############################################################## # # cf.site - for iu.hioslo.no # # This file contains site specific data and system policy # ################################################################# ### # # BEGIN cf.site # ### groups: alias_update = ( '$(CheckAlias)' ) Setup_SSH_OK = ( '/usr/bin/test -f /etc/ssh_host_key' ) ################################################################# links: Prepare:: /local -> /$(site)/$(binserver)/local /usr/local -> /local solaris:: /usr/bin/perl5 -> /local/bin/perl /usr/bin/perl -> /local/bin/perl # So that perl/cgi can find it... /lib/libgdbm.so.1 -> /local/lib/libgdbm.so.1 dax:: /iu/dax/local +> /iu/nexus/local waldo:: /local/bin/perl -> /usr/bin/perl /local/etc/fingerdir -> /iu/nexus/local/etc/fingerdir nexus:: /local/bin +> /local/latex/bin /local/bin/xmgr -> /local/xmgr/bin/xmgr nexus:: # Xemacs setup, by version /local/lib/xemacs/site-lisp/site-start.el -> /iu/nexus/local/iu/lib/EmacsCStyleLisp AllBinaryServers:: # # KDE Setup # /local/kde/share/applnk/Graphics/Gimp.kdelnk ->! /iu/nexus/local/iu/lib/KdeSetup/Gimp.kdelnk /local/kde/share/applnk/apps/Internet/TkRat.kdelnk ->! /iu/nexus/local/iu/lib/KdeSetup/TkRat.kdelnk /local/kde/share/applnk/apps/WordProcessing/office.kdelnk ->! /iu/nexus/local/iu/lib/KdeSetup/office.kdelnk /local/kde/share/applnk/apps/Graphic/xmgr.kdelnk ->! /iu/nexus/local/iu/lib/KdeSetup/xmgr.kdelnk /local/kde/share/applnk/apps/Utilities/xterm.kdelnk ->! /iu/nexus/local/iu/lib/KdeSetup/xterm.kdelnk /local/kde/share/applnk/apps/Development/freebuilder.kdelnk ->! /iu/nexus/local/iu/lib/KdeSetup/freebuilder.kdelnk /local/kde/share/config/kpanelrc ->! /iu/nexus/local/iu/lib/KdeSetup/kpanelrc /local/kde/share/config/kdisplayrc ->! /iu/nexus/local/iu/lib/KdeSetup/kdisplayrc solaris:: /local/kde/share/applnk/apps/Development/javaworkshop.kdelnk ->! /iu/nexus/local/iu/lib/KdeSetup/javaworkshop.kdelnk # # KDM Setup # solaris:: /local/kde/share/config/kdmrc ->! /iu/nexus/local/iu/lib/kdmrcSolaris linux:: /local/kde/share/config/kdmrc ->! /iu/nexus/local/iu/lib/kdmrcLinux /etc/rc2.d/S13kdm ->! /iu/nexus/local/iu/etc/S13kdm ############################################################# disable: # # CERT warning, security fix # any:: /usr/lib/expreserve ################################################################# files: Prepare:: /.cshrc m=0644 r=0 o=root act=touch /tmp/screens/. m=0755 o=root act=touch /var/spool/cron/crontabs/root m=0644 o=root act=touch PasswdServer:: /local/iu/etc/passwd m=0644 o=root g=other action=fixplain /local/iu/etc/shadow m=0600 o=root g=other action=fixplain AllBinaryServers.Rest.Hr00:: /local mode=-0002 r=inf owner=root,bin group=0,1,2,3,4,5,6,7,staff links=tidy action=fixall nexus.Hr18:: /etc/mnttab m=644 act=fixall /iu/nexus/ua/robot/.rhosts o=robot m=600 act=touch /iu/nexus/ua/robot/robot04 o=robot m=700 act=fixplain /local/latex/lib/tex/texmf/fonts owner=root mode=1666 recurse=inf action=fixall # S/KEY installation /etc/skeykeys mode=644 o=root action=touch ################################################################# tidy: # # Make sure the file repository doesn't fill up # /var/spool/cfengine pattern=* age=0 /var pattern=core age=0 r=inf /var/spool/mqueue pattern=* age=14 type=mtime /var/mail pattern=BOGUS* age=0 /tmp pattern=.