crans/crans_bcfg2
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

[Rules] Ménage, et augmentation de granularité.

Browse source 
Ignore-this: 34e1c207cf2f4538c566c780aeabcc99
Parce que j'en ai marre de me péter les yeux avec rules.xml

darcs-hash:20130118054038-afe24-8e2302b4bdce37c8a2ba4930ca88c8502c03ee4c.gz
This commit is contained in:
Pierre-Elliott Bécue 2013-01-18 06:40:38 +01:00
parent e350665e00
commit 6d01211957
36 changed files with 178 additions and 106 deletions
Download patch file Download diff file Expand all files Collapse all files

6
Rules/apt-keys.xml Normal file
View file

@ -0,0 +1,6 @@
<!-- Règles d'ajout de clefs //-->
<Rules priority="1">
<Action name="apt-key-add"
timing="post" when="modified" status="check"
command="cat /etc/crans/apt-keys/*.asc | apt-key add -"/>
</Rules>

7
Rules/apt-mirror.xml Normal file
View file

@ -0,0 +1,7 @@
<!-- Règles pour apt-mirror //-->
<Rules priority="1">
<Path name="/mirror/apt-mirror" type="directory" owner="apt-mirror" group="apt-mirror" perms="0755"/>
<Path name="/mirror/apt-mirror/var" type="directory" owner="apt-mirror" group="apt-mirror" perms="0755"/>
<Path name="/mirror/apt-mirror/skel" type="directory" owner="apt-mirror" group="apt-mirror" perms="0755"/>
<Path name="/mirror/apt-mirror/mirror" type="directory" owner="apt-mirror" group="apt-mirror" perms="0755"/>
</Rules>

4
Rules/arpwatch.xml Normal file
View file

@ -0,0 +1,4 @@
<!-- Règles pour arpwatch //-->
<Rules priority="1">
<Service type="deb" name="arpwatch" status="on"/>
</Rules>

3
Rules/bcfg2.xml Normal file
View file

@ -0,0 +1,3 @@
<Rules priority="1">
<Service type="deb" name="bcfg2-server" status="on"/>
</Rules>

4
Rules/bind.xml Normal file
View file

@ -0,0 +1,4 @@
<!-- Règles pour bind //-->
<Rules priority="1">
<Service type="deb" name="bind9" status="on"/>
</Rules>

4
Rules/ejabberd.xml Normal file
View file

@ -0,0 +1,4 @@
<!-- Règles pour ejabberd //-->
<Rules priority="1">
<Service type="deb" name="ejabberd" status="on"/>
</Rules>

5
Rules/firewall.xml Normal file
View file

@ -0,0 +1,5 @@
<!-- Règles pour firewall //-->
<Rules priority="1">
<Action name="link-firewall" timing="post" when="modified" status="check"
command="update-rc.d firewall defaults 45"/>
</Rules>

5
Rules/firewall6.xml Normal file
View file

@ -0,0 +1,5 @@
<!-- Règles du firewall6 //-->
<Rules priority="1">
<Action name="link-firewall6" timing="post" when="modified" status="check"
command="update-rc.d firewall6 defaults 45"/>
</Rules>

4
Rules/home.xml Normal file
View file

@ -0,0 +1,4 @@
<!-- Règles pour home //-->
<Rules priority="1">
<Service type="deb" name="autofs" status="on"/>
</Rules>

4
Rules/jabberd.xml Normal file
View file

@ -0,0 +1,4 @@
<!-- Règles pour jabber //-->
<Rules priority="1">
<Service type="deb" name="jabber" status="on"/>
</Rules>

6
Rules/locale-generation.xml Normal file
View file

@ -0,0 +1,6 @@
<!-- Règles pour le bundle locale-generation //-->
<Rules priority="1">
<Action name="generate-locales"
timing="post" when="modified" status="check"
command="/usr/sbin/update-locale"/>
</Rules>

4
Rules/monit.xml Normal file
View file

@ -0,0 +1,4 @@
<!-- Règles pour monit //-->
<Rules priority="1">
<Service type="deb" name="monit" status="on"/>
</Rules>

