deprecated/e-smith-base
6
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

initial commit of file from CVS for e-smith-base on Thu 26 Oct 11:24:52 BST 2023

Browse Source
This commit is contained in:
Brian Read
2023-10-26 11:24:52 +01:00
parent bbc22988a8
commit 9510d1a360
678 changed files with 22721 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
root/etc/e-smith/templates/etc/HOSTNAME/50hostname Normal file
View File

@@ -0,0 +1 @@
{ $SystemName }

3
root/etc/e-smith/templates/etc/cpu.conf/00header Normal file
View File

@@ -0,0 +1,3 @@
[GLOBAL]
DEFAULT_METHOD = ldap

4
root/etc/e-smith/templates/etc/cpu.conf/05ldap Normal file
View File

@@ -0,0 +1,4 @@
[LDAP]
LDAP_HOST = localhost
LDAP_PORT = 389

2
root/etc/e-smith/templates/etc/cpu.conf/10bindpw Normal file
View File

@@ -0,0 +1,2 @@
BIND_DN = "cn=root,{ esmith::util::ldapBase ($DomainName); }"
BIND_PASS = { esmith::util::LdapPassword (); }

10
root/etc/e-smith/templates/etc/cpu.conf/15defaultObjectClass Normal file
View File

@@ -0,0 +1,10 @@
{
our @userObjectClass = qw(inetOrgPerson posixAccount shadowAccount);
our @systemUserObjectClass =qw(account posixAccount shadowAccount);
our @groupObjectClass = qw(posixGroup mailboxRelatedObject);
our @systemGroupObjectClass = qw(posixGroup);
$OUT .= "";
}

15
root/etc/e-smith/templates/etc/cpu.conf/20objectClass Normal file
View File

@@ -0,0 +1,15 @@
{
if ($ACCOUNT eq 'system'){
$OUT .= "USER_OBJECT_CLASS = " . join(",",@systemUserObjectClass) . "\n";
$OUT .= "GROUP_OBJECT_CLASS = " . join(",",@systemGroupObjectClass) . "\n";
}
else{
$OUT .= "USER_OBJECT_CLASS = " . join(",",@userObjectClass) . "\n";
$OUT .= "GROUP_OBJECT_CLASS = " . join(",",@groupObjectClass) . "\n";
}
$OUT .= "USER_BASE = ou=Users," . esmith::util::ldapBase ($DomainName) . "\n";
$OUT .= "GROUP_BASE = ou=Groups," . esmith::util::ldapBase ($DomainName) ."\n";
}

2
root/etc/e-smith/templates/etc/cpu.conf/25filter Normal file
View File

@@ -0,0 +1,2 @@
USER_FILTER = (objectClass=posixAccount)
GROUP_FILTER = (objectClass=posixGroup)

2
root/etc/e-smith/templates/etc/cpu.conf/30cnString Normal file
View File

@@ -0,0 +1,2 @@
USER_CN_STRING = uid
GROUP_CN_STRING = cn

1
root/etc/e-smith/templates/etc/cpu.conf/35skel Normal file
View File

@@ -0,0 +1 @@
SKEL_DIR = /etc/e-smith/skel/user

1
root/etc/e-smith/templates/etc/cpu.conf/40shell Normal file
View File

@@ -0,0 +1 @@
DEFAULT_SHELL = /usr/bin/rssh

1
root/etc/e-smith/templates/etc/cpu.conf/45homeDir Normal file
View File

@@ -0,0 +1 @@
HOME_DIRECTORY = /home/e-smith/files/users

8
root/etc/e-smith/templates/etc/cpu.conf/50uidGid Normal file
View File

@@ -0,0 +1,8 @@
MAX_UIDNUMBER = 10000
MIN_UIDNUMBER = 100
MAX_GIDNUMBER = 10000
MIN_GIDNUMBER = 101
ID_MAX_PASSES = 1000
USERGROUPS = yes
USERS_GID = 100
RANDOM = "false"

2
root/etc/e-smith/templates/etc/cpu.conf/55passwdShadow Normal file
View File

@@ -0,0 +1,2 @@
PASSWORD_FILE = "/etc/passfile"
SHADOW_FILE = "/etc/shadowfile"

1
root/etc/e-smith/templates/etc/cpu.conf/60hash Normal file
View File

@@ -0,0 +1 @@
HASH = "crypt"

7
root/etc/e-smith/templates/etc/cpu.conf/65shadow Normal file
View File

@@ -0,0 +1,7 @@
SHADOWLASTCHANGE = 11192
SHADOWMAX = 99999
SHADOWWARING = 7
SHADOWEXPIRE = -1
SHADOWFLAG = 134538308
SHADOWMIN = -1
SHADOWINACTIVE = -1

4
root/etc/e-smith/templates/etc/crontab/00setup Normal file
View File

@@ -0,0 +1,4 @@
SHELL=/bin/bash
PATH=/sbin:/bin:/usr/sbin:/usr/bin
MAILTO=root

18
root/etc/e-smith/templates/etc/crontab/65_logrotate Normal file
View File

@@ -0,0 +1,18 @@
{
my $interval = $logrotate{"interval"} || "7";
$OUT = "";
# Add cron rules to do custom log rotation
# Just for now, do it each morning. Add logic here if we want
# to be able to tune the frequency
my $minute = 12;
my $hour = 01;
my $day = "*/$interval";
$OUT .= "# logrotate\n";
$OUT .= "$minute $hour $day * * root\t";
$OUT .= "/sbin/e-smith/signal-event logrotate\n";
}

6
root/etc/e-smith/templates/etc/dhcp/dhcpd.conf/10Base Normal file
View File

@@ -0,0 +1,6 @@
#
# DHCP Server Configuration file.
# see /usr/share/doc/dhcp*/dhcpd.conf.sample
# see 'man 5 dhcpd.conf'
#
# The dhcpd configuration file is located at /etc/dhcpd.conf

1
root/etc/e-smith/templates/etc/dhcpc/dhcpcd.exe/template-begin Symbolic link
View File

