diff options
| author | Jonas Smedegaard <dr@jones.dk> | 2017-01-26 14:30:08 +0100 |
|---|---|---|
| committer | Jonas Smedegaard <dr@jones.dk> | 2017-01-26 14:30:08 +0100 |
| commit | e042b7bced715a9d0d6c660df453b1b68f263316 (patch) | |
| tree | 13f1bcd2f7cccf87718d92b5fc9a112d4c3ea455 /cfengine | |
| parent | c778483fbd7829e2d41157ae6be2d7f1eef709f5 (diff) | |
Drop ancient unused files.
Diffstat (limited to 'cfengine')
| -rw-r--r-- | cfengine/cf.generic | 141 | ||||
| -rw-r--r-- | cfengine/cf.isp | 51 | ||||
| -rw-r--r-- | cfengine/cf.services | 18 | ||||
| -rw-r--r-- | cfengine/cf.services.all | 59 | ||||
| -rw-r--r-- | cfengine/cf.services.dhcp | 65 | ||||
| -rw-r--r-- | cfengine/cf.services.dns | 49 | ||||
| -rw-r--r-- | cfengine/cf.services.fai | 3 | ||||
| -rw-r--r-- | cfengine/cf.services.file | 256 | ||||
| -rw-r--r-- | cfengine/cf.services.file.tmp.m4 | 51 | ||||
| -rw-r--r-- | cfengine/cf.services.ftp | 35 | ||||
| -rw-r--r-- | cfengine/cf.services.harden | 159 | ||||
| -rw-r--r-- | cfengine/cf.services.web | 350 | ||||
| -rwxr-xr-x | cfengine/cfengine.conf | 18 | ||||
| -rwxr-xr-x | cfengine/script.update_sambashares.sh | 11 |
14 files changed, 0 insertions, 1266 deletions
diff --git a/cfengine/cf.generic b/cfengine/cf.generic deleted file mode 100644 index dd820fe..0000000 --- a/cfengine/cf.generic +++ /dev/null @@ -1,141 +0,0 @@ -############################################################## -# -# cf.generic -# -# This file contains generic config stuff -# -################################################################# - -### -# -# BEGIN cf.generic -# -### - -groups: - All = ( Hr00 ) - peaktime = ( Hr10 Hr11 Hr12 Hr13 Hr14 Hr15 ) - OnTheHour = ( Min00_05 Min5_10 Min10_15 Min15_20 Min20_25 ) - HalfHour = ( Min30_35 Min35_40 Min40_45 Min45_50 Min50_55 ) - -control: - - Access = ( root ) # Only root should run this - - timezone = ( MET CET ) - - Repository = ( /var/backups/cfengine ) - - LocalCommon = ( /etc/local-COMMON ) - - OutputPrefix = ( "cf:$(host)" ) - - netmask = ( 255.255.255.0 ) - -# IfElapsed = ( 15 ) # mins - IfElapsed = ( 1 ) # mins - ExpireAfter = ( 240 ) # 4 timer - SplayTime = ( 1 ) # 1 minute - - SensibleSize = ( 1000 ) - SensibleCount = ( 2 ) - EditfileSize = ( 40000 ) - - MountPattern = ( / ) - HomePattern = ( home* ) - -# DeleteNonUserMail = ( true ) -# DeleteNonOwnerMail = ( true ) - WarnNonOwnerMail = ( true ) - WarnNonUserMail = ( true ) - - # - # If we undefine this with cfengine -N longjob - # then we switch off all jobs labelled with this class - # - - AddClasses = ( longjob ) - - CheckAlias = ( "/usr/bin/test" ) - - actionsequence = ( - checktimezone - #resolve - editfiles - directories - copy - tidy - shellcommands - links - processes - ) - -broadcast: - ones - -tidy: - /tmp/ pat=* r=inf A=1 - /var/tmp pat=* r=inf A=2 - / pat=core r=1 A=0 - /etc pat=core r=1 A=0 - /var/lib/horde2 pat=sess_* r=inf A=2 - -links: - /dev/core -> /proc/kcore - -ignore: # Don't check or tidy these directories - - /local/lib/gnu/emacs/lock/ - /local/tmp - ftp - projects - /local/bin/top - /local/lib/tex/fonts - /local/iu/etc - /local/etc - /local/iu/httpd/conf - /usr/tmp/locktelelogic - /usr/tmp/lockIDE - RootMailLog - operator - lock - - # - # Emacs lock files etc - # - - !* - /local/lib/xemacs - - # - # X11 keeps X server data in /tmp/.X11 - # better not delete this! - # - - .X* - .ICE* - .font* - .gnomeicu* - .sawfish* - darxsock.* - mcop* - orbit* - ssh* - .Media* - /tmp/.gdm_socket - - session_mm_apache* - -##################################################################### - -disable: - - /etc/hosts.equiv -# /etc/nologin - /usr/lib/sendmail.fc - -### -# -# END cf.generic -# -### diff --git a/cfengine/cf.isp b/cfengine/cf.isp deleted file mode 100644 index e0d794f..0000000 --- a/cfengine/cf.isp +++ /dev/null @@ -1,51 +0,0 @@ -############################################################## -# -# cf.main.$isp -# -# This file contains generic config stuff -# -################################################################# - -### -# -# BEGIN cf.main.$isp -# -### - -control: - wol|cc|wp|tdk|sunrise:: - timezone = ( MET CET ) - - dnai:: - timezone = ( PST ) - -resolve: - wol:: # Tiscali (World Online) [dk] http://www.worldonline.dk/support/tekinfo/tekinfo.html - 212.54.64.170 # ns.worldonline.dk - 212.54.64.171 # ns2.worldonline.dk - - cc:: # CyberCity [dk] http://www.cybercity.dk/support/ - 212.242.40.3 # dns1.cybercity.dk - 212.242.40.51 # dns2.cybercity.dk - - wp:: # WebPartner [dk] http://www.webpartner.dk/htdocs/kunde_service/general_info.htm - 195.184.96.2 # ns.tjantik.dk - 195.184.96.3 # ns2.tjantik.dk - - tdk:: # TeleDanmark [dk] http://internet.opasia.dk/abonnement/netexpres/tech_spec.html - 194.239.134.83 # ns3.tele.dk - 193.162.153.164 # ns3.inet.tele.dk - - dnai:: # DNAI [us, calif.] http://www.dnai.com/helpdesk/gettingconnected - 207.181.192.141 # hopf.dnai.com - 207.181.194.14 # ida.bkly.dnai.com - - sunrise:: # Sunrise Freesurf [ch] http://go.sunrise.ch/en/fre_faq/default.asp - 194.158.230.53 # dnspn1.spectraweb.ch - 194.158.230.54 # dnspn2.spectraweb.ch - -### -# -# END cf.main.