StuRa:Server/Hauptsystem
dicke Berta
Der Artikel Server/Hauptsystem dient zur Dokumentation des hauptsächlichen Systems des Servers (unseres StuRa).
Die <eingegrenzten Bereiche> sind Inhalte, die variabel sind oder hier nicht angegeben werden können.
Software
Installation
PT und Frank Hebold orientierte sich ergänzend an der "Anleitung" FreeBSD 9 mit Root on ZFS.
Installation des Betriebssystems
Starten mit dem Startmedium
- mit Speicherabbild für den USB-Stick
Einrichtung der Festplatten zur Installation des Betriebssystems
Festplatten einrichten
- gpart create -s gpt /dev/da0
- gpart create -s gpt /dev/da1
- gpart create -s gpt /dev/da2
Partitionierung der Festplatten zur Installation des Betriebssystems
Festplatten partitionieren
- gpart add -s 512k -t freebsd-boot da0
- gpart add -s 512k -t freebsd-boot da1
- gpart add -s 512k -t freebsd-boot da2
- gpart add -s 3G -t freebsd-swap da0
- gpart add -s 3G -t freebsd-swap da1
- gpart add -s 3G -t freebsd-swap da2
- gpart add -t freebsd-zfs da0
- gpart add -t freebsd-zfs da1
- gpart add -t freebsd-zfs da2
Bootloader zur Installation des Betriebssystems
- gpart bootcode -b /boot/pmbr -p /boot/gptzfsboot -i 1 da0
- gpart bootcode -b /boot/pmbr -p /boot/gptzfsboot -i 1 da1
- gpart bootcode -b /boot/pmbr -p /boot/gptzfsboot -i 1 da2
Spiegeln des SWAP zur Installation des Betriebssystems
SWAP spiegeln (Redundanz erzeugen)
- gmirror label -v -b round-robin swap0 da0p2 da1p2 da2p2
- gmirror load
Anlegen des Pools für ZFS zur Installation des Betriebssystems
Pool für ZFS anlegen
- zpool create storich mirror da0p3 da1p3 da2p3
- zfs set mountpoint=/mnt storich
- zpool export storich
- zpool import -o cachefile=/var/tmp/zpool.cache storich
- zfs set checksum=fletcher4 storich
Anlegen der Datasets von ZFS zur Installation des Betriebssystems
Datasets von ZFS anlegen
- zfs create -o compression=on -o exec=on -o setuid=off storich/tmp
- chmod 1777 /mnt/tmp
- zfs create storich/usr
- zfs create storich/usr/home
- cd /mnt/
- ln -s /usr/home home
- zfs create -o compression=lzjb -o setuid=off storich/usr/ports
- zfs create -o compression=off -o exec=off -o setuid=off storich/usr/ports/distfiles
- zfs create -o compression=off -o exec=off -o setuid=off storich/usr/ports/packages
- zfs create -o compression=off -o exec=off -o setuid=off storich/usr/src
- zfs create storich/var
- zfs create -o compression=off -o exec=off -o setuid=off storich/var/crash
- zfs create -o exec=off -o setuid=off storich/var/empty
- zfs create -o compression=lzjb -o exec=off -o setuid=off storich/var/log
- zfs create -o compression=gzip -o exec=off -o setuid=off storich/var/mail
- zfs create -o exec=off -o setuid=off storich/var/run
- zfs create -o compression=lzjb -o exec=on -o setuid=off storich/var/tmp
- chmod 1777 /mnt/var/tmp
Installation des Betriebssystems zur Installation des Betriebssystems
Installation FreeBSD 9.X
- tar -xf /usr/freebsd-dist/base.txz
- tar -xf /usr/freebsd-dist/kernel.txz
- tar -xf /usr/freebsd-dist/doc.txz
- tar -xf /usr/freebsd-dist/lib32.txz
- tar -xf /usr/freebsd-dist/ports.txz
- tar -xf /usr/freebsd-dist/src.txz
- zfs set readonly=on storich/var/empty
Konfiguration des FreeBSD nach der Installation des Betriebssystems
Änderung des Rootverzeichnisses nach der Installation des Betriebssystems
Änderung des Rootverzeichnisses
- chroot /mnt
Setzen des Passwortes für root nach der Installation des Betriebssystems
root-Passwort setzen
- passwd
Anpassung zum Einhängen des SWAP-Mirror für jeden Boot-Vorgang nach der Installation des Betriebssystems
SWAP beim Hochfahren einhängen
- ee /etc/fstab
#Device Mountpoint FStype Options Dump Pass#
/dev/mirror/swap0 none swap sw 0 0
Anpassung zur Aktivierung von ZFS für jeden Boot-Vorgang nach der Installation des Betriebssystems
Aktivierung des ZFS
- ee /etc/rc.conf
zfs_enable="YES"
Laden der benötigten Kernel-Module
- ee /boot/loader.conf
zfs_load="YES"
vfs.root.mountfrom="zfs:storich"
geom_mirror_load="YES"
Anpassung zur Aktivierung der Netzwerkeinstellungen für jeden Boot-Vorgang nach der Installation des Betriebssystems
Grundkonfiguration der Netzwerkeinstellungen
- ee /etc/rc.conf
hostname="hostname der Maschine"
defaultrouter="IP des Defaultrouters"
ifconfig_bce0="IP der Maschine netmask 255.255.255.0"
Anpassung zur Festlegung der Dauer vom Bootscreen für jeden Boot-Vorgang nach der Installation des Betriebssystems
Festlegung (Reduzierung) der Dauer vom Bootscreen
- ee /boot/loader.conf
autoboot_delay="1"
Anpassung zur Festlegung der Zeitzone nach der Installation des Betriebssystems
Änderung der Zeitzone
- tzsetup
Europe
Germany
Abmelden aus dem Rootverzeichnisses nach der Installation des Betriebssystems
- exit
Kopieren der Informationen zum Pool für ZFS für jeden Boot-Vorgang nach der Installation des Betriebssystems
Informationen zum Pool für ZFS kopieren (oder verschieben)
- cp /var/tmp/zpool.cache /mnt/boot/zfs/
einmaliges Aushängen und Festlegung der zukünftige Einhängepunkte der Datasets von ZFS für jeden Boot-Vorgang nach der Installation des Betriebssystems
Datasets von ZFS aushängen und zukünftige Einhängepunkte festlegen
- cd /
- zfs unmount -a
- zfs set mountpoint=legacy storich
- zfs set mountpoint=/tmp storich/tmp
- zfs set mountpoint=/usr storich/usr
- zfs set mountpoint=/var storich/var
Neustarten nach der Installation des Betriebssystems
FERTIG! (Neustart!)
- reboot
Anpassungen und Ergänzungen nach der Installation des Betriebssystems
Anpassung zur Festlegung der Adressen für die Weiterleitung der Mails des Betriebssystems
Erstellung und Weiterleitung von Adressen für Mails vom Betriebssystem
- cd /etc/mail
- ee alias
- make aliases
Erstellung der Liste für Nameserver
- ee /etc/resolv.conf
domain domain.tld
nameserver "IP"
nameserver "IP"
Installation der Portscollection
- portsnap fetch extract
Bereitstellung von SSH
Konfiguration von OpenSSH
- openssh
- ssh auf anderen port legen
- Vorschläge für sshd_config
- ee /etc/ssh/sshd_config
VersionAddendum
Port $SSH_PORTNUMMER
ListenAddress $JAIL_IP
Protocol 2
SyslogFacility AUTH
LogLevel INFO
LoginGraceTime 1m
PermitRootLogin no
StrictModes yes
MaxAuthTries 4
MaxSessions 5
AllowUsers $DER_COOLE_LEUTE_CLUB
PermitEmptyPasswords no
X11Forwarding no
Banner none
- immer schön manpage lesen und mit dem Feinkamm durchgehen
- keys + passwörter zur Authentifizierung
- in jails:ListenAddress 0.0.0.0
Aktivierung von OpenSSH für jeden Boot-Vorgang
- ee /etc/rc.conf
sshd_enable="YES"
Anpassung der Sicherheitseinstellungen
Festlegung zur Automatisierung der Updates
- Automatische Portscollection updaten
- Mailinfo zusenden zu
- nicht aktuellen Ports
- verbugten Ports
- ee /etc/crontab
0 13 * * * root portsnap -I cron fetch && portsnap update && pkg_version -vIL=
0 14 * * * root portaudit -Fda
0 */12 * * * root /usr/sbin/audit -n
Installation der Audit-Unterstützung
- auditd starten
- /etc/rc.d/auditd start
= Festlegen der Grundeinstellungen der Audit-Unterstützung =
- flags setzen
- ee /etc/security/audit_control
flags:lo,aa,ex
- synchronize config:
- audit -s
= Anpassung zur Aktivierung der Audit-Unterstützung für jeden Boot-Vorgang =
- ee /etc/rc.conf
# Audit Deamon aktivieren
auditd_enable="YES"
Installation des Paket Filters (PF) von OpenBSD und ALTQ
- Paketfilter starten
- /etc/rc.d/pf start
- /etc/rc.d/pflog start
= Festlegen der Regeln für den Paket Filter =
- ee /etc/pf.conf
### MAKROS
thishost "$MAIN_IP"
# portsnap5 204.9.55.80
portsnap_freebsd "{ 204.109.56.116 204.9.55.80 }"
# auditfile.tbz is beeing fetched from portaudit.freebsd.org
portaudit_freebsd "69.147.83.36"
# dnsserver from resolv.conf
dnsserver "{ 85.214.73.63 217.79.186.148 27.110.120.30 204.152.184.76 194.150$
### RULES
# default deny
block in all
block out all
# lokales interface darf ohne einschränkungen
pass in quick on lo0 all
pass out quick on lo0 all
## HOST
# allow ssh
pass in on bce0 proto tcp from any to $thishost port $SSH_PORT
pass out on bce0 proto tcp from $thishost port $SSH_PORT to any
## allow outbound icmp
# echo request
pass out inet proto icmp icmp-type 8 code 0 keep state
# echo reply
pass in inet proto icmp icmp-type 0 code 0 keep state
# destination unreachable
pass in inet proto icmp icmp-type 3 keep state
# allow DNS lookups {also via tcp?} port 53
# what about traversal???
pass out on bce0 proto udp from $thishost to $dnsserver port 53 keep state
# allow portsnap to fetch from freebsd.org (ports?)
pass in on bce0 proto tcp from $portsnap_freebsd to $thishost
pass out on bce0 proto tcp from $thishost to $portsnap_freebsd
# allow portaudit to fetch auditfile.tbz via http
pass in on bce0 proto tcp from $portaudit_freebsd port 80 to $thishost
pass out on bce0 proto tcp from $thishost to $portaudit_freebsd port 80
## JAIL Beispiel (uneingeschränkt -> dumme Idee, ports dienstabhänging freigeben
pass in on bce0 proto { tcp udp icmp } from any to $jail_srs14
pass out on bce0 proto { tcp udp icmp } from $jail_srs14 to any
- Regeln überprüfen
- pfctl -vnf /etc/pf.conf
- alte Regeln durch die neuen Regeln ersetzen
- pfctl -Fa -f /etc/pf.conf
= Anpassung zur Aktivierung des Paket Filters für jeden Boot-Vorgang =
- ee /etc/rc.conf
# Packet Filter aktivieren
pf_enable="YES"
# auf die erstellte Datei mit den Regeln für den Packet Filter verweisen
pf_rules="/etc/pf.conf"
# Log für den Packet Filterlog aktivieren
pflog_enable="YES"
Anpassung zur Aktivierung des Durchroutens aller Jails für jeden Boot-Vorgang
- ee /etc/rc.conf
# host system is gateway for jails
gateway_enable="YES"
Anpassung zur Aktivierung der Systemlog-Informationen für jeden Boot-Vorgang
- ee /etc/rc.conf
# syslogd an Hauptmaschine binden
syslogd_flags="-b $MAIN_IP"
Anpassung zur Sprache und Zeichensatz
- ee /etc/login.conf
# deutsch einstellen
default:\
:charset=ISO-8859-1:\
:lang=de_DE.ISO8859-1:\
- cap_mkdb /etc/login.conf
Zusammenfassung der Einträge und Anpassung nach der Installation des Betriebssystems
- Hinweis
- Bei einer Mehrzahl von Einträgen sollte die Datei hier als Zusammenfassung abgebildet werden.
