Moved etch packages in etch branch

back_ldap

+#!/bin/sh
+# /etc/cron.daily/standard: standard daily maintenance script
+# Written by Ian A. Murdock <imurdock@gnu.ai.mit.edu>
+# Modified by Ian Jackson <ijackson@nyx.cs.du.edu>
+# Modified by Steve Greenland <stevegr@debian.org>
+# Modified by Simone Piccardi <piccardi@trelite.it> for LDAP backup 
+
+
+bak=/var/backups
+LOCKFILE=/var/lock/cron.daily
+umask 022
+
+#
+# Avoid running more than one at a time -- could happen if the
+# checksecurity script lands on a network drive.
+#
+
+if [ -x /usr/bin/lockfile-create ] ; then
+    lockfile-create $LOCKFILE
+    if [ $? -ne 0 ] ; then
+	cat <<EOF
+
+Unable to run /etc/cron.daily/back_ldap because lockfile $LOCKFILE
+acquisition failed. This probably means that the previous days
+instance is still running. Please check and correct if necessary.
+
+EOF
+	exit 1
+    fi
+
+    # Keep lockfile fresh
+    lockfile-touch $LOCKFILE &
+    LOCKTOUCHPID="$!"
+fi
+
+#
+# Backup LDAP database
+#
+
+OLDBACK=slapd_back_`date +%F -d"8 days ago"`
+if cd $bak ; then
+    # do the backup if the daemon is running
+    if [ -f /var/run/slapd/slapd.pid ]; then
+	/etc/init.d/slapd stop
+        # dump data with slapcat
+	slapcat >  back_`date +%F`
+        # restart the daemon
+	/etc/init.d/slapd start
+        # remove old backups
+	[ -f "$OLDBACK" ] && rm  back_`date +%F -d"8 days ago"`
+        # remove old log file
+	cd /var/lib/ldap
+	db4.2_archive -d
+    fi
+fi
+
+#
+# Clean up lockfile
+#
+if [ -x /usr/bin/lockfile-create ] ; then
+    kill $LOCKTOUCHPID
+    lockfile-remove $LOCKFILE
+fi

conf/fuss-server.conf

+#
+# Configuration file for general properties of the fuss server
+# 
+# It's a shell script snippet that should declare all needed 
+# configuration variables. Configuration interface programs should
+# read and write values into this file. Because master password is here it 
+# should be readable only by root
+# 
+# Syntax is always:
+# VARIABLE='value'
+#
+
+# network properties
+LOCALNET=''
+DOMAIN=''
+WORKGROUP=''
+DHCP_RANGE=''
+
+# server properties
+MASTER_PASS=''
+GEOPLACE=''
+
+#
+# Optional Variables
+#
+EXTERN_IFACE=''
+INTERN_IFACES=''

