# # ChangeLog for trunk/server/fedora/config/etc # # Generated by Trac 1.0.2 # Mar 29, 2024, 4:53:35 AM Sat, 19 Dec 2009 05:39:08 GMT ezyang [1383] * trunk/lvs/debian/config/etc/aliases (modified) * trunk/server/fedora/config/etc/aliases (modified) Add ezyang@mit.edu to receive root email. Fri, 11 Dec 2009 14:27:20 GMT quentin [1379] * trunk/server/fedora/config/etc/sudoers (modified) Run ldap-backup as root so it can manipulate files owned by both ... Thu, 10 Dec 2009 08:34:28 GMT quentin [1378] * trunk/server/fedora/config/etc/sudoers (modified) Allow scripts to execute ldap-backup Mon, 23 Nov 2009 08:13:05 GMT andersk [1362] * trunk/server/fedora/config/etc/httpd/conf/httpd.conf (modified) * trunk/server/fedora/config/etc/php.d/_scripts.ini (modified) Undo the REDIRECT_STATUS kludge. httpd.conf has always contained ... Sun, 08 Nov 2009 23:09:04 GMT geofft [1352] * trunk/server/fedora/config/etc/pki/tls/certs/barnowl.pem (modified) * trunk/server/fedora/config/etc/pki/tls/certs/cdsa.pem (modified) * trunk/server/fedora/config/etc/pki/tls/certs/sipb.pem (modified) * trunk/server/fedora/config/etc/pki/tls/certs/twentytwelve.pem (modified) * trunk/server/fedora/config/etc/pki/tls/certs/ua.pem (modified) * trunk/server/fedora/config/etc/pki/tls/certs/whatsnext.pem (modified) SSL certificate renewals Sun, 08 Nov 2009 20:59:20 GMT geofft [1351] * trunk/server/fedora/config/etc/httpd/vhosts.d/textbooks.conf (deleted) * trunk/server/fedora/config/etc/pki/tls/certs/textbooks.pem (deleted) Punt textbooks.mit.edu's config because it is no longer on scripts Sun, 08 Nov 2009 20:40:50 GMT geofft [1350] * trunk/server/fedora/config/etc/pki/tls/openssl.cnf (modified) Use a more accurate OU in certificates Sat, 24 Oct 2009 16:45:00 GMT mitchb [1342] * trunk/server/fedora/config/etc/nagios/check_ldap_mmr.real (modified) Improvements to check_ldap_mmr plugin o Don't put a newline after ... Mon, 19 Oct 2009 23:52:17 GMT ezyang [1341] * trunk/server/fedora/config/etc/httpd/conf/httpd.conf (modified) Disable vhost logging. Wed, 14 Oct 2009 14:40:41 GMT mitchb [1339] * trunk/server/fedora/config/etc/yum.repos.d/fedora-updates.repo (modified) Revert r1328 - accept Rails-related updates from Fedora again Mon, 05 Oct 2009 18:33:56 GMT geofft [1335] * trunk/server/fedora/config/etc/httpd/vhosts.d/signup.conf (added) * trunk/server/fedora/config/etc/pki/tls/certs/signup.pem (added) CSR and configuration for signup.mit.edu [help.mit.edu #1024298] Sun, 04 Oct 2009 06:47:36 GMT mitchb [1334] * trunk/server/fedora/Makefile (modified) * trunk/server/fedora/config/etc/mock (added) * trunk/server/fedora/config/etc/mock/scripts-fc11-i386.cfg (added) * trunk/server/fedora/config/etc/mock/scripts-fc11-x86_64.cfg (added) Change the Scripts build system to build under mock! Sun, 04 Oct 2009 06:44:55 GMT mitchb [1333] * trunk/server/fedora/config/etc/pam.d/mock (modified) Prevent users from trying to run mock via password auth Sun, 04 Oct 2009 06:43:29 GMT mitchb [1332] * trunk/server/fedora/config/etc/pam.d/mock (added) Put pristine upstream mock PAM config under revision control