ScholarNexus-ec2onrails 0.9.10
Sign up to get free protection for your applications and to get access to all the features.
- data/CHANGELOG +180 -0
- data/COPYING +339 -0
- data/Manifest +167 -0
- data/README.textile +211 -0
- data/Rakefile +37 -0
- data/TODO +104 -0
- data/ec2onrails.gemspec +42 -0
- data/examples/Capfile +3 -0
- data/examples/deploy.rb +107 -0
- data/examples/s3.yml +9 -0
- data/lib/ec2onrails/capistrano_utils.rb +43 -0
- data/lib/ec2onrails/recipes/db.rb +359 -0
- data/lib/ec2onrails/recipes/deploy.rb +30 -0
- data/lib/ec2onrails/recipes/server.rb +489 -0
- data/lib/ec2onrails/recipes.rb +141 -0
- data/lib/ec2onrails/version.rb +31 -0
- data/lib/ec2onrails.rb +20 -0
- data/server/build-ec2onrails.sh +44 -0
- data/server/files/etc/aliases +5 -0
- data/server/files/etc/aliases.db +0 -0
- data/server/files/etc/apache2/apache2.conf +295 -0
- data/server/files/etc/apache2/conf.d/app.proxy_cluster.conf +7 -0
- data/server/files/etc/apache2/conf.d/app.proxy_frontend.conf +10 -0
- data/server/files/etc/apache2/mods-available/proxy.conf +18 -0
- data/server/files/etc/apache2/sites-available/app.common +61 -0
- data/server/files/etc/apache2/sites-available/app.custom +0 -0
- data/server/files/etc/apache2/sites-available/default +14 -0
- data/server/files/etc/apache2/sites-available/default-ssl +19 -0
- data/server/files/etc/cron.d/ec2onrails +21 -0
- data/server/files/etc/cron.daily/app +24 -0
- data/server/files/etc/cron.daily/logrotate_post +19 -0
- data/server/files/etc/cron.hourly/app +24 -0
- data/server/files/etc/cron.monthly/app +24 -0
- data/server/files/etc/cron.weekly/app +24 -0
- data/server/files/etc/denyhosts.conf +628 -0
- data/server/files/etc/dpkg/dpkg.cfg +13 -0
- data/server/files/etc/ec2onrails/README +32 -0
- data/server/files/etc/ec2onrails/balancer_members +6 -0
- data/server/files/etc/ec2onrails/roles.yml +5 -0
- data/server/files/etc/environment +2 -0
- data/server/files/etc/god/app.god +40 -0
- data/server/files/etc/god/db.god +17 -0
- data/server/files/etc/god/dkim_filter.god +20 -0
- data/server/files/etc/god/examples/have_god_daemonize.god +18 -0
- data/server/files/etc/god/master.conf +35 -0
- data/server/files/etc/god/memcache.god +15 -0
- data/server/files/etc/god/notifications.god +14 -0
- data/server/files/etc/god/system.god +34 -0
- data/server/files/etc/god/web.god +38 -0
- data/server/files/etc/init.d/ec2-every-startup +29 -0
- data/server/files/etc/init.d/ec2-first-startup +36 -0
- data/server/files/etc/init.d/god +42 -0
- data/server/files/etc/init.d/nginx +78 -0
- data/server/files/etc/init.d/set_roles +3 -0
- data/server/files/etc/logrotate.d/apache2 +16 -0
- data/server/files/etc/logrotate.d/mongrel +11 -0
- data/server/files/etc/logrotate.d/nginx +11 -0
- data/server/files/etc/memcached.conf +47 -0
- data/server/files/etc/mongrel_cluster/app.yml +9 -0
- data/server/files/etc/motd.tail +13 -0
- data/server/files/etc/mysql/my.cnf +152 -0
- data/server/files/etc/nginx/nginx.conf +305 -0
- data/server/files/etc/postfix/main.cf +4 -0
- data/server/files/etc/rcS.d/S91ec2-first-startup +1 -0
- data/server/files/etc/rcS.d/S92ec2-every-startup +1 -0
- data/server/files/etc/rcS.d/S99set_roles +1 -0
- data/server/files/etc/ssh/sshd_config +94 -0
- data/server/files/etc/sudoers +1 -0
- data/server/files/etc/sudoers.full_access +26 -0
- data/server/files/etc/sudoers.restricted_access +28 -0
- data/server/files/etc/syslog.conf +69 -0
- data/server/files/usr/bin/god +26 -0
- data/server/files/usr/local/ec2onrails/COPYING +339 -0
- data/server/files/usr/local/ec2onrails/bin/archive_file.rb +44 -0
- data/server/files/usr/local/ec2onrails/bin/backup_app_db.rb +159 -0
- data/server/files/usr/local/ec2onrails/bin/ec2_meta_data.rb +80 -0
- data/server/files/usr/local/ec2onrails/bin/exec_runner +76 -0
- data/server/files/usr/local/ec2onrails/bin/init_services.rb +71 -0
- data/server/files/usr/local/ec2onrails/bin/optimize_mysql.rb +348 -0
- data/server/files/usr/local/ec2onrails/bin/rails_env +34 -0
- data/server/files/usr/local/ec2onrails/bin/rebundle.sh +70 -0
- data/server/files/usr/local/ec2onrails/bin/restore_app_db.rb +58 -0
- data/server/files/usr/local/ec2onrails/bin/set_rails_env +40 -0
- data/server/files/usr/local/ec2onrails/bin/set_roles.rb +87 -0
- data/server/files/usr/local/ec2onrails/bin/setup_web_proxy.rb +113 -0
- data/server/files/usr/local/ec2onrails/bin/update_hostname +40 -0
- data/server/files/usr/local/ec2onrails/config +30 -0
- data/server/files/usr/local/ec2onrails/lib/aws_helper.rb +76 -0
- data/server/files/usr/local/ec2onrails/lib/god_helper.rb +129 -0
- data/server/files/usr/local/ec2onrails/lib/god_patch.rb +43 -0
- data/server/files/usr/local/ec2onrails/lib/mysql_helper.rb +101 -0
- data/server/files/usr/local/ec2onrails/lib/roles_helper.rb +151 -0
- data/server/files/usr/local/ec2onrails/lib/s3_helper.rb +99 -0
- data/server/files/usr/local/ec2onrails/lib/utils.rb +16 -0
- data/server/files/usr/local/ec2onrails/lib/vendor/ini.rb +268 -0
- data/server/files/usr/local/ec2onrails/startup-scripts/every-startup/get-hostname.sh +23 -0
- data/server/files/usr/local/ec2onrails/startup-scripts/first-startup/README +5 -0
- data/server/files/usr/local/ec2onrails/startup-scripts/first-startup/create-dirs.sh +39 -0
- data/server/files/usr/local/ec2onrails/startup-scripts/first-startup/generate-default-web-cert-and-key.sh +49 -0
- data/server/files/usr/local/ec2onrails/startup-scripts/first-startup/misc.sh +27 -0
- data/server/files/usr/local/ec2onrails/startup-scripts/first-startup/prepare-mysql-data-dir.sh +24 -0
- data/server/files/usr/local/ec2onrails/startup-scripts/first-startup/setup-credentials.sh +29 -0
- data/server/files/usr/local/ec2onrails/startup-scripts/first-startup/setup-file-permissions.sh +30 -0