conf/service-functions

+#
+# service-functions: some usefule shell functions
+# 
+# Copyright (C) 2007 Simone Piccardi & Truelite s.r.l
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; version 2 of the License.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program or from the site that you downloaded it
+# from; if not, write to the Free Software Foundation, Inc., 59 Temple
+# Place, Suite 330, Boston, MA  02111-1307   USA
+#
+
+# backup configuration file, if not empty! 
+backfile_old () {
+    if [ -s "$1" ]; then
+	cp -f "$1" "$1.orig"
+    fi
+}
+
+# compute CIDR number of bit from a netmask
+fw_cidr_comp () {
+    list=$(echo $1 | tr "." " ")
+    CIDR=0
+    for i in $list; do
+	while [ $i -gt 0 ]; do
+	    CIDR=$(( $CIDR+1 ))
+	    i=$(( $(( $i << 1 )) & 255 ))
+        done
+    done
+}
+
+# compute NETMASK from a CIDR bit number
+fw_netmask_comp () {
+
+    NETMASK=""
+    cidr=$1
+    while [ $(($cidr - 8 )) -ge 0 ]; do
+	cidr=$(( $cidr - 8 ))
+	NETMASK=255.$NETMASK
+    done
+    val=0
+    while [ $(( $cidr - 1 )) -ge 0 ]; do
+	cidr=$(( $cidr - 1 ))
+	val=$(( $val + $(( 1 << $(( 7 - $cidr )) )) ))
+    done
+    # avoid 
+    if [ $1 -ne 32 ]; then
+	NETMASK=$NETMASK$val
+    else
+        NETMASK=${NETMASK%.}
+    fi
+
+    if [ $1 -lt 8 ]; then
+	NETMASK=$NETMASK.0.0.0
+    elif [ $1 -lt 16 ]; then
+	NETMASK=$NETMASK.0.0
+    elif [ $1 -lt 24 ]; then
+	NETMASK=$NETMASK.0
+    fi 
+}
+
+reverse () {
+    IP=$(echo $1 | cut -d/ -f1)
+#    IPREV=$(echo $IP| awk -F"." '{print $4"."$3"."$2"."$1}')
+    export DIGIT=$(( $(echo $1 | cut -d/ -f2) / 8))
+    ZONE=$(echo $IP |
+	awk -F"." '{ORS="."; for (i=ENVIRON["DIGIT"]; i > 0; --i) print $i}'
+    )
+    NET=$(echo $IP |
+	awk -F"." '{ORS="."; for (i=1; i <= ENVIRON["DIGIT"]; ++i) print $i}'
+    )
+}
+
+revip () {
+    REVIP=$(echo $1 |
+	awk -F"." '{ORS=" "; for (i=ENVIRON["DIGIT"]+1;i <= 4;++i) print $i}' |
+	sed -re 's/[ ]([0-9])/.\1/g'
+    )
+}
+
+backfile () {
+    # date variable
+    if [ -z "$TODAY" ]; then
+	TODAY=`date +%F-%X`
+    fi
+    # backup dir
+    BACKDIR=/var/backups/fuss-server
+    BACKFILE=$BACKDIR/back_$TODAY.tar
+    if [ ! -f "$BACKFILE" ]; then
+	mkdir -p $BACKDIR 
+	touch $BACKFILE
+	chmod 600 $BACKFILE
+    fi
+    # backup
+    if [ -s "$1" ]; then
+	tar -f $BACKFILE -r "$1" 2> /dev/null
+    else
+	echo "Something wrong, file $1 is empty"
+    fi
+}
+
+# reset configuration variable
+resetconf () {
+    if [ -z "$CONF_FILE" ]; then 
+	CONF_FILE=/etc/fuss-server/fuss-server.conf
+    fi
+    if [ -e "$CONF_FILE" ]; then 
+	backfile $CONF_FILE 
+	cp $CONF_FILE $CONF_FILE.new
+	sed -r "s/$1='.*'/$1=''/g" $CONF_FILE.new > $CONF_FILE
+	rm $CONF_FILE.new
+    else
+	echo "Configuration file $CONF_FILE do not exists, nothing done" 
+    fi
+}
+
+# check IP address
+ip_check () {
+    if echo $1.| grep -E '^((1?[0-9]?[0-9]|2[0-4][0-9]|25[0-5])\.){4}' > /dev/null; then
+	OK=yes
+    else
+	OK=no
+    fi
+}
+
+# check network address in CIDR format
+# raw check, do not ensure that IP part is a network address
+cidr_check () {
+    if echo $1|grep "/">/dev/null; then
+	IP=$(echo $1 | cut -d/ -f 1)
+	ip_check $IP
+	if [ "$OK" = "yes" ]; then
+	    CIDR=$(echo $1 | cut -d/ -f 1)
+	    if echo $CIDR | grep -E '([1-2]?[0-9]|3[0-2])'>/dev/null; then
+		OK=yes
+	    else
+		OK=no
+	    fi
+	else
+	    OK=no
+	fi
+    else
+	OK=no
+    fi
+}
\ No newline at end of file

