diff options
| -rw-r--r-- | X11/Xresources/local | 20 | ||||
| -rw-r--r-- | ldap/README.dit | 99 | ||||
| -rw-r--r-- | ldap/db/cipux_rolegroup.ldif.in | 2 | ||||
| -rw-r--r-- | ldap/db/cipux_roleuser.ldif.in | 2 | ||||
| -rwxr-xr-x | ldap/mkldapdb | 115 | ||||
| -rw-r--r-- | mc/mc.menu | 166 | ||||
| -rwxr-xr-x | postfix/cron.weekky/local-purgeoldtrashedmails | 9 | ||||
| -rwxr-xr-x | postfix/cron.weekly/local-purgeoldtrashedmails | 9 | ||||
| -rw-r--r-- | postfix/maps_rbl_domains | 3 | ||||
| -rwxr-xr-x | postfix/postfix.sh | 2 | ||||
| -rw-r--r-- | postfix/reject_rhsbl_sender | 2 | ||||
| -rw-r--r-- | rsyslog.d/local-gtls-common.conf | 21 | ||||
| -rw-r--r-- | rsyslog.d/local-gtls-receive.conf | 5 | ||||
| -rw-r--r-- | rsyslog.d/local-gtls-send.conf | 6 |
14 files changed, 430 insertions, 31 deletions
diff --git a/X11/Xresources/local b/X11/Xresources/local index 2d45ceb..de16acf 100644 --- a/X11/Xresources/local +++ b/X11/Xresources/local @@ -1,10 +1,24 @@ ! /etc/X11/Xresources/local XTerm*font: terminus-24 +XTerm*boldFont: terminus-bold-24 Rxvt*font: terminus-24 -URxvt*font: terminus-24 +Rxvt*boldFont: terminus-bold-24 + XTerm*reverseVideo: True Rxvt*reverseVideo: True -URxvt*reverseVideo: True + Rxvt*scrollBar: False -URxvt*scrollBar: False +Rxvt*saveLines: 500 + +! enable pseudo-transparency +Rxvt*color9: #ff5555 +Rxvt*color10: #55ff55 +Rxvt*color11: #ffff55 +Rxvt*color12: #5555ff +Rxvt*color13: #ff55ff +Rxvt*color14: #55ffff +Rxvt*color15: #ffffff +Rxvt*inheritPixmap: True +Rxvt*shading: 15 +Rxvt*tintColor: white diff --git a/ldap/README.dit b/ldap/README.dit index 6077a57..72e7e0b 100644 --- a/ldap/README.dit +++ b/ldap/README.dit @@ -22,6 +22,97 @@ dc=example,dc=com `-- cn=admin +Default Skolelinux DIT +---------------------- + +dc=skole,dc=skolelinux,dc=no +|-- ou=Attic +|-- ou=Machines +|-- ou=People +| |-- ou=Machines +| | `-- uid=win01$ +| |-- cn=Admin +| |-- cn=smbadmin +| `-- uid=root +|-- ou=Pam +|-- ou=Domains +|-- ou=Group +| |-- cn=Admins +| |-- cn=jradmins +| |-- cn=teachers +| |-- cn=students +| |-- cn=none +| `-- cn=machines +|-- ou=Netgroup +| |-- cn=all-hosts +| |-- cn=server-hosts +| |-- cn=ltsp-server-hosts +| |-- cn=workstation-hosts +| |-- cn=printer-hosts +| |-- cn=shutdown-at-night-hosts +| `-- cn=fsautoresize-hosts +|-- ou=Variables +| |-- cn=nextID +| `-- cn=capabilities +|-- sambaDomainName=SKOLELINUX +|-- ou=Automount +| |-- ou=auto.master +| | `-- cn=/skole +| `-- ou=skole +| |-- cn=tjener +| `-- ou=tjener +| `-- cn=home0 +|-- cn=dhcp +`-- cn=DHCP Config + |-- cn=INTERNAL + | |-- cn=10.0.2.0 + | `-- cn=group1 + | |-- cn=ltspserver00 + | |-- cn=ltspserver01 + | |-- cn=printer00 + | |-- cn=printer01 + | |-- cn=printer02 + | |-- cn=printer03 + | |-- cn=static00 + | |-- cn=static01 + | |-- cn=static02 + | `-- cn=static03 + `-- cn=THINCLIENTS + |-- cn=192.168.0.0 + `-- cn=group1 + |-- cn=ltsp010 + |-- cn=ltsp011 + |-- cn=ltsp012 + |-- cn=ltsp013 + |-- cn=ltsp014 + |-- cn=ltsp015 + |-- cn=ltsp016 + |-- cn=ltsp017 + |-- cn=ltsp018 + `-- cn=ltsp019 + + +Default CipUX DIT +----------------- + +ou=example org,dc=example,dc=org +|-- cn=cipuxadm +|-- ou=CipUX + |-- ou=User + | `-- uid=username + |-- ou=Group + | `-- cn=groupname + |-- ou=Task + |-- ou=CAT + |-- ou=Image + |-- ou=Machine + | `-- uid=win01$ + |-- ou=Room + |-- ou=HardwareType + |-- ou=ImageSlot + `-- ou=Configuration + + Simple DIT ---------- @@ -68,10 +159,10 @@ dc=example,dc=com | |-- ou=Services | |-- ou=idMap | |-- ou=Entities -| |-- ou=System -| |-- ou=People -| |--cn=jonas -| `--cn=christian +| |-- ou=System +| `-- ou=People +| |--cn=jonas +| `--cn=christian `-- ou=Access Control |-- ou=Groups | `-- ou=Administrators diff --git a/ldap/db/cipux_rolegroup.ldif.in b/ldap/db/cipux_rolegroup.ldif.in index d6d3a9d..e974caf 100644 --- a/ldap/db/cipux_rolegroup.ldif.in +++ b/ldap/db/cipux_rolegroup.ldif.in @@ -17,4 +17,4 @@ objectClass: top objectClass: posixGroup objectClass: cipuxGroup structuralObjectClass: posixGroup -userPassword:: {crypt}x +userPassword: {crypt}x diff --git a/ldap/db/cipux_roleuser.ldif.in b/ldap/db/cipux_roleuser.ldif.in index 9a4fef8..c97e660 100644 --- a/ldap/db/cipux_roleuser.ldif.in +++ b/ldap/db/cipux_roleuser.ldif.in @@ -26,5 +26,5 @@ objectClass: imapUser objectClass: cipuxAccount uid: @ROLE@ uidNumber: @UID@ -userPassword:: {crypt}x +userPassword: {crypt}x structuralObjectClass: imapUser diff --git a/ldap/mkldapdb b/ldap/mkldapdb index 77cb6d5..fbbdb09 100755 --- a/ldap/mkldapdb +++ b/ldap/mkldapdb @@ -1,25 +1,120 @@ #!/bin/sh +# +# /etc/local-COMMON/ldap/mkldapdb +# Copyright 2008 Jonas Smedegaard <dr@jones.dk> +# +# Setup LDAP database from skeleton files set -e umask 066 -# Resolve some defaults from other system config -basedn="`grep '^BASE\b' /etc/ldap/ldap.conf | sed -e 's/^BASE[[:space:]]\+//' -e 's/,[[:space:]]\+/,/g'`" -dnsdomain="`dnsdomainname`" -orgname="" -if [ -r /etc/local-ORG/orgname ]; then - orgname="$(head -n 1 /etc/local-ORG/orgname)" -fi +PRG=$(basename "$0") + +TEMP=$(getopt -s sh -o b:e:d:fh -l basedn:,enable:,disable:,force,help -n "$PRG" -- "$@") +if [ $? != 0 ] ; then echo "Terminating..." >&2 ; exit 1 ; fi +eval set -- "$TEMP" + +getbasedn() { + grep '^BASE\b' /etc/ldap/ldap.conf | sed -e 's/^BASE[[:space:]]\+//' -e 's/,[[:space:]]\+/,/g' +} +getdnsdomain() { + dnsdomainname +} +getorgname() { + if [ -r /etc/local-ORG/orgname ]; then + head -n 1 /etc/local-ORG/orgname + fi +} # config defaults as of slapd 2.4.10-3 backend="hdb" +# extension default states (enabled/disabled) +cipux=1 +horde= + +# strings above, and either functions above or strings right below, +# can be overrided locally through this config file +if [ -f /etc/local/mkldapdb.cfg ]; then + . /etc/local/mkldapdb.cfg +fi + +basedn="${basedn:-$(getbasedn)}" +dnsdomain="${dnsdomain:-$(getdnsdomain)}" +orgname="${orgname:-$(getorgname)}" + +showhelp() { + cat <<EOF +Usage: $PRG [opts...] [PHASE [PHASE...]] +Setup LDAP database from skeleton files + +Options: + -b, --basedn LDAP Base DN (Distinguished Name) to use + (default: ${basedn}) + -e, --enable Include this optional extension + -d, --disable Exclude this optional extension + -t, --tempdir Skip prep phase and use content of provided dir + -c, --config Include config phase + -i, --init Include init phase + -f, --force Update without asking for confirmation + -h, --help Show this help text + +The following extensions are available: + cipux CipUX admin framework ${cipux:+(enabled by default)} + horde HORDE web-app framework ${horde:+(enabled by default)} + +The following phases are possible: + prep Assemble slapd.conf and LDIF files with DIT parts + config Add/update LDAP