Initial commit.

sample-rc.d/rc.firewall-guests

@@ -0,0 +1,137 @@
+#!/bin/bash
+
+# The name of the main external interface.
+EX_IF="eth0"
+# The name of the VM-Private network interface.
+VM_IF="eth1"
+
+# Disable ICMP redirects.
+# Note: Redirects are used when a router believes a packet is being routed sub optimally and it would like to inform
+# the sending host that it should forward subsequent packets to that same destination through a different gateway.
+echo 0 >"/proc/sys/net/ipv4/conf/$EX_IF/accept_redirects"
+echo 0 >"/proc/sys/net/ipv6/conf/$EX_IF/accept_redirects"
+echo 0 >"/proc/sys/net/ipv4/conf/$EX_IF/send_redirects"
+
+# Flush old rules.
+iptables -F
+ip6tables -F
+iptables -t nat -F
+ip6tables -t nat -F
+iptables -t mangle -F
+ip6tables -t mangle -F
+
+# Delete any custom chains.
+iptables -X
+ip6tables -X
+iptables -t nat -X
+ip6tables -t nat -X
+iptables -t mangle -X
+ip6tables -t mangle -X
+
+# Drop invalid packets on all interfaces.
+iptables -A INPUT -m conntrack --ctstate INVALID -j DROP
+ip6tables -A INPUT -m conntrack --ctstate INVALID -j DROP
+
+# Drop unroutable IPs on the external interface.
+iptables -A INPUT -i "$EX_IF" -s 127.0.0.0/8 -j DROP
+ip6tables -A INPUT -i "$EX_IF" -s ::1/128 -j DROP
+iptables -A INPUT -i "$EX_IF" -s 10.0.0.0/8 -j DROP
+iptables -A INPUT -i "$EX_IF" -s 172.16.0.0/12 -j DROP
+iptables -A INPUT -i "$EX_IF" -s 192.168.0.0/16 -j DROP
+
+# Allow all loopback traffic.
+iptables -A INPUT -i lo -j ACCEPT
+ip6tables -A INPUT -i lo -j ACCEPT
+
+# Allow all VM-Private network traffic.
+iptables -A INPUT -i "$VM_IF" -j ACCEPT
+ip6tables -A INPUT -i "$VM_IF" -j ACCEPT
+
+# Allow unrestricted access from our IPs.
+iptables -A INPUT -i "$EX_IF" -m iprange --src-range 91.109.244.7-91.109.244.11 -j ACCEPT
+iptables -A INPUT -i "$EX_IF" -m iprange --src-range 91.109.244.78-91.109.244.79 -j ACCEPT
+iptables -A INPUT -i "$EX_IF" -m iprange --src-range 91.109.244.239-91.109.244.243 -j ACCEPT
+ip6tables -A INPUT -i "$EX_IF" -s 2a02:2498:1:227::/64 -j ACCEPT
+iptables -A INPUT -i "$EX_IF" -s 185.176.90.169 -j ACCEPT
+ip6tables -A INPUT -i "$EX_IF" -s 2a07:4580:b0d:57f::/64 -j ACCEPT
+
+# Allow packets of established connections and those related to them.
+iptables -A INPUT -i "$EX_IF" -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
+ip6tables -A INPUT -i "$EX_IF" -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
+
+# Allow pings, but ratelimited.
+iptables -A INPUT -i "$EX_IF" -p icmp --icmp-type echo-request -m limit --limit 1/sec --limit-burst 5 -j ACCEPT
+ip6tables -A INPUT -i "$EX_IF" -p icmpv6 --icmpv6-type echo-request -m limit --limit 1/sec --limit-burst 5 -j ACCEPT
+iptables -A INPUT -i "$EX_IF" -p icmp --icmp-type echo-reply -m limit --limit 1/sec --limit-burst 5 -j ACCEPT
+ip6tables -A INPUT -i "$EX_IF" -p icmpv6 --icmpv6-type echo-reply -m limit --limit 1/sec --limit-burst 5 -j ACCEPT
+
+# Allow certain types of ICMP informational packets.
+iptables -A INPUT -i "$EX_IF" -p icmp --icmp-type destination-unreachable -j ACCEPT
+ip6tables -A INPUT -i "$EX_IF" -p icmpv6 --icmpv6-type destination-unreachable -j ACCEPT
+iptables -A INPUT -i "$EX_IF" -p icmp --icmp-type time-exceeded -j ACCEPT
+ip6tables -A INPUT -i "$EX_IF" -p icmpv6 --icmpv6-type time-exceeded -j ACCEPT
+iptables -A INPUT -i "$EX_IF" -p icmp --icmp-type parameter-problem -j ACCEPT
+ip6tables -A INPUT -i "$EX_IF" -p icmpv6 --icmpv6-type parameter-problem -j ACCEPT
+ip6tables -A INPUT -i "$EX_IF" -p icmpv6 --icmpv6-type packet-too-big -j ACCEPT
+
+# Always allow SSH.
+# Note: We never want to be locked out of the system, so also accept on the standard ssh port, just in case things accidently get
+# set back to defaults.  Any connections to the standard port will just get a 'connection refused' message, unless this happens.
+iptables -A INPUT -i "$EX_IF" -p tcp --syn -m multiport --dports 22,9922 -m conntrack --ctstate NEW -j ACCEPT