@@ -0,0 +1 @@
/etc/e-smith/templates-default/template-begin-shell

6
root/etc/e-smith/templates/etc/dhcpd.conf/02setupRange Normal file
View File

@@ -0,0 +1,6 @@
{
# Setup start and end of Dynamic IP range.
$startDynamicIPRange = $dhcpd{'start'};
$endDynamicIPRange = $dhcpd{'end'};
"";
}

5
root/etc/e-smith/templates/etc/dhcpd.conf/02setupWinsServer Normal file
View File

@@ -0,0 +1,5 @@
{
$DHCP_WINSServer = $DB->wins_server;
"";
}

1
root/etc/e-smith/templates/etc/dhcpd.conf/10Authoritative Normal file
View File

@@ -0,0 +1 @@
authoritative;

1
root/etc/e-smith/templates/etc/dhcpd.conf/10DDNS-Update-Style Normal file
View File

@@ -0,0 +1 @@
ddns-update-style none;

8
root/etc/e-smith/templates/etc/dhcpd.conf/20BeginLocalSubnet Normal file
View File

@@ -0,0 +1,8 @@
{
my $ipaddrBits = esmith::util::IPquadToAddr ($LocalIP);
my $netmaskBits = esmith::util::IPquadToAddr ($LocalNetmask);
local $network = esmith::util::IPaddrToQuad ($ipaddrBits & $netmaskBits);
$OUT .= "subnet $network netmask $LocalNetmask\n\{";
}

8
root/etc/e-smith/templates/etc/dhcpd.conf/25Broadcast Normal file
View File

@@ -0,0 +1,8 @@
{
my $ipaddrBits = esmith::util::IPquadToAddr ($LocalIP);
my $netmaskBits = esmith::util::IPquadToAddr ($LocalNetmask);
local $broadcast = esmith::util::IPaddrToQuad ($ipaddrBits | (~ $netmaskBits));
$OUT .= " option broadcast-address $broadcast;";
}

4
root/etc/e-smith/templates/etc/dhcpd.conf/25DenyBootp Normal file
View File

@@ -0,0 +1,4 @@
{
my $bootp = $dhcpd{'Bootp'} || 'deny';
$OUT = "$bootp bootp;";
}

3
root/etc/e-smith/templates/etc/dhcpd.conf/25DomainName Normal file
View File

@@ -0,0 +1,3 @@
{
$OUT .= " option domain-name \"$DomainName\";";
}

17
root/etc/e-smith/templates/etc/dhcpd.conf/25DomainNameServers Normal file
View File

@@ -0,0 +1,17 @@
{
my @dnsserv;
my $dnscustom = $DB->get_prop('dhcpd', 'dnscustom') || 'disabled';
if ( $dnscustom eq 'enabled') {
push @dnsserv,$DB->get_prop('dhcpd', 'dns1server') if $DB->get_prop('dhcpd', 'dns1server') && $DB->get_prop('dhcpd', 'dns1server') ne "";
push @dnsserv,$DB->get_prop('dhcpd', 'dns2server') if $DB->get_prop('dhcpd', 'dns2server') && $DB->get_prop('dhcpd', 'dns2server') ne "";
push @dnsserv,$DB->get_prop('dhcpd', 'dns3server') if $DB->get_prop('dhcpd', 'dns3server') && $DB->get_prop('dhcpd', 'dns3server') ne "";
}
# force our own dhcp server unless there is already 2 or more
push @dnsserv,$LocalIP unless ( scalar(@dnsserv) >=2) ;
# remove duplicates, so you can put twice the same to avoid our own dhcp server
# most clients support up to 3 dns server or ignore the third one
@dnsserv= do { my %seen; grep { !$seen{$_}++ } @dnsserv};
$OUT = " option domain-name-servers ". join(",", @dnsserv) .";";
}

1
root/etc/e-smith/templates/etc/dhcpd.conf/25LeaseTimeDefault Normal file
View File

@@ -0,0 +1 @@
default-lease-time { $DB->get_prop('dhcpd', 'leasetime') || 86400 };

1
root/etc/e-smith/templates/etc/dhcpd.conf/25LeaseTimeMax Normal file
View File

@@ -0,0 +1 @@
max-lease-time { 7*($DB->get_prop('dhcpd', 'leasetime') || 86400) };

5
root/etc/e-smith/templates/etc/dhcpd.conf/25NetbiosDDServer Normal file
View File

@@ -0,0 +1,5 @@
{
return "" unless $DHCP_WINSServer;
return " option netbios-dd-server $DHCP_WINSServer;";
}

5
root/etc/e-smith/templates/etc/dhcpd.conf/25NetbiosNameServers Normal file
View File

@@ -0,0 +1,5 @@
{
return "" unless $DHCP_WINSServer;
return " option netbios-name-servers $DHCP_WINSServer;";
}

7
root/etc/e-smith/templates/etc/dhcpd.conf/25NetbiosNodeType Normal file
View File

@@ -0,0 +1,7 @@
{
my $server_role = $smb{ServerRole} || 'WS';
return "" unless $server_role =~ m{^(PDC|ADS)$};
return " option netbios-node-type 8;";
}

1
root/etc/e-smith/templates/etc/dhcpd.conf/25Netmask Normal file
View File

@@ -0,0 +1 @@
option subnet-mask { $LocalNetmask };

3
root/etc/e-smith/templates/etc/dhcpd.conf/25Range Normal file
View File

@@ -0,0 +1,3 @@
{
$OUT .= " range $startDynamicIPRange $endDynamicIPRange;";
}

21
root/etc/e-smith/templates/etc/dhcpd.conf/25Routers Normal file
View File

@@ -0,0 +1,21 @@
{
my $dhcpgatewaycustom = $DB->get_prop('dhcpd', 'gatewaycustom');
my $dhcpgateway= $DB->get_prop('dhcpd', 'gateway')||'disabled';
if ($dhcpgatewaycustom eq 'enabled')
{
$OUT .= " option routers $dhcpgateway;";
}
else
{
my $router = (defined $SystemMode && $SystemMode =~ /servergateway/)
? $LocalIP :
defined $GatewayIP ? $GatewayIP : undef;
$OUT = "";
if ($router)
{
$OUT .= " option routers $router;";
}
}
}

