##############################################################
#
# cf.site - for iu.hioslo.no
#
# This file contains site specific data and system policy
#
#################################################################
###
#
# BEGIN cf.site
#
###
groups:
alias_update = ( '$(CheckAlias)' )
Setup_SSH_OK = ( '/usr/bin/test -f /etc/ssh_host_key' )
#################################################################
links:
Prepare::
/local -> /$(site)/$(binserver)/local
/usr/local -> /local
solaris::
/usr/bin/perl5 -> /local/bin/perl
/usr/bin/perl -> /local/bin/perl
# So that perl/cgi can find it...
/lib/libgdbm.so.1 -> /local/lib/libgdbm.so.1
dax::
/iu/dax/local +> /iu/nexus/local
waldo::
/local/bin/perl -> /usr/bin/perl
/local/etc/fingerdir -> /iu/nexus/local/etc/fingerdir
nexus::
/local/bin +> /local/latex/bin
/local/bin/xmgr -> /local/xmgr/bin/xmgr
nexus::
# Xemacs setup, by version
/local/lib/xemacs/site-lisp/site-start.el -> /iu/nexus/local/iu/lib/EmacsCStyleLisp
AllBinaryServers::
#
# KDE Setup
#
/local/kde/share/applnk/Graphics/Gimp.kdelnk ->! /iu/nexus/local/iu/lib/KdeSetup/Gimp.kdelnk
/local/kde/share/applnk/apps/Internet/TkRat.kdelnk ->! /iu/nexus/local/iu/lib/KdeSetup/TkRat.kdelnk
/local/kde/share/applnk/apps/WordProcessing/office.kdelnk ->! /iu/nexus/local/iu/lib/KdeSetup/office.kdelnk
/local/kde/share/applnk/apps/Graphic/xmgr.kdelnk ->! /iu/nexus/local/iu/lib/KdeSetup/xmgr.kdelnk
/local/kde/share/applnk/apps/Utilities/xterm.kdelnk ->! /iu/nexus/local/iu/lib/KdeSetup/xterm.kdelnk
/local/kde/share/applnk/apps/Development/freebuilder.kdelnk ->! /iu/nexus/local/iu/lib/KdeSetup/freebuilder.kdelnk
/local/kde/share/config/kpanelrc ->! /iu/nexus/local/iu/lib/KdeSetup/kpanelrc
/local/kde/share/config/kdisplayrc ->! /iu/nexus/local/iu/lib/KdeSetup/kdisplayrc
solaris::
/local/kde/share/applnk/apps/Development/javaworkshop.kdelnk ->! /iu/nexus/local/iu/lib/KdeSetup/javaworkshop.kdelnk
#
# KDM Setup
#
solaris::
/local/kde/share/config/kdmrc ->! /iu/nexus/local/iu/lib/kdmrcSolaris
linux::
/local/kde/share/config/kdmrc ->! /iu/nexus/local/iu/lib/kdmrcLinux
/etc/rc2.d/S13kdm ->! /iu/nexus/local/iu/etc/S13kdm
#############################################################
disable:
#
# CERT warning, security fix
#
any::
/usr/lib/expreserve
#################################################################
files:
Prepare::
/.cshrc m=0644 r=0 o=root act=touch
/tmp/screens/. m=0755 o=root act=touch
/var/spool/cron/crontabs/root m=0644 o=root act=touch
PasswdServer::
/local/iu/etc/passwd m=0644 o=root g=other action=fixplain
/local/iu/etc/shadow m=0600 o=root g=other action=fixplain
AllBinaryServers.Rest.Hr00::
/local mode=-0002 r=inf owner=root,bin group=0,1,2,3,4,5,6,7,staff
links=tidy action=fixall
nexus.Hr18::
/etc/mnttab m=644 act=fixall
/iu/nexus/ua/robot/.rhosts o=robot m=600 act=touch
/iu/nexus/ua/robot/robot04 o=robot m=700 act=fixplain
/local/latex/lib/tex/texmf/fonts owner=root
mode=1666
recurse=inf
action=fixall
# S/KEY installation
/etc/skeykeys mode=644 o=root action=touch
#################################################################
tidy:
#
# Make sure the file repository doesn't fill up
#
/var/spool/cfengine pattern=* age=0
/var pattern=core age=0 r=inf
/var/spool/mqueue pattern=* age=14 type=mtime
/var/mail pattern=BOGUS* age=0
/tmp pattern=.* age=1
#################################################################
shellcommands:
alias_update::
"/local/iu/bin/createalias"
PasswdServer::
# Build and install the BSD compatible passwd file
# from the master passwd/shadow file on solaris
"/local/iu/bin/BuildPasswdFiles"
