Update .local/share/chezmoi/software.yml, .local/share/chezmoi/home/.chezmoiscripts/windows/run_onchange_after_14-cleanup-windows, .local/share/chezmoi/system/etc/cups/cupsd.conf, .local/share/chezmoi/system/etc/cups/modify_cupsd.conf

This commit is contained in:
Brian Zalewski 2022-12-06 14:04:35 +00:00
parent e7ffd27048
commit 19ea2964b8
4 changed files with 251 additions and 0 deletions

View file

@ -1,3 +1,4 @@
Remove-Item -Recurse -Force C:\Malwarebytes
Remove-Item -Recurse -Force C:\PerfLogs Remove-Item -Recurse -Force C:\PerfLogs
Remove-Item -Recurse -Force C:\$WinREAgent Remove-Item -Recurse -Force C:\$WinREAgent
Remove-Item C:\Users\*\Desktop\*lnk -Force Remove-Item C:\Users\*\Desktop\*lnk -Force

View file

@ -901,6 +901,26 @@ softwarePackages:
_type: cli _type: cli
brew: clair brew: clair
github: github.com/quay/clair github: github.com/quay/clair
clamav:
_bin: null
_desc: null
_docs: null
_github: null
_home: null
_name: ClamAV
_post: freshclam
_service: true
_systemd: clamav-freshclam
_systemd:dnf: clamd-freshclam
_type: cli
apt:
- clamav
- clamdscan
brew: clamav
dnf:
- clamav
- clamav-update
pacman: clamav
clocker: clocker:
_when: '! test -d /Applications/Clocker.app' _when: '! test -d /Applications/Clocker.app'
_bin: null _bin: null
@ -1144,7 +1164,16 @@ softwarePackages:
_home: null _home: null
_name: CUPS _name: CUPS
_service: null _service: null
_systemd: smbd
ansible: professormanhattan.cups ansible: professormanhattan.cups
apt:
- avahi-daemon
- cups
brew: cups
dnf: cups
pacman:
- avahi-daemon
- cups
curator: curator:
_bin: null _bin: null
_desc: Elasticsearch Curator helps you curate, or manage, your Elasticsearch indices and snapshots _desc: Elasticsearch Curator helps you curate, or manage, your Elasticsearch indices and snapshots
@ -3680,6 +3709,16 @@ softwarePackages:
_name: mackup _name: mackup
_service: null _service: null
ansible: professormanhattan.mackup ansible: professormanhattan.mackup
malwarebytes:
_bin: null
_desc: null
_docs: null
_github: null
_home: null
_name: Malwarebytes
_service: true
cask: malwarebytes
choco: malwarebytes
mailspring: mailspring:
_bin: null _bin: null
_desc: '[Mailspring](https://getmailspring.com/) comes packed with powerful features like Unified Inbox, Snooze, Send Later, Mail Rules, Templates and more. Mailspring Pro, which you can unlock with a monthly subscription, adds even more features for people who send a ton of email: link tracking, read receipts, mailbox analytics, contact and company profiles. All of these features run in the client - Mailspring does not send your email credentials to the cloud.' _desc: '[Mailspring](https://getmailspring.com/) comes packed with powerful features like Unified Inbox, Snooze, Send Later, Mail Rules, Templates and more. Mailspring Pro, which you can unlock with a monthly subscription, adds even more features for people who send a ton of email: link tracking, read receipts, mailbox analytics, contact and company profiles. All of these features run in the client - Mailspring does not send your email credentials to the cloud.'
@ -5136,6 +5175,24 @@ softwarePackages:
choco: ripgrep-all choco: ripgrep-all
nix: ripgrep-all nix: ripgrep-all
pacman: ripgrep-all pacman: ripgrep-all
rkhunter:
_bin: rkhunter
_desc: null
_docs: null
_github: null
_home: null
_name: rkhunter
_post: rkhunter --propupd && rkhunter --update
_service: true
_systemd:pacman: cronie
_type: cli
apt: rkhunter
brew: rkhunter
dnf: rkhunter
pacman:
- cronie
- rkhunter
- s-nail
rm-improved: rm-improved:
_bin: rip _bin: rip
_desc: A safe and ergonomic alternative to rm _desc: A safe and ergonomic alternative to rm