daemons/ChangeLog

+2007-02-20  Christopher R. Gabriel  <cgabriel@truelite.it>
+
+	* octofussd (EchoUDP): added an EchoUDP service to allow server 
+	discovery.
+

daemons/octofussd

+#!/usr/bin/env python
+#
+# -*- python -*-
+#
+#  File: octofussd
+# 
+#  Copyright (C) 2006 Christopher R. Gabriel <cgabriel@truelite.it> 
+# 
+#  This program is free software; you can redistribute it and/or modify
+#  it under the terms of the GNU General Public License as published by
+#  the Free Software Foundation; either version 2 of the License, or
+#  (at your option) any later version.
+# 
+
+__netport = 13400
+import sys, os, socket
+try:
+	from twisted.application import internet, service
+	from twisted.internet import protocol, reactor, defer
+	from twisted.internet.protocol import DatagramProtocol
+	from twisted.web import resource, server, static, xmlrpc
+	import time
+	from octofuss import db, config
+except ImportError, e:
+	print "Errore loading python libraries:"
+	print e
+	print "NOT STARTING"
+	sys.exit(0)
+
+def catchError(err):
+    return "Internal error in server"
+
+def gather_ssh_key(hostaddr):
+	client_info = socket.gethostbyaddr(hostaddr)[0]
+	full_hostname = client_info
+	hostname = client_info.split(".")[0]
+	
+	if os.path.isfile("/usr/bin/ssh-keyscan"):
+		if not os.path.isdir("/root/.ssh/"):
+			os.mkdir("/root/.ssh")
+		os.system("ssh-keyscan -t rsa,dsa %s >> /root/.ssh/known_hosts" % hostname)
+		os.system("ssh-keyscan -t rsa,dsa %s >> /root/.ssh/known_hosts" % full_hostname)
+	
+class RemoteInstall(xmlrpc.XMLRPC):
+
+	def __init__(self, service):
+		xmlrpc.XMLRPC.__init__(self)
+		self.service = service
+
+	def render(self,request):
+		self.client = request.getClient()
+		return xmlrpc.XMLRPC.render(self,request)
+
+	def xmlrpc_privileges(self):
+		c = db.cursor()
+		res = {}
+		options = config.options("GROUPS")
+		for op in options:
+			res[config.get("GROUPS", op)] = []
+
+		for k in res.keys():
+			c.execute("select username from usergroups where groupname = '%s'" % k)
+			data = c.fetchall()
+			for item in data:
+				res[k].append(item[0])
+		for hal in ['cdrom','plugdev', 'floppy', 'powerdev']:
+			if res.has_key(hal):
+				res[hal].append('haldaemon')
+				
+		return res
+	
+	def xmlrpc_client_ping(self):
+		print "%s is alive" % self.client
+		c = db.cursor()
+		c.execute("INSERT INTO client_activity (hostname,timestamp) VALUES ('%s','%f');" % (self.client,time.time()))
+		print "Updating '%s' public ssh key" % self.client
+		gather_ssh_key(self.client)
+		return "ack"
+
+	def xmlrpc_client_components(self,data):
+		c = db.cursor()
+		for component in data.keys():
+			c.execute("INSERT INTO client_components(hostname,component,value,timestamp) VALUES ('%s','%s','%s','%f')" % (self.client, component, data[component],time.time()))
+		return "ack"
+
+	
+	def xmlrpc_install_queue(self):
+		print "%s asked for packages" % self.client
+		c = db.cursor()
+		c.execute("select package from install_queue where hostname like '%s%%' and status = 0" % self.client)
+		data = c.fetchall()
+		r = []
+		for package in data:
+			r.append(package[0])
+		return r
+
+	def xmlrpc_install_log(self,package,result,log):
+		
+		hostname = self.client; print "#"*80,"\n", package, result, log
+		c = db.cursor()
+		logtime = time.strftime("%Y-%m-%d %H:%M:%S")
+		c.execute("update install_queue set status = %d, lastlog_time = '%s',lastlog = '%s' where package = '%s' and hostname = '%s'" %	(int(result),logtime,log,package,hostname))
+		print "Reply from host %s: package %s: %s: %s" % (hostname,package,result,log)
+		return "ACK"
+
+
+class OctofussResource(resource.Resource):
+	def __init__(self,service):
+		resource.Resource.__init__(self)
+		self.service = service
+		
+class OctofussService(service.Service):
+    def getResource(self):
+		r = OctofussResource(self)
+		x = RemoteInstall(self)
+		r.putChild('octofuss', x)
+		return r
+
+
+application = service.Application('octofussd')
+
+f = OctofussService()
+
+# our server discovery stuff
+
+class EchoUDP(DatagramProtocol):
+	def datagramReceived(self,datagram,address):
+		self.transport.write(datagram,address)
+
+serviceCollection = service.IServiceCollection(application)
+
+reactor.listenUDP(__netport, EchoUDP())
+internet.TCPServer(__netport, server.Site(f.getResource())
+                   ).setServiceParent(serviceCollection)
+

