Difference between revisions of "Honesty admin"
Line 23: | Line 23: | ||
After this operation, 35.3MB of additional disk space will be used. | After this operation, 35.3MB of additional disk space will be used. | ||
Do you want to continue [Y/n]? | Do you want to continue [Y/n]? | ||
− | + | Get:1 http://archive.ubuntu.com/ubuntu/ lucid-updates/main binutils 2.20.1-3ubuntu7.1 [1658kB] | |
+ | Get:2 http://archive.ubuntu.com/ubuntu/ lucid/main libgomp1 4.4.3-4ubuntu5 [25.5kB] | ||
+ | Get:3 http://archive.ubuntu.com/ubuntu/ lucid/main gcc-4.4 4.4.3-4ubuntu5 [2877kB] | ||
+ | Get:4 http://archive.ubuntu.com/ubuntu/ lucid/main gcc 4:4.4.3-1ubuntu1 [5064B] | ||
+ | Get:5 http://archive.ubuntu.com/ubuntu/ lucid-updates/main libc-dev-bin 2.11.1-0ubuntu7.8 [224kB] | ||
+ | Get:6 http://archive.ubuntu.com/ubuntu/ lucid-updates/main linux-libc-dev 2.6.32-33.72 [841kB] | ||
+ | Get:7 http://archive.ubuntu.com/ubuntu/ lucid-updates/main libc6-dev 2.11.1-0ubuntu7.8 [2706kB] | ||
+ | Get:8 http://archive.ubuntu.com/ubuntu/ lucid/main manpages-dev 3.23-1 [1547kB] | ||
+ | Fetched 9883kB in 5s (1875kB/s) | ||
+ | Selecting previously deselected package binutils. | ||
+ | (Reading database ... 17233 files and directories currently installed.) | ||
+ | Unpacking binutils (from .../binutils_2.20.1-3ubuntu7.1_amd64.deb) ... | ||
+ | Selecting previously deselected package libgomp1. | ||
+ | Unpacking libgomp1 (from .../libgomp1_4.4.3-4ubuntu5_amd64.deb) ... | ||
+ | Selecting previously deselected package gcc-4.4. | ||
+ | Unpacking gcc-4.4 (from .../gcc-4.4_4.4.3-4ubuntu5_amd64.deb) ... | ||
+ | Selecting previously deselected package gcc. | ||
+ | Unpacking gcc (from .../gcc_4%3a4.4.3-1ubuntu1_amd64.deb) ... | ||
+ | Selecting previously deselected package libc-dev-bin. | ||
+ | Unpacking libc-dev-bin (from .../libc-dev-bin_2.11.1-0ubuntu7.8_amd64.deb) ... | ||
+ | Selecting previously deselected package linux-libc-dev. | ||
+ | Unpacking linux-libc-dev (from .../linux-libc-dev_2.6.32-33.72_amd64.deb) ... | ||
+ | Selecting previously deselected package libc6-dev. | ||
+ | Unpacking libc6-dev (from .../libc6-dev_2.11.1-0ubuntu7.8_amd64.deb) ... | ||
+ | Selecting previously deselected package manpages-dev. | ||
+ | Unpacking manpages-dev (from .../manpages-dev_3.23-1_all.deb) ... | ||
+ | Processing triggers for man-db ... | ||
+ | Setting up binutils (2.20.1-3ubuntu7.1) ... | ||
+ | |||
+ | Setting up libgomp1 (4.4.3-4ubuntu5) ... | ||
+ | |||
+ | Setting up gcc-4.4 (4.4.3-4ubuntu5) ... | ||
+ | Setting up gcc (4:4.4.3-1ubuntu1) ... | ||
+ | |||
+ | Setting up libc-dev-bin (2.11.1-0ubuntu7.8) ... | ||
+ | Setting up linux-libc-dev (2.6.32-33.72) ... | ||
+ | Setting up libc6-dev (2.11.1-0ubuntu7.8) ... | ||
+ | Setting up manpages-dev (3.23-1) ... | ||
+ | Processing triggers for libc-bin ... | ||
+ | ldconfig deferred processing now taking place | ||
+ | Committing to: /etc/ | ||
+ | added alternatives/c89 | ||
+ | added alternatives/c89.1.gz | ||
+ | added alternatives/c99 | ||
+ | added alternatives/c99.1.gz | ||
+ | added alternatives/cc | ||
+ | added alternatives/cc.1.gz | ||
+ | Committed revision 26. | ||
= [[User:John|John]] 2011-09-03 00:24 = | = [[User:John|John]] 2011-09-03 00:24 = |
Revision as of 21:46, 8 September 2011
This page chronicles the administrative changes to honesty.progclub.net. If you make an administrative change you should document the change here. Changes are logged he in reverse chronological order with a time-stamp in the form YYYY-MM-DD hh:mm. You can use the time from whatever timezone you are in, or UTC if you're cool, but use 24 hour time. Don't worry if the changes you make have a time-stamp that is less than a time-stamp later in the page, put the latest changes at the top. Put a link to your wiki user account before the time-stamp so we know who's doing what. See the Administrative reference for other information.
