cloud-mu 1.9.0.pre.beta

Sign up to get free protection for your applications and to get access to all the features.
Files changed (618) hide show
  1. checksums.yaml +7 -0
  2. data/Berksfile +56 -0
  3. data/Berksfile.lock +250 -0
  4. data/Jenkinsfile +184 -0
  5. data/LICENSE.md +37 -0
  6. data/README.md +26 -0
  7. data/bin/mu-aws-setup +376 -0
  8. data/bin/mu-cleanup +68 -0
  9. data/bin/mu-configure +1133 -0
  10. data/bin/mu-deploy +166 -0
  11. data/bin/mu-firewall-allow-clients +30 -0
  12. data/bin/mu-gcp-setup +200 -0
  13. data/bin/mu-gen-docs +34 -0
  14. data/bin/mu-gen-env +42 -0
  15. data/bin/mu-load-config.rb +158 -0
  16. data/bin/mu-node-manage +683 -0
  17. data/bin/mu-self-update +228 -0
  18. data/bin/mu-ssh +23 -0
  19. data/bin/mu-tunnel-nagios +144 -0
  20. data/bin/mu-upload-chef-artifacts +757 -0
  21. data/bin/mu-user-manage +275 -0
  22. data/cookbooks/awscli/LICENSE +37 -0
  23. data/cookbooks/awscli/README.md +58 -0
  24. data/cookbooks/awscli/attributes/default.rb +1 -0
  25. data/cookbooks/awscli/libraries/instance_metadata.rb +21 -0
  26. data/cookbooks/awscli/metadata.rb +20 -0
  27. data/cookbooks/awscli/recipes/default.rb +56 -0
  28. data/cookbooks/awscli/templates/default/config.erb +18 -0
  29. data/cookbooks/mu-activedirectory/CHANGELOG.md +13 -0
  30. data/cookbooks/mu-activedirectory/LICENSE +37 -0
  31. data/cookbooks/mu-activedirectory/README.md +6 -0
  32. data/cookbooks/mu-activedirectory/attributes/default.rb +98 -0
  33. data/cookbooks/mu-activedirectory/files/default/password-auth +32 -0
  34. data/cookbooks/mu-activedirectory/files/default/sshd_pol.pp +0 -0
  35. data/cookbooks/mu-activedirectory/files/default/sshd_pol.te +32 -0
  36. data/cookbooks/mu-activedirectory/files/default/syslogd_oddjobd.pp +0 -0
  37. data/cookbooks/mu-activedirectory/files/default/syslogd_oddjobd.te +10 -0
  38. data/cookbooks/mu-activedirectory/files/default/system-auth +34 -0
  39. data/cookbooks/mu-activedirectory/files/default/winbindpol.pp +0 -0
  40. data/cookbooks/mu-activedirectory/files/default/winbindpol.te +37 -0
  41. data/cookbooks/mu-activedirectory/libraries/config.rb +106 -0
  42. data/cookbooks/mu-activedirectory/libraries/helper.rb +86 -0
  43. data/cookbooks/mu-activedirectory/metadata.rb +17 -0
  44. data/cookbooks/mu-activedirectory/providers/domain.rb +152 -0
  45. data/cookbooks/mu-activedirectory/providers/domain_controller.rb +89 -0
  46. data/cookbooks/mu-activedirectory/providers/domain_node.rb +275 -0
  47. data/cookbooks/mu-activedirectory/recipes/default.rb +8 -0
  48. data/cookbooks/mu-activedirectory/recipes/domain-controller.rb +44 -0
  49. data/cookbooks/mu-activedirectory/recipes/domain-node.rb +50 -0
  50. data/cookbooks/mu-activedirectory/recipes/domain.rb +43 -0
  51. data/cookbooks/mu-activedirectory/recipes/sssd.rb +185 -0
  52. data/cookbooks/mu-activedirectory/resources/domain.rb +25 -0
  53. data/cookbooks/mu-activedirectory/resources/domain_controller.rb +25 -0
  54. data/cookbooks/mu-activedirectory/resources/domain_node.rb +20 -0
  55. data/cookbooks/mu-activedirectory/templates/default/dhclient-eth0.conf.erb +4 -0
  56. data/cookbooks/mu-activedirectory/templates/default/interface +0 -0
  57. data/cookbooks/mu-activedirectory/templates/default/krb5.conf.erb +23 -0
  58. data/cookbooks/mu-activedirectory/templates/default/ntp.conf.erb +56 -0
  59. data/cookbooks/mu-activedirectory/templates/default/smb.conf.erb +33 -0
  60. data/cookbooks/mu-activedirectory/templates/default/sssd.conf.erb +60 -0
  61. data/cookbooks/mu-activedirectory/templates/windows/Backup.xml.erb +20 -0
  62. data/cookbooks/mu-activedirectory/templates/windows/bkupInfo.xml.erb +1 -0
  63. data/cookbooks/mu-activedirectory/templates/windows/gpreprt.xml.erb +198 -0
  64. data/cookbooks/mu-activedirectory/templates/windows/gptmpl.inf.erb +12 -0
  65. data/cookbooks/mu-activedirectory/templates/windows/manifest.xml.erb +1 -0
  66. data/cookbooks/mu-firewall/CHANGELOG.md +11 -0
  67. data/cookbooks/mu-firewall/LICENSE +37 -0
  68. data/cookbooks/mu-firewall/README.md +5 -0
  69. data/cookbooks/mu-firewall/attributes/default.rb +3 -0
  70. data/cookbooks/mu-firewall/metadata.rb +16 -0
  71. data/cookbooks/mu-firewall/recipes/default.rb +10 -0
  72. data/cookbooks/mu-glusterfs/CHANGELOG.md +13 -0
  73. data/cookbooks/mu-glusterfs/LICENSE +37 -0
  74. data/cookbooks/mu-glusterfs/README.md +5 -0
  75. data/cookbooks/mu-glusterfs/attributes/default.rb +34 -0
  76. data/cookbooks/mu-glusterfs/metadata.rb +17 -0
  77. data/cookbooks/mu-glusterfs/recipes/client.rb +62 -0
  78. data/cookbooks/mu-glusterfs/recipes/default.rb +16 -0
  79. data/cookbooks/mu-glusterfs/recipes/samba.rb +57 -0
  80. data/cookbooks/mu-glusterfs/recipes/server.rb +200 -0
  81. data/cookbooks/mu-glusterfs/templates/default/mu-gluster-client.erb +71 -0
  82. data/cookbooks/mu-glusterfs/templates/default/smb.conf.erb +14 -0
  83. data/cookbooks/mu-jenkins/CHANGELOG.md +13 -0
  84. data/cookbooks/mu-jenkins/LICENSE +37 -0
  85. data/cookbooks/mu-jenkins/README.md +105 -0
  86. data/cookbooks/mu-jenkins/attributes/default.rb +42 -0
  87. data/cookbooks/mu-jenkins/files/default/cleanup_deploy_config.xml +73 -0
  88. data/cookbooks/mu-jenkins/files/default/deploy_config.xml +44 -0
  89. data/cookbooks/mu-jenkins/metadata.rb +21 -0
  90. data/cookbooks/mu-jenkins/recipes/default.rb +195 -0
  91. data/cookbooks/mu-jenkins/recipes/node-ssh-config.rb +54 -0
  92. data/cookbooks/mu-jenkins/recipes/public_key.rb +24 -0
  93. data/cookbooks/mu-jenkins/templates/default/example_job.config.xml.erb +24 -0
  94. data/cookbooks/mu-jenkins/templates/default/org.jvnet.hudson.plugins.SSHBuildWrapper.xml.erb +14 -0
  95. data/cookbooks/mu-jenkins/templates/default/ssh_config.erb +6 -0
  96. data/cookbooks/mu-master/CHANGELOG.md +13 -0
  97. data/cookbooks/mu-master/LICENSE +37 -0
  98. data/cookbooks/mu-master/README.md +6 -0
  99. data/cookbooks/mu-master/attributes/default.rb +95 -0
  100. data/cookbooks/mu-master/files/default/0-mu-log-server.conf +19 -0
  101. data/cookbooks/mu-master/files/default/addRSA.ldif +8 -0
  102. data/cookbooks/mu-master/files/default/check_mem.pl +197 -0
  103. data/cookbooks/mu-master/files/default/cloudamatic.png +0 -0
  104. data/cookbooks/mu-master/files/default/dirsrv_admin.pp +0 -0
  105. data/cookbooks/mu-master/files/default/dirsrv_admin.te +13 -0
  106. data/cookbooks/mu-master/files/default/nagios_selinux.pp +0 -0
  107. data/cookbooks/mu-master/files/default/nagios_selinux.te +51 -0
  108. data/cookbooks/mu-master/files/default/nagios_selinux_7.pp +0 -0
  109. data/cookbooks/mu-master/files/default/nagios_selinux_7.te +17 -0
  110. data/cookbooks/mu-master/files/default/pam_sshd +18 -0
  111. data/cookbooks/mu-master/files/default/ssl_enable.ldif +18 -0
  112. data/cookbooks/mu-master/files/default/syslogd_oddjobd.pp +0 -0
  113. data/cookbooks/mu-master/files/default/syslogd_oddjobd.te +10 -0
  114. data/cookbooks/mu-master/files/default/vimrc +19 -0
  115. data/cookbooks/mu-master/libraries/mu.rb +29 -0
  116. data/cookbooks/mu-master/metadata.rb +30 -0
  117. data/cookbooks/mu-master/providers/user.rb +41 -0
  118. data/cookbooks/mu-master/recipes/389ds.rb +164 -0
  119. data/cookbooks/mu-master/recipes/basepackages.rb +58 -0
  120. data/cookbooks/mu-master/recipes/caching_nameserver.rb +37 -0
  121. data/cookbooks/mu-master/recipes/default.rb +451 -0