1
root/etc/e-smith/templates/etc/dhcpd.conf/29EndLocalSubnet Normal file
View File

@@ -0,0 +1 @@
\}

1
root/etc/e-smith/templates/etc/diald.conf/accounting-log Normal file
View File

@@ -0,0 +1 @@
accounting-log /var/log/diald/accounting.log

13
root/etc/e-smith/templates/etc/diald.conf/connect Normal file
View File

@@ -0,0 +1,13 @@
{
my $isdn = $isdn{'status'} || "disabled";
my $sync = $isdn{'UseSyncPPP'} || "yes";
if ($isdn eq "enabled" && $sync eq "yes")
{
$OUT = "connect /etc/diald/scripts/connect";
}
else
{
$OUT = 'connect "/usr/sbin/chat -v -f ' .
'/etc/sysconfig/network-scripts/chat-ppp0"';
}
}

1
root/etc/e-smith/templates/etc/diald.conf/connect-timeout Normal file
View File

@@ -0,0 +1 @@
connect-timeout 90

12
root/etc/e-smith/templates/etc/diald.conf/device Normal file
View File

@@ -0,0 +1,12 @@
device {
my $isdn = $isdn{'status'} || "disabled";
if ($isdn eq "enabled")
{
my $sync = $isdn{'UseSyncPPP'} || "yes";
$OUT = ($sync eq "yes") ? "ippp0" : "$DialupModemDevice";
}
else
{
$OUT = "$DialupModemDevice";
}
}

6
root/etc/e-smith/templates/etc/diald.conf/dial-fail-limit Normal file
View File

@@ -0,0 +1,6 @@
{
my $faillimit = $diald{DialFailLimit};
$OUT = defined $faillimit ?
"dial-fail-limit $faillimit" :
"#dial-fail-limit/diald{DialFailLimit} is not defined";
}

9
root/etc/e-smith/templates/etc/diald.conf/disconnect Normal file
View File

@@ -0,0 +1,9 @@
{
$OUT = "";
my $isdn = $isdn{'status'} || "disabled";
my $sync = $isdn{'UseSyncPPP'} || "yes";
if ($isdn eq "enabled" && $sync eq "yes")
{
$OUT = "disconnect /etc/diald/scripts/disconnect";
}
}

1
root/etc/e-smith/templates/etc/diald.conf/fifo Normal file
View File

@@ -0,0 +1 @@
fifo /etc/diald/diald.ctl

1
root/etc/e-smith/templates/etc/diald.conf/filter Normal file
View File

@@ -0,0 +1 @@
include /etc/diald.filter

1
root/etc/e-smith/templates/etc/diald.conf/linkname Normal file
View File

@@ -0,0 +1 @@
linkname "default"

1
root/etc/e-smith/templates/etc/diald.conf/local Normal file
View File

@@ -0,0 +1 @@
local { $LocalIP }

11
root/etc/e-smith/templates/etc/diald.conf/options Normal file
View File

@@ -0,0 +1,11 @@
{
my $isdn = $isdn{'status'} || "disabled";
my $sync = $isdn{'UseSyncPPP'} || "yes";
$OUT .= ($isdn eq "enabled" && $sync eq "yes") ?
"mode dev" : "mode ppp";
}
modem
lock
crtscts
dynamic
defaultroute

18
root/etc/e-smith/templates/etc/diald.conf/pppd-options Normal file
View File

@@ -0,0 +1,18 @@
{
$OUT = "";
my $isdn = $isdn{'status'} || "disabled";
my $sync = $isdn{'UseSyncPPP'} || "yes";
return if ($isdn eq "enabled" && $sync eq "yes");
$OUT .= "pppd-options name \"$DialupUserAccount\" noauth noipdefault ";
if ($DialupModemDevice eq '/dev/ttyI0')
{
$OUT .= "sync ";
}
my $debug = $diald{debug} || $diald{Debug} || "no";
if ($debug eq "yes")
{
$OUT .= "debug ";
}
$OUT .= "ipparam diald";
}

1
root/etc/e-smith/templates/etc/diald.conf/redial-backoff-limit Normal file
View File

@@ -0,0 +1 @@
redial-backoff-limit { $diald{RedialBackoffLimit} || "21600" }

1
root/etc/e-smith/templates/etc/diald.conf/redial-backoff-start Normal file
View File

