9 files changed, 305 insertions, 90 deletions

diff --git a/ChangeLog b/ChangeLog
index d17eccf..9eb1c88 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -9,6 +9,143 @@
 
 -- 
 
+2002-04-05 13:49  jonas
+
+	* bind/pri/homebase.dk:
+
+	bind: Add wiki.homebase.dk.
+	
+2002-04-05 12:57  jrisch
+
+	* TODO, bind/pri/xenux.dk:
+
+	general: TODO is modified.
+	bind: xenux.dk modified.
+	
+2002-04-05 09:55  jrisch
+
+	* cfengine/: cf.groups.xenux, cf.site, cf.site.xenux:
+
+	cfengine: Removed some unused sites.
+	
+2002-04-04 20:32  jonas
+
+	* bind/pri/: HOMEBASE, HOMEBASE-DINET, HOMEBASE-PIL, HOMEBASE-TUBA,
+	JONES, JONES-EZ, JONES-MAILONLY, advo-lyngby.dk, biks.dk,
+	haakansson.com, homebase.dk, jones.dk, louiz.dk, peronard.dk,
+	riccos.dk, shared.dk, trappevasken.dk:
+
+	bind: correct SOA headers of domains administered temporarily from A-host.
+	
+2002-04-04 20:14  jonas
+
+	* bind/: named_SPIFF_pri.conf, named_SPIFF_sec.conf:
+
+	bind: add diamond2.dk.
+	
+2002-04-04 19:55  jonas
+
+	* bind/: pri/louiz.dk, named_SPIFF_pri.conf, named_SPIFF_sec.conf:
+
+	bind: add louiz.dk.
+	
+2002-04-04 18:36  jonas
+
+	* logcheck/ignore.d.server/: local, tmp:
+
+	logcheck: some kernel noise (ISDN- and parport-related) ignored.
+	
+2002-04-04 13:49  jrisch
+
+	* bind/pri/juri.dk:
+
+	bind: Modified the juri.dk domain.
+	
+2002-04-04 13:25  jrisch
+
+	* bind/pri/xenux.dk:
+
+	bind: Modified the testhosts - it should be two different hosts.
+	
+2002-04-04 12:56  jrisch
+
+	* bind/pri/xenux.dk:
+
+	bind: Added testwww and testsiteadmin for testing purposes.
+	
+2002-04-02 16:03  jonas
+
+	* samba/: cf.samba.m4, smb-shares.m4,
+	smb_thor.venture.local.conf.m4:
+
+	Work on m4 for samba (unfinished).
+	
+2002-04-02 06:59  jonas
+
+	* imp/ldap.php3:
+
+	imp: New ldap file.
+	
+2002-04-02 06:56  jonas
+
+	* cfengine/cf.services.harden:
+
+	harden: Oops, ignore /initrd, not /initrc...
+	
+2002-04-02 06:51  jonas
+
+	* cfengine/cf.services.harden:
+
+	harden: Uncommenting works now! (solution: the hashmark needs to be included in the match string).
+	
+2002-04-02 06:14  jonas
+
+	* cfengine/cf.services.harden:
+
+	harden: Simplify integrit a bit, and make sure additions are made even if the above fails (grrr).
+	
+2002-03-30 12:44  jonas
+
+	* logcheck/ignore.d.server/tmp:
+
+	logcheck: Ignore all Frontpage-related snort warnings.
+	
+2002-03-30 12:42  jonas
+
+	* cfengine/cf.services.harden:
+
+	cfengine: Ignore journal and local files in integrit.
+	
+2002-03-29 14:11  jonas
+
+	* logcheck/: ignore.d.server/samba, violations.ignore.d/samba:
+
+	logcheck: Merging samba lines (to also catch a few more combinations).
+	
+2002-03-29 14:01  jonas
+
+	* logcheck/: ignore.d.server/samba, violations.ignore.d/samba:
+
+	logcheck: Ignore samba errors of client disappearing from the network.
+	
+2002-03-29 12:26  jonas
+
+	* bind/fake/satsbutikken.local:
+
+	[no log message]
+	
+2002-03-27 03:47  jonas
+
+	* logcheck/ignore.d.server/tmp:
+
+	logcheck: More postgres temp. noise.
