FiXato-ubuntu-machine 0.5.3.2.2 → 0.5.3.2.3
Sign up to get free protection for your applications and to get access to all the features.
- data/lib/capistrano/ext/ubuntu-machine.rb +3 -1
- data/lib/capistrano/ext/ubuntu-machine/apache.rb +9 -0
- data/lib/capistrano/ext/ubuntu-machine/ssh.rb +9 -0
- data/lib/capistrano/ext/ubuntu-machine/templates/vsftpd.conf.erb +158 -0
- data/lib/capistrano/ext/ubuntu-machine/tmpfs.rb +20 -0
- data/lib/capistrano/ext/ubuntu-machine/vsftpd.rb +54 -0
- metadata +5 -2
@@ -19,4 +19,6 @@ Capistrano::Configuration.instance.load {load("#{File.dirname(__FILE__)}/ubuntu-
|
|
19
19
|
Capistrano::Configuration.instance.load {load("#{File.dirname(__FILE__)}/ubuntu-machine/postfix.rb")}
|
20
20
|
Capistrano::Configuration.instance.load {load("#{File.dirname(__FILE__)}/ubuntu-machine/ruby.rb")}
|
21
21
|
Capistrano::Configuration.instance.load {load("#{File.dirname(__FILE__)}/ubuntu-machine/ssh.rb")}
|
22
|
-
Capistrano::Configuration.instance.load {load("#{File.dirname(__FILE__)}/ubuntu-machine/
|
22
|
+
Capistrano::Configuration.instance.load {load("#{File.dirname(__FILE__)}/ubuntu-machine/tmpfs.rb")}
|
23
|
+
Capistrano::Configuration.instance.load {load("#{File.dirname(__FILE__)}/ubuntu-machine/utils.rb")}
|
24
|
+
Capistrano::Configuration.instance.load {load("#{File.dirname(__FILE__)}/ubuntu-machine/vsftpd.rb")}
|
@@ -123,4 +123,13 @@ namespace :apache do
|
|
123
123
|
sudo "a2enmod deflate"
|
124
124
|
force_reload
|
125
125
|
end
|
126
|
+
|
127
|
+
desc "Install mod-xsendfile"
|
128
|
+
task :install_mod_xsendfile, :roles => :web do
|
129
|
+
run "wget http://tn123.ath.cx/mod_xsendfile/mod_xsendfile-0.9.tar.gz -O mod_xsendfile-0.9.tar.gz"
|
130
|
+
run "tar -xzf mod_xsendfile-0.9.tar.gz"
|
131
|
+
sudo "mkdir -p /usr/local/src"
|
132
|
+
sudo "mv mod_xsendfile-0.9* /usr/local/src/"
|
133
|
+
sudo "apxs2 -cia /usr/local/src/mod_xsendfile-0.9/mod_xsendfile.c"
|
134
|
+
end
|
126
135
|
end
|
@@ -60,5 +60,14 @@ namespace :ssh do
|
|
60
60
|
sudo "/etc/init.d/ssh reload"
|
61
61
|
end
|
62
62
|
|
63
|
+
desc <<-DESC
|
64
|
+
Upload a default SSH config.
|
65
|
+
DESC
|
66
|
+
task :upload_ssh_config, :roles => :gateway do
|
67
|
+
run "mkdir -p ~/.ssh"
|
68
|
+
run "chown -R #{user}:#{user} ~/.ssh"
|
69
|
+
run "chmod 700 ~/.ssh"
