +CONFIG_UNIX=y +CONFIG_XFRM_USER=y +CONFIG_INET=y +CONFIG_IP_MULTICAST=y +CONFIG_IP_ADVANCED_ROUTER=y +CONFIG_IP_MULTIPLE_TABLES=y +CONFIG_IP_ROUTE_MULTIPATH=y +CONFIG_IP_ROUTE_VERBOSE=y +CONFIG_IP_PNP=y +CONFIG_IP_PNP_DHCP=y +CONFIG_IP_PNP_BOOTP=y +CONFIG_IP_PNP_RARP=y +CONFIG_IP_MROUTE=y +CONFIG_IP_PIMSM_V1=y +CONFIG_IP_PIMSM_V2=y +CONFIG_SYN_COOKIES=y +# CONFIG_INET_XFRM_MODE_TRANSPORT is not set +# CONFIG_INET_XFRM_MODE_TUNNEL is not set +# CONFIG_INET_XFRM_MODE_BEET is not set +# CONFIG_INET_DIAG is not set +CONFIG_TCP_CONG_ADVANCED=y +# CONFIG_TCP_CONG_BIC is not set +# CONFIG_TCP_CONG_WESTWOOD is not set +# CONFIG_TCP_CONG_HTCP is not set +CONFIG_TCP_MD5SIG=y +CONFIG_INET6_AH=y +CONFIG_INET6_ESP=y +CONFIG_NETLABEL=y +CONFIG_NETWORK_SECMARK=y +CONFIG_NETFILTER=y +# CONFIG_NETFILTER_ADVANCED is not set +CONFIG_NET_SCHED=y +CONFIG_NET_EMATCH=y +CONFIG_NET_CLS_ACT=y +CONFIG_UEVENT_HELPER_PATH="/sbin/hotplug" +CONFIG_DEVTMPFS=y +CONFIG_DEVTMPFS_MOUNT=y +# CONFIG_STANDALONE is not set +CONFIG_DEBUG_DEVRES=y +CONFIG_CONNECTOR=y +CONFIG_PARPORT=y +CONFIG_PARPORT_PC=y +CONFIG_PARPORT_PC_FIFO=y +CONFIG_PARPORT_PC_SUPERIO=y +CONFIG_PARIDE=y +CONFIG_PARIDE_PD=y +CONFIG_BLK_DEV_LOOP=y +CONFIG_BLK_DEV_SR=y +CONFIG_BLK_DEV_SR_VENDOR=y +CONFIG_CHR_DEV_SG=y +CONFIG_SCSI_SPI_ATTRS=y +# CONFIG_SCSI_LOWLEVEL is not set +CONFIG_ATA=y +# CONFIG_SATA_PMP is not set +CONFIG_ATA_PIIX=y +CONFIG_PATA_OLDPIIX=y +CONFIG_PATA_SIS=y +CONFIG_ATA_GENERIC=y +CONFIG_NETDEVICES=y +CONFIG_NETCONSOLE=y +CONFIG_TUN=y +# CONFIG_NET_VENDOR_3COM is not set +# CONFIG_NET_VENDOR_ADAPTEC is not set +# CONFIG_NET_VENDOR_ALTEON is not set +# CONFIG_NET_VENDOR_AMD is not set +# CONFIG_NET_VENDOR_ARC is not set +# CONFIG_NET_VENDOR_ATHEROS is not set +# CONFIG_NET_CADENCE is not set +# CONFIG_NET_VENDOR_BROADCOM is not set +# CONFIG_NET_VENDOR_BROCADE is not set +# CONFIG_NET_VENDOR_CHELSIO is not set +# CONFIG_NET_VENDOR_CISCO is not set +# CONFIG_NET_VENDOR_DEC is not set +# CONFIG_NET_VENDOR_DLINK is not set +# CONFIG_NET_VENDOR_EMULEX is not set +# CONFIG_NET_VENDOR_EXAR is not set +# CONFIG_NET_VENDOR_HP is not set +# CONFIG_NET_VENDOR_INTEL is not set +# CONFIG_NET_VENDOR_MARVELL is not set +# CONFIG_NET_VENDOR_MELLANOX is not set +# CONFIG_NET_VENDOR_MICREL is not set +# CONFIG_NET_VENDOR_MYRI is not set +# CONFIG_NET_VENDOR_NATSEMI is not set +# CONFIG_NET_VENDOR_NVIDIA is not set +# CONFIG_NET_VENDOR_OKI is not set +# CONFIG_NET_PACKET_ENGINE is not set +# CONFIG_NET_VENDOR_QLOGIC is not set +CONFIG_8139CP=y +CONFIG_R8169=y +# CONFIG_NET_VENDOR_RDC is not set +# CONFIG_NET_VENDOR_SEEQ is not set +# CONFIG_NET_VENDOR_SILAN is not set +# CONFIG_NET_VENDOR_SIS is not set +# CONFIG_NET_VENDOR_SMSC is not set +# CONFIG_NET_VENDOR_STMICRO is not set +# CONFIG_NET_VENDOR_SUN is not set +# CONFIG_NET_VENDOR_TEHUTI is not set +# CONFIG_NET_VENDOR_TI is not set +# CONFIG_NET_VENDOR_VIA is not set +# CONFIG_NET_VENDOR_WIZNET is not set +CONFIG_PHYLIB=y +CONFIG_REALTEK_PHY=y +# CONFIG_WLAN is not set +CONFIG_INPUT_POLLDEV=y +CONFIG_INPUT_SPARSEKMAP=y +# CONFIG_INPUT_MOUSEDEV_PSAUX is not set +CONFIG_INPUT_EVDEV=y +CONFIG_INPUT_JOYSTICK=y +CONFIG_INPUT_TABLET=y +CONFIG_INPUT_TOUCHSCREEN=y +CONFIG_INPUT_MISC=y +# CONFIG_LEGACY_PTYS is not set +CONFIG_SERIAL_NONSTANDARD=y +CONFIG_SERIAL_8250=y +CONFIG_SERIAL_8250_CONSOLE=y +CONFIG_SERIAL_8250_NR_UARTS=32 +CONFIG_SERIAL_8250_EXTENDED=y +CONFIG_SERIAL_8250_MANY_PORTS=y +CONFIG_SERIAL_8250_SHARE_IRQ=y +CONFIG_SERIAL_8250_DETECT_IRQ=y +CONFIG_SERIAL_8250_RSA=y +CONFIG_NVRAM=y +CONFIG_HPET=y +# CONFIG_HPET_MMAP is not set +CONFIG_I2C_SIS96X=y +CONFIG_PPS=y +CONFIG_THERMAL_GOV_USER_SPACE=y +CONFIG_WATCHDOG=y +CONFIG_AGP=y +CONFIG_AGP_SIS=y +CONFIG_DRM=y +CONFIG_DRM_SIS=y +CONFIG_VIDEO_OUTPUT_CONTROL=y +CONFIG_FB=y +CONFIG_FB_MODE_HELPERS=y +CONFIG_FB_TILEBLITTING=y +CONFIG_VGACON_SOFT_SCROLLBACK=y +CONFIG_FRAMEBUFFER_CONSOLE=y +CONFIG_FRAMEBUFFER_CONSOLE_DETECT_PRIMARY=y +CONFIG_LOGO=y +# CONFIG_LOGO_LINUX_MONO is not set +# CONFIG_LOGO_LINUX_VGA16 is not set +CONFIG_SOUND=y +CONFIG_SND=y +CONFIG_SND_SEQUENCER=y +CONFIG_SND_SEQ_DUMMY=y +CONFIG_SND_MIXER_OSS=y +CONFIG_SND_PCM_OSS=y +CONFIG_SND_SEQUENCER_OSS=y +CONFIG_SND_HRTIMER=y +CONFIG_SND_INTEL8X0=y +# CONFIG_SND_USB is not set +CONFIG_HIDRAW=y +CONFIG_HID_GYRATION=y +CONFIG_HID_LOGITECH=y +CONFIG_LOGITECH_FF=y +CONFIG_HID_NTRIG=y +CONFIG_HID_PANTHERLORD=y +CONFIG_PANTHERLORD_FF=y +CONFIG_HID_PETALYNX=y +CONFIG_HID_SAMSUNG=y +CONFIG_HID_SUNPLUS=y +CONFIG_HID_TOPSEED=y +CONFIG_HID_PID=y +CONFIG_USB_HIDDEV=y +CONFIG_USB=y +CONFIG_USB_DEBUG=y +CONFIG_USB_ANNOUNCE_NEW_DEVICES=y +CONFIG_USB_MON=y +CONFIG_USB_EHCI_HCD=y +CONFIG_USB_OHCI_HCD=y +CONFIG_USB_UHCI_HCD=y +CONFIG_USB_PRINTER=y +CONFIG_USB_STORAGE=y +CONFIG_USB_STORAGE_CYPRESS_ATACB=y +CONFIG_EDAC=y +CONFIG_RTC_CLASS=y +# CONFIG_RTC_HCTOSYS is not set +CONFIG_DMADEVICES=y +# CONFIG_IOMMU_SUPPORT is not set +CONFIG_EXT4_FS=y +CONFIG_EXT4_FS_POSIX_ACL=y +CONFIG_EXT4_FS_SECURITY=y +CONFIG_QUOTA=y +CONFIG_QUOTA_NETLINK_INTERFACE=y +# CONFIG_PRINT_QUOTA_WARNING is not set +CONFIG_QFMT_V2=y +CONFIG_AUTOFS4_FS=y +CONFIG_ISO9660_FS=y +CONFIG_JOLIET=y +CONFIG_ZISOFS=y +CONFIG_MSDOS_FS=y +CONFIG_VFAT_FS=y +CONFIG_PROC_KCORE=y +CONFIG_TMPFS=y +CONFIG_TMPFS_POSIX_ACL=y +CONFIG_HUGETLBFS=y +CONFIG_NFS_FS=y +CONFIG_NFS_V3_ACL=y +CONFIG_NFS_V4=y +CONFIG_ROOT_NFS=y +CONFIG_NLS_DEFAULT="utf8" +CONFIG_NLS_CODEPAGE_437=y +CONFIG_NLS_ASCII=y +CONFIG_NLS_ISO8859_1=y +CONFIG_NLS_UTF8=y +CONFIG_PRINTK_TIME=y +# CONFIG_ENABLE_WARN_DEPRECATED is not set +CONFIG_FRAME_WARN=2048 +# CONFIG_UNUSED_SYMBOLS is not set +CONFIG_DEBUG_FS=y +CONFIG_MAGIC_SYSRQ=y +# CONFIG_SCHED_DEBUG is not set +CONFIG_TIMER_STATS=y +# CONFIG_FTRACE is not set +CONFIG_EARLY_PRINTK_DBGP=y +# CONFIG_DEBUG_RODATA_TEST is not set +CONFIG_DEBUG_BOOT_PARAMS=y +CONFIG_OPTIMIZE_INLINING=y +CONFIG_KEYS_DEBUG_PROC_KEYS=y +CONFIG_SECURITY=y +CONFIG_SECURITY_NETWORK=y +CONFIG_CRYPTO_AES_586=y +CONFIG_CRYPTO_ARC4=y +# CONFIG_CRYPTO_ANSI_CPRNG is not set +# CONFIG_VIRTUALIZATION is not set +CONFIG_AVERAGE=y diff --git a/openvpn-test/ca.crt b/openvpn-test/ca.crt new file mode 100644 index 0000000..7aa2a39 --- /dev/null +++ b/openvpn-test/ca.crt @@ -0,0 +1,29 @@ +-----BEGIN CERTIFICATE----- +MIIE9zCCA9+gAwIBAgIJAPiqn2VVDFaUMA0GCSqGSIb3DQEBCwUAMIGtMQswCQYD +VQQGEwJERTELMAkGA1UECBMCQlcxEjAQBgNVBAcTCUthcmxzcnVoZTENMAsGA1UE +ChMEbm9uZTEbMBkGA1UECxMSTWF0dGhpYXMgQmxhbmtlcnR6MRgwFgYDVQQDEw9w +YW5kYS5oYWRpa28uZGUxEDAOBgNVBCkTB0Vhc3lSU0ExJTAjBgkqhkiG9w0BCQEW +Fm1hdHRoaWFzQGJsYW5rZXJ0ei5vcmcwHhcNMTQwNDAzMTQ0NTM2WhcNMjQwMzMx +MTQ0NTM2WjCBrTELMAkGA1UEBhMCREUxCzAJBgNVBAgTAkJXMRIwEAYDVQQHEwlL +YXJsc3J1aGUxDTALBgNVBAoTBG5vbmUxGzAZBgNVBAsTEk1hdHRoaWFzIEJsYW5r +ZXJ0ejEYMBYGA1UEAxMPcGFuZGEuaGFkaWtvLmRlMRAwDgYDVQQpEwdFYXN5UlNB +MSUwIwYJKoZIhvcNAQkBFhZtYXR0aGlhc0BibGFua2VydHoub3JnMIIBIjANBgkq +hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyDC2BIf3FfEoLxrr9oxQ46cDO8DBRdqF +3ZUiVupBZ8+MJz871UJEUvVjJi7yuxGOfr1JIBYfgEgFzLNvhFsRrwQGp6hcGgJC +38JQOZAWopjz/cH4LRyNaPOu9Hd5KCspOSfZLj7y7VKzcO1TtLOYHlnmilM/VWL1 +38yZ3gwnFTRSaue2nHB8ex8Lm9uWYhzy8PTNcIVUaM7cFuX1LQmk3tyHsuN4ZFIV ++9D1+O3JKaepdzXC6af2we37wYIxl02R428bkf+QEqfcU3lqlmOBMKqHRMxnYtGE +bOZgVkUJJ07BreiYiypNbrBNsJjf+kWTT+ymzie8h3V6eBUdjSbmCwIDAQABo4IB +FjCCARIwHQYDVR0OBBYEFLHei9/kSHXfzWfdcUYXv1DHa063MIHiBgNVHSMEgdow +gdeAFLHei9/kSHXfzWfdcUYXv1DHa063oYGzpIGwMIGtMQswCQYDVQQGEwJERTEL +MAkGA1UECBMCQlcxEjAQBgNVBAcTCUthcmxzcnVoZTENMAsGA1UEChMEbm9uZTEb +MBkGA1UECxMSTWF0dGhpYXMgQmxhbmtlcnR6MRgwFgYDVQQDEw9wYW5kYS5oYWRp +a28uZGUxEDAOBgNVBCkTB0Vhc3lSU0ExJTAjBgkqhkiG9w0BCQEWFm1hdHRoaWFz +QGJsYW5rZXJ0ei5vcmeCCQD4qp9lVQxWlDAMBgNVHRMEBTADAQH/MA0GCSqGSIb3 +DQEBCwUAA4IBAQBEqr4PGh+LzAz1PmVKY5pOXX/nxysy8c+Lob6GvvTzBa1H3Tk+ +OHX3VTVMF4fY/UtVpypK1dHyMpA0AT9SPrZG68PxwKLemE6PqnVecX+slPrbyiY9 +Op4A65UN6UgkcBPTkcToAXjMMDGjQU/r1PswNCBZdb7ZQa/it31KF0nHDNWIG1Da +60LKQx96fTLI57+/VMLq5+Uo+RGXcBT1JbHgMSJhUfGePlNyGirlN9EiNJgCYTXo +SrobHLsHNByurTSlvMYBsOFudeVvI0ZbiGN5JJO5/WMMJk9MM/iqe6An2ipZHNsf +vYwg6bV2KTpv+4R4/wWb0ADtkZHnjrC0p9ZP +-----END CERTIFICATE----- diff --git a/openvpn-test/client.conf b/openvpn-test/client.conf new file mode 100644 index 0000000..793fe7a --- /dev/null +++ b/openvpn-test/client.conf @@ -0,0 +1,123 @@ +############################################## +# Sample client-side OpenVPN 2.0 config file # +# for connecting to multi-client server. # +# # +# This configuration can be used by multiple # +# clients, however each client should have # +# its own cert and key files. # +# # +# On Windows, you might want to rename this # +# file so it has a .ovpn extension # +############################################## + +# Specify that we are a client and that we +# will be pulling certain config file directives +# from the server. +client + +# Use the same setting as you are using on +# the server. +# On most systems, the VPN will not function +# unless you partially or fully disable +# the firewall for the TUN/TAP interface. +;dev tap +dev tun + +# Windows needs the TAP-Win32 adapter name +# from the Network Connections panel +# if you have more than one. On XP SP2, +# you may need to disable the firewall +# for the TAP adapter. +;dev-node MyTap + +# Are we connecting to a TCP or +# UDP server? Use the same setting as +# on the server. +proto tcp +;proto udp + +# The hostname/IP and port of the server. +# You can have multiple remote entries +# to load balance between the servers. +remote 172.20.117.221 1194 +;remote my-server-2 1194 + +# Choose a random host from the remote +# list for load-balancing. Otherwise +# try hosts in the order specified. +;remote-random + +# Keep trying indefinitely to resolve the +# host name of the OpenVPN server. Very useful +# on machines which are not permanently connected +# to the internet such as laptops. +resolv-retry infinite + +# Most clients don't need to bind to +# a specific local port number. +nobind + +# Downgrade privileges after initialization (non-Windows only) +;user nobody +;group nobody + +# Try to preserve some state across restarts. +persist-key +persist-tun + +# If you are connecting through an +# HTTP proxy to reach the actual OpenVPN +# server, put the proxy server/IP and +# port number here. See the man page +# if your proxy server requires +# authentication. +;http-proxy-retry # retry on connection failures +;http-proxy [proxy server] [proxy port #] + +# Wireless networks often produce a lot +# of duplicate packets. Set this flag +# to silence duplicate packet warnings. +;mute-replay-warnings + +# SSL/TLS parms. +# See the server config file for more +# description. It's best to use +# a separate .crt/.key file pair +# for each client. A single ca +# file can be used for all