##############################################################
#
# cf.site - for iu.hioslo.no
#
# This file contains site specific data
#
#################################################################
###
#
# BEGIN cf.site
#
###
links:
Prepare::
/local -> /$(site)/$(binserver)/local
/usr/local -> /local
dax::
/iu/dax/local +> /iu/nexus/local
/projects -> /iu/dax/local/projects
/iu/nexus/u1/sowille/data -> /iu/dax/scratch/data
XBootServer::
#
# Set up a /local/tftpboot area where all X terminal
# stuff will be kept.
#
/tftpboot -> /local/tftpboot
/local/tftpboot/td/configs -> /local/tftpboot/td/examples/configs
/etc/bootptab -> /tftpboot/bootptab
/tftpboot/usr/lib/X11/td -> /tftpboot/td
NameServers::
/etc/named.boot -> /local/iu/named/named.boot
MailHub::
/etc/mail/sendmail.cf ->! /iu/nexus/local/mail/sendmail.cf
MailClients.solaris::
/etc/mail/sendmail.cf ->! /iu/nexus/local/mail/client.cf
nexus::
/local/bin +> /local/latex/bin
#############################################################
disable:
#
# We run Berkeley sendmail and the config files are
# all under /iu/nexus/local/lib/mail
#
/etc/aliases
WWWServers.Sunday::
#
# Disabling these log files weekly prevents them from
# growing so enormous that they fill the disk!
#
/local/iu/httpd/logs/access_log rotate=empty
/local/iu/httpd/logs/agent_log rotate=empty
/local/iu/httpd/logs/error_log rotate=empty
/local/iu/httpd/logs/referer_log rotate=empty
#
# CERT warning, security fix
#
any::
/usr/lib/expreserve
FTPserver.Sunday.Hr00::
/local/iu/xferlog rotate=3
#################################################################
files:
Prepare::
/etc/motd m=0644 r=0 o=root act=touch
/.cshrc m=0644 r=0 o=root act=touch
PasswdServer::
/local/iu/etc/passwd m=0644 o=root g=other action=fixplain
/local/iu/etc/shadow m=0644 o=root g=other action=fixplain
WWWServers.Rest::
/local/iu/www m=775 g=www act=fixall r=inf
/local/iu/httpd/conf m=664 o=root g=www act=fixall r=inf
/local/iu/www/cgi-bin-public/count_file m=777 o=root g=www act=fixplain
FTPserver::
#
# Make sure anonymous ftp areas have the correct
# protection, or logins won't be able to read
# files - or perhaps a security risk. This is
# solaris 2 specific...
#
$(ftp)/pub mode=755 o=ftp g=ftp r=inf act=fixall
$(ftp)/Obin mode=111 o=root g=other act=fixall
$(ftp)/etc mode=111 o=root g=other act=fixdirs
$(ftp)/usr/bin/ls mode=111 o=root g=other act=fixall
$(ftp)/dev mode=555 o=root g=other act=fixall
$(ftp)/usr mode=555 o=root g=other act=fixdirs
Prepare::
/etc/shells mode=0644 action=touch
AllBinaryServers.Rest.longjob::
/local mode=-0002 r=inf owner=root,bin group=0,1,2,3,4,5,6,7,staff
links=tidy action=fixall
/local/iu/RootMailLog m=0666 action=touch
dax.Rest::
/iu/dax/scratch r=0 o=root mode=1777 action=fixall
/iu/dax/local/projects r=0 o=root mode=755 action=fixdirs
nexus::
/local/mail/sendmail.cf o=root m=444 act=fixplain
/iu/nexus/ua/robot/.rhosts o=robot m=600 act=touch
/local/iu/named/pz o=root m=644 act=fixall r=1
/local/latex/lib/tex/texmf/fonts owner=root
mode=1666
recurse=inf
action=fixall
#################################################################
tidy:
#
# Make sure the file repository doesn't fill up
#
/var/spool/cfengine pattern=* age=3
/var pattern=core age=0 r=inf
/var/spool/mqueue pattern=* age=14 type=mtime
BackupHost::
# Here we tidy old backup tar files from the backup area
# A special tmp area gets cleared every 4 days. The files
# are created by Audun's backup help script (see shellcommands)
/iu/nexus/backup1 pat=* age=7
#################################################################
shellcommands:
PasswdServer::
# Build and install the BSD compatible passwd file
# from the master passwd/shadow file on solaris
"/local/iu/bin/BuildPasswdFiles"
"/local/iu/bin/BuildGroupFiles"
BackupHost.Sunday.Hr00|BackupHost.Wednesday.Hr00::
