Index: server/fedora/config/etc/aliases
===================================================================
--- server/fedora/config/etc/aliases (revision 39)
+++ server/fedora/config/etc/aliases (revision 39)
@@ -0,0 +1,96 @@
+#
+# Aliases in this file will NOT be expanded in the header from
+# Mail, but WILL be visible over networks or from /bin/mail.
+#
+# >>>>>>>>>> The program "newaliases" must be run after
+# >> NOTE >> this file is updated for any changes to
+# >>>>>>>>>> show through to sendmail.
+#
+
+# Basic system aliases -- these MUST be present.
+mailer-daemon: postmaster
+postmaster: root
+
+# General redirections for pseudo accounts.
+bin: root
+daemon: root
+adm: root
+lp: root
+sync: root
+shutdown: root
+halt: root
+mail: root
+news: root
+uucp: root
+operator: root
+games: root
+gopher: root
+ftp: root
+nobody: root
+radiusd: root
+nut: root
+dbus: root
+vcsa: root
+canna: root
+wnn: root
+rpm: root
+nscd: root
+pcap: root
+apache: root
+webalizer: root
+dovecot: root
+fax: root
+quagga: root
+radvd: root
+pvm: root
+amanda: root
+privoxy: root
+ident: root
+named: root
+xfs: root
+gdm: root
+mailnull: root
+postgres: root
+sshd: root
+smmsp: root
+postfix: root
+netdump: root
+ldap: root
+squid: root
+ntp: root
+mysql: root
+desktop: root
+rpcuser: root
+rpc: root
+nfsnobody: root
+
+ingres: root
+system: root
+toor: root
+manager: root
+dumper: root
+abuse: root
+
+newsadm: news
+newsadmin: news
+usenet: news
+ftpadm: ftp
+ftpadmin: ftp
+ftp-adm: ftp
+ftp-admin: ftp
+www: webmaster
+webmaster: root
+noc: root
+security: root
+hostmaster: root
+info: postmaster
+marketing: postmaster
+sales: postmaster
+support: postmaster
+
+
+# trap decode to catch security attacks
+decode: root
+
+# Person who should get root's mail
+root: rootjoe@gmail.com, jbarnold@mit.edu
Index: server/fedora/config/etc/auto.master
===================================================================
--- server/fedora/config/etc/auto.master (revision 39)
+++ server/fedora/config/etc/auto.master (revision 39)
@@ -0,0 +1,1 @@
+/mit hesiod:hesiod
Index: server/fedora/config/etc/hesiod.conf
===================================================================
--- server/fedora/config/etc/hesiod.conf (revision 39)
+++ server/fedora/config/etc/hesiod.conf (revision 39)
@@ -0,0 +1,2 @@
+rhs=.ATHENA.MIT.EDU
+lhs=.ns
Index: server/fedora/config/etc/hosts
===================================================================
--- server/fedora/config/etc/hosts (revision 39)
+++ server/fedora/config/etc/hosts (revision 39)
@@ -0,0 +1,7 @@
+# Do not remove the following line, or various programs
+# that require network functionality will fail.
+127.0.0.1 localhost.localdomain localhost
+::1 localhost.localdomain localhost
+
+18.181.0.46 scripts scripts.mit.edu
+18.181.0.52 sql sql.mit.edu
Index: server/fedora/config/etc/httpd/conf/httpd.conf
===================================================================
--- server/fedora/config/etc/httpd/conf/httpd.conf (revision 39)
+++ server/fedora/config/etc/httpd/conf/httpd.conf (revision 39)
@@ -0,0 +1,292 @@
+#ServerType standalone
+ServerRoot /etc/httpd
+#LockFile /var/lock/apache.lock
+PidFile run/httpd.pid
+#ScoreBoardFile /var/run/apache.scoreboard
+Timeout 300
+KeepAlive On
+MaxKeepAliveRequests 1000
+KeepAliveTimeout 15
+MinSpareServers 5
+MaxSpareServers 20
+StartServers 8
+MaxClients 256
+MaxRequestsPerChild 4000
+
+LoadModule auth_basic_module modules/mod_auth_basic.so
+LoadModule auth_digest_module modules/mod_auth_digest.so
+LoadModule authn_file_module modules/mod_authn_file.so
+LoadModule authn_alias_module modules/mod_authn_alias.so
+LoadModule authn_anon_module modules/mod_authn_anon.so
+#LoadModule authn_dbm_module modules/mod_authn_dbm.so
+LoadModule authn_default_module modules/mod_authn_default.so
+LoadModule authz_host_module modules/mod_authz_host.so
+LoadModule authz_user_module modules/mod_authz_user.so
+LoadModule authz_owner_module modules/mod_authz_owner.so
+LoadModule authz_groupfile_module modules/mod_authz_groupfile.so
+#LoadModule authz_dbm_module modules/mod_authz_dbm.so
+LoadModule authz_default_module modules/mod_authz_default.so
+#LoadModule ldap_module modules/mod_ldap.so
+#LoadModule authnz_ldap_module modules/mod_authnz_ldap.so
+LoadModule include_module modules/mod_include.so