server configuration file + init Purge any existing ldap data and initialize new core DIT + main Add general DIT for use with POSIX accounts + mainpw Apply/Change main admin password + opt Add optional DIT extensions + optpw Apply/Change passwords for accounts of optional extensions + +When no phases are supplied, all but config and init are applied + +Examples: + $PRG + $PRG --basedn dc=example,dc=org --enable horde prep +EOF +} + +exit1() { + echo >&2 "Error: $1" + echo >&2 "Exiting..." + exit 1 +} + +while true ; do + case "$1" in + -b|--basedn) basedn="$2"; shift 2;; + -e|--enable-extension) + case "$2" in + cipux|horde) eval "$2=1";; + *) exit1 "Unknown extension \"$2\"" + esac + shift 2 + ;; + -d|--disable-extension) + case "$2" in + cipux|horde) eval "$2=";; + *) exit1 "Unknown extension \"$2\"" + esac + shift 2 + ;; + -f|--force) force="1"; shift;; + -h|--help) showhelp; exit 0;; + --) shift; break;; + *) exit1 "Internal error!";; + esac +done + # Ensure all required values are properly resolved for var in basedn dnsdomain orgname backend; do if [ -z "`eval echo '$'$var`" ]; then - echo 1>&2 "ERROR: Required variable '$var' missing. Exiting...!" - exit 1 + exit1 "Required variable '$var' missing. Exiting...!" fi done @@ -55,7 +150,7 @@ spacecat $snippets | sed >>"$tempdir/slapd.conf" \ -e "s/@SUFFIX@/$basedn/g" \ -e "s/@ADMIN@/cn=admin,$basedn/g" -# TODO: Better separate core from normal lif files than "below 100"... +# TODO: Better separate core from normal ldif files than "below 100"... file=99 for section in core base cipux horde; do sed <"$masterdir/db/$section.ldif.in" >"$tempdir/${file}_$section.ldif" \ diff --git a/mc/mc.menu b/mc/mc.menu new file mode 100644 index 0000000..2e7be79 --- /dev/null +++ b/mc/mc.menu @@ -0,0 +1,166 @@ +shell_patterns=0 += t d +3 Compress the current subdirectory (tar.gz) + Pwd=`basename %d /` + echo -n "Name of the compressed file (without extension) [$Pwd]: " + read tar + if [ "$tar"x = x ]; then tar="$Pwd"; fi + cd .. && \ + tar cf - "$Pwd" | gzip -f9 > "$tar.tar.gz" && \ + echo "../$tar.tar.gz created." + +4 Compress the current subdirectory (tar.bz2) + Pwd=`basename %d /` + echo -n "Name of the compressed file (without extension) [$Pwd]: " + read tar + if [ "$tar"x = x ]; then tar="$Pwd"; fi + cd .. && \ + tar cf - "$Pwd" | bzip2 -f > "$tar.tar.bz2" && \ + echo "../$tar.tar.bz2 created." + +=+ f \.tar\.gz$ | f \.tar\.z$ | f \.tgz$ | f \.tpz$ | f \.tar\.Z$| f \.tar\.bz2$ & t r +x Extract the contents of a compressed tar file + unset EXT + case %f in + *.tar.bz2) EXT=tar_bz2;; + esac + if [ "$EXT" = "tar_bz2" ]; then + bunzip2 -c %f | tar xvf - + else + gzip -dc %f | tar xvf - + fi + += t r ++ ! t t +y Gzip or gunzip current file + unset DECOMP + case %f in + *.gz) DECOMP=-d;; + *.[zZ]) DECOMP=-d;; + esac + gzip $DECOMP -v %f + ++ t t +Y Gzip or gunzip tagged files + for i in %t + do + unset DECOMP + case $i in + *.gz) DECOMP=-d;; + *.