+ip6tables -A INPUT -i "$EX_IF" -p tcp --syn -m multiport --dports 22,9922 -m conntrack --ctstate NEW -j ACCEPT
+
+# Service: DNS.
+iptables -A INPUT -i "$EX_IF" -p tcp --syn --dport 53 -m conntrack --ctstate NEW -j ACCEPT
+ip6tables -A INPUT -i "$EX_IF" -p tcp --syn --dport 53 -m conntrack --ctstate NEW -j ACCEPT
+iptables -A INPUT -i "$EX_IF" -p udp --dport 53 -m conntrack --ctstate NEW -j ACCEPT
+ip6tables -A INPUT -i "$EX_IF" -p udp --dport 53 -m conntrack --ctstate NEW -j ACCEPT
+
+# Service: HTTP{,S}.
+iptables -A INPUT -i "$EX_IF" -p tcp --syn -m multiport --dports 80,443 -m conntrack --ctstate NEW -j ACCEPT
+ip6tables -A INPUT -i "$EX_IF" -p tcp --syn -m multiport --dports 80,443 -m conntrack --ctstate NEW -j ACCEPT
+
+# Service: FTP{,S}.
+# Note: This is a very permissive configuration - it leaves the high ports completely open.  To close it down,
+# change the last two rules to "ESTABLISHED,RELATED" state; but this will prevent ftps passive from working.
+modprobe nf_conntrack_ftp
+echo 1 >/proc/sys/net/netfilter/nf_conntrack_helper	# Required to allow nf_conntrack_ftp to actually work.
+iptables -A INPUT -i "$EX_IF" -p tcp --syn -m multiport --dports 21,990 -m conntrack --ctstate NEW -j ACCEPT
+ip6tables -A INPUT -i "$EX_IF" -p tcp --syn -m multiport --dports 21,990 -m conntrack --ctstate NEW -j ACCEPT
+iptables -A INPUT -i "$EX_IF" -p tcp --syn -m multiport --dports 20,989 -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
+ip6tables -A INPUT -i "$EX_IF" -p tcp --syn -m multiport --dports 20,989 -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
+iptables -A INPUT -i "$EX_IF" -p tcp -m multiport --dports 49152:65534 -m conntrack --ctstate NEW -j ACCEPT
+ip6tables -A INPUT -i "$EX_IF" -p tcp -m multiport --dports 49152:65534 -m conntrack --ctstate NEW -j ACCEPT
+
+# Service: rsync.
+iptables -A INPUT -i "$EX_IF" -p tcp --syn --dport 873 -m conntrack --ctstate NEW -j ACCEPT
+ip6tables -A INPUT -i "$EX_IF" -p tcp --syn --dport 873 -m conntrack --ctstate NEW -j ACCEPT
+
+# Service: SMTP and submission.
+iptables -A INPUT -i "$EX_IF" -p tcp --syn -m multiport --dports 25,587 -m conntrack --ctstate NEW -j ACCEPT
+ip6tables -A INPUT -i "$EX_IF" -p tcp --syn -m multiport --dports 25,587 -m conntrack --ctstate NEW -j ACCEPT
+
+# Service: IMAP{,S}.
+iptables -A INPUT -i "$EX_IF" -p tcp --syn -m multiport --dports 143,993 -m conntrack --ctstate NEW -j ACCEPT
+ip6tables -A INPUT -i "$EX_IF" -p tcp --syn -m multiport --dports 143,993 -m conntrack --ctstate NEW -j ACCEPT
+
+# Service: POP3{,S}.
+iptables -A INPUT -i "$EX_IF" -p tcp --syn -m multiport --dports 110,995 -m conntrack --ctstate NEW -j ACCEPT
+ip6tables -A INPUT -i "$EX_IF" -p tcp --syn -m multiport --dports 110,995 -m conntrack --ctstate NEW -j ACCEPT
+
+# Service: Bittorrent.
+iptables -A INPUT -i "$EX_IF" -p tcp --syn -m multiport --dports 6881:6899 -m conntrack --ctstate NEW -j ACCEPT
+ip6tables -A INPUT -i "$EX_IF" -p tcp --syn -m multiport --dports 6881:6899 -m conntrack --ctstate NEW -j ACCEPT
+iptables -A INPUT -i "$EX_IF" -p udp -m multiport --dports 6881:6899 -m conntrack --ctstate NEW -j ACCEPT
+ip6tables -A INPUT -i "$EX_IF" -p udp -m multiport --dports 6881:6899 -m conntrack --ctstate NEW -j ACCEPT
+iptables -A INPUT -i "$EX_IF" -p tcp --syn -m multiport --dports 49152:65534 -m conntrack --ctstate NEW -j ACCEPT
+ip6tables -A INPUT -i "$EX_IF" -p tcp --syn -m multiport --dports 49152:65534 -m conntrack --ctstate NEW -j ACCEPT
+iptables -A INPUT -i "$EX_IF" -p udp -m multiport --dports 49152:65534 -m conntrack --ctstate NEW -j ACCEPT
+ip6tables -A INPUT -i "$EX_IF" -p udp -m multiport --dports 49152:65534 -m conntrack --ctstate NEW -j ACCEPT
+
+# Set default policies.
+iptables -P INPUT DROP
+ip6tables -P INPUT DROP
+iptables -P OUTPUT ACCEPT		# We don't firewall outgoing connections.
+ip6tables -P OUTPUT ACCEPT		# We don't firewall outgoing connections.
+iptables -P FORWARD DROP
+ip6tables -P FORWARD DROP

