StuRa:Server/Hauptsystem: Unterschied zwischen den Versionen
Zeile 8: | Zeile 8: | ||
=== Installation === | === Installation === | ||
[[PT]] und [[Benutzer:Frank Hebold]] orientierte sich ergänzend an der [http://www.commander1024.de/wordpress/2012/01/freebsd-9-mit-root-on-zfs/ "Anleitung" ''FreeBSD 9 mit Root on ZFS'']. | [[PT]] und [[Benutzer:FrankHebold | Frank Hebold]] orientierte sich ergänzend an der [http://www.commander1024.de/wordpress/2012/01/freebsd-9-mit-root-on-zfs/ "Anleitung" ''FreeBSD 9 mit Root on ZFS'']. | ||
==== Installation des Betriebssystems ==== | ==== Installation des Betriebssystems ==== |
Version vom 7. Mai 2013, 15:01 Uhr
dicke Berta
Der Artikel Server/Hauptsystem dient zur Dokumentation des hauptsächlichen Systems des Servers (unseres StuRa).
Die <eingegrenzten Bereiche> sind Inhalte, die variabel sind oder hier nicht angegeben werden können.
Software
Installation
PT und Frank Hebold orientierte sich ergänzend an der "Anleitung" FreeBSD 9 mit Root on ZFS.
Installation des Betriebssystems
Starten mit dem Startmedium
- mit Speicherabbild für den USB-Stick
Einrichtung der Festplatten zur Installation des Betriebssystems
Festplatten einrichten
- gpart create -s gpt /dev/ada0
- gpart create -s gpt /dev/ada1
- gpart create -s gpt /dev/ada2
Partitionierung der Festplatten zur Installation des Betriebssystems
Festplatten partitionieren
- gpart add -s 512k -t freebsd-boot ada0
- gpart add -s 512k -t freebsd-boot ada1
- gpart add -s 512k -t freebsd-boot ada2
- gpart add -s 3G -t freebsd-swap ada0
- gpart add -s 3G -t freebsd-swap ada1
- gpart add -s 3G -t freebsd-swap ada2
- gpart add -t freebsd-zfs ada0
- gpart add -t freebsd-zfs ada1
- gpart add -t freebsd-zfs ada2
Bootloader zur Installation des Betriebssystems
- gpart bootcode -b /boot/pmbr -p /boot/gptzfsboot -i 1 ada0
- gpart bootcode -b /boot/pmbr -p /boot/gptzfsboot -i 1 ada1
- gpart bootcode -b /boot/pmbr -p /boot/gptzfsboot -i 1 ada2
Spiegeln des SWAP zur Installation des Betriebssystems
SWAP spiegeln (Redundanz erzeugen)
- gmirror label -v -b round-robin swap0 ada0p2 ada1p2 ada2p2
- gmirror load
Anlegen des Pools für ZFS zur Installation des Betriebssystems
Pool für ZFS anlegen
- zpool create gallien mirror ada0p3 ada1p3 ada2p3
- zfs set mountpoint=/mnt gallien
- zpool export gallien
- zpool import -o cachefile=/var/tmp/zpool.cache gallien
- zfs set checksum=fletcher4 gallien
Anlegen der Datasets von ZFS zur Installation des Betriebssystems
Datasets von ZFS anlegen
- zfs create -o compression=on -o exec=on -o setuid=off gallien/tmp
- cdmod 1777 /mnt/tmp
- zfs create gallien/usr
- zfs create gallien/usr/home
- cd /mnt/
- ln -s /usr/home home
- zfs create -o compression=lzjb -o setuid=off gallien/usr/ports
- zfs create -o compression=off -o exec=off -o setuid=off gallien/usr/ports/distfiles
- zfs create -o compression=off -o exec=off -o setuid=off gallien/usr/ports/packages
- zfs create -o compression=off -o exec=off -o setuid=off gallien/usr/src
- zfs create gallien/var
- zfs create -o compression=off -o exec=off -o setuid=off gallien/var/crash
- zfs create -o exec=off -o setuid=off gallien/var/empty
- zfs create -o compression=lzjb -o exec=off -o setuid=off gallien/var/log
- zfs create -o compression=gzip -o exec=off -o setuid=off gallien/var/mail
- zfs create -o exec=off -o setuid=off gallien/var/run
- zfs create -o compression=lzjb -o exec=on -o setuid=off gallien/var/tmp
- chmod 1777 /mnt/var/tmp
Installation des Betriebssystems zur Installation des Betriebssystems
Installation FreeBSD 9.X
- tar -xf /usr/freebsd-dist/doc.txz
- tar -xf /usr/freebsd-dist/kernel.txz
- tar -xf /usr/freebsd-dist/lib32.txz
- tar -xf /usr/freebsd-dist/ports.txz
- tar -xf /usr/freebsd-dist/src.txz
- zfs set readonly=on gallien/var/empty
Konfiguration des FreeBSD nach der Installation des Betriebssystems
Änderung des Rootverzeichnisses nach der Installation des Betriebssystems
Änderung des Rootverzeichnisses
- chroot /mnt
Setzen des Passwortes für root nach der Installation des Betriebssystems
root-Passwort setzen
- passwd
Anpassung zum Einhängen des SWAP-Mirror für jeden Boot-Vorgang nach der Installation des Betriebssystems
SWAP beim Hochfahren einhängen
- ee /mnt/etc/fstab
#Device Mountpoint FStype Options Dump Pass# /dev/mirror/swap0 none swap sw 0 0
Anpassung zur Aktivierung von ZFS für jeden Boot-Vorgang nach der Installation des Betriebssystems
Aktivierung des ZFS
- ee /etc/rc.conf
zfs_enable="YES"
Laden der benötigten Kernel-Module
- ee /boot/loader.conf
zfs_load="YES" vfs.root.mountfrom="zfs:gallien" geom_mirror_load="YES"
Anpassung zur Aktivierung der Netzwerkeinstellungen für jeden Boot-Vorgang nach der Installation des Betriebssystems
Grundkonfiguration der Netzwerkeinstellungen
- ee /etc/rc.conf
hostname="<hostname der Maschine>" defaultrouter="<IP des Defaultrouters>" ifconfig_em0="<IP der Maschine> netmask 255.255.255.0"
Anpassung zur Festlegung der Dauer vom Bootscreen für jeden Boot-Vorgang nach der Installation des Betriebssystems
Festlegung (Reduzierung) der Dauer vom Bootscreen
- ee /boot/loader.conf
autoboot_delay="1"
Anpassung zur Festlegung der Zeitzone nach der Installation des Betriebssystems
Änderung der Zeitzone
- tzsetup
Europe Germany
Abmelden aus dem Rootverzeichnisses nach der Installation des Betriebssystems
- exit
Kopieren der Informationen zum Pool für ZFS für jeden Boot-Vorgang nach der Installation des Betriebssystems
Informationen zum Pool für ZFS kopieren (oder verschieben)
- cp /var/tmp/zpool.cache /mnt/boot/zfs/
einmaliges Aushängen und Festlegung der zukünftige Einhängepunkte der Datasets von ZFS für jeden Boot-Vorgang nach der Installation des Betriebssystems
Datasets von ZFS aushängen und zukünftige Einhängepunkte festlegen
- cd /
- zfs unmount -a
- zfs set mountpoint=legacy gallien
- zfs set mountpoint=/tmp gallien/tmp
- zfs set mountpoint=/usr gallien/usr
- zfs set mountpoint=/var gallien/var
Neustarten nach der Installation des Betriebssystems
FERTIG! (Neustart!)
- reboot
Anpassungen und Ergänzungen nach der Installation des Betriebssystems
Anpassung zur Festlegung der Adressen für die Weiterleitung der Mails des Betriebssystems
Erstellung und Weiterleitung von Adressen für Mails vom Betriebssystem
- cd /etc/mail
- ee alias
- make aliases
Erstellung der Liste für Nameserver
- ee /etc/resolv.conf
domain <domain.tld> nameserver "<IPNummer>" nameserver "<IPNummer>"
Installation der Portscollection
- portsnap fetch extract
Bereitstellung von SSH
Konfiguration von OpenSSH
- openssh
- ssh auf anderen port legen
- Vorschläge für sshd_config
- ee /etc/ssh/sshd_config
VersionAddendum Port $SSH_PORTNUMMER ListenAddress $JAIL_IP Protocol 2 SyslogFacility AUTH LogLevel INFO LoginGraceTime 1m PermitRootLogin no StrictModes yes MaxAuthTries 4 MaxSessions 5 AllowUsers $DER_COOLE_LEUTE_CLUB PermitEmptyPasswords no X11Forwarding no Banner none
- immer schön manpage lesen und mit dem Feinkamm durchgehen
- keys + passwörter zur Authentifizierung
- in jails:ListenAddress 0.0.0.0
Aktivierung von OpenSSH für jeden Boot-Vorgang
- ee /etc/rc.conf
sshd_enable="YES"
Anpassung der Sicherheitseinstellungen
Festlegung zur Automatisierung der Updates
- Automatische Portscollection updaten
- Mailinfo zusenden zu
- nicht aktuellen Ports
- verbugten Ports
- ee /etc/crontab
0 13 * * * root portsnap -I cron fetch && portsnap update && pkg_version -vIL= 0 14 * * * root portaudit -Fda 0 */12 * * * root /usr/sbin/audit -n
Installation der Audit-Unterstützung
- auditd starten
- /etc/rc.d/auditd start
= Festlegen der Grundeinstellungen der Audit-Unterstützung =
- flags setzen
- ee /etc/security/audit_control
flags:lo,aa,ex
- synchronize config:
- audit -s
= Anpassung zur Aktivierung der Audit-Unterstützung für jeden Boot-Vorgang =
- ee /etc/rc.conf
# Audit Deamon aktivieren auditd_enable="YES"
Installation des Paket Filters (PF) von OpenBSD und ALTQ
- Paketfilter starten
- /etc/rc.d/pf start
- /etc/rc.d/pflog start
= Festlegen der Regeln für den Paket Filter =
- ee /etc/pf.conf
### MAKROS thishost "$MAIN_IP" # portsnap5 204.9.55.80 portsnap_freebsd "{ 204.109.56.116 204.9.55.80 }" # auditfile.tbz is beeing fetched from portaudit.freebsd.org portaudit_freebsd "69.147.83.36" # dnsserver from resolv.conf dnsserver "{ 85.214.73.63 217.79.186.148 27.110.120.30 204.152.184.76 194.150$ ### RULES # default deny block in all block out all # lokales interface darf ohne einschränkungen pass in quick on lo0 all pass out quick on lo0 all ## HOST # allow ssh pass in on bce0 proto tcp from any to $thishost port $SSH_PORT pass out on bce0 proto tcp from $thishost port $SSH_PORT to any ## allow outbound icmp # echo request pass out inet proto icmp icmp-type 8 code 0 keep state # echo reply pass in inet proto icmp icmp-type 0 code 0 keep state # destination unreachable pass in inet proto icmp icmp-type 3 keep state # allow DNS lookups {also via tcp?} port 53 # what about traversal??? pass out on bce0 proto udp from $thishost to $dnsserver port 53 keep state # allow portsnap to fetch from freebsd.org (ports?) pass in on bce0 proto tcp from $portsnap_freebsd to $thishost pass out on bce0 proto tcp from $thishost to $portsnap_freebsd # allow portaudit to fetch auditfile.tbz via http pass in on bce0 proto tcp from $portaudit_freebsd port 80 to $thishost pass out on bce0 proto tcp from $thishost to $portaudit_freebsd port 80 ## JAIL Beispiel (uneingeschränkt -> dumme Idee, ports dienstabhänging freigeben pass in on bce0 proto { tcp udp icmp } from any to $jail_srs14 pass out on bce0 proto { tcp udp icmp } from $jail_srs14 to any
- Regeln überprüfen
pfctl -vnf /etc/pf.conf
- alte Regeln durch die neuen Regeln ersetzen
- pfctl -Fa -f /etc/pf.conf
= Anpassung zur Aktivierung des Paket Filters für jeden Boot-Vorgang =
- ee /etc/rc.conf
# Packet Filter aktivieren pf_enable="YES" # auf die erstellte Datei mit den Regeln für den Packet Filter verweisen pf_rules="/etc/pf.conf" # Log für den Packet Filterlog aktivieren pflog_enable="YES"
Anpassung zur Aktivierung des Durchroutens aller Jails für jeden Boot-Vorgang
- ee /etc/rc.conf
# host system is gateway for jails gateway_enable="YES"
Anpassung zur Aktivierung der Systemlog-Informationen für jeden Boot-Vorgang
- ee /etc/rc.conf
# syslogd an Hauptmaschine binden syslogd_flags="-b $MAIN_IP"
Anpassung zur Sprache und Zeichensatz
- ee /etc/login.conf
# deutsch einstellen default:\ … :charset=ISO-8859-1:\ :lang=de_DE.ISO8859-1:\ …
- cap_mkdb /etc/login.conf
Zusammenfassung der Einträge und Anpassung nach der Installation des Betriebssystems
Bei einer Mehrzahl von Einträgen sollte die Datei hier als Zusammenfassung abgebildet werden. Bei einmaligen Einträgen kann auf den entsprechende Abschnitt verwiesen werden.
