source: server/fedora/config

Revision Log Mode:


Legend:

Added
Modified
Copied or renamed
Diff Rev Age Author Log Message
(edit) @947   16 years quentin Add shosts.equiv for allowing logins
(edit) @946   16 years quentin Allow ssh hostbased authentication
(edit) @943   16 years geofft Hacks because Apache makes things hard at the .htaccess level.
(edit) @942   16 years geofft debathena.mit.edu vhost
(edit) @941   16 years geofft cert for debathena.mit.edu
(edit) @940   16 years geofft Whoops, forgot to reify-vhost.py sipb.mit.edu
(edit) @939   16 years geofft Setting tty modes failed: Invalid argument
(edit) @938   16 years andersk d_zroot.pl: Read .ssh/authorized_keys, not just authorized_keys2. ...
(edit) @915   16 years quentin Support mDNS on scripts
(edit) @914   16 years quentin Add if_err_eth2 to allowed munin commands (wtf?)
(edit) @910   16 years quentin configuration for nss-ldapd
(edit) @891   16 years quentin Add reuter to blocked mail accounts list, and prevent outbound mail
(edit) @890   16 years geofft I think this works better
(edit) @889   16 years quentin Fix geofft's typo
(edit) @888   16 years geofft Display failed root logins from off campus only at 10+10k attempts.
(edit) @887   16 years quentin Ignore non-fatal authentication failures
(edit) @886   16 years geofft sipb.mit.edu certificate
(edit) @885   16 years geofft and the vhosts they rode in on
(edit) @884   16 years geofft More noms.
(edit) @883   16 years geofft Re r882, make the resulting log zephyr public. (Thanks to price for ...
(edit) @879   16 years quentin Update nscd configuration to cache smarter
(edit) @878   16 years quentin Enable sshd verbose mode, so we can identify the public key used for login
(edit) @877   16 years quentin Provide commented-out non-nss_nonlocal region in nsswitch
(edit) @876   16 years quentin Uncommitted changes on b-k
(edit) @872   16 years geofft forgot to fix SSLVerifyclient on familynet
(edit) @870   16 years geofft yay SSL vhosts yay
(edit) @869   16 years geofft SSLVerifyClient optional on port 444. Oops. ^_^;;
(edit) @868   16 years quentin Ignore all partitions mounted under /mnt
(edit) @867   16 years quentin Update postfix configuration for version 2.5.1
(edit) @866   16 years quentin Use scripts yum repository (yay!)
(edit) @865   16 years quentin Use sudo to monitor hardware sensors for munin
(edit) @864   16 years quentin Ignore f7root partitions when checking disk space
(edit) @857   16 years quentin User is named scripts-build...
(edit) @856   16 years quentin Add .rpmmacros file for configuring the rpmbuild user
(edit) @854   16 years geofft Add a script to convert LDAP vhosts into <VirtualHost> blocks, so it's ...
(edit) @853   16 years andersk Put the children out of their misery.
(edit) @847   16 years andersk Run munin as an unprivileged user with sudo for root access when necessary
(edit) @845   16 years andersk Use the local LDAP server (as is already the case on both servers).
(edit) @842   16 years andersk Run php directly from suexec, so php scripts don’t need to be executable.
(edit) @841   16 years geofft [help.mit.edu #694790]
(edit) @831   16 years andersk MaxRequestsPerChild < Ridiculous
(edit) @829   16 years geofft Debathena's reasoning seems sound enough. Add fuse_allow_other, which ...
(edit) @822   16 years geofft OM NOM NOM NOM CERTIFICATES
(edit) @821   16 years geofft I'm stupid.
(edit) @820   16 years geofft Add server certS for random-hall.mit.edu and mitsoc.mit.edu
(edit) @817   16 years geofft Added code to zephyr on OOM kills. Also commented out a change by ...
(edit) @814   16 years geofft As Anders would say...
(edit) @813   16 years geofft This looks useful too
(edit) @811   16 years quentin Add localhost to the list of scripts names
(edit) @808   16 years geofft Probably a useful file to have.