- data/server/rakefile.rb +249 -0
- data/setup.rb +1585 -0
- data/test/autobench.conf +60 -0
- data/test/spec/lib/s3_helper_spec.rb +134 -0
- data/test/spec/lib/s3_old.yml +3 -0
- data/test/spec/test_files/test1 +0 -0
- data/test/spec/test_files/test2 +0 -0
- data/test/test_app/Capfile +3 -0
- data/test/test_app/README +182 -0
- data/test/test_app/Rakefile +10 -0
- data/test/test_app/app/controllers/application.rb +7 -0
- data/test/test_app/app/controllers/db_fast_controller.rb +6 -0
- data/test/test_app/app/controllers/fast_controller.rb +5 -0
- data/test/test_app/app/controllers/slow_controller.rb +6 -0
- data/test/test_app/app/controllers/very_slow_controller.rb +6 -0
- data/test/test_app/app/helpers/application_helper.rb +3 -0
- data/test/test_app/app/helpers/db_fast_helper.rb +2 -0
- data/test/test_app/app/helpers/fast_helper.rb +2 -0
- data/test/test_app/app/helpers/slow_helper.rb +2 -0
- data/test/test_app/app/helpers/very_slow_helper.rb +2 -0
- data/test/test_app/config/boot.rb +109 -0
- data/test/test_app/config/database.yml +19 -0
- data/test/test_app/config/deploy.rb +21 -0
- data/test/test_app/config/environment.rb +60 -0
- data/test/test_app/config/environments/development.rb +21 -0
- data/test/test_app/config/environments/production.rb +18 -0
- data/test/test_app/config/environments/test.rb +19 -0
- data/test/test_app/config/routes.rb +27 -0
- data/test/test_app/db/schema.rb +7 -0
- data/test/test_app/doc/README_FOR_APP +2 -0
- data/test/test_app/public/404.html +30 -0
- data/test/test_app/public/500.html +30 -0
- data/test/test_app/public/dispatch.cgi +10 -0
- data/test/test_app/public/dispatch.fcgi +24 -0
- data/test/test_app/public/dispatch.rb +10 -0
- data/test/test_app/public/favicon.ico +0 -0
- data/test/test_app/public/images/rails.png +0 -0
- data/test/test_app/public/javascripts/application.js +2 -0
- data/test/test_app/public/javascripts/controls.js +963 -0
- data/test/test_app/public/javascripts/dragdrop.js +972 -0
- data/test/test_app/public/javascripts/effects.js +1120 -0
- data/test/test_app/public/javascripts/prototype.js +4225 -0
- data/test/test_app/public/robots.txt +1 -0
- data/test/test_app/script/about +3 -0
- data/test/test_app/script/breakpointer +3 -0
- data/test/test_app/script/console +3 -0
- data/test/test_app/script/destroy +3 -0
- data/test/test_app/script/generate +3 -0
- data/test/test_app/script/performance/benchmarker +3 -0
- data/test/test_app/script/performance/profiler +3 -0
- data/test/test_app/script/performance/request +3 -0
- data/test/test_app/script/plugin +3 -0
- data/test/test_app/script/process/inspector +3 -0
- data/test/test_app/script/process/reaper +3 -0
- data/test/test_app/script/process/spawner +3 -0
- data/test/test_app/script/runner +3 -0
- data/test/test_app/script/server +3 -0
- data/test/test_app/test/functional/db_fast_controller_test.rb +18 -0
- data/test/test_app/test/functional/fast_controller_test.rb +18 -0
- data/test/test_app/test/functional/slow_controller_test.rb +18 -0
- data/test/test_app/test/functional/very_slow_controller_test.rb +18 -0
- data/test/test_app/test/test_helper.rb +28 -0
- data/test/test_ec2onrails.rb +11 -0
- data/test/test_helper.rb +2 -0
- metadata +277 -0
@@ -0,0 +1,628 @@
|
|
1
|
+
# Ec2onRails NOTE: this file is only used if the :harden_server ec2onrails
|
2
|
+
# configuration is set to true
|
3
|
+
#
|
4
|
+
|
5
|
+
|
6
|
+
############ THESE SETTINGS ARE REQUIRED ############
|
7
|
+
|
8
|
+
########################################################################
|
9
|
+
#
|
10
|
+
# SECURE_LOG: the log file that contains sshd logging info
|
11
|
+
# if you are not sure, grep "sshd:" /var/log/*
|
12
|
+
#
|
13
|
+
# The file to process can be overridden with the --file command line
|
14
|
+
# argument
|
15
|
+
#
|
16
|
+
# Redhat or Fedora Core:
|
17
|
+
#SECURE_LOG = /var/log/secure
|
18
|
+
#
|
19
|
+
# Mandrake, FreeBSD or OpenBSD:
|
20
|
+
#SECURE_LOG = /var/log/auth.log
|
21
|
+
#
|
22
|
+
# SuSE:
|
23
|
+
#SECURE_LOG = /var/log/messages
|
24
|
+
#
|
25
|
+
# Mac OS X (v10.4 or greater -
|
26
|
+
# also refer to: http://www.denyhosts.net/faq.html#macos
|
27
|
+
#SECURE_LOG = /private/var/log/asl.log
|
28
|
+
#
|
29
|
+
# Mac OS X (v10.3 or earlier):
|
30
|
+
#SECURE_LOG=/private/var/log/system.log
|
31
|
+
#
|
32
|
+
# Debian:
|
33
|
+
SECURE_LOG = /var/log/auth.log
|
34
|
+
########################################################################
|
35
|
+
|
36
|
+
########################################################################
|
37
|
+
#
|
38
|
+
# HOSTS_DENY: the file which contains restricted host access information
|
39
|
+
#
|
40
|
+
# Most operating systems:
|
41
|
+
HOSTS_DENY = /etc/hosts.deny
|
42
|
+
#
|
43
|
+