+	
+2002-03-26 22:47  jonas
+
+	* ChangeLog:
+
+	Update Changelog.
+	
 2002-03-26 14:12  jonas
 
 	* DK-Hostmaster/domain.3.00.dansk.txt-julius:
diff --git a/cfengine/cf.local.services.file.conf.m4 b/cfengine/cf.local.services.file.conf.m4
new file mode 100644
index 0000000..8991522
--- /dev/null
+++ b/cfengine/cf.local.services.file.conf.m4
@@ -0,0 +1,65 @@
+ifelse(`
+/etc/cfengine/cf.local.services.file.conf.m4
+Copyright 2002 Jonas Smedegaard <dr@jones.dk>
+
+$Id: cf.local.services.file.conf.m4,v 1.1 2002-04-07 23:23:11 jonas Exp $
+
+cfengine m4 skeleton file for cleaning up Samba and Netatalk shares
+
+Usage: m4 -DFQDN=<FQDN> /etc/cfengine/cf.local.services.file.conf.m4 > /tmp/cf.local.services.file.conf
+
+Depend on file /etc/local-COMMON/file-<FQDN>.m4 containing lines of
+the following syntax:
+	_dir(<os>,<path>,<uid>,<gid>,<modes>)dnl
+	_home(<os>,<mount>,<desc>,<path>[,ro])dnl
+	_files(<os>,<mount>,<desc>,<path>,<uid>,<gid>,<modes>[,ro[,<group>]|,rw,<group>[,<othergroup>]])dnl
+where
+	<os>:		Client operating systems (mac|win|any)
+	<mount>:	Mount point name (Samba: single word and max. 8 characters for backwards compatibility)
+	<desc>:		Mount point description (iso8859-1 is (fully?) supported).
+	<uid>:		user name of mountpoint owner
+	<gid>:		group name of mountpoint owner
+	<modes>:	Numeric access modes of mount point
+	<path>:		Full path to mount point
+	<group>:	Primary group with (readonly) access to mountpoint. Public (or whatever limited by filesystem) readonly access if omitted
+	<othergroup>:	Secondary group with readonly access
+
+Example:
+
+	_dir(any,/home/fsadmin/COMMON,fsadmin,fsadmin,755)dnl
+	_homefiles(win,homes,Personal files,%H/pc))
+	_homefiles(mac,,Personal files,~/mac))
+	_files(win,soft,softshare,/home/fsadmin/COMMON/software,fsadmin,fsadmin,775)dnl
+	_printer(win,LW,Networkprinter queue for Apple LaserWriter 16/600,/tmp,lw)
+
+')dnl
+define(_tab,`	')dnl
+define(_dir,_tab$2
+		mode=$5
+		owner=$3
+		group=$4
+)dnl
+define(_homefiles,`')dnl
+define(_files,_dir($1,$4,$5,$6,$7))dnl
+control:
+	AddInstallable = ( samba samba_reload netatalk netatalk_reload )
+	
+	samba_reload::
+		{ /etc/samba/smb-shares-$(fqdn).conf
+			LocateLineMatching "^; EDITED BY CFENGINE .*"
+			ReplaceAll '; EDITED BY CFENGINE .*$' With '; EDITED BY CFENGINE $(date)'
+			CatchAbort
+			BeginGroupIfNoMatch "^; EDITED BY CFENGINE .*"
+			    Append '; EDITED BY CFENGINE $(date)'
+			EndGroup
+		}
+
+directories:
+include(/etc/local-COMMON/file-FQDN.m4)dnl
+
+processes:
+	"smbd"	restart "/etc/init.d/samba restart"
+
+shellcommands:
+    samba_reload::
+	"/etc/init.d/samba force-reload"
diff --git a/samba/smb_gandalf.xenux.local.conf b/file-gandalf.xenux.local
index fd624ba..fd624ba 100644
--- a/samba/smb_gandalf.xenux.local.conf
+++ b/file-gandalf.xenux.local
diff --git a/samba/smb_gandalf.xenux.local.conf.m4 b/file-gandalf.xenux.local.m4
index 4aa5ba6..4aa5ba6 100644
