Commit 8e490644 authored by Enrico Zini's avatar Enrico Zini
Browse files

Moved etch packages in etch branch

parents
#!/bin/sh
# /etc/cron.daily/standard: standard daily maintenance script
# Written by Ian A. Murdock <imurdock@gnu.ai.mit.edu>
# Modified by Ian Jackson <ijackson@nyx.cs.du.edu>
# Modified by Steve Greenland <stevegr@debian.org>
# Modified by Simone Piccardi <piccardi@trelite.it> for LDAP backup
bak=/var/backups
LOCKFILE=/var/lock/cron.daily
umask 022
#
# Avoid running more than one at a time -- could happen if the
# checksecurity script lands on a network drive.
#
if [ -x /usr/bin/lockfile-create ] ; then
lockfile-create $LOCKFILE
if [ $? -ne 0 ] ; then
cat <<EOF
Unable to run /etc/cron.daily/back_ldap because lockfile $LOCKFILE
acquisition failed. This probably means that the previous days
instance is still running. Please check and correct if necessary.
EOF
exit 1
fi
# Keep lockfile fresh
lockfile-touch $LOCKFILE &
LOCKTOUCHPID="$!"
fi
#
# Backup LDAP database
#
OLDBACK=slapd_back_`date +%F -d"8 days ago"`
if cd $bak ; then
# do the backup if the daemon is running
if [ -f /var/run/slapd/slapd.pid ]; then
/etc/init.d/slapd stop
# dump data with slapcat
slapcat > back_`date +%F`
# restart the daemon
/etc/init.d/slapd start
# remove old backups
[ -f "$OLDBACK" ] && rm back_`date +%F -d"8 days ago"`
# remove old log file
cd /var/lib/ldap
db4.2_archive -d
fi
fi
#
# Clean up lockfile
#
if [ -x /usr/bin/lockfile-create ] ; then
kill $LOCKTOUCHPID
lockfile-remove $LOCKFILE
fi
#
# Configuration file for general properties of the fuss server
#
# It's a shell script snippet that should declare all needed
# configuration variables. Configuration interface programs should
# read and write values into this file. Because master password is here it
# should be readable only by root
#
# Syntax is always:
# VARIABLE='value'
#
# network properties
LOCALNET=''
DOMAIN=''
WORKGROUP=''
DHCP_RANGE=''
# server properties
MASTER_PASS=''
GEOPLACE=''
#
# Optional Variables
#
EXTERN_IFACE=''
INTERN_IFACES=''
#
# service-functions: some usefule shell functions
#
# Copyright (C) 2007 Simone Piccardi & Truelite s.r.l
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; version 2 of the License.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program or from the site that you downloaded it
