From: root Date: Tue, 5 May 2009 14:26:48 +0000 (+0200) Subject: Merge commit 'origin/template' into mysql X-Git-Url: https://git.stderr.nl/gitweb?a=commitdiff_plain;h=8cef233192069bc795b67fe7d0f99dcce0c6821e;hp=e5db3cc7230626e037246b68dd47a87acf27576c;p=matthijs%2Fservers%2Fdrsnuggles.git Merge commit 'origin/template' into mysql * commit 'origin/template': rsyslog: Make the main queue disk-assisted as well. rsyslog: Enable queuing of log messages. nss: Add some comments. rsyslog: Send all logs to the log vserver. rsyslog: Move all rsyslog log files into a subdir. rsyslog: Update logrotate config to new rsyslog config. rsyslog: Add default logrotate config. rsyslog: Disable logging of kernel messages. rsyslog: Enable loggin of mark lines. rsyslog: Clean up rsyslog configuration. rsyslog: Add default configuration. pam: Add pam_permit to the auth section of chfn. nss: Update to use our custom LDAP schema. apt: Set the Default-Release to "stable". --- diff --git a/etc/apt/apt.conf.d/10default-release b/etc/apt/apt.conf.d/10default-release new file mode 100644 index 0000000..4143a94 --- /dev/null +++ b/etc/apt/apt.conf.d/10default-release @@ -0,0 +1 @@ +APT::Default-Release "stable"; diff --git a/etc/libnss-ldap.conf b/etc/libnss-ldap.conf index d4991e1..32b8645 100644 --- a/etc/libnss-ldap.conf +++ b/etc/libnss-ldap.conf @@ -11,3 +11,12 @@ uri ldap://ldap.drsnuggles.stderr.nl # The LDAP version to use ldap_version 3 + +# Use the uniqueMember property, referring to dn's instead of the memberUid +# property referring to usernames. This allows us to have group members with or +# without an account, and give a group member an account without having to +# change all his memberships. +nss_schema rfc2307bis + +# Use our custom posixGroup replacement +nss_map_objectclass posixGroup simplePosixGroup diff --git a/etc/logrotate.d/rsyslog b/etc/logrotate.d/rsyslog new file mode 100644 index 0000000..5682508 --- /dev/null +++ b/etc/logrotate.d/rsyslog @@ -0,0 +1,26 @@ +/var/log/rsyslog/syslog +{ + rotate 7 + daily + missingok + notifempty + delaycompress + compress + postrotate + invoke-rc.d rsyslog reload > /dev/null + endscript +} + +/var/log/rsyslog/*.log +{ + rotate 4 + weekly + missingok + notifempty + compress + delaycompress + sharedscripts + postrotate + invoke-rc.d rsyslog reload > /dev/null + endscript +} diff --git a/etc/pam.d/chfn b/etc/pam.d/chfn index efbc34b..58e1d48 100644 --- a/etc/pam.d/chfn +++ b/etc/pam.d/chfn @@ -4,3 +4,4 @@ # This allows only root to change user infomation at all. auth required pam_rootok.so +account required pam_permit.so diff --git a/etc/rsyslog.conf b/etc/rsyslog.conf new file mode 100644 index 0000000..c6e706b --- /dev/null +++ b/etc/rsyslog.conf @@ -0,0 +1,103 @@ +# /etc/rsyslog.conf Configuration file for rsyslog v3. +# +# For more information see +# /usr/share/doc/rsyslog-doc/html/rsyslog_conf.html + + +################# +#### MODULES #### +################# + +$ModLoad imuxsock # provides support for local system logging +$ModLoad immark # provides --MARK-- message capability +$MarkMessagePeriod 900 # mark messages appear every 15 Minutes + +########################### +#### GLOBAL DIRECTIVES #### +########################### + +# +# Use traditional timestamp format. +# To enable high precision timestamps, comment out the following line. +# +$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat + +# +# Set the default permissions for all log files. +# +$FileOwner root +$FileGroup adm +$FileCreateMode 0640 +$DirCreateMode 0755 + +# +# Include all config files in /etc/rsyslog.d/ +# +$IncludeConfig /etc/rsyslog.d/*.conf + +# Store any queues here. This directory is not created automatically, so it +# must already exist! +$WorkDirectory /var/spool/rsyslog + +# Use a (disk-assisted) main queue +# Use a linked list for queueing +$MainMsgQueueType LinkedList +# Name to use for the queue file +$MainMsgQueueFileName main +# save in-memory data if rsyslog shuts down +$MainMsgQueueSaveOnShutdown on + +####################### +#### Local logging #### +####################### + +# +# Log each facility into its own log +auth,authpriv.* /var/log/rsyslog/auth.log +cron.* -/var/log/rsyslog/user.log +daemon.* -/var/log/rsyslog/daemon.log +kern.* -/var/log/rsyslog/kern.log +lpr.* -/var/log/rsyslog/lpr.log +mail.* -/var/log/rsyslog/mail.log +user.* -/var/log/rsyslog/user.log +local0,local1,local2,\ + local3,local4,local5,\ + local6,local7.* -/var/log/rsyslog/local.log + +# Omitted facilities: syslog, news, uucp, ftp + +# All logs end up in syslog as weel as the corresponding facility log above +# (except for auth, mail which only end up in the facility log for privacy +# reasons and debug which only ends up in the debug log below to prevent +# flooding). +*.*;\ + *.!=debug;\ + auth,authpriv.none;\ + mail.none -/var/log/rsyslog/syslog + +# Debug entries end up in debug.log as well as the corresponding facility log +# above (except for auth and mail, which only end up in the facility logs for +# privacy reasons). +*.=debug;\ + auth,authpriv.none;\ + news.none;mail.none -/var/log/rsyslog/debug.log +# +# Emergencies are sent to everybody logged in. +# +*.emerg * + +######################## +#### Remote logging #### +######################## + +# Send all log entries to the log vserver, but queue them in memory as well as +# on disk if needed. +# Use a linked list for queueing +$ActionQueueType LinkedList +# Name to use for the queue file +$ActionQueueFileName remote +# infinite retries on insert failure +$ActionResumeRetryCount -1 +# save in-memory data if rsyslog shuts down +$ActionQueueSaveOnShutdown on +*.* @@log;RSYSLOG_SyslogProtocol23Format