matthijs/servers/drsnuggles.git
16 years agologcheck: Make slapd rule more general.
Matthijs Kooijman [Mon, 8 Jun 2009 07:23:10 +0000 (09:23 +0200)]
logcheck: Make slapd rule more general.

16 years agologcheck: Fix regex.
Matthijs Kooijman [Sat, 9 May 2009 19:46:09 +0000 (21:46 +0200)]
logcheck: Fix regex.

16 years agologcheck: Ignore "no connection!" messages from slapd.
Matthijs Kooijman [Sat, 9 May 2009 11:01:05 +0000 (13:01 +0200)]
logcheck: Ignore "no connection!" messages from slapd.

16 years agorsyslog: Use %fromhost% instead of %hostname%.
Matthijs Kooijman [Thu, 7 May 2009 07:32:32 +0000 (09:32 +0200)]
rsyslog: Use %fromhost% instead of %hostname%.

Using hostname did not always work, since that use the hostname
specified in the message itself (In particular some kernel messages
without a hostname were seen). using %fromhost% always uses the hostname
of the host the message was received from. This might break in NAT and
forwarding situations, but those do not apply here.

16 years agologcheck: Extend dovecot deliver regex a bit.
Matthijs Kooijman [Wed, 6 May 2009 06:26:59 +0000 (08:26 +0200)]
logcheck: Extend dovecot deliver regex a bit.

Previously, messages with an "unspecified" message id would not be
matched, since there are no brackets around unspecified ids.

16 years agologcheck: Fix dovecot deliver pattern.
Matthijs Kooijman [Tue, 5 May 2009 18:56:16 +0000 (20:56 +0200)]
logcheck: Fix dovecot deliver pattern.

16 years agologcheck: Ignore rsyslog MARK lines.
Matthijs Kooijman [Tue, 5 May 2009 18:02:32 +0000 (20:02 +0200)]
logcheck: Ignore rsyslog MARK lines.

16 years agologcheck: Ignore succesful dovecot deliveries.
Matthijs Kooijman [Tue, 5 May 2009 17:56:22 +0000 (19:56 +0200)]
logcheck: Ignore succesful dovecot deliveries.

16 years agologcheck: Ignore rsyslogd restart messages.
Matthijs Kooijman [Tue, 5 May 2009 17:56:02 +0000 (19:56 +0200)]
logcheck: Ignore rsyslogd restart messages.

16 years agoMerge commit 'origin/template' into log
Matthijs Kooijman [Tue, 5 May 2009 16:20:52 +0000 (18:20 +0200)]
Merge commit 'origin/template' into log

* commit 'origin/template':
  ssh: Disable changing of the oom_adj value.
  ssh: Add default initscript configuration.

* commits left out:
  rsyslog: Use another format for forwarding messages.

16 years agologcheck: Only parse the big all.log in /data.
Matthijs Kooijman [Tue, 5 May 2009 16:17:00 +0000 (18:17 +0200)]
logcheck: Only parse the big all.log in /data.

16 years agorsyslog: Add (commented out) debug log.
Matthijs Kooijman [Tue, 5 May 2009 16:16:17 +0000 (18:16 +0200)]
rsyslog: Add (commented out) debug log.

This is so we can quickly enable full dumping of log messages later on.

16 years agorsyslog: Use another format for forwarding messages. samba
Matthijs Kooijman [Tue, 5 May 2009 16:09:52 +0000 (18:09 +0200)]
rsyslog: Use another format for forwarding messages.

The syslog protocol 23 format seems to be broken in rsyslog for messages
that were originally generated by legacy applications (i.e., do not have
a structured-data field).

See http://bugzilla.adiscon.com/show_bug.cgi?id=125

16 years agorsyslog: Don't use a template when it's not needed.
Matthijs Kooijman [Tue, 5 May 2009 15:20:11 +0000 (17:20 +0200)]
rsyslog: Don't use a template when it's not needed.

16 years agossh: Disable changing of the oom_adj value.
Matthijs Kooijman [Tue, 5 May 2009 15:07:10 +0000 (17:07 +0200)]
ssh: Disable changing of the oom_adj value.

This value is meant for making sure ssh is never killed by the oom
killer, but that is not allowed inside vservers.

16 years agossh: Add default initscript configuration.
Matthijs Kooijman [Tue, 5 May 2009 15:06:45 +0000 (17:06 +0200)]
ssh: Add default initscript configuration.

16 years agologcheck: Add default configuration.
Matthijs Kooijman [Tue, 5 May 2009 14:39:40 +0000 (16:39 +0200)]
logcheck: Add default configuration.