- Bei einmaligen Einträgen kann auf den entsprechende Abschnitt verwiesen werden.
/mnt/etc/fstab
/boot/loader.conf
zfs_load="YES"
vfs.root.mountfrom="zfs:storich"
geom_mirror_load="YES"
autoboot_delay="1"
/etc/rc.conf
zfs_enable="YES"
keymap="german.iso"
hostname="Name des Servers"
defaultrouter="IP(v4)-Adresse des nächsten Routers (im C-Netz)"
ifconfig_em0="IP(v4)-Adresse des Servers (host) netmask 255.255.255.0"
sshd_enable="YES"
# Audit Deamon aktivieren
auditd_enable="YES"
# Packetfilter aktivieren
pf_enable="YES"
# Packetfilter Datei
pf_rules="/etc/pf.conf"
# Packetfilterlog aktivieren
pflog_enable="YES"
# host system is gateway for jails
gateway_enable="YES"
# syslogd an Hauptmaschine binden
syslogd_flags="-b IP(v4)-Adresse des Servers (host)"
- Wenn IPv6 verfügbar ist, müssen noch weitere Anpassung für die Nutzung von IPv6 eingetragen werden.
- Hilfreiche Seite für das Tunneln von ipv6 zu 4 Adressen
#Aktivierung des IPv6 Supports
ipv6_enable="YES"
ipv6_defaultrouter="<IPv6-Adresse des nächsten Routers>"
ipv6_ifconfig_em0="<IPv6-Adresse des Servers (host)> prefixlen 128"
# host system is gateway for jails with ipv6
ipv6_gateway_enable="YES"
/etc/resolv.conf
siehe #Erstellung der Liste für Nameserver
- Aus Sicherheitsgründen wurde hier nicht der orginale Dateiinalt hingeschrieben
/etc/ssh/sshd_config
siehe #Konfiguration von OpenSSH
/etc/crontab
siehe #Festlegung zur Automatisierung der Updates
/etc/security/audit_control
sieh #Festlegen der Grundeinstellungen der Audit-Unterstützung
/etc/pf.conf
siehe #Festlegen der Regeln für den Paket Filter
- Aus Sicherheitsgründen wurde hier nicht der orginale Dateiinalt hingeschrieben
/etc/login.conf
siehe #Anpassung zur Sprache und Zeichensatz
fette Elke
loader.conf
- für den apache22 Eintrag anlegen
accf_data_load=”YES” # Wait for data accept filter
accf_http_load=”YES” # Wait for full HTTP request accept filter
sysctl.conf
kern.ipc.somaxconn=1024 #mögliche Verbindungen erhöhen
security.jail.allow_raw_sockets=1 # Jail kann raw-socket
Ports
installierte Ports
- autoconf
- autoconf-wrapper
- automake
- automake-wrapper
- db41
- emacs-nox11
- gdbm
- gettext
- gmake
- help2man
- libevent
- libevent2
- libiconv
- libidn
- libsigsegv
- libtool
- m4
- nano
- p5-Locale-gettext
- pcre
- perl-threaded
- pkgconf
- portaudit
- portupgrade
- python27
- ruby
- ruby18-bdb
- tmux
- wget
- zsh
konfigurierte Ports
gdbm
WITH_COMPAT=true
help2man
OPTIONS_FILE_SET+=NLS
libevent2
OPTIONS_FILE_SET+=OPENSSL
OPTIONS_FILE_SET+=THREADS
libiconv
WITH_EXTRA_ENCODINGS=true
WITHOUT_EXTRA_PATCHES=true
m4
WITH_LIBSIGSEGV=true
pcre
OPTIONS_FILE_SET+=JIT
perl
WITHOUT_DEBUGGING=true
WITH_GDBM=true
WITH_PERL_MALLOC=true
WITH_PERL_64BITINT=true
WITH_THREADS=true
WITH_PTHREAD=true
WITH_MULTIPLICITY=true
WITHOUT_SITECUSTOMIZE=true
WITH_USE_PERL=true
portupgrade
OPTIONS_FILE_SET+=DOCS
OPTIONS_FILE_SET+=DB_OVERRIDE
OPTIONS_FILE_SET+=BDB4
OPTIONS_FILE_UNSET+=BDB1
python27
OPTIONS_FILE_SET+=EXAMPLES
OPTIONS_FILE_UNSET+=FPECTL
OPTIONS_FILE_SET+=IPV6
OPTIONS_FILE_SET+=NLS
OPTIONS_FILE_UNSET+=PTH
OPTIONS_FILE_SET+=PYMALLOC
OPTIONS_FILE_UNSET+=SEM
OPTIONS_FILE_SET+=THREADS
OPTIONS_FILE_UNSET+=UCS2
OPTIONS_FILE_SET+=UCS4
ruby
OPTIONS_FILE_UNSET+=ONIGURUMA
OPTIONS_FILE_SET+=RDOC
OPTIONS_FILE_UNSET+=DEBUG
tmux
OPTIONS_FILE_SET+=BACKSPACE
OPTIONS_FILE_SET+=LIBEVENT2
OPTIONS_FILE_SET+=LIBEVENT_STATIC
wget
WITHOUT_GNUTLS=true
WITH_IPV6=true
WITH_NLS=true
WITH_OPENSSL=true
WITH_IDN=true
zsh
OPTIONS_FILE_UNSET+=DEBUG
OPTIONS_FILE_SET+=DOCS
OPTIONS_FILE_UNSET+=GDBM
OPTIONS_FILE_SET+=MAILDIR
OPTIONS_FILE_SET+=MEM
OPTIONS_FILE_SET+=MULTIBYTE
OPTIONS_FILE_SET+=PCRE
OPTIONS_FILE_SET+=SECURE_FREE
OPTIONS_FILE_UNSET+=STATIC
- Der Artikel Server/SRS2342/Jails dient der dokumentarischen Sammlung aller Jails, welche auf der fetten Elke angelgt sind
Standart Ports und Konfiguration der Jail
- Standartports sind mit Hilfe des
startup.sh
-Scriptes installiert worden.
help2man
OPTIONS_FILE_SET+=NLS
libiconv
OPTIONS_FILE_SET+=ENCODINGS OPTIONS_FILE_UNSET+=PATCHES
m4
WITH_LIBSIGSEGV=true
pcre
OPTIONS_FILE_SET+=STACK_RECURSION
perl
OPTIONS_FILE_SET+=DEBUG OPTIONS_FILE_UNSET+=GDBM OPTIONS_FILE_SET+=MULTIPLICITY OPTIONS_FILE_SET+=PERL_64BITINT OPTIONS_FILE_UNSET+=PERL_MALLOC OPTIONS_FILE_SET+=PTHREAD OPTIONS_FILE_UNSET+=SITECUSTOMIZE OPTIONS_FILE_SET+=THREADS OPTIONS_FILE_SET+=USE_PERL
portupgrade
OPTIONS_FILE_SET+=DOCS
ruby
OPTIONS_FILE_UNSET+=ONIGURUMA OPTIONS_FILE_SET+=RDOC OPTIONS_FILE_UNSET+=DEBUG
zsh
OPTIONS_FILE_UNSET+=DEBUG OPTIONS_FILE_SET+=DOCS OPTIONS_FILE_SET+=EXAMPLES OPTIONS_FILE_UNSET+=GDBM OPTIONS_FILE_SET+=MAILDIR OPTIONS_FILE_SET+=MEM OPTIONS_FILE_SET+=MULTIBYTE OPTIONS_FILE_SET+=PCRE OPTIONS_FILE_SET+=SECURE_FREE OPTIONS_FILE_UNSET+=STATIC
SRS1
- Verwendungszweck
Lauft!
Plone
Plone 4.0.5 via UnifiedInstaller installieren.