sample-rc.d/rc.firewall-hosts

@@ -0,0 +1,83 @@
+#!/bin/bash
+
+# The name of the main external interface.
+EX_IF="br0"
+
+# Disable ICMP redirects.
+# Note: Redirects are used when a router believes a packet is being routed sub optimally and it would like to inform
+# the sending host that it should forward subsequent packets to that same destination through a different gateway.
+echo 0 >"/proc/sys/net/ipv4/conf/$EX_IF/accept_redirects"
+echo 0 >"/proc/sys/net/ipv6/conf/$EX_IF/accept_redirects"
+echo 0 >"/proc/sys/net/ipv4/conf/$EX_IF/send_redirects"
+
+# Flush old rules.
+iptables -F
+ip6tables -F
+iptables -t nat -F
+ip6tables -t nat -F
+iptables -t mangle -F
+ip6tables -t mangle -F
+
+# Delete any custom chains.
+iptables -X
+ip6tables -X
+iptables -t nat -X
+ip6tables -t nat -X
+iptables -t mangle -X
+ip6tables -t mangle -X
+
+# Drop invalid packets on all interfaces.
+iptables -A INPUT -m conntrack --ctstate INVALID -j DROP
+ip6tables -A INPUT -m conntrack --ctstate INVALID -j DROP
+
+# Drop unroutable IPs on the external interface.
+iptables -A INPUT -i "$EX_IF" -s 127.0.0.0/8 -j DROP
+ip6tables -A INPUT -i "$EX_IF" -s ::1/128 -j DROP
+iptables -A INPUT -i "$EX_IF" -s 10.0.0.0/8 -j DROP
+iptables -A INPUT -i "$EX_IF" -s 172.16.0.0/12 -j DROP
+iptables -A INPUT -i "$EX_IF" -s 192.168.0.0/16 -j DROP
+
+# Allow all loopback traffic.
+iptables -A INPUT -i lo -j ACCEPT
+ip6tables -A INPUT -i lo -j ACCEPT
+
+# Allow unrestricted access from our IPs.
+iptables -A INPUT -i "$EX_IF" -m iprange --src-range 91.109.244.7-91.109.244.11 -j ACCEPT
+iptables -A INPUT -i "$EX_IF" -m iprange --src-range 91.109.244.78-91.109.244.79 -j ACCEPT
+iptables -A INPUT -i "$EX_IF" -m iprange --src-range 91.109.244.239-91.109.244.243 -j ACCEPT
+ip6tables -A INPUT -i "$EX_IF" -s 2a02:2498:1:227::/64 -j ACCEPT
+iptables -A INPUT -i "$EX_IF" -s 185.176.90.169 -j ACCEPT
+ip6tables -A INPUT -i "$EX_IF" -s 2a07:4580:b0d:57f::/64 -j ACCEPT
+
+# Allow packets of established connections and those related to them.
+iptables -A INPUT -i "$EX_IF" -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
+ip6tables -A INPUT -i "$EX_IF" -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
+
+# Allow pings, but ratelimited.
+iptables -A INPUT -i "$EX_IF" -p icmp --icmp-type echo-request -m limit --limit 1/sec --limit-burst 5 -j ACCEPT
+ip6tables -A INPUT -i "$EX_IF" -p icmpv6 --icmpv6-type echo-request -m limit --limit 1/sec --limit-burst 5 -j ACCEPT
+iptables -A INPUT -i "$EX_IF" -p icmp --icmp-type echo-reply -m limit --limit 1/sec --limit-burst 5 -j ACCEPT
+ip6tables -A INPUT -i "$EX_IF" -p icmpv6 --icmpv6-type echo-reply -m limit --limit 1/sec --limit-burst 5 -j ACCEPT
+
+# Allow certain types of ICMP informational packets.
+iptables -A INPUT -i "$EX_IF" -p icmp --icmp-type destination-unreachable -j ACCEPT
+ip6tables -A INPUT -i "$EX_IF" -p icmpv6 --icmpv6-type destination-unreachable -j ACCEPT
+iptables -A INPUT -i "$EX_IF" -p icmp --icmp-type time-exceeded -j ACCEPT
+ip6tables -A INPUT -i "$EX_IF" -p icmpv6 --icmpv6-type time-exceeded -j ACCEPT
+iptables -A INPUT -i "$EX_IF" -p icmp --icmp-type parameter-problem -j ACCEPT
+ip6tables -A INPUT -i "$EX_IF" -p icmpv6 --icmpv6-type parameter-problem -j ACCEPT
+ip6tables -A INPUT -i "$EX_IF" -p icmpv6 --icmpv6-type packet-too-big -j ACCEPT
+
+# Always allow SSH.
+# Note: We never want to be locked out of the system, so also accept on the standard ssh port, just in case things accidently get
+# set back to defaults.  Any connections to the standard port will just get a 'connection refused' message, unless this happens.
+iptables -A INPUT -i "$EX_IF" -p tcp --syn -m multiport --dports 22,9922 -m conntrack --ctstate NEW -j ACCEPT
+ip6tables -A INPUT -i "$EX_IF" -p tcp --syn -m multiport --dports 22,9922 -m conntrack --ctstate NEW -j ACCEPT
+
+# Set default policies.
+iptables -P INPUT DROP
+ip6tables -P INPUT DROP
+iptables -P OUTPUT ACCEPT		# We don't firewall outgoing connections.
+ip6tables -P OUTPUT ACCEPT		# We don't firewall outgoing connections.
+iptables -P FORWARD DROP
+ip6tables -P FORWARD DROP