clients. +ca ca.crt +cert matthias.crt +key matthias.key + +# Verify server certificate by checking +# that the certicate has the nsCertType +# field set to "server". This is an +# important precaution to protect against +# a potential attack discussed here: +# http://openvpn.net/howto.html#mitm +# +# To use this feature, you will need to generate +# your server certificates with the nsCertType +# field set to "server". The build-key-server +# script in the easy-rsa folder will do this. +ns-cert-type server + +# If a tls-auth key is used on the server +# then every client must also have the key. +;tls-auth ta.key 1 + +# Select a cryptographic cipher. +# If the cipher option is used on the server +# then you must also specify it here. +;cipher x + +# Enable compression on the VPN link. +# Don't enable this unless it is also +# enabled in the server config file. +comp-lzo + +# Set log file verbosity. +verb 3 + +# Silence repeating messages +;mute 20 diff --git a/overlay/etc/firewall.sh b/overlay/etc/firewall.sh new file mode 100755 index 0000000..1176859 --- /dev/null +++ b/overlay/etc/firewall.sh @@ -0,0 +1,118 @@ +#!/bin/sh + +# A Sample OpenVPN-aware firewall. + +# eth0 is connected to the internet. +# eth1 is connected to a private subnet. + +VPNIF=tun0 +LANIF=eth0 + +PRIVATE=10.42.23.0/24 + +# Loopback address +LOOP=127.0.0.1 + +# Delete old iptables rules +# and temporarily block all traffic. +iptables -P OUTPUT DROP +iptables -P INPUT DROP +iptables -P FORWARD DROP +iptables -F + +# Set default policies +iptables -P OUTPUT ACCEPT +iptables -P INPUT DROP +iptables -P FORWARD DROP + +# Prevent external packets from using loopback addr +iptables -A INPUT -i $LANIF -s $LOOP -j DROP +iptables -A FORWARD -i $LANIF -s $LOOP -j DROP +iptables -A INPUT -i $LANIF -d $LOOP -j DROP +iptables -A FORWARD -i $LANIF -d $LOOP -j DROP + +# Anything coming from the Network should have a real Internet address, +# or a known "Uninetz" private address (172.20.0.0/16) +iptables -N Antispoof_172 +iptables -A FORWARD -i $LANIF -s 192.168.0.0/16 -j DROP +iptables -A FORWARD -i $LANIF -s 172.16.0.0/12 -j Antispoof_172 +iptables -A FORWARD -i $LANIF -s 10.0.0.0/8 -j DROP +iptables -A INPUT -i $LANIF -s 192.168.0.0/16 -j DROP +iptables -A INPUT -i $LANIF -s 172.16.0.0/12 -j Antispoof_172 +iptables -A INPUT -i $LANIF -s 10.0.0.0/8 -j DROP +iptables -A Antispoof_172 -i $LANIF -s 172.20.0.0/16 -j RETURN +iptables -A Antispoof_172 -j DROP + +# Block outgoing NetBios (if you have windows machines running +# on the private subnet). This will not affect any NetBios +# traffic that flows over the VPN tunnel, but it will stop +# local windows machines from broadcasting themselves to +# the network. +iptables -A FORWARD -p tcp --sport 137:139 -o $LANIF -j DROP +iptables -A FORWARD -p udp --sport 137:139 -o $LANIF -j DROP +iptables -A OUTPUT -p tcp --sport 137:139 -o $LANIF -j DROP +iptables -A OUTPUT -p udp --sport 137:139 -o $LANIF -j DROP + +# Check source address validity on packets going out to network +iptables -A OUTPUT -s $PRIVATE -o $LANIF -j DROP + +# Allow local loopback +iptables -A INPUT -s $LOOP -j ACCEPT +iptables -A INPUT -d $LOOP -j ACCEPT + +# Allow useful ICMP, and forward it too +iptables -A INPUT -p icmp --icmp-type echo-request -j ACCEPT +iptables -A INPUT -p icmp --icmp-type 11/0 -j ACCEPT +iptables -A INPUT -p icmp --icmp-type 11/1 -j ACCEPT +iptables -A INPUT -p icmp --icmp-type 0/0 -j ACCEPT +iptables -A INPUT -p icmp --icmp-type 3 -j ACCEPT +iptables -A FORWARD -p icmp --icmp-type echo-request -j ACCEPT +iptables -A FORWARD -p icmp --icmp-type 11/0 -j ACCEPT +iptables -A FORWARD -p icmp --icmp-type 11/1 -j ACCEPT +iptables -A FORWARD -p icmp --icmp-type 0/0 -j ACCEPT +iptables -A FORWARD -p icmp --icmp-type 3 -j ACCEPT + +# Allow services such as ssh (can be disabled) +iptables -A INPUT -p tcp --dport ssh -j ACCEPT + +# Allow incoming OpenVPN packets +# Duplicate the line below for each +# OpenVPN tunnel, changing --dport n +# to match the OpenVPN UDP port. +# +# In OpenVPN, the port number is +# controlled by the --port n option. +# If you put this option in the config +# file, you can remove the leading '--' +# +# If you taking the stateful firewall +# approach (see the OpenVPN HOWTO), +# then comment out the line below. + +iptables -A INPUT -p tcp --dport 1194 -j ACCEPT + +# Allow packets from TUN/TAP devices. +# When OpenVPN is run in a secure mode, +# it will authenticate packets prior +# to their arriving on a tun or tap +# interface. Therefore, it is not +# necessary to add any filters here, +# unless you want to restrict the +# type of packets which can flow over +# the tunnel. + +iptables -A INPUT -i tun+ -j ACCEPT +iptables -A FORWARD -i tun+ -j ACCEPT +#iptables -A INPUT -i tap+ -j ACCEPT +#iptables -A FORWARD -i tap+ -j ACCEPT + +# Keep state of connections from local machine and private subnets +iptables -A OUTPUT -m state --state NEW -o $LANIF -j ACCEPT +iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT +iptables -A FORWARD -m state --state NEW -o $LANIF -j ACCEPT +iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT + +# Masquerade local subnet +iptables -t nat -A POSTROUTING -s $PRIVATE -o $LANIF -j MASQUERADE + +echo "1" > /proc/sys/net/ipv4/ip_forward diff --git a/overlay/etc/group b/overlay/etc/group new file mode 100644 index 0000000..1e10b78 --- /dev/null +++ b/overlay/etc/group @@ -0,0 +1,29 @@ +root:x:0: +daemon:x:1: +bin:x:2: +sys:x:3: +adm:x:4: +tty:x:5: +disk:x:6: +lp:x:7: +kmem:x:9: +wheel:x:10:root,matthias,pan +cdrom:x:11: +dialout:x:18: +floppy:x:19: +video:x:28: +audio:x:29: +tape:x:32: +www-data:x:33: +utmp:x:43: +plugdev:x:46: +staff:x:50: +lock:x:54: +haldaemon:x:68: +dbus:x:81: +netdev:x:82: +ftp:x:83 +nobody:x:99: +nogroup:x:99: +users:x:100: +default:x:1000: diff --git a/overlay/etc/init.d/S41firewall b/overlay/etc/init.d/S41firewall new file mode 100755 index 0000000..4c93bbe --- /dev/null +++ b/overlay/etc/init.d/S41firewall @@ -0,0 +1,3 @@ +#!