# from; if not, write to the Free Software Foundation, Inc., 59 Temple
# Place, Suite 330, Boston, MA 02111-1307 USA
#
# backup configuration file, if not empty!
backfile_old () {
if [ -s "$1" ]; then
cp -f "$1" "$1.orig"
fi
}
# compute CIDR number of bit from a netmask
fw_cidr_comp () {
list=$(echo $1 | tr "." " ")
CIDR=0
for i in $list; do
while [ $i -gt 0 ]; do
CIDR=$(( $CIDR+1 ))
i=$(( $(( $i << 1 )) & 255 ))
done
done
}
# compute NETMASK from a CIDR bit number
fw_netmask_comp () {
NETMASK=""
cidr=$1
while [ $(($cidr - 8 )) -ge 0 ]; do
cidr=$(( $cidr - 8 ))
NETMASK=255.$NETMASK
done
val=0
while [ $(( $cidr - 1 )) -ge 0 ]; do
cidr=$(( $cidr - 1 ))
val=$(( $val + $(( 1 << $(( 7 - $cidr )) )) ))
done
# avoid
if [ $1 -ne 32 ]; then
NETMASK=$NETMASK$val
else
NETMASK=${NETMASK%.}
fi
if [ $1 -lt 8 ]; then
NETMASK=$NETMASK.0.0.0
elif [ $1 -lt 16 ]; then
NETMASK=$NETMASK.0.0
elif [ $1 -lt 24 ]; then
NETMASK=$NETMASK.0
fi
}
reverse () {
IP=$(echo $1 | cut -d/ -f1)
# IPREV=$(echo $IP| awk -F"." '{print $4"."$3"."$2"."$1}')
export DIGIT=$(( $(echo $1 | cut -d/ -f2) / 8))
ZONE=$(echo $IP |
awk -F"." '{ORS="."; for (i=ENVIRON["DIGIT"]; i > 0; --i) print $i}'
)
NET=$(echo $IP |
awk -F"." '{ORS="."; for (i=1; i <= ENVIRON["DIGIT"]; ++i) print $i}'
)
}
revip () {
REVIP=$(echo $1 |
awk -F"." '{ORS=" "; for (i=ENVIRON["DIGIT"]+1;i <= 4;++i) print $i}' |
sed -re 's/[ ]([0-9])/.\1/g'
)
}
backfile () {
# date variable
if [ -z "$TODAY" ]; then
TODAY=`date +%F-%X`
fi
# backup dir
BACKDIR=/var/backups/fuss-server
BACKFILE=$BACKDIR/back_$TODAY.tar
if [ ! -f "$BACKFILE" ]; then
mkdir -p $BACKDIR
touch $BACKFILE
chmod 600 $BACKFILE
fi
# backup
if [ -s "$1" ]; then
tar -f $BACKFILE -r "$1" 2> /dev/null
else
echo "Something wrong, file $1 is empty"
fi
}
# reset configuration variable
resetconf () {
if [ -z "$CONF_FILE" ]; then
CONF_FILE=/etc/fuss-server/fuss-server.conf
fi
if [ -e "$CONF_FILE" ]; then
backfile $CONF_FILE
cp $CONF_FILE $CONF_FILE.new
sed -r "s/$1='.*'/$1=''/g" $CONF_FILE.new > $CONF_FILE
rm $CONF_FILE.new
else
echo "Configuration file $CONF_FILE do not exists, nothing done"
fi
}
# check IP address
ip_check () {
if echo $1.| grep -E '^((1?[0-9]?[0-9]|2[0-4][0-9]|25[0-5])\.){4}' > /dev/null; then
OK=yes
else
OK=no
fi
}
# check network address in CIDR format
# raw check, do not ensure that IP part is a network address
cidr_check () {
if echo $1|grep "/">/dev/null; then
IP=$(echo $1 | cut -d/ -f 1)
ip_check $IP
if [ "$OK" = "yes" ]; then
CIDR=$(echo $1 | cut -d/ -f 1)
if echo $CIDR | grep -E '([1-2]?[0-9]|3[0-2])'>/dev/null; then
OK=yes
else
OK=no
fi
else
OK=no
fi
else
OK=no
fi
}
\ No newline at end of file
2007-02-20 Christopher R. Gabriel <cgabriel@truelite.it>
* octofussd (EchoUDP): added an EchoUDP service to allow server
discovery.