--- a/samba/smb_gandalf.xenux.local.conf.m4
+++ b/file-gandalf.xenux.local.m4
diff --git a/samba/smb_jawa.homebase.dk.conf.m4 b/file-jawa.homebase.dk.m4
index b4452c0..ffbbb88 100644
--- a/samba/smb_jawa.homebase.dk.conf.m4
+++ b/file-jawa.homebase.dk.m4
@@ -2,7 +2,7 @@ dnl
 dnl /etc/samba/smb_jawa.homebase.dk.conf.m4
 dnl Copyright 2002 Jonas Smedegaard <dr@jones.dk>
 dnl
-dnl $Id: smb_jawa.homebase.dk.conf.m4,v 1.4 2002-03-20 20:06:46 jonas Exp $
+dnl $Id: file-jawa.homebase.dk.m4,v 1.1 2002-04-07 23:23:11 jonas Exp $
 dnl
 dnl Samba shares for Homebase Samba server
 dnl
diff --git a/file-thor.venture.local.m4 b/file-thor.venture.local.m4
new file mode 100644
index 0000000..2624c77
--- /dev/null
+++ b/file-thor.venture.local.m4
@@ -0,0 +1,13 @@
+_dir(any,/home/fsadmin/COMMON,fsadmin,fsadmin,755)
+_homefiles(win,homes,Personlige dokumenter,%H/.pcshare)
+_files(win,soft,softshare,/home/fsadmin/COMMON/software,fsadmin,fsadmin,775)
+_files(win,,,$(datashare),fsadmin,fsadmin,775)
+_files(win,admin,Administration,/home/admin/admin,admin,admin,775)
+_files(win,business,Business,/home/business/business,business,business,775)
+_files(win,accounting,Accounting,/home/accounting/accounting,accounting,accounting,775)
+_files(win,graphics,Graphics,/home/graphics/graphics,graphics,graphics,775)
+_files(win,it,IT,/home/it/it,it,it,775)
+_files(win,edu,Education,/home/edu/edu,edu,edu,775)
+_files(win,service,Service,/home/service/service,service,service,775)
+_files(win,netlogon,Network logon,/etc/samba/netlogon,root,root,755)
+_files(win,profiles,Brugerprofiler,/home/fsadmin/COMMON/samba/userprofiles,fsadmin,fsadmin,777)
diff --git a/samba/cf.samba.m4 b/samba/cf.samba.m4
deleted file mode 100644
index 48dc460..0000000
--- a/samba/cf.samba.m4
+++ /dev/null
@@ -1,42 +0,0 @@
-dnl
-dnl /etc/cfengine/cf.samba.m4
-dnl Copyright 2002 Jonas Smedegaard <dr@jones.dk>
-dnl
-dnl $Id: cf.samba.m4,v 1.1 2002-04-02 16:03:04 jonas Exp $
-dnl
-dnl m4 skeleton file for Samba server cfengine cleanup file
-dnl
-define(_tab,`	')dnl
-define(_dir,_tab$1
-		mode=$2
-		owner=$3
-		group=$4
-)dnl
-define(_nonshare,_dir($3,$6,$4,$5))dnl
-define(_share_home,_dir($3,$6,$4,$5))dnl
-define(_share_pc_wrr,_dir($3,$6,$4,$5))dnl
-define(_share_pc_wwr,_dir($3,$6,$4,$5))dnl
-define(_share_pc_www,_dir($3,$6,$4,$5))dnl
-control:
-	AddInstallable = ( samba samba_reload netatalk netatalk_reload )
-	
-	samba_reload::
-		{ /etc/samba/smb-shares-$(fqdn).conf
-			LocateLineMatching "^; EDITED BY CFENGINE .*"
-			ReplaceAll '; EDITED BY CFENGINE .*$' With '; EDITED BY CFENGINE $(date)'
-			CatchAbort
-			BeginGroupIfNoMatch "^; EDITED BY CFENGINE .*"
-			    Append '; EDITED BY CFENGINE $(date)'
-			EndGroup
-		}
-
-directories:
-dnl include(smb_esyscmd(hostname -f).m4)dnl
-include(smb_thor.venture.local.conf.m4)dnl
-
-processes:
-	"smbd"	restart "/etc/init.d/samba restart"
-
-shellcommands:
-    samba_reload::
-	"/etc/init.d/samba force-reload"