$isp -# -### diff --git a/cfengine/cf.services b/cfengine/cf.services deleted file mode 100644 index 3071075..0000000 --- a/cfengine/cf.services +++ /dev/null @@ -1,18 +0,0 @@ -import: - NameServer:: - $(cfroot)/cf.services.dns - FileServer:: - $(cfroot)/cf.services.file - FTPServer:: - $(cfroot)/cf.services.ftp - WWWServer:: - $(cfroot)/cf.services.web - DHCPServer:: - $(cfroot)/cf.services.dhcp -# FAIServer:: -# $(cfroot)/cf.services.fai -# SpamAssServer:: -# $(cfroot)/cf.services.spamass - any:: - $(cfroot)/cf.services.harden - $(cfroot)/cf.services.all diff --git a/cfengine/cf.services.all b/cfengine/cf.services.all deleted file mode 100644 index 58cb3c3..0000000 --- a/cfengine/cf.services.all +++ /dev/null @@ -1,59 +0,0 @@ -groups: - potato = ( '/bin/grep -q 2.2 /etc/debian_version' ) - woody = ( '/bin/grep -q 3.0 /etc/debian_version' ) - -editfiles: - DebMirrorClient.potato:: - { /etc/apt/sources.list - BeginGroupIfFileIsNewer "$(LocalCommon)/apt/sources.list.DEBMIRROR.potato" - EmptyEntireFilePlease - SetLine "# DO NOT EDIT - auto-created by cfengine $(date)" - PrependIfNoLineMatching "^# .* cfengine .*" - InsertFile "$(LocalCommon)/apt/sources.list.DEBMIRROR.potato" - EndGroup - } - DebMirrorClient.woody:: - { /etc/apt/sources.list - BeginGroupIfFileIsNewer "$(LocalCommon)/apt/sources.list.DEBMIRROR.woody" - EmptyEntireFilePlease - SetLine "# DO NOT EDIT - auto-created by cfengine $(date)" - PrependIfNoLineMatching "^# .* cfengine .*" - InsertFile "$(LocalCommon)/apt/sources.list.DEBMIRROR.woody" - EndGroup - } - dnai|sunrise.potato:: - { /etc/apt/sources.list - BeginGroupIfFileIsNewer "$(LocalCommon)/apt/sources.list.us.potato" - EmptyEntireFilePlease - SetLine "# DO NOT EDIT - auto-created by cfengine $(date)" - PrependIfNoLineMatching "^# .* cfengine .*" - InsertFile "$(LocalCommon)/apt/sources.list.us.potato" - EndGroup - } - dnai|sunrise.woody:: - { /etc/apt/sources.list - BeginGroupIfFileIsNewer "$(LocalCommon)/apt/sources.list.us.woody" - EmptyEntireFilePlease - SetLine "# DO NOT EDIT - auto-created by cfengine $(date)" - PrependIfNoLineMatching "^# .* cfengine .*" - InsertFile "$(LocalCommon)/apt/sources.list.us.woody" - EndGroup - } - !DebMirrorClient|!dnai|!sunrise.potato:: - { /etc/apt/sources.list - BeginGroupIfFileIsNewer "$(LocalCommon)/apt/sources.list.dk.potato" - EmptyEntireFilePlease - SetLine "# DO NOT EDIT - auto-created by cfengine $(date)" - PrependIfNoLineMatching "^# .* cfengine .*" - InsertFile "$(LocalCommon)/apt/sources.list.dk.potato" - EndGroup - } - !DebMirrorClient|!dnai|!sunrise.woody:: - { /etc/apt/sources.list - BeginGroupIfFileIsNewer "$(LocalCommon)/apt/sources.list.dk.woody" - EmptyEntireFilePlease - SetLine "# DO NOT EDIT - auto-created by cfengine $(date)" - PrependIfNoLineMatching "^# .* cfengine .*" - InsertFile "$(LocalCommon)/apt/sources.list.dk.woody" - EndGroup - } diff --git a/cfengine/cf.services.dhcp b/cfengine/cf.services.dhcp deleted file mode 100644 index 27dcdd3..0000000 --- a/cfengine/cf.services.dhcp +++ /dev/null @@ -1,65 +0,0 @@ -control: - AddInstallable = ( dhcpd_reload dhcpd3 dhcpd3_reload ) - -classes: - # - # Determine if this is a version 3 DHCP server - # - dhcpd3 = ( `/usr/bin/test -x /usr/sbin/dhcpd3` ) - -editfiles: - !dhcpd3:: - { /etc/init.d/dhcp - # - # First of all, this is a DHCP server so let's make it possible - # for DHCP to start. - # - LocateLineMatching "^run_dhcpd=.*" - BeginGroupIfNoLineMatching '^run_dhcpd=1' - ReplaceLineWith 'run_dhcpd=1' - EndGroup - DefineClasses "dhcpd_reload" - } - { /etc/dhcpd.conf - # - # We don't make the dhcp.conf dynamically, but instead we copy the contents - # of a master file, but only if it's newer than the one installed. - # - BeginGroupIfFileExists "/etc/local-COMMON/dhcpd.conf.$(site)" - BeginGroupIfFileIsNewer "/etc/local-COMMON/dhcpd.conf.$(site)" - AutoCreate - EmptyEntireFilePlease - InsertFile "/etc/local-COMMON/dhcpd.conf.$(site)" - Append "# Edited by cfengine $(date)" - EndGroup - DefineClasses "dhcpd_reload" - EndGroup - } - dhcpd3:: - { /etc/dhcp3/dhcpd.conf - # - # We don't make the dhcp.conf dynamically, but instead we copy the contents - # of a master file, but only if it's newer than the one installed. - # - BeginGroupIfFileExists "/etc/local-COMMON/dhcp3/dhcpd_$(fqhost).conf" - BeginGroupIfFileIsNewer "/etc/local-COMMON/dhcp3/dhcpd_$(fqhost).conf" - AutoCreate - EmptyEntireFilePlease - InsertFile "/etc/local-COMMON/dhcp3/dhcpd_$(fqhost).conf" - Append "# Edited by cfengine $(date)" - EndGroup - DefineClasses "dhcpd3_reload" - EndGroup - } - -processes: - !dhcpd3:: - "dhcpd-2.2.x" restart "/etc/init.d/dhcp restart" - dhcpd3:: - "dhcpd3" restart "/etc/init.d/dhcp3-server restart" - -shellcommands: - dhcpd_reload:: - "/etc/init.d/dhcp force-reload" - dhcpd3_reload:: - "/etc/init.d/dhcp3-server force-reload" diff --git a/cfengine/cf.services.dns b/cfengine/cf.services.dns deleted file mode 100644 index 0fe76de..0000000 --- a/cfengine/cf.services.dns +++ /dev/null @@ -1,49 +0,0 @@ -control: - AddInstallable = ( bind_reload ) - -editfiles: -# { /etc/bind/named.conf -# -# TODO... -# BeginGroupIfNoLineContaining "logging " -# BeginGroupIfNoLineMatching '\<logging[[:space:]]*\{' -# Append "logging {" -# Append " category lame-servers { null; };" -# Append " category cname { null; };" -# Append " category response-checks { null; };" -# Append " category statistics { null; };" -# Append "}" -# EndGroup -# WarnIfNoLineMatching '\<logging[[:space:]]*\{' -# LocateLineMatching '\<logging[[:space:]]*\{' -# AbortAtLineMatching '\}' -# -> AppendIfNoLineMatching '\<category[[:blank:]]*lame-servers\>' -# Append " category lame-servers { null; };" -# EndGroup -# BeginGroupIfNoLineMatching '\<category[[:blank:]]*cname\>' -# Append " category cname { null; };" -# EndGroup -# BeginGroupIfNoLineMatching '\<category[[:blank:]]*response-checks\>' -# Append " category response-checks { null; };" -# EndGroup -# BeginGroupIfNoLineMatching '\<category[[:blank:]]*statistics\>' -# Append " category statistics { null; };" -# EndGroup -# -# } - -# { /etc/bind/named.conf -# BeginGroupIfFileExists "/etc/local-COMMON/bind/named_$(fqhost).conf" -# BeginGroupIfNoLineMatching '^include[[:blank:]]"/etc/local-COMMON/bind/named_$(fqhost).conf";.