4
Rules/mumudvb.xml Normal file
View file

@ -0,0 +1,4 @@
<!-- Règles pour mumudvb //-->
<Rules priority="1">
<Service type="deb" name="mumudvb" status="on"/>
</Rules>

6
Rules/munin-node.xml Normal file
View file

@ -0,0 +1,6 @@
<!-- Règles pour munin-node //-->
<Rules priority="1">
<Action name="link-munin-plugins" timing="post" when="modified" status="check"
command="python /usr/scripts/munin/scripts/link_plugins.py -f" />
<Service type="deb" name="munin-node" status="on"/>
</Rules>

4
Rules/nagios.xml Normal file
View file

@ -0,0 +1,4 @@
<!-- Règles pour nagios //-->
<Rules priority="1">
<Service type="deb" name="nagios-nrpe-server" status="on"/>
</Rules>

4
Rules/nfs-server.xml Normal file
View file

@ -0,0 +1,4 @@
<!-- Règles pour nfs-kernel-server //-->
<Rules priority="1">
<Service type="deb" name="nfs-kernel-server" status="on"/>
</Rules>

4
Rules/nscd.xml Normal file
View file

@ -0,0 +1,4 @@
<!-- Règles concernant nscd //-->
<Rules priority="1">
<Service type="deb" name="nscd" status="on"/>
</Rules>

4
Rules/nslcd.xml Normal file
View file

@ -0,0 +1,4 @@
<!-- Règles concernant nslcd //-->
<Rules priority="1">
<Service type="deb" name="nslcd" status="on"/>
</Rules>

4
Rules/ntp.xml Normal file
View file

@ -0,0 +1,4 @@
<!-- Règles pour ntp //-->
<Rules priority="1">
<Service type="deb" name="ntp" status="on"/>
</Rules>

4
Rules/nut.xml Normal file
View file

@ -0,0 +1,4 @@
<!-- Règles pour nut //-->
<Rules priority="1">
<Service type="deb" name="nut" status="on"/>
</Rules>

4
Rules/openntpd.xml Normal file
View file

@ -0,0 +1,4 @@
<!-- Règles pour openntpd //-->
<Rules priority="1">
<Service type="deb" name="openntpd" status="on"/>
</Rules>

4
Rules/openvpn.xml Normal file
View file

@ -0,0 +1,4 @@
<!-- Règles pour openvpn //-->
<Rules priority="1">
<Service type="deb" name="openvpn" status="on"/>
</Rules>

4
Rules/postfix.xml Normal file
View file

@ -0,0 +1,4 @@
<!-- Règles concernant postfix //-->
<Rules priority="1">
<Service type="deb" name="postfix" status="on"/>
</Rules>

6
Rules/postfix_aliases.xml Normal file
View file

@ -0,0 +1,6 @@
<!-- Règles concernant postfix_aliases//-->
<Rules priority="1">
<Action name="update-postfix-aliases"
timing="post" when="modified" status="check"
command="/usr/bin/newaliases"/>
</Rules>

6
Rules/postfix_canonical.xml Normal file
View file

@ -0,0 +1,6 @@
<!-- Règles concernant postfix_canonical//-->
<Rules priority="1">
<Action name="update-postfix-canonical"
timing="post" when="modified" status="check"
command="/usr/sbin/postmap /etc/postfix/canonical"/>
</Rules>

6
Rules/postfix_mime_header_checks.xml Normal file
View file

@ -0,0 +1,6 @@
<!-- Règles concernant les entêtes mime postfix //-->
<Rules priority="1">
<Action name="update-postfix-mime_header_checks"
timing="post" when="modified" status="check"
command="/usr/sbin/postmap /etc/postfix/mime_header_checks"/>
</Rules>

6
Rules/postfix_transport.xml Normal file
View file

@ -0,0 +1,6 @@
<!-- Règles concernant les transports postfix //-->
<Rules priority="1">
<Action name="update-postfix-transport"
timing="post" when="modified" status="check"
command="/usr/sbin/postmap /etc/postfix/transport"/>
</Rules>

6
Rules/postfix_virtual.xml Normal file
View file

@ -0,0 +1,6 @@
<!-- Règles concernant postfix_virtual//-->
<Rules priority="1">
<Action name="update-postfix-virtual"
timing="post" when="modified" status="check"
command="/usr/sbin/postmap /etc/postfix/virtual"/>
</Rules>