diff --git a/samba/smb-shares.m4 b/samba/smb-shares.m4
index 0cf86e4..96f5b7c 100644
--- a/samba/smb-shares.m4
+++ b/samba/smb-shares.m4
@@ -1,25 +1,47 @@
-dnl
-dnl /etc/samba/smb-shares.m4
-dnl Copyright 2002 Jonas Smedegaard <dr@jones.dk>
-dnl
-dnl $Id: smb-shares.m4,v 1.5 2002-04-02 16:03:04 jonas Exp $
-dnl
-dnl m4 share definitions for generating Samba server smb.conf
-dnl
-define(_veto_mac,/.AppleDouble/.AppleDesktop/Network Trash Folder/DesktopFolderDB/resource.frk/Icon^M/TheVolumeSettingsFolder/)dnl
-dnl
-dnl Common share options
-dnl --------------------
-dnl
-dnl	$1 Share name
-dnl	$2 Description
-dnl	$3 Path
-dnl
-define(_share_logon,[$1]
+ifelse(`
+/etc/samba/smb-shares.m4
+Copyright 2002 Jonas Smedegaard <dr@jones.dk>
+
+$Id: smb-shares.m4,v 1.6 2002-04-07 23:23:11 jonas Exp $
+
+m4 share definitions for generating Samba server smb.conf include file
+
+Usage: m4 -DFQDN=<FQDN> /etc/samba/smb-shares.conf.m4 > /etc/samba/smb-shares.conf
+
+Depend on file /etc/local-COMMON/file-<FQDN>.m4 containing lines of
+the following syntax:
+	_dir(<path>,<uid>,<gid>,<modes>)dnl
+	_home(<os>,<mount>,<desc>,<path>[,ro])dnl
+	_files(<os>,<mount>,<desc>,<path>,<uid>,<gid>,<modes>[,ro[,<group>]|,rw,<group>[,<othergroup>]])dnl
+where
+	<os>:		Client operating systems (mac|win|any)
+	<mount>:	Mount point name (Samba: single word and max. 8 characters for backwards compatibility)
+	<desc>:		Mount point description (iso8859-1 is (fully?) supported).
+	<uid>:		user name of mountpoint owner
+	<gid>:		group name of mountpoint owner
+	<modes>:	Numeric access modes of mount point
+	<path>:		Full path to mount point
+	<group>:	Primary group with (readonly) access to mountpoint. Public (or whatever limited by filesystem) readonly access if omitted
+	<othergroup>:	Secondary group with readonly access
+
+Example:
+
+	_dir(/home/fsadmin/COMMON,fsadmin,fsadmin,755)dnl
+	_homefiles(win,homes,Personal files,%H/pc))
+	_homefiles(mac,,Personal files,~/mac))
+	_files(win,soft,softshare,/home/fsadmin/COMMON/software,fsadmin,fsadmin,775)dnl
+	_printer(win,LW,Networkprinter queue for Apple LaserWriter 16/600,/tmp,lw)
+
+')dnl
+define(_veto_mac,
+	`/.AppleDouble/.AppleDesktop/Network Trash Folder/DesktopFolderDB/resource.frk/Icon^M/TheVolumeSettingsFolder/')dnl
+define(_share_logon,
+[$1]
 	comment = $2
 	path = $3
 )dnl
-define(_share_profiles,[$1]
+define(_share_profiles,
+[$1]
 	comment = $2
 	path = $3
 	force user = %u
@@ -29,25 +51,29 @@ define(_share_profiles,[$1]
 		    /bin/chown %U $3/%U \
 		    /bin/chmod 700 $3/%U'
 )dnl
-define(_share_reference,[$1]
+define(_share_reference,
+[$1]
 	comment = $2
 	path = $3
 	guest ok = yes
 )dnl
 dnl
-define(_share_home,[$1]
-	comment = $2
-	path = $3
+define(_share_home,
+[$2]
+	comment = $3
+	path = $4
 	writeable = yes
-	root preexec = '/bin/mkdir $3 \
-		    /bin/chown %S $3 \
-		    /bin/chmod 700 $3'
+	root preexec = '/bin/mkdir $4 \
+		    /bin/chown %S $4 \