16 years agoMerge commit 'origin/template' into log
Matthijs Kooijman [Tue, 5 May 2009 14:08:52 +0000 (16:08 +0200)]
Merge commit 'origin/template' into log

* commit 'origin/template':
  rsyslog: Make the main queue disk-assisted as well.

* commits left out:
  rsyslog: Enable queuing of log messages.

16 years agorsyslog: Make the main queue disk-assisted as well.
Matthijs Kooijman [Tue, 5 May 2009 13:55:27 +0000 (15:55 +0200)]
rsyslog: Make the main queue disk-assisted as well.

16 years agorsyslog: Enable queuing of log messages.
Matthijs Kooijman [Tue, 5 May 2009 13:07:22 +0000 (15:07 +0200)]
rsyslog: Enable queuing of log messages.

This prevents messages from getting lost when the log vserver is
temporarily unavailable.

16 years agorsyslog: Accept and log entries from all other vservers.
Matthijs Kooijman [Tue, 5 May 2009 12:12:31 +0000 (14:12 +0200)]
rsyslog: Accept and log entries from all other vservers.

This logs all entries to /data, separated per host and per facility,
severity or application. There is also one big logfile for all entries,
for use by logcheck.

All of these files are lograted daily and kept forever (except for the
big contains-everything logfile, which is thrown away after a day when
logcheck should be done with it).

16 years agoMerge commit 'origin/template' into log
Matthijs Kooijman [Tue, 5 May 2009 09:39:03 +0000 (11:39 +0200)]
Merge commit 'origin/template' into log

* commit 'origin/template':
  nss: Add some comments.
  rsyslog: Move all rsyslog log files into a subdir.
  rsyslog: Update logrotate config to new rsyslog config.
  rsyslog: Add default logrotate config.
  rsyslog: Disable logging of kernel messages.
  rsyslog: Enable loggin of mark lines.
  rsyslog: Clean up rsyslog configuration.
  rsyslog: Add default configuration.

* commits left out:
  rsyslog: Send all logs to the log vserver.

16 years agonss: Add some comments.
Matthijs Kooijman [Tue, 5 May 2009 09:17:28 +0000 (11:17 +0200)]
nss: Add some comments.

16 years agorsyslog: Send all logs to the log vserver.
Matthijs Kooijman [Tue, 5 May 2009 08:52:30 +0000 (10:52 +0200)]
rsyslog: Send all logs to the log vserver.

This happens in addition to local logging.

16 years agorsyslog: Move all rsyslog log files into a subdir.
Matthijs Kooijman [Tue, 5 May 2009 08:17:52 +0000 (10:17 +0200)]
rsyslog: Move all rsyslog log files into a subdir.

This allows us to use *.log in the logrotate configuration, without
conflicting with logfiles not created by rsyslog.

16 years agorsyslog: Update logrotate config to new rsyslog config.
Matthijs Kooijman [Mon, 4 May 2009 20:41:06 +0000 (22:41 +0200)]
rsyslog: Update logrotate config to new rsyslog config.

16 years agorsyslog: Add default logrotate config.
Matthijs Kooijman [Mon, 4 May 2009 20:37:56 +0000 (22:37 +0200)]
rsyslog: Add default logrotate config.

16 years agorsyslog: Disable logging of kernel messages.
Matthijs Kooijman [Mon, 4 May 2009 20:31:27 +0000 (22:31 +0200)]
rsyslog: Disable logging of kernel messages.

The vservers won't have access to the kernel messages anyway.

16 years agorsyslog: Enable loggin of mark lines.
Matthijs Kooijman [Mon, 4 May 2009 20:26:54 +0000 (22:26 +0200)]
rsyslog: Enable loggin of mark lines.

16 years agorsyslog: Clean up rsyslog configuration.
Matthijs Kooijman [Mon, 4 May 2009 20:00:15 +0000 (22:00 +0200)]
rsyslog: Clean up rsyslog configuration.

This removes some commented out lines, and reorganizes the existing
logfiles to be more consistent.

16 years agorsyslog: Add default configuration.
Matthijs Kooijman [Mon, 4 May 2009 19:50:28 +0000 (21:50 +0200)]
rsyslog: Add default configuration.

16 years agorsyslog: Move all rsyslog log files into a subdir.
Matthijs Kooijman [Tue, 5 May 2009 08:17:52 +0000 (10:17 +0200)]
rsyslog: Move all rsyslog log files into a subdir.

This allows us to use *.log in the logrotate configuration, without
conflicting with logfiles not created by rsyslog.