  122. data/cookbooks/mu-master/recipes/eks-kubectl.rb +41 -0
  123. data/cookbooks/mu-master/recipes/firewall-holes.rb +70 -0
  124. data/cookbooks/mu-master/recipes/init.rb +542 -0
  125. data/cookbooks/mu-master/recipes/ssl-certs.rb +109 -0
  126. data/cookbooks/mu-master/recipes/sssd.rb +89 -0
  127. data/cookbooks/mu-master/recipes/update_nagios_only.rb +242 -0
  128. data/cookbooks/mu-master/recipes/vault.rb +111 -0
  129. data/cookbooks/mu-master/resources/user.rb +19 -0
  130. data/cookbooks/mu-master/templates/default/389-directory-setup.inf.erb +28 -0
  131. data/cookbooks/mu-master/templates/default/chef-server.rb.erb +18 -0
  132. data/cookbooks/mu-master/templates/default/dhclient-eth0.conf.erb +9 -0
  133. data/cookbooks/mu-master/templates/default/mu-momma-cat.erb +149 -0
  134. data/cookbooks/mu-master/templates/default/mu.rc.erb +9 -0
  135. data/cookbooks/mu-master/templates/default/openssl.cnf.erb +354 -0
  136. data/cookbooks/mu-master/templates/default/sssd.conf.erb +44 -0
  137. data/cookbooks/mu-master/templates/default/web_app.conf.erb +90 -0
  138. data/cookbooks/mu-mongo/CHANGELOG.md +13 -0
  139. data/cookbooks/mu-mongo/LICENSE +37 -0
  140. data/cookbooks/mu-mongo/README.md +5 -0
  141. data/cookbooks/mu-mongo/attributes/default.rb +22 -0
  142. data/cookbooks/mu-mongo/files/default/keyfile +16 -0
  143. data/cookbooks/mu-mongo/files/default/remove_nodes.js +5 -0
  144. data/cookbooks/mu-mongo/metadata.rb +17 -0
  145. data/cookbooks/mu-mongo/recipes/default.rb +149 -0
  146. data/cookbooks/mu-mongo/recipes/yum-update-rule.rb +18 -0
  147. data/cookbooks/mu-mongo/templates/default/mongo_create_openfema_db.js.erb +2 -0
  148. data/cookbooks/mu-mongo/templates/default/mongo_init.js.erb +1 -0
  149. data/cookbooks/mu-mongo/templates/default/mongo_logrotate.erb +14 -0
  150. data/cookbooks/mu-mongo/templates/default/mongo_replset_addnodes.js.erb +6 -0
  151. data/cookbooks/mu-mongo/templates/default/replset_init.js.erb +2 -0
  152. data/cookbooks/mu-openvpn/CHANGELOG.md +13 -0
  153. data/cookbooks/mu-openvpn/LICENSE +37 -0
  154. data/cookbooks/mu-openvpn/README.md +6 -0
  155. data/cookbooks/mu-openvpn/attributes/default.rb +119 -0
  156. data/cookbooks/mu-openvpn/metadata.rb +18 -0
  157. data/cookbooks/mu-openvpn/recipes/default.rb +108 -0
  158. data/cookbooks/mu-openvpn/templates/default/users.json.erb +42 -0
  159. data/cookbooks/mu-php54/CHANGELOG.md +12 -0
  160. data/cookbooks/mu-php54/LICENSE +37 -0
  161. data/cookbooks/mu-php54/README.md +0 -0
  162. data/cookbooks/mu-php54/files/centos/php.ini +1802 -0
  163. data/cookbooks/mu-php54/files/ubuntu/php.ini +1870 -0
  164. data/cookbooks/mu-php54/metadata.rb +21 -0
  165. data/cookbooks/mu-php54/recipes/default.rb +97 -0
  166. data/cookbooks/mu-splunk/CHANGELOG.md +37 -0
  167. data/cookbooks/mu-splunk/LICENSE +37 -0
  168. data/cookbooks/mu-splunk/README.md +451 -0
  169. data/cookbooks/mu-splunk/attributes/default.rb +95 -0
  170. data/cookbooks/mu-splunk/attributes/upgrade.rb +49 -0
  171. data/cookbooks/mu-splunk/definitions/splunk_installer.rb +103 -0
  172. data/cookbooks/mu-splunk/files/default/splunk-nocheck +10 -0
  173. data/cookbooks/mu-splunk/libraries/helpers.rb +72 -0
  174. data/cookbooks/mu-splunk/libraries/splunk_app_provider.rb +156 -0
  175. data/cookbooks/mu-splunk/libraries/splunk_app_resource.rb +43 -0
  176. data/cookbooks/mu-splunk/metadata.json +30 -0
  177. data/cookbooks/mu-splunk/metadata.rb +17 -0
  178. data/cookbooks/mu-splunk/recipes/client.rb +143 -0
  179. data/cookbooks/mu-splunk/recipes/default.rb +31 -0
  180. data/cookbooks/mu-splunk/recipes/disabled.rb +41 -0
  181. data/cookbooks/mu-splunk/recipes/install_forwarder.rb +23 -0
  182. data/cookbooks/mu-splunk/recipes/install_server.rb +23 -0
  183. data/cookbooks/mu-splunk/recipes/server.rb +53 -0
  184. data/cookbooks/mu-splunk/recipes/service.rb +95 -0
  185. data/cookbooks/mu-splunk/recipes/setup_auth.rb +49 -0
  186. data/cookbooks/mu-splunk/recipes/setup_ssl.rb +63 -0
  187. data/cookbooks/mu-splunk/recipes/upgrade.rb +94 -0
  188. data/cookbooks/mu-splunk/recipes/user.rb +34 -0
  189. data/cookbooks/mu-splunk/templates/default/base_logs_unix_inputs.conf.erb +26 -0
  190. data/cookbooks/mu-splunk/templates/default/inputs.conf.erb +13 -0
  191. data/cookbooks/mu-splunk/templates/default/outputs.conf.erb +9 -0
  192. data/cookbooks/mu-splunk/templates/default/splunk-init.erb +74 -0
  193. data/cookbooks/mu-splunk/templates/default/system-web.conf.erb +7 -0
  194. data/cookbooks/mu-tools/CHANGELOG.md +12 -0
  195. data/cookbooks/mu-tools/LICENSE +37 -0
  196. data/cookbooks/mu-tools/README.md +188 -0
  197. data/cookbooks/mu-tools/attributes/default.rb +142 -0
  198. data/cookbooks/mu-tools/attributes/ebs_rolling_snapshots.rb +3 -0
  199. data/cookbooks/mu-tools/files/amazon/etc/freshclam.conf +235 -0
  200. data/cookbooks/mu-tools/files/centos/CentOS-Base.repo +52 -0
  201. data/cookbooks/mu-tools/files/centos/etc/bashrc +93 -0
  202. data/cookbooks/mu-tools/files/centos/etc/freshclam.conf +235 -0
  203. data/cookbooks/mu-tools/files/centos/etc/login.defs +72 -0
  204. data/cookbooks/mu-tools/files/centos/etc/profile +77 -0
  205. data/cookbooks/mu-tools/files/centos/etc/security/limits.conf +57 -0
  206. data/cookbooks/mu-tools/files/centos/etc/sysconfig/init +19 -0
  207. data/cookbooks/mu-tools/files/centos/etc/sysctl.conf +82 -0
  208. data/cookbooks/mu-tools/files/centos-6/README_MU +0 -0
  209. data/cookbooks/mu-tools/files/centos-6/etc/audit/stig.rules +173 -0
  210. data/cookbooks/mu-tools/files/centos-6/etc/bashrc +90 -0
  211. data/cookbooks/mu-tools/files/centos-6/etc/login.defs +70 -0
  212. data/cookbooks/mu-tools/files/centos-6/etc/pam.d/su +12 -0
  213. data/cookbooks/mu-tools/files/centos-6/etc/profile +83 -0
  214. data/cookbooks/mu-tools/files/centos-6/etc/securetty +12 -0
  215. data/cookbooks/mu-tools/files/centos-6/etc/sysconfig/init +30 -0
  216. data/cookbooks/mu-tools/files/centos-6/etc/sysctl.conf +40 -0
  217. data/cookbooks/mu-tools/files/default/Mu_CA.pem +34 -0
  218. data/cookbooks/mu-tools/files/default/PSWindowsUpdate.zip +0 -0
  219. data/cookbooks/mu-tools/files/default/ebs_snapshots.py +123 -0
  220. data/cookbooks/mu-tools/files/default/etc/BANNER +0 -0
  221. data/cookbooks/mu-tools/files/default/etc/BANNER-FEDERAL +19 -0
  222. data/cookbooks/mu-tools/files/default/gpo_no_uac.zip +0 -0
  223. data/cookbooks/mu-tools/files/default/mypol.pp +0 -0
  224. data/cookbooks/mu-tools/files/default/mypol.te +37 -0
  225. data/cookbooks/mu-tools/files/default/nrpe_c7.pp +0 -0
  226. data/cookbooks/mu-tools/files/default/nrpe_c7.te +31 -0
  227. data/cookbooks/mu-tools/files/default/nrpe_check_disk.pp +0 -0
  228. data/cookbooks/mu-tools/files/default/nrpe_check_disk.te +11 -0
  229. data/cookbooks/mu-tools/files/default/nrpe_disk.pp +0 -0
  230. data/cookbooks/mu-tools/files/default/nrpe_disk.te +10 -0
  231. data/cookbooks/mu-tools/files/default/nrpe_file.pp +0 -0
  232. data/cookbooks/mu-tools/files/default/nrpe_file.te +31 -0
  233. data/cookbooks/mu-tools/files/default/ntrights +0 -0
  234. data/cookbooks/mu-tools/files/default/serverclass.conf +18 -0
  235. data/cookbooks/mu-tools/files/default/splunk-apps/base_logs_unix/local/app.conf +1 -0
  236. data/cookbooks/mu-tools/files/default/splunk-apps/base_logs_unix/local/inputs.conf +13 -0
  237. data/cookbooks/mu-tools/files/default/splunk-apps/base_logs_windows/local/app.conf +1 -0