+		    /bin/chmod 700 $4'
 )dnl
-define(_share_home_mac,[home_mac]
+define(_share_home_mac,
+[home_mac]
 	comment = $1
 	path = $2
 )dnl
-define(_share_home_web,[$1]
+define(_share_home_web,
+[$1]
 	comment = $2
 	path = $3
 	writeable = yes
@@ -55,7 +81,8 @@ define(_share_home_web,[$1]
 	directory mask = 0755
 )dnl
 dnl
-define(_share_pc,[$1]
+define(_share_pc,
+[$1]
 	comment = $2
 	path = $3
 	browsable = yes
@@ -65,14 +92,16 @@ define(_share_pc,[$1]
 	valid users = @$4
 	force group = +$4
 )dnl
-define(_share_mac,[$1]
+define(_share_mac,
+[$1]
 	comment = $2
 	path = $3
 	browsable = yes
 	valid users = @$4
 	veto files = _veto_mac
 )dnl
-define(_share_common,[$1]
+define(_share_common,
+[$1]
 	comment = $2
 	path = $3
 	browsable = yes
@@ -84,11 +113,37 @@ define(_share_common,[$1]
 	delete veto files = Yes
 	veto files = _veto_mac
 )dnl
-define(_share_printer,[$1]
+define(_share_printer,
+[$1]
 	comment = $2
 	path = $3
 	printable = yes
 	printer name = $4
 )dnl
-dnl include(smb_esyscmd(hostname -f).m4)dnl
-include(smb_thor.venture.local.conf.m4)dnl
+dnl
+define(_megashare,
+[$1]
+ifelse($2,,,
+	comment = $2
+)	path = $3
+	browsable = yes
+ifelse($7,rw,
+	writeable = yes
+	create mask = 0660
+	directory mask = 0770
+ifelse($8,,,
+	valid users = @$8
+	force group = +$8
+)	delete veto files = Yes
+)	veto files = _veto_mac
+)dnl
+dnl
+define(_dir,`')dnl
+define(_homefiles,`ifelse($1,win,_share_home($2,$3,$4))')dnl
+dnl define(_files,`ifelse($1,win,_megashare($2,$3,$4,$5,$6,$7,$8))')dnl
+define(_files,`ifelse($1,win,
+	ifelse($2,netlogon,_share_logon($2,$3,$4),
+		$2,profiles,_share_profiles($2,$3,$4),
+		$2,reference,_share_reference($2,$3,$4),
+		_share_common($2,$3,$4,$6)))')dnl
+include(/etc/local-COMMON/file-FQDN.m4)dnl
diff --git a/samba/smb_thor.venture.local.conf.m4 b/samba/smb_thor.venture.local.conf.m4
deleted file mode 100644
index 264c428..0000000
--- a/samba/smb_thor.venture.local.conf.m4
+++ /dev/null
@@ -1,13 +0,0 @@
-_nonshare(common,commonshare,/home/fsadmin/COMMON,fsadmin,fsadmin,755)dnl
-_share_pc_wwr(soft,softshare,/home/fsadmin/COMMON/software,fsadmin,fsadmin,775)dnl
-_share_home(homes,Personlige dokumenter,%H/.pcshare))
-_share_pc_wwr($(datashare),fsadmin,fsadmin,775)dnl
-_share_pc_wwr(admin,Administration,/home/admin/admin,admin,admin,775)dnl
-_share_pc_wwr(business,Business,/home/business/business,business,business,775)dnl
-_share_pc_wwr(accounting,Accounting,/home/accounting/accounting,accounting,accounting,775)dnl
-_share_pc_wwr(graphics,Graphics,/home/graphics/graphics,graphics,graphics,775)dnl
-_share_pc_wwr(it,IT,/home/it/it,it,it,775)dnl
-_share_pc_wwr(edu,Education,/home/edu/edu,edu,edu,775)dnl
-_share_pc_wwr(service,Service,/home/service/service,service,service,775)dnl
-_share_pc_wrr(netlogon,Network logon,/etc/samba/netlogon,root,root,755)dnl
-_share_pc_www(profiles,Brugerprofiler,/home/fsadmin/COMMON/samba/userprofiles,fsadmin,fsadmin,777)dnl