+LoadModule log_config_module modules/mod_log_config.so
+#LoadModule logio_module modules/mod_logio.so
+LoadModule env_module modules/mod_env.so
+LoadModule ext_filter_module modules/mod_ext_filter.so
+#LoadModule mime_magic_module modules/mod_mime_magic.so
+#LoadModule expires_module modules/mod_expires.so
+#LoadModule deflate_module modules/mod_deflate.so
+#LoadModule headers_module modules/mod_headers.so
+#LoadModule usertrack_module modules/mod_usertrack.so
+LoadModule setenvif_module modules/mod_setenvif.so
+LoadModule mime_module modules/mod_mime.so
+#LoadModule dav_module modules/mod_dav.so
+#LoadModule status_module modules/mod_status.so
+LoadModule autoindex_module modules/mod_autoindex.so
+#LoadModule info_module modules/mod_info.so
+#LoadModule dav_fs_module modules/mod_dav_fs.so
+#LoadModule vhost_alias_module modules/mod_vhost_alias.so
+#LoadModule negotiation_module modules/mod_negotiation.so
+LoadModule dir_module modules/mod_dir.so
+LoadModule actions_module modules/mod_actions.so
+#LoadModule speling_module modules/mod_speling.so
+LoadModule userdir_module modules/mod_userdir.so
+LoadModule alias_module modules/mod_alias.so
+LoadModule rewrite_module modules/mod_rewrite.so
+#LoadModule proxy_module modules/mod_proxy.so
+#LoadModule proxy_balancer_module modules/mod_proxy_balancer.so
+#LoadModule proxy_ftp_module modules/mod_proxy_ftp.so
+#LoadModule proxy_http_module modules/mod_proxy_http.so
+#LoadModule proxy_connect_module modules/mod_proxy_connect.so
+#LoadModule cache_module modules/mod_cache.so
+LoadModule suexec_module modules/mod_suexec.so
+#LoadModule disk_cache_module modules/mod_disk_cache.so
+#LoadModule file_cache_module modules/mod_file_cache.so
+#LoadModule mem_cache_module modules/mod_mem_cache.so
+LoadModule cgi_module modules/mod_cgi.so
+LoadModule ssl_module modules/mod_ssl.so
+
+User apache
+Group apache
+
+#ErrorDocument 403 /403-404.html
+#ErrorDocument 404 /403-404.html
+#ErrorDocument 500 /script_error.html
+
+UserDir web_scripts
+
+
+ AllowOverride All
+ Options FollowSymLinks IncludesNoExec
+
+
+
+ AllowOverride All
+ Options FollowSymLinks IncludesNoExec
+
+
+
+ AllowOverride All
+ Options FollowSymLinks IncludesNoExec
+
+
+
+ AllowOverride All
+ Options FollowSymLinks IncludesNoExec
+
+
+
+ AllowOverride All
+ Options FollowSymLinks IncludesNoExec
+
+
+
+ AllowOverride All
+ Options FollowSymLinks IncludesNoExec
+
+
+
+ AllowOverride All
+ Options FollowSymLinks IncludesNoExec
+
+
+
+ DirectoryIndex index.html index.htm index.cgi index.pl index.php index.py index.shtml
+
+
+AccessFileName .htaccess
+
+
+ Order Allow,Deny
+ Deny from all
+
+
+UseCanonicalName Off
+TypesConfig /etc/mime.types
+DefaultType text/plain
+#MIMEMagicFile conf/magic
+
+AddDefaultCharset on
+
+HostnameLookups Off
+#ErrorLog "| sudo -u afsagent /usr/local/bin/process_logs"
+ErrorLog "/var/log/httpd/error_log"
+LogLevel warn
+LogFormat "%V %h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
+LogFormat "%h %l %u %t \"%r\" %>s %b" common
+LogFormat "%{Referer}i -> %U" referer
+LogFormat "%{User-agent}i" agent
+#CustomLog /var/log/httpd/access_log combined
+ServerSignature Off
+ServerAdmin scripts@mit.edu
+ServerTokens Prod
+
+Alias /icons /var/www/icons
+
+ Options None
+ AllowOverride None
+
+ SetHandler default-handler
+
+
+
+
+ IndexOptions FancyIndexing VersionSort NameWidth=* HTMLTable
+
+ AddIconByEncoding (CMP,/icons/compressed.gif) x-compress x-gzip
+
+ AddIconByType (TXT,/icons/text.gif) text/*
+ AddIconByType (IMG,/icons/image2.gif) image/*
+ AddIconByType (SND,/icons/sound2.gif) audio/*
+ AddIconByType (VID,/icons/movie.gif) video/*
+
+ AddIcon /icons/binary.gif .bin .exe
+ AddIcon /icons/binhex.gif .hqx
+ AddIcon /icons/tar.gif .tar
+ AddIcon /icons/world2.gif .wrl .wrl.gz .vrml .vrm .iv
+ AddIcon /icons/compressed.gif .Z .z .tgz .gz .zip
+ AddIcon /icons/a.gif .ps .ai .eps
+ AddIcon /icons/layout.gif .html .shtml .htm .pdf
+ AddIcon /icons/text.gif .txt
+ AddIcon /icons/c.gif .c
+ AddIcon /icons/p.gif .pl .py
+ AddIcon /icons/f.gif .for
+ AddIcon /icons/dvi.gif .dvi
+ AddIcon /icons/uuencoded.gif .uu
+ AddIcon /icons/script.gif .conf .sh .shar .csh .ksh .tcl
+ AddIcon /icons/tex.gif .tex
+ AddIcon /icons/bomb.gif core
+ AddIcon /icons/deb.gif .deb
+
+ AddIcon /icons/back.gif ..
