From c1f552b269c3b2980f24076328835512e4bf04b4 Mon Sep 17 00:00:00 2001 From: Charles N Wyble Date: Wed, 24 Jan 2018 18:30:48 -0600 Subject: [PATCH] move to archive, cleaning up for golive --- {CMDB => archive/CMDB}/snmp/.svn/all-wcprops | 0 {CMDB => archive/CMDB}/snmp/.svn/entries | 0 .../prop-base/centos-snmpd.options.svn-base | 0 .../text-base/centos-snmpd.options.svn-base | 0 .../text-base/debian-default-snmpd.svn-base | 0 .../.svn/text-base/setup-snmp.sh.svn-base | 0 .../snmp/.svn/text-base/snmpd.conf.svn-base | 0 .../CMDB}/snmp/centos-snmpd.options | 0 .../CMDB}/snmp/debian-default-snmpd | 0 {CMDB => archive/CMDB}/snmp/distro | 0 {CMDB => archive/CMDB}/snmp/setup-snmp.sh | 0 {CMDB => archive/CMDB}/snmp/snmpd.conf | 0 {CMDB => archive/CMDB}/subnets | 0 {CMDB => archive/CMDB}/zenossScan.sh | 0 README => archive/README | 0 TODO.TXT => archive/TODO.TXT | 0 .../bare-metal}/interfaces-fnfDedi | 0 .../bare-metal}/interfaces-tsysDedi | 0 {lab => archive/lab}/LICENSE | 0 {lab => archive/lab}/README | 0 {lab => archive/lab}/README.md | 0 {lab => archive/lab}/docs/Joes-logical | 0 {lab => archive/lab}/docs/Joes-logical.png | Bin {lab => archive/lab}/docs/Lab-physical | 0 {lab => archive/lab}/docs/LabLogical-Backbone | 0 .../lab}/docs/LabLogical-Backbone.png | Bin {lab => archive/lab}/docs/LabLogical-Devices | 0 .../lab}/docs/LabLogical-Devices.png | Bin {lab => archive/lab}/vagrant/Vagrantfile | 0 .../docker/thefnf/freeradius/Dockerfile | 0 .../vagrant/docker/thefnf/freeside/Dockerfile | 0 .../vagrant/docker/thefnf/freeside/Makefile | 0 .../vagrant/docker/thefnf/odoo/Dockerfile | 0 .../docker/thefnf/odoo/openerp_serverrc | 0 .../ovh/shared-router/shorewall/conntrack | 0 .../ovh/shared-router/shorewall/interfaces | 0 .../ovh/shared-router/shorewall/masq | 0 .../ovh/shared-router/shorewall/params | 0 .../ovh/shared-router/shorewall/policy | 0 .../ovh/shared-router/shorewall/rules | 0 .../shared-router/shorewall/shorewall.conf | 0 .../ovh/shared-router/shorewall/zones | 0 .../rubix}/Monitoring/mibs/LM-SENSORS-MIB | 0 {rundeck => archive/rundeck}/auslab | 0 {rundeck => archive/rundeck}/ovh | 0 {rundeck => archive/rundeck}/satx | 0 {rundeck => archive/rundeck}/sshConfig | 0 {slack => archive/slack-runtime}/bin/distro | 0 .../slack-runtime}/bin/slackInstall.sh | 0 .../slack-runtime}/dist/Makefile | 0 .../slack-runtime}/dist/Makefile.common | 0 .../slack-runtime}/dist/Slack.pm | 0 {slack => archive/slack-runtime}/dist/slack | 0 .../slack-runtime}/dist/slack-diff | 0 .../slack-runtime}/dist/slack-getroles | 0 .../slack-runtime}/dist/slack-installfiles | 0 .../slack-runtime}/dist/slack-rolediff | 0 .../slack-runtime}/dist/slack-runscript | 0 .../slack-runtime}/dist/slack-runscript.orig | 0 .../slack-runtime}/dist/slack-stage | 0 .../slack-runtime}/dist/slack-sync | 0 .../slack-runtime}/dist/slack.conf | 0 .../env/SlackConfig-prod.config | 0 .../slack-runtime}/env/SlackSSH-prod.config | 0 .../slack-runtime}/env/SlackSSH-prod.key | 0 .../slack-runtime}/env/SlackSSH-prod.key.pub | 0 .../slack-runtime}/slackDist.tar.gz | Bin archive/slack/TODO | 15 +++ archive/slack/ts-base-ovh/files/etc/aliases | 3 + .../ts-base-ovh/files/etc/cron.d/sysstat | 9 ++ .../ts-base-ovh/files/etc/cron.daily/clamscan | 14 +++ .../slack/ts-base-ovh/files/etc/default/snmpd | 22 ++++ .../ts-base-ovh/files/etc/default/sysstat | 9 ++ archive/slack/ts-base-ovh/files/etc/ntp.conf | 8 ++ .../source/anchors/TippingPointCARootCert.crt | 33 ++++++ .../ca-trust/source/anchors/hpca2ssG2_ns.crt | 26 +++++ .../ts-base-ovh/files/etc/postfix/main.cf | 38 +++++++ archive/slack/ts-base-ovh/files/etc/profile | 34 ++++++ .../slack/ts-base-ovh/files/etc/resolv.conf | 4 + .../ts-base-ovh/files/etc/snmp/snmpd.conf | 11 ++ .../ts-base-ovh/files/etc/ssh/sshd-banner | 11 ++ .../ts-base-ovh/files/etc/ssh/sshd_config | 99 ++++++++++++++++++ .../files/etc/ssh/sshd_config.ubuntu | 98 +++++++++++++++++ .../ts-base-ovh/files/etc/ssh/welcome-banner | 12 +++ .../ts-base-ovh/files/etc/sssd/sssd.conf | 28 +++++ archive/slack/ts-base-ovh/files/etc/sudoers | 34 ++++++ .../local/localuser/.ssh/authorized_keys | 6 ++ .../files/root/.ssh/authorized_keys | 2 + .../files/usr/local/bin/upAndRoll.sh | 9 ++ ...X-TurnNetSystemsIntermediateCARootCert.crt | 0 archive/slack/ts-base-ovh/scripts/fixfiles | 4 + archive/slack/ts-base-ovh/scripts/postinstall | 71 +++++++++++++ 92 files changed, 600 insertions(+) rename {CMDB => archive/CMDB}/snmp/.svn/all-wcprops (100%) rename {CMDB => archive/CMDB}/snmp/.svn/entries (100%) rename {CMDB => archive/CMDB}/snmp/.svn/prop-base/centos-snmpd.options.svn-base (100%) rename {CMDB => archive/CMDB}/snmp/.svn/text-base/centos-snmpd.options.svn-base (100%) rename {CMDB => archive/CMDB}/snmp/.svn/text-base/debian-default-snmpd.svn-base (100%) rename {CMDB => archive/CMDB}/snmp/.svn/text-base/setup-snmp.sh.svn-base (100%) rename {CMDB => archive/CMDB}/snmp/.svn/text-base/snmpd.conf.svn-base (100%) rename {CMDB => archive/CMDB}/snmp/centos-snmpd.options (100%) rename {CMDB => archive/CMDB}/snmp/debian-default-snmpd (100%) rename {CMDB => archive/CMDB}/snmp/distro (100%) rename {CMDB => archive/CMDB}/snmp/setup-snmp.sh (100%) rename {CMDB => archive/CMDB}/snmp/snmpd.conf (100%) rename {CMDB => archive/CMDB}/subnets (100%) rename {CMDB => archive/CMDB}/zenossScan.sh (100%) rename README => archive/README (100%) rename TODO.TXT => archive/TODO.TXT (100%) rename {bare-metal => archive/bare-metal}/interfaces-fnfDedi (100%) rename {bare-metal => archive/bare-metal}/interfaces-tsysDedi (100%) rename {lab => archive/lab}/LICENSE (100%) rename {lab => archive/lab}/README (100%) rename {lab => archive/lab}/README.md (100%) rename {lab => archive/lab}/docs/Joes-logical (100%) rename {lab => archive/lab}/docs/Joes-logical.png (100%) rename {lab => archive/lab}/docs/Lab-physical (100%) rename {lab => archive/lab}/docs/LabLogical-Backbone (100%) rename {lab => archive/lab}/docs/LabLogical-Backbone.png (100%) rename {lab => archive/lab}/docs/LabLogical-Devices (100%) rename {lab => archive/lab}/docs/LabLogical-Devices.png (100%) rename {lab => archive/lab}/vagrant/Vagrantfile (100%) rename {lab => archive/lab}/vagrant/docker/thefnf/freeradius/Dockerfile (100%) rename {lab => archive/lab}/vagrant/docker/thefnf/freeside/Dockerfile (100%) rename {lab => archive/lab}/vagrant/docker/thefnf/freeside/Makefile (100%) rename {lab => archive/lab}/vagrant/docker/thefnf/odoo/Dockerfile (100%) rename {lab => archive/lab}/vagrant/docker/thefnf/odoo/openerp_serverrc (100%) rename {mtpconfigs => archive/mtpconfigs}/ovh/shared-router/shorewall/conntrack (100%) rename {mtpconfigs => archive/mtpconfigs}/ovh/shared-router/shorewall/interfaces (100%) rename {mtpconfigs => archive/mtpconfigs}/ovh/shared-router/shorewall/masq (100%) rename {mtpconfigs => archive/mtpconfigs}/ovh/shared-router/shorewall/params (100%) rename {mtpconfigs => archive/mtpconfigs}/ovh/shared-router/shorewall/policy (100%) rename {mtpconfigs => archive/mtpconfigs}/ovh/shared-router/shorewall/rules (100%) rename {mtpconfigs => archive/mtpconfigs}/ovh/shared-router/shorewall/shorewall.conf (100%) rename {mtpconfigs => archive/mtpconfigs}/ovh/shared-router/shorewall/zones (100%) rename {rubix => archive/rubix}/Monitoring/mibs/LM-SENSORS-MIB (100%) rename {rundeck => archive/rundeck}/auslab (100%) rename {rundeck => archive/rundeck}/ovh (100%) rename {rundeck => archive/rundeck}/satx (100%) rename {rundeck => archive/rundeck}/sshConfig (100%) rename {slack => archive/slack-runtime}/bin/distro (100%) rename {slack => archive/slack-runtime}/bin/slackInstall.sh (100%) rename {slack => archive/slack-runtime}/dist/Makefile (100%) rename {slack => archive/slack-runtime}/dist/Makefile.common (100%) rename {slack => archive/slack-runtime}/dist/Slack.pm (100%) rename {slack => archive/slack-runtime}/dist/slack (100%) rename {slack => archive/slack-runtime}/dist/slack-diff (100%) rename {slack => archive/slack-runtime}/dist/slack-getroles (100%) rename {slack => archive/slack-runtime}/dist/slack-installfiles (100%) rename {slack => archive/slack-runtime}/dist/slack-rolediff (100%) rename {slack => archive/slack-runtime}/dist/slack-runscript (100%) rename {slack => archive/slack-runtime}/dist/slack-runscript.orig (100%) rename {slack => archive/slack-runtime}/dist/slack-stage (100%) rename {slack => archive/slack-runtime}/dist/slack-sync (100%) rename {slack => archive/slack-runtime}/dist/slack.conf (100%) rename {slack => archive/slack-runtime}/env/SlackConfig-prod.config (100%) rename {slack => archive/slack-runtime}/env/SlackSSH-prod.config (100%) rename {slack => archive/slack-runtime}/env/SlackSSH-prod.key (100%) rename {slack => archive/slack-runtime}/env/SlackSSH-prod.key.pub (100%) rename {slack => archive/slack-runtime}/slackDist.tar.gz (100%) create mode 100755 archive/slack/TODO create mode 100755 archive/slack/ts-base-ovh/files/etc/aliases create mode 100755 archive/slack/ts-base-ovh/files/etc/cron.d/sysstat create mode 100755 archive/slack/ts-base-ovh/files/etc/cron.daily/clamscan create mode 100755 archive/slack/ts-base-ovh/files/etc/default/snmpd create mode 100755 archive/slack/ts-base-ovh/files/etc/default/sysstat create mode 100755 archive/slack/ts-base-ovh/files/etc/ntp.conf create mode 100755 archive/slack/ts-base-ovh/files/etc/pki/ca-trust/source/anchors/TippingPointCARootCert.crt create mode 100755 archive/slack/ts-base-ovh/files/etc/pki/ca-trust/source/anchors/hpca2ssG2_ns.crt create mode 100755 archive/slack/ts-base-ovh/files/etc/postfix/main.cf create mode 100755 archive/slack/ts-base-ovh/files/etc/profile create mode 100755 archive/slack/ts-base-ovh/files/etc/resolv.conf create mode 100755 archive/slack/ts-base-ovh/files/etc/snmp/snmpd.conf create mode 100755 archive/slack/ts-base-ovh/files/etc/ssh/sshd-banner create mode 100755 archive/slack/ts-base-ovh/files/etc/ssh/sshd_config create mode 100755 archive/slack/ts-base-ovh/files/etc/ssh/sshd_config.ubuntu create mode 100755 archive/slack/ts-base-ovh/files/etc/ssh/welcome-banner create mode 100755 archive/slack/ts-base-ovh/files/etc/sssd/sssd.conf create mode 100755 archive/slack/ts-base-ovh/files/etc/sudoers create mode 100755 archive/slack/ts-base-ovh/files/local/localuser/.ssh/authorized_keys create mode 100755 archive/slack/ts-base-ovh/files/root/.ssh/authorized_keys create mode 100755 archive/slack/ts-base-ovh/files/usr/local/bin/upAndRoll.sh create mode 100644 archive/slack/ts-base-ovh/files/usr/local/share/ca-certificates/EMPTY-TOFIX-TurnNetSystemsIntermediateCARootCert.crt create mode 100755 archive/slack/ts-base-ovh/scripts/fixfiles create mode 100755 archive/slack/ts-base-ovh/scripts/postinstall diff --git a/CMDB/snmp/.svn/all-wcprops b/archive/CMDB/snmp/.svn/all-wcprops similarity index 100% rename from CMDB/snmp/.svn/all-wcprops rename to archive/CMDB/snmp/.svn/all-wcprops diff --git a/CMDB/snmp/.svn/entries b/archive/CMDB/snmp/.svn/entries similarity index 100% rename from CMDB/snmp/.svn/entries rename to archive/CMDB/snmp/.svn/entries diff --git a/CMDB/snmp/.svn/prop-base/centos-snmpd.options.svn-base b/archive/CMDB/snmp/.svn/prop-base/centos-snmpd.options.svn-base similarity index 100% rename from CMDB/snmp/.svn/prop-base/centos-snmpd.options.svn-base rename to archive/CMDB/snmp/.svn/prop-base/centos-snmpd.options.svn-base diff --git a/CMDB/snmp/.svn/text-base/centos-snmpd.options.svn-base b/archive/CMDB/snmp/.svn/text-base/centos-snmpd.options.svn-base similarity index 100% rename from CMDB/snmp/.svn/text-base/centos-snmpd.options.svn-base rename to archive/CMDB/snmp/.svn/text-base/centos-snmpd.options.svn-base diff --git a/CMDB/snmp/.svn/text-base/debian-default-snmpd.svn-base b/archive/CMDB/snmp/.svn/text-base/debian-default-snmpd.svn-base similarity index 100% rename from CMDB/snmp/.svn/text-base/debian-default-snmpd.svn-base rename to archive/CMDB/snmp/.svn/text-base/debian-default-snmpd.svn-base diff --git a/CMDB/snmp/.svn/text-base/setup-snmp.sh.svn-base b/archive/CMDB/snmp/.svn/text-base/setup-snmp.sh.svn-base similarity index 100% rename from CMDB/snmp/.svn/text-base/setup-snmp.sh.svn-base rename to archive/CMDB/snmp/.svn/text-base/setup-snmp.sh.svn-base diff --git a/CMDB/snmp/.svn/text-base/snmpd.conf.svn-base b/archive/CMDB/snmp/.svn/text-base/snmpd.conf.svn-base similarity index 100% rename from CMDB/snmp/.svn/text-base/snmpd.conf.svn-base rename to archive/CMDB/snmp/.svn/text-base/snmpd.conf.svn-base diff --git a/CMDB/snmp/centos-snmpd.options b/archive/CMDB/snmp/centos-snmpd.options similarity index 100% rename from CMDB/snmp/centos-snmpd.options rename to archive/CMDB/snmp/centos-snmpd.options diff --git a/CMDB/snmp/debian-default-snmpd b/archive/CMDB/snmp/debian-default-snmpd similarity index 100% rename from CMDB/snmp/debian-default-snmpd rename to archive/CMDB/snmp/debian-default-snmpd diff --git a/CMDB/snmp/distro b/archive/CMDB/snmp/distro similarity index 100% rename from CMDB/snmp/distro rename to archive/CMDB/snmp/distro diff --git a/CMDB/snmp/setup-snmp.sh b/archive/CMDB/snmp/setup-snmp.sh similarity index 100% rename from CMDB/snmp/setup-snmp.sh rename to archive/CMDB/snmp/setup-snmp.sh diff --git a/CMDB/snmp/snmpd.conf