John 2011-09-08 21:44
Installing gcc
root@honesty:~/pcad# apt-get install gcc Reading package lists... Done Building dependency tree Reading state information... Done The following extra packages will be installed: binutils gcc-4.4 libc-dev-bin libc6-dev libgomp1 linux-libc-dev manpages-dev Suggested packages: binutils-doc gcc-multilib autoconf automake1.9 libtool flex bison gdb gcc-doc gcc-4.4-multilib libmudflap0-4.4-dev gcc-4.4-doc gcc-4.4-locales libgcc1-dbg libgomp1-dbg libmudflap0-dbg libcloog-ppl0 libppl-c2 libppl7 glibc-doc The following NEW packages will be installed: binutils gcc gcc-4.4 libc-dev-bin libc6-dev libgomp1 linux-libc-dev manpages-dev 0 upgraded, 8 newly installed, 0 to remove and 0 not upgraded. Need to get 9883kB of archives. After this operation, 35.3MB of additional disk space will be used. Do you want to continue [Y/n]? Get:1 http://archive.ubuntu.com/ubuntu/ lucid-updates/main binutils 2.20.1-3ubuntu7.1 [1658kB] Get:2 http://archive.ubuntu.com/ubuntu/ lucid/main libgomp1 4.4.3-4ubuntu5 [25.5kB] Get:3 http://archive.ubuntu.com/ubuntu/ lucid/main gcc-4.4 4.4.3-4ubuntu5 [2877kB] Get:4 http://archive.ubuntu.com/ubuntu/ lucid/main gcc 4:4.4.3-1ubuntu1 [5064B] Get:5 http://archive.ubuntu.com/ubuntu/ lucid-updates/main libc-dev-bin 2.11.1-0ubuntu7.8 [224kB] Get:6 http://archive.ubuntu.com/ubuntu/ lucid-updates/main linux-libc-dev 2.6.32-33.72 [841kB] Get:7 http://archive.ubuntu.com/ubuntu/ lucid-updates/main libc6-dev 2.11.1-0ubuntu7.8 [2706kB] Get:8 http://archive.ubuntu.com/ubuntu/ lucid/main manpages-dev 3.23-1 [1547kB] Fetched 9883kB in 5s (1875kB/s) Selecting previously deselected package binutils. (Reading database ... 17233 files and directories currently installed.) Unpacking binutils (from .../binutils_2.20.1-3ubuntu7.1_amd64.deb) ... Selecting previously deselected package libgomp1. Unpacking libgomp1 (from .../libgomp1_4.4.3-4ubuntu5_amd64.deb) ... Selecting previously deselected package gcc-4.4. Unpacking gcc-4.4 (from .../gcc-4.4_4.4.3-4ubuntu5_amd64.deb) ... Selecting previously deselected package gcc. Unpacking gcc (from .../gcc_4%3a4.4.3-1ubuntu1_amd64.deb) ... Selecting previously deselected package libc-dev-bin. Unpacking libc-dev-bin (from .../libc-dev-bin_2.11.1-0ubuntu7.8_amd64.deb) ... Selecting previously deselected package linux-libc-dev. Unpacking linux-libc-dev (from .../linux-libc-dev_2.6.32-33.72_amd64.deb) ... Selecting previously deselected package libc6-dev. Unpacking libc6-dev (from .../libc6-dev_2.11.1-0ubuntu7.8_amd64.deb) ... Selecting previously deselected package manpages-dev. Unpacking manpages-dev (from .../manpages-dev_3.23-1_all.deb) ... Processing triggers for man-db ... Setting up binutils (2.20.1-3ubuntu7.1) ... Setting up libgomp1 (4.4.3-4ubuntu5) ... Setting up gcc-4.4 (4.4.3-4ubuntu5) ... Setting up gcc (4:4.4.3-1ubuntu1) ... Setting up libc-dev-bin (2.11.1-0ubuntu7.8) ... Setting up linux-libc-dev (2.6.32-33.72) ... Setting up libc6-dev (2.11.1-0ubuntu7.8) ... Setting up manpages-dev (3.23-1) ... Processing triggers for libc-bin ... ldconfig deferred processing now taking place Committing to: /etc/ added alternatives/c89 added alternatives/c89.1.gz added alternatives/c99 added alternatives/c99.1.gz added alternatives/cc added alternatives/cc.1.gz Committed revision 26.
John 2011-09-03 00:24
Kerberizing Apache
root@honesty:/home/apache/www/www.progclub.net/pcma# kadmin -p jj5 Authenticating as principal jj5 with password. Password for jj5@PROGCLUB.ORG: kadmin: addprinc -randkey HTTP/honesty.progclub.org WARNING: no policy specified for HTTP/honesty.progclub.org@PROGCLUB.ORG; defaulting to no policy Principal "HTTP/honesty.progclub.org@PROGCLUB.ORG" created. kadmin: delprinc HTTP/honesty.progclub.org Are you sure you want to delete the principal "HTTP/honesty.progclub.org@PROGCLUB.ORG"? (yes/no): yes Principal "HTTP/honesty.progclub.org@PROGCLUB.ORG" deleted. Make sure that you have removed this principal from all ACLs before reusing. kadmin: addprinc -randkey HTTP/honesty.progclub.net WARNING: no policy specified for HTTP/honesty.progclub.net@PROGCLUB.ORG; defaulting to no policy Principal "HTTP/honesty.progclub.net@PROGCLUB.ORG" created. kadmin: ktadd -k /etc/apache2/apache2.keytab HTTP/honesty.progclub.net Entry for principal HTTP/honesty.progclub.net with kvno 2, encryption type AES-256 CTS mode with 96-bit SHA-1 HMAC added to keytab WRFILE:/etc/apache2/apache2.keytab. Entry for principal HTTP/honesty.progclub.net with kvno 2, encryption type ArcFour with HMAC/md5 added to keytab WRFILE:/etc/apache2/apache2.keytab. Entry for principal HTTP/honesty.progclub.net with kvno 2, encryption type Triple DES cbc mode with HMAC/sha1 added to keytab WRFILE:/etc/apache2/apache2.keytab. Entry for principal HTTP/honesty.progclub.net with kvno 2, encryption type DES cbc mode with CRC-32 added to keytab WRFILE:/etc/apache2/apache2.keytab. kadmin: quit
root@honesty:/home/apache/www/www.progclub.net/pcma# chown www-data:www-data /etc/apache/apache2.keytab root@honesty:/home/apache/www/www.progclub.net/pcma# chmod 400 /etc/apache2/apache2.keytab root@honesty:/home/apache/www/www.progclub.net/pcma# apt-get install libapache2-mod-auth-kerb Reading package lists... Done Building dependency tree Reading state information... Done The following NEW packages will be installed: libapache2-mod-auth-kerb 0 upgraded, 1 newly installed, 0 to remove and 0 not upgraded. Need to get 20.3kB of archives. After this operation, 119kB of additional disk space will be used. Get:1 http://archive.ubuntu.com/ubuntu/ lucid/main libapache2-mod-auth-kerb 5.3-5build2 [20.3kB] Fetched 20.3kB in 0s (32.7kB/s) Committing to: /etc/ modified .etckeeper added apache2/apache2.keytab Committed revision 23. Selecting previously deselected package libapache2-mod-auth-kerb. (Reading database ... 17197 files and directories currently installed.) Unpacking libapache2-mod-auth-kerb (from .../libapache2-mod-auth-kerb_5.3-5build2_amd64.deb) ... Setting up libapache2-mod-auth-kerb (5.3-5build2) ... Enabling module auth_kerb. Run '/etc/init.d/apache2 restart' to activate new configuration! Committing to: /etc/ added apache2/mods-available/auth_kerb.load added apache2/mods-enabled/auth_kerb.load Committed revision 24. root@honesty:/home/apache/www/www.progclub.net/pcma#
