# # ChangeLog for server/fedora/config # # Generated by Trac 1.0.2 # Apr 19, 2024, 10:12:38 AM Tue, 05 May 2009 19:32:40 GMT geofft [1114] * server/fedora/config/etc/httpd/vhosts.d/next.conf (modified) change docroot for next.mit.edu Fri, 24 Apr 2009 22:21:25 GMT presbrey [1101] * server/fedora/config/etc/httpd/conf/httpd.conf (modified) turn off ProxyPreserveHost to distinguish Host from X-Forwarded-Host Fri, 24 Apr 2009 02:01:19 GMT geofft [1092] * server/fedora/config/etc/httpd/conf/httpd.conf (modified) okay, maybe ajp was a bad idea Wed, 22 Apr 2009 21:03:05 GMT presbrey [1089] * server/fedora/config/etc/httpd/conf/httpd.conf (modified) httpd: add mod_proxy module and friends Tue, 21 Apr 2009 00:01:01 GMT mitchb [1088] * server/fedora/config/etc/httpd/vhosts.d/bc.conf (added) * server/fedora/config/etc/pki/tls/certs/bc.pem (added) bc.mit.edu certificate and reified vhost Sun, 19 Apr 2009 21:49:25 GMT quentin [1086] * server/fedora/config/etc/httpd/conf/httpd.conf (modified) Test your changes! Port 444 was serving axo.mit.edu all day! Sun, 19 Apr 2009 06:51:58 GMT mitchb [1085] * server/fedora/config/etc/pki/tls/openssl.cnf (modified) scripts.mit.edu CSR defaults Sun, 19 Apr 2009 06:45:22 GMT mitchb [1084] * server/fedora/config/etc/pki/tls/openssl.cnf (added) Add openssl.cnf file, so we can track our standard CSR fields Sat, 18 Apr 2009 01:20:45 GMT geofft [1082] * server/fedora/config/etc/httpd/conf/httpd.conf (modified) Allow reified vhosts to override *.scripts Fri, 17 Apr 2009 23:45:18 GMT geofft [1081] * server/fedora/config/etc/httpd/vhosts.d/cycling-club.conf (added) * server/fedora/config/etc/httpd/vhosts.d/debathena.conf (modified) reify cycling-club.scripts.mit.edu to pick up the cert Fri, 17 Apr 2009 23:36:26 GMT geofft [1080] * server/fedora/config/etc/pki/tls/certs/cycling-club.pem (added) cycling-club.scripts 30 day cert from Comodo Tue, 14 Apr 2009 08:22:05 GMT mitchb [1078] * server/fedora/config/usr (added) * server/fedora/config/usr/vice (added) * server/fedora/config/usr/vice/etc (added) * server/fedora/config/usr/vice/etc/CellServDB.local (added) Add a CellServDB.local so we can pull in changes without rebuilding. Sat, 11 Apr 2009 19:02:13 GMT quentin [1073] * server/fedora/config/etc/security/limits.conf (modified) Don't let people lock all our memory (use the Ubuntu default of 64KB ... Sat, 11 Apr 2009 07:39:21 GMT quentin [1072] * server/fedora/config/etc/security/limits.conf (modified) Don't apply resource limits to root's processes, and clean up ... Sat, 11 Apr 2009 06:55:37 GMT quentin [1071] * server/fedora/config/etc/security/limits.conf (modified) Set sane memory resource limits Tue, 07 Apr 2009 21:29:01 GMT quentin [1068] * server/fedora/config/etc/pam.d/sshd (modified) Disallow root keyboard-interactive logins Tue, 07 Apr 2009 14:41:33 GMT quentin [1067] * server/fedora/config/etc/httpd/vhosts.d/tibetforum.conf (added) * server/fedora/config/etc/pki/tls/certs/tibetforum.pem (added) tibetforum.mit.edu vhost + cert Sat, 04 Apr 2009 04:54:44 GMT geofft [1059] * server/fedora/config/etc/nsswitch.conf (modified) We don't need mDNS Thu, 02 Apr 2009 04:53:52 GMT geofft [1043] * server/fedora/config/etc/nagios/check_afs (modified) contrib.scripts moved Wed, 01 Apr 2009 14:43:33 GMT mitchb [1040] * server/fedora/config/etc/httpd/conf.d/scripts-special.conf (modified) Use the django media directory from the RPM, not the egg. Silly ... Wed, 01 Apr 2009 01:28:32 GMT mitchb [1039] * server/fedora/config/etc/httpd/conf.d/scripts-special.conf (modified) Provide autoinstalled Djangos with /__scripts/django/media for admin CSS Fri, 27 Mar 2009 05:13:50 GMT mitchb [1032] * server/fedora/config/etc/httpd/conf/httpd.conf (modified) Change CPU time limit for Apache-spawned processes from 3min to 5min. ... Mon, 23 Mar 2009 04:25:28 GMT geofft [1020] * server/fedora/config/etc/sysconfig/openafs (modified) /etc/sysconfig/openafs: for great awesome Fri, 20 Mar 2009 18:38:23 GMT mitchb [1019] * server/fedora/config/etc/httpd/conf/httpd.conf (modified) Increase CPU time limit for processes spawned by Apache. This should ... Fri, 20 Mar 2009 10:42:46 GMT quentin [1018] * server/fedora/config/etc/ssh/shosts.equiv (modified) Allow hostbased authentication over the backend network (Yay!) Fri, 20 Mar 2009 10:19:50 GMT quentin [1017] * server/fedora/config/etc/sysconfig/network-scripts/route-eth1 (modified) Route to b-k over the backend network Fri, 20 Mar 2009 03:19:50 GMT quentin [1016] * server/fedora/config/etc/httpd/conf/httpd.conf (modified) Allow FastCGIs to take up to 5 minutes to respond Tue, 10 Mar 2009 00:08:12 GMT quentin [1010] * server/fedora/config/etc/acpi (added) * server/fedora/config/etc/acpi/actions (added) * server/fedora/config/etc/acpi/actions/power.sh (added) ACPI event handler so you can't shut down with the power button Fri, 06 Mar 2009 07:23:21 GMT quentin [1006] * server/fedora/config/etc/sysctl.conf (modified) Reboot on OOM Wed, 04 Mar 2009 12:43:27 GMT mitchb [1001] * server/fedora/config/etc/yum.repos.d/fedora-updates-testing-newkey.repo (modified) We need subversion-devel from testing as well, so that we can build ... Wed, 04 Mar 2009 00:23:46 GMT andersk [1000] * server/fedora/config/etc/security/limits.conf (modified) Change the core file limit from hard to soft. Tue, 03 Mar 2009 07:29:48 GMT geofft [999] * server/fedora/config/etc/yum.repos.d/fedora-updates-testing-newkey.repo (added) Install Subversion (1.5) from the updates-testing-newkey repo. Tue, 03 Mar 2009 05:59:36 GMT geofft [998] * server/fedora/config/etc/httpd/vhosts.d/schuh.conf (added) * server/fedora/config/etc/pki/tls/certs/schuh.pem (added) cert and vhost for schuh.mit.edu Mon, 02 Mar 2009 07:01:13 GMT mitchb [996] * server/fedora/config/etc/sysconfig/openafs (modified) i386_linux3 isn't actually twice as good just because we listed it ... Mon, 02 Mar 2009 00:05:18 GMT geofft [994] * server/fedora/config/etc/sysconfig/openafs (modified) i386_deb40 is better than i386_linux1 Sun, 22 Feb 2009 12:49:04 GMT mitchb [992] * server/fedora/config/etc/cron.d/scripts-cron_status (modified) Don't