|
70
|
+
put File.read(ssh_config), "./.ssh/config", :mode => 0600
|
71
|
+
end
|
63
72
|
|
64
73
|
end
|
@@ -0,0 +1,158 @@
|
|
1
|
+
# Example config file /etc/vsftpd.conf
|
2
|
+
#
|
3
|
+
# The default compiled in settings are fairly paranoid. This sample file
|
4
|
+
# loosens things up a bit, to make the ftp daemon more usable.
|
5
|
+
# Please see vsftpd.conf.5 for all compiled in defaults.
|
6
|
+
#
|
7
|
+
# READ THIS: This example file is NOT an exhaustive list of vsftpd options.
|
8
|
+
# Please read the vsftpd.conf.5 manual page to get a full idea of vsftpd's
|
9
|
+
# capabilities.
|
10
|
+
#
|
11
|
+
#
|
12
|
+
# Run standalone? vsftpd can run either from an inetd or as a standalone
|
13
|
+
# daemon started from an initscript.
|
14
|
+
#listen=YES
|
15
|
+
#
|
16
|
+
# Run standalone with IPv6?
|
17
|
+
# Like the listen parameter, except vsftpd will listen on an IPv6 socket
|
18
|
+
# instead of an IPv4 one. This parameter and the listen parameter are mutually
|
19
|
+
# exclusive.
|
20
|
+
#listen_ipv6=YES
|
21
|
+
#
|
22
|
+
# Allow anonymous FTP? (Beware - allowed by default if you comment this out).
|
23
|
+
#anonymous_enable=YES
|
24
|
+
#
|
25
|
+
# Uncomment this to allow local users to log in.
|
26
|
+
#local_enable=YES
|
27
|
+
#
|
28
|
+
# Uncomment this to enable any form of FTP write command.
|
29
|
+
#write_enable=YES
|
30
|
+
#
|
31
|
+
# Default umask for local users is 077. You may wish to change this to 022,
|
32
|
+
# if your users expect that (022 is used by most other ftpd's)
|
33
|
+
#local_umask=022
|
34
|
+
#
|
35
|
+
# Uncomment this to allow the anonymous FTP user to upload files. This only
|
36
|
+
# has an effect if the above global write enable is activated. Also, you will
|
37
|
+
# obviously need to create a directory writable by the FTP user.
|
38
|
+
#anon_upload_enable=YES
|
39
|
+
#
|
40
|
+
# Uncomment this if you want the anonymous FTP user to be able to create
|
41
|
+
# new directories.
|
42
|
+
#anon_mkdir_write_enable=YES
|
43
|
+
#
|
44
|
+
# Activate directory messages - messages given to remote users when they
|
45
|
+
# go into a certain directory.
|
46
|
+
#dirmessage_enable=YES
|
47
|
+
#
|
48
|
+
# Activate logging of uploads/downloads.
|
49
|
+
#xferlog_enable=YES
|
50
|
+
#
|
51
|
+
# Make sure PORT transfer connections originate from port 20 (ftp-data).
|
52
|
+
#connect_from_port_20=YES
|
53
|
+
#
|
54
|
+
# If you want, you can arrange for uploaded anonymous files to be owned by
|
55
|
+
# a different user. Note! Using "root" for uploaded files is not
|
56
|
+
# recommended!
|
57
|
+
#chown_uploads=YES
|
58
|
+
#chown_username=whoever
|
59
|
+
#
|
60
|
+
# You may override where the log file goes if you like. The default is shown
|
61
|
+
# below.
|
62
|
+
#xferlog_file=/var/log/vsftpd.log
|
63
|
+
#
|
64
|
+
# If you want, you can have your log file in standard ftpd xferlog format
|
65
|
+
#xferlog_std_format=YES
|
66
|
+
#
|
67
|
+
# You may change the default value for timing out an idle session.
|
68
|
+
#idle_session_timeout=600
|
69
|
+
#
|
70
|
+
# You may change the default value for timing out a data connection.
|
71
|
+
#data_connection_timeout=120
|
72
|
+
#
|
73
|
+
# It is recommended that you define on your system a unique user which the
|
74
|
+
# ftp server can use as a totally isolated and unprivileged user.
|
75
|
+
#nopriv_user=ftpsecure
|
76
|
+
#
|
77
|
+
# Enable this and the server will recognise asynchronous ABOR requests. Not
|
78
|
+
# recommended for security (the code is non-trivial). Not enabling it,
|
79
|
+
# however, may confuse older FTP clients.
|
80
|
+
#async_abor_enable=YES
|
81
|
+
#
|
82
|
+
# By default the server will pretend to allow ASCII mode but in fact ignore
|
83
|
+
# the request. Turn on the below options to have the server actually do ASCII
|
84
|
+
# mangling on files when in ASCII mode.
|
85
|
+
# Beware that on some FTP servers, ASCII support allows a denial of service
|
86
|
+
# attack (DoS) via the command "SIZE /big/file" in ASCII mode. vsftpd
|
87
|
+
# predicted this attack and has always been safe, reporting the size of the
|
88
|
+
# raw file.
|
89
|
+
# ASCII mangling is a horrible feature of the protocol.
|
90
|
+
#ascii_upload_enable=YES
|
91
|
+
#ascii_download_enable=YES
|
92
|
+
#
|
93
|
+
# You may fully customise the login banner string:
|
94
|
+
#ftpd_banner=Welcome to blah FTP service.