  238. data/cookbooks/mu-tools/files/default/splunk-apps/base_logs_windows/local/inputs.conf +8 -0
  239. data/cookbooks/mu-tools/files/default/sshd_pol.pp +0 -0
  240. data/cookbooks/mu-tools/files/default/sshd_pol.te +32 -0
  241. data/cookbooks/mu-tools/files/redhat/etc/bashrc +93 -0
  242. data/cookbooks/mu-tools/files/redhat/etc/freshclam.conf +235 -0
  243. data/cookbooks/mu-tools/files/redhat/etc/login.defs +72 -0
  244. data/cookbooks/mu-tools/files/redhat/etc/profile +77 -0
  245. data/cookbooks/mu-tools/files/redhat/etc/security/limits.conf +57 -0
  246. data/cookbooks/mu-tools/files/redhat/etc/sysconfig/init +19 -0
  247. data/cookbooks/mu-tools/files/redhat/etc/sysctl.conf +82 -0
  248. data/cookbooks/mu-tools/files/redhat-6/README_MU +0 -0
  249. data/cookbooks/mu-tools/files/redhat-6/etc/audit/stig.rules +173 -0
  250. data/cookbooks/mu-tools/files/redhat-6/etc/bashrc +90 -0
  251. data/cookbooks/mu-tools/files/redhat-6/etc/login.defs +70 -0
  252. data/cookbooks/mu-tools/files/redhat-6/etc/pam.d/su +12 -0
  253. data/cookbooks/mu-tools/files/redhat-6/etc/profile +83 -0
  254. data/cookbooks/mu-tools/files/redhat-6/etc/securetty +12 -0
  255. data/cookbooks/mu-tools/files/redhat-6/etc/sysconfig/init +30 -0
  256. data/cookbooks/mu-tools/files/redhat-6/etc/sysctl.conf +40 -0
  257. data/cookbooks/mu-tools/files/redhat-7.1/etc/freshclam.conf +235 -0
  258. data/cookbooks/mu-tools/files/ubuntu-12.04/etc/bash.bashrc +64 -0
  259. data/cookbooks/mu-tools/files/ubuntu-12.04/etc/common-session +30 -0
  260. data/cookbooks/mu-tools/files/ubuntu-12.04/etc/login.defs +338 -0
  261. data/cookbooks/mu-tools/files/ubuntu-12.04/etc/profile +30 -0
  262. data/cookbooks/mu-tools/files/ubuntu-12.04/etc/security/limits.conf +56 -0
  263. data/cookbooks/mu-tools/files/ubuntu-12.04/etc/sysctl.conf +60 -0
  264. data/cookbooks/mu-tools/libraries/helper.rb +292 -0
  265. data/cookbooks/mu-tools/metadata.rb +28 -0
  266. data/cookbooks/mu-tools/recipes/add_admin_ssh_keys.rb +35 -0
  267. data/cookbooks/mu-tools/recipes/apply_security.rb +440 -0
  268. data/cookbooks/mu-tools/recipes/aws_api.rb +23 -0
  269. data/cookbooks/mu-tools/recipes/base_repositories.rb +31 -0
  270. data/cookbooks/mu-tools/recipes/cisbenchmark.rb +59 -0
  271. data/cookbooks/mu-tools/recipes/clamav.rb +53 -0
  272. data/cookbooks/mu-tools/recipes/cloudinit.rb +58 -0
  273. data/cookbooks/mu-tools/recipes/configure_oracle_tools.rb +81 -0
  274. data/cookbooks/mu-tools/recipes/disable-requiretty.rb +22 -0
  275. data/cookbooks/mu-tools/recipes/ebs_rolling_snapshots.rb +75 -0
  276. data/cookbooks/mu-tools/recipes/efs.rb +70 -0
  277. data/cookbooks/mu-tools/recipes/eks.rb +160 -0
  278. data/cookbooks/mu-tools/recipes/gcloud.rb +98 -0
  279. data/cookbooks/mu-tools/recipes/google_api.rb +25 -0
  280. data/cookbooks/mu-tools/recipes/maldet.rb +67 -0
  281. data/cookbooks/mu-tools/recipes/nagios.rb +19 -0
  282. data/cookbooks/mu-tools/recipes/newclient.rb +23 -0
  283. data/cookbooks/mu-tools/recipes/nrpe.rb +115 -0
  284. data/cookbooks/mu-tools/recipes/python_pip.rb +35 -0
  285. data/cookbooks/mu-tools/recipes/retrieve_application.rb +51 -0
  286. data/cookbooks/mu-tools/recipes/rsyslog.rb +65 -0
  287. data/cookbooks/mu-tools/recipes/set_local_fw.rb +57 -0
  288. data/cookbooks/mu-tools/recipes/set_mu_hostname.rb +81 -0
  289. data/cookbooks/mu-tools/recipes/split_var_partitions.rb +86 -0
  290. data/cookbooks/mu-tools/recipes/splunk-client.rb +69 -0
  291. data/cookbooks/mu-tools/recipes/splunk-server.rb +104 -0
  292. data/cookbooks/mu-tools/recipes/store_inspec_attr.rb +8 -0
  293. data/cookbooks/mu-tools/recipes/updates.rb +96 -0
  294. data/cookbooks/mu-tools/recipes/windows-client.rb +202 -0
  295. data/cookbooks/mu-tools/resources/aws_windows.rb +33 -0
  296. data/cookbooks/mu-tools/resources/disk.rb +88 -0
  297. data/cookbooks/mu-tools/resources/mommacat_request.rb +11 -0
  298. data/cookbooks/mu-tools/resources/scheduled_tasks.rb +29 -0
  299. data/cookbooks/mu-tools/resources/sshd_service.rb +45 -0
  300. data/cookbooks/mu-tools/resources/windows_users.rb +242 -0
  301. data/cookbooks/mu-tools/templates/amazon/sshd_config.erb +168 -0
  302. data/cookbooks/mu-tools/templates/centos-6/sshd_config.erb +212 -0
  303. data/cookbooks/mu-tools/templates/centos-7/sshd_config.erb +215 -0
  304. data/cookbooks/mu-tools/templates/default/0-mu-log-client.conf.erb +13 -0
  305. data/cookbooks/mu-tools/templates/default/conf.maldet.erb +137 -0
  306. data/cookbooks/mu-tools/templates/default/etc_hosts.erb +30 -0
  307. data/cookbooks/mu-tools/templates/default/etc_pamd_password-auth.erb +14 -0
  308. data/cookbooks/mu-tools/templates/default/etc_pamd_system-auth.erb +14 -0
  309. data/cookbooks/mu-tools/templates/default/etc_sysconfig_network.erb +12 -0
  310. data/cookbooks/mu-tools/templates/default/kubeconfig.erb +29 -0
  311. data/cookbooks/mu-tools/templates/default/kubelet.service.erb +35 -0
  312. data/cookbooks/mu-tools/templates/default/maldet_scanall.sh.erb +15 -0
  313. data/cookbooks/mu-tools/templates/default/nrpe.cfg.erb +233 -0
  314. data/cookbooks/mu-tools/templates/redhat-6/sshd_config.erb +213 -0
  315. data/cookbooks/mu-tools/templates/redhat-7/sshd_config.erb +215 -0
  316. data/cookbooks/mu-tools/templates/ubuntu-12.04/sshd_config.erb +146 -0
  317. data/cookbooks/mu-tools/templates/ubuntu-14.04/sshd_config.erb +145 -0
  318. data/cookbooks/mu-tools/templates/windows/Backup.xml.erb +20 -0
  319. data/cookbooks/mu-tools/templates/windows/bkupInfo.xml.erb +1 -0
  320. data/cookbooks/mu-tools/templates/windows/gpreprt.xml.erb +214 -0
  321. data/cookbooks/mu-tools/templates/windows/gptmpl.inf.erb +12 -0
  322. data/cookbooks/mu-tools/templates/windows/manifest.xml.erb +1 -0
  323. data/cookbooks/mu-tools/templates/windows/set_ad_dns_scheduled_task.ps1.erb +6 -0
  324. data/cookbooks/mu-tools/templates/windows/sshd_config.erb +136 -0
  325. data/cookbooks/mu-utility/CHANGELOG.md +12 -0
  326. data/cookbooks/mu-utility/LICENSE +37 -0
  327. data/cookbooks/mu-utility/README.md +6 -0
  328. data/cookbooks/mu-utility/attributes/default.rb +1 -0
  329. data/cookbooks/mu-utility/libraries/matchers.rb +21 -0
  330. data/cookbooks/mu-utility/metadata.rb +16 -0
  331. data/cookbooks/mu-utility/recipes/apt.rb +23 -0
  332. data/cookbooks/mu-utility/recipes/cleanup_image_helper.rb +118 -0
  333. data/cookbooks/mu-utility/recipes/iptables.rb +26 -0
  334. data/cookbooks/mu-utility/recipes/luks.rb +18 -0
  335. data/cookbooks/mu-utility/recipes/nat.rb +104 -0
  336. data/cookbooks/mu-utility/recipes/php.rb +33 -0
  337. data/cookbooks/mu-utility/recipes/rdp_gateway.rb +83 -0
  338. data/cookbooks/mu-utility/recipes/remi.rb +44 -0
  339. data/cookbooks/mu-utility/recipes/vim.rb +26 -0
  340. data/cookbooks/mu-utility/recipes/windows_basics.rb +37 -0
  341. data/cookbooks/mu-utility/recipes/zip.rb +26 -0
  342. data/cookbooks/mu-utility/templates/default/BundleConfig.xml.erb +34 -0
  343. data/cookbooks/mu-utility/templates/default/config.xml.erb +60 -0
  344. data/cookbooks/nagios/Berksfile +8 -0
  345. data/cookbooks/nagios/CHANGELOG.md +589 -0
  346. data/cookbooks/nagios/CONTRIBUTING.md +11 -0
  347. data/cookbooks/nagios/LICENSE +37 -0
  348. data/cookbooks/nagios/README.md +328 -0
  349. data/cookbooks/nagios/TESTING.md +2 -0
  350. data/cookbooks/nagios/attributes/config.rb +171 -0
  351. data/cookbooks/nagios/attributes/default.rb +228 -0