b/archive/CMDB/snmp/snmpd.conf similarity index 100% rename from CMDB/snmp/snmpd.conf rename to archive/CMDB/snmp/snmpd.conf diff --git a/CMDB/subnets b/archive/CMDB/subnets similarity index 100% rename from CMDB/subnets rename to archive/CMDB/subnets diff --git a/CMDB/zenossScan.sh b/archive/CMDB/zenossScan.sh similarity index 100% rename from CMDB/zenossScan.sh rename to archive/CMDB/zenossScan.sh diff --git a/README b/archive/README similarity index 100% rename from README rename to archive/README diff --git a/TODO.TXT b/archive/TODO.TXT similarity index 100% rename from TODO.TXT rename to archive/TODO.TXT diff --git a/bare-metal/interfaces-fnfDedi b/archive/bare-metal/interfaces-fnfDedi similarity index 100% rename from bare-metal/interfaces-fnfDedi rename to archive/bare-metal/interfaces-fnfDedi diff --git a/bare-metal/interfaces-tsysDedi b/archive/bare-metal/interfaces-tsysDedi similarity index 100% rename from bare-metal/interfaces-tsysDedi rename to archive/bare-metal/interfaces-tsysDedi diff --git a/lab/LICENSE b/archive/lab/LICENSE similarity index 100% rename from lab/LICENSE rename to archive/lab/LICENSE diff --git a/lab/README b/archive/lab/README similarity index 100% rename from lab/README rename to archive/lab/README diff --git a/lab/README.md b/archive/lab/README.md similarity index 100% rename from lab/README.md rename to archive/lab/README.md diff --git a/lab/docs/Joes-logical b/archive/lab/docs/Joes-logical similarity index 100% rename from lab/docs/Joes-logical rename to archive/lab/docs/Joes-logical diff --git a/lab/docs/Joes-logical.png b/archive/lab/docs/Joes-logical.png similarity index 100% rename from lab/docs/Joes-logical.png rename to archive/lab/docs/Joes-logical.png diff --git a/lab/docs/Lab-physical b/archive/lab/docs/Lab-physical similarity index 100% rename from lab/docs/Lab-physical rename to archive/lab/docs/Lab-physical diff --git a/lab/docs/LabLogical-Backbone b/archive/lab/docs/LabLogical-Backbone similarity index 100% rename from lab/docs/LabLogical-Backbone rename to archive/lab/docs/LabLogical-Backbone diff --git a/lab/docs/LabLogical-Backbone.png b/archive/lab/docs/LabLogical-Backbone.png similarity index 100% rename from lab/docs/LabLogical-Backbone.png rename to archive/lab/docs/LabLogical-Backbone.png diff --git a/lab/docs/LabLogical-Devices b/archive/lab/docs/LabLogical-Devices similarity index 100% rename from lab/docs/LabLogical-Devices rename to archive/lab/docs/LabLogical-Devices diff --git a/lab/docs/LabLogical-Devices.png b/archive/lab/docs/LabLogical-Devices.png similarity index 100% rename from lab/docs/LabLogical-Devices.png rename to archive/lab/docs/LabLogical-Devices.png diff --git a/lab/vagrant/Vagrantfile b/archive/lab/vagrant/Vagrantfile similarity index 100% rename from lab/vagrant/Vagrantfile rename to archive/lab/vagrant/Vagrantfile diff --git a/lab/vagrant/docker/thefnf/freeradius/Dockerfile b/archive/lab/vagrant/docker/thefnf/freeradius/Dockerfile similarity index 100% rename from lab/vagrant/docker/thefnf/freeradius/Dockerfile rename to archive/lab/vagrant/docker/thefnf/freeradius/Dockerfile diff --git a/lab/vagrant/docker/thefnf/freeside/Dockerfile b/archive/lab/vagrant/docker/thefnf/freeside/Dockerfile similarity index 100% rename from lab/vagrant/docker/thefnf/freeside/Dockerfile rename to archive/lab/vagrant/docker/thefnf/freeside/Dockerfile diff --git a/lab/vagrant/docker/thefnf/freeside/Makefile b/archive/lab/vagrant/docker/thefnf/freeside/Makefile similarity index 100% rename from lab/vagrant/docker/thefnf/freeside/Makefile rename to archive/lab/vagrant/docker/thefnf/freeside/Makefile diff --git a/lab/vagrant/docker/thefnf/odoo/Dockerfile b/archive/lab/vagrant/docker/thefnf/odoo/Dockerfile similarity index 100% rename from lab/vagrant/docker/thefnf/odoo/Dockerfile rename to archive/lab/vagrant/docker/thefnf/odoo/Dockerfile diff --git a/lab/vagrant/docker/thefnf/odoo/openerp_serverrc b/archive/lab/vagrant/docker/thefnf/odoo/openerp_serverrc similarity index 100% rename from lab/vagrant/docker/thefnf/odoo/openerp_serverrc rename to archive/lab/vagrant/docker/thefnf/odoo/openerp_serverrc diff --git a/mtpconfigs/ovh/shared-router/shorewall/conntrack b/archive/mtpconfigs/ovh/shared-router/shorewall/conntrack similarity index 100% rename from mtpconfigs/ovh/shared-router/shorewall/conntrack rename to archive/mtpconfigs/ovh/shared-router/shorewall/conntrack diff --git a/mtpconfigs/ovh/shared-router/shorewall/interfaces b/archive/mtpconfigs/ovh/shared-router/shorewall/interfaces similarity index 100% rename from mtpconfigs/ovh/shared-router/shorewall/interfaces rename to archive/mtpconfigs/ovh/shared-router/shorewall/interfaces diff --git a/mtpconfigs/ovh/shared-router/shorewall/masq b/archive/mtpconfigs/ovh/shared-router/shorewall/masq similarity index 100% rename from mtpconfigs/ovh/shared-router/shorewall/masq rename to archive/mtpconfigs/ovh/shared-router/shorewall/masq diff --git a/mtpconfigs/ovh/shared-router/shorewall/params b/archive/mtpconfigs/ovh/shared-router/shorewall/params similarity index 100% rename from mtpconfigs/ovh/shared-router/shorewall/params rename to archive/mtpconfigs/ovh/shared-router/shorewall/params diff --git a/mtpconfigs/ovh/shared-router/shorewall/policy b/archive/mtpconfigs/ovh/shared-router/shorewall/policy similarity index 100% rename from mtpconfigs/ovh/shared-router/shorewall/policy rename to archive/mtpconfigs/ovh/shared-router/shorewall/policy diff --git a/mtpconfigs/ovh/shared-router/shorewall/rules b/archive/mtpconfigs/ovh/shared-router/shorewall/rules similarity index 100% rename from mtpconfigs/ovh/shared-router/shorewall/rules rename to archive/mtpconfigs/ovh/shared-router/shorewall/rules diff --git a/mtpconfigs/ovh/shared-router/shorewall/shorewall.conf b/archive/mtpconfigs/ovh/shared-router/shorewall/shorewall.conf similarity index 100% rename from mtpconfigs/ovh/shared-router/shorewall/shorewall.conf rename to archive/mtpconfigs/ovh/shared-router/shorewall/shorewall.conf diff --git a/mtpconfigs/ovh/shared-router/shorewall/zones b/archive/mtpconfigs/ovh/shared-router/shorewall/zones similarity index 100% rename from mtpconfigs/ovh/shared-router/shorewall/zones rename to archive/mtpconfigs/ovh/shared-router/shorewall/zones diff --git a/rubix/Monitoring/mibs/LM-SENSORS-MIB b/archive/rubix/Monitoring/mibs/LM-SENSORS-MIB similarity index 100% rename from rubix/Monitoring/mibs/LM-SENSORS-MIB rename to archive/rubix/Monitoring/mibs/LM-SENSORS-MIB diff --git a/rundeck/auslab b/archive/rundeck/auslab similarity index 100% rename from rundeck/auslab rename to