|
|
@961
|
16 years |
quentin |
Add scripts LDAP schema to the repo
|
|
|
@953
|
16 years |
andersk |
Revert r952.
|
|
|
@952
|
16 years |
quentin |
Serve sipb.mit.edu wiki content directly via Apache
|
|
|
@948
|
16 years |
quentin |
Try hostbased authentication in the client
|
|
|
@947
|
16 years |
quentin |
Add shosts.equiv for allowing logins
|
|
|
@946
|
16 years |
quentin |
Allow ssh hostbased authentication
|
|
|
@943
|
16 years |
geofft |
Hacks because Apache makes things hard at the .htaccess level.
|
|
|
@942
|
16 years |
geofft |
debathena.mit.edu vhost
|
|
|
@941
|
16 years |
geofft |
cert for debathena.mit.edu
|
|
|
@940
|
16 years |
geofft |
Whoops, forgot to reify-vhost.py sipb.mit.edu
|
|
|
@939
|
16 years |
geofft |
Setting tty modes failed: Invalid argument
|
|
|
@938
|
16 years |
andersk |
d_zroot.pl: Read .ssh/authorized_keys, not just authorized_keys2. ...
|
|
|
@915
|
16 years |
quentin |
Support mDNS on scripts
|
|
|
@914
|
16 years |
quentin |
Add if_err_eth2 to allowed munin commands (wtf?)
|
|
|
@910
|
16 years |
quentin |
configuration for nss-ldapd
|
|
|
@891
|
16 years |
quentin |
Add reuter to blocked mail accounts list, and prevent outbound mail
|
|
|
@890
|
16 years |
geofft |
I think this works better
|
|
|
@889
|
16 years |
quentin |
Fix geofft's typo
|
|
|
@888
|
16 years |
geofft |
Display failed root logins from off campus only at 10+10k attempts.
|
|
|
@887
|
16 years |
quentin |
Ignore non-fatal authentication failures
|
|
|
@886
|
16 years |
geofft |
sipb.mit.edu certificate
|
|
|
@885
|
16 years |
geofft |
and the vhosts they rode in on
|
|
|
@884
|
16 years |
geofft |
More noms.
|
|
|
@883
|
16 years |
geofft |
Re r882, make the resulting log zephyr public. (Thanks to price for ...
|
|
|
@879
|
16 years |
quentin |
Update nscd configuration to cache smarter
|
|
|
@878
|
16 years |
quentin |
Enable sshd verbose mode, so we can identify the public key used for login
|
|
|
@877
|
16 years |
quentin |
Provide commented-out non-nss_nonlocal region in nsswitch
|
|
|
@876
|
16 years |
quentin |
Uncommitted changes on b-k
|
|
|
@872
|
16 years |
geofft |
forgot to fix SSLVerifyclient on familynet
|
|
|
@870
|
16 years |
geofft |
yay SSL vhosts yay
|
|
|
@869
|
16 years |
geofft |
SSLVerifyClient optional on port 444. Oops. ^_^;;
|
|
|
@868
|
16 years |
quentin |
Ignore all partitions mounted under /mnt
|
|
|
@867
|
16 years |
quentin |
Update postfix configuration for version 2.5.1
|
|
|
@866
|
16 years |
quentin |
Use scripts yum repository (yay!)
|
|
|
@865
|
16 years |
quentin |
Use sudo to monitor hardware sensors for munin
|
|
|
@864
|
16 years |
quentin |
Ignore f7root partitions when checking disk space
|
|
|
@854
|
16 years |
geofft |
Add a script to convert LDAP vhosts into <VirtualHost> blocks,
so it's ...
|
|
|
@853
|
16 years |
andersk |
Put the children out of their misery.
|
|
|
@847
|
16 years |
andersk |
Run munin as an unprivileged user with sudo for root access when necessary
|
|
|
@845
|
16 years |
andersk |
Use the local LDAP server (as is already the case on both servers).
|
|
|
@842
|
16 years |
andersk |
Run php directly from suexec, so php scripts don’t need to be executable.
|
|
|
@841
|
16 years |
geofft |
[help.mit.edu #694790]
|
|
|
@831
|
16 years |
andersk |
MaxRequestsPerChild < Ridiculous
|
|
|
@829
|
16 years |
geofft |
Debathena's reasoning seems sound enough. Add fuse_allow_other, which ...
|
|
|
@822
|
16 years |
geofft |
OM NOM NOM NOM CERTIFICATES
|
|
|
@821
|
16 years |
geofft |
I'm stupid.
|
|
|
@820
|
16 years |
geofft |
Add server certS for random-hall.mit.edu and mitsoc.mit.edu
|
|
|
@817
|
16 years |
geofft |
Added code to zephyr on OOM kills.