16 years agorsyslog: Update logrotate config to new rsyslog config.
Matthijs Kooijman [Mon, 4 May 2009 20:41:06 +0000 (22:41 +0200)]
rsyslog: Update logrotate config to new rsyslog config.

16 years agorsyslog: Add default logrotate config.
Matthijs Kooijman [Mon, 4 May 2009 20:37:56 +0000 (22:37 +0200)]
rsyslog: Add default logrotate config.

16 years agorsyslog: Disable logging of kernel messages.
Matthijs Kooijman [Mon, 4 May 2009 20:31:27 +0000 (22:31 +0200)]
rsyslog: Disable logging of kernel messages.

The vservers won't have access to the kernel messages anyway.

16 years agorsyslog: Enable loggin of mark lines.
Matthijs Kooijman [Mon, 4 May 2009 20:26:54 +0000 (22:26 +0200)]
rsyslog: Enable loggin of mark lines.

16 years agorsyslog: Clean up rsyslog configuration.
Matthijs Kooijman [Mon, 4 May 2009 20:00:15 +0000 (22:00 +0200)]
rsyslog: Clean up rsyslog configuration.

This removes some commented out lines, and reorganizes the existing
logfiles to be more consistent.

16 years agorsyslog: Add default configuration.
Matthijs Kooijman [Mon, 4 May 2009 19:50:28 +0000 (21:50 +0200)]
rsyslog: Add default configuration.

16 years agosystem: Set hostname and mailname
Matthijs Kooijman [Fri, 17 Apr 2009 13:15:44 +0000 (15:15 +0200)]
system: Set hostname and mailname

16 years agopam: Add pam_permit to the auth section of chfn.
Matthijs Kooijman [Mon, 13 Apr 2009 15:48:38 +0000 (17:48 +0200)]
pam: Add pam_permit to the auth section of chfn.

The chfn command did not work before, since it checks account as well as
auth.

16 years agonss: Update to use our custom LDAP schema.
Matthijs Kooijman [Mon, 13 Apr 2009 15:22:39 +0000 (17:22 +0200)]
nss: Update to use our custom LDAP schema.

This uses the uniqueMember attribute containing dns instead of the
memberUid attribute containing usernames for forming groups.
Additionally, it tells nss-ldap about our replacement for the posixGroup
objectClass.

16 years agoapt: Set the Default-Release to "stable".
Matthijs Kooijman [Mon, 13 Apr 2009 15:21:33 +0000 (17:21 +0200)]
apt: Set the Default-Release to "stable".

16 years agopam: Let pam.d/cron include common-account.
Matthijs Kooijman [Tue, 30 Dec 2008 23:00:45 +0000 (00:00 +0100)]
pam: Let pam.d/cron include common-account.

The changes to common-account make the custom account section of
pam.d/cron unneeded.

16 years agopam: Let pam.d/su include common{account,session}.
Matthijs Kooijman [Tue, 30 Dec 2008 22:58:24 +0000 (23:58 +0100)]
pam: Let pam.d/su include common{account,session}.

Since pam.d/other was removed, su was missing the account and session
entries and failed.

16 years agopam: Make common-account also support unix users.
Matthijs Kooijman [Tue, 30 Dec 2008 22:56:17 +0000 (23:56 +0100)]
pam: Make common-account also support unix users.

This makes sure that common-account supports both unix users (from
passwd) and ldap users. A lot of services don't do real (password)
authentication, but do need to work for both ldap and unix users (cron,
su).

common-auth still only works for ldap users, since those are the only
ones with actual passwords.

16 years agopam: Add .so to module names in pam.d/other.
Matthijs Kooijman [Tue, 30 Dec 2008 22:51:27 +0000 (23:51 +0100)]
pam: Add .so to module names in pam.d/other.

16 years agopam: Deny everything in pam.d/other.
Matthijs Kooijman [Tue, 30 Dec 2008 16:04:28 +0000 (17:04 +0100)]
pam: Deny everything in pam.d/other.

16 years agopam: Add default pam.d/other file.
Matthijs Kooijman [Tue, 30 Dec 2008 16:01:26 +0000 (17:01 +0100)]
pam: Add default pam.d/other file.

16 years agopam: Fix pam configuration for cron.
Matthijs Kooijman [Tue, 30 Dec 2008 15:50:45 +0000 (16:50 +0100)]
pam: Fix pam configuration for cron.

This allows non-ldap users (say, root) to use cron.

16 years agopam: Don't allow console logins.
Matthijs Kooijman [Tue, 30 Dec 2008 10:38:15 +0000 (11:38 +0100)]
pam: Don't allow console logins.