+ AddIcon /icons/hand.right.gif README
+ AddIcon /icons/folder.gif ^^DIRECTORY^^
+ AddIcon /icons/blank.gif ^^BLANKICON^^
+
+ DefaultIcon /icons/unknown.gif
+
+ ReadmeName README
+ HeaderName HEADER
+
+ IndexIgnore .??* *~ *# HEADER* README* RCS CVS *,v *,t
+
+
+
+ AddType application/xhtml+xml .xhtml
+ AddType application/http-index-format .hti
+ AddType text/html .html
+ AddType text/css .css
+ AddType text/xsl .xslt
+ AddType application/x-javascript .js
+ AddType application/xml .xml
+ AddType image/svg+xml .svg
+ AddType application/vnd.mozilla.xul+xml .xul
+ AddType application/rdf+xml .rdf
+ AddType application/x-xpinstall .xpi
+ AddType text/xml .xsl
+ #AddOutputFilterByType mod-xslt application/xml
+ AddType text/html .shtml
+ AddHandler server-parsed .shtml
+
+
+
+ AddEncoding x-compress Z
+ AddEncoding x-gzip gz tgz
+
+ AddLanguage da .dk
+ AddLanguage nl .nl
+ AddLanguage en .en
+ AddLanguage et .ee
+ AddLanguage fr .fr
+ AddLanguage de .de
+ AddLanguage el .el
+ AddLanguage it .it
+ AddLanguage ja .ja
+ AddCharset ISO-2022-JP .jis
+ AddLanguage pl .po
+ AddCharset ISO-8859-2 .iso-pl
+ AddLanguage pt .pt
+ AddLanguage pt-br .pt-br
+ AddLanguage ltz .lu
+ AddLanguage ca .ca
+ AddLanguage es .es
+ AddLanguage sv .se
+ AddLanguage cz .cz
+
+
+ LanguagePriority en da nl et fr de el it ja pl pt pt-br ltz ca es sv
+
+
+ #AddType application/x-httpd-php .php
+ #AddType application/x-httpd-php-source .phps
+
+ AddType application/x-tar .tgz
+ AddType image/bmp .bmp
+
+ # hdml
+ AddType text/x-hdml .hdml
+
+ #AddType text/html .shtml
+ #AddHandler server-parsed .shtml
+
+
+
+ BrowserMatch "Mozilla/2" nokeepalive
+ BrowserMatch "MSIE 4\.0b2;" nokeepalive downgrade-1.0 force-response-1.0
+ BrowserMatch "RealPlayer 4\.0" force-response-1.0
+ BrowserMatch "Java/1\.0" force-response-1.0
+ BrowserMatch "JDK/1\.0" force-response-1.0
+ SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown
+
+
+Listen 80
+
+
+Listen 443
+
+AddType application/x-x509-ca-cert .crt
+AddType application/x-pkcs7-crl .crl
+
+SSLPassPhraseDialog builtin
+SSLSessionCache dbm:/var/run/ssl_scache
+SSLSessionCacheTimeout 300
+SSLMutex file:/var/run/ssl_mutex
+SSLRandomSeed startup builtin
+SSLRandomSeed connect builtin
+
+
+RLimitCPU 60 60
+#RLimitMEM 536870912 536870912
+RLimitMEM 268435456 268435456
+RLimitNPROC 1024 1024
+
+SetEnv REDIRECT_STATUS CGI
+SetEnv PHPRC .
+
+NameVirtualHost *:80
+NameVirtualHost *:443
+
+ServerName localhost
+DocumentRoot /afs/athena.mit.edu/contrib/scripts/www
+Include conf.d/static.conf
+Include /afs/athena.mit.edu/contrib/scripts/vhosts/better-mousetrap.conf
Index: server/fedora/config/etc/issue.net
===================================================================
--- server/fedora/config/etc/issue.net (revision 39)
+++ server/fedora/config/etc/issue.net (revision 39)
@@ -0,0 +1,10 @@
+#----------------------------------------------------------------------------#
+ PLEASE NOTE: You cannot use a *password* to log in to scripts.mit.edu.
+ Instead, you must use a recent version of ssh to authenticate using Kerberos
+ (specifically, you must use gssapi-with-mic). We recommend that you run
+ these commands on Athena to connect: "add scripts" then "sshmic scripts".
+ The default Athena ssh is too old to authenticate to scripts.mit.edu.
+ Also, please note that you must sign up for one or more of the script
+ services before you can log in using ssh (see http://scripts.mit.edu).
+ Feel free to e-mail scripts@mit.edu if you have any questions.