# Some BSD (FreeBSD) Unixes:
|
44
|
+
#HOSTS_DENY = /etc/hosts.allow
|
45
|
+
#
|
46
|
+
# Another possibility (also see the next option):
|
47
|
+
#HOSTS_DENY = /etc/hosts.evil
|
48
|
+
#######################################################################
|
49
|
+
|
50
|
+
|
51
|
+
########################################################################
|
52
|
+
#
|
53
|
+
# PURGE_DENY: removed HOSTS_DENY entries that are older than this time
|
54
|
+
# when DenyHosts is invoked with the --purge flag
|
55
|
+
#
|
56
|
+
# format is: i[dhwmy]
|
57
|
+
# Where 'i' is an integer (eg. 7)
|
58
|
+
# 'm' = minutes
|
59
|
+
# 'h' = hours
|
60
|
+
# 'd' = days
|
61
|
+
# 'w' = weeks
|
62
|
+
# 'y' = years
|
63
|
+
#
|
64
|
+
PURGE_DENY = 12w
|
65
|
+
# never purge:
|
66
|
+
#PURGE_DENY =
|
67
|
+
#
|
68
|
+
# purge entries older than 1 week
|
69
|
+
#PURGE_DENY = 1w
|
70
|
+
#
|
71
|
+
# purge entries older than 5 days
|
72
|
+
#PURGE_DENY = 5d
|
73
|
+
#######################################################################
|
74
|
+
|
75
|
+
#######################################################################
|
76
|
+
#
|
77
|
+
# PURGE_THRESHOLD: defines the maximum times a host will be purged.
|
78
|
+
# Once this value has been exceeded then this host will not be purged.
|
79
|
+
# Setting this parameter to 0 (the default) disables this feature.
|
80
|
+
#
|
81
|
+
# default: a denied host can be purged/re-added indefinitely
|
82
|
+
#PURGE_THRESHOLD = 0
|
83
|
+
#
|
84
|
+
# a denied host will be purged at most 2 times.
|
85
|
+
#PURGE_THRESHOLD = 2
|
86
|
+
#
|
87
|
+
#######################################################################
|
88
|
+
|
89
|
+
|
90
|
+
#######################################################################
|
91
|
+
#
|
92
|
+
# BLOCK_SERVICE: the service name that should be blocked in HOSTS_DENY
|
93
|
+
#
|
94
|
+
# man 5 hosts_access for details
|
95
|
+
#
|
96
|
+
# eg. sshd: 127.0.0.1 # will block sshd logins from 127.0.0.1
|
97
|
+
#
|
98
|
+
# To block all services for the offending host:
|
99
|
+
#BLOCK_SERVICE = ALL
|
100
|
+
# To block only sshd:
|
101
|
+
BLOCK_SERVICE = sshd
|
102
|
+
# To only record the offending host and nothing else (if using
|
103
|
+
# an auxilary file to list the hosts). Refer to:
|
104
|
+
# http://denyhosts.sourceforge.net/faq.html#aux
|
105
|
+
#BLOCK_SERVICE =
|
106
|
+
#
|
107
|
+
#######################################################################
|
108
|
+
|
109
|
+
|
110
|
+
#######################################################################
|
111
|
+
#
|
112
|
+
# DENY_THRESHOLD_INVALID: block each host after the number of failed login
|
113
|
+
# attempts has exceeded this value. This value applies to invalid
|
114
|
+
# user login attempts (eg. non-existent user accounts)
|
115
|
+
#
|
116
|
+
DENY_THRESHOLD_INVALID = 3
|
117
|
+
#
|
118
|
+
#######################################################################
|
119
|
+
|
120
|
+
#######################################################################
|
121
|
+
#
|
122
|
+
# DENY_THRESHOLD_VALID: block each host after the number of failed
|
123
|
+
# login attempts has exceeded this value. This value applies to valid
|
124
|
+
# user login attempts (eg. user accounts that exist in /etc/passwd) except
|
125
|
+
# for the "root" user
|
126
|
+
#
|
127
|
+
DENY_THRESHOLD_VALID = 3
|
128
|
+
#
|
129
|
+
#######################################################################
|
130
|
+
|
131
|
+
#######################################################################
|
132
|
+
#
|
133
|
+
# DENY_THRESHOLD_ROOT: block each host after the number of failed
|
134
|
+
# login attempts has exceeded this value. This value applies to
|
135
|
+
# "root" user login attempts only.
|
136
|
+
#
|
137
|
+
DENY_THRESHOLD_ROOT = 2
|
138
|
+
#
|
139
|
+
#######################################################################
|
140
|
+
|
141
|
+
|
142
|
+
#######################################################################
|
143
|
+
#
|
144
|
+
# DENY_THRESHOLD_RESTRICTED: block each host after the number of failed
|
145
|
+
# login attempts has exceeded this value. This value applies to
|
146
|
+
# usernames that appear in the WORK_DIR/restricted-usernames file only.
|
147
|
+
#
|
148
|
+
DENY_THRESHOLD_RESTRICTED = 1
|
149
|
+
#
|
150
|
+
#######################################################################
|
151
|
+
|
152
|
+
|
153
|
+
#######################################################################
|
154
|
+
#
|
155
|
+
# WORK_DIR: the path that DenyHosts will use for writing data to
|
156
|
+
# (it will be created if it does not already exist).
|
157
|
+
#
|
158
|
+
# Note: it is recommended that you use an absolute pathname
|