(edit) @807   16 years quentin Add routes for sql via eth1
(edit) @804   16 years andersk We don't actually have a deb.gif.
(edit) @802   16 years andersk Allow a directory index of /__scripts/icons.
(edit) @801   16 years geofft /etc: Add pki/tls/certs/*.pem to the repository.
(edit) @799   16 years geofft Uncommitted changes from o-f: reboot on kernel panic (do we actually ...
(edit) @794   16 years quentin Update sudoers based on F9 template
(edit) @792   16 years quentin We don't share /tmp (eeew)
(edit) @791   16 years quentin Add bees-knees and cats-whiskers to /etc/hosts
(edit) @790   16 years geofft Oops, missed scripts-test's IP.
(edit) @789   16 years geofft Update names for scripts[1-4]
(edit) @787   16 years geofft Fix some stuff about our iptables rules, including: - Remove ACCEPT ...
(edit) @784   16 years quentin Use explicit recipients for non-root log messages
(edit) @783   16 years geofft Make d_zroot.pl zephyr people in the .k5login in personals
(edit) @781   16 years quentin munin needs to start as root so it can setuid to run the script; it ...
(edit) @780   16 years geofft Munin should not run as root. Remove munin's htpasswd file, since it's ...
(edit) @779   16 years geofft mod_status is a serious privacy violation.
(edit) @778   16 years geofft This list is a little better
(edit) @777   16 years geofft Add more sysnames to differentiate between OS releases, and add the ...
(edit) @775   16 years geofft Version nscd.conf, and reduce the negative TTL to 5 seconds to solve ...
(edit) @770   16 years quentin Stop more spew; parse ssh keys and identify the used key when ...
(edit) @768   16 years geofft Commented out scripts-spew. It is inappropriate to send syslogs about ...
(edit) @761   16 years presbrey gem replication install script
(edit) @759   16 years quentin Tweak httpd settings
(edit) @758   16 years quentin Avoid spew in cases of serious error
(edit) @757   16 years quentin Add AFS monitoring to Nagios
(edit) @755   17 years andersk Oops, missed a spot.
(edit) @754   17 years andersk Use the scripts private key for *.scripts as well (the previous ...
(edit) @751   17 years andersk Configure nsswitch.conf to use nss_nonlocal.
(edit) @749   17 years andersk Nope. Don't care.
(edit) @740   17 years andersk Update SSL configuration directives from Fedora's ssl.conf. Notably, ...
(edit) @739   17 years andersk spew--
(edit) @738   17 years andersk SHUT. THE. FUCK. UP.
(edit) @734   17 years andersk Turn on KeepAlive for SSL and increase timeouts, to avoid pathological ...
(edit) @715   17 years quentin Allow syn to access nrpe through iptables
(edit) @712   17 years quentin Allow syn to monitor scripts
(edit) @708   17 years geofft Add rebecca to sudoers.
(edit) @707   17 years andersk This sucker has had it coming for a long time.
(edit) @690   17 years quentin Ignore more syslog messages
(edit) @687   17 years andersk We might as well present the *.scripts.mit.edu certificate for ...
(edit) @682   17 years andersk Revert r681; this doesn't actually work.
(edit) @681   17 years andersk Drop to nobody in case of a terrible mod_vhost_ldap disaster.
(edit) @677   17 years andersk Remove hacks-old.
(edit) @671   17 years quentin Remove broken configuration for deprecated mime_magic module, as we ...
(edit) @669   17 years geofft disable X11 forwarding; allow forwarding $EDITOR and $VISUAL because ...
(edit) @668   17 years quentin Ignore more meaningless sshd logs
(edit) @667   17 years quentin Don't log logins from non-root users
(edit) @666   17 years quentin Change syslog zephyring to coalesce messages
(edit) @665   17 years quentin Make Zephyrs more useful and move to -c scripts-auto
(edit) @664   17 years andersk -c scripts -> -c scripts-auto.
(edit) @662   17 years quentin Save log and pid in the right places
Note: See TracRevisionLog for help on using the revision log.