John 2011-08-19 14:43
Installing fail2ban
jj5@honesty:~$ sudo -s [sudo] password for jj5: root@honesty:~# apt-get install fail2ban Reading package lists... Done Building dependency tree Reading state information... Done The following extra packages will be installed: whois Suggested packages: python-gamin mailx The following NEW packages will be installed: fail2ban whois 0 upgraded, 2 newly installed, 0 to remove and 0 not upgraded. Need to get 129kB of archives. After this operation, 1032kB of additional disk space will be used. Do you want to continue [Y/n]? Get:1 http://archive.ubuntu.com/ubuntu/ lucid/universe fail2ban 0.8.4-1ubuntu1 [96.0kB] Get:2 http://archive.ubuntu.com/ubuntu/ lucid/main whois 5.0.0ubuntu3 [32.6kB] Fetched 129kB in 1s (128kB/s) Selecting previously deselected package fail2ban. (Reading database ... 16972 files and directories currently installed.) Unpacking fail2ban (from .../fail2ban_0.8.4-1ubuntu1_all.deb) ... Selecting previously deselected package whois. Unpacking whois (from .../whois_5.0.0ubuntu3_amd64.deb) ... Processing triggers for man-db ... Processing triggers for ureadahead ... Setting up fail2ban (0.8.4-1ubuntu1) ... Setting up whois (5.0.0ubuntu3) ... Processing triggers for python-central ... Committing to: /etc/ added fail2ban added default/fail2ban added fail2ban/action.d added fail2ban/fail2ban.conf added fail2ban/filter.d added fail2ban/jail.conf added fail2ban/action.d/complain.conf added fail2ban/action.d/dshield.conf added fail2ban/action.d/hostsdeny.conf added fail2ban/action.d/ipfilter.conf added fail2ban/action.d/ipfw.conf added fail2ban/action.d/iptables-allports.conf added fail2ban/action.d/iptables-multiport-log.conf added fail2ban/action.d/iptables-multiport.conf added fail2ban/action.d/iptables-new.conf added fail2ban/action.d/iptables.conf added fail2ban/action.d/mail-buffered.conf added fail2ban/action.d/mail-whois-lines.conf added fail2ban/action.d/mail-whois.conf added fail2ban/action.d/mail.conf added fail2ban/action.d/mynetwatchman.conf added fail2ban/action.d/sendmail-buffered.conf added fail2ban/action.d/sendmail-whois-lines.conf added fail2ban/action.d/sendmail-whois.conf added fail2ban/action.d/sendmail.conf added fail2ban/action.d/shorewall.conf added fail2ban/filter.d/apache-auth.conf added fail2ban/filter.d/apache-badbots.conf added fail2ban/filter.d/apache-nohome.conf added fail2ban/filter.d/apache-noscript.conf added fail2ban/filter.d/apache-overflows.conf added fail2ban/filter.d/common.conf added fail2ban/filter.d/courierlogin.conf added fail2ban/filter.d/couriersmtp.conf added fail2ban/filter.d/cyrus-imap.conf added fail2ban/filter.d/exim.conf added fail2ban/filter.d/gssftpd.conf added fail2ban/filter.d/lighttpd-fastcgi.conf added fail2ban/filter.d/named-refused.conf added fail2ban/filter.d/pam-generic.conf added fail2ban/filter.d/php-url-fopen.conf added fail2ban/filter.d/postfix.conf added fail2ban/filter.d/proftpd.conf added fail2ban/filter.d/pure-ftpd.conf added fail2ban/filter.d/qmail.conf added fail2ban/filter.d/sasl.conf added fail2ban/filter.d/sieve.conf added fail2ban/filter.d/sshd-ddos.conf added fail2ban/filter.d/sshd.conf added fail2ban/filter.d/vsftpd.conf added fail2ban/filter.d/webmin-auth.conf added fail2ban/filter.d/wuftpd.conf added fail2ban/filter.d/xinetd-fail.conf added init.d/fail2ban added logrotate.d/fail2ban added rc0.d/K99fail2ban added rc1.d/K99fail2ban added rc2.d/S99fail2ban added rc3.d/S99fail2ban added rc4.d/S99fail2ban added rc5.d/S99fail2ban added rc6.d/K99fail2ban Committed revision 16.
John 2011-08-15 05:08
Installing Apache, MySQL and PHP
root@honesty:~# apt-get install apache2 mysql-server php5 Reading package lists... Done Building dependency tree Reading state information... Done The following extra packages will be installed: apache2-mpm-prefork apache2-utils apache2.2-bin apache2.2-common libapache2-mod-php5 libapr1 libaprutil1 libaprutil1-dbd-sqlite3 libaprutil1-ldap libdbd-mysql-perl libdbi-perl libexpat1 libhtml-template-perl libmysqlclient16 libnet-daemon-perl libplrpc-perl mysql-client-5.1 mysql-client-core-5.1 mysql-common mysql-server-5.1 mysql-server-core-5.1 php5-common psmisc ssl-cert Suggested packages: www-browser apache2-doc apache2-suexec apache2-suexec-custom ufw php-pear dbishell libipc-sharedcache-perl tinyca mailx php5-suhosin The following NEW packages will be installed: apache2 apache2-mpm-prefork apache2-utils apache2.2-bin apache2.2-common libapache2-mod-php5 libapr1 libaprutil1 libaprutil1-dbd-sqlite3 libaprutil1-ldap libdbd-mysql-perl libdbi-perl libexpat1 libhtml-template-perl libmysqlclient16 libnet-daemon-perl libplrpc-perl mysql-client-5.1 mysql-client-core-5.1 mysql-common mysql-server mysql-server-5.1 mysql-server-core-5.1 php5 php5-common psmisc ssl-cert 0 upgraded, 27 newly installed, 0 to remove and 0 not upgraded. Need to get 31.5MB of archives. After this operation, 82.8MB of additional disk space will be used. Do you want to continue [Y/n]?