159
|
+
# for this value (eg. /home/foo/denyhosts/data)
|
160
|
+
#
|
161
|
+
WORK_DIR = /var/lib/denyhosts
|
162
|
+
#
|
163
|
+
#######################################################################
|
164
|
+
|
165
|
+
#######################################################################
|
166
|
+
#
|
167
|
+
# SUSPICIOUS_LOGIN_REPORT_ALLOWED_HOSTS
|
168
|
+
#
|
169
|
+
# SUSPICIOUS_LOGIN_REPORT_ALLOWED_HOSTS=YES|NO
|
170
|
+
# If set to YES, if a suspicious login attempt results from an allowed-host
|
171
|
+
# then it is considered suspicious. If this is NO, then suspicious logins
|
172
|
+
# from allowed-hosts will not be reported. All suspicious logins from
|
173
|
+
# ip addresses that are not in allowed-hosts will always be reported.
|
174
|
+
#
|
175
|
+
SUSPICIOUS_LOGIN_REPORT_ALLOWED_HOSTS=YES
|
176
|
+
######################################################################
|
177
|
+
|
178
|
+
######################################################################
|
179
|
+
#
|
180
|
+
# HOSTNAME_LOOKUP
|
181
|
+
#
|
182
|
+
# HOSTNAME_LOOKUP=YES|NO
|
183
|
+
# If set to YES, for each IP address that is reported by Denyhosts,
|
184
|
+
# the corresponding hostname will be looked up and reported as well
|
185
|
+
# (if available).
|
186
|
+
#
|
187
|
+
HOSTNAME_LOOKUP=YES
|
188
|
+
#
|
189
|
+
######################################################################
|
190
|
+
|
191
|
+
|
192
|
+
######################################################################
|
193
|
+
#
|
194
|
+
# LOCK_FILE
|
195
|
+
#
|
196
|
+
# LOCK_FILE=/path/denyhosts
|
197
|
+
# If this file exists when DenyHosts is run, then DenyHosts will exit
|
198
|
+
# immediately. Otherwise, this file will be created upon invocation
|
199
|
+
# and deleted upon exit. This ensures that only one instance is
|
200
|
+
# running at a time.
|
201
|
+
#
|
202
|
+
# Redhat/Fedora:
|
203
|
+
#LOCK_FILE = /var/lock/subsys/denyhosts
|
204
|
+
#
|
205
|
+
# Debian
|
206
|
+
LOCK_FILE = /var/run/denyhosts.pid
|
207
|
+
#
|
208
|
+
# Misc
|
209
|
+
#LOCK_FILE = /tmp/denyhosts.lock
|
210
|
+
#
|
211
|
+
######################################################################
|
212
|
+
|
213
|
+
|
214
|
+
############ THESE SETTINGS ARE OPTIONAL ############
|
215
|
+
|
216
|
+
|
217
|
+
#######################################################################
|
218
|
+
#
|
219
|
+
# ADMIN_EMAIL: if you would like to receive emails regarding newly
|
220
|
+
# restricted hosts and suspicious logins, set this address to
|
221
|
+
# match your email address. If you do not want to receive these reports
|
222
|
+
# leave this field blank (or run with the --noemail option)
|
223
|
+
#
|
224
|
+
# Multiple email addresses can be delimited by a comma, eg:
|
225
|
+
# ADMIN_EMAIL = foo@bar.com, bar@foo.com, etc@foobar.com
|
226
|
+
#
|
227
|
+
ADMIN_EMAIL = app@localhost
|
228
|
+
#
|
229
|
+
#######################################################################
|
230
|
+
|
231
|
+
#######################################################################
|
232
|
+
#
|
233
|
+
# SMTP_HOST and SMTP_PORT: if DenyHosts is configured to email
|
234
|
+
# reports (see ADMIN_EMAIL) then these settings specify the
|
235
|
+
# email server address (SMTP_HOST) and the server port (SMTP_PORT)
|
236
|
+
#
|
237
|
+
#
|
238
|
+
SMTP_HOST = localhost
|
239
|
+
SMTP_PORT = 25
|
240
|
+
#
|
241
|
+
#######################################################################
|
242
|
+
|
243
|
+
#######################################################################
|
244
|
+
#
|
245
|
+
# SMTP_USERNAME and SMTP_PASSWORD: set these parameters if your
|
246
|
+
# smtp email server requires authentication
|
247
|
+
#
|
248
|
+
#SMTP_USERNAME=foo
|
249
|
+
#SMTP_PASSWORD=bar
|
250
|
+
#
|
251
|
+
######################################################################
|
252
|
+
|
253
|
+
#######################################################################
|
254
|
+
#
|
255
|
+
# SMTP_FROM: you can specify the "From:" address in messages sent
|
256
|
+
# from DenyHosts when it reports thwarted abuse attempts
|
257
|
+
#
|
258
|
+
SMTP_FROM = DenyHosts <nobody@localhost>
|
259
|
+
#
|
260
|
+
#######################################################################
|
261
|
+
|
262
|
+
#######################################################################
|
263
|
+
#
|
264
|
+
# SMTP_SUBJECT: you can specify the "Subject:" of messages sent
|
265
|
+
# by DenyHosts when it reports thwarted abuse attempts
|
266
|
+
SMTP_SUBJECT = DenyHosts Report
|
267
|
+
#
|
268
|
+
######################################################################
|
269
|
+
|
270
|
+
######################################################################