sample-rc.d/rc.firewall-old

@@ -0,0 +1,14 @@
+#!/bin/bash
+
+IPTABLES=/usr/sbin/iptables
+
+# Flush the tables.
+$IPTABLES -F
+
+# Drop bootp ports.
+$IPTABLES -m multiport -A INPUT -p tcp --dports 67,68 -j DROP
+$IPTABLES -m multiport -A INPUT -p udp --dports 67,68 -j DROP
+
+# Drop netbios ports.
+$IPTABLES -m multiport -A INPUT -p tcp --dports 137,138,139 -j DROP
+$IPTABLES -m multiport -A INPUT -p udp --dports 137,138,139 -j DROP

sample-rc.d/rc.local

@@ -0,0 +1,66 @@
+#!/bin/bash
+# /etc/rc.d/rc.local - Local system startup script.
+# This script will be run when the system is first booted.
+
+# Start the MCE daemon.
+[ -x /etc/rc.d/rc.mcelog ] && /etc/rc.d/rc.mcelog start
+
+# Start the qemu guest additions agent.
+[ -x /etc/rc.d/rc.qemu-ga ] && /etc/rc.d/rc.qemu-ga start
+
+# Start GlusterFS daemon.
+[ -x /etc/rc.d/rc.glusterd ] && /etc/rc.d/rc.glusterd start
+
+# Mount glusterfs volumes.
+for MOUNT in $(grep -v "^#" /etc/fstab | awk '/[[:blank:]]glusterfs[[:blank:]]/ {print $2}'); do mount $MOUNT; done
+
+# Start the vnstat daemon.
+[ -x /etc/rc.d/rc.vnstat ] && /etc/rc.d/rc.vnstat start
+
+# Start fail2ban.
+[ -x /etc/rc.d/rc.fail2ban ] && /etc/rc.d/rc.fail2ban start
+
+# Start the php-fpm FastCGI daemon.
+[ -x /etc/rc.d/rc.php-fpm ] && /etc/rc.d/rc.php-fpm start
+
+# Start SpamAssassin.
+[ -x /etc/rc.d/rc.spamd ] && /etc/rc.d/rc.spamd start
+
+# Start proftpd.
+[ -x /etc/rc.d/rc.proftpd ] && {
+  /opt/bin/lumberjack -u logger -z -r -i /run/slackware.uk-ftpd.log -o logger:ftp -mp 006 -l logs/ftpd-transfers.log \
+      /data/sites/slackware.uk logs/%Y/%m/ftpd-transfers.log &
+  /etc/rc.d/rc.proftpd start
+}
+
+# Start the rsync daemon.
+[ -x /etc/rc.d/rc.rsyncd ] && {
+  /opt/bin/lumberjack -u logger -z -r -i /run/rsyncd.log -o logger:mirror -mp 006 -l logs/rsyncd-transfers.log \
+      /data/sites/slackware.uk logs/%Y/%m/rsyncd-transfers.log &
+  /etc/rc.d/rc.rsyncd start
+}
+
+# Start netdata.
+[ -x /etc/rc.d/rc.netdata ] && rm -f /var/lock/subsys/netdata && /etc/rc.d/rc.netdata start
+
+# Start the bandwidth bar generator.
+[ -x /opt/bin/bwbar ] && sudo -b /opt/bin/bwbar -f /run/bwbar.txt -p /run/bwbar.png -t 1 -x 800 -y 8 -b 2 eth0 1000
+
+# Start seeding the torrents.
+grep "^seeder:" /etc/passwd >/dev/null 2>&1 && su - seeder -c /home/seeder/start-seeding
+
+# Start libvirt.
+[ -x /etc/rc.d/rc.libvirt ] && /etc/rc.d/rc.libvirt start
+
+# Start the lxcfs fuse module.
+[ -x /etc/rc.d/rc.lxcfs ] && /etc/rc.d/rc.lxcfs start
+
+# Start containers.
+[ -x /etc/rc.d/rc.lxc ] && {