+#----------------------------------------------------------------------------#
Index: server/fedora/config/etc/krb.conf
===================================================================
--- server/fedora/config/etc/krb.conf (revision 39)
+++ server/fedora/config/etc/krb.conf (revision 39)
@@ -0,0 +1,3 @@
+ATHENA.MIT.EDU
+ATHENA.MIT.EDU KERBEROS.MIT.EDU:88
+ATHENA.MIT.EDU KERBEROS.MIT.EDU:749 admin server
Index: server/fedora/config/etc/krb.realms
===================================================================
--- server/fedora/config/etc/krb.realms (revision 39)
+++ server/fedora/config/etc/krb.realms (revision 39)
@@ -0,0 +1,55 @@
+.EXAMPLE.COM EXAMPLE.COM
+sics.se SICS.SE
+.sics.se SICS.SE
+nada.kth.se NADA.KTH.SE
+pdc.kth.se NADA.KTH.SE
+.hydro.kth.se NADA.KTH.SE
+.mech.kth.se MECH.KTH.SE
+.nada.kth.se NADA.KTH.SE
+.pdc.kth.se NADA.KTH.SE
+.sans.kth.se NADA.KTH.SE
+.admin.kth.se ADMIN.KTH.SE
+.e.kth.se E.KTH.SE
+.s3.kth.se E.KTH.SE
+.radio.kth.se E.KTH.SE
+.ttt.kth.se E.KTH.SE
+.electrum.kth.se IT.KTH.SE
+.math.kth.se MATH.KTH.SE
+.it.kth.se IT.KTH.SE
+.sth.sunet.se SUNET.SE
+.pilsnet.sunet.se SUNET.SE
+.sunet.se SUNET.SE
+.ml.kva.se ML.KVA.SE
+pi.se PI.SE
+.pi.se PI.SE
+.adm.pi.se PI.SE
+.stacken.kth.se STACKEN.KTH.SE
+kth.se KTH.SE
+.kth.se KTH.SE
+.bion.kth.se BION.KTH.SE
+.lib.kth.se LIB.KTH.SE
+.dsv.su.se DSV.SU.SE
+.MIT.EDU ATHENA.MIT.EDU
+.MIT.EDU. ATHENA.MIT.EDU
+MIT.EDU ATHENA.MIT.EDU
+DODO.MIT.EDU SMS_TEST.MIT.EDU
+.UCSC.EDU CATS.UCSC.EDU
+.UCSC.EDU. CATS.UCSC.EDU
+CYGNUS.COM CYGNUS.COM
+.CYGNUS.COM CYGNUS.COM
+MIRKWOOD.CYGNUS.COM MIRKWOOD.CYGNUS.COM
+KITHRUP.COM KITHRUP.COM
+.KITHRUP.COM KITHRUP.COM
+.berkeley.edu EECS.BERKELEY.EDU
+.CS.berkeley.edu EECS.BERKELEY.EDU
+.MIT.EDU ATHENA.MIT.EDU
+.mit.edu ATHENA.MIT.EDU
+.BSDI.COM BSDI.COM
+ARMADILLO.COM ARMADILLO.COM
+.ARMADILLO.COM ARMADILLO.COM
+ZEN.ORG ZEN.ORG
+.ZEN.ORG ZEN.ORG
+toad.com TOAD.COM
+.toad.com TOAD.COM
+lloyd.com LLOYD.COM
+.lloyd.com LLOYD.COM
Index: server/fedora/config/etc/krb5.conf
===================================================================
--- server/fedora/config/etc/krb5.conf (revision 39)
+++ server/fedora/config/etc/krb5.conf (revision 39)
@@ -0,0 +1,116 @@
+[libdefaults]
+ default_realm = ATHENA.MIT.EDU
+# The following krb5.conf variables are only for MIT Kerberos.
+ krb4_config = /etc/krb.conf
+ krb4_realms = /etc/krb.realms
+ kdc_timesync = 1
+ ccache_type = 4
+ forwardable = true
+ proxiable = true
+# The following encryption type specification will be used by MIT Kerberos
+# if uncommented. In general, the defaults in the MIT Kerberos code
+# are correct and overriding these specifications only serves to disable
+# new encryption types as they are added, creating interoperability problems.
+# default_tgs_enctypes = aes256-cts arcfour-hmac-md5 des3-hmac-sha1 des-cbc-crc des-cbc-md5
+# default_tkt_enctypes = aes256-cts arcfour-hmac-md5 des3-hmac-sha1 des-cbc-crc des-cbc-md5
+#permitted_enctypes = aes256-cts arcfour-hmac-md5 des3-hmac-sha1 des-cbc-crc des-cbc-md5
+
+# The following libdefaults parameters are only for Heimdal Kerberos.