[zZ]) DECOMP=-d;; + esac + gzip $DECOMP -v $i + done + ++ ! t t +b Bzip2 or bunzip2 current file + unset DECOMP + case %f in + *.bz2) DECOMP=-d;; + esac + bzip2 $DECOMP -v %f + ++ t t +B Bzip2 or bunzip2 tagged files + for i in %t + do + unset DECOMP + case $i in + *.bz2) DECOMP=-d;; + esac + bzip2 $DECOMP -v $i + done + ++ f \.tar.gz$ | f \.tgz$ | f \.tpz$ | f \.tar.Z$ | f \.tar.z$ | f \.tar.bz2$ | f \.tar.F$ & t r & ! t t +z Extract compressed tar file to subdirectory + unset D + set gzip -cd + case %f in + *.tar.gz) D="`basename %f .tar.gz`";; + *.tgz) D="`basename %f .tgz`";; + *.tpz) D="`basename %f .tpz`";; + *.tar.Z) D="`basename %f .tar.Z`";; + *.tar.z) D="`basename %f .tar.z`";; + *.tar.bz2) D="`basename %f .tar.bz2`"; set bunzip2 -c ;; + *.tar.F) D="`basename %f .tar.F`"; set freeze -dc; + esac + mkdir $D; cd $D && ($1 $2 ../%f | tar xvf -) + ++ t t +Z Extract compressed tar files to subdirectories + for i in %t + do + set gzip -dc + unset D + case $i in + *.tar.gz) D="`basename $i .tar.gz`";; + *.tgz) D="`basename $i .tgz`";; + *.tpz) D="`basename $i .tpz`";; + *.tar.Z) D="`basename $i .tar.Z`";; + *.tar.z) D="`basename $i .tar.z`";; + *.tar.F) D="`basename $i .tar.F`"; set freeze -dc;; + *.tar.bz2) D="`basename $i .tar.bz2`"; set bunzip2 -c;; + esac + mkdir $D; (cd $D && $1 $2 ../$i | tar xvf -) + done + ++ f \.gz$ | f \.tgz$ | f \.tpz$ | f \.Z$ | f \.z$ | f \.bz2$ & t r & ! t t +c Convert gz<->bz2, tar.gz<->tar.bz2 & tgz->tar.bz2 + unset D + unset EXT + case %f in + *.tgz) EXT=tgz;; + *.tpz) EXT=tpz;; + *.Z) EXT=Z;; + *.z) EXT=z;; + *.gz) EXT=gz;; + *.bz2) EXT=bz2;; + esac + case $EXT in + tgz|tpz) D="`basename %f .$EXT`.tar";; + gz|Z|z) D="`basename %f .$EXT`";; + bz2) D="`basename %f .bz2`";; + esac + if [ "$EXT" = "bz2" ]; then + bunzip2 -v %f ; gzip -f9 -v $D + else + gunzip -v %f ; bzip2 -v $D + fi + ++ t t +C Convert gz<->bz2, tar.gz<->tar.bz2 & tgz->tar.bz2 + set %t + while [ -n "$1" ] + do + unset D + unset EXT + case $1 in + *.tgz) EXT=tgz;; + *.tpz) EXT=tpz;; + *.Z) EXT=Z;; + *.z) EXT=z;; + *.gz) EXT=gz;; + *.bz2) EXT=bz2;; + esac + case $EXT in + tgz) D="`basename $1 .tgz`.tar";; + tpz) D="`basename $1 .tpz`.tar";; + gz|Z|z) D="`basename $1 .$EXT`";; + bz2) D="`basename $1 .bz2`";; + esac + if [ "$EXT" = "bz2" ]; then + bunzip2 -v $1 + gzip -f9 -v $D + else + gunzip -v $1 + bzip2 -v $D + fi + shift + done + ++ F \.tar\.gz$ | F \.tar\.bz2$ & ! T T +t git-import-orig current file in opposite dir + git-import-orig --pristine-tar --sign-tags %D/%F + +c Create unofficial changelog entry + dch -D jonas -l ~0jones --force-distribution "Unofficial build based on Debian Sid packaging." diff --git a/postfix/cron.weekky/local-purgeoldtrashedmails b/postfix/cron.weekky/local-purgeoldtrashedmails deleted file mode 100755 index 205585b..0000000 --- a/postfix/cron.weekky/local-purgeoldtrashedmails +++ /dev/null @@ -1,9 +0,0 @@ -#!/bin/sh -# -# Purge trashed mails older than 2 months - -set -e - -find /home/*/Maildir/.Trash /home/*/Maildir/.trash /home/*/Maildir/.Deleted\ Messages /home/*/Maildir/.Deleted\ Items -type f -mtime +60 -exec rm -f '{}' ';' - -exit 0 diff --git a/postfix/cron.weekly/local-purgeoldtrashedmails b/postfix/cron.weekly/local-purgeoldtrashedmails new file mode 100755 index 0000000..7674508 --- /dev/null +++ b/postfix/cron.weekly/local-purgeoldtrashedmails @@ -0,0 +1,9 @@ +#!/bin/sh +# +# Purge trashed mails older than 2 months + +set -e + +find /home/*/Maildir/.Trash /home/*/Maildir/.Trash.