[24283] in Source-Commits
/svn/athena r23881 - in trunk/debathena/config/linerva: debian files/etc files/etc/security
daemon@ATHENA.MIT.EDU (Evan Broder)
Sat Jun 20 18:05:48 2009
Date: Sat, 20 Jun 2009 18:05:35 -0400
From: Evan Broder <broder@MIT.EDU>
Message-Id: <200906202205.n5KM5ZRo022260@drugstore.mit.edu>
To: source-commits@mit.edu
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Author: broder
Date: 2009-06-20 18:05:35 -0400 (Sat, 20 Jun 2009)
New Revision: 23881
Added:
trunk/debathena/config/linerva/debian/transform_lvm.conf.debathena
trunk/debathena/config/linerva/debian/transform_sshd_config.debathena.debathena
trunk/debathena/config/linerva/debian/transform_su.debathena
trunk/debathena/config/linerva/files/etc/issue.net.no_su
Removed:
trunk/debathena/config/linerva/files/etc/ssh/
Modified:
trunk/debathena/config/linerva/debian/changelog
trunk/debathena/config/linerva/debian/control.in
trunk/debathena/config/linerva/debian/rules
trunk/debathena/config/linerva/debian/transform_logcheck.debathena
trunk/debathena/config/linerva/files/etc/security/limits.conf.debathena
Log:
In linerva:
* Up the default CPU limit to 12 hours.
* Run logcheck every 5 minutes, instead of every minute.
* Turn off GSSAPIStrictAcceptorCheck.
- Also use DEB_TRANSFORM_FILES for sshd_config.
* Add a "helpful" error message when people try to su.
* Only look for LVM PVs in /dev/md*.
Modified: trunk/debathena/config/linerva/debian/changelog
===================================================================
--- trunk/debathena/config/linerva/debian/changelog 2009-06-20 04:40:23 UTC (rev 23880)
+++ trunk/debathena/config/linerva/debian/changelog 2009-06-20 22:05:35 UTC (rev 23881)
@@ -1,3 +1,14 @@
+debathena-linerva (1.30) unstable; urgency=low
+
+ * Up the default CPU limit to 12 hours.
+ * Run logcheck every 5 minutes, instead of every minute.
+ * Turn off GSSAPIStrictAcceptorCheck.
+ - Also use DEB_TRANSFORM_FILES for sshd_config.
+ * Add a "helpful" error message when people try to su.
+ * Only look for LVM PVs in /dev/md*.
+
+ -- Evan Broder <broder@mit.edu> Sat, 20 Jun 2009 18:05:06 -0400
+
debathena-linerva (1.29) unstable; urgency=low
* Upgrade the apt-zephyr hook to version AWESOME!!!.
Modified: trunk/debathena/config/linerva/debian/control.in
===================================================================
--- trunk/debathena/config/linerva/debian/control.in 2009-06-20 04:40:23 UTC (rev 23880)
+++ trunk/debathena/config/linerva/debian/control.in 2009-06-20 22:05:35 UTC (rev 23881)
@@ -2,13 +2,13 @@
Section: linerva/net
Priority: extra
Maintainer: Debathena Project <debathena@mit.edu>
-Build-Depends: @cdbs@, rsyslog, logcheck
+Build-Depends: @cdbs@, rsyslog, logcheck, debathena-ssh-server-config, login
Standards-Version: 3.7.2
Package: debathena-linerva
Architecture: all
Pre-Depends: git-core
-Depends: logcheck, screen, elinks, rsyslog, linux32, bind9
+Depends: logcheck, screen, elinks, rsyslog, linux32, bind9, debathena-ssh-server-config
Provides: ${diverted-files}
Conflicts: ${diverted-files}, apache2
Description: Special Configuration for Linerva
Modified: trunk/debathena/config/linerva/debian/rules
===================================================================
--- trunk/debathena/config/linerva/debian/rules 2009-06-20 04:40:23 UTC (rev 23880)
+++ trunk/debathena/config/linerva/debian/rules 2009-06-20 22:05:35 UTC (rev 23881)
@@ -7,12 +7,14 @@
/etc/resolv.conf.debathena \
/etc/security/limits.conf.debathena \
/sbin/init.debathena \
- /etc/ssh/sshd_config.debathena.debathena \
/etc/security/access.conf.debathena.debathena \
/etc/openafs/cacheinfo.debathena.debathena
DEB_TRANSFORM_FILES_debathena-linerva += \
/etc/rsyslog.conf.debathena \
- /etc/cron.d/logcheck.debathena
+ /etc/cron.d/logcheck.debathena \
+ /etc/ssh/sshd_config.debathena.debathena \
+ /etc/pam.d/su \
+ /etc/lvm/lvm.conf
#Needs to go before S70screen-cleanup (and before users log in and run screen.)