4
Rules/proftpd.xml Normal file
View file

@ -0,0 +1,4 @@
<!-- Règles ppur proftpd //-->
<Rules priority="1">
<Service type="deb" name="proftpd" status="on"/>
</Rules>

5
Rules/quota.xml Normal file
View file

@ -0,0 +1,5 @@
<!-- Règles pour les quotas //-->
<Rules priority="1">
<Service type="deb" name="quota" status="on"/>
<Service type="deb" name="quotarpc" status="on"/>
</Rules>

10
Rules/rpc.xml Normal file
View file

@ -0,0 +1,10 @@
<!-- Règles pour rpc //-->
<Rules priority="1">
<Group name="squeeze">
<Service type="deb" name="portmap" status="on"/>
</Group>
<Group name="wheezy">
<Service type="deb" name="rpcbind" status="on"/>
</Group>
</Rules>

4
Rules/rsync-client.xml Normal file
View file

@ -0,0 +1,4 @@
<!-- Règles pour rsync //-->
<Rules priority="1">
<Service type="deb" name="rsync" status="on"/>
</Rules>

13
Rules/rsyslog.xml Normal file
View file

@ -0,0 +1,13 @@
<!-- Règles des serveurs/clients rsyslog //-->
<Rules priority="1">
<Group name="rsyslog-server">
<Path name="/var/spool/rsyslog" type="directory" owner="root" group="adm" perms="0750"/>
</Group>
<Group name="rsyslog-client">
<Group name="rsyslog-server" negate="true">
<Path name="/var/log/spool" type="directory" owner="root" group="adm" perms="750"/>
</Group>
</Group>
<Service type="deb" name="rsyslog" status="on"/>
</Rules>