+  # Proxy ARP is required for the LXC bridge to function correctly.
+  echo 1 >/proc/sys/net/ipv4/conf/br0/proxy_arp
+  /etc/rc.d/rc.lxc start
+}
+
+# Notify that the server has booted.
+/opt/bin/pushover -a server -t "Successful boot up: ${HOSTNAME%%.*}" -p 1 -m "$(printf '%(%d %b %Y - %H:%M:%S)T')" >/dev/null

sample-rc.d/rc.local_shutdown

@@ -0,0 +1,73 @@
+#!/bin/bash
+# /etc/rc.d/rc.local_shutdown - Local system shutdown script.
+# This script will be run when the system is shutdown or rebooted.
+
+# Notify that the server is shutting down.
+/opt/bin/pushover -a server -t "Shutting down: ${HOSTNAME%%.*}" -p 1 -m "$(printf '%(%d %b %Y - %H:%M:%S)T')" >/dev/null
+
+# Stop containers.
+[ -x /etc/rc.d/rc.lxc ] && /etc/rc.d/rc.lxc stop
+
+# Stop lxcfs.
+[ -x /etc/rc.d/rc.lxcfs ] && /etc/rc.d/rc.lxcfs stop
+
+# Stop libvirt.
+[ -x /etc/rc.d/rc.libvirt ] && {
+  /etc/rc.d/rc.libvirt guests_shutdown
+  /etc/rc.d/rc.libvirt stop
+}
+
+# Shut down netdata.
+[ -x /etc/rc.d/rc.netdata ] && /etc/rc.d/rc.netdata stop
+
+# Stop the rtorrent instances started at boot.
+grep "^seeder:" /etc/passwd >/dev/null 2>&1 && {
+  pkill -INT  -u seeder '^rtorrent .*$'
+  printf "%s" "Waiting up to 30 seconds for rtorrent to exit"
+  for ((i=0; i <= 59; i++)); do
+    if pgrep -u seeder '^rtorrent .*$' >/dev/null 2>&1; then
+      printf "%s" "."
+      sleep 0.5
+    else
+      break
+    fi
+  done
+  if ! pgrep -u seeder '^rtorrent .*$' >/dev/null 2>&1; then
+    printf "%s\n" " clean exit."
+  else
+    printf "%s\n" " failed - terminating."
+    pkill -TERM  -u seeder '^rtorrent .*$'
+    sleep 2
+    pkill -KILL  -u seeder '^rtorrent .*$'
+  fi
+}
+
+# Stop rsyncd.
+[ -x /etc/rc.d/rc.rsyncd ] && /etc/rc.d/rc.rsyncd stop
+
+# Stop proftpd.
+[ -x /etc/rc.d/rc.proftpd ] && /etc/rc.d/rc.proftpd stop
+
+# Stop SpamAssassin.
+[ -x /etc/rc.d/rc.spamd ] && /etc/rc.d/rc.spamd stop
+
+# Stop the php-fpm FastCGI daemon.
+[ -x /etc/rc.d/rc.php-fpm ] && /etc/rc.d/rc.php-fpm stop
+
+# Stop fail2ban.
+[ -x /etc/rc.d/rc.fail2ban ] && /etc/rc.d/rc.fail2ban stop
+
+# Stop the vnstat daemon.
+[ -x /etc/rc.d/rc.vnstat ] && /etc/rc.d/rc.vnstat stop
+
+# Unmount glusterfs volumes.
+for MOUNT in $(mount | awk '/fuse\.glusterfs/ {print $3}'); do umount -v $MOUNT; done
+
+# Stop GlusterFS daemon.
+[ -x /etc/rc.d/rc.glusterd ] && /etc/rc.d/rc.glusterd stop
+
+# Stop the qemu guest additions agent.
+[ -x /etc/rc.d/rc.qemu-ga ] && /etc/rc.d/rc.qemu-ga stop
+
+# Stop the MCE daemon.
+[ -x /etc/rc.d/rc.mcelog ] && /etc/rc.d/rc.mcelog stop