  352. data/cookbooks/nagios/chefignore +102 -0
  353. data/cookbooks/nagios/definitions/command.rb +33 -0
  354. data/cookbooks/nagios/definitions/contact.rb +33 -0
  355. data/cookbooks/nagios/definitions/contactgroup.rb +33 -0
  356. data/cookbooks/nagios/definitions/host.rb +33 -0
  357. data/cookbooks/nagios/definitions/hostdependency.rb +33 -0
  358. data/cookbooks/nagios/definitions/hostescalation.rb +34 -0
  359. data/cookbooks/nagios/definitions/hostgroup.rb +33 -0
  360. data/cookbooks/nagios/definitions/nagios_conf.rb +38 -0
  361. data/cookbooks/nagios/definitions/resource.rb +33 -0
  362. data/cookbooks/nagios/definitions/service.rb +33 -0
  363. data/cookbooks/nagios/definitions/servicedependency.rb +33 -0
  364. data/cookbooks/nagios/definitions/serviceescalation.rb +34 -0
  365. data/cookbooks/nagios/definitions/servicegroup.rb +33 -0
  366. data/cookbooks/nagios/definitions/timeperiod.rb +33 -0
  367. data/cookbooks/nagios/libraries/base.rb +314 -0
  368. data/cookbooks/nagios/libraries/command.rb +91 -0
  369. data/cookbooks/nagios/libraries/contact.rb +230 -0
  370. data/cookbooks/nagios/libraries/contactgroup.rb +112 -0
  371. data/cookbooks/nagios/libraries/custom_option.rb +36 -0
  372. data/cookbooks/nagios/libraries/data_bag_helper.rb +23 -0
  373. data/cookbooks/nagios/libraries/default.rb +90 -0
  374. data/cookbooks/nagios/libraries/host.rb +412 -0
  375. data/cookbooks/nagios/libraries/hostdependency.rb +181 -0
  376. data/cookbooks/nagios/libraries/hostescalation.rb +173 -0
  377. data/cookbooks/nagios/libraries/hostgroup.rb +119 -0
  378. data/cookbooks/nagios/libraries/nagios.rb +282 -0
  379. data/cookbooks/nagios/libraries/resource.rb +59 -0
  380. data/cookbooks/nagios/libraries/service.rb +455 -0
  381. data/cookbooks/nagios/libraries/servicedependency.rb +215 -0
  382. data/cookbooks/nagios/libraries/serviceescalation.rb +195 -0
  383. data/cookbooks/nagios/libraries/servicegroup.rb +144 -0
  384. data/cookbooks/nagios/libraries/timeperiod.rb +160 -0
  385. data/cookbooks/nagios/libraries/users_helper.rb +54 -0
  386. data/cookbooks/nagios/metadata.rb +25 -0
  387. data/cookbooks/nagios/recipes/_load_databag_config.rb +153 -0
  388. data/cookbooks/nagios/recipes/_load_default_config.rb +241 -0
  389. data/cookbooks/nagios/recipes/apache.rb +48 -0
  390. data/cookbooks/nagios/recipes/default.rb +204 -0
  391. data/cookbooks/nagios/recipes/nginx.rb +82 -0
  392. data/cookbooks/nagios/recipes/pagerduty.rb +143 -0
  393. data/cookbooks/nagios/recipes/server_package.rb +40 -0
  394. data/cookbooks/nagios/recipes/server_source.rb +164 -0
  395. data/cookbooks/nagios/templates/default/apache2.conf.erb +96 -0
  396. data/cookbooks/nagios/templates/default/cgi.cfg.erb +266 -0
  397. data/cookbooks/nagios/templates/default/commands.cfg.erb +13 -0
  398. data/cookbooks/nagios/templates/default/contacts.cfg.erb +37 -0
  399. data/cookbooks/nagios/templates/default/hostgroups.cfg.erb +25 -0
  400. data/cookbooks/nagios/templates/default/hosts.cfg.erb +15 -0
  401. data/cookbooks/nagios/templates/default/htpasswd.users.erb +6 -0
  402. data/cookbooks/nagios/templates/default/nagios.cfg.erb +22 -0
  403. data/cookbooks/nagios/templates/default/nginx.conf.erb +62 -0
  404. data/cookbooks/nagios/templates/default/pagerduty.cgi.erb +185 -0
  405. data/cookbooks/nagios/templates/default/resource.cfg.erb +27 -0
  406. data/cookbooks/nagios/templates/default/servicedependencies.cfg.erb +15 -0
  407. data/cookbooks/nagios/templates/default/servicegroups.cfg.erb +14 -0
  408. data/cookbooks/nagios/templates/default/services.cfg.erb +14 -0
  409. data/cookbooks/nagios/templates/default/templates.cfg.erb +31 -0
  410. data/cookbooks/nagios/templates/default/timeperiods.cfg.erb +13 -0
  411. data/cookbooks/s3fs/CHANGELOG.md +13 -0
  412. data/cookbooks/s3fs/LICENSE +37 -0
  413. data/cookbooks/s3fs/README.md +6 -0
  414. data/cookbooks/s3fs/attributes/default.rb +15 -0
  415. data/cookbooks/s3fs/files/default/fuse-2.9.3.zip +0 -0
  416. data/cookbooks/s3fs/metadata.rb +16 -0
  417. data/cookbooks/s3fs/recipes/default.rb +91 -0
  418. data/data_bags/demo/app.json +7 -0
  419. data/data_bags/nagios_services/chef.json +6 -0
  420. data/data_bags/nagios_services/linux_diskspace.json +5 -0
  421. data/data_bags/nagios_services/momma_cat.json +6 -0
  422. data/data_bags/nagios_services/mu-master-memory.json +5 -0
  423. data/data_bags/nagios_services/nagios_ui.json +6 -0
  424. data/data_bags/nagios_services/node_ssh.json +6 -0
  425. data/data_bags/nagios_services/ssh.json +6 -0
  426. data/demo/lambda_test.yaml +29 -0
  427. data/environments/DEV.json +8 -0
  428. data/environments/PROD.json +8 -0
  429. data/environments/dev.json +8 -0
  430. data/environments/development.json +8 -0
  431. data/environments/prod.json +8 -0
  432. data/extras/README.md +1 -0
  433. data/extras/admin-role-binding.yaml +16 -0
  434. data/extras/admin-user.yaml +6 -0
  435. data/extras/aws-auth-cm.yaml.erb +12 -0
  436. data/extras/clean-stock-amis +48 -0
  437. data/extras/git-fix-permissions-hook +12 -0
  438. data/extras/gitlab-eks-helper.sh.erb +20 -0
  439. data/extras/image-generators/README.md +2 -0
  440. data/extras/image-generators/aws/centos6.yaml +18 -0
  441. data/extras/image-generators/aws/centos7-govcloud.yaml +24 -0
  442. data/extras/image-generators/aws/centos7.yaml +17 -0
  443. data/extras/image-generators/aws/rhel7.yaml +17 -0
  444. data/extras/image-generators/aws/win2k12.yaml +16 -0
  445. data/extras/image-generators/aws/win2k16.yaml +16 -0
  446. data/extras/image-generators/aws/windows.yaml +18 -0
  447. data/extras/image-generators/gcp/centos6.yaml +17 -0
  448. data/extras/lambda_waf_domain_blacklist.py +103 -0
  449. data/extras/platform_berksfile_base +50 -0
  450. data/extras/ruby_rpm/build.sh +17 -0
  451. data/extras/ruby_rpm/muby.spec +44 -0
  452. data/extras/vault_tools/README.md +6 -0
  453. data/extras/vault_tools/export_vaults.sh +3 -0
  454. data/extras/vault_tools/recreate_vaults.sh +5 -0
  455. data/extras/vault_tools/test_vaults.sh +5 -0
  456. data/install/README.md +8 -0
  457. data/install/cfn_create_mu_master.json +1034 -0
  458. data/install/chef-server.rb.erb +19 -0
  459. data/install/deprecated-bash-library.sh +1891 -0
  460. data/install/images/Usage.png +0 -0
  461. data/install/installer +71 -0
  462. data/install/jenkinskeys.rb +8 -0
  463. data/install/user-dot-murc.erb +14 -0
  464. data/modules/html.erb +19 -0
  465. data/modules/mommacat.ru +426 -0
  466. data/modules/mu/cleanup.rb +339 -0
  467. data/modules/mu/cloud.rb +1446 -0
  468. data/modules/mu/clouds/README.md +201 -0
  469. data/modules/mu/clouds/aws/alarm.rb +319 -0
  470. data/modules/mu/clouds/aws/cache_cluster.rb +1010 -0
  471. data/modules/mu/clouds/aws/collection.rb +373 -0
  472. data/modules/mu/clouds/aws/container_cluster.rb +667 -0
  473. data/modules/mu/clouds/aws/database.rb +1836 -0
  474. data/modules/mu/clouds/aws/dnszone.rb +911 -0
  475. data/modules/mu/clouds/aws/firewall_rule.rb +641 -0
  476. data/modules/mu/clouds/aws/folder.rb +92 -0
  477. data/modules/mu/clouds/aws/function.rb +349 -0
  478. data/modules/mu/clouds/aws/group.rb +251 -0
  479. data/modules/mu/clouds/aws/loadbalancer.rb +888 -0
  480. data/modules/mu/clouds/aws/log.rb +363 -0
  481. data/modules/mu/clouds/aws/msg_queue.rb +480 -0
  482. data/modules/mu/clouds/aws/notification.rb +139 -0