*' -# Append '// BEGIN EDITED BY CFENGINE $(date)' -# Append 'include "/etc/local-COMMON/bind/named_$(fqhost).conf";' -# Append '// END EDITED BY CFENGINE $(date)' -# EndGroup -# DefineClasses "bind_reload" -# EndGroup -# } - -shellcommands: - bind_reload:: - "/etc/init.d/bind force-reload" - "/etc/init.d/bind9 force-reload" diff --git a/cfengine/cf.services.fai b/cfengine/cf.services.fai deleted file mode 100644 index ae7e7b2..0000000 --- a/cfengine/cf.services.fai +++ /dev/null @@ -1,3 +0,0 @@ -editfiles: - { /etc/fai.conf - } diff --git a/cfengine/cf.services.file b/cfengine/cf.services.file deleted file mode 100644 index 38bd0a0..0000000 --- a/cfengine/cf.services.file +++ /dev/null @@ -1,256 +0,0 @@ -control: - AddInstallable = ( samba samba_reload netatalk netatalk_reload lprng lprng_reload cups cups_reload ) - -classes: - # - # Determine if this is a samba server, netatalk server or both, and define - # classes based on that. - # - samba = ( `/usr/bin/test -x /usr/sbin/smbd` ) - netatalk = ( `/usr/bin/test -x /usr/sbin/afpd` ) - - # - # Determine which print system is in use, and define classes based on that. - # We only support lprng and cups - # - lprng = ( `/usr/bin/test -x /usr/sbin/lpd` ) - cups = ( `/usr/bin/test -x /usr/sbin/cupsd` ) - -editfiles: - samba.lprng:: - { /etc/samba/smb.conf - AppendIfNoSuchLine "include = /etc/samba/smb-printers-lprng.conf" - } - samba.cups:: - { /etc/samba/smb.conf - AppendIfNoSuchLine "include = /etc/samba/smb-printers-cups.conf" - } - - samba:: - { /etc/samba/smb.conf - # - # Global stuff - # - # Remove share and printer declarations from main smb.conf. The - # configuration is split up in the following files: - # - smb.conf - # - smb-shares.conf - # - smb-printers-[cups|lprng].conf - # - LocateLineMatching "^\[homes\]" - DeleteNLines "100" - CatchAbort - ResetSearch "1" - # - # workgroup = $(site) - # - LocateLineMatching "^[;[:blank:]]*workgroup[[:blank:]]*=.*" - BeginGroupIfNoLineMatching '^[[:blank:]]*workgroup[[:blank:]]*=[[:blank:]]*$(site)[[:blank:]]*' - ReplaceLineWith ' workgroup = $(site)' - EndGroup - CatchAbort - BeginGroupIfNoMatch '^[[:blank:]]*workgroup[[:blank:]]*=[[:blank:]]*$(site)[[:blank:]]*' - InsertLine ' workgroup = $(site)' - EndGroup - # - # wins support = yes - # - LocateLineMatching "^[;[:blank:]]*wins support[[:blank:]]*=.*" - BeginGroupIfNoLineMatching "^[[:blank:]]*wins support[[:blank:]]*=[[:blank:]]*yes[[:blank:]]*" - ReplaceLineWith ' wins support = yes' - EndGroup - CatchAbort - BeginGroupIfNoMatch "^[[:blank:]]*wins support[[:blank:]]*=[[:blank:]]*yes[[:blank:]]*" - InsertLine ' wins support = yes' - EndGroup - # - # os level = 65 - # - LocateLineMatching "^[;[:blank:]]*os level[[:blank:]]*=.*" - BeginGroupIfNoLineMatching "^[[:blank:]]*os level[[:blank:]]*=[[:blank:]]*65[[:blank:]]*" - ReplaceLineWith ' os level = 65' - EndGroup - CatchAbort - BeginGroupIfNoMatch "^[[:blank:]]*os level[[:blank:]]*=[[:blank:]]*65[[:blank:]]*" - InsertLine ' os level = 65' - EndGroup - # - # domain master = yes - # - LocateLineMatching "^[;[:blank:]]*domain master[[:blank:]]*=.*" - BeginGroupIfNoLineMatching "^[[:blank:]]*domain master[[:blank:]]*=[[:blank:]]*yes[[:blank:]]*" - ReplaceLineWith ' domain master = yes' - EndGroup - CatchAbort - BeginGroupIfNoMatch "^[[:blank:]]*domain master[[:blank:]]*=[[:blank:]]*yes[[:blank:]]*" - InsertLine ' domain master = yes' - EndGroup - # - # local master = yes - # - LocateLineMatching "^[;[:blank:]]*local master[[:blank:]]*=.*" - BeginGroupIfNoLineMatching "^[[:blank:]]*local master[[:blank:]]*=[[:blank:]]*yes" - ReplaceLineWith ' local master = yes' - EndGroup - CatchAbort - BeginGroupIfNoMatch "^[[:blank:]]*local master[[:blank:]]*=[[:blank:]]*yes[[:blank:]]*" - InsertLine ' local master = yes' - EndGroup - # - # logon drive = Z: - # - LocateLineMatching "^[;[:blank:]]*logon drive[[:blank:]]*=.*" - BeginGroupIfNoLineMatching "^[[:blank:]]*logon drive[[:blank:]]*=[[:blank:]]*Z:[[:blank:]]*" - ReplaceLineWith ' logon drive = Z:' - EndGroup - CatchAbort - BeginGroupIfNoMatch "^[[:blank:]]*logon drive[[:blank:]]*=[[:blank:]]*Z:[[:blank:]]*" - InsertLine ' logon drive = Z:' - EndGroup - # - # logon script = logon-$(fqhost).bat - # - LocateLineMatching "^[;[:blank:]]*logon script[[:blank:]]*=.*" - BeginGroupIfNoLineMatching "^[[:blank:]]*logon script[[:blank:]]*=[[:blank:]]*logon-$(fqhost).bat[[:blank:]]*" - ReplaceLineWith ' logon script = logon-$(fqhost).bat' - EndGroup - CatchAbort - BeginGroupIfNoMatch "^[[:blank:]]*logon script[[:blank:]]*=[[:blank:]]*logon-$(fqhost).bat[[:blank:]]*" - InsertLine ' logon script = logon-$(fqhost).bat' - EndGroup - # - # domain logons = yes - # - LocateLineMatching "^[;[:blank:]]*domain logons[[:blank:]]*=.*" - BeginGroupIfNoLineMatching "^[[:blank:]]*domain logons[[:blank:]]*=[[:blank:]]*yes[[:blank:]]*" - ReplaceLineWith ' domain logons = yes' - EndGroup - CatchAbort - BeginGroupIfNoMatch "^[[:blank:]]*domain logons[[:blank:]]*=[[:blank:]]*yes[[:blank:]]*" - InsertLine ' domain logons = yes' - EndGroup - # - # logon home = \\%N\USERPROFILES\%U - # - LocateLineMatching "^[;[:blank:]]*logon home[[:blank:]]*=.*" - BeginGroupIfNoLineMatching "^[[:blank:]]*logon home[[:blank:]]*=[[:blank:]]*[\\][\\]%N[\\]USERPROFILES[\\]%U[[:blank:]]*" - ReplaceLineWith ' logon home = \\%N\USERPROFILES\%U' - EndGroup - CatchAbort - BeginGroupIfNoMatch "^[[:blank:]]*logon home[[:blank:]]*=[[:blank:]]*[\\][\\]%N[\\]USERPROFILES[\\]%U[[:blank:]]*" - InsertLine ' logon home = \\%N\USERPROFILES\%U' - EndGroup - # - # preferred master = yes - # - LocateLineMatching "^[;[:blank:]]*preferred master[[:blank:]]*=.