/bin/sh + +/etc/firewall.sh diff --git a/overlay/etc/login.defs b/overlay/etc/login.defs new file mode 100644 index 0000000..e7536e2 --- /dev/null +++ b/overlay/etc/login.defs @@ -0,0 +1 @@ +ENCRYPT_METHOD SHA256 diff --git a/overlay/etc/network/interfaces b/overlay/etc/network/interfaces new file mode 100644 index 0000000..c0c82ba --- /dev/null +++ b/overlay/etc/network/interfaces @@ -0,0 +1,9 @@ +# Configure Loopback +auto lo +iface lo inet loopback + +auto eth0 +iface eth0 inet static + address 172.20.117.221 + netmask 255.255.255.240 + gateway 172.20.117.209 diff --git a/overlay/etc/openvpn/ca.crt b/overlay/etc/openvpn/ca.crt new file mode 100644 index 0000000..7aa2a39 --- /dev/null +++ b/overlay/etc/openvpn/ca.crt @@ -0,0 +1,29 @@ +-----BEGIN CERTIFICATE----- +MIIE9zCCA9+gAwIBAgIJAPiqn2VVDFaUMA0GCSqGSIb3DQEBCwUAMIGtMQswCQYD +VQQGEwJERTELMAkGA1UECBMCQlcxEjAQBgNVBAcTCUthcmxzcnVoZTENMAsGA1UE +ChMEbm9uZTEbMBkGA1UECxMSTWF0dGhpYXMgQmxhbmtlcnR6MRgwFgYDVQQDEw9w +YW5kYS5oYWRpa28uZGUxEDAOBgNVBCkTB0Vhc3lSU0ExJTAjBgkqhkiG9w0BCQEW +Fm1hdHRoaWFzQGJsYW5rZXJ0ei5vcmcwHhcNMTQwNDAzMTQ0NTM2WhcNMjQwMzMx +MTQ0NTM2WjCBrTELMAkGA1UEBhMCREUxCzAJBgNVBAgTAkJXMRIwEAYDVQQHEwlL +YXJsc3J1aGUxDTALBgNVBAoTBG5vbmUxGzAZBgNVBAsTEk1hdHRoaWFzIEJsYW5r +ZXJ0ejEYMBYGA1UEAxMPcGFuZGEuaGFkaWtvLmRlMRAwDgYDVQQpEwdFYXN5UlNB +MSUwIwYJKoZIhvcNAQkBFhZtYXR0aGlhc0BibGFua2VydHoub3JnMIIBIjANBgkq +hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyDC2BIf3FfEoLxrr9oxQ46cDO8DBRdqF +3ZUiVupBZ8+MJz871UJEUvVjJi7yuxGOfr1JIBYfgEgFzLNvhFsRrwQGp6hcGgJC +38JQOZAWopjz/cH4LRyNaPOu9Hd5KCspOSfZLj7y7VKzcO1TtLOYHlnmilM/VWL1 +38yZ3gwnFTRSaue2nHB8ex8Lm9uWYhzy8PTNcIVUaM7cFuX1LQmk3tyHsuN4ZFIV ++9D1+O3JKaepdzXC6af2we37wYIxl02R428bkf+QEqfcU3lqlmOBMKqHRMxnYtGE +bOZgVkUJJ07BreiYiypNbrBNsJjf+kWTT+ymzie8h3V6eBUdjSbmCwIDAQABo4IB +FjCCARIwHQYDVR0OBBYEFLHei9/kSHXfzWfdcUYXv1DHa063MIHiBgNVHSMEgdow +gdeAFLHei9/kSHXfzWfdcUYXv1DHa063oYGzpIGwMIGtMQswCQYDVQQGEwJERTEL +MAkGA1UECBMCQlcxEjAQBgNVBAcTCUthcmxzcnVoZTENMAsGA1UEChMEbm9uZTEb +MBkGA1UECxMSTWF0dGhpYXMgQmxhbmtlcnR6MRgwFgYDVQQDEw9wYW5kYS5oYWRp +a28uZGUxEDAOBgNVBCkTB0Vhc3lSU0ExJTAjBgkqhkiG9w0BCQEWFm1hdHRoaWFz +QGJsYW5rZXJ0ei5vcmeCCQD4qp9lVQxWlDAMBgNVHRMEBTADAQH/MA0GCSqGSIb3 +DQEBCwUAA4IBAQBEqr4PGh+LzAz1PmVKY5pOXX/nxysy8c+Lob6GvvTzBa1H3Tk+ +OHX3VTVMF4fY/UtVpypK1dHyMpA0AT9SPrZG68PxwKLemE6PqnVecX+slPrbyiY9 +Op4A65UN6UgkcBPTkcToAXjMMDGjQU/r1PswNCBZdb7ZQa/it31KF0nHDNWIG1Da +60LKQx96fTLI57+/VMLq5+Uo+RGXcBT1JbHgMSJhUfGePlNyGirlN9EiNJgCYTXo +SrobHLsHNByurTSlvMYBsOFudeVvI0ZbiGN5JJO5/WMMJk9MM/iqe6An2ipZHNsf +vYwg6bV2KTpv+4R4/wWb0ADtkZHnjrC0p9ZP +-----END CERTIFICATE----- diff --git a/overlay/etc/openvpn/dh2048.pem b/overlay/etc/openvpn/dh2048.pem new file mode 100644 index 0000000..58196d5 --- /dev/null +++ b/overlay/etc/openvpn/dh2048.pem @@ -0,0 +1,8 @@ +-----BEGIN DH PARAMETERS----- +MIIBCAKCAQEA/nVvOO+MHJlMpltHnmWsaQSXxlUwtUh2ncd2znELunsoPWbunDaC +tKI2+NG8PssKRUm0pOKQM8nJN7sn+zu6yj7xGKQ1bcdoNfUS/FU05MClGxMrV3vV +54PQQgKnpgaNEhlanNNCc2GaVZSEHOXi+X7J8b/WW7JjarwKgGZLqiScvgbvFIE6 +Yz8AIm4/hF4K6MjHuzJfL8JwfiqNchBRp8g0XUwDRR1AKa0WIivQ/1ZHbzLsxgRM +c1QlF0r6Syyj6pt6mRDv52SD3+fKFzrNohLGe/1DQnlkNw2xAvEbgVHv+Dt+IgJd +Z4UBzw4p/XpUPxouFWL5fjWMKyIKDPpMywIBAg== +-----END DH PARAMETERS----- diff --git a/overlay/etc/openvpn/panda.crt b/overlay/etc/openvpn/panda.crt new file mode 100644 index 0000000..07036cf --- /dev/null +++ b/overlay/etc/openvpn/panda.crt @@ -0,0 +1,98 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 1 (0x1) + Signature Algorithm: sha256WithRSAEncryption + Issuer: C=DE, ST=BW, L=Karlsruhe, O=none, OU=Matthias Blankertz, CN=panda.hadiko.de/name=EasyRSA/emailAddress=matthias@blankertz.org + Validity + Not Before: Apr 3 14:46:07 2014 GMT + Not After : Mar 31 14:46:07 2024 GMT + Subject: C=DE, ST=BW, L=Karlsruhe, O=none, OU=Matthias Blankertz, CN=panda/name=EasyRSA/emailAddress=matthias@blankertz.org + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:f1:62:95:6e:a9:b8:0c:b2:52:fc:95:6a:44:69: + 9a:37:28:13:35:42:ad:77:49:c9:c5:d4:e6:a3:b9: + 8f:4c:92:b1:0b:0b:1b:d1:be:66:44:15:06:d9:74: + 93:0f:9b:b8:c2:d5:46:98:45:73:25:de:6f:15:cc: + ea:cb:1a:d8:24:ae:2d:da:ed:a7:2a:fd:6d:e4:b4: + c6:f3:de:81:90:b3:f0:fd:38:40:e5:1a:8b:75:c9: + 12:26:8d:6c:b3:a3:d3:f1:b6:fa:03:cf:3a:d1:1a: + d6:c3:08:3f:1c:fe:a7:d1:9d:d7:43:19:4f:87:69: + 26:c1:14:fa:c1:26:58:55:85:13:25:57:4e:58:a6: + 9d:f0:91:ab:eb:6c:56:f9:77:92:26:b5:68:8e:ec: + 81:ae:94:ab:8b:b6:72:ce:fa:05:e3:4e:e4:b1:d4: + f3:fa:b4:fc:41:3d:4b:c3:11:d3:d7:94:08:6f:c9: + 22:c8:50:24:29:ac:32:3f:6d:5d:77:69:74:4c:a2: + 86:91:6c:f1:4b:09:74:33:5e:fe:c8:16:7d:86:37: + 2a:ef:74:e5:06:41:52:62:9e:09:d4:25:df:49:68: + a8:a9:b2:09:44:0f:ae:09:50:d4:59:a2:be:74:45: + ed:7f:89:af:b9:2b:35:f9:37:28:ea:7c:b8:5a:71: + eb:03 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Basic Constraints: + CA:FALSE + Netscape Cert Type: + SSL Server + Netscape Comment: + Easy-RSA Generated Server Certificate + X509v3 Subject Key Identifier: + 02:6C:87:DE:AF:88:D9:C9:78:C2:59:B1:1E:06:81:77:89:4A:B3:6D + X509v3 Authority Key Identifier: + keyid:B1:DE:8B:DF:E4:48:75:DF:CD:67:DD:71:46:17:BF:50:C7:6B:4E:B7 + DirName:/C=DE/ST=BW/L=Karlsruhe/O=none/OU=Matthias Blankertz/CN=panda.hadiko.de/name=EasyRSA/emailAddress=matthias@blankertz.org + serial:F8:AA:9F:65:55:0C:56:94 + + X509v3 Extended Key Usage: + TLS Web Server Authentication + X509v3 Key Usage: + Digital Signature, Key Encipherment + Signature Algorithm: sha256WithRSAEncryption + 3e:82:fe:8a:88:c2:12:67:73:a3:f4:27:30:9c:49:fd:f6:bf: + 38:a5:80:e3:06:dc:d1:54:ed:4b:b6:0f:1f:8c:a5:15:99:76: + 4e:f8:35:12:ee:09:03:bc:6a:cc:89:bf:e2:8a:b9:b8:7e:89: + 01:fc:ec:2b:33:90:c8:7c:53:6d:af:b8:bc:d8:90:13:36:dd: + 3a:7e:a0:89:07:7e:26:71:3f:42:c6:05:af:85:02:cd:fb:cb: + 45:6c:4c:4e:14:84:05:26:e9:5b:10:a4:67:7e:ef:4e:5c:94: + d2:63:9b:8b:3f:3e:6a:ae:ce:2e:ac:6d:59:79:1b:8a:48:44: + a6:56:d3:e4:a2:06:50:95:6e:34:53:3f:83:3c:ec:df:ab:7c: + 2b:2c:a2:a2:14:b3:67:82:bf:dd:a6:0d:12:0e:a7:0d:f5:9c: + 31:a4:5a:a7:b9:09:50:b2:cb:63:af:a1:8a:df:a3:c6:21:ca: + 85:e3:85:2d:33:12:a0:f1:3b:8b:65:4c:fd:54:b2:25:57:fa: + 22:bd:d8:f8:a2:9c:6d:cf:2b:4e:8a:fd:69:32:fe:5e:d6:2e: + d2:88:00:c8:60:6f:e0:18:0b:96:b1:2c:ba:15:66:e4:ff:ff: + 44:f9:f0:7c:f1:d7:ab:52:a0:22:d3:03:0d:81:79:d3:7b:43: + 5b:3f:c1:69 +-----BEGIN CERTIFICATE----- +MIIFTTCCBDWgAwIBAgIBATANBgkqhkiG9w0BAQsFADCBrTELMAkGA1UEBhMCREUx +CzAJBgNVBAgTAkJXMRIwEAYDVQQHEwlLYXJsc3J1aGUxDTALBgNVBAoTBG5vbmUx +GzAZBgNVBAsTEk1hdHRoaWFzIEJsYW5rZXJ0ejEYMBYGA1UEAxMPcGFuZGEuaGFk +aWtvLmRlMRAwDgYDVQQpEwdFYXN5UlNBMSUwIwYJKoZIhvcNAQkBFhZtYXR0aGlh +c0BibGFua2VydHoub3JnMB4XDTE0MDQwMzE0NDYwN1oXDTI0MDMzMTE0NDYwN1ow +gaMxCzAJBgNVBAYTAkRFMQswCQYDVQQIEwJCVzESMBAGA1UEBxMJS2FybHNydWhl +MQ0wCwYDVQQKEwRub25lMRswGQYDVQQLExJNYXR0aGlhcyBCbGFua2VydHoxDjAM +BgNVBAMTBXBhbmRhMRAwDgYDVQQpEwdFYXN5UlNBMSUwIwYJKoZIhvcNAQkBFhZt +YXR0aGlhc0BibGFua2VydHoub3JnMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB +CgKCAQEA8WKVbqm4DLJS/JVqRGmaNygTNUKtd0nJxdTmo7mPTJKxCwsb0b5mRBUG +2XSTD5u4wtVGmEVzJd5vFczqyxrYJK4t2u2nKv1t5LTG896BkLPw/ThA5RqLdckS +Jo1ss6PT8bb6A8860RrWwwg/HP6n0Z3XQxlPh2kmwRT6wSZYVYUTJVdOWKad8JGr +62xW+XeSJrVojuyBrpSri7ZyzvoF407ksdTz+rT8QT1LwxHT15QIb8kiyFAkKawy +P21dd2l0TKKGkWzxSwl0M17+yBZ9hjcq73TlBkFSYp4J1CXfSWioqbIJRA+uCVDU +WaK+dEXtf4mvuSs1+Tco6ny4WnHrAwIDAQABo4IBfjCCAXowCQYDVR0TBAIwADAR +BglghkgBhvhCAQEEBAMCBkAwNAYJYIZIAYb4QgENBCcWJUVhc3ktUlNBIEdlbmVy +YXRlZCBTZXJ2ZXIgQ2VydGlmaWNhdGUwHQYDVR0OBBYEFAJsh96viNnJeMJZsR4G +gXeJSrNtMIHiBgNVHSMEgdowgdeAFLHei9/kSHXfzWfdcUYXv1DHa063oYGzpIGw +MIGtMQswCQYDVQQGEwJERTELMAkGA1UECBMCQlcxEjAQBgNVBAcTCUthcmxzcnVo +ZTENMAsGA1UEChMEbm9uZTEbMBkGA1UECxMSTWF0dGhpYXMgQmxhbmtlcnR6MRgw +FgYDVQQDEw9wYW5kYS5oYWRpa28uZGUxEDAOBgNVBCkTB0Vhc3lSU0ExJTAjBgkq +hkiG9w0BCQEWFm1hdHRoaWFzQGJsYW5rZXJ0ei5vcmeCCQD4qp9lVQxWlDATBgNV +HSUEDDAKBggrBgEFBQcDATALBgNVHQ8EBAMCBaAwDQYJKoZIhvcNAQELBQADggEB +AD6C/oqIwhJnc6P0JzCcSf32vzilgOMG3NFU7Uu2Dx+MpRWZdk74NRLuCQO8asyJ +v+KKubh+iQH87CszkMh8U22vuLzYkBM23Tp+oIkHfiZxP0LGBa+FAs37y0VsTE4U +hAUm6VsQpGd+705clNJjm4s/Pmquzi6sbVl5G4pIRKZW0+SiBlCVbjRTP4M87N+r +fCssoqIUs2eCv92mDRIOpw31nDGkWqe5CVCyy2OvoYrfo8YhyoXjhS0zEqDxO4tl +TP1UsiVX+iK92PiinG3PK06K/Wky/l7WLtKIAMhgb+AYC5axLLoVZuT//0T58Hzx +16tSoCLTAw2BedN7Q1s/wWk= +-----END CERTIFICATE----- diff --git a/overlay/etc/openvpn/panda.key b/overlay/etc/openvpn/panda.key new file mode 100644 index 0000000..2eede59 --- /dev/null +++ b/overlay/etc/openvpn/panda.key @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQDxYpVuqbgMslL8 +lWpEaZo3KBM1Qq13ScnF1OajuY9MkrELCxvRvmZEFQbZdJMPm7jC1UaYRXMl3m8V +zOrLGtgkri3a7acq/W3ktMbz3oGQs/D9OEDlGot1yRImjWyzo9PxtvoDzzrRGtbD +CD8c/qfRnddDGU+HaSbBFPrBJlhVhRMlV05Ypp3wkavrbFb5d5ImtWiO7IGulKuL +tnLO+gXjTuSx1PP6tPxBPUvDEdPXlAhvySLIUCQprDI/bV13aXRMooaRbPFLCXQz +Xv7IFn2GNyrvdOUGQVJingnUJd9JaKipsglED64JUNRZor50Re1/ia+5KzX5Nyjq +fLhacesDAgMBAAECggEAc5MjP2gtwo6DY4La7cSuXShoAgFZ8xq2bG2ivNO1BBHc +iRAZktSaPJDgxa+mVjvWPBtIANKH7qLRB1wlM3g382Aefot5lgDf5DiWZd+so680 +fNm5YLjT+2J5uVHPsTeI3Fwi2z4WyFYUbC9/oI9hpODxV6Q/yvMS5jH4WhDVDKSL +zWZ8nfvfLK6yArc99pmEyWwDM0Np2JCQ3Iz6XZibNimoiDBma0Ss7hcMSShKNEKR +7YS6cFbpPMlhHN3mWQ+6R/TrdTYylwFFUFn7KjlbAkO+tRmXyKHPUIEinmahyBl9 +aP/YPg67zhOCCPoHDcHnlB91Yxw2xNukvYVZkMywQQKBgQD9enYpoCF0msvDlk5L +m7S73AwHelHEAtusfyoaM/mNRW0F6q8bBoISGyHn2JHhG2C2EfDJ9YLCR4D4jquj +t62f3fA63MZbf8wFFjRZs1JteVpZajBXJYPk8uIBhVTlFFocHClORSmLYtMia/k5 +qakdBxSrcZ3VVMGio7blSxcy4wKBgQDzyVLvgiQVlEiAFQPupnbQjox2B1/zfc3i +4rKFA8NZv114pz2/FBKbJ1r7OgwB311cLBLwvTAiVzxZuebxLUqMeG1+Qv/8U3gC +GOv+LS3ymg+H4oPUw4MSSgPRB+byPR+J5b1j9JIbEqSw3zrHA6n+1YTOnAKtyXQm +J1zLIxRBYQKBgQCuq3nLm14ShS0O3X+cmHKF1c+wQ3ke0j1gc8yme9RmpkXHgv4h +aG2vXmUR5+o2rfAJ5vj/op/1kuJr5ZyfV85cUMrfNQ23Nax4gOGYQnr1l19MKGGh +W+e0mC5nj+J9bXXe0wUfu4cyVupZWQBH3QL9TsjOj5+MxzgcBCbfgMw+swKBgQCx +hXniNMdn+1msAyGg6BD/H76CuC4T1hlVzTSoDax0Lxi2ojohaVF/L/JdnNBfkLKg +Suvj6DAj4Zht0iSsnQl7Lrq0xb84k+OAy3sV1PpvfeYvUjAjf9dzOvh6f6GZ5g6Q +UP5PyimWk0XgEj3v6+gfTIZwGUUOHfN5URKOTdYTIQKBgQDc6ZqseI1MZBCRMiHS +zB6yjO+CwO4wp8UBU+jfvxEJdf9FhqsjoM94pQXR/wBvisl5o/CpUhRI+5XufBaA +GmEOaKHDHdugbLgBkh0B+cKFHoAtgGMJb6GyI2rht0cty41L+SXARxomfmlzSiJx +wZOOnJA7kn2JqUwsz5NBJcJA3g== +-----END