install.sh --password=<password> standalone
Plone 4.0.5 to 4.1 fehlgeschlagen
- im verzeichnis von …/GenericSetup die rolemap.xml angelegt
link : [1]
<?xml version="1.0" encoding="UTF-8"?> <rolemap> <permissions> <permission name="ATContentTypes Topic: Add ATBooleanCriterion" acquire="True"> <role name="Contributor"/> </permission> <permission name="ATContentTypes Topic: Add ATCurrentAuthorCriterion" acquire="True"> <role name="Contributor"/> </permission> <permission name="ATContentTypes Topic: Add ATDateCriteria" acquire="True"> <role name="Contributor"/> </permission> <permission name="ATContentTypes Topic: Add ATDateRangeCriterion" acquire="True"> <role name="Contributor"/> </permission> <permission name="ATContentTypes Topic: Add ATListCriterion" acquire="True"> <role name="Contributor"/> </permission> <permission name="ATContentTypes Topic: Add ATPathCriterion" acquire="True"> <role name="Contributor"/> </permission> <permission name="ATContentTypes Topic: Add ATPortalTypeCriterion" acquire="True"> <role name="Contributor"/> </permission> <permission name="ATContentTypes Topic: Add ATReferenceCriterion" acquire="True"> <role name="Contributor"/> </permission> <permission name="ATContentTypes Topic: Add ATRelativePathCriterion" acquire="True"> <role name="Contributor"/> </permission> <permission name="ATContentTypes Topic: Add ATSelectionCriterion" acquire="True"> <role name="Contributor"/> </permission> <permission name="ATContentTypes Topic: Add ATSimpleIntCriterion" acquire="True"> <role name="Contributor"/> </permission> <permission name="ATContentTypes Topic: Add ATSimpleStringCriterion" acquire="True"> <role name="Contributor"/> </permission> <permission name="ATContentTypes Topic: Add ATSortCriterion" acquire="True"> <role name="Contributor"/> </permission> <permission name="Add portal topics" acquire="True"> <role name="Contributor"/> </permission> <permission name="Change portal topics" acquire="True"> <role name="Editor"/> </permission> </permissions> </rolemap>
Ports
installierte Ports
- atk
- autoconf
- autoconf-wrapper
- automake
- automake-wrapper
- bdftopcf
- bigreqsproto
- bison
- bitstream-vera
- ca_root_nss
- cairo
- cmake
- cmake-modules
- compositeproto
- curl
- cvsps
- damageproto
- db41
- dejavu
- dialog4ports
- emacs-nox11
- encodings
- expat
- fixesproto
- font-bh-ttf
- font-misc-ethiopic
- font-misc-meltho
- font-util
- fontconfig
- fontsproto
- freetype2
- gamin
- gdbm
- gdk-pixbuf2
- gettext
- gio-fam-backend
- git
- glib
- gmake
- gnomehier
- gobject-introspection
- help2man
- inputproto
- jasper
- jbigkit
- jpeg
- kbproto
- libICE
- libSM
- libX11
- libXau
- libXcomposite
- libXcursor
- libXdamage
- libXdmcp
- libXext
- libXfixes
- libXfont
- libXi
- libXinerama
- libXrandr
- libXrender
- libXt
- libcheck
- libevent
- libevent2
- libexecinfo
- libffi
- libfontenc
- libgcrypt
- libgpg-error
- libiconv
- libidn
- libpthread-stubs
- libsigsegv
- libtool
- libxcb
- libxml2
- libxslt
- libyaml
- lynx
- m4
- mkfontdir
- mkfontscale
- nano
- p5-Error
- p5-ExtUtils-Constant
- p5-IO-Socket-IP
- p5-IO-Socket-SSL
- p5-Locale-gettext
- p5-Net-SMTP-SSL
- p5-Net-SSLeay
- p5-Socket
- pango
- pcre
- perl-threaded
- pixman
- pkgconf
- png
- portaudit
- portupgrade
- py27-wikitools
- python27
- python33
- randrproto
- renderproto
- ruby
- ruby
- ruby18-bdb
- ruby19-bdb
- ruby19-date2
- tiff
- tmux
- unzip
- vim-lite
- wget
- xcb-proto
- xcb-util
- xcb-util-renderutil
- xcmiscproto
- xextproto
- xf86bigfontproto
- xineramaproto
- xorg-fonts-truetype
- xorg-macros
- xproto
- xtrans
- zsh
konfigurierte Ports
cairo
OPTIONS_FILE_SET+=GLIB OPTIONS_FILE_UNSET+=OPENGL OPTIONS_FILE_SET+=X11 OPTIONS_FILE_SET+=XCB
freetype2
OPTIONS_FILE_UNSET+=CFF_HINTING_ADOBE OPTIONS_FILE_UNSET+=LCD_FILTERING
gamin
OPTIONS_FILE_UNSET+=GAM_POLLER OPTIONS_FILE_UNSET+=LIBINOTIFY OPTIONS_FILE_SET+=RUN_AS_EUID
gdk-pixbuf2
OPTIONS_FILE_SET+=JASPER OPTIONS_FILE_SET+=JPEG OPTIONS_FILE_SET+=NLS OPTIONS_FILE_SET+=PNG OPTIONS_FILE_SET+=TIFF
jasper
OPTIONS_FILE_UNSET+=OPENGL OPTIONS_FILE_UNSET+=UUID
libcheck
OPTIONS_FILE_SET+=DOCS OPTIONS_FILE_UNSET+=EXAMPLES
libevent2
OPTIONS_FILE_SET+=OPENSSL OPTIONS_FILE_SET+=THREADS
libffi
OPTIONS_FILE_UNSET+=TESTS
libxml2
OPTIONS_FILE_UNSET+=MEM_DEBUG OPTIONS_FILE_SET+=SCHEMA OPTIONS_FILE_SET+=THREADS OPTIONS_FILE_UNSET+=THREAD_ALLOC OPTIONS_FILE_UNSET+=XMLLINT_HIST
libxslt
OPTIONS_FILE_SET+=CRYPTO OPTIONS_FILE_UNSET+=MEM_DEBUG
lynx
OPTIONS_FILE_SET+=SSL OPTIONS_FILE_SET+=DEFAULT_COLORS OPTIONS_FILE_SET+=IPV6 OPTIONS_FILE_SET+=NLS
pango
OPTIONS_FILE_SET+=X11
pixman
OPTIONS_FILE_SET+=SIMD
png
OPTIONS_FILE_SET+=APNG
python27
OPTIONS_FILE_SET+=EXAMPLES OPTIONS_FILE_UNSET+=FPECTL OPTIONS_FILE_SET+=IPV6 OPTIONS_FILE_SET+=NLS OPTIONS_FILE_UNSET+=PTH OPTIONS_FILE_SET+=PYMALLOC OPTIONS_FILE_UNSET+=SEM OPTIONS_FILE_SET+=THREADS OPTIONS_FILE_UNSET+=UCS2 OPTIONS_FILE_SET+=UCS4
ruby18-bdb
OPTIONS_FILE_SET+=DOCS OPTIONS_FILE_UNSET+=EXAMPLES
tmux
OPTIONS_FILE_SET+=BACKSPACE OPTIONS_FILE_SET+=LIBEVENT2 OPTIONS_FILE_UNSET+=LIBEVENT_STATIC
Konfiguration der Programme
Konfiguration Plone
- für Backup aktivierung
- in die buildout.cfg schreiben unter der überschrift [buildout]
########################################## ## # Parts Specification #-------------------- # Specifies the components that should be included in the buildout. # All the basics are in the base.cfg extension; you may add your # own if you need them at the end of this file. parts = instance zopepy zopeskel unifiedinstaller chown backup repozo
- [backup] am Schluss hin schreiben und weitere Parameter eintragen (buildout.cfg)
[backup] recipe = collective.recipe.backup keep = 4 full = true debug = false snapshotlocation = /root/plonebackup/snapshot backup_blobs = true blobsnapshotlocation = /root/plonebackup/blobsnapshots gzip = true enable_snapshotrestore = false
- wenn die Datei repozo.py fehlte (buildout.cfg)
[repozo] recipe = zc.recipe.egg eggs = ZODB3 scripts = repozo
- /etc/crontab
# Plone inkrementelles Backup * 23 * * 6 root <path/to/plone>/zinstance/bin/backup # Plone Fullbackup (snapshot) * 20 5 * * root <path/to/plone>/zinstance/bin/snapshotbackup
Konfiguration Apache22
- httpd.conf
ServerTokens ProductOnly
ServerSignature Off
- extra/httpd-vhost.conf
<VirtualHost *:80>
# A sample VirtualHost section for using Apache as a webserver
# instead of Zope.
# ServerName is the url of your website.
ServerName <domain>
# ServerName 127.0.0.1
# Add serverAlias lines for other domain names that should
# point to this website. They will be rewritten by Apache to
# the ServerName, so that anyone going to www.site.com
# will be invisibly redirected to site.com in their browser.
ServerAlias domain
# ServerAdmin is your email address, which shows up on error
# pages when Apache cannot connect to Zope.
ServerAdmin adminmail
# The ProxyPass and ProxyPassReverse lines are the magic
# ingredients. They rewite requests to http://site.com and
# pass the entire request through to Zope on
# http://site.com:8080. The VirtualHostBase ensures that
# when the page goes back to the browser, it goes out through
# Apache, and appears to have come from http://site.com.
# The line is made up from:
# ProxyPass or ProxyPassReverse
# / is the url at http://site.com that you wish to use to
# point to the Zope site. You could keep http://site.com as a
# flat HTML site in Apache, and replace / with /zope to make
# http://site/com/zope point to your zope site.
# http://site.com:8080 is the address that your zope is
# running on.
# /VirtualHostBase/http/site.com:80 makes sure that zope
# *thinks* it is running at http://site.com instead of at
# http://site.com:8080. You don't have to do anything else
# in Zope to make this work.
# /yourplonesite is the location of your Plone Site within Zope.
# If you added a Plone Site into the root of your Zope with an id
# of 'mysite', then you just change this bit to /mysite
# /VirtualHostRoot/ makes your Plone site think it is the root of the site.
ProxyPass / http://127.0.0.1:8080/VirtualHostBase/http/<domain>:80/Plone/VirtualHostRoot/
ProxyPassReverse / http://127.0.0.1:8080/VirtualHostBase/http/<domain>:80/Plone/VirtualHostRoot/
# CacheRoot is the location on the filesystem to store files that
# Apache caches. This directory must be created, and the user that
# Apache runs as must have full write permissions to it.
# It's a bad idea to create this in the /tmp directory, as the
# directory itself will then be deleted when you reboot.
CacheRoot "/var/cache/www.stura.htw-dresden.de"
CacheEnable disk /
# CacheSize determines how big this cache can get in KB. It's a
# good idea that this number is about 30% less than the available
# space in the CacheRoot directory. Here we choose to cache 100MB
# of data, which is enough for a personal website, but not for
# anything larger.
MCacheSize 524288
MCacheMaxObjectCount 100000
MCacheMinObjectSize 1
MCacheMaxObjectSize 200000
# CacheGcInterval specifies how often (in hours) to examine the
# cache and delete obsolete files.
#CacheGcInterval 2
# CacheLastModifiedFactor allows the estimation of an expiry date
# for a page if it doesn't have an expiry-date specified in the
# HTTP headers returned from Zope. This is based on (time since
# last modification * CacheLastModifiedFactor), so that content
# that is ten hours old would be given an expiry date of 1 hour in
# the future.
CacheLastModifiedFactor 0.1
# CacheDefaultExpire sets a default expiry time of 0,5 hour into the
# future for cached pages.
CacheDefaultExpire 0.5
# CacheDirLength sets the number of characters used in directory
# names for subdirectories of CacheRoot
CacheDirLength 3
# The following definitions set expiry times for various content
# types. In this list, each content type defined is cached for a
# maximum period of 1 hour (3600 seconds) before it must be checked
# again. Non-listed content types are not cached.
ExpiresActive On
expiresByType image/ief A3600
ExpiresByType image/tiff A3600
ExpiresByType image/bmp A3600
ExpiresByType image/gif A3600
ExpiresByType image/png A3600
ExpiresByType image/jpeg A3600
ExpiresByType image/x-cmu-raster A3600
ExpiresByType image/x-portable-anymap A3600
ExpiresByType image/x-portable-bitmap A3600
ExpiresByType image/x-portable-graymap A3600
ExpiresByType image/x-portable-pixmap A3600
ExpiresByType image/x-rgb A3600
ExpiresByType image/x-xbitmap A3600
ExpiresByType image/x-xpixmap A3600
ExpiresByType image/x-xwindowdump A3600
ExpiresByType text/css A3600
ExpiresByType text/javascript A3600
ExpiresByType application/x-javascript A3600
ExpiresByType text/html A3600
ExpiresByType text/xml A3600
# CustomLog "/var/log/www.stura.htw-dresden.de-access_log" common
</VirtualHost>
Konfiguration von Skripten
rc.d scripting Plone
Seit Anbeginn (nun mehrere Jahre) hat der Betrieb von Plone auf srs1 ein großes Manko: Plone startet nicht von allein. Daher musste sich auf srs1 manuell angemeldet werden und Plone musste "von Hand" gestartet werden. Das soll nun anders sein.
$EDITOR /usr/local/etc/rc.d/plone
#!/bin/sh # PROVIDE: plone # REQUIRE: LOGIN # KEYWORD: shutdown . /etc/rc.subr name="plone" rcvar=plone_enable start_cmd="${name}_start" stop_cmd="${name}_stop" restart_cmd="${name}_restart" status_cmd="${name}_status" extra_commands="status" load_rc_config ${name} #: ${plone_enable:="NO"} plone_stop() { /usr/local/Plone/zinstance/bin/plonectl stop } plone_status() { /usr/local/Plone/zinstance/bin/plonectl status } plone_start() { /usr/local/Plone/zinstance/bin/plonectl start } plone_restart() { /usr/local/Plone/zinstance/bin/plonectl restart } run_rc_command "$1"
Anpassen der Berechtigung für eine Datei für rc.d
chmod 540 /usr/local/etc/rc.d/plone
- Kontrollieren der Berechtigung für eine Datei für rc.d
ls -l /usr/local/etc/rc.d/plone
-r-xr----- 1 root wheel 603 Oct 23 18:34 /usr/local/etc/rc.d/plone
Selbstverständlich bedarf es auch noch dem Eintrag in der rc.conf, um Anzuzeigen, dass plone gestartet werden soll kann.
echo 'plone_enable="YES"' >> /etc/rc.conf
Eigentlich ist die Datei für rc.d relativ simpel. (Der Bezug sind die komplexen Varianten, die rc.d und entsprechende Dateien mit sich brinken können.)
- /usr/local/Plone/zinstance/bin/plonectl ist die Stelle und Datei zur Verwaltung des Betriebes von Plone. (Woher die Auswahl dieses Stelle stammt ist nicht näher bekannt.)