John 2011-08-15 04:06
Configuring NFS client
root@honesty:/etc# apt-get install nfs-common Reading package lists... Done Building dependency tree Reading state information... Done The following extra packages will be installed: libevent-1.4-2 libgssglue1 libnfsidmap2 librpcsecgss3 portmap The following NEW packages will be installed: libevent-1.4-2 libgssglue1 libnfsidmap2 librpcsecgss3 nfs-common portmap 0 upgraded, 6 newly installed, 0 to remove and 0 not upgraded. Need to get 421kB of archives. After this operation, 1364kB of additional disk space will be used. Do you want to continue [Y/n]? Get:1 http://archive.ubuntu.com/ubuntu/ lucid/main libevent-1.4-2 1.4.13-stable-1 [61.4kB] Get:2 http://archive.ubuntu.com/ubuntu/ lucid/main libgssglue1 0.1-4 [24.4kB] Get:3 http://archive.ubuntu.com/ubuntu/ lucid/main libnfsidmap2 0.23-2 [32.1kB] Get:4 http://archive.ubuntu.com/ubuntu/ lucid/main librpcsecgss3 0.19-2 [36.3kB] Get:5 http://archive.ubuntu.com/ubuntu/ lucid/main portmap 6.0.0-1ubuntu2 [38.2kB] Get:6 http://archive.ubuntu.com/ubuntu/ lucid/main nfs-common 1:1.2.0-4ubuntu4 [228kB] Fetched 421kB in 1s (359kB/s) Preconfiguring packages ... Selecting previously deselected package libevent-1.4-2. (Reading database ... 15759 files and directories currently installed.) Unpacking libevent-1.4-2 (from .../libevent-1.4-2_1.4.13-stable-1_amd64.deb) ... Selecting previously deselected package libgssglue1. Unpacking libgssglue1 (from .../libgssglue1_0.1-4_amd64.deb) ... Selecting previously deselected package libnfsidmap2. Unpacking libnfsidmap2 (from .../libnfsidmap2_0.23-2_amd64.deb) ... Selecting previously deselected package librpcsecgss3. Unpacking librpcsecgss3 (from .../librpcsecgss3_0.19-2_amd64.deb) ... Selecting previously deselected package portmap. Unpacking portmap (from .../portmap_6.0.0-1ubuntu2_amd64.deb) ... Selecting previously deselected package nfs-common. Unpacking nfs-common (from .../nfs-common_1%3a1.2.0-4ubuntu4_amd64.deb) ... Processing triggers for man-db ... Processing triggers for ureadahead ... Setting up libevent-1.4-2 (1.4.13-stable-1) ... Setting up libgssglue1 (0.1-4) ... Setting up libnfsidmap2 (0.23-2) ... Setting up librpcsecgss3 (0.19-2) ... Setting up portmap (6.0.0-1ubuntu2) ... portmap start/running, process 7410 Setting up nfs-common (1:1.2.0-4ubuntu4) ... Creating config file /etc/idmapd.conf with new version Creating config file /etc/default/nfs-common with new version Adding system user `statd' (UID 104) ... Adding new user `statd' (UID 104) with group `nogroup' ... Not creating home directory `/var/lib/nfs'. statd start/running, process 7626 gssd stop/pre-start, process 7651 idmapd stop/pre-start, process 7679 Processing triggers for libc-bin ... ldconfig deferred processing now taking place Committing to: /etc/ added gssapi_mech.conf added idmapd.conf modified passwd modified passwd- modified shadow modified shadow- added default/nfs-common added default/portmap added init/gssd.conf added init/idmapd.conf added init/portmap.conf added init/rpc_pipefs.conf added init/statd.conf added init.d/gssd added init.d/idmapd added init.d/portmap added init.d/rpc_pipefs added init.d/statd Committed revision 12.
root@honesty:/etc# vim /etc/fstab root@honesty:/etc# cat /etc/fstab proc /proc proc defaults 0 0 /dev/sda1 / ext3 defaults,errors=remount-ro,noatime 0 1 /dev/sda2 none swap sw 0 0 172.19.1.45:/home /home nfs4 rw,_netdev,auto 0 0
root@honesty:/etc# vim /etc/modules root@honesty:/etc# cat /etc/modules # /etc/modules: kernel modules to load at boot time. # # This file contains the names of kernel modules that should be loaded # at boot time, one per line. Lines beginning with "#" are ignored. nfs
John 2011-08-15 03:45
Configuring Kerberos client
jj5@honesty:~$ sudo -s [sudo] password for jj5: root@honesty:~# apt-get install krb5-user krb5-config libpam-krb5 Reading package lists... Done Building dependency tree Reading state information... Done The following extra packages will be installed: bind9-host geoip-database libbind9-60 libdns64 libgeoip1 libgssrpc4 libisc60 libisccc60 libisccfg60 libkadm5clnt-mit7 liblwres60 Suggested packages: geoip-bin krb5-doc The following NEW packages will be installed: bind9-host geoip-database krb5-config krb5-user libbind9-60 libdns64 libgeoip1 libgssrpc4 libisc60 libisccc60 libisccfg60 libkadm5clnt-mit7 liblwres60 libpam-krb5 0 upgraded, 14 newly installed, 0 to remove and 0 not upgraded. Need to get 2235kB of archives. After this operation, 5517kB of additional disk space will be used. Do you want to continue [Y/n]?
Package configuration ┌──────────────────┤ Configuring Kerberos Authentication ├──────────────────┐ │ When users attempt to use Kerberos and specify a principal or user name │ │ without specifying what administrative Kerberos realm that principal │ │ belongs to, the system appends the default realm. The default realm may │ │ also be used as the realm of a Kerberos service running on the local │ │ machine. Often, the default realm is the uppercase version of the local │ │ DNS domain. │ │ │ │ Default Kerberos version 5 realm: │ │ │ │ PROGCLUB.ORG_____________________________________________________________ │ │ │ │ <Ok> │ │ │ └───────────────────────────────────────────────────────────────────────────┘
Package configuration ┌────────────────┤ Configuring Kerberos Authentication ├─────────────────┐ │ Enter the hostnames of Kerberos servers in the PROGCLUB.ORG Kerberos │ │ realm separated by spaces. │ │ │ │ Kerberos servers for your realm: │ │ │ │ kerberos.progclub.org_________________________________________________ │ │ │ │ <Ok> │ │ │ └────────────────────────────────────────────────────────────────────────┘
Package configuration ┌──────────────────┤ Configuring Kerberos Authentication ├──────────────────┐ │ Enter the hostname of the administrative (password changing) server for │ │ the PROGCLUB.ORG Kerberos realm. │ │ │ │ Administrative server for your Kerberos realm: │ │ │ │ kerberos.progclub.org____________________________________________________ │ │ │ │ <Ok> │ │ │ └───────────────────────────────────────────────────────────────────────────┘