+ v4_instance_resolve = false
+ v4_name_convert = {
+ host = {
+ rcmd = host
+ ftp = ftp
+ }
+ plain = {
+ something = something-else
+ }
+ }
+
+[realms]
+ ATHENA.MIT.EDU = {
+ kdc = kerberos.mit.edu:88
+ kdc = kerberos-1.mit.edu:88
+ kdc = kerberos-2.mit.edu:88
+ kdc = kerberos-3.mit.edu:88
+ admin_server = kerberos.mit.edu
+ default_domain = mit.edu
+ }
+ MEDIA-LAB.MIT.EDU = {
+ kdc = kerberos.media.mit.edu
+ admin_server = kerberos.media.mit.edu
+ }
+ ZONE.MIT.EDU = {
+ kdc = casio.mit.edu
+ kdc = seiko.mit.edu
+ admin_server = casio.mit.edu
+ }
+ MOOF.MIT.EDU = {
+ kdc = three-headed-dogcow.mit.edu:88
+ kdc = three-headed-dogcow-1.mit.edu:88
+ admin_server = three-headed-dogcow.mit.edu
+ }
+ CYGNUS.COM = {
+ kdc = KERBEROS.CYGNUS.COM
+ kdc = KERBEROS-1.CYGNUS.COM
+ admin_server = KERBEROS.CYGNUS.COM
+ }
+ GREY17.ORG = {
+ kdc = kerberos.grey17.org
+ admin_server = kerberos.grey17.org
+ }
+ IHTFP.ORG = {
+ kdc = kerberos.ihtfp.org
+ admin_server = kerberos.ihtfp.org
+ }
+ GNU.ORG = {
+ kdc = kerberos.gnu.org
+ kdc = kerberos-2.gnu.org
+ kdc = kerberos-3.gnu.org
+ admin_server = kerberos.gnu.org
+ }
+ 1TS.ORG = {
+ kdc = kerberos.1ts.org
+ admin_server = kerberos.1ts.org
+ }
+ GRATUITOUS.ORG = {
+ kdc = kerberos.gratuitous.org
+ admin_server = kerberos.gratuitous.org
+ }
+ DOOMCOM.ORG = {
+ kdc = kerberos.doomcom.org
+ admin_server = kerberos.doomcom.org
+ }
+
+ANDREW.CMU.EDU = {
+ kdc = vice28.fs.andrew.cmu.edu
+ kdc = vice2.fs.andrew.cmu.edu
+ kdc = vice11.fs.andrew.cmu.edu
+ kdc = vice12.fs.andrew.cmu.edu
+ admin_server = vice28.fs.andrew.cmu.edu
+ default_domain = andrew.cmu.edu
+ }
+ CS.CMU.EDU = {
+ kdc = kerberos.cs.cmu.edu
+ kdc = kerberos-2.srv.cs.cmu.edu
+ admin_server = kerberos.cs.cmu.edu
+ }
+ DEMENTIA.ORG = {
+ kdc = kerberos.dementia.org
+ kdc = kerberos2.dementia.org
+ admin_server = kerberos.dementia.org
+ }
+
+
+[domain_realm]
+ .mit.edu = ATHENA.MIT.EDU
+ mit.edu = ATHENA.MIT.EDU
+ .media.mit.edu = MEDIA-LAB.MIT.EDU
+ media.mit.edu = MEDIA-LAB.MIT.EDU
+ .whoi.edu = ATHENA.MIT.EDU
+ whoi.edu = ATHENA.MIT.EDU
+.stanford.edu = stanford.edu
+
+[login]
+ krb4_convert = true
+ krb4_get_tickets = true
Index: server/fedora/config/etc/nagios/nrpe.cfg
===================================================================
--- server/fedora/config/etc/nagios/nrpe.cfg (revision 39)
+++ server/fedora/config/etc/nagios/nrpe.cfg (revision 39)
@@ -0,0 +1,202 @@
+#############################################################################
+# Sample NRPE Config File
+# Written by: Ethan Galstad (nagios@nagios.org)
+#
+# Last Modified: 02-23-2006
+#
+# NOTES:
+# This is a sample configuration file for the NRPE daemon. It needs to be
+# located on the remote host that is running the NRPE daemon, not the host
+# from which the check_nrpe client is being executed.
+#############################################################################
+
+
+# PID FILE
+# The name of the file in which the NRPE daemon should write it's process ID
+# number. The file is only written if the NRPE daemon is started by the root
+# user and is running in standalone mode.
+
+pid_file=/var/run/nrpe.pid
+
+
+
+# PORT NUMBER
+# Port number we should wait for connections on.
+# NOTE: This must be a non-priviledged port (i.e. > 1024).
+# NOTE: This option is ignored if NRPE is running under either inetd or xinetd
+
+server_port=5666
+
+
+
+# SERVER ADDRESS
+# Address that nrpe should bind to in case there are more than one interface
+# and you do not want nrpe to bind on all interfaces.
+# NOTE: This option is ignored if NRPE is running under either inetd or xinetd
+
+#server_address=192.168.1.1
+
+
+
+# NRPE USER
+# This determines the effective user that the NRPE daemon should run as.
+# You can either supply a username or a UID.
+#
+# NOTE: This option is ignored if NRPE is running under either inetd or xinetd
+
+nrpe_user=nagios
+
+
+
+# NRPE GROUP
+# This determines the effective group that the NRPE daemon should run as.
+# You can either supply a group name or a GID.
+#
+# NOTE: This option is ignored if NRPE is running under either inetd or xinetd
+
+nrpe_group=nagios
+
+
+
+# ALLOWED HOST ADDRESSES
+# This is an optional comma-delimited list of IP address or hostnames
+# that are allowed to talk to the NRPE daemon.
+#
+# Note: The daemon only does rudimentary checking of the client's IP
+# address. I would highly recommend adding entries in your /etc/hosts.allow
+# file to allow only the specified host to connect to the port
+# you are running this daemon on.
+#
+# NOTE: This option is ignored if NRPE is running under either inetd or xinetd
+
+allowed_hosts=18.187.1.128
+
+
+
+# COMMAND ARGUMENT PROCESSING
+# This option determines whether or not the NRPE daemon will allow clients
+# to specify arguments to commands that are executed. This option only works
+# if the daemon was configured with the --enable-command-args configure script
+# option.