Also commented out a change by ...
|
|
|
@814
|
16 years |
geofft |
As Anders would say...
|
|
|
@813
|
16 years |
geofft |
This looks useful too
|
|
|
@811
|
16 years |
quentin |
Add localhost to the list of scripts names
|
|
|
@808
|
16 years |
geofft |
Probably a useful file to have.
|
|
|
@807
|
16 years |
quentin |
Add routes for sql via eth1
|
|
|
@804
|
16 years |
andersk |
We don't actually have a deb.gif.
|
|
|
@802
|
16 years |
andersk |
Allow a directory index of /__scripts/icons.
|
|
|
@801
|
16 years |
geofft |
/etc: Add pki/tls/certs/*.pem to the repository.
|
|
|
@799
|
16 years |
geofft |
Uncommitted changes from o-f: reboot on kernel panic (do we actually ...
|
|
|
@794
|
16 years |
quentin |
Update sudoers based on F9 template
|
|
|
@792
|
16 years |
quentin |
We don't share /tmp (eeew)
|
|
|
@791
|
16 years |
quentin |
Add bees-knees and cats-whiskers to /etc/hosts
|
|
|
@790
|
16 years |
geofft |
Oops, missed scripts-test's IP.
|
|
|
@789
|
16 years |
geofft |
Update names for scripts[1-4]
|
|
|
@787
|
16 years |
geofft |
Fix some stuff about our iptables rules, including:
- Remove ACCEPT ...
|
|
|
@784
|
16 years |
quentin |
Use explicit recipients for non-root log messages
|
|
|
@783
|
16 years |
geofft |
Make d_zroot.pl zephyr people in the .k5login in personals
|
|
|
@781
|
16 years |
quentin |
munin needs to start as root so it can setuid to run the script; it ...
|
|
|
@780
|
16 years |
geofft |
Munin should not run as root.
Remove munin's htpasswd file, since it's ...
|
|
|
@779
|
16 years |
geofft |
mod_status is a serious privacy violation.
|
|
|
@778
|
16 years |
geofft |
This list is a little better
|
|
|
@777
|
16 years |
geofft |
Add more sysnames to differentiate between OS releases, and add the ...
|
|
|
@775
|
16 years |
geofft |
Version nscd.conf, and reduce the negative TTL to 5 seconds to solve ...
|
|
|
@770
|
16 years |
quentin |
Stop more spew; parse ssh keys and identify the used key when ...
|
|
|
@768
|
16 years |
geofft |
Commented out scripts-spew. It is inappropriate to send syslogs about ...
|
|
|
@759
|
16 years |
quentin |
Tweak httpd settings
|
|
|
@758
|
16 years |
quentin |
Avoid spew in cases of serious error
|
|
|
@757
|
16 years |
quentin |
Add AFS monitoring to Nagios
|
|
|
@755
|
16 years |
andersk |
Oops, missed a spot.
|
|
|
@754
|
16 years |
andersk |
Use the scripts private key for *.scripts as well (the previous ...
|
|
|
@751
|
16 years |
andersk |
Configure nsswitch.conf to use nss_nonlocal.
|
|
|
@749
|
16 years |
andersk |
Nope. Don't care.
|
|
|
@740
|
16 years |
andersk |
Update SSL configuration directives from Fedora's ssl.conf. Notably, ...
|
|
|
@739
|
16 years |
andersk |
spew--
|
|
|
@738
|
16 years |
andersk |
SHUT. THE. FUCK. UP.
|
|
|
@734
|
16 years |
andersk |
Turn on KeepAlive for SSL and increase timeouts, to avoid pathological ...
|
|
|
@715
|
17 years |
quentin |
Allow syn to access nrpe through iptables
|
|
|
@712
|
17 years |
quentin |
Allow syn to monitor scripts
|
|
|
@708
|
17 years |
geofft |
Add rebecca to sudoers.
|
|
|
@707
|
17 years |
andersk |
This sucker has had it coming for a long time.
|
|
|
@690
|
17 years |
quentin |
Ignore more syslog messages
|
|
|
@687
|
17 years |
andersk |
We might as well present the *.scripts.mit.edu certificate for ...
|
|
|
@682
|
17 years |
andersk |
Revert r681; this doesn't actually work.
|
|
|
@681
|
17 years |
andersk |
Drop to nobody in case of a terrible mod_vhost_ldap disaster.
|
|
|
@677
|
17 years |
andersk |
Remove hacks-old.
|
|
|
@671
|
17 years |
quentin |
Remove broken configuration for deprecated mime_magic module, as we ...
|
|
|
@669
|
17 years |
geofft |
disable X11 forwarding; allow forwarding $EDITOR and $VISUAL because ...
|
|
|
@668
|
17 years |
quentin |
Ignore more meaningless sshd logs
|
|
|
@667
|
17 years |
quentin |
Don't log logins from non-root users
|
|
|
@666
|
17 years |
quentin |
Change syslog zephyring to coalesce messages
|
|
|
@665
|
17 years |
quentin |
Make Zephyrs more useful and move to -c scripts-auto
|
|
|
@664
|
17 years |
andersk |
-c scripts -> -c scripts-auto.
|
|
|