We don't have a console on a vserver anyway...

16 years agopam: Allow only root to change shells and user info.
Matthijs Kooijman [Tue, 30 Dec 2008 10:36:39 +0000 (11:36 +0100)]
pam: Allow only root to change shells and user info.

Since changing user info and shells for ldap users is not supported by
chfn and chsh anyway, and we have no real users that are not in ldap,
limiting this to just root makes sense.

16 years agopam: Add default pamd.d/{chfn,chsh,cron,login} files.
Matthijs Kooijman [Tue, 30 Dec 2008 10:24:58 +0000 (11:24 +0100)]
pam: Add default pamd.d/{chfn,chsh,cron,login} files.

16 years agopam: Remove all but one line from pam.d/su.
Matthijs Kooijman [Mon, 29 Dec 2008 19:03:51 +0000 (20:03 +0100)]
pam: Remove all but one line from pam.d/su.

The session modules seem useless, and the common files only include ldap
and don't know about root, so that only gives warnings when root is
trying to su.

This makes it impossible for non-root users to use su, but that's a
feature.

16 years agopam: Add default pam.d/su file.
Matthijs Kooijman [Mon, 29 Dec 2008 19:03:15 +0000 (20:03 +0100)]
pam: Add default pam.d/su file.

17 years agosystem: Set the timezone to Europe/Amsterdam.
Matthijs Kooijman [Thu, 9 Oct 2008 20:20:13 +0000 (22:20 +0200)]
system: Set the timezone to Europe/Amsterdam.

17 years agoapt: Move local repository from ~matthijs to /data.
Matthijs Kooijman [Thu, 9 Oct 2008 15:46:18 +0000 (15:46 +0000)]
apt: Move local repository from ~matthijs to /data.

17 years agobash: Include bash.bashrc from /etc/profile.
Matthijs Kooijman [Thu, 9 Oct 2008 13:15:34 +0000 (13:15 +0000)]
bash: Include bash.bashrc from /etc/profile.

17 years agosystem: Add resolv.conf, pointing to the DNS vserver.
Matthijs Kooijman [Thu, 9 Oct 2008 13:14:52 +0000 (13:14 +0000)]
system: Add resolv.conf, pointing to the DNS vserver.

17 years agobash: Add default global profile script.
root [Tue, 30 Sep 2008 14:49:56 +0000 (14:49 +0000)]
bash: Add default global profile script.

17 years agobash: Enable extended completion.
root [Tue, 30 Sep 2008 14:33:29 +0000 (14:33 +0000)]
bash: Enable extended completion.

17 years agobash: Add initial bashrc.
root [Tue, 30 Sep 2008 14:32:51 +0000 (14:32 +0000)]
bash: Add initial bashrc.

17 years agonss: Don't use mdns for name resolution.
root [Fri, 26 Sep 2008 10:16:05 +0000 (10:16 +0000)]
nss: Don't use mdns for name resolution.

This change was automatically made by removing avahi-daemon.

17 years agonullmailer: Add configuration.
root [Fri, 26 Sep 2008 10:15:05 +0000 (10:15 +0000)]
nullmailer: Add configuration.

17 years agopam: Enable LDAP host attribute checking.
root [Thu, 25 Sep 2008 15:36:02 +0000 (15:36 +0000)]
pam: Enable LDAP host attribute checking.

17 years agopam: Only use LDAP for auth and account, remove unix authentication.
root [Thu, 25 Sep 2008 15:30:51 +0000 (15:30 +0000)]
pam: Only use LDAP for auth and account, remove unix authentication.

17 years agopam: Simplify configuration.
root [Thu, 25 Sep 2008 12:19:43 +0000 (12:19 +0000)]
pam: Simplify configuration.

17 years agopam: Use LDAP for authentication.
root [Thu, 25 Sep 2008 10:24:14 +0000 (10:24 +0000)]
pam: Use LDAP for authentication.

17 years agonss: Use LDAP for passwd and group.
root [Thu, 25 Sep 2008 10:23:45 +0000 (10:23 +0000)]
nss: Use LDAP for passwd and group.

17 years agopam: Add default pam common- files.
root [Thu, 25 Sep 2008 07:48:37 +0000 (07:48 +0000)]
pam: Add default pam common- files.

17 years agoAdd local debian repository.
root [Thu, 21 Aug 2008 16:04:27 +0000 (16:04 +0000)]
Add local debian repository.

17 years agoImport initial sources.list.
root [Thu, 21 Aug 2008 15:45:24 +0000 (15:45 +0000)]
Import initial sources.list.