archive/rundeck/auslab diff --git a/rundeck/ovh b/archive/rundeck/ovh similarity index 100% rename from rundeck/ovh rename to archive/rundeck/ovh diff --git a/rundeck/satx b/archive/rundeck/satx similarity index 100% rename from rundeck/satx rename to archive/rundeck/satx diff --git a/rundeck/sshConfig b/archive/rundeck/sshConfig similarity index 100% rename from rundeck/sshConfig rename to archive/rundeck/sshConfig diff --git a/slack/bin/distro b/archive/slack-runtime/bin/distro similarity index 100% rename from slack/bin/distro rename to archive/slack-runtime/bin/distro diff --git a/slack/bin/slackInstall.sh b/archive/slack-runtime/bin/slackInstall.sh similarity index 100% rename from slack/bin/slackInstall.sh rename to archive/slack-runtime/bin/slackInstall.sh diff --git a/slack/dist/Makefile b/archive/slack-runtime/dist/Makefile similarity index 100% rename from slack/dist/Makefile rename to archive/slack-runtime/dist/Makefile diff --git a/slack/dist/Makefile.common b/archive/slack-runtime/dist/Makefile.common similarity index 100% rename from slack/dist/Makefile.common rename to archive/slack-runtime/dist/Makefile.common diff --git a/slack/dist/Slack.pm b/archive/slack-runtime/dist/Slack.pm similarity index 100% rename from slack/dist/Slack.pm rename to archive/slack-runtime/dist/Slack.pm diff --git a/slack/dist/slack b/archive/slack-runtime/dist/slack similarity index 100% rename from slack/dist/slack rename to archive/slack-runtime/dist/slack diff --git a/slack/dist/slack-diff b/archive/slack-runtime/dist/slack-diff similarity index 100% rename from slack/dist/slack-diff rename to archive/slack-runtime/dist/slack-diff diff --git a/slack/dist/slack-getroles b/archive/slack-runtime/dist/slack-getroles similarity index 100% rename from slack/dist/slack-getroles rename to archive/slack-runtime/dist/slack-getroles diff --git a/slack/dist/slack-installfiles b/archive/slack-runtime/dist/slack-installfiles similarity index 100% rename from slack/dist/slack-installfiles rename to archive/slack-runtime/dist/slack-installfiles diff --git a/slack/dist/slack-rolediff b/archive/slack-runtime/dist/slack-rolediff similarity index 100% rename from slack/dist/slack-rolediff rename to archive/slack-runtime/dist/slack-rolediff diff --git a/slack/dist/slack-runscript b/archive/slack-runtime/dist/slack-runscript similarity index 100% rename from slack/dist/slack-runscript rename to archive/slack-runtime/dist/slack-runscript diff --git a/slack/dist/slack-runscript.orig b/archive/slack-runtime/dist/slack-runscript.orig similarity index 100% rename from slack/dist/slack-runscript.orig rename to archive/slack-runtime/dist/slack-runscript.orig diff --git a/slack/dist/slack-stage b/archive/slack-runtime/dist/slack-stage similarity index 100% rename from slack/dist/slack-stage rename to archive/slack-runtime/dist/slack-stage diff --git a/slack/dist/slack-sync b/archive/slack-runtime/dist/slack-sync similarity index 100% rename from slack/dist/slack-sync rename to archive/slack-runtime/dist/slack-sync diff --git a/slack/dist/slack.conf b/archive/slack-runtime/dist/slack.conf similarity index 100% rename from slack/dist/slack.conf rename to archive/slack-runtime/dist/slack.conf diff --git a/slack/env/SlackConfig-prod.config b/archive/slack-runtime/env/SlackConfig-prod.config similarity index 100% rename from slack/env/SlackConfig-prod.config rename to archive/slack-runtime/env/SlackConfig-prod.config diff --git a/slack/env/SlackSSH-prod.config b/archive/slack-runtime/env/SlackSSH-prod.config similarity index 100% rename from slack/env/SlackSSH-prod.config rename to archive/slack-runtime/env/SlackSSH-prod.config diff --git a/slack/env/SlackSSH-prod.key b/archive/slack-runtime/env/SlackSSH-prod.key similarity index 100% rename from slack/env/SlackSSH-prod.key rename to archive/slack-runtime/env/SlackSSH-prod.key diff --git a/slack/env/SlackSSH-prod.key.pub b/archive/slack-runtime/env/SlackSSH-prod.key.pub similarity index 100% rename from slack/env/SlackSSH-prod.key.pub rename to archive/slack-runtime/env/SlackSSH-prod.key.pub diff --git a/slack/slackDist.tar.gz b/archive/slack-runtime/slackDist.tar.gz similarity index 100% rename from slack/slackDist.tar.gz rename to archive/slack-runtime/slackDist.tar.gz diff --git a/archive/slack/TODO b/archive/slack/TODO new file mode 100755 index 0000000..0b20f17 --- /dev/null +++ b/archive/slack/TODO @@ -0,0 +1,15 @@ + +ELG +OSSEC (with mass reg) + +NTP +SSH config (banner,restrictions) +SNMP configuration fixed +OSSEC + agent install + registration with server +Central syslog +Add to zenoss + + +Create /root/builtON(date)AT(time) diff --git a/archive/slack/ts-base-ovh/files/etc/aliases b/archive/slack/ts-base-ovh/files/etc/aliases new file mode 100755 index 0000000..dadc19c --- /dev/null +++ b/archive/slack/ts-base-ovh/files/etc/aliases @@ -0,0 +1,3 @@ +root: prodtechopsalerts@turnsys.com +postmaster: root +clamav: root diff --git a/archive/slack/ts-base-ovh/files/etc/cron.d/sysstat b/archive/slack/ts-base-ovh/files/etc/cron.d/sysstat new file mode 100755 index 0000000..b07c3a4 --- /dev/null +++ b/archive/slack/ts-base-ovh/files/etc/cron.d/sysstat @@ -0,0 +1,9 @@ +# The first element of the path is a directory where the debian-sa1 +# script is located +PATH=/usr/lib/sysstat:/usr/sbin:/usr/sbin:/usr/bin:/sbin:/bin + +# Activity reports every 10 minutes everyday +*/2 * * * * root command -v debian-sa1 > /dev/null && debian-sa1 1 1 + +# Additional run at 23:59 to rotate the statistics file +59 23 * * * root command -v debian-sa1 > /dev/null && debian-sa1 60 2 diff --git a/archive/slack/ts-base-ovh/files/etc/cron.daily/clamscan b/archive/slack/ts-base-ovh/files/etc/cron.daily/clamscan new file mode 100755 index 0000000..24f4780 --- /dev/null +++ b/archive/slack/ts-base-ovh/files/etc/cron.daily/clamscan @@ -0,0 +1,14 @@ +#!/bin/bash +#A script to scan build systems + +#Execute the scan +#-i print only infected files +#-r scan recursively +#-stdout force everything to stdout +#-cross-fs=no don't cross filesystems +#--follow-dir-symlinks/--follow-file-symlinks=2 force clamav to follow all symbolic links +#--detect-pua[=yes/no(*)] Detect Possibly Unwanted Applications. See http://www.clamav.net/support/pua for the complete list of PUA + +clamscan -i -r --quiet --stdout --exclude-pua=packed --cross-fs=no --follow-dir-symlinks=2 --follow-file-symlinks=2 \ +--detect-pua=yes --exclude-dir=/usr/share/doc/clamav-0.97.6/test --exclude=".svn-base$|.py$|.xml$|.pcap$|.iso$|.txt$|.log$|pcap.