Procedures

From Edgar BV Wiki
Revision as of 14:21, 2 March 2007 by Red (talk | contribs) (New page: /usr/sbin/meta-verify Checks the /etc/passwd and /etc/group files, and the /etc/httpd/conf/httpd.conf /usr/local/majordomo for the users and mailinglists and sitelists, and then puts them...)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

/usr/sbin/meta-verify

Checks the /etc/passwd and /etc/group files, and the /etc/httpd/conf/httpd.conf /usr/local/majordomo for the users and mailinglists and sitelists, and then puts them in the site management list.

/home/quota* sets the quota's for all the users and groups

When copying /etc/passwd and /etc/group, the file permissions on copy have to be checked (ownership) and don't copy all the info, only the added users (not the old users). Don't forget passwd- and group- and shadow and shadow-.

Set the 'date' to the right time date -s 20030428 date -s 17:43

Set the processor clock to the right time clock --set --date 20030428 clock --set --date 17:43

in VI /var/log/httpd/access

%s/03\/Jun\/2006/24\/Oct\/2003/g

the file permissions in /usr/local/majordomo /home/spool/mail /home/sites

are important!

Install all the security updates from sun, then the extra packages from pkgmaster.com

There is a migration utility at

http://www.sun.com/hardware/serverappliances/documentation/other.html

But I haven't tried it yet...

To restore the error pages, insert this into /etc/httpd/conf/srm.conf

ErrorDocument 401 /cobalt_error/401.html ErrorDocument 403 /cobalt_error/403.html ErrorDocument 404 /cobalt_error/404.html ErrorDocument 405 /cobalt_error/405.html ErrorDocument 500 /cobalt_error/500.html ErrorDocument 503 /cobalt_error/503.html

In the /etc/httpd/conf/access.conf Change the Options Indexes FollowSymLinks Includes MultiViews to Options -Indexes FollowSymLinks Includes MultiViews to stop directory traversal

and copy the error files into

/usr/admserv/.cobalt/html/error

To get the /home/sites/ user and group permissions right:

cut -----------------------------------

  1. !/usr/bin/perl -w
  1. So it's ugly - sue me.
  2. requires a copy of /etc/passwd and /etc/group
  3. redirect to a new file and remove the "^--" and "admins are.." lines. You now # have a list of shell commands to fix perms in /home/sites/ ..

@admins = ();

  1. get admins

open (FD, "group") || die "can't open group!";

foreach (<FD>) { 

       next if ($_ !~ /^site/);
       @list = split (":", $_);
       @usrs = split (",", $list[3]);
       chomp ($usrs[1]);
       push (@admins, $usrs[1]);

}

close (FD);

print "--\tAdmins are... \n";

foreach $admin (@admins) { 

       print "$admin ";

}

print "\n--\t".$#admins." in total..\n";

open (FD, "passwd") || die "can't open passwd!";

foreach (<FD>) { 

       next if ($_ !~ /site/);
       @a = split (":", $_);
       next if ($a[5] =~ /admin/);



       # chdir ($a[5]);
       @b = split ("/", $a[5]);
       print "--\t".$a[0]." has group ".$b[3]." ..\n";
       # `chown -R $a[0]:$a[4] .`;

       print "cd $a[5]\n";
       print "chown -R $a[0]:$b[3] $a[5]\n";

       # fugly..
       foreach $e (@admins) {
               if ($e eq $a[0]) {$admin = 1};
       }

       if (defined($admin)) {
               print "--\t and user is an admin ..\n";

       print "chgrp -R $b[3] /home/sites/$b[3]\n";
       print "chown -R $a[0] /home/sites/$b[3]/web/*\n";
       print "chown nobody:$b[3] /home/sites/$b[3]/*\n";
       print "chown -R nobody:$b[3] /home/sites/$b[3]/certs/*\n";
       print "chown -R root:$b[3] /home/sites/$b[3]/logs/*\n";

       }
       print "\n\n";
       undef($admin);

}

close (FD);

paste -----------------------------------

put own.pl into a directory, and copy /etc/passwd and /etc/group in there as well before running.


Chown following dirs:

chown httpd /home/sites/www.dimfactory.com/web/secure/cmdbs/data -R chown httpd /home/sites/www.soonshartong.nl/web/bog/aanbod/foto -R chown httpd /home/sites/www.soonshartong.nl/web/bog/aanbod/thumbnail -R chown httpd /home/sites/www.pantarheyn.nl/web/pantascope/pantapit/PIT-M/cache -R chown httpd /home/sites/www.pantarheyn.nl/web/pantascope/pantapit/PIT-L/cache -R

chmod 777 /home/sites/www.allememaggies.nl/web/Techniek.txt

SHOULD THE RAQ GO DOWN!

cut ---------------------

  1. !/usr/bin/perl -w

$soa_dir = "/root/src/soa/"; $new_soa_dir = "/root/src/new_soa"; $old_ip = "212.61.33.42"; $new_ip = "213.84.24.229";


chdir ($soa_dir);

@zones = `ls`;

foreach $zone (@zones) { 

       print "Running $zone...\n";
       $zone_out = "$zone";
       open (FDI, $zone) || die "1:can't open $zone!\n";
       chdir ($new_soa_dir);
       open (FDO, ">$zone_out") || die "2:can't open $zone_out!\n";
       foreach (<FDI>) {
               s/$old_ip/$new_ip/g;
               print FDO $_;
       }
       close (FDO);
       close (FDI);
       chdir($soa_dir);

}

paste --------------------

This script will replace all the zone files in the specified dirs with the specified IP's. Change them all and copy the old zonefiles somewhere safe. Then copy the new zonefiles somewhere safe, and with any luck people will be visiting the Tripsafe via the web.

Retrieved from "http://wiki.edgarbv.com/index.php?title=Procedures&oldid=127"