*" - BeginGroupIfNoLineMatching "^[[:blank:]]*preferred master[[:blank:]]*=[[:blank:]]*yes[[:blank:]]*" - ReplaceLineWith ' preferred master = yes' - EndGroup - CatchAbort - BeginGroupIfNoMatch "^[[:blank:]]*preferred master[[:blank:]]*=[[:blank:]]*yes[[:blank:]]*" - InsertLine ' preferred master = yes' - EndGroup - # - # character set = ISO8859-1 - # - LocateLineMatching "^[;[:blank:]]*character set[[:blank:]]*=.*" - BeginGroupIfNoLineMatching "^[[:blank:]]*character set[[:blank:]]*=[[:blank:]]*ISO8859-1[[:blank:]]*" - ReplaceLineWith ' character set = ISO8859-1' - EndGroup - CatchAbort - BeginGroupIfNoMatch "^[[:blank:]]*character set[[:blank:]]*=[[:blank:]]*ISO8859-1[[:blank:]]*" - InsertLine ' character set = ISO8859-1' - EndGroup - # - # client code page = 850 - # - LocateLineMatching "^[;[:blank:]]*client code page[[:blank:]]*=.*" - BeginGroupIfNoLineMatching "^[[:blank:]]*client code page[[:blank:]]*=[[:blank:]]*850[[:blank:]]*" - ReplaceLineWith ' client code page = 850' - EndGroup - CatchAbort - BeginGroupIfNoMatch "^[[:blank:]]*client code page[[:blank:]]*=[[:blank:]]*850[[:blank:]]*" - InsertLine ' client code page = 850' - EndGroup - - # - # Append the include lines for the shares definition file - # - AppendIfNoSuchLine "include = /etc/samba/smb-shares.conf" - DefineClasses "samba_reload" - } - - # - # Batch file for mounting shares automatically - # - { /etc/samba/netlogon/logon-$(fqhost).bat - # - # We don't make this file dynamically, but instead we copy the contents - # of a master file, but only if it's newer than the one installed. - # - AutoCreate - BeginGroupIfFileIsNewer "/etc/local-COMMON/samba/netlogon/logon-$(fqhost).bat" - EmptyEntireFilePlease - Append "@echo off" - Append "rem DO NOT EDIT - auto-created by cfengine $(date)" - InsertFile "/etc/local-COMMON/samba/netlogon/logon-$(fqhost).bat" - EndGroup - FixEndOfLine "dos" - } - - # - # Check if the shares definitions have changed - # - { /etc/samba/smb-shares.conf - AutoCreate - BeginGroupIfFileIsNewer "/etc/local-COMMON/file-$(fqhost).m4" - EmptyEntireFilePlease - SetLine "# DO NOT EDIT - auto-created by cfengine $(date)" - PrependIfNoLineMatching "^# .* cfengine .*" - RunScript "/etc/local-COMMON/cfengine/script.update_sambashares.sh" - EndGroup - DefineClasses "samba_reload" - } - - lprng:: - # - # Printer configuration stuff - # - { /etc/printcap - # - # We don't make the printcap dynamically, but instead we copy the contents - # of a master file, but only if it's newer than the one installed. - # - BeginGroupIfFileIsNewer "/etc/local-COMMON/printcap.$(fqhost)" - SetLine "# DO NOT EDIT - auto-created by cfengine $(date)" - PrependIfNoLineMatching "^# .* cfengine .*" - EmptyEntireFilePlease - InsertFile "/etc/local-COMMON/printcap.$(fqhost)" - EndGroup - DefineClasses "lprng_reload" - } - - samba_reload:: - { /etc/samba/smb.conf - LocateLineMatching "^; EDITED BY CFENGINE .*" - ReplaceAll '; EDITED BY CFENGINE .*$' With '; EDITED BY CFENGINE $(date)' - CatchAbort - BeginGroupIfNoMatch "^; EDITED BY CFENGINE .*" - Append '; EDITED BY CFENGINE $(date)' - EndGroup - } - -processes: - "smbd" restart "/etc/init.d/samba restart" - "afpd" restart "/etc/init.d/netatalk restart" - -shellcommands: - samba_reload:: - "/etc/init.d/samba force-reload" - netatalk_reload:: - "/etc/init.d/netatalk force-reload" - lprng_reload:: - "/etc/init.d/lprng force-reload" - cups_reload:: - "/etc/init.d/cups force-reload" diff --git a/cfengine/cf.services.file.tmp.m4 b/cfengine/cf.services.file.tmp.m4 deleted file mode 100644 index 72f94b2..0000000 --- a/cfengine/cf.services.file.tmp.m4 +++ /dev/null @@ -1,51 +0,0 @@ -ifelse(` -/etc/cfengine/cf.services.file.tmp.m4 -Copyright 2002 Jonas Smedegaard <dr@jones.dk> - -$Id: cf.services.file.tmp.m4,v 1.3 2002-08-06 13:26:01 jonas Exp $ - -cfengine m4 skeleton file for cleaning up Samba and Netatalk shares - -Usage: m4 -DFQDN=<FQDN> /etc/local-COMMON/cfengine/cf.services.file.tmp.m4 > /tmp/cf.services.file - -Depend on file /etc/local-COMMON/file-<FQDN>.m4 containing lines of -the following syntax: - _dir(<os>,<path>,<uid>,<gid>,<modes>)dnl - _home(<os>,<mount>,<desc>,<path>[,ro])dnl - _files(<os>,<mount>,<desc>,<path>,<uid>,<gid>,<modes>[,ro[,<group>]|,rw,<group>[,<othergroup>]])dnl -where - <os>: Client operating systems (mac|win|any) - <mount>: Mount point name (Samba: single word and max. 8 characters for backwards compatibility) - <desc>: Mount point description (iso8859-1 is (fully?) supported). - <uid>: user name of mountpoint owner - <gid>: group name of mountpoint owner - <modes>: Numeric access modes of mount point - <path>: Full path to mount point - <group>: Primary group with (readonly) access to mountpoint. Public (or whatever limited by filesystem) readonly access if omitted - <othergroup>: Secondary group with readonly access - -Example: - - _dir(any,/home/fsadmin/COMMON,fsadmin,fsadmin,755)dnl - _homefiles(win,homes,Personal files,%H/pc)) - _homefiles(mac,,Personal files,~/mac)) - _files(win,soft,softshare,/home/fsadmin/COMMON/software,fsadmin,fsadmin,775)dnl - _printer(win,LW,Networkprinter queue for Apple LaserWriter 16/600,/tmp,lw) - -')dnl -define(_tab,` ')dnl -define(_dir,_tab$2 - mode=$5 - owner=$3 - group=$4 -)dnl -define(_homefiles,`')dnl -define(_printer,`')dnl -define(_files,_dir($1,$4,$5,$6,$7))dnl -control: - AddInstallable = ( samba samba_reload netatalk netatalk_reload ) - - actionsequence = ( directories ) - -directories: -include(/etc/local-COMMON/file-FQDN.m4)dnl diff --git a/cfengine/cf.services.ftp b/cfengine/cf.services.ftp deleted file mode 100644 index 90b152f..0000000 --- a/cfengine/cf.services.ftp +++ /dev/null @@ -1,35 +0,0 @@ -control: - AddInstallable = ( proftpd_reload ) -editfiles: - { /etc/proftpd.conf - DefineClasses "proftpd_reload" - AbortAtLineMatching "^[[:blank:]]*VirtualHost[[:blank:]]*.