|.flow$|.flow2$|.dat$|.rb$" / + diff --git a/archive/slack/ts-base-ovh/files/etc/default/snmpd b/archive/slack/ts-base-ovh/files/etc/default/snmpd new file mode 100755 index 0000000..dbc02e6 --- /dev/null +++ b/archive/slack/ts-base-ovh/files/etc/default/snmpd @@ -0,0 +1,22 @@ +# This file controls the activity of snmpd and snmptrapd + +# Don't load any MIBs by default. +# You might comment this lines once you have the MIBs downloaded. +export MIBS= + +# snmpd control (yes means start daemon). +SNMPDRUN=yes + +# snmpd options (use syslog, close stdin/out/err). +SNMPDOPTS='-LS4d -Lf /dev/null -u snmp -g snmp -I -smux -p /var/run/snmpd.pid -c /etc/snmp/snmpd.conf' + +# snmptrapd control (yes means start daemon). As of net-snmp version +# 5.0, master agentx support must be enabled in snmpd before snmptrapd +# can be run. See snmpd.conf(5) for how to do this. +TRAPDRUN=no + +# snmptrapd options (use syslog). +TRAPDOPTS='-Lsd -p /var/run/snmptrapd.pid' + +# create symlink on Debian legacy location to official RFC path +SNMPDCOMPAT=yes diff --git a/archive/slack/ts-base-ovh/files/etc/default/sysstat b/archive/slack/ts-base-ovh/files/etc/default/sysstat new file mode 100755 index 0000000..1b029ba --- /dev/null +++ b/archive/slack/ts-base-ovh/files/etc/default/sysstat @@ -0,0 +1,9 @@ +# +# Default settings for /etc/init.d/sysstat, /etc/cron.d/sysstat +# and /etc/cron.daily/sysstat files +# + +# Should sadc collect system activity informations? Valid values +# are "true" and "false". Please do not put other values, they +# will be overwritten by debconf! +ENABLED="true" diff --git a/archive/slack/ts-base-ovh/files/etc/ntp.conf b/archive/slack/ts-base-ovh/files/etc/ntp.conf new file mode 100755 index 0000000..fb1c89a --- /dev/null +++ b/archive/slack/ts-base-ovh/files/etc/ntp.conf @@ -0,0 +1,8 @@ +restrict 127.0.0.1 +restrict ::1 +driftfile /var/lib/ntp/drift +server tsys-winsrv.turnsys.net +server tplab-dc02.tplab.tippingpoint.com + +restrict default limited kod nomodify notrap nopeer noquery +restrict -6 default limited kod nomodify notrap nopeer noquery diff --git a/archive/slack/ts-base-ovh/files/etc/pki/ca-trust/source/anchors/TippingPointCARootCert.crt b/archive/slack/ts-base-ovh/files/etc/pki/ca-trust/source/anchors/TippingPointCARootCert.crt new file mode 100755 index 0000000..843eb8f --- /dev/null +++ b/archive/slack/ts-base-ovh/files/etc/pki/ca-trust/source/anchors/TippingPointCARootCert.crt @@ -0,0 +1,33 @@ +-----BEGIN CERTIFICATE----- +MIIFsTCCA5mgAwIBAgIQPScq9qCwUrtAEaVlK2jqwzANBgkqhkiG9w0BAQsFADBr +MRMwEQYKCZImiZPyLGQBGRYDY29tMRwwGgYKCZImiZPyLGQBGRYMdGlwcGluZ3Bv +aW50MRUwEwYKCZImiZPyLGQBGRYFdHBsYWIxHzAdBgNVBAMTFlRpcHBpbmdQb2lu +dENBUm9vdENlcnQwHhcNMTYwMTA2MDA0MjIxWhcNMjYwMTA2MDA1MjE4WjBrMRMw +EQYKCZImiZPyLGQBGRYDY29tMRwwGgYKCZImiZPyLGQBGRYMdGlwcGluZ3BvaW50 +MRUwEwYKCZImiZPyLGQBGRYFdHBsYWIxHzAdBgNVBAMTFlRpcHBpbmdQb2ludENB +Um9vdENlcnQwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCgbaS0izbY +qSNT6fMB+bOgTK3w++1p5IlGboQXKY2pQqZJ/JukO+WiLUn7+Owl8Nfqk6ihd9Xz +zTcSJiZTI8ENUBfGLfEKxdHgOlgxU6+Tk6PNfEWw3wmVkhRd0noty1xfOVOr4kH7 +8iPwT8uCBxzpU206bjVKowhsnRrqTXj6N0UiQP1EzSz3m/2aSNMT1E4kQqkYoaHL +mA68ODGXWtIfAVpc7qnwKEQ3amfBtZ8dv2xz75O9ks/Q7PICIz3s22LsUhpiy7Au +4ZATNYyD/NDUMKl+YmkM9CHdL4izof7Kb8uQ46TLdC0ww6SaN+suDGY99RMgzKxJ +vbPR7Zgmj8Frao5Bp8S25eZ8vCWNWAQ9MHt6H4PbzPN9tCoTTn3IEdBw6V+hR187 +Eqzg+3ZTK+3sfsYrjRfV2dcTjCfHJFkmmEDIQ/0F9RwhWvUSG7sfkYEHmGAQBQqu +XSJjssGrVK37QBQ4RdDhkE1eCc/s7R8/0j3KOH/pfiEoFqH6etaBHci6N2zA6yjV +t4mnVjVj/dk19GKWTH5+nHAM4TH0Jo68fpyarxktnMWXgtKbgxnPIQHAJbr3oP3q +2xZrm7eZflzjlSdrqTnAr8OxcjF0Ayima5Ru6BAAjG6MH4+N5BIfXLbeDU5Au1IN +vRuIAtwL1Gf96xRtSMdBjxV1LvZ+3ULQdQIDAQABo1EwTzALBgNVHQ8EBAMCAYYw +DwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUhFFfhb8mfpDmyU6pLPhr66/bS1ow +EAYJKwYBBAGCNxUBBAMCAQAwDQYJKoZIhvcNAQELBQADggIBABGI6lL8WZpWvDJa +MZkHQ3bNNxCsWAJYl8tQInE4H4dcxkJoQ25HtNTYG/q5+biNuNX1FnS4b5hrjwJt +eXKX69+iK8ZIw4ZHF2dju11neGWA+erOicfm9U/dR3yr3C4qreLRJUKy4gnzNw7Y +ZELZYnzBJU1UkqIjBpV6Zc96YcxS90G43G/3X8A05wrcVqdlSbCOTiss3uhBPSK3 +2muXsb7X7le6dMPDdRWuGrxDg273nydpA8kJKVjYX+iQ6Sb2xCFZOysddT0GE+GP +MR9WrPQXy8vc/p6Pdxh63Re573uvFSw1bZlFg8HnPm/zOfgJGRKL9MlxVuwXayuD +mwC6VpZQEM9hTQGlvYgoDXKLNlYubHCsjMMVsd04duAe3zGnJTTG/Cx2s0d47W85 +XSILHoSFFCzLZKyJLP+YIyPmwn8AvP60BOhZ3/8qG0CHKZLFE12y+zdcMkC9zvPZ +LJjbQj/b+3FV2R62qCQ9sv+VvYVNOzPt739HhEj0vRjE6P3rziEKLti+2/yU7nmg +yJ2yzThkVDxlyGApK4v+5zmXFcW4Gx8B9S/xfAjNbg3G+suPZk7BZimwb525DS+h +qUVykOjMjc032vdmxDG8otD5sI7VGo9SpY/rmiopgCIjhyyf6nIjw7zWK0rYyVY/ +woFdFg8zctyGe5NDFFENaWUjtXtE +-----END CERTIFICATE----- diff --git a/archive/slack/ts-base-ovh/files/etc/pki/ca-trust/source/anchors/hpca2ssG2_ns.crt b/archive/slack/ts-base-ovh/files/etc/pki/ca-trust/source/anchors/hpca2ssG2_ns.crt new file mode 100755 index 0000000..9f6aabb --- /dev/null +++ b/archive/slack/ts-base-ovh/files/etc/pki/ca-trust/source/anchors/hpca2ssG2_ns.crt @@ -0,0 +1,26 @@ +-----BEGIN CERTIFICATE----- +MIIEWzCCA0OgAwIBAgIQVbqNi0d6mBqn4MEPf0l2vTANBgkqhkiG9w0BAQUFADCB +njEPMA0GA1UEChMGaHAuY29tMRowGAYDVQQLExFJVCBJbmZyYXN0cnVjdHVyZTEL +MAkGA1UEBhMCVVMxIDAeBgNVBAoTF0hld2xldHQtUGFja2FyZCBDb21wYW55MUAw +PgYDVQQDEzdIZXdsZXR0LVBhY2thcmQgUHJpdmF0ZSBDbGFzcyAyIENlcnRpZmlj +YXRpb24gQXV0aG9yaXR5MB4XDTExMDgyMzAwMDAwMFoXDTIxMDgyMjIzNTk1OVow +gZ4xDzANBgNVBAoTBmhwLmNvbTEaMBgGA1UECxMRSVQgSW5mcmFzdHJ1Y3R1cmUx +CzAJBgNVBAYTAlVTMSAwHgYDVQQKExdIZXdsZXR0LVBhY2thcmQgQ29tcGFueTFA +MD4GA1UEAxM3SGV3bGV0dC1QYWNrYXJkIFByaXZhdGUgQ2xhc3MgMiBDZXJ0aWZp +Y2F0aW9uIEF1dGhvcml0eTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB +AKfXIcPOZT2dpt6b8WzjBl0gSrRfM30xMHxJG0xlEuM8WGevR0vNFNTw4i+tVafB +CpLLUWliRlj9AWjsIRLRsuMp1goMci1yhs/4wzcGDOI4Ax+xp9/pkjomKmC1b1cB +KVzqgwtfjBwfynDfss1mWe7NJaYEvpFYTBoAgJu2eBdI2r5JWQDITKNk1suB2tUP ++K+x2i0R/BTMSm1tmGOwIN3q8yKD3gI9UEp9iTWisTY6P84rDd7mu6DLpuGj+M7y +OAssk487zA0NHJgQiObnaeLZlGhlrVHNNP8pfCYy5J0rL8nclsN71Tp4KwvBOKj1 +/DWXTj1KOOH8o7mpQ1vJKBUCAwEAAaOBkjCBjzAOBgNVHQ8BAf8EBAMCAQYwEgYD +VR0TAQH/BAgwBgEB/wIBATApBgNVHREEIjAgpB4wHDEaMBgGA1UEAxMRVmVyaVNp +Z25NUEtJLTItOTMwHQYDVR0OBBYEFDft9xV5LTClmJp1tlw344jqEWrVMB8GA1Ud +IwQYMBaAFDft9xV5LTClmJp1tlw344jqEWrVMA0GCSqGSIb3DQEBBQUAA4IBAQCb +N8G+cyzWazSAWPdVXNwM+KczUorjHK4XWSvwtR3YM7Iiwhoe+IQOxgvawwV1nxaf +DujY8Dw2HbnoNXAsliBJL5cQ3g9DOX2KMa5AgZUawW6EWsPJXKxf1oIV3VHgyESp +nJXUoLhCzUoz1Av7SFg2Fh6BqLTgslJ0c0kpm+IVl2CCN9Aqh01iKEctpafrnAcN +IEdkvKsT5GaxMidQuZjlrlRpX5Gu9t4yRdBNX3A5pTfQIa0uqRmhEAPLcFucD9BS +qqtehrPH+B+fGCyZIjD/JQpl6jQ0uDtAygXiIDIILKOg2wVd7SBB7Wru9RxiZmCj +JjMDuDgcbh+4mXM7fWWq +-----END CERTIFICATE----- diff --git a/archive/slack/ts-base-ovh/files/etc/postfix/main.cf b/archive/slack/ts-base-ovh/files/etc/postfix/main.cf new file mode 100755 index 