+#
+# *** ENABLING THIS OPTION IS A SECURITY RISK! ***
+# Read the SECURITY file for information on some of the security implications
+# of enabling this variable.
+#
+# Values: 0=do not allow arguments, 1=allow command arguments
+
+dont_blame_nrpe=1
+
+
+
+# COMMAND PREFIX
+# This option allows you to prefix all commands with a user-defined string.
+# A space is automatically added between the specified prefix string and the
+# command line from the command definition.
+#
+# *** THIS EXAMPLE MAY POSE A POTENTIAL SECURITY RISK, SO USE WITH CAUTION! ***
+# Usage scenario:
+# Execute restricted commmands using sudo. For this to work, you need to add
+# the nagios user to your /etc/sudoers. An example entry for alllowing
+# execution of the plugins from might be:
+#
+# nagios ALL=(ALL) NOPASSWD: /usr/lib/nagios/plugins/
+#
+# This lets the nagios user run all commands in that directory (and only them)
+# without asking for a password. If you do this, make sure you don't give
+# random users write access to that directory or its contents!
+
+# command_prefix=/usr/bin/sudo
+
+
+
+# DEBUGGING OPTION
+# This option determines whether or not debugging messages are logged to the
+# syslog facility.
+# Values: 0=debugging off, 1=debugging on
+
+debug=0
+
+
+
+# COMMAND TIMEOUT
+# This specifies the maximum number of seconds that the NRPE daemon will
+# allow plugins to finish executing before killing them off.
+
+command_timeout=60
+
+
+
+# WEEK RANDOM SEED OPTION
+# This directive allows you to use SSL even if your system does not have
+# a /dev/random or /dev/urandom (on purpose or because the necessary patches
+# were not applied). The random number generator will be seeded from a file
+# which is either a file pointed to by the environment valiable $RANDFILE
+# or $HOME/.rnd. If neither exists, the pseudo random number generator will
+# be initialized and a warning will be issued.
+# Values: 0=only seed from /dev/[u]random, 1=also seed from weak randomness
+
+#allow_weak_random_seed=1
+
+
+
+# INCLUDE CONFIG FILE
+# This directive allows you to include definitions from an external config file.
+
+#include=
+
+
+
+# INCLUDE CONFIG DIRECTORY
+# This directive allows you to include definitions from config files (with a
+# .cfg extension) in one or more directories (with recursion).
+
+#include_dir=
+#include_dir=
+
+
+
+# COMMAND DEFINITIONS
+# Command definitions that this daemon will run. Definitions
+# are in the following format:
+#
+# command[]=
+#
+# When the daemon receives a request to return the results of
+# it will execute the command specified by the argument.
+#
+# Unlike Nagios, the command line cannot contain macros - it must be
+# typed exactly as it should be executed.
+#
+# Note: Any plugins that are used in the command lines must reside
+# on the machine that this daemon is running on! The examples below
+# assume that you have plugins installed in a /usr/local/nagios/libexec
+# directory. Also note that you will have to modify the definitions below
+# to match the argument format the plugins expect. Remember, these are
+# examples only!
+
+# The following examples use hardcoded command arguments...
+
+#command[check_users]=/usr/lib64/nagios/plugins/check_users -w 5 -c 10
+#command[check_load]=/usr/lib64/nagios/plugins/check_load -w 15,10,5 -c 30,25,20
+#command[check_disk1]=/usr/lib64/nagios/plugins/check_disk -w 20 -c 10 -p /dev/hda1
+#command[check_disk2]=/usr/lib64/nagios/plugins/check_disk -w 20 -c 10 -p /dev/hdb1
+#command[check_zombie_procs]=/usr/lib64/nagios/plugins/check_procs -w 5 -c 10 -s Z
+#command[check_total_procs]=/usr/lib64/nagios/plugins/check_procs -w 150 -c 200
+
+# The following examples allow user-supplied arguments and can
+# only be used if the NRPE daemon was compiled with support for
+# command arguments *AND* the dont_blame_nrpe directive in this
+# config file is set to '1'...
+
+command[check_users]=/usr/lib64/nagios/plugins/check_users -w $ARG1$ -c $ARG2$
+command[check_load]=/usr/lib64/nagios/plugins/check_load -w $ARG1$ -c $ARG2$
+command[check_disk]=/usr/lib64/nagios/plugins/check_disk -w $ARG1$ -c $ARG2$
+command[check_disk_p]=/usr/lib64/nagios/plugins/check_disk -w $ARG1$ -c $ARG2$ -p $ARG3$
+command[check_procs]=/usr/lib64/nagios/plugins/check_procs -w $ARG1$ -c $ARG2$
+command[check_procs_C]=/usr/lib64/nagios/plugins/check_procs -w $ARG1$ -c $ARG2$ -C $ARG3$
+command[check_procs_P]=/usr/lib64/nagios/plugins/check_procs -w $ARG1$ -c $ARG2$ -P $ARG3$
+command[check_procs_m]=/usr/lib64/nagios/plugins/check_procs -w $ARG1$ -c $ARG2$ -m $ARG3$
+command[check_procs_s]=/usr/lib64/nagios/plugins/check_procs -w $ARG1$ -c $ARG2$ -s $ARG3$
+command[check_procs_u]=/usr/lib64/nagios/plugins/check_procs -w $ARG1$ -c $ARG2$ -u $ARG3$
+command[check_procs_z]=/usr/lib64/nagios/plugins/check_procs -w $ARG1$ -c $ARG2$ -z $ARG3$
Index: server/fedora/config/etc/ntp.conf
===================================================================
--- server/fedora/config/etc/ntp.conf (revision 39)
+++ server/fedora/config/etc/ntp.conf (revision 39)
@@ -0,0 +1,7 @@
+restrict default kod nomodify notrap nopeer noquery
+restrict 127.0.0.1
+server time.mit.edu
+server 127.127.1.0
+fudge 127.127.1.0 stratum 10
+driftfile /var/lib/ntp/drift
+keys /etc/ntp/keys
Index: server/fedora/config/etc/openafs/CellAlias
===================================================================
--- server/fedora/config/etc/openafs/CellAlias (revision 39)
+++ server/fedora/config/etc/openafs/CellAlias (revision 39)
@@ -0,0 +1,15 @@
+#
+# This file can be used to specify AFS cell aliases, one per line.