*$" - # - # ListOptions "-la" - # - WarnIfNoLineMatching "^[[:blank:]]*ListOptions[[:blank:]].*$" - BeginGroupIfNoLineMatching "^[[:blank:]]*ListOptions[[:blank:]].*$" - Append 'ListOptions "-la" # Added by cfengine' - EndGroup - LocateLineMatching "^[[:blank:]]*ListOptions[[:blank:]].*$" - BeginGroupIfNoLineMatching '^[[:blank:]]*ListOptions[[:blank:]]"-la"([[:blank:]]+(#.*)?)?$' - ReplaceLineWith 'ListOptions "-la" # Edited by cfengine' - EndGroup - # - # DefaultRoot ~ - # - WarnIfNoLineMatching "^[[:blank:]]*DefaultRoot[[:blank:]].*$" - BeginGroupIfNoLineMatching "^[[:blank:]]*DefaultRoot[[:blank:]].*$" - Append 'DefaultRoot ~' - EndGroup - LocateLineMatching "^[[:blank:]]*DefaultRoot[[:blank:]].*$" - BeginGroupIfNoLineMatching "^[[:blank:]]*DefaultRoot[[:blank:]]+~$" - ReplaceLineWith 'DefaultRoot ~' - EndGroup - UnsetAbort "^[[:blank:]]*VirtualHost[[:blank:]]*.*$" - } -processes: - "proftpd" restart "/etc/init.d/proftpd restart" -shellcommands: - proftpd_reload:: - "/etc/init.d/proftpd force-reload" diff --git a/cfengine/cf.services.harden b/cfengine/cf.services.harden deleted file mode 100644 index b00d5e5..0000000 --- a/cfengine/cf.services.harden +++ /dev/null @@ -1,159 +0,0 @@ -control: - AddInstallable = ( install_logcheck ) - - logcheck = ( /etc/logcheck ) - - # $type indicates machine type (workstation or server). Used for logcheck paths - Standalone|LtspServer:: type = ( workstation ) - !(Standalone|LtspServer):: type = ( server ) - -groups: - install_logcheck = ( '/usr/bin/test ! -e /usr/sbin/logcheck' ) - - #Define classes according to the installed MTA - runs_postfix = ( '/usr/bin/test -e /usr/sbin/postfix' ) - -editfiles: - # AIDE section - { /etc/aide/aide.conf - # - # Devices = p+i+n+u+g+s+b+md5+sha1 - # - # Ignore ctime - some devices change ctime when used (ttySx with hylafax) - # - BeginGroupIfNoLineMatching "^[[:blank:]]*Devices[[:blank:]]*=.*" - Append "Devices = p+i+n+u+g+s+b+md5+sha1 # Added by cfengine" - EndGroup - LocateLineMatching "^[[:blank:]]*Devices[[:blank:]]*=.*" - BeginGroupIfNoLineMatching "^[[:blank:]]*Devices[[:blank:]]*=[[:blank:]][\+pinugsbmd5sha1]*([[:blank:]]+(#.*)?)?" - ReplaceLineWith "Devices = p+i+n+u+g+s+b+md5+sha1 # Edited by cfengine" - EndGroup - # - # #/var/log... - # - # Ignore logfiles - Aide can't handle rotation - # - HashCommentLinesMatching "^/var/log.*" - # - # !/dev/xconsole - # !/dev/core - # !/dev/ttyS* - # - LocateLineMatching "^[[:blank:]]*\!/dev/.*" - CatchAbort - BeginGroupIfNoLineMatching "^[[:blank:]]*\!/dev/.*" - GotoLastLine - EndGroup - DeleteLinesMatching "^\!/dev/xconlsole # Added by cfengine" - BeginGroupIfNoLineMatching "^[[:blank:]]*\!/dev/xconsole([[:blank:]]+(#.*)?)?" - InsertLine "!/dev/xconsole # Added by cfengine" - EndGroup - BeginGroupIfNoLineMatching "^[[:blank:]]*\!/dev/core([[:blank:]]+(#.*)?)?" - InsertLine "!/dev/core # Added by cfengine" - EndGroup - BeginGroupIfNoLineMatching "^[[:blank:]]*\!/dev/ttyS\*([[:blank:]]+(#.*)?)?" - InsertLine "!/dev/ttyS* # Added by cfengine" - EndGroup - } - ## integrit section - { /etc/integrit/integrit.conf - # - # Uncomment suggested defaults - # - SetCommentStart "# " - SetCommentEnd "" - UnCommentLinesMatching "^# root=/" - UnCommentLinesMatching "^# known=/var/lib/integrit/.*" - UnCommentLinesMatching "^# current=/var/lib/integrit/.*" - UnCommentLinesMatching "^# !/cdrom" - UnCommentLinesMatching "^# !/dev" - UnCommentLinesMatching "^# !/etc" - UnCommentLinesMatching "^# !/floppy" - UnCommentLinesMatching "^# !/home" - UnCommentLinesMatching "^# !/lost\+found" - UnCommentLinesMatching "^# !/mnt" - UnCommentLinesMatching "^# !/proc" - UnCommentLinesMatching "^# !/root" - UnCommentLinesMatching "^# !/tmp" - UnCommentLinesMatching "^# !/var" - UnCommentLinesMatching "^# =/usr/include" - UnCommentLinesMatching "^# =/usr/X11R6/include" - UnCommentLinesMatching "^# =/usr/doc" - UnCommentLinesMatching "^# =/usr/info" - UnCommentLinesMatching "^# =/usr/share" - UnCommentLinesMatching "^# =/usr/X11R6/man" - UnCommentLinesMatching "^# =/usr/X11R6/lib/X11/fonts" - UnCommentLinesMatching "^# !/usr/local" - UnCommentLinesMatching "^# !/usr/src" - AppendIfNoSuchLine "!/initrd" - AppendIfNoSuchLine "!/.journal" - AppendIfNoSuchLine "!/usr/local" - AppendIfNoSuchLine "!/usr/src" - AppendIfNoSuchLine "!/dev/cpu/mtrr" - AppendIfNoSuchLine "!/sys" - AppendIfNoSuchLine "!/media" - } - { /etc/integrit/integrit.debian.conf - # - # Make sure CONFIGS is set to /etc/integrit/integrit.conf - # - LocateLineMatching "^CONFIGS=.*" - BeginGroupIfNoLineMatching '^CONFIGS="/etc/integrit/integrit.conf"' - ReplaceLineWith 'CONFIGS="/etc/integrit/integrit.conf"' - EndGroup - } -# BROKEN!!! See Debian bug#153420 -# { /etc/cron.daily/integrit -# # -# # Uncomment defaults -# # -# SetCommentStart " # ! " -# SetCommentEnd "" -# UnCommentLinesMatching " # ! if .*" -# UnCommentLinesMatching " # ! fi" -# } - - ## logcheck section -copy: - #The linktype is necessary for links to be replaced with files. - any:: - $(LocalCommon)/logcheck/ignore.d.server/local dest=$(logcheck)/ignore.d.server/local linktype=copy - $(LocalCommon)/logcheck/ignore.d.workstation/local dest=$(logcheck)/ignore.d.workstation/local linktype=copy - $(LocalCommon)/logcheck/violations.ignore.d/local dest=$(logcheck)/violations.ignore.d/local linktype=copy -# NameServer:: -# $(LocalCommon)/logcheck/ignore.d.