- Bei der Entfernung der Auskommentierung bei #: ${plone_enable:="NO"} würde Plone nicht zu Starten der Jail selbst starten. Jedoch wären aber noch alle anderen gewünschten Funktionalitäten von rc.d verfügbar.
- Folgende Befehle sind nun mittels rc.d verfügbar:
service plone stop
- Stoppen von Plone
service plone stauts
- Status von Plone ausgeben lassen
service plone start
- Starten von Plone
service plone restart
- Neustarten von Plone
- .
Läuft!
Weblinks
SRS2
Ports
installierte Ports
- atk
- autoconf
- autoconf-wrapper
- automake
- automake-wrapper
- bdftopcf
- bigreqsproto
- bison
- bitstream-vera
- ca_root_nss
- cairo
- cmake
- cmake-modules
- compositeproto
- curl
- cvsps
- damageproto
- db41
- dejavu
- dialog4ports
- emacs-nox11
- encodings
- expat
- fixesproto
- font-bh-ttf
- font-misc-ethiopic
- font-misc-meltho
- font-util
- fontconfig
- fontsproto
- freetype2
- gamin
- gdbm
- gdk-pixbuf2
- gettext
- gio-fam-backend
- git
- glib
- gmake
- gnomehier
- gobject-introspection
- help2man
- inputproto
- jasper
- jbigkit
- jpeg
- kbproto
- libICE
- libSM
- libX11
- libXau
- libXcomposite
- libXcursor
- libXdamage
- libXdmcp
- libXext
- libXfixes
- libXfont
- libXi
- libXinerama
- libXrandr
- libXrender
- libXt
- libcheck
- libevent
- libevent2
- libexecinfo
- libffi
- libfontenc
- libgcrypt
- libgpg-error
- libiconv
- libidn
- libpthread-stubs
- libsigsegv
- libtool
- libxcb
- libxml2
- libxslt
- libyaml
- lynx
- m4
- mkfontdir
- mkfontscale
- nano
- p5-Error
- p5-ExtUtils-Constant
- p5-IO-Socket-IP
- p5-IO-Socket-SSL
- p5-Locale-gettext
- p5-Net-SMTP-SSL
- p5-Net-SSLeay
- p5-Socket
- pango
- pcre
- perl-threaded
- pixman
- pkgconf
- png
- portaudit
- portupgrade
- py27-wikitools
- python27
- python33
- randrproto
- renderproto
- ruby
- ruby18-bdb
- ruby19-bdb
- ruby19-date2
- tiff
- tmux
- unzip
- vim-lite
- wget
- xcb-proto
- xcb-util
- xcb-util-renderutil
- xcmiscproto
- xextproto
- xf86bigfontproto
- xineramaproto
- xorg-fonts-truetype
- xorg-macros
- xproto
- xtrans
- zsh
konfigurierte Ports
dejavu
OPTIONS_FILE_SET+=DOCS OPTIONS_FILE_SET+=LINKS
gdbm
OPTIONS_FILE_UNSET+=COMPAT
libcheck
OPTIONS_FILE_SET+=DOCS OPTIONS_FILE_SET+=EXAMPLES
libxslt
OPTIONS_FILE_UNSET+=MEM_DEBUG OPTIONS_FILE_SET+=CRYPTO
png
OPTIONS_FILE_SET+=APNG
python27
OPTIONS_FILE_SET+=EXAMPLES OPTIONS_FILE_UNSET+=FPECTL OPTIONS_FILE_SET+=IPV6 OPTIONS_FILE_SET+=NLS OPTIONS_FILE_UNSET+=PTH OPTIONS_FILE_SET+=PYMALLOC OPTIONS_FILE_UNSET+=SEM OPTIONS_FILE_SET+=THREADS OPTIONS_FILE_UNSET+=UCS2 OPTIONS_FILE_SET+=UCS4
ruby18-bdb
OPTIONS_FILE_SET+=DOCS OPTIONS_FILE_UNSET+=EXAMPLES
wget
OPTIONS_FILE_SET+=GNUTLS OPTIONS_FILE_SET+=IPV6 OPTIONS_FILE_SET+=NLS OPTIONS_FILE_SET+=OPENSSL OPTIONS_FILE_SET+=IDN
Konfiguration der Programme
SRS13
Verwendungszweck: MediaWiki für wiki.htw.stura-dresden.de
Ports
installierte Ports
- atk
- autoconf
- autoconf-wrapper
- automake
- automake-wrapper
- bdftopcf
- bigreqsproto
- bison
- bitstream-vera
- ca_root_nss
- cairo
- cmake
- cmake-modules
- compositeproto
- curl
- cvsps
- damageproto
- db41
- dejavu
- dialog4ports
- emacs-nox11
- encodings
- expat
- fixesproto
- font-bh-ttf
- font-misc-ethiopic
- font-misc-meltho
- font-util
- fontconfig
- fontsproto
- freetype2
- gamin
- gdbm
- gdk-pixbuf2
- gettext
- gio-fam-backend
- git
- glib
- gmake
- gnomehier
- gobject-introspection
- help2man
- inputproto
- jasper
- jbigkit
- jpeg
- kbproto
- libICE
- libSM
- libX11
- libXau
- libXcomposite
- libXcursor
- libXdamage
- libXdmcp
- libXext
- libXfixes
- libXfont
- libXi
- libXinerama
- libXrandr
- libXrender
- libXt
- libcheck
- libevent
- libevent2
- libexecinfo
- libffi
- libfontenc
- libgcrypt
- libgpg-error
- libiconv
- libidn
- libpthread-stubs
- libsigsegv
- libtool
- libxcb
- libxml2
- libxslt
- libyaml
- lynx
- m4
- mkfontdir
- mkfontscale
- nano
- p5-Error
- p5-ExtUtils-Constant
- p5-IO-Socket-IP
- p5-IO-Socket-SSL
- p5-Locale-gettext
- p5-Net-SMTP-SSL
- p5-Net-SSLeay
- p5-Socket
- pango
- pcre
- perl-threaded
- pixman
- pkgconf
- png
- portaudit
- portupgrade
- py27-wikitools
- python27
- python33
- randrproto
- renderproto
- ruby
- ruby18-bdb
- ruby19-bdb
- ruby19-date2
- tiff
- tmux
- unzip
- vim-lite
- wget
- xcb-proto
- xcb-util
- xcb-util-renderutil
- xcmiscproto
- xextproto
- xf86bigfontproto
- xineramaproto
- xorg-fonts-truetype
- xorg-macros
- xproto
- xtrans
- zsh
konfigurierte Ports
ca_root_nss
OPTIONS_FILE_SET+=ETCSYMLINK
freetype2
OPTIONS_FILE_UNSET+=CFF_HINTING_ADOBE OPTIONS_FILE_UNSET+=LCD_FILTERING
libcheck
OPTIONS_FILE_SET+=DOCS OPTIONS_FILE_SET+=EXAMPLES
libxml2
OPTIONS_FILE_UNSET+=MEM_DEBUG OPTIONS_FILE_SET+=SCHEMA OPTIONS_FILE_SET+=THREADS OPTIONS_FILE_UNSET+=THREAD_ALLOC OPTIONS_FILE_UNSET+=XMLLINT_HIST
libxslt
OPTIONS_FILE_SET+=CRYPTO OPTIONS_FILE_UNSET+=MEM_DEBUG
png
OPTIONS_FILE_SET+=APNG
python27
OPTIONS_FILE_SET+=EXAMPLES OPTIONS_FILE_UNSET+=FPECTL OPTIONS_FILE_SET+=IPV6 OPTIONS_FILE_SET+=NLS OPTIONS_FILE_UNSET+=PTH OPTIONS_FILE_SET+=PYMALLOC OPTIONS_FILE_UNSET+=SEM OPTIONS_FILE_SET+=THREADS OPTIONS_FILE_UNSET+=UCS2 OPTIONS_FILE_SET+=UCS4
ruby18-bdb
OPTIONS_FILE_SET+=DOCS OPTIONS_FILE_UNSET+=EXAMPLES
zusätzliche Konfigurationsdateien
Jail
/etc/rc.conf
apache22_enable="YES"
mysql_enable="YES"
Konfiguration der Programme
apache
httpd.conf
…
LoadModule php5_module libexec/apache22/libphp5.so
<IfModule php5_module>
DirectoryIndex index.php index.php5 index.html
AddType application/x-httpd-php .php
AddType application/x-httpd-php-source .phps
</IfModule>
…
ServerAdmin <admin[at]domain.tld>
…
ServerName wiki.htw.stura-dresden.de:80
…
DocumentRoot "</path/to/mediawiki>"