|
271
|
+
#
|
272
|
+
# SMTP_DATE_FORMAT: specifies the format used for the "Date:" header
|
273
|
+
# when sending email messages.
|
274
|
+
#
|
275
|
+
# for possible values for this parameter refer to: man strftime
|
276
|
+
#
|
277
|
+
# the default:
|
278
|
+
#
|
279
|
+
#SMTP_DATE_FORMAT = %a, %d %b %Y %H:%M:%S %z
|
280
|
+
#
|
281
|
+
######################################################################
|
282
|
+
|
283
|
+
######################################################################
|
284
|
+
#
|
285
|
+
# SYSLOG_REPORT
|
286
|
+
#
|
287
|
+
# SYSLOG_REPORT=YES|NO
|
288
|
+
# If set to yes, when denied hosts are recorded the report data
|
289
|
+
# will be sent to syslog (syslog must be present on your system).
|
290
|
+
# The default is: NO
|
291
|
+
#
|
292
|
+
#SYSLOG_REPORT=NO
|
293
|
+
#
|
294
|
+
#SYSLOG_REPORT=YES
|
295
|
+
#
|
296
|
+
######################################################################
|
297
|
+
|
298
|
+
######################################################################
|
299
|
+
#
|
300
|
+
# ALLOWED_HOSTS_HOSTNAME_LOOKUP
|
301
|
+
#
|
302
|
+
# ALLOWED_HOSTS_HOSTNAME_LOOKUP=YES|NO
|
303
|
+
# If set to YES, for each entry in the WORK_DIR/allowed-hosts file,
|
304
|
+
# the hostname will be looked up. If your versions of tcp_wrappers
|
305
|
+
# and sshd sometimes log hostnames in addition to ip addresses
|
306
|
+
# then you may wish to specify this option.
|
307
|
+
#
|
308
|
+
#ALLOWED_HOSTS_HOSTNAME_LOOKUP=NO
|
309
|
+
#
|
310
|
+
######################################################################
|
311
|
+
|
312
|
+
######################################################################
|
313
|
+
#
|
314
|
+
# AGE_RESET_VALID: Specifies the period of time between failed login
|
315
|
+
# attempts that, when exceeded will result in the failed count for
|
316
|
+
# this host to be reset to 0. This value applies to login attempts
|
317
|
+
# to all valid users (those within /etc/passwd) with the
|
318
|
+
# exception of root. If not defined, this count will never
|
319
|
+
# be reset.
|
320
|
+
#
|
321
|
+
# See the comments in the PURGE_DENY section (above)
|
322
|
+
# for details on specifying this value or for complete details
|
323
|
+
# refer to: http://denyhosts.sourceforge.net/faq.html#timespec
|
324
|
+
#
|
325
|
+
AGE_RESET_VALID=5d
|
326
|
+
#
|
327
|
+
######################################################################
|
328
|
+
|
329
|
+
######################################################################
|
330
|
+
#
|
331
|
+
# AGE_RESET_ROOT: Specifies the period of time between failed login
|
332
|
+
# attempts that, when exceeded will result in the failed count for
|
333
|
+
# this host to be reset to 0. This value applies to all login
|
334
|
+
# attempts to the "root" user account. If not defined,
|
335
|
+
# this count will never be reset.
|
336
|
+
#
|
337
|
+
# See the comments in the PURGE_DENY section (above)
|
338
|
+
# for details on specifying this value or for complete details
|
339
|
+
# refer to: http://denyhosts.sourceforge.net/faq.html#timespec
|
340
|
+
#
|
341
|
+
AGE_RESET_ROOT=25d
|
342
|
+
#
|
343
|
+
######################################################################
|
344
|
+
|
345
|
+
######################################################################
|
346
|
+
#
|
347
|
+
# AGE_RESET_RESTRICTED: Specifies the period of time between failed login
|
348
|
+
# attempts that, when exceeded will result in the failed count for
|
349
|
+
# this host to be reset to 0. This value applies to all login
|
350
|
+
# attempts to entries found in the WORK_DIR/restricted-usernames file.
|
351
|
+
# If not defined, the count will never be reset.
|
352
|
+
#
|
353
|
+
# See the comments in the PURGE_DENY section (above)
|
354
|
+
# for details on specifying this value or for complete details
|
355
|
+
# refer to: http://denyhosts.sourceforge.net/faq.html#timespec
|
356
|
+
#
|
357
|
+
AGE_RESET_RESTRICTED=25d
|
358
|
+
#
|
359
|
+
######################################################################
|
360
|
+
|
361
|
+
|
362
|
+
######################################################################
|
363
|
+
#
|
364
|
+
# AGE_RESET_INVALID: Specifies the period of time between failed login
|
365
|
+
# attempts that, when exceeded will result in the failed count for
|
366
|
+
# this host to be reset to 0. This value applies to login attempts
|
367
|
+
# made to any invalid username (those that do not appear
|
368
|
+
# in /etc/passwd). If not defined, count will never be reset.
|
369
|
+
#
|
370
|
+
# See the comments in the PURGE_DENY section (above)
|
371
|
+
# for details on specifying this value or for complete details
|
372
|
+