+# The syntax to specify "my" as an alias for "my.cell.name" is:
+#
+# my.cell.name my
+
+athena.mit.edu athena
+csail.mit.edu csail
+dev.mit.edu dev
+lees.mit.edu lees
+net.mit.edu net
+ops.mit.edu ops
+sipb.mit.edu sipb
+andrew.cmu.edu andrew
+acpub.duke.edu acpub
Index: server/fedora/config/etc/openafs/ThisCell
===================================================================
--- server/fedora/config/etc/openafs/ThisCell (revision 39)
+++ server/fedora/config/etc/openafs/ThisCell (revision 39)
@@ -0,0 +1,1 @@
+athena.mit.edu
Index: server/fedora/config/etc/php.d/scripts.ini
===================================================================
--- server/fedora/config/etc/php.d/scripts.ini (revision 39)
+++ server/fedora/config/etc/php.d/scripts.ini (revision 39)
@@ -0,0 +1,5 @@
+cgi.fix_pathinfo=1
+session.save_path = /tmp/sessions
+mime_magic.magicfile = /afs/athena.mit.edu/contrib/scripts/etc/magic
+include_path=".:/usr/share/php"
+mysql.default_host = 'sql.mit.edu'
Index: server/fedora/config/etc/postfix/main.cf
===================================================================
--- server/fedora/config/etc/postfix/main.cf (revision 39)
+++ server/fedora/config/etc/postfix/main.cf (revision 39)
@@ -0,0 +1,18 @@
+#biff = no
+
+# appending .domain is the MUA's job.
+#append_dot_mydomain = no
+
+# Uncomment the next line to generate "delayed mail" warnings
+#delay_warning_time = 4h
+
+alias_maps = hash:/etc/aliases
+alias_database = hash:/etc/aliases
+myorigin = scripts.mit.edu
+mydestination = scripts.mit.edu, scripts, $myhostname, localhost
+relayhost =
+mynetworks = 127.0.0.0/8
+mailbox_command = /usr/bin/procmail -a "${EXTENSION}" ~/mail_scripts/procmailrc
+mailbox_size_limit = 0
+recipient_delimiter = +
+inet_interfaces = all
Index: server/fedora/config/etc/rc.d/rc.local
===================================================================
--- server/fedora/config/etc/rc.d/rc.local (revision 39)
+++ server/fedora/config/etc/rc.d/rc.local (revision 39)
@@ -0,0 +1,5 @@
+#!/bin/sh
+
+touch /var/lock/subsys/local
+
+/bin/mkdir -m 1777 /tmp/sessions
Index: server/fedora/config/etc/resolv.conf
===================================================================
--- server/fedora/config/etc/resolv.conf (revision 39)
+++ server/fedora/config/etc/resolv.conf (revision 39)
@@ -0,0 +1,2 @@
+search mit.edu
+nameserver 127.0.0.1
Index: server/fedora/config/etc/security/limits.conf
===================================================================
--- server/fedora/config/etc/security/limits.conf (revision 39)
+++ server/fedora/config/etc/security/limits.conf (revision 39)
@@ -0,0 +1,50 @@
+# /etc/security/limits.conf
+#
+#Each line describes a limit for a user in the form:
+#
+# -
+#
+#Where:
+# can be:
+# - an user name
+# - a group name, with @group syntax
+# - the wildcard *, for default entry
+# - the wildcard %, can be also used with %group syntax,
+# for maxlogin limit
+#
+# can have the two values:
+# - "soft" for enforcing the soft limits
+# - "hard" for enforcing hard limits
+#
+#
- can be one of the following:
+# - core - limits the core file size (KB)
+# - data - max data size (KB)
+# - fsize - maximum filesize (KB)
+# - memlock - max locked-in-memory address space (KB)
+# - nofile - max number of open files
+# - rss - max resident set size (KB)
+# - stack - max stack size (KB)
+# - cpu - max CPU time (MIN)
+# - nproc - max number of processes
+# - as - address space limit
+# - maxlogins - max number of logins for this user
+# - maxsyslogins - max number of logins on the system
+# - priority - the priority to run user process with
+# - locks - max number of file locks the user can hold
+# - sigpending - max number of pending signals
+# - msgqueue - max memory used by POSIX message queues (bytes)
+# - nice - max nice priority allowed to raise to
+# - rtprio - max realtime priority