#!/usr/bin/env python
#
# -*- python -*-
#
# File: octofussd
#
# Copyright (C) 2006 Christopher R. Gabriel <cgabriel@truelite.it>
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
#
__netport = 13400
import sys, os, socket
try:
from twisted.application import internet, service
from twisted.internet import protocol, reactor, defer
from twisted.internet.protocol import DatagramProtocol
from twisted.web import resource, server, static, xmlrpc
import time
from octofuss import db, config
except ImportError, e:
print "Errore loading python libraries:"
print e
print "NOT STARTING"
sys.exit(0)
def catchError(err):
return "Internal error in server"
def gather_ssh_key(hostaddr):
client_info = socket.gethostbyaddr(hostaddr)[0]
full_hostname = client_info
hostname = client_info.split(".")[0]
if os.path.isfile("/usr/bin/ssh-keyscan"):
if not os.path.isdir("/root/.ssh/"):
os.mkdir("/root/.ssh")
os.system("ssh-keyscan -t rsa,dsa %s >> /root/.ssh/known_hosts" % hostname)
os.system("ssh-keyscan -t rsa,dsa %s >> /root/.ssh/known_hosts" % full_hostname)
class RemoteInstall(xmlrpc.XMLRPC):
def __init__(self, service):
xmlrpc.XMLRPC.__init__(self)
self.service = service
def render(self,request):
self.client = request.getClient()
return xmlrpc.XMLRPC.render(self,request)
def xmlrpc_privileges(self):
c = db.cursor()
res = {}
options = config.options("GROUPS")
for op in options:
res[config.get("GROUPS", op)] = []
for k in res.keys():
c.execute("select username from usergroups where groupname = '%s'" % k)
data = c.fetchall()
for item in data:
res[k].append(item[0])
for hal in ['cdrom','plugdev', 'floppy', 'powerdev']:
if res.has_key(hal):
res[hal].append('haldaemon')
return res
def xmlrpc_client_ping(self):
print "%s is alive" % self.client
c = db.cursor()
c.execute("INSERT INTO client_activity (hostname,timestamp) VALUES ('%s','%f');" % (self.client,time.time()))
print "Updating '%s' public ssh key" % self.client
gather_ssh_key(self.client)
return "ack"
def xmlrpc_client_components(self,data):
c = db.cursor()
for component in data.keys():
c.execute("INSERT INTO client_components(hostname,component,value,timestamp) VALUES ('%s','%s','%s','%f')" % (self.client, component, data[component],time.time()))
return "ack"
def xmlrpc_install_queue(self):
print "%s asked for packages" % self.client
c = db.cursor()
c.execute("select package from install_queue where hostname like '%s%%' and status = 0" % self.client)
data = c.fetchall()
r = []
for package in data:
r.append(package[0])
return r
def xmlrpc_install_log(self,package,result,log):
hostname = self.client; print "#"*80,"\n", package, result, log
c = db.cursor()
logtime = time.strftime("%Y-%m-%d %H:%M:%S")
c.execute("update install_queue set status = %d, lastlog_time = '%s',lastlog = '%s' where package = '%s' and hostname = '%s'" % (int(result),logtime,log,package,hostname))
print "Reply from host %s: package %s: %s: %s" % (hostname,package,result,log)
return "ACK"
class OctofussResource(resource.Resource):
def __init__(self,service):
resource.Resource.__init__(self)
self.service = service
class OctofussService(service.Service):
def getResource(self):
r = OctofussResource(self)
x = RemoteInstall(self)
r.putChild('octofuss', x)
return r
application = service.Application('octofussd')
f = OctofussService()
# our server discovery stuff
class EchoUDP(DatagramProtocol):
def datagramReceived(self,datagram,address):
self.transport.write(datagram,address)
serviceCollection = service.IServiceCollection(application)
reactor.listenUDP(__netport, EchoUDP())
internet.TCPServer(__netport, server.Site(f.getResource())
).setServiceParent(serviceCollection)
ubuntu.com
debian.org
dansguardian.org
windowsupdate.microsoft.com
windowsupdate.com
microsoft.com
fuss.bz.it
\ No newline at end of file
fuss-server (2.0.20-1) etch; urgency=low
* new CA.sh with new certificate default
* added a new script to renew SSL certificates (cert-renew.sh)
-- Christopher R. Gabriel <cgabriel@truelite.it> Thu, 23 Oct 2008 11:14:53 +0200
fuss-server (2.0.19-1) etch; urgency=low
* added 'octofuss-client' server edition, with a dedicated daily cron job
-- Christopher R. Gabriel <cgabriel@truelite.it> Mon, 04 Feb 2008 14:40:11 +0100
fuss-server (2.0.18-1) etch; urgency=low
* New defaul configurations
-- Christopher R. Gabriel <cgabriel@truelite.it> Tue, 4 Sep 2007 15:29:46 +0000
fuss-server (2.0.17-1) etch; urgency=low
* Added LDAP cleaning script by Simone Piccardi <piccardi@truelite.it>
* Fixed --system args for 'internet' privilege group
-- Christopher R. Gabriel <cgabriel@truelite.it> Sun, 2 Sep 2007 17:54:32 +0000
fuss-server (2.0.16-1) etch; urgency=low
* Managed to have the haldaemon user always in hardware related groups
-- Christopher R. Gabriel <cgabriel@truelite.it> Wed, 29 Aug 2007 15:10:59 +0200
fuss-server (2.0.15-1) etch; urgency=low
* Corrections to access a local repository from squid
* Corrections to use an Unix group for the internet access
-- Simone Piccardi <piccardi@truelite.it> Tue, 24 Jul 2007 16:56:39 +0200
fuss-server (2.0.14-1) etch; urgency=low
* New upstream release
* Octofussd distributes user privileges to requesting clients.