# refer to: http://denyhosts.sourceforge.net/faq.html#timespec
|
373
|
+
#
|
374
|
+
AGE_RESET_INVALID=10d
|
375
|
+
#
|
376
|
+
######################################################################
|
377
|
+
|
378
|
+
|
379
|
+
######################################################################
|
380
|
+
#
|
381
|
+
# RESET_ON_SUCCESS: If this parameter is set to "yes" then the
|
382
|
+
# failed count for the respective ip address will be reset to 0
|
383
|
+
# if the login is successful.
|
384
|
+
#
|
385
|
+
# The default is RESET_ON_SUCCESS = no
|
386
|
+
#
|
387
|
+
RESET_ON_SUCCESS = yes
|
388
|
+
#
|
389
|
+
#####################################################################
|
390
|
+
|
391
|
+
|
392
|
+
######################################################################
|
393
|
+
#
|
394
|
+
# PLUGIN_DENY: If set, this value should point to an executable
|
395
|
+
# program that will be invoked when a host is added to the
|
396
|
+
# HOSTS_DENY file. This executable will be passed the host
|
397
|
+
# that will be added as its only argument.
|
398
|
+
#
|
399
|
+
#PLUGIN_DENY=/usr/bin/true
|
400
|
+
#
|
401
|
+
######################################################################
|
402
|
+
|
403
|
+
|
404
|
+
######################################################################
|
405
|
+
#
|
406
|
+
# PLUGIN_PURGE: If set, this value should point to an executable
|
407
|
+
# program that will be invoked when a host is removed from the
|
408
|
+
# HOSTS_DENY file. This executable will be passed the host
|
409
|
+
# that is to be purged as its only argument.
|
410
|
+
#
|
411
|
+
#PLUGIN_PURGE=/usr/bin/true
|
412
|
+
#
|
413
|
+
######################################################################
|
414
|
+
|
415
|
+
######################################################################
|
416
|
+
#
|
417
|
+
# USERDEF_FAILED_ENTRY_REGEX: if set, this value should contain
|
418
|
+
# a regular expression that can be used to identify additional
|
419
|
+
# hackers for your particular ssh configuration. This functionality
|
420
|
+
# extends the built-in regular expressions that DenyHosts uses.
|
421
|
+
# This parameter can be specified multiple times.
|
422
|
+
# See this faq entry for more details:
|
423
|
+
# http://denyhosts.sf.net/faq.html#userdef_regex
|
424
|
+
#
|
425
|
+
#USERDEF_FAILED_ENTRY_REGEX=
|
426
|
+
#
|
427
|
+
#
|
428
|
+
######################################################################
|
429
|
+
|
430
|
+
|
431
|
+
|
432
|
+
|
433
|
+
######### THESE SETTINGS ARE SPECIFIC TO DAEMON MODE ##########
|
434
|
+
|
435
|
+
|
436
|
+
|
437
|
+
#######################################################################
|
438
|
+
#
|
439
|
+
# DAEMON_LOG: when DenyHosts is run in daemon mode (--daemon flag)
|
440
|
+
# this is the logfile that DenyHosts uses to report its status.
|
441
|
+
# To disable logging, leave blank. (default is: /var/log/denyhosts)
|
442
|
+
#
|
443
|
+
DAEMON_LOG = /var/log/denyhosts
|
444
|
+
#
|
445
|
+
# disable logging:
|
446
|
+
#DAEMON_LOG =
|
447
|
+
#
|
448
|
+
######################################################################
|
449
|
+
|
450
|
+
#######################################################################
|
451
|
+
#
|
452
|
+
# DAEMON_LOG_TIME_FORMAT: when DenyHosts is run in daemon mode
|
453
|
+
# (--daemon flag) this specifies the timestamp format of
|
454
|
+
# the DAEMON_LOG messages (default is the ISO8061 format:
|
455
|
+
# ie. 2005-07-22 10:38:01,745)
|
456
|
+
#
|
457
|
+
# for possible values for this parameter refer to: man strftime
|
458
|
+
#
|
459
|
+
# Jan 1 13:05:59
|
460
|
+
#DAEMON_LOG_TIME_FORMAT = %b %d %H:%M:%S
|
461
|
+
#
|
462
|
+
# Jan 1 01:05:59
|
463
|
+
#DAEMON_LOG_TIME_FORMAT = %b %d %I:%M:%S
|
464
|
+
#
|
465
|
+
######################################################################
|
466
|
+
|
467
|
+
#######################################################################
|
468
|
+
#
|
469
|
+
# DAEMON_LOG_MESSAGE_FORMAT: when DenyHosts is run in daemon mode
|
470
|
+
# (--daemon flag) this specifies the message format of each logged
|
471
|
+
# entry. By default the following format is used:
|
472
|
+
#
|
473
|
+
# %(asctime)s - %(name)-12s: %(levelname)-8s %(message)s
|
474
|
+
#
|
475
|
+
# Where the "%(asctime)s" portion is expanded to the format
|
476
|
+
# defined by DAEMON_LOG_TIME_FORMAT
|
477
|
+
#
|
478
|
+
# This string is passed to python's logging.Formatter contstuctor.
|
479
|
+
# For details on the possible format types please refer to:
|
480
|
+
# http://docs.python.org/lib/node357.html
|
481
|
+
#
|
482
|
+
# This is the default:
|
483
|
+
#DAEMON_LOG_MESSAGE_FORMAT = %(asctime)s - %(name)-12s: %(levelname)-8s %(message)s