  483. data/modules/mu/clouds/aws/role.rb +656 -0
  484. data/modules/mu/clouds/aws/search_domain.rb +646 -0
  485. data/modules/mu/clouds/aws/server.rb +2294 -0
  486. data/modules/mu/clouds/aws/server_pool.rb +1388 -0
  487. data/modules/mu/clouds/aws/storage_pool.rb +495 -0
  488. data/modules/mu/clouds/aws/user.rb +382 -0
  489. data/modules/mu/clouds/aws/userdata/README.md +4 -0
  490. data/modules/mu/clouds/aws/userdata/linux.erb +179 -0
  491. data/modules/mu/clouds/aws/userdata/windows.erb +278 -0
  492. data/modules/mu/clouds/aws/vpc.rb +1943 -0
  493. data/modules/mu/clouds/aws.rb +1009 -0
  494. data/modules/mu/clouds/cloudformation/alarm.rb +146 -0
  495. data/modules/mu/clouds/cloudformation/cache_cluster.rb +167 -0
  496. data/modules/mu/clouds/cloudformation/collection.rb +117 -0
  497. data/modules/mu/clouds/cloudformation/database.rb +278 -0
  498. data/modules/mu/clouds/cloudformation/dnszone.rb +274 -0
  499. data/modules/mu/clouds/cloudformation/firewall_rule.rb +308 -0
  500. data/modules/mu/clouds/cloudformation/loadbalancer.rb +193 -0
  501. data/modules/mu/clouds/cloudformation/log.rb +170 -0
  502. data/modules/mu/clouds/cloudformation/server.rb +370 -0
  503. data/modules/mu/clouds/cloudformation/server_pool.rb +279 -0
  504. data/modules/mu/clouds/cloudformation/vpc.rb +322 -0
  505. data/modules/mu/clouds/cloudformation.rb +733 -0
  506. data/modules/mu/clouds/docker.rb +30 -0
  507. data/modules/mu/clouds/google/container_cluster.rb +290 -0
  508. data/modules/mu/clouds/google/database.rb +152 -0
  509. data/modules/mu/clouds/google/firewall_rule.rb +267 -0
  510. data/modules/mu/clouds/google/group.rb +164 -0
  511. data/modules/mu/clouds/google/loadbalancer.rb +479 -0
  512. data/modules/mu/clouds/google/server.rb +1510 -0
  513. data/modules/mu/clouds/google/server_pool.rb +274 -0
  514. data/modules/mu/clouds/google/user.rb +266 -0
  515. data/modules/mu/clouds/google/userdata/README.md +4 -0
  516. data/modules/mu/clouds/google/userdata/linux.erb +137 -0
  517. data/modules/mu/clouds/google/userdata/windows.erb +275 -0
  518. data/modules/mu/clouds/google/vpc.rb +890 -0
  519. data/modules/mu/clouds/google.rb +811 -0
  520. data/modules/mu/config/README.md +11 -0
  521. data/modules/mu/config/alarm.rb +271 -0
  522. data/modules/mu/config/cache_cluster.rb +172 -0
  523. data/modules/mu/config/collection.rb +87 -0
  524. data/modules/mu/config/container_cluster.rb +103 -0
  525. data/modules/mu/config/container_cluster.yml +36 -0
  526. data/modules/mu/config/database.rb +458 -0
  527. data/modules/mu/config/database.yml +26 -0
  528. data/modules/mu/config/dnszone.rb +327 -0
  529. data/modules/mu/config/firewall_rule.rb +118 -0
  530. data/modules/mu/config/folder.rb +70 -0
  531. data/modules/mu/config/function.rb +140 -0
  532. data/modules/mu/config/group.rb +64 -0
  533. data/modules/mu/config/loadbalancer.rb +482 -0
  534. data/modules/mu/config/log.rb +47 -0
  535. data/modules/mu/config/log.yml +6 -0
  536. data/modules/mu/config/msg_queue.rb +47 -0
  537. data/modules/mu/config/msg_queue.yml +9 -0
  538. data/modules/mu/config/notification.rb +44 -0
  539. data/modules/mu/config/project.rb +71 -0
  540. data/modules/mu/config/role.rb +102 -0
  541. data/modules/mu/config/search_domain.rb +61 -0
  542. data/modules/mu/config/search_domain.yml +25 -0
  543. data/modules/mu/config/server.rb +587 -0
  544. data/modules/mu/config/server.yml +8 -0
  545. data/modules/mu/config/server_pool.rb +216 -0
  546. data/modules/mu/config/server_pool.yml +71 -0
  547. data/modules/mu/config/storage_pool.rb +145 -0
  548. data/modules/mu/config/user.rb +78 -0
  549. data/modules/mu/config/vpc.rb +743 -0
  550. data/modules/mu/config/vpc.yml +6 -0
  551. data/modules/mu/config.rb +2000 -0
  552. data/modules/mu/defaults/README.md +2 -0
  553. data/modules/mu/defaults/amazon_images.yaml +121 -0
  554. data/modules/mu/defaults/google_images.yaml +16 -0
  555. data/modules/mu/deploy.rb +686 -0
  556. data/modules/mu/groomer.rb +123 -0
  557. data/modules/mu/groomers/README.md +58 -0
  558. data/modules/mu/groomers/chef.rb +1024 -0
  559. data/modules/mu/kittens.rb +11319 -0
  560. data/modules/mu/logger.rb +208 -0
  561. data/modules/mu/master/README.md +27 -0
  562. data/modules/mu/master/chef.rb +471 -0
  563. data/modules/mu/master/ldap.rb +1005 -0
  564. data/modules/mu/master.rb +415 -0
  565. data/modules/mu/mommacat.rb +2703 -0
  566. data/modules/mu-load-config.rb +1 -0
  567. data/modules/mu.rb +724 -0
  568. data/modules/scratchpad.erb +1 -0
  569. data/modules/tests/super_complex_bok.yml +41 -0
  570. data/modules/tests/super_simple_bok.yml +40 -0
  571. data/mu.gemspec +62 -0
  572. data/roles/demo-dbservice-configure.json +19 -0
  573. data/roles/demo-portal-configure.json +19 -0
  574. data/roles/mu-master-jenkins.json +24 -0
  575. data/roles/mu-master-nagios-only.json +13 -0
  576. data/roles/mu-master.json +12 -0
  577. data/roles/mu-node.json +19 -0
  578. data/roles/mu-splunk-server.json +13 -0
  579. data/roles/mu-splunk.json +13 -0
  580. data/test/clean_up.py +25 -0
  581. data/test/demo-test-profile/README.md +3 -0
  582. data/test/demo-test-profile/controls/flask.rb +84 -0
  583. data/test/demo-test-profile/inspec.lock +7 -0
  584. data/test/demo-test-profile/inspec.yml +11 -0
  585. data/test/etco-test-profile/README.md +3 -0
  586. data/test/etco-test-profile/controls/all-in-one.rb +182 -0
  587. data/test/etco-test-profile/inspec.lock +7 -0
  588. data/test/etco-test-profile/inspec.yml +11 -0
  589. data/test/exec_inspec.py +246 -0
  590. data/test/exec_mu_install.py +241 -0
  591. data/test/exec_retry.py +44 -0
  592. data/test/mu-master-test/README.md +3 -0
  593. data/test/mu-master-test/controls/all_in_one.rb +557 -0
  594. data/test/mu-master-test/inspec.lock +3 -0
  595. data/test/mu-master-test/inspec.yml +11 -0
  596. data/test/mu-tools-test/README.md +3 -0
  597. data/test/mu-tools-test/controls/base.rb +265 -0
  598. data/test/mu-tools-test/inspec.lock +3 -0
  599. data/test/mu-tools-test/inspec.yml +8 -0
  600. data/test/simple-server-php-test/README.md +3 -0
  601. data/test/simple-server-php-test/controls/apachephp.rb +25 -0
  602. data/test/simple-server-php-test/controls/example.rb +19 -0
  603. data/test/simple-server-php-test/inspec.lock +7 -0
  604. data/test/simple-server-php-test/inspec.yml +12 -0
  605. data/test/simple-server-rails-test/README.md +3 -0
  606. data/test/simple-server-rails-test/controls/rails.rb +188 -0
  607. data/test/simple-server-rails-test/inspec.lock +7 -0
  608. data/test/simple-server-rails-test/inspec.yml +11 -0
  609. data/test/simple-windows-test/README.md +3 -0
  610. data/test/simple-windows-test/controls/windows.rb +20 -0
  611. data/test/simple-windows-test/inspec.lock +7 -0
  612. data/test/simple-windows-test/inspec.yml +11 -0
  613. data/test/smoke_test.rb +75 -0
  614. data/test/wordpress-test/README.md +3 -0
  615. data/test/wordpress-test/controls/wordpress.rb +97 -0
  616. data/test/wordpress-test/inspec.lock +7 -0
  617. data/test/wordpress-test/inspec.yml +11 -0
  618. metadata +979 -0
@@ -0,0 +1,235 @@
1
+ ##
2
+ ## Example config file for freshclam
3
+ ## Please read the freshclam.conf(5) manual before editing this file.
4
+ ##
5
+
6
+
7
+ # Comment or remove the line below.
8
+ #Example
9
+
10
+ # Path to the database directory.
11
+ # WARNING: It must match clamd.conf's directive!