Get:1 http://archive.ubuntu.com/ubuntu/ lucid/main libgeoip1 1.4.6.dfsg-17 [109kB] Get:2 http://archive.ubuntu.com/ubuntu/ lucid/main libisc60 1:9.7.0.dfsg.P1-1 [169kB] Get:3 http://archive.ubuntu.com/ubuntu/ lucid/main libdns64 1:9.7.0.dfsg.P1-1 [690kB] Get:4 http://archive.ubuntu.com/ubuntu/ lucid/main libisccc60 1:9.7.0.dfsg.P1-1 [29.4kB] Get:5 http://archive.ubuntu.com/ubuntu/ lucid/main libisccfg60 1:9.7.0.dfsg.P1-1 [52.6kB] Get:6 http://archive.ubuntu.com/ubuntu/ lucid/main libbind9-60 1:9.7.0.dfsg.P1-1 [34.1kB] Get:7 http://archive.ubuntu.com/ubuntu/ lucid/main liblwres60 1:9.7.0.dfsg.P1-1 [47.9kB] Get:8 http://archive.ubuntu.com/ubuntu/ lucid/main bind9-host 1:9.7.0.dfsg.P1-1 [68.2kB] Get:9 http://archive.ubuntu.com/ubuntu/ lucid/main geoip-database 1.4.6.dfsg-17 [658kB] Get:10 http://archive.ubuntu.com/ubuntu/ lucid/main krb5-config 2.2 [23.0kB] Get:11 http://archive.ubuntu.com/ubuntu/ lucid/main libgssrpc4 1.8.1+dfsg-2 [81.4kB] Get:12 http://archive.ubuntu.com/ubuntu/ lucid/main libkadm5clnt-mit7 1.8.1+dfsg-2 [62.0kB] Get:13 http://archive.ubuntu.com/ubuntu/ lucid/main krb5-user 1.8.1+dfsg-2 [137kB] Get:14 http://archive.ubuntu.com/ubuntu/ lucid/main libpam-krb5 4.2-1 [73.8kB] Fetched 2235kB in 1s (1280kB/s) Preconfiguring packages ... Selecting previously deselected package libgeoip1. (Reading database ... 15582 files and directories currently installed.) Unpacking libgeoip1 (from .../libgeoip1_1.4.6.dfsg-17_amd64.deb) ... Selecting previously deselected package libisc60. Unpacking libisc60 (from .../libisc60_1%3a9.7.0.dfsg.P1-1_amd64.deb) ... Selecting previously deselected package libdns64. Unpacking libdns64 (from .../libdns64_1%3a9.7.0.dfsg.P1-1_amd64.deb) ... Selecting previously deselected package libisccc60. Unpacking libisccc60 (from .../libisccc60_1%3a9.7.0.dfsg.P1-1_amd64.deb) ... Selecting previously deselected package libisccfg60. Unpacking libisccfg60 (from .../libisccfg60_1%3a9.7.0.dfsg.P1-1_amd64.deb) ... Selecting previously deselected package libbind9-60. Unpacking libbind9-60 (from .../libbind9-60_1%3a9.7.0.dfsg.P1-1_amd64.deb) ... Selecting previously deselected package liblwres60. Unpacking liblwres60 (from .../liblwres60_1%3a9.7.0.dfsg.P1-1_amd64.deb) ... Selecting previously deselected package bind9-host. Unpacking bind9-host (from .../bind9-host_1%3a9.7.0.dfsg.P1-1_amd64.deb) ... Selecting previously deselected package geoip-database. Unpacking geoip-database (from .../geoip-database_1.4.6.dfsg-17_all.deb) ... Selecting previously deselected package krb5-config. Unpacking krb5-config (from .../krb5-config_2.2_all.deb) ... Selecting previously deselected package libgssrpc4. Unpacking libgssrpc4 (from .../libgssrpc4_1.8.1+dfsg-2_amd64.deb) ... Selecting previously deselected package libkadm5clnt-mit7. Unpacking libkadm5clnt-mit7 (from .../libkadm5clnt-mit7_1.8.1+dfsg-2_amd64.deb) ... Selecting previously deselected package krb5-user. Unpacking krb5-user (from .../krb5-user_1.8.1+dfsg-2_amd64.deb) ... Selecting previously deselected package libpam-krb5. Unpacking libpam-krb5 (from .../libpam-krb5_4.2-1_amd64.deb) ... Processing triggers for man-db ... Setting up libgeoip1 (1.4.6.dfsg-17) ... Setting up libisc60 (1:9.7.0.dfsg.P1-1) ... Setting up libdns64 (1:9.7.0.dfsg.P1-1) ... Setting up libisccc60 (1:9.7.0.dfsg.P1-1) ... Setting up libisccfg60 (1:9.7.0.dfsg.P1-1) ... Setting up libbind9-60 (1:9.7.0.dfsg.P1-1) ... Setting up liblwres60 (1:9.7.0.dfsg.P1-1) ... Setting up bind9-host (1:9.7.0.dfsg.P1-1) ... Setting up geoip-database (1.4.6.dfsg-17) ... Setting up krb5-config (2.2) ... Setting up libgssrpc4 (1.8.1+dfsg-2) ... Setting up libkadm5clnt-mit7 (1.8.1+dfsg-2) ... Setting up krb5-user (1.8.1+dfsg-2) ... Setting up libpam-krb5 (4.2-1) ... Processing triggers for libc-bin ... ldconfig deferred processing now taking place Committing to: /etc/ added krb5.conf modified pam.d/common-account modified pam.d/common-auth modified pam.d/common-password modified pam.d/common-session modified pam.d/common-session-noninteractive Committed revision 8.
root@honesty:~# hostname -f honesty root@honesty:~# vim /etc/hosts root@honesty:~# cat /etc/hosts 127.0.0.1 localhost localhost.localdomain 67.207.129.103 honesty.progclub.net honesty root@honesty:~# hostname -f honesty.progclub.net
root@honesty:~# kadmin -p jj5 Authenticating as principal jj5 with password. Password for jj5@PROGCLUB.ORG: kadmin: addprinc -randkey host/honesty.progclub.net@PROGCLUB.ORG WARNING: no policy specified for host/honesty.progclub.net@PROGCLUB.ORG; defaulting to no policy Principal "host/honesty.progclub.net@PROGCLUB.ORG" created. kadmin: ktadd host/honesty.progclub.net@PROGCLUB.ORG Entry for principal host/honesty.progclub.net@PROGCLUB.ORG with kvno 2, encryption type AES-256 CTS mode with 96-bit SHA-1 HMAC added to keytab WRFILE:/etc/krb5.keytab. Entry for principal host/honesty.progclub.net@PROGCLUB.ORG with kvno 2, encryption type ArcFour with HMAC/md5 added to keytab WRFILE:/etc/krb5.keytab. Entry for principal host/honesty.progclub.net@PROGCLUB.ORG with kvno 2, encryption type Triple DES cbc mode with HMAC/sha1 added to keytab WRFILE:/etc/krb5.keytab. Entry for principal host/honesty.progclub.net@PROGCLUB.ORG with kvno 2, encryption type DES cbc mode with CRC-32 added to keytab WRFILE:/etc/krb5.keytab. kadmin: quit
root@honesty:~# cd /etc root@honesty:/etc# ll kr* -rw-r--r-- 1 root root 3504 Aug 14 17:49 krb5.conf -rw------- 1 root root 326 Aug 14 17:53 krb5.keytab
root@honesty:/etc# apt-get install libnss-ldapd libsasl2-modules-gssapi-mit kstart Reading package lists... Done Building dependency tree Reading state information... Done The following extra packages will be installed: libpam-ldapd nscd nslcd The following NEW packages will be installed: kstart libnss-ldapd libpam-ldapd libsasl2-modules-gssapi-mit nscd nslcd 0 upgraded, 6 newly installed, 0 to remove and 0 not upgraded. Need to get 531kB of archives. After this operation, 1311kB of additional disk space will be used. Do you want to continue [Y/n]?
