diff --git a/.etckeeper b/.etckeeper index 697f4a45..177126cc 100755 --- a/.etckeeper +++ b/.etckeeper @@ -1537,6 +1537,7 @@ maybe chmod 0644 'pam.d/runuser-l' maybe chmod 0644 'pam.d/samba' maybe chmod 0644 'pam.d/sshd' maybe chmod 0644 'pam.d/su' +maybe chmod 0644 'pam.d/su-l' maybe chmod 0644 'pam.d/sudo' maybe chmod 0644 'pam.d/systemd-user' maybe chmod 0644 'passwd' diff --git a/group b/group index 89e3353b..01803057 100644 --- a/group +++ b/group @@ -60,3 +60,4 @@ vnstat:x:116: nobody:x:996: systemd-coredump:x:995: ovalwonder:x:1002:jgdye +kvm:x:106: diff --git a/group- b/group- index 6962dba1..89e3353b 100644 --- a/group- +++ b/group- @@ -59,4 +59,4 @@ duck:x:115: vnstat:x:116: nobody:x:996: systemd-coredump:x:995: -ovalwonder:x:1002: +ovalwonder:x:1002:jgdye diff --git a/gshadow b/gshadow index 11459bf5..594d9bb7 100644 --- a/gshadow +++ b/gshadow @@ -60,3 +60,4 @@ vnstat:!:: nobody:!!:: systemd-coredump:!!:: ovalwonder:!::jgdye +kvm:!:: diff --git a/gshadow- b/gshadow- index cd2b6657..11459bf5 100644 --- a/gshadow- +++ b/gshadow- @@ -59,4 +59,4 @@ duck:!:: vnstat:!:: nobody:!!:: systemd-coredump:!!:: -ovalwonder:!:: +ovalwonder:!::jgdye diff --git a/initramfs-tools/initramfs.conf b/initramfs-tools/initramfs.conf index f0f50714..dd76996c 100644 --- a/initramfs-tools/initramfs.conf +++ b/initramfs-tools/initramfs.conf @@ -38,7 +38,7 @@ BUSYBOX=auto KEYMAP=n # -# COMPRESS: [ gzip | bzip2 | lzma | lzop | xz ] +# COMPRESS: [ gzip | bzip2 | lz4 | lzma | lzop | xz ] # COMPRESS=gzip @@ -51,7 +51,7 @@ COMPRESS=gzip # DEVICE: ... # # Specify a specific network interface, like eth0 -# Overridden by optional ip= bootarg +# Overridden by optional ip= or BOOTIF= bootarg # DEVICE= @@ -62,3 +62,11 @@ DEVICE= NFSROOT=auto +# +# RUNSIZE: ... +# +# The size of the /run tmpfs mount point, like 256M or 10% +# Overridden by optional initramfs.runsize= bootarg +# + +RUNSIZE=10% diff --git a/pam.d/su-l b/pam.d/su-l new file mode 100644 index 00000000..656a139a --- /dev/null +++ b/pam.d/su-l @@ -0,0 +1,6 @@ +#%PAM-1.0 +auth include su +account include su +password include su +session optional pam_keyinit.so force revoke +session include su diff --git a/systemd/journald.conf b/systemd/journald.conf index 12d79b33..a397799d 100644 --- a/systemd/journald.conf +++ b/systemd/journald.conf @@ -18,7 +18,7 @@ #SplitMode=uid #SyncIntervalSec=5m #RateLimitIntervalSec=30s -#RateLimitBurst=1000 +#RateLimitBurst=10000 #SystemMaxUse= #SystemKeepFree= #SystemMaxFileSize= diff --git a/systemd/logind.conf b/systemd/logind.conf index d3fcf8f3..d380a616 100644 --- a/systemd/logind.conf +++ b/systemd/logind.conf @@ -35,4 +35,3 @@ #RemoveIPC=yes #InhibitorsMax=8192 #SessionsMax=8192 -#UserTasksMax=33% diff --git a/systemd/resolved.conf b/systemd/resolved.conf index cd2c4895..56fe1376 100644 --- a/systemd/resolved.conf +++ b/systemd/resolved.conf @@ -18,5 +18,6 @@ #LLMNR=yes #MulticastDNS=yes #DNSSEC=allow-downgrade +#DNSOverTLS=no #Cache=yes #DNSStubListener=udp diff --git a/systemd/system.conf b/systemd/system.conf index fd0c6277..e5cb5c28 100644 --- a/systemd/system.conf +++ b/systemd/system.conf @@ -27,6 +27,7 @@ #RuntimeWatchdogSec=0 #ShutdownWatchdogSec=10min #CapabilityBoundingSet= +#NoNewPrivileges=no #SystemCallArchitectures= #TimerSlackNSec= #DefaultTimerAccuracySec=1min