/mnt/etc/fstab
/boot/loader.conf
zfs_load="YES" vfs.root.mountfrom="zfs:gallien" geom_mirror_load="YES" autoboot_delay="1"
/etc/rc.conf
zfs_enable="YES" keymap="german.iso" hostname="<Name des Servers>" defaultrouter="<IP(v4)-Adresse des nächsten Routers (im C-Netz)>" ifconfig_em0="<IP(v4)-Adresse des Servers (host)> netmask 255.255.255.0" sshd_enable="YES" # Audit Deamon aktivieren auditd_enable="YES" # Packetfilter aktivieren pf_enable="YES" # Packetfilter Datei pf_rules="/etc/pf.conf" # Packetfilterlog aktivieren pflog_enable="YES" # host system is gateway for jails gateway_enable="YES" # syslogd an Hauptmaschine binden syslogd_flags="-b <IP(v4)-Adresse des Servers (host)>"
- Wenn IPv6 verfügbar ist, müssen noch weitere Anpassung für die Nutzung von IPv6 eingetragen werden.
- Hilfreiche Seite für das Tunneln von ipv6 zu 4 Adressen
#Aktivierung des IPv6 Supports ipv6_enable="YES" ipv6_defaultrouter="<IPv6-Adresse des nächsten Routers>" ipv6_ifconfig_em0="<IPv6-Adresse des Servers (host)> prefixlen 128" # host system is gateway for jails with ipv6 ipv6_gateway_enable="YES"
/etc/resolv.conf
siehe #Erstellung der Liste für Nameserver
- Aus Sicherheitsgründen wurde hier nicht der orginale Dateiinalt hingeschrieben
/etc/ssh/sshd_config
siehe #Konfiguration von OpenSSH
/etc/crontab
siehe #Festlegung zur Automatisierung der Updates
/etc/security/audit_control
sieh #Festlegen der Grundeinstellungen der Audit-Unterstützung
/etc/pf.conf
siehe #Festlegen der Regeln für den Paket Filter
- Aus Sicherheitsgründen wurde hier nicht der orginale Dateiinalt hingeschrieben
/etc/login.conf
siehe #Anpassung zur Sprache und Zeichensatz
fette Elke
loader.conf
- für den apache22 Eintrag anlegen
accf_data_load=”YES” # Wait for data accept filter accf_http_load=”YES” # Wait for full HTTP request accept filter
sysctl.conf
kern.ipc.somaxconn=1024 #mögliche Verbindungen erhöhen security.jail.allow_raw_sockets=1 # Jail kann raw-socket
Ports
installierte Ports
- autoconf
- autoconf-wrapper
- automake
- automake-wrapper
- db41
- emacs-nox11
- gdbm
- gettext
- gmake
- help2man
- libevent
- libevent2
- libiconv
- libidn
- libsigsegv
- libtool
- m4
- nano
- p5-Locale-gettext
- pcre
- perl-threaded
- pkgconf
- portaudit
- portupgrade
- python27
- ruby
- ruby18-bdb
- tmux
- wget
- zsh
konfigurierte Ports
gdbm
WITH_COMPAT=true
help2man
OPTIONS_FILE_SET+=NLS
libevent2
OPTIONS_FILE_SET+=OPENSSL
OPTIONS_FILE_SET+=THREADS
libiconv
WITH_EXTRA_ENCODINGS=true
WITHOUT_EXTRA_PATCHES=true
m4
WITH_LIBSIGSEGV=true
pcre
OPTIONS_FILE_SET+=JIT
perl
WITHOUT_DEBUGGING=true
WITH_GDBM=true
WITH_PERL_MALLOC=true
WITH_PERL_64BITINT=true
WITH_THREADS=true
WITH_PTHREAD=true
WITH_MULTIPLICITY=true
WITHOUT_SITECUSTOMIZE=true
WITH_USE_PERL=true
portupgrade
OPTIONS_FILE_SET+=DOCS
OPTIONS_FILE_SET+=DB_OVERRIDE
OPTIONS_FILE_SET+=BDB4
OPTIONS_FILE_UNSET+=BDB1
python27
OPTIONS_FILE_SET+=EXAMPLES
OPTIONS_FILE_UNSET+=FPECTL
OPTIONS_FILE_SET+=IPV6
OPTIONS_FILE_SET+=NLS
OPTIONS_FILE_UNSET+=PTH
OPTIONS_FILE_SET+=PYMALLOC
OPTIONS_FILE_UNSET+=SEM
OPTIONS_FILE_SET+=THREADS
OPTIONS_FILE_UNSET+=UCS2
OPTIONS_FILE_SET+=UCS4
ruby
OPTIONS_FILE_UNSET+=ONIGURUMA
OPTIONS_FILE_SET+=RDOC
OPTIONS_FILE_UNSET+=DEBUG
tmux
OPTIONS_FILE_SET+=BACKSPACE
OPTIONS_FILE_SET+=LIBEVENT2
OPTIONS_FILE_SET+=LIBEVENT_STATIC
wget
WITHOUT_GNUTLS=true
WITH_IPV6=true
WITH_NLS=true
WITH_OPENSSL=true
WITH_IDN=true
zsh
OPTIONS_FILE_UNSET+=DEBUG
OPTIONS_FILE_SET+=DOCS
OPTIONS_FILE_UNSET+=GDBM
OPTIONS_FILE_SET+=MAILDIR
OPTIONS_FILE_SET+=MEM
OPTIONS_FILE_SET+=MULTIBYTE
OPTIONS_FILE_SET+=PCRE
OPTIONS_FILE_SET+=SECURE_FREE
OPTIONS_FILE_UNSET+=STATIC
- Der Artikel Server/SRS2342/Jails dient der dokumentarischen Sammlung aller Jails, welche auf der fetten Elke angelgt sind
Standart Ports und Konfiguration der Jail
- Standartports sind mit Hilfe des
startup.sh
-Scriptes installiert worden.
help2man
OPTIONS_FILE_SET+=NLS
libiconv
OPTIONS_FILE_SET+=ENCODINGS OPTIONS_FILE_UNSET+=PATCHES
m4
WITH_LIBSIGSEGV=true
pcre
OPTIONS_FILE_SET+=STACK_RECURSION
perl
OPTIONS_FILE_SET+=DEBUG OPTIONS_FILE_UNSET+=GDBM OPTIONS_FILE_SET+=MULTIPLICITY OPTIONS_FILE_SET+=PERL_64BITINT OPTIONS_FILE_UNSET+=PERL_MALLOC OPTIONS_FILE_SET+=PTHREAD OPTIONS_FILE_UNSET+=SITECUSTOMIZE OPTIONS_FILE_SET+=THREADS OPTIONS_FILE_SET+=USE_PERL
portupgrade
OPTIONS_FILE_SET+=DOCS
ruby
OPTIONS_FILE_UNSET+=ONIGURUMA OPTIONS_FILE_SET+=RDOC OPTIONS_FILE_UNSET+=DEBUG
zsh
OPTIONS_FILE_UNSET+=DEBUG OPTIONS_FILE_SET+=DOCS OPTIONS_FILE_SET+=EXAMPLES OPTIONS_FILE_UNSET+=GDBM OPTIONS_FILE_SET+=MAILDIR OPTIONS_FILE_SET+=MEM OPTIONS_FILE_SET+=MULTIBYTE OPTIONS_FILE_SET+=PCRE OPTIONS_FILE_SET+=SECURE_FREE OPTIONS_FILE_UNSET+=STATIC
SRS1
- Verwendungszweck
Lauft!
Plone
Plone 4.0.5 via UnifiedInstaller installieren.