dansguardian-conf/content-filter-allowed-sites

+ubuntu.com
+debian.org
+dansguardian.org
+windowsupdate.microsoft.com
+windowsupdate.com
+microsoft.com
+fuss.bz.it
\ No newline at end of file

debian/changelog

+fuss-server (2.0.20-1) etch; urgency=low
+
+  * new CA.sh with new certificate default
+  * added a new script to renew SSL certificates (cert-renew.sh)
+
+ -- Christopher R. Gabriel <cgabriel@truelite.it>  Thu, 23 Oct 2008 11:14:53 +0200
+
+fuss-server (2.0.19-1) etch; urgency=low
+
+  * added 'octofuss-client' server edition, with a dedicated daily cron job 
+
+ -- Christopher R. Gabriel <cgabriel@truelite.it>  Mon, 04 Feb 2008 14:40:11 +0100
+
+fuss-server (2.0.18-1) etch; urgency=low
+
+  * New defaul configurations
+
+ -- Christopher R. Gabriel <cgabriel@truelite.it>  Tue,  4 Sep 2007 15:29:46 +0000
+
+fuss-server (2.0.17-1) etch; urgency=low
+
+  * Added LDAP cleaning script by Simone Piccardi <piccardi@truelite.it>
+  * Fixed --system args for 'internet' privilege group
+
+ -- Christopher R. Gabriel <cgabriel@truelite.it>  Sun,  2 Sep 2007 17:54:32 +0000
+
+fuss-server (2.0.16-1) etch; urgency=low
+
+  * Managed to have the haldaemon user always in hardware related groups
+
+ -- Christopher R. Gabriel <cgabriel@truelite.it>  Wed, 29 Aug 2007 15:10:59 +0200
+
+fuss-server (2.0.15-1) etch; urgency=low
+
+  * Corrections to access a local repository from squid
+  * Corrections to use an Unix group for the internet access
+
+ -- Simone Piccardi <piccardi@truelite.it>  Tue, 24 Jul 2007 16:56:39 +0200
+
+fuss-server (2.0.14-1) etch; urgency=low
+
+  * New upstream release
+  * Octofussd distributes user privileges to requesting clients.
+
+ -- Christopher R. Gabriel <cgabriel@truelite.it>  Mon,  2 Jul 2007 15:16:43 +0200
+
+fuss-server (2.0.13-1) etch; urgency=low
+
+  * New upstream release
+  * Setting ACL only on ext2 and ext3 filesystem
+
+ -- Simone Piccardi <piccardi@truelite.it>  Wed, 27 Jun 2007 15:14:23 +0200
+
+fuss-server (2.0.12-2) etch; urgency=low
+
+  * Aggiunti script di supporto per pulizia GCONF e LDAP
+
+ -- Christopher R. Gabriel <cgabriel@truelite.it>  Tue, 26 Jun 2007 15:18:45 +0200
+
+fuss-server (2.0.11-1) etch; urgency=low
+
+  * New upstream release
+  * sizelimit unlimited on slapd.conf
+  * correction on libnss-ldap.conf and pam_ldap.conf
+  * more check on libnss-ldap.conf and pam_ldap.conf client versions
+
+ -- Simone Piccardi <piccardi@truelite.it>  Mon, 25 Jun 2007 18:32:16 +0200
+
+fuss-server (2.0.10-1) etch; urgency=low
+