0000000..8609d76 --- /dev/null +++ b/archive/slack/ts-base-ovh/files/etc/postfix/main.cf @@ -0,0 +1,38 @@ +# See /usr/share/postfix/main.cf.dist for a commented, more complete version +# Debian specific: Specifying a file name will cause the first +# line of that file to be used as the name. The Debian default +# is /etc/mailname. +#myorigin = /etc/mailname + +smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu) +biff = no + +# appending .domain is the MUA's job. +append_dot_mydomain = no + +# Uncomment the next line to generate "delayed mail" warnings +#delay_warning_time = 4h + +readme_directory = no + +# TLS parameters +smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem +smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key +smtpd_use_tls=yes +smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache +smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache + +# See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for +# information on enabling SSL in the smtp client. + +smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination +myhostname = txn04-server-template +alias_maps = hash:/etc/aliases +alias_database = hash:/etc/aliases +mydestination = txn04-server-template, localhost.localdomain, localhost +relayhost = qarelay.tplab.tippingpoint.com +mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 +mailbox_size_limit = 0 +recipient_delimiter = + +inet_interfaces = all +inet_protocols = all diff --git a/archive/slack/ts-base-ovh/files/etc/profile b/archive/slack/ts-base-ovh/files/etc/profile new file mode 100755 index 0000000..e6f2a74 --- /dev/null +++ b/archive/slack/ts-base-ovh/files/etc/profile @@ -0,0 +1,34 @@ +# /etc/profile: system-wide .profile file for the Bourne shell (sh(1)) +# and Bourne compatible shells (bash(1), ksh(1), ash(1), ...). + +if [ "$PS1" ]; then + if [ "$BASH" ] && [ "$BASH" != "/bin/sh" ]; then + # The file bash.bashrc already sets the default PS1. + # PS1='\h:\w\$ ' + if [ -f /etc/bash.bashrc ]; then + . /etc/bash.bashrc + fi + else + if [ "`id -u`" -eq 0 ]; then + PS1='# ' + else + PS1='$ ' + fi + fi +fi + +# The default umask is now handled by pam_umask. +# See pam_umask(8) and /etc/login.defs. + +if [ -d /etc/profile.d ]; then + for i in /etc/profile.d/*.sh; do + if [ -r $i ]; then + . $i + fi + done + unset i +fi + +export HISTTIMEFORMAT="%Y-%m-%d %T " + +set -o vi diff --git a/archive/slack/ts-base-ovh/files/etc/resolv.conf b/archive/slack/ts-base-ovh/files/etc/resolv.conf new file mode 100755 index 0000000..e659885 --- /dev/null +++ b/archive/slack/ts-base-ovh/files/etc/resolv.conf @@ -0,0 +1,4 @@ +nameserver 10.253.3.86 +domain turnsys.net +search turnsys.net +options timeout:1 attempts:2 rotate diff --git a/archive/slack/ts-base-ovh/files/etc/snmp/snmpd.conf b/archive/slack/ts-base-ovh/files/etc/snmp/snmpd.conf new file mode 100755 index 0000000..b749bdb --- /dev/null +++ b/archive/slack/ts-base-ovh/files/etc/snmp/snmpd.conf @@ -0,0 +1,11 @@ +com2sec readonly default kn3l +group MyROGroup v1 readonly +group MyROGroup v2c readonly +group MyROGroup usm readonly +view all included .1 80 +access MyROGroup "" any noauth exact all none none +includeAllDisks 20% +syslocation OVH Montreal CA +syscontact techops-alerts@turnsys.com +#This line allows Observium to detect the host OS if the distro script is installed +extend .1.3.6.1.4.1.2021.7890.1 distro /usr/bin/distro diff --git a/archive/slack/ts-base-ovh/files/etc/ssh/sshd-banner b/archive/slack/ts-base-ovh/files/etc/ssh/sshd-banner new file mode 100755 index 0000000..d82ce01 --- /dev/null +++ b/archive/slack/ts-base-ovh/files/etc/ssh/sshd-banner @@ -0,0 +1,11 @@ +Welcome Human. + +This is a private system operated for Turn Net Systems LLC official company business +only. Prior authorization is required to use this system. + +The Turn Net Systems LLC Standards of Business Conduct and all Turn Net Systems LLC +Information Security policies and standards must be strictly followed +at all times. Use by unauthorized persons is prohibited and may +result in civil and/or criminal liability and prosecution. + +Please contact techops-discuss@turnsys.com for any issues with this system. diff --git a/archive/slack/ts-base-ovh/files/etc/ssh/sshd_config b/archive/slack/ts-base-ovh/files/etc/ssh/sshd_config new file mode 100755 index 0000000..0dda411 --- /dev/null +++ b/archive/slack/ts-base-ovh/files/etc/ssh/sshd_config @@ -0,0 +1,99 @@ +# Package generated configuration file +# See the sshd_config(5) manpage for details + +# What ports, IPs and protocols we listen for +Port 22 +# Use these options to restrict which interfaces/protocols sshd will bind to +#ListenAddress :: +#ListenAddress 0.0.0.0 +Protocol 2 +# HostKeys for protocol version 2 +HostKey /etc/ssh/ssh_host_rsa_key +HostKey /etc/ssh/ssh_host_dsa_key +HostKey /etc/ssh/ssh_host_ecdsa_key +HostKey /etc/ssh/ssh_host_ed25519_key +#Privilege Separation is turned on for security +UsePrivilegeSeparation yes + +# Lifetime and size of ephemeral version 1 server key +KeyRegenerationInterval 3600 +ServerKeyBits 1024 + +# Logging +SyslogFacility AUTH +LogLevel INFO + +# Authentication: +LoginGraceTime 120 +PermitRootLogin without-password +StrictModes yes + +RSAAuthentication yes +PubkeyAuthentication yes +#AuthorizedKeysFile %h/.ssh/authorized_keys + +# Don't read the user's ~/.rhosts and ~/.shosts files +IgnoreRhosts yes +# For this to work you will also need host keys in /etc/ssh_known_hosts +RhostsRSAAuthentication no +# similar for protocol version 2 +HostbasedAuthentication no +# Uncomment if you don't trust ~/.ssh/known_hosts for RhostsRSAAuthentication +#IgnoreUserKnownHosts yes + +# To enable empty passwords, change to yes (NOT RECOMMENDED) +PermitEmptyPasswords no + +# Change to yes to enable challenge-response passwords (beware issues with +# some PAM modules and threads) +ChallengeResponseAuthentication no + +# Change to no to disable tunnelled clear text passwords +#PasswordAuthentication yes + +# Kerberos options +#KerberosAuthentication no +#KerberosGetAFSToken no +#KerberosOrLocalPasswd yes +#KerberosTicketCleanup yes + +# GSSAPI options +#GSSAPIAuthentication no +#GSSAPICleanupCredentials yes + +X11Forwarding yes +X11DisplayOffset 10 +PrintMotd no +PrintLastLog yes +TCPKeepAlive yes +#UseLogin no + +#MaxStartups 10:30:60 +#Banner /etc/issue.net + +# Allow client to pass locale environment variables +AcceptEnv LANG LC_* + +Subsystem sftp /usr/lib/openssh/sftp-server + +# Set this to 'yes' to enable PAM authentication, account processing, +# and session processing. If this is enabled, PAM