install.sh --password=<password> standalone
Plone 4.0.5 to 4.1 fehlgeschlagen
- im verzeichnis von …/GenericSetup die rolemap.xml angelegt
link : [1]
<?xml version="1.0" encoding="UTF-8"?> <rolemap> <permissions> <permission name="ATContentTypes Topic: Add ATBooleanCriterion" acquire="True"> <role name="Contributor"/> </permission> <permission name="ATContentTypes Topic: Add ATCurrentAuthorCriterion" acquire="True"> <role name="Contributor"/> </permission> <permission name="ATContentTypes Topic: Add ATDateCriteria" acquire="True"> <role name="Contributor"/> </permission> <permission name="ATContentTypes Topic: Add ATDateRangeCriterion" acquire="True"> <role name="Contributor"/> </permission> <permission name="ATContentTypes Topic: Add ATListCriterion" acquire="True"> <role name="Contributor"/> </permission> <permission name="ATContentTypes Topic: Add ATPathCriterion" acquire="True"> <role name="Contributor"/> </permission> <permission name="ATContentTypes Topic: Add ATPortalTypeCriterion" acquire="True"> <role name="Contributor"/> </permission> <permission name="ATContentTypes Topic: Add ATReferenceCriterion" acquire="True"> <role name="Contributor"/> </permission> <permission name="ATContentTypes Topic: Add ATRelativePathCriterion" acquire="True"> <role name="Contributor"/> </permission> <permission name="ATContentTypes Topic: Add ATSelectionCriterion" acquire="True"> <role name="Contributor"/> </permission> <permission name="ATContentTypes Topic: Add ATSimpleIntCriterion" acquire="True"> <role name="Contributor"/> </permission> <permission name="ATContentTypes Topic: Add ATSimpleStringCriterion" acquire="True"> <role name="Contributor"/> </permission> <permission name="ATContentTypes Topic: Add ATSortCriterion" acquire="True"> <role name="Contributor"/> </permission> <permission name="Add portal topics" acquire="True"> <role name="Contributor"/> </permission> <permission name="Change portal topics" acquire="True"> <role name="Editor"/> </permission> </permissions> </rolemap>
Ports
installierte Ports
- atk
- autoconf
- autoconf-wrapper
- automake
- automake-wrapper
- bdftopcf
- bigreqsproto
- bison
- bitstream-vera
- ca_root_nss
- cairo
- cmake
- cmake-modules
- compositeproto
- curl
- cvsps
- damageproto
- db41
- dejavu
- dialog4ports
- emacs-nox11
- encodings
- expat
- fixesproto
- font-bh-ttf
- font-misc-ethiopic
- font-misc-meltho
- font-util
- fontconfig
- fontsproto
- freetype2
- gamin
- gdbm
- gdk-pixbuf2
- gettext
- gio-fam-backend
- git
- glib
- gmake
- gnomehier
- gobject-introspection
- help2man
- inputproto
- jasper
- jbigkit
- jpeg
- kbproto
- libICE
- libSM
- libX11
- libXau
- libXcomposite
- libXcursor
- libXdamage
- libXdmcp
- libXext
- libXfixes
- libXfont
- libXi
- libXinerama
- libXrandr
- libXrender
- libXt
- libcheck
- libevent
- libevent2
- libexecinfo
- libffi
- libfontenc
- libgcrypt
- libgpg-error
- libiconv
- libidn
- libpthread-stubs
- libsigsegv
- libtool
- libxcb
- libxml2
- libxslt
- libyaml
- lynx
- m4
- mkfontdir
- mkfontscale
- nano
- p5-Error
- p5-ExtUtils-Constant
- p5-IO-Socket-IP
- p5-IO-Socket-SSL
- p5-Locale-gettext
- p5-Net-SMTP-SSL
- p5-Net-SSLeay
- p5-Socket
- pango
- pcre
- perl-threaded
- pixman
- pkgconf
- png
- portaudit
- portupgrade
- py27-wikitools
- python27
- python33
- randrproto
- renderproto
- ruby
- ruby
- ruby18-bdb
- ruby19-bdb
- ruby19-date2
- tiff
- tmux
- unzip
- vim-lite
- wget
- xcb-proto
- xcb-util
- xcb-util-renderutil
- xcmiscproto
- xextproto
- xf86bigfontproto
- xineramaproto
- xorg-fonts-truetype
- xorg-macros
- xproto
- xtrans
- zsh
konfigurierte Ports
cairo
OPTIONS_FILE_SET+=GLIB OPTIONS_FILE_UNSET+=OPENGL OPTIONS_FILE_SET+=X11 OPTIONS_FILE_SET+=XCB
freetype2
OPTIONS_FILE_UNSET+=CFF_HINTING_ADOBE OPTIONS_FILE_UNSET+=LCD_FILTERING
gamin
OPTIONS_FILE_UNSET+=GAM_POLLER OPTIONS_FILE_UNSET+=LIBINOTIFY OPTIONS_FILE_SET+=RUN_AS_EUID
gdk-pixbuf2
OPTIONS_FILE_SET+=JASPER OPTIONS_FILE_SET+=JPEG OPTIONS_FILE_SET+=NLS OPTIONS_FILE_SET+=PNG OPTIONS_FILE_SET+=TIFF
jasper
OPTIONS_FILE_UNSET+=OPENGL OPTIONS_FILE_UNSET+=UUID
libcheck
OPTIONS_FILE_SET+=DOCS OPTIONS_FILE_UNSET+=EXAMPLES
libevent2
OPTIONS_FILE_SET+=OPENSSL OPTIONS_FILE_SET+=THREADS
libffi
OPTIONS_FILE_UNSET+=TESTS
libxml2
OPTIONS_FILE_UNSET+=MEM_DEBUG OPTIONS_FILE_SET+=SCHEMA OPTIONS_FILE_SET+=THREADS OPTIONS_FILE_UNSET+=THREAD_ALLOC OPTIONS_FILE_UNSET+=XMLLINT_HIST
libxslt
OPTIONS_FILE_SET+=CRYPTO OPTIONS_FILE_UNSET+=MEM_DEBUG
lynx
OPTIONS_FILE_SET+=SSL OPTIONS_FILE_SET+=DEFAULT_COLORS OPTIONS_FILE_SET+=IPV6 OPTIONS_FILE_SET+=NLS
pango
OPTIONS_FILE_SET+=X11
pixman
OPTIONS_FILE_SET+=SIMD
png
OPTIONS_FILE_SET+=APNG
python27
OPTIONS_FILE_SET+=EXAMPLES OPTIONS_FILE_UNSET+=FPECTL OPTIONS_FILE_SET+=IPV6 OPTIONS_FILE_SET+=NLS OPTIONS_FILE_UNSET+=PTH OPTIONS_FILE_SET+=PYMALLOC OPTIONS_FILE_UNSET+=SEM OPTIONS_FILE_SET+=THREADS OPTIONS_FILE_UNSET+=UCS2 OPTIONS_FILE_SET+=UCS4
ruby18-bdb
OPTIONS_FILE_SET+=DOCS OPTIONS_FILE_UNSET+=EXAMPLES
tmux
OPTIONS_FILE_SET+=BACKSPACE OPTIONS_FILE_SET+=LIBEVENT2 OPTIONS_FILE_UNSET+=LIBEVENT_STATIC
Konfiguration der Programme
Konfiguration Plone
- für Backup aktivierung
- in die buildout.cfg schreiben unter der überschrift [buildout]
########################################## ## # Parts Specification #-------------------- # Specifies the components that should be included in the buildout. # All the basics are in the base.cfg extension; you may add your # own if you need them at the end of this file. parts = instance zopepy zopeskel unifiedinstaller chown backup repozo
- [backup] am Schluss hin schreiben und weitere Parameter eintragen (buildout.cfg)
[backup] recipe = collective.recipe.backup keep = 4 full = true debug = false snapshotlocation = /root/plonebackup/snapshot backup_blobs = true blobsnapshotlocation = /root/plonebackup/blobsnapshots gzip = true enable_snapshotrestore = false
- wenn die Datei repozo.py fehlte (buildout.cfg)
[repozo] recipe = zc.recipe.egg eggs = ZODB3 scripts = repozo
- /etc/crontab
# Plone inkrementelles Backup * 23 * * 6 root <path/to/plone>/zinstance/bin/backup # Plone Fullbackup (snapshot) * 20 5 * * root <path/to/plone>/zinstance/bin/snapshotbackup
Konfiguration Apache22
- httpd.conf
ServerTokens ProductOnly
ServerSignature Off
- extra/httpd-vhost.conf
<VirtualHost *:80>
# A sample VirtualHost section for using Apache as a webserver
# instead of Zope.
# ServerName is the url of your website.
ServerName <domain>
# ServerName 127.0.0.1
# Add serverAlias lines for other domain names that should
# point to this website. They will be rewritten by Apache to
# the ServerName, so that anyone going to www.site.com
# will be invisibly redirected to site.com in their browser.
ServerAlias domain
# ServerAdmin is your email address, which shows up on error
# pages when Apache cannot connect to Zope.
ServerAdmin adminmail
# The ProxyPass and ProxyPassReverse lines are the magic
# ingredients. They rewite requests to http://site.com and
# pass the entire request through to Zope on
# http://site.com:8080. The VirtualHostBase ensures that
# when the page goes back to the browser, it goes out through
# Apache, and appears to have come from http://site.com.
# The line is made up from:
# ProxyPass or ProxyPassReverse
# / is the url at http://site.com that you wish to use to
# point to the Zope site. You could keep http://site.com as a
# flat HTML site in Apache, and replace / with /zope to make
# http://site/com/zope point to your zope site.
# http://site.com:8080 is the address that your zope is
# running on.
# /VirtualHostBase/http/site.com:80 makes sure that zope
# *thinks* it is running at http://site.com instead of at
# http://site.com:8080. You don't have to do anything else
# in Zope to make this work.
# /yourplonesite is the location of your Plone Site within Zope.
# If you added a Plone Site into the root of your Zope with an id
# of 'mysite', then you just change this bit to /mysite
# /VirtualHostRoot/ makes your Plone site think it is the root of the site.
ProxyPass / http://127.0.0.1:8080/VirtualHostBase/http/<domain>:80/Plone/VirtualHostRoot/
ProxyPassReverse / http://127.0.0.1:8080/VirtualHostBase/http/<domain>:80/Plone/VirtualHostRoot/
# CacheRoot is the location on the filesystem to store files that
# Apache caches. This directory must be created, and the user that
# Apache runs as must have full write permissions to it.
# It's a bad idea to create this in the /tmp directory, as the
# directory itself will then be deleted when you reboot.
CacheRoot "/var/cache/www.stura.htw-dresden.de"
CacheEnable disk /
# CacheSize determines how big this cache can get in KB. It's a
# good idea that this number is about 30% less than the available
# space in the CacheRoot directory. Here we choose to cache 100MB
# of data, which is enough for a personal website, but not for
# anything larger.
MCacheSize 524288
MCacheMaxObjectCount 100000
MCacheMinObjectSize 1
MCacheMaxObjectSize 200000
# CacheGcInterval specifies how often (in hours) to examine the
# cache and delete obsolete files.
#CacheGcInterval 2
# CacheLastModifiedFactor allows the estimation of an expiry date
# for a page if it doesn't have an expiry-date specified in the
# HTTP headers returned from Zope. This is based on (time since
# last modification * CacheLastModifiedFactor), so that content
# that is ten hours old would be given an expiry date of 1 hour in
# the future.
CacheLastModifiedFactor 0.1
# CacheDefaultExpire sets a default expiry time of 0,5 hour into the
# future for cached pages.
CacheDefaultExpire 0.5
# CacheDirLength sets the number of characters used in directory
# names for subdirectories of CacheRoot
CacheDirLength 3
# The following definitions set expiry times for various content
# types. In this list, each content type defined is cached for a
# maximum period of 1 hour (3600 seconds) before it must be checked
# again. Non-listed content types are not cached.
ExpiresActive On
expiresByType image/ief A3600
ExpiresByType image/tiff A3600
ExpiresByType image/bmp A3600
ExpiresByType image/gif A3600
ExpiresByType image/png A3600
ExpiresByType image/jpeg A3600
ExpiresByType image/x-cmu-raster A3600
ExpiresByType image/x-portable-anymap A3600
ExpiresByType image/x-portable-bitmap A3600
ExpiresByType image/x-portable-graymap A3600
ExpiresByType image/x-portable-pixmap A3600
ExpiresByType image/x-rgb A3600
ExpiresByType image/x-xbitmap A3600
ExpiresByType image/x-xpixmap A3600
ExpiresByType image/x-xwindowdump A3600
ExpiresByType text/css A3600
ExpiresByType text/javascript A3600
ExpiresByType application/x-javascript A3600
ExpiresByType text/html A3600
ExpiresByType text/xml A3600
# CustomLog "/var/log/www.stura.htw-dresden.de-access_log" common
</VirtualHost>
Konfiguration von Skripten
rc.d scripting Plone
Seit Anbeginn (nun mehrere Jahre) hat der Betrieb von Plone auf srs1 ein großes Manko: Plone startet nicht von allein. Daher musste sich auf srs1 manuell angemeldet werden und Plone musste "von Hand" gestartet werden. Das soll nun anders sein.
$EDITOR /usr/local/etc/rc.d/plone
#!/bin/sh # PROVIDE: plone # REQUIRE: LOGIN # KEYWORD: shutdown . /etc/rc.subr name="plone" rcvar=plone_enable start_cmd="${name}_start" stop_cmd="${name}_stop" restart_cmd="${name}_restart" status_cmd="${name}_status" extra_commands="status" load_rc_config ${name} #: ${plone_enable:="NO"} plone_stop() { /usr/local/Plone/zinstance/bin/plonectl stop } plone_status() { /usr/local/Plone/zinstance/bin/plonectl status } plone_start() { /usr/local/Plone/zinstance/bin/plonectl start } plone_restart() { /usr/local/Plone/zinstance/bin/plonectl restart } run_rc_command "$1"
Anpassen der Berechtigung für eine Datei für rc.d
chmod 540 /usr/local/etc/rc.d/plone
- Kontrollieren der Berechtigung für eine Datei für rc.d
ls -l /usr/local/etc/rc.d/plone
-r-xr----- 1 root wheel 603 Oct 23 18:34 /usr/local/etc/rc.d/plone
Selbstverständlich bedarf es auch noch dem Eintrag in der rc.conf, um Anzuzeigen, dass plone gestartet werden soll kann.
echo 'plone_enable="YES"' >> /etc/rc.conf
Eigentlich ist die Datei für rc.d relativ simpel. (Der Bezug sind die komplexen Varianten, die rc.d und entsprechende Dateien mit sich brinken können.)