+  * Aggiornamenti firewall
+
+ -- Christopher R. Gabriel <cgabriel@truelite.it>  Fri, 22 Jun 2007 13:07:33 +0200
+
+fuss-server (2.0.9-1) etch; urgency=low
+
+  * New upstream release
+  * new name scheme for SSL certificate files
+  * removing remnant of old fuss-server
+
+ -- Simone Piccardi <piccardi@truelite.it>  Wed, 20 Jun 2007 19:03:24 +0200
+
+fuss-server (2.0.8-1) etch; urgency=low
+
+  * New upstream relaese 
+  * force input of configuration variables,
+  * install a new version of the service scripts capable to autoconfigure LDAP
+    parameters using the configuration files.
+  * new format for fuss-server.conf, use single quote
+
+ -- Simone Piccardi <piccardi@truelite.it>  Mon, 18 Jun 2007 14:49:18 +0200
+
+fuss-server (2.0.7-1) etch; urgency=low
+
+  * New upstream relaese: fix some problems with samba schema
+    installation. 
+
+ -- Simone Piccardi <piccardi@truelite.it>  Fri, 15 Jun 2007 14:52:13 +0200
+
+fuss-server (2.0.6-1) etch; urgency=low
+
+  * New upstream release: input verification, new backup system for
+    previous configurations
+
+ -- Simone Piccardi <piccardi@truelite.it>  Tue, 12 Jun 2007 19:10:59 +0200
+
+fuss-server (2.0.5-2) etch; urgency=low
+
+  * Added some dependencies
+
+ -- Simone Piccardi <piccardi@truelite.it>  Tue, 12 Jun 2007 15:27:12 +0200
+
+fuss-server (2.0.5-1) etch; urgency=low
+
+  * New upstream release - daemons fixes
+
+ -- Christopher R. Gabriel <cgabriel@truelite.it>  Tue, 12 Jun 2007 11:34:45 +0200
+
+fuss-server (2.0.4-1) etch; urgency=low
+
+  * New upstream release
+
+ -- Christopher R. Gabriel <cgabriel@truelite.it>  Mon, 11 Jun 2007 19:03:13 +0200
+
+fuss-server (2.0.3-1) etch; urgency=low
+
+  * New upstream release
+
+ -- Christopher R. Gabriel <cgabriel@truelite.it>  Mon, 11 Jun 2007 10:58:43 +0200
+
+fuss-server (2.0.2-1) etch; urgency=low
+
+  * New upstream release
+  * octofuss integration
+
+ -- Christopher R. Gabriel <cgabriel@truelite.it>  Thu,  7 Jun 2007 18:21:49 +0200
+
+fuss-server (2.0-1) etch; urgency=low
+
+  * Initial release. 
+
+ -- Simone Piccardi <piccardi@truelite.it>  Fri, 01 Jun 2007 23:35:17 +0200

debian/compat

+4

debian/conffiles

+/etc/fuss-server/fuss-server.conf
+/etc/fuss-server/firewall-external-services
+/etc/fuss-server/firewall-allowed-wan-hosts
+/etc/fuss-server/firewall-denied-lan-hosts
+/etc/fuss-server/firewall-allowed-wan-services
+/etc/fuss-server/firewall-allowed-wan-host-services
+/etc/fuss-server/firewall-allowed-lan-hosts
+/etc/fuss-server/content-filter-allowed-sites