|
484
|
+
#
|
485
|
+
#
|
486
|
+
######################################################################
|
487
|
+
|
488
|
+
|
489
|
+
#######################################################################
|
490
|
+
#
|
491
|
+
# DAEMON_SLEEP: when DenyHosts is run in daemon mode (--daemon flag)
|
492
|
+
# this is the amount of time DenyHosts will sleep between polling
|
493
|
+
# the SECURE_LOG. See the comments in the PURGE_DENY section (above)
|
494
|
+
# for details on specifying this value or for complete details
|
495
|
+
# refer to: http://denyhosts.sourceforge.net/faq.html#timespec
|
496
|
+
#
|
497
|
+
#
|
498
|
+
DAEMON_SLEEP = 1m
|
499
|
+
#
|
500
|
+
#######################################################################
|
501
|
+
|
502
|
+
#######################################################################
|
503
|
+
#
|
504
|
+
# DAEMON_PURGE: How often should DenyHosts, when run in daemon mode,
|
505
|
+
# run the purge mechanism to expire old entries in HOSTS_DENY
|
506
|
+
# This has no effect if PURGE_DENY is blank.
|
507
|
+
#
|
508
|
+
DAEMON_PURGE = 1h
|
509
|
+
#
|
510
|
+
#######################################################################
|
511
|
+
|
512
|
+
|
513
|
+
######### THESE SETTINGS ARE SPECIFIC TO ##########
|
514
|
+
######### DAEMON SYNCHRONIZATION ##########
|
515
|
+
|
516
|
+
|
517
|
+
#######################################################################
|
518
|
+
#
|
519
|
+
# Synchronization mode allows the DenyHosts daemon the ability
|
520
|
+
# to periodically send and receive denied host data such that
|
521
|
+
# DenyHosts daemons worldwide can automatically inform one
|
522
|
+
# another regarding banned hosts. This mode is disabled by
|
523
|
+
# default, you must uncomment SYNC_SERVER to enable this mode.
|
524
|
+
#
|
525
|
+
# for more information, please refer to:
|
526
|
+
# http:/denyhosts.sourceforge.net/faq.html#sync
|
527
|
+
#
|
528
|
+
#######################################################################
|
529
|
+
|
530
|
+
|
531
|
+
#######################################################################
|
532
|
+
#
|
533
|
+
# SYNC_SERVER: The central server that communicates with DenyHost
|
534
|
+
# daemons. Currently, denyhosts.net is the only available server
|
535
|
+
# however, in the future, it may be possible for organizations to
|
536
|
+
# install their own server for internal network synchronization
|
537
|
+
#
|
538
|
+
# To disable synchronization (the default), do nothing.
|
539
|
+
#
|
540
|
+
# To enable synchronization, you must uncomment the following line:
|
541
|
+
#SYNC_SERVER = http://xmlrpc.denyhosts.net:9911
|
542
|
+
#
|
543
|
+
#######################################################################
|
544
|
+
|
545
|
+
#######################################################################
|
546
|
+
#
|
547
|
+
# SYNC_INTERVAL: the interval of time to perform synchronizations if
|
548
|
+
# SYNC_SERVER has been uncommented. The default is 1 hour.
|
549
|
+
#
|
550
|
+
#SYNC_INTERVAL = 1h
|
551
|
+
#
|
552
|
+
#######################################################################
|
553
|
+
|
554
|
+
|
555
|
+
#######################################################################
|
556
|
+
#
|
557
|
+
# SYNC_UPLOAD: allow your DenyHosts daemon to transmit hosts that have
|
558
|
+
# been denied? This option only applies if SYNC_SERVER has
|
559
|
+
# been uncommented.
|
560
|
+
# The default is SYNC_UPLOAD = yes
|
561
|
+
#
|
562
|
+
#SYNC_UPLOAD = no
|
563
|
+
#SYNC_UPLOAD = yes
|
564
|
+
#
|
565
|
+
#######################################################################
|
566
|
+
|
567
|
+
|
568
|
+
#######################################################################
|
569
|
+
#
|
570
|
+
# SYNC_DOWNLOAD: allow your DenyHosts daemon to receive hosts that have
|
571
|
+
# been denied by others? This option only applies if SYNC_SERVER has
|
572
|
+
# been uncommented.
|
573
|
+
# The default is SYNC_DOWNLOAD = yes
|