- /usr/local/Plone/zinstance/bin/plonectl ist die Stelle und Datei zur Verwaltung des Betriebes von Plone. (Woher die Auswahl dieses Stelle stammt ist nicht näher bekannt.)
- Bei der Entfernung der Auskommentierung bei #: ${plone_enable:="NO"} würde Plone nicht zu Starten der Jail selbst starten. Jedoch wären aber noch alle anderen gewünschten Funktionalitäten von rc.d verfügbar.
- Folgende Befehle sind nun mittels rc.d verfügbar:
service plone stop
- Stoppen von Plone
service plone stauts
- Status von Plone ausgeben lassen
service plone start
- Starten von Plone
service plone restart
- Neustarten von Plone
- .
Läuft!
Weblinks
SRS2
Ports
installierte Ports
- atk
- autoconf
- autoconf-wrapper
- automake
- automake-wrapper
- bdftopcf
- bigreqsproto
- bison
- bitstream-vera
- ca_root_nss
- cairo
- cmake
- cmake-modules
- compositeproto
- curl
- cvsps
- damageproto
- db41
- dejavu
- dialog4ports
- emacs-nox11
- encodings
- expat
- fixesproto
- font-bh-ttf
- font-misc-ethiopic
- font-misc-meltho
- font-util
- fontconfig
- fontsproto
- freetype2
- gamin
- gdbm
- gdk-pixbuf2
- gettext
- gio-fam-backend
- git
- glib
- gmake
- gnomehier
- gobject-introspection
- help2man
- inputproto
- jasper
- jbigkit
- jpeg
- kbproto
- libICE
- libSM
- libX11
- libXau
- libXcomposite
- libXcursor
- libXdamage
- libXdmcp
- libXext
- libXfixes
- libXfont
- libXi
- libXinerama
- libXrandr
- libXrender
- libXt
- libcheck
- libevent
- libevent2
- libexecinfo
- libffi
- libfontenc
- libgcrypt
- libgpg-error
- libiconv
- libidn
- libpthread-stubs
- libsigsegv
- libtool
- libxcb
- libxml2
- libxslt
- libyaml
- lynx
- m4
- mkfontdir
- mkfontscale
- nano
- p5-Error
- p5-ExtUtils-Constant
- p5-IO-Socket-IP
- p5-IO-Socket-SSL
- p5-Locale-gettext
- p5-Net-SMTP-SSL
- p5-Net-SSLeay
- p5-Socket
- pango
- pcre
- perl-threaded
- pixman
- pkgconf
- png
- portaudit
- portupgrade
- py27-wikitools
- python27
- python33
- randrproto
- renderproto
- ruby
- ruby18-bdb
- ruby19-bdb
- ruby19-date2
- tiff
- tmux
- unzip
- vim-lite
- wget
- xcb-proto
- xcb-util
- xcb-util-renderutil
- xcmiscproto
- xextproto
- xf86bigfontproto
- xineramaproto
- xorg-fonts-truetype
- xorg-macros
- xproto
- xtrans
- zsh
konfigurierte Ports
dejavu
OPTIONS_FILE_SET+=DOCS OPTIONS_FILE_SET+=LINKS
gdbm
OPTIONS_FILE_UNSET+=COMPAT
libcheck
OPTIONS_FILE_SET+=DOCS OPTIONS_FILE_SET+=EXAMPLES
libxslt
OPTIONS_FILE_UNSET+=MEM_DEBUG OPTIONS_FILE_SET+=CRYPTO
png
OPTIONS_FILE_SET+=APNG
python27
OPTIONS_FILE_SET+=EXAMPLES OPTIONS_FILE_UNSET+=FPECTL OPTIONS_FILE_SET+=IPV6 OPTIONS_FILE_SET+=NLS OPTIONS_FILE_UNSET+=PTH OPTIONS_FILE_SET+=PYMALLOC OPTIONS_FILE_UNSET+=SEM OPTIONS_FILE_SET+=THREADS OPTIONS_FILE_UNSET+=UCS2 OPTIONS_FILE_SET+=UCS4
ruby18-bdb
OPTIONS_FILE_SET+=DOCS OPTIONS_FILE_UNSET+=EXAMPLES
wget
OPTIONS_FILE_SET+=GNUTLS OPTIONS_FILE_SET+=IPV6 OPTIONS_FILE_SET+=NLS OPTIONS_FILE_SET+=OPENSSL OPTIONS_FILE_SET+=IDN
Konfiguration der Programme
SRS13
Verwendungszweck: MediaWiki für wiki.htw.stura-dresden.de
Ports
installierte Ports
- atk
- autoconf
- autoconf-wrapper
- automake
- automake-wrapper
- bdftopcf
- bigreqsproto
- bison
- bitstream-vera
- ca_root_nss
- cairo
- cmake
- cmake-modules
- compositeproto
- curl
- cvsps
- damageproto
- db41
- dejavu
- dialog4ports
- emacs-nox11
- encodings
- expat
- fixesproto
- font-bh-ttf
- font-misc-ethiopic
- font-misc-meltho
- font-util
- fontconfig
- fontsproto
- freetype2
- gamin
- gdbm
- gdk-pixbuf2
- gettext
- gio-fam-backend
- git
- glib
- gmake
- gnomehier
- gobject-introspection
- help2man
- inputproto
- jasper
- jbigkit
- jpeg
- kbproto
- libICE
- libSM
- libX11
- libXau
- libXcomposite
- libXcursor
- libXdamage
- libXdmcp
- libXext
- libXfixes
- libXfont
- libXi
- libXinerama
- libXrandr
- libXrender
- libXt
- libcheck
- libevent
- libevent2
- libexecinfo
- libffi
- libfontenc
- libgcrypt
- libgpg-error
- libiconv
- libidn
- libpthread-stubs
- libsigsegv
- libtool
- libxcb
- libxml2
- libxslt
- libyaml
- lynx
- m4
- mkfontdir
- mkfontscale
- nano
- p5-Error
- p5-ExtUtils-Constant
- p5-IO-Socket-IP
- p5-IO-Socket-SSL
- p5-Locale-gettext
- p5-Net-SMTP-SSL
- p5-Net-SSLeay
- p5-Socket
- pango
- pcre
- perl-threaded
- pixman
- pkgconf
- png
- portaudit
- portupgrade
- py27-wikitools
- python27
- python33
- randrproto
- renderproto
- ruby
- ruby18-bdb
- ruby19-bdb
- ruby19-date2
- tiff
- tmux
- unzip
- vim-lite
- wget
- xcb-proto
- xcb-util
- xcb-util-renderutil
- xcmiscproto
- xextproto
- xf86bigfontproto
- xineramaproto
- xorg-fonts-truetype
- xorg-macros
- xproto
- xtrans
- zsh
konfigurierte Ports
ca_root_nss
OPTIONS_FILE_SET+=ETCSYMLINK
freetype2
OPTIONS_FILE_UNSET+=CFF_HINTING_ADOBE OPTIONS_FILE_UNSET+=LCD_FILTERING
libcheck
OPTIONS_FILE_SET+=DOCS OPTIONS_FILE_SET+=EXAMPLES
libxml2
OPTIONS_FILE_UNSET+=MEM_DEBUG OPTIONS_FILE_SET+=SCHEMA OPTIONS_FILE_SET+=THREADS OPTIONS_FILE_UNSET+=THREAD_ALLOC OPTIONS_FILE_UNSET+=XMLLINT_HIST
libxslt
OPTIONS_FILE_SET+=CRYPTO OPTIONS_FILE_UNSET+=MEM_DEBUG
png
OPTIONS_FILE_SET+=APNG
python27
OPTIONS_FILE_SET+=EXAMPLES OPTIONS_FILE_UNSET+=FPECTL OPTIONS_FILE_SET+=IPV6 OPTIONS_FILE_SET+=NLS OPTIONS_FILE_UNSET+=PTH OPTIONS_FILE_SET+=PYMALLOC OPTIONS_FILE_UNSET+=SEM OPTIONS_FILE_SET+=THREADS OPTIONS_FILE_UNSET+=UCS2 OPTIONS_FILE_SET+=UCS4
ruby18-bdb
OPTIONS_FILE_SET+=DOCS OPTIONS_FILE_UNSET+=EXAMPLES
zusätzliche Konfigurationsdateien
Jail
/etc/rc.conf
apache22_enable="YES"
mysql_enable="YES"
Konfiguration der Programme
apache
httpd.conf
…
LoadModule php5_module libexec/apache22/libphp5.so
<IfModule php5_module>
DirectoryIndex index.php index.php5 index.html
AddType application/x-httpd-php .php
AddType application/x-httpd-php-source .phps
</IfModule>
…
ServerAdmin <admin[at]domain.tld>
…
ServerName wiki.htw.stura-dresden.de:80
…
DocumentRoot "</path/to/mediawiki>"
