##############################################################
#
# cf.services : local network service configuration
#
###############################################################
###
#
# BEGIN cf.services
#
###
copy:
nexus::
/local/iu/etc/dfstab dest=/etc/dfs/dfstab
###############################################################
shellcommands:
nexus|dax::
# Clear a bad RPC channel. Someone using a bad port number?
"/usr/sbin/shareall"
###############################################################
copy:
/local/iu/etc/hosts.deny dest=/etc/hosts.deny mode=644 server=nexus
!dax::
/local/iu/etc/hosts.allow dest=/etc/hosts.allow mode=644 server=nexus
dax::
/local/iu/etc/hosts.allow.dax dest=/etc/hosts.allow mode=644 server=nexus
###############################################################
links:
NameServers::
/etc/named.conf -> /local/iu/dns/named.conf
MailHub::
/etc/mail/sendmail.cf ->! /iu/nexus/local/iu/mail/sendmail.cf
MailClients.solaris::
/etc/mail/sendmail.cf ->! /iu/nexus/local/iu/mail/nullclient.cf
#
# Sendmail, restricted shell needs these links
#
solaris::
# Most of these will only be run on the MailHost
# but flist (procmail) is run during sending...
/usr/adm/sm.bin/vacation -> /usr/ucb/vacation
/usr/adm/sm.bin/robot04 -> /iu/nexus/ua/robot/robot04
/usr/adm/sm.bin/flist -> /iu/nexus/ud/listmgr/.bin/flist
linux::
/usr/adm/sm.bin/vacation -> /usr/bin/vacation
nexus:: # Mirroring
/etc/rsyncd.conf -> /local/iu/etc/rsyncd.conf
###############################################################
editfiles:
{ /etc/services
AppendIfNoSuchLine "cfengine 5308/tcp"
}
FTPserver::
{ /etc/shells
AppendIfNoSuchLine "/bin/tcsh"
AppendIfNoSuchLine "/local/gnu/bin/bash"
}
{ /etc/inetd.conf
ReplaceAll "/local/etc/ftpd" With "/local/iu/sbin/tcpd"
ReplaceAll "in.ftpd" With "ftpd"
}
!FTPserver::
{ /etc/inetd.conf
HashCommentLinesContaining "in.ftpd"
}
any::
{ /etc/inetd.conf
DeleteLinesContaining "bootp"
DeleteLinesContaining "bootps"
AppendIfNoSuchLine "finger stream tcp nowait nobody /local/iu/sbin/tcpd in.fingerd"
AppendIfNoSuchLine "cfinger stream tcp nowait nobody /local/iu/sbin/tcpd in.cfingerd"
}
nexus::
{ /etc/inetd.conf
AppendIfNoSuchLine "netbios-ssn stream tcp nowait root /usr/local/samba/bin/smbd smbd"
AppendIfNoSuchLine "netbios-ns dgram udp wait root /usr/local/samba/bin/nmbd nmbd"
AppendIfNoSuchLine "rsync stream tcp nowait root /local/iu/sbin/tcpd rsync --daemon"
}
###############################################################
processes:
"bootp" signal=kill
"inetd" signal=hup
"sendmail" matches=>1
restart "/usr/lib/sendmail -bd -q15"
#
# Try to clear cfd zombies
#
"zombie" include=cfd
define=cfdzombie
cfdzombie::
"cfd" signal=kill
restart "/local/gnu/bin/cfd -m"
useshell=false
!cfdzombie::
"cfd"
restart "/local/gnu/bin/cfd -m"
useshell=false
any::
"sshd"
restart "/local/ssh-1.2.26/sshd"
useshell=false
"snmp" signal=kill
"powerd" signal=kill
"mibiisa" signal=kill
nexus::
"fingerd" matches=1 restart "/local/etc/fingerd"
"named" matches=>1
restart "/local/iu/bind/bin/named"
useshell=false
"httpd" matches=>1
restart "/local/iu/sbin/apachectl start"
useshell=false
inform=true
!nexus::
"httpd" signal=kill inform=true
"apache" signal=kill inform=true
###############################################################
files:
# Sendmail
/usr/adm/sm.bin mode=555 o=root g=other act=fixdirs
MailHub::
/local/iu/mail/sendmail.cf o=root m=444 act=fixplain
Nameservers::
/local/iu/dns/pz o=root m=644 act=fixall r=1
/local/iu/dns/pz/Fixserial m=755 action=fixplain
WWWServers.Rest.Hr00::
/local/iu/etc/apache m=664 o=root g=www act=fixall r=inf
FTPserver::
#
# Make sure anonymous ftp areas have the correct
# protection, or logins won't be able to read
# files - or perhaps a security risk. This is
# solaris 2 specific...
#
$(ftp)/pub mode=644 o=root g=other act=fixall
$(ftp)/pub mode=644 act=fixall r=inf
$(ftp)/etc mode=111 o=root g=other act=fixdirs
$(ftp)/usr/bin/ls mode=111 o=root g=other act=fixall
$(ftp)/dev mode=555 o=root g=other act=fixall
$(ftp)/usr mode=555 o=root g=other act=fixdirs
###############################################################
disable:
#
# We run Berkeley sendmail and the config files are
# all under /iu/nexus/local/lib/mail
#
/etc/aliases
nexus.Tuesday.Hr00::
#
# Disabling these log files weekly prevents them from
# growing so enormous that they fill the disk!
#
/local/iu/httpd/logs/access_log rotate=2
/local/iu/httpd/logs/agent_log rotate=empty
/local/iu/httpd/logs/error_log rotate=empty
/local/iu/httpd/logs/referer_log rotate=empty
FTPserver.Sunday.All::
/local/iu/logs/xferlog rotate=3
###
#
# END cf.services
#
###