sample-rc.d/rc.modules.local

@@ -0,0 +1,24 @@
+#!/bin/sh
+
+# /etc/rc.d/rc.modules.local
+
+# The Linux kernel source is the best place to look for documentation
+# for the many available kernel modules.  This can be found under
+# /usr/src/linux-$VERSION/Documentation/.
+
+# Almost all necessary modules are automatically loaded when needed,
+# but there are a few exceptions.  Here's a (not all-inclusive) list,
+# so uncomment any of the below entries or add others as needed:
+# Note that you could also create/edit rc.modules-$version if you
+# only wanted specific modules loaded for particular kernels.
+
+#/sbin/modprobe tun            # Universal TUN/TAP device driver
+#/sbin/modprobe sg             # Generic SCSI support for SATA DVD-RW
+
+# Load sensor modules.
+if [ -e /etc/sysconfig/lm_sensors ]; then
+  . /etc/sysconfig/lm_sensors
+  for MOD in $HWMON_MODULES; do
+    /sbin/modprobe "$MOD"
+  done
+fi

sample-rc.d/rc.proftpd

@@ -0,0 +1,108 @@
+#!/bin/bash
+# Version: 0.2.9
+# Copyright (c) 2005-2017:
+#   Darren 'Tadgy' Austin <darren (at) afterdark.org.uk>
+# Licensed under the terms of the GNU General Public License version 3.
+
+EXEC="/usr/sbin/proftpd"
+ARGS=()
+PIDFILE="/var/run/proftpd.pid"
+
+checkconfigured() {
+  # This function can be used to perform any pre-start tests; hopfully to insure the daemon
+  # can start correctly, before actually trying to start it.  A return value of 0 means the
+  # tests were passed and the daemon should be started.  Any other value prevents the
+  # daemon from being started and an error message will be emitted.
+  return 0
+}
+
+checkstatus() {
+  # Note: this has been changed from the standard 'pgrep -f "$EXEC"' as pgrep doesn't match
+  #       the process because proftp changes its argv0.
+  local RUNPIDS="$(pgrep -F "$PIDFILE" 2>/dev/null)"
+  if [ ! -z "$RUNPIDS" ]; then
+    echo -n "${BASH_SOURCE##*/}: ${EXEC##*/}: running"
+    if [ ! -z "$PIDFILE" ]; then
+      if [ ! -e "$PIDFILE" ]; then
+        echo -n ", but .pid file does not exist"
+      elif ! echo "$RUNPIDS" | grep "\<$(cat "$PIDFILE")\>" >/dev/null 2>&1; then
+        echo -n ", but .pid file is stale"
+      fi
+    fi
+    echo
+  else
+    echo "${BASH_SOURCE##*/}: ${EXEC##*/}: stopped"
+    return 1
+  fi
+  return 0
+}
+
+startdaemon() {
+  if ! checkconfigured; then
+    echo "${BASH_SOURCE##*/}: ${EXEC##*/}: not started - pre-start checks failed" >&2
+    return 1
+  elif [ ! -e "$EXEC" ]; then
+    echo "${BASH_SOURCE##*/}: ${EXEC##*/}: not found" >&2
+    return 1
+  elif [ ! -x "$EXEC" ]; then
+    echo "${BASH_SOURCE##*/}: ${EXEC##*/}: not executable" >&2
+    return 1
+  fi
+  env -i -S "$EXEC" "${ARGS[@]}"
+  return $?
+}
+
+stopdaemon() {
+  # Note: this has been changed from the standard way of doing things because we can't use
+  #       'pgrep -f' to match the process since proftpd changes its argv0.
+  if ! kill -TERM "$(cat "$PIDFILE" 2>/dev/null)" >/dev/null 2>&1; then
+    sleep 2
+    if checkstatus >/dev/null; then
+      echo "${BASH_SOURCE##*/}: ${EXEC##*/}: failed to stop gracefully - slaying" >&2
+      kill -KILL "$(pgrep "${EXEC##*/}")" >/dev/null 2>&1
+    fi
+  fi
+  return 0
+}
+
+case "$1" in
+  'start')
+    if checkstatus >/dev/null; then
+      echo "${BASH_SOURCE##*/}: ${EXEC##*/}: already running" >&2
+      echo "  Try: $BASH_SOURCE status" >&2
+      ERR=1
+    else
+      startdaemon
+      ERR=$?
+    fi
+    ;;
+  'stop')
+    if ! checkstatus >/dev/null; then
+      echo "${BASH_SOURCE##*/}: ${EXEC##*/}: not running" >&2
+      echo "  Try: $BASH_SOURCE status" >&2
+      ERR=1
+    else
+      stopdaemon
+      ERR=$?
+    fi
+    ;;
+  'restart')
+    if checkstatus >/dev/null; then
+      stopdaemon && sleep 2 && startdaemon
+      ERR=$?
+    else
+      startdaemon
+      ERR=$?
+    fi
+    ;;
+  'status')
+    checkstatus
+    ERR=$?
+    ;;
+  *)
+    echo "Usage: $BASH_SOURCE <start|stop|restart|status>" >&2
+    ERR=1
+    ;;
+esac
+
+return $ERR 2>/dev/null || exit $ERR