…
#<Directory "/usr/local/www/apache22/data">
#
# Possible values for the Options directive are "None", "All",
# or any combination of:
# Indexes Includes FollowSymLinks SymLinksifOwnerMatch ExecCGI MultiViews
#
# Note that "MultiViews" must be named *explicitly* --- "Options All"
# doesn't give it to you.
#
# The Options directive is both complicated and important. Please see
# http://httpd.apache.org/docs/2.2/mod/core.html#options
# for more information.
#
# Options Indexes FollowSymLinks
#
# AllowOverride controls what directives may be placed in .htaccess files.
# It can be "All", "None", or any combination of the keywords:
# Options FileInfo AuthConfig Limit
#
# AllowOverride None
#
# Controls who can get stuff from this server.
#
# Order allow,deny
# Allow from all
#</Directory>
…
# Virtual hosts
Include etc/apache22/extra/httpd-vhosts.conf
…
# CustomLog "/var/log/httpd-access.log" combined # comment out Der StuRa speichert nicht!
…
extra/httpd-vhosts.conf
…
NameVirtualHost 141.56.50.13:80
…
<VirtualHost wiki.htw.stura-dresden.de:80>
Redirect permanent / http://wiki.stura.htw-dresden.de/
</VirtualHost>
<VirtualHost wiki.stura.htw-dresden.de:80>
ServerAdmin webmaster@stura.htw-dresden.de
DocumentRoot "/usr/local/www/sturawiki_1_19_2"
ServerName wiki.stura.htw-dresden.de
ServerAlias www.wiki.stura.htw-dresden.de
<Directory "/usr/local/www/sturawiki_1_19_2">
Options Indexes FollowSymLinks
DirectoryIndex index.php index.php5 index.html
AllowOverride none
Order allow,deny
Allow from all
</Directory>
ErrorLog "/var/log/wiki-error_log"
# CustomLog "/var/log/wiki-access_log" common
</VirtualHost>
<VirtualHost wiki.hs-abc.htw.stura-dresden.de:80>
ServerAdmin webmaster@stura.htw-dresden.de
DocumentRoot "/usr/local/www/hs-abcwiki_1_19_4"
ServerName wiki.hs-abc.htw.stura-dresden.de
ServerAlias www.wiki.hs-abc.htw.stura-dresden.de
<Directory "/usr/local/www/hs-abcwiki_1_19_4">
Options Indexes FollowSymLinks
DirectoryIndex index.php index.php5 index.html
AllowOverride none
Order allow,deny
Allow from all
</Directory>
ErrorLog "/var/log/wiki-error_log"
# CustomLog "/var/log/wiki-access_log" common
</VirtualHost>
<VirtualHost wiki.fzs.stura-dresden.de:80>
ServerAdmin webmaster@stura.htw-dresden.de
DocumentRoot "/usr/local/www/fzswiki_1_19_4"
ServerName wiki.fzs.stura-dresden.de
ServerAlias www.wiki.fzs.htw.stura-dresden.de
<Directory "/usr/local/www/fzswiki_1_19_4">
Options Indexes FollowSymLinks
DirectoryIndex index.php index.php5 index.html
AllowOverride none
Order allow,deny
Allow from all
</Directory>
ErrorLog "/var/log/fzswiki-error_log"
# CustomLog "/var/log/fzswiki-access_log" common
</VirtualHost>
<VirtualHost fzs-wiki.de:80>
DocumentRoot "/usr/local/www/fzswiki_1_19_4"
ServerName wiki.fzs.stura-dresden.de
ServerAlias www.wiki.fzs.htw.stura-dresden.de
<Directory "/usr/local/www/fzswiki_1_19_4">
Options Indexes FollowSymLinks
DirectoryIndex index.html index.php
AllowOverride none
Order allow,deny
Allow from all
</Directory>
</VirtualHost>
mediawiki
Wiki
</path/to/mediawiki-stura>/LocalSettings.php
…
$wgLogo = "$wgStylePath/common/images/stura.jpg";
$wgFavicon = "$wgStylePath/common/images/stura_ohne_typo.favicon32.jpg";
…
$wgDefaultSkin = 'vector';
…
##############################
## Ausnahmen Details zeigen ##
##############################
$wgShowExceptionDetails = false;
###################
## Mail Settings ##
###################
$wgSMTP = array (
'IDHost' => 'wiki.stura.htw-dresden.de', //this is used to build the Message-ID mail header
'host' => 'mail.stura.htw-dresden.de', //this is the outgoing mail server name (SMTP server)
'port' => 25, //this is the port used by the SMTP server
'auth' => false, //in my case, authentication is not required by the mail server for outgoing mail
);
################
## Namespaces ##
################
define("NS_STURA", 100);
define("NS_STURA_TALK", 101);
define("NS_INTERN", 102);
define("NS_INTERN_TALK", 103);
define("NS_ADMIN", 104);
define("NS_ADMIN_TALK", 105);
define("NS_PERSON", 106);
define("NS_PERSON_TALK", 107);
$wgExtraNamespaces[NS_STURA] = "StuRa";
$wgExtraNamespaces[NS_STURA_TALK] = "StuRa_Diskussion";
$wgExtraNamespaces[NS_INTERN] = "Intern";
$wgExtraNamespaces[NS_INTERN_TALK] = "Intern_Diskussion";
$wgExtraNamespaces[NS_ADMIN] = "Admin";
$wgExtraNamespaces[NS_ADMIN_TALK] = "Admin_Diskussion";
$wgExtraNamespaces[NS_PERSON] = "Person";
$wgExtraNamespaces[NS_PERSON_TALK] = "Person_Diskussion";
################
## Extensions ##
################
$wgAllowExternalImages = true #Externe Bilder einbinden
require_once "$IP/extensions/ConfirmEdit/QuestyCaptcha.php";
$wgCaptchaClass = 'QuestyCaptcha';
$arr = array (
'Frage' => 'An answer!',
);
foreach ( $arr as $key => $value ) {
$wgCaptchaQuestions[] = array( 'question' => $key, 'answer' => $value );
};
$wgCaptchaTriggers['edit'] = true;
$wgCaptchaTriggers['create'] = true;
require_once( "$IP/extensions/Renameuser/Renameuser.php" );
require_once( "$IP/extensions/WikiEditor/WikiEditor.php" );
require_once( "$IP/extensions/Lockdown/Lockdown.php" );
require_once( "$IP/extensions/Interwiki/Interwiki.php" );
require_once( "$IP/extensions/ContributionScores/ContributionScores.php" );
#################################
## ContributionScores settings ##
#################################
$wgContribScoreIgnoreBots = true; // Exclude Bots from the reporting - Can be omitted.
$wgContribScoreIgnoreBlockedUsers = true; // Exclude Blocked Users from the reporting - Can be omitted.
$wgContribScoresUseRealName = true; // Use real user names when available - Can be omitted. Only for MediaWiki 1.19 and later.
$wgContribScoreDisableCache = false; // Set to true to disable cache for parser function and inclusion of table.
//Each array defines a report - 7,50 is "past 7 days" and "LIMIT 50" - Can be omitted.
$wgContribScoreReports = array(
array(7,50),
array(30,50),
array(0,50)
) ;
####################
## costume groups ##
####################
// Implicit group for intern (copy of group user)
$wgGroupPermissions['intern']['move'] = true;
$wgGroupPermissions['intern']['move-subpages'] = true;
$wgGroupPermissions['intern']['move-rootuserpages'] = true; // can move root userpages
//$wgGroupPermissions['intern']['movefile'] = true; // Disabled for now due to possible bugs and security concerns
$wgGroupPermissions['intern']['read'] = true;
$wgGroupPermissions['intern']['edit'] = true;
$wgGroupPermissions['intern']['createpage'] = true;
$wgGroupPermissions['intern']['createtalk'] = true;
$wgGroupPermissions['intern']['writeapi'] = true;
$wgGroupPermissions['intern']['upload'] = true;
$wgGroupPermissions['intern']['reupload'] = true;
$wgGroupPermissions['intern']['reupload-shared'] = true;
$wgGroupPermissions['intern']['minoredit'] = true;
$wgGroupPermissions['intern']['purge'] = true; // can use ?action=purge without clicking "ok"
$wgGroupPermissions['intern']['sendemail'] = true;
// To grant sysops permissions to edit interwiki data
$wgGroupPermissions['sysop']['interwiki'] = true;
###########################
## Restricted namespaces ##
###########################
$wgNamespacePermissionLockdown[NS_INTERN]['*'] = array('intern');
$wgNamespacePermissionLockdown[NS_INTERN_TALK]['*'] = array('intern');
$wgNamespacePermissionLockdown[NS_PERSON]['*'] = array('intern');
$wgNamespacePermissionLockdown[NS_PERSON_TALK]['*'] = array('intern');
Wiki Extensions
Wiki Extension Asirra
Die Extension:Asirra wird nicht mehr verwendet!
- Die Extension:Asirra
- wurde seit 2014-10 nicht mehr unterstützt;
- funktionierte Ende 2014 nicht mehr;
- musst Ende 2014 ersetzt werden;
- wurde Anfang 2015 durch Tom durch #Wiki Extension QuestyCaptcha ersetzt;
- diente als CAPTCHA.
- Asirra/ConfirmEdit.php
Wiki Extension Lockdown
- Installation
wget https://codeload.github.com/wikimedia/mediawiki-extensions-Lockdown/legacy.tar.gz/REL1_19
tar -xzf wikimedia-mediawiki-extensions-Lockdown-84fca94.tar.gz -C /var/www/mediawiki/extensions
Wiki Extension QuestyCaptcha
Die Extension:QuestyCaptcha
- dient als CAPTCHA;
- wurde 2015-01 installiert;
- ersetzte #Wiki Extension Asirra.
HS-ABC Wiki
</path/to/mediawiki-hsabc>/LocalSettings.php
require_once( "$IP/extensions/Asirra/Asirra.php" ); require_once( "$IP/extensions/Renameuser/Renameuser.php" ); require_once( "$IP/extensions/WikiEditor/WikiEditor.php" ); ################### ## Mail Settings ## ################### $wgSMTP = array ( 'IDHost' => 'wiki.hs-abc.htw.stura-dresden.de', //this is used to build the Message-ID mail header 'host' => 'mail.stura.htw-dresden.de', //this is the outgoing mail server name (SMTP server) 'port' => 25, //this is the port used by the SMTP server 'auth' => false, //in my case, authentication is not required by the mail server for outgoing mail );
</path/to/mediawiki-hsabc>/extensions/Asirra/ConfirmEdit.php
…
$wgGroupPermissions['user' ]['skipcaptcha'] = true;
$wgGroupPermissions['autoconfirmed']['skipcaptcha'] = false;
…
$wgCaptchaTriggers['edit'] = true; // Would check on every edit
$wgCaptchaTriggers['create'] = false; // Check on page creation.
$wgCaptchaTriggers['sendemail'] = true; // Special:Emailuser
…
Siehe auch
- Wiki
- mediawikiwiki:Manual:Upgrading MediaWiki
- Server/MediaWiki
- mediawikiwiki:Manual:Running MediaWiki on FreeBSD
- mediawikiwiki:Extension:User Merge and Delete
SRS14
- WEITERLEITUNG StuRa:Server/SRS14/2018
SRS15
- Verwendungszweck
- ansatzweise Anwendung von verschiedener Software für ein potentielles AUS
- Accounts
Django
Django Installation
cd /usr/ports/www/py-django/ && sudo make install clean
┌──────────────────────────── py27-django-1.5.1 ───────────────────────────────┐ │ ┌──────────────────────────────────────────────────────────────────────────┐ │ │ │+[ ] FASTCGI FastCGI support │ │ │ │+[ ] HTMLDOCS Install the HTML documentation (requires Sphinx) │ │ │ │───────────────────────────────── DATABASE ───────────────────────────────│ │ │ │+[ ] PGSQL PostgreSQL database support │ │ │ │+[ ] MYSQL MySQL database support │ │ │ │+[x] SQLITE SQLite database support │ │ │ └──────────────────────────────────────────────────────────────────────────┘ │ ├──────────────────────────────────────────────────────────────────────────────┤ │ < OK > <Cancel> │ └──────────────────────────────────────────────────────────────────────────────┘
===> Cleaning for py27-django-1.5.1
- Done!
OTRS
OTRS Installation
cd /usr/ports/devel/otrs/ && sudo make install clean
trac
trac Installation
cd /usr/ports/www/trac/ && sudo make install clean
┌──────────────────────────────── trac-1.0.1 ──────────────────────────────────┐ │ ┌──────────────────────────────────────────────────────────────────────────┐ │ │ │+[x] DOCUTILS Allow additional text markup │ │ │ │+[ ] PGSQL PostgreSQL database support │ │ │ │+[x] PYGMENTS Use generic syntax highlighter │ │ │ │+[x] SILVERCITY Silvercity for syntax highlighting │ │ │ │+[x] SVN Subversion support │ │ │ │+[x] TZ Process Time Zones │ │ │ └──────────────────────────────────────────────────────────────────────────┘ │ ├──────────────────────────────────────────────────────────────────────────────┤ │ < OK > <Cancel> │ └──────────────────────────────────────────────────────────────────────────────┘
┌───────────────────────────── py27-Genshi-0.7 ────────────────────────────────┐ │ ┌──────────────────────────────────────────────────────────────────────────┐ │ │ │+[x] BABEL I18n support through the Babel plugin │ │ │ └──────────────────────────────────────────────────────────────────────────┘ │ ├──────────────────────────────────────────────────────────────────────────────┤ │ < OK > <Cancel> │ └──────────────────────────────────────────────────────────────────────────────┘
┌──────────────────────────── subversion-1.8.0_3 ──────────────────────────────┐ │ ┌──────────────────────────────────────────────────────────────────────────┐ │ │ │+[ ] BDB Berkeley DB support │ │ │ │+[ ] BOOK Install the Subversion Book │ │ │ │+[x] DOCS Build and/or install documentation │ │ │ │+[x] FREEBSD_TEMPLATE FreeBSD Project log template │ │ │ │+[ ] GNOME_KEYRING Build with GNOME Keyring auth support │ │ │ │+[ ] KDE_KWALLET Build with KDE KWallet auth support │ │ │ │+[ ] MAINTAINER_DEBUG Build debug version │ │ │ │+[ ] MOD_DAV_SVN mod_dav_svn module for Apache 2.X │ │ │ │+[x] NLS Native Language Support │ │ │ │+[x] P4_STYLE_MARKERS Perforce-style conflict markers │ │ │ │+[ ] SASL SASL support │ │ │ │+[x] SERF WebDAV/Delta-V (HTTP/HTTPS) repo access module │ │ │ │+[ ] STATIC Build static version (no shared libs) │ │ │ │+[ ] SVNSERVE_WRAPPER Enable svnserve wrapper (umask setter) │ │ │ │+[ ] TEST Run subversion test suite │ │ │ │+[ ] TOOLS Install several tools (svnauthz-validate and mod_d)│ │ │ └──────────────────────────────────────────────────────────────────────────┘ │ ├──────────────────────────────────────────────────────────────────────────────┤ │ < OK > <Cancel> │ └──────────────────────────────────────────────────────────────────────────────┘
┌─────────────────────────────── serf-1.2.1_1 ─────────────────────────────────┐ │ ┌──────────────────────────────────────────────────────────────────────────┐ │ │ │+[x] DOCS Build and/or install documentation │ │ │ └──────────────────────────────────────────────────────────────────────────┘ │ ├──────────────────────────────────────────────────────────────────────────────┤ │ < OK > <Cancel> │ └──────────────────────────────────────────────────────────────────────────────┘
===> Cleaning for trac-1.0.1
Sonstiges
Lynx
Lynx Zweck
- Browser für den localhost
- PaulRiegel (Diskussion) wollte bei #Django (gemäß Tutorial) den development server testen.