#
# Make a system backup of /iu/nexus/u? with Audun's script
#
"$(cfbin)/cfbackup -p -f /iu/nexus/backup1 -s /iu/nexus/ud"
"$(cfbin)/cfbackup -p -f /iu/nexus/backup1 -s /iu/nexus/ua"
"$(cfbin)/cfbackup -p -f /iu/nexus/backup1 -s /iu/nexus/u1"
"$(cfbin)/cfbackup -p -f /iu/nexus/backup1 -s /iu/nexus/u2"
"$(cfbin)/cfbackup -p -f /iu/nexus/backup2 -s /iu/nexus/u3"
"$(cfbin)/cfbackup -p -f /iu/nexus/backup2 -s /iu/nexus/u4"
"$(cfbin)/cfbackup -p -f /iu/nexus/backup2 -s /iu/nexus/u5"
"$(cfbin)/cfbackup -p -f /iu/nexus/backup2 -s /iu/nexus/u6"
nexus.Sunday.longjob.Hr00::
#
# See how much rubbish users have accumulated each Sunday
#
"$(cfbin)/noseyparker /iu/nexus/u1 $(sysadm) "
"$(cfbin)/noseyparker /iu/nexus/u2 $(sysadm) "
"$(cfbin)/noseyparker /iu/nexus/u3 $(sysadm) "
"$(cfbin)/noseyparker /iu/nexus/u4 $(sysadm) "
"$(cfbin)/noseyparker /iu/nexus/u5 $(sysadm) "
"$(cfbin)/noseyparker /iu/nexus/u6 $(sysadm) "
"$(cfbin)/noseyparker /iu/nexus/ua $(sysadm) nomail"
"$(cfbin)/noseyparker /iu/nexus/ud $(sysadm) nomail"
nexus.longjob.Hr00::
#
# Update the GNU find/locate database each night
#
"$(gnu)/lib/locate/updatedb"
"/local/iu/bin/newhomepage.sh"
###############################################################
editfiles:
#
# cfengine installs itself as a cron job - sneaky! :)
#
{ /var/spool/cron/crontabs/root
AppendIfNoSuchLine "0 * * * * $(cfbin)/cfwrap $(cfbin)/cfhourly"
}
FTPserver::
{ /etc/shells
AppendIfNoSuchLine "/bin/tcsh"
AppendIfNoSuchLine "/local/gnu/bin/bash"
}
XBootServer::
{ /etc/inetd.conf
AppendIfNoSuchLine
"bootp dgram udp wait root /local/bin/bootpd bootpd -i -d"
}
nexus::
{ /iu/nexus/ua/robot/.rhosts
AppendIfNoSuchLine "borg"
AppendIfNoSuchLine "borg.iu.hioslo.no"
AppendIfNoSuchLine "aud4"
AppendIfNoSuchLine "aud4.iu.hioslo.no"
}
dax::
{ /etc/system
AppendIfNoSuchLine "set pt_cnt=128"
}
######################################################################
required:
#
# Any host must have a /local, /usr/local fs. Check that
# it exists and looks sensible. (i.e. not empty)
#
/$(site)/$(binserver)/local
######################################################################
copy:
#
# NIS seems broken at IU, so here we use NFS to fudge
# a file distribution as a temporary solution. Actually
# this makes the system work faster without NIS!
#
$(nisfiles)/services dest=/etc/services o=root g=other mode=0644
$(nisfiles)/hosts.deny dest=/etc/hosts.deny o=root mode=0644
!debian::
$(nisfiles)/hosts dest=/etc/hosts o=root g=other mode=0644
PasswdServer::
/etc/passwd dest=$(nisfiles)/passwd o=root g=other mode=0644
/etc/shadow dest=$(nisfiles)/shadow o=root g=other mode=0644
nexus::
/local/iu/etc/dfstab dest=/etc/dfs/dfstab o=root mode=0744
solaris.!PasswdServer::
$(nisfiles)/passwd dest=/etc/passwd o=root g=other mode=0644
$(nisfiles)/shadow dest=/etc/shadow o=root g=other mode=0600
$(nisfiles)/group.solaris dest=/etc/group o=root g=other mode=0644
linux::
$(nisfiles)/passwd.linux dest=/etc/passwd o=root g=other mode=0644
$(nisfiles)/group.linux dest=/etc/group o=root g=other mode=0644
###############################################################
processes:
"eggdrop" signal=kill
"irc" signal=kill
"ping" signal=kill
"NetXRay" signal=kill
"netxray" signal=kill
"ypserv" signal=kill
"ypbind" signal=kill
"rarpd" signal=kill
"rpc.boot" signal=kill
"README" signal=kill # You don't sh README !
!XBootServer::
"bootp" signal=kill
#
# These processes are not killed every hour, but once a day
# when cfengine runs at night. Note that there are often
# hanging pine and elm processes. These programs crash and
# go berserk, using hundreds of hours of CPU time.
#
Hr00::
"cron" signal=hup # HUP these to update their config
"inetd" signal=hup
"/local/sdt/sdt/bin" signal=term # For those elektro dudes who forget
# to log out
"netscape" signal=kill
"pine" signal=kill
"elm" signal=kill
###
#
# END cf.site
#
###
Go to the first, previous, next, last section, table of contents.