$(type)/bind dest=$(logcheck)/ignore.d/local-bind linktype=copy -# $(LocalCommon)/logcheck/violations.ignore.d/bind dest=$(logcheck)/violations.ignore.d/local-bind linktype=copy -# -# FileServer:: -# $(LocalCommon)/logcheck/ignore.d.$(type)/samba dest=$(logcheck)/ignore.d/local-samba linktype=copy -# $(LocalCommon)/logcheck/ignore.d.$(type)/netatalk dest=$(logcheck)/ignore.d/local-netatalk linktype=copy -# $(LocalCommon)/logcheck/violations.ignore.d/samba dest=$(logcheck)/violations.ignore.d/local-samba linktype=copy -# -# DHCPServer:: -# $(LocalCommon)/logcheck/ignore.d.$(type)/dhcp dest=$(logcheck)/ignore.d/local-dhcp linktype=copy -# $(LocalCommon)/logcheck/ignore.d.$(type)/dhcp3-common dest=$(logcheck)/ignore.d/local-dhcp3-common linktype=copy -# -# WWWServer:: -# -# FTPServer:: -# $(LocalCommon)/logcheck/ignore.d.$(type)/proftpd dest=$(logcheck)/ignore.d/local-proftpd linktype=copy -# $(LocalCommon)/logcheck/violations.ignore.d/proftpd dest=$(logcheck)/violations.ignore.d/local-proftpd linktype=copy -# -# IMAPServer:: -# $(LocalCommon)/logcheck/ignore.d.$(type)/uw-imap dest=$(logcheck)/ignore.d/local-uw-imap linktype=copy -# -# SpamAssServer:: -# $(LocalCommon)/logcheck/ignore.d.$(type)/spamassassin dest=$(logcheck)/ignore.d/local-spamassassin linktype=copy -# -# runs_postfix:: -# $(LocalCommon)/logcheck/ignore.d.$(type)/postfix dest=$(logcheck)/ignore.d/local-postfix linktype=copy -# $(LocalCommon)/logcheck/violations.ignore.d/postfix dest=$(logcheck)/violations.ignore.d/local-postfix linktype=copy -# -# any:: -# $(LocalCommon)/logcheck/ignore.d.$(type)/ssh dest=$(logcheck)/ignore.d/local-ssh linktype=copy -# $(LocalCommon)/logcheck/violations.ignore.d/ssh dest=$(logcheck)/violations.ignore.d/local-ssh linktype=copy - -shellcommands: - install_logcheck:: - # Install logcheck if not installed already -#BAD!!! "/usr/bin/yes no | /usr/bin/apt-get -q=2 install logcheck" diff --git a/cfengine/cf.services.web b/cfengine/cf.services.web deleted file mode 100644 index 7392235..0000000 --- a/cfengine/cf.services.web +++ /dev/null @@ -1,350 +0,0 @@ -control: - AddInstallable = ( apache_reload ) -editfiles: - { /etc/apache/httpd.conf - DefineClasses "apache_reload" - # - # ServerAdmin webmaster@$(domain) - # - # (Try to add it _before_ virtual hosts) - # - WarnIfNoLineMatching "^[[:blank:]]*ServerAdmin[[:blank:]].*" - BeginGroupIfNoLineMatching "^[[:blank:]]*ServerAdmin[[:blank:]].*" - BeginGroupIfNoLineMatching "^(### Section 3: Virtual Hosts|#?NameVirtualHost.*|#?VirtualHost.*)$" - Append "ServerAdmin webmaster@$(domain)" - EndGroup - BeginGroupIfNoLineMatching "^[[:blank:]]*ServerAdmin[[:blank:]].*" - LocateLineMatching "^(### Section 3: Virtual Hosts|#?NameVirtualHost.*|#?VirtualHost.*)$" - InsertLine "ServerAdmin webmaster@$(domain)" - EndGroup - EndGroup - LocateLineMatching "^[[:blank:]]*ServerAdmin[[:blank:]].*" - BeginGroupIfNoLineMatching "^[[:blank:]]*ServerAdmin[[:blank:]]*webmaster@$(domain)[[:blank:]]*$" - ReplaceLineWith "ServerAdmin webmaster@$(domain)" - EndGroup - # - # Make space for cfengine hacks - # - # (Try to add it _before_ virtual hosts) - # - ResetSearch "1" - BeginGroupIfNoSuchLine "# BEGIN CFENGINE" - BeginGroupIfNoLineMatching "^(### Section 3: Virtual Hosts|#?NameVirtualHost.*|#?VirtualHost.*)$" - Append "" - Append "# BEGIN CFENGINE" - Append "# END CFENGINE" - EndGroup - BeginGroupIfNoLineMatching "^# BEGIN CFENGINE$" - LocateLineMatching "^(### Section 3: Virtual Hosts|#?NameVirtualHost.*|#?VirtualHost.*)$" - IncrementPointer "-1" - InsertLine "" - InsertLine "# BEGIN CFENGINE" - InsertLine "# END CFENGINE" - InsertLine "" - EndGroup - EndGroup - # - # LoadModule php3_module /usr/lib/apache/1.3/libphp3.so - # - # <IfModule libphp3.c> - # php3_display_errors off - # php3_log_errors on - # AddType application/x-httpd-php3 .php3 - # AddType application/x-httpd-php3-source .phps - # </IfModule> - # - BeginGroupIfFileExists "/usr/lib/apache/1.3/libphp3.so" - ResetSearch "1" -# bug! UnCommentLinesMatching "^#[[:blank:]]*LoadModule[[:blank:]]+php3_module[[:blank:]].*" - LocateLineMatching "^#[[:blank:]]*LoadModule[[:blank:]]+php3_module[[:blank:]]+/usr/lib/apache/1.3/libphp3.so$" - ReplaceLineWith "LoadModule php3_module /usr/lib/apache/1.3/libphp3.so" - CatchAbort - AbortAtLineMatching "^# END CFENGINE$" - LocateLineMatching "^# BEGIN CFENGINE$" - BeginGroupIfNoSuchLine "<IfModule libphp3.c>" - InsertLine "<IfModule libphp3.c>" - InsertLine "</IfModule>" - EndGroup - ResetSearch "1" - LocateLineMatching "^# BEGIN CFENGINE$" - LocateLineMatching "^<IfModule libphp3.c>$" - BeginGroupIfNoLineMatching "[[:blank:]]*php3_display_errors off" - InsertLine " php3_display_errors off" - EndGroup - BeginGroupIfNoLineMatching "[[:blank:]]*php3_log_errors on" - InsertLine " php3_log_errors on" - EndGroup - BeginGroupIfNoLineMatching "[[:blank:]]*AddType application/x-httpd-php3 .php3" - InsertLine " AddType application/x-httpd-php3 .php3" - EndGroup - BeginGroupIfNoLineMatching "[[:blank:]]*AddType application/x-httpd-source .phps" - InsertLine " AddType application/x-httpd-source .phps" - EndGroup - UnsetAbort "^# END CFENGINE$" - EndGroup - # - # LoadModule php4_module /usr/lib/apache/1.3/libphp4.so - # - # <IfModule libphp4.c> - # php_flag display_errors off - # php_flag log_errors on - # AddType application/x-httpd-php .phtml .php .inc .php3 - # AddType application/x-httpd-php-source .phps - # </IfModule> - # - BeginGroupIfFileExists "/usr/lib/apache/1.3/libphp4.so" - ResetSearch "1" -# UnCommentLinesMatching "^\#[[:blank:]]*LoadModule[[:blank:]]+php4\_module[[:blank:]].