@@ -0,0 +1 @@
redial-backoff-start { $diald{RedialBackoffStart} || "3" }

1
root/etc/e-smith/templates/etc/diald.conf/redial-timeout Normal file
View File

@@ -0,0 +1 @@
redial-timeout { $diald{RedialTimeout} || "10" }

1
root/etc/e-smith/templates/etc/diald.conf/remote Normal file
View File

@@ -0,0 +1 @@
remote 0.0.0.0

1
root/etc/e-smith/templates/etc/diald.conf/retry-count Normal file
View File

@@ -0,0 +1 @@
retry-count 3

1
root/etc/e-smith/templates/etc/diald.conf/speed Normal file
View File

@@ -0,0 +1 @@
speed 115200

174
root/etc/e-smith/templates/etc/diald.filter/20office Normal file
View File

@@ -0,0 +1,174 @@
{
my $policy = $DialupConnOffice;
$OUT .= "\n";
$OUT .= "#------------------------------------------------------------\n";
$OUT .= "# Use \"$policy\" connect policy during office ";
$OUT .= "hours on weekdays\n";
$OUT .= "#------------------------------------------------------------\n";
$OUT .= "\n";
$OUT .= "restrict 8:00:00 17:59:59 1-5 * *\n";
$OUT .= "\n";
if ($policy eq 'continuous')
{
$OUT .= "up\n";
}
elsif ($policy eq 'never')
{
$OUT .= "down\n";
}
else
{
#--------------------------------------------------
# "short" policy: HTTP transfers get 3 minutes,
# everything else gets 30 seconds.
#--------------------------------------------------
my $httpHold = 180;
my $otherHold = 30;
if ($policy eq 'medium')
{
#--------------------------------------------------
# "medium" policy: HTTP transfers get 10 minutes,
# everything else gets 5 minutes.
#--------------------------------------------------
$httpHold = 600;
$otherHold = 300;
}
elsif ($policy eq 'long')
{
#--------------------------------------------------
# "long" policy: HTTP transfers get 20 minutes,
# everything else gets 10 minutes.
#--------------------------------------------------
$httpHold = 1200;
$otherHold = 600;
}
#------------------------
# Rules for TCP packets.
#------------------------
# If we force the line up (for example to trigger fetchmail)
# but no packets are sent, specify how long to hold the line
# up:
$OUT .= "first-packet-timeout $otherHold\n";
# The first rule is designed to give the link 30 seconds up time
# when we are initiating a TCP connection. The idea here is to deal
# with possibility that the network on the opposite end of the
# connection is unreachable. In this case you don't really want to
# give the link 10 minutes up time. With the rule below we only give
# the link 30 seconds initially. If the network is reachable then
# we will normally get a response that actually contains some data
# within 30 seconds. If this causes problems because you have a
# slow response time at some site you want to regularly access, you
# can either increase the timeout or remove this rule.
$OUT .= "accept tcp 30 tcp.syn\n";
# If you are running named, then it will send data across the link
# periodically to synchronize against other domain name servers.
# Since this can happen at any time, it is undesirable to keep the
# link up for it. Therefore, we ignore any tcp traffic from or to a
# domain name server.
$OUT .= "ignore tcp tcp.dest=tcp.domain\n";
$OUT .= "ignore tcp tcp.source=tcp.domain\n";
# Normally the packet that starts a connection is longer that 40
# bytes, since it normally contains TCP options to specify the MSS.
# However, some TCP implementations don't include these options.
# Therefore, we must be careful not to ignore SYN packets that are
# only 40 bytes long.
$OUT .= "accept tcp 30 ip.tot_len=40,tcp.syn\n";
# Otherwise, we want to ignore any TCP packet that is only 40 bytes
# long, since it is not carrying any data. However, we don't want to
# ignore 40 byte packets that mark the closing of a connection,
# since we use those to cut short the timeout on connections that
# have died. Therefore we must test the tcp.live flag here. If it
# is not set we might want to see this packet later on in the rules.
$OUT .= "ignore tcp ip.tot_len=40,tcp.live\n";
# Make sure http transfers hold the link up, even after they end.
# This prevents web browsers from bouncing the connection too much.
$OUT .= "accept tcp $httpHold tcp.dest=tcp.www\n";
$OUT .= "accept tcp $httpHold tcp.source=tcp.www\n";
if ($SquidParent)
{
$OUT .= "accept tcp $httpHold tcp.dest=tcp.wwwproxy\n";
$OUT .= "accept tcp $httpHold tcp.source=tcp.wwwproxy\n";
}
# Once the link is no longer live, we try to shut down the
# connection quickly. Note that if the link is already down, the
# closing of the a connection (which will generate traffic) will not
# bring it back up.
$OUT .= "keepup tcp $otherHold !tcp.live\n";
$OUT .= "ignore tcp !tcp.live\n";
# Finally, if we don't match the TCP packet somewhere above, then we
# give the link 10 minutes up time. Most TCP packets match this
# rule. Note that as soon as the TCP connection is closed, the keepup
# rule above overwrites the timeout.
$OUT .= "accept tcp 600 any\n";
#-----------------------
# Rules for UDP packets
#-----------------------
# Don't bring the link up for rwho:
$OUT .= "ignore udp udp.dest=udp.who\n";
$OUT .= "ignore udp udp.source=udp.who\n";
# Don't bring the link up for routing packets:
$OUT .= "ignore udp udp.dest=udp.route\n";
$OUT .= "ignore udp udp.source=udp.route\n";
# Don't bring the link up for NTP or timed:
$OUT .= "ignore udp udp.dest=udp.ntp\n";
$OUT .= "ignore udp udp.source=udp.ntp\n";
$OUT .= "ignore udp udp.dest=udp.timed\n";
$OUT .= "ignore udp udp.source=udp.timed\n";
# Don't bring up on domain name requests between
# two running copies of named:
$OUT .= "ignore udp udp.dest=udp.domain,udp.source=udp.domain\n";
# Bring up the network for domain requests:
$OUT .= "accept udp 30 udp.dest=udp.domain \n";
$OUT .= "accept udp 30 udp.source=udp.domain\n";
# Bring up the network for netbios requests,
# except between netbios servers:
$OUT .=
"ignore udp udp.source=udp.netbios-ns,udp.dest=udp.netbios-ns\n";
$OUT .= "accept udp 30 udp.dest=udp.netbios-ns\n";
$OUT .= "accept udp 30 udp.source=udp.netbios-ns\n";
# Any other UDP packets:
$OUT .= "accept udp $otherHold any\n";
# Catch any packets that we didn't catch above:
$OUT .= "accept any $otherHold any\n";
}
}