…
#<Directory "/usr/local/www/apache22/data">
#
# Possible values for the Options directive are "None", "All",
# or any combination of:
# Indexes Includes FollowSymLinks SymLinksifOwnerMatch ExecCGI MultiViews
#
# Note that "MultiViews" must be named *explicitly* --- "Options All"
# doesn't give it to you.
#
# The Options directive is both complicated and important. Please see
# http://httpd.apache.org/docs/2.2/mod/core.html#options
# for more information.
#
# Options Indexes FollowSymLinks
#
# AllowOverride controls what directives may be placed in .htaccess files.
# It can be "All", "None", or any combination of the keywords:
# Options FileInfo AuthConfig Limit
#
# AllowOverride None
#
# Controls who can get stuff from this server.
#
# Order allow,deny
# Allow from all
#</Directory>
…
# Virtual hosts
Include etc/apache22/extra/httpd-vhosts.conf
…
# CustomLog "/var/log/httpd-access.log" combined # comment out Der StuRa speichert nicht!
…
extra/httpd-vhosts.conf
…
NameVirtualHost 141.56.50.13:80
…
<VirtualHost wiki.htw.stura-dresden.de:80>
Redirect permanent / http://wiki.stura.htw-dresden.de/
</VirtualHost>
<VirtualHost wiki.stura.htw-dresden.de:80>
ServerAdmin webmaster@stura.htw-dresden.de
DocumentRoot "/usr/local/www/sturawiki_1_19_2"
ServerName wiki.stura.htw-dresden.de
ServerAlias www.wiki.stura.htw-dresden.de
<Directory "/usr/local/www/sturawiki_1_19_2">
Options Indexes FollowSymLinks
DirectoryIndex index.php index.php5 index.html
AllowOverride none
Order allow,deny
Allow from all
</Directory>
ErrorLog "/var/log/wiki-error_log"
# CustomLog "/var/log/wiki-access_log" common
</VirtualHost>
<VirtualHost wiki.hs-abc.htw.stura-dresden.de:80>
ServerAdmin webmaster@stura.htw-dresden.de
DocumentRoot "/usr/local/www/hs-abcwiki_1_19_4"
ServerName wiki.hs-abc.htw.stura-dresden.de
ServerAlias www.wiki.hs-abc.htw.stura-dresden.de
<Directory "/usr/local/www/hs-abcwiki_1_19_4">
Options Indexes FollowSymLinks
DirectoryIndex index.php index.php5 index.html
AllowOverride none
Order allow,deny
Allow from all
</Directory>
ErrorLog "/var/log/wiki-error_log"
# CustomLog "/var/log/wiki-access_log" common
</VirtualHost>
<VirtualHost wiki.fzs.stura-dresden.de:80>
ServerAdmin webmaster@stura.htw-dresden.de
DocumentRoot "/usr/local/www/fzswiki_1_19_4"
ServerName wiki.fzs.stura-dresden.de
ServerAlias www.wiki.fzs.htw.stura-dresden.de
<Directory "/usr/local/www/fzswiki_1_19_4">
Options Indexes FollowSymLinks
DirectoryIndex index.php index.php5 index.html
AllowOverride none
Order allow,deny
Allow from all
</Directory>
ErrorLog "/var/log/fzswiki-error_log"
# CustomLog "/var/log/fzswiki-access_log" common
</VirtualHost>
<VirtualHost fzs-wiki.de:80>
DocumentRoot "/usr/local/www/fzswiki_1_19_4"
ServerName wiki.fzs.stura-dresden.de
ServerAlias www.wiki.fzs.htw.stura-dresden.de
<Directory "/usr/local/www/fzswiki_1_19_4">
Options Indexes FollowSymLinks
DirectoryIndex index.html index.php
AllowOverride none
Order allow,deny
Allow from all
</Directory>
</VirtualHost>
mediawiki
Wiki
</path/to/mediawiki-stura>/LocalSettings.php
…
$wgLogo = "$wgStylePath/common/images/stura.jpg";
$wgFavicon = "$wgStylePath/common/images/stura_ohne_typo.favicon32.jpg";
…
$wgDefaultSkin = 'vector';
…
##############################
## Ausnahmen Details zeigen ##
##############################
$wgShowExceptionDetails = false;
###################
## Mail Settings ##
###################
$wgSMTP = array (
'IDHost' => 'wiki.stura.htw-dresden.de', //this is used to build the Message-ID mail header
'host' => 'mail.stura.htw-dresden.de', //this is the outgoing mail server name (SMTP server)
'port' => 25, //this is the port used by the SMTP server
'auth' => false, //in my case, authentication is not required by the mail server for outgoing mail
);
################
## Namespaces ##
################
define("NS_STURA", 100);
define("NS_STURA_TALK", 101);
define("NS_INTERN", 102);
define("NS_INTERN_TALK", 103);
define("NS_ADMIN", 104);
define("NS_ADMIN_TALK", 105);
define("NS_PERSON", 106);
define("NS_PERSON_TALK", 107);
$wgExtraNamespaces[NS_STURA] = "StuRa";
$wgExtraNamespaces[NS_STURA_TALK] = "StuRa_Diskussion";
$wgExtraNamespaces[NS_INTERN] = "Intern";
$wgExtraNamespaces[NS_INTERN_TALK] = "Intern_Diskussion";
$wgExtraNamespaces[NS_ADMIN] = "Admin";
$wgExtraNamespaces[NS_ADMIN_TALK] = "Admin_Diskussion";
$wgExtraNamespaces[NS_PERSON] = "Person";
$wgExtraNamespaces[NS_PERSON_TALK] = "Person_Diskussion";
################
## Extensions ##
################
$wgAllowExternalImages = true #Externe Bilder einbinden
require_once "$IP/extensions/ConfirmEdit/QuestyCaptcha.php";
$wgCaptchaClass = 'QuestyCaptcha';
$arr = array (
'Frage' => 'An answer!',
);
foreach ( $arr as $key => $value ) {
$wgCaptchaQuestions[] = array( 'question' => $key, 'answer' => $value );
};
$wgCaptchaTriggers['edit'] = true;
$wgCaptchaTriggers['create'] = true;
require_once( "$IP/extensions/Renameuser/Renameuser.php" );
require_once( "$IP/extensions/WikiEditor/WikiEditor.php" );
require_once( "$IP/extensions/Lockdown/Lockdown.php" );
require_once( "$IP/extensions/Interwiki/Interwiki.php" );
require_once( "$IP/extensions/ContributionScores/ContributionScores.php" );
#################################
## ContributionScores settings ##
#################################
$wgContribScoreIgnoreBots = true; // Exclude Bots from the reporting - Can be omitted.
$wgContribScoreIgnoreBlockedUsers = true; // Exclude Blocked Users from the reporting - Can be omitted.
$wgContribScoresUseRealName = true; // Use real user names when available - Can be omitted. Only for MediaWiki 1.19 and later.
$wgContribScoreDisableCache = false; // Set to true to disable cache for parser function and inclusion of table.
//Each array defines a report - 7,50 is "past 7 days" and "LIMIT 50" - Can be omitted.
$wgContribScoreReports = array(
array(7,50),
array(30,50),
array(0,50)
) ;
####################
## costume groups ##
####################
// Implicit group for intern (copy of group user)
$wgGroupPermissions['intern']['move'] = true;
$wgGroupPermissions['intern']['move-subpages'] = true;
$wgGroupPermissions['intern']['move-rootuserpages'] = true; // can move root userpages
//$wgGroupPermissions['intern']['movefile'] = true; // Disabled for now due to possible bugs and security concerns
$wgGroupPermissions['intern']['read'] = true;
$wgGroupPermissions['intern']['edit'] = true;
$wgGroupPermissions['intern']['createpage'] = true;
$wgGroupPermissions['intern']['createtalk'] = true;
$wgGroupPermissions['intern']['writeapi'] = true;
$wgGroupPermissions['intern']['upload'] = true;
$wgGroupPermissions['intern']['reupload'] = true;
$wgGroupPermissions['intern']['reupload-shared'] = true;
$wgGroupPermissions['intern']['minoredit'] = true;
$wgGroupPermissions['intern']['purge'] = true; // can use ?action=purge without clicking "ok"
$wgGroupPermissions['intern']['sendemail'] = true;
// To grant sysops permissions to edit interwiki data
$wgGroupPermissions['sysop']['interwiki'] = true;
###########################
## Restricted namespaces ##
###########################
$wgNamespacePermissionLockdown[NS_INTERN]['*'] = array('intern');
$wgNamespacePermissionLockdown[NS_INTERN_TALK]['*'] = array('intern');
$wgNamespacePermissionLockdown[NS_PERSON]['*'] = array('intern');
$wgNamespacePermissionLockdown[NS_PERSON_TALK]['*'] = array('intern');
Wiki Extensions
Wiki Extension Asirra
Die Extension:Asirra wird nicht mehr verwendet!
- Die Extension:Asirra
- wurde seit 2014-10 nicht mehr unterstützt;
- funktionierte Ende 2014 nicht mehr;
- musst Ende 2014 ersetzt werden;
- wurde Anfang 2015 durch Tom durch #Wiki Extension QuestyCaptcha ersetzt;
- diente als CAPTCHA.
- Asirra/ConfirmEdit.php
Wiki Extension Lockdown
- Installation
wget https://codeload.github.com/wikimedia/mediawiki-extensions-Lockdown/legacy.tar.gz/REL1_19
tar -xzf wikimedia-mediawiki-extensions-Lockdown-84fca94.tar.gz -C /var/www/mediawiki/extensions
Wiki Extension QuestyCaptcha
Die Extension:QuestyCaptcha
- dient als CAPTCHA;
- wurde 2015-01 installiert;
- ersetzte #Wiki Extension Asirra.
HS-ABC Wiki
</path/to/mediawiki-hsabc>/LocalSettings.php
require_once( "$IP/extensions/Asirra/Asirra.php" ); require_once( "$IP/extensions/Renameuser/Renameuser.php" ); require_once( "$IP/extensions/WikiEditor/WikiEditor.php" ); ################### ## Mail Settings ## ################### $wgSMTP = array ( 'IDHost' => 'wiki.hs-abc.htw.stura-dresden.de', //this is used to build the Message-ID mail header 'host' => 'mail.stura.htw-dresden.de', //this is the outgoing mail server name (SMTP server) 'port' => 25, //this is the port used by the SMTP server 'auth' => false, //in my case, authentication is not required by the mail server for outgoing mail );
</path/to/mediawiki-hsabc>/extensions/Asirra/ConfirmEdit.php
…
$wgGroupPermissions['user' ]['skipcaptcha'] = true;
$wgGroupPermissions['autoconfirmed']['skipcaptcha'] = false;
…
$wgCaptchaTriggers['edit'] = true; // Would check on every edit
$wgCaptchaTriggers['create'] = false; // Check on page creation.
$wgCaptchaTriggers['sendemail'] = true; // Special:Emailuser
…
Siehe auch
- Wiki
- mediawikiwiki:Manual:Upgrading MediaWiki
- Server/MediaWiki
- mediawikiwiki:Manual:Running MediaWiki on FreeBSD
- mediawikiwiki:Extension:User Merge and Delete
SRS14
- WEITERLEITUNG StuRa:Server/SRS14/2018
SRS15
- Verwendungszweck
- ansatzweise Anwendung von verschiedener Software für ein potentielles AUS
- Accounts
Django
Django Installation
cd /usr/ports/www/py-django/ && sudo make install clean
┌──────────────────────────── py27-django-1.5.1 ───────────────────────────────┐ │ ┌──────────────────────────────────────────────────────────────────────────┐ │ │ │+[ ] FASTCGI FastCGI support │ │ │ │+[ ] HTMLDOCS Install the HTML documentation (requires Sphinx) │ │ │ │───────────────────────────────── DATABASE ───────────────────────────────│ │ │ │+[ ] PGSQL PostgreSQL database support │ │ │ │+[ ] MYSQL MySQL database support │ │ │ │+[x] SQLITE SQLite database support │ │ │ └──────────────────────────────────────────────────────────────────────────┘ │ ├──────────────────────────────────────────────────────────────────────────────┤ │ < OK > <Cancel> │ └──────────────────────────────────────────────────────────────────────────────┘
===> Cleaning for py27-django-1.5.1
- Done!
OTRS
OTRS Installation
cd /usr/ports/devel/otrs/ && sudo make install clean
trac
trac Installation
cd /usr/ports/www/trac/ && sudo make install clean
┌──────────────────────────────── trac-1.0.1 ──────────────────────────────────┐ │ ┌──────────────────────────────────────────────────────────────────────────┐ │ │ │+[x] DOCUTILS Allow additional text markup │ │ │ │+[ ] PGSQL PostgreSQL database support │ │ │ │+[x] PYGMENTS Use generic syntax highlighter │ │ │ │+[x] SILVERCITY Silvercity for syntax highlighting │ │ │ │+[x] SVN Subversion support │ │ │ │+[x] TZ Process Time Zones │ │ │ └──────────────────────────────────────────────────────────────────────────┘ │ ├──────────────────────────────────────────────────────────────────────────────┤ │ < OK > <Cancel> │ └──────────────────────────────────────────────────────────────────────────────┘
┌───────────────────────────── py27-Genshi-0.7 ────────────────────────────────┐ │ ┌──────────────────────────────────────────────────────────────────────────┐ │ │ │+[x] BABEL I18n support through the Babel plugin │ │ │ └──────────────────────────────────────────────────────────────────────────┘ │ ├──────────────────────────────────────────────────────────────────────────────┤ │ < OK > <Cancel> │ └──────────────────────────────────────────────────────────────────────────────┘
┌──────────────────────────── subversion-1.8.0_3 ──────────────────────────────┐ │ ┌──────────────────────────────────────────────────────────────────────────┐ │ │ │+[ ] BDB Berkeley DB support │ │ │ │+[ ] BOOK Install the Subversion Book │ │ │ │+[x] DOCS Build and/or install documentation │ │ │ │+[x] FREEBSD_TEMPLATE FreeBSD Project log template │ │ │ │+[ ] GNOME_KEYRING Build with GNOME Keyring auth support │ │ │ │+[ ] KDE_KWALLET Build with KDE KWallet auth support │ │ │ │+[ ] MAINTAINER_DEBUG Build debug version │ │ │ │+[ ] MOD_DAV_SVN mod_dav_svn module for Apache 2.X │ │ │ │+[x] NLS Native Language Support │ │ │ │+[x] P4_STYLE_MARKERS Perforce-style conflict markers │ │ │ │+[ ] SASL SASL support │ │ │ │+[x] SERF WebDAV/Delta-V (HTTP/HTTPS) repo access module │ │ │ │+[ ] STATIC Build static version (no shared libs) │ │ │ │+[ ] SVNSERVE_WRAPPER Enable svnserve wrapper (umask setter) │ │ │ │+[ ] TEST Run subversion test suite │ │ │ │+[ ] TOOLS Install several tools (svnauthz-validate and mod_d)│ │ │ └──────────────────────────────────────────────────────────────────────────┘ │ ├──────────────────────────────────────────────────────────────────────────────┤ │ < OK > <Cancel> │ └──────────────────────────────────────────────────────────────────────────────┘
┌─────────────────────────────── serf-1.2.1_1 ─────────────────────────────────┐ │ ┌──────────────────────────────────────────────────────────────────────────┐ │ │ │+[x] DOCS Build and/or install documentation │ │ │ └──────────────────────────────────────────────────────────────────────────┘ │ ├──────────────────────────────────────────────────────────────────────────────┤ │ < OK > <Cancel> │ └──────────────────────────────────────────────────────────────────────────────┘
===> Cleaning for trac-1.0.1
Sonstiges
Lynx
Lynx Zweck
- Browser für den localhost
- PaulRiegel (Diskussion) wollte bei #Django (gemäß Tutorial) den development server testen.