debian/control

+Source: fuss-server
+Section: net
+Priority: optional
+Maintainer: Simone Piccardi <piccardi@truelite.it>
+Build-Depends: debhelper (>= 4.0.0)
+Standards-Version: 3.6.1.1
+
+Package: fuss-server
+Architecture: all
+Depends: python-twisted-core, wget, ssh, iproute, iputils-arping, ntpdate, nmap, tcpdump, hping2, strace, rsync, tiger, apt-listchanges, apt-listbugs, jed, links, mtr-tiny, traceroute, apt-spy, lsof, less, mutt, host, dnsutils, apticron, chkrootkit, xinetd, iptraf, hdparm, iptables, sudo, bzip2, netcat, pciutils, slapd, ldap-utils, libpam-ldap, libnss-ldap, python-ldap, samba, samba-client, samba-doc, quota, quotatool, db4.2-util, smbldap-tools, apache2-mpm-prefork, openssl, acl, debconf, cupsys, nfs-kernel-server, tdb-tools, witalian, unzip, squid, dansguardian, bind9, netmask, dhcp3-server, python, ldapvi, python-twisted-web, octofuss, xbase-clients, clusterssh, xvncviewer, sabayon
+Pre-Depends: portmap
+Description: Fuss Server
+ This packages contains everything to create a server for a Fuss
+ GNU/Linux Network.
+ Developed for the FUSS Project. See http://www.fuss.bz.it/
+
+

debian/copyright

+This is fuss-server, written and maintained by Christopher R. Gabriel
+<cgabriel@truelite.it> on Web, 27 Dec 2006 21:14:14 +0200.
+
+Copyright (C) 2005 FUSS Project http://www.fuss.bz.it/ 
+
+License:
+
+  This program is free software; you can redistribute it and/or modify
+  it under the terms of the GNU General Public License as published by
+  the Free Software Foundation; either version 2 of the License, or
+  (at your option) any later version.
+
+  This program is distributed in the hope that it will be useful,
+  but WITHOUT ANY WARRANTY; without even the implied warranty of
+  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+  GNU General Public License for more details.
+
+  You should have received a copy of the GNU General Public License
+  along with this package; if not, write to the Free Software
+  Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA
+  02111-1307, USA.
+
+On Debian systems, the complete text of the GNU General
+Public License can be found in `/usr/share/common-licenses/GPL'.

debian/fuss-server.cron.daily

+#!/bin/sh
+#
+
+/usr/sbin/octofuss-client

debian/fuss-server.init

+#! /bin/sh
+# -*- coding: utf-8 -*-
+# Octofuss init.d script for OCTOFUSSD
+# Copyright © 2006 Christoher R. Gabriel <cgabriel@truelite.it>
+set -e
+
+DAEMON=/usr/sbin/octofussd
+NAME=octofussd
+PIDDIR=/var/run/
+PIDFILE=$PIDDIR/octofussd.pid
+LOGFILE=/var/log/octofussd.log
+DESC="Octofuss service daemon"
+
+case "$1" in
+  start)
+		twistd -oy $DAEMON --pidfile=$PIDFILE --logfile=$LOGFILE
+  ;;
+  stop)
+		kill `cat $PIDFILE` || /bin/true
+  ;;
+  reload|force-reload)
+
+  ;;
+  restart)
+
+  ;;
+  *)
+    echo "Usage: /etc/init.d/$NAME {start|stop)" >&2
+    exit 1
+  ;;
+esac
+
+exit 0

debian/install

+octofuss-client		usr/sbin
+fuss-server		usr/sbin
+fuss-server-config	usr/sbin
+firewall		etc/init.d
+templates/*		usr/share/fuss-server/templates
+scripts/* 		usr/share/fuss-server/scripts