Sat, 03 Oct 2009 17:46:12 GMT mitchb [1331] * trunk/server/fedora/config/etc/syslog-ng/d_zroot.pl (modified) Revert r1330. Try not to kill *all* of our notifications next time. Sat, 03 Oct 2009 03:19:38 GMT geofft [1330] * trunk/server/fedora/config/etc/syslog-ng/d_zroot.pl (modified) syslog: Ignore "Failed keyboard-interactive..." We don't permit ... Thu, 01 Oct 2009 10:40:20 GMT mitchb [1328] * trunk/server/fedora/config/etc/yum.repos.d/fedora-updates.repo (modified) Stop accepting Rails-related updates from Fedora Sat, 19 Sep 2009 21:36:28 GMT quentin [1326] * trunk/server/fedora/config/etc/httpd/vhosts.d/ua.conf (modified) Goddamn hardcoded vhosts Mon, 14 Sep 2009 19:17:00 GMT mitchb [1325] * trunk/server/fedora/config/etc/httpd/vhosts.d/ai6034.conf (added) * trunk/server/fedora/config/etc/pki/tls/certs/ai6034.pem (added) Certificate and SSL config for ai6034.mit.edu Sun, 13 Sep 2009 10:47:26 GMT mitchb [1323] * trunk/server/fedora/config/etc/logrotate.d/httpd (modified) Fix global scoping problem from r1317 and r1319 One of these days ... Sat, 12 Sep 2009 18:38:44 GMT geofft [1322] * trunk/server/fedora/config/etc/sysconfig/freshclam (added) Don't disable freshclam Sat, 12 Sep 2009 12:12:01 GMT quentin [1321] * trunk/server/fedora/config/etc/freshclam.conf (added) Add freshclam configuration Wed, 09 Sep 2009 12:55:02 GMT mitchb [1319] * trunk/server/fedora/config/etc/logrotate.d/httpd (modified) Fix vhost log rolling config from r1317 Tue, 08 Sep 2009 04:55:54 GMT quentin [1317] * trunk/server/fedora/config/etc/logrotate.d/httpd (modified) Temporarily keep 14 days of vhost logs Tue, 08 Sep 2009 04:54:55 GMT quentin [1316] * trunk/server/fedora/config/etc/httpd/conf/httpd.conf (modified) * trunk/server/fedora/config/etc/httpd/statistics_log_mitonly.sh (modified) Handle ~urls as well when gathering statistics Tue, 08 Sep 2009 04:07:29 GMT quentin [1315] * trunk/server/fedora/config/etc/httpd/statistics_log_mitonly.sh (modified) Flush log after each entry, to avoid a big 4k buffer Tue, 08 Sep 2009 04:04:40 GMT ezyang [1314] * trunk/server/fedora/config/etc/httpd/conf/httpd.conf (modified) * trunk/server/fedora/config/etc/httpd/statistics_log_mitonly.sh (added) Collect logs about virtual host hits from MITnet at ... Wed, 02 Sep 2009 04:33:46 GMT mitchb [1311] * trunk/server/fedora/config/etc/httpd/vhosts.d/bookspicker.conf (added) SSL config for bookspicker.mit.edu. The cert doesn't do much without it. Tue, 01 Sep 2009 19:08:09 GMT geofft [1310] * trunk/server/fedora/config/etc/pki/tls/certs/bookspicker.pem (added) SSL certificate for bookspicker.mit.edu Wed, 26 Aug 2009 05:49:45 GMT geofft [1307] * trunk/server/fedora/config/etc/pki/tls/certs/axo.pem (modified) * trunk/server/fedora/config/etc/pki/tls/certs/crew.pem (modified) * trunk/server/fedora/config/etc/pki/tls/certs/familynet.pem (modified) * trunk/server/fedora/config/etc/pki/tls/certs/lpq.pem (modified) * trunk/server/fedora/config/etc/pki/tls/certs/mitsoc.pem (modified) * trunk/server/fedora/config/etc/pki/tls/certs/next.pem (modified) * trunk/server/fedora/config/etc/pki/tls/certs/queues.pem (modified) * trunk/server/fedora/config/etc/pki/tls/certs/random-hall.pem (modified) * trunk/server/fedora/config/etc/pki/tls/certs/wakeup.pem (modified) * trunk/server/fedora/config/etc/pki/tls/certs/westgate.pem (modified) certificate renewals Fri, 21 Aug 2009 19:43:29 GMT geofft [1305] * trunk/server/fedora/config/etc/syslog-ng/d_zroot.pl (modified) Don't zephyr -c scripts-spew about sudo from root. Because we ... Tue, 18 Aug 2009 00:43:15 GMT quentin [1302] * trunk/server/fedora/config/etc/pki/tls/certs/check.pl (modified) basename != dirname Mon, 17 Aug 2009 02:00:52 GMT geofft [1301] * trunk/server/fedora/config/etc/postfix/blocked_users (modified) Actually unblock reuter from sending (not just receiving) mail ... Sun, 16 Aug 2009 18:35:11 GMT geofft [1300] * trunk/server/fedora/config/etc/aliases (modified) Unblock golem from receiving mail (discussed with him over zephyr) Sun, 16 Aug 2009 18:32:12 GMT geofft [1299] * trunk/server/fedora/config/etc/aliases (modified) Unblock reuter from sending mail [help.mit.edu #985700] Tue, 11 Aug 2009 00:54:28 GMT mitchb [1294] * trunk/server/common/oursrc/nss-ldapd (deleted) * trunk/server/doc/install-howto.sh (modified) * trunk/server/fedora/Makefile (modified) * trunk/server/fedora/config/etc/nss-ldapd.conf (modified) * trunk/server/fedora/specs/nss-ldapd.spec.patch (deleted) We got nss-ldapd into Fedora! Stop building it from OpenSuSE. Mon, 10 Aug 2009 10:50:30 GMT mitchb [1293] * trunk/server/fedora/config/etc/httpd/vhosts.d/metu.conf (added) * trunk/server/fedora/config/etc/pki/tls/certs/metu.pem (added) Certificate and Apache config for metu.mit.edu Thu, 06 Aug 2009 14:54:39 GMT mitchb [1291] * trunk/server/fedora/config/etc/yum.repos.d/fedora-updates-testing.repo (modified) * trunk/server/fedora/config/etc/yum.repos.d/fedora-updates.repo (modified) Stop using the Fedora mirrors; they suck The mirrors lag behind the ... Thu, 06 Aug 2009 14:51:45 GMT mitchb [1290] * trunk/server/fedora/config/etc/yum.repos.d/fedora-updates-testing.repo (added) * trunk/server/fedora/config/etc/yum.repos.d/fedora-updates.repo (added) Put -updates and -updates-testing repo configs under version control Wed, 15 Jul 2009 08:27:11 GMT mitchb [1272] * trunk/server/fedora/config/etc/nagios/check_ldap_mmr (added) * trunk/server/fedora/config/etc/nagios/check_ldap_mmr.real (copied) * trunk/server/fedora/config/etc/sudoers (modified) * trunk/server/fedora/config/etc/syslog-ng/d_zroot.pl (modified) Wrap check_ldap_mmr with a sudo invocation, and don't spew logs about it Wed, 15 Jul 2009 07:22:12 GMT mitchb [1270] * trunk/server/fedora/config/etc/nagios/check_ldap_mmr (added) * trunk/server/fedora/config/etc/nagios/nrpe.cfg (modified) Nagios plugin to monitor LDAP multi-master replication status Mon, 13 Jul 2009 00:46:52 GMT mitchb [1267] * trunk/lvs/debian/config/etc/ha.d/ldirectord.cf (modified) * trunk/noc/nagios/hostgroups.cfg (modified) * trunk/noc/nagios/hosts.cfg (modified) * trunk/server/fedora/config/etc/hosts (modified) * trunk/server/fedora/config/etc/httpd/conf.d/scripts-vhost-names.conf (modified) * trunk/server/fedora/config/etc/ssh/shosts.equiv (modified) * trunk/server/fedora/config/etc/ssh/ssh_known_hosts (modified) * trunk/server/fedora/config/etc/ssh/sshd_config (modified) * trunk/server/fedora/config/etc/sysconfig/network-scripts/route-eth1 (modified) Configuration for new scripts webserver real-mccoy Sun, 12 Jul 2009 03:22:00 GMT quentin [1265] * trunk/server/fedora/config/etc/openafs/NetRestrict (added) Prevent AFS client from registering shared or backend IPs Sat, 11 Jul 2009 07:01:32 GMT geofft [1264] * trunk/server/fedora/config/etc/httpd/conf.d/scripts-special.conf (modified) Fix URL of Django admin media for F11/py2.6. Thu, 09 Jul 2009 19:48:21 GMT mitchb [1259] * trunk (modified) * trunk/lvs/debian/config/etc/munin/plugins/cps_1_0 (modified) * trunk/server/common/patches/httpd-2.2.x-sni.patch (modified) * trunk/server/common/patches/httpd-suexec-scripts.patch (modified) * trunk/server/common/patches/openafs-delta-dprintf-rename-20090427.patch (copied) * trunk/server/common/patches/openafs-delta-linux26-defer-cred-changing-20090511.patch (copied) * trunk/server/common/patches/openafs-numsysnames.patch (copied) * trunk/server/common/patches/openafs-scripts.patch (modified) * trunk/server/common/patches/openssh-4.7p1-gssapi-name-in-env.patch (copied) * trunk/server/doc/install-howto.sh (modified) * trunk/server/fedora/Makefile (modified) * trunk/server/fedora/config/etc/acpi (deleted) * trunk/server/fedora/config/etc/httpd/conf/httpd.conf (modified) * trunk/server/fedora/config/etc/logrotate.d/httpd (modified) * trunk/server/fedora/config/etc/munin/munin-node.conf (modified) * trunk/server/fedora/config/etc/munin/plugin-conf.d/munin-node (modified) * trunk/server/fedora/config/etc/nagios/nrpe.cfg (modified) * trunk/server/fedora/config/etc/nscd.conf (modified) * trunk/server/fedora/config/etc/php.d/apc.ini (copied) * trunk/server/fedora/config/etc/php.d/curl.ini (copied) * trunk/server/fedora/config/etc/php.d/wddx.ini (copied) * trunk/server/fedora/config/etc/printcap (modified) * trunk/server/fedora/config/etc/security/limits.conf (modified) * trunk/server/fedora/config/etc/sudoers (modified) * trunk/server/fedora/config/etc/sysconfig/networking (copied) * trunk/server/fedora/config/etc/sysconfig/openafs (modified) * trunk/server/fedora/config/etc/syslog-ng/syslog-ng.conf (modified) * trunk/server/fedora/config/etc/yum (copied) * trunk/server/fedora/config/etc/yum.repos.d/fedora-updates-testing-newkey.repo (deleted) * trunk/server/fedora/config/etc/yum.repos.d/scripts.repo (modified) * trunk/server/fedora/specs/httpd.spec.patch (modified) * trunk/server/fedora/specs/krb5.spec.patch (modified) * trunk/server/fedora/specs/nss-ldapd.spec.patch (modified) * trunk/server/fedora/specs/openafs.spec.patch (modified) * trunk/server/fedora/specs/openssh.spec.patch (modified) * trunk/server/fedora/specs/php.spec.patch (modified) * trunk/server/fedora/specs/pysvn.spec.patch (deleted) * trunk/server/fedora/specs/scripts-base.spec (modified) Reintegrate branches/fc11-dev (r1121:1258) to trunk Thu, 09 Jul 2009 03:51:45 GMT mitchb [1250] * trunk/server/fedora/config/etc/hosts (modified) * trunk/server/fedora/config/etc/httpd/conf.d/scripts-vhost-names.conf (modified) * trunk/server/fedora/config/etc/ssh/shosts.equiv (modified) * trunk/server/fedora/config/etc/ssh/ssh_known_hosts (modified) * trunk/server/fedora/config/etc/ssh/sshd_config (modified) * trunk/server/fedora/config/etc/sysconfig/network-scripts/route-eth1 (modified) Configuration for new scripts webserver busy-beaver Wed, 08 Jul 2009 19:51:30 GMT mitchb [1245] * trunk/server/fedora/config/etc/sysconfig/network-scripts/route-eth1 (modified) Missed one; pancake-bunny backend route config Wed, 08 Jul 2009 19:49:35 GMT mitchb [1244] * trunk/server/fedora/config/etc/hosts (modified) * trunk/server/fedora/config/etc/httpd/conf.d/scripts-vhost-names.conf (modified) * trunk/server/fedora/config/etc/ssh/shosts.equiv (modified) * trunk/server/fedora/config/etc/ssh/ssh_known_hosts (modified) * trunk/server/fedora/config/etc/ssh/sshd_config (modified) Configuration for new scripts webserver pancake-bunny Wed, 08 Jul 2009 16:27:22 GMT mitchb [1242] * trunk/server/fedora/config/etc/pki/tls/certs/scripts-cert.pem (modified) Renewal certificate for scripts-cert.mit.edu Tue, 07 Jul 2009 01:31:00 GMT ezyang [1240] * trunk/server/fedora/config/etc/syslog-ng/d_zroot.pl (modified) Revert change, as this will fail if AFS is not loaded. Tue, 07 Jul 2009 01:09:26 GMT ezyang [1239] * trunk/server/fedora/config/etc/syslog-ng/d_zroot.pl (modified) Have zroot also look in /mit/scripts/.ssh/authorized_keys. This is ... Wed, 01 Jul 2009 18:14:49 GMT quentin [1227] * trunk/server/fedora/config/etc/postfix/blocked_users (added) * trunk/server/fedora/config/etc/postfix/main.cf (modified) Add cycling-club to set of blocked mail users, and split the list off ... Tue, 30 Jun 2009 18:50:39 GMT geofft [1214] * trunk/server/fedora/config/etc/httpd/vhosts.d/tours.conf (added) * trunk/server/fedora/config/etc/pki/tls/certs/tours.pem (added) SSL cert and config for tours.mit.edu Thu, 25 Jun 2009 13:07:53 GMT mitchb [1209] * trunk/server/fedora/config/etc/yum.conf (modified) kmod-openafs should be shaken, not stirred... err, installed, not ... Wed, 24 Jun 2009 17:54:14 GMT quentin [1208] * trunk/server/fedora/config/etc/php.d/imagick.ini (added) Add ImageMagick PHP extension Sun, 14 Jun 2009 07:31:09 GMT ezyang [1193] * trunk/server/fedora/config/etc/php.d/dom.ini (modified) Commiting enabling of dom.ini, pending further performance review. Sat, 13 Jun 2009 18:12:29 GMT mitchb [1191] * trunk/server/fedora/config/etc/httpd/vhosts.d/geofft.conf (deleted) * trunk/server/fedora/config/etc/pki/tls/certs/geofft.pem (deleted) Remove expired test cert and config for geofft.mit.edu Thu, 11 Jun 2009 15:32:48 GMT quentin [1187] * trunk/server/fedora/config/etc/sysconfig/crond (added) Always ensure we have tokens before starting crond Sat, 06 Jun 2009 17:57:02 GMT quentin [1171] * trunk/server/fedora/config/etc/pki/tls/certs/check.pl (added) Script for checking certificate expiration times Fri, 05 Jun 2009 20:18:20 GMT geofft [1170] * trunk/server/fedora/config/etc/pki/tls/certs/scripts.pem (modified) scripts.mit.edu Equifax-signed 2-year cert Fri, 05 Jun 2009 03:32:42 GMT geofft [1168] * trunk/server/fedora/config/etc/environment (added) Make Java work again by reducing its maximum heap size. Otherwise, ... Fri, 05 Jun 2009 01:04:46 GMT geofft [1166] * trunk/server/fedora/config/etc/pki/tls/certs/star.scripts.pem (modified) Replace *.scripts' cert with an Equifax-signed one from RapidSSL. Thu, 04 Jun 2009 09:20:36 GMT geofft [1165] * trunk/server/fedora/config/etc/security/limits.conf (modified) limits.conf: Actually, keep data and as around. rss isn't respected ... Thu, 04 Jun 2009 09:18:04 GMT quentin [1164] * trunk/server/fedora/config/etc/httpd/conf/httpd.conf (modified) Revert r1162 (DDoS over?) Thu, 04 Jun 2009 06:13:40 GMT andersk [1163] * trunk/server/fedora/config/etc/security/limits.conf (modified) Punt memory limits other than rss. Wed, 03 Jun 2009 17:31:38 GMT quentin [1162] * trunk/server/fedora/config/etc/httpd/conf/httpd.conf (modified) Temporarily reduce request timeouts in order to deal with DDoS Wed, 03 Jun 2009 15:30:18 GMT mitchb [1160] * trunk/server/fedora/config/etc/ssh/shosts.equiv (modified) * trunk/server/fedora/config/etc/ssh/ssh_known_hosts (modified) * trunk/server/fedora/config/etc/ssh/sshd_config (modified) * trunk/server/fedora/config/etc/sysconfig/network-scripts/route-eth1 (modified) Config for ssh and networking to interact with cats-whiskers Tue, 02 Jun 2009 21:47:37 GMT geofft [1136] * trunk/server/fedora/config/etc/httpd/vhosts.d/cycling-club.conf (deleted) Also delete the config Tue, 02 Jun 2009 21:47:01 GMT geofft [1135] * trunk/server/fedora/config/etc/pki/tls/certs/cycling-club.pem (deleted) cycling-club.scripts' 30-day cert expired, so revert to the *.scripts ... Sat, 16 May 2009 04:40:09 GMT mitchb [1128] * trunk/server/fedora/config/etc/acpi/actions/power.sh (deleted) Revert r1010, make the power button work, as previously directed. Sat, 16 May 2009 04:34:28 GMT quentin [1127] * trunk/server/fedora/config/etc/php.d/json.ini (modified) Don't make exceptions for single extensions Sat, 16 May 2009 04:07:57 GMT mitchb [1126] * trunk/server/fedora/config/etc/php.d/json.ini (modified) People want json. Turn it on. Wed, 13 May 2009 22:43:02 GMT geofft [1125] * trunk/server/fedora/config/etc/httpd/vhosts.d/geofft.conf (added) reified vhost for geofft.mit.edu Wed, 13 May 2009 22:39:34 GMT geofft [1124] * trunk/server/fedora/config/etc/pki/tls/certs/geofft.pem (added) RapidSSL 30-day certificate for geofft.mit.edu Wed, 13 May 2009 21:58:23 GMT mitchb [1123] * trunk/server/fedora/config/etc/postfix/main.cf (modified) Proofreading... 9 out of 10 optometrists agree! Wed, 13 May 2009 21:43:45 GMT geofft [1122] * trunk/server/fedora/config/etc/postfix/main.cf (modified) (Temporarily?) permit mail to user@scripts-vhosts.mit.edu Sun, 10 May 2009 18:27:18 GMT mitchb [1119] * trunk (copied) Restructure so trunk of the repo is at /trunk, not / (part 1) Tue, 05 May 2009 19:32:40 GMT geofft [1114] * server/fedora/config/etc/httpd/vhosts.d/next.conf (modified) change docroot for next.mit.edu