173
root/etc/e-smith/templates/etc/diald.filter/40outside Normal file
View File

@@ -0,0 +1,173 @@
{
my $policy = $DialupConnOutside;
$OUT .= "\n";
$OUT .= "#------------------------------------------------------------\n";
$OUT .= "# Use \"$policy\" connect policy outside office hours on weekdays\n";
$OUT .= "#------------------------------------------------------------\n";
$OUT .= "\n";
$OUT .= "restrict * 7:59:59 1-5 * *\n";
$OUT .= "or-restrict 18:00:00 * 1-5 * *\n";
$OUT .= "\n";
if ($policy eq 'continuous')
{
$OUT .= "up\n";
}
elsif ($policy eq 'never')
{
$OUT .= "down\n";
}
else
{
#--------------------------------------------------
# "short" policy: HTTP transfers get 3 minutes,
# everything else gets 30 seconds.
#--------------------------------------------------
my $httpHold = 180;
my $otherHold = 30;
if ($policy eq 'medium')
{
#--------------------------------------------------
# "medium" policy: HTTP transfers get 10 minutes,
# everything else gets 5 minutes.
#--------------------------------------------------
$httpHold = 600;
$otherHold = 300;
}
elsif ($policy eq 'long')
{
#--------------------------------------------------
# "long" policy: HTTP transfers get 20 minutes,
# everything else gets 10 minutes.
#--------------------------------------------------
$httpHold = 1200;
$otherHold = 600;
}
#------------------------
# Rules for TCP packets.
#------------------------
# If we force the line up (for example to trigger fetchmail)
# but no packets are sent, specify how long to hold the line
# up:
$OUT .= "first-packet-timeout $otherHold\n";
# The first rule is designed to give the link 30 seconds up time
# when we are initiating a TCP connection. The idea here is to deal
# with possibility that the network on the opposite end of the
# connection is unreachable. In this case you don't really want to
# give the link 10 minutes up time. With the rule below we only give
# the link 30 seconds initially. If the network is reachable then
# we will normally get a response that actually contains some data
# within 30 seconds. If this causes problems because you have a
# slow response time at some site you want to regularly access, you
# can either increase the timeout or remove this rule.
$OUT .= "accept tcp 30 tcp.syn\n";
# If you are running named, then it will send data across the link
# periodically to synchronize against other domain name servers.
# Since this can happen at any time, it is undesirable to keep the
# link up for it. Therefore, we ignore any tcp traffic from or to a
# domain name server.
$OUT .= "ignore tcp tcp.dest=tcp.domain\n";
$OUT .= "ignore tcp tcp.source=tcp.domain\n";
# Normally the packet that starts a connection is longer that 40
# bytes, since it normally contains TCP options to specify the MSS.
# However, some TCP implementations don't include these options.
# Therefore, we must be careful not to ignore SYN packets that are
# only 40 bytes long.
$OUT .= "accept tcp 30 ip.tot_len=40,tcp.syn\n";
# Otherwise, we want to ignore any TCP packet that is only 40 bytes
# long, since it is not carrying any data. However, we don't want to
# ignore 40 byte packets that mark the closing of a connection,
# since we use those to cut short the timeout on connections that
# have died. Therefore we must test the tcp.live flag here. If it
# is not set we might want to see this packet later on in the rules.
$OUT .= "ignore tcp ip.tot_len=40,tcp.live\n";
# Make sure http transfers hold the link up, even after they end.
# This prevents web browsers from bouncing the connection too much.
$OUT .= "accept tcp $httpHold tcp.dest=tcp.www\n";
$OUT .= "accept tcp $httpHold tcp.source=tcp.www\n";
if ($SquidParent)
{
$OUT .= "accept tcp $httpHold tcp.dest=tcp.wwwproxy\n";
$OUT .= "accept tcp $httpHold tcp.source=tcp.wwwproxy\n";
}
# Once the link is no longer live, we try to shut down the
# connection quickly. Note that if the link is already down, the
# closing of the a connection (which will generate traffic) will not
# bring it back up.
$OUT .= "keepup tcp $otherHold !tcp.live\n";
$OUT .= "ignore tcp !tcp.live\n";
# Finally, if we don't match the TCP packet somewhere above, then we
# give the link 10 minutes up time. Most TCP packets match this
# rule. Note that as soon as the TCP connection is closed, the keepup
# rule above overwrites the timeout.
$OUT .= "accept tcp 600 any\n";
#-----------------------
# Rules for UDP packets
#-----------------------
# Don't bring the link up for rwho:
$OUT .= "ignore udp udp.dest=udp.who\n";
$OUT .= "ignore udp udp.source=udp.who\n";
# Don't bring the link up for routing packets:
$OUT .= "ignore udp udp.dest=udp.route\n";
$OUT .= "ignore udp udp.source=udp.route\n";
# Don't bring the link up for NTP or timed:
$OUT .= "ignore udp udp.dest=udp.ntp\n";
$OUT .= "ignore udp udp.source=udp.ntp\n";
$OUT .= "ignore udp udp.dest=udp.timed\n";
$OUT .= "ignore udp udp.source=udp.timed\n";
# Don't bring up on domain name requests between two
# running copies of named:
$OUT .= "ignore udp udp.dest=udp.domain,udp.source=udp.domain\n";
# Bring up the network for domain requests:
$OUT .= "accept udp 30 udp.dest=udp.domain \n";
$OUT .= "accept udp 30 udp.source=udp.domain\n";
# Bring up the network for netbios requests,
# except between netbios servers:
$OUT .= "ignore udp udp.source=udp.netbios-ns,udp.dest=udp.netbios-ns\n";
$OUT .= "accept udp 30 udp.dest=udp.netbios-ns\n";
$OUT .= "accept udp 30 udp.source=udp.netbios-ns\n";
# Any other UDP packets:
$OUT .= "accept udp $otherHold any\n";
# Catch any packets that we didn't catch above:
$OUT .= "accept any $otherHold any\n";
}
}