Lynx Installation
cd /usr/ports/www/py-django/ && sudo make install clean
┌────────────────────────────── lynx-2.8.7.2,1 ────────────────────────────────┐ │ ┌──────────────────────────────────────────────────────────────────────────┐ │ │ │+[x] DEFAULT_COLORS Colors support │ │ │ │+[x] IPV6 IPv6 protocol support │ │ │ │+[x] NLS Native Language Support │ │ │ │+[x] SSL SSL protocol support │ │ │ └──────────────────────────────────────────────────────────────────────────┘ │ ├──────────────────────────────────────────────────────────────────────────────┤ │ < OK > <Cancel> │ └──────────────────────────────────────────────────────────────────────────────┘
===> Cleaning for lynx-2.8.7.2,1
- Done!
SRS16
- WEITERLEITUNG Server/SRS16/2015
SRS17
Ports
installierte Ports
- apr
- asciidoc
- atk
- autoconf
- autoconf-wrapper
- automake
- automake-wrapper
- bash
- bdftopcf
- bigreqsproto
- bison
- bitstream-vera
- boehm-gc+fulldebug
- bsdadminscripts
- ca_root_nss
- cairo
- cmake
- cmake-modules
- compositeproto
- curl
- cvsps
- damageproto
- db41
- db42
- dejavu
- dialog4ports
- docbook
- docbook-sk
- docbook-xml
- docbook-xsl
- encodings
- expat
- fixesproto
- font-bh-ttf
- font-misc-ethiopic
- font-misc-meltho
- font-util
- fontconfig
- fontsproto
- freetype2
- gamin
- gdbm
- gdk-pixbuf2
- getopt
- gettext
- gio-fam-backend
- git
- glib
- gmake
- gnomehier
- gobject-introspection
- gtk
- gtk-update-icon-cache
- help2man
- hicolor-icon-theme
- icu
- inputproto
- intltool
- iso8879
- jasper
- jbigkit
- jpeg
- kbproto
- libICE
- libSM
- libX11
- libXau
- libXcomposite
- libXcursor
- libXdamage
- libXdmcp
- libXext
- libXfixes
- libXfont
- libXft
- libXi
- libXinerama
- libXrandr
- libXrender
- libXt
- libcheck
- libevent
- libevent2
- libexecinfo
- libffi
- libfontenc
- libgcrypt
- libgpg-error
- libiconv
- libpaper
- libpthread-stubs
- libsigsegv
- libssh2
- libtool
- libxcb
- libxml2
- libxslt
- libyaml
- lynx
- m4
- mkfontdir
- mkfontscale
- neon29
- p5-Error
- p5-IO-Socket-IP
- p5-IO-Socket-SSL
- p5-Locale-gettext
- p5-Net-SMTP-SSL
- p5-Net-SSLeay
- p5-Socket
- p5-Term-ReadKey
- p5-URI
- p5-XML-Parser
- p5-subversion
- pango
- pcre
- perl-threaded
- pixman
- pkgconf
- png
- portaudit
- portupgrade
- python27
- python33
- randrproto
- renderproto
- ruby
- ruby18-bdb
- ruby19-bdb
- ruby19-date2
- shared-mime-info
- sqlite3
- subversion
- tiff
- tmux
- unzip
- vim-lite
- w3m
- xcb-proto
- xcb-util
- xcb-util-renderutil
- xcmiscproto
- xextproto
- xf86bigfontproto
- xineramaproto
- xmlcatmgr
- xmlcharent
- xmlto
- xorg-fonts-truetype
- xorg-macros
- xproto
- xtrans
- zsh
konfigurierte Ports
icu
OPTIONS_FILE_SET+=THREADS
libxml2
OPTIONS_FILE_UNSET+=MEM_DEBUG OPTIONS_FILE_SET+=SCHEMA OPTIONS_FILE_SET+=THREADS OPTIONS_FILE_UNSET+=THREAD_ALLOC OPTIONS_FILE_UNSET+=XMLLINT_HIST
zusätzliche Konfigurationsdateien
Jail
/etc/rc.conf
sshd_enable="YES"
ejabberd_enable="YES"
/etc/ssh/sshd_config
…
ListenAddress 141.56.50.17
…
PasswordAuthentication no
…
UsePAM no
…
Konfiguration der Programme
/usr/local/etc/ejabberd/ejabberd.cfg
...
{loglevel, 3}.
...
{watchdog_admins, ["foo@srs17.stura.htw-dresden.de", "bar@srs17.stura.htw-dresden.de"]}.
...
{hosts, ["srs17.stura.htw-dresden.de"]}.
...
starttls, {certfile, "/root/ejabberd.pem"},
starttls_required,
...
%%captcha,
%%http_bind,
%%http_poll,
...
{s2s_use_starttls, required}.
...
{s2s_certfile, "/root/ejabberd.pem"}.
...
{acl, admin, {user, "foo", "srs17.stura.htw-dresden.de"}}.
{acl, admin, {user, "bar", "srs17.stura.htw-dresden.de"}}.
...
{acl, blocked, {user, "test"}}.
{acl, blocked, {user, "root"}}.
{acl, blocked, {user, "r00t"}}.
{acl, blocked, {user, "r0ot"}}.
{acl, blocked, {user, "ro0t"}}.
{acl, blocked, {user, "adm1n"}}.
{acl, blocked, {user, "admin"}}.
{acl, blocked, {user, "kss"}}.
{acl, blocked, {user, "administrator"}}.
{acl, blocked, {user, "administrat0r"}}.
{acl, blocked, {user, "adm1n1strat0r"}}.
{acl, blocked, {user, "adm1nistrat0r"}}.
{acl, blocked, {user, "admin1strat0r"}}.
{acl, blocked, {user, "adm1nistrator"}}.
{acl, blocked, {user, "admin1strator"}}.
...
{access, max_user_sessions, [{2, all}]}.
...
{language, "de"}.
...
%%{mod_irc, []},
...
%%{mod_pubsub, [
%%{access_createnode, pubsub_createnode},
%%{ignore_pep_from_offline, true}, % reduces resource comsumption, but XEP incompliant
...
%%{last_item_cache, false},
%%{plugins, ["flat", "hometree", "pep"]} % pep requires mod_caps
%%]},
...
{registration_watchers, ["foo@srs17.stura.htw-dresden.de", "bar@srs17.stura.htw-dresden.de"]},
...
{ip_access, [
{allow, "0.0.0.0/8"}
%%{allow, "127.0.0.0/8"},
%%{deny, "0.0.0.0/0"}
]},
...
Siehe auch
SRS18
Auf die Schnelle:
- Jail, die auf srs2342 (mit veraltetem FreeBSD)
- Dataset (für ZFS) liegt vielleicht schon woanders
- ist nicht in Betrieb
- altes Plone (aka Plone 3)
Plone
Plone 3.3 via UnifiedInstaller installieren.
install.sh --password=<password> standalone
Ports
installierte Ports
- atk
- autoconf
- autoconf-wrapper
- automake
- automake-wrapper
- bdftopcf
- bigreqsproto
- bison
- bitstream-vera
- ca_root_nss
- cairo
- cmake
- cmake-modules
- compositeproto
- curl
- cvsps
- damageproto
- db41
- dejavu
- dialog4ports
- emacs-nox11
- encodings
- expat
- fixesproto
- font-bh-ttf
- font-misc-ethiopic
- font-misc-meltho
- font-util
- fontconfig
- fontsproto
- freetype2
- gamin
- gdbm
- gdk-pixbuf2
- gettext
- gio-fam-backend
- git
- glib
- gmake
- gnomehier
- gobject-introspection
- help2man
- inputproto
- jasper
- jbigkit
- jpeg
- kbproto
- libICE
- libSM
- libX11
- libXau
- libXcomposite
- libXcursor
- libXdamage
- libXdmcp
- libXext
- libXfixes
- libXfont
- libXi
- libXinerama
- libXrandr
- libXrender
- libXt
- libcheck
- libevent
- libevent2
- libexecinfo
- libffi
- libfontenc
- libgcrypt
- libgpg-error
- libiconv
- libidn
- libpthread-stubs
- libsigsegv
- libtool
- libxcb
- libxml2
- libxslt
- libyaml
- lynx
- m4
- mkfontdir
- mkfontscale
- nano
- p5-Error
- p5-ExtUtils-Constant
- p5-IO-Socket-IP
- p5-IO-Socket-SSL
- p5-Locale-gettext
- p5-Net-SMTP-SSL
- p5-Net-SSLeay
- p5-Socket
- pango
- pcre
- perl-threaded
- pixman
- pkgconf
- png
- portaudit
- portupgrade
- py27-wikitools
- python27
- python33
- randrproto
- renderproto
- ruby
- ruby18-bdb
- ruby19-bdb
- ruby19-date2
- tiff
- tmux
- unzip
- vim-lite
- wget
- xcb-proto
- xcb-util
- xcb-util-renderutil
- xcmiscproto
- xextproto
- xf86bigfontproto
- xineramaproto
- xorg-fonts-truetype
- xorg-macros
- xproto
- xtrans
- zsh
konfigurierte Ports
python27
OPTIONS_FILE_SET+=EXAMPLES OPTIONS_FILE_UNSET+=FPECTL OPTIONS_FILE_SET+=IPV6 OPTIONS_FILE_SET+=NLS OPTIONS_FILE_UNSET+=PTH OPTIONS_FILE_SET+=PYMALLOC OPTIONS_FILE_UNSET+=SEM OPTIONS_FILE_SET+=THREADS OPTIONS_FILE_UNSET+=UCS2 OPTIONS_FILE_SET+=UCS4
ruby18-bdb
OPTIONS_FILE_SET+=DOCS OPTIONS_FILE_UNSET+=EXAMPLES
Konfiguration von Skripten
rc.d scripting Plone
Achtung! Eigentlich handelte es sich nur um ein direktes Nachahmen von Server/Jails/SRS1#rc.d scripting Plone. Die Funktionalität wurde erfolgreich getestet.