12
+ # Default: hardcoded (depends on installation options)
13
+ DatabaseDirectory /var/lib/clamav
14
+
15
+ # Path to the log file (make sure it has proper permissions)
16
+ # Default: disabled
17
+ UpdateLogFile /var/log/clamav/freshclam.log
18
+
19
+ # Maximum size of the log file.
20
+ # Value of 0 disables the limit.
21
+ # You may use 'M' or 'm' for megabytes (1M = 1m = 1048576 bytes)
22
+ # and 'K' or 'k' for kilobytes (1K = 1k = 1024 bytes).
23
+ # in bytes just don't use modifiers. If LogFileMaxSize is enabled,
24
+ # log rotation (the LogRotate option) will always be enabled.
25
+ # Default: 1M
26
+ #LogFileMaxSize 2M
27
+
28
+ # Log time with each message.
29
+ # Default: no
30
+ #LogTime yes
31
+
32
+ # Enable verbose logging.
33
+ # Default: no
34
+ #LogVerbose yes
35
+
36
+ # Use system logger (can work together with UpdateLogFile).
37
+ # Default: no
38
+ LogSyslog yes
39
+
40
+ # Specify the type of syslog messages - please refer to 'man syslog'
41
+ # for facility names.
42
+ # Default: LOG_LOCAL6
43
+ #LogFacility LOG_MAIL
44
+
45
+ # Enable log rotation. Always enabled when LogFileMaxSize is enabled.
46
+ # Default: no
47
+ #LogRotate yes
48
+
49
+ # This option allows you to save the process identifier of the daemon
50
+ # Default: disabled
51
+ #PidFile /var/run/freshclam.pid
52
+
53
+ # By default when started freshclam drops privileges and switches to the
54
+ # "clamav" user. This directive allows you to change the database owner.
55
+ # Default: clamav (may depend on installation options)
56
+ DatabaseOwner clam
57
+
58
+ # Initialize supplementary group access (freshclam must be started by root).
59
+ # Default: no
60
+ #AllowSupplementaryGroups yes
61
+
62
+ # Use DNS to verify virus database version. Freshclam uses DNS TXT records
63
+ # to verify database and software versions. With this directive you can change
64
+ # the database verification domain.
65
+ # WARNING: Do not touch it unless you're configuring freshclam to use your
66
+ # own database verification domain.
67
+ # Default: current.cvd.clamav.net
68
+ #DNSDatabaseInfo current.cvd.clamav.net
69
+
70
+ # Uncomment the following line and replace XY with your country
71
+ # code. See http://www.iana.org/cctld/cctld-whois.htm for the full list.
72
+ # You can use db.XY.ipv6.clamav.net for IPv6 connections.
73
+ #DatabaseMirror db.XY.clamav.net
74
+
75
+ # database.clamav.net is a round-robin record which points to our most
76
+ # reliable mirrors. It's used as a fall back in case db.XY.clamav.net is
77
+ # not working. DO NOT TOUCH the following line unless you know what you
78
+ # are doing.
79
+ DatabaseMirror db.local.clamav.net
80
+ DatabaseMirror db.local.clamav.net
81
+
82
+ # How many attempts to make before giving up.
83
+ # Default: 3 (per mirror)
84
+ #MaxAttempts 5
85
+
86
+ # With this option you can control scripted updates. It's highly recommended
87
+ # to keep it enabled.
88
+ # Default: yes
89
+ #ScriptedUpdates yes
90
+
91
+ # By default freshclam will keep the local databases (.cld) uncompressed to
92
+ # make their handling faster. With this option you can enable the compression;
93
+ # the change will take effect with the next database update.
94
+ # Default: no
95
+ #CompressLocalDatabase no
96
+
97
+ # With this option you can provide custom sources (http:// or file://) for
98
+ # database files. This option can be used multiple times.
99
+ # Default: no custom URLs
100
+ #DatabaseCustomURL http://myserver.com/mysigs.ndb
101
+ #DatabaseCustomURL file:///mnt/nfs/local.hdb
102
+
103
+ # This option allows you to easily point freshclam to private mirrors.
104
+ # If PrivateMirror is set, freshclam does not attempt to use DNS
105
+ # to determine whether its databases are out-of-date, instead it will
106
+ # use the If-Modified-Since request or directly check the headers of the
107
+ # remote database files. For each database, freshclam first attempts
108
+ # to download the CLD file. If that fails, it tries to download the
109
+ # CVD file. This option overrides DatabaseMirror, DNSDatabaseInfo
110
+ # and ScriptedUpdates. It can be used multiple times to provide
111
+ # fall-back mirrors.
112
+ # Default: disabled
113
+ #PrivateMirror mirror1.mynetwork.com
114
+ #PrivateMirror mirror2.mynetwork.com
115
+
116
+ # Number of database checks per day.
117
+ # Default: 12 (every two hours)
118
+ #Checks 24
119
+
120
+ # Proxy settings
121
+ # Default: disabled
122
+ #HTTPProxyServer myproxy.com
123
+ #HTTPProxyPort 1234
124
+ #HTTPProxyUsername myusername
125
+ #HTTPProxyPassword mypass
126
+
127
+ # If your servers are behind a firewall/proxy which applies User-Agent
128
+ # filtering you can use this option to force the use of a different
129
+ # User-Agent header.
130
+ # Default: clamav/version_number
131
+ #HTTPUserAgent SomeUserAgentIdString
132
+
133
+ # Use aaa.bbb.ccc.ddd as client address for downloading databases. Useful for
134
+ # multi-homed systems.
135
+ # Default: Use OS'es default outgoing IP address.
136
+ #LocalIPAddress aaa.bbb.ccc.ddd
137
+
138
+ # Send the RELOAD command to clamd.
139
+ # Default: no
140
+ #NotifyClamd /path/to/clamd.conf
141
+
142
+ # Run command after successful database update.
143
+ # Default: disabled
144
+ #OnUpdateExecute command
145
+
146
+ # Run command when database update process fails.
147
+ # Default: disabled
148
+ #OnErrorExecute command
149
+
150
+ # Run command when freshclam reports outdated version.
151
+ # In the command string %v will be replaced by the new version number.
152
+ # Default: disabled
153
+ #OnOutdatedExecute command
154
+
155
+ # Don't fork into background.
156
+ # Default: no
157
+ #Foreground yes
158
+
159
+ # Enable debug messages in libclamav.
160
+ # Default: no
161
+ #Debug yes
162
+
163
+ # Timeout in seconds when connecting to database server.
164
+ # Default: 30
165
+ #ConnectTimeout 60
166
+
167
+ # Timeout in seconds when reading from database server.
168
+ # Default: 30
169
+ #ReceiveTimeout 60
170
+
171
+ # With this option enabled, freshclam will attempt to load new
172
+ # databases into memory to make sure they are properly handled
173
+ # by libclamav before replacing the old ones.
174
+ # Default: yes
175
+ #TestDatabases yes
176
+
177
+ # When enabled freshclam will submit statistics to the ClamAV Project about
178
+ # the latest virus detections in your environment. The ClamAV maintainers
179
+ # will then use this data to determine what types of malware are the most
180
+ # detected in the field and in what geographic area they are.
181
+ # Freshclam will connect to clamd in order to get recent statistics.
182
+ # Default: no
183
+ #SubmitDetectionStats /path/to/clamd.conf
184
+
185
+ # Country of origin of malware/detection statistics (for statistical
186
+ # purposes only). The statistics collector at ClamAV.net will look up
187
+ # your IP address to determine the geographical origin of the malware
188
+ # reported by your installation. If this installation is mainly used to
189
+ # scan data which comes from a different location, please enable this
190
+ # option and enter a two-letter code (see http://www.iana.org/domains/root/db/)
191
+ # of the country of origin.
192
+ # Default: disabled
193
+ #DetectionStatsCountry country-code
194
+
195
+ # This option enables support for our "Personal Statistics" service.
196
+ # When this option is enabled, the information on malware detected by
197
+ # your clamd installation is made available to you through our website.
198
+ # To get your HostID, log on http://www.stats.clamav.net and add a new
199
+ # host to your host list. Once you have the HostID, uncomment this option
200
+ # and paste the HostID here. As soon as your freshclam starts submitting
201
+ # information to our stats collecting service, you will be able to view
202
+ # the statistics of this clamd installation by logging into
203
+ # http://www.stats.clamav.net with the same credentials you used to
204
+ # generate the HostID. For more information refer to:
205
+ # http://www.clamav.net/support/faq/faq-cctts/
206
+ # This feature requires SubmitDetectionStats to be enabled.
207
+ # Default: disabled
208
+ #DetectionStatsHostID unique-id
209
+
210
+ # This option enables support for Google Safe Browsing. When activated for
211
+ # the first time, freshclam will download a new database file (safebrowsing.cvd)
212
+ # which will be automatically loaded by clamd and clamscan during the next
213
+ # reload, provided that the heuristic phishing detection is turned on. This
214
+ # database includes information about websites that may be phishing sites or
215
+ # possible sources of malware. When using this option, it's mandatory to run
216
+ # freshclam at least every 30 minutes.
217
+ # Freshclam uses the ClamAV's mirror infrastructure to distribute the
218
+ # database and its updates but all the contents are provided under Google's
219
+ # terms of use. See http://www.google.com/transparencyreport/safebrowsing
220
+ # and https://github.com/vrtadmin/clamav-faq/blob/master/faq/faq-safebrowsing.md
221
+ # for more information.
222
+ # Default: disabled
223
+ #SafeBrowsing yes
224
+
225
+ # This option enables downloading of bytecode.cvd, which includes additional
226
+ # detection mechanisms and improvements to the ClamAV engine.
227
+ # Default: enabled
228
+ #Bytecode yes
229
+
230
+ # Download an additional 3rd party signature database distributed through
231
+ # the ClamAV mirrors. Here you can find a list of available databases:
232
+ # http://www.clamav.net/download/cvd/3rdparty
233
+ # This option can be used multiple times.