+#
+#
-
+#
+
+* hard core 0
+#* hard rss 10000
+#@student hard nproc 20
+#@faculty soft nproc 20
+#@faculty hard nproc 50
+#ftp hard nproc 0
+#@student - maxlogins 4
+
+# End of file
Index: server/fedora/config/etc/snmp/snmpd.conf
===================================================================
--- server/fedora/config/etc/snmp/snmpd.conf (revision 39)
+++ server/fedora/config/etc/snmp/snmpd.conf (revision 39)
@@ -0,0 +1,1 @@
+rocommunity public
Index: server/fedora/config/etc/ssh/sshd_config
===================================================================
--- server/fedora/config/etc/ssh/sshd_config (revision 39)
+++ server/fedora/config/etc/ssh/sshd_config (revision 39)
@@ -0,0 +1,13 @@
+Protocol 2
+SyslogFacility AUTHPRIV
+PasswordAuthentication yes
+ChallengeResponseAuthentication no
+GSSAPIAuthentication yes
+GSSAPICleanupCredentials yes
+UsePAM yes
+AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES
+AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT
+AcceptEnv LC_IDENTIFICATION LC_ALL
+X11Forwarding yes
+Banner /etc/issue.net
+Subsystem sftp /usr/libexec/openssh/sftp-server
Index: server/fedora/config/etc/sysconfig/iptables
===================================================================
--- server/fedora/config/etc/sysconfig/iptables (revision 39)
+++ server/fedora/config/etc/sysconfig/iptables (revision 39)
@@ -0,0 +1,28 @@
+# Generated by iptables-save v1.3.5 on Tue Jul 18 01:46:04 2006
+*mangle
+:PREROUTING ACCEPT [857:1670874]
+:INPUT ACCEPT [857:1670874]
+:FORWARD ACCEPT [0:0]
+:OUTPUT ACCEPT [1197:347244]
+:POSTROUTING ACCEPT [1195:345719]
+COMMIT
+# Completed on Tue Jul 18 01:46:04 2006
+# Generated by iptables-save v1.3.5 on Tue Jul 18 01:46:04 2006
+*nat
+:OUTPUT ACCEPT [0:0]
+:PREROUTING ACCEPT [0:0]
+:POSTROUTING ACCEPT [0:0]
+#-A PREROUTING -p tcp -m tcp --dport 3306 -j DNAT --to-destination 18.181.0.52:3306
+#-A POSTROUTING -p tcp -m tcp -d 18.181.0.52 --dport 3306 -j MASQUERADE
+COMMIT
+# Completed on Tue Jul 18 01:46:04 2006
+# Generated by iptables-save v1.3.5 on Tue Jul 18 01:46:04 2006
+*filter
+:INPUT ACCEPT [292118:164733476]
+-A INPUT -p tcp -m tcp --dport 5666 -s ! 18.187.1.128/255.255.255.255 -j DROP
+-A INPUT -p tcp -m tcp --dport 199 -s ! 18.187.1.128/255.255.255.255 -j DROP
+-A INPUT -p udp -m udp --dport 161 -s ! 18.187.1.128/255.255.255.255 -j DROP
+:FORWARD ACCEPT [0:0]
+:OUTPUT ACCEPT [500523:537785790]
+COMMIT
+# Completed on Tue Jul 18 01:46:04 2006
Index: server/fedora/config/etc/sysconfig/network
===================================================================
--- server/fedora/config/etc/sysconfig/network (revision 39)
+++ server/fedora/config/etc/sysconfig/network (revision 39)
@@ -0,0 +1,3 @@
+NETWORKING=yes
+HOSTNAME=scripts.mit.edu
+GATEWAY=18.181.0.1
Index: server/fedora/config/etc/sysconfig/openafs
===================================================================
--- server/fedora/config/etc/sysconfig/openafs (revision 39)
+++ server/fedora/config/etc/sysconfig/openafs (revision 39)
@@ -0,0 +1,5 @@
+AFSD_ARGS="-afsdb -dynroot -fakestat -daemons 6"
+BOSSERVER_ARGS=
+
+/usr/bin/fs setcrypt on
+/usr/bin/fs sysname 'amd64_linux26' 'i386_rhel4' 'i386_rhel3' 'i386_rh9' 'i386_linux24' 'i386_linux22' 'i386_linux3' 'i386_linux2' 'i386_linux1'
Index: server/fedora/config/etc/sysctl.conf
===================================================================
--- server/fedora/config/etc/sysctl.conf (revision 39)
+++ server/fedora/config/etc/sysctl.conf (revision 39)
@@ -0,0 +1,10 @@
+net.ipv4.ip_forward = 1
+net.ipv4.conf.default.rp_filter = 1
+net.ipv4.conf.default.accept_source_route = 0
+kernel.sysrq = 0
+kernel.core_uses_pid = 1
+net.ipv4.tcp_syncookies = 1
+net.ipv4.conf.default.arp_ignore = 1
+net.ipv4.conf.default.arp_announce = 2
+net.ipv4.conf.all.arp_ignore = 1
+net.ipv4.conf.all.arp_announce = 2