574
|
+
#
|
575
|
+
#SYNC_DOWNLOAD = no
|
576
|
+
#SYNC_DOWNLOAD = yes
|
577
|
+
#
|
578
|
+
#
|
579
|
+
#
|
580
|
+
#######################################################################
|
581
|
+
|
582
|
+
#######################################################################
|
583
|
+
#
|
584
|
+
# SYNC_DOWNLOAD_THRESHOLD: If SYNC_DOWNLOAD is enabled this parameter
|
585
|
+
# filters the returned hosts to those that have been blocked this many
|
586
|
+
# times by others. That is, if set to 1, then if a single DenyHosts
|
587
|
+
# server has denied an ip address then you will receive the denied host.
|
588
|
+
#
|
589
|
+
# See also SYNC_DOWNLOAD_RESILIENCY
|
590
|
+
#
|
591
|
+
#SYNC_DOWNLOAD_THRESHOLD = 10
|
592
|
+
#
|
593
|
+
# The default is SYNC_DOWNLOAD_THRESHOLD = 3
|
594
|
+
#
|
595
|
+
#SYNC_DOWNLOAD_THRESHOLD = 3
|
596
|
+
#
|
597
|
+
#######################################################################
|
598
|
+
|
599
|
+
#######################################################################
|
600
|
+
#
|
601
|
+
# SYNC_DOWNLOAD_RESILIENCY: If SYNC_DOWNLOAD is enabled then the
|
602
|
+
# value specified for this option limits the downloaded data
|
603
|
+
# to this resiliency period or greater.
|
604
|
+
#
|
605
|
+
# Resiliency is defined as the timespan between a hackers first known
|
606
|
+
# attack and its most recent attack. Example:
|
607
|
+
#
|
608
|
+
# If the centralized denyhosts.net server records an attack at 2 PM
|
609
|
+
# and then again at 5 PM, specifying a SYNC_DOWNLOAD_RESILIENCY = 4h
|
610
|
+
# will not download this ip address.
|
611
|
+
#
|
612
|
+
# However, if the attacker is recorded again at 6:15 PM then the
|
613
|
+
# ip address will be downloaded by your DenyHosts instance.
|
614
|
+
#
|
615
|
+
# This value is used in conjunction with the SYNC_DOWNLOAD_THRESHOLD
|
616
|
+
# and only hosts that satisfy both values will be downloaded.
|
617
|
+
# This value has no effect if SYNC_DOWNLOAD_THRESHOLD = 1
|
618
|
+
#
|
619
|
+
# The default is SYNC_DOWNLOAD_RESILIENCY = 5h (5 hours)
|
620
|
+
#
|
621
|
+
# Only obtain hackers that have been at it for 2 days or more:
|
622
|
+
#SYNC_DOWNLOAD_RESILIENCY = 2d
|
623
|
+
#
|
624
|
+
# Only obtain hackers that have been at it for 5 hours or more:
|
625
|
+
#SYNC_DOWNLOAD_RESILIENCY = 5h
|
626
|
+
#
|
627
|
+
#######################################################################
|
628
|
+
|
@@ -0,0 +1,13 @@
|
|
1
|
+
# dpkg configuration file
|
2
|
+
#
|
3
|
+
# This file can contain default options for dpkg. All command-line
|
4
|
+
# options are allowed. Values can be specified by putting them after
|
5
|
+
# the option, separated by whitespace and/or an `=' sign.
|
6
|
+
#
|
7
|
+
|
8
|
+
# ec2onrails note: if we have a config file already up here, we want to use
|
9
|
+
# that over the packages default.
|
10
|
+
force-confold
|
11
|
+
|
12
|
+
# Log status changes and actions to a file.
|
13
|
+
log /var/log/dpkg.log
|
@@ -0,0 +1,32 @@
|
|
1
|
+
You can place a *.erb file in this directory and the set_roles script will
|
2
|
+
format them. This is helpful if you want to customize your balancer_members
|
3
|
+
or nginx_upstream_members files. For example, if you want to define multiple
|
4
|
+
instances for nginx to hook into, you can put something like this in
|
5
|
+
nginx_upstream_members.erb:
|
6
|
+
|
7
|
+
upstream mongrel{
|
8
|
+
<%
|
9
|
+
roles[:app].each do |address|
|
10
|
+
@web_port_range.each do |port|
|
11
|
+
%>
|
12
|
+
server <%= address %>:<%= port %>;
|
13
|
+
<%
|
14
|
+
end
|
15
|
+
end
|
16
|
+
%>
|
17
|
+
fair;
|
18
|
+
}
|
19
|
+
|
20
|
+
upstream merb{
|
21
|
+
<%
|
22
|
+
@roles[:app].each do |address|
|
23
|
+
%>
|
24
|
+
server <%= address %>:4000;
|
25
|
+
server <%= address %>:4001;
|
26
|
+
server <%= address %>:4002;
|
27
|
+
server <%= address %>:4003;
|
28
|
+
server <%= address %>:4004;
|
29
|
+
server <%= address %>:4005;
|
30
|
+
<% end %>
|
31
|
+
fair;
|
32
|
+
}
|