Lynx Installation
cd /usr/ports/www/py-django/ && sudo make install clean
┌────────────────────────────── lynx-2.8.7.2,1 ────────────────────────────────┐ │ ┌──────────────────────────────────────────────────────────────────────────┐ │ │ │+[x] DEFAULT_COLORS Colors support │ │ │ │+[x] IPV6 IPv6 protocol support │ │ │ │+[x] NLS Native Language Support │ │ │ │+[x] SSL SSL protocol support │ │ │ └──────────────────────────────────────────────────────────────────────────┘ │ ├──────────────────────────────────────────────────────────────────────────────┤ │ < OK > <Cancel> │ └──────────────────────────────────────────────────────────────────────────────┘
===> Cleaning for lynx-2.8.7.2,1
- Done!
SRS16
- WEITERLEITUNG Server/SRS16/2015
SRS17
Ports
installierte Ports
- apr
- asciidoc
- atk
- autoconf
- autoconf-wrapper
- automake
- automake-wrapper
- bash
- bdftopcf
- bigreqsproto
- bison
- bitstream-vera
- boehm-gc+fulldebug
- bsdadminscripts
- ca_root_nss
- cairo
- cmake
- cmake-modules
- compositeproto
- curl
- cvsps
- damageproto
- db41
- db42
- dejavu
- dialog4ports
- docbook
- docbook-sk
- docbook-xml
- docbook-xsl
- encodings
- expat
- fixesproto
- font-bh-ttf
- font-misc-ethiopic
- font-misc-meltho
- font-util
- fontconfig
- fontsproto
- freetype2
- gamin
- gdbm
- gdk-pixbuf2
- getopt
- gettext
- gio-fam-backend
- git
- glib
- gmake
- gnomehier
- gobject-introspection
- gtk
- gtk-update-icon-cache
- help2man
- hicolor-icon-theme
- icu
- inputproto
- intltool
- iso8879
- jasper
- jbigkit
- jpeg
- kbproto
- libICE
- libSM
- libX11
- libXau
- libXcomposite
- libXcursor
- libXdamage
- libXdmcp
- libXext
- libXfixes
- libXfont
- libXft
- libXi
- libXinerama
- libXrandr
- libXrender
- libXt
- libcheck
- libevent
- libevent2
- libexecinfo
- libffi
- libfontenc
- libgcrypt
- libgpg-error
- libiconv
- libpaper
- libpthread-stubs
- libsigsegv
- libssh2
- libtool
- libxcb
- libxml2
- libxslt
- libyaml
- lynx
- m4
- mkfontdir
- mkfontscale
- neon29
- p5-Error
- p5-IO-Socket-IP
- p5-IO-Socket-SSL
- p5-Locale-gettext
- p5-Net-SMTP-SSL
- p5-Net-SSLeay
- p5-Socket
- p5-Term-ReadKey
- p5-URI
- p5-XML-Parser
- p5-subversion
- pango
- pcre
- perl-threaded
- pixman
- pkgconf
- png
- portaudit
- portupgrade
- python27
- python33
- randrproto
- renderproto
- ruby
- ruby18-bdb
- ruby19-bdb
- ruby19-date2
- shared-mime-info
- sqlite3
- subversion
- tiff
- tmux
- unzip
- vim-lite
- w3m
- xcb-proto
- xcb-util
- xcb-util-renderutil
- xcmiscproto
- xextproto
- xf86bigfontproto
- xineramaproto
- xmlcatmgr
- xmlcharent
- xmlto
- xorg-fonts-truetype
- xorg-macros
- xproto
- xtrans
- zsh
konfigurierte Ports
icu
OPTIONS_FILE_SET+=THREADS
libxml2
OPTIONS_FILE_UNSET+=MEM_DEBUG OPTIONS_FILE_SET+=SCHEMA OPTIONS_FILE_SET+=THREADS OPTIONS_FILE_UNSET+=THREAD_ALLOC OPTIONS_FILE_UNSET+=XMLLINT_HIST
zusätzliche Konfigurationsdateien
Jail
/etc/rc.conf
sshd_enable="YES"
ejabberd_enable="YES"
/etc/ssh/sshd_config
…
ListenAddress 141.56.50.17
…
PasswordAuthentication no
…
UsePAM no
…
Konfiguration der Programme
/usr/local/etc/ejabberd/ejabberd.cfg
...
{loglevel, 3}.
...
{watchdog_admins, ["foo@srs17.stura.htw-dresden.de", "bar@srs17.stura.htw-dresden.de"]}.
...
{hosts, ["srs17.stura.htw-dresden.de"]}.
...
starttls, {certfile, "/root/ejabberd.pem"},
starttls_required,
...
%%captcha,
%%http_bind,
%%http_poll,
...
{s2s_use_starttls, required}.
...
{s2s_certfile, "/root/ejabberd.pem"}.
...
{acl, admin, {user, "foo", "srs17.stura.htw-dresden.de"}}.
{acl, admin, {user, "bar", "srs17.stura.htw-dresden.de"}}.
...
{acl, blocked, {user, "test"}}.
{acl, blocked, {user, "root"}}.
{acl, blocked, {user, "r00t"}}.
{acl, blocked, {user, "r0ot"}}.
{acl, blocked, {user, "ro0t"}}.
{acl, blocked, {user, "adm1n"}}.
{acl, blocked, {user, "admin"}}.
{acl, blocked, {user, "kss"}}.
{acl, blocked, {user, "administrator"}}.
{acl, blocked, {user, "administrat0r"}}.
{acl, blocked, {user, "adm1n1strat0r"}}.
{acl, blocked, {user, "adm1nistrat0r"}}.
{acl, blocked, {user, "admin1strat0r"}}.
{acl, blocked, {user, "adm1nistrator"}}.
{acl, blocked, {user, "admin1strator"}}.
...
{access, max_user_sessions, [{2, all}]}.
...
{language, "de"}.
...
%%{mod_irc, []},
...
%%{mod_pubsub, [
%%{access_createnode, pubsub_createnode},
%%{ignore_pep_from_offline, true}, % reduces resource comsumption, but XEP incompliant
...
%%{last_item_cache, false},
%%{plugins, ["flat", "hometree", "pep"]} % pep requires mod_caps
%%]},
...
{registration_watchers, ["foo@srs17.stura.htw-dresden.de", "bar@srs17.stura.htw-dresden.de"]},
...
{ip_access, [
{allow, "0.0.0.0/8"}
%%{allow, "127.0.0.0/8"},
%%{deny, "0.0.0.0/0"}
]},
...
Siehe auch
SRS18
Auf die Schnelle:
- Jail, die auf srs2342 (mit veraltetem FreeBSD)
- Dataset (für ZFS) liegt vielleicht schon woanders
- ist nicht in Betrieb
- altes Plone (aka Plone 3)
Plone
Plone 3.3 via UnifiedInstaller installieren.
install.sh --password=<password> standalone
Ports
installierte Ports
- atk
- autoconf
- autoconf-wrapper
- automake
- automake-wrapper
- bdftopcf
- bigreqsproto
- bison
- bitstream-vera
- ca_root_nss
- cairo
- cmake
- cmake-modules
- compositeproto
- curl
- cvsps
- damageproto
- db41
- dejavu
- dialog4ports
- emacs-nox11
- encodings
- expat
- fixesproto
- font-bh-ttf
- font-misc-ethiopic
- font-misc-meltho
- font-util
- fontconfig
- fontsproto
- freetype2
- gamin
- gdbm
- gdk-pixbuf2
- gettext
- gio-fam-backend
- git
- glib
- gmake
- gnomehier
- gobject-introspection
- help2man
- inputproto
- jasper
- jbigkit
- jpeg
- kbproto
- libICE
- libSM
- libX11
- libXau
- libXcomposite
- libXcursor
- libXdamage
- libXdmcp
- libXext
- libXfixes
- libXfont
- libXi
- libXinerama
- libXrandr
- libXrender
- libXt
- libcheck
- libevent
- libevent2
- libexecinfo
- libffi
- libfontenc
- libgcrypt
- libgpg-error
- libiconv
- libidn
- libpthread-stubs
- libsigsegv
- libtool
- libxcb
- libxml2
- libxslt
- libyaml
- lynx
- m4
- mkfontdir
- mkfontscale
- nano
- p5-Error
- p5-ExtUtils-Constant
- p5-IO-Socket-IP
- p5-IO-Socket-SSL
- p5-Locale-gettext
- p5-Net-SMTP-SSL
- p5-Net-SSLeay
- p5-Socket
- pango
- pcre
- perl-threaded
- pixman
- pkgconf
- png
- portaudit
- portupgrade
- py27-wikitools
- python27
- python33
- randrproto
- renderproto
- ruby
- ruby18-bdb
- ruby19-bdb
- ruby19-date2
- tiff
- tmux
- unzip
- vim-lite
- wget
- xcb-proto
- xcb-util
- xcb-util-renderutil
- xcmiscproto
- xextproto
- xf86bigfontproto
- xineramaproto
- xorg-fonts-truetype
- xorg-macros
- xproto
- xtrans
- zsh
konfigurierte Ports
python27
OPTIONS_FILE_SET+=EXAMPLES OPTIONS_FILE_UNSET+=FPECTL OPTIONS_FILE_SET+=IPV6 OPTIONS_FILE_SET+=NLS OPTIONS_FILE_UNSET+=PTH OPTIONS_FILE_SET+=PYMALLOC OPTIONS_FILE_UNSET+=SEM OPTIONS_FILE_SET+=THREADS OPTIONS_FILE_UNSET+=UCS2 OPTIONS_FILE_SET+=UCS4
ruby18-bdb
OPTIONS_FILE_SET+=DOCS OPTIONS_FILE_UNSET+=EXAMPLES
Konfiguration von Skripten
rc.d scripting Plone
Achtung! Eigentlich handelte es sich nur um ein direktes Nachahmen von Server/Jails/SRS1#rc.d scripting Plone. Die Funktionalität wurde erfolgreich getestet.