174
root/etc/e-smith/templates/etc/diald.filter/60weekend Normal file
View File

@@ -0,0 +1,174 @@
{
my $policy = $DialupConnWeekend;
$OUT .= "\n";
$OUT .= "#------------------------------------------------------------\n";
$OUT .= "# Use \"$policy\" connect policy during the weekend\n";
$OUT .= "#------------------------------------------------------------\n";
$OUT .= "\n";
$OUT .= "restrict * * 0,6 * *\n";
$OUT .= "\n";
if ($policy eq 'continuous')
{
$OUT .= "up\n";
}
elsif ($policy eq 'never')
{
$OUT .= "down\n";
}
else
{
#--------------------------------------------------
# "short" policy: HTTP transfers get 3 minutes,
# everything else gets 30 seconds.
#--------------------------------------------------
my $httpHold = 180;
my $otherHold = 30;
if ($policy eq 'medium')
{
#--------------------------------------------------
# "medium" policy: HTTP transfers get 10 minutes,
# everything else gets 5 minutes.
#--------------------------------------------------
$httpHold = 600;
$otherHold = 300;
}
elsif ($policy eq 'long')
{
#--------------------------------------------------
# "long" policy: HTTP transfers get 20 minutes,
# everything else gets 10 minutes.
#--------------------------------------------------
$httpHold = 1200;
$otherHold = 600;
}
#------------------------
# Rules for TCP packets.
#------------------------
# If we force the line up (for example to trigger fetchmail)
# but no packets are sent, specify how long to hold the line
# up:
$OUT .= "first-packet-timeout $otherHold\n";
# The first rule is designed to give the link 30 seconds up time
# when we are initiating a TCP connection. The idea here is to deal
# with possibility that the network on the opposite end of the
# connection is unreachable. In this case you don't really want to
# give the link 10 minutes up time. With the rule below we only give
# the link 30 seconds initially. If the network is reachable then
# we will normally get a response that actually contains some data
# within 30 seconds. If this causes problems because you have a
# slow response time at some site you want to regularly access, you
# can either increase the timeout or remove this rule.
$OUT .= "accept tcp 30 tcp.syn\n";
# If you are running named, then it will send data across the link
# periodically to synchronize against other domain name servers.
# Since this can happen at any time, it is undesirable to keep the
# link up for it. Therefore, we ignore any tcp traffic from or to a
# domain name server.
$OUT .= "ignore tcp tcp.dest=tcp.domain\n";
$OUT .= "ignore tcp tcp.source=tcp.domain\n";
# Normally the packet that starts a connection is longer that 40
# bytes, since it normally contains TCP options to specify the MSS.
# However, some TCP implementations don't include these options.
# Therefore, we must be careful not to ignore SYN packets that are
# only 40 bytes long.
$OUT .= "accept tcp 30 ip.tot_len=40,tcp.syn\n";
# Otherwise, we want to ignore any TCP packet that is only 40 bytes
# long, since it is not carrying any data. However, we don't want to
# ignore 40 byte packets that mark the closing of a connection,
# since we use those to cut short the timeout on connections that
# have died. Therefore we must test the tcp.live flag here. If it
# is not set we might want to see this packet later on in the rules.
$OUT .= "ignore tcp ip.tot_len=40,tcp.live\n";
# Make sure http transfers hold the link up, even after they end.
# This prevents web browsers from bouncing the connection too much.
$OUT .= "accept tcp $httpHold tcp.dest=tcp.www\n";
$OUT .= "accept tcp $httpHold tcp.source=tcp.www\n";
if ($SquidParent)
{
$OUT .= "accept tcp $httpHold tcp.dest=tcp.wwwproxy\n";
$OUT .= "accept tcp $httpHold tcp.source=tcp.wwwproxy\n";
}
# Once the link is no longer live, we try to shut down the
# connection quickly. Note that if the link is already down, the
# closing of the a connection (which will generate traffic) will not
# bring it back up.
$OUT .= "keepup tcp $otherHold !tcp.live\n";
$OUT .= "ignore tcp !tcp.live\n";
# Finally, if we don't match the TCP packet somewhere above, then we
# give the link 10 minutes up time. Most TCP packets match this
# rule. Note that as soon as the TCP connection is closed, the keepup
# rule above overwrites the timeout.
$OUT .= "accept tcp 600 any\n";
#-----------------------
# Rules for UDP packets
#-----------------------
# Don't bring the link up for rwho:
$OUT .= "ignore udp udp.dest=udp.who\n";
$OUT .= "ignore udp udp.source=udp.who\n";
# Don't bring the link up for routing packets:
$OUT .= "ignore udp udp.dest=udp.route\n";
$OUT .= "ignore udp udp.source=udp.route\n";
# Don't bring the link up for NTP or timed:
$OUT .= "ignore udp udp.dest=udp.ntp\n";
$OUT .= "ignore udp udp.source=udp.ntp\n";
$OUT .= "ignore udp udp.dest=udp.timed\n";
$OUT .= "ignore udp udp.source=udp.timed\n";
# Don't bring up on domain name requests between
# two running copies of named:
$OUT .= "ignore udp udp.dest=udp.domain,udp.source=udp.domain\n";
# Bring up the network for domain requests:
$OUT .= "accept udp 30 udp.dest=udp.domain \n";
$OUT .= "accept udp 30 udp.source=udp.domain\n";
# Bring up the network for netbios requests,
# except between netbios servers:
$OUT .= "ignore udp udp.source=udp.netbios-ns,udp.dest=udp.netbios-ns\n";
$OUT .= "accept udp 30 udp.dest=udp.netbios-ns\n";
$OUT .= "accept udp 30 udp.source=udp.netbios-ns\n";
# Any other UDP packets:
$OUT .= "accept udp $otherHold any\n";
# Catch any packets that we didn't catch above:
$OUT .= "accept any $otherHold any\n";
}
}

7
root/etc/e-smith/templates/etc/diald/link/20isdn Normal file
View File

@@ -0,0 +1,7 @@
isdn PHONE='{
my $phone = $DialupPhoneNumber || '';
$OUT = "$phone";
}' WAITTIME=10 EAZ_OUT='{
my $msn = $isdn{'Msn'} || '';
$OUT = "$msn";
}' EAZ_IN=''

1
root/etc/e-smith/templates/etc/e-smith/pam/accounts.allow/10admin Normal file
View File

@@ -0,0 +1 @@
admin

6
root/etc/e-smith/templates/etc/e-smith/pam/accounts.allow/20userAccounts Normal file
View File

@@ -0,0 +1,6 @@
{
use esmith::AccountsDB;
my $adb = esmith::AccountsDB->open_ro();
$OUT = join "\n", map { $_->key; } grep { $_->prop('PasswordSet') eq 'yes' } $adb->users;
}

24
root/etc/e-smith/templates/etc/e-smith/pam/accounts.deny/10passwordRequired Normal file
View File

@@ -0,0 +1,24 @@
{
use esmith::AccountsDB;
my $adb = esmith::AccountsDB->open_ro();
while ( my $name = getpwent )
{
next if ($name eq "admin");
next if ($name eq "public") and ($ACCOUNTS_DENY_ALLOW_PUBLIC);
my $a = $adb->get($name);
next unless defined $a;
my $type = $a->prop('type') || 'none';
if ( $type =~ /(user|ibay)/ )
{
my $passwordSet = $a->prop('PasswordSet') || 'no';
next if ($passwordSet eq "yes");
my $ftpMode = $a->prop('PublicAccess') || 'none';
next if ($ftpMode eq "local" or $ftpMode eq "global");
}
$OUT .= "$name\n";
}
}