"/local/iu/bin/BuildGroupFiles"
"/local/iu/bin/MakeScriptAlias"
nexus.Sunday.Hr15.OnTheHour::
#
# See how much rubbish users have accumulated each Sunday
#
"$(cfbin)/noseyparker /iu/nexus/u1 ${sysadm} "
"$(cfbin)/noseyparker /iu/nexus/u2 ${sysadm} "
"$(cfbin)/noseyparker /iu/nexus/u3 ${sysadm} "
"$(cfbin)/noseyparker /iu/nexus/u4 ${sysadm} "
"$(cfbin)/noseyparker /iu/nexus/ua ${sysadm} nomail"
"$(cfbin)/noseyparker /iu/nexus/ud ${sysadm} nomail"
nexus.Hr22::
#
# Update the GNU find/locate database each night
#
# Comment this out until new disk
"$(gnu)/bin/updatedb > /dev/null 2>&1"
WWWservers::
#
# Build lists over users who have home pages
#
"/local/iu/bin/newhomepage.sh > /dev/null 2>&1"
!Setup_SSH_OK::
"/local/iu/bin/SetupSSH"
###############################################################
editfiles:
#
# cfengine installs itself as a cron job - sneaky! :)
#
{ /var/spool/cron/crontabs/root
AppendIfNoSuchLine "0 * * * * $(cfbin)/cfwrap $(cfbin)/cfhourly"
AppendIfNoSuchLine "30 * * * * $(cfbin)/cfwrap $(cfbin)/cfhourly"
}
nexus::
{ /local/iu/lib/kdmrcSolaris
ReplaceAll "K Desktop Environment" With "Sun/Solaris"
CommentLinesMatching ".*ShutdownButton=RootOnly.*"
AppendIfNoSuchLine "ShutdownButton=ConsoleOnly"
}
{ /local/iu/lib/kdmrcLinux
ReplaceAll "K Desktop Environment" With "Debian GNU/Linux"
CommentLinesMatching ".*ShutdownButton=RootOnly.*"
AppendIfNoSuchLine "ShutdownButton=ConsoleOnly"
}
######################################################################
required:
#
# Any host must have a /local, /usr/local fs. Check that
# it exists and looks sensible. (i.e. not empty)
#
/${site}/${binserver}/local
/iu/nexus/u1 freespace=50mb define=emergency
/iu/nexus/u2 freespace=50mb define=emergency
/iu/nexus/u3 freespace=50mb define=emergency
/iu/nexus/u4 freespace=50mb define=emergency
/iu/nexus/ua freespace=50mb define=emergency
/iu/nexus/ud freespace=50mb define=emergency
######################################################################
copy:
solaris.!PasswdServer::
/etc/passwd dest=/etc/passwd server=nexus type=checksum
/etc/shadow dest=/etc/shadow server=nexus type=checksum
solaris::
$(nisfiles)/group.solaris dest=/etc/group server=nexus
linux::
$(nisfiles)/passwd.linux dest=/etc/passwd type=checksum
$(nisfiles)/group.linux dest=/etc/group server=nexus
any::
#
# Some basic system files are distributed
#
$(nisfiles)/ssh_known_hosts dest=/etc/ssh_known_hosts o=root mode=644
$(nisfiles)/hosts.deny dest=/etc/hosts.deny o=root mode=0644
$(nisfiles)/ntp.drift dest=/etc/ntp.drift mode=644
$(nisfiles)/shells dest=/etc/shells mode=644
solaris::
$(nisfiles)/services dest=/etc/inet/services mode=644
linux::
$(nisfiles)/services dest=/etc/services mode=644
any::
#
# Keep a local copy of cfengine files on each host in case nfs is down
#
/iu/nexus/local/gnu/lib/cfengine dest=/etc/cfengine r=inf mode=a+rx type=binary
/local/gnu/bin/cfengine dest=/etc/cfengine/bin/cfengine mode=755 type=checksum
FTPServer::
/local/iu/etc/shells dest=/etc/shells m=0644
#####################################################################
processes:
# No IRC robot security chasms thank you.....
any::
"eggdrop" signal=kill
"enting" signal=kill
"ping" signal=kill
# Kill processes over a day old.
linux::
SetOptionString "aux"
any::
"(Jan\|Feb\|Mar\|Apr\|May\|Jun\|Jul\|Aug\|Sep\|Oct\|Nov\|Dec)"
signal=kill
include=tcsh
include=xterm
include=kio
include=kaudio*
include=maudio*
include=netscape
include=ftp
include=tkrat
include=pine
include=irc
include=kfm
include=freebuild
include=java
include=/bin/ls
"maudio" signal=kill
"kaudio" signal=kill