sample-rc.d/rc.rsyncd

@@ -0,0 +1,105 @@
+#!/bin/bash
+# Version: 0.2.9
+# Copyright (c) 2005-2017:
+#   Darren 'Tadgy' Austin <darren (at) afterdark.org.uk>
+# Licensed under the terms of the GNU General Public License version 3.
+
+EXEC="/usr/bin/rsync"
+ARGS=(--daemon --config=/etc/rsyncd/rsyncd.conf)
+PIDFILE="/var/run/rsyncd.pid"
+
+checkconfigured() {
+  # This function can be used to perform any pre-start tests; hopfully to insure the daemon
+  # can start correctly, before actually trying to start it.  A return value of 0 means the
+  # tests were passed and the daemon should be started.  Any other value prevents the
+  # daemon from being started and an error message will be emitted.
+  return 0
+}
+
+checkstatus() {
+  local RUNPIDS="$(pgrep -f "$EXEC")"
+  if [ ! -z "$RUNPIDS" ]; then
+    echo -n "${BASH_SOURCE##*/}: ${EXEC##*/}: running"
+    if [ ! -z "$PIDFILE" ]; then
+      if [ ! -e "$PIDFILE" ]; then
+        echo -n ", but .pid file does not exist"
+      elif ! echo "$RUNPIDS" | grep "\<$(cat "$PIDFILE")\>" >/dev/null 2>&1; then
+        echo -n ", but .pid file is stale"
+      fi
+    fi
+    echo
+  else
+    echo "${BASH_SOURCE##*/}: ${EXEC##*/}: stopped"
+    return 1
+  fi
+  return 0
+}
+
+startdaemon() {
+  if ! checkconfigured; then
+    echo "${BASH_SOURCE##*/}: ${EXEC##*/}: not started - pre-start checks failed" >&2
+    return 1
+  elif [ ! -e "$EXEC" ]; then
+    echo "${BASH_SOURCE##*/}: ${EXEC##*/}: not found" >&2
+    return 1
+  elif [ ! -x "$EXEC" ]; then
+    echo "${BASH_SOURCE##*/}: ${EXEC##*/}: not executable" >&2
+    return 1
+  fi
+  "$EXEC" "${ARGS[@]}"
+  return $?
+}
+
+stopdaemon() {
+  if ! kill -TERM "$(cat "$PIDFILE" 2>/dev/null)" >/dev/null 2>&1; then
+    kill -TERM "$(pgrep -f "$EXEC")" >/dev/null 2>&1
+  fi
+  sleep 2
+  if checkstatus >/dev/null; then
+    echo "${BASH_SOURCE##*/}: ${EXEC##*/}: failed to stop gracefully - slaying" >&2
+    kill -KILL "$(pgrep -f "$EXEC")" >/dev/null 2>&1
+  fi
+  return 0
+}
+
+case "$1" in
+  'start')
+    if checkstatus >/dev/null; then
+      echo "${BASH_SOURCE##*/}: ${EXEC##*/}: already running" >&2
+      echo "  Try: $BASH_SOURCE status" >&2
+      ERR=1
+    else
+      startdaemon
+      ERR=$?
+    fi
+    ;;
+  'stop')
+    if ! checkstatus >/dev/null; then
+      echo "${BASH_SOURCE##*/}: ${EXEC##*/}: not running" >&2
+      echo "  Try: $BASH_SOURCE status" >&2
+      ERR=1
+    else
+      stopdaemon
+      ERR=$?
+    fi
+    ;;
+  'restart')
+    if checkstatus >/dev/null; then
+      stopdaemon && sleep 2 && startdaemon
+      ERR=$?
+    else
+      startdaemon
+      ERR=$?
+    fi
+    ;;
+  'status')
+    checkstatus
+    ERR=$?
+    ;;
+  *)
+    echo "Usage: $BASH_SOURCE <start|stop|restart|status>" >&2
+    ERR=1
+    ;;
+esac
+
+return $ERR 2>/dev/null || exit $ERR