$EDITOR /usr/local/etc/rc.d/plone
#!/bin/sh # PROVIDE: plone # REQUIRE: LOGIN # KEYWORD: shutdown . /etc/rc.subr name="plone" rcvar=plone_enable start_cmd="${name}_start" stop_cmd="${name}_stop" restart_cmd="${name}_restart" status_cmd="${name}_status" extra_commands="status" load_rc_config ${name} #: ${plone_enable:="NO"} plone_stop() { /usr/local/Plone/zinstance/bin/plonectl stop } plone_status() { /usr/local/Plone/zinstance/bin/plonectl status } plone_start() { /usr/local/Plone/zinstance/bin/plonectl start } plone_restart() { /usr/local/Plone/zinstance/bin/plonectl restart } run_rc_command "$1"
Anpassen der Berechtigung für eine Datei für rc.d
chmod 540 /usr/local/etc/rc.d/plone
- Kontrollieren der Berechtigung für eine Datei für rc.d
ls -l /usr/local/etc/rc.d/plone
-r-xr----- 1 root wheel 603 Oct 23 18:34 /usr/local/etc/rc.d/plone
Selbstverständlich bedarf es auch noch dem Eintrag in der rc.conf, um Anzuzeigen, dass plone gestartet werden soll kann.
echo 'plone_enable="YES"' >> /etc/rc.conf
Eigentlich ist die Datei für rc.d relativ simpel. (Der Bezug sind die komplexen Varianten, die rc.d und entsprechende Dateien mit sich brinken können.)
- /usr/local/Plone/zinstance/bin/plonectl ist die Stelle und Datei zur Verwaltung des Betriebes von Plone. (Woher die Auswahl dieses Stelle stammt ist nicht näher bekannt.)
- Bei der Entfernung der Auskommentierung bei #: ${plone_enable:="NO"} würde Plone nicht zu Starten der Jail selbst starten. Jedoch wären aber noch alle anderen gewünschten Funktionalitäten von rc.d verfügbar.
- Folgende Befehle sind nun mittels rc.d verfügbar:
service plone stop
- Stoppen von Plone
service plone stauts
- Status von Plone ausgeben lassen
service plone start
- Starten von Plone
service plone restart
- Neustarten von Plone
- .
Läuft!
Siehe auch
SRS19
- FSRs
Ports
installierte Ports
- atk
- autoconf
- autoconf-wrapper
- automake
- automake-wrapper
- bdftopcf
- bigreqsproto
- bison
- bitstream-vera
- ca_root_nss
- cairo
- cmake
- cmake-modules
- compositeproto
- curl
- cvsps
- damageproto
- db41
- dejavu
- dialog4ports
- emacs-nox11
- encodings
- expat
- fixesproto
- font-bh-ttf
- font-misc-ethiopic
- font-misc-meltho
- font-util
- fontconfig
- fontsproto
- freetype2
- gamin
- gdbm
- gdk-pixbuf2
- gettext
- gio-fam-backend
- git
- glib
- gmake
- gnomehier
- gobject-introspection
- help2man
- inputproto
- jasper
- jbigkit
- jpeg
- kbproto
- libICE
- libSM
- libX11
- libXau
- libXcomposite
- libXcursor
- libXdamage
- libXdmcp
- libXext
- libXfixes
- libXfont
- libXi
- libXinerama
- libXrandr
- libXrender
- libXt
- libcheck
- libevent
- libevent2
- libexecinfo
- libffi
- libfontenc
- libgcrypt
- libgpg-error
- libiconv
- libidn
- libpthread-stubs
- libsigsegv
- libtool
- libxcb
- libxml2
- libxslt
- libyaml
- lynx
- m4
- mkfontdir
- mkfontscale
- nano
- p5-Error
- p5-ExtUtils-Constant
- p5-IO-Socket-IP
- p5-IO-Socket-SSL
- p5-Locale-gettext
- p5-Net-SMTP-SSL
- p5-Net-SSLeay
- p5-Socket
- pango
- pcre
- perl-threaded
- pixman
- pkgconf
- png
- portaudit
- portupgrade
- py27-wikitools
- python27
- python33
- randrproto
- renderproto
- ruby
- ruby18-bdb
- ruby19-bdb
- ruby19-date2
- tiff
- tmux
- unzip
- vim-lite
- wget
- xcb-proto
- xcb-util
- xcb-util-renderutil
- xcmiscproto
- xextproto
- xf86bigfontproto
- xineramaproto
- xorg-fonts-truetype
- xorg-macros
- xproto
- xtrans
- zsh
konfigurierte Ports
ca_root_nss
OPTIONS_FILE_UNSET+=ETCSYMLINK
freetype2
OPTIONS_FILE_UNSET+=CFF_HINTING_ADOBE OPTIONS_FILE_UNSET+=LCD_FILTERING
libcheck
OPTIONS_FILE_SET+=DOCS OPTIONS_FILE_SET+=EXAMPLES
libxml2
OPTIONS_FILE_UNSET+=MEM_DEBUG OPTIONS_FILE_SET+=SCHEMA OPTIONS_FILE_SET+=THREADS OPTIONS_FILE_UNSET+=THREAD_ALLOC OPTIONS_FILE_UNSET+=XMLLINT_HIST
libxslt
OPTIONS_FILE_SET+=CRYPTO OPTIONS_FILE_UNSET+=MEM_DEBUG
png
OPTIONS_FILE_SET+=APNG
python27
OPTIONS_FILE_SET+=EXAMPLES OPTIONS_FILE_UNSET+=FPECTL OPTIONS_FILE_SET+=IPV6 OPTIONS_FILE_SET+=NLS OPTIONS_FILE_UNSET+=PTH OPTIONS_FILE_SET+=PYMALLOC OPTIONS_FILE_UNSET+=SEM OPTIONS_FILE_SET+=THREADS OPTIONS_FILE_UNSET+=UCS2 OPTIONS_FILE_SET+=UCS4
ruby18-bdb
OPTIONS_FILE_SET+=DOCS OPTIONS_FILE_UNSET+=EXAMPLES
zusätzliche Konfigurationsdateien
Konfiguration der Programme
nginx
nginx.conf
lies: http://elasticdog.com/2008/02/howto-install-wordpress-on-nginx/
sudo
/usr/local/etc/sudoers
…
## Uncomment to allow members of group wheel to execute any command
# %wheel ALL=(ALL) ALL
%<username> ALL=(ALL) ALL
%<username> ALL=(ALL) ALL
…
Siehe auch
SRS20
- WEITERLEITUNG StuRa:Server/SRS20/2016
SRS28
Auf die Schnelle:
- Jail, die auf srs2342 (mit veraltetem FreeBSD)
- ist nicht in Betrieb
- diente für das hosting von Websites zu Projekten, auch mit anderen StuRä
Ports
installierte Ports
- atk
- autoconf
- autoconf-wrapper
- automake
- automake-wrapper
- bdftopcf
- bigreqsproto
- bison
- bitstream-vera
- ca_root_nss
- cairo
- cmake
- cmake-modules
- compositeproto
- curl
- cvsps
- damageproto
- db41
- dejavu
- dialog4ports
- emacs-nox11
- encodings
- expat
- fixesproto
- font-bh-ttf
- font-misc-ethiopic
- font-misc-meltho
- font-util
- fontconfig
- fontsproto
- freetype2
- gamin
- gdbm
- gdk-pixbuf2
- gettext
- gio-fam-backend
- git
- glib
- gmake
- gnomehier
- gobject-introspection
- help2man
- inputproto
- jasper
- jbigkit
- jpeg
- kbproto
- libICE
- libSM
- libX11
- libXau
- libXcomposite
- libXcursor
- libXdamage
- libXdmcp
- libXext
- libXfixes
- libXfont
- libXi
- libXinerama
- libXrandr
- libXrender
- libXt
- libcheck
- libevent
- libevent2
- libexecinfo
- libffi
- libfontenc
- libgcrypt
- libgpg-error
- libiconv
- libidn
- libpthread-stubs
- libsigsegv
- libtool
- libxcb
- libxml2
- libxslt
- libyaml
- lynx
- m4
- mkfontdir
- mkfontscale
- nano
- p5-Error
- p5-ExtUtils-Constant
- p5-IO-Socket-IP
- p5-IO-Socket-SSL
- p5-Locale-gettext
- p5-Net-SMTP-SSL
- p5-Net-SSLeay
- p5-Socket
- pango
- pcre
- perl-threaded
- pixman
- pkgconf
- png
- portaudit
- portupgrade
- py27-wikitools
- python27
- python33
- randrproto
- renderproto
- ruby
- ruby
- ruby18-bdb
- ruby19-bdb
- ruby19-date2
- tiff
- tmux
- unzip
- vim-lite
- wget
- xcb-proto
- xcb-util
- xcb-util-renderutil
- xcmiscproto
- xextproto
- xf86bigfontproto
- xineramaproto
- xorg-fonts-truetype
- xorg-macros
- xproto
- xtrans
- zsh
konfigurierte Ports
ca_root_nss
OPTIONS_FILE_UNSET+=ETCSYMLINK
freetype2
OPTIONS_FILE_UNSET+=CFF_HINTING_ADOBE OPTIONS_FILE_UNSET+=LCD_FILTERING
libcheck
OPTIONS_FILE_SET+=DOCS OPTIONS_FILE_SET+=EXAMPLES
libxml2
OPTIONS_FILE_UNSET+=MEM_DEBUG OPTIONS_FILE_SET+=SCHEMA OPTIONS_FILE_SET+=THREADS OPTIONS_FILE_UNSET+=THREAD_ALLOC OPTIONS_FILE_UNSET+=XMLLINT_HIST
libxslt
OPTIONS_FILE_SET+=CRYPTO OPTIONS_FILE_UNSET+=MEM_DEBUG
png
OPTIONS_FILE_SET+=APNG
python27
OPTIONS_FILE_SET+=EXAMPLES OPTIONS_FILE_UNSET+=FPECTL OPTIONS_FILE_SET+=IPV6 OPTIONS_FILE_SET+=NLS OPTIONS_FILE_UNSET+=PTH OPTIONS_FILE_SET+=PYMALLOC OPTIONS_FILE_UNSET+=SEM OPTIONS_FILE_SET+=THREADS OPTIONS_FILE_UNSET+=UCS2 OPTIONS_FILE_SET+=UCS4
ruby18-bdb
OPTIONS_FILE_SET+=DOCS OPTIONS_FILE_UNSET+=EXAMPLES
zusätzliche Konfigurationsdateien
Jail
/etc/rc.conf
apache22_enable="YES"
sshd_enable="YES"
Konfiguration der Programme
apache
httpd.conf
…
LoadModule php5_module libexec/apache22/libphp5.so
<IfModule php5_module>
DirectoryIndex index.php index.php5 index.html
AddType application/x-httpd-php .php
AddType application/x-httpd-php-source .phps
</IfModule>
…
ServerAdmin <admin[at]domain.tld>
…
ServerName <Jail-IP>
…
DocumentRoot "/usr/local/www/data"
…
<Directory "/usr/local/www/data/website">
#
# Possible values for the Options directive are "None", "All",
# or any combination of:
# Indexes Includes FollowSymLinks SymLinksifOwnerMatch ExecCGI MultiViews
#
# Note that "MultiViews" must be named *explicitly* --- "Options All"
# doesn't give it to you.
#
# The Options directive is both complicated and important. Please see
# http://httpd.apache.org/docs/2.2/mod/core.html#options
# for more information.
#
Options Indexes FollowSymLinks
DirectoryIndex index.php index.php5 index.html
#
# AllowOverride controls what directives may be placed in .htaccess files.
# It can be "All", "None", or any combination of the keywords:
# Options FileInfo AuthConfig Limit
#
AllowOverride All
#
# Controls who can get stuff from this server.
#
Order allow,deny
Allow from all
</Directory>
…
sshd
sshd_config
…
Port <PORTNUMMER>
…
ListenAddress 0.0.0.0
…
LoginGraceTime 1m
PermitRootLogin no
StrictModes yes
MaxAuthTries 3
MaxSessions 4
AllowUsers <die mit der richtigen permisse> #nur durch leerzeichen trennen
…
Match User <Username>
ChrootDirectory /usr/local/www/data
ForceCommand internal-sftp
AllowTcpForwarding no
X11Forwarding no
…
Siehe auch
- Der Artikel Server/SRS1337/Jails dient der dokumentarischen Sammlung aller Jails, welche auf der dicken Berta angelegt sind.