*" - LocateLineMatching "^#[[:blank:]]*LoadModule[[:blank:]]+php4\_module[[:blank:]]+/usr/lib/apache/1.3/libphp4.so$" - ReplaceLineWith "LoadModule php4_module /usr/lib/apache/1.3/libphp4.so" - CatchAbort - AbortAtLineMatching "^# END CFENGINE$" - LocateLineMatching "^# BEGIN CFENGINE$" - BeginGroupIfNoSuchLine "<IfModule libphp4.c>" - InsertLine "<IfModule libphp4.c>" - InsertLine "</IfModule>" - EndGroup - ResetSearch "1" - LocateLineMatching "^# BEGIN CFENGINE$" - LocateLineMatching "^<IfModule libphp4.c>$" - BeginGroupIfNoLineMatching "^.*php_flag[[:blank:]]*display_errors[[:blank:]]*off$" - InsertLine " php_flag display_errors off" - EndGroup - BeginGroupIfNoLineMatching ".*php_flag log_errors on" - InsertLine " php_flag log_errors on" - EndGroup - BeginGroupIfNoLineMatching "[[:blank:]]*AddType application/x-httpd-php .phtml .php .inc .php3" - InsertLine " AddType application/x-httpd-php .phtml .php .inc .php3" - EndGroup - BeginGroupIfNoLineMatching "[[:blank:]]*AddType application/x-httpd-source .phps" - InsertLine " AddType application/x-httpd-source .phps" - EndGroup - UnsetAbort "^# END CFENGINE$" - EndGroup - # - # LoadModule gzip_module /usr/lib/apache/1.3/mod_gzip.so - # - # <IfModule mod_gzip.c> - # mod_gzip_dechunk yes - # mod_gzip_keep_workfiles No - # mod_gzip_temp_dir /tmp - # mod_gzip_minimum_file_size 1002 - # mod_gzip_maximum_file_size 0 - # mod_gzip_maximum_inmem_size 1000000 - # mod_gzip_item_include file "\.htm$" - # mod_gzip_item_include file "\.html$" - # mod_gzip_item_include mime "text/.*" - # mod_gzip_item_include file "\.php$" - # mod_gzip_item_include mime "jserv-servlet" - # mod_gzip_item_include handler "jserv-servlet" - # mod_gzip_item_include mime "application/x-httpd-php.*" - # mod_gzip_item_include mime "httpd/unix-directory" - # mod_gzip_item_exclude file "\.css$" - # mod_gzip_item_exclude file "\.js$" - # mod_gzip_item_exclude file "\.wml$" - # </IfModule> - # - BeginGroupIfFileExists "/usr/lib/apache/1.3/mod_gzip.so" - ResetSearch "1" -# SetCommentStart "#" -# SetCommentEnd "" -# UnCommentLinesMatching "^\#[[:blank:]]*LoadModule[[:blank:]]+gzip_module[[:blank:]].*" - LocateLineMatching "#[[:blank:]]*LoadModule[[:blank:]]+gzip_module[[:blank:]]+/usr/lib/apache/1.3/mod_gzip.so" -# UnCommentNLines "1" - ReplaceLineWith "LoadModule gzip_module /usr/lib/apache/1.3/mod_gzip.so" - CatchAbort - AbortAtLineMatching "^# END CFENGINE$" - LocateLineMatching "^# BEGIN CFENGINE$" - BeginGroupIfNoSuchLine "<IfModule mod_gzip.c>" - InsertLine "<IfModule mod_gzip.c>" - InsertLine "</IfModule>" - EndGroup - ResetSearch "1" - LocateLineMatching "^# BEGIN CFENGINE$" - LocateLineMatching "^<IfModule mod_gzip.c>$" - BeginGroupIfNoLineMatching ' mod_gzip_on yes' - InsertLine ' mod_gzip_on yes' - EndGroup - BeginGroupIfNoLineMatching '[[:blank:]]*mod_gzip_dechunk yes' - InsertLine ' mod_gzip_dechunk yes' - EndGroup - BeginGroupIfNoLineMatching '[[:blank:]]*mod_gzip_keep_workfiles No' - InsertLine ' mod_gzip_keep_workfiles No' - EndGroup - BeginGroupIfNoLineMatching '[[:blank:]]*mod_gzip_temp_dir /tmp' - InsertLine ' mod_gzip_temp_dir /tmp' - EndGroup - BeginGroupIfNoLineMatching '[[:blank:]]*mod_gzip_minimum_file_size 1002' - InsertLine ' mod_gzip_minimum_file_size 1002' - EndGroup - BeginGroupIfNoLineMatching '[[:blank:]]*mod_gzip_maximum_file_size 0' - InsertLine ' mod_gzip_maximum_file_size 0' - EndGroup - BeginGroupIfNoLineMatching '[[:blank:]]*mod_gzip_maximum_inmem_size 1000000' - InsertLine ' mod_gzip_maximum_inmem_size 1000000' - EndGroup - BeginGroupIfNoLineMatching '[[:blank:]]*mod_gzip_item_include file "\\\.htm\$"' - InsertLine ' mod_gzip_item_include file "\.htm$"' - EndGroup - BeginGroupIfNoLineMatching '[[:blank:]]*mod_gzip_item_include file "\\\.html\$"' - InsertLine ' mod_gzip_item_include file "\.html$"' - EndGroup - BeginGroupIfNoLineMatching '[[:blank:]]*mod_gzip_item_include mime "text/\.\*"' - InsertLine ' mod_gzip_item_include mime "text/.*"' - EndGroup - BeginGroupIfNoLineMatching '[[:blank:]]*mod_gzip_item_include file "\\\.php\$"' - InsertLine ' mod_gzip_item_include file "\.php$"' - EndGroup - BeginGroupIfNoLineMatching '[[:blank:]]*mod_gzip_item_include mime "jserv-servlet"' - InsertLine ' mod_gzip_item_include mime "jserv-servlet"' - EndGroup - BeginGroupIfNoLineMatching '[[:blank:]]*mod_gzip_item_include handler "jserv-servlet"' - InsertLine ' mod_gzip_item_include handler "jserv-servlet"' - EndGroup - BeginGroupIfNoLineMatching '[[:blank:]]*mod_gzip_item_include mime "application/x-httpd-php\.\*"' - InsertLine ' mod_gzip_item_include mime "application/x-httpd-php.*"' - EndGroup - BeginGroupIfNoLineMatching '[[:blank:]]*mod_gzip_item_include mime "httpd/unix-directory"' - InsertLine ' mod_gzip_item_include mime "httpd/unix-directory"' - EndGroup - BeginGroupIfNoLineMatching '[[:blank:]]*mod_gzip_item_exclude file "\\\.css\$"' - InsertLine ' mod_gzip_item_exclude file "\.css$"' - EndGroup - BeginGroupIfNoLineMatching '[[:blank:]]*mod_gzip_item_exclude file "\\\.js\$"' - InsertLine ' mod_gzip_item_exclude file "\.js$"' - EndGroup - BeginGroupIfNoLineMatching '[[:blank:]]*mod_gzip_item_exclude file "\\\.wml\$"' - InsertLine ' mod_gzip_item_exclude file "\.wml$"' - EndGroup - UnsetAbort "^# END CFENGINE$" - EndGroup - # - # LoadModule index_rss_module /usr/lib/apache/1.3/mod_index_rss.so - # - # <IfModule mod_index_rss.c> - # IndexRSSEngine On - # </IfModule> - # - BeginGroupIfFileExists "/usr/lib/apache/1.3/mod_index_rss.so" - ResetSearch "1" -# bug! UnCommentLinesMatching "^#[[:blank:]]*LoadModule[[:blank:]]+index_rss_module[[:blank:]].