let cron send mail if it can't touch the cron status file. ... Fri, 20 Feb 2009 10:12:16 GMT mitchb [988] * server/fedora/config/etc/aliases (modified) I should start reading root's mail. I will probably regret this. Thu, 19 Feb 2009 15:57:51 GMT quentin [986] * server/fedora/config/etc/hosts (modified) Add reverse-resolution for the backend IPs Thu, 19 Feb 2009 15:57:27 GMT quentin [985] * server/fedora/config/etc/postfix/virtual_re (modified) Map to local usernames, instead of to @scripts.mit.edu addresses ... Thu, 19 Feb 2009 04:34:42 GMT quentin [984] * server/fedora/config/etc/postfix/virtual_re (modified) Allow local part to contain @ Thu, 19 Feb 2009 04:10:28 GMT quentin [983] * server/fedora/config/etc/postfix/main.cf (modified) * server/fedora/config/etc/postfix/virtual (modified) * server/fedora/config/etc/postfix/virtual_re (added) Support mail to foo@bar.scripts.mit.edu Wed, 18 Feb 2009 15:06:18 GMT quentin [982] * server/fedora/config/etc/cron.d/scripts-cron_status (added) * server/fedora/config/etc/nagios/check_cron_working (added) * server/fedora/config/etc/nagios/nrpe.cfg (modified) Check that cron can actually run things as users Sat, 14 Feb 2009 04:51:55 GMT geofft [979] * server/fedora/config/etc/vimrc (modified) er, Fedora has a nontrivial vimrc Sat, 14 Feb 2009 04:48:23 GMT geofft [978] * server/fedora/config/etc/httpd/vhosts.d/reify-vhost.py (modified) * server/fedora/config/etc/ssh/sshd_config (modified) undo miscommit Sat, 14 Feb 2009 04:45:39 GMT geofft [977] * server/fedora/config/etc/httpd/vhosts.d/reify-vhost.py (modified) * server/fedora/config/etc/ssh/sshd_config (modified) * server/fedora/config/etc/vimrc (added) Suppress writing .viminfo file Fri, 13 Feb 2009 03:37:57 GMT geofft [975] * server/fedora/config/etc/httpd/vhosts.d/eastgate.conf (added) * server/fedora/config/etc/pki/tls/certs/eastgate.pem (added) eastgate.mit.edu SSL cert and conf [help.mit.edu #792732] Wed, 11 Feb 2009 10:11:27 GMT andersk [974] * server/fedora/config/etc/httpd/vhosts.d/sipb.conf (modified) Change sipb.mit.edu DocumentRoot to web_scripts/sipb. Wed, 11 Feb 2009 09:42:33 GMT geofft [973] * server/fedora/config/etc/httpd/conf/httpd.conf (modified) Change default cert to *.scripts except for 18.181.0.43. Wed, 11 Feb 2009 09:39:36 GMT geofft [972] * server/fedora/config/etc/httpd/conf/httpd.conf (modified) Uncommitted changes to httpd.conf. These seem to involve ... Wed, 11 Feb 2009 09:13:05 GMT andersk [971] * server/fedora/config/etc/httpd/vhosts.d/sipb.conf (modified) Get rid of the custom sipb.mit.edu aliases. Mon, 09 Feb 2009 19:45:55 GMT andersk [970] * server/fedora/config/etc/hosts (modified) Change the IP for scripts.mit.edu and add scripts-vhosts.mit.edu. Fri, 06 Feb 2009 02:37:36 GMT andersk [969] * server/fedora/config/etc/httpd/conf.d/scripts-vhost-names.conf (modified) Add scripts-vhosts. Fri, 06 Feb 2009 02:35:31 GMT andersk [968] * server/fedora/config/etc/httpd/conf.d/scripts-vhost-names.conf (modified) Add 18.181.0.43 and scripts-vhosts.mit.edu. Thu, 05 Feb 2009 