Package configuration ┌─────────────────────────┤ Configuring NSLCD ├──────────────────────────┐ │ Please enter the Uniform Resource Identifier of the LDAP server. The │ │ format is 'ldap://<hostname_or_IP_address>:<port>/'. Alternatively, │ │ 'ldaps://' or 'ldapi://' can be used. The port number is optional. │ │ │ │ When using an ldap or ldaps scheme it is recommended to use an IP │ │ address to avoid failures when domain name services are unavailable. │ │ │ │ Multiple URIs can be be specified by separating them with spaces. │ │ │ │ LDAP server URI: │ │ │ │ ldaps://charity.progclub.org/_________________________________________ │ │ │ │ <Ok> <Cancel> │ │ │ └────────────────────────────────────────────────────────────────────────┘
Package configuration
┌───────────────────────────┤ Configuring NSLCD ├───────────────────────────┐ │ Please enter the distinguished name of the LDAP search base. Many sites │ │ use the components of their domain names for this purpose. For example, │ │ the domain "example.net" would use "dc=example,dc=net" as the │ │ distinguished name of the search base. │ │ │ │ LDAP server search base: │ │ │ │ dc=progclub,dc=org_______________________________________________________ │ │ │ │ <Ok> <Cancel> │ │ │ └───────────────────────────────────────────────────────────────────────────┘
Package configuration ┌───────────────────────────┤ Configuring NSLCD ├───────────────────────────┐ │ │ │ When an encrypted connection is used, a server certificate can be │ │ requested and checked. Please choose whether lookups should be │ │ configured to require a certificate, and whether certificates should be │ │ checked for validity: │ │ * never: no certificate will be requested or checked; │ │ * allow: a certificate will be requested, but it is not │ │ required or checked; │ │ * try: a certificate will be requested and checked, but if no │ │ certificate is provided it is ignored; │ │ * demand: a certificate will be requested, required, and checked. │ │ If certificate checking is enabled, at least one of the tls_cacertdir or │ │ tls_cacertfile options must be put in /etc/nslcd.conf. │ │ │ │ <Ok> │ │ │ └───────────────────────────────────────────────────────────────────────────┘
Package configuration ┌──────┤ Configuring NSLCD ├───────┐ │ Check server's SSL certificate: │ │ │ │ never │ │ * allow │ │ try │ │ demand │ │ │ │ │ │ <Ok> <Cancel> │ │ │ └──────────────────────────────────┘
Package configuration ┌───────────────────────┤ Configuring libnss-ldapd ├────────────────────────┐ │ For this package to work, you need to modify your /etc/nsswitch.conf to │ │ use the ldap datasource. │ │ │ │ You can select the services that should have LDAP lookups enabled. The │ │ new LDAP lookups will be added as the last datasource. Be sure to review │ │ these changes. │ │ │ │ Name services to configure: │ │ │ │ [*] aliases │ │ [*] ethers │ │ [*] group │ │ [*] hosts │ │ [*] netgroup │ │ [*] networks │ │ [*] passwd │ │ [*] protocols │ │ [*] rpc │ │ [*] services │ │ [*] shadow │ │ │ │ │ │ <Ok> │ │ │ └───────────────────────────────────────────────────────────────────────────┘
Get:1 http://archive.ubuntu.com/ubuntu/ lucid/universe kstart 3.16-3 [58.3kB] Get:2 http://archive.ubuntu.com/ubuntu/ lucid/universe libsasl2-modules-gssapi-mit 2.1.23.dfsg1-5ubuntu1 [73.1kB] Get:3 http://archive.ubuntu.com/ubuntu/ lucid/universe nscd 2.11.1-0ubuntu7 [211kB] Get:4 http://archive.ubuntu.com/ubuntu/ lucid/universe nslcd 0.7.2 [120kB] Get:5 http://archive.ubuntu.com/ubuntu/ lucid/universe libnss-ldapd 0.7.2 [41.8kB] Get:6 http://archive.ubuntu.com/ubuntu/ lucid/universe libpam-ldapd 0.7.2 [27.6kB] Fetched 531kB in 1s (441kB/s) Committing to: /etc/ modified .etckeeper modified hosts added krb5.keytab Committed revision 9. Preconfiguring packages ... Selecting previously deselected package kstart. (Reading database ... 15699 files and directories currently installed.) Unpacking kstart (from .../kstart_3.16-3_amd64.deb) ... Selecting previously deselected package libsasl2-modules-gssapi-mit. Unpacking libsasl2-modules-gssapi-mit (from .../libsasl2-modules-gssapi-mit_2.1.23.dfsg1-5ubuntu1_amd64.deb) ... Selecting previously deselected package nscd. Unpacking nscd (from .../nscd_2.11.1-0ubuntu7_amd64.deb) ... Selecting previously deselected package nslcd. Unpacking nslcd (from .../archives/nslcd_0.7.2_amd64.deb) ... Selecting previously deselected package libnss-ldapd. Unpacking libnss-ldapd (from .../libnss-ldapd_0.7.2_amd64.deb) ... Selecting previously deselected package libpam-ldapd. Unpacking libpam-ldapd (from .../libpam-ldapd_0.7.2_amd64.deb) ... Processing triggers for man-db ... Processing triggers for ureadahead ... Setting up kstart (3.16-3) ... Setting up libsasl2-modules-gssapi-mit (2.1.23.dfsg1-5ubuntu1) ... Setting up nscd (2.11.1-0ubuntu7) ... * Starting Name Service Cache Daemon nscd [ OK ] Setting up nslcd (0.7.2) ... Warning: The home dir /var/run/nslcd/ you specified can't be accessed: No such file or directory Adding system user `nslcd' (UID 103) ... Adding new group `nslcd' (GID 105) ... Adding new user `nslcd' (UID 103) with group `nslcd' ... Not creating home directory `/var/run/nslcd/'. * Starting LDAP connection daemon nslcd [ OK ] Setting up libnss-ldapd (0.7.2) ... /etc/nsswitch.conf: enable LDAP lookups for aliases /etc/nsswitch.conf: enable LDAP lookups for ethers /etc/nsswitch.conf: enable LDAP lookups for group /etc/nsswitch.conf: enable LDAP lookups for hosts /etc/nsswitch.conf: enable LDAP lookups for netgroup /etc/nsswitch.conf: enable LDAP lookups for networks /etc/nsswitch.conf: enable LDAP lookups for passwd /etc/nsswitch.conf: enable LDAP lookups for protocols /etc/nsswitch.conf: enable LDAP lookups for rpc /etc/nsswitch.conf: enable LDAP lookups for services /etc/nsswitch.conf: enable LDAP lookups for shadow * Restarting Name Service Cache Daemon nscd [ OK ] Setting up libpam-ldapd (0.7.2) ... Processing triggers for libc-bin ... ldconfig deferred processing now taking place Committing to: /etc/ modified .etckeeper modified group modified group- modified gshadow modified gshadow- added nscd.conf added nslcd.conf modified nsswitch.conf modified passwd modified passwd- modified shadow modified shadow- added init.d/nscd added init.d/nslcd modified pam.d/common-account modified pam.d/common-auth modified pam.d/common-password modified pam.d/common-session modified pam.d/common-session-noninteractive added rc0.d/K20nscd added rc0.d/K20nslcd added rc1.d/K20nscd added rc1.d/K20nslcd added rc2.d/S20nscd added rc2.d/S20nslcd added rc3.d/S20nscd added rc3.d/S20nslcd added rc4.d/S20nscd added rc4.d/S20nslcd added rc5.d/S20nscd added rc5.d/S20nslcd added rc6.d/K20nscd added rc6.d/K20nslcd Committed revision 10.