* /home/*/Maildir/.INBOX_Trash /home/*/Maildir/.trash /home/*/Maildir/.Deleted\ Messages /home/*/Maildir/.Deleted\ Items /home/*/Maildir/.Slettet\ post -type f -mtime +60 -exec rm -f '{}' ';' + +exit 0 diff --git a/postfix/maps_rbl_domains b/postfix/maps_rbl_domains index b2e15b0..03ed016 100644 --- a/postfix/maps_rbl_domains +++ b/postfix/maps_rbl_domains @@ -23,5 +23,6 @@ # Great RBL blog: http://www.dnsbl.com/ # Automated RBL comparison: http://stats.dnsbl.com/ -zen.spamhaus.net # Recommended at http://www.dnsbl.com/ +virbl.dnsbl.bit.nl # Virbl-project +zen.spamhaus.org # Recommended at http://www.dnsbl.com/ bl.spamcop.net # Avoided in the past, but now recommended: http://www.dnsbl.com/2007/05/spamcop-bl-another-look-its-accurate.html diff --git a/postfix/postfix.sh b/postfix/postfix.sh index 2b923e0..102b8dc 100755 --- a/postfix/postfix.sh +++ b/postfix/postfix.sh @@ -66,7 +66,7 @@ else fi dkimproxy= -if [ "1" = "$amavis" ] && [ -x /usr/bin/dkimsign ]; then +if [ "1" = "$amavis" ] && [ -x /usr/bin/dkimproxy-sign ]; then dkimproxy=1 else echo >&2 "WARNING: Avoiding/disabling DKIMproxy setup: not installed." diff --git a/postfix/reject_rhsbl_sender b/postfix/reject_rhsbl_sender index 5d7933d..04ef383 100644 --- a/postfix/reject_rhsbl_sender +++ b/postfix/reject_rhsbl_sender @@ -10,7 +10,7 @@ # $Id: reject_rhsbl_sender,v 1.5 2008-05-25 15:31:28 jonas Exp $ # -#bogusmx.rfc-ignorant.org # Disable for now - claims redpill domains "has demonstrably bogus MX record" +bogusmx.rfc-ignorant.org dsn.rfc-ignorant.org block.rhs.mailpolice.com dob.sibl.support-intelligence.net # newly registered domains: http://www.support-intelligence.com/dob/ diff --git a/rsyslog.d/local-gtls-common.conf b/rsyslog.d/local-gtls-common.conf new file mode 100644 index 0000000..aef8117 --- /dev/null +++ b/rsyslog.d/local-gtls-common.conf @@ -0,0 +1,21 @@ +# enable gtls driver and make it the default +$ModLoad imtcp +$DefaultNetstreamDriver gtls + +# certificate files +$DefaultNetstreamDriverCAFile /etc/ssl/certs/ca-certificates.crt +$DefaultNetstreamDriverCertFile /etc/ssl/certs/rsyslog.pem +$DefaultNetstreamDriverKeyFile /etc/ssl/private/rsyslog.pem + +$InputTCPServerStreamDriverAuthMode x509/name +$InputTCPServerStreamDriverMode 1 # run driver in TLS-only mode + +# sample reception (repeat last line for each client) +#$InputTCPServerRun 514 +#$InputTCPServerStreamDriverPermittedPeer *.example.net + +# sample sending (repeat all lines for each server) +#$ActionSendStreamDriverAuthMode x509/name +#$ActionSendStreamDriverMode 1 # run driver in TLS-only mode +#$ActionSendStreamDriverPermittedPeer central.example.net +#*.* @@central.example.net:514 # forward everything to remote server diff --git a/rsyslog.d/local-gtls-receive.conf b/rsyslog.d/local-gtls-receive.conf new file mode 100644 index 0000000..b17d55a --- /dev/null +++ b/rsyslog.d/local-gtls-receive.conf @@ -0,0 +1,5 @@ +# enable gtls reception +$InputTCPServerRun 514 + +# restrict access based on client certificate +#$InputTCPServerStreamDriverPermittedPeer *.example.net diff --git a/rsyslog.d/local-gtls-send.conf b/rsyslog.d/local-gtls-send.conf new file mode 100644 index 0000000..e692b07 --- /dev/null +++ b/rsyslog.d/local-gtls-send.conf @@ -0,0 +1,6 @@ +# restrict access based on server certificate +# (repeat all lines for each server) +#$ActionSendStreamDriverAuthMode x509/name +#$ActionSendStreamDriverMode 1 # run driver in TLS-only mode +#$ActionSendStreamDriverPermittedPeer central.example.net +#*.* @@central.example.net:514 # forward everything to remote server |