PRIVATE KEY----- diff --git a/overlay/etc/openvpn/vpn.conf b/overlay/etc/openvpn/vpn.conf new file mode 100644 index 0000000..876fa47 --- /dev/null +++ b/overlay/etc/openvpn/vpn.conf @@ -0,0 +1,299 @@ +################################################# +# Sample OpenVPN 2.0 config file for # +# multi-client server. # +# # +# This file is for the server side # +# of a many-clients <-> one-server # +# OpenVPN configuration. # +# # +# OpenVPN also supports # +# single-machine <-> single-machine # +# configurations (See the Examples page # +# on the web site for more info). # +# # +# This config should work on Windows # +# or Linux/BSD systems. Remember on # +# Windows to quote pathnames and use # +# double backslashes, e.g.: # +# "C:\\Program Files\\OpenVPN\\config\\foo.key" # +# # +# Comments are preceded with '#' or ';' # +################################################# + +# Which local IP address should OpenVPN +# listen on? (optional) +;local a.b.c.d + +# Which TCP/UDP port should OpenVPN listen on? +# If you want to run multiple OpenVPN instances +# on the same machine, use a different port +# number for each one. You will need to +# open up this port on your firewall. +port 1194 + +# TCP or UDP server? +proto tcp +;proto udp + +# "dev tun" will create a routed IP tunnel, +# "dev tap" will create an ethernet tunnel. +# Use "dev tap0" if you are ethernet bridging +# and have precreated a tap0 virtual interface +# and bridged it with your ethernet interface. +# If you want to control access policies +# over the VPN, you must create firewall +# rules for the the TUN/TAP interface. +# On non-Windows systems, you can give +# an explicit unit number, such as tun0. +# On Windows, use "dev-node" for this. +# On most systems, the VPN will not function +# unless you partially or fully disable +# the firewall for the TUN/TAP interface. +;dev tap +dev tun0 + +# Windows needs the TAP-Win32 adapter name +# from the Network Connections panel if you +# have more than one. On XP SP2 or higher, +# you may need to selectively disable the +# Windows firewall for the TAP adapter. +# Non-Windows systems usually don't need this. +;dev-node MyTap + +# SSL/TLS root certificate (ca), certificate +# (cert), and private key (key). Each client +# and the server must have their own cert and +# key file. The server and all clients will +# use the same ca file. +# +# See the "easy-rsa" directory for a series +# of scripts for generating RSA certificates +# and private keys. Remember to use +# a unique Common Name for the server +# and each of the client certificates. +# +# Any X509 key management system can be used. +# OpenVPN can also use a PKCS #12 formatted key file +# (see "pkcs12" directive in man page). +ca ca.crt +cert panda.crt +key panda.key # This file should be kept secret + +# Diffie hellman parameters. +# Generate your own with: +# openssl dhparam -out dh1024.pem 1024 +# Substitute 2048 for 1024 if you are using +# 2048 bit keys. +dh dh2048.pem + +# Configure server mode and supply a VPN subnet +# for OpenVPN to draw client addresses from. +# The server will take 10.8.0.1 for itself, +# the rest will be made available to clients. +# Each client will be able to reach the server +# on 10.8.0.1. Comment this line out if you are +# ethernet bridging. See the man page for more info. +server 10.42.23.0 255.255.255.0 + +# Maintain a record of client <-> virtual IP address +# associations in this file. If OpenVPN goes down or +# is restarted, reconnecting clients can be assigned +# the same virtual IP address from the pool that was +# previously assigned. +ifconfig-pool-persist ipp.txt + +# Configure server mode for ethernet bridging. +# You must first use your OS's bridging capability +# to bridge the TAP interface with the ethernet +# NIC interface. Then you must manually set the +# IP/netmask on the bridge interface, here we +# assume 10.8.0.4/255.255.255.0. Finally we +# must set aside an IP range in this subnet +# (start=10.8.0.50 end=10.8.0.100) to allocate +# to connecting clients. Leave this line commented +# out unless you are ethernet bridging. +;server-bridge 10.8.0.4 255.255.255.0 10.8.0.50 10.8.0.100 + +# Configure server mode for ethernet bridging +# using a DHCP-proxy, where clients talk +# to the OpenVPN server-side DHCP server +# to receive their IP address allocation +# and DNS server addresses. You must first use +# your OS's bridging capability to bridge the TAP +# interface with the ethernet NIC interface. +# Note: this mode only works on clients (such as +# Windows), where the client-side TAP adapter is +# bound to a DHCP client. +;server-bridge + +# Push routes to the client to allow it +# to reach other private subnets behind +# the server. Remember that these +# private subnets will also need +# to know to route the OpenVPN client +# address pool (10.8.0.0/255.255.255.0) +# back to the OpenVPN server. +push "route 172.20.0.0 255.255.0.0" +;push "route 192.168.20.0 255.255.255.0" + +# To assign specific IP addresses to specific +# clients or if a connecting client has a private +# subnet behind it that should also have VPN access, +# use the subdirectory "ccd" for client-specific +# configuration files (see man page for more info). + +# EXAMPLE: Suppose the client +# having the certificate common name "Thelonious" +# also has a