3
root/etc/e-smith/templates/etc/e-smith/pam/accounts.deny/20standardAccounts Normal file
View File

@@ -0,0 +1,3 @@
halt
shutdown
sync

1
root/etc/e-smith/templates/etc/e-smith/pam/users.allow/10admin Normal file
View File

@@ -0,0 +1 @@
admin

6
root/etc/e-smith/templates/etc/e-smith/pam/users.allow/20userAccounts Normal file
View File

@@ -0,0 +1,6 @@
{
use esmith::AccountsDB;
my $adb = esmith::AccountsDB->open_ro();
$OUT = join "\n", map { $_->key; } grep { $_->prop('PasswordSet') eq 'yes' } $adb->users;
}

0
root/etc/e-smith/templates/etc/e-smith/web/common/foot.tmpl/template-begin Normal file
View File

0
root/etc/e-smith/templates/etc/e-smith/web/common/head.tmpl/template-begin Normal file
View File

1
root/etc/e-smith/templates/etc/elinks.conf/10homepage Normal file
View File

@@ -0,0 +1 @@
set ui.sessions.homepage = "http://localhost/server-manager"

1
root/etc/e-smith/templates/etc/elinks.conf/10insert_mode Normal file
View File

@@ -0,0 +1 @@
set document.browse.forms.insert_mode = 0

3
root/etc/e-smith/templates/etc/elinks.conf/10no_utf8 Normal file
View File

@@ -0,0 +1,3 @@
set terminal.linux.utf_8_io = 0
set terminal.xterm.utf_8_io = 0
set terminal.xterm.m11_hack = 1

1
root/etc/e-smith/templates/etc/elinks.conf/10obey_cache_control Normal file
View File

@@ -0,0 +1 @@
set document.cache.ignore_cache_control = 0

1
root/etc/e-smith/templates/etc/elinks.conf/10post_confirm Normal file
View File

@@ -0,0 +1 @@
set document.browse.forms.confirm_submit = 0

9
root/etc/e-smith/templates/etc/fstab/50UndoDisableTmpfs Normal file
View File

@@ -0,0 +1,9 @@
{
# In 5.5 and before we commented out /dev/shm tmpfs entry
# We no longer need to do that with the 2.4 kernel
@lines = map {
m:^#none\s+/dev/shm\s+tmpfs\s+defaults: && s/^#//;
$_
} @lines;
"";
}

7
root/etc/e-smith/templates/etc/fstab/99writefile Normal file
View File

@@ -0,0 +1,7 @@
{
$OUT .= "";
foreach my $line (@lines)
{
$OUT .= "$line\n";
}
}

35
root/etc/e-smith/templates/etc/fstab/template-begin Normal file
View File

@@ -0,0 +1,35 @@
{
# vim: ft=perl:
%lines = ();
@lines = ();
open (RD, "</etc/fstab")
|| warn "Cannot open input file /etc/fstab: $!\n";
while (<RD>)
{
chop;
push @lines, $_;
$lines{$_} = 1;
}
close(RD);
my @header = (
"#------------------------------------------------------------",
"# BE CAREFUL WHEN MODIFYING THIS FILE! It is updated automatically",
"# by the SME server software. A few entries are updated during",
"# the template processing of the file and white space is removed,",
"# but otherwise changes to the file are preserved.",
"# For more information, see http://www.e-smith.org/custom/ and",
"# the template fragments in /etc/e-smith/templates/etc/fstab/.",
"# ",
"# copyright (C) 2002 Mitel Networks Corporation",
"#------------------------------------------------------------",
);
foreach my $line (@header)
{
# Print the header banner, and delete any of its lines from the
# buffer, so that it isn't repeated.
my $test = $line;
$test =~ tr/()/../; # Avoid special interpretation of () in pattern
@lines = grep { !/^$test$/ } @lines;
$OUT .= "$line\n";
}
}

1
root/etc/e-smith/templates/etc/ftpusers/00README Normal file
View File

@@ -0,0 +1 @@
# Now generated from /etc/e-smith/pam/accounts.deny

3
root/etc/e-smith/templates/etc/hosts.allow/identd Normal file
View File

@@ -0,0 +1,3 @@
{
$DB->hosts_allow_spec('oidentd', 'in.identd');
}

1
root/etc/e-smith/templates/etc/hosts.deny/00startup Normal file
View File

@@ -0,0 +1 @@
ALL: ALL

1
root/etc/e-smith/templates/etc/hosts/10localhost Normal file
View File

@@ -0,0 +1 @@
127.0.0.1 localhost

5
root/etc/e-smith/templates/etc/hosts/20hostname Normal file
View File

@@ -0,0 +1,5 @@
{
$OUT .= "$LocalIP\t";
$OUT .= " ${SystemName}.${DomainName}";
$OUT .= " ${SystemName}";
}

4
root/etc/e-smith/templates/etc/inittab/10defaultlevel Normal file
View File

@@ -0,0 +1,4 @@
# Default runlevel.
#
id:4:initdefault:

10
root/etc/e-smith/templates/etc/logrotate.conf/05rotate Normal file
View File

@@ -0,0 +1,10 @@
# see "man logrotate" for details
# rotate log files weekly
{
#daily, weekly, monthly
$rotate=$rsyslog{'RotateDays'} || '7';
$OUT="weekly" ;
$OUT="monthly" if ( $rotate > 21 );
$OUT="daily" if ( $rotate == 1 );
}

11
root/etc/e-smith/templates/etc/logrotate.conf/10keep Normal file
View File

@@ -0,0 +1,11 @@
{
$rotate=$rsyslog{'RotateDays'} || 7;
$purge=$rsyslog{'PurgeLength'} || 95;
$OUT.="#Remove rotated logs older than <count> days.
maxage $purge\n\n";
$total=$rsyslog{'KeepNumber'} || sprintf("%.0f",$purge/$rotate)||4;
$OUT.="# keep n weeks worth of backlogs
rotate $total\n";
}
maxsize {$rsyslog{'MaxSize'} || "100M";}

3
root/etc/e-smith/templates/etc/logrotate.conf/11notifempty Normal file
View File