22:23:30 GMT geofft [967] * server/fedora/config/etc/sysconfig/network-scripts/ifcfg-lo:3 (modified) oops Thu, 05 Feb 2009 22:03:11 GMT geofft [966] * server/fedora/config/etc/sysconfig/network-scripts/ifcfg-lo:3 (added) Add new scripts.mit.edu IP address Thu, 29 Jan 2009 09:33:24 GMT quentin [963] * server/fedora/config/etc/httpd/vhosts.d/picker.conf (added) Add vhost entry for picker.mit.edu so it picks up its cert Thu, 29 Jan 2009 09:25:21 GMT geofft [962] * server/fedora/config/etc/pki/tls/certs/picker.pem (added) SSL cert for picker.mit.edu Wed, 28 Jan 2009 17:50:10 GMT quentin [961] * server/fedora/config/etc/dirsrv (added) * server/fedora/config/etc/dirsrv/slapd-scripts (added) * server/fedora/config/etc/dirsrv/slapd-scripts/schema (added) * server/fedora/config/etc/dirsrv/slapd-scripts/schema/98scripts-vhost.ldif (added) * server/fedora/config/etc/dirsrv/slapd-scripts/schema/99mod_vhost_ldap.ldif (added) Add scripts LDAP schema to the repo Tue, 27 Jan 2009 08:13:05 GMT andersk [953] * server/fedora/config/etc/httpd/vhosts.d/sipb.conf (modified) Revert r952. Tue, 27 Jan 2009 07:09:22 GMT quentin [952] * server/fedora/config/etc/httpd/vhosts.d/sipb.conf (modified) Serve sipb.mit.edu wiki content directly via Apache Tue, 20 Jan 2009 09:22:17 GMT quentin [948] * server/fedora/config/etc/ssh/ssh_config (modified) Try hostbased authentication in the client Tue, 20 Jan 2009 09:17:10 GMT quentin [947] * server/fedora/config/etc/ssh/shosts.equiv (added) Add shosts.equiv for allowing logins Tue, 20 Jan 2009 09:16:40 GMT quentin [946] * server/fedora/config/etc/ssh/ssh_config (added) * server/fedora/config/etc/ssh/ssh_known_hosts (added) * server/fedora/config/etc/ssh/sshd_config (modified) Allow ssh hostbased authentication Thu, 15 Jan 2009 03:30:15 GMT geofft [943] * server/fedora/config/etc/httpd/vhosts.d/sipb.conf (modified) Hacks because Apache makes things hard at the .htaccess level. Wed, 14 Jan 2009 01:43:34 GMT geofft [942] * server/fedora/config/etc/httpd/vhosts.d/debathena.conf (added) debathena.mit.edu vhost Wed, 14 Jan 2009 01:41:47 GMT geofft [941] * server/fedora/config/etc/pki/tls/certs/debathena.pem (added) cert for debathena.mit.edu Sun, 11 Jan 2009 03:52:47 GMT geofft [940] * server/fedora/config/etc/httpd/vhosts.d/sipb.conf (added) Whoops, forgot to reify-vhost.py sipb.mit.edu Wed, 07 Jan 2009 17:46:21 GMT geofft [939] * server/fedora/config/etc/syslog-ng/d_zroot.pl (modified) Setting tty modes failed: Invalid argument Tue, 06 Jan 2009 21:30:00 GMT andersk [938] * server/fedora/config/etc/syslog-ng/d_zroot.pl (modified) d_zroot.pl: Read .ssh/authorized_keys, not just authorized_keys2. ... Thu, 01 Jan 2009 00:42:24 GMT quentin [915] * server/fedora/config/etc/nsswitch.conf (modified) Support mDNS on scripts Thu, 01 Jan 2009 00:37:08 GMT quentin [914] * server/fedora/config/etc/sudoers (modified) Add if_err_eth2 to allowed munin commands (wtf?) Wed, 31 Dec 2008 22:15:26 GMT quentin [910] * server/fedora/config/etc/nss-ldapd.conf (added) configuration for nss-ldapd Thu, 11 Dec 2008 