$EDITOR /usr/local/etc/rc.d/plone
#!/bin/sh # PROVIDE: plone # REQUIRE: LOGIN # KEYWORD: shutdown . /etc/rc.subr name="plone" rcvar=plone_enable start_cmd="${name}_start" stop_cmd="${name}_stop" restart_cmd="${name}_restart" status_cmd="${name}_status" extra_commands="status" load_rc_config ${name} #: ${plone_enable:="NO"} plone_stop() { /usr/local/Plone/zinstance/bin/plonectl stop } plone_status() { /usr/local/Plone/zinstance/bin/plonectl status } plone_start() { /usr/local/Plone/zinstance/bin/plonectl start } plone_restart() { /usr/local/Plone/zinstance/bin/plonectl restart } run_rc_command "$1"
Anpassen der Berechtigung für eine Datei für rc.d
chmod 540 /usr/local/etc/rc.d/plone
- Kontrollieren der Berechtigung für eine Datei für rc.d
ls -l /usr/local/etc/rc.d/plone
-r-xr----- 1 root wheel 603 Oct 23 18:34 /usr/local/etc/rc.d/plone
Selbstverständlich bedarf es auch noch dem Eintrag in der rc.conf, um Anzuzeigen, dass plone gestartet werden soll kann.
echo 'plone_enable="YES"' >> /etc/rc.conf
Eigentlich ist die Datei für rc.d relativ simpel. (Der Bezug sind die komplexen Varianten, die rc.d und entsprechende Dateien mit sich brinken können.)
- /usr/local/Plone/zinstance/bin/plonectl ist die Stelle und Datei zur Verwaltung des Betriebes von Plone. (Woher die Auswahl dieses Stelle stammt ist nicht näher bekannt.)
- Bei der Entfernung der Auskommentierung bei #: ${plone_enable:="NO"} würde Plone nicht zu Starten der Jail selbst starten. Jedoch wären aber noch alle anderen gewünschten Funktionalitäten von rc.d verfügbar.
- Folgende Befehle sind nun mittels rc.d verfügbar:
service plone stop
- Stoppen von Plone
service plone stauts
- Status von Plone ausgeben lassen
service plone start
- Starten von Plone
service plone restart
- Neustarten von Plone
- .
Läuft!
Siehe auch
SRS19
- FSRs
Ports
installierte Ports
- atk
- autoconf
- autoconf-wrapper
- automake
- automake-wrapper
- bdftopcf
- bigreqsproto
- bison
- bitstream-vera
- ca_root_nss
- cairo
- cmake
- cmake-modules
- compositeproto
- curl
- cvsps
- damageproto
- db41
- dejavu
- dialog4ports
- emacs-nox11
- encodings
- expat
- fixesproto
- font-bh-ttf
- font-misc-ethiopic
- font-misc-meltho
- font-util
- fontconfig
- fontsproto
- freetype2
- gamin
- gdbm
- gdk-pixbuf2
- gettext
- gio-fam-backend
- git
- glib
- gmake
- gnomehier
- gobject-introspection
- help2man
- inputproto
- jasper
- jbigkit
- jpeg
- kbproto
- libICE
- libSM
- libX11
- libXau
- libXcomposite
- libXcursor
- libXdamage
- libXdmcp
- libXext
- libXfixes
- libXfont
- libXi
- libXinerama
- libXrandr
- libXrender
- libXt
- libcheck
- libevent
- libevent2
- libexecinfo
- libffi
- libfontenc
- libgcrypt
- libgpg-error
- libiconv
- libidn
- libpthread-stubs
- libsigsegv
- libtool
- libxcb
- libxml2
- libxslt
- libyaml
- lynx
- m4
- mkfontdir
- mkfontscale
- nano
- p5-Error
- p5-ExtUtils-Constant
- p5-IO-Socket-IP
- p5-IO-Socket-SSL
- p5-Locale-gettext
- p5-Net-SMTP-SSL
- p5-Net-SSLeay
- p5-Socket
- pango
- pcre
- perl-threaded
- pixman
- pkgconf
- png
- portaudit
- portupgrade
- py27-wikitools
- python27
- python33
- randrproto
- renderproto
- ruby
- ruby18-bdb
- ruby19-bdb
- ruby19-date2
- tiff
- tmux
- unzip
- vim-lite
- wget
- xcb-proto
- xcb-util
- xcb-util-renderutil
- xcmiscproto
- xextproto
- xf86bigfontproto
- xineramaproto
- xorg-fonts-truetype
- xorg-macros
- xproto
- xtrans
- zsh
konfigurierte Ports
ca_root_nss
OPTIONS_FILE_UNSET+=ETCSYMLINK
freetype2
OPTIONS_FILE_UNSET+=CFF_HINTING_ADOBE OPTIONS_FILE_UNSET+=LCD_FILTERING
libcheck
OPTIONS_FILE_SET+=DOCS OPTIONS_FILE_SET+=EXAMPLES
libxml2
OPTIONS_FILE_UNSET+=MEM_DEBUG OPTIONS_FILE_SET+=SCHEMA OPTIONS_FILE_SET+=THREADS OPTIONS_FILE_UNSET+=THREAD_ALLOC OPTIONS_FILE_UNSET+=XMLLINT_HIST
libxslt
OPTIONS_FILE_SET+=CRYPTO OPTIONS_FILE_UNSET+=MEM_DEBUG
png
OPTIONS_FILE_SET+=APNG
python27
OPTIONS_FILE_SET+=EXAMPLES OPTIONS_FILE_UNSET+=FPECTL OPTIONS_FILE_SET+=IPV6 OPTIONS_FILE_SET+=NLS OPTIONS_FILE_UNSET+=PTH OPTIONS_FILE_SET+=PYMALLOC OPTIONS_FILE_UNSET+=SEM OPTIONS_FILE_SET+=THREADS OPTIONS_FILE_UNSET+=UCS2 OPTIONS_FILE_SET+=UCS4
ruby18-bdb
OPTIONS_FILE_SET+=DOCS OPTIONS_FILE_UNSET+=EXAMPLES
zusätzliche Konfigurationsdateien
Konfiguration der Programme
nginx
nginx.conf
lies: http://elasticdog.com/2008/02/howto-install-wordpress-on-nginx/
sudo
/usr/local/etc/sudoers
…
## Uncomment to allow members of group wheel to execute any command
# %wheel ALL=(ALL) ALL
%<username> ALL=(ALL) ALL
%<username> ALL=(ALL) ALL
…
Siehe auch
SRS20
- WEITERLEITUNG StuRa:Server/SRS20/2016
SRS28
Auf die Schnelle:
- Jail, die auf srs2342 (mit veraltetem FreeBSD)
- ist nicht in Betrieb
- diente für das hosting von Websites zu Projekten, auch mit anderen StuRä
Ports
installierte Ports
- atk
- autoconf
- autoconf-wrapper
- automake
- automake-wrapper
- bdftopcf
- bigreqsproto
- bison
- bitstream-vera
- ca_root_nss
- cairo
- cmake
- cmake-modules
- compositeproto
- curl
- cvsps
- damageproto
- db41
- dejavu
- dialog4ports
- emacs-nox11
- encodings
- expat
- fixesproto
- font-bh-ttf
- font-misc-ethiopic
- font-misc-meltho
- font-util
- fontconfig
- fontsproto
- freetype2
- gamin
- gdbm
- gdk-pixbuf2
- gettext
- gio-fam-backend
- git
- glib
- gmake
- gnomehier
- gobject-introspection
- help2man
- inputproto
- jasper
- jbigkit
- jpeg
- kbproto
- libICE
- libSM
- libX11
- libXau
- libXcomposite
- libXcursor
- libXdamage
- libXdmcp
- libXext
- libXfixes
- libXfont
- libXi
- libXinerama
- libXrandr
- libXrender
- libXt
- libcheck
- libevent
- libevent2
- libexecinfo
- libffi
- libfontenc
- libgcrypt
- libgpg-error
- libiconv
- libidn
- libpthread-stubs
- libsigsegv
- libtool
- libxcb
- libxml2
- libxslt
- libyaml
- lynx
- m4
- mkfontdir
- mkfontscale
- nano
- p5-Error
- p5-ExtUtils-Constant
- p5-IO-Socket-IP
- p5-IO-Socket-SSL
- p5-Locale-gettext
- p5-Net-SMTP-SSL
- p5-Net-SSLeay
- p5-Socket
- pango
- pcre
- perl-threaded
- pixman
- pkgconf
- png
- portaudit
- portupgrade
- py27-wikitools
- python27
- python33
- randrproto
- renderproto
- ruby
- ruby
- ruby18-bdb
- ruby19-bdb
- ruby19-date2
- tiff
- tmux
- unzip
- vim-lite
- wget
- xcb-proto
- xcb-util
- xcb-util-renderutil
- xcmiscproto
- xextproto
- xf86bigfontproto
- xineramaproto
- xorg-fonts-truetype
- xorg-macros
- xproto
- xtrans
- zsh
konfigurierte Ports
ca_root_nss
OPTIONS_FILE_UNSET+=ETCSYMLINK
freetype2
OPTIONS_FILE_UNSET+=CFF_HINTING_ADOBE OPTIONS_FILE_UNSET+=LCD_FILTERING
libcheck
OPTIONS_FILE_SET+=DOCS OPTIONS_FILE_SET+=EXAMPLES
libxml2
OPTIONS_FILE_UNSET+=MEM_DEBUG OPTIONS_FILE_SET+=SCHEMA OPTIONS_FILE_SET+=THREADS OPTIONS_FILE_UNSET+=THREAD_ALLOC OPTIONS_FILE_UNSET+=XMLLINT_HIST
libxslt
OPTIONS_FILE_SET+=CRYPTO OPTIONS_FILE_UNSET+=MEM_DEBUG
png
OPTIONS_FILE_SET+=APNG
python27
OPTIONS_FILE_SET+=EXAMPLES OPTIONS_FILE_UNSET+=FPECTL OPTIONS_FILE_SET+=IPV6 OPTIONS_FILE_SET+=NLS OPTIONS_FILE_UNSET+=PTH OPTIONS_FILE_SET+=PYMALLOC OPTIONS_FILE_UNSET+=SEM OPTIONS_FILE_SET+=THREADS OPTIONS_FILE_UNSET+=UCS2 OPTIONS_FILE_SET+=UCS4
ruby18-bdb
OPTIONS_FILE_SET+=DOCS OPTIONS_FILE_UNSET+=EXAMPLES
zusätzliche Konfigurationsdateien
Jail
/etc/rc.conf
apache22_enable="YES"
sshd_enable="YES"
Konfiguration der Programme
apache
httpd.conf
…
LoadModule php5_module libexec/apache22/libphp5.so
<IfModule php5_module>
DirectoryIndex index.php index.php5 index.html
AddType application/x-httpd-php .php
AddType application/x-httpd-php-source .phps
</IfModule>
…
ServerAdmin <admin[at]domain.tld>
…
ServerName <Jail-IP>
…
DocumentRoot "/usr/local/www/data"
…
<Directory "/usr/local/www/data/website">
#
# Possible values for the Options directive are "None", "All",
# or any combination of:
# Indexes Includes FollowSymLinks SymLinksifOwnerMatch ExecCGI MultiViews
#
# Note that "MultiViews" must be named *explicitly* --- "Options All"
# doesn't give it to you.
#
# The Options directive is both complicated and important. Please see
# http://httpd.apache.org/docs/2.2/mod/core.html#options
# for more information.
#
Options Indexes FollowSymLinks
DirectoryIndex index.php index.php5 index.html
#
# AllowOverride controls what directives may be placed in .htaccess files.
# It can be "All", "None", or any combination of the keywords:
# Options FileInfo AuthConfig Limit
#
AllowOverride All
#
# Controls who can get stuff from this server.
#
Order allow,deny
Allow from all
</Directory>
…
sshd
sshd_config
…
Port <PORTNUMMER>
…
ListenAddress 0.0.0.0
…
LoginGraceTime 1m
PermitRootLogin no
StrictModes yes
MaxAuthTries 3
MaxSessions 4
AllowUsers <die mit der richtigen permisse> #nur durch leerzeichen trennen
…
Match User <Username>
ChrootDirectory /usr/local/www/data
ForceCommand internal-sftp
AllowTcpForwarding no
X11Forwarding no
…
Siehe auch
- Der Artikel Server/SRS1337/Jails dient der dokumentarischen Sammlung aller Jails, welche auf der dicken Berta angelegt sind.