*" - LocateLineMatching "^#[[:blank:]]*LoadModule[[:blank:]]+index_rss_module[[:blank:]]+/usr/lib/apache/1.3/mod_index_rss.so$" - ReplaceLineWith "LoadModule index_rss_module /usr/lib/apache/1.3/mod_index_rss.so" - CatchAbort - AbortAtLineMatching "^# END CFENGINE$" - LocateLineMatching "^# BEGIN CFENGINE$" - BeginGroupIfNoSuchLine "<IfModule mod_index_rss.c>" - InsertLine "<IfModule mod_index_rss.c>" - InsertLine "</IfModule>" - EndGroup - ResetSearch "1" - LocateLineMatching "^# BEGIN CFENGINE$" - LocateLineMatching "^<IfModule mod_index_rss.c>$" - BeginGroupIfNoLineMatching "[[:blank:]]+IndexRSSEngine On" - InsertLine " IndexRSSEngine On" - EndGroup - UnsetAbort "^# END CFENGINE$" - EndGroup - # - # LoadModule pam_auth_module /usr/lib/apache/1.3/mod_auth_pam.so - # - # <IfModule mod_auth_pam.c> - # <Location /> - # AuthPAM_Enabled Off - # </Location> - # </IfModule> - # - BeginGroupIfFileExists "/usr/lib/apache/1.3/mod_auth_pam.so" - ResetSearch "1" -# bug! UnCommentLinesMatching "^#[[:blank:]]*LoadModule[[:blank:]]+pam_auth_module[[:blank:]].*" - LocateLineMatching "^#[[:blank:]]*LoadModule[[:blank:]]+pam_auth_module[[:blank:]]+/usr/lib/apache/1.3/mod_auth_pam.so$" - ReplaceLineWith "LoadModule pam_auth_module /usr/lib/apache/1.3/mod_auth_pam.so" - CatchAbort - AbortAtLineMatching "^# END CFENGINE$" - LocateLineMatching "^# BEGIN CFENGINE$" - BeginGroupIfNoSuchLine "<IfModule mod_auth_pam.c>" - InsertLine "<IfModule mod_auth_pam.c>" - InsertLine " <Location />" - InsertLine " </Location>" - InsertLine "</IfModule>" - EndGroup - ResetSearch "1" - LocateLineMatching "^# BEGIN CFENGINE$" - LocateLineMatching "^<IfModule mod_auth_pam.c>$" - LocateLineMatching "[[:blank:]]+<Location />" - BeginGroupIfNoLineMatching "[[:blank:]]+AuthPAM_Enabled Off" - InsertLine " AuthPAM_Enabled Off" - EndGroup - UnsetAbort "^# END CFENGINE$" - EndGroup - # - # LoadModule authshadow_module /usr/lib/apache/1.3/mod_auth_shadow.so - # - # <IfModule mod_auth_shadow.c> - # <Location /> - # AuthShadow Off - # </Location> - # </IfModule> - # - BeginGroupIfFileExists "/usr/lib/apache/1.3/mod_auth_shadow.so" - ResetSearch "1" -# bug! UnCommentLinesMatching "^#[[:blank:]]*LoadModule[[:blank:]]+authshadow_module[[:blank:]].*" - LocateLineMatching "^#[[:blank:]]*LoadModule[[:blank:]]+authshadow_module[[:blank:]]+/usr/lib/apache/1.3/mod_auth_shadow.so$" - ReplaceLineWith "LoadModule authshadow_module /usr/lib/apache/1.3/mod_auth_shadow.so" - CatchAbort - AbortAtLineMatching "^# END CFENGINE$" - LocateLineMatching "^# BEGIN CFENGINE$" - BeginGroupIfNoSuchLine "<IfModule mod_auth_shadow.c>" - InsertLine "<IfModule mod_auth_shadow.c>" - InsertLine " <Location />" - InsertLine " </Location>" - InsertLine "</IfModule>" - EndGroup - ResetSearch "1" - LocateLineMatching "^# BEGIN CFENGINE$" - LocateLineMatching "^<IfModule mod_auth_shadow.c>$" - LocateLineMatching "[[:blank:]]+<Location />" - BeginGroupIfNoLineMatching "[[:blank:]]+AuthShadow Off" - InsertLine " AuthShadow Off" - EndGroup - UnsetAbort "^# END CFENGINE$" - EndGroup - # - # LoadModule authshadow_module /usr/lib/apache/1.3/mod_xslt.so - # - # <IfModule mod_auth_shadow.c> - # <Location /xslt> - # AddHandler mod_xslt .html - # AddHandler mod_xslt .txt - # </Location> - # </IfModule> - # - BeginGroupIfFileExists "/usr/lib/apache/1.3/mod_auth_shadow.so" - ResetSearch "1" -# bug! UnCommentLinesMatching "^#[[:blank:]]*LoadModule[[:blank:]]+authshadow_module[[:blank:]].*" - LocateLineMatching "^#[[:blank:]]*LoadModule[[:blank:]]+authshadow_module[[:blank:]]+/usr/lib/apache/1.3/mod_auth_shadow.so$" - ReplaceLineWith "LoadModule authshadow_module /usr/lib/apache/1.3/mod_auth_shadow.so" - CatchAbort - AbortAtLineMatching "^# END CFENGINE$" - LocateLineMatching "^# BEGIN CFENGINE$" - BeginGroupIfNoSuchLine "<IfModule mod_auth_shadow.c>" - InsertLine "<IfModule mod_auth_shadow.c>" - InsertLine " <Location />" - InsertLine " </Location>" - InsertLine "</IfModule>" - EndGroup - ResetSearch "1" - LocateLineMatching "^# BEGIN CFENGINE$" - LocateLineMatching "^<IfModule mod_auth_shadow.c>$" - LocateLineMatching "[[:blank:]]+<Location />" - BeginGroupIfNoLineMatching "[[:blank:]]+AuthShadow Off" - InsertLine " AuthShadow Off" - EndGroup - UnsetAbort "^# END CFENGINE$" - EndGroup - } -processes: - "apache" restart "/etc/init.d/apache restart" -shellcommands: - apache_reload:: - "/etc/init.d/apache force-reload" diff --git a/cfengine/cfengine.conf b/cfengine/cfengine.conf deleted file mode 100755 index bf6af30..0000000 --- a/cfengine/cfengine.conf +++ /dev/null @@ -1,18 +0,0 @@ -#!/usr/bin/cfengine -f - -control: - cfroot = ( /etc/local-COMMON/cfengine ) - cforgroot = ( /etc/local-ORG/cfengine ) - -import: - - # - # Split things up to keep things tidy - # - - $(cforgroot)/cf.groups - $(cfroot)/cf.generic - $(cfroot)/cf.isp - $(cforgroot)/cf.site - $(cfroot)/cf.services -# $(cfroot)/cf.motd diff --git a/cfengine/script.update_sambashares.sh b/cfengine/script.update_sambashares.sh deleted file mode 100755 index 4ace9aa..0000000 --- a/cfengine/script.update_sambashares.sh +++ /dev/null @@ -1,11 +0,0 @@ -#!/bin/sh - -# Fail on error - to leave cf_tmpfile for investigation -set -e - -m4 -DFQDN=$(hostname -f) /etc/local-COMMON/samba/smb-shares.conf.m4 >> /etc/samba/smb-shares.conf - -cf_tmpfile=`tempfile -p cf` -m4 -DFQDN=$(hostname -f) /etc/local-COMMON/cfengine/cf.services.file.tmp.m4 > $cf_tmpfile -cfengine -q -f $cf_tmpfile -rm -f $cf_tmpfile |