|
95
|
+
#
|
96
|
+
# You may specify a file of disallowed anonymous e-mail addresses. Apparently
|
97
|
+
# useful for combatting certain DoS attacks.
|
98
|
+
#deny_email_enable=YES
|
99
|
+
# (default follows)
|
100
|
+
#banned_email_file=/etc/vsftpd.banned_emails
|
101
|
+
#
|
102
|
+
# You may restrict local users to their home directories. See the FAQ for
|
103
|
+
# the possible risks in this before using chroot_local_user or
|
104
|
+
# chroot_list_enable below.
|
105
|
+
#chroot_local_user=YES
|
106
|
+
#
|
107
|
+
# You may specify an explicit list of local users to chroot() to their home
|
108
|
+
# directory. If chroot_local_user is YES, then this list becomes a list of
|
109
|
+
# users to NOT chroot().
|
110
|
+
#chroot_list_enable=YES
|
111
|
+
# (default follows)
|
112
|
+
#chroot_list_file=/etc/vsftpd.chroot_list
|
113
|
+
#
|
114
|
+
# You may activate the "-R" option to the builtin ls. This is disabled by
|
115
|
+
# default to avoid remote users being able to cause excessive I/O on large
|
116
|
+
# sites. However, some broken FTP clients such as "ncftp" and "mirror" assume
|
117
|
+
# the presence of the "-R" option, so there is a strong case for enabling it.
|
118
|
+
#ls_recurse_enable=YES
|
119
|
+
#
|
120
|
+
#
|
121
|
+
# Debian customization
|
122
|
+
#
|
123
|
+
# Some of vsftpd's settings don't fit the Debian filesystem layout by
|
124
|
+
# default. These settings are more Debian-friendly.
|
125
|
+
#
|
126
|
+
# This option should be the name of a directory which is empty. Also, the
|
127
|
+
# directory should not be writable by the ftp user. This directory is used
|
128
|
+
# as a secure chroot() jail at times vsftpd does not require filesystem
|
129
|
+
# access.
|
130
|
+
secure_chroot_dir=/var/run/vsftpd
|
131
|
+
#
|
132
|
+
# This string is the name of the PAM service vsftpd will use.
|
133
|
+
pam_service_name=vsftpd
|
134
|
+
#
|
135
|
+
# This option specifies the location of the RSA certificate to use for SSL
|
136
|
+
# encrypted connections.
|
137
|
+
rsa_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
|
138
|
+
# This option specifies the location of the RSA key to use for SSL
|
139
|
+
# encrypted connections.
|
140
|
+
rsa_private_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
|
141
|
+
|
142
|
+
# We run from init.d
|
143
|
+
listen=YES
|
144
|
+
# We do not want anons connecting nor uploading
|
145
|
+
anonymous_enable=NO
|
146
|
+
anon_upload_enable=NO
|
147
|
+
# We want local users connecting/writing
|
148
|
+
local_enable=YES
|
149
|
+
write_enable=YES
|
150
|
+
# Files are initially created as Owner/Group read/write
|
151
|
+
file_open_mode=0660
|
152
|
+
local_umask=0007
|
153
|
+
# No need for active directory messages
|
154
|
+
dirmessage_enable=NO
|
155
|
+
xferlog_enable=YES
|
156
|
+
connect_from_port_20=YES
|
157
|
+
# Jail that local user!
|
158
|
+
chroot_local_user=YES
|
@@ -0,0 +1,20 @@
|
|
1
|
+
namespace :tmpfs do
|
2
|
+
set :tmpfs_directories do
|
3
|
+
{
|
4
|
+
'/tmpfs' => {:size => '2G', :mode => '0744'},
|
5
|
+
}
|
6
|
+
end
|
7
|
+
|
8
|
+
desc "Create tmpfs directories"
|
9
|
+
task :create_directories, :roles => :app do
|
10
|
+
tmpfs_directories.each do |dir,options|
|
11
|
+
options[:size] = '2G' if options[:size].nil?
|
12
|
+
options[:mode] = '0744' if options[:mode].nil?