authentication will +# be allowed through the ChallengeResponseAuthentication and +# PasswordAuthentication. Depending on your PAM configuration, +# PAM authentication via ChallengeResponseAuthentication may bypass +# the setting of "PermitRootLogin without-password". +# If you just want the PAM account and session checks to run without +# PAM authentication, then enable this but set PasswordAuthentication +# and ChallengeResponseAuthentication to 'no'. +UsePAM yes + + +DenyUsers labuser +#AllowUsers localuser +#DenyGroups +#AllowGroups esplabadmins + +Banner /etc/ssh/sshd-banner + +Match user localuser +PasswordAuthentication no diff --git a/archive/slack/ts-base-ovh/files/etc/ssh/sshd_config.ubuntu b/archive/slack/ts-base-ovh/files/etc/ssh/sshd_config.ubuntu new file mode 100755 index 0000000..9fa859f --- /dev/null +++ b/archive/slack/ts-base-ovh/files/etc/ssh/sshd_config.ubuntu @@ -0,0 +1,98 @@ +# Package generated configuration file +# See the sshd_config(5) manpage for details + +# What ports, IPs and protocols we listen for +Port 22 +# Use these options to restrict which interfaces/protocols sshd will bind to +#ListenAddress :: +#ListenAddress 0.0.0.0 +Protocol 2 +# HostKeys for protocol version 2 +HostKey /etc/ssh/ssh_host_rsa_key +HostKey /etc/ssh/ssh_host_dsa_key +HostKey /etc/ssh/ssh_host_ecdsa_key +#Privilege Separation is turned on for security +UsePrivilegeSeparation yes + +# Lifetime and size of ephemeral version 1 server key +KeyRegenerationInterval 3600 +ServerKeyBits 768 + +# Logging +SyslogFacility AUTH +LogLevel INFO + +# Authentication: +LoginGraceTime 120 +PermitRootLogin yes +StrictModes yes + +RSAAuthentication yes +PubkeyAuthentication yes +#AuthorizedKeysFile %h/.ssh/authorized_keys + +# Don't read the user's ~/.rhosts and ~/.shosts files +IgnoreRhosts yes +# For this to work you will also need host keys in /etc/ssh_known_hosts +RhostsRSAAuthentication no +# similar for protocol version 2 +HostbasedAuthentication no +# Uncomment if you don't trust ~/.ssh/known_hosts for RhostsRSAAuthentication +#IgnoreUserKnownHosts yes + +# To enable empty passwords, change to yes (NOT RECOMMENDED) +PermitEmptyPasswords no + +# Change to yes to enable challenge-response passwords (beware issues with +# some PAM modules and threads) +ChallengeResponseAuthentication no + +# Change to no to disable tunnelled clear text passwords +#PasswordAuthentication yes + +# Kerberos options +#KerberosAuthentication no +#KerberosGetAFSToken no +#KerberosOrLocalPasswd yes +#KerberosTicketCleanup yes + +# GSSAPI options +#GSSAPIAuthentication yes +#GSSAPICleanupCredentials yes + +X11Forwarding yes +X11DisplayOffset 10 +PrintMotd no +PrintLastLog yes +TCPKeepAlive yes +#UseLogin no + +#MaxStartups 10:30:60 + +# Allow client to pass locale environment variables +AcceptEnv LANG LC_* + +Subsystem sftp /usr/lib/openssh/sftp-server + +# Set this to 'yes' to enable PAM authentication, account processing, +# and session processing. If this is enabled, PAM authentication will +# be allowed through the ChallengeResponseAuthentication and +# PasswordAuthentication. Depending on your PAM configuration, +# PAM authentication via ChallengeResponseAuthentication may bypass +# the setting of "PermitRootLogin without-password". +# If you just want the PAM account and session checks to run without +# PAM authentication, then enable this but set PasswordAuthentication +# and ChallengeResponseAuthentication to 'no'. +UsePAM yes + +#Deny access to labuser on linux virtual machines. Per Rick Fangman 12/16/2013 weekly meeting +DenyUsers labuser + +#AllowUsers localuser +#DenyGroups +#AllowGroups esplabadmins + +Banner /etc/ssh/sshd-banner + +Match user localuser +PasswordAuthentication no diff --git a/archive/slack/ts-base-ovh/files/etc/ssh/welcome-banner b/archive/slack/ts-base-ovh/files/etc/ssh/welcome-banner new file mode 100755 index 0000000..2b2a3ed --- /dev/null +++ b/archive/slack/ts-base-ovh/files/etc/ssh/welcome-banner @@ -0,0 +1,12 @@ +Hello Trender. + +IMPORTANT INFO ABOUT THIS VIRTUAL MACHINE!! + + This virtual machine is considered expendable therefore + it is not backed up. Your home directory (/home) however, + is backed up so please store data you do not wish to lose + there. The lab team will make a best effort attempt to + troubleshoot virtual machine issues and will re-deploy + the VM if issues are not easily resolved. Any questions + should be directed to tplabsupport@trendmicro.com + diff --git a/archive/slack/ts-base-ovh/files/etc/sssd/sssd.conf b/archive/slack/ts-base-ovh/files/etc/sssd/sssd.conf new file mode 100755 index 0000000..d005a88 --- /dev/null +++ b/archive/slack/ts-base-ovh/files/etc/sssd/sssd.conf @@ -0,0 +1,28 @@ +[sssd] +services = nss, pam +config_file_version = 2 +domains = TURNSYS.NET +filter_users = rackrental,rundeck +filter_groups = rackrental,rundeck + +[domain/TURNSYS.NET] +id_provider = ad +access_provider = ad + +# Use this if users are being logged in at /. +# This example specifies /home/DOMAIN-FQDN/user as $HOME. Use with pam_mkhomedir.so +override_homedir = /local/%u + +# Uncomment if the client machine hostname doesn't match the computer object on the DC. +# ad_hostname = mymachine.myubuntu.example.com + +# Uncomment if DNS SRV resolution is not working +# ad_server = dc.mydomain.example.com + +# Uncomment if the AD domain is named differently than the Samba domain +# ad_domain = MYUBUNTU.EXAMPLE.COM + +# Enumeration is discouraged for performance reasons. +enumerate = true + + diff --git a/archive/slack/ts-base-ovh/files/etc/sudoers b/archive/slack/ts-base-ovh/files/etc/sudoers new file mode 100755 index 0000000..6019173 --- /dev/null +++ b/archive/slack/ts-base-ovh/files/etc/sudoers @@ -0,0 +1,34 @@ +# +# This file MUST be edited with the 'visudo' command as root. +# +# Please consider adding local content in /etc/sudoers.d/ instead of +# directly modifying this file. +# +# See the man page for details on how to write a sudoers file. +# +Defaults env_reset +Defaults mail_badpass +Defaults secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" + +# Host alias specification + +# User alias specification + +# Cmnd alias specification + +# User privilege specification +root ALL=(ALL:ALL) ALL + +# Members of the admin group may gain root privileges +%admin ALL=(ALL) ALL +%adm ALL=(ALL) ALL + +# Allow members of group sudo to execute any command +%sudo ALL=(ALL:ALL) ALL + +# See sudoers(5) for more information on "#include" directives: + +#includedir /etc/sudoers.d + +%pelanelikeslilboyz ALL=(ALL) NOPASSWD: ALL +localuser ALL=(ALL) NOPASSWD: ALL diff --git a/archive/slack/ts-base-ovh/files/local/localuser/.ssh/authorized_keys b/archive/slack/ts-base-ovh/files/local/localuser/.ssh/authorized_keys new file mode 100755 index 0000000..ef85a3f --- /dev/null +++ b/archive/slack/ts-base-ovh/files/local/localuser/.ssh/authorized_keys @@ -0,0 +1,6 @@ +#Brendan's key +ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCv0uQyWWp758LhpmCP2CDUl/6jO1Fp4gp0/OW3Od1LSl2/Rv1LWMMejcM/K0URdBymZvcxzuaz1DQ63ufGvzp7NpVe2+iQfN08yZCdzcYMZkugj4ZKaGcQzpjP4gaEZRJuq5I7YY6mI6i6+IyxgV6egWYy3hllYc+J40WS2lyNGZ1T8KKrFjDzqqgJQ83b2meYrlXCojx1V8gJ4hvgOrPMh4FwkeQgpu0nDf5EXAFLFgGOSAUew8G/3czxvpxSg+B9I33PIb8uJtjzh0b+qnIGQJjY5y58MoqZZIoMIiYEPjzLF116VHOft7Eo2CqOoHPZZ68XBCGaRY9OJus07ES2V+dBjEXFezXULnw0fCClf/Phke2e5yBHUuFZaL9ARmrnHRK9aZ+eTMvBtVrQ2OJVFDt8dhO2C5KNzXVkVHsLJ3rFK5a76Jd3y40aIvdaS/8MhX6dkD+r4+xzVUYnY8MDHkLGEnF6kG+Wolx/fVLHrgR7o3lTDm8A/5g6Vl6cglEg8ojH5i2KY4tcaGEyFIxkgAL/PFTcWcLvTCusqQ+4bewaxvRa099HIu7BT6u8BpVa+Xojub5R1/7lvRUlf8y3kzmLOEvzWGSr/npbJavomRs12xOVDlEKJfRU7eSys/wLZO7G/yyky4sltqyu+qMho3sM1Xcan86viwvDD2NcOw== 17:3d:ee:52:6c:19:90:66:8c:47:c0:60:04:1b:d1:bf brendan-key +#Charles' key +ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCo5T0FEUKoYaxRhjs9yWzKtEyXuKJvTWolryD395eqyBJ0xOxbkXJ+8EMwKtWM6NW5qaqWbT2JJ/VzOIcoYmxAu++qwSWOeskVr+FxPr2ypaWD98nJy+CpZ9RN6Pw6KikHakyqzSUWKXdovWiTpdzqRO+j0LmJmgUiT3Nsh42eybvt/T7JMkVG4W+joRX+DCS4UIRRQgMRD4TqBQ/jr9m7Vs0aJn1lflgsprsacgog+sHlEzitwwcRqMNpp5Jm0Dfhj6PqAvsgKJYWOOMFVowvGsqnQ9wqJo5AlllbTGV1RHeIBO3fRRU8Ud9TPA3Afx16/apf1nkLhV8QX9mIxEWp id_rsa +#Rundeck key +ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC1dPKaThs0gabBi3fyTqcSMm0yznf9gKD4/LeTGaYdeKKebWTsxLgFjoi6pNm/QrhUTwc86+K55LT5L8MLN05Vtgs2L5VL5gEAjRMdZABujrqnsLbsHs/EwOhr1Jtq7YhyWeeh8zs4dApq3xWUepgOrBHrjMjkKo4ygerQuNgDYZsnul0U+tqTdnt1S3G8kwRaycBzJAnAAFShbBNJtj4s1dDhcQl8FAwcdFkV4YmyyTT91m9XGAAUvqZvYaNjCPa2s2InnR9adSEss4BfU/xwoVMMZ7rO0juwwzqDlklNcH22pId8I3Ljp7OxMi0Q5O1GXVa63ocb+j4/cz+r/u37 root@toolbox diff --git a/archive/slack/ts-base-ovh/files/root/.ssh/authorized_keys b/archive/slack/ts-base-ovh/files/root/.ssh/authorized_keys new file mode 100755 index 0000000..c4e6a99 --- /dev/null +++ b/archive/slack/ts-base-ovh/files/root/.ssh/authorized_keys @@ -0,0 +1,2 @@ +#Rundeck key +ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC1dPKaThs0gabBi3fyTqcSMm0yznf9gKD4/LeTGaYdeKKebWTsxLgFjoi6pNm/QrhUTwc86+K55LT5L8MLN05Vtgs2L5VL5gEAjRMdZABujrqnsLbsHs/EwOhr1Jtq7YhyWeeh8zs4dApq3xWUepgOrBHrjMjkKo4ygerQuNgDYZsnul0U+tqTdnt1S3G8kwRaycBzJAnAAFShbBNJtj4s1dDhcQl8FAwcdFkV4YmyyTT91m9XGAAUvqZvYaNjCPa2s2InnR9adSEss4BfU/xwoVMMZ7rO0juwwzqDlklNcH22pId8I3Ljp7OxMi0Q5O1GXVa63ocb+j4/cz+r/u37 root@toolbox diff --git a/archive/slack/ts-base-ovh/files/usr/local/bin/upAndRoll.sh b/archive/slack/ts-base-ovh/files/usr/local/bin/upAndRoll.sh new file mode 100755 index 0000000..8958f7d --- /dev/null +++ b/archive/slack/ts-base-ovh/files/usr/local/bin/upAndRoll.sh @@ -0,0 +1,9 @@ +#!/bin/bash + +apt-get update +apt-get -y --purge autoremove +apt-get -y upgrade +apt-get -y dist-upgrade +apt-get -y --purge autoremove +/sbin/reboot + diff --git a/archive/slack/ts-base-ovh/files/usr/local/share/ca-certificates/EMPTY-TOFIX-TurnNetSystemsIntermediateCARootCert.crt b/archive/slack/ts-base-ovh/files/usr/local/share/ca-certificates/EMPTY-TOFIX-TurnNetSystemsIntermediateCARootCert.crt new file mode 100644 index 0000000..e69de29 diff --git a/archive/slack/ts-base-ovh/scripts/fixfiles b/archive/slack/ts-base-ovh/scripts/fixfiles new file mode 100755 index 0000000..1f3819a --- /dev/null +++ b/archive/slack/ts-base-ovh/scripts/fixfiles @@ -0,0 +1,4 @@ +chown -R localuser /var/lib/slack/stage/roles/txn04-base/files/local/localuser/ +chgrp -R localuser /var/lib/slack/stage/roles/txn04-base/files/local/localuser/ +chown -R localuser /var/lib/slack/stage/roles/txn04-base/files/local/localuser/.ssh/* +chgrp -R localuser /var/lib/slack/stage/roles/txn04-base/files/local/localuser/.ssh/* diff --git a/archive/slack/ts-base-ovh/scripts/postinstall b/archive/slack/ts-base-ovh/scripts/postinstall new file mode 100755 index 0000000..97bd31b --- /dev/null +++ b/archive/slack/ts-base-ovh/scripts/postinstall @@ -0,0 +1,71 @@ +#!/bin/bash -l +# + +set -o nounset + +#ovhbase slack postinstall script +#This contains code that is run across 100% of the Linux systems built at Turn Net Systems LLC for subscribing series managed by Charles/Brendan +#Author: Charles N Wyble +#Copyright ALL RIGHTS RESERVED BY TURN NET SYSTEMS + + +#Boilerplate function +#Code for error handling +error-out() +{ + +echo "Errors!!!" +exit 1 + +} + +##################################################################################################################################### +#Called from main +#Takes two arguments, both are environment variables setup in the main function +##################################################################################################################################### +main() +{ + +#Step 1: Update the cache and apply all vendor patches +export DEBIAN_FRONTEND="noninteractive" && apt-get -y update +export DEBIAN_FRONTEND="noninteractive" && apt-get -y dist-upgrade + +#Step 2: Cleanup default cruft +export DEBIAN_FRONTEND="noninteractive" && apt-get -qq --yes --force-yes --purge remove nano resolvconf + +#Step 3: Creature comforts +DEBIAN_FRONTEND="noninteractive" && apt-get -qq --yes --force-yes -o Dpkg::Options::="--force-confold" install snmpd sssd-ad sysv-rc-conf ncdu iftop nethogs screen open-vm-tools acct tshark tcpdump glances dstat htop sysdig sysstat ntp rsync ngrep ufw clamav logwatch zsh sl postfix krb5-user samba autofs adcli molly-guard git + +#Turn on process accounting +accton on + + +#Set services to start on startup +#sysv-rc-conf on snmpd + +#Firewall +ufw --force enable +ufw allow ssh/tcp +ufw allow proto udp from 15.226.142.38 to any port 161 + +#SSL bits +update-ca-certificates + +echo "Server type is $1" + +#Join active directory only if we are a cvm or prod system + /etc/init.d/ntp stop + ntpdate tsys-winsrv.turnsys.net + + /etc/init.d/ntp start + echo -n 'adjoin123' | adcli join -U addcomputer -D turnsys.net -S tsys-winsrv.turnsys.net --stdin-password -v + chmod 600 /etc/sssd/sssd.conf + chown root:root /etc/sssd/sssd.conf + service sssd start + +} + +##################################################################################################################################### +#Execution starts main() # +##################################################################################################################################### +main