-- Christopher R. Gabriel <cgabriel@truelite.it> Mon, 2 Jul 2007 15:16:43 +0200
fuss-server (2.0.13-1) etch; urgency=low
* New upstream release
* Setting ACL only on ext2 and ext3 filesystem
-- Simone Piccardi <piccardi@truelite.it> Wed, 27 Jun 2007 15:14:23 +0200
fuss-server (2.0.12-2) etch; urgency=low
* Aggiunti script di supporto per pulizia GCONF e LDAP
-- Christopher R. Gabriel <cgabriel@truelite.it> Tue, 26 Jun 2007 15:18:45 +0200
fuss-server (2.0.11-1) etch; urgency=low
* New upstream release
* sizelimit unlimited on slapd.conf
* correction on libnss-ldap.conf and pam_ldap.conf
* more check on libnss-ldap.conf and pam_ldap.conf client versions
-- Simone Piccardi <piccardi@truelite.it> Mon, 25 Jun 2007 18:32:16 +0200
fuss-server (2.0.10-1) etch; urgency=low
* Aggiornamenti firewall
-- Christopher R. Gabriel <cgabriel@truelite.it> Fri, 22 Jun 2007 13:07:33 +0200
fuss-server (2.0.9-1) etch; urgency=low
* New upstream release
* new name scheme for SSL certificate files
* removing remnant of old fuss-server
-- Simone Piccardi <piccardi@truelite.it> Wed, 20 Jun 2007 19:03:24 +0200
fuss-server (2.0.8-1) etch; urgency=low
* New upstream relaese
* force input of configuration variables,
* install a new version of the service scripts capable to autoconfigure LDAP
parameters using the configuration files.
* new format for fuss-server.conf, use single quote
-- Simone Piccardi <piccardi@truelite.it> Mon, 18 Jun 2007 14:49:18 +0200
fuss-server (2.0.7-1) etch; urgency=low
* New upstream relaese: fix some problems with samba schema
installation.
-- Simone Piccardi <piccardi@truelite.it> Fri, 15 Jun 2007 14:52:13 +0200
fuss-server (2.0.6-1) etch; urgency=low
* New upstream release: input verification, new backup system for
previous configurations
-- Simone Piccardi <piccardi@truelite.it> Tue, 12 Jun 2007 19:10:59 +0200
fuss-server (2.0.5-2) etch; urgency=low
* Added some dependencies
-- Simone Piccardi <piccardi@truelite.it> Tue, 12 Jun 2007 15:27:12 +0200
fuss-server (2.0.5-1) etch; urgency=low
* New upstream release - daemons fixes
-- Christopher R. Gabriel <cgabriel@truelite.it> Tue, 12 Jun 2007 11:34:45 +0200
fuss-server (2.0.4-1) etch; urgency=low
* New upstream release
-- Christopher R. Gabriel <cgabriel@truelite.it> Mon, 11 Jun 2007 19:03:13 +0200
fuss-server (2.0.3-1) etch; urgency=low
* New upstream release
-- Christopher R. Gabriel <cgabriel@truelite.it> Mon, 11 Jun 2007 10:58:43 +0200
fuss-server (2.0.2-1) etch; urgency=low
* New upstream release
* octofuss integration
-- Christopher R. Gabriel <cgabriel@truelite.it> Thu, 7 Jun 2007 18:21:49 +0200
fuss-server (2.0-1) etch; urgency=low
* Initial release.