root@honesty:/etc# cat /etc/nsswitch.conf # /etc/nsswitch.conf # # Example configuration of GNU Name Service Switch functionality. # If you have the `glibc-doc-reference' and `info' packages installed, try: # `info libc "Name Service Switch"' for information about this file. passwd: compat ldap group: compat ldap shadow: compat ldap hosts: files dns ldap networks: files ldap protocols: db files ldap services: db files ldap ethers: db files ldap rpc: db files ldap netgroup: nis ldap aliases: ldap
root@honesty:/etc# cat /etc/nslcd.conf # /etc/nslcd.conf # nslcd configuration file. See nslcd.conf(5) # for details. # The user and group nslcd should run as. uid nslcd gid nslcd # The location at which the LDAP server(s) should be reachable. uri ldaps://charity.progclub.org/ # The search base that will be used for all queries. base dc=progclub,dc=org # The LDAP protocol version to use. #ldap_version 3 # The DN to bind with for normal lookups. #binddn cn=annonymous,dc=example,dc=net #bindpw secret # SSL options #ssl off tls_reqcert allow # The search scope. #scope sub
root@honesty:/etc# vim /etc/nslcd.conf
# JE: 2011-08-15: added sasl_mech sasl_mech GSSAPI
root@honesty:/etc# pam-auth-update
Package configuration ┌───────────────────────────────────┤ ├────────────────────────────────────┐ │ Pluggable Authentication Modules (PAM) determine how authentication, │ │ authorization, and password changing are handled on the system, as well │ │ as allowing configuration of additional actions to take when starting │ │ user sessions. │ │ │ │ Some PAM module packages provide profiles that can be used to │ │ automatically adjust the behavior of all PAM-using applications on the │ │ system. Please indicate which of these behaviors you wish to enable. │ │ │ │ PAM profiles to enable: │ │ │ │ [*] Kerberos authentication │ │ [*] Unix authentication │ │ [ ] LDAP Authentication │ │ │ │ │ │ <Ok> <Cancel> │ │ │ └───────────────────────────────────────────────────────────────────────────┘
root@honesty:/etc# vim /etc/pam.d/common-password root@honesty:/etc# cat /etc/pam.d/common-password # # /etc/pam.d/common-password - password-related modules common to all services # # This file is included from other service-specific PAM config files, # and should contain a list of modules that define the services to be # used to change user passwords. The default is pam_unix. # Explanation of pam_unix options: # # The "sha512" option enables salted SHA512 passwords. Without this option, # the default is Unix crypt. Prior releases used the option "md5". # # The "obscure" option replaces the old `OBSCURE_CHECKS_ENAB' option in # login.defs. # # See the pam_unix manpage for other options. # As of pam 1.0.1-6, this file is managed by pam-auth-update by default. # To take advantage of this, it is recommended that you configure any # local modules either before or after the default block, and use # pam-auth-update to manage selection of other modules. See # pam-auth-update(8) for details. # here are the per-package modules (the "Primary" block) #password requisite pam_krb5.so minimum_uid=1000 #password [success=1 default=ignore] pam_unix.so obscure use_authtok try_first_pass sha512 # here's the fallback if no module succeeds #password requisite pam_deny.so # prime the stack with a positive return value if there isn't one already; # this avoids us returning an error just because nothing sets a success code # since the modules above will each just jump around #password required pam_permit.so # and here are more per-package modules (the "Additional" block) # end of pam-auth-update config password sufficient pam_krb5.so minimum_uid=1000 password required pam_unix.so obscure try_first_pass sha512
root@honesty:/etc# service nslcd restart * Restarting LDAP connection daemon nslcd nslcd: /etc/nslcd.conf:30: option sasl_mech is currently not fully supported (please report any successes) [ OK ]
root@honesty:/etc# etckeeper commit "Configured Kerberos client" Committing to: /etc/ modified nslcd.conf modified pam.d/common-account modified pam.d/common-auth modified pam.d/common-password modified pam.d/common-session modified pam.d/common-session-noninteractive Committed revision 11.
John 2011-08-05 16:59
Disabling IPSec
Can't get IPSec to work. Commented out /etc/network/if-up.d/ip and removed the policies from /etc/ipsec-tools.conf.
