|  |  | @953 | 17 years | andersk | Revert r952. | 
                
                  |  |  | @952 | 17 years | quentin | Serve sipb.mit.edu wiki content directly via Apache | 
                
                  |  |  | @948 | 17 years | quentin | Try hostbased authentication in the client | 
                
                  |  |  | @947 | 17 years | quentin | Add shosts.equiv for allowing logins | 
                
                  |  |  | @946 | 17 years | quentin | Allow ssh hostbased authentication | 
                
                  |  |  | @943 | 17 years | geofft | Hacks because Apache makes things hard at the .htaccess level. | 
                
                  |  |  | @942 | 17 years | geofft | debathena.mit.edu vhost | 
                
                  |  |  | @941 | 17 years | geofft | cert for debathena.mit.edu | 
                
                  |  |  | @940 | 17 years | geofft | Whoops, forgot to reify-vhost.py sipb.mit.edu | 
                
                  |  |  | @939 | 17 years | geofft | Setting tty modes failed: Invalid argument | 
                
                  |  |  | @938 | 17 years | andersk | d_zroot.pl: Read .ssh/authorized_keys, not just authorized_keys2. ... | 
                
                  |  |  | @915 | 17 years | quentin | Support mDNS on scripts | 
                
                  |  |  | @914 | 17 years | quentin | Add if_err_eth2 to allowed munin commands (wtf?) | 
                
                  |  |  | @910 | 17 years | quentin | configuration for nss-ldapd | 
                
                  |  |  | @891 | 17 years | quentin | Add reuter to blocked mail accounts list, and prevent outbound mail | 
                
                  |  |  | @890 | 17 years | geofft | I think this works better | 
                
                  |  |  | @889 | 17 years | quentin | Fix geofft's typo | 
                
                  |  |  | @888 | 17 years | geofft | Display failed root logins from off campus only at 10+10k attempts. | 
                
                  |  |  | @887 | 17 years | quentin | Ignore non-fatal authentication failures | 
                
                  |  |  | @886 | 17 years | geofft | sipb.mit.edu certificate | 
                
                  |  |  | @885 | 17 years | geofft | and the vhosts they rode in on | 
                
                  |  |  | @884 | 17 years | geofft | More noms. | 
                
                  |  |  | @883 | 17 years | geofft | Re r882, make the resulting log zephyr public. (Thanks to price for ... | 
                
                  |  |  | @879 | 17 years | quentin | Update nscd configuration to cache smarter | 
                
                  |  |  | @878 | 17 years | quentin | Enable sshd verbose mode, so we can identify the public key used for login | 
                
                  |  |  | @877 | 17 years | quentin | Provide commented-out non-nss_nonlocal region in nsswitch | 
                
                  |  |  | @876 | 17 years | quentin | Uncommitted changes on b-k | 
                
                  |  |  | @872 | 17 years | geofft | forgot to fix SSLVerifyclient on familynet | 
                
                  |  |  | @870 | 17 years | geofft | yay SSL vhosts yay | 
                
                  |  |  | @869 | 17 years | geofft | SSLVerifyClient optional on port 444. Oops. ^_^;; | 
                
                  |  |  | @868 | 17 years | quentin | Ignore all partitions mounted under /mnt | 
                
                  |  |  | @867 | 17 years | quentin | Update postfix configuration for version 2.5.1 | 
                
                  |  |  | @866 | 17 years | quentin | Use scripts yum repository (yay!) | 
                
                  |  |  | @865 | 17 years | quentin | Use sudo to monitor hardware sensors for munin | 
                
                  |  |  | @864 | 17 years | quentin | Ignore f7root partitions when checking disk space | 
                
                  |  |  | @854 | 17 years | geofft | Add a script to convert LDAP vhosts into <VirtualHost> blocks,
so it's ... | 
                
                  |  |  | @853 | 17 years | andersk | Put the children out of their misery. | 
                
                  |  |  | @847 | 17 years | andersk | Run munin as an unprivileged user with sudo for root access when necessary | 
                
                  |  |  | @845 | 17 years | andersk | Use the local LDAP server (as is already the case on both servers). | 
                
                  |  |  | @842 | 17 years | andersk | Run php directly from suexec, so php scripts don’t need to be executable. | 
                
                  |  |  | @841 | 17 years | geofft | [help.mit.edu #694790] | 
                
                  |  |  | @831 | 17 years | andersk | MaxRequestsPerChild < Ridiculous | 
                
                  |  |  | @829 | 17 years | geofft | Debathena's reasoning seems sound enough. Add fuse_allow_other, which ... | 
                
                  |  |  | @822 | 17 years | geofft | OM NOM NOM NOM CERTIFICATES | 
                
                  |  |  | @821 | 17 years | geofft | I'm stupid. | 
                
                  |  |  | @820 | 17 years | geofft | Add server certS for random-hall.mit.edu and mitsoc.mit.edu | 
                
                  |  |  | @817 | 17 years | geofft | Added code to zephyr on OOM kills.
Also commented out a change by ... | 
                