234
+ #ExtraDatabase dbname1
235
+ #ExtraDatabase dbname2
@@ -0,0 +1,64 @@
1
+ # System-wide .bashrc file for interactive bash(1) shells.
2
+
3
+ # To enable the settings / commands in this file for login shells as well,
4
+ # this file has to be sourced in /etc/profile.
5
+
6
+ # If not running interactively, don't do anything
7
+ [ -z "$PS1" ] && return
8
+
9
+ # check the window size after each command and, if necessary,
10
+ # update the values of LINES and COLUMNS.
11
+ shopt -s checkwinsize
12
+
13
+ # set variable identifying the chroot you work in (used in the prompt below)
14
+ if [ -z "$debian_chroot" ] && [ -r /etc/debian_chroot ]; then
15
+ debian_chroot=$(cat /etc/debian_chroot)
16
+ fi
17
+
18
+ # set a fancy prompt (non-color, overwrite the one in /etc/profile)
19
+ PS1='${debian_chroot:+($debian_chroot)}\u@\h:\w\$ '
20
+
21
+ # Commented out, don't overwrite xterm -T "title" -n "icontitle" by default.
22
+ # If this is an xterm set the title to user@host:dir
23
+ #case "$TERM" in
24
+ #xterm*|rxvt*)
25
+ # PROMPT_COMMAND='echo -ne "\033]0;${USER}@${HOSTNAME}: ${PWD}\007"'
26
+ # ;;
27
+ #*)
28
+ # ;;
29
+ #esac
30
+
31
+ # enable bash completion in interactive shells
32
+ #if [ -f /etc/bash_completion ] && ! shopt -oq posix; then
33
+ # . /etc/bash_completion
34
+ #fi
35
+
36
+ # sudo hint
37
+ if [ ! -e "$HOME/.sudo_as_admin_successful" ] && [ ! -e "$HOME/.hushlogin" ] ; then
38
+ case " $(groups) " in *\ admin\ *)
39
+ if [ -x /usr/bin/sudo ]; then
40
+ cat <<-EOF
41
+ To run a command as administrator (user "root"), use "sudo <command>".
42
+ See "man sudo_root" for details.
43
+
44
+ EOF
45
+ fi
46
+ esac
47
+ fi
48
+
49
+ # if the command-not-found package is installed, use it
50
+ if [ -x /usr/lib/command-not-found -o -x /usr/share/command-not-found/command-not-found ]; then
51
+ function command_not_found_handle {
52
+ # check because c-n-f could've been removed in the meantime
53
+ if [ -x /usr/lib/command-not-found ]; then
54
+ /usr/bin/python /usr/lib/command-not-found -- "$1"
55
+ return $?
56
+ elif [ -x /usr/share/command-not-found/command-not-found ]; then
57
+ /usr/bin/python /usr/share/command-not-found/command-not-found -- "$1"
58
+ return $?
59
+ else
60
+ printf "%s: command not found\n" "$1" >&2
61
+ return 127
62
+ fi
63
+ }
64
+ fi
@@ -0,0 +1,30 @@
1
+ #
2
+ # /etc/pam.d/common-session - session-related modules common to all services
3
+ #
4
+ # This file is included from other service-specific PAM config files,
5
+ # and should contain a list of modules that define tasks to be performed
6
+ # at the start and end of sessions of *any* kind (both interactive and
7
+ # non-interactive).
8
+ #
9
+ # As of pam 1.0.1-6, this file is managed by pam-auth-update by default.
10
+ # To take advantage of this, it is recommended that you configure any
11
+ # local modules either before or after the default block, and use
12
+ # pam-auth-update to manage selection of other modules. See
13
+ # pam-auth-update(8) for details.
14
+
15
+ # here are the per-package modules (the "Primary" block)
16
+ session [default=1] pam_permit.so
17
+ # here's the fallback if no module succeeds
18
+ session requisite pam_deny.so
19
+ # prime the stack with a positive return value if there isn't one already;
20
+ # this avoids us returning an error just because nothing sets a success code
21
+ # since the modules above will each just jump around
22
+ session required pam_permit.so
23
+ # The pam_umask module will set the umask according to the system default in
24
+ # /etc/login.defs and user settings, solving the problem of different
25
+ # umask settings with different shells, display managers, remote sessions etc.
26
+ # See "man pam_umask".
27
+ session optional pam_umask.so
28
+ # and here are more per-package modules (the "Additional" block)
29
+ session required pam_unix.so
30
+ # end of pam-auth-update config
@@ -0,0 +1,338 @@
1
+ #
2
+ # /etc/login.defs - Configuration control definitions for the login package.
3
+ #
4
+ # Three items must be defined: MAIL_DIR, ENV_SUPATH, and ENV_PATH.
5
+ # If unspecified, some arbitrary (and possibly incorrect) value will
6
+ # be assumed. All other items are optional - if not specified then
7
+ # the described action or option will be inhibited.
8
+ #
9
+ # Comment lines (lines beginning with "#") and blank lines are ignored.
10
+ #
11
+ # Modified for Linux. --marekm
12
+
13
+ # REQUIRED for useradd/userdel/usermod
14
+ # Directory where mailboxes reside, _or_ name of file, relative to the
15
+ # home directory. If you _do_ define MAIL_DIR and MAIL_FILE,
16
+ # MAIL_DIR takes precedence.
17
+ #
18
+ # Essentially:
19
+ # - MAIL_DIR defines the location of users mail spool files
20
+ # (for mbox use) by appending the username to MAIL_DIR as defined
21
+ # below.
22
+ # - MAIL_FILE defines the location of the users mail spool files as the
23
+ # fully-qualified filename obtained by prepending the user home
24
+ # directory before $MAIL_FILE
25
+ #
26
+ # NOTE: This is no more used for setting up users MAIL environment variable
27
+ # which is, starting from shadow 4.0.12-1 in Debian, entirely the
28
+ # job of the pam_mail PAM modules
29
+ # See default PAM configuration files provided for
30
+ # login, su, etc.
31
+ #
32
+ # This is a temporary situation: setting these variables will soon
33
+ # move to /etc/default/useradd and the variables will then be
34
+ # no more supported
35
+ MAIL_DIR /var/mail
36
+ #MAIL_FILE .mail
37
+
38
+ #
39
+ # Enable logging and display of /var/log/faillog login failure info.
40
+ # This option conflicts with the pam_tally PAM module.
41
+ #
42
+ FAILLOG_ENAB yes
43
+
44
+ #
45
+ # Enable display of unknown usernames when login failures are recorded.
46
+ #
47
+ # WARNING: Unknown usernames may become world readable.
48
+ # See #290803 and #298773 for details about how this could become a security
49
+ # concern
50
+ LOG_UNKFAIL_ENAB no
51
+
52
+ #
53
+ # Enable logging of successful logins
54
+ #
55
+ LOG_OK_LOGINS no
56
+
57
+ #
58
+ # Enable "syslog" logging of su activity - in addition to sulog file logging.
59
+ # SYSLOG_SG_ENAB does the same for newgrp and sg.
60
+ #
61
+ SYSLOG_SU_ENAB yes
62
+ SYSLOG_SG_ENAB yes
63
+
64
+ #
65
+ # If defined, all su activity is logged to this file.
66
+ #
67
+ #SULOG_FILE /var/log/sulog
68
+
69
+ #
70
+ # If defined, file which maps tty line to TERM environment parameter.
71
+ # Each line of the file is in a format something like "vt100 tty01".
72
+ #
73
+ #TTYTYPE_FILE /etc/ttytype
74
+
75
+ #
76
+ # If defined, login failures will be logged here in a utmp format
77
+ # last, when invoked as lastb, will read /var/log/btmp, so...
78
+ #
79
+ FTMP_FILE /var/log/btmp
80
+
81
+ #
82
+ # If defined, the command name to display when running "su -". For
83
+ # example, if this is defined as "su" then a "ps" will display the
84
+ # command is "-su". If not defined, then "ps" would display the
85
+ # name of the shell actually being run, e.g. something like "-sh".
86
+ #
87
+ SU_NAME su
88
+
89
+ #
90
+ # If defined, file which inhibits all the usual chatter during the login
91
+ # sequence. If a full pathname, then hushed mode will be enabled if the
92
+ # user's name or shell are found in the file. If not a full pathname, then
93
+ # hushed mode will be enabled if the file exists in the user's home directory.
94
+ #
95
+ HUSHLOGIN_FILE .hushlogin
96
+ #HUSHLOGIN_FILE /etc/hushlogins
97
+
98
+ #
99
+ # *REQUIRED* The default PATH settings, for superuser and normal users.
100
+ #
101
+ # (they are minimal, add the rest in the shell startup files)
102
+ ENV_SUPATH PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
103
+ ENV_PATH PATH=/usr/local/bin:/usr/bin:/bin:/usr/local/games:/usr/games
104
+
105
+ #
106
+ # Terminal permissions
107
+ #
108
+ # TTYGROUP Login tty will be assigned this group ownership.
109
+ # TTYPERM Login tty will be set to this permission.
110
+ #
111
+ # If you have a "write" program which is "setgid" to a special group
112
+ # which owns the terminals, define TTYGROUP to the group number and
113
+ # TTYPERM to 0620. Otherwise leave TTYGROUP commented out and assign
114
+ # TTYPERM to either 622 or 600.
115
+ #
116
+ # In Debian /usr/bin/bsd-write or similar programs are setgid tty
117
+ # However, the default and recommended value for TTYPERM is still 0600
118
+ # to not allow anyone to write to anyone else console or terminal
119
+
120
+ # Users can still allow other people to write them by issuing
121
+ # the "mesg y" command.
122
+
123
+ TTYGROUP tty
124
+ TTYPERM 0600
125
+
126
+ #
127
+ # Login configuration initializations:
128
+ #
129
+ # ERASECHAR Terminal ERASE character ('\010' = backspace).