Standart Ports und Konfiguration der Jail
- Standartports sind mit Hilfe des
startup.sh
-Scriptes installiert worden.
help2man
OPTIONS_FILE_SET+=NLS
libiconv
OPTIONS_FILE_SET+=ENCODINGS
OPTIONS_FILE_UNSET+=PATCHES
m4
OPTIONS_FILE_SET+=LIBSIGSEGV
pcre
OPTIONS_FILE_SET+=STACK_RECURSION
perl
OPTIONS_FILE_SET+=DEBUG
OPTIONS_FILE_SET+=GDBM
OPTIONS_FILE_SET+=MULTIPLICITY
OPTIONS_FILE_SET+=PERL_64BITINT
OPTIONS_FILE_SET+=PERL_MALLOC
OPTIONS_FILE_SET+=PTHREAD
OPTIONS_FILE_UNSET+=SITECUSTOMIZE
OPTIONS_FILE_SET+=THREADS
OPTIONS_FILE_SET+=USE_PERL
portupgrade
OPTIONS_FILE_SET+=DOCS
ruby
OPTIONS_FILE_SET+=DEBUG
OPTIONS_FILE_UNSET+=ONIGURUMA
OPTIONS_FILE_SET+=RDOC
zsh
OPTIONS_FILE_SET+=DEBUG
OPTIONS_FILE_SET+=DOCS
OPTIONS_FILE_SET+=EXAMPLES
OPTIONS_FILE_SET+=GDBM
OPTIONS_FILE_SET+=MAILDIR
OPTIONS_FILE_SET+=MEM
OPTIONS_FILE_SET+=MULTIBYTE
OPTIONS_FILE_SET+=PCRE
OPTIONS_FILE_SET+=SECURE_FREE
OPTIONS_FILE_UNSET+=STATIC
SRS16
Ports
installierte Ports
- apr
- asciidoc
- atk
- autoconf
- autoconf-wrapper
- automake
- automake-wrapper
- bdftopcf
- bigreqsproto
- bison
- bitstream-vera
- boehm-gc+fulldebug
- bsdadminscripts
- ca_root_nss
- cairo
- cmake
- cmake-modules
- compositeproto
- curl
- cvsps
- damageproto
- db41
- db42
- dejavu
- dialog4ports
- docbook
- docbook-sk
- docbook-xml
- docbook-xsl
- encodings
- expat
- fixesproto
- font-bh-ttf
- font-misc-ethiopic
- font-misc-meltho
- font-util
- fontconfig
- fontsproto
- freetype2
- gamin
- gdbm
- gdk-pixbuf2
- getopt
- gettext
- gio-fam-backend
- git
- glib
- gmake
- gnomehier
- gobject-introspection
- gtk
- gtk-update-icon-cache
- help2man
- hicolor-icon-theme
- icu
- inputproto
- intltool
- iso8879
- jasper
- jbigkit
- jpeg
- kbproto
- libICE
- libSM
- libX11
- libXau
- libXcomposite
- libXcursor
- libXdamage
- libXdmcp
- libXext
- libXfixes
- libXfont
- libXft
- libXi
- libXinerama
- libXrandr
- libXrender
- libXt
- libcheck
- libevent
- libevent2
- libexecinfo
- libffi
- libfontenc
- libgcrypt
- libgpg-error
- libiconv
- libpaper
- libpthread-stubs
- libsigsegv
- libssh2
- libtool
- libxcb
- libxml2
- libxslt
- libyaml
- lynx
- m4
- mkfontdir
- mkfontscale
- neon29
- p5-Error
- p5-IO-Socket-IP
- p5-IO-Socket-SSL
- p5-Locale-gettext
- p5-Net-SMTP-SSL
- p5-Net-SSLeay
- p5-Socket
- p5-Term-ReadKey
- p5-URI
- p5-XML-Parser
- p5-subversion
- pango
- pcre
- perl-threaded
- pixman
- pkgconf
- png
- portaudit
- portupgrade
- python27
- python33
- randrproto
- renderproto
- ruby
- ruby18-bdb
- ruby19-bdb
- ruby19-date2
- shared-mime-info
- sqlite3
- subversion
- tiff
- tmux
- unzip
- vim-lite
- w3m
- xcb-proto
- xcb-util
- xcb-util-renderutil
- xcmiscproto
- xextproto
- xf86bigfontproto
- xineramaproto
- xmlcatmgr
- xmlcharent
- xmlto
- xorg-fonts-truetype
- xorg-macros
- xproto
- xtrans
- zsh
konfigurierte Ports
apr
OPTIONS_FILE_SET+=SSL OPTIONS_FILE_SET+=THREADS OPTIONS_FILE_SET+=IPV6 OPTIONS_FILE_SET+=DEVRANDOM OPTIONS_FILE_SET+=BDB OPTIONS_FILE_SET+=GDBM OPTIONS_FILE_UNSET+=LDAP OPTIONS_FILE_UNSET+=MYSQL OPTIONS_FILE_UNSET+=NDBM OPTIONS_FILE_UNSET+=PGSQL OPTIONS_FILE_UNSET+=SQLITE OPTIONS_FILE_UNSET+=FREETDS
python27
OPTIONS_FILE_UNSET+=EXAMPLES OPTIONS_FILE_UNSET+=FPECTL OPTIONS_FILE_SET+=IPV6 OPTIONS_FILE_SET+=NLS OPTIONS_FILE_UNSET+=PTH OPTIONS_FILE_SET+=PYMALLOC OPTIONS_FILE_UNSET+=SEM OPTIONS_FILE_SET+=THREADS OPTIONS_FILE_UNSET+=UCS2 OPTIONS_FILE_SET+=UCS4
SRS17
Ports
installierte Ports
- apr
- asciidoc
- atk
- autoconf
- autoconf-wrapper
- automake
- automake-wrapper
- bash
- bdftopcf
- bigreqsproto
- bison
- bitstream-vera
- boehm-gc+fulldebug
- bsdadminscripts
- ca_root_nss
- cairo
- cmake
- cmake-modules
- compositeproto
- curl
- cvsps
- damageproto
- db41
- db42
- dejavu
- dialog4ports
- docbook
- docbook-sk
- docbook-xml
- docbook-xsl
- encodings
- expat
- fixesproto
- font-bh-ttf
- font-misc-ethiopic
- font-misc-meltho
- font-util
- fontconfig
- fontsproto
- freetype2
- gamin
- gdbm
- gdk-pixbuf2
- getopt
- gettext
- gio-fam-backend
- git
- glib
- gmake
- gnomehier
- gobject-introspection
- gtk
- gtk-update-icon-cache
- help2man
- hicolor-icon-theme
- icu
- inputproto
- intltool
- iso8879
- jasper
- jbigkit
- jpeg
- kbproto
- libICE
- libSM
- libX11
- libXau
- libXcomposite
- libXcursor
- libXdamage
- libXdmcp
- libXext
- libXfixes
- libXfont
- libXft
- libXi
- libXinerama
- libXrandr
- libXrender
- libXt
- libcheck
- libevent
- libevent2
- libexecinfo
- libffi
- libfontenc
- libgcrypt
- libgpg-error
- libiconv
- libpaper
- libpthread-stubs
- libsigsegv
- libssh2
- libtool
- libxcb
- libxml2
- libxslt
- libyaml
- lynx
- m4
- mkfontdir
- mkfontscale
- neon29
- p5-Error
- p5-IO-Socket-IP
- p5-IO-Socket-SSL
- p5-Locale-gettext
- p5-Net-SMTP-SSL
- p5-Net-SSLeay
- p5-Socket
- p5-Term-ReadKey
- p5-URI
- p5-XML-Parser
- p5-subversion
- pango
- pcre
- perl-threaded
- pixman
- pkgconf
- png
- portaudit
- portupgrade
- python27
- python33
- randrproto
- renderproto
- ruby
- ruby18-bdb
- ruby19-bdb
- ruby19-date2
- shared-mime-info
- sqlite3
- subversion
- tiff
- tmux
- unzip
- vim-lite
- w3m
- xcb-proto
- xcb-util
- xcb-util-renderutil
- xcmiscproto
- xextproto
- xf86bigfontproto
- xineramaproto
- xmlcatmgr
- xmlcharent
- xmlto
- xorg-fonts-truetype
- xorg-macros
- xproto
- xtrans
- zsh
konfigurierte Ports
icu
OPTIONS_FILE_SET+=THREADS
libxml2
OPTIONS_FILE_UNSET+=MEM_DEBUG OPTIONS_FILE_SET+=SCHEMA OPTIONS_FILE_SET+=THREADS OPTIONS_FILE_UNSET+=THREAD_ALLOC OPTIONS_FILE_UNSET+=XMLLINT_HIST
zusätzliche Konfigurationsdateien
Jail
/etc/rc.conf
sshd_enable="YES"
ejabberd_enable="YES"
/etc/ssh/sshd_config
…
ListenAddress 141.56.50.17
…
PasswordAuthentication no
…
UsePAM no
…
Konfiguration der Programme
/usr/local/etc/ejabberd/ejabberd.cfg
...
{loglevel, 3}.
...
{watchdog_admins, ["foo@srs17.stura.htw-dresden.de", "bar@srs17.stura.htw-dresden.de"]}.
...
{hosts, ["srs17.stura.htw-dresden.de"]}.
...
starttls, {certfile, "/root/ejabberd.pem"},
starttls_required,
...
%%captcha,
%%http_bind,
%%http_poll,
...
{s2s_use_starttls, required}.
...
{s2s_certfile, "/root/ejabberd.pem"}.
...
{acl, admin, {user, "foo", "srs17.stura.htw-dresden.de"}}.
{acl, admin, {user, "bar", "srs17.stura.htw-dresden.de"}}.
...
{acl, blocked, {user, "test"}}.
{acl, blocked, {user, "root"}}.
{acl, blocked, {user, "r00t"}}.
{acl, blocked, {user, "r0ot"}}.
{acl, blocked, {user, "ro0t"}}.
{acl, blocked, {user, "adm1n"}}.
{acl, blocked, {user, "admin"}}.
{acl, blocked, {user, "kss"}}.
{acl, blocked, {user, "administrator"}}.
{acl, blocked, {user, "administrat0r"}}.
{acl, blocked, {user, "adm1n1strat0r"}}.
{acl, blocked, {user, "adm1nistrat0r"}}.
{acl, blocked, {user, "admin1strat0r"}}.
{acl, blocked, {user, "adm1nistrator"}}.
{acl, blocked, {user, "admin1strator"}}.
...
{access, max_user_sessions, [{2, all}]}.
...
{language, "de"}.
...
%%{mod_irc, []},
...
%%{mod_pubsub, [
%%{access_createnode, pubsub_createnode},
%%{ignore_pep_from_offline, true}, % reduces resource comsumption, but XEP incompliant
...
%%{last_item_cache, false},
%%{plugins, ["flat", "hometree", "pep"]} % pep requires mod_caps
%%]},
...
{registration_watchers, ["foo@srs17.stura.htw-dresden.de", "bar@srs17.stura.htw-dresden.de"]},
...
{ip_access, [
{allow, "0.0.0.0/8"}
%%{allow, "127.0.0.0/8"},
%%{deny, "0.0.0.0/0"}
]},
...