blob: 2f42df41bda3560abcb224a89b3024ef9eef3af6 (
plain)
- All:
- ----
- Add a section in the cf.services.file for netatalk.
- Move all the fake domains to bind/fake from bind/pri.
- Add squid support: Search /etc/squid.conf for "YOUR OWN RULE" and add "acl localnet src $(LOCALNET)" and "http_access allow localnet".
- Add integrit support: Remove all relevant comments in /etc/integrit/integrit.conf and "# ! " in /etc/cron.daily.integrit.
- Implement meta-hints about filesharing: ftp should use "-l" and "~ users" when default users are dummy users. And the local user-init, adduser.local and deluser.local should be generic.
- Figure out if bind or bind9 is installed as nameserver (currently both are reloaded, which is non-optimal and _can_ lead to errors)
- Calibrate max open files based on available memory (as suggested at http://www.linuxdoc.org/LDP/solrhe/Securing-Optimizing-Linux-RH-Edition-v1.3/chap6sec72.html and http://www.xenoclast.org/doc/benchmark/HTTP-benchmarking-HOWTO/node7.html):
- FILEMAX = (INSTALLED_RAM*256)/4
- /etc/sysctl.conf: fs.file-max = FILEMAX
- /etc/security/limits.conf: * soft nofile 1024
- /etc/security/limits.conf: * hard nofile FILEMAX
- Use m4 to make sharefiles and cfengine cleanup files for samba.
- Move zonefiles out of local-COMMON and into separate CVS modules.
- Check that m4 is installed before using it in cfengine!
- Figure out a smarter way to do the following on the command line:
- for host in xayide coreander jawa.homebase.dk gmork satsbutikken ida cherry.107b.dk tulle; do fping $host && ssh -t ${host/tulle/tulle -p 53} "for dir in /etc/local-COMMON /usr/local/bin /usr/local/sbin; do (cd \$dir && cvs update -dP); done; /etc/cfengine/cfengine.conf -q; /etc/local-COMMON/postfix/postfix.sh"; done
- Xenux:
- ------
- Finish the cf.services.fai file
- DONE:
- -----
- samba/netlogon/common.bat is XENUX-centric
- Correct dns (and other places like samba?) to use FQDN, not only host.
- Move all domain files to local-COMMON
|