John 2011-07-30 19:30
Configuring IPSec
jj5@honesty:~$ sudo -s [sudo] password for jj5: root@honesty:~# cd /etc/network/if-pre-up.d/ root@honesty:/etc/network/if-pre-up.d# ll total 12 drwxr-xr-x 2 root root 4096 Apr 22 2010 ./ drwxr-xr-x 6 root root 4096 Apr 22 2010 ../ -rwxr-xr-x 1 root root 348 Dec 21 2009 ethtool* root@honesty:/etc/network/if-pre-up.d# vim iptables
#!/bin/sh /sbin/iptables-restore < /etc/iptables.up.rules
root@honesty:/etc/network/if-pre-up.d# chmod +x iptables root@honesty:/etc/network/if-pre-up.d# cd ../if-up.d/ root@honesty:/etc/network/if-up.d# vim ip
#!/bin/sh # Charity ip route add 67.207.128.184 dev eth0 advmss 200 # Hope ip route add 67.207.130.204 dev eth0 advmss 200
root@honesty:/etc/network/if-up.d# chmod +x ip root@honesty:/etc/network/if-up.d# cd /etc/ root@honesty:/etc# vim iptables.up.rules
*filter # Allow all loopback (lo0) traffic -A INPUT -i lo -j ACCEPT # Drop all traffic to 127/8 that does use lo0 -A INPUT ! -i lo -d 127.0.0.0/8 -j REJECT # Accept all established inbound connections -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT # Allow all outbound traffic -A OUTPUT -j ACCEPT # Allow HTTP and HTTPS connections from anywhere -A INPUT -p tcp --dport 80 -j ACCEPT -A INPUT -p tcp --dport 443 -j ACCEPT # Allow SSH connections -A INPUT -p tcp -m state --state NEW --dport 22 -j ACCEPT # Accept anything from charity -A INPUT -s 67.207.128.184 -j ACCEPT # Accept anything from hope -A INPUT -s 67.207.130.204 -j ACCEPT # Allow MySQL connections from John's house -A INPUT -s 60.240.67.126/32 -p tcp -m tcp --dport 3306 -j ACCEPT # Allow MySQL connections from localhost -A INPUT -s 127.0.0.1/32 -p tcp -m tcp --dport 3306 -j ACCEPT # Allow ping -A INPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT # log iptables denied calls -A INPUT -m limit --limit 5/min -j LOG --log-prefix "iptables denied: " --log-level 7 #-A INPUT -j LOG --log-prefix "iptables debug: " --log-level 7 # Reject all other inbound - default deny unless explicitly allowed policy -A INPUT -j REJECT -A FORWARD -j REJECT COMMIT
root@honesty:/etc# vim ipsec-tools.conf
#!/usr/sbin/setkey -f ## Flush the SAD and SPD flush; spdflush; # Charity/Honesty configuration # ESP SAs using 192 bit long keys (168 + 24 parity) add 67.207.128.184 67.207.129.103 esp 5 -E aes-cbc 0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef; add 67.207.129.103 67.207.128.184 esp 6 -E aes-cbc 0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef; # AH SAs using 160 bit long keys add 67.207.128.184 67.207.129.103 ah 7 -A hmac-sha1 0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef; add 67.207.129.103 67.207.128.184 ah 8 -A hmac-sha1 0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef; # Security policies spdadd 67.207.129.103 67.207.128.184 any -P out ipsec esp/transport//require ah/transport//require; spdadd 67.207.128.184 67.207.129.103 any -P in ipsec esp/transport//require ah/transport//require; # Hope/Honesty configuration # ESP SAs using 192 bit long keys (168 + 24 parity) add 67.207.130.204 67.207.129.103 esp 9 -E aes-cbc 0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef; add 67.207.129.103 67.207.130.204 esp 10 -E aes-cbc 0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef; # AH SAs using 160 bit long keys add 67.207.130.204 67.207.129.103 ah 11 -A hmac-sha1 0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef; add 67.207.129.103 67.207.130.204 ah 12 -A hmac-sha1 0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef; # Security policies spdadd 67.207.129.103 67.207.130.204 any -P out ipsec esp/transport//require ah/transport//require; spdadd 67.207.130.204 67.207.129.103 any -P in ipsec esp/transport//require ah/transport//require;
root@honesty:/etc# ll ipsec-tools.conf -rwxr-xr-x 1 root root 1661 Jul 30 09:46 ipsec-tools.conf* root@honesty:/etc# chmod 700 ipsec-tools.conf root@honesty:/etc# ll ipsec-tools.conf -rwx------ 1 root root 1661 Jul 30 09:46 ipsec-tools.conf* root@honesty:~# etckeeper commit "Configured IPSec" Committing to: /etc/ modified .etckeeper modified ipsec-tools.conf added iptables.up.rules added network/if-pre-up.d/iptables added network/if-up.d/ip Committed revision 5. root@honesty:/etc# reboot
Phew, that ought to do it.
The other end of the connections have been configured on charity and hope.
John 2011-07-30 13:57
Adding user jj5
Didn't want to have to do this, but need to ssh in a fair bit.
root@honesty:~# adduser jj5 Adding user `jj5' ... Adding new group `jj5' (1000) ... Adding new user `jj5' (1000) with group `jj5' ... Creating home directory `/home/jj5' ... Copying files from `/etc/skel' ... Enter new UNIX password: Retype new UNIX password: passwd: password updated successfully Changing the user information for jj5 Enter the new value, or press ENTER for the default Full Name []: John Elliot Room Number []: Work Phone []: Home Phone []: Other []: Is the information correct? [Y/n] root@honesty:~# gpasswd -a jj5 sudo Adding user jj5 to group sudo
John 2011-07-29 02:54
Installing Etckeeper
# apt-get install etckeeper Reading package lists... Done Building dependency tree Reading state information... Done The following extra packages will be installed: bzr bzrtools patch python-configobj python-crypto python-paramiko python-support rsync Suggested packages: bzr-gtk bzr-svn python-pycurl xdg-utils python-kerberos bzr-doc librsvg2-bin graphviz ed diffutils-doc python-crypto-dbg The following NEW packages will be installed: bzr bzrtools etckeeper patch python-configobj python-crypto python-paramiko python-support rsync 0 upgraded, 9 newly installed, 0 to remove and 0 not upgraded. Need to get 4787kB of archives. After this operation, 27.8MB of additional disk space will be used. Do you want to continue [Y/n]?
Just like that.
Installing IPSec
# apt-get install ipsec-tools Reading package lists... Done Building dependency tree Reading state information... Done The following NEW packages will be installed: ipsec-tools 0 upgraded, 1 newly installed, 0 to remove and 0 not upgraded. Need to get 111kB of archives. After this operation, 274kB of additional disk space will be used. Get:1 http://archive.ubuntu.com/ubuntu/ lucid/main ipsec-tools 1:0.7.1-1.6ubuntu1 [111kB] Fetched 111kB in 0s (153kB/s) Selecting previously deselected package ipsec-tools. (Reading database ... 15571 files and directories currently installed.) Unpacking ipsec-tools (from .../ipsec-tools_1%3a0.7.1-1.6ubuntu1_amd64.deb) ... Processing triggers for man-db ... Processing triggers for ureadahead ... Setting up ipsec-tools (1:0.7.1-1.6ubuntu1) ...
Processing triggers for libc-bin ... ldconfig deferred processing now taking place Committing to: /etc/ modified .etckeeper added ipsec-tools.conf added default/setkey added init.d/setkey added rcS.d/S37setkey Committed revision 2.
John 2011-07-28 21:15
The honesty.progclub.org slice has has been created, and the host added to to the DNS zones, but apart from that it's not configured presently.