View file

@ -0,0 +1,190 @@
#
# Configuration file for the CUPS scheduler. See "man cupsd.conf" for a
# complete description of this file.
#
# Log general information in error_log - change "warn" to "debug"
# for troubleshooting...
LogLevel warn
PageLogFormat
# Deactivate CUPS' internal logrotating, as we provide a better one, especially
# LogLevel debug2 gets usable now
MaxLogSize 0
# Only listen for connections from the local machine.
Port 631
Listen /run/cups/cups.sock
# Show shared printers on the local network.
Browsing On
BrowseLocalProtocols dnssd
# Default authentication type, when authentication is required...
DefaultAuthType Basic
# Web interface setting...
WebInterface Yes
# Restrict access to the server...
<Location />
Order allow,deny
Allow @LOCAL
</Location>
# Restrict access to the admin pages...
<Location /admin>
AuthType Default
Require user @SYSTEM
Order allow,deny
Allow @LOCAL
</Location>
# Restrict access to configuration files...
<Location /admin/conf>
AuthType Default
Require user @SYSTEM
Order allow,deny
</Location>
# Restrict access to log files...
<Location /admin/log>
AuthType Default
Require user @SYSTEM
Order allow,deny
</Location>
# Set the default printer/job policies...
<Policy default>
# Job/subscription privacy...
JobPrivateAccess default
JobPrivateValues default
SubscriptionPrivateAccess default
SubscriptionPrivateValues default
# Job-related operations must be done by the owner or an administrator...
<Limit Create-Job Print-Job Print-URI Validate-Job>
Order deny,allow
</Limit>
<Limit Send-Document Send-URI Hold-Job Release-Job Restart-Job Purge-Jobs Set-Job-Attributes Create-Job-Subscription Renew-Subscription Cancel-Subscription Get-Notifications Reprocess-Job Cancel-Current-Job Suspend-Current-Job Resume-Job Cancel-My-Jobs Close-Job CUPS-Move-Job CUPS-Get-Document>
Require user @OWNER @SYSTEM
Order deny,allow
</Limit>
# All administration operations require an administrator to authenticate...
<Limit CUPS-Add-Modify-Printer CUPS-Delete-Printer CUPS-Add-Modify-Class CUPS-Delete-Class CUPS-Set-Default CUPS-Get-Devices>
AuthType Default
Require user @SYSTEM
Order deny,allow
</Limit>
# All printer operations require a printer operator to authenticate...
<Limit Pause-Printer Resume-Printer Enable-Printer Disable-Printer Pause-Printer-After-Current-Job Hold-New-Jobs Release-Held-New-Jobs Deactivate-Printer Activate-Printer Restart-Printer Shutdown-Printer Startup-Printer Promote-Job Schedule-Job-After Cancel-Jobs CUPS-Accept-Jobs CUPS-Reject-Jobs>
AuthType Default
Require user @SYSTEM
Order deny,allow
</Limit>
# Only the owner or an administrator can cancel or authenticate a job...
<Limit Cancel-Job CUPS-Authenticate-Job>
Require user @OWNER @SYSTEM
Order deny,allow
</Limit>
<Limit All>
Order deny,allow
</Limit>
</Policy>
# Set the authenticated printer/job policies...
<Policy authenticated>
# Job/subscription privacy...
JobPrivateAccess default
JobPrivateValues default
SubscriptionPrivateAccess default
SubscriptionPrivateValues default
# Job-related operations must be done by the owner or an administrator...
<Limit Create-Job Print-Job Print-URI Validate-Job>
AuthType Default
Order deny,allow
</Limit>
<Limit Send-Document Send-URI Hold-Job Release-Job Restart-Job Purge-Jobs Set-Job-Attributes Create-Job-Subscription Renew-Subscription Cancel-Subscription Get-Notifications Reprocess-Job Cancel-Current-Job Suspend-Current-Job Resume-Job Cancel-My-Jobs Close-Job CUPS-Move-Job CUPS-Get-Document>
AuthType Default
Require user @OWNER @SYSTEM
Order deny,allow
</Limit>
# All administration operations require an administrator to authenticate...
<Limit CUPS-Add-Modify-Printer CUPS-Delete-Printer CUPS-Add-Modify-Class CUPS-Delete-Class CUPS-Set-Default>
AuthType Default
Require user @SYSTEM
Order deny,allow
</Limit>
# All printer operations require a printer operator to authenticate...
<Limit Pause-Printer Resume-Printer Enable-Printer Disable-Printer Pause-Printer-After-Current-Job Hold-New-Jobs Release-Held-New-Jobs Deactivate-Printer Activate-Printer Restart-Printer Shutdown-Printer Startup-Printer Promote-Job Schedule-Job-After Cancel-Jobs CUPS-Accept-Jobs CUPS-Reject-Jobs>
AuthType Default
Require user @SYSTEM
Order deny,allow
</Limit>
# Only the owner or an administrator can cancel or authenticate a job...
<Limit Cancel-Job CUPS-Authenticate-Job>
AuthType Default
Require user @OWNER @SYSTEM
Order deny,allow
</Limit>
<Limit All>
Order deny,allow
</Limit>
</Policy>
# Set the kerberized printer/job policies...
<Policy kerberos>
# Job/subscription privacy...
JobPrivateAccess default
JobPrivateValues default
SubscriptionPrivateAccess default
SubscriptionPrivateValues default
# Job-related operations must be done by the owner or an administrator...
<Limit Create-Job Print-Job Print-URI Validate-Job>
AuthType Negotiate
Order deny,allow
</Limit>
<Limit Send-Document Send-URI Hold-Job Release-Job Restart-Job Purge-Jobs Set-Job-Attributes Create-Job-Subscription Renew-Subscription Cancel-Subscription Get-Notifications Reprocess-Job Cancel-Current-Job Suspend-Current-Job Resume-Job Cancel-My-Jobs Close-Job CUPS-Move-Job CUPS-Get-Document>
AuthType Negotiate
Require user @OWNER @SYSTEM
Order deny,allow
</Limit>
# All administration operations require an administrator to authenticate...
<Limit CUPS-Add-Modify-Printer CUPS-Delete-Printer CUPS-Add-Modify-Class CUPS-Delete-Class CUPS-Set-Default>
AuthType Default
Require user @SYSTEM
Order deny,allow
</Limit>
# All printer operations require a printer operator to authenticate...
<Limit Pause-Printer Resume-Printer Enable-Printer Disable-Printer Pause-Printer-After-Current-Job Hold-New-Jobs Release-Held-New-Jobs Deactivate-Printer Activate-Printer Restart-Printer Shutdown-Printer Startup-Printer Promote-Job Schedule-Job-After Cancel-Jobs CUPS-Accept-Jobs CUPS-Reject-Jobs>
AuthType Default
Require user @SYSTEM
Order deny,allow
</Limit>
# Only the owner or an administrator can cancel or authenticate a job...
<Limit Cancel-Job CUPS-Authenticate-Job>
AuthType Negotiate
Require user @OWNER @SYSTEM
Order deny,allow
</Limit>
<Limit All>
Order deny,allow
</Limit>
</Policy>

View file

@ -0,0 +1,3 @@
#!/usr/bin/env bash
sudo chmod 644 cupsd.conf