|
13
|
+
sudo "mkdir -p #{dir}"
|
14
|
+
sudo "mount -t tmpfs -o size=#{options[:size]},mode=#{options[:mode]} tmpfs #{dir}"
|
15
|
+
run "cp /etc/fstab fstab.tmp"
|
16
|
+
run "echo 'tmpfs #{dir} tmpfs size=#{options[:size]},mode=#{options[:mode]} 0 0' >> fstab.tmp"
|
17
|
+
sudo "mv fstab.tmp /etc/fstab"
|
18
|
+
end
|
19
|
+
end
|
20
|
+
end
|
@@ -0,0 +1,54 @@
|
|
1
|
+
namespace :vsftpd do
|
2
|
+
set :vsftpd_user_shell, '/usr/sbin/nologin'
|
3
|
+
set :vsftpd_group, 'ftpusers'
|
4
|
+
|
5
|
+
desc "Install VSFTPd"
|
6
|
+
task :install, :roles => :app do
|
7
|
+
sudo "aptitude install -y vsftpd"
|
8
|
+
configure
|
9
|
+
add_nologin_shell
|
10
|
+
create_users
|
11
|
+
end
|
12
|
+
|
13
|
+
desc "Install VSFTPd configuration file"
|
14
|
+
task :configure, :roles => :app do
|
15
|
+
put render("vsftpd.conf", binding), "vsftpd.conf"
|
16
|
+
sudo "mv vsftpd.conf /etc/vsftpd.conf"
|
17
|
+
restart
|
18
|
+
end
|
19
|
+
|
20
|
+
desc "Add the :vsftpd_user_shell to /etc/shells"
|
21
|
+
task :add_nologin_shell, :roles => :app do
|
22
|
+
puts "If this fails, then the '#{vsftpd_user_shell}'-shell is already in /etc/shells"
|
23
|
+
run "test -z `grep #{vsftpd_user_shell} /etc/shells`"
|
24
|
+
run "cp /etc/shells ~/shells.tmp"
|
25
|
+
run "echo '#{vsftpd_user_shell}' >> ~/shells.tmp"
|
26
|
+
sudo "mv ~/shells.tmp /etc/shells"
|
27
|
+
end
|
28
|
+
|
29
|
+
desc "Create VSFTPd-only users"
|
30
|
+
task :create_users, :roles => :app do
|
31
|
+
vsftpd_users.each do |user_to_create|
|
32
|
+
sudo "groupadd -f #{vsftpd_group}"
|
33
|
+
sudo "usermod -a -G #{vsftpd_group} #{user}"
|
34
|
+
sudo "useradd --shell #{vsftpd_user_shell} --groups #{vsftpd_group} -m #{user_to_create}"
|
35
|
+
puts "Changing password for #{user_to_create}:"
|
36
|
+
sudo_and_watch_prompt("passwd #{user_to_create}", [/Enter new UNIX password/, /Retype new UNIX password:/, /\[\]\:/, /\[y\/N\]/i])
|
37
|
+
end
|
38
|
+
end
|
39
|
+
|
40
|
+
desc "Start the vsftpd server"
|
41
|
+
task :start, :roles => :app do
|
42
|
+
sudo "/etc/init.d/vsftpd start"
|
43
|
+
end
|
44
|
+
|
45
|
+
desc "Restart the vsftpd server"
|
46
|
+
task :restart, :roles => :app do
|
47
|
+
sudo "/etc/init.d/vsftpd restart"
|
48
|
+
end
|
49
|
+
|
50
|
+
desc "Stop the vsftpd server"
|
51
|
+
task :stop, :roles => :app do
|
52
|
+
sudo "/etc/init.d/vsftpd stop"
|
53
|
+
end
|
54
|
+
end
|
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: FiXato-ubuntu-machine
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.5.3.2.
|
4
|
+
version: 0.5.3.2.3
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Thomas Balthazar
|
@@ -11,7 +11,7 @@ autorequire:
|
|
11
11
|
bindir: bin
|
12
12
|
cert_chain: []
|
13
13
|
|
14
|
-
date: 2009-06-
|
14
|
+
date: 2009-06-12 00:00:00 -07:00
|
15
15
|
default_executable:
|
16
16
|
dependencies:
|
17
17
|
- !ruby/object:Gem::Dependency
|
@@ -49,7 +49,9 @@ files:
|
|
49
49
|
- lib/capistrano/ext/ubuntu-machine/postfix.rb
|
50
50
|
- lib/capistrano/ext/ubuntu-machine/ruby.rb
|
51
51
|
- lib/capistrano/ext/ubuntu-machine/ssh.rb
|
52
|
+
- lib/capistrano/ext/ubuntu-machine/tmpfs.rb
|
52
53
|
- lib/capistrano/ext/ubuntu-machine/utils.rb
|
54
|
+
- lib/capistrano/ext/ubuntu-machine/vsftpd.rb
|
53
55
|
- lib/capistrano/ext/ubuntu-machine/templates/apache2.erb
|
54
56
|
- lib/capistrano/ext/ubuntu-machine/templates/iptables.erb
|
55
57
|
- lib/capistrano/ext/ubuntu-machine/templates/my.cnf.erb
|
@@ -58,6 +60,7 @@ files:
|
|
58
60
|
- lib/capistrano/ext/ubuntu-machine/templates/passenger.load.erb
|
59
61
|
- lib/capistrano/ext/ubuntu-machine/templates/sshd_config.erb
|
60
62
|
- lib/capistrano/ext/ubuntu-machine/templates/vhost.erb
|
63
|
+
- lib/capistrano/ext/ubuntu-machine/templates/vsftpd.conf.erb
|
61
64
|
- lib/capistrano/ext/ubuntu-machine/templates/deflate.conf.erb
|
62
65
|
- lib/capistrano/ext/ubuntu-machine/templates/freetds.conf.erb
|
63
66
|
- lib/capistrano/ext/ubuntu-machine/templates/odbc.ini.erb
|