[or-cvs] r20580: {projects} Add misc cleanup script, update ssh keys with .14, and add s (in projects/misc-sysadmin: . selinux)
mikeperry at seul.org
mikeperry at seul.org
Tue Sep 15 20:33:33 UTC 2009
Author: mikeperry
Date: 2009-09-15 16:33:33 -0400 (Tue, 15 Sep 2009)
New Revision: 20580
Added:
projects/misc-sysadmin/misc-cleanup.sh
projects/misc-sysadmin/selinux/
projects/misc-sysadmin/selinux/install.sh
Modified:
projects/misc-sysadmin/00_CAPTAINS.LOG
projects/misc-sysadmin/ssh-keys
Log:
Add misc cleanup script, update ssh keys with .14, and add selinux module
install script.
Modified: projects/misc-sysadmin/00_CAPTAINS.LOG
===================================================================
--- projects/misc-sysadmin/00_CAPTAINS.LOG 2009-09-15 18:01:15 UTC (rev 20579)
+++ projects/misc-sysadmin/00_CAPTAINS.LOG 2009-09-15 20:33:33 UTC (rev 20580)
@@ -15,7 +15,11 @@
http://download.fedora.redhat.com/pub/epel/5Server/x86_64/epel-release-5-3.noarch.rpm
- Created+applied grsec-prep.sh based on selinux and grsec work
- Applied SELinux+GRSec kernel to all machines
+ - Installed pwgen
+TODO:
+ https://svn.torproject.org/svn/torperf/trunk/measurements-HOWTO
+
SELinux:
- Enabled selinux targeted policy via /etc/sysconfig/selinux
- /usr/sbin/genhomedircon && /sbin/fixfiles relabel
@@ -28,7 +32,7 @@
- Boot into properly root= set kernel before doing 'make install' to get
root= set right
- Patched LSILogic SCSI driver (prob not needed)
- - http://communities.vmware.com/thread/87702;jsessionid=393012D554F4BB0F6BB9704E12E7B159
+ - http://communities.vmware.com/thread/87702
- Made a custom initrd that does a forced mknod /dev/sda
- see kernel/initrd/init in this repository. Then do:
gzip -cd /boot/initrd-2.6.29.6-grsec-fc-nrl.img | cpio -idv
Added: projects/misc-sysadmin/misc-cleanup.sh
===================================================================
--- projects/misc-sysadmin/misc-cleanup.sh (rev 0)
+++ projects/misc-sysadmin/misc-cleanup.sh 2009-09-15 20:33:33 UTC (rev 20580)
@@ -0,0 +1,37 @@
+#!/bin/bash -x
+#
+# Clean up random annoying junk
+# Mike Perry <mikeperry at fscked.org>
+#
+# This is released under the same license as Tor
+#
+
+HOSTNAME=`hostname`
+echo "Attempting to prep $HOSTNAME..."
+if [ -f /tmp/misc-cleanup ];
+then
+echo "Already Cleaned!"
+exit
+fi
+
+KILL_ALL_HUMANS="some users some where"
+for i in $KILL_ALL_HUMANS
+do
+ /usr/sbin/userdel -r $i
+done
+
+grep -v TMOUT /etc/profile.d/os-security.sh > /etc/profile.d/os-security2.sh
+echo "readonly TMOUT=15000" >> /etc/profile.d/os-security2.sh
+echo "export PATH=/sbin:/usr/sbin:/usr/local/sbin:$PATH" >> /etc/profile.d/os-security2.sh
+mv /etc/profile.d/os-security2.sh /etc/profile.d/os-security.sh
+chmod 755 /etc/profile.d/os-security.sh
+
+yum -y install pwgen
+
+rpm -e smbios-utils-bin
+
+/sbin/fixfiles relabel
+
+
+echo
+touch /tmp/misc-cleanup
Added: projects/misc-sysadmin/selinux/install.sh
===================================================================
--- projects/misc-sysadmin/selinux/install.sh (rev 0)
+++ projects/misc-sysadmin/selinux/install.sh 2009-09-15 20:33:33 UTC (rev 20580)
@@ -0,0 +1,9 @@
+#!/bin/bash
+#
+# Helper script to build and install selinux modules
+
+M=`basename $1 .te`
+
+# Check, build, and install the module
+checkmodule -M -m -o $M.mod $M.te && semodule_package -o $M.pp -m $M.mod && semodule -i $M.pp
+
Modified: projects/misc-sysadmin/ssh-keys
===================================================================
--- projects/misc-sysadmin/ssh-keys 2009-09-15 18:01:15 UTC (rev 20579)
+++ projects/misc-sysadmin/ssh-keys 2009-09-15 20:33:33 UTC (rev 20580)
@@ -44,6 +44,9 @@
81:43:3e:5d:ed:03:0c:27:77:9b:7f:77:41:cf:2f:4d rsa
38.229.70.14
+e8:63:84:bd:b9:43:14:5b:38:8f:6f:ed:66:40:77:ec rsa1
+21:36:cf:49:26:8a:e7:3a:c9:6a:68:2c:27:73:f9:08 dsa
+dd:96:42:6d:2d:52:a5:9b:97:a5:aa:9c:18:4c:51:64 rsa
38.229.70.15
8e:28:11:d1:aa:f7:00:9f:3a:f9:b0:a2:e3:a1:f8:4a rsa1
More information about the tor-commits
mailing list