Pacnew: Keep your config files up to date - January `19

#1

Originally published at: https://pwoss.xyz/pacnew-keep-your-config-files-up-to-date-january-19/

Hey

Four files need to be changed:

UFW & PHP – Pacnew
warning: /etc/default/ufw installed as /etc/default/ufw.pacnew
warning: /etc/ufw/before.rules installed as /etc/ufw/before.rules.pacnew
warning: /etc/ufw/sysctl.conf installed as /etc/ufw/sysctl.conf.pacnew
warning: /etc/php/php.ini installed as /etc/php/php.ini.pacnew

 

The easiest way is to install etc-update from the AUR repo
yay -S etc-update
sudo etc-update

and follow the instructions.

 

 

Manual:

 

/etc/default/ufw

sudo nano /etc/default/ufw

add the + line

# Set the default application policy to ACCEPT, DROP, REJECT or SKIP. Please
# note that setting this to ACCEPT may be a security risk. See 'man ufw' for
@@ -41,5 +41,6 @@
# nf_conntrack_pptp, nf_nat_pptp: PPTP over stateful firewall/NAT
# nf_conntrack_ftp, nf_nat_ftp: active FTP support
# nf_conntrack_tftp, nf_nat_tftp: TFTP support (server side)
+# nf_conntrack_sane: sane support
IPT_MODULES="nf_conntrack_ftp nf_nat_ftp nf_conntrack_netbios_ns"

 

/etc/ufw/before.rules

sudo nano /etc/ufw/before.rules

delete lines

-A ufw-before-input -p icmp --icmp-type source-quench -j ACCEPT
-A ufw-before-forward -p icmp --icmp-type source-quench -j ACCEPT

Bug Description:
https://bugs.launchpad.net/ufw/+bug/1558068

 

/etc/ufw/sysctl.conf

sudo nano /etc/ufw/sysctl.conf

add the + lines and delete the – lines

-# Change to '1' to enable TCP/IP SYN cookies This disables TCP Window Scaling
-# (http://lkml.org/lkml/2008/2/5/167)
-net/ipv4/tcp_syncookies=0
+# Change to '0' to disable TCP/IP SYN cookies. A value of '1' disables TCP
+# Window Scaling (http://lkml.org/lkml/2008/2/5/167).
+#net/ipv4/tcp_syncookies=1

 

/etc/php/php.ini

sudo nano /etc/php/php.ini

add the + lines

@@ -989,6 +989,13 @@
; otherwise output encoding conversion cannot be performed.
;iconv.output_encoding =
+
+[imap]
+; rsh/ssh logins are disabled by default. Use this INI entry if you want to
+; enable them. Note that the IMAP library does not filter mailbox names before
+; passing them to rsh/ssh command, thus passing untrusted data to this function
+; with rsh/ssh enabled is insecure.
+;imap.enable_insecure_rsh=0
+
[intl]
;intl.default_locale =
; This directive allows you to produce PHP errors when some error

 

That’s it.

 

Thanks,

Dan