108
Rules/rules.xml
View file

@ -1,31 +1,4 @@
<Rules priority="1">
<Action name="generate-locales" timing="post" when="modified" status="check"
command="/usr/sbin/update-locale"/>
<Service type="deb" name="postfix" status="on"/>
<Action name="generate-locales"
timing="post" when="modified" status="check"
command="/usr/sbin/update-locale"/>
<Action name="update-postfix-aliases"
timing="post" when="modified" status="check"
command="/usr/bin/newaliases"/>
<Action name="update-postfix-canonical"
timing="post" when="modified" status="check"
command="/usr/sbin/postmap /etc/postfix/canonical"/>
<Action name="update-postfix-mime_header_checks"
timing="post" when="modified" status="check"
command="/usr/sbin/postmap /etc/postfix/mime_header_checks"/>
<Action name="update-postfix-transport"
timing="post" when="modified" status="check"
command="/usr/sbin/postmap /etc/postfix/transport"/>
<Action name="update-postfix-virtual"
timing="post" when="modified" status="check"
command="/usr/sbin/postmap /etc/postfix/virtual"/>
<Action name="apt-key-add"
timing="post" when="modified" status="check"
command="cat /etc/crans/apt-keys/*.asc | apt-key add -"/>
<Group name="users">
<Path name="/etc/crans/secrets" type="directory" owner="respbats" group="adm" perms="0550"/>
</Group>
@ -45,55 +18,13 @@
</Group>
<Group name="users" negate="true">
<Group name="rouge" negate="true">
<Group name="vo" negate="true">
<Path name="/etc/crans/secrets" type="directory" owner="root" group="adm" perms="0550"/>
</Group>
<Group name="vo" negate="true">
<Path name="/etc/crans/secrets" type="directory" owner="root" group="adm" perms="0550"/>
</Group>
</Group>
<Group name="rsyslog-server">
<Path name="/var/spool/rsyslog" type="directory" owner="root" group="adm" perms="0750"/>
</Group>
<Group name="rsyslog-client">
<Group name="rsyslog-server" negate="true">
<Path name="/var/log/spool" type="directory" owner="root" group="adm" perms="750"/>
</Group>
</Group>
<Service type="deb" name="bcfg2-server" status="on"/>
<Service type="deb" name="bind9" status="on"/>
<Path name="/mirror/apt-mirror" type="directory" owner="apt-mirror" group="apt-mirror" perms="0755"/>
<Path name="/mirror/apt-mirror/var" type="directory" owner="apt-mirror" group="apt-mirror" perms="0755"/>
<Path name="/mirror/apt-mirror/skel" type="directory" owner="apt-mirror" group="apt-mirror" perms="0755"/>
<Path name="/mirror/apt-mirror/mirror" type="directory" owner="apt-mirror" group="apt-mirror" perms="0755"/>
<Path name="/usr/scripts" type="directory" owner="root" group="adm" perms="775"/>
<Service type="deb" name="proftpd" status="on"/>
<Service type="deb" name="rsync" status="on"/>
<Service type="deb" name="ntp" status="on"/>
<Service type="deb" name="openntpd" status="on"/>
<Service type="deb" name="ssh" status="on"/>
<Service type="deb" name="sqlgrey" status="on"/>
<Service type="deb" name="autofs" status="on"/>
<Service type="deb" name="nscd" status="on"/>
<Service type="deb" name="openvpn" status="on"/>
<Service type="deb" name="mumudvb" status="on"/>
<!-- Suppression du groupe adm de /etc/group pour forcer sudo à regarder dans la base -->
<Action name="del-adm"
timing="post" when="modified" status="check"
@ -104,48 +35,13 @@
rm -f $a &amp;&amp;
grpconv; }"/>
<Service type="deb" name="monit" status="on"/>
<Service type="deb" name="nut" status="on"/>
<Service type="deb" name="jabber" status="on"/>
<Service type="deb" name="ejabberd" status="on"/>
<Group name="squeeze">
<Service type="deb" name="portmap" status="on"/>
</Group>
<Group name="wheezy">
<Service type="deb" name="rpcbind" status="on"/>
</Group>
<Action name="ln-attendre-vert" timing="post" when="modified" status="check"
command="ln -s /etc/init.d/attendre-vert /etc/rcS.d/S41attendre-vert" />
<Service type="deb" name="nfs-kernel-server" status="on"/>
<Service type="deb" name="quota" status="on"/>
<Service type="deb" name="quotarpc" status="on"/>
<Service type="deb" name="rsyslog" status="on"/>
<Service type="deb" name="slapd" status="on"/>
<Service type="deb" name="nslcd" status="on"/>
<Service type="deb" name="munin-node" status="on"/>
<Service type="deb" name="nagios-nrpe-server" status="on"/>
<Service type="deb" name="arpwatch" status="on"/>
<Action name="link-munin-plugins" timing="post" when="modified" status="check"
command="python /usr/scripts/munin/scripts/link_plugins.py -f" />
<Path name="/usr/lib/pymodules/python2.6/MoinMoin/script/export/dump_proxy.py" type="symlink" to="/usr/scripts/wiki/dump_proxy.py" />
<Path name="/etc/logcheck/cracking.ignore.d/local-crans" type="symlink" to="/etc/logcheck/ignore.d.server/local-crans"/>
<Path name="/etc/logcheck/cracking.ignore.d/local-ignore" type="symlink" to="/etc/logcheck/ignore.d.server/local-ignore"/>
<Path name="/etc/logcheck/violations.ignore.d/local-crans" type="symlink" to="/etc/logcheck/ignore.d.server/local-crans"/>
<Path name="/etc/logcheck/violations.ignore.d/local-ignore" type="symlink" to="/etc/logcheck/ignore.d.server/local-ignore"/>
<Action name="link-firewall" timing="post" when="modified" status="check"
command="update-rc.d firewall defaults 45"/>
<Action name="link-firewall6" timing="post" when="modified" status="check"
command="update-rc.d firewall6 defaults 45"/>
</Rules>

4
Rules/sqlgrey.xml Normal file
View file

@ -0,0 +1,4 @@
<!-- Règles pour sqlgrey //-->
<Rules priority="1">
<Service type="deb" name="sqlgrey" status="on"/>
</Rules>

4
Rules/ssh.xml Normal file
View file

@ -0,0 +1,4 @@
<!-- Règles pour ssh //-->
<Rules priority="1">
<Service type="deb" name="ssh" status="on"/>
</Rules>