small subnet behind his connecting +# machine, such as 192.168.40.128/255.255.255.248. +# First, uncomment out these lines: +;client-config-dir ccd +;route 192.168.40.128 255.255.255.248 +# Then create a file ccd/Thelonious with this line: +# iroute 192.168.40.128 255.255.255.248 +# This will allow Thelonious' private subnet to +# access the VPN. This example will only work +# if you are routing, not bridging, i.e. you are +# using "dev tun" and "server" directives. + +# EXAMPLE: Suppose you want to give +# Thelonious a fixed VPN IP address of 10.9.0.1. +# First uncomment out these lines: +;client-config-dir ccd +;route 10.9.0.0 255.255.255.252 +# Then add this line to ccd/Thelonious: +# ifconfig-push 10.9.0.1 10.9.0.2 + +# Suppose that you want to enable different +# firewall access policies for different groups +# of clients. There are two methods: +# (1) Run multiple OpenVPN daemons, one for each +# group, and firewall the TUN/TAP interface +# for each group/daemon appropriately. +# (2) (Advanced) Create a script to dynamically +# modify the firewall in response to access +# from different clients. See man +# page for more info on learn-address script. +;learn-address ./script + +# If enabled, this directive will configure +# all clients to redirect their default +# network gateway through the VPN, causing +# all IP traffic such as web browsing and +# and DNS lookups to go through the VPN +# (The OpenVPN server machine may need to NAT +# or bridge the TUN/TAP interface to the internet +# in order for this to work properly). +;push "redirect-gateway def1 bypass-dhcp" + +# Certain Windows-specific network settings +# can be pushed to clients, such as DNS +# or WINS server addresses. CAVEAT: +# http://openvpn.net/faq.html#dhcpcaveats +# The addresses below refer to the public +# DNS servers provided by opendns.com. +;push "dhcp-option DNS 208.67.222.222" +;push "dhcp-option DNS 208.67.220.220" + +# Uncomment this directive to allow different +# clients to be able to "see" each other. +# By default, clients will only see the server. +# To force clients to only see the server, you +# will also need to appropriately firewall the +# server's TUN/TAP interface. +;client-to-client + +# Uncomment this directive if multiple clients +# might connect with the same certificate/key +# files or common names. This is recommended +# only for testing purposes. For production use, +# each client should have its own certificate/key +# pair. +# +# IF YOU HAVE NOT GENERATED INDIVIDUAL +# CERTIFICATE/KEY PAIRS FOR EACH CLIENT, +# EACH HAVING ITS OWN UNIQUE "COMMON NAME", +# UNCOMMENT THIS LINE OUT. +;duplicate-cn + +# The keepalive directive causes ping-like +# messages to be sent back and forth over +# the link so that each side knows when +# the other side has gone down. +# Ping every 10 seconds, assume that remote +# peer is down if no ping received during +# a 120 second time period. +keepalive 10 120 + +# For extra security beyond that provided +# by SSL/TLS, create an "HMAC firewall" +# to help block DoS attacks and UDP port flooding. +# +# Generate with: +# openvpn --genkey --secret ta.key +# +# The server and each client must have +# a copy of this key. +# The second parameter should be '0' +# on the server and '1' on the clients. +;tls-auth ta.key 0 # This file is secret + +# Select a cryptographic cipher. +# This config item must be copied to +# the client config file as well. +;cipher BF-CBC # Blowfish (default) +;cipher AES-128-CBC # AES +;cipher DES-EDE3-CBC # Triple-DES + +# Enable compression on the VPN link. +# If you enable it here, you must also +# enable it in the client config file. +comp-lzo + +# The maximum number of concurrently connected +# clients we want to allow. +;max-clients 100 + +# It's a good idea to reduce the OpenVPN +# daemon's privileges after initialization. +# +# You can uncomment this out on +# non-Windows systems. +user nobody +group nobody + +# The persist options will try to avoid +# accessing certain resources on restart +# that may no longer be accessible because +# of the privilege downgrade. +persist-key +persist-tun + +# Output a short status file showing +# current connections, truncated +# and rewritten every minute. +status openvpn-status.log + +# By default, log messages will go to the syslog (or +# on Windows, if running as a service, they will go to +# the "\Program Files\OpenVPN\log" directory). +# Use log or log-append to override this default. +# "log" will truncate the log file on OpenVPN startup, +# while "log-append" will append to it. Use one +# or the other (but not both). +;log openvpn.log +;log-append openvpn.log + +# Set the appropriate level of log +# file verbosity. +# +# 0 is silent, except for fatal errors +# 4 is reasonable for general usage +# 5 and 6 can help to debug connection problems +# 9 is extremely verbose +verb 3 + +# Silence repeating messages. At most 20 +# sequential messages of the same message +# category will be output to the log. +;mute 20 diff --git a/overlay/etc/passwd b/overlay/etc/passwd new file mode 100644 index 0000000..4449afa --- /dev/null +++ b/overlay/etc/passwd @@ -0,0 +1,18 @@ +root:x:0:0:root:/root:/bin/bash +daemon:x:1:1:daemon:/usr/sbin:/bin/sh +bin:x:2:2:bin:/bin:/bin/sh +sys:x:3:3:sys:/dev:/bin/sh +sync:x:4:100:sync:/bin:/bin/sync +mail:x:8:8:mail:/var/spool/mail:/bin/sh +proxy:x:13:13:proxy:/bin:/bin/sh +www-data:x:33:33:www-data:/var/www:/bin/sh +backup:x:34:34:backup:/var/backups:/bin/sh +operator:x:37:37:Operator:/var:/bin/sh +haldaemon:x:68:68:hald:/:/bin/sh +dbus:x:81:81:dbus:/var/run/dbus:/bin/sh +ftp:x:83:83:ftp:/home/ftp:/bin/sh +nobody:x:99:99:nobody:/home:/bin/sh +sshd:x:103:99:Operator:/var:/bin/sh +default:x:1000:1000:Default non-root user:/home/default:/bin/sh +matthias:x:1001:100:Matthias Blankertz:/home/matthias:/bin/bash +pan:x:1002:100:Jan Olbrich:/home/pan:/bin/bash diff --git a/overlay/etc/shadow b/overlay/etc/shadow new file mode 100644 index 0000000..92f9281 --- /dev/null +++ b/overlay/etc/shadow @@ -0,0 +1,15 @@ +root:$5$gUuEjn0WlWhOpa$KepWf0fQ4h5numS.fgEe00dkjSbeLdEcuhN61jZIh92:10933:0:99999:7::: +bin:*:10933:0:99999:7::: +daemon:*:10933:0:99999:7::: +adm:*:10933:0:99999:7::: +lp:*:10933:0:99999:7::: +sync:*:10933:0:99999:7::: +shutdown:*:10933:0:99999:7::: +halt:*:10933:0:99999:7::: +uucp:*:10933:0:99999:7::: +operator:*:10933:0:99999:7::: +ftp:*:10933:0:99999:7::: +nobody:*:10933:0:99999:7::: +default::10933:0:99999:7::: +matthias:$5$F.fOPdBKgS$IlltP/mudUssGW1nzJdYeCYgoWNxJnBtclJdKD3viZ3:10933:0:99999:7::: +pan:$5$mMC5xGOJ9yamml35$sy6cF3oyJ7aXyBDbpIfHuimhoz3gTsj7h2xmMpU.Hj0:10933:0:99999:7::: diff --git a/overlay/etc/ssh_host_dsa_key b/overlay/etc/ssh_host_dsa_key new file mode 100644 index 0000000..ca8c220 --- /dev/null +++ b/overlay/etc/ssh_host_dsa_key @@ -0,0 +1,12 @@ +-----BEGIN DSA PRIVATE KEY----- +MIIBugIBAAKBgQCKzn298l8C3TCanK2wXVsAbDBTtOBWqArzXMNiIU7E5+VYQwFQ +pj7phnukT1dDwe8Bvafoe+q25AROqPoxZ7TxTlRT0PzOMsDyvlCA4iqQvDTjN97N +LbGphtN4n1oeFBWIBBa9smAKI8YsCD2CBeItWYAGeXYG8Sx9XpQju9zVTQIVANzA +z8Y2IRHfLJSnwo3jq1vbeU25AoGAZGoiZH6l5Ks9pZIGQ0gMqZyYMwMgDKCEaIme +GOHAJL9DYVVxqH4CynwjBeIT5Fl8dTXCTOgU8MljbwDYCHwgAYHmKDp1+J9GwqiW +XaXlKXhrqlQfJSORb1mbxmY4wRY542kRYAbt/v4BiZuI/61sLKD+YGG18Hd/qPID +fPwIsKECgYAieOgS1TX9ZgGRsrDa8za8jCwXq9SpBLbKGAwYOs01wy6KMD+v9456 +AuEtdOzDzUqxwbF4bknIH3O394CBnFDop1oG9eyyYx6q4hk5XeUEnbd8tAyaFLDI +ck4D2zRjfaD+GbPJv/bvhIIBdW5vkGmHZJjW9jmfnMvIhGnsPzioxgIUTSA9/nd0 +I4r5A3j8Vzr2n2ryRqw= +-----END DSA PRIVATE KEY----- diff --git a/overlay/etc/ssh_host_dsa_key.pub b/overlay/etc/ssh_host_dsa_key.pub new file mode 100644 index 0000000..d380010 --- /dev/null +++ b/overlay/etc/ssh_host_dsa_key.pub @@ -0,0 +1 @@ +ssh-dss AAAAB3NzaC1kc3MAAACBAIrOfb3yXwLdMJqcrbBdWwBsMFO04FaoCvNcw2IhTsTn5VhDAVCmPumGe6RPV0PB7wG9p+h76rbkBE6o+jFntPFOVFPQ/M4ywPK+UIDiKpC8NOM33s0tsamG03ifWh4UFYgEFr2yYAojxiwIPYIF4i1ZgAZ5dgbxLH1elCO73NVNAAAAFQDcwM/GNiER3yyUp8KN46tb23lNuQAAAIBkaiJkfqXkqz2lkgZDSAypnJgzAyAMoIRoiZ4Y4cAkv0NhVXGofgLKfCMF4hPkWXx1NcJM6BTwyWNvANgIfCABgeYoOnX4n0bCqJZdpeUpeGuqVB8lI5FvWZvGZjjBFjnjaRFgBu3+/gGJm4j/rWwsoP5gYbXwd3+o8gN8/AiwoQAAAIAieOgS1TX9ZgGRsrDa8za8jCwXq9SpBLbKGAwYOs01wy6KMD+v9456AuEtdOzDzUqxwbF4bknIH3O394CBnFDop1oG9eyyYx6q4hk5XeUEnbd8tAyaFLDIck4D2zRjfaD+GbPJv/bvhIIBdW5vkGmHZJjW9jmfnMvIhGnsPzioxg== matthias@pc diff --git a/overlay/etc/ssh_host_ecdsa_key b/overlay/etc/ssh_host_ecdsa_key new file mode 100644 index 0000000..1896a7e --- /dev/null +++ b/overlay/etc/ssh_host_ecdsa_key @@ -0,0 +1,5 @@ +-----BEGIN EC PRIVATE KEY----- +MHcCAQEEINYYNMLKTfrYyF1ZbYtwQuOBtPU53kcd1VOnXnSgrA1OoAoGCCqGSM49 +AwEHoUQDQgAEJI90n+jfS66AYoiHY0CC/+TgwqLoD1h1VS+HPYy8XuyXKBALfaW0 +LZAZ8m6qkKJbLmg6PX6PQSvZJbtFcJGe5A== +-----END EC PRIVATE KEY----- diff --git a/overlay/etc/ssh_host_ecdsa_key.pub b/overlay/etc/ssh_host_ecdsa_key.pub new file mode 100644 index 0000000..300a365 --- /dev/null +++ b/overlay/etc/ssh_host_ecdsa_key.pub @@ -0,0 +1 @@ +ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBCSPdJ/o30uugGKIh2NAgv/k4MKi6A9YdVUvhz2MvF7slygQC32ltC2QGfJuqpCiWy5oOj1+j0Er2SW7RXCRnuQ= matthias@pc diff --git a/overlay/etc/ssh_host_ed25519_key b/overlay/etc/ssh_host_ed25519_key new file mode 100644 index 0000000..1ccd7f3 --- /dev/null +++ b/overlay/etc/ssh_host_ed25519_key @@ -0,0 +1,7 @@ +-----BEGIN OPENSSH PRIVATE KEY----- +b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW +QyNTUxOQAAACCGfJWFyzWrWbWGiolHhYi6IcQ+zvfBFOKCZJ7VBDeuLQAAAJBNR6UITUel +CAAAAAtzc2gtZWQyNTUxOQAAACCGfJWFyzWrWbWGiolHhYi6IcQ+zvfBFOKCZJ7VBDeuLQ +AAAEDNDMIrJLjlEyhxsNGkm981drkI4vy8oTpaqSmmJ20AmoZ8lYXLNatZtYaKiUeFiLoh +xD7O98EU4oJkntUEN64tAAAAC21hdHRoaWFzQHBjAQI= +-----END OPENSSH PRIVATE KEY----- diff --git a/overlay/etc/ssh_host_ed25519_key.pub b/overlay/etc/ssh_host_ed25519_key.pub new file mode 100644 index 0000000..21ffc68 --- /dev/null +++ b/overlay/etc/ssh_host_ed25519_key.pub @@ -0,0 +1 @@ +ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIZ8lYXLNatZtYaKiUeFiLohxD7O98EU4oJkntUEN64t matthias@pc diff --git a/overlay/etc/ssh_host_key b/overlay/etc/ssh_host_key new file mode 100644 index 0000000000000000000000000000000000000000..d050886fc430111ce722b060d1b567e4bab5b537 GIT binary patch literal 976 zcmV;>126njQ%E3CQb|@pR7D_5MOh$5NlZl`Mo&^rK~x|yE-?xK000000000800;oQ zZ`jO(fJCIn4K%0+{uM#4Za#ySWE!^pQ)cK(PUuUOdX&-d;>`omJ$vMX7&3Ek--#r+sYrTLzc8bynz8jcLt84?kgF!!3b zo4m{5x2af&7itaRIm3(zkp!c^Ncdz-&z&67ZCes4-iE$B_#f?rYZ6E`o!CbJ5di=J z0000BZDDkDXlY?{KyYI(T`ye+|4Sn>%Zt3IfEDxhP6>?@c7qMc7eN_VBKIb5#@N(tL=D!9Fe^>-%H4Rd<(2q>CbnQ-4Kt6dmT$9h0Gd_m zp3<4Ax)d|jJH0fx$Kf4Cy+PP zSYM~Z=eUUetO7f>CPCUo><-mcJRPN1LUp{=(UC;6+EuaMXk~AkT3$s`gT#Bo3m&MV^@2QYFo`-%ltLd7ft41UE1ckOv^bA zLeBocbp@DJ`OPV$jhsQ|&ca9wB$2GfG&Pv`xtK^Hluu>=6+D$xNkMnc11eO;^E_>&`#b;}S