* age=1 ################################################################# shellcommands: alias_update:: "/local/iu/bin/createalias" PasswdServer:: # Build and install the BSD compatible passwd file # from the master passwd/shadow file on solaris "/local/iu/bin/BuildPasswdFiles" "/local/iu/bin/BuildGroupFiles" "/local/iu/bin/MakeScriptAlias" nexus.Sunday.Hr15.OnTheHour:: # # See how much rubbish users have accumulated each Sunday # "$(cfbin)/noseyparker /iu/nexus/u1 ${sysadm} " "$(cfbin)/noseyparker /iu/nexus/u2 ${sysadm} " "$(cfbin)/noseyparker /iu/nexus/u3 ${sysadm} " "$(cfbin)/noseyparker /iu/nexus/u4 ${sysadm} " "$(cfbin)/noseyparker /iu/nexus/ua ${sysadm} nomail" "$(cfbin)/noseyparker /iu/nexus/ud ${sysadm} nomail" nexus.Hr22:: # # Update the GNU find/locate database each night # # Comment this out until new disk "$(gnu)/bin/updatedb > /dev/null 2>&1" WWWservers:: # # Build lists over users who have home pages # "/local/iu/bin/newhomepage.sh > /dev/null 2>&1" !Setup_SSH_OK:: "/local/iu/bin/SetupSSH" ############################################################### editfiles: # # cfengine installs itself as a cron job - sneaky! :) # { /var/spool/cron/crontabs/root AppendIfNoSuchLine "0 * * * * $(cfbin)/cfwrap $(cfbin)/cfhourly" AppendIfNoSuchLine "30 * * * * $(cfbin)/cfwrap $(cfbin)/cfhourly" } nexus:: { /local/iu/lib/kdmrcSolaris ReplaceAll "K Desktop Environment" With "Sun/Solaris" CommentLinesMatching ".*ShutdownButton=RootOnly.*" AppendIfNoSuchLine "ShutdownButton=ConsoleOnly" } { /local/iu/lib/kdmrcLinux ReplaceAll "K Desktop Environment" With "Debian GNU/Linux" CommentLinesMatching ".*ShutdownButton=RootOnly.*" AppendIfNoSuchLine "ShutdownButton=ConsoleOnly" } ###################################################################### required: # # Any host must have a /local, /usr/local fs. Check that # it exists and looks sensible. (i.e. not empty) # /${site}/${binserver}/local /iu/nexus/u1 freespace=50mb define=emergency /iu/nexus/u2 freespace=50mb define=emergency /iu/nexus/u3 freespace=50mb define=emergency /iu/nexus/u4 freespace=50mb define=emergency /iu/nexus/ua freespace=50mb define=emergency /iu/nexus/ud freespace=50mb define=emergency ###################################################################### copy: solaris.!PasswdServer:: /etc/passwd dest=/etc/passwd server=nexus type=checksum /etc/shadow dest=/etc/shadow server=nexus type=checksum solaris:: $(nisfiles)/group.solaris dest=/etc/group server=nexus linux:: $(nisfiles)/passwd.linux dest=/etc/passwd type=checksum $(nisfiles)/group.linux dest=/etc/group server=nexus any:: # # Some basic system files are distributed # $(nisfiles)/ssh_known_hosts dest=/etc/ssh_known_hosts o=root mode=644 $(nisfiles)/hosts.deny dest=/etc/hosts.deny o=root mode=0644 $(nisfiles)/ntp.drift dest=/etc/ntp.drift mode=644 $(nisfiles)/shells dest=/etc/shells mode=644 solaris:: $(nisfiles)/services dest=/etc/inet/services mode=644 linux:: $(nisfiles)/services dest=/etc/services mode=644 any:: # # Keep a local copy of cfengine files on each host in case nfs is down # /iu/nexus/local/gnu/lib/cfengine dest=/etc/cfengine r=inf mode=a+rx type=binary /local/gnu/bin/cfengine dest=/etc/cfengine/bin/cfengine mode=755 type=checksum FTPServer:: /local/iu/etc/shells dest=/etc/shells m=0644 ##################################################################### processes: # No IRC robot security chasms thank you..... any:: "eggdrop" signal=kill "enting" signal=kill "ping" signal=kill # Kill processes over a day old. linux:: SetOptionString "aux" any:: "(Jan\|Feb\|Mar\|Apr\|May\|Jun\|Jul\|Aug\|Sep\|Oct\|Nov\|Dec)" signal=kill include=tcsh include=xterm include=kio include=kaudio* include=maudio* include=netscape include=ftp include=tkrat include=pine include=irc include=kfm include=freebuild include=java include=/bin/ls "maudio" signal=kill "kaudio" signal=kill