sample-rc.d/rc.tftpd

@@ -0,0 +1,105 @@
+#!/bin/bash
+# Version: 0.2.9
+# Copyright (c) 2005-2017:
+#   Darren 'Tadgy' Austin <darren (at) afterdark.org.uk>
+# Licensed under the terms of the GNU General Public License version 3.
+
+EXEC="/usr/sbin/in.tftpd"
+ARGS=(--listen --address=FIXME --user tftp --secure /data/tftpboot)
+PIDFILE=""
+
+checkconfigured() {
+  # This function can be used to perform any pre-start tests; hopfully to insure the daemon
+  # can start correctly, before actually trying to start it.  A return value of 0 means the
+  # tests were passed and the daemon should be started.  Any other value prevents the
+  # daemon from being started and an error message will be emitted.
+  return 0
+}
+
+checkstatus() {
+  local RUNPIDS="$(pgrep -f "$EXEC")"
+  if [ ! -z "$RUNPIDS" ]; then
+    echo -n "${BASH_SOURCE##*/}: ${EXEC##*/}: running"
+    if [ ! -z "$PIDFILE" ]; then
+      if [ ! -e "$PIDFILE" ]; then
+        echo -n ", but .pid file does not exist"
+      elif ! echo "$RUNPIDS" | grep "\<$(cat "$PIDFILE")\>" >/dev/null 2>&1; then
+        echo -n ", but .pid file is stale"
+      fi
+    fi
+    echo
+  else
+    echo "${BASH_SOURCE##*/}: ${EXEC##*/}: stopped"
+    return 1
+  fi
+  return 0
+}
+
+startdaemon() {
+  if ! checkconfigured; then
+    echo "${BASH_SOURCE##*/}: ${EXEC##*/}: not started - pre-start checks failed" >&2
+    return 1
+  elif [ ! -e "$EXEC" ]; then
+    echo "${BASH_SOURCE##*/}: ${EXEC##*/}: not found" >&2
+    return 1
+  elif [ ! -x "$EXEC" ]; then
+    echo "${BASH_SOURCE##*/}: ${EXEC##*/}: not executable" >&2
+    return 1
+  fi
+  "$EXEC" "${ARGS[@]}"
+  return $?
+}
+
+stopdaemon() {
+  if ! kill -TERM "$(cat "$PIDFILE" 2>/dev/null)" >/dev/null 2>&1; then
+    kill -TERM "$(pgrep -f "$EXEC")" >/dev/null 2>&1
+  fi
+  sleep 2
+  if checkstatus >/dev/null; then
+    echo "${BASH_SOURCE##*/}: ${EXEC##*/}: failed to stop gracefully - slaying" >&2
+    kill -KILL "$(pgrep -f "$EXEC")" >/dev/null 2>&1
+  fi
+  return 0
+}
+
+case "$1" in
+  'start')
+    if checkstatus >/dev/null; then
+      echo "${BASH_SOURCE##*/}: ${EXEC##*/}: already running" >&2
+      echo "  Try: $BASH_SOURCE status" >&2
+      ERR=1
+    else
+      startdaemon
+      ERR=$?
+    fi
+    ;;
+  'stop')
+    if ! checkstatus >/dev/null; then
+      echo "${BASH_SOURCE##*/}: ${EXEC##*/}: not running" >&2
+      echo "  Try: $BASH_SOURCE status" >&2
+      ERR=1
+    else
+      stopdaemon
+      ERR=$?
+    fi
+    ;;
+  'restart')
+    if checkstatus >/dev/null; then
+      stopdaemon && sleep 2 && startdaemon
+      ERR=$?
+    else
+      startdaemon
+      ERR=$?
+    fi
+    ;;
+  'status')
+    checkstatus
+    ERR=$?
+    ;;
+  *)
+    echo "Usage: $BASH_SOURCE <start|stop|restart|status>" >&2
+    ERR=1
+    ;;
+esac
+
+return $ERR 2>/dev/null || exit $ERR