DEB_UPDATE_RCD_PARAMS_debathena-linerva = "start 65 S ."
Modified: trunk/debathena/config/linerva/debian/transform_logcheck.debathena
===================================================================
--- trunk/debathena/config/linerva/debian/transform_logcheck.debathena 2009-06-20 04:40:23 UTC (rev 23880)
+++ trunk/debathena/config/linerva/debian/transform_logcheck.debathena 2009-06-20 22:05:35 UTC (rev 23881)
@@ -1,3 +1,3 @@
#!/usr/bin/perl -0p
-# run every minute
-s/. \* \* \* \*/* * * * */
+# run every five minutes
+s{. \* \* \* \*}{*/5 * * * *}
Added: trunk/debathena/config/linerva/debian/transform_lvm.conf.debathena
===================================================================
--- trunk/debathena/config/linerva/debian/transform_lvm.conf.debathena 2009-06-20 04:40:23 UTC (rev 23880)
+++ trunk/debathena/config/linerva/debian/transform_lvm.conf.debathena 2009-06-20 22:05:35 UTC (rev 23881)
@@ -0,0 +1,2 @@
+#!/usr/bin/perl -0p
+s{^(\s+filter = ).*$}{\1\[ "a|/dev/md.*|", "r|.*|" ]}m or die;
Property changes on: trunk/debathena/config/linerva/debian/transform_lvm.conf.debathena
___________________________________________________________________
Name: svn:executable
+ *
Added: trunk/debathena/config/linerva/debian/transform_sshd_config.debathena.debathena
===================================================================
--- trunk/debathena/config/linerva/debian/transform_sshd_config.debathena.debathena 2009-06-20 04:40:23 UTC (rev 23880)
+++ trunk/debathena/config/linerva/debian/transform_sshd_config.debathena.debathena 2009-06-20 22:05:35 UTC (rev 23881)
@@ -0,0 +1,3 @@
+#!/usr/bin/perl -0p
+s/(^Port .*$)/\1\nPort 8080/m or die;
+s/(^GSSAPICleanupCredentials .*$)/\1\nGSSAPIStrictAcceptorCheck no/m or die;
Property changes on: trunk/debathena/config/linerva/debian/transform_sshd_config.debathena.debathena
___________________________________________________________________
Name: svn:executable
+ *
Added: trunk/debathena/config/linerva/debian/transform_su.debathena
===================================================================
--- trunk/debathena/config/linerva/debian/transform_su.debathena 2009-06-20 04:40:23 UTC (rev 23880)
+++ trunk/debathena/config/linerva/debian/transform_su.debathena 2009-06-20 22:05:35 UTC (rev 23881)
@@ -0,0 +1,2 @@
+#!/usr/bin/perl -0p
+s{^(auth *sufficient *pam_rootok.so)$}{\1\nauth [default=die] pam_echo.so file=/etc/issue.net.no_su}m or die;
Property changes on: trunk/debathena/config/linerva/debian/transform_su.debathena
___________________________________________________________________
Name: svn:executable
+ *
Added: trunk/debathena/config/linerva/files/etc/issue.net.no_su
===================================================================
--- trunk/debathena/config/linerva/files/etc/issue.net.no_su 2009-06-20 04:40:23 UTC (rev 23880)
+++ trunk/debathena/config/linerva/files/etc/issue.net.no_su 2009-06-20 22:05:35 UTC (rev 23881)
@@ -0,0 +1 @@
+You cannot su on linerva.
Modified: trunk/debathena/config/linerva/files/etc/security/limits.conf.debathena
===================================================================
--- trunk/debathena/config/linerva/files/etc/security/limits.conf.debathena 2009-06-20 04:40:23 UTC (rev 23880)
+++ trunk/debathena/config/linerva/files/etc/security/limits.conf.debathena 2009-06-20 22:05:35 UTC (rev 23881)
@@ -53,4 +53,4 @@
root hard maxlogins 100
* hard nproc 200
* hard nofile 1024
-* hard cpu 240
+* hard cpu 720