@@ -0,0 +1,3 @@
# we de not want to collect empty rotated logs
notifempty

3
root/etc/e-smith/templates/etc/logrotate.conf/20empty Normal file
View File

@@ -0,0 +1,3 @@
# create new (empty) log files after rotating old ones
create

3
root/etc/e-smith/templates/etc/logrotate.conf/30extension Normal file
View File

@@ -0,0 +1,3 @@
# use date as a suffix of the rotated file
dateext

3
root/etc/e-smith/templates/etc/logrotate.conf/35compress Normal file
View File

@@ -0,0 +1,3 @@
# uncomment this if you want your log files compressed
#compress

4
root/etc/e-smith/templates/etc/logrotate.conf/37rpms Normal file
View File

@@ -0,0 +1,4 @@
# RPM packages drop log rotation information into this directory
include /etc/logrotate.d

16
root/etc/e-smith/templates/etc/logrotate.conf/40included Normal file
View File

@@ -0,0 +1,16 @@
# no packages own wtmp and btmp -- we'll rotate them here
/var/log/wtmp \{
monthly
create 0664 root utmp
minsize 1M
rotate 1
\}
/var/log/btmp \{
missingok
monthly
create 0600 root utmp
rotate 1
\}
# system-specific logs may be also be configured here.

6
root/etc/e-smith/templates/etc/lynx.cfg/10preferredLanguage Normal file
View File

@@ -0,0 +1,6 @@
{
my $language = lc $sysconfig{Language};
$language =~ s/_/-/;
return "PREFERRED_LANGUAGE:$language";
}

1
root/etc/e-smith/templates/etc/lynx.cfg/20helpfile Normal file
View File

@@ -0,0 +1 @@
HELPFILE:file://localhost/usr/share/doc/lynx-2.8.4/lynx_help/lynx_help_main.html

1
root/etc/e-smith/templates/etc/lynx.cfg/30index Normal file
View File

@@ -0,0 +1 @@
DEFAULT_INDEX_FILE:http://www.google.com/

1
root/etc/e-smith/templates/etc/lynx.cfg/40startfile Normal file
View File

@@ -0,0 +1 @@
STARTFILE:http://localhost/server-manager/noframes

1
root/etc/e-smith/templates/etc/lynx.cfg/50forcessl Normal file
View File

@@ -0,0 +1 @@
FORCE_SSL_PROMPT:yes

1287
root/etc/e-smith/templates/etc/mime.types/10sample-types Normal file
View File

File diff suppressed because it is too large Load Diff

5
root/etc/e-smith/templates/etc/modprobe.d/bonding.conf/10bonding Normal file
View File

@@ -0,0 +1,5 @@
{
return "# Bonding is disabled" unless
(($InternalInterface{'NICBonding'} || 'disabled') eq 'enabled');
$OUT .= "alias bond0 bonding";
}

13
root/etc/e-smith/templates/etc/nsswitch.conf/10files Normal file
View File

@@ -0,0 +1,13 @@
passwd: { ($ldap{Authentication} || 'disabled') eq 'enabled' ? 'files ldap' : 'files' }
shadow: { ($ldap{Authentication} || 'disabled') eq 'enabled' ? 'files ldap' : 'files' }
group: { ($ldap{Authentication} || 'disabled') eq 'enabled' ? 'files ldap' : 'files' }
hosts: { ($AccessType eq "off") ? "files" : "files dns" }
services: files
networks: files
protocols: files
rpc: files
ethers: files
netmasks: files
bootparams: files
automount: files
aliases: files

38
root/etc/e-smith/templates/etc/openssl.conf/05config Normal file
View File

@@ -0,0 +1,38 @@
{
# use Data::Validate::IP;
use Net::IP qw(ip_is_ipv4 ip_is_ipv6);
our $KeySize = $modSSL{KeySize} ||'4096';
our $FQDN = "$SystemName.$DomainName";
our $Country = $modSSL{Country} || "--";
our $State = $modSSL{State} || "----";
our $commonName = $modSSL{CommonName} || $FQDN;
our $crt = "/home/e-smith/ssl.crt/$FQDN.crt";
our $key = "/home/e-smith/ssl.key/$FQDN.key";
our $defaultCity = $ldap{defaultCity} || '-';
our $defaultCompany = $ldap{defaultCompany} || $commonName ;
our $defaultDepartment = $ldap{defaultDepartment} || '-';
our $email = "admin\@$DomainName";
our @subjectAlt = `/sbin/e-smith/generate-subjectaltnames`;
chomp @subjectAlt;
our $subjectAltName = "";
my $i=0;
for my $elem (@subjectAlt) {
$subjectAltName .= ", " if $i>0;
$i++;
if (ip_is_ipv4($elem) || ip_is_ipv6($elem) ){
$subjectAltName .= "IP:$elem";
next;
}
$subjectAltName .= "DNS:$elem";
}
$subjectAltName = ( $subjectAltName eq "DNS: ")? "": $subjectAltName;
# crop fields that are too long for X509:
$Country = substr($Country, 0, 2);
$defaultCity = substr($defaultCity, 0, 128);
$defaultCompany = substr($defaultCompany, 0, 64);
$defaultDepartment = substr($defaultDepartment, 0, 64);
$email = substr($email, 0, 64);
$commonName = substr($commonName, 0, 64);
$OUT="";
}

10
root/etc/e-smith/templates/etc/openssl.conf/40req Normal file
View File

@@ -0,0 +1,10 @@
[ req ]
default_bits = {$KeySize}
prompt = no
default_md = sha256
default_keyfile = {$key}
distinguished_name = req_distinguished_name
attributes = req_attributes
x509_extensions = v3_ca
req_extensions = v3_req

9
root/etc/e-smith/templates/etc/openssl.conf/45req_distinguished_name Normal file
View File

@@ -0,0 +1,9 @@
[ req_distinguished_name ]
C = {$Country}
ST = {$State}
L = {$defaultCity}
O = {$defaultCompany}
OU = {$defaultDepartment}
CN = {$commonName}
emailAddress = {$email}

Some files were not shown because too many files have changed in this diff Show More