-- Simone Piccardi <piccardi@truelite.it> Fri, 01 Jun 2007 23:35:17 +0200
/etc/fuss-server/fuss-server.conf
/etc/fuss-server/firewall-external-services
/etc/fuss-server/firewall-allowed-wan-hosts
/etc/fuss-server/firewall-denied-lan-hosts
/etc/fuss-server/firewall-allowed-wan-services
/etc/fuss-server/firewall-allowed-wan-host-services
/etc/fuss-server/firewall-allowed-lan-hosts
/etc/fuss-server/content-filter-allowed-sites
Source: fuss-server
Section: net
Priority: optional
Maintainer: Simone Piccardi <piccardi@truelite.it>
Build-Depends: debhelper (>= 4.0.0)
Standards-Version: 3.6.1.1
Package: fuss-server
Architecture: all
Depends: python-twisted-core, wget, ssh, iproute, iputils-arping, ntpdate, nmap, tcpdump, hping2, strace, rsync, tiger, apt-listchanges, apt-listbugs, jed, links, mtr-tiny, traceroute, apt-spy, lsof, less, mutt, host, dnsutils, apticron, chkrootkit, xinetd, iptraf, hdparm, iptables, sudo, bzip2, netcat, pciutils, slapd, ldap-utils, libpam-ldap, libnss-ldap, python-ldap, samba, samba-client, samba-doc, quota, quotatool, db4.2-util, smbldap-tools, apache2-mpm-prefork, openssl, acl, debconf, cupsys, nfs-kernel-server, tdb-tools, witalian, unzip, squid, dansguardian, bind9, netmask, dhcp3-server, python, ldapvi, python-twisted-web, octofuss, xbase-clients, clusterssh, xvncviewer, sabayon
Pre-Depends: portmap
Description: Fuss Server
This packages contains everything to create a server for a Fuss
GNU/Linux Network.
Developed for the FUSS Project. See http://www.fuss.bz.it/
This is fuss-server, written and maintained by Christopher R. Gabriel
<cgabriel@truelite.it> on Web, 27 Dec 2006 21:14:14 +0200.
Copyright (C) 2005 FUSS Project http://www.fuss.bz.it/
License:
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this package; if not, write to the Free Software
Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA
02111-1307, USA.
On Debian systems, the complete text of the GNU General
Public License can be found in `/usr/share/common-licenses/GPL'.
#!/bin/sh
#
/usr/sbin/octofuss-client
#! /bin/sh
# -*- coding: utf-8 -*-
# Octofuss init.d script for OCTOFUSSD
# Copyright © 2006 Christoher R. Gabriel <cgabriel@truelite.it>
set -e
DAEMON=/usr/sbin/octofussd
NAME=octofussd
PIDDIR=/var/run/
PIDFILE=$PIDDIR/octofussd.pid
LOGFILE=/var/log/octofussd.log
DESC="Octofuss service daemon"
case "$1" in
start)
twistd -oy $DAEMON --pidfile=$PIDFILE --logfile=$LOGFILE
;;
stop)
kill `cat $PIDFILE` || /bin/true
;;
reload|force-reload)
;;
restart)
;;
*)
echo "Usage: /etc/init.d/$NAME {start|stop)" >&2
exit 1
;;
esac
exit 0
octofuss-client usr/sbin
fuss-server usr/sbin
fuss-server-config usr/sbin
firewall etc/init.d
templates/* usr/share/fuss-server/templates
scripts/* usr/share/fuss-server/scripts