                  |  |  | @814 | 17 years | geofft | As Anders would say... | 
                
                  |  |  | @813 | 17 years | geofft | This looks useful too | 
                
                  |  |  | @811 | 17 years | quentin | Add localhost to the list of scripts names | 
                
                  |  |  | @808 | 17 years | geofft | Probably a useful file to have. | 
                
                  |  |  | @807 | 17 years | quentin | Add routes for sql via eth1 | 
                
                  |  |  | @804 | 17 years | andersk | We don't actually have a deb.gif. | 
                
                  |  |  | @802 | 17 years | andersk | Allow a directory index of /__scripts/icons. | 
                
                  |  |  | @801 | 17 years | geofft | /etc: Add pki/tls/certs/*.pem to the repository. | 
                
                  |  |  | @799 | 17 years | geofft | Uncommitted changes from o-f: reboot on kernel panic (do we actually ... | 
                
                  |  |  | @794 | 17 years | quentin | Update sudoers based on F9 template | 
                
                  |  |  | @792 | 17 years | quentin | We don't share /tmp (eeew) | 
                
                  |  |  | @791 | 17 years | quentin | Add bees-knees and cats-whiskers to /etc/hosts | 
                
                  |  |  | @790 | 17 years | geofft | Oops, missed scripts-test's IP. | 
                
                  |  |  | @789 | 17 years | geofft | Update names for scripts[1-4] | 
                
                  |  |  | @787 | 17 years | geofft | Fix some stuff about our iptables rules, including:
- Remove ACCEPT ... | 
                
                  |  |  | @784 | 17 years | quentin | Use explicit recipients for non-root log messages | 
                
                  |  |  | @783 | 17 years | geofft | Make d_zroot.pl zephyr people in the .k5login in personals | 
                
                  |  |  | @781 | 17 years | quentin | munin needs to start as root so it can setuid to run the script; it ... | 
                
                  |  |  | @780 | 17 years | geofft | Munin should not run as root.
Remove munin's htpasswd file, since it's ... | 
                
                  |  |  | @779 | 17 years | geofft | mod_status is a serious privacy violation. | 
                
                  |  |  | @778 | 17 years | geofft | This list is a little better | 
                
                  |  |  | @777 | 17 years | geofft | Add more sysnames to differentiate between OS releases, and add the ... | 
                
                  |  |  | @775 | 17 years | geofft | Version nscd.conf, and reduce the negative TTL to 5 seconds to solve ... | 
                
                  |  |  | @770 | 17 years | quentin | Stop more spew; parse ssh keys and identify the used key when ... | 
                
                  |  |  | @768 | 17 years | geofft | Commented out scripts-spew. It is inappropriate to send syslogs about ... | 
                
                  |  |  | @759 | 17 years | quentin | Tweak httpd settings | 
                
                  |  |  | @758 | 17 years | quentin | Avoid spew in cases of serious error | 
                
                  |  |  | @757 | 17 years | quentin | Add AFS monitoring to Nagios | 
                
                  |  |  | @755 | 17 years | andersk | Oops, missed a spot. | 
                
                  |  |  | @754 | 17 years | andersk | Use the scripts private key for *.scripts as well (the previous ... | 
                
                  |  |  | @751 | 17 years | andersk | Configure nsswitch.conf to use nss_nonlocal. | 
                
                  |  |  | @749 | 17 years | andersk | Nope.  Don't care. | 
                
                  |  |  | @740 | 17 years | andersk | Update SSL configuration directives from Fedora's ssl.conf.  Notably, ... | 
                
                  |  |  | @739 | 17 years | andersk | spew-- | 
                
                  |  |  | @738 | 17 years | andersk | SHUT.  THE.  FUCK.  UP. | 
                
                  |  |  | @734 | 18 years | andersk | Turn on KeepAlive for SSL and increase timeouts, to avoid pathological ... | 
                
                  |  |  | @715 | 18 years | quentin | Allow syn to access nrpe through iptables | 
                
                  |  |  | @712 | 18 years | quentin | Allow syn to monitor scripts | 
                
                  |  |  | @708 | 18 years | geofft | Add rebecca to sudoers. | 
                
                  |  |  | @707 | 18 years | andersk | This sucker has had it coming for a long time. | 
                
                  |  |  | @690 | 18 years | quentin | Ignore more syslog messages | 
                
                  |  |  | @687 | 18 years | andersk | We might as well present the *.scripts.mit.edu certificate for ... | 
                
                  |  |  | @682 | 18 years | andersk | Revert r681; this doesn't actually work. | 
                
                  |  |  | @681 | 18 years | andersk | Drop to nobody in case of a terrible mod_vhost_ldap disaster. | 
                
                  |  |  | @677 | 18 years | andersk | Remove hacks-old. | 
                
                  |  |  | @671 | 18 years | quentin | Remove broken configuration for deprecated mime_magic module, as we ... | 
                
                  |  |  | @669 | 18 years | geofft | disable X11 forwarding; allow forwarding $EDITOR and $VISUAL because ... | 
                
                  |  |  | @668 | 18 years | quentin | Ignore more meaningless sshd logs | 
                
                  |  |  | @667 | 18 years | quentin | Don't log logins from non-root users | 
                
                  |  |  | @666 | 18 years | quentin | Change syslog zephyring to coalesce messages | 
                
                  |  |  | @665 | 18 years | quentin | Make Zephyrs more useful and move to -c scripts-auto | 
                
                  |  |  | @664 | 18 years | andersk | -c scripts -> -c scripts-auto. | 
                
                  |  |  | @662 | 18 years | quentin | Save log and pid in the right places | 
                
                  |  |  |