10:50:52 GMT quentin [891] * server/fedora/config/etc/aliases (modified) * server/fedora/config/etc/postfix/main.cf (modified) Add reuter to blocked mail accounts list, and prevent outbound mail Thu, 20 Nov 2008 05:48:08 GMT geofft [890] * server/fedora/config/etc/syslog-ng/d_zroot.pl (modified) I think this works better Thu, 20 Nov 2008 05:41:24 GMT quentin [889] * server/fedora/config/etc/syslog-ng/d_zroot.pl (modified) Fix geofft's typo Thu, 20 Nov 2008 05:38:26 GMT geofft [888] * server/fedora/config/etc/syslog-ng/d_zroot.pl (modified) Display failed root logins from off campus only at 10+10k attempts. Thu, 20 Nov 2008 05:22:59 GMT quentin [887] * server/fedora/config/etc/syslog-ng/d_zroot.pl (modified) Ignore non-fatal authentication failures Wed, 19 Nov 2008 21:22:20 GMT geofft [886] * server/fedora/config/etc/pki/tls/certs/sipb.pem (added) sipb.mit.edu certificate Wed, 19 Nov 2008 02:53:55 GMT geofft [885] * server/fedora/config/etc/httpd/vhosts.d/barnowl.conf (added) * server/fedora/config/etc/httpd/vhosts.d/cdsa.conf (added) * server/fedora/config/etc/httpd/vhosts.d/textbooks.conf (added) * server/fedora/config/etc/httpd/vhosts.d/twentytwelve.conf (added) * server/fedora/config/etc/httpd/vhosts.d/ua.conf (added) * server/fedora/config/etc/httpd/vhosts.d/whatsnext.conf (added) and the vhosts they rode in on Wed, 19 Nov 2008 02:43:56 GMT geofft [884] * server/fedora/config/etc/pki/tls/certs/barnowl.pem (added) * server/fedora/config/etc/pki/tls/certs/cdsa.pem (added) * server/fedora/config/etc/pki/tls/certs/textbooks.pem (added) * server/fedora/config/etc/pki/tls/certs/twentytwelve.pem (added) * server/fedora/config/etc/pki/tls/certs/ua.pem (added) * server/fedora/config/etc/pki/tls/certs/whatsnext.pem (added) More noms. Mon, 17 Nov 2008 04:25:45 GMT geofft [883] * server/fedora/config/etc/syslog-ng/d_zroot.pl (modified) Re r882, make the resulting log zephyr public. (Thanks to price for ... Fri, 14 Nov 2008 08:37:22 GMT quentin [879] * server/fedora/config/etc/nscd.conf (modified) Update nscd configuration to cache smarter Fri, 14 Nov 2008 08:21:52 GMT quentin [878] * server/fedora/config/etc/ssh/sshd_config (modified) Enable sshd verbose mode, so we can identify the public key used for ... Fri, 14 Nov 2008 08:11:16 GMT quentin [877] * server/fedora/config/etc/nsswitch.conf (modified) Provide commented-out non-nss_nonlocal region in nsswitch Fri, 14 Nov 2008 08:10:18 GMT quentin [876] * server/fedora/config/etc/hosts (modified) Uncommitted changes on b-k Tue, 04 Nov 2008 01:24:27 GMT geofft [872] * server/fedora/config/etc/httpd/vhosts.d/familynet.conf (modified) forgot to fix SSLVerifyclient on familynet Mon, 03 Nov 2008 19:42:11 GMT geofft [870] * server/fedora/config/etc/httpd/vhosts.d/axo.conf (modified) * server/fedora/config/etc/httpd/vhosts.d/crew.conf (added) * server/fedora/config/etc/httpd/vhosts.d/familynet.conf (added) * server/fedora/config/etc/httpd/vhosts.d/lpq.conf (added) * server/fedora/config/etc/httpd/vhosts.d/mitsoc.conf (modified) * server/fedora/config/etc/httpd/vhosts.d/next.conf (added) * server/fedora/config/etc/httpd/vhosts.d/queues.conf (added) * server/fedora/config/etc/httpd/vhosts.d/random-hall.conf (modified) * server/fedora/config/etc/httpd/vhosts.d/reify-vhost.py (modified) * server/fedora/config/etc/httpd/vhosts.d/template (modified) * server/fedora/config/etc/httpd/vhosts.d/wakeup.conf (added) * server/fedora/config/etc/httpd/vhosts.d/westgate.conf (added) yay SSL vhosts yay Mon, 03 Nov 2008 19:10:37 GMT geofft [869] * server/fedora/config/etc/httpd/vhosts.d/reify-vhost.py (modified) SSLVerifyClient optional on port 444. Oops. ^_^;; Sun, 02 Nov 2008 21:02:50 GMT quentin [868] * server/fedora/config/etc/nagios/nrpe.cfg (modified) Ignore all partitions mounted under /mnt Sun, 02 Nov 2008 20:26:13 GMT quentin [867] * server/fedora/config/etc/postfix/main.cf (modified) Update postfix configuration for version 2.5.1 Sun, 02 Nov 2008 20:25:40 GMT quentin [866] * server/fedora/config/etc/yum.repos.d (added) * server/fedora/config/etc/yum.repos.d/scripts.repo (added) Use scripts yum repository (yay!) Sun, 02 Nov 2008 20:24:36 GMT quentin [865] * server/fedora/config/etc/munin/plugin-conf.d/munin-node (modified) * server/fedora/config/etc/sudoers (modified) Use sudo to monitor hardware sensors for munin Sun, 02 Nov 2008 20:23:53 GMT quentin [864] * server/fedora/config/etc/nagios/nrpe.cfg (modified) Ignore f7root partitions when checking disk space Sat, 01 Nov 2008 20:17:24 GMT quentin [857] * server/fedora/config/home/scripts-build (moved) User is named scripts-build... Sat, 01 Nov 2008 20:14:49 GMT quentin [856] * server/fedora/config/home (added) * server/fedora/config/home/rpmbuild (added) * server/fedora/config/home/rpmbuild/.rpmmacros (added) Add .rpmmacros file for configuring the rpmbuild user Mon, 27 Oct 2008 18:28:07 GMT geofft [854] * server/fedora/config/etc/httpd/vhosts.d/reify-vhost.py (added) Add a script to convert LDAP vhosts into blocks, so ... Fri, 24 Oct 2008 00:32:30 GMT andersk [853] * server/fedora/config/etc/syslog-ng/d_zroot.pl (modified) Put the children out of their misery. Tue, 07 Oct 2008 06:50:02 GMT andersk [847] * server/fedora/config/etc/munin/apache-htpasswd (modified) * server/fedora/config/etc/munin/munin-node.conf (modified) * server/fedora/config/etc/munin/plugin-conf.d/hddtemp_smartctl (modified) * server/fedora/config/etc/munin/plugin-conf.d/munin-node (modified) * server/fedora/config/etc/munin/plugin-conf.d/postfix (added) * server/fedora/config/etc/munin/plugin-conf.d/sendmail (added) * server/fedora/config/etc/sudoers (modified) Run munin as an unprivileged user with sudo for root access when ... Mon, 06 Oct 2008 03:02:07 GMT andersk [845] * server/fedora/config/etc/httpd/conf.d/vhost_ldap.conf (modified) Use the local LDAP server (as is already the case on both servers). Sun, 28 Sep 2008 07:43:31 GMT andersk [842] * server/common/patches/httpd-suexec-scripts.patch (modified) * server/fedora/config/etc/httpd/conf/httpd.conf (modified) Run php directly from suexec, so php scripts don’t need to be executable.