Standart Ports und Konfiguration der Jail
- Standartports sind mit Hilfe des
startup.sh
-Scriptes installiert worden.
help2man
OPTIONS_FILE_SET+=NLS
libiconv
OPTIONS_FILE_SET+=ENCODINGS
OPTIONS_FILE_UNSET+=PATCHES
m4
OPTIONS_FILE_SET+=LIBSIGSEGV
pcre
OPTIONS_FILE_SET+=STACK_RECURSION
perl
OPTIONS_FILE_SET+=DEBUG
OPTIONS_FILE_SET+=GDBM
OPTIONS_FILE_SET+=MULTIPLICITY
OPTIONS_FILE_SET+=PERL_64BITINT
OPTIONS_FILE_SET+=PERL_MALLOC
OPTIONS_FILE_SET+=PTHREAD
OPTIONS_FILE_UNSET+=SITECUSTOMIZE
OPTIONS_FILE_SET+=THREADS
OPTIONS_FILE_SET+=USE_PERL
portupgrade
OPTIONS_FILE_SET+=DOCS
ruby
OPTIONS_FILE_SET+=DEBUG
OPTIONS_FILE_UNSET+=ONIGURUMA
OPTIONS_FILE_SET+=RDOC
zsh
OPTIONS_FILE_SET+=DEBUG
OPTIONS_FILE_SET+=DOCS
OPTIONS_FILE_SET+=EXAMPLES
OPTIONS_FILE_SET+=GDBM
OPTIONS_FILE_SET+=MAILDIR
OPTIONS_FILE_SET+=MEM
OPTIONS_FILE_SET+=MULTIBYTE
OPTIONS_FILE_SET+=PCRE
OPTIONS_FILE_SET+=SECURE_FREE
OPTIONS_FILE_UNSET+=STATIC
SRS16
Ports
installierte Ports
- apr
- asciidoc
- atk
- autoconf
- autoconf-wrapper
- automake
- automake-wrapper
- bdftopcf
- bigreqsproto
- bison
- bitstream-vera
- boehm-gc+fulldebug
- bsdadminscripts
- ca_root_nss
- cairo
- cmake
- cmake-modules
- compositeproto
- curl
- cvsps
- damageproto
- db41
- db42
- dejavu
- dialog4ports
- docbook
- docbook-sk
- docbook-xml
- docbook-xsl
- encodings
- expat
- fixesproto
- font-bh-ttf
- font-misc-ethiopic
- font-misc-meltho
- font-util
- fontconfig
- fontsproto
- freetype2
- gamin
- gdbm
- gdk-pixbuf2
- getopt
- gettext
- gio-fam-backend
- git
- glib
- gmake
- gnomehier
- gobject-introspection
- gtk
- gtk-update-icon-cache
- help2man
- hicolor-icon-theme
- icu
- inputproto
- intltool
- iso8879
- jasper
- jbigkit
- jpeg
- kbproto
- libICE
- libSM
- libX11
- libXau
- libXcomposite
- libXcursor
- libXdamage
- libXdmcp
- libXext
- libXfixes
- libXfont
- libXft
- libXi
- libXinerama
- libXrandr
- libXrender
- libXt
- libcheck
- libevent
- libevent2
- libexecinfo
- libffi
- libfontenc
- libgcrypt
- libgpg-error
- libiconv
- libpaper
- libpthread-stubs
- libsigsegv
- libssh2
- libtool
- libxcb
- libxml2
- libxslt
- libyaml
- lynx
- m4
- mkfontdir
- mkfontscale
- neon29
- p5-Error
- p5-IO-Socket-IP
- p5-IO-Socket-SSL
- p5-Locale-gettext
- p5-Net-SMTP-SSL
- p5-Net-SSLeay
- p5-Socket
- p5-Term-ReadKey
- p5-URI
- p5-XML-Parser
- p5-subversion
- pango
- pcre
- perl-threaded
- pixman
- pkgconf
- png
- portaudit
- portupgrade
- python27
- python33
- randrproto
- renderproto
- ruby
- ruby18-bdb
- ruby19-bdb
- ruby19-date2
- shared-mime-info
- sqlite3
- subversion
- tiff
- tmux
- unzip
- vim-lite
- w3m
- xcb-proto
- xcb-util
- xcb-util-renderutil
- xcmiscproto
- xextproto
- xf86bigfontproto
- xineramaproto
- xmlcatmgr
- xmlcharent
- xmlto
- xorg-fonts-truetype
- xorg-macros
- xproto
- xtrans
- zsh
konfigurierte Ports
apr
OPTIONS_FILE_SET+=SSL OPTIONS_FILE_SET+=THREADS OPTIONS_FILE_SET+=IPV6 OPTIONS_FILE_SET+=DEVRANDOM OPTIONS_FILE_SET+=BDB OPTIONS_FILE_SET+=GDBM OPTIONS_FILE_UNSET+=LDAP OPTIONS_FILE_UNSET+=MYSQL OPTIONS_FILE_UNSET+=NDBM OPTIONS_FILE_UNSET+=PGSQL OPTIONS_FILE_UNSET+=SQLITE OPTIONS_FILE_UNSET+=FREETDS
python27
OPTIONS_FILE_UNSET+=EXAMPLES OPTIONS_FILE_UNSET+=FPECTL OPTIONS_FILE_SET+=IPV6 OPTIONS_FILE_SET+=NLS OPTIONS_FILE_UNSET+=PTH OPTIONS_FILE_SET+=PYMALLOC OPTIONS_FILE_UNSET+=SEM OPTIONS_FILE_SET+=THREADS OPTIONS_FILE_UNSET+=UCS2 OPTIONS_FILE_SET+=UCS4
SRS17
Ports
installierte Ports
- apr
- asciidoc
- atk
- autoconf
- autoconf-wrapper
- automake
- automake-wrapper
- bash
- bdftopcf
- bigreqsproto
- bison
- bitstream-vera
- boehm-gc+fulldebug
- bsdadminscripts
- ca_root_nss
- cairo
- cmake
- cmake-modules
- compositeproto
- curl
- cvsps
- damageproto
- db41
- db42
- dejavu
- dialog4ports
- docbook
- docbook-sk
- docbook-xml
- docbook-xsl
- encodings
- expat
- fixesproto
- font-bh-ttf
- font-misc-ethiopic
- font-misc-meltho
- font-util
- fontconfig
- fontsproto
- freetype2
- gamin
- gdbm
- gdk-pixbuf2
- getopt
- gettext
- gio-fam-backend
- git
- glib
- gmake
- gnomehier
- gobject-introspection
- gtk
- gtk-update-icon-cache
- help2man
- hicolor-icon-theme
- icu
- inputproto
- intltool
- iso8879
- jasper
- jbigkit
- jpeg
- kbproto
- libICE
- libSM
- libX11
- libXau
- libXcomposite
- libXcursor
- libXdamage
- libXdmcp
- libXext
- libXfixes
- libXfont
- libXft
- libXi
- libXinerama
- libXrandr
- libXrender
- libXt
- libcheck
- libevent
- libevent2
- libexecinfo
- libffi
- libfontenc
- libgcrypt
- libgpg-error
- libiconv
- libpaper
- libpthread-stubs
- libsigsegv
- libssh2
- libtool
- libxcb
- libxml2
- libxslt
- libyaml
- lynx
- m4
- mkfontdir
- mkfontscale
- neon29
- p5-Error
- p5-IO-Socket-IP
- p5-IO-Socket-SSL
- p5-Locale-gettext
- p5-Net-SMTP-SSL
- p5-Net-SSLeay
- p5-Socket
- p5-Term-ReadKey
- p5-URI
- p5-XML-Parser
- p5-subversion
- pango
- pcre
- perl-threaded
- pixman
- pkgconf
- png
- portaudit
- portupgrade
- python27
- python33
- randrproto
- renderproto
- ruby
- ruby18-bdb
- ruby19-bdb
- ruby19-date2
- shared-mime-info
- sqlite3
- subversion
- tiff
- tmux
- unzip
- vim-lite
- w3m
- xcb-proto
- xcb-util
- xcb-util-renderutil
- xcmiscproto
- xextproto
- xf86bigfontproto
- xineramaproto
- xmlcatmgr
- xmlcharent
- xmlto
- xorg-fonts-truetype
- xorg-macros
- xproto
- xtrans
- zsh
konfigurierte Ports
icu
OPTIONS_FILE_SET+=THREADS
libxml2
OPTIONS_FILE_UNSET+=MEM_DEBUG OPTIONS_FILE_SET+=SCHEMA OPTIONS_FILE_SET+=THREADS OPTIONS_FILE_UNSET+=THREAD_ALLOC OPTIONS_FILE_UNSET+=XMLLINT_HIST
zusätzliche Konfigurationsdateien
Jail
/etc/rc.conf
sshd_enable="YES"
ejabberd_enable="YES"
/etc/ssh/sshd_config
…
ListenAddress 141.56.50.17
…
PasswordAuthentication no
…
UsePAM no
…
Konfiguration der Programme
/usr/local/etc/ejabberd/ejabberd.cfg
...
{loglevel, 3}.
...
{watchdog_admins, ["foo@srs17.stura.htw-dresden.de", "bar@srs17.stura.htw-dresden.de"]}.
...
{hosts, ["srs17.stura.htw-dresden.de"]}.
...
starttls, {certfile, "/root/ejabberd.pem"},
starttls_required,
...
%%captcha,
%%http_bind,
%%http_poll,
...
{s2s_use_starttls, required}.
...
{s2s_certfile, "/root/ejabberd.pem"}.
...
{acl, admin, {user, "foo", "srs17.stura.htw-dresden.de"}}.
{acl, admin, {user, "bar", "srs17.stura.htw-dresden.de"}}.
...
{acl, blocked, {user, "test"}}.
{acl, blocked, {user, "root"}}.
{acl, blocked, {user, "r00t"}}.
{acl, blocked, {user, "r0ot"}}.
{acl, blocked, {user, "ro0t"}}.
{acl, blocked, {user, "adm1n"}}.
{acl, blocked, {user, "admin"}}.
{acl, blocked, {user, "kss"}}.
{acl, blocked, {user, "administrator"}}.
{acl, blocked, {user, "administrat0r"}}.
{acl, blocked, {user, "adm1n1strat0r"}}.
{acl, blocked, {user, "adm1nistrat0r"}}.
{acl, blocked, {user, "admin1strat0r"}}.
{acl, blocked, {user, "adm1nistrator"}}.
{acl, blocked, {user, "admin1strator"}}.
...
{access, max_user_sessions, [{2, all}]}.
...
{language, "de"}.
...
%%{mod_irc, []},
...
%%{mod_pubsub, [
%%{access_createnode, pubsub_createnode},
%%{ignore_pep_from_offline, true}, % reduces resource comsumption, but XEP incompliant
...
%%{last_item_cache, false},
%%{plugins, ["flat", "hometree", "pep"]} % pep requires mod_caps
%%]},
...
{registration_watchers, ["foo@srs17.stura.htw-dresden.de", "bar@srs17.stura.htw-dresden.de"]},
...
{ip_access, [
{allow, "0.0.0.0/8"}
%%{allow, "127.0.0.0/8"},
%%{deny, "0.0.0.0/0"}
]},
...