130
+ # KILLCHAR Terminal KILL character ('\025' = CTRL/U).
131
+ # UMASK Default "umask" value.
132
+ #
133
+ # The ERASECHAR and KILLCHAR are used only on System V machines.
134
+ #
135
+ # UMASK is the default umask value for pam_umask and is used by
136
+ # useradd and newusers to set the mode of the new home directories.
137
+ # 022 is the "historical" value in Debian for UMASK
138
+ # 027, or even 077, could be considered better for privacy
139
+ # There is no One True Answer here : each sysadmin must make up his/her
140
+ # mind.
141
+ #
142
+ # If USERGROUPS_ENAB is set to "yes", that will modify this UMASK default value
143
+ # for private user groups, i. e. the uid is the same as gid, and username is
144
+ # the same as the primary group name: for these, the user permissions will be
145
+ # used as group permissions, e. g. 022 will become 002.
146
+ #
147
+ # Prefix these values with "0" to get octal, "0x" to get hexadecimal.
148
+ #
149
+ ERASECHAR 0177
150
+ KILLCHAR 025
151
+ UMASK 022
152
+
153
+ #
154
+ # Password aging controls:
155
+ #
156
+ # PASS_MAX_DAYS Maximum number of days a password may be used.
157
+ # PASS_MIN_DAYS Minimum number of days allowed between password changes.
158
+ # PASS_WARN_AGE Number of days warning given before a password expires.
159
+ #
160
+ PASS_MAX_DAYS 99999
161
+ PASS_MIN_DAYS 0
162
+ PASS_WARN_AGE 7
163
+
164
+ #
165
+ # Min/max values for automatic uid selection in useradd
166
+ #
167
+ UID_MIN 1000
168
+ UID_MAX 60000
169
+ # System accounts
170
+ #SYS_UID_MIN 100
171
+ #SYS_UID_MAX 999
172
+
173
+ #
174
+ # Min/max values for automatic gid selection in groupadd
175
+ #
176
+ GID_MIN 1000
177
+ GID_MAX 60000
178
+ # System accounts
179
+ #SYS_GID_MIN 100
180
+ #SYS_GID_MAX 999
181
+
182
+ #
183
+ # Max number of login retries if password is bad. This will most likely be
184
+ # overriden by PAM, since the default pam_unix module has it's own built
185
+ # in of 3 retries. However, this is a safe fallback in case you are using
186
+ # an authentication module that does not enforce PAM_MAXTRIES.
187
+ #
188
+ LOGIN_RETRIES 5
189
+
190
+ #
191
+ # Max time in seconds for login
192
+ #
193
+ LOGIN_TIMEOUT 60
194
+
195
+ #
196
+ # Which fields may be changed by regular users using chfn - use
197
+ # any combination of letters "frwh" (full name, room number, work
198
+ # phone, home phone). If not defined, no changes are allowed.
199
+ # For backward compatibility, "yes" = "rwh" and "no" = "frwh".
200
+ #
201
+ CHFN_RESTRICT rwh
202
+
203
+ #
204
+ # Should login be allowed if we can't cd to the home directory?
205
+ # Default in no.
206
+ #
207
+ DEFAULT_HOME yes
208
+
209
+ #
210
+ # If defined, this command is run when removing a user.
211
+ # It should remove any at/cron/print jobs etc. owned by
212
+ # the user to be removed (passed as the first argument).
213
+ #
214
+ #USERDEL_CMD /usr/sbin/userdel_local
215
+
216
+ #
217
+ # Enable setting of the umask group bits to be the same as owner bits
218
+ # (examples: 022 -> 002, 077 -> 007) for non-root users, if the uid is
219
+ # the same as gid, and username is the same as the primary group name.
220
+ #
221
+ # If set to yes, userdel will remove the user´s group if it contains no
222
+ # more members, and useradd will create by default a group with the name
223
+ # of the user.
224
+ #
225
+ USERGROUPS_ENAB yes
226
+
227
+ #
228
+ # Instead of the real user shell, the program specified by this parameter
229
+ # will be launched, although its visible name (argv[0]) will be the shell's.
230
+ # The program may do whatever it wants (logging, additional authentification,
231
+ # banner, ...) before running the actual shell.
232
+ #
233
+ # FAKE_SHELL /bin/fakeshell
234
+
235
+ #
236
+ # If defined, either full pathname of a file containing device names or
237
+ # a ":" delimited list of device names. Root logins will be allowed only
238
+ # upon these devices.
239
+ #
240
+ # This variable is used by login and su.
241
+ #
242
+ #CONSOLE /etc/consoles
243
+ #CONSOLE console:tty01:tty02:tty03:tty04
244
+
245
+ #
246
+ # List of groups to add to the user's supplementary group set
247
+ # when logging in on the console (as determined by the CONSOLE
248
+ # setting). Default is none.
249
+ #
250
+ # Use with caution - it is possible for users to gain permanent
251
+ # access to these groups, even when not logged in on the console.
252
+ # How to do it is left as an exercise for the reader...
253
+ #
254
+ # This variable is used by login and su.
255
+ #
256
+ #CONSOLE_GROUPS floppy:audio:cdrom
257
+
258
+ #
259
+ # If set to "yes", new passwords will be encrypted using the MD5-based
260
+ # algorithm compatible with the one used by recent releases of FreeBSD.
261
+ # It supports passwords of unlimited length and longer salt strings.
262
+ # Set to "no" if you need to copy encrypted passwords to other systems
263
+ # which don't understand the new algorithm. Default is "no".
264
+ #
265
+ # This variable is deprecated. You should use ENCRYPT_METHOD.
266
+ #
267
+ #MD5_CRYPT_ENAB no
268
+
269
+ #
270
+ # If set to MD5 , MD5-based algorithm will be used for encrypting password
271
+ # If set to SHA256, SHA256-based algorithm will be used for encrypting password
272
+ # If set to SHA512, SHA512-based algorithm will be used for encrypting password
273
+ # If set to DES, DES-based algorithm will be used for encrypting password (default)
274
+ # Overrides the MD5_CRYPT_ENAB option
275
+ #
276
+ # Note: It is recommended to use a value consistent with
277
+ # the PAM modules configuration.
278
+ #
279
+ ENCRYPT_METHOD SHA512
280
+
281
+ #
282
+ # Only used if ENCRYPT_METHOD is set to SHA256 or SHA512.
283
+ #
284
+ # Define the number of SHA rounds.
285
+ # With a lot of rounds, it is more difficult to brute forcing the password.
286
+ # But note also that it more CPU resources will be needed to authenticate
287
+ # users.
288
+ #
289
+ # If not specified, the libc will choose the default number of rounds (5000).
290
+ # The values must be inside the 1000-999999999 range.
291
+ # If only one of the MIN or MAX values is set, then this value will be used.
292
+ # If MIN > MAX, the highest value will be used.
293
+ #
294
+ # SHA_CRYPT_MIN_ROUNDS 5000
295
+ # SHA_CRYPT_MAX_ROUNDS 5000
296
+
297
+ ################# OBSOLETED BY PAM ##############
298
+ # #
299
+ # These options are now handled by PAM. Please #
300
+ # edit the appropriate file in /etc/pam.d/ to #
301
+ # enable the equivelants of them.
302
+ #
303
+ ###############
304
+
305
+ #MOTD_FILE
306
+ #DIALUPS_CHECK_ENAB
307
+ #LASTLOG_ENAB
308
+ #MAIL_CHECK_ENAB
309
+ #OBSCURE_CHECKS_ENAB
310
+ #PORTTIME_CHECKS_ENAB
311
+ #SU_WHEEL_ONLY
312
+ #CRACKLIB_DICTPATH
313
+ #PASS_CHANGE_TRIES
314
+ #PASS_ALWAYS_WARN
315
+ #ENVIRON_FILE
316
+ #NOLOGINS_FILE
317
+ #ISSUE_FILE
318
+ #PASS_MIN_LEN
319
+ #PASS_MAX_LEN
320
+ #ULIMIT
321
+ #ENV_HZ
322
+ #CHFN_AUTH
323
+ #CHSH_AUTH
324
+ #FAIL_DELAY
325
+
326
+ ################# OBSOLETED #######################
327
+ # #
328
+ # These options are no more handled by shadow. #
329
+ # #
330
+ # Shadow utilities will display a warning if they #
331
+ # still appear. #
332
+ # #
333
+ ###################################################
334
+
335
+ # CLOSE_SESSIONS
336
+ # LOGIN_STRING
337
+ # NO_PASSWORD_CONSOLE
338
+ # QMAIL_DIR
@@ -0,0 +1,30 @@
1
+ # /etc/profile: system-wide .profile file for the Bourne shell (sh(1))
2
+ # and Bourne compatible shells (bash(1), ksh(1), ash(1), ...).
3
+
4
+ if [ "$PS1" ]; then
5
+ if [ "$BASH" ] && [ "$BASH" != "/bin/sh" ]; then
6
+ # The file bash.bashrc already sets the default PS1.
7
+ # PS1='\h:\w\$ '
8
+ if [ -f /etc/bash.bashrc ]; then
9
+ . /etc/bash.bashrc
10
+ fi
11
+ else
12
+ if [ "`id -u`" -eq 0 ]; then
13
+ PS1='# '
14
+ else
15
+ PS1='$ '
16
+ fi
17
+ fi
18
+ fi
19
+
20
+ # The default umask is now handled by pam_umask.
21
+ # See pam_umask(8) and /etc/login.defs.
22
+
23
+ if [ -d /etc/profile.d ]; then
24
+ for i in /etc/profile.d/*.sh; do
25
+ if [ -r